Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_security / 44d1afa2c02e782ba3023770063c057faf4687f3^! / . / keystore / KeyStore.cpp
commit44d1afa2c02e782ba3023770063c057faf4687f3[log] [tgz]
authorBranden Archer <brarcher@google.com>Fri Dec 28 09:10:49 2018 -0800
committerBranden Archer <brarcher@google.com>Fri Dec 28 10:19:15 2018 -0800
tree32fd67faf63d74362f35fb734b8d59a43023fcd9
parentfe2a27d9a92784e6ee3e3a3e18c1d89ab220f22f [diff] [blame]
Replace Entropy with RAND_bytes

/dev/urandom is not an approved random number generator
for NIAP certification. Changing to use BoringSSL's
RAND_bytes(), which is approved.

Bug: 121272336
Test: Ran Keystore CTS tests against Walleye
Change-Id: I579d140ef56c90b477b0d8989e3b02375681aee8

diff --git a/keystore/KeyStore.cpp b/keystore/KeyStore.cpp
index ac3ab5f..6e8a4b2 100644
--- a/keystore/KeyStore.cpp
+++ b/keystore/KeyStore.cpp

@@ -49,10 +49,9 @@
 
 using android::String8;
 
-KeyStore::KeyStore(Entropy* entropy, const KeymasterDevices& kmDevices,
+KeyStore::KeyStore(const KeymasterDevices& kmDevices,
                    SecurityLevel minimalAllowedSecurityLevelForNewKeys)
-    : mEntropy(entropy),
-      mAllowNewFallback(minimalAllowedSecurityLevelForNewKeys == SecurityLevel::SOFTWARE),
+    : mAllowNewFallback(minimalAllowedSecurityLevelForNewKeys == SecurityLevel::SOFTWARE),
       mConfirmationManager(new ConfirmationManager(this)) {
     memset(&mMetaData, '\0', sizeof(mMetaData));
 
@@ -81,7 +80,7 @@
 
 ResponseCode KeyStore::initializeUser(const android::String8& pw, uid_t userId) {
     auto userState = mUserStateDB.getUserState(userId);
-    return userState->initialize(pw, mEntropy);
+    return userState->initialize(pw);
 }
 
 ResponseCode KeyStore::copyMasterKey(uid_t srcUser, uid_t dstUser) {
@@ -92,12 +91,12 @@
 
 ResponseCode KeyStore::writeMasterKey(const android::String8& pw, uid_t userId) {
     auto userState = mUserStateDB.getUserState(userId);
-    return userState->writeMasterKey(pw, mEntropy);
+    return userState->writeMasterKey(pw);
 }
 
 ResponseCode KeyStore::readMasterKey(const android::String8& pw, uid_t userId) {
     auto userState = mUserStateDB.getUserState(userId);
-    return userState->readMasterKey(pw, mEntropy);
+    return userState->readMasterKey(pw);
 }
 
 LockedKeyBlobEntry KeyStore::getLockedBlobEntryIfNotExists(const std::string& alias, uid_t uid) {
@@ -285,7 +284,7 @@
                            Blob characteristicsBlob) {
     auto userState = mUserStateDB.getUserStateByUid(blobfile->uid());
     return blobfile.writeBlobs(std::move(keyBlob), std::move(characteristicsBlob),
-                               userState->getEncryptionKey(), userState->getState(), mEntropy);
+                               userState->getEncryptionKey(), userState->getState());
 }
 
 ResponseCode KeyStore::del(const LockedKeyBlobEntry& blobfile) {