3dfb094cb2
To prevent keys from being compromised if an attacker acquires read access to kernel memory, some inline encryption hardware supports protecting the keys in hardware without software having access to or the ability to set the plaintext keys. Instead, software only sees "wrapped keys", which may differ on every boot. 'wrappedkey_v0' fileencryption flag is used to denote that the device supports inline encryption hardware that supports this feature. On such devices keymaster is used to generate keys with STORAGE_KEY tag and export a per-boot ephemerally wrapped storage key to install it in the kernel. The wrapped key framework in the linux kernel ensures the wrapped key is provided to the inline encryption hardware where it is unwrapped and the file contents key is derived to encrypt contents without revealing the plaintext key in the clear. Test: FBE validation with Fscrypt v2 + inline crypt + wrapped key changes kernel. Bug: 147733587 Change-Id: I1f0de61b56534ec1df9baef075acb74bacd00758
68 lines
2.3 KiB
C++
68 lines
2.3 KiB
C++
/*
|
|
* Copyright (C) 2016 The Android Open Source Project
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* you may not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*/
|
|
|
|
#ifndef ANDROID_VOLD_KEYUTIL_H
|
|
#define ANDROID_VOLD_KEYUTIL_H
|
|
|
|
#include "KeyBuffer.h"
|
|
#include "KeyStorage.h"
|
|
|
|
#include <fscrypt/fscrypt.h>
|
|
|
|
#include <memory>
|
|
#include <string>
|
|
|
|
namespace android {
|
|
namespace vold {
|
|
|
|
using namespace android::fscrypt;
|
|
|
|
bool randomKey(KeyBuffer* key);
|
|
|
|
bool generateStorageKey(const EncryptionOptions& options, KeyBuffer* key);
|
|
|
|
bool isFsKeyringSupported(void);
|
|
|
|
// Install a file-based encryption key to the kernel, for use by encrypted files
|
|
// on the specified filesystem using the specified encryption policy version.
|
|
//
|
|
// For v1 policies, we use FS_IOC_ADD_ENCRYPTION_KEY if the kernel supports it.
|
|
// Otherwise we add the key to the legacy global session keyring.
|
|
//
|
|
// For v2 policies, we always use FS_IOC_ADD_ENCRYPTION_KEY; it's the only way
|
|
// the kernel supports.
|
|
//
|
|
// Returns %true on success, %false on failure. On success also sets *policy
|
|
// to the EncryptionPolicy used to refer to this key.
|
|
bool installKey(const std::string& mountpoint, const EncryptionOptions& options,
|
|
const KeyBuffer& key, EncryptionPolicy* policy);
|
|
|
|
// Evict a file-based encryption key from the kernel.
|
|
//
|
|
// We use FS_IOC_REMOVE_ENCRYPTION_KEY if the kernel supports it. Otherwise we
|
|
// remove the key from the legacy global session keyring.
|
|
//
|
|
// In the latter case, the caller is responsible for dropping caches.
|
|
bool evictKey(const std::string& mountpoint, const EncryptionPolicy& policy);
|
|
|
|
bool retrieveKey(bool create_if_absent, const KeyAuthentication& key_authentication,
|
|
const std::string& key_path, const std::string& tmp_path,
|
|
const EncryptionOptions& options, KeyBuffer* key, bool keepOld = true);
|
|
|
|
} // namespace vold
|
|
} // namespace android
|
|
|
|
#endif
|