| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
One of the SoterTest apk test is failing due to garbage value
seen when logging params.blob.data in keystore.
Change-Id: I8bb12bd85380c73822a7aaf1b0e0914e6b3a46a8
|
| |
|
|
|
|
| |
Get and append the ASK key blob to the params set for SOTER.
Change-Id: Id4d935af5b62e01727eeb23e72e31b5c00bd2587
|
| |\
| |
| |
| |
| |
| | |
https://android.googlesource.com/platform/system/security into cm-13.0
Android 6.0.1 release 22
|
| | |\ |
|
| | | |\
| | |/
| |/|
| | |
| | |
| | |
| | | |
am: ddab0bb513
* commit 'ddab0bb51320af9f277d98a4e36e77ea527503e5':
Limit maximum number of concurrent keystore operations.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
If keystore is allowed to consume all 16 of the keymaster operation
table slots, cryptfs may not be able to use keymaster to protect the
disk encryption key during a password change. This CL prevents keystore
from allowing more than 15 concurrent keystore operations, leaving one
available for cyptfs.
Bug: 25312003
Change-Id: I3bcae59c6a79d5f7d2e2f432251bb7b818f57581
|
| | | |\
| | |/
| |/|
| | |
| | | |
* commit '410ba59a76a8feb48ffb5bde3045ac6f76db0c36':
Fix failure to save master key on new profile
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This change tweaks things as needed so that the code will compile
against both the BoringSSL that's currently in Android and a version
from upstream. The BORINGSSL_201509 define is temporary to allow the
switch to happen without breaking the build and a followup change will
remove it.
(cherry picked from commit 9eb9295d78a4fbfb4b4916d597a5fcb6ee2d5677)
Change-Id: I3d09b5644661353723803bcbda937d34455849a5
|
| |\ \ \
| | | |
| | | |
| | | |
| | | |
| | | | |
https://android.googlesource.com/platform/system/security into HEAD
Android 6.0.1 release 3
|
| | |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
If keystore is allowed to consume all 16 of the keymaster operation
table slots, cryptfs may not be able to use keymaster to protect the
disk encryption key during a password change. This CL prevents keystore
from allowing more than 15 concurrent keystore operations, leaving one
available for cyptfs.
Bug: 25312003
Change-Id: I3bcae59c6a79d5f7d2e2f432251bb7b818f57581
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
New profiles use the master key of the parent user for keystore.
Unfortunately copyMasterKey only copies the key from the parent to the
user in memory but doesn't save it to disk, causing the child user to be
uninitialized after a reboot.
Bug: 23889443
(cherry picked from commit 79e0f6440aee69659bc01a0669a329dbaeaf471c)
Change-Id: I1f148fde3862d22292dfce217aacdc3f70f9c2ef
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| | |
Android 6.0.0 release 26
Conflicts:
keystore/keystore.cpp
Change-Id: I32d4dc7cee4a7b1996f31d76bae94d0a408cacc3
|
| | |\
| | |
| | |
| | | |
mnc-dr-dev
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
SoftKeymasteDevice can provide software digesting and padding for
keymaster1 implementations that don't provide all of the required
digests. This CL modifies keymaster to check for such keymaster1
implementations and add a SoftKeymasterDevice wrapper.
The SoftKeymasterDevice work necessary to make this function would have
required adding an implementation of the keymaster0 API import_keypair
in terms of keymaster1 API calls (import_key). Rather than do that, I
instead implemented the relevant keystore function directly on the
keymaster1 API. This approach is cleaner than adding the same code into
the translation layer, and allows removal of the last vestiges of
keymaster0 API usage from keystore.
Bug: 22529223
Change-Id: Ie4c7bba7943a549f35df3086dccea001edb5bb2b
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
SoftKeymasteDevice can provide software digesting and padding for
keymaster1 implementations that don't provide all of the required
digests. This CL modifies keymaster to check for such keymaster1
implementations and add a SoftKeymasterDevice wrapper.
The SoftKeymasterDevice work necessary to make this function would have
required adding an implementation of the keymaster0 API import_keypair
in terms of keymaster1 API calls (import_key). Rather than do that, I
instead implemented the relevant keystore function directly on the
keymaster1 API. This approach is cleaner than adding the same code into
the translation layer, and allows removal of the last vestiges of
keymaster0 API usage from keystore.
Bug: 24873723
Change-Id: Ie4c7bba7943a549f35df3086dccea001edb5bb2b
|
| |/ /
| |
| |
| |
| |
| |
| | |
During type change, the keyblob gets encrypted,
read keyblob again to decrypt the keyblob.
Change-Id: I74e9c4b835e165d71a5e4a265496247bf72a6737
|
| |\ \
| | |
| | |
| | |
| | |
| | |
| | | |
am 0d593526: Properly check for Blob max length
* commit '8a2c33b6f9b28e18a2a59d1fa0e11cf553a51eac':
Properly check for Blob max length
|
| | |\ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
check for Blob max length
* commit '48d998cd4982554f9b66b029331dab17154299cc':
Properly check for Blob max length
|
| | | |\ \
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
max length
* commit 'aca711395dd65d05b48c8bec3b1d2da8d81d41b8':
Properly check for Blob max length
|
| | | | |\ \
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
* commit '738d1e9d0ec29964f01211ceb6f471d6666b2316':
Properly check for Blob max length
|
| | | | | |\ \
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
* commit '1b8885baf5ebe2e2e6fdfe6e53174fd79f46ae11':
Properly check for Blob max length
|
| | | | | | |\ \
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
* commit '0d5935262dbbcaf2cf6145529ffd71a728ef4609':
Properly check for Blob max length
|
| | | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
sizeof(mBlob.value) is incorrect because writeBlob pads up to the next
AES_BLOCK_SIZE
Bug:22802399
Change-Id: I377edca2c7ea2cf4455f22f5f927fdad79893729
|
| | |_|_|_|_|_|/
|/| | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
sizeof(mBlob.value) is incorrect because writeBlob pads up to the next
AES_BLOCK_SIZE
Bug:22802399
Change-Id: I377edca2c7ea2cf4455f22f5f927fdad79893729
|
| |\| | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
am b124c9e8: Fix unchecked length in Blob creation
* commit 'c761a1ed08d110348bdc897804f3ba59d746579f':
Fix unchecked length in Blob creation
|
| | |\| | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
unchecked length in Blob creation
* commit '63bc525c24efc3a1f6386a4e0e395a4c70a335ca':
Fix unchecked length in Blob creation
|
| | | |\| | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Blob creation
* commit '853b8d7984673976f943fc1664012598cb040696':
Fix unchecked length in Blob creation
|
| | | | |\| | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
* commit 'fd1ad3790fb089485cf7afc07f8b9f53d4c3136a':
Fix unchecked length in Blob creation
|
| | | | | |\| |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
* commit '1c73457afe3cb0afbc2a2884c41cfdd1148aca36':
Fix unchecked length in Blob creation
|
| | | | | | |\|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
* commit 'b124c9e86a5f8466f527501c6677b4b1b165c0b1':
Fix unchecked length in Blob creation
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Applications can specify arbitrary blobs using insert(), check their
length to prevent overflow issues.
Bug:22802399
Change-Id: I4097bd891c733914df70da5e2c58783081d913bf
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Applications can specify arbitrary blobs using insert(), check their
length to prevent overflow issues.
Bug:22802399
Change-Id: I4097bd891c733914df70da5e2c58783081d913bf
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Bug: 22556114
Change-Id: I44fda03305ddd50cb4ba3c6f6b24cfd9c2af9659
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Files created by keystore should never be 0 length however a vendor ran
into such a case when testing their keymaster and a side effect of how
keystore parses files leads to these keys being considered encrypted and
ulitmately undeletable.
Now mark 0 length files as corrupt in readKey and when deleting a key if
the key fails to read in because it was corrupt simply rm the file since
it is not possible to feed the key blob to keymaster's delete method.
Bug: 22561219
Change-Id: Ie8c1ffe97d1d89c202cdab7a6b4b5efc914cbbff
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Bug: 22205545
Change-Id: I170e798b327020ff741031ec05e875c685a49e9d
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Bug: 22008538
Change-Id: Id6e3ca5c1defc8149b7ae7de5787b3635e2a4262
|
| |\ \ \ \ \ \ \ |
|
| | | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
keystore service's begin operation may sometimes encounter a situation
where the underlying device's begin operation fails because of too
many operations in progress. In that case, keystore attempts to prune
the oldest pruneable operation by invoking the underlying device's
abort operation. Regardless of whether the abort operation fails,
keystore then removes the operation from the list of in-progress
prunable operations.
The issue is that when the underlying device's abort operation fails,
keystore fails the begin operation that caused all this prunining.
This is despite the fact that keystore has managed to make space for
one more operation.
The fix is to fail the begin operation only if the pruning attempt
did not make space for a a new operation.
Bug: 22040842
Change-Id: Id98b2c6690de3cfb2a7b1d3bdd10742cc59ecbfa
|
| |/ / / / / / /
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
This fixes a bug introduced by
9221bff2f13451ef330135bb32ea96de2a8b09cc which invoked authorization
checks after begin operation, while ignoring any errors returned by
that operation. This CL restrores the correct order: authorization
checks are followed by begin operation.
Bug: 22039986
Change-Id: I3516cb120c21b9659289faa5d1ca0225df35a06d
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
This fixes the issue where, on 32-bit platforms, keys expiring after
about 2^31 - 1 seconds since epoch (Jan 19 2038) might be treated as
already expired.
The issue was caused by using time_t (signed 32-bit on 32-bit
platforms) as current time and downcasting uint64 activation and
expiration time instants to time_t to compare them to current time.
This downcasting could make future time instants appear to be in the
past on 32-bit platforms.
Bug: 22015107
Change-Id: Iae12019c3c019beb92d791fda80b622fa5c4ac4e
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Bug: 19511945
Change-Id: I76c04e8d3253ba490cedac53bbc75943ec68df1d
|
| |\ \ \ \ \ \ \ |
|
| | | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
exist requires the keystore exist permission which callers of
sign/verify may not have. Instead log key not found if begin returns
::KEY_NOT_FOUND.
Bug: 21658885
Change-Id: I8c42f3a636a248e3fb1f0344bf32667fce57f667
|
| |/ / / / / / /
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Bug: 21877150
Change-Id: I43dafb66fc3246f4d8e3bf4743fbdcbe072468d1
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Rewrite generate, import, get_pubkey, sign and verify using the new
keymaster 1.0 methods (generateKey, exportKey, and begin/update/finish).
This also removed DSA support from generate and import.
Change-Id: I6c6baec4aa86325a2b9c171b9883ba5a0b47236e
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Keymaster 0.3 keys are all valid keymaster 1.0 keys, so allow get to
return a keymaster 0.3 when looking for a 1.0 key to allow new methods
to work on old keys.
Change-Id: I20a32e39769a548224bcca7a42ef967285431c5d
|
| |\ \ \ \ \ \ \ |
|
| | | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
If provided the extra entropy will be added to the device before calling
finish. If entropy is provided and the device does not support supplying
additional entropy then finish will fail with KM_ERROR_UNIMPLEMENTED.
(cherry-picked from commit 8cfb8ac6e9bd291e9d861a32de2719e3bc797191)
Change-Id: If26be118bf382604f6f8e96e833b76e6f9e94d58
|
| |\ \ \ \ \ \ \ \
| |/ / / / / / /
|/| | | | | | | |
|
| | | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
The keymaster adapter wraps the hardware module to allow keystore to
call the new keymaster methods on it and continue using old keys created
by that device with the new methods.
Change-Id: Ica08d81c3707023d378ad5fe6562dc642f58ca90
|
