Merge changes from topic "vold-use-keystore2" am: 08873d0d7d am: 54460f0635 am: 10912a295f

Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1649730

Change-Id: I3f8ea815c5c3de2678c11815ddaf41776d470552
This commit is contained in:
Satya Tangirala 2021-04-08 02:21:37 +00:00 committed by Automerger Merge Worker
commit 6a88ae1891
3 changed files with 2 additions and 45 deletions

View file

@ -219,10 +219,6 @@ KeymasterOperation Keymaster::begin(const std::string& key, const km::Authorizat
return KeymasterOperation(cor.iOperation, cor.upgradedBlob);
}
bool Keymaster::isSecure() {
return true;
}
void Keymaster::earlyBootEnded() {
::ndk::SpAIBinder binder(AServiceManager_getService(maintenance_service_name));
auto maint_service = ks2_maint::IKeystoreMaintenance::fromBinder(binder);
@ -238,14 +234,3 @@ void Keymaster::earlyBootEnded() {
} // namespace vold
} // namespace android
// TODO: This always returns true right now since we hardcode the security level.
// If it's alright to hardcode it, we should remove this function and simplify the callers.
int keymaster_compatibility_cryptfs_scrypt() {
android::vold::Keymaster dev;
if (!dev) {
LOG(ERROR) << "Failed to initiate keymaster session";
return -1;
}
return dev.isSecure();
}

View file

@ -122,7 +122,6 @@ class Keymaster {
// also stores the upgraded key blob.
KeymasterOperation begin(const std::string& key, const km::AuthorizationSet& inParams,
km::AuthorizationSet* outParams);
bool isSecure();
// Tell all Keymint devices that early boot has ended and early boot-only keys can no longer
// be created or used.
@ -136,6 +135,4 @@ class Keymaster {
} // namespace vold
} // namespace android
int keymaster_compatibility_cryptfs_scrypt();
#endif

View file

@ -328,11 +328,6 @@ const KeyGeneration cryptfs_get_keygen() {
return KeyGeneration{get_crypto_type().get_keysize(), true, false};
}
/* Should we use keymaster? */
static int keymaster_check_compatibility() {
return keymaster_compatibility_cryptfs_scrypt();
}
static bool write_string_to_buf(const std::string& towrite, uint8_t* buffer, uint32_t buffer_size,
uint32_t* out_size) {
if (!buffer || !out_size) {
@ -1834,7 +1829,6 @@ static int test_mount_encrypted_fs(struct crypt_mnt_ftr* crypt_ftr, const char*
char tmp_mount_point[64];
unsigned int orig_failed_decrypt_count;
int rc;
int use_keymaster = 0;
int upgrade = 0;
unsigned char* intermediate_key = 0;
size_t intermediate_key_size = 0;
@ -1916,15 +1910,9 @@ static int test_mount_encrypted_fs(struct crypt_mnt_ftr* crypt_ftr, const char*
rc = 0;
// Upgrade if we're not using the latest KDF.
use_keymaster = keymaster_check_compatibility();
if (crypt_ftr->kdf_type == KDF_SCRYPT_KEYMASTER) {
// Don't allow downgrade
} else if (use_keymaster == 1 && crypt_ftr->kdf_type != KDF_SCRYPT_KEYMASTER) {
if (crypt_ftr->kdf_type != KDF_SCRYPT_KEYMASTER) {
crypt_ftr->kdf_type = KDF_SCRYPT_KEYMASTER;
upgrade = 1;
} else if (use_keymaster == 0 && crypt_ftr->kdf_type != KDF_SCRYPT) {
crypt_ftr->kdf_type = KDF_SCRYPT;
upgrade = 1;
}
if (upgrade) {
@ -2128,20 +2116,7 @@ static int cryptfs_init_crypt_mnt_ftr(struct crypt_mnt_ftr* ftr) {
ftr->minor_version = CURRENT_MINOR_VERSION;
ftr->ftr_size = sizeof(struct crypt_mnt_ftr);
ftr->keysize = get_crypto_type().get_keysize();
switch (keymaster_check_compatibility()) {
case 1:
ftr->kdf_type = KDF_SCRYPT_KEYMASTER;
break;
case 0:
ftr->kdf_type = KDF_SCRYPT;
break;
default:
SLOGE("keymaster_check_compatibility failed");
return -1;
}
get_device_scrypt_params(ftr);