vold: rename from "ext4 encryption" to fscrypt
We support file-based encryption on both ext4 and f2fs now, and the
kernel API is the same. So rename things appropriately in vold:
e4crypt => fscrypt
ext4enc => fscrypt
Ext4Crypt => FsCrypt
EXT4_* => FS_*
ext4_encryption_key => fscrypt_key
Additionally, the common functions shared by 'vold' and 'init' are now
in libfscrypt rather than ext4_utils. So update vold to link to
libfscrypt and include the renamed headers.
Note: there's a chance of 'fscrypt' being confused with the dm-crypt
based encryption code in vold which is called 'cryptfs'. However,
fscrypt is the name used in the kernel for ext4/f2fs/ubifs encryption,
and it's preferable to use the same name in userspace.
Test: built, booted device with f2fs encryption
Change-Id: I2a46a49f30d9c0b73d6f6fe09e4a4904d4138ff6
diff --git a/KeyUtil.cpp b/KeyUtil.cpp
index 29ba699..252edeb 100644
--- a/KeyUtil.cpp
+++ b/KeyUtil.cpp
@@ -32,22 +32,19 @@
namespace android {
namespace vold {
-// ext4enc:TODO get this const from somewhere good
-const int EXT4_KEY_DESCRIPTOR_SIZE = 8;
-
-// ext4enc:TODO Include structure from somewhere sensible
-// MUST be in sync with ext4_crypto.c in kernel
-constexpr int EXT4_ENCRYPTION_MODE_AES_256_XTS = 1;
-constexpr int EXT4_AES_256_XTS_KEY_SIZE = 64;
-constexpr int EXT4_MAX_KEY_SIZE = 64;
-struct ext4_encryption_key {
+// fscrypt:TODO get these definitions from <linux/fs.h>
+constexpr int FS_KEY_DESCRIPTOR_SIZE = 8;
+constexpr int FS_ENCRYPTION_MODE_AES_256_XTS = 1;
+constexpr int FS_AES_256_XTS_KEY_SIZE = 64;
+constexpr int FS_MAX_KEY_SIZE = 64;
+struct fscrypt_key {
uint32_t mode;
- char raw[EXT4_MAX_KEY_SIZE];
+ char raw[FS_MAX_KEY_SIZE];
uint32_t size;
};
bool randomKey(KeyBuffer* key) {
- *key = KeyBuffer(EXT4_AES_256_XTS_KEY_SIZE);
+ *key = KeyBuffer(FS_AES_256_XTS_KEY_SIZE);
if (ReadRandomBytes(key->size(), key->data()) != 0) {
// TODO status_t plays badly with PLOG, fix it.
LOG(ERROR) << "Random read failed";
@@ -70,21 +67,20 @@
unsigned char key_ref2[SHA512_DIGEST_LENGTH];
SHA512_Final(key_ref2, &c);
- static_assert(EXT4_KEY_DESCRIPTOR_SIZE <= SHA512_DIGEST_LENGTH,
- "Hash too short for descriptor");
- return std::string((char*)key_ref2, EXT4_KEY_DESCRIPTOR_SIZE);
+ static_assert(FS_KEY_DESCRIPTOR_SIZE <= SHA512_DIGEST_LENGTH, "Hash too short for descriptor");
+ return std::string((char*)key_ref2, FS_KEY_DESCRIPTOR_SIZE);
}
-static bool fillKey(const KeyBuffer& key, ext4_encryption_key* ext4_key) {
- if (key.size() != EXT4_AES_256_XTS_KEY_SIZE) {
+static bool fillKey(const KeyBuffer& key, fscrypt_key* fs_key) {
+ if (key.size() != FS_AES_256_XTS_KEY_SIZE) {
LOG(ERROR) << "Wrong size key " << key.size();
return false;
}
- static_assert(EXT4_AES_256_XTS_KEY_SIZE <= sizeof(ext4_key->raw), "Key too long!");
- ext4_key->mode = EXT4_ENCRYPTION_MODE_AES_256_XTS;
- ext4_key->size = key.size();
- memset(ext4_key->raw, 0, sizeof(ext4_key->raw));
- memcpy(ext4_key->raw, key.data(), key.size());
+ static_assert(FS_AES_256_XTS_KEY_SIZE <= sizeof(fs_key->raw), "Key too long!");
+ fs_key->mode = FS_ENCRYPTION_MODE_AES_256_XTS;
+ fs_key->size = key.size();
+ memset(fs_key->raw, 0, sizeof(fs_key->raw));
+ memcpy(fs_key->raw, key.data(), key.size());
return true;
}
@@ -100,8 +96,8 @@
}
// Get the keyring we store all keys in
-static bool e4cryptKeyring(key_serial_t* device_keyring) {
- *device_keyring = keyctl_search(KEY_SPEC_SESSION_KEYRING, "keyring", "e4crypt", 0);
+static bool fscryptKeyring(key_serial_t* device_keyring) {
+ *device_keyring = keyctl_search(KEY_SPEC_SESSION_KEYRING, "keyring", "fscrypt", 0);
if (*device_keyring == -1) {
PLOG(ERROR) << "Unable to find device keyring";
return false;
@@ -112,18 +108,18 @@
// Install password into global keyring
// Return raw key reference for use in policy
bool installKey(const KeyBuffer& key, std::string* raw_ref) {
- // Place ext4_encryption_key into automatically zeroing buffer.
- KeyBuffer ext4KeyBuffer(sizeof(ext4_encryption_key));
- ext4_encryption_key& ext4_key = *reinterpret_cast<ext4_encryption_key*>(ext4KeyBuffer.data());
+ // Place fscrypt_key into automatically zeroing buffer.
+ KeyBuffer fsKeyBuffer(sizeof(fscrypt_key));
+ fscrypt_key& fs_key = *reinterpret_cast<fscrypt_key*>(fsKeyBuffer.data());
- if (!fillKey(key, &ext4_key)) return false;
- *raw_ref = generateKeyRef(ext4_key.raw, ext4_key.size);
+ if (!fillKey(key, &fs_key)) return false;
+ *raw_ref = generateKeyRef(fs_key.raw, fs_key.size);
key_serial_t device_keyring;
- if (!e4cryptKeyring(&device_keyring)) return false;
+ if (!fscryptKeyring(&device_keyring)) return false;
for (char const* const* name_prefix = NAME_PREFIXES; *name_prefix != nullptr; name_prefix++) {
auto ref = keyname(*name_prefix, *raw_ref);
key_serial_t key_id =
- add_key("logon", ref.c_str(), (void*)&ext4_key, sizeof(ext4_key), device_keyring);
+ add_key("logon", ref.c_str(), (void*)&fs_key, sizeof(fs_key), device_keyring);
if (key_id == -1) {
PLOG(ERROR) << "Failed to insert key into keyring " << device_keyring;
return false;
@@ -136,7 +132,7 @@
bool evictKey(const std::string& raw_ref) {
key_serial_t device_keyring;
- if (!e4cryptKeyring(&device_keyring)) return false;
+ if (!fscryptKeyring(&device_keyring)) return false;
bool success = true;
for (char const* const* name_prefix = NAME_PREFIXES; *name_prefix != nullptr; name_prefix++) {
auto ref = keyname(*name_prefix, raw_ref);