commit ccc52e52673724af05dc410a00bdf2aba57e3782
author Alice Wang <aliceywang@google.com> Tue Oct 03 13:14:09 2023 +0000
committer Alice Wang <aliceywang@google.com> Tue Oct 03 13:15:50 2023 +0000
tree b5ddc92d1dd23c071d87e730321c7319be902ead
parent 69b088fe15db4a771a352bf63783b542ee21d36b

[bssl] Make hkdf return Zeroizing type

This cl modifies the output of hkdf to be of Zeroizing type,
ensuring that the key is zeroized when it is dropped.

Test: atest rialto_test & m pvmfw_bin
Bug: 279425980
Change-Id: I903c0b0129cd388b9831d87ddf6d29978350c252

libs/bssl/src/hkdf.rs

diff --git a/libs/bssl/src/hkdf.rs b/libs/bssl/src/hkdf.rs
index 5dc6876..85bd1ff 100644
--- a/libs/bssl/src/hkdf.rs
+++ b/libs/bssl/src/hkdf.rs
@@ -18,6 +18,7 @@
 use crate::util::check_int_result;
 use bssl_avf_error::{ApiName, Result};
 use bssl_ffi::HKDF;
+use zeroize::Zeroizing;
 
 /// Computes HKDF (as specified by [RFC 5869]) of initial keying material `secret` with
 /// `salt` and `info` using the given `digester`.
@@ -28,8 +29,8 @@
     salt: &[u8],
     info: &[u8],
     digester: Digester,
-) -> Result<[u8; N]> {
-    let mut key = [0u8; N];
+) -> Result<Zeroizing<[u8; N]>> {
+    let mut key = Zeroizing::new([0u8; N]);
     // SAFETY: Only reads from/writes to the provided slices and the digester was non-null.
     let ret = unsafe {
         HKDF(

libs/bssl/tests/hkdf_test.rs

diff --git a/libs/bssl/tests/hkdf_test.rs b/libs/bssl/tests/hkdf_test.rs
index 1cda042..2e10314 100644
--- a/libs/bssl/tests/hkdf_test.rs
+++ b/libs/bssl/tests/hkdf_test.rs
@@ -33,7 +33,7 @@
         0x2a, 0x2d, 0x2d, 0x0a, 0x90, 0xcf, 0x1a, 0x5a, 0x4c, 0x5d, 0xb0, 0x2d, 0x56, 0xec, 0xc4,
         0xc5, 0xbf, 0x34, 0x00, 0x72, 0x08, 0xd5, 0xb8, 0x87, 0x18, 0x58, 0x65,
     ];
-    assert_eq!(OKM, hkdf::<L>(&IKM, &SALT, &INFO, Digester::sha256())?);
+    assert_eq!(OKM, hkdf::<L>(&IKM, &SALT, &INFO, Digester::sha256())?.as_slice());
     Ok(())
 }
 
@@ -72,7 +72,7 @@
         0xac, 0xa3, 0xdb, 0x71, 0xcc, 0x30, 0xc5, 0x81, 0x79, 0xec, 0x3e, 0x87, 0xc1, 0x4c, 0x01,
         0xd5, 0xc1, 0xf3, 0x43, 0x4f, 0x1d, 0x87,
     ];
-    assert_eq!(OKM, hkdf::<L>(&IKM, &SALT, &INFO, Digester::sha256())?);
+    assert_eq!(OKM, hkdf::<L>(&IKM, &SALT, &INFO, Digester::sha256())?.as_slice());
     Ok(())
 }
 
@@ -90,6 +90,6 @@
         0x31, 0xb8, 0xa1, 0x1f, 0x5c, 0x5e, 0xe1, 0x87, 0x9e, 0xc3, 0x45, 0x4e, 0x5f, 0x3c, 0x73,
         0x8d, 0x2d, 0x9d, 0x20, 0x13, 0x95, 0xfa, 0xa4, 0xb6, 0x1a, 0x96, 0xc8,
     ];
-    assert_eq!(OKM, hkdf::<L>(&IKM, &SALT, &INFO, Digester::sha256())?);
+    assert_eq!(OKM, hkdf::<L>(&IKM, &SALT, &INFO, Digester::sha256())?.as_slice());
     Ok(())
 }