fscrypt: : Use wrapped key for metadata encryption
Importing of this commit:
https://github.com/LineageOS/android_system_vold/commit/944c48d5a4c6df1eb751b04f52c06adac35ebab6
Change-Id: I048a6c2aeff2591135f47223a99af5ddd215703c
diff --git a/crypto/fscrypt/KeyUtil.cpp b/crypto/fscrypt/KeyUtil.cpp
index 70a551c..fa40640 100755
--- a/crypto/fscrypt/KeyUtil.cpp
+++ b/crypto/fscrypt/KeyUtil.cpp
@@ -199,15 +199,36 @@
if (pathExists(key_path)) {
LOG(ERROR) << "Key exists, using: " << key_path;
if (!retrieveKey(key_path, kEmptyAuthentication, key, keepOld)) return false;
+ if (is_metadata_wrapped_key_supported()) {
+ KeyBuffer ephemeral_wrapped_key;
+ if (!getEphemeralWrappedKey(KeyFormat::RAW, *key, &ephemeral_wrapped_key)) {
+ LOG(ERROR) << "Failed to export key for retrieved key";
+ return false;
+ }
+ *key = std::move(ephemeral_wrapped_key);
+ }
} else {
if (!create_if_absent) {
LOG(ERROR) << "No key found in " << key_path;
return false;
}
LOG(ERROR) << "Creating new key in " << key_path;
- if (!randomKey(key)) return false;
- LOG(ERROR) << "retrieveKey1";
- if (!storeKeyAtomically(key_path, tmp_path, kEmptyAuthentication, *key)) return false;
+ if (is_metadata_wrapped_key_supported()) {
+ if(!generateWrappedKey(MAX_USER_ID, KeyType::ME, key)) return false;
+ } else {
+ if (!randomKey(key)) return false;
+ }
+ LOG(ERROR) << "retrieveKey1";
+ if (!storeKeyAtomically(key_path, tmp_path,
+ kEmptyAuthentication, *key)) return false;
+ if (is_metadata_wrapped_key_supported()) {
+ KeyBuffer ephemeral_wrapped_key;
+ if (!getEphemeralWrappedKey(KeyFormat::RAW, *key, &ephemeral_wrapped_key)) {
+ LOG(ERROR) << "Failed to export key for generated key";
+ return false;
+ }
+ *key = std::move(ephemeral_wrapped_key);
+ }
}
return true;
}