tequilaOS/platform_system_vold
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge "KeyStorage: don't request rollback resistance for wrapped storage keys"

Browse source
This commit is contained in:
Treehugger Robot 2022-08-01 23:21:50 +00:00 committed by Gerrit Code Review
commit ca648a0217
1 changed files with 8 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
KeyStorage.cpp
View file

@ -117,9 +117,13 @@ static void hashWithPrefix(char const* prefix, const std::string& tohash, std::s
SHA512_Final(reinterpret_cast<uint8_t*>(&(*res)[0]), &c);
}
// Generates a keystore key, using rollback resistance if supported.
static bool generateKeystoreKey(Keystore& keystore, const km::AuthorizationSetBuilder& paramBuilder,
std::string* key) {
static bool generateKeyStorageKey(Keystore& keystore, const std::string& appId, std::string* key) {
auto paramBuilder = km::AuthorizationSetBuilder()
.AesEncryptionKey(AES_KEY_BYTES * 8)
.GcmModeMinMacLen(GCM_MAC_BYTES * 8)
.Authorization(km::TAG_APPLICATION_ID, appId)
.Authorization(km::TAG_NO_AUTH_REQUIRED);
LOG(DEBUG) << "Generating \"key storage\" key";
auto paramsWithRollback = paramBuilder;
paramsWithRollback.Authorization(km::TAG_ROLLBACK_RESISTANCE);
@ -132,23 +136,13 @@ static bool generateKeystoreKey(Keystore& keystore, const km::AuthorizationSetBu
return true;
}
static bool generateKeyStorageKey(Keystore& keystore, const std::string& appId, std::string* key) {
auto paramBuilder = km::AuthorizationSetBuilder()
.AesEncryptionKey(AES_KEY_BYTES * 8)
.GcmModeMinMacLen(GCM_MAC_BYTES * 8)
.Authorization(km::TAG_APPLICATION_ID, appId)
.Authorization(km::TAG_NO_AUTH_REQUIRED);
LOG(DEBUG) << "Generating \"key storage\" key";
return generateKeystoreKey(keystore, paramBuilder, key);
}
bool generateWrappedStorageKey(KeyBuffer* key) {
Keystore keystore;
if (!keystore) return false;
std::string key_temp;
auto paramBuilder = km::AuthorizationSetBuilder().AesEncryptionKey(AES_KEY_BYTES * 8);
paramBuilder.Authorization(km::TAG_STORAGE_KEY);
if (!generateKeystoreKey(keystore, paramBuilder, &key_temp)) return false;
if (!keystore.generateKey(paramBuilder, &key_temp)) return false;
*key = KeyBuffer(key_temp.size());
memcpy(reinterpret_cast<void*>(key->data()), key_temp.c_str(), key->size());
return true;