commit e489a0371ed8251bc80d0a0328767d568cb1da30
author Branden Archer <brarcher@google.com> Fri Dec 28 09:10:49 2018 -0800
committer Branden Archer <brarcher@google.com> Fri Jan 11 12:35:55 2019 -0800
tree e3fc13f5165f1e3f76b5e33bb719d2c10fe96433
parent f8feed620bd607427ded702cce91bb0eb749bc6a

Replace Entropy with RAND_bytes

/dev/urandom is not an approved random number generator
for NIAP certification. Changing to use BoringSSL's
RAND_bytes(), which is approved.

Bug: 121272336
Test: Ran Keystore CTS tests against Walleye, no new
      test failures observed.
Change-Id: I0fb87c955512074fa714c1986ce99063ab430470
Merged-In: I579d140ef56c90b477b0d8989e3b02375681aee8

keystore/KeyStore.cpp

diff --git a/keystore/KeyStore.cpp b/keystore/KeyStore.cpp
index f197d91..428b51e 100644
--- a/keystore/KeyStore.cpp
+++ b/keystore/KeyStore.cpp
@@ -63,9 +63,9 @@
     return (*const_cast<KeymasterDevices*>(this))[secLevel];
 }
 
-KeyStore::KeyStore(Entropy* entropy, const KeymasterDevices& kmDevices,
+KeyStore::KeyStore(const KeymasterDevices& kmDevices,
                    SecurityLevel minimalAllowedSecurityLevelForNewKeys)
-    : mEntropy(entropy), mKmDevices(kmDevices),
+    : mKmDevices(kmDevices),
       mAllowNewFallback(minimalAllowedSecurityLevelForNewKeys == SecurityLevel::SOFTWARE) {
     memset(&mMetaData, '\0', sizeof(mMetaData));
 }
@@ -89,7 +89,7 @@
 
 ResponseCode KeyStore::initializeUser(const android::String8& pw, uid_t userId) {
     UserState* userState = getUserState(userId);
-    return userState->initialize(pw, mEntropy);
+    return userState->initialize(pw);
 }
 
 ResponseCode KeyStore::copyMasterKey(uid_t srcUser, uid_t dstUser) {
@@ -100,12 +100,12 @@
 
 ResponseCode KeyStore::writeMasterKey(const android::String8& pw, uid_t userId) {
     UserState* userState = getUserState(userId);
-    return userState->writeMasterKey(pw, mEntropy);
+    return userState->writeMasterKey(pw);
 }
 
 ResponseCode KeyStore::readMasterKey(const android::String8& pw, uid_t userId) {
     UserState* userState = getUserState(userId);
-    return userState->readMasterKey(pw, mEntropy);
+    return userState->readMasterKey(pw);
 }
 
 /* Here is the encoding of keys. This is necessary in order to allow arbitrary
@@ -360,8 +360,7 @@
 
 ResponseCode KeyStore::put(const char* filename, Blob* keyBlob, uid_t userId) {
     UserState* userState = getUserState(userId);
-    return keyBlob->writeBlob(filename, userState->getEncryptionKey(), userState->getState(),
-                              mEntropy);
+    return keyBlob->writeBlob(filename, userState->getEncryptionKey(), userState->getState());
 }
 
 static NullOr<std::tuple<uid_t, std::string>> filename2UidAlias(const std::string& filename);