Merge "Fix use of auth-bound keys after screen lock removal" into oc-mr1-dev

am: f08fb3449b

Change-Id: Ia7185a003b066a20abf5fcfd687d668af61b45ad

3 files changed, 24 insertions, 4 deletions

diff --git a/keystore/blob.cpp b/keystore/blob.cpp
index a33334ee..625d0576 100644
--- a/keystore/blob.cpp
+++ b/keystore/blob.cpp
@@ -272,8 +272,9 @@ ResponseCode Blob::readBlob(const std::string& filename, const uint8_t* aes_key,
         return ResponseCode::VALUE_CORRUPTED;
     }
 
-    if ((isEncrypted() || isSuperEncrypted()) && (state != STATE_NO_ERROR)) {
-        return ResponseCode::LOCKED;
+    if ((isEncrypted() || isSuperEncrypted())) {
+        if (state == STATE_LOCKED) return ResponseCode::LOCKED;
+        if (state == STATE_UNINITIALIZED) return ResponseCode::UNINITIALIZED;
     }
 
     if (fileLength < offsetof(blobv3, value)) return ResponseCode::VALUE_CORRUPTED;
diff --git a/keystore/key_store_service.cpp b/keystore/key_store_service.cpp
index 3a57e07e..621c5058 100644
--- a/keystore/key_store_service.cpp
+++ b/keystore/key_store_service.cpp
@@ -800,7 +800,26 @@ KeyStoreService::getKeyCharacteristics(const String16& name, const hidl_vec<uint
 
     KeyStoreServiceReturnCode rc =
         mKeyStore->getKeyForName(&keyBlob, name8, targetUid, TYPE_KEYMASTER_10);
-    if (!rc.isOk()) {
+    if (rc == ResponseCode::UNINITIALIZED) {
+        /*
+         * If we fail reading the blob because the master key is missing we try to retrieve the
+         * key characteristics from the characteristics file. This happens when auth-bound
+         * keys are used after a screen lock has been removed by the user.
+         */
+        rc = mKeyStore->getKeyForName(&keyBlob, name8, targetUid, TYPE_KEY_CHARACTERISTICS);
+        if (!rc.isOk()) {
+            return rc;
+        }
+        AuthorizationSet keyCharacteristics;
+        // TODO write one shot stream buffer to avoid copying (twice here)
+        std::string charBuffer(reinterpret_cast<const char*>(keyBlob.getValue()),
+                               keyBlob.getLength());
+        std::stringstream charStream(charBuffer);
+        keyCharacteristics.Deserialize(&charStream);
+
+        outCharacteristics->softwareEnforced = keyCharacteristics.hidl_data();
+        return rc;
+    } else if (!rc.isOk()) {
         return rc;
     }
 
diff --git a/keystore/keystore.cpp b/keystore/keystore.cpp
index ab386ad8..1564a641 100644
--- a/keystore/keystore.cpp
+++ b/keystore/keystore.cpp
@@ -502,7 +502,7 @@ ResponseCode KeyStore::getKeyForName(Blob* keyBlob, const android::String8& keyN
     uid_t userId = get_user_id(uid);
 
     ResponseCode responseCode = get(filepath8.string(), keyBlob, type, userId);
-    if (responseCode == ResponseCode::NO_ERROR) {
+    if (responseCode != ResponseCode::KEY_NOT_FOUND) {
         return responseCode;
     }