Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / system / vold / e2e2d308df2da26838de32852318bc2cb690d052^! / . / Keymaster.cpp
commite2e2d308df2da26838de32852318bc2cb690d052[log] [tgz]
authorPavel Grafov <pgrafov@google.com>Tue Aug 01 17:15:53 2017 +0100
committerPavel Grafov <pgrafov@google.com>Thu Aug 10 17:31:03 2017 +0100
tree6637d5b5af5d3dc50fe68edc6dc0525f3ea92983
parent53deec14b8418abbc1a6f30ff89629710437279f [diff] [blame]
Zero memory used for encryuption keys.

std::vector with custom zeroing allocator is used instead of
std::string for data that can contain encryption keys.

Bug: 64201177
Test: manually created a managed profile, changed it's credentials
Test: manually upgraded a phone with profile from O to MR1.
Change-Id: Ic31877049f69eba9f8ea64fd99acaaca5a01d3dd

diff --git a/Keymaster.cpp b/Keymaster.cpp
index ffa3a7a..1bbeb61 100644
--- a/Keymaster.cpp
+++ b/Keymaster.cpp

@@ -31,25 +31,23 @@
     if (mDevice.get()) mDevice->abort(mOpHandle);
 }
 
-bool KeymasterOperation::updateCompletely(const std::string& input, std::string* output) {
-    if (output)
-        output->clear();
-    auto it = input.begin();
-    uint32_t inputConsumed;
+bool KeymasterOperation::updateCompletely(const char* input, size_t inputLen,
+        const std::function<void(const char*, size_t)> consumer) {
+    uint32_t inputConsumed = 0;
 
     ErrorCode km_error;
-    auto hidlCB = [&] (ErrorCode ret, uint32_t _inputConsumed,
+    auto hidlCB = [&] (ErrorCode ret, uint32_t inputConsumedDelta,
             const hidl_vec<KeyParameter>& /*ignored*/, const hidl_vec<uint8_t>& _output) {
         km_error = ret;
         if (km_error != ErrorCode::OK) return;
-        inputConsumed = _inputConsumed;
-        if (output)
-            output->append(reinterpret_cast<const char*>(&_output[0]), _output.size());
+        inputConsumed += inputConsumedDelta;
+        consumer(reinterpret_cast<const char*>(&_output[0]), _output.size());
     };
 
-    while (it != input.end()) {
-        size_t toRead = static_cast<size_t>(input.end() - it);
-        auto inputBlob = blob2hidlVec(reinterpret_cast<const uint8_t*>(&*it), toRead);
+    while (inputConsumed != inputLen) {
+        size_t toRead = static_cast<size_t>(inputLen - inputConsumed);
+        auto inputBlob =
+                blob2hidlVec(reinterpret_cast<const uint8_t*>(&input[inputConsumed]), toRead);
         auto error = mDevice->update(mOpHandle, hidl_vec<KeyParameter>(), inputBlob, hidlCB);
         if (!error.isOk()) {
             LOG(ERROR) << "update failed: " << error.description();
@@ -61,12 +59,11 @@
             mDevice = nullptr;
             return false;
         }
-        if (inputConsumed > toRead) {
+        if (inputConsumed > inputLen) {
             LOG(ERROR) << "update reported too much input consumed";
             mDevice = nullptr;
             return false;
         }
-        it += inputConsumed;
     }
     return true;
 }