From f56d553babc368e557fe90513e78a5ba06626b0d Mon Sep 17 00:00:00 2001 From: Paul Crowley Date: Sun, 22 Mar 2020 08:02:06 -0700 Subject: [PATCH] Choose options format using property To make it easier to support disk formats created using old versions of dm-default-key with new kernels, choose the disk format to use based on options_format_version and first_api_version properties instead of checking the version number of the kernel module. Bug: 150761030 Test: crosshatch and cuttlefish boot normally; cuttlefish fails with "default-key: Not enough arguments" as expected when option is set to 1 Change-Id: Ib51071b7c316ce074de72439741087b18335048c --- MetadataCrypt.cpp | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/MetadataCrypt.cpp b/MetadataCrypt.cpp index 8227e74..7b2219b 100644 --- a/MetadataCrypt.cpp +++ b/MetadataCrypt.cpp @@ -58,7 +58,7 @@ using namespace android::dm; // Parsed from metadata options struct CryptoOptions { struct CryptoType cipher = invalid_crypto_type; - bool is_legacy = false; + bool use_legacy_options_format = false; bool set_dun = true; // Non-legacy driver always sets DUN bool use_hw_wrapped_key = false; }; @@ -211,7 +211,7 @@ static bool create_crypto_blk_dev(const std::string& dm_name, const std::string& auto target = std::make_unique(0, *nr_sec, options.cipher.get_kernel_name(), hex_key, blk_device, 0); - if (options.is_legacy) target->SetIsLegacy(); + if (options.use_legacy_options_format) target->SetUseLegacyOptionsFormat(); if (options.set_dun) target->SetSetDun(); if (options.use_hw_wrapped_key) target->SetWrappedKeyV0(); @@ -287,25 +287,30 @@ bool fscrypt_mount_metadata_encrypted(const std::string& blk_device, const std:: return false; } - bool is_legacy; - if (!DmTargetDefaultKey::IsLegacy(&is_legacy)) return false; + constexpr unsigned int pre_gki_level = 29; + unsigned int options_format_version = android::base::GetUintProperty( + "ro.crypto.dm_default_key.options_format.version", + (GetFirstApiLevel() <= pre_gki_level ? 1 : 2)); CryptoOptions options; - if (is_legacy) { + if (options_format_version == 1) { if (!data_rec->metadata_encryption.empty()) { LOG(ERROR) << "metadata_encryption options cannot be set in legacy mode"; return false; } options.cipher = legacy_aes_256_xts; - options.is_legacy = true; + options.use_legacy_options_format = true; options.set_dun = android::base::GetBoolProperty("ro.crypto.set_dun", false); if (!options.set_dun && data_rec->fs_mgr_flags.checkpoint_blk) { LOG(ERROR) << "Block checkpoints and metadata encryption require ro.crypto.set_dun option"; return false; } - } else { + } else if (options_format_version == 2) { if (!parse_options(data_rec->metadata_encryption, &options)) return false; + } else { + LOG(ERROR) << "Unknown options_format_version: " << options_format_version; + return false; } auto gen = needs_encrypt ? makeGen(options) : neverGen();