diff options
author | Eric Biggers <ebiggers@google.com> | 2022-09-28 16:21:41 +0000 |
---|---|---|
committer | Gerrit Code Review <noreply-gerritcodereview@google.com> | 2022-09-28 16:21:41 +0000 |
commit | 012d9bc2b34b3eca67a81dbfbdc5bfbffd925bf4 (patch) | |
tree | 9ae8ed5258d5e1f6bf41984f17373afcd3989be1 | |
parent | 9b73e80d87c5afb969294f114b3eb1128e83325c (diff) | |
parent | f6d095d371fc3f5ee0ed94c9ca30baf40295f9e8 (diff) | |
download | vold-android12L-gsi.tar.gz |
Merge "KeyStorage: don't request rollback resistance for wrapped storage keys" into android12L-gsiandroid12L-gsi
-rw-r--r-- | KeyStorage.cpp | 25 |
1 files changed, 9 insertions, 16 deletions
diff --git a/KeyStorage.cpp b/KeyStorage.cpp index 11045a4f..c9bf5ece 100644 --- a/KeyStorage.cpp +++ b/KeyStorage.cpp @@ -123,10 +123,14 @@ static void hashWithPrefix(char const* prefix, const std::string& tohash, std::s SHA512_Final(reinterpret_cast<uint8_t*>(&(*res)[0]), &c); } -// Generates a keymaster key, using rollback resistance if supported. -static bool generateKeymasterKey(Keymaster& keymaster, - const km::AuthorizationSetBuilder& paramBuilder, - std::string* key) { +static bool generateKeyStorageKey(Keymaster& keymaster, const std::string& appId, + std::string* key) { + auto paramBuilder = km::AuthorizationSetBuilder() + .AesEncryptionKey(AES_KEY_BYTES * 8) + .GcmModeMinMacLen(GCM_MAC_BYTES * 8) + .Authorization(km::TAG_APPLICATION_ID, appId) + .Authorization(km::TAG_NO_AUTH_REQUIRED); + LOG(DEBUG) << "Generating \"key storage\" key"; auto paramsWithRollback = paramBuilder; paramsWithRollback.Authorization(km::TAG_ROLLBACK_RESISTANCE); @@ -139,24 +143,13 @@ static bool generateKeymasterKey(Keymaster& keymaster, return true; } -static bool generateKeyStorageKey(Keymaster& keymaster, const std::string& appId, - std::string* key) { - auto paramBuilder = km::AuthorizationSetBuilder() - .AesEncryptionKey(AES_KEY_BYTES * 8) - .GcmModeMinMacLen(GCM_MAC_BYTES * 8) - .Authorization(km::TAG_APPLICATION_ID, appId) - .Authorization(km::TAG_NO_AUTH_REQUIRED); - LOG(DEBUG) << "Generating \"key storage\" key"; - return generateKeymasterKey(keymaster, paramBuilder, key); -} - bool generateWrappedStorageKey(KeyBuffer* key) { Keymaster keymaster; if (!keymaster) return false; std::string key_temp; auto paramBuilder = km::AuthorizationSetBuilder().AesEncryptionKey(AES_KEY_BYTES * 8); paramBuilder.Authorization(km::TAG_STORAGE_KEY); - if (!generateKeymasterKey(keymaster, paramBuilder, &key_temp)) return false; + if (!keymaster.generateKey(paramBuilder, &key_temp)) return false; *key = KeyBuffer(key_temp.size()); memcpy(reinterpret_cast<void*>(key->data()), key_temp.c_str(), key->size()); return true; |