Merge "Stop using the "stretching" file" am: b0a170136c

Original change: https://android-review.googlesource.com/c/platform/system/vold/+/2252876

Change-Id: Idc5c0d3e11e9091e4c83d34188d961d5531718e3
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
This commit is contained in:
Eric Biggers 2022-10-13 20:17:14 +00:00 committed by Automerger Merge Worker
commit 20695553e1

View file

@ -57,16 +57,14 @@ static constexpr size_t SECDISCARDABLE_BYTES = 1 << 14;
static const char* kCurrentVersion = "1";
static const char* kRmPath = "/system/bin/rm";
static const char* kSecdiscardPath = "/system/bin/secdiscard";
static const char* kStretch_none = "none";
static const char* kStretch_nopassword = "nopassword";
static const char* kHashPrefix_secdiscardable = "Android secdiscardable SHA512";
static const char* kHashPrefix_keygen = "Android key wrapping key generation SHA512";
static const char* kFn_encrypted_key = "encrypted_key";
static const char* kFn_keymaster_key_blob = "keymaster_key_blob";
static const char* kFn_keymaster_key_blob_upgraded = "keymaster_key_blob_upgraded";
static const char* kFn_secdiscardable = "secdiscardable";
static const char* kFn_stretching = "stretching";
static const char* kFn_version = "version";
// Note: old key directories may contain a file named "stretching".
namespace {
@ -412,36 +410,9 @@ static bool decryptWithKeystoreKey(Keystore& keystore, const std::string& dir,
return true;
}
static std::string getStretching(const KeyAuthentication& auth) {
if (auth.usesKeystore()) {
return kStretch_nopassword;
} else {
return kStretch_none;
}
}
static bool stretchSecret(const std::string& stretching, const std::string& secret,
std::string* stretched) {
if (stretching == kStretch_nopassword) {
if (!secret.empty()) {
LOG(WARNING) << "Password present but stretching is nopassword";
// Continue anyway
}
stretched->clear();
} else if (stretching == kStretch_none) {
*stretched = secret;
} else {
LOG(ERROR) << "Unknown stretching type: " << stretching;
return false;
}
return true;
}
static bool generateAppId(const KeyAuthentication& auth, const std::string& stretching,
const std::string& secdiscardable_hash, std::string* appId) {
std::string stretched;
if (!stretchSecret(stretching, auth.secret, &stretched)) return false;
*appId = secdiscardable_hash + stretched;
static std::string generateAppId(const KeyAuthentication& auth,
const std::string& secdiscardable_hash) {
std::string appId = secdiscardable_hash + auth.secret;
const std::lock_guard<std::mutex> scope_lock(storage_binding_info.guard);
switch (storage_binding_info.state) {
@ -449,14 +420,13 @@ static bool generateAppId(const KeyAuthentication& auth, const std::string& stre
storage_binding_info.state = StorageBindingInfo::State::NOT_USED;
break;
case StorageBindingInfo::State::IN_USE:
appId->append(storage_binding_info.seed.begin(), storage_binding_info.seed.end());
appId.append(storage_binding_info.seed.begin(), storage_binding_info.seed.end());
break;
case StorageBindingInfo::State::NOT_USED:
// noop
break;
}
return true;
return appId;
}
static void logOpensslError() {
@ -583,10 +553,7 @@ static bool storeKey(const std::string& dir, const KeyAuthentication& auth, cons
if (auth.usesKeystore() &&
!createSecdiscardable(dir + "/" + kFn_secdiscardable, &secdiscardable_hash))
return false;
std::string stretching = getStretching(auth);
if (!writeStringToFile(stretching, dir + "/" + kFn_stretching)) return false;
std::string appId;
if (!generateAppId(auth, stretching, secdiscardable_hash, &appId)) return false;
std::string appId = generateAppId(auth, secdiscardable_hash);
std::string encryptedKey;
if (auth.usesKeystore()) {
Keystore keystore;
@ -638,10 +605,7 @@ bool retrieveKey(const std::string& dir, const KeyAuthentication& auth, KeyBuffe
}
std::string secdiscardable_hash;
if (!readSecdiscardable(dir + "/" + kFn_secdiscardable, &secdiscardable_hash)) return false;
std::string stretching;
if (!readFileToString(dir + "/" + kFn_stretching, &stretching)) return false;
std::string appId;
if (!generateAppId(auth, stretching, secdiscardable_hash, &appId)) return false;
std::string appId = generateAppId(auth, secdiscardable_hash);
std::string encryptedMessage;
if (!readFileToString(dir + "/" + kFn_encrypted_key, &encryptedMessage)) return false;
if (auth.usesKeystore()) {