55 lines
2.7 KiB
Diff
55 lines
2.7 KiB
Diff
From 6d24663905ec1735eefc4b13b60f09465b28111a Mon Sep 17 00:00:00 2001
|
|
From: Pierre-Hugues Husson <phh@phh.me>
|
|
Date: Tue, 5 Oct 2021 16:17:15 -0400
|
|
Subject: [PATCH] Fallback to non-rollback resistant keys if not available
|
|
|
|
Boot on Mediatek devices was broken with:
|
|
~ Add ROLLBACK_RESISTANCE tag to key usage
|
|
|
|
Change-Id: I0ab7103c317c70779dee03dce25ba9c9da1629f4
|
|
---
|
|
KeyStorage.cpp | 16 +++++++++++-----
|
|
1 file changed, 11 insertions(+), 5 deletions(-)
|
|
|
|
diff --git a/KeyStorage.cpp b/KeyStorage.cpp
|
|
index 93c5c29..ef089ad 100644
|
|
--- a/KeyStorage.cpp
|
|
+++ b/KeyStorage.cpp
|
|
@@ -378,12 +378,15 @@ static KeymasterOperation BeginKeymasterOp(Keymaster& keymaster, const std::stri
|
|
static bool encryptWithKeymasterKey(Keymaster& keymaster, const std::string& dir,
|
|
const km::AuthorizationSet& keyParams,
|
|
const KeyBuffer& message, std::string* ciphertext) {
|
|
- km::AuthorizationSet opParams =
|
|
+ auto opParams =
|
|
km::AuthorizationSetBuilder()
|
|
- .Authorization(km::TAG_ROLLBACK_RESISTANCE)
|
|
.Authorization(km::TAG_PURPOSE, km::KeyPurpose::ENCRYPT);
|
|
+ auto opParamsWithRollback = opParams;
|
|
+ opParamsWithRollback.Authorization(km::TAG_ROLLBACK_RESISTANCE);
|
|
+
|
|
km::AuthorizationSet outParams;
|
|
- auto opHandle = BeginKeymasterOp(keymaster, dir, keyParams, opParams, &outParams);
|
|
+ auto opHandle = BeginKeymasterOp(keymaster, dir, keyParams, opParamsWithRollback, &outParams);
|
|
+ if (!opHandle) opHandle = BeginKeymasterOp(keymaster, dir, keyParams, opParams, &outParams);
|
|
if (!opHandle) return false;
|
|
auto nonceBlob = outParams.GetTagValue(km::TAG_NONCE);
|
|
if (!nonceBlob) {
|
|
@@ -410,9 +413,12 @@ static bool decryptWithKeymasterKey(Keymaster& keymaster, const std::string& dir
|
|
auto bodyAndMac = ciphertext.substr(GCM_NONCE_BYTES);
|
|
auto opParams = km::AuthorizationSetBuilder()
|
|
.Authorization(km::TAG_NONCE, nonce)
|
|
- .Authorization(km::TAG_ROLLBACK_RESISTANCE)
|
|
.Authorization(km::TAG_PURPOSE, km::KeyPurpose::DECRYPT);
|
|
- auto opHandle = BeginKeymasterOp(keymaster, dir, keyParams, opParams, nullptr);
|
|
+ auto opParamsWithRollback = opParams;
|
|
+ opParamsWithRollback.Authorization(km::TAG_ROLLBACK_RESISTANCE);
|
|
+
|
|
+ auto opHandle = BeginKeymasterOp(keymaster, dir, keyParams, opParamsWithRollback, nullptr);
|
|
+ if (!opHandle) opHandle = BeginKeymasterOp(keymaster, dir, keyParams, opParams, nullptr);
|
|
if (!opHandle) return false;
|
|
if (!opHandle.updateCompletely(bodyAndMac, message)) return false;
|
|
if (!opHandle.finish(nullptr)) return false;
|
|
--
|
|
2.33.0
|
|
|