Support keys with a secret but no token, which are handled not using Keymaster but in-process crypto. Bug: 33384925 Test: manual for now: patch KeyAuthentication.usesKeymaster() to always return true; flash a FBE device, add a device PIN, reboot and verify PIN can unlock FBE. Then clear device PIN, reboot and verify FBE is unlocked automatically. In both cases, check there is no keymaster_key_blob in /data/misc/vold/user_keys/ce/0/current/ Unit tests to be added. Change-Id: Ia94e2b39d60bfd98c7a8347a5ba043eeab6928c5

commit: 6ab2cabd1941bc20bc595e0dd9b4f1f2edb4a39f [log] [tgz]
author: Paul Crowley <paulcrowley@google.com> Wed Jan 04 22:32:40 2017 -0800
committer: Rubin Xu <rubinxu@google.com> Mon Feb 13 23:37:31 2017 +0000
tree: a40b388555d21a4ee84c69afc674cebd7d81a100
parent: d8c0a7e426aad56fe22dc6441473c15e9b216c20 [diff] [blame]
diff --git a/KeyStorage.h b/KeyStorage.h
index 10ed789..65458d4 100644
--- a/KeyStorage.h
+++ b/KeyStorage.h

@@ -24,11 +24,15 @@
 
 // Represents the information needed to decrypt a disk encryption key.
 // If "token" is nonempty, it is passed in as a required Gatekeeper auth token.
-// If "secret" is nonempty, it is appended to the application-specific
+// If "token" and "secret" are nonempty, "secret" is appended to the application-specific
 // binary needed to unlock.
+// If only "secret" is nonempty, it is used to decrypt in a non-Keymaster process.
 class KeyAuthentication {
   public:
     KeyAuthentication(std::string t, std::string s) : token{t}, secret{s} {};
+
+    bool usesKeymaster() const { return !token.empty() || secret.empty(); };
+
     const std::string token;
     const std::string secret;
 };
commit	6ab2cabd1941bc20bc595e0dd9b4f1f2edb4a39f	[log] [tgz]
author	Paul Crowley <paulcrowley@google.com>	Wed Jan 04 22:32:40 2017 -0800
committer	Rubin Xu <rubinxu@google.com>	Mon Feb 13 23:37:31 2017 +0000
tree	a40b388555d21a4ee84c69afc674cebd7d81a100
parent	d8c0a7e426aad56fe22dc6441473c15e9b216c20 [diff] [blame]