When we forget a volume, forget per-volume key
Protect all per-volume-per-user keys with a per-volume key, which is
forgotten when the volume is forgotten. This means that the user's key
is securely lost even when their storage is encrypted at forgetting
time.
Bug: 25861755
Test: create a volume, forget it, check logs and filesystem.
Change-Id: I8df77bc91bbfa2258e082ddd54d6160dbf39b378
diff --git a/KeyUtil.cpp b/KeyUtil.cpp
index dbc73c1..9885440 100644
--- a/KeyUtil.cpp
+++ b/KeyUtil.cpp
@@ -161,12 +161,13 @@
return success;
}
-bool retrieveAndInstallKey(bool create_if_absent, const std::string& key_path,
- const std::string& tmp_path, std::string* key_ref) {
+bool retrieveAndInstallKey(bool create_if_absent, const KeyAuthentication& key_authentication,
+ const std::string& key_path, const std::string& tmp_path,
+ std::string* key_ref) {
KeyBuffer key;
if (pathExists(key_path)) {
LOG(DEBUG) << "Key exists, using: " << key_path;
- if (!retrieveKey(key_path, kEmptyAuthentication, &key)) return false;
+ if (!retrieveKey(key_path, key_authentication, &key)) return false;
} else {
if (!create_if_absent) {
LOG(ERROR) << "No key found in " << key_path;
@@ -174,8 +175,7 @@
}
LOG(INFO) << "Creating new key in " << key_path;
if (!randomKey(&key)) return false;
- if (!storeKeyAtomically(key_path, tmp_path,
- kEmptyAuthentication, key)) return false;
+ if (!storeKeyAtomically(key_path, tmp_path, key_authentication, key)) return false;
}
if (!installKey(key, key_ref)) {