FsCrypt update: support fscrypt policies v1 and v2
This patchset introduces support decryption for Android 11.
In this update we deprecate ext4crypt. To specify the
policy version to use, use TW_USE_FSCRYPT_POLICY := 1 or
TW_USE_FSCRYPT_POLICY := 2. By default policy version will
be set to 2 if this variable is omitted.
Change-Id: I62a29c1bef36c259ec4b11259f71be613d20a112
diff --git a/crypto/fscrypt/KeyStorage.h b/crypto/fscrypt/KeyStorage.h
index 9959ce6..b88cdc6 100755
--- a/crypto/fscrypt/KeyStorage.h
+++ b/crypto/fscrypt/KeyStorage.h
@@ -17,13 +17,10 @@
#ifndef ANDROID_VOLD_KEYSTORAGE_H
#define ANDROID_VOLD_KEYSTORAGE_H
-#include "Keymaster.h"
#include "KeyBuffer.h"
-#include <cutils/multiuser.h>
+
#include <string>
-namespace android {
-namespace vold {
// Represents the information needed to decrypt a disk encryption key.
// If "token" is nonempty, it is passed in as a required Gatekeeper auth token.
@@ -40,13 +37,6 @@
const std::string secret;
};
-enum class KeyType {
- DE_SYS,
- DE_USER,
- CE_USER,
- ME,
-};
-
extern const KeyAuthentication kEmptyAuthentication;
// Checks if path "path" exists.
@@ -76,9 +66,10 @@
bool destroyKey(const std::string& dir);
bool runSecdiscardSingle(const std::string& file);
-bool generateWrappedKey(userid_t user_id, KeyType key_type, KeyBuffer* key);
-bool getEphemeralWrappedKey(km::KeyFormat format, KeyBuffer& kmKey, KeyBuffer* key);
-} // namespace vold
-} // namespace android
+
+// Generate wrapped storage key using keymaster. Uses STORAGE_KEY tag in keymaster.
+bool generateWrappedStorageKey(KeyBuffer* key);
+// Export the per-boot boot wrapped storage key using keymaster.
+bool exportWrappedStorageKey(const KeyBuffer& kmKey, KeyBuffer* key);
#endif