Merge changes from topic "vold-use-keystore2" am: 08873d0d7d
am: 54460f0635
am: 10912a295f
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1649730 Change-Id: I3f8ea815c5c3de2678c11815ddaf41776d470552
This commit is contained in:
commit
6a88ae1891
3 changed files with 2 additions and 45 deletions
|
@ -219,10 +219,6 @@ KeymasterOperation Keymaster::begin(const std::string& key, const km::Authorizat
|
|||
return KeymasterOperation(cor.iOperation, cor.upgradedBlob);
|
||||
}
|
||||
|
||||
bool Keymaster::isSecure() {
|
||||
return true;
|
||||
}
|
||||
|
||||
void Keymaster::earlyBootEnded() {
|
||||
::ndk::SpAIBinder binder(AServiceManager_getService(maintenance_service_name));
|
||||
auto maint_service = ks2_maint::IKeystoreMaintenance::fromBinder(binder);
|
||||
|
@ -238,14 +234,3 @@ void Keymaster::earlyBootEnded() {
|
|||
|
||||
} // namespace vold
|
||||
} // namespace android
|
||||
|
||||
// TODO: This always returns true right now since we hardcode the security level.
|
||||
// If it's alright to hardcode it, we should remove this function and simplify the callers.
|
||||
int keymaster_compatibility_cryptfs_scrypt() {
|
||||
android::vold::Keymaster dev;
|
||||
if (!dev) {
|
||||
LOG(ERROR) << "Failed to initiate keymaster session";
|
||||
return -1;
|
||||
}
|
||||
return dev.isSecure();
|
||||
}
|
||||
|
|
|
@ -122,7 +122,6 @@ class Keymaster {
|
|||
// also stores the upgraded key blob.
|
||||
KeymasterOperation begin(const std::string& key, const km::AuthorizationSet& inParams,
|
||||
km::AuthorizationSet* outParams);
|
||||
bool isSecure();
|
||||
|
||||
// Tell all Keymint devices that early boot has ended and early boot-only keys can no longer
|
||||
// be created or used.
|
||||
|
@ -136,6 +135,4 @@ class Keymaster {
|
|||
} // namespace vold
|
||||
} // namespace android
|
||||
|
||||
int keymaster_compatibility_cryptfs_scrypt();
|
||||
|
||||
#endif
|
||||
|
|
27
cryptfs.cpp
27
cryptfs.cpp
|
@ -328,11 +328,6 @@ const KeyGeneration cryptfs_get_keygen() {
|
|||
return KeyGeneration{get_crypto_type().get_keysize(), true, false};
|
||||
}
|
||||
|
||||
/* Should we use keymaster? */
|
||||
static int keymaster_check_compatibility() {
|
||||
return keymaster_compatibility_cryptfs_scrypt();
|
||||
}
|
||||
|
||||
static bool write_string_to_buf(const std::string& towrite, uint8_t* buffer, uint32_t buffer_size,
|
||||
uint32_t* out_size) {
|
||||
if (!buffer || !out_size) {
|
||||
|
@ -1834,7 +1829,6 @@ static int test_mount_encrypted_fs(struct crypt_mnt_ftr* crypt_ftr, const char*
|
|||
char tmp_mount_point[64];
|
||||
unsigned int orig_failed_decrypt_count;
|
||||
int rc;
|
||||
int use_keymaster = 0;
|
||||
int upgrade = 0;
|
||||
unsigned char* intermediate_key = 0;
|
||||
size_t intermediate_key_size = 0;
|
||||
|
@ -1916,15 +1910,9 @@ static int test_mount_encrypted_fs(struct crypt_mnt_ftr* crypt_ftr, const char*
|
|||
rc = 0;
|
||||
|
||||
// Upgrade if we're not using the latest KDF.
|
||||
use_keymaster = keymaster_check_compatibility();
|
||||
if (crypt_ftr->kdf_type == KDF_SCRYPT_KEYMASTER) {
|
||||
// Don't allow downgrade
|
||||
} else if (use_keymaster == 1 && crypt_ftr->kdf_type != KDF_SCRYPT_KEYMASTER) {
|
||||
if (crypt_ftr->kdf_type != KDF_SCRYPT_KEYMASTER) {
|
||||
crypt_ftr->kdf_type = KDF_SCRYPT_KEYMASTER;
|
||||
upgrade = 1;
|
||||
} else if (use_keymaster == 0 && crypt_ftr->kdf_type != KDF_SCRYPT) {
|
||||
crypt_ftr->kdf_type = KDF_SCRYPT;
|
||||
upgrade = 1;
|
||||
}
|
||||
|
||||
if (upgrade) {
|
||||
|
@ -2128,20 +2116,7 @@ static int cryptfs_init_crypt_mnt_ftr(struct crypt_mnt_ftr* ftr) {
|
|||
ftr->minor_version = CURRENT_MINOR_VERSION;
|
||||
ftr->ftr_size = sizeof(struct crypt_mnt_ftr);
|
||||
ftr->keysize = get_crypto_type().get_keysize();
|
||||
|
||||
switch (keymaster_check_compatibility()) {
|
||||
case 1:
|
||||
ftr->kdf_type = KDF_SCRYPT_KEYMASTER;
|
||||
break;
|
||||
|
||||
case 0:
|
||||
ftr->kdf_type = KDF_SCRYPT;
|
||||
break;
|
||||
|
||||
default:
|
||||
SLOGE("keymaster_check_compatibility failed");
|
||||
return -1;
|
||||
}
|
||||
|
||||
get_device_scrypt_params(ftr);
|
||||
|
||||
|
|
Loading…
Reference in a new issue