summaryrefslogtreecommitdiffstats
path: root/crypto/ext4crypt
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--crypto/ext4crypt/Keymaster3.cpp30
-rw-r--r--crypto/ext4crypt/Keymaster3.h9
-rw-r--r--crypto/ext4crypt/Keymaster4.cpp4
-rw-r--r--crypto/ext4crypt/Keymaster4.h6
4 files changed, 40 insertions, 9 deletions
diff --git a/crypto/ext4crypt/Keymaster3.cpp b/crypto/ext4crypt/Keymaster3.cpp
index c72ddd0c3..7862044e8 100644
--- a/crypto/ext4crypt/Keymaster3.cpp
+++ b/crypto/ext4crypt/Keymaster3.cpp
@@ -203,6 +203,7 @@ bool Keymaster::isSecure() {
using namespace ::android::vold;
+/*
int keymaster_compatibility_cryptfs_scrypt() {
Keymaster dev;
if (!dev) {
@@ -211,6 +212,7 @@ int keymaster_compatibility_cryptfs_scrypt() {
}
return dev.isSecure();
}
+*/
/*int keymaster_create_key_for_cryptfs_scrypt(uint32_t rsa_key_size,
uint64_t rsa_exponent,
@@ -259,7 +261,7 @@ int keymaster_compatibility_cryptfs_scrypt() {
std::copy(key.data(), key.data() + key.size(), key_buffer);
return 0;
-}
+}*/
int keymaster_sign_object_for_cryptfs_scrypt(const uint8_t* key_blob,
size_t key_blob_size,
@@ -267,7 +269,10 @@ int keymaster_sign_object_for_cryptfs_scrypt(const uint8_t* key_blob,
const uint8_t* object,
const size_t object_size,
uint8_t** signature_buffer,
- size_t* signature_buffer_size)
+ size_t* signature_buffer_size,
+ uint8_t* key_buffer,
+ uint32_t key_buffer_size,
+ uint32_t* key_out_size)
{
Keymaster dev;
if (!dev) {
@@ -294,6 +299,25 @@ int keymaster_sign_object_for_cryptfs_scrypt(const uint8_t* key_blob,
if (op.errorCode() == ErrorCode::KEY_RATE_LIMIT_EXCEEDED) {
sleep(ratelimit);
continue;
+ } else if (op.errorCode() == ErrorCode::KEY_REQUIRES_UPGRADE) {
+ std::string newKey;
+ bool ret = dev.upgradeKey(key, paramBuilder, &newKey);
+ if(ret == false) {
+ LOG(ERROR) << "Error upgradeKey: ";
+ return -1;
+ }
+
+ if (key_out_size) {
+ *key_out_size = newKey.size();
+ }
+
+ if (key_buffer_size < newKey.size()) {
+ LOG(ERROR) << "key buffer size is too small";
+ return -1;
+ }
+
+ std::copy(newKey.data(), newKey.data() + newKey.size(), key_buffer);
+ key = newKey;
} else break;
}
@@ -321,4 +345,4 @@ int keymaster_sign_object_for_cryptfs_scrypt(const uint8_t* key_blob,
*signature_buffer_size = output.size();
std::copy(output.data(), output.data() + output.size(), *signature_buffer);
return 0;
-}*/
+}
diff --git a/crypto/ext4crypt/Keymaster3.h b/crypto/ext4crypt/Keymaster3.h
index 4db85519c..cb5b644ef 100644
--- a/crypto/ext4crypt/Keymaster3.h
+++ b/crypto/ext4crypt/Keymaster3.h
@@ -127,13 +127,13 @@ class Keymaster {
*/
__BEGIN_DECLS
-int keymaster_compatibility_cryptfs_scrypt();
+//int keymaster_compatibility_cryptfs_scrypt();
/*int keymaster_create_key_for_cryptfs_scrypt(uint32_t rsa_key_size,
uint64_t rsa_exponent,
uint32_t ratelimit,
uint8_t* key_buffer,
uint32_t key_buffer_size,
- uint32_t* key_out_size);
+ uint32_t* key_out_size);*/
int keymaster_sign_object_for_cryptfs_scrypt(const uint8_t* key_blob,
size_t key_blob_size,
@@ -141,7 +141,10 @@ int keymaster_sign_object_for_cryptfs_scrypt(const uint8_t* key_blob,
const uint8_t* object,
const size_t object_size,
uint8_t** signature_buffer,
- size_t* signature_buffer_size);*/
+ size_t* signature_buffer_size,
+ uint8_t* key_buffer,
+ uint32_t key_buffer_size,
+ uint32_t* key_out_size);
__END_DECLS
diff --git a/crypto/ext4crypt/Keymaster4.cpp b/crypto/ext4crypt/Keymaster4.cpp
index e25d0c45d..cebe1f1d5 100644
--- a/crypto/ext4crypt/Keymaster4.cpp
+++ b/crypto/ext4crypt/Keymaster4.cpp
@@ -218,6 +218,7 @@ bool Keymaster::isSecure() {
using namespace ::android::vold;
+/*
int keymaster_compatibility_cryptfs_scrypt() {
Keymaster dev;
if (!dev) {
@@ -226,6 +227,7 @@ int keymaster_compatibility_cryptfs_scrypt() {
}
return dev.isSecure();
}
+*/
static bool write_string_to_buf(const std::string& towrite, uint8_t* buffer, uint32_t buffer_size,
uint32_t* out_size) {
@@ -253,6 +255,7 @@ static km::AuthorizationSet keyParams(uint32_t rsa_key_size, uint64_t rsa_expone
.Authorization(km::TAG_MIN_SECONDS_BETWEEN_OPS, ratelimit);
}
+/*
int keymaster_create_key_for_cryptfs_scrypt(uint32_t rsa_key_size, uint64_t rsa_exponent,
uint32_t ratelimit, uint8_t* key_buffer,
uint32_t key_buffer_size, uint32_t* key_out_size) {
@@ -269,6 +272,7 @@ int keymaster_create_key_for_cryptfs_scrypt(uint32_t rsa_key_size, uint64_t rsa_
if (!write_string_to_buf(key, key_buffer, key_buffer_size, key_out_size)) return -1;
return 0;
}
+*/
int keymaster_upgrade_key_for_cryptfs_scrypt(uint32_t rsa_key_size, uint64_t rsa_exponent,
uint32_t ratelimit, const uint8_t* key_blob,
diff --git a/crypto/ext4crypt/Keymaster4.h b/crypto/ext4crypt/Keymaster4.h
index 29c73c682..37bff4e3a 100644
--- a/crypto/ext4crypt/Keymaster4.h
+++ b/crypto/ext4crypt/Keymaster4.h
@@ -142,10 +142,10 @@ enum class KeymasterSignResult {
upgrade = -2,
};
-int keymaster_compatibility_cryptfs_scrypt();
-int keymaster_create_key_for_cryptfs_scrypt(uint32_t rsa_key_size, uint64_t rsa_exponent,
+//int keymaster_compatibility_cryptfs_scrypt();
+/*int keymaster_create_key_for_cryptfs_scrypt(uint32_t rsa_key_size, uint64_t rsa_exponent,
uint32_t ratelimit, uint8_t* key_buffer,
- uint32_t key_buffer_size, uint32_t* key_out_size);
+ uint32_t key_buffer_size, uint32_t* key_out_size);*/
int keymaster_upgrade_key_for_cryptfs_scrypt(uint32_t rsa_key_size, uint64_t rsa_exponent,
uint32_t ratelimit, const uint8_t* key_blob,