commit 5a6afd088fcc6830e9c74d8691cefb380533fb61
author Shawn Willden <swillden@google.com> Wed May 09 15:47:15 2018 -0600
committer Shawn Willden <swillden@google.com> Wed May 09 15:47:15 2018 -0600
tree f0052fa6ecac5e7a2528a5a07329f5a97bce858a
parent 33aac2dda210791b4ba155d204ceff56b77a28a9

Move HMAC agreement to vold

Bug: 79307225
Test: Boot
Change-Id: I16bcb8d779413fff601645ac0b97215c6aa5b8e3

keystore/keystore_main.cpp

diff --git a/keystore/keystore_main.cpp b/keystore/keystore_main.cpp
index 58f0733..82d4e69 100644
--- a/keystore/keystore_main.cpp
+++ b/keystore/keystore_main.cpp
@@ -108,61 +108,12 @@
     return result;
 }
 
-void performHmacKeyHandshake(std::initializer_list<const sp<Keymaster>> keymasters) {
-    hidl_vec<HmacSharingParameters> hmacSharingParams(keymasters.size());
-    int index = 0;
-    for (const auto& km : keymasters) {
-        if (!km) continue;
-        ErrorCode ec = ErrorCode::OK;
-        auto rc =
-            km->getHmacSharingParameters([&](ErrorCode error, const HmacSharingParameters& params) {
-                ec = error;
-                if (error == ErrorCode::OK) hmacSharingParams[index] = params;
-            });
-        CHECK(rc.isOk()) << "Communication error while calling getHmacSharingParameters on"
-                            " Keymaster with index: "
-                         << index;
-        CHECK(ec == ErrorCode::OK) << "Failed to get HmacSharingParameters from Keymaster "
-                                   << km->halVersion().keymasterName << " at index: " << index;
-        ++index;
-    }
-    hmacSharingParams.resize(index);
-    hidl_vec<uint8_t> sharingCheck;
-    index = 0;
-    for (const auto& km : keymasters) {
-        if (!km) continue;
-        ErrorCode ec = ErrorCode::OK;
-        auto rc = km->computeSharedHmac(
-            hmacSharingParams, [&](ErrorCode error, const hidl_vec<uint8_t>& sharingCheck_) {
-                ec = error;
-                if (error != ErrorCode::OK) return;
-                if (index == 0) {
-                    sharingCheck = sharingCheck_;
-                } else {
-                    CHECK(sharingCheck == sharingCheck_)
-                        << "Hmac Key computation failed (current index: " << index << ")";
-                }
-            });
-        CHECK(rc.isOk()) << "Communication error while calling computeSharedHmac on"
-                            " Keymaster with index: "
-                         << index;
-        CHECK(ec == ErrorCode::OK) << "Failed to compute shared hmac key from"
-                                      " Keymaster with index: "
-                                   << index;
-        ++index;
-    }
-}
-
 KeymasterDevices initializeKeymasters() {
     auto serviceManager = android::hidl::manager::V1_1::IServiceManager::getService();
     CHECK(serviceManager.get()) << "Failed to get ServiceManager";
     auto result = enumerateKeymasterDevices<Keymaster4>(serviceManager.get());
     auto softKeymaster = result[SecurityLevel::SOFTWARE];
-    if (result[SecurityLevel::TRUSTED_ENVIRONMENT]) {
-        // TODO(swillden): Put this back when StrongBox KM works. b/77533310
-        // performHmacKeyHandshake(
-        //     {result[SecurityLevel::TRUSTED_ENVIRONMENT], result[SecurityLevel::STRONGBOX]});
-    } else {
+    if (!result[SecurityLevel::TRUSTED_ENVIRONMENT]) {
         result = enumerateKeymasterDevices<Keymaster3>(serviceManager.get());
     }
     if (softKeymaster) result[SecurityLevel::SOFTWARE] = softKeymaster;