summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Merge tag 'android-6.0.1_r3' of ↵stable/cm-13.0-ZNH0ESteve Kondik2015-12-083-3/+48
|\ | | | | | | | | | | https://android.googlesource.com/platform/system/keymaster into HEAD Android 6.0.1 release 3
| * Return correct error from keymaster0engine for large RSA inputShawn Willden2015-11-033-3/+48
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Also, ensure that we always put some error on the OpenSSL error queue whenever a wrapped keymaster0 operation fails. Higher layers will look a the last entry on the queue and use it to determine what error code to return. Not putting any error on the queue means that those higher layers will get whatever error was last enqueued, making the result effectively random. Non-determinism bad. (cherry-picked from commit 22d2355b7edc470949c163e47ba8e837a1a87f47) Bug: 25337630 Change-Id: I701ab735dd089f5258b2252f543906d9f3baa7a2
* | Merge tag 'android-6.0.0_r26' into cm-13.0Ricardo Cerqueira2015-11-0549-847/+3083
|\ \ | | | | | | | | | | | | | | | Android 6.0.0 release 26 Change-Id: I03ff70b242510f7cecbbc319b3f4a50138bacd48
| * \ merge in mnc-dr-release history after reset to mnc-dr-devThe Android Automerger2015-10-080-0/+0
| |\ \ | | |/ | |/|
| | * merge in mnc-dr-release history after reset to mnc-dr-devThe Android Automerger2015-09-270-0/+0
| | |\
| | | * merge in mnc-dr-release history after reset to mnc-dr-devThe Android Automerger2015-08-310-0/+0
| | | |\
| | | | * merge in mnc-dr-release history after reset to mnc-dr-devThe Android Automerger2015-08-290-0/+0
| | | | |\
| | | | | * merge in mnc-dr-release history after reset to mnc-dr-devThe Android Automerger2015-08-290-0/+0
| | | | |/| | | | |/|/
| | | | * merge in mnc-dr-release history after reset to mnc-dr-devThe Android Automerger2015-08-150-0/+0
| | | | |\
| | | | | * merge in mnc-dr-release history after reset to mnc-dr-devThe Android Automerger2015-08-010-0/+0
| | | | | |\
| | | | | | * merge in mnc-dr-release history after reset to mnc-dr-devThe Android Automerger2015-07-300-0/+0
| | | | | | |\
| | | | | | | * merge in mnc-dr-release history after reset to mnc-dr-devThe Android Automerger2015-07-290-0/+0
| | | | | | | |\
| | | | | | | | * merge in mnc-dr-release history after reset to mnc-dr-devThe Android Automerger2015-07-250-0/+0
| | | | | | | | |\
| | | | | | | | | * merge in mnc-dr-release history after reset to mnc-dr-devThe Android Automerger2015-07-230-0/+0
| | | | | | | | | |\
| | | | | | | | | | * merge in mnc-dr-release history after reset to mnc-dr-devThe Android Automerger2015-07-150-0/+0
| | | | | | | | | | |\
| | | | | | | | | | | * merge in mnc-dr-release history after reset to mnc-dr-devThe Android Automerger2015-07-110-0/+0
| | | | | | | | | | | |\
| | | | | | | | | | | | * merge in mnc-dr-release history after reset to mnc-dr-devThe Android Automerger2015-07-080-0/+0
| | | | | | | | | | | | |\
| | | | | | | | | | | | | * merge in mnc-dr-release history after reset to mnc-dr-devThe Android Automerger2015-07-060-0/+0
| | | | | | | | | | | | | |\
| * | | | | | | | | | | | | | Fix Shamu build breakage.Shawn Willden2015-10-081-1/+1
| |/ / / / / / / / / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Change-Id: I54f5bcbee17b5031411e26e47e0b10bc3e4319b3 (cherry picked from commit 44b1ef05d4442f73a0f4ce891e59085a0254c306)
| * / / / / / / / / / / / / Add a faux library libkeymasterfiles to export source.Shawn Willden2015-09-241-1/+13
| |/ / / / / / / / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The library contains nothing, but it exports everything in keymaster as an include file, enabling it to be #included in other projects. This is to make it easy to build keymaster for TLK. Bug: 24372377 Change-Id: I0f9fd30e2feb1d89a8ff199567ce1ec6b037e236
| * / / / / / / / / / / / Revert "Hack to work around broken bullhead keymaster app."Jim Miller2015-08-141-8/+0
| |/ / / / / / / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit 3fceedc788498733952279a97944f4ea22892577. Change-Id: Ie17dd16f8689810af9efe071a0d006e026782af6
| * | | | | | | | | | | Hack to work around broken bullhead keymaster app.Shawn Willden2015-08-131-0/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bug: 23193626 Change-Id: I71564a7ff6b3050c5fbb7bd0c12caca5a663334a
| * | | | | | | | | | | Do digesting, and sometimes padding, in SW when HW doesnt.Shawn Willden2015-08-1349-846/+3070
| |/ / / / / / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The keymaster1 specification only requires HW modules to implement SHA256 out of the list of keymaster1 digest modes. That would force many keys to be software only, and would break legacy scenarios. This change uses SoftKeymasterDevice to front keymaster modules that don't implement the full suite of digests, quietly inserting KM_DIGEST_NONE and KM_PAD_NONE into key generation/import requests when necessary, then performing the digesting, and sometimes padding, in software, then delegating crypto operations to the hardware. This is only done for RSA and EC keys. Software digesting isn't possible for HMAC or AES-GCM keys. Note that this is not the complete fix for the bug. Some changes in keystore are also required, coming in another CL. Bug: 22529223 Change-Id: I740572eb11341fb0659085309da01d5cbcd3854d
* | | | | | | | | | | merge in mnc-release history after reset to mnc-devThe Android Automerger2015-08-010-0/+0
|\ \ \ \ \ \ \ \ \ \ \ | |/ / / / / / / / / / |/| | | | | | | | | |
| * | | | | | | | | | merge in mnc-release history after reset to mnc-devThe Android Automerger2015-07-300-0/+0
| |\ \ \ \ \ \ \ \ \ \ | | |/ / / / / / / / / | |/| | | | | | | | |
| | * | | | | | | | | merge in mnc-release history after reset to mnc-devThe Android Automerger2015-07-290-0/+0
| | |\ \ \ \ \ \ \ \ \ | | | |/ / / / / / / / | | |/| | | | | | | |
| | | * | | | | | | | merge in mnc-release history after reset to mnc-devThe Android Automerger2015-07-250-0/+0
| | | |\ \ \ \ \ \ \ \ | | | | |/ / / / / / / | | | |/| | | | | | |
| | | | * | | | | | | merge in mnc-release history after reset to mnc-devThe Android Automerger2015-07-230-0/+0
| | | | |\ \ \ \ \ \ \ | | | | | |/ / / / / / | | | | |/| | | | | |
| | | | | * | | | | | merge in mnc-release history after reset to mnc-devThe Android Automerger2015-07-150-0/+0
| | | | | |\ \ \ \ \ \ | | | | | | |/ / / / / | | | | | |/| | | | |
| | | | | | * | | | | merge in mnc-release history after reset to mnc-devThe Android Automerger2015-07-130-0/+0
| | | | | | |\ \ \ \ \ | | | | | | | |/ / / / | | | | | | |/| | | |
| | | | | | | * | | | merge in mnc-release history after reset to mnc-devThe Android Automerger2015-07-080-0/+0
| | | | | | | |\ \ \ \ | | | | | | | | |/ / / | | | | | | | |/| | |
| | | | | | | | * | | merge in mnc-release history after reset to mnc-devThe Android Automerger2015-07-020-0/+0
| | | | | | | | |\ \ \ | | | | | | | | | |/ / | | | | | | | | |/| |
| | | | | | | | | * | merge in mnc-release history after reset to mnc-devThe Android Automerger2015-07-010-0/+0
| | | | | | | | | |\ \
| | | | | | | | | | * \ merge in mnc-release history after reset to mnc-devThe Android Automerger2015-06-270-0/+0
| | | | | | | | | | |\ \
| | | | | | | | | | | * \ merge in mnc-release history after reset to mnc-devThe Android Automerger2015-06-250-0/+0
| | | | | | | | | | | |\ \
| | | | | | | | | | | | * | merge in mnc-release history after reset to mnc-devThe Android Automerger2015-06-230-0/+0
| | | | | | | | | | | | |\|
| | | | | | | | | | | | | * merge in mnc-release history after reset to mnc-devThe Android Automerger2015-06-180-0/+0
| | | | | | | | | | | | | |\
| | | | | | | | | | | | | | * merge in mnc-release history after reset to mnc-devThe Android Automerger2015-06-170-0/+0
| | | | | | | | | | | | | | |\
| | | | | | | | | | | | | | | * merge in mnc-release history after reset to mnc-devThe Android Automerger2015-06-160-0/+0
| | | | | | | | | | | | | | | |\
| | | | | | | | | | | | | | | | * merge in mnc-release history after reset to mnc-devThe Android Automerger2015-06-150-0/+0
| | | | | | | | | | | | | | | | |\
* | | | | | | | | | | | | | | | | | Left-pad messages when doing "unpadded" RSA operations.Shawn Willden2015-07-303-34/+125
|/ / / / / / / / / / / / / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When RSA messages that are shorter than the key size, and padding is not applied, BoringSSL (sensbibly) refuses, because odds are very high that the caller is doing something dumb. However, this causes some (dumb) things that used to work to no longer work. This CL also fixes the error code returned when a message is signed or encrypted which is the same length as the public modulus but is numerically larger than or equal to the public modulus. Rather than KM_ERROR_UNKNOWN_ERROR, it now returns KM_ERROR_INVALID_ARGUMENT. Bug: 22599805 Change-Id: I99aca5516b092f3676ffdc6c5de39f2777e3d275
* | | | | | | | | | | | | | | | | Merge "Revert "Revert "Report keymaster0 keys as hardware-backed, origin ↵Shawn Willden2015-07-293-9/+21
|\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ | |/ / / / / / / / / / / / / / / / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | unknown.""" into mnc-dev
| * | | | | | | | | | | | | | | | Revert "Revert "Report keymaster0 keys as hardware-backed, origin unknown.""Shawn Willden2015-07-293-9/+21
| |/ / / / / / / / / / / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit 0e0cea3bc8aea903a50c1ee18e9f3309e9f67515. Bug: 22511313 Change-Id: I9c31b8ef604d961e20652c69498324b9dfce5911
* | | | | | | | | | | | | | | | Make NONE mean NONE only (not ANY)Shawn Willden2015-07-285-37/+91
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | KM_DIGEST_NONE and KM_PAD_NONE have implicit meanings of "any digest" and "any padding", respectively, as well as the expected meanings of "no digest" and "no padding". This CL changes that so they mean only "no digest" and "no padding". Bug: 22556114 Change-Id: I7b0b4c079067d85ba1aa39ae7edf0c6b17a9a500
* | | | | | | | | | | | | | | | Merge "Use minimum 20 bytes salt for RSA PSS." into mnc-devShawn Willden2015-07-282-2/+2
|\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ | |/ / / / / / / / / / / / / / / |/| | | | | | | | | | | | | | |
| * | | | | | | | | | | | | | | Use minimum 20 bytes salt for RSA PSS.Shawn Willden2015-07-202-2/+2
| |/ / / / / / / / / / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is for compatibility with Bouncy Castle. Bug: 22492259 Change-Id: I753e5fd223404ba960b6a35862bbd20f519f369b
* / / / / / / / / / / / / / / Revert "Report keymaster0 keys as hardware-backed, origin unknown."Shawn Willden2015-07-233-21/+9
|/ / / / / / / / / / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit 9972a539acb4d17368ee607465d61b48acd71bde. Change-Id: Id5beb9c8ae8f3b106adc5f5e62eca0194b926be8
* | | | | | | | | | | | | | Report keymaster0 keys as hardware-backed, origin unknown.Shawn Willden2015-07-163-9/+21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bug: 22511313 Change-Id: I699df8010e27a546b2186896890c0099bfb149ae
* | | | | | | | | | | | | | Add support for KM_TAG_MIN_MAC_LENGTH.Shawn Willden2015-07-1614-159/+455
|/ / / / / / / / / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | HMAC and AES-GCM keys must be bound to a mininum MAC/tag length at creation, and operations may not specify a length smaller than the minimum, or provide a length smaller than the minimum during verification. Bug: 22337277 Change-Id: Id5ae2f4259045ba1418c28e9de8f4a47e67fd433
* / / / / / / / / / / / / Use specified digest for RSA OAEP.Shawn Willden2015-07-144-22/+96
|/ / / / / / / / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bug: 22405614 Change-Id: Ia5eb67a571a9d46acca4b4e708bb8178bd3acd0d
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-27 18:22:15 +0000