Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / system / vold / dd0a81e6961b0efe5b3a68e6b4f950da38e1c442^! / . / KeyUtil.cpp
commitdd0a81e6961b0efe5b3a68e6b4f950da38e1c442[log] [tgz]
authorDiego Wilson <diegowilson@google.com>Tue Nov 20 11:38:50 2018 -0800
committerBrian Orr <brianorr@google.com>Tue Dec 04 11:37:00 2018 -0800
tree2af38ea874f8715baa5354849205e7a5d939182f
parent7babbe6c96490ba078179d8b29adaa66a5ff399d [diff] [blame]
parent0792bbc36ff0dba0e2a4a54ba832f2fd36065ee8 [diff] [blame]
Merge QP1A.181119.002

Change-Id: I1abb62e2234f8cf86116270d67e5051a57b6d72f

diff --git a/KeyUtil.cpp b/KeyUtil.cpp
index 70a1952..cd2171b 100644
--- a/KeyUtil.cpp
+++ b/KeyUtil.cpp

@@ -16,6 +16,7 @@
 
 #include "KeyUtil.h"
 
+#include <linux/fs.h>
 #include <iomanip>
 #include <sstream>
 #include <string>
@@ -37,22 +38,10 @@
 namespace android {
 namespace vold {
 
-// ext4enc:TODO get this const from somewhere good
-const int EXT4_KEY_DESCRIPTOR_SIZE = 8;
-
-// ext4enc:TODO Include structure from somewhere sensible
-// MUST be in sync with ext4_crypto.c in kernel
-constexpr int EXT4_ENCRYPTION_MODE_AES_256_XTS = 1;
-constexpr int EXT4_AES_256_XTS_KEY_SIZE = 64;
-constexpr int EXT4_MAX_KEY_SIZE = 64;
-struct ext4_encryption_key {
-    uint32_t mode;
-    char raw[EXT4_MAX_KEY_SIZE];
-    uint32_t size;
-};
+constexpr int FS_AES_256_XTS_KEY_SIZE = 64;
 
 bool randomKey(KeyBuffer* key) {
-    *key = KeyBuffer(EXT4_AES_256_XTS_KEY_SIZE);
+    *key = KeyBuffer(FS_AES_256_XTS_KEY_SIZE);
     if (ReadRandomBytes(key->size(), key->data()) != 0) {
         // TODO status_t plays badly with PLOG, fix it.
         LOG(ERROR) << "Random read failed";
@@ -62,7 +51,7 @@
 }
 
 // Get raw keyref - used to make keyname and to pass to ioctl
-static std::string generateKeyRef(const char* key, int length) {
+static std::string generateKeyRef(const uint8_t* key, int length) {
     SHA512_CTX c;
 
     SHA512_Init(&c);
@@ -75,21 +64,20 @@
     unsigned char key_ref2[SHA512_DIGEST_LENGTH];
     SHA512_Final(key_ref2, &c);
 
-    static_assert(EXT4_KEY_DESCRIPTOR_SIZE <= SHA512_DIGEST_LENGTH,
-                  "Hash too short for descriptor");
-    return std::string((char*)key_ref2, EXT4_KEY_DESCRIPTOR_SIZE);
+    static_assert(FS_KEY_DESCRIPTOR_SIZE <= SHA512_DIGEST_LENGTH, "Hash too short for descriptor");
+    return std::string((char*)key_ref2, FS_KEY_DESCRIPTOR_SIZE);
 }
 
-static bool fillKey(const KeyBuffer& key, ext4_encryption_key* ext4_key) {
-    if (key.size() != EXT4_AES_256_XTS_KEY_SIZE) {
+static bool fillKey(const KeyBuffer& key, fscrypt_key* fs_key) {
+    if (key.size() != FS_AES_256_XTS_KEY_SIZE) {
         LOG(ERROR) << "Wrong size key " << key.size();
         return false;
     }
-    static_assert(EXT4_AES_256_XTS_KEY_SIZE <= sizeof(ext4_key->raw), "Key too long!");
-    ext4_key->mode = EXT4_ENCRYPTION_MODE_AES_256_XTS;
-    ext4_key->size = key.size();
-    memset(ext4_key->raw, 0, sizeof(ext4_key->raw));
-    memcpy(ext4_key->raw, key.data(), key.size());
+    static_assert(FS_AES_256_XTS_KEY_SIZE <= sizeof(fs_key->raw), "Key too long!");
+    fs_key->mode = FS_ENCRYPTION_MODE_AES_256_XTS;
+    fs_key->size = key.size();
+    memset(fs_key->raw, 0, sizeof(fs_key->raw));
+    memcpy(fs_key->raw, key.data(), key.size());
     return true;
 }
 
@@ -105,8 +93,8 @@
 }
 
 // Get the keyring we store all keys in
-static bool e4cryptKeyring(key_serial_t* device_keyring) {
-    *device_keyring = keyctl_search(KEY_SPEC_SESSION_KEYRING, "keyring", "e4crypt", 0);
+static bool fscryptKeyring(key_serial_t* device_keyring) {
+    *device_keyring = keyctl_search(KEY_SPEC_SESSION_KEYRING, "keyring", "fscrypt", 0);
     if (*device_keyring == -1) {
         PLOG(ERROR) << "Unable to find device keyring";
         return false;
@@ -117,25 +105,25 @@
 // Install password into global keyring
 // Return raw key reference for use in policy
 bool installKey(const KeyBuffer& key, std::string* raw_ref) {
-    // Place ext4_encryption_key into automatically zeroing buffer.
-    KeyBuffer ext4KeyBuffer(sizeof(ext4_encryption_key));
-    ext4_encryption_key& ext4_key = *reinterpret_cast<ext4_encryption_key*>(ext4KeyBuffer.data());
+    // Place fscrypt_key into automatically zeroing buffer.
+    KeyBuffer fsKeyBuffer(sizeof(fscrypt_key));
+    fscrypt_key& fs_key = *reinterpret_cast<fscrypt_key*>(fsKeyBuffer.data());
 
-    if (!fillKey(key, &ext4_key)) return false;
+    if (!fillKey(key, &fs_key)) return false;
     if (is_wrapped_key_supported()) {
         /* When wrapped key is supported, only the first 32 bytes are
            the same per boot. The second 32 bytes can change as the ephemeral
            key is different. */
-        *raw_ref = generateKeyRef(ext4_key.raw, (ext4_key.size)/2);
+        *raw_ref = generateKeyRef(fs_key.raw, (fs_key.size)/2);
     } else {
-        *raw_ref = generateKeyRef(ext4_key.raw, ext4_key.size);
+        *raw_ref = generateKeyRef(fs_key.raw, fs_key.size);
     }
     key_serial_t device_keyring;
-    if (!e4cryptKeyring(&device_keyring)) return false;
+    if (!fscryptKeyring(&device_keyring)) return false;
     for (char const* const* name_prefix = NAME_PREFIXES; *name_prefix != nullptr; name_prefix++) {
         auto ref = keyname(*name_prefix, *raw_ref);
         key_serial_t key_id =
-            add_key("logon", ref.c_str(), (void*)&ext4_key, sizeof(ext4_key), device_keyring);
+            add_key("logon", ref.c_str(), (void*)&fs_key, sizeof(fs_key), device_keyring);
         if (key_id == -1) {
             PLOG(ERROR) << "Failed to insert key into keyring " << device_keyring;
             return false;
@@ -148,7 +136,7 @@
 
 bool evictKey(const std::string& raw_ref) {
     key_serial_t device_keyring;
-    if (!e4cryptKeyring(&device_keyring)) return false;
+    if (!fscryptKeyring(&device_keyring)) return false;
     bool success = true;
     for (char const* const* name_prefix = NAME_PREFIXES; *name_prefix != nullptr; name_prefix++) {
         auto ref = keyname(*name_prefix, raw_ref);