Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_vold / 23452c1e3a2178283a56e8f1577e0367d1daaf7b^! / . / cryptfs.cpp
commit23452c1e3a2178283a56e8f1577e0367d1daaf7b[log] [tgz]
authorSatya Tangirala <satyat@google.com>Mon Mar 22 23:29:15 2021 -0700
committerSatya Tangirala <satyat@google.com>Thu Apr 08 00:47:54 2021 +0000
treeb7b56facd873c3443b15666f7f516580b138642e
parente8de4ffd73b7da76dfae8ee959226dca9df45ae5 [diff] [blame]
Remove Keymaster::isSecure() and simplify callers

Now that isSecure() always returns true, we can remove it and simplify
all the callers (i.e. cryptfs). Refer to the commit description for
Iaebfef082eca0da8a305043fafb6d85e5de14cf8 for why this function always
return true.

Bug: 181910578
Test: Cuttlefish and bramble boot
Change-Id: I185dd8180bd7842b05295263f0b1aa7205329a88

diff --git a/cryptfs.cpp b/cryptfs.cpp
index deba6da..5764b5d 100644
--- a/cryptfs.cpp
+++ b/cryptfs.cpp

@@ -328,11 +328,6 @@
     return KeyGeneration{get_crypto_type().get_keysize(), true, false};
 }
 
-/* Should we use keymaster? */
-static int keymaster_check_compatibility() {
-    return keymaster_compatibility_cryptfs_scrypt();
-}
-
 static bool write_string_to_buf(const std::string& towrite, uint8_t* buffer, uint32_t buffer_size,
                                 uint32_t* out_size) {
     if (!buffer || !out_size) {
@@ -1834,7 +1829,6 @@
     char tmp_mount_point[64];
     unsigned int orig_failed_decrypt_count;
     int rc;
-    int use_keymaster = 0;
     int upgrade = 0;
     unsigned char* intermediate_key = 0;
     size_t intermediate_key_size = 0;
@@ -1916,15 +1910,9 @@
         rc = 0;
 
         // Upgrade if we're not using the latest KDF.
-        use_keymaster = keymaster_check_compatibility();
-        if (crypt_ftr->kdf_type == KDF_SCRYPT_KEYMASTER) {
-            // Don't allow downgrade
-        } else if (use_keymaster == 1 && crypt_ftr->kdf_type != KDF_SCRYPT_KEYMASTER) {
+        if (crypt_ftr->kdf_type != KDF_SCRYPT_KEYMASTER) {
             crypt_ftr->kdf_type = KDF_SCRYPT_KEYMASTER;
             upgrade = 1;
-        } else if (use_keymaster == 0 && crypt_ftr->kdf_type != KDF_SCRYPT) {
-            crypt_ftr->kdf_type = KDF_SCRYPT;
-            upgrade = 1;
         }
 
         if (upgrade) {
@@ -2128,20 +2116,7 @@
     ftr->minor_version = CURRENT_MINOR_VERSION;
     ftr->ftr_size = sizeof(struct crypt_mnt_ftr);
     ftr->keysize = get_crypto_type().get_keysize();
-
-    switch (keymaster_check_compatibility()) {
-        case 1:
-            ftr->kdf_type = KDF_SCRYPT_KEYMASTER;
-            break;
-
-        case 0:
-            ftr->kdf_type = KDF_SCRYPT;
-            break;
-
-        default:
-            SLOGE("keymaster_check_compatibility failed");
-            return -1;
-    }
+    ftr->kdf_type = KDF_SCRYPT_KEYMASTER;
 
     get_device_scrypt_params(ftr);