Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_vold / 77df7f207dcef1f967695fca2e131097abebe28c^! / . / KeyUtil.h
commit77df7f207dcef1f967695fca2e131097abebe28c[log] [tgz]
authorPaul Crowley <paulcrowley@google.com>Thu Jan 23 15:29:30 2020 -0800
committerPaul Crowley <paulcrowley@google.com>Tue Jan 28 11:17:58 2020 -0800
tree489bac5ff46816eed4adf17b11cf61044b96166c
parent432ca5af06a540f627a3b82c870b9ec099f309b7 [diff] [blame]
Refactor to use EncryptionPolicy everywhere we used to use raw_ref

Test: Boots, no bad log messages: Cuttlefish with v2 policies, Taimen
Bug: 147733587
Change-Id: Ice4acac3236b6b7d90e60a2f57b46814aa1949f5

diff --git a/KeyUtil.h b/KeyUtil.h
index f6799d9..be5a2ed 100644
--- a/KeyUtil.h
+++ b/KeyUtil.h

@@ -20,25 +20,45 @@
 #include "KeyBuffer.h"
 #include "KeyStorage.h"
 
+#include <fscrypt/fscrypt.h>
+
 #include <memory>
 #include <string>
 
 namespace android {
 namespace vold {
 
+using namespace android::fscrypt;
+
 bool randomKey(KeyBuffer* key);
 
 bool isFsKeyringSupported(void);
 
-bool installKey(const KeyBuffer& key, const std::string& mountpoint, int policy_version,
-                std::string* raw_ref);
-bool evictKey(const std::string& mountpoint, const std::string& raw_ref, int policy_version);
-bool retrieveAndInstallKey(bool create_if_absent, const KeyAuthentication& key_authentication,
-                           const std::string& key_path, const std::string& tmp_path,
-                           const std::string& volume_uuid, int policy_version,
-                           std::string* key_ref);
-bool retrieveKey(bool create_if_absent, const std::string& key_path, const std::string& tmp_path,
-                 KeyBuffer* key, bool keepOld = true);
+// Install a file-based encryption key to the kernel, for use by encrypted files
+// on the specified filesystem using the specified encryption policy version.
+//
+// For v1 policies, we use FS_IOC_ADD_ENCRYPTION_KEY if the kernel supports it.
+// Otherwise we add the key to the legacy global session keyring.
+//
+// For v2 policies, we always use FS_IOC_ADD_ENCRYPTION_KEY; it's the only way
+// the kernel supports.
+//
+// Returns %true on success, %false on failure.  On success also sets *policy
+// to the EncryptionPolicy used to refer to this key.
+bool installKey(const std::string& mountpoint, const EncryptionOptions& options,
+                const KeyBuffer& key, EncryptionPolicy* policy);
+
+// Evict a file-based encryption key from the kernel.
+//
+// We use FS_IOC_REMOVE_ENCRYPTION_KEY if the kernel supports it.  Otherwise we
+// remove the key from the legacy global session keyring.
+//
+// In the latter case, the caller is responsible for dropping caches.
+bool evictKey(const std::string& mountpoint, const EncryptionPolicy& policy);
+
+bool retrieveKey(bool create_if_absent, const KeyAuthentication& key_authentication,
+                 const std::string& key_path, const std::string& tmp_path, KeyBuffer* key,
+                 bool keepOld = true);
 
 }  // namespace vold
 }  // namespace android