Clean up providing key via old API

- Use FSCRYPT_MAX_KEY_SIZE from <linux/fscrypt.h> instead of manually
  defining FS_AES_256_XTS_KEY_SIZE.  These have the same numeric value
  (64), but the former is supposed to be used, and AES-256-XTS isn't
  necessarily the encryption algorithm that is being used anyway.

- Use the new name FSCRYPT_KEY_DESCRIPTOR_SIZE instead of the old name
  FS_KEY_DESCRIPTOR_SIZE.  These have the same numeric value (8).

- Don't try to handle sizeof(fscrypt_key::raw) > FSCRYPT_MAX_KEY_SIZE,
  as this simply isn't the case.

- Set fscrypt_key::mode to 0 rather than FS_ENCRYPTION_MODE_AES_256_XTS.
  This field has always been ignored by the kernel, and AES-256-XTS
  isn't necessarily the encryption algorithm that is being used anyway.

- Initialize the fields of fscrypt_key in order.

This is a cleanup only.

Test: booted hikey with fileencryption=aes-256-xts and a kernel that
      doesn't support the new fscrypt ioctls.
Bug: none
Change-Id: Ie2a7e9240aa479dfab2765c11db8a7124d20c643
gugelfrei
Eric Biggers 5 years ago
parent 1d3cd24c4e
commit 506342fb37

@ -35,10 +35,8 @@
namespace android {
namespace vold {
constexpr int FS_AES_256_XTS_KEY_SIZE = 64;
bool randomKey(KeyBuffer* key) {
*key = KeyBuffer(FS_AES_256_XTS_KEY_SIZE);
*key = KeyBuffer(FSCRYPT_MAX_KEY_SIZE);
if (ReadRandomBytes(key->size(), key->data()) != 0) {
// TODO status_t plays badly with PLOG, fix it.
LOG(ERROR) << "Random read failed";
@ -97,20 +95,20 @@ static std::string generateKeyRef(const uint8_t* key, int length) {
unsigned char key_ref2[SHA512_DIGEST_LENGTH];
SHA512_Final(key_ref2, &c);
static_assert(FS_KEY_DESCRIPTOR_SIZE <= SHA512_DIGEST_LENGTH, "Hash too short for descriptor");
return std::string((char*)key_ref2, FS_KEY_DESCRIPTOR_SIZE);
static_assert(FSCRYPT_KEY_DESCRIPTOR_SIZE <= SHA512_DIGEST_LENGTH,
"Hash too short for descriptor");
return std::string((char*)key_ref2, FSCRYPT_KEY_DESCRIPTOR_SIZE);
}
static bool fillKey(const KeyBuffer& key, fscrypt_key* fs_key) {
if (key.size() != FS_AES_256_XTS_KEY_SIZE) {
if (key.size() != FSCRYPT_MAX_KEY_SIZE) {
LOG(ERROR) << "Wrong size key " << key.size();
return false;
}
static_assert(FS_AES_256_XTS_KEY_SIZE <= sizeof(fs_key->raw), "Key too long!");
fs_key->mode = FS_ENCRYPTION_MODE_AES_256_XTS;
fs_key->size = key.size();
memset(fs_key->raw, 0, sizeof(fs_key->raw));
static_assert(FSCRYPT_MAX_KEY_SIZE == sizeof(fs_key->raw), "Mismatch of max key sizes");
fs_key->mode = 0; // unused by kernel
memcpy(fs_key->raw, key.data(), key.size());
fs_key->size = key.size();
return true;
}

Loading…
Cancel
Save