diff options
| author | Shivaprasad Hongal <shongal@codeaurora.org> | 2017-07-13 17:03:47 -0700 |
|---|---|---|
| committer | Michael Bestas <mkbestas@lineageos.org> | 2017-12-20 19:05:42 +0200 |
| commit | bf2309fce5f5c2e423e7b7fe972c3da1c3f398c2 (patch) | |
| tree | d86d1e0035143ab2952ed42f93ae32a75729cd60 | |
| parent | d4d0a7d0b7dadc33ad4f6d75c84d5f650b76ed2b (diff) | |
| download | android_system_vold-bf2309fce5f5c2e423e7b7fe972c3da1c3f398c2.tar.gz android_system_vold-bf2309fce5f5c2e423e7b7fe972c3da1c3f398c2.tar.bz2 android_system_vold-bf2309fce5f5c2e423e7b7fe972c3da1c3f398c2.zip | |
keymaster: Add support for upgrade_key for FDE
With KM 2.0 / 3.0, KM HAL would return KM_ERROR_KEY_REQUIRES_UPGRADE,
hence adding support in vold for upgrade_key.
Change-Id: I7dae9d156ad58ebcf17e0eb23d995eeab73887f8
| -rw-r--r-- | Keymaster.cpp | 23 | ||||
| -rw-r--r-- | Keymaster.h | 5 | ||||
| -rw-r--r-- | cryptfs.cpp | 3 |
3 files changed, 28 insertions, 3 deletions
diff --git a/Keymaster.cpp b/Keymaster.cpp index eb70b1c..b991418 100644 --- a/Keymaster.cpp +++ b/Keymaster.cpp @@ -260,7 +260,10 @@ int keymaster_sign_object_for_cryptfs_scrypt(const uint8_t* key_blob, const uint8_t* object, const size_t object_size, uint8_t** signature_buffer, - size_t* signature_buffer_size) + size_t* signature_buffer_size, + uint8_t* key_buffer, + uint32_t key_buffer_size, + uint32_t* key_out_size) { Keymaster dev; if (!dev) { @@ -287,6 +290,24 @@ int keymaster_sign_object_for_cryptfs_scrypt(const uint8_t* key_blob, if (op.errorCode() == ErrorCode::KEY_RATE_LIMIT_EXCEEDED) { sleep(ratelimit); continue; + } else if (op.errorCode() == ErrorCode::KEY_REQUIRES_UPGRADE) { + std::string newKey; + bool ret = dev.upgradeKey(key, paramBuilder, &newKey); + if(ret == false) { + LOG(ERROR) << "Error upgradeKey: "; + return -1; + } + + if (key_out_size) { + *key_out_size = newKey.size(); + } + + if (key_buffer_size < newKey.size()) { + return -1; + } + + std::copy(newKey.data(), newKey.data() + newKey.size(), key_buffer); + key = newKey; } else break; } diff --git a/Keymaster.h b/Keymaster.h index f4a30ae..fccf257 100644 --- a/Keymaster.h +++ b/Keymaster.h @@ -173,7 +173,10 @@ int keymaster_sign_object_for_cryptfs_scrypt(const uint8_t* key_blob, const uint8_t* object, const size_t object_size, uint8_t** signature_buffer, - size_t* signature_buffer_size); + size_t* signature_buffer_size, + uint8_t* key_buffer, + uint32_t key_buffer_size, + uint32_t* key_out_size); __END_DECLS diff --git a/cryptfs.cpp b/cryptfs.cpp index 313cde2..e2bafc5 100644 --- a/cryptfs.cpp +++ b/cryptfs.cpp @@ -329,7 +329,8 @@ static int keymaster_sign_object(struct crypt_mnt_ftr *ftr, return -1; } return keymaster_sign_object_for_cryptfs_scrypt(ftr->keymaster_blob, ftr->keymaster_blob_size, - KEYMASTER_CRYPTFS_RATE_LIMIT, to_sign, to_sign_size, signature, signature_size); + KEYMASTER_CRYPTFS_RATE_LIMIT, to_sign, to_sign_size, signature, signature_size, + ftr->keymaster_blob, KEYMASTER_BLOB_SIZE, &ftr->keymaster_blob_size); #endif } |