Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / system / keymaster / 72014adef83b0346859dbe82d77b09b4756d8e64^! / . / google_keymaster.cpp
commit72014adef83b0346859dbe82d77b09b4756d8e64[log] [tgz]
authorShawn Willden <swillden@google.com>Wed Sep 17 13:04:10 2014 -0600
committerShawn Willden <swillden@google.com>Tue Sep 23 07:54:57 2014 -0600
tree0b2abe1d57d52773ddae43db080c799f999f3082
parent7c0a82b7528c51299bf8dda6beb5e1fc8bf54b23 [diff] [blame]
Refactor KeyBlob to separate encryption functionality.

This CL is in preparation for another which will refactor libkeymaster
into libkeymaster and libkeymasterclient, the latter for use by programs
which merely interface with keymaster and don't do any crypto on their
own, but do need to parse key blobs to extract authorization list
entries.  To make that possible it moves KeyBlob's key encryption and
decryption capabilities into a subclass, PlaintextKeyBlob.

Change-Id: Ic6a65b6f237c122796ea70458655111316f902d8

diff --git a/google_keymaster.cpp b/google_keymaster.cpp
index 29a8129..ae69145 100644
--- a/google_keymaster.cpp
+++ b/google_keymaster.cpp

@@ -26,11 +26,11 @@
 
 #include <keymaster/google_keymaster.h>
 #include <keymaster/google_keymaster_utils.h>
-#include <keymaster/key_blob.h>
 
 #include "ae.h"
 #include "key.h"
 #include "operation.h"
+#include "unencrypted_key_blob.h"
 
 namespace keymaster {
 
@@ -320,9 +320,10 @@
     uint8_t nonce[KeyBlob::NONCE_LENGTH];
     GenerateNonce(nonce, array_size(nonce));
 
-    keymaster_key_blob_t key_data = {key_material.get(), key_material_size};
-    UniquePtr<KeyBlob> blob(
-        new KeyBlob(*enforced, *unenforced, hidden_auths, key_data, MasterKey(), nonce));
+    keymaster_key_blob_t master_key = MasterKey();
+    UniquePtr<KeyBlob> blob(new UnencryptedKeyBlob(
+        *enforced, *unenforced, hidden_auths, key_material.get(), key_material_size,
+        master_key.key_material, master_key.key_material_size, nonce));
     if (blob.get() == NULL)
         return KM_ERROR_MEMORY_ALLOCATION_FAILED;
     if (blob->error() != KM_ERROR_OK)
@@ -342,18 +343,20 @@
 
 Key* GoogleKeymaster::LoadKey(const keymaster_key_blob_t& key,
                               const AuthorizationSet& client_params, keymaster_error_t* error) {
-    UniquePtr<KeyBlob> blob(LoadKeyBlob(key, client_params, error));
+    UniquePtr<UnencryptedKeyBlob> blob(LoadKeyBlob(key, client_params, error));
     if (*error != KM_ERROR_OK)
         return NULL;
     return Key::CreateKey(*blob, logger(), error);
 }
 
-KeyBlob* GoogleKeymaster::LoadKeyBlob(const keymaster_key_blob_t& key,
-                                      const AuthorizationSet& client_params,
-                                      keymaster_error_t* error) {
+UnencryptedKeyBlob* GoogleKeymaster::LoadKeyBlob(const keymaster_key_blob_t& key,
+                                                 const AuthorizationSet& client_params,
+                                                 keymaster_error_t* error) {
     AuthorizationSet hidden;
     BuildHiddenAuthorizations(client_params, &hidden);
-    UniquePtr<KeyBlob> blob(new KeyBlob(key, hidden, MasterKey()));
+    keymaster_key_blob_t master_key = MasterKey();
+    UniquePtr<UnencryptedKeyBlob> blob(
+        new UnencryptedKeyBlob(key, hidden, master_key.key_material, master_key.key_material_size));
     if (blob.get() == NULL) {
         *error = KM_ERROR_MEMORY_ALLOCATION_FAILED;
         return NULL;