diff options
Diffstat (limited to 'km_openssl')
-rw-r--r-- | km_openssl/aes_key.cpp | 5 | ||||
-rw-r--r-- | km_openssl/asymmetric_key_factory.cpp | 7 | ||||
-rw-r--r-- | km_openssl/attestation_record.cpp | 68 | ||||
-rw-r--r-- | km_openssl/attestation_utils.cpp | 8 | ||||
-rw-r--r-- | km_openssl/block_cipher_operation.cpp | 7 | ||||
-rw-r--r-- | km_openssl/block_cipher_operation.h | 6 | ||||
-rw-r--r-- | km_openssl/certificate_utils.cpp | 15 | ||||
-rw-r--r-- | km_openssl/ec_key_factory.cpp | 28 | ||||
-rw-r--r-- | km_openssl/ecdh_operation.cpp | 14 | ||||
-rw-r--r-- | km_openssl/hmac_key.cpp | 5 | ||||
-rw-r--r-- | km_openssl/hmac_operation.cpp | 6 | ||||
-rw-r--r-- | km_openssl/openssl_utils.cpp | 8 | ||||
-rw-r--r-- | km_openssl/rsa_key_factory.cpp | 12 | ||||
-rw-r--r-- | km_openssl/rsa_operation.cpp | 6 | ||||
-rw-r--r-- | km_openssl/soft_keymaster_enforcement.cpp | 8 | ||||
-rw-r--r-- | km_openssl/symmetric_key.cpp | 6 | ||||
-rw-r--r-- | km_openssl/triple_des_key.cpp | 5 |
17 files changed, 142 insertions, 72 deletions
diff --git a/km_openssl/aes_key.cpp b/km_openssl/aes_key.cpp index 5df9e9e..04fa087 100644 --- a/km_openssl/aes_key.cpp +++ b/km_openssl/aes_key.cpp @@ -16,6 +16,8 @@ #include <keymaster/km_openssl/aes_key.h> +#include <utility> + #include <assert.h> #include <openssl/err.h> @@ -60,7 +62,8 @@ keymaster_error_t AesKeyFactory::LoadKey(KeymasterKeyBlob&& key_material, keymaster_error_t error = KM_ERROR_OK; key->reset(new (std::nothrow) - AesKey(move(key_material), move(hw_enforced), move(sw_enforced), this)); + AesKey(std::move(key_material), std::move(hw_enforced), std::move(sw_enforced), + this)); if (!key->get()) error = KM_ERROR_MEMORY_ALLOCATION_FAILED; return error; } diff --git a/km_openssl/asymmetric_key_factory.cpp b/km_openssl/asymmetric_key_factory.cpp index 963694c..2fa1018 100644 --- a/km_openssl/asymmetric_key_factory.cpp +++ b/km_openssl/asymmetric_key_factory.cpp @@ -16,6 +16,8 @@ #include <keymaster/asymmetric_key_factory.h> +#include <utility> + #include <keymaster/android_keymaster_utils.h> #include <keymaster/km_openssl/asymmetric_key.h> @@ -44,11 +46,12 @@ keymaster_error_t AsymmetricKeyFactory::LoadKey(KeymasterKeyBlob&& key_material, AuthorizationSet&& sw_enforced, UniquePtr<Key>* key) const { UniquePtr<AsymmetricKey> asym_key; - keymaster_error_t error = CreateEmptyKey(move(hw_enforced), move(sw_enforced), &asym_key); + keymaster_error_t error = CreateEmptyKey(std::move(hw_enforced), std::move(sw_enforced), + &asym_key); if (error != KM_ERROR_OK) return error; const uint8_t* tmp = key_material.key_material; - asym_key->key_material() = move(key_material); + asym_key->key_material() = std::move(key_material); EVP_PKEY* pkey = d2i_PrivateKey(asym_key->evp_key_type(), nullptr /* pkey */, &tmp, asym_key->key_material().key_material_size); diff --git a/km_openssl/attestation_record.cpp b/km_openssl/attestation_record.cpp index f413064..36cf320 100644 --- a/km_openssl/attestation_record.cpp +++ b/km_openssl/attestation_record.cpp @@ -47,10 +47,11 @@ IMPLEMENT_ASN1_FUNCTIONS(KM_AUTH_LIST); IMPLEMENT_ASN1_FUNCTIONS(KM_KEY_DESCRIPTION); static const keymaster_tag_t kDeviceAttestationTags[] = { - KM_TAG_ATTESTATION_ID_BRAND, KM_TAG_ATTESTATION_ID_DEVICE, KM_TAG_ATTESTATION_ID_PRODUCT, - KM_TAG_ATTESTATION_ID_SERIAL, KM_TAG_ATTESTATION_ID_IMEI, KM_TAG_ATTESTATION_ID_MEID, + KM_TAG_ATTESTATION_ID_BRAND, KM_TAG_ATTESTATION_ID_DEVICE, + KM_TAG_ATTESTATION_ID_PRODUCT, KM_TAG_ATTESTATION_ID_SERIAL, + KM_TAG_ATTESTATION_ID_IMEI, KM_TAG_ATTESTATION_ID_MEID, KM_TAG_ATTESTATION_ID_MANUFACTURER, KM_TAG_ATTESTATION_ID_MODEL, -}; + KM_TAG_ATTESTATION_ID_SECOND_IMEI}; struct KM_AUTH_LIST_Delete { void operator()(KM_AUTH_LIST* p) { KM_AUTH_LIST_free(p); } @@ -679,6 +680,9 @@ keymaster_error_t build_auth_list(const AuthorizationSet& auth_list, KM_AUTH_LIS case KM_TAG_ATTESTATION_ID_IMEI: string_ptr = &record->attestation_id_imei; break; + case KM_TAG_ATTESTATION_ID_SECOND_IMEI: + string_ptr = &record->attestation_id_second_imei; + break; case KM_TAG_ATTESTATION_ID_MEID: string_ptr = &record->attestation_id_meid; break; @@ -936,31 +940,47 @@ keymaster_error_t build_eat_record(const AuthorizationSet& attestation_params, return KM_ERROR_OK; } -std::vector<uint8_t> build_unique_id_input(uint64_t creation_date_time, - const keymaster_blob_t& application_id, - bool reset_since_rotation) { +keymaster_error_t build_unique_id_input(uint64_t creation_date_time, + const keymaster_blob_t& application_id, + bool reset_since_rotation, Buffer* input_data) { + if (input_data == nullptr) { + return KM_ERROR_UNEXPECTED_NULL_POINTER; + } uint64_t rounded_date = creation_date_time / 2592000000LLU; uint8_t* serialized_date = reinterpret_cast<uint8_t*>(&rounded_date); + uint8_t reset_byte = (reset_since_rotation ? 1 : 0); - std::vector<uint8_t> input; - input.insert(input.end(), serialized_date, serialized_date + sizeof(rounded_date)); - input.insert(input.end(), application_id.data, - application_id.data + application_id.data_length); - input.push_back(reset_since_rotation ? 1 : 0); - return input; + if (!input_data->Reinitialize(sizeof(rounded_date) + application_id.data_length + 1) || + !input_data->write(serialized_date, sizeof(rounded_date)) || + !input_data->write(application_id.data, application_id.data_length) || + !input_data->write(&reset_byte, 1)) { + return KM_ERROR_MEMORY_ALLOCATION_FAILED; + } + return KM_ERROR_OK; } -Buffer generate_unique_id(const std::vector<uint8_t>& hbk, uint64_t creation_date_time, - const keymaster_blob_t& application_id, bool reset_since_rotation) { +keymaster_error_t generate_unique_id(const std::vector<uint8_t>& hbk, uint64_t creation_date_time, + const keymaster_blob_t& application_id, + bool reset_since_rotation, Buffer* unique_id) { + if (unique_id == nullptr) { + return KM_ERROR_UNEXPECTED_NULL_POINTER; + } HmacSha256 hmac; hmac.Init(hbk.data(), hbk.size()); - std::vector<uint8_t> input = - build_unique_id_input(creation_date_time, application_id, reset_since_rotation); - Buffer unique_id(UNIQUE_ID_SIZE); - hmac.Sign(input.data(), input.size(), unique_id.peek_write(), unique_id.available_write()); - unique_id.advance_write(UNIQUE_ID_SIZE); - return unique_id; + Buffer input; + keymaster_error_t error = + build_unique_id_input(creation_date_time, application_id, reset_since_rotation, &input); + if (error != KM_ERROR_OK) { + return error; + } + if (!unique_id->Reinitialize(UNIQUE_ID_SIZE)) { + return KM_ERROR_MEMORY_ALLOCATION_FAILED; + } + hmac.Sign(input.peek_read(), input.available_read(), unique_id->peek_write(), + unique_id->available_write()); + unique_id->advance_write(UNIQUE_ID_SIZE); + return KM_ERROR_OK; } // Construct an ASN1.1 DER-encoded attestation record containing the values from sw_enforced and @@ -1388,6 +1408,14 @@ keymaster_error_t extract_auth_list(const KM_AUTH_LIST* record, AuthorizationSet return KM_ERROR_MEMORY_ALLOCATION_FAILED; } + // Second IMEI + if (record->attestation_id_second_imei && + !auth_list->push_back(TAG_ATTESTATION_ID_SECOND_IMEI, + record->attestation_id_second_imei->data, + record->attestation_id_second_imei->length)) { + return KM_ERROR_MEMORY_ALLOCATION_FAILED; + } + return KM_ERROR_OK; } diff --git a/km_openssl/attestation_utils.cpp b/km_openssl/attestation_utils.cpp index e9a6aa3..a288446 100644 --- a/km_openssl/attestation_utils.cpp +++ b/km_openssl/attestation_utils.cpp @@ -15,6 +15,8 @@ ** limitations under the License. */ +#include <utility> + #include <openssl/evp.h> #include <openssl/x509v3.h> @@ -146,7 +148,7 @@ keymaster_error_t make_attestation_cert(const EVP_PKEY* evp_pkey, const X509_NAM return error; } - *cert_out = move(certificate); + *cert_out = std::move(certificate); return KM_ERROR_OK; } @@ -266,7 +268,7 @@ CertificateChain generate_attestation(const AsymmetricKey& key, } return generate_attestation(pkey.get(), key.sw_enforced(), key.hw_enforced(), attest_params, - move(attest_key), context, error); + std::move(attest_key), context, error); } CertificateChain generate_attestation(const EVP_PKEY* evp_key, // @@ -317,7 +319,7 @@ CertificateChain generate_attestation(const EVP_PKEY* evp_key, // *error = sign_cert(certificate.get(), signing_key_ptr); if (*error != KM_ERROR_OK) return {}; - return make_cert_chain(certificate.get(), move(cert_chain), error); + return make_cert_chain(certificate.get(), std::move(cert_chain), error); } } // namespace keymaster diff --git a/km_openssl/block_cipher_operation.cpp b/km_openssl/block_cipher_operation.cpp index a381e75..296cb9c 100644 --- a/km_openssl/block_cipher_operation.cpp +++ b/km_openssl/block_cipher_operation.cpp @@ -16,6 +16,8 @@ #include "block_cipher_operation.h" +#include <utility> + #include <stdio.h> #include <keymaster/UniquePtr.h> @@ -117,11 +119,12 @@ OperationPtr BlockCipherOperationFactory::CreateOperation(Key&& key, switch (purpose_) { case KM_PURPOSE_ENCRYPT: op.reset(new (std::nothrow) BlockCipherEvpEncryptOperation( // - block_mode, padding, caller_nonce, tag_length, move(key), GetCipherDescription())); + block_mode, padding, caller_nonce, tag_length, std::move(key), + GetCipherDescription())); break; case KM_PURPOSE_DECRYPT: op.reset(new (std::nothrow) BlockCipherEvpDecryptOperation( - block_mode, padding, tag_length, move(key), GetCipherDescription())); + block_mode, padding, tag_length, std::move(key), GetCipherDescription())); break; default: *error = KM_ERROR_UNSUPPORTED_PURPOSE; diff --git a/km_openssl/block_cipher_operation.h b/km_openssl/block_cipher_operation.h index 9c25bda..cd78805 100644 --- a/km_openssl/block_cipher_operation.h +++ b/km_openssl/block_cipher_operation.h @@ -17,6 +17,8 @@ #ifndef SYSTEM_KEYMASTER_BLOCK_CIPHER_OPERATION_H_ #define SYSTEM_KEYMASTER_BLOCK_CIPHER_OPERATION_H_ +#include <utility> + #include <openssl/evp.h> #include <keymaster/operation.h> @@ -121,7 +123,7 @@ class BlockCipherEvpEncryptOperation : public BlockCipherEvpOperation { bool caller_iv, size_t tag_length, Key&& key, const EvpCipherDescription& cipher_description) : BlockCipherEvpOperation(KM_PURPOSE_ENCRYPT, block_mode, padding, caller_iv, tag_length, - move(key), cipher_description) {} + std::move(key), cipher_description) {} keymaster_error_t Begin(const AuthorizationSet& input_params, AuthorizationSet* output_params) override; @@ -141,7 +143,7 @@ class BlockCipherEvpDecryptOperation : public BlockCipherEvpOperation { size_t tag_length, Key&& key, const EvpCipherDescription& cipher_description) : BlockCipherEvpOperation(KM_PURPOSE_DECRYPT, block_mode, padding, - false /* caller_iv -- don't care */, tag_length, move(key), + false /* caller_iv -- don't care */, tag_length, std::move(key), cipher_description) {} keymaster_error_t Begin(const AuthorizationSet& input_params, diff --git a/km_openssl/certificate_utils.cpp b/km_openssl/certificate_utils.cpp index 9118c68..17a34b0 100644 --- a/km_openssl/certificate_utils.cpp +++ b/km_openssl/certificate_utils.cpp @@ -15,6 +15,7 @@ */ #include <iostream> +#include <utility> #include <openssl/asn1.h> #include <openssl/evp.h> @@ -40,7 +41,7 @@ constexpr int kKeyAgreementKeyUsageBit = 4; constexpr int kMaxKeyUsageBit = 8; template <typename T> T&& min(T&& a, T&& b) { - return (a < b) ? forward<T>(a) : forward<T>(b); + return (a < b) ? std::forward<T>(a) : std::forward<T>(b); } keymaster_error_t fake_sign_cert(X509* cert) { @@ -76,7 +77,7 @@ keymaster_error_t make_name_from_str(const char name[], X509_NAME_Ptr* name_out) 0 /* set */)) { return TranslateLastOpenSslError(); } - *name_out = move(x509_name); + *name_out = std::move(x509_name); return KM_ERROR_OK; } @@ -89,7 +90,7 @@ keymaster_error_t make_name_from_der(const keymaster_blob_t& name, X509_NAME_Ptr return TranslateLastOpenSslError(); } - *name_out = move(x509_name); + *name_out = std::move(x509_name); return KM_ERROR_OK; } @@ -124,7 +125,7 @@ keymaster_error_t get_certificate_params(const AuthorizationSet& caller_params, // Default serial is one. BN_one(serial.get()); } - cert_params->serial = move(serial); + cert_params->serial = std::move(serial); cert_params->active_date_time = 0; cert_params->expire_date_time = kUndefinedExpirationDateTime; @@ -228,7 +229,7 @@ keymaster_error_t make_key_usage_extension(bool is_signing_key, bool is_encrypti return TranslateLastOpenSslError(); } - *usage_extension_out = move(key_usage_extension); + *usage_extension_out = std::move(key_usage_extension); return KM_ERROR_OK; } @@ -285,7 +286,7 @@ keymaster_error_t make_cert_rump(const X509_NAME* issuer, return TranslateLastOpenSslError(); } - *cert_out = move(certificate); + *cert_out = std::move(certificate); return KM_ERROR_OK; } @@ -315,7 +316,7 @@ keymaster_error_t make_cert(const EVP_PKEY* evp_pkey, const X509_NAME* issuer, return TranslateLastOpenSslError(); } - *cert_out = move(certificate); + *cert_out = std::move(certificate); return KM_ERROR_OK; } diff --git a/km_openssl/ec_key_factory.cpp b/km_openssl/ec_key_factory.cpp index 4ec3175..087ca63 100644 --- a/km_openssl/ec_key_factory.cpp +++ b/km_openssl/ec_key_factory.cpp @@ -16,6 +16,8 @@ #include <keymaster/km_openssl/ec_key_factory.h> +#include <utility> + #include <openssl/curve25519.h> #include <openssl/evp.h> @@ -178,14 +180,14 @@ keymaster_error_t EcKeyFactory::GenerateKey(const AuthorizationSet& key_descript } else if (is_x25519) { key.reset(new (std::nothrow) X25519Key(*hw_enforced, *sw_enforced, this, key_material)); } else { - key.reset(new (std::nothrow) EcKey(*hw_enforced, *sw_enforced, this, move(ec_key))); + key.reset(new (std::nothrow) EcKey(*hw_enforced, *sw_enforced, this, std::move(ec_key))); } if (key == nullptr) { return KM_ERROR_MEMORY_ALLOCATION_FAILED; } if (key_description.Contains(TAG_ATTESTATION_CHALLENGE)) { - *cert_chain = context_.GenerateAttestation(*key, key_description, move(attest_key), + *cert_chain = context_.GenerateAttestation(*key, key_description, std::move(attest_key), issuer_subject, &error); } else if (attest_key.get() != nullptr) { return KM_ERROR_ATTESTATION_CHALLENGE_MISSING; @@ -207,8 +209,8 @@ keymaster_error_t EcKeyFactory::ImportKey(const AuthorizationSet& key_descriptio AuthorizationSet* sw_enforced, CertificateChain* cert_chain) const { if (input_key_material_format == KM_KEY_FORMAT_RAW) { - return ImportRawKey(key_description, input_key_material, move(attest_key), issuer_subject, - output_key_blob, hw_enforced, sw_enforced, cert_chain); + return ImportRawKey(key_description, input_key_material, std::move(attest_key), + issuer_subject, output_key_blob, hw_enforced, sw_enforced, cert_chain); } if (!output_key_blob || !hw_enforced || !sw_enforced) return KM_ERROR_OUTPUT_PARAMETER_NULL; @@ -231,7 +233,7 @@ keymaster_error_t EcKeyFactory::ImportKey(const AuthorizationSet& key_descriptio if (error != KM_ERROR_OK) return error; std::unique_ptr<AsymmetricKey> key; - switch (EVP_PKEY_type(pkey->type)) { + switch (EVP_PKEY_id(pkey.get())) { case EVP_PKEY_ED25519: key.reset(new (std::nothrow) Ed25519Key(*hw_enforced, *sw_enforced, this)); if (key.get() == nullptr) { @@ -254,7 +256,7 @@ keymaster_error_t EcKeyFactory::ImportKey(const AuthorizationSet& key_descriptio EC_KEY_Ptr ec_key(EVP_PKEY_get1_EC_KEY(pkey.get())); if (!ec_key.get()) return KM_ERROR_INVALID_ARGUMENT; - key.reset(new (std::nothrow) EcKey(*hw_enforced, *sw_enforced, this, move(ec_key))); + key.reset(new (std::nothrow) EcKey(*hw_enforced, *sw_enforced, this, std::move(ec_key))); if (key.get() == nullptr) { return KM_ERROR_MEMORY_ALLOCATION_FAILED; } @@ -268,7 +270,7 @@ keymaster_error_t EcKeyFactory::ImportKey(const AuthorizationSet& key_descriptio } if (key_description.Contains(KM_TAG_ATTESTATION_CHALLENGE)) { - *cert_chain = context_.GenerateAttestation(*key, key_description, move(attest_key), + *cert_chain = context_.GenerateAttestation(*key, key_description, std::move(attest_key), issuer_subject, &error); } else if (attest_key.get() != nullptr) { return KM_ERROR_ATTESTATION_CHALLENGE_MISSING; @@ -359,7 +361,7 @@ keymaster_error_t EcKeyFactory::ImportRawKey(const AuthorizationSet& key_descrip } if (key_description.Contains(KM_TAG_ATTESTATION_CHALLENGE)) { - *cert_chain = context_.GenerateAttestation(*key, key_description, move(attest_key), + *cert_chain = context_.GenerateAttestation(*key, key_description, std::move(attest_key), issuer_subject, &error); } else if (attest_key.get() != nullptr) { return KM_ERROR_ATTESTATION_CHALLENGE_MISSING; @@ -392,7 +394,7 @@ keymaster_error_t EcKeyFactory::UpdateImportKeyDescription(const AuthorizationSe return KM_ERROR_IMPORT_PARAMETER_MISMATCH; } - switch (EVP_PKEY_type(pkey->type)) { + switch (EVP_PKEY_id(pkey.get())) { case EVP_PKEY_EC: { UniquePtr<EC_KEY, EC_KEY_Delete> ec_key(EVP_PKEY_get1_EC_KEY(pkey.get())); if (!ec_key.get()) return TranslateLastOpenSslError(); @@ -509,11 +511,13 @@ keymaster_error_t EcKeyFactory::CreateEmptyKey(AuthorizationSet&& hw_enforced, if (is_x25519) { return KM_ERROR_INCOMPATIBLE_PURPOSE; } - key->reset(new (std::nothrow) Ed25519Key(move(hw_enforced), move(sw_enforced), this)); + key->reset(new (std::nothrow) Ed25519Key(std::move(hw_enforced), std::move(sw_enforced), + this)); } else if (is_x25519) { - key->reset(new (std::nothrow) X25519Key(move(hw_enforced), move(sw_enforced), this)); + key->reset(new (std::nothrow) X25519Key(std::move(hw_enforced), std::move(sw_enforced), + this)); } else { - key->reset(new (std::nothrow) EcKey(move(hw_enforced), move(sw_enforced), this)); + key->reset(new (std::nothrow) EcKey(std::move(hw_enforced), std::move(sw_enforced), this)); } if (!(*key)) return KM_ERROR_MEMORY_ALLOCATION_FAILED; return KM_ERROR_OK; diff --git a/km_openssl/ecdh_operation.cpp b/km_openssl/ecdh_operation.cpp index 47f7361..1fa68df 100644 --- a/km_openssl/ecdh_operation.cpp +++ b/km_openssl/ecdh_operation.cpp @@ -16,13 +16,15 @@ #include <keymaster/km_openssl/ecdh_operation.h> +#include <utility> +#include <vector> + #include <keymaster/km_openssl/ec_key.h> #include <keymaster/km_openssl/openssl_err.h> #include <keymaster/km_openssl/openssl_utils.h> #include <keymaster/logger.h> #include <openssl/curve25519.h> #include <openssl/err.h> -#include <vector> namespace keymaster { @@ -149,14 +151,14 @@ OperationPtr EcdhOperationFactory::CreateOperation(Key&& key, *error = KM_ERROR_OK; EcdhOperation* op = nullptr; - switch (EVP_PKEY_type(pkey->type)) { + switch (EVP_PKEY_id(pkey.get())) { case EVP_PKEY_X25519: - op = new (std::nothrow) X25519Operation(move(key.hw_enforced_move()), - move(key.sw_enforced_move()), pkey.release()); + op = new (std::nothrow) X25519Operation(std::move(key.hw_enforced_move()), + std::move(key.sw_enforced_move()), pkey.release()); break; case EVP_PKEY_EC: - op = new (std::nothrow) EcdhOperation(move(key.hw_enforced_move()), - move(key.sw_enforced_move()), pkey.release()); + op = new (std::nothrow) EcdhOperation(std::move(key.hw_enforced_move()), + std::move(key.sw_enforced_move()), pkey.release()); break; default: *error = KM_ERROR_UNKNOWN_ERROR; diff --git a/km_openssl/hmac_key.cpp b/km_openssl/hmac_key.cpp index d74ff37..c8f2444 100644 --- a/km_openssl/hmac_key.cpp +++ b/km_openssl/hmac_key.cpp @@ -16,6 +16,8 @@ #include <keymaster/km_openssl/hmac_key.h> +#include <utility> + #include <openssl/err.h> #include <openssl/rand.h> @@ -52,7 +54,8 @@ keymaster_error_t HmacKeyFactory::LoadKey(KeymasterKeyBlob&& key_material, } key->reset(new (std::nothrow) - HmacKey(move(key_material), move(hw_enforced), move(sw_enforced), this)); + HmacKey(std::move(key_material), std::move(hw_enforced), std::move(sw_enforced), + this)); if (!key->get()) return KM_ERROR_MEMORY_ALLOCATION_FAILED; return KM_ERROR_OK; } diff --git a/km_openssl/hmac_operation.cpp b/km_openssl/hmac_operation.cpp index 759ca12..a05e200 100644 --- a/km_openssl/hmac_operation.cpp +++ b/km_openssl/hmac_operation.cpp @@ -16,6 +16,8 @@ #include "hmac_operation.h" +#include <utility> + #include <openssl/evp.h> #include <openssl/hmac.h> @@ -69,7 +71,7 @@ OperationPtr HmacOperationFactory::CreateOperation(Key&& key, const Authorizatio } UniquePtr<HmacOperation> op(new (std::nothrow) HmacOperation( - move(key), purpose(), digest, mac_length_bits / 8, min_mac_length_bits / 8)); + std::move(key), purpose(), digest, mac_length_bits / 8, min_mac_length_bits / 8)); if (!op.get()) *error = KM_ERROR_MEMORY_ALLOCATION_FAILED; else @@ -77,7 +79,7 @@ OperationPtr HmacOperationFactory::CreateOperation(Key&& key, const Authorizatio if (*error != KM_ERROR_OK) return nullptr; - return move(op); + return std::move(op); } static keymaster_digest_t supported_digests[] = {KM_DIGEST_SHA1, KM_DIGEST_SHA_2_224, diff --git a/km_openssl/openssl_utils.cpp b/km_openssl/openssl_utils.cpp index 2672cdc..6b91ecc 100644 --- a/km_openssl/openssl_utils.cpp +++ b/km_openssl/openssl_utils.cpp @@ -80,7 +80,7 @@ keymaster_error_t convert_pkcs8_blob_to_evp(const uint8_t* key_data, size_t key_ // Check the key type detected from the PKCS8 blob matches the KM algorithm we expect. keymaster_algorithm_t got_algorithm; - switch (EVP_PKEY_type((*pkey)->type)) { + switch (EVP_PKEY_id(pkey->get())) { case EVP_PKEY_RSA: got_algorithm = KM_ALGORITHM_RSA; break; @@ -91,13 +91,13 @@ keymaster_error_t convert_pkcs8_blob_to_evp(const uint8_t* key_data, size_t key_ break; default: LOG_E("EVP key algorithm was unknown (type %d), not the expected %d", - EVP_PKEY_type((*pkey)->type), expected_algorithm); + EVP_PKEY_id(pkey->get()), expected_algorithm); return KM_ERROR_INVALID_KEY_BLOB; } if (expected_algorithm != got_algorithm) { LOG_E("EVP key algorithm was %d (from type %d), not the expected %d", got_algorithm, - EVP_PKEY_type((*pkey)->type), expected_algorithm); + EVP_PKEY_id(pkey->get()), expected_algorithm); return KM_ERROR_INVALID_KEY_BLOB; } @@ -115,7 +115,7 @@ keymaster_error_t KeyMaterialToEvpKey(keymaster_key_format_t key_format, } keymaster_error_t EvpKeyToKeyMaterial(const EVP_PKEY* pkey, KeymasterKeyBlob* key_blob) { - switch (EVP_PKEY_type(pkey->type)) { + switch (EVP_PKEY_id(pkey)) { case EVP_PKEY_ED25519: case EVP_PKEY_X25519: { // BoringSSL's i2d_PrivateKey does not handle curve 25519 keys. diff --git a/km_openssl/rsa_key_factory.cpp b/km_openssl/rsa_key_factory.cpp index ed7162d..27f64e4 100644 --- a/km_openssl/rsa_key_factory.cpp +++ b/km_openssl/rsa_key_factory.cpp @@ -16,6 +16,8 @@ #include <keymaster/km_openssl/rsa_key_factory.h> +#include <utility> + #include <keymaster/keymaster_context.h> #include <keymaster/km_openssl/openssl_err.h> #include <keymaster/km_openssl/openssl_utils.h> @@ -101,9 +103,9 @@ keymaster_error_t RsaKeyFactory::GenerateKey(const AuthorizationSet& key_descrip if (context_.GetKmVersion() < KmVersion::KEYMINT_1) return KM_ERROR_OK; if (!cert_chain) return KM_ERROR_UNEXPECTED_NULL_POINTER; - RsaKey key(*hw_enforced, *sw_enforced, this, move(rsa_key)); + RsaKey key(*hw_enforced, *sw_enforced, this, std::move(rsa_key)); if (key_description.Contains(TAG_ATTESTATION_CHALLENGE)) { - *cert_chain = context_.GenerateAttestation(key, key_description, move(attest_key), + *cert_chain = context_.GenerateAttestation(key, key_description, std::move(attest_key), issuer_subject, &error); } else if (attest_key.get() != nullptr) { return KM_ERROR_ATTESTATION_CHALLENGE_MISSING; @@ -148,9 +150,9 @@ keymaster_error_t RsaKeyFactory::ImportKey(const AuthorizationSet& key_descripti RSA_Ptr rsa_key(EVP_PKEY_get1_RSA(pkey.get())); if (!rsa_key.get()) return KM_ERROR_INVALID_ARGUMENT; - RsaKey key(*hw_enforced, *sw_enforced, this, move(rsa_key)); + RsaKey key(*hw_enforced, *sw_enforced, this, std::move(rsa_key)); if (key_description.Contains(KM_TAG_ATTESTATION_CHALLENGE)) { - *cert_chain = context_.GenerateAttestation(key, key_description, move(attest_key), + *cert_chain = context_.GenerateAttestation(key, key_description, std::move(attest_key), issuer_subject, &error); } else if (attest_key.get() != nullptr) { return KM_ERROR_ATTESTATION_CHALLENGE_MISSING; @@ -212,7 +214,7 @@ keymaster_error_t RsaKeyFactory::UpdateImportKeyDescription(const AuthorizationS keymaster_error_t RsaKeyFactory::CreateEmptyKey(AuthorizationSet&& hw_enforced, AuthorizationSet&& sw_enforced, UniquePtr<AsymmetricKey>* key) const { - key->reset(new (std::nothrow) RsaKey(move(hw_enforced), move(sw_enforced), this)); + key->reset(new (std::nothrow) RsaKey(std::move(hw_enforced), std::move(sw_enforced), this)); if (!(*key)) return KM_ERROR_MEMORY_ALLOCATION_FAILED; return KM_ERROR_OK; } diff --git a/km_openssl/rsa_operation.cpp b/km_openssl/rsa_operation.cpp index a4710d4..e445321 100644 --- a/km_openssl/rsa_operation.cpp +++ b/km_openssl/rsa_operation.cpp @@ -16,6 +16,8 @@ #include <keymaster/km_openssl/rsa_operation.h> +#include <utility> + #include <limits.h> #include <openssl/err.h> @@ -98,7 +100,7 @@ RsaOperation* RsaCryptingOperationFactory::CreateRsaOperation(Key&& key, *error = GetAndValidateMgfDigest(begin_params, key, &mgf_digest); if (*error != KM_ERROR_OK) return nullptr; UniquePtr<RsaOperation> op( - RsaOperationFactory::CreateRsaOperation(move(key), begin_params, error)); + RsaOperationFactory::CreateRsaOperation(std::move(key), begin_params, error)); if (op.get()) { switch (op->padding()) { case KM_PAD_NONE: @@ -240,7 +242,7 @@ RsaDigestingOperation::RsaDigestingOperation(AuthorizationSet&& hw_enforced, AuthorizationSet&& sw_enforced, keymaster_purpose_t purpose, keymaster_digest_t digest, keymaster_padding_t padding, EVP_PKEY* key) - : RsaOperation(move(hw_enforced), move(sw_enforced), purpose, digest, padding, key) { + : RsaOperation(std::move(hw_enforced), std::move(sw_enforced), purpose, digest, padding, key) { EVP_MD_CTX_init(&digest_ctx_); } RsaDigestingOperation::~RsaDigestingOperation() { diff --git a/km_openssl/soft_keymaster_enforcement.cpp b/km_openssl/soft_keymaster_enforcement.cpp index 0a3c2f6..0f5df6e 100644 --- a/km_openssl/soft_keymaster_enforcement.cpp +++ b/km_openssl/soft_keymaster_enforcement.cpp @@ -29,6 +29,10 @@ #include <keymaster/km_openssl/openssl_err.h> #include <keymaster/km_openssl/openssl_utils.h> +#ifdef _WIN32 +#include <sysinfoapi.h> +#endif + namespace keymaster { namespace { @@ -52,11 +56,15 @@ class EvpMdCtx { } // anonymous namespace uint64_t SoftKeymasterEnforcement::get_current_time_ms() const { +#ifdef _WIN32 + return GetTickCount64(); +#else struct timespec tp; int err = clock_gettime(CLOCK_BOOTTIME, &tp); if (err || tp.tv_sec < 0) return 0; return static_cast<uint64_t>(tp.tv_sec) * 1000 + static_cast<uint64_t>(tp.tv_nsec) / 1000000; +#endif } bool SoftKeymasterEnforcement::CreateKeyId(const keymaster_key_blob_t& key_blob, diff --git a/km_openssl/symmetric_key.cpp b/km_openssl/symmetric_key.cpp index 1b89d66..d60d9f8 100644 --- a/km_openssl/symmetric_key.cpp +++ b/km_openssl/symmetric_key.cpp @@ -16,6 +16,8 @@ #include <keymaster/km_openssl/symmetric_key.h> +#include <utility> + #include <assert.h> #include <openssl/err.h> @@ -105,8 +107,8 @@ SymmetricKeyFactory::SupportedImportFormats(size_t* format_count) const { SymmetricKey::SymmetricKey(KeymasterKeyBlob&& key_material, AuthorizationSet&& hw_enforced, AuthorizationSet&& sw_enforced, const KeyFactory* key_factory) - : Key(move(hw_enforced), move(sw_enforced), key_factory) { - key_material_ = move(key_material); + : Key(std::move(hw_enforced), std::move(sw_enforced), key_factory) { + key_material_ = std::move(key_material); } SymmetricKey::~SymmetricKey() {} diff --git a/km_openssl/triple_des_key.cpp b/km_openssl/triple_des_key.cpp index 8c267e6..d60d204 100644 --- a/km_openssl/triple_des_key.cpp +++ b/km_openssl/triple_des_key.cpp @@ -16,6 +16,8 @@ #include <keymaster/km_openssl/triple_des_key.h> +#include <utility> + #include <assert.h> #include <openssl/err.h> @@ -48,7 +50,8 @@ keymaster_error_t TripleDesKeyFactory::LoadKey(KeymasterKeyBlob&& key_material, keymaster_error_t error = KM_ERROR_OK; key->reset(new (std::nothrow) - TripleDesKey(move(key_material), move(hw_enforced), move(sw_enforced), this)); + TripleDesKey(std::move(key_material), std::move(hw_enforced), + std::move(sw_enforced), this)); if (!key->get()) error = KM_ERROR_MEMORY_ALLOCATION_FAILED; return error; } |