Skip to content

GitLab

Switch branch/tag
  1. 13 Aug, 2015 1 commit
  3. 12 Aug, 2015 7 commits
  5. 05 Aug, 2015 2 commits
  7. 03 Aug, 2015 4 commits
  9. 29 Jul, 2015 2 commits
    • Chad Brubaker's avatar
      Fix unchecked length in Blob creation · b124c9e8
      Chad Brubaker authored 
      Applications can specify arbitrary blobs using insert(), check their
length to prevent overflow issues.

Bug:22802399
Change-Id: I4097bd891c733914df70da5e2c58783081d913bf
      b124c9e8
    • Chad Brubaker's avatar
      Fix unchecked length in Blob creation · 803f37f5
      Chad Brubaker authored 
      Applications can specify arbitrary blobs using insert(), check their
length to prevent overflow issues.

Bug:22802399
Change-Id: I4097bd891c733914df70da5e2c58783081d913bf
      803f37f5
  11. 27 Jul, 2015 1 commit
  13. 17 Jul, 2015 1 commit
    • Chad Brubaker's avatar
      Mark 0 length files as corrupt · a9a17eec
      Chad Brubaker authored 
      Files created by keystore should never be 0 length however a vendor ran
into such a case when testing their keymaster and a side effect of how
keystore parses files leads to these keys being considered encrypted and
ulitmately undeletable.

Now mark 0 length files as corrupt in readKey and when deleting a key if
the key fails to read in because it was corrupt simply rm the file since
it is not possible to feed the key blob to keymaster's delete method.

Bug: 22561219
Change-Id: Ie8c1ffe97d1d89c202cdab7a6b4b5efc914cbbff
      a9a17eec
  15. 01 Jul, 2015 1 commit
  17. 24 Jun, 2015 1 commit
  19. 23 Jun, 2015 4 commits
    • Alex Klyubin's avatar
      Merge "Abort operation pruning only if it fails to make space." into mnc-dev · b913aa57
      Alex Klyubin authored
      b913aa57
    • Alex Klyubin's avatar
      Abort operation pruning only if it fails to make space. · 700c1a35
      Alex Klyubin authored 
      keystore service's begin operation may sometimes encounter a situation
where the underlying device's begin operation fails because of too
many operations in progress. In that case, keystore attempts to prune
the oldest pruneable operation by invoking the underlying device's
abort operation. Regardless of whether the abort operation fails,
keystore then removes the operation from the list of in-progress
prunable operations.

The issue is that when the underlying device's abort operation fails,
keystore fails the begin operation that caused all this prunining.
This is despite the fact that keystore has managed to make space for
one more operation.

The fix is to fail the begin operation only if the pruning attempt
did not make space for a a new operation.

Bug: 22040842
Change-Id: Id98b2c6690de3cfb2a7b1d3bdd10742cc59ecbfa
      700c1a35
    • Alex Klyubin's avatar
      Don't ignore errors from begin operation. · 4e88f9be
      Alex Klyubin authored 
      This fixes a bug introduced by
9221bff2 which invoked authorization
checks after begin operation, while ignoring any errors returned by
that operation. This CL restrores the correct order: authorization
checks are followed by begin operation.

Bug: 22039986
Change-Id: I3516cb120c21b9659289faa5d1ca0225df35a06d
      4e88f9be
    • Alex Klyubin's avatar
      Fully support uint64 key validity dates. · 53752414
      Alex Klyubin authored 
      This fixes the issue where, on 32-bit platforms, keys expiring after
about 2^31 - 1 seconds since epoch (Jan 19 2038) might be treated as
already expired.

The issue was caused by using time_t (signed 32-bit on 32-bit
platforms) as current time and downcasting uint64 activation and
expiration time instants to time_t to compare them to current time.
This downcasting could make future time instants appear to be in the
past on 32-bit platforms.

Bug: 22015107
Change-Id: Iae12019c3c019beb92d791fda80b622fa5c4ac4e
      53752414
  21. 20 Jun, 2015 1 commit
  23. 18 Jun, 2015 2 commits
  25. 17 Jun, 2015 1 commit
  27. 08 Jun, 2015 1 commit
    • Chad Brubaker's avatar
      Rewrite legacy methods in terms of new methods · 3a7d9e62
      Chad Brubaker authored 
      Rewrite generate, import, get_pubkey, sign and verify using the new
keymaster 1.0 methods (generateKey, exportKey, and begin/update/finish).

This also removed DSA support from generate and import.

Change-Id: I6c6baec4aa86325a2b9c171b9883ba5a0b47236e
      3a7d9e62
  29. 04 Jun, 2015 3 commits
  31. 03 Jun, 2015 3 commits
  33. 02 Jun, 2015 1 commit
  35. 01 Jun, 2015 1 commit
    • Chad Brubaker's avatar
      Use keymaster adapter to support older devices · bd07a239
      Chad Brubaker authored 
      The keymaster adapter wraps the hardware module to allow keystore to
call the new keymaster methods on it and continue using old keys created
by that device with the new methods.

Change-Id: Ica08d81c3707023d378ad5fe6562dc642f58ca90
      bd07a239
  37. 28 May, 2015 1 commit
  39. 23 May, 2015 1 commit
  41. 19 May, 2015 1 commit