diff options
| author | Shawn Willden <swillden@google.com> | 2017-12-21 12:35:06 -0700 |
|---|---|---|
| committer | Shawn Willden <swillden@google.com> | 2017-12-21 12:50:57 -0700 |
| commit | fb9b2a455f205710553bbec8944fc9d77b94c80b (patch) | |
| tree | 234191df33d28f25a0a29399efe9c2ad6344e8f8 | |
| parent | b63364f707ba433652be354b6fa91030f72e145d (diff) | |
| download | keymaster-fb9b2a455f205710553bbec8944fc9d77b94c80b.tar.gz | |
Remove libkeymaster_staging.
Everything in libkeymaster_staging needs to be portable, so in
libkeymaster_portable. Some fixes were needed to make it build
without STL.
Test: CTS & VTS
Change-Id: Ida09c962d893594e22d896e213b0d776c6b6b108
| -rw-r--r-- | Android.bp | 87 | ||||
| -rw-r--r-- | km_openssl/iso18033kdf.cpp | 22 | ||||
| -rw-r--r-- | km_openssl/nist_curve_key_exchange.cpp | 22 |
3 files changed, 43 insertions, 88 deletions
@@ -57,16 +57,38 @@ cc_library_shared { enabled: true, }, srcs: [ + "android_keymaster/android_keymaster.cpp", + "android_keymaster/android_keymaster_messages.cpp", + "android_keymaster/android_keymaster_utils.cpp", + "android_keymaster/authorization_set.cpp", + "android_keymaster/keymaster_enforcement.cpp", + "android_keymaster/keymaster_stl.cpp", + "android_keymaster/keymaster_tags.cpp", + "android_keymaster/logger.cpp", + "android_keymaster/operation.cpp", + "android_keymaster/operation_table.cpp", + "android_keymaster/serializable.cpp", + "key_blob_utils/auth_encrypted_key_blob.cpp", + "key_blob_utils/integrity_assured_key_blob.cpp", + "key_blob_utils/ocb.c", + "key_blob_utils/ocb_utils.cpp", + "key_blob_utils/software_keyblobs.cpp", "km_openssl/aes_key.cpp", "km_openssl/aes_operation.cpp", "km_openssl/asymmetric_key.cpp", "km_openssl/asymmetric_key_factory.cpp", "km_openssl/attestation_record.cpp", - "km_openssl/ecdsa_operation.cpp", "km_openssl/ec_key.cpp", "km_openssl/ec_key_factory.cpp", + "km_openssl/ecdsa_operation.cpp", + "km_openssl/ecies_kem.cpp", + "km_openssl/hkdf.cpp", + "km_openssl/hmac.cpp", "km_openssl/hmac_key.cpp", "km_openssl/hmac_operation.cpp", + "km_openssl/iso18033kdf.cpp", + "km_openssl/kdf.cpp", + "km_openssl/nist_curve_key_exchange.cpp", "km_openssl/openssl_err.cpp", "km_openssl/openssl_utils.cpp", "km_openssl/rsa_key.cpp", @@ -74,20 +96,6 @@ cc_library_shared { "km_openssl/rsa_operation.cpp", "km_openssl/software_random_source.cpp", "km_openssl/symmetric_key.cpp", - "android_keymaster/android_keymaster.cpp", - "android_keymaster/android_keymaster_messages.cpp", - "android_keymaster/android_keymaster_utils.cpp", - "android_keymaster/authorization_set.cpp", - "android_keymaster/keymaster_enforcement.cpp", - "android_keymaster/keymaster_tags.cpp", - "android_keymaster/logger.cpp", - "android_keymaster/operation.cpp", - "android_keymaster/operation_table.cpp", - "android_keymaster/serializable.cpp", - "android_keymaster/keymaster_stl.cpp", - "key_blob_utils/auth_encrypted_key_blob.cpp", - "key_blob_utils/ocb.c", - "key_blob_utils/ocb_utils.cpp", ], shared_libs: [ @@ -116,51 +124,6 @@ cc_library_shared { ], export_include_dirs: ["include"], - -} - -// libkeymaster_staging adds to libkeymaster_portable code that is needed by the softkeymaster device -// to implement keymaster. This is sort of a staging area for functionality that may move -// to libkeymaster_portalbe eventually. Unlike libkeymaster_portable, this library can use c++ stl -// headers, but modules should avoid it if they are to be moved to libkeymaster_portable. -cc_library_shared { - name: "libkeymaster_staging", - vendor_available: true, - vndk: { - enabled: true, - }, - srcs: [ - "km_openssl/ecies_kem.cpp", - "km_openssl/hkdf.cpp", - "km_openssl/hmac.cpp", - "km_openssl/iso18033kdf.cpp", - "km_openssl/kdf.cpp", - "km_openssl/nist_curve_key_exchange.cpp", - "key_blob_utils/integrity_assured_key_blob.cpp", - "key_blob_utils/software_keyblobs.cpp", - ], - - shared_libs: [ - "libcrypto", - "libkeymaster_portable", - "libkeymaster_messages", - ], - cflags: [ - "-Wall", - "-Werror", - "-Wunused", - ], - clang: true, - clang_cflags: [ - "-Wno-error=unused-const-variable", - "-Wno-error=unused-private-field", - // TODO(krasin): reenable coverage flags, when the new Clang toolchain is released. - // Currently, if enabled, these flags will cause an internal error in Clang. - "-fno-sanitize-coverage=edge,indirect-calls,8bit-counters,trace-cmp" - ], - - export_include_dirs: ["include"], - } // libsoftkeymaster provides a software-based keymaster HAL implementation. @@ -207,7 +170,6 @@ cc_library { shared_libs: [ "libkeymaster_messages", "libkeymaster_portable", - "libkeymaster_staging", "liblog", "libbase", "libcrypto", @@ -248,7 +210,6 @@ cc_library_shared { shared_libs: [ "libkeymaster_messages", "libkeymaster_portable", - "libkeymaster_staging", "liblog", "libcrypto", "libcutils", @@ -302,7 +263,6 @@ cc_library_shared { "libhidlbase", "libhidltransport", "libkeymaster_portable", - "libkeymaster_staging", "libpuresoftkeymasterdevice", "liblog", "libutils", @@ -345,7 +305,6 @@ cc_library_shared { "libhidlbase", "libhidltransport", "libkeymaster_portable", - "libkeymaster_staging", "libpuresoftkeymasterdevice", "liblog", "libutils", diff --git a/km_openssl/iso18033kdf.cpp b/km_openssl/iso18033kdf.cpp index 0e127fc..5c5f57e 100644 --- a/km_openssl/iso18033kdf.cpp +++ b/km_openssl/iso18033kdf.cpp @@ -28,31 +28,26 @@ inline size_t min(size_t a, size_t b) { bool Iso18033Kdf::GenerateKey(const uint8_t* info, size_t info_len, uint8_t* output, size_t output_len) { - if (!is_initialized_ || output == nullptr) - return false; + if (!is_initialized_ || output == nullptr) return false; /* Check whether output length is too long as specified in ISO/IEC 18033-2. */ - if ((0xFFFFFFFFULL + start_counter_) * digest_size_ < (uint64_t)output_len) - return false; + if ((0xFFFFFFFFULL + start_counter_) * digest_size_ < (uint64_t)output_len) return false; EVP_MD_CTX ctx; EvpMdCtxCleaner ctxCleaner(&ctx); EVP_MD_CTX_init(&ctx); size_t num_blocks = (output_len + digest_size_ - 1) / digest_size_; - UniquePtr<uint8_t[]> counter(new uint8_t[4]); - UniquePtr<uint8_t[]> digest_result(new uint8_t[digest_size_]); - if (counter.get() == nullptr || digest_result.get() == nullptr) - return false; + UniquePtr<uint8_t[]> counter(new (std::nothrow) uint8_t[4]); + UniquePtr<uint8_t[]> digest_result(new (std::nothrow) uint8_t[digest_size_]); + if (!counter.get() || !digest_result.get()) return false; for (size_t block = 0; block < num_blocks; block++) { switch (digest_type_) { case KM_DIGEST_SHA1: - if (!EVP_DigestInit_ex(&ctx, EVP_sha1(), nullptr /* default digest */)) - return false; + if (!EVP_DigestInit_ex(&ctx, EVP_sha1(), nullptr /* default digest */)) return false; break; case KM_DIGEST_SHA_2_256: - if (!EVP_DigestInit_ex(&ctx, EVP_sha256(), nullptr /* default digest */)) - return false; + if (!EVP_DigestInit_ex(&ctx, EVP_sha256(), nullptr /* default digest */)) return false; break; default: return false; @@ -64,8 +59,7 @@ bool Iso18033Kdf::GenerateKey(const uint8_t* info, size_t info_len, uint8_t* out return false; if (info != nullptr && info_len > 0) { - if (!EVP_DigestUpdate(&ctx, info, info_len)) - return false; + if (!EVP_DigestUpdate(&ctx, info, info_len)) return false; } /* OpenSSL does not accept size_t parameter. */ diff --git a/km_openssl/nist_curve_key_exchange.cpp b/km_openssl/nist_curve_key_exchange.cpp index 459b53c..0e1875a 100644 --- a/km_openssl/nist_curve_key_exchange.cpp +++ b/km_openssl/nist_curve_key_exchange.cpp @@ -60,24 +60,25 @@ NistCurveKeyExchange* NistCurveKeyExchange::GenerateKeyExchange(keymaster_ec_cur return nullptr; } keymaster_error_t error; - NistCurveKeyExchange* key_exchange = new NistCurveKeyExchange(key.release(), &error); - if (error != KM_ERROR_OK) { - delete key_exchange; - return nullptr; - } - return key_exchange; + UniquePtr<NistCurveKeyExchange> key_exchange(new (std::nothrow) + NistCurveKeyExchange(key.get(), &error)); + if (!key_exchange.get()) error = KM_ERROR_MEMORY_ALLOCATION_FAILED; + if (error != KM_ERROR_OK) return nullptr; + (void)key.release(); + + return key_exchange.release(); } keymaster_error_t NistCurveKeyExchange::ExtractPublicKey() { const EC_GROUP* group = EC_KEY_get0_group(private_key_.get()); size_t field_len_bits; keymaster_error_t error = ec_get_group_size(group, &field_len_bits); - if (error != KM_ERROR_OK) - return error; + if (error != KM_ERROR_OK) return error; shared_secret_len_ = (field_len_bits + 7) / 8; public_key_len_ = 1 + 2 * shared_secret_len_; - public_key_.reset(new uint8_t[public_key_len_]); + public_key_.reset(new (std::nothrow) uint8_t[public_key_len_]); + if (!public_key_.get()) return KM_ERROR_MEMORY_ALLOCATION_FAILED; if (EC_POINT_point2oct(group, EC_KEY_get0_public_key(private_key_.get()), POINT_CONVERSION_UNCOMPRESSED, public_key_.get(), public_key_len_, nullptr /* ctx */) != public_key_len_) { @@ -107,7 +108,8 @@ bool NistCurveKeyExchange::CalculateSharedKey(const uint8_t* peer_public_value, return false; } - UniquePtr<uint8_t[]> result(new uint8_t[shared_secret_len_]); + UniquePtr<uint8_t[]> result(new (std::nothrow) uint8_t[shared_secret_len_]); + if (!result.get()) return false; if (ECDH_compute_key(result.get(), shared_secret_len_, point.get(), private_key_.get(), nullptr /* kdf */) != static_cast<int>(shared_secret_len_)) { LOG_E("Can't compute ECDH shared key: %d", TranslateLastOpenSslError()); |