summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Allow no digest given to imply KM_DIGEST_NONE if it was authorizedlineage-16.0Janis Danisevskis2019-07-222-6/+16
| | | | | | | | | | | | | | | | | | The KM1 legacy support wrapper was to strict in requiring a digest to be specified whey the requested purpose and padding combination did not require a digest. This patch allows no digest given to imply KM_DIGEST_NONE if KM_DIGEST_NONE was authorized. Also fixes a bug where key data was not correctly initialized in the rsa_keymaster1_operation when KM_PAD_NONE was requested. Bug: 77228204 Test: atest android.keystore.cts.KeyPairGeneratorTest#testGenerate_RSA_ModernSpec_UsableForTLSPeerAuth Merged-In: Ia3278a5afb751d5be191b73c4bb04e3fe1f5586a Change-Id: Ia3278a5afb751d5be191b73c4bb04e3fe1f5586a (cherry picked from commit f73092fa0228f4efabca948c7c7ce92579384424)
* Fix SignatureTest CTS failures in keymaster1_legacy_supportJanis Danisevskis2019-07-222-11/+49
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Under certain circumstances the heuristic which determines whether a begin operation should be send to the wrapped KM1 device or the software implementation fails sends a request to the wrapped device which then fails with the wrong error code due to unsupported digests. 1. Begin operations on keys without purpose authorization with purpose verify and a digest which is unsupported by the wrapped KM1 implementation and which is also not authorized. 2. Begin operations on keys with purpose authorization other than verify which request purpose verify and a digest unsupported by the wrapped KM1 implementation which is also not authorized. In both cases the keymaster device should not fail. But because the heuristic send the begin request to the wrapped implementation and an unsupported digest is request the wrapped HAL diagnoses an unsupported digest and fails. This patch fixes the heuristic in that it sends all requests for keys without purpose authorizations (1.) to the software implementation, and it takes the requested digest into account (2.) rather than relying only on the key characteristics. Test: atest android.keystore.cts.SignatureTest Running on a device with lagacy KM1 HAL with limited digest support. Bug: 77230940 Merged-In: Ia95f737ace5ec05a3b900a895a49e7f007e5e1db Change-Id: Ia95f737ace5ec05a3b900a895a49e7f007e5e1db (cherry picked from commit 82350f7bb3b2d07e92599926c978d914da300866)
* Invalid ownership transfer in keymaster2_passthrough_contextJanis Danisevskis2018-06-041-4/+4
| | | | | | | | | | | | | | | | In Keymaster2PassthroughContext::ParseKeyBlob we use GetTagValue to retrieve the blobs of application id and application value. GetTagValue only fills a keymaster_blob_t with pointers to memory owned by the corresponding AuthorizationSet, however, we passed in pointers to KeymasterBob which takes ownership leading to an invalid free. This was independently reported and fixed by: Yan, Shaopu <shaopu.yan@intel.com> vink.shen@mediatek.corp-partner.google.com Bug: 79305673 Bug: 80554869 Change-Id: I1c8e54ba5fe1d2d6b70abc9cf95432fb1c5e55f6
* Fix type on auth token verification label.Janis Danisevskis2018-04-181-1/+1
| | | | | Bug: 78245564 Change-Id: I7635ae56be09a4d352e3612c7eab8abc2299538f
* Make wrapped_key functions availabileShawn Willden2018-04-104-36/+40
| | | | | | | | | Make import key wrapping functions available so VTS tests can use them. Also fix a small bug in authorization list ASN1 format. Bug: 77588764 Test: VtsHalKeymasterV4_0TargetTest Change-Id: I8c77f61c239ddb7ad1c103e610514d05ec4c5c91
* Merge changes from topics "niap-asym-write-pi-dev", ↵Brian Young2018-03-305-2/+15
|\ | | | | | | | | | | | | | | "niap-asym-write-api-pi-dev" into pi-dev * changes: Restore "Add "Unlocked device required" parameter to keys" Add "unlocked device required" API
| * Restore "Add "Unlocked device required" parameter to keys"Brian Young2018-03-282-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a keymaster parameter for keys that should be inaccessible when the device screen is locked. "Locked" here is a state where the device can be used or accessed without any further trust factor such as a PIN, password, fingerprint, or trusted face or voice. This parameter is added to the Java keystore interface for key creation and import, as well as enums specified by and for the native keystore process. This reverts commit a1ba90df6372d7194fcb2fa59d69f0d53b2141a6. Test: CTS tests in I8a5affd1eaed176756175158e3057e44934fffed (cherry picked from commit cff1364ed2d18b23b987188aededbbb422ce147e) Bug: 67752510 Merged-In: I62d4176f04077af96779cb53c628a8579a7679d1 Change-Id: I62d4176f04077af96779cb53c628a8579a7679d1
| * Add "unlocked device required" APIBrian Young2018-03-284-2/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a keymaster parameter for keys that should be inaccessible when the device screen is locked. "Locked" here is a state where the device can be used or accessed without any further trust factor such as a PIN, password, fingerprint, or trusted face or voice. This parameter is added to the Java keystore interface for key creation and import, as well as enums specified by and for the native keystore process. This is the API only, full functionality will be added in a later commit. Test: CTS tests in CtsKeystoreTestCases Bug: 67752510 Merged-In: I967193e7f3be4f7a4ddea004b9b203fe035a5d44 Change-Id: I967193e7f3be4f7a4ddea004b9b203fe035a5d44 (cherry picked from commit c9c285e340c42b6c356135bef822f8ed54968019)
* | Add missing break statements.Nick Bray2018-03-281-0/+2
|/ | | | | | | | | | | Without these break statements, execution will fall through and the wrong error code will be returned. This issue was found by enabling -Wimplicit-fallthrough. Bug: 76101949 Test: compiles with -Wimplicit-fallthrough Change-Id: I1f55b7bbdb741fcb287a309323c7acc493abba49
* Add missing break in switch statement.Nick Bray2018-03-211-0/+1
| | | | | | | | | This bug was introduced in I06b61128ff72b119747cfce9cab754b22a13ec00. Bug: 76101949 Test: compiles with -Wimplicit-fallthrough Change-Id: I4df472854946b40319a0677c9f8f5f2c52129f34
* Revert "Restore "Add "Unlocked device required" parameter to keys""Brian Young2018-02-235-15/+2
| | | | | | | | | | | | This reverts commit dfb351cc0248d54f8e535cb2e7ce78eaa8dfb399. Reason for revert: Regression in creating auth-bound keys Bug: 73773914 Bug: 67752510 Change-Id: I7ae70cfab3629ebad349df449e72dac73f432613
* Restore "Add "Unlocked device required" parameter to keys"Brian C. Young2018-02-155-2/+15
| | | | | | | | | | | | | | | | | | | Add a keymaster parameter for keys that should be inaccessible when the device screen is locked. "Locked" here is a state where the device can be used or accessed without any further trust factor such as a PIN, password, fingerprint, or trusted face or voice. This parameter is added to the Java keystore interface for key creation and import, as well as enums specified by and for the native keystore process. This reverts commit 2a1977b2c383a05c58cda0e773f29c49192e9a4a. Test: CTS tests in I8a5affd1eaed176756175158e3057e44934fffed Bug: 67752510 Change-Id: I7deb31db153d7545055afee1eacef55e6ca451a0
* AuthorizationSet: Clear() should also reset the error_ field am: f9524f57bf ↵Janis Danisevskis2018-01-310-0/+0
|\ | | | | | | | | | | | | | | am: d72dd842f0 am: 1200aa15a6 -s ours Change-Id: I491c2e5371443ed20de1e837e4fead0e8f1e03c9
| * AuthorizationSet: Clear() should also reset the error_ field am: f9524f57bfJanis Danisevskis2018-01-312-0/+10
| |\ | | | | | | | | | | | | | | | am: d72dd842f0 Change-Id: I8fce12e9cc76fd6b1759508ff9af1451cf5acc40
| | * AuthorizationSet: Clear() should also reset the error_ fieldJanis Danisevskis2018-01-312-0/+10
| | |\ | | | | | | | | | | | | | | | | | | | | am: f9524f57bf Change-Id: I4e7cbe1847387636b9e73180a4d2f9b28cb7acc7
| | | * AuthorizationSet: Clear() should also reset the error_ fieldJanis Danisevskis2018-01-302-0/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Clear() should reset the error field or it does not recover AuthorizationSets that have encountered an error before. Added test ClearRecoversFromError to authorization_set_test.cpp Test: host test (run make in keymaster director) Bug: 72702959 Merged-In: I1c422135cb7d235157d17785f5df927164d1e166 Change-Id: I1c422135cb7d235157d17785f5df927164d1e166
* | | | Merge "AuthorizationSet: Clear() should also reset the error_ field"TreeHugger Robot2018-01-312-0/+10
|\ \ \ \
| * | | | AuthorizationSet: Clear() should also reset the error_ fieldJanis Danisevskis2018-01-302-0/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Clear() should reset the error field or it does not recover AuthorizationSets that have encountered an error before. Added test ClearRecoversFromError to authorization_set_test.cpp Test: host test (run make in keymaster director) Bug: 72702959 Change-Id: I1c422135cb7d235157d17785f5df927164d1e166
* | | | | Revert "Add "Unlocked device required" parameter to keys"Brian Young2018-01-305-12/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit d98e6865503ee2c63c4e73796f7ad8b6cb87c450. Reason for revert: Build breakages on elfin, gce_x86_phone. Bug: 72679761 Bug: 67752510 Change-Id: Iaa6b154f1ec4a2095ed5704d7670f8cae0d8c2f7
* | | | | Add "Unlocked device required" parameter to keysBrian C. Young2018-01-255-0/+12
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a keymaster parameter for keys that should be inaccessible when the device screen is locked. "Locked" here is a state where the device can be used or accessed without any further trust factor such as a PIN, password, fingerprint, or trusted face or voice. This parameter is added to the Java keystore interface for key creation and import, as well as enums specified by and for the native keystore process. Test: go/asym-write-test-plan Bug: 67752510 Change-Id: I100e55de7080edb2bd705c2ab9d116f72bac97f8
* | | | Merge "Add additional parameters to importWrappedKey"TreeHugger Robot2018-01-225-9/+32
|\ \ \ \
| * | | | Add additional parameters to importWrappedKeyShawn Willden2018-01-195-9/+32
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bug: 31675676 Test: local unit tests and VtsHalKeymasterV4_0TargetTest Change-Id: Ia865b035604b3d42ab5b3de6f22b2fac8400ddbf
* | | | | Merge "Add VerifyAuthorization support."TreeHugger Robot2018-01-1910-27/+286
|\ \ \ \ \
| * | | | | Add VerifyAuthorization support.Shawn Willden2018-01-1910-27/+287
| |/ / / / | | | | | | | | | | | | | | | | | | | | Test: VtsHalKeymasterV4_0TargetTest Change-Id: I1f9a952ee2ad3605f67f58c9f57a46df57556f92
* | | | | Merge "Add security level parameter to keymaster factory"TreeHugger Robot2018-01-192-7/+9
|\ \ \ \ \ | |/ / / / |/| | | |
| * | | | Add security level parameter to keymaster factoryJanis Danisevskis2018-01-022-7/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | With this patch we can create reference hals that pretend to be secure keymaster implementations. This is only to make Keystore happy It will not pose a security risk because the pretending instances don't have the right attestation certificate to impersonate an actual secure implementation. Change-Id: Ied79884a7cf354652c48bb7d7cd9385f26ad91d2
* | | | | Add Triple DES supportShawn Willden2018-01-1719-24/+849
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bug: 31675676 Test: make (will run local unit tests) Change-Id: I4ed2ebcb087ccf6b9976c8899fc795c09dfad408
* | | | | AndroidKeymaster: ImportWrappedKeyShawn Willden2018-01-1729-194/+1212
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | •Add KM_PURPOSE_WRAP for wrapped key import •Parse the wrapped key format Test: tests/android_keymaster_test Change-Id: I06b61128ff72b119747cfce9cab754b22a13ec00
* | | | | Disable overflow sanitizer in libkeymaster. am: dbca658abf am: e50ef30e57Ivan Lozano2018-01-160-0/+0
|\ \ \ \ \ | | |/ / / | |/| | | | | | | | | | | | | | | | | | am: 8b86f605ae -s ours Change-Id: I049ae33586ff0fa34d6fb1f958f277591aae5b47
| * | | | Disable overflow sanitizer in libkeymaster. am: dbca658abfIvan Lozano2018-01-161-1/+6
| |\ \ \ \ | | | |/ / | | |/| | | | | | | | | | | | | | | | | am: e50ef30e57 Change-Id: I34657664e80733526bbe94685394ae624ea1d2fb
| | * | | Disable overflow sanitizer in libkeymaster.Ivan Lozano2018-01-161-1/+6
| | |\ \ \ | | | | |/ | | | |/| | | | | | | | | | | | | | | | am: dbca658abf Change-Id: Ic63f671d204c6a6de8d8e53a0ead3d4c77f3aec5
| | | * | Disable overflow sanitizer in libkeymaster.Ivan Lozano2018-01-121-1/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Disables the integer overflow sanitizer in libkeymaster. Bug: 30969751 Bug: 63927620 Test: Compiles, device boots. Change-Id: Id1de4a284d3da6d217102850e81cb1e131fab77a Merged-In: Id1de4a284d3da6d217102850e81cb1e131fab77a (cherry picked from commit eb9d7531c7c7a7a16d993e99fa289224f36be43e)
* | | | | Move abstracted block cipher operations into separate files.Shawn Willden2018-01-166-676/+727
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There are no logic changes in this CL. Test: make (local unit tests) Change-Id: Id6635a20ffa52f71f3dad3281d8dd831fff7aeb7
* | | | | Refactor AES operations to generalize block cipher operations.Shawn Willden2018-01-166-328/+338
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In preparation for adding 3DES support, this CL moves the code that does all the block cipher work from AesOperation to EvpBlockCipherOperation (and associated classes). To make it easier to see what was changed, the block cipher code was left in aes_operation.{cpp|h}. The next CL will move it to separate files. Test: make (local unit tests), CTS & VTS Change-Id: Ibbf870c351425ea8d990218aa0ae089d0b2ada4b
* | | | | Move Key into OperationShawn Willden2018-01-1621-425/+479
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The Keymaster implementation creates a Key object and then passes it to an Operation object, which copies parts of it. The Key object is not needed after the Operation has been created, so much of that copying is unnecessary. This CL begins changes that by passing an rvalue reference to the Key to the Operation, and modifying operations so they move the pieces of the Key that they need out, wherever possible. Test: make (local unit tests), VTS and CTS Change-Id: I6c9a27d9ee85ccaeed1efb0fcc3ed0f8694c5771
* | | | | Merge "Disable overflow sanitizer in libkeymaster."Ivan Lozano2018-01-121-1/+6
|\ \ \ \ \
| * | | | | Disable overflow sanitizer in libkeymaster.Ivan Lozano2018-01-101-1/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Disables the integer overflow sanitizer in libkeymaster. Bug: 30969751 Bug: 63927620 Test: Compiles, device boots. Change-Id: Id1de4a284d3da6d217102850e81cb1e131fab77a
* | | | | | Merge changes I5372b97e,Id751126d,Ia436694cTreeHugger Robot2018-01-1015-47/+856
|\ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * changes: Implement HMAC sharing in Android keymaster. Partially fix keymaster unit tests. Add CKDF implementation.
| * | | | | | Implement HMAC sharing in Android keymaster.Shawn Willden2018-01-0712-41/+565
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Test: make tests/android_keymaster_test.run Change-Id: I5372b97e97a2e13bd551c422bb15d27246d8cb47
| * | | | | | Partially fix keymaster unit tests.Shawn Willden2018-01-041-3/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There's still one failure in VerificationOperationsTest.EcdsaAllDigestsAndKeySizes, but leaving that for now. Test: Run "make" in system/keymaster. Change-Id: Id751126d095e57d34804d8c5d605ae60f7e0ef54
| * | | | | | Add CKDF implementation.Shawn Willden2018-01-044-3/+286
| |/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | Test: make ckdf_test.run Change-Id: Ia436694cc90fc9a8407525bd2b995c7cf37047c5
* / / / / / Fix potential DoS on devices with old keymaster1 hardware.Shawn Willden2018-01-082-6/+0
|/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The Keymaster1 specification allows implementations to provide less than the full suite of digest algorithms. At minimum they need only provide SHA256. If keystore detects that keymaster1 hardware provides less than a full set, it creates a software keymaster wrapper around the hardware. If an operation requests a digest algorithm that the hardware does not support, the wrapper performs the digesting in software and passes the pre-digested data to the hardware for the final operation. Each of these two keymaster instances (the software wrapper and the wrapped hardware) manage their own operation table. The hardware needs its table to figure out which in-progress operation to update or finish. The software wrapper needs its table to figure out which hardware operation handle to forward to the hardware for update or finish. Note that the software wrapper's table is only used for operations that require software digesting. The bug causes the software wrapper to fail to remove entries from its table when they're completed. After 16 such operations the table is full, preventing any future operations from being started until the device is rebooted. Test: CTS Bug: 71703554 Change-Id: Ifc1e2a9af9532e6a8f1cd3d0ad3ca079f126a0b7
* | | | / Update to "clean break" Keymaster::4.0Shawn Willden2018-01-041-2/+1
| |_|_|/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Keymaster 4.0 is being revised to remove references to 3.0, so we don't have to deal with a mixture of types. This CL updates system/keymaster for that change. Test: VtsHalKeymasterV4_0TargetTest Change-Id: I3dfaf6ff61390bd1037b2ddb829b3aa22ff99c94
* | | | Remove libkeymaster_staging.Shawn Willden2017-12-213-88/+43
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Everything in libkeymaster_staging needs to be portable, so in libkeymaster_portable. Some fixes were needed to make it build without STL. Test: CTS & VTS Change-Id: Ida09c962d893594e22d896e213b0d776c6b6b108
* | | | Change .clang-format to allow one-line if statements.Shawn Willden2017-12-141-1/+1
| | | | | | | | | | | | | | | | | | | | Test: N/A Change-Id: I96b6784cead2d7340ac538df1ac5f63766d776c9
* | | | Add StrongBox support to Keymaster4 HALShawn Willden2017-12-112-11/+56
| | | | | | | | | | | | | | | | | | | | Test: not yet Change-Id: I186fabdf5dea8d6b592cd778c07e62fb969348fd
* | | | Manually merge changes from giant AOSP topicStephen Li2017-12-070-0/+0
|\| | | | | | | | | | | | | | | Change-Id: I7446e2aaddc1c611518fa11cea2a049848030f40
| * | | DO NOT MERGE: Merge Oreo MR1 into master am: 897d282599 -s oursXin Li2017-12-070-0/+0
| |\| | | | | | | | | | | | | | | | | | | | | | am: 61a99a62a0 Change-Id: I956a367a379849de20a3559553d84e0f8606e9e2
| | * | DO NOT MERGE: Merge Oreo MR1 into masterXin Li2017-12-070-0/+0
| | |\| | | | | | | | | | | | | | | | | | | | | am: 897d282599 -s ours Change-Id: I32da93c47953ea22611356be55bab0579561b507
| | | * DO NOT MERGE: Merge Oreo MR1 into masterXin Li2017-12-068-9/+37
| | | |\ | | | |/ | | |/| | | | | | | | | Exempt-From-Owner-Approval: Changes already landed internally Change-Id: I0a53fc8d84fc01717feb4521203811fe2d9e487c
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-27 18:21:02 +0000