Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_security / 6a0ec2ca085254f8090980faad00fcda69e70747^! / . / keystore2 / src / crypto / lib.rs
commit6a0ec2ca085254f8090980faad00fcda69e70747[log] [tgz]
authorDavid Drysdale <drysdale@google.com>Tue Apr 19 08:11:18 2022 +0100
committerDavid Drysdale <drysdale@google.com>Tue Apr 19 11:25:26 2022 +0100
tree3def2b92aa40679425d59bb281a7f0781dfc7c0e
parent678a6f5af4182d3e9a0e02656f03c25077124585 [diff] [blame]
Drop ancient default salt value

A value for the salt is present in all code paths:

- All callers of `Password::derive_key` pass a `Some(..)` value for the
  salt.  Remove this `Some` everywhere and...
- Change the signature of `derive_key` to expect a `&[u8]` for `salt`
  rather than an `Option<&[u8]>`.
- `Password::derive_key` is the only caller of `generateKeyFromPassword`
  (via bindgen to C++-land), so...
- Make it clear that the C++ `generateKeyFromPassword()` function
  expects 16 bytes of `salt`.

Bug: 172121323
Test: compile, TreeHugger
Change-Id: I41966cce96b5371785680c13bacfc5f95969372a

diff --git a/keystore2/src/crypto/lib.rs b/keystore2/src/crypto/lib.rs
index 14bdf04..e925180 100644
--- a/keystore2/src/crypto/lib.rs
+++ b/keystore2/src/crypto/lib.rs

@@ -197,24 +197,16 @@
     /// Generate a key from the given password and salt.
     /// The salt must be exactly 16 bytes long.
     /// Two key sizes are accepted: 16 and 32 bytes.
-    pub fn derive_key(&self, salt: Option<&[u8]>, key_length: usize) -> Result<ZVec, Error> {
-        let pw = self.get_key();
-
-        let salt: *const u8 = match salt {
-            Some(s) => {
-                if s.len() != SALT_LENGTH {
-                    return Err(Error::InvalidSaltLength);
-                }
-                s.as_ptr()
-            }
-            None => std::ptr::null(),
-        };
-
+    pub fn derive_key(&self, salt: &[u8], key_length: usize) -> Result<ZVec, Error> {
+        if salt.len() != SALT_LENGTH {
+            return Err(Error::InvalidSaltLength);
+        }
         match key_length {
             AES_128_KEY_LENGTH | AES_256_KEY_LENGTH => {}
             _ => return Err(Error::InvalidKeyLength),
         }
 
+        let pw = self.get_key();
         let mut result = ZVec::new(key_length)?;
 
         unsafe {
@@ -223,7 +215,7 @@
                 result.len(),
                 pw.as_ptr() as *const std::os::raw::c_char,
                 pw.len(),
-                salt,
+                salt.as_ptr(),
             )
         };
 
@@ -541,9 +533,9 @@
     fn test_generate_key_from_password() {
         let mut key = vec![0; 16];
         let pw = vec![0; 16];
-        let mut salt = vec![0; 16];
+        let salt = vec![0; 16];
         unsafe {
-            generateKeyFromPassword(key.as_mut_ptr(), 16, pw.as_ptr(), 16, salt.as_mut_ptr());
+            generateKeyFromPassword(key.as_mut_ptr(), 16, pw.as_ptr(), 16, salt.as_ptr());
         }
         assert_ne!(key, vec![0; 16]);
     }