|
|
@ -198,7 +198,7 @@ static bool read_and_fixate_user_ce_key(userid_t user_id,
|
|
|
|
auto const paths = get_ce_key_paths(directory_path);
|
|
|
|
auto const paths = get_ce_key_paths(directory_path);
|
|
|
|
for (auto const ce_key_path : paths) {
|
|
|
|
for (auto const ce_key_path : paths) {
|
|
|
|
LOG(DEBUG) << "Trying user CE key " << ce_key_path;
|
|
|
|
LOG(DEBUG) << "Trying user CE key " << ce_key_path;
|
|
|
|
if (retrieveKey(ce_key_path, auth, ce_key)) {
|
|
|
|
if (retrieveKey(ce_key_path, auth, ce_key, false)) {
|
|
|
|
LOG(DEBUG) << "Successfully retrieved key";
|
|
|
|
LOG(DEBUG) << "Successfully retrieved key";
|
|
|
|
fixate_user_ce_key(directory_path, ce_key_path, paths);
|
|
|
|
fixate_user_ce_key(directory_path, ce_key_path, paths);
|
|
|
|
return true;
|
|
|
|
return true;
|
|
|
@ -407,7 +407,7 @@ static bool load_all_de_keys() {
|
|
|
|
userid_t user_id = std::stoi(entry->d_name);
|
|
|
|
userid_t user_id = std::stoi(entry->d_name);
|
|
|
|
auto key_path = de_dir + "/" + entry->d_name;
|
|
|
|
auto key_path = de_dir + "/" + entry->d_name;
|
|
|
|
KeyBuffer de_key;
|
|
|
|
KeyBuffer de_key;
|
|
|
|
if (!retrieveKey(key_path, kEmptyAuthentication, &de_key)) return false;
|
|
|
|
if (!retrieveKey(key_path, kEmptyAuthentication, &de_key, false)) return false;
|
|
|
|
EncryptionPolicy de_policy;
|
|
|
|
EncryptionPolicy de_policy;
|
|
|
|
if (!install_storage_key(DATA_MNT_POINT, options, de_key, &de_policy)) return false;
|
|
|
|
if (!install_storage_key(DATA_MNT_POINT, options, de_key, &de_policy)) return false;
|
|
|
|
auto ret = s_de_policies.insert({user_id, de_policy});
|
|
|
|
auto ret = s_de_policies.insert({user_id, de_policy});
|
|
|
@ -441,7 +441,7 @@ bool fscrypt_initialize_systemwide_keys() {
|
|
|
|
|
|
|
|
|
|
|
|
KeyBuffer device_key;
|
|
|
|
KeyBuffer device_key;
|
|
|
|
if (!retrieveOrGenerateKey(device_key_path, device_key_temp, kEmptyAuthentication,
|
|
|
|
if (!retrieveOrGenerateKey(device_key_path, device_key_temp, kEmptyAuthentication,
|
|
|
|
makeGen(options), &device_key))
|
|
|
|
makeGen(options), &device_key, false))
|
|
|
|
return false;
|
|
|
|
return false;
|
|
|
|
|
|
|
|
|
|
|
|
EncryptionPolicy device_policy;
|
|
|
|
EncryptionPolicy device_policy;
|
|
|
@ -675,7 +675,7 @@ static bool read_or_create_volkey(const std::string& misc_path, const std::strin
|
|
|
|
EncryptionOptions options;
|
|
|
|
EncryptionOptions options;
|
|
|
|
if (!get_volume_file_encryption_options(&options)) return false;
|
|
|
|
if (!get_volume_file_encryption_options(&options)) return false;
|
|
|
|
KeyBuffer key;
|
|
|
|
KeyBuffer key;
|
|
|
|
if (!retrieveOrGenerateKey(key_path, key_path + "_tmp", auth, makeGen(options), &key))
|
|
|
|
if (!retrieveOrGenerateKey(key_path, key_path + "_tmp", auth, makeGen(options), &key, false))
|
|
|
|
return false;
|
|
|
|
return false;
|
|
|
|
if (!install_storage_key(BuildDataPath(volume_uuid), options, key, policy)) return false;
|
|
|
|
if (!install_storage_key(BuildDataPath(volume_uuid), options, key, policy)) return false;
|
|
|
|
return true;
|
|
|
|
return true;
|
|
|
@ -694,12 +694,12 @@ static bool fscrypt_rewrap_user_key(userid_t user_id, int serial,
|
|
|
|
auto const directory_path = get_ce_key_directory_path(user_id);
|
|
|
|
auto const directory_path = get_ce_key_directory_path(user_id);
|
|
|
|
KeyBuffer ce_key;
|
|
|
|
KeyBuffer ce_key;
|
|
|
|
std::string ce_key_current_path = get_ce_key_current_path(directory_path);
|
|
|
|
std::string ce_key_current_path = get_ce_key_current_path(directory_path);
|
|
|
|
if (retrieveKey(ce_key_current_path, retrieve_auth, &ce_key)) {
|
|
|
|
if (retrieveKey(ce_key_current_path, retrieve_auth, &ce_key, false)) {
|
|
|
|
LOG(DEBUG) << "Successfully retrieved key";
|
|
|
|
LOG(DEBUG) << "Successfully retrieved key";
|
|
|
|
// TODO(147732812): Remove this once Locksettingservice is fixed.
|
|
|
|
// TODO(147732812): Remove this once Locksettingservice is fixed.
|
|
|
|
// Currently it calls fscrypt_clear_user_key_auth with a secret when lockscreen is
|
|
|
|
// Currently it calls fscrypt_clear_user_key_auth with a secret when lockscreen is
|
|
|
|
// changed from swipe to none or vice-versa
|
|
|
|
// changed from swipe to none or vice-versa
|
|
|
|
} else if (retrieveKey(ce_key_current_path, kEmptyAuthentication, &ce_key)) {
|
|
|
|
} else if (retrieveKey(ce_key_current_path, kEmptyAuthentication, &ce_key, false)) {
|
|
|
|
LOG(DEBUG) << "Successfully retrieved key with empty auth";
|
|
|
|
LOG(DEBUG) << "Successfully retrieved key with empty auth";
|
|
|
|
} else {
|
|
|
|
} else {
|
|
|
|
LOG(ERROR) << "Failed to retrieve key for user " << user_id;
|
|
|
|
LOG(ERROR) << "Failed to retrieve key for user " << user_id;
|
|
|
|