Allow impls of GateKeeper to keep ownership of key ptr
We require the lifecycle of the key ptr to be maintained
by the implementation as different constraints may
be placed on keeping keys in memory depending on the
implementation.
Change-Id: I20180029e738e6ee610db0bca53cc136375634e9
diff --git a/gatekeeper.cpp b/gatekeeper.cpp
index 5b3ca5d..2205801 100644
--- a/gatekeeper.cpp
+++ b/gatekeeper.cpp
@@ -150,16 +150,16 @@
memcpy(to_sign, &password_handle->version, metadata_length);
memcpy(to_sign + metadata_length, password, password_length);
- UniquePtr<uint8_t> password_key;
+ const uint8_t *password_key = NULL;
size_t password_key_length = 0;
GetPasswordKey(&password_key, &password_key_length);
- if (!password_key.get() || password_key_length == 0) {
+ if (!password_key || password_key_length == 0) {
return false;
}
ComputePasswordSignature(password_handle->signature, sizeof(password_handle->signature),
- password_key.get(), password_key_length, to_sign, sizeof(to_sign), salt);
+ password_key, password_key_length, to_sign, sizeof(to_sign), salt);
return true;
}
@@ -198,12 +198,12 @@
token->auxiliary_secure_user_id = authenticator_id;
token->timestamp = timestamp;
- UniquePtr<uint8_t> auth_token_key;
- size_t key_len;
+ const uint8_t *auth_token_key = NULL;
+ size_t key_len = 0;
GetAuthTokenKey(&auth_token_key, &key_len);
size_t hash_len = (size_t)((uint8_t *)&token->hmac - (uint8_t *)token);
- ComputeSignature(token->hmac, sizeof(token->hmac), auth_token_key.get(), key_len,
+ ComputeSignature(token->hmac, sizeof(token->hmac), auth_token_key, key_len,
reinterpret_cast<uint8_t *>(token), hash_len);
if (length != NULL) *length = sizeof(AuthToken);
diff --git a/include/gatekeeper/gatekeeper.h b/include/gatekeeper/gatekeeper.h
index f13f011..b2798fa 100644
--- a/include/gatekeeper/gatekeeper.h
+++ b/include/gatekeeper/gatekeeper.h
@@ -69,12 +69,12 @@
* of the AuthToken. This is not cached as is may have changed due to an event such
* as a password change.
*
- * Assigns the auth token to the auth_token_key UniquePtr, relinquishing ownership
- * to the caller.
* Writes the length in bytes of the returned key to length if it is not null.
*
+ * Ownership of the auth_token_key pointer is maintained by the implementor.
+ *
*/
- virtual void GetAuthTokenKey(UniquePtr<uint8_t> *auth_token_key, size_t *length)
+ virtual void GetAuthTokenKey(const uint8_t **auth_token_key, size_t *length)
const = 0;
/**
* The key used to sign and verify password data.
@@ -82,10 +82,12 @@
* MUST be different from the AuthTokenKey.
*
* GetPasswordKey is not const because unlike AuthTokenKey,
- * this value can and should be cached in local memory. The
+ * this value can be cached.
+ *
+ * Ownership of the password_key pointer is maintained by the implementor.
*
*/
- virtual void GetPasswordKey(UniquePtr<uint8_t> *password_key, size_t *length) = 0;
+ virtual void GetPasswordKey(const uint8_t **password_key, size_t *length) = 0;
/**
* Uses platform-specific routines to compute a signature on the provided password.
@@ -133,6 +135,7 @@
* Should return 0 on error.
*/
virtual uint64_t GetNanosecondsSinceBoot() const = 0;
+
private:
/**
* Generates a signed attestation of an authentication event and assings
diff --git a/include/gatekeeper/soft_gatekeeper.h b/include/gatekeeper/soft_gatekeeper.h
index 92fc3ff..aca9b0d 100644
--- a/include/gatekeeper/soft_gatekeeper.h
+++ b/include/gatekeeper/soft_gatekeeper.h
@@ -41,8 +41,7 @@
class SoftGateKeeper : public GateKeeper {
public:
- static const size_t SALT_LENGTH = 8;
- static const size_t SIGNATURE_LENGTH = 16;
+ static const size_t SIGNATURE_LENGTH_BYTES = 32;
// scrypt params
static const uint64_t N = 16384;
@@ -53,23 +52,25 @@
SoftGateKeeper(GateKeeperFileIo *file_io) {
file_io_ = file_io;
+ key_.reset(new uint8_t[SIGNATURE_LENGTH_BYTES]);
+ memset(key_.get(), 0, SIGNATURE_LENGTH_BYTES);
}
virtual ~SoftGateKeeper() {
delete file_io_;
}
- virtual void GetAuthTokenKey(UniquePtr<uint8_t> *auth_token_key,
+ virtual void GetAuthTokenKey(const uint8_t **auth_token_key,
size_t *length) const {
- auth_token_key->reset(new uint8_t[SIGNATURE_LENGTH]);
- memset(auth_token_key->get(), 0, SIGNATURE_LENGTH);
- if (length != NULL) *length = SIGNATURE_LENGTH;
+ if (auth_token_key == NULL || length == NULL) return;
+ *auth_token_key = const_cast<const uint8_t *>(key_.get());
+ *length = SIGNATURE_LENGTH_BYTES;
}
- virtual void GetPasswordKey(UniquePtr<uint8_t> *password_key, size_t *length) {
- password_key->reset(new uint8_t[SIGNATURE_LENGTH]);
- memset(password_key->get(), 0, SIGNATURE_LENGTH);
- if (length != NULL) *length = SIGNATURE_LENGTH;
+ virtual void GetPasswordKey(const uint8_t **password_key, size_t *length) {
+ if (password_key == NULL || length == NULL) return;
+ *password_key = const_cast<const uint8_t *>(key_.get());
+ *length = SIGNATURE_LENGTH_BYTES;
}
virtual void ComputePasswordSignature(uint8_t *signature, size_t signature_length,
@@ -114,6 +115,7 @@
}
private:
GateKeeperFileIo *file_io_;
+ UniquePtr<uint8_t> key_;
};
}