diff options
author | Dinesh K Garg <dineshg@codeaurora.org> | 2014-02-27 13:56:58 -0800 |
---|---|---|
committer | Zhao Wei Liew <zhaoweiliew@gmail.com> | 2017-02-12 20:41:17 +0800 |
commit | cba11e0f9fd333594c463111998a5d466bd39519 (patch) | |
tree | a4388817e6f4a5c751b6b185625349fe14ba6b39 | |
parent | a0624c1c576eea574092362885cb4ba41b0ea58d (diff) | |
download | android_vendor_qcom_opensource_cryptfs_hw-cba11e0f9fd333594c463111998a5d466bd39519.tar.gz android_vendor_qcom_opensource_cryptfs_hw-cba11e0f9fd333594c463111998a5d466bd39519.tar.bz2 android_vendor_qcom_opensource_cryptfs_hw-cba11e0f9fd333594c463111998a5d466bd39519.zip |
Wrong function pointer usage
qseecom_create_key which is a function pointer is used after
dereferencing it. Also fixed the issue where userdata may not be
wiped after certain number of attemps.
Change-Id: I4d14366e33c09da64f89000a16b7eef7d981cfda
-rw-r--r-- | cryptfs_hw.c | 23 | ||||
-rw-r--r-- | cryptfs_hw.h | 6 |
2 files changed, 15 insertions, 14 deletions
diff --git a/cryptfs_hw.c b/cryptfs_hw.c index 16b614c..4a38e1b 100644 --- a/cryptfs_hw.c +++ b/cryptfs_hw.c @@ -38,8 +38,12 @@ #include "cutils/android_reboot.h" -// MAX_PASSWORD_ATTEMPTS must not be changed as it is enforced by HW -#define MAX_PASSWORD_ATTEMPTS 50 +// When device comes up or when user tries to change the password, user can +// try wrong password upto a certain number of times. If user enters wrong +// password further, HW would wipe all disk encryption related crypto data +// and would return an error ERR_MAX_PASSWORD_ATTEMPTS to VOLD. VOLD would +// wipe userdata partition once this error is received. +#define ERR_MAX_PASSWORD_ATTEMPTS -10 #define QSEECOM_DISK_ENCRYPTION 1 #define MAX_PASSWORD_LEN 32 @@ -47,7 +51,6 @@ #define SET_HW_DISK_ENC_KEY 1 #define UPDATE_HW_DISK_ENC_KEY 2 -static int password_attempts = 0; static int loaded_library = 0; static unsigned char current_passwd[MAX_PASSWORD_LEN]; static int (*qseecom_create_key)(int, void*); @@ -114,7 +117,7 @@ static int load_qseecom_library() return loaded_library; } -static int set_key(const char* passwd, const char* enc_mode, int operation) +static unsigned int set_key(const char* passwd, const char* enc_mode, int operation) { int ret = 0; int err = -1; @@ -125,36 +128,34 @@ static int set_key(const char* passwd, const char* enc_mode, int operation) if (operation == UPDATE_HW_DISK_ENC_KEY) err = qseecom_update_key(QSEECOM_DISK_ENCRYPTION, current_passwd, tmp_passwd); else if (operation == SET_HW_DISK_ENC_KEY) - err = (*qseecom_create_key)(QSEECOM_DISK_ENCRYPTION, tmp_passwd); + err = qseecom_create_key(QSEECOM_DISK_ENCRYPTION, tmp_passwd); if(!err) { memset(current_passwd, 0, MAX_PASSWORD_LEN); memcpy(current_passwd, tmp_passwd, MAX_PASSWORD_LEN); - password_attempts = 0; ret = 1; } else { - if(++password_attempts >= MAX_PASSWORD_ATTEMPTS) + if(ERR_MAX_PASSWORD_ATTEMPTS == err) wipe_userdata(); } - SLOGD("Password attempt = %d", password_attempts); free(tmp_passwd); } } return ret; } -int set_hw_device_encryption_key(const char* passwd, const char* enc_mode) +unsigned int set_hw_device_encryption_key(const char* passwd, const char* enc_mode) { return set_key(passwd, enc_mode, SET_HW_DISK_ENC_KEY); } -int update_hw_device_encryption_key(const char* newpw, const char* enc_mode) +unsigned int update_hw_device_encryption_key(const char* newpw, const char* enc_mode) { return set_key(newpw, enc_mode, UPDATE_HW_DISK_ENC_KEY); } -int is_hw_disk_encryption(const char* encryption_mode) +unsigned int is_hw_disk_encryption(const char* encryption_mode) { int ret = 0; if(encryption_mode) { diff --git a/cryptfs_hw.h b/cryptfs_hw.h index 7732bff..9d3573b 100644 --- a/cryptfs_hw.h +++ b/cryptfs_hw.h @@ -33,9 +33,9 @@ extern "C" { #endif -int set_hw_device_encryption_key(const char*, const char*); -int update_hw_device_encryption_key(const char*, const char*); -int is_hw_disk_encryption(const char*); +unsigned int set_hw_device_encryption_key(const char*, const char*); +unsigned int update_hw_device_encryption_key(const char*, const char*); +unsigned int is_hw_disk_encryption(const char*); #ifdef __cplusplus } |