fscrypt: change to upgrade key if export fails
Importing this commit: https://github.com/mauronofrio/android_bootable_recovery/commit/f999d65b23f0cd36ee85995ac1601d1b2ab690e5 Change-Id: If73dc534ddf6c8b96ce2789789f25ce432428aa5
This commit is contained in:
committed by
bigbiff
parent
17fb1210a9
commit
bd79db4d6d
@@ -165,10 +165,28 @@ bool getEphemeralWrappedKey(km::KeyFormat format, KeyBuffer& kmKey, KeyBuffer* k
|
||||
std::string key_temp;
|
||||
Keymaster keymaster;
|
||||
if (!keymaster) return false;
|
||||
if (!keymaster.exportKey(format, kmKey, "!", "!", &key_temp)) return false;
|
||||
*key = KeyBuffer(key_temp.size());
|
||||
memcpy(reinterpret_cast<void*>(key->data()), key_temp.c_str(), key->size());
|
||||
return true;
|
||||
|
||||
//Export once, if upgrade needed, upgrade and export again
|
||||
bool export_again = true;
|
||||
while (export_again) {
|
||||
export_again = false;
|
||||
auto ret = keymaster.exportKey(format, kmKey, "!", "!", &key_temp);
|
||||
if (ret == km::ErrorCode::OK) {
|
||||
*key = KeyBuffer(key_temp.size());
|
||||
memcpy(reinterpret_cast<void*>(key->data()), key_temp.c_str(), key->size());
|
||||
return true;
|
||||
}
|
||||
if (ret != km::ErrorCode::KEY_REQUIRES_UPGRADE) return false;
|
||||
LOG(DEBUG) << "Upgrading key";
|
||||
std::string kmKeyStr(reinterpret_cast<const char*>(kmKey.data()), kmKey.size());
|
||||
std::string newKey;
|
||||
if (!keymaster.upgradeKey(kmKeyStr, km::AuthorizationSet(), &newKey)) return false;
|
||||
memcpy(reinterpret_cast<void*>(kmKey.data()), newKey.c_str(), kmKey.size());
|
||||
LOG(INFO) << "Key upgraded";
|
||||
export_again = true;
|
||||
}
|
||||
//Should never come here
|
||||
return false;
|
||||
}
|
||||
|
||||
static std::pair<km::AuthorizationSet, km::HardwareAuthToken> beginParams(
|
||||
|
||||
@@ -138,7 +138,7 @@ bool Keymaster::generateKey(const km::AuthorizationSet& inParams, std::string* k
|
||||
return true;
|
||||
}
|
||||
|
||||
bool Keymaster::exportKey(km::KeyFormat format, KeyBuffer& kmKey, const std::string& clientId,
|
||||
km::ErrorCode Keymaster::exportKey(km::KeyFormat format, KeyBuffer& kmKey, const std::string& clientId,
|
||||
const std::string& appData, std::string* key) {
|
||||
auto kmKeyBlob = km::support::blob2hidlVec(std::string(kmKey.data(), kmKey.size()));
|
||||
auto emptyAssign = NULL;
|
||||
@@ -155,13 +155,13 @@ bool Keymaster::exportKey(km::KeyFormat format, KeyBuffer& kmKey, const std::str
|
||||
auto error = mDevice->exportKey(format, kmKeyBlob, kmClientId, kmAppData, hidlCb);
|
||||
if (!error.isOk()) {
|
||||
LOG(ERROR) << "export_key failed: " << error.description();
|
||||
return false;
|
||||
return km::ErrorCode::UNKNOWN_ERROR;
|
||||
}
|
||||
if (km_error != km::ErrorCode::OK) {
|
||||
LOG(ERROR) << "export_key failed, code " << int32_t(km_error);
|
||||
return false;
|
||||
return km_error;
|
||||
}
|
||||
return true;
|
||||
return km::ErrorCode::OK;
|
||||
}
|
||||
|
||||
bool Keymaster::deleteKey(const std::string& key) {
|
||||
|
||||
@@ -103,7 +103,7 @@ class Keymaster {
|
||||
// Generate a key in the keymaster from the given params.
|
||||
bool generateKey(const km::AuthorizationSet& inParams, std::string* key);
|
||||
// Export a key from keymaster.
|
||||
bool exportKey(km::KeyFormat format, KeyBuffer& kmKey, const std::string& clientId,
|
||||
km::ErrorCode exportKey(km::KeyFormat format, KeyBuffer& kmKey, const std::string& clientId,
|
||||
const std::string& appData, std::string* key);
|
||||
// If the keymaster supports it, permanently delete a key.
|
||||
bool deleteKey(const std::string& key);
|
||||
|
||||
Reference in New Issue
Block a user