Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / system / keymaster / d599b15c0693950bdc72fb867872044fdc484ef5
commitd599b15c0693950bdc72fb867872044fdc484ef5[log] [tgz]
authorShawn Willden <swillden@google.com>Mon Jul 27 16:58:30 2015 -0600
committerShawn Willden <swillden@google.com>Thu Aug 13 07:49:10 2015 -0600
tree2bf64c790c2272d1ef6a7f7af95b0117d21b5577
parentc0a63805e4f21e46cc533ec0938306ca997c9a2d [diff]
Do digesting, and sometimes padding, in SW when HW doesnt.

The keymaster1 specification only requires HW modules to implement
SHA256 out of the list of keymaster1 digest modes.  That would force
many keys to be software only, and would break legacy scenarios.  This
change uses SoftKeymasterDevice to front keymaster modules that don't
implement the full suite of digests, quietly inserting KM_DIGEST_NONE
and KM_PAD_NONE into key generation/import requests when necessary, then
performing the digesting, and sometimes padding, in software, then
delegating crypto operations to the hardware.

This is only done for RSA and EC keys.  Software digesting isn't
possible for HMAC or AES-GCM keys.

Note that this is not the complete fix for the bug.  Some changes in
keystore are also required, coming in another CL.

Bug: 22529223
Change-Id: I740572eb11341fb0659085309da01d5cbcd3854d
49 files changed
tree: 2bf64c790c2272d1ef6a7f7af95b0117d21b5577
  1. include/
  2. .clang-format
  3. .gitignore
  4. ae.h
  5. aes_key.cpp
  6. aes_key.h
  7. aes_operation.cpp
  8. aes_operation.h
  9. Android.mk
  10. android_keymaster.cpp
  11. android_keymaster_messages.cpp
  12. android_keymaster_messages_test.cpp
  13. android_keymaster_test.cpp
  14. android_keymaster_test_utils.cpp
  15. android_keymaster_test_utils.h
  16. android_keymaster_utils.cpp
  17. asymmetric_key.cpp
  18. asymmetric_key.h
  19. asymmetric_key_factory.cpp
  20. auth_encrypted_key_blob.cpp
  21. auth_encrypted_key_blob.h
  22. authorization_set.cpp
  23. authorization_set_test.cpp
  24. ec_key.cpp
  25. ec_key.h
  26. ec_key_factory.cpp
  27. ec_keymaster0_key.cpp
  28. ec_keymaster0_key.h
  29. ec_keymaster1_key.cpp
  30. ec_keymaster1_key.h
  31. ec_privkey_pk8.der
  32. ecdsa_keymaster1_operation.cpp
  33. ecdsa_keymaster1_operation.h
  34. ecdsa_operation.cpp
  35. ecdsa_operation.h
  36. gtest_main.cpp
  37. hkdf.cpp
  38. hkdf.h
  39. hkdf_test.cpp
  40. hmac.cpp
  41. hmac.h
  42. hmac_key.cpp
  43. hmac_key.h
  44. hmac_operation.cpp
  45. hmac_operation.h
  46. hmac_test.cpp
  47. integrity_assured_key_blob.cpp
  48. integrity_assured_key_blob.h
  49. key.cpp
  50. key.h
  51. key_blob_test.cpp
  52. keymaster0_engine.cpp
  53. keymaster0_engine.h
  54. keymaster1_engine.cpp
  55. keymaster1_engine.h
  56. keymaster_enforcement.cpp
  57. keymaster_enforcement_test.cpp
  58. km0_sw_rsa_512.blob
  59. km1_sw_ecdsa_256.blob
  60. km1_sw_rsa_512.blob
  61. km1_sw_rsa_512_unversioned.blob
  62. List.h
  63. logger.cpp
  64. Makefile
  65. ocb.c
  66. ocb_utils.cpp
  67. ocb_utils.h
  68. openssl_err.cpp
  69. openssl_err.h
  70. openssl_utils.cpp
  71. openssl_utils.h
  72. operation.cpp
  73. operation.h
  74. operation_table.cpp
  75. operation_table.h
  76. rsa_key.cpp
  77. rsa_key.h
  78. rsa_key_factory.cpp
  79. rsa_keymaster0_key.cpp
  80. rsa_keymaster0_key.h
  81. rsa_keymaster1_key.cpp
  82. rsa_keymaster1_key.h
  83. rsa_keymaster1_operation.cpp
  84. rsa_keymaster1_operation.h
  85. rsa_operation.cpp
  86. rsa_operation.h
  87. rsa_privkey_pk8.der
  88. serializable.cpp
  89. soft_keymaster_context.cpp
  90. soft_keymaster_device.cpp
  91. soft_keymaster_logger.cpp
  92. symmetric_key.cpp
  93. symmetric_key.h
  94. valgrind.supp