Support default, pattern, pin and password encryption types
Store encryption type in crypto footer, and provide functions to
manipulate it. Add mount_default_encrypted command to vdc to allow
mounting of default encrypted volumes at boot time.
Bug: 8769627
Change-Id: Ie41848f258e128b48b579e09789abfa24c95e2b2
diff --git a/cryptfs.h b/cryptfs.h
index dc3ce3e..0e8bd76 100644
--- a/cryptfs.h
+++ b/cryptfs.h
@@ -30,7 +30,7 @@
/* The current cryptfs version */
#define CURRENT_MAJOR_VERSION 1
-#define CURRENT_MINOR_VERSION 2
+#define CURRENT_MINOR_VERSION 3
#define CRYPT_FOOTER_OFFSET 0x4000
#define CRYPT_FOOTER_TO_PERSIST_OFFSET 0x1000
@@ -46,6 +46,16 @@
#define CRYPT_ENCRYPTION_IN_PROGRESS 0x2 /* Set when starting encryption,
* clear when done before rebooting */
+/* Allowed values for type in the structure below */
+#define CRYPT_TYPE_PASSWORD 0 /* master_key is encrypted with a password
+ * Must be zero to be compatible with pre-L
+ * devices where type is always password.*/
+#define CRYPT_TYPE_DEFAULT 1 /* master_key is encrypted with default
+ * password */
+#define CRYPT_TYPE_PATTERN 2 /* master_key is encrypted with a pattern */
+#define CRYPT_TYPE_PIN 3 /* master_key is encrypted with a pin */
+#define CRYPT_TYPE_MAX_TYPE 3 /* type cannot be larger than this value */
+
#define CRYPT_MNT_MAGIC 0xD0B5B1C4
#define PERSIST_DATA_MAGIC 0xE950CD44
@@ -60,16 +70,17 @@
#define __le8 unsigned char
struct crypt_mnt_ftr {
- __le32 magic; /* See above */
+ __le32 magic; /* See above */
__le16 major_version;
__le16 minor_version;
- __le32 ftr_size; /* in bytes, not including key following */
- __le32 flags; /* See above */
- __le32 keysize; /* in bytes */
- __le32 spare1; /* ignored */
+ __le32 ftr_size; /* in bytes, not including key following */
+ __le32 flags; /* See above */
+ __le32 keysize; /* in bytes */
+ __le32 crypt_type; /* how master_key is encrypted. Must be a
+ * CRYPT_TYPE_XXX value */
__le64 fs_size; /* Size of the encrypted fs, in 512 byte sectors */
__le32 failed_decrypt_count; /* count of # of failed attempts to decrypt and
- mount, set to 0 on successful mount */
+ mount, set to 0 on successful mount */
unsigned char crypto_type_name[MAX_CRYPTO_TYPE_NAME_LEN]; /* The type of encryption
needed to decrypt this
partition, null terminated */
@@ -137,20 +148,22 @@
extern "C" {
#endif
- typedef void (*kdf_func)(char *passwd, unsigned char *salt, unsigned char *ikey, void *params);
+ typedef int (*kdf_func)(char *passwd, unsigned char *salt, unsigned char *ikey, void *params);
int cryptfs_crypto_complete(void);
int cryptfs_check_passwd(char *pw);
int cryptfs_verify_passwd(char *newpw);
int cryptfs_restart(void);
int cryptfs_enable(char *flag, char *passwd, int allow_reboot);
- int cryptfs_changepw(char *newpw);
+ int cryptfs_changepw(int type, char *newpw);
int cryptfs_setup_volume(const char *label, int major, int minor,
char *crypto_dev_path, unsigned int max_pathlen,
int *new_major, int *new_minor);
int cryptfs_revert_volume(const char *label);
int cryptfs_getfield(char *fieldname, char *value, int len);
int cryptfs_setfield(char *fieldname, char *value);
+ int cryptfs_mount_default_encrypted(void);
+ int cryptfs_get_password_type(void);
#ifdef __cplusplus
}
#endif