Snap for 6001299 from 6f324990d076bbebbede266a672321a2845b8a93 to qt-aml-media-release
Change-Id: I9512da9e0fd5ddec1a3ddb4a2c5fc1b29036fcbe
diff --git a/keystore/blob.h b/keystore/blob.h
index ce488ec..e0bd146 100644
--- a/keystore/blob.h
+++ b/keystore/blob.h
@@ -37,6 +37,7 @@
constexpr size_t kGcmTagLength = 128 / 8;
constexpr size_t kGcmIvLength = 96 / 8;
constexpr size_t kAes128KeySizeBytes = 128 / 8;
+constexpr size_t kAes256KeySizeBytes = 256 / 8;
/* Here is the file format. There are two parts in blob.value, the secret and
* the description. The secret is stored in ciphertext, and its original size
diff --git a/keystore/user_state.cpp b/keystore/user_state.cpp
index bc3f6d9..8d993e2 100644
--- a/keystore/user_state.cpp
+++ b/keystore/user_state.cpp
@@ -140,10 +140,13 @@
}
ResponseCode UserState::writeMasterKey(const android::String8& pw) {
- std::vector<uint8_t> passwordKey(MASTER_KEY_SIZE_BYTES);
+ std::vector<uint8_t> passwordKey(mMasterKey.size());
generateKeyFromPassword(passwordKey, pw, mSalt);
- Blob masterKeyBlob(mMasterKey.data(), mMasterKey.size(), mSalt, sizeof(mSalt),
- TYPE_MASTER_KEY_AES256);
+ auto blobType = TYPE_MASTER_KEY_AES256;
+ if (mMasterKey.size() == kAes128KeySizeBytes) {
+ blobType = TYPE_MASTER_KEY;
+ }
+ Blob masterKeyBlob(mMasterKey.data(), mMasterKey.size(), mSalt, sizeof(mSalt), blobType);
auto lockedEntry = LockedKeyBlobEntry::get(mMasterKeyEntry);
return lockedEntry.writeBlobs(masterKeyBlob, {}, passwordKey, STATE_NO_ERROR);
}
@@ -174,7 +177,7 @@
size_t masterKeySize = MASTER_KEY_SIZE_BYTES;
if (rawBlob.type == TYPE_MASTER_KEY) {
- masterKeySize = SHA1_DIGEST_SIZE_BYTES;
+ masterKeySize = kAes128KeySizeBytes;
}
std::vector<uint8_t> passwordKey(masterKeySize);
@@ -263,7 +266,7 @@
const EVP_MD* digest = EVP_sha256();
// SHA1 was used prior to increasing the key size
- if (key.size() == SHA1_DIGEST_SIZE_BYTES) {
+ if (key.size() == kAes128KeySizeBytes) {
digest = EVP_sha1();
}
diff --git a/keystore/user_state.h b/keystore/user_state.h
index b0671e3..620aaa5 100644
--- a/keystore/user_state.h
+++ b/keystore/user_state.h
@@ -75,14 +75,14 @@
bool operator<(uid_t userId) const;
private:
- static const int SHA1_DIGEST_SIZE_BYTES = 16;
- static const int SHA256_DIGEST_SIZE_BYTES = 32;
+ static constexpr int SHA1_DIGEST_SIZE_BYTES = 16;
+ static constexpr int SHA256_DIGEST_SIZE_BYTES = 32;
- static const int MASTER_KEY_SIZE_BYTES = SHA256_DIGEST_SIZE_BYTES;
- static const int MASTER_KEY_SIZE_BITS = MASTER_KEY_SIZE_BYTES * 8;
+ static constexpr int MASTER_KEY_SIZE_BYTES = kAes256KeySizeBytes;
+ static constexpr int MASTER_KEY_SIZE_BITS = MASTER_KEY_SIZE_BYTES * 8;
- static const int MAX_RETRY = 4;
- static const size_t SALT_SIZE = 16;
+ static constexpr int MAX_RETRY = 4;
+ static constexpr size_t SALT_SIZE = 16;
void generateKeyFromPassword(std::vector<uint8_t>& key, const android::String8& pw,
uint8_t* salt);