Gitiles
Code Review Sign In
review.blissroms.org / platform_system_keymaster / 9a1cd6d88dabe29fb921ff26612695b59aaf125c
commit9a1cd6d88dabe29fb921ff26612695b59aaf125c[log] [tgz]
authorShawn Willden <swillden@google.com>Wed Jul 08 17:12:16 2015 -0600
committerShawn Willden <swillden@google.com>Tue Sep 08 15:21:05 2015 -0600
tree5dbebf3d6b1b502c384f931c189992622e1092c4
parent607b0e066953a7ac8d0cb0bf884bfa1a50a7b08a [diff]
Truncate too-long digests for keymaster 0 ECDSA sign operations

BoringSSL doesn't pre-truncate too-long digests before calling the ECDSA
sign operation via the ENGINE interface, and TrustyKeymaster is picky
about accepting them.  This means that trying to sign a message with,
say, a 256-bit key and a 384-bit hash fails on Volantis.

This CL also corrects an error in get_supported_digests for ECDSA, which
was advertising support for MD5.  BoringSSL doesn't support ECDSA with
MD5 and we're not offering it in the JCA API, so the solution is simply
not to advertise it and to return a better error code if it's requested
anyway.

Bug: 22355708
Change-Id: Iba2dad6953db7eda23951760b734f499a13c5191
3 files changed
tree: 5dbebf3d6b1b502c384f931c189992622e1092c4
  1. include/
  2. .clang-format
  3. .gitignore
  4. ae.h
  5. aes_key.cpp
  6. aes_key.h
  7. aes_operation.cpp
  8. aes_operation.h
  9. Android.mk
  10. android_keymaster.cpp
  11. android_keymaster_messages.cpp
  12. android_keymaster_messages_test.cpp
  13. android_keymaster_test.cpp
  14. android_keymaster_test_utils.cpp
  15. android_keymaster_test_utils.h
  16. android_keymaster_utils.cpp
  17. asymmetric_key.cpp
  18. asymmetric_key.h
  19. asymmetric_key_factory.cpp
  20. auth_encrypted_key_blob.cpp
  21. auth_encrypted_key_blob.h
  22. authorization_set.cpp
  23. authorization_set_test.cpp
  24. ec_key.cpp
  25. ec_key.h
  26. ec_key_factory.cpp
  27. ec_keymaster0_key.cpp
  28. ec_keymaster0_key.h
  29. ec_privkey_pk8.der
  30. ecdsa_operation.cpp
  31. ecdsa_operation.h
  32. gtest_main.cpp
  33. hkdf.cpp
  34. hkdf.h
  35. hkdf_test.cpp
  36. hmac.cpp
  37. hmac.h
  38. hmac_key.cpp
  39. hmac_key.h
  40. hmac_operation.cpp
  41. hmac_operation.h
  42. hmac_test.cpp
  43. integrity_assured_key_blob.cpp
  44. integrity_assured_key_blob.h
  45. key.cpp
  46. key.h
  47. key_blob_test.cpp
  48. keymaster0_engine.cpp
  49. keymaster0_engine.h
  50. keymaster_enforcement.cpp
  51. keymaster_enforcement_test.cpp
  52. km0_sw_rsa_512.blob
  53. km1_sw_ecdsa_256.blob
  54. km1_sw_rsa_512.blob
  55. km1_sw_rsa_512_unversioned.blob
  56. List.h
  57. logger.cpp
  58. Makefile
  59. ocb.c
  60. ocb_utils.cpp
  61. ocb_utils.h
  62. openssl_err.cpp
  63. openssl_err.h
  64. openssl_utils.cpp
  65. openssl_utils.h
  66. operation.cpp
  67. operation.h
  68. operation_table.cpp
  69. operation_table.h
  70. rsa_key.cpp
  71. rsa_key.h
  72. rsa_key_factory.cpp
  73. rsa_keymaster0_key.cpp
  74. rsa_keymaster0_key.h
  75. rsa_operation.cpp
  76. rsa_operation.h
  77. rsa_privkey_pk8.der
  78. serializable.cpp
  79. soft_keymaster_context.cpp
  80. soft_keymaster_device.cpp
  81. soft_keymaster_logger.cpp
  82. symmetric_key.cpp
  83. symmetric_key.h
  84. valgrind.supp