Keystore 2.0: Add safe crypto wrapper
* Adds safe wrappers for AES_gcm_decrypt and AES_gcm_encrypt.
* Adds AES256 key generation.
* Adds ZVec, a simple fixed size owned vector type that locks
the backing memory in place with mlock and zeroes the buffer
before freeing it.
Test: keystore2_test
Bug: 173545997
Change-Id: Id7e30d50b024da1fa8aa58a07cd9bb7a861f81f0
diff --git a/keystore2/src/crypto/crypto.hpp b/keystore2/src/crypto/crypto.hpp
index 9a9bb2e..2e597f1 100644
--- a/keystore2/src/crypto/crypto.hpp
+++ b/keystore2/src/crypto/crypto.hpp
@@ -22,6 +22,7 @@
#include <stddef.h>
extern "C" {
+ bool randomBytes(uint8_t* out, size_t len);
bool AES_gcm_encrypt(const uint8_t* in, uint8_t* out, size_t len,
const uint8_t* key, size_t key_size, const uint8_t* iv, uint8_t* tag);
bool AES_gcm_decrypt(const uint8_t* in, uint8_t* out, size_t len,
@@ -34,7 +35,7 @@
bool CreateKeyId(const uint8_t* key_blob, size_t len, km_id_t* out_id);
void generateKeyFromPassword(uint8_t* key, size_t key_len, const char* pw,
- size_t pw_len, uint8_t* salt);
+ size_t pw_len, const uint8_t* salt);
}
#endif // __CRYPTO_H__