diff options
author | Paul Crowley <paulcrowley@google.com> | 2017-06-28 16:08:04 -0700 |
---|---|---|
committer | Paul Crowley <paulcrowley@google.com> | 2017-06-28 16:09:00 -0700 |
commit | 071120776a023a726dbdcb2ca6fa5293367f0281 (patch) | |
tree | f06d811d47b6c0038eac5a16f143faa56d9a12c8 | |
parent | bd40570e257a05b6c197241a52ff1194ffde0ff7 (diff) | |
parent | 8e6f6a5cebf023905b37b0fc80d3ceec262a0d91 (diff) | |
download | vold-071120776a023a726dbdcb2ca6fa5293367f0281.tar.gz |
resolve merge conflicts of 8e6f6a5 to oc-dr1-dev-plus-aosp
Test: None
Change-Id: Icf7654b3200a4afd104f31aff8ce5b09867b7182
-rw-r--r-- | KeyUtil.cpp | 58 | ||||
-rw-r--r-- | KeyUtil.h | 1 |
2 files changed, 35 insertions, 24 deletions
diff --git a/KeyUtil.cpp b/KeyUtil.cpp index 865cc118..a75dfbbb 100644 --- a/KeyUtil.cpp +++ b/KeyUtil.cpp @@ -73,9 +73,16 @@ static bool fillKey(const std::string& key, ext4_encryption_key* ext4_key) { return true; } -std::string keyname(const std::string& raw_ref) { +static char const* const NAME_PREFIXES[] = { + "ext4", + "f2fs", + "fscrypt", + nullptr +}; + +static std::string keyname(const std::string& prefix, const std::string& raw_ref) { std::ostringstream o; - o << "ext4:"; + o << prefix << ":"; for (auto i : raw_ref) { o << std::hex << std::setw(2) << std::setfill('0') << (int)i; } @@ -98,37 +105,42 @@ bool installKey(const std::string& key, std::string* raw_ref) { ext4_encryption_key ext4_key; if (!fillKey(key, &ext4_key)) return false; *raw_ref = generateKeyRef(ext4_key.raw, ext4_key.size); - auto ref = keyname(*raw_ref); key_serial_t device_keyring; if (!e4cryptKeyring(&device_keyring)) return false; - key_serial_t key_id = - add_key("logon", ref.c_str(), (void*)&ext4_key, sizeof(ext4_key), device_keyring); - if (key_id == -1) { - PLOG(ERROR) << "Failed to insert key into keyring " << device_keyring; - return false; + for (char const* const* name_prefix = NAME_PREFIXES; *name_prefix != nullptr; name_prefix++) { + auto ref = keyname(*name_prefix, *raw_ref); + key_serial_t key_id = + add_key("logon", ref.c_str(), (void*)&ext4_key, sizeof(ext4_key), device_keyring); + if (key_id == -1) { + PLOG(ERROR) << "Failed to insert key into keyring " << device_keyring; + return false; + } + LOG(DEBUG) << "Added key " << key_id << " (" << ref << ") to keyring " << device_keyring + << " in process " << getpid(); } - LOG(DEBUG) << "Added key " << key_id << " (" << ref << ") to keyring " << device_keyring - << " in process " << getpid(); - return true; } bool evictKey(const std::string& raw_ref) { - auto ref = keyname(raw_ref); key_serial_t device_keyring; if (!e4cryptKeyring(&device_keyring)) return false; - auto key_serial = keyctl_search(device_keyring, "logon", ref.c_str(), 0); - - // Unlink the key from the keyring. Prefer unlinking to revoking or - // invalidating, since unlinking is actually no less secure currently, and - // it avoids bugs in certain kernel versions where the keyring key is - // referenced from places it shouldn't be. - if (keyctl_unlink(key_serial, device_keyring) != 0) { - PLOG(ERROR) << "Failed to unlink key with serial " << key_serial << " ref " << ref; - return false; + bool success = true; + for (char const* const* name_prefix = NAME_PREFIXES; *name_prefix != nullptr; name_prefix++) { + auto ref = keyname(*name_prefix, raw_ref); + auto key_serial = keyctl_search(device_keyring, "logon", ref.c_str(), 0); + + // Unlink the key from the keyring. Prefer unlinking to revoking or + // invalidating, since unlinking is actually no less secure currently, and + // it avoids bugs in certain kernel versions where the keyring key is + // referenced from places it shouldn't be. + if (keyctl_unlink(key_serial, device_keyring) != 0) { + PLOG(ERROR) << "Failed to unlink key with serial " << key_serial << " ref " << ref; + success = false; + } else { + LOG(DEBUG) << "Unlinked key with serial " << key_serial << " ref " << ref; + } } - LOG(DEBUG) << "Unlinked key with serial " << key_serial << " ref " << ref; - return true; + return success; } bool retrieveAndInstallKey(bool create_if_absent, const std::string& key_path, @@ -36,7 +36,6 @@ struct ext4_encryption_key { uint32_t size; }; -std::string keyname(const std::string& raw_ref); bool randomKey(std::string* key); bool installKey(const std::string& key, std::string* raw_ref); bool evictKey(const std::string& raw_ref); |