From b3de337acd7ad07de1ed30d24fdfd628d1d8590b Mon Sep 17 00:00:00 2001 From: Paul Crowley Date: Wed, 27 Apr 2016 12:58:41 -0700 Subject: [PATCH] Use a longer timeout on the disk encryption keys Avoid a timeout error by extending the time allowed between getting the auth token and decrypting the key from five to thirty seconds. Bug: 28398766 Change-Id: I1dbb9e0e33707e7de4c1720ad1b8e153c77094b2 --- KeyStorage.cpp | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/KeyStorage.cpp b/KeyStorage.cpp index f2b16e3..5234c56 100644 --- a/KeyStorage.cpp +++ b/KeyStorage.cpp @@ -56,6 +56,8 @@ static constexpr size_t SALT_BYTES = 1 << 4; static constexpr size_t SECDISCARDABLE_BYTES = 1 << 14; static constexpr size_t STRETCHED_BYTES = 1 << 6; +static constexpr uint32_t AUTH_TIMEOUT = 30; // Seconds + static const char* kCurrentVersion = "1"; static const char* kRmPath = "/system/bin/rm"; static const char* kSecdiscardPath = "/system/bin/secdiscard"; @@ -115,7 +117,7 @@ static bool generateKeymasterKey(Keymaster& keymaster, const KeyAuthentication& const hw_auth_token_t* at = reinterpret_cast(auth.token.data()); paramBuilder.Authorization(keymaster::TAG_USER_SECURE_ID, at->user_id); paramBuilder.Authorization(keymaster::TAG_USER_AUTH_TYPE, HW_AUTH_PASSWORD); - paramBuilder.Authorization(keymaster::TAG_AUTH_TIMEOUT, 5); + paramBuilder.Authorization(keymaster::TAG_AUTH_TIMEOUT, AUTH_TIMEOUT); } return keymaster.generateKey(paramBuilder.build(), key); }