Snap for 9841731 from 573f1195ab475dd478e0be7c53d65d01bd9c205c to udc-d1-release

Change-Id: Ic2a4a78e062d8b47c80debd6a57f07418718cef0
author: Android Build Coastguard Worker <android-build-coastguard-worker@google.com> 2023-03-29 03:05:39 +0000
committer: Android Build Coastguard Worker <android-build-coastguard-worker@google.com> 2023-03-29 03:05:39 +0000
commit: d05ed1687f80059a0c3c85f33037ddf6d6edf9dd (patch)
tree: 2e7f55354bd3828031a12edbe68dd06d7de2d207
parent: 5053f084f7c02ace5f24608bc4895b280e717929 (diff)
parent: 573f1195ab475dd478e0be7c53d65d01bd9c205c (diff)
download: keymaster-d05ed1687f80059a0c3c85f33037ddf6d6edf9dd.tar.gz
4 files changed, 51 insertions, 25 deletions
diff --git a/contexts/pure_soft_keymaster_context.cpp b/contexts/pure_soft_keymaster_context.cpp
index 95b1d29..d68ce05 100644
--- a/contexts/pure_soft_keymaster_context.cpp
+++ b/contexts/pure_soft_keymaster_context.cpp
@@ -454,8 +454,10 @@ keymaster::Buffer PureSoftKeymasterContext::GenerateUniqueId(uint64_t creation_d
     // The secret must contain at least 128 bits of entropy and be unique to the individual device"
     const std::vector<uint8_t> fake_hbk = {'M', 'u', 's', 't', 'B', 'e', 'R', 'a',
                                            'n', 'd', 'o', 'm', 'B', 'i', 't', 's'};
-    return keymaster::generate_unique_id(fake_hbk, creation_date_time, application_id,
-                                         reset_since_rotation);
+    Buffer unique_id;
+    *error = keymaster::generate_unique_id(fake_hbk, creation_date_time, application_id,
+                                           reset_since_rotation, &unique_id);
+    return unique_id;
 }
 
 static keymaster_error_t TranslateAuthorizationSetError(AuthorizationSet::Error err) {
diff --git a/fuzzer/Android.bp b/fuzzer/Android.bp
index 7d3cd31..75af40f 100644
--- a/fuzzer/Android.bp
+++ b/fuzzer/Android.bp
@@ -51,6 +51,14 @@ cc_defaults {
             "android-media-fuzzing-reports@google.com",
         ],
         componentid: 533764,
+        hotlists: [
+            "4593311",
+        ],
+        description: "The fuzzer targets the APIs of libkeymaster4",
+        vector: "local_no_privileges_required",
+        service_privilege: "privileged",
+        users: "multi_user",
+        fuzzed_code_usage: "shipped",
     },
 }
 
diff --git a/include/keymaster/km_openssl/attestation_record.h b/include/keymaster/km_openssl/attestation_record.h
index 6a32ebc..35b9956 100644
--- a/include/keymaster/km_openssl/attestation_record.h
+++ b/include/keymaster/km_openssl/attestation_record.h
@@ -350,13 +350,14 @@ keymaster_error_t build_eat_record(const AuthorizationSet& attestation_params,
                                    std::vector<uint8_t>* eat_token);
 
 // Builds the input to HMAC-SHA256 for unique ID generation.
-std::vector<uint8_t> build_unique_id_input(uint64_t creation_date_time,
-                                           const keymaster_blob_t& application_id,
-                                           bool reset_since_rotation);
+keymaster_error_t build_unique_id_input(uint64_t creation_date_time,
+                                        const keymaster_blob_t& application_id,
+                                        bool reset_since_rotation, Buffer* input_data);
 
 // Builds a unique ID of size UNIQUE_ID_SIZE from the given inputs.
-Buffer generate_unique_id(const std::vector<uint8_t>& hbk, uint64_t creation_date_time,
-                          const keymaster_blob_t& application_id, bool reset_since_rotation);
+keymaster_error_t generate_unique_id(const std::vector<uint8_t>& hbk, uint64_t creation_date_time,
+                                     const keymaster_blob_t& application_id,
+                                     bool reset_since_rotation, Buffer* unique_id);
 
 /**
  * Helper functions for attestation record tests. Caller takes ownership of
diff --git a/km_openssl/attestation_record.cpp b/km_openssl/attestation_record.cpp
index 992301c..36cf320 100644
--- a/km_openssl/attestation_record.cpp
+++ b/km_openssl/attestation_record.cpp
@@ -940,32 +940,47 @@ keymaster_error_t build_eat_record(const AuthorizationSet& attestation_params,
     return KM_ERROR_OK;
 }
 
-std::vector<uint8_t> build_unique_id_input(uint64_t creation_date_time,
-                                           const keymaster_blob_t& application_id,
-                                           bool reset_since_rotation) {
+keymaster_error_t build_unique_id_input(uint64_t creation_date_time,
+                                        const keymaster_blob_t& application_id,
+                                        bool reset_since_rotation, Buffer* input_data) {
+    if (input_data == nullptr) {
+        return KM_ERROR_UNEXPECTED_NULL_POINTER;
+    }
     uint64_t rounded_date = creation_date_time / 2592000000LLU;
     uint8_t* serialized_date = reinterpret_cast<uint8_t*>(&rounded_date);
+    uint8_t reset_byte = (reset_since_rotation ? 1 : 0);
 
-    std::vector<uint8_t> input;
-    input.reserve(sizeof(rounded_date) + application_id.data_length + 1);
-    input.insert(input.end(), serialized_date, serialized_date + sizeof(rounded_date));
-    input.insert(input.end(), application_id.data,
-                 application_id.data + application_id.data_length);
-    input.push_back(reset_since_rotation ? 1 : 0);
-    return input;
+    if (!input_data->Reinitialize(sizeof(rounded_date) + application_id.data_length + 1) ||
+        !input_data->write(serialized_date, sizeof(rounded_date)) ||
+        !input_data->write(application_id.data, application_id.data_length) ||
+        !input_data->write(&reset_byte, 1)) {
+        return KM_ERROR_MEMORY_ALLOCATION_FAILED;
+    }
+    return KM_ERROR_OK;
 }
 
-Buffer generate_unique_id(const std::vector<uint8_t>& hbk, uint64_t creation_date_time,
-                          const keymaster_blob_t& application_id, bool reset_since_rotation) {
+keymaster_error_t generate_unique_id(const std::vector<uint8_t>& hbk, uint64_t creation_date_time,
+                                     const keymaster_blob_t& application_id,
+                                     bool reset_since_rotation, Buffer* unique_id) {
+    if (unique_id == nullptr) {
+        return KM_ERROR_UNEXPECTED_NULL_POINTER;
+    }
     HmacSha256 hmac;
     hmac.Init(hbk.data(), hbk.size());
 
-    std::vector<uint8_t> input =
-        build_unique_id_input(creation_date_time, application_id, reset_since_rotation);
-    Buffer unique_id(UNIQUE_ID_SIZE);
-    hmac.Sign(input.data(), input.size(), unique_id.peek_write(), unique_id.available_write());
-    unique_id.advance_write(UNIQUE_ID_SIZE);
-    return unique_id;
+    Buffer input;
+    keymaster_error_t error =
+        build_unique_id_input(creation_date_time, application_id, reset_since_rotation, &input);
+    if (error != KM_ERROR_OK) {
+        return error;
+    }
+    if (!unique_id->Reinitialize(UNIQUE_ID_SIZE)) {
+        return KM_ERROR_MEMORY_ALLOCATION_FAILED;
+    }
+    hmac.Sign(input.peek_read(), input.available_read(), unique_id->peek_write(),
+              unique_id->available_write());
+    unique_id->advance_write(UNIQUE_ID_SIZE);
+    return KM_ERROR_OK;
 }
 
 // Construct an ASN1.1 DER-encoded attestation record containing the values from sw_enforced and
author	Android Build Coastguard Worker <android-build-coastguard-worker@google.com>	2023-03-29 03:05:39 +0000
committer	Android Build Coastguard Worker <android-build-coastguard-worker@google.com>	2023-03-29 03:05:39 +0000
commit	d05ed1687f80059a0c3c85f33037ddf6d6edf9dd (patch)
tree	2e7f55354bd3828031a12edbe68dd06d7de2d207
parent	5053f084f7c02ace5f24608bc4895b280e717929 (diff)
parent	573f1195ab475dd478e0be7c53d65d01bd9c205c (diff)
download	keymaster-d05ed1687f80059a0c3c85f33037ddf6d6edf9dd.tar.gz