blob: 46e6be7a639c15fb3b4bc5682b4b6d59b313d712 [file] [log] [blame]
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001/*
2 * Copyright (C) 2010 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17/* TO DO:
18 * 1. Perhaps keep several copies of the encrypted key, in case something
19 * goes horribly wrong?
20 *
21 */
22
23#include <sys/types.h>
Ken Sumralle550f782013-08-20 13:48:23 -070024#include <sys/wait.h>
Ken Sumrall8f869aa2010-12-03 03:47:09 -080025#include <sys/stat.h>
Paul Lawrencef4faa572014-01-29 13:31:03 -080026#include <ctype.h>
Ken Sumrall8f869aa2010-12-03 03:47:09 -080027#include <fcntl.h>
Elliott Hughes73737162014-06-25 17:27:42 -070028#include <inttypes.h>
Ken Sumrall8f869aa2010-12-03 03:47:09 -080029#include <unistd.h>
30#include <stdio.h>
31#include <sys/ioctl.h>
32#include <linux/dm-ioctl.h>
33#include <libgen.h>
34#include <stdlib.h>
35#include <sys/param.h>
36#include <string.h>
37#include <sys/mount.h>
38#include <openssl/evp.h>
Adam Langley41405bb2015-01-22 16:45:28 -080039#include <openssl/sha.h>
Ken Sumrall8f869aa2010-12-03 03:47:09 -080040#include <errno.h>
Ken Sumrall3ed82362011-01-28 23:31:16 -080041#include <ext4.h>
Ken Sumrall29d8da82011-05-18 17:20:07 -070042#include <linux/kdev_t.h>
Ken Sumralle5032c42012-04-01 23:58:44 -070043#include <fs_mgr.h>
Paul Lawrence9c58a872014-09-30 09:12:51 -070044#include <time.h>
Rubin Xu85c01f92014-10-13 12:49:54 +010045#include <math.h>
Ken Sumrall8f869aa2010-12-03 03:47:09 -080046#include "cryptfs.h"
47#define LOG_TAG "Cryptfs"
48#include "cutils/log.h"
49#include "cutils/properties.h"
Ken Sumralladfba362013-06-04 16:37:52 -070050#include "cutils/android_reboot.h"
Ken Sumrall5d4c68e2011-01-30 19:06:03 -080051#include "hardware_legacy/power.h"
Ken Sumralle550f782013-08-20 13:48:23 -070052#include <logwrap/logwrap.h>
Ken Sumrall29d8da82011-05-18 17:20:07 -070053#include "VolumeManager.h"
Ken Sumrall9caab762013-06-11 19:10:20 -070054#include "VoldUtil.h"
Kenny Rootc4c70f12013-06-14 12:11:38 -070055#include "crypto_scrypt.h"
Paul Lawrenceae59fe62014-01-21 08:23:27 -080056#include "ext4_utils.h"
Daniel Rosenberge82df162014-08-15 22:19:23 +000057#include "f2fs_sparseblock.h"
Paul Lawrence87999172014-02-20 12:21:31 -080058#include "CheckBattery.h"
jessica_yu3f14fe42014-09-22 15:57:40 +080059#include "Process.h"
Ken Sumrall8f869aa2010-12-03 03:47:09 -080060
Paul Lawrence69f4ebd2014-04-14 12:17:14 -070061#include <hardware/keymaster.h>
62
Mark Salyzyn3e971272014-01-21 13:27:04 -080063#define UNUSED __attribute__((unused))
64
Mark Salyzyn5eecc442014-02-12 14:16:14 -080065#define UNUSED __attribute__((unused))
66
Ajay Dudani87701e22014-09-17 21:02:52 -070067#ifdef CONFIG_HW_DISK_ENCRYPTION
68#include "cryptfs_hw.h"
69#endif
70
Ken Sumrall8f869aa2010-12-03 03:47:09 -080071#define DM_CRYPT_BUF_SIZE 4096
72
Jason parks70a4b3f2011-01-28 10:10:47 -060073#define HASH_COUNT 2000
74#define KEY_LEN_BYTES 16
75#define IV_LEN_BYTES 16
76
Ken Sumrall29d8da82011-05-18 17:20:07 -070077#define KEY_IN_FOOTER "footer"
78
Paul Lawrencef4faa572014-01-29 13:31:03 -080079// "default_password" encoded into hex (d=0x64 etc)
80#define DEFAULT_PASSWORD "64656661756c745f70617373776f7264"
81
Ken Sumrall29d8da82011-05-18 17:20:07 -070082#define EXT4_FS 1
JP Abgrall62c7af32014-06-16 13:01:23 -070083#define F2FS_FS 2
Ken Sumrall29d8da82011-05-18 17:20:07 -070084
Ken Sumralle919efe2012-09-29 17:07:41 -070085#define TABLE_LOAD_RETRIES 10
86
Shawn Willden47ba10d2014-09-03 17:07:06 -060087#define RSA_KEY_SIZE 2048
88#define RSA_KEY_SIZE_BYTES (RSA_KEY_SIZE / 8)
89#define RSA_EXPONENT 0x10001
Paul Lawrence69f4ebd2014-04-14 12:17:14 -070090
Paul Lawrence8e3f4512014-09-08 10:11:17 -070091#define RETRY_MOUNT_ATTEMPTS 10
92#define RETRY_MOUNT_DELAY_SECONDS 1
93
Ken Sumrall8f869aa2010-12-03 03:47:09 -080094char *me = "cryptfs";
95
Jason parks70a4b3f2011-01-28 10:10:47 -060096static unsigned char saved_master_key[KEY_LEN_BYTES];
Ken Sumrall3ad90722011-10-04 20:38:29 -070097static char *saved_mount_point;
Jason parks70a4b3f2011-01-28 10:10:47 -060098static int master_key_saved = 0;
Ken Sumrall160b4d62013-04-22 12:15:39 -070099static struct crypt_persist_data *persist_data = NULL;
Ken Sumrall56ad03c2013-02-13 13:00:19 -0800100
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700101static int keymaster_init(keymaster_device_t **keymaster_dev)
102{
103 int rc;
104
105 const hw_module_t* mod;
106 rc = hw_get_module_by_class(KEYSTORE_HARDWARE_MODULE_ID, NULL, &mod);
107 if (rc) {
108 ALOGE("could not find any keystore module");
109 goto out;
110 }
111
112 rc = keymaster_open(mod, keymaster_dev);
113 if (rc) {
114 ALOGE("could not open keymaster device in %s (%s)",
115 KEYSTORE_HARDWARE_MODULE_ID, strerror(-rc));
116 goto out;
117 }
118
119 return 0;
120
121out:
122 *keymaster_dev = NULL;
123 return rc;
124}
125
126/* Should we use keymaster? */
127static int keymaster_check_compatibility()
128{
129 keymaster_device_t *keymaster_dev = 0;
130 int rc = 0;
131
132 if (keymaster_init(&keymaster_dev)) {
133 SLOGE("Failed to init keymaster");
134 rc = -1;
135 goto out;
136 }
137
Paul Lawrence8c008392014-05-06 14:02:48 -0700138 SLOGI("keymaster version is %d", keymaster_dev->common.module->module_api_version);
139
140 if (keymaster_dev->common.module->module_api_version
141 < KEYMASTER_MODULE_API_VERSION_0_3) {
142 rc = 0;
143 goto out;
144 }
145
Shawn Willden7c49ab02014-10-30 08:12:32 -0600146 if (!(keymaster_dev->flags & KEYMASTER_SOFTWARE_ONLY) &&
147 (keymaster_dev->flags & KEYMASTER_BLOBS_ARE_STANDALONE)) {
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700148 rc = 1;
149 }
150
151out:
152 keymaster_close(keymaster_dev);
153 return rc;
154}
155
156/* Create a new keymaster key and store it in this footer */
157static int keymaster_create_key(struct crypt_mnt_ftr *ftr)
158{
159 uint8_t* key = 0;
160 keymaster_device_t *keymaster_dev = 0;
161
162 if (keymaster_init(&keymaster_dev)) {
163 SLOGE("Failed to init keymaster");
164 return -1;
165 }
166
167 int rc = 0;
168
169 keymaster_rsa_keygen_params_t params;
170 memset(&params, '\0', sizeof(params));
Shawn Willden47ba10d2014-09-03 17:07:06 -0600171 params.public_exponent = RSA_EXPONENT;
172 params.modulus_size = RSA_KEY_SIZE;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700173
174 size_t key_size;
175 if (keymaster_dev->generate_keypair(keymaster_dev, TYPE_RSA, &params,
176 &key, &key_size)) {
177 SLOGE("Failed to generate keypair");
178 rc = -1;
179 goto out;
180 }
181
182 if (key_size > KEYMASTER_BLOB_SIZE) {
183 SLOGE("Keymaster key too large for crypto footer");
184 rc = -1;
185 goto out;
186 }
187
188 memcpy(ftr->keymaster_blob, key, key_size);
189 ftr->keymaster_blob_size = key_size;
190
191out:
192 keymaster_close(keymaster_dev);
193 free(key);
194 return rc;
195}
196
Shawn Willdene17a9c42014-09-08 13:04:08 -0600197/* This signs the given object using the keymaster key. */
198static int keymaster_sign_object(struct crypt_mnt_ftr *ftr,
Shawn Willden47ba10d2014-09-03 17:07:06 -0600199 const unsigned char *object,
200 const size_t object_size,
201 unsigned char **signature,
202 size_t *signature_size)
203{
204 int rc = 0;
205 keymaster_device_t *keymaster_dev = 0;
206 if (keymaster_init(&keymaster_dev)) {
207 SLOGE("Failed to init keymaster");
208 return -1;
209 }
210
211 /* We currently set the digest type to DIGEST_NONE because it's the
212 * only supported value for keymaster. A similar issue exists with
213 * PADDING_NONE. Long term both of these should likely change.
214 */
215 keymaster_rsa_sign_params_t params;
216 params.digest_type = DIGEST_NONE;
217 params.padding_type = PADDING_NONE;
218
219 unsigned char to_sign[RSA_KEY_SIZE_BYTES];
Shawn Willdene17a9c42014-09-08 13:04:08 -0600220 size_t to_sign_size = sizeof(to_sign);
Shawn Willden47ba10d2014-09-03 17:07:06 -0600221 memset(to_sign, 0, RSA_KEY_SIZE_BYTES);
Shawn Willden47ba10d2014-09-03 17:07:06 -0600222
Shawn Willdene17a9c42014-09-08 13:04:08 -0600223 // To sign a message with RSA, the message must satisfy two
224 // constraints:
225 //
226 // 1. The message, when interpreted as a big-endian numeric value, must
227 // be strictly less than the public modulus of the RSA key. Note
228 // that because the most significant bit of the public modulus is
229 // guaranteed to be 1 (else it's an (n-1)-bit key, not an n-bit
230 // key), an n-bit message with most significant bit 0 always
231 // satisfies this requirement.
232 //
233 // 2. The message must have the same length in bits as the public
234 // modulus of the RSA key. This requirement isn't mathematically
235 // necessary, but is necessary to ensure consistency in
236 // implementations.
237 switch (ftr->kdf_type) {
Shawn Willdene17a9c42014-09-08 13:04:08 -0600238 case KDF_SCRYPT_KEYMASTER:
239 // This ensures the most significant byte of the signed message
240 // is zero. We could have zero-padded to the left instead, but
241 // this approach is slightly more robust against changes in
242 // object size. However, it's still broken (but not unusably
243 // so) because we really should be using a proper RSA padding
244 // function, such as OAEP.
245 //
246 // TODO(paullawrence): When keymaster 0.4 is available, change
247 // this to use the padding options it provides.
248 memcpy(to_sign + 1, object, min(RSA_KEY_SIZE_BYTES - 1, object_size));
249 SLOGI("Signing safely-padded object");
250 break;
251 default:
252 SLOGE("Unknown KDF type %d", ftr->kdf_type);
253 return -1;
254 }
255
Shawn Willden47ba10d2014-09-03 17:07:06 -0600256 rc = keymaster_dev->sign_data(keymaster_dev,
257 &params,
258 ftr->keymaster_blob,
259 ftr->keymaster_blob_size,
260 to_sign,
Shawn Willdene17a9c42014-09-08 13:04:08 -0600261 to_sign_size,
Shawn Willden47ba10d2014-09-03 17:07:06 -0600262 signature,
263 signature_size);
264
265 keymaster_close(keymaster_dev);
266 return rc;
267}
268
Paul Lawrence399317e2014-03-10 13:20:50 -0700269/* Store password when userdata is successfully decrypted and mounted.
270 * Cleared by cryptfs_clear_password
271 *
272 * To avoid a double prompt at boot, we need to store the CryptKeeper
273 * password and pass it to KeyGuard, which uses it to unlock KeyStore.
274 * Since the entire framework is torn down and rebuilt after encryption,
275 * we have to use a daemon or similar to store the password. Since vold
276 * is secured against IPC except from system processes, it seems a reasonable
277 * place to store this.
278 *
279 * password should be cleared once it has been used.
280 *
281 * password is aged out after password_max_age_seconds seconds.
Paul Lawrence684dbdf2014-02-07 12:07:22 -0800282 */
Paul Lawrence399317e2014-03-10 13:20:50 -0700283static char* password = 0;
284static int password_expiry_time = 0;
285static const int password_max_age_seconds = 60;
Paul Lawrence684dbdf2014-02-07 12:07:22 -0800286
Ken Sumrall56ad03c2013-02-13 13:00:19 -0800287extern struct fstab *fstab;
Ken Sumrall8ddbe402011-01-17 15:26:29 -0800288
Paul Lawrence87999172014-02-20 12:21:31 -0800289enum RebootType {reboot, recovery, shutdown};
290static void cryptfs_reboot(enum RebootType rt)
Ken Sumralladfba362013-06-04 16:37:52 -0700291{
Paul Lawrence87999172014-02-20 12:21:31 -0800292 switch(rt) {
293 case reboot:
294 property_set(ANDROID_RB_PROPERTY, "reboot");
295 break;
296
297 case recovery:
298 property_set(ANDROID_RB_PROPERTY, "reboot,recovery");
299 break;
300
301 case shutdown:
302 property_set(ANDROID_RB_PROPERTY, "shutdown");
303 break;
Ken Sumralladfba362013-06-04 16:37:52 -0700304 }
Paul Lawrence87999172014-02-20 12:21:31 -0800305
Ken Sumralladfba362013-06-04 16:37:52 -0700306 sleep(20);
307
308 /* Shouldn't get here, reboot should happen before sleep times out */
309 return;
310}
311
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800312static void ioctl_init(struct dm_ioctl *io, size_t dataSize, const char *name, unsigned flags)
313{
314 memset(io, 0, dataSize);
315 io->data_size = dataSize;
316 io->data_start = sizeof(struct dm_ioctl);
317 io->version[0] = 4;
318 io->version[1] = 0;
319 io->version[2] = 0;
320 io->flags = flags;
321 if (name) {
Marek Pola5e6b9142015-02-05 14:22:34 +0100322 strlcpy(io->name, name, sizeof(io->name));
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800323 }
324}
325
Kenny Rootc4c70f12013-06-14 12:11:38 -0700326/**
327 * Gets the default device scrypt parameters for key derivation time tuning.
328 * The parameters should lead to about one second derivation time for the
329 * given device.
330 */
331static void get_device_scrypt_params(struct crypt_mnt_ftr *ftr) {
332 const int default_params[] = SCRYPT_DEFAULTS;
333 int params[] = SCRYPT_DEFAULTS;
334 char paramstr[PROPERTY_VALUE_MAX];
335 char *token;
336 char *saveptr;
337 int i;
338
339 property_get(SCRYPT_PROP, paramstr, "");
340 if (paramstr[0] != '\0') {
341 /*
342 * The token we're looking for should be three integers separated by
343 * colons (e.g., "12:8:1"). Scan the property to make sure it matches.
344 */
Kenny Root2947e342013-08-14 15:54:49 -0700345 for (i = 0, token = strtok_r(paramstr, ":", &saveptr);
346 token != NULL && i < 3;
Kenny Rootc4c70f12013-06-14 12:11:38 -0700347 i++, token = strtok_r(NULL, ":", &saveptr)) {
348 char *endptr;
349 params[i] = strtol(token, &endptr, 10);
350
351 /*
352 * Check that there was a valid number and it's 8-bit. If not,
353 * break out and the end check will take the default values.
354 */
355 if ((*token == '\0') || (*endptr != '\0') || params[i] < 0 || params[i] > 255) {
356 break;
357 }
358 }
359
360 /*
361 * If there were not enough tokens or a token was malformed (not an
362 * integer), it will end up here and the default parameters can be
363 * taken.
364 */
365 if ((i != 3) || (token != NULL)) {
366 SLOGW("bad scrypt parameters '%s' should be like '12:8:1'; using defaults", paramstr);
367 memcpy(params, default_params, sizeof(params));
368 }
369 }
370
371 ftr->N_factor = params[0];
372 ftr->r_factor = params[1];
373 ftr->p_factor = params[2];
374}
375
Ken Sumrall3ed82362011-01-28 23:31:16 -0800376static unsigned int get_fs_size(char *dev)
377{
378 int fd, block_size;
379 struct ext4_super_block sb;
380 off64_t len;
381
382 if ((fd = open(dev, O_RDONLY)) < 0) {
383 SLOGE("Cannot open device to get filesystem size ");
384 return 0;
385 }
386
387 if (lseek64(fd, 1024, SEEK_SET) < 0) {
388 SLOGE("Cannot seek to superblock");
389 return 0;
390 }
391
392 if (read(fd, &sb, sizeof(sb)) != sizeof(sb)) {
393 SLOGE("Cannot read superblock");
394 return 0;
395 }
396
397 close(fd);
398
Daniel Rosenberge82df162014-08-15 22:19:23 +0000399 if (le32_to_cpu(sb.s_magic) != EXT4_SUPER_MAGIC) {
400 SLOGE("Not a valid ext4 superblock");
401 return 0;
402 }
Ken Sumrall3ed82362011-01-28 23:31:16 -0800403 block_size = 1024 << sb.s_log_block_size;
404 /* compute length in bytes */
405 len = ( ((off64_t)sb.s_blocks_count_hi << 32) + sb.s_blocks_count_lo) * block_size;
406
407 /* return length in sectors */
408 return (unsigned int) (len / 512);
409}
410
Ken Sumrall160b4d62013-04-22 12:15:39 -0700411static int get_crypt_ftr_info(char **metadata_fname, off64_t *off)
412{
413 static int cached_data = 0;
414 static off64_t cached_off = 0;
415 static char cached_metadata_fname[PROPERTY_VALUE_MAX] = "";
416 int fd;
417 char key_loc[PROPERTY_VALUE_MAX];
418 char real_blkdev[PROPERTY_VALUE_MAX];
419 unsigned int nr_sec;
420 int rc = -1;
421
422 if (!cached_data) {
423 fs_mgr_get_crypt_info(fstab, key_loc, real_blkdev, sizeof(key_loc));
424
425 if (!strcmp(key_loc, KEY_IN_FOOTER)) {
426 if ( (fd = open(real_blkdev, O_RDWR)) < 0) {
427 SLOGE("Cannot open real block device %s\n", real_blkdev);
428 return -1;
429 }
430
431 if ((nr_sec = get_blkdev_size(fd))) {
432 /* If it's an encrypted Android partition, the last 16 Kbytes contain the
433 * encryption info footer and key, and plenty of bytes to spare for future
434 * growth.
435 */
436 strlcpy(cached_metadata_fname, real_blkdev, sizeof(cached_metadata_fname));
437 cached_off = ((off64_t)nr_sec * 512) - CRYPT_FOOTER_OFFSET;
438 cached_data = 1;
439 } else {
440 SLOGE("Cannot get size of block device %s\n", real_blkdev);
441 }
442 close(fd);
443 } else {
444 strlcpy(cached_metadata_fname, key_loc, sizeof(cached_metadata_fname));
445 cached_off = 0;
446 cached_data = 1;
447 }
448 }
449
450 if (cached_data) {
451 if (metadata_fname) {
452 *metadata_fname = cached_metadata_fname;
453 }
454 if (off) {
455 *off = cached_off;
456 }
457 rc = 0;
458 }
459
460 return rc;
461}
462
Ken Sumralle8744072011-01-18 22:01:55 -0800463/* key or salt can be NULL, in which case just skip writing that value. Useful to
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800464 * update the failed mount count but not change the key.
465 */
Ken Sumrall160b4d62013-04-22 12:15:39 -0700466static int put_crypt_ftr_and_key(struct crypt_mnt_ftr *crypt_ftr)
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800467{
468 int fd;
Tim Murray8439dc92014-12-15 11:56:11 -0800469 unsigned int cnt;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700470 /* starting_off is set to the SEEK_SET offset
471 * where the crypto structure starts
472 */
473 off64_t starting_off;
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800474 int rc = -1;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700475 char *fname = NULL;
Ken Sumrall3be890f2011-09-14 16:53:46 -0700476 struct stat statbuf;
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800477
Ken Sumrall160b4d62013-04-22 12:15:39 -0700478 if (get_crypt_ftr_info(&fname, &starting_off)) {
479 SLOGE("Unable to get crypt_ftr_info\n");
480 return -1;
481 }
482 if (fname[0] != '/') {
Ken Sumralle5032c42012-04-01 23:58:44 -0700483 SLOGE("Unexpected value for crypto key location\n");
Ken Sumrall160b4d62013-04-22 12:15:39 -0700484 return -1;
485 }
Ken Sumralle550f782013-08-20 13:48:23 -0700486 if ( (fd = open(fname, O_RDWR | O_CREAT, 0600)) < 0) {
487 SLOGE("Cannot open footer file %s for put\n", fname);
Ken Sumrall160b4d62013-04-22 12:15:39 -0700488 return -1;
489 }
490
491 /* Seek to the start of the crypt footer */
492 if (lseek64(fd, starting_off, SEEK_SET) == -1) {
493 SLOGE("Cannot seek to real block device footer\n");
494 goto errout;
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800495 }
496
497 if ((cnt = write(fd, crypt_ftr, sizeof(struct crypt_mnt_ftr))) != sizeof(struct crypt_mnt_ftr)) {
498 SLOGE("Cannot write real block device footer\n");
499 goto errout;
500 }
501
Ken Sumrall3be890f2011-09-14 16:53:46 -0700502 fstat(fd, &statbuf);
503 /* If the keys are kept on a raw block device, do not try to truncate it. */
Ken Sumralle550f782013-08-20 13:48:23 -0700504 if (S_ISREG(statbuf.st_mode)) {
Ken Sumrall29d8da82011-05-18 17:20:07 -0700505 if (ftruncate(fd, 0x4000)) {
Colin Cross59846b62014-02-06 20:34:29 -0800506 SLOGE("Cannot set footer file size\n");
Ken Sumralle8744072011-01-18 22:01:55 -0800507 goto errout;
508 }
509 }
510
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800511 /* Success! */
512 rc = 0;
513
514errout:
515 close(fd);
516 return rc;
517
518}
519
Ken Sumrall160b4d62013-04-22 12:15:39 -0700520static inline int unix_read(int fd, void* buff, int len)
521{
522 return TEMP_FAILURE_RETRY(read(fd, buff, len));
523}
524
525static inline int unix_write(int fd, const void* buff, int len)
526{
527 return TEMP_FAILURE_RETRY(write(fd, buff, len));
528}
529
530static void init_empty_persist_data(struct crypt_persist_data *pdata, int len)
531{
532 memset(pdata, 0, len);
533 pdata->persist_magic = PERSIST_DATA_MAGIC;
534 pdata->persist_valid_entries = 0;
535}
536
537/* A routine to update the passed in crypt_ftr to the lastest version.
538 * fd is open read/write on the device that holds the crypto footer and persistent
539 * data, crypt_ftr is a pointer to the struct to be updated, and offset is the
540 * absolute offset to the start of the crypt_mnt_ftr on the passed in fd.
541 */
542static void upgrade_crypt_ftr(int fd, struct crypt_mnt_ftr *crypt_ftr, off64_t offset)
543{
Kenny Root7434b312013-06-14 11:29:53 -0700544 int orig_major = crypt_ftr->major_version;
545 int orig_minor = crypt_ftr->minor_version;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700546
Kenny Root7434b312013-06-14 11:29:53 -0700547 if ((crypt_ftr->major_version == 1) && (crypt_ftr->minor_version == 0)) {
548 struct crypt_persist_data *pdata;
549 off64_t pdata_offset = offset + CRYPT_FOOTER_TO_PERSIST_OFFSET;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700550
Kenny Rootc4c70f12013-06-14 12:11:38 -0700551 SLOGW("upgrading crypto footer to 1.1");
552
Kenny Root7434b312013-06-14 11:29:53 -0700553 pdata = malloc(CRYPT_PERSIST_DATA_SIZE);
554 if (pdata == NULL) {
555 SLOGE("Cannot allocate persisent data\n");
556 return;
557 }
558 memset(pdata, 0, CRYPT_PERSIST_DATA_SIZE);
559
560 /* Need to initialize the persistent data area */
561 if (lseek64(fd, pdata_offset, SEEK_SET) == -1) {
562 SLOGE("Cannot seek to persisent data offset\n");
Henrik Baard91064632015-02-05 15:09:17 +0100563 free(pdata);
Kenny Root7434b312013-06-14 11:29:53 -0700564 return;
565 }
566 /* Write all zeros to the first copy, making it invalid */
567 unix_write(fd, pdata, CRYPT_PERSIST_DATA_SIZE);
568
569 /* Write a valid but empty structure to the second copy */
570 init_empty_persist_data(pdata, CRYPT_PERSIST_DATA_SIZE);
571 unix_write(fd, pdata, CRYPT_PERSIST_DATA_SIZE);
572
573 /* Update the footer */
574 crypt_ftr->persist_data_size = CRYPT_PERSIST_DATA_SIZE;
575 crypt_ftr->persist_data_offset[0] = pdata_offset;
576 crypt_ftr->persist_data_offset[1] = pdata_offset + CRYPT_PERSIST_DATA_SIZE;
577 crypt_ftr->minor_version = 1;
Henrik Baard91064632015-02-05 15:09:17 +0100578 free(pdata);
Ken Sumrall160b4d62013-04-22 12:15:39 -0700579 }
580
Paul Lawrencef4faa572014-01-29 13:31:03 -0800581 if ((crypt_ftr->major_version == 1) && (crypt_ftr->minor_version == 1)) {
Kenny Rootc4c70f12013-06-14 12:11:38 -0700582 SLOGW("upgrading crypto footer to 1.2");
JP Abgrall7bdfa522013-11-15 13:42:56 -0800583 /* But keep the old kdf_type.
584 * It will get updated later to KDF_SCRYPT after the password has been verified.
585 */
Kenny Rootc4c70f12013-06-14 12:11:38 -0700586 crypt_ftr->kdf_type = KDF_PBKDF2;
587 get_device_scrypt_params(crypt_ftr);
588 crypt_ftr->minor_version = 2;
589 }
590
Paul Lawrencef4faa572014-01-29 13:31:03 -0800591 if ((crypt_ftr->major_version == 1) && (crypt_ftr->minor_version == 2)) {
592 SLOGW("upgrading crypto footer to 1.3");
593 crypt_ftr->crypt_type = CRYPT_TYPE_PASSWORD;
594 crypt_ftr->minor_version = 3;
595 }
596
Kenny Root7434b312013-06-14 11:29:53 -0700597 if ((orig_major != crypt_ftr->major_version) || (orig_minor != crypt_ftr->minor_version)) {
598 if (lseek64(fd, offset, SEEK_SET) == -1) {
599 SLOGE("Cannot seek to crypt footer\n");
600 return;
601 }
602 unix_write(fd, crypt_ftr, sizeof(struct crypt_mnt_ftr));
Ken Sumrall160b4d62013-04-22 12:15:39 -0700603 }
Ken Sumrall160b4d62013-04-22 12:15:39 -0700604}
605
606
607static int get_crypt_ftr_and_key(struct crypt_mnt_ftr *crypt_ftr)
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800608{
609 int fd;
Tim Murray8439dc92014-12-15 11:56:11 -0800610 unsigned int cnt;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700611 off64_t starting_off;
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800612 int rc = -1;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700613 char *fname = NULL;
Ken Sumrall29d8da82011-05-18 17:20:07 -0700614 struct stat statbuf;
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800615
Ken Sumrall160b4d62013-04-22 12:15:39 -0700616 if (get_crypt_ftr_info(&fname, &starting_off)) {
617 SLOGE("Unable to get crypt_ftr_info\n");
618 return -1;
619 }
620 if (fname[0] != '/') {
Ken Sumralle5032c42012-04-01 23:58:44 -0700621 SLOGE("Unexpected value for crypto key location\n");
Ken Sumrall160b4d62013-04-22 12:15:39 -0700622 return -1;
623 }
624 if ( (fd = open(fname, O_RDWR)) < 0) {
Ken Sumralle550f782013-08-20 13:48:23 -0700625 SLOGE("Cannot open footer file %s for get\n", fname);
Ken Sumrall160b4d62013-04-22 12:15:39 -0700626 return -1;
627 }
628
629 /* Make sure it's 16 Kbytes in length */
630 fstat(fd, &statbuf);
631 if (S_ISREG(statbuf.st_mode) && (statbuf.st_size != 0x4000)) {
632 SLOGE("footer file %s is not the expected size!\n", fname);
633 goto errout;
634 }
635
636 /* Seek to the start of the crypt footer */
637 if (lseek64(fd, starting_off, SEEK_SET) == -1) {
638 SLOGE("Cannot seek to real block device footer\n");
639 goto errout;
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800640 }
641
642 if ( (cnt = read(fd, crypt_ftr, sizeof(struct crypt_mnt_ftr))) != sizeof(struct crypt_mnt_ftr)) {
643 SLOGE("Cannot read real block device footer\n");
644 goto errout;
645 }
646
647 if (crypt_ftr->magic != CRYPT_MNT_MAGIC) {
Ken Sumrall29d8da82011-05-18 17:20:07 -0700648 SLOGE("Bad magic for real block device %s\n", fname);
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800649 goto errout;
650 }
651
Kenny Rootc96a5f82013-06-14 12:08:28 -0700652 if (crypt_ftr->major_version != CURRENT_MAJOR_VERSION) {
653 SLOGE("Cannot understand major version %d real block device footer; expected %d\n",
654 crypt_ftr->major_version, CURRENT_MAJOR_VERSION);
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800655 goto errout;
656 }
657
Kenny Rootc96a5f82013-06-14 12:08:28 -0700658 if (crypt_ftr->minor_version > CURRENT_MINOR_VERSION) {
659 SLOGW("Warning: crypto footer minor version %d, expected <= %d, continuing...\n",
660 crypt_ftr->minor_version, CURRENT_MINOR_VERSION);
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800661 }
662
Ken Sumrall160b4d62013-04-22 12:15:39 -0700663 /* If this is a verion 1.0 crypt_ftr, make it a 1.1 crypt footer, and update the
664 * copy on disk before returning.
665 */
Kenny Rootc96a5f82013-06-14 12:08:28 -0700666 if (crypt_ftr->minor_version < CURRENT_MINOR_VERSION) {
Ken Sumrall160b4d62013-04-22 12:15:39 -0700667 upgrade_crypt_ftr(fd, crypt_ftr, starting_off);
Ken Sumralle8744072011-01-18 22:01:55 -0800668 }
669
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800670 /* Success! */
671 rc = 0;
672
673errout:
674 close(fd);
675 return rc;
676}
677
Ken Sumrall160b4d62013-04-22 12:15:39 -0700678static int validate_persistent_data_storage(struct crypt_mnt_ftr *crypt_ftr)
679{
680 if (crypt_ftr->persist_data_offset[0] + crypt_ftr->persist_data_size >
681 crypt_ftr->persist_data_offset[1]) {
682 SLOGE("Crypt_ftr persist data regions overlap");
683 return -1;
684 }
685
686 if (crypt_ftr->persist_data_offset[0] >= crypt_ftr->persist_data_offset[1]) {
687 SLOGE("Crypt_ftr persist data region 0 starts after region 1");
688 return -1;
689 }
690
691 if (((crypt_ftr->persist_data_offset[1] + crypt_ftr->persist_data_size) -
692 (crypt_ftr->persist_data_offset[0] - CRYPT_FOOTER_TO_PERSIST_OFFSET)) >
693 CRYPT_FOOTER_OFFSET) {
694 SLOGE("Persistent data extends past crypto footer");
695 return -1;
696 }
697
698 return 0;
699}
700
701static int load_persistent_data(void)
702{
703 struct crypt_mnt_ftr crypt_ftr;
704 struct crypt_persist_data *pdata = NULL;
705 char encrypted_state[PROPERTY_VALUE_MAX];
706 char *fname;
707 int found = 0;
708 int fd;
709 int ret;
710 int i;
711
712 if (persist_data) {
713 /* Nothing to do, we've already loaded or initialized it */
714 return 0;
715 }
716
717
718 /* If not encrypted, just allocate an empty table and initialize it */
719 property_get("ro.crypto.state", encrypted_state, "");
720 if (strcmp(encrypted_state, "encrypted") ) {
721 pdata = malloc(CRYPT_PERSIST_DATA_SIZE);
722 if (pdata) {
723 init_empty_persist_data(pdata, CRYPT_PERSIST_DATA_SIZE);
724 persist_data = pdata;
725 return 0;
726 }
727 return -1;
728 }
729
730 if(get_crypt_ftr_and_key(&crypt_ftr)) {
731 return -1;
732 }
733
Paul Lawrence8561b5c2014-03-17 14:10:51 -0700734 if ((crypt_ftr.major_version < 1)
735 || (crypt_ftr.major_version == 1 && crypt_ftr.minor_version < 1)) {
Ken Sumrall160b4d62013-04-22 12:15:39 -0700736 SLOGE("Crypt_ftr version doesn't support persistent data");
737 return -1;
738 }
739
740 if (get_crypt_ftr_info(&fname, NULL)) {
741 return -1;
742 }
743
744 ret = validate_persistent_data_storage(&crypt_ftr);
745 if (ret) {
746 return -1;
747 }
748
749 fd = open(fname, O_RDONLY);
750 if (fd < 0) {
751 SLOGE("Cannot open %s metadata file", fname);
752 return -1;
753 }
754
755 if (persist_data == NULL) {
756 pdata = malloc(crypt_ftr.persist_data_size);
757 if (pdata == NULL) {
758 SLOGE("Cannot allocate memory for persistent data");
759 goto err;
760 }
761 }
762
763 for (i = 0; i < 2; i++) {
764 if (lseek64(fd, crypt_ftr.persist_data_offset[i], SEEK_SET) < 0) {
765 SLOGE("Cannot seek to read persistent data on %s", fname);
766 goto err2;
767 }
768 if (unix_read(fd, pdata, crypt_ftr.persist_data_size) < 0){
769 SLOGE("Error reading persistent data on iteration %d", i);
770 goto err2;
771 }
772 if (pdata->persist_magic == PERSIST_DATA_MAGIC) {
773 found = 1;
774 break;
775 }
776 }
777
778 if (!found) {
779 SLOGI("Could not find valid persistent data, creating");
780 init_empty_persist_data(pdata, crypt_ftr.persist_data_size);
781 }
782
783 /* Success */
784 persist_data = pdata;
785 close(fd);
786 return 0;
787
788err2:
789 free(pdata);
790
791err:
792 close(fd);
793 return -1;
794}
795
796static int save_persistent_data(void)
797{
798 struct crypt_mnt_ftr crypt_ftr;
799 struct crypt_persist_data *pdata;
800 char *fname;
801 off64_t write_offset;
802 off64_t erase_offset;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700803 int fd;
804 int ret;
805
806 if (persist_data == NULL) {
807 SLOGE("No persistent data to save");
808 return -1;
809 }
810
811 if(get_crypt_ftr_and_key(&crypt_ftr)) {
812 return -1;
813 }
814
Paul Lawrence8561b5c2014-03-17 14:10:51 -0700815 if ((crypt_ftr.major_version < 1)
816 || (crypt_ftr.major_version == 1 && crypt_ftr.minor_version < 1)) {
Ken Sumrall160b4d62013-04-22 12:15:39 -0700817 SLOGE("Crypt_ftr version doesn't support persistent data");
818 return -1;
819 }
820
821 ret = validate_persistent_data_storage(&crypt_ftr);
822 if (ret) {
823 return -1;
824 }
825
826 if (get_crypt_ftr_info(&fname, NULL)) {
827 return -1;
828 }
829
830 fd = open(fname, O_RDWR);
831 if (fd < 0) {
832 SLOGE("Cannot open %s metadata file", fname);
833 return -1;
834 }
835
836 pdata = malloc(crypt_ftr.persist_data_size);
837 if (pdata == NULL) {
838 SLOGE("Cannot allocate persistant data");
839 goto err;
840 }
841
842 if (lseek64(fd, crypt_ftr.persist_data_offset[0], SEEK_SET) < 0) {
843 SLOGE("Cannot seek to read persistent data on %s", fname);
844 goto err2;
845 }
846
847 if (unix_read(fd, pdata, crypt_ftr.persist_data_size) < 0) {
848 SLOGE("Error reading persistent data before save");
849 goto err2;
850 }
851
852 if (pdata->persist_magic == PERSIST_DATA_MAGIC) {
853 /* The first copy is the curent valid copy, so write to
854 * the second copy and erase this one */
855 write_offset = crypt_ftr.persist_data_offset[1];
856 erase_offset = crypt_ftr.persist_data_offset[0];
857 } else {
858 /* The second copy must be the valid copy, so write to
859 * the first copy, and erase the second */
860 write_offset = crypt_ftr.persist_data_offset[0];
861 erase_offset = crypt_ftr.persist_data_offset[1];
862 }
863
864 /* Write the new copy first, if successful, then erase the old copy */
Björn Landström96dbee72015-01-20 12:43:56 +0100865 if (lseek64(fd, write_offset, SEEK_SET) < 0) {
Ken Sumrall160b4d62013-04-22 12:15:39 -0700866 SLOGE("Cannot seek to write persistent data");
867 goto err2;
868 }
869 if (unix_write(fd, persist_data, crypt_ftr.persist_data_size) ==
870 (int) crypt_ftr.persist_data_size) {
Björn Landström96dbee72015-01-20 12:43:56 +0100871 if (lseek64(fd, erase_offset, SEEK_SET) < 0) {
Ken Sumrall160b4d62013-04-22 12:15:39 -0700872 SLOGE("Cannot seek to erase previous persistent data");
873 goto err2;
874 }
875 fsync(fd);
876 memset(pdata, 0, crypt_ftr.persist_data_size);
877 if (unix_write(fd, pdata, crypt_ftr.persist_data_size) !=
878 (int) crypt_ftr.persist_data_size) {
879 SLOGE("Cannot write to erase previous persistent data");
880 goto err2;
881 }
882 fsync(fd);
883 } else {
884 SLOGE("Cannot write to save persistent data");
885 goto err2;
886 }
887
888 /* Success */
889 free(pdata);
890 close(fd);
891 return 0;
892
893err2:
894 free(pdata);
895err:
896 close(fd);
897 return -1;
898}
899
Paul Lawrencef4faa572014-01-29 13:31:03 -0800900static int hexdigit (char c)
901{
902 if (c >= '0' && c <= '9') return c - '0';
903 c = tolower(c);
904 if (c >= 'a' && c <= 'f') return c - 'a' + 10;
905 return -1;
906}
907
908static unsigned char* convert_hex_ascii_to_key(const char* master_key_ascii,
909 unsigned int* out_keysize)
910{
911 unsigned int i;
912 *out_keysize = 0;
913
914 size_t size = strlen (master_key_ascii);
915 if (size % 2) {
916 SLOGE("Trying to convert ascii string of odd length");
917 return NULL;
918 }
919
920 unsigned char* master_key = (unsigned char*) malloc(size / 2);
921 if (master_key == 0) {
922 SLOGE("Cannot allocate");
923 return NULL;
924 }
925
926 for (i = 0; i < size; i += 2) {
927 int high_nibble = hexdigit (master_key_ascii[i]);
928 int low_nibble = hexdigit (master_key_ascii[i + 1]);
929
930 if(high_nibble < 0 || low_nibble < 0) {
931 SLOGE("Invalid hex string");
932 free (master_key);
933 return NULL;
934 }
935
936 master_key[*out_keysize] = high_nibble * 16 + low_nibble;
937 (*out_keysize)++;
938 }
939
940 return master_key;
941}
942
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800943/* Convert a binary key of specified length into an ascii hex string equivalent,
944 * without the leading 0x and with null termination
945 */
Paul Lawrencef4faa572014-01-29 13:31:03 -0800946static void convert_key_to_hex_ascii(unsigned char *master_key, unsigned int keysize,
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800947 char *master_key_ascii)
948{
949 unsigned int i, a;
950 unsigned char nibble;
951
952 for (i=0, a=0; i<keysize; i++, a+=2) {
953 /* For each byte, write out two ascii hex digits */
954 nibble = (master_key[i] >> 4) & 0xf;
955 master_key_ascii[a] = nibble + (nibble > 9 ? 0x37 : 0x30);
956
957 nibble = master_key[i] & 0xf;
958 master_key_ascii[a+1] = nibble + (nibble > 9 ? 0x37 : 0x30);
959 }
960
961 /* Add the null termination */
962 master_key_ascii[a] = '\0';
963
964}
965
Ken Sumralldb5e0262013-02-05 17:39:48 -0800966static int load_crypto_mapping_table(struct crypt_mnt_ftr *crypt_ftr, unsigned char *master_key,
967 char *real_blk_name, const char *name, int fd,
968 char *extra_params)
969{
Dan Albertc07fa3f2014-12-18 10:00:55 -0800970 _Alignas(struct dm_ioctl) char buffer[DM_CRYPT_BUF_SIZE];
Ken Sumralldb5e0262013-02-05 17:39:48 -0800971 struct dm_ioctl *io;
972 struct dm_target_spec *tgt;
973 char *crypt_params;
974 char master_key_ascii[129]; /* Large enough to hold 512 bit key and null */
975 int i;
976
977 io = (struct dm_ioctl *) buffer;
978
979 /* Load the mapping table for this device */
980 tgt = (struct dm_target_spec *) &buffer[sizeof(struct dm_ioctl)];
981
982 ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
983 io->target_count = 1;
984 tgt->status = 0;
985 tgt->sector_start = 0;
986 tgt->length = crypt_ftr->fs_size;
Ajay Dudani87701e22014-09-17 21:02:52 -0700987#ifdef CONFIG_HW_DISK_ENCRYPTION
Iliyan Malchevbb7d9af2014-11-20 18:42:23 -0800988 if (!strcmp((char *)crypt_ftr->crypto_type_name, "aes-xts")) {
989 strlcpy(tgt->target_type, "req-crypt", DM_MAX_TYPE_NAME);
990 }
991 else {
992 strlcpy(tgt->target_type, "crypt", DM_MAX_TYPE_NAME);
993 }
Ajay Dudani87701e22014-09-17 21:02:52 -0700994#else
995 strlcpy(tgt->target_type, "crypt", DM_MAX_TYPE_NAME);
996#endif
Ken Sumralldb5e0262013-02-05 17:39:48 -0800997
998 crypt_params = buffer + sizeof(struct dm_ioctl) + sizeof(struct dm_target_spec);
999 convert_key_to_hex_ascii(master_key, crypt_ftr->keysize, master_key_ascii);
1000 sprintf(crypt_params, "%s %s 0 %s 0 %s", crypt_ftr->crypto_type_name,
1001 master_key_ascii, real_blk_name, extra_params);
1002 crypt_params += strlen(crypt_params) + 1;
1003 crypt_params = (char *) (((unsigned long)crypt_params + 7) & ~8); /* Align to an 8 byte boundary */
1004 tgt->next = crypt_params - buffer;
1005
1006 for (i = 0; i < TABLE_LOAD_RETRIES; i++) {
1007 if (! ioctl(fd, DM_TABLE_LOAD, io)) {
1008 break;
1009 }
1010 usleep(500000);
1011 }
1012
1013 if (i == TABLE_LOAD_RETRIES) {
1014 /* We failed to load the table, return an error */
1015 return -1;
1016 } else {
1017 return i + 1;
1018 }
1019}
1020
1021
1022static int get_dm_crypt_version(int fd, const char *name, int *version)
1023{
1024 char buffer[DM_CRYPT_BUF_SIZE];
1025 struct dm_ioctl *io;
1026 struct dm_target_versions *v;
Ken Sumralldb5e0262013-02-05 17:39:48 -08001027
1028 io = (struct dm_ioctl *) buffer;
1029
1030 ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
1031
1032 if (ioctl(fd, DM_LIST_VERSIONS, io)) {
1033 return -1;
1034 }
1035
1036 /* Iterate over the returned versions, looking for name of "crypt".
1037 * When found, get and return the version.
1038 */
1039 v = (struct dm_target_versions *) &buffer[sizeof(struct dm_ioctl)];
1040 while (v->next) {
Ajay Dudani87701e22014-09-17 21:02:52 -07001041#ifdef CONFIG_HW_DISK_ENCRYPTION
Iliyan Malchevbb7d9af2014-11-20 18:42:23 -08001042 if (! strcmp(v->name, "crypt") || ! strcmp(v->name, "req-crypt")) {
Ajay Dudani87701e22014-09-17 21:02:52 -07001043#else
Ken Sumralldb5e0262013-02-05 17:39:48 -08001044 if (! strcmp(v->name, "crypt")) {
Ajay Dudani87701e22014-09-17 21:02:52 -07001045#endif
Ken Sumralldb5e0262013-02-05 17:39:48 -08001046 /* We found the crypt driver, return the version, and get out */
1047 version[0] = v->version[0];
1048 version[1] = v->version[1];
1049 version[2] = v->version[2];
1050 return 0;
1051 }
1052 v = (struct dm_target_versions *)(((char *)v) + v->next);
1053 }
1054
1055 return -1;
1056}
1057
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001058static int create_crypto_blk_dev(struct crypt_mnt_ftr *crypt_ftr, unsigned char *master_key,
Ken Sumrall29d8da82011-05-18 17:20:07 -07001059 char *real_blk_name, char *crypto_blk_name, const char *name)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001060{
1061 char buffer[DM_CRYPT_BUF_SIZE];
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001062 struct dm_ioctl *io;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001063 unsigned int minor;
Ajay Dudani87701e22014-09-17 21:02:52 -07001064 int fd=0;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001065 int retval = -1;
Ken Sumralldb5e0262013-02-05 17:39:48 -08001066 int version[3];
1067 char *extra_params;
1068 int load_count;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001069
1070 if ((fd = open("/dev/device-mapper", O_RDWR)) < 0 ) {
1071 SLOGE("Cannot open device-mapper\n");
1072 goto errout;
1073 }
1074
1075 io = (struct dm_ioctl *) buffer;
1076
1077 ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
1078 if (ioctl(fd, DM_DEV_CREATE, io)) {
1079 SLOGE("Cannot create dm-crypt device\n");
1080 goto errout;
1081 }
1082
1083 /* Get the device status, in particular, the name of it's device file */
1084 ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
1085 if (ioctl(fd, DM_DEV_STATUS, io)) {
1086 SLOGE("Cannot retrieve dm-crypt device status\n");
1087 goto errout;
1088 }
1089 minor = (io->dev & 0xff) | ((io->dev >> 12) & 0xfff00);
1090 snprintf(crypto_blk_name, MAXPATHLEN, "/dev/block/dm-%u", minor);
1091
Ken Sumralldb5e0262013-02-05 17:39:48 -08001092 extra_params = "";
1093 if (! get_dm_crypt_version(fd, name, version)) {
1094 /* Support for allow_discards was added in version 1.11.0 */
1095 if ((version[0] >= 2) ||
1096 ((version[0] == 1) && (version[1] >= 11))) {
1097 extra_params = "1 allow_discards";
1098 SLOGI("Enabling support for allow_discards in dmcrypt.\n");
1099 }
Ken Sumralle919efe2012-09-29 17:07:41 -07001100 }
1101
Ken Sumralldb5e0262013-02-05 17:39:48 -08001102 load_count = load_crypto_mapping_table(crypt_ftr, master_key, real_blk_name, name,
1103 fd, extra_params);
1104 if (load_count < 0) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001105 SLOGE("Cannot load dm-crypt mapping table.\n");
1106 goto errout;
Ken Sumralldb5e0262013-02-05 17:39:48 -08001107 } else if (load_count > 1) {
1108 SLOGI("Took %d tries to load dmcrypt table.\n", load_count);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001109 }
1110
1111 /* Resume this device to activate it */
Ken Sumralldb5e0262013-02-05 17:39:48 -08001112 ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001113
1114 if (ioctl(fd, DM_DEV_SUSPEND, io)) {
1115 SLOGE("Cannot resume the dm-crypt device\n");
1116 goto errout;
1117 }
1118
1119 /* We made it here with no errors. Woot! */
1120 retval = 0;
1121
1122errout:
1123 close(fd); /* If fd is <0 from a failed open call, it's safe to just ignore the close error */
1124
1125 return retval;
1126}
1127
Ken Sumrall29d8da82011-05-18 17:20:07 -07001128static int delete_crypto_blk_dev(char *name)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001129{
1130 int fd;
1131 char buffer[DM_CRYPT_BUF_SIZE];
1132 struct dm_ioctl *io;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001133 int retval = -1;
1134
1135 if ((fd = open("/dev/device-mapper", O_RDWR)) < 0 ) {
1136 SLOGE("Cannot open device-mapper\n");
1137 goto errout;
1138 }
1139
1140 io = (struct dm_ioctl *) buffer;
1141
1142 ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
1143 if (ioctl(fd, DM_DEV_REMOVE, io)) {
1144 SLOGE("Cannot remove dm-crypt device\n");
1145 goto errout;
1146 }
1147
1148 /* We made it here with no errors. Woot! */
1149 retval = 0;
1150
1151errout:
1152 close(fd); /* If fd is <0 from a failed open call, it's safe to just ignore the close error */
1153
1154 return retval;
1155
1156}
1157
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001158static int pbkdf2(const char *passwd, const unsigned char *salt,
Paul Lawrencef4faa572014-01-29 13:31:03 -08001159 unsigned char *ikey, void *params UNUSED)
1160{
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001161 SLOGI("Using pbkdf2 for cryptfs KDF");
1162
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001163 /* Turn the password into a key and IV that can decrypt the master key */
Paul Lawrencef4faa572014-01-29 13:31:03 -08001164 unsigned int keysize;
1165 char* master_key = (char*)convert_hex_ascii_to_key(passwd, &keysize);
1166 if (!master_key) return -1;
1167 PKCS5_PBKDF2_HMAC_SHA1(master_key, keysize, salt, SALT_LEN,
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001168 HASH_COUNT, KEY_LEN_BYTES+IV_LEN_BYTES, ikey);
Paul Lawrencef4faa572014-01-29 13:31:03 -08001169
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001170 memset(master_key, 0, keysize);
Paul Lawrencef4faa572014-01-29 13:31:03 -08001171 free (master_key);
1172 return 0;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001173}
1174
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001175static int scrypt(const char *passwd, const unsigned char *salt,
Paul Lawrencef4faa572014-01-29 13:31:03 -08001176 unsigned char *ikey, void *params)
1177{
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001178 SLOGI("Using scrypt for cryptfs KDF");
1179
Kenny Rootc4c70f12013-06-14 12:11:38 -07001180 struct crypt_mnt_ftr *ftr = (struct crypt_mnt_ftr *) params;
1181
1182 int N = 1 << ftr->N_factor;
1183 int r = 1 << ftr->r_factor;
1184 int p = 1 << ftr->p_factor;
1185
1186 /* Turn the password into a key and IV that can decrypt the master key */
Paul Lawrencef4faa572014-01-29 13:31:03 -08001187 unsigned int keysize;
1188 unsigned char* master_key = convert_hex_ascii_to_key(passwd, &keysize);
1189 if (!master_key) return -1;
1190 crypto_scrypt(master_key, keysize, salt, SALT_LEN, N, r, p, ikey,
Kenny Rootc4c70f12013-06-14 12:11:38 -07001191 KEY_LEN_BYTES + IV_LEN_BYTES);
Paul Lawrencef4faa572014-01-29 13:31:03 -08001192
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001193 memset(master_key, 0, keysize);
Paul Lawrencef4faa572014-01-29 13:31:03 -08001194 free (master_key);
1195 return 0;
Kenny Rootc4c70f12013-06-14 12:11:38 -07001196}
1197
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001198static int scrypt_keymaster(const char *passwd, const unsigned char *salt,
1199 unsigned char *ikey, void *params)
1200{
1201 SLOGI("Using scrypt with keymaster for cryptfs KDF");
1202
1203 int rc;
1204 unsigned int key_size;
1205 size_t signature_size;
1206 unsigned char* signature;
1207 struct crypt_mnt_ftr *ftr = (struct crypt_mnt_ftr *) params;
1208
1209 int N = 1 << ftr->N_factor;
1210 int r = 1 << ftr->r_factor;
1211 int p = 1 << ftr->p_factor;
1212
1213 unsigned char* master_key = convert_hex_ascii_to_key(passwd, &key_size);
1214 if (!master_key) {
1215 SLOGE("Failed to convert passwd from hex");
1216 return -1;
1217 }
1218
1219 rc = crypto_scrypt(master_key, key_size, salt, SALT_LEN,
1220 N, r, p, ikey, KEY_LEN_BYTES + IV_LEN_BYTES);
1221 memset(master_key, 0, key_size);
1222 free(master_key);
1223
1224 if (rc) {
1225 SLOGE("scrypt failed");
1226 return -1;
1227 }
1228
Shawn Willdene17a9c42014-09-08 13:04:08 -06001229 if (keymaster_sign_object(ftr, ikey, KEY_LEN_BYTES + IV_LEN_BYTES,
1230 &signature, &signature_size)) {
1231 SLOGE("Signing failed");
1232 return -1;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001233 }
1234
1235 rc = crypto_scrypt(signature, signature_size, salt, SALT_LEN,
1236 N, r, p, ikey, KEY_LEN_BYTES + IV_LEN_BYTES);
1237 free(signature);
1238
1239 if (rc) {
1240 SLOGE("scrypt failed");
1241 return -1;
1242 }
1243
1244 return 0;
1245}
1246
1247static int encrypt_master_key(const char *passwd, const unsigned char *salt,
1248 const unsigned char *decrypted_master_key,
Kenny Rootc4c70f12013-06-14 12:11:38 -07001249 unsigned char *encrypted_master_key,
1250 struct crypt_mnt_ftr *crypt_ftr)
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001251{
1252 unsigned char ikey[32+32] = { 0 }; /* Big enough to hold a 256 bit key and 256 bit IV */
1253 EVP_CIPHER_CTX e_ctx;
1254 int encrypted_len, final_len;
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001255 int rc = 0;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001256
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001257 /* Turn the password into an intermediate key and IV that can decrypt the master key */
Kenny Rootc4c70f12013-06-14 12:11:38 -07001258 get_device_scrypt_params(crypt_ftr);
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001259
1260 switch (crypt_ftr->kdf_type) {
1261 case KDF_SCRYPT_KEYMASTER:
1262 if (keymaster_create_key(crypt_ftr)) {
1263 SLOGE("keymaster_create_key failed");
1264 return -1;
1265 }
1266
1267 if (scrypt_keymaster(passwd, salt, ikey, crypt_ftr)) {
1268 SLOGE("scrypt failed");
1269 return -1;
1270 }
1271 break;
1272
1273 case KDF_SCRYPT:
1274 if (scrypt(passwd, salt, ikey, crypt_ftr)) {
1275 SLOGE("scrypt failed");
1276 return -1;
1277 }
1278 break;
1279
1280 default:
1281 SLOGE("Invalid kdf_type");
Paul Lawrencef4faa572014-01-29 13:31:03 -08001282 return -1;
1283 }
Kenny Rootc4c70f12013-06-14 12:11:38 -07001284
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001285 /* Initialize the decryption engine */
Adam Langley889c4f12014-09-03 14:23:13 -07001286 EVP_CIPHER_CTX_init(&e_ctx);
1287 if (! EVP_EncryptInit_ex(&e_ctx, EVP_aes_128_cbc(), NULL, ikey, ikey+KEY_LEN_BYTES)) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001288 SLOGE("EVP_EncryptInit failed\n");
1289 return -1;
1290 }
1291 EVP_CIPHER_CTX_set_padding(&e_ctx, 0); /* Turn off padding as our data is block aligned */
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001292
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001293 /* Encrypt the master key */
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001294 if (! EVP_EncryptUpdate(&e_ctx, encrypted_master_key, &encrypted_len,
1295 decrypted_master_key, KEY_LEN_BYTES)) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001296 SLOGE("EVP_EncryptUpdate failed\n");
1297 return -1;
1298 }
Adam Langley889c4f12014-09-03 14:23:13 -07001299 if (! EVP_EncryptFinal_ex(&e_ctx, encrypted_master_key + encrypted_len, &final_len)) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001300 SLOGE("EVP_EncryptFinal failed\n");
1301 return -1;
1302 }
1303
1304 if (encrypted_len + final_len != KEY_LEN_BYTES) {
1305 SLOGE("EVP_Encryption length check failed with %d, %d bytes\n", encrypted_len, final_len);
1306 return -1;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001307 }
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001308
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001309 /* Store the scrypt of the intermediate key, so we can validate if it's a
1310 password error or mount error when things go wrong.
1311 Note there's no need to check for errors, since if this is incorrect, we
1312 simply won't wipe userdata, which is the correct default behavior
1313 */
1314 int N = 1 << crypt_ftr->N_factor;
1315 int r = 1 << crypt_ftr->r_factor;
1316 int p = 1 << crypt_ftr->p_factor;
1317
1318 rc = crypto_scrypt(ikey, KEY_LEN_BYTES,
1319 crypt_ftr->salt, sizeof(crypt_ftr->salt), N, r, p,
1320 crypt_ftr->scrypted_intermediate_key,
1321 sizeof(crypt_ftr->scrypted_intermediate_key));
1322
1323 if (rc) {
1324 SLOGE("encrypt_master_key: crypto_scrypt failed");
1325 }
1326
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001327 return 0;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001328}
1329
JP Abgrall7bdfa522013-11-15 13:42:56 -08001330static int decrypt_master_key_aux(char *passwd, unsigned char *salt,
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001331 unsigned char *encrypted_master_key,
1332 unsigned char *decrypted_master_key,
1333 kdf_func kdf, void *kdf_params,
1334 unsigned char** intermediate_key,
1335 size_t* intermediate_key_size)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001336{
1337 unsigned char ikey[32+32] = { 0 }; /* Big enough to hold a 256 bit key and 256 bit IV */
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001338 EVP_CIPHER_CTX d_ctx;
1339 int decrypted_len, final_len;
1340
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001341 /* Turn the password into an intermediate key and IV that can decrypt the
1342 master key */
Paul Lawrencef4faa572014-01-29 13:31:03 -08001343 if (kdf(passwd, salt, ikey, kdf_params)) {
1344 SLOGE("kdf failed");
1345 return -1;
1346 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001347
1348 /* Initialize the decryption engine */
Adam Langley889c4f12014-09-03 14:23:13 -07001349 EVP_CIPHER_CTX_init(&d_ctx);
1350 if (! EVP_DecryptInit_ex(&d_ctx, EVP_aes_128_cbc(), NULL, ikey, ikey+KEY_LEN_BYTES)) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001351 return -1;
1352 }
1353 EVP_CIPHER_CTX_set_padding(&d_ctx, 0); /* Turn off padding as our data is block aligned */
1354 /* Decrypt the master key */
1355 if (! EVP_DecryptUpdate(&d_ctx, decrypted_master_key, &decrypted_len,
1356 encrypted_master_key, KEY_LEN_BYTES)) {
1357 return -1;
1358 }
Adam Langley889c4f12014-09-03 14:23:13 -07001359 if (! EVP_DecryptFinal_ex(&d_ctx, decrypted_master_key + decrypted_len, &final_len)) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001360 return -1;
1361 }
1362
1363 if (decrypted_len + final_len != KEY_LEN_BYTES) {
1364 return -1;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001365 }
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001366
1367 /* Copy intermediate key if needed by params */
1368 if (intermediate_key && intermediate_key_size) {
1369 *intermediate_key = (unsigned char*) malloc(KEY_LEN_BYTES);
1370 if (intermediate_key) {
1371 memcpy(*intermediate_key, ikey, KEY_LEN_BYTES);
1372 *intermediate_key_size = KEY_LEN_BYTES;
1373 }
1374 }
1375
1376 return 0;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001377}
1378
Kenny Rootc4c70f12013-06-14 12:11:38 -07001379static void get_kdf_func(struct crypt_mnt_ftr *ftr, kdf_func *kdf, void** kdf_params)
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001380{
Paul Lawrencedb3730c2015-02-03 13:08:10 -08001381 if (ftr->kdf_type == KDF_SCRYPT_KEYMASTER) {
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001382 *kdf = scrypt_keymaster;
1383 *kdf_params = ftr;
1384 } else if (ftr->kdf_type == KDF_SCRYPT) {
Kenny Rootc4c70f12013-06-14 12:11:38 -07001385 *kdf = scrypt;
1386 *kdf_params = ftr;
1387 } else {
1388 *kdf = pbkdf2;
1389 *kdf_params = NULL;
1390 }
1391}
1392
JP Abgrall7bdfa522013-11-15 13:42:56 -08001393static int decrypt_master_key(char *passwd, unsigned char *decrypted_master_key,
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001394 struct crypt_mnt_ftr *crypt_ftr,
1395 unsigned char** intermediate_key,
1396 size_t* intermediate_key_size)
Kenny Rootc4c70f12013-06-14 12:11:38 -07001397{
1398 kdf_func kdf;
1399 void *kdf_params;
1400 int ret;
1401
1402 get_kdf_func(crypt_ftr, &kdf, &kdf_params);
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001403 ret = decrypt_master_key_aux(passwd, crypt_ftr->salt, crypt_ftr->master_key,
1404 decrypted_master_key, kdf, kdf_params,
1405 intermediate_key, intermediate_key_size);
Kenny Rootc4c70f12013-06-14 12:11:38 -07001406 if (ret != 0) {
1407 SLOGW("failure decrypting master key");
Kenny Rootc4c70f12013-06-14 12:11:38 -07001408 }
1409
1410 return ret;
1411}
1412
1413static int create_encrypted_random_key(char *passwd, unsigned char *master_key, unsigned char *salt,
1414 struct crypt_mnt_ftr *crypt_ftr) {
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001415 int fd;
Ken Sumralle8744072011-01-18 22:01:55 -08001416 unsigned char key_buf[KEY_LEN_BYTES];
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001417
1418 /* Get some random bits for a key */
1419 fd = open("/dev/urandom", O_RDONLY);
Ken Sumralle8744072011-01-18 22:01:55 -08001420 read(fd, key_buf, sizeof(key_buf));
1421 read(fd, salt, SALT_LEN);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001422 close(fd);
1423
1424 /* Now encrypt it with the password */
Kenny Rootc4c70f12013-06-14 12:11:38 -07001425 return encrypt_master_key(passwd, salt, key_buf, master_key, crypt_ftr);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001426}
1427
Greg Hackmann6e8440f2014-10-02 17:18:20 -07001428static int wait_and_unmount(char *mountpoint, bool kill)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001429{
Greg Hackmann955653e2014-09-24 14:55:20 -07001430 int i, err, rc;
Ken Sumrall2eaf7132011-01-14 12:45:48 -08001431#define WAIT_UNMOUNT_COUNT 20
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001432
1433 /* Now umount the tmpfs filesystem */
1434 for (i=0; i<WAIT_UNMOUNT_COUNT; i++) {
Greg Hackmann6e8440f2014-10-02 17:18:20 -07001435 if (umount(mountpoint) == 0) {
1436 break;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001437 }
Greg Hackmann6e8440f2014-10-02 17:18:20 -07001438
1439 if (errno == EINVAL) {
1440 /* EINVAL is returned if the directory is not a mountpoint,
1441 * i.e. there is no filesystem mounted there. So just get out.
1442 */
1443 break;
1444 }
1445
1446 err = errno;
1447
1448 /* If allowed, be increasingly aggressive before the last two retries */
1449 if (kill) {
1450 if (i == (WAIT_UNMOUNT_COUNT - 3)) {
1451 SLOGW("sending SIGHUP to processes with open files\n");
1452 vold_killProcessesWithOpenFiles(mountpoint, 1);
1453 } else if (i == (WAIT_UNMOUNT_COUNT - 2)) {
1454 SLOGW("sending SIGKILL to processes with open files\n");
1455 vold_killProcessesWithOpenFiles(mountpoint, 2);
1456 }
1457 }
1458
1459 sleep(1);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001460 }
1461
1462 if (i < WAIT_UNMOUNT_COUNT) {
1463 SLOGD("unmounting %s succeeded\n", mountpoint);
1464 rc = 0;
1465 } else {
jessica_yu3f14fe42014-09-22 15:57:40 +08001466 vold_killProcessesWithOpenFiles(mountpoint, 0);
Greg Hackmann955653e2014-09-24 14:55:20 -07001467 SLOGE("unmounting %s failed: %s\n", mountpoint, strerror(err));
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001468 rc = -1;
1469 }
1470
1471 return rc;
1472}
1473
Ken Sumrallc5872692013-05-14 15:26:31 -07001474#define DATA_PREP_TIMEOUT 200
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001475static int prep_data_fs(void)
1476{
1477 int i;
1478
1479 /* Do the prep of the /data filesystem */
1480 property_set("vold.post_fs_data_done", "0");
1481 property_set("vold.decrypt", "trigger_post_fs_data");
1482 SLOGD("Just triggered post_fs_data\n");
1483
Ken Sumrallc5872692013-05-14 15:26:31 -07001484 /* Wait a max of 50 seconds, hopefully it takes much less */
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001485 for (i=0; i<DATA_PREP_TIMEOUT; i++) {
Ken Sumrall29d8da82011-05-18 17:20:07 -07001486 char p[PROPERTY_VALUE_MAX];
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001487
1488 property_get("vold.post_fs_data_done", p, "0");
1489 if (*p == '1') {
1490 break;
1491 } else {
1492 usleep(250000);
1493 }
1494 }
1495 if (i == DATA_PREP_TIMEOUT) {
1496 /* Ugh, we failed to prep /data in time. Bail. */
Ken Sumrallc5872692013-05-14 15:26:31 -07001497 SLOGE("post_fs_data timed out!\n");
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001498 return -1;
1499 } else {
1500 SLOGD("post_fs_data done\n");
1501 return 0;
1502 }
1503}
1504
Paul Lawrence74f29f12014-08-28 15:54:10 -07001505static void cryptfs_set_corrupt()
1506{
1507 // Mark the footer as bad
1508 struct crypt_mnt_ftr crypt_ftr;
1509 if (get_crypt_ftr_and_key(&crypt_ftr)) {
1510 SLOGE("Failed to get crypto footer - panic");
1511 return;
1512 }
1513
1514 crypt_ftr.flags |= CRYPT_DATA_CORRUPT;
1515 if (put_crypt_ftr_and_key(&crypt_ftr)) {
1516 SLOGE("Failed to set crypto footer - panic");
1517 return;
1518 }
1519}
1520
1521static void cryptfs_trigger_restart_min_framework()
1522{
1523 if (fs_mgr_do_tmpfs_mount(DATA_MNT_POINT)) {
1524 SLOGE("Failed to mount tmpfs on data - panic");
1525 return;
1526 }
1527
1528 if (property_set("vold.decrypt", "trigger_post_fs_data")) {
1529 SLOGE("Failed to trigger post fs data - panic");
1530 return;
1531 }
1532
1533 if (property_set("vold.decrypt", "trigger_restart_min_framework")) {
1534 SLOGE("Failed to trigger restart min framework - panic");
1535 return;
1536 }
1537}
1538
Paul Lawrence8e3f4512014-09-08 10:11:17 -07001539/* returns < 0 on failure */
Paul Lawrencef4faa572014-01-29 13:31:03 -08001540static int cryptfs_restart_internal(int restart_main)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001541{
Ken Sumrall6864b7e2011-01-14 15:20:02 -08001542 char crypto_blkdev[MAXPATHLEN];
Tim Murray8439dc92014-12-15 11:56:11 -08001543 int rc = -1;
Ken Sumrall0cc16632011-01-18 20:32:26 -08001544 static int restart_successful = 0;
1545
1546 /* Validate that it's OK to call this routine */
Jason parks70a4b3f2011-01-28 10:10:47 -06001547 if (! master_key_saved) {
Ken Sumrall0cc16632011-01-18 20:32:26 -08001548 SLOGE("Encrypted filesystem not validated, aborting");
1549 return -1;
1550 }
1551
1552 if (restart_successful) {
1553 SLOGE("System already restarted with encrypted disk, aborting");
1554 return -1;
1555 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001556
Paul Lawrencef4faa572014-01-29 13:31:03 -08001557 if (restart_main) {
1558 /* Here is where we shut down the framework. The init scripts
1559 * start all services in one of three classes: core, main or late_start.
1560 * On boot, we start core and main. Now, we stop main, but not core,
1561 * as core includes vold and a few other really important things that
1562 * we need to keep running. Once main has stopped, we should be able
1563 * to umount the tmpfs /data, then mount the encrypted /data.
1564 * We then restart the class main, and also the class late_start.
1565 * At the moment, I've only put a few things in late_start that I know
1566 * are not needed to bring up the framework, and that also cause problems
1567 * with unmounting the tmpfs /data, but I hope to add add more services
1568 * to the late_start class as we optimize this to decrease the delay
1569 * till the user is asked for the password to the filesystem.
1570 */
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001571
Paul Lawrencef4faa572014-01-29 13:31:03 -08001572 /* The init files are setup to stop the class main when vold.decrypt is
1573 * set to trigger_reset_main.
1574 */
1575 property_set("vold.decrypt", "trigger_reset_main");
1576 SLOGD("Just asked init to shut down class main\n");
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001577
Paul Lawrencef4faa572014-01-29 13:31:03 -08001578 /* Ugh, shutting down the framework is not synchronous, so until it
1579 * can be fixed, this horrible hack will wait a moment for it all to
1580 * shut down before proceeding. Without it, some devices cannot
1581 * restart the graphics services.
1582 */
1583 sleep(2);
1584 }
Ken Sumrall9dedfd42012-10-09 14:16:59 -07001585
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001586 /* Now that the framework is shutdown, we should be able to umount()
1587 * the tmpfs filesystem, and mount the real one.
1588 */
1589
Ken Sumrall6864b7e2011-01-14 15:20:02 -08001590 property_get("ro.crypto.fs_crypto_blkdev", crypto_blkdev, "");
1591 if (strlen(crypto_blkdev) == 0) {
1592 SLOGE("fs_crypto_blkdev not set\n");
1593 return -1;
1594 }
1595
Greg Hackmann6e8440f2014-10-02 17:18:20 -07001596 if (! (rc = wait_and_unmount(DATA_MNT_POINT, true)) ) {
Doug Zongker6fd57712013-12-17 09:43:23 -08001597 /* If ro.crypto.readonly is set to 1, mount the decrypted
1598 * filesystem readonly. This is used when /data is mounted by
1599 * recovery mode.
1600 */
1601 char ro_prop[PROPERTY_VALUE_MAX];
1602 property_get("ro.crypto.readonly", ro_prop, "");
1603 if (strlen(ro_prop) > 0 && atoi(ro_prop)) {
1604 struct fstab_rec* rec = fs_mgr_get_entry_for_mount_point(fstab, DATA_MNT_POINT);
1605 rec->flags |= MS_RDONLY;
1606 }
JP Abgrall62c7af32014-06-16 13:01:23 -07001607
Ken Sumralle5032c42012-04-01 23:58:44 -07001608 /* If that succeeded, then mount the decrypted filesystem */
Paul Lawrence8e3f4512014-09-08 10:11:17 -07001609 int retries = RETRY_MOUNT_ATTEMPTS;
1610 int mount_rc;
1611 while ((mount_rc = fs_mgr_do_mount(fstab, DATA_MNT_POINT,
1612 crypto_blkdev, 0))
1613 != 0) {
1614 if (mount_rc == FS_MGR_DOMNT_BUSY) {
1615 /* TODO: invoke something similar to
1616 Process::killProcessWithOpenFiles(DATA_MNT_POINT,
1617 retries > RETRY_MOUNT_ATTEMPT/2 ? 1 : 2 ) */
1618 SLOGI("Failed to mount %s because it is busy - waiting",
1619 crypto_blkdev);
1620 if (--retries) {
1621 sleep(RETRY_MOUNT_DELAY_SECONDS);
1622 } else {
1623 /* Let's hope that a reboot clears away whatever is keeping
1624 the mount busy */
1625 cryptfs_reboot(reboot);
1626 }
1627 } else {
1628 SLOGE("Failed to mount decrypted data");
1629 cryptfs_set_corrupt();
1630 cryptfs_trigger_restart_min_framework();
1631 SLOGI("Started framework to offer wipe");
1632 return -1;
1633 }
Paul Lawrence74f29f12014-08-28 15:54:10 -07001634 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001635
Ken Sumralle5032c42012-04-01 23:58:44 -07001636 property_set("vold.decrypt", "trigger_load_persist_props");
1637 /* Create necessary paths on /data */
1638 if (prep_data_fs()) {
1639 return -1;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001640 }
Ken Sumralle5032c42012-04-01 23:58:44 -07001641
1642 /* startup service classes main and late_start */
1643 property_set("vold.decrypt", "trigger_restart_framework");
1644 SLOGD("Just triggered restart_framework\n");
1645
1646 /* Give it a few moments to get started */
1647 sleep(1);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001648 }
1649
Ken Sumrall0cc16632011-01-18 20:32:26 -08001650 if (rc == 0) {
1651 restart_successful = 1;
1652 }
1653
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001654 return rc;
1655}
1656
Paul Lawrencef4faa572014-01-29 13:31:03 -08001657int cryptfs_restart(void)
1658{
1659 /* Call internal implementation forcing a restart of main service group */
1660 return cryptfs_restart_internal(1);
1661}
1662
Mark Salyzyn3e971272014-01-21 13:27:04 -08001663static int do_crypto_complete(char *mount_point UNUSED)
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08001664{
1665 struct crypt_mnt_ftr crypt_ftr;
Ken Sumrall29d8da82011-05-18 17:20:07 -07001666 char encrypted_state[PROPERTY_VALUE_MAX];
Ken Sumralle1a45852011-12-14 21:24:27 -08001667 char key_loc[PROPERTY_VALUE_MAX];
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08001668
1669 property_get("ro.crypto.state", encrypted_state, "");
1670 if (strcmp(encrypted_state, "encrypted") ) {
1671 SLOGE("not running with encryption, aborting");
Paul Lawrence74f29f12014-08-28 15:54:10 -07001672 return CRYPTO_COMPLETE_NOT_ENCRYPTED;
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08001673 }
1674
Ken Sumrall160b4d62013-04-22 12:15:39 -07001675 if (get_crypt_ftr_and_key(&crypt_ftr)) {
Ken Sumrall56ad03c2013-02-13 13:00:19 -08001676 fs_mgr_get_crypt_info(fstab, key_loc, 0, sizeof(key_loc));
Ken Sumralle5032c42012-04-01 23:58:44 -07001677
Ken Sumralle1a45852011-12-14 21:24:27 -08001678 /*
1679 * Only report this error if key_loc is a file and it exists.
1680 * If the device was never encrypted, and /data is not mountable for
1681 * some reason, returning 1 should prevent the UI from presenting the
1682 * a "enter password" screen, or worse, a "press button to wipe the
1683 * device" screen.
1684 */
1685 if ((key_loc[0] == '/') && (access("key_loc", F_OK) == -1)) {
1686 SLOGE("master key file does not exist, aborting");
Paul Lawrence74f29f12014-08-28 15:54:10 -07001687 return CRYPTO_COMPLETE_NOT_ENCRYPTED;
Ken Sumralle1a45852011-12-14 21:24:27 -08001688 } else {
1689 SLOGE("Error getting crypt footer and key\n");
Paul Lawrence74f29f12014-08-28 15:54:10 -07001690 return CRYPTO_COMPLETE_BAD_METADATA;
Ken Sumralle1a45852011-12-14 21:24:27 -08001691 }
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08001692 }
1693
Paul Lawrence74f29f12014-08-28 15:54:10 -07001694 // Test for possible error flags
1695 if (crypt_ftr.flags & CRYPT_ENCRYPTION_IN_PROGRESS){
1696 SLOGE("Encryption process is partway completed\n");
1697 return CRYPTO_COMPLETE_PARTIAL;
1698 }
1699
1700 if (crypt_ftr.flags & CRYPT_INCONSISTENT_STATE){
1701 SLOGE("Encryption process was interrupted but cannot continue\n");
1702 return CRYPTO_COMPLETE_INCONSISTENT;
1703 }
1704
1705 if (crypt_ftr.flags & CRYPT_DATA_CORRUPT){
1706 SLOGE("Encryption is successful but data is corrupt\n");
1707 return CRYPTO_COMPLETE_CORRUPT;
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08001708 }
1709
1710 /* We passed the test! We shall diminish, and return to the west */
Paul Lawrence74f29f12014-08-28 15:54:10 -07001711 return CRYPTO_COMPLETE_ENCRYPTED;
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08001712}
1713
Paul Lawrencef4faa572014-01-29 13:31:03 -08001714static int test_mount_encrypted_fs(struct crypt_mnt_ftr* crypt_ftr,
1715 char *passwd, char *mount_point, char *label)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001716{
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001717 /* Allocate enough space for a 256 bit key, but we may use less */
Ken Sumrall160b4d62013-04-22 12:15:39 -07001718 unsigned char decrypted_master_key[32];
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001719 char crypto_blkdev[MAXPATHLEN];
1720 char real_blkdev[MAXPATHLEN];
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001721 char tmp_mount_point[64];
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001722 unsigned int orig_failed_decrypt_count;
1723 int rc;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001724 int use_keymaster = 0;
1725 int upgrade = 0;
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001726 unsigned char* intermediate_key = 0;
1727 size_t intermediate_key_size = 0;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001728
Paul Lawrencef4faa572014-01-29 13:31:03 -08001729 SLOGD("crypt_ftr->fs_size = %lld\n", crypt_ftr->fs_size);
1730 orig_failed_decrypt_count = crypt_ftr->failed_decrypt_count;
Ken Sumrall0cc16632011-01-18 20:32:26 -08001731
Paul Lawrencef4faa572014-01-29 13:31:03 -08001732 if (! (crypt_ftr->flags & CRYPT_MNT_KEY_UNENCRYPTED) ) {
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001733 if (decrypt_master_key(passwd, decrypted_master_key, crypt_ftr,
1734 &intermediate_key, &intermediate_key_size)) {
JP Abgrall7bdfa522013-11-15 13:42:56 -08001735 SLOGE("Failed to decrypt master key\n");
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001736 rc = -1;
1737 goto errout;
JP Abgrall7bdfa522013-11-15 13:42:56 -08001738 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001739 }
1740
Paul Lawrencef4faa572014-01-29 13:31:03 -08001741 fs_mgr_get_crypt_info(fstab, 0, real_blkdev, sizeof(real_blkdev));
1742
Ajay Dudani87701e22014-09-17 21:02:52 -07001743#ifdef CONFIG_HW_DISK_ENCRYPTION
Iliyan Malchevbb7d9af2014-11-20 18:42:23 -08001744 if (!strcmp((char *)crypt_ftr->crypto_type_name, "aes-xts")) {
1745 if(!set_hw_device_encryption_key(passwd, (char*) crypt_ftr->crypto_type_name)) {
1746 SLOGE("Hardware encryption key does not match");
1747 }
Ajay Dudani87701e22014-09-17 21:02:52 -07001748 }
1749#endif
1750
Paul Lawrence74f29f12014-08-28 15:54:10 -07001751 // Create crypto block device - all (non fatal) code paths
1752 // need it
Paul Lawrencef4faa572014-01-29 13:31:03 -08001753 if (create_crypto_blk_dev(crypt_ftr, decrypted_master_key,
1754 real_blkdev, crypto_blkdev, label)) {
Paul Lawrence74f29f12014-08-28 15:54:10 -07001755 SLOGE("Error creating decrypted block device\n");
1756 rc = -1;
1757 goto errout;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001758 }
1759
Paul Lawrence74f29f12014-08-28 15:54:10 -07001760 /* Work out if the problem is the password or the data */
1761 unsigned char scrypted_intermediate_key[sizeof(crypt_ftr->
1762 scrypted_intermediate_key)];
1763 int N = 1 << crypt_ftr->N_factor;
1764 int r = 1 << crypt_ftr->r_factor;
1765 int p = 1 << crypt_ftr->p_factor;
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001766
Paul Lawrence74f29f12014-08-28 15:54:10 -07001767 rc = crypto_scrypt(intermediate_key, intermediate_key_size,
1768 crypt_ftr->salt, sizeof(crypt_ftr->salt),
1769 N, r, p, scrypted_intermediate_key,
1770 sizeof(scrypted_intermediate_key));
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001771
Paul Lawrence74f29f12014-08-28 15:54:10 -07001772 // Does the key match the crypto footer?
1773 if (rc == 0 && memcmp(scrypted_intermediate_key,
1774 crypt_ftr->scrypted_intermediate_key,
1775 sizeof(scrypted_intermediate_key)) == 0) {
1776 SLOGI("Password matches");
1777 rc = 0;
1778 } else {
1779 /* Try mounting the file system anyway, just in case the problem's with
1780 * the footer, not the key. */
1781 sprintf(tmp_mount_point, "%s/tmp_mnt", mount_point);
1782 mkdir(tmp_mount_point, 0755);
1783 if (fs_mgr_do_mount(fstab, DATA_MNT_POINT, crypto_blkdev, tmp_mount_point)) {
1784 SLOGE("Error temp mounting decrypted block device\n");
1785 delete_crypto_blk_dev(label);
1786
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001787 rc = ++crypt_ftr->failed_decrypt_count;
1788 put_crypt_ftr_and_key(crypt_ftr);
Paul Lawrence74f29f12014-08-28 15:54:10 -07001789 } else {
1790 /* Success! */
1791 SLOGI("Password did not match but decrypted drive mounted - continue");
1792 umount(tmp_mount_point);
1793 rc = 0;
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001794 }
Paul Lawrence74f29f12014-08-28 15:54:10 -07001795 }
1796
1797 if (rc == 0) {
1798 crypt_ftr->failed_decrypt_count = 0;
Paul Lawrence72b8b822014-10-05 12:57:37 -07001799 if (orig_failed_decrypt_count != 0) {
1800 put_crypt_ftr_and_key(crypt_ftr);
1801 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001802
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001803 /* Save the name of the crypto block device
Paul Lawrence74f29f12014-08-28 15:54:10 -07001804 * so we can mount it when restarting the framework. */
Ken Sumrall6864b7e2011-01-14 15:20:02 -08001805 property_set("ro.crypto.fs_crypto_blkdev", crypto_blkdev);
Jason parks70a4b3f2011-01-28 10:10:47 -06001806
1807 /* Also save a the master key so we can reencrypted the key
Paul Lawrence74f29f12014-08-28 15:54:10 -07001808 * the key when we want to change the password on it. */
Jason parks70a4b3f2011-01-28 10:10:47 -06001809 memcpy(saved_master_key, decrypted_master_key, KEY_LEN_BYTES);
Ken Sumrall3ad90722011-10-04 20:38:29 -07001810 saved_mount_point = strdup(mount_point);
Jason parks70a4b3f2011-01-28 10:10:47 -06001811 master_key_saved = 1;
JP Abgrall7bdfa522013-11-15 13:42:56 -08001812 SLOGD("%s(): Master key saved\n", __FUNCTION__);
Ken Sumrall6864b7e2011-01-14 15:20:02 -08001813 rc = 0;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001814
Paul Lawrence74f29f12014-08-28 15:54:10 -07001815 // Upgrade if we're not using the latest KDF.
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001816 use_keymaster = keymaster_check_compatibility();
1817 if (crypt_ftr->kdf_type == KDF_SCRYPT_KEYMASTER) {
Shawn Willden47ba10d2014-09-03 17:07:06 -06001818 // Don't allow downgrade
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001819 } else if (use_keymaster == 1 && crypt_ftr->kdf_type != KDF_SCRYPT_KEYMASTER) {
1820 crypt_ftr->kdf_type = KDF_SCRYPT_KEYMASTER;
1821 upgrade = 1;
1822 } else if (use_keymaster == 0 && crypt_ftr->kdf_type != KDF_SCRYPT) {
Paul Lawrencef4faa572014-01-29 13:31:03 -08001823 crypt_ftr->kdf_type = KDF_SCRYPT;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001824 upgrade = 1;
1825 }
1826
1827 if (upgrade) {
Paul Lawrencef4faa572014-01-29 13:31:03 -08001828 rc = encrypt_master_key(passwd, crypt_ftr->salt, saved_master_key,
1829 crypt_ftr->master_key, crypt_ftr);
JP Abgrall7bdfa522013-11-15 13:42:56 -08001830 if (!rc) {
Paul Lawrencef4faa572014-01-29 13:31:03 -08001831 rc = put_crypt_ftr_and_key(crypt_ftr);
JP Abgrall7bdfa522013-11-15 13:42:56 -08001832 }
1833 SLOGD("Key Derivation Function upgrade: rc=%d\n", rc);
Paul Lawrenceb2f682b2014-09-08 11:28:19 -07001834
1835 // Do not fail even if upgrade failed - machine is bootable
1836 // Note that if this code is ever hit, there is a *serious* problem
1837 // since KDFs should never fail. You *must* fix the kdf before
1838 // proceeding!
1839 if (rc) {
1840 SLOGW("Upgrade failed with error %d,"
1841 " but continuing with previous state",
1842 rc);
1843 rc = 0;
1844 }
JP Abgrall7bdfa522013-11-15 13:42:56 -08001845 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001846 }
1847
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001848 errout:
1849 if (intermediate_key) {
1850 memset(intermediate_key, 0, intermediate_key_size);
1851 free(intermediate_key);
1852 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001853 return rc;
1854}
1855
Ken Sumrall0b8b5972011-08-31 16:14:23 -07001856/* Called by vold when it wants to undo the crypto mapping of a volume it
1857 * manages. This is usually in response to a factory reset, when we want
1858 * to undo the crypto mapping so the volume is formatted in the clear.
1859 */
1860int cryptfs_revert_volume(const char *label)
1861{
1862 return delete_crypto_blk_dev((char *)label);
1863}
1864
Ken Sumrall29d8da82011-05-18 17:20:07 -07001865/*
1866 * Called by vold when it's asked to mount an encrypted, nonremovable volume.
1867 * Setup a dm-crypt mapping, use the saved master key from
1868 * setting up the /data mapping, and return the new device path.
1869 */
1870int cryptfs_setup_volume(const char *label, int major, int minor,
1871 char *crypto_sys_path, unsigned int max_path,
1872 int *new_major, int *new_minor)
1873{
1874 char real_blkdev[MAXPATHLEN], crypto_blkdev[MAXPATHLEN];
1875 struct crypt_mnt_ftr sd_crypt_ftr;
Ken Sumrall29d8da82011-05-18 17:20:07 -07001876 struct stat statbuf;
Tim Murray8439dc92014-12-15 11:56:11 -08001877 unsigned int nr_sec;
1878 int fd;
Ken Sumrall29d8da82011-05-18 17:20:07 -07001879
1880 sprintf(real_blkdev, "/dev/block/vold/%d:%d", major, minor);
1881
Ken Sumrall160b4d62013-04-22 12:15:39 -07001882 get_crypt_ftr_and_key(&sd_crypt_ftr);
Ken Sumrall29d8da82011-05-18 17:20:07 -07001883
1884 /* Update the fs_size field to be the size of the volume */
1885 fd = open(real_blkdev, O_RDONLY);
1886 nr_sec = get_blkdev_size(fd);
1887 close(fd);
1888 if (nr_sec == 0) {
1889 SLOGE("Cannot get size of volume %s\n", real_blkdev);
1890 return -1;
1891 }
1892
1893 sd_crypt_ftr.fs_size = nr_sec;
1894 create_crypto_blk_dev(&sd_crypt_ftr, saved_master_key, real_blkdev,
1895 crypto_blkdev, label);
1896
JP Abgrall3334c6a2014-10-10 15:52:11 -07001897 if (stat(crypto_blkdev, &statbuf) < 0) {
1898 SLOGE("Error get stat for crypto_blkdev %s. err=%d(%s)\n",
1899 crypto_blkdev, errno, strerror(errno));
1900 }
Ken Sumrall29d8da82011-05-18 17:20:07 -07001901 *new_major = MAJOR(statbuf.st_rdev);
1902 *new_minor = MINOR(statbuf.st_rdev);
1903
1904 /* Create path to sys entry for this block device */
1905 snprintf(crypto_sys_path, max_path, "/devices/virtual/block/%s", strrchr(crypto_blkdev, '/')+1);
1906
1907 return 0;
1908}
1909
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08001910int cryptfs_crypto_complete(void)
1911{
1912 return do_crypto_complete("/data");
1913}
1914
Paul Lawrencef4faa572014-01-29 13:31:03 -08001915int check_unmounted_and_get_ftr(struct crypt_mnt_ftr* crypt_ftr)
1916{
1917 char encrypted_state[PROPERTY_VALUE_MAX];
1918 property_get("ro.crypto.state", encrypted_state, "");
1919 if ( master_key_saved || strcmp(encrypted_state, "encrypted") ) {
1920 SLOGE("encrypted fs already validated or not running with encryption,"
1921 " aborting");
1922 return -1;
1923 }
1924
1925 if (get_crypt_ftr_and_key(crypt_ftr)) {
1926 SLOGE("Error getting crypt footer and key");
1927 return -1;
1928 }
1929
1930 return 0;
1931}
1932
Paul Lawrencefc615042014-10-04 15:32:29 -07001933/*
1934 * TODO - transition patterns to new format in calling code
1935 * and remove this vile hack, and the use of hex in
1936 * the password passing code.
1937 *
1938 * Patterns are passed in zero based (i.e. the top left dot
1939 * is represented by zero, the top middle one etc), but we want
1940 * to store them '1' based.
1941 * This is to allow us to migrate the calling code to use this
1942 * convention. It also solves a nasty problem whereby scrypt ignores
1943 * trailing zeros, so patterns ending at the top left could be
1944 * truncated, and similarly, you could add the top left to any
1945 * pattern and still match.
1946 * adjust_passwd is a hack function that returns the alternate representation
1947 * if the password appears to be a pattern (hex numbers all less than 09)
1948 * If it succeeds we need to try both, and in particular try the alternate
1949 * first. If the original matches, then we need to update the footer
1950 * with the alternate.
1951 * All code that accepts passwords must adjust them first. Since
1952 * cryptfs_check_passwd is always the first function called after a migration
1953 * (and indeed on any boot) we only need to do the double try in this
1954 * function.
1955 */
1956char* adjust_passwd(const char* passwd)
1957{
1958 size_t index, length;
1959
1960 if (!passwd) {
1961 return 0;
1962 }
1963
1964 // Check even length. Hex encoded passwords are always
1965 // an even length, since each character encodes to two characters.
1966 length = strlen(passwd);
1967 if (length % 2) {
1968 SLOGW("Password not correctly hex encoded.");
1969 return 0;
1970 }
1971
1972 // Check password is old-style pattern - a collection of hex
1973 // encoded bytes less than 9 (00 through 08)
1974 for (index = 0; index < length; index +=2) {
1975 if (passwd[index] != '0'
1976 || passwd[index + 1] < '0' || passwd[index + 1] > '8') {
1977 return 0;
1978 }
1979 }
1980
1981 // Allocate room for adjusted passwd and null terminate
1982 char* adjusted = malloc(length + 1);
1983 adjusted[length] = 0;
1984
1985 // Add 0x31 ('1') to each character
1986 for (index = 0; index < length; index += 2) {
1987 // output is 31 through 39 so set first byte to three, second to src + 1
1988 adjusted[index] = '3';
1989 adjusted[index + 1] = passwd[index + 1] + 1;
1990 }
1991
1992 return adjusted;
1993}
1994
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001995int cryptfs_check_passwd(char *passwd)
1996{
Paul Lawrencef4faa572014-01-29 13:31:03 -08001997 struct crypt_mnt_ftr crypt_ftr;
1998 int rc;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001999
Paul Lawrencef4faa572014-01-29 13:31:03 -08002000 rc = check_unmounted_and_get_ftr(&crypt_ftr);
2001 if (rc)
2002 return rc;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002003
Paul Lawrencefc615042014-10-04 15:32:29 -07002004 char* adjusted_passwd = adjust_passwd(passwd);
2005 if (adjusted_passwd) {
2006 int failed_decrypt_count = crypt_ftr.failed_decrypt_count;
2007 rc = test_mount_encrypted_fs(&crypt_ftr, adjusted_passwd,
2008 DATA_MNT_POINT, "userdata");
2009
2010 // Maybe the original one still works?
2011 if (rc) {
2012 // Don't double count this failure
2013 crypt_ftr.failed_decrypt_count = failed_decrypt_count;
2014 rc = test_mount_encrypted_fs(&crypt_ftr, passwd,
2015 DATA_MNT_POINT, "userdata");
2016 if (!rc) {
2017 // cryptfs_changepw also adjusts so pass original
2018 // Note that adjust_passwd only recognises patterns
2019 // so we can safely use CRYPT_TYPE_PATTERN
2020 SLOGI("Updating pattern to new format");
2021 cryptfs_changepw(CRYPT_TYPE_PATTERN, passwd);
2022 }
2023 }
2024 free(adjusted_passwd);
2025 } else {
2026 rc = test_mount_encrypted_fs(&crypt_ftr, passwd,
2027 DATA_MNT_POINT, "userdata");
2028 }
Paul Lawrence684dbdf2014-02-07 12:07:22 -08002029
2030 if (rc == 0 && crypt_ftr.crypt_type != CRYPT_TYPE_DEFAULT) {
Paul Lawrence399317e2014-03-10 13:20:50 -07002031 cryptfs_clear_password();
2032 password = strdup(passwd);
2033 struct timespec now;
2034 clock_gettime(CLOCK_BOOTTIME, &now);
2035 password_expiry_time = now.tv_sec + password_max_age_seconds;
Paul Lawrence684dbdf2014-02-07 12:07:22 -08002036 }
2037
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002038 return rc;
2039}
2040
Ken Sumrall3ad90722011-10-04 20:38:29 -07002041int cryptfs_verify_passwd(char *passwd)
2042{
2043 struct crypt_mnt_ftr crypt_ftr;
2044 /* Allocate enough space for a 256 bit key, but we may use less */
Ken Sumrall160b4d62013-04-22 12:15:39 -07002045 unsigned char decrypted_master_key[32];
Ken Sumrall3ad90722011-10-04 20:38:29 -07002046 char encrypted_state[PROPERTY_VALUE_MAX];
2047 int rc;
2048
2049 property_get("ro.crypto.state", encrypted_state, "");
2050 if (strcmp(encrypted_state, "encrypted") ) {
2051 SLOGE("device not encrypted, aborting");
2052 return -2;
2053 }
2054
2055 if (!master_key_saved) {
2056 SLOGE("encrypted fs not yet mounted, aborting");
2057 return -1;
2058 }
2059
2060 if (!saved_mount_point) {
2061 SLOGE("encrypted fs failed to save mount point, aborting");
2062 return -1;
2063 }
2064
Ken Sumrall160b4d62013-04-22 12:15:39 -07002065 if (get_crypt_ftr_and_key(&crypt_ftr)) {
Ken Sumrall3ad90722011-10-04 20:38:29 -07002066 SLOGE("Error getting crypt footer and key\n");
2067 return -1;
2068 }
2069
2070 if (crypt_ftr.flags & CRYPT_MNT_KEY_UNENCRYPTED) {
2071 /* If the device has no password, then just say the password is valid */
2072 rc = 0;
2073 } else {
Paul Lawrencefc615042014-10-04 15:32:29 -07002074 char* adjusted_passwd = adjust_passwd(passwd);
2075 if (adjusted_passwd) {
2076 passwd = adjusted_passwd;
2077 }
2078
Paul Lawrenced0c7b172014-08-08 14:28:10 -07002079 decrypt_master_key(passwd, decrypted_master_key, &crypt_ftr, 0, 0);
Ken Sumrall3ad90722011-10-04 20:38:29 -07002080 if (!memcmp(decrypted_master_key, saved_master_key, crypt_ftr.keysize)) {
2081 /* They match, the password is correct */
2082 rc = 0;
2083 } else {
2084 /* If incorrect, sleep for a bit to prevent dictionary attacks */
2085 sleep(1);
2086 rc = 1;
2087 }
Paul Lawrencefc615042014-10-04 15:32:29 -07002088
2089 free(adjusted_passwd);
Ken Sumrall3ad90722011-10-04 20:38:29 -07002090 }
2091
2092 return rc;
2093}
2094
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002095/* Initialize a crypt_mnt_ftr structure. The keysize is
2096 * defaulted to 16 bytes, and the filesystem size to 0.
2097 * Presumably, at a minimum, the caller will update the
2098 * filesystem size and crypto_type_name after calling this function.
2099 */
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07002100static int cryptfs_init_crypt_mnt_ftr(struct crypt_mnt_ftr *ftr)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002101{
Ken Sumrall160b4d62013-04-22 12:15:39 -07002102 off64_t off;
2103
2104 memset(ftr, 0, sizeof(struct crypt_mnt_ftr));
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002105 ftr->magic = CRYPT_MNT_MAGIC;
Kenny Rootc96a5f82013-06-14 12:08:28 -07002106 ftr->major_version = CURRENT_MAJOR_VERSION;
2107 ftr->minor_version = CURRENT_MINOR_VERSION;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002108 ftr->ftr_size = sizeof(struct crypt_mnt_ftr);
Jason parks70a4b3f2011-01-28 10:10:47 -06002109 ftr->keysize = KEY_LEN_BYTES;
Ken Sumrall160b4d62013-04-22 12:15:39 -07002110
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07002111 switch (keymaster_check_compatibility()) {
2112 case 1:
2113 ftr->kdf_type = KDF_SCRYPT_KEYMASTER;
2114 break;
2115
2116 case 0:
2117 ftr->kdf_type = KDF_SCRYPT;
2118 break;
2119
2120 default:
2121 SLOGE("keymaster_check_compatibility failed");
2122 return -1;
2123 }
2124
Kenny Rootc4c70f12013-06-14 12:11:38 -07002125 get_device_scrypt_params(ftr);
2126
Ken Sumrall160b4d62013-04-22 12:15:39 -07002127 ftr->persist_data_size = CRYPT_PERSIST_DATA_SIZE;
2128 if (get_crypt_ftr_info(NULL, &off) == 0) {
2129 ftr->persist_data_offset[0] = off + CRYPT_FOOTER_TO_PERSIST_OFFSET;
2130 ftr->persist_data_offset[1] = off + CRYPT_FOOTER_TO_PERSIST_OFFSET +
2131 ftr->persist_data_size;
2132 }
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07002133
2134 return 0;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002135}
2136
Ken Sumrall29d8da82011-05-18 17:20:07 -07002137static int cryptfs_enable_wipe(char *crypto_blkdev, off64_t size, int type)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002138{
Ken Sumralle550f782013-08-20 13:48:23 -07002139 const char *args[10];
2140 char size_str[32]; /* Must be large enough to hold a %lld and null byte */
2141 int num_args;
2142 int status;
2143 int tmp;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002144 int rc = -1;
2145
Ken Sumrall29d8da82011-05-18 17:20:07 -07002146 if (type == EXT4_FS) {
Ken Sumralle550f782013-08-20 13:48:23 -07002147 args[0] = "/system/bin/make_ext4fs";
2148 args[1] = "-a";
2149 args[2] = "/data";
2150 args[3] = "-l";
Elliott Hughes73737162014-06-25 17:27:42 -07002151 snprintf(size_str, sizeof(size_str), "%" PRId64, size * 512);
Ken Sumralle550f782013-08-20 13:48:23 -07002152 args[4] = size_str;
2153 args[5] = crypto_blkdev;
2154 num_args = 6;
2155 SLOGI("Making empty filesystem with command %s %s %s %s %s %s\n",
2156 args[0], args[1], args[2], args[3], args[4], args[5]);
JP Abgrall62c7af32014-06-16 13:01:23 -07002157 } else if (type == F2FS_FS) {
2158 args[0] = "/system/bin/mkfs.f2fs";
2159 args[1] = "-t";
2160 args[2] = "-d1";
2161 args[3] = crypto_blkdev;
Elliott Hughes73737162014-06-25 17:27:42 -07002162 snprintf(size_str, sizeof(size_str), "%" PRId64, size);
JP Abgrall62c7af32014-06-16 13:01:23 -07002163 args[4] = size_str;
2164 num_args = 5;
2165 SLOGI("Making empty filesystem with command %s %s %s %s %s\n",
2166 args[0], args[1], args[2], args[3], args[4]);
Ken Sumrall29d8da82011-05-18 17:20:07 -07002167 } else {
2168 SLOGE("cryptfs_enable_wipe(): unknown filesystem type %d\n", type);
2169 return -1;
2170 }
2171
Ken Sumralle550f782013-08-20 13:48:23 -07002172 tmp = android_fork_execvp(num_args, (char **)args, &status, false, true);
2173
2174 if (tmp != 0) {
2175 SLOGE("Error creating empty filesystem on %s due to logwrap error\n", crypto_blkdev);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002176 } else {
Ken Sumralle550f782013-08-20 13:48:23 -07002177 if (WIFEXITED(status)) {
2178 if (WEXITSTATUS(status)) {
2179 SLOGE("Error creating filesystem on %s, exit status %d ",
2180 crypto_blkdev, WEXITSTATUS(status));
2181 } else {
2182 SLOGD("Successfully created filesystem on %s\n", crypto_blkdev);
2183 rc = 0;
2184 }
2185 } else {
2186 SLOGE("Error creating filesystem on %s, did not exit normally\n", crypto_blkdev);
2187 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002188 }
2189
2190 return rc;
2191}
2192
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002193#define CRYPT_INPLACE_BUFSIZE 4096
Paul Lawrence87999172014-02-20 12:21:31 -08002194#define CRYPT_SECTORS_PER_BUFSIZE (CRYPT_INPLACE_BUFSIZE / CRYPT_SECTOR_SIZE)
2195#define CRYPT_SECTOR_SIZE 512
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002196
2197/* aligned 32K writes tends to make flash happy.
2198 * SD card association recommends it.
2199 */
Ajay Dudani87701e22014-09-17 21:02:52 -07002200#ifndef CONFIG_HW_DISK_ENCRYPTION
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002201#define BLOCKS_AT_A_TIME 8
Ajay Dudani87701e22014-09-17 21:02:52 -07002202#else
2203#define BLOCKS_AT_A_TIME 1024
2204#endif
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002205
2206struct encryptGroupsData
2207{
2208 int realfd;
2209 int cryptofd;
2210 off64_t numblocks;
2211 off64_t one_pct, cur_pct, new_pct;
2212 off64_t blocks_already_done, tot_numblocks;
Paul Lawrence58c58cf2014-06-04 13:12:21 -07002213 off64_t used_blocks_already_done, tot_used_blocks;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002214 char* real_blkdev, * crypto_blkdev;
2215 int count;
2216 off64_t offset;
2217 char* buffer;
Paul Lawrence87999172014-02-20 12:21:31 -08002218 off64_t last_written_sector;
2219 int completed;
Paul Lawrencea96d9c92014-06-04 14:05:01 -07002220 time_t time_started;
2221 int remaining_time;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002222};
2223
Paul Lawrence58c58cf2014-06-04 13:12:21 -07002224static void update_progress(struct encryptGroupsData* data, int is_used)
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002225{
2226 data->blocks_already_done++;
Paul Lawrence58c58cf2014-06-04 13:12:21 -07002227
2228 if (is_used) {
2229 data->used_blocks_already_done++;
2230 }
Paul Lawrence58c58cf2014-06-04 13:12:21 -07002231 if (data->tot_used_blocks) {
2232 data->new_pct = data->used_blocks_already_done / data->one_pct;
2233 } else {
2234 data->new_pct = data->blocks_already_done / data->one_pct;
2235 }
2236
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002237 if (data->new_pct > data->cur_pct) {
2238 char buf[8];
2239 data->cur_pct = data->new_pct;
Elliott Hughescb33f572014-06-25 18:25:11 -07002240 snprintf(buf, sizeof(buf), "%" PRId64, data->cur_pct);
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002241 property_set("vold.encrypt_progress", buf);
2242 }
Paul Lawrencea96d9c92014-06-04 14:05:01 -07002243
2244 if (data->cur_pct >= 5) {
Paul Lawrence9c58a872014-09-30 09:12:51 -07002245 struct timespec time_now;
2246 if (clock_gettime(CLOCK_MONOTONIC, &time_now)) {
2247 SLOGW("Error getting time");
2248 } else {
2249 double elapsed_time = difftime(time_now.tv_sec, data->time_started);
2250 off64_t remaining_blocks = data->tot_used_blocks
2251 - data->used_blocks_already_done;
2252 int remaining_time = (int)(elapsed_time * remaining_blocks
2253 / data->used_blocks_already_done);
Paul Lawrence71577502014-08-13 14:55:55 -07002254
Paul Lawrence9c58a872014-09-30 09:12:51 -07002255 // Change time only if not yet set, lower, or a lot higher for
2256 // best user experience
2257 if (data->remaining_time == -1
2258 || remaining_time < data->remaining_time
2259 || remaining_time > data->remaining_time + 60) {
2260 char buf[8];
2261 snprintf(buf, sizeof(buf), "%d", remaining_time);
2262 property_set("vold.encrypt_time_remaining", buf);
2263 data->remaining_time = remaining_time;
2264 }
Paul Lawrencea96d9c92014-06-04 14:05:01 -07002265 }
2266 }
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002267}
2268
Paul Lawrence3846be12014-09-22 11:33:54 -07002269static void log_progress(struct encryptGroupsData const* data, bool completed)
2270{
2271 // Precondition - if completed data = 0 else data != 0
2272
2273 // Track progress so we can skip logging blocks
2274 static off64_t offset = -1;
2275
2276 // Need to close existing 'Encrypting from' log?
2277 if (completed || (offset != -1 && data->offset != offset)) {
2278 SLOGI("Encrypted to sector %" PRId64,
2279 offset / info.block_size * CRYPT_SECTOR_SIZE);
2280 offset = -1;
2281 }
2282
2283 // Need to start new 'Encrypting from' log?
2284 if (!completed && offset != data->offset) {
2285 SLOGI("Encrypting from sector %" PRId64,
2286 data->offset / info.block_size * CRYPT_SECTOR_SIZE);
2287 }
2288
2289 // Update offset
2290 if (!completed) {
2291 offset = data->offset + (off64_t)data->count * info.block_size;
2292 }
2293}
2294
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002295static int flush_outstanding_data(struct encryptGroupsData* data)
2296{
2297 if (data->count == 0) {
2298 return 0;
2299 }
2300
Elliott Hughes231bdba2014-06-25 18:36:19 -07002301 SLOGV("Copying %d blocks at offset %" PRIx64, data->count, data->offset);
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002302
2303 if (pread64(data->realfd, data->buffer,
2304 info.block_size * data->count, data->offset)
2305 <= 0) {
2306 SLOGE("Error reading real_blkdev %s for inplace encrypt",
2307 data->real_blkdev);
2308 return -1;
2309 }
2310
2311 if (pwrite64(data->cryptofd, data->buffer,
2312 info.block_size * data->count, data->offset)
2313 <= 0) {
2314 SLOGE("Error writing crypto_blkdev %s for inplace encrypt",
2315 data->crypto_blkdev);
2316 return -1;
Paul Lawrence87999172014-02-20 12:21:31 -08002317 } else {
Paul Lawrence3846be12014-09-22 11:33:54 -07002318 log_progress(data, false);
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002319 }
2320
2321 data->count = 0;
Paul Lawrence87999172014-02-20 12:21:31 -08002322 data->last_written_sector = (data->offset + data->count)
2323 / info.block_size * CRYPT_SECTOR_SIZE - 1;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002324 return 0;
2325}
2326
2327static int encrypt_groups(struct encryptGroupsData* data)
2328{
2329 unsigned int i;
2330 u8 *block_bitmap = 0;
2331 unsigned int block;
2332 off64_t ret;
2333 int rc = -1;
2334
2335 data->buffer = malloc(info.block_size * BLOCKS_AT_A_TIME);
2336 if (!data->buffer) {
2337 SLOGE("Failed to allocate crypto buffer");
2338 goto errout;
2339 }
2340
2341 block_bitmap = malloc(info.block_size);
2342 if (!block_bitmap) {
2343 SLOGE("failed to allocate block bitmap");
2344 goto errout;
2345 }
2346
2347 for (i = 0; i < aux_info.groups; ++i) {
2348 SLOGI("Encrypting group %d", i);
2349
2350 u32 first_block = aux_info.first_data_block + i * info.blocks_per_group;
2351 u32 block_count = min(info.blocks_per_group,
2352 aux_info.len_blocks - first_block);
2353
2354 off64_t offset = (u64)info.block_size
2355 * aux_info.bg_desc[i].bg_block_bitmap;
2356
2357 ret = pread64(data->realfd, block_bitmap, info.block_size, offset);
2358 if (ret != (int)info.block_size) {
2359 SLOGE("failed to read all of block group bitmap %d", i);
2360 goto errout;
2361 }
2362
2363 offset = (u64)info.block_size * first_block;
2364
2365 data->count = 0;
2366
2367 for (block = 0; block < block_count; block++) {
Paul Lawrence58c58cf2014-06-04 13:12:21 -07002368 int used = bitmap_get_bit(block_bitmap, block);
2369 update_progress(data, used);
2370 if (used) {
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002371 if (data->count == 0) {
2372 data->offset = offset;
2373 }
2374 data->count++;
2375 } else {
2376 if (flush_outstanding_data(data)) {
2377 goto errout;
2378 }
2379 }
2380
2381 offset += info.block_size;
2382
2383 /* Write data if we are aligned or buffer size reached */
2384 if (offset % (info.block_size * BLOCKS_AT_A_TIME) == 0
2385 || data->count == BLOCKS_AT_A_TIME) {
2386 if (flush_outstanding_data(data)) {
2387 goto errout;
2388 }
2389 }
Paul Lawrence87999172014-02-20 12:21:31 -08002390
Paul Lawrence73d7a022014-06-09 14:10:09 -07002391 if (!is_battery_ok_to_continue()) {
Paul Lawrence87999172014-02-20 12:21:31 -08002392 SLOGE("Stopping encryption due to low battery");
2393 rc = 0;
2394 goto errout;
2395 }
2396
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002397 }
2398 if (flush_outstanding_data(data)) {
2399 goto errout;
2400 }
2401 }
2402
Paul Lawrence87999172014-02-20 12:21:31 -08002403 data->completed = 1;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002404 rc = 0;
2405
2406errout:
Paul Lawrence3846be12014-09-22 11:33:54 -07002407 log_progress(0, true);
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002408 free(data->buffer);
2409 free(block_bitmap);
2410 return rc;
2411}
2412
2413static int cryptfs_enable_inplace_ext4(char *crypto_blkdev,
2414 char *real_blkdev,
2415 off64_t size,
2416 off64_t *size_already_done,
Paul Lawrence87999172014-02-20 12:21:31 -08002417 off64_t tot_size,
2418 off64_t previously_encrypted_upto)
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002419{
Paul Lawrence58c58cf2014-06-04 13:12:21 -07002420 u32 i;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002421 struct encryptGroupsData data;
Paul Lawrence74f29f12014-08-28 15:54:10 -07002422 int rc; // Can't initialize without causing warning -Wclobbered
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002423
Paul Lawrence87999172014-02-20 12:21:31 -08002424 if (previously_encrypted_upto > *size_already_done) {
2425 SLOGD("Not fast encrypting since resuming part way through");
2426 return -1;
2427 }
2428
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002429 memset(&data, 0, sizeof(data));
2430 data.real_blkdev = real_blkdev;
2431 data.crypto_blkdev = crypto_blkdev;
2432
2433 if ( (data.realfd = open(real_blkdev, O_RDWR)) < 0) {
JP Abgrall3334c6a2014-10-10 15:52:11 -07002434 SLOGE("Error opening real_blkdev %s for inplace encrypt. err=%d(%s)\n",
2435 real_blkdev, errno, strerror(errno));
Paul Lawrence74f29f12014-08-28 15:54:10 -07002436 rc = -1;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002437 goto errout;
2438 }
2439
2440 if ( (data.cryptofd = open(crypto_blkdev, O_WRONLY)) < 0) {
JP Abgrall7fc1de82014-10-10 18:43:41 -07002441 SLOGE("Error opening crypto_blkdev %s for ext4 inplace encrypt. err=%d(%s)\n",
JP Abgrall3334c6a2014-10-10 15:52:11 -07002442 crypto_blkdev, errno, strerror(errno));
JP Abgrall7fc1de82014-10-10 18:43:41 -07002443 rc = ENABLE_INPLACE_ERR_DEV;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002444 goto errout;
2445 }
2446
2447 if (setjmp(setjmp_env)) {
JP Abgrall7fc1de82014-10-10 18:43:41 -07002448 SLOGE("Reading ext4 extent caused an exception\n");
Paul Lawrence74f29f12014-08-28 15:54:10 -07002449 rc = -1;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002450 goto errout;
2451 }
2452
2453 if (read_ext(data.realfd, 0) != 0) {
JP Abgrall7fc1de82014-10-10 18:43:41 -07002454 SLOGE("Failed to read ext4 extent\n");
Paul Lawrence74f29f12014-08-28 15:54:10 -07002455 rc = -1;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002456 goto errout;
2457 }
2458
2459 data.numblocks = size / CRYPT_SECTORS_PER_BUFSIZE;
2460 data.tot_numblocks = tot_size / CRYPT_SECTORS_PER_BUFSIZE;
2461 data.blocks_already_done = *size_already_done / CRYPT_SECTORS_PER_BUFSIZE;
2462
JP Abgrall7fc1de82014-10-10 18:43:41 -07002463 SLOGI("Encrypting ext4 filesystem in place...");
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002464
Paul Lawrence58c58cf2014-06-04 13:12:21 -07002465 data.tot_used_blocks = data.numblocks;
2466 for (i = 0; i < aux_info.groups; ++i) {
2467 data.tot_used_blocks -= aux_info.bg_desc[i].bg_free_blocks_count;
2468 }
2469
2470 data.one_pct = data.tot_used_blocks / 100;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002471 data.cur_pct = 0;
Paul Lawrence9c58a872014-09-30 09:12:51 -07002472
2473 struct timespec time_started = {0};
2474 if (clock_gettime(CLOCK_MONOTONIC, &time_started)) {
2475 SLOGW("Error getting time at start");
2476 // Note - continue anyway - we'll run with 0
2477 }
2478 data.time_started = time_started.tv_sec;
Paul Lawrencea96d9c92014-06-04 14:05:01 -07002479 data.remaining_time = -1;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002480
2481 rc = encrypt_groups(&data);
2482 if (rc) {
2483 SLOGE("Error encrypting groups");
2484 goto errout;
2485 }
2486
Paul Lawrence87999172014-02-20 12:21:31 -08002487 *size_already_done += data.completed ? size : data.last_written_sector;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002488 rc = 0;
2489
2490errout:
2491 close(data.realfd);
2492 close(data.cryptofd);
2493
2494 return rc;
2495}
2496
Paul Lawrence3846be12014-09-22 11:33:54 -07002497static void log_progress_f2fs(u64 block, bool completed)
2498{
2499 // Precondition - if completed data = 0 else data != 0
2500
2501 // Track progress so we can skip logging blocks
2502 static u64 last_block = (u64)-1;
2503
2504 // Need to close existing 'Encrypting from' log?
2505 if (completed || (last_block != (u64)-1 && block != last_block + 1)) {
2506 SLOGI("Encrypted to block %" PRId64, last_block);
2507 last_block = -1;
2508 }
2509
2510 // Need to start new 'Encrypting from' log?
2511 if (!completed && (last_block == (u64)-1 || block != last_block + 1)) {
2512 SLOGI("Encrypting from block %" PRId64, block);
2513 }
2514
2515 // Update offset
2516 if (!completed) {
2517 last_block = block;
2518 }
2519}
2520
Daniel Rosenberge82df162014-08-15 22:19:23 +00002521static int encrypt_one_block_f2fs(u64 pos, void *data)
2522{
2523 struct encryptGroupsData *priv_dat = (struct encryptGroupsData *)data;
2524
2525 priv_dat->blocks_already_done = pos - 1;
2526 update_progress(priv_dat, 1);
2527
2528 off64_t offset = pos * CRYPT_INPLACE_BUFSIZE;
2529
2530 if (pread64(priv_dat->realfd, priv_dat->buffer, CRYPT_INPLACE_BUFSIZE, offset) <= 0) {
JP Abgrall7fc1de82014-10-10 18:43:41 -07002531 SLOGE("Error reading real_blkdev %s for f2fs inplace encrypt", priv_dat->crypto_blkdev);
Daniel Rosenberge82df162014-08-15 22:19:23 +00002532 return -1;
2533 }
2534
2535 if (pwrite64(priv_dat->cryptofd, priv_dat->buffer, CRYPT_INPLACE_BUFSIZE, offset) <= 0) {
JP Abgrall7fc1de82014-10-10 18:43:41 -07002536 SLOGE("Error writing crypto_blkdev %s for f2fs inplace encrypt", priv_dat->crypto_blkdev);
Daniel Rosenberge82df162014-08-15 22:19:23 +00002537 return -1;
2538 } else {
Paul Lawrence3846be12014-09-22 11:33:54 -07002539 log_progress_f2fs(pos, false);
Daniel Rosenberge82df162014-08-15 22:19:23 +00002540 }
2541
2542 return 0;
2543}
2544
2545static int cryptfs_enable_inplace_f2fs(char *crypto_blkdev,
2546 char *real_blkdev,
2547 off64_t size,
2548 off64_t *size_already_done,
2549 off64_t tot_size,
2550 off64_t previously_encrypted_upto)
2551{
Daniel Rosenberge82df162014-08-15 22:19:23 +00002552 struct encryptGroupsData data;
2553 struct f2fs_info *f2fs_info = NULL;
JP Abgrall7fc1de82014-10-10 18:43:41 -07002554 int rc = ENABLE_INPLACE_ERR_OTHER;
Daniel Rosenberge82df162014-08-15 22:19:23 +00002555 if (previously_encrypted_upto > *size_already_done) {
2556 SLOGD("Not fast encrypting since resuming part way through");
JP Abgrall7fc1de82014-10-10 18:43:41 -07002557 return ENABLE_INPLACE_ERR_OTHER;
Daniel Rosenberge82df162014-08-15 22:19:23 +00002558 }
2559 memset(&data, 0, sizeof(data));
2560 data.real_blkdev = real_blkdev;
2561 data.crypto_blkdev = crypto_blkdev;
2562 data.realfd = -1;
2563 data.cryptofd = -1;
2564 if ( (data.realfd = open64(real_blkdev, O_RDWR)) < 0) {
JP Abgrall7fc1de82014-10-10 18:43:41 -07002565 SLOGE("Error opening real_blkdev %s for f2fs inplace encrypt\n",
Daniel Rosenberge82df162014-08-15 22:19:23 +00002566 real_blkdev);
2567 goto errout;
2568 }
2569 if ( (data.cryptofd = open64(crypto_blkdev, O_WRONLY)) < 0) {
JP Abgrall7fc1de82014-10-10 18:43:41 -07002570 SLOGE("Error opening crypto_blkdev %s for f2fs inplace encrypt. err=%d(%s)\n",
JP Abgrall3334c6a2014-10-10 15:52:11 -07002571 crypto_blkdev, errno, strerror(errno));
JP Abgrall7fc1de82014-10-10 18:43:41 -07002572 rc = ENABLE_INPLACE_ERR_DEV;
Daniel Rosenberge82df162014-08-15 22:19:23 +00002573 goto errout;
2574 }
2575
2576 f2fs_info = generate_f2fs_info(data.realfd);
2577 if (!f2fs_info)
2578 goto errout;
2579
2580 data.numblocks = size / CRYPT_SECTORS_PER_BUFSIZE;
2581 data.tot_numblocks = tot_size / CRYPT_SECTORS_PER_BUFSIZE;
2582 data.blocks_already_done = *size_already_done / CRYPT_SECTORS_PER_BUFSIZE;
2583
2584 data.tot_used_blocks = get_num_blocks_used(f2fs_info);
2585
2586 data.one_pct = data.tot_used_blocks / 100;
2587 data.cur_pct = 0;
2588 data.time_started = time(NULL);
2589 data.remaining_time = -1;
2590
2591 data.buffer = malloc(f2fs_info->block_size);
2592 if (!data.buffer) {
2593 SLOGE("Failed to allocate crypto buffer");
2594 goto errout;
2595 }
2596
2597 data.count = 0;
2598
2599 /* Currently, this either runs to completion, or hits a nonrecoverable error */
2600 rc = run_on_used_blocks(data.blocks_already_done, f2fs_info, &encrypt_one_block_f2fs, &data);
2601
2602 if (rc) {
JP Abgrall7fc1de82014-10-10 18:43:41 -07002603 SLOGE("Error in running over f2fs blocks");
2604 rc = ENABLE_INPLACE_ERR_OTHER;
Daniel Rosenberge82df162014-08-15 22:19:23 +00002605 goto errout;
2606 }
2607
2608 *size_already_done += size;
2609 rc = 0;
2610
2611errout:
2612 if (rc)
2613 SLOGE("Failed to encrypt f2fs filesystem on %s", real_blkdev);
2614
Paul Lawrence3846be12014-09-22 11:33:54 -07002615 log_progress_f2fs(0, true);
Daniel Rosenberge82df162014-08-15 22:19:23 +00002616 free(f2fs_info);
2617 free(data.buffer);
2618 close(data.realfd);
2619 close(data.cryptofd);
2620
2621 return rc;
2622}
2623
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002624static int cryptfs_enable_inplace_full(char *crypto_blkdev, char *real_blkdev,
2625 off64_t size, off64_t *size_already_done,
Paul Lawrence87999172014-02-20 12:21:31 -08002626 off64_t tot_size,
2627 off64_t previously_encrypted_upto)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002628{
2629 int realfd, cryptofd;
2630 char *buf[CRYPT_INPLACE_BUFSIZE];
JP Abgrall7fc1de82014-10-10 18:43:41 -07002631 int rc = ENABLE_INPLACE_ERR_OTHER;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002632 off64_t numblocks, i, remainder;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002633 off64_t one_pct, cur_pct, new_pct;
Ken Sumrall29d8da82011-05-18 17:20:07 -07002634 off64_t blocks_already_done, tot_numblocks;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002635
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002636 if ( (realfd = open(real_blkdev, O_RDONLY)) < 0) {
2637 SLOGE("Error opening real_blkdev %s for inplace encrypt\n", real_blkdev);
JP Abgrall7fc1de82014-10-10 18:43:41 -07002638 return ENABLE_INPLACE_ERR_OTHER;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002639 }
2640
2641 if ( (cryptofd = open(crypto_blkdev, O_WRONLY)) < 0) {
JP Abgrall3334c6a2014-10-10 15:52:11 -07002642 SLOGE("Error opening crypto_blkdev %s for inplace encrypt. err=%d(%s)\n",
2643 crypto_blkdev, errno, strerror(errno));
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002644 close(realfd);
JP Abgrall7fc1de82014-10-10 18:43:41 -07002645 return ENABLE_INPLACE_ERR_DEV;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002646 }
2647
2648 /* This is pretty much a simple loop of reading 4K, and writing 4K.
2649 * The size passed in is the number of 512 byte sectors in the filesystem.
2650 * So compute the number of whole 4K blocks we should read/write,
2651 * and the remainder.
2652 */
2653 numblocks = size / CRYPT_SECTORS_PER_BUFSIZE;
2654 remainder = size % CRYPT_SECTORS_PER_BUFSIZE;
Ken Sumrall29d8da82011-05-18 17:20:07 -07002655 tot_numblocks = tot_size / CRYPT_SECTORS_PER_BUFSIZE;
2656 blocks_already_done = *size_already_done / CRYPT_SECTORS_PER_BUFSIZE;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002657
2658 SLOGE("Encrypting filesystem in place...");
2659
Paul Lawrence87999172014-02-20 12:21:31 -08002660 i = previously_encrypted_upto + 1 - *size_already_done;
2661
2662 if (lseek64(realfd, i * CRYPT_SECTOR_SIZE, SEEK_SET) < 0) {
2663 SLOGE("Cannot seek to previously encrypted point on %s", real_blkdev);
2664 goto errout;
2665 }
2666
2667 if (lseek64(cryptofd, i * CRYPT_SECTOR_SIZE, SEEK_SET) < 0) {
2668 SLOGE("Cannot seek to previously encrypted point on %s", crypto_blkdev);
2669 goto errout;
2670 }
2671
2672 for (;i < size && i % CRYPT_SECTORS_PER_BUFSIZE != 0; ++i) {
2673 if (unix_read(realfd, buf, CRYPT_SECTOR_SIZE) <= 0) {
2674 SLOGE("Error reading initial sectors from real_blkdev %s for "
2675 "inplace encrypt\n", crypto_blkdev);
2676 goto errout;
2677 }
2678 if (unix_write(cryptofd, buf, CRYPT_SECTOR_SIZE) <= 0) {
2679 SLOGE("Error writing initial sectors to crypto_blkdev %s for "
2680 "inplace encrypt\n", crypto_blkdev);
2681 goto errout;
2682 } else {
Elliott Hughescb33f572014-06-25 18:25:11 -07002683 SLOGI("Encrypted 1 block at %" PRId64, i);
Paul Lawrence87999172014-02-20 12:21:31 -08002684 }
2685 }
2686
Ken Sumrall29d8da82011-05-18 17:20:07 -07002687 one_pct = tot_numblocks / 100;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002688 cur_pct = 0;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002689 /* process the majority of the filesystem in blocks */
Paul Lawrence87999172014-02-20 12:21:31 -08002690 for (i/=CRYPT_SECTORS_PER_BUFSIZE; i<numblocks; i++) {
Ken Sumrall29d8da82011-05-18 17:20:07 -07002691 new_pct = (i + blocks_already_done) / one_pct;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002692 if (new_pct > cur_pct) {
2693 char buf[8];
2694
2695 cur_pct = new_pct;
Elliott Hughes73737162014-06-25 17:27:42 -07002696 snprintf(buf, sizeof(buf), "%" PRId64, cur_pct);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002697 property_set("vold.encrypt_progress", buf);
2698 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002699 if (unix_read(realfd, buf, CRYPT_INPLACE_BUFSIZE) <= 0) {
Paul Lawrence87999172014-02-20 12:21:31 -08002700 SLOGE("Error reading real_blkdev %s for inplace encrypt", crypto_blkdev);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002701 goto errout;
2702 }
2703 if (unix_write(cryptofd, buf, CRYPT_INPLACE_BUFSIZE) <= 0) {
Paul Lawrence87999172014-02-20 12:21:31 -08002704 SLOGE("Error writing crypto_blkdev %s for inplace encrypt", crypto_blkdev);
2705 goto errout;
2706 } else {
Elliott Hughescb33f572014-06-25 18:25:11 -07002707 SLOGD("Encrypted %d block at %" PRId64,
Paul Lawrence87999172014-02-20 12:21:31 -08002708 CRYPT_SECTORS_PER_BUFSIZE,
2709 i * CRYPT_SECTORS_PER_BUFSIZE);
2710 }
2711
Paul Lawrence73d7a022014-06-09 14:10:09 -07002712 if (!is_battery_ok_to_continue()) {
Paul Lawrence87999172014-02-20 12:21:31 -08002713 SLOGE("Stopping encryption due to low battery");
2714 *size_already_done += (i + 1) * CRYPT_SECTORS_PER_BUFSIZE - 1;
2715 rc = 0;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002716 goto errout;
2717 }
2718 }
2719
2720 /* Do any remaining sectors */
2721 for (i=0; i<remainder; i++) {
Paul Lawrence87999172014-02-20 12:21:31 -08002722 if (unix_read(realfd, buf, CRYPT_SECTOR_SIZE) <= 0) {
2723 SLOGE("Error reading final sectors from real_blkdev %s for inplace encrypt", crypto_blkdev);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002724 goto errout;
2725 }
Paul Lawrence87999172014-02-20 12:21:31 -08002726 if (unix_write(cryptofd, buf, CRYPT_SECTOR_SIZE) <= 0) {
2727 SLOGE("Error writing final sectors to crypto_blkdev %s for inplace encrypt", crypto_blkdev);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002728 goto errout;
Paul Lawrence87999172014-02-20 12:21:31 -08002729 } else {
2730 SLOGI("Encrypted 1 block at next location");
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002731 }
2732 }
2733
Ken Sumrall29d8da82011-05-18 17:20:07 -07002734 *size_already_done += size;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002735 rc = 0;
2736
2737errout:
2738 close(realfd);
2739 close(cryptofd);
2740
2741 return rc;
2742}
2743
JP Abgrall7fc1de82014-10-10 18:43:41 -07002744/* returns on of the ENABLE_INPLACE_* return codes */
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002745static int cryptfs_enable_inplace(char *crypto_blkdev, char *real_blkdev,
2746 off64_t size, off64_t *size_already_done,
Paul Lawrence87999172014-02-20 12:21:31 -08002747 off64_t tot_size,
2748 off64_t previously_encrypted_upto)
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002749{
JP Abgrall7fc1de82014-10-10 18:43:41 -07002750 int rc_ext4, rc_f2fs, rc_full;
Paul Lawrence87999172014-02-20 12:21:31 -08002751 if (previously_encrypted_upto) {
Elliott Hughescb33f572014-06-25 18:25:11 -07002752 SLOGD("Continuing encryption from %" PRId64, previously_encrypted_upto);
Paul Lawrence87999172014-02-20 12:21:31 -08002753 }
2754
2755 if (*size_already_done + size < previously_encrypted_upto) {
2756 *size_already_done += size;
2757 return 0;
2758 }
2759
Daniel Rosenberge82df162014-08-15 22:19:23 +00002760 /* TODO: identify filesystem type.
2761 * As is, cryptfs_enable_inplace_ext4 will fail on an f2fs partition, and
2762 * then we will drop down to cryptfs_enable_inplace_f2fs.
2763 * */
JP Abgrall7fc1de82014-10-10 18:43:41 -07002764 if ((rc_ext4 = cryptfs_enable_inplace_ext4(crypto_blkdev, real_blkdev,
Daniel Rosenberge82df162014-08-15 22:19:23 +00002765 size, size_already_done,
JP Abgrall7fc1de82014-10-10 18:43:41 -07002766 tot_size, previously_encrypted_upto)) == 0) {
Daniel Rosenberge82df162014-08-15 22:19:23 +00002767 return 0;
2768 }
JP Abgrall7fc1de82014-10-10 18:43:41 -07002769 SLOGD("cryptfs_enable_inplace_ext4()=%d\n", rc_ext4);
Daniel Rosenberge82df162014-08-15 22:19:23 +00002770
JP Abgrall7fc1de82014-10-10 18:43:41 -07002771 if ((rc_f2fs = cryptfs_enable_inplace_f2fs(crypto_blkdev, real_blkdev,
Daniel Rosenberge82df162014-08-15 22:19:23 +00002772 size, size_already_done,
JP Abgrall7fc1de82014-10-10 18:43:41 -07002773 tot_size, previously_encrypted_upto)) == 0) {
Daniel Rosenberge82df162014-08-15 22:19:23 +00002774 return 0;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002775 }
JP Abgrall7fc1de82014-10-10 18:43:41 -07002776 SLOGD("cryptfs_enable_inplace_f2fs()=%d\n", rc_f2fs);
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002777
JP Abgrall7fc1de82014-10-10 18:43:41 -07002778 rc_full = cryptfs_enable_inplace_full(crypto_blkdev, real_blkdev,
Paul Lawrence87999172014-02-20 12:21:31 -08002779 size, size_already_done, tot_size,
2780 previously_encrypted_upto);
JP Abgrall7fc1de82014-10-10 18:43:41 -07002781 SLOGD("cryptfs_enable_inplace_full()=%d\n", rc_full);
2782
2783 /* Hack for b/17898962, the following is the symptom... */
2784 if (rc_ext4 == ENABLE_INPLACE_ERR_DEV
2785 && rc_f2fs == ENABLE_INPLACE_ERR_DEV
2786 && rc_full == ENABLE_INPLACE_ERR_DEV) {
2787 return ENABLE_INPLACE_ERR_DEV;
2788 }
2789 return rc_full;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002790}
2791
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002792#define CRYPTO_ENABLE_WIPE 1
2793#define CRYPTO_ENABLE_INPLACE 2
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002794
2795#define FRAMEWORK_BOOT_WAIT 60
2796
Ken Sumrall29d8da82011-05-18 17:20:07 -07002797static inline int should_encrypt(struct volume_info *volume)
2798{
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002799 return (volume->flags & (VOL_ENCRYPTABLE | VOL_NONREMOVABLE)) ==
Ken Sumrall29d8da82011-05-18 17:20:07 -07002800 (VOL_ENCRYPTABLE | VOL_NONREMOVABLE);
2801}
2802
Paul Lawrence87999172014-02-20 12:21:31 -08002803static int cryptfs_SHA256_fileblock(const char* filename, __le8* buf)
2804{
2805 int fd = open(filename, O_RDONLY);
2806 if (fd == -1) {
2807 SLOGE("Error opening file %s", filename);
2808 return -1;
2809 }
2810
2811 char block[CRYPT_INPLACE_BUFSIZE];
2812 memset(block, 0, sizeof(block));
2813 if (unix_read(fd, block, sizeof(block)) < 0) {
2814 SLOGE("Error reading file %s", filename);
2815 close(fd);
2816 return -1;
2817 }
2818
2819 close(fd);
2820
2821 SHA256_CTX c;
2822 SHA256_Init(&c);
2823 SHA256_Update(&c, block, sizeof(block));
2824 SHA256_Final(buf, &c);
2825
2826 return 0;
2827}
2828
JP Abgrall62c7af32014-06-16 13:01:23 -07002829static int get_fs_type(struct fstab_rec *rec)
2830{
2831 if (!strcmp(rec->fs_type, "ext4")) {
2832 return EXT4_FS;
2833 } else if (!strcmp(rec->fs_type, "f2fs")) {
2834 return F2FS_FS;
2835 } else {
2836 return -1;
2837 }
2838}
2839
Paul Lawrence87999172014-02-20 12:21:31 -08002840static int cryptfs_enable_all_volumes(struct crypt_mnt_ftr *crypt_ftr, int how,
2841 char *crypto_blkdev, char *real_blkdev,
2842 int previously_encrypted_upto)
2843{
2844 off64_t cur_encryption_done=0, tot_encryption_size=0;
Tim Murray8439dc92014-12-15 11:56:11 -08002845 int rc = -1;
Paul Lawrence87999172014-02-20 12:21:31 -08002846
Paul Lawrence73d7a022014-06-09 14:10:09 -07002847 if (!is_battery_ok_to_start()) {
2848 SLOGW("Not starting encryption due to low battery");
Paul Lawrence87999172014-02-20 12:21:31 -08002849 return 0;
2850 }
2851
2852 /* The size of the userdata partition, and add in the vold volumes below */
2853 tot_encryption_size = crypt_ftr->fs_size;
2854
2855 if (how == CRYPTO_ENABLE_WIPE) {
JP Abgrall62c7af32014-06-16 13:01:23 -07002856 struct fstab_rec* rec = fs_mgr_get_entry_for_mount_point(fstab, DATA_MNT_POINT);
2857 int fs_type = get_fs_type(rec);
2858 if (fs_type < 0) {
2859 SLOGE("cryptfs_enable: unsupported fs type %s\n", rec->fs_type);
2860 return -1;
2861 }
2862 rc = cryptfs_enable_wipe(crypto_blkdev, crypt_ftr->fs_size, fs_type);
Paul Lawrence87999172014-02-20 12:21:31 -08002863 } else if (how == CRYPTO_ENABLE_INPLACE) {
2864 rc = cryptfs_enable_inplace(crypto_blkdev, real_blkdev,
2865 crypt_ftr->fs_size, &cur_encryption_done,
2866 tot_encryption_size,
2867 previously_encrypted_upto);
2868
JP Abgrall7fc1de82014-10-10 18:43:41 -07002869 if (rc == ENABLE_INPLACE_ERR_DEV) {
2870 /* Hack for b/17898962 */
2871 SLOGE("cryptfs_enable: crypto block dev failure. Must reboot...\n");
2872 cryptfs_reboot(reboot);
2873 }
2874
Paul Lawrence73d7a022014-06-09 14:10:09 -07002875 if (!rc) {
Paul Lawrence87999172014-02-20 12:21:31 -08002876 crypt_ftr->encrypted_upto = cur_encryption_done;
2877 }
2878
Paul Lawrence73d7a022014-06-09 14:10:09 -07002879 if (!rc && crypt_ftr->encrypted_upto == crypt_ftr->fs_size) {
Paul Lawrence87999172014-02-20 12:21:31 -08002880 /* The inplace routine never actually sets the progress to 100% due
2881 * to the round down nature of integer division, so set it here */
2882 property_set("vold.encrypt_progress", "100");
2883 }
2884 } else {
2885 /* Shouldn't happen */
2886 SLOGE("cryptfs_enable: internal error, unknown option\n");
2887 rc = -1;
2888 }
2889
2890 return rc;
2891}
2892
Paul Lawrence13486032014-02-03 13:28:11 -08002893int cryptfs_enable_internal(char *howarg, int crypt_type, char *passwd,
2894 int allow_reboot)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002895{
2896 int how = 0;
Paul Lawrence87999172014-02-20 12:21:31 -08002897 char crypto_blkdev[MAXPATHLEN], real_blkdev[MAXPATHLEN];
Ken Sumralle5032c42012-04-01 23:58:44 -07002898 unsigned long nr_sec;
Ken Sumrall160b4d62013-04-22 12:15:39 -07002899 unsigned char decrypted_master_key[KEY_LEN_BYTES];
Tim Murray8439dc92014-12-15 11:56:11 -08002900 int rc=-1, fd, i;
Paul Lawrence87999172014-02-20 12:21:31 -08002901 struct crypt_mnt_ftr crypt_ftr;
Ken Sumrall160b4d62013-04-22 12:15:39 -07002902 struct crypt_persist_data *pdata;
Ken Sumrall29d8da82011-05-18 17:20:07 -07002903 char encrypted_state[PROPERTY_VALUE_MAX];
Ken Sumrall5d4c68e2011-01-30 19:06:03 -08002904 char lockid[32] = { 0 };
Ken Sumrall29d8da82011-05-18 17:20:07 -07002905 char key_loc[PROPERTY_VALUE_MAX];
2906 char fuse_sdcard[PROPERTY_VALUE_MAX];
2907 char *sd_mnt_point;
Ken Sumrall29d8da82011-05-18 17:20:07 -07002908 int num_vols;
2909 struct volume_info *vol_list = 0;
Paul Lawrence87999172014-02-20 12:21:31 -08002910 off64_t previously_encrypted_upto = 0;
Ken Sumrall29d8da82011-05-18 17:20:07 -07002911
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002912 if (!strcmp(howarg, "wipe")) {
2913 how = CRYPTO_ENABLE_WIPE;
2914 } else if (! strcmp(howarg, "inplace")) {
2915 how = CRYPTO_ENABLE_INPLACE;
2916 } else {
2917 /* Shouldn't happen, as CommandListener vets the args */
Ken Sumrall3ed82362011-01-28 23:31:16 -08002918 goto error_unencrypted;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002919 }
2920
Paul Lawrence87999172014-02-20 12:21:31 -08002921 /* See if an encryption was underway and interrupted */
2922 if (how == CRYPTO_ENABLE_INPLACE
2923 && get_crypt_ftr_and_key(&crypt_ftr) == 0
2924 && (crypt_ftr.flags & CRYPT_ENCRYPTION_IN_PROGRESS)) {
2925 previously_encrypted_upto = crypt_ftr.encrypted_upto;
2926 crypt_ftr.encrypted_upto = 0;
Paul Lawrence6bfed202014-07-28 12:47:22 -07002927 crypt_ftr.flags &= ~CRYPT_ENCRYPTION_IN_PROGRESS;
2928
2929 /* At this point, we are in an inconsistent state. Until we successfully
2930 complete encryption, a reboot will leave us broken. So mark the
2931 encryption failed in case that happens.
2932 On successfully completing encryption, remove this flag */
2933 crypt_ftr.flags |= CRYPT_INCONSISTENT_STATE;
2934
2935 put_crypt_ftr_and_key(&crypt_ftr);
Paul Lawrence87999172014-02-20 12:21:31 -08002936 }
2937
2938 property_get("ro.crypto.state", encrypted_state, "");
2939 if (!strcmp(encrypted_state, "encrypted") && !previously_encrypted_upto) {
2940 SLOGE("Device is already running encrypted, aborting");
2941 goto error_unencrypted;
2942 }
2943
2944 // TODO refactor fs_mgr_get_crypt_info to get both in one call
2945 fs_mgr_get_crypt_info(fstab, key_loc, 0, sizeof(key_loc));
Ken Sumrall56ad03c2013-02-13 13:00:19 -08002946 fs_mgr_get_crypt_info(fstab, 0, real_blkdev, sizeof(real_blkdev));
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002947
Ken Sumrall3ed82362011-01-28 23:31:16 -08002948 /* Get the size of the real block device */
2949 fd = open(real_blkdev, O_RDONLY);
2950 if ( (nr_sec = get_blkdev_size(fd)) == 0) {
2951 SLOGE("Cannot get size of block device %s\n", real_blkdev);
2952 goto error_unencrypted;
2953 }
2954 close(fd);
2955
2956 /* If doing inplace encryption, make sure the orig fs doesn't include the crypto footer */
Ken Sumrall29d8da82011-05-18 17:20:07 -07002957 if ((how == CRYPTO_ENABLE_INPLACE) && (!strcmp(key_loc, KEY_IN_FOOTER))) {
Ken Sumrall3ed82362011-01-28 23:31:16 -08002958 unsigned int fs_size_sec, max_fs_size_sec;
Jim Millera70abc62014-08-15 02:00:45 +00002959 fs_size_sec = get_fs_size(real_blkdev);
Daniel Rosenberge82df162014-08-15 22:19:23 +00002960 if (fs_size_sec == 0)
2961 fs_size_sec = get_f2fs_filesystem_size_sec(real_blkdev);
2962
Paul Lawrence87999172014-02-20 12:21:31 -08002963 max_fs_size_sec = nr_sec - (CRYPT_FOOTER_OFFSET / CRYPT_SECTOR_SIZE);
Ken Sumrall3ed82362011-01-28 23:31:16 -08002964
2965 if (fs_size_sec > max_fs_size_sec) {
2966 SLOGE("Orig filesystem overlaps crypto footer region. Cannot encrypt in place.");
2967 goto error_unencrypted;
2968 }
2969 }
2970
Ken Sumrall5d4c68e2011-01-30 19:06:03 -08002971 /* Get a wakelock as this may take a while, and we don't want the
2972 * device to sleep on us. We'll grab a partial wakelock, and if the UI
2973 * wants to keep the screen on, it can grab a full wakelock.
2974 */
Ken Sumrall29d8da82011-05-18 17:20:07 -07002975 snprintf(lockid, sizeof(lockid), "enablecrypto%d", (int) getpid());
Ken Sumrall5d4c68e2011-01-30 19:06:03 -08002976 acquire_wake_lock(PARTIAL_WAKE_LOCK, lockid);
2977
Jeff Sharkey7382f812012-08-23 14:08:59 -07002978 /* Get the sdcard mount point */
Jeff Sharkeyb77bc462012-10-01 14:36:26 -07002979 sd_mnt_point = getenv("EMULATED_STORAGE_SOURCE");
Jeff Sharkey7382f812012-08-23 14:08:59 -07002980 if (!sd_mnt_point) {
2981 sd_mnt_point = getenv("EXTERNAL_STORAGE");
2982 }
2983 if (!sd_mnt_point) {
2984 sd_mnt_point = "/mnt/sdcard";
2985 }
Ken Sumrall29d8da82011-05-18 17:20:07 -07002986
Paul Lawrence87999172014-02-20 12:21:31 -08002987 /* TODO
2988 * Currently do not have test devices with multiple encryptable volumes.
2989 * When we acquire some, re-add support.
2990 */
Ken Sumrall29d8da82011-05-18 17:20:07 -07002991 num_vols=vold_getNumDirectVolumes();
2992 vol_list = malloc(sizeof(struct volume_info) * num_vols);
2993 vold_getDirectVolumeList(vol_list);
2994
2995 for (i=0; i<num_vols; i++) {
2996 if (should_encrypt(&vol_list[i])) {
Paul Lawrence87999172014-02-20 12:21:31 -08002997 SLOGE("Cannot encrypt if there are multiple encryptable volumes"
2998 "%s\n", vol_list[i].label);
2999 goto error_unencrypted;
Ken Sumrall29d8da82011-05-18 17:20:07 -07003000 }
3001 }
3002
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003003 /* The init files are setup to stop the class main and late start when
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003004 * vold sets trigger_shutdown_framework.
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003005 */
3006 property_set("vold.decrypt", "trigger_shutdown_framework");
3007 SLOGD("Just asked init to shut down class main\n");
3008
Ken Sumrall425524d2012-06-14 20:55:28 -07003009 if (vold_unmountAllAsecs()) {
3010 /* Just report the error. If any are left mounted,
3011 * umounting /data below will fail and handle the error.
3012 */
3013 SLOGE("Error unmounting internal asecs");
3014 }
3015
Ken Sumrall29d8da82011-05-18 17:20:07 -07003016 property_get("ro.crypto.fuse_sdcard", fuse_sdcard, "");
3017 if (!strcmp(fuse_sdcard, "true")) {
3018 /* This is a device using the fuse layer to emulate the sdcard semantics
3019 * on top of the userdata partition. vold does not manage it, it is managed
3020 * by the sdcard service. The sdcard service was killed by the property trigger
3021 * above, so just unmount it now. We must do this _AFTER_ killing the framework,
3022 * unlike the case for vold managed devices above.
3023 */
Greg Hackmann6e8440f2014-10-02 17:18:20 -07003024 if (wait_and_unmount(sd_mnt_point, false)) {
Ken Sumrall29d8da82011-05-18 17:20:07 -07003025 goto error_shutting_down;
3026 }
Ken Sumrall2eaf7132011-01-14 12:45:48 -08003027 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003028
3029 /* Now unmount the /data partition. */
Greg Hackmann6e8440f2014-10-02 17:18:20 -07003030 if (wait_and_unmount(DATA_MNT_POINT, false)) {
JP Abgrall502dc742013-11-01 13:06:20 -07003031 if (allow_reboot) {
3032 goto error_shutting_down;
3033 } else {
3034 goto error_unencrypted;
3035 }
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003036 }
3037
3038 /* Do extra work for a better UX when doing the long inplace encryption */
3039 if (how == CRYPTO_ENABLE_INPLACE) {
3040 /* Now that /data is unmounted, we need to mount a tmpfs
3041 * /data, set a property saying we're doing inplace encryption,
3042 * and restart the framework.
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003043 */
Ken Sumralle5032c42012-04-01 23:58:44 -07003044 if (fs_mgr_do_tmpfs_mount(DATA_MNT_POINT)) {
Ken Sumrall3ed82362011-01-28 23:31:16 -08003045 goto error_shutting_down;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003046 }
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003047 /* Tells the framework that inplace encryption is starting */
Ken Sumrall7df84122011-01-18 14:04:08 -08003048 property_set("vold.encrypt_progress", "0");
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003049
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003050 /* restart the framework. */
3051 /* Create necessary paths on /data */
3052 if (prep_data_fs()) {
Ken Sumrall3ed82362011-01-28 23:31:16 -08003053 goto error_shutting_down;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003054 }
3055
Ken Sumrall92736ef2012-10-17 20:57:14 -07003056 /* Ugh, shutting down the framework is not synchronous, so until it
3057 * can be fixed, this horrible hack will wait a moment for it all to
3058 * shut down before proceeding. Without it, some devices cannot
3059 * restart the graphics services.
3060 */
3061 sleep(2);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003062 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003063
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003064 /* Start the actual work of making an encrypted filesystem */
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003065 /* Initialize a crypt_mnt_ftr for the partition */
Paul Lawrence87999172014-02-20 12:21:31 -08003066 if (previously_encrypted_upto == 0) {
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07003067 if (cryptfs_init_crypt_mnt_ftr(&crypt_ftr)) {
3068 goto error_shutting_down;
3069 }
Ken Sumrall160b4d62013-04-22 12:15:39 -07003070
Paul Lawrence87999172014-02-20 12:21:31 -08003071 if (!strcmp(key_loc, KEY_IN_FOOTER)) {
3072 crypt_ftr.fs_size = nr_sec
3073 - (CRYPT_FOOTER_OFFSET / CRYPT_SECTOR_SIZE);
3074 } else {
3075 crypt_ftr.fs_size = nr_sec;
3076 }
Paul Lawrence6bfed202014-07-28 12:47:22 -07003077 /* At this point, we are in an inconsistent state. Until we successfully
3078 complete encryption, a reboot will leave us broken. So mark the
3079 encryption failed in case that happens.
3080 On successfully completing encryption, remove this flag */
3081 crypt_ftr.flags |= CRYPT_INCONSISTENT_STATE;
Paul Lawrence87999172014-02-20 12:21:31 -08003082 crypt_ftr.crypt_type = crypt_type;
Ajay Dudani87701e22014-09-17 21:02:52 -07003083#ifndef CONFIG_HW_DISK_ENCRYPTION
3084 strlcpy((char *)crypt_ftr.crypto_type_name, "aes-cbc-essiv:sha256", MAX_CRYPTO_TYPE_NAME_LEN);
3085#else
3086 strlcpy((char *)crypt_ftr.crypto_type_name, "aes-xts", MAX_CRYPTO_TYPE_NAME_LEN);
3087
Iliyan Malchevbb7d9af2014-11-20 18:42:23 -08003088 rc = clear_hw_device_encryption_key();
Ajay Dudani87701e22014-09-17 21:02:52 -07003089 if (!rc) {
3090 SLOGE("Error clearing device encryption hardware key. rc = %d", rc);
3091 }
3092
3093 rc = set_hw_device_encryption_key(passwd,
3094 (char*) crypt_ftr.crypto_type_name);
3095 if (!rc) {
3096 SLOGE("Error initializing device encryption hardware key. rc = %d", rc);
3097 goto error_shutting_down;
3098 }
3099#endif
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003100
Paul Lawrence87999172014-02-20 12:21:31 -08003101 /* Make an encrypted master key */
3102 if (create_encrypted_random_key(passwd, crypt_ftr.master_key, crypt_ftr.salt, &crypt_ftr)) {
3103 SLOGE("Cannot create encrypted master key\n");
3104 goto error_shutting_down;
3105 }
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003106
Paul Lawrence87999172014-02-20 12:21:31 -08003107 /* Write the key to the end of the partition */
3108 put_crypt_ftr_and_key(&crypt_ftr);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003109
Paul Lawrence87999172014-02-20 12:21:31 -08003110 /* If any persistent data has been remembered, save it.
3111 * If none, create a valid empty table and save that.
3112 */
3113 if (!persist_data) {
3114 pdata = malloc(CRYPT_PERSIST_DATA_SIZE);
3115 if (pdata) {
3116 init_empty_persist_data(pdata, CRYPT_PERSIST_DATA_SIZE);
3117 persist_data = pdata;
3118 }
3119 }
3120 if (persist_data) {
3121 save_persistent_data();
3122 }
Ken Sumrall160b4d62013-04-22 12:15:39 -07003123 }
3124
Ajay Dudani87701e22014-09-17 21:02:52 -07003125 if (how == CRYPTO_ENABLE_INPLACE) {
3126 /* startup service classes main and late_start */
3127 property_set("vold.decrypt", "trigger_restart_min_framework");
3128 SLOGD("Just triggered restart_min_framework\n");
3129
3130 /* OK, the framework is restarted and will soon be showing a
3131 * progress bar. Time to setup an encrypted mapping, and
3132 * either write a new filesystem, or encrypt in place updating
3133 * the progress bar as we work.
3134 */
3135 }
3136
Paul Lawrenced0c7b172014-08-08 14:28:10 -07003137 decrypt_master_key(passwd, decrypted_master_key, &crypt_ftr, 0, 0);
Ken Sumrall29d8da82011-05-18 17:20:07 -07003138 create_crypto_blk_dev(&crypt_ftr, decrypted_master_key, real_blkdev, crypto_blkdev,
3139 "userdata");
3140
Paul Lawrence87999172014-02-20 12:21:31 -08003141 /* If we are continuing, check checksums match */
3142 rc = 0;
3143 if (previously_encrypted_upto) {
3144 __le8 hash_first_block[SHA256_DIGEST_LENGTH];
3145 rc = cryptfs_SHA256_fileblock(crypto_blkdev, hash_first_block);
Ken Sumrall128626f2011-06-28 18:45:14 -07003146
Paul Lawrence87999172014-02-20 12:21:31 -08003147 if (!rc && memcmp(hash_first_block, crypt_ftr.hash_first_block,
3148 sizeof(hash_first_block)) != 0) {
3149 SLOGE("Checksums do not match - trigger wipe");
3150 rc = -1;
Ken Sumrall29d8da82011-05-18 17:20:07 -07003151 }
3152 }
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003153
Paul Lawrence87999172014-02-20 12:21:31 -08003154 if (!rc) {
3155 rc = cryptfs_enable_all_volumes(&crypt_ftr, how,
3156 crypto_blkdev, real_blkdev,
3157 previously_encrypted_upto);
3158 }
3159
3160 /* Calculate checksum if we are not finished */
Paul Lawrenceb1eb7a02014-11-25 14:57:32 -08003161 if (!rc && how == CRYPTO_ENABLE_INPLACE
3162 && crypt_ftr.encrypted_upto != crypt_ftr.fs_size) {
Paul Lawrence87999172014-02-20 12:21:31 -08003163 rc = cryptfs_SHA256_fileblock(crypto_blkdev,
3164 crypt_ftr.hash_first_block);
Paul Lawrence73d7a022014-06-09 14:10:09 -07003165 if (rc) {
Paul Lawrence87999172014-02-20 12:21:31 -08003166 SLOGE("Error calculating checksum for continuing encryption");
3167 rc = -1;
Ken Sumrall29d8da82011-05-18 17:20:07 -07003168 }
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003169 }
3170
3171 /* Undo the dm-crypt mapping whether we succeed or not */
Ken Sumrall29d8da82011-05-18 17:20:07 -07003172 delete_crypto_blk_dev("userdata");
Ken Sumrall29d8da82011-05-18 17:20:07 -07003173
3174 free(vol_list);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003175
3176 if (! rc) {
3177 /* Success */
Paul Lawrence6bfed202014-07-28 12:47:22 -07003178 crypt_ftr.flags &= ~CRYPT_INCONSISTENT_STATE;
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08003179
Paul Lawrenceb1eb7a02014-11-25 14:57:32 -08003180 if (how == CRYPTO_ENABLE_INPLACE
3181 && crypt_ftr.encrypted_upto != crypt_ftr.fs_size) {
Paul Lawrence87999172014-02-20 12:21:31 -08003182 SLOGD("Encrypted up to sector %lld - will continue after reboot",
3183 crypt_ftr.encrypted_upto);
Paul Lawrence6bfed202014-07-28 12:47:22 -07003184 crypt_ftr.flags |= CRYPT_ENCRYPTION_IN_PROGRESS;
Paul Lawrence87999172014-02-20 12:21:31 -08003185 }
Paul Lawrence73d7a022014-06-09 14:10:09 -07003186
Paul Lawrence6bfed202014-07-28 12:47:22 -07003187 put_crypt_ftr_and_key(&crypt_ftr);
Ken Sumralld33d4172011-02-01 00:49:13 -08003188
Paul Lawrenceb1eb7a02014-11-25 14:57:32 -08003189 if (how == CRYPTO_ENABLE_WIPE
3190 || crypt_ftr.encrypted_upto == crypt_ftr.fs_size) {
Paul Lawrenceb6672e12014-08-15 07:37:28 -07003191 char value[PROPERTY_VALUE_MAX];
3192 property_get("ro.crypto.state", value, "");
3193 if (!strcmp(value, "")) {
3194 /* default encryption - continue first boot sequence */
3195 property_set("ro.crypto.state", "encrypted");
3196 release_wake_lock(lockid);
3197 cryptfs_check_passwd(DEFAULT_PASSWORD);
3198 cryptfs_restart_internal(1);
3199 return 0;
3200 } else {
3201 sleep(2); /* Give the UI a chance to show 100% progress */
Paul Lawrence87999172014-02-20 12:21:31 -08003202 cryptfs_reboot(reboot);
Paul Lawrenceb6672e12014-08-15 07:37:28 -07003203 }
Paul Lawrence87999172014-02-20 12:21:31 -08003204 } else {
Paul Lawrenceb6672e12014-08-15 07:37:28 -07003205 sleep(2); /* Partially encrypted, ensure writes flushed to ssd */
Paul Lawrence87999172014-02-20 12:21:31 -08003206 cryptfs_reboot(shutdown);
3207 }
Ken Sumrall3ed82362011-01-28 23:31:16 -08003208 } else {
Mike Lockwoodee6d8c42012-02-15 13:43:28 -08003209 char value[PROPERTY_VALUE_MAX];
3210
Ken Sumrall319369a2012-06-27 16:30:18 -07003211 property_get("ro.vold.wipe_on_crypt_fail", value, "0");
Mike Lockwoodee6d8c42012-02-15 13:43:28 -08003212 if (!strcmp(value, "1")) {
3213 /* wipe data if encryption failed */
3214 SLOGE("encryption failed - rebooting into recovery to wipe data\n");
3215 mkdir("/cache/recovery", 0700);
Nick Kralevich4684e582012-06-26 15:07:03 -07003216 int fd = open("/cache/recovery/command", O_RDWR|O_CREAT|O_TRUNC, 0600);
Mike Lockwoodee6d8c42012-02-15 13:43:28 -08003217 if (fd >= 0) {
Jeff Sharkeydd1a8042014-09-24 11:46:51 -07003218 write(fd, "--wipe_data\n", strlen("--wipe_data\n") + 1);
3219 write(fd, "--reason=cryptfs_enable_internal\n", strlen("--reason=cryptfs_enable_internal\n") + 1);
Mike Lockwoodee6d8c42012-02-15 13:43:28 -08003220 close(fd);
3221 } else {
3222 SLOGE("could not open /cache/recovery/command\n");
3223 }
Paul Lawrence87999172014-02-20 12:21:31 -08003224 cryptfs_reboot(recovery);
Mike Lockwoodee6d8c42012-02-15 13:43:28 -08003225 } else {
3226 /* set property to trigger dialog */
3227 property_set("vold.encrypt_progress", "error_partially_encrypted");
3228 release_wake_lock(lockid);
3229 }
Ken Sumrall3ed82362011-01-28 23:31:16 -08003230 return -1;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003231 }
3232
Ken Sumrall3ed82362011-01-28 23:31:16 -08003233 /* hrm, the encrypt step claims success, but the reboot failed.
3234 * This should not happen.
3235 * Set the property and return. Hope the framework can deal with it.
3236 */
3237 property_set("vold.encrypt_progress", "error_reboot_failed");
Ken Sumrall5d4c68e2011-01-30 19:06:03 -08003238 release_wake_lock(lockid);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003239 return rc;
Ken Sumrall3ed82362011-01-28 23:31:16 -08003240
3241error_unencrypted:
Ken Sumrall29d8da82011-05-18 17:20:07 -07003242 free(vol_list);
Ken Sumrall3ed82362011-01-28 23:31:16 -08003243 property_set("vold.encrypt_progress", "error_not_encrypted");
Ken Sumrall5d4c68e2011-01-30 19:06:03 -08003244 if (lockid[0]) {
3245 release_wake_lock(lockid);
3246 }
Ken Sumrall3ed82362011-01-28 23:31:16 -08003247 return -1;
3248
3249error_shutting_down:
3250 /* we failed, and have not encrypted anthing, so the users's data is still intact,
3251 * but the framework is stopped and not restarted to show the error, so it's up to
3252 * vold to restart the system.
3253 */
3254 SLOGE("Error enabling encryption after framework is shutdown, no data changed, restarting system");
Paul Lawrence87999172014-02-20 12:21:31 -08003255 cryptfs_reboot(reboot);
Ken Sumrall3ed82362011-01-28 23:31:16 -08003256
3257 /* shouldn't get here */
3258 property_set("vold.encrypt_progress", "error_shutting_down");
Ken Sumrall29d8da82011-05-18 17:20:07 -07003259 free(vol_list);
Ken Sumrall5d4c68e2011-01-30 19:06:03 -08003260 if (lockid[0]) {
3261 release_wake_lock(lockid);
3262 }
Ken Sumrall3ed82362011-01-28 23:31:16 -08003263 return -1;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003264}
3265
Paul Lawrence45f10532014-04-04 18:11:56 +00003266int cryptfs_enable(char *howarg, int type, char *passwd, int allow_reboot)
Paul Lawrence13486032014-02-03 13:28:11 -08003267{
Paul Lawrencefc615042014-10-04 15:32:29 -07003268 char* adjusted_passwd = adjust_passwd(passwd);
3269 if (adjusted_passwd) {
3270 passwd = adjusted_passwd;
3271 }
3272
3273 int rc = cryptfs_enable_internal(howarg, type, passwd, allow_reboot);
3274
3275 free(adjusted_passwd);
3276 return rc;
Paul Lawrence13486032014-02-03 13:28:11 -08003277}
3278
3279int cryptfs_enable_default(char *howarg, int allow_reboot)
3280{
3281 return cryptfs_enable_internal(howarg, CRYPT_TYPE_DEFAULT,
3282 DEFAULT_PASSWORD, allow_reboot);
3283}
3284
3285int cryptfs_changepw(int crypt_type, const char *newpw)
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003286{
3287 struct crypt_mnt_ftr crypt_ftr;
JP Abgrall933216c2015-02-11 13:44:32 -08003288 int rc;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003289
3290 /* This is only allowed after we've successfully decrypted the master key */
Paul Lawrencef4faa572014-01-29 13:31:03 -08003291 if (!master_key_saved) {
Ken Sumrall0cc16632011-01-18 20:32:26 -08003292 SLOGE("Key not saved, aborting");
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003293 return -1;
3294 }
3295
Paul Lawrencef4faa572014-01-29 13:31:03 -08003296 if (crypt_type < 0 || crypt_type > CRYPT_TYPE_MAX_TYPE) {
3297 SLOGE("Invalid crypt_type %d", crypt_type);
3298 return -1;
3299 }
3300
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003301 /* get key */
Ken Sumrall160b4d62013-04-22 12:15:39 -07003302 if (get_crypt_ftr_and_key(&crypt_ftr)) {
Paul Lawrencef4faa572014-01-29 13:31:03 -08003303 SLOGE("Error getting crypt footer and key");
3304 return -1;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003305 }
3306
Paul Lawrencef4faa572014-01-29 13:31:03 -08003307 crypt_ftr.crypt_type = crypt_type;
3308
Paul Lawrencefc615042014-10-04 15:32:29 -07003309 char* adjusted_passwd = adjust_passwd(newpw);
3310 if (adjusted_passwd) {
3311 newpw = adjusted_passwd;
3312 }
3313
JP Abgrall933216c2015-02-11 13:44:32 -08003314 rc = encrypt_master_key(crypt_type == CRYPT_TYPE_DEFAULT ? DEFAULT_PASSWORD
Paul Lawrencef4faa572014-01-29 13:31:03 -08003315 : newpw,
3316 crypt_ftr.salt,
3317 saved_master_key,
3318 crypt_ftr.master_key,
3319 &crypt_ftr);
JP Abgrall933216c2015-02-11 13:44:32 -08003320 free(adjusted_passwd);
3321 if (rc) {
3322 SLOGE("Encrypt master key failed: %d", rc);
3323 return -1;
3324 }
Jason parks70a4b3f2011-01-28 10:10:47 -06003325 /* save the key */
Ken Sumrall160b4d62013-04-22 12:15:39 -07003326 put_crypt_ftr_and_key(&crypt_ftr);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003327
Ajay Dudani87701e22014-09-17 21:02:52 -07003328#ifdef CONFIG_HW_DISK_ENCRYPTION
Iliyan Malchevbb7d9af2014-11-20 18:42:23 -08003329 if (!strcmp((char *)crypt_ftr.crypto_type_name, "aes-xts")) {
3330 if (crypt_type == CRYPT_TYPE_DEFAULT) {
3331 int rc = update_hw_device_encryption_key(DEFAULT_PASSWORD, (char*) crypt_ftr.crypto_type_name);
3332 SLOGD("Update hardware encryption key to default for crypt_type: %d. rc = %d", crypt_type, rc);
3333 if (!rc)
3334 return -1;
3335 } else {
3336 int rc = update_hw_device_encryption_key(newpw, (char*) crypt_ftr.crypto_type_name);
3337 SLOGD("Update hardware encryption key for crypt_type: %d. rc = %d", crypt_type, rc);
3338 if (!rc)
3339 return -1;
3340 }
Ajay Dudani87701e22014-09-17 21:02:52 -07003341 }
3342#endif
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003343 return 0;
3344}
Ken Sumrall160b4d62013-04-22 12:15:39 -07003345
Rubin Xu85c01f92014-10-13 12:49:54 +01003346static unsigned int persist_get_max_entries(int encrypted) {
3347 struct crypt_mnt_ftr crypt_ftr;
3348 unsigned int dsize;
3349 unsigned int max_persistent_entries;
3350
3351 /* If encrypted, use the values from the crypt_ftr, otherwise
3352 * use the values for the current spec.
3353 */
3354 if (encrypted) {
3355 if (get_crypt_ftr_and_key(&crypt_ftr)) {
3356 return -1;
3357 }
3358 dsize = crypt_ftr.persist_data_size;
3359 } else {
3360 dsize = CRYPT_PERSIST_DATA_SIZE;
3361 }
3362
3363 max_persistent_entries = (dsize - sizeof(struct crypt_persist_data)) /
3364 sizeof(struct crypt_persist_entry);
3365
3366 return max_persistent_entries;
3367}
3368
3369static int persist_get_key(const char *fieldname, char *value)
Ken Sumrall160b4d62013-04-22 12:15:39 -07003370{
3371 unsigned int i;
3372
3373 if (persist_data == NULL) {
3374 return -1;
3375 }
3376 for (i = 0; i < persist_data->persist_valid_entries; i++) {
3377 if (!strncmp(persist_data->persist_entry[i].key, fieldname, PROPERTY_KEY_MAX)) {
3378 /* We found it! */
3379 strlcpy(value, persist_data->persist_entry[i].val, PROPERTY_VALUE_MAX);
3380 return 0;
3381 }
3382 }
3383
3384 return -1;
3385}
3386
Rubin Xu85c01f92014-10-13 12:49:54 +01003387static int persist_set_key(const char *fieldname, const char *value, int encrypted)
Ken Sumrall160b4d62013-04-22 12:15:39 -07003388{
3389 unsigned int i;
3390 unsigned int num;
Ken Sumrall160b4d62013-04-22 12:15:39 -07003391 unsigned int max_persistent_entries;
Ken Sumrall160b4d62013-04-22 12:15:39 -07003392
3393 if (persist_data == NULL) {
3394 return -1;
3395 }
3396
Rubin Xu85c01f92014-10-13 12:49:54 +01003397 max_persistent_entries = persist_get_max_entries(encrypted);
Ken Sumrall160b4d62013-04-22 12:15:39 -07003398
3399 num = persist_data->persist_valid_entries;
3400
3401 for (i = 0; i < num; i++) {
3402 if (!strncmp(persist_data->persist_entry[i].key, fieldname, PROPERTY_KEY_MAX)) {
3403 /* We found an existing entry, update it! */
3404 memset(persist_data->persist_entry[i].val, 0, PROPERTY_VALUE_MAX);
3405 strlcpy(persist_data->persist_entry[i].val, value, PROPERTY_VALUE_MAX);
3406 return 0;
3407 }
3408 }
3409
3410 /* We didn't find it, add it to the end, if there is room */
3411 if (persist_data->persist_valid_entries < max_persistent_entries) {
3412 memset(&persist_data->persist_entry[num], 0, sizeof(struct crypt_persist_entry));
3413 strlcpy(persist_data->persist_entry[num].key, fieldname, PROPERTY_KEY_MAX);
3414 strlcpy(persist_data->persist_entry[num].val, value, PROPERTY_VALUE_MAX);
3415 persist_data->persist_valid_entries++;
3416 return 0;
3417 }
3418
3419 return -1;
3420}
3421
Rubin Xu85c01f92014-10-13 12:49:54 +01003422/**
3423 * Test if key is part of the multi-entry (field, index) sequence. Return non-zero if key is in the
3424 * sequence and its index is greater than or equal to index. Return 0 otherwise.
3425 */
3426static int match_multi_entry(const char *key, const char *field, unsigned index) {
Rubin Xu85c01f92014-10-13 12:49:54 +01003427 unsigned int field_len;
3428 unsigned int key_index;
3429 field_len = strlen(field);
3430
3431 if (index == 0) {
3432 // The first key in a multi-entry field is just the filedname itself.
3433 if (!strcmp(key, field)) {
3434 return 1;
3435 }
3436 }
3437 // Match key against "%s_%d" % (field, index)
3438 if (strlen(key) < field_len + 1 + 1) {
3439 // Need at least a '_' and a digit.
3440 return 0;
3441 }
3442 if (strncmp(key, field, field_len)) {
3443 // If the key does not begin with field, it's not a match.
3444 return 0;
3445 }
3446 if (1 != sscanf(&key[field_len],"_%d", &key_index)) {
3447 return 0;
3448 }
3449 return key_index >= index;
3450}
3451
3452/*
3453 * Delete entry/entries from persist_data. If the entries are part of a multi-segment field, all
3454 * remaining entries starting from index will be deleted.
3455 * returns PERSIST_DEL_KEY_OK if deletion succeeds,
3456 * PERSIST_DEL_KEY_ERROR_NO_FIELD if the field does not exist,
3457 * and PERSIST_DEL_KEY_ERROR_OTHER if error occurs.
3458 *
3459 */
3460static int persist_del_keys(const char *fieldname, unsigned index)
3461{
3462 unsigned int i;
3463 unsigned int j;
3464 unsigned int num;
3465
3466 if (persist_data == NULL) {
3467 return PERSIST_DEL_KEY_ERROR_OTHER;
3468 }
3469
3470 num = persist_data->persist_valid_entries;
3471
3472 j = 0; // points to the end of non-deleted entries.
3473 // Filter out to-be-deleted entries in place.
3474 for (i = 0; i < num; i++) {
3475 if (!match_multi_entry(persist_data->persist_entry[i].key, fieldname, index)) {
3476 persist_data->persist_entry[j] = persist_data->persist_entry[i];
3477 j++;
3478 }
3479 }
3480
3481 if (j < num) {
3482 persist_data->persist_valid_entries = j;
3483 // Zeroise the remaining entries
3484 memset(&persist_data->persist_entry[j], 0, (num - j) * sizeof(struct crypt_persist_entry));
3485 return PERSIST_DEL_KEY_OK;
3486 } else {
3487 // Did not find an entry matching the given fieldname
3488 return PERSIST_DEL_KEY_ERROR_NO_FIELD;
3489 }
3490}
3491
3492static int persist_count_keys(const char *fieldname)
3493{
3494 unsigned int i;
3495 unsigned int count;
3496
3497 if (persist_data == NULL) {
3498 return -1;
3499 }
3500
3501 count = 0;
3502 for (i = 0; i < persist_data->persist_valid_entries; i++) {
3503 if (match_multi_entry(persist_data->persist_entry[i].key, fieldname, 0)) {
3504 count++;
3505 }
3506 }
3507
3508 return count;
3509}
3510
Ken Sumrall160b4d62013-04-22 12:15:39 -07003511/* Return the value of the specified field. */
Rubin Xu85c01f92014-10-13 12:49:54 +01003512int cryptfs_getfield(const char *fieldname, char *value, int len)
Ken Sumrall160b4d62013-04-22 12:15:39 -07003513{
3514 char temp_value[PROPERTY_VALUE_MAX];
Rubin Xu85c01f92014-10-13 12:49:54 +01003515 /* CRYPTO_GETFIELD_OK is success,
3516 * CRYPTO_GETFIELD_ERROR_NO_FIELD is value not set,
3517 * CRYPTO_GETFIELD_ERROR_BUF_TOO_SMALL is buffer (as given by len) too small,
3518 * CRYPTO_GETFIELD_ERROR_OTHER is any other error
Ken Sumrall160b4d62013-04-22 12:15:39 -07003519 */
Rubin Xu85c01f92014-10-13 12:49:54 +01003520 int rc = CRYPTO_GETFIELD_ERROR_OTHER;
3521 int i;
3522 char temp_field[PROPERTY_KEY_MAX];
Ken Sumrall160b4d62013-04-22 12:15:39 -07003523
3524 if (persist_data == NULL) {
3525 load_persistent_data();
3526 if (persist_data == NULL) {
3527 SLOGE("Getfield error, cannot load persistent data");
3528 goto out;
3529 }
3530 }
3531
Rubin Xu85c01f92014-10-13 12:49:54 +01003532 // Read value from persistent entries. If the original value is split into multiple entries,
3533 // stitch them back together.
Ken Sumrall160b4d62013-04-22 12:15:39 -07003534 if (!persist_get_key(fieldname, temp_value)) {
Rubin Xu85c01f92014-10-13 12:49:54 +01003535 // We found it, copy it to the caller's buffer and keep going until all entries are read.
3536 if (strlcpy(value, temp_value, len) >= (unsigned) len) {
3537 // value too small
3538 rc = CRYPTO_GETFIELD_ERROR_BUF_TOO_SMALL;
3539 goto out;
3540 }
3541 rc = CRYPTO_GETFIELD_OK;
3542
3543 for (i = 1; /* break explicitly */; i++) {
3544 if (snprintf(temp_field, sizeof(temp_field), "%s_%d", fieldname, i) >=
3545 (int) sizeof(temp_field)) {
3546 // If the fieldname is very long, we stop as soon as it begins to overflow the
3547 // maximum field length. At this point we have in fact fully read out the original
3548 // value because cryptfs_setfield would not allow fields with longer names to be
3549 // written in the first place.
3550 break;
3551 }
3552 if (!persist_get_key(temp_field, temp_value)) {
3553 if (strlcat(value, temp_value, len) >= (unsigned)len) {
3554 // value too small.
3555 rc = CRYPTO_GETFIELD_ERROR_BUF_TOO_SMALL;
3556 goto out;
3557 }
3558 } else {
3559 // Exhaust all entries.
3560 break;
3561 }
3562 }
Ken Sumrall160b4d62013-04-22 12:15:39 -07003563 } else {
3564 /* Sadness, it's not there. Return the error */
Rubin Xu85c01f92014-10-13 12:49:54 +01003565 rc = CRYPTO_GETFIELD_ERROR_NO_FIELD;
Ken Sumrall160b4d62013-04-22 12:15:39 -07003566 }
3567
3568out:
3569 return rc;
3570}
3571
3572/* Set the value of the specified field. */
Rubin Xu85c01f92014-10-13 12:49:54 +01003573int cryptfs_setfield(const char *fieldname, const char *value)
Ken Sumrall160b4d62013-04-22 12:15:39 -07003574{
Ken Sumrall160b4d62013-04-22 12:15:39 -07003575 char encrypted_state[PROPERTY_VALUE_MAX];
Rubin Xu85c01f92014-10-13 12:49:54 +01003576 /* 0 is success, negative values are error */
3577 int rc = CRYPTO_SETFIELD_ERROR_OTHER;
Ken Sumrall160b4d62013-04-22 12:15:39 -07003578 int encrypted = 0;
Rubin Xu85c01f92014-10-13 12:49:54 +01003579 unsigned int field_id;
3580 char temp_field[PROPERTY_KEY_MAX];
3581 unsigned int num_entries;
3582 unsigned int max_keylen;
Ken Sumrall160b4d62013-04-22 12:15:39 -07003583
3584 if (persist_data == NULL) {
3585 load_persistent_data();
3586 if (persist_data == NULL) {
3587 SLOGE("Setfield error, cannot load persistent data");
3588 goto out;
3589 }
3590 }
3591
3592 property_get("ro.crypto.state", encrypted_state, "");
3593 if (!strcmp(encrypted_state, "encrypted") ) {
3594 encrypted = 1;
3595 }
3596
Rubin Xu85c01f92014-10-13 12:49:54 +01003597 // Compute the number of entries required to store value, each entry can store up to
3598 // (PROPERTY_VALUE_MAX - 1) chars
3599 if (strlen(value) == 0) {
3600 // Empty value also needs one entry to store.
3601 num_entries = 1;
3602 } else {
3603 num_entries = (strlen(value) + (PROPERTY_VALUE_MAX - 1) - 1) / (PROPERTY_VALUE_MAX - 1);
3604 }
3605
3606 max_keylen = strlen(fieldname);
3607 if (num_entries > 1) {
3608 // Need an extra "_%d" suffix.
3609 max_keylen += 1 + log10(num_entries);
3610 }
3611 if (max_keylen > PROPERTY_KEY_MAX - 1) {
3612 rc = CRYPTO_SETFIELD_ERROR_FIELD_TOO_LONG;
Ken Sumrall160b4d62013-04-22 12:15:39 -07003613 goto out;
3614 }
3615
Rubin Xu85c01f92014-10-13 12:49:54 +01003616 // Make sure we have enough space to write the new value
3617 if (persist_data->persist_valid_entries + num_entries - persist_count_keys(fieldname) >
3618 persist_get_max_entries(encrypted)) {
3619 rc = CRYPTO_SETFIELD_ERROR_VALUE_TOO_LONG;
3620 goto out;
3621 }
3622
3623 // Now that we know persist_data has enough space for value, let's delete the old field first
3624 // to make up space.
3625 persist_del_keys(fieldname, 0);
3626
3627 if (persist_set_key(fieldname, value, encrypted)) {
3628 // fail to set key, should not happen as we have already checked the available space
3629 SLOGE("persist_set_key() error during setfield()");
3630 goto out;
3631 }
3632
3633 for (field_id = 1; field_id < num_entries; field_id++) {
3634 snprintf(temp_field, sizeof(temp_field), "%s_%d", fieldname, field_id);
3635
3636 if (persist_set_key(temp_field, value + field_id * (PROPERTY_VALUE_MAX - 1), encrypted)) {
3637 // fail to set key, should not happen as we have already checked the available space.
3638 SLOGE("persist_set_key() error during setfield()");
3639 goto out;
3640 }
3641 }
3642
Ken Sumrall160b4d62013-04-22 12:15:39 -07003643 /* If we are running encrypted, save the persistent data now */
3644 if (encrypted) {
3645 if (save_persistent_data()) {
3646 SLOGE("Setfield error, cannot save persistent data");
3647 goto out;
3648 }
3649 }
3650
Rubin Xu85c01f92014-10-13 12:49:54 +01003651 rc = CRYPTO_SETFIELD_OK;
Ken Sumrall160b4d62013-04-22 12:15:39 -07003652
3653out:
3654 return rc;
3655}
Paul Lawrencef4faa572014-01-29 13:31:03 -08003656
3657/* Checks userdata. Attempt to mount the volume if default-
3658 * encrypted.
3659 * On success trigger next init phase and return 0.
3660 * Currently do not handle failure - see TODO below.
3661 */
3662int cryptfs_mount_default_encrypted(void)
3663{
3664 char decrypt_state[PROPERTY_VALUE_MAX];
3665 property_get("vold.decrypt", decrypt_state, "0");
3666 if (!strcmp(decrypt_state, "0")) {
3667 SLOGE("Not encrypted - should not call here");
3668 } else {
3669 int crypt_type = cryptfs_get_password_type();
3670 if (crypt_type < 0 || crypt_type > CRYPT_TYPE_MAX_TYPE) {
3671 SLOGE("Bad crypt type - error");
3672 } else if (crypt_type != CRYPT_TYPE_DEFAULT) {
3673 SLOGD("Password is not default - "
3674 "starting min framework to prompt");
3675 property_set("vold.decrypt", "trigger_restart_min_framework");
3676 return 0;
3677 } else if (cryptfs_check_passwd(DEFAULT_PASSWORD) == 0) {
3678 SLOGD("Password is default - restarting filesystem");
3679 cryptfs_restart_internal(0);
3680 return 0;
3681 } else {
3682 SLOGE("Encrypted, default crypt type but can't decrypt");
3683 }
3684 }
3685
Paul Lawrence6bfed202014-07-28 12:47:22 -07003686 /** Corrupt. Allow us to boot into framework, which will detect bad
3687 crypto when it calls do_crypto_complete, then do a factory reset
Paul Lawrencef4faa572014-01-29 13:31:03 -08003688 */
Paul Lawrence6bfed202014-07-28 12:47:22 -07003689 property_set("vold.decrypt", "trigger_restart_min_framework");
Paul Lawrencef4faa572014-01-29 13:31:03 -08003690 return 0;
3691}
3692
3693/* Returns type of the password, default, pattern, pin or password.
3694 */
3695int cryptfs_get_password_type(void)
3696{
3697 struct crypt_mnt_ftr crypt_ftr;
3698
3699 if (get_crypt_ftr_and_key(&crypt_ftr)) {
3700 SLOGE("Error getting crypt footer and key\n");
3701 return -1;
3702 }
3703
Paul Lawrence6bfed202014-07-28 12:47:22 -07003704 if (crypt_ftr.flags & CRYPT_INCONSISTENT_STATE) {
3705 return -1;
3706 }
3707
Paul Lawrencef4faa572014-01-29 13:31:03 -08003708 return crypt_ftr.crypt_type;
3709}
Paul Lawrence684dbdf2014-02-07 12:07:22 -08003710
Paul Lawrence399317e2014-03-10 13:20:50 -07003711char* cryptfs_get_password()
Paul Lawrence684dbdf2014-02-07 12:07:22 -08003712{
Paul Lawrence399317e2014-03-10 13:20:50 -07003713 struct timespec now;
Paul Lawrenceef2b5be2014-11-11 12:47:03 -08003714 clock_gettime(CLOCK_BOOTTIME, &now);
Paul Lawrence399317e2014-03-10 13:20:50 -07003715 if (now.tv_sec < password_expiry_time) {
3716 return password;
3717 } else {
3718 cryptfs_clear_password();
3719 return 0;
3720 }
3721}
3722
3723void cryptfs_clear_password()
3724{
3725 if (password) {
3726 size_t len = strlen(password);
3727 memset(password, 0, len);
3728 free(password);
3729 password = 0;
3730 password_expiry_time = 0;
3731 }
Paul Lawrence684dbdf2014-02-07 12:07:22 -08003732}