Merge "KeyStorage: don't request rollback resistance for wrapped storage keys" into android12L-gsiandroid12L-gsi

author: Eric Biggers <ebiggers@google.com> 2022-09-28 16:21:41 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> 2022-09-28 16:21:41 +0000
commit: 012d9bc2b34b3eca67a81dbfbdc5bfbffd925bf4 (patch)
tree: 9ae8ed5258d5e1f6bf41984f17373afcd3989be1
parent: 9b73e80d87c5afb969294f114b3eb1128e83325c (diff)
parent: f6d095d371fc3f5ee0ed94c9ca30baf40295f9e8 (diff)
download: vold-android12L-gsi.tar.gz
1 files changed, 9 insertions, 16 deletions
diff --git a/KeyStorage.cpp b/KeyStorage.cpp
index 11045a4f..c9bf5ece 100644
--- a/KeyStorage.cpp
+++ b/KeyStorage.cpp
@@ -123,10 +123,14 @@ static void hashWithPrefix(char const* prefix, const std::string& tohash, std::s
     SHA512_Final(reinterpret_cast<uint8_t*>(&(*res)[0]), &c);
 }
 
-// Generates a keymaster key, using rollback resistance if supported.
-static bool generateKeymasterKey(Keymaster& keymaster,
-                                 const km::AuthorizationSetBuilder& paramBuilder,
-                                 std::string* key) {
+static bool generateKeyStorageKey(Keymaster& keymaster, const std::string& appId,
+                                  std::string* key) {
+    auto paramBuilder = km::AuthorizationSetBuilder()
+                                .AesEncryptionKey(AES_KEY_BYTES * 8)
+                                .GcmModeMinMacLen(GCM_MAC_BYTES * 8)
+                                .Authorization(km::TAG_APPLICATION_ID, appId)
+                                .Authorization(km::TAG_NO_AUTH_REQUIRED);
+    LOG(DEBUG) << "Generating \"key storage\" key";
     auto paramsWithRollback = paramBuilder;
     paramsWithRollback.Authorization(km::TAG_ROLLBACK_RESISTANCE);
 
@@ -139,24 +143,13 @@ static bool generateKeymasterKey(Keymaster& keymaster,
     return true;
 }
 
-static bool generateKeyStorageKey(Keymaster& keymaster, const std::string& appId,
-                                  std::string* key) {
-    auto paramBuilder = km::AuthorizationSetBuilder()
-                                .AesEncryptionKey(AES_KEY_BYTES * 8)
-                                .GcmModeMinMacLen(GCM_MAC_BYTES * 8)
-                                .Authorization(km::TAG_APPLICATION_ID, appId)
-                                .Authorization(km::TAG_NO_AUTH_REQUIRED);
-    LOG(DEBUG) << "Generating \"key storage\" key";
-    return generateKeymasterKey(keymaster, paramBuilder, key);
-}
-
 bool generateWrappedStorageKey(KeyBuffer* key) {
     Keymaster keymaster;
     if (!keymaster) return false;
     std::string key_temp;
     auto paramBuilder = km::AuthorizationSetBuilder().AesEncryptionKey(AES_KEY_BYTES * 8);
     paramBuilder.Authorization(km::TAG_STORAGE_KEY);
-    if (!generateKeymasterKey(keymaster, paramBuilder, &key_temp)) return false;
+    if (!keymaster.generateKey(paramBuilder, &key_temp)) return false;
     *key = KeyBuffer(key_temp.size());
     memcpy(reinterpret_cast<void*>(key->data()), key_temp.c_str(), key->size());
     return true;
author	Eric Biggers <ebiggers@google.com>	2022-09-28 16:21:41 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	2022-09-28 16:21:41 +0000
commit	012d9bc2b34b3eca67a81dbfbdc5bfbffd925bf4 (patch)
tree	9ae8ed5258d5e1f6bf41984f17373afcd3989be1
parent	9b73e80d87c5afb969294f114b3eb1128e83325c (diff)
parent	f6d095d371fc3f5ee0ed94c9ca30baf40295f9e8 (diff)
download	vold-android12L-gsi.tar.gz