[bssl] Make hkdf return Zeroizing type
This cl modifies the output of hkdf to be of Zeroizing type,
ensuring that the key is zeroized when it is dropped.
Test: atest rialto_test & m pvmfw_bin
Bug: 279425980
Change-Id: I903c0b0129cd388b9831d87ddf6d29978350c252
diff --git a/pvmfw/src/instance.rs b/pvmfw/src/instance.rs
index 75bc3d3..22839cb 100644
--- a/pvmfw/src/instance.rs
+++ b/pvmfw/src/instance.rs
@@ -135,7 +135,8 @@
let payload = &blk[..payload_size];
let mut entry = [0; size_of::<EntryBody>()];
- let aead = AeadCtx::new_aes_256_gcm_randnonce(&key).map_err(Error::FailedOpen)?;
+ let aead =
+ AeadCtx::new_aes_256_gcm_randnonce(key.as_slice()).map_err(Error::FailedOpen)?;
let decrypted = aead.open(&mut entry, payload).map_err(Error::FailedOpen)?;
let body = EntryBody::read_from(decrypted).unwrap();
@@ -153,7 +154,8 @@
let salt = rand::random_array().map_err(Error::FailedSaltGeneration)?;
let body = EntryBody::new(dice_inputs, &salt);
- let aead = AeadCtx::new_aes_256_gcm_randnonce(&key).map_err(Error::FailedSeal)?;
+ let aead =
+ AeadCtx::new_aes_256_gcm_randnonce(key.as_slice()).map_err(Error::FailedSeal)?;
// We currently only support single-blk entries.
let plaintext = body.as_bytes();
assert!(plaintext.len() + aead.aead().unwrap().max_overhead() < blk.len());