Merge "Revert "Keystore 2.0: Add CREATE_DATETIME unconditionally.""

commit: 2843067c5fe293450ba66ede72e876a8a50c4fe0 [log] [tgz]
author: Treehugger Robot <treehugger-gerrit@google.com> Tue Nov 02 19:19:35 2021 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Tue Nov 02 19:19:35 2021 +0000
tree: de2bb1650184db49cdd1c901ce3681a88ea65e0b
parent: 57fdb8b8cc46b25f4f157da601ee00ce1c4666c4 [diff]
parent: 5b8f198fb7307d2551437f1b84876595df1eb396 [diff]
diff --git a/keystore2/src/crypto/error.rs b/keystore2/src/crypto/error.rs
index a369012..c6476f9 100644
--- a/keystore2/src/crypto/error.rs
+++ b/keystore2/src/crypto/error.rs

@@ -13,6 +13,7 @@
 // limitations under the License.
 
 //! This module implements Error for the keystore2_crypto library.
+use crate::zvec;
 
 /// Crypto specific error codes.
 #[derive(Debug, thiserror::Error, Eq, PartialEq)]
@@ -93,4 +94,8 @@
     /// This is returned if the C implementation of extractSubjectFromCertificate failed.
     #[error("Failed to extract certificate subject.")]
     ExtractSubjectFailed,
+
+    /// Zvec error.
+    #[error(transparent)]
+    ZVec(#[from] zvec::Error),
 }

diff --git a/keystore2/src/crypto/lib.rs b/keystore2/src/crypto/lib.rs
index 5f8a2ef..92da965 100644
--- a/keystore2/src/crypto/lib.rs
+++ b/keystore2/src/crypto/lib.rs

@@ -16,7 +16,7 @@
 //! Keystore 2.0.
 
 mod error;
-mod zvec;
+pub mod zvec;
 pub use error::Error;
 use keystore2_crypto_bindgen::{
     extractSubjectFromCertificate, generateKeyFromPassword, randomBytes, AES_gcm_decrypt,

diff --git a/keystore2/src/crypto/zvec.rs b/keystore2/src/crypto/zvec.rs
index 78b474e..5a173c3 100644
--- a/keystore2/src/crypto/zvec.rs
+++ b/keystore2/src/crypto/zvec.rs

@@ -12,7 +12,9 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-use crate::error::Error;
+//! Implements ZVec, a vector that is mlocked during its lifetime and zeroed
+//! when dropped.
+
 use nix::sys::mman::{mlock, munlock};
 use std::convert::TryFrom;
 use std::fmt;
@@ -29,6 +31,14 @@
     len: usize,
 }
 
+/// ZVec specific error codes.
+#[derive(Debug, thiserror::Error, Eq, PartialEq)]
+pub enum Error {
+    /// Underlying libc error.
+    #[error(transparent)]
+    NixError(#[from] nix::Error),
+}
+
 impl ZVec {
     /// Create a ZVec with the given size.
     pub fn new(size: usize) -> Result<Self, Error> {
@@ -48,6 +58,14 @@
             self.len = len;
         }
     }
+
+    /// Attempts to make a clone of the Zvec. This may fail due trying to mlock
+    /// the new memory region.
+    pub fn try_clone(&self) -> Result<Self, Error> {
+        let mut result = Self::new(self.len())?;
+        result[..].copy_from_slice(&self[..]);
+        Ok(result)
+    }
 }
 
 impl Drop for ZVec {
commit	2843067c5fe293450ba66ede72e876a8a50c4fe0	[log] [tgz]
author	Treehugger Robot <treehugger-gerrit@google.com>	Tue Nov 02 19:19:35 2021 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Tue Nov 02 19:19:35 2021 +0000
tree	de2bb1650184db49cdd1c901ce3681a88ea65e0b
parent	57fdb8b8cc46b25f4f157da601ee00ce1c4666c4 [diff]
parent	5b8f198fb7307d2551437f1b84876595df1eb396 [diff]