mount, homedirs: Add support for multiple vault keysets
The original design of cryptohome supported multiple
"master" keys stored as:
master.0
master.1
...
master.n
It was used initially for atomic migrations to protect against data loss
on power down. That behavior was not maintained over time and support
for multiple key sets faded into the past.
This change refactors keyset (and another vestigial component, user salt)
support to support multiple files again. Subsequent CLs will enable
keys to be added or removed, and move migration over to this model.
An outstanding issues will be to ensure enforcement of TPM-backed keys
in the cases where it could be possible to have a mix of scrypt and tpm.
The remaining work (next CL) is to add DBus accessors (e.g., AddKey)
and add unittests around multi-key management. Additionally, unifying
vault keyset parsing via the vault_keyset.cc code and moving key migration
over to multi-key helpers needs to happen.
BUG=chromium:220243
TEST=unittest; Remainder need to be redone as this was rebased onto
the FreeDiskSpace change test CL:
normal sign-in, sign-out, re-signin. Manual multi-sign-in/out.
Change-Id: I4e253976c758f574dbb59af9670f3b36010e950e
Reviewed-on: https://gerrit.chromium.org/gerrit/58786
Commit-Queue: Will Drewry <wad@chromium.org>
Reviewed-by: Will Drewry <wad@chromium.org>
Tested-by: Will Drewry <wad@chromium.org>
12 files changed