| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The keymaster1 specification only requires HW modules to implement
SHA256 out of the list of keymaster1 digest modes. That would force
many keys to be software only, and would break legacy scenarios. This
change uses SoftKeymasterDevice to front keymaster modules that don't
implement the full suite of digests, quietly inserting KM_DIGEST_NONE
and KM_PAD_NONE into key generation/import requests when necessary, then
performing the digesting, and sometimes padding, in software, then
delegating crypto operations to the hardware.
This is only done for RSA and EC keys. Software digesting isn't
possible for HMAC or AES-GCM keys.
Note that this is not the complete fix for the bug. Some changes in
keystore are also required, coming in another CL.
Bug: 22529223
Change-Id: I740572eb11341fb0659085309da01d5cbcd3854d
|
|
|
|
|
|
|
| |
This reverts commit 0e0cea3bc8aea903a50c1ee18e9f3309e9f67515.
Bug: 22511313
Change-Id: I9c31b8ef604d961e20652c69498324b9dfce5911
|
|
|
|
|
|
| |
This reverts commit 9972a539acb4d17368ee607465d61b48acd71bde.
Change-Id: Id5beb9c8ae8f3b106adc5f5e62eca0194b926be8
|
|
|
|
|
| |
Bug: 22511313
Change-Id: I699df8010e27a546b2186896890c0099bfb149ae
|
|
|
|
|
| |
Bug: 21955742
Change-Id: I4385a6539229b174facd5f04ce0391e2e8c3608d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Android is built with exceptions disabled, but "operator new" and
"operator new[]" still throw std::bad_alloc on failure rather than
returning new. In general this is a good thing, because it will cause
an immediate crash of the process rather than assigning a null pointer
which is probably not checked. But most memory allocations in Keymaster
are checked, because it's written to run in an environment where new
does *not* throw. This CL updates the code to explicitly use the
non-throwing new.
A handful of throwing news remain, but only in places where a crash on
failure is appropriate.
In addition, this CL also inserts buffer wrap checks in key locations
and changes the development-machine Makefile to build in 32-bit mode, to
make memory problems more apparent.
Bug: 21888473
Change-Id: I8ebc5ec12053e4f5274f6f57ce312abc10611cef
|
|
|
|
|
|
|
| |
I should have known better than to make these singletons to begin
with. Globals create problems. This undoes that mistake.
Change-Id: Idf61d5f72e3c34b5c4ddb27cc94b05f506561743
|
|
|
|
|
| |
Bug: 20912868
Change-Id: If63899e3244aed45d939d0165e6d94a1caa9d220
|
|
Bug: 20912868
Change-Id: I515a125f1247357d2cd9b4633c3b223590848093
|