From 92a14b6b1666e5d1313c66a451e51007c38c9a02 Mon Sep 17 00:00:00 2001 From: Paul Crowley Date: Tue, 28 Jan 2020 10:37:39 -0800 Subject: [PATCH 1/2] Add support for v2 of dm-default-key Version 2 of dm-default-key has an extra parameter and always sets the DUN. Bug: 147814592 Test: Cuttlefish boots with keydirectory flag Test: Crosshatch formatted before this change boots after it Change-Id: I59081e385324d2e34a5f252286a97938d6ffb79b --- MetadataCrypt.cpp | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/MetadataCrypt.cpp b/MetadataCrypt.cpp index b7c7dff..fb8ed22 100644 --- a/MetadataCrypt.cpp +++ b/MetadataCrypt.cpp @@ -158,6 +158,9 @@ static bool create_crypto_blk_dev(const std::string& dm_name, const FstabEntry* uint64_t nr_sec; if (!get_number_of_sectors(data_rec->blk_device, &nr_sec)) return false; + bool is_legacy; + if (!DmTargetDefaultKey::IsLegacy(&is_legacy)) return false; + KeyBuffer hex_key_buffer; if (android::vold::StrToHex(key, hex_key_buffer) != android::OK) { LOG(ERROR) << "Failed to turn key to hex"; @@ -165,15 +168,16 @@ static bool create_crypto_blk_dev(const std::string& dm_name, const FstabEntry* } std::string hex_key(hex_key_buffer.data(), hex_key_buffer.size()); - bool set_dun = android::base::GetBoolProperty("ro.crypto.set_dun", false); + // Non-legacy driver always sets DUN + bool set_dun = !is_legacy || android::base::GetBoolProperty("ro.crypto.set_dun", false); if (!set_dun && data_rec->fs_mgr_flags.checkpoint_blk) { LOG(ERROR) << "Block checkpoints and metadata encryption require ro.crypto.set_dun option"; return false; } DmTable table; - table.Emplace(0, nr_sec, "AES-256-XTS", hex_key, data_rec->blk_device, 0, - set_dun); + table.Emplace(0, nr_sec, is_legacy ? "AES-256-XTS" : "aes-xts-plain64", + hex_key, data_rec->blk_device, 0, is_legacy, set_dun); auto& dm = DeviceMapper::Instance(); for (int i = 0;; i++) { From 84e84c5f33b2a9fc5ff361b17d23dabfd97ce2a8 Mon Sep 17 00:00:00 2001 From: Paul Crowley Date: Wed, 29 Jan 2020 16:09:19 -0800 Subject: [PATCH 2/2] Set metadata cipher in fstab Bug: 147814592 Test: Cuttlefish can use adiantum Change-Id: I6805ae4acff4dd1ff7cecff9153dbf29e0274165 --- MetadataCrypt.cpp | 23 +++++++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) diff --git a/MetadataCrypt.cpp b/MetadataCrypt.cpp index fb8ed22..088960e 100644 --- a/MetadataCrypt.cpp +++ b/MetadataCrypt.cpp @@ -153,6 +153,22 @@ static bool get_number_of_sectors(const std::string& real_blkdev, uint64_t* nr_s return true; } +static std::string lookup_cipher(const std::string& cipher_name, bool is_legacy) { + if (is_legacy) { + if (cipher_name.empty() || cipher_name == "aes-256-xts") { + return "AES-256-XTS"; + } + } else { + if (cipher_name.empty() || cipher_name == "aes-256-xts") { + return "aes-xts-plain64"; + } else if (cipher_name == "adiantum") { + return "xchacha12,aes-adiantum-plain64"; + } + } + LOG(ERROR) << "No metadata cipher named " << cipher_name << " found, is_legacy=" << is_legacy; + return ""; +} + static bool create_crypto_blk_dev(const std::string& dm_name, const FstabEntry* data_rec, const KeyBuffer& key, std::string* crypto_blkdev) { uint64_t nr_sec; @@ -161,6 +177,9 @@ static bool create_crypto_blk_dev(const std::string& dm_name, const FstabEntry* bool is_legacy; if (!DmTargetDefaultKey::IsLegacy(&is_legacy)) return false; + auto cipher = lookup_cipher(data_rec->metadata_cipher, is_legacy); + if (cipher.empty()) return false; + KeyBuffer hex_key_buffer; if (android::vold::StrToHex(key, hex_key_buffer) != android::OK) { LOG(ERROR) << "Failed to turn key to hex"; @@ -176,8 +195,8 @@ static bool create_crypto_blk_dev(const std::string& dm_name, const FstabEntry* } DmTable table; - table.Emplace(0, nr_sec, is_legacy ? "AES-256-XTS" : "aes-xts-plain64", - hex_key, data_rec->blk_device, 0, is_legacy, set_dun); + table.Emplace(0, nr_sec, cipher, hex_key, data_rec->blk_device, 0, + is_legacy, set_dun); auto& dm = DeviceMapper::Instance(); for (int i = 0;; i++) {