summaryrefslogtreecommitdiffstats
path: root/crypto/ext4crypt/KeyUtil.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/ext4crypt/KeyUtil.cpp')
-rw-r--r--crypto/ext4crypt/KeyUtil.cpp32
1 files changed, 29 insertions, 3 deletions
diff --git a/crypto/ext4crypt/KeyUtil.cpp b/crypto/ext4crypt/KeyUtil.cpp
index 946c6cf9c..3dc05004c 100644
--- a/crypto/ext4crypt/KeyUtil.cpp
+++ b/crypto/ext4crypt/KeyUtil.cpp
@@ -27,6 +27,7 @@
#include <keyutils.h>
#include "KeyStorage4.h"
+#include "Ext4CryptPie.h"
#include "Utils.h"
#include <iostream>
@@ -35,6 +36,11 @@
#include <sys/types.h>
#include <unistd.h>
+#define MAX_USER_ID 0xFFFFFFFF
+
+using android::hardware::keymaster::V4_0::KeyFormat;
+using android::vold::KeyType;
+
namespace android {
namespace vold {
@@ -128,7 +134,14 @@ bool installKey(const KeyBuffer& key, std::string* raw_ref) {
ext4_encryption_key &ext4_key = *reinterpret_cast<ext4_encryption_key*>(ext4KeyBuffer.data());
if (!fillKey(key, &ext4_key)) return false;
- *raw_ref = generateKeyRef(ext4_key.raw, ext4_key.size);
+ if (is_wrapped_key_supported()) {
+ /* When wrapped key is supported, only the first 32 bytes are
+ the same per boot. The second 32 bytes can change as the ephemeral
+ key is different. */
+ *raw_ref = generateKeyRef(ext4_key.raw, (ext4_key.size)/2);
+ } else {
+ *raw_ref = generateKeyRef(ext4_key.raw, ext4_key.size);
+ }
key_serial_t device_keyring;
if (!e4cryptKeyring(&device_keyring)) return false;
for (char const* const* name_prefix = NAME_PREFIXES; *name_prefix != nullptr; name_prefix++) {
@@ -171,7 +184,7 @@ bool evictKey(const std::string& raw_ref) {
bool retrieveAndInstallKey(bool create_if_absent, const KeyAuthentication& key_authentication,
const std::string& key_path, const std::string& tmp_path,
- std::string* key_ref) {
+ std::string* key_ref, bool wrapped_key_supported) {
KeyBuffer key;
if (pathExists(key_path)) {
LOG(DEBUG) << "Key exists, using: " << key_path << std::endl;
@@ -182,10 +195,23 @@ bool retrieveAndInstallKey(bool create_if_absent, const KeyAuthentication& key_a
return false;
}
LOG(INFO) << "Creating new key in " << key_path << std::endl;
- if (!randomKey(&key)) return false;
+ if (wrapped_key_supported) {
+ if(!generateWrappedKey(MAX_USER_ID, KeyType::DE_SYS, &key)) return false;
+ } else {
+ if (!randomKey(&key)) return false;
+ }
if (!storeKeyAtomically(key_path, tmp_path, key_authentication, key)) return false;
}
+ if (wrapped_key_supported) {
+ KeyBuffer ephemeral_wrapped_key;
+ if (!getEphemeralWrappedKey(KeyFormat::RAW, key, &ephemeral_wrapped_key)) {
+ LOG(ERROR) << "Failed to export key in retrieveAndInstallKey";
+ return false;
+ }
+ key = std::move(ephemeral_wrapped_key);
+ }
+
if (!installKey(key, key_ref)) {
LOG(ERROR) << "Failed to install key in " << key_path << std::endl;
return false;