diff options
author | Shawn Willden <swillden@google.com> | 2016-04-29 23:26:33 +0000 |
---|---|---|
committer | android-build-merger <android-build-merger@google.com> | 2016-04-29 23:26:33 +0000 |
commit | c262f8001fd2cf6c692d9b5d5f97f3dffb17b9f6 (patch) | |
tree | b3ab2929999aa7c11e39f4aa6dc9978e2ac4df80 | |
parent | 4141966fdac510bd95e3d7829223aadd715ce233 (diff) | |
parent | 32fabdcc35dfd138e01e39803b98ecf34a314244 (diff) | |
download | keymaster-c262f8001fd2cf6c692d9b5d5f97f3dffb17b9f6.tar.gz |
Merge "Reject too-large key attestation challenges." into nyc-dev
am: 32fabdcc35
* commit '32fabdcc35dfd138e01e39803b98ecf34a314244':
Reject too-large key attestation challenges.
Change-Id: Iafb41716f5b7006f714648cb06cdbe45d0bf05da
-rw-r--r-- | soft_keymaster_device.cpp | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/soft_keymaster_device.cpp b/soft_keymaster_device.cpp index d6c9e6b..eddbc5d 100644 --- a/soft_keymaster_device.cpp +++ b/soft_keymaster_device.cpp @@ -73,6 +73,7 @@ struct keystore_module soft_keymaster2_device_module = { namespace keymaster { +const size_t kMaximumAttestationChallengeLength = 128; const size_t kOperationTableSize = 16; template <typename T> std::vector<T> make_vector(const T* array, size_t len) { @@ -1060,6 +1061,14 @@ keymaster_error_t SoftKeymasterDevice::attest_key(const keymaster2_device_t* dev request.SetKeyMaterial(*key_to_attest); request.attest_params.Reinitialize(*attest_params); + keymaster_blob_t attestation_challenge = {}; + request.attest_params.GetTagValue(TAG_ATTESTATION_CHALLENGE, &attestation_challenge); + if (attestation_challenge.data_length > kMaximumAttestationChallengeLength) { + LOG_E("%d-byte attestation challenge; only %d bytes allowed", + attestation_challenge.data_length, kMaximumAttestationChallengeLength); + return KM_ERROR_INVALID_INPUT_LENGTH; + } + AttestKeyResponse response; convert_device(dev)->impl_->AttestKey(request, &response); if (response.error != KM_ERROR_OK) |