ext4crypt: support wrappedkey for FBE
Qualcomm devices use a special `wrappedkey` mode for FBE. This is ported
from CAF
https://source.codeaurora.org/quic/la/platform/system/vold/commit/?h=LA.UM.7.8.r4-01000-SDM710.0&id=9229262d893a8592f7bc1b4e8a8dab7aad8df68c,
originally by folks at Mokee for vold
https://mokeedev.review/c/MoKee/android_system_vold/+/34102.
This patch ports the above changes to `ext4crypt`, which we can use in
recovery. Note that since we do not have `fs_mgr` in the recovery, we
cannot read the `wrappedkey` flag from fstab. Instead, similar to
`fbe.contents`, we use a special property `fbe.data.wrappedkey` to
indicate support for wrappedkey mode. Devices that need to use this
should set this property to `true` to activate corresponding code.
Change-Id: I79c2855d577156670b45c10c7c7b1fcd9fece8d9
diff --git a/crypto/ext4crypt/Keymaster4.h b/crypto/ext4crypt/Keymaster4.h
index 37bff4e..14c230b 100644
--- a/crypto/ext4crypt/Keymaster4.h
+++ b/crypto/ext4crypt/Keymaster4.h
@@ -102,6 +102,9 @@
explicit operator bool() { return mDevice.get() != nullptr; }
// Generate a key in the keymaster from the given params.
bool generateKey(const km::AuthorizationSet& inParams, std::string* key);
+ // Export a key from keymaster.
+ bool exportKey(km::KeyFormat format, KeyBuffer& kmKey, const std::string& clientId,
+ const std::string& appData, std::string* key);
// If the keymaster supports it, permanently delete a key.
bool deleteKey(const std::string& key);
// Replace stored key blob in response to KM_ERROR_KEY_REQUIRES_UPGRADE.