| Commit message (Collapse) | Author | Age | Files | Lines |
|\
| |
| |
| |
| |
| | |
https://android.googlesource.com/platform/system/keymaster into cm-13.0
Android 6.0.1 release 22
|
| |\ |
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This branch apparently has the new boringssl version from AOSP, but gets
merges from DR, but not AOSP. This change updates the code to match
AOSP, and to be compatible with the boringssl version, correcting the
error introduced by merging
https://googleplex-android-review.git.corp.google.com/#/c/804970/
Change-Id: If3a2b089e32be72d670fbaaff1241c8e8cafa261
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Also, ensure that we always put some error on the OpenSSL error queue
whenever a wrapped keymaster0 operation fails. Higher layers will look
a the last entry on the queue and use it to determine what error code to
return. Not putting any error on the queue means that those higher
layers will get whatever error was last enqueued, making the result
effectively random. Non-determinism bad.
(cherry-picked from commit 22d2355b7edc470949c163e47ba8e837a1a87f47)
Bug: 25337630
Change-Id: I701ab735dd089f5258b2252f543906d9f3baa7a2
|
|\ \
| | |
| | |
| | |
| | |
| | | |
https://android.googlesource.com/platform/system/keymaster into HEAD
Android 6.0.1 release 3
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Also, ensure that we always put some error on the OpenSSL error queue
whenever a wrapped keymaster0 operation fails. Higher layers will look
a the last entry on the queue and use it to determine what error code to
return. Not putting any error on the queue means that those higher
layers will get whatever error was last enqueued, making the result
effectively random. Non-determinism bad.
(cherry-picked from commit 22d2355b7edc470949c163e47ba8e837a1a87f47)
Bug: 25337630
Change-Id: I701ab735dd089f5258b2252f543906d9f3baa7a2
|
|\ \
| | |
| | |
| | |
| | |
| | | |
Android 6.0.0 release 26
Change-Id: I03ff70b242510f7cecbbc319b3f4a50138bacd48
|
| |\ \
| | |/
| |/| |
|
| | |\ |
|
| | | |\ |
|
| | | | |\ |
|
| | | | |/|
| | | |/|/ |
|
| | | | |\ |
|
| | | | | |\ |
|
| | | | | | |\ |
|
| | | | | | | |\ |
|
| | | | | | | | |\ |
|
| | | | | | | | | |\ |
|
| | | | | | | | | | |\ |
|
| | | | | | | | | | | |\ |
|
| | | | | | | | | | | | |\ |
|
| | | | | | | | | | | | | |\ |
|
| |/ / / / / / / / / / / / /
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
Change-Id: I54f5bcbee17b5031411e26e47e0b10bc3e4319b3
(cherry picked from commit 44b1ef05d4442f73a0f4ce891e59085a0254c306)
|
| |/ / / / / / / / / / / /
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | | |
The library contains nothing, but it exports everything in keymaster as
an include file, enabling it to be #included in other projects. This is
to make it easy to build keymaster for TLK.
Bug: 24372377
Change-Id: I0f9fd30e2feb1d89a8ff199567ce1ec6b037e236
|
| |/ / / / / / / / / / /
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | | |
This reverts commit 3fceedc788498733952279a97944f4ea22892577.
Change-Id: Ie17dd16f8689810af9efe071a0d006e026782af6
|
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | | |
Bug: 23193626
Change-Id: I71564a7ff6b3050c5fbb7bd0c12caca5a663334a
|
| |/ / / / / / / / / /
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | | |
The keymaster1 specification only requires HW modules to implement
SHA256 out of the list of keymaster1 digest modes. That would force
many keys to be software only, and would break legacy scenarios. This
change uses SoftKeymasterDevice to front keymaster modules that don't
implement the full suite of digests, quietly inserting KM_DIGEST_NONE
and KM_PAD_NONE into key generation/import requests when necessary, then
performing the digesting, and sometimes padding, in software, then
delegating crypto operations to the hardware.
This is only done for RSA and EC keys. Software digesting isn't
possible for HMAC or AES-GCM keys.
Note that this is not the complete fix for the bug. Some changes in
keystore are also required, coming in another CL.
Bug: 22529223
Change-Id: I740572eb11341fb0659085309da01d5cbcd3854d
|
|\ \ \ \ \ \ \ \ \ \ \
| |/ / / / / / / / / /
|/| | | | | | | | | | |
|
| |\ \ \ \ \ \ \ \ \ \
| | |/ / / / / / / / /
| |/| | | | | | | | | |
|
| | |\ \ \ \ \ \ \ \ \
| | | |/ / / / / / / /
| | |/| | | | | | | | |
|
| | | |\ \ \ \ \ \ \ \
| | | | |/ / / / / / /
| | | |/| | | | | | | |
|
| | | | |\ \ \ \ \ \ \
| | | | | |/ / / / / /
| | | | |/| | | | | | |
|
| | | | | |\ \ \ \ \ \
| | | | | | |/ / / / /
| | | | | |/| | | | | |
|
| | | | | | |\ \ \ \ \
| | | | | | | |/ / / /
| | | | | | |/| | | | |
|
| | | | | | | |\ \ \ \
| | | | | | | | |/ / /
| | | | | | | |/| | | |
|
| | | | | | | | |\ \ \
| | | | | | | | | |/ /
| | | | | | | | |/| | |
|
| | | | | | | | | |\ \ |
|
| | | | | | | | | | |\ \ |
|
| | | | | | | | | | | |\ \ |
|
| | | | | | | | | | | | |\| |
|
| | | | | | | | | | | | | |\ |
|
| | | | | | | | | | | | | | |\ |
|
| | | | | | | | | | | | | | | |\ |
|
| | | | | | | | | | | | | | | | |\ |
|
|/ / / / / / / / / / / / / / / / /
| | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | | |
When RSA messages that are shorter than the key size, and padding is not
applied, BoringSSL (sensbibly) refuses, because odds are very high that
the caller is doing something dumb. However, this causes some (dumb)
things that used to work to no longer work.
This CL also fixes the error code returned when a message is signed or
encrypted which is the same length as the public modulus but is
numerically larger than or equal to the public modulus. Rather than
KM_ERROR_UNKNOWN_ERROR, it now returns KM_ERROR_INVALID_ARGUMENT.
Bug: 22599805
Change-Id: I99aca5516b092f3676ffdc6c5de39f2777e3d275
|
|\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \
| |/ / / / / / / / / / / / / / / /
|/| | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | | |
unknown.""" into mnc-dev
|
| |/ / / / / / / / / / / / / / /
| | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | |
This reverts commit 0e0cea3bc8aea903a50c1ee18e9f3309e9f67515.
Bug: 22511313
Change-Id: I9c31b8ef604d961e20652c69498324b9dfce5911
|
| | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | |
KM_DIGEST_NONE and KM_PAD_NONE have implicit meanings of "any digest"
and "any padding", respectively, as well as the expected meanings of "no
digest" and "no padding". This CL changes that so they mean only "no
digest" and "no padding".
Bug: 22556114
Change-Id: I7b0b4c079067d85ba1aa39ae7edf0c6b17a9a500
|
|\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \
| |/ / / / / / / / / / / / / / /
|/| | | | | | | | | | | | | | | |
|
| |/ / / / / / / / / / / / / /
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | |
This is for compatibility with Bouncy Castle.
Bug: 22492259
Change-Id: I753e5fd223404ba960b6a35862bbd20f519f369b
|