blob: 09e67af9194fb5e5cf05f41a4ade8af5fb66b1a7 [file] [log] [blame]
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001/*
2 * Copyright (C) 2010 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17/* TO DO:
18 * 1. Perhaps keep several copies of the encrypted key, in case something
19 * goes horribly wrong?
20 *
21 */
22
23#include <sys/types.h>
Ken Sumralle550f782013-08-20 13:48:23 -070024#include <sys/wait.h>
Ken Sumrall8f869aa2010-12-03 03:47:09 -080025#include <sys/stat.h>
Paul Lawrencef4faa572014-01-29 13:31:03 -080026#include <ctype.h>
Ken Sumrall8f869aa2010-12-03 03:47:09 -080027#include <fcntl.h>
Elliott Hughes73737162014-06-25 17:27:42 -070028#include <inttypes.h>
Ken Sumrall8f869aa2010-12-03 03:47:09 -080029#include <unistd.h>
30#include <stdio.h>
31#include <sys/ioctl.h>
32#include <linux/dm-ioctl.h>
33#include <libgen.h>
34#include <stdlib.h>
35#include <sys/param.h>
36#include <string.h>
37#include <sys/mount.h>
38#include <openssl/evp.h>
Adam Langley41405bb2015-01-22 16:45:28 -080039#include <openssl/sha.h>
Ken Sumrall8f869aa2010-12-03 03:47:09 -080040#include <errno.h>
Paul Crowley3b71fc52017-10-09 10:55:21 -070041#include <ext4_utils/ext4_crypt.h>
Tao Bao5a95ddb2016-10-05 18:01:19 -070042#include <ext4_utils/ext4_utils.h>
Ken Sumrall29d8da82011-05-18 17:20:07 -070043#include <linux/kdev_t.h>
Ken Sumralle5032c42012-04-01 23:58:44 -070044#include <fs_mgr.h>
Paul Lawrence9c58a872014-09-30 09:12:51 -070045#include <time.h>
Rubin Xu85c01f92014-10-13 12:49:54 +010046#include <math.h>
Jeff Vander Stoepdf725752016-01-29 15:34:43 -080047#include <selinux/selinux.h>
Ken Sumrall8f869aa2010-12-03 03:47:09 -080048#include "cryptfs.h"
Jeff Vander Stoepdf725752016-01-29 15:34:43 -080049#include "secontext.h"
Ken Sumrall8f869aa2010-12-03 03:47:09 -080050#define LOG_TAG "Cryptfs"
51#include "cutils/log.h"
52#include "cutils/properties.h"
Ken Sumralladfba362013-06-04 16:37:52 -070053#include "cutils/android_reboot.h"
Ken Sumrall5d4c68e2011-01-30 19:06:03 -080054#include "hardware_legacy/power.h"
Ken Sumralle550f782013-08-20 13:48:23 -070055#include <logwrap/logwrap.h>
Paul Crowley63c18d32016-02-10 14:02:47 +000056#include "ScryptParameters.h"
Ken Sumrall29d8da82011-05-18 17:20:07 -070057#include "VolumeManager.h"
Ken Sumrall9caab762013-06-11 19:10:20 -070058#include "VoldUtil.h"
Paul Lawrence731a7a22015-04-28 22:14:15 +000059#include "Ext4Crypt.h"
Daniel Rosenberge82df162014-08-15 22:19:23 +000060#include "f2fs_sparseblock.h"
Paul Crowleyf71ace32016-06-02 11:01:19 -070061#include "EncryptInplace.h"
jessica_yu3f14fe42014-09-22 15:57:40 +080062#include "Process.h"
Janis Danisevskis015ec302017-01-31 11:31:08 +000063#include "Keymaster.h"
Wei Wang4375f1b2017-02-24 17:43:01 -080064#include "android-base/properties.h"
Yabin Cui1fb59662016-06-24 14:48:49 -070065#include <bootloader_message/bootloader_message.h>
Wei Wang4375f1b2017-02-24 17:43:01 -080066extern "C" {
67#include <crypto_scrypt.h>
68}
Mark Salyzyn3e971272014-01-21 13:27:04 -080069
Mark Salyzyn5eecc442014-02-12 14:16:14 -080070#define UNUSED __attribute__((unused))
71
Ken Sumrall8f869aa2010-12-03 03:47:09 -080072#define DM_CRYPT_BUF_SIZE 4096
73
Jason parks70a4b3f2011-01-28 10:10:47 -060074#define HASH_COUNT 2000
Greg Kaiserc0de9c72018-02-14 20:05:54 -080075
76constexpr size_t INTERMEDIATE_KEY_LEN_BYTES = 16;
77constexpr size_t INTERMEDIATE_IV_LEN_BYTES = 16;
78constexpr size_t INTERMEDIATE_BUF_SIZE =
79 (INTERMEDIATE_KEY_LEN_BYTES + INTERMEDIATE_IV_LEN_BYTES);
80
81// SCRYPT_LEN is used by struct crypt_mnt_ftr for its intermediate key.
82static_assert(INTERMEDIATE_BUF_SIZE == SCRYPT_LEN,
83 "Mismatch of intermediate key sizes");
Jason parks70a4b3f2011-01-28 10:10:47 -060084
Ken Sumrall29d8da82011-05-18 17:20:07 -070085#define KEY_IN_FOOTER "footer"
86
Paul Lawrence3bd36d52015-06-09 13:37:44 -070087#define DEFAULT_PASSWORD "default_password"
Paul Lawrencef4faa572014-01-29 13:31:03 -080088
Paul Lawrence3d99eba2015-11-20 07:07:19 -080089#define CRYPTO_BLOCK_DEVICE "userdata"
90
91#define BREADCRUMB_FILE "/data/misc/vold/convert_fde"
92
Ken Sumrall29d8da82011-05-18 17:20:07 -070093#define EXT4_FS 1
JP Abgrall62c7af32014-06-16 13:01:23 -070094#define F2FS_FS 2
Ken Sumrall29d8da82011-05-18 17:20:07 -070095
Ken Sumralle919efe2012-09-29 17:07:41 -070096#define TABLE_LOAD_RETRIES 10
97
Shawn Willden47ba10d2014-09-03 17:07:06 -060098#define RSA_KEY_SIZE 2048
99#define RSA_KEY_SIZE_BYTES (RSA_KEY_SIZE / 8)
100#define RSA_EXPONENT 0x10001
Shawn Willdenda6e8992015-06-03 09:40:45 -0600101#define KEYMASTER_CRYPTFS_RATE_LIMIT 1 // Maximum one try per second
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700102
Paul Lawrence8e3f4512014-09-08 10:11:17 -0700103#define RETRY_MOUNT_ATTEMPTS 10
104#define RETRY_MOUNT_DELAY_SECONDS 1
105
Paul Crowley5afbc622017-11-27 09:42:17 -0800106#define CREATE_CRYPTO_BLK_DEV_FLAGS_ALLOW_ENCRYPT_OVERRIDE (1)
107
Paul Crowley73473332017-11-21 15:43:51 -0800108static int put_crypt_ftr_and_key(struct crypt_mnt_ftr* crypt_ftr);
109
Greg Kaiser59ad0182018-02-16 13:01:36 -0800110static unsigned char saved_master_key[MAX_KEY_LEN];
Ken Sumrall3ad90722011-10-04 20:38:29 -0700111static char *saved_mount_point;
Jason parks70a4b3f2011-01-28 10:10:47 -0600112static int master_key_saved = 0;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700113static struct crypt_persist_data *persist_data = NULL;
Ken Sumrall56ad03c2013-02-13 13:00:19 -0800114
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700115/* Should we use keymaster? */
116static int keymaster_check_compatibility()
117{
Janis Danisevskis015ec302017-01-31 11:31:08 +0000118 return keymaster_compatibility_cryptfs_scrypt();
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700119}
120
121/* Create a new keymaster key and store it in this footer */
122static int keymaster_create_key(struct crypt_mnt_ftr *ftr)
123{
Paul Lawrence3d99eba2015-11-20 07:07:19 -0800124 if (ftr->keymaster_blob_size) {
125 SLOGI("Already have key");
126 return 0;
127 }
128
Janis Danisevskis015ec302017-01-31 11:31:08 +0000129 int rc = keymaster_create_key_for_cryptfs_scrypt(RSA_KEY_SIZE, RSA_EXPONENT,
130 KEYMASTER_CRYPTFS_RATE_LIMIT, ftr->keymaster_blob, KEYMASTER_BLOB_SIZE,
131 &ftr->keymaster_blob_size);
132 if (rc) {
133 if (ftr->keymaster_blob_size > KEYMASTER_BLOB_SIZE) {
Paul Crowley73473332017-11-21 15:43:51 -0800134 SLOGE("Keymaster key blob too large");
Janis Danisevskis015ec302017-01-31 11:31:08 +0000135 ftr->keymaster_blob_size = 0;
136 }
137 SLOGE("Failed to generate keypair");
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700138 return -1;
139 }
Janis Danisevskis015ec302017-01-31 11:31:08 +0000140 return 0;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700141}
142
Shawn Willdene17a9c42014-09-08 13:04:08 -0600143/* This signs the given object using the keymaster key. */
144static int keymaster_sign_object(struct crypt_mnt_ftr *ftr,
Shawn Willden47ba10d2014-09-03 17:07:06 -0600145 const unsigned char *object,
146 const size_t object_size,
147 unsigned char **signature,
148 size_t *signature_size)
149{
Shawn Willden47ba10d2014-09-03 17:07:06 -0600150 unsigned char to_sign[RSA_KEY_SIZE_BYTES];
Shawn Willdene17a9c42014-09-08 13:04:08 -0600151 size_t to_sign_size = sizeof(to_sign);
Shawn Willden47ba10d2014-09-03 17:07:06 -0600152 memset(to_sign, 0, RSA_KEY_SIZE_BYTES);
Shawn Willden47ba10d2014-09-03 17:07:06 -0600153
Shawn Willdene17a9c42014-09-08 13:04:08 -0600154 // To sign a message with RSA, the message must satisfy two
155 // constraints:
156 //
157 // 1. The message, when interpreted as a big-endian numeric value, must
158 // be strictly less than the public modulus of the RSA key. Note
159 // that because the most significant bit of the public modulus is
160 // guaranteed to be 1 (else it's an (n-1)-bit key, not an n-bit
161 // key), an n-bit message with most significant bit 0 always
162 // satisfies this requirement.
163 //
164 // 2. The message must have the same length in bits as the public
165 // modulus of the RSA key. This requirement isn't mathematically
166 // necessary, but is necessary to ensure consistency in
167 // implementations.
168 switch (ftr->kdf_type) {
Shawn Willdene17a9c42014-09-08 13:04:08 -0600169 case KDF_SCRYPT_KEYMASTER:
170 // This ensures the most significant byte of the signed message
171 // is zero. We could have zero-padded to the left instead, but
172 // this approach is slightly more robust against changes in
173 // object size. However, it's still broken (but not unusably
Shawn Willdenda6e8992015-06-03 09:40:45 -0600174 // so) because we really should be using a proper deterministic
175 // RSA padding function, such as PKCS1.
Wei Wang4375f1b2017-02-24 17:43:01 -0800176 memcpy(to_sign + 1, object, std::min((size_t)RSA_KEY_SIZE_BYTES - 1, object_size));
Shawn Willdene17a9c42014-09-08 13:04:08 -0600177 SLOGI("Signing safely-padded object");
178 break;
179 default:
180 SLOGE("Unknown KDF type %d", ftr->kdf_type);
Janis Danisevskis015ec302017-01-31 11:31:08 +0000181 return -1;
Shawn Willdene17a9c42014-09-08 13:04:08 -0600182 }
Paul Crowley73473332017-11-21 15:43:51 -0800183 for (;;) {
184 auto result = keymaster_sign_object_for_cryptfs_scrypt(
185 ftr->keymaster_blob, ftr->keymaster_blob_size, KEYMASTER_CRYPTFS_RATE_LIMIT, to_sign,
186 to_sign_size, signature, signature_size);
187 switch (result) {
188 case KeymasterSignResult::ok:
189 return 0;
190 case KeymasterSignResult::upgrade:
191 break;
192 default:
193 return -1;
194 }
195 SLOGD("Upgrading key");
196 if (keymaster_upgrade_key_for_cryptfs_scrypt(
197 RSA_KEY_SIZE, RSA_EXPONENT, KEYMASTER_CRYPTFS_RATE_LIMIT, ftr->keymaster_blob,
198 ftr->keymaster_blob_size, ftr->keymaster_blob, KEYMASTER_BLOB_SIZE,
199 &ftr->keymaster_blob_size) != 0) {
200 SLOGE("Failed to upgrade key");
201 return -1;
202 }
203 if (put_crypt_ftr_and_key(ftr) != 0) {
204 SLOGE("Failed to write upgraded key to disk");
205 }
206 SLOGD("Key upgraded successfully");
207 }
Shawn Willden47ba10d2014-09-03 17:07:06 -0600208}
209
Paul Lawrence399317e2014-03-10 13:20:50 -0700210/* Store password when userdata is successfully decrypted and mounted.
211 * Cleared by cryptfs_clear_password
212 *
213 * To avoid a double prompt at boot, we need to store the CryptKeeper
214 * password and pass it to KeyGuard, which uses it to unlock KeyStore.
215 * Since the entire framework is torn down and rebuilt after encryption,
216 * we have to use a daemon or similar to store the password. Since vold
217 * is secured against IPC except from system processes, it seems a reasonable
218 * place to store this.
219 *
220 * password should be cleared once it has been used.
221 *
222 * password is aged out after password_max_age_seconds seconds.
Paul Lawrence684dbdf2014-02-07 12:07:22 -0800223 */
Paul Lawrence399317e2014-03-10 13:20:50 -0700224static char* password = 0;
225static int password_expiry_time = 0;
226static const int password_max_age_seconds = 60;
Paul Lawrence684dbdf2014-02-07 12:07:22 -0800227
Josh Gaofec44372017-08-28 13:22:55 -0700228enum class RebootType {reboot, recovery, shutdown};
229static void cryptfs_reboot(RebootType rt)
Ken Sumralladfba362013-06-04 16:37:52 -0700230{
Josh Gaofec44372017-08-28 13:22:55 -0700231 switch (rt) {
232 case RebootType::reboot:
Paul Lawrence87999172014-02-20 12:21:31 -0800233 property_set(ANDROID_RB_PROPERTY, "reboot");
234 break;
235
Josh Gaofec44372017-08-28 13:22:55 -0700236 case RebootType::recovery:
Paul Lawrence87999172014-02-20 12:21:31 -0800237 property_set(ANDROID_RB_PROPERTY, "reboot,recovery");
238 break;
239
Josh Gaofec44372017-08-28 13:22:55 -0700240 case RebootType::shutdown:
Paul Lawrence87999172014-02-20 12:21:31 -0800241 property_set(ANDROID_RB_PROPERTY, "shutdown");
242 break;
Ken Sumralladfba362013-06-04 16:37:52 -0700243 }
Paul Lawrence87999172014-02-20 12:21:31 -0800244
Ken Sumralladfba362013-06-04 16:37:52 -0700245 sleep(20);
246
247 /* Shouldn't get here, reboot should happen before sleep times out */
248 return;
249}
250
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800251static void ioctl_init(struct dm_ioctl *io, size_t dataSize, const char *name, unsigned flags)
252{
253 memset(io, 0, dataSize);
254 io->data_size = dataSize;
255 io->data_start = sizeof(struct dm_ioctl);
256 io->version[0] = 4;
257 io->version[1] = 0;
258 io->version[2] = 0;
259 io->flags = flags;
260 if (name) {
Marek Pola5e6b9142015-02-05 14:22:34 +0100261 strlcpy(io->name, name, sizeof(io->name));
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800262 }
263}
264
Greg Kaiser38723f22018-02-16 13:35:35 -0800265namespace {
266
267struct CryptoType;
268
269// Use to get the CryptoType in use on this device.
270const CryptoType &get_crypto_type();
271
272struct CryptoType {
273 // We should only be constructing CryptoTypes as part of
274 // supported_crypto_types[]. We do it via this pseudo-builder pattern,
275 // which isn't pure or fully protected as a concession to being able to
276 // do it all at compile time. Add new CryptoTypes in
277 // supported_crypto_types[] below.
278 constexpr CryptoType() : CryptoType(nullptr, nullptr, 0xFFFFFFFF) {}
279 constexpr CryptoType set_keysize(uint32_t size) const {
280 return CryptoType(this->property_name, this->crypto_name, size);
281 }
282 constexpr CryptoType set_property_name(const char *property) const {
283 return CryptoType(property, this->crypto_name, this->keysize);
284 }
285 constexpr CryptoType set_crypto_name(const char *crypto) const {
286 return CryptoType(this->property_name, crypto, this->keysize);
287 }
288
289 constexpr const char *get_property_name() const { return property_name; }
290 constexpr const char *get_crypto_name() const { return crypto_name; }
291 constexpr uint32_t get_keysize() const { return keysize; }
292
293 private:
294 const char *property_name;
295 const char *crypto_name;
296 uint32_t keysize;
297
298 constexpr CryptoType(const char *property, const char *crypto,
299 uint32_t ksize)
300 : property_name(property), crypto_name(crypto), keysize(ksize) {}
301 friend const CryptoType &get_crypto_type();
302 static const CryptoType &get_device_crypto_algorithm();
303};
304
305// We only want to parse this read-only property once. But we need to wait
306// until the system is initialized before we can read it. So we use a static
307// scoped within this function to get it only once.
308const CryptoType &get_crypto_type() {
309 static CryptoType crypto_type = CryptoType::get_device_crypto_algorithm();
310 return crypto_type;
311}
312
313constexpr CryptoType default_crypto_type = CryptoType()
314 .set_property_name("AES-128-CBC")
315 .set_crypto_name("aes-cbc-essiv:sha256")
316 .set_keysize(16);
317
318constexpr CryptoType supported_crypto_types[] = {
319 default_crypto_type,
320 CryptoType()
321 .set_property_name("Speck128/128-XTS")
322 .set_crypto_name("speck128-xts-plain64")
323 .set_keysize(32),
324 // Add new CryptoTypes here. Order is not important.
325};
326
327
328// ---------- START COMPILE-TIME SANITY CHECK BLOCK -------------------------
329// We confirm all supported_crypto_types have a small enough keysize and
330// had both set_property_name() and set_crypto_name() called.
331
332template <typename T, size_t N>
333constexpr size_t array_length(T (&)[N]) { return N; }
334
335constexpr bool indexOutOfBoundsForCryptoTypes(size_t index) {
336 return (index >= array_length(supported_crypto_types));
337}
338
339constexpr bool isValidCryptoType(const CryptoType &crypto_type) {
340 return ((crypto_type.get_property_name() != nullptr) &&
341 (crypto_type.get_crypto_name() != nullptr) &&
342 (crypto_type.get_keysize() <= MAX_KEY_LEN));
343}
344
345// Note in C++11 that constexpr functions can only have a single line.
346// So our code is a bit convoluted (using recursion instead of a loop),
347// but it's asserting at compile time that all of our key lengths are valid.
348constexpr bool validateSupportedCryptoTypes(size_t index) {
349 return indexOutOfBoundsForCryptoTypes(index) ||
350 (isValidCryptoType(supported_crypto_types[index]) &&
351 validateSupportedCryptoTypes(index + 1));
352}
353
354static_assert(validateSupportedCryptoTypes(0),
355 "We have a CryptoType with keysize > MAX_KEY_LEN or which was "
356 "incompletely constructed.");
357// ---------- END COMPILE-TIME SANITY CHECK BLOCK -------------------------
358
359
360// Don't call this directly, use get_crypto_type(), which caches this result.
361const CryptoType &CryptoType::get_device_crypto_algorithm() {
362 constexpr char CRYPT_ALGO_PROP[] = "ro.crypto.fde_algorithm";
363 char paramstr[PROPERTY_VALUE_MAX];
364
365 property_get(CRYPT_ALGO_PROP, paramstr,
366 default_crypto_type.get_property_name());
367 for (auto const &ctype : supported_crypto_types) {
368 if (strcmp(paramstr, ctype.get_property_name()) == 0) {
369 return ctype;
370 }
371 }
372 ALOGE("Invalid name (%s) for %s. Defaulting to %s\n", paramstr,
373 CRYPT_ALGO_PROP, default_crypto_type.get_property_name());
374 return default_crypto_type;
375}
376
377} // namespace
378
379
380
Kenny Rootc4c70f12013-06-14 12:11:38 -0700381/**
382 * Gets the default device scrypt parameters for key derivation time tuning.
383 * The parameters should lead to about one second derivation time for the
384 * given device.
385 */
386static void get_device_scrypt_params(struct crypt_mnt_ftr *ftr) {
Kenny Rootc4c70f12013-06-14 12:11:38 -0700387 char paramstr[PROPERTY_VALUE_MAX];
Paul Crowley63c18d32016-02-10 14:02:47 +0000388 int Nf, rf, pf;
Kenny Rootc4c70f12013-06-14 12:11:38 -0700389
Paul Crowley63c18d32016-02-10 14:02:47 +0000390 property_get(SCRYPT_PROP, paramstr, SCRYPT_DEFAULTS);
391 if (!parse_scrypt_parameters(paramstr, &Nf, &rf, &pf)) {
392 SLOGW("bad scrypt parameters '%s' should be like '12:8:1'; using defaults", paramstr);
393 parse_scrypt_parameters(SCRYPT_DEFAULTS, &Nf, &rf, &pf);
Kenny Rootc4c70f12013-06-14 12:11:38 -0700394 }
Paul Crowley63c18d32016-02-10 14:02:47 +0000395 ftr->N_factor = Nf;
396 ftr->r_factor = rf;
397 ftr->p_factor = pf;
Kenny Rootc4c70f12013-06-14 12:11:38 -0700398}
399
Greg Kaiser57f9af62018-02-16 13:13:58 -0800400uint32_t cryptfs_get_keysize() {
Greg Kaiser38723f22018-02-16 13:35:35 -0800401 return get_crypto_type().get_keysize();
Greg Kaiser57f9af62018-02-16 13:13:58 -0800402}
403
404const char *cryptfs_get_crypto_name() {
Greg Kaiser38723f22018-02-16 13:35:35 -0800405 return get_crypto_type().get_crypto_name();
Greg Kaiser57f9af62018-02-16 13:13:58 -0800406}
407
Ken Sumrall3ed82362011-01-28 23:31:16 -0800408static unsigned int get_fs_size(char *dev)
409{
410 int fd, block_size;
411 struct ext4_super_block sb;
412 off64_t len;
413
Jeff Sharkeyce6a9132015-04-08 21:07:21 -0700414 if ((fd = open(dev, O_RDONLY|O_CLOEXEC)) < 0) {
Ken Sumrall3ed82362011-01-28 23:31:16 -0800415 SLOGE("Cannot open device to get filesystem size ");
416 return 0;
417 }
418
419 if (lseek64(fd, 1024, SEEK_SET) < 0) {
420 SLOGE("Cannot seek to superblock");
421 return 0;
422 }
423
424 if (read(fd, &sb, sizeof(sb)) != sizeof(sb)) {
425 SLOGE("Cannot read superblock");
426 return 0;
427 }
428
429 close(fd);
430
Daniel Rosenberge82df162014-08-15 22:19:23 +0000431 if (le32_to_cpu(sb.s_magic) != EXT4_SUPER_MAGIC) {
432 SLOGE("Not a valid ext4 superblock");
433 return 0;
434 }
Ken Sumrall3ed82362011-01-28 23:31:16 -0800435 block_size = 1024 << sb.s_log_block_size;
436 /* compute length in bytes */
437 len = ( ((off64_t)sb.s_blocks_count_hi << 32) + sb.s_blocks_count_lo) * block_size;
438
439 /* return length in sectors */
440 return (unsigned int) (len / 512);
441}
442
Ken Sumrall160b4d62013-04-22 12:15:39 -0700443static int get_crypt_ftr_info(char **metadata_fname, off64_t *off)
444{
445 static int cached_data = 0;
446 static off64_t cached_off = 0;
447 static char cached_metadata_fname[PROPERTY_VALUE_MAX] = "";
448 int fd;
449 char key_loc[PROPERTY_VALUE_MAX];
450 char real_blkdev[PROPERTY_VALUE_MAX];
Ken Sumrall160b4d62013-04-22 12:15:39 -0700451 int rc = -1;
452
453 if (!cached_data) {
Paul Crowleye2ee1522017-09-26 14:05:26 -0700454 fs_mgr_get_crypt_info(fstab_default, key_loc, real_blkdev, sizeof(key_loc));
Ken Sumrall160b4d62013-04-22 12:15:39 -0700455
456 if (!strcmp(key_loc, KEY_IN_FOOTER)) {
Jeff Sharkeyce6a9132015-04-08 21:07:21 -0700457 if ( (fd = open(real_blkdev, O_RDWR|O_CLOEXEC)) < 0) {
Ken Sumrall160b4d62013-04-22 12:15:39 -0700458 SLOGE("Cannot open real block device %s\n", real_blkdev);
459 return -1;
460 }
461
Hiroaki Miyazawa14eab552015-02-04 13:29:15 +0900462 unsigned long nr_sec = 0;
463 get_blkdev_size(fd, &nr_sec);
464 if (nr_sec != 0) {
Ken Sumrall160b4d62013-04-22 12:15:39 -0700465 /* If it's an encrypted Android partition, the last 16 Kbytes contain the
466 * encryption info footer and key, and plenty of bytes to spare for future
467 * growth.
468 */
469 strlcpy(cached_metadata_fname, real_blkdev, sizeof(cached_metadata_fname));
470 cached_off = ((off64_t)nr_sec * 512) - CRYPT_FOOTER_OFFSET;
471 cached_data = 1;
472 } else {
473 SLOGE("Cannot get size of block device %s\n", real_blkdev);
474 }
475 close(fd);
476 } else {
477 strlcpy(cached_metadata_fname, key_loc, sizeof(cached_metadata_fname));
478 cached_off = 0;
479 cached_data = 1;
480 }
481 }
482
483 if (cached_data) {
484 if (metadata_fname) {
485 *metadata_fname = cached_metadata_fname;
486 }
487 if (off) {
488 *off = cached_off;
489 }
490 rc = 0;
491 }
492
493 return rc;
494}
495
Paul Lawrence3d99eba2015-11-20 07:07:19 -0800496/* Set sha256 checksum in structure */
497static void set_ftr_sha(struct crypt_mnt_ftr *crypt_ftr)
498{
499 SHA256_CTX c;
500 SHA256_Init(&c);
501 memset(crypt_ftr->sha256, 0, sizeof(crypt_ftr->sha256));
502 SHA256_Update(&c, crypt_ftr, sizeof(*crypt_ftr));
503 SHA256_Final(crypt_ftr->sha256, &c);
504}
505
Ken Sumralle8744072011-01-18 22:01:55 -0800506/* key or salt can be NULL, in which case just skip writing that value. Useful to
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800507 * update the failed mount count but not change the key.
508 */
Ken Sumrall160b4d62013-04-22 12:15:39 -0700509static int put_crypt_ftr_and_key(struct crypt_mnt_ftr *crypt_ftr)
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800510{
511 int fd;
Tim Murray8439dc92014-12-15 11:56:11 -0800512 unsigned int cnt;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700513 /* starting_off is set to the SEEK_SET offset
514 * where the crypto structure starts
515 */
516 off64_t starting_off;
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800517 int rc = -1;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700518 char *fname = NULL;
Ken Sumrall3be890f2011-09-14 16:53:46 -0700519 struct stat statbuf;
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800520
Paul Lawrence3d99eba2015-11-20 07:07:19 -0800521 set_ftr_sha(crypt_ftr);
522
Ken Sumrall160b4d62013-04-22 12:15:39 -0700523 if (get_crypt_ftr_info(&fname, &starting_off)) {
524 SLOGE("Unable to get crypt_ftr_info\n");
525 return -1;
526 }
527 if (fname[0] != '/') {
Ken Sumralle5032c42012-04-01 23:58:44 -0700528 SLOGE("Unexpected value for crypto key location\n");
Ken Sumrall160b4d62013-04-22 12:15:39 -0700529 return -1;
530 }
Jeff Sharkeyce6a9132015-04-08 21:07:21 -0700531 if ( (fd = open(fname, O_RDWR | O_CREAT|O_CLOEXEC, 0600)) < 0) {
Ken Sumralle550f782013-08-20 13:48:23 -0700532 SLOGE("Cannot open footer file %s for put\n", fname);
Ken Sumrall160b4d62013-04-22 12:15:39 -0700533 return -1;
534 }
535
536 /* Seek to the start of the crypt footer */
537 if (lseek64(fd, starting_off, SEEK_SET) == -1) {
538 SLOGE("Cannot seek to real block device footer\n");
539 goto errout;
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800540 }
541
542 if ((cnt = write(fd, crypt_ftr, sizeof(struct crypt_mnt_ftr))) != sizeof(struct crypt_mnt_ftr)) {
543 SLOGE("Cannot write real block device footer\n");
544 goto errout;
545 }
546
Ken Sumrall3be890f2011-09-14 16:53:46 -0700547 fstat(fd, &statbuf);
548 /* If the keys are kept on a raw block device, do not try to truncate it. */
Ken Sumralle550f782013-08-20 13:48:23 -0700549 if (S_ISREG(statbuf.st_mode)) {
Ken Sumrall29d8da82011-05-18 17:20:07 -0700550 if (ftruncate(fd, 0x4000)) {
Colin Cross59846b62014-02-06 20:34:29 -0800551 SLOGE("Cannot set footer file size\n");
Ken Sumralle8744072011-01-18 22:01:55 -0800552 goto errout;
553 }
554 }
555
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800556 /* Success! */
557 rc = 0;
558
559errout:
560 close(fd);
561 return rc;
562
563}
564
Paul Lawrence3d99eba2015-11-20 07:07:19 -0800565static bool check_ftr_sha(const struct crypt_mnt_ftr *crypt_ftr)
566{
567 struct crypt_mnt_ftr copy;
568 memcpy(&copy, crypt_ftr, sizeof(copy));
569 set_ftr_sha(&copy);
570 return memcmp(copy.sha256, crypt_ftr->sha256, sizeof(copy.sha256)) == 0;
571}
572
Ken Sumrall160b4d62013-04-22 12:15:39 -0700573static inline int unix_read(int fd, void* buff, int len)
574{
575 return TEMP_FAILURE_RETRY(read(fd, buff, len));
576}
577
578static inline int unix_write(int fd, const void* buff, int len)
579{
580 return TEMP_FAILURE_RETRY(write(fd, buff, len));
581}
582
583static void init_empty_persist_data(struct crypt_persist_data *pdata, int len)
584{
585 memset(pdata, 0, len);
586 pdata->persist_magic = PERSIST_DATA_MAGIC;
587 pdata->persist_valid_entries = 0;
588}
589
590/* A routine to update the passed in crypt_ftr to the lastest version.
591 * fd is open read/write on the device that holds the crypto footer and persistent
592 * data, crypt_ftr is a pointer to the struct to be updated, and offset is the
593 * absolute offset to the start of the crypt_mnt_ftr on the passed in fd.
594 */
595static void upgrade_crypt_ftr(int fd, struct crypt_mnt_ftr *crypt_ftr, off64_t offset)
596{
Kenny Root7434b312013-06-14 11:29:53 -0700597 int orig_major = crypt_ftr->major_version;
598 int orig_minor = crypt_ftr->minor_version;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700599
Kenny Root7434b312013-06-14 11:29:53 -0700600 if ((crypt_ftr->major_version == 1) && (crypt_ftr->minor_version == 0)) {
601 struct crypt_persist_data *pdata;
602 off64_t pdata_offset = offset + CRYPT_FOOTER_TO_PERSIST_OFFSET;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700603
Kenny Rootc4c70f12013-06-14 12:11:38 -0700604 SLOGW("upgrading crypto footer to 1.1");
605
Wei Wang4375f1b2017-02-24 17:43:01 -0800606 pdata = (crypt_persist_data *)malloc(CRYPT_PERSIST_DATA_SIZE);
Kenny Root7434b312013-06-14 11:29:53 -0700607 if (pdata == NULL) {
608 SLOGE("Cannot allocate persisent data\n");
609 return;
610 }
611 memset(pdata, 0, CRYPT_PERSIST_DATA_SIZE);
612
613 /* Need to initialize the persistent data area */
614 if (lseek64(fd, pdata_offset, SEEK_SET) == -1) {
615 SLOGE("Cannot seek to persisent data offset\n");
Henrik Baard91064632015-02-05 15:09:17 +0100616 free(pdata);
Kenny Root7434b312013-06-14 11:29:53 -0700617 return;
618 }
619 /* Write all zeros to the first copy, making it invalid */
620 unix_write(fd, pdata, CRYPT_PERSIST_DATA_SIZE);
621
622 /* Write a valid but empty structure to the second copy */
623 init_empty_persist_data(pdata, CRYPT_PERSIST_DATA_SIZE);
624 unix_write(fd, pdata, CRYPT_PERSIST_DATA_SIZE);
625
626 /* Update the footer */
627 crypt_ftr->persist_data_size = CRYPT_PERSIST_DATA_SIZE;
628 crypt_ftr->persist_data_offset[0] = pdata_offset;
629 crypt_ftr->persist_data_offset[1] = pdata_offset + CRYPT_PERSIST_DATA_SIZE;
630 crypt_ftr->minor_version = 1;
Henrik Baard91064632015-02-05 15:09:17 +0100631 free(pdata);
Ken Sumrall160b4d62013-04-22 12:15:39 -0700632 }
633
Paul Lawrencef4faa572014-01-29 13:31:03 -0800634 if ((crypt_ftr->major_version == 1) && (crypt_ftr->minor_version == 1)) {
Kenny Rootc4c70f12013-06-14 12:11:38 -0700635 SLOGW("upgrading crypto footer to 1.2");
JP Abgrall7bdfa522013-11-15 13:42:56 -0800636 /* But keep the old kdf_type.
637 * It will get updated later to KDF_SCRYPT after the password has been verified.
638 */
Kenny Rootc4c70f12013-06-14 12:11:38 -0700639 crypt_ftr->kdf_type = KDF_PBKDF2;
640 get_device_scrypt_params(crypt_ftr);
641 crypt_ftr->minor_version = 2;
642 }
643
Paul Lawrencef4faa572014-01-29 13:31:03 -0800644 if ((crypt_ftr->major_version == 1) && (crypt_ftr->minor_version == 2)) {
645 SLOGW("upgrading crypto footer to 1.3");
646 crypt_ftr->crypt_type = CRYPT_TYPE_PASSWORD;
647 crypt_ftr->minor_version = 3;
648 }
649
Kenny Root7434b312013-06-14 11:29:53 -0700650 if ((orig_major != crypt_ftr->major_version) || (orig_minor != crypt_ftr->minor_version)) {
651 if (lseek64(fd, offset, SEEK_SET) == -1) {
652 SLOGE("Cannot seek to crypt footer\n");
653 return;
654 }
655 unix_write(fd, crypt_ftr, sizeof(struct crypt_mnt_ftr));
Ken Sumrall160b4d62013-04-22 12:15:39 -0700656 }
Ken Sumrall160b4d62013-04-22 12:15:39 -0700657}
658
659
660static int get_crypt_ftr_and_key(struct crypt_mnt_ftr *crypt_ftr)
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800661{
662 int fd;
Tim Murray8439dc92014-12-15 11:56:11 -0800663 unsigned int cnt;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700664 off64_t starting_off;
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800665 int rc = -1;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700666 char *fname = NULL;
Ken Sumrall29d8da82011-05-18 17:20:07 -0700667 struct stat statbuf;
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800668
Ken Sumrall160b4d62013-04-22 12:15:39 -0700669 if (get_crypt_ftr_info(&fname, &starting_off)) {
670 SLOGE("Unable to get crypt_ftr_info\n");
671 return -1;
672 }
673 if (fname[0] != '/') {
Ken Sumralle5032c42012-04-01 23:58:44 -0700674 SLOGE("Unexpected value for crypto key location\n");
Ken Sumrall160b4d62013-04-22 12:15:39 -0700675 return -1;
676 }
Jeff Sharkeyce6a9132015-04-08 21:07:21 -0700677 if ( (fd = open(fname, O_RDWR|O_CLOEXEC)) < 0) {
Ken Sumralle550f782013-08-20 13:48:23 -0700678 SLOGE("Cannot open footer file %s for get\n", fname);
Ken Sumrall160b4d62013-04-22 12:15:39 -0700679 return -1;
680 }
681
682 /* Make sure it's 16 Kbytes in length */
683 fstat(fd, &statbuf);
684 if (S_ISREG(statbuf.st_mode) && (statbuf.st_size != 0x4000)) {
685 SLOGE("footer file %s is not the expected size!\n", fname);
686 goto errout;
687 }
688
689 /* Seek to the start of the crypt footer */
690 if (lseek64(fd, starting_off, SEEK_SET) == -1) {
691 SLOGE("Cannot seek to real block device footer\n");
692 goto errout;
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800693 }
694
695 if ( (cnt = read(fd, crypt_ftr, sizeof(struct crypt_mnt_ftr))) != sizeof(struct crypt_mnt_ftr)) {
696 SLOGE("Cannot read real block device footer\n");
697 goto errout;
698 }
699
700 if (crypt_ftr->magic != CRYPT_MNT_MAGIC) {
Ken Sumrall29d8da82011-05-18 17:20:07 -0700701 SLOGE("Bad magic for real block device %s\n", fname);
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800702 goto errout;
703 }
704
Kenny Rootc96a5f82013-06-14 12:08:28 -0700705 if (crypt_ftr->major_version != CURRENT_MAJOR_VERSION) {
706 SLOGE("Cannot understand major version %d real block device footer; expected %d\n",
707 crypt_ftr->major_version, CURRENT_MAJOR_VERSION);
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800708 goto errout;
709 }
710
Greg Kaiser59ad0182018-02-16 13:01:36 -0800711 // We risk buffer overflows with oversized keys, so we just reject them.
712 // 0-sized keys are problematic (essentially by-passing encryption), and
713 // AES-CBC key wrapping only works for multiples of 16 bytes.
714 if ((crypt_ftr->keysize == 0) || ((crypt_ftr->keysize % 16) != 0) ||
715 (crypt_ftr->keysize > MAX_KEY_LEN)) {
716 SLOGE("Invalid keysize (%u) for block device %s; Must be non-zero, "
717 "divisible by 16, and <= %d\n", crypt_ftr->keysize, fname,
718 MAX_KEY_LEN);
719 goto errout;
720 }
721
Kenny Rootc96a5f82013-06-14 12:08:28 -0700722 if (crypt_ftr->minor_version > CURRENT_MINOR_VERSION) {
723 SLOGW("Warning: crypto footer minor version %d, expected <= %d, continuing...\n",
724 crypt_ftr->minor_version, CURRENT_MINOR_VERSION);
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800725 }
726
Ken Sumrall160b4d62013-04-22 12:15:39 -0700727 /* If this is a verion 1.0 crypt_ftr, make it a 1.1 crypt footer, and update the
728 * copy on disk before returning.
729 */
Kenny Rootc96a5f82013-06-14 12:08:28 -0700730 if (crypt_ftr->minor_version < CURRENT_MINOR_VERSION) {
Ken Sumrall160b4d62013-04-22 12:15:39 -0700731 upgrade_crypt_ftr(fd, crypt_ftr, starting_off);
Ken Sumralle8744072011-01-18 22:01:55 -0800732 }
733
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800734 /* Success! */
735 rc = 0;
736
737errout:
738 close(fd);
739 return rc;
740}
741
Ken Sumrall160b4d62013-04-22 12:15:39 -0700742static int validate_persistent_data_storage(struct crypt_mnt_ftr *crypt_ftr)
743{
744 if (crypt_ftr->persist_data_offset[0] + crypt_ftr->persist_data_size >
745 crypt_ftr->persist_data_offset[1]) {
746 SLOGE("Crypt_ftr persist data regions overlap");
747 return -1;
748 }
749
750 if (crypt_ftr->persist_data_offset[0] >= crypt_ftr->persist_data_offset[1]) {
751 SLOGE("Crypt_ftr persist data region 0 starts after region 1");
752 return -1;
753 }
754
755 if (((crypt_ftr->persist_data_offset[1] + crypt_ftr->persist_data_size) -
756 (crypt_ftr->persist_data_offset[0] - CRYPT_FOOTER_TO_PERSIST_OFFSET)) >
757 CRYPT_FOOTER_OFFSET) {
758 SLOGE("Persistent data extends past crypto footer");
759 return -1;
760 }
761
762 return 0;
763}
764
765static int load_persistent_data(void)
766{
767 struct crypt_mnt_ftr crypt_ftr;
768 struct crypt_persist_data *pdata = NULL;
769 char encrypted_state[PROPERTY_VALUE_MAX];
770 char *fname;
771 int found = 0;
772 int fd;
773 int ret;
774 int i;
775
776 if (persist_data) {
777 /* Nothing to do, we've already loaded or initialized it */
778 return 0;
779 }
780
781
782 /* If not encrypted, just allocate an empty table and initialize it */
783 property_get("ro.crypto.state", encrypted_state, "");
784 if (strcmp(encrypted_state, "encrypted") ) {
Wei Wang4375f1b2017-02-24 17:43:01 -0800785 pdata = (crypt_persist_data*)malloc(CRYPT_PERSIST_DATA_SIZE);
Ken Sumrall160b4d62013-04-22 12:15:39 -0700786 if (pdata) {
787 init_empty_persist_data(pdata, CRYPT_PERSIST_DATA_SIZE);
788 persist_data = pdata;
789 return 0;
790 }
791 return -1;
792 }
793
794 if(get_crypt_ftr_and_key(&crypt_ftr)) {
795 return -1;
796 }
797
Paul Lawrence8561b5c2014-03-17 14:10:51 -0700798 if ((crypt_ftr.major_version < 1)
799 || (crypt_ftr.major_version == 1 && crypt_ftr.minor_version < 1)) {
Ken Sumrall160b4d62013-04-22 12:15:39 -0700800 SLOGE("Crypt_ftr version doesn't support persistent data");
801 return -1;
802 }
803
804 if (get_crypt_ftr_info(&fname, NULL)) {
805 return -1;
806 }
807
808 ret = validate_persistent_data_storage(&crypt_ftr);
809 if (ret) {
810 return -1;
811 }
812
Jeff Sharkeyce6a9132015-04-08 21:07:21 -0700813 fd = open(fname, O_RDONLY|O_CLOEXEC);
Ken Sumrall160b4d62013-04-22 12:15:39 -0700814 if (fd < 0) {
815 SLOGE("Cannot open %s metadata file", fname);
816 return -1;
817 }
818
Wei Wang4375f1b2017-02-24 17:43:01 -0800819 pdata = (crypt_persist_data*)malloc(crypt_ftr.persist_data_size);
Paul Lawrence300dae72016-03-11 11:02:52 -0800820 if (pdata == NULL) {
821 SLOGE("Cannot allocate memory for persistent data");
822 goto err;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700823 }
824
825 for (i = 0; i < 2; i++) {
826 if (lseek64(fd, crypt_ftr.persist_data_offset[i], SEEK_SET) < 0) {
827 SLOGE("Cannot seek to read persistent data on %s", fname);
828 goto err2;
829 }
830 if (unix_read(fd, pdata, crypt_ftr.persist_data_size) < 0){
831 SLOGE("Error reading persistent data on iteration %d", i);
832 goto err2;
833 }
834 if (pdata->persist_magic == PERSIST_DATA_MAGIC) {
835 found = 1;
836 break;
837 }
838 }
839
840 if (!found) {
841 SLOGI("Could not find valid persistent data, creating");
842 init_empty_persist_data(pdata, crypt_ftr.persist_data_size);
843 }
844
845 /* Success */
846 persist_data = pdata;
847 close(fd);
848 return 0;
849
850err2:
851 free(pdata);
852
853err:
854 close(fd);
855 return -1;
856}
857
858static int save_persistent_data(void)
859{
860 struct crypt_mnt_ftr crypt_ftr;
861 struct crypt_persist_data *pdata;
862 char *fname;
863 off64_t write_offset;
864 off64_t erase_offset;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700865 int fd;
866 int ret;
867
868 if (persist_data == NULL) {
869 SLOGE("No persistent data to save");
870 return -1;
871 }
872
873 if(get_crypt_ftr_and_key(&crypt_ftr)) {
874 return -1;
875 }
876
Paul Lawrence8561b5c2014-03-17 14:10:51 -0700877 if ((crypt_ftr.major_version < 1)
878 || (crypt_ftr.major_version == 1 && crypt_ftr.minor_version < 1)) {
Ken Sumrall160b4d62013-04-22 12:15:39 -0700879 SLOGE("Crypt_ftr version doesn't support persistent data");
880 return -1;
881 }
882
883 ret = validate_persistent_data_storage(&crypt_ftr);
884 if (ret) {
885 return -1;
886 }
887
888 if (get_crypt_ftr_info(&fname, NULL)) {
889 return -1;
890 }
891
Jeff Sharkeyce6a9132015-04-08 21:07:21 -0700892 fd = open(fname, O_RDWR|O_CLOEXEC);
Ken Sumrall160b4d62013-04-22 12:15:39 -0700893 if (fd < 0) {
894 SLOGE("Cannot open %s metadata file", fname);
895 return -1;
896 }
897
Wei Wang4375f1b2017-02-24 17:43:01 -0800898 pdata = (crypt_persist_data*)malloc(crypt_ftr.persist_data_size);
Ken Sumrall160b4d62013-04-22 12:15:39 -0700899 if (pdata == NULL) {
900 SLOGE("Cannot allocate persistant data");
901 goto err;
902 }
903
904 if (lseek64(fd, crypt_ftr.persist_data_offset[0], SEEK_SET) < 0) {
905 SLOGE("Cannot seek to read persistent data on %s", fname);
906 goto err2;
907 }
908
909 if (unix_read(fd, pdata, crypt_ftr.persist_data_size) < 0) {
910 SLOGE("Error reading persistent data before save");
911 goto err2;
912 }
913
914 if (pdata->persist_magic == PERSIST_DATA_MAGIC) {
915 /* The first copy is the curent valid copy, so write to
916 * the second copy and erase this one */
917 write_offset = crypt_ftr.persist_data_offset[1];
918 erase_offset = crypt_ftr.persist_data_offset[0];
919 } else {
920 /* The second copy must be the valid copy, so write to
921 * the first copy, and erase the second */
922 write_offset = crypt_ftr.persist_data_offset[0];
923 erase_offset = crypt_ftr.persist_data_offset[1];
924 }
925
926 /* Write the new copy first, if successful, then erase the old copy */
Björn Landström96dbee72015-01-20 12:43:56 +0100927 if (lseek64(fd, write_offset, SEEK_SET) < 0) {
Ken Sumrall160b4d62013-04-22 12:15:39 -0700928 SLOGE("Cannot seek to write persistent data");
929 goto err2;
930 }
931 if (unix_write(fd, persist_data, crypt_ftr.persist_data_size) ==
932 (int) crypt_ftr.persist_data_size) {
Björn Landström96dbee72015-01-20 12:43:56 +0100933 if (lseek64(fd, erase_offset, SEEK_SET) < 0) {
Ken Sumrall160b4d62013-04-22 12:15:39 -0700934 SLOGE("Cannot seek to erase previous persistent data");
935 goto err2;
936 }
937 fsync(fd);
938 memset(pdata, 0, crypt_ftr.persist_data_size);
939 if (unix_write(fd, pdata, crypt_ftr.persist_data_size) !=
940 (int) crypt_ftr.persist_data_size) {
941 SLOGE("Cannot write to erase previous persistent data");
942 goto err2;
943 }
944 fsync(fd);
945 } else {
946 SLOGE("Cannot write to save persistent data");
947 goto err2;
948 }
949
950 /* Success */
951 free(pdata);
952 close(fd);
953 return 0;
954
955err2:
956 free(pdata);
957err:
958 close(fd);
959 return -1;
960}
961
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800962/* Convert a binary key of specified length into an ascii hex string equivalent,
963 * without the leading 0x and with null termination
964 */
Jeff Sharkey9c484982015-03-31 10:35:33 -0700965static void convert_key_to_hex_ascii(const unsigned char *master_key,
Paul Lawrence3bd36d52015-06-09 13:37:44 -0700966 unsigned int keysize, char *master_key_ascii) {
967 unsigned int i, a;
968 unsigned char nibble;
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800969
Paul Lawrence3bd36d52015-06-09 13:37:44 -0700970 for (i=0, a=0; i<keysize; i++, a+=2) {
971 /* For each byte, write out two ascii hex digits */
972 nibble = (master_key[i] >> 4) & 0xf;
973 master_key_ascii[a] = nibble + (nibble > 9 ? 0x37 : 0x30);
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800974
Paul Lawrence3bd36d52015-06-09 13:37:44 -0700975 nibble = master_key[i] & 0xf;
976 master_key_ascii[a+1] = nibble + (nibble > 9 ? 0x37 : 0x30);
977 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800978
Paul Lawrence3bd36d52015-06-09 13:37:44 -0700979 /* Add the null termination */
980 master_key_ascii[a] = '\0';
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800981
982}
983
Jeff Sharkey9c484982015-03-31 10:35:33 -0700984static int load_crypto_mapping_table(struct crypt_mnt_ftr *crypt_ftr,
985 const unsigned char *master_key, const char *real_blk_name,
986 const char *name, int fd, const char *extra_params) {
Wei Wang4375f1b2017-02-24 17:43:01 -0800987 alignas(struct dm_ioctl) char buffer[DM_CRYPT_BUF_SIZE];
Ken Sumralldb5e0262013-02-05 17:39:48 -0800988 struct dm_ioctl *io;
989 struct dm_target_spec *tgt;
990 char *crypt_params;
Greg Kaiser59ad0182018-02-16 13:01:36 -0800991 // We need two ASCII characters to represent each byte, and need space for
992 // the '\0' terminator.
993 char master_key_ascii[MAX_KEY_LEN * 2 + 1];
George Burgess IV605d7ae2016-02-29 13:39:17 -0800994 size_t buff_offset;
Ken Sumralldb5e0262013-02-05 17:39:48 -0800995 int i;
996
997 io = (struct dm_ioctl *) buffer;
998
999 /* Load the mapping table for this device */
1000 tgt = (struct dm_target_spec *) &buffer[sizeof(struct dm_ioctl)];
1001
1002 ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
1003 io->target_count = 1;
1004 tgt->status = 0;
1005 tgt->sector_start = 0;
1006 tgt->length = crypt_ftr->fs_size;
Ajay Dudani87701e22014-09-17 21:02:52 -07001007 strlcpy(tgt->target_type, "crypt", DM_MAX_TYPE_NAME);
Ken Sumralldb5e0262013-02-05 17:39:48 -08001008
1009 crypt_params = buffer + sizeof(struct dm_ioctl) + sizeof(struct dm_target_spec);
1010 convert_key_to_hex_ascii(master_key, crypt_ftr->keysize, master_key_ascii);
George Burgess IV605d7ae2016-02-29 13:39:17 -08001011
1012 buff_offset = crypt_params - buffer;
Paul Crowley5afbc622017-11-27 09:42:17 -08001013 SLOGI("Extra parameters for dm_crypt: %s\n", extra_params);
George Burgess IV605d7ae2016-02-29 13:39:17 -08001014 snprintf(crypt_params, sizeof(buffer) - buff_offset, "%s %s 0 %s 0 %s",
1015 crypt_ftr->crypto_type_name, master_key_ascii, real_blk_name,
1016 extra_params);
Ken Sumralldb5e0262013-02-05 17:39:48 -08001017 crypt_params += strlen(crypt_params) + 1;
1018 crypt_params = (char *) (((unsigned long)crypt_params + 7) & ~8); /* Align to an 8 byte boundary */
1019 tgt->next = crypt_params - buffer;
1020
1021 for (i = 0; i < TABLE_LOAD_RETRIES; i++) {
1022 if (! ioctl(fd, DM_TABLE_LOAD, io)) {
1023 break;
1024 }
1025 usleep(500000);
1026 }
1027
1028 if (i == TABLE_LOAD_RETRIES) {
1029 /* We failed to load the table, return an error */
1030 return -1;
1031 } else {
1032 return i + 1;
1033 }
1034}
1035
1036
1037static int get_dm_crypt_version(int fd, const char *name, int *version)
1038{
1039 char buffer[DM_CRYPT_BUF_SIZE];
1040 struct dm_ioctl *io;
1041 struct dm_target_versions *v;
Ken Sumralldb5e0262013-02-05 17:39:48 -08001042
1043 io = (struct dm_ioctl *) buffer;
1044
1045 ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
1046
1047 if (ioctl(fd, DM_LIST_VERSIONS, io)) {
1048 return -1;
1049 }
1050
1051 /* Iterate over the returned versions, looking for name of "crypt".
1052 * When found, get and return the version.
1053 */
1054 v = (struct dm_target_versions *) &buffer[sizeof(struct dm_ioctl)];
1055 while (v->next) {
1056 if (! strcmp(v->name, "crypt")) {
1057 /* We found the crypt driver, return the version, and get out */
1058 version[0] = v->version[0];
1059 version[1] = v->version[1];
1060 version[2] = v->version[2];
1061 return 0;
1062 }
1063 v = (struct dm_target_versions *)(((char *)v) + v->next);
1064 }
1065
1066 return -1;
1067}
1068
Paul Crowley5afbc622017-11-27 09:42:17 -08001069static std::string extra_params_as_string(const std::vector<std::string>& extra_params_vec) {
1070 if (extra_params_vec.empty()) return "";
1071 std::string extra_params = std::to_string(extra_params_vec.size());
1072 for (const auto& p : extra_params_vec) {
1073 extra_params.append(" ");
1074 extra_params.append(p);
1075 }
1076 return extra_params;
1077}
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001078
Paul Crowley5afbc622017-11-27 09:42:17 -08001079static int create_crypto_blk_dev(struct crypt_mnt_ftr* crypt_ftr, const unsigned char* master_key,
1080 const char* real_blk_name, char* crypto_blk_name, const char* name,
1081 uint32_t flags) {
1082 char buffer[DM_CRYPT_BUF_SIZE];
1083 struct dm_ioctl* io;
1084 unsigned int minor;
1085 int fd = 0;
1086 int err;
1087 int retval = -1;
1088 int version[3];
1089 int load_count;
1090 std::vector<std::string> extra_params_vec;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001091
Paul Crowley5afbc622017-11-27 09:42:17 -08001092 if ((fd = open("/dev/device-mapper", O_RDWR | O_CLOEXEC)) < 0) {
1093 SLOGE("Cannot open device-mapper\n");
1094 goto errout;
1095 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001096
Paul Crowley5afbc622017-11-27 09:42:17 -08001097 io = (struct dm_ioctl*)buffer;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001098
Paul Crowley5afbc622017-11-27 09:42:17 -08001099 ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
1100 err = ioctl(fd, DM_DEV_CREATE, io);
1101 if (err) {
1102 SLOGE("Cannot create dm-crypt device %s: %s\n", name, strerror(errno));
1103 goto errout;
1104 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001105
Paul Crowley5afbc622017-11-27 09:42:17 -08001106 /* Get the device status, in particular, the name of it's device file */
1107 ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
1108 if (ioctl(fd, DM_DEV_STATUS, io)) {
1109 SLOGE("Cannot retrieve dm-crypt device status\n");
1110 goto errout;
1111 }
1112 minor = (io->dev & 0xff) | ((io->dev >> 12) & 0xfff00);
1113 snprintf(crypto_blk_name, MAXPATHLEN, "/dev/block/dm-%u", minor);
Ken Sumralle919efe2012-09-29 17:07:41 -07001114
Paul Crowley5afbc622017-11-27 09:42:17 -08001115 if (!get_dm_crypt_version(fd, name, version)) {
1116 /* Support for allow_discards was added in version 1.11.0 */
1117 if ((version[0] >= 2) || ((version[0] == 1) && (version[1] >= 11))) {
1118 extra_params_vec.emplace_back("allow_discards");
1119 }
1120 }
1121 if (flags & CREATE_CRYPTO_BLK_DEV_FLAGS_ALLOW_ENCRYPT_OVERRIDE) {
1122 extra_params_vec.emplace_back("allow_encrypt_override");
1123 }
1124 load_count = load_crypto_mapping_table(crypt_ftr, master_key, real_blk_name, name, fd,
1125 extra_params_as_string(extra_params_vec).c_str());
1126 if (load_count < 0) {
1127 SLOGE("Cannot load dm-crypt mapping table.\n");
1128 goto errout;
1129 } else if (load_count > 1) {
1130 SLOGI("Took %d tries to load dmcrypt table.\n", load_count);
1131 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001132
Paul Crowley5afbc622017-11-27 09:42:17 -08001133 /* Resume this device to activate it */
1134 ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001135
Paul Crowley5afbc622017-11-27 09:42:17 -08001136 if (ioctl(fd, DM_DEV_SUSPEND, io)) {
1137 SLOGE("Cannot resume the dm-crypt device\n");
1138 goto errout;
1139 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001140
Paul Crowley5afbc622017-11-27 09:42:17 -08001141 /* We made it here with no errors. Woot! */
1142 retval = 0;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001143
1144errout:
1145 close(fd); /* If fd is <0 from a failed open call, it's safe to just ignore the close error */
1146
1147 return retval;
1148}
1149
Wei Wang4375f1b2017-02-24 17:43:01 -08001150static int delete_crypto_blk_dev(const char *name)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001151{
1152 int fd;
1153 char buffer[DM_CRYPT_BUF_SIZE];
1154 struct dm_ioctl *io;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001155 int retval = -1;
1156
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07001157 if ((fd = open("/dev/device-mapper", O_RDWR|O_CLOEXEC)) < 0 ) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001158 SLOGE("Cannot open device-mapper\n");
1159 goto errout;
1160 }
1161
1162 io = (struct dm_ioctl *) buffer;
1163
1164 ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
1165 if (ioctl(fd, DM_DEV_REMOVE, io)) {
1166 SLOGE("Cannot remove dm-crypt device\n");
1167 goto errout;
1168 }
1169
1170 /* We made it here with no errors. Woot! */
1171 retval = 0;
1172
1173errout:
1174 close(fd); /* If fd is <0 from a failed open call, it's safe to just ignore the close error */
1175
1176 return retval;
1177
1178}
1179
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001180static int pbkdf2(const char *passwd, const unsigned char *salt,
Paul Lawrencef4faa572014-01-29 13:31:03 -08001181 unsigned char *ikey, void *params UNUSED)
1182{
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001183 SLOGI("Using pbkdf2 for cryptfs KDF");
1184
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001185 /* Turn the password into a key and IV that can decrypt the master key */
Adam Langleybf0d9722015-11-04 14:51:39 -08001186 return PKCS5_PBKDF2_HMAC_SHA1(passwd, strlen(passwd), salt, SALT_LEN,
Greg Kaiserc0de9c72018-02-14 20:05:54 -08001187 HASH_COUNT, INTERMEDIATE_BUF_SIZE,
Adam Langleybf0d9722015-11-04 14:51:39 -08001188 ikey) != 1;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001189}
1190
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001191static int scrypt(const char *passwd, const unsigned char *salt,
Paul Lawrencef4faa572014-01-29 13:31:03 -08001192 unsigned char *ikey, void *params)
1193{
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001194 SLOGI("Using scrypt for cryptfs KDF");
1195
Kenny Rootc4c70f12013-06-14 12:11:38 -07001196 struct crypt_mnt_ftr *ftr = (struct crypt_mnt_ftr *) params;
1197
1198 int N = 1 << ftr->N_factor;
1199 int r = 1 << ftr->r_factor;
1200 int p = 1 << ftr->p_factor;
1201
1202 /* Turn the password into a key and IV that can decrypt the master key */
Paul Lawrence3bd36d52015-06-09 13:37:44 -07001203 crypto_scrypt((const uint8_t*)passwd, strlen(passwd),
1204 salt, SALT_LEN, N, r, p, ikey,
Greg Kaiserc0de9c72018-02-14 20:05:54 -08001205 INTERMEDIATE_BUF_SIZE);
Paul Lawrencef4faa572014-01-29 13:31:03 -08001206
Paul Lawrence3bd36d52015-06-09 13:37:44 -07001207 return 0;
Kenny Rootc4c70f12013-06-14 12:11:38 -07001208}
1209
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001210static int scrypt_keymaster(const char *passwd, const unsigned char *salt,
1211 unsigned char *ikey, void *params)
1212{
1213 SLOGI("Using scrypt with keymaster for cryptfs KDF");
1214
1215 int rc;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001216 size_t signature_size;
1217 unsigned char* signature;
1218 struct crypt_mnt_ftr *ftr = (struct crypt_mnt_ftr *) params;
1219
1220 int N = 1 << ftr->N_factor;
1221 int r = 1 << ftr->r_factor;
1222 int p = 1 << ftr->p_factor;
1223
Paul Lawrence3bd36d52015-06-09 13:37:44 -07001224 rc = crypto_scrypt((const uint8_t*)passwd, strlen(passwd),
1225 salt, SALT_LEN, N, r, p, ikey,
Greg Kaiserc0de9c72018-02-14 20:05:54 -08001226 INTERMEDIATE_BUF_SIZE);
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001227
1228 if (rc) {
1229 SLOGE("scrypt failed");
1230 return -1;
1231 }
1232
Greg Kaiserc0de9c72018-02-14 20:05:54 -08001233 if (keymaster_sign_object(ftr, ikey, INTERMEDIATE_BUF_SIZE,
Shawn Willdene17a9c42014-09-08 13:04:08 -06001234 &signature, &signature_size)) {
1235 SLOGE("Signing failed");
1236 return -1;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001237 }
1238
1239 rc = crypto_scrypt(signature, signature_size, salt, SALT_LEN,
Greg Kaiserc0de9c72018-02-14 20:05:54 -08001240 N, r, p, ikey, INTERMEDIATE_BUF_SIZE);
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001241 free(signature);
1242
1243 if (rc) {
1244 SLOGE("scrypt failed");
1245 return -1;
1246 }
1247
1248 return 0;
1249}
1250
1251static int encrypt_master_key(const char *passwd, const unsigned char *salt,
1252 const unsigned char *decrypted_master_key,
Kenny Rootc4c70f12013-06-14 12:11:38 -07001253 unsigned char *encrypted_master_key,
1254 struct crypt_mnt_ftr *crypt_ftr)
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001255{
Greg Kaiserc0de9c72018-02-14 20:05:54 -08001256 unsigned char ikey[INTERMEDIATE_BUF_SIZE] = { 0 };
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001257 EVP_CIPHER_CTX e_ctx;
1258 int encrypted_len, final_len;
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001259 int rc = 0;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001260
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001261 /* Turn the password into an intermediate key and IV that can decrypt the master key */
Kenny Rootc4c70f12013-06-14 12:11:38 -07001262 get_device_scrypt_params(crypt_ftr);
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001263
1264 switch (crypt_ftr->kdf_type) {
1265 case KDF_SCRYPT_KEYMASTER:
1266 if (keymaster_create_key(crypt_ftr)) {
1267 SLOGE("keymaster_create_key failed");
1268 return -1;
1269 }
1270
1271 if (scrypt_keymaster(passwd, salt, ikey, crypt_ftr)) {
1272 SLOGE("scrypt failed");
1273 return -1;
1274 }
1275 break;
1276
1277 case KDF_SCRYPT:
1278 if (scrypt(passwd, salt, ikey, crypt_ftr)) {
1279 SLOGE("scrypt failed");
1280 return -1;
1281 }
1282 break;
1283
1284 default:
1285 SLOGE("Invalid kdf_type");
Paul Lawrencef4faa572014-01-29 13:31:03 -08001286 return -1;
1287 }
Kenny Rootc4c70f12013-06-14 12:11:38 -07001288
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001289 /* Initialize the decryption engine */
Adam Langley889c4f12014-09-03 14:23:13 -07001290 EVP_CIPHER_CTX_init(&e_ctx);
Greg Kaiserc0de9c72018-02-14 20:05:54 -08001291 if (! EVP_EncryptInit_ex(&e_ctx, EVP_aes_128_cbc(), NULL, ikey,
1292 ikey+INTERMEDIATE_KEY_LEN_BYTES)) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001293 SLOGE("EVP_EncryptInit failed\n");
1294 return -1;
1295 }
1296 EVP_CIPHER_CTX_set_padding(&e_ctx, 0); /* Turn off padding as our data is block aligned */
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001297
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001298 /* Encrypt the master key */
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001299 if (! EVP_EncryptUpdate(&e_ctx, encrypted_master_key, &encrypted_len,
Greg Kaiser59ad0182018-02-16 13:01:36 -08001300 decrypted_master_key, crypt_ftr->keysize)) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001301 SLOGE("EVP_EncryptUpdate failed\n");
1302 return -1;
1303 }
Adam Langley889c4f12014-09-03 14:23:13 -07001304 if (! EVP_EncryptFinal_ex(&e_ctx, encrypted_master_key + encrypted_len, &final_len)) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001305 SLOGE("EVP_EncryptFinal failed\n");
1306 return -1;
1307 }
1308
Greg Kaiser59ad0182018-02-16 13:01:36 -08001309 if (encrypted_len + final_len != static_cast<int>(crypt_ftr->keysize)) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001310 SLOGE("EVP_Encryption length check failed with %d, %d bytes\n", encrypted_len, final_len);
1311 return -1;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001312 }
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001313
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001314 /* Store the scrypt of the intermediate key, so we can validate if it's a
1315 password error or mount error when things go wrong.
1316 Note there's no need to check for errors, since if this is incorrect, we
1317 simply won't wipe userdata, which is the correct default behavior
1318 */
1319 int N = 1 << crypt_ftr->N_factor;
1320 int r = 1 << crypt_ftr->r_factor;
1321 int p = 1 << crypt_ftr->p_factor;
1322
Greg Kaiserc0de9c72018-02-14 20:05:54 -08001323 rc = crypto_scrypt(ikey, INTERMEDIATE_KEY_LEN_BYTES,
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001324 crypt_ftr->salt, sizeof(crypt_ftr->salt), N, r, p,
1325 crypt_ftr->scrypted_intermediate_key,
1326 sizeof(crypt_ftr->scrypted_intermediate_key));
1327
1328 if (rc) {
1329 SLOGE("encrypt_master_key: crypto_scrypt failed");
1330 }
1331
Thurston Hou Yeen Dang06dc3112016-07-18 14:16:37 -07001332 EVP_CIPHER_CTX_cleanup(&e_ctx);
1333
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001334 return 0;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001335}
1336
Paul Lawrence731a7a22015-04-28 22:14:15 +00001337static int decrypt_master_key_aux(const char *passwd, unsigned char *salt,
Greg Kaiser59ad0182018-02-16 13:01:36 -08001338 const unsigned char *encrypted_master_key,
1339 size_t keysize,
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001340 unsigned char *decrypted_master_key,
1341 kdf_func kdf, void *kdf_params,
1342 unsigned char** intermediate_key,
1343 size_t* intermediate_key_size)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001344{
Greg Kaiserc0de9c72018-02-14 20:05:54 -08001345 unsigned char ikey[INTERMEDIATE_BUF_SIZE] = { 0 };
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001346 EVP_CIPHER_CTX d_ctx;
1347 int decrypted_len, final_len;
1348
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001349 /* Turn the password into an intermediate key and IV that can decrypt the
1350 master key */
Paul Lawrencef4faa572014-01-29 13:31:03 -08001351 if (kdf(passwd, salt, ikey, kdf_params)) {
1352 SLOGE("kdf failed");
1353 return -1;
1354 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001355
1356 /* Initialize the decryption engine */
Adam Langley889c4f12014-09-03 14:23:13 -07001357 EVP_CIPHER_CTX_init(&d_ctx);
Greg Kaiserc0de9c72018-02-14 20:05:54 -08001358 if (! EVP_DecryptInit_ex(&d_ctx, EVP_aes_128_cbc(), NULL, ikey, ikey+INTERMEDIATE_KEY_LEN_BYTES)) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001359 return -1;
1360 }
1361 EVP_CIPHER_CTX_set_padding(&d_ctx, 0); /* Turn off padding as our data is block aligned */
1362 /* Decrypt the master key */
1363 if (! EVP_DecryptUpdate(&d_ctx, decrypted_master_key, &decrypted_len,
Greg Kaiser59ad0182018-02-16 13:01:36 -08001364 encrypted_master_key, keysize)) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001365 return -1;
1366 }
Adam Langley889c4f12014-09-03 14:23:13 -07001367 if (! EVP_DecryptFinal_ex(&d_ctx, decrypted_master_key + decrypted_len, &final_len)) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001368 return -1;
1369 }
1370
Greg Kaiser59ad0182018-02-16 13:01:36 -08001371 if (decrypted_len + final_len != static_cast<int>(keysize)) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001372 return -1;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001373 }
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001374
1375 /* Copy intermediate key if needed by params */
1376 if (intermediate_key && intermediate_key_size) {
Greg Kaiserc0de9c72018-02-14 20:05:54 -08001377 *intermediate_key = (unsigned char*) malloc(INTERMEDIATE_KEY_LEN_BYTES);
Greg Kaisere8167af2016-04-20 10:50:15 -07001378 if (*intermediate_key) {
Greg Kaiserc0de9c72018-02-14 20:05:54 -08001379 memcpy(*intermediate_key, ikey, INTERMEDIATE_KEY_LEN_BYTES);
1380 *intermediate_key_size = INTERMEDIATE_KEY_LEN_BYTES;
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001381 }
1382 }
1383
Thurston Hou Yeen Dang06dc3112016-07-18 14:16:37 -07001384 EVP_CIPHER_CTX_cleanup(&d_ctx);
1385
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001386 return 0;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001387}
1388
Kenny Rootc4c70f12013-06-14 12:11:38 -07001389static void get_kdf_func(struct crypt_mnt_ftr *ftr, kdf_func *kdf, void** kdf_params)
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001390{
Paul Lawrencedb3730c2015-02-03 13:08:10 -08001391 if (ftr->kdf_type == KDF_SCRYPT_KEYMASTER) {
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001392 *kdf = scrypt_keymaster;
1393 *kdf_params = ftr;
1394 } else if (ftr->kdf_type == KDF_SCRYPT) {
Kenny Rootc4c70f12013-06-14 12:11:38 -07001395 *kdf = scrypt;
1396 *kdf_params = ftr;
1397 } else {
1398 *kdf = pbkdf2;
1399 *kdf_params = NULL;
1400 }
1401}
1402
Paul Lawrence731a7a22015-04-28 22:14:15 +00001403static int decrypt_master_key(const char *passwd, unsigned char *decrypted_master_key,
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001404 struct crypt_mnt_ftr *crypt_ftr,
1405 unsigned char** intermediate_key,
1406 size_t* intermediate_key_size)
Kenny Rootc4c70f12013-06-14 12:11:38 -07001407{
1408 kdf_func kdf;
1409 void *kdf_params;
1410 int ret;
1411
1412 get_kdf_func(crypt_ftr, &kdf, &kdf_params);
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001413 ret = decrypt_master_key_aux(passwd, crypt_ftr->salt, crypt_ftr->master_key,
Greg Kaiser59ad0182018-02-16 13:01:36 -08001414 crypt_ftr->keysize,
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001415 decrypted_master_key, kdf, kdf_params,
1416 intermediate_key, intermediate_key_size);
Kenny Rootc4c70f12013-06-14 12:11:38 -07001417 if (ret != 0) {
1418 SLOGW("failure decrypting master key");
Kenny Rootc4c70f12013-06-14 12:11:38 -07001419 }
1420
1421 return ret;
1422}
1423
Wei Wang4375f1b2017-02-24 17:43:01 -08001424static int create_encrypted_random_key(const char *passwd, unsigned char *master_key, unsigned char *salt,
Kenny Rootc4c70f12013-06-14 12:11:38 -07001425 struct crypt_mnt_ftr *crypt_ftr) {
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001426 int fd;
Greg Kaiser59ad0182018-02-16 13:01:36 -08001427 unsigned char key_buf[MAX_KEY_LEN];
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001428
1429 /* Get some random bits for a key */
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07001430 fd = open("/dev/urandom", O_RDONLY|O_CLOEXEC);
Ken Sumralle8744072011-01-18 22:01:55 -08001431 read(fd, key_buf, sizeof(key_buf));
1432 read(fd, salt, SALT_LEN);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001433 close(fd);
1434
1435 /* Now encrypt it with the password */
Kenny Rootc4c70f12013-06-14 12:11:38 -07001436 return encrypt_master_key(passwd, salt, key_buf, master_key, crypt_ftr);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001437}
1438
Paul Lawrence2f32cda2015-05-05 14:28:25 -07001439int wait_and_unmount(const char *mountpoint, bool kill)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001440{
Greg Hackmann955653e2014-09-24 14:55:20 -07001441 int i, err, rc;
Ken Sumrall2eaf7132011-01-14 12:45:48 -08001442#define WAIT_UNMOUNT_COUNT 20
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001443
1444 /* Now umount the tmpfs filesystem */
1445 for (i=0; i<WAIT_UNMOUNT_COUNT; i++) {
Greg Hackmann6e8440f2014-10-02 17:18:20 -07001446 if (umount(mountpoint) == 0) {
1447 break;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001448 }
Greg Hackmann6e8440f2014-10-02 17:18:20 -07001449
1450 if (errno == EINVAL) {
1451 /* EINVAL is returned if the directory is not a mountpoint,
1452 * i.e. there is no filesystem mounted there. So just get out.
1453 */
1454 break;
1455 }
1456
1457 err = errno;
1458
1459 /* If allowed, be increasingly aggressive before the last two retries */
1460 if (kill) {
1461 if (i == (WAIT_UNMOUNT_COUNT - 3)) {
1462 SLOGW("sending SIGHUP to processes with open files\n");
Jeff Sharkey3472e522017-10-06 18:02:53 -06001463 android::vold::KillProcessesWithOpenFiles(mountpoint, SIGTERM);
Greg Hackmann6e8440f2014-10-02 17:18:20 -07001464 } else if (i == (WAIT_UNMOUNT_COUNT - 2)) {
1465 SLOGW("sending SIGKILL to processes with open files\n");
Jeff Sharkey3472e522017-10-06 18:02:53 -06001466 android::vold::KillProcessesWithOpenFiles(mountpoint, SIGKILL);
Greg Hackmann6e8440f2014-10-02 17:18:20 -07001467 }
1468 }
1469
1470 sleep(1);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001471 }
1472
1473 if (i < WAIT_UNMOUNT_COUNT) {
1474 SLOGD("unmounting %s succeeded\n", mountpoint);
1475 rc = 0;
1476 } else {
Jeff Sharkey3472e522017-10-06 18:02:53 -06001477 android::vold::KillProcessesWithOpenFiles(mountpoint, 0);
Greg Hackmann955653e2014-09-24 14:55:20 -07001478 SLOGE("unmounting %s failed: %s\n", mountpoint, strerror(err));
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001479 rc = -1;
1480 }
1481
1482 return rc;
1483}
1484
Wei Wang42e38102017-06-07 10:46:12 -07001485static void prep_data_fs(void)
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001486{
Jeff Sharkey47695b22016-02-01 17:02:29 -07001487 // NOTE: post_fs_data results in init calling back around to vold, so all
1488 // callers to this method must be async
1489
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001490 /* Do the prep of the /data filesystem */
1491 property_set("vold.post_fs_data_done", "0");
1492 property_set("vold.decrypt", "trigger_post_fs_data");
Wei Wang42e38102017-06-07 10:46:12 -07001493 SLOGD("Just triggered post_fs_data");
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001494
Ken Sumrallc5872692013-05-14 15:26:31 -07001495 /* Wait a max of 50 seconds, hopefully it takes much less */
Wei Wang42e38102017-06-07 10:46:12 -07001496 while (!android::base::WaitForProperty("vold.post_fs_data_done",
Wei Wang4375f1b2017-02-24 17:43:01 -08001497 "1",
Wei Wang42e38102017-06-07 10:46:12 -07001498 std::chrono::seconds(15))) {
1499 /* We timed out to prep /data in time. Continue wait. */
1500 SLOGE("waited 15s for vold.post_fs_data_done, still waiting...");
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001501 }
Wei Wang42e38102017-06-07 10:46:12 -07001502 SLOGD("post_fs_data done");
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001503}
1504
Paul Lawrence74f29f12014-08-28 15:54:10 -07001505static void cryptfs_set_corrupt()
1506{
1507 // Mark the footer as bad
1508 struct crypt_mnt_ftr crypt_ftr;
1509 if (get_crypt_ftr_and_key(&crypt_ftr)) {
1510 SLOGE("Failed to get crypto footer - panic");
1511 return;
1512 }
1513
1514 crypt_ftr.flags |= CRYPT_DATA_CORRUPT;
1515 if (put_crypt_ftr_and_key(&crypt_ftr)) {
1516 SLOGE("Failed to set crypto footer - panic");
1517 return;
1518 }
1519}
1520
1521static void cryptfs_trigger_restart_min_framework()
1522{
1523 if (fs_mgr_do_tmpfs_mount(DATA_MNT_POINT)) {
1524 SLOGE("Failed to mount tmpfs on data - panic");
1525 return;
1526 }
1527
1528 if (property_set("vold.decrypt", "trigger_post_fs_data")) {
1529 SLOGE("Failed to trigger post fs data - panic");
1530 return;
1531 }
1532
1533 if (property_set("vold.decrypt", "trigger_restart_min_framework")) {
1534 SLOGE("Failed to trigger restart min framework - panic");
1535 return;
1536 }
1537}
1538
Paul Lawrence8e3f4512014-09-08 10:11:17 -07001539/* returns < 0 on failure */
Paul Lawrencef4faa572014-01-29 13:31:03 -08001540static int cryptfs_restart_internal(int restart_main)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001541{
Ken Sumrall6864b7e2011-01-14 15:20:02 -08001542 char crypto_blkdev[MAXPATHLEN];
Tim Murray8439dc92014-12-15 11:56:11 -08001543 int rc = -1;
Ken Sumrall0cc16632011-01-18 20:32:26 -08001544 static int restart_successful = 0;
1545
1546 /* Validate that it's OK to call this routine */
Jason parks70a4b3f2011-01-28 10:10:47 -06001547 if (! master_key_saved) {
Ken Sumrall0cc16632011-01-18 20:32:26 -08001548 SLOGE("Encrypted filesystem not validated, aborting");
1549 return -1;
1550 }
1551
1552 if (restart_successful) {
1553 SLOGE("System already restarted with encrypted disk, aborting");
1554 return -1;
1555 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001556
Paul Lawrencef4faa572014-01-29 13:31:03 -08001557 if (restart_main) {
1558 /* Here is where we shut down the framework. The init scripts
1559 * start all services in one of three classes: core, main or late_start.
1560 * On boot, we start core and main. Now, we stop main, but not core,
1561 * as core includes vold and a few other really important things that
1562 * we need to keep running. Once main has stopped, we should be able
1563 * to umount the tmpfs /data, then mount the encrypted /data.
1564 * We then restart the class main, and also the class late_start.
1565 * At the moment, I've only put a few things in late_start that I know
1566 * are not needed to bring up the framework, and that also cause problems
1567 * with unmounting the tmpfs /data, but I hope to add add more services
1568 * to the late_start class as we optimize this to decrease the delay
1569 * till the user is asked for the password to the filesystem.
1570 */
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001571
Paul Lawrencef4faa572014-01-29 13:31:03 -08001572 /* The init files are setup to stop the class main when vold.decrypt is
1573 * set to trigger_reset_main.
1574 */
1575 property_set("vold.decrypt", "trigger_reset_main");
1576 SLOGD("Just asked init to shut down class main\n");
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001577
Paul Lawrencef4faa572014-01-29 13:31:03 -08001578 /* Ugh, shutting down the framework is not synchronous, so until it
1579 * can be fixed, this horrible hack will wait a moment for it all to
1580 * shut down before proceeding. Without it, some devices cannot
1581 * restart the graphics services.
1582 */
1583 sleep(2);
1584 }
Ken Sumrall9dedfd42012-10-09 14:16:59 -07001585
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001586 /* Now that the framework is shutdown, we should be able to umount()
1587 * the tmpfs filesystem, and mount the real one.
1588 */
1589
Ken Sumrall6864b7e2011-01-14 15:20:02 -08001590 property_get("ro.crypto.fs_crypto_blkdev", crypto_blkdev, "");
1591 if (strlen(crypto_blkdev) == 0) {
1592 SLOGE("fs_crypto_blkdev not set\n");
1593 return -1;
1594 }
1595
Greg Hackmann6e8440f2014-10-02 17:18:20 -07001596 if (! (rc = wait_and_unmount(DATA_MNT_POINT, true)) ) {
Doug Zongker6fd57712013-12-17 09:43:23 -08001597 /* If ro.crypto.readonly is set to 1, mount the decrypted
1598 * filesystem readonly. This is used when /data is mounted by
1599 * recovery mode.
1600 */
1601 char ro_prop[PROPERTY_VALUE_MAX];
1602 property_get("ro.crypto.readonly", ro_prop, "");
Jeff Sharkey95440eb2017-09-18 18:19:28 -06001603 if (strlen(ro_prop) > 0 && std::stoi(ro_prop)) {
Paul Crowleye2ee1522017-09-26 14:05:26 -07001604 struct fstab_rec* rec = fs_mgr_get_entry_for_mount_point(fstab_default, DATA_MNT_POINT);
Doug Zongker6fd57712013-12-17 09:43:23 -08001605 rec->flags |= MS_RDONLY;
1606 }
JP Abgrall62c7af32014-06-16 13:01:23 -07001607
Ken Sumralle5032c42012-04-01 23:58:44 -07001608 /* If that succeeded, then mount the decrypted filesystem */
Paul Lawrence8e3f4512014-09-08 10:11:17 -07001609 int retries = RETRY_MOUNT_ATTEMPTS;
1610 int mount_rc;
Jeff Vander Stoepdf725752016-01-29 15:34:43 -08001611
1612 /*
1613 * fs_mgr_do_mount runs fsck. Use setexeccon to run trusted
1614 * partitions in the fsck domain.
1615 */
1616 if (setexeccon(secontextFsck())){
1617 SLOGE("Failed to setexeccon");
1618 return -1;
1619 }
Paul Crowleye2ee1522017-09-26 14:05:26 -07001620 while ((mount_rc = fs_mgr_do_mount(fstab_default, DATA_MNT_POINT,
Paul Lawrence8e3f4512014-09-08 10:11:17 -07001621 crypto_blkdev, 0))
1622 != 0) {
1623 if (mount_rc == FS_MGR_DOMNT_BUSY) {
1624 /* TODO: invoke something similar to
1625 Process::killProcessWithOpenFiles(DATA_MNT_POINT,
1626 retries > RETRY_MOUNT_ATTEMPT/2 ? 1 : 2 ) */
1627 SLOGI("Failed to mount %s because it is busy - waiting",
1628 crypto_blkdev);
1629 if (--retries) {
1630 sleep(RETRY_MOUNT_DELAY_SECONDS);
1631 } else {
1632 /* Let's hope that a reboot clears away whatever is keeping
1633 the mount busy */
Josh Gaofec44372017-08-28 13:22:55 -07001634 cryptfs_reboot(RebootType::reboot);
Paul Lawrence8e3f4512014-09-08 10:11:17 -07001635 }
1636 } else {
1637 SLOGE("Failed to mount decrypted data");
1638 cryptfs_set_corrupt();
1639 cryptfs_trigger_restart_min_framework();
1640 SLOGI("Started framework to offer wipe");
Jeff Vander Stoepdf725752016-01-29 15:34:43 -08001641 if (setexeccon(NULL)) {
1642 SLOGE("Failed to setexeccon");
1643 }
Paul Lawrence8e3f4512014-09-08 10:11:17 -07001644 return -1;
1645 }
Paul Lawrence74f29f12014-08-28 15:54:10 -07001646 }
Jeff Vander Stoepdf725752016-01-29 15:34:43 -08001647 if (setexeccon(NULL)) {
1648 SLOGE("Failed to setexeccon");
1649 return -1;
1650 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001651
Ken Sumralle5032c42012-04-01 23:58:44 -07001652 /* Create necessary paths on /data */
Wei Wang42e38102017-06-07 10:46:12 -07001653 prep_data_fs();
Seigo Nonakae2ef0c02016-06-20 17:05:40 +09001654 property_set("vold.decrypt", "trigger_load_persist_props");
Ken Sumralle5032c42012-04-01 23:58:44 -07001655
1656 /* startup service classes main and late_start */
1657 property_set("vold.decrypt", "trigger_restart_framework");
1658 SLOGD("Just triggered restart_framework\n");
1659
1660 /* Give it a few moments to get started */
1661 sleep(1);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001662 }
1663
Ken Sumrall0cc16632011-01-18 20:32:26 -08001664 if (rc == 0) {
1665 restart_successful = 1;
1666 }
1667
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001668 return rc;
1669}
1670
Paul Lawrencef4faa572014-01-29 13:31:03 -08001671int cryptfs_restart(void)
1672{
Paul Lawrence05335c32015-03-05 09:46:23 -08001673 SLOGI("cryptfs_restart");
Paul Crowley38132a12016-02-09 09:50:32 +00001674 if (e4crypt_is_native()) {
Paul Lawrence7b6b5652016-02-02 11:14:59 -08001675 SLOGE("cryptfs_restart not valid for file encryption:");
1676 return -1;
Paul Lawrence05335c32015-03-05 09:46:23 -08001677 }
1678
Paul Lawrencef4faa572014-01-29 13:31:03 -08001679 /* Call internal implementation forcing a restart of main service group */
1680 return cryptfs_restart_internal(1);
1681}
1682
Wei Wang4375f1b2017-02-24 17:43:01 -08001683static int do_crypto_complete(const char *mount_point)
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08001684{
1685 struct crypt_mnt_ftr crypt_ftr;
Ken Sumrall29d8da82011-05-18 17:20:07 -07001686 char encrypted_state[PROPERTY_VALUE_MAX];
Ken Sumralle1a45852011-12-14 21:24:27 -08001687 char key_loc[PROPERTY_VALUE_MAX];
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08001688
1689 property_get("ro.crypto.state", encrypted_state, "");
1690 if (strcmp(encrypted_state, "encrypted") ) {
1691 SLOGE("not running with encryption, aborting");
Paul Lawrence74f29f12014-08-28 15:54:10 -07001692 return CRYPTO_COMPLETE_NOT_ENCRYPTED;
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08001693 }
1694
Paul Lawrence7b6b5652016-02-02 11:14:59 -08001695 // crypto_complete is full disk encrypted status
Paul Crowley38132a12016-02-09 09:50:32 +00001696 if (e4crypt_is_native()) {
Paul Lawrence7b6b5652016-02-02 11:14:59 -08001697 return CRYPTO_COMPLETE_NOT_ENCRYPTED;
Paul Lawrence05335c32015-03-05 09:46:23 -08001698 }
1699
Ken Sumrall160b4d62013-04-22 12:15:39 -07001700 if (get_crypt_ftr_and_key(&crypt_ftr)) {
Paul Crowleye2ee1522017-09-26 14:05:26 -07001701 fs_mgr_get_crypt_info(fstab_default, key_loc, 0, sizeof(key_loc));
Ken Sumralle5032c42012-04-01 23:58:44 -07001702
Ken Sumralle1a45852011-12-14 21:24:27 -08001703 /*
1704 * Only report this error if key_loc is a file and it exists.
1705 * If the device was never encrypted, and /data is not mountable for
1706 * some reason, returning 1 should prevent the UI from presenting the
1707 * a "enter password" screen, or worse, a "press button to wipe the
1708 * device" screen.
1709 */
1710 if ((key_loc[0] == '/') && (access("key_loc", F_OK) == -1)) {
1711 SLOGE("master key file does not exist, aborting");
Paul Lawrence74f29f12014-08-28 15:54:10 -07001712 return CRYPTO_COMPLETE_NOT_ENCRYPTED;
Ken Sumralle1a45852011-12-14 21:24:27 -08001713 } else {
1714 SLOGE("Error getting crypt footer and key\n");
Paul Lawrence74f29f12014-08-28 15:54:10 -07001715 return CRYPTO_COMPLETE_BAD_METADATA;
Ken Sumralle1a45852011-12-14 21:24:27 -08001716 }
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08001717 }
1718
Paul Lawrence74f29f12014-08-28 15:54:10 -07001719 // Test for possible error flags
1720 if (crypt_ftr.flags & CRYPT_ENCRYPTION_IN_PROGRESS){
1721 SLOGE("Encryption process is partway completed\n");
1722 return CRYPTO_COMPLETE_PARTIAL;
1723 }
1724
1725 if (crypt_ftr.flags & CRYPT_INCONSISTENT_STATE){
1726 SLOGE("Encryption process was interrupted but cannot continue\n");
1727 return CRYPTO_COMPLETE_INCONSISTENT;
1728 }
1729
1730 if (crypt_ftr.flags & CRYPT_DATA_CORRUPT){
1731 SLOGE("Encryption is successful but data is corrupt\n");
1732 return CRYPTO_COMPLETE_CORRUPT;
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08001733 }
1734
1735 /* We passed the test! We shall diminish, and return to the west */
Paul Lawrence74f29f12014-08-28 15:54:10 -07001736 return CRYPTO_COMPLETE_ENCRYPTED;
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08001737}
1738
Paul Lawrencef4faa572014-01-29 13:31:03 -08001739static int test_mount_encrypted_fs(struct crypt_mnt_ftr* crypt_ftr,
Wei Wang4375f1b2017-02-24 17:43:01 -08001740 const char *passwd, const char *mount_point, const char *label)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001741{
Greg Kaiser59ad0182018-02-16 13:01:36 -08001742 unsigned char decrypted_master_key[MAX_KEY_LEN];
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001743 char crypto_blkdev[MAXPATHLEN];
1744 char real_blkdev[MAXPATHLEN];
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001745 char tmp_mount_point[64];
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001746 unsigned int orig_failed_decrypt_count;
1747 int rc;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001748 int use_keymaster = 0;
1749 int upgrade = 0;
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001750 unsigned char* intermediate_key = 0;
1751 size_t intermediate_key_size = 0;
Wei Wang4375f1b2017-02-24 17:43:01 -08001752 int N = 1 << crypt_ftr->N_factor;
1753 int r = 1 << crypt_ftr->r_factor;
1754 int p = 1 << crypt_ftr->p_factor;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001755
Paul Lawrencef4faa572014-01-29 13:31:03 -08001756 SLOGD("crypt_ftr->fs_size = %lld\n", crypt_ftr->fs_size);
1757 orig_failed_decrypt_count = crypt_ftr->failed_decrypt_count;
Ken Sumrall0cc16632011-01-18 20:32:26 -08001758
Paul Lawrencef4faa572014-01-29 13:31:03 -08001759 if (! (crypt_ftr->flags & CRYPT_MNT_KEY_UNENCRYPTED) ) {
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001760 if (decrypt_master_key(passwd, decrypted_master_key, crypt_ftr,
1761 &intermediate_key, &intermediate_key_size)) {
JP Abgrall7bdfa522013-11-15 13:42:56 -08001762 SLOGE("Failed to decrypt master key\n");
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001763 rc = -1;
1764 goto errout;
JP Abgrall7bdfa522013-11-15 13:42:56 -08001765 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001766 }
1767
Paul Crowleye2ee1522017-09-26 14:05:26 -07001768 fs_mgr_get_crypt_info(fstab_default, 0, real_blkdev, sizeof(real_blkdev));
Paul Lawrencef4faa572014-01-29 13:31:03 -08001769
Paul Lawrence74f29f12014-08-28 15:54:10 -07001770 // Create crypto block device - all (non fatal) code paths
1771 // need it
Paul Crowley5afbc622017-11-27 09:42:17 -08001772 if (create_crypto_blk_dev(crypt_ftr, decrypted_master_key, real_blkdev, crypto_blkdev, label, 0)) {
1773 SLOGE("Error creating decrypted block device\n");
1774 rc = -1;
1775 goto errout;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001776 }
1777
Paul Lawrence74f29f12014-08-28 15:54:10 -07001778 /* Work out if the problem is the password or the data */
1779 unsigned char scrypted_intermediate_key[sizeof(crypt_ftr->
1780 scrypted_intermediate_key)];
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001781
Paul Lawrence74f29f12014-08-28 15:54:10 -07001782 rc = crypto_scrypt(intermediate_key, intermediate_key_size,
1783 crypt_ftr->salt, sizeof(crypt_ftr->salt),
1784 N, r, p, scrypted_intermediate_key,
1785 sizeof(scrypted_intermediate_key));
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001786
Paul Lawrence74f29f12014-08-28 15:54:10 -07001787 // Does the key match the crypto footer?
1788 if (rc == 0 && memcmp(scrypted_intermediate_key,
1789 crypt_ftr->scrypted_intermediate_key,
1790 sizeof(scrypted_intermediate_key)) == 0) {
1791 SLOGI("Password matches");
1792 rc = 0;
1793 } else {
1794 /* Try mounting the file system anyway, just in case the problem's with
1795 * the footer, not the key. */
George Burgess IV605d7ae2016-02-29 13:39:17 -08001796 snprintf(tmp_mount_point, sizeof(tmp_mount_point), "%s/tmp_mnt",
1797 mount_point);
Paul Lawrence74f29f12014-08-28 15:54:10 -07001798 mkdir(tmp_mount_point, 0755);
Paul Crowleye2ee1522017-09-26 14:05:26 -07001799 if (fs_mgr_do_mount(fstab_default, DATA_MNT_POINT, crypto_blkdev, tmp_mount_point)) {
Paul Lawrence74f29f12014-08-28 15:54:10 -07001800 SLOGE("Error temp mounting decrypted block device\n");
1801 delete_crypto_blk_dev(label);
1802
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001803 rc = ++crypt_ftr->failed_decrypt_count;
1804 put_crypt_ftr_and_key(crypt_ftr);
Paul Lawrence74f29f12014-08-28 15:54:10 -07001805 } else {
1806 /* Success! */
1807 SLOGI("Password did not match but decrypted drive mounted - continue");
1808 umount(tmp_mount_point);
1809 rc = 0;
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001810 }
Paul Lawrence74f29f12014-08-28 15:54:10 -07001811 }
1812
1813 if (rc == 0) {
1814 crypt_ftr->failed_decrypt_count = 0;
Paul Lawrence72b8b822014-10-05 12:57:37 -07001815 if (orig_failed_decrypt_count != 0) {
1816 put_crypt_ftr_and_key(crypt_ftr);
1817 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001818
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001819 /* Save the name of the crypto block device
Paul Lawrence74f29f12014-08-28 15:54:10 -07001820 * so we can mount it when restarting the framework. */
Ken Sumrall6864b7e2011-01-14 15:20:02 -08001821 property_set("ro.crypto.fs_crypto_blkdev", crypto_blkdev);
Jason parks70a4b3f2011-01-28 10:10:47 -06001822
1823 /* Also save a the master key so we can reencrypted the key
Paul Lawrence74f29f12014-08-28 15:54:10 -07001824 * the key when we want to change the password on it. */
Greg Kaiser59ad0182018-02-16 13:01:36 -08001825 memcpy(saved_master_key, decrypted_master_key, crypt_ftr->keysize);
Ken Sumrall3ad90722011-10-04 20:38:29 -07001826 saved_mount_point = strdup(mount_point);
Jason parks70a4b3f2011-01-28 10:10:47 -06001827 master_key_saved = 1;
JP Abgrall7bdfa522013-11-15 13:42:56 -08001828 SLOGD("%s(): Master key saved\n", __FUNCTION__);
Ken Sumrall6864b7e2011-01-14 15:20:02 -08001829 rc = 0;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001830
Paul Lawrence74f29f12014-08-28 15:54:10 -07001831 // Upgrade if we're not using the latest KDF.
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001832 use_keymaster = keymaster_check_compatibility();
1833 if (crypt_ftr->kdf_type == KDF_SCRYPT_KEYMASTER) {
Shawn Willden47ba10d2014-09-03 17:07:06 -06001834 // Don't allow downgrade
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001835 } else if (use_keymaster == 1 && crypt_ftr->kdf_type != KDF_SCRYPT_KEYMASTER) {
1836 crypt_ftr->kdf_type = KDF_SCRYPT_KEYMASTER;
1837 upgrade = 1;
1838 } else if (use_keymaster == 0 && crypt_ftr->kdf_type != KDF_SCRYPT) {
Paul Lawrencef4faa572014-01-29 13:31:03 -08001839 crypt_ftr->kdf_type = KDF_SCRYPT;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001840 upgrade = 1;
1841 }
1842
1843 if (upgrade) {
Paul Lawrencef4faa572014-01-29 13:31:03 -08001844 rc = encrypt_master_key(passwd, crypt_ftr->salt, saved_master_key,
1845 crypt_ftr->master_key, crypt_ftr);
JP Abgrall7bdfa522013-11-15 13:42:56 -08001846 if (!rc) {
Paul Lawrencef4faa572014-01-29 13:31:03 -08001847 rc = put_crypt_ftr_and_key(crypt_ftr);
JP Abgrall7bdfa522013-11-15 13:42:56 -08001848 }
1849 SLOGD("Key Derivation Function upgrade: rc=%d\n", rc);
Paul Lawrenceb2f682b2014-09-08 11:28:19 -07001850
1851 // Do not fail even if upgrade failed - machine is bootable
1852 // Note that if this code is ever hit, there is a *serious* problem
1853 // since KDFs should never fail. You *must* fix the kdf before
1854 // proceeding!
1855 if (rc) {
1856 SLOGW("Upgrade failed with error %d,"
1857 " but continuing with previous state",
1858 rc);
1859 rc = 0;
1860 }
JP Abgrall7bdfa522013-11-15 13:42:56 -08001861 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001862 }
1863
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001864 errout:
1865 if (intermediate_key) {
1866 memset(intermediate_key, 0, intermediate_key_size);
1867 free(intermediate_key);
1868 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001869 return rc;
1870}
1871
Ken Sumrall29d8da82011-05-18 17:20:07 -07001872/*
Jeff Sharkey9c484982015-03-31 10:35:33 -07001873 * Called by vold when it's asked to mount an encrypted external
1874 * storage volume. The incoming partition has no crypto header/footer,
Greg Kaiser57f9af62018-02-16 13:13:58 -08001875 * as any metadata is been stored in a separate, small partition. We
1876 * assume it must be using our same crypt type and keysize.
Jeff Sharkey9c484982015-03-31 10:35:33 -07001877 *
1878 * out_crypto_blkdev must be MAXPATHLEN.
Ken Sumrall29d8da82011-05-18 17:20:07 -07001879 */
Jeff Sharkey9c484982015-03-31 10:35:33 -07001880int cryptfs_setup_ext_volume(const char* label, const char* real_blkdev,
Greg Kaiser57f9af62018-02-16 13:13:58 -08001881 const unsigned char* key, char* out_crypto_blkdev) {
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07001882 int fd = open(real_blkdev, O_RDONLY|O_CLOEXEC);
Hiroaki Miyazawa14eab552015-02-04 13:29:15 +09001883 if (fd == -1) {
Jeff Sharkey9c484982015-03-31 10:35:33 -07001884 SLOGE("Failed to open %s: %s", real_blkdev, strerror(errno));
Hiroaki Miyazawa14eab552015-02-04 13:29:15 +09001885 return -1;
1886 }
1887
1888 unsigned long nr_sec = 0;
1889 get_blkdev_size(fd, &nr_sec);
Ken Sumrall29d8da82011-05-18 17:20:07 -07001890 close(fd);
Hiroaki Miyazawa14eab552015-02-04 13:29:15 +09001891
Ken Sumrall29d8da82011-05-18 17:20:07 -07001892 if (nr_sec == 0) {
Jeff Sharkey9c484982015-03-31 10:35:33 -07001893 SLOGE("Failed to get size of %s: %s", real_blkdev, strerror(errno));
Ken Sumrall29d8da82011-05-18 17:20:07 -07001894 return -1;
1895 }
1896
Jeff Sharkey9c484982015-03-31 10:35:33 -07001897 struct crypt_mnt_ftr ext_crypt_ftr;
1898 memset(&ext_crypt_ftr, 0, sizeof(ext_crypt_ftr));
1899 ext_crypt_ftr.fs_size = nr_sec;
Greg Kaiser57f9af62018-02-16 13:13:58 -08001900 ext_crypt_ftr.keysize = cryptfs_get_keysize();
1901 strlcpy((char*) ext_crypt_ftr.crypto_type_name, cryptfs_get_crypto_name(),
Jeff Sharkey32ebb732017-03-27 16:18:50 -06001902 MAX_CRYPTO_TYPE_NAME_LEN);
Ken Sumrall29d8da82011-05-18 17:20:07 -07001903
Paul Crowley5afbc622017-11-27 09:42:17 -08001904 return create_crypto_blk_dev(
1905 &ext_crypt_ftr, key, real_blkdev, out_crypto_blkdev, label,
1906 e4crypt_is_native() ? CREATE_CRYPTO_BLK_DEV_FLAGS_ALLOW_ENCRYPT_OVERRIDE : 0);
Jeff Sharkey9c484982015-03-31 10:35:33 -07001907}
Ken Sumrall29d8da82011-05-18 17:20:07 -07001908
Jeff Sharkey9c484982015-03-31 10:35:33 -07001909/*
1910 * Called by vold when it's asked to unmount an encrypted external
1911 * storage volume.
1912 */
1913int cryptfs_revert_ext_volume(const char* label) {
1914 return delete_crypto_blk_dev((char*) label);
Ken Sumrall29d8da82011-05-18 17:20:07 -07001915}
1916
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08001917int cryptfs_crypto_complete(void)
1918{
1919 return do_crypto_complete("/data");
1920}
1921
Paul Lawrencef4faa572014-01-29 13:31:03 -08001922int check_unmounted_and_get_ftr(struct crypt_mnt_ftr* crypt_ftr)
1923{
1924 char encrypted_state[PROPERTY_VALUE_MAX];
1925 property_get("ro.crypto.state", encrypted_state, "");
1926 if ( master_key_saved || strcmp(encrypted_state, "encrypted") ) {
1927 SLOGE("encrypted fs already validated or not running with encryption,"
1928 " aborting");
1929 return -1;
1930 }
1931
1932 if (get_crypt_ftr_and_key(crypt_ftr)) {
1933 SLOGE("Error getting crypt footer and key");
1934 return -1;
1935 }
1936
1937 return 0;
1938}
1939
Wei Wang4375f1b2017-02-24 17:43:01 -08001940int cryptfs_check_passwd(const char *passwd)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001941{
Paul Lawrence05335c32015-03-05 09:46:23 -08001942 SLOGI("cryptfs_check_passwd");
Paul Crowley38132a12016-02-09 09:50:32 +00001943 if (e4crypt_is_native()) {
Paul Lawrence7b6b5652016-02-02 11:14:59 -08001944 SLOGE("cryptfs_check_passwd not valid for file encryption");
1945 return -1;
Paul Lawrence05335c32015-03-05 09:46:23 -08001946 }
1947
Paul Lawrencef4faa572014-01-29 13:31:03 -08001948 struct crypt_mnt_ftr crypt_ftr;
1949 int rc;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001950
Paul Lawrencef4faa572014-01-29 13:31:03 -08001951 rc = check_unmounted_and_get_ftr(&crypt_ftr);
Paul Lawrence3d99eba2015-11-20 07:07:19 -08001952 if (rc) {
1953 SLOGE("Could not get footer");
Paul Lawrencef4faa572014-01-29 13:31:03 -08001954 return rc;
Paul Lawrence3d99eba2015-11-20 07:07:19 -08001955 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001956
Paul Lawrence3bd36d52015-06-09 13:37:44 -07001957 rc = test_mount_encrypted_fs(&crypt_ftr, passwd,
Paul Lawrence3d99eba2015-11-20 07:07:19 -08001958 DATA_MNT_POINT, CRYPTO_BLOCK_DEVICE);
1959 if (rc) {
1960 SLOGE("Password did not match");
1961 return rc;
1962 }
Paul Lawrence684dbdf2014-02-07 12:07:22 -08001963
Paul Lawrence3d99eba2015-11-20 07:07:19 -08001964 if (crypt_ftr.flags & CRYPT_FORCE_COMPLETE) {
1965 // Here we have a default actual password but a real password
1966 // we must test against the scrypted value
1967 // First, we must delete the crypto block device that
1968 // test_mount_encrypted_fs leaves behind as a side effect
1969 delete_crypto_blk_dev(CRYPTO_BLOCK_DEVICE);
1970 rc = test_mount_encrypted_fs(&crypt_ftr, DEFAULT_PASSWORD,
1971 DATA_MNT_POINT, CRYPTO_BLOCK_DEVICE);
1972 if (rc) {
1973 SLOGE("Default password did not match on reboot encryption");
1974 return rc;
1975 }
1976
1977 crypt_ftr.flags &= ~CRYPT_FORCE_COMPLETE;
1978 put_crypt_ftr_and_key(&crypt_ftr);
1979 rc = cryptfs_changepw(crypt_ftr.crypt_type, passwd);
1980 if (rc) {
1981 SLOGE("Could not change password on reboot encryption");
1982 return rc;
1983 }
1984 }
1985
1986 if (crypt_ftr.crypt_type != CRYPT_TYPE_DEFAULT) {
Paul Lawrence399317e2014-03-10 13:20:50 -07001987 cryptfs_clear_password();
1988 password = strdup(passwd);
1989 struct timespec now;
1990 clock_gettime(CLOCK_BOOTTIME, &now);
1991 password_expiry_time = now.tv_sec + password_max_age_seconds;
Paul Lawrence684dbdf2014-02-07 12:07:22 -08001992 }
1993
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001994 return rc;
1995}
1996
Jeff Sharkey83b559c2017-09-12 16:30:52 -06001997int cryptfs_verify_passwd(const char *passwd)
Ken Sumrall3ad90722011-10-04 20:38:29 -07001998{
1999 struct crypt_mnt_ftr crypt_ftr;
Greg Kaiser59ad0182018-02-16 13:01:36 -08002000 unsigned char decrypted_master_key[MAX_KEY_LEN];
Ken Sumrall3ad90722011-10-04 20:38:29 -07002001 char encrypted_state[PROPERTY_VALUE_MAX];
2002 int rc;
2003
2004 property_get("ro.crypto.state", encrypted_state, "");
2005 if (strcmp(encrypted_state, "encrypted") ) {
2006 SLOGE("device not encrypted, aborting");
2007 return -2;
2008 }
2009
2010 if (!master_key_saved) {
2011 SLOGE("encrypted fs not yet mounted, aborting");
2012 return -1;
2013 }
2014
2015 if (!saved_mount_point) {
2016 SLOGE("encrypted fs failed to save mount point, aborting");
2017 return -1;
2018 }
2019
Ken Sumrall160b4d62013-04-22 12:15:39 -07002020 if (get_crypt_ftr_and_key(&crypt_ftr)) {
Ken Sumrall3ad90722011-10-04 20:38:29 -07002021 SLOGE("Error getting crypt footer and key\n");
2022 return -1;
2023 }
2024
2025 if (crypt_ftr.flags & CRYPT_MNT_KEY_UNENCRYPTED) {
2026 /* If the device has no password, then just say the password is valid */
2027 rc = 0;
2028 } else {
Paul Lawrenced0c7b172014-08-08 14:28:10 -07002029 decrypt_master_key(passwd, decrypted_master_key, &crypt_ftr, 0, 0);
Ken Sumrall3ad90722011-10-04 20:38:29 -07002030 if (!memcmp(decrypted_master_key, saved_master_key, crypt_ftr.keysize)) {
2031 /* They match, the password is correct */
2032 rc = 0;
2033 } else {
2034 /* If incorrect, sleep for a bit to prevent dictionary attacks */
2035 sleep(1);
2036 rc = 1;
2037 }
2038 }
2039
2040 return rc;
2041}
2042
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002043/* Initialize a crypt_mnt_ftr structure. The keysize is
Greg Kaiser57f9af62018-02-16 13:13:58 -08002044 * defaulted to cryptfs_get_keysize() bytes, and the filesystem size to 0.
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002045 * Presumably, at a minimum, the caller will update the
2046 * filesystem size and crypto_type_name after calling this function.
2047 */
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07002048static int cryptfs_init_crypt_mnt_ftr(struct crypt_mnt_ftr *ftr)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002049{
Ken Sumrall160b4d62013-04-22 12:15:39 -07002050 off64_t off;
2051
2052 memset(ftr, 0, sizeof(struct crypt_mnt_ftr));
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002053 ftr->magic = CRYPT_MNT_MAGIC;
Kenny Rootc96a5f82013-06-14 12:08:28 -07002054 ftr->major_version = CURRENT_MAJOR_VERSION;
2055 ftr->minor_version = CURRENT_MINOR_VERSION;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002056 ftr->ftr_size = sizeof(struct crypt_mnt_ftr);
Greg Kaiser57f9af62018-02-16 13:13:58 -08002057 ftr->keysize = cryptfs_get_keysize();
Ken Sumrall160b4d62013-04-22 12:15:39 -07002058
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07002059 switch (keymaster_check_compatibility()) {
2060 case 1:
2061 ftr->kdf_type = KDF_SCRYPT_KEYMASTER;
2062 break;
2063
2064 case 0:
2065 ftr->kdf_type = KDF_SCRYPT;
2066 break;
2067
2068 default:
2069 SLOGE("keymaster_check_compatibility failed");
2070 return -1;
2071 }
2072
Kenny Rootc4c70f12013-06-14 12:11:38 -07002073 get_device_scrypt_params(ftr);
2074
Ken Sumrall160b4d62013-04-22 12:15:39 -07002075 ftr->persist_data_size = CRYPT_PERSIST_DATA_SIZE;
2076 if (get_crypt_ftr_info(NULL, &off) == 0) {
2077 ftr->persist_data_offset[0] = off + CRYPT_FOOTER_TO_PERSIST_OFFSET;
2078 ftr->persist_data_offset[1] = off + CRYPT_FOOTER_TO_PERSIST_OFFSET +
2079 ftr->persist_data_size;
2080 }
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07002081
2082 return 0;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002083}
2084
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002085#define FRAMEWORK_BOOT_WAIT 60
2086
Paul Lawrence87999172014-02-20 12:21:31 -08002087static int cryptfs_SHA256_fileblock(const char* filename, __le8* buf)
2088{
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07002089 int fd = open(filename, O_RDONLY|O_CLOEXEC);
Paul Lawrence87999172014-02-20 12:21:31 -08002090 if (fd == -1) {
2091 SLOGE("Error opening file %s", filename);
2092 return -1;
2093 }
2094
2095 char block[CRYPT_INPLACE_BUFSIZE];
2096 memset(block, 0, sizeof(block));
2097 if (unix_read(fd, block, sizeof(block)) < 0) {
2098 SLOGE("Error reading file %s", filename);
2099 close(fd);
2100 return -1;
2101 }
2102
2103 close(fd);
2104
2105 SHA256_CTX c;
2106 SHA256_Init(&c);
2107 SHA256_Update(&c, block, sizeof(block));
2108 SHA256_Final(buf, &c);
2109
2110 return 0;
2111}
2112
Paul Lawrence7ee87cf2017-12-22 10:12:06 -08002113static int cryptfs_enable_all_volumes(struct crypt_mnt_ftr* crypt_ftr, char* crypto_blkdev,
2114 char* real_blkdev, int previously_encrypted_upto) {
Paul Lawrence87999172014-02-20 12:21:31 -08002115 off64_t cur_encryption_done=0, tot_encryption_size=0;
Tim Murray8439dc92014-12-15 11:56:11 -08002116 int rc = -1;
Paul Lawrence87999172014-02-20 12:21:31 -08002117
Paul Lawrence87999172014-02-20 12:21:31 -08002118 /* The size of the userdata partition, and add in the vold volumes below */
2119 tot_encryption_size = crypt_ftr->fs_size;
2120
Paul Lawrence7ee87cf2017-12-22 10:12:06 -08002121 rc = cryptfs_enable_inplace(crypto_blkdev, real_blkdev, crypt_ftr->fs_size, &cur_encryption_done,
Paul Crowley0fd26262018-01-30 09:48:19 -08002122 tot_encryption_size, previously_encrypted_upto, true);
Paul Lawrence87999172014-02-20 12:21:31 -08002123
Paul Lawrence7ee87cf2017-12-22 10:12:06 -08002124 if (rc == ENABLE_INPLACE_ERR_DEV) {
2125 /* Hack for b/17898962 */
2126 SLOGE("cryptfs_enable: crypto block dev failure. Must reboot...\n");
2127 cryptfs_reboot(RebootType::reboot);
2128 }
JP Abgrall7fc1de82014-10-10 18:43:41 -07002129
Paul Lawrence7ee87cf2017-12-22 10:12:06 -08002130 if (!rc) {
2131 crypt_ftr->encrypted_upto = cur_encryption_done;
2132 }
Paul Lawrence87999172014-02-20 12:21:31 -08002133
Paul Lawrence7ee87cf2017-12-22 10:12:06 -08002134 if (!rc && crypt_ftr->encrypted_upto == crypt_ftr->fs_size) {
2135 /* The inplace routine never actually sets the progress to 100% due
2136 * to the round down nature of integer division, so set it here */
2137 property_set("vold.encrypt_progress", "100");
Paul Lawrence87999172014-02-20 12:21:31 -08002138 }
2139
2140 return rc;
2141}
2142
Paul Crowleyb64933a2017-10-31 08:25:55 -07002143static int vold_unmountAll(void) {
2144 VolumeManager* vm = VolumeManager::Instance();
2145 return vm->unmountAll();
2146}
2147
Paul Lawrence7ee87cf2017-12-22 10:12:06 -08002148int cryptfs_enable_internal(int crypt_type, const char* passwd, int no_ui) {
Paul Lawrence87999172014-02-20 12:21:31 -08002149 char crypto_blkdev[MAXPATHLEN], real_blkdev[MAXPATHLEN];
Greg Kaiser59ad0182018-02-16 13:01:36 -08002150 unsigned char decrypted_master_key[MAX_KEY_LEN];
Hiroaki Miyazawa14eab552015-02-04 13:29:15 +09002151 int rc=-1, i;
Paul Lawrence87999172014-02-20 12:21:31 -08002152 struct crypt_mnt_ftr crypt_ftr;
Ken Sumrall160b4d62013-04-22 12:15:39 -07002153 struct crypt_persist_data *pdata;
Ken Sumrall29d8da82011-05-18 17:20:07 -07002154 char encrypted_state[PROPERTY_VALUE_MAX];
Ken Sumrall5d4c68e2011-01-30 19:06:03 -08002155 char lockid[32] = { 0 };
Ken Sumrall29d8da82011-05-18 17:20:07 -07002156 char key_loc[PROPERTY_VALUE_MAX];
Ken Sumrall29d8da82011-05-18 17:20:07 -07002157 int num_vols;
Paul Lawrence87999172014-02-20 12:21:31 -08002158 off64_t previously_encrypted_upto = 0;
Paul Lawrence3d99eba2015-11-20 07:07:19 -08002159 bool rebootEncryption = false;
Wei Wang4375f1b2017-02-24 17:43:01 -08002160 bool onlyCreateHeader = false;
2161 int fd = -1;
Ken Sumrall29d8da82011-05-18 17:20:07 -07002162
Paul Lawrence7ee87cf2017-12-22 10:12:06 -08002163 if (get_crypt_ftr_and_key(&crypt_ftr) == 0) {
Paul Lawrence3d99eba2015-11-20 07:07:19 -08002164 if (crypt_ftr.flags & CRYPT_ENCRYPTION_IN_PROGRESS) {
2165 /* An encryption was underway and was interrupted */
2166 previously_encrypted_upto = crypt_ftr.encrypted_upto;
2167 crypt_ftr.encrypted_upto = 0;
2168 crypt_ftr.flags &= ~CRYPT_ENCRYPTION_IN_PROGRESS;
Paul Lawrence6bfed202014-07-28 12:47:22 -07002169
Paul Lawrence3d99eba2015-11-20 07:07:19 -08002170 /* At this point, we are in an inconsistent state. Until we successfully
2171 complete encryption, a reboot will leave us broken. So mark the
2172 encryption failed in case that happens.
2173 On successfully completing encryption, remove this flag */
2174 crypt_ftr.flags |= CRYPT_INCONSISTENT_STATE;
Paul Lawrence6bfed202014-07-28 12:47:22 -07002175
Paul Lawrence3d99eba2015-11-20 07:07:19 -08002176 put_crypt_ftr_and_key(&crypt_ftr);
2177 } else if (crypt_ftr.flags & CRYPT_FORCE_ENCRYPTION) {
2178 if (!check_ftr_sha(&crypt_ftr)) {
2179 memset(&crypt_ftr, 0, sizeof(crypt_ftr));
2180 put_crypt_ftr_and_key(&crypt_ftr);
2181 goto error_unencrypted;
2182 }
2183
2184 /* Doing a reboot-encryption*/
2185 crypt_ftr.flags &= ~CRYPT_FORCE_ENCRYPTION;
2186 crypt_ftr.flags |= CRYPT_FORCE_COMPLETE;
2187 rebootEncryption = true;
2188 }
Greg Kaiser59ad0182018-02-16 13:01:36 -08002189 } else {
2190 // We don't want to accidentally reference invalid data.
2191 memset(&crypt_ftr, 0, sizeof(crypt_ftr));
Paul Lawrence87999172014-02-20 12:21:31 -08002192 }
2193
2194 property_get("ro.crypto.state", encrypted_state, "");
2195 if (!strcmp(encrypted_state, "encrypted") && !previously_encrypted_upto) {
2196 SLOGE("Device is already running encrypted, aborting");
2197 goto error_unencrypted;
2198 }
2199
2200 // TODO refactor fs_mgr_get_crypt_info to get both in one call
Paul Crowleye2ee1522017-09-26 14:05:26 -07002201 fs_mgr_get_crypt_info(fstab_default, key_loc, 0, sizeof(key_loc));
2202 fs_mgr_get_crypt_info(fstab_default, 0, real_blkdev, sizeof(real_blkdev));
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002203
Ken Sumrall3ed82362011-01-28 23:31:16 -08002204 /* Get the size of the real block device */
Wei Wang4375f1b2017-02-24 17:43:01 -08002205 fd = open(real_blkdev, O_RDONLY|O_CLOEXEC);
Hiroaki Miyazawa14eab552015-02-04 13:29:15 +09002206 if (fd == -1) {
2207 SLOGE("Cannot open block device %s\n", real_blkdev);
2208 goto error_unencrypted;
2209 }
2210 unsigned long nr_sec;
2211 get_blkdev_size(fd, &nr_sec);
2212 if (nr_sec == 0) {
Ken Sumrall3ed82362011-01-28 23:31:16 -08002213 SLOGE("Cannot get size of block device %s\n", real_blkdev);
2214 goto error_unencrypted;
2215 }
2216 close(fd);
2217
2218 /* If doing inplace encryption, make sure the orig fs doesn't include the crypto footer */
Paul Lawrence7ee87cf2017-12-22 10:12:06 -08002219 if (!strcmp(key_loc, KEY_IN_FOOTER)) {
Ken Sumrall3ed82362011-01-28 23:31:16 -08002220 unsigned int fs_size_sec, max_fs_size_sec;
Jim Millera70abc62014-08-15 02:00:45 +00002221 fs_size_sec = get_fs_size(real_blkdev);
Daniel Rosenberge82df162014-08-15 22:19:23 +00002222 if (fs_size_sec == 0)
2223 fs_size_sec = get_f2fs_filesystem_size_sec(real_blkdev);
2224
Paul Lawrence87999172014-02-20 12:21:31 -08002225 max_fs_size_sec = nr_sec - (CRYPT_FOOTER_OFFSET / CRYPT_SECTOR_SIZE);
Ken Sumrall3ed82362011-01-28 23:31:16 -08002226
2227 if (fs_size_sec > max_fs_size_sec) {
2228 SLOGE("Orig filesystem overlaps crypto footer region. Cannot encrypt in place.");
2229 goto error_unencrypted;
2230 }
2231 }
2232
Ken Sumrall5d4c68e2011-01-30 19:06:03 -08002233 /* Get a wakelock as this may take a while, and we don't want the
2234 * device to sleep on us. We'll grab a partial wakelock, and if the UI
2235 * wants to keep the screen on, it can grab a full wakelock.
2236 */
Ken Sumrall29d8da82011-05-18 17:20:07 -07002237 snprintf(lockid, sizeof(lockid), "enablecrypto%d", (int) getpid());
Ken Sumrall5d4c68e2011-01-30 19:06:03 -08002238 acquire_wake_lock(PARTIAL_WAKE_LOCK, lockid);
2239
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002240 /* The init files are setup to stop the class main and late start when
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002241 * vold sets trigger_shutdown_framework.
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002242 */
2243 property_set("vold.decrypt", "trigger_shutdown_framework");
2244 SLOGD("Just asked init to shut down class main\n");
2245
Jeff Sharkey9c484982015-03-31 10:35:33 -07002246 /* Ask vold to unmount all devices that it manages */
2247 if (vold_unmountAll()) {
2248 SLOGE("Failed to unmount all vold managed devices");
Ken Sumrall2eaf7132011-01-14 12:45:48 -08002249 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002250
Paul Lawrence3d99eba2015-11-20 07:07:19 -08002251 /* no_ui means we are being called from init, not settings.
2252 Now we always reboot from settings, so !no_ui means reboot
2253 */
Paul Lawrence3d99eba2015-11-20 07:07:19 -08002254 if (!no_ui) {
2255 /* Try fallback, which is to reboot and try there */
2256 onlyCreateHeader = true;
2257 FILE* breadcrumb = fopen(BREADCRUMB_FILE, "we");
2258 if (breadcrumb == 0) {
2259 SLOGE("Failed to create breadcrumb file");
2260 goto error_shutting_down;
2261 }
2262 fclose(breadcrumb);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002263 }
2264
2265 /* Do extra work for a better UX when doing the long inplace encryption */
Paul Lawrence7ee87cf2017-12-22 10:12:06 -08002266 if (!onlyCreateHeader) {
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002267 /* Now that /data is unmounted, we need to mount a tmpfs
2268 * /data, set a property saying we're doing inplace encryption,
2269 * and restart the framework.
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002270 */
Ken Sumralle5032c42012-04-01 23:58:44 -07002271 if (fs_mgr_do_tmpfs_mount(DATA_MNT_POINT)) {
Ken Sumrall3ed82362011-01-28 23:31:16 -08002272 goto error_shutting_down;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002273 }
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002274 /* Tells the framework that inplace encryption is starting */
Ken Sumrall7df84122011-01-18 14:04:08 -08002275 property_set("vold.encrypt_progress", "0");
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002276
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002277 /* restart the framework. */
2278 /* Create necessary paths on /data */
Wei Wang42e38102017-06-07 10:46:12 -07002279 prep_data_fs();
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002280
Ken Sumrall92736ef2012-10-17 20:57:14 -07002281 /* Ugh, shutting down the framework is not synchronous, so until it
2282 * can be fixed, this horrible hack will wait a moment for it all to
2283 * shut down before proceeding. Without it, some devices cannot
2284 * restart the graphics services.
2285 */
2286 sleep(2);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002287 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002288
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002289 /* Start the actual work of making an encrypted filesystem */
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002290 /* Initialize a crypt_mnt_ftr for the partition */
Paul Lawrence3d99eba2015-11-20 07:07:19 -08002291 if (previously_encrypted_upto == 0 && !rebootEncryption) {
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07002292 if (cryptfs_init_crypt_mnt_ftr(&crypt_ftr)) {
2293 goto error_shutting_down;
2294 }
Ken Sumrall160b4d62013-04-22 12:15:39 -07002295
Paul Lawrence87999172014-02-20 12:21:31 -08002296 if (!strcmp(key_loc, KEY_IN_FOOTER)) {
2297 crypt_ftr.fs_size = nr_sec
2298 - (CRYPT_FOOTER_OFFSET / CRYPT_SECTOR_SIZE);
2299 } else {
2300 crypt_ftr.fs_size = nr_sec;
2301 }
Paul Lawrence6bfed202014-07-28 12:47:22 -07002302 /* At this point, we are in an inconsistent state. Until we successfully
2303 complete encryption, a reboot will leave us broken. So mark the
2304 encryption failed in case that happens.
2305 On successfully completing encryption, remove this flag */
Paul Lawrence3d99eba2015-11-20 07:07:19 -08002306 if (onlyCreateHeader) {
2307 crypt_ftr.flags |= CRYPT_FORCE_ENCRYPTION;
2308 } else {
2309 crypt_ftr.flags |= CRYPT_INCONSISTENT_STATE;
2310 }
Paul Lawrence87999172014-02-20 12:21:31 -08002311 crypt_ftr.crypt_type = crypt_type;
Greg Kaiser57f9af62018-02-16 13:13:58 -08002312 strlcpy((char *)crypt_ftr.crypto_type_name, cryptfs_get_crypto_name(), MAX_CRYPTO_TYPE_NAME_LEN);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002313
Paul Lawrence87999172014-02-20 12:21:31 -08002314 /* Make an encrypted master key */
Paul Lawrence3d99eba2015-11-20 07:07:19 -08002315 if (create_encrypted_random_key(onlyCreateHeader ? DEFAULT_PASSWORD : passwd,
2316 crypt_ftr.master_key, crypt_ftr.salt, &crypt_ftr)) {
Paul Lawrence87999172014-02-20 12:21:31 -08002317 SLOGE("Cannot create encrypted master key\n");
2318 goto error_shutting_down;
2319 }
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002320
Paul Lawrence3d99eba2015-11-20 07:07:19 -08002321 /* Replace scrypted intermediate key if we are preparing for a reboot */
2322 if (onlyCreateHeader) {
Greg Kaiser59ad0182018-02-16 13:01:36 -08002323 unsigned char fake_master_key[MAX_KEY_LEN];
2324 unsigned char encrypted_fake_master_key[MAX_KEY_LEN];
Paul Lawrence3d99eba2015-11-20 07:07:19 -08002325 memset(fake_master_key, 0, sizeof(fake_master_key));
2326 encrypt_master_key(passwd, crypt_ftr.salt, fake_master_key,
2327 encrypted_fake_master_key, &crypt_ftr);
2328 }
2329
Paul Lawrence87999172014-02-20 12:21:31 -08002330 /* Write the key to the end of the partition */
2331 put_crypt_ftr_and_key(&crypt_ftr);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002332
Paul Lawrence87999172014-02-20 12:21:31 -08002333 /* If any persistent data has been remembered, save it.
2334 * If none, create a valid empty table and save that.
2335 */
2336 if (!persist_data) {
Wei Wang4375f1b2017-02-24 17:43:01 -08002337 pdata = (crypt_persist_data *)malloc(CRYPT_PERSIST_DATA_SIZE);
Paul Lawrence87999172014-02-20 12:21:31 -08002338 if (pdata) {
2339 init_empty_persist_data(pdata, CRYPT_PERSIST_DATA_SIZE);
2340 persist_data = pdata;
2341 }
2342 }
2343 if (persist_data) {
2344 save_persistent_data();
2345 }
Ken Sumrall160b4d62013-04-22 12:15:39 -07002346 }
2347
Paul Lawrence3d99eba2015-11-20 07:07:19 -08002348 if (onlyCreateHeader) {
2349 sleep(2);
Josh Gaofec44372017-08-28 13:22:55 -07002350 cryptfs_reboot(RebootType::reboot);
Paul Lawrence3d99eba2015-11-20 07:07:19 -08002351 }
2352
Paul Lawrence7ee87cf2017-12-22 10:12:06 -08002353 if (!no_ui || rebootEncryption) {
Ajay Dudani87701e22014-09-17 21:02:52 -07002354 /* startup service classes main and late_start */
2355 property_set("vold.decrypt", "trigger_restart_min_framework");
2356 SLOGD("Just triggered restart_min_framework\n");
2357
2358 /* OK, the framework is restarted and will soon be showing a
2359 * progress bar. Time to setup an encrypted mapping, and
2360 * either write a new filesystem, or encrypt in place updating
2361 * the progress bar as we work.
2362 */
2363 }
2364
Paul Lawrenced0c7b172014-08-08 14:28:10 -07002365 decrypt_master_key(passwd, decrypted_master_key, &crypt_ftr, 0, 0);
Ken Sumrall29d8da82011-05-18 17:20:07 -07002366 create_crypto_blk_dev(&crypt_ftr, decrypted_master_key, real_blkdev, crypto_blkdev,
Paul Crowley5afbc622017-11-27 09:42:17 -08002367 CRYPTO_BLOCK_DEVICE, 0);
Ken Sumrall29d8da82011-05-18 17:20:07 -07002368
Paul Lawrence87999172014-02-20 12:21:31 -08002369 /* If we are continuing, check checksums match */
2370 rc = 0;
2371 if (previously_encrypted_upto) {
2372 __le8 hash_first_block[SHA256_DIGEST_LENGTH];
2373 rc = cryptfs_SHA256_fileblock(crypto_blkdev, hash_first_block);
Ken Sumrall128626f2011-06-28 18:45:14 -07002374
Paul Lawrence87999172014-02-20 12:21:31 -08002375 if (!rc && memcmp(hash_first_block, crypt_ftr.hash_first_block,
2376 sizeof(hash_first_block)) != 0) {
2377 SLOGE("Checksums do not match - trigger wipe");
2378 rc = -1;
Ken Sumrall29d8da82011-05-18 17:20:07 -07002379 }
2380 }
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002381
Paul Lawrence87999172014-02-20 12:21:31 -08002382 if (!rc) {
Paul Lawrence7ee87cf2017-12-22 10:12:06 -08002383 rc = cryptfs_enable_all_volumes(&crypt_ftr, crypto_blkdev, real_blkdev,
Paul Lawrence87999172014-02-20 12:21:31 -08002384 previously_encrypted_upto);
2385 }
2386
2387 /* Calculate checksum if we are not finished */
Paul Lawrence7ee87cf2017-12-22 10:12:06 -08002388 if (!rc && crypt_ftr.encrypted_upto != crypt_ftr.fs_size) {
Paul Lawrence87999172014-02-20 12:21:31 -08002389 rc = cryptfs_SHA256_fileblock(crypto_blkdev,
2390 crypt_ftr.hash_first_block);
Paul Lawrence73d7a022014-06-09 14:10:09 -07002391 if (rc) {
Paul Lawrence87999172014-02-20 12:21:31 -08002392 SLOGE("Error calculating checksum for continuing encryption");
2393 rc = -1;
Ken Sumrall29d8da82011-05-18 17:20:07 -07002394 }
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002395 }
2396
2397 /* Undo the dm-crypt mapping whether we succeed or not */
Paul Lawrence3d99eba2015-11-20 07:07:19 -08002398 delete_crypto_blk_dev(CRYPTO_BLOCK_DEVICE);
Ken Sumrall29d8da82011-05-18 17:20:07 -07002399
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002400 if (! rc) {
2401 /* Success */
Paul Lawrence6bfed202014-07-28 12:47:22 -07002402 crypt_ftr.flags &= ~CRYPT_INCONSISTENT_STATE;
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08002403
Paul Lawrence7ee87cf2017-12-22 10:12:06 -08002404 if (crypt_ftr.encrypted_upto != crypt_ftr.fs_size) {
Paul Lawrence87999172014-02-20 12:21:31 -08002405 SLOGD("Encrypted up to sector %lld - will continue after reboot",
2406 crypt_ftr.encrypted_upto);
Paul Lawrence6bfed202014-07-28 12:47:22 -07002407 crypt_ftr.flags |= CRYPT_ENCRYPTION_IN_PROGRESS;
Paul Lawrence87999172014-02-20 12:21:31 -08002408 }
Paul Lawrence73d7a022014-06-09 14:10:09 -07002409
Paul Lawrence6bfed202014-07-28 12:47:22 -07002410 put_crypt_ftr_and_key(&crypt_ftr);
Ken Sumralld33d4172011-02-01 00:49:13 -08002411
Paul Lawrence7ee87cf2017-12-22 10:12:06 -08002412 if (crypt_ftr.encrypted_upto == crypt_ftr.fs_size) {
2413 char value[PROPERTY_VALUE_MAX];
2414 property_get("ro.crypto.state", value, "");
2415 if (!strcmp(value, "")) {
2416 /* default encryption - continue first boot sequence */
2417 property_set("ro.crypto.state", "encrypted");
2418 property_set("ro.crypto.type", "block");
2419 release_wake_lock(lockid);
2420 if (rebootEncryption && crypt_ftr.crypt_type != CRYPT_TYPE_DEFAULT) {
2421 // Bring up cryptkeeper that will check the password and set it
2422 property_set("vold.decrypt", "trigger_shutdown_framework");
2423 sleep(2);
2424 property_set("vold.encrypt_progress", "");
2425 cryptfs_trigger_restart_min_framework();
2426 } else {
2427 cryptfs_check_passwd(DEFAULT_PASSWORD);
2428 cryptfs_restart_internal(1);
2429 }
2430 return 0;
Paul Lawrence3d99eba2015-11-20 07:07:19 -08002431 } else {
Paul Lawrence7ee87cf2017-12-22 10:12:06 -08002432 sleep(2); /* Give the UI a chance to show 100% progress */
2433 cryptfs_reboot(RebootType::reboot);
Paul Lawrence3d99eba2015-11-20 07:07:19 -08002434 }
Paul Lawrence87999172014-02-20 12:21:31 -08002435 } else {
Paul Lawrenceb6672e12014-08-15 07:37:28 -07002436 sleep(2); /* Partially encrypted, ensure writes flushed to ssd */
Josh Gaofec44372017-08-28 13:22:55 -07002437 cryptfs_reboot(RebootType::shutdown);
Paul Lawrence87999172014-02-20 12:21:31 -08002438 }
Ken Sumrall3ed82362011-01-28 23:31:16 -08002439 } else {
Mike Lockwoodee6d8c42012-02-15 13:43:28 -08002440 char value[PROPERTY_VALUE_MAX];
2441
Ken Sumrall319369a2012-06-27 16:30:18 -07002442 property_get("ro.vold.wipe_on_crypt_fail", value, "0");
Mike Lockwoodee6d8c42012-02-15 13:43:28 -08002443 if (!strcmp(value, "1")) {
2444 /* wipe data if encryption failed */
2445 SLOGE("encryption failed - rebooting into recovery to wipe data\n");
Wei Wang4375f1b2017-02-24 17:43:01 -08002446 std::string err;
2447 const std::vector<std::string> options = {
2448 "--wipe_data\n--reason=cryptfs_enable_internal\n"
2449 };
2450 if (!write_bootloader_message(options, &err)) {
2451 SLOGE("could not write bootloader message: %s", err.c_str());
Mike Lockwoodee6d8c42012-02-15 13:43:28 -08002452 }
Josh Gaofec44372017-08-28 13:22:55 -07002453 cryptfs_reboot(RebootType::recovery);
Mike Lockwoodee6d8c42012-02-15 13:43:28 -08002454 } else {
2455 /* set property to trigger dialog */
2456 property_set("vold.encrypt_progress", "error_partially_encrypted");
2457 release_wake_lock(lockid);
2458 }
Ken Sumrall3ed82362011-01-28 23:31:16 -08002459 return -1;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002460 }
2461
Ken Sumrall3ed82362011-01-28 23:31:16 -08002462 /* hrm, the encrypt step claims success, but the reboot failed.
2463 * This should not happen.
2464 * Set the property and return. Hope the framework can deal with it.
2465 */
2466 property_set("vold.encrypt_progress", "error_reboot_failed");
Ken Sumrall5d4c68e2011-01-30 19:06:03 -08002467 release_wake_lock(lockid);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002468 return rc;
Ken Sumrall3ed82362011-01-28 23:31:16 -08002469
2470error_unencrypted:
2471 property_set("vold.encrypt_progress", "error_not_encrypted");
Ken Sumrall5d4c68e2011-01-30 19:06:03 -08002472 if (lockid[0]) {
2473 release_wake_lock(lockid);
2474 }
Ken Sumrall3ed82362011-01-28 23:31:16 -08002475 return -1;
2476
2477error_shutting_down:
2478 /* we failed, and have not encrypted anthing, so the users's data is still intact,
2479 * but the framework is stopped and not restarted to show the error, so it's up to
2480 * vold to restart the system.
2481 */
2482 SLOGE("Error enabling encryption after framework is shutdown, no data changed, restarting system");
Josh Gaofec44372017-08-28 13:22:55 -07002483 cryptfs_reboot(RebootType::reboot);
Ken Sumrall3ed82362011-01-28 23:31:16 -08002484
2485 /* shouldn't get here */
2486 property_set("vold.encrypt_progress", "error_shutting_down");
Ken Sumrall5d4c68e2011-01-30 19:06:03 -08002487 if (lockid[0]) {
2488 release_wake_lock(lockid);
2489 }
Ken Sumrall3ed82362011-01-28 23:31:16 -08002490 return -1;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002491}
2492
Paul Lawrence7ee87cf2017-12-22 10:12:06 -08002493int cryptfs_enable(int type, const char* passwd, int no_ui) {
2494 return cryptfs_enable_internal(type, passwd, no_ui);
Paul Lawrence13486032014-02-03 13:28:11 -08002495}
2496
Paul Lawrence7ee87cf2017-12-22 10:12:06 -08002497int cryptfs_enable_default(int no_ui) {
2498 return cryptfs_enable_internal(CRYPT_TYPE_DEFAULT, DEFAULT_PASSWORD, no_ui);
Paul Lawrence13486032014-02-03 13:28:11 -08002499}
2500
2501int cryptfs_changepw(int crypt_type, const char *newpw)
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002502{
Paul Crowley38132a12016-02-09 09:50:32 +00002503 if (e4crypt_is_native()) {
Paul Lawrence7b6b5652016-02-02 11:14:59 -08002504 SLOGE("cryptfs_changepw not valid for file encryption");
2505 return -1;
Paul Lawrence05335c32015-03-05 09:46:23 -08002506 }
2507
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002508 struct crypt_mnt_ftr crypt_ftr;
JP Abgrall933216c2015-02-11 13:44:32 -08002509 int rc;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002510
2511 /* This is only allowed after we've successfully decrypted the master key */
Paul Lawrencef4faa572014-01-29 13:31:03 -08002512 if (!master_key_saved) {
Ken Sumrall0cc16632011-01-18 20:32:26 -08002513 SLOGE("Key not saved, aborting");
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002514 return -1;
2515 }
2516
Paul Lawrencef4faa572014-01-29 13:31:03 -08002517 if (crypt_type < 0 || crypt_type > CRYPT_TYPE_MAX_TYPE) {
2518 SLOGE("Invalid crypt_type %d", crypt_type);
2519 return -1;
2520 }
2521
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002522 /* get key */
Ken Sumrall160b4d62013-04-22 12:15:39 -07002523 if (get_crypt_ftr_and_key(&crypt_ftr)) {
Paul Lawrencef4faa572014-01-29 13:31:03 -08002524 SLOGE("Error getting crypt footer and key");
2525 return -1;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002526 }
2527
Paul Lawrencef4faa572014-01-29 13:31:03 -08002528 crypt_ftr.crypt_type = crypt_type;
2529
JP Abgrall933216c2015-02-11 13:44:32 -08002530 rc = encrypt_master_key(crypt_type == CRYPT_TYPE_DEFAULT ? DEFAULT_PASSWORD
Paul Lawrencef4faa572014-01-29 13:31:03 -08002531 : newpw,
2532 crypt_ftr.salt,
2533 saved_master_key,
2534 crypt_ftr.master_key,
2535 &crypt_ftr);
JP Abgrall933216c2015-02-11 13:44:32 -08002536 if (rc) {
2537 SLOGE("Encrypt master key failed: %d", rc);
2538 return -1;
2539 }
Jason parks70a4b3f2011-01-28 10:10:47 -06002540 /* save the key */
Ken Sumrall160b4d62013-04-22 12:15:39 -07002541 put_crypt_ftr_and_key(&crypt_ftr);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002542
2543 return 0;
2544}
Ken Sumrall160b4d62013-04-22 12:15:39 -07002545
Rubin Xu85c01f92014-10-13 12:49:54 +01002546static unsigned int persist_get_max_entries(int encrypted) {
2547 struct crypt_mnt_ftr crypt_ftr;
2548 unsigned int dsize;
2549 unsigned int max_persistent_entries;
2550
2551 /* If encrypted, use the values from the crypt_ftr, otherwise
2552 * use the values for the current spec.
2553 */
2554 if (encrypted) {
2555 if (get_crypt_ftr_and_key(&crypt_ftr)) {
2556 return -1;
2557 }
2558 dsize = crypt_ftr.persist_data_size;
2559 } else {
2560 dsize = CRYPT_PERSIST_DATA_SIZE;
2561 }
2562
2563 max_persistent_entries = (dsize - sizeof(struct crypt_persist_data)) /
2564 sizeof(struct crypt_persist_entry);
2565
2566 return max_persistent_entries;
2567}
2568
2569static int persist_get_key(const char *fieldname, char *value)
Ken Sumrall160b4d62013-04-22 12:15:39 -07002570{
2571 unsigned int i;
2572
2573 if (persist_data == NULL) {
2574 return -1;
2575 }
2576 for (i = 0; i < persist_data->persist_valid_entries; i++) {
2577 if (!strncmp(persist_data->persist_entry[i].key, fieldname, PROPERTY_KEY_MAX)) {
2578 /* We found it! */
2579 strlcpy(value, persist_data->persist_entry[i].val, PROPERTY_VALUE_MAX);
2580 return 0;
2581 }
2582 }
2583
2584 return -1;
2585}
2586
Rubin Xu85c01f92014-10-13 12:49:54 +01002587static int persist_set_key(const char *fieldname, const char *value, int encrypted)
Ken Sumrall160b4d62013-04-22 12:15:39 -07002588{
2589 unsigned int i;
2590 unsigned int num;
Ken Sumrall160b4d62013-04-22 12:15:39 -07002591 unsigned int max_persistent_entries;
Ken Sumrall160b4d62013-04-22 12:15:39 -07002592
2593 if (persist_data == NULL) {
2594 return -1;
2595 }
2596
Rubin Xu85c01f92014-10-13 12:49:54 +01002597 max_persistent_entries = persist_get_max_entries(encrypted);
Ken Sumrall160b4d62013-04-22 12:15:39 -07002598
2599 num = persist_data->persist_valid_entries;
2600
2601 for (i = 0; i < num; i++) {
2602 if (!strncmp(persist_data->persist_entry[i].key, fieldname, PROPERTY_KEY_MAX)) {
2603 /* We found an existing entry, update it! */
2604 memset(persist_data->persist_entry[i].val, 0, PROPERTY_VALUE_MAX);
2605 strlcpy(persist_data->persist_entry[i].val, value, PROPERTY_VALUE_MAX);
2606 return 0;
2607 }
2608 }
2609
2610 /* We didn't find it, add it to the end, if there is room */
2611 if (persist_data->persist_valid_entries < max_persistent_entries) {
2612 memset(&persist_data->persist_entry[num], 0, sizeof(struct crypt_persist_entry));
2613 strlcpy(persist_data->persist_entry[num].key, fieldname, PROPERTY_KEY_MAX);
2614 strlcpy(persist_data->persist_entry[num].val, value, PROPERTY_VALUE_MAX);
2615 persist_data->persist_valid_entries++;
2616 return 0;
2617 }
2618
2619 return -1;
2620}
2621
Rubin Xu85c01f92014-10-13 12:49:54 +01002622/**
2623 * Test if key is part of the multi-entry (field, index) sequence. Return non-zero if key is in the
2624 * sequence and its index is greater than or equal to index. Return 0 otherwise.
2625 */
Jeff Sharkey95440eb2017-09-18 18:19:28 -06002626int match_multi_entry(const char *key, const char *field, unsigned index) {
2627 std::string key_ = key;
2628 std::string field_ = field;
Rubin Xu85c01f92014-10-13 12:49:54 +01002629
Jeff Sharkey95440eb2017-09-18 18:19:28 -06002630 std::string parsed_field;
2631 unsigned parsed_index;
2632
2633 std::string::size_type split = key_.find_last_of('_');
2634 if (split == std::string::npos) {
2635 parsed_field = key_;
2636 parsed_index = 0;
2637 } else {
2638 parsed_field = key_.substr(0, split);
2639 parsed_index = std::stoi(key_.substr(split + 1));
Rubin Xu85c01f92014-10-13 12:49:54 +01002640 }
Jeff Sharkey95440eb2017-09-18 18:19:28 -06002641
2642 return parsed_field == field_ && parsed_index >= index;
Rubin Xu85c01f92014-10-13 12:49:54 +01002643}
2644
2645/*
2646 * Delete entry/entries from persist_data. If the entries are part of a multi-segment field, all
2647 * remaining entries starting from index will be deleted.
2648 * returns PERSIST_DEL_KEY_OK if deletion succeeds,
2649 * PERSIST_DEL_KEY_ERROR_NO_FIELD if the field does not exist,
2650 * and PERSIST_DEL_KEY_ERROR_OTHER if error occurs.
2651 *
2652 */
2653static int persist_del_keys(const char *fieldname, unsigned index)
2654{
2655 unsigned int i;
2656 unsigned int j;
2657 unsigned int num;
2658
2659 if (persist_data == NULL) {
2660 return PERSIST_DEL_KEY_ERROR_OTHER;
2661 }
2662
2663 num = persist_data->persist_valid_entries;
2664
2665 j = 0; // points to the end of non-deleted entries.
2666 // Filter out to-be-deleted entries in place.
2667 for (i = 0; i < num; i++) {
2668 if (!match_multi_entry(persist_data->persist_entry[i].key, fieldname, index)) {
2669 persist_data->persist_entry[j] = persist_data->persist_entry[i];
2670 j++;
2671 }
2672 }
2673
2674 if (j < num) {
2675 persist_data->persist_valid_entries = j;
2676 // Zeroise the remaining entries
2677 memset(&persist_data->persist_entry[j], 0, (num - j) * sizeof(struct crypt_persist_entry));
2678 return PERSIST_DEL_KEY_OK;
2679 } else {
2680 // Did not find an entry matching the given fieldname
2681 return PERSIST_DEL_KEY_ERROR_NO_FIELD;
2682 }
2683}
2684
2685static int persist_count_keys(const char *fieldname)
2686{
2687 unsigned int i;
2688 unsigned int count;
2689
2690 if (persist_data == NULL) {
2691 return -1;
2692 }
2693
2694 count = 0;
2695 for (i = 0; i < persist_data->persist_valid_entries; i++) {
2696 if (match_multi_entry(persist_data->persist_entry[i].key, fieldname, 0)) {
2697 count++;
2698 }
2699 }
2700
2701 return count;
2702}
2703
Ken Sumrall160b4d62013-04-22 12:15:39 -07002704/* Return the value of the specified field. */
Rubin Xu85c01f92014-10-13 12:49:54 +01002705int cryptfs_getfield(const char *fieldname, char *value, int len)
Ken Sumrall160b4d62013-04-22 12:15:39 -07002706{
Paul Crowley38132a12016-02-09 09:50:32 +00002707 if (e4crypt_is_native()) {
Paul Lawrence5a06a642016-02-03 13:39:13 -08002708 SLOGE("Cannot get field when file encrypted");
2709 return -1;
Paul Lawrence368d7942015-04-15 14:12:00 -07002710 }
2711
Ken Sumrall160b4d62013-04-22 12:15:39 -07002712 char temp_value[PROPERTY_VALUE_MAX];
Rubin Xu85c01f92014-10-13 12:49:54 +01002713 /* CRYPTO_GETFIELD_OK is success,
2714 * CRYPTO_GETFIELD_ERROR_NO_FIELD is value not set,
2715 * CRYPTO_GETFIELD_ERROR_BUF_TOO_SMALL is buffer (as given by len) too small,
2716 * CRYPTO_GETFIELD_ERROR_OTHER is any other error
Ken Sumrall160b4d62013-04-22 12:15:39 -07002717 */
Rubin Xu85c01f92014-10-13 12:49:54 +01002718 int rc = CRYPTO_GETFIELD_ERROR_OTHER;
2719 int i;
2720 char temp_field[PROPERTY_KEY_MAX];
Ken Sumrall160b4d62013-04-22 12:15:39 -07002721
2722 if (persist_data == NULL) {
2723 load_persistent_data();
2724 if (persist_data == NULL) {
2725 SLOGE("Getfield error, cannot load persistent data");
2726 goto out;
2727 }
2728 }
2729
Rubin Xu85c01f92014-10-13 12:49:54 +01002730 // Read value from persistent entries. If the original value is split into multiple entries,
2731 // stitch them back together.
Ken Sumrall160b4d62013-04-22 12:15:39 -07002732 if (!persist_get_key(fieldname, temp_value)) {
Rubin Xu85c01f92014-10-13 12:49:54 +01002733 // We found it, copy it to the caller's buffer and keep going until all entries are read.
2734 if (strlcpy(value, temp_value, len) >= (unsigned) len) {
2735 // value too small
2736 rc = CRYPTO_GETFIELD_ERROR_BUF_TOO_SMALL;
2737 goto out;
2738 }
2739 rc = CRYPTO_GETFIELD_OK;
2740
2741 for (i = 1; /* break explicitly */; i++) {
2742 if (snprintf(temp_field, sizeof(temp_field), "%s_%d", fieldname, i) >=
2743 (int) sizeof(temp_field)) {
2744 // If the fieldname is very long, we stop as soon as it begins to overflow the
2745 // maximum field length. At this point we have in fact fully read out the original
2746 // value because cryptfs_setfield would not allow fields with longer names to be
2747 // written in the first place.
2748 break;
2749 }
2750 if (!persist_get_key(temp_field, temp_value)) {
2751 if (strlcat(value, temp_value, len) >= (unsigned)len) {
2752 // value too small.
2753 rc = CRYPTO_GETFIELD_ERROR_BUF_TOO_SMALL;
2754 goto out;
2755 }
2756 } else {
2757 // Exhaust all entries.
2758 break;
2759 }
2760 }
Ken Sumrall160b4d62013-04-22 12:15:39 -07002761 } else {
2762 /* Sadness, it's not there. Return the error */
Rubin Xu85c01f92014-10-13 12:49:54 +01002763 rc = CRYPTO_GETFIELD_ERROR_NO_FIELD;
Ken Sumrall160b4d62013-04-22 12:15:39 -07002764 }
2765
2766out:
2767 return rc;
2768}
2769
2770/* Set the value of the specified field. */
Rubin Xu85c01f92014-10-13 12:49:54 +01002771int cryptfs_setfield(const char *fieldname, const char *value)
Ken Sumrall160b4d62013-04-22 12:15:39 -07002772{
Paul Crowley38132a12016-02-09 09:50:32 +00002773 if (e4crypt_is_native()) {
Paul Lawrence5a06a642016-02-03 13:39:13 -08002774 SLOGE("Cannot set field when file encrypted");
2775 return -1;
Paul Lawrence368d7942015-04-15 14:12:00 -07002776 }
2777
Ken Sumrall160b4d62013-04-22 12:15:39 -07002778 char encrypted_state[PROPERTY_VALUE_MAX];
Rubin Xu85c01f92014-10-13 12:49:54 +01002779 /* 0 is success, negative values are error */
2780 int rc = CRYPTO_SETFIELD_ERROR_OTHER;
Ken Sumrall160b4d62013-04-22 12:15:39 -07002781 int encrypted = 0;
Rubin Xu85c01f92014-10-13 12:49:54 +01002782 unsigned int field_id;
2783 char temp_field[PROPERTY_KEY_MAX];
2784 unsigned int num_entries;
2785 unsigned int max_keylen;
Ken Sumrall160b4d62013-04-22 12:15:39 -07002786
2787 if (persist_data == NULL) {
2788 load_persistent_data();
2789 if (persist_data == NULL) {
2790 SLOGE("Setfield error, cannot load persistent data");
2791 goto out;
2792 }
2793 }
2794
2795 property_get("ro.crypto.state", encrypted_state, "");
2796 if (!strcmp(encrypted_state, "encrypted") ) {
2797 encrypted = 1;
2798 }
2799
Rubin Xu85c01f92014-10-13 12:49:54 +01002800 // Compute the number of entries required to store value, each entry can store up to
2801 // (PROPERTY_VALUE_MAX - 1) chars
2802 if (strlen(value) == 0) {
2803 // Empty value also needs one entry to store.
2804 num_entries = 1;
2805 } else {
2806 num_entries = (strlen(value) + (PROPERTY_VALUE_MAX - 1) - 1) / (PROPERTY_VALUE_MAX - 1);
2807 }
2808
2809 max_keylen = strlen(fieldname);
2810 if (num_entries > 1) {
2811 // Need an extra "_%d" suffix.
2812 max_keylen += 1 + log10(num_entries);
2813 }
2814 if (max_keylen > PROPERTY_KEY_MAX - 1) {
2815 rc = CRYPTO_SETFIELD_ERROR_FIELD_TOO_LONG;
Ken Sumrall160b4d62013-04-22 12:15:39 -07002816 goto out;
2817 }
2818
Rubin Xu85c01f92014-10-13 12:49:54 +01002819 // Make sure we have enough space to write the new value
2820 if (persist_data->persist_valid_entries + num_entries - persist_count_keys(fieldname) >
2821 persist_get_max_entries(encrypted)) {
2822 rc = CRYPTO_SETFIELD_ERROR_VALUE_TOO_LONG;
2823 goto out;
2824 }
2825
2826 // Now that we know persist_data has enough space for value, let's delete the old field first
2827 // to make up space.
2828 persist_del_keys(fieldname, 0);
2829
2830 if (persist_set_key(fieldname, value, encrypted)) {
2831 // fail to set key, should not happen as we have already checked the available space
2832 SLOGE("persist_set_key() error during setfield()");
2833 goto out;
2834 }
2835
2836 for (field_id = 1; field_id < num_entries; field_id++) {
Greg Kaiserb610e772018-02-09 09:19:54 -08002837 snprintf(temp_field, sizeof(temp_field), "%s_%u", fieldname, field_id);
Rubin Xu85c01f92014-10-13 12:49:54 +01002838
2839 if (persist_set_key(temp_field, value + field_id * (PROPERTY_VALUE_MAX - 1), encrypted)) {
2840 // fail to set key, should not happen as we have already checked the available space.
2841 SLOGE("persist_set_key() error during setfield()");
2842 goto out;
2843 }
2844 }
2845
Ken Sumrall160b4d62013-04-22 12:15:39 -07002846 /* If we are running encrypted, save the persistent data now */
2847 if (encrypted) {
2848 if (save_persistent_data()) {
2849 SLOGE("Setfield error, cannot save persistent data");
2850 goto out;
2851 }
2852 }
2853
Rubin Xu85c01f92014-10-13 12:49:54 +01002854 rc = CRYPTO_SETFIELD_OK;
Ken Sumrall160b4d62013-04-22 12:15:39 -07002855
2856out:
2857 return rc;
2858}
Paul Lawrencef4faa572014-01-29 13:31:03 -08002859
2860/* Checks userdata. Attempt to mount the volume if default-
2861 * encrypted.
2862 * On success trigger next init phase and return 0.
2863 * Currently do not handle failure - see TODO below.
2864 */
2865int cryptfs_mount_default_encrypted(void)
2866{
Paul Lawrence84274cc2016-04-15 15:41:33 -07002867 int crypt_type = cryptfs_get_password_type();
2868 if (crypt_type < 0 || crypt_type > CRYPT_TYPE_MAX_TYPE) {
2869 SLOGE("Bad crypt type - error");
2870 } else if (crypt_type != CRYPT_TYPE_DEFAULT) {
2871 SLOGD("Password is not default - "
2872 "starting min framework to prompt");
2873 property_set("vold.decrypt", "trigger_restart_min_framework");
2874 return 0;
2875 } else if (cryptfs_check_passwd(DEFAULT_PASSWORD) == 0) {
2876 SLOGD("Password is default - restarting filesystem");
2877 cryptfs_restart_internal(0);
2878 return 0;
Paul Lawrencef4faa572014-01-29 13:31:03 -08002879 } else {
Paul Lawrence84274cc2016-04-15 15:41:33 -07002880 SLOGE("Encrypted, default crypt type but can't decrypt");
Paul Lawrencef4faa572014-01-29 13:31:03 -08002881 }
2882
Paul Lawrence6bfed202014-07-28 12:47:22 -07002883 /** Corrupt. Allow us to boot into framework, which will detect bad
2884 crypto when it calls do_crypto_complete, then do a factory reset
Paul Lawrencef4faa572014-01-29 13:31:03 -08002885 */
Paul Lawrence6bfed202014-07-28 12:47:22 -07002886 property_set("vold.decrypt", "trigger_restart_min_framework");
Paul Lawrencef4faa572014-01-29 13:31:03 -08002887 return 0;
2888}
2889
2890/* Returns type of the password, default, pattern, pin or password.
2891 */
2892int cryptfs_get_password_type(void)
2893{
Paul Crowley38132a12016-02-09 09:50:32 +00002894 if (e4crypt_is_native()) {
Paul Lawrence7b6b5652016-02-02 11:14:59 -08002895 SLOGE("cryptfs_get_password_type not valid for file encryption");
2896 return -1;
Paul Lawrence05335c32015-03-05 09:46:23 -08002897 }
2898
Paul Lawrencef4faa572014-01-29 13:31:03 -08002899 struct crypt_mnt_ftr crypt_ftr;
2900
2901 if (get_crypt_ftr_and_key(&crypt_ftr)) {
2902 SLOGE("Error getting crypt footer and key\n");
2903 return -1;
2904 }
2905
Paul Lawrence6bfed202014-07-28 12:47:22 -07002906 if (crypt_ftr.flags & CRYPT_INCONSISTENT_STATE) {
2907 return -1;
2908 }
2909
Paul Lawrencef4faa572014-01-29 13:31:03 -08002910 return crypt_ftr.crypt_type;
2911}
Paul Lawrence684dbdf2014-02-07 12:07:22 -08002912
Paul Lawrence05335c32015-03-05 09:46:23 -08002913const char* cryptfs_get_password()
Paul Lawrence684dbdf2014-02-07 12:07:22 -08002914{
Paul Crowley38132a12016-02-09 09:50:32 +00002915 if (e4crypt_is_native()) {
Paul Lawrence7b6b5652016-02-02 11:14:59 -08002916 SLOGE("cryptfs_get_password not valid for file encryption");
2917 return 0;
Paul Lawrence05335c32015-03-05 09:46:23 -08002918 }
2919
Paul Lawrence399317e2014-03-10 13:20:50 -07002920 struct timespec now;
Paul Lawrenceef2b5be2014-11-11 12:47:03 -08002921 clock_gettime(CLOCK_BOOTTIME, &now);
Paul Lawrence399317e2014-03-10 13:20:50 -07002922 if (now.tv_sec < password_expiry_time) {
2923 return password;
2924 } else {
2925 cryptfs_clear_password();
2926 return 0;
2927 }
2928}
2929
2930void cryptfs_clear_password()
2931{
2932 if (password) {
2933 size_t len = strlen(password);
2934 memset(password, 0, len);
2935 free(password);
2936 password = 0;
2937 password_expiry_time = 0;
2938 }
Paul Lawrence684dbdf2014-02-07 12:07:22 -08002939}
Paul Lawrence731a7a22015-04-28 22:14:15 +00002940
Paul Lawrence0c247462015-10-29 10:30:57 -07002941int cryptfs_isConvertibleToFBE()
2942{
Paul Crowleye2ee1522017-09-26 14:05:26 -07002943 struct fstab_rec* rec = fs_mgr_get_entry_for_mount_point(fstab_default, DATA_MNT_POINT);
Paul Lawrence0c247462015-10-29 10:30:57 -07002944 return fs_mgr_is_convertible_to_fbe(rec) ? 1 : 0;
2945}