diff options
-rw-r--r-- | Keymaster.cpp | 15 | ||||
-rw-r--r-- | Keymaster.h | 3 | ||||
-rw-r--r-- | cryptfs.cpp | 29 |
3 files changed, 2 insertions, 45 deletions
diff --git a/Keymaster.cpp b/Keymaster.cpp index 5a686305..bb26b644 100644 --- a/Keymaster.cpp +++ b/Keymaster.cpp @@ -219,10 +219,6 @@ KeymasterOperation Keymaster::begin(const std::string& key, const km::Authorizat return KeymasterOperation(cor.iOperation, cor.upgradedBlob); } -bool Keymaster::isSecure() { - return true; -} - void Keymaster::earlyBootEnded() { ::ndk::SpAIBinder binder(AServiceManager_getService(maintenance_service_name)); auto maint_service = ks2_maint::IKeystoreMaintenance::fromBinder(binder); @@ -238,14 +234,3 @@ void Keymaster::earlyBootEnded() { } // namespace vold } // namespace android - -// TODO: This always returns true right now since we hardcode the security level. -// If it's alright to hardcode it, we should remove this function and simplify the callers. -int keymaster_compatibility_cryptfs_scrypt() { - android::vold::Keymaster dev; - if (!dev) { - LOG(ERROR) << "Failed to initiate keymaster session"; - return -1; - } - return dev.isSecure(); -} diff --git a/Keymaster.h b/Keymaster.h index 84b473e0..1100840b 100644 --- a/Keymaster.h +++ b/Keymaster.h @@ -122,7 +122,6 @@ class Keymaster { // also stores the upgraded key blob. KeymasterOperation begin(const std::string& key, const km::AuthorizationSet& inParams, km::AuthorizationSet* outParams); - bool isSecure(); // Tell all Keymint devices that early boot has ended and early boot-only keys can no longer // be created or used. @@ -136,6 +135,4 @@ class Keymaster { } // namespace vold } // namespace android -int keymaster_compatibility_cryptfs_scrypt(); - #endif diff --git a/cryptfs.cpp b/cryptfs.cpp index deba6daf..5764b5d6 100644 --- a/cryptfs.cpp +++ b/cryptfs.cpp @@ -328,11 +328,6 @@ const KeyGeneration cryptfs_get_keygen() { return KeyGeneration{get_crypto_type().get_keysize(), true, false}; } -/* Should we use keymaster? */ -static int keymaster_check_compatibility() { - return keymaster_compatibility_cryptfs_scrypt(); -} - static bool write_string_to_buf(const std::string& towrite, uint8_t* buffer, uint32_t buffer_size, uint32_t* out_size) { if (!buffer || !out_size) { @@ -1834,7 +1829,6 @@ static int test_mount_encrypted_fs(struct crypt_mnt_ftr* crypt_ftr, const char* char tmp_mount_point[64]; unsigned int orig_failed_decrypt_count; int rc; - int use_keymaster = 0; int upgrade = 0; unsigned char* intermediate_key = 0; size_t intermediate_key_size = 0; @@ -1916,15 +1910,9 @@ static int test_mount_encrypted_fs(struct crypt_mnt_ftr* crypt_ftr, const char* rc = 0; // Upgrade if we're not using the latest KDF. - use_keymaster = keymaster_check_compatibility(); - if (crypt_ftr->kdf_type == KDF_SCRYPT_KEYMASTER) { - // Don't allow downgrade - } else if (use_keymaster == 1 && crypt_ftr->kdf_type != KDF_SCRYPT_KEYMASTER) { + if (crypt_ftr->kdf_type != KDF_SCRYPT_KEYMASTER) { crypt_ftr->kdf_type = KDF_SCRYPT_KEYMASTER; upgrade = 1; - } else if (use_keymaster == 0 && crypt_ftr->kdf_type != KDF_SCRYPT) { - crypt_ftr->kdf_type = KDF_SCRYPT; - upgrade = 1; } if (upgrade) { @@ -2128,20 +2116,7 @@ static int cryptfs_init_crypt_mnt_ftr(struct crypt_mnt_ftr* ftr) { ftr->minor_version = CURRENT_MINOR_VERSION; ftr->ftr_size = sizeof(struct crypt_mnt_ftr); ftr->keysize = get_crypto_type().get_keysize(); - - switch (keymaster_check_compatibility()) { - case 1: - ftr->kdf_type = KDF_SCRYPT_KEYMASTER; - break; - - case 0: - ftr->kdf_type = KDF_SCRYPT; - break; - - default: - SLOGE("keymaster_check_compatibility failed"); - return -1; - } + ftr->kdf_type = KDF_SCRYPT_KEYMASTER; get_device_scrypt_params(ftr); |