fscrypt: integrate v1 processing into TWRP
Change-Id: I3bf9c14b818f9c3e0570c44c82bf0769fcec907f
diff --git a/libtar/Android.mk b/libtar/Android.mk
index 9209da9..6ff8fc9 100755
--- a/libtar/Android.mk
+++ b/libtar/Android.mk
@@ -16,6 +16,11 @@
ifeq ($(TW_INCLUDE_CRYPTO_FBE), true)
LOCAL_SHARED_LIBRARIES += libtwrpfscrypt
LOCAL_CFLAGS += -DUSE_FSCRYPT
+ ifeq ($(TW_USE_FSCRYPT_POLICY), 1)
+ LOCAL_CFLAGS += -DUSE_FSCRYPT_POLICY_V1
+ else
+ LOCAL_CFLAGS += -DUSE_FSCRYPT_POLICY_V2
+ endif
LOCAL_C_INCLUDES += $(LOCAL_PATH)/../crypto/fscrypt
endif
diff --git a/libtar/append.c b/libtar/append.c
index 860ab46..6f0b252 100755
--- a/libtar/append.c
+++ b/libtar/append.c
@@ -153,15 +153,29 @@
}
if (fscrypt_policy_get_struct(realname, t->th_buf.fep)) {
+#ifdef USE_FSCRYPT_POLICY_V1
+ uint8_t tar_policy[FS_KEY_DESCRIPTOR_SIZE];
+ char policy_hex[FS_KEY_DESCRIPTOR_SIZE_HEX];
+#else
uint8_t tar_policy[FSCRYPT_KEY_IDENTIFIER_SIZE];
- memset(tar_policy, 0, sizeof(tar_policy));
char policy_hex[FSCRYPT_KEY_IDENTIFIER_HEX_SIZE];
+#endif
+ memset(tar_policy, 0, sizeof(tar_policy));
+#ifdef USE_FSCRYPT_POLICY_V1
+ bytes_to_hex(t->th_buf.fep->master_key_descriptor, FS_KEY_DESCRIPTOR_SIZE, policy_hex);
+#else
bytes_to_hex(t->th_buf.fep->master_key_identifier, FSCRYPT_KEY_IDENTIFIER_SIZE, policy_hex);
+#endif
if (lookup_ref_key(t->th_buf.fep, &tar_policy[0])) {
- if (strncmp((char *) tar_policy, "0CE0", 4) == 0 || strncmp((char *) tar_policy, "0DE0", 4) == 0
- || strncmp((char *) tar_policy, "0DK", 3) == 0) {
+ if (strncmp((char *) tar_policy, USER_CE_FSCRYPT_POLICY, sizeof(USER_CE_FSCRYPT_POLICY) - 1) == 0
+ || strncmp((char *) tar_policy, USER_DE_FSCRYPT_POLICY, sizeof(USER_DE_FSCRYPT_POLICY) - 1) == 0
+ || strncmp((char *) tar_policy, SYSTEM_DE_FSCRYPT_POLICY, sizeof(SYSTEM_DE_FSCRYPT_POLICY)) == 0) {
+#ifdef USE_FSCRYPT_POLICY_V1
+ memcpy(t->th_buf.fep->master_key_descriptor, tar_policy, FS_KEY_DESCRIPTOR_SIZE);
+#else
memcpy(t->th_buf.fep->master_key_identifier, tar_policy, FSCRYPT_KEY_IDENTIFIER_SIZE);
printf("found fscrypt policy '%s' - '%s' - '%s'\n", realname, t->th_buf.fep->master_key_identifier, policy_hex);
+#endif
} else {
printf("failed to match fscrypt tar policy for '%s' - '%s'\n", realname, policy_hex);
free(t->th_buf.fep);
diff --git a/libtar/block.c b/libtar/block.c
index db97222..b46d55a 100755
--- a/libtar/block.c
+++ b/libtar/block.c
@@ -384,8 +384,12 @@
(int)t->th_buf.fep->contents_encryption_mode,
(int)t->th_buf.fep->filenames_encryption_mode,
(int)t->th_buf.fep->flags,
+#ifdef USE_FSCRYPT_POLICY_V1
+ t->th_buf.fep->master_key_descriptor);
+#else
t->th_buf.fep->master_key_identifier);
#endif
+#endif
}
else {
printf(" invalid fscrypt header found\n");
@@ -594,9 +598,14 @@
if((t->options & TAR_STORE_FSCRYPT_POL) && t->th_buf.fep != NULL)
{
#ifdef DEBUG
+#ifdef USE_FSCRYPT_POLICY_V1
+ printf("th_write(): using fscrypt_policy %s\n",
+ t->th_buf.fep->master_key_descriptor);
+#else
printf("th_write(): using fscrypt_policy %s\n",
t->th_buf.fep->master_key_identifier);
#endif
+#endif
/* setup size - EXT header has format "*size of this whole tag as ascii numbers* *space* *version code* *content* *newline* */
// size newline
#ifdef USE_FSCRYPT_POLICY_V1
diff --git a/libtar/extract.c b/libtar/extract.c
index 064ba9b..65ea1d1 100755
--- a/libtar/extract.c
+++ b/libtar/extract.c
@@ -557,20 +557,42 @@
#ifdef USE_FSCRYPT
if(t->th_buf.fep != NULL)
{
- char policy_hex[FSCRYPT_KEY_IDENTIFIER_HEX_SIZE];
+#ifdef USE_FSCRYPT_POLICY_V1
+ char policy_hex[FS_KEY_DESCRIPTOR_SIZE_HEX];
+#else
+ char policy_hex[FSCRYPT_KEY_IDENTIFIER_HEX_SIZE];
+#endif
#ifdef DEBUG
+#ifdef USE_FSCRYPT_POLICY_V1
+ bytes_to_hex(t->th_buf.fep->master_key_descriptor, FS_KEY_DESCRIPTOR_SIZE, policy_hex);
+#else
bytes_to_hex(t->th_buf.fep->master_key_identifier, FSCRYPT_KEY_IDENTIFIER_SIZE, policy_hex);
+#endif
printf("tar_extract_dir(): restoring fscrypt policy %s to dir %s\n", (char *)policy_hex, realname);
#endif
+#ifdef USE_FSCRYPT_POLICY_V1
+ uint8_t binary_policy[FS_KEY_DESCRIPTOR_SIZE];
+ memset(&binary_policy, 0, FS_KEY_DESCRIPTOR_SIZE);
+#else
uint8_t binary_policy[FSCRYPT_KEY_IDENTIFIER_SIZE];
memset(&binary_policy, 0, FSCRYPT_KEY_IDENTIFIER_SIZE);
+#endif
+#ifdef USE_FSCRYPT_POLICY_V1
+ if (!lookup_ref_tar(t->th_buf.fep->master_key_descriptor, &binary_policy[0])) {
+ printf("error looking up fscrypt policy for '%s' - %s\n", realname, t->th_buf.fep->master_key_descriptor);
+ return -1;
+ }
+ memcpy(&t->th_buf.fep->master_key_descriptor, binary_policy, FS_KEY_DESCRIPTOR_SIZE);
+ bytes_to_hex(t->th_buf.fep->master_key_descriptor, FS_KEY_DESCRIPTOR_SIZE, policy_hex);
+#else
if (!lookup_ref_tar(t->th_buf.fep->master_key_identifier, &binary_policy[0])) {
printf("error looking up fscrypt policy for '%s' - %s\n", realname, t->th_buf.fep->master_key_identifier);
return -1;
}
memcpy(&t->th_buf.fep->master_key_identifier, binary_policy, FSCRYPT_KEY_IDENTIFIER_SIZE);
bytes_to_hex(t->th_buf.fep->master_key_identifier, FSCRYPT_KEY_IDENTIFIER_SIZE, policy_hex);
+#endif
printf("attempting to restore policy: %s\n", policy_hex);
if (!fscrypt_policy_set_struct(realname, t->th_buf.fep))
{
diff --git a/libtar/output.c b/libtar/output.c
index 5e724e5..015179d 100755
--- a/libtar/output.c
+++ b/libtar/output.c
@@ -62,9 +62,14 @@
(t->th_buf.gnu_longlink ? t->th_buf.gnu_longlink : "[NULL]"));
#ifdef USE_FSCRYPT
+#ifdef USE_FSCRYPT_POLICY_V1
+ printf(" fep = \"%s\"\n",
+ (t->th_buf.fep ? t->th_buf.fep->master_key_descriptor : (uint8_t*) "[NULL]"));
+#else
printf(" fep = \"%s\"\n",
(t->th_buf.fep ? t->th_buf.fep->master_key_identifier : (uint8_t*) "[NULL]"));
#endif
+#endif
}