diff options
author | android-build-team Robot <android-build-team-robot@google.com> | 2019-10-25 21:56:26 +0000 |
---|---|---|
committer | android-build-team Robot <android-build-team-robot@google.com> | 2019-10-25 21:56:26 +0000 |
commit | 8d9d6694206320c4bcad10046de6bd26b2da3ec5 (patch) | |
tree | 358b6783003e00bda9d0c9e205cd968ecc960cdc | |
parent | 267635f625ce534473b6f2a869ba680e8c94dbf1 (diff) | |
parent | 3273aa9a16a32451516aad757135f200bdddbff9 (diff) | |
download | security-android10-s3-release.tar.gz |
Merge cherrypicks of [9618341, 9618157, 9618395, 9618396, 9618397, 9618398, 9618399, 9618036, 9618159, 9618160, 9617854, 9617855, 9617999, 9618000, 9618405, 9618406, 9618161, 9618401, 9618342] into sparse-5908163-L04300000381828225android-10.0.0_r17android10-s3-release
Change-Id: Ifa05fea06e9168a0abe9a9d2f64c6b6e99da7260
-rw-r--r-- | keystore/blob.cpp | 2 | ||||
-rw-r--r-- | keystore/blob.h | 1 | ||||
-rw-r--r-- | keystore/user_state.cpp | 13 | ||||
-rw-r--r-- | keystore/user_state.h | 12 |
4 files changed, 16 insertions, 12 deletions
diff --git a/keystore/blob.cpp b/keystore/blob.cpp index eac8f11d..497f304c 100644 --- a/keystore/blob.cpp +++ b/keystore/blob.cpp @@ -228,7 +228,7 @@ Blob::Blob(const uint8_t* value, size_t valueLength, const uint8_t* info, uint8_ mBlob->version = CURRENT_BLOB_VERSION; mBlob->type = uint8_t(type); - if (type == TYPE_MASTER_KEY) { + if (type == TYPE_MASTER_KEY || type == TYPE_MASTER_KEY_AES256) { mBlob->flags = KEYSTORE_FLAG_ENCRYPTED; } else { mBlob->flags = KEYSTORE_FLAG_NONE; diff --git a/keystore/blob.h b/keystore/blob.h index ce488ec9..e0bd1469 100644 --- a/keystore/blob.h +++ b/keystore/blob.h @@ -37,6 +37,7 @@ constexpr size_t kAesKeySize = 128 / 8; constexpr size_t kGcmTagLength = 128 / 8; constexpr size_t kGcmIvLength = 96 / 8; constexpr size_t kAes128KeySizeBytes = 128 / 8; +constexpr size_t kAes256KeySizeBytes = 256 / 8; /* Here is the file format. There are two parts in blob.value, the secret and * the description. The secret is stored in ciphertext, and its original size diff --git a/keystore/user_state.cpp b/keystore/user_state.cpp index bc3f6d9a..8d993e23 100644 --- a/keystore/user_state.cpp +++ b/keystore/user_state.cpp @@ -140,10 +140,13 @@ ResponseCode UserState::copyMasterKeyFile(LockedUserState<UserState>* src) { } ResponseCode UserState::writeMasterKey(const android::String8& pw) { - std::vector<uint8_t> passwordKey(MASTER_KEY_SIZE_BYTES); + std::vector<uint8_t> passwordKey(mMasterKey.size()); generateKeyFromPassword(passwordKey, pw, mSalt); - Blob masterKeyBlob(mMasterKey.data(), mMasterKey.size(), mSalt, sizeof(mSalt), - TYPE_MASTER_KEY_AES256); + auto blobType = TYPE_MASTER_KEY_AES256; + if (mMasterKey.size() == kAes128KeySizeBytes) { + blobType = TYPE_MASTER_KEY; + } + Blob masterKeyBlob(mMasterKey.data(), mMasterKey.size(), mSalt, sizeof(mSalt), blobType); auto lockedEntry = LockedKeyBlobEntry::get(mMasterKeyEntry); return lockedEntry.writeBlobs(masterKeyBlob, {}, passwordKey, STATE_NO_ERROR); } @@ -174,7 +177,7 @@ ResponseCode UserState::readMasterKey(const android::String8& pw) { size_t masterKeySize = MASTER_KEY_SIZE_BYTES; if (rawBlob.type == TYPE_MASTER_KEY) { - masterKeySize = SHA1_DIGEST_SIZE_BYTES; + masterKeySize = kAes128KeySizeBytes; } std::vector<uint8_t> passwordKey(masterKeySize); @@ -263,7 +266,7 @@ void UserState::generateKeyFromPassword(std::vector<uint8_t>& key, const android const EVP_MD* digest = EVP_sha256(); // SHA1 was used prior to increasing the key size - if (key.size() == SHA1_DIGEST_SIZE_BYTES) { + if (key.size() == kAes128KeySizeBytes) { digest = EVP_sha1(); } diff --git a/keystore/user_state.h b/keystore/user_state.h index b0671e39..620aaa5f 100644 --- a/keystore/user_state.h +++ b/keystore/user_state.h @@ -75,14 +75,14 @@ class UserState { bool operator<(uid_t userId) const; private: - static const int SHA1_DIGEST_SIZE_BYTES = 16; - static const int SHA256_DIGEST_SIZE_BYTES = 32; + static constexpr int SHA1_DIGEST_SIZE_BYTES = 16; + static constexpr int SHA256_DIGEST_SIZE_BYTES = 32; - static const int MASTER_KEY_SIZE_BYTES = SHA256_DIGEST_SIZE_BYTES; - static const int MASTER_KEY_SIZE_BITS = MASTER_KEY_SIZE_BYTES * 8; + static constexpr int MASTER_KEY_SIZE_BYTES = kAes256KeySizeBytes; + static constexpr int MASTER_KEY_SIZE_BITS = MASTER_KEY_SIZE_BYTES * 8; - static const int MAX_RETRY = 4; - static const size_t SALT_SIZE = 16; + static constexpr int MAX_RETRY = 4; + static constexpr size_t SALT_SIZE = 16; void generateKeyFromPassword(std::vector<uint8_t>& key, const android::String8& pw, uint8_t* salt); |