blob: f6bad74402a62d83d20b503f1e54ba5f3f7132a0 [file] [log] [blame]
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001/*
2 * Copyright (C) 2010 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17/* TO DO:
18 * 1. Perhaps keep several copies of the encrypted key, in case something
19 * goes horribly wrong?
20 *
21 */
22
23#include <sys/types.h>
Ken Sumralle550f782013-08-20 13:48:23 -070024#include <sys/wait.h>
Ken Sumrall8f869aa2010-12-03 03:47:09 -080025#include <sys/stat.h>
Paul Lawrencef4faa572014-01-29 13:31:03 -080026#include <ctype.h>
Ken Sumrall8f869aa2010-12-03 03:47:09 -080027#include <fcntl.h>
Elliott Hughes73737162014-06-25 17:27:42 -070028#include <inttypes.h>
Ken Sumrall8f869aa2010-12-03 03:47:09 -080029#include <unistd.h>
30#include <stdio.h>
31#include <sys/ioctl.h>
32#include <linux/dm-ioctl.h>
33#include <libgen.h>
34#include <stdlib.h>
35#include <sys/param.h>
36#include <string.h>
37#include <sys/mount.h>
38#include <openssl/evp.h>
Adam Langley41405bb2015-01-22 16:45:28 -080039#include <openssl/sha.h>
Ken Sumrall8f869aa2010-12-03 03:47:09 -080040#include <errno.h>
Ken Sumrall3ed82362011-01-28 23:31:16 -080041#include <ext4.h>
Ken Sumrall29d8da82011-05-18 17:20:07 -070042#include <linux/kdev_t.h>
Ken Sumralle5032c42012-04-01 23:58:44 -070043#include <fs_mgr.h>
Paul Lawrence9c58a872014-09-30 09:12:51 -070044#include <time.h>
Rubin Xu85c01f92014-10-13 12:49:54 +010045#include <math.h>
Ken Sumrall8f869aa2010-12-03 03:47:09 -080046#include "cryptfs.h"
47#define LOG_TAG "Cryptfs"
48#include "cutils/log.h"
49#include "cutils/properties.h"
Ken Sumralladfba362013-06-04 16:37:52 -070050#include "cutils/android_reboot.h"
Ken Sumrall5d4c68e2011-01-30 19:06:03 -080051#include "hardware_legacy/power.h"
Ken Sumralle550f782013-08-20 13:48:23 -070052#include <logwrap/logwrap.h>
Ken Sumrall29d8da82011-05-18 17:20:07 -070053#include "VolumeManager.h"
Ken Sumrall9caab762013-06-11 19:10:20 -070054#include "VoldUtil.h"
Kenny Rootc4c70f12013-06-14 12:11:38 -070055#include "crypto_scrypt.h"
Paul Lawrence05335c32015-03-05 09:46:23 -080056#include "ext4_crypt.h"
Paul Lawrenceae59fe62014-01-21 08:23:27 -080057#include "ext4_utils.h"
Daniel Rosenberge82df162014-08-15 22:19:23 +000058#include "f2fs_sparseblock.h"
Paul Lawrence87999172014-02-20 12:21:31 -080059#include "CheckBattery.h"
jessica_yu3f14fe42014-09-22 15:57:40 +080060#include "Process.h"
Ken Sumrall8f869aa2010-12-03 03:47:09 -080061
Shawn Willden8af33352015-02-24 09:51:34 -070062#include <hardware/keymaster0.h>
Paul Lawrence69f4ebd2014-04-14 12:17:14 -070063
Mark Salyzyn3e971272014-01-21 13:27:04 -080064#define UNUSED __attribute__((unused))
65
Mark Salyzyn5eecc442014-02-12 14:16:14 -080066#define UNUSED __attribute__((unused))
67
Ajay Dudani87701e22014-09-17 21:02:52 -070068#ifdef CONFIG_HW_DISK_ENCRYPTION
69#include "cryptfs_hw.h"
70#endif
71
Ken Sumrall8f869aa2010-12-03 03:47:09 -080072#define DM_CRYPT_BUF_SIZE 4096
73
Jason parks70a4b3f2011-01-28 10:10:47 -060074#define HASH_COUNT 2000
75#define KEY_LEN_BYTES 16
76#define IV_LEN_BYTES 16
77
Ken Sumrall29d8da82011-05-18 17:20:07 -070078#define KEY_IN_FOOTER "footer"
79
Paul Lawrencef4faa572014-01-29 13:31:03 -080080// "default_password" encoded into hex (d=0x64 etc)
81#define DEFAULT_PASSWORD "64656661756c745f70617373776f7264"
82
Ken Sumrall29d8da82011-05-18 17:20:07 -070083#define EXT4_FS 1
JP Abgrall62c7af32014-06-16 13:01:23 -070084#define F2FS_FS 2
Ken Sumrall29d8da82011-05-18 17:20:07 -070085
Ken Sumralle919efe2012-09-29 17:07:41 -070086#define TABLE_LOAD_RETRIES 10
87
Shawn Willden47ba10d2014-09-03 17:07:06 -060088#define RSA_KEY_SIZE 2048
89#define RSA_KEY_SIZE_BYTES (RSA_KEY_SIZE / 8)
90#define RSA_EXPONENT 0x10001
Paul Lawrence69f4ebd2014-04-14 12:17:14 -070091
Paul Lawrence8e3f4512014-09-08 10:11:17 -070092#define RETRY_MOUNT_ATTEMPTS 10
93#define RETRY_MOUNT_DELAY_SECONDS 1
94
Ken Sumrall8f869aa2010-12-03 03:47:09 -080095char *me = "cryptfs";
96
Jason parks70a4b3f2011-01-28 10:10:47 -060097static unsigned char saved_master_key[KEY_LEN_BYTES];
Ken Sumrall3ad90722011-10-04 20:38:29 -070098static char *saved_mount_point;
Jason parks70a4b3f2011-01-28 10:10:47 -060099static int master_key_saved = 0;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700100static struct crypt_persist_data *persist_data = NULL;
Ken Sumrall56ad03c2013-02-13 13:00:19 -0800101
Shawn Willden8af33352015-02-24 09:51:34 -0700102static int keymaster_init(keymaster0_device_t **keymaster_dev)
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700103{
104 int rc;
105
106 const hw_module_t* mod;
107 rc = hw_get_module_by_class(KEYSTORE_HARDWARE_MODULE_ID, NULL, &mod);
108 if (rc) {
109 ALOGE("could not find any keystore module");
110 goto out;
111 }
112
Shawn Willden8af33352015-02-24 09:51:34 -0700113 rc = keymaster0_open(mod, keymaster_dev);
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700114 if (rc) {
115 ALOGE("could not open keymaster device in %s (%s)",
116 KEYSTORE_HARDWARE_MODULE_ID, strerror(-rc));
117 goto out;
118 }
119
120 return 0;
121
122out:
123 *keymaster_dev = NULL;
124 return rc;
125}
126
127/* Should we use keymaster? */
128static int keymaster_check_compatibility()
129{
Shawn Willden8af33352015-02-24 09:51:34 -0700130 keymaster0_device_t *keymaster_dev = 0;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700131 int rc = 0;
132
133 if (keymaster_init(&keymaster_dev)) {
134 SLOGE("Failed to init keymaster");
135 rc = -1;
136 goto out;
137 }
138
Paul Lawrence8c008392014-05-06 14:02:48 -0700139 SLOGI("keymaster version is %d", keymaster_dev->common.module->module_api_version);
140
141 if (keymaster_dev->common.module->module_api_version
142 < KEYMASTER_MODULE_API_VERSION_0_3) {
143 rc = 0;
144 goto out;
145 }
146
Shawn Willden7c49ab02014-10-30 08:12:32 -0600147 if (!(keymaster_dev->flags & KEYMASTER_SOFTWARE_ONLY) &&
148 (keymaster_dev->flags & KEYMASTER_BLOBS_ARE_STANDALONE)) {
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700149 rc = 1;
150 }
151
152out:
Shawn Willden8af33352015-02-24 09:51:34 -0700153 keymaster0_close(keymaster_dev);
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700154 return rc;
155}
156
157/* Create a new keymaster key and store it in this footer */
158static int keymaster_create_key(struct crypt_mnt_ftr *ftr)
159{
160 uint8_t* key = 0;
Shawn Willden8af33352015-02-24 09:51:34 -0700161 keymaster0_device_t *keymaster_dev = 0;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700162
163 if (keymaster_init(&keymaster_dev)) {
164 SLOGE("Failed to init keymaster");
165 return -1;
166 }
167
168 int rc = 0;
169
170 keymaster_rsa_keygen_params_t params;
171 memset(&params, '\0', sizeof(params));
Shawn Willden47ba10d2014-09-03 17:07:06 -0600172 params.public_exponent = RSA_EXPONENT;
173 params.modulus_size = RSA_KEY_SIZE;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700174
175 size_t key_size;
176 if (keymaster_dev->generate_keypair(keymaster_dev, TYPE_RSA, &params,
177 &key, &key_size)) {
178 SLOGE("Failed to generate keypair");
179 rc = -1;
180 goto out;
181 }
182
183 if (key_size > KEYMASTER_BLOB_SIZE) {
184 SLOGE("Keymaster key too large for crypto footer");
185 rc = -1;
186 goto out;
187 }
188
189 memcpy(ftr->keymaster_blob, key, key_size);
190 ftr->keymaster_blob_size = key_size;
191
192out:
Shawn Willden8af33352015-02-24 09:51:34 -0700193 keymaster0_close(keymaster_dev);
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700194 free(key);
195 return rc;
196}
197
Shawn Willdene17a9c42014-09-08 13:04:08 -0600198/* This signs the given object using the keymaster key. */
199static int keymaster_sign_object(struct crypt_mnt_ftr *ftr,
Shawn Willden47ba10d2014-09-03 17:07:06 -0600200 const unsigned char *object,
201 const size_t object_size,
202 unsigned char **signature,
203 size_t *signature_size)
204{
205 int rc = 0;
Shawn Willden8af33352015-02-24 09:51:34 -0700206 keymaster0_device_t *keymaster_dev = 0;
Shawn Willden47ba10d2014-09-03 17:07:06 -0600207 if (keymaster_init(&keymaster_dev)) {
208 SLOGE("Failed to init keymaster");
209 return -1;
210 }
211
212 /* We currently set the digest type to DIGEST_NONE because it's the
213 * only supported value for keymaster. A similar issue exists with
214 * PADDING_NONE. Long term both of these should likely change.
215 */
216 keymaster_rsa_sign_params_t params;
217 params.digest_type = DIGEST_NONE;
218 params.padding_type = PADDING_NONE;
219
220 unsigned char to_sign[RSA_KEY_SIZE_BYTES];
Shawn Willdene17a9c42014-09-08 13:04:08 -0600221 size_t to_sign_size = sizeof(to_sign);
Shawn Willden47ba10d2014-09-03 17:07:06 -0600222 memset(to_sign, 0, RSA_KEY_SIZE_BYTES);
Shawn Willden47ba10d2014-09-03 17:07:06 -0600223
Shawn Willdene17a9c42014-09-08 13:04:08 -0600224 // To sign a message with RSA, the message must satisfy two
225 // constraints:
226 //
227 // 1. The message, when interpreted as a big-endian numeric value, must
228 // be strictly less than the public modulus of the RSA key. Note
229 // that because the most significant bit of the public modulus is
230 // guaranteed to be 1 (else it's an (n-1)-bit key, not an n-bit
231 // key), an n-bit message with most significant bit 0 always
232 // satisfies this requirement.
233 //
234 // 2. The message must have the same length in bits as the public
235 // modulus of the RSA key. This requirement isn't mathematically
236 // necessary, but is necessary to ensure consistency in
237 // implementations.
238 switch (ftr->kdf_type) {
Shawn Willdene17a9c42014-09-08 13:04:08 -0600239 case KDF_SCRYPT_KEYMASTER:
240 // This ensures the most significant byte of the signed message
241 // is zero. We could have zero-padded to the left instead, but
242 // this approach is slightly more robust against changes in
243 // object size. However, it's still broken (but not unusably
244 // so) because we really should be using a proper RSA padding
245 // function, such as OAEP.
246 //
247 // TODO(paullawrence): When keymaster 0.4 is available, change
248 // this to use the padding options it provides.
249 memcpy(to_sign + 1, object, min(RSA_KEY_SIZE_BYTES - 1, object_size));
250 SLOGI("Signing safely-padded object");
251 break;
252 default:
253 SLOGE("Unknown KDF type %d", ftr->kdf_type);
254 return -1;
255 }
256
Shawn Willden47ba10d2014-09-03 17:07:06 -0600257 rc = keymaster_dev->sign_data(keymaster_dev,
258 &params,
259 ftr->keymaster_blob,
260 ftr->keymaster_blob_size,
261 to_sign,
Shawn Willdene17a9c42014-09-08 13:04:08 -0600262 to_sign_size,
Shawn Willden47ba10d2014-09-03 17:07:06 -0600263 signature,
264 signature_size);
265
Shawn Willden8af33352015-02-24 09:51:34 -0700266 keymaster0_close(keymaster_dev);
Shawn Willden47ba10d2014-09-03 17:07:06 -0600267 return rc;
268}
269
Paul Lawrence399317e2014-03-10 13:20:50 -0700270/* Store password when userdata is successfully decrypted and mounted.
271 * Cleared by cryptfs_clear_password
272 *
273 * To avoid a double prompt at boot, we need to store the CryptKeeper
274 * password and pass it to KeyGuard, which uses it to unlock KeyStore.
275 * Since the entire framework is torn down and rebuilt after encryption,
276 * we have to use a daemon or similar to store the password. Since vold
277 * is secured against IPC except from system processes, it seems a reasonable
278 * place to store this.
279 *
280 * password should be cleared once it has been used.
281 *
282 * password is aged out after password_max_age_seconds seconds.
Paul Lawrence684dbdf2014-02-07 12:07:22 -0800283 */
Paul Lawrence399317e2014-03-10 13:20:50 -0700284static char* password = 0;
285static int password_expiry_time = 0;
286static const int password_max_age_seconds = 60;
Paul Lawrence684dbdf2014-02-07 12:07:22 -0800287
Ken Sumrall56ad03c2013-02-13 13:00:19 -0800288extern struct fstab *fstab;
Ken Sumrall8ddbe402011-01-17 15:26:29 -0800289
Paul Lawrence87999172014-02-20 12:21:31 -0800290enum RebootType {reboot, recovery, shutdown};
291static void cryptfs_reboot(enum RebootType rt)
Ken Sumralladfba362013-06-04 16:37:52 -0700292{
Paul Lawrence87999172014-02-20 12:21:31 -0800293 switch(rt) {
294 case reboot:
295 property_set(ANDROID_RB_PROPERTY, "reboot");
296 break;
297
298 case recovery:
299 property_set(ANDROID_RB_PROPERTY, "reboot,recovery");
300 break;
301
302 case shutdown:
303 property_set(ANDROID_RB_PROPERTY, "shutdown");
304 break;
Ken Sumralladfba362013-06-04 16:37:52 -0700305 }
Paul Lawrence87999172014-02-20 12:21:31 -0800306
Ken Sumralladfba362013-06-04 16:37:52 -0700307 sleep(20);
308
309 /* Shouldn't get here, reboot should happen before sleep times out */
310 return;
311}
312
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800313static void ioctl_init(struct dm_ioctl *io, size_t dataSize, const char *name, unsigned flags)
314{
315 memset(io, 0, dataSize);
316 io->data_size = dataSize;
317 io->data_start = sizeof(struct dm_ioctl);
318 io->version[0] = 4;
319 io->version[1] = 0;
320 io->version[2] = 0;
321 io->flags = flags;
322 if (name) {
Marek Pola5e6b9142015-02-05 14:22:34 +0100323 strlcpy(io->name, name, sizeof(io->name));
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800324 }
325}
326
Kenny Rootc4c70f12013-06-14 12:11:38 -0700327/**
328 * Gets the default device scrypt parameters for key derivation time tuning.
329 * The parameters should lead to about one second derivation time for the
330 * given device.
331 */
332static void get_device_scrypt_params(struct crypt_mnt_ftr *ftr) {
333 const int default_params[] = SCRYPT_DEFAULTS;
334 int params[] = SCRYPT_DEFAULTS;
335 char paramstr[PROPERTY_VALUE_MAX];
336 char *token;
337 char *saveptr;
338 int i;
339
340 property_get(SCRYPT_PROP, paramstr, "");
341 if (paramstr[0] != '\0') {
342 /*
343 * The token we're looking for should be three integers separated by
344 * colons (e.g., "12:8:1"). Scan the property to make sure it matches.
345 */
Kenny Root2947e342013-08-14 15:54:49 -0700346 for (i = 0, token = strtok_r(paramstr, ":", &saveptr);
347 token != NULL && i < 3;
Kenny Rootc4c70f12013-06-14 12:11:38 -0700348 i++, token = strtok_r(NULL, ":", &saveptr)) {
349 char *endptr;
350 params[i] = strtol(token, &endptr, 10);
351
352 /*
353 * Check that there was a valid number and it's 8-bit. If not,
354 * break out and the end check will take the default values.
355 */
356 if ((*token == '\0') || (*endptr != '\0') || params[i] < 0 || params[i] > 255) {
357 break;
358 }
359 }
360
361 /*
362 * If there were not enough tokens or a token was malformed (not an
363 * integer), it will end up here and the default parameters can be
364 * taken.
365 */
366 if ((i != 3) || (token != NULL)) {
367 SLOGW("bad scrypt parameters '%s' should be like '12:8:1'; using defaults", paramstr);
368 memcpy(params, default_params, sizeof(params));
369 }
370 }
371
372 ftr->N_factor = params[0];
373 ftr->r_factor = params[1];
374 ftr->p_factor = params[2];
375}
376
Ken Sumrall3ed82362011-01-28 23:31:16 -0800377static unsigned int get_fs_size(char *dev)
378{
379 int fd, block_size;
380 struct ext4_super_block sb;
381 off64_t len;
382
Jeff Sharkeyce6a9132015-04-08 21:07:21 -0700383 if ((fd = open(dev, O_RDONLY|O_CLOEXEC)) < 0) {
Ken Sumrall3ed82362011-01-28 23:31:16 -0800384 SLOGE("Cannot open device to get filesystem size ");
385 return 0;
386 }
387
388 if (lseek64(fd, 1024, SEEK_SET) < 0) {
389 SLOGE("Cannot seek to superblock");
390 return 0;
391 }
392
393 if (read(fd, &sb, sizeof(sb)) != sizeof(sb)) {
394 SLOGE("Cannot read superblock");
395 return 0;
396 }
397
398 close(fd);
399
Daniel Rosenberge82df162014-08-15 22:19:23 +0000400 if (le32_to_cpu(sb.s_magic) != EXT4_SUPER_MAGIC) {
401 SLOGE("Not a valid ext4 superblock");
402 return 0;
403 }
Ken Sumrall3ed82362011-01-28 23:31:16 -0800404 block_size = 1024 << sb.s_log_block_size;
405 /* compute length in bytes */
406 len = ( ((off64_t)sb.s_blocks_count_hi << 32) + sb.s_blocks_count_lo) * block_size;
407
408 /* return length in sectors */
409 return (unsigned int) (len / 512);
410}
411
Ken Sumrall160b4d62013-04-22 12:15:39 -0700412static int get_crypt_ftr_info(char **metadata_fname, off64_t *off)
413{
414 static int cached_data = 0;
415 static off64_t cached_off = 0;
416 static char cached_metadata_fname[PROPERTY_VALUE_MAX] = "";
417 int fd;
418 char key_loc[PROPERTY_VALUE_MAX];
419 char real_blkdev[PROPERTY_VALUE_MAX];
Ken Sumrall160b4d62013-04-22 12:15:39 -0700420 int rc = -1;
421
422 if (!cached_data) {
423 fs_mgr_get_crypt_info(fstab, key_loc, real_blkdev, sizeof(key_loc));
424
425 if (!strcmp(key_loc, KEY_IN_FOOTER)) {
Jeff Sharkeyce6a9132015-04-08 21:07:21 -0700426 if ( (fd = open(real_blkdev, O_RDWR|O_CLOEXEC)) < 0) {
Ken Sumrall160b4d62013-04-22 12:15:39 -0700427 SLOGE("Cannot open real block device %s\n", real_blkdev);
428 return -1;
429 }
430
Hiroaki Miyazawa14eab552015-02-04 13:29:15 +0900431 unsigned long nr_sec = 0;
432 get_blkdev_size(fd, &nr_sec);
433 if (nr_sec != 0) {
Ken Sumrall160b4d62013-04-22 12:15:39 -0700434 /* If it's an encrypted Android partition, the last 16 Kbytes contain the
435 * encryption info footer and key, and plenty of bytes to spare for future
436 * growth.
437 */
438 strlcpy(cached_metadata_fname, real_blkdev, sizeof(cached_metadata_fname));
439 cached_off = ((off64_t)nr_sec * 512) - CRYPT_FOOTER_OFFSET;
440 cached_data = 1;
441 } else {
442 SLOGE("Cannot get size of block device %s\n", real_blkdev);
443 }
444 close(fd);
445 } else {
446 strlcpy(cached_metadata_fname, key_loc, sizeof(cached_metadata_fname));
447 cached_off = 0;
448 cached_data = 1;
449 }
450 }
451
452 if (cached_data) {
453 if (metadata_fname) {
454 *metadata_fname = cached_metadata_fname;
455 }
456 if (off) {
457 *off = cached_off;
458 }
459 rc = 0;
460 }
461
462 return rc;
463}
464
Ken Sumralle8744072011-01-18 22:01:55 -0800465/* key or salt can be NULL, in which case just skip writing that value. Useful to
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800466 * update the failed mount count but not change the key.
467 */
Ken Sumrall160b4d62013-04-22 12:15:39 -0700468static int put_crypt_ftr_and_key(struct crypt_mnt_ftr *crypt_ftr)
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800469{
470 int fd;
Tim Murray8439dc92014-12-15 11:56:11 -0800471 unsigned int cnt;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700472 /* starting_off is set to the SEEK_SET offset
473 * where the crypto structure starts
474 */
475 off64_t starting_off;
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800476 int rc = -1;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700477 char *fname = NULL;
Ken Sumrall3be890f2011-09-14 16:53:46 -0700478 struct stat statbuf;
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800479
Ken Sumrall160b4d62013-04-22 12:15:39 -0700480 if (get_crypt_ftr_info(&fname, &starting_off)) {
481 SLOGE("Unable to get crypt_ftr_info\n");
482 return -1;
483 }
484 if (fname[0] != '/') {
Ken Sumralle5032c42012-04-01 23:58:44 -0700485 SLOGE("Unexpected value for crypto key location\n");
Ken Sumrall160b4d62013-04-22 12:15:39 -0700486 return -1;
487 }
Jeff Sharkeyce6a9132015-04-08 21:07:21 -0700488 if ( (fd = open(fname, O_RDWR | O_CREAT|O_CLOEXEC, 0600)) < 0) {
Ken Sumralle550f782013-08-20 13:48:23 -0700489 SLOGE("Cannot open footer file %s for put\n", fname);
Ken Sumrall160b4d62013-04-22 12:15:39 -0700490 return -1;
491 }
492
493 /* Seek to the start of the crypt footer */
494 if (lseek64(fd, starting_off, SEEK_SET) == -1) {
495 SLOGE("Cannot seek to real block device footer\n");
496 goto errout;
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800497 }
498
499 if ((cnt = write(fd, crypt_ftr, sizeof(struct crypt_mnt_ftr))) != sizeof(struct crypt_mnt_ftr)) {
500 SLOGE("Cannot write real block device footer\n");
501 goto errout;
502 }
503
Ken Sumrall3be890f2011-09-14 16:53:46 -0700504 fstat(fd, &statbuf);
505 /* If the keys are kept on a raw block device, do not try to truncate it. */
Ken Sumralle550f782013-08-20 13:48:23 -0700506 if (S_ISREG(statbuf.st_mode)) {
Ken Sumrall29d8da82011-05-18 17:20:07 -0700507 if (ftruncate(fd, 0x4000)) {
Colin Cross59846b62014-02-06 20:34:29 -0800508 SLOGE("Cannot set footer file size\n");
Ken Sumralle8744072011-01-18 22:01:55 -0800509 goto errout;
510 }
511 }
512
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800513 /* Success! */
514 rc = 0;
515
516errout:
517 close(fd);
518 return rc;
519
520}
521
Ken Sumrall160b4d62013-04-22 12:15:39 -0700522static inline int unix_read(int fd, void* buff, int len)
523{
524 return TEMP_FAILURE_RETRY(read(fd, buff, len));
525}
526
527static inline int unix_write(int fd, const void* buff, int len)
528{
529 return TEMP_FAILURE_RETRY(write(fd, buff, len));
530}
531
532static void init_empty_persist_data(struct crypt_persist_data *pdata, int len)
533{
534 memset(pdata, 0, len);
535 pdata->persist_magic = PERSIST_DATA_MAGIC;
536 pdata->persist_valid_entries = 0;
537}
538
539/* A routine to update the passed in crypt_ftr to the lastest version.
540 * fd is open read/write on the device that holds the crypto footer and persistent
541 * data, crypt_ftr is a pointer to the struct to be updated, and offset is the
542 * absolute offset to the start of the crypt_mnt_ftr on the passed in fd.
543 */
544static void upgrade_crypt_ftr(int fd, struct crypt_mnt_ftr *crypt_ftr, off64_t offset)
545{
Kenny Root7434b312013-06-14 11:29:53 -0700546 int orig_major = crypt_ftr->major_version;
547 int orig_minor = crypt_ftr->minor_version;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700548
Kenny Root7434b312013-06-14 11:29:53 -0700549 if ((crypt_ftr->major_version == 1) && (crypt_ftr->minor_version == 0)) {
550 struct crypt_persist_data *pdata;
551 off64_t pdata_offset = offset + CRYPT_FOOTER_TO_PERSIST_OFFSET;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700552
Kenny Rootc4c70f12013-06-14 12:11:38 -0700553 SLOGW("upgrading crypto footer to 1.1");
554
Kenny Root7434b312013-06-14 11:29:53 -0700555 pdata = malloc(CRYPT_PERSIST_DATA_SIZE);
556 if (pdata == NULL) {
557 SLOGE("Cannot allocate persisent data\n");
558 return;
559 }
560 memset(pdata, 0, CRYPT_PERSIST_DATA_SIZE);
561
562 /* Need to initialize the persistent data area */
563 if (lseek64(fd, pdata_offset, SEEK_SET) == -1) {
564 SLOGE("Cannot seek to persisent data offset\n");
Henrik Baard91064632015-02-05 15:09:17 +0100565 free(pdata);
Kenny Root7434b312013-06-14 11:29:53 -0700566 return;
567 }
568 /* Write all zeros to the first copy, making it invalid */
569 unix_write(fd, pdata, CRYPT_PERSIST_DATA_SIZE);
570
571 /* Write a valid but empty structure to the second copy */
572 init_empty_persist_data(pdata, CRYPT_PERSIST_DATA_SIZE);
573 unix_write(fd, pdata, CRYPT_PERSIST_DATA_SIZE);
574
575 /* Update the footer */
576 crypt_ftr->persist_data_size = CRYPT_PERSIST_DATA_SIZE;
577 crypt_ftr->persist_data_offset[0] = pdata_offset;
578 crypt_ftr->persist_data_offset[1] = pdata_offset + CRYPT_PERSIST_DATA_SIZE;
579 crypt_ftr->minor_version = 1;
Henrik Baard91064632015-02-05 15:09:17 +0100580 free(pdata);
Ken Sumrall160b4d62013-04-22 12:15:39 -0700581 }
582
Paul Lawrencef4faa572014-01-29 13:31:03 -0800583 if ((crypt_ftr->major_version == 1) && (crypt_ftr->minor_version == 1)) {
Kenny Rootc4c70f12013-06-14 12:11:38 -0700584 SLOGW("upgrading crypto footer to 1.2");
JP Abgrall7bdfa522013-11-15 13:42:56 -0800585 /* But keep the old kdf_type.
586 * It will get updated later to KDF_SCRYPT after the password has been verified.
587 */
Kenny Rootc4c70f12013-06-14 12:11:38 -0700588 crypt_ftr->kdf_type = KDF_PBKDF2;
589 get_device_scrypt_params(crypt_ftr);
590 crypt_ftr->minor_version = 2;
591 }
592
Paul Lawrencef4faa572014-01-29 13:31:03 -0800593 if ((crypt_ftr->major_version == 1) && (crypt_ftr->minor_version == 2)) {
594 SLOGW("upgrading crypto footer to 1.3");
595 crypt_ftr->crypt_type = CRYPT_TYPE_PASSWORD;
596 crypt_ftr->minor_version = 3;
597 }
598
Kenny Root7434b312013-06-14 11:29:53 -0700599 if ((orig_major != crypt_ftr->major_version) || (orig_minor != crypt_ftr->minor_version)) {
600 if (lseek64(fd, offset, SEEK_SET) == -1) {
601 SLOGE("Cannot seek to crypt footer\n");
602 return;
603 }
604 unix_write(fd, crypt_ftr, sizeof(struct crypt_mnt_ftr));
Ken Sumrall160b4d62013-04-22 12:15:39 -0700605 }
Ken Sumrall160b4d62013-04-22 12:15:39 -0700606}
607
608
609static int get_crypt_ftr_and_key(struct crypt_mnt_ftr *crypt_ftr)
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800610{
611 int fd;
Tim Murray8439dc92014-12-15 11:56:11 -0800612 unsigned int cnt;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700613 off64_t starting_off;
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800614 int rc = -1;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700615 char *fname = NULL;
Ken Sumrall29d8da82011-05-18 17:20:07 -0700616 struct stat statbuf;
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800617
Ken Sumrall160b4d62013-04-22 12:15:39 -0700618 if (get_crypt_ftr_info(&fname, &starting_off)) {
619 SLOGE("Unable to get crypt_ftr_info\n");
620 return -1;
621 }
622 if (fname[0] != '/') {
Ken Sumralle5032c42012-04-01 23:58:44 -0700623 SLOGE("Unexpected value for crypto key location\n");
Ken Sumrall160b4d62013-04-22 12:15:39 -0700624 return -1;
625 }
Jeff Sharkeyce6a9132015-04-08 21:07:21 -0700626 if ( (fd = open(fname, O_RDWR|O_CLOEXEC)) < 0) {
Ken Sumralle550f782013-08-20 13:48:23 -0700627 SLOGE("Cannot open footer file %s for get\n", fname);
Ken Sumrall160b4d62013-04-22 12:15:39 -0700628 return -1;
629 }
630
631 /* Make sure it's 16 Kbytes in length */
632 fstat(fd, &statbuf);
633 if (S_ISREG(statbuf.st_mode) && (statbuf.st_size != 0x4000)) {
634 SLOGE("footer file %s is not the expected size!\n", fname);
635 goto errout;
636 }
637
638 /* Seek to the start of the crypt footer */
639 if (lseek64(fd, starting_off, SEEK_SET) == -1) {
640 SLOGE("Cannot seek to real block device footer\n");
641 goto errout;
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800642 }
643
644 if ( (cnt = read(fd, crypt_ftr, sizeof(struct crypt_mnt_ftr))) != sizeof(struct crypt_mnt_ftr)) {
645 SLOGE("Cannot read real block device footer\n");
646 goto errout;
647 }
648
649 if (crypt_ftr->magic != CRYPT_MNT_MAGIC) {
Ken Sumrall29d8da82011-05-18 17:20:07 -0700650 SLOGE("Bad magic for real block device %s\n", fname);
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800651 goto errout;
652 }
653
Kenny Rootc96a5f82013-06-14 12:08:28 -0700654 if (crypt_ftr->major_version != CURRENT_MAJOR_VERSION) {
655 SLOGE("Cannot understand major version %d real block device footer; expected %d\n",
656 crypt_ftr->major_version, CURRENT_MAJOR_VERSION);
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800657 goto errout;
658 }
659
Kenny Rootc96a5f82013-06-14 12:08:28 -0700660 if (crypt_ftr->minor_version > CURRENT_MINOR_VERSION) {
661 SLOGW("Warning: crypto footer minor version %d, expected <= %d, continuing...\n",
662 crypt_ftr->minor_version, CURRENT_MINOR_VERSION);
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800663 }
664
Ken Sumrall160b4d62013-04-22 12:15:39 -0700665 /* If this is a verion 1.0 crypt_ftr, make it a 1.1 crypt footer, and update the
666 * copy on disk before returning.
667 */
Kenny Rootc96a5f82013-06-14 12:08:28 -0700668 if (crypt_ftr->minor_version < CURRENT_MINOR_VERSION) {
Ken Sumrall160b4d62013-04-22 12:15:39 -0700669 upgrade_crypt_ftr(fd, crypt_ftr, starting_off);
Ken Sumralle8744072011-01-18 22:01:55 -0800670 }
671
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800672 /* Success! */
673 rc = 0;
674
675errout:
676 close(fd);
677 return rc;
678}
679
Ken Sumrall160b4d62013-04-22 12:15:39 -0700680static int validate_persistent_data_storage(struct crypt_mnt_ftr *crypt_ftr)
681{
682 if (crypt_ftr->persist_data_offset[0] + crypt_ftr->persist_data_size >
683 crypt_ftr->persist_data_offset[1]) {
684 SLOGE("Crypt_ftr persist data regions overlap");
685 return -1;
686 }
687
688 if (crypt_ftr->persist_data_offset[0] >= crypt_ftr->persist_data_offset[1]) {
689 SLOGE("Crypt_ftr persist data region 0 starts after region 1");
690 return -1;
691 }
692
693 if (((crypt_ftr->persist_data_offset[1] + crypt_ftr->persist_data_size) -
694 (crypt_ftr->persist_data_offset[0] - CRYPT_FOOTER_TO_PERSIST_OFFSET)) >
695 CRYPT_FOOTER_OFFSET) {
696 SLOGE("Persistent data extends past crypto footer");
697 return -1;
698 }
699
700 return 0;
701}
702
703static int load_persistent_data(void)
704{
705 struct crypt_mnt_ftr crypt_ftr;
706 struct crypt_persist_data *pdata = NULL;
707 char encrypted_state[PROPERTY_VALUE_MAX];
708 char *fname;
709 int found = 0;
710 int fd;
711 int ret;
712 int i;
713
714 if (persist_data) {
715 /* Nothing to do, we've already loaded or initialized it */
716 return 0;
717 }
718
719
720 /* If not encrypted, just allocate an empty table and initialize it */
721 property_get("ro.crypto.state", encrypted_state, "");
722 if (strcmp(encrypted_state, "encrypted") ) {
723 pdata = malloc(CRYPT_PERSIST_DATA_SIZE);
724 if (pdata) {
725 init_empty_persist_data(pdata, CRYPT_PERSIST_DATA_SIZE);
726 persist_data = pdata;
727 return 0;
728 }
729 return -1;
730 }
731
732 if(get_crypt_ftr_and_key(&crypt_ftr)) {
733 return -1;
734 }
735
Paul Lawrence8561b5c2014-03-17 14:10:51 -0700736 if ((crypt_ftr.major_version < 1)
737 || (crypt_ftr.major_version == 1 && crypt_ftr.minor_version < 1)) {
Ken Sumrall160b4d62013-04-22 12:15:39 -0700738 SLOGE("Crypt_ftr version doesn't support persistent data");
739 return -1;
740 }
741
742 if (get_crypt_ftr_info(&fname, NULL)) {
743 return -1;
744 }
745
746 ret = validate_persistent_data_storage(&crypt_ftr);
747 if (ret) {
748 return -1;
749 }
750
Jeff Sharkeyce6a9132015-04-08 21:07:21 -0700751 fd = open(fname, O_RDONLY|O_CLOEXEC);
Ken Sumrall160b4d62013-04-22 12:15:39 -0700752 if (fd < 0) {
753 SLOGE("Cannot open %s metadata file", fname);
754 return -1;
755 }
756
757 if (persist_data == NULL) {
758 pdata = malloc(crypt_ftr.persist_data_size);
759 if (pdata == NULL) {
760 SLOGE("Cannot allocate memory for persistent data");
761 goto err;
762 }
763 }
764
765 for (i = 0; i < 2; i++) {
766 if (lseek64(fd, crypt_ftr.persist_data_offset[i], SEEK_SET) < 0) {
767 SLOGE("Cannot seek to read persistent data on %s", fname);
768 goto err2;
769 }
770 if (unix_read(fd, pdata, crypt_ftr.persist_data_size) < 0){
771 SLOGE("Error reading persistent data on iteration %d", i);
772 goto err2;
773 }
774 if (pdata->persist_magic == PERSIST_DATA_MAGIC) {
775 found = 1;
776 break;
777 }
778 }
779
780 if (!found) {
781 SLOGI("Could not find valid persistent data, creating");
782 init_empty_persist_data(pdata, crypt_ftr.persist_data_size);
783 }
784
785 /* Success */
786 persist_data = pdata;
787 close(fd);
788 return 0;
789
790err2:
791 free(pdata);
792
793err:
794 close(fd);
795 return -1;
796}
797
798static int save_persistent_data(void)
799{
800 struct crypt_mnt_ftr crypt_ftr;
801 struct crypt_persist_data *pdata;
802 char *fname;
803 off64_t write_offset;
804 off64_t erase_offset;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700805 int fd;
806 int ret;
807
808 if (persist_data == NULL) {
809 SLOGE("No persistent data to save");
810 return -1;
811 }
812
813 if(get_crypt_ftr_and_key(&crypt_ftr)) {
814 return -1;
815 }
816
Paul Lawrence8561b5c2014-03-17 14:10:51 -0700817 if ((crypt_ftr.major_version < 1)
818 || (crypt_ftr.major_version == 1 && crypt_ftr.minor_version < 1)) {
Ken Sumrall160b4d62013-04-22 12:15:39 -0700819 SLOGE("Crypt_ftr version doesn't support persistent data");
820 return -1;
821 }
822
823 ret = validate_persistent_data_storage(&crypt_ftr);
824 if (ret) {
825 return -1;
826 }
827
828 if (get_crypt_ftr_info(&fname, NULL)) {
829 return -1;
830 }
831
Jeff Sharkeyce6a9132015-04-08 21:07:21 -0700832 fd = open(fname, O_RDWR|O_CLOEXEC);
Ken Sumrall160b4d62013-04-22 12:15:39 -0700833 if (fd < 0) {
834 SLOGE("Cannot open %s metadata file", fname);
835 return -1;
836 }
837
838 pdata = malloc(crypt_ftr.persist_data_size);
839 if (pdata == NULL) {
840 SLOGE("Cannot allocate persistant data");
841 goto err;
842 }
843
844 if (lseek64(fd, crypt_ftr.persist_data_offset[0], SEEK_SET) < 0) {
845 SLOGE("Cannot seek to read persistent data on %s", fname);
846 goto err2;
847 }
848
849 if (unix_read(fd, pdata, crypt_ftr.persist_data_size) < 0) {
850 SLOGE("Error reading persistent data before save");
851 goto err2;
852 }
853
854 if (pdata->persist_magic == PERSIST_DATA_MAGIC) {
855 /* The first copy is the curent valid copy, so write to
856 * the second copy and erase this one */
857 write_offset = crypt_ftr.persist_data_offset[1];
858 erase_offset = crypt_ftr.persist_data_offset[0];
859 } else {
860 /* The second copy must be the valid copy, so write to
861 * the first copy, and erase the second */
862 write_offset = crypt_ftr.persist_data_offset[0];
863 erase_offset = crypt_ftr.persist_data_offset[1];
864 }
865
866 /* Write the new copy first, if successful, then erase the old copy */
Björn Landström96dbee72015-01-20 12:43:56 +0100867 if (lseek64(fd, write_offset, SEEK_SET) < 0) {
Ken Sumrall160b4d62013-04-22 12:15:39 -0700868 SLOGE("Cannot seek to write persistent data");
869 goto err2;
870 }
871 if (unix_write(fd, persist_data, crypt_ftr.persist_data_size) ==
872 (int) crypt_ftr.persist_data_size) {
Björn Landström96dbee72015-01-20 12:43:56 +0100873 if (lseek64(fd, erase_offset, SEEK_SET) < 0) {
Ken Sumrall160b4d62013-04-22 12:15:39 -0700874 SLOGE("Cannot seek to erase previous persistent data");
875 goto err2;
876 }
877 fsync(fd);
878 memset(pdata, 0, crypt_ftr.persist_data_size);
879 if (unix_write(fd, pdata, crypt_ftr.persist_data_size) !=
880 (int) crypt_ftr.persist_data_size) {
881 SLOGE("Cannot write to erase previous persistent data");
882 goto err2;
883 }
884 fsync(fd);
885 } else {
886 SLOGE("Cannot write to save persistent data");
887 goto err2;
888 }
889
890 /* Success */
891 free(pdata);
892 close(fd);
893 return 0;
894
895err2:
896 free(pdata);
897err:
898 close(fd);
899 return -1;
900}
901
Paul Lawrencef4faa572014-01-29 13:31:03 -0800902static int hexdigit (char c)
903{
904 if (c >= '0' && c <= '9') return c - '0';
905 c = tolower(c);
906 if (c >= 'a' && c <= 'f') return c - 'a' + 10;
907 return -1;
908}
909
910static unsigned char* convert_hex_ascii_to_key(const char* master_key_ascii,
911 unsigned int* out_keysize)
912{
913 unsigned int i;
914 *out_keysize = 0;
915
916 size_t size = strlen (master_key_ascii);
917 if (size % 2) {
918 SLOGE("Trying to convert ascii string of odd length");
919 return NULL;
920 }
921
922 unsigned char* master_key = (unsigned char*) malloc(size / 2);
923 if (master_key == 0) {
924 SLOGE("Cannot allocate");
925 return NULL;
926 }
927
928 for (i = 0; i < size; i += 2) {
929 int high_nibble = hexdigit (master_key_ascii[i]);
930 int low_nibble = hexdigit (master_key_ascii[i + 1]);
931
932 if(high_nibble < 0 || low_nibble < 0) {
933 SLOGE("Invalid hex string");
934 free (master_key);
935 return NULL;
936 }
937
938 master_key[*out_keysize] = high_nibble * 16 + low_nibble;
939 (*out_keysize)++;
940 }
941
942 return master_key;
943}
944
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800945/* Convert a binary key of specified length into an ascii hex string equivalent,
946 * without the leading 0x and with null termination
947 */
Jeff Sharkey9c484982015-03-31 10:35:33 -0700948static void convert_key_to_hex_ascii(const unsigned char *master_key,
949 unsigned int keysize, char *master_key_ascii) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800950 unsigned int i, a;
951 unsigned char nibble;
952
953 for (i=0, a=0; i<keysize; i++, a+=2) {
954 /* For each byte, write out two ascii hex digits */
955 nibble = (master_key[i] >> 4) & 0xf;
956 master_key_ascii[a] = nibble + (nibble > 9 ? 0x37 : 0x30);
957
958 nibble = master_key[i] & 0xf;
959 master_key_ascii[a+1] = nibble + (nibble > 9 ? 0x37 : 0x30);
960 }
961
962 /* Add the null termination */
963 master_key_ascii[a] = '\0';
964
965}
966
Jeff Sharkey9c484982015-03-31 10:35:33 -0700967static int load_crypto_mapping_table(struct crypt_mnt_ftr *crypt_ftr,
968 const unsigned char *master_key, const char *real_blk_name,
969 const char *name, int fd, const char *extra_params) {
Dan Albertc07fa3f2014-12-18 10:00:55 -0800970 _Alignas(struct dm_ioctl) char buffer[DM_CRYPT_BUF_SIZE];
Ken Sumralldb5e0262013-02-05 17:39:48 -0800971 struct dm_ioctl *io;
972 struct dm_target_spec *tgt;
973 char *crypt_params;
974 char master_key_ascii[129]; /* Large enough to hold 512 bit key and null */
975 int i;
976
977 io = (struct dm_ioctl *) buffer;
978
979 /* Load the mapping table for this device */
980 tgt = (struct dm_target_spec *) &buffer[sizeof(struct dm_ioctl)];
981
982 ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
983 io->target_count = 1;
984 tgt->status = 0;
985 tgt->sector_start = 0;
986 tgt->length = crypt_ftr->fs_size;
Ajay Dudani87701e22014-09-17 21:02:52 -0700987#ifdef CONFIG_HW_DISK_ENCRYPTION
Iliyan Malchevbb7d9af2014-11-20 18:42:23 -0800988 if (!strcmp((char *)crypt_ftr->crypto_type_name, "aes-xts")) {
989 strlcpy(tgt->target_type, "req-crypt", DM_MAX_TYPE_NAME);
990 }
991 else {
992 strlcpy(tgt->target_type, "crypt", DM_MAX_TYPE_NAME);
993 }
Ajay Dudani87701e22014-09-17 21:02:52 -0700994#else
995 strlcpy(tgt->target_type, "crypt", DM_MAX_TYPE_NAME);
996#endif
Ken Sumralldb5e0262013-02-05 17:39:48 -0800997
998 crypt_params = buffer + sizeof(struct dm_ioctl) + sizeof(struct dm_target_spec);
999 convert_key_to_hex_ascii(master_key, crypt_ftr->keysize, master_key_ascii);
1000 sprintf(crypt_params, "%s %s 0 %s 0 %s", crypt_ftr->crypto_type_name,
1001 master_key_ascii, real_blk_name, extra_params);
1002 crypt_params += strlen(crypt_params) + 1;
1003 crypt_params = (char *) (((unsigned long)crypt_params + 7) & ~8); /* Align to an 8 byte boundary */
1004 tgt->next = crypt_params - buffer;
1005
1006 for (i = 0; i < TABLE_LOAD_RETRIES; i++) {
1007 if (! ioctl(fd, DM_TABLE_LOAD, io)) {
1008 break;
1009 }
1010 usleep(500000);
1011 }
1012
1013 if (i == TABLE_LOAD_RETRIES) {
1014 /* We failed to load the table, return an error */
1015 return -1;
1016 } else {
1017 return i + 1;
1018 }
1019}
1020
1021
1022static int get_dm_crypt_version(int fd, const char *name, int *version)
1023{
1024 char buffer[DM_CRYPT_BUF_SIZE];
1025 struct dm_ioctl *io;
1026 struct dm_target_versions *v;
Ken Sumralldb5e0262013-02-05 17:39:48 -08001027
1028 io = (struct dm_ioctl *) buffer;
1029
1030 ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
1031
1032 if (ioctl(fd, DM_LIST_VERSIONS, io)) {
1033 return -1;
1034 }
1035
1036 /* Iterate over the returned versions, looking for name of "crypt".
1037 * When found, get and return the version.
1038 */
1039 v = (struct dm_target_versions *) &buffer[sizeof(struct dm_ioctl)];
1040 while (v->next) {
Ajay Dudani87701e22014-09-17 21:02:52 -07001041#ifdef CONFIG_HW_DISK_ENCRYPTION
Iliyan Malchevbb7d9af2014-11-20 18:42:23 -08001042 if (! strcmp(v->name, "crypt") || ! strcmp(v->name, "req-crypt")) {
Ajay Dudani87701e22014-09-17 21:02:52 -07001043#else
Ken Sumralldb5e0262013-02-05 17:39:48 -08001044 if (! strcmp(v->name, "crypt")) {
Ajay Dudani87701e22014-09-17 21:02:52 -07001045#endif
Ken Sumralldb5e0262013-02-05 17:39:48 -08001046 /* We found the crypt driver, return the version, and get out */
1047 version[0] = v->version[0];
1048 version[1] = v->version[1];
1049 version[2] = v->version[2];
1050 return 0;
1051 }
1052 v = (struct dm_target_versions *)(((char *)v) + v->next);
1053 }
1054
1055 return -1;
1056}
1057
Jeff Sharkey9c484982015-03-31 10:35:33 -07001058static int create_crypto_blk_dev(struct crypt_mnt_ftr *crypt_ftr,
1059 const unsigned char *master_key, const char *real_blk_name,
1060 char *crypto_blk_name, const char *name) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001061 char buffer[DM_CRYPT_BUF_SIZE];
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001062 struct dm_ioctl *io;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001063 unsigned int minor;
Ajay Dudani87701e22014-09-17 21:02:52 -07001064 int fd=0;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001065 int retval = -1;
Ken Sumralldb5e0262013-02-05 17:39:48 -08001066 int version[3];
1067 char *extra_params;
1068 int load_count;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001069
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07001070 if ((fd = open("/dev/device-mapper", O_RDWR|O_CLOEXEC)) < 0 ) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001071 SLOGE("Cannot open device-mapper\n");
1072 goto errout;
1073 }
1074
1075 io = (struct dm_ioctl *) buffer;
1076
1077 ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
1078 if (ioctl(fd, DM_DEV_CREATE, io)) {
1079 SLOGE("Cannot create dm-crypt device\n");
1080 goto errout;
1081 }
1082
1083 /* Get the device status, in particular, the name of it's device file */
1084 ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
1085 if (ioctl(fd, DM_DEV_STATUS, io)) {
1086 SLOGE("Cannot retrieve dm-crypt device status\n");
1087 goto errout;
1088 }
1089 minor = (io->dev & 0xff) | ((io->dev >> 12) & 0xfff00);
1090 snprintf(crypto_blk_name, MAXPATHLEN, "/dev/block/dm-%u", minor);
1091
Ken Sumralldb5e0262013-02-05 17:39:48 -08001092 extra_params = "";
1093 if (! get_dm_crypt_version(fd, name, version)) {
1094 /* Support for allow_discards was added in version 1.11.0 */
1095 if ((version[0] >= 2) ||
1096 ((version[0] == 1) && (version[1] >= 11))) {
1097 extra_params = "1 allow_discards";
1098 SLOGI("Enabling support for allow_discards in dmcrypt.\n");
1099 }
Ken Sumralle919efe2012-09-29 17:07:41 -07001100 }
1101
Ken Sumralldb5e0262013-02-05 17:39:48 -08001102 load_count = load_crypto_mapping_table(crypt_ftr, master_key, real_blk_name, name,
1103 fd, extra_params);
1104 if (load_count < 0) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001105 SLOGE("Cannot load dm-crypt mapping table.\n");
1106 goto errout;
Ken Sumralldb5e0262013-02-05 17:39:48 -08001107 } else if (load_count > 1) {
1108 SLOGI("Took %d tries to load dmcrypt table.\n", load_count);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001109 }
1110
1111 /* Resume this device to activate it */
Ken Sumralldb5e0262013-02-05 17:39:48 -08001112 ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001113
1114 if (ioctl(fd, DM_DEV_SUSPEND, io)) {
1115 SLOGE("Cannot resume the dm-crypt device\n");
1116 goto errout;
1117 }
1118
1119 /* We made it here with no errors. Woot! */
1120 retval = 0;
1121
1122errout:
1123 close(fd); /* If fd is <0 from a failed open call, it's safe to just ignore the close error */
1124
1125 return retval;
1126}
1127
Ken Sumrall29d8da82011-05-18 17:20:07 -07001128static int delete_crypto_blk_dev(char *name)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001129{
1130 int fd;
1131 char buffer[DM_CRYPT_BUF_SIZE];
1132 struct dm_ioctl *io;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001133 int retval = -1;
1134
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07001135 if ((fd = open("/dev/device-mapper", O_RDWR|O_CLOEXEC)) < 0 ) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001136 SLOGE("Cannot open device-mapper\n");
1137 goto errout;
1138 }
1139
1140 io = (struct dm_ioctl *) buffer;
1141
1142 ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
1143 if (ioctl(fd, DM_DEV_REMOVE, io)) {
1144 SLOGE("Cannot remove dm-crypt device\n");
1145 goto errout;
1146 }
1147
1148 /* We made it here with no errors. Woot! */
1149 retval = 0;
1150
1151errout:
1152 close(fd); /* If fd is <0 from a failed open call, it's safe to just ignore the close error */
1153
1154 return retval;
1155
1156}
1157
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001158static int pbkdf2(const char *passwd, const unsigned char *salt,
Paul Lawrencef4faa572014-01-29 13:31:03 -08001159 unsigned char *ikey, void *params UNUSED)
1160{
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001161 SLOGI("Using pbkdf2 for cryptfs KDF");
1162
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001163 /* Turn the password into a key and IV that can decrypt the master key */
Paul Lawrencef4faa572014-01-29 13:31:03 -08001164 unsigned int keysize;
1165 char* master_key = (char*)convert_hex_ascii_to_key(passwd, &keysize);
1166 if (!master_key) return -1;
1167 PKCS5_PBKDF2_HMAC_SHA1(master_key, keysize, salt, SALT_LEN,
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001168 HASH_COUNT, KEY_LEN_BYTES+IV_LEN_BYTES, ikey);
Paul Lawrencef4faa572014-01-29 13:31:03 -08001169
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001170 memset(master_key, 0, keysize);
Paul Lawrencef4faa572014-01-29 13:31:03 -08001171 free (master_key);
1172 return 0;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001173}
1174
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001175static int scrypt(const char *passwd, const unsigned char *salt,
Paul Lawrencef4faa572014-01-29 13:31:03 -08001176 unsigned char *ikey, void *params)
1177{
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001178 SLOGI("Using scrypt for cryptfs KDF");
1179
Kenny Rootc4c70f12013-06-14 12:11:38 -07001180 struct crypt_mnt_ftr *ftr = (struct crypt_mnt_ftr *) params;
1181
1182 int N = 1 << ftr->N_factor;
1183 int r = 1 << ftr->r_factor;
1184 int p = 1 << ftr->p_factor;
1185
1186 /* Turn the password into a key and IV that can decrypt the master key */
Paul Lawrencef4faa572014-01-29 13:31:03 -08001187 unsigned int keysize;
1188 unsigned char* master_key = convert_hex_ascii_to_key(passwd, &keysize);
1189 if (!master_key) return -1;
1190 crypto_scrypt(master_key, keysize, salt, SALT_LEN, N, r, p, ikey,
Kenny Rootc4c70f12013-06-14 12:11:38 -07001191 KEY_LEN_BYTES + IV_LEN_BYTES);
Paul Lawrencef4faa572014-01-29 13:31:03 -08001192
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001193 memset(master_key, 0, keysize);
Paul Lawrencef4faa572014-01-29 13:31:03 -08001194 free (master_key);
1195 return 0;
Kenny Rootc4c70f12013-06-14 12:11:38 -07001196}
1197
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001198static int scrypt_keymaster(const char *passwd, const unsigned char *salt,
1199 unsigned char *ikey, void *params)
1200{
1201 SLOGI("Using scrypt with keymaster for cryptfs KDF");
1202
1203 int rc;
1204 unsigned int key_size;
1205 size_t signature_size;
1206 unsigned char* signature;
1207 struct crypt_mnt_ftr *ftr = (struct crypt_mnt_ftr *) params;
1208
1209 int N = 1 << ftr->N_factor;
1210 int r = 1 << ftr->r_factor;
1211 int p = 1 << ftr->p_factor;
1212
1213 unsigned char* master_key = convert_hex_ascii_to_key(passwd, &key_size);
1214 if (!master_key) {
1215 SLOGE("Failed to convert passwd from hex");
1216 return -1;
1217 }
1218
1219 rc = crypto_scrypt(master_key, key_size, salt, SALT_LEN,
1220 N, r, p, ikey, KEY_LEN_BYTES + IV_LEN_BYTES);
1221 memset(master_key, 0, key_size);
1222 free(master_key);
1223
1224 if (rc) {
1225 SLOGE("scrypt failed");
1226 return -1;
1227 }
1228
Shawn Willdene17a9c42014-09-08 13:04:08 -06001229 if (keymaster_sign_object(ftr, ikey, KEY_LEN_BYTES + IV_LEN_BYTES,
1230 &signature, &signature_size)) {
1231 SLOGE("Signing failed");
1232 return -1;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001233 }
1234
1235 rc = crypto_scrypt(signature, signature_size, salt, SALT_LEN,
1236 N, r, p, ikey, KEY_LEN_BYTES + IV_LEN_BYTES);
1237 free(signature);
1238
1239 if (rc) {
1240 SLOGE("scrypt failed");
1241 return -1;
1242 }
1243
1244 return 0;
1245}
1246
1247static int encrypt_master_key(const char *passwd, const unsigned char *salt,
1248 const unsigned char *decrypted_master_key,
Kenny Rootc4c70f12013-06-14 12:11:38 -07001249 unsigned char *encrypted_master_key,
1250 struct crypt_mnt_ftr *crypt_ftr)
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001251{
1252 unsigned char ikey[32+32] = { 0 }; /* Big enough to hold a 256 bit key and 256 bit IV */
1253 EVP_CIPHER_CTX e_ctx;
1254 int encrypted_len, final_len;
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001255 int rc = 0;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001256
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001257 /* Turn the password into an intermediate key and IV that can decrypt the master key */
Kenny Rootc4c70f12013-06-14 12:11:38 -07001258 get_device_scrypt_params(crypt_ftr);
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001259
1260 switch (crypt_ftr->kdf_type) {
1261 case KDF_SCRYPT_KEYMASTER:
1262 if (keymaster_create_key(crypt_ftr)) {
1263 SLOGE("keymaster_create_key failed");
1264 return -1;
1265 }
1266
1267 if (scrypt_keymaster(passwd, salt, ikey, crypt_ftr)) {
1268 SLOGE("scrypt failed");
1269 return -1;
1270 }
1271 break;
1272
1273 case KDF_SCRYPT:
1274 if (scrypt(passwd, salt, ikey, crypt_ftr)) {
1275 SLOGE("scrypt failed");
1276 return -1;
1277 }
1278 break;
1279
1280 default:
1281 SLOGE("Invalid kdf_type");
Paul Lawrencef4faa572014-01-29 13:31:03 -08001282 return -1;
1283 }
Kenny Rootc4c70f12013-06-14 12:11:38 -07001284
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001285 /* Initialize the decryption engine */
Adam Langley889c4f12014-09-03 14:23:13 -07001286 EVP_CIPHER_CTX_init(&e_ctx);
1287 if (! EVP_EncryptInit_ex(&e_ctx, EVP_aes_128_cbc(), NULL, ikey, ikey+KEY_LEN_BYTES)) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001288 SLOGE("EVP_EncryptInit failed\n");
1289 return -1;
1290 }
1291 EVP_CIPHER_CTX_set_padding(&e_ctx, 0); /* Turn off padding as our data is block aligned */
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001292
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001293 /* Encrypt the master key */
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001294 if (! EVP_EncryptUpdate(&e_ctx, encrypted_master_key, &encrypted_len,
1295 decrypted_master_key, KEY_LEN_BYTES)) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001296 SLOGE("EVP_EncryptUpdate failed\n");
1297 return -1;
1298 }
Adam Langley889c4f12014-09-03 14:23:13 -07001299 if (! EVP_EncryptFinal_ex(&e_ctx, encrypted_master_key + encrypted_len, &final_len)) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001300 SLOGE("EVP_EncryptFinal failed\n");
1301 return -1;
1302 }
1303
1304 if (encrypted_len + final_len != KEY_LEN_BYTES) {
1305 SLOGE("EVP_Encryption length check failed with %d, %d bytes\n", encrypted_len, final_len);
1306 return -1;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001307 }
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001308
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001309 /* Store the scrypt of the intermediate key, so we can validate if it's a
1310 password error or mount error when things go wrong.
1311 Note there's no need to check for errors, since if this is incorrect, we
1312 simply won't wipe userdata, which is the correct default behavior
1313 */
1314 int N = 1 << crypt_ftr->N_factor;
1315 int r = 1 << crypt_ftr->r_factor;
1316 int p = 1 << crypt_ftr->p_factor;
1317
1318 rc = crypto_scrypt(ikey, KEY_LEN_BYTES,
1319 crypt_ftr->salt, sizeof(crypt_ftr->salt), N, r, p,
1320 crypt_ftr->scrypted_intermediate_key,
1321 sizeof(crypt_ftr->scrypted_intermediate_key));
1322
1323 if (rc) {
1324 SLOGE("encrypt_master_key: crypto_scrypt failed");
1325 }
1326
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001327 return 0;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001328}
1329
JP Abgrall7bdfa522013-11-15 13:42:56 -08001330static int decrypt_master_key_aux(char *passwd, unsigned char *salt,
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001331 unsigned char *encrypted_master_key,
1332 unsigned char *decrypted_master_key,
1333 kdf_func kdf, void *kdf_params,
1334 unsigned char** intermediate_key,
1335 size_t* intermediate_key_size)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001336{
1337 unsigned char ikey[32+32] = { 0 }; /* Big enough to hold a 256 bit key and 256 bit IV */
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001338 EVP_CIPHER_CTX d_ctx;
1339 int decrypted_len, final_len;
1340
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001341 /* Turn the password into an intermediate key and IV that can decrypt the
1342 master key */
Paul Lawrencef4faa572014-01-29 13:31:03 -08001343 if (kdf(passwd, salt, ikey, kdf_params)) {
1344 SLOGE("kdf failed");
1345 return -1;
1346 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001347
1348 /* Initialize the decryption engine */
Adam Langley889c4f12014-09-03 14:23:13 -07001349 EVP_CIPHER_CTX_init(&d_ctx);
1350 if (! EVP_DecryptInit_ex(&d_ctx, EVP_aes_128_cbc(), NULL, ikey, ikey+KEY_LEN_BYTES)) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001351 return -1;
1352 }
1353 EVP_CIPHER_CTX_set_padding(&d_ctx, 0); /* Turn off padding as our data is block aligned */
1354 /* Decrypt the master key */
1355 if (! EVP_DecryptUpdate(&d_ctx, decrypted_master_key, &decrypted_len,
1356 encrypted_master_key, KEY_LEN_BYTES)) {
1357 return -1;
1358 }
Adam Langley889c4f12014-09-03 14:23:13 -07001359 if (! EVP_DecryptFinal_ex(&d_ctx, decrypted_master_key + decrypted_len, &final_len)) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001360 return -1;
1361 }
1362
1363 if (decrypted_len + final_len != KEY_LEN_BYTES) {
1364 return -1;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001365 }
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001366
1367 /* Copy intermediate key if needed by params */
1368 if (intermediate_key && intermediate_key_size) {
1369 *intermediate_key = (unsigned char*) malloc(KEY_LEN_BYTES);
1370 if (intermediate_key) {
1371 memcpy(*intermediate_key, ikey, KEY_LEN_BYTES);
1372 *intermediate_key_size = KEY_LEN_BYTES;
1373 }
1374 }
1375
1376 return 0;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001377}
1378
Kenny Rootc4c70f12013-06-14 12:11:38 -07001379static void get_kdf_func(struct crypt_mnt_ftr *ftr, kdf_func *kdf, void** kdf_params)
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001380{
Paul Lawrencedb3730c2015-02-03 13:08:10 -08001381 if (ftr->kdf_type == KDF_SCRYPT_KEYMASTER) {
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001382 *kdf = scrypt_keymaster;
1383 *kdf_params = ftr;
1384 } else if (ftr->kdf_type == KDF_SCRYPT) {
Kenny Rootc4c70f12013-06-14 12:11:38 -07001385 *kdf = scrypt;
1386 *kdf_params = ftr;
1387 } else {
1388 *kdf = pbkdf2;
1389 *kdf_params = NULL;
1390 }
1391}
1392
JP Abgrall7bdfa522013-11-15 13:42:56 -08001393static int decrypt_master_key(char *passwd, unsigned char *decrypted_master_key,
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001394 struct crypt_mnt_ftr *crypt_ftr,
1395 unsigned char** intermediate_key,
1396 size_t* intermediate_key_size)
Kenny Rootc4c70f12013-06-14 12:11:38 -07001397{
1398 kdf_func kdf;
1399 void *kdf_params;
1400 int ret;
1401
1402 get_kdf_func(crypt_ftr, &kdf, &kdf_params);
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001403 ret = decrypt_master_key_aux(passwd, crypt_ftr->salt, crypt_ftr->master_key,
1404 decrypted_master_key, kdf, kdf_params,
1405 intermediate_key, intermediate_key_size);
Kenny Rootc4c70f12013-06-14 12:11:38 -07001406 if (ret != 0) {
1407 SLOGW("failure decrypting master key");
Kenny Rootc4c70f12013-06-14 12:11:38 -07001408 }
1409
1410 return ret;
1411}
1412
1413static int create_encrypted_random_key(char *passwd, unsigned char *master_key, unsigned char *salt,
1414 struct crypt_mnt_ftr *crypt_ftr) {
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001415 int fd;
Ken Sumralle8744072011-01-18 22:01:55 -08001416 unsigned char key_buf[KEY_LEN_BYTES];
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001417
1418 /* Get some random bits for a key */
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07001419 fd = open("/dev/urandom", O_RDONLY|O_CLOEXEC);
Ken Sumralle8744072011-01-18 22:01:55 -08001420 read(fd, key_buf, sizeof(key_buf));
1421 read(fd, salt, SALT_LEN);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001422 close(fd);
1423
1424 /* Now encrypt it with the password */
Kenny Rootc4c70f12013-06-14 12:11:38 -07001425 return encrypt_master_key(passwd, salt, key_buf, master_key, crypt_ftr);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001426}
1427
Greg Hackmann6e8440f2014-10-02 17:18:20 -07001428static int wait_and_unmount(char *mountpoint, bool kill)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001429{
Greg Hackmann955653e2014-09-24 14:55:20 -07001430 int i, err, rc;
Ken Sumrall2eaf7132011-01-14 12:45:48 -08001431#define WAIT_UNMOUNT_COUNT 20
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001432
1433 /* Now umount the tmpfs filesystem */
1434 for (i=0; i<WAIT_UNMOUNT_COUNT; i++) {
Greg Hackmann6e8440f2014-10-02 17:18:20 -07001435 if (umount(mountpoint) == 0) {
1436 break;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001437 }
Greg Hackmann6e8440f2014-10-02 17:18:20 -07001438
1439 if (errno == EINVAL) {
1440 /* EINVAL is returned if the directory is not a mountpoint,
1441 * i.e. there is no filesystem mounted there. So just get out.
1442 */
1443 break;
1444 }
1445
1446 err = errno;
1447
1448 /* If allowed, be increasingly aggressive before the last two retries */
1449 if (kill) {
1450 if (i == (WAIT_UNMOUNT_COUNT - 3)) {
1451 SLOGW("sending SIGHUP to processes with open files\n");
Jeff Sharkey36801cc2015-03-13 16:09:20 -07001452 vold_killProcessesWithOpenFiles(mountpoint, SIGTERM);
Greg Hackmann6e8440f2014-10-02 17:18:20 -07001453 } else if (i == (WAIT_UNMOUNT_COUNT - 2)) {
1454 SLOGW("sending SIGKILL to processes with open files\n");
Jeff Sharkey36801cc2015-03-13 16:09:20 -07001455 vold_killProcessesWithOpenFiles(mountpoint, SIGKILL);
Greg Hackmann6e8440f2014-10-02 17:18:20 -07001456 }
1457 }
1458
1459 sleep(1);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001460 }
1461
1462 if (i < WAIT_UNMOUNT_COUNT) {
1463 SLOGD("unmounting %s succeeded\n", mountpoint);
1464 rc = 0;
1465 } else {
jessica_yu3f14fe42014-09-22 15:57:40 +08001466 vold_killProcessesWithOpenFiles(mountpoint, 0);
Greg Hackmann955653e2014-09-24 14:55:20 -07001467 SLOGE("unmounting %s failed: %s\n", mountpoint, strerror(err));
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001468 rc = -1;
1469 }
1470
1471 return rc;
1472}
1473
Ken Sumrallc5872692013-05-14 15:26:31 -07001474#define DATA_PREP_TIMEOUT 200
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001475static int prep_data_fs(void)
1476{
1477 int i;
1478
1479 /* Do the prep of the /data filesystem */
1480 property_set("vold.post_fs_data_done", "0");
1481 property_set("vold.decrypt", "trigger_post_fs_data");
1482 SLOGD("Just triggered post_fs_data\n");
1483
Ken Sumrallc5872692013-05-14 15:26:31 -07001484 /* Wait a max of 50 seconds, hopefully it takes much less */
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001485 for (i=0; i<DATA_PREP_TIMEOUT; i++) {
Ken Sumrall29d8da82011-05-18 17:20:07 -07001486 char p[PROPERTY_VALUE_MAX];
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001487
1488 property_get("vold.post_fs_data_done", p, "0");
1489 if (*p == '1') {
1490 break;
1491 } else {
1492 usleep(250000);
1493 }
1494 }
1495 if (i == DATA_PREP_TIMEOUT) {
1496 /* Ugh, we failed to prep /data in time. Bail. */
Ken Sumrallc5872692013-05-14 15:26:31 -07001497 SLOGE("post_fs_data timed out!\n");
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001498 return -1;
1499 } else {
1500 SLOGD("post_fs_data done\n");
1501 return 0;
1502 }
1503}
1504
Paul Lawrence74f29f12014-08-28 15:54:10 -07001505static void cryptfs_set_corrupt()
1506{
1507 // Mark the footer as bad
1508 struct crypt_mnt_ftr crypt_ftr;
1509 if (get_crypt_ftr_and_key(&crypt_ftr)) {
1510 SLOGE("Failed to get crypto footer - panic");
1511 return;
1512 }
1513
1514 crypt_ftr.flags |= CRYPT_DATA_CORRUPT;
1515 if (put_crypt_ftr_and_key(&crypt_ftr)) {
1516 SLOGE("Failed to set crypto footer - panic");
1517 return;
1518 }
1519}
1520
1521static void cryptfs_trigger_restart_min_framework()
1522{
1523 if (fs_mgr_do_tmpfs_mount(DATA_MNT_POINT)) {
1524 SLOGE("Failed to mount tmpfs on data - panic");
1525 return;
1526 }
1527
1528 if (property_set("vold.decrypt", "trigger_post_fs_data")) {
1529 SLOGE("Failed to trigger post fs data - panic");
1530 return;
1531 }
1532
1533 if (property_set("vold.decrypt", "trigger_restart_min_framework")) {
1534 SLOGE("Failed to trigger restart min framework - panic");
1535 return;
1536 }
1537}
1538
Paul Lawrence8e3f4512014-09-08 10:11:17 -07001539/* returns < 0 on failure */
Paul Lawrencef4faa572014-01-29 13:31:03 -08001540static int cryptfs_restart_internal(int restart_main)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001541{
Ken Sumrall6864b7e2011-01-14 15:20:02 -08001542 char crypto_blkdev[MAXPATHLEN];
Tim Murray8439dc92014-12-15 11:56:11 -08001543 int rc = -1;
Ken Sumrall0cc16632011-01-18 20:32:26 -08001544 static int restart_successful = 0;
1545
1546 /* Validate that it's OK to call this routine */
Jason parks70a4b3f2011-01-28 10:10:47 -06001547 if (! master_key_saved) {
Ken Sumrall0cc16632011-01-18 20:32:26 -08001548 SLOGE("Encrypted filesystem not validated, aborting");
1549 return -1;
1550 }
1551
1552 if (restart_successful) {
1553 SLOGE("System already restarted with encrypted disk, aborting");
1554 return -1;
1555 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001556
Paul Lawrencef4faa572014-01-29 13:31:03 -08001557 if (restart_main) {
1558 /* Here is where we shut down the framework. The init scripts
1559 * start all services in one of three classes: core, main or late_start.
1560 * On boot, we start core and main. Now, we stop main, but not core,
1561 * as core includes vold and a few other really important things that
1562 * we need to keep running. Once main has stopped, we should be able
1563 * to umount the tmpfs /data, then mount the encrypted /data.
1564 * We then restart the class main, and also the class late_start.
1565 * At the moment, I've only put a few things in late_start that I know
1566 * are not needed to bring up the framework, and that also cause problems
1567 * with unmounting the tmpfs /data, but I hope to add add more services
1568 * to the late_start class as we optimize this to decrease the delay
1569 * till the user is asked for the password to the filesystem.
1570 */
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001571
Paul Lawrencef4faa572014-01-29 13:31:03 -08001572 /* The init files are setup to stop the class main when vold.decrypt is
1573 * set to trigger_reset_main.
1574 */
1575 property_set("vold.decrypt", "trigger_reset_main");
1576 SLOGD("Just asked init to shut down class main\n");
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001577
Paul Lawrencef4faa572014-01-29 13:31:03 -08001578 /* Ugh, shutting down the framework is not synchronous, so until it
1579 * can be fixed, this horrible hack will wait a moment for it all to
1580 * shut down before proceeding. Without it, some devices cannot
1581 * restart the graphics services.
1582 */
1583 sleep(2);
1584 }
Ken Sumrall9dedfd42012-10-09 14:16:59 -07001585
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001586 /* Now that the framework is shutdown, we should be able to umount()
1587 * the tmpfs filesystem, and mount the real one.
1588 */
1589
Ken Sumrall6864b7e2011-01-14 15:20:02 -08001590 property_get("ro.crypto.fs_crypto_blkdev", crypto_blkdev, "");
1591 if (strlen(crypto_blkdev) == 0) {
1592 SLOGE("fs_crypto_blkdev not set\n");
1593 return -1;
1594 }
1595
Greg Hackmann6e8440f2014-10-02 17:18:20 -07001596 if (! (rc = wait_and_unmount(DATA_MNT_POINT, true)) ) {
Doug Zongker6fd57712013-12-17 09:43:23 -08001597 /* If ro.crypto.readonly is set to 1, mount the decrypted
1598 * filesystem readonly. This is used when /data is mounted by
1599 * recovery mode.
1600 */
1601 char ro_prop[PROPERTY_VALUE_MAX];
1602 property_get("ro.crypto.readonly", ro_prop, "");
1603 if (strlen(ro_prop) > 0 && atoi(ro_prop)) {
1604 struct fstab_rec* rec = fs_mgr_get_entry_for_mount_point(fstab, DATA_MNT_POINT);
1605 rec->flags |= MS_RDONLY;
1606 }
JP Abgrall62c7af32014-06-16 13:01:23 -07001607
Ken Sumralle5032c42012-04-01 23:58:44 -07001608 /* If that succeeded, then mount the decrypted filesystem */
Paul Lawrence8e3f4512014-09-08 10:11:17 -07001609 int retries = RETRY_MOUNT_ATTEMPTS;
1610 int mount_rc;
1611 while ((mount_rc = fs_mgr_do_mount(fstab, DATA_MNT_POINT,
1612 crypto_blkdev, 0))
1613 != 0) {
1614 if (mount_rc == FS_MGR_DOMNT_BUSY) {
1615 /* TODO: invoke something similar to
1616 Process::killProcessWithOpenFiles(DATA_MNT_POINT,
1617 retries > RETRY_MOUNT_ATTEMPT/2 ? 1 : 2 ) */
1618 SLOGI("Failed to mount %s because it is busy - waiting",
1619 crypto_blkdev);
1620 if (--retries) {
1621 sleep(RETRY_MOUNT_DELAY_SECONDS);
1622 } else {
1623 /* Let's hope that a reboot clears away whatever is keeping
1624 the mount busy */
1625 cryptfs_reboot(reboot);
1626 }
1627 } else {
1628 SLOGE("Failed to mount decrypted data");
1629 cryptfs_set_corrupt();
1630 cryptfs_trigger_restart_min_framework();
1631 SLOGI("Started framework to offer wipe");
1632 return -1;
1633 }
Paul Lawrence74f29f12014-08-28 15:54:10 -07001634 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001635
Ken Sumralle5032c42012-04-01 23:58:44 -07001636 property_set("vold.decrypt", "trigger_load_persist_props");
1637 /* Create necessary paths on /data */
1638 if (prep_data_fs()) {
1639 return -1;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001640 }
Ken Sumralle5032c42012-04-01 23:58:44 -07001641
1642 /* startup service classes main and late_start */
1643 property_set("vold.decrypt", "trigger_restart_framework");
1644 SLOGD("Just triggered restart_framework\n");
1645
1646 /* Give it a few moments to get started */
1647 sleep(1);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001648 }
1649
Ken Sumrall0cc16632011-01-18 20:32:26 -08001650 if (rc == 0) {
1651 restart_successful = 1;
1652 }
1653
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001654 return rc;
1655}
1656
Paul Lawrencef4faa572014-01-29 13:31:03 -08001657int cryptfs_restart(void)
1658{
Paul Lawrence05335c32015-03-05 09:46:23 -08001659 SLOGI("cryptfs_restart");
1660 if (e4crypt_crypto_complete(DATA_MNT_POINT) == 0) {
1661 struct fstab_rec* rec;
1662 int rc;
1663
1664 if (e4crypt_restart(DATA_MNT_POINT)) {
1665 SLOGE("Can't unmount e4crypt temp volume\n");
1666 return -1;
1667 }
1668
1669 rec = fs_mgr_get_entry_for_mount_point(fstab, DATA_MNT_POINT);
1670 if (!rec) {
1671 SLOGE("Can't get fstab record for %s\n", DATA_MNT_POINT);
1672 return -1;
1673 }
1674
1675 rc = fs_mgr_do_mount(fstab, DATA_MNT_POINT, rec->blk_device, 0);
1676 if (rc) {
1677 SLOGE("Can't mount %s\n", DATA_MNT_POINT);
1678 return rc;
1679 }
1680
1681 property_set("vold.decrypt", "trigger_restart_framework");
1682 return 0;
1683 }
1684
Paul Lawrencef4faa572014-01-29 13:31:03 -08001685 /* Call internal implementation forcing a restart of main service group */
1686 return cryptfs_restart_internal(1);
1687}
1688
Paul Lawrence05335c32015-03-05 09:46:23 -08001689static int do_crypto_complete(char *mount_point)
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08001690{
1691 struct crypt_mnt_ftr crypt_ftr;
Ken Sumrall29d8da82011-05-18 17:20:07 -07001692 char encrypted_state[PROPERTY_VALUE_MAX];
Ken Sumralle1a45852011-12-14 21:24:27 -08001693 char key_loc[PROPERTY_VALUE_MAX];
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08001694
1695 property_get("ro.crypto.state", encrypted_state, "");
1696 if (strcmp(encrypted_state, "encrypted") ) {
1697 SLOGE("not running with encryption, aborting");
Paul Lawrence74f29f12014-08-28 15:54:10 -07001698 return CRYPTO_COMPLETE_NOT_ENCRYPTED;
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08001699 }
1700
Paul Lawrence05335c32015-03-05 09:46:23 -08001701 if (e4crypt_crypto_complete(mount_point) == 0) {
1702 return CRYPTO_COMPLETE_ENCRYPTED;
1703 }
1704
Ken Sumrall160b4d62013-04-22 12:15:39 -07001705 if (get_crypt_ftr_and_key(&crypt_ftr)) {
Ken Sumrall56ad03c2013-02-13 13:00:19 -08001706 fs_mgr_get_crypt_info(fstab, key_loc, 0, sizeof(key_loc));
Ken Sumralle5032c42012-04-01 23:58:44 -07001707
Ken Sumralle1a45852011-12-14 21:24:27 -08001708 /*
1709 * Only report this error if key_loc is a file and it exists.
1710 * If the device was never encrypted, and /data is not mountable for
1711 * some reason, returning 1 should prevent the UI from presenting the
1712 * a "enter password" screen, or worse, a "press button to wipe the
1713 * device" screen.
1714 */
1715 if ((key_loc[0] == '/') && (access("key_loc", F_OK) == -1)) {
1716 SLOGE("master key file does not exist, aborting");
Paul Lawrence74f29f12014-08-28 15:54:10 -07001717 return CRYPTO_COMPLETE_NOT_ENCRYPTED;
Ken Sumralle1a45852011-12-14 21:24:27 -08001718 } else {
1719 SLOGE("Error getting crypt footer and key\n");
Paul Lawrence74f29f12014-08-28 15:54:10 -07001720 return CRYPTO_COMPLETE_BAD_METADATA;
Ken Sumralle1a45852011-12-14 21:24:27 -08001721 }
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08001722 }
1723
Paul Lawrence74f29f12014-08-28 15:54:10 -07001724 // Test for possible error flags
1725 if (crypt_ftr.flags & CRYPT_ENCRYPTION_IN_PROGRESS){
1726 SLOGE("Encryption process is partway completed\n");
1727 return CRYPTO_COMPLETE_PARTIAL;
1728 }
1729
1730 if (crypt_ftr.flags & CRYPT_INCONSISTENT_STATE){
1731 SLOGE("Encryption process was interrupted but cannot continue\n");
1732 return CRYPTO_COMPLETE_INCONSISTENT;
1733 }
1734
1735 if (crypt_ftr.flags & CRYPT_DATA_CORRUPT){
1736 SLOGE("Encryption is successful but data is corrupt\n");
1737 return CRYPTO_COMPLETE_CORRUPT;
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08001738 }
1739
1740 /* We passed the test! We shall diminish, and return to the west */
Paul Lawrence74f29f12014-08-28 15:54:10 -07001741 return CRYPTO_COMPLETE_ENCRYPTED;
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08001742}
1743
Paul Lawrencef4faa572014-01-29 13:31:03 -08001744static int test_mount_encrypted_fs(struct crypt_mnt_ftr* crypt_ftr,
1745 char *passwd, char *mount_point, char *label)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001746{
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001747 /* Allocate enough space for a 256 bit key, but we may use less */
Ken Sumrall160b4d62013-04-22 12:15:39 -07001748 unsigned char decrypted_master_key[32];
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001749 char crypto_blkdev[MAXPATHLEN];
1750 char real_blkdev[MAXPATHLEN];
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001751 char tmp_mount_point[64];
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001752 unsigned int orig_failed_decrypt_count;
1753 int rc;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001754 int use_keymaster = 0;
1755 int upgrade = 0;
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001756 unsigned char* intermediate_key = 0;
1757 size_t intermediate_key_size = 0;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001758
Paul Lawrencef4faa572014-01-29 13:31:03 -08001759 SLOGD("crypt_ftr->fs_size = %lld\n", crypt_ftr->fs_size);
1760 orig_failed_decrypt_count = crypt_ftr->failed_decrypt_count;
Ken Sumrall0cc16632011-01-18 20:32:26 -08001761
Paul Lawrencef4faa572014-01-29 13:31:03 -08001762 if (! (crypt_ftr->flags & CRYPT_MNT_KEY_UNENCRYPTED) ) {
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001763 if (decrypt_master_key(passwd, decrypted_master_key, crypt_ftr,
1764 &intermediate_key, &intermediate_key_size)) {
JP Abgrall7bdfa522013-11-15 13:42:56 -08001765 SLOGE("Failed to decrypt master key\n");
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001766 rc = -1;
1767 goto errout;
JP Abgrall7bdfa522013-11-15 13:42:56 -08001768 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001769 }
1770
Paul Lawrencef4faa572014-01-29 13:31:03 -08001771 fs_mgr_get_crypt_info(fstab, 0, real_blkdev, sizeof(real_blkdev));
1772
Ajay Dudani87701e22014-09-17 21:02:52 -07001773#ifdef CONFIG_HW_DISK_ENCRYPTION
Iliyan Malchevbb7d9af2014-11-20 18:42:23 -08001774 if (!strcmp((char *)crypt_ftr->crypto_type_name, "aes-xts")) {
1775 if(!set_hw_device_encryption_key(passwd, (char*) crypt_ftr->crypto_type_name)) {
1776 SLOGE("Hardware encryption key does not match");
1777 }
Ajay Dudani87701e22014-09-17 21:02:52 -07001778 }
1779#endif
1780
Paul Lawrence74f29f12014-08-28 15:54:10 -07001781 // Create crypto block device - all (non fatal) code paths
1782 // need it
Paul Lawrencef4faa572014-01-29 13:31:03 -08001783 if (create_crypto_blk_dev(crypt_ftr, decrypted_master_key,
1784 real_blkdev, crypto_blkdev, label)) {
Paul Lawrence74f29f12014-08-28 15:54:10 -07001785 SLOGE("Error creating decrypted block device\n");
1786 rc = -1;
1787 goto errout;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001788 }
1789
Paul Lawrence74f29f12014-08-28 15:54:10 -07001790 /* Work out if the problem is the password or the data */
1791 unsigned char scrypted_intermediate_key[sizeof(crypt_ftr->
1792 scrypted_intermediate_key)];
1793 int N = 1 << crypt_ftr->N_factor;
1794 int r = 1 << crypt_ftr->r_factor;
1795 int p = 1 << crypt_ftr->p_factor;
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001796
Paul Lawrence74f29f12014-08-28 15:54:10 -07001797 rc = crypto_scrypt(intermediate_key, intermediate_key_size,
1798 crypt_ftr->salt, sizeof(crypt_ftr->salt),
1799 N, r, p, scrypted_intermediate_key,
1800 sizeof(scrypted_intermediate_key));
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001801
Paul Lawrence74f29f12014-08-28 15:54:10 -07001802 // Does the key match the crypto footer?
1803 if (rc == 0 && memcmp(scrypted_intermediate_key,
1804 crypt_ftr->scrypted_intermediate_key,
1805 sizeof(scrypted_intermediate_key)) == 0) {
1806 SLOGI("Password matches");
1807 rc = 0;
1808 } else {
1809 /* Try mounting the file system anyway, just in case the problem's with
1810 * the footer, not the key. */
1811 sprintf(tmp_mount_point, "%s/tmp_mnt", mount_point);
1812 mkdir(tmp_mount_point, 0755);
1813 if (fs_mgr_do_mount(fstab, DATA_MNT_POINT, crypto_blkdev, tmp_mount_point)) {
1814 SLOGE("Error temp mounting decrypted block device\n");
1815 delete_crypto_blk_dev(label);
1816
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001817 rc = ++crypt_ftr->failed_decrypt_count;
1818 put_crypt_ftr_and_key(crypt_ftr);
Paul Lawrence74f29f12014-08-28 15:54:10 -07001819 } else {
1820 /* Success! */
1821 SLOGI("Password did not match but decrypted drive mounted - continue");
1822 umount(tmp_mount_point);
1823 rc = 0;
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001824 }
Paul Lawrence74f29f12014-08-28 15:54:10 -07001825 }
1826
1827 if (rc == 0) {
1828 crypt_ftr->failed_decrypt_count = 0;
Paul Lawrence72b8b822014-10-05 12:57:37 -07001829 if (orig_failed_decrypt_count != 0) {
1830 put_crypt_ftr_and_key(crypt_ftr);
1831 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001832
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001833 /* Save the name of the crypto block device
Paul Lawrence74f29f12014-08-28 15:54:10 -07001834 * so we can mount it when restarting the framework. */
Ken Sumrall6864b7e2011-01-14 15:20:02 -08001835 property_set("ro.crypto.fs_crypto_blkdev", crypto_blkdev);
Jason parks70a4b3f2011-01-28 10:10:47 -06001836
1837 /* Also save a the master key so we can reencrypted the key
Paul Lawrence74f29f12014-08-28 15:54:10 -07001838 * the key when we want to change the password on it. */
Jason parks70a4b3f2011-01-28 10:10:47 -06001839 memcpy(saved_master_key, decrypted_master_key, KEY_LEN_BYTES);
Ken Sumrall3ad90722011-10-04 20:38:29 -07001840 saved_mount_point = strdup(mount_point);
Jason parks70a4b3f2011-01-28 10:10:47 -06001841 master_key_saved = 1;
JP Abgrall7bdfa522013-11-15 13:42:56 -08001842 SLOGD("%s(): Master key saved\n", __FUNCTION__);
Ken Sumrall6864b7e2011-01-14 15:20:02 -08001843 rc = 0;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001844
Paul Lawrence74f29f12014-08-28 15:54:10 -07001845 // Upgrade if we're not using the latest KDF.
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001846 use_keymaster = keymaster_check_compatibility();
1847 if (crypt_ftr->kdf_type == KDF_SCRYPT_KEYMASTER) {
Shawn Willden47ba10d2014-09-03 17:07:06 -06001848 // Don't allow downgrade
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001849 } else if (use_keymaster == 1 && crypt_ftr->kdf_type != KDF_SCRYPT_KEYMASTER) {
1850 crypt_ftr->kdf_type = KDF_SCRYPT_KEYMASTER;
1851 upgrade = 1;
1852 } else if (use_keymaster == 0 && crypt_ftr->kdf_type != KDF_SCRYPT) {
Paul Lawrencef4faa572014-01-29 13:31:03 -08001853 crypt_ftr->kdf_type = KDF_SCRYPT;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001854 upgrade = 1;
1855 }
1856
1857 if (upgrade) {
Paul Lawrencef4faa572014-01-29 13:31:03 -08001858 rc = encrypt_master_key(passwd, crypt_ftr->salt, saved_master_key,
1859 crypt_ftr->master_key, crypt_ftr);
JP Abgrall7bdfa522013-11-15 13:42:56 -08001860 if (!rc) {
Paul Lawrencef4faa572014-01-29 13:31:03 -08001861 rc = put_crypt_ftr_and_key(crypt_ftr);
JP Abgrall7bdfa522013-11-15 13:42:56 -08001862 }
1863 SLOGD("Key Derivation Function upgrade: rc=%d\n", rc);
Paul Lawrenceb2f682b2014-09-08 11:28:19 -07001864
1865 // Do not fail even if upgrade failed - machine is bootable
1866 // Note that if this code is ever hit, there is a *serious* problem
1867 // since KDFs should never fail. You *must* fix the kdf before
1868 // proceeding!
1869 if (rc) {
1870 SLOGW("Upgrade failed with error %d,"
1871 " but continuing with previous state",
1872 rc);
1873 rc = 0;
1874 }
JP Abgrall7bdfa522013-11-15 13:42:56 -08001875 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001876 }
1877
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001878 errout:
1879 if (intermediate_key) {
1880 memset(intermediate_key, 0, intermediate_key_size);
1881 free(intermediate_key);
1882 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001883 return rc;
1884}
1885
Ken Sumrall29d8da82011-05-18 17:20:07 -07001886/*
Jeff Sharkey9c484982015-03-31 10:35:33 -07001887 * Called by vold when it's asked to mount an encrypted external
1888 * storage volume. The incoming partition has no crypto header/footer,
1889 * as any metadata is been stored in a separate, small partition.
1890 *
1891 * out_crypto_blkdev must be MAXPATHLEN.
Ken Sumrall29d8da82011-05-18 17:20:07 -07001892 */
Jeff Sharkey9c484982015-03-31 10:35:33 -07001893int cryptfs_setup_ext_volume(const char* label, const char* real_blkdev,
1894 const unsigned char* key, int keysize, char* out_crypto_blkdev) {
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07001895 int fd = open(real_blkdev, O_RDONLY|O_CLOEXEC);
Hiroaki Miyazawa14eab552015-02-04 13:29:15 +09001896 if (fd == -1) {
Jeff Sharkey9c484982015-03-31 10:35:33 -07001897 SLOGE("Failed to open %s: %s", real_blkdev, strerror(errno));
Hiroaki Miyazawa14eab552015-02-04 13:29:15 +09001898 return -1;
1899 }
1900
1901 unsigned long nr_sec = 0;
1902 get_blkdev_size(fd, &nr_sec);
Ken Sumrall29d8da82011-05-18 17:20:07 -07001903 close(fd);
Hiroaki Miyazawa14eab552015-02-04 13:29:15 +09001904
Ken Sumrall29d8da82011-05-18 17:20:07 -07001905 if (nr_sec == 0) {
Jeff Sharkey9c484982015-03-31 10:35:33 -07001906 SLOGE("Failed to get size of %s: %s", real_blkdev, strerror(errno));
Ken Sumrall29d8da82011-05-18 17:20:07 -07001907 return -1;
1908 }
1909
Jeff Sharkey9c484982015-03-31 10:35:33 -07001910 struct crypt_mnt_ftr ext_crypt_ftr;
1911 memset(&ext_crypt_ftr, 0, sizeof(ext_crypt_ftr));
1912 ext_crypt_ftr.fs_size = nr_sec;
1913 ext_crypt_ftr.keysize = keysize;
1914 strcpy((char*) ext_crypt_ftr.crypto_type_name, "aes-cbc-essiv:sha256");
Ken Sumrall29d8da82011-05-18 17:20:07 -07001915
Jeff Sharkey9c484982015-03-31 10:35:33 -07001916 return create_crypto_blk_dev(&ext_crypt_ftr, key, real_blkdev,
1917 out_crypto_blkdev, label);
1918}
Ken Sumrall29d8da82011-05-18 17:20:07 -07001919
Jeff Sharkey9c484982015-03-31 10:35:33 -07001920/*
1921 * Called by vold when it's asked to unmount an encrypted external
1922 * storage volume.
1923 */
1924int cryptfs_revert_ext_volume(const char* label) {
1925 return delete_crypto_blk_dev((char*) label);
Ken Sumrall29d8da82011-05-18 17:20:07 -07001926}
1927
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08001928int cryptfs_crypto_complete(void)
1929{
1930 return do_crypto_complete("/data");
1931}
1932
Paul Lawrencef4faa572014-01-29 13:31:03 -08001933int check_unmounted_and_get_ftr(struct crypt_mnt_ftr* crypt_ftr)
1934{
1935 char encrypted_state[PROPERTY_VALUE_MAX];
1936 property_get("ro.crypto.state", encrypted_state, "");
1937 if ( master_key_saved || strcmp(encrypted_state, "encrypted") ) {
1938 SLOGE("encrypted fs already validated or not running with encryption,"
1939 " aborting");
1940 return -1;
1941 }
1942
1943 if (get_crypt_ftr_and_key(crypt_ftr)) {
1944 SLOGE("Error getting crypt footer and key");
1945 return -1;
1946 }
1947
1948 return 0;
1949}
1950
Paul Lawrencefc615042014-10-04 15:32:29 -07001951/*
1952 * TODO - transition patterns to new format in calling code
1953 * and remove this vile hack, and the use of hex in
1954 * the password passing code.
1955 *
1956 * Patterns are passed in zero based (i.e. the top left dot
1957 * is represented by zero, the top middle one etc), but we want
1958 * to store them '1' based.
1959 * This is to allow us to migrate the calling code to use this
1960 * convention. It also solves a nasty problem whereby scrypt ignores
1961 * trailing zeros, so patterns ending at the top left could be
1962 * truncated, and similarly, you could add the top left to any
1963 * pattern and still match.
1964 * adjust_passwd is a hack function that returns the alternate representation
1965 * if the password appears to be a pattern (hex numbers all less than 09)
1966 * If it succeeds we need to try both, and in particular try the alternate
1967 * first. If the original matches, then we need to update the footer
1968 * with the alternate.
1969 * All code that accepts passwords must adjust them first. Since
1970 * cryptfs_check_passwd is always the first function called after a migration
1971 * (and indeed on any boot) we only need to do the double try in this
1972 * function.
1973 */
1974char* adjust_passwd(const char* passwd)
1975{
1976 size_t index, length;
1977
1978 if (!passwd) {
1979 return 0;
1980 }
1981
1982 // Check even length. Hex encoded passwords are always
1983 // an even length, since each character encodes to two characters.
1984 length = strlen(passwd);
1985 if (length % 2) {
1986 SLOGW("Password not correctly hex encoded.");
1987 return 0;
1988 }
1989
1990 // Check password is old-style pattern - a collection of hex
1991 // encoded bytes less than 9 (00 through 08)
1992 for (index = 0; index < length; index +=2) {
1993 if (passwd[index] != '0'
1994 || passwd[index + 1] < '0' || passwd[index + 1] > '8') {
1995 return 0;
1996 }
1997 }
1998
1999 // Allocate room for adjusted passwd and null terminate
2000 char* adjusted = malloc(length + 1);
2001 adjusted[length] = 0;
2002
2003 // Add 0x31 ('1') to each character
2004 for (index = 0; index < length; index += 2) {
2005 // output is 31 through 39 so set first byte to three, second to src + 1
2006 adjusted[index] = '3';
2007 adjusted[index + 1] = passwd[index + 1] + 1;
2008 }
2009
2010 return adjusted;
2011}
2012
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002013int cryptfs_check_passwd(char *passwd)
2014{
Paul Lawrence05335c32015-03-05 09:46:23 -08002015 SLOGI("cryptfs_check_passwd");
2016 if (e4crypt_crypto_complete(DATA_MNT_POINT) == 0) {
2017 return e4crypt_check_passwd(DATA_MNT_POINT, passwd);
2018 }
2019
Paul Lawrencef4faa572014-01-29 13:31:03 -08002020 struct crypt_mnt_ftr crypt_ftr;
2021 int rc;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002022
Paul Lawrencef4faa572014-01-29 13:31:03 -08002023 rc = check_unmounted_and_get_ftr(&crypt_ftr);
2024 if (rc)
2025 return rc;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002026
Paul Lawrencefc615042014-10-04 15:32:29 -07002027 char* adjusted_passwd = adjust_passwd(passwd);
2028 if (adjusted_passwd) {
2029 int failed_decrypt_count = crypt_ftr.failed_decrypt_count;
2030 rc = test_mount_encrypted_fs(&crypt_ftr, adjusted_passwd,
2031 DATA_MNT_POINT, "userdata");
2032
2033 // Maybe the original one still works?
2034 if (rc) {
2035 // Don't double count this failure
2036 crypt_ftr.failed_decrypt_count = failed_decrypt_count;
2037 rc = test_mount_encrypted_fs(&crypt_ftr, passwd,
2038 DATA_MNT_POINT, "userdata");
2039 if (!rc) {
2040 // cryptfs_changepw also adjusts so pass original
2041 // Note that adjust_passwd only recognises patterns
2042 // so we can safely use CRYPT_TYPE_PATTERN
2043 SLOGI("Updating pattern to new format");
2044 cryptfs_changepw(CRYPT_TYPE_PATTERN, passwd);
2045 }
2046 }
2047 free(adjusted_passwd);
2048 } else {
2049 rc = test_mount_encrypted_fs(&crypt_ftr, passwd,
2050 DATA_MNT_POINT, "userdata");
2051 }
Paul Lawrence684dbdf2014-02-07 12:07:22 -08002052
2053 if (rc == 0 && crypt_ftr.crypt_type != CRYPT_TYPE_DEFAULT) {
Paul Lawrence399317e2014-03-10 13:20:50 -07002054 cryptfs_clear_password();
2055 password = strdup(passwd);
2056 struct timespec now;
2057 clock_gettime(CLOCK_BOOTTIME, &now);
2058 password_expiry_time = now.tv_sec + password_max_age_seconds;
Paul Lawrence684dbdf2014-02-07 12:07:22 -08002059 }
2060
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002061 return rc;
2062}
2063
Ken Sumrall3ad90722011-10-04 20:38:29 -07002064int cryptfs_verify_passwd(char *passwd)
2065{
2066 struct crypt_mnt_ftr crypt_ftr;
2067 /* Allocate enough space for a 256 bit key, but we may use less */
Ken Sumrall160b4d62013-04-22 12:15:39 -07002068 unsigned char decrypted_master_key[32];
Ken Sumrall3ad90722011-10-04 20:38:29 -07002069 char encrypted_state[PROPERTY_VALUE_MAX];
2070 int rc;
2071
2072 property_get("ro.crypto.state", encrypted_state, "");
2073 if (strcmp(encrypted_state, "encrypted") ) {
2074 SLOGE("device not encrypted, aborting");
2075 return -2;
2076 }
2077
2078 if (!master_key_saved) {
2079 SLOGE("encrypted fs not yet mounted, aborting");
2080 return -1;
2081 }
2082
2083 if (!saved_mount_point) {
2084 SLOGE("encrypted fs failed to save mount point, aborting");
2085 return -1;
2086 }
2087
Ken Sumrall160b4d62013-04-22 12:15:39 -07002088 if (get_crypt_ftr_and_key(&crypt_ftr)) {
Ken Sumrall3ad90722011-10-04 20:38:29 -07002089 SLOGE("Error getting crypt footer and key\n");
2090 return -1;
2091 }
2092
2093 if (crypt_ftr.flags & CRYPT_MNT_KEY_UNENCRYPTED) {
2094 /* If the device has no password, then just say the password is valid */
2095 rc = 0;
2096 } else {
Paul Lawrencefc615042014-10-04 15:32:29 -07002097 char* adjusted_passwd = adjust_passwd(passwd);
2098 if (adjusted_passwd) {
2099 passwd = adjusted_passwd;
2100 }
2101
Paul Lawrenced0c7b172014-08-08 14:28:10 -07002102 decrypt_master_key(passwd, decrypted_master_key, &crypt_ftr, 0, 0);
Ken Sumrall3ad90722011-10-04 20:38:29 -07002103 if (!memcmp(decrypted_master_key, saved_master_key, crypt_ftr.keysize)) {
2104 /* They match, the password is correct */
2105 rc = 0;
2106 } else {
2107 /* If incorrect, sleep for a bit to prevent dictionary attacks */
2108 sleep(1);
2109 rc = 1;
2110 }
Paul Lawrencefc615042014-10-04 15:32:29 -07002111
2112 free(adjusted_passwd);
Ken Sumrall3ad90722011-10-04 20:38:29 -07002113 }
2114
2115 return rc;
2116}
2117
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002118/* Initialize a crypt_mnt_ftr structure. The keysize is
2119 * defaulted to 16 bytes, and the filesystem size to 0.
2120 * Presumably, at a minimum, the caller will update the
2121 * filesystem size and crypto_type_name after calling this function.
2122 */
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07002123static int cryptfs_init_crypt_mnt_ftr(struct crypt_mnt_ftr *ftr)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002124{
Ken Sumrall160b4d62013-04-22 12:15:39 -07002125 off64_t off;
2126
2127 memset(ftr, 0, sizeof(struct crypt_mnt_ftr));
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002128 ftr->magic = CRYPT_MNT_MAGIC;
Kenny Rootc96a5f82013-06-14 12:08:28 -07002129 ftr->major_version = CURRENT_MAJOR_VERSION;
2130 ftr->minor_version = CURRENT_MINOR_VERSION;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002131 ftr->ftr_size = sizeof(struct crypt_mnt_ftr);
Jason parks70a4b3f2011-01-28 10:10:47 -06002132 ftr->keysize = KEY_LEN_BYTES;
Ken Sumrall160b4d62013-04-22 12:15:39 -07002133
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07002134 switch (keymaster_check_compatibility()) {
2135 case 1:
2136 ftr->kdf_type = KDF_SCRYPT_KEYMASTER;
2137 break;
2138
2139 case 0:
2140 ftr->kdf_type = KDF_SCRYPT;
2141 break;
2142
2143 default:
2144 SLOGE("keymaster_check_compatibility failed");
2145 return -1;
2146 }
2147
Kenny Rootc4c70f12013-06-14 12:11:38 -07002148 get_device_scrypt_params(ftr);
2149
Ken Sumrall160b4d62013-04-22 12:15:39 -07002150 ftr->persist_data_size = CRYPT_PERSIST_DATA_SIZE;
2151 if (get_crypt_ftr_info(NULL, &off) == 0) {
2152 ftr->persist_data_offset[0] = off + CRYPT_FOOTER_TO_PERSIST_OFFSET;
2153 ftr->persist_data_offset[1] = off + CRYPT_FOOTER_TO_PERSIST_OFFSET +
2154 ftr->persist_data_size;
2155 }
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07002156
2157 return 0;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002158}
2159
Ken Sumrall29d8da82011-05-18 17:20:07 -07002160static int cryptfs_enable_wipe(char *crypto_blkdev, off64_t size, int type)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002161{
Ken Sumralle550f782013-08-20 13:48:23 -07002162 const char *args[10];
2163 char size_str[32]; /* Must be large enough to hold a %lld and null byte */
2164 int num_args;
2165 int status;
2166 int tmp;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002167 int rc = -1;
2168
Ken Sumrall29d8da82011-05-18 17:20:07 -07002169 if (type == EXT4_FS) {
Ken Sumralle550f782013-08-20 13:48:23 -07002170 args[0] = "/system/bin/make_ext4fs";
2171 args[1] = "-a";
2172 args[2] = "/data";
2173 args[3] = "-l";
Elliott Hughes73737162014-06-25 17:27:42 -07002174 snprintf(size_str, sizeof(size_str), "%" PRId64, size * 512);
Ken Sumralle550f782013-08-20 13:48:23 -07002175 args[4] = size_str;
2176 args[5] = crypto_blkdev;
2177 num_args = 6;
2178 SLOGI("Making empty filesystem with command %s %s %s %s %s %s\n",
2179 args[0], args[1], args[2], args[3], args[4], args[5]);
JP Abgrall62c7af32014-06-16 13:01:23 -07002180 } else if (type == F2FS_FS) {
2181 args[0] = "/system/bin/mkfs.f2fs";
2182 args[1] = "-t";
2183 args[2] = "-d1";
2184 args[3] = crypto_blkdev;
Elliott Hughes73737162014-06-25 17:27:42 -07002185 snprintf(size_str, sizeof(size_str), "%" PRId64, size);
JP Abgrall62c7af32014-06-16 13:01:23 -07002186 args[4] = size_str;
2187 num_args = 5;
2188 SLOGI("Making empty filesystem with command %s %s %s %s %s\n",
2189 args[0], args[1], args[2], args[3], args[4]);
Ken Sumrall29d8da82011-05-18 17:20:07 -07002190 } else {
2191 SLOGE("cryptfs_enable_wipe(): unknown filesystem type %d\n", type);
2192 return -1;
2193 }
2194
Ken Sumralle550f782013-08-20 13:48:23 -07002195 tmp = android_fork_execvp(num_args, (char **)args, &status, false, true);
2196
2197 if (tmp != 0) {
2198 SLOGE("Error creating empty filesystem on %s due to logwrap error\n", crypto_blkdev);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002199 } else {
Ken Sumralle550f782013-08-20 13:48:23 -07002200 if (WIFEXITED(status)) {
2201 if (WEXITSTATUS(status)) {
2202 SLOGE("Error creating filesystem on %s, exit status %d ",
2203 crypto_blkdev, WEXITSTATUS(status));
2204 } else {
2205 SLOGD("Successfully created filesystem on %s\n", crypto_blkdev);
2206 rc = 0;
2207 }
2208 } else {
2209 SLOGE("Error creating filesystem on %s, did not exit normally\n", crypto_blkdev);
2210 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002211 }
2212
2213 return rc;
2214}
2215
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002216#define CRYPT_INPLACE_BUFSIZE 4096
Paul Lawrence87999172014-02-20 12:21:31 -08002217#define CRYPT_SECTORS_PER_BUFSIZE (CRYPT_INPLACE_BUFSIZE / CRYPT_SECTOR_SIZE)
2218#define CRYPT_SECTOR_SIZE 512
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002219
2220/* aligned 32K writes tends to make flash happy.
2221 * SD card association recommends it.
2222 */
Ajay Dudani87701e22014-09-17 21:02:52 -07002223#ifndef CONFIG_HW_DISK_ENCRYPTION
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002224#define BLOCKS_AT_A_TIME 8
Ajay Dudani87701e22014-09-17 21:02:52 -07002225#else
2226#define BLOCKS_AT_A_TIME 1024
2227#endif
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002228
2229struct encryptGroupsData
2230{
2231 int realfd;
2232 int cryptofd;
2233 off64_t numblocks;
2234 off64_t one_pct, cur_pct, new_pct;
2235 off64_t blocks_already_done, tot_numblocks;
Paul Lawrence58c58cf2014-06-04 13:12:21 -07002236 off64_t used_blocks_already_done, tot_used_blocks;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002237 char* real_blkdev, * crypto_blkdev;
2238 int count;
2239 off64_t offset;
2240 char* buffer;
Paul Lawrence87999172014-02-20 12:21:31 -08002241 off64_t last_written_sector;
2242 int completed;
Paul Lawrencea96d9c92014-06-04 14:05:01 -07002243 time_t time_started;
2244 int remaining_time;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002245};
2246
Paul Lawrence58c58cf2014-06-04 13:12:21 -07002247static void update_progress(struct encryptGroupsData* data, int is_used)
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002248{
2249 data->blocks_already_done++;
Paul Lawrence58c58cf2014-06-04 13:12:21 -07002250
2251 if (is_used) {
2252 data->used_blocks_already_done++;
2253 }
Paul Lawrence58c58cf2014-06-04 13:12:21 -07002254 if (data->tot_used_blocks) {
2255 data->new_pct = data->used_blocks_already_done / data->one_pct;
2256 } else {
2257 data->new_pct = data->blocks_already_done / data->one_pct;
2258 }
2259
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002260 if (data->new_pct > data->cur_pct) {
2261 char buf[8];
2262 data->cur_pct = data->new_pct;
Elliott Hughescb33f572014-06-25 18:25:11 -07002263 snprintf(buf, sizeof(buf), "%" PRId64, data->cur_pct);
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002264 property_set("vold.encrypt_progress", buf);
2265 }
Paul Lawrencea96d9c92014-06-04 14:05:01 -07002266
2267 if (data->cur_pct >= 5) {
Paul Lawrence9c58a872014-09-30 09:12:51 -07002268 struct timespec time_now;
2269 if (clock_gettime(CLOCK_MONOTONIC, &time_now)) {
2270 SLOGW("Error getting time");
2271 } else {
2272 double elapsed_time = difftime(time_now.tv_sec, data->time_started);
2273 off64_t remaining_blocks = data->tot_used_blocks
2274 - data->used_blocks_already_done;
2275 int remaining_time = (int)(elapsed_time * remaining_blocks
2276 / data->used_blocks_already_done);
Paul Lawrence71577502014-08-13 14:55:55 -07002277
Paul Lawrence9c58a872014-09-30 09:12:51 -07002278 // Change time only if not yet set, lower, or a lot higher for
2279 // best user experience
2280 if (data->remaining_time == -1
2281 || remaining_time < data->remaining_time
2282 || remaining_time > data->remaining_time + 60) {
2283 char buf[8];
2284 snprintf(buf, sizeof(buf), "%d", remaining_time);
2285 property_set("vold.encrypt_time_remaining", buf);
2286 data->remaining_time = remaining_time;
2287 }
Paul Lawrencea96d9c92014-06-04 14:05:01 -07002288 }
2289 }
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002290}
2291
Paul Lawrence3846be12014-09-22 11:33:54 -07002292static void log_progress(struct encryptGroupsData const* data, bool completed)
2293{
2294 // Precondition - if completed data = 0 else data != 0
2295
2296 // Track progress so we can skip logging blocks
2297 static off64_t offset = -1;
2298
2299 // Need to close existing 'Encrypting from' log?
2300 if (completed || (offset != -1 && data->offset != offset)) {
2301 SLOGI("Encrypted to sector %" PRId64,
2302 offset / info.block_size * CRYPT_SECTOR_SIZE);
2303 offset = -1;
2304 }
2305
2306 // Need to start new 'Encrypting from' log?
2307 if (!completed && offset != data->offset) {
2308 SLOGI("Encrypting from sector %" PRId64,
2309 data->offset / info.block_size * CRYPT_SECTOR_SIZE);
2310 }
2311
2312 // Update offset
2313 if (!completed) {
2314 offset = data->offset + (off64_t)data->count * info.block_size;
2315 }
2316}
2317
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002318static int flush_outstanding_data(struct encryptGroupsData* data)
2319{
2320 if (data->count == 0) {
2321 return 0;
2322 }
2323
Elliott Hughes231bdba2014-06-25 18:36:19 -07002324 SLOGV("Copying %d blocks at offset %" PRIx64, data->count, data->offset);
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002325
2326 if (pread64(data->realfd, data->buffer,
2327 info.block_size * data->count, data->offset)
2328 <= 0) {
2329 SLOGE("Error reading real_blkdev %s for inplace encrypt",
2330 data->real_blkdev);
2331 return -1;
2332 }
2333
2334 if (pwrite64(data->cryptofd, data->buffer,
2335 info.block_size * data->count, data->offset)
2336 <= 0) {
2337 SLOGE("Error writing crypto_blkdev %s for inplace encrypt",
2338 data->crypto_blkdev);
2339 return -1;
Paul Lawrence87999172014-02-20 12:21:31 -08002340 } else {
Paul Lawrence3846be12014-09-22 11:33:54 -07002341 log_progress(data, false);
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002342 }
2343
2344 data->count = 0;
Paul Lawrence87999172014-02-20 12:21:31 -08002345 data->last_written_sector = (data->offset + data->count)
2346 / info.block_size * CRYPT_SECTOR_SIZE - 1;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002347 return 0;
2348}
2349
2350static int encrypt_groups(struct encryptGroupsData* data)
2351{
2352 unsigned int i;
2353 u8 *block_bitmap = 0;
2354 unsigned int block;
2355 off64_t ret;
2356 int rc = -1;
2357
2358 data->buffer = malloc(info.block_size * BLOCKS_AT_A_TIME);
2359 if (!data->buffer) {
2360 SLOGE("Failed to allocate crypto buffer");
2361 goto errout;
2362 }
2363
2364 block_bitmap = malloc(info.block_size);
2365 if (!block_bitmap) {
2366 SLOGE("failed to allocate block bitmap");
2367 goto errout;
2368 }
2369
2370 for (i = 0; i < aux_info.groups; ++i) {
2371 SLOGI("Encrypting group %d", i);
2372
2373 u32 first_block = aux_info.first_data_block + i * info.blocks_per_group;
2374 u32 block_count = min(info.blocks_per_group,
2375 aux_info.len_blocks - first_block);
2376
2377 off64_t offset = (u64)info.block_size
2378 * aux_info.bg_desc[i].bg_block_bitmap;
2379
2380 ret = pread64(data->realfd, block_bitmap, info.block_size, offset);
2381 if (ret != (int)info.block_size) {
2382 SLOGE("failed to read all of block group bitmap %d", i);
2383 goto errout;
2384 }
2385
2386 offset = (u64)info.block_size * first_block;
2387
2388 data->count = 0;
2389
2390 for (block = 0; block < block_count; block++) {
Paul Lawrence58c58cf2014-06-04 13:12:21 -07002391 int used = bitmap_get_bit(block_bitmap, block);
2392 update_progress(data, used);
2393 if (used) {
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002394 if (data->count == 0) {
2395 data->offset = offset;
2396 }
2397 data->count++;
2398 } else {
2399 if (flush_outstanding_data(data)) {
2400 goto errout;
2401 }
2402 }
2403
2404 offset += info.block_size;
2405
2406 /* Write data if we are aligned or buffer size reached */
2407 if (offset % (info.block_size * BLOCKS_AT_A_TIME) == 0
2408 || data->count == BLOCKS_AT_A_TIME) {
2409 if (flush_outstanding_data(data)) {
2410 goto errout;
2411 }
2412 }
Paul Lawrence87999172014-02-20 12:21:31 -08002413
Paul Lawrence73d7a022014-06-09 14:10:09 -07002414 if (!is_battery_ok_to_continue()) {
Paul Lawrence87999172014-02-20 12:21:31 -08002415 SLOGE("Stopping encryption due to low battery");
2416 rc = 0;
2417 goto errout;
2418 }
2419
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002420 }
2421 if (flush_outstanding_data(data)) {
2422 goto errout;
2423 }
2424 }
2425
Paul Lawrence87999172014-02-20 12:21:31 -08002426 data->completed = 1;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002427 rc = 0;
2428
2429errout:
Paul Lawrence3846be12014-09-22 11:33:54 -07002430 log_progress(0, true);
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002431 free(data->buffer);
2432 free(block_bitmap);
2433 return rc;
2434}
2435
2436static int cryptfs_enable_inplace_ext4(char *crypto_blkdev,
2437 char *real_blkdev,
2438 off64_t size,
2439 off64_t *size_already_done,
Paul Lawrence87999172014-02-20 12:21:31 -08002440 off64_t tot_size,
2441 off64_t previously_encrypted_upto)
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002442{
Paul Lawrence58c58cf2014-06-04 13:12:21 -07002443 u32 i;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002444 struct encryptGroupsData data;
Paul Lawrence74f29f12014-08-28 15:54:10 -07002445 int rc; // Can't initialize without causing warning -Wclobbered
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002446
Paul Lawrence87999172014-02-20 12:21:31 -08002447 if (previously_encrypted_upto > *size_already_done) {
2448 SLOGD("Not fast encrypting since resuming part way through");
2449 return -1;
2450 }
2451
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002452 memset(&data, 0, sizeof(data));
2453 data.real_blkdev = real_blkdev;
2454 data.crypto_blkdev = crypto_blkdev;
2455
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07002456 if ( (data.realfd = open(real_blkdev, O_RDWR|O_CLOEXEC)) < 0) {
JP Abgrall3334c6a2014-10-10 15:52:11 -07002457 SLOGE("Error opening real_blkdev %s for inplace encrypt. err=%d(%s)\n",
2458 real_blkdev, errno, strerror(errno));
Paul Lawrence74f29f12014-08-28 15:54:10 -07002459 rc = -1;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002460 goto errout;
2461 }
2462
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07002463 if ( (data.cryptofd = open(crypto_blkdev, O_WRONLY|O_CLOEXEC)) < 0) {
JP Abgrall7fc1de82014-10-10 18:43:41 -07002464 SLOGE("Error opening crypto_blkdev %s for ext4 inplace encrypt. err=%d(%s)\n",
JP Abgrall3334c6a2014-10-10 15:52:11 -07002465 crypto_blkdev, errno, strerror(errno));
JP Abgrall7fc1de82014-10-10 18:43:41 -07002466 rc = ENABLE_INPLACE_ERR_DEV;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002467 goto errout;
2468 }
2469
2470 if (setjmp(setjmp_env)) {
JP Abgrall7fc1de82014-10-10 18:43:41 -07002471 SLOGE("Reading ext4 extent caused an exception\n");
Paul Lawrence74f29f12014-08-28 15:54:10 -07002472 rc = -1;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002473 goto errout;
2474 }
2475
2476 if (read_ext(data.realfd, 0) != 0) {
JP Abgrall7fc1de82014-10-10 18:43:41 -07002477 SLOGE("Failed to read ext4 extent\n");
Paul Lawrence74f29f12014-08-28 15:54:10 -07002478 rc = -1;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002479 goto errout;
2480 }
2481
2482 data.numblocks = size / CRYPT_SECTORS_PER_BUFSIZE;
2483 data.tot_numblocks = tot_size / CRYPT_SECTORS_PER_BUFSIZE;
2484 data.blocks_already_done = *size_already_done / CRYPT_SECTORS_PER_BUFSIZE;
2485
JP Abgrall7fc1de82014-10-10 18:43:41 -07002486 SLOGI("Encrypting ext4 filesystem in place...");
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002487
Paul Lawrence58c58cf2014-06-04 13:12:21 -07002488 data.tot_used_blocks = data.numblocks;
2489 for (i = 0; i < aux_info.groups; ++i) {
2490 data.tot_used_blocks -= aux_info.bg_desc[i].bg_free_blocks_count;
2491 }
2492
2493 data.one_pct = data.tot_used_blocks / 100;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002494 data.cur_pct = 0;
Paul Lawrence9c58a872014-09-30 09:12:51 -07002495
2496 struct timespec time_started = {0};
2497 if (clock_gettime(CLOCK_MONOTONIC, &time_started)) {
2498 SLOGW("Error getting time at start");
2499 // Note - continue anyway - we'll run with 0
2500 }
2501 data.time_started = time_started.tv_sec;
Paul Lawrencea96d9c92014-06-04 14:05:01 -07002502 data.remaining_time = -1;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002503
2504 rc = encrypt_groups(&data);
2505 if (rc) {
2506 SLOGE("Error encrypting groups");
2507 goto errout;
2508 }
2509
Paul Lawrence87999172014-02-20 12:21:31 -08002510 *size_already_done += data.completed ? size : data.last_written_sector;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002511 rc = 0;
2512
2513errout:
2514 close(data.realfd);
2515 close(data.cryptofd);
2516
2517 return rc;
2518}
2519
Paul Lawrence3846be12014-09-22 11:33:54 -07002520static void log_progress_f2fs(u64 block, bool completed)
2521{
2522 // Precondition - if completed data = 0 else data != 0
2523
2524 // Track progress so we can skip logging blocks
2525 static u64 last_block = (u64)-1;
2526
2527 // Need to close existing 'Encrypting from' log?
2528 if (completed || (last_block != (u64)-1 && block != last_block + 1)) {
2529 SLOGI("Encrypted to block %" PRId64, last_block);
2530 last_block = -1;
2531 }
2532
2533 // Need to start new 'Encrypting from' log?
2534 if (!completed && (last_block == (u64)-1 || block != last_block + 1)) {
2535 SLOGI("Encrypting from block %" PRId64, block);
2536 }
2537
2538 // Update offset
2539 if (!completed) {
2540 last_block = block;
2541 }
2542}
2543
Daniel Rosenberge82df162014-08-15 22:19:23 +00002544static int encrypt_one_block_f2fs(u64 pos, void *data)
2545{
2546 struct encryptGroupsData *priv_dat = (struct encryptGroupsData *)data;
2547
2548 priv_dat->blocks_already_done = pos - 1;
2549 update_progress(priv_dat, 1);
2550
2551 off64_t offset = pos * CRYPT_INPLACE_BUFSIZE;
2552
2553 if (pread64(priv_dat->realfd, priv_dat->buffer, CRYPT_INPLACE_BUFSIZE, offset) <= 0) {
JP Abgrall7fc1de82014-10-10 18:43:41 -07002554 SLOGE("Error reading real_blkdev %s for f2fs inplace encrypt", priv_dat->crypto_blkdev);
Daniel Rosenberge82df162014-08-15 22:19:23 +00002555 return -1;
2556 }
2557
2558 if (pwrite64(priv_dat->cryptofd, priv_dat->buffer, CRYPT_INPLACE_BUFSIZE, offset) <= 0) {
JP Abgrall7fc1de82014-10-10 18:43:41 -07002559 SLOGE("Error writing crypto_blkdev %s for f2fs inplace encrypt", priv_dat->crypto_blkdev);
Daniel Rosenberge82df162014-08-15 22:19:23 +00002560 return -1;
2561 } else {
Paul Lawrence3846be12014-09-22 11:33:54 -07002562 log_progress_f2fs(pos, false);
Daniel Rosenberge82df162014-08-15 22:19:23 +00002563 }
2564
2565 return 0;
2566}
2567
2568static int cryptfs_enable_inplace_f2fs(char *crypto_blkdev,
2569 char *real_blkdev,
2570 off64_t size,
2571 off64_t *size_already_done,
2572 off64_t tot_size,
2573 off64_t previously_encrypted_upto)
2574{
Daniel Rosenberge82df162014-08-15 22:19:23 +00002575 struct encryptGroupsData data;
2576 struct f2fs_info *f2fs_info = NULL;
JP Abgrall7fc1de82014-10-10 18:43:41 -07002577 int rc = ENABLE_INPLACE_ERR_OTHER;
Daniel Rosenberge82df162014-08-15 22:19:23 +00002578 if (previously_encrypted_upto > *size_already_done) {
2579 SLOGD("Not fast encrypting since resuming part way through");
JP Abgrall7fc1de82014-10-10 18:43:41 -07002580 return ENABLE_INPLACE_ERR_OTHER;
Daniel Rosenberge82df162014-08-15 22:19:23 +00002581 }
2582 memset(&data, 0, sizeof(data));
2583 data.real_blkdev = real_blkdev;
2584 data.crypto_blkdev = crypto_blkdev;
2585 data.realfd = -1;
2586 data.cryptofd = -1;
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07002587 if ( (data.realfd = open64(real_blkdev, O_RDWR|O_CLOEXEC)) < 0) {
JP Abgrall7fc1de82014-10-10 18:43:41 -07002588 SLOGE("Error opening real_blkdev %s for f2fs inplace encrypt\n",
Daniel Rosenberge82df162014-08-15 22:19:23 +00002589 real_blkdev);
2590 goto errout;
2591 }
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07002592 if ( (data.cryptofd = open64(crypto_blkdev, O_WRONLY|O_CLOEXEC)) < 0) {
JP Abgrall7fc1de82014-10-10 18:43:41 -07002593 SLOGE("Error opening crypto_blkdev %s for f2fs inplace encrypt. err=%d(%s)\n",
JP Abgrall3334c6a2014-10-10 15:52:11 -07002594 crypto_blkdev, errno, strerror(errno));
JP Abgrall7fc1de82014-10-10 18:43:41 -07002595 rc = ENABLE_INPLACE_ERR_DEV;
Daniel Rosenberge82df162014-08-15 22:19:23 +00002596 goto errout;
2597 }
2598
2599 f2fs_info = generate_f2fs_info(data.realfd);
2600 if (!f2fs_info)
2601 goto errout;
2602
2603 data.numblocks = size / CRYPT_SECTORS_PER_BUFSIZE;
2604 data.tot_numblocks = tot_size / CRYPT_SECTORS_PER_BUFSIZE;
2605 data.blocks_already_done = *size_already_done / CRYPT_SECTORS_PER_BUFSIZE;
2606
2607 data.tot_used_blocks = get_num_blocks_used(f2fs_info);
2608
2609 data.one_pct = data.tot_used_blocks / 100;
2610 data.cur_pct = 0;
2611 data.time_started = time(NULL);
2612 data.remaining_time = -1;
2613
2614 data.buffer = malloc(f2fs_info->block_size);
2615 if (!data.buffer) {
2616 SLOGE("Failed to allocate crypto buffer");
2617 goto errout;
2618 }
2619
2620 data.count = 0;
2621
2622 /* Currently, this either runs to completion, or hits a nonrecoverable error */
2623 rc = run_on_used_blocks(data.blocks_already_done, f2fs_info, &encrypt_one_block_f2fs, &data);
2624
2625 if (rc) {
JP Abgrall7fc1de82014-10-10 18:43:41 -07002626 SLOGE("Error in running over f2fs blocks");
2627 rc = ENABLE_INPLACE_ERR_OTHER;
Daniel Rosenberge82df162014-08-15 22:19:23 +00002628 goto errout;
2629 }
2630
2631 *size_already_done += size;
2632 rc = 0;
2633
2634errout:
2635 if (rc)
2636 SLOGE("Failed to encrypt f2fs filesystem on %s", real_blkdev);
2637
Paul Lawrence3846be12014-09-22 11:33:54 -07002638 log_progress_f2fs(0, true);
Daniel Rosenberge82df162014-08-15 22:19:23 +00002639 free(f2fs_info);
2640 free(data.buffer);
2641 close(data.realfd);
2642 close(data.cryptofd);
2643
2644 return rc;
2645}
2646
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002647static int cryptfs_enable_inplace_full(char *crypto_blkdev, char *real_blkdev,
2648 off64_t size, off64_t *size_already_done,
Paul Lawrence87999172014-02-20 12:21:31 -08002649 off64_t tot_size,
2650 off64_t previously_encrypted_upto)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002651{
2652 int realfd, cryptofd;
2653 char *buf[CRYPT_INPLACE_BUFSIZE];
JP Abgrall7fc1de82014-10-10 18:43:41 -07002654 int rc = ENABLE_INPLACE_ERR_OTHER;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002655 off64_t numblocks, i, remainder;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002656 off64_t one_pct, cur_pct, new_pct;
Ken Sumrall29d8da82011-05-18 17:20:07 -07002657 off64_t blocks_already_done, tot_numblocks;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002658
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07002659 if ( (realfd = open(real_blkdev, O_RDONLY|O_CLOEXEC)) < 0) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002660 SLOGE("Error opening real_blkdev %s for inplace encrypt\n", real_blkdev);
JP Abgrall7fc1de82014-10-10 18:43:41 -07002661 return ENABLE_INPLACE_ERR_OTHER;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002662 }
2663
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07002664 if ( (cryptofd = open(crypto_blkdev, O_WRONLY|O_CLOEXEC)) < 0) {
JP Abgrall3334c6a2014-10-10 15:52:11 -07002665 SLOGE("Error opening crypto_blkdev %s for inplace encrypt. err=%d(%s)\n",
2666 crypto_blkdev, errno, strerror(errno));
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002667 close(realfd);
JP Abgrall7fc1de82014-10-10 18:43:41 -07002668 return ENABLE_INPLACE_ERR_DEV;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002669 }
2670
2671 /* This is pretty much a simple loop of reading 4K, and writing 4K.
2672 * The size passed in is the number of 512 byte sectors in the filesystem.
2673 * So compute the number of whole 4K blocks we should read/write,
2674 * and the remainder.
2675 */
2676 numblocks = size / CRYPT_SECTORS_PER_BUFSIZE;
2677 remainder = size % CRYPT_SECTORS_PER_BUFSIZE;
Ken Sumrall29d8da82011-05-18 17:20:07 -07002678 tot_numblocks = tot_size / CRYPT_SECTORS_PER_BUFSIZE;
2679 blocks_already_done = *size_already_done / CRYPT_SECTORS_PER_BUFSIZE;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002680
2681 SLOGE("Encrypting filesystem in place...");
2682
Paul Lawrence87999172014-02-20 12:21:31 -08002683 i = previously_encrypted_upto + 1 - *size_already_done;
2684
2685 if (lseek64(realfd, i * CRYPT_SECTOR_SIZE, SEEK_SET) < 0) {
2686 SLOGE("Cannot seek to previously encrypted point on %s", real_blkdev);
2687 goto errout;
2688 }
2689
2690 if (lseek64(cryptofd, i * CRYPT_SECTOR_SIZE, SEEK_SET) < 0) {
2691 SLOGE("Cannot seek to previously encrypted point on %s", crypto_blkdev);
2692 goto errout;
2693 }
2694
2695 for (;i < size && i % CRYPT_SECTORS_PER_BUFSIZE != 0; ++i) {
2696 if (unix_read(realfd, buf, CRYPT_SECTOR_SIZE) <= 0) {
2697 SLOGE("Error reading initial sectors from real_blkdev %s for "
2698 "inplace encrypt\n", crypto_blkdev);
2699 goto errout;
2700 }
2701 if (unix_write(cryptofd, buf, CRYPT_SECTOR_SIZE) <= 0) {
2702 SLOGE("Error writing initial sectors to crypto_blkdev %s for "
2703 "inplace encrypt\n", crypto_blkdev);
2704 goto errout;
2705 } else {
Elliott Hughescb33f572014-06-25 18:25:11 -07002706 SLOGI("Encrypted 1 block at %" PRId64, i);
Paul Lawrence87999172014-02-20 12:21:31 -08002707 }
2708 }
2709
Ken Sumrall29d8da82011-05-18 17:20:07 -07002710 one_pct = tot_numblocks / 100;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002711 cur_pct = 0;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002712 /* process the majority of the filesystem in blocks */
Paul Lawrence87999172014-02-20 12:21:31 -08002713 for (i/=CRYPT_SECTORS_PER_BUFSIZE; i<numblocks; i++) {
Ken Sumrall29d8da82011-05-18 17:20:07 -07002714 new_pct = (i + blocks_already_done) / one_pct;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002715 if (new_pct > cur_pct) {
2716 char buf[8];
2717
2718 cur_pct = new_pct;
Elliott Hughes73737162014-06-25 17:27:42 -07002719 snprintf(buf, sizeof(buf), "%" PRId64, cur_pct);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002720 property_set("vold.encrypt_progress", buf);
2721 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002722 if (unix_read(realfd, buf, CRYPT_INPLACE_BUFSIZE) <= 0) {
Paul Lawrence87999172014-02-20 12:21:31 -08002723 SLOGE("Error reading real_blkdev %s for inplace encrypt", crypto_blkdev);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002724 goto errout;
2725 }
2726 if (unix_write(cryptofd, buf, CRYPT_INPLACE_BUFSIZE) <= 0) {
Paul Lawrence87999172014-02-20 12:21:31 -08002727 SLOGE("Error writing crypto_blkdev %s for inplace encrypt", crypto_blkdev);
2728 goto errout;
2729 } else {
Elliott Hughescb33f572014-06-25 18:25:11 -07002730 SLOGD("Encrypted %d block at %" PRId64,
Paul Lawrence87999172014-02-20 12:21:31 -08002731 CRYPT_SECTORS_PER_BUFSIZE,
2732 i * CRYPT_SECTORS_PER_BUFSIZE);
2733 }
2734
Paul Lawrence73d7a022014-06-09 14:10:09 -07002735 if (!is_battery_ok_to_continue()) {
Paul Lawrence87999172014-02-20 12:21:31 -08002736 SLOGE("Stopping encryption due to low battery");
2737 *size_already_done += (i + 1) * CRYPT_SECTORS_PER_BUFSIZE - 1;
2738 rc = 0;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002739 goto errout;
2740 }
2741 }
2742
2743 /* Do any remaining sectors */
2744 for (i=0; i<remainder; i++) {
Paul Lawrence87999172014-02-20 12:21:31 -08002745 if (unix_read(realfd, buf, CRYPT_SECTOR_SIZE) <= 0) {
2746 SLOGE("Error reading final sectors from real_blkdev %s for inplace encrypt", crypto_blkdev);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002747 goto errout;
2748 }
Paul Lawrence87999172014-02-20 12:21:31 -08002749 if (unix_write(cryptofd, buf, CRYPT_SECTOR_SIZE) <= 0) {
2750 SLOGE("Error writing final sectors to crypto_blkdev %s for inplace encrypt", crypto_blkdev);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002751 goto errout;
Paul Lawrence87999172014-02-20 12:21:31 -08002752 } else {
2753 SLOGI("Encrypted 1 block at next location");
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002754 }
2755 }
2756
Ken Sumrall29d8da82011-05-18 17:20:07 -07002757 *size_already_done += size;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002758 rc = 0;
2759
2760errout:
2761 close(realfd);
2762 close(cryptofd);
2763
2764 return rc;
2765}
2766
JP Abgrall7fc1de82014-10-10 18:43:41 -07002767/* returns on of the ENABLE_INPLACE_* return codes */
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002768static int cryptfs_enable_inplace(char *crypto_blkdev, char *real_blkdev,
2769 off64_t size, off64_t *size_already_done,
Paul Lawrence87999172014-02-20 12:21:31 -08002770 off64_t tot_size,
2771 off64_t previously_encrypted_upto)
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002772{
JP Abgrall7fc1de82014-10-10 18:43:41 -07002773 int rc_ext4, rc_f2fs, rc_full;
Paul Lawrence87999172014-02-20 12:21:31 -08002774 if (previously_encrypted_upto) {
Elliott Hughescb33f572014-06-25 18:25:11 -07002775 SLOGD("Continuing encryption from %" PRId64, previously_encrypted_upto);
Paul Lawrence87999172014-02-20 12:21:31 -08002776 }
2777
2778 if (*size_already_done + size < previously_encrypted_upto) {
2779 *size_already_done += size;
2780 return 0;
2781 }
2782
Daniel Rosenberge82df162014-08-15 22:19:23 +00002783 /* TODO: identify filesystem type.
2784 * As is, cryptfs_enable_inplace_ext4 will fail on an f2fs partition, and
2785 * then we will drop down to cryptfs_enable_inplace_f2fs.
2786 * */
JP Abgrall7fc1de82014-10-10 18:43:41 -07002787 if ((rc_ext4 = cryptfs_enable_inplace_ext4(crypto_blkdev, real_blkdev,
Daniel Rosenberge82df162014-08-15 22:19:23 +00002788 size, size_already_done,
JP Abgrall7fc1de82014-10-10 18:43:41 -07002789 tot_size, previously_encrypted_upto)) == 0) {
Daniel Rosenberge82df162014-08-15 22:19:23 +00002790 return 0;
2791 }
JP Abgrall7fc1de82014-10-10 18:43:41 -07002792 SLOGD("cryptfs_enable_inplace_ext4()=%d\n", rc_ext4);
Daniel Rosenberge82df162014-08-15 22:19:23 +00002793
JP Abgrall7fc1de82014-10-10 18:43:41 -07002794 if ((rc_f2fs = cryptfs_enable_inplace_f2fs(crypto_blkdev, real_blkdev,
Daniel Rosenberge82df162014-08-15 22:19:23 +00002795 size, size_already_done,
JP Abgrall7fc1de82014-10-10 18:43:41 -07002796 tot_size, previously_encrypted_upto)) == 0) {
Daniel Rosenberge82df162014-08-15 22:19:23 +00002797 return 0;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002798 }
JP Abgrall7fc1de82014-10-10 18:43:41 -07002799 SLOGD("cryptfs_enable_inplace_f2fs()=%d\n", rc_f2fs);
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002800
JP Abgrall7fc1de82014-10-10 18:43:41 -07002801 rc_full = cryptfs_enable_inplace_full(crypto_blkdev, real_blkdev,
Paul Lawrence87999172014-02-20 12:21:31 -08002802 size, size_already_done, tot_size,
2803 previously_encrypted_upto);
JP Abgrall7fc1de82014-10-10 18:43:41 -07002804 SLOGD("cryptfs_enable_inplace_full()=%d\n", rc_full);
2805
2806 /* Hack for b/17898962, the following is the symptom... */
2807 if (rc_ext4 == ENABLE_INPLACE_ERR_DEV
2808 && rc_f2fs == ENABLE_INPLACE_ERR_DEV
2809 && rc_full == ENABLE_INPLACE_ERR_DEV) {
2810 return ENABLE_INPLACE_ERR_DEV;
2811 }
2812 return rc_full;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002813}
2814
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002815#define CRYPTO_ENABLE_WIPE 1
2816#define CRYPTO_ENABLE_INPLACE 2
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002817
2818#define FRAMEWORK_BOOT_WAIT 60
2819
Paul Lawrence87999172014-02-20 12:21:31 -08002820static int cryptfs_SHA256_fileblock(const char* filename, __le8* buf)
2821{
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07002822 int fd = open(filename, O_RDONLY|O_CLOEXEC);
Paul Lawrence87999172014-02-20 12:21:31 -08002823 if (fd == -1) {
2824 SLOGE("Error opening file %s", filename);
2825 return -1;
2826 }
2827
2828 char block[CRYPT_INPLACE_BUFSIZE];
2829 memset(block, 0, sizeof(block));
2830 if (unix_read(fd, block, sizeof(block)) < 0) {
2831 SLOGE("Error reading file %s", filename);
2832 close(fd);
2833 return -1;
2834 }
2835
2836 close(fd);
2837
2838 SHA256_CTX c;
2839 SHA256_Init(&c);
2840 SHA256_Update(&c, block, sizeof(block));
2841 SHA256_Final(buf, &c);
2842
2843 return 0;
2844}
2845
JP Abgrall62c7af32014-06-16 13:01:23 -07002846static int get_fs_type(struct fstab_rec *rec)
2847{
2848 if (!strcmp(rec->fs_type, "ext4")) {
2849 return EXT4_FS;
2850 } else if (!strcmp(rec->fs_type, "f2fs")) {
2851 return F2FS_FS;
2852 } else {
2853 return -1;
2854 }
2855}
2856
Paul Lawrence87999172014-02-20 12:21:31 -08002857static int cryptfs_enable_all_volumes(struct crypt_mnt_ftr *crypt_ftr, int how,
2858 char *crypto_blkdev, char *real_blkdev,
2859 int previously_encrypted_upto)
2860{
2861 off64_t cur_encryption_done=0, tot_encryption_size=0;
Tim Murray8439dc92014-12-15 11:56:11 -08002862 int rc = -1;
Paul Lawrence87999172014-02-20 12:21:31 -08002863
Paul Lawrence73d7a022014-06-09 14:10:09 -07002864 if (!is_battery_ok_to_start()) {
2865 SLOGW("Not starting encryption due to low battery");
Paul Lawrence87999172014-02-20 12:21:31 -08002866 return 0;
2867 }
2868
2869 /* The size of the userdata partition, and add in the vold volumes below */
2870 tot_encryption_size = crypt_ftr->fs_size;
2871
2872 if (how == CRYPTO_ENABLE_WIPE) {
JP Abgrall62c7af32014-06-16 13:01:23 -07002873 struct fstab_rec* rec = fs_mgr_get_entry_for_mount_point(fstab, DATA_MNT_POINT);
2874 int fs_type = get_fs_type(rec);
2875 if (fs_type < 0) {
2876 SLOGE("cryptfs_enable: unsupported fs type %s\n", rec->fs_type);
2877 return -1;
2878 }
2879 rc = cryptfs_enable_wipe(crypto_blkdev, crypt_ftr->fs_size, fs_type);
Paul Lawrence87999172014-02-20 12:21:31 -08002880 } else if (how == CRYPTO_ENABLE_INPLACE) {
2881 rc = cryptfs_enable_inplace(crypto_blkdev, real_blkdev,
2882 crypt_ftr->fs_size, &cur_encryption_done,
2883 tot_encryption_size,
2884 previously_encrypted_upto);
2885
JP Abgrall7fc1de82014-10-10 18:43:41 -07002886 if (rc == ENABLE_INPLACE_ERR_DEV) {
2887 /* Hack for b/17898962 */
2888 SLOGE("cryptfs_enable: crypto block dev failure. Must reboot...\n");
2889 cryptfs_reboot(reboot);
2890 }
2891
Paul Lawrence73d7a022014-06-09 14:10:09 -07002892 if (!rc) {
Paul Lawrence87999172014-02-20 12:21:31 -08002893 crypt_ftr->encrypted_upto = cur_encryption_done;
2894 }
2895
Paul Lawrence73d7a022014-06-09 14:10:09 -07002896 if (!rc && crypt_ftr->encrypted_upto == crypt_ftr->fs_size) {
Paul Lawrence87999172014-02-20 12:21:31 -08002897 /* The inplace routine never actually sets the progress to 100% due
2898 * to the round down nature of integer division, so set it here */
2899 property_set("vold.encrypt_progress", "100");
2900 }
2901 } else {
2902 /* Shouldn't happen */
2903 SLOGE("cryptfs_enable: internal error, unknown option\n");
2904 rc = -1;
2905 }
2906
2907 return rc;
2908}
2909
Paul Lawrence13486032014-02-03 13:28:11 -08002910int cryptfs_enable_internal(char *howarg, int crypt_type, char *passwd,
2911 int allow_reboot)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002912{
2913 int how = 0;
Paul Lawrence87999172014-02-20 12:21:31 -08002914 char crypto_blkdev[MAXPATHLEN], real_blkdev[MAXPATHLEN];
Ken Sumrall160b4d62013-04-22 12:15:39 -07002915 unsigned char decrypted_master_key[KEY_LEN_BYTES];
Hiroaki Miyazawa14eab552015-02-04 13:29:15 +09002916 int rc=-1, i;
Paul Lawrence87999172014-02-20 12:21:31 -08002917 struct crypt_mnt_ftr crypt_ftr;
Ken Sumrall160b4d62013-04-22 12:15:39 -07002918 struct crypt_persist_data *pdata;
Ken Sumrall29d8da82011-05-18 17:20:07 -07002919 char encrypted_state[PROPERTY_VALUE_MAX];
Ken Sumrall5d4c68e2011-01-30 19:06:03 -08002920 char lockid[32] = { 0 };
Ken Sumrall29d8da82011-05-18 17:20:07 -07002921 char key_loc[PROPERTY_VALUE_MAX];
Ken Sumrall29d8da82011-05-18 17:20:07 -07002922 int num_vols;
Paul Lawrence87999172014-02-20 12:21:31 -08002923 off64_t previously_encrypted_upto = 0;
Ken Sumrall29d8da82011-05-18 17:20:07 -07002924
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002925 if (!strcmp(howarg, "wipe")) {
2926 how = CRYPTO_ENABLE_WIPE;
2927 } else if (! strcmp(howarg, "inplace")) {
2928 how = CRYPTO_ENABLE_INPLACE;
2929 } else {
2930 /* Shouldn't happen, as CommandListener vets the args */
Ken Sumrall3ed82362011-01-28 23:31:16 -08002931 goto error_unencrypted;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002932 }
2933
Paul Lawrence87999172014-02-20 12:21:31 -08002934 /* See if an encryption was underway and interrupted */
2935 if (how == CRYPTO_ENABLE_INPLACE
2936 && get_crypt_ftr_and_key(&crypt_ftr) == 0
2937 && (crypt_ftr.flags & CRYPT_ENCRYPTION_IN_PROGRESS)) {
2938 previously_encrypted_upto = crypt_ftr.encrypted_upto;
2939 crypt_ftr.encrypted_upto = 0;
Paul Lawrence6bfed202014-07-28 12:47:22 -07002940 crypt_ftr.flags &= ~CRYPT_ENCRYPTION_IN_PROGRESS;
2941
2942 /* At this point, we are in an inconsistent state. Until we successfully
2943 complete encryption, a reboot will leave us broken. So mark the
2944 encryption failed in case that happens.
2945 On successfully completing encryption, remove this flag */
2946 crypt_ftr.flags |= CRYPT_INCONSISTENT_STATE;
2947
2948 put_crypt_ftr_and_key(&crypt_ftr);
Paul Lawrence87999172014-02-20 12:21:31 -08002949 }
2950
2951 property_get("ro.crypto.state", encrypted_state, "");
2952 if (!strcmp(encrypted_state, "encrypted") && !previously_encrypted_upto) {
2953 SLOGE("Device is already running encrypted, aborting");
2954 goto error_unencrypted;
2955 }
2956
2957 // TODO refactor fs_mgr_get_crypt_info to get both in one call
2958 fs_mgr_get_crypt_info(fstab, key_loc, 0, sizeof(key_loc));
Ken Sumrall56ad03c2013-02-13 13:00:19 -08002959 fs_mgr_get_crypt_info(fstab, 0, real_blkdev, sizeof(real_blkdev));
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002960
Ken Sumrall3ed82362011-01-28 23:31:16 -08002961 /* Get the size of the real block device */
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07002962 int fd = open(real_blkdev, O_RDONLY|O_CLOEXEC);
Hiroaki Miyazawa14eab552015-02-04 13:29:15 +09002963 if (fd == -1) {
2964 SLOGE("Cannot open block device %s\n", real_blkdev);
2965 goto error_unencrypted;
2966 }
2967 unsigned long nr_sec;
2968 get_blkdev_size(fd, &nr_sec);
2969 if (nr_sec == 0) {
Ken Sumrall3ed82362011-01-28 23:31:16 -08002970 SLOGE("Cannot get size of block device %s\n", real_blkdev);
2971 goto error_unencrypted;
2972 }
2973 close(fd);
2974
2975 /* If doing inplace encryption, make sure the orig fs doesn't include the crypto footer */
Ken Sumrall29d8da82011-05-18 17:20:07 -07002976 if ((how == CRYPTO_ENABLE_INPLACE) && (!strcmp(key_loc, KEY_IN_FOOTER))) {
Ken Sumrall3ed82362011-01-28 23:31:16 -08002977 unsigned int fs_size_sec, max_fs_size_sec;
Jim Millera70abc62014-08-15 02:00:45 +00002978 fs_size_sec = get_fs_size(real_blkdev);
Daniel Rosenberge82df162014-08-15 22:19:23 +00002979 if (fs_size_sec == 0)
2980 fs_size_sec = get_f2fs_filesystem_size_sec(real_blkdev);
2981
Paul Lawrence87999172014-02-20 12:21:31 -08002982 max_fs_size_sec = nr_sec - (CRYPT_FOOTER_OFFSET / CRYPT_SECTOR_SIZE);
Ken Sumrall3ed82362011-01-28 23:31:16 -08002983
2984 if (fs_size_sec > max_fs_size_sec) {
2985 SLOGE("Orig filesystem overlaps crypto footer region. Cannot encrypt in place.");
2986 goto error_unencrypted;
2987 }
2988 }
2989
Ken Sumrall5d4c68e2011-01-30 19:06:03 -08002990 /* Get a wakelock as this may take a while, and we don't want the
2991 * device to sleep on us. We'll grab a partial wakelock, and if the UI
2992 * wants to keep the screen on, it can grab a full wakelock.
2993 */
Ken Sumrall29d8da82011-05-18 17:20:07 -07002994 snprintf(lockid, sizeof(lockid), "enablecrypto%d", (int) getpid());
Ken Sumrall5d4c68e2011-01-30 19:06:03 -08002995 acquire_wake_lock(PARTIAL_WAKE_LOCK, lockid);
2996
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002997 /* The init files are setup to stop the class main and late start when
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002998 * vold sets trigger_shutdown_framework.
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002999 */
3000 property_set("vold.decrypt", "trigger_shutdown_framework");
3001 SLOGD("Just asked init to shut down class main\n");
3002
Jeff Sharkey9c484982015-03-31 10:35:33 -07003003 /* Ask vold to unmount all devices that it manages */
3004 if (vold_unmountAll()) {
3005 SLOGE("Failed to unmount all vold managed devices");
Ken Sumrall2eaf7132011-01-14 12:45:48 -08003006 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003007
3008 /* Now unmount the /data partition. */
Greg Hackmann6e8440f2014-10-02 17:18:20 -07003009 if (wait_and_unmount(DATA_MNT_POINT, false)) {
JP Abgrall502dc742013-11-01 13:06:20 -07003010 if (allow_reboot) {
3011 goto error_shutting_down;
3012 } else {
3013 goto error_unencrypted;
3014 }
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003015 }
3016
3017 /* Do extra work for a better UX when doing the long inplace encryption */
3018 if (how == CRYPTO_ENABLE_INPLACE) {
3019 /* Now that /data is unmounted, we need to mount a tmpfs
3020 * /data, set a property saying we're doing inplace encryption,
3021 * and restart the framework.
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003022 */
Ken Sumralle5032c42012-04-01 23:58:44 -07003023 if (fs_mgr_do_tmpfs_mount(DATA_MNT_POINT)) {
Ken Sumrall3ed82362011-01-28 23:31:16 -08003024 goto error_shutting_down;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003025 }
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003026 /* Tells the framework that inplace encryption is starting */
Ken Sumrall7df84122011-01-18 14:04:08 -08003027 property_set("vold.encrypt_progress", "0");
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003028
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003029 /* restart the framework. */
3030 /* Create necessary paths on /data */
3031 if (prep_data_fs()) {
Ken Sumrall3ed82362011-01-28 23:31:16 -08003032 goto error_shutting_down;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003033 }
3034
Ken Sumrall92736ef2012-10-17 20:57:14 -07003035 /* Ugh, shutting down the framework is not synchronous, so until it
3036 * can be fixed, this horrible hack will wait a moment for it all to
3037 * shut down before proceeding. Without it, some devices cannot
3038 * restart the graphics services.
3039 */
3040 sleep(2);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003041 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003042
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003043 /* Start the actual work of making an encrypted filesystem */
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003044 /* Initialize a crypt_mnt_ftr for the partition */
Paul Lawrence87999172014-02-20 12:21:31 -08003045 if (previously_encrypted_upto == 0) {
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07003046 if (cryptfs_init_crypt_mnt_ftr(&crypt_ftr)) {
3047 goto error_shutting_down;
3048 }
Ken Sumrall160b4d62013-04-22 12:15:39 -07003049
Paul Lawrence87999172014-02-20 12:21:31 -08003050 if (!strcmp(key_loc, KEY_IN_FOOTER)) {
3051 crypt_ftr.fs_size = nr_sec
3052 - (CRYPT_FOOTER_OFFSET / CRYPT_SECTOR_SIZE);
3053 } else {
3054 crypt_ftr.fs_size = nr_sec;
3055 }
Paul Lawrence6bfed202014-07-28 12:47:22 -07003056 /* At this point, we are in an inconsistent state. Until we successfully
3057 complete encryption, a reboot will leave us broken. So mark the
3058 encryption failed in case that happens.
3059 On successfully completing encryption, remove this flag */
3060 crypt_ftr.flags |= CRYPT_INCONSISTENT_STATE;
Paul Lawrence87999172014-02-20 12:21:31 -08003061 crypt_ftr.crypt_type = crypt_type;
Ajay Dudani87701e22014-09-17 21:02:52 -07003062#ifndef CONFIG_HW_DISK_ENCRYPTION
3063 strlcpy((char *)crypt_ftr.crypto_type_name, "aes-cbc-essiv:sha256", MAX_CRYPTO_TYPE_NAME_LEN);
3064#else
3065 strlcpy((char *)crypt_ftr.crypto_type_name, "aes-xts", MAX_CRYPTO_TYPE_NAME_LEN);
3066
Iliyan Malchevbb7d9af2014-11-20 18:42:23 -08003067 rc = clear_hw_device_encryption_key();
Ajay Dudani87701e22014-09-17 21:02:52 -07003068 if (!rc) {
3069 SLOGE("Error clearing device encryption hardware key. rc = %d", rc);
3070 }
3071
3072 rc = set_hw_device_encryption_key(passwd,
3073 (char*) crypt_ftr.crypto_type_name);
3074 if (!rc) {
3075 SLOGE("Error initializing device encryption hardware key. rc = %d", rc);
3076 goto error_shutting_down;
3077 }
3078#endif
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003079
Paul Lawrence87999172014-02-20 12:21:31 -08003080 /* Make an encrypted master key */
3081 if (create_encrypted_random_key(passwd, crypt_ftr.master_key, crypt_ftr.salt, &crypt_ftr)) {
3082 SLOGE("Cannot create encrypted master key\n");
3083 goto error_shutting_down;
3084 }
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003085
Paul Lawrence87999172014-02-20 12:21:31 -08003086 /* Write the key to the end of the partition */
3087 put_crypt_ftr_and_key(&crypt_ftr);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003088
Paul Lawrence87999172014-02-20 12:21:31 -08003089 /* If any persistent data has been remembered, save it.
3090 * If none, create a valid empty table and save that.
3091 */
3092 if (!persist_data) {
3093 pdata = malloc(CRYPT_PERSIST_DATA_SIZE);
3094 if (pdata) {
3095 init_empty_persist_data(pdata, CRYPT_PERSIST_DATA_SIZE);
3096 persist_data = pdata;
3097 }
3098 }
3099 if (persist_data) {
3100 save_persistent_data();
3101 }
Ken Sumrall160b4d62013-04-22 12:15:39 -07003102 }
3103
Ajay Dudani87701e22014-09-17 21:02:52 -07003104 if (how == CRYPTO_ENABLE_INPLACE) {
3105 /* startup service classes main and late_start */
3106 property_set("vold.decrypt", "trigger_restart_min_framework");
3107 SLOGD("Just triggered restart_min_framework\n");
3108
3109 /* OK, the framework is restarted and will soon be showing a
3110 * progress bar. Time to setup an encrypted mapping, and
3111 * either write a new filesystem, or encrypt in place updating
3112 * the progress bar as we work.
3113 */
3114 }
3115
Paul Lawrenced0c7b172014-08-08 14:28:10 -07003116 decrypt_master_key(passwd, decrypted_master_key, &crypt_ftr, 0, 0);
Ken Sumrall29d8da82011-05-18 17:20:07 -07003117 create_crypto_blk_dev(&crypt_ftr, decrypted_master_key, real_blkdev, crypto_blkdev,
3118 "userdata");
3119
Paul Lawrence87999172014-02-20 12:21:31 -08003120 /* If we are continuing, check checksums match */
3121 rc = 0;
3122 if (previously_encrypted_upto) {
3123 __le8 hash_first_block[SHA256_DIGEST_LENGTH];
3124 rc = cryptfs_SHA256_fileblock(crypto_blkdev, hash_first_block);
Ken Sumrall128626f2011-06-28 18:45:14 -07003125
Paul Lawrence87999172014-02-20 12:21:31 -08003126 if (!rc && memcmp(hash_first_block, crypt_ftr.hash_first_block,
3127 sizeof(hash_first_block)) != 0) {
3128 SLOGE("Checksums do not match - trigger wipe");
3129 rc = -1;
Ken Sumrall29d8da82011-05-18 17:20:07 -07003130 }
3131 }
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003132
Paul Lawrence87999172014-02-20 12:21:31 -08003133 if (!rc) {
3134 rc = cryptfs_enable_all_volumes(&crypt_ftr, how,
3135 crypto_blkdev, real_blkdev,
3136 previously_encrypted_upto);
3137 }
3138
3139 /* Calculate checksum if we are not finished */
Paul Lawrenceb1eb7a02014-11-25 14:57:32 -08003140 if (!rc && how == CRYPTO_ENABLE_INPLACE
3141 && crypt_ftr.encrypted_upto != crypt_ftr.fs_size) {
Paul Lawrence87999172014-02-20 12:21:31 -08003142 rc = cryptfs_SHA256_fileblock(crypto_blkdev,
3143 crypt_ftr.hash_first_block);
Paul Lawrence73d7a022014-06-09 14:10:09 -07003144 if (rc) {
Paul Lawrence87999172014-02-20 12:21:31 -08003145 SLOGE("Error calculating checksum for continuing encryption");
3146 rc = -1;
Ken Sumrall29d8da82011-05-18 17:20:07 -07003147 }
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003148 }
3149
3150 /* Undo the dm-crypt mapping whether we succeed or not */
Ken Sumrall29d8da82011-05-18 17:20:07 -07003151 delete_crypto_blk_dev("userdata");
Ken Sumrall29d8da82011-05-18 17:20:07 -07003152
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003153 if (! rc) {
3154 /* Success */
Paul Lawrence6bfed202014-07-28 12:47:22 -07003155 crypt_ftr.flags &= ~CRYPT_INCONSISTENT_STATE;
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08003156
Paul Lawrenceb1eb7a02014-11-25 14:57:32 -08003157 if (how == CRYPTO_ENABLE_INPLACE
3158 && crypt_ftr.encrypted_upto != crypt_ftr.fs_size) {
Paul Lawrence87999172014-02-20 12:21:31 -08003159 SLOGD("Encrypted up to sector %lld - will continue after reboot",
3160 crypt_ftr.encrypted_upto);
Paul Lawrence6bfed202014-07-28 12:47:22 -07003161 crypt_ftr.flags |= CRYPT_ENCRYPTION_IN_PROGRESS;
Paul Lawrence87999172014-02-20 12:21:31 -08003162 }
Paul Lawrence73d7a022014-06-09 14:10:09 -07003163
Paul Lawrence6bfed202014-07-28 12:47:22 -07003164 put_crypt_ftr_and_key(&crypt_ftr);
Ken Sumralld33d4172011-02-01 00:49:13 -08003165
Paul Lawrenceb1eb7a02014-11-25 14:57:32 -08003166 if (how == CRYPTO_ENABLE_WIPE
3167 || crypt_ftr.encrypted_upto == crypt_ftr.fs_size) {
Paul Lawrenceb6672e12014-08-15 07:37:28 -07003168 char value[PROPERTY_VALUE_MAX];
3169 property_get("ro.crypto.state", value, "");
3170 if (!strcmp(value, "")) {
3171 /* default encryption - continue first boot sequence */
3172 property_set("ro.crypto.state", "encrypted");
3173 release_wake_lock(lockid);
3174 cryptfs_check_passwd(DEFAULT_PASSWORD);
3175 cryptfs_restart_internal(1);
3176 return 0;
3177 } else {
3178 sleep(2); /* Give the UI a chance to show 100% progress */
Paul Lawrence87999172014-02-20 12:21:31 -08003179 cryptfs_reboot(reboot);
Paul Lawrenceb6672e12014-08-15 07:37:28 -07003180 }
Paul Lawrence87999172014-02-20 12:21:31 -08003181 } else {
Paul Lawrenceb6672e12014-08-15 07:37:28 -07003182 sleep(2); /* Partially encrypted, ensure writes flushed to ssd */
Paul Lawrence87999172014-02-20 12:21:31 -08003183 cryptfs_reboot(shutdown);
3184 }
Ken Sumrall3ed82362011-01-28 23:31:16 -08003185 } else {
Mike Lockwoodee6d8c42012-02-15 13:43:28 -08003186 char value[PROPERTY_VALUE_MAX];
3187
Ken Sumrall319369a2012-06-27 16:30:18 -07003188 property_get("ro.vold.wipe_on_crypt_fail", value, "0");
Mike Lockwoodee6d8c42012-02-15 13:43:28 -08003189 if (!strcmp(value, "1")) {
3190 /* wipe data if encryption failed */
3191 SLOGE("encryption failed - rebooting into recovery to wipe data\n");
3192 mkdir("/cache/recovery", 0700);
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07003193 int fd = open("/cache/recovery/command", O_RDWR|O_CREAT|O_TRUNC|O_CLOEXEC, 0600);
Mike Lockwoodee6d8c42012-02-15 13:43:28 -08003194 if (fd >= 0) {
Jeff Sharkeydd1a8042014-09-24 11:46:51 -07003195 write(fd, "--wipe_data\n", strlen("--wipe_data\n") + 1);
3196 write(fd, "--reason=cryptfs_enable_internal\n", strlen("--reason=cryptfs_enable_internal\n") + 1);
Mike Lockwoodee6d8c42012-02-15 13:43:28 -08003197 close(fd);
3198 } else {
3199 SLOGE("could not open /cache/recovery/command\n");
3200 }
Paul Lawrence87999172014-02-20 12:21:31 -08003201 cryptfs_reboot(recovery);
Mike Lockwoodee6d8c42012-02-15 13:43:28 -08003202 } else {
3203 /* set property to trigger dialog */
3204 property_set("vold.encrypt_progress", "error_partially_encrypted");
3205 release_wake_lock(lockid);
3206 }
Ken Sumrall3ed82362011-01-28 23:31:16 -08003207 return -1;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003208 }
3209
Ken Sumrall3ed82362011-01-28 23:31:16 -08003210 /* hrm, the encrypt step claims success, but the reboot failed.
3211 * This should not happen.
3212 * Set the property and return. Hope the framework can deal with it.
3213 */
3214 property_set("vold.encrypt_progress", "error_reboot_failed");
Ken Sumrall5d4c68e2011-01-30 19:06:03 -08003215 release_wake_lock(lockid);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003216 return rc;
Ken Sumrall3ed82362011-01-28 23:31:16 -08003217
3218error_unencrypted:
3219 property_set("vold.encrypt_progress", "error_not_encrypted");
Ken Sumrall5d4c68e2011-01-30 19:06:03 -08003220 if (lockid[0]) {
3221 release_wake_lock(lockid);
3222 }
Ken Sumrall3ed82362011-01-28 23:31:16 -08003223 return -1;
3224
3225error_shutting_down:
3226 /* we failed, and have not encrypted anthing, so the users's data is still intact,
3227 * but the framework is stopped and not restarted to show the error, so it's up to
3228 * vold to restart the system.
3229 */
3230 SLOGE("Error enabling encryption after framework is shutdown, no data changed, restarting system");
Paul Lawrence87999172014-02-20 12:21:31 -08003231 cryptfs_reboot(reboot);
Ken Sumrall3ed82362011-01-28 23:31:16 -08003232
3233 /* shouldn't get here */
3234 property_set("vold.encrypt_progress", "error_shutting_down");
Ken Sumrall5d4c68e2011-01-30 19:06:03 -08003235 if (lockid[0]) {
3236 release_wake_lock(lockid);
3237 }
Ken Sumrall3ed82362011-01-28 23:31:16 -08003238 return -1;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003239}
3240
Paul Lawrence45f10532014-04-04 18:11:56 +00003241int cryptfs_enable(char *howarg, int type, char *passwd, int allow_reboot)
Paul Lawrence13486032014-02-03 13:28:11 -08003242{
Paul Lawrencefc615042014-10-04 15:32:29 -07003243 char* adjusted_passwd = adjust_passwd(passwd);
3244 if (adjusted_passwd) {
3245 passwd = adjusted_passwd;
3246 }
3247
3248 int rc = cryptfs_enable_internal(howarg, type, passwd, allow_reboot);
3249
3250 free(adjusted_passwd);
3251 return rc;
Paul Lawrence13486032014-02-03 13:28:11 -08003252}
3253
3254int cryptfs_enable_default(char *howarg, int allow_reboot)
3255{
3256 return cryptfs_enable_internal(howarg, CRYPT_TYPE_DEFAULT,
3257 DEFAULT_PASSWORD, allow_reboot);
3258}
3259
3260int cryptfs_changepw(int crypt_type, const char *newpw)
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003261{
Paul Lawrence05335c32015-03-05 09:46:23 -08003262 if (e4crypt_crypto_complete(DATA_MNT_POINT) == 0) {
3263 return e4crypt_change_password(DATA_MNT_POINT, crypt_type, newpw);
3264 }
3265
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003266 struct crypt_mnt_ftr crypt_ftr;
JP Abgrall933216c2015-02-11 13:44:32 -08003267 int rc;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003268
3269 /* This is only allowed after we've successfully decrypted the master key */
Paul Lawrencef4faa572014-01-29 13:31:03 -08003270 if (!master_key_saved) {
Ken Sumrall0cc16632011-01-18 20:32:26 -08003271 SLOGE("Key not saved, aborting");
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003272 return -1;
3273 }
3274
Paul Lawrencef4faa572014-01-29 13:31:03 -08003275 if (crypt_type < 0 || crypt_type > CRYPT_TYPE_MAX_TYPE) {
3276 SLOGE("Invalid crypt_type %d", crypt_type);
3277 return -1;
3278 }
3279
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003280 /* get key */
Ken Sumrall160b4d62013-04-22 12:15:39 -07003281 if (get_crypt_ftr_and_key(&crypt_ftr)) {
Paul Lawrencef4faa572014-01-29 13:31:03 -08003282 SLOGE("Error getting crypt footer and key");
3283 return -1;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003284 }
3285
Paul Lawrencef4faa572014-01-29 13:31:03 -08003286 crypt_ftr.crypt_type = crypt_type;
3287
Paul Lawrencefc615042014-10-04 15:32:29 -07003288 char* adjusted_passwd = adjust_passwd(newpw);
3289 if (adjusted_passwd) {
3290 newpw = adjusted_passwd;
3291 }
3292
JP Abgrall933216c2015-02-11 13:44:32 -08003293 rc = encrypt_master_key(crypt_type == CRYPT_TYPE_DEFAULT ? DEFAULT_PASSWORD
Paul Lawrencef4faa572014-01-29 13:31:03 -08003294 : newpw,
3295 crypt_ftr.salt,
3296 saved_master_key,
3297 crypt_ftr.master_key,
3298 &crypt_ftr);
JP Abgrall933216c2015-02-11 13:44:32 -08003299 free(adjusted_passwd);
3300 if (rc) {
3301 SLOGE("Encrypt master key failed: %d", rc);
3302 return -1;
3303 }
Jason parks70a4b3f2011-01-28 10:10:47 -06003304 /* save the key */
Ken Sumrall160b4d62013-04-22 12:15:39 -07003305 put_crypt_ftr_and_key(&crypt_ftr);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003306
Ajay Dudani87701e22014-09-17 21:02:52 -07003307#ifdef CONFIG_HW_DISK_ENCRYPTION
Iliyan Malchevbb7d9af2014-11-20 18:42:23 -08003308 if (!strcmp((char *)crypt_ftr.crypto_type_name, "aes-xts")) {
3309 if (crypt_type == CRYPT_TYPE_DEFAULT) {
3310 int rc = update_hw_device_encryption_key(DEFAULT_PASSWORD, (char*) crypt_ftr.crypto_type_name);
3311 SLOGD("Update hardware encryption key to default for crypt_type: %d. rc = %d", crypt_type, rc);
3312 if (!rc)
3313 return -1;
3314 } else {
3315 int rc = update_hw_device_encryption_key(newpw, (char*) crypt_ftr.crypto_type_name);
3316 SLOGD("Update hardware encryption key for crypt_type: %d. rc = %d", crypt_type, rc);
3317 if (!rc)
3318 return -1;
3319 }
Ajay Dudani87701e22014-09-17 21:02:52 -07003320 }
3321#endif
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003322 return 0;
3323}
Ken Sumrall160b4d62013-04-22 12:15:39 -07003324
Rubin Xu85c01f92014-10-13 12:49:54 +01003325static unsigned int persist_get_max_entries(int encrypted) {
3326 struct crypt_mnt_ftr crypt_ftr;
3327 unsigned int dsize;
3328 unsigned int max_persistent_entries;
3329
3330 /* If encrypted, use the values from the crypt_ftr, otherwise
3331 * use the values for the current spec.
3332 */
3333 if (encrypted) {
3334 if (get_crypt_ftr_and_key(&crypt_ftr)) {
3335 return -1;
3336 }
3337 dsize = crypt_ftr.persist_data_size;
3338 } else {
3339 dsize = CRYPT_PERSIST_DATA_SIZE;
3340 }
3341
3342 max_persistent_entries = (dsize - sizeof(struct crypt_persist_data)) /
3343 sizeof(struct crypt_persist_entry);
3344
3345 return max_persistent_entries;
3346}
3347
3348static int persist_get_key(const char *fieldname, char *value)
Ken Sumrall160b4d62013-04-22 12:15:39 -07003349{
3350 unsigned int i;
3351
3352 if (persist_data == NULL) {
3353 return -1;
3354 }
3355 for (i = 0; i < persist_data->persist_valid_entries; i++) {
3356 if (!strncmp(persist_data->persist_entry[i].key, fieldname, PROPERTY_KEY_MAX)) {
3357 /* We found it! */
3358 strlcpy(value, persist_data->persist_entry[i].val, PROPERTY_VALUE_MAX);
3359 return 0;
3360 }
3361 }
3362
3363 return -1;
3364}
3365
Rubin Xu85c01f92014-10-13 12:49:54 +01003366static int persist_set_key(const char *fieldname, const char *value, int encrypted)
Ken Sumrall160b4d62013-04-22 12:15:39 -07003367{
3368 unsigned int i;
3369 unsigned int num;
Ken Sumrall160b4d62013-04-22 12:15:39 -07003370 unsigned int max_persistent_entries;
Ken Sumrall160b4d62013-04-22 12:15:39 -07003371
3372 if (persist_data == NULL) {
3373 return -1;
3374 }
3375
Rubin Xu85c01f92014-10-13 12:49:54 +01003376 max_persistent_entries = persist_get_max_entries(encrypted);
Ken Sumrall160b4d62013-04-22 12:15:39 -07003377
3378 num = persist_data->persist_valid_entries;
3379
3380 for (i = 0; i < num; i++) {
3381 if (!strncmp(persist_data->persist_entry[i].key, fieldname, PROPERTY_KEY_MAX)) {
3382 /* We found an existing entry, update it! */
3383 memset(persist_data->persist_entry[i].val, 0, PROPERTY_VALUE_MAX);
3384 strlcpy(persist_data->persist_entry[i].val, value, PROPERTY_VALUE_MAX);
3385 return 0;
3386 }
3387 }
3388
3389 /* We didn't find it, add it to the end, if there is room */
3390 if (persist_data->persist_valid_entries < max_persistent_entries) {
3391 memset(&persist_data->persist_entry[num], 0, sizeof(struct crypt_persist_entry));
3392 strlcpy(persist_data->persist_entry[num].key, fieldname, PROPERTY_KEY_MAX);
3393 strlcpy(persist_data->persist_entry[num].val, value, PROPERTY_VALUE_MAX);
3394 persist_data->persist_valid_entries++;
3395 return 0;
3396 }
3397
3398 return -1;
3399}
3400
Rubin Xu85c01f92014-10-13 12:49:54 +01003401/**
3402 * Test if key is part of the multi-entry (field, index) sequence. Return non-zero if key is in the
3403 * sequence and its index is greater than or equal to index. Return 0 otherwise.
3404 */
3405static int match_multi_entry(const char *key, const char *field, unsigned index) {
Rubin Xu85c01f92014-10-13 12:49:54 +01003406 unsigned int field_len;
3407 unsigned int key_index;
3408 field_len = strlen(field);
3409
3410 if (index == 0) {
3411 // The first key in a multi-entry field is just the filedname itself.
3412 if (!strcmp(key, field)) {
3413 return 1;
3414 }
3415 }
3416 // Match key against "%s_%d" % (field, index)
3417 if (strlen(key) < field_len + 1 + 1) {
3418 // Need at least a '_' and a digit.
3419 return 0;
3420 }
3421 if (strncmp(key, field, field_len)) {
3422 // If the key does not begin with field, it's not a match.
3423 return 0;
3424 }
3425 if (1 != sscanf(&key[field_len],"_%d", &key_index)) {
3426 return 0;
3427 }
3428 return key_index >= index;
3429}
3430
3431/*
3432 * Delete entry/entries from persist_data. If the entries are part of a multi-segment field, all
3433 * remaining entries starting from index will be deleted.
3434 * returns PERSIST_DEL_KEY_OK if deletion succeeds,
3435 * PERSIST_DEL_KEY_ERROR_NO_FIELD if the field does not exist,
3436 * and PERSIST_DEL_KEY_ERROR_OTHER if error occurs.
3437 *
3438 */
3439static int persist_del_keys(const char *fieldname, unsigned index)
3440{
3441 unsigned int i;
3442 unsigned int j;
3443 unsigned int num;
3444
3445 if (persist_data == NULL) {
3446 return PERSIST_DEL_KEY_ERROR_OTHER;
3447 }
3448
3449 num = persist_data->persist_valid_entries;
3450
3451 j = 0; // points to the end of non-deleted entries.
3452 // Filter out to-be-deleted entries in place.
3453 for (i = 0; i < num; i++) {
3454 if (!match_multi_entry(persist_data->persist_entry[i].key, fieldname, index)) {
3455 persist_data->persist_entry[j] = persist_data->persist_entry[i];
3456 j++;
3457 }
3458 }
3459
3460 if (j < num) {
3461 persist_data->persist_valid_entries = j;
3462 // Zeroise the remaining entries
3463 memset(&persist_data->persist_entry[j], 0, (num - j) * sizeof(struct crypt_persist_entry));
3464 return PERSIST_DEL_KEY_OK;
3465 } else {
3466 // Did not find an entry matching the given fieldname
3467 return PERSIST_DEL_KEY_ERROR_NO_FIELD;
3468 }
3469}
3470
3471static int persist_count_keys(const char *fieldname)
3472{
3473 unsigned int i;
3474 unsigned int count;
3475
3476 if (persist_data == NULL) {
3477 return -1;
3478 }
3479
3480 count = 0;
3481 for (i = 0; i < persist_data->persist_valid_entries; i++) {
3482 if (match_multi_entry(persist_data->persist_entry[i].key, fieldname, 0)) {
3483 count++;
3484 }
3485 }
3486
3487 return count;
3488}
3489
Ken Sumrall160b4d62013-04-22 12:15:39 -07003490/* Return the value of the specified field. */
Rubin Xu85c01f92014-10-13 12:49:54 +01003491int cryptfs_getfield(const char *fieldname, char *value, int len)
Ken Sumrall160b4d62013-04-22 12:15:39 -07003492{
3493 char temp_value[PROPERTY_VALUE_MAX];
Rubin Xu85c01f92014-10-13 12:49:54 +01003494 /* CRYPTO_GETFIELD_OK is success,
3495 * CRYPTO_GETFIELD_ERROR_NO_FIELD is value not set,
3496 * CRYPTO_GETFIELD_ERROR_BUF_TOO_SMALL is buffer (as given by len) too small,
3497 * CRYPTO_GETFIELD_ERROR_OTHER is any other error
Ken Sumrall160b4d62013-04-22 12:15:39 -07003498 */
Rubin Xu85c01f92014-10-13 12:49:54 +01003499 int rc = CRYPTO_GETFIELD_ERROR_OTHER;
3500 int i;
3501 char temp_field[PROPERTY_KEY_MAX];
Ken Sumrall160b4d62013-04-22 12:15:39 -07003502
3503 if (persist_data == NULL) {
3504 load_persistent_data();
3505 if (persist_data == NULL) {
3506 SLOGE("Getfield error, cannot load persistent data");
3507 goto out;
3508 }
3509 }
3510
Rubin Xu85c01f92014-10-13 12:49:54 +01003511 // Read value from persistent entries. If the original value is split into multiple entries,
3512 // stitch them back together.
Ken Sumrall160b4d62013-04-22 12:15:39 -07003513 if (!persist_get_key(fieldname, temp_value)) {
Rubin Xu85c01f92014-10-13 12:49:54 +01003514 // We found it, copy it to the caller's buffer and keep going until all entries are read.
3515 if (strlcpy(value, temp_value, len) >= (unsigned) len) {
3516 // value too small
3517 rc = CRYPTO_GETFIELD_ERROR_BUF_TOO_SMALL;
3518 goto out;
3519 }
3520 rc = CRYPTO_GETFIELD_OK;
3521
3522 for (i = 1; /* break explicitly */; i++) {
3523 if (snprintf(temp_field, sizeof(temp_field), "%s_%d", fieldname, i) >=
3524 (int) sizeof(temp_field)) {
3525 // If the fieldname is very long, we stop as soon as it begins to overflow the
3526 // maximum field length. At this point we have in fact fully read out the original
3527 // value because cryptfs_setfield would not allow fields with longer names to be
3528 // written in the first place.
3529 break;
3530 }
3531 if (!persist_get_key(temp_field, temp_value)) {
3532 if (strlcat(value, temp_value, len) >= (unsigned)len) {
3533 // value too small.
3534 rc = CRYPTO_GETFIELD_ERROR_BUF_TOO_SMALL;
3535 goto out;
3536 }
3537 } else {
3538 // Exhaust all entries.
3539 break;
3540 }
3541 }
Ken Sumrall160b4d62013-04-22 12:15:39 -07003542 } else {
3543 /* Sadness, it's not there. Return the error */
Rubin Xu85c01f92014-10-13 12:49:54 +01003544 rc = CRYPTO_GETFIELD_ERROR_NO_FIELD;
Ken Sumrall160b4d62013-04-22 12:15:39 -07003545 }
3546
3547out:
3548 return rc;
3549}
3550
3551/* Set the value of the specified field. */
Rubin Xu85c01f92014-10-13 12:49:54 +01003552int cryptfs_setfield(const char *fieldname, const char *value)
Ken Sumrall160b4d62013-04-22 12:15:39 -07003553{
Ken Sumrall160b4d62013-04-22 12:15:39 -07003554 char encrypted_state[PROPERTY_VALUE_MAX];
Rubin Xu85c01f92014-10-13 12:49:54 +01003555 /* 0 is success, negative values are error */
3556 int rc = CRYPTO_SETFIELD_ERROR_OTHER;
Ken Sumrall160b4d62013-04-22 12:15:39 -07003557 int encrypted = 0;
Rubin Xu85c01f92014-10-13 12:49:54 +01003558 unsigned int field_id;
3559 char temp_field[PROPERTY_KEY_MAX];
3560 unsigned int num_entries;
3561 unsigned int max_keylen;
Ken Sumrall160b4d62013-04-22 12:15:39 -07003562
3563 if (persist_data == NULL) {
3564 load_persistent_data();
3565 if (persist_data == NULL) {
3566 SLOGE("Setfield error, cannot load persistent data");
3567 goto out;
3568 }
3569 }
3570
3571 property_get("ro.crypto.state", encrypted_state, "");
3572 if (!strcmp(encrypted_state, "encrypted") ) {
3573 encrypted = 1;
3574 }
3575
Rubin Xu85c01f92014-10-13 12:49:54 +01003576 // Compute the number of entries required to store value, each entry can store up to
3577 // (PROPERTY_VALUE_MAX - 1) chars
3578 if (strlen(value) == 0) {
3579 // Empty value also needs one entry to store.
3580 num_entries = 1;
3581 } else {
3582 num_entries = (strlen(value) + (PROPERTY_VALUE_MAX - 1) - 1) / (PROPERTY_VALUE_MAX - 1);
3583 }
3584
3585 max_keylen = strlen(fieldname);
3586 if (num_entries > 1) {
3587 // Need an extra "_%d" suffix.
3588 max_keylen += 1 + log10(num_entries);
3589 }
3590 if (max_keylen > PROPERTY_KEY_MAX - 1) {
3591 rc = CRYPTO_SETFIELD_ERROR_FIELD_TOO_LONG;
Ken Sumrall160b4d62013-04-22 12:15:39 -07003592 goto out;
3593 }
3594
Rubin Xu85c01f92014-10-13 12:49:54 +01003595 // Make sure we have enough space to write the new value
3596 if (persist_data->persist_valid_entries + num_entries - persist_count_keys(fieldname) >
3597 persist_get_max_entries(encrypted)) {
3598 rc = CRYPTO_SETFIELD_ERROR_VALUE_TOO_LONG;
3599 goto out;
3600 }
3601
3602 // Now that we know persist_data has enough space for value, let's delete the old field first
3603 // to make up space.
3604 persist_del_keys(fieldname, 0);
3605
3606 if (persist_set_key(fieldname, value, encrypted)) {
3607 // fail to set key, should not happen as we have already checked the available space
3608 SLOGE("persist_set_key() error during setfield()");
3609 goto out;
3610 }
3611
3612 for (field_id = 1; field_id < num_entries; field_id++) {
3613 snprintf(temp_field, sizeof(temp_field), "%s_%d", fieldname, field_id);
3614
3615 if (persist_set_key(temp_field, value + field_id * (PROPERTY_VALUE_MAX - 1), encrypted)) {
3616 // fail to set key, should not happen as we have already checked the available space.
3617 SLOGE("persist_set_key() error during setfield()");
3618 goto out;
3619 }
3620 }
3621
Ken Sumrall160b4d62013-04-22 12:15:39 -07003622 /* If we are running encrypted, save the persistent data now */
3623 if (encrypted) {
3624 if (save_persistent_data()) {
3625 SLOGE("Setfield error, cannot save persistent data");
3626 goto out;
3627 }
3628 }
3629
Rubin Xu85c01f92014-10-13 12:49:54 +01003630 rc = CRYPTO_SETFIELD_OK;
Ken Sumrall160b4d62013-04-22 12:15:39 -07003631
3632out:
3633 return rc;
3634}
Paul Lawrencef4faa572014-01-29 13:31:03 -08003635
3636/* Checks userdata. Attempt to mount the volume if default-
3637 * encrypted.
3638 * On success trigger next init phase and return 0.
3639 * Currently do not handle failure - see TODO below.
3640 */
3641int cryptfs_mount_default_encrypted(void)
3642{
3643 char decrypt_state[PROPERTY_VALUE_MAX];
3644 property_get("vold.decrypt", decrypt_state, "0");
3645 if (!strcmp(decrypt_state, "0")) {
3646 SLOGE("Not encrypted - should not call here");
3647 } else {
3648 int crypt_type = cryptfs_get_password_type();
3649 if (crypt_type < 0 || crypt_type > CRYPT_TYPE_MAX_TYPE) {
3650 SLOGE("Bad crypt type - error");
3651 } else if (crypt_type != CRYPT_TYPE_DEFAULT) {
3652 SLOGD("Password is not default - "
3653 "starting min framework to prompt");
3654 property_set("vold.decrypt", "trigger_restart_min_framework");
3655 return 0;
3656 } else if (cryptfs_check_passwd(DEFAULT_PASSWORD) == 0) {
3657 SLOGD("Password is default - restarting filesystem");
3658 cryptfs_restart_internal(0);
3659 return 0;
3660 } else {
3661 SLOGE("Encrypted, default crypt type but can't decrypt");
3662 }
3663 }
3664
Paul Lawrence6bfed202014-07-28 12:47:22 -07003665 /** Corrupt. Allow us to boot into framework, which will detect bad
3666 crypto when it calls do_crypto_complete, then do a factory reset
Paul Lawrencef4faa572014-01-29 13:31:03 -08003667 */
Paul Lawrence6bfed202014-07-28 12:47:22 -07003668 property_set("vold.decrypt", "trigger_restart_min_framework");
Paul Lawrencef4faa572014-01-29 13:31:03 -08003669 return 0;
3670}
3671
3672/* Returns type of the password, default, pattern, pin or password.
3673 */
3674int cryptfs_get_password_type(void)
3675{
Paul Lawrence05335c32015-03-05 09:46:23 -08003676 if (e4crypt_crypto_complete(DATA_MNT_POINT) == 0) {
3677 return e4crypt_get_password_type(DATA_MNT_POINT);
3678 }
3679
Paul Lawrencef4faa572014-01-29 13:31:03 -08003680 struct crypt_mnt_ftr crypt_ftr;
3681
3682 if (get_crypt_ftr_and_key(&crypt_ftr)) {
3683 SLOGE("Error getting crypt footer and key\n");
3684 return -1;
3685 }
3686
Paul Lawrence6bfed202014-07-28 12:47:22 -07003687 if (crypt_ftr.flags & CRYPT_INCONSISTENT_STATE) {
3688 return -1;
3689 }
3690
Paul Lawrencef4faa572014-01-29 13:31:03 -08003691 return crypt_ftr.crypt_type;
3692}
Paul Lawrence684dbdf2014-02-07 12:07:22 -08003693
Paul Lawrence05335c32015-03-05 09:46:23 -08003694const char* cryptfs_get_password()
Paul Lawrence684dbdf2014-02-07 12:07:22 -08003695{
Paul Lawrence05335c32015-03-05 09:46:23 -08003696 if (e4crypt_crypto_complete(DATA_MNT_POINT) == 0) {
3697 return e4crypt_get_password(DATA_MNT_POINT);
3698 }
3699
Paul Lawrence399317e2014-03-10 13:20:50 -07003700 struct timespec now;
Paul Lawrenceef2b5be2014-11-11 12:47:03 -08003701 clock_gettime(CLOCK_BOOTTIME, &now);
Paul Lawrence399317e2014-03-10 13:20:50 -07003702 if (now.tv_sec < password_expiry_time) {
3703 return password;
3704 } else {
3705 cryptfs_clear_password();
3706 return 0;
3707 }
3708}
3709
3710void cryptfs_clear_password()
3711{
3712 if (password) {
3713 size_t len = strlen(password);
3714 memset(password, 0, len);
3715 free(password);
3716 password = 0;
3717 password_expiry_time = 0;
3718 }
Paul Lawrence684dbdf2014-02-07 12:07:22 -08003719}