From 90edd2e867b238e71ee198e3460e289cd7dee54c Mon Sep 17 00:00:00 2001 From: Peter Cai Date: Thu, 23 May 2019 16:32:22 +0800 Subject: ext4crypt: support wrappedkey for FBE Qualcomm devices use a special `wrappedkey` mode for FBE. This is ported from CAF https://source.codeaurora.org/quic/la/platform/system/vold/commit/?h=LA.UM.7.8.r4-01000-SDM710.0&id=9229262d893a8592f7bc1b4e8a8dab7aad8df68c, originally by folks at Mokee for vold https://mokeedev.review/c/MoKee/android_system_vold/+/34102. This patch ports the above changes to `ext4crypt`, which we can use in recovery. Note that since we do not have `fs_mgr` in the recovery, we cannot read the `wrappedkey` flag from fstab. Instead, similar to `fbe.contents`, we use a special property `fbe.data.wrappedkey` to indicate support for wrappedkey mode. Devices that need to use this should set this property to `true` to activate corresponding code. Change-Id: I79c2855d577156670b45c10c7c7b1fcd9fece8d9 --- crypto/ext4crypt/Keymaster4.cpp | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) (limited to 'crypto/ext4crypt/Keymaster4.cpp') diff --git a/crypto/ext4crypt/Keymaster4.cpp b/crypto/ext4crypt/Keymaster4.cpp index cebe1f1d5..e5c059a61 100644 --- a/crypto/ext4crypt/Keymaster4.cpp +++ b/crypto/ext4crypt/Keymaster4.cpp @@ -142,6 +142,32 @@ bool Keymaster::generateKey(const km::AuthorizationSet& inParams, std::string* k return true; } +bool Keymaster::exportKey(km::KeyFormat format, KeyBuffer& kmKey, const std::string& clientId, + const std::string& appData, std::string* key) { + auto kmKeyBlob = km::support::blob2hidlVec(std::string(kmKey.data(), kmKey.size())); + auto emptyAssign = NULL; + auto kmClientId = (clientId == "!") ? emptyAssign: km::support::blob2hidlVec(clientId); + auto kmAppData = (appData == "!") ? emptyAssign: km::support::blob2hidlVec(appData); + km::ErrorCode km_error; + auto hidlCb = [&](km::ErrorCode ret, const hidl_vec& exportedKeyBlob) { + km_error = ret; + if (km_error != km::ErrorCode::OK) return; + if(key) + key->assign(reinterpret_cast(&exportedKeyBlob[0]), + exportedKeyBlob.size()); + }; + auto error = mDevice->exportKey(format, kmKeyBlob, kmClientId, kmAppData, hidlCb); + if (!error.isOk()) { + LOG(ERROR) << "export_key failed: " << error.description(); + return false; + } + if (km_error != km::ErrorCode::OK) { + LOG(ERROR) << "export_key failed, code " << int32_t(km_error); + return false; + } + return true; +} + bool Keymaster::deleteKey(const std::string& key) { LOG(ERROR) << "not actually deleting key\n"; return true; -- cgit v1.2.3