Gitiles
Code Review Sign In
review.blissroms.org / platform_system_keymaster / dd136977b257fb008ca1616590d79a05d2c43747
commitdd136977b257fb008ca1616590d79a05d2c43747[log] [tgz]
authorMax Bires <jbires@google.com>Wed May 26 13:03:34 2021 -0700
committerMax Bires <jbires@google.com>Wed May 26 14:39:54 2021 -0700
tree54ced70be9bddc01f5dc2f619dc6b88f12b299e9
parent0faf82f20f1e7a1d7ee85f1a9a7c89d57c59a0c5 [diff]
Fixing up reference impl to match new CDDL

This changes the reference implementation to add the MAC tag from the
MACing operation over the list of public keys to be signed into the AAD
for the signature of the ephemeral MAC key. This prevents a potential
vulnerability that would arise whereby an attacker could get arbitrary
key pairs signed if they compromised the GEEK private key.

Bug: 189018262
Test: atest VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: I31f352667e50d273bd1d545ee786ce8b09d4eb4d
1 file changed
tree: 54ced70be9bddc01f5dc2f619dc6b88f12b299e9
  1. android_keymaster/
  2. contexts/
  3. cppcose/
  4. include/
  5. key_blob_utils/
  6. km_openssl/
  7. legacy_support/
  8. ng/
  9. tests/
  10. .clang-format
  11. .gitignore
  12. Android.bp
  13. km0_sw_rsa_512.blob
  14. km1_sw_ecdsa_256.blob
  15. km1_sw_rsa_512.blob
  16. km1_sw_rsa_512_unversioned.blob
  17. METADATA
  18. MODULE_LICENSE_APACHE2
  19. NOTICE
  20. OWNERS
  21. PREUPLOAD.cfg
  22. sw_rsa_attest_root.key.pem
  23. valgrind.supp