commit 4a35ef0a53d1f8041adc8bf49585e700bb7af803
author Greg Kaiser <gkaiser@google.com> Fri Feb 09 17:01:06 2018 -0800
committer Greg Kaiser <gkaiser@google.com> Fri Feb 09 17:21:33 2018 -0800
tree ad0389e8ee1518d3f2ac7b92246b097e6ebfe691
parent 1452b27d4e445d71863d2bc2afce2825b9f68f13

cryptfs: Make decrypted key buffers large enough

Looking at the EVP_DecryptUpdate() documentation, we need a
buffer which isn't just the keysize, but also provides the
cipher block length minus one byte extra.  For EVP_aes_128_cbc(),
that block length is 16, but we use the maximum block length to
be safe for any future cipher change.

For two of our decrypted_master_key usages, the buffer was
already sufficiently sized.  But for one of our instances,
in cryptfs_enable_internal(), the buffer was previously
smaller than this.  So this CL represents a possible behavior
change if we were ever overrunning that buffer.

Bug: 73079191, 73176599
Test: Flashed an encrypted sailfish and it booted.

Change-Id: Ic5043340910dc7d625e6e5baedbca5bd4b2bfb03

cryptfs.cpp

diff --git a/cryptfs.cpp b/cryptfs.cpp
index 1d21124..f500a15 100644
--- a/cryptfs.cpp
+++ b/cryptfs.cpp
@@ -98,6 +98,11 @@
 
 #define CREATE_CRYPTO_BLK_DEV_FLAGS_ALLOW_ENCRYPT_OVERRIDE (1)
 
+// EVP_DecryptUpdate() requires not just our key length, but up to
+// block length - 1 additional bytes for its work.  We provide a buffer
+// size that will work for all possible ciphers.
+#define DECRYPTED_MASTER_KEY_BUF_SIZE (KEY_LEN_BYTES + EVP_MAX_BLOCK_LENGTH - 1)
+
 static int put_crypt_ftr_and_key(struct crypt_mnt_ftr* crypt_ftr);
 
 static unsigned char saved_master_key[KEY_LEN_BYTES];
@@ -1595,8 +1600,7 @@
 static int test_mount_encrypted_fs(struct crypt_mnt_ftr* crypt_ftr,
                                    const char *passwd, const char *mount_point, const char *label)
 {
-  /* Allocate enough space for a 256 bit key, but we may use less */
-  unsigned char decrypted_master_key[32];
+  unsigned char decrypted_master_key[DECRYPTED_MASTER_KEY_BUF_SIZE];
   char crypto_blkdev[MAXPATHLEN];
   char real_blkdev[MAXPATHLEN];
   char tmp_mount_point[64];
@@ -1853,8 +1857,7 @@
 int cryptfs_verify_passwd(const char *passwd)
 {
     struct crypt_mnt_ftr crypt_ftr;
-    /* Allocate enough space for a 256 bit key, but we may use less */
-    unsigned char decrypted_master_key[32];
+    unsigned char decrypted_master_key[DECRYPTED_MASTER_KEY_BUF_SIZE];
     char encrypted_state[PROPERTY_VALUE_MAX];
     int rc;
 
@@ -2004,7 +2007,7 @@
 
 int cryptfs_enable_internal(int crypt_type, const char* passwd, int no_ui) {
     char crypto_blkdev[MAXPATHLEN], real_blkdev[MAXPATHLEN];
-    unsigned char decrypted_master_key[KEY_LEN_BYTES];
+    unsigned char decrypted_master_key[DECRYPTED_MASTER_KEY_BUF_SIZE];
     int rc=-1, i;
     struct crypt_mnt_ftr crypt_ftr;
     struct crypt_persist_data *pdata;