Merge "Stop using the "stretching" file" am: b0a170136c am: 20695553e1
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/2252876
Change-Id: I99d3b6ab789c897ae888e83b5e5130f877ab3768
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
diff --git a/KeyStorage.cpp b/KeyStorage.cpp
index b8000fa..55c1709 100644
--- a/KeyStorage.cpp
+++ b/KeyStorage.cpp
@@ -57,16 +57,14 @@
static const char* kCurrentVersion = "1";
static const char* kRmPath = "/system/bin/rm";
static const char* kSecdiscardPath = "/system/bin/secdiscard";
-static const char* kStretch_none = "none";
-static const char* kStretch_nopassword = "nopassword";
static const char* kHashPrefix_secdiscardable = "Android secdiscardable SHA512";
static const char* kHashPrefix_keygen = "Android key wrapping key generation SHA512";
static const char* kFn_encrypted_key = "encrypted_key";
static const char* kFn_keymaster_key_blob = "keymaster_key_blob";
static const char* kFn_keymaster_key_blob_upgraded = "keymaster_key_blob_upgraded";
static const char* kFn_secdiscardable = "secdiscardable";
-static const char* kFn_stretching = "stretching";
static const char* kFn_version = "version";
+// Note: old key directories may contain a file named "stretching".
namespace {
@@ -412,36 +410,9 @@
return true;
}
-static std::string getStretching(const KeyAuthentication& auth) {
- if (auth.usesKeystore()) {
- return kStretch_nopassword;
- } else {
- return kStretch_none;
- }
-}
-
-static bool stretchSecret(const std::string& stretching, const std::string& secret,
- std::string* stretched) {
- if (stretching == kStretch_nopassword) {
- if (!secret.empty()) {
- LOG(WARNING) << "Password present but stretching is nopassword";
- // Continue anyway
- }
- stretched->clear();
- } else if (stretching == kStretch_none) {
- *stretched = secret;
- } else {
- LOG(ERROR) << "Unknown stretching type: " << stretching;
- return false;
- }
- return true;
-}
-
-static bool generateAppId(const KeyAuthentication& auth, const std::string& stretching,
- const std::string& secdiscardable_hash, std::string* appId) {
- std::string stretched;
- if (!stretchSecret(stretching, auth.secret, &stretched)) return false;
- *appId = secdiscardable_hash + stretched;
+static std::string generateAppId(const KeyAuthentication& auth,
+ const std::string& secdiscardable_hash) {
+ std::string appId = secdiscardable_hash + auth.secret;
const std::lock_guard<std::mutex> scope_lock(storage_binding_info.guard);
switch (storage_binding_info.state) {
@@ -449,14 +420,13 @@
storage_binding_info.state = StorageBindingInfo::State::NOT_USED;
break;
case StorageBindingInfo::State::IN_USE:
- appId->append(storage_binding_info.seed.begin(), storage_binding_info.seed.end());
+ appId.append(storage_binding_info.seed.begin(), storage_binding_info.seed.end());
break;
case StorageBindingInfo::State::NOT_USED:
// noop
break;
}
-
- return true;
+ return appId;
}
static void logOpensslError() {
@@ -583,10 +553,7 @@
if (auth.usesKeystore() &&
!createSecdiscardable(dir + "/" + kFn_secdiscardable, &secdiscardable_hash))
return false;
- std::string stretching = getStretching(auth);
- if (!writeStringToFile(stretching, dir + "/" + kFn_stretching)) return false;
- std::string appId;
- if (!generateAppId(auth, stretching, secdiscardable_hash, &appId)) return false;
+ std::string appId = generateAppId(auth, secdiscardable_hash);
std::string encryptedKey;
if (auth.usesKeystore()) {
Keystore keystore;
@@ -638,10 +605,7 @@
}
std::string secdiscardable_hash;
if (!readSecdiscardable(dir + "/" + kFn_secdiscardable, &secdiscardable_hash)) return false;
- std::string stretching;
- if (!readFileToString(dir + "/" + kFn_stretching, &stretching)) return false;
- std::string appId;
- if (!generateAppId(auth, stretching, secdiscardable_hash, &appId)) return false;
+ std::string appId = generateAppId(auth, secdiscardable_hash);
std::string encryptedMessage;
if (!readFileToString(dir + "/" + kFn_encrypted_key, &encryptedMessage)) return false;
if (auth.usesKeystore()) {