| 700c1a35c52798831b8a8d76a042c4650c6d793f |
|
24-Jun-2015 |
Alex Klyubin <klyubin@google.com> |
Abort operation pruning only if it fails to make space.
keystore service's begin operation may sometimes encounter a situation
where the underlying device's begin operation fails because of too
many operations in progress. In that case, keystore attempts to prune
the oldest pruneable operation by invoking the underlying device's
abort operation. Regardless of whether the abort operation fails,
keystore then removes the operation from the list of in-progress
prunable operations.
The issue is that when the underlying device's abort operation fails,
keystore fails the begin operation that caused all this prunining.
This is despite the fact that keystore has managed to make space for
one more operation.
The fix is to fail the begin operation only if the pruning attempt
did not make space for a a new operation.
Bug: 22040842
Change-Id: Id98b2c6690de3cfb2a7b1d3bdd10742cc59ecbfa
/system/security/keystore/operation.cpp
|
| 9221bff2f13451ef330135bb32ea96de2a8b09cc |
|
19-Jun-2015 |
Shawn Willden <swillden@google.com> |
Add keymaster authorization policy enforcement to keystore.
Bug: 19511945
Change-Id: I76c04e8d3253ba490cedac53bbc75943ec68df1d
/system/security/keystore/operation.cpp
|
| b2ffa420da26414379b31807eec76ec8c9f3b0a9 |
|
17-Jun-2015 |
Shawn Willden <swillden@google.com> |
Don't check authorizations for pubkey operations.
Bug: 21877150
Change-Id: I43dafb66fc3246f4d8e3bf4743fbdcbe072468d1
/system/security/keystore/operation.cpp
|
| 999f1b05261837d6571fa4effa357a9af1d8d01a |
|
02-Jun-2015 |
Chad Brubaker <cbrubaker@google.com> |
Fix potential use-after-free in hw auth token handling.
The operation map caches the hw_auth_token used to start the operation
but it was storing the pointer returned by the auth token table and not
the token itself leading to a potential use-after-free if the token was
removed from the table between the operation starting and completeting.
The operation table now stores the auth token itself instead of the
pointer provided by the auth table.
Change-Id: I80fd49655ed98e7879d2caa7f1ae077ff50e0e54
/system/security/keystore/operation.cpp
|
| 0cf34a249c008743cf2e2371743a89f86aa4b03c |
|
23-Apr-2015 |
Chad Brubaker <cbrubaker@google.com> |
Move auth token checking to begin
Auth tokens will now be checked on begin and then used for all
subsequent calls for that operation, this means that things like
auth timeouts will only be checked on begin, and operation that starts
at timeout - .00001 will now be able to be used to completion.
One exception to this is keys that use per operation authorization.
Begin for these operations must succeed so that the application gets a
handle to authorize. For those keys if the application calls update
before authorizing the operation the call will fail. For these keys
begin will return OP_AUTH_NEEDED so let the caller know more work is
needed before using the operation.
(cherry picked from commit aebbfc2ba548064e4f537154bab6ec60dfe4115e)
Change-Id: I3da4f93a076c0ed2d8630ca8cd1608e9bad2c2ff
/system/security/keystore/operation.cpp
|
| ad6514ab7a57504aa3b04bcc383f60940b923710 |
|
09-Apr-2015 |
Chad Brubaker <cbrubaker@google.com> |
Store the key characteristics for operations
Instead of storing the key blob and parsing the characteristics out,
which some implementations might not support, instead call get
characteristics on begin and store that result for subsequent auth
calls.
Change-Id: I75e39ee28cc440e4ed411b2daaa2744085e1aa12
/system/security/keystore/operation.cpp
|
| 06801e0a7ccabbe8f22cff29b7edb7c7d02d7692 |
|
01-Apr-2015 |
Chad Brubaker <cbrubaker@google.com> |
Add auth token fetching
Auth tokens are now fetched from the table in begin update and finish if
needed. Begin will not fail on a missing/expired auth token since some
authorization requires a valid operation handle.
This doesn't yet do any enforcement of the token beyond what the auth
token table does, that should happen in the keymaster auth code when it
is done.
This also includes the key in the operation map since authorization
works based off that and not the handle.
Change-Id: I62a395b74a925b819f4cde75ae3bfab8b8928cd1
/system/security/keystore/operation.cpp
|
| 40a1a9b306d4e3c85b24f80ff39841507cf42357 |
|
20-Feb-2015 |
Chad Brubaker <cbrubaker@google.com> |
Implement keymaster 1.0 crypto operations
Change-Id: I365ea9082e14bccb83018e8ea67a10408362c550
/system/security/keystore/operation.cpp
|