Gitiles
Code Review Sign In
gerrit.twrp.me / android_bootable_recovery / bcd23d3e0c05e9e3ccf315f136b431c793684389^! / . / crypto / fscrypt / KeyUtil.cpp
commitbcd23d3e0c05e9e3ccf315f136b431c793684389[log] [tgz]
authorbigbiff <bigbiff@teamw.in>Wed Sep 22 18:22:13 2021 -0400
committerbigbiff <bigbiff@teamw.in>Mon Sep 27 20:18:37 2021 +0000
tree7eb8c953f32772c23a13501d39df249187bc0789
parentaed1bdfe59fddd8ee59ff6bbfbcdabf89df808ff [diff] [blame]
wrappedkey: import fixes from lineage

 vold: Enable legacy support for wrapped key

Legacy wrapped key support was dropped while merging changes
to support multiple versions of dm-default key driver in kernel.
Fix this by calling legacy API to check wrapped key support for
metadata encryption.

CRs-Fixed: 2678344
Change-Id: I7d9efec09ddf7169cf0b1114b4e16b9fe38cad4b
Signed-off-by: Neeraj Soni <neersoni@codeaurora.org>

 system: vold: Use wrapped key for metadata encryption

Wrapped key feature is needed for better security of encryption keys and
to
ensure data integrity when crypto key cache is cleared during reset
operation
of storage/crypto hardware.

Original patch:
https://source.codeaurora.org/quic/la/platform/system/vold/commit/?h=LA.QSSI.11.0.r1-05600-qssi.0&id=c480f913e6abc2757c0d79afba5a3df1c4adc731
[Pig]: Clean up all deprecated codes that were removed during latter
merge.

CRs-Fixed: 2367150
Change-Id: I83d14861bf81e102151fa3417d84008c214a9ac0

 vold: Bring in more wrapped key changes

Change-Id: I44e81afaec78c567a0bf2eed30a79eb737e2a867

diff --git a/crypto/fscrypt/KeyUtil.cpp b/crypto/fscrypt/KeyUtil.cpp
index 8ec389f..b7119a6 100755
--- a/crypto/fscrypt/KeyUtil.cpp
+++ b/crypto/fscrypt/KeyUtil.cpp

@@ -31,6 +31,7 @@
 #include <keyutils.h>
 
 #include <fscrypt_uapi.h>
+#include "FsCrypt.h"
 #include "KeyStorage.h"
 #include "Utils.h"
 
@@ -273,7 +274,14 @@
             // A key for a v1 policy is specified by an arbitrary 8-byte
             // "descriptor", which must be provided by userspace.  We use the
             // first 8 bytes from the double SHA-512 of the key itself.
-            policy->key_raw_ref = generateKeyRef((const uint8_t*)key.data(), key.size());
+            if (options.use_hw_wrapped_key) {
+                // When wrapped key is supported, only the first 32 bytes are
+                // the same per boot. The second 32 bytes can change as the ephemeral
+                // key is different.
+                policy->key_raw_ref = generateKeyRef((const uint8_t*)key.data(), key.size()/2);
+            } else {
+                policy->key_raw_ref = generateKeyRef((const uint8_t*)key.data(), key.size());
+            }
             if (!isFsKeyringSupported()) {
                 return installKeyLegacy(key, policy->key_raw_ref);
             }