When we forget a volume, forget per-volume key
Protect all per-volume-per-user keys with a per-volume key, which is
forgotten when the volume is forgotten. This means that the user's key
is securely lost even when their storage is encrypted at forgetting
time.
Bug: 25861755
Test: create a volume, forget it, check logs and filesystem.
Change-Id: I8df77bc91bbfa2258e082ddd54d6160dbf39b378
diff --git a/KeyUtil.h b/KeyUtil.h
index 412b0ae..a85eca1 100644
--- a/KeyUtil.h
+++ b/KeyUtil.h
@@ -18,6 +18,7 @@
#define ANDROID_VOLD_KEYUTIL_H
#include "KeyBuffer.h"
+#include "KeyStorage.h"
#include <string>
#include <memory>
@@ -28,8 +29,9 @@
bool randomKey(KeyBuffer* key);
bool installKey(const KeyBuffer& key, std::string* raw_ref);
bool evictKey(const std::string& raw_ref);
-bool retrieveAndInstallKey(bool create_if_absent, const std::string& key_path,
- const std::string& tmp_path, std::string* key_ref);
+bool retrieveAndInstallKey(bool create_if_absent, const KeyAuthentication& key_authentication,
+ const std::string& key_path, const std::string& tmp_path,
+ std::string* key_ref);
bool retrieveKey(bool create_if_absent, const std::string& key_path,
const std::string& tmp_path, KeyBuffer* key);