Use pointers not references for out arguments
Google/Android C++ style requires that arguments passed in for writing
should be pointers, not references, so that it's visible in the caller
that they'll be written to.
Bug: 27566014
Change-Id: I5cd55906cc4b2f61c8b97b223786be0b3ce28862
diff --git a/Ext4Crypt.cpp b/Ext4Crypt.cpp
index 98cb05e..0ade48d 100644
--- a/Ext4Crypt.cpp
+++ b/Ext4Crypt.cpp
@@ -127,18 +127,18 @@
return std::string((char*)key_ref2, EXT4_KEY_DESCRIPTOR_SIZE);
}
-static bool fill_key(const std::string& key, ext4_encryption_key& ext4_key)
+static bool fill_key(const std::string& key, ext4_encryption_key* ext4_key)
{
if (key.size() != EXT4_AES_256_XTS_KEY_SIZE) {
LOG(ERROR) << "Wrong size key " << key.size();
return false;
}
- static_assert(EXT4_AES_256_XTS_KEY_SIZE <= sizeof(ext4_key.raw),
+ static_assert(EXT4_AES_256_XTS_KEY_SIZE <= sizeof(ext4_key->raw),
"Key too long!");
- ext4_key.mode = EXT4_ENCRYPTION_MODE_AES_256_XTS;
- ext4_key.size = key.size();
- memset(ext4_key.raw, 0, sizeof(ext4_key.raw));
- memcpy(ext4_key.raw, key.data(), key.size());
+ ext4_key->mode = EXT4_ENCRYPTION_MODE_AES_256_XTS;
+ ext4_key->size = key.size();
+ memset(ext4_key->raw, 0, sizeof(ext4_key->raw));
+ memcpy(ext4_key->raw, key.data(), key.size());
return true;
}
@@ -153,10 +153,10 @@
}
// Get the keyring we store all keys in
-static bool e4crypt_keyring(key_serial_t& device_keyring)
+static bool e4crypt_keyring(key_serial_t* device_keyring)
{
- device_keyring = keyctl_search(KEY_SPEC_SESSION_KEYRING, "keyring", "e4crypt", 0);
- if (device_keyring == -1) {
+ *device_keyring = keyctl_search(KEY_SPEC_SESSION_KEYRING, "keyring", "e4crypt", 0);
+ if (*device_keyring == -1) {
PLOG(ERROR) << "Unable to find device keyring";
return false;
}
@@ -165,14 +165,14 @@
// Install password into global keyring
// Return raw key reference for use in policy
-static bool install_key(const std::string &key, std::string &raw_ref)
+static bool install_key(const std::string &key, std::string *raw_ref)
{
ext4_encryption_key ext4_key;
- if (!fill_key(key, ext4_key)) return false;
- raw_ref = generate_key_ref(ext4_key.raw, ext4_key.size);
- auto ref = keyname(raw_ref);
+ if (!fill_key(key, &ext4_key)) return false;
+ *raw_ref = generate_key_ref(ext4_key.raw, ext4_key.size);
+ auto ref = keyname(*raw_ref);
key_serial_t device_keyring;
- if (!e4crypt_keyring(device_keyring)) return false;
+ if (!e4crypt_keyring(&device_keyring)) return false;
key_serial_t key_id = add_key("logon", ref.c_str(),
(void*)&ext4_key, sizeof(ext4_key),
device_keyring);
@@ -198,9 +198,9 @@
if (s_ce_key_raw_refs.count(user_id) != 0) return true;
const auto ce_key_path = get_ce_key_path(user_id);
std::string ce_key;
- if (!android::vold::retrieveKey(ce_key_path, auth, ce_key)) return false;
+ if (!android::vold::retrieveKey(ce_key_path, auth, &ce_key)) return false;
std::string ce_raw_ref;
- if (!install_key(ce_key, ce_raw_ref)) return false;
+ if (!install_key(ce_key, &ce_raw_ref)) return false;
s_ce_keys[user_id] = ce_key;
s_ce_key_raw_refs[user_id] = ce_raw_ref;
LOG(DEBUG) << "Installed ce key for user " << user_id;
@@ -216,8 +216,8 @@
return true;
}
-static bool random_key(std::string &key) {
- if (android::vold::ReadRandomBytes(EXT4_AES_256_XTS_KEY_SIZE, key) != 0) {
+static bool random_key(std::string *key) {
+ if (android::vold::ReadRandomBytes(EXT4_AES_256_XTS_KEY_SIZE, *key) != 0) {
// TODO status_t plays badly with PLOG, fix it.
LOG(ERROR) << "Random read failed";
return false;
@@ -251,8 +251,8 @@
static bool create_and_install_user_keys(userid_t user_id, bool create_ephemeral) {
std::string de_key, ce_key;
- if (!random_key(de_key)) return false;
- if (!random_key(ce_key)) return false;
+ if (!random_key(&de_key)) return false;
+ if (!random_key(&ce_key)) return false;
if (create_ephemeral) {
// If the key should be created as ephemeral, don't store it.
s_ephemeral_users.insert(user_id);
@@ -265,10 +265,10 @@
kEmptyAuthentication, ce_key)) return false;
}
std::string de_raw_ref;
- if (!install_key(de_key, de_raw_ref)) return false;
+ if (!install_key(de_key, &de_raw_ref)) return false;
s_de_key_raw_refs[user_id] = de_raw_ref;
std::string ce_raw_ref;
- if (!install_key(ce_key, ce_raw_ref)) return false;
+ if (!install_key(ce_key, &ce_raw_ref)) return false;
s_ce_keys[user_id] = ce_key;
s_ce_key_raw_refs[user_id] = ce_raw_ref;
LOG(DEBUG) << "Created keys for user " << user_id;
@@ -276,13 +276,13 @@
}
static bool lookup_key_ref(const std::map<userid_t, std::string> &key_map,
- userid_t user_id, std::string &raw_ref) {
+ userid_t user_id, std::string *raw_ref) {
auto refi = key_map.find(user_id);
if (refi == key_map.end()) {
LOG(ERROR) << "Cannot find key for " << user_id;
return false;
}
- raw_ref = refi->second;
+ *raw_ref = refi->second;
return true;
}
@@ -327,9 +327,9 @@
if (s_de_key_raw_refs.count(user_id) == 0) {
auto key_path = de_dir + "/" + entry->d_name;
std::string key;
- if (!android::vold::retrieveKey(key_path, kEmptyAuthentication, key)) return false;
+ if (!android::vold::retrieveKey(key_path, kEmptyAuthentication, &key)) return false;
std::string raw_ref;
- if (!install_key(key, raw_ref)) return false;
+ if (!install_key(key, &raw_ref)) return false;
s_de_key_raw_refs[user_id] = raw_ref;
LOG(DEBUG) << "Installed de key for user " << user_id;
}
@@ -351,16 +351,16 @@
std::string device_key;
if (path_exists(device_key_path)) {
if (!android::vold::retrieveKey(device_key_path,
- kEmptyAuthentication, device_key)) return false;
+ kEmptyAuthentication, &device_key)) return false;
} else {
LOG(INFO) << "Creating new key";
- if (!random_key(device_key)) return false;
+ if (!random_key(&device_key)) return false;
if (!store_key(device_key_path, device_key_temp,
kEmptyAuthentication, device_key)) return false;
}
std::string device_key_ref;
- if (!install_key(device_key, device_key_ref)) {
+ if (!install_key(device_key, &device_key_ref)) {
LOG(ERROR) << "Failed to install device key";
return false;
}
@@ -434,7 +434,7 @@
static bool evict_key(const std::string &raw_ref) {
auto ref = keyname(raw_ref);
key_serial_t device_keyring;
- if (!e4crypt_keyring(device_keyring)) return false;
+ if (!e4crypt_keyring(&device_keyring)) return false;
auto key_serial = keyctl_search(device_keyring, "logon", ref.c_str(), 0);
if (keyctl_revoke(key_serial) != 0) {
PLOG(ERROR) << "Failed to revoke key with serial " << key_serial << " ref " << ref;
@@ -452,9 +452,9 @@
bool success = true;
s_ce_keys.erase(user_id);
std::string raw_ref;
- success &= lookup_key_ref(s_ce_key_raw_refs, user_id, raw_ref) && evict_key(raw_ref);
+ success &= lookup_key_ref(s_ce_key_raw_refs, user_id, &raw_ref) && evict_key(raw_ref);
s_ce_key_raw_refs.erase(user_id);
- success &= lookup_key_ref(s_de_key_raw_refs, user_id, raw_ref) && evict_key(raw_ref);
+ success &= lookup_key_ref(s_de_key_raw_refs, user_id, &raw_ref) && evict_key(raw_ref);
s_de_key_raw_refs.erase(user_id);
auto it = s_ephemeral_users.find(user_id);
if (it != s_ephemeral_users.end()) {
@@ -496,12 +496,12 @@
return true;
}
-static bool parse_hex(const char *hex, std::string &result) {
+static bool parse_hex(const char *hex, std::string *result) {
if (strcmp("!", hex) == 0) {
- result = "";
+ *result = "";
return true;
}
- if (android::vold::HexToStr(hex, result) != 0) {
+ if (android::vold::HexToStr(hex, *result) != 0) {
LOG(ERROR) << "Invalid FBE hex string"; // Don't log the string for security reasons
return false;
}
@@ -515,9 +515,9 @@
if (!e4crypt_is_native()) return true;
if (s_ephemeral_users.count(user_id) != 0) return true;
std::string token, old_secret, new_secret;
- if (!parse_hex(token_hex, token)) return false;
- if (!parse_hex(old_secret_hex, old_secret)) return false;
- if (!parse_hex(new_secret_hex, new_secret)) return false;
+ if (!parse_hex(token_hex, &token)) return false;
+ if (!parse_hex(old_secret_hex, &old_secret)) return false;
+ if (!parse_hex(new_secret_hex, &new_secret)) return false;
auto old_auth = old_secret.empty()
? kEmptyAuthentication
: android::vold::KeyAuthentication(token, old_secret);
@@ -532,7 +532,7 @@
auto ce_key = it->second;
auto ce_key_path = get_ce_key_path(user_id);
std::string trial_key;
- if (!android::vold::retrieveKey(ce_key_path, old_auth, trial_key)) {
+ if (!android::vold::retrieveKey(ce_key_path, old_auth, &trial_key)) {
LOG(WARNING) << "change_user_key wasn't given enough info to reconstruct the key";
} else if (ce_key != trial_key) {
LOG(WARNING) << "Reconstructed key != stored key";
@@ -553,8 +553,8 @@
return true;
}
std::string token, secret;
- if (!parse_hex(token_hex, token)) return false;
- if (!parse_hex(secret_hex, secret)) return false;
+ if (!parse_hex(token_hex, &token)) return false;
+ if (!parse_hex(secret_hex, &secret)) return false;
android::vold::KeyAuthentication auth(token, secret);
if (!read_and_install_user_ce_key(user_id, auth)) {
LOG(ERROR) << "Couldn't read key for " << user_id;
@@ -621,7 +621,7 @@
if (e4crypt_is_native()) {
std::string de_raw_ref;
- if (!lookup_key_ref(s_de_key_raw_refs, user_id, de_raw_ref)) return false;
+ if (!lookup_key_ref(s_de_key_raw_refs, user_id, &de_raw_ref)) return false;
if (!ensure_policy(de_raw_ref, system_de_path)) return false;
if (!ensure_policy(de_raw_ref, misc_de_path)) return false;
if (!ensure_policy(de_raw_ref, user_de_path)) return false;
@@ -643,7 +643,7 @@
if (e4crypt_is_native()) {
std::string ce_raw_ref;
- if (!lookup_key_ref(s_ce_key_raw_refs, user_id, ce_raw_ref)) return false;
+ if (!lookup_key_ref(s_ce_key_raw_refs, user_id, &ce_raw_ref)) return false;
if (!ensure_policy(ce_raw_ref, system_ce_path)) return false;
if (!ensure_policy(ce_raw_ref, misc_ce_path)) return false;
if (!ensure_policy(ce_raw_ref, media_ce_path)) return false;
diff --git a/KeyStorage.cpp b/KeyStorage.cpp
index 0cd0548..429411d 100644
--- a/KeyStorage.cpp
+++ b/KeyStorage.cpp
@@ -97,13 +97,13 @@
static bool generateKeymasterKey(Keymaster &keymaster,
const KeyAuthentication &auth, const std::string &appId,
- std::string &key) {
+ std::string *key) {
auto paramBuilder = keymaster::AuthorizationSetBuilder()
.AesEncryptionKey(AES_KEY_BYTES * 8)
.Authorization(keymaster::TAG_BLOCK_MODE, KM_MODE_GCM)
.Authorization(keymaster::TAG_MIN_MAC_LENGTH, GCM_MAC_BYTES * 8)
.Authorization(keymaster::TAG_PADDING, KM_PAD_NONE);
- addStringParam(paramBuilder, keymaster::TAG_APPLICATION_ID, appId);
+ addStringParam(¶mBuilder, keymaster::TAG_APPLICATION_ID, appId);
if (auth.token.empty()) {
LOG(DEBUG) << "Creating key that doesn't need auth token";
paramBuilder.Authorization(keymaster::TAG_NO_AUTH_REQUIRED);
@@ -128,10 +128,10 @@
.Authorization(keymaster::TAG_BLOCK_MODE, KM_MODE_GCM)
.Authorization(keymaster::TAG_MAC_LENGTH, GCM_MAC_BYTES * 8)
.Authorization(keymaster::TAG_PADDING, KM_PAD_NONE);
- addStringParam(paramBuilder, keymaster::TAG_APPLICATION_ID, appId);
+ addStringParam(¶mBuilder, keymaster::TAG_APPLICATION_ID, appId);
if (!auth.token.empty()) {
LOG(DEBUG) << "Supplying auth token to Keymaster";
- addStringParam(paramBuilder, keymaster::TAG_AUTH_TOKEN, auth.token);
+ addStringParam(¶mBuilder, keymaster::TAG_AUTH_TOKEN, auth.token);
}
return paramBuilder;
}
@@ -142,10 +142,10 @@
const KeyAuthentication &auth,
const std::string &appId,
const std::string &message,
- std::string &ciphertext) {
+ std::string *ciphertext) {
auto params = beginParams(auth, appId).build();
keymaster::AuthorizationSet outParams;
- auto opHandle = keymaster.begin(KM_PURPOSE_ENCRYPT, key, params, outParams);
+ auto opHandle = keymaster.begin(KM_PURPOSE_ENCRYPT, key, params, &outParams);
if (!opHandle) return false;
keymaster_blob_t nonceBlob;
if (!outParams.GetTagValue(keymaster::TAG_NONCE, &nonceBlob)) {
@@ -156,12 +156,12 @@
std::string nonce(reinterpret_cast<const char *>(nonceBlob.data), nonceBlob.data_length);
if (!checkSize("nonce", nonce.size(), GCM_NONCE_BYTES)) return false;
std::string body;
- if (!opHandle.updateCompletely(message, body)) return false;
+ if (!opHandle.updateCompletely(message, &body)) return false;
std::string mac;
- if (!opHandle.finishWithOutput(mac)) return false;
+ if (!opHandle.finishWithOutput(&mac)) return false;
if (!checkSize("mac", mac.size(), GCM_MAC_BYTES)) return false;
- ciphertext = nonce + body + mac;
+ *ciphertext = nonce + body + mac;
return true;
}
@@ -171,7 +171,7 @@
const KeyAuthentication &auth,
const std::string &appId,
const std::string &ciphertext,
- std::string &message) {
+ std::string *message) {
auto nonce = ciphertext.substr(0, GCM_NONCE_BYTES);
auto bodyAndMac = ciphertext.substr(GCM_NONCE_BYTES);
auto params = addStringParam(beginParams(auth, appId), keymaster::TAG_NONCE, nonce).build();
@@ -182,8 +182,8 @@
return true;
}
-static bool readFileToString(const std::string &filename, std::string &result) {
- if (!android::base::ReadFileToString(filename, &result)) {
+static bool readFileToString(const std::string &filename, std::string *result) {
+ if (!android::base::ReadFileToString(filename, result)) {
PLOG(ERROR) << "Failed to read from " << filename;
return false;
}
@@ -210,15 +210,15 @@
}
static bool stretchSecret(const std::string &stretching, const std::string &secret,
- const std::string &salt, std::string &stretched) {
+ const std::string &salt, std::string *stretched) {
if (stretching == kStretch_nopassword) {
if (!secret.empty()) {
LOG(WARNING) << "Password present but stretching is nopassword";
// Continue anyway
}
- stretched.clear();
+ stretched->clear();
} else if (stretching == kStretch_none) {
- stretched = secret;
+ *stretched = secret;
} else if (std::equal(kStretchPrefix_scrypt.begin(),
kStretchPrefix_scrypt.end(), stretching.begin())) {
int Nf, rf, pf;
@@ -227,12 +227,12 @@
LOG(ERROR) << "Unable to parse scrypt params in stretching: " << stretching;
return false;
}
- stretched.assign(STRETCHED_BYTES, '\0');
+ stretched->assign(STRETCHED_BYTES, '\0');
if (crypto_scrypt(
reinterpret_cast<const uint8_t *>(secret.data()), secret.size(),
reinterpret_cast<const uint8_t *>(salt.data()), salt.size(),
1 << Nf, 1 << rf, 1 << pf,
- reinterpret_cast<uint8_t *>(&stretched[0]), stretched.size()) != 0) {
+ reinterpret_cast<uint8_t *>(&(*stretched)[0]), stretched->size()) != 0) {
LOG(ERROR) << "scrypt failed with params: " << stretching;
return false;
}
@@ -245,10 +245,10 @@
static bool generateAppId(const KeyAuthentication &auth, const std::string &stretching,
const std::string &salt, const std::string &secdiscardable,
- std::string& result) {
+ std::string* appId) {
std::string stretched;
- if (!stretchSecret(stretching, auth.secret, salt, stretched)) return false;
- result = hashSecdiscardable(secdiscardable) + stretched;
+ if (!stretchSecret(stretching, auth.secret, salt, &stretched)) return false;
+ *appId = hashSecdiscardable(secdiscardable) + stretched;
return true;
}
@@ -276,39 +276,39 @@
if (!writeStringToFile(salt, dir + "/" + kFn_salt)) return false;
}
std::string appId;
- if (!generateAppId(auth, stretching, salt, secdiscardable, appId)) return false;
+ if (!generateAppId(auth, stretching, salt, secdiscardable, &appId)) return false;
Keymaster keymaster;
if (!keymaster) return false;
std::string kmKey;
- if (!generateKeymasterKey(keymaster, auth, appId, kmKey)) return false;
+ if (!generateKeymasterKey(keymaster, auth, appId, &kmKey)) return false;
if (!writeStringToFile(kmKey, dir + "/" + kFn_keymaster_key_blob)) return false;
std::string encryptedKey;
- if (!encryptWithKeymasterKey(keymaster, kmKey, auth, appId, key, encryptedKey)) return false;
+ if (!encryptWithKeymasterKey(keymaster, kmKey, auth, appId, key, &encryptedKey)) return false;
if (!writeStringToFile(encryptedKey, dir + "/" + kFn_encrypted_key)) return false;
return true;
}
-bool retrieveKey(const std::string &dir, const KeyAuthentication &auth, std::string &key) {
+bool retrieveKey(const std::string &dir, const KeyAuthentication &auth, std::string *key) {
std::string version;
- if (!readFileToString(dir + "/" + kFn_version, version)) return false;
+ if (!readFileToString(dir + "/" + kFn_version, &version)) return false;
if (version != kCurrentVersion) {
LOG(ERROR) << "Version mismatch, expected " << kCurrentVersion << " got " << version;
return false;
}
std::string secdiscardable;
- if (!readFileToString(dir + "/" + kFn_secdiscardable, secdiscardable)) return false;
+ if (!readFileToString(dir + "/" + kFn_secdiscardable, &secdiscardable)) return false;
std::string stretching;
- if (!readFileToString(dir + "/" + kFn_stretching, stretching)) return false;
+ if (!readFileToString(dir + "/" + kFn_stretching, &stretching)) return false;
std::string salt;
if (stretchingNeedsSalt(stretching)) {
- if (!readFileToString(dir + "/" + kFn_salt, salt)) return false;
+ if (!readFileToString(dir + "/" + kFn_salt, &salt)) return false;
}
std::string appId;
- if (!generateAppId(auth, stretching, salt, secdiscardable, appId)) return false;
+ if (!generateAppId(auth, stretching, salt, secdiscardable, &appId)) return false;
std::string kmKey;
- if (!readFileToString(dir + "/" + kFn_keymaster_key_blob, kmKey)) return false;
+ if (!readFileToString(dir + "/" + kFn_keymaster_key_blob, &kmKey)) return false;
std::string encryptedMessage;
- if (!readFileToString(dir + "/" + kFn_encrypted_key, encryptedMessage)) return false;
+ if (!readFileToString(dir + "/" + kFn_encrypted_key, &encryptedMessage)) return false;
Keymaster keymaster;
if (!keymaster) return false;
return decryptWithKeymasterKey(keymaster, kmKey, auth, appId, encryptedMessage, key);
@@ -316,7 +316,7 @@
static bool deleteKey(const std::string &dir) {
std::string kmKey;
- if (!readFileToString(dir + "/" + kFn_keymaster_key_blob, kmKey)) return false;
+ if (!readFileToString(dir + "/" + kFn_keymaster_key_blob, &kmKey)) return false;
Keymaster keymaster;
if (!keymaster) return false;
if (!keymaster.deleteKey(kmKey)) return false;
diff --git a/KeyStorage.h b/KeyStorage.h
index 54c3b2c..6daf1d2 100644
--- a/KeyStorage.h
+++ b/KeyStorage.h
@@ -42,7 +42,7 @@
bool storeKey(const std::string &dir, const KeyAuthentication &auth, const std::string &key);
// Retrieve the key from the named directory.
-bool retrieveKey(const std::string &dir, const KeyAuthentication &auth, std::string &key);
+bool retrieveKey(const std::string &dir, const KeyAuthentication &auth, std::string *key);
// Securely destroy the key stored in the named directory and delete the directory.
bool destroyKey(const std::string &dir);
diff --git a/Keymaster.cpp b/Keymaster.cpp
index b3ece19..849ccf7 100644
--- a/Keymaster.cpp
+++ b/Keymaster.cpp
@@ -23,8 +23,8 @@
bool KeymasterOperation::updateCompletely(
const std::string &input,
- std::string &output) {
- output.clear();
+ std::string *output) {
+ output->clear();
auto it = input.begin();
while (it != input.end()) {
size_t toRead = static_cast<size_t>(input.end() - it);
@@ -38,7 +38,7 @@
mDevice = nullptr;
return false;
}
- output.append(reinterpret_cast<const char *>(outputBlob.data), outputBlob.data_length);
+ output->append(reinterpret_cast<const char *>(outputBlob.data), outputBlob.data_length);
free(const_cast<uint8_t *>(outputBlob.data));
if (inputConsumed > toRead) {
LOG(ERROR) << "update reported too much input consumed";
@@ -61,7 +61,7 @@
return true;
}
-bool KeymasterOperation::finishWithOutput(std::string &output) {
+bool KeymasterOperation::finishWithOutput(std::string *output) {
keymaster_blob_t outputBlob;
auto error = mDevice->finish(mDevice, mOpHandle,
nullptr, nullptr, nullptr, &outputBlob);
@@ -70,7 +70,7 @@
LOG(ERROR) << "finish failed, code " << error;
return false;
}
- output.assign(reinterpret_cast<const char *>(outputBlob.data), outputBlob.data_length);
+ output->assign(reinterpret_cast<const char *>(outputBlob.data), outputBlob.data_length);
free(const_cast<uint8_t *>(outputBlob.data));
return true;
}
@@ -98,14 +98,14 @@
bool Keymaster::generateKey(
const keymaster::AuthorizationSet &inParams,
- std::string &key) {
+ std::string *key) {
keymaster_key_blob_t keyBlob;
auto error = mDevice->generate_key(mDevice, &inParams, &keyBlob, nullptr);
if (error != KM_ERROR_OK) {
LOG(ERROR) << "generate_key failed, code " << error;
return false;
}
- key.assign(reinterpret_cast<const char *>(keyBlob.key_material), keyBlob.key_material_size);
+ key->assign(reinterpret_cast<const char *>(keyBlob.key_material), keyBlob.key_material_size);
free(const_cast<uint8_t *>(keyBlob.key_material));
return true;
}
@@ -125,7 +125,7 @@
keymaster_purpose_t purpose,
const std::string &key,
const keymaster::AuthorizationSet &inParams,
- keymaster::AuthorizationSet &outParams) {
+ keymaster::AuthorizationSet *outParams) {
keymaster_key_blob_t keyBlob { reinterpret_cast<const uint8_t *>(key.data()), key.size() };
keymaster_operation_handle_t mOpHandle;
keymaster_key_param_set_t outParams_set;
@@ -135,8 +135,8 @@
LOG(ERROR) << "begin failed, code " << error;
return KeymasterOperation(nullptr, mOpHandle);
}
- outParams.Clear();
- outParams.push_back(outParams_set);
+ outParams->Clear();
+ outParams->push_back(outParams_set);
keymaster_free_param_set(&outParams_set);
return KeymasterOperation(mDevice, mOpHandle);
}
diff --git a/Keymaster.h b/Keymaster.h
index a4deddf..dd20ef9 100644
--- a/Keymaster.h
+++ b/Keymaster.h
@@ -45,11 +45,11 @@
explicit operator bool() {return mDevice != nullptr;}
// Call "update" repeatedly until all of the input is consumed, and
// concatenate the output. Return true on success.
- bool updateCompletely(const std::string &input, std::string &output);
+ bool updateCompletely(const std::string &input, std::string *output);
// Finish; pass nullptr for the "output" param.
bool finish();
// Finish and write the output to this string.
- bool finishWithOutput(std::string &output);
+ bool finishWithOutput(std::string *output);
// Move constructor
KeymasterOperation(KeymasterOperation&& rhs) {
mOpHandle = rhs.mOpHandle;
@@ -74,7 +74,7 @@
// false if we failed to open the keymaster device.
explicit operator bool() {return mDevice != nullptr;}
// Generate a key in the keymaster from the given params.
- bool generateKey(const AuthorizationSet &inParams, std::string &key);
+ bool generateKey(const AuthorizationSet &inParams, std::string *key);
// If the keymaster supports it, permanently delete a key.
bool deleteKey(const std::string &key);
// Begin a new cryptographic operation, collecting output parameters.
@@ -82,7 +82,7 @@
keymaster_purpose_t purpose,
const std::string &key,
const AuthorizationSet &inParams,
- AuthorizationSet &outParams);
+ AuthorizationSet *outParams);
// Begin a new cryptographic operation; don't collect output parameters.
KeymasterOperation begin(
keymaster_purpose_t purpose,
@@ -100,9 +100,9 @@
}
template <keymaster_tag_t Tag>
-inline void addStringParam(AuthorizationSetBuilder ¶ms,
+inline void addStringParam(AuthorizationSetBuilder *params,
TypedTag<KM_BYTES, Tag> tag, const std::string& val) {
- params.Authorization(tag, val.data(), val.size());
+ params->Authorization(tag, val.data(), val.size());
}
} // namespace vold