Update git submodules
* Update system/keymaster from branch 'master'
to 4940539bd45ada9513417d148dd8d5cbb85cac16
- Remove libhwbinder/libhidltransport deps
Since these were combined into libhidlbase.
Bug: 135686713
Test: build only (libhwbinder/libhidltransport are empty)
Change-Id: I9902e94020ff146f1ab10687a4e327425c332fce
- Merge "Keymaster should be developed on AOSP"
am: aac806ae5b
Change-Id: I4c5b72d7c22ef7e4148c657f3e1c71e651728a3f
- Merge "Centralize bounds checking and don't overflow"
am: fc9b8b8f0d
Change-Id: Ic88310fd7400f9853b4e10ff6ba0cd00a101e808
- Make keymaster compatible with latest BoringSSL.
am: 51aa826788
Change-Id: If3906d26457688ff6622a65cdd1df409a20646df
- keymaster: upgrade to clang-r353983d am: 04b02f651d
am: 9c8c5e5a1f
Change-Id: Ibbc800c1b175134da240b00f07162584edf598ef
- keymaster: upgrade to clang-r353983d
am: 04b02f651d
Change-Id: I0922f4ec28bede7a13bb49868ee5c46657880119
- Merge "More complete initialization of AuthorizationSet" am: 058085425b
am: 17138ac95d
Change-Id: If4365f376e1ae7b2723de6f05d7f6b604ae23373
- Reject no-authorization-specified when signing am: 90174bd22c
am: ad4138c005
Change-Id: Ib28620287c4c63bc01a1ded16513edcd14676630
- Merge "More complete initialization of AuthorizationSet"
am: 058085425b
Change-Id: I9962c5e324baab4774996799dcd00d7de47f59c9
- Reject no-authorization-specified when signing
am: 90174bd22c
Change-Id: Ia2dbc4ae46b1064e9faba070451ce850bad9a246
- Merge "Update Attestation format to KM4" am: 9d6d7b83ab
am: 3ae951c611
Change-Id: I926dc2268772542f25bef13e7b22558d0298f4c0
- Don't check token for NO_AUTH_REQUIRED am: 14cb8cdec6
am: a4122c03ac
Change-Id: Ifa8dfb6b616ec37e988bf249707ef0efee0d6872
- Merge "memset_s based on capacity rather than size" am: a9ea31e93c
am: 7f0e7cdda6
Change-Id: I0ecc5ca49831231c9f3a07ba8076d02ea9583057
- Merge "Minor type cast fixes for UBSan" am: dd1492e588
am: cce6caac11
Change-Id: Ib5a9a51c0be413a3a6dfa8bcb14c961f656e97ff
- Minor change to be clean on integer sanitization am: da86b1836d
am: 8434032443
Change-Id: I97744feca4b501e3db37c84ed9c6252f17af678b
- Include malloc.h from ocb.c am: fa9924f395
am: 2433f8d4c2
Change-Id: I3f3b6dceb118f8b235bbb62e97cd2b5a880eb66b
- Revert "Many operations could have been const" am: a47727e32c
am: df819e7848
Change-Id: I7ea81de27b81c02e5386c36a7efba1b63d77b0a0
- Merge "Fix VerifyAuthorizationResponse error setting" am: 6a469e95ff
am: ca99230e67
Change-Id: I58a28275c6ebb3850824ff85670fa50c1344af2e
- Merge "Many operations could have been const" am: 98bbd5fe31 am: 63341ee42e
am: b3d5d38029
Change-Id: I29e37250a76875927d1c2ce35bb13c6eed214137
- Enforce TRUSTED_CONFIRMATION_REQUIRED am: b2a4f0b195 am: d1091e1d50
am: 73c7ed6a6f
Change-Id: Ib4604745b12b9a9275c6aa198e5be00e2b0c9c31
- Merge "Many operations could have been const" am: 98bbd5fe31
am: 63341ee42e
Change-Id: I7ce4f3416ed4c2cb0ed1aba9ae7d2b2b539def2d
- Enforce TRUSTED_CONFIRMATION_REQUIRED am: b2a4f0b195
am: d1091e1d50
Change-Id: Icef070ae345b858d8086730153ca1f02c9b85ab2
- Fix ImportWrappedKeyRequest Serialization am: 4516ca7cc0 am: d33899190f
am: 135c773309
Change-Id: Ib31a55dd5fab5299a9d4f750a7856133d23d41d0
- Fix ImportWrappedKeyRequest Serialization am: 4516ca7cc0
am: d33899190f
Change-Id: Ibf892bfd9ffbe50f513a6a2560bdaf14828a311f
- Merge stage-aosp-master into pi-dev-plus-aosp
am: 0bd1ca7706
Change-Id: I9bcbb81e1bc016e36fceda624535801b92cb576b
- Merge stage-aosp-master into pi-dev-plus-aosp
Bug: 126125118
Change-Id: I63c3541cb55665b33428703cc9b21a638560f43b
- Fix issue where hiding copy constructor deletes move constructor. am: 3b12e5e65b am: 996578be59
am: 22d67982fd
Change-Id: I12431c76e7639a204bffff2b05fc211212b766ac
- Fix issue where hiding copy constructor deletes move constructor. am: 3b12e5e65b
am: 996578be59
Change-Id: Ic1c7017503466cdb1df0ab77080823232804240f
- Explicitly include log/log.h instead of cutils/log.h am: 23e024aec0 am: 7b82103552
am: a6c5f426fd
Change-Id: Ia3621a5ed5cf9b6a9c1c094fabef068a97bb28cb
- Explicitly include log/log.h instead of cutils/log.h am: 23e024aec0
am: 7b82103552
Change-Id: I49577518ba94b2878f161e5d78730950bfabeebe
- Merge "Remove extraneous semicolon" am: 5800125e5c am: aa47f72421
am: 3deffa0791
Change-Id: I99c716f5dc1f50da228ad9a3e29672d83d13c26a
- Merge "Remove extraneous semicolon" am: 5800125e5c
am: aa47f72421
Change-Id: Ia3644c9a10263050a02acb4597ff3c4cad3e0597
- Fix/suppress system/keymaster google-explicit-constructor warnings am: 82ac34109e am: 6d8f758626
am: 6e1cc13187
Change-Id: I7ab1f13f5da1a5a8e4b2db8092d102a7602cdeff
- Fix/suppress system/keymaster google-explicit-constructor warnings am: 82ac34109e
am: 6d8f758626
Change-Id: Idbd251d7593bd5010865515bbdb66c34e196347e
- Merge "Add missing TAG definition TAG_UNLOCKED_DEVICE_REQUIRED" am: 2b4d64806c am: e7f05c6fb9
am: 1d336a9fcc
Change-Id: I915d71124dbbb4d444cd458f7aeb658e1fc336ea
- Merge "Align ARM Neon blocks to 16 bytes" am: bf1f16488d am: 1f6ad22ce4
am: df0fac0f9c
Change-Id: I3ca77f508f5ae8c94053757b1265cd348e51f169
- Add attestation_utils.cpp to libkeymaster_portable am: 01a9b8b418 am: 2720e0b01a
am: f4ccf27317
Change-Id: I671a22143d0e59261a3b1865490d88dbec965dcf
- Added missing allocation check in attestation_utils.cpp am: ff5d9551d5 am: d78de2340e
am: 9c4b8e3d01
Change-Id: I0963dbd30c2d48d5c3cc5c54885072cd05bb348f
- Added missed field 'unlocked_device_required' to KM_AUTH_LIST ASN1_SEQUNCE template. am: e2dcbc923d am: cd46543876
am: a47872f631
Change-Id: I7dbe240a5cb294f1f10c39776a8822e1d11236e5
- Merge "Improve attestation record unit test." am: a808cb53ed am: 51810040dc
am: 33eb2b31cc
Change-Id: Ie606fc55e99d5982152a5ff11c449507ca1e68c8
- [automerger skipped] Merge pie-platform-release to aosp-master - DO NOT MERGE am: 1cc0ab1b4a -s ours am: fb00c7d0e2 -s ours
am: 4c4dca649f -s ours
Change-Id: I8fb24d3aa8737419bcebc2f4e0483aa594e6704a
- [automerger skipped] Merge pi-platform-release to stage-aosp-master - DO NOT MERGE am: 1823d009b8 -s ours
am: 82b1076124 -s ours
Change-Id: I40799671de955f7ee315859af708466e0aaa967b
- Update to clang-r339409b am: e6d4aa1e1b am: 0e56e72c6c
am: 38e9122961
Change-Id: I94b9d6e6c203488a1538581f18016b92f0492187
- Switching keystore to C++17 am: f9e0ec3a9d am: 87f780d30b
am: 80dbbdeb71
Change-Id: I8d7b7b3ef469f0882fbb372b2ea90a1956390327
- [automerger skipped] Update to clang-4639204 am: 8cd7907df0 am: 40ce87e953
am: 0faf10deb3 -s ours
Change-Id: I6b2a4325073b97f075b82c1a659f3357440ed70f
- [automerger skipped] Wait for property to be created am: c33ecdfd7b am: 83ebde3285
am: c4dd364ae5 -s ours
Change-Id: I93e5e3489cdd1e65b7c9f912efaf8327aa58f8a6
- [automerger skipped] Allow no digest given to imply KM_DIGEST_NONE if it was authorized am: 9033644da5 -s ours am: eb8699ebff -s ours
am: 1ec78d7574 -s ours
Change-Id: I821d9b318706afa51af3c86627349101e9ccf4ec
- Clear __USE_FORTIFY_LEVEL after push it to stack. am: b45aadd6c0 am: 3df17ccca7
am: 76d83f66a1
Change-Id: I3ae545eb6bb1f102b19d9f35067e5d4042b37bda
- Remove fortify level for memset. am: 31b7ba975b am: 995f5647e2
am: 3dbe9f890c
Change-Id: I3633695069799bc9cc53da20a84ce8a9e286a0d7
- Suppress gcc transposed memset warning. am: 33fa94bb65 am: c00cfcfb92
am: fe000089e8
Change-Id: Icb2a848af650f866b8831022f13b7ae05a3be90a
- fix the wrong index issue in AuthProxy operator am: 8079cfe99b am: b419a17dba
am: 0afd50f03b
Change-Id: I5a914fba8c08742f6dad4e68e97db4776625b99e
- Improve KeymasterContext const correctness am: 821acb74d7 am: 4d2e6e1543
am: 085158a617
Change-Id: I07759331dcb1c86a11acfea44ae8d0b34f08a2a8
- Fix bugs in authorization set deserialization am: e8f8540159 am: 9185568fa3 am: 3c61e84611
am: a21f556e09
Change-Id: I8cb8481ce2126bbf7dd7c21e729c944242c6e32c
- Add missing commands to AndroidKeymasterCommand enum am: 79071053e6 am: 86587b54ca am: 7e99943af2
am: 546b8c047a
Change-Id: I4afa15d024c33d894d3c609d385b0a0d8522cf80
- Eliminate km_openssl's dependency on C++ stdlib. am: 312cc21266 am: b51c15acf1 am: f47cd639d0
am: a6e558ea29
Change-Id: I030de8de7be6228a1e5bfd6af8a881792acb9d92
- Fix GGC compilation errors am: 40fdc43e6b am: 556c0286fc am: 42bcf8df0e
am: a64943b29f
Change-Id: I461f7872ce504f6b47da8c0c638bc3a2aa7793ca
- Merge Android Pie into master am: 8aac7e0b4d am: 6dc8ce88fb am: 37aa19d617
am: 2e2f60d321
Change-Id: Idb4d31e2c3ab3bf1697d8df9fa7d0527fac96879
- Merge "Allow no digest given to imply KM_DIGEST_NONE if it was authorized" into stage-aosp-master am: cb120e03dc am: 88278c1c84
am: d9ba29878e
Change-Id: Ibd9bc226adedf1cf4edf5c3be7079a5b43de6f4b
- [automerger skipped] Merge "Fix SignatureTest CTS failures in keymaster1_legacy_support" into stage-aosp-master am: c909e680fb am: ef221bf27e
am: 39066e8b83 -s ours
Change-Id: Ib6bbdf58f69a640312d59c5efbaa4282fb361726
- [automerger skipped] Modernize codebase by replacing NULL with nullptr am: 5f765b86ae -s ours am: 62a94ada3b -s ours am: 42cc18fc02 -s ours
am: 064bdb5754 -s ours
Change-Id: I1d1952a8f40af22cc4e1d8c751516f20e518aa5e
- Modernize codebase by replacing NULL with nullptr am: 3712b27403 am: 903e3a7e1b
am: a6bdd969c4
Change-Id: I7d9e35f10a4411d058da9cbdb916ab1949fe0fb0
- Fix SignatureTest CTS failures in keymaster1_legacy_support
Under certain circumstances the heuristic which determines whether a
begin operation should be send to the wrapped KM1 device or the software
implementation fails sends a request to the wrapped device which then
fails with the wrong error code due to unsupported digests.
1. Begin operations on keys without purpose authorization with
purpose verify and a digest which is unsupported by the wrapped KM1
implementation and which is also not authorized.
2. Begin operations on keys with purpose authorization other than verify
which request purpose verify and a digest unsupported by the wrapped
KM1 implementation which is also not authorized.
In both cases the keymaster device should not fail. But because the
heuristic send the begin request to the wrapped implementation and an
unsupported digest is request the wrapped HAL diagnoses an unsupported
digest and fails.
This patch fixes the heuristic in that it sends all requests for keys
without purpose authorizations (1.) to the software implementation, and
it takes the requested digest into account (2.) rather than relying only
on the key characteristics.
Test: atest android.keystore.cts.SignatureTest
Running on a device with lagacy KM1 HAL with limited digest
support.
Bug: 77230940
Merged-In: Ia95f737ace5ec05a3b900a895a49e7f007e5e1db
Change-Id: Ia95f737ace5ec05a3b900a895a49e7f007e5e1db
- Wait for property to be created
In order to hide KM initialization time, KM should be able to start
early and wait for system property to be created.
Bug: 80507323
Test: Build and boot
Change-Id: Ied636970b2b5832ec2bcc683335a59d4ace18e7c
- Merge pi-dev-plus-aosp-without-vendor into stage-aosp-master am: a2040e8bcd
am: 7a5f547073
Change-Id: I086cade712d57e7fc41e43e880854bdfdd43a5b2
- Invalid ownership transfer in keymaster2_passthrough_context am: c6d9000526
am: 0694760ee3
Change-Id: Ifc22da43fa69c75d112ebdbe724504662f0e9e83
- Rename <cutils/log.h> to <log/log.h> am: 9480701e69 am: 702e0d13d7
am: 597ba254cc
Change-Id: I68874ab4e179eefc19fb552f6a3583857a79e164
- Fix type on auth token verification label. am: a1a25ff30e
am: 06e409e803
Change-Id: If153d4ad5e760daceb8000ca37b239aa084b2ca6
- Make wrapped_key functions availabile am: 25814f0524
am: 24c04e7b8d
Change-Id: I60fc8bb73cbf2b54b5f125a99e636b4e7ea8f736
- Annotate switch cases that fallthrough. am: 335949a09d am: 5039459e43
am: 4b036c83b0
Change-Id: I81d3bcf9764273379be6182af55030c4cfd69c24
- [automerger skipped] Merge changes from topics "niap-asym-write-pi-dev", "niap-asym-write-api-pi-dev" into pi-dev am: f051c127c6
am: 3d193f6a24 -s ours
Change-Id: Ib31382dea8bab03ad54ff535d8a670a8eb5113d5
- [automerger skipped] Add "unlocked device required" API am: 025c852c2a
am: d361d8fc66 -s ours
Change-Id: Ia2d80601a1fccd8ffbfaa1f6ac7a80cff0a761f4
- Add missing break statements. am: 786e3ee924
am: 167576a9e5
Change-Id: I3e447c003734b6d43df2e8f81fa5f6c8b45aa9dd
- Merge "Update to clang-4639204"
- Add missing break in switch statement. am: 525e2d9bb7
am: caad3eef02
Change-Id: Ie679b70e83e56911623baadde4983af53add4f22
- Update to clang-4639204
Use clang-4639204 to build the keymaster unit tests.
Test: 'make' after setting up boringssl per instructions in 'Makefile'
Change-Id: I27bcfc46e9fb396d221b7242b0be79017d050ed5
- Restore "Add "Unlocked device required" parameter to keys"
Add a keymaster parameter for keys that should be inaccessible when
the device screen is locked. "Locked" here is a state where the device
can be used or accessed without any further trust factor such as a
PIN, password, fingerprint, or trusted face or voice.
This parameter is added to the Java keystore interface for key
creation and import, as well as enums specified by and for the native
keystore process.
This reverts commit a1ba90df6372d7194fcb2fa59d69f0d53b2141a6.
Test: CTS tests in I8a5affd1eaed176756175158e3057e44934fffed
Bug: 67752510
Change-Id: I62d4176f04077af96779cb53c628a8579a7679d1
- Add "unlocked device required" API
Add a keymaster parameter for keys that should be inaccessible when
the device screen is locked. "Locked" here is a state where the device
can be used or accessed without any further trust factor such as a
PIN, password, fingerprint, or trusted face or voice.
This parameter is added to the Java keystore interface for key
creation and import, as well as enums specified by and for the native
keystore process.
This is the API only, full functionality will be added in a later
commit.
Test: CTS tests in CtsKeystoreTestCases
Bug: 67752510
Change-Id: I967193e7f3be4f7a4ddea004b9b203fe035a5d44
1 file changed