fscrypt: integrate v1 processing into TWRP
Change-Id: I3bf9c14b818f9c3e0570c44c82bf0769fcec907f
This commit is contained in:
+53
-17
@@ -98,12 +98,22 @@ inline std::string hidlVec2String(const ::keystore::hidl_vec<uint8_t>& value) {
|
||||
}
|
||||
|
||||
static bool lookup_ref_key_internal(std::map<userid_t, android::fscrypt::EncryptionPolicy> key_map, const uint8_t* policy, userid_t* user_id) {
|
||||
#ifdef USE_FSCRYPT_POLICY_V1
|
||||
char policy_string_hex[FS_KEY_DESCRIPTOR_SIZE_HEX];
|
||||
char key_map_hex[FS_KEY_DESCRIPTOR_SIZE_HEX];
|
||||
bytes_to_hex(policy, FS_KEY_DESCRIPTOR_SIZE, policy_string_hex);
|
||||
#else
|
||||
char policy_string_hex[FSCRYPT_KEY_IDENTIFIER_HEX_SIZE];
|
||||
char key_map_hex[FSCRYPT_KEY_IDENTIFIER_HEX_SIZE];
|
||||
bytes_to_hex(policy, FSCRYPT_KEY_IDENTIFIER_SIZE, policy_string_hex);
|
||||
#endif
|
||||
|
||||
for (std::map<userid_t, android::fscrypt::EncryptionPolicy>::iterator it=key_map.begin(); it!=key_map.end(); ++it) {
|
||||
#ifdef USE_FSCRYPT_POLICY_V1
|
||||
bytes_to_hex(reinterpret_cast<const uint8_t*>(&it->second.key_raw_ref[0]), FS_KEY_DESCRIPTOR_SIZE, key_map_hex);
|
||||
#else
|
||||
bytes_to_hex(reinterpret_cast<const uint8_t*>(&it->second.key_raw_ref[0]), FSCRYPT_KEY_IDENTIFIER_SIZE, key_map_hex);
|
||||
#endif
|
||||
std::string key_map_hex_string = std::string(key_map_hex);
|
||||
if (key_map_hex_string == policy_string_hex) {
|
||||
*user_id = it->first;
|
||||
@@ -114,29 +124,49 @@ static bool lookup_ref_key_internal(std::map<userid_t, android::fscrypt::Encrypt
|
||||
}
|
||||
|
||||
#ifdef USE_FSCRYPT_POLICY_V1
|
||||
extern "C" bool lookup_ref_key(fscrypt_policy_v1* v1, uint8_t* policy_type) {
|
||||
extern "C" bool lookup_ref_key(fscrypt_policy_v1* fep, uint8_t* policy_type) {
|
||||
#else
|
||||
extern "C" bool lookup_ref_key(fscrypt_policy_v2* v2, uint8_t* policy_type) {
|
||||
extern "C" bool lookup_ref_key(fscrypt_policy_v2* fep, uint8_t* policy_type) {
|
||||
#endif
|
||||
userid_t user_id = 0;
|
||||
std::string policy_type_string;
|
||||
|
||||
char policy_hex[FSCRYPT_KEY_IDENTIFIER_HEX_SIZE];
|
||||
bytes_to_hex(v2->master_key_identifier, FSCRYPT_KEY_IDENTIFIER_SIZE, policy_hex);
|
||||
if (std::strncmp((const char*) v2->master_key_identifier, de_key_raw_ref.c_str(), FSCRYPT_KEY_IDENTIFIER_SIZE) == 0) {
|
||||
policy_type_string = "0DK";
|
||||
#ifdef USE_FSCRYPT_POLICY_V1
|
||||
char policy_hex[FS_KEY_DESCRIPTOR_SIZE_HEX];
|
||||
bytes_to_hex(fep->master_key_descriptor, FS_KEY_DESCRIPTOR_SIZE, policy_hex);
|
||||
if (std::strncmp((const char*)fep->master_key_descriptor, de_key_raw_ref.c_str(), FS_KEY_DESCRIPTOR_SIZE) == 0) {
|
||||
policy_type_string = SYSTEM_DE_FSCRYPT_POLICY;
|
||||
memcpy(policy_type, policy_type_string.data(), policy_type_string.size());
|
||||
return true;
|
||||
}
|
||||
if (!lookup_ref_key_internal(s_de_policies, v2->master_key_identifier, &user_id)) {
|
||||
if (!lookup_ref_key_internal(s_ce_policies, v2->master_key_identifier, &user_id)) {
|
||||
if (!lookup_ref_key_internal(s_de_policies, fep->master_key_descriptor, &user_id)) {
|
||||
if (!lookup_ref_key_internal(s_ce_policies, fep->master_key_descriptor, &user_id)) {
|
||||
return false;
|
||||
} else {
|
||||
policy_type_string = "0CE" + std::to_string(user_id);
|
||||
policy_type_string = USER_CE_FSCRYPT_POLICY + std::to_string(user_id);
|
||||
}
|
||||
} else {
|
||||
policy_type_string = "0DE" + std::to_string(user_id);
|
||||
policy_type_string = USER_DE_FSCRYPT_POLICY + std::to_string(user_id);
|
||||
}
|
||||
#else
|
||||
char policy_hex[FSCRYPT_KEY_IDENTIFIER_HEX_SIZE];
|
||||
bytes_to_hex(fep->master_key_identifier, FSCRYPT_KEY_IDENTIFIER_SIZE, policy_hex);
|
||||
if (std::strncmp((const char*)fep->master_key_identifier, de_key_raw_ref.c_str(), FSCRYPT_KEY_IDENTIFIER_SIZE) == 0) {
|
||||
policy_type_string = SYSTEM_DE_FSCRYPT_POLICY;
|
||||
memcpy(policy_type, policy_type_string.data(), policy_type_string.size());
|
||||
return true;
|
||||
}
|
||||
if (!lookup_ref_key_internal(s_de_policies, fep->master_key_identifier, &user_id)) {
|
||||
if (!lookup_ref_key_internal(s_ce_policies, fep->master_key_identifier, &user_id)) {
|
||||
return false;
|
||||
} else {
|
||||
policy_type_string = USER_CE_FSCRYPT_POLICY + std::to_string(user_id);
|
||||
}
|
||||
} else {
|
||||
policy_type_string = USER_DE_FSCRYPT_POLICY + std::to_string(user_id);
|
||||
}
|
||||
#endif
|
||||
|
||||
memcpy(policy_type, policy_type_string.data(), policy_type_string.size());
|
||||
LOG(INFO) << "storing policy type: " << policy_type;
|
||||
return true;
|
||||
@@ -144,30 +174,39 @@ extern "C" bool lookup_ref_key(fscrypt_policy_v2* v2, uint8_t* policy_type) {
|
||||
|
||||
extern "C" bool lookup_ref_tar(const uint8_t* policy_type, uint8_t* policy) {
|
||||
std::string policy_type_string = std::string((char *) policy_type);
|
||||
#ifdef USE_FSCRYPT_POLICY_V1
|
||||
char policy_hex[FS_KEY_DESCRIPTOR_SIZE_HEX];
|
||||
bytes_to_hex(policy_type, FS_KEY_DESCRIPTOR_SIZE, policy_hex);
|
||||
#else
|
||||
char policy_hex[FSCRYPT_KEY_IDENTIFIER_HEX_SIZE];
|
||||
bytes_to_hex(policy_type, FSCRYPT_KEY_IDENTIFIER_SIZE, policy_hex);
|
||||
#endif
|
||||
|
||||
userid_t user_id = atoi(policy_type_string.substr(3, 4).c_str());
|
||||
|
||||
// TODO Update version # and make magic strings
|
||||
if (policy_type_string.substr(0,1) != "0") {
|
||||
#ifdef USE_FSCRYPT_POLICY_V1
|
||||
if (policy_type_string.substr(0,1) != FSCRYPT_V1) {
|
||||
#else
|
||||
if (policy_type_string.substr(0,1) != FSCRYPT_V2) {
|
||||
#endif
|
||||
LOG(ERROR) << "Unexpected version:" << policy_type[0];
|
||||
return false;
|
||||
}
|
||||
|
||||
if (policy_type_string.substr(1, 2) == "DK") {
|
||||
if (policy_type_string.substr(1, 2) == SYSTEM_DE_KEY) {
|
||||
memcpy(policy, de_key_raw_ref.data(), de_key_raw_ref.size());
|
||||
return true;
|
||||
}
|
||||
|
||||
std::string raw_ref;
|
||||
|
||||
if (policy_type_string.substr(1, 1) == "D") {
|
||||
if (policy_type_string.substr(1, 1) == USER_DE_KEY) {
|
||||
if (lookup_key_ref(s_de_policies, user_id, &raw_ref)) {
|
||||
memcpy(policy, raw_ref.data(), raw_ref.size());
|
||||
} else
|
||||
return false;
|
||||
} else if (policy_type_string.substr(1, 1) == "C") {
|
||||
} else if (policy_type_string.substr(1, 1) == USER_CE_KEY) {
|
||||
if (lookup_key_ref(s_ce_policies, user_id, &raw_ref)) {
|
||||
memcpy(policy, raw_ref.data(), raw_ref.size());
|
||||
} else
|
||||
@@ -176,9 +215,6 @@ extern "C" bool lookup_ref_tar(const uint8_t* policy_type, uint8_t* policy) {
|
||||
LOG(ERROR) << "unknown policy type: " << policy_type;
|
||||
return false;
|
||||
}
|
||||
|
||||
char found_policy_hex[FSCRYPT_KEY_IDENTIFIER_HEX_SIZE];
|
||||
bytes_to_hex(policy, FSCRYPT_KEY_IDENTIFIER_SIZE, found_policy_hex);
|
||||
return true;
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user