tequilaOS/platform_system_security
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
platform_system_security/keystore
History
Shawn Willden d5a24e6745 Superencrypt authentication-bound keys. 
This CL causes keystore to automatically encrypt all newly-created
keymaster key blobs which are authentication-bound.  This appears on its
face to be pointless, since the sensitive key material in the key blobs
is already encrypted by the Trusted Execution Environment.  It's not
pointless because this adds a cryptographic dependency on the user's
password, including any strengthening performed by
LockSettingService... which may include the use of a separate hardware
trusted module, separate from (and presumably more secure than) the TEE.

A better solution is planned for the next release, but that requires
changes to Gatekeeper and Keymaster. This superencryption will be
removed when that work is done.

Note that the encryption method used by keystore is weak. A separate CL will
replace the weak method with a proper authenticated encryption.

(cherry picked from commit 07aebe7305)

Test: Manual testing.
Bug: 35849499
Change-Id: I0c4910ea24b97bc8046f3d114bfb336670d03321
2017-04-13 17:45:49 -06:00
..
include/keystore Superencrypt authentication-bound keys. 2017-04-13 17:45:49 -06:00
tests Fix AuthTokenTable tests. 2016-03-25 12:34:28 -06:00
.clang-format Add attestation application id for key attestation 2016-08-19 15:04:48 +01:00
Android.mk fix: wifi doesn't work on the generic system image 2017-04-11 09:12:00 +09:00
auth_token_table.cpp Revert "Delegate auth token parsing to HAL." 2017-03-28 00:44:33 +00:00
auth_token_table.h Revert "Delegate auth token parsing to HAL." 2017-03-28 00:44:33 +00:00
authorization_set.cpp Port to binderized keymaster HAL 2017-01-23 08:30:49 -07:00
blob.cpp Superencrypt authentication-bound keys. 2017-04-13 17:45:49 -06:00
blob.h Superencrypt authentication-bound keys. 2017-04-13 17:45:49 -06:00
defaults.h Port to binderized keymaster HAL 2017-01-23 08:30:49 -07:00
entropy.cpp Refactor keystore. 2016-01-26 22:48:06 -07:00
entropy.h Refactor keystore. 2016-01-26 22:48:06 -07:00
IKeystoreService.cpp Port to binderized keymaster HAL 2017-01-23 08:30:49 -07:00
key_store_service.cpp Superencrypt authentication-bound keys. 2017-04-13 17:45:49 -06:00
key_store_service.h Revert "Delegate auth token parsing to HAL." 2017-03-28 00:44:33 +00:00
KeyAttestationApplicationId.cpp Add attestation application id for key attestation 2016-08-19 15:04:48 +01:00
KeyAttestationPackageInfo.cpp Add attestation application id for key attestation 2016-08-19 15:04:48 +01:00
keyblob_utils.cpp Separate keymaster0 and keymaster1 HALs. 2015-02-25 23:13:12 -07:00
keymaster_enforcement.cpp Add manufacturer and model to device ID attestation 2017-03-20 14:02:36 +01:00
keymaster_enforcement.h Port to binderized keymaster HAL 2017-01-23 08:30:49 -07:00
keystore.cpp Superencrypt authentication-bound keys. 2017-04-13 17:45:49 -06:00
keystore.h Phase out keymaster fallback support 2017-01-30 11:49:14 +00:00
keystore.rc Move keystore to foreground cpuset. 2016-04-15 19:18:05 +00:00
keystore_aidl_hidl_marshalling_utils.cpp Port to binderized keymaster HAL 2017-01-23 08:30:49 -07:00
keystore_aidl_hidl_marshalling_utils.h Port to binderized keymaster HAL 2017-01-23 08:30:49 -07:00
keystore_attestation_id.cpp Revise the attestation application id format 2016-09-01 15:01:33 +01:00
keystore_attestation_id.h Revise the attestation application id format 2016-09-01 15:01:33 +01:00
keystore_cli.cpp Port to binderized keymaster HAL 2017-01-23 08:30:49 -07:00
keystore_cli_v2.cpp Port to binderized keymaster HAL 2017-01-23 08:30:49 -07:00
keystore_client.proto Add encryption convenience methods to KeystoreClient. 2015-11-02 09:12:59 -08:00
keystore_client_impl.cpp Port to binderized keymaster HAL 2017-01-23 08:30:49 -07:00
keystore_get.cpp Port to binderized keymaster HAL 2017-01-23 08:30:49 -07:00
keystore_get_wifi_hidl.cpp Fix transitive include. 2017-04-06 12:41:59 -07:00
keystore_keymaster_enforcement.h Port to binderized keymaster HAL 2017-01-23 08:30:49 -07:00
keystore_main.cpp keystore: Run Wifi keystore HAL in keystore daemon 2017-03-30 13:04:46 -07:00
keystore_tags_utils.cpp Port to binderized keymaster HAL 2017-01-23 08:30:49 -07:00
keystore_utils.cpp Port to binderized keymaster HAL 2017-01-23 08:30:49 -07:00
keystore_utils.h Port to binderized keymaster HAL 2017-01-23 08:30:49 -07:00
legacy_keymaster_device_wrapper.cpp Revert "Delegate auth token parsing to HAL." 2017-03-28 00:44:33 +00:00
legacy_keymaster_device_wrapper.h Revert "Delegate auth token parsing to HAL." 2017-03-28 00:44:33 +00:00
operation.cpp Revert "Delegate auth token parsing to HAL." 2017-03-28 00:44:33 +00:00
operation.h Revert "Delegate auth token parsing to HAL." 2017-03-28 00:44:33 +00:00
permissions.cpp Fix unique ID attestation. 2017-04-11 11:48:50 -06:00
permissions.h Fix unique ID attestation. 2017-04-11 11:48:50 -06:00
Signature.cpp Add attestation application id for key attestation 2016-08-19 15:04:48 +01:00
test-keystore Revive test script for keystore 2015-09-24 21:10:20 +03:00
user_state.cpp Port to binderized keymaster HAL 2017-01-23 08:30:49 -07:00
user_state.h Fix google-explicit-constructor warnings in keystore. 2016-07-12 11:58:02 -07:00