cryptfs: Require ext disk crypt to match code
Our external partitions have no crypto header/footer, so we
only get the keysize and key. Our code has been implicitly
assuming that this keysize off of disk matches the crypto
type we have in our code (and thus matches the keysize our
code is using as well). We now make this assumption
explicit, and check for this and no longer allow external
code to pass a keysize in to cryptfs.
Bug: 73079191
Test: Compiled and tested in combination with other CLs.
Change-Id: I1a1996187e1aaad6f103982652b1bcdfd5be33ce
diff --git a/model/PrivateVolume.cpp b/model/PrivateVolume.cpp
index 48d041b..cf21577 100644
--- a/model/PrivateVolume.cpp
+++ b/model/PrivateVolume.cpp
@@ -65,6 +65,11 @@
if (CreateDeviceNode(mRawDevPath, mRawDevice)) {
return -EIO;
}
+ if (mKeyRaw.size() != cryptfs_get_keysize()) {
+ PLOG(ERROR) << getId() << " Raw keysize " << mKeyRaw.size() <<
+ " does not match crypt keysize " << cryptfs_get_keysize();
+ return -EIO;
+ }
// Recover from stale vold by tearing down any old mappings
cryptfs_revert_ext_volume(getId().c_str());
@@ -74,7 +79,7 @@
unsigned char* key = (unsigned char*) mKeyRaw.data();
char crypto_blkdev[MAXPATHLEN];
int res = cryptfs_setup_ext_volume(getId().c_str(), mRawDevPath.c_str(),
- key, mKeyRaw.size(), crypto_blkdev);
+ key, crypto_blkdev);
mDmDevPath = crypto_blkdev;
if (res != 0) {
PLOG(ERROR) << getId() << " failed to setup cryptfs";