From 98661c1a298cb01c93ae31973a42d152077beae6 Mon Sep 17 00:00:00 2001 From: Ethan Yonker Date: Wed, 17 Oct 2018 08:39:28 -0500 Subject: Update FDE decrypt to pie from CAF cryptfs.cpp based on CAF tag LA.UM.7.3.r1-05900-sdm845.0 Used CAF because AOSP no longer contains code for qcom's hardware crypto. Change-Id: I921cbe9bed70989f91449e23b5ac3ec1037b7b97 --- crypto/ext4crypt/Keymaster3.cpp | 30 +++++++++++++++++++++++++++--- crypto/ext4crypt/Keymaster3.h | 9 ++++++--- crypto/ext4crypt/Keymaster4.cpp | 4 ++++ crypto/ext4crypt/Keymaster4.h | 6 +++--- 4 files changed, 40 insertions(+), 9 deletions(-) (limited to 'crypto/ext4crypt') diff --git a/crypto/ext4crypt/Keymaster3.cpp b/crypto/ext4crypt/Keymaster3.cpp index c72ddd0c3..7862044e8 100644 --- a/crypto/ext4crypt/Keymaster3.cpp +++ b/crypto/ext4crypt/Keymaster3.cpp @@ -203,6 +203,7 @@ bool Keymaster::isSecure() { using namespace ::android::vold; +/* int keymaster_compatibility_cryptfs_scrypt() { Keymaster dev; if (!dev) { @@ -211,6 +212,7 @@ int keymaster_compatibility_cryptfs_scrypt() { } return dev.isSecure(); } +*/ /*int keymaster_create_key_for_cryptfs_scrypt(uint32_t rsa_key_size, uint64_t rsa_exponent, @@ -259,7 +261,7 @@ int keymaster_compatibility_cryptfs_scrypt() { std::copy(key.data(), key.data() + key.size(), key_buffer); return 0; -} +}*/ int keymaster_sign_object_for_cryptfs_scrypt(const uint8_t* key_blob, size_t key_blob_size, @@ -267,7 +269,10 @@ int keymaster_sign_object_for_cryptfs_scrypt(const uint8_t* key_blob, const uint8_t* object, const size_t object_size, uint8_t** signature_buffer, - size_t* signature_buffer_size) + size_t* signature_buffer_size, + uint8_t* key_buffer, + uint32_t key_buffer_size, + uint32_t* key_out_size) { Keymaster dev; if (!dev) { @@ -294,6 +299,25 @@ int keymaster_sign_object_for_cryptfs_scrypt(const uint8_t* key_blob, if (op.errorCode() == ErrorCode::KEY_RATE_LIMIT_EXCEEDED) { sleep(ratelimit); continue; + } else if (op.errorCode() == ErrorCode::KEY_REQUIRES_UPGRADE) { + std::string newKey; + bool ret = dev.upgradeKey(key, paramBuilder, &newKey); + if(ret == false) { + LOG(ERROR) << "Error upgradeKey: "; + return -1; + } + + if (key_out_size) { + *key_out_size = newKey.size(); + } + + if (key_buffer_size < newKey.size()) { + LOG(ERROR) << "key buffer size is too small"; + return -1; + } + + std::copy(newKey.data(), newKey.data() + newKey.size(), key_buffer); + key = newKey; } else break; } @@ -321,4 +345,4 @@ int keymaster_sign_object_for_cryptfs_scrypt(const uint8_t* key_blob, *signature_buffer_size = output.size(); std::copy(output.data(), output.data() + output.size(), *signature_buffer); return 0; -}*/ +} diff --git a/crypto/ext4crypt/Keymaster3.h b/crypto/ext4crypt/Keymaster3.h index 4db85519c..cb5b644ef 100644 --- a/crypto/ext4crypt/Keymaster3.h +++ b/crypto/ext4crypt/Keymaster3.h @@ -127,13 +127,13 @@ class Keymaster { */ __BEGIN_DECLS -int keymaster_compatibility_cryptfs_scrypt(); +//int keymaster_compatibility_cryptfs_scrypt(); /*int keymaster_create_key_for_cryptfs_scrypt(uint32_t rsa_key_size, uint64_t rsa_exponent, uint32_t ratelimit, uint8_t* key_buffer, uint32_t key_buffer_size, - uint32_t* key_out_size); + uint32_t* key_out_size);*/ int keymaster_sign_object_for_cryptfs_scrypt(const uint8_t* key_blob, size_t key_blob_size, @@ -141,7 +141,10 @@ int keymaster_sign_object_for_cryptfs_scrypt(const uint8_t* key_blob, const uint8_t* object, const size_t object_size, uint8_t** signature_buffer, - size_t* signature_buffer_size);*/ + size_t* signature_buffer_size, + uint8_t* key_buffer, + uint32_t key_buffer_size, + uint32_t* key_out_size); __END_DECLS diff --git a/crypto/ext4crypt/Keymaster4.cpp b/crypto/ext4crypt/Keymaster4.cpp index e25d0c45d..cebe1f1d5 100644 --- a/crypto/ext4crypt/Keymaster4.cpp +++ b/crypto/ext4crypt/Keymaster4.cpp @@ -218,6 +218,7 @@ bool Keymaster::isSecure() { using namespace ::android::vold; +/* int keymaster_compatibility_cryptfs_scrypt() { Keymaster dev; if (!dev) { @@ -226,6 +227,7 @@ int keymaster_compatibility_cryptfs_scrypt() { } return dev.isSecure(); } +*/ static bool write_string_to_buf(const std::string& towrite, uint8_t* buffer, uint32_t buffer_size, uint32_t* out_size) { @@ -253,6 +255,7 @@ static km::AuthorizationSet keyParams(uint32_t rsa_key_size, uint64_t rsa_expone .Authorization(km::TAG_MIN_SECONDS_BETWEEN_OPS, ratelimit); } +/* int keymaster_create_key_for_cryptfs_scrypt(uint32_t rsa_key_size, uint64_t rsa_exponent, uint32_t ratelimit, uint8_t* key_buffer, uint32_t key_buffer_size, uint32_t* key_out_size) { @@ -269,6 +272,7 @@ int keymaster_create_key_for_cryptfs_scrypt(uint32_t rsa_key_size, uint64_t rsa_ if (!write_string_to_buf(key, key_buffer, key_buffer_size, key_out_size)) return -1; return 0; } +*/ int keymaster_upgrade_key_for_cryptfs_scrypt(uint32_t rsa_key_size, uint64_t rsa_exponent, uint32_t ratelimit, const uint8_t* key_blob, diff --git a/crypto/ext4crypt/Keymaster4.h b/crypto/ext4crypt/Keymaster4.h index 29c73c682..37bff4e3a 100644 --- a/crypto/ext4crypt/Keymaster4.h +++ b/crypto/ext4crypt/Keymaster4.h @@ -142,10 +142,10 @@ enum class KeymasterSignResult { upgrade = -2, }; -int keymaster_compatibility_cryptfs_scrypt(); -int keymaster_create_key_for_cryptfs_scrypt(uint32_t rsa_key_size, uint64_t rsa_exponent, +//int keymaster_compatibility_cryptfs_scrypt(); +/*int keymaster_create_key_for_cryptfs_scrypt(uint32_t rsa_key_size, uint64_t rsa_exponent, uint32_t ratelimit, uint8_t* key_buffer, - uint32_t key_buffer_size, uint32_t* key_out_size); + uint32_t key_buffer_size, uint32_t* key_out_size);*/ int keymaster_upgrade_key_for_cryptfs_scrypt(uint32_t rsa_key_size, uint64_t rsa_exponent, uint32_t ratelimit, const uint8_t* key_blob, -- cgit v1.2.3