Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / system / vold / 13486033575e6e4affccbb3dd201515d79f6f44b^! / . / cryptfs.c
commit13486033575e6e4affccbb3dd201515d79f6f44b[log] [tgz]
authorPaul Lawrence <paullawrence@google.com>Mon Feb 03 13:28:11 2014 -0800
committerPaul Lawrence <paullawrence@google.com>Fri Feb 14 09:34:44 2014 -0800
tree0faa3e90bf2321149efbf333fbcd89a040964b11
parent931f15d050d268619c3c9103b080009435267d69 [diff] [blame]
Enable auto-encrypt drive at startup

Modify enablecrypto command to make the password optional. When it is
not there, default encrypt the device.

Remove a warning by making at least some parts of this file const-correct.

Bug: 11985952
Change-Id: Ie27da4c4072386d9d6519d97ff46c6dc4ed188dc

diff --git a/cryptfs.c b/cryptfs.c
index b320ee2..9c2b4bc 100644
--- a/cryptfs.c
+++ b/cryptfs.c

@@ -925,7 +925,7 @@
 
 }
 
-static int pbkdf2(char *passwd, unsigned char *salt,
+static int pbkdf2(const char *passwd, unsigned char *salt,
                   unsigned char *ikey, void *params UNUSED)
 {
     /* Turn the password into a key and IV that can decrypt the master key */
@@ -939,7 +939,7 @@
     return 0;
 }
 
-static int scrypt(char *passwd, unsigned char *salt,
+static int scrypt(const char *passwd, unsigned char *salt,
                   unsigned char *ikey, void *params)
 {
     struct crypt_mnt_ftr *ftr = (struct crypt_mnt_ftr *) params;
@@ -959,7 +959,7 @@
     return 0;
 }
 
-static int encrypt_master_key(char *passwd, unsigned char *salt,
+static int encrypt_master_key(const char *passwd, unsigned char *salt,
                               unsigned char *decrypted_master_key,
                               unsigned char *encrypted_master_key,
                               struct crypt_mnt_ftr *crypt_ftr)
@@ -1903,7 +1903,8 @@
             (VOL_ENCRYPTABLE | VOL_NONREMOVABLE);
 }
 
-int cryptfs_enable(char *howarg, char *passwd, int allow_reboot)
+int cryptfs_enable_internal(char *howarg, int crypt_type, char *passwd,
+                            int allow_reboot)
 {
     int how = 0;
     char crypto_blkdev[MAXPATHLEN], real_blkdev[MAXPATHLEN], sd_crypto_blkdev[MAXPATHLEN];
@@ -2083,11 +2084,7 @@
         crypt_ftr.fs_size = nr_sec;
     }
     crypt_ftr.flags |= CRYPT_ENCRYPTION_IN_PROGRESS;
-
-    /** @TODO If we keep this route, must pass in crypt_type.
-     * If all devices are encrypted by default, we don't need that change.
-     */
-    crypt_ftr.crypt_type = CRYPT_TYPE_PASSWORD;
+    crypt_ftr.crypt_type = crypt_type;
     strcpy((char *)crypt_ftr.crypto_type_name, "aes-cbc-essiv:sha256");
 
     /* Make an encrypted master key */
@@ -2244,7 +2241,22 @@
     return -1;
 }
 
-int cryptfs_changepw(int crypt_type, char *newpw)
+int cryptfs_enable(char *howarg, char *passwd, int allow_reboot)
+{
+    /** @todo If we keep this route (user selected encryption)
+     *  need to take a type in and pass it to here.
+     */
+    return cryptfs_enable_internal(howarg, CRYPT_TYPE_PASSWORD,
+                                   passwd, allow_reboot);
+}
+
+int cryptfs_enable_default(char *howarg, int allow_reboot)
+{
+    return cryptfs_enable_internal(howarg, CRYPT_TYPE_DEFAULT,
+                          DEFAULT_PASSWORD, allow_reboot);
+}
+
+int cryptfs_changepw(int crypt_type, const char *newpw)
 {
     struct crypt_mnt_ftr crypt_ftr;
     unsigned char decrypted_master_key[KEY_LEN_BYTES];