| 59c6af81b6b510dd991ab04b8d65f1bab966d0c8 |
|
01-Jun-2017 |
Janis Danisevskis <jdanis@google.com> |
Key class takes ownership of AuthorizationSets
The key object is constantly passed around together with the two
authorization sets, while the Key class has a field for the
combined authorizations sets. This is doubly awkward.
1. In the combined authorization list the information
about the level of enforcement is lost.
2. The combined authorization list takes up memory that is up to
the same size as the two separate authorization list which
have roughly the same life cycle. Also the allocation
of the additional memory can cause the constructor of Key
to fail (i.e., in the TEE environment) which gave rise to the
error [out] parameter to communicate the failure to the caller.
With this patch, the constructor of Key takes ownership of the
individual authorization lists. This preserves the information
about the enforcement levels (1). The AuthorizationSets can now
be passed around conveniently with the key it belongs to.
The memory for authorizations is no longer duplicated (2). And
the move semantic of the constructor guarantees that it can no
longer fail obviating the need for the error [out] parameter.
Additionally the Key class now keeps the original key blob around.
It also got a key_factory_ field allowing a key to be associated
with its factory. This is particularly useful for hybrid keymaster
implementation where keys can have different factories, depending
on their authorizations.
Test: VtsHalKeymasterV3_0TargetTest
Bug: 67358942
Change-Id: I1d235e16f9120b3d29ef4c71ff7a19d98700559f
/system/keymaster/km_openssl/attestation_utils.cpp
|