tequilaOS/platform_system_vold
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Use pointers not references for out arguments

Browse source 
Google/Android C++ style requires that arguments passed in for writing
should be pointers, not references, so that it's visible in the caller
that they'll be written to.

Bug: 27566014
Change-Id: I5cd55906cc4b2f61c8b97b223786be0b3ce28862
This commit is contained in:
Paul Crowley 2016-03-08 16:08:32 -08:00
parent 320e5e15b6
commit a051eb7a22
5 changed files with 92 additions and 92 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

86
Ext4Crypt.cpp
View file

@ -127,18 +127,18 @@ static std::string generate_key_ref(const char* key, int length)
return std::string((char*)key_ref2, EXT4_KEY_DESCRIPTOR_SIZE);
}
static bool fill_key(const std::string& key, ext4_encryption_key& ext4_key)
static bool fill_key(const std::string& key, ext4_encryption_key* ext4_key)
{
if (key.size() != EXT4_AES_256_XTS_KEY_SIZE) {
LOG(ERROR) << "Wrong size key " << key.size();
return false;
}
static_assert(EXT4_AES_256_XTS_KEY_SIZE <= sizeof(ext4_key.raw),
static_assert(EXT4_AES_256_XTS_KEY_SIZE <= sizeof(ext4_key->raw),
"Key too long!");
ext4_key.mode = EXT4_ENCRYPTION_MODE_AES_256_XTS;
ext4_key.size = key.size();
memset(ext4_key.raw, 0, sizeof(ext4_key.raw));
memcpy(ext4_key.raw, key.data(), key.size());
ext4_key->mode = EXT4_ENCRYPTION_MODE_AES_256_XTS;
ext4_key->size = key.size();
memset(ext4_key->raw, 0, sizeof(ext4_key->raw));
memcpy(ext4_key->raw, key.data(), key.size());
return true;
}
@ -153,10 +153,10 @@ static std::string keyname(const std::string &raw_ref)
}
// Get the keyring we store all keys in
static bool e4crypt_keyring(key_serial_t& device_keyring)
static bool e4crypt_keyring(key_serial_t* device_keyring)
{
device_keyring = keyctl_search(KEY_SPEC_SESSION_KEYRING, "keyring", "e4crypt", 0);
if (device_keyring == -1) {
*device_keyring = keyctl_search(KEY_SPEC_SESSION_KEYRING, "keyring", "e4crypt", 0);
if (*device_keyring == -1) {
PLOG(ERROR) << "Unable to find device keyring";
return false;
}
@ -165,14 +165,14 @@ static bool e4crypt_keyring(key_serial_t& device_keyring)
// Install password into global keyring
// Return raw key reference for use in policy
static bool install_key(const std::string &key, std::string &raw_ref)
static bool install_key(const std::string &key, std::string *raw_ref)
{
ext4_encryption_key ext4_key;
if (!fill_key(key, ext4_key)) return false;
raw_ref = generate_key_ref(ext4_key.raw, ext4_key.size);
auto ref = keyname(raw_ref);
if (!fill_key(key, &ext4_key)) return false;
*raw_ref = generate_key_ref(ext4_key.raw, ext4_key.size);
auto ref = keyname(*raw_ref);
key_serial_t device_keyring;
if (!e4crypt_keyring(device_keyring)) return false;
if (!e4crypt_keyring(&device_keyring)) return false;
key_serial_t key_id = add_key("logon", ref.c_str(),
(void*)&ext4_key, sizeof(ext4_key),
device_keyring);
@ -198,9 +198,9 @@ static bool read_and_install_user_ce_key(
if (s_ce_key_raw_refs.count(user_id) != 0) return true;
const auto ce_key_path = get_ce_key_path(user_id);
std::string ce_key;
if (!android::vold::retrieveKey(ce_key_path, auth, ce_key)) return false;
if (!android::vold::retrieveKey(ce_key_path, auth, &ce_key)) return false;
std::string ce_raw_ref;
if (!install_key(ce_key, ce_raw_ref)) return false;
if (!install_key(ce_key, &ce_raw_ref)) return false;
s_ce_keys[user_id] = ce_key;
s_ce_key_raw_refs[user_id] = ce_raw_ref;
LOG(DEBUG) << "Installed ce key for user " << user_id;
@ -216,8 +216,8 @@ static bool prepare_dir(const std::string &dir, mode_t mode, uid_t uid, gid_t gi
return true;
}
static bool random_key(std::string &key) {
if (android::vold::ReadRandomBytes(EXT4_AES_256_XTS_KEY_SIZE, key) != 0) {
static bool random_key(std::string *key) {
if (android::vold::ReadRandomBytes(EXT4_AES_256_XTS_KEY_SIZE, *key) != 0) {
// TODO status_t plays badly with PLOG, fix it.
LOG(ERROR) << "Random read failed";
return false;
@ -251,8 +251,8 @@ static bool store_key(const std::string &key_path, const std::string &tmp_path,
static bool create_and_install_user_keys(userid_t user_id, bool create_ephemeral) {
std::string de_key, ce_key;
if (!random_key(de_key)) return false;
if (!random_key(ce_key)) return false;
if (!random_key(&de_key)) return false;
if (!random_key(&ce_key)) return false;
if (create_ephemeral) {
// If the key should be created as ephemeral, don't store it.
s_ephemeral_users.insert(user_id);
@ -265,10 +265,10 @@ static bool create_and_install_user_keys(userid_t user_id, bool create_ephemeral
kEmptyAuthentication, ce_key)) return false;
}
std::string de_raw_ref;
if (!install_key(de_key, de_raw_ref)) return false;
if (!install_key(de_key, &de_raw_ref)) return false;
s_de_key_raw_refs[user_id] = de_raw_ref;
std::string ce_raw_ref;
if (!install_key(ce_key, ce_raw_ref)) return false;
if (!install_key(ce_key, &ce_raw_ref)) return false;
s_ce_keys[user_id] = ce_key;
s_ce_key_raw_refs[user_id] = ce_raw_ref;
LOG(DEBUG) << "Created keys for user " << user_id;
@ -276,13 +276,13 @@ static bool create_and_install_user_keys(userid_t user_id, bool create_ephemeral
}
static bool lookup_key_ref(const std::map<userid_t, std::string> &key_map,
userid_t user_id, std::string &raw_ref) {
userid_t user_id, std::string *raw_ref) {
auto refi = key_map.find(user_id);
if (refi == key_map.end()) {
LOG(ERROR) << "Cannot find key for " << user_id;
return false;
}
raw_ref = refi->second;
*raw_ref = refi->second;
return true;
}
@ -327,9 +327,9 @@ static bool load_all_de_keys() {
if (s_de_key_raw_refs.count(user_id) == 0) {
auto key_path = de_dir + "/" + entry->d_name;
std::string key;
if (!android::vold::retrieveKey(key_path, kEmptyAuthentication, key)) return false;
if (!android::vold::retrieveKey(key_path, kEmptyAuthentication, &key)) return false;
std::string raw_ref;
if (!install_key(key, raw_ref)) return false;
if (!install_key(key, &raw_ref)) return false;
s_de_key_raw_refs[user_id] = raw_ref;
LOG(DEBUG) << "Installed de key for user " << user_id;
}
@ -351,16 +351,16 @@ bool e4crypt_initialize_global_de()
std::string device_key;
if (path_exists(device_key_path)) {
if (!android::vold::retrieveKey(device_key_path,
kEmptyAuthentication, device_key)) return false;
kEmptyAuthentication, &device_key)) return false;
} else {
LOG(INFO) << "Creating new key";
if (!random_key(device_key)) return false;
if (!random_key(&device_key)) return false;
if (!store_key(device_key_path, device_key_temp,
kEmptyAuthentication, device_key)) return false;
}
std::string device_key_ref;
if (!install_key(device_key, device_key_ref)) {
if (!install_key(device_key, &device_key_ref)) {
LOG(ERROR) << "Failed to install device key";
return false;
}
@ -434,7 +434,7 @@ bool e4crypt_vold_create_user_key(userid_t user_id, int serial, bool ephemeral)
static bool evict_key(const std::string &raw_ref) {
auto ref = keyname(raw_ref);
key_serial_t device_keyring;
if (!e4crypt_keyring(device_keyring)) return false;
if (!e4crypt_keyring(&device_keyring)) return false;
auto key_serial = keyctl_search(device_keyring, "logon", ref.c_str(), 0);
if (keyctl_revoke(key_serial) != 0) {
PLOG(ERROR) << "Failed to revoke key with serial " << key_serial << " ref " << ref;
@ -452,9 +452,9 @@ bool e4crypt_destroy_user_key(userid_t user_id) {
bool success = true;
s_ce_keys.erase(user_id);
std::string raw_ref;
success &= lookup_key_ref(s_ce_key_raw_refs, user_id, raw_ref) && evict_key(raw_ref);
success &= lookup_key_ref(s_ce_key_raw_refs, user_id, &raw_ref) && evict_key(raw_ref);
s_ce_key_raw_refs.erase(user_id);
success &= lookup_key_ref(s_de_key_raw_refs, user_id, raw_ref) && evict_key(raw_ref);
success &= lookup_key_ref(s_de_key_raw_refs, user_id, &raw_ref) && evict_key(raw_ref);
s_de_key_raw_refs.erase(user_id);
auto it = s_ephemeral_users.find(user_id);
if (it != s_ephemeral_users.end()) {
@ -496,12 +496,12 @@ static bool emulated_unlock(const std::string& path, mode_t mode) {
return true;
}
static bool parse_hex(const char *hex, std::string &result) {
static bool parse_hex(const char *hex, std::string *result) {
if (strcmp("!", hex) == 0) {
result = "";
*result = "";
return true;
}
if (android::vold::HexToStr(hex, result) != 0) {
if (android::vold::HexToStr(hex, *result) != 0) {
LOG(ERROR) << "Invalid FBE hex string"; // Don't log the string for security reasons
return false;
}
@ -515,9 +515,9 @@ bool e4crypt_change_user_key(userid_t user_id, int serial,
if (!e4crypt_is_native()) return true;
if (s_ephemeral_users.count(user_id) != 0) return true;
std::string token, old_secret, new_secret;
if (!parse_hex(token_hex, token)) return false;
if (!parse_hex(old_secret_hex, old_secret)) return false;
if (!parse_hex(new_secret_hex, new_secret)) return false;
if (!parse_hex(token_hex, &token)) return false;
if (!parse_hex(old_secret_hex, &old_secret)) return false;
if (!parse_hex(new_secret_hex, &new_secret)) return false;
auto old_auth = old_secret.empty()
? kEmptyAuthentication
: android::vold::KeyAuthentication(token, old_secret);
@ -532,7 +532,7 @@ bool e4crypt_change_user_key(userid_t user_id, int serial,
auto ce_key = it->second;
auto ce_key_path = get_ce_key_path(user_id);
std::string trial_key;
if (!android::vold::retrieveKey(ce_key_path, old_auth, trial_key)) {
if (!android::vold::retrieveKey(ce_key_path, old_auth, &trial_key)) {
LOG(WARNING) << "change_user_key wasn't given enough info to reconstruct the key";
} else if (ce_key != trial_key) {
LOG(WARNING) << "Reconstructed key != stored key";
@ -553,8 +553,8 @@ bool e4crypt_unlock_user_key(userid_t user_id, int serial,
return true;
}
std::string token, secret;
if (!parse_hex(token_hex, token)) return false;
if (!parse_hex(secret_hex, secret)) return false;
if (!parse_hex(token_hex, &token)) return false;
if (!parse_hex(secret_hex, &secret)) return false;
android::vold::KeyAuthentication auth(token, secret);
if (!read_and_install_user_ce_key(user_id, auth)) {
LOG(ERROR) << "Couldn't read key for " << user_id;
@ -621,7 +621,7 @@ bool e4crypt_prepare_user_storage(const char* volume_uuid, userid_t user_id,
if (e4crypt_is_native()) {
std::string de_raw_ref;
if (!lookup_key_ref(s_de_key_raw_refs, user_id, de_raw_ref)) return false;
if (!lookup_key_ref(s_de_key_raw_refs, user_id, &de_raw_ref)) return false;
if (!ensure_policy(de_raw_ref, system_de_path)) return false;
if (!ensure_policy(de_raw_ref, misc_de_path)) return false;
if (!ensure_policy(de_raw_ref, user_de_path)) return false;
@ -643,7 +643,7 @@ bool e4crypt_prepare_user_storage(const char* volume_uuid, userid_t user_id,
if (e4crypt_is_native()) {
std::string ce_raw_ref;
if (!lookup_key_ref(s_ce_key_raw_refs, user_id, ce_raw_ref)) return false;
if (!lookup_key_ref(s_ce_key_raw_refs, user_id, &ce_raw_ref)) return false;
if (!ensure_policy(ce_raw_ref, system_ce_path)) return false;
if (!ensure_policy(ce_raw_ref, misc_ce_path)) return false;
if (!ensure_policy(ce_raw_ref, media_ce_path)) return false;

64
KeyStorage.cpp
View file

@ -97,13 +97,13 @@ static std::string hashSecdiscardable(const std::string &secdiscardable) {
static bool generateKeymasterKey(Keymaster &keymaster,
const KeyAuthentication &auth, const std::string &appId,
std::string &key) {
std::string *key) {
auto paramBuilder = keymaster::AuthorizationSetBuilder()
.AesEncryptionKey(AES_KEY_BYTES * 8)
.Authorization(keymaster::TAG_BLOCK_MODE, KM_MODE_GCM)
.Authorization(keymaster::TAG_MIN_MAC_LENGTH, GCM_MAC_BYTES * 8)
.Authorization(keymaster::TAG_PADDING, KM_PAD_NONE);
addStringParam(paramBuilder, keymaster::TAG_APPLICATION_ID, appId);
addStringParam(&paramBuilder, keymaster::TAG_APPLICATION_ID, appId);
if (auth.token.empty()) {
LOG(DEBUG) << "Creating key that doesn't need auth token";
paramBuilder.Authorization(keymaster::TAG_NO_AUTH_REQUIRED);
@ -128,10 +128,10 @@ static keymaster::AuthorizationSetBuilder beginParams(
.Authorization(keymaster::TAG_BLOCK_MODE, KM_MODE_GCM)
.Authorization(keymaster::TAG_MAC_LENGTH, GCM_MAC_BYTES * 8)
.Authorization(keymaster::TAG_PADDING, KM_PAD_NONE);
addStringParam(paramBuilder, keymaster::TAG_APPLICATION_ID, appId);
addStringParam(&paramBuilder, keymaster::TAG_APPLICATION_ID, appId);
if (!auth.token.empty()) {
LOG(DEBUG) << "Supplying auth token to Keymaster";
addStringParam(paramBuilder, keymaster::TAG_AUTH_TOKEN, auth.token);
addStringParam(&paramBuilder, keymaster::TAG_AUTH_TOKEN, auth.token);
}
return paramBuilder;
}
@ -142,10 +142,10 @@ static bool encryptWithKeymasterKey(
const KeyAuthentication &auth,
const std::string &appId,
const std::string &message,
std::string &ciphertext) {
std::string *ciphertext) {
auto params = beginParams(auth, appId).build();
keymaster::AuthorizationSet outParams;
auto opHandle = keymaster.begin(KM_PURPOSE_ENCRYPT, key, params, outParams);
auto opHandle = keymaster.begin(KM_PURPOSE_ENCRYPT, key, params, &outParams);
if (!opHandle) return false;
keymaster_blob_t nonceBlob;
if (!outParams.GetTagValue(keymaster::TAG_NONCE, &nonceBlob)) {
@ -156,12 +156,12 @@ static bool encryptWithKeymasterKey(
std::string nonce(reinterpret_cast<const char *>(nonceBlob.data), nonceBlob.data_length);
if (!checkSize("nonce", nonce.size(), GCM_NONCE_BYTES)) return false;
std::string body;
if (!opHandle.updateCompletely(message, body)) return false;
if (!opHandle.updateCompletely(message, &body)) return false;
std::string mac;
if (!opHandle.finishWithOutput(mac)) return false;
if (!opHandle.finishWithOutput(&mac)) return false;
if (!checkSize("mac", mac.size(), GCM_MAC_BYTES)) return false;
ciphertext = nonce + body + mac;
*ciphertext = nonce + body + mac;
return true;
}
@ -171,7 +171,7 @@ static bool decryptWithKeymasterKey(
const KeyAuthentication &auth,
const std::string &appId,
const std::string &ciphertext,
std::string &message) {
std::string *message) {
auto nonce = ciphertext.substr(0, GCM_NONCE_BYTES);
auto bodyAndMac = ciphertext.substr(GCM_NONCE_BYTES);
auto params = addStringParam(beginParams(auth, appId), keymaster::TAG_NONCE, nonce).build();
@ -182,8 +182,8 @@ static bool decryptWithKeymasterKey(
return true;
}
static bool readFileToString(const std::string &filename, std::string &result) {
if (!android::base::ReadFileToString(filename, &result)) {
static bool readFileToString(const std::string &filename, std::string *result) {
if (!android::base::ReadFileToString(filename, result)) {
PLOG(ERROR) << "Failed to read from " << filename;
return false;
}
@ -210,15 +210,15 @@ static bool stretchingNeedsSalt(const std::string &stretching) {
}
static bool stretchSecret(const std::string &stretching, const std::string &secret,
const std::string &salt, std::string &stretched) {
const std::string &salt, std::string *stretched) {
if (stretching == kStretch_nopassword) {
if (!secret.empty()) {
LOG(WARNING) << "Password present but stretching is nopassword";
// Continue anyway
}
stretched.clear();
stretched->clear();
} else if (stretching == kStretch_none) {
stretched = secret;
*stretched = secret;
} else if (std::equal(kStretchPrefix_scrypt.begin(),
kStretchPrefix_scrypt.end(), stretching.begin())) {
int Nf, rf, pf;
@ -227,12 +227,12 @@ static bool stretchSecret(const std::string &stretching, const std::string &secr
LOG(ERROR) << "Unable to parse scrypt params in stretching: " << stretching;
return false;
}
stretched.assign(STRETCHED_BYTES, '\0');
stretched->assign(STRETCHED_BYTES, '\0');
if (crypto_scrypt(
reinterpret_cast<const uint8_t *>(secret.data()), secret.size(),
reinterpret_cast<const uint8_t *>(salt.data()), salt.size(),
1 << Nf, 1 << rf, 1 << pf,
reinterpret_cast<uint8_t *>(&stretched[0]), stretched.size()) != 0) {
reinterpret_cast<uint8_t *>(&(*stretched)[0]), stretched->size()) != 0) {
LOG(ERROR) << "scrypt failed with params: " << stretching;
return false;
}
@ -245,10 +245,10 @@ static bool stretchSecret(const std::string &stretching, const std::string &secr
static bool generateAppId(const KeyAuthentication &auth, const std::string &stretching,
const std::string &salt, const std::string &secdiscardable,
std::string& result) {
std::string* appId) {
std::string stretched;
if (!stretchSecret(stretching, auth.secret, salt, stretched)) return false;
result = hashSecdiscardable(secdiscardable) + stretched;
if (!stretchSecret(stretching, auth.secret, salt, &stretched)) return false;
*appId = hashSecdiscardable(secdiscardable) + stretched;
return true;
}
@ -276,39 +276,39 @@ bool storeKey(const std::string &dir, const KeyAuthentication &auth, const std::
if (!writeStringToFile(salt, dir + "/" + kFn_salt)) return false;
}
std::string appId;
if (!generateAppId(auth, stretching, salt, secdiscardable, appId)) return false;
if (!generateAppId(auth, stretching, salt, secdiscardable, &appId)) return false;
Keymaster keymaster;
if (!keymaster) return false;
std::string kmKey;
if (!generateKeymasterKey(keymaster, auth, appId, kmKey)) return false;
if (!generateKeymasterKey(keymaster, auth, appId, &kmKey)) return false;
if (!writeStringToFile(kmKey, dir + "/" + kFn_keymaster_key_blob)) return false;
std::string encryptedKey;
if (!encryptWithKeymasterKey(keymaster, kmKey, auth, appId, key, encryptedKey)) return false;
if (!encryptWithKeymasterKey(keymaster, kmKey, auth, appId, key, &encryptedKey)) return false;
if (!writeStringToFile(encryptedKey, dir + "/" + kFn_encrypted_key)) return false;
return true;
}
bool retrieveKey(const std::string &dir, const KeyAuthentication &auth, std::string &key) {
bool retrieveKey(const std::string &dir, const KeyAuthentication &auth, std::string *key) {
std::string version;
if (!readFileToString(dir + "/" + kFn_version, version)) return false;
if (!readFileToString(dir + "/" + kFn_version, &version)) return false;
if (version != kCurrentVersion) {
LOG(ERROR) << "Version mismatch, expected " << kCurrentVersion << " got " << version;
return false;
}
std::string secdiscardable;
if (!readFileToString(dir + "/" + kFn_secdiscardable, secdiscardable)) return false;
if (!readFileToString(dir + "/" + kFn_secdiscardable, &secdiscardable)) return false;
std::string stretching;
if (!readFileToString(dir + "/" + kFn_stretching, stretching)) return false;
if (!readFileToString(dir + "/" + kFn_stretching, &stretching)) return false;
std::string salt;
if (stretchingNeedsSalt(stretching)) {
if (!readFileToString(dir + "/" + kFn_salt, salt)) return false;
if (!readFileToString(dir + "/" + kFn_salt, &salt)) return false;
}
std::string appId;
if (!generateAppId(auth, stretching, salt, secdiscardable, appId)) return false;
if (!generateAppId(auth, stretching, salt, secdiscardable, &appId)) return false;
std::string kmKey;
if (!readFileToString(dir + "/" + kFn_keymaster_key_blob, kmKey)) return false;
if (!readFileToString(dir + "/" + kFn_keymaster_key_blob, &kmKey)) return false;
std::string encryptedMessage;
if (!readFileToString(dir + "/" + kFn_encrypted_key, encryptedMessage)) return false;
if (!readFileToString(dir + "/" + kFn_encrypted_key, &encryptedMessage)) return false;
Keymaster keymaster;
if (!keymaster) return false;
return decryptWithKeymasterKey(keymaster, kmKey, auth, appId, encryptedMessage, key);
@ -316,7 +316,7 @@ bool retrieveKey(const std::string &dir, const KeyAuthentication &auth, std::str
static bool deleteKey(const std::string &dir) {
std::string kmKey;
if (!readFileToString(dir + "/" + kFn_keymaster_key_blob, kmKey)) return false;
if (!readFileToString(dir + "/" + kFn_keymaster_key_blob, &kmKey)) return false;
Keymaster keymaster;
if (!keymaster) return false;
if (!keymaster.deleteKey(kmKey)) return false;

2
KeyStorage.h
View file

@ -42,7 +42,7 @@ extern const KeyAuthentication kEmptyAuthentication;
bool storeKey(const std::string &dir, const KeyAuthentication &auth, const std::string &key);
// Retrieve the key from the named directory.
bool retrieveKey(const std::string &dir, const KeyAuthentication &auth, std::string &key);
bool retrieveKey(const std::string &dir, const KeyAuthentication &auth, std::string *key);
// Securely destroy the key stored in the named directory and delete the directory.
bool destroyKey(const std::string &dir);

20
Keymaster.cpp
View file

@ -23,8 +23,8 @@ namespace vold {
bool KeymasterOperation::updateCompletely(
const std::string &input,
std::string &output) {
output.clear();
std::string *output) {
output->clear();
auto it = input.begin();
while (it != input.end()) {
size_t toRead = static_cast<size_t>(input.end() - it);
@ -38,7 +38,7 @@ bool KeymasterOperation::updateCompletely(
mDevice = nullptr;
return false;
}
output.append(reinterpret_cast<const char *>(outputBlob.data), outputBlob.data_length);
output->append(reinterpret_cast<const char *>(outputBlob.data), outputBlob.data_length);
free(const_cast<uint8_t *>(outputBlob.data));
if (inputConsumed > toRead) {
LOG(ERROR) << "update reported too much input consumed";
@ -61,7 +61,7 @@ bool KeymasterOperation::finish() {
return true;
}
bool KeymasterOperation::finishWithOutput(std::string &output) {
bool KeymasterOperation::finishWithOutput(std::string *output) {
keymaster_blob_t outputBlob;
auto error = mDevice->finish(mDevice, mOpHandle,
nullptr, nullptr, nullptr, &outputBlob);
@ -70,7 +70,7 @@ bool KeymasterOperation::finishWithOutput(std::string &output) {
LOG(ERROR) << "finish failed, code " << error;
return false;
}
output.assign(reinterpret_cast<const char *>(outputBlob.data), outputBlob.data_length);
output->assign(reinterpret_cast<const char *>(outputBlob.data), outputBlob.data_length);
free(const_cast<uint8_t *>(outputBlob.data));
return true;
}
@ -98,14 +98,14 @@ Keymaster::Keymaster() {
bool Keymaster::generateKey(
const keymaster::AuthorizationSet &inParams,
std::string &key) {
std::string *key) {
keymaster_key_blob_t keyBlob;
auto error = mDevice->generate_key(mDevice, &inParams, &keyBlob, nullptr);
if (error != KM_ERROR_OK) {
LOG(ERROR) << "generate_key failed, code " << error;
return false;
}
key.assign(reinterpret_cast<const char *>(keyBlob.key_material), keyBlob.key_material_size);
key->assign(reinterpret_cast<const char *>(keyBlob.key_material), keyBlob.key_material_size);
free(const_cast<uint8_t *>(keyBlob.key_material));
return true;
}
@ -125,7 +125,7 @@ KeymasterOperation Keymaster::begin(
keymaster_purpose_t purpose,
const std::string &key,
const keymaster::AuthorizationSet &inParams,
keymaster::AuthorizationSet &outParams) {
keymaster::AuthorizationSet *outParams) {
keymaster_key_blob_t keyBlob { reinterpret_cast<const uint8_t *>(key.data()), key.size() };
keymaster_operation_handle_t mOpHandle;
keymaster_key_param_set_t outParams_set;
@ -135,8 +135,8 @@ KeymasterOperation Keymaster::begin(
LOG(ERROR) << "begin failed, code " << error;
return KeymasterOperation(nullptr, mOpHandle);
}
outParams.Clear();
outParams.push_back(outParams_set);
outParams->Clear();
outParams->push_back(outParams_set);
keymaster_free_param_set(&outParams_set);
return KeymasterOperation(mDevice, mOpHandle);
}

12
Keymaster.h
View file

@ -45,11 +45,11 @@ public:
explicit operator bool() {return mDevice != nullptr;}
// Call "update" repeatedly until all of the input is consumed, and
// concatenate the output. Return true on success.
bool updateCompletely(const std::string &input, std::string &output);
bool updateCompletely(const std::string &input, std::string *output);
// Finish; pass nullptr for the "output" param.
bool finish();
// Finish and write the output to this string.
bool finishWithOutput(std::string &output);
bool finishWithOutput(std::string *output);
// Move constructor
KeymasterOperation(KeymasterOperation&& rhs) {
mOpHandle = rhs.mOpHandle;
@ -74,7 +74,7 @@ public:
// false if we failed to open the keymaster device.
explicit operator bool() {return mDevice != nullptr;}
// Generate a key in the keymaster from the given params.
bool generateKey(const AuthorizationSet &inParams, std::string &key);
bool generateKey(const AuthorizationSet &inParams, std::string *key);
// If the keymaster supports it, permanently delete a key.
bool deleteKey(const std::string &key);
// Begin a new cryptographic operation, collecting output parameters.
@ -82,7 +82,7 @@ public:
keymaster_purpose_t purpose,
const std::string &key,
const AuthorizationSet &inParams,
AuthorizationSet &outParams);
AuthorizationSet *outParams);
// Begin a new cryptographic operation; don't collect output parameters.
KeymasterOperation begin(
keymaster_purpose_t purpose,
@ -100,9 +100,9 @@ inline AuthorizationSetBuilder& addStringParam(AuthorizationSetBuilder &&params,
}
template <keymaster_tag_t Tag>
inline void addStringParam(AuthorizationSetBuilder &params,
inline void addStringParam(AuthorizationSetBuilder *params,
TypedTag<KM_BYTES, Tag> tag, const std::string& val) {
params.Authorization(tag, val.data(), val.size());
params->Authorization(tag, val.data(), val.size());
}
} // namespace vold