Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / system / vold / 291fec178925fe7cd724b3d345bfcfbb98d87f52
commit291fec178925fe7cd724b3d345bfcfbb98d87f52[log] [tgz]
authorGreg Kaiser <gkaiser@google.com>Fri Feb 09 18:24:59 2018 -0800
committerGreg Kaiser <gkaiser@google.com>Mon Feb 12 09:07:16 2018 -0800
tree8b6968fe9d0c0fbf5bf2713671917eea7022cb27
parent4a35ef0a53d1f8041adc8bf49585e700bb7af803 [diff]
cryptfs: Optionally get crypt type from properties

Instead of hardcoding to "aes-cbc-essiv:sha256", we introduce a
new property, "ro.crypto.crypt_type_name", to allow the use of
different crypt methods.  The only other method we currently
support is "speck128-xts-plain64", although new methods are
easily added.

We intentionally derive things like the keysize from the given
crypt name, to reduce exploit vectors.  We also only accept
crypt names the code has whitelisted.

The biggest impact is replacing the hard-coded KEY_LEN_BYTES.
For compile-time buffers, we use the MAX_KEY_LEN to assure they
will be big enough for any crypt type.  For run-time sizing,
we use the value derived from our property.

Bug: 73079191
Test: On an encrypted gobo, booted successfully with (1) no property set, (2) proproperty set to invalid value (and confirmed we defaulted to aes), and (3) after wiping userdata, with property set to "speck128-xts-plain64", confirmed we were using SPECK.
Change-Id: Ic4e10840d6ee2a4d4df58582448e0f768e6f403f
1 file changed
tree: 8b6968fe9d0c0fbf5bf2713671917eea7022cb27
  1. bench/
  2. binder/
  3. fs/
  4. model/
  5. tests/
  6. .clang-format
  7. Android.bp
  8. Benchmark.cpp
  9. Benchmark.h
  10. BenchmarkGen.h
  11. CheckEncryption.cpp
  12. CheckEncryption.h
  13. CleanSpec.mk
  14. cryptfs.cpp
  15. cryptfs.h
  16. Devmapper.cpp
  17. Devmapper.h
  18. EncryptInplace.cpp
  19. EncryptInplace.h
  20. Ext4Crypt.cpp
  21. Ext4Crypt.h
  22. FileDeviceUtils.cpp
  23. FileDeviceUtils.h
  24. hash.h
  25. IdleMaint.cpp
  26. IdleMaint.h
  27. KeyBuffer.cpp
  28. KeyBuffer.h
  29. Keymaster.cpp
  30. Keymaster.h
  31. KeyStorage.cpp
  32. KeyStorage.h
  33. KeyUtil.cpp
  34. KeyUtil.h
  35. Loop.cpp
  36. Loop.h
  37. main.cpp
  38. MetadataCrypt.cpp
  39. MetadataCrypt.h
  40. MoveStorage.cpp
  41. MoveStorage.h
  42. NetlinkHandler.cpp
  43. NetlinkHandler.h
  44. NetlinkManager.cpp
  45. NetlinkManager.h
  46. OWNERS
  47. PREUPLOAD.cfg
  48. Process.cpp
  49. Process.h
  50. ScryptParameters.cpp
  51. ScryptParameters.h
  52. secdiscard.cpp
  53. secontext.cpp
  54. secontext.h
  55. sehandle.h
  56. Utils.cpp
  57. Utils.h
  58. vdc.cpp
  59. vdc.rc
  60. vold.rc
  61. vold_prepare_subdirs.cpp
  62. VoldNativeService.cpp
  63. VoldNativeService.h
  64. VoldUtil.cpp
  65. VoldUtil.h
  66. VolumeManager.cpp
  67. VolumeManager.h