summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* merge in nyc-release history after reset to nyc-devcm-14.0The Android Automerger2016-05-040-0/+0
|\
| * merge in nyc-release history after reset to nyc-devThe Android Automerger2016-05-030-0/+0
| |\
| | * merge in nyc-release history after reset to nyc-devThe Android Automerger2016-05-020-0/+0
| | |\
| | | * merge in nyc-release history after reset to nyc-devThe Android Automerger2016-05-020-0/+0
| | | |\ | | | |/ | | |/|
| | * | merge in nyc-release history after reset to nyc-devThe Android Automerger2016-05-010-0/+0
| | |\|
| | | * Revert "Add authority key ID to attestation certificates."Shawn Willden2016-04-281-31/+3
| | | | | | | | | | | | | | | | | | | | | | | | This reverts commit fed2be428f769650ca07c3858ef40880bba2ed18 because it broke the ryu build in some very non-obvious way. Change-Id: Ia7d697233a9f43365edb395a893f2a46d9303f61
| | | * merge in nyc-release history after reset to nyc-devThe Android Automerger2016-04-280-0/+0
| | | |\
| | | | * merge in nyc-release history after reset to nyc-devThe Android Automerger2016-04-040-0/+0
| | | | |\
| | | | | * merge in nyc-release history after reset to nyc-devThe Android Automerger2016-04-040-0/+0
| | | | | |\ | | | | | |/ | | | | |/|
| | | | * | merge in nyc-release history after reset to nyc-devThe Android Automerger2016-04-030-0/+0
| | | | |\|
| | | | | * merge in nyc-release history after reset to nyc-devThe Android Automerger2016-03-310-0/+0
| | | | | |\
| | | | | | * merge in nyc-release history after reset to nyc-devThe Android Automerger2016-03-270-0/+0
| | | | | | |\
| | | | | | | * merge in nyc-release history after reset to nyc-devThe Android Automerger2016-02-110-0/+0
| | | | | | | |\
| | | | | | | | * merge in nyc-release history after reset to masterThe Android Automerger2016-02-020-0/+0
| | | | | | | | |\
| | | | | | | | | * merge in nyc-release history after reset to masterThe Android Automerger2016-02-020-0/+0
| | | | | | | | | |\ | | | | | | | | | |/ | | | | | | | | |/|
| | | | | | | | * | merge in nyc-release history after reset to masterThe Android Automerger2016-02-020-0/+0
| | | | | | | | |\ \
| | | | | | | | | * | merge in nyc-release history after reset to masterThe Android Automerger2016-02-010-0/+0
| | | | | | | | | |\|
| | | | | | | | | | * Revert "Add attestation support to SoftKeymaster."Shawn Willden2016-01-286-199/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit fc3cafd487e69c84d83444e1d129d0ab131c4e3d. Change-Id: I1fb38db044c4039be04d1f75fb89ca9a6404321f
| | | | | | | | | | * Revert "Add attestation support to AndroidKeymaster."Shawn Willden2016-01-282-19/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit d3ee550ac91a5c21343d9885a0e231281057e916. Change-Id: Iac1ec8025d5411050fc599273995baa9cf575dc9
| | | | | | | | | | * Revert "Add attestation support to Key classes."Shawn Willden2016-01-285-228/+38
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit 4d0465999644336d636442a86795293298b22035. Change-Id: I53d386e0d95c25e794ef88801d80e80ccfeea768
| | | | | | | | | | * Revert "Add attestation support to KeymasterContext"Shawn Willden2016-01-285-372/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit 7989c2bf8ad56518465b96bba61432de1a66bbf1. Change-Id: Ia7f1aef880187c3ef7c399121edb11cf7d16b654
* | | | | | | | | | | Handle 64-bit attestation values on 32-bit platforms.Shawn Willden2016-05-032-6/+30
|/ / / / / / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The BN_set_word OpenSSL function takes an unsigned long, which on 32-bit platforms (like fugu) is 32 bits, causing 64-bit values to be truncated. This CL adds a function that handles the conversion correctly on 32-bit platforms, and fails hard on platforms whose unsigned long is neither 64 nor 32 bits. Bug: 28558974 Change-Id: Iac2b23cf2cac3c035b3636ddd135666aaf15b40d
* / / / / / / / / / Add key usage extension to attestation certificates.Shawn Willden2016-05-022-9/+90
|/ / / / / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | SoftKeymaster doesn't add the key usage extension to attestation certificates, as required by RFC 5280 and the attestation design doc. Bug: 28366730 Change-Id: Ic782a032c8b39754d60bca98126acff7b3179678
* | | | | | | | | Merge "Reject too-large key attestation challenges." into nyc-devTreeHugger Robot2016-04-291-0/+9
|\ \ \ \ \ \ \ \ \
| * | | | | | | | | Reject too-large key attestation challenges.Shawn Willden2016-04-291-0/+9
| | |/ / / / / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Attestation certificates include an app-provided challenge value, which is defined in the documentation as an arbitrary byte array between 0 and 128 bytes in length, inclusive. SoftKeymaster does not restrict the length of challenge values during key attestation, and it should. Bug: 28369352 Change-Id: Ibf16fb93f3bc82783bcc7736eb6de789be70d7a8
* | | | | | | | | Revert "Revert "Add authority key ID to attestation certificates.""Shawn Willden2016-04-291-3/+31
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit 31746ba6432c624f57df2a6cfb584490095bb849. The original commit was reverted because it caused breakage in the ryu build, due to some functions missing from the dragon-tlk libc. The missing functions were added in https://chrome-internal-review.googlesource.com/257127
* | | | | | | | | Merge "Revert "Add authority key ID to attestation certificates."" into nyc-devShawn Willden2016-04-281-31/+3
|\ \ \ \ \ \ \ \ \ | |_|/ / / / / / / |/| | | | | | | |
| * | | | | | | | Revert "Add authority key ID to attestation certificates."Shawn Willden2016-04-281-31/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit fed2be428f769650ca07c3858ef40880bba2ed18 because it broke the ryu build in some very non-obvious way. Change-Id: Ia7d697233a9f43365edb395a893f2a46d9303f61
* | | | | | | | | Merge changes I8705aac6,I27d98b71 into nyc-devTreeHugger Robot2016-04-289-22/+176
|\ \ \ \ \ \ \ \ \ | |/ / / / / / / / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * changes: Add EC curve tag to keymaster1 SoftKeymaster1 attestations. Fix SoftKeymaster handling of EC curve specification.
| * | | | | | | | Add EC curve tag to keymaster1 SoftKeymaster1 attestations.Shawn Willden2016-04-271-1/+22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Key attestations for EC keys must include the EC curve tag, which didn't exist in keymaster1. When SoftKeymaster produces attestations for keymaster1 keys, it must deduce the curve (based on key size; the mapping is unambiguous) and add the curve tag to the attestation. Bug: 28366732 Change-Id: I8705aac6cf39b82754ee2c9f17d60484d3263ece
| * | | | | | | | Fix SoftKeymaster handling of EC curve specification.Shawn Willden2016-04-278-21/+154
| |/ / / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Keymaster2 should accept EC curve specification either by key size (as done in KM1) or with the new KM_TAG_EC_CURVE, filling in the other value if not specified, and validating that they match if both are provided. SoftKeymaster doesn't correctly implement this KM2 requirement. Bug: 28365747 Change-Id: I27d98b71730b69bb2f0c2543af6c027b1a5670f1
* / / / / / / / Add authority key ID to attestation certificates.Shawn Willden2016-04-251-3/+31
|/ / / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The attestation certificate chain produced by softkeymaster is hard to verify because the leaf certificate does not contain the X509v3 Key Authority ID extension, which provides the ID of the signing key. This isn't strictly required by the standard, but many tools get badly confused without the ID extension, including openssl. Bug: 28321678 Change-Id: I91136f08eaf0b81b5443753488beb8a40af60e6c
* / / / / / / keymaster: fix pointer overflow checksSami Tolvanen2016-03-312-7/+17
|/ / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Compiler can optimize away pointer overflow checks. Cast pointers to uintptr_t to make sure this doesn't happen. Bug: 27774248 Change-Id: Ib1d054ea5586cf110ae6cbbcd8ca1cd9e157c170
* | | | | | Implement Unique ID support.Shawn Willden2016-03-296-10/+56
| | | | | | | | | | | | | | | | | | | | | | | | Change-Id: Ie1ee2e701a7f10da31a9b448987953dd025f8a11
* | | | | | Implement key version binding.Shawn Willden2016-03-2922-40/+906
| | | | | | | | | | | | | | | | | | | | | | | | Change-Id: If0f3bc12380b8b65bf1e60d5d8d039eb972c8a15
* | | | | | Correct attestation record.Shawn Willden2016-03-268-191/+237
|/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This CL updates the attestation record content and format to match the final version published in the keymaster2 implementation guide. Change-Id: I112c7557b1c650420fd2fad78c8ed3fc9e34f24e
* / / / / Remove agree_key and add configure to keymaster2.Shawn Willden2016-03-091-1/+1
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | Key agreement (ECDH) has been punted from the N release, and a configuration method has been added to support version binding. Change-Id: Ie3219e9a5062c2f2bc4e298cd88af764f4c3809c
* | | | Merge "Add version, challenge and unique ID to attestation." into nyc-devShawn Willden2016-02-1111-72/+190
|\ \ \ \
| * | | | Add version, challenge and unique ID to attestation.Shawn Willden2016-02-0811-72/+190
| | | | | | | | | | | | | | | | | | | | | | | | | Bug: 22914603 Change-Id: I5ad9a97dd1eebb45c05eeaa4ceccfebcf4b69e03
* | | | | Fix null pointer dereference in SofKeymasterDevice.Shawn Willden2016-02-101-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | Bug: 26862905 Change-Id: I05823b07fbbc957b7f4b7eacb9f25c1d869a8045
* | | | | Make AuthorizationSet comply with C++11 Rule of FivePaul Crowley2016-02-102-4/+40
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | This makes it much easier to eg return an AuthorizationSet from a function and suchlike. Change-Id: Id7d340a68fc9568b4397545c680011f175857a3d
* | | | Fix message versioning support. am: e8c8ec8440Shawn Willden2016-02-020-0/+0
|\ \ \ \ | |/ / / |/| | | | | | | | | | | | | | | | | | | am: 0ad6f782d1 * commit '0ad6f782d1371dcd7bdb1ca7aba53ddd58e9e540': Fix message versioning support.
| * | | Fix message versioning support.Shawn Willden2016-02-021-11/+53
| |\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | am: e8c8ec8440 * commit 'e8c8ec844005e525100556ab01e84d1cd7960a26': Fix message versioning support.
| | * | | Fix message versioning support.Shawn Willden2016-02-021-11/+53
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Message versioning was not implemented correctly for several of the massage classes. This fixes them. This was discovered while fixing the bug listed below, though it's a bug regardless. Bug: 26903982 Change-Id: I0a5b01e41d2d41f4edbf5ab6e8108d6143a1a8b0
* | | | | Fix message versioning support.Shawn Willden2016-02-011-14/+55
| |_|/ / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Message versioning was not implemented correctly for several of the massage classes. This fixes them. This was discovered while fixing the bug listed below, though it's a bug regardless. Bug: 26903982 Change-Id: I3a98b3bd5872dbc4f6de91db9c89d6e4193c9666
* | | | resolve merge conflicts of 4aa5650699 to master.Shawn Willden2016-01-2815-65/+177
|\| | | | | | | | | | | | | | | Change-Id: Ie9469cedffd3f974f02c14582c7d48224a90c667
| * | | Support input to "finish()" in AndroidKeymaster operations.Shawn Willden2016-01-2915-65/+177
| |\| | | | | | | | | | | | | | | | | | | | | | | | | | am: cb647fec03 * commit 'cb647fec03f71929fd316d2b8f0750f7b24824f3': Support input to "finish()" in AndroidKeymaster operations.
| | * | Support input to "finish()" in AndroidKeymaster operations.Shawn Willden2016-01-2815-65/+177
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This CL does not yet take advantage of the simplifications that allowing input to finish() provides. That will require updating the Java layer first, to remove some assumptions and code that assume update() must eventually consume all input. Change-Id: Ie85896027a1d55ddec06750d19addbb1f5e462c8
* | | | Add input to FinishOperationRequest message. am: 4ed2d7ed22Shawn Willden2016-01-293-11/+50
|\| | | | | | | | | | | | | | | | | | | | | | | | | | | am: f0233bc26a * commit 'f0233bc26a5face7e76947899f75ae7ae0318683': Add input to FinishOperationRequest message.
| * | | Add input to FinishOperationRequest message.Shawn Willden2016-01-293-11/+50
| |\| | | | | | | | | | | | | | | | | | | | | | | | | | am: 4ed2d7ed22 * commit '4ed2d7ed2275735ddc4952f310badfa4dcbaf04e': Add input to FinishOperationRequest message.
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-27 18:20:50 +0000