biod: Use SecureVector instead of SecureBlob
SecureVector is replacing SecureBlob. See
https://chromium.googlesource.com/chromiumos/platform2/+/1627fe7ab50258c3cf2fdf72a459273826254214/libbrillo/brillo/secure_blob.h#23
BUG=none
TEST=FEATURES="test" emerge-hatch biod
Change-Id: Ia7703186bbeadd6de8862a110a6905d95e040cf6
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform2/+/2391678
Tested-by: Tom Hughes <tomhughes@chromium.org>
Commit-Queue: Tom Hughes <tomhughes@chromium.org>
Reviewed-by: Yicheng Li <yichengli@chromium.org>
diff --git a/biod/biod_crypto.cc b/biod/biod_crypto.cc
index b896d17..6d69b3c 100644
--- a/biod/biod_crypto.cc
+++ b/biod/biod_crypto.cc
@@ -12,7 +12,7 @@
namespace biod {
-bool BiodCrypto::ComputeValidationValue(const brillo::SecureBlob& secret,
+bool BiodCrypto::ComputeValidationValue(const brillo::SecureVector& secret,
const std::string& user_id,
std::vector<uint8_t>* out) {
std::vector<uint8_t> user_id_bytes;
diff --git a/biod/biod_crypto.h b/biod/biod_crypto.h
index 3a3770a..3e9e835 100644
--- a/biod/biod_crypto.h
+++ b/biod/biod_crypto.h
@@ -14,7 +14,7 @@
class BiodCrypto {
public:
- static bool ComputeValidationValue(const brillo::SecureBlob& secret,
+ static bool ComputeValidationValue(const brillo::SecureVector& secret,
const std::string& user_id,
std::vector<uint8_t>* out);
};
diff --git a/biod/biod_crypto_test.cc b/biod/biod_crypto_test.cc
index 757d98e..57540ea 100644
--- a/biod/biod_crypto_test.cc
+++ b/biod/biod_crypto_test.cc
@@ -17,18 +17,17 @@
using crypto_test_data::kUserID;
TEST(BiodCryptoTest, ComputeValidationValue) {
- brillo::SecureBlob secret(kFakePositiveMatchSecret1);
std::vector<uint8_t> result;
- EXPECT_TRUE(BiodCrypto::ComputeValidationValue(secret, kUserID, &result));
+ EXPECT_TRUE(BiodCrypto::ComputeValidationValue(kFakePositiveMatchSecret1,
+ kUserID, &result));
EXPECT_EQ(result, kFakeValidationValue1);
}
TEST(BiodCryptoTest, ComputeValidationValue_InvalidUserId) {
- brillo::SecureBlob secret(kFakePositiveMatchSecret1);
std::string invalid_user_id = "nothex";
std::vector<uint8_t> result;
- EXPECT_FALSE(
- BiodCrypto::ComputeValidationValue(secret, invalid_user_id, &result));
+ EXPECT_FALSE(BiodCrypto::ComputeValidationValue(kFakePositiveMatchSecret1,
+ invalid_user_id, &result));
EXPECT_TRUE(result.empty());
}
diff --git a/biod/biod_crypto_test_data.h b/biod/biod_crypto_test_data.h
index 6cdb036..990f197 100644
--- a/biod/biod_crypto_test_data.h
+++ b/biod/biod_crypto_test_data.h
@@ -8,13 +8,15 @@
#include <cstdint>
#include <vector>
+#include <brillo/secure_blob.h>
+
namespace biod {
namespace crypto_test_data {
static constexpr char kUserID[] = "0123456789";
-static const std::vector<uint8_t> kFakePositiveMatchSecret1 = {0x00, 0x01,
+static const brillo::SecureVector kFakePositiveMatchSecret1 = {0x00, 0x01,
0x02};
-static const std::vector<uint8_t> kFakePositiveMatchSecret2 = {0xcc, 0xdd, 0xee,
+static const brillo::SecureVector kFakePositiveMatchSecret2 = {0xcc, 0xdd, 0xee,
0xff};
// Validation value corresponding to kFakePositiveMatchSecret1 and kUserID.
static const std::vector<uint8_t> kFakeValidationValue1 = {
diff --git a/biod/biod_crypto_validation_value_fuzzer.cc b/biod/biod_crypto_validation_value_fuzzer.cc
index 1284d21..f313949 100644
--- a/biod/biod_crypto_validation_value_fuzzer.cc
+++ b/biod/biod_crypto_validation_value_fuzzer.cc
@@ -22,7 +22,7 @@
FuzzedDataProvider data_provider(data, size);
std::string user_id = data_provider.ConsumeRandomLengthString(size);
- brillo::SecureBlob secret(data_provider.ConsumeRemainingBytes<uint8_t>());
+ brillo::SecureVector secret(data_provider.ConsumeRemainingBytes<uint8_t>());
biod::BiodCrypto::ComputeValidationValue(secret, user_id, &result);
diff --git a/biod/cros_fp_biometrics_manager.cc b/biod/cros_fp_biometrics_manager.cc
index 1e20284..a635dcb 100644
--- a/biod/cros_fp_biometrics_manager.cc
+++ b/biod/cros_fp_biometrics_manager.cc
@@ -501,7 +501,7 @@
}
if (use_positive_match_secret_) {
- brillo::SecureBlob secret(FP_POSITIVE_MATCH_SECRET_BYTES);
+ brillo::SecureVector secret(FP_POSITIVE_MATCH_SECRET_BYTES);
if (!cros_dev_->GetPositiveMatchSecret(CrosFpDevice::kLastTemplate,
&secret)) {
LOG(ERROR) << "Failed to get positive match secret.";
@@ -556,7 +556,7 @@
}
bool CrosFpBiometricsManager::ValidationValueIsCorrect(uint32_t match_idx) {
- brillo::SecureBlob secret(FP_POSITIVE_MATCH_SECRET_BYTES);
+ brillo::SecureVector secret(FP_POSITIVE_MATCH_SECRET_BYTES);
bool read_secret_success =
cros_dev_->GetPositiveMatchSecret(match_idx, &secret);
biod_metrics_->SendReadPositiveMatchSecretSuccess(read_secret_success);
@@ -610,7 +610,7 @@
CrosFpBiometricsManager::MigrationStatus
CrosFpBiometricsManager::MigrateToValidationValue(int match_idx) {
- brillo::SecureBlob secret(FP_POSITIVE_MATCH_SECRET_BYTES);
+ brillo::SecureVector secret(FP_POSITIVE_MATCH_SECRET_BYTES);
if (!cros_dev_->GetPositiveMatchSecret(match_idx, &secret)) {
LOG(ERROR) << "In migration to validation value: failed to read positive "
"match secret on match for finger "
diff --git a/biod/cros_fp_biometrics_manager_test.cc b/biod/cros_fp_biometrics_manager_test.cc
index 7edde0c..36939b1 100644
--- a/biod/cros_fp_biometrics_manager_test.cc
+++ b/biod/cros_fp_biometrics_manager_test.cc
@@ -49,7 +49,8 @@
}
bool GetDirtyMap(std::bitset<32>* bitmap) override { return false; }
bool SupportsPositiveMatchSecret() override { return true; }
- bool GetPositiveMatchSecret(int index, brillo::SecureBlob* secret) override {
+ bool GetPositiveMatchSecret(int index,
+ brillo::SecureVector* secret) override {
if (positive_match_secret_.empty())
return false;
secret->resize(FP_POSITIVE_MATCH_SECRET_BYTES);
@@ -77,7 +78,7 @@
private:
friend class CrosFpBiometricsManagerPeer;
- std::vector<uint8_t> positive_match_secret_;
+ brillo::SecureVector positive_match_secret_;
};
@@ -114,7 +115,7 @@
// Methods to access or modify the fake device.
- void SetDevicePositiveMatchSecret(const std::vector<uint8_t>& new_secret) {
+ void SetDevicePositiveMatchSecret(const brillo::SecureVector& new_secret) {
fake_cros_dev_->positive_match_secret_ = new_secret;
}
@@ -149,11 +150,10 @@
// Methods to execute CrosFpBiometricsManager private methods.
- bool ComputeValidationValue(const std::vector<uint8_t>& secret,
+ bool ComputeValidationValue(const brillo::SecureVector& secret,
const std::string& user_id,
std::vector<uint8_t>* out) {
- const brillo::SecureBlob secret_blob(secret);
- return BiodCrypto::ComputeValidationValue(secret_blob, user_id, out);
+ return BiodCrypto::ComputeValidationValue(secret, user_id, out);
}
bool ValidationValueIsCorrect(uint32_t match_idx) {
@@ -201,7 +201,7 @@
TEST_F(CrosFpBiometricsManagerTest, TestComputeValidationValue) {
EXPECT_TRUE(cros_fp_biometrics_manager_peer_.SupportsPositiveMatchSecret());
- const std::vector<std::pair<std::vector<uint8_t>, std::vector<uint8_t>>>
+ const std::vector<std::pair<brillo::SecureVector, std::vector<uint8_t>>>
kSecretValidationValuePairs = {
std::make_pair(kFakePositiveMatchSecret1, kFakeValidationValue1),
std::make_pair(kFakePositiveMatchSecret2, kFakeValidationValue2),
@@ -307,7 +307,7 @@
// Setting the devices positive match secret to empty will make the fake
// device return false when asked for positive match secret.
cros_fp_biometrics_manager_peer_.SetDevicePositiveMatchSecret(
- std::vector<uint8_t>());
+ brillo::SecureVector());
EXPECT_FALSE(
cros_fp_biometrics_manager_peer_.MigrateToValidationValue(index));
}
diff --git a/biod/cros_fp_device.cc b/biod/cros_fp_device.cc
index 4e87a3a..7ce4e50 100644
--- a/biod/cros_fp_device.cc
+++ b/biod/cros_fp_device.cc
@@ -249,7 +249,7 @@
}
bool CrosFpDevice::FpReadMatchSecret(uint16_t index,
- brillo::SecureBlob* secret) {
+ brillo::SecureVector* secret) {
EcCommand<struct ec_params_fp_read_match_secret,
struct ec_response_fp_read_match_secret>
cmd(EC_CMD_FP_READ_MATCH_SECRET, 0, {.fgr = index});
@@ -553,7 +553,7 @@
}
bool CrosFpDevice::GetPositiveMatchSecret(int index,
- brillo::SecureBlob* secret) {
+ brillo::SecureVector* secret) {
if (index == kLastTemplate) {
if (!GetIndexOfLastTemplate(&index))
return false;
diff --git a/biod/cros_fp_device.h b/biod/cros_fp_device.h
index 1b0e7f5..144dfd4 100644
--- a/biod/cros_fp_device.h
+++ b/biod/cros_fp_device.h
@@ -57,7 +57,7 @@
bool GetFpStats(int* capture_ms, int* matcher_ms, int* overall_ms) override;
bool GetDirtyMap(std::bitset<32>* bitmap) override;
bool SupportsPositiveMatchSecret() override;
- bool GetPositiveMatchSecret(int index, brillo::SecureBlob* secret) override;
+ bool GetPositiveMatchSecret(int index, brillo::SecureVector* secret) override;
bool GetTemplate(int index, VendorTemplate* out) override;
bool UploadTemplate(const VendorTemplate& tmpl) override;
bool SetContext(std::string user_id) override;
@@ -105,7 +105,7 @@
// Get block id from rollback info.
bool GetRollBackInfoId(int32_t* block_id);
bool FpFrame(int index, std::vector<uint8_t>* frame);
- bool FpReadMatchSecret(uint16_t index, brillo::SecureBlob* secret);
+ bool FpReadMatchSecret(uint16_t index, brillo::SecureVector* secret);
bool GetIndexOfLastTemplate(int* index);
// Run a sequence of EC commands to update the entropy in the
// MCU. If |reset| is set to true, it will additionally erase the existing
diff --git a/biod/cros_fp_device_interface.h b/biod/cros_fp_device_interface.h
index b98bdcc..8320135 100644
--- a/biod/cros_fp_device_interface.h
+++ b/biod/cros_fp_device_interface.h
@@ -41,7 +41,7 @@
virtual bool GetDirtyMap(std::bitset<32>* bitmap) = 0;
virtual bool SupportsPositiveMatchSecret() = 0;
virtual bool GetPositiveMatchSecret(int index,
- brillo::SecureBlob* secret) = 0;
+ brillo::SecureVector* secret) = 0;
virtual bool GetTemplate(int index, VendorTemplate* out) = 0;
virtual bool UploadTemplate(const VendorTemplate& tmpl) = 0;
virtual bool SetContext(std::string user_id) = 0;
diff --git a/biod/init/seccomp/bio-crypto-init-seccomp-amd64.policy b/biod/init/seccomp/bio-crypto-init-seccomp-amd64.policy
index 14b6fd5..6b0a6d5 100644
--- a/biod/init/seccomp/bio-crypto-init-seccomp-amd64.policy
+++ b/biod/init/seccomp/bio-crypto-init-seccomp-amd64.policy
@@ -24,7 +24,7 @@
kill: 1
lseek: 1
lstat: 1
-# madvise, mlock, munlock: For brillo::SecureBlob allocator
+# madvise, mlock, munlock: For brillo::SecureVector allocator
madvise: 1
mlock: 1
# Don't allow execute and write at the same time
diff --git a/biod/init/seccomp/biod-seccomp-amd64.policy b/biod/init/seccomp/biod-seccomp-amd64.policy
index 646f52c..fb1ec87 100644
--- a/biod/init/seccomp/biod-seccomp-amd64.policy
+++ b/biod/init/seccomp/biod-seccomp-amd64.policy
@@ -41,7 +41,7 @@
ioctl: arg1 == 0x5501 || arg1 == 0x5502 || arg1 == 0x405c5503 || arg1 == 0x40045564 || arg1 == 0x40045565 || arg1 == 0xc014ec00 || arg1 == 0xec02
lseek: 1
lstat: 1
-# madvise, mlock, munlock: For brillo::SecureBlob allocator
+# madvise, mlock, munlock: For brillo::SecureVector allocator
madvise: 1
mlock: 1
# Don't allow execute and write at the same time
diff --git a/biod/mock_cros_fp_device.h b/biod/mock_cros_fp_device.h
index 0f175a2..01530a5 100644
--- a/biod/mock_cros_fp_device.h
+++ b/biod/mock_cros_fp_device.h
@@ -42,7 +42,7 @@
MOCK_METHOD(bool, SupportsPositiveMatchSecret, (), (override));
MOCK_METHOD(bool,
GetPositiveMatchSecret,
- (int index, brillo::SecureBlob* secret),
+ (int index, brillo::SecureVector* secret),
(override));
};
diff --git a/biod/tools/bio_crypto_init.cc b/biod/tools/bio_crypto_init.cc
index f797226..db7080a 100644
--- a/biod/tools/bio_crypto_init.cc
+++ b/biod/tools/bio_crypto_init.cc
@@ -62,7 +62,7 @@
return ret;
}
-bool WriteSeedToCrosFp(const brillo::SecureBlob& seed) {
+bool WriteSeedToCrosFp(const brillo::SecureVector& seed) {
bool ret = true;
auto fd =
base::ScopedFD(open(biod::CrosFpDevice::kCrosFpPath, O_RDWR | O_CLOEXEC));
@@ -102,7 +102,7 @@
// compatible, so use the format version of the firmware.
req->struct_version =
static_cast<uint16_t>(firmware_fp_template_format_version);
- std::copy(seed.char_data(), seed.char_data() + sizeof(req->seed), req->seed);
+ std::copy(seed.cbegin(), seed.cend() + sizeof(req->seed), req->seed);
if (!cmd_seed.Run(fd.get())) {
LOG(ERROR) << "Failed to set TPM seed.";
@@ -118,7 +118,7 @@
return ret;
}
-bool DoProgramSeed(const brillo::SecureBlob& tpm_seed) {
+bool DoProgramSeed(const brillo::SecureVector& tpm_seed) {
bool ret = true;
if (!WriteSeedToCrosFp(tpm_seed)) {
@@ -177,9 +177,10 @@
if (pid == 0) {
// The first thing we do is read the buffer, and delete the file.
- brillo::SecureBlob tpm_seed(kTpmSeedSize);
+ brillo::SecureVector tpm_seed(kTpmSeedSize);
int bytes_read = base::ReadFile(base::FilePath(kBioTpmSeedTmpFile),
- tpm_seed.char_data(), tpm_seed.size());
+ reinterpret_cast<char*>(tpm_seed.data()),
+ tpm_seed.size());
NukeFile(base::FilePath(kBioTpmSeedTmpFile));
if (bytes_read != kTpmSeedSize) {