From cba11e0f9fd333594c463111998a5d466bd39519 Mon Sep 17 00:00:00 2001 From: Dinesh K Garg Date: Thu, 27 Feb 2014 13:56:58 -0800 Subject: Wrong function pointer usage qseecom_create_key which is a function pointer is used after dereferencing it. Also fixed the issue where userdata may not be wiped after certain number of attemps. Change-Id: I4d14366e33c09da64f89000a16b7eef7d981cfda --- cryptfs_hw.c | 23 ++++++++++++----------- cryptfs_hw.h | 6 +++--- 2 files changed, 15 insertions(+), 14 deletions(-) diff --git a/cryptfs_hw.c b/cryptfs_hw.c index 16b614c..4a38e1b 100644 --- a/cryptfs_hw.c +++ b/cryptfs_hw.c @@ -38,8 +38,12 @@ #include "cutils/android_reboot.h" -// MAX_PASSWORD_ATTEMPTS must not be changed as it is enforced by HW -#define MAX_PASSWORD_ATTEMPTS 50 +// When device comes up or when user tries to change the password, user can +// try wrong password upto a certain number of times. If user enters wrong +// password further, HW would wipe all disk encryption related crypto data +// and would return an error ERR_MAX_PASSWORD_ATTEMPTS to VOLD. VOLD would +// wipe userdata partition once this error is received. +#define ERR_MAX_PASSWORD_ATTEMPTS -10 #define QSEECOM_DISK_ENCRYPTION 1 #define MAX_PASSWORD_LEN 32 @@ -47,7 +51,6 @@ #define SET_HW_DISK_ENC_KEY 1 #define UPDATE_HW_DISK_ENC_KEY 2 -static int password_attempts = 0; static int loaded_library = 0; static unsigned char current_passwd[MAX_PASSWORD_LEN]; static int (*qseecom_create_key)(int, void*); @@ -114,7 +117,7 @@ static int load_qseecom_library() return loaded_library; } -static int set_key(const char* passwd, const char* enc_mode, int operation) +static unsigned int set_key(const char* passwd, const char* enc_mode, int operation) { int ret = 0; int err = -1; @@ -125,36 +128,34 @@ static int set_key(const char* passwd, const char* enc_mode, int operation) if (operation == UPDATE_HW_DISK_ENC_KEY) err = qseecom_update_key(QSEECOM_DISK_ENCRYPTION, current_passwd, tmp_passwd); else if (operation == SET_HW_DISK_ENC_KEY) - err = (*qseecom_create_key)(QSEECOM_DISK_ENCRYPTION, tmp_passwd); + err = qseecom_create_key(QSEECOM_DISK_ENCRYPTION, tmp_passwd); if(!err) { memset(current_passwd, 0, MAX_PASSWORD_LEN); memcpy(current_passwd, tmp_passwd, MAX_PASSWORD_LEN); - password_attempts = 0; ret = 1; } else { - if(++password_attempts >= MAX_PASSWORD_ATTEMPTS) + if(ERR_MAX_PASSWORD_ATTEMPTS == err) wipe_userdata(); } - SLOGD("Password attempt = %d", password_attempts); free(tmp_passwd); } } return ret; } -int set_hw_device_encryption_key(const char* passwd, const char* enc_mode) +unsigned int set_hw_device_encryption_key(const char* passwd, const char* enc_mode) { return set_key(passwd, enc_mode, SET_HW_DISK_ENC_KEY); } -int update_hw_device_encryption_key(const char* newpw, const char* enc_mode) +unsigned int update_hw_device_encryption_key(const char* newpw, const char* enc_mode) { return set_key(newpw, enc_mode, UPDATE_HW_DISK_ENC_KEY); } -int is_hw_disk_encryption(const char* encryption_mode) +unsigned int is_hw_disk_encryption(const char* encryption_mode) { int ret = 0; if(encryption_mode) { diff --git a/cryptfs_hw.h b/cryptfs_hw.h index 7732bff..9d3573b 100644 --- a/cryptfs_hw.h +++ b/cryptfs_hw.h @@ -33,9 +33,9 @@ extern "C" { #endif -int set_hw_device_encryption_key(const char*, const char*); -int update_hw_device_encryption_key(const char*, const char*); -int is_hw_disk_encryption(const char*); +unsigned int set_hw_device_encryption_key(const char*, const char*); +unsigned int update_hw_device_encryption_key(const char*, const char*); +unsigned int is_hw_disk_encryption(const char*); #ifdef __cplusplus } -- cgit v1.2.3