diff options
| author | Treehugger Robot <treehugger-gerrit@google.com> | 2020-02-12 23:32:29 +0000 |
|---|---|---|
| committer | Gerrit Code Review <noreply-gerritcodereview@google.com> | 2020-02-12 23:32:29 +0000 |
| commit | a2654741ab7fb7fe4a554d9564e7908e85652412 (patch) | |
| tree | 71fbf501b2dc34ec5ebfcc883f41572c220cbc4d | |
| parent | 2df128973c7c4f7e28bd33dd0b3faf2f19edab72 (diff) | |
| parent | 35602670ea2ee023788d5ad2a8adfe6fcd5286d1 (diff) | |
| download | extras-a2654741ab7fb7fe4a554d9564e7908e85652412.tar.gz | |
Merge "libfscrypt: Support hardware wrapped keys"
| -rw-r--r-- | libfscrypt/fscrypt.cpp | 13 | ||||
| -rw-r--r-- | libfscrypt/include/fscrypt/fscrypt.h | 1 |
2 files changed, 13 insertions, 1 deletions
diff --git a/libfscrypt/fscrypt.cpp b/libfscrypt/fscrypt.cpp index a1f1fc4c..9ea8cd33 100644 --- a/libfscrypt/fscrypt.cpp +++ b/libfscrypt/fscrypt.cpp @@ -131,6 +131,12 @@ static bool fscrypt_is_encrypted(int fd) { return ioctl(fd, FS_IOC_GET_ENCRYPTION_POLICY, &policy) == 0 || errno == EINVAL; } +bool operator!=(const EncryptionOptions& lhs, const EncryptionOptions& rhs) { + return !((lhs.version == rhs.version) && (lhs.contents_mode == rhs.contents_mode) && + (lhs.filenames_mode == rhs.filenames_mode) && (lhs.flags == rhs.flags) && + (lhs.use_hw_wrapped_key == rhs.use_hw_wrapped_key)); +} + bool OptionsToString(const EncryptionOptions& options, std::string* options_string) { std::string contents_mode, filenames_mode; if (!LookupModeById(contents_modes, options.contents_mode, &contents_mode)) { @@ -143,12 +149,15 @@ bool OptionsToString(const EncryptionOptions& options, std::string* options_stri if ((options.flags & FSCRYPT_POLICY_FLAG_IV_INO_LBLK_64)) { *options_string += "+inlinecrypt_optimized"; } + if (options.use_hw_wrapped_key) { + *options_string += "+wrappedkey_v0"; + } EncryptionOptions options_check; if (!ParseOptions(*options_string, &options_check)) { LOG(ERROR) << "Internal error serializing options as string: " << *options_string; return false; } - if (memcmp(&options, &options_check, sizeof(options_check)) != 0) { + if (options != options_check) { LOG(ERROR) << "Internal error serializing options as string, round trip failed: " << *options_string; return false; @@ -187,6 +196,8 @@ bool ParseOptions(const std::string& options_string, EncryptionOptions* options) options->version = 2; } else if (flag == "inlinecrypt_optimized") { options->flags |= FSCRYPT_POLICY_FLAG_IV_INO_LBLK_64; + } else if (flag == "wrappedkey_v0") { + options->use_hw_wrapped_key = true; } else { LOG(ERROR) << "Unknown flag: " << flag; return false; diff --git a/libfscrypt/include/fscrypt/fscrypt.h b/libfscrypt/include/fscrypt/fscrypt.h index ca051f4a..18fb4fc3 100644 --- a/libfscrypt/include/fscrypt/fscrypt.h +++ b/libfscrypt/include/fscrypt/fscrypt.h @@ -34,6 +34,7 @@ struct EncryptionOptions { int contents_mode; int filenames_mode; int flags; + bool use_hw_wrapped_key; // Ensure that "version" is not valid on creation and so must be explicitly set EncryptionOptions() : version(0) {} |