Gitiles
Code Review Sign In
review.blissroms.org / platform_system_keymaster / b90937dff779401d4c6e6d425fd0e49f71e35f07
commitb90937dff779401d4c6e6d425fd0e49f71e35f07[log] [tgz]
authorDavid Drysdale <drysdale@google.com>Mon Mar 08 13:52:17 2021 +0000
committerDavid Drysdale <drysdale@google.com>Wed May 19 08:05:02 2021 +0100
tree119c0bd6be526616d9f789348162f18c8362a86f
parentf747e92a5285349728b50cd044c5813f0892262d [diff]
Key{Master,Mint}: stricter parameter checking

 - reject more than 2KiB of entropy (both KeyMaster and KeyMint AIDL specs
   require >2KiB to be rejected; the KeyMint VTS test now checks this)
 - check that HMAC length is a multiple of 8
 - check that an attestation challenge is provided whenever an attestion
   key is included
 - in KeyMint mode, strip out any locally-generated CREATION_DATETIME
   tag (but return any value that came from the request)
 - allow EARLY_BOOT key creation but not import

Test: VtsAidlKeyMintTargetTest
Change-Id: I77bcc13cbf096a531d13f85a94d19a16cb812a43
6 files changed
tree: 119c0bd6be526616d9f789348162f18c8362a86f
  1. android_keymaster/
  2. contexts/
  3. cppcose/
  4. include/
  5. key_blob_utils/
  6. km_openssl/
  7. legacy_support/
  8. ng/
  9. tests/
  10. .clang-format
  11. .gitignore
  12. Android.bp
  13. km0_sw_rsa_512.blob
  14. km1_sw_ecdsa_256.blob
  15. km1_sw_rsa_512.blob
  16. km1_sw_rsa_512_unversioned.blob
  17. METADATA
  18. MODULE_LICENSE_APACHE2
  19. NOTICE
  20. OWNERS
  21. PREUPLOAD.cfg
  22. sw_rsa_attest_root.key.pem
  23. valgrind.supp