blob: 0b7101efb45c9736bc141de3531c63e36cf15ca1 [file] [log] [blame]
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001/*
2 * Copyright (C) 2010 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17/* TO DO:
18 * 1. Perhaps keep several copies of the encrypted key, in case something
19 * goes horribly wrong?
20 *
21 */
22
Logan Chiend557d762018-05-02 11:36:45 +080023#define LOG_TAG "Cryptfs"
24
25#include "cryptfs.h"
26
Daniel Rosenberg65f99c92018-08-28 01:58:49 -070027#include "Checkpoint.h"
Logan Chiend557d762018-05-02 11:36:45 +080028#include "EncryptInplace.h"
Eric Biggersa701c452018-10-23 13:06:55 -070029#include "FsCrypt.h"
Logan Chiend557d762018-05-02 11:36:45 +080030#include "Keymaster.h"
31#include "Process.h"
32#include "ScryptParameters.h"
Paul Crowleycfe39722018-10-30 15:59:24 -070033#include "Utils.h"
Logan Chiend557d762018-05-02 11:36:45 +080034#include "VoldUtil.h"
35#include "VolumeManager.h"
Logan Chiend557d762018-05-02 11:36:45 +080036
Eric Biggersed45ec32019-01-25 10:47:55 -080037#include <android-base/parseint.h>
Logan Chien3f2b1222018-05-02 11:39:03 +080038#include <android-base/properties.h>
Greg Kaiserab1e84a2018-12-11 12:40:51 -080039#include <android-base/stringprintf.h>
Logan Chiend557d762018-05-02 11:36:45 +080040#include <bootloader_message/bootloader_message.h>
Logan Chien3f2b1222018-05-02 11:39:03 +080041#include <cutils/android_reboot.h>
Logan Chien3f2b1222018-05-02 11:39:03 +080042#include <cutils/properties.h>
Tao Bao5a95ddb2016-10-05 18:01:19 -070043#include <ext4_utils/ext4_utils.h>
Logan Chien3f2b1222018-05-02 11:39:03 +080044#include <f2fs_sparseblock.h>
Ken Sumralle5032c42012-04-01 23:58:44 -070045#include <fs_mgr.h>
Eric Biggersa701c452018-10-23 13:06:55 -070046#include <fscrypt/fscrypt.h>
Logan Chien3f2b1222018-05-02 11:39:03 +080047#include <hardware_legacy/power.h>
Logan Chien188b0ab2018-04-23 13:37:39 +080048#include <log/log.h>
Logan Chiend557d762018-05-02 11:36:45 +080049#include <logwrap/logwrap.h>
50#include <openssl/evp.h>
51#include <openssl/sha.h>
Jeff Vander Stoepdf725752016-01-29 15:34:43 -080052#include <selinux/selinux.h>
Logan Chiend557d762018-05-02 11:36:45 +080053
54#include <ctype.h>
55#include <errno.h>
56#include <fcntl.h>
57#include <inttypes.h>
58#include <libgen.h>
59#include <linux/dm-ioctl.h>
60#include <linux/kdev_t.h>
61#include <math.h>
62#include <stdio.h>
63#include <stdlib.h>
64#include <string.h>
65#include <sys/ioctl.h>
66#include <sys/mount.h>
67#include <sys/param.h>
68#include <sys/stat.h>
69#include <sys/types.h>
70#include <sys/wait.h>
71#include <time.h>
72#include <unistd.h>
73
Wei Wang4375f1b2017-02-24 17:43:01 -080074extern "C" {
75#include <crypto_scrypt.h>
76}
Mark Salyzyn3e971272014-01-21 13:27:04 -080077
Eric Biggersed45ec32019-01-25 10:47:55 -080078using android::base::ParseUint;
Greg Kaiserab1e84a2018-12-11 12:40:51 -080079using android::base::StringPrintf;
Tom Cherry4c5bde22019-01-29 14:34:01 -080080using android::fs_mgr::GetEntryForMountPoint;
Paul Crowleycfe39722018-10-30 15:59:24 -070081using namespace std::chrono_literals;
82
Mark Salyzyn5eecc442014-02-12 14:16:14 -080083#define UNUSED __attribute__((unused))
84
Ken Sumrall8f869aa2010-12-03 03:47:09 -080085#define DM_CRYPT_BUF_SIZE 4096
86
Jason parks70a4b3f2011-01-28 10:10:47 -060087#define HASH_COUNT 2000
Greg Kaiserc0de9c72018-02-14 20:05:54 -080088
89constexpr size_t INTERMEDIATE_KEY_LEN_BYTES = 16;
90constexpr size_t INTERMEDIATE_IV_LEN_BYTES = 16;
Paul Crowley14c8c072018-09-18 13:30:21 -070091constexpr size_t INTERMEDIATE_BUF_SIZE = (INTERMEDIATE_KEY_LEN_BYTES + INTERMEDIATE_IV_LEN_BYTES);
Greg Kaiserc0de9c72018-02-14 20:05:54 -080092
93// SCRYPT_LEN is used by struct crypt_mnt_ftr for its intermediate key.
Paul Crowley14c8c072018-09-18 13:30:21 -070094static_assert(INTERMEDIATE_BUF_SIZE == SCRYPT_LEN, "Mismatch of intermediate key sizes");
Jason parks70a4b3f2011-01-28 10:10:47 -060095
Paul Crowley14c8c072018-09-18 13:30:21 -070096#define KEY_IN_FOOTER "footer"
Ken Sumrall29d8da82011-05-18 17:20:07 -070097
Paul Lawrence3bd36d52015-06-09 13:37:44 -070098#define DEFAULT_PASSWORD "default_password"
Paul Lawrencef4faa572014-01-29 13:31:03 -080099
Paul Lawrence3d99eba2015-11-20 07:07:19 -0800100#define CRYPTO_BLOCK_DEVICE "userdata"
101
102#define BREADCRUMB_FILE "/data/misc/vold/convert_fde"
103
Ken Sumrall29d8da82011-05-18 17:20:07 -0700104#define EXT4_FS 1
JP Abgrall62c7af32014-06-16 13:01:23 -0700105#define F2FS_FS 2
Ken Sumrall29d8da82011-05-18 17:20:07 -0700106
Ken Sumralle919efe2012-09-29 17:07:41 -0700107#define TABLE_LOAD_RETRIES 10
108
Shawn Willden47ba10d2014-09-03 17:07:06 -0600109#define RSA_KEY_SIZE 2048
110#define RSA_KEY_SIZE_BYTES (RSA_KEY_SIZE / 8)
111#define RSA_EXPONENT 0x10001
Shawn Willdenda6e8992015-06-03 09:40:45 -0600112#define KEYMASTER_CRYPTFS_RATE_LIMIT 1 // Maximum one try per second
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700113
Paul Lawrence8e3f4512014-09-08 10:11:17 -0700114#define RETRY_MOUNT_ATTEMPTS 10
115#define RETRY_MOUNT_DELAY_SECONDS 1
116
Paul Crowley5afbc622017-11-27 09:42:17 -0800117#define CREATE_CRYPTO_BLK_DEV_FLAGS_ALLOW_ENCRYPT_OVERRIDE (1)
118
Paul Crowley73473332017-11-21 15:43:51 -0800119static int put_crypt_ftr_and_key(struct crypt_mnt_ftr* crypt_ftr);
120
Greg Kaiser59ad0182018-02-16 13:01:36 -0800121static unsigned char saved_master_key[MAX_KEY_LEN];
Paul Crowley14c8c072018-09-18 13:30:21 -0700122static char* saved_mount_point;
123static int master_key_saved = 0;
124static struct crypt_persist_data* persist_data = NULL;
Ken Sumrall56ad03c2013-02-13 13:00:19 -0800125
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700126/* Should we use keymaster? */
Paul Crowley14c8c072018-09-18 13:30:21 -0700127static int keymaster_check_compatibility() {
Janis Danisevskis015ec302017-01-31 11:31:08 +0000128 return keymaster_compatibility_cryptfs_scrypt();
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700129}
130
131/* Create a new keymaster key and store it in this footer */
Paul Crowley14c8c072018-09-18 13:30:21 -0700132static int keymaster_create_key(struct crypt_mnt_ftr* ftr) {
Paul Lawrence3d99eba2015-11-20 07:07:19 -0800133 if (ftr->keymaster_blob_size) {
134 SLOGI("Already have key");
135 return 0;
136 }
137
Paul Crowley14c8c072018-09-18 13:30:21 -0700138 int rc = keymaster_create_key_for_cryptfs_scrypt(
139 RSA_KEY_SIZE, RSA_EXPONENT, KEYMASTER_CRYPTFS_RATE_LIMIT, ftr->keymaster_blob,
140 KEYMASTER_BLOB_SIZE, &ftr->keymaster_blob_size);
Janis Danisevskis015ec302017-01-31 11:31:08 +0000141 if (rc) {
142 if (ftr->keymaster_blob_size > KEYMASTER_BLOB_SIZE) {
Paul Crowley73473332017-11-21 15:43:51 -0800143 SLOGE("Keymaster key blob too large");
Janis Danisevskis015ec302017-01-31 11:31:08 +0000144 ftr->keymaster_blob_size = 0;
145 }
146 SLOGE("Failed to generate keypair");
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700147 return -1;
148 }
Janis Danisevskis015ec302017-01-31 11:31:08 +0000149 return 0;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700150}
151
Shawn Willdene17a9c42014-09-08 13:04:08 -0600152/* This signs the given object using the keymaster key. */
Paul Crowley14c8c072018-09-18 13:30:21 -0700153static int keymaster_sign_object(struct crypt_mnt_ftr* ftr, const unsigned char* object,
154 const size_t object_size, unsigned char** signature,
155 size_t* signature_size) {
Shawn Willden47ba10d2014-09-03 17:07:06 -0600156 unsigned char to_sign[RSA_KEY_SIZE_BYTES];
Shawn Willdene17a9c42014-09-08 13:04:08 -0600157 size_t to_sign_size = sizeof(to_sign);
Shawn Willden47ba10d2014-09-03 17:07:06 -0600158 memset(to_sign, 0, RSA_KEY_SIZE_BYTES);
Shawn Willden47ba10d2014-09-03 17:07:06 -0600159
Shawn Willdene17a9c42014-09-08 13:04:08 -0600160 // To sign a message with RSA, the message must satisfy two
161 // constraints:
162 //
163 // 1. The message, when interpreted as a big-endian numeric value, must
164 // be strictly less than the public modulus of the RSA key. Note
165 // that because the most significant bit of the public modulus is
166 // guaranteed to be 1 (else it's an (n-1)-bit key, not an n-bit
167 // key), an n-bit message with most significant bit 0 always
168 // satisfies this requirement.
169 //
170 // 2. The message must have the same length in bits as the public
171 // modulus of the RSA key. This requirement isn't mathematically
172 // necessary, but is necessary to ensure consistency in
173 // implementations.
174 switch (ftr->kdf_type) {
Shawn Willdene17a9c42014-09-08 13:04:08 -0600175 case KDF_SCRYPT_KEYMASTER:
176 // This ensures the most significant byte of the signed message
177 // is zero. We could have zero-padded to the left instead, but
178 // this approach is slightly more robust against changes in
179 // object size. However, it's still broken (but not unusably
Shawn Willdenda6e8992015-06-03 09:40:45 -0600180 // so) because we really should be using a proper deterministic
181 // RSA padding function, such as PKCS1.
Wei Wang4375f1b2017-02-24 17:43:01 -0800182 memcpy(to_sign + 1, object, std::min((size_t)RSA_KEY_SIZE_BYTES - 1, object_size));
Shawn Willdene17a9c42014-09-08 13:04:08 -0600183 SLOGI("Signing safely-padded object");
184 break;
185 default:
186 SLOGE("Unknown KDF type %d", ftr->kdf_type);
Janis Danisevskis015ec302017-01-31 11:31:08 +0000187 return -1;
Shawn Willdene17a9c42014-09-08 13:04:08 -0600188 }
Paul Crowley73473332017-11-21 15:43:51 -0800189 for (;;) {
190 auto result = keymaster_sign_object_for_cryptfs_scrypt(
191 ftr->keymaster_blob, ftr->keymaster_blob_size, KEYMASTER_CRYPTFS_RATE_LIMIT, to_sign,
192 to_sign_size, signature, signature_size);
193 switch (result) {
194 case KeymasterSignResult::ok:
195 return 0;
196 case KeymasterSignResult::upgrade:
197 break;
198 default:
199 return -1;
200 }
201 SLOGD("Upgrading key");
202 if (keymaster_upgrade_key_for_cryptfs_scrypt(
203 RSA_KEY_SIZE, RSA_EXPONENT, KEYMASTER_CRYPTFS_RATE_LIMIT, ftr->keymaster_blob,
204 ftr->keymaster_blob_size, ftr->keymaster_blob, KEYMASTER_BLOB_SIZE,
205 &ftr->keymaster_blob_size) != 0) {
206 SLOGE("Failed to upgrade key");
207 return -1;
208 }
209 if (put_crypt_ftr_and_key(ftr) != 0) {
210 SLOGE("Failed to write upgraded key to disk");
211 }
212 SLOGD("Key upgraded successfully");
213 }
Shawn Willden47ba10d2014-09-03 17:07:06 -0600214}
215
Paul Lawrence399317e2014-03-10 13:20:50 -0700216/* Store password when userdata is successfully decrypted and mounted.
217 * Cleared by cryptfs_clear_password
218 *
219 * To avoid a double prompt at boot, we need to store the CryptKeeper
220 * password and pass it to KeyGuard, which uses it to unlock KeyStore.
221 * Since the entire framework is torn down and rebuilt after encryption,
222 * we have to use a daemon or similar to store the password. Since vold
223 * is secured against IPC except from system processes, it seems a reasonable
224 * place to store this.
225 *
226 * password should be cleared once it has been used.
227 *
228 * password is aged out after password_max_age_seconds seconds.
Paul Lawrence684dbdf2014-02-07 12:07:22 -0800229 */
Paul Lawrence399317e2014-03-10 13:20:50 -0700230static char* password = 0;
231static int password_expiry_time = 0;
232static const int password_max_age_seconds = 60;
Paul Lawrence684dbdf2014-02-07 12:07:22 -0800233
Paul Crowley14c8c072018-09-18 13:30:21 -0700234enum class RebootType { reboot, recovery, shutdown };
235static void cryptfs_reboot(RebootType rt) {
236 switch (rt) {
237 case RebootType::reboot:
238 property_set(ANDROID_RB_PROPERTY, "reboot");
239 break;
Paul Lawrence87999172014-02-20 12:21:31 -0800240
Paul Crowley14c8c072018-09-18 13:30:21 -0700241 case RebootType::recovery:
242 property_set(ANDROID_RB_PROPERTY, "reboot,recovery");
243 break;
Paul Lawrence87999172014-02-20 12:21:31 -0800244
Paul Crowley14c8c072018-09-18 13:30:21 -0700245 case RebootType::shutdown:
246 property_set(ANDROID_RB_PROPERTY, "shutdown");
247 break;
Ken Sumralladfba362013-06-04 16:37:52 -0700248 }
Paul Lawrence87999172014-02-20 12:21:31 -0800249
Ken Sumralladfba362013-06-04 16:37:52 -0700250 sleep(20);
251
252 /* Shouldn't get here, reboot should happen before sleep times out */
253 return;
254}
255
Paul Crowley14c8c072018-09-18 13:30:21 -0700256static void ioctl_init(struct dm_ioctl* io, size_t dataSize, const char* name, unsigned flags) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800257 memset(io, 0, dataSize);
258 io->data_size = dataSize;
259 io->data_start = sizeof(struct dm_ioctl);
260 io->version[0] = 4;
261 io->version[1] = 0;
262 io->version[2] = 0;
263 io->flags = flags;
264 if (name) {
Marek Pola5e6b9142015-02-05 14:22:34 +0100265 strlcpy(io->name, name, sizeof(io->name));
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800266 }
267}
268
Greg Kaiser38723f22018-02-16 13:35:35 -0800269namespace {
270
271struct CryptoType;
272
273// Use to get the CryptoType in use on this device.
Paul Crowley14c8c072018-09-18 13:30:21 -0700274const CryptoType& get_crypto_type();
Greg Kaiser38723f22018-02-16 13:35:35 -0800275
276struct CryptoType {
277 // We should only be constructing CryptoTypes as part of
278 // supported_crypto_types[]. We do it via this pseudo-builder pattern,
279 // which isn't pure or fully protected as a concession to being able to
280 // do it all at compile time. Add new CryptoTypes in
281 // supported_crypto_types[] below.
282 constexpr CryptoType() : CryptoType(nullptr, nullptr, 0xFFFFFFFF) {}
283 constexpr CryptoType set_keysize(uint32_t size) const {
284 return CryptoType(this->property_name, this->crypto_name, size);
285 }
Paul Crowley14c8c072018-09-18 13:30:21 -0700286 constexpr CryptoType set_property_name(const char* property) const {
Greg Kaiser38723f22018-02-16 13:35:35 -0800287 return CryptoType(property, this->crypto_name, this->keysize);
288 }
Paul Crowley14c8c072018-09-18 13:30:21 -0700289 constexpr CryptoType set_crypto_name(const char* crypto) const {
Greg Kaiser38723f22018-02-16 13:35:35 -0800290 return CryptoType(this->property_name, crypto, this->keysize);
291 }
292
Paul Crowley14c8c072018-09-18 13:30:21 -0700293 constexpr const char* get_property_name() const { return property_name; }
294 constexpr const char* get_crypto_name() const { return crypto_name; }
Greg Kaiser38723f22018-02-16 13:35:35 -0800295 constexpr uint32_t get_keysize() const { return keysize; }
296
Paul Crowley14c8c072018-09-18 13:30:21 -0700297 private:
298 const char* property_name;
299 const char* crypto_name;
Greg Kaiser38723f22018-02-16 13:35:35 -0800300 uint32_t keysize;
301
Paul Crowley14c8c072018-09-18 13:30:21 -0700302 constexpr CryptoType(const char* property, const char* crypto, uint32_t ksize)
Greg Kaiser38723f22018-02-16 13:35:35 -0800303 : property_name(property), crypto_name(crypto), keysize(ksize) {}
Paul Crowley14c8c072018-09-18 13:30:21 -0700304 friend const CryptoType& get_crypto_type();
305 static const CryptoType& get_device_crypto_algorithm();
Greg Kaiser38723f22018-02-16 13:35:35 -0800306};
307
308// We only want to parse this read-only property once. But we need to wait
309// until the system is initialized before we can read it. So we use a static
310// scoped within this function to get it only once.
Paul Crowley14c8c072018-09-18 13:30:21 -0700311const CryptoType& get_crypto_type() {
Greg Kaiser38723f22018-02-16 13:35:35 -0800312 static CryptoType crypto_type = CryptoType::get_device_crypto_algorithm();
313 return crypto_type;
314}
315
316constexpr CryptoType default_crypto_type = CryptoType()
Paul Crowley14c8c072018-09-18 13:30:21 -0700317 .set_property_name("AES-128-CBC")
318 .set_crypto_name("aes-cbc-essiv:sha256")
319 .set_keysize(16);
Greg Kaiser38723f22018-02-16 13:35:35 -0800320
321constexpr CryptoType supported_crypto_types[] = {
322 default_crypto_type,
Greg Kaiser8cb4c9f2018-12-03 11:23:19 -0800323 CryptoType()
324 .set_property_name("adiantum")
325 .set_crypto_name("xchacha12,aes-adiantum-plain64")
326 .set_keysize(32),
Greg Kaiser38723f22018-02-16 13:35:35 -0800327 // Add new CryptoTypes here. Order is not important.
328};
329
Greg Kaiser38723f22018-02-16 13:35:35 -0800330// ---------- START COMPILE-TIME SANITY CHECK BLOCK -------------------------
331// We confirm all supported_crypto_types have a small enough keysize and
332// had both set_property_name() and set_crypto_name() called.
333
334template <typename T, size_t N>
Paul Crowley14c8c072018-09-18 13:30:21 -0700335constexpr size_t array_length(T (&)[N]) {
336 return N;
337}
Greg Kaiser38723f22018-02-16 13:35:35 -0800338
339constexpr bool indexOutOfBoundsForCryptoTypes(size_t index) {
340 return (index >= array_length(supported_crypto_types));
341}
342
Paul Crowley14c8c072018-09-18 13:30:21 -0700343constexpr bool isValidCryptoType(const CryptoType& crypto_type) {
Greg Kaiser38723f22018-02-16 13:35:35 -0800344 return ((crypto_type.get_property_name() != nullptr) &&
345 (crypto_type.get_crypto_name() != nullptr) &&
346 (crypto_type.get_keysize() <= MAX_KEY_LEN));
347}
348
349// Note in C++11 that constexpr functions can only have a single line.
350// So our code is a bit convoluted (using recursion instead of a loop),
351// but it's asserting at compile time that all of our key lengths are valid.
352constexpr bool validateSupportedCryptoTypes(size_t index) {
353 return indexOutOfBoundsForCryptoTypes(index) ||
Paul Crowley14c8c072018-09-18 13:30:21 -0700354 (isValidCryptoType(supported_crypto_types[index]) &&
355 validateSupportedCryptoTypes(index + 1));
Greg Kaiser38723f22018-02-16 13:35:35 -0800356}
357
358static_assert(validateSupportedCryptoTypes(0),
359 "We have a CryptoType with keysize > MAX_KEY_LEN or which was "
360 "incompletely constructed.");
361// ---------- END COMPILE-TIME SANITY CHECK BLOCK -------------------------
362
Greg Kaiser38723f22018-02-16 13:35:35 -0800363// Don't call this directly, use get_crypto_type(), which caches this result.
Paul Crowley14c8c072018-09-18 13:30:21 -0700364const CryptoType& CryptoType::get_device_crypto_algorithm() {
Greg Kaiser38723f22018-02-16 13:35:35 -0800365 constexpr char CRYPT_ALGO_PROP[] = "ro.crypto.fde_algorithm";
366 char paramstr[PROPERTY_VALUE_MAX];
367
Paul Crowley14c8c072018-09-18 13:30:21 -0700368 property_get(CRYPT_ALGO_PROP, paramstr, default_crypto_type.get_property_name());
369 for (auto const& ctype : supported_crypto_types) {
Greg Kaiser38723f22018-02-16 13:35:35 -0800370 if (strcmp(paramstr, ctype.get_property_name()) == 0) {
371 return ctype;
372 }
373 }
Paul Crowley14c8c072018-09-18 13:30:21 -0700374 ALOGE("Invalid name (%s) for %s. Defaulting to %s\n", paramstr, CRYPT_ALGO_PROP,
375 default_crypto_type.get_property_name());
Greg Kaiser38723f22018-02-16 13:35:35 -0800376 return default_crypto_type;
377}
378
379} // namespace
380
Kenny Rootc4c70f12013-06-14 12:11:38 -0700381/**
382 * Gets the default device scrypt parameters for key derivation time tuning.
383 * The parameters should lead to about one second derivation time for the
384 * given device.
385 */
Paul Crowley14c8c072018-09-18 13:30:21 -0700386static void get_device_scrypt_params(struct crypt_mnt_ftr* ftr) {
Kenny Rootc4c70f12013-06-14 12:11:38 -0700387 char paramstr[PROPERTY_VALUE_MAX];
Paul Crowley63c18d32016-02-10 14:02:47 +0000388 int Nf, rf, pf;
Kenny Rootc4c70f12013-06-14 12:11:38 -0700389
Paul Crowley63c18d32016-02-10 14:02:47 +0000390 property_get(SCRYPT_PROP, paramstr, SCRYPT_DEFAULTS);
391 if (!parse_scrypt_parameters(paramstr, &Nf, &rf, &pf)) {
392 SLOGW("bad scrypt parameters '%s' should be like '12:8:1'; using defaults", paramstr);
393 parse_scrypt_parameters(SCRYPT_DEFAULTS, &Nf, &rf, &pf);
Kenny Rootc4c70f12013-06-14 12:11:38 -0700394 }
Paul Crowley63c18d32016-02-10 14:02:47 +0000395 ftr->N_factor = Nf;
396 ftr->r_factor = rf;
397 ftr->p_factor = pf;
Kenny Rootc4c70f12013-06-14 12:11:38 -0700398}
399
Greg Kaiser57f9af62018-02-16 13:13:58 -0800400uint32_t cryptfs_get_keysize() {
Greg Kaiser38723f22018-02-16 13:35:35 -0800401 return get_crypto_type().get_keysize();
Greg Kaiser57f9af62018-02-16 13:13:58 -0800402}
403
Paul Crowley14c8c072018-09-18 13:30:21 -0700404const char* cryptfs_get_crypto_name() {
Greg Kaiser38723f22018-02-16 13:35:35 -0800405 return get_crypto_type().get_crypto_name();
Greg Kaiser57f9af62018-02-16 13:13:58 -0800406}
407
Tom Cherry4c5bde22019-01-29 14:34:01 -0800408static uint64_t get_fs_size(const char* dev) {
Ken Sumrall3ed82362011-01-28 23:31:16 -0800409 int fd, block_size;
410 struct ext4_super_block sb;
Oleksiy Avramchenko625dc782018-05-23 10:50:46 +0200411 uint64_t len;
Ken Sumrall3ed82362011-01-28 23:31:16 -0800412
Paul Crowley14c8c072018-09-18 13:30:21 -0700413 if ((fd = open(dev, O_RDONLY | O_CLOEXEC)) < 0) {
Ken Sumrall3ed82362011-01-28 23:31:16 -0800414 SLOGE("Cannot open device to get filesystem size ");
415 return 0;
416 }
417
418 if (lseek64(fd, 1024, SEEK_SET) < 0) {
419 SLOGE("Cannot seek to superblock");
420 return 0;
421 }
422
423 if (read(fd, &sb, sizeof(sb)) != sizeof(sb)) {
424 SLOGE("Cannot read superblock");
425 return 0;
426 }
427
428 close(fd);
429
Daniel Rosenberge82df162014-08-15 22:19:23 +0000430 if (le32_to_cpu(sb.s_magic) != EXT4_SUPER_MAGIC) {
431 SLOGE("Not a valid ext4 superblock");
432 return 0;
433 }
Ken Sumrall3ed82362011-01-28 23:31:16 -0800434 block_size = 1024 << sb.s_log_block_size;
435 /* compute length in bytes */
Oleksiy Avramchenko625dc782018-05-23 10:50:46 +0200436 len = (((uint64_t)sb.s_blocks_count_hi << 32) + sb.s_blocks_count_lo) * block_size;
Ken Sumrall3ed82362011-01-28 23:31:16 -0800437
438 /* return length in sectors */
Oleksiy Avramchenko625dc782018-05-23 10:50:46 +0200439 return len / 512;
Ken Sumrall3ed82362011-01-28 23:31:16 -0800440}
441
Tom Cherry4c5bde22019-01-29 14:34:01 -0800442static void get_crypt_info(std::string* key_loc, std::string* real_blk_device) {
443 for (const auto& entry : fstab_default) {
444 if (!entry.fs_mgr_flags.vold_managed &&
445 (entry.fs_mgr_flags.crypt || entry.fs_mgr_flags.force_crypt ||
446 entry.fs_mgr_flags.force_fde_or_fbe || entry.fs_mgr_flags.file_encryption)) {
447 if (key_loc != nullptr) {
448 *key_loc = entry.key_loc;
449 }
450 if (real_blk_device != nullptr) {
451 *real_blk_device = entry.blk_device;
452 }
453 return;
454 }
455 }
456}
457
Paul Crowley14c8c072018-09-18 13:30:21 -0700458static int get_crypt_ftr_info(char** metadata_fname, off64_t* off) {
459 static int cached_data = 0;
Oleksiy Avramchenko625dc782018-05-23 10:50:46 +0200460 static uint64_t cached_off = 0;
Paul Crowley14c8c072018-09-18 13:30:21 -0700461 static char cached_metadata_fname[PROPERTY_VALUE_MAX] = "";
Paul Crowley14c8c072018-09-18 13:30:21 -0700462 char key_loc[PROPERTY_VALUE_MAX];
463 char real_blkdev[PROPERTY_VALUE_MAX];
464 int rc = -1;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700465
Paul Crowley14c8c072018-09-18 13:30:21 -0700466 if (!cached_data) {
Tom Cherry4c5bde22019-01-29 14:34:01 -0800467 std::string key_loc;
468 std::string real_blkdev;
469 get_crypt_info(&key_loc, &real_blkdev);
Ken Sumrall160b4d62013-04-22 12:15:39 -0700470
Tom Cherry4c5bde22019-01-29 14:34:01 -0800471 if (key_loc == KEY_IN_FOOTER) {
Oleksiy Avramchenko625dc782018-05-23 10:50:46 +0200472 if (android::vold::GetBlockDevSize(real_blkdev, &cached_off) == android::OK) {
Paul Crowley14c8c072018-09-18 13:30:21 -0700473 /* If it's an encrypted Android partition, the last 16 Kbytes contain the
474 * encryption info footer and key, and plenty of bytes to spare for future
475 * growth.
476 */
Tom Cherry4c5bde22019-01-29 14:34:01 -0800477 strlcpy(cached_metadata_fname, real_blkdev.c_str(), sizeof(cached_metadata_fname));
Oleksiy Avramchenko625dc782018-05-23 10:50:46 +0200478 cached_off -= CRYPT_FOOTER_OFFSET;
Paul Crowley14c8c072018-09-18 13:30:21 -0700479 cached_data = 1;
480 } else {
Tom Cherry4c5bde22019-01-29 14:34:01 -0800481 SLOGE("Cannot get size of block device %s\n", real_blkdev.c_str());
Paul Crowley14c8c072018-09-18 13:30:21 -0700482 }
Paul Crowley14c8c072018-09-18 13:30:21 -0700483 } else {
Tom Cherry4c5bde22019-01-29 14:34:01 -0800484 strlcpy(cached_metadata_fname, key_loc.c_str(), sizeof(cached_metadata_fname));
Paul Crowley14c8c072018-09-18 13:30:21 -0700485 cached_off = 0;
486 cached_data = 1;
487 }
Ken Sumrall160b4d62013-04-22 12:15:39 -0700488 }
Ken Sumrall160b4d62013-04-22 12:15:39 -0700489
Paul Crowley14c8c072018-09-18 13:30:21 -0700490 if (cached_data) {
491 if (metadata_fname) {
492 *metadata_fname = cached_metadata_fname;
493 }
494 if (off) {
495 *off = cached_off;
496 }
497 rc = 0;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700498 }
Ken Sumrall160b4d62013-04-22 12:15:39 -0700499
Paul Crowley14c8c072018-09-18 13:30:21 -0700500 return rc;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700501}
502
Paul Lawrence3d99eba2015-11-20 07:07:19 -0800503/* Set sha256 checksum in structure */
Paul Crowley14c8c072018-09-18 13:30:21 -0700504static void set_ftr_sha(struct crypt_mnt_ftr* crypt_ftr) {
Paul Lawrence3d99eba2015-11-20 07:07:19 -0800505 SHA256_CTX c;
506 SHA256_Init(&c);
507 memset(crypt_ftr->sha256, 0, sizeof(crypt_ftr->sha256));
508 SHA256_Update(&c, crypt_ftr, sizeof(*crypt_ftr));
509 SHA256_Final(crypt_ftr->sha256, &c);
510}
511
Ken Sumralle8744072011-01-18 22:01:55 -0800512/* key or salt can be NULL, in which case just skip writing that value. Useful to
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800513 * update the failed mount count but not change the key.
514 */
Paul Crowley14c8c072018-09-18 13:30:21 -0700515static int put_crypt_ftr_and_key(struct crypt_mnt_ftr* crypt_ftr) {
516 int fd;
517 unsigned int cnt;
518 /* starting_off is set to the SEEK_SET offset
519 * where the crypto structure starts
520 */
521 off64_t starting_off;
522 int rc = -1;
523 char* fname = NULL;
524 struct stat statbuf;
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800525
Paul Crowley14c8c072018-09-18 13:30:21 -0700526 set_ftr_sha(crypt_ftr);
Paul Lawrence3d99eba2015-11-20 07:07:19 -0800527
Paul Crowley14c8c072018-09-18 13:30:21 -0700528 if (get_crypt_ftr_info(&fname, &starting_off)) {
529 SLOGE("Unable to get crypt_ftr_info\n");
530 return -1;
Ken Sumralle8744072011-01-18 22:01:55 -0800531 }
Paul Crowley14c8c072018-09-18 13:30:21 -0700532 if (fname[0] != '/') {
533 SLOGE("Unexpected value for crypto key location\n");
534 return -1;
535 }
536 if ((fd = open(fname, O_RDWR | O_CREAT | O_CLOEXEC, 0600)) < 0) {
537 SLOGE("Cannot open footer file %s for put\n", fname);
538 return -1;
539 }
Ken Sumralle8744072011-01-18 22:01:55 -0800540
Paul Crowley14c8c072018-09-18 13:30:21 -0700541 /* Seek to the start of the crypt footer */
542 if (lseek64(fd, starting_off, SEEK_SET) == -1) {
543 SLOGE("Cannot seek to real block device footer\n");
544 goto errout;
545 }
546
547 if ((cnt = write(fd, crypt_ftr, sizeof(struct crypt_mnt_ftr))) != sizeof(struct crypt_mnt_ftr)) {
548 SLOGE("Cannot write real block device footer\n");
549 goto errout;
550 }
551
552 fstat(fd, &statbuf);
553 /* If the keys are kept on a raw block device, do not try to truncate it. */
554 if (S_ISREG(statbuf.st_mode)) {
555 if (ftruncate(fd, 0x4000)) {
556 SLOGE("Cannot set footer file size\n");
557 goto errout;
558 }
559 }
560
561 /* Success! */
562 rc = 0;
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800563
564errout:
Paul Crowley14c8c072018-09-18 13:30:21 -0700565 close(fd);
566 return rc;
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800567}
568
Paul Crowley14c8c072018-09-18 13:30:21 -0700569static bool check_ftr_sha(const struct crypt_mnt_ftr* crypt_ftr) {
Paul Lawrence3d99eba2015-11-20 07:07:19 -0800570 struct crypt_mnt_ftr copy;
571 memcpy(&copy, crypt_ftr, sizeof(copy));
572 set_ftr_sha(&copy);
573 return memcmp(copy.sha256, crypt_ftr->sha256, sizeof(copy.sha256)) == 0;
574}
575
Paul Crowley14c8c072018-09-18 13:30:21 -0700576static inline int unix_read(int fd, void* buff, int len) {
Ken Sumrall160b4d62013-04-22 12:15:39 -0700577 return TEMP_FAILURE_RETRY(read(fd, buff, len));
578}
579
Paul Crowley14c8c072018-09-18 13:30:21 -0700580static inline int unix_write(int fd, const void* buff, int len) {
Ken Sumrall160b4d62013-04-22 12:15:39 -0700581 return TEMP_FAILURE_RETRY(write(fd, buff, len));
582}
583
Paul Crowley14c8c072018-09-18 13:30:21 -0700584static void init_empty_persist_data(struct crypt_persist_data* pdata, int len) {
Ken Sumrall160b4d62013-04-22 12:15:39 -0700585 memset(pdata, 0, len);
586 pdata->persist_magic = PERSIST_DATA_MAGIC;
587 pdata->persist_valid_entries = 0;
588}
589
590/* A routine to update the passed in crypt_ftr to the lastest version.
591 * fd is open read/write on the device that holds the crypto footer and persistent
592 * data, crypt_ftr is a pointer to the struct to be updated, and offset is the
593 * absolute offset to the start of the crypt_mnt_ftr on the passed in fd.
594 */
Paul Crowley14c8c072018-09-18 13:30:21 -0700595static void upgrade_crypt_ftr(int fd, struct crypt_mnt_ftr* crypt_ftr, off64_t offset) {
Kenny Root7434b312013-06-14 11:29:53 -0700596 int orig_major = crypt_ftr->major_version;
597 int orig_minor = crypt_ftr->minor_version;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700598
Kenny Root7434b312013-06-14 11:29:53 -0700599 if ((crypt_ftr->major_version == 1) && (crypt_ftr->minor_version == 0)) {
Paul Crowley14c8c072018-09-18 13:30:21 -0700600 struct crypt_persist_data* pdata;
Kenny Root7434b312013-06-14 11:29:53 -0700601 off64_t pdata_offset = offset + CRYPT_FOOTER_TO_PERSIST_OFFSET;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700602
Kenny Rootc4c70f12013-06-14 12:11:38 -0700603 SLOGW("upgrading crypto footer to 1.1");
604
Paul Crowley14c8c072018-09-18 13:30:21 -0700605 pdata = (crypt_persist_data*)malloc(CRYPT_PERSIST_DATA_SIZE);
Kenny Root7434b312013-06-14 11:29:53 -0700606 if (pdata == NULL) {
607 SLOGE("Cannot allocate persisent data\n");
608 return;
609 }
610 memset(pdata, 0, CRYPT_PERSIST_DATA_SIZE);
611
612 /* Need to initialize the persistent data area */
613 if (lseek64(fd, pdata_offset, SEEK_SET) == -1) {
614 SLOGE("Cannot seek to persisent data offset\n");
Henrik Baard91064632015-02-05 15:09:17 +0100615 free(pdata);
Kenny Root7434b312013-06-14 11:29:53 -0700616 return;
617 }
618 /* Write all zeros to the first copy, making it invalid */
619 unix_write(fd, pdata, CRYPT_PERSIST_DATA_SIZE);
620
621 /* Write a valid but empty structure to the second copy */
622 init_empty_persist_data(pdata, CRYPT_PERSIST_DATA_SIZE);
623 unix_write(fd, pdata, CRYPT_PERSIST_DATA_SIZE);
624
625 /* Update the footer */
626 crypt_ftr->persist_data_size = CRYPT_PERSIST_DATA_SIZE;
627 crypt_ftr->persist_data_offset[0] = pdata_offset;
628 crypt_ftr->persist_data_offset[1] = pdata_offset + CRYPT_PERSIST_DATA_SIZE;
629 crypt_ftr->minor_version = 1;
Henrik Baard91064632015-02-05 15:09:17 +0100630 free(pdata);
Ken Sumrall160b4d62013-04-22 12:15:39 -0700631 }
632
Paul Lawrencef4faa572014-01-29 13:31:03 -0800633 if ((crypt_ftr->major_version == 1) && (crypt_ftr->minor_version == 1)) {
Kenny Rootc4c70f12013-06-14 12:11:38 -0700634 SLOGW("upgrading crypto footer to 1.2");
JP Abgrall7bdfa522013-11-15 13:42:56 -0800635 /* But keep the old kdf_type.
636 * It will get updated later to KDF_SCRYPT after the password has been verified.
637 */
Kenny Rootc4c70f12013-06-14 12:11:38 -0700638 crypt_ftr->kdf_type = KDF_PBKDF2;
639 get_device_scrypt_params(crypt_ftr);
640 crypt_ftr->minor_version = 2;
641 }
642
Paul Lawrencef4faa572014-01-29 13:31:03 -0800643 if ((crypt_ftr->major_version == 1) && (crypt_ftr->minor_version == 2)) {
644 SLOGW("upgrading crypto footer to 1.3");
645 crypt_ftr->crypt_type = CRYPT_TYPE_PASSWORD;
646 crypt_ftr->minor_version = 3;
647 }
648
Kenny Root7434b312013-06-14 11:29:53 -0700649 if ((orig_major != crypt_ftr->major_version) || (orig_minor != crypt_ftr->minor_version)) {
650 if (lseek64(fd, offset, SEEK_SET) == -1) {
651 SLOGE("Cannot seek to crypt footer\n");
652 return;
653 }
654 unix_write(fd, crypt_ftr, sizeof(struct crypt_mnt_ftr));
Ken Sumrall160b4d62013-04-22 12:15:39 -0700655 }
Ken Sumrall160b4d62013-04-22 12:15:39 -0700656}
657
Paul Crowley14c8c072018-09-18 13:30:21 -0700658static int get_crypt_ftr_and_key(struct crypt_mnt_ftr* crypt_ftr) {
659 int fd;
660 unsigned int cnt;
661 off64_t starting_off;
662 int rc = -1;
663 char* fname = NULL;
664 struct stat statbuf;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700665
Paul Crowley14c8c072018-09-18 13:30:21 -0700666 if (get_crypt_ftr_info(&fname, &starting_off)) {
667 SLOGE("Unable to get crypt_ftr_info\n");
668 return -1;
669 }
670 if (fname[0] != '/') {
671 SLOGE("Unexpected value for crypto key location\n");
672 return -1;
673 }
674 if ((fd = open(fname, O_RDWR | O_CLOEXEC)) < 0) {
675 SLOGE("Cannot open footer file %s for get\n", fname);
676 return -1;
677 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800678
Paul Crowley14c8c072018-09-18 13:30:21 -0700679 /* Make sure it's 16 Kbytes in length */
680 fstat(fd, &statbuf);
681 if (S_ISREG(statbuf.st_mode) && (statbuf.st_size != 0x4000)) {
682 SLOGE("footer file %s is not the expected size!\n", fname);
683 goto errout;
684 }
Ken Sumrall160b4d62013-04-22 12:15:39 -0700685
Paul Crowley14c8c072018-09-18 13:30:21 -0700686 /* Seek to the start of the crypt footer */
687 if (lseek64(fd, starting_off, SEEK_SET) == -1) {
688 SLOGE("Cannot seek to real block device footer\n");
689 goto errout;
690 }
Ken Sumrall160b4d62013-04-22 12:15:39 -0700691
Paul Crowley14c8c072018-09-18 13:30:21 -0700692 if ((cnt = read(fd, crypt_ftr, sizeof(struct crypt_mnt_ftr))) != sizeof(struct crypt_mnt_ftr)) {
693 SLOGE("Cannot read real block device footer\n");
694 goto errout;
695 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800696
Paul Crowley14c8c072018-09-18 13:30:21 -0700697 if (crypt_ftr->magic != CRYPT_MNT_MAGIC) {
698 SLOGE("Bad magic for real block device %s\n", fname);
699 goto errout;
700 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800701
Paul Crowley14c8c072018-09-18 13:30:21 -0700702 if (crypt_ftr->major_version != CURRENT_MAJOR_VERSION) {
703 SLOGE("Cannot understand major version %d real block device footer; expected %d\n",
704 crypt_ftr->major_version, CURRENT_MAJOR_VERSION);
705 goto errout;
706 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800707
Paul Crowley14c8c072018-09-18 13:30:21 -0700708 // We risk buffer overflows with oversized keys, so we just reject them.
709 // 0-sized keys are problematic (essentially by-passing encryption), and
710 // AES-CBC key wrapping only works for multiples of 16 bytes.
711 if ((crypt_ftr->keysize == 0) || ((crypt_ftr->keysize % 16) != 0) ||
712 (crypt_ftr->keysize > MAX_KEY_LEN)) {
713 SLOGE(
714 "Invalid keysize (%u) for block device %s; Must be non-zero, "
715 "divisible by 16, and <= %d\n",
716 crypt_ftr->keysize, fname, MAX_KEY_LEN);
717 goto errout;
718 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800719
Paul Crowley14c8c072018-09-18 13:30:21 -0700720 if (crypt_ftr->minor_version > CURRENT_MINOR_VERSION) {
721 SLOGW("Warning: crypto footer minor version %d, expected <= %d, continuing...\n",
722 crypt_ftr->minor_version, CURRENT_MINOR_VERSION);
723 }
Greg Kaiser59ad0182018-02-16 13:01:36 -0800724
Paul Crowley14c8c072018-09-18 13:30:21 -0700725 /* If this is a verion 1.0 crypt_ftr, make it a 1.1 crypt footer, and update the
726 * copy on disk before returning.
727 */
728 if (crypt_ftr->minor_version < CURRENT_MINOR_VERSION) {
729 upgrade_crypt_ftr(fd, crypt_ftr, starting_off);
730 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800731
Paul Crowley14c8c072018-09-18 13:30:21 -0700732 /* Success! */
733 rc = 0;
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800734
735errout:
Paul Crowley14c8c072018-09-18 13:30:21 -0700736 close(fd);
737 return rc;
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800738}
739
Paul Crowley14c8c072018-09-18 13:30:21 -0700740static int validate_persistent_data_storage(struct crypt_mnt_ftr* crypt_ftr) {
Ken Sumrall160b4d62013-04-22 12:15:39 -0700741 if (crypt_ftr->persist_data_offset[0] + crypt_ftr->persist_data_size >
742 crypt_ftr->persist_data_offset[1]) {
743 SLOGE("Crypt_ftr persist data regions overlap");
744 return -1;
745 }
746
747 if (crypt_ftr->persist_data_offset[0] >= crypt_ftr->persist_data_offset[1]) {
748 SLOGE("Crypt_ftr persist data region 0 starts after region 1");
749 return -1;
750 }
751
752 if (((crypt_ftr->persist_data_offset[1] + crypt_ftr->persist_data_size) -
Paul Crowley14c8c072018-09-18 13:30:21 -0700753 (crypt_ftr->persist_data_offset[0] - CRYPT_FOOTER_TO_PERSIST_OFFSET)) >
Ken Sumrall160b4d62013-04-22 12:15:39 -0700754 CRYPT_FOOTER_OFFSET) {
755 SLOGE("Persistent data extends past crypto footer");
756 return -1;
757 }
758
759 return 0;
760}
761
Paul Crowley14c8c072018-09-18 13:30:21 -0700762static int load_persistent_data(void) {
Ken Sumrall160b4d62013-04-22 12:15:39 -0700763 struct crypt_mnt_ftr crypt_ftr;
Paul Crowley14c8c072018-09-18 13:30:21 -0700764 struct crypt_persist_data* pdata = NULL;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700765 char encrypted_state[PROPERTY_VALUE_MAX];
Paul Crowley14c8c072018-09-18 13:30:21 -0700766 char* fname;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700767 int found = 0;
768 int fd;
769 int ret;
770 int i;
771
772 if (persist_data) {
773 /* Nothing to do, we've already loaded or initialized it */
774 return 0;
775 }
776
Ken Sumrall160b4d62013-04-22 12:15:39 -0700777 /* If not encrypted, just allocate an empty table and initialize it */
778 property_get("ro.crypto.state", encrypted_state, "");
Paul Crowley14c8c072018-09-18 13:30:21 -0700779 if (strcmp(encrypted_state, "encrypted")) {
Wei Wang4375f1b2017-02-24 17:43:01 -0800780 pdata = (crypt_persist_data*)malloc(CRYPT_PERSIST_DATA_SIZE);
Ken Sumrall160b4d62013-04-22 12:15:39 -0700781 if (pdata) {
782 init_empty_persist_data(pdata, CRYPT_PERSIST_DATA_SIZE);
783 persist_data = pdata;
784 return 0;
785 }
786 return -1;
787 }
788
Paul Crowley14c8c072018-09-18 13:30:21 -0700789 if (get_crypt_ftr_and_key(&crypt_ftr)) {
Ken Sumrall160b4d62013-04-22 12:15:39 -0700790 return -1;
791 }
792
Paul Crowley14c8c072018-09-18 13:30:21 -0700793 if ((crypt_ftr.major_version < 1) ||
794 (crypt_ftr.major_version == 1 && crypt_ftr.minor_version < 1)) {
Ken Sumrall160b4d62013-04-22 12:15:39 -0700795 SLOGE("Crypt_ftr version doesn't support persistent data");
796 return -1;
797 }
798
799 if (get_crypt_ftr_info(&fname, NULL)) {
800 return -1;
801 }
802
803 ret = validate_persistent_data_storage(&crypt_ftr);
804 if (ret) {
805 return -1;
806 }
807
Paul Crowley14c8c072018-09-18 13:30:21 -0700808 fd = open(fname, O_RDONLY | O_CLOEXEC);
Ken Sumrall160b4d62013-04-22 12:15:39 -0700809 if (fd < 0) {
810 SLOGE("Cannot open %s metadata file", fname);
811 return -1;
812 }
813
Wei Wang4375f1b2017-02-24 17:43:01 -0800814 pdata = (crypt_persist_data*)malloc(crypt_ftr.persist_data_size);
Paul Lawrence300dae72016-03-11 11:02:52 -0800815 if (pdata == NULL) {
816 SLOGE("Cannot allocate memory for persistent data");
817 goto err;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700818 }
819
820 for (i = 0; i < 2; i++) {
821 if (lseek64(fd, crypt_ftr.persist_data_offset[i], SEEK_SET) < 0) {
822 SLOGE("Cannot seek to read persistent data on %s", fname);
823 goto err2;
824 }
Paul Crowley14c8c072018-09-18 13:30:21 -0700825 if (unix_read(fd, pdata, crypt_ftr.persist_data_size) < 0) {
Ken Sumrall160b4d62013-04-22 12:15:39 -0700826 SLOGE("Error reading persistent data on iteration %d", i);
827 goto err2;
828 }
829 if (pdata->persist_magic == PERSIST_DATA_MAGIC) {
830 found = 1;
831 break;
832 }
833 }
834
835 if (!found) {
836 SLOGI("Could not find valid persistent data, creating");
837 init_empty_persist_data(pdata, crypt_ftr.persist_data_size);
838 }
839
840 /* Success */
841 persist_data = pdata;
842 close(fd);
843 return 0;
844
845err2:
846 free(pdata);
847
848err:
849 close(fd);
850 return -1;
851}
852
Paul Crowley14c8c072018-09-18 13:30:21 -0700853static int save_persistent_data(void) {
Ken Sumrall160b4d62013-04-22 12:15:39 -0700854 struct crypt_mnt_ftr crypt_ftr;
Paul Crowley14c8c072018-09-18 13:30:21 -0700855 struct crypt_persist_data* pdata;
856 char* fname;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700857 off64_t write_offset;
858 off64_t erase_offset;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700859 int fd;
860 int ret;
861
862 if (persist_data == NULL) {
863 SLOGE("No persistent data to save");
864 return -1;
865 }
866
Paul Crowley14c8c072018-09-18 13:30:21 -0700867 if (get_crypt_ftr_and_key(&crypt_ftr)) {
Ken Sumrall160b4d62013-04-22 12:15:39 -0700868 return -1;
869 }
870
Paul Crowley14c8c072018-09-18 13:30:21 -0700871 if ((crypt_ftr.major_version < 1) ||
872 (crypt_ftr.major_version == 1 && crypt_ftr.minor_version < 1)) {
Ken Sumrall160b4d62013-04-22 12:15:39 -0700873 SLOGE("Crypt_ftr version doesn't support persistent data");
874 return -1;
875 }
876
877 ret = validate_persistent_data_storage(&crypt_ftr);
878 if (ret) {
879 return -1;
880 }
881
882 if (get_crypt_ftr_info(&fname, NULL)) {
883 return -1;
884 }
885
Paul Crowley14c8c072018-09-18 13:30:21 -0700886 fd = open(fname, O_RDWR | O_CLOEXEC);
Ken Sumrall160b4d62013-04-22 12:15:39 -0700887 if (fd < 0) {
888 SLOGE("Cannot open %s metadata file", fname);
889 return -1;
890 }
891
Wei Wang4375f1b2017-02-24 17:43:01 -0800892 pdata = (crypt_persist_data*)malloc(crypt_ftr.persist_data_size);
Ken Sumrall160b4d62013-04-22 12:15:39 -0700893 if (pdata == NULL) {
894 SLOGE("Cannot allocate persistant data");
895 goto err;
896 }
897
898 if (lseek64(fd, crypt_ftr.persist_data_offset[0], SEEK_SET) < 0) {
899 SLOGE("Cannot seek to read persistent data on %s", fname);
900 goto err2;
901 }
902
903 if (unix_read(fd, pdata, crypt_ftr.persist_data_size) < 0) {
Paul Crowley14c8c072018-09-18 13:30:21 -0700904 SLOGE("Error reading persistent data before save");
905 goto err2;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700906 }
907
908 if (pdata->persist_magic == PERSIST_DATA_MAGIC) {
909 /* The first copy is the curent valid copy, so write to
910 * the second copy and erase this one */
Paul Crowley14c8c072018-09-18 13:30:21 -0700911 write_offset = crypt_ftr.persist_data_offset[1];
912 erase_offset = crypt_ftr.persist_data_offset[0];
Ken Sumrall160b4d62013-04-22 12:15:39 -0700913 } else {
914 /* The second copy must be the valid copy, so write to
915 * the first copy, and erase the second */
Paul Crowley14c8c072018-09-18 13:30:21 -0700916 write_offset = crypt_ftr.persist_data_offset[0];
917 erase_offset = crypt_ftr.persist_data_offset[1];
Ken Sumrall160b4d62013-04-22 12:15:39 -0700918 }
919
920 /* Write the new copy first, if successful, then erase the old copy */
Björn Landström96dbee72015-01-20 12:43:56 +0100921 if (lseek64(fd, write_offset, SEEK_SET) < 0) {
Ken Sumrall160b4d62013-04-22 12:15:39 -0700922 SLOGE("Cannot seek to write persistent data");
923 goto err2;
924 }
925 if (unix_write(fd, persist_data, crypt_ftr.persist_data_size) ==
Paul Crowley14c8c072018-09-18 13:30:21 -0700926 (int)crypt_ftr.persist_data_size) {
Björn Landström96dbee72015-01-20 12:43:56 +0100927 if (lseek64(fd, erase_offset, SEEK_SET) < 0) {
Ken Sumrall160b4d62013-04-22 12:15:39 -0700928 SLOGE("Cannot seek to erase previous persistent data");
929 goto err2;
930 }
931 fsync(fd);
932 memset(pdata, 0, crypt_ftr.persist_data_size);
Paul Crowley14c8c072018-09-18 13:30:21 -0700933 if (unix_write(fd, pdata, crypt_ftr.persist_data_size) != (int)crypt_ftr.persist_data_size) {
Ken Sumrall160b4d62013-04-22 12:15:39 -0700934 SLOGE("Cannot write to erase previous persistent data");
935 goto err2;
936 }
937 fsync(fd);
938 } else {
939 SLOGE("Cannot write to save persistent data");
940 goto err2;
941 }
942
943 /* Success */
944 free(pdata);
945 close(fd);
946 return 0;
947
948err2:
949 free(pdata);
950err:
951 close(fd);
952 return -1;
953}
954
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800955/* Convert a binary key of specified length into an ascii hex string equivalent,
956 * without the leading 0x and with null termination
957 */
Paul Crowley14c8c072018-09-18 13:30:21 -0700958static void convert_key_to_hex_ascii(const unsigned char* master_key, unsigned int keysize,
959 char* master_key_ascii) {
Paul Lawrence3bd36d52015-06-09 13:37:44 -0700960 unsigned int i, a;
961 unsigned char nibble;
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800962
Paul Crowley14c8c072018-09-18 13:30:21 -0700963 for (i = 0, a = 0; i < keysize; i++, a += 2) {
Paul Lawrence3bd36d52015-06-09 13:37:44 -0700964 /* For each byte, write out two ascii hex digits */
965 nibble = (master_key[i] >> 4) & 0xf;
966 master_key_ascii[a] = nibble + (nibble > 9 ? 0x37 : 0x30);
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800967
Paul Lawrence3bd36d52015-06-09 13:37:44 -0700968 nibble = master_key[i] & 0xf;
Paul Crowley14c8c072018-09-18 13:30:21 -0700969 master_key_ascii[a + 1] = nibble + (nibble > 9 ? 0x37 : 0x30);
Paul Lawrence3bd36d52015-06-09 13:37:44 -0700970 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800971
Paul Lawrence3bd36d52015-06-09 13:37:44 -0700972 /* Add the null termination */
973 master_key_ascii[a] = '\0';
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800974}
975
Paul Crowley14c8c072018-09-18 13:30:21 -0700976static int load_crypto_mapping_table(struct crypt_mnt_ftr* crypt_ftr,
977 const unsigned char* master_key, const char* real_blk_name,
978 const char* name, int fd, const char* extra_params) {
979 alignas(struct dm_ioctl) char buffer[DM_CRYPT_BUF_SIZE];
980 struct dm_ioctl* io;
981 struct dm_target_spec* tgt;
982 char* crypt_params;
983 // We need two ASCII characters to represent each byte, and need space for
984 // the '\0' terminator.
985 char master_key_ascii[MAX_KEY_LEN * 2 + 1];
986 size_t buff_offset;
987 int i;
Ken Sumralldb5e0262013-02-05 17:39:48 -0800988
Paul Crowley14c8c072018-09-18 13:30:21 -0700989 io = (struct dm_ioctl*)buffer;
Ken Sumralldb5e0262013-02-05 17:39:48 -0800990
Paul Crowley14c8c072018-09-18 13:30:21 -0700991 /* Load the mapping table for this device */
992 tgt = (struct dm_target_spec*)&buffer[sizeof(struct dm_ioctl)];
Ken Sumralldb5e0262013-02-05 17:39:48 -0800993
Paul Crowley14c8c072018-09-18 13:30:21 -0700994 ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
995 io->target_count = 1;
996 tgt->status = 0;
997 tgt->sector_start = 0;
998 tgt->length = crypt_ftr->fs_size;
999 strlcpy(tgt->target_type, "crypt", DM_MAX_TYPE_NAME);
Ken Sumralldb5e0262013-02-05 17:39:48 -08001000
Paul Crowley14c8c072018-09-18 13:30:21 -07001001 crypt_params = buffer + sizeof(struct dm_ioctl) + sizeof(struct dm_target_spec);
1002 convert_key_to_hex_ascii(master_key, crypt_ftr->keysize, master_key_ascii);
George Burgess IV605d7ae2016-02-29 13:39:17 -08001003
Paul Crowley14c8c072018-09-18 13:30:21 -07001004 buff_offset = crypt_params - buffer;
Eric Biggerse1a7e772019-01-25 12:11:25 -08001005 SLOGI(
1006 "Creating crypto dev \"%s\"; cipher=%s, keysize=%u, real_dev=%s, len=%llu, params=\"%s\"\n",
1007 name, crypt_ftr->crypto_type_name, crypt_ftr->keysize, real_blk_name, tgt->length * 512,
1008 extra_params);
Paul Crowley14c8c072018-09-18 13:30:21 -07001009 snprintf(crypt_params, sizeof(buffer) - buff_offset, "%s %s 0 %s 0 %s",
1010 crypt_ftr->crypto_type_name, master_key_ascii, real_blk_name, extra_params);
1011 crypt_params += strlen(crypt_params) + 1;
1012 crypt_params =
1013 (char*)(((unsigned long)crypt_params + 7) & ~8); /* Align to an 8 byte boundary */
1014 tgt->next = crypt_params - buffer;
Ken Sumralldb5e0262013-02-05 17:39:48 -08001015
Paul Crowley14c8c072018-09-18 13:30:21 -07001016 for (i = 0; i < TABLE_LOAD_RETRIES; i++) {
1017 if (!ioctl(fd, DM_TABLE_LOAD, io)) {
1018 break;
1019 }
1020 usleep(500000);
Ken Sumralldb5e0262013-02-05 17:39:48 -08001021 }
Ken Sumralldb5e0262013-02-05 17:39:48 -08001022
Paul Crowley14c8c072018-09-18 13:30:21 -07001023 if (i == TABLE_LOAD_RETRIES) {
1024 /* We failed to load the table, return an error */
1025 return -1;
1026 } else {
1027 return i + 1;
1028 }
Ken Sumralldb5e0262013-02-05 17:39:48 -08001029}
1030
Paul Crowley14c8c072018-09-18 13:30:21 -07001031static int get_dm_crypt_version(int fd, const char* name, int* version) {
Ken Sumralldb5e0262013-02-05 17:39:48 -08001032 char buffer[DM_CRYPT_BUF_SIZE];
Paul Crowley14c8c072018-09-18 13:30:21 -07001033 struct dm_ioctl* io;
1034 struct dm_target_versions* v;
Ken Sumralldb5e0262013-02-05 17:39:48 -08001035
Paul Crowley14c8c072018-09-18 13:30:21 -07001036 io = (struct dm_ioctl*)buffer;
Ken Sumralldb5e0262013-02-05 17:39:48 -08001037
1038 ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
1039
1040 if (ioctl(fd, DM_LIST_VERSIONS, io)) {
1041 return -1;
1042 }
1043
1044 /* Iterate over the returned versions, looking for name of "crypt".
1045 * When found, get and return the version.
1046 */
Paul Crowley14c8c072018-09-18 13:30:21 -07001047 v = (struct dm_target_versions*)&buffer[sizeof(struct dm_ioctl)];
Ken Sumralldb5e0262013-02-05 17:39:48 -08001048 while (v->next) {
Paul Crowley14c8c072018-09-18 13:30:21 -07001049 if (!strcmp(v->name, "crypt")) {
Ken Sumralldb5e0262013-02-05 17:39:48 -08001050 /* We found the crypt driver, return the version, and get out */
1051 version[0] = v->version[0];
1052 version[1] = v->version[1];
1053 version[2] = v->version[2];
1054 return 0;
1055 }
Paul Crowley14c8c072018-09-18 13:30:21 -07001056 v = (struct dm_target_versions*)(((char*)v) + v->next);
Ken Sumralldb5e0262013-02-05 17:39:48 -08001057 }
1058
1059 return -1;
1060}
1061
Paul Crowley5afbc622017-11-27 09:42:17 -08001062static std::string extra_params_as_string(const std::vector<std::string>& extra_params_vec) {
1063 if (extra_params_vec.empty()) return "";
1064 std::string extra_params = std::to_string(extra_params_vec.size());
1065 for (const auto& p : extra_params_vec) {
1066 extra_params.append(" ");
1067 extra_params.append(p);
1068 }
1069 return extra_params;
1070}
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001071
Eric Biggersed45ec32019-01-25 10:47:55 -08001072/*
1073 * If the ro.crypto.fde_sector_size system property is set, append the
1074 * parameters to make dm-crypt use the specified crypto sector size and round
1075 * the crypto device size down to a crypto sector boundary.
1076 */
1077static int add_sector_size_param(std::vector<std::string>* extra_params_vec,
1078 struct crypt_mnt_ftr* ftr) {
Greg Kaiserab1e84a2018-12-11 12:40:51 -08001079 constexpr char DM_CRYPT_SECTOR_SIZE[] = "ro.crypto.fde_sector_size";
Eric Biggersed45ec32019-01-25 10:47:55 -08001080 char value[PROPERTY_VALUE_MAX];
Greg Kaiserab1e84a2018-12-11 12:40:51 -08001081
Eric Biggersed45ec32019-01-25 10:47:55 -08001082 if (property_get(DM_CRYPT_SECTOR_SIZE, value, "") > 0) {
1083 unsigned int sector_size;
1084
1085 if (!ParseUint(value, &sector_size) || sector_size < 512 || sector_size > 4096 ||
1086 (sector_size & (sector_size - 1)) != 0) {
1087 SLOGE("Invalid value for %s: %s. Must be >= 512, <= 4096, and a power of 2\n",
1088 DM_CRYPT_SECTOR_SIZE, value);
1089 return -1;
1090 }
1091
1092 std::string param = StringPrintf("sector_size:%u", sector_size);
Greg Kaiserab1e84a2018-12-11 12:40:51 -08001093 extra_params_vec->push_back(std::move(param));
1094
1095 // With this option, IVs will match the sector numbering, instead
1096 // of being hard-coded to being based on 512-byte sectors.
1097 extra_params_vec->emplace_back("iv_large_sectors");
Eric Biggersed45ec32019-01-25 10:47:55 -08001098
1099 // Round the crypto device size down to a crypto sector boundary.
1100 ftr->fs_size &= ~((sector_size / 512) - 1);
Greg Kaiserab1e84a2018-12-11 12:40:51 -08001101 }
Eric Biggersed45ec32019-01-25 10:47:55 -08001102 return 0;
Greg Kaiserab1e84a2018-12-11 12:40:51 -08001103}
1104
Paul Crowley5afbc622017-11-27 09:42:17 -08001105static int create_crypto_blk_dev(struct crypt_mnt_ftr* crypt_ftr, const unsigned char* master_key,
1106 const char* real_blk_name, char* crypto_blk_name, const char* name,
1107 uint32_t flags) {
1108 char buffer[DM_CRYPT_BUF_SIZE];
1109 struct dm_ioctl* io;
1110 unsigned int minor;
1111 int fd = 0;
1112 int err;
1113 int retval = -1;
1114 int version[3];
1115 int load_count;
1116 std::vector<std::string> extra_params_vec;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001117
Paul Crowley5afbc622017-11-27 09:42:17 -08001118 if ((fd = open("/dev/device-mapper", O_RDWR | O_CLOEXEC)) < 0) {
1119 SLOGE("Cannot open device-mapper\n");
1120 goto errout;
1121 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001122
Paul Crowley5afbc622017-11-27 09:42:17 -08001123 io = (struct dm_ioctl*)buffer;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001124
Paul Crowley5afbc622017-11-27 09:42:17 -08001125 ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
1126 err = ioctl(fd, DM_DEV_CREATE, io);
1127 if (err) {
1128 SLOGE("Cannot create dm-crypt device %s: %s\n", name, strerror(errno));
1129 goto errout;
1130 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001131
Paul Crowley5afbc622017-11-27 09:42:17 -08001132 /* Get the device status, in particular, the name of it's device file */
1133 ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
1134 if (ioctl(fd, DM_DEV_STATUS, io)) {
1135 SLOGE("Cannot retrieve dm-crypt device status\n");
1136 goto errout;
1137 }
1138 minor = (io->dev & 0xff) | ((io->dev >> 12) & 0xfff00);
1139 snprintf(crypto_blk_name, MAXPATHLEN, "/dev/block/dm-%u", minor);
Ken Sumralle919efe2012-09-29 17:07:41 -07001140
Paul Crowley5afbc622017-11-27 09:42:17 -08001141 if (!get_dm_crypt_version(fd, name, version)) {
1142 /* Support for allow_discards was added in version 1.11.0 */
1143 if ((version[0] >= 2) || ((version[0] == 1) && (version[1] >= 11))) {
1144 extra_params_vec.emplace_back("allow_discards");
1145 }
1146 }
1147 if (flags & CREATE_CRYPTO_BLK_DEV_FLAGS_ALLOW_ENCRYPT_OVERRIDE) {
1148 extra_params_vec.emplace_back("allow_encrypt_override");
1149 }
Eric Biggersed45ec32019-01-25 10:47:55 -08001150 if (add_sector_size_param(&extra_params_vec, crypt_ftr)) {
1151 SLOGE("Error processing dm-crypt sector size param\n");
1152 goto errout;
1153 }
Paul Crowley5afbc622017-11-27 09:42:17 -08001154 load_count = load_crypto_mapping_table(crypt_ftr, master_key, real_blk_name, name, fd,
1155 extra_params_as_string(extra_params_vec).c_str());
1156 if (load_count < 0) {
1157 SLOGE("Cannot load dm-crypt mapping table.\n");
1158 goto errout;
1159 } else if (load_count > 1) {
1160 SLOGI("Took %d tries to load dmcrypt table.\n", load_count);
1161 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001162
Paul Crowley5afbc622017-11-27 09:42:17 -08001163 /* Resume this device to activate it */
1164 ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001165
Paul Crowley5afbc622017-11-27 09:42:17 -08001166 if (ioctl(fd, DM_DEV_SUSPEND, io)) {
1167 SLOGE("Cannot resume the dm-crypt device\n");
1168 goto errout;
1169 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001170
Paul Crowleycfe39722018-10-30 15:59:24 -07001171 /* Ensure the dm device has been created before returning. */
1172 if (android::vold::WaitForFile(crypto_blk_name, 1s) < 0) {
1173 // WaitForFile generates a suitable log message
1174 goto errout;
1175 }
1176
Paul Crowley5afbc622017-11-27 09:42:17 -08001177 /* We made it here with no errors. Woot! */
1178 retval = 0;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001179
1180errout:
Paul Crowley14c8c072018-09-18 13:30:21 -07001181 close(fd); /* If fd is <0 from a failed open call, it's safe to just ignore the close error */
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001182
Paul Crowley14c8c072018-09-18 13:30:21 -07001183 return retval;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001184}
1185
Paul Crowley14c8c072018-09-18 13:30:21 -07001186static int delete_crypto_blk_dev(const char* name) {
1187 int fd;
1188 char buffer[DM_CRYPT_BUF_SIZE];
1189 struct dm_ioctl* io;
1190 int retval = -1;
Yue Hu9d6cc182018-12-17 17:09:55 +08001191 int err;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001192
Paul Crowley14c8c072018-09-18 13:30:21 -07001193 if ((fd = open("/dev/device-mapper", O_RDWR | O_CLOEXEC)) < 0) {
1194 SLOGE("Cannot open device-mapper\n");
1195 goto errout;
1196 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001197
Paul Crowley14c8c072018-09-18 13:30:21 -07001198 io = (struct dm_ioctl*)buffer;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001199
Paul Crowley14c8c072018-09-18 13:30:21 -07001200 ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
Yue Hu9d6cc182018-12-17 17:09:55 +08001201 err = ioctl(fd, DM_DEV_REMOVE, io);
1202 if (err) {
1203 SLOGE("Cannot remove dm-crypt device %s: %s\n", name, strerror(errno));
Paul Crowley14c8c072018-09-18 13:30:21 -07001204 goto errout;
1205 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001206
Paul Crowley14c8c072018-09-18 13:30:21 -07001207 /* We made it here with no errors. Woot! */
1208 retval = 0;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001209
1210errout:
Paul Crowley14c8c072018-09-18 13:30:21 -07001211 close(fd); /* If fd is <0 from a failed open call, it's safe to just ignore the close error */
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001212
Paul Crowley14c8c072018-09-18 13:30:21 -07001213 return retval;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001214}
1215
Paul Crowley14c8c072018-09-18 13:30:21 -07001216static int pbkdf2(const char* passwd, const unsigned char* salt, unsigned char* ikey,
1217 void* params UNUSED) {
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001218 SLOGI("Using pbkdf2 for cryptfs KDF");
1219
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001220 /* Turn the password into a key and IV that can decrypt the master key */
Paul Crowley14c8c072018-09-18 13:30:21 -07001221 return PKCS5_PBKDF2_HMAC_SHA1(passwd, strlen(passwd), salt, SALT_LEN, HASH_COUNT,
1222 INTERMEDIATE_BUF_SIZE, ikey) != 1;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001223}
1224
Paul Crowley14c8c072018-09-18 13:30:21 -07001225static int scrypt(const char* passwd, const unsigned char* salt, unsigned char* ikey, void* params) {
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001226 SLOGI("Using scrypt for cryptfs KDF");
1227
Paul Crowley14c8c072018-09-18 13:30:21 -07001228 struct crypt_mnt_ftr* ftr = (struct crypt_mnt_ftr*)params;
Kenny Rootc4c70f12013-06-14 12:11:38 -07001229
1230 int N = 1 << ftr->N_factor;
1231 int r = 1 << ftr->r_factor;
1232 int p = 1 << ftr->p_factor;
1233
1234 /* Turn the password into a key and IV that can decrypt the master key */
Paul Crowley14c8c072018-09-18 13:30:21 -07001235 crypto_scrypt((const uint8_t*)passwd, strlen(passwd), salt, SALT_LEN, N, r, p, ikey,
Greg Kaiserc0de9c72018-02-14 20:05:54 -08001236 INTERMEDIATE_BUF_SIZE);
Paul Lawrencef4faa572014-01-29 13:31:03 -08001237
Paul Crowley14c8c072018-09-18 13:30:21 -07001238 return 0;
Kenny Rootc4c70f12013-06-14 12:11:38 -07001239}
1240
Paul Crowley14c8c072018-09-18 13:30:21 -07001241static int scrypt_keymaster(const char* passwd, const unsigned char* salt, unsigned char* ikey,
1242 void* params) {
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001243 SLOGI("Using scrypt with keymaster for cryptfs KDF");
1244
1245 int rc;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001246 size_t signature_size;
1247 unsigned char* signature;
Paul Crowley14c8c072018-09-18 13:30:21 -07001248 struct crypt_mnt_ftr* ftr = (struct crypt_mnt_ftr*)params;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001249
1250 int N = 1 << ftr->N_factor;
1251 int r = 1 << ftr->r_factor;
1252 int p = 1 << ftr->p_factor;
1253
Paul Crowley14c8c072018-09-18 13:30:21 -07001254 rc = crypto_scrypt((const uint8_t*)passwd, strlen(passwd), salt, SALT_LEN, N, r, p, ikey,
Greg Kaiserc0de9c72018-02-14 20:05:54 -08001255 INTERMEDIATE_BUF_SIZE);
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001256
1257 if (rc) {
1258 SLOGE("scrypt failed");
1259 return -1;
1260 }
1261
Paul Crowley14c8c072018-09-18 13:30:21 -07001262 if (keymaster_sign_object(ftr, ikey, INTERMEDIATE_BUF_SIZE, &signature, &signature_size)) {
Shawn Willdene17a9c42014-09-08 13:04:08 -06001263 SLOGE("Signing failed");
1264 return -1;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001265 }
1266
Paul Crowley14c8c072018-09-18 13:30:21 -07001267 rc = crypto_scrypt(signature, signature_size, salt, SALT_LEN, N, r, p, ikey,
1268 INTERMEDIATE_BUF_SIZE);
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001269 free(signature);
1270
1271 if (rc) {
1272 SLOGE("scrypt failed");
1273 return -1;
1274 }
1275
1276 return 0;
1277}
1278
Paul Crowley14c8c072018-09-18 13:30:21 -07001279static int encrypt_master_key(const char* passwd, const unsigned char* salt,
1280 const unsigned char* decrypted_master_key,
1281 unsigned char* encrypted_master_key, struct crypt_mnt_ftr* crypt_ftr) {
1282 unsigned char ikey[INTERMEDIATE_BUF_SIZE] = {0};
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001283 EVP_CIPHER_CTX e_ctx;
1284 int encrypted_len, final_len;
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001285 int rc = 0;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001286
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001287 /* Turn the password into an intermediate key and IV that can decrypt the master key */
Kenny Rootc4c70f12013-06-14 12:11:38 -07001288 get_device_scrypt_params(crypt_ftr);
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001289
1290 switch (crypt_ftr->kdf_type) {
Paul Crowley14c8c072018-09-18 13:30:21 -07001291 case KDF_SCRYPT_KEYMASTER:
1292 if (keymaster_create_key(crypt_ftr)) {
1293 SLOGE("keymaster_create_key failed");
1294 return -1;
1295 }
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001296
Paul Crowley14c8c072018-09-18 13:30:21 -07001297 if (scrypt_keymaster(passwd, salt, ikey, crypt_ftr)) {
1298 SLOGE("scrypt failed");
1299 return -1;
1300 }
1301 break;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001302
Paul Crowley14c8c072018-09-18 13:30:21 -07001303 case KDF_SCRYPT:
1304 if (scrypt(passwd, salt, ikey, crypt_ftr)) {
1305 SLOGE("scrypt failed");
1306 return -1;
1307 }
1308 break;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001309
Paul Crowley14c8c072018-09-18 13:30:21 -07001310 default:
1311 SLOGE("Invalid kdf_type");
1312 return -1;
Paul Lawrencef4faa572014-01-29 13:31:03 -08001313 }
Kenny Rootc4c70f12013-06-14 12:11:38 -07001314
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001315 /* Initialize the decryption engine */
Adam Langley889c4f12014-09-03 14:23:13 -07001316 EVP_CIPHER_CTX_init(&e_ctx);
Paul Crowley14c8c072018-09-18 13:30:21 -07001317 if (!EVP_EncryptInit_ex(&e_ctx, EVP_aes_128_cbc(), NULL, ikey,
1318 ikey + INTERMEDIATE_KEY_LEN_BYTES)) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001319 SLOGE("EVP_EncryptInit failed\n");
1320 return -1;
1321 }
1322 EVP_CIPHER_CTX_set_padding(&e_ctx, 0); /* Turn off padding as our data is block aligned */
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001323
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001324 /* Encrypt the master key */
Paul Crowley14c8c072018-09-18 13:30:21 -07001325 if (!EVP_EncryptUpdate(&e_ctx, encrypted_master_key, &encrypted_len, decrypted_master_key,
1326 crypt_ftr->keysize)) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001327 SLOGE("EVP_EncryptUpdate failed\n");
1328 return -1;
1329 }
Paul Crowley14c8c072018-09-18 13:30:21 -07001330 if (!EVP_EncryptFinal_ex(&e_ctx, encrypted_master_key + encrypted_len, &final_len)) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001331 SLOGE("EVP_EncryptFinal failed\n");
1332 return -1;
1333 }
1334
Greg Kaiser59ad0182018-02-16 13:01:36 -08001335 if (encrypted_len + final_len != static_cast<int>(crypt_ftr->keysize)) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001336 SLOGE("EVP_Encryption length check failed with %d, %d bytes\n", encrypted_len, final_len);
1337 return -1;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001338 }
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001339
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001340 /* Store the scrypt of the intermediate key, so we can validate if it's a
1341 password error or mount error when things go wrong.
1342 Note there's no need to check for errors, since if this is incorrect, we
1343 simply won't wipe userdata, which is the correct default behavior
1344 */
1345 int N = 1 << crypt_ftr->N_factor;
1346 int r = 1 << crypt_ftr->r_factor;
1347 int p = 1 << crypt_ftr->p_factor;
1348
Paul Crowley14c8c072018-09-18 13:30:21 -07001349 rc = crypto_scrypt(ikey, INTERMEDIATE_KEY_LEN_BYTES, crypt_ftr->salt, sizeof(crypt_ftr->salt),
1350 N, r, p, crypt_ftr->scrypted_intermediate_key,
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001351 sizeof(crypt_ftr->scrypted_intermediate_key));
1352
1353 if (rc) {
Paul Crowley14c8c072018-09-18 13:30:21 -07001354 SLOGE("encrypt_master_key: crypto_scrypt failed");
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001355 }
1356
Thurston Hou Yeen Dang06dc3112016-07-18 14:16:37 -07001357 EVP_CIPHER_CTX_cleanup(&e_ctx);
1358
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001359 return 0;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001360}
1361
Paul Crowley14c8c072018-09-18 13:30:21 -07001362static int decrypt_master_key_aux(const char* passwd, unsigned char* salt,
1363 const unsigned char* encrypted_master_key, size_t keysize,
1364 unsigned char* decrypted_master_key, kdf_func kdf,
1365 void* kdf_params, unsigned char** intermediate_key,
1366 size_t* intermediate_key_size) {
1367 unsigned char ikey[INTERMEDIATE_BUF_SIZE] = {0};
1368 EVP_CIPHER_CTX d_ctx;
1369 int decrypted_len, final_len;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001370
Paul Crowley14c8c072018-09-18 13:30:21 -07001371 /* Turn the password into an intermediate key and IV that can decrypt the
1372 master key */
1373 if (kdf(passwd, salt, ikey, kdf_params)) {
1374 SLOGE("kdf failed");
1375 return -1;
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001376 }
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001377
Paul Crowley14c8c072018-09-18 13:30:21 -07001378 /* Initialize the decryption engine */
1379 EVP_CIPHER_CTX_init(&d_ctx);
1380 if (!EVP_DecryptInit_ex(&d_ctx, EVP_aes_128_cbc(), NULL, ikey,
1381 ikey + INTERMEDIATE_KEY_LEN_BYTES)) {
1382 return -1;
1383 }
1384 EVP_CIPHER_CTX_set_padding(&d_ctx, 0); /* Turn off padding as our data is block aligned */
1385 /* Decrypt the master key */
1386 if (!EVP_DecryptUpdate(&d_ctx, decrypted_master_key, &decrypted_len, encrypted_master_key,
1387 keysize)) {
1388 return -1;
1389 }
1390 if (!EVP_DecryptFinal_ex(&d_ctx, decrypted_master_key + decrypted_len, &final_len)) {
1391 return -1;
1392 }
Thurston Hou Yeen Dang06dc3112016-07-18 14:16:37 -07001393
Paul Crowley14c8c072018-09-18 13:30:21 -07001394 if (decrypted_len + final_len != static_cast<int>(keysize)) {
1395 return -1;
1396 }
1397
1398 /* Copy intermediate key if needed by params */
1399 if (intermediate_key && intermediate_key_size) {
1400 *intermediate_key = (unsigned char*)malloc(INTERMEDIATE_KEY_LEN_BYTES);
1401 if (*intermediate_key) {
1402 memcpy(*intermediate_key, ikey, INTERMEDIATE_KEY_LEN_BYTES);
1403 *intermediate_key_size = INTERMEDIATE_KEY_LEN_BYTES;
1404 }
1405 }
1406
1407 EVP_CIPHER_CTX_cleanup(&d_ctx);
1408
1409 return 0;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001410}
1411
Paul Crowley14c8c072018-09-18 13:30:21 -07001412static void get_kdf_func(struct crypt_mnt_ftr* ftr, kdf_func* kdf, void** kdf_params) {
Paul Lawrencedb3730c2015-02-03 13:08:10 -08001413 if (ftr->kdf_type == KDF_SCRYPT_KEYMASTER) {
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001414 *kdf = scrypt_keymaster;
1415 *kdf_params = ftr;
1416 } else if (ftr->kdf_type == KDF_SCRYPT) {
Kenny Rootc4c70f12013-06-14 12:11:38 -07001417 *kdf = scrypt;
1418 *kdf_params = ftr;
1419 } else {
1420 *kdf = pbkdf2;
1421 *kdf_params = NULL;
1422 }
1423}
1424
Paul Crowley14c8c072018-09-18 13:30:21 -07001425static int decrypt_master_key(const char* passwd, unsigned char* decrypted_master_key,
1426 struct crypt_mnt_ftr* crypt_ftr, unsigned char** intermediate_key,
1427 size_t* intermediate_key_size) {
Kenny Rootc4c70f12013-06-14 12:11:38 -07001428 kdf_func kdf;
Paul Crowley14c8c072018-09-18 13:30:21 -07001429 void* kdf_params;
Kenny Rootc4c70f12013-06-14 12:11:38 -07001430 int ret;
1431
1432 get_kdf_func(crypt_ftr, &kdf, &kdf_params);
Paul Crowley14c8c072018-09-18 13:30:21 -07001433 ret = decrypt_master_key_aux(passwd, crypt_ftr->salt, crypt_ftr->master_key, crypt_ftr->keysize,
1434 decrypted_master_key, kdf, kdf_params, intermediate_key,
1435 intermediate_key_size);
Kenny Rootc4c70f12013-06-14 12:11:38 -07001436 if (ret != 0) {
1437 SLOGW("failure decrypting master key");
Kenny Rootc4c70f12013-06-14 12:11:38 -07001438 }
1439
1440 return ret;
1441}
1442
Paul Crowley14c8c072018-09-18 13:30:21 -07001443static int create_encrypted_random_key(const char* passwd, unsigned char* master_key,
1444 unsigned char* salt, struct crypt_mnt_ftr* crypt_ftr) {
Greg Kaiser59ad0182018-02-16 13:01:36 -08001445 unsigned char key_buf[MAX_KEY_LEN];
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001446
Eric Biggers3a2f7db2019-01-16 13:05:34 -08001447 /* Get some random bits for a key and salt */
1448 if (android::vold::ReadRandomBytes(sizeof(key_buf), reinterpret_cast<char*>(key_buf)) != 0) {
1449 return -1;
1450 }
1451 if (android::vold::ReadRandomBytes(SALT_LEN, reinterpret_cast<char*>(salt)) != 0) {
1452 return -1;
1453 }
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001454
1455 /* Now encrypt it with the password */
Kenny Rootc4c70f12013-06-14 12:11:38 -07001456 return encrypt_master_key(passwd, salt, key_buf, master_key, crypt_ftr);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001457}
1458
Paul Crowley14c8c072018-09-18 13:30:21 -07001459int wait_and_unmount(const char* mountpoint, bool kill) {
Greg Hackmann955653e2014-09-24 14:55:20 -07001460 int i, err, rc;
Ken Sumrall2eaf7132011-01-14 12:45:48 -08001461#define WAIT_UNMOUNT_COUNT 20
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001462
1463 /* Now umount the tmpfs filesystem */
Paul Crowley14c8c072018-09-18 13:30:21 -07001464 for (i = 0; i < WAIT_UNMOUNT_COUNT; i++) {
Greg Hackmann6e8440f2014-10-02 17:18:20 -07001465 if (umount(mountpoint) == 0) {
1466 break;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001467 }
Greg Hackmann6e8440f2014-10-02 17:18:20 -07001468
1469 if (errno == EINVAL) {
1470 /* EINVAL is returned if the directory is not a mountpoint,
1471 * i.e. there is no filesystem mounted there. So just get out.
1472 */
1473 break;
1474 }
1475
1476 err = errno;
1477
1478 /* If allowed, be increasingly aggressive before the last two retries */
1479 if (kill) {
1480 if (i == (WAIT_UNMOUNT_COUNT - 3)) {
1481 SLOGW("sending SIGHUP to processes with open files\n");
Jeff Sharkey3472e522017-10-06 18:02:53 -06001482 android::vold::KillProcessesWithOpenFiles(mountpoint, SIGTERM);
Greg Hackmann6e8440f2014-10-02 17:18:20 -07001483 } else if (i == (WAIT_UNMOUNT_COUNT - 2)) {
1484 SLOGW("sending SIGKILL to processes with open files\n");
Jeff Sharkey3472e522017-10-06 18:02:53 -06001485 android::vold::KillProcessesWithOpenFiles(mountpoint, SIGKILL);
Greg Hackmann6e8440f2014-10-02 17:18:20 -07001486 }
1487 }
1488
1489 sleep(1);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001490 }
1491
1492 if (i < WAIT_UNMOUNT_COUNT) {
Paul Crowley14c8c072018-09-18 13:30:21 -07001493 SLOGD("unmounting %s succeeded\n", mountpoint);
1494 rc = 0;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001495 } else {
Paul Crowley14c8c072018-09-18 13:30:21 -07001496 android::vold::KillProcessesWithOpenFiles(mountpoint, 0);
1497 SLOGE("unmounting %s failed: %s\n", mountpoint, strerror(err));
1498 rc = -1;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001499 }
1500
1501 return rc;
1502}
1503
Paul Crowley14c8c072018-09-18 13:30:21 -07001504static void prep_data_fs(void) {
Jeff Sharkey47695b22016-02-01 17:02:29 -07001505 // NOTE: post_fs_data results in init calling back around to vold, so all
1506 // callers to this method must be async
1507
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001508 /* Do the prep of the /data filesystem */
1509 property_set("vold.post_fs_data_done", "0");
1510 property_set("vold.decrypt", "trigger_post_fs_data");
Wei Wang42e38102017-06-07 10:46:12 -07001511 SLOGD("Just triggered post_fs_data");
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001512
Ken Sumrallc5872692013-05-14 15:26:31 -07001513 /* Wait a max of 50 seconds, hopefully it takes much less */
Paul Crowley14c8c072018-09-18 13:30:21 -07001514 while (!android::base::WaitForProperty("vold.post_fs_data_done", "1", std::chrono::seconds(15))) {
Wei Wang42e38102017-06-07 10:46:12 -07001515 /* We timed out to prep /data in time. Continue wait. */
1516 SLOGE("waited 15s for vold.post_fs_data_done, still waiting...");
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001517 }
Wei Wang42e38102017-06-07 10:46:12 -07001518 SLOGD("post_fs_data done");
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001519}
1520
Paul Crowley14c8c072018-09-18 13:30:21 -07001521static void cryptfs_set_corrupt() {
Paul Lawrence74f29f12014-08-28 15:54:10 -07001522 // Mark the footer as bad
1523 struct crypt_mnt_ftr crypt_ftr;
1524 if (get_crypt_ftr_and_key(&crypt_ftr)) {
1525 SLOGE("Failed to get crypto footer - panic");
1526 return;
1527 }
1528
1529 crypt_ftr.flags |= CRYPT_DATA_CORRUPT;
1530 if (put_crypt_ftr_and_key(&crypt_ftr)) {
1531 SLOGE("Failed to set crypto footer - panic");
1532 return;
1533 }
1534}
1535
Paul Crowley14c8c072018-09-18 13:30:21 -07001536static void cryptfs_trigger_restart_min_framework() {
Paul Lawrence74f29f12014-08-28 15:54:10 -07001537 if (fs_mgr_do_tmpfs_mount(DATA_MNT_POINT)) {
Paul Crowley14c8c072018-09-18 13:30:21 -07001538 SLOGE("Failed to mount tmpfs on data - panic");
1539 return;
Paul Lawrence74f29f12014-08-28 15:54:10 -07001540 }
1541
1542 if (property_set("vold.decrypt", "trigger_post_fs_data")) {
1543 SLOGE("Failed to trigger post fs data - panic");
1544 return;
1545 }
1546
1547 if (property_set("vold.decrypt", "trigger_restart_min_framework")) {
1548 SLOGE("Failed to trigger restart min framework - panic");
1549 return;
1550 }
1551}
1552
Paul Lawrence8e3f4512014-09-08 10:11:17 -07001553/* returns < 0 on failure */
Paul Crowley14c8c072018-09-18 13:30:21 -07001554static int cryptfs_restart_internal(int restart_main) {
Ken Sumrall6864b7e2011-01-14 15:20:02 -08001555 char crypto_blkdev[MAXPATHLEN];
Tim Murray8439dc92014-12-15 11:56:11 -08001556 int rc = -1;
Ken Sumrall0cc16632011-01-18 20:32:26 -08001557 static int restart_successful = 0;
1558
1559 /* Validate that it's OK to call this routine */
Paul Crowley14c8c072018-09-18 13:30:21 -07001560 if (!master_key_saved) {
Ken Sumrall0cc16632011-01-18 20:32:26 -08001561 SLOGE("Encrypted filesystem not validated, aborting");
1562 return -1;
1563 }
1564
1565 if (restart_successful) {
1566 SLOGE("System already restarted with encrypted disk, aborting");
1567 return -1;
1568 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001569
Paul Lawrencef4faa572014-01-29 13:31:03 -08001570 if (restart_main) {
1571 /* Here is where we shut down the framework. The init scripts
Martijn Coenenaec7a0a2019-04-24 10:41:11 +02001572 * start all services in one of these classes: core, early_hal, hal,
1573 * main and late_start. To get to the minimal UI for PIN entry, we
1574 * need to start core, early_hal, hal and main. When we want to
1575 * shutdown the framework again, we need to stop most of the services in
1576 * these classes, but only those services that were started after
1577 * /data was mounted. This excludes critical services like vold and
1578 * ueventd, which need to keep running. We could possible stop
1579 * even fewer services, but because we want services to pick up APEX
1580 * libraries from the real /data, restarting is better, as it makes
1581 * these devices consistent with FBE devices and lets them use the
1582 * most recent code.
1583 *
1584 * Once these services have stopped, we should be able
Paul Lawrencef4faa572014-01-29 13:31:03 -08001585 * to umount the tmpfs /data, then mount the encrypted /data.
Martijn Coenenaec7a0a2019-04-24 10:41:11 +02001586 * We then restart the class core, hal, main, and also the class
1587 * late_start.
1588 *
Paul Lawrencef4faa572014-01-29 13:31:03 -08001589 * At the moment, I've only put a few things in late_start that I know
1590 * are not needed to bring up the framework, and that also cause problems
1591 * with unmounting the tmpfs /data, but I hope to add add more services
1592 * to the late_start class as we optimize this to decrease the delay
1593 * till the user is asked for the password to the filesystem.
1594 */
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001595
Martijn Coenenaec7a0a2019-04-24 10:41:11 +02001596 /* The init files are setup to stop the right set of services when
1597 * vold.decrypt is set to trigger_shutdown_framework.
Paul Lawrencef4faa572014-01-29 13:31:03 -08001598 */
Martijn Coenenaec7a0a2019-04-24 10:41:11 +02001599 property_set("vold.decrypt", "trigger_shutdown_framework");
Paul Lawrencef4faa572014-01-29 13:31:03 -08001600 SLOGD("Just asked init to shut down class main\n");
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001601
Paul Lawrencef4faa572014-01-29 13:31:03 -08001602 /* Ugh, shutting down the framework is not synchronous, so until it
1603 * can be fixed, this horrible hack will wait a moment for it all to
1604 * shut down before proceeding. Without it, some devices cannot
1605 * restart the graphics services.
1606 */
1607 sleep(2);
1608 }
Ken Sumrall9dedfd42012-10-09 14:16:59 -07001609
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001610 /* Now that the framework is shutdown, we should be able to umount()
1611 * the tmpfs filesystem, and mount the real one.
1612 */
1613
Ken Sumrall6864b7e2011-01-14 15:20:02 -08001614 property_get("ro.crypto.fs_crypto_blkdev", crypto_blkdev, "");
1615 if (strlen(crypto_blkdev) == 0) {
1616 SLOGE("fs_crypto_blkdev not set\n");
1617 return -1;
1618 }
1619
Paul Crowley14c8c072018-09-18 13:30:21 -07001620 if (!(rc = wait_and_unmount(DATA_MNT_POINT, true))) {
Doug Zongker6fd57712013-12-17 09:43:23 -08001621 /* If ro.crypto.readonly is set to 1, mount the decrypted
1622 * filesystem readonly. This is used when /data is mounted by
1623 * recovery mode.
1624 */
1625 char ro_prop[PROPERTY_VALUE_MAX];
1626 property_get("ro.crypto.readonly", ro_prop, "");
Jeff Sharkey95440eb2017-09-18 18:19:28 -06001627 if (strlen(ro_prop) > 0 && std::stoi(ro_prop)) {
Tom Cherry4c5bde22019-01-29 14:34:01 -08001628 auto entry = GetEntryForMountPoint(&fstab_default, DATA_MNT_POINT);
1629 if (entry != nullptr) {
1630 entry->flags |= MS_RDONLY;
Luis Hector Chavezbbb512d2018-05-30 15:47:50 -07001631 }
Doug Zongker6fd57712013-12-17 09:43:23 -08001632 }
JP Abgrall62c7af32014-06-16 13:01:23 -07001633
Ken Sumralle5032c42012-04-01 23:58:44 -07001634 /* If that succeeded, then mount the decrypted filesystem */
Paul Lawrence8e3f4512014-09-08 10:11:17 -07001635 int retries = RETRY_MOUNT_ATTEMPTS;
1636 int mount_rc;
Jeff Vander Stoepdf725752016-01-29 15:34:43 -08001637
1638 /*
1639 * fs_mgr_do_mount runs fsck. Use setexeccon to run trusted
1640 * partitions in the fsck domain.
1641 */
LongPing Wei7f3ab952019-01-30 16:03:14 +08001642 if (setexeccon(android::vold::sFsckContext)) {
Jeff Vander Stoepdf725752016-01-29 15:34:43 -08001643 SLOGE("Failed to setexeccon");
1644 return -1;
1645 }
Daniel Rosenberg65f99c92018-08-28 01:58:49 -07001646 bool needs_cp = android::vold::cp_needsCheckpoint();
Tom Cherry4c5bde22019-01-29 14:34:01 -08001647 while ((mount_rc = fs_mgr_do_mount(&fstab_default, DATA_MNT_POINT, crypto_blkdev, 0,
Daniel Rosenberg65f99c92018-08-28 01:58:49 -07001648 needs_cp)) != 0) {
Paul Lawrence8e3f4512014-09-08 10:11:17 -07001649 if (mount_rc == FS_MGR_DOMNT_BUSY) {
1650 /* TODO: invoke something similar to
1651 Process::killProcessWithOpenFiles(DATA_MNT_POINT,
1652 retries > RETRY_MOUNT_ATTEMPT/2 ? 1 : 2 ) */
Paul Crowley14c8c072018-09-18 13:30:21 -07001653 SLOGI("Failed to mount %s because it is busy - waiting", crypto_blkdev);
Paul Lawrence8e3f4512014-09-08 10:11:17 -07001654 if (--retries) {
1655 sleep(RETRY_MOUNT_DELAY_SECONDS);
1656 } else {
1657 /* Let's hope that a reboot clears away whatever is keeping
1658 the mount busy */
Josh Gaofec44372017-08-28 13:22:55 -07001659 cryptfs_reboot(RebootType::reboot);
Paul Lawrence8e3f4512014-09-08 10:11:17 -07001660 }
1661 } else {
1662 SLOGE("Failed to mount decrypted data");
1663 cryptfs_set_corrupt();
1664 cryptfs_trigger_restart_min_framework();
1665 SLOGI("Started framework to offer wipe");
Jeff Vander Stoepdf725752016-01-29 15:34:43 -08001666 if (setexeccon(NULL)) {
1667 SLOGE("Failed to setexeccon");
1668 }
Paul Lawrence8e3f4512014-09-08 10:11:17 -07001669 return -1;
1670 }
Paul Lawrence74f29f12014-08-28 15:54:10 -07001671 }
Jeff Vander Stoepdf725752016-01-29 15:34:43 -08001672 if (setexeccon(NULL)) {
1673 SLOGE("Failed to setexeccon");
1674 return -1;
1675 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001676
Ken Sumralle5032c42012-04-01 23:58:44 -07001677 /* Create necessary paths on /data */
Wei Wang42e38102017-06-07 10:46:12 -07001678 prep_data_fs();
Seigo Nonakae2ef0c02016-06-20 17:05:40 +09001679 property_set("vold.decrypt", "trigger_load_persist_props");
Ken Sumralle5032c42012-04-01 23:58:44 -07001680
1681 /* startup service classes main and late_start */
1682 property_set("vold.decrypt", "trigger_restart_framework");
1683 SLOGD("Just triggered restart_framework\n");
1684
1685 /* Give it a few moments to get started */
1686 sleep(1);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001687 }
1688
Ken Sumrall0cc16632011-01-18 20:32:26 -08001689 if (rc == 0) {
1690 restart_successful = 1;
1691 }
1692
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001693 return rc;
1694}
1695
Paul Crowley14c8c072018-09-18 13:30:21 -07001696int cryptfs_restart(void) {
Paul Lawrence05335c32015-03-05 09:46:23 -08001697 SLOGI("cryptfs_restart");
Eric Biggersa701c452018-10-23 13:06:55 -07001698 if (fscrypt_is_native()) {
Paul Lawrence7b6b5652016-02-02 11:14:59 -08001699 SLOGE("cryptfs_restart not valid for file encryption:");
1700 return -1;
Paul Lawrence05335c32015-03-05 09:46:23 -08001701 }
1702
Paul Lawrencef4faa572014-01-29 13:31:03 -08001703 /* Call internal implementation forcing a restart of main service group */
1704 return cryptfs_restart_internal(1);
1705}
1706
Paul Crowley14c8c072018-09-18 13:30:21 -07001707static int do_crypto_complete(const char* mount_point) {
1708 struct crypt_mnt_ftr crypt_ftr;
1709 char encrypted_state[PROPERTY_VALUE_MAX];
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08001710
Paul Crowley14c8c072018-09-18 13:30:21 -07001711 property_get("ro.crypto.state", encrypted_state, "");
1712 if (strcmp(encrypted_state, "encrypted")) {
1713 SLOGE("not running with encryption, aborting");
1714 return CRYPTO_COMPLETE_NOT_ENCRYPTED;
Ken Sumralle1a45852011-12-14 21:24:27 -08001715 }
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08001716
Paul Crowley14c8c072018-09-18 13:30:21 -07001717 // crypto_complete is full disk encrypted status
Eric Biggersa701c452018-10-23 13:06:55 -07001718 if (fscrypt_is_native()) {
Paul Crowley14c8c072018-09-18 13:30:21 -07001719 return CRYPTO_COMPLETE_NOT_ENCRYPTED;
1720 }
Paul Lawrence74f29f12014-08-28 15:54:10 -07001721
Paul Crowley14c8c072018-09-18 13:30:21 -07001722 if (get_crypt_ftr_and_key(&crypt_ftr)) {
Tom Cherry4c5bde22019-01-29 14:34:01 -08001723 std::string key_loc;
1724 get_crypt_info(&key_loc, nullptr);
Paul Lawrence74f29f12014-08-28 15:54:10 -07001725
Paul Crowley14c8c072018-09-18 13:30:21 -07001726 /*
1727 * Only report this error if key_loc is a file and it exists.
1728 * If the device was never encrypted, and /data is not mountable for
1729 * some reason, returning 1 should prevent the UI from presenting the
1730 * a "enter password" screen, or worse, a "press button to wipe the
1731 * device" screen.
1732 */
Tom Cherry4c5bde22019-01-29 14:34:01 -08001733 if (!key_loc.empty() && key_loc[0] == '/' && (access("key_loc", F_OK) == -1)) {
Paul Crowley14c8c072018-09-18 13:30:21 -07001734 SLOGE("master key file does not exist, aborting");
1735 return CRYPTO_COMPLETE_NOT_ENCRYPTED;
1736 } else {
1737 SLOGE("Error getting crypt footer and key\n");
1738 return CRYPTO_COMPLETE_BAD_METADATA;
1739 }
1740 }
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08001741
Paul Crowley14c8c072018-09-18 13:30:21 -07001742 // Test for possible error flags
1743 if (crypt_ftr.flags & CRYPT_ENCRYPTION_IN_PROGRESS) {
1744 SLOGE("Encryption process is partway completed\n");
1745 return CRYPTO_COMPLETE_PARTIAL;
1746 }
1747
1748 if (crypt_ftr.flags & CRYPT_INCONSISTENT_STATE) {
1749 SLOGE("Encryption process was interrupted but cannot continue\n");
1750 return CRYPTO_COMPLETE_INCONSISTENT;
1751 }
1752
1753 if (crypt_ftr.flags & CRYPT_DATA_CORRUPT) {
1754 SLOGE("Encryption is successful but data is corrupt\n");
1755 return CRYPTO_COMPLETE_CORRUPT;
1756 }
1757
1758 /* We passed the test! We shall diminish, and return to the west */
1759 return CRYPTO_COMPLETE_ENCRYPTED;
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08001760}
1761
Paul Crowley14c8c072018-09-18 13:30:21 -07001762static int test_mount_encrypted_fs(struct crypt_mnt_ftr* crypt_ftr, const char* passwd,
1763 const char* mount_point, const char* label) {
1764 unsigned char decrypted_master_key[MAX_KEY_LEN];
1765 char crypto_blkdev[MAXPATHLEN];
Tom Cherry4c5bde22019-01-29 14:34:01 -08001766 std::string real_blkdev;
Paul Crowley14c8c072018-09-18 13:30:21 -07001767 char tmp_mount_point[64];
1768 unsigned int orig_failed_decrypt_count;
1769 int rc;
1770 int use_keymaster = 0;
1771 int upgrade = 0;
1772 unsigned char* intermediate_key = 0;
1773 size_t intermediate_key_size = 0;
1774 int N = 1 << crypt_ftr->N_factor;
1775 int r = 1 << crypt_ftr->r_factor;
1776 int p = 1 << crypt_ftr->p_factor;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001777
Paul Crowley14c8c072018-09-18 13:30:21 -07001778 SLOGD("crypt_ftr->fs_size = %lld\n", crypt_ftr->fs_size);
1779 orig_failed_decrypt_count = crypt_ftr->failed_decrypt_count;
Ken Sumrall0cc16632011-01-18 20:32:26 -08001780
Paul Crowley14c8c072018-09-18 13:30:21 -07001781 if (!(crypt_ftr->flags & CRYPT_MNT_KEY_UNENCRYPTED)) {
1782 if (decrypt_master_key(passwd, decrypted_master_key, crypt_ftr, &intermediate_key,
1783 &intermediate_key_size)) {
1784 SLOGE("Failed to decrypt master key\n");
1785 rc = -1;
1786 goto errout;
1787 }
JP Abgrall7bdfa522013-11-15 13:42:56 -08001788 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001789
Tom Cherry4c5bde22019-01-29 14:34:01 -08001790 get_crypt_info(nullptr, &real_blkdev);
Paul Lawrencef4faa572014-01-29 13:31:03 -08001791
Paul Crowley14c8c072018-09-18 13:30:21 -07001792 // Create crypto block device - all (non fatal) code paths
1793 // need it
Tom Cherry4c5bde22019-01-29 14:34:01 -08001794 if (create_crypto_blk_dev(crypt_ftr, decrypted_master_key, real_blkdev.c_str(), crypto_blkdev,
1795 label, 0)) {
Paul Crowley14c8c072018-09-18 13:30:21 -07001796 SLOGE("Error creating decrypted block device\n");
1797 rc = -1;
1798 goto errout;
1799 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001800
Paul Crowley14c8c072018-09-18 13:30:21 -07001801 /* Work out if the problem is the password or the data */
1802 unsigned char scrypted_intermediate_key[sizeof(crypt_ftr->scrypted_intermediate_key)];
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001803
Paul Crowley14c8c072018-09-18 13:30:21 -07001804 rc = crypto_scrypt(intermediate_key, intermediate_key_size, crypt_ftr->salt,
1805 sizeof(crypt_ftr->salt), N, r, p, scrypted_intermediate_key,
1806 sizeof(scrypted_intermediate_key));
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001807
Paul Crowley14c8c072018-09-18 13:30:21 -07001808 // Does the key match the crypto footer?
1809 if (rc == 0 && memcmp(scrypted_intermediate_key, crypt_ftr->scrypted_intermediate_key,
1810 sizeof(scrypted_intermediate_key)) == 0) {
1811 SLOGI("Password matches");
1812 rc = 0;
Paul Lawrence74f29f12014-08-28 15:54:10 -07001813 } else {
Paul Crowley14c8c072018-09-18 13:30:21 -07001814 /* Try mounting the file system anyway, just in case the problem's with
1815 * the footer, not the key. */
1816 snprintf(tmp_mount_point, sizeof(tmp_mount_point), "%s/tmp_mnt", mount_point);
1817 mkdir(tmp_mount_point, 0755);
Tom Cherry4c5bde22019-01-29 14:34:01 -08001818 if (fs_mgr_do_mount(&fstab_default, DATA_MNT_POINT, crypto_blkdev, tmp_mount_point)) {
Paul Crowley14c8c072018-09-18 13:30:21 -07001819 SLOGE("Error temp mounting decrypted block device\n");
1820 delete_crypto_blk_dev(label);
Paul Lawrence74f29f12014-08-28 15:54:10 -07001821
Paul Crowley14c8c072018-09-18 13:30:21 -07001822 rc = ++crypt_ftr->failed_decrypt_count;
1823 put_crypt_ftr_and_key(crypt_ftr);
1824 } else {
1825 /* Success! */
1826 SLOGI("Password did not match but decrypted drive mounted - continue");
1827 umount(tmp_mount_point);
1828 rc = 0;
Paul Lawrenceb2f682b2014-09-08 11:28:19 -07001829 }
JP Abgrall7bdfa522013-11-15 13:42:56 -08001830 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001831
Paul Crowley14c8c072018-09-18 13:30:21 -07001832 if (rc == 0) {
1833 crypt_ftr->failed_decrypt_count = 0;
1834 if (orig_failed_decrypt_count != 0) {
1835 put_crypt_ftr_and_key(crypt_ftr);
1836 }
1837
1838 /* Save the name of the crypto block device
1839 * so we can mount it when restarting the framework. */
1840 property_set("ro.crypto.fs_crypto_blkdev", crypto_blkdev);
1841
1842 /* Also save a the master key so we can reencrypted the key
1843 * the key when we want to change the password on it. */
1844 memcpy(saved_master_key, decrypted_master_key, crypt_ftr->keysize);
1845 saved_mount_point = strdup(mount_point);
1846 master_key_saved = 1;
1847 SLOGD("%s(): Master key saved\n", __FUNCTION__);
1848 rc = 0;
1849
1850 // Upgrade if we're not using the latest KDF.
1851 use_keymaster = keymaster_check_compatibility();
1852 if (crypt_ftr->kdf_type == KDF_SCRYPT_KEYMASTER) {
1853 // Don't allow downgrade
1854 } else if (use_keymaster == 1 && crypt_ftr->kdf_type != KDF_SCRYPT_KEYMASTER) {
1855 crypt_ftr->kdf_type = KDF_SCRYPT_KEYMASTER;
1856 upgrade = 1;
1857 } else if (use_keymaster == 0 && crypt_ftr->kdf_type != KDF_SCRYPT) {
1858 crypt_ftr->kdf_type = KDF_SCRYPT;
1859 upgrade = 1;
1860 }
1861
1862 if (upgrade) {
1863 rc = encrypt_master_key(passwd, crypt_ftr->salt, saved_master_key,
1864 crypt_ftr->master_key, crypt_ftr);
1865 if (!rc) {
1866 rc = put_crypt_ftr_and_key(crypt_ftr);
1867 }
1868 SLOGD("Key Derivation Function upgrade: rc=%d\n", rc);
1869
1870 // Do not fail even if upgrade failed - machine is bootable
1871 // Note that if this code is ever hit, there is a *serious* problem
1872 // since KDFs should never fail. You *must* fix the kdf before
1873 // proceeding!
1874 if (rc) {
1875 SLOGW(
1876 "Upgrade failed with error %d,"
1877 " but continuing with previous state",
1878 rc);
1879 rc = 0;
1880 }
1881 }
1882 }
1883
1884errout:
1885 if (intermediate_key) {
1886 memset(intermediate_key, 0, intermediate_key_size);
1887 free(intermediate_key);
1888 }
1889 return rc;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001890}
1891
Ken Sumrall29d8da82011-05-18 17:20:07 -07001892/*
Jeff Sharkey9c484982015-03-31 10:35:33 -07001893 * Called by vold when it's asked to mount an encrypted external
1894 * storage volume. The incoming partition has no crypto header/footer,
Greg Kaiser57f9af62018-02-16 13:13:58 -08001895 * as any metadata is been stored in a separate, small partition. We
1896 * assume it must be using our same crypt type and keysize.
Jeff Sharkey9c484982015-03-31 10:35:33 -07001897 *
1898 * out_crypto_blkdev must be MAXPATHLEN.
Ken Sumrall29d8da82011-05-18 17:20:07 -07001899 */
Paul Crowley14c8c072018-09-18 13:30:21 -07001900int cryptfs_setup_ext_volume(const char* label, const char* real_blkdev, const unsigned char* key,
1901 char* out_crypto_blkdev) {
Oleksiy Avramchenko625dc782018-05-23 10:50:46 +02001902 uint64_t nr_sec = 0;
1903 if (android::vold::GetBlockDev512Sectors(real_blkdev, &nr_sec) != android::OK) {
Jeff Sharkey9c484982015-03-31 10:35:33 -07001904 SLOGE("Failed to get size of %s: %s", real_blkdev, strerror(errno));
Ken Sumrall29d8da82011-05-18 17:20:07 -07001905 return -1;
1906 }
1907
Jeff Sharkey9c484982015-03-31 10:35:33 -07001908 struct crypt_mnt_ftr ext_crypt_ftr;
1909 memset(&ext_crypt_ftr, 0, sizeof(ext_crypt_ftr));
1910 ext_crypt_ftr.fs_size = nr_sec;
Greg Kaiser57f9af62018-02-16 13:13:58 -08001911 ext_crypt_ftr.keysize = cryptfs_get_keysize();
Paul Crowley14c8c072018-09-18 13:30:21 -07001912 strlcpy((char*)ext_crypt_ftr.crypto_type_name, cryptfs_get_crypto_name(),
Jeff Sharkey32ebb732017-03-27 16:18:50 -06001913 MAX_CRYPTO_TYPE_NAME_LEN);
Paul Crowley385cb8c2018-03-29 13:27:23 -07001914 uint32_t flags = 0;
Eric Biggersa701c452018-10-23 13:06:55 -07001915 if (fscrypt_is_native() &&
Paul Crowley385cb8c2018-03-29 13:27:23 -07001916 android::base::GetBoolProperty("ro.crypto.allow_encrypt_override", false))
1917 flags |= CREATE_CRYPTO_BLK_DEV_FLAGS_ALLOW_ENCRYPT_OVERRIDE;
Ken Sumrall29d8da82011-05-18 17:20:07 -07001918
Paul Crowley385cb8c2018-03-29 13:27:23 -07001919 return create_crypto_blk_dev(&ext_crypt_ftr, key, real_blkdev, out_crypto_blkdev, label, flags);
Jeff Sharkey9c484982015-03-31 10:35:33 -07001920}
Ken Sumrall29d8da82011-05-18 17:20:07 -07001921
Jeff Sharkey9c484982015-03-31 10:35:33 -07001922/*
1923 * Called by vold when it's asked to unmount an encrypted external
1924 * storage volume.
1925 */
1926int cryptfs_revert_ext_volume(const char* label) {
Paul Crowley14c8c072018-09-18 13:30:21 -07001927 return delete_crypto_blk_dev((char*)label);
Ken Sumrall29d8da82011-05-18 17:20:07 -07001928}
1929
Paul Crowley14c8c072018-09-18 13:30:21 -07001930int cryptfs_crypto_complete(void) {
1931 return do_crypto_complete("/data");
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08001932}
1933
Paul Crowley14c8c072018-09-18 13:30:21 -07001934int check_unmounted_and_get_ftr(struct crypt_mnt_ftr* crypt_ftr) {
Paul Lawrencef4faa572014-01-29 13:31:03 -08001935 char encrypted_state[PROPERTY_VALUE_MAX];
1936 property_get("ro.crypto.state", encrypted_state, "");
Paul Crowley14c8c072018-09-18 13:30:21 -07001937 if (master_key_saved || strcmp(encrypted_state, "encrypted")) {
1938 SLOGE(
1939 "encrypted fs already validated or not running with encryption,"
1940 " aborting");
Paul Lawrencef4faa572014-01-29 13:31:03 -08001941 return -1;
1942 }
1943
1944 if (get_crypt_ftr_and_key(crypt_ftr)) {
1945 SLOGE("Error getting crypt footer and key");
1946 return -1;
1947 }
1948
1949 return 0;
1950}
1951
Paul Crowley14c8c072018-09-18 13:30:21 -07001952int cryptfs_check_passwd(const char* passwd) {
Paul Lawrence05335c32015-03-05 09:46:23 -08001953 SLOGI("cryptfs_check_passwd");
Eric Biggersa701c452018-10-23 13:06:55 -07001954 if (fscrypt_is_native()) {
Paul Lawrence7b6b5652016-02-02 11:14:59 -08001955 SLOGE("cryptfs_check_passwd not valid for file encryption");
1956 return -1;
Paul Lawrence05335c32015-03-05 09:46:23 -08001957 }
1958
Paul Lawrencef4faa572014-01-29 13:31:03 -08001959 struct crypt_mnt_ftr crypt_ftr;
1960 int rc;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001961
Paul Lawrencef4faa572014-01-29 13:31:03 -08001962 rc = check_unmounted_and_get_ftr(&crypt_ftr);
Paul Lawrence3d99eba2015-11-20 07:07:19 -08001963 if (rc) {
1964 SLOGE("Could not get footer");
Paul Lawrencef4faa572014-01-29 13:31:03 -08001965 return rc;
Paul Lawrence3d99eba2015-11-20 07:07:19 -08001966 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001967
Paul Crowley14c8c072018-09-18 13:30:21 -07001968 rc = test_mount_encrypted_fs(&crypt_ftr, passwd, DATA_MNT_POINT, CRYPTO_BLOCK_DEVICE);
Paul Lawrence3d99eba2015-11-20 07:07:19 -08001969 if (rc) {
1970 SLOGE("Password did not match");
1971 return rc;
1972 }
Paul Lawrence684dbdf2014-02-07 12:07:22 -08001973
Paul Lawrence3d99eba2015-11-20 07:07:19 -08001974 if (crypt_ftr.flags & CRYPT_FORCE_COMPLETE) {
1975 // Here we have a default actual password but a real password
1976 // we must test against the scrypted value
1977 // First, we must delete the crypto block device that
1978 // test_mount_encrypted_fs leaves behind as a side effect
1979 delete_crypto_blk_dev(CRYPTO_BLOCK_DEVICE);
Paul Crowley14c8c072018-09-18 13:30:21 -07001980 rc = test_mount_encrypted_fs(&crypt_ftr, DEFAULT_PASSWORD, DATA_MNT_POINT,
1981 CRYPTO_BLOCK_DEVICE);
Paul Lawrence3d99eba2015-11-20 07:07:19 -08001982 if (rc) {
1983 SLOGE("Default password did not match on reboot encryption");
1984 return rc;
1985 }
1986
1987 crypt_ftr.flags &= ~CRYPT_FORCE_COMPLETE;
1988 put_crypt_ftr_and_key(&crypt_ftr);
1989 rc = cryptfs_changepw(crypt_ftr.crypt_type, passwd);
1990 if (rc) {
1991 SLOGE("Could not change password on reboot encryption");
1992 return rc;
1993 }
1994 }
1995
1996 if (crypt_ftr.crypt_type != CRYPT_TYPE_DEFAULT) {
Paul Lawrence399317e2014-03-10 13:20:50 -07001997 cryptfs_clear_password();
1998 password = strdup(passwd);
1999 struct timespec now;
2000 clock_gettime(CLOCK_BOOTTIME, &now);
2001 password_expiry_time = now.tv_sec + password_max_age_seconds;
Paul Lawrence684dbdf2014-02-07 12:07:22 -08002002 }
2003
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002004 return rc;
2005}
2006
Paul Crowley14c8c072018-09-18 13:30:21 -07002007int cryptfs_verify_passwd(const char* passwd) {
Ken Sumrall3ad90722011-10-04 20:38:29 -07002008 struct crypt_mnt_ftr crypt_ftr;
Greg Kaiser59ad0182018-02-16 13:01:36 -08002009 unsigned char decrypted_master_key[MAX_KEY_LEN];
Ken Sumrall3ad90722011-10-04 20:38:29 -07002010 char encrypted_state[PROPERTY_VALUE_MAX];
2011 int rc;
2012
2013 property_get("ro.crypto.state", encrypted_state, "");
Paul Crowley14c8c072018-09-18 13:30:21 -07002014 if (strcmp(encrypted_state, "encrypted")) {
Ken Sumrall3ad90722011-10-04 20:38:29 -07002015 SLOGE("device not encrypted, aborting");
2016 return -2;
2017 }
2018
2019 if (!master_key_saved) {
2020 SLOGE("encrypted fs not yet mounted, aborting");
2021 return -1;
2022 }
2023
2024 if (!saved_mount_point) {
2025 SLOGE("encrypted fs failed to save mount point, aborting");
2026 return -1;
2027 }
2028
Ken Sumrall160b4d62013-04-22 12:15:39 -07002029 if (get_crypt_ftr_and_key(&crypt_ftr)) {
Ken Sumrall3ad90722011-10-04 20:38:29 -07002030 SLOGE("Error getting crypt footer and key\n");
2031 return -1;
2032 }
2033
2034 if (crypt_ftr.flags & CRYPT_MNT_KEY_UNENCRYPTED) {
2035 /* If the device has no password, then just say the password is valid */
2036 rc = 0;
2037 } else {
Paul Lawrenced0c7b172014-08-08 14:28:10 -07002038 decrypt_master_key(passwd, decrypted_master_key, &crypt_ftr, 0, 0);
Ken Sumrall3ad90722011-10-04 20:38:29 -07002039 if (!memcmp(decrypted_master_key, saved_master_key, crypt_ftr.keysize)) {
2040 /* They match, the password is correct */
2041 rc = 0;
2042 } else {
2043 /* If incorrect, sleep for a bit to prevent dictionary attacks */
2044 sleep(1);
2045 rc = 1;
2046 }
2047 }
2048
2049 return rc;
2050}
2051
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002052/* Initialize a crypt_mnt_ftr structure. The keysize is
Greg Kaiser57f9af62018-02-16 13:13:58 -08002053 * defaulted to cryptfs_get_keysize() bytes, and the filesystem size to 0.
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002054 * Presumably, at a minimum, the caller will update the
2055 * filesystem size and crypto_type_name after calling this function.
2056 */
Paul Crowley14c8c072018-09-18 13:30:21 -07002057static int cryptfs_init_crypt_mnt_ftr(struct crypt_mnt_ftr* ftr) {
Ken Sumrall160b4d62013-04-22 12:15:39 -07002058 off64_t off;
2059
2060 memset(ftr, 0, sizeof(struct crypt_mnt_ftr));
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002061 ftr->magic = CRYPT_MNT_MAGIC;
Kenny Rootc96a5f82013-06-14 12:08:28 -07002062 ftr->major_version = CURRENT_MAJOR_VERSION;
2063 ftr->minor_version = CURRENT_MINOR_VERSION;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002064 ftr->ftr_size = sizeof(struct crypt_mnt_ftr);
Greg Kaiser57f9af62018-02-16 13:13:58 -08002065 ftr->keysize = cryptfs_get_keysize();
Ken Sumrall160b4d62013-04-22 12:15:39 -07002066
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07002067 switch (keymaster_check_compatibility()) {
Paul Crowley14c8c072018-09-18 13:30:21 -07002068 case 1:
2069 ftr->kdf_type = KDF_SCRYPT_KEYMASTER;
2070 break;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07002071
Paul Crowley14c8c072018-09-18 13:30:21 -07002072 case 0:
2073 ftr->kdf_type = KDF_SCRYPT;
2074 break;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07002075
Paul Crowley14c8c072018-09-18 13:30:21 -07002076 default:
2077 SLOGE("keymaster_check_compatibility failed");
2078 return -1;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07002079 }
2080
Kenny Rootc4c70f12013-06-14 12:11:38 -07002081 get_device_scrypt_params(ftr);
2082
Ken Sumrall160b4d62013-04-22 12:15:39 -07002083 ftr->persist_data_size = CRYPT_PERSIST_DATA_SIZE;
2084 if (get_crypt_ftr_info(NULL, &off) == 0) {
2085 ftr->persist_data_offset[0] = off + CRYPT_FOOTER_TO_PERSIST_OFFSET;
Paul Crowley14c8c072018-09-18 13:30:21 -07002086 ftr->persist_data_offset[1] = off + CRYPT_FOOTER_TO_PERSIST_OFFSET + ftr->persist_data_size;
Ken Sumrall160b4d62013-04-22 12:15:39 -07002087 }
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07002088
2089 return 0;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002090}
2091
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002092#define FRAMEWORK_BOOT_WAIT 60
2093
Paul Crowley14c8c072018-09-18 13:30:21 -07002094static int cryptfs_SHA256_fileblock(const char* filename, __le8* buf) {
2095 int fd = open(filename, O_RDONLY | O_CLOEXEC);
Paul Lawrence87999172014-02-20 12:21:31 -08002096 if (fd == -1) {
2097 SLOGE("Error opening file %s", filename);
2098 return -1;
2099 }
2100
2101 char block[CRYPT_INPLACE_BUFSIZE];
2102 memset(block, 0, sizeof(block));
2103 if (unix_read(fd, block, sizeof(block)) < 0) {
2104 SLOGE("Error reading file %s", filename);
2105 close(fd);
2106 return -1;
2107 }
2108
2109 close(fd);
2110
2111 SHA256_CTX c;
2112 SHA256_Init(&c);
2113 SHA256_Update(&c, block, sizeof(block));
2114 SHA256_Final(buf, &c);
2115
2116 return 0;
2117}
2118
Paul Lawrence7ee87cf2017-12-22 10:12:06 -08002119static int cryptfs_enable_all_volumes(struct crypt_mnt_ftr* crypt_ftr, char* crypto_blkdev,
2120 char* real_blkdev, int previously_encrypted_upto) {
Paul Crowley14c8c072018-09-18 13:30:21 -07002121 off64_t cur_encryption_done = 0, tot_encryption_size = 0;
Tim Murray8439dc92014-12-15 11:56:11 -08002122 int rc = -1;
Paul Lawrence87999172014-02-20 12:21:31 -08002123
Paul Lawrence87999172014-02-20 12:21:31 -08002124 /* The size of the userdata partition, and add in the vold volumes below */
2125 tot_encryption_size = crypt_ftr->fs_size;
2126
Paul Lawrence7ee87cf2017-12-22 10:12:06 -08002127 rc = cryptfs_enable_inplace(crypto_blkdev, real_blkdev, crypt_ftr->fs_size, &cur_encryption_done,
Paul Crowley0fd26262018-01-30 09:48:19 -08002128 tot_encryption_size, previously_encrypted_upto, true);
Paul Lawrence87999172014-02-20 12:21:31 -08002129
Paul Lawrence7ee87cf2017-12-22 10:12:06 -08002130 if (rc == ENABLE_INPLACE_ERR_DEV) {
2131 /* Hack for b/17898962 */
2132 SLOGE("cryptfs_enable: crypto block dev failure. Must reboot...\n");
2133 cryptfs_reboot(RebootType::reboot);
2134 }
JP Abgrall7fc1de82014-10-10 18:43:41 -07002135
Paul Lawrence7ee87cf2017-12-22 10:12:06 -08002136 if (!rc) {
2137 crypt_ftr->encrypted_upto = cur_encryption_done;
2138 }
Paul Lawrence87999172014-02-20 12:21:31 -08002139
Paul Lawrence7ee87cf2017-12-22 10:12:06 -08002140 if (!rc && crypt_ftr->encrypted_upto == crypt_ftr->fs_size) {
2141 /* The inplace routine never actually sets the progress to 100% due
2142 * to the round down nature of integer division, so set it here */
2143 property_set("vold.encrypt_progress", "100");
Paul Lawrence87999172014-02-20 12:21:31 -08002144 }
2145
2146 return rc;
2147}
2148
Paul Crowleyb64933a2017-10-31 08:25:55 -07002149static int vold_unmountAll(void) {
2150 VolumeManager* vm = VolumeManager::Instance();
2151 return vm->unmountAll();
2152}
2153
Paul Lawrence7ee87cf2017-12-22 10:12:06 -08002154int cryptfs_enable_internal(int crypt_type, const char* passwd, int no_ui) {
Tom Cherry4c5bde22019-01-29 14:34:01 -08002155 char crypto_blkdev[MAXPATHLEN];
2156 std::string real_blkdev;
Greg Kaiser59ad0182018-02-16 13:01:36 -08002157 unsigned char decrypted_master_key[MAX_KEY_LEN];
Paul Crowley14c8c072018-09-18 13:30:21 -07002158 int rc = -1, i;
Paul Lawrence87999172014-02-20 12:21:31 -08002159 struct crypt_mnt_ftr crypt_ftr;
Paul Crowley14c8c072018-09-18 13:30:21 -07002160 struct crypt_persist_data* pdata;
Ken Sumrall29d8da82011-05-18 17:20:07 -07002161 char encrypted_state[PROPERTY_VALUE_MAX];
Paul Crowley14c8c072018-09-18 13:30:21 -07002162 char lockid[32] = {0};
Tom Cherry4c5bde22019-01-29 14:34:01 -08002163 std::string key_loc;
Ken Sumrall29d8da82011-05-18 17:20:07 -07002164 int num_vols;
Paul Lawrence87999172014-02-20 12:21:31 -08002165 off64_t previously_encrypted_upto = 0;
Paul Lawrence3d99eba2015-11-20 07:07:19 -08002166 bool rebootEncryption = false;
Wei Wang4375f1b2017-02-24 17:43:01 -08002167 bool onlyCreateHeader = false;
Ken Sumrall29d8da82011-05-18 17:20:07 -07002168
Paul Lawrence7ee87cf2017-12-22 10:12:06 -08002169 if (get_crypt_ftr_and_key(&crypt_ftr) == 0) {
Paul Lawrence3d99eba2015-11-20 07:07:19 -08002170 if (crypt_ftr.flags & CRYPT_ENCRYPTION_IN_PROGRESS) {
2171 /* An encryption was underway and was interrupted */
2172 previously_encrypted_upto = crypt_ftr.encrypted_upto;
2173 crypt_ftr.encrypted_upto = 0;
2174 crypt_ftr.flags &= ~CRYPT_ENCRYPTION_IN_PROGRESS;
Paul Lawrence6bfed202014-07-28 12:47:22 -07002175
Paul Lawrence3d99eba2015-11-20 07:07:19 -08002176 /* At this point, we are in an inconsistent state. Until we successfully
2177 complete encryption, a reboot will leave us broken. So mark the
2178 encryption failed in case that happens.
2179 On successfully completing encryption, remove this flag */
2180 crypt_ftr.flags |= CRYPT_INCONSISTENT_STATE;
Paul Lawrence6bfed202014-07-28 12:47:22 -07002181
Paul Lawrence3d99eba2015-11-20 07:07:19 -08002182 put_crypt_ftr_and_key(&crypt_ftr);
2183 } else if (crypt_ftr.flags & CRYPT_FORCE_ENCRYPTION) {
2184 if (!check_ftr_sha(&crypt_ftr)) {
2185 memset(&crypt_ftr, 0, sizeof(crypt_ftr));
2186 put_crypt_ftr_and_key(&crypt_ftr);
2187 goto error_unencrypted;
2188 }
2189
2190 /* Doing a reboot-encryption*/
2191 crypt_ftr.flags &= ~CRYPT_FORCE_ENCRYPTION;
2192 crypt_ftr.flags |= CRYPT_FORCE_COMPLETE;
2193 rebootEncryption = true;
2194 }
Greg Kaiser59ad0182018-02-16 13:01:36 -08002195 } else {
2196 // We don't want to accidentally reference invalid data.
2197 memset(&crypt_ftr, 0, sizeof(crypt_ftr));
Paul Lawrence87999172014-02-20 12:21:31 -08002198 }
2199
2200 property_get("ro.crypto.state", encrypted_state, "");
2201 if (!strcmp(encrypted_state, "encrypted") && !previously_encrypted_upto) {
2202 SLOGE("Device is already running encrypted, aborting");
2203 goto error_unencrypted;
2204 }
2205
Tom Cherry4c5bde22019-01-29 14:34:01 -08002206 get_crypt_info(&key_loc, &real_blkdev);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002207
Ken Sumrall3ed82362011-01-28 23:31:16 -08002208 /* Get the size of the real block device */
Oleksiy Avramchenko625dc782018-05-23 10:50:46 +02002209 uint64_t nr_sec;
2210 if (android::vold::GetBlockDev512Sectors(real_blkdev, &nr_sec) != android::OK) {
Tom Cherry4c5bde22019-01-29 14:34:01 -08002211 SLOGE("Cannot get size of block device %s\n", real_blkdev.c_str());
Ken Sumrall3ed82362011-01-28 23:31:16 -08002212 goto error_unencrypted;
2213 }
Ken Sumrall3ed82362011-01-28 23:31:16 -08002214
2215 /* If doing inplace encryption, make sure the orig fs doesn't include the crypto footer */
Tom Cherry4c5bde22019-01-29 14:34:01 -08002216 if (key_loc == KEY_IN_FOOTER) {
Oleksiy Avramchenko625dc782018-05-23 10:50:46 +02002217 uint64_t fs_size_sec, max_fs_size_sec;
Tom Cherry4c5bde22019-01-29 14:34:01 -08002218 fs_size_sec = get_fs_size(real_blkdev.c_str());
2219 if (fs_size_sec == 0) fs_size_sec = get_f2fs_filesystem_size_sec(real_blkdev.data());
Daniel Rosenberge82df162014-08-15 22:19:23 +00002220
Paul Lawrence87999172014-02-20 12:21:31 -08002221 max_fs_size_sec = nr_sec - (CRYPT_FOOTER_OFFSET / CRYPT_SECTOR_SIZE);
Ken Sumrall3ed82362011-01-28 23:31:16 -08002222
2223 if (fs_size_sec > max_fs_size_sec) {
2224 SLOGE("Orig filesystem overlaps crypto footer region. Cannot encrypt in place.");
2225 goto error_unencrypted;
2226 }
2227 }
2228
Ken Sumrall5d4c68e2011-01-30 19:06:03 -08002229 /* Get a wakelock as this may take a while, and we don't want the
2230 * device to sleep on us. We'll grab a partial wakelock, and if the UI
2231 * wants to keep the screen on, it can grab a full wakelock.
2232 */
Paul Crowley14c8c072018-09-18 13:30:21 -07002233 snprintf(lockid, sizeof(lockid), "enablecrypto%d", (int)getpid());
Ken Sumrall5d4c68e2011-01-30 19:06:03 -08002234 acquire_wake_lock(PARTIAL_WAKE_LOCK, lockid);
2235
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002236 /* The init files are setup to stop the class main and late start when
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002237 * vold sets trigger_shutdown_framework.
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002238 */
2239 property_set("vold.decrypt", "trigger_shutdown_framework");
2240 SLOGD("Just asked init to shut down class main\n");
2241
Jeff Sharkey9c484982015-03-31 10:35:33 -07002242 /* Ask vold to unmount all devices that it manages */
2243 if (vold_unmountAll()) {
2244 SLOGE("Failed to unmount all vold managed devices");
Ken Sumrall2eaf7132011-01-14 12:45:48 -08002245 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002246
Paul Lawrence3d99eba2015-11-20 07:07:19 -08002247 /* no_ui means we are being called from init, not settings.
2248 Now we always reboot from settings, so !no_ui means reboot
2249 */
Paul Lawrence3d99eba2015-11-20 07:07:19 -08002250 if (!no_ui) {
2251 /* Try fallback, which is to reboot and try there */
2252 onlyCreateHeader = true;
2253 FILE* breadcrumb = fopen(BREADCRUMB_FILE, "we");
2254 if (breadcrumb == 0) {
2255 SLOGE("Failed to create breadcrumb file");
2256 goto error_shutting_down;
2257 }
2258 fclose(breadcrumb);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002259 }
2260
2261 /* Do extra work for a better UX when doing the long inplace encryption */
Paul Lawrence7ee87cf2017-12-22 10:12:06 -08002262 if (!onlyCreateHeader) {
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002263 /* Now that /data is unmounted, we need to mount a tmpfs
2264 * /data, set a property saying we're doing inplace encryption,
2265 * and restart the framework.
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002266 */
xzj7e38a3a2018-10-12 10:17:11 +08002267 wait_and_unmount(DATA_MNT_POINT, true);
Ken Sumralle5032c42012-04-01 23:58:44 -07002268 if (fs_mgr_do_tmpfs_mount(DATA_MNT_POINT)) {
Ken Sumrall3ed82362011-01-28 23:31:16 -08002269 goto error_shutting_down;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002270 }
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002271 /* Tells the framework that inplace encryption is starting */
Ken Sumrall7df84122011-01-18 14:04:08 -08002272 property_set("vold.encrypt_progress", "0");
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002273
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002274 /* restart the framework. */
2275 /* Create necessary paths on /data */
Wei Wang42e38102017-06-07 10:46:12 -07002276 prep_data_fs();
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002277
Ken Sumrall92736ef2012-10-17 20:57:14 -07002278 /* Ugh, shutting down the framework is not synchronous, so until it
2279 * can be fixed, this horrible hack will wait a moment for it all to
2280 * shut down before proceeding. Without it, some devices cannot
2281 * restart the graphics services.
2282 */
2283 sleep(2);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002284 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002285
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002286 /* Start the actual work of making an encrypted filesystem */
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002287 /* Initialize a crypt_mnt_ftr for the partition */
Paul Lawrence3d99eba2015-11-20 07:07:19 -08002288 if (previously_encrypted_upto == 0 && !rebootEncryption) {
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07002289 if (cryptfs_init_crypt_mnt_ftr(&crypt_ftr)) {
2290 goto error_shutting_down;
2291 }
Ken Sumrall160b4d62013-04-22 12:15:39 -07002292
Tom Cherry4c5bde22019-01-29 14:34:01 -08002293 if (key_loc == KEY_IN_FOOTER) {
Paul Crowley14c8c072018-09-18 13:30:21 -07002294 crypt_ftr.fs_size = nr_sec - (CRYPT_FOOTER_OFFSET / CRYPT_SECTOR_SIZE);
Paul Lawrence87999172014-02-20 12:21:31 -08002295 } else {
2296 crypt_ftr.fs_size = nr_sec;
2297 }
Paul Lawrence6bfed202014-07-28 12:47:22 -07002298 /* At this point, we are in an inconsistent state. Until we successfully
2299 complete encryption, a reboot will leave us broken. So mark the
2300 encryption failed in case that happens.
2301 On successfully completing encryption, remove this flag */
Paul Lawrence3d99eba2015-11-20 07:07:19 -08002302 if (onlyCreateHeader) {
2303 crypt_ftr.flags |= CRYPT_FORCE_ENCRYPTION;
2304 } else {
2305 crypt_ftr.flags |= CRYPT_INCONSISTENT_STATE;
2306 }
Paul Lawrence87999172014-02-20 12:21:31 -08002307 crypt_ftr.crypt_type = crypt_type;
Paul Crowley14c8c072018-09-18 13:30:21 -07002308 strlcpy((char*)crypt_ftr.crypto_type_name, cryptfs_get_crypto_name(),
2309 MAX_CRYPTO_TYPE_NAME_LEN);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002310
Paul Lawrence87999172014-02-20 12:21:31 -08002311 /* Make an encrypted master key */
Paul Lawrence3d99eba2015-11-20 07:07:19 -08002312 if (create_encrypted_random_key(onlyCreateHeader ? DEFAULT_PASSWORD : passwd,
2313 crypt_ftr.master_key, crypt_ftr.salt, &crypt_ftr)) {
Paul Lawrence87999172014-02-20 12:21:31 -08002314 SLOGE("Cannot create encrypted master key\n");
2315 goto error_shutting_down;
2316 }
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002317
Paul Lawrence3d99eba2015-11-20 07:07:19 -08002318 /* Replace scrypted intermediate key if we are preparing for a reboot */
2319 if (onlyCreateHeader) {
Greg Kaiser59ad0182018-02-16 13:01:36 -08002320 unsigned char fake_master_key[MAX_KEY_LEN];
2321 unsigned char encrypted_fake_master_key[MAX_KEY_LEN];
Paul Lawrence3d99eba2015-11-20 07:07:19 -08002322 memset(fake_master_key, 0, sizeof(fake_master_key));
Paul Crowley14c8c072018-09-18 13:30:21 -07002323 encrypt_master_key(passwd, crypt_ftr.salt, fake_master_key, encrypted_fake_master_key,
2324 &crypt_ftr);
Paul Lawrence3d99eba2015-11-20 07:07:19 -08002325 }
2326
Paul Lawrence87999172014-02-20 12:21:31 -08002327 /* Write the key to the end of the partition */
2328 put_crypt_ftr_and_key(&crypt_ftr);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002329
Paul Lawrence87999172014-02-20 12:21:31 -08002330 /* If any persistent data has been remembered, save it.
2331 * If none, create a valid empty table and save that.
2332 */
2333 if (!persist_data) {
Paul Crowley14c8c072018-09-18 13:30:21 -07002334 pdata = (crypt_persist_data*)malloc(CRYPT_PERSIST_DATA_SIZE);
2335 if (pdata) {
2336 init_empty_persist_data(pdata, CRYPT_PERSIST_DATA_SIZE);
2337 persist_data = pdata;
2338 }
Paul Lawrence87999172014-02-20 12:21:31 -08002339 }
2340 if (persist_data) {
2341 save_persistent_data();
2342 }
Ken Sumrall160b4d62013-04-22 12:15:39 -07002343 }
2344
Paul Lawrence3d99eba2015-11-20 07:07:19 -08002345 if (onlyCreateHeader) {
2346 sleep(2);
Josh Gaofec44372017-08-28 13:22:55 -07002347 cryptfs_reboot(RebootType::reboot);
Paul Lawrence3d99eba2015-11-20 07:07:19 -08002348 }
2349
Paul Lawrence7ee87cf2017-12-22 10:12:06 -08002350 if (!no_ui || rebootEncryption) {
Ajay Dudani87701e22014-09-17 21:02:52 -07002351 /* startup service classes main and late_start */
2352 property_set("vold.decrypt", "trigger_restart_min_framework");
2353 SLOGD("Just triggered restart_min_framework\n");
2354
2355 /* OK, the framework is restarted and will soon be showing a
2356 * progress bar. Time to setup an encrypted mapping, and
2357 * either write a new filesystem, or encrypt in place updating
2358 * the progress bar as we work.
2359 */
2360 }
2361
Paul Lawrenced0c7b172014-08-08 14:28:10 -07002362 decrypt_master_key(passwd, decrypted_master_key, &crypt_ftr, 0, 0);
Tom Cherry4c5bde22019-01-29 14:34:01 -08002363 create_crypto_blk_dev(&crypt_ftr, decrypted_master_key, real_blkdev.c_str(), crypto_blkdev,
Paul Crowley5afbc622017-11-27 09:42:17 -08002364 CRYPTO_BLOCK_DEVICE, 0);
Ken Sumrall29d8da82011-05-18 17:20:07 -07002365
Paul Lawrence87999172014-02-20 12:21:31 -08002366 /* If we are continuing, check checksums match */
2367 rc = 0;
2368 if (previously_encrypted_upto) {
2369 __le8 hash_first_block[SHA256_DIGEST_LENGTH];
2370 rc = cryptfs_SHA256_fileblock(crypto_blkdev, hash_first_block);
Ken Sumrall128626f2011-06-28 18:45:14 -07002371
Paul Crowley14c8c072018-09-18 13:30:21 -07002372 if (!rc &&
2373 memcmp(hash_first_block, crypt_ftr.hash_first_block, sizeof(hash_first_block)) != 0) {
Paul Lawrence87999172014-02-20 12:21:31 -08002374 SLOGE("Checksums do not match - trigger wipe");
2375 rc = -1;
Ken Sumrall29d8da82011-05-18 17:20:07 -07002376 }
2377 }
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002378
Paul Lawrence87999172014-02-20 12:21:31 -08002379 if (!rc) {
Tom Cherry4c5bde22019-01-29 14:34:01 -08002380 rc = cryptfs_enable_all_volumes(&crypt_ftr, crypto_blkdev, real_blkdev.data(),
Paul Lawrence87999172014-02-20 12:21:31 -08002381 previously_encrypted_upto);
2382 }
2383
2384 /* Calculate checksum if we are not finished */
Paul Lawrence7ee87cf2017-12-22 10:12:06 -08002385 if (!rc && crypt_ftr.encrypted_upto != crypt_ftr.fs_size) {
Paul Crowley14c8c072018-09-18 13:30:21 -07002386 rc = cryptfs_SHA256_fileblock(crypto_blkdev, crypt_ftr.hash_first_block);
Paul Lawrence73d7a022014-06-09 14:10:09 -07002387 if (rc) {
Paul Lawrence87999172014-02-20 12:21:31 -08002388 SLOGE("Error calculating checksum for continuing encryption");
2389 rc = -1;
Ken Sumrall29d8da82011-05-18 17:20:07 -07002390 }
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002391 }
2392
2393 /* Undo the dm-crypt mapping whether we succeed or not */
Paul Lawrence3d99eba2015-11-20 07:07:19 -08002394 delete_crypto_blk_dev(CRYPTO_BLOCK_DEVICE);
Ken Sumrall29d8da82011-05-18 17:20:07 -07002395
Paul Crowley14c8c072018-09-18 13:30:21 -07002396 if (!rc) {
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002397 /* Success */
Paul Lawrence6bfed202014-07-28 12:47:22 -07002398 crypt_ftr.flags &= ~CRYPT_INCONSISTENT_STATE;
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08002399
Paul Lawrence7ee87cf2017-12-22 10:12:06 -08002400 if (crypt_ftr.encrypted_upto != crypt_ftr.fs_size) {
Paul Lawrence87999172014-02-20 12:21:31 -08002401 SLOGD("Encrypted up to sector %lld - will continue after reboot",
2402 crypt_ftr.encrypted_upto);
Paul Lawrence6bfed202014-07-28 12:47:22 -07002403 crypt_ftr.flags |= CRYPT_ENCRYPTION_IN_PROGRESS;
Paul Lawrence87999172014-02-20 12:21:31 -08002404 }
Paul Lawrence73d7a022014-06-09 14:10:09 -07002405
Paul Lawrence6bfed202014-07-28 12:47:22 -07002406 put_crypt_ftr_and_key(&crypt_ftr);
Ken Sumralld33d4172011-02-01 00:49:13 -08002407
Paul Lawrence7ee87cf2017-12-22 10:12:06 -08002408 if (crypt_ftr.encrypted_upto == crypt_ftr.fs_size) {
2409 char value[PROPERTY_VALUE_MAX];
2410 property_get("ro.crypto.state", value, "");
2411 if (!strcmp(value, "")) {
2412 /* default encryption - continue first boot sequence */
2413 property_set("ro.crypto.state", "encrypted");
2414 property_set("ro.crypto.type", "block");
2415 release_wake_lock(lockid);
2416 if (rebootEncryption && crypt_ftr.crypt_type != CRYPT_TYPE_DEFAULT) {
2417 // Bring up cryptkeeper that will check the password and set it
2418 property_set("vold.decrypt", "trigger_shutdown_framework");
2419 sleep(2);
2420 property_set("vold.encrypt_progress", "");
2421 cryptfs_trigger_restart_min_framework();
2422 } else {
2423 cryptfs_check_passwd(DEFAULT_PASSWORD);
2424 cryptfs_restart_internal(1);
2425 }
2426 return 0;
Paul Lawrence3d99eba2015-11-20 07:07:19 -08002427 } else {
Paul Lawrence7ee87cf2017-12-22 10:12:06 -08002428 sleep(2); /* Give the UI a chance to show 100% progress */
2429 cryptfs_reboot(RebootType::reboot);
Paul Lawrence3d99eba2015-11-20 07:07:19 -08002430 }
Paul Lawrence87999172014-02-20 12:21:31 -08002431 } else {
Paul Lawrenceb6672e12014-08-15 07:37:28 -07002432 sleep(2); /* Partially encrypted, ensure writes flushed to ssd */
Josh Gaofec44372017-08-28 13:22:55 -07002433 cryptfs_reboot(RebootType::shutdown);
Paul Lawrence87999172014-02-20 12:21:31 -08002434 }
Ken Sumrall3ed82362011-01-28 23:31:16 -08002435 } else {
Mike Lockwoodee6d8c42012-02-15 13:43:28 -08002436 char value[PROPERTY_VALUE_MAX];
2437
Ken Sumrall319369a2012-06-27 16:30:18 -07002438 property_get("ro.vold.wipe_on_crypt_fail", value, "0");
Mike Lockwoodee6d8c42012-02-15 13:43:28 -08002439 if (!strcmp(value, "1")) {
2440 /* wipe data if encryption failed */
2441 SLOGE("encryption failed - rebooting into recovery to wipe data\n");
Wei Wang4375f1b2017-02-24 17:43:01 -08002442 std::string err;
2443 const std::vector<std::string> options = {
Paul Crowley14c8c072018-09-18 13:30:21 -07002444 "--wipe_data\n--reason=cryptfs_enable_internal\n"};
Wei Wang4375f1b2017-02-24 17:43:01 -08002445 if (!write_bootloader_message(options, &err)) {
2446 SLOGE("could not write bootloader message: %s", err.c_str());
Mike Lockwoodee6d8c42012-02-15 13:43:28 -08002447 }
Josh Gaofec44372017-08-28 13:22:55 -07002448 cryptfs_reboot(RebootType::recovery);
Mike Lockwoodee6d8c42012-02-15 13:43:28 -08002449 } else {
2450 /* set property to trigger dialog */
2451 property_set("vold.encrypt_progress", "error_partially_encrypted");
2452 release_wake_lock(lockid);
2453 }
Ken Sumrall3ed82362011-01-28 23:31:16 -08002454 return -1;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002455 }
2456
Ken Sumrall3ed82362011-01-28 23:31:16 -08002457 /* hrm, the encrypt step claims success, but the reboot failed.
2458 * This should not happen.
2459 * Set the property and return. Hope the framework can deal with it.
2460 */
2461 property_set("vold.encrypt_progress", "error_reboot_failed");
Ken Sumrall5d4c68e2011-01-30 19:06:03 -08002462 release_wake_lock(lockid);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002463 return rc;
Ken Sumrall3ed82362011-01-28 23:31:16 -08002464
2465error_unencrypted:
2466 property_set("vold.encrypt_progress", "error_not_encrypted");
Ken Sumrall5d4c68e2011-01-30 19:06:03 -08002467 if (lockid[0]) {
2468 release_wake_lock(lockid);
2469 }
Ken Sumrall3ed82362011-01-28 23:31:16 -08002470 return -1;
2471
2472error_shutting_down:
2473 /* we failed, and have not encrypted anthing, so the users's data is still intact,
2474 * but the framework is stopped and not restarted to show the error, so it's up to
2475 * vold to restart the system.
2476 */
Paul Crowley14c8c072018-09-18 13:30:21 -07002477 SLOGE(
2478 "Error enabling encryption after framework is shutdown, no data changed, restarting "
2479 "system");
Josh Gaofec44372017-08-28 13:22:55 -07002480 cryptfs_reboot(RebootType::reboot);
Ken Sumrall3ed82362011-01-28 23:31:16 -08002481
2482 /* shouldn't get here */
2483 property_set("vold.encrypt_progress", "error_shutting_down");
Ken Sumrall5d4c68e2011-01-30 19:06:03 -08002484 if (lockid[0]) {
2485 release_wake_lock(lockid);
2486 }
Ken Sumrall3ed82362011-01-28 23:31:16 -08002487 return -1;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002488}
2489
Paul Lawrence7ee87cf2017-12-22 10:12:06 -08002490int cryptfs_enable(int type, const char* passwd, int no_ui) {
2491 return cryptfs_enable_internal(type, passwd, no_ui);
Paul Lawrence13486032014-02-03 13:28:11 -08002492}
2493
Paul Lawrence7ee87cf2017-12-22 10:12:06 -08002494int cryptfs_enable_default(int no_ui) {
2495 return cryptfs_enable_internal(CRYPT_TYPE_DEFAULT, DEFAULT_PASSWORD, no_ui);
Paul Lawrence13486032014-02-03 13:28:11 -08002496}
2497
Paul Crowley14c8c072018-09-18 13:30:21 -07002498int cryptfs_changepw(int crypt_type, const char* newpw) {
Eric Biggersa701c452018-10-23 13:06:55 -07002499 if (fscrypt_is_native()) {
Paul Lawrence7b6b5652016-02-02 11:14:59 -08002500 SLOGE("cryptfs_changepw not valid for file encryption");
2501 return -1;
Paul Lawrence05335c32015-03-05 09:46:23 -08002502 }
2503
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002504 struct crypt_mnt_ftr crypt_ftr;
JP Abgrall933216c2015-02-11 13:44:32 -08002505 int rc;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002506
2507 /* This is only allowed after we've successfully decrypted the master key */
Paul Lawrencef4faa572014-01-29 13:31:03 -08002508 if (!master_key_saved) {
Ken Sumrall0cc16632011-01-18 20:32:26 -08002509 SLOGE("Key not saved, aborting");
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002510 return -1;
2511 }
2512
Paul Lawrencef4faa572014-01-29 13:31:03 -08002513 if (crypt_type < 0 || crypt_type > CRYPT_TYPE_MAX_TYPE) {
2514 SLOGE("Invalid crypt_type %d", crypt_type);
2515 return -1;
2516 }
2517
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002518 /* get key */
Ken Sumrall160b4d62013-04-22 12:15:39 -07002519 if (get_crypt_ftr_and_key(&crypt_ftr)) {
Paul Lawrencef4faa572014-01-29 13:31:03 -08002520 SLOGE("Error getting crypt footer and key");
2521 return -1;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002522 }
2523
Paul Lawrencef4faa572014-01-29 13:31:03 -08002524 crypt_ftr.crypt_type = crypt_type;
2525
Paul Crowley14c8c072018-09-18 13:30:21 -07002526 rc = encrypt_master_key(crypt_type == CRYPT_TYPE_DEFAULT ? DEFAULT_PASSWORD : newpw,
2527 crypt_ftr.salt, saved_master_key, crypt_ftr.master_key, &crypt_ftr);
JP Abgrall933216c2015-02-11 13:44:32 -08002528 if (rc) {
2529 SLOGE("Encrypt master key failed: %d", rc);
2530 return -1;
2531 }
Jason parks70a4b3f2011-01-28 10:10:47 -06002532 /* save the key */
Ken Sumrall160b4d62013-04-22 12:15:39 -07002533 put_crypt_ftr_and_key(&crypt_ftr);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002534
2535 return 0;
2536}
Ken Sumrall160b4d62013-04-22 12:15:39 -07002537
Rubin Xu85c01f92014-10-13 12:49:54 +01002538static unsigned int persist_get_max_entries(int encrypted) {
2539 struct crypt_mnt_ftr crypt_ftr;
2540 unsigned int dsize;
Rubin Xu85c01f92014-10-13 12:49:54 +01002541
2542 /* If encrypted, use the values from the crypt_ftr, otherwise
2543 * use the values for the current spec.
2544 */
2545 if (encrypted) {
2546 if (get_crypt_ftr_and_key(&crypt_ftr)) {
Rubin Xuf83cc612018-10-09 16:13:38 +01002547 /* Something is wrong, assume no space for entries */
2548 return 0;
Rubin Xu85c01f92014-10-13 12:49:54 +01002549 }
2550 dsize = crypt_ftr.persist_data_size;
2551 } else {
2552 dsize = CRYPT_PERSIST_DATA_SIZE;
2553 }
2554
Rubin Xuf83cc612018-10-09 16:13:38 +01002555 if (dsize > sizeof(struct crypt_persist_data)) {
2556 return (dsize - sizeof(struct crypt_persist_data)) / sizeof(struct crypt_persist_entry);
2557 } else {
2558 return 0;
2559 }
Rubin Xu85c01f92014-10-13 12:49:54 +01002560}
2561
Paul Crowley14c8c072018-09-18 13:30:21 -07002562static int persist_get_key(const char* fieldname, char* value) {
Ken Sumrall160b4d62013-04-22 12:15:39 -07002563 unsigned int i;
2564
2565 if (persist_data == NULL) {
2566 return -1;
2567 }
2568 for (i = 0; i < persist_data->persist_valid_entries; i++) {
2569 if (!strncmp(persist_data->persist_entry[i].key, fieldname, PROPERTY_KEY_MAX)) {
2570 /* We found it! */
2571 strlcpy(value, persist_data->persist_entry[i].val, PROPERTY_VALUE_MAX);
2572 return 0;
2573 }
2574 }
2575
2576 return -1;
2577}
2578
Paul Crowley14c8c072018-09-18 13:30:21 -07002579static int persist_set_key(const char* fieldname, const char* value, int encrypted) {
Ken Sumrall160b4d62013-04-22 12:15:39 -07002580 unsigned int i;
2581 unsigned int num;
Ken Sumrall160b4d62013-04-22 12:15:39 -07002582 unsigned int max_persistent_entries;
Ken Sumrall160b4d62013-04-22 12:15:39 -07002583
2584 if (persist_data == NULL) {
2585 return -1;
2586 }
2587
Rubin Xu85c01f92014-10-13 12:49:54 +01002588 max_persistent_entries = persist_get_max_entries(encrypted);
Ken Sumrall160b4d62013-04-22 12:15:39 -07002589
2590 num = persist_data->persist_valid_entries;
2591
2592 for (i = 0; i < num; i++) {
2593 if (!strncmp(persist_data->persist_entry[i].key, fieldname, PROPERTY_KEY_MAX)) {
2594 /* We found an existing entry, update it! */
2595 memset(persist_data->persist_entry[i].val, 0, PROPERTY_VALUE_MAX);
2596 strlcpy(persist_data->persist_entry[i].val, value, PROPERTY_VALUE_MAX);
2597 return 0;
2598 }
2599 }
2600
2601 /* We didn't find it, add it to the end, if there is room */
2602 if (persist_data->persist_valid_entries < max_persistent_entries) {
2603 memset(&persist_data->persist_entry[num], 0, sizeof(struct crypt_persist_entry));
2604 strlcpy(persist_data->persist_entry[num].key, fieldname, PROPERTY_KEY_MAX);
2605 strlcpy(persist_data->persist_entry[num].val, value, PROPERTY_VALUE_MAX);
2606 persist_data->persist_valid_entries++;
2607 return 0;
2608 }
2609
2610 return -1;
2611}
2612
Rubin Xu85c01f92014-10-13 12:49:54 +01002613/**
2614 * Test if key is part of the multi-entry (field, index) sequence. Return non-zero if key is in the
2615 * sequence and its index is greater than or equal to index. Return 0 otherwise.
2616 */
Paul Crowley14c8c072018-09-18 13:30:21 -07002617int match_multi_entry(const char* key, const char* field, unsigned index) {
Jeff Sharkey95440eb2017-09-18 18:19:28 -06002618 std::string key_ = key;
2619 std::string field_ = field;
Rubin Xu85c01f92014-10-13 12:49:54 +01002620
Jeff Sharkey95440eb2017-09-18 18:19:28 -06002621 std::string parsed_field;
2622 unsigned parsed_index;
2623
2624 std::string::size_type split = key_.find_last_of('_');
2625 if (split == std::string::npos) {
2626 parsed_field = key_;
2627 parsed_index = 0;
2628 } else {
2629 parsed_field = key_.substr(0, split);
2630 parsed_index = std::stoi(key_.substr(split + 1));
Rubin Xu85c01f92014-10-13 12:49:54 +01002631 }
Jeff Sharkey95440eb2017-09-18 18:19:28 -06002632
2633 return parsed_field == field_ && parsed_index >= index;
Rubin Xu85c01f92014-10-13 12:49:54 +01002634}
2635
2636/*
2637 * Delete entry/entries from persist_data. If the entries are part of a multi-segment field, all
2638 * remaining entries starting from index will be deleted.
2639 * returns PERSIST_DEL_KEY_OK if deletion succeeds,
2640 * PERSIST_DEL_KEY_ERROR_NO_FIELD if the field does not exist,
2641 * and PERSIST_DEL_KEY_ERROR_OTHER if error occurs.
2642 *
2643 */
Paul Crowley14c8c072018-09-18 13:30:21 -07002644static int persist_del_keys(const char* fieldname, unsigned index) {
Rubin Xu85c01f92014-10-13 12:49:54 +01002645 unsigned int i;
2646 unsigned int j;
2647 unsigned int num;
2648
2649 if (persist_data == NULL) {
2650 return PERSIST_DEL_KEY_ERROR_OTHER;
2651 }
2652
2653 num = persist_data->persist_valid_entries;
2654
Paul Crowley14c8c072018-09-18 13:30:21 -07002655 j = 0; // points to the end of non-deleted entries.
Rubin Xu85c01f92014-10-13 12:49:54 +01002656 // Filter out to-be-deleted entries in place.
2657 for (i = 0; i < num; i++) {
2658 if (!match_multi_entry(persist_data->persist_entry[i].key, fieldname, index)) {
2659 persist_data->persist_entry[j] = persist_data->persist_entry[i];
2660 j++;
2661 }
2662 }
2663
2664 if (j < num) {
2665 persist_data->persist_valid_entries = j;
2666 // Zeroise the remaining entries
2667 memset(&persist_data->persist_entry[j], 0, (num - j) * sizeof(struct crypt_persist_entry));
2668 return PERSIST_DEL_KEY_OK;
2669 } else {
2670 // Did not find an entry matching the given fieldname
2671 return PERSIST_DEL_KEY_ERROR_NO_FIELD;
2672 }
2673}
2674
Paul Crowley14c8c072018-09-18 13:30:21 -07002675static int persist_count_keys(const char* fieldname) {
Rubin Xu85c01f92014-10-13 12:49:54 +01002676 unsigned int i;
2677 unsigned int count;
2678
2679 if (persist_data == NULL) {
2680 return -1;
2681 }
2682
2683 count = 0;
2684 for (i = 0; i < persist_data->persist_valid_entries; i++) {
2685 if (match_multi_entry(persist_data->persist_entry[i].key, fieldname, 0)) {
2686 count++;
2687 }
2688 }
2689
2690 return count;
2691}
2692
Ken Sumrall160b4d62013-04-22 12:15:39 -07002693/* Return the value of the specified field. */
Paul Crowley14c8c072018-09-18 13:30:21 -07002694int cryptfs_getfield(const char* fieldname, char* value, int len) {
Eric Biggersa701c452018-10-23 13:06:55 -07002695 if (fscrypt_is_native()) {
Paul Lawrence5a06a642016-02-03 13:39:13 -08002696 SLOGE("Cannot get field when file encrypted");
2697 return -1;
Paul Lawrence368d7942015-04-15 14:12:00 -07002698 }
2699
Ken Sumrall160b4d62013-04-22 12:15:39 -07002700 char temp_value[PROPERTY_VALUE_MAX];
Rubin Xu85c01f92014-10-13 12:49:54 +01002701 /* CRYPTO_GETFIELD_OK is success,
2702 * CRYPTO_GETFIELD_ERROR_NO_FIELD is value not set,
2703 * CRYPTO_GETFIELD_ERROR_BUF_TOO_SMALL is buffer (as given by len) too small,
2704 * CRYPTO_GETFIELD_ERROR_OTHER is any other error
Ken Sumrall160b4d62013-04-22 12:15:39 -07002705 */
Rubin Xu85c01f92014-10-13 12:49:54 +01002706 int rc = CRYPTO_GETFIELD_ERROR_OTHER;
2707 int i;
2708 char temp_field[PROPERTY_KEY_MAX];
Ken Sumrall160b4d62013-04-22 12:15:39 -07002709
2710 if (persist_data == NULL) {
2711 load_persistent_data();
2712 if (persist_data == NULL) {
2713 SLOGE("Getfield error, cannot load persistent data");
2714 goto out;
2715 }
2716 }
2717
Rubin Xu85c01f92014-10-13 12:49:54 +01002718 // Read value from persistent entries. If the original value is split into multiple entries,
2719 // stitch them back together.
Ken Sumrall160b4d62013-04-22 12:15:39 -07002720 if (!persist_get_key(fieldname, temp_value)) {
Rubin Xu85c01f92014-10-13 12:49:54 +01002721 // We found it, copy it to the caller's buffer and keep going until all entries are read.
Paul Crowley14c8c072018-09-18 13:30:21 -07002722 if (strlcpy(value, temp_value, len) >= (unsigned)len) {
Rubin Xu85c01f92014-10-13 12:49:54 +01002723 // value too small
2724 rc = CRYPTO_GETFIELD_ERROR_BUF_TOO_SMALL;
2725 goto out;
2726 }
2727 rc = CRYPTO_GETFIELD_OK;
2728
2729 for (i = 1; /* break explicitly */; i++) {
2730 if (snprintf(temp_field, sizeof(temp_field), "%s_%d", fieldname, i) >=
Paul Crowley14c8c072018-09-18 13:30:21 -07002731 (int)sizeof(temp_field)) {
Rubin Xu85c01f92014-10-13 12:49:54 +01002732 // If the fieldname is very long, we stop as soon as it begins to overflow the
2733 // maximum field length. At this point we have in fact fully read out the original
2734 // value because cryptfs_setfield would not allow fields with longer names to be
2735 // written in the first place.
2736 break;
2737 }
2738 if (!persist_get_key(temp_field, temp_value)) {
Paul Crowley14c8c072018-09-18 13:30:21 -07002739 if (strlcat(value, temp_value, len) >= (unsigned)len) {
2740 // value too small.
2741 rc = CRYPTO_GETFIELD_ERROR_BUF_TOO_SMALL;
2742 goto out;
2743 }
Rubin Xu85c01f92014-10-13 12:49:54 +01002744 } else {
2745 // Exhaust all entries.
2746 break;
2747 }
2748 }
Ken Sumrall160b4d62013-04-22 12:15:39 -07002749 } else {
2750 /* Sadness, it's not there. Return the error */
Rubin Xu85c01f92014-10-13 12:49:54 +01002751 rc = CRYPTO_GETFIELD_ERROR_NO_FIELD;
Ken Sumrall160b4d62013-04-22 12:15:39 -07002752 }
2753
2754out:
2755 return rc;
2756}
2757
2758/* Set the value of the specified field. */
Paul Crowley14c8c072018-09-18 13:30:21 -07002759int cryptfs_setfield(const char* fieldname, const char* value) {
Eric Biggersa701c452018-10-23 13:06:55 -07002760 if (fscrypt_is_native()) {
Paul Lawrence5a06a642016-02-03 13:39:13 -08002761 SLOGE("Cannot set field when file encrypted");
2762 return -1;
Paul Lawrence368d7942015-04-15 14:12:00 -07002763 }
2764
Ken Sumrall160b4d62013-04-22 12:15:39 -07002765 char encrypted_state[PROPERTY_VALUE_MAX];
Rubin Xu85c01f92014-10-13 12:49:54 +01002766 /* 0 is success, negative values are error */
2767 int rc = CRYPTO_SETFIELD_ERROR_OTHER;
Ken Sumrall160b4d62013-04-22 12:15:39 -07002768 int encrypted = 0;
Rubin Xu85c01f92014-10-13 12:49:54 +01002769 unsigned int field_id;
2770 char temp_field[PROPERTY_KEY_MAX];
2771 unsigned int num_entries;
2772 unsigned int max_keylen;
Ken Sumrall160b4d62013-04-22 12:15:39 -07002773
2774 if (persist_data == NULL) {
2775 load_persistent_data();
2776 if (persist_data == NULL) {
2777 SLOGE("Setfield error, cannot load persistent data");
2778 goto out;
2779 }
2780 }
2781
2782 property_get("ro.crypto.state", encrypted_state, "");
Paul Crowley14c8c072018-09-18 13:30:21 -07002783 if (!strcmp(encrypted_state, "encrypted")) {
Ken Sumrall160b4d62013-04-22 12:15:39 -07002784 encrypted = 1;
2785 }
2786
Rubin Xu85c01f92014-10-13 12:49:54 +01002787 // Compute the number of entries required to store value, each entry can store up to
2788 // (PROPERTY_VALUE_MAX - 1) chars
2789 if (strlen(value) == 0) {
2790 // Empty value also needs one entry to store.
2791 num_entries = 1;
2792 } else {
2793 num_entries = (strlen(value) + (PROPERTY_VALUE_MAX - 1) - 1) / (PROPERTY_VALUE_MAX - 1);
2794 }
2795
2796 max_keylen = strlen(fieldname);
2797 if (num_entries > 1) {
2798 // Need an extra "_%d" suffix.
2799 max_keylen += 1 + log10(num_entries);
2800 }
2801 if (max_keylen > PROPERTY_KEY_MAX - 1) {
2802 rc = CRYPTO_SETFIELD_ERROR_FIELD_TOO_LONG;
Ken Sumrall160b4d62013-04-22 12:15:39 -07002803 goto out;
2804 }
2805
Rubin Xu85c01f92014-10-13 12:49:54 +01002806 // Make sure we have enough space to write the new value
2807 if (persist_data->persist_valid_entries + num_entries - persist_count_keys(fieldname) >
2808 persist_get_max_entries(encrypted)) {
2809 rc = CRYPTO_SETFIELD_ERROR_VALUE_TOO_LONG;
2810 goto out;
2811 }
2812
2813 // Now that we know persist_data has enough space for value, let's delete the old field first
2814 // to make up space.
2815 persist_del_keys(fieldname, 0);
2816
2817 if (persist_set_key(fieldname, value, encrypted)) {
2818 // fail to set key, should not happen as we have already checked the available space
2819 SLOGE("persist_set_key() error during setfield()");
2820 goto out;
2821 }
2822
2823 for (field_id = 1; field_id < num_entries; field_id++) {
Greg Kaiserb610e772018-02-09 09:19:54 -08002824 snprintf(temp_field, sizeof(temp_field), "%s_%u", fieldname, field_id);
Rubin Xu85c01f92014-10-13 12:49:54 +01002825
2826 if (persist_set_key(temp_field, value + field_id * (PROPERTY_VALUE_MAX - 1), encrypted)) {
2827 // fail to set key, should not happen as we have already checked the available space.
2828 SLOGE("persist_set_key() error during setfield()");
2829 goto out;
2830 }
2831 }
2832
Ken Sumrall160b4d62013-04-22 12:15:39 -07002833 /* If we are running encrypted, save the persistent data now */
2834 if (encrypted) {
2835 if (save_persistent_data()) {
2836 SLOGE("Setfield error, cannot save persistent data");
2837 goto out;
2838 }
2839 }
2840
Rubin Xu85c01f92014-10-13 12:49:54 +01002841 rc = CRYPTO_SETFIELD_OK;
Ken Sumrall160b4d62013-04-22 12:15:39 -07002842
2843out:
2844 return rc;
2845}
Paul Lawrencef4faa572014-01-29 13:31:03 -08002846
2847/* Checks userdata. Attempt to mount the volume if default-
2848 * encrypted.
2849 * On success trigger next init phase and return 0.
2850 * Currently do not handle failure - see TODO below.
2851 */
Paul Crowley14c8c072018-09-18 13:30:21 -07002852int cryptfs_mount_default_encrypted(void) {
Paul Lawrence84274cc2016-04-15 15:41:33 -07002853 int crypt_type = cryptfs_get_password_type();
2854 if (crypt_type < 0 || crypt_type > CRYPT_TYPE_MAX_TYPE) {
2855 SLOGE("Bad crypt type - error");
2856 } else if (crypt_type != CRYPT_TYPE_DEFAULT) {
Paul Crowley14c8c072018-09-18 13:30:21 -07002857 SLOGD(
2858 "Password is not default - "
2859 "starting min framework to prompt");
Paul Lawrence84274cc2016-04-15 15:41:33 -07002860 property_set("vold.decrypt", "trigger_restart_min_framework");
2861 return 0;
2862 } else if (cryptfs_check_passwd(DEFAULT_PASSWORD) == 0) {
2863 SLOGD("Password is default - restarting filesystem");
2864 cryptfs_restart_internal(0);
2865 return 0;
Paul Lawrencef4faa572014-01-29 13:31:03 -08002866 } else {
Paul Lawrence84274cc2016-04-15 15:41:33 -07002867 SLOGE("Encrypted, default crypt type but can't decrypt");
Paul Lawrencef4faa572014-01-29 13:31:03 -08002868 }
2869
Paul Lawrence6bfed202014-07-28 12:47:22 -07002870 /** Corrupt. Allow us to boot into framework, which will detect bad
2871 crypto when it calls do_crypto_complete, then do a factory reset
Paul Lawrencef4faa572014-01-29 13:31:03 -08002872 */
Paul Lawrence6bfed202014-07-28 12:47:22 -07002873 property_set("vold.decrypt", "trigger_restart_min_framework");
Paul Lawrencef4faa572014-01-29 13:31:03 -08002874 return 0;
2875}
2876
2877/* Returns type of the password, default, pattern, pin or password.
2878 */
Paul Crowley14c8c072018-09-18 13:30:21 -07002879int cryptfs_get_password_type(void) {
Eric Biggersa701c452018-10-23 13:06:55 -07002880 if (fscrypt_is_native()) {
Paul Lawrence7b6b5652016-02-02 11:14:59 -08002881 SLOGE("cryptfs_get_password_type not valid for file encryption");
2882 return -1;
Paul Lawrence05335c32015-03-05 09:46:23 -08002883 }
2884
Paul Lawrencef4faa572014-01-29 13:31:03 -08002885 struct crypt_mnt_ftr crypt_ftr;
2886
2887 if (get_crypt_ftr_and_key(&crypt_ftr)) {
2888 SLOGE("Error getting crypt footer and key\n");
2889 return -1;
2890 }
2891
Paul Lawrence6bfed202014-07-28 12:47:22 -07002892 if (crypt_ftr.flags & CRYPT_INCONSISTENT_STATE) {
2893 return -1;
2894 }
2895
Paul Lawrencef4faa572014-01-29 13:31:03 -08002896 return crypt_ftr.crypt_type;
2897}
Paul Lawrence684dbdf2014-02-07 12:07:22 -08002898
Paul Crowley14c8c072018-09-18 13:30:21 -07002899const char* cryptfs_get_password() {
Eric Biggersa701c452018-10-23 13:06:55 -07002900 if (fscrypt_is_native()) {
Paul Lawrence7b6b5652016-02-02 11:14:59 -08002901 SLOGE("cryptfs_get_password not valid for file encryption");
2902 return 0;
Paul Lawrence05335c32015-03-05 09:46:23 -08002903 }
2904
Paul Lawrence399317e2014-03-10 13:20:50 -07002905 struct timespec now;
Paul Lawrenceef2b5be2014-11-11 12:47:03 -08002906 clock_gettime(CLOCK_BOOTTIME, &now);
Paul Lawrence399317e2014-03-10 13:20:50 -07002907 if (now.tv_sec < password_expiry_time) {
2908 return password;
2909 } else {
2910 cryptfs_clear_password();
2911 return 0;
2912 }
2913}
2914
Paul Crowley14c8c072018-09-18 13:30:21 -07002915void cryptfs_clear_password() {
Paul Lawrence399317e2014-03-10 13:20:50 -07002916 if (password) {
2917 size_t len = strlen(password);
2918 memset(password, 0, len);
2919 free(password);
2920 password = 0;
2921 password_expiry_time = 0;
2922 }
Paul Lawrence684dbdf2014-02-07 12:07:22 -08002923}
Paul Lawrence731a7a22015-04-28 22:14:15 +00002924
Paul Crowley14c8c072018-09-18 13:30:21 -07002925int cryptfs_isConvertibleToFBE() {
Tom Cherry4c5bde22019-01-29 14:34:01 -08002926 auto entry = GetEntryForMountPoint(&fstab_default, DATA_MNT_POINT);
2927 return entry && entry->fs_mgr_flags.force_fde_or_fbe;
Paul Lawrence0c247462015-10-29 10:30:57 -07002928}