cryptfs_hw/cryptfs_hw.c - fp2-dev/device/qcom/common - Gitiles

 /* Copyright (c) 2014, The Linux Foundation. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are
  * met:
  *   * Redistributions of source code must retain the above copyright
  *     notice, this list of conditions and the following disclaimer.
  *   * Redistributions in binary form must reproduce the above
  *     copyright notice, this list of conditions and the following
  *     disclaimer in the documentation and/or other materials provided
  *     with the distribution.
  *   * Neither the name of The Linux Foundation nor the names of its
  *     contributors may be used to endorse or promote products derived
  *     from this software without specific prior written permission.
  *
  * THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
  * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
  * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
  * ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
  * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
  * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
  * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
  * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
  * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */

 #include <cryptfs_hw.h>
 #include <stdlib.h>
 #include <sys/limits.h>
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <fcntl.h>
 #include <dirent.h>
 #include <dlfcn.h>
 #include "cutils/log.h"
 #include "cutils/properties.h"
 #include "cutils/android_reboot.h"


 // When device comes up or when user tries to change the password, user can
 // try wrong password upto a certain number of times. If user enters wrong
 // password further, HW would wipe all disk encryption related crypto data
 // and would return an error ERR_MAX_PASSWORD_ATTEMPTS to VOLD. VOLD would
 // wipe userdata partition once this error is received.
 #define ERR_MAX_PASSWORD_ATTEMPTS -10
 #define QSEECOM_DISK_ENCRYPTION 1
 #define QSEECOM_ICE_DISK_ENCRYPTION 3
 #define MAX_PASSWORD_LEN 32

 /* Operations that be performed on HW based device encryption key */
 #define SET_HW_DISK_ENC_KEY 1
 #define UPDATE_HW_DISK_ENC_KEY 2

 static int loaded_library = 0;
 static unsigned char current_passwd[MAX_PASSWORD_LEN];
 static int (*qseecom_create_key)(int, void*);
 static int (*qseecom_update_key)(int, void*, void*);
 static int (*qseecom_wipe_key)(int);

 static int map_usage(int usage)
 {
     return (is_ice_enabled() && (usage == QSEECOM_DISK_ENCRYPTION)) ?
                                           QSEECOM_ICE_DISK_ENCRYPTION : usage;
 }


 static unsigned char* get_tmp_passwd(const char* passwd)
 {
     int passwd_len = 0;
     unsigned char * tmp_passwd = NULL;
     if(passwd) {
         tmp_passwd = (unsigned char*)malloc(MAX_PASSWORD_LEN);
         if(tmp_passwd) {
             memset(tmp_passwd, 0, MAX_PASSWORD_LEN);
             passwd_len = (strlen(passwd) > MAX_PASSWORD_LEN) ? MAX_PASSWORD_LEN : strlen(passwd);
             memcpy(tmp_passwd, passwd, passwd_len);
         } else {
             SLOGE("%s: Failed to allocate memory for tmp passwd \n", __func__);
         }
     } else {
         SLOGE("%s: Passed argument is NULL \n", __func__);
     }
     return tmp_passwd;
 }

 static void wipe_userdata()
 {
     mkdir("/cache/recovery", 0700);
     int fd = open("/cache/recovery/command", O_RDWR|O_CREAT|O_TRUNC|O_NOFOLLOW, 0600);
     if (fd >= 0) {
         write(fd, "--wipe_data", strlen("--wipe_data") + 1);
         close(fd);
     } else {
         SLOGE("could not open /cache/recovery/command\n");
     }
     android_reboot(ANDROID_RB_RESTART2, 0, "recovery");
 }

 static int load_qseecom_library()
 {
     const char *error = NULL;
     if (loaded_library)
         return loaded_library;

     void * handle = dlopen("/vendor/lib/libQSEEComAPI.so", RTLD_NOW);
     if(handle) {
         dlerror(); /* Clear any existing error */
         *(void **) (&qseecom_create_key) = dlsym(handle,"QSEECom_create_key");

         if((error = dlerror()) == NULL) {
             SLOGD("Success loading QSEECom_create_key \n");
             *(void **) (&qseecom_update_key) = dlsym(handle,"QSEECom_update_key_user_info");
             if ((error = dlerror()) == NULL) {
                 SLOGD("Success loading QSEECom_update_key_user_info\n");
                 *(void **) (&qseecom_wipe_key) = dlsym(handle,"QSEECom_wipe_key");
                 if ((error = dlerror()) == NULL) {
                     loaded_library = 1;
                     SLOGD("Success loading QSEECom_wipe_key \n");
                 }
                 else
                     SLOGE("Error %s loading symbols for QSEECom APIs \n", error);
             }
             else
                 SLOGE("Error %s loading symbols for QSEECom APIs \n", error);
         }
     } else {
         SLOGE("Could not load libQSEEComAPI.so \n");
     }

     if(error)
         dlclose(handle);

     return loaded_library;
 }

 /*
  * For NON-ICE targets, it would return 0 on success. On ICE based targets,
  * it would return key index in the ICE Key LUT
  */
 static int set_key(const char* passwd, const char* enc_mode, int operation)
 {
     int err = -1;
     if (is_hw_disk_encryption(enc_mode) && load_qseecom_library()) {
         unsigned char* tmp_passwd = get_tmp_passwd(passwd);
         if(tmp_passwd) {
             if (operation == UPDATE_HW_DISK_ENC_KEY)
                 err = qseecom_update_key(map_usage(QSEECOM_DISK_ENCRYPTION), current_passwd, tmp_passwd);
             else if (operation == SET_HW_DISK_ENC_KEY)
                 err = qseecom_create_key(map_usage(QSEECOM_DISK_ENCRYPTION), tmp_passwd);

             if(err >= 0) {
                 memset(current_passwd, 0, MAX_PASSWORD_LEN);
                 memcpy(current_passwd, tmp_passwd, MAX_PASSWORD_LEN);
             } else {
                 if(ERR_MAX_PASSWORD_ATTEMPTS == err)
                     wipe_userdata();
             }
             free(tmp_passwd);
         }
     }
     return err;
 }

 int set_hw_device_encryption_key(const char* passwd, const char* enc_mode)
 {
     return set_key(passwd, enc_mode, SET_HW_DISK_ENC_KEY);
 }

 int update_hw_device_encryption_key(const char* newpw, const char* enc_mode)
 {

     return set_key(newpw, enc_mode, UPDATE_HW_DISK_ENC_KEY);
 }

 unsigned int is_hw_disk_encryption(const char* encryption_mode)
 {
     int ret = 0;
     if(encryption_mode) {
         if (!strcmp(encryption_mode, "aes-xts")) {
             SLOGD("HW based disk encryption is enabled \n");
             ret = 1;
         }
     }
     return ret;
 }

 int is_ice_enabled(void)
 {
     /* If (USE_ICE_FLAG) => return 1
      * if (property set to use gpce) return 0
      * we are using property to test UFS + GPCE, even though not required
      * if (storage is ufs) return 1
      * else return 0 so that emmc based device can work properly
      */
 #ifdef USE_ICE_FOR_STORAGE_ENCRYPTION
     SLOGD("Ice enabled = true");
     return 1;
 #else
     char enc_hw_type[PATH_MAX];
     char prop_storage[PATH_MAX];
     int ice = 0;
     int i;
     if (property_get("crypto.fde_enc_hw_type", enc_hw_type, "")) {
         if(!strncmp(enc_hw_type, "gpce", PROPERTY_VALUE_MAX)) {
             SLOGD("GPCE would be used for HW FDE");
             return 0;
         }
     }

     if (property_get("ro.boot.bootdevice", prop_storage, "")) {
         if(strstr(prop_storage, "ufs")) {
             SLOGD("ICE would be used for HW FDE");
             return 1;
         }
     }
     SLOGD("GPCE would be used for HW FDE");
     return 0;
 #endif
 }

 int wipe_hw_device_encryption_key(const char* enc_mode)
 {
     if (!enc_mode)
         return -1;

     if (is_hw_disk_encryption(enc_mode) && load_qseecom_library())
         return qseecom_wipe_key(map_usage(QSEECOM_DISK_ENCRYPTION));

     return 0;
 }
	/* Copyright (c) 2014, The Linux Foundation. All rights reserved.
	*
	* Redistribution and use in source and binary forms, with or without
	* modification, are permitted provided that the following conditions are
	* met:
	* * Redistributions of source code must retain the above copyright
	* notice, this list of conditions and the following disclaimer.
	* * Redistributions in binary form must reproduce the above
	* copyright notice, this list of conditions and the following
	* disclaimer in the documentation and/or other materials provided
	* with the distribution.
	* * Neither the name of The Linux Foundation nor the names of its
	* contributors may be used to endorse or promote products derived
	* from this software without specific prior written permission.
	*
	* THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
	* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
	* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
	* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
	* BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
	* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
	* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
	* BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
	* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
	* OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
	* IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
	*/

	#include <cryptfs_hw.h>
	#include <stdlib.h>
	#include <sys/limits.h>
	#include <sys/types.h>
	#include <sys/stat.h>
	#include <fcntl.h>
	#include <dirent.h>
	#include <dlfcn.h>
	#include "cutils/log.h"
	#include "cutils/properties.h"
	#include "cutils/android_reboot.h"


	// When device comes up or when user tries to change the password, user can
	// try wrong password upto a certain number of times. If user enters wrong
	// password further, HW would wipe all disk encryption related crypto data
	// and would return an error ERR_MAX_PASSWORD_ATTEMPTS to VOLD. VOLD would
	// wipe userdata partition once this error is received.
	#define ERR_MAX_PASSWORD_ATTEMPTS -10
	#define QSEECOM_DISK_ENCRYPTION 1
	#define QSEECOM_ICE_DISK_ENCRYPTION 3
	#define MAX_PASSWORD_LEN 32

	/* Operations that be performed on HW based device encryption key */
	#define SET_HW_DISK_ENC_KEY 1
	#define UPDATE_HW_DISK_ENC_KEY 2

	static int loaded_library = 0;
	static unsigned char current_passwd[MAX_PASSWORD_LEN];
	static int (qseecom_create_key)(int, void);
	static int (qseecom_update_key)(int, void, void*);
	static int (*qseecom_wipe_key)(int);

	static int map_usage(int usage)
	{
	return (is_ice_enabled() && (usage == QSEECOM_DISK_ENCRYPTION)) ?
	QSEECOM_ICE_DISK_ENCRYPTION : usage;
	}


	static unsigned char* get_tmp_passwd(const char* passwd)
	{
	int passwd_len = 0;
	unsigned char * tmp_passwd = NULL;
	if(passwd) {
	tmp_passwd = (unsigned char*)malloc(MAX_PASSWORD_LEN);
	if(tmp_passwd) {
	memset(tmp_passwd, 0, MAX_PASSWORD_LEN);
	passwd_len = (strlen(passwd) > MAX_PASSWORD_LEN) ? MAX_PASSWORD_LEN : strlen(passwd);
	memcpy(tmp_passwd, passwd, passwd_len);
	} else {
	SLOGE("%s: Failed to allocate memory for tmp passwd \n", __func__);
	}
	} else {
	SLOGE("%s: Passed argument is NULL \n", __func__);
	}
	return tmp_passwd;
	}

	static void wipe_userdata()
	{
	mkdir("/cache/recovery", 0700);
	int fd = open("/cache/recovery/command", O_RDWR\|O_CREAT\|O_TRUNC\|O_NOFOLLOW, 0600);
	if (fd >= 0) {
	write(fd, "--wipe_data", strlen("--wipe_data") + 1);
	close(fd);
	} else {
	SLOGE("could not open /cache/recovery/command\n");
	}
	android_reboot(ANDROID_RB_RESTART2, 0, "recovery");
	}

	static int load_qseecom_library()
	{
	const char *error = NULL;
	if (loaded_library)
	return loaded_library;

	void * handle = dlopen("/vendor/lib/libQSEEComAPI.so", RTLD_NOW);
	if(handle) {
	dlerror(); /* Clear any existing error */
	(void *) (&qseecom_create_key) = dlsym(handle,"QSEECom_create_key");

	if((error = dlerror()) == NULL) {
	SLOGD("Success loading QSEECom_create_key \n");
	(void *) (&qseecom_update_key) = dlsym(handle,"QSEECom_update_key_user_info");
	if ((error = dlerror()) == NULL) {
	SLOGD("Success loading QSEECom_update_key_user_info\n");
	(void *) (&qseecom_wipe_key) = dlsym(handle,"QSEECom_wipe_key");
	if ((error = dlerror()) == NULL) {
	loaded_library = 1;
	SLOGD("Success loading QSEECom_wipe_key \n");
	}
	else
	SLOGE("Error %s loading symbols for QSEECom APIs \n", error);
	}
	else
	SLOGE("Error %s loading symbols for QSEECom APIs \n", error);
	}
	} else {
	SLOGE("Could not load libQSEEComAPI.so \n");
	}

	if(error)
	dlclose(handle);

	return loaded_library;
	}

	/*
	* For NON-ICE targets, it would return 0 on success. On ICE based targets,
	* it would return key index in the ICE Key LUT
	*/
	static int set_key(const char* passwd, const char* enc_mode, int operation)
	{
	int err = -1;
	if (is_hw_disk_encryption(enc_mode) && load_qseecom_library()) {
	unsigned char* tmp_passwd = get_tmp_passwd(passwd);
	if(tmp_passwd) {
	if (operation == UPDATE_HW_DISK_ENC_KEY)
	err = qseecom_update_key(map_usage(QSEECOM_DISK_ENCRYPTION), current_passwd, tmp_passwd);
	else if (operation == SET_HW_DISK_ENC_KEY)
	err = qseecom_create_key(map_usage(QSEECOM_DISK_ENCRYPTION), tmp_passwd);

	if(err >= 0) {
	memset(current_passwd, 0, MAX_PASSWORD_LEN);
	memcpy(current_passwd, tmp_passwd, MAX_PASSWORD_LEN);
	} else {
	if(ERR_MAX_PASSWORD_ATTEMPTS == err)
	wipe_userdata();
	}
	free(tmp_passwd);
	}
	}
	return err;
	}

	int set_hw_device_encryption_key(const char* passwd, const char* enc_mode)
	{
	return set_key(passwd, enc_mode, SET_HW_DISK_ENC_KEY);
	}

	int update_hw_device_encryption_key(const char* newpw, const char* enc_mode)
	{

	return set_key(newpw, enc_mode, UPDATE_HW_DISK_ENC_KEY);
	}

	unsigned int is_hw_disk_encryption(const char* encryption_mode)
	{
	int ret = 0;
	if(encryption_mode) {
	if (!strcmp(encryption_mode, "aes-xts")) {
	SLOGD("HW based disk encryption is enabled \n");
	ret = 1;
	}
	}
	return ret;
	}

	int is_ice_enabled(void)
	{
	/* If (USE_ICE_FLAG) => return 1
	* if (property set to use gpce) return 0
	* we are using property to test UFS + GPCE, even though not required
	* if (storage is ufs) return 1
	* else return 0 so that emmc based device can work properly
	*/
	#ifdef USE_ICE_FOR_STORAGE_ENCRYPTION
	SLOGD("Ice enabled = true");
	return 1;
	#else
	char enc_hw_type[PATH_MAX];
	char prop_storage[PATH_MAX];
	int ice = 0;
	int i;
	if (property_get("crypto.fde_enc_hw_type", enc_hw_type, "")) {
	if(!strncmp(enc_hw_type, "gpce", PROPERTY_VALUE_MAX)) {
	SLOGD("GPCE would be used for HW FDE");
	return 0;
	}
	}

	if (property_get("ro.boot.bootdevice", prop_storage, "")) {
	if(strstr(prop_storage, "ufs")) {
	SLOGD("ICE would be used for HW FDE");
	return 1;
	}
	}
	SLOGD("GPCE would be used for HW FDE");
	return 0;
	#endif
	}

	int wipe_hw_device_encryption_key(const char* enc_mode)
	{
	if (!enc_mode)
	return -1;

	if (is_hw_disk_encryption(enc_mode) && load_qseecom_library())
	return qseecom_wipe_key(map_usage(QSEECOM_DISK_ENCRYPTION));

	return 0;
	}