Use a longer timeout on the disk encryption keys
Avoid a timeout error by extending the time allowed between getting
the auth token and decrypting the key from five to thirty seconds.
Bug: 28398766
Change-Id: I1dbb9e0e33707e7de4c1720ad1b8e153c77094b2
diff --git a/KeyStorage.cpp b/KeyStorage.cpp
index f2b16e3..5234c56 100644
--- a/KeyStorage.cpp
+++ b/KeyStorage.cpp
@@ -56,6 +56,8 @@
static constexpr size_t SECDISCARDABLE_BYTES = 1 << 14;
static constexpr size_t STRETCHED_BYTES = 1 << 6;
+static constexpr uint32_t AUTH_TIMEOUT = 30; // Seconds
+
static const char* kCurrentVersion = "1";
static const char* kRmPath = "/system/bin/rm";
static const char* kSecdiscardPath = "/system/bin/secdiscard";
@@ -115,7 +117,7 @@
const hw_auth_token_t* at = reinterpret_cast<const hw_auth_token_t*>(auth.token.data());
paramBuilder.Authorization(keymaster::TAG_USER_SECURE_ID, at->user_id);
paramBuilder.Authorization(keymaster::TAG_USER_AUTH_TYPE, HW_AUTH_PASSWORD);
- paramBuilder.Authorization(keymaster::TAG_AUTH_TIMEOUT, 5);
+ paramBuilder.Authorization(keymaster::TAG_AUTH_TIMEOUT, AUTH_TIMEOUT);
}
return keymaster.generateKey(paramBuilder.build(), key);
}