blob: f2f0f181029963cd5d67be8f68184da2c777c129 [file] [log] [blame]
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001/*
2 * Copyright (C) 2010 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17/* TO DO:
18 * 1. Perhaps keep several copies of the encrypted key, in case something
19 * goes horribly wrong?
20 *
21 */
22
23#include <sys/types.h>
Ken Sumralle550f782013-08-20 13:48:23 -070024#include <sys/wait.h>
Ken Sumrall8f869aa2010-12-03 03:47:09 -080025#include <sys/stat.h>
Paul Lawrencef4faa572014-01-29 13:31:03 -080026#include <ctype.h>
Ken Sumrall8f869aa2010-12-03 03:47:09 -080027#include <fcntl.h>
Elliott Hughes73737162014-06-25 17:27:42 -070028#include <inttypes.h>
Ken Sumrall8f869aa2010-12-03 03:47:09 -080029#include <unistd.h>
30#include <stdio.h>
31#include <sys/ioctl.h>
32#include <linux/dm-ioctl.h>
33#include <libgen.h>
34#include <stdlib.h>
35#include <sys/param.h>
36#include <string.h>
37#include <sys/mount.h>
38#include <openssl/evp.h>
Adam Langley41405bb2015-01-22 16:45:28 -080039#include <openssl/sha.h>
Ken Sumrall8f869aa2010-12-03 03:47:09 -080040#include <errno.h>
Tao Bao5a95ddb2016-10-05 18:01:19 -070041#include <ext4_utils/ext4.h>
42#include <ext4_utils/ext4_utils.h>
Ken Sumrall29d8da82011-05-18 17:20:07 -070043#include <linux/kdev_t.h>
Ken Sumralle5032c42012-04-01 23:58:44 -070044#include <fs_mgr.h>
Paul Lawrence9c58a872014-09-30 09:12:51 -070045#include <time.h>
Rubin Xu85c01f92014-10-13 12:49:54 +010046#include <math.h>
Jeff Vander Stoepdf725752016-01-29 15:34:43 -080047#include <selinux/selinux.h>
Ken Sumrall8f869aa2010-12-03 03:47:09 -080048#include "cryptfs.h"
Jeff Vander Stoepdf725752016-01-29 15:34:43 -080049#include "secontext.h"
Ken Sumrall8f869aa2010-12-03 03:47:09 -080050#define LOG_TAG "Cryptfs"
51#include "cutils/log.h"
52#include "cutils/properties.h"
Ken Sumralladfba362013-06-04 16:37:52 -070053#include "cutils/android_reboot.h"
Ken Sumrall5d4c68e2011-01-30 19:06:03 -080054#include "hardware_legacy/power.h"
Ken Sumralle550f782013-08-20 13:48:23 -070055#include <logwrap/logwrap.h>
Paul Crowley63c18d32016-02-10 14:02:47 +000056#include "ScryptParameters.h"
Ken Sumrall29d8da82011-05-18 17:20:07 -070057#include "VolumeManager.h"
Ken Sumrall9caab762013-06-11 19:10:20 -070058#include "VoldUtil.h"
Paul Lawrence731a7a22015-04-28 22:14:15 +000059#include "Ext4Crypt.h"
Daniel Rosenberge82df162014-08-15 22:19:23 +000060#include "f2fs_sparseblock.h"
Paul Lawrence87999172014-02-20 12:21:31 -080061#include "CheckBattery.h"
jessica_yu3f14fe42014-09-22 15:57:40 +080062#include "Process.h"
Janis Danisevskis015ec302017-01-31 11:31:08 +000063#include "Keymaster.h"
Wei Wang4375f1b2017-02-24 17:43:01 -080064#include "android-base/properties.h"
Yabin Cui1fb59662016-06-24 14:48:49 -070065#include <bootloader_message/bootloader_message.h>
Wei Wang4375f1b2017-02-24 17:43:01 -080066extern "C" {
67#include <crypto_scrypt.h>
68}
Mark Salyzyn3e971272014-01-21 13:27:04 -080069
Mark Salyzyn5eecc442014-02-12 14:16:14 -080070#define UNUSED __attribute__((unused))
71
Ken Sumrall8f869aa2010-12-03 03:47:09 -080072#define DM_CRYPT_BUF_SIZE 4096
73
Jason parks70a4b3f2011-01-28 10:10:47 -060074#define HASH_COUNT 2000
75#define KEY_LEN_BYTES 16
76#define IV_LEN_BYTES 16
77
Ken Sumrall29d8da82011-05-18 17:20:07 -070078#define KEY_IN_FOOTER "footer"
79
Paul Lawrence3bd36d52015-06-09 13:37:44 -070080#define DEFAULT_PASSWORD "default_password"
Paul Lawrencef4faa572014-01-29 13:31:03 -080081
Paul Lawrence3d99eba2015-11-20 07:07:19 -080082#define CRYPTO_BLOCK_DEVICE "userdata"
83
84#define BREADCRUMB_FILE "/data/misc/vold/convert_fde"
85
Ken Sumrall29d8da82011-05-18 17:20:07 -070086#define EXT4_FS 1
JP Abgrall62c7af32014-06-16 13:01:23 -070087#define F2FS_FS 2
Ken Sumrall29d8da82011-05-18 17:20:07 -070088
Ken Sumralle919efe2012-09-29 17:07:41 -070089#define TABLE_LOAD_RETRIES 10
90
Shawn Willden47ba10d2014-09-03 17:07:06 -060091#define RSA_KEY_SIZE 2048
92#define RSA_KEY_SIZE_BYTES (RSA_KEY_SIZE / 8)
93#define RSA_EXPONENT 0x10001
Shawn Willdenda6e8992015-06-03 09:40:45 -060094#define KEYMASTER_CRYPTFS_RATE_LIMIT 1 // Maximum one try per second
Paul Lawrence69f4ebd2014-04-14 12:17:14 -070095
Paul Lawrence8e3f4512014-09-08 10:11:17 -070096#define RETRY_MOUNT_ATTEMPTS 10
97#define RETRY_MOUNT_DELAY_SECONDS 1
98
Jason parks70a4b3f2011-01-28 10:10:47 -060099static unsigned char saved_master_key[KEY_LEN_BYTES];
Ken Sumrall3ad90722011-10-04 20:38:29 -0700100static char *saved_mount_point;
Jason parks70a4b3f2011-01-28 10:10:47 -0600101static int master_key_saved = 0;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700102static struct crypt_persist_data *persist_data = NULL;
Ken Sumrall56ad03c2013-02-13 13:00:19 -0800103
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700104/* Should we use keymaster? */
105static int keymaster_check_compatibility()
106{
Janis Danisevskis015ec302017-01-31 11:31:08 +0000107 return keymaster_compatibility_cryptfs_scrypt();
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700108}
109
110/* Create a new keymaster key and store it in this footer */
111static int keymaster_create_key(struct crypt_mnt_ftr *ftr)
112{
Paul Lawrence3d99eba2015-11-20 07:07:19 -0800113 if (ftr->keymaster_blob_size) {
114 SLOGI("Already have key");
115 return 0;
116 }
117
Janis Danisevskis015ec302017-01-31 11:31:08 +0000118 int rc = keymaster_create_key_for_cryptfs_scrypt(RSA_KEY_SIZE, RSA_EXPONENT,
119 KEYMASTER_CRYPTFS_RATE_LIMIT, ftr->keymaster_blob, KEYMASTER_BLOB_SIZE,
120 &ftr->keymaster_blob_size);
121 if (rc) {
122 if (ftr->keymaster_blob_size > KEYMASTER_BLOB_SIZE) {
123 SLOGE("Keymaster key blob to large)");
124 ftr->keymaster_blob_size = 0;
125 }
126 SLOGE("Failed to generate keypair");
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700127 return -1;
128 }
Janis Danisevskis015ec302017-01-31 11:31:08 +0000129 return 0;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700130}
131
Shawn Willdene17a9c42014-09-08 13:04:08 -0600132/* This signs the given object using the keymaster key. */
133static int keymaster_sign_object(struct crypt_mnt_ftr *ftr,
Shawn Willden47ba10d2014-09-03 17:07:06 -0600134 const unsigned char *object,
135 const size_t object_size,
136 unsigned char **signature,
137 size_t *signature_size)
138{
Shawn Willden47ba10d2014-09-03 17:07:06 -0600139 unsigned char to_sign[RSA_KEY_SIZE_BYTES];
Shawn Willdene17a9c42014-09-08 13:04:08 -0600140 size_t to_sign_size = sizeof(to_sign);
Shawn Willden47ba10d2014-09-03 17:07:06 -0600141 memset(to_sign, 0, RSA_KEY_SIZE_BYTES);
Shawn Willden47ba10d2014-09-03 17:07:06 -0600142
Shawn Willdene17a9c42014-09-08 13:04:08 -0600143 // To sign a message with RSA, the message must satisfy two
144 // constraints:
145 //
146 // 1. The message, when interpreted as a big-endian numeric value, must
147 // be strictly less than the public modulus of the RSA key. Note
148 // that because the most significant bit of the public modulus is
149 // guaranteed to be 1 (else it's an (n-1)-bit key, not an n-bit
150 // key), an n-bit message with most significant bit 0 always
151 // satisfies this requirement.
152 //
153 // 2. The message must have the same length in bits as the public
154 // modulus of the RSA key. This requirement isn't mathematically
155 // necessary, but is necessary to ensure consistency in
156 // implementations.
157 switch (ftr->kdf_type) {
Shawn Willdene17a9c42014-09-08 13:04:08 -0600158 case KDF_SCRYPT_KEYMASTER:
159 // This ensures the most significant byte of the signed message
160 // is zero. We could have zero-padded to the left instead, but
161 // this approach is slightly more robust against changes in
162 // object size. However, it's still broken (but not unusably
Shawn Willdenda6e8992015-06-03 09:40:45 -0600163 // so) because we really should be using a proper deterministic
164 // RSA padding function, such as PKCS1.
Wei Wang4375f1b2017-02-24 17:43:01 -0800165 memcpy(to_sign + 1, object, std::min((size_t)RSA_KEY_SIZE_BYTES - 1, object_size));
Shawn Willdene17a9c42014-09-08 13:04:08 -0600166 SLOGI("Signing safely-padded object");
167 break;
168 default:
169 SLOGE("Unknown KDF type %d", ftr->kdf_type);
Janis Danisevskis015ec302017-01-31 11:31:08 +0000170 return -1;
Shawn Willdene17a9c42014-09-08 13:04:08 -0600171 }
Janis Danisevskis015ec302017-01-31 11:31:08 +0000172 return keymaster_sign_object_for_cryptfs_scrypt(ftr->keymaster_blob, ftr->keymaster_blob_size,
173 KEYMASTER_CRYPTFS_RATE_LIMIT, to_sign, to_sign_size, signature, signature_size);
Shawn Willden47ba10d2014-09-03 17:07:06 -0600174}
175
Paul Lawrence399317e2014-03-10 13:20:50 -0700176/* Store password when userdata is successfully decrypted and mounted.
177 * Cleared by cryptfs_clear_password
178 *
179 * To avoid a double prompt at boot, we need to store the CryptKeeper
180 * password and pass it to KeyGuard, which uses it to unlock KeyStore.
181 * Since the entire framework is torn down and rebuilt after encryption,
182 * we have to use a daemon or similar to store the password. Since vold
183 * is secured against IPC except from system processes, it seems a reasonable
184 * place to store this.
185 *
186 * password should be cleared once it has been used.
187 *
188 * password is aged out after password_max_age_seconds seconds.
Paul Lawrence684dbdf2014-02-07 12:07:22 -0800189 */
Paul Lawrence399317e2014-03-10 13:20:50 -0700190static char* password = 0;
191static int password_expiry_time = 0;
192static const int password_max_age_seconds = 60;
Paul Lawrence684dbdf2014-02-07 12:07:22 -0800193
Ken Sumrall56ad03c2013-02-13 13:00:19 -0800194extern struct fstab *fstab;
Ken Sumrall8ddbe402011-01-17 15:26:29 -0800195
Paul Lawrence87999172014-02-20 12:21:31 -0800196enum RebootType {reboot, recovery, shutdown};
197static void cryptfs_reboot(enum RebootType rt)
Ken Sumralladfba362013-06-04 16:37:52 -0700198{
Paul Lawrence87999172014-02-20 12:21:31 -0800199 switch(rt) {
200 case reboot:
201 property_set(ANDROID_RB_PROPERTY, "reboot");
202 break;
203
204 case recovery:
205 property_set(ANDROID_RB_PROPERTY, "reboot,recovery");
206 break;
207
208 case shutdown:
209 property_set(ANDROID_RB_PROPERTY, "shutdown");
210 break;
Ken Sumralladfba362013-06-04 16:37:52 -0700211 }
Paul Lawrence87999172014-02-20 12:21:31 -0800212
Ken Sumralladfba362013-06-04 16:37:52 -0700213 sleep(20);
214
215 /* Shouldn't get here, reboot should happen before sleep times out */
216 return;
217}
218
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800219static void ioctl_init(struct dm_ioctl *io, size_t dataSize, const char *name, unsigned flags)
220{
221 memset(io, 0, dataSize);
222 io->data_size = dataSize;
223 io->data_start = sizeof(struct dm_ioctl);
224 io->version[0] = 4;
225 io->version[1] = 0;
226 io->version[2] = 0;
227 io->flags = flags;
228 if (name) {
Marek Pola5e6b9142015-02-05 14:22:34 +0100229 strlcpy(io->name, name, sizeof(io->name));
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800230 }
231}
232
Kenny Rootc4c70f12013-06-14 12:11:38 -0700233/**
234 * Gets the default device scrypt parameters for key derivation time tuning.
235 * The parameters should lead to about one second derivation time for the
236 * given device.
237 */
238static void get_device_scrypt_params(struct crypt_mnt_ftr *ftr) {
Kenny Rootc4c70f12013-06-14 12:11:38 -0700239 char paramstr[PROPERTY_VALUE_MAX];
Paul Crowley63c18d32016-02-10 14:02:47 +0000240 int Nf, rf, pf;
Kenny Rootc4c70f12013-06-14 12:11:38 -0700241
Paul Crowley63c18d32016-02-10 14:02:47 +0000242 property_get(SCRYPT_PROP, paramstr, SCRYPT_DEFAULTS);
243 if (!parse_scrypt_parameters(paramstr, &Nf, &rf, &pf)) {
244 SLOGW("bad scrypt parameters '%s' should be like '12:8:1'; using defaults", paramstr);
245 parse_scrypt_parameters(SCRYPT_DEFAULTS, &Nf, &rf, &pf);
Kenny Rootc4c70f12013-06-14 12:11:38 -0700246 }
Paul Crowley63c18d32016-02-10 14:02:47 +0000247 ftr->N_factor = Nf;
248 ftr->r_factor = rf;
249 ftr->p_factor = pf;
Kenny Rootc4c70f12013-06-14 12:11:38 -0700250}
251
Ken Sumrall3ed82362011-01-28 23:31:16 -0800252static unsigned int get_fs_size(char *dev)
253{
254 int fd, block_size;
255 struct ext4_super_block sb;
256 off64_t len;
257
Jeff Sharkeyce6a9132015-04-08 21:07:21 -0700258 if ((fd = open(dev, O_RDONLY|O_CLOEXEC)) < 0) {
Ken Sumrall3ed82362011-01-28 23:31:16 -0800259 SLOGE("Cannot open device to get filesystem size ");
260 return 0;
261 }
262
263 if (lseek64(fd, 1024, SEEK_SET) < 0) {
264 SLOGE("Cannot seek to superblock");
265 return 0;
266 }
267
268 if (read(fd, &sb, sizeof(sb)) != sizeof(sb)) {
269 SLOGE("Cannot read superblock");
270 return 0;
271 }
272
273 close(fd);
274
Daniel Rosenberge82df162014-08-15 22:19:23 +0000275 if (le32_to_cpu(sb.s_magic) != EXT4_SUPER_MAGIC) {
276 SLOGE("Not a valid ext4 superblock");
277 return 0;
278 }
Ken Sumrall3ed82362011-01-28 23:31:16 -0800279 block_size = 1024 << sb.s_log_block_size;
280 /* compute length in bytes */
281 len = ( ((off64_t)sb.s_blocks_count_hi << 32) + sb.s_blocks_count_lo) * block_size;
282
283 /* return length in sectors */
284 return (unsigned int) (len / 512);
285}
286
Ken Sumrall160b4d62013-04-22 12:15:39 -0700287static int get_crypt_ftr_info(char **metadata_fname, off64_t *off)
288{
289 static int cached_data = 0;
290 static off64_t cached_off = 0;
291 static char cached_metadata_fname[PROPERTY_VALUE_MAX] = "";
292 int fd;
293 char key_loc[PROPERTY_VALUE_MAX];
294 char real_blkdev[PROPERTY_VALUE_MAX];
Ken Sumrall160b4d62013-04-22 12:15:39 -0700295 int rc = -1;
296
297 if (!cached_data) {
298 fs_mgr_get_crypt_info(fstab, key_loc, real_blkdev, sizeof(key_loc));
299
300 if (!strcmp(key_loc, KEY_IN_FOOTER)) {
Jeff Sharkeyce6a9132015-04-08 21:07:21 -0700301 if ( (fd = open(real_blkdev, O_RDWR|O_CLOEXEC)) < 0) {
Ken Sumrall160b4d62013-04-22 12:15:39 -0700302 SLOGE("Cannot open real block device %s\n", real_blkdev);
303 return -1;
304 }
305
Hiroaki Miyazawa14eab552015-02-04 13:29:15 +0900306 unsigned long nr_sec = 0;
307 get_blkdev_size(fd, &nr_sec);
308 if (nr_sec != 0) {
Ken Sumrall160b4d62013-04-22 12:15:39 -0700309 /* If it's an encrypted Android partition, the last 16 Kbytes contain the
310 * encryption info footer and key, and plenty of bytes to spare for future
311 * growth.
312 */
313 strlcpy(cached_metadata_fname, real_blkdev, sizeof(cached_metadata_fname));
314 cached_off = ((off64_t)nr_sec * 512) - CRYPT_FOOTER_OFFSET;
315 cached_data = 1;
316 } else {
317 SLOGE("Cannot get size of block device %s\n", real_blkdev);
318 }
319 close(fd);
320 } else {
321 strlcpy(cached_metadata_fname, key_loc, sizeof(cached_metadata_fname));
322 cached_off = 0;
323 cached_data = 1;
324 }
325 }
326
327 if (cached_data) {
328 if (metadata_fname) {
329 *metadata_fname = cached_metadata_fname;
330 }
331 if (off) {
332 *off = cached_off;
333 }
334 rc = 0;
335 }
336
337 return rc;
338}
339
Paul Lawrence3d99eba2015-11-20 07:07:19 -0800340/* Set sha256 checksum in structure */
341static void set_ftr_sha(struct crypt_mnt_ftr *crypt_ftr)
342{
343 SHA256_CTX c;
344 SHA256_Init(&c);
345 memset(crypt_ftr->sha256, 0, sizeof(crypt_ftr->sha256));
346 SHA256_Update(&c, crypt_ftr, sizeof(*crypt_ftr));
347 SHA256_Final(crypt_ftr->sha256, &c);
348}
349
Ken Sumralle8744072011-01-18 22:01:55 -0800350/* key or salt can be NULL, in which case just skip writing that value. Useful to
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800351 * update the failed mount count but not change the key.
352 */
Ken Sumrall160b4d62013-04-22 12:15:39 -0700353static int put_crypt_ftr_and_key(struct crypt_mnt_ftr *crypt_ftr)
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800354{
355 int fd;
Tim Murray8439dc92014-12-15 11:56:11 -0800356 unsigned int cnt;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700357 /* starting_off is set to the SEEK_SET offset
358 * where the crypto structure starts
359 */
360 off64_t starting_off;
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800361 int rc = -1;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700362 char *fname = NULL;
Ken Sumrall3be890f2011-09-14 16:53:46 -0700363 struct stat statbuf;
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800364
Paul Lawrence3d99eba2015-11-20 07:07:19 -0800365 set_ftr_sha(crypt_ftr);
366
Ken Sumrall160b4d62013-04-22 12:15:39 -0700367 if (get_crypt_ftr_info(&fname, &starting_off)) {
368 SLOGE("Unable to get crypt_ftr_info\n");
369 return -1;
370 }
371 if (fname[0] != '/') {
Ken Sumralle5032c42012-04-01 23:58:44 -0700372 SLOGE("Unexpected value for crypto key location\n");
Ken Sumrall160b4d62013-04-22 12:15:39 -0700373 return -1;
374 }
Jeff Sharkeyce6a9132015-04-08 21:07:21 -0700375 if ( (fd = open(fname, O_RDWR | O_CREAT|O_CLOEXEC, 0600)) < 0) {
Ken Sumralle550f782013-08-20 13:48:23 -0700376 SLOGE("Cannot open footer file %s for put\n", fname);
Ken Sumrall160b4d62013-04-22 12:15:39 -0700377 return -1;
378 }
379
380 /* Seek to the start of the crypt footer */
381 if (lseek64(fd, starting_off, SEEK_SET) == -1) {
382 SLOGE("Cannot seek to real block device footer\n");
383 goto errout;
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800384 }
385
386 if ((cnt = write(fd, crypt_ftr, sizeof(struct crypt_mnt_ftr))) != sizeof(struct crypt_mnt_ftr)) {
387 SLOGE("Cannot write real block device footer\n");
388 goto errout;
389 }
390
Ken Sumrall3be890f2011-09-14 16:53:46 -0700391 fstat(fd, &statbuf);
392 /* If the keys are kept on a raw block device, do not try to truncate it. */
Ken Sumralle550f782013-08-20 13:48:23 -0700393 if (S_ISREG(statbuf.st_mode)) {
Ken Sumrall29d8da82011-05-18 17:20:07 -0700394 if (ftruncate(fd, 0x4000)) {
Colin Cross59846b62014-02-06 20:34:29 -0800395 SLOGE("Cannot set footer file size\n");
Ken Sumralle8744072011-01-18 22:01:55 -0800396 goto errout;
397 }
398 }
399
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800400 /* Success! */
401 rc = 0;
402
403errout:
404 close(fd);
405 return rc;
406
407}
408
Paul Lawrence3d99eba2015-11-20 07:07:19 -0800409static bool check_ftr_sha(const struct crypt_mnt_ftr *crypt_ftr)
410{
411 struct crypt_mnt_ftr copy;
412 memcpy(&copy, crypt_ftr, sizeof(copy));
413 set_ftr_sha(&copy);
414 return memcmp(copy.sha256, crypt_ftr->sha256, sizeof(copy.sha256)) == 0;
415}
416
Ken Sumrall160b4d62013-04-22 12:15:39 -0700417static inline int unix_read(int fd, void* buff, int len)
418{
419 return TEMP_FAILURE_RETRY(read(fd, buff, len));
420}
421
422static inline int unix_write(int fd, const void* buff, int len)
423{
424 return TEMP_FAILURE_RETRY(write(fd, buff, len));
425}
426
427static void init_empty_persist_data(struct crypt_persist_data *pdata, int len)
428{
429 memset(pdata, 0, len);
430 pdata->persist_magic = PERSIST_DATA_MAGIC;
431 pdata->persist_valid_entries = 0;
432}
433
434/* A routine to update the passed in crypt_ftr to the lastest version.
435 * fd is open read/write on the device that holds the crypto footer and persistent
436 * data, crypt_ftr is a pointer to the struct to be updated, and offset is the
437 * absolute offset to the start of the crypt_mnt_ftr on the passed in fd.
438 */
439static void upgrade_crypt_ftr(int fd, struct crypt_mnt_ftr *crypt_ftr, off64_t offset)
440{
Kenny Root7434b312013-06-14 11:29:53 -0700441 int orig_major = crypt_ftr->major_version;
442 int orig_minor = crypt_ftr->minor_version;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700443
Kenny Root7434b312013-06-14 11:29:53 -0700444 if ((crypt_ftr->major_version == 1) && (crypt_ftr->minor_version == 0)) {
445 struct crypt_persist_data *pdata;
446 off64_t pdata_offset = offset + CRYPT_FOOTER_TO_PERSIST_OFFSET;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700447
Kenny Rootc4c70f12013-06-14 12:11:38 -0700448 SLOGW("upgrading crypto footer to 1.1");
449
Wei Wang4375f1b2017-02-24 17:43:01 -0800450 pdata = (crypt_persist_data *)malloc(CRYPT_PERSIST_DATA_SIZE);
Kenny Root7434b312013-06-14 11:29:53 -0700451 if (pdata == NULL) {
452 SLOGE("Cannot allocate persisent data\n");
453 return;
454 }
455 memset(pdata, 0, CRYPT_PERSIST_DATA_SIZE);
456
457 /* Need to initialize the persistent data area */
458 if (lseek64(fd, pdata_offset, SEEK_SET) == -1) {
459 SLOGE("Cannot seek to persisent data offset\n");
Henrik Baard91064632015-02-05 15:09:17 +0100460 free(pdata);
Kenny Root7434b312013-06-14 11:29:53 -0700461 return;
462 }
463 /* Write all zeros to the first copy, making it invalid */
464 unix_write(fd, pdata, CRYPT_PERSIST_DATA_SIZE);
465
466 /* Write a valid but empty structure to the second copy */
467 init_empty_persist_data(pdata, CRYPT_PERSIST_DATA_SIZE);
468 unix_write(fd, pdata, CRYPT_PERSIST_DATA_SIZE);
469
470 /* Update the footer */
471 crypt_ftr->persist_data_size = CRYPT_PERSIST_DATA_SIZE;
472 crypt_ftr->persist_data_offset[0] = pdata_offset;
473 crypt_ftr->persist_data_offset[1] = pdata_offset + CRYPT_PERSIST_DATA_SIZE;
474 crypt_ftr->minor_version = 1;
Henrik Baard91064632015-02-05 15:09:17 +0100475 free(pdata);
Ken Sumrall160b4d62013-04-22 12:15:39 -0700476 }
477
Paul Lawrencef4faa572014-01-29 13:31:03 -0800478 if ((crypt_ftr->major_version == 1) && (crypt_ftr->minor_version == 1)) {
Kenny Rootc4c70f12013-06-14 12:11:38 -0700479 SLOGW("upgrading crypto footer to 1.2");
JP Abgrall7bdfa522013-11-15 13:42:56 -0800480 /* But keep the old kdf_type.
481 * It will get updated later to KDF_SCRYPT after the password has been verified.
482 */
Kenny Rootc4c70f12013-06-14 12:11:38 -0700483 crypt_ftr->kdf_type = KDF_PBKDF2;
484 get_device_scrypt_params(crypt_ftr);
485 crypt_ftr->minor_version = 2;
486 }
487
Paul Lawrencef4faa572014-01-29 13:31:03 -0800488 if ((crypt_ftr->major_version == 1) && (crypt_ftr->minor_version == 2)) {
489 SLOGW("upgrading crypto footer to 1.3");
490 crypt_ftr->crypt_type = CRYPT_TYPE_PASSWORD;
491 crypt_ftr->minor_version = 3;
492 }
493
Kenny Root7434b312013-06-14 11:29:53 -0700494 if ((orig_major != crypt_ftr->major_version) || (orig_minor != crypt_ftr->minor_version)) {
495 if (lseek64(fd, offset, SEEK_SET) == -1) {
496 SLOGE("Cannot seek to crypt footer\n");
497 return;
498 }
499 unix_write(fd, crypt_ftr, sizeof(struct crypt_mnt_ftr));
Ken Sumrall160b4d62013-04-22 12:15:39 -0700500 }
Ken Sumrall160b4d62013-04-22 12:15:39 -0700501}
502
503
504static int get_crypt_ftr_and_key(struct crypt_mnt_ftr *crypt_ftr)
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800505{
506 int fd;
Tim Murray8439dc92014-12-15 11:56:11 -0800507 unsigned int cnt;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700508 off64_t starting_off;
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800509 int rc = -1;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700510 char *fname = NULL;
Ken Sumrall29d8da82011-05-18 17:20:07 -0700511 struct stat statbuf;
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800512
Ken Sumrall160b4d62013-04-22 12:15:39 -0700513 if (get_crypt_ftr_info(&fname, &starting_off)) {
514 SLOGE("Unable to get crypt_ftr_info\n");
515 return -1;
516 }
517 if (fname[0] != '/') {
Ken Sumralle5032c42012-04-01 23:58:44 -0700518 SLOGE("Unexpected value for crypto key location\n");
Ken Sumrall160b4d62013-04-22 12:15:39 -0700519 return -1;
520 }
Jeff Sharkeyce6a9132015-04-08 21:07:21 -0700521 if ( (fd = open(fname, O_RDWR|O_CLOEXEC)) < 0) {
Ken Sumralle550f782013-08-20 13:48:23 -0700522 SLOGE("Cannot open footer file %s for get\n", fname);
Ken Sumrall160b4d62013-04-22 12:15:39 -0700523 return -1;
524 }
525
526 /* Make sure it's 16 Kbytes in length */
527 fstat(fd, &statbuf);
528 if (S_ISREG(statbuf.st_mode) && (statbuf.st_size != 0x4000)) {
529 SLOGE("footer file %s is not the expected size!\n", fname);
530 goto errout;
531 }
532
533 /* Seek to the start of the crypt footer */
534 if (lseek64(fd, starting_off, SEEK_SET) == -1) {
535 SLOGE("Cannot seek to real block device footer\n");
536 goto errout;
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800537 }
538
539 if ( (cnt = read(fd, crypt_ftr, sizeof(struct crypt_mnt_ftr))) != sizeof(struct crypt_mnt_ftr)) {
540 SLOGE("Cannot read real block device footer\n");
541 goto errout;
542 }
543
544 if (crypt_ftr->magic != CRYPT_MNT_MAGIC) {
Ken Sumrall29d8da82011-05-18 17:20:07 -0700545 SLOGE("Bad magic for real block device %s\n", fname);
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800546 goto errout;
547 }
548
Kenny Rootc96a5f82013-06-14 12:08:28 -0700549 if (crypt_ftr->major_version != CURRENT_MAJOR_VERSION) {
550 SLOGE("Cannot understand major version %d real block device footer; expected %d\n",
551 crypt_ftr->major_version, CURRENT_MAJOR_VERSION);
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800552 goto errout;
553 }
554
Kenny Rootc96a5f82013-06-14 12:08:28 -0700555 if (crypt_ftr->minor_version > CURRENT_MINOR_VERSION) {
556 SLOGW("Warning: crypto footer minor version %d, expected <= %d, continuing...\n",
557 crypt_ftr->minor_version, CURRENT_MINOR_VERSION);
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800558 }
559
Ken Sumrall160b4d62013-04-22 12:15:39 -0700560 /* If this is a verion 1.0 crypt_ftr, make it a 1.1 crypt footer, and update the
561 * copy on disk before returning.
562 */
Kenny Rootc96a5f82013-06-14 12:08:28 -0700563 if (crypt_ftr->minor_version < CURRENT_MINOR_VERSION) {
Ken Sumrall160b4d62013-04-22 12:15:39 -0700564 upgrade_crypt_ftr(fd, crypt_ftr, starting_off);
Ken Sumralle8744072011-01-18 22:01:55 -0800565 }
566
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800567 /* Success! */
568 rc = 0;
569
570errout:
571 close(fd);
572 return rc;
573}
574
Ken Sumrall160b4d62013-04-22 12:15:39 -0700575static int validate_persistent_data_storage(struct crypt_mnt_ftr *crypt_ftr)
576{
577 if (crypt_ftr->persist_data_offset[0] + crypt_ftr->persist_data_size >
578 crypt_ftr->persist_data_offset[1]) {
579 SLOGE("Crypt_ftr persist data regions overlap");
580 return -1;
581 }
582
583 if (crypt_ftr->persist_data_offset[0] >= crypt_ftr->persist_data_offset[1]) {
584 SLOGE("Crypt_ftr persist data region 0 starts after region 1");
585 return -1;
586 }
587
588 if (((crypt_ftr->persist_data_offset[1] + crypt_ftr->persist_data_size) -
589 (crypt_ftr->persist_data_offset[0] - CRYPT_FOOTER_TO_PERSIST_OFFSET)) >
590 CRYPT_FOOTER_OFFSET) {
591 SLOGE("Persistent data extends past crypto footer");
592 return -1;
593 }
594
595 return 0;
596}
597
598static int load_persistent_data(void)
599{
600 struct crypt_mnt_ftr crypt_ftr;
601 struct crypt_persist_data *pdata = NULL;
602 char encrypted_state[PROPERTY_VALUE_MAX];
603 char *fname;
604 int found = 0;
605 int fd;
606 int ret;
607 int i;
608
609 if (persist_data) {
610 /* Nothing to do, we've already loaded or initialized it */
611 return 0;
612 }
613
614
615 /* If not encrypted, just allocate an empty table and initialize it */
616 property_get("ro.crypto.state", encrypted_state, "");
617 if (strcmp(encrypted_state, "encrypted") ) {
Wei Wang4375f1b2017-02-24 17:43:01 -0800618 pdata = (crypt_persist_data*)malloc(CRYPT_PERSIST_DATA_SIZE);
Ken Sumrall160b4d62013-04-22 12:15:39 -0700619 if (pdata) {
620 init_empty_persist_data(pdata, CRYPT_PERSIST_DATA_SIZE);
621 persist_data = pdata;
622 return 0;
623 }
624 return -1;
625 }
626
627 if(get_crypt_ftr_and_key(&crypt_ftr)) {
628 return -1;
629 }
630
Paul Lawrence8561b5c2014-03-17 14:10:51 -0700631 if ((crypt_ftr.major_version < 1)
632 || (crypt_ftr.major_version == 1 && crypt_ftr.minor_version < 1)) {
Ken Sumrall160b4d62013-04-22 12:15:39 -0700633 SLOGE("Crypt_ftr version doesn't support persistent data");
634 return -1;
635 }
636
637 if (get_crypt_ftr_info(&fname, NULL)) {
638 return -1;
639 }
640
641 ret = validate_persistent_data_storage(&crypt_ftr);
642 if (ret) {
643 return -1;
644 }
645
Jeff Sharkeyce6a9132015-04-08 21:07:21 -0700646 fd = open(fname, O_RDONLY|O_CLOEXEC);
Ken Sumrall160b4d62013-04-22 12:15:39 -0700647 if (fd < 0) {
648 SLOGE("Cannot open %s metadata file", fname);
649 return -1;
650 }
651
Wei Wang4375f1b2017-02-24 17:43:01 -0800652 pdata = (crypt_persist_data*)malloc(crypt_ftr.persist_data_size);
Paul Lawrence300dae72016-03-11 11:02:52 -0800653 if (pdata == NULL) {
654 SLOGE("Cannot allocate memory for persistent data");
655 goto err;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700656 }
657
658 for (i = 0; i < 2; i++) {
659 if (lseek64(fd, crypt_ftr.persist_data_offset[i], SEEK_SET) < 0) {
660 SLOGE("Cannot seek to read persistent data on %s", fname);
661 goto err2;
662 }
663 if (unix_read(fd, pdata, crypt_ftr.persist_data_size) < 0){
664 SLOGE("Error reading persistent data on iteration %d", i);
665 goto err2;
666 }
667 if (pdata->persist_magic == PERSIST_DATA_MAGIC) {
668 found = 1;
669 break;
670 }
671 }
672
673 if (!found) {
674 SLOGI("Could not find valid persistent data, creating");
675 init_empty_persist_data(pdata, crypt_ftr.persist_data_size);
676 }
677
678 /* Success */
679 persist_data = pdata;
680 close(fd);
681 return 0;
682
683err2:
684 free(pdata);
685
686err:
687 close(fd);
688 return -1;
689}
690
691static int save_persistent_data(void)
692{
693 struct crypt_mnt_ftr crypt_ftr;
694 struct crypt_persist_data *pdata;
695 char *fname;
696 off64_t write_offset;
697 off64_t erase_offset;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700698 int fd;
699 int ret;
700
701 if (persist_data == NULL) {
702 SLOGE("No persistent data to save");
703 return -1;
704 }
705
706 if(get_crypt_ftr_and_key(&crypt_ftr)) {
707 return -1;
708 }
709
Paul Lawrence8561b5c2014-03-17 14:10:51 -0700710 if ((crypt_ftr.major_version < 1)
711 || (crypt_ftr.major_version == 1 && crypt_ftr.minor_version < 1)) {
Ken Sumrall160b4d62013-04-22 12:15:39 -0700712 SLOGE("Crypt_ftr version doesn't support persistent data");
713 return -1;
714 }
715
716 ret = validate_persistent_data_storage(&crypt_ftr);
717 if (ret) {
718 return -1;
719 }
720
721 if (get_crypt_ftr_info(&fname, NULL)) {
722 return -1;
723 }
724
Jeff Sharkeyce6a9132015-04-08 21:07:21 -0700725 fd = open(fname, O_RDWR|O_CLOEXEC);
Ken Sumrall160b4d62013-04-22 12:15:39 -0700726 if (fd < 0) {
727 SLOGE("Cannot open %s metadata file", fname);
728 return -1;
729 }
730
Wei Wang4375f1b2017-02-24 17:43:01 -0800731 pdata = (crypt_persist_data*)malloc(crypt_ftr.persist_data_size);
Ken Sumrall160b4d62013-04-22 12:15:39 -0700732 if (pdata == NULL) {
733 SLOGE("Cannot allocate persistant data");
734 goto err;
735 }
736
737 if (lseek64(fd, crypt_ftr.persist_data_offset[0], SEEK_SET) < 0) {
738 SLOGE("Cannot seek to read persistent data on %s", fname);
739 goto err2;
740 }
741
742 if (unix_read(fd, pdata, crypt_ftr.persist_data_size) < 0) {
743 SLOGE("Error reading persistent data before save");
744 goto err2;
745 }
746
747 if (pdata->persist_magic == PERSIST_DATA_MAGIC) {
748 /* The first copy is the curent valid copy, so write to
749 * the second copy and erase this one */
750 write_offset = crypt_ftr.persist_data_offset[1];
751 erase_offset = crypt_ftr.persist_data_offset[0];
752 } else {
753 /* The second copy must be the valid copy, so write to
754 * the first copy, and erase the second */
755 write_offset = crypt_ftr.persist_data_offset[0];
756 erase_offset = crypt_ftr.persist_data_offset[1];
757 }
758
759 /* Write the new copy first, if successful, then erase the old copy */
Björn Landström96dbee72015-01-20 12:43:56 +0100760 if (lseek64(fd, write_offset, SEEK_SET) < 0) {
Ken Sumrall160b4d62013-04-22 12:15:39 -0700761 SLOGE("Cannot seek to write persistent data");
762 goto err2;
763 }
764 if (unix_write(fd, persist_data, crypt_ftr.persist_data_size) ==
765 (int) crypt_ftr.persist_data_size) {
Björn Landström96dbee72015-01-20 12:43:56 +0100766 if (lseek64(fd, erase_offset, SEEK_SET) < 0) {
Ken Sumrall160b4d62013-04-22 12:15:39 -0700767 SLOGE("Cannot seek to erase previous persistent data");
768 goto err2;
769 }
770 fsync(fd);
771 memset(pdata, 0, crypt_ftr.persist_data_size);
772 if (unix_write(fd, pdata, crypt_ftr.persist_data_size) !=
773 (int) crypt_ftr.persist_data_size) {
774 SLOGE("Cannot write to erase previous persistent data");
775 goto err2;
776 }
777 fsync(fd);
778 } else {
779 SLOGE("Cannot write to save persistent data");
780 goto err2;
781 }
782
783 /* Success */
784 free(pdata);
785 close(fd);
786 return 0;
787
788err2:
789 free(pdata);
790err:
791 close(fd);
792 return -1;
793}
794
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800795/* Convert a binary key of specified length into an ascii hex string equivalent,
796 * without the leading 0x and with null termination
797 */
Jeff Sharkey9c484982015-03-31 10:35:33 -0700798static void convert_key_to_hex_ascii(const unsigned char *master_key,
Paul Lawrence3bd36d52015-06-09 13:37:44 -0700799 unsigned int keysize, char *master_key_ascii) {
800 unsigned int i, a;
801 unsigned char nibble;
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800802
Paul Lawrence3bd36d52015-06-09 13:37:44 -0700803 for (i=0, a=0; i<keysize; i++, a+=2) {
804 /* For each byte, write out two ascii hex digits */
805 nibble = (master_key[i] >> 4) & 0xf;
806 master_key_ascii[a] = nibble + (nibble > 9 ? 0x37 : 0x30);
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800807
Paul Lawrence3bd36d52015-06-09 13:37:44 -0700808 nibble = master_key[i] & 0xf;
809 master_key_ascii[a+1] = nibble + (nibble > 9 ? 0x37 : 0x30);
810 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800811
Paul Lawrence3bd36d52015-06-09 13:37:44 -0700812 /* Add the null termination */
813 master_key_ascii[a] = '\0';
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800814
815}
816
Jeff Sharkey9c484982015-03-31 10:35:33 -0700817static int load_crypto_mapping_table(struct crypt_mnt_ftr *crypt_ftr,
818 const unsigned char *master_key, const char *real_blk_name,
819 const char *name, int fd, const char *extra_params) {
Wei Wang4375f1b2017-02-24 17:43:01 -0800820 alignas(struct dm_ioctl) char buffer[DM_CRYPT_BUF_SIZE];
Ken Sumralldb5e0262013-02-05 17:39:48 -0800821 struct dm_ioctl *io;
822 struct dm_target_spec *tgt;
823 char *crypt_params;
824 char master_key_ascii[129]; /* Large enough to hold 512 bit key and null */
George Burgess IV605d7ae2016-02-29 13:39:17 -0800825 size_t buff_offset;
Ken Sumralldb5e0262013-02-05 17:39:48 -0800826 int i;
827
828 io = (struct dm_ioctl *) buffer;
829
830 /* Load the mapping table for this device */
831 tgt = (struct dm_target_spec *) &buffer[sizeof(struct dm_ioctl)];
832
833 ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
834 io->target_count = 1;
835 tgt->status = 0;
836 tgt->sector_start = 0;
837 tgt->length = crypt_ftr->fs_size;
Ajay Dudani87701e22014-09-17 21:02:52 -0700838 strlcpy(tgt->target_type, "crypt", DM_MAX_TYPE_NAME);
Ken Sumralldb5e0262013-02-05 17:39:48 -0800839
840 crypt_params = buffer + sizeof(struct dm_ioctl) + sizeof(struct dm_target_spec);
841 convert_key_to_hex_ascii(master_key, crypt_ftr->keysize, master_key_ascii);
George Burgess IV605d7ae2016-02-29 13:39:17 -0800842
843 buff_offset = crypt_params - buffer;
844 snprintf(crypt_params, sizeof(buffer) - buff_offset, "%s %s 0 %s 0 %s",
845 crypt_ftr->crypto_type_name, master_key_ascii, real_blk_name,
846 extra_params);
Ken Sumralldb5e0262013-02-05 17:39:48 -0800847 crypt_params += strlen(crypt_params) + 1;
848 crypt_params = (char *) (((unsigned long)crypt_params + 7) & ~8); /* Align to an 8 byte boundary */
849 tgt->next = crypt_params - buffer;
850
851 for (i = 0; i < TABLE_LOAD_RETRIES; i++) {
852 if (! ioctl(fd, DM_TABLE_LOAD, io)) {
853 break;
854 }
855 usleep(500000);
856 }
857
858 if (i == TABLE_LOAD_RETRIES) {
859 /* We failed to load the table, return an error */
860 return -1;
861 } else {
862 return i + 1;
863 }
864}
865
866
867static int get_dm_crypt_version(int fd, const char *name, int *version)
868{
869 char buffer[DM_CRYPT_BUF_SIZE];
870 struct dm_ioctl *io;
871 struct dm_target_versions *v;
Ken Sumralldb5e0262013-02-05 17:39:48 -0800872
873 io = (struct dm_ioctl *) buffer;
874
875 ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
876
877 if (ioctl(fd, DM_LIST_VERSIONS, io)) {
878 return -1;
879 }
880
881 /* Iterate over the returned versions, looking for name of "crypt".
882 * When found, get and return the version.
883 */
884 v = (struct dm_target_versions *) &buffer[sizeof(struct dm_ioctl)];
885 while (v->next) {
886 if (! strcmp(v->name, "crypt")) {
887 /* We found the crypt driver, return the version, and get out */
888 version[0] = v->version[0];
889 version[1] = v->version[1];
890 version[2] = v->version[2];
891 return 0;
892 }
893 v = (struct dm_target_versions *)(((char *)v) + v->next);
894 }
895
896 return -1;
897}
898
Jeff Sharkey9c484982015-03-31 10:35:33 -0700899static int create_crypto_blk_dev(struct crypt_mnt_ftr *crypt_ftr,
900 const unsigned char *master_key, const char *real_blk_name,
901 char *crypto_blk_name, const char *name) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800902 char buffer[DM_CRYPT_BUF_SIZE];
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800903 struct dm_ioctl *io;
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800904 unsigned int minor;
Ajay Dudani87701e22014-09-17 21:02:52 -0700905 int fd=0;
Daniel Rosenberg25a52132016-02-26 16:44:36 -0800906 int err;
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800907 int retval = -1;
Ken Sumralldb5e0262013-02-05 17:39:48 -0800908 int version[3];
Wei Wang4375f1b2017-02-24 17:43:01 -0800909 const char *extra_params;
Ken Sumralldb5e0262013-02-05 17:39:48 -0800910 int load_count;
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800911
Jeff Sharkeyce6a9132015-04-08 21:07:21 -0700912 if ((fd = open("/dev/device-mapper", O_RDWR|O_CLOEXEC)) < 0 ) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800913 SLOGE("Cannot open device-mapper\n");
914 goto errout;
915 }
916
917 io = (struct dm_ioctl *) buffer;
918
919 ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
Daniel Rosenberg25a52132016-02-26 16:44:36 -0800920 err = ioctl(fd, DM_DEV_CREATE, io);
921 if (err) {
922 SLOGE("Cannot create dm-crypt device %s: %s\n", name, strerror(errno));
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800923 goto errout;
924 }
925
926 /* Get the device status, in particular, the name of it's device file */
927 ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
928 if (ioctl(fd, DM_DEV_STATUS, io)) {
929 SLOGE("Cannot retrieve dm-crypt device status\n");
930 goto errout;
931 }
932 minor = (io->dev & 0xff) | ((io->dev >> 12) & 0xfff00);
933 snprintf(crypto_blk_name, MAXPATHLEN, "/dev/block/dm-%u", minor);
934
Ken Sumralldb5e0262013-02-05 17:39:48 -0800935 extra_params = "";
936 if (! get_dm_crypt_version(fd, name, version)) {
937 /* Support for allow_discards was added in version 1.11.0 */
938 if ((version[0] >= 2) ||
939 ((version[0] == 1) && (version[1] >= 11))) {
940 extra_params = "1 allow_discards";
941 SLOGI("Enabling support for allow_discards in dmcrypt.\n");
942 }
Ken Sumralle919efe2012-09-29 17:07:41 -0700943 }
944
Ken Sumralldb5e0262013-02-05 17:39:48 -0800945 load_count = load_crypto_mapping_table(crypt_ftr, master_key, real_blk_name, name,
946 fd, extra_params);
947 if (load_count < 0) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800948 SLOGE("Cannot load dm-crypt mapping table.\n");
949 goto errout;
Ken Sumralldb5e0262013-02-05 17:39:48 -0800950 } else if (load_count > 1) {
951 SLOGI("Took %d tries to load dmcrypt table.\n", load_count);
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800952 }
953
954 /* Resume this device to activate it */
Ken Sumralldb5e0262013-02-05 17:39:48 -0800955 ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800956
957 if (ioctl(fd, DM_DEV_SUSPEND, io)) {
958 SLOGE("Cannot resume the dm-crypt device\n");
959 goto errout;
960 }
961
962 /* We made it here with no errors. Woot! */
963 retval = 0;
964
965errout:
966 close(fd); /* If fd is <0 from a failed open call, it's safe to just ignore the close error */
967
968 return retval;
969}
970
Wei Wang4375f1b2017-02-24 17:43:01 -0800971static int delete_crypto_blk_dev(const char *name)
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800972{
973 int fd;
974 char buffer[DM_CRYPT_BUF_SIZE];
975 struct dm_ioctl *io;
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800976 int retval = -1;
977
Jeff Sharkeyce6a9132015-04-08 21:07:21 -0700978 if ((fd = open("/dev/device-mapper", O_RDWR|O_CLOEXEC)) < 0 ) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800979 SLOGE("Cannot open device-mapper\n");
980 goto errout;
981 }
982
983 io = (struct dm_ioctl *) buffer;
984
985 ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
986 if (ioctl(fd, DM_DEV_REMOVE, io)) {
987 SLOGE("Cannot remove dm-crypt device\n");
988 goto errout;
989 }
990
991 /* We made it here with no errors. Woot! */
992 retval = 0;
993
994errout:
995 close(fd); /* If fd is <0 from a failed open call, it's safe to just ignore the close error */
996
997 return retval;
998
999}
1000
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001001static int pbkdf2(const char *passwd, const unsigned char *salt,
Paul Lawrencef4faa572014-01-29 13:31:03 -08001002 unsigned char *ikey, void *params UNUSED)
1003{
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001004 SLOGI("Using pbkdf2 for cryptfs KDF");
1005
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001006 /* Turn the password into a key and IV that can decrypt the master key */
Adam Langleybf0d9722015-11-04 14:51:39 -08001007 return PKCS5_PBKDF2_HMAC_SHA1(passwd, strlen(passwd), salt, SALT_LEN,
1008 HASH_COUNT, KEY_LEN_BYTES + IV_LEN_BYTES,
1009 ikey) != 1;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001010}
1011
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001012static int scrypt(const char *passwd, const unsigned char *salt,
Paul Lawrencef4faa572014-01-29 13:31:03 -08001013 unsigned char *ikey, void *params)
1014{
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001015 SLOGI("Using scrypt for cryptfs KDF");
1016
Kenny Rootc4c70f12013-06-14 12:11:38 -07001017 struct crypt_mnt_ftr *ftr = (struct crypt_mnt_ftr *) params;
1018
1019 int N = 1 << ftr->N_factor;
1020 int r = 1 << ftr->r_factor;
1021 int p = 1 << ftr->p_factor;
1022
1023 /* Turn the password into a key and IV that can decrypt the master key */
Paul Lawrencef4faa572014-01-29 13:31:03 -08001024 unsigned int keysize;
Paul Lawrence3bd36d52015-06-09 13:37:44 -07001025 crypto_scrypt((const uint8_t*)passwd, strlen(passwd),
1026 salt, SALT_LEN, N, r, p, ikey,
1027 KEY_LEN_BYTES + IV_LEN_BYTES);
Paul Lawrencef4faa572014-01-29 13:31:03 -08001028
Paul Lawrence3bd36d52015-06-09 13:37:44 -07001029 return 0;
Kenny Rootc4c70f12013-06-14 12:11:38 -07001030}
1031
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001032static int scrypt_keymaster(const char *passwd, const unsigned char *salt,
1033 unsigned char *ikey, void *params)
1034{
1035 SLOGI("Using scrypt with keymaster for cryptfs KDF");
1036
1037 int rc;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001038 size_t signature_size;
1039 unsigned char* signature;
1040 struct crypt_mnt_ftr *ftr = (struct crypt_mnt_ftr *) params;
1041
1042 int N = 1 << ftr->N_factor;
1043 int r = 1 << ftr->r_factor;
1044 int p = 1 << ftr->p_factor;
1045
Paul Lawrence3bd36d52015-06-09 13:37:44 -07001046 rc = crypto_scrypt((const uint8_t*)passwd, strlen(passwd),
1047 salt, SALT_LEN, N, r, p, ikey,
1048 KEY_LEN_BYTES + IV_LEN_BYTES);
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001049
1050 if (rc) {
1051 SLOGE("scrypt failed");
1052 return -1;
1053 }
1054
Shawn Willdene17a9c42014-09-08 13:04:08 -06001055 if (keymaster_sign_object(ftr, ikey, KEY_LEN_BYTES + IV_LEN_BYTES,
1056 &signature, &signature_size)) {
1057 SLOGE("Signing failed");
1058 return -1;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001059 }
1060
1061 rc = crypto_scrypt(signature, signature_size, salt, SALT_LEN,
1062 N, r, p, ikey, KEY_LEN_BYTES + IV_LEN_BYTES);
1063 free(signature);
1064
1065 if (rc) {
1066 SLOGE("scrypt failed");
1067 return -1;
1068 }
1069
1070 return 0;
1071}
1072
1073static int encrypt_master_key(const char *passwd, const unsigned char *salt,
1074 const unsigned char *decrypted_master_key,
Kenny Rootc4c70f12013-06-14 12:11:38 -07001075 unsigned char *encrypted_master_key,
1076 struct crypt_mnt_ftr *crypt_ftr)
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001077{
1078 unsigned char ikey[32+32] = { 0 }; /* Big enough to hold a 256 bit key and 256 bit IV */
1079 EVP_CIPHER_CTX e_ctx;
1080 int encrypted_len, final_len;
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001081 int rc = 0;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001082
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001083 /* Turn the password into an intermediate key and IV that can decrypt the master key */
Kenny Rootc4c70f12013-06-14 12:11:38 -07001084 get_device_scrypt_params(crypt_ftr);
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001085
1086 switch (crypt_ftr->kdf_type) {
1087 case KDF_SCRYPT_KEYMASTER:
1088 if (keymaster_create_key(crypt_ftr)) {
1089 SLOGE("keymaster_create_key failed");
1090 return -1;
1091 }
1092
1093 if (scrypt_keymaster(passwd, salt, ikey, crypt_ftr)) {
1094 SLOGE("scrypt failed");
1095 return -1;
1096 }
1097 break;
1098
1099 case KDF_SCRYPT:
1100 if (scrypt(passwd, salt, ikey, crypt_ftr)) {
1101 SLOGE("scrypt failed");
1102 return -1;
1103 }
1104 break;
1105
1106 default:
1107 SLOGE("Invalid kdf_type");
Paul Lawrencef4faa572014-01-29 13:31:03 -08001108 return -1;
1109 }
Kenny Rootc4c70f12013-06-14 12:11:38 -07001110
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001111 /* Initialize the decryption engine */
Adam Langley889c4f12014-09-03 14:23:13 -07001112 EVP_CIPHER_CTX_init(&e_ctx);
1113 if (! EVP_EncryptInit_ex(&e_ctx, EVP_aes_128_cbc(), NULL, ikey, ikey+KEY_LEN_BYTES)) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001114 SLOGE("EVP_EncryptInit failed\n");
1115 return -1;
1116 }
1117 EVP_CIPHER_CTX_set_padding(&e_ctx, 0); /* Turn off padding as our data is block aligned */
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001118
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001119 /* Encrypt the master key */
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001120 if (! EVP_EncryptUpdate(&e_ctx, encrypted_master_key, &encrypted_len,
Paul Lawrence731a7a22015-04-28 22:14:15 +00001121 decrypted_master_key, KEY_LEN_BYTES)) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001122 SLOGE("EVP_EncryptUpdate failed\n");
1123 return -1;
1124 }
Adam Langley889c4f12014-09-03 14:23:13 -07001125 if (! EVP_EncryptFinal_ex(&e_ctx, encrypted_master_key + encrypted_len, &final_len)) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001126 SLOGE("EVP_EncryptFinal failed\n");
1127 return -1;
1128 }
1129
1130 if (encrypted_len + final_len != KEY_LEN_BYTES) {
1131 SLOGE("EVP_Encryption length check failed with %d, %d bytes\n", encrypted_len, final_len);
1132 return -1;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001133 }
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001134
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001135 /* Store the scrypt of the intermediate key, so we can validate if it's a
1136 password error or mount error when things go wrong.
1137 Note there's no need to check for errors, since if this is incorrect, we
1138 simply won't wipe userdata, which is the correct default behavior
1139 */
1140 int N = 1 << crypt_ftr->N_factor;
1141 int r = 1 << crypt_ftr->r_factor;
1142 int p = 1 << crypt_ftr->p_factor;
1143
1144 rc = crypto_scrypt(ikey, KEY_LEN_BYTES,
1145 crypt_ftr->salt, sizeof(crypt_ftr->salt), N, r, p,
1146 crypt_ftr->scrypted_intermediate_key,
1147 sizeof(crypt_ftr->scrypted_intermediate_key));
1148
1149 if (rc) {
1150 SLOGE("encrypt_master_key: crypto_scrypt failed");
1151 }
1152
Thurston Hou Yeen Dang06dc3112016-07-18 14:16:37 -07001153 EVP_CIPHER_CTX_cleanup(&e_ctx);
1154
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001155 return 0;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001156}
1157
Paul Lawrence731a7a22015-04-28 22:14:15 +00001158static int decrypt_master_key_aux(const char *passwd, unsigned char *salt,
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001159 unsigned char *encrypted_master_key,
1160 unsigned char *decrypted_master_key,
1161 kdf_func kdf, void *kdf_params,
1162 unsigned char** intermediate_key,
1163 size_t* intermediate_key_size)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001164{
1165 unsigned char ikey[32+32] = { 0 }; /* Big enough to hold a 256 bit key and 256 bit IV */
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001166 EVP_CIPHER_CTX d_ctx;
1167 int decrypted_len, final_len;
1168
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001169 /* Turn the password into an intermediate key and IV that can decrypt the
1170 master key */
Paul Lawrencef4faa572014-01-29 13:31:03 -08001171 if (kdf(passwd, salt, ikey, kdf_params)) {
1172 SLOGE("kdf failed");
1173 return -1;
1174 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001175
1176 /* Initialize the decryption engine */
Adam Langley889c4f12014-09-03 14:23:13 -07001177 EVP_CIPHER_CTX_init(&d_ctx);
1178 if (! EVP_DecryptInit_ex(&d_ctx, EVP_aes_128_cbc(), NULL, ikey, ikey+KEY_LEN_BYTES)) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001179 return -1;
1180 }
1181 EVP_CIPHER_CTX_set_padding(&d_ctx, 0); /* Turn off padding as our data is block aligned */
1182 /* Decrypt the master key */
1183 if (! EVP_DecryptUpdate(&d_ctx, decrypted_master_key, &decrypted_len,
1184 encrypted_master_key, KEY_LEN_BYTES)) {
1185 return -1;
1186 }
Adam Langley889c4f12014-09-03 14:23:13 -07001187 if (! EVP_DecryptFinal_ex(&d_ctx, decrypted_master_key + decrypted_len, &final_len)) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001188 return -1;
1189 }
1190
1191 if (decrypted_len + final_len != KEY_LEN_BYTES) {
1192 return -1;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001193 }
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001194
1195 /* Copy intermediate key if needed by params */
1196 if (intermediate_key && intermediate_key_size) {
1197 *intermediate_key = (unsigned char*) malloc(KEY_LEN_BYTES);
Greg Kaisere8167af2016-04-20 10:50:15 -07001198 if (*intermediate_key) {
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001199 memcpy(*intermediate_key, ikey, KEY_LEN_BYTES);
1200 *intermediate_key_size = KEY_LEN_BYTES;
1201 }
1202 }
1203
Thurston Hou Yeen Dang06dc3112016-07-18 14:16:37 -07001204 EVP_CIPHER_CTX_cleanup(&d_ctx);
1205
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001206 return 0;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001207}
1208
Kenny Rootc4c70f12013-06-14 12:11:38 -07001209static void get_kdf_func(struct crypt_mnt_ftr *ftr, kdf_func *kdf, void** kdf_params)
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001210{
Paul Lawrencedb3730c2015-02-03 13:08:10 -08001211 if (ftr->kdf_type == KDF_SCRYPT_KEYMASTER) {
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001212 *kdf = scrypt_keymaster;
1213 *kdf_params = ftr;
1214 } else if (ftr->kdf_type == KDF_SCRYPT) {
Kenny Rootc4c70f12013-06-14 12:11:38 -07001215 *kdf = scrypt;
1216 *kdf_params = ftr;
1217 } else {
1218 *kdf = pbkdf2;
1219 *kdf_params = NULL;
1220 }
1221}
1222
Paul Lawrence731a7a22015-04-28 22:14:15 +00001223static int decrypt_master_key(const char *passwd, unsigned char *decrypted_master_key,
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001224 struct crypt_mnt_ftr *crypt_ftr,
1225 unsigned char** intermediate_key,
1226 size_t* intermediate_key_size)
Kenny Rootc4c70f12013-06-14 12:11:38 -07001227{
1228 kdf_func kdf;
1229 void *kdf_params;
1230 int ret;
1231
1232 get_kdf_func(crypt_ftr, &kdf, &kdf_params);
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001233 ret = decrypt_master_key_aux(passwd, crypt_ftr->salt, crypt_ftr->master_key,
1234 decrypted_master_key, kdf, kdf_params,
1235 intermediate_key, intermediate_key_size);
Kenny Rootc4c70f12013-06-14 12:11:38 -07001236 if (ret != 0) {
1237 SLOGW("failure decrypting master key");
Kenny Rootc4c70f12013-06-14 12:11:38 -07001238 }
1239
1240 return ret;
1241}
1242
Wei Wang4375f1b2017-02-24 17:43:01 -08001243static int create_encrypted_random_key(const char *passwd, unsigned char *master_key, unsigned char *salt,
Kenny Rootc4c70f12013-06-14 12:11:38 -07001244 struct crypt_mnt_ftr *crypt_ftr) {
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001245 int fd;
Ken Sumralle8744072011-01-18 22:01:55 -08001246 unsigned char key_buf[KEY_LEN_BYTES];
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001247
1248 /* Get some random bits for a key */
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07001249 fd = open("/dev/urandom", O_RDONLY|O_CLOEXEC);
Ken Sumralle8744072011-01-18 22:01:55 -08001250 read(fd, key_buf, sizeof(key_buf));
1251 read(fd, salt, SALT_LEN);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001252 close(fd);
1253
1254 /* Now encrypt it with the password */
Kenny Rootc4c70f12013-06-14 12:11:38 -07001255 return encrypt_master_key(passwd, salt, key_buf, master_key, crypt_ftr);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001256}
1257
Paul Lawrence2f32cda2015-05-05 14:28:25 -07001258int wait_and_unmount(const char *mountpoint, bool kill)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001259{
Greg Hackmann955653e2014-09-24 14:55:20 -07001260 int i, err, rc;
Ken Sumrall2eaf7132011-01-14 12:45:48 -08001261#define WAIT_UNMOUNT_COUNT 20
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001262
1263 /* Now umount the tmpfs filesystem */
1264 for (i=0; i<WAIT_UNMOUNT_COUNT; i++) {
Greg Hackmann6e8440f2014-10-02 17:18:20 -07001265 if (umount(mountpoint) == 0) {
1266 break;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001267 }
Greg Hackmann6e8440f2014-10-02 17:18:20 -07001268
1269 if (errno == EINVAL) {
1270 /* EINVAL is returned if the directory is not a mountpoint,
1271 * i.e. there is no filesystem mounted there. So just get out.
1272 */
1273 break;
1274 }
1275
1276 err = errno;
1277
1278 /* If allowed, be increasingly aggressive before the last two retries */
1279 if (kill) {
1280 if (i == (WAIT_UNMOUNT_COUNT - 3)) {
1281 SLOGW("sending SIGHUP to processes with open files\n");
Jeff Sharkey36801cc2015-03-13 16:09:20 -07001282 vold_killProcessesWithOpenFiles(mountpoint, SIGTERM);
Greg Hackmann6e8440f2014-10-02 17:18:20 -07001283 } else if (i == (WAIT_UNMOUNT_COUNT - 2)) {
1284 SLOGW("sending SIGKILL to processes with open files\n");
Jeff Sharkey36801cc2015-03-13 16:09:20 -07001285 vold_killProcessesWithOpenFiles(mountpoint, SIGKILL);
Greg Hackmann6e8440f2014-10-02 17:18:20 -07001286 }
1287 }
1288
1289 sleep(1);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001290 }
1291
1292 if (i < WAIT_UNMOUNT_COUNT) {
1293 SLOGD("unmounting %s succeeded\n", mountpoint);
1294 rc = 0;
1295 } else {
jessica_yu3f14fe42014-09-22 15:57:40 +08001296 vold_killProcessesWithOpenFiles(mountpoint, 0);
Greg Hackmann955653e2014-09-24 14:55:20 -07001297 SLOGE("unmounting %s failed: %s\n", mountpoint, strerror(err));
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001298 rc = -1;
1299 }
1300
1301 return rc;
1302}
1303
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001304static int prep_data_fs(void)
1305{
1306 int i;
1307
Jeff Sharkey47695b22016-02-01 17:02:29 -07001308 // NOTE: post_fs_data results in init calling back around to vold, so all
1309 // callers to this method must be async
1310
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001311 /* Do the prep of the /data filesystem */
1312 property_set("vold.post_fs_data_done", "0");
1313 property_set("vold.decrypt", "trigger_post_fs_data");
1314 SLOGD("Just triggered post_fs_data\n");
1315
Ken Sumrallc5872692013-05-14 15:26:31 -07001316 /* Wait a max of 50 seconds, hopefully it takes much less */
Wei Wang4375f1b2017-02-24 17:43:01 -08001317 if (!android::base::WaitForProperty("vold.post_fs_data_done",
1318 "1",
1319 std::chrono::seconds(50))) {
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001320 /* Ugh, we failed to prep /data in time. Bail. */
Ken Sumrallc5872692013-05-14 15:26:31 -07001321 SLOGE("post_fs_data timed out!\n");
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001322 return -1;
1323 } else {
1324 SLOGD("post_fs_data done\n");
1325 return 0;
1326 }
1327}
1328
Paul Lawrence74f29f12014-08-28 15:54:10 -07001329static void cryptfs_set_corrupt()
1330{
1331 // Mark the footer as bad
1332 struct crypt_mnt_ftr crypt_ftr;
1333 if (get_crypt_ftr_and_key(&crypt_ftr)) {
1334 SLOGE("Failed to get crypto footer - panic");
1335 return;
1336 }
1337
1338 crypt_ftr.flags |= CRYPT_DATA_CORRUPT;
1339 if (put_crypt_ftr_and_key(&crypt_ftr)) {
1340 SLOGE("Failed to set crypto footer - panic");
1341 return;
1342 }
1343}
1344
1345static void cryptfs_trigger_restart_min_framework()
1346{
1347 if (fs_mgr_do_tmpfs_mount(DATA_MNT_POINT)) {
1348 SLOGE("Failed to mount tmpfs on data - panic");
1349 return;
1350 }
1351
1352 if (property_set("vold.decrypt", "trigger_post_fs_data")) {
1353 SLOGE("Failed to trigger post fs data - panic");
1354 return;
1355 }
1356
1357 if (property_set("vold.decrypt", "trigger_restart_min_framework")) {
1358 SLOGE("Failed to trigger restart min framework - panic");
1359 return;
1360 }
1361}
1362
Paul Lawrence8e3f4512014-09-08 10:11:17 -07001363/* returns < 0 on failure */
Paul Lawrencef4faa572014-01-29 13:31:03 -08001364static int cryptfs_restart_internal(int restart_main)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001365{
Ken Sumrall6864b7e2011-01-14 15:20:02 -08001366 char crypto_blkdev[MAXPATHLEN];
Tim Murray8439dc92014-12-15 11:56:11 -08001367 int rc = -1;
Ken Sumrall0cc16632011-01-18 20:32:26 -08001368 static int restart_successful = 0;
1369
1370 /* Validate that it's OK to call this routine */
Jason parks70a4b3f2011-01-28 10:10:47 -06001371 if (! master_key_saved) {
Ken Sumrall0cc16632011-01-18 20:32:26 -08001372 SLOGE("Encrypted filesystem not validated, aborting");
1373 return -1;
1374 }
1375
1376 if (restart_successful) {
1377 SLOGE("System already restarted with encrypted disk, aborting");
1378 return -1;
1379 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001380
Paul Lawrencef4faa572014-01-29 13:31:03 -08001381 if (restart_main) {
1382 /* Here is where we shut down the framework. The init scripts
1383 * start all services in one of three classes: core, main or late_start.
1384 * On boot, we start core and main. Now, we stop main, but not core,
1385 * as core includes vold and a few other really important things that
1386 * we need to keep running. Once main has stopped, we should be able
1387 * to umount the tmpfs /data, then mount the encrypted /data.
1388 * We then restart the class main, and also the class late_start.
1389 * At the moment, I've only put a few things in late_start that I know
1390 * are not needed to bring up the framework, and that also cause problems
1391 * with unmounting the tmpfs /data, but I hope to add add more services
1392 * to the late_start class as we optimize this to decrease the delay
1393 * till the user is asked for the password to the filesystem.
1394 */
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001395
Paul Lawrencef4faa572014-01-29 13:31:03 -08001396 /* The init files are setup to stop the class main when vold.decrypt is
1397 * set to trigger_reset_main.
1398 */
1399 property_set("vold.decrypt", "trigger_reset_main");
1400 SLOGD("Just asked init to shut down class main\n");
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001401
Paul Lawrencef4faa572014-01-29 13:31:03 -08001402 /* Ugh, shutting down the framework is not synchronous, so until it
1403 * can be fixed, this horrible hack will wait a moment for it all to
1404 * shut down before proceeding. Without it, some devices cannot
1405 * restart the graphics services.
1406 */
1407 sleep(2);
1408 }
Ken Sumrall9dedfd42012-10-09 14:16:59 -07001409
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001410 /* Now that the framework is shutdown, we should be able to umount()
1411 * the tmpfs filesystem, and mount the real one.
1412 */
1413
Ken Sumrall6864b7e2011-01-14 15:20:02 -08001414 property_get("ro.crypto.fs_crypto_blkdev", crypto_blkdev, "");
1415 if (strlen(crypto_blkdev) == 0) {
1416 SLOGE("fs_crypto_blkdev not set\n");
1417 return -1;
1418 }
1419
Greg Hackmann6e8440f2014-10-02 17:18:20 -07001420 if (! (rc = wait_and_unmount(DATA_MNT_POINT, true)) ) {
Doug Zongker6fd57712013-12-17 09:43:23 -08001421 /* If ro.crypto.readonly is set to 1, mount the decrypted
1422 * filesystem readonly. This is used when /data is mounted by
1423 * recovery mode.
1424 */
1425 char ro_prop[PROPERTY_VALUE_MAX];
1426 property_get("ro.crypto.readonly", ro_prop, "");
1427 if (strlen(ro_prop) > 0 && atoi(ro_prop)) {
1428 struct fstab_rec* rec = fs_mgr_get_entry_for_mount_point(fstab, DATA_MNT_POINT);
1429 rec->flags |= MS_RDONLY;
1430 }
JP Abgrall62c7af32014-06-16 13:01:23 -07001431
Ken Sumralle5032c42012-04-01 23:58:44 -07001432 /* If that succeeded, then mount the decrypted filesystem */
Paul Lawrence8e3f4512014-09-08 10:11:17 -07001433 int retries = RETRY_MOUNT_ATTEMPTS;
1434 int mount_rc;
Jeff Vander Stoepdf725752016-01-29 15:34:43 -08001435
1436 /*
1437 * fs_mgr_do_mount runs fsck. Use setexeccon to run trusted
1438 * partitions in the fsck domain.
1439 */
1440 if (setexeccon(secontextFsck())){
1441 SLOGE("Failed to setexeccon");
1442 return -1;
1443 }
Paul Lawrence8e3f4512014-09-08 10:11:17 -07001444 while ((mount_rc = fs_mgr_do_mount(fstab, DATA_MNT_POINT,
1445 crypto_blkdev, 0))
1446 != 0) {
1447 if (mount_rc == FS_MGR_DOMNT_BUSY) {
1448 /* TODO: invoke something similar to
1449 Process::killProcessWithOpenFiles(DATA_MNT_POINT,
1450 retries > RETRY_MOUNT_ATTEMPT/2 ? 1 : 2 ) */
1451 SLOGI("Failed to mount %s because it is busy - waiting",
1452 crypto_blkdev);
1453 if (--retries) {
1454 sleep(RETRY_MOUNT_DELAY_SECONDS);
1455 } else {
1456 /* Let's hope that a reboot clears away whatever is keeping
1457 the mount busy */
1458 cryptfs_reboot(reboot);
1459 }
1460 } else {
1461 SLOGE("Failed to mount decrypted data");
1462 cryptfs_set_corrupt();
1463 cryptfs_trigger_restart_min_framework();
1464 SLOGI("Started framework to offer wipe");
Jeff Vander Stoepdf725752016-01-29 15:34:43 -08001465 if (setexeccon(NULL)) {
1466 SLOGE("Failed to setexeccon");
1467 }
Paul Lawrence8e3f4512014-09-08 10:11:17 -07001468 return -1;
1469 }
Paul Lawrence74f29f12014-08-28 15:54:10 -07001470 }
Jeff Vander Stoepdf725752016-01-29 15:34:43 -08001471 if (setexeccon(NULL)) {
1472 SLOGE("Failed to setexeccon");
1473 return -1;
1474 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001475
Ken Sumralle5032c42012-04-01 23:58:44 -07001476 /* Create necessary paths on /data */
1477 if (prep_data_fs()) {
1478 return -1;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001479 }
Seigo Nonakae2ef0c02016-06-20 17:05:40 +09001480 property_set("vold.decrypt", "trigger_load_persist_props");
Ken Sumralle5032c42012-04-01 23:58:44 -07001481
1482 /* startup service classes main and late_start */
1483 property_set("vold.decrypt", "trigger_restart_framework");
1484 SLOGD("Just triggered restart_framework\n");
1485
1486 /* Give it a few moments to get started */
1487 sleep(1);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001488 }
1489
Ken Sumrall0cc16632011-01-18 20:32:26 -08001490 if (rc == 0) {
1491 restart_successful = 1;
1492 }
1493
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001494 return rc;
1495}
1496
Paul Lawrencef4faa572014-01-29 13:31:03 -08001497int cryptfs_restart(void)
1498{
Paul Lawrence05335c32015-03-05 09:46:23 -08001499 SLOGI("cryptfs_restart");
Paul Crowley38132a12016-02-09 09:50:32 +00001500 if (e4crypt_is_native()) {
Paul Lawrence7b6b5652016-02-02 11:14:59 -08001501 SLOGE("cryptfs_restart not valid for file encryption:");
1502 return -1;
Paul Lawrence05335c32015-03-05 09:46:23 -08001503 }
1504
Paul Lawrencef4faa572014-01-29 13:31:03 -08001505 /* Call internal implementation forcing a restart of main service group */
1506 return cryptfs_restart_internal(1);
1507}
1508
Wei Wang4375f1b2017-02-24 17:43:01 -08001509static int do_crypto_complete(const char *mount_point)
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08001510{
1511 struct crypt_mnt_ftr crypt_ftr;
Ken Sumrall29d8da82011-05-18 17:20:07 -07001512 char encrypted_state[PROPERTY_VALUE_MAX];
Ken Sumralle1a45852011-12-14 21:24:27 -08001513 char key_loc[PROPERTY_VALUE_MAX];
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08001514
1515 property_get("ro.crypto.state", encrypted_state, "");
1516 if (strcmp(encrypted_state, "encrypted") ) {
1517 SLOGE("not running with encryption, aborting");
Paul Lawrence74f29f12014-08-28 15:54:10 -07001518 return CRYPTO_COMPLETE_NOT_ENCRYPTED;
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08001519 }
1520
Paul Lawrence7b6b5652016-02-02 11:14:59 -08001521 // crypto_complete is full disk encrypted status
Paul Crowley38132a12016-02-09 09:50:32 +00001522 if (e4crypt_is_native()) {
Paul Lawrence7b6b5652016-02-02 11:14:59 -08001523 return CRYPTO_COMPLETE_NOT_ENCRYPTED;
Paul Lawrence05335c32015-03-05 09:46:23 -08001524 }
1525
Ken Sumrall160b4d62013-04-22 12:15:39 -07001526 if (get_crypt_ftr_and_key(&crypt_ftr)) {
Ken Sumrall56ad03c2013-02-13 13:00:19 -08001527 fs_mgr_get_crypt_info(fstab, key_loc, 0, sizeof(key_loc));
Ken Sumralle5032c42012-04-01 23:58:44 -07001528
Ken Sumralle1a45852011-12-14 21:24:27 -08001529 /*
1530 * Only report this error if key_loc is a file and it exists.
1531 * If the device was never encrypted, and /data is not mountable for
1532 * some reason, returning 1 should prevent the UI from presenting the
1533 * a "enter password" screen, or worse, a "press button to wipe the
1534 * device" screen.
1535 */
1536 if ((key_loc[0] == '/') && (access("key_loc", F_OK) == -1)) {
1537 SLOGE("master key file does not exist, aborting");
Paul Lawrence74f29f12014-08-28 15:54:10 -07001538 return CRYPTO_COMPLETE_NOT_ENCRYPTED;
Ken Sumralle1a45852011-12-14 21:24:27 -08001539 } else {
1540 SLOGE("Error getting crypt footer and key\n");
Paul Lawrence74f29f12014-08-28 15:54:10 -07001541 return CRYPTO_COMPLETE_BAD_METADATA;
Ken Sumralle1a45852011-12-14 21:24:27 -08001542 }
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08001543 }
1544
Paul Lawrence74f29f12014-08-28 15:54:10 -07001545 // Test for possible error flags
1546 if (crypt_ftr.flags & CRYPT_ENCRYPTION_IN_PROGRESS){
1547 SLOGE("Encryption process is partway completed\n");
1548 return CRYPTO_COMPLETE_PARTIAL;
1549 }
1550
1551 if (crypt_ftr.flags & CRYPT_INCONSISTENT_STATE){
1552 SLOGE("Encryption process was interrupted but cannot continue\n");
1553 return CRYPTO_COMPLETE_INCONSISTENT;
1554 }
1555
1556 if (crypt_ftr.flags & CRYPT_DATA_CORRUPT){
1557 SLOGE("Encryption is successful but data is corrupt\n");
1558 return CRYPTO_COMPLETE_CORRUPT;
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08001559 }
1560
1561 /* We passed the test! We shall diminish, and return to the west */
Paul Lawrence74f29f12014-08-28 15:54:10 -07001562 return CRYPTO_COMPLETE_ENCRYPTED;
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08001563}
1564
Paul Lawrencef4faa572014-01-29 13:31:03 -08001565static int test_mount_encrypted_fs(struct crypt_mnt_ftr* crypt_ftr,
Wei Wang4375f1b2017-02-24 17:43:01 -08001566 const char *passwd, const char *mount_point, const char *label)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001567{
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001568 /* Allocate enough space for a 256 bit key, but we may use less */
Ken Sumrall160b4d62013-04-22 12:15:39 -07001569 unsigned char decrypted_master_key[32];
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001570 char crypto_blkdev[MAXPATHLEN];
1571 char real_blkdev[MAXPATHLEN];
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001572 char tmp_mount_point[64];
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001573 unsigned int orig_failed_decrypt_count;
1574 int rc;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001575 int use_keymaster = 0;
1576 int upgrade = 0;
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001577 unsigned char* intermediate_key = 0;
1578 size_t intermediate_key_size = 0;
Wei Wang4375f1b2017-02-24 17:43:01 -08001579 int N = 1 << crypt_ftr->N_factor;
1580 int r = 1 << crypt_ftr->r_factor;
1581 int p = 1 << crypt_ftr->p_factor;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001582
Paul Lawrencef4faa572014-01-29 13:31:03 -08001583 SLOGD("crypt_ftr->fs_size = %lld\n", crypt_ftr->fs_size);
1584 orig_failed_decrypt_count = crypt_ftr->failed_decrypt_count;
Ken Sumrall0cc16632011-01-18 20:32:26 -08001585
Paul Lawrencef4faa572014-01-29 13:31:03 -08001586 if (! (crypt_ftr->flags & CRYPT_MNT_KEY_UNENCRYPTED) ) {
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001587 if (decrypt_master_key(passwd, decrypted_master_key, crypt_ftr,
1588 &intermediate_key, &intermediate_key_size)) {
JP Abgrall7bdfa522013-11-15 13:42:56 -08001589 SLOGE("Failed to decrypt master key\n");
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001590 rc = -1;
1591 goto errout;
JP Abgrall7bdfa522013-11-15 13:42:56 -08001592 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001593 }
1594
Paul Lawrencef4faa572014-01-29 13:31:03 -08001595 fs_mgr_get_crypt_info(fstab, 0, real_blkdev, sizeof(real_blkdev));
1596
Paul Lawrence74f29f12014-08-28 15:54:10 -07001597 // Create crypto block device - all (non fatal) code paths
1598 // need it
Paul Lawrencef4faa572014-01-29 13:31:03 -08001599 if (create_crypto_blk_dev(crypt_ftr, decrypted_master_key,
1600 real_blkdev, crypto_blkdev, label)) {
Paul Lawrence74f29f12014-08-28 15:54:10 -07001601 SLOGE("Error creating decrypted block device\n");
1602 rc = -1;
1603 goto errout;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001604 }
1605
Paul Lawrence74f29f12014-08-28 15:54:10 -07001606 /* Work out if the problem is the password or the data */
1607 unsigned char scrypted_intermediate_key[sizeof(crypt_ftr->
1608 scrypted_intermediate_key)];
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001609
Paul Lawrence74f29f12014-08-28 15:54:10 -07001610 rc = crypto_scrypt(intermediate_key, intermediate_key_size,
1611 crypt_ftr->salt, sizeof(crypt_ftr->salt),
1612 N, r, p, scrypted_intermediate_key,
1613 sizeof(scrypted_intermediate_key));
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001614
Paul Lawrence74f29f12014-08-28 15:54:10 -07001615 // Does the key match the crypto footer?
1616 if (rc == 0 && memcmp(scrypted_intermediate_key,
1617 crypt_ftr->scrypted_intermediate_key,
1618 sizeof(scrypted_intermediate_key)) == 0) {
1619 SLOGI("Password matches");
1620 rc = 0;
1621 } else {
1622 /* Try mounting the file system anyway, just in case the problem's with
1623 * the footer, not the key. */
George Burgess IV605d7ae2016-02-29 13:39:17 -08001624 snprintf(tmp_mount_point, sizeof(tmp_mount_point), "%s/tmp_mnt",
1625 mount_point);
Paul Lawrence74f29f12014-08-28 15:54:10 -07001626 mkdir(tmp_mount_point, 0755);
1627 if (fs_mgr_do_mount(fstab, DATA_MNT_POINT, crypto_blkdev, tmp_mount_point)) {
1628 SLOGE("Error temp mounting decrypted block device\n");
1629 delete_crypto_blk_dev(label);
1630
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001631 rc = ++crypt_ftr->failed_decrypt_count;
1632 put_crypt_ftr_and_key(crypt_ftr);
Paul Lawrence74f29f12014-08-28 15:54:10 -07001633 } else {
1634 /* Success! */
1635 SLOGI("Password did not match but decrypted drive mounted - continue");
1636 umount(tmp_mount_point);
1637 rc = 0;
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001638 }
Paul Lawrence74f29f12014-08-28 15:54:10 -07001639 }
1640
1641 if (rc == 0) {
1642 crypt_ftr->failed_decrypt_count = 0;
Paul Lawrence72b8b822014-10-05 12:57:37 -07001643 if (orig_failed_decrypt_count != 0) {
1644 put_crypt_ftr_and_key(crypt_ftr);
1645 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001646
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001647 /* Save the name of the crypto block device
Paul Lawrence74f29f12014-08-28 15:54:10 -07001648 * so we can mount it when restarting the framework. */
Ken Sumrall6864b7e2011-01-14 15:20:02 -08001649 property_set("ro.crypto.fs_crypto_blkdev", crypto_blkdev);
Jason parks70a4b3f2011-01-28 10:10:47 -06001650
1651 /* Also save a the master key so we can reencrypted the key
Paul Lawrence74f29f12014-08-28 15:54:10 -07001652 * the key when we want to change the password on it. */
Jason parks70a4b3f2011-01-28 10:10:47 -06001653 memcpy(saved_master_key, decrypted_master_key, KEY_LEN_BYTES);
Ken Sumrall3ad90722011-10-04 20:38:29 -07001654 saved_mount_point = strdup(mount_point);
Jason parks70a4b3f2011-01-28 10:10:47 -06001655 master_key_saved = 1;
JP Abgrall7bdfa522013-11-15 13:42:56 -08001656 SLOGD("%s(): Master key saved\n", __FUNCTION__);
Ken Sumrall6864b7e2011-01-14 15:20:02 -08001657 rc = 0;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001658
Paul Lawrence74f29f12014-08-28 15:54:10 -07001659 // Upgrade if we're not using the latest KDF.
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001660 use_keymaster = keymaster_check_compatibility();
1661 if (crypt_ftr->kdf_type == KDF_SCRYPT_KEYMASTER) {
Shawn Willden47ba10d2014-09-03 17:07:06 -06001662 // Don't allow downgrade
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001663 } else if (use_keymaster == 1 && crypt_ftr->kdf_type != KDF_SCRYPT_KEYMASTER) {
1664 crypt_ftr->kdf_type = KDF_SCRYPT_KEYMASTER;
1665 upgrade = 1;
1666 } else if (use_keymaster == 0 && crypt_ftr->kdf_type != KDF_SCRYPT) {
Paul Lawrencef4faa572014-01-29 13:31:03 -08001667 crypt_ftr->kdf_type = KDF_SCRYPT;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001668 upgrade = 1;
1669 }
1670
1671 if (upgrade) {
Paul Lawrencef4faa572014-01-29 13:31:03 -08001672 rc = encrypt_master_key(passwd, crypt_ftr->salt, saved_master_key,
1673 crypt_ftr->master_key, crypt_ftr);
JP Abgrall7bdfa522013-11-15 13:42:56 -08001674 if (!rc) {
Paul Lawrencef4faa572014-01-29 13:31:03 -08001675 rc = put_crypt_ftr_and_key(crypt_ftr);
JP Abgrall7bdfa522013-11-15 13:42:56 -08001676 }
1677 SLOGD("Key Derivation Function upgrade: rc=%d\n", rc);
Paul Lawrenceb2f682b2014-09-08 11:28:19 -07001678
1679 // Do not fail even if upgrade failed - machine is bootable
1680 // Note that if this code is ever hit, there is a *serious* problem
1681 // since KDFs should never fail. You *must* fix the kdf before
1682 // proceeding!
1683 if (rc) {
1684 SLOGW("Upgrade failed with error %d,"
1685 " but continuing with previous state",
1686 rc);
1687 rc = 0;
1688 }
JP Abgrall7bdfa522013-11-15 13:42:56 -08001689 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001690 }
1691
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001692 errout:
1693 if (intermediate_key) {
1694 memset(intermediate_key, 0, intermediate_key_size);
1695 free(intermediate_key);
1696 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001697 return rc;
1698}
1699
Ken Sumrall29d8da82011-05-18 17:20:07 -07001700/*
Jeff Sharkey9c484982015-03-31 10:35:33 -07001701 * Called by vold when it's asked to mount an encrypted external
1702 * storage volume. The incoming partition has no crypto header/footer,
1703 * as any metadata is been stored in a separate, small partition.
1704 *
1705 * out_crypto_blkdev must be MAXPATHLEN.
Ken Sumrall29d8da82011-05-18 17:20:07 -07001706 */
Jeff Sharkey9c484982015-03-31 10:35:33 -07001707int cryptfs_setup_ext_volume(const char* label, const char* real_blkdev,
1708 const unsigned char* key, int keysize, char* out_crypto_blkdev) {
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07001709 int fd = open(real_blkdev, O_RDONLY|O_CLOEXEC);
Hiroaki Miyazawa14eab552015-02-04 13:29:15 +09001710 if (fd == -1) {
Jeff Sharkey9c484982015-03-31 10:35:33 -07001711 SLOGE("Failed to open %s: %s", real_blkdev, strerror(errno));
Hiroaki Miyazawa14eab552015-02-04 13:29:15 +09001712 return -1;
1713 }
1714
1715 unsigned long nr_sec = 0;
1716 get_blkdev_size(fd, &nr_sec);
Ken Sumrall29d8da82011-05-18 17:20:07 -07001717 close(fd);
Hiroaki Miyazawa14eab552015-02-04 13:29:15 +09001718
Ken Sumrall29d8da82011-05-18 17:20:07 -07001719 if (nr_sec == 0) {
Jeff Sharkey9c484982015-03-31 10:35:33 -07001720 SLOGE("Failed to get size of %s: %s", real_blkdev, strerror(errno));
Ken Sumrall29d8da82011-05-18 17:20:07 -07001721 return -1;
1722 }
1723
Jeff Sharkey9c484982015-03-31 10:35:33 -07001724 struct crypt_mnt_ftr ext_crypt_ftr;
1725 memset(&ext_crypt_ftr, 0, sizeof(ext_crypt_ftr));
1726 ext_crypt_ftr.fs_size = nr_sec;
1727 ext_crypt_ftr.keysize = keysize;
1728 strcpy((char*) ext_crypt_ftr.crypto_type_name, "aes-cbc-essiv:sha256");
Ken Sumrall29d8da82011-05-18 17:20:07 -07001729
Jeff Sharkey9c484982015-03-31 10:35:33 -07001730 return create_crypto_blk_dev(&ext_crypt_ftr, key, real_blkdev,
1731 out_crypto_blkdev, label);
1732}
Ken Sumrall29d8da82011-05-18 17:20:07 -07001733
Jeff Sharkey9c484982015-03-31 10:35:33 -07001734/*
1735 * Called by vold when it's asked to unmount an encrypted external
1736 * storage volume.
1737 */
1738int cryptfs_revert_ext_volume(const char* label) {
1739 return delete_crypto_blk_dev((char*) label);
Ken Sumrall29d8da82011-05-18 17:20:07 -07001740}
1741
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08001742int cryptfs_crypto_complete(void)
1743{
1744 return do_crypto_complete("/data");
1745}
1746
Paul Lawrencef4faa572014-01-29 13:31:03 -08001747int check_unmounted_and_get_ftr(struct crypt_mnt_ftr* crypt_ftr)
1748{
1749 char encrypted_state[PROPERTY_VALUE_MAX];
1750 property_get("ro.crypto.state", encrypted_state, "");
1751 if ( master_key_saved || strcmp(encrypted_state, "encrypted") ) {
1752 SLOGE("encrypted fs already validated or not running with encryption,"
1753 " aborting");
1754 return -1;
1755 }
1756
1757 if (get_crypt_ftr_and_key(crypt_ftr)) {
1758 SLOGE("Error getting crypt footer and key");
1759 return -1;
1760 }
1761
1762 return 0;
1763}
1764
Wei Wang4375f1b2017-02-24 17:43:01 -08001765int cryptfs_check_passwd(const char *passwd)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001766{
Paul Lawrence05335c32015-03-05 09:46:23 -08001767 SLOGI("cryptfs_check_passwd");
Paul Crowley38132a12016-02-09 09:50:32 +00001768 if (e4crypt_is_native()) {
Paul Lawrence7b6b5652016-02-02 11:14:59 -08001769 SLOGE("cryptfs_check_passwd not valid for file encryption");
1770 return -1;
Paul Lawrence05335c32015-03-05 09:46:23 -08001771 }
1772
Paul Lawrencef4faa572014-01-29 13:31:03 -08001773 struct crypt_mnt_ftr crypt_ftr;
1774 int rc;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001775
Paul Lawrencef4faa572014-01-29 13:31:03 -08001776 rc = check_unmounted_and_get_ftr(&crypt_ftr);
Paul Lawrence3d99eba2015-11-20 07:07:19 -08001777 if (rc) {
1778 SLOGE("Could not get footer");
Paul Lawrencef4faa572014-01-29 13:31:03 -08001779 return rc;
Paul Lawrence3d99eba2015-11-20 07:07:19 -08001780 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001781
Paul Lawrence3bd36d52015-06-09 13:37:44 -07001782 rc = test_mount_encrypted_fs(&crypt_ftr, passwd,
Paul Lawrence3d99eba2015-11-20 07:07:19 -08001783 DATA_MNT_POINT, CRYPTO_BLOCK_DEVICE);
1784 if (rc) {
1785 SLOGE("Password did not match");
1786 return rc;
1787 }
Paul Lawrence684dbdf2014-02-07 12:07:22 -08001788
Paul Lawrence3d99eba2015-11-20 07:07:19 -08001789 if (crypt_ftr.flags & CRYPT_FORCE_COMPLETE) {
1790 // Here we have a default actual password but a real password
1791 // we must test against the scrypted value
1792 // First, we must delete the crypto block device that
1793 // test_mount_encrypted_fs leaves behind as a side effect
1794 delete_crypto_blk_dev(CRYPTO_BLOCK_DEVICE);
1795 rc = test_mount_encrypted_fs(&crypt_ftr, DEFAULT_PASSWORD,
1796 DATA_MNT_POINT, CRYPTO_BLOCK_DEVICE);
1797 if (rc) {
1798 SLOGE("Default password did not match on reboot encryption");
1799 return rc;
1800 }
1801
1802 crypt_ftr.flags &= ~CRYPT_FORCE_COMPLETE;
1803 put_crypt_ftr_and_key(&crypt_ftr);
1804 rc = cryptfs_changepw(crypt_ftr.crypt_type, passwd);
1805 if (rc) {
1806 SLOGE("Could not change password on reboot encryption");
1807 return rc;
1808 }
1809 }
1810
1811 if (crypt_ftr.crypt_type != CRYPT_TYPE_DEFAULT) {
Paul Lawrence399317e2014-03-10 13:20:50 -07001812 cryptfs_clear_password();
1813 password = strdup(passwd);
1814 struct timespec now;
1815 clock_gettime(CLOCK_BOOTTIME, &now);
1816 password_expiry_time = now.tv_sec + password_max_age_seconds;
Paul Lawrence684dbdf2014-02-07 12:07:22 -08001817 }
1818
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001819 return rc;
1820}
1821
Ken Sumrall3ad90722011-10-04 20:38:29 -07001822int cryptfs_verify_passwd(char *passwd)
1823{
1824 struct crypt_mnt_ftr crypt_ftr;
1825 /* Allocate enough space for a 256 bit key, but we may use less */
Ken Sumrall160b4d62013-04-22 12:15:39 -07001826 unsigned char decrypted_master_key[32];
Ken Sumrall3ad90722011-10-04 20:38:29 -07001827 char encrypted_state[PROPERTY_VALUE_MAX];
1828 int rc;
1829
1830 property_get("ro.crypto.state", encrypted_state, "");
1831 if (strcmp(encrypted_state, "encrypted") ) {
1832 SLOGE("device not encrypted, aborting");
1833 return -2;
1834 }
1835
1836 if (!master_key_saved) {
1837 SLOGE("encrypted fs not yet mounted, aborting");
1838 return -1;
1839 }
1840
1841 if (!saved_mount_point) {
1842 SLOGE("encrypted fs failed to save mount point, aborting");
1843 return -1;
1844 }
1845
Ken Sumrall160b4d62013-04-22 12:15:39 -07001846 if (get_crypt_ftr_and_key(&crypt_ftr)) {
Ken Sumrall3ad90722011-10-04 20:38:29 -07001847 SLOGE("Error getting crypt footer and key\n");
1848 return -1;
1849 }
1850
1851 if (crypt_ftr.flags & CRYPT_MNT_KEY_UNENCRYPTED) {
1852 /* If the device has no password, then just say the password is valid */
1853 rc = 0;
1854 } else {
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001855 decrypt_master_key(passwd, decrypted_master_key, &crypt_ftr, 0, 0);
Ken Sumrall3ad90722011-10-04 20:38:29 -07001856 if (!memcmp(decrypted_master_key, saved_master_key, crypt_ftr.keysize)) {
1857 /* They match, the password is correct */
1858 rc = 0;
1859 } else {
1860 /* If incorrect, sleep for a bit to prevent dictionary attacks */
1861 sleep(1);
1862 rc = 1;
1863 }
1864 }
1865
1866 return rc;
1867}
1868
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001869/* Initialize a crypt_mnt_ftr structure. The keysize is
1870 * defaulted to 16 bytes, and the filesystem size to 0.
1871 * Presumably, at a minimum, the caller will update the
1872 * filesystem size and crypto_type_name after calling this function.
1873 */
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001874static int cryptfs_init_crypt_mnt_ftr(struct crypt_mnt_ftr *ftr)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001875{
Ken Sumrall160b4d62013-04-22 12:15:39 -07001876 off64_t off;
1877
1878 memset(ftr, 0, sizeof(struct crypt_mnt_ftr));
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001879 ftr->magic = CRYPT_MNT_MAGIC;
Kenny Rootc96a5f82013-06-14 12:08:28 -07001880 ftr->major_version = CURRENT_MAJOR_VERSION;
1881 ftr->minor_version = CURRENT_MINOR_VERSION;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001882 ftr->ftr_size = sizeof(struct crypt_mnt_ftr);
Jason parks70a4b3f2011-01-28 10:10:47 -06001883 ftr->keysize = KEY_LEN_BYTES;
Ken Sumrall160b4d62013-04-22 12:15:39 -07001884
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001885 switch (keymaster_check_compatibility()) {
1886 case 1:
1887 ftr->kdf_type = KDF_SCRYPT_KEYMASTER;
1888 break;
1889
1890 case 0:
1891 ftr->kdf_type = KDF_SCRYPT;
1892 break;
1893
1894 default:
1895 SLOGE("keymaster_check_compatibility failed");
1896 return -1;
1897 }
1898
Kenny Rootc4c70f12013-06-14 12:11:38 -07001899 get_device_scrypt_params(ftr);
1900
Ken Sumrall160b4d62013-04-22 12:15:39 -07001901 ftr->persist_data_size = CRYPT_PERSIST_DATA_SIZE;
1902 if (get_crypt_ftr_info(NULL, &off) == 0) {
1903 ftr->persist_data_offset[0] = off + CRYPT_FOOTER_TO_PERSIST_OFFSET;
1904 ftr->persist_data_offset[1] = off + CRYPT_FOOTER_TO_PERSIST_OFFSET +
1905 ftr->persist_data_size;
1906 }
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001907
1908 return 0;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001909}
1910
Ken Sumrall29d8da82011-05-18 17:20:07 -07001911static int cryptfs_enable_wipe(char *crypto_blkdev, off64_t size, int type)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001912{
Ken Sumralle550f782013-08-20 13:48:23 -07001913 const char *args[10];
1914 char size_str[32]; /* Must be large enough to hold a %lld and null byte */
1915 int num_args;
1916 int status;
1917 int tmp;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001918 int rc = -1;
1919
Ken Sumrall29d8da82011-05-18 17:20:07 -07001920 if (type == EXT4_FS) {
Adrien Schildknechte0f409c2016-11-21 15:14:37 -08001921#ifdef TARGET_USES_MKE2FS
1922 args[0] = "/system/bin/mke2fs";
1923 args[1] = "-M";
1924 args[2] = "/data";
1925 args[3] = "-b";
1926 args[4] = "4096";
1927 args[5] = "-t";
1928 args[6] = "ext4";
1929 args[7] = crypto_blkdev;
1930 snprintf(size_str, sizeof(size_str), "%" PRId64, size / (4096 / 512));
1931 args[8] = size_str;
1932 num_args = 9;
1933#else
Ken Sumralle550f782013-08-20 13:48:23 -07001934 args[0] = "/system/bin/make_ext4fs";
1935 args[1] = "-a";
1936 args[2] = "/data";
1937 args[3] = "-l";
Elliott Hughes73737162014-06-25 17:27:42 -07001938 snprintf(size_str, sizeof(size_str), "%" PRId64, size * 512);
Ken Sumralle550f782013-08-20 13:48:23 -07001939 args[4] = size_str;
1940 args[5] = crypto_blkdev;
1941 num_args = 6;
Adrien Schildknechte0f409c2016-11-21 15:14:37 -08001942#endif
Ken Sumralle550f782013-08-20 13:48:23 -07001943 SLOGI("Making empty filesystem with command %s %s %s %s %s %s\n",
1944 args[0], args[1], args[2], args[3], args[4], args[5]);
JP Abgrall62c7af32014-06-16 13:01:23 -07001945 } else if (type == F2FS_FS) {
1946 args[0] = "/system/bin/mkfs.f2fs";
1947 args[1] = "-t";
1948 args[2] = "-d1";
1949 args[3] = crypto_blkdev;
Elliott Hughes73737162014-06-25 17:27:42 -07001950 snprintf(size_str, sizeof(size_str), "%" PRId64, size);
JP Abgrall62c7af32014-06-16 13:01:23 -07001951 args[4] = size_str;
1952 num_args = 5;
1953 SLOGI("Making empty filesystem with command %s %s %s %s %s\n",
1954 args[0], args[1], args[2], args[3], args[4]);
Ken Sumrall29d8da82011-05-18 17:20:07 -07001955 } else {
1956 SLOGE("cryptfs_enable_wipe(): unknown filesystem type %d\n", type);
1957 return -1;
1958 }
1959
Ken Sumralle550f782013-08-20 13:48:23 -07001960 tmp = android_fork_execvp(num_args, (char **)args, &status, false, true);
1961
1962 if (tmp != 0) {
1963 SLOGE("Error creating empty filesystem on %s due to logwrap error\n", crypto_blkdev);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001964 } else {
Ken Sumralle550f782013-08-20 13:48:23 -07001965 if (WIFEXITED(status)) {
1966 if (WEXITSTATUS(status)) {
1967 SLOGE("Error creating filesystem on %s, exit status %d ",
1968 crypto_blkdev, WEXITSTATUS(status));
1969 } else {
1970 SLOGD("Successfully created filesystem on %s\n", crypto_blkdev);
1971 rc = 0;
1972 }
1973 } else {
1974 SLOGE("Error creating filesystem on %s, did not exit normally\n", crypto_blkdev);
1975 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001976 }
1977
1978 return rc;
1979}
1980
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001981#define CRYPT_INPLACE_BUFSIZE 4096
Paul Lawrence87999172014-02-20 12:21:31 -08001982#define CRYPT_SECTORS_PER_BUFSIZE (CRYPT_INPLACE_BUFSIZE / CRYPT_SECTOR_SIZE)
1983#define CRYPT_SECTOR_SIZE 512
Paul Lawrenceae59fe62014-01-21 08:23:27 -08001984
1985/* aligned 32K writes tends to make flash happy.
1986 * SD card association recommends it.
1987 */
1988#define BLOCKS_AT_A_TIME 8
1989
1990struct encryptGroupsData
1991{
1992 int realfd;
1993 int cryptofd;
1994 off64_t numblocks;
1995 off64_t one_pct, cur_pct, new_pct;
1996 off64_t blocks_already_done, tot_numblocks;
Paul Lawrence58c58cf2014-06-04 13:12:21 -07001997 off64_t used_blocks_already_done, tot_used_blocks;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08001998 char* real_blkdev, * crypto_blkdev;
1999 int count;
2000 off64_t offset;
2001 char* buffer;
Paul Lawrence87999172014-02-20 12:21:31 -08002002 off64_t last_written_sector;
2003 int completed;
Paul Lawrencea96d9c92014-06-04 14:05:01 -07002004 time_t time_started;
2005 int remaining_time;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002006};
2007
Paul Lawrence58c58cf2014-06-04 13:12:21 -07002008static void update_progress(struct encryptGroupsData* data, int is_used)
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002009{
2010 data->blocks_already_done++;
Paul Lawrence58c58cf2014-06-04 13:12:21 -07002011
2012 if (is_used) {
2013 data->used_blocks_already_done++;
2014 }
Paul Lawrence58c58cf2014-06-04 13:12:21 -07002015 if (data->tot_used_blocks) {
2016 data->new_pct = data->used_blocks_already_done / data->one_pct;
2017 } else {
2018 data->new_pct = data->blocks_already_done / data->one_pct;
2019 }
2020
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002021 if (data->new_pct > data->cur_pct) {
2022 char buf[8];
2023 data->cur_pct = data->new_pct;
Elliott Hughescb33f572014-06-25 18:25:11 -07002024 snprintf(buf, sizeof(buf), "%" PRId64, data->cur_pct);
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002025 property_set("vold.encrypt_progress", buf);
2026 }
Paul Lawrencea96d9c92014-06-04 14:05:01 -07002027
2028 if (data->cur_pct >= 5) {
Paul Lawrence9c58a872014-09-30 09:12:51 -07002029 struct timespec time_now;
2030 if (clock_gettime(CLOCK_MONOTONIC, &time_now)) {
2031 SLOGW("Error getting time");
2032 } else {
2033 double elapsed_time = difftime(time_now.tv_sec, data->time_started);
2034 off64_t remaining_blocks = data->tot_used_blocks
2035 - data->used_blocks_already_done;
2036 int remaining_time = (int)(elapsed_time * remaining_blocks
2037 / data->used_blocks_already_done);
Paul Lawrence71577502014-08-13 14:55:55 -07002038
Paul Lawrence9c58a872014-09-30 09:12:51 -07002039 // Change time only if not yet set, lower, or a lot higher for
2040 // best user experience
2041 if (data->remaining_time == -1
2042 || remaining_time < data->remaining_time
2043 || remaining_time > data->remaining_time + 60) {
2044 char buf[8];
2045 snprintf(buf, sizeof(buf), "%d", remaining_time);
2046 property_set("vold.encrypt_time_remaining", buf);
2047 data->remaining_time = remaining_time;
2048 }
Paul Lawrencea96d9c92014-06-04 14:05:01 -07002049 }
2050 }
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002051}
2052
Paul Lawrence3846be12014-09-22 11:33:54 -07002053static void log_progress(struct encryptGroupsData const* data, bool completed)
2054{
2055 // Precondition - if completed data = 0 else data != 0
2056
2057 // Track progress so we can skip logging blocks
2058 static off64_t offset = -1;
2059
2060 // Need to close existing 'Encrypting from' log?
2061 if (completed || (offset != -1 && data->offset != offset)) {
2062 SLOGI("Encrypted to sector %" PRId64,
2063 offset / info.block_size * CRYPT_SECTOR_SIZE);
2064 offset = -1;
2065 }
2066
2067 // Need to start new 'Encrypting from' log?
2068 if (!completed && offset != data->offset) {
2069 SLOGI("Encrypting from sector %" PRId64,
2070 data->offset / info.block_size * CRYPT_SECTOR_SIZE);
2071 }
2072
2073 // Update offset
2074 if (!completed) {
2075 offset = data->offset + (off64_t)data->count * info.block_size;
2076 }
2077}
2078
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002079static int flush_outstanding_data(struct encryptGroupsData* data)
2080{
2081 if (data->count == 0) {
2082 return 0;
2083 }
2084
Elliott Hughes231bdba2014-06-25 18:36:19 -07002085 SLOGV("Copying %d blocks at offset %" PRIx64, data->count, data->offset);
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002086
2087 if (pread64(data->realfd, data->buffer,
2088 info.block_size * data->count, data->offset)
2089 <= 0) {
2090 SLOGE("Error reading real_blkdev %s for inplace encrypt",
2091 data->real_blkdev);
2092 return -1;
2093 }
2094
2095 if (pwrite64(data->cryptofd, data->buffer,
2096 info.block_size * data->count, data->offset)
2097 <= 0) {
2098 SLOGE("Error writing crypto_blkdev %s for inplace encrypt",
2099 data->crypto_blkdev);
2100 return -1;
Paul Lawrence87999172014-02-20 12:21:31 -08002101 } else {
Paul Lawrence3846be12014-09-22 11:33:54 -07002102 log_progress(data, false);
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002103 }
2104
2105 data->count = 0;
Paul Lawrence87999172014-02-20 12:21:31 -08002106 data->last_written_sector = (data->offset + data->count)
2107 / info.block_size * CRYPT_SECTOR_SIZE - 1;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002108 return 0;
2109}
2110
2111static int encrypt_groups(struct encryptGroupsData* data)
2112{
2113 unsigned int i;
2114 u8 *block_bitmap = 0;
2115 unsigned int block;
2116 off64_t ret;
2117 int rc = -1;
2118
Wei Wang4375f1b2017-02-24 17:43:01 -08002119 data->buffer = (char *)malloc(info.block_size * BLOCKS_AT_A_TIME);
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002120 if (!data->buffer) {
2121 SLOGE("Failed to allocate crypto buffer");
2122 goto errout;
2123 }
2124
Wei Wang4375f1b2017-02-24 17:43:01 -08002125 block_bitmap = (u8 *)malloc(info.block_size);
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002126 if (!block_bitmap) {
2127 SLOGE("failed to allocate block bitmap");
2128 goto errout;
2129 }
2130
2131 for (i = 0; i < aux_info.groups; ++i) {
2132 SLOGI("Encrypting group %d", i);
2133
2134 u32 first_block = aux_info.first_data_block + i * info.blocks_per_group;
Wei Wang4375f1b2017-02-24 17:43:01 -08002135 u32 block_count = std::min(info.blocks_per_group,
2136 (u32)(aux_info.len_blocks - first_block));
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002137
2138 off64_t offset = (u64)info.block_size
2139 * aux_info.bg_desc[i].bg_block_bitmap;
2140
2141 ret = pread64(data->realfd, block_bitmap, info.block_size, offset);
2142 if (ret != (int)info.block_size) {
2143 SLOGE("failed to read all of block group bitmap %d", i);
2144 goto errout;
2145 }
2146
2147 offset = (u64)info.block_size * first_block;
2148
2149 data->count = 0;
2150
2151 for (block = 0; block < block_count; block++) {
liminghaoaa08e582016-01-06 10:30:49 +08002152 int used = (aux_info.bg_desc[i].bg_flags & EXT4_BG_BLOCK_UNINIT) ?
2153 0 : bitmap_get_bit(block_bitmap, block);
Paul Lawrence58c58cf2014-06-04 13:12:21 -07002154 update_progress(data, used);
2155 if (used) {
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002156 if (data->count == 0) {
2157 data->offset = offset;
2158 }
2159 data->count++;
2160 } else {
2161 if (flush_outstanding_data(data)) {
2162 goto errout;
2163 }
2164 }
2165
2166 offset += info.block_size;
2167
2168 /* Write data if we are aligned or buffer size reached */
2169 if (offset % (info.block_size * BLOCKS_AT_A_TIME) == 0
2170 || data->count == BLOCKS_AT_A_TIME) {
2171 if (flush_outstanding_data(data)) {
2172 goto errout;
2173 }
2174 }
Paul Lawrence87999172014-02-20 12:21:31 -08002175
Paul Lawrence73d7a022014-06-09 14:10:09 -07002176 if (!is_battery_ok_to_continue()) {
Paul Lawrence87999172014-02-20 12:21:31 -08002177 SLOGE("Stopping encryption due to low battery");
2178 rc = 0;
2179 goto errout;
2180 }
2181
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002182 }
2183 if (flush_outstanding_data(data)) {
2184 goto errout;
2185 }
2186 }
2187
Paul Lawrence87999172014-02-20 12:21:31 -08002188 data->completed = 1;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002189 rc = 0;
2190
2191errout:
Paul Lawrence3846be12014-09-22 11:33:54 -07002192 log_progress(0, true);
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002193 free(data->buffer);
2194 free(block_bitmap);
2195 return rc;
2196}
2197
2198static int cryptfs_enable_inplace_ext4(char *crypto_blkdev,
2199 char *real_blkdev,
2200 off64_t size,
2201 off64_t *size_already_done,
Paul Lawrence87999172014-02-20 12:21:31 -08002202 off64_t tot_size,
2203 off64_t previously_encrypted_upto)
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002204{
Paul Lawrence58c58cf2014-06-04 13:12:21 -07002205 u32 i;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002206 struct encryptGroupsData data;
Paul Lawrence74f29f12014-08-28 15:54:10 -07002207 int rc; // Can't initialize without causing warning -Wclobbered
Wei Wang4375f1b2017-02-24 17:43:01 -08002208 struct timespec time_started = {0};
2209 int retries = RETRY_MOUNT_ATTEMPTS;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002210
Paul Lawrence87999172014-02-20 12:21:31 -08002211 if (previously_encrypted_upto > *size_already_done) {
2212 SLOGD("Not fast encrypting since resuming part way through");
2213 return -1;
2214 }
2215
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002216 memset(&data, 0, sizeof(data));
2217 data.real_blkdev = real_blkdev;
2218 data.crypto_blkdev = crypto_blkdev;
2219
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07002220 if ( (data.realfd = open(real_blkdev, O_RDWR|O_CLOEXEC)) < 0) {
JP Abgrall3334c6a2014-10-10 15:52:11 -07002221 SLOGE("Error opening real_blkdev %s for inplace encrypt. err=%d(%s)\n",
2222 real_blkdev, errno, strerror(errno));
Paul Lawrence74f29f12014-08-28 15:54:10 -07002223 rc = -1;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002224 goto errout;
2225 }
2226
David Ng82fd8042015-01-21 13:55:21 -08002227 // Wait until the block device appears. Re-use the mount retry values since it is reasonable.
David Ng82fd8042015-01-21 13:55:21 -08002228 while ((data.cryptofd = open(crypto_blkdev, O_WRONLY|O_CLOEXEC)) < 0) {
2229 if (--retries) {
2230 SLOGE("Error opening crypto_blkdev %s for ext4 inplace encrypt. err=%d(%s), retrying\n",
2231 crypto_blkdev, errno, strerror(errno));
2232 sleep(RETRY_MOUNT_DELAY_SECONDS);
2233 } else {
2234 SLOGE("Error opening crypto_blkdev %s for ext4 inplace encrypt. err=%d(%s)\n",
2235 crypto_blkdev, errno, strerror(errno));
2236 rc = ENABLE_INPLACE_ERR_DEV;
2237 goto errout;
2238 }
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002239 }
2240
2241 if (setjmp(setjmp_env)) {
JP Abgrall7fc1de82014-10-10 18:43:41 -07002242 SLOGE("Reading ext4 extent caused an exception\n");
Paul Lawrence74f29f12014-08-28 15:54:10 -07002243 rc = -1;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002244 goto errout;
2245 }
2246
2247 if (read_ext(data.realfd, 0) != 0) {
JP Abgrall7fc1de82014-10-10 18:43:41 -07002248 SLOGE("Failed to read ext4 extent\n");
Paul Lawrence74f29f12014-08-28 15:54:10 -07002249 rc = -1;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002250 goto errout;
2251 }
2252
2253 data.numblocks = size / CRYPT_SECTORS_PER_BUFSIZE;
2254 data.tot_numblocks = tot_size / CRYPT_SECTORS_PER_BUFSIZE;
2255 data.blocks_already_done = *size_already_done / CRYPT_SECTORS_PER_BUFSIZE;
2256
JP Abgrall7fc1de82014-10-10 18:43:41 -07002257 SLOGI("Encrypting ext4 filesystem in place...");
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002258
Paul Lawrence58c58cf2014-06-04 13:12:21 -07002259 data.tot_used_blocks = data.numblocks;
2260 for (i = 0; i < aux_info.groups; ++i) {
2261 data.tot_used_blocks -= aux_info.bg_desc[i].bg_free_blocks_count;
2262 }
2263
2264 data.one_pct = data.tot_used_blocks / 100;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002265 data.cur_pct = 0;
Paul Lawrence9c58a872014-09-30 09:12:51 -07002266
Paul Lawrence9c58a872014-09-30 09:12:51 -07002267 if (clock_gettime(CLOCK_MONOTONIC, &time_started)) {
2268 SLOGW("Error getting time at start");
2269 // Note - continue anyway - we'll run with 0
2270 }
2271 data.time_started = time_started.tv_sec;
Paul Lawrencea96d9c92014-06-04 14:05:01 -07002272 data.remaining_time = -1;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002273
2274 rc = encrypt_groups(&data);
2275 if (rc) {
2276 SLOGE("Error encrypting groups");
2277 goto errout;
2278 }
2279
Paul Lawrence87999172014-02-20 12:21:31 -08002280 *size_already_done += data.completed ? size : data.last_written_sector;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002281 rc = 0;
2282
2283errout:
2284 close(data.realfd);
2285 close(data.cryptofd);
2286
2287 return rc;
2288}
2289
Paul Lawrence3846be12014-09-22 11:33:54 -07002290static void log_progress_f2fs(u64 block, bool completed)
2291{
2292 // Precondition - if completed data = 0 else data != 0
2293
2294 // Track progress so we can skip logging blocks
2295 static u64 last_block = (u64)-1;
2296
2297 // Need to close existing 'Encrypting from' log?
2298 if (completed || (last_block != (u64)-1 && block != last_block + 1)) {
2299 SLOGI("Encrypted to block %" PRId64, last_block);
2300 last_block = -1;
2301 }
2302
2303 // Need to start new 'Encrypting from' log?
2304 if (!completed && (last_block == (u64)-1 || block != last_block + 1)) {
2305 SLOGI("Encrypting from block %" PRId64, block);
2306 }
2307
2308 // Update offset
2309 if (!completed) {
2310 last_block = block;
2311 }
2312}
2313
Daniel Rosenberge82df162014-08-15 22:19:23 +00002314static int encrypt_one_block_f2fs(u64 pos, void *data)
2315{
2316 struct encryptGroupsData *priv_dat = (struct encryptGroupsData *)data;
2317
2318 priv_dat->blocks_already_done = pos - 1;
2319 update_progress(priv_dat, 1);
2320
2321 off64_t offset = pos * CRYPT_INPLACE_BUFSIZE;
2322
2323 if (pread64(priv_dat->realfd, priv_dat->buffer, CRYPT_INPLACE_BUFSIZE, offset) <= 0) {
JP Abgrall7fc1de82014-10-10 18:43:41 -07002324 SLOGE("Error reading real_blkdev %s for f2fs inplace encrypt", priv_dat->crypto_blkdev);
Daniel Rosenberge82df162014-08-15 22:19:23 +00002325 return -1;
2326 }
2327
2328 if (pwrite64(priv_dat->cryptofd, priv_dat->buffer, CRYPT_INPLACE_BUFSIZE, offset) <= 0) {
JP Abgrall7fc1de82014-10-10 18:43:41 -07002329 SLOGE("Error writing crypto_blkdev %s for f2fs inplace encrypt", priv_dat->crypto_blkdev);
Daniel Rosenberge82df162014-08-15 22:19:23 +00002330 return -1;
2331 } else {
Paul Lawrence3846be12014-09-22 11:33:54 -07002332 log_progress_f2fs(pos, false);
Daniel Rosenberge82df162014-08-15 22:19:23 +00002333 }
2334
2335 return 0;
2336}
2337
2338static int cryptfs_enable_inplace_f2fs(char *crypto_blkdev,
2339 char *real_blkdev,
2340 off64_t size,
2341 off64_t *size_already_done,
2342 off64_t tot_size,
2343 off64_t previously_encrypted_upto)
2344{
Daniel Rosenberge82df162014-08-15 22:19:23 +00002345 struct encryptGroupsData data;
2346 struct f2fs_info *f2fs_info = NULL;
JP Abgrall7fc1de82014-10-10 18:43:41 -07002347 int rc = ENABLE_INPLACE_ERR_OTHER;
Daniel Rosenberge82df162014-08-15 22:19:23 +00002348 if (previously_encrypted_upto > *size_already_done) {
2349 SLOGD("Not fast encrypting since resuming part way through");
JP Abgrall7fc1de82014-10-10 18:43:41 -07002350 return ENABLE_INPLACE_ERR_OTHER;
Daniel Rosenberge82df162014-08-15 22:19:23 +00002351 }
2352 memset(&data, 0, sizeof(data));
2353 data.real_blkdev = real_blkdev;
2354 data.crypto_blkdev = crypto_blkdev;
2355 data.realfd = -1;
2356 data.cryptofd = -1;
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07002357 if ( (data.realfd = open64(real_blkdev, O_RDWR|O_CLOEXEC)) < 0) {
JP Abgrall7fc1de82014-10-10 18:43:41 -07002358 SLOGE("Error opening real_blkdev %s for f2fs inplace encrypt\n",
Daniel Rosenberge82df162014-08-15 22:19:23 +00002359 real_blkdev);
2360 goto errout;
2361 }
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07002362 if ( (data.cryptofd = open64(crypto_blkdev, O_WRONLY|O_CLOEXEC)) < 0) {
JP Abgrall7fc1de82014-10-10 18:43:41 -07002363 SLOGE("Error opening crypto_blkdev %s for f2fs inplace encrypt. err=%d(%s)\n",
JP Abgrall3334c6a2014-10-10 15:52:11 -07002364 crypto_blkdev, errno, strerror(errno));
JP Abgrall7fc1de82014-10-10 18:43:41 -07002365 rc = ENABLE_INPLACE_ERR_DEV;
Daniel Rosenberge82df162014-08-15 22:19:23 +00002366 goto errout;
2367 }
2368
2369 f2fs_info = generate_f2fs_info(data.realfd);
2370 if (!f2fs_info)
2371 goto errout;
2372
2373 data.numblocks = size / CRYPT_SECTORS_PER_BUFSIZE;
2374 data.tot_numblocks = tot_size / CRYPT_SECTORS_PER_BUFSIZE;
2375 data.blocks_already_done = *size_already_done / CRYPT_SECTORS_PER_BUFSIZE;
2376
2377 data.tot_used_blocks = get_num_blocks_used(f2fs_info);
2378
2379 data.one_pct = data.tot_used_blocks / 100;
2380 data.cur_pct = 0;
2381 data.time_started = time(NULL);
2382 data.remaining_time = -1;
2383
Wei Wang4375f1b2017-02-24 17:43:01 -08002384 data.buffer = (char *)malloc(f2fs_info->block_size);
Daniel Rosenberge82df162014-08-15 22:19:23 +00002385 if (!data.buffer) {
2386 SLOGE("Failed to allocate crypto buffer");
2387 goto errout;
2388 }
2389
2390 data.count = 0;
2391
2392 /* Currently, this either runs to completion, or hits a nonrecoverable error */
2393 rc = run_on_used_blocks(data.blocks_already_done, f2fs_info, &encrypt_one_block_f2fs, &data);
2394
2395 if (rc) {
JP Abgrall7fc1de82014-10-10 18:43:41 -07002396 SLOGE("Error in running over f2fs blocks");
2397 rc = ENABLE_INPLACE_ERR_OTHER;
Daniel Rosenberge82df162014-08-15 22:19:23 +00002398 goto errout;
2399 }
2400
2401 *size_already_done += size;
2402 rc = 0;
2403
2404errout:
2405 if (rc)
2406 SLOGE("Failed to encrypt f2fs filesystem on %s", real_blkdev);
2407
Paul Lawrence3846be12014-09-22 11:33:54 -07002408 log_progress_f2fs(0, true);
Daniel Rosenberge82df162014-08-15 22:19:23 +00002409 free(f2fs_info);
2410 free(data.buffer);
2411 close(data.realfd);
2412 close(data.cryptofd);
2413
2414 return rc;
2415}
2416
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002417static int cryptfs_enable_inplace_full(char *crypto_blkdev, char *real_blkdev,
2418 off64_t size, off64_t *size_already_done,
Paul Lawrence87999172014-02-20 12:21:31 -08002419 off64_t tot_size,
2420 off64_t previously_encrypted_upto)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002421{
2422 int realfd, cryptofd;
2423 char *buf[CRYPT_INPLACE_BUFSIZE];
JP Abgrall7fc1de82014-10-10 18:43:41 -07002424 int rc = ENABLE_INPLACE_ERR_OTHER;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002425 off64_t numblocks, i, remainder;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002426 off64_t one_pct, cur_pct, new_pct;
Ken Sumrall29d8da82011-05-18 17:20:07 -07002427 off64_t blocks_already_done, tot_numblocks;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002428
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07002429 if ( (realfd = open(real_blkdev, O_RDONLY|O_CLOEXEC)) < 0) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002430 SLOGE("Error opening real_blkdev %s for inplace encrypt\n", real_blkdev);
JP Abgrall7fc1de82014-10-10 18:43:41 -07002431 return ENABLE_INPLACE_ERR_OTHER;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002432 }
2433
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07002434 if ( (cryptofd = open(crypto_blkdev, O_WRONLY|O_CLOEXEC)) < 0) {
JP Abgrall3334c6a2014-10-10 15:52:11 -07002435 SLOGE("Error opening crypto_blkdev %s for inplace encrypt. err=%d(%s)\n",
2436 crypto_blkdev, errno, strerror(errno));
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002437 close(realfd);
JP Abgrall7fc1de82014-10-10 18:43:41 -07002438 return ENABLE_INPLACE_ERR_DEV;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002439 }
2440
2441 /* This is pretty much a simple loop of reading 4K, and writing 4K.
2442 * The size passed in is the number of 512 byte sectors in the filesystem.
2443 * So compute the number of whole 4K blocks we should read/write,
2444 * and the remainder.
2445 */
2446 numblocks = size / CRYPT_SECTORS_PER_BUFSIZE;
2447 remainder = size % CRYPT_SECTORS_PER_BUFSIZE;
Ken Sumrall29d8da82011-05-18 17:20:07 -07002448 tot_numblocks = tot_size / CRYPT_SECTORS_PER_BUFSIZE;
2449 blocks_already_done = *size_already_done / CRYPT_SECTORS_PER_BUFSIZE;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002450
2451 SLOGE("Encrypting filesystem in place...");
2452
Paul Lawrence87999172014-02-20 12:21:31 -08002453 i = previously_encrypted_upto + 1 - *size_already_done;
2454
2455 if (lseek64(realfd, i * CRYPT_SECTOR_SIZE, SEEK_SET) < 0) {
2456 SLOGE("Cannot seek to previously encrypted point on %s", real_blkdev);
2457 goto errout;
2458 }
2459
2460 if (lseek64(cryptofd, i * CRYPT_SECTOR_SIZE, SEEK_SET) < 0) {
2461 SLOGE("Cannot seek to previously encrypted point on %s", crypto_blkdev);
2462 goto errout;
2463 }
2464
2465 for (;i < size && i % CRYPT_SECTORS_PER_BUFSIZE != 0; ++i) {
2466 if (unix_read(realfd, buf, CRYPT_SECTOR_SIZE) <= 0) {
2467 SLOGE("Error reading initial sectors from real_blkdev %s for "
2468 "inplace encrypt\n", crypto_blkdev);
2469 goto errout;
2470 }
2471 if (unix_write(cryptofd, buf, CRYPT_SECTOR_SIZE) <= 0) {
2472 SLOGE("Error writing initial sectors to crypto_blkdev %s for "
2473 "inplace encrypt\n", crypto_blkdev);
2474 goto errout;
2475 } else {
Elliott Hughescb33f572014-06-25 18:25:11 -07002476 SLOGI("Encrypted 1 block at %" PRId64, i);
Paul Lawrence87999172014-02-20 12:21:31 -08002477 }
2478 }
2479
Ken Sumrall29d8da82011-05-18 17:20:07 -07002480 one_pct = tot_numblocks / 100;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002481 cur_pct = 0;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002482 /* process the majority of the filesystem in blocks */
Paul Lawrence87999172014-02-20 12:21:31 -08002483 for (i/=CRYPT_SECTORS_PER_BUFSIZE; i<numblocks; i++) {
Ken Sumrall29d8da82011-05-18 17:20:07 -07002484 new_pct = (i + blocks_already_done) / one_pct;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002485 if (new_pct > cur_pct) {
2486 char buf[8];
2487
2488 cur_pct = new_pct;
Elliott Hughes73737162014-06-25 17:27:42 -07002489 snprintf(buf, sizeof(buf), "%" PRId64, cur_pct);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002490 property_set("vold.encrypt_progress", buf);
2491 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002492 if (unix_read(realfd, buf, CRYPT_INPLACE_BUFSIZE) <= 0) {
Paul Lawrence87999172014-02-20 12:21:31 -08002493 SLOGE("Error reading real_blkdev %s for inplace encrypt", crypto_blkdev);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002494 goto errout;
2495 }
2496 if (unix_write(cryptofd, buf, CRYPT_INPLACE_BUFSIZE) <= 0) {
Paul Lawrence87999172014-02-20 12:21:31 -08002497 SLOGE("Error writing crypto_blkdev %s for inplace encrypt", crypto_blkdev);
2498 goto errout;
2499 } else {
Elliott Hughescb33f572014-06-25 18:25:11 -07002500 SLOGD("Encrypted %d block at %" PRId64,
Paul Lawrence87999172014-02-20 12:21:31 -08002501 CRYPT_SECTORS_PER_BUFSIZE,
2502 i * CRYPT_SECTORS_PER_BUFSIZE);
2503 }
2504
Paul Lawrence73d7a022014-06-09 14:10:09 -07002505 if (!is_battery_ok_to_continue()) {
Paul Lawrence87999172014-02-20 12:21:31 -08002506 SLOGE("Stopping encryption due to low battery");
2507 *size_already_done += (i + 1) * CRYPT_SECTORS_PER_BUFSIZE - 1;
2508 rc = 0;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002509 goto errout;
2510 }
2511 }
2512
2513 /* Do any remaining sectors */
2514 for (i=0; i<remainder; i++) {
Paul Lawrence87999172014-02-20 12:21:31 -08002515 if (unix_read(realfd, buf, CRYPT_SECTOR_SIZE) <= 0) {
2516 SLOGE("Error reading final sectors from real_blkdev %s for inplace encrypt", crypto_blkdev);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002517 goto errout;
2518 }
Paul Lawrence87999172014-02-20 12:21:31 -08002519 if (unix_write(cryptofd, buf, CRYPT_SECTOR_SIZE) <= 0) {
2520 SLOGE("Error writing final sectors to crypto_blkdev %s for inplace encrypt", crypto_blkdev);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002521 goto errout;
Paul Lawrence87999172014-02-20 12:21:31 -08002522 } else {
2523 SLOGI("Encrypted 1 block at next location");
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002524 }
2525 }
2526
Ken Sumrall29d8da82011-05-18 17:20:07 -07002527 *size_already_done += size;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002528 rc = 0;
2529
2530errout:
2531 close(realfd);
2532 close(cryptofd);
2533
2534 return rc;
2535}
2536
JP Abgrall7fc1de82014-10-10 18:43:41 -07002537/* returns on of the ENABLE_INPLACE_* return codes */
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002538static int cryptfs_enable_inplace(char *crypto_blkdev, char *real_blkdev,
2539 off64_t size, off64_t *size_already_done,
Paul Lawrence87999172014-02-20 12:21:31 -08002540 off64_t tot_size,
2541 off64_t previously_encrypted_upto)
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002542{
JP Abgrall7fc1de82014-10-10 18:43:41 -07002543 int rc_ext4, rc_f2fs, rc_full;
Paul Lawrence87999172014-02-20 12:21:31 -08002544 if (previously_encrypted_upto) {
Elliott Hughescb33f572014-06-25 18:25:11 -07002545 SLOGD("Continuing encryption from %" PRId64, previously_encrypted_upto);
Paul Lawrence87999172014-02-20 12:21:31 -08002546 }
2547
2548 if (*size_already_done + size < previously_encrypted_upto) {
2549 *size_already_done += size;
2550 return 0;
2551 }
2552
Daniel Rosenberge82df162014-08-15 22:19:23 +00002553 /* TODO: identify filesystem type.
2554 * As is, cryptfs_enable_inplace_ext4 will fail on an f2fs partition, and
2555 * then we will drop down to cryptfs_enable_inplace_f2fs.
2556 * */
JP Abgrall7fc1de82014-10-10 18:43:41 -07002557 if ((rc_ext4 = cryptfs_enable_inplace_ext4(crypto_blkdev, real_blkdev,
Daniel Rosenberge82df162014-08-15 22:19:23 +00002558 size, size_already_done,
JP Abgrall7fc1de82014-10-10 18:43:41 -07002559 tot_size, previously_encrypted_upto)) == 0) {
Daniel Rosenberge82df162014-08-15 22:19:23 +00002560 return 0;
2561 }
JP Abgrall7fc1de82014-10-10 18:43:41 -07002562 SLOGD("cryptfs_enable_inplace_ext4()=%d\n", rc_ext4);
Daniel Rosenberge82df162014-08-15 22:19:23 +00002563
JP Abgrall7fc1de82014-10-10 18:43:41 -07002564 if ((rc_f2fs = cryptfs_enable_inplace_f2fs(crypto_blkdev, real_blkdev,
Daniel Rosenberge82df162014-08-15 22:19:23 +00002565 size, size_already_done,
JP Abgrall7fc1de82014-10-10 18:43:41 -07002566 tot_size, previously_encrypted_upto)) == 0) {
Daniel Rosenberge82df162014-08-15 22:19:23 +00002567 return 0;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002568 }
JP Abgrall7fc1de82014-10-10 18:43:41 -07002569 SLOGD("cryptfs_enable_inplace_f2fs()=%d\n", rc_f2fs);
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002570
JP Abgrall7fc1de82014-10-10 18:43:41 -07002571 rc_full = cryptfs_enable_inplace_full(crypto_blkdev, real_blkdev,
Paul Lawrence87999172014-02-20 12:21:31 -08002572 size, size_already_done, tot_size,
2573 previously_encrypted_upto);
JP Abgrall7fc1de82014-10-10 18:43:41 -07002574 SLOGD("cryptfs_enable_inplace_full()=%d\n", rc_full);
2575
2576 /* Hack for b/17898962, the following is the symptom... */
2577 if (rc_ext4 == ENABLE_INPLACE_ERR_DEV
2578 && rc_f2fs == ENABLE_INPLACE_ERR_DEV
2579 && rc_full == ENABLE_INPLACE_ERR_DEV) {
2580 return ENABLE_INPLACE_ERR_DEV;
2581 }
2582 return rc_full;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002583}
2584
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002585#define CRYPTO_ENABLE_WIPE 1
2586#define CRYPTO_ENABLE_INPLACE 2
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002587
2588#define FRAMEWORK_BOOT_WAIT 60
2589
Paul Lawrence87999172014-02-20 12:21:31 -08002590static int cryptfs_SHA256_fileblock(const char* filename, __le8* buf)
2591{
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07002592 int fd = open(filename, O_RDONLY|O_CLOEXEC);
Paul Lawrence87999172014-02-20 12:21:31 -08002593 if (fd == -1) {
2594 SLOGE("Error opening file %s", filename);
2595 return -1;
2596 }
2597
2598 char block[CRYPT_INPLACE_BUFSIZE];
2599 memset(block, 0, sizeof(block));
2600 if (unix_read(fd, block, sizeof(block)) < 0) {
2601 SLOGE("Error reading file %s", filename);
2602 close(fd);
2603 return -1;
2604 }
2605
2606 close(fd);
2607
2608 SHA256_CTX c;
2609 SHA256_Init(&c);
2610 SHA256_Update(&c, block, sizeof(block));
2611 SHA256_Final(buf, &c);
2612
2613 return 0;
2614}
2615
JP Abgrall62c7af32014-06-16 13:01:23 -07002616static int get_fs_type(struct fstab_rec *rec)
2617{
2618 if (!strcmp(rec->fs_type, "ext4")) {
2619 return EXT4_FS;
2620 } else if (!strcmp(rec->fs_type, "f2fs")) {
2621 return F2FS_FS;
2622 } else {
2623 return -1;
2624 }
2625}
2626
Paul Lawrence87999172014-02-20 12:21:31 -08002627static int cryptfs_enable_all_volumes(struct crypt_mnt_ftr *crypt_ftr, int how,
2628 char *crypto_blkdev, char *real_blkdev,
2629 int previously_encrypted_upto)
2630{
2631 off64_t cur_encryption_done=0, tot_encryption_size=0;
Tim Murray8439dc92014-12-15 11:56:11 -08002632 int rc = -1;
Paul Lawrence87999172014-02-20 12:21:31 -08002633
Paul Lawrence73d7a022014-06-09 14:10:09 -07002634 if (!is_battery_ok_to_start()) {
2635 SLOGW("Not starting encryption due to low battery");
Paul Lawrence87999172014-02-20 12:21:31 -08002636 return 0;
2637 }
2638
2639 /* The size of the userdata partition, and add in the vold volumes below */
2640 tot_encryption_size = crypt_ftr->fs_size;
2641
2642 if (how == CRYPTO_ENABLE_WIPE) {
JP Abgrall62c7af32014-06-16 13:01:23 -07002643 struct fstab_rec* rec = fs_mgr_get_entry_for_mount_point(fstab, DATA_MNT_POINT);
2644 int fs_type = get_fs_type(rec);
2645 if (fs_type < 0) {
2646 SLOGE("cryptfs_enable: unsupported fs type %s\n", rec->fs_type);
2647 return -1;
2648 }
2649 rc = cryptfs_enable_wipe(crypto_blkdev, crypt_ftr->fs_size, fs_type);
Paul Lawrence87999172014-02-20 12:21:31 -08002650 } else if (how == CRYPTO_ENABLE_INPLACE) {
2651 rc = cryptfs_enable_inplace(crypto_blkdev, real_blkdev,
2652 crypt_ftr->fs_size, &cur_encryption_done,
2653 tot_encryption_size,
2654 previously_encrypted_upto);
2655
JP Abgrall7fc1de82014-10-10 18:43:41 -07002656 if (rc == ENABLE_INPLACE_ERR_DEV) {
2657 /* Hack for b/17898962 */
2658 SLOGE("cryptfs_enable: crypto block dev failure. Must reboot...\n");
2659 cryptfs_reboot(reboot);
2660 }
2661
Paul Lawrence73d7a022014-06-09 14:10:09 -07002662 if (!rc) {
Paul Lawrence87999172014-02-20 12:21:31 -08002663 crypt_ftr->encrypted_upto = cur_encryption_done;
2664 }
2665
Paul Lawrence73d7a022014-06-09 14:10:09 -07002666 if (!rc && crypt_ftr->encrypted_upto == crypt_ftr->fs_size) {
Paul Lawrence87999172014-02-20 12:21:31 -08002667 /* The inplace routine never actually sets the progress to 100% due
2668 * to the round down nature of integer division, so set it here */
2669 property_set("vold.encrypt_progress", "100");
2670 }
2671 } else {
2672 /* Shouldn't happen */
2673 SLOGE("cryptfs_enable: internal error, unknown option\n");
2674 rc = -1;
2675 }
2676
2677 return rc;
2678}
2679
Wei Wang4375f1b2017-02-24 17:43:01 -08002680int cryptfs_enable_internal(char *howarg, int crypt_type, const char *passwd,
Paul Lawrence569649f2015-09-09 12:13:00 -07002681 int no_ui)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002682{
2683 int how = 0;
Paul Lawrence87999172014-02-20 12:21:31 -08002684 char crypto_blkdev[MAXPATHLEN], real_blkdev[MAXPATHLEN];
Ken Sumrall160b4d62013-04-22 12:15:39 -07002685 unsigned char decrypted_master_key[KEY_LEN_BYTES];
Hiroaki Miyazawa14eab552015-02-04 13:29:15 +09002686 int rc=-1, i;
Paul Lawrence87999172014-02-20 12:21:31 -08002687 struct crypt_mnt_ftr crypt_ftr;
Ken Sumrall160b4d62013-04-22 12:15:39 -07002688 struct crypt_persist_data *pdata;
Ken Sumrall29d8da82011-05-18 17:20:07 -07002689 char encrypted_state[PROPERTY_VALUE_MAX];
Ken Sumrall5d4c68e2011-01-30 19:06:03 -08002690 char lockid[32] = { 0 };
Ken Sumrall29d8da82011-05-18 17:20:07 -07002691 char key_loc[PROPERTY_VALUE_MAX];
Ken Sumrall29d8da82011-05-18 17:20:07 -07002692 int num_vols;
Paul Lawrence87999172014-02-20 12:21:31 -08002693 off64_t previously_encrypted_upto = 0;
Paul Lawrence3d99eba2015-11-20 07:07:19 -08002694 bool rebootEncryption = false;
Wei Wang4375f1b2017-02-24 17:43:01 -08002695 bool onlyCreateHeader = false;
2696 int fd = -1;
Ken Sumrall29d8da82011-05-18 17:20:07 -07002697
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002698 if (!strcmp(howarg, "wipe")) {
2699 how = CRYPTO_ENABLE_WIPE;
2700 } else if (! strcmp(howarg, "inplace")) {
2701 how = CRYPTO_ENABLE_INPLACE;
2702 } else {
2703 /* Shouldn't happen, as CommandListener vets the args */
Ken Sumrall3ed82362011-01-28 23:31:16 -08002704 goto error_unencrypted;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002705 }
2706
Paul Lawrence87999172014-02-20 12:21:31 -08002707 if (how == CRYPTO_ENABLE_INPLACE
Paul Lawrence3d99eba2015-11-20 07:07:19 -08002708 && get_crypt_ftr_and_key(&crypt_ftr) == 0) {
2709 if (crypt_ftr.flags & CRYPT_ENCRYPTION_IN_PROGRESS) {
2710 /* An encryption was underway and was interrupted */
2711 previously_encrypted_upto = crypt_ftr.encrypted_upto;
2712 crypt_ftr.encrypted_upto = 0;
2713 crypt_ftr.flags &= ~CRYPT_ENCRYPTION_IN_PROGRESS;
Paul Lawrence6bfed202014-07-28 12:47:22 -07002714
Paul Lawrence3d99eba2015-11-20 07:07:19 -08002715 /* At this point, we are in an inconsistent state. Until we successfully
2716 complete encryption, a reboot will leave us broken. So mark the
2717 encryption failed in case that happens.
2718 On successfully completing encryption, remove this flag */
2719 crypt_ftr.flags |= CRYPT_INCONSISTENT_STATE;
Paul Lawrence6bfed202014-07-28 12:47:22 -07002720
Paul Lawrence3d99eba2015-11-20 07:07:19 -08002721 put_crypt_ftr_and_key(&crypt_ftr);
2722 } else if (crypt_ftr.flags & CRYPT_FORCE_ENCRYPTION) {
2723 if (!check_ftr_sha(&crypt_ftr)) {
2724 memset(&crypt_ftr, 0, sizeof(crypt_ftr));
2725 put_crypt_ftr_and_key(&crypt_ftr);
2726 goto error_unencrypted;
2727 }
2728
2729 /* Doing a reboot-encryption*/
2730 crypt_ftr.flags &= ~CRYPT_FORCE_ENCRYPTION;
2731 crypt_ftr.flags |= CRYPT_FORCE_COMPLETE;
2732 rebootEncryption = true;
2733 }
Paul Lawrence87999172014-02-20 12:21:31 -08002734 }
2735
2736 property_get("ro.crypto.state", encrypted_state, "");
2737 if (!strcmp(encrypted_state, "encrypted") && !previously_encrypted_upto) {
2738 SLOGE("Device is already running encrypted, aborting");
2739 goto error_unencrypted;
2740 }
2741
2742 // TODO refactor fs_mgr_get_crypt_info to get both in one call
2743 fs_mgr_get_crypt_info(fstab, key_loc, 0, sizeof(key_loc));
Ken Sumrall56ad03c2013-02-13 13:00:19 -08002744 fs_mgr_get_crypt_info(fstab, 0, real_blkdev, sizeof(real_blkdev));
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002745
Ken Sumrall3ed82362011-01-28 23:31:16 -08002746 /* Get the size of the real block device */
Wei Wang4375f1b2017-02-24 17:43:01 -08002747 fd = open(real_blkdev, O_RDONLY|O_CLOEXEC);
Hiroaki Miyazawa14eab552015-02-04 13:29:15 +09002748 if (fd == -1) {
2749 SLOGE("Cannot open block device %s\n", real_blkdev);
2750 goto error_unencrypted;
2751 }
2752 unsigned long nr_sec;
2753 get_blkdev_size(fd, &nr_sec);
2754 if (nr_sec == 0) {
Ken Sumrall3ed82362011-01-28 23:31:16 -08002755 SLOGE("Cannot get size of block device %s\n", real_blkdev);
2756 goto error_unencrypted;
2757 }
2758 close(fd);
2759
2760 /* If doing inplace encryption, make sure the orig fs doesn't include the crypto footer */
Ken Sumrall29d8da82011-05-18 17:20:07 -07002761 if ((how == CRYPTO_ENABLE_INPLACE) && (!strcmp(key_loc, KEY_IN_FOOTER))) {
Ken Sumrall3ed82362011-01-28 23:31:16 -08002762 unsigned int fs_size_sec, max_fs_size_sec;
Jim Millera70abc62014-08-15 02:00:45 +00002763 fs_size_sec = get_fs_size(real_blkdev);
Daniel Rosenberge82df162014-08-15 22:19:23 +00002764 if (fs_size_sec == 0)
2765 fs_size_sec = get_f2fs_filesystem_size_sec(real_blkdev);
2766
Paul Lawrence87999172014-02-20 12:21:31 -08002767 max_fs_size_sec = nr_sec - (CRYPT_FOOTER_OFFSET / CRYPT_SECTOR_SIZE);
Ken Sumrall3ed82362011-01-28 23:31:16 -08002768
2769 if (fs_size_sec > max_fs_size_sec) {
2770 SLOGE("Orig filesystem overlaps crypto footer region. Cannot encrypt in place.");
2771 goto error_unencrypted;
2772 }
2773 }
2774
Ken Sumrall5d4c68e2011-01-30 19:06:03 -08002775 /* Get a wakelock as this may take a while, and we don't want the
2776 * device to sleep on us. We'll grab a partial wakelock, and if the UI
2777 * wants to keep the screen on, it can grab a full wakelock.
2778 */
Ken Sumrall29d8da82011-05-18 17:20:07 -07002779 snprintf(lockid, sizeof(lockid), "enablecrypto%d", (int) getpid());
Ken Sumrall5d4c68e2011-01-30 19:06:03 -08002780 acquire_wake_lock(PARTIAL_WAKE_LOCK, lockid);
2781
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002782 /* The init files are setup to stop the class main and late start when
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002783 * vold sets trigger_shutdown_framework.
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002784 */
2785 property_set("vold.decrypt", "trigger_shutdown_framework");
2786 SLOGD("Just asked init to shut down class main\n");
2787
Jeff Sharkey9c484982015-03-31 10:35:33 -07002788 /* Ask vold to unmount all devices that it manages */
2789 if (vold_unmountAll()) {
2790 SLOGE("Failed to unmount all vold managed devices");
Ken Sumrall2eaf7132011-01-14 12:45:48 -08002791 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002792
Paul Lawrence3d99eba2015-11-20 07:07:19 -08002793 /* no_ui means we are being called from init, not settings.
2794 Now we always reboot from settings, so !no_ui means reboot
2795 */
Paul Lawrence3d99eba2015-11-20 07:07:19 -08002796 if (!no_ui) {
2797 /* Try fallback, which is to reboot and try there */
2798 onlyCreateHeader = true;
2799 FILE* breadcrumb = fopen(BREADCRUMB_FILE, "we");
2800 if (breadcrumb == 0) {
2801 SLOGE("Failed to create breadcrumb file");
2802 goto error_shutting_down;
2803 }
2804 fclose(breadcrumb);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002805 }
2806
2807 /* Do extra work for a better UX when doing the long inplace encryption */
Paul Lawrence3d99eba2015-11-20 07:07:19 -08002808 if (how == CRYPTO_ENABLE_INPLACE && !onlyCreateHeader) {
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002809 /* Now that /data is unmounted, we need to mount a tmpfs
2810 * /data, set a property saying we're doing inplace encryption,
2811 * and restart the framework.
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002812 */
Ken Sumralle5032c42012-04-01 23:58:44 -07002813 if (fs_mgr_do_tmpfs_mount(DATA_MNT_POINT)) {
Ken Sumrall3ed82362011-01-28 23:31:16 -08002814 goto error_shutting_down;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002815 }
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002816 /* Tells the framework that inplace encryption is starting */
Ken Sumrall7df84122011-01-18 14:04:08 -08002817 property_set("vold.encrypt_progress", "0");
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002818
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002819 /* restart the framework. */
2820 /* Create necessary paths on /data */
2821 if (prep_data_fs()) {
Ken Sumrall3ed82362011-01-28 23:31:16 -08002822 goto error_shutting_down;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002823 }
2824
Ken Sumrall92736ef2012-10-17 20:57:14 -07002825 /* Ugh, shutting down the framework is not synchronous, so until it
2826 * can be fixed, this horrible hack will wait a moment for it all to
2827 * shut down before proceeding. Without it, some devices cannot
2828 * restart the graphics services.
2829 */
2830 sleep(2);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002831 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002832
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002833 /* Start the actual work of making an encrypted filesystem */
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002834 /* Initialize a crypt_mnt_ftr for the partition */
Paul Lawrence3d99eba2015-11-20 07:07:19 -08002835 if (previously_encrypted_upto == 0 && !rebootEncryption) {
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07002836 if (cryptfs_init_crypt_mnt_ftr(&crypt_ftr)) {
2837 goto error_shutting_down;
2838 }
Ken Sumrall160b4d62013-04-22 12:15:39 -07002839
Paul Lawrence87999172014-02-20 12:21:31 -08002840 if (!strcmp(key_loc, KEY_IN_FOOTER)) {
2841 crypt_ftr.fs_size = nr_sec
2842 - (CRYPT_FOOTER_OFFSET / CRYPT_SECTOR_SIZE);
2843 } else {
2844 crypt_ftr.fs_size = nr_sec;
2845 }
Paul Lawrence6bfed202014-07-28 12:47:22 -07002846 /* At this point, we are in an inconsistent state. Until we successfully
2847 complete encryption, a reboot will leave us broken. So mark the
2848 encryption failed in case that happens.
2849 On successfully completing encryption, remove this flag */
Paul Lawrence3d99eba2015-11-20 07:07:19 -08002850 if (onlyCreateHeader) {
2851 crypt_ftr.flags |= CRYPT_FORCE_ENCRYPTION;
2852 } else {
2853 crypt_ftr.flags |= CRYPT_INCONSISTENT_STATE;
2854 }
Paul Lawrence87999172014-02-20 12:21:31 -08002855 crypt_ftr.crypt_type = crypt_type;
Ajay Dudani87701e22014-09-17 21:02:52 -07002856 strlcpy((char *)crypt_ftr.crypto_type_name, "aes-cbc-essiv:sha256", MAX_CRYPTO_TYPE_NAME_LEN);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002857
Paul Lawrence87999172014-02-20 12:21:31 -08002858 /* Make an encrypted master key */
Paul Lawrence3d99eba2015-11-20 07:07:19 -08002859 if (create_encrypted_random_key(onlyCreateHeader ? DEFAULT_PASSWORD : passwd,
2860 crypt_ftr.master_key, crypt_ftr.salt, &crypt_ftr)) {
Paul Lawrence87999172014-02-20 12:21:31 -08002861 SLOGE("Cannot create encrypted master key\n");
2862 goto error_shutting_down;
2863 }
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002864
Paul Lawrence3d99eba2015-11-20 07:07:19 -08002865 /* Replace scrypted intermediate key if we are preparing for a reboot */
2866 if (onlyCreateHeader) {
2867 unsigned char fake_master_key[KEY_LEN_BYTES];
2868 unsigned char encrypted_fake_master_key[KEY_LEN_BYTES];
2869 memset(fake_master_key, 0, sizeof(fake_master_key));
2870 encrypt_master_key(passwd, crypt_ftr.salt, fake_master_key,
2871 encrypted_fake_master_key, &crypt_ftr);
2872 }
2873
Paul Lawrence87999172014-02-20 12:21:31 -08002874 /* Write the key to the end of the partition */
2875 put_crypt_ftr_and_key(&crypt_ftr);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002876
Paul Lawrence87999172014-02-20 12:21:31 -08002877 /* If any persistent data has been remembered, save it.
2878 * If none, create a valid empty table and save that.
2879 */
2880 if (!persist_data) {
Wei Wang4375f1b2017-02-24 17:43:01 -08002881 pdata = (crypt_persist_data *)malloc(CRYPT_PERSIST_DATA_SIZE);
Paul Lawrence87999172014-02-20 12:21:31 -08002882 if (pdata) {
2883 init_empty_persist_data(pdata, CRYPT_PERSIST_DATA_SIZE);
2884 persist_data = pdata;
2885 }
2886 }
2887 if (persist_data) {
2888 save_persistent_data();
2889 }
Ken Sumrall160b4d62013-04-22 12:15:39 -07002890 }
2891
Paul Lawrence3d99eba2015-11-20 07:07:19 -08002892 if (onlyCreateHeader) {
2893 sleep(2);
2894 cryptfs_reboot(reboot);
2895 }
2896
2897 if (how == CRYPTO_ENABLE_INPLACE && (!no_ui || rebootEncryption)) {
Ajay Dudani87701e22014-09-17 21:02:52 -07002898 /* startup service classes main and late_start */
2899 property_set("vold.decrypt", "trigger_restart_min_framework");
2900 SLOGD("Just triggered restart_min_framework\n");
2901
2902 /* OK, the framework is restarted and will soon be showing a
2903 * progress bar. Time to setup an encrypted mapping, and
2904 * either write a new filesystem, or encrypt in place updating
2905 * the progress bar as we work.
2906 */
2907 }
2908
Paul Lawrenced0c7b172014-08-08 14:28:10 -07002909 decrypt_master_key(passwd, decrypted_master_key, &crypt_ftr, 0, 0);
Ken Sumrall29d8da82011-05-18 17:20:07 -07002910 create_crypto_blk_dev(&crypt_ftr, decrypted_master_key, real_blkdev, crypto_blkdev,
Paul Lawrence3d99eba2015-11-20 07:07:19 -08002911 CRYPTO_BLOCK_DEVICE);
Ken Sumrall29d8da82011-05-18 17:20:07 -07002912
Paul Lawrence87999172014-02-20 12:21:31 -08002913 /* If we are continuing, check checksums match */
2914 rc = 0;
2915 if (previously_encrypted_upto) {
2916 __le8 hash_first_block[SHA256_DIGEST_LENGTH];
2917 rc = cryptfs_SHA256_fileblock(crypto_blkdev, hash_first_block);
Ken Sumrall128626f2011-06-28 18:45:14 -07002918
Paul Lawrence87999172014-02-20 12:21:31 -08002919 if (!rc && memcmp(hash_first_block, crypt_ftr.hash_first_block,
2920 sizeof(hash_first_block)) != 0) {
2921 SLOGE("Checksums do not match - trigger wipe");
2922 rc = -1;
Ken Sumrall29d8da82011-05-18 17:20:07 -07002923 }
2924 }
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002925
Paul Lawrence87999172014-02-20 12:21:31 -08002926 if (!rc) {
2927 rc = cryptfs_enable_all_volumes(&crypt_ftr, how,
2928 crypto_blkdev, real_blkdev,
2929 previously_encrypted_upto);
2930 }
2931
2932 /* Calculate checksum if we are not finished */
Paul Lawrenceb1eb7a02014-11-25 14:57:32 -08002933 if (!rc && how == CRYPTO_ENABLE_INPLACE
2934 && crypt_ftr.encrypted_upto != crypt_ftr.fs_size) {
Paul Lawrence87999172014-02-20 12:21:31 -08002935 rc = cryptfs_SHA256_fileblock(crypto_blkdev,
2936 crypt_ftr.hash_first_block);
Paul Lawrence73d7a022014-06-09 14:10:09 -07002937 if (rc) {
Paul Lawrence87999172014-02-20 12:21:31 -08002938 SLOGE("Error calculating checksum for continuing encryption");
2939 rc = -1;
Ken Sumrall29d8da82011-05-18 17:20:07 -07002940 }
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002941 }
2942
2943 /* Undo the dm-crypt mapping whether we succeed or not */
Paul Lawrence3d99eba2015-11-20 07:07:19 -08002944 delete_crypto_blk_dev(CRYPTO_BLOCK_DEVICE);
Ken Sumrall29d8da82011-05-18 17:20:07 -07002945
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002946 if (! rc) {
2947 /* Success */
Paul Lawrence6bfed202014-07-28 12:47:22 -07002948 crypt_ftr.flags &= ~CRYPT_INCONSISTENT_STATE;
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08002949
Paul Lawrenceb1eb7a02014-11-25 14:57:32 -08002950 if (how == CRYPTO_ENABLE_INPLACE
2951 && crypt_ftr.encrypted_upto != crypt_ftr.fs_size) {
Paul Lawrence87999172014-02-20 12:21:31 -08002952 SLOGD("Encrypted up to sector %lld - will continue after reboot",
2953 crypt_ftr.encrypted_upto);
Paul Lawrence6bfed202014-07-28 12:47:22 -07002954 crypt_ftr.flags |= CRYPT_ENCRYPTION_IN_PROGRESS;
Paul Lawrence87999172014-02-20 12:21:31 -08002955 }
Paul Lawrence73d7a022014-06-09 14:10:09 -07002956
Paul Lawrence6bfed202014-07-28 12:47:22 -07002957 put_crypt_ftr_and_key(&crypt_ftr);
Ken Sumralld33d4172011-02-01 00:49:13 -08002958
Paul Lawrenceb1eb7a02014-11-25 14:57:32 -08002959 if (how == CRYPTO_ENABLE_WIPE
2960 || crypt_ftr.encrypted_upto == crypt_ftr.fs_size) {
Paul Lawrenceb6672e12014-08-15 07:37:28 -07002961 char value[PROPERTY_VALUE_MAX];
2962 property_get("ro.crypto.state", value, "");
2963 if (!strcmp(value, "")) {
2964 /* default encryption - continue first boot sequence */
2965 property_set("ro.crypto.state", "encrypted");
Paul Lawrence4ed45262016-03-10 15:44:21 -08002966 property_set("ro.crypto.type", "block");
Paul Lawrenceb6672e12014-08-15 07:37:28 -07002967 release_wake_lock(lockid);
Paul Lawrence3d99eba2015-11-20 07:07:19 -08002968 if (rebootEncryption && crypt_ftr.crypt_type != CRYPT_TYPE_DEFAULT) {
2969 // Bring up cryptkeeper that will check the password and set it
2970 property_set("vold.decrypt", "trigger_shutdown_framework");
2971 sleep(2);
2972 property_set("vold.encrypt_progress", "");
2973 cryptfs_trigger_restart_min_framework();
2974 } else {
2975 cryptfs_check_passwd(DEFAULT_PASSWORD);
2976 cryptfs_restart_internal(1);
2977 }
Paul Lawrenceb6672e12014-08-15 07:37:28 -07002978 return 0;
2979 } else {
2980 sleep(2); /* Give the UI a chance to show 100% progress */
Paul Lawrence87999172014-02-20 12:21:31 -08002981 cryptfs_reboot(reboot);
Paul Lawrenceb6672e12014-08-15 07:37:28 -07002982 }
Paul Lawrence87999172014-02-20 12:21:31 -08002983 } else {
Paul Lawrenceb6672e12014-08-15 07:37:28 -07002984 sleep(2); /* Partially encrypted, ensure writes flushed to ssd */
Paul Lawrence87999172014-02-20 12:21:31 -08002985 cryptfs_reboot(shutdown);
2986 }
Ken Sumrall3ed82362011-01-28 23:31:16 -08002987 } else {
Mike Lockwoodee6d8c42012-02-15 13:43:28 -08002988 char value[PROPERTY_VALUE_MAX];
2989
Ken Sumrall319369a2012-06-27 16:30:18 -07002990 property_get("ro.vold.wipe_on_crypt_fail", value, "0");
Mike Lockwoodee6d8c42012-02-15 13:43:28 -08002991 if (!strcmp(value, "1")) {
2992 /* wipe data if encryption failed */
2993 SLOGE("encryption failed - rebooting into recovery to wipe data\n");
Wei Wang4375f1b2017-02-24 17:43:01 -08002994 std::string err;
2995 const std::vector<std::string> options = {
2996 "--wipe_data\n--reason=cryptfs_enable_internal\n"
2997 };
2998 if (!write_bootloader_message(options, &err)) {
2999 SLOGE("could not write bootloader message: %s", err.c_str());
Mike Lockwoodee6d8c42012-02-15 13:43:28 -08003000 }
Paul Lawrence87999172014-02-20 12:21:31 -08003001 cryptfs_reboot(recovery);
Mike Lockwoodee6d8c42012-02-15 13:43:28 -08003002 } else {
3003 /* set property to trigger dialog */
3004 property_set("vold.encrypt_progress", "error_partially_encrypted");
3005 release_wake_lock(lockid);
3006 }
Ken Sumrall3ed82362011-01-28 23:31:16 -08003007 return -1;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003008 }
3009
Ken Sumrall3ed82362011-01-28 23:31:16 -08003010 /* hrm, the encrypt step claims success, but the reboot failed.
3011 * This should not happen.
3012 * Set the property and return. Hope the framework can deal with it.
3013 */
3014 property_set("vold.encrypt_progress", "error_reboot_failed");
Ken Sumrall5d4c68e2011-01-30 19:06:03 -08003015 release_wake_lock(lockid);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003016 return rc;
Ken Sumrall3ed82362011-01-28 23:31:16 -08003017
3018error_unencrypted:
3019 property_set("vold.encrypt_progress", "error_not_encrypted");
Ken Sumrall5d4c68e2011-01-30 19:06:03 -08003020 if (lockid[0]) {
3021 release_wake_lock(lockid);
3022 }
Ken Sumrall3ed82362011-01-28 23:31:16 -08003023 return -1;
3024
3025error_shutting_down:
3026 /* we failed, and have not encrypted anthing, so the users's data is still intact,
3027 * but the framework is stopped and not restarted to show the error, so it's up to
3028 * vold to restart the system.
3029 */
3030 SLOGE("Error enabling encryption after framework is shutdown, no data changed, restarting system");
Paul Lawrence87999172014-02-20 12:21:31 -08003031 cryptfs_reboot(reboot);
Ken Sumrall3ed82362011-01-28 23:31:16 -08003032
3033 /* shouldn't get here */
3034 property_set("vold.encrypt_progress", "error_shutting_down");
Ken Sumrall5d4c68e2011-01-30 19:06:03 -08003035 if (lockid[0]) {
3036 release_wake_lock(lockid);
3037 }
Ken Sumrall3ed82362011-01-28 23:31:16 -08003038 return -1;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003039}
3040
Paul Lawrence569649f2015-09-09 12:13:00 -07003041int cryptfs_enable(char *howarg, int type, char *passwd, int no_ui)
Paul Lawrence13486032014-02-03 13:28:11 -08003042{
Paul Lawrence569649f2015-09-09 12:13:00 -07003043 return cryptfs_enable_internal(howarg, type, passwd, no_ui);
Paul Lawrence13486032014-02-03 13:28:11 -08003044}
3045
Paul Lawrence569649f2015-09-09 12:13:00 -07003046int cryptfs_enable_default(char *howarg, int no_ui)
Paul Lawrence13486032014-02-03 13:28:11 -08003047{
3048 return cryptfs_enable_internal(howarg, CRYPT_TYPE_DEFAULT,
Paul Lawrence569649f2015-09-09 12:13:00 -07003049 DEFAULT_PASSWORD, no_ui);
Paul Lawrence13486032014-02-03 13:28:11 -08003050}
3051
3052int cryptfs_changepw(int crypt_type, const char *newpw)
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003053{
Paul Crowley38132a12016-02-09 09:50:32 +00003054 if (e4crypt_is_native()) {
Paul Lawrence7b6b5652016-02-02 11:14:59 -08003055 SLOGE("cryptfs_changepw not valid for file encryption");
3056 return -1;
Paul Lawrence05335c32015-03-05 09:46:23 -08003057 }
3058
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003059 struct crypt_mnt_ftr crypt_ftr;
JP Abgrall933216c2015-02-11 13:44:32 -08003060 int rc;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003061
3062 /* This is only allowed after we've successfully decrypted the master key */
Paul Lawrencef4faa572014-01-29 13:31:03 -08003063 if (!master_key_saved) {
Ken Sumrall0cc16632011-01-18 20:32:26 -08003064 SLOGE("Key not saved, aborting");
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003065 return -1;
3066 }
3067
Paul Lawrencef4faa572014-01-29 13:31:03 -08003068 if (crypt_type < 0 || crypt_type > CRYPT_TYPE_MAX_TYPE) {
3069 SLOGE("Invalid crypt_type %d", crypt_type);
3070 return -1;
3071 }
3072
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003073 /* get key */
Ken Sumrall160b4d62013-04-22 12:15:39 -07003074 if (get_crypt_ftr_and_key(&crypt_ftr)) {
Paul Lawrencef4faa572014-01-29 13:31:03 -08003075 SLOGE("Error getting crypt footer and key");
3076 return -1;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003077 }
3078
Paul Lawrencef4faa572014-01-29 13:31:03 -08003079 crypt_ftr.crypt_type = crypt_type;
3080
JP Abgrall933216c2015-02-11 13:44:32 -08003081 rc = encrypt_master_key(crypt_type == CRYPT_TYPE_DEFAULT ? DEFAULT_PASSWORD
Paul Lawrencef4faa572014-01-29 13:31:03 -08003082 : newpw,
3083 crypt_ftr.salt,
3084 saved_master_key,
3085 crypt_ftr.master_key,
3086 &crypt_ftr);
JP Abgrall933216c2015-02-11 13:44:32 -08003087 if (rc) {
3088 SLOGE("Encrypt master key failed: %d", rc);
3089 return -1;
3090 }
Jason parks70a4b3f2011-01-28 10:10:47 -06003091 /* save the key */
Ken Sumrall160b4d62013-04-22 12:15:39 -07003092 put_crypt_ftr_and_key(&crypt_ftr);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003093
3094 return 0;
3095}
Ken Sumrall160b4d62013-04-22 12:15:39 -07003096
Rubin Xu85c01f92014-10-13 12:49:54 +01003097static unsigned int persist_get_max_entries(int encrypted) {
3098 struct crypt_mnt_ftr crypt_ftr;
3099 unsigned int dsize;
3100 unsigned int max_persistent_entries;
3101
3102 /* If encrypted, use the values from the crypt_ftr, otherwise
3103 * use the values for the current spec.
3104 */
3105 if (encrypted) {
3106 if (get_crypt_ftr_and_key(&crypt_ftr)) {
3107 return -1;
3108 }
3109 dsize = crypt_ftr.persist_data_size;
3110 } else {
3111 dsize = CRYPT_PERSIST_DATA_SIZE;
3112 }
3113
3114 max_persistent_entries = (dsize - sizeof(struct crypt_persist_data)) /
3115 sizeof(struct crypt_persist_entry);
3116
3117 return max_persistent_entries;
3118}
3119
3120static int persist_get_key(const char *fieldname, char *value)
Ken Sumrall160b4d62013-04-22 12:15:39 -07003121{
3122 unsigned int i;
3123
3124 if (persist_data == NULL) {
3125 return -1;
3126 }
3127 for (i = 0; i < persist_data->persist_valid_entries; i++) {
3128 if (!strncmp(persist_data->persist_entry[i].key, fieldname, PROPERTY_KEY_MAX)) {
3129 /* We found it! */
3130 strlcpy(value, persist_data->persist_entry[i].val, PROPERTY_VALUE_MAX);
3131 return 0;
3132 }
3133 }
3134
3135 return -1;
3136}
3137
Rubin Xu85c01f92014-10-13 12:49:54 +01003138static int persist_set_key(const char *fieldname, const char *value, int encrypted)
Ken Sumrall160b4d62013-04-22 12:15:39 -07003139{
3140 unsigned int i;
3141 unsigned int num;
Ken Sumrall160b4d62013-04-22 12:15:39 -07003142 unsigned int max_persistent_entries;
Ken Sumrall160b4d62013-04-22 12:15:39 -07003143
3144 if (persist_data == NULL) {
3145 return -1;
3146 }
3147
Rubin Xu85c01f92014-10-13 12:49:54 +01003148 max_persistent_entries = persist_get_max_entries(encrypted);
Ken Sumrall160b4d62013-04-22 12:15:39 -07003149
3150 num = persist_data->persist_valid_entries;
3151
3152 for (i = 0; i < num; i++) {
3153 if (!strncmp(persist_data->persist_entry[i].key, fieldname, PROPERTY_KEY_MAX)) {
3154 /* We found an existing entry, update it! */
3155 memset(persist_data->persist_entry[i].val, 0, PROPERTY_VALUE_MAX);
3156 strlcpy(persist_data->persist_entry[i].val, value, PROPERTY_VALUE_MAX);
3157 return 0;
3158 }
3159 }
3160
3161 /* We didn't find it, add it to the end, if there is room */
3162 if (persist_data->persist_valid_entries < max_persistent_entries) {
3163 memset(&persist_data->persist_entry[num], 0, sizeof(struct crypt_persist_entry));
3164 strlcpy(persist_data->persist_entry[num].key, fieldname, PROPERTY_KEY_MAX);
3165 strlcpy(persist_data->persist_entry[num].val, value, PROPERTY_VALUE_MAX);
3166 persist_data->persist_valid_entries++;
3167 return 0;
3168 }
3169
3170 return -1;
3171}
3172
Rubin Xu85c01f92014-10-13 12:49:54 +01003173/**
3174 * Test if key is part of the multi-entry (field, index) sequence. Return non-zero if key is in the
3175 * sequence and its index is greater than or equal to index. Return 0 otherwise.
3176 */
3177static int match_multi_entry(const char *key, const char *field, unsigned index) {
Rubin Xu85c01f92014-10-13 12:49:54 +01003178 unsigned int field_len;
3179 unsigned int key_index;
3180 field_len = strlen(field);
3181
3182 if (index == 0) {
3183 // The first key in a multi-entry field is just the filedname itself.
3184 if (!strcmp(key, field)) {
3185 return 1;
3186 }
3187 }
3188 // Match key against "%s_%d" % (field, index)
3189 if (strlen(key) < field_len + 1 + 1) {
3190 // Need at least a '_' and a digit.
3191 return 0;
3192 }
3193 if (strncmp(key, field, field_len)) {
3194 // If the key does not begin with field, it's not a match.
3195 return 0;
3196 }
3197 if (1 != sscanf(&key[field_len],"_%d", &key_index)) {
3198 return 0;
3199 }
3200 return key_index >= index;
3201}
3202
3203/*
3204 * Delete entry/entries from persist_data. If the entries are part of a multi-segment field, all
3205 * remaining entries starting from index will be deleted.
3206 * returns PERSIST_DEL_KEY_OK if deletion succeeds,
3207 * PERSIST_DEL_KEY_ERROR_NO_FIELD if the field does not exist,
3208 * and PERSIST_DEL_KEY_ERROR_OTHER if error occurs.
3209 *
3210 */
3211static int persist_del_keys(const char *fieldname, unsigned index)
3212{
3213 unsigned int i;
3214 unsigned int j;
3215 unsigned int num;
3216
3217 if (persist_data == NULL) {
3218 return PERSIST_DEL_KEY_ERROR_OTHER;
3219 }
3220
3221 num = persist_data->persist_valid_entries;
3222
3223 j = 0; // points to the end of non-deleted entries.
3224 // Filter out to-be-deleted entries in place.
3225 for (i = 0; i < num; i++) {
3226 if (!match_multi_entry(persist_data->persist_entry[i].key, fieldname, index)) {
3227 persist_data->persist_entry[j] = persist_data->persist_entry[i];
3228 j++;
3229 }
3230 }
3231
3232 if (j < num) {
3233 persist_data->persist_valid_entries = j;
3234 // Zeroise the remaining entries
3235 memset(&persist_data->persist_entry[j], 0, (num - j) * sizeof(struct crypt_persist_entry));
3236 return PERSIST_DEL_KEY_OK;
3237 } else {
3238 // Did not find an entry matching the given fieldname
3239 return PERSIST_DEL_KEY_ERROR_NO_FIELD;
3240 }
3241}
3242
3243static int persist_count_keys(const char *fieldname)
3244{
3245 unsigned int i;
3246 unsigned int count;
3247
3248 if (persist_data == NULL) {
3249 return -1;
3250 }
3251
3252 count = 0;
3253 for (i = 0; i < persist_data->persist_valid_entries; i++) {
3254 if (match_multi_entry(persist_data->persist_entry[i].key, fieldname, 0)) {
3255 count++;
3256 }
3257 }
3258
3259 return count;
3260}
3261
Ken Sumrall160b4d62013-04-22 12:15:39 -07003262/* Return the value of the specified field. */
Rubin Xu85c01f92014-10-13 12:49:54 +01003263int cryptfs_getfield(const char *fieldname, char *value, int len)
Ken Sumrall160b4d62013-04-22 12:15:39 -07003264{
Paul Crowley38132a12016-02-09 09:50:32 +00003265 if (e4crypt_is_native()) {
Paul Lawrence5a06a642016-02-03 13:39:13 -08003266 SLOGE("Cannot get field when file encrypted");
3267 return -1;
Paul Lawrence368d7942015-04-15 14:12:00 -07003268 }
3269
Ken Sumrall160b4d62013-04-22 12:15:39 -07003270 char temp_value[PROPERTY_VALUE_MAX];
Rubin Xu85c01f92014-10-13 12:49:54 +01003271 /* CRYPTO_GETFIELD_OK is success,
3272 * CRYPTO_GETFIELD_ERROR_NO_FIELD is value not set,
3273 * CRYPTO_GETFIELD_ERROR_BUF_TOO_SMALL is buffer (as given by len) too small,
3274 * CRYPTO_GETFIELD_ERROR_OTHER is any other error
Ken Sumrall160b4d62013-04-22 12:15:39 -07003275 */
Rubin Xu85c01f92014-10-13 12:49:54 +01003276 int rc = CRYPTO_GETFIELD_ERROR_OTHER;
3277 int i;
3278 char temp_field[PROPERTY_KEY_MAX];
Ken Sumrall160b4d62013-04-22 12:15:39 -07003279
3280 if (persist_data == NULL) {
3281 load_persistent_data();
3282 if (persist_data == NULL) {
3283 SLOGE("Getfield error, cannot load persistent data");
3284 goto out;
3285 }
3286 }
3287
Rubin Xu85c01f92014-10-13 12:49:54 +01003288 // Read value from persistent entries. If the original value is split into multiple entries,
3289 // stitch them back together.
Ken Sumrall160b4d62013-04-22 12:15:39 -07003290 if (!persist_get_key(fieldname, temp_value)) {
Rubin Xu85c01f92014-10-13 12:49:54 +01003291 // We found it, copy it to the caller's buffer and keep going until all entries are read.
3292 if (strlcpy(value, temp_value, len) >= (unsigned) len) {
3293 // value too small
3294 rc = CRYPTO_GETFIELD_ERROR_BUF_TOO_SMALL;
3295 goto out;
3296 }
3297 rc = CRYPTO_GETFIELD_OK;
3298
3299 for (i = 1; /* break explicitly */; i++) {
3300 if (snprintf(temp_field, sizeof(temp_field), "%s_%d", fieldname, i) >=
3301 (int) sizeof(temp_field)) {
3302 // If the fieldname is very long, we stop as soon as it begins to overflow the
3303 // maximum field length. At this point we have in fact fully read out the original
3304 // value because cryptfs_setfield would not allow fields with longer names to be
3305 // written in the first place.
3306 break;
3307 }
3308 if (!persist_get_key(temp_field, temp_value)) {
3309 if (strlcat(value, temp_value, len) >= (unsigned)len) {
3310 // value too small.
3311 rc = CRYPTO_GETFIELD_ERROR_BUF_TOO_SMALL;
3312 goto out;
3313 }
3314 } else {
3315 // Exhaust all entries.
3316 break;
3317 }
3318 }
Ken Sumrall160b4d62013-04-22 12:15:39 -07003319 } else {
3320 /* Sadness, it's not there. Return the error */
Rubin Xu85c01f92014-10-13 12:49:54 +01003321 rc = CRYPTO_GETFIELD_ERROR_NO_FIELD;
Ken Sumrall160b4d62013-04-22 12:15:39 -07003322 }
3323
3324out:
3325 return rc;
3326}
3327
3328/* Set the value of the specified field. */
Rubin Xu85c01f92014-10-13 12:49:54 +01003329int cryptfs_setfield(const char *fieldname, const char *value)
Ken Sumrall160b4d62013-04-22 12:15:39 -07003330{
Paul Crowley38132a12016-02-09 09:50:32 +00003331 if (e4crypt_is_native()) {
Paul Lawrence5a06a642016-02-03 13:39:13 -08003332 SLOGE("Cannot set field when file encrypted");
3333 return -1;
Paul Lawrence368d7942015-04-15 14:12:00 -07003334 }
3335
Ken Sumrall160b4d62013-04-22 12:15:39 -07003336 char encrypted_state[PROPERTY_VALUE_MAX];
Rubin Xu85c01f92014-10-13 12:49:54 +01003337 /* 0 is success, negative values are error */
3338 int rc = CRYPTO_SETFIELD_ERROR_OTHER;
Ken Sumrall160b4d62013-04-22 12:15:39 -07003339 int encrypted = 0;
Rubin Xu85c01f92014-10-13 12:49:54 +01003340 unsigned int field_id;
3341 char temp_field[PROPERTY_KEY_MAX];
3342 unsigned int num_entries;
3343 unsigned int max_keylen;
Ken Sumrall160b4d62013-04-22 12:15:39 -07003344
3345 if (persist_data == NULL) {
3346 load_persistent_data();
3347 if (persist_data == NULL) {
3348 SLOGE("Setfield error, cannot load persistent data");
3349 goto out;
3350 }
3351 }
3352
3353 property_get("ro.crypto.state", encrypted_state, "");
3354 if (!strcmp(encrypted_state, "encrypted") ) {
3355 encrypted = 1;
3356 }
3357
Rubin Xu85c01f92014-10-13 12:49:54 +01003358 // Compute the number of entries required to store value, each entry can store up to
3359 // (PROPERTY_VALUE_MAX - 1) chars
3360 if (strlen(value) == 0) {
3361 // Empty value also needs one entry to store.
3362 num_entries = 1;
3363 } else {
3364 num_entries = (strlen(value) + (PROPERTY_VALUE_MAX - 1) - 1) / (PROPERTY_VALUE_MAX - 1);
3365 }
3366
3367 max_keylen = strlen(fieldname);
3368 if (num_entries > 1) {
3369 // Need an extra "_%d" suffix.
3370 max_keylen += 1 + log10(num_entries);
3371 }
3372 if (max_keylen > PROPERTY_KEY_MAX - 1) {
3373 rc = CRYPTO_SETFIELD_ERROR_FIELD_TOO_LONG;
Ken Sumrall160b4d62013-04-22 12:15:39 -07003374 goto out;
3375 }
3376
Rubin Xu85c01f92014-10-13 12:49:54 +01003377 // Make sure we have enough space to write the new value
3378 if (persist_data->persist_valid_entries + num_entries - persist_count_keys(fieldname) >
3379 persist_get_max_entries(encrypted)) {
3380 rc = CRYPTO_SETFIELD_ERROR_VALUE_TOO_LONG;
3381 goto out;
3382 }
3383
3384 // Now that we know persist_data has enough space for value, let's delete the old field first
3385 // to make up space.
3386 persist_del_keys(fieldname, 0);
3387
3388 if (persist_set_key(fieldname, value, encrypted)) {
3389 // fail to set key, should not happen as we have already checked the available space
3390 SLOGE("persist_set_key() error during setfield()");
3391 goto out;
3392 }
3393
3394 for (field_id = 1; field_id < num_entries; field_id++) {
3395 snprintf(temp_field, sizeof(temp_field), "%s_%d", fieldname, field_id);
3396
3397 if (persist_set_key(temp_field, value + field_id * (PROPERTY_VALUE_MAX - 1), encrypted)) {
3398 // fail to set key, should not happen as we have already checked the available space.
3399 SLOGE("persist_set_key() error during setfield()");
3400 goto out;
3401 }
3402 }
3403
Ken Sumrall160b4d62013-04-22 12:15:39 -07003404 /* If we are running encrypted, save the persistent data now */
3405 if (encrypted) {
3406 if (save_persistent_data()) {
3407 SLOGE("Setfield error, cannot save persistent data");
3408 goto out;
3409 }
3410 }
3411
Rubin Xu85c01f92014-10-13 12:49:54 +01003412 rc = CRYPTO_SETFIELD_OK;
Ken Sumrall160b4d62013-04-22 12:15:39 -07003413
3414out:
3415 return rc;
3416}
Paul Lawrencef4faa572014-01-29 13:31:03 -08003417
3418/* Checks userdata. Attempt to mount the volume if default-
3419 * encrypted.
3420 * On success trigger next init phase and return 0.
3421 * Currently do not handle failure - see TODO below.
3422 */
3423int cryptfs_mount_default_encrypted(void)
3424{
Paul Lawrence84274cc2016-04-15 15:41:33 -07003425 int crypt_type = cryptfs_get_password_type();
3426 if (crypt_type < 0 || crypt_type > CRYPT_TYPE_MAX_TYPE) {
3427 SLOGE("Bad crypt type - error");
3428 } else if (crypt_type != CRYPT_TYPE_DEFAULT) {
3429 SLOGD("Password is not default - "
3430 "starting min framework to prompt");
3431 property_set("vold.decrypt", "trigger_restart_min_framework");
3432 return 0;
3433 } else if (cryptfs_check_passwd(DEFAULT_PASSWORD) == 0) {
3434 SLOGD("Password is default - restarting filesystem");
3435 cryptfs_restart_internal(0);
3436 return 0;
Paul Lawrencef4faa572014-01-29 13:31:03 -08003437 } else {
Paul Lawrence84274cc2016-04-15 15:41:33 -07003438 SLOGE("Encrypted, default crypt type but can't decrypt");
Paul Lawrencef4faa572014-01-29 13:31:03 -08003439 }
3440
Paul Lawrence6bfed202014-07-28 12:47:22 -07003441 /** Corrupt. Allow us to boot into framework, which will detect bad
3442 crypto when it calls do_crypto_complete, then do a factory reset
Paul Lawrencef4faa572014-01-29 13:31:03 -08003443 */
Paul Lawrence6bfed202014-07-28 12:47:22 -07003444 property_set("vold.decrypt", "trigger_restart_min_framework");
Paul Lawrencef4faa572014-01-29 13:31:03 -08003445 return 0;
3446}
3447
3448/* Returns type of the password, default, pattern, pin or password.
3449 */
3450int cryptfs_get_password_type(void)
3451{
Paul Crowley38132a12016-02-09 09:50:32 +00003452 if (e4crypt_is_native()) {
Paul Lawrence7b6b5652016-02-02 11:14:59 -08003453 SLOGE("cryptfs_get_password_type not valid for file encryption");
3454 return -1;
Paul Lawrence05335c32015-03-05 09:46:23 -08003455 }
3456
Paul Lawrencef4faa572014-01-29 13:31:03 -08003457 struct crypt_mnt_ftr crypt_ftr;
3458
3459 if (get_crypt_ftr_and_key(&crypt_ftr)) {
3460 SLOGE("Error getting crypt footer and key\n");
3461 return -1;
3462 }
3463
Paul Lawrence6bfed202014-07-28 12:47:22 -07003464 if (crypt_ftr.flags & CRYPT_INCONSISTENT_STATE) {
3465 return -1;
3466 }
3467
Paul Lawrencef4faa572014-01-29 13:31:03 -08003468 return crypt_ftr.crypt_type;
3469}
Paul Lawrence684dbdf2014-02-07 12:07:22 -08003470
Paul Lawrence05335c32015-03-05 09:46:23 -08003471const char* cryptfs_get_password()
Paul Lawrence684dbdf2014-02-07 12:07:22 -08003472{
Paul Crowley38132a12016-02-09 09:50:32 +00003473 if (e4crypt_is_native()) {
Paul Lawrence7b6b5652016-02-02 11:14:59 -08003474 SLOGE("cryptfs_get_password not valid for file encryption");
3475 return 0;
Paul Lawrence05335c32015-03-05 09:46:23 -08003476 }
3477
Paul Lawrence399317e2014-03-10 13:20:50 -07003478 struct timespec now;
Paul Lawrenceef2b5be2014-11-11 12:47:03 -08003479 clock_gettime(CLOCK_BOOTTIME, &now);
Paul Lawrence399317e2014-03-10 13:20:50 -07003480 if (now.tv_sec < password_expiry_time) {
3481 return password;
3482 } else {
3483 cryptfs_clear_password();
3484 return 0;
3485 }
3486}
3487
3488void cryptfs_clear_password()
3489{
3490 if (password) {
3491 size_t len = strlen(password);
3492 memset(password, 0, len);
3493 free(password);
3494 password = 0;
3495 password_expiry_time = 0;
3496 }
Paul Lawrence684dbdf2014-02-07 12:07:22 -08003497}
Paul Lawrence731a7a22015-04-28 22:14:15 +00003498
3499int cryptfs_enable_file()
3500{
Paul Crowley38132a12016-02-09 09:50:32 +00003501 return e4crypt_initialize_global_de();
Paul Lawrence731a7a22015-04-28 22:14:15 +00003502}
3503
Paul Lawrence0c247462015-10-29 10:30:57 -07003504int cryptfs_isConvertibleToFBE()
3505{
3506 struct fstab_rec* rec = fs_mgr_get_entry_for_mount_point(fstab, DATA_MNT_POINT);
3507 return fs_mgr_is_convertible_to_fbe(rec) ? 1 : 0;
3508}
3509
Paul Lawrence731a7a22015-04-28 22:14:15 +00003510int cryptfs_create_default_ftr(struct crypt_mnt_ftr* crypt_ftr, __attribute__((unused))int key_length)
3511{
3512 if (cryptfs_init_crypt_mnt_ftr(crypt_ftr)) {
3513 SLOGE("Failed to initialize crypt_ftr");
3514 return -1;
3515 }
3516
3517 if (create_encrypted_random_key(DEFAULT_PASSWORD, crypt_ftr->master_key,
3518 crypt_ftr->salt, crypt_ftr)) {
3519 SLOGE("Cannot create encrypted master key\n");
3520 return -1;
3521 }
3522
3523 //crypt_ftr->keysize = key_length / 8;
3524 return 0;
3525}
3526
3527int cryptfs_get_master_key(struct crypt_mnt_ftr* ftr, const char* password,
3528 unsigned char* master_key)
3529{
3530 int rc;
3531
Paul Lawrence731a7a22015-04-28 22:14:15 +00003532 unsigned char* intermediate_key = 0;
3533 size_t intermediate_key_size = 0;
Paul Lawrencec78c71b2015-04-14 15:26:29 -07003534
3535 if (password == 0 || *password == 0) {
3536 password = DEFAULT_PASSWORD;
3537 }
3538
Paul Lawrence731a7a22015-04-28 22:14:15 +00003539 rc = decrypt_master_key(password, master_key, ftr, &intermediate_key,
3540 &intermediate_key_size);
3541
Paul Lawrence300dae72016-03-11 11:02:52 -08003542 if (rc) {
3543 SLOGE("Can't calculate intermediate key");
3544 return rc;
3545 }
3546
Paul Lawrencec78c71b2015-04-14 15:26:29 -07003547 int N = 1 << ftr->N_factor;
3548 int r = 1 << ftr->r_factor;
3549 int p = 1 << ftr->p_factor;
3550
3551 unsigned char scrypted_intermediate_key[sizeof(ftr->scrypted_intermediate_key)];
3552
3553 rc = crypto_scrypt(intermediate_key, intermediate_key_size,
3554 ftr->salt, sizeof(ftr->salt), N, r, p,
3555 scrypted_intermediate_key,
3556 sizeof(scrypted_intermediate_key));
3557
3558 free(intermediate_key);
3559
3560 if (rc) {
Paul Lawrence300dae72016-03-11 11:02:52 -08003561 SLOGE("Can't scrypt intermediate key");
Paul Lawrencec78c71b2015-04-14 15:26:29 -07003562 return rc;
3563 }
3564
3565 return memcmp(scrypted_intermediate_key, ftr->scrypted_intermediate_key,
3566 intermediate_key_size);
Paul Lawrence731a7a22015-04-28 22:14:15 +00003567}
3568
3569int cryptfs_set_password(struct crypt_mnt_ftr* ftr, const char* password,
3570 const unsigned char* master_key)
3571{
3572 return encrypt_master_key(password, ftr->salt, master_key, ftr->master_key,
3573 ftr);
3574}
Paul Lawrence6e410592016-05-24 14:20:38 -07003575
Eric Biggersb45caaf2017-02-02 14:52:12 -08003576void cryptfs_get_file_encryption_modes(const char **contents_mode_ret,
3577 const char **filenames_mode_ret)
Paul Lawrence6e410592016-05-24 14:20:38 -07003578{
3579 struct fstab_rec* rec = fs_mgr_get_entry_for_mount_point(fstab, DATA_MNT_POINT);
Eric Biggersb45caaf2017-02-02 14:52:12 -08003580 fs_mgr_get_file_encryption_modes(rec, contents_mode_ret, filenames_mode_ret);
Paul Lawrence6e410592016-05-24 14:20:38 -07003581}