Lines Matching refs:blob
452 KeymasterKeyBlob* blob,
465 return SerializeIntegrityAssuredBlob(key_material, hidden, *hw_enforced, *sw_enforced, blob);
481 // 1. Software key blob. Version info, if present, is in sw_enforced. If not present, we
484 // 2. Keymaster0 hardware key blob. Version info, if present, is in sw_enforced. If not
487 // 3. Keymaster1 hardware key blob. Version info is not present and we shouldn't have been
513 static keymaster_error_t ParseOcbAuthEncryptedBlob(const KeymasterKeyBlob& blob,
520 keymaster_error_t error = DeserializeAuthEncryptedBlob(blob, &encrypted_key_material,
537 const KeymasterKeyBlob& blob, KeymasterKeyBlob* key_material, AuthorizationSet* hw_enforced,
541 const uint8_t* p = blob.key_material;
542 const uint8_t* end = blob.key_material + blob.key_material_size;
548 LOG_W("key blob appears to be truncated (if an old SW key)", 0);
569 LOG_W("key blob appears to be truncated (if an old SW key)", 0);
608 keymaster_error_t SoftKeymasterContext::ParseKeyBlob(const KeymasterKeyBlob& blob,
629 // they're protected by the keymaster0 hardware implementation). The keymaster0 key blob
636 // auth sets so reasonable defaults are generated and returned along with the key blob.
638 // Determining what kind of blob has arrived is somewhat tricky. What helps is that
650 // Assume it's an integrity-assured blob (new software-only blob, or new keymaster0-backed
651 // blob).
652 error = DeserializeIntegrityAssuredBlob(blob, hidden, key_material, hw_enforced, sw_enforced);
656 // Wasn't an integrity-assured blob. Maybe it's an OCB-encrypted blob.
657 error = ParseOcbAuthEncryptedBlob(blob, hidden, key_material, hw_enforced, sw_enforced);
663 // Wasn't an OCB-encrypted blob. Maybe it's an old softkeymaster blob.
664 error = ParseOldSoftkeymasterBlob(blob, key_material, hw_enforced, sw_enforced);
671 return ParseKeymaster1HwBlob(blob, additional_params, key_material, hw_enforced,
674 return ParseKeymaster0HwBlob(blob, key_material, hw_enforced, sw_enforced);
676 LOG_E("Failed to parse key; not a valid software blob, no hardware module configured", 0);
680 keymaster_error_t SoftKeymasterContext::DeleteKey(const KeymasterKeyBlob& blob) const {
682 keymaster_error_t error = km1_engine_->DeleteKey(blob);
684 // Note that we succeed on invalid blob, because it probably just indicates that the
685 // blob is a software blob, not a hardware blob.
693 // integrity-assured blob. If it's integrity-assured, we can't validate it strongly,
695 // that anything other than an integrity-assured blob would have all of the structure
696 // required to decode as a valid blob is low -- unless it's maliciously-constructed, but the
700 // to the underlying hardware. If not, we pass blob unmodified to the underlying hardware.
704 blob, &key_material, &hw_enforced, &sw_enforced);
708 km0_engine_->DeleteKey(blob);
711 // either the blob is a software blob (which we can't distinguish with certainty without
712 // additional_params) or because it is a hardware blob and the hardware failed. In the
848 const KeymasterKeyBlob& blob, const AuthorizationSet& additional_params,
864 keymaster_error_t error = km1_dev_->get_key_characteristics(km1_dev_, &blob, client_id_ptr,
875 *key_material = blob;
879 keymaster_error_t SoftKeymasterContext::ParseKeymaster0HwBlob(const KeymasterKeyBlob& blob,
885 unique_ptr<EVP_PKEY, EVP_PKEY_Delete> tmp_key(km0_engine_->GetKeymaster0PublicKey(blob));
893 *key_material = blob;
