On the last check of the conditional param_count-- causes an unsigned
wrap around. This isn't incorrect but does lead to a false positive with
fsanitize unsigned-integer-overflow
Change-Id: If3eb7a9e248d0404a434de2ead70e8c099e84ddf
This allows the binding of minimum length for MACs or tags to HMAC keys
and AEAD symmetric keys. Later attempts to use these keys with a
shorter MAC or tag specification (provided to begin() with
KM_TAG_MAC_LENGTH) will fail with KM_ERROR_INVALID_MAC_LENGTH.
Bug: 22337277
Change-Id: Ic5292ce01bdd6ecde25aad115e4b407aadc85f23
I'd just remove them but Trusty keymaster has been generating keys with
KM_TAG_ALL_USERS and KM_TAG_ALL_APPLICATIONS, so removing them without
breaking those keys is tricky. Plus I think they may come back.
Bug: 21845167
Change-Id: I3b807e3e4bee64eba72b7fa6f1ee1929c4ca9dd0
Rescoping was never a very good solution to the problem of supporting
multiple sets of authorizations for a given key material. For M we're
removing it and in the future a better solution will be provided.
Change-Id: I6f7585274487bd66e4d90e89014af41e9aa30411
(cherry picked from commit 7f10ab99fc)
This designates keys whose origin cannot be determined because the
keymaster implementation is old and did not record it.
Change-Id: I3c366d527ed211c59f6dc04ddb48f3e9b3a07c7d
Note that there's a pre-requisite to landing this CL: The Nexus 9
keystore.flounder.so must be modified to translate between new and old
tag numbers when the TEE side is version 0.
Bug: 19509156
Change-Id: Ic584d8a6bf5601f9754563b67b3cc6b3ca6b5ff9
This tag identifies the user authorized to use the key. Unlike
KM_TAG_USER_ID, its value does not reference the Linux-side user ID, but
a secure-world user ID, generated and managed by secure-world
authentication apps.
Bug: 19511945
Change-Id: I629ab2c47ee6d42de20a963ef283e330364c8ee7
For compatibility with Trusty. I'll probably revert this later after I
find a proper fix for Trusty.
Change-Id: I49b4ae55251398eec2a6633e09bbc468f16a4d14
We may want to put the auth token structure elsewhere; it's consumed by
keymaster but produced by other components.
Bug: 19511945
Change-Id: Id9a22ad32137f3e0380c2812f790bbecab511d11
For now the keymaster1 HAL still includes all of the keymaster0 entry
points, and soft_keymaster_device will continue to implement them. In
the near future the keymaster0 entry points will be removed, as soon as
we can ensure that keystore no longer needs them.
Change-Id: I5c54282c12d1c4b8b22ed4929b6e6c724a94ede4
Change the boolean KM_TAG_SINGLE_USE_PER_BOOT to an integer-valued
KM_TAG_USES_PER_BOOT. This makes it more flexible without changing
implementation complexity.
Remove KM_TAG_RESCOPE_AUTH_TIMEOUT because there's no clear use case and
it seems unnecessarily complex.
Change-Id: Iad1512f5cc80f517e5ea7622288179c162bed2ad