Gitiles
Code Review Sign In
review.blissroms.org / treble_patches / 57acbdbd569faa91004453e51a0be1ceb00765f6 / . / patches / system / vold / 0005-Revert-vold-Wrapped-key-support-for-FBE.patch
blob: 8fda8a5ae3405e0e9d506f7bf64337fdb325b995 [file] [log] [blame]
Jackeagle57acbdb2019-05-06 19:59:01 +0200[diff] [blame^]1From ae3379f770f270fd06e606c22aef55494300efae Mon Sep 17 00:00:00 2001
Jackeagle1cba4132018-12-19 17:08:24 +0100[diff] [blame]2From: Jackeagle <jackeagle102@gmail.com>
3Date: Wed, 19 Dec 2018 17:02:02 +0100
4Subject: [PATCH 5/8] Revert "vold: Wrapped key support for FBE"
5
6This reverts commit 659c9ec24095a9a6925157c83f961840f5df807d.
7---
8 Ext4Crypt.cpp | 164 +++--------------------------------
9 Ext4Crypt.h | 4 -
10 KeyStorage.cpp | 42 ---------
11 KeyStorage.h | 11 +--
12 KeyUtil.cpp | 31 +------
13 KeyUtil.h | 4 +-
14 Keymaster.cpp | 26 ------
15 Keymaster.h | 3 -
16 VoldNativeService.cpp | 8 --
17 VoldNativeService.h | 2 -
18 binder/android/os/IVold.aidl | 1 -
19 11 files changed, 20 insertions(+), 276 deletions(-)
20
21diff --git a/Ext4Crypt.cpp b/Ext4Crypt.cpp
22index 56650fe..6b60796 100644
23--- a/Ext4Crypt.cpp
24+++ b/Ext4Crypt.cpp
25@@ -16,7 +16,6 @@
26
27 #include "Ext4Crypt.h"
28
29-#include "Keymaster.h"
30 #include "KeyStorage.h"
31 #include "KeyUtil.h"
32 #include "Utils.h"
33@@ -63,8 +62,6 @@ using android::base::StringPrintf;
34 using android::base::WriteStringToFile;
35 using android::vold::kEmptyAuthentication;
36 using android::vold::KeyBuffer;
37-using android::vold::Keymaster;
38-using android::hardware::keymaster::V4_0::KeyFormat;
39
40 namespace {
41
42@@ -199,46 +196,12 @@ static bool read_and_fixate_user_ce_key(userid_t user_id,
43 return false;
44 }
45
46-static bool is_wrapped_key_supported_common(const std::string& mount_point) {
47- struct fstab_rec* rec = fs_mgr_get_entry_for_mount_point(fstab_default, mount_point);
48- char const* contents_mode = NULL;
49- char const* filenames_mode = NULL;
50-
51- fs_mgr_get_file_encryption_modes(rec, &contents_mode, &filenames_mode);
52- if (!contents_mode || !filenames_mode) {
53- LOG(ERROR) << "Couldn't read file or contents mode, returning false";
54- return false;
55- }
56-
57- if (strcmp(contents_mode, "ice_wrapped_key_supported") == 0)
58- return true;
59- else
60- return false;
61-}
62-
63-bool is_wrapped_key_supported() {
64- return is_wrapped_key_supported_common(DATA_MNT_POINT);
65-}
66-
67-bool is_wrapped_key_supported_external() {
68- return false;
69-}
70-
71 static bool read_and_install_user_ce_key(userid_t user_id,
72 const android::vold::KeyAuthentication& auth) {
73 if (s_ce_key_raw_refs.count(user_id) != 0) return true;
74 KeyBuffer ce_key;
75 if (!read_and_fixate_user_ce_key(user_id, auth, &ce_key)) return false;
76 std::string ce_raw_ref;
77-
78- if (is_wrapped_key_supported()) {
79- KeyBuffer ephemeral_wrapped_key;
80- if (!getEphemeralWrappedKey(KeyFormat::RAW, ce_key, &ephemeral_wrapped_key)) {
81- LOG(ERROR) << "Failed to export ce key";
82- return false;
83- }
84- ce_key = std::move(ephemeral_wrapped_key);
85- }
86 if (!android::vold::installKey(ce_key, &ce_raw_ref)) return false;
87 s_ce_keys[user_id] = std::move(ce_key);
88 s_ce_key_raw_refs[user_id] = ce_raw_ref;
89@@ -269,15 +232,8 @@ static bool destroy_dir(const std::string& dir) {
90 // it creates keys in a fixed location.
91 static bool create_and_install_user_keys(userid_t user_id, bool create_ephemeral) {
92 KeyBuffer de_key, ce_key;
93-
94- if(is_wrapped_key_supported()) {
95- if (!generateWrappedKey(user_id, android::vold::KeyType::DE_USER, &de_key)) return false;
96- if (!generateWrappedKey(user_id, android::vold::KeyType::CE_USER, &ce_key)) return false;
97- } else {
98- if (!android::vold::randomKey(&de_key)) return false;
99- if (!android::vold::randomKey(&ce_key)) return false;
100- }
101-
102+ if (!android::vold::randomKey(&de_key)) return false;
103+ if (!android::vold::randomKey(&ce_key)) return false;
104 if (create_ephemeral) {
105 // If the key should be created as ephemeral, don't store it.
106 s_ephemeral_users.insert(user_id);
107@@ -294,36 +250,13 @@ static bool create_and_install_user_keys(userid_t user_id, bool create_ephemeral
108 if (!android::vold::storeKeyAtomically(get_de_key_path(user_id), user_key_temp,
109 kEmptyAuthentication, de_key)) return false;
110 }
111-
112- /* Install the DE keys */
113 std::string de_raw_ref;
114- std::string ce_raw_ref;
115-
116- if (is_wrapped_key_supported()) {
117- KeyBuffer ephemeral_wrapped_de_key;
118- KeyBuffer ephemeral_wrapped_ce_key;
119-
120- /* Export and install the DE keys */
121- if (!getEphemeralWrappedKey(KeyFormat::RAW, de_key, &ephemeral_wrapped_de_key)) {
122- LOG(ERROR) << "Failed to export de_key";
123- return false;
124- }
125- /* Export and install the CE keys */
126- if (!getEphemeralWrappedKey(KeyFormat::RAW, ce_key, &ephemeral_wrapped_ce_key)) {
127- LOG(ERROR) << "Failed to export de_key";
128- return false;
129- }
130-
131- de_key = std::move(ephemeral_wrapped_de_key);
132- ce_key = std::move(ephemeral_wrapped_ce_key);
133- }
134 if (!android::vold::installKey(de_key, &de_raw_ref)) return false;
135- if (!android::vold::installKey(ce_key, &ce_raw_ref)) return false;
136- s_ce_keys[user_id] = std::move(ce_key);
137-
138 s_de_key_raw_refs[user_id] = de_raw_ref;
139+ std::string ce_raw_ref;
140+ if (!android::vold::installKey(ce_key, &ce_raw_ref)) return false;
141+ s_ce_keys[user_id] = ce_key;
142 s_ce_key_raw_refs[user_id] = ce_raw_ref;
143-
144 LOG(DEBUG) << "Created keys for user " << user_id;
145 return true;
146 }
147@@ -388,14 +321,6 @@ static bool load_all_de_keys() {
148 KeyBuffer key;
149 if (!android::vold::retrieveKey(key_path, kEmptyAuthentication, &key)) return false;
150 std::string raw_ref;
151- if (is_wrapped_key_supported()) {
152- KeyBuffer ephemeral_wrapped_key;
153- if (!getEphemeralWrappedKey(KeyFormat::RAW, key, &ephemeral_wrapped_key)) {
154- LOG(ERROR) << "Failed to export de_key in create_and_install_user_keys";
155- return false;
156- }
157- key = std::move(ephemeral_wrapped_key);
158- }
159 if (!android::vold::installKey(key, &raw_ref)) return false;
160 s_de_key_raw_refs[user_id] = raw_ref;
161 LOG(DEBUG) << "Installed de key for user " << user_id;
162@@ -408,7 +333,6 @@ static bool load_all_de_keys() {
163
164 bool e4crypt_initialize_global_de() {
165 LOG(INFO) << "e4crypt_initialize_global_de";
166- bool wrapped_key_supported = false;
167
168 if (s_global_de_initialized) {
169 LOG(INFO) << "Already initialized";
170@@ -416,11 +340,8 @@ bool e4crypt_initialize_global_de() {
171 }
172
173 PolicyKeyRef device_ref;
174- wrapped_key_supported = is_wrapped_key_supported();
175-
176- if (!android::vold::retrieveAndInstallKey(true, kEmptyAuthentication,
177- device_key_path, device_key_temp,
178- &device_ref.key_raw_ref, wrapped_key_supported))
179+ if (!android::vold::retrieveAndInstallKey(true, kEmptyAuthentication, device_key_path,
180+ device_key_temp, &device_ref.key_raw_ref))
181 return false;
182 get_data_file_encryption_modes(&device_ref);
183
184@@ -594,7 +515,6 @@ static bool read_or_create_volkey(const std::string& misc_path, const std::strin
185 PolicyKeyRef* key_ref) {
186 auto secdiscardable_path = volume_secdiscardable_path(volume_uuid);
187 std::string secdiscardable_hash;
188- bool wrapped_key_supported = false;
189 if (android::vold::pathExists(secdiscardable_path)) {
190 if (!android::vold::readSecdiscardable(secdiscardable_path, &secdiscardable_hash))
191 return false;
192@@ -612,10 +532,8 @@ static bool read_or_create_volkey(const std::string& misc_path, const std::strin
193 return false;
194 }
195 android::vold::KeyAuthentication auth("", secdiscardable_hash);
196- wrapped_key_supported = is_wrapped_key_supported_external();
197-
198 if (!android::vold::retrieveAndInstallKey(true, auth, key_path, key_path + "_tmp",
199- &key_ref->key_raw_ref, wrapped_key_supported))
200+ &key_ref->key_raw_ref))
201 return false;
202 key_ref->contents_mode =
203 android::base::GetProperty("ro.crypto.volume.contents_mode", "aes-256-xts");
204@@ -641,74 +559,20 @@ bool e4crypt_add_user_key_auth(userid_t user_id, int serial, const std::string&
205 if (!parse_hex(secret_hex, &secret)) return false;
206 auto auth = secret.empty() ? kEmptyAuthentication
207 : android::vold::KeyAuthentication(token, secret);
208+ auto it = s_ce_keys.find(user_id);
209+ if (it == s_ce_keys.end()) {
210+ LOG(ERROR) << "Key not loaded into memory, can't change for user " << user_id;
211+ return false;
212+ }
213+ const auto &ce_key = it->second;
214 auto const directory_path = get_ce_key_directory_path(user_id);
215 auto const paths = get_ce_key_paths(directory_path);
216-
217- KeyBuffer ce_key;
218- if(is_wrapped_key_supported()) {
219- std::string ce_key_current_path = get_ce_key_current_path(directory_path);
220- if (android::vold::retrieveKey(ce_key_current_path, kEmptyAuthentication, &ce_key)) {
221- LOG(DEBUG) << "Successfully retrieved key";
222- } else {
223- if (android::vold::retrieveKey(ce_key_current_path, auth, &ce_key)) {
224- LOG(DEBUG) << "Successfully retrieved key";
225- }
226- }
227- } else {
228- auto it = s_ce_keys.find(user_id);
229- if (it == s_ce_keys.end()) {
230- LOG(ERROR) << "Key not loaded into memory, can't change for user " << user_id;
231- return false;
232- }
233- ce_key = it->second;
234- }
235-
236 std::string ce_key_path;
237 if (!get_ce_key_new_path(directory_path, paths, &ce_key_path)) return false;
238 if (!android::vold::storeKeyAtomically(ce_key_path, user_key_temp, auth, ce_key)) return false;
239 return true;
240 }
241
242-bool e4crypt_clear_user_key_auth(userid_t user_id, int serial, const std::string& token_hex,
243- const std::string& secret_hex) {
244- LOG(DEBUG) << "e4crypt_clear_user_key_auth " << user_id << " serial=" << serial
245- << " token_present=" << (token_hex != "!");
246- if (!e4crypt_is_native()) return true;
247- if (s_ephemeral_users.count(user_id) != 0) return true;
248- std::string token, secret;
249-
250- if (!parse_hex(token_hex, &token)) return false;
251- if (!parse_hex(secret_hex, &secret)) return false;
252-
253- if (is_wrapped_key_supported()) {
254- auto const directory_path = get_ce_key_directory_path(user_id);
255- auto const paths = get_ce_key_paths(directory_path);
256-
257- KeyBuffer ce_key;
258- std::string ce_key_current_path = get_ce_key_current_path(directory_path);
259-
260- auto auth = android::vold::KeyAuthentication(token, secret);
261- /* Retrieve key while removing a pin. A secret is needed */
262- if (android::vold::retrieveKey(ce_key_current_path, auth, &ce_key)) {
263- LOG(DEBUG) << "Successfully retrieved key";
264- } else {
265- /* Retrieve key when going None to swipe and vice versa when a
266- synthetic password is present */
267- if (android::vold::retrieveKey(ce_key_current_path, kEmptyAuthentication, &ce_key)) {
268- LOG(DEBUG) << "Successfully retrieved key";
269- }
270- }
271-
272- std::string ce_key_path;
273- if (!get_ce_key_new_path(directory_path, paths, &ce_key_path)) return false;
274- if (!android::vold::storeKeyAtomically(ce_key_path, user_key_temp, kEmptyAuthentication, ce_key))
275- return false;
276- } else {
277- if(!e4crypt_add_user_key_auth(user_id, serial, "!", "!")) return false;
278- }
279- return true;
280-}
281-
282 bool e4crypt_fixate_newest_user_key_auth(userid_t user_id) {
283 LOG(DEBUG) << "e4crypt_fixate_newest_user_key_auth " << user_id;
284 if (!e4crypt_is_native()) return true;
285diff --git a/Ext4Crypt.h b/Ext4Crypt.h
286index 5101bf6..a43a68a 100644
287--- a/Ext4Crypt.h
288+++ b/Ext4Crypt.h
289@@ -25,8 +25,6 @@ bool e4crypt_vold_create_user_key(userid_t user_id, int serial, bool ephemeral);
290 bool e4crypt_destroy_user_key(userid_t user_id);
291 bool e4crypt_add_user_key_auth(userid_t user_id, int serial, const std::string& token,
292 const std::string& secret);
293-bool e4crypt_clear_user_key_auth(userid_t user_id, int serial, const std::string& token_hex,
294- const std::string& secret_hex);
295 bool e4crypt_fixate_newest_user_key_auth(userid_t user_id);
296
297 bool e4crypt_unlock_user_key(userid_t user_id, int serial, const std::string& token,
298@@ -38,5 +36,3 @@ bool e4crypt_prepare_user_storage(const std::string& volume_uuid, userid_t user_
299 bool e4crypt_destroy_user_storage(const std::string& volume_uuid, userid_t user_id, int flags);
300
301 bool e4crypt_destroy_volume_keys(const std::string& volume_uuid);
302-bool is_wrapped_key_supported();
303-bool is_wrapped_key_supported_external();
304diff --git a/KeyStorage.cpp b/KeyStorage.cpp
305index 69cd41c..0518930 100644
306--- a/KeyStorage.cpp
307+++ b/KeyStorage.cpp
308@@ -61,7 +61,6 @@ static constexpr size_t SECDISCARDABLE_BYTES = 1 << 14;
309 static constexpr size_t STRETCHED_BYTES = 1 << 6;
310
311 static constexpr uint32_t AUTH_TIMEOUT = 30; // Seconds
312-constexpr int EXT4_AES_256_XTS_KEY_SIZE = 64;
313
314 static const char* kCurrentVersion = "1";
315 static const char* kRmPath = "/system/bin/rm";
316@@ -127,47 +126,6 @@ static bool generateKeymasterKey(Keymaster& keymaster, const KeyAuthentication&
317 return keymaster.generateKey(paramBuilder, key);
318 }
319
320-bool generateWrappedKey(userid_t user_id, KeyType key_type,
321- KeyBuffer* key) {
322- Keymaster keymaster;
323- if (!keymaster) return false;
324- *key = KeyBuffer(EXT4_AES_256_XTS_KEY_SIZE);
325- std::string key_temp;
326- auto paramBuilder = km::AuthorizationSetBuilder()
327- .AesEncryptionKey(AES_KEY_BYTES * 8)
328- .GcmModeMinMacLen(GCM_MAC_BYTES * 8)
329- .Authorization(km::TAG_USER_ID, user_id);
330- km::KeyParameter param1;
331- param1.tag = (km::Tag) (android::hardware::keymaster::V4_0::KM_TAG_FBE_ICE);
332- param1.f.boolValue = true;
333- paramBuilder.push_back(param1);
334-
335- km::KeyParameter param2;
336- if ((key_type == KeyType::DE_USER) || (key_type == KeyType::DE_SYS)) {
337- param2.tag = (km::Tag) (android::hardware::keymaster::V4_0::KM_TAG_KEY_TYPE);
338- param2.f.integer = 0;
339- } else if (key_type == KeyType::CE_USER) {
340- param2.tag = (km::Tag) (android::hardware::keymaster::V4_0::KM_TAG_KEY_TYPE);
341- param2.f.integer = 1;
342- }
343- paramBuilder.push_back(param2);
344-
345- if (!keymaster.generateKey(paramBuilder, &key_temp)) return false;
346- *key = KeyBuffer(key_temp.size());
347- memcpy(reinterpret_cast<void*>(key->data()), key_temp.c_str(), key->size());
348- return true;
349-}
350-
351-bool getEphemeralWrappedKey(km::KeyFormat format, KeyBuffer& kmKey, KeyBuffer* key) {
352- std::string key_temp;
353- Keymaster keymaster;
354- if (!keymaster) return false;
355- if (!keymaster.exportKey(format, kmKey, "!", "!", &key_temp)) return false;
356- *key = KeyBuffer(key_temp.size());
357- memcpy(reinterpret_cast<void*>(key->data()), key_temp.c_str(), key->size());
358- return true;
359-}
360-
361 static std::pair<km::AuthorizationSet, km::HardwareAuthToken> beginParams(
362 const KeyAuthentication& auth, const std::string& appId) {
363 auto paramBuilder = km::AuthorizationSetBuilder()
364diff --git a/KeyStorage.h b/KeyStorage.h
365index 0c2609e..786e5b4 100644
366--- a/KeyStorage.h
367+++ b/KeyStorage.h
368@@ -17,9 +17,8 @@
369 #ifndef ANDROID_VOLD_KEYSTORAGE_H
370 #define ANDROID_VOLD_KEYSTORAGE_H
371
372-#include "Keymaster.h"
373 #include "KeyBuffer.h"
374-#include <ext4_utils/ext4_crypt.h>
375+
376 #include <string>
377
378 namespace android {
379@@ -40,12 +39,6 @@ class KeyAuthentication {
380 const std::string secret;
381 };
382
383-enum class KeyType {
384- DE_SYS,
385- DE_USER,
386- CE_USER
387-};
388-
389 extern const KeyAuthentication kEmptyAuthentication;
390
391 // Checks if path "path" exists.
392@@ -74,8 +67,6 @@ bool retrieveKey(const std::string& dir, const KeyAuthentication& auth, KeyBuffe
393 bool destroyKey(const std::string& dir);
394
395 bool runSecdiscardSingle(const std::string& file);
396-bool generateWrappedKey(userid_t user_id, KeyType key_type, KeyBuffer* key);
397-bool getEphemeralWrappedKey(km::KeyFormat format, KeyBuffer& kmKey, KeyBuffer* key);
398 } // namespace vold
399 } // namespace android
400
401diff --git a/KeyUtil.cpp b/KeyUtil.cpp
402index e8c366f..9885440 100644
403--- a/KeyUtil.cpp
404+++ b/KeyUtil.cpp
405@@ -27,13 +27,8 @@
406 #include <keyutils.h>
407
408 #include "KeyStorage.h"
409-#include "Ext4Crypt.h"
410 #include "Utils.h"
411
412-#define MAX_USER_ID 0xFFFFFFFF
413-
414-using android::hardware::keymaster::V4_0::KeyFormat;
415-using android::vold::KeyType;
416 namespace android {
417 namespace vold {
418
419@@ -127,14 +122,7 @@ bool installKey(const KeyBuffer& key, std::string* raw_ref) {
420 ext4_encryption_key &ext4_key = *reinterpret_cast<ext4_encryption_key*>(ext4KeyBuffer.data());
421
422 if (!fillKey(key, &ext4_key)) return false;
423- if (is_wrapped_key_supported()) {
424- /* When wrapped key is supported, only the first 32 bytes are
425- the same per boot. The second 32 bytes can change as the ephemeral
426- key is different. */
427- *raw_ref = generateKeyRef(ext4_key.raw, (ext4_key.size)/2);
428- } else {
429- *raw_ref = generateKeyRef(ext4_key.raw, ext4_key.size);
430- }
431+ *raw_ref = generateKeyRef(ext4_key.raw, ext4_key.size);
432 key_serial_t device_keyring;
433 if (!e4cryptKeyring(&device_keyring)) return false;
434 for (char const* const* name_prefix = NAME_PREFIXES; *name_prefix != nullptr; name_prefix++) {
435@@ -175,7 +163,7 @@ bool evictKey(const std::string& raw_ref) {
436
437 bool retrieveAndInstallKey(bool create_if_absent, const KeyAuthentication& key_authentication,
438 const std::string& key_path, const std::string& tmp_path,
439- std::string* key_ref, bool wrapped_key_supported) {
440+ std::string* key_ref) {
441 KeyBuffer key;
442 if (pathExists(key_path)) {
443 LOG(DEBUG) << "Key exists, using: " << key_path;
444@@ -186,23 +174,10 @@ bool retrieveAndInstallKey(bool create_if_absent, const KeyAuthentication& key_a
445 return false;
446 }
447 LOG(INFO) << "Creating new key in " << key_path;
448- if (wrapped_key_supported) {
449- if(!generateWrappedKey(MAX_USER_ID, KeyType::DE_SYS, &key)) return false;
450- } else {
451- if (!randomKey(&key)) return false;
452- }
453+ if (!randomKey(&key)) return false;
454 if (!storeKeyAtomically(key_path, tmp_path, key_authentication, key)) return false;
455 }
456
457- if (wrapped_key_supported) {
458- KeyBuffer ephemeral_wrapped_key;
459- if (!getEphemeralWrappedKey(KeyFormat::RAW, key, &ephemeral_wrapped_key)) {
460- LOG(ERROR) << "Failed to export key in retrieveAndInstallKey";
461- return false;
462- }
463- key = std::move(ephemeral_wrapped_key);
464- }
465-
466 if (!installKey(key, key_ref)) {
467 LOG(ERROR) << "Failed to install key in " << key_path;
468 return false;
469diff --git a/KeyUtil.h b/KeyUtil.h
470index e73c065..a85eca1 100644
471--- a/KeyUtil.h
472+++ b/KeyUtil.h
473@@ -19,7 +19,6 @@
474
475 #include "KeyBuffer.h"
476 #include "KeyStorage.h"
477-#include "Keymaster.h"
478
479 #include <string>
480 #include <memory>
481@@ -32,9 +31,10 @@ bool installKey(const KeyBuffer& key, std::string* raw_ref);
482 bool evictKey(const std::string& raw_ref);
483 bool retrieveAndInstallKey(bool create_if_absent, const KeyAuthentication& key_authentication,
484 const std::string& key_path, const std::string& tmp_path,
485- std::string* key_ref, bool wrapped_key_supported);
486+ std::string* key_ref);
487 bool retrieveKey(bool create_if_absent, const std::string& key_path,
488 const std::string& tmp_path, KeyBuffer* key);
489+
490 } // namespace vold
491 } // namespace android
492
493diff --git a/Keymaster.cpp b/Keymaster.cpp
494index ab39ef8..aad4387 100644
495--- a/Keymaster.cpp
496+++ b/Keymaster.cpp
497@@ -138,32 +138,6 @@ bool Keymaster::generateKey(const km::AuthorizationSet& inParams, std::string* k
498 return true;
499 }
500
501-bool Keymaster::exportKey(km::KeyFormat format, KeyBuffer& kmKey, const std::string& clientId,
502- const std::string& appData, std::string* key) {
503- auto kmKeyBlob = km::support::blob2hidlVec(std::string(kmKey.data(), kmKey.size()));
504- auto emptyAssign = NULL;
505- auto kmClientId = (clientId == "!") ? emptyAssign: km::support::blob2hidlVec(clientId);
506- auto kmAppData = (appData == "!") ? emptyAssign: km::support::blob2hidlVec(appData);
507- km::ErrorCode km_error;
508- auto hidlCb = [&](km::ErrorCode ret, const hidl_vec<uint8_t>& exportedKeyBlob) {
509- km_error = ret;
510- if (km_error != km::ErrorCode::OK) return;
511- if(key)
512- key->assign(reinterpret_cast<const char*>(&exportedKeyBlob[0]),
513- exportedKeyBlob.size());
514- };
515- auto error = mDevice->exportKey(format, kmKeyBlob, kmClientId, kmAppData, hidlCb);
516- if (!error.isOk()) {
517- LOG(ERROR) << "export_key failed: " << error.description();
518- return false;
519- }
520- if (km_error != km::ErrorCode::OK) {
521- LOG(ERROR) << "export_key failed, code " << int32_t(km_error);
522- return false;
523- }
524- return true;
525-}
526-
527 bool Keymaster::deleteKey(const std::string& key) {
528 auto keyBlob = km::support::blob2hidlVec(key);
529 auto error = mDevice->deleteKey(keyBlob);
530diff --git a/Keymaster.h b/Keymaster.h
531index c0ec4d3..fabe0f4 100644
532--- a/Keymaster.h
533+++ b/Keymaster.h
534@@ -102,9 +102,6 @@ class Keymaster {
535 explicit operator bool() { return mDevice.get() != nullptr; }
536 // Generate a key in the keymaster from the given params.
537 bool generateKey(const km::AuthorizationSet& inParams, std::string* key);
538- // Export a key from keymaster.
539- bool exportKey(km::KeyFormat format, KeyBuffer& kmKey, const std::string& clientId,
540- const std::string& appData, std::string* key);
541 // If the keymaster supports it, permanently delete a key.
542 bool deleteKey(const std::string& key);
543 // Replace stored key blob in response to KM_ERROR_KEY_REQUIRES_UPGRADE.
544diff --git a/VoldNativeService.cpp b/VoldNativeService.cpp
545index 6bd506a..6d6c6ec 100644
546--- a/VoldNativeService.cpp
547+++ b/VoldNativeService.cpp
548@@ -715,14 +715,6 @@ binder::Status VoldNativeService::addUserKeyAuth(int32_t userId, int32_t userSer
549 return translateBool(e4crypt_add_user_key_auth(userId, userSerial, token, secret));
550 }
551
552-binder::Status VoldNativeService::clearUserKeyAuth(int32_t userId, int32_t userSerial,
553- const std::string& token, const std::string& secret) {
554- ENFORCE_UID(AID_SYSTEM);
555- ACQUIRE_CRYPT_LOCK;
556-
557- return translateBool(e4crypt_clear_user_key_auth(userId, userSerial, token, secret));
558-}
559-
560 binder::Status VoldNativeService::fixateNewestUserKeyAuth(int32_t userId) {
561 ENFORCE_UID(AID_SYSTEM);
562 ACQUIRE_CRYPT_LOCK;
563diff --git a/VoldNativeService.h b/VoldNativeService.h
564index 2403678..da8c660 100644
565--- a/VoldNativeService.h
566+++ b/VoldNativeService.h
567@@ -103,8 +103,6 @@ public:
568
569 binder::Status addUserKeyAuth(int32_t userId, int32_t userSerial,
570 const std::string& token, const std::string& secret);
571- binder::Status clearUserKeyAuth(int32_t userId, int32_t userSerial,
572- const std::string& token, const std::string& secret);
573 binder::Status fixateNewestUserKeyAuth(int32_t userId);
574
575 binder::Status unlockUserKey(int32_t userId, int32_t userSerial,
576diff --git a/binder/android/os/IVold.aidl b/binder/android/os/IVold.aidl
577index 3a54390..9f5b21a 100644
578--- a/binder/android/os/IVold.aidl
579+++ b/binder/android/os/IVold.aidl
580@@ -85,7 +85,6 @@ interface IVold {
581 void destroyUserKey(int userId);
582
583 void addUserKeyAuth(int userId, int userSerial, @utf8InCpp String token, @utf8InCpp String secret);
584- void clearUserKeyAuth(int userId, int userSerial, @utf8InCpp String token, @utf8InCpp String secret);
585 void fixateNewestUserKeyAuth(int userId);
586
587 void unlockUserKey(int userId, int userSerial, @utf8InCpp String token, @utf8InCpp String secret);
588--
Jackeagle57acbdb2019-05-06 19:59:01 +0200[diff] [blame^]5892.21.0
Jackeagle1cba4132018-12-19 17:08:24 +0100[diff] [blame]590