GitLab

Bug: 26910835
Change-Id: I2973221a798b08bbde6dc7ac5464a99b2dc26b4d

Some OpenSSL parsing functions have, historically, allowed a structure
to be passed in to reuse that memory. There have been many bugs arising
from this corner case and it's generally best to avoid it.

This change just passes in NULL because a new structure was being
allocated anyway. Also, the API didn't guarantee that the memory would
always be reused – code had to check the updated pointer, which this
didn't do. So it might have broken in the future.

Change-Id: Iba98f9d11ece457cf6b66e2637bb8cb23f5930d2

* changes:
  Add KM_TAG_ALLOW_WHILE_ON_BODY
  Add attestation support to keystore.

Actually, this change eliminates the need to update keystore_cli_v2
every time a tag is added, which also has the effect of supporting
KM_TAG_ALLOW_WHILE_ON_BODY.

Change-Id: I15dd4ec4b7cab52dba43ec5d0afc6f8caf922389

Bug: 22914603
Change-Id: I14fbfbe30b96c5c29278fa548e06b65f15942fe2

This CL doesn't wire in any of the new keymaster2 features, it just uses
the keymaster2 HAL rather than the keymaster1 HAL.  This means that if
keymaster1 hardware is found, it is unconditionally wrapped in
SoftKeymasterDevice, so keymaster2 functionality can (eventually) be
provided.

Change-Id: Ica2cb0751e4e0a82c56c36b03f94da54ef62d9a3

This CL isn't nearly as big as it looks.  It doesn't change keystore
functionality, it just moves all of the classes out of the former
keystore.cpp into their own .h and .cpp files.

Change-Id: I29a1ce21bff574be56128b32fc417e5a3d3c55fb

Change-Id: I6a584c8f0ae7a0461ea33836f0ca15bc89f2367f

am: 108a5d34

* commit '108a5d34':
  Limit maximum number of concurrent keystore operations.

am: ab421460

* commit 'ab421460':
  ECIES: adding ECIES-KEM

Bug: 25312003
Change-Id: I3bcae59c6a79d5f7d2e2f432251bb7b818f57581

Change-Id: I9f4dd30786f5de170c2e12c1cff52b9ecbb26a2c

am: 296727f8

* commit '296727f8':
  keystore: Add a test suitable for Brillo PTS.

The test can be run with the command:
  keystore_cli_v2 brillo-platform-test

Test results will be printed to stdout and the exit code will be the
number of failed tests.

BUG=24751339

Change-Id: I2cfe2ca034fa3aa76e7f39488ebbf40482ecb5b9

am: 641c6299

* commit '641c6299':
  Add keystore to AID_READPROC

keystore access /proc entries associated with other UIDs.
Allow it.

Bug: 23310674
Change-Id: I72fa3fa3df5d7c8c359b5a78fe89d7f7cdb8ab24

am: 19a1dcea

* commit '19a1dcea':
  Add -Wno-unused-parameter when using libchrome.

am: e943c2f6

* commit 'e943c2f6':
  Add NOTICE and MODULE_LICENSE_ files.

am: 17f2c2f7

* commit '17f2c2f7':
  Reallocate keymaster parameters with malloc.

am: e01125c8

* commit 'e01125c8':
  Add encryption convenience methods to KeystoreClient.

am: 4122b99b

* commit '4122b99b':
  Create a KeystoreClient class.

Bug: 25001992
Change-Id: Ia6b9963d5c3c3f9d399be3ac06436e99fdf42e91

BUG: 24571104

Change-Id: I9ddbae39da660f3111569df80c83db9fc88daa0f

Keystore assumes keymaster parameters are allocated with malloc but
keymaster's AuthorizationSet allocates with new[]. To avoid memory
corruption, reallocate with malloc before passing to keystore.

BUG: 24905120

Change-Id: I958d5060b08bb0c97eceded354241e0948d5f3b2

This Cl adds authenticated encryption and decryption methods which
require minimal inputs. These methods are suitable for encrypting local
state on brillo.

BUG: 23528174
TEST=manual using the keystore_cli_v2 tool

Change-Id: I41abcd77452e86b1eb7373f9db95b645100e2f0f

KeystoreClient is designed to give native brillo services convenient
access to keystore services. This CL also includes a command line tool
that uses the KeystoreClient interface. This was used for testing but
can also be enhanced to be generally useful.

BUG: 23528174
TEST=manual tests using keystore_cli_v2

Change-Id: I6266d98cfc7c4936f803a8133020c032bc519a5b