Update FDE decrypt to pie from CAF
cryptfs.cpp based on CAF tag LA.UM.7.3.r1-05900-sdm845.0
Used CAF because AOSP no longer contains code for qcom's hardware
crypto.
Change-Id: I921cbe9bed70989f91449e23b5ac3ec1037b7b97
diff --git a/crypto/ext4crypt/Keymaster3.cpp b/crypto/ext4crypt/Keymaster3.cpp
index c72ddd0..7862044 100644
--- a/crypto/ext4crypt/Keymaster3.cpp
+++ b/crypto/ext4crypt/Keymaster3.cpp
@@ -203,6 +203,7 @@
using namespace ::android::vold;
+/*
int keymaster_compatibility_cryptfs_scrypt() {
Keymaster dev;
if (!dev) {
@@ -211,6 +212,7 @@
}
return dev.isSecure();
}
+*/
/*int keymaster_create_key_for_cryptfs_scrypt(uint32_t rsa_key_size,
uint64_t rsa_exponent,
@@ -259,7 +261,7 @@
std::copy(key.data(), key.data() + key.size(), key_buffer);
return 0;
-}
+}*/
int keymaster_sign_object_for_cryptfs_scrypt(const uint8_t* key_blob,
size_t key_blob_size,
@@ -267,7 +269,10 @@
const uint8_t* object,
const size_t object_size,
uint8_t** signature_buffer,
- size_t* signature_buffer_size)
+ size_t* signature_buffer_size,
+ uint8_t* key_buffer,
+ uint32_t key_buffer_size,
+ uint32_t* key_out_size)
{
Keymaster dev;
if (!dev) {
@@ -294,6 +299,25 @@
if (op.errorCode() == ErrorCode::KEY_RATE_LIMIT_EXCEEDED) {
sleep(ratelimit);
continue;
+ } else if (op.errorCode() == ErrorCode::KEY_REQUIRES_UPGRADE) {
+ std::string newKey;
+ bool ret = dev.upgradeKey(key, paramBuilder, &newKey);
+ if(ret == false) {
+ LOG(ERROR) << "Error upgradeKey: ";
+ return -1;
+ }
+
+ if (key_out_size) {
+ *key_out_size = newKey.size();
+ }
+
+ if (key_buffer_size < newKey.size()) {
+ LOG(ERROR) << "key buffer size is too small";
+ return -1;
+ }
+
+ std::copy(newKey.data(), newKey.data() + newKey.size(), key_buffer);
+ key = newKey;
} else break;
}
@@ -321,4 +345,4 @@
*signature_buffer_size = output.size();
std::copy(output.data(), output.data() + output.size(), *signature_buffer);
return 0;
-}*/
+}
diff --git a/crypto/ext4crypt/Keymaster3.h b/crypto/ext4crypt/Keymaster3.h
index 4db8551..cb5b644 100644
--- a/crypto/ext4crypt/Keymaster3.h
+++ b/crypto/ext4crypt/Keymaster3.h
@@ -127,13 +127,13 @@
*/
__BEGIN_DECLS
-int keymaster_compatibility_cryptfs_scrypt();
+//int keymaster_compatibility_cryptfs_scrypt();
/*int keymaster_create_key_for_cryptfs_scrypt(uint32_t rsa_key_size,
uint64_t rsa_exponent,
uint32_t ratelimit,
uint8_t* key_buffer,
uint32_t key_buffer_size,
- uint32_t* key_out_size);
+ uint32_t* key_out_size);*/
int keymaster_sign_object_for_cryptfs_scrypt(const uint8_t* key_blob,
size_t key_blob_size,
@@ -141,7 +141,10 @@
const uint8_t* object,
const size_t object_size,
uint8_t** signature_buffer,
- size_t* signature_buffer_size);*/
+ size_t* signature_buffer_size,
+ uint8_t* key_buffer,
+ uint32_t key_buffer_size,
+ uint32_t* key_out_size);
__END_DECLS
diff --git a/crypto/ext4crypt/Keymaster4.cpp b/crypto/ext4crypt/Keymaster4.cpp
index e25d0c4..cebe1f1 100644
--- a/crypto/ext4crypt/Keymaster4.cpp
+++ b/crypto/ext4crypt/Keymaster4.cpp
@@ -218,6 +218,7 @@
using namespace ::android::vold;
+/*
int keymaster_compatibility_cryptfs_scrypt() {
Keymaster dev;
if (!dev) {
@@ -226,6 +227,7 @@
}
return dev.isSecure();
}
+*/
static bool write_string_to_buf(const std::string& towrite, uint8_t* buffer, uint32_t buffer_size,
uint32_t* out_size) {
@@ -253,6 +255,7 @@
.Authorization(km::TAG_MIN_SECONDS_BETWEEN_OPS, ratelimit);
}
+/*
int keymaster_create_key_for_cryptfs_scrypt(uint32_t rsa_key_size, uint64_t rsa_exponent,
uint32_t ratelimit, uint8_t* key_buffer,
uint32_t key_buffer_size, uint32_t* key_out_size) {
@@ -269,6 +272,7 @@
if (!write_string_to_buf(key, key_buffer, key_buffer_size, key_out_size)) return -1;
return 0;
}
+*/
int keymaster_upgrade_key_for_cryptfs_scrypt(uint32_t rsa_key_size, uint64_t rsa_exponent,
uint32_t ratelimit, const uint8_t* key_blob,
diff --git a/crypto/ext4crypt/Keymaster4.h b/crypto/ext4crypt/Keymaster4.h
index 29c73c6..37bff4e 100644
--- a/crypto/ext4crypt/Keymaster4.h
+++ b/crypto/ext4crypt/Keymaster4.h
@@ -142,10 +142,10 @@
upgrade = -2,
};
-int keymaster_compatibility_cryptfs_scrypt();
-int keymaster_create_key_for_cryptfs_scrypt(uint32_t rsa_key_size, uint64_t rsa_exponent,
+//int keymaster_compatibility_cryptfs_scrypt();
+/*int keymaster_create_key_for_cryptfs_scrypt(uint32_t rsa_key_size, uint64_t rsa_exponent,
uint32_t ratelimit, uint8_t* key_buffer,
- uint32_t key_buffer_size, uint32_t* key_out_size);
+ uint32_t key_buffer_size, uint32_t* key_out_size);*/
int keymaster_upgrade_key_for_cryptfs_scrypt(uint32_t rsa_key_size, uint64_t rsa_exponent,
uint32_t ratelimit, const uint8_t* key_blob,