Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_security / 7a65839abae7d6f425735b83602573e43824152a^! / . / keystore2 / src / authorization.rs
commit7a65839abae7d6f425735b83602573e43824152a[log] [tgz]
authorPaul Crowley <paulcrowley@google.com>Thu Mar 18 17:08:20 2021 -0700
committerPaul Crowley <paulcrowley@google.com>Wed Mar 24 13:13:04 2021 -0700
treea492d2e59498cd45e54a80626f34e673ee42b040
parent7bb5eddbeb72b18404c6a3b69d9a3ad4180b0258 [diff] [blame]
Symmetric keyguard-bound superencryption

Bug: 163866361
Test: keystore2_test
Test: atest android.keystore.cts.CipherTest#testEmptyPlaintextEncryptsAndDecryptsWhenUnlockedRequired
Change-Id: I8b6136dce9ae93ffbeea04f41eaf468f82c67a91

diff --git a/keystore2/src/authorization.rs b/keystore2/src/authorization.rs
index 553746a..06b5598 100644
--- a/keystore2/src/authorization.rs
+++ b/keystore2/src/authorization.rs

@@ -138,6 +138,16 @@
                 check_keystore_permission(KeystorePerm::unlock())
                     .context("In on_lock_screen_event: Unlock with password.")?;
                 ENFORCEMENTS.set_device_locked(user_id, false);
+
+                DB.with(|db| {
+                    SUPER_KEY.unlock_screen_lock_bound_key(
+                        &mut db.borrow_mut(),
+                        user_id as u32,
+                        &password,
+                    )
+                })
+                .context("In on_lock_screen_event: unlock_screen_lock_bound_key failed")?;
+
                 // Unlock super key.
                 if let UserState::Uninitialized = DB
                     .with(|db| {
@@ -168,6 +178,8 @@
                 check_keystore_permission(KeystorePerm::lock())
                     .context("In on_lock_screen_event: Lock")?;
                 ENFORCEMENTS.set_device_locked(user_id, true);
+                SUPER_KEY.lock_screen_lock_bound_key(user_id as u32);
+
                 Ok(())
             }
             _ => {