cef39477f9d5f52f716165be8fadcf94cab19b1e - android_system_security

commit	cef39477f9d5f52f716165be8fadcf94cab19b1e	[log] [tgz]
author	Pavel Grafov <pgrafov@google.com>	Mon Feb 12 18:45:02 2018 +0000
committer	Pavel Grafov <pgrafov@google.com>	Thu Feb 15 18:20:28 2018 +0000
tree	b157374fb2b68cb0028d05bb176063c692bf0e64
parent	3bd6a51a6d49e465bcb03a43998f5bd9367fb59c [diff]

NIAP: Log key integrity failure to audit log.

Logs key integrity violation in two cases:
1. software-detected corruption of key blob.
2. keymaster operation returning INVALID_KEY_BLOB

Changed AES_gcm_decrypt to return VALUE_CORRUPTED on decryption errors
to be consistent with digest check for older version blob.

Bug: 70886042
Test: manual, by patching some bytes in the blob.
Test: cts-tradefed run cts -m CtsKeystoreTestCases
Change-Id: Ic8f6b7a2a49aee01253b429644af409e568d7deb

keystore/KeyStore.cpp[diff]
keystore/blob.cpp[diff]
keystore/key_store_service.cpp[diff]
keystore/keystore_utils.cpp[diff]
keystore/keystore_utils.h[diff]

5 files changed

tree: b157374fb2b68cb0028d05bb176063c692bf0e64

keystore/
keystore-engine/
.clang-format
Android.bp
MODULE_LICENSE_APACHE2
NOTICE
OWNERS
PREUPLOAD.cfg