Activate HMAC sharing check. (6dad2b3a) · Commits · e / os / android_hardware_interfaces

keymaster/4.0/support/Keymaster.cpp

+13 −11

Original line number	Original line	Diff line number	Diff line
	@@ -156,16 +156,18 @@ static void computeHmac(const Keymaster::KeymasterSet& keymasters,
	for (auto& keymaster : keymasters) {		for (auto& keymaster : keymasters) {
	if (keymaster->halVersion().majorVersion < 4) continue;		if (keymaster->halVersion().majorVersion < 4) continue;
	LOG(DEBUG) << "Computing HMAC for " << *keymaster;		LOG(DEBUG) << "Computing HMAC for " << *keymaster;
	auto rc = keymaster->computeSharedHmac(params, [&](auto error, auto& curSharingCheck) {		auto rc = keymaster->computeSharedHmac(
			params, [&](ErrorCode error, const hidl_vec<uint8_t>& curSharingCheck) {
	CHECK(error == ErrorCode::OK)		CHECK(error == ErrorCode::OK)
	<< "Failed to get HMAC parameters from " << *keymaster << " error " << error;		<< "Failed to get HMAC parameters from " << *keymaster << " error " << error;
	if (firstKeymaster) {		if (firstKeymaster) {
	sharingCheck = curSharingCheck;		sharingCheck = curSharingCheck;
	firstKeymaster = false;		firstKeymaster = false;
	}		}
	// TODO: Validate that curSharingCheck == sharingCheck. b/77588764		CHECK(curSharingCheck == sharingCheck)
	// CHECK(curSharingCheck == sharingCheck) << "HMAC computation failed for " <<		<< "HMAC computation failed for " << *keymaster //
	// *keymaster;		<< " Expected: " << sharingCheck //
			<< " got: " << curSharingCheck;
	});		});
	CHECK(rc.isOk()) << "Failed to communicate with " << *keymaster		CHECK(rc.isOk()) << "Failed to communicate with " << *keymaster
	<< " error: " << rc.description();		<< " error: " << rc.description();