From 506342fb3745710ee26263de6344495b4ed13346 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Tue, 17 Dec 2019 13:11:25 -0800 Subject: [PATCH] Clean up providing key via old API - Use FSCRYPT_MAX_KEY_SIZE from instead of manually defining FS_AES_256_XTS_KEY_SIZE. These have the same numeric value (64), but the former is supposed to be used, and AES-256-XTS isn't necessarily the encryption algorithm that is being used anyway. - Use the new name FSCRYPT_KEY_DESCRIPTOR_SIZE instead of the old name FS_KEY_DESCRIPTOR_SIZE. These have the same numeric value (8). - Don't try to handle sizeof(fscrypt_key::raw) > FSCRYPT_MAX_KEY_SIZE, as this simply isn't the case. - Set fscrypt_key::mode to 0 rather than FS_ENCRYPTION_MODE_AES_256_XTS. This field has always been ignored by the kernel, and AES-256-XTS isn't necessarily the encryption algorithm that is being used anyway. - Initialize the fields of fscrypt_key in order. This is a cleanup only. Test: booted hikey with fileencryption=aes-256-xts and a kernel that doesn't support the new fscrypt ioctls. Bug: none Change-Id: Ie2a7e9240aa479dfab2765c11db8a7124d20c643 --- KeyUtil.cpp | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/KeyUtil.cpp b/KeyUtil.cpp index 79a5102..d2d51e1 100644 --- a/KeyUtil.cpp +++ b/KeyUtil.cpp @@ -35,10 +35,8 @@ namespace android { namespace vold { -constexpr int FS_AES_256_XTS_KEY_SIZE = 64; - bool randomKey(KeyBuffer* key) { - *key = KeyBuffer(FS_AES_256_XTS_KEY_SIZE); + *key = KeyBuffer(FSCRYPT_MAX_KEY_SIZE); if (ReadRandomBytes(key->size(), key->data()) != 0) { // TODO status_t plays badly with PLOG, fix it. LOG(ERROR) << "Random read failed"; @@ -97,20 +95,20 @@ static std::string generateKeyRef(const uint8_t* key, int length) { unsigned char key_ref2[SHA512_DIGEST_LENGTH]; SHA512_Final(key_ref2, &c); - static_assert(FS_KEY_DESCRIPTOR_SIZE <= SHA512_DIGEST_LENGTH, "Hash too short for descriptor"); - return std::string((char*)key_ref2, FS_KEY_DESCRIPTOR_SIZE); + static_assert(FSCRYPT_KEY_DESCRIPTOR_SIZE <= SHA512_DIGEST_LENGTH, + "Hash too short for descriptor"); + return std::string((char*)key_ref2, FSCRYPT_KEY_DESCRIPTOR_SIZE); } static bool fillKey(const KeyBuffer& key, fscrypt_key* fs_key) { - if (key.size() != FS_AES_256_XTS_KEY_SIZE) { + if (key.size() != FSCRYPT_MAX_KEY_SIZE) { LOG(ERROR) << "Wrong size key " << key.size(); return false; } - static_assert(FS_AES_256_XTS_KEY_SIZE <= sizeof(fs_key->raw), "Key too long!"); - fs_key->mode = FS_ENCRYPTION_MODE_AES_256_XTS; - fs_key->size = key.size(); - memset(fs_key->raw, 0, sizeof(fs_key->raw)); + static_assert(FSCRYPT_MAX_KEY_SIZE == sizeof(fs_key->raw), "Mismatch of max key sizes"); + fs_key->mode = 0; // unused by kernel memcpy(fs_key->raw, key.data(), key.size()); + fs_key->size = key.size(); return true; }