Skip to content

GitLab

Switch branch/tag
  1. 25 Jan, 2016 1 commit
  3. 02 Nov, 2015 1 commit
  5. 30 Oct, 2015 1 commit
    • Shawn Willden's avatar
      Limit maximum number of concurrent keystore operations. · ddab0bb5
      Shawn Willden authored 
      If keystore is allowed to consume all 16 of the keymaster operation
table slots, cryptfs may not be able to use keymaster to protect the
disk encryption key during a password change.  This CL prevents keystore
from allowing more than 15 concurrent keystore operations, leaving one
available for cyptfs.

Bug: 25312003
Change-Id: I3bcae59c6a79d5f7d2e2f432251bb7b818f57581
      ddab0bb5
  7. 12 Oct, 2015 1 commit
  9. 09 Oct, 2015 1 commit
    • Chad Brubaker's avatar
      Fix failure to save master key on new profile · 410ba59a
      Chad Brubaker authored 
      New profiles use the master key of the parent user for keystore.
Unfortunately copyMasterKey only copies the key from the parent to the
user in memory but doesn't save it to disk, causing the child user to be
uninitialized after a reboot.

Bug: 23889443

(cherry picked from commit 79e0f644)

Change-Id: I1f148fde3862d22292dfce217aacdc3f70f9c2ef
      410ba59a
  11. 03 Oct, 2015 1 commit
    • Adam Langley's avatar
      Prepare for BoringSSL update. · 358bd115
      Adam Langley authored 
      This change tweaks things as needed so that the code will compile
against both the BoringSSL that's currently in Android and a version
from upstream. The BORINGSSL_201509 define is temporary to allow the
switch to happen without breaking the build and a followup change will
remove it.

(cherry picked from commit 9eb9295d)

Change-Id: I3d09b5644661353723803bcbda937d34455849a5
      358bd115
  13. 13 Aug, 2015 2 commits
  15. 12 Aug, 2015 7 commits
  17. 10 Aug, 2015 1 commit
    • Shawn Willden's avatar
      Wrap incomplete keymaster1 implementations with sw keymaster. · 55268b5b
      Shawn Willden authored 
      SoftKeymasteDevice can provide software digesting and padding for
keymaster1 implementations that don't provide all of the required
digests.  This CL modifies keymaster to check for such keymaster1
implementations and add a SoftKeymasterDevice wrapper.

The SoftKeymasterDevice work necessary to make this function would have
required adding an implementation of the keymaster0 API import_keypair
in terms of keymaster1 API calls (import_key).  Rather than do that, I
instead implemented the relevant keystore function directly on the
keymaster1 API.  This approach is cleaner than adding the same code into
the translation layer, and allows removal of the last vestiges of
keymaster0 API usage from keystore.

Bug: 22529223
Change-Id: Ie4c7bba7943a549f35df3086dccea001edb5bb2b
      55268b5b
  19. 05 Aug, 2015 2 commits
  21. 03 Aug, 2015 4 commits
  23. 29 Jul, 2015 2 commits
    • Chad Brubaker's avatar
      Fix unchecked length in Blob creation · b124c9e8
      Chad Brubaker authored 
      Applications can specify arbitrary blobs using insert(), check their
length to prevent overflow issues.

Bug:22802399
Change-Id: I4097bd891c733914df70da5e2c58783081d913bf
      b124c9e8
    • Chad Brubaker's avatar
      Fix unchecked length in Blob creation · 803f37f5
      Chad Brubaker authored 
      Applications can specify arbitrary blobs using insert(), check their
length to prevent overflow issues.

Bug:22802399
Change-Id: I4097bd891c733914df70da5e2c58783081d913bf
      803f37f5
  25. 27 Jul, 2015 1 commit
  27. 17 Jul, 2015 1 commit
    • Chad Brubaker's avatar
      Mark 0 length files as corrupt · a9a17eec
      Chad Brubaker authored 
      Files created by keystore should never be 0 length however a vendor ran
into such a case when testing their keymaster and a side effect of how
keystore parses files leads to these keys being considered encrypted and
ulitmately undeletable.

Now mark 0 length files as corrupt in readKey and when deleting a key if
the key fails to read in because it was corrupt simply rm the file since
it is not possible to feed the key blob to keymaster's delete method.

Bug: 22561219
Change-Id: Ie8c1ffe97d1d89c202cdab7a6b4b5efc914cbbff
      a9a17eec
  29. 01 Jul, 2015 1 commit
  31. 24 Jun, 2015 1 commit
  33. 23 Jun, 2015 4 commits
    • Alex Klyubin's avatar
      Merge "Abort operation pruning only if it fails to make space." into mnc-dev · b913aa57
      Alex Klyubin authored
      b913aa57
    • Alex Klyubin's avatar
      Abort operation pruning only if it fails to make space. · 700c1a35
      Alex Klyubin authored 
      keystore service's begin operation may sometimes encounter a situation
where the underlying device's begin operation fails because of too
many operations in progress. In that case, keystore attempts to prune
the oldest pruneable operation by invoking the underlying device's
abort operation. Regardless of whether the abort operation fails,
keystore then removes the operation from the list of in-progress
prunable operations.

The issue is that when the underlying device's abort operation fails,
keystore fails the begin operation that caused all this prunining.
This is despite the fact that keystore has managed to make space for
one more operation.

The fix is to fail the begin operation only if the pruning attempt
did not make space for a a new operation.

Bug: 22040842
Change-Id: Id98b2c6690de3cfb2a7b1d3bdd10742cc59ecbfa
      700c1a35
    • Alex Klyubin's avatar
      Don't ignore errors from begin operation. · 4e88f9be
      Alex Klyubin authored 
      This fixes a bug introduced by
9221bff2 which invoked authorization
checks after begin operation, while ignoring any errors returned by
that operation. This CL restrores the correct order: authorization
checks are followed by begin operation.

Bug: 22039986
Change-Id: I3516cb120c21b9659289faa5d1ca0225df35a06d
      4e88f9be
    • Alex Klyubin's avatar
      Fully support uint64 key validity dates. · 53752414
      Alex Klyubin authored 
      This fixes the issue where, on 32-bit platforms, keys expiring after
about 2^31 - 1 seconds since epoch (Jan 19 2038) might be treated as
already expired.

The issue was caused by using time_t (signed 32-bit on 32-bit
platforms) as current time and downcasting uint64 activation and
expiration time instants to time_t to compare them to current time.
This downcasting could make future time instants appear to be in the
past on 32-bit platforms.

Bug: 22015107
Change-Id: Iae12019c3c019beb92d791fda80b622fa5c4ac4e
      53752414
  35. 20 Jun, 2015 1 commit
  37. 18 Jun, 2015 2 commits
  39. 17 Jun, 2015 1 commit
  41. 08 Jun, 2015 1 commit
    • Chad Brubaker's avatar
      Rewrite legacy methods in terms of new methods · 3a7d9e62
      Chad Brubaker authored 
      Rewrite generate, import, get_pubkey, sign and verify using the new
keymaster 1.0 methods (generateKey, exportKey, and begin/update/finish).

This also removed DSA support from generate and import.

Change-Id: I6c6baec4aa86325a2b9c171b9883ba5a0b47236e
      3a7d9e62
  43. 04 Jun, 2015 3 commits