cryptfshw/1.0/CryptfsHw.cpp - hardware/lineage/interfaces - Gitiles

 /*
  * Copyright (C) 2019 The LineageOS Project
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 #define LOG_TAG "vendor.qti.hardware.cryptfshw@1.0-impl-qti"

 #include "CryptfsHw.h"

 #include <android-base/logging.h>
 #include <android-base/properties.h>
 #include <android-base/unique_fd.h>
 #include <dlfcn.h>
 #include <linux/qseecom.h>

 #include "Types.h"

 namespace vendor {
 namespace qti {
 namespace hardware {
 namespace cryptfshw {
 namespace V1_0 {
 namespace implementation {

 using ::android::base::GetProperty;
 using ::android::base::unique_fd;

 namespace {
 bool IsHwDiskEncryption(const hidl_string& encryption_mode) {
     if (encryption_mode == "aes-xts") {
         LOG_TO(SYSTEM, DEBUG) << "HW based disk encryption is enabled";
         return true;
     }
     return false;
 }
 };  // anonymous namespace

 CryptfsHw::CryptfsHw(std::unique_ptr<ICryptfsHwController> controller)
     : controller_(std::move(controller)) {
     std::string bootdevice = GetProperty("ro.boot.bootdevice", "");

     if (bootdevice.find("ufs") != std::string::npos) {
         /*
          * All UFS based devices has ICE in it. So we dont need
          * to check if corresponding device exists or not
          */
         usage_ = CRYPTFS_HW_KM_USAGE_UFS_ICE_DISK_ENCRYPTION;
     } else if (bootdevice.find("sdhc") != std::string::npos && access("/dev/icesdcc", F_OK) != -1) {
         usage_ = CRYPTFS_HW_KM_USAGE_SDCC_ICE_DISK_ENCRYPTION;
     } else {
         usage_ = CRYPTFS_HW_KM_USAGE_DISK_ENCRYPTION;
     }
 }

 // Methods from ::vendor::qti::hardware::cryptfshw::V1_0::ICryptfsHw follow.
 Return<int32_t> CryptfsHw::setIceParam(uint32_t flag) {
 #ifdef QSEECOM_IOCTL_SET_ICE_INFO
     int32_t ret = -1;
     qseecom_ice_data_t ice_data;
     unique_fd qseecom_fd(open("/dev/qseecom", O_RDWR));
     if (qseecom_fd < 0) return ret;
     ice_data.flag = static_cast<int>(flag);
     ret = ioctl(qseecom_fd, QSEECOM_IOCTL_SET_ICE_INFO, &ice_data);
     return ret;
 #else
     (void)flag;
     return -1;
 #endif
 }

 Return<int32_t> CryptfsHw::setKey(const hidl_string& passwd, const hidl_string& enc_mode) {
     int err = -1;

     if (!IsHwDiskEncryption(enc_mode)) return err;

     err = controller_->createKey(usage_, passwd.c_str());
     if (err < 0) {
         if (ERR_MAX_PASSWORD_ATTEMPTS == err)
             LOG_TO(SYSTEM, INFO) << "Maximum wrong password attempts reached, will erase userdata";
     }

     return err;
 }

 Return<int32_t> CryptfsHw::updateKey(const hidl_string& oldpw, const hidl_string& newpw,
                                      const hidl_string& enc_mode) {
     int err = -1;

     if (!IsHwDiskEncryption(enc_mode)) return err;

     err = controller_->updateKey(usage_, oldpw.c_str(), newpw.c_str());
     if (err < 0) {
         if (ERR_MAX_PASSWORD_ATTEMPTS == err)
             LOG_TO(SYSTEM, INFO) << "Maximum wrong password attempts reached, will erase userdata";
     }

     return err;
 }

 Return<int32_t> CryptfsHw::clearKey() {
     return controller_->wipeKey(usage_);
 }

 }  // namespace implementation
 }  // namespace V1_0
 }  // namespace cryptfshw
 }  // namespace hardware
 }  // namespace qti
 }  // namespace vendor
	/*
	* Copyright (C) 2019 The LineageOS Project
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	#define LOG_TAG "vendor.qti.hardware.cryptfshw@1.0-impl-qti"

	#include "CryptfsHw.h"

	#include <android-base/logging.h>
	#include <android-base/properties.h>
	#include <android-base/unique_fd.h>
	#include <dlfcn.h>
	#include <linux/qseecom.h>

	#include "Types.h"

	namespace vendor {
	namespace qti {
	namespace hardware {
	namespace cryptfshw {
	namespace V1_0 {
	namespace implementation {

	using ::android::base::GetProperty;
	using ::android::base::unique_fd;

	namespace {
	bool IsHwDiskEncryption(const hidl_string& encryption_mode) {
	if (encryption_mode == "aes-xts") {
	LOG_TO(SYSTEM, DEBUG) << "HW based disk encryption is enabled";
	return true;
	}
	return false;
	}
	}; // anonymous namespace

	CryptfsHw::CryptfsHw(std::unique_ptr<ICryptfsHwController> controller)
	: controller_(std::move(controller)) {
	std::string bootdevice = GetProperty("ro.boot.bootdevice", "");

	if (bootdevice.find("ufs") != std::string::npos) {
	/*
	* All UFS based devices has ICE in it. So we dont need
	* to check if corresponding device exists or not
	*/
	usage_ = CRYPTFS_HW_KM_USAGE_UFS_ICE_DISK_ENCRYPTION;
	} else if (bootdevice.find("sdhc") != std::string::npos && access("/dev/icesdcc", F_OK) != -1) {
	usage_ = CRYPTFS_HW_KM_USAGE_SDCC_ICE_DISK_ENCRYPTION;
	} else {
	usage_ = CRYPTFS_HW_KM_USAGE_DISK_ENCRYPTION;
	}
	}

	// Methods from ::vendor::qti::hardware::cryptfshw::V1_0::ICryptfsHw follow.
	Return<int32_t> CryptfsHw::setIceParam(uint32_t flag) {
	#ifdef QSEECOM_IOCTL_SET_ICE_INFO
	int32_t ret = -1;
	qseecom_ice_data_t ice_data;
	unique_fd qseecom_fd(open("/dev/qseecom", O_RDWR));
	if (qseecom_fd < 0) return ret;
	ice_data.flag = static_cast<int>(flag);
	ret = ioctl(qseecom_fd, QSEECOM_IOCTL_SET_ICE_INFO, &ice_data);
	return ret;
	#else
	(void)flag;
	return -1;
	#endif
	}

	Return<int32_t> CryptfsHw::setKey(const hidl_string& passwd, const hidl_string& enc_mode) {
	int err = -1;

	if (!IsHwDiskEncryption(enc_mode)) return err;

	err = controller_->createKey(usage_, passwd.c_str());
	if (err < 0) {
	if (ERR_MAX_PASSWORD_ATTEMPTS == err)
	LOG_TO(SYSTEM, INFO) << "Maximum wrong password attempts reached, will erase userdata";
	}

	return err;
	}

	Return<int32_t> CryptfsHw::updateKey(const hidl_string& oldpw, const hidl_string& newpw,
	const hidl_string& enc_mode) {
	int err = -1;

	if (!IsHwDiskEncryption(enc_mode)) return err;

	err = controller_->updateKey(usage_, oldpw.c_str(), newpw.c_str());
	if (err < 0) {
	if (ERR_MAX_PASSWORD_ATTEMPTS == err)
	LOG_TO(SYSTEM, INFO) << "Maximum wrong password attempts reached, will erase userdata";
	}

	return err;
	}

	Return<int32_t> CryptfsHw::clearKey() {
	return controller_->wipeKey(usage_);
	}

	} // namespace implementation
	} // namespace V1_0
	} // namespace cryptfshw
	} // namespace hardware
	} // namespace qti
	} // namespace vendor