blob: 6dd56cb617172e825aeac2c4c1e24d4c32af70c8 [file] [log] [blame]
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001/*
2 * Copyright (C) 2010 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17/* TO DO:
18 * 1. Perhaps keep several copies of the encrypted key, in case something
19 * goes horribly wrong?
20 *
21 */
22
23#include <sys/types.h>
Ken Sumralle550f782013-08-20 13:48:23 -070024#include <sys/wait.h>
Ken Sumrall8f869aa2010-12-03 03:47:09 -080025#include <sys/stat.h>
Paul Lawrencef4faa572014-01-29 13:31:03 -080026#include <ctype.h>
Ken Sumrall8f869aa2010-12-03 03:47:09 -080027#include <fcntl.h>
Elliott Hughes73737162014-06-25 17:27:42 -070028#include <inttypes.h>
Ken Sumrall8f869aa2010-12-03 03:47:09 -080029#include <unistd.h>
30#include <stdio.h>
31#include <sys/ioctl.h>
32#include <linux/dm-ioctl.h>
33#include <libgen.h>
34#include <stdlib.h>
35#include <sys/param.h>
36#include <string.h>
37#include <sys/mount.h>
38#include <openssl/evp.h>
Adam Langley41405bb2015-01-22 16:45:28 -080039#include <openssl/sha.h>
Ken Sumrall8f869aa2010-12-03 03:47:09 -080040#include <errno.h>
Ken Sumrall3ed82362011-01-28 23:31:16 -080041#include <ext4.h>
Ken Sumrall29d8da82011-05-18 17:20:07 -070042#include <linux/kdev_t.h>
Ken Sumralle5032c42012-04-01 23:58:44 -070043#include <fs_mgr.h>
Paul Lawrence9c58a872014-09-30 09:12:51 -070044#include <time.h>
Rubin Xu85c01f92014-10-13 12:49:54 +010045#include <math.h>
Jeff Vander Stoepdf725752016-01-29 15:34:43 -080046#include <selinux/selinux.h>
Ken Sumrall8f869aa2010-12-03 03:47:09 -080047#include "cryptfs.h"
Jeff Vander Stoepdf725752016-01-29 15:34:43 -080048#include "secontext.h"
Ken Sumrall8f869aa2010-12-03 03:47:09 -080049#define LOG_TAG "Cryptfs"
50#include "cutils/log.h"
51#include "cutils/properties.h"
Ken Sumralladfba362013-06-04 16:37:52 -070052#include "cutils/android_reboot.h"
Ken Sumrall5d4c68e2011-01-30 19:06:03 -080053#include "hardware_legacy/power.h"
Ken Sumralle550f782013-08-20 13:48:23 -070054#include <logwrap/logwrap.h>
Paul Crowley63c18d32016-02-10 14:02:47 +000055#include "ScryptParameters.h"
Ken Sumrall29d8da82011-05-18 17:20:07 -070056#include "VolumeManager.h"
Ken Sumrall9caab762013-06-11 19:10:20 -070057#include "VoldUtil.h"
Kenny Rootc4c70f12013-06-14 12:11:38 -070058#include "crypto_scrypt.h"
Paul Lawrence731a7a22015-04-28 22:14:15 +000059#include "Ext4Crypt.h"
Paul Lawrenceae59fe62014-01-21 08:23:27 -080060#include "ext4_utils.h"
Daniel Rosenberge82df162014-08-15 22:19:23 +000061#include "f2fs_sparseblock.h"
Paul Lawrence87999172014-02-20 12:21:31 -080062#include "CheckBattery.h"
jessica_yu3f14fe42014-09-22 15:57:40 +080063#include "Process.h"
Ken Sumrall8f869aa2010-12-03 03:47:09 -080064
Yabin Cui1fb59662016-06-24 14:48:49 -070065#include <bootloader_message/bootloader_message.h>
Shawn Willden8af33352015-02-24 09:51:34 -070066#include <hardware/keymaster0.h>
Shawn Willdenda6e8992015-06-03 09:40:45 -060067#include <hardware/keymaster1.h>
Paul Lawrence69f4ebd2014-04-14 12:17:14 -070068
Mark Salyzyn3e971272014-01-21 13:27:04 -080069#define UNUSED __attribute__((unused))
70
Mark Salyzyn5eecc442014-02-12 14:16:14 -080071#define UNUSED __attribute__((unused))
72
Ajay Dudani87701e22014-09-17 21:02:52 -070073#ifdef CONFIG_HW_DISK_ENCRYPTION
74#include "cryptfs_hw.h"
75#endif
76
Ken Sumrall8f869aa2010-12-03 03:47:09 -080077#define DM_CRYPT_BUF_SIZE 4096
78
Jason parks70a4b3f2011-01-28 10:10:47 -060079#define HASH_COUNT 2000
80#define KEY_LEN_BYTES 16
81#define IV_LEN_BYTES 16
82
Ken Sumrall29d8da82011-05-18 17:20:07 -070083#define KEY_IN_FOOTER "footer"
84
Paul Lawrence3bd36d52015-06-09 13:37:44 -070085#define DEFAULT_PASSWORD "default_password"
Paul Lawrencef4faa572014-01-29 13:31:03 -080086
Paul Lawrence3d99eba2015-11-20 07:07:19 -080087#define CRYPTO_BLOCK_DEVICE "userdata"
88
89#define BREADCRUMB_FILE "/data/misc/vold/convert_fde"
90
Ken Sumrall29d8da82011-05-18 17:20:07 -070091#define EXT4_FS 1
JP Abgrall62c7af32014-06-16 13:01:23 -070092#define F2FS_FS 2
Ken Sumrall29d8da82011-05-18 17:20:07 -070093
Ken Sumralle919efe2012-09-29 17:07:41 -070094#define TABLE_LOAD_RETRIES 10
95
Shawn Willden47ba10d2014-09-03 17:07:06 -060096#define RSA_KEY_SIZE 2048
97#define RSA_KEY_SIZE_BYTES (RSA_KEY_SIZE / 8)
98#define RSA_EXPONENT 0x10001
Shawn Willdenda6e8992015-06-03 09:40:45 -060099#define KEYMASTER_CRYPTFS_RATE_LIMIT 1 // Maximum one try per second
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700100
Paul Lawrence8e3f4512014-09-08 10:11:17 -0700101#define RETRY_MOUNT_ATTEMPTS 10
102#define RETRY_MOUNT_DELAY_SECONDS 1
103
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800104char *me = "cryptfs";
105
Jason parks70a4b3f2011-01-28 10:10:47 -0600106static unsigned char saved_master_key[KEY_LEN_BYTES];
Ken Sumrall3ad90722011-10-04 20:38:29 -0700107static char *saved_mount_point;
Jason parks70a4b3f2011-01-28 10:10:47 -0600108static int master_key_saved = 0;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700109static struct crypt_persist_data *persist_data = NULL;
Ken Sumrall56ad03c2013-02-13 13:00:19 -0800110
Shawn Willdenda6e8992015-06-03 09:40:45 -0600111static int keymaster_init(keymaster0_device_t **keymaster0_dev,
112 keymaster1_device_t **keymaster1_dev)
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700113{
114 int rc;
115
116 const hw_module_t* mod;
117 rc = hw_get_module_by_class(KEYSTORE_HARDWARE_MODULE_ID, NULL, &mod);
118 if (rc) {
119 ALOGE("could not find any keystore module");
Shawn Willdenda6e8992015-06-03 09:40:45 -0600120 goto err;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700121 }
122
Shawn Willdenda6e8992015-06-03 09:40:45 -0600123 SLOGI("keymaster module name is %s", mod->name);
124 SLOGI("keymaster version is %d", mod->module_api_version);
125
126 *keymaster0_dev = NULL;
127 *keymaster1_dev = NULL;
128 if (mod->module_api_version == KEYMASTER_MODULE_API_VERSION_1_0) {
129 SLOGI("Found keymaster1 module, using keymaster1 API.");
130 rc = keymaster1_open(mod, keymaster1_dev);
131 } else {
132 SLOGI("Found keymaster0 module, using keymaster0 API.");
133 rc = keymaster0_open(mod, keymaster0_dev);
134 }
135
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700136 if (rc) {
137 ALOGE("could not open keymaster device in %s (%s)",
Shawn Willdenda6e8992015-06-03 09:40:45 -0600138 KEYSTORE_HARDWARE_MODULE_ID, strerror(-rc));
139 goto err;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700140 }
141
142 return 0;
143
Shawn Willdenda6e8992015-06-03 09:40:45 -0600144err:
145 *keymaster0_dev = NULL;
146 *keymaster1_dev = NULL;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700147 return rc;
148}
149
150/* Should we use keymaster? */
151static int keymaster_check_compatibility()
152{
Shawn Willdenda6e8992015-06-03 09:40:45 -0600153 keymaster0_device_t *keymaster0_dev = 0;
154 keymaster1_device_t *keymaster1_dev = 0;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700155 int rc = 0;
156
Shawn Willdenda6e8992015-06-03 09:40:45 -0600157 if (keymaster_init(&keymaster0_dev, &keymaster1_dev)) {
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700158 SLOGE("Failed to init keymaster");
159 rc = -1;
160 goto out;
161 }
162
Shawn Willdenda6e8992015-06-03 09:40:45 -0600163 if (keymaster1_dev) {
164 rc = 1;
165 goto out;
166 }
Paul Lawrence8c008392014-05-06 14:02:48 -0700167
Paul Lawrence300dae72016-03-11 11:02:52 -0800168 if (!keymaster0_dev || !keymaster0_dev->common.module) {
169 rc = -1;
170 goto out;
171 }
172
Shawn Willdenda6e8992015-06-03 09:40:45 -0600173 // TODO(swillden): Check to see if there's any reason to require v0.3. I think v0.1 and v0.2
174 // should work.
175 if (keymaster0_dev->common.module->module_api_version
Paul Lawrence8c008392014-05-06 14:02:48 -0700176 < KEYMASTER_MODULE_API_VERSION_0_3) {
177 rc = 0;
178 goto out;
179 }
180
Shawn Willdenda6e8992015-06-03 09:40:45 -0600181 if (!(keymaster0_dev->flags & KEYMASTER_SOFTWARE_ONLY) &&
182 (keymaster0_dev->flags & KEYMASTER_BLOBS_ARE_STANDALONE)) {
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700183 rc = 1;
184 }
185
186out:
Shawn Willdenda6e8992015-06-03 09:40:45 -0600187 if (keymaster1_dev) {
188 keymaster1_close(keymaster1_dev);
189 }
190 if (keymaster0_dev) {
191 keymaster0_close(keymaster0_dev);
192 }
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700193 return rc;
194}
195
196/* Create a new keymaster key and store it in this footer */
197static int keymaster_create_key(struct crypt_mnt_ftr *ftr)
198{
199 uint8_t* key = 0;
Shawn Willdenda6e8992015-06-03 09:40:45 -0600200 keymaster0_device_t *keymaster0_dev = 0;
201 keymaster1_device_t *keymaster1_dev = 0;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700202
Paul Lawrence3d99eba2015-11-20 07:07:19 -0800203 if (ftr->keymaster_blob_size) {
204 SLOGI("Already have key");
205 return 0;
206 }
207
Shawn Willdenda6e8992015-06-03 09:40:45 -0600208 if (keymaster_init(&keymaster0_dev, &keymaster1_dev)) {
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700209 SLOGE("Failed to init keymaster");
210 return -1;
211 }
212
213 int rc = 0;
Shawn Willdenda6e8992015-06-03 09:40:45 -0600214 size_t key_size = 0;
215 if (keymaster1_dev) {
216 keymaster_key_param_t params[] = {
217 /* Algorithm & size specifications. Stick with RSA for now. Switch to AES later. */
218 keymaster_param_enum(KM_TAG_ALGORITHM, KM_ALGORITHM_RSA),
219 keymaster_param_int(KM_TAG_KEY_SIZE, RSA_KEY_SIZE),
220 keymaster_param_long(KM_TAG_RSA_PUBLIC_EXPONENT, RSA_EXPONENT),
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700221
Shawn Willden86af3552015-06-24 07:21:54 -0700222 /* The only allowed purpose for this key is signing. */
223 keymaster_param_enum(KM_TAG_PURPOSE, KM_PURPOSE_SIGN),
224
225 /* Padding & digest specifications. */
Shawn Willdenda6e8992015-06-03 09:40:45 -0600226 keymaster_param_enum(KM_TAG_PADDING, KM_PAD_NONE),
Shawn Willdenda6e8992015-06-03 09:40:45 -0600227 keymaster_param_enum(KM_TAG_DIGEST, KM_DIGEST_NONE),
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700228
Shawn Willdenda6e8992015-06-03 09:40:45 -0600229 /* Require that the key be usable in standalone mode. File system isn't available. */
230 keymaster_param_enum(KM_TAG_BLOB_USAGE_REQUIREMENTS, KM_BLOB_STANDALONE),
231
232 /* No auth requirements, because cryptfs is not yet integrated with gatekeeper. */
233 keymaster_param_bool(KM_TAG_NO_AUTH_REQUIRED),
234
Shawn Willdenda6e8992015-06-03 09:40:45 -0600235 /* Rate-limit key usage attempts, to rate-limit brute force */
236 keymaster_param_int(KM_TAG_MIN_SECONDS_BETWEEN_OPS, KEYMASTER_CRYPTFS_RATE_LIMIT),
237 };
238 keymaster_key_param_set_t param_set = { params, sizeof(params)/sizeof(*params) };
239 keymaster_key_blob_t key_blob;
240 keymaster_error_t error = keymaster1_dev->generate_key(keymaster1_dev, &param_set,
241 &key_blob,
242 NULL /* characteristics */);
243 if (error != KM_ERROR_OK) {
244 SLOGE("Failed to generate keymaster1 key, error %d", error);
245 rc = -1;
246 goto out;
247 }
248
249 key = (uint8_t*)key_blob.key_material;
250 key_size = key_blob.key_material_size;
251 }
252 else if (keymaster0_dev) {
253 keymaster_rsa_keygen_params_t params;
254 memset(&params, '\0', sizeof(params));
255 params.public_exponent = RSA_EXPONENT;
256 params.modulus_size = RSA_KEY_SIZE;
257
258 if (keymaster0_dev->generate_keypair(keymaster0_dev, TYPE_RSA, &params,
259 &key, &key_size)) {
260 SLOGE("Failed to generate keypair");
261 rc = -1;
262 goto out;
263 }
264 } else {
265 SLOGE("Cryptfs bug: keymaster_init succeeded but didn't initialize a device");
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700266 rc = -1;
267 goto out;
268 }
269
270 if (key_size > KEYMASTER_BLOB_SIZE) {
271 SLOGE("Keymaster key too large for crypto footer");
272 rc = -1;
273 goto out;
274 }
275
276 memcpy(ftr->keymaster_blob, key, key_size);
277 ftr->keymaster_blob_size = key_size;
278
279out:
Shawn Willdenda6e8992015-06-03 09:40:45 -0600280 if (keymaster0_dev)
281 keymaster0_close(keymaster0_dev);
282 if (keymaster1_dev)
283 keymaster1_close(keymaster1_dev);
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700284 free(key);
285 return rc;
286}
287
Shawn Willdene17a9c42014-09-08 13:04:08 -0600288/* This signs the given object using the keymaster key. */
289static int keymaster_sign_object(struct crypt_mnt_ftr *ftr,
Shawn Willden47ba10d2014-09-03 17:07:06 -0600290 const unsigned char *object,
291 const size_t object_size,
292 unsigned char **signature,
293 size_t *signature_size)
294{
295 int rc = 0;
Shawn Willdenda6e8992015-06-03 09:40:45 -0600296 keymaster0_device_t *keymaster0_dev = 0;
297 keymaster1_device_t *keymaster1_dev = 0;
298 if (keymaster_init(&keymaster0_dev, &keymaster1_dev)) {
Shawn Willden47ba10d2014-09-03 17:07:06 -0600299 SLOGE("Failed to init keymaster");
Shawn Willdenda6e8992015-06-03 09:40:45 -0600300 rc = -1;
301 goto out;
Shawn Willden47ba10d2014-09-03 17:07:06 -0600302 }
303
Shawn Willden47ba10d2014-09-03 17:07:06 -0600304 unsigned char to_sign[RSA_KEY_SIZE_BYTES];
Shawn Willdene17a9c42014-09-08 13:04:08 -0600305 size_t to_sign_size = sizeof(to_sign);
Shawn Willden47ba10d2014-09-03 17:07:06 -0600306 memset(to_sign, 0, RSA_KEY_SIZE_BYTES);
Shawn Willden47ba10d2014-09-03 17:07:06 -0600307
Shawn Willdene17a9c42014-09-08 13:04:08 -0600308 // To sign a message with RSA, the message must satisfy two
309 // constraints:
310 //
311 // 1. The message, when interpreted as a big-endian numeric value, must
312 // be strictly less than the public modulus of the RSA key. Note
313 // that because the most significant bit of the public modulus is
314 // guaranteed to be 1 (else it's an (n-1)-bit key, not an n-bit
315 // key), an n-bit message with most significant bit 0 always
316 // satisfies this requirement.
317 //
318 // 2. The message must have the same length in bits as the public
319 // modulus of the RSA key. This requirement isn't mathematically
320 // necessary, but is necessary to ensure consistency in
321 // implementations.
322 switch (ftr->kdf_type) {
Shawn Willdene17a9c42014-09-08 13:04:08 -0600323 case KDF_SCRYPT_KEYMASTER:
324 // This ensures the most significant byte of the signed message
325 // is zero. We could have zero-padded to the left instead, but
326 // this approach is slightly more robust against changes in
327 // object size. However, it's still broken (but not unusably
Shawn Willdenda6e8992015-06-03 09:40:45 -0600328 // so) because we really should be using a proper deterministic
329 // RSA padding function, such as PKCS1.
Shawn Willdene17a9c42014-09-08 13:04:08 -0600330 memcpy(to_sign + 1, object, min(RSA_KEY_SIZE_BYTES - 1, object_size));
331 SLOGI("Signing safely-padded object");
332 break;
333 default:
334 SLOGE("Unknown KDF type %d", ftr->kdf_type);
Shawn Willdenda6e8992015-06-03 09:40:45 -0600335 rc = -1;
336 goto out;
Shawn Willdene17a9c42014-09-08 13:04:08 -0600337 }
338
Shawn Willdenda6e8992015-06-03 09:40:45 -0600339 if (keymaster0_dev) {
340 keymaster_rsa_sign_params_t params;
341 params.digest_type = DIGEST_NONE;
342 params.padding_type = PADDING_NONE;
Shawn Willden47ba10d2014-09-03 17:07:06 -0600343
Shawn Willdenda6e8992015-06-03 09:40:45 -0600344 rc = keymaster0_dev->sign_data(keymaster0_dev,
345 &params,
346 ftr->keymaster_blob,
347 ftr->keymaster_blob_size,
348 to_sign,
349 to_sign_size,
350 signature,
351 signature_size);
352 goto out;
353 } else if (keymaster1_dev) {
354 keymaster_key_blob_t key = { ftr->keymaster_blob, ftr->keymaster_blob_size };
355 keymaster_key_param_t params[] = {
356 keymaster_param_enum(KM_TAG_PADDING, KM_PAD_NONE),
357 keymaster_param_enum(KM_TAG_DIGEST, KM_DIGEST_NONE),
358 };
359 keymaster_key_param_set_t param_set = { params, sizeof(params)/sizeof(*params) };
360 keymaster_operation_handle_t op_handle;
361 keymaster_error_t error = keymaster1_dev->begin(keymaster1_dev, KM_PURPOSE_SIGN, &key,
362 &param_set, NULL /* out_params */,
363 &op_handle);
Shawn Willden04170602015-06-18 12:26:59 -0600364 if (error == KM_ERROR_KEY_RATE_LIMIT_EXCEEDED) {
Shawn Willdenda6e8992015-06-03 09:40:45 -0600365 // Key usage has been rate-limited. Wait a bit and try again.
366 sleep(KEYMASTER_CRYPTFS_RATE_LIMIT);
367 error = keymaster1_dev->begin(keymaster1_dev, KM_PURPOSE_SIGN, &key,
368 &param_set, NULL /* out_params */,
369 &op_handle);
370 }
371 if (error != KM_ERROR_OK) {
372 SLOGE("Error starting keymaster signature transaction: %d", error);
373 rc = -1;
374 goto out;
375 }
376
377 keymaster_blob_t input = { to_sign, to_sign_size };
378 size_t input_consumed;
379 error = keymaster1_dev->update(keymaster1_dev, op_handle, NULL /* in_params */,
380 &input, &input_consumed, NULL /* out_params */,
381 NULL /* output */);
382 if (error != KM_ERROR_OK) {
383 SLOGE("Error sending data to keymaster signature transaction: %d", error);
384 rc = -1;
385 goto out;
386 }
387 if (input_consumed != to_sign_size) {
388 // This should never happen. If it does, it's a bug in the keymaster implementation.
389 SLOGE("Keymaster update() did not consume all data.");
390 keymaster1_dev->abort(keymaster1_dev, op_handle);
391 rc = -1;
392 goto out;
393 }
394
395 keymaster_blob_t tmp_sig;
396 error = keymaster1_dev->finish(keymaster1_dev, op_handle, NULL /* in_params */,
397 NULL /* verify signature */, NULL /* out_params */,
398 &tmp_sig);
399 if (error != KM_ERROR_OK) {
400 SLOGE("Error finishing keymaster signature transaction: %d", error);
401 rc = -1;
402 goto out;
403 }
404
405 *signature = (uint8_t*)tmp_sig.data;
406 *signature_size = tmp_sig.data_length;
407 } else {
408 SLOGE("Cryptfs bug: keymaster_init succeded but didn't initialize a device.");
409 rc = -1;
410 goto out;
411 }
412
413 out:
414 if (keymaster1_dev)
415 keymaster1_close(keymaster1_dev);
416 if (keymaster0_dev)
417 keymaster0_close(keymaster0_dev);
418
419 return rc;
Shawn Willden47ba10d2014-09-03 17:07:06 -0600420}
421
Paul Lawrence399317e2014-03-10 13:20:50 -0700422/* Store password when userdata is successfully decrypted and mounted.
423 * Cleared by cryptfs_clear_password
424 *
425 * To avoid a double prompt at boot, we need to store the CryptKeeper
426 * password and pass it to KeyGuard, which uses it to unlock KeyStore.
427 * Since the entire framework is torn down and rebuilt after encryption,
428 * we have to use a daemon or similar to store the password. Since vold
429 * is secured against IPC except from system processes, it seems a reasonable
430 * place to store this.
431 *
432 * password should be cleared once it has been used.
433 *
434 * password is aged out after password_max_age_seconds seconds.
Paul Lawrence684dbdf2014-02-07 12:07:22 -0800435 */
Paul Lawrence399317e2014-03-10 13:20:50 -0700436static char* password = 0;
437static int password_expiry_time = 0;
438static const int password_max_age_seconds = 60;
Paul Lawrence684dbdf2014-02-07 12:07:22 -0800439
Ken Sumrall56ad03c2013-02-13 13:00:19 -0800440extern struct fstab *fstab;
Ken Sumrall8ddbe402011-01-17 15:26:29 -0800441
Paul Lawrence87999172014-02-20 12:21:31 -0800442enum RebootType {reboot, recovery, shutdown};
443static void cryptfs_reboot(enum RebootType rt)
Ken Sumralladfba362013-06-04 16:37:52 -0700444{
Paul Lawrence87999172014-02-20 12:21:31 -0800445 switch(rt) {
446 case reboot:
447 property_set(ANDROID_RB_PROPERTY, "reboot");
448 break;
449
450 case recovery:
451 property_set(ANDROID_RB_PROPERTY, "reboot,recovery");
452 break;
453
454 case shutdown:
455 property_set(ANDROID_RB_PROPERTY, "shutdown");
456 break;
Ken Sumralladfba362013-06-04 16:37:52 -0700457 }
Paul Lawrence87999172014-02-20 12:21:31 -0800458
Ken Sumralladfba362013-06-04 16:37:52 -0700459 sleep(20);
460
461 /* Shouldn't get here, reboot should happen before sleep times out */
462 return;
463}
464
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800465static void ioctl_init(struct dm_ioctl *io, size_t dataSize, const char *name, unsigned flags)
466{
467 memset(io, 0, dataSize);
468 io->data_size = dataSize;
469 io->data_start = sizeof(struct dm_ioctl);
470 io->version[0] = 4;
471 io->version[1] = 0;
472 io->version[2] = 0;
473 io->flags = flags;
474 if (name) {
Marek Pola5e6b9142015-02-05 14:22:34 +0100475 strlcpy(io->name, name, sizeof(io->name));
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800476 }
477}
478
Kenny Rootc4c70f12013-06-14 12:11:38 -0700479/**
480 * Gets the default device scrypt parameters for key derivation time tuning.
481 * The parameters should lead to about one second derivation time for the
482 * given device.
483 */
484static void get_device_scrypt_params(struct crypt_mnt_ftr *ftr) {
Kenny Rootc4c70f12013-06-14 12:11:38 -0700485 char paramstr[PROPERTY_VALUE_MAX];
Paul Crowley63c18d32016-02-10 14:02:47 +0000486 int Nf, rf, pf;
Kenny Rootc4c70f12013-06-14 12:11:38 -0700487
Paul Crowley63c18d32016-02-10 14:02:47 +0000488 property_get(SCRYPT_PROP, paramstr, SCRYPT_DEFAULTS);
489 if (!parse_scrypt_parameters(paramstr, &Nf, &rf, &pf)) {
490 SLOGW("bad scrypt parameters '%s' should be like '12:8:1'; using defaults", paramstr);
491 parse_scrypt_parameters(SCRYPT_DEFAULTS, &Nf, &rf, &pf);
Kenny Rootc4c70f12013-06-14 12:11:38 -0700492 }
Paul Crowley63c18d32016-02-10 14:02:47 +0000493 ftr->N_factor = Nf;
494 ftr->r_factor = rf;
495 ftr->p_factor = pf;
Kenny Rootc4c70f12013-06-14 12:11:38 -0700496}
497
Ken Sumrall3ed82362011-01-28 23:31:16 -0800498static unsigned int get_fs_size(char *dev)
499{
500 int fd, block_size;
501 struct ext4_super_block sb;
502 off64_t len;
503
Jeff Sharkeyce6a9132015-04-08 21:07:21 -0700504 if ((fd = open(dev, O_RDONLY|O_CLOEXEC)) < 0) {
Ken Sumrall3ed82362011-01-28 23:31:16 -0800505 SLOGE("Cannot open device to get filesystem size ");
506 return 0;
507 }
508
509 if (lseek64(fd, 1024, SEEK_SET) < 0) {
510 SLOGE("Cannot seek to superblock");
511 return 0;
512 }
513
514 if (read(fd, &sb, sizeof(sb)) != sizeof(sb)) {
515 SLOGE("Cannot read superblock");
516 return 0;
517 }
518
519 close(fd);
520
Daniel Rosenberge82df162014-08-15 22:19:23 +0000521 if (le32_to_cpu(sb.s_magic) != EXT4_SUPER_MAGIC) {
522 SLOGE("Not a valid ext4 superblock");
523 return 0;
524 }
Ken Sumrall3ed82362011-01-28 23:31:16 -0800525 block_size = 1024 << sb.s_log_block_size;
526 /* compute length in bytes */
527 len = ( ((off64_t)sb.s_blocks_count_hi << 32) + sb.s_blocks_count_lo) * block_size;
528
529 /* return length in sectors */
530 return (unsigned int) (len / 512);
531}
532
Ken Sumrall160b4d62013-04-22 12:15:39 -0700533static int get_crypt_ftr_info(char **metadata_fname, off64_t *off)
534{
535 static int cached_data = 0;
536 static off64_t cached_off = 0;
537 static char cached_metadata_fname[PROPERTY_VALUE_MAX] = "";
538 int fd;
539 char key_loc[PROPERTY_VALUE_MAX];
540 char real_blkdev[PROPERTY_VALUE_MAX];
Ken Sumrall160b4d62013-04-22 12:15:39 -0700541 int rc = -1;
542
543 if (!cached_data) {
544 fs_mgr_get_crypt_info(fstab, key_loc, real_blkdev, sizeof(key_loc));
545
546 if (!strcmp(key_loc, KEY_IN_FOOTER)) {
Jeff Sharkeyce6a9132015-04-08 21:07:21 -0700547 if ( (fd = open(real_blkdev, O_RDWR|O_CLOEXEC)) < 0) {
Ken Sumrall160b4d62013-04-22 12:15:39 -0700548 SLOGE("Cannot open real block device %s\n", real_blkdev);
549 return -1;
550 }
551
Hiroaki Miyazawa14eab552015-02-04 13:29:15 +0900552 unsigned long nr_sec = 0;
553 get_blkdev_size(fd, &nr_sec);
554 if (nr_sec != 0) {
Ken Sumrall160b4d62013-04-22 12:15:39 -0700555 /* If it's an encrypted Android partition, the last 16 Kbytes contain the
556 * encryption info footer and key, and plenty of bytes to spare for future
557 * growth.
558 */
559 strlcpy(cached_metadata_fname, real_blkdev, sizeof(cached_metadata_fname));
560 cached_off = ((off64_t)nr_sec * 512) - CRYPT_FOOTER_OFFSET;
561 cached_data = 1;
562 } else {
563 SLOGE("Cannot get size of block device %s\n", real_blkdev);
564 }
565 close(fd);
566 } else {
567 strlcpy(cached_metadata_fname, key_loc, sizeof(cached_metadata_fname));
568 cached_off = 0;
569 cached_data = 1;
570 }
571 }
572
573 if (cached_data) {
574 if (metadata_fname) {
575 *metadata_fname = cached_metadata_fname;
576 }
577 if (off) {
578 *off = cached_off;
579 }
580 rc = 0;
581 }
582
583 return rc;
584}
585
Paul Lawrence3d99eba2015-11-20 07:07:19 -0800586/* Set sha256 checksum in structure */
587static void set_ftr_sha(struct crypt_mnt_ftr *crypt_ftr)
588{
589 SHA256_CTX c;
590 SHA256_Init(&c);
591 memset(crypt_ftr->sha256, 0, sizeof(crypt_ftr->sha256));
592 SHA256_Update(&c, crypt_ftr, sizeof(*crypt_ftr));
593 SHA256_Final(crypt_ftr->sha256, &c);
594}
595
Ken Sumralle8744072011-01-18 22:01:55 -0800596/* key or salt can be NULL, in which case just skip writing that value. Useful to
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800597 * update the failed mount count but not change the key.
598 */
Ken Sumrall160b4d62013-04-22 12:15:39 -0700599static int put_crypt_ftr_and_key(struct crypt_mnt_ftr *crypt_ftr)
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800600{
601 int fd;
Tim Murray8439dc92014-12-15 11:56:11 -0800602 unsigned int cnt;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700603 /* starting_off is set to the SEEK_SET offset
604 * where the crypto structure starts
605 */
606 off64_t starting_off;
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800607 int rc = -1;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700608 char *fname = NULL;
Ken Sumrall3be890f2011-09-14 16:53:46 -0700609 struct stat statbuf;
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800610
Paul Lawrence3d99eba2015-11-20 07:07:19 -0800611 set_ftr_sha(crypt_ftr);
612
Ken Sumrall160b4d62013-04-22 12:15:39 -0700613 if (get_crypt_ftr_info(&fname, &starting_off)) {
614 SLOGE("Unable to get crypt_ftr_info\n");
615 return -1;
616 }
617 if (fname[0] != '/') {
Ken Sumralle5032c42012-04-01 23:58:44 -0700618 SLOGE("Unexpected value for crypto key location\n");
Ken Sumrall160b4d62013-04-22 12:15:39 -0700619 return -1;
620 }
Jeff Sharkeyce6a9132015-04-08 21:07:21 -0700621 if ( (fd = open(fname, O_RDWR | O_CREAT|O_CLOEXEC, 0600)) < 0) {
Ken Sumralle550f782013-08-20 13:48:23 -0700622 SLOGE("Cannot open footer file %s for put\n", fname);
Ken Sumrall160b4d62013-04-22 12:15:39 -0700623 return -1;
624 }
625
626 /* Seek to the start of the crypt footer */
627 if (lseek64(fd, starting_off, SEEK_SET) == -1) {
628 SLOGE("Cannot seek to real block device footer\n");
629 goto errout;
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800630 }
631
632 if ((cnt = write(fd, crypt_ftr, sizeof(struct crypt_mnt_ftr))) != sizeof(struct crypt_mnt_ftr)) {
633 SLOGE("Cannot write real block device footer\n");
634 goto errout;
635 }
636
Ken Sumrall3be890f2011-09-14 16:53:46 -0700637 fstat(fd, &statbuf);
638 /* If the keys are kept on a raw block device, do not try to truncate it. */
Ken Sumralle550f782013-08-20 13:48:23 -0700639 if (S_ISREG(statbuf.st_mode)) {
Ken Sumrall29d8da82011-05-18 17:20:07 -0700640 if (ftruncate(fd, 0x4000)) {
Colin Cross59846b62014-02-06 20:34:29 -0800641 SLOGE("Cannot set footer file size\n");
Ken Sumralle8744072011-01-18 22:01:55 -0800642 goto errout;
643 }
644 }
645
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800646 /* Success! */
647 rc = 0;
648
649errout:
650 close(fd);
651 return rc;
652
653}
654
Paul Lawrence3d99eba2015-11-20 07:07:19 -0800655static bool check_ftr_sha(const struct crypt_mnt_ftr *crypt_ftr)
656{
657 struct crypt_mnt_ftr copy;
658 memcpy(&copy, crypt_ftr, sizeof(copy));
659 set_ftr_sha(&copy);
660 return memcmp(copy.sha256, crypt_ftr->sha256, sizeof(copy.sha256)) == 0;
661}
662
Ken Sumrall160b4d62013-04-22 12:15:39 -0700663static inline int unix_read(int fd, void* buff, int len)
664{
665 return TEMP_FAILURE_RETRY(read(fd, buff, len));
666}
667
668static inline int unix_write(int fd, const void* buff, int len)
669{
670 return TEMP_FAILURE_RETRY(write(fd, buff, len));
671}
672
673static void init_empty_persist_data(struct crypt_persist_data *pdata, int len)
674{
675 memset(pdata, 0, len);
676 pdata->persist_magic = PERSIST_DATA_MAGIC;
677 pdata->persist_valid_entries = 0;
678}
679
680/* A routine to update the passed in crypt_ftr to the lastest version.
681 * fd is open read/write on the device that holds the crypto footer and persistent
682 * data, crypt_ftr is a pointer to the struct to be updated, and offset is the
683 * absolute offset to the start of the crypt_mnt_ftr on the passed in fd.
684 */
685static void upgrade_crypt_ftr(int fd, struct crypt_mnt_ftr *crypt_ftr, off64_t offset)
686{
Kenny Root7434b312013-06-14 11:29:53 -0700687 int orig_major = crypt_ftr->major_version;
688 int orig_minor = crypt_ftr->minor_version;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700689
Kenny Root7434b312013-06-14 11:29:53 -0700690 if ((crypt_ftr->major_version == 1) && (crypt_ftr->minor_version == 0)) {
691 struct crypt_persist_data *pdata;
692 off64_t pdata_offset = offset + CRYPT_FOOTER_TO_PERSIST_OFFSET;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700693
Kenny Rootc4c70f12013-06-14 12:11:38 -0700694 SLOGW("upgrading crypto footer to 1.1");
695
Kenny Root7434b312013-06-14 11:29:53 -0700696 pdata = malloc(CRYPT_PERSIST_DATA_SIZE);
697 if (pdata == NULL) {
698 SLOGE("Cannot allocate persisent data\n");
699 return;
700 }
701 memset(pdata, 0, CRYPT_PERSIST_DATA_SIZE);
702
703 /* Need to initialize the persistent data area */
704 if (lseek64(fd, pdata_offset, SEEK_SET) == -1) {
705 SLOGE("Cannot seek to persisent data offset\n");
Henrik Baard91064632015-02-05 15:09:17 +0100706 free(pdata);
Kenny Root7434b312013-06-14 11:29:53 -0700707 return;
708 }
709 /* Write all zeros to the first copy, making it invalid */
710 unix_write(fd, pdata, CRYPT_PERSIST_DATA_SIZE);
711
712 /* Write a valid but empty structure to the second copy */
713 init_empty_persist_data(pdata, CRYPT_PERSIST_DATA_SIZE);
714 unix_write(fd, pdata, CRYPT_PERSIST_DATA_SIZE);
715
716 /* Update the footer */
717 crypt_ftr->persist_data_size = CRYPT_PERSIST_DATA_SIZE;
718 crypt_ftr->persist_data_offset[0] = pdata_offset;
719 crypt_ftr->persist_data_offset[1] = pdata_offset + CRYPT_PERSIST_DATA_SIZE;
720 crypt_ftr->minor_version = 1;
Henrik Baard91064632015-02-05 15:09:17 +0100721 free(pdata);
Ken Sumrall160b4d62013-04-22 12:15:39 -0700722 }
723
Paul Lawrencef4faa572014-01-29 13:31:03 -0800724 if ((crypt_ftr->major_version == 1) && (crypt_ftr->minor_version == 1)) {
Kenny Rootc4c70f12013-06-14 12:11:38 -0700725 SLOGW("upgrading crypto footer to 1.2");
JP Abgrall7bdfa522013-11-15 13:42:56 -0800726 /* But keep the old kdf_type.
727 * It will get updated later to KDF_SCRYPT after the password has been verified.
728 */
Kenny Rootc4c70f12013-06-14 12:11:38 -0700729 crypt_ftr->kdf_type = KDF_PBKDF2;
730 get_device_scrypt_params(crypt_ftr);
731 crypt_ftr->minor_version = 2;
732 }
733
Paul Lawrencef4faa572014-01-29 13:31:03 -0800734 if ((crypt_ftr->major_version == 1) && (crypt_ftr->minor_version == 2)) {
735 SLOGW("upgrading crypto footer to 1.3");
736 crypt_ftr->crypt_type = CRYPT_TYPE_PASSWORD;
737 crypt_ftr->minor_version = 3;
738 }
739
Kenny Root7434b312013-06-14 11:29:53 -0700740 if ((orig_major != crypt_ftr->major_version) || (orig_minor != crypt_ftr->minor_version)) {
741 if (lseek64(fd, offset, SEEK_SET) == -1) {
742 SLOGE("Cannot seek to crypt footer\n");
743 return;
744 }
745 unix_write(fd, crypt_ftr, sizeof(struct crypt_mnt_ftr));
Ken Sumrall160b4d62013-04-22 12:15:39 -0700746 }
Ken Sumrall160b4d62013-04-22 12:15:39 -0700747}
748
749
750static int get_crypt_ftr_and_key(struct crypt_mnt_ftr *crypt_ftr)
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800751{
752 int fd;
Tim Murray8439dc92014-12-15 11:56:11 -0800753 unsigned int cnt;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700754 off64_t starting_off;
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800755 int rc = -1;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700756 char *fname = NULL;
Ken Sumrall29d8da82011-05-18 17:20:07 -0700757 struct stat statbuf;
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800758
Ken Sumrall160b4d62013-04-22 12:15:39 -0700759 if (get_crypt_ftr_info(&fname, &starting_off)) {
760 SLOGE("Unable to get crypt_ftr_info\n");
761 return -1;
762 }
763 if (fname[0] != '/') {
Ken Sumralle5032c42012-04-01 23:58:44 -0700764 SLOGE("Unexpected value for crypto key location\n");
Ken Sumrall160b4d62013-04-22 12:15:39 -0700765 return -1;
766 }
Jeff Sharkeyce6a9132015-04-08 21:07:21 -0700767 if ( (fd = open(fname, O_RDWR|O_CLOEXEC)) < 0) {
Ken Sumralle550f782013-08-20 13:48:23 -0700768 SLOGE("Cannot open footer file %s for get\n", fname);
Ken Sumrall160b4d62013-04-22 12:15:39 -0700769 return -1;
770 }
771
772 /* Make sure it's 16 Kbytes in length */
773 fstat(fd, &statbuf);
774 if (S_ISREG(statbuf.st_mode) && (statbuf.st_size != 0x4000)) {
775 SLOGE("footer file %s is not the expected size!\n", fname);
776 goto errout;
777 }
778
779 /* Seek to the start of the crypt footer */
780 if (lseek64(fd, starting_off, SEEK_SET) == -1) {
781 SLOGE("Cannot seek to real block device footer\n");
782 goto errout;
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800783 }
784
785 if ( (cnt = read(fd, crypt_ftr, sizeof(struct crypt_mnt_ftr))) != sizeof(struct crypt_mnt_ftr)) {
786 SLOGE("Cannot read real block device footer\n");
787 goto errout;
788 }
789
790 if (crypt_ftr->magic != CRYPT_MNT_MAGIC) {
Ken Sumrall29d8da82011-05-18 17:20:07 -0700791 SLOGE("Bad magic for real block device %s\n", fname);
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800792 goto errout;
793 }
794
Kenny Rootc96a5f82013-06-14 12:08:28 -0700795 if (crypt_ftr->major_version != CURRENT_MAJOR_VERSION) {
796 SLOGE("Cannot understand major version %d real block device footer; expected %d\n",
797 crypt_ftr->major_version, CURRENT_MAJOR_VERSION);
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800798 goto errout;
799 }
800
Kenny Rootc96a5f82013-06-14 12:08:28 -0700801 if (crypt_ftr->minor_version > CURRENT_MINOR_VERSION) {
802 SLOGW("Warning: crypto footer minor version %d, expected <= %d, continuing...\n",
803 crypt_ftr->minor_version, CURRENT_MINOR_VERSION);
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800804 }
805
Ken Sumrall160b4d62013-04-22 12:15:39 -0700806 /* If this is a verion 1.0 crypt_ftr, make it a 1.1 crypt footer, and update the
807 * copy on disk before returning.
808 */
Kenny Rootc96a5f82013-06-14 12:08:28 -0700809 if (crypt_ftr->minor_version < CURRENT_MINOR_VERSION) {
Ken Sumrall160b4d62013-04-22 12:15:39 -0700810 upgrade_crypt_ftr(fd, crypt_ftr, starting_off);
Ken Sumralle8744072011-01-18 22:01:55 -0800811 }
812
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800813 /* Success! */
814 rc = 0;
815
816errout:
817 close(fd);
818 return rc;
819}
820
Ken Sumrall160b4d62013-04-22 12:15:39 -0700821static int validate_persistent_data_storage(struct crypt_mnt_ftr *crypt_ftr)
822{
823 if (crypt_ftr->persist_data_offset[0] + crypt_ftr->persist_data_size >
824 crypt_ftr->persist_data_offset[1]) {
825 SLOGE("Crypt_ftr persist data regions overlap");
826 return -1;
827 }
828
829 if (crypt_ftr->persist_data_offset[0] >= crypt_ftr->persist_data_offset[1]) {
830 SLOGE("Crypt_ftr persist data region 0 starts after region 1");
831 return -1;
832 }
833
834 if (((crypt_ftr->persist_data_offset[1] + crypt_ftr->persist_data_size) -
835 (crypt_ftr->persist_data_offset[0] - CRYPT_FOOTER_TO_PERSIST_OFFSET)) >
836 CRYPT_FOOTER_OFFSET) {
837 SLOGE("Persistent data extends past crypto footer");
838 return -1;
839 }
840
841 return 0;
842}
843
844static int load_persistent_data(void)
845{
846 struct crypt_mnt_ftr crypt_ftr;
847 struct crypt_persist_data *pdata = NULL;
848 char encrypted_state[PROPERTY_VALUE_MAX];
849 char *fname;
850 int found = 0;
851 int fd;
852 int ret;
853 int i;
854
855 if (persist_data) {
856 /* Nothing to do, we've already loaded or initialized it */
857 return 0;
858 }
859
860
861 /* If not encrypted, just allocate an empty table and initialize it */
862 property_get("ro.crypto.state", encrypted_state, "");
863 if (strcmp(encrypted_state, "encrypted") ) {
864 pdata = malloc(CRYPT_PERSIST_DATA_SIZE);
865 if (pdata) {
866 init_empty_persist_data(pdata, CRYPT_PERSIST_DATA_SIZE);
867 persist_data = pdata;
868 return 0;
869 }
870 return -1;
871 }
872
873 if(get_crypt_ftr_and_key(&crypt_ftr)) {
874 return -1;
875 }
876
Paul Lawrence8561b5c2014-03-17 14:10:51 -0700877 if ((crypt_ftr.major_version < 1)
878 || (crypt_ftr.major_version == 1 && crypt_ftr.minor_version < 1)) {
Ken Sumrall160b4d62013-04-22 12:15:39 -0700879 SLOGE("Crypt_ftr version doesn't support persistent data");
880 return -1;
881 }
882
883 if (get_crypt_ftr_info(&fname, NULL)) {
884 return -1;
885 }
886
887 ret = validate_persistent_data_storage(&crypt_ftr);
888 if (ret) {
889 return -1;
890 }
891
Jeff Sharkeyce6a9132015-04-08 21:07:21 -0700892 fd = open(fname, O_RDONLY|O_CLOEXEC);
Ken Sumrall160b4d62013-04-22 12:15:39 -0700893 if (fd < 0) {
894 SLOGE("Cannot open %s metadata file", fname);
895 return -1;
896 }
897
Paul Lawrence300dae72016-03-11 11:02:52 -0800898 pdata = malloc(crypt_ftr.persist_data_size);
899 if (pdata == NULL) {
900 SLOGE("Cannot allocate memory for persistent data");
901 goto err;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700902 }
903
904 for (i = 0; i < 2; i++) {
905 if (lseek64(fd, crypt_ftr.persist_data_offset[i], SEEK_SET) < 0) {
906 SLOGE("Cannot seek to read persistent data on %s", fname);
907 goto err2;
908 }
909 if (unix_read(fd, pdata, crypt_ftr.persist_data_size) < 0){
910 SLOGE("Error reading persistent data on iteration %d", i);
911 goto err2;
912 }
913 if (pdata->persist_magic == PERSIST_DATA_MAGIC) {
914 found = 1;
915 break;
916 }
917 }
918
919 if (!found) {
920 SLOGI("Could not find valid persistent data, creating");
921 init_empty_persist_data(pdata, crypt_ftr.persist_data_size);
922 }
923
924 /* Success */
925 persist_data = pdata;
926 close(fd);
927 return 0;
928
929err2:
930 free(pdata);
931
932err:
933 close(fd);
934 return -1;
935}
936
937static int save_persistent_data(void)
938{
939 struct crypt_mnt_ftr crypt_ftr;
940 struct crypt_persist_data *pdata;
941 char *fname;
942 off64_t write_offset;
943 off64_t erase_offset;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700944 int fd;
945 int ret;
946
947 if (persist_data == NULL) {
948 SLOGE("No persistent data to save");
949 return -1;
950 }
951
952 if(get_crypt_ftr_and_key(&crypt_ftr)) {
953 return -1;
954 }
955
Paul Lawrence8561b5c2014-03-17 14:10:51 -0700956 if ((crypt_ftr.major_version < 1)
957 || (crypt_ftr.major_version == 1 && crypt_ftr.minor_version < 1)) {
Ken Sumrall160b4d62013-04-22 12:15:39 -0700958 SLOGE("Crypt_ftr version doesn't support persistent data");
959 return -1;
960 }
961
962 ret = validate_persistent_data_storage(&crypt_ftr);
963 if (ret) {
964 return -1;
965 }
966
967 if (get_crypt_ftr_info(&fname, NULL)) {
968 return -1;
969 }
970
Jeff Sharkeyce6a9132015-04-08 21:07:21 -0700971 fd = open(fname, O_RDWR|O_CLOEXEC);
Ken Sumrall160b4d62013-04-22 12:15:39 -0700972 if (fd < 0) {
973 SLOGE("Cannot open %s metadata file", fname);
974 return -1;
975 }
976
977 pdata = malloc(crypt_ftr.persist_data_size);
978 if (pdata == NULL) {
979 SLOGE("Cannot allocate persistant data");
980 goto err;
981 }
982
983 if (lseek64(fd, crypt_ftr.persist_data_offset[0], SEEK_SET) < 0) {
984 SLOGE("Cannot seek to read persistent data on %s", fname);
985 goto err2;
986 }
987
988 if (unix_read(fd, pdata, crypt_ftr.persist_data_size) < 0) {
989 SLOGE("Error reading persistent data before save");
990 goto err2;
991 }
992
993 if (pdata->persist_magic == PERSIST_DATA_MAGIC) {
994 /* The first copy is the curent valid copy, so write to
995 * the second copy and erase this one */
996 write_offset = crypt_ftr.persist_data_offset[1];
997 erase_offset = crypt_ftr.persist_data_offset[0];
998 } else {
999 /* The second copy must be the valid copy, so write to
1000 * the first copy, and erase the second */
1001 write_offset = crypt_ftr.persist_data_offset[0];
1002 erase_offset = crypt_ftr.persist_data_offset[1];
1003 }
1004
1005 /* Write the new copy first, if successful, then erase the old copy */
Björn Landström96dbee72015-01-20 12:43:56 +01001006 if (lseek64(fd, write_offset, SEEK_SET) < 0) {
Ken Sumrall160b4d62013-04-22 12:15:39 -07001007 SLOGE("Cannot seek to write persistent data");
1008 goto err2;
1009 }
1010 if (unix_write(fd, persist_data, crypt_ftr.persist_data_size) ==
1011 (int) crypt_ftr.persist_data_size) {
Björn Landström96dbee72015-01-20 12:43:56 +01001012 if (lseek64(fd, erase_offset, SEEK_SET) < 0) {
Ken Sumrall160b4d62013-04-22 12:15:39 -07001013 SLOGE("Cannot seek to erase previous persistent data");
1014 goto err2;
1015 }
1016 fsync(fd);
1017 memset(pdata, 0, crypt_ftr.persist_data_size);
1018 if (unix_write(fd, pdata, crypt_ftr.persist_data_size) !=
1019 (int) crypt_ftr.persist_data_size) {
1020 SLOGE("Cannot write to erase previous persistent data");
1021 goto err2;
1022 }
1023 fsync(fd);
1024 } else {
1025 SLOGE("Cannot write to save persistent data");
1026 goto err2;
1027 }
1028
1029 /* Success */
1030 free(pdata);
1031 close(fd);
1032 return 0;
1033
1034err2:
1035 free(pdata);
1036err:
1037 close(fd);
1038 return -1;
1039}
1040
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001041/* Convert a binary key of specified length into an ascii hex string equivalent,
1042 * without the leading 0x and with null termination
1043 */
Jeff Sharkey9c484982015-03-31 10:35:33 -07001044static void convert_key_to_hex_ascii(const unsigned char *master_key,
Paul Lawrence3bd36d52015-06-09 13:37:44 -07001045 unsigned int keysize, char *master_key_ascii) {
1046 unsigned int i, a;
1047 unsigned char nibble;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001048
Paul Lawrence3bd36d52015-06-09 13:37:44 -07001049 for (i=0, a=0; i<keysize; i++, a+=2) {
1050 /* For each byte, write out two ascii hex digits */
1051 nibble = (master_key[i] >> 4) & 0xf;
1052 master_key_ascii[a] = nibble + (nibble > 9 ? 0x37 : 0x30);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001053
Paul Lawrence3bd36d52015-06-09 13:37:44 -07001054 nibble = master_key[i] & 0xf;
1055 master_key_ascii[a+1] = nibble + (nibble > 9 ? 0x37 : 0x30);
1056 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001057
Paul Lawrence3bd36d52015-06-09 13:37:44 -07001058 /* Add the null termination */
1059 master_key_ascii[a] = '\0';
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001060
1061}
1062
Jeff Sharkey9c484982015-03-31 10:35:33 -07001063static int load_crypto_mapping_table(struct crypt_mnt_ftr *crypt_ftr,
1064 const unsigned char *master_key, const char *real_blk_name,
1065 const char *name, int fd, const char *extra_params) {
Dan Albertc07fa3f2014-12-18 10:00:55 -08001066 _Alignas(struct dm_ioctl) char buffer[DM_CRYPT_BUF_SIZE];
Ken Sumralldb5e0262013-02-05 17:39:48 -08001067 struct dm_ioctl *io;
1068 struct dm_target_spec *tgt;
1069 char *crypt_params;
1070 char master_key_ascii[129]; /* Large enough to hold 512 bit key and null */
George Burgess IV605d7ae2016-02-29 13:39:17 -08001071 size_t buff_offset;
Ken Sumralldb5e0262013-02-05 17:39:48 -08001072 int i;
1073
1074 io = (struct dm_ioctl *) buffer;
1075
1076 /* Load the mapping table for this device */
1077 tgt = (struct dm_target_spec *) &buffer[sizeof(struct dm_ioctl)];
1078
1079 ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
1080 io->target_count = 1;
1081 tgt->status = 0;
1082 tgt->sector_start = 0;
1083 tgt->length = crypt_ftr->fs_size;
Ajay Dudani87701e22014-09-17 21:02:52 -07001084#ifdef CONFIG_HW_DISK_ENCRYPTION
Iliyan Malchevbb7d9af2014-11-20 18:42:23 -08001085 if (!strcmp((char *)crypt_ftr->crypto_type_name, "aes-xts")) {
1086 strlcpy(tgt->target_type, "req-crypt", DM_MAX_TYPE_NAME);
1087 }
1088 else {
1089 strlcpy(tgt->target_type, "crypt", DM_MAX_TYPE_NAME);
1090 }
Ajay Dudani87701e22014-09-17 21:02:52 -07001091#else
1092 strlcpy(tgt->target_type, "crypt", DM_MAX_TYPE_NAME);
1093#endif
Ken Sumralldb5e0262013-02-05 17:39:48 -08001094
1095 crypt_params = buffer + sizeof(struct dm_ioctl) + sizeof(struct dm_target_spec);
1096 convert_key_to_hex_ascii(master_key, crypt_ftr->keysize, master_key_ascii);
George Burgess IV605d7ae2016-02-29 13:39:17 -08001097
1098 buff_offset = crypt_params - buffer;
1099 snprintf(crypt_params, sizeof(buffer) - buff_offset, "%s %s 0 %s 0 %s",
1100 crypt_ftr->crypto_type_name, master_key_ascii, real_blk_name,
1101 extra_params);
Ken Sumralldb5e0262013-02-05 17:39:48 -08001102 crypt_params += strlen(crypt_params) + 1;
1103 crypt_params = (char *) (((unsigned long)crypt_params + 7) & ~8); /* Align to an 8 byte boundary */
1104 tgt->next = crypt_params - buffer;
1105
1106 for (i = 0; i < TABLE_LOAD_RETRIES; i++) {
1107 if (! ioctl(fd, DM_TABLE_LOAD, io)) {
1108 break;
1109 }
1110 usleep(500000);
1111 }
1112
1113 if (i == TABLE_LOAD_RETRIES) {
1114 /* We failed to load the table, return an error */
1115 return -1;
1116 } else {
1117 return i + 1;
1118 }
1119}
1120
1121
1122static int get_dm_crypt_version(int fd, const char *name, int *version)
1123{
1124 char buffer[DM_CRYPT_BUF_SIZE];
1125 struct dm_ioctl *io;
1126 struct dm_target_versions *v;
Ken Sumralldb5e0262013-02-05 17:39:48 -08001127
1128 io = (struct dm_ioctl *) buffer;
1129
1130 ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
1131
1132 if (ioctl(fd, DM_LIST_VERSIONS, io)) {
1133 return -1;
1134 }
1135
1136 /* Iterate over the returned versions, looking for name of "crypt".
1137 * When found, get and return the version.
1138 */
1139 v = (struct dm_target_versions *) &buffer[sizeof(struct dm_ioctl)];
1140 while (v->next) {
Ajay Dudani87701e22014-09-17 21:02:52 -07001141#ifdef CONFIG_HW_DISK_ENCRYPTION
Iliyan Malchevbb7d9af2014-11-20 18:42:23 -08001142 if (! strcmp(v->name, "crypt") || ! strcmp(v->name, "req-crypt")) {
Ajay Dudani87701e22014-09-17 21:02:52 -07001143#else
Ken Sumralldb5e0262013-02-05 17:39:48 -08001144 if (! strcmp(v->name, "crypt")) {
Ajay Dudani87701e22014-09-17 21:02:52 -07001145#endif
Ken Sumralldb5e0262013-02-05 17:39:48 -08001146 /* We found the crypt driver, return the version, and get out */
1147 version[0] = v->version[0];
1148 version[1] = v->version[1];
1149 version[2] = v->version[2];
1150 return 0;
1151 }
1152 v = (struct dm_target_versions *)(((char *)v) + v->next);
1153 }
1154
1155 return -1;
1156}
1157
Jeff Sharkey9c484982015-03-31 10:35:33 -07001158static int create_crypto_blk_dev(struct crypt_mnt_ftr *crypt_ftr,
1159 const unsigned char *master_key, const char *real_blk_name,
1160 char *crypto_blk_name, const char *name) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001161 char buffer[DM_CRYPT_BUF_SIZE];
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001162 struct dm_ioctl *io;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001163 unsigned int minor;
Ajay Dudani87701e22014-09-17 21:02:52 -07001164 int fd=0;
Daniel Rosenberg25a52132016-02-26 16:44:36 -08001165 int err;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001166 int retval = -1;
Ken Sumralldb5e0262013-02-05 17:39:48 -08001167 int version[3];
1168 char *extra_params;
1169 int load_count;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001170
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07001171 if ((fd = open("/dev/device-mapper", O_RDWR|O_CLOEXEC)) < 0 ) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001172 SLOGE("Cannot open device-mapper\n");
1173 goto errout;
1174 }
1175
1176 io = (struct dm_ioctl *) buffer;
1177
1178 ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
Daniel Rosenberg25a52132016-02-26 16:44:36 -08001179 err = ioctl(fd, DM_DEV_CREATE, io);
1180 if (err) {
1181 SLOGE("Cannot create dm-crypt device %s: %s\n", name, strerror(errno));
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001182 goto errout;
1183 }
1184
1185 /* Get the device status, in particular, the name of it's device file */
1186 ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
1187 if (ioctl(fd, DM_DEV_STATUS, io)) {
1188 SLOGE("Cannot retrieve dm-crypt device status\n");
1189 goto errout;
1190 }
1191 minor = (io->dev & 0xff) | ((io->dev >> 12) & 0xfff00);
1192 snprintf(crypto_blk_name, MAXPATHLEN, "/dev/block/dm-%u", minor);
1193
Ken Sumralldb5e0262013-02-05 17:39:48 -08001194 extra_params = "";
1195 if (! get_dm_crypt_version(fd, name, version)) {
1196 /* Support for allow_discards was added in version 1.11.0 */
1197 if ((version[0] >= 2) ||
1198 ((version[0] == 1) && (version[1] >= 11))) {
1199 extra_params = "1 allow_discards";
1200 SLOGI("Enabling support for allow_discards in dmcrypt.\n");
1201 }
Ken Sumralle919efe2012-09-29 17:07:41 -07001202 }
1203
Ken Sumralldb5e0262013-02-05 17:39:48 -08001204 load_count = load_crypto_mapping_table(crypt_ftr, master_key, real_blk_name, name,
1205 fd, extra_params);
1206 if (load_count < 0) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001207 SLOGE("Cannot load dm-crypt mapping table.\n");
1208 goto errout;
Ken Sumralldb5e0262013-02-05 17:39:48 -08001209 } else if (load_count > 1) {
1210 SLOGI("Took %d tries to load dmcrypt table.\n", load_count);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001211 }
1212
1213 /* Resume this device to activate it */
Ken Sumralldb5e0262013-02-05 17:39:48 -08001214 ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001215
1216 if (ioctl(fd, DM_DEV_SUSPEND, io)) {
1217 SLOGE("Cannot resume the dm-crypt device\n");
1218 goto errout;
1219 }
1220
1221 /* We made it here with no errors. Woot! */
1222 retval = 0;
1223
1224errout:
1225 close(fd); /* If fd is <0 from a failed open call, it's safe to just ignore the close error */
1226
1227 return retval;
1228}
1229
Ken Sumrall29d8da82011-05-18 17:20:07 -07001230static int delete_crypto_blk_dev(char *name)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001231{
1232 int fd;
1233 char buffer[DM_CRYPT_BUF_SIZE];
1234 struct dm_ioctl *io;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001235 int retval = -1;
1236
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07001237 if ((fd = open("/dev/device-mapper", O_RDWR|O_CLOEXEC)) < 0 ) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001238 SLOGE("Cannot open device-mapper\n");
1239 goto errout;
1240 }
1241
1242 io = (struct dm_ioctl *) buffer;
1243
1244 ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
1245 if (ioctl(fd, DM_DEV_REMOVE, io)) {
1246 SLOGE("Cannot remove dm-crypt device\n");
1247 goto errout;
1248 }
1249
1250 /* We made it here with no errors. Woot! */
1251 retval = 0;
1252
1253errout:
1254 close(fd); /* If fd is <0 from a failed open call, it's safe to just ignore the close error */
1255
1256 return retval;
1257
1258}
1259
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001260static int pbkdf2(const char *passwd, const unsigned char *salt,
Paul Lawrencef4faa572014-01-29 13:31:03 -08001261 unsigned char *ikey, void *params UNUSED)
1262{
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001263 SLOGI("Using pbkdf2 for cryptfs KDF");
1264
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001265 /* Turn the password into a key and IV that can decrypt the master key */
Adam Langleybf0d9722015-11-04 14:51:39 -08001266 return PKCS5_PBKDF2_HMAC_SHA1(passwd, strlen(passwd), salt, SALT_LEN,
1267 HASH_COUNT, KEY_LEN_BYTES + IV_LEN_BYTES,
1268 ikey) != 1;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001269}
1270
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001271static int scrypt(const char *passwd, const unsigned char *salt,
Paul Lawrencef4faa572014-01-29 13:31:03 -08001272 unsigned char *ikey, void *params)
1273{
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001274 SLOGI("Using scrypt for cryptfs KDF");
1275
Kenny Rootc4c70f12013-06-14 12:11:38 -07001276 struct crypt_mnt_ftr *ftr = (struct crypt_mnt_ftr *) params;
1277
1278 int N = 1 << ftr->N_factor;
1279 int r = 1 << ftr->r_factor;
1280 int p = 1 << ftr->p_factor;
1281
1282 /* Turn the password into a key and IV that can decrypt the master key */
Paul Lawrencef4faa572014-01-29 13:31:03 -08001283 unsigned int keysize;
Paul Lawrence3bd36d52015-06-09 13:37:44 -07001284 crypto_scrypt((const uint8_t*)passwd, strlen(passwd),
1285 salt, SALT_LEN, N, r, p, ikey,
1286 KEY_LEN_BYTES + IV_LEN_BYTES);
Paul Lawrencef4faa572014-01-29 13:31:03 -08001287
Paul Lawrence3bd36d52015-06-09 13:37:44 -07001288 return 0;
Kenny Rootc4c70f12013-06-14 12:11:38 -07001289}
1290
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001291static int scrypt_keymaster(const char *passwd, const unsigned char *salt,
1292 unsigned char *ikey, void *params)
1293{
1294 SLOGI("Using scrypt with keymaster for cryptfs KDF");
1295
1296 int rc;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001297 size_t signature_size;
1298 unsigned char* signature;
1299 struct crypt_mnt_ftr *ftr = (struct crypt_mnt_ftr *) params;
1300
1301 int N = 1 << ftr->N_factor;
1302 int r = 1 << ftr->r_factor;
1303 int p = 1 << ftr->p_factor;
1304
Paul Lawrence3bd36d52015-06-09 13:37:44 -07001305 rc = crypto_scrypt((const uint8_t*)passwd, strlen(passwd),
1306 salt, SALT_LEN, N, r, p, ikey,
1307 KEY_LEN_BYTES + IV_LEN_BYTES);
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001308
1309 if (rc) {
1310 SLOGE("scrypt failed");
1311 return -1;
1312 }
1313
Shawn Willdene17a9c42014-09-08 13:04:08 -06001314 if (keymaster_sign_object(ftr, ikey, KEY_LEN_BYTES + IV_LEN_BYTES,
1315 &signature, &signature_size)) {
1316 SLOGE("Signing failed");
1317 return -1;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001318 }
1319
1320 rc = crypto_scrypt(signature, signature_size, salt, SALT_LEN,
1321 N, r, p, ikey, KEY_LEN_BYTES + IV_LEN_BYTES);
1322 free(signature);
1323
1324 if (rc) {
1325 SLOGE("scrypt failed");
1326 return -1;
1327 }
1328
1329 return 0;
1330}
1331
1332static int encrypt_master_key(const char *passwd, const unsigned char *salt,
1333 const unsigned char *decrypted_master_key,
Kenny Rootc4c70f12013-06-14 12:11:38 -07001334 unsigned char *encrypted_master_key,
1335 struct crypt_mnt_ftr *crypt_ftr)
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001336{
1337 unsigned char ikey[32+32] = { 0 }; /* Big enough to hold a 256 bit key and 256 bit IV */
1338 EVP_CIPHER_CTX e_ctx;
1339 int encrypted_len, final_len;
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001340 int rc = 0;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001341
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001342 /* Turn the password into an intermediate key and IV that can decrypt the master key */
Kenny Rootc4c70f12013-06-14 12:11:38 -07001343 get_device_scrypt_params(crypt_ftr);
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001344
1345 switch (crypt_ftr->kdf_type) {
1346 case KDF_SCRYPT_KEYMASTER:
1347 if (keymaster_create_key(crypt_ftr)) {
1348 SLOGE("keymaster_create_key failed");
1349 return -1;
1350 }
1351
1352 if (scrypt_keymaster(passwd, salt, ikey, crypt_ftr)) {
1353 SLOGE("scrypt failed");
1354 return -1;
1355 }
1356 break;
1357
1358 case KDF_SCRYPT:
1359 if (scrypt(passwd, salt, ikey, crypt_ftr)) {
1360 SLOGE("scrypt failed");
1361 return -1;
1362 }
1363 break;
1364
1365 default:
1366 SLOGE("Invalid kdf_type");
Paul Lawrencef4faa572014-01-29 13:31:03 -08001367 return -1;
1368 }
Kenny Rootc4c70f12013-06-14 12:11:38 -07001369
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001370 /* Initialize the decryption engine */
Adam Langley889c4f12014-09-03 14:23:13 -07001371 EVP_CIPHER_CTX_init(&e_ctx);
1372 if (! EVP_EncryptInit_ex(&e_ctx, EVP_aes_128_cbc(), NULL, ikey, ikey+KEY_LEN_BYTES)) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001373 SLOGE("EVP_EncryptInit failed\n");
1374 return -1;
1375 }
1376 EVP_CIPHER_CTX_set_padding(&e_ctx, 0); /* Turn off padding as our data is block aligned */
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001377
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001378 /* Encrypt the master key */
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001379 if (! EVP_EncryptUpdate(&e_ctx, encrypted_master_key, &encrypted_len,
Paul Lawrence731a7a22015-04-28 22:14:15 +00001380 decrypted_master_key, KEY_LEN_BYTES)) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001381 SLOGE("EVP_EncryptUpdate failed\n");
1382 return -1;
1383 }
Adam Langley889c4f12014-09-03 14:23:13 -07001384 if (! EVP_EncryptFinal_ex(&e_ctx, encrypted_master_key + encrypted_len, &final_len)) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001385 SLOGE("EVP_EncryptFinal failed\n");
1386 return -1;
1387 }
1388
1389 if (encrypted_len + final_len != KEY_LEN_BYTES) {
1390 SLOGE("EVP_Encryption length check failed with %d, %d bytes\n", encrypted_len, final_len);
1391 return -1;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001392 }
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001393
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001394 /* Store the scrypt of the intermediate key, so we can validate if it's a
1395 password error or mount error when things go wrong.
1396 Note there's no need to check for errors, since if this is incorrect, we
1397 simply won't wipe userdata, which is the correct default behavior
1398 */
1399 int N = 1 << crypt_ftr->N_factor;
1400 int r = 1 << crypt_ftr->r_factor;
1401 int p = 1 << crypt_ftr->p_factor;
1402
1403 rc = crypto_scrypt(ikey, KEY_LEN_BYTES,
1404 crypt_ftr->salt, sizeof(crypt_ftr->salt), N, r, p,
1405 crypt_ftr->scrypted_intermediate_key,
1406 sizeof(crypt_ftr->scrypted_intermediate_key));
1407
1408 if (rc) {
1409 SLOGE("encrypt_master_key: crypto_scrypt failed");
1410 }
1411
Thurston Hou Yeen Dang06dc3112016-07-18 14:16:37 -07001412 EVP_CIPHER_CTX_cleanup(&e_ctx);
1413
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001414 return 0;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001415}
1416
Paul Lawrence731a7a22015-04-28 22:14:15 +00001417static int decrypt_master_key_aux(const char *passwd, unsigned char *salt,
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001418 unsigned char *encrypted_master_key,
1419 unsigned char *decrypted_master_key,
1420 kdf_func kdf, void *kdf_params,
1421 unsigned char** intermediate_key,
1422 size_t* intermediate_key_size)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001423{
1424 unsigned char ikey[32+32] = { 0 }; /* Big enough to hold a 256 bit key and 256 bit IV */
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001425 EVP_CIPHER_CTX d_ctx;
1426 int decrypted_len, final_len;
1427
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001428 /* Turn the password into an intermediate key and IV that can decrypt the
1429 master key */
Paul Lawrencef4faa572014-01-29 13:31:03 -08001430 if (kdf(passwd, salt, ikey, kdf_params)) {
1431 SLOGE("kdf failed");
1432 return -1;
1433 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001434
1435 /* Initialize the decryption engine */
Adam Langley889c4f12014-09-03 14:23:13 -07001436 EVP_CIPHER_CTX_init(&d_ctx);
1437 if (! EVP_DecryptInit_ex(&d_ctx, EVP_aes_128_cbc(), NULL, ikey, ikey+KEY_LEN_BYTES)) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001438 return -1;
1439 }
1440 EVP_CIPHER_CTX_set_padding(&d_ctx, 0); /* Turn off padding as our data is block aligned */
1441 /* Decrypt the master key */
1442 if (! EVP_DecryptUpdate(&d_ctx, decrypted_master_key, &decrypted_len,
1443 encrypted_master_key, KEY_LEN_BYTES)) {
1444 return -1;
1445 }
Adam Langley889c4f12014-09-03 14:23:13 -07001446 if (! EVP_DecryptFinal_ex(&d_ctx, decrypted_master_key + decrypted_len, &final_len)) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001447 return -1;
1448 }
1449
1450 if (decrypted_len + final_len != KEY_LEN_BYTES) {
1451 return -1;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001452 }
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001453
1454 /* Copy intermediate key if needed by params */
1455 if (intermediate_key && intermediate_key_size) {
1456 *intermediate_key = (unsigned char*) malloc(KEY_LEN_BYTES);
Greg Kaisere8167af2016-04-20 10:50:15 -07001457 if (*intermediate_key) {
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001458 memcpy(*intermediate_key, ikey, KEY_LEN_BYTES);
1459 *intermediate_key_size = KEY_LEN_BYTES;
1460 }
1461 }
1462
Thurston Hou Yeen Dang06dc3112016-07-18 14:16:37 -07001463 EVP_CIPHER_CTX_cleanup(&d_ctx);
1464
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001465 return 0;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001466}
1467
Kenny Rootc4c70f12013-06-14 12:11:38 -07001468static void get_kdf_func(struct crypt_mnt_ftr *ftr, kdf_func *kdf, void** kdf_params)
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001469{
Paul Lawrencedb3730c2015-02-03 13:08:10 -08001470 if (ftr->kdf_type == KDF_SCRYPT_KEYMASTER) {
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001471 *kdf = scrypt_keymaster;
1472 *kdf_params = ftr;
1473 } else if (ftr->kdf_type == KDF_SCRYPT) {
Kenny Rootc4c70f12013-06-14 12:11:38 -07001474 *kdf = scrypt;
1475 *kdf_params = ftr;
1476 } else {
1477 *kdf = pbkdf2;
1478 *kdf_params = NULL;
1479 }
1480}
1481
Paul Lawrence731a7a22015-04-28 22:14:15 +00001482static int decrypt_master_key(const char *passwd, unsigned char *decrypted_master_key,
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001483 struct crypt_mnt_ftr *crypt_ftr,
1484 unsigned char** intermediate_key,
1485 size_t* intermediate_key_size)
Kenny Rootc4c70f12013-06-14 12:11:38 -07001486{
1487 kdf_func kdf;
1488 void *kdf_params;
1489 int ret;
1490
1491 get_kdf_func(crypt_ftr, &kdf, &kdf_params);
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001492 ret = decrypt_master_key_aux(passwd, crypt_ftr->salt, crypt_ftr->master_key,
1493 decrypted_master_key, kdf, kdf_params,
1494 intermediate_key, intermediate_key_size);
Kenny Rootc4c70f12013-06-14 12:11:38 -07001495 if (ret != 0) {
1496 SLOGW("failure decrypting master key");
Kenny Rootc4c70f12013-06-14 12:11:38 -07001497 }
1498
1499 return ret;
1500}
1501
1502static int create_encrypted_random_key(char *passwd, unsigned char *master_key, unsigned char *salt,
1503 struct crypt_mnt_ftr *crypt_ftr) {
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001504 int fd;
Ken Sumralle8744072011-01-18 22:01:55 -08001505 unsigned char key_buf[KEY_LEN_BYTES];
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001506
1507 /* Get some random bits for a key */
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07001508 fd = open("/dev/urandom", O_RDONLY|O_CLOEXEC);
Ken Sumralle8744072011-01-18 22:01:55 -08001509 read(fd, key_buf, sizeof(key_buf));
1510 read(fd, salt, SALT_LEN);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001511 close(fd);
1512
1513 /* Now encrypt it with the password */
Kenny Rootc4c70f12013-06-14 12:11:38 -07001514 return encrypt_master_key(passwd, salt, key_buf, master_key, crypt_ftr);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001515}
1516
Paul Lawrence2f32cda2015-05-05 14:28:25 -07001517int wait_and_unmount(const char *mountpoint, bool kill)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001518{
Greg Hackmann955653e2014-09-24 14:55:20 -07001519 int i, err, rc;
Ken Sumrall2eaf7132011-01-14 12:45:48 -08001520#define WAIT_UNMOUNT_COUNT 20
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001521
1522 /* Now umount the tmpfs filesystem */
1523 for (i=0; i<WAIT_UNMOUNT_COUNT; i++) {
Greg Hackmann6e8440f2014-10-02 17:18:20 -07001524 if (umount(mountpoint) == 0) {
1525 break;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001526 }
Greg Hackmann6e8440f2014-10-02 17:18:20 -07001527
1528 if (errno == EINVAL) {
1529 /* EINVAL is returned if the directory is not a mountpoint,
1530 * i.e. there is no filesystem mounted there. So just get out.
1531 */
1532 break;
1533 }
1534
1535 err = errno;
1536
1537 /* If allowed, be increasingly aggressive before the last two retries */
1538 if (kill) {
1539 if (i == (WAIT_UNMOUNT_COUNT - 3)) {
1540 SLOGW("sending SIGHUP to processes with open files\n");
Jeff Sharkey36801cc2015-03-13 16:09:20 -07001541 vold_killProcessesWithOpenFiles(mountpoint, SIGTERM);
Greg Hackmann6e8440f2014-10-02 17:18:20 -07001542 } else if (i == (WAIT_UNMOUNT_COUNT - 2)) {
1543 SLOGW("sending SIGKILL to processes with open files\n");
Jeff Sharkey36801cc2015-03-13 16:09:20 -07001544 vold_killProcessesWithOpenFiles(mountpoint, SIGKILL);
Greg Hackmann6e8440f2014-10-02 17:18:20 -07001545 }
1546 }
1547
1548 sleep(1);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001549 }
1550
1551 if (i < WAIT_UNMOUNT_COUNT) {
1552 SLOGD("unmounting %s succeeded\n", mountpoint);
1553 rc = 0;
1554 } else {
jessica_yu3f14fe42014-09-22 15:57:40 +08001555 vold_killProcessesWithOpenFiles(mountpoint, 0);
Greg Hackmann955653e2014-09-24 14:55:20 -07001556 SLOGE("unmounting %s failed: %s\n", mountpoint, strerror(err));
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001557 rc = -1;
1558 }
1559
1560 return rc;
1561}
1562
Paul Lawrenceb1ef4662015-06-11 11:15:29 -07001563#define DATA_PREP_TIMEOUT 1000
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001564static int prep_data_fs(void)
1565{
1566 int i;
1567
Jeff Sharkey47695b22016-02-01 17:02:29 -07001568 // NOTE: post_fs_data results in init calling back around to vold, so all
1569 // callers to this method must be async
1570
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001571 /* Do the prep of the /data filesystem */
1572 property_set("vold.post_fs_data_done", "0");
1573 property_set("vold.decrypt", "trigger_post_fs_data");
1574 SLOGD("Just triggered post_fs_data\n");
1575
Ken Sumrallc5872692013-05-14 15:26:31 -07001576 /* Wait a max of 50 seconds, hopefully it takes much less */
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001577 for (i=0; i<DATA_PREP_TIMEOUT; i++) {
Ken Sumrall29d8da82011-05-18 17:20:07 -07001578 char p[PROPERTY_VALUE_MAX];
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001579
1580 property_get("vold.post_fs_data_done", p, "0");
1581 if (*p == '1') {
1582 break;
1583 } else {
Paul Lawrenceb1ef4662015-06-11 11:15:29 -07001584 usleep(50000);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001585 }
1586 }
1587 if (i == DATA_PREP_TIMEOUT) {
1588 /* Ugh, we failed to prep /data in time. Bail. */
Ken Sumrallc5872692013-05-14 15:26:31 -07001589 SLOGE("post_fs_data timed out!\n");
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001590 return -1;
1591 } else {
1592 SLOGD("post_fs_data done\n");
1593 return 0;
1594 }
1595}
1596
Paul Lawrence74f29f12014-08-28 15:54:10 -07001597static void cryptfs_set_corrupt()
1598{
1599 // Mark the footer as bad
1600 struct crypt_mnt_ftr crypt_ftr;
1601 if (get_crypt_ftr_and_key(&crypt_ftr)) {
1602 SLOGE("Failed to get crypto footer - panic");
1603 return;
1604 }
1605
1606 crypt_ftr.flags |= CRYPT_DATA_CORRUPT;
1607 if (put_crypt_ftr_and_key(&crypt_ftr)) {
1608 SLOGE("Failed to set crypto footer - panic");
1609 return;
1610 }
1611}
1612
1613static void cryptfs_trigger_restart_min_framework()
1614{
1615 if (fs_mgr_do_tmpfs_mount(DATA_MNT_POINT)) {
1616 SLOGE("Failed to mount tmpfs on data - panic");
1617 return;
1618 }
1619
1620 if (property_set("vold.decrypt", "trigger_post_fs_data")) {
1621 SLOGE("Failed to trigger post fs data - panic");
1622 return;
1623 }
1624
1625 if (property_set("vold.decrypt", "trigger_restart_min_framework")) {
1626 SLOGE("Failed to trigger restart min framework - panic");
1627 return;
1628 }
1629}
1630
Paul Lawrence8e3f4512014-09-08 10:11:17 -07001631/* returns < 0 on failure */
Paul Lawrencef4faa572014-01-29 13:31:03 -08001632static int cryptfs_restart_internal(int restart_main)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001633{
Ken Sumrall6864b7e2011-01-14 15:20:02 -08001634 char crypto_blkdev[MAXPATHLEN];
Tim Murray8439dc92014-12-15 11:56:11 -08001635 int rc = -1;
Ken Sumrall0cc16632011-01-18 20:32:26 -08001636 static int restart_successful = 0;
1637
1638 /* Validate that it's OK to call this routine */
Jason parks70a4b3f2011-01-28 10:10:47 -06001639 if (! master_key_saved) {
Ken Sumrall0cc16632011-01-18 20:32:26 -08001640 SLOGE("Encrypted filesystem not validated, aborting");
1641 return -1;
1642 }
1643
1644 if (restart_successful) {
1645 SLOGE("System already restarted with encrypted disk, aborting");
1646 return -1;
1647 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001648
Paul Lawrencef4faa572014-01-29 13:31:03 -08001649 if (restart_main) {
1650 /* Here is where we shut down the framework. The init scripts
1651 * start all services in one of three classes: core, main or late_start.
1652 * On boot, we start core and main. Now, we stop main, but not core,
1653 * as core includes vold and a few other really important things that
1654 * we need to keep running. Once main has stopped, we should be able
1655 * to umount the tmpfs /data, then mount the encrypted /data.
1656 * We then restart the class main, and also the class late_start.
1657 * At the moment, I've only put a few things in late_start that I know
1658 * are not needed to bring up the framework, and that also cause problems
1659 * with unmounting the tmpfs /data, but I hope to add add more services
1660 * to the late_start class as we optimize this to decrease the delay
1661 * till the user is asked for the password to the filesystem.
1662 */
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001663
Paul Lawrencef4faa572014-01-29 13:31:03 -08001664 /* The init files are setup to stop the class main when vold.decrypt is
1665 * set to trigger_reset_main.
1666 */
1667 property_set("vold.decrypt", "trigger_reset_main");
1668 SLOGD("Just asked init to shut down class main\n");
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001669
Paul Lawrencef4faa572014-01-29 13:31:03 -08001670 /* Ugh, shutting down the framework is not synchronous, so until it
1671 * can be fixed, this horrible hack will wait a moment for it all to
1672 * shut down before proceeding. Without it, some devices cannot
1673 * restart the graphics services.
1674 */
1675 sleep(2);
1676 }
Ken Sumrall9dedfd42012-10-09 14:16:59 -07001677
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001678 /* Now that the framework is shutdown, we should be able to umount()
1679 * the tmpfs filesystem, and mount the real one.
1680 */
1681
Ken Sumrall6864b7e2011-01-14 15:20:02 -08001682 property_get("ro.crypto.fs_crypto_blkdev", crypto_blkdev, "");
1683 if (strlen(crypto_blkdev) == 0) {
1684 SLOGE("fs_crypto_blkdev not set\n");
1685 return -1;
1686 }
1687
Greg Hackmann6e8440f2014-10-02 17:18:20 -07001688 if (! (rc = wait_and_unmount(DATA_MNT_POINT, true)) ) {
Doug Zongker6fd57712013-12-17 09:43:23 -08001689 /* If ro.crypto.readonly is set to 1, mount the decrypted
1690 * filesystem readonly. This is used when /data is mounted by
1691 * recovery mode.
1692 */
1693 char ro_prop[PROPERTY_VALUE_MAX];
1694 property_get("ro.crypto.readonly", ro_prop, "");
1695 if (strlen(ro_prop) > 0 && atoi(ro_prop)) {
1696 struct fstab_rec* rec = fs_mgr_get_entry_for_mount_point(fstab, DATA_MNT_POINT);
1697 rec->flags |= MS_RDONLY;
1698 }
JP Abgrall62c7af32014-06-16 13:01:23 -07001699
Ken Sumralle5032c42012-04-01 23:58:44 -07001700 /* If that succeeded, then mount the decrypted filesystem */
Paul Lawrence8e3f4512014-09-08 10:11:17 -07001701 int retries = RETRY_MOUNT_ATTEMPTS;
1702 int mount_rc;
Jeff Vander Stoepdf725752016-01-29 15:34:43 -08001703
1704 /*
1705 * fs_mgr_do_mount runs fsck. Use setexeccon to run trusted
1706 * partitions in the fsck domain.
1707 */
1708 if (setexeccon(secontextFsck())){
1709 SLOGE("Failed to setexeccon");
1710 return -1;
1711 }
Paul Lawrence8e3f4512014-09-08 10:11:17 -07001712 while ((mount_rc = fs_mgr_do_mount(fstab, DATA_MNT_POINT,
1713 crypto_blkdev, 0))
1714 != 0) {
1715 if (mount_rc == FS_MGR_DOMNT_BUSY) {
1716 /* TODO: invoke something similar to
1717 Process::killProcessWithOpenFiles(DATA_MNT_POINT,
1718 retries > RETRY_MOUNT_ATTEMPT/2 ? 1 : 2 ) */
1719 SLOGI("Failed to mount %s because it is busy - waiting",
1720 crypto_blkdev);
1721 if (--retries) {
1722 sleep(RETRY_MOUNT_DELAY_SECONDS);
1723 } else {
1724 /* Let's hope that a reboot clears away whatever is keeping
1725 the mount busy */
1726 cryptfs_reboot(reboot);
1727 }
1728 } else {
1729 SLOGE("Failed to mount decrypted data");
1730 cryptfs_set_corrupt();
1731 cryptfs_trigger_restart_min_framework();
1732 SLOGI("Started framework to offer wipe");
Jeff Vander Stoepdf725752016-01-29 15:34:43 -08001733 if (setexeccon(NULL)) {
1734 SLOGE("Failed to setexeccon");
1735 }
Paul Lawrence8e3f4512014-09-08 10:11:17 -07001736 return -1;
1737 }
Paul Lawrence74f29f12014-08-28 15:54:10 -07001738 }
Jeff Vander Stoepdf725752016-01-29 15:34:43 -08001739 if (setexeccon(NULL)) {
1740 SLOGE("Failed to setexeccon");
1741 return -1;
1742 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001743
Ken Sumralle5032c42012-04-01 23:58:44 -07001744 /* Create necessary paths on /data */
1745 if (prep_data_fs()) {
1746 return -1;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001747 }
Seigo Nonakae2ef0c02016-06-20 17:05:40 +09001748 property_set("vold.decrypt", "trigger_load_persist_props");
Ken Sumralle5032c42012-04-01 23:58:44 -07001749
1750 /* startup service classes main and late_start */
1751 property_set("vold.decrypt", "trigger_restart_framework");
1752 SLOGD("Just triggered restart_framework\n");
1753
1754 /* Give it a few moments to get started */
1755 sleep(1);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001756 }
1757
Ken Sumrall0cc16632011-01-18 20:32:26 -08001758 if (rc == 0) {
1759 restart_successful = 1;
1760 }
1761
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001762 return rc;
1763}
1764
Paul Lawrencef4faa572014-01-29 13:31:03 -08001765int cryptfs_restart(void)
1766{
Paul Lawrence05335c32015-03-05 09:46:23 -08001767 SLOGI("cryptfs_restart");
Paul Crowley38132a12016-02-09 09:50:32 +00001768 if (e4crypt_is_native()) {
Paul Lawrence7b6b5652016-02-02 11:14:59 -08001769 SLOGE("cryptfs_restart not valid for file encryption:");
1770 return -1;
Paul Lawrence05335c32015-03-05 09:46:23 -08001771 }
1772
Paul Lawrencef4faa572014-01-29 13:31:03 -08001773 /* Call internal implementation forcing a restart of main service group */
1774 return cryptfs_restart_internal(1);
1775}
1776
Paul Lawrence05335c32015-03-05 09:46:23 -08001777static int do_crypto_complete(char *mount_point)
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08001778{
1779 struct crypt_mnt_ftr crypt_ftr;
Ken Sumrall29d8da82011-05-18 17:20:07 -07001780 char encrypted_state[PROPERTY_VALUE_MAX];
Ken Sumralle1a45852011-12-14 21:24:27 -08001781 char key_loc[PROPERTY_VALUE_MAX];
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08001782
1783 property_get("ro.crypto.state", encrypted_state, "");
1784 if (strcmp(encrypted_state, "encrypted") ) {
1785 SLOGE("not running with encryption, aborting");
Paul Lawrence74f29f12014-08-28 15:54:10 -07001786 return CRYPTO_COMPLETE_NOT_ENCRYPTED;
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08001787 }
1788
Paul Lawrence7b6b5652016-02-02 11:14:59 -08001789 // crypto_complete is full disk encrypted status
Paul Crowley38132a12016-02-09 09:50:32 +00001790 if (e4crypt_is_native()) {
Paul Lawrence7b6b5652016-02-02 11:14:59 -08001791 return CRYPTO_COMPLETE_NOT_ENCRYPTED;
Paul Lawrence05335c32015-03-05 09:46:23 -08001792 }
1793
Ken Sumrall160b4d62013-04-22 12:15:39 -07001794 if (get_crypt_ftr_and_key(&crypt_ftr)) {
Ken Sumrall56ad03c2013-02-13 13:00:19 -08001795 fs_mgr_get_crypt_info(fstab, key_loc, 0, sizeof(key_loc));
Ken Sumralle5032c42012-04-01 23:58:44 -07001796
Ken Sumralle1a45852011-12-14 21:24:27 -08001797 /*
1798 * Only report this error if key_loc is a file and it exists.
1799 * If the device was never encrypted, and /data is not mountable for
1800 * some reason, returning 1 should prevent the UI from presenting the
1801 * a "enter password" screen, or worse, a "press button to wipe the
1802 * device" screen.
1803 */
1804 if ((key_loc[0] == '/') && (access("key_loc", F_OK) == -1)) {
1805 SLOGE("master key file does not exist, aborting");
Paul Lawrence74f29f12014-08-28 15:54:10 -07001806 return CRYPTO_COMPLETE_NOT_ENCRYPTED;
Ken Sumralle1a45852011-12-14 21:24:27 -08001807 } else {
1808 SLOGE("Error getting crypt footer and key\n");
Paul Lawrence74f29f12014-08-28 15:54:10 -07001809 return CRYPTO_COMPLETE_BAD_METADATA;
Ken Sumralle1a45852011-12-14 21:24:27 -08001810 }
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08001811 }
1812
Paul Lawrence74f29f12014-08-28 15:54:10 -07001813 // Test for possible error flags
1814 if (crypt_ftr.flags & CRYPT_ENCRYPTION_IN_PROGRESS){
1815 SLOGE("Encryption process is partway completed\n");
1816 return CRYPTO_COMPLETE_PARTIAL;
1817 }
1818
1819 if (crypt_ftr.flags & CRYPT_INCONSISTENT_STATE){
1820 SLOGE("Encryption process was interrupted but cannot continue\n");
1821 return CRYPTO_COMPLETE_INCONSISTENT;
1822 }
1823
1824 if (crypt_ftr.flags & CRYPT_DATA_CORRUPT){
1825 SLOGE("Encryption is successful but data is corrupt\n");
1826 return CRYPTO_COMPLETE_CORRUPT;
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08001827 }
1828
1829 /* We passed the test! We shall diminish, and return to the west */
Paul Lawrence74f29f12014-08-28 15:54:10 -07001830 return CRYPTO_COMPLETE_ENCRYPTED;
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08001831}
1832
Paul Lawrencef4faa572014-01-29 13:31:03 -08001833static int test_mount_encrypted_fs(struct crypt_mnt_ftr* crypt_ftr,
1834 char *passwd, char *mount_point, char *label)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001835{
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001836 /* Allocate enough space for a 256 bit key, but we may use less */
Ken Sumrall160b4d62013-04-22 12:15:39 -07001837 unsigned char decrypted_master_key[32];
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001838 char crypto_blkdev[MAXPATHLEN];
1839 char real_blkdev[MAXPATHLEN];
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001840 char tmp_mount_point[64];
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001841 unsigned int orig_failed_decrypt_count;
1842 int rc;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001843 int use_keymaster = 0;
1844 int upgrade = 0;
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001845 unsigned char* intermediate_key = 0;
1846 size_t intermediate_key_size = 0;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001847
Paul Lawrencef4faa572014-01-29 13:31:03 -08001848 SLOGD("crypt_ftr->fs_size = %lld\n", crypt_ftr->fs_size);
1849 orig_failed_decrypt_count = crypt_ftr->failed_decrypt_count;
Ken Sumrall0cc16632011-01-18 20:32:26 -08001850
Paul Lawrencef4faa572014-01-29 13:31:03 -08001851 if (! (crypt_ftr->flags & CRYPT_MNT_KEY_UNENCRYPTED) ) {
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001852 if (decrypt_master_key(passwd, decrypted_master_key, crypt_ftr,
1853 &intermediate_key, &intermediate_key_size)) {
JP Abgrall7bdfa522013-11-15 13:42:56 -08001854 SLOGE("Failed to decrypt master key\n");
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001855 rc = -1;
1856 goto errout;
JP Abgrall7bdfa522013-11-15 13:42:56 -08001857 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001858 }
1859
Paul Lawrencef4faa572014-01-29 13:31:03 -08001860 fs_mgr_get_crypt_info(fstab, 0, real_blkdev, sizeof(real_blkdev));
1861
Ajay Dudani87701e22014-09-17 21:02:52 -07001862#ifdef CONFIG_HW_DISK_ENCRYPTION
Iliyan Malchevbb7d9af2014-11-20 18:42:23 -08001863 if (!strcmp((char *)crypt_ftr->crypto_type_name, "aes-xts")) {
1864 if(!set_hw_device_encryption_key(passwd, (char*) crypt_ftr->crypto_type_name)) {
1865 SLOGE("Hardware encryption key does not match");
1866 }
Ajay Dudani87701e22014-09-17 21:02:52 -07001867 }
1868#endif
1869
Paul Lawrence74f29f12014-08-28 15:54:10 -07001870 // Create crypto block device - all (non fatal) code paths
1871 // need it
Paul Lawrencef4faa572014-01-29 13:31:03 -08001872 if (create_crypto_blk_dev(crypt_ftr, decrypted_master_key,
1873 real_blkdev, crypto_blkdev, label)) {
Paul Lawrence74f29f12014-08-28 15:54:10 -07001874 SLOGE("Error creating decrypted block device\n");
1875 rc = -1;
1876 goto errout;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001877 }
1878
Paul Lawrence74f29f12014-08-28 15:54:10 -07001879 /* Work out if the problem is the password or the data */
1880 unsigned char scrypted_intermediate_key[sizeof(crypt_ftr->
1881 scrypted_intermediate_key)];
1882 int N = 1 << crypt_ftr->N_factor;
1883 int r = 1 << crypt_ftr->r_factor;
1884 int p = 1 << crypt_ftr->p_factor;
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001885
Paul Lawrence74f29f12014-08-28 15:54:10 -07001886 rc = crypto_scrypt(intermediate_key, intermediate_key_size,
1887 crypt_ftr->salt, sizeof(crypt_ftr->salt),
1888 N, r, p, scrypted_intermediate_key,
1889 sizeof(scrypted_intermediate_key));
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001890
Paul Lawrence74f29f12014-08-28 15:54:10 -07001891 // Does the key match the crypto footer?
1892 if (rc == 0 && memcmp(scrypted_intermediate_key,
1893 crypt_ftr->scrypted_intermediate_key,
1894 sizeof(scrypted_intermediate_key)) == 0) {
1895 SLOGI("Password matches");
1896 rc = 0;
1897 } else {
1898 /* Try mounting the file system anyway, just in case the problem's with
1899 * the footer, not the key. */
George Burgess IV605d7ae2016-02-29 13:39:17 -08001900 snprintf(tmp_mount_point, sizeof(tmp_mount_point), "%s/tmp_mnt",
1901 mount_point);
Paul Lawrence74f29f12014-08-28 15:54:10 -07001902 mkdir(tmp_mount_point, 0755);
1903 if (fs_mgr_do_mount(fstab, DATA_MNT_POINT, crypto_blkdev, tmp_mount_point)) {
1904 SLOGE("Error temp mounting decrypted block device\n");
1905 delete_crypto_blk_dev(label);
1906
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001907 rc = ++crypt_ftr->failed_decrypt_count;
1908 put_crypt_ftr_and_key(crypt_ftr);
Paul Lawrence74f29f12014-08-28 15:54:10 -07001909 } else {
1910 /* Success! */
1911 SLOGI("Password did not match but decrypted drive mounted - continue");
1912 umount(tmp_mount_point);
1913 rc = 0;
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001914 }
Paul Lawrence74f29f12014-08-28 15:54:10 -07001915 }
1916
1917 if (rc == 0) {
1918 crypt_ftr->failed_decrypt_count = 0;
Paul Lawrence72b8b822014-10-05 12:57:37 -07001919 if (orig_failed_decrypt_count != 0) {
1920 put_crypt_ftr_and_key(crypt_ftr);
1921 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001922
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001923 /* Save the name of the crypto block device
Paul Lawrence74f29f12014-08-28 15:54:10 -07001924 * so we can mount it when restarting the framework. */
Ken Sumrall6864b7e2011-01-14 15:20:02 -08001925 property_set("ro.crypto.fs_crypto_blkdev", crypto_blkdev);
Jason parks70a4b3f2011-01-28 10:10:47 -06001926
1927 /* Also save a the master key so we can reencrypted the key
Paul Lawrence74f29f12014-08-28 15:54:10 -07001928 * the key when we want to change the password on it. */
Jason parks70a4b3f2011-01-28 10:10:47 -06001929 memcpy(saved_master_key, decrypted_master_key, KEY_LEN_BYTES);
Ken Sumrall3ad90722011-10-04 20:38:29 -07001930 saved_mount_point = strdup(mount_point);
Jason parks70a4b3f2011-01-28 10:10:47 -06001931 master_key_saved = 1;
JP Abgrall7bdfa522013-11-15 13:42:56 -08001932 SLOGD("%s(): Master key saved\n", __FUNCTION__);
Ken Sumrall6864b7e2011-01-14 15:20:02 -08001933 rc = 0;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001934
Paul Lawrence74f29f12014-08-28 15:54:10 -07001935 // Upgrade if we're not using the latest KDF.
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001936 use_keymaster = keymaster_check_compatibility();
1937 if (crypt_ftr->kdf_type == KDF_SCRYPT_KEYMASTER) {
Shawn Willden47ba10d2014-09-03 17:07:06 -06001938 // Don't allow downgrade
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001939 } else if (use_keymaster == 1 && crypt_ftr->kdf_type != KDF_SCRYPT_KEYMASTER) {
1940 crypt_ftr->kdf_type = KDF_SCRYPT_KEYMASTER;
1941 upgrade = 1;
1942 } else if (use_keymaster == 0 && crypt_ftr->kdf_type != KDF_SCRYPT) {
Paul Lawrencef4faa572014-01-29 13:31:03 -08001943 crypt_ftr->kdf_type = KDF_SCRYPT;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001944 upgrade = 1;
1945 }
1946
1947 if (upgrade) {
Paul Lawrencef4faa572014-01-29 13:31:03 -08001948 rc = encrypt_master_key(passwd, crypt_ftr->salt, saved_master_key,
1949 crypt_ftr->master_key, crypt_ftr);
JP Abgrall7bdfa522013-11-15 13:42:56 -08001950 if (!rc) {
Paul Lawrencef4faa572014-01-29 13:31:03 -08001951 rc = put_crypt_ftr_and_key(crypt_ftr);
JP Abgrall7bdfa522013-11-15 13:42:56 -08001952 }
1953 SLOGD("Key Derivation Function upgrade: rc=%d\n", rc);
Paul Lawrenceb2f682b2014-09-08 11:28:19 -07001954
1955 // Do not fail even if upgrade failed - machine is bootable
1956 // Note that if this code is ever hit, there is a *serious* problem
1957 // since KDFs should never fail. You *must* fix the kdf before
1958 // proceeding!
1959 if (rc) {
1960 SLOGW("Upgrade failed with error %d,"
1961 " but continuing with previous state",
1962 rc);
1963 rc = 0;
1964 }
JP Abgrall7bdfa522013-11-15 13:42:56 -08001965 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001966 }
1967
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001968 errout:
1969 if (intermediate_key) {
1970 memset(intermediate_key, 0, intermediate_key_size);
1971 free(intermediate_key);
1972 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001973 return rc;
1974}
1975
Ken Sumrall29d8da82011-05-18 17:20:07 -07001976/*
Jeff Sharkey9c484982015-03-31 10:35:33 -07001977 * Called by vold when it's asked to mount an encrypted external
1978 * storage volume. The incoming partition has no crypto header/footer,
1979 * as any metadata is been stored in a separate, small partition.
1980 *
1981 * out_crypto_blkdev must be MAXPATHLEN.
Ken Sumrall29d8da82011-05-18 17:20:07 -07001982 */
Jeff Sharkey9c484982015-03-31 10:35:33 -07001983int cryptfs_setup_ext_volume(const char* label, const char* real_blkdev,
1984 const unsigned char* key, int keysize, char* out_crypto_blkdev) {
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07001985 int fd = open(real_blkdev, O_RDONLY|O_CLOEXEC);
Hiroaki Miyazawa14eab552015-02-04 13:29:15 +09001986 if (fd == -1) {
Jeff Sharkey9c484982015-03-31 10:35:33 -07001987 SLOGE("Failed to open %s: %s", real_blkdev, strerror(errno));
Hiroaki Miyazawa14eab552015-02-04 13:29:15 +09001988 return -1;
1989 }
1990
1991 unsigned long nr_sec = 0;
1992 get_blkdev_size(fd, &nr_sec);
Ken Sumrall29d8da82011-05-18 17:20:07 -07001993 close(fd);
Hiroaki Miyazawa14eab552015-02-04 13:29:15 +09001994
Ken Sumrall29d8da82011-05-18 17:20:07 -07001995 if (nr_sec == 0) {
Jeff Sharkey9c484982015-03-31 10:35:33 -07001996 SLOGE("Failed to get size of %s: %s", real_blkdev, strerror(errno));
Ken Sumrall29d8da82011-05-18 17:20:07 -07001997 return -1;
1998 }
1999
Jeff Sharkey9c484982015-03-31 10:35:33 -07002000 struct crypt_mnt_ftr ext_crypt_ftr;
2001 memset(&ext_crypt_ftr, 0, sizeof(ext_crypt_ftr));
2002 ext_crypt_ftr.fs_size = nr_sec;
2003 ext_crypt_ftr.keysize = keysize;
2004 strcpy((char*) ext_crypt_ftr.crypto_type_name, "aes-cbc-essiv:sha256");
Ken Sumrall29d8da82011-05-18 17:20:07 -07002005
Jeff Sharkey9c484982015-03-31 10:35:33 -07002006 return create_crypto_blk_dev(&ext_crypt_ftr, key, real_blkdev,
2007 out_crypto_blkdev, label);
2008}
Ken Sumrall29d8da82011-05-18 17:20:07 -07002009
Jeff Sharkey9c484982015-03-31 10:35:33 -07002010/*
2011 * Called by vold when it's asked to unmount an encrypted external
2012 * storage volume.
2013 */
2014int cryptfs_revert_ext_volume(const char* label) {
2015 return delete_crypto_blk_dev((char*) label);
Ken Sumrall29d8da82011-05-18 17:20:07 -07002016}
2017
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08002018int cryptfs_crypto_complete(void)
2019{
2020 return do_crypto_complete("/data");
2021}
2022
Paul Lawrencef4faa572014-01-29 13:31:03 -08002023int check_unmounted_and_get_ftr(struct crypt_mnt_ftr* crypt_ftr)
2024{
2025 char encrypted_state[PROPERTY_VALUE_MAX];
2026 property_get("ro.crypto.state", encrypted_state, "");
2027 if ( master_key_saved || strcmp(encrypted_state, "encrypted") ) {
2028 SLOGE("encrypted fs already validated or not running with encryption,"
2029 " aborting");
2030 return -1;
2031 }
2032
2033 if (get_crypt_ftr_and_key(crypt_ftr)) {
2034 SLOGE("Error getting crypt footer and key");
2035 return -1;
2036 }
2037
2038 return 0;
2039}
2040
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002041int cryptfs_check_passwd(char *passwd)
2042{
Paul Lawrence05335c32015-03-05 09:46:23 -08002043 SLOGI("cryptfs_check_passwd");
Paul Crowley38132a12016-02-09 09:50:32 +00002044 if (e4crypt_is_native()) {
Paul Lawrence7b6b5652016-02-02 11:14:59 -08002045 SLOGE("cryptfs_check_passwd not valid for file encryption");
2046 return -1;
Paul Lawrence05335c32015-03-05 09:46:23 -08002047 }
2048
Paul Lawrencef4faa572014-01-29 13:31:03 -08002049 struct crypt_mnt_ftr crypt_ftr;
2050 int rc;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002051
Paul Lawrencef4faa572014-01-29 13:31:03 -08002052 rc = check_unmounted_and_get_ftr(&crypt_ftr);
Paul Lawrence3d99eba2015-11-20 07:07:19 -08002053 if (rc) {
2054 SLOGE("Could not get footer");
Paul Lawrencef4faa572014-01-29 13:31:03 -08002055 return rc;
Paul Lawrence3d99eba2015-11-20 07:07:19 -08002056 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002057
Paul Lawrence3bd36d52015-06-09 13:37:44 -07002058 rc = test_mount_encrypted_fs(&crypt_ftr, passwd,
Paul Lawrence3d99eba2015-11-20 07:07:19 -08002059 DATA_MNT_POINT, CRYPTO_BLOCK_DEVICE);
2060 if (rc) {
2061 SLOGE("Password did not match");
2062 return rc;
2063 }
Paul Lawrence684dbdf2014-02-07 12:07:22 -08002064
Paul Lawrence3d99eba2015-11-20 07:07:19 -08002065 if (crypt_ftr.flags & CRYPT_FORCE_COMPLETE) {
2066 // Here we have a default actual password but a real password
2067 // we must test against the scrypted value
2068 // First, we must delete the crypto block device that
2069 // test_mount_encrypted_fs leaves behind as a side effect
2070 delete_crypto_blk_dev(CRYPTO_BLOCK_DEVICE);
2071 rc = test_mount_encrypted_fs(&crypt_ftr, DEFAULT_PASSWORD,
2072 DATA_MNT_POINT, CRYPTO_BLOCK_DEVICE);
2073 if (rc) {
2074 SLOGE("Default password did not match on reboot encryption");
2075 return rc;
2076 }
2077
2078 crypt_ftr.flags &= ~CRYPT_FORCE_COMPLETE;
2079 put_crypt_ftr_and_key(&crypt_ftr);
2080 rc = cryptfs_changepw(crypt_ftr.crypt_type, passwd);
2081 if (rc) {
2082 SLOGE("Could not change password on reboot encryption");
2083 return rc;
2084 }
2085 }
2086
2087 if (crypt_ftr.crypt_type != CRYPT_TYPE_DEFAULT) {
Paul Lawrence399317e2014-03-10 13:20:50 -07002088 cryptfs_clear_password();
2089 password = strdup(passwd);
2090 struct timespec now;
2091 clock_gettime(CLOCK_BOOTTIME, &now);
2092 password_expiry_time = now.tv_sec + password_max_age_seconds;
Paul Lawrence684dbdf2014-02-07 12:07:22 -08002093 }
2094
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002095 return rc;
2096}
2097
Ken Sumrall3ad90722011-10-04 20:38:29 -07002098int cryptfs_verify_passwd(char *passwd)
2099{
2100 struct crypt_mnt_ftr crypt_ftr;
2101 /* Allocate enough space for a 256 bit key, but we may use less */
Ken Sumrall160b4d62013-04-22 12:15:39 -07002102 unsigned char decrypted_master_key[32];
Ken Sumrall3ad90722011-10-04 20:38:29 -07002103 char encrypted_state[PROPERTY_VALUE_MAX];
2104 int rc;
2105
2106 property_get("ro.crypto.state", encrypted_state, "");
2107 if (strcmp(encrypted_state, "encrypted") ) {
2108 SLOGE("device not encrypted, aborting");
2109 return -2;
2110 }
2111
2112 if (!master_key_saved) {
2113 SLOGE("encrypted fs not yet mounted, aborting");
2114 return -1;
2115 }
2116
2117 if (!saved_mount_point) {
2118 SLOGE("encrypted fs failed to save mount point, aborting");
2119 return -1;
2120 }
2121
Ken Sumrall160b4d62013-04-22 12:15:39 -07002122 if (get_crypt_ftr_and_key(&crypt_ftr)) {
Ken Sumrall3ad90722011-10-04 20:38:29 -07002123 SLOGE("Error getting crypt footer and key\n");
2124 return -1;
2125 }
2126
2127 if (crypt_ftr.flags & CRYPT_MNT_KEY_UNENCRYPTED) {
2128 /* If the device has no password, then just say the password is valid */
2129 rc = 0;
2130 } else {
Paul Lawrenced0c7b172014-08-08 14:28:10 -07002131 decrypt_master_key(passwd, decrypted_master_key, &crypt_ftr, 0, 0);
Ken Sumrall3ad90722011-10-04 20:38:29 -07002132 if (!memcmp(decrypted_master_key, saved_master_key, crypt_ftr.keysize)) {
2133 /* They match, the password is correct */
2134 rc = 0;
2135 } else {
2136 /* If incorrect, sleep for a bit to prevent dictionary attacks */
2137 sleep(1);
2138 rc = 1;
2139 }
2140 }
2141
2142 return rc;
2143}
2144
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002145/* Initialize a crypt_mnt_ftr structure. The keysize is
2146 * defaulted to 16 bytes, and the filesystem size to 0.
2147 * Presumably, at a minimum, the caller will update the
2148 * filesystem size and crypto_type_name after calling this function.
2149 */
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07002150static int cryptfs_init_crypt_mnt_ftr(struct crypt_mnt_ftr *ftr)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002151{
Ken Sumrall160b4d62013-04-22 12:15:39 -07002152 off64_t off;
2153
2154 memset(ftr, 0, sizeof(struct crypt_mnt_ftr));
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002155 ftr->magic = CRYPT_MNT_MAGIC;
Kenny Rootc96a5f82013-06-14 12:08:28 -07002156 ftr->major_version = CURRENT_MAJOR_VERSION;
2157 ftr->minor_version = CURRENT_MINOR_VERSION;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002158 ftr->ftr_size = sizeof(struct crypt_mnt_ftr);
Jason parks70a4b3f2011-01-28 10:10:47 -06002159 ftr->keysize = KEY_LEN_BYTES;
Ken Sumrall160b4d62013-04-22 12:15:39 -07002160
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07002161 switch (keymaster_check_compatibility()) {
2162 case 1:
2163 ftr->kdf_type = KDF_SCRYPT_KEYMASTER;
2164 break;
2165
2166 case 0:
2167 ftr->kdf_type = KDF_SCRYPT;
2168 break;
2169
2170 default:
2171 SLOGE("keymaster_check_compatibility failed");
2172 return -1;
2173 }
2174
Kenny Rootc4c70f12013-06-14 12:11:38 -07002175 get_device_scrypt_params(ftr);
2176
Ken Sumrall160b4d62013-04-22 12:15:39 -07002177 ftr->persist_data_size = CRYPT_PERSIST_DATA_SIZE;
2178 if (get_crypt_ftr_info(NULL, &off) == 0) {
2179 ftr->persist_data_offset[0] = off + CRYPT_FOOTER_TO_PERSIST_OFFSET;
2180 ftr->persist_data_offset[1] = off + CRYPT_FOOTER_TO_PERSIST_OFFSET +
2181 ftr->persist_data_size;
2182 }
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07002183
2184 return 0;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002185}
2186
Ken Sumrall29d8da82011-05-18 17:20:07 -07002187static int cryptfs_enable_wipe(char *crypto_blkdev, off64_t size, int type)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002188{
Ken Sumralle550f782013-08-20 13:48:23 -07002189 const char *args[10];
2190 char size_str[32]; /* Must be large enough to hold a %lld and null byte */
2191 int num_args;
2192 int status;
2193 int tmp;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002194 int rc = -1;
2195
Ken Sumrall29d8da82011-05-18 17:20:07 -07002196 if (type == EXT4_FS) {
Ken Sumralle550f782013-08-20 13:48:23 -07002197 args[0] = "/system/bin/make_ext4fs";
2198 args[1] = "-a";
2199 args[2] = "/data";
2200 args[3] = "-l";
Elliott Hughes73737162014-06-25 17:27:42 -07002201 snprintf(size_str, sizeof(size_str), "%" PRId64, size * 512);
Ken Sumralle550f782013-08-20 13:48:23 -07002202 args[4] = size_str;
2203 args[5] = crypto_blkdev;
2204 num_args = 6;
2205 SLOGI("Making empty filesystem with command %s %s %s %s %s %s\n",
2206 args[0], args[1], args[2], args[3], args[4], args[5]);
JP Abgrall62c7af32014-06-16 13:01:23 -07002207 } else if (type == F2FS_FS) {
2208 args[0] = "/system/bin/mkfs.f2fs";
2209 args[1] = "-t";
2210 args[2] = "-d1";
2211 args[3] = crypto_blkdev;
Elliott Hughes73737162014-06-25 17:27:42 -07002212 snprintf(size_str, sizeof(size_str), "%" PRId64, size);
JP Abgrall62c7af32014-06-16 13:01:23 -07002213 args[4] = size_str;
2214 num_args = 5;
2215 SLOGI("Making empty filesystem with command %s %s %s %s %s\n",
2216 args[0], args[1], args[2], args[3], args[4]);
Ken Sumrall29d8da82011-05-18 17:20:07 -07002217 } else {
2218 SLOGE("cryptfs_enable_wipe(): unknown filesystem type %d\n", type);
2219 return -1;
2220 }
2221
Ken Sumralle550f782013-08-20 13:48:23 -07002222 tmp = android_fork_execvp(num_args, (char **)args, &status, false, true);
2223
2224 if (tmp != 0) {
2225 SLOGE("Error creating empty filesystem on %s due to logwrap error\n", crypto_blkdev);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002226 } else {
Ken Sumralle550f782013-08-20 13:48:23 -07002227 if (WIFEXITED(status)) {
2228 if (WEXITSTATUS(status)) {
2229 SLOGE("Error creating filesystem on %s, exit status %d ",
2230 crypto_blkdev, WEXITSTATUS(status));
2231 } else {
2232 SLOGD("Successfully created filesystem on %s\n", crypto_blkdev);
2233 rc = 0;
2234 }
2235 } else {
2236 SLOGE("Error creating filesystem on %s, did not exit normally\n", crypto_blkdev);
2237 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002238 }
2239
2240 return rc;
2241}
2242
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002243#define CRYPT_INPLACE_BUFSIZE 4096
Paul Lawrence87999172014-02-20 12:21:31 -08002244#define CRYPT_SECTORS_PER_BUFSIZE (CRYPT_INPLACE_BUFSIZE / CRYPT_SECTOR_SIZE)
2245#define CRYPT_SECTOR_SIZE 512
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002246
2247/* aligned 32K writes tends to make flash happy.
2248 * SD card association recommends it.
2249 */
Ajay Dudani87701e22014-09-17 21:02:52 -07002250#ifndef CONFIG_HW_DISK_ENCRYPTION
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002251#define BLOCKS_AT_A_TIME 8
Ajay Dudani87701e22014-09-17 21:02:52 -07002252#else
2253#define BLOCKS_AT_A_TIME 1024
2254#endif
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002255
2256struct encryptGroupsData
2257{
2258 int realfd;
2259 int cryptofd;
2260 off64_t numblocks;
2261 off64_t one_pct, cur_pct, new_pct;
2262 off64_t blocks_already_done, tot_numblocks;
Paul Lawrence58c58cf2014-06-04 13:12:21 -07002263 off64_t used_blocks_already_done, tot_used_blocks;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002264 char* real_blkdev, * crypto_blkdev;
2265 int count;
2266 off64_t offset;
2267 char* buffer;
Paul Lawrence87999172014-02-20 12:21:31 -08002268 off64_t last_written_sector;
2269 int completed;
Paul Lawrencea96d9c92014-06-04 14:05:01 -07002270 time_t time_started;
2271 int remaining_time;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002272};
2273
Paul Lawrence58c58cf2014-06-04 13:12:21 -07002274static void update_progress(struct encryptGroupsData* data, int is_used)
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002275{
2276 data->blocks_already_done++;
Paul Lawrence58c58cf2014-06-04 13:12:21 -07002277
2278 if (is_used) {
2279 data->used_blocks_already_done++;
2280 }
Paul Lawrence58c58cf2014-06-04 13:12:21 -07002281 if (data->tot_used_blocks) {
2282 data->new_pct = data->used_blocks_already_done / data->one_pct;
2283 } else {
2284 data->new_pct = data->blocks_already_done / data->one_pct;
2285 }
2286
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002287 if (data->new_pct > data->cur_pct) {
2288 char buf[8];
2289 data->cur_pct = data->new_pct;
Elliott Hughescb33f572014-06-25 18:25:11 -07002290 snprintf(buf, sizeof(buf), "%" PRId64, data->cur_pct);
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002291 property_set("vold.encrypt_progress", buf);
2292 }
Paul Lawrencea96d9c92014-06-04 14:05:01 -07002293
2294 if (data->cur_pct >= 5) {
Paul Lawrence9c58a872014-09-30 09:12:51 -07002295 struct timespec time_now;
2296 if (clock_gettime(CLOCK_MONOTONIC, &time_now)) {
2297 SLOGW("Error getting time");
2298 } else {
2299 double elapsed_time = difftime(time_now.tv_sec, data->time_started);
2300 off64_t remaining_blocks = data->tot_used_blocks
2301 - data->used_blocks_already_done;
2302 int remaining_time = (int)(elapsed_time * remaining_blocks
2303 / data->used_blocks_already_done);
Paul Lawrence71577502014-08-13 14:55:55 -07002304
Paul Lawrence9c58a872014-09-30 09:12:51 -07002305 // Change time only if not yet set, lower, or a lot higher for
2306 // best user experience
2307 if (data->remaining_time == -1
2308 || remaining_time < data->remaining_time
2309 || remaining_time > data->remaining_time + 60) {
2310 char buf[8];
2311 snprintf(buf, sizeof(buf), "%d", remaining_time);
2312 property_set("vold.encrypt_time_remaining", buf);
2313 data->remaining_time = remaining_time;
2314 }
Paul Lawrencea96d9c92014-06-04 14:05:01 -07002315 }
2316 }
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002317}
2318
Paul Lawrence3846be12014-09-22 11:33:54 -07002319static void log_progress(struct encryptGroupsData const* data, bool completed)
2320{
2321 // Precondition - if completed data = 0 else data != 0
2322
2323 // Track progress so we can skip logging blocks
2324 static off64_t offset = -1;
2325
2326 // Need to close existing 'Encrypting from' log?
2327 if (completed || (offset != -1 && data->offset != offset)) {
2328 SLOGI("Encrypted to sector %" PRId64,
2329 offset / info.block_size * CRYPT_SECTOR_SIZE);
2330 offset = -1;
2331 }
2332
2333 // Need to start new 'Encrypting from' log?
2334 if (!completed && offset != data->offset) {
2335 SLOGI("Encrypting from sector %" PRId64,
2336 data->offset / info.block_size * CRYPT_SECTOR_SIZE);
2337 }
2338
2339 // Update offset
2340 if (!completed) {
2341 offset = data->offset + (off64_t)data->count * info.block_size;
2342 }
2343}
2344
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002345static int flush_outstanding_data(struct encryptGroupsData* data)
2346{
2347 if (data->count == 0) {
2348 return 0;
2349 }
2350
Elliott Hughes231bdba2014-06-25 18:36:19 -07002351 SLOGV("Copying %d blocks at offset %" PRIx64, data->count, data->offset);
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002352
2353 if (pread64(data->realfd, data->buffer,
2354 info.block_size * data->count, data->offset)
2355 <= 0) {
2356 SLOGE("Error reading real_blkdev %s for inplace encrypt",
2357 data->real_blkdev);
2358 return -1;
2359 }
2360
2361 if (pwrite64(data->cryptofd, data->buffer,
2362 info.block_size * data->count, data->offset)
2363 <= 0) {
2364 SLOGE("Error writing crypto_blkdev %s for inplace encrypt",
2365 data->crypto_blkdev);
2366 return -1;
Paul Lawrence87999172014-02-20 12:21:31 -08002367 } else {
Paul Lawrence3846be12014-09-22 11:33:54 -07002368 log_progress(data, false);
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002369 }
2370
2371 data->count = 0;
Paul Lawrence87999172014-02-20 12:21:31 -08002372 data->last_written_sector = (data->offset + data->count)
2373 / info.block_size * CRYPT_SECTOR_SIZE - 1;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002374 return 0;
2375}
2376
2377static int encrypt_groups(struct encryptGroupsData* data)
2378{
2379 unsigned int i;
2380 u8 *block_bitmap = 0;
2381 unsigned int block;
2382 off64_t ret;
2383 int rc = -1;
2384
2385 data->buffer = malloc(info.block_size * BLOCKS_AT_A_TIME);
2386 if (!data->buffer) {
2387 SLOGE("Failed to allocate crypto buffer");
2388 goto errout;
2389 }
2390
2391 block_bitmap = malloc(info.block_size);
2392 if (!block_bitmap) {
2393 SLOGE("failed to allocate block bitmap");
2394 goto errout;
2395 }
2396
2397 for (i = 0; i < aux_info.groups; ++i) {
2398 SLOGI("Encrypting group %d", i);
2399
2400 u32 first_block = aux_info.first_data_block + i * info.blocks_per_group;
2401 u32 block_count = min(info.blocks_per_group,
2402 aux_info.len_blocks - first_block);
2403
2404 off64_t offset = (u64)info.block_size
2405 * aux_info.bg_desc[i].bg_block_bitmap;
2406
2407 ret = pread64(data->realfd, block_bitmap, info.block_size, offset);
2408 if (ret != (int)info.block_size) {
2409 SLOGE("failed to read all of block group bitmap %d", i);
2410 goto errout;
2411 }
2412
2413 offset = (u64)info.block_size * first_block;
2414
2415 data->count = 0;
2416
2417 for (block = 0; block < block_count; block++) {
liminghaoaa08e582016-01-06 10:30:49 +08002418 int used = (aux_info.bg_desc[i].bg_flags & EXT4_BG_BLOCK_UNINIT) ?
2419 0 : bitmap_get_bit(block_bitmap, block);
Paul Lawrence58c58cf2014-06-04 13:12:21 -07002420 update_progress(data, used);
2421 if (used) {
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002422 if (data->count == 0) {
2423 data->offset = offset;
2424 }
2425 data->count++;
2426 } else {
2427 if (flush_outstanding_data(data)) {
2428 goto errout;
2429 }
2430 }
2431
2432 offset += info.block_size;
2433
2434 /* Write data if we are aligned or buffer size reached */
2435 if (offset % (info.block_size * BLOCKS_AT_A_TIME) == 0
2436 || data->count == BLOCKS_AT_A_TIME) {
2437 if (flush_outstanding_data(data)) {
2438 goto errout;
2439 }
2440 }
Paul Lawrence87999172014-02-20 12:21:31 -08002441
Paul Lawrence73d7a022014-06-09 14:10:09 -07002442 if (!is_battery_ok_to_continue()) {
Paul Lawrence87999172014-02-20 12:21:31 -08002443 SLOGE("Stopping encryption due to low battery");
2444 rc = 0;
2445 goto errout;
2446 }
2447
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002448 }
2449 if (flush_outstanding_data(data)) {
2450 goto errout;
2451 }
2452 }
2453
Paul Lawrence87999172014-02-20 12:21:31 -08002454 data->completed = 1;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002455 rc = 0;
2456
2457errout:
Paul Lawrence3846be12014-09-22 11:33:54 -07002458 log_progress(0, true);
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002459 free(data->buffer);
2460 free(block_bitmap);
2461 return rc;
2462}
2463
2464static int cryptfs_enable_inplace_ext4(char *crypto_blkdev,
2465 char *real_blkdev,
2466 off64_t size,
2467 off64_t *size_already_done,
Paul Lawrence87999172014-02-20 12:21:31 -08002468 off64_t tot_size,
2469 off64_t previously_encrypted_upto)
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002470{
Paul Lawrence58c58cf2014-06-04 13:12:21 -07002471 u32 i;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002472 struct encryptGroupsData data;
Paul Lawrence74f29f12014-08-28 15:54:10 -07002473 int rc; // Can't initialize without causing warning -Wclobbered
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002474
Paul Lawrence87999172014-02-20 12:21:31 -08002475 if (previously_encrypted_upto > *size_already_done) {
2476 SLOGD("Not fast encrypting since resuming part way through");
2477 return -1;
2478 }
2479
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002480 memset(&data, 0, sizeof(data));
2481 data.real_blkdev = real_blkdev;
2482 data.crypto_blkdev = crypto_blkdev;
2483
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07002484 if ( (data.realfd = open(real_blkdev, O_RDWR|O_CLOEXEC)) < 0) {
JP Abgrall3334c6a2014-10-10 15:52:11 -07002485 SLOGE("Error opening real_blkdev %s for inplace encrypt. err=%d(%s)\n",
2486 real_blkdev, errno, strerror(errno));
Paul Lawrence74f29f12014-08-28 15:54:10 -07002487 rc = -1;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002488 goto errout;
2489 }
2490
David Ng82fd8042015-01-21 13:55:21 -08002491 // Wait until the block device appears. Re-use the mount retry values since it is reasonable.
2492 int retries = RETRY_MOUNT_ATTEMPTS;
2493 while ((data.cryptofd = open(crypto_blkdev, O_WRONLY|O_CLOEXEC)) < 0) {
2494 if (--retries) {
2495 SLOGE("Error opening crypto_blkdev %s for ext4 inplace encrypt. err=%d(%s), retrying\n",
2496 crypto_blkdev, errno, strerror(errno));
2497 sleep(RETRY_MOUNT_DELAY_SECONDS);
2498 } else {
2499 SLOGE("Error opening crypto_blkdev %s for ext4 inplace encrypt. err=%d(%s)\n",
2500 crypto_blkdev, errno, strerror(errno));
2501 rc = ENABLE_INPLACE_ERR_DEV;
2502 goto errout;
2503 }
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002504 }
2505
2506 if (setjmp(setjmp_env)) {
JP Abgrall7fc1de82014-10-10 18:43:41 -07002507 SLOGE("Reading ext4 extent caused an exception\n");
Paul Lawrence74f29f12014-08-28 15:54:10 -07002508 rc = -1;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002509 goto errout;
2510 }
2511
2512 if (read_ext(data.realfd, 0) != 0) {
JP Abgrall7fc1de82014-10-10 18:43:41 -07002513 SLOGE("Failed to read ext4 extent\n");
Paul Lawrence74f29f12014-08-28 15:54:10 -07002514 rc = -1;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002515 goto errout;
2516 }
2517
2518 data.numblocks = size / CRYPT_SECTORS_PER_BUFSIZE;
2519 data.tot_numblocks = tot_size / CRYPT_SECTORS_PER_BUFSIZE;
2520 data.blocks_already_done = *size_already_done / CRYPT_SECTORS_PER_BUFSIZE;
2521
JP Abgrall7fc1de82014-10-10 18:43:41 -07002522 SLOGI("Encrypting ext4 filesystem in place...");
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002523
Paul Lawrence58c58cf2014-06-04 13:12:21 -07002524 data.tot_used_blocks = data.numblocks;
2525 for (i = 0; i < aux_info.groups; ++i) {
2526 data.tot_used_blocks -= aux_info.bg_desc[i].bg_free_blocks_count;
2527 }
2528
2529 data.one_pct = data.tot_used_blocks / 100;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002530 data.cur_pct = 0;
Paul Lawrence9c58a872014-09-30 09:12:51 -07002531
2532 struct timespec time_started = {0};
2533 if (clock_gettime(CLOCK_MONOTONIC, &time_started)) {
2534 SLOGW("Error getting time at start");
2535 // Note - continue anyway - we'll run with 0
2536 }
2537 data.time_started = time_started.tv_sec;
Paul Lawrencea96d9c92014-06-04 14:05:01 -07002538 data.remaining_time = -1;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002539
2540 rc = encrypt_groups(&data);
2541 if (rc) {
2542 SLOGE("Error encrypting groups");
2543 goto errout;
2544 }
2545
Paul Lawrence87999172014-02-20 12:21:31 -08002546 *size_already_done += data.completed ? size : data.last_written_sector;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002547 rc = 0;
2548
2549errout:
2550 close(data.realfd);
2551 close(data.cryptofd);
2552
2553 return rc;
2554}
2555
Paul Lawrence3846be12014-09-22 11:33:54 -07002556static void log_progress_f2fs(u64 block, bool completed)
2557{
2558 // Precondition - if completed data = 0 else data != 0
2559
2560 // Track progress so we can skip logging blocks
2561 static u64 last_block = (u64)-1;
2562
2563 // Need to close existing 'Encrypting from' log?
2564 if (completed || (last_block != (u64)-1 && block != last_block + 1)) {
2565 SLOGI("Encrypted to block %" PRId64, last_block);
2566 last_block = -1;
2567 }
2568
2569 // Need to start new 'Encrypting from' log?
2570 if (!completed && (last_block == (u64)-1 || block != last_block + 1)) {
2571 SLOGI("Encrypting from block %" PRId64, block);
2572 }
2573
2574 // Update offset
2575 if (!completed) {
2576 last_block = block;
2577 }
2578}
2579
Daniel Rosenberge82df162014-08-15 22:19:23 +00002580static int encrypt_one_block_f2fs(u64 pos, void *data)
2581{
2582 struct encryptGroupsData *priv_dat = (struct encryptGroupsData *)data;
2583
2584 priv_dat->blocks_already_done = pos - 1;
2585 update_progress(priv_dat, 1);
2586
2587 off64_t offset = pos * CRYPT_INPLACE_BUFSIZE;
2588
2589 if (pread64(priv_dat->realfd, priv_dat->buffer, CRYPT_INPLACE_BUFSIZE, offset) <= 0) {
JP Abgrall7fc1de82014-10-10 18:43:41 -07002590 SLOGE("Error reading real_blkdev %s for f2fs inplace encrypt", priv_dat->crypto_blkdev);
Daniel Rosenberge82df162014-08-15 22:19:23 +00002591 return -1;
2592 }
2593
2594 if (pwrite64(priv_dat->cryptofd, priv_dat->buffer, CRYPT_INPLACE_BUFSIZE, offset) <= 0) {
JP Abgrall7fc1de82014-10-10 18:43:41 -07002595 SLOGE("Error writing crypto_blkdev %s for f2fs inplace encrypt", priv_dat->crypto_blkdev);
Daniel Rosenberge82df162014-08-15 22:19:23 +00002596 return -1;
2597 } else {
Paul Lawrence3846be12014-09-22 11:33:54 -07002598 log_progress_f2fs(pos, false);
Daniel Rosenberge82df162014-08-15 22:19:23 +00002599 }
2600
2601 return 0;
2602}
2603
2604static int cryptfs_enable_inplace_f2fs(char *crypto_blkdev,
2605 char *real_blkdev,
2606 off64_t size,
2607 off64_t *size_already_done,
2608 off64_t tot_size,
2609 off64_t previously_encrypted_upto)
2610{
Daniel Rosenberge82df162014-08-15 22:19:23 +00002611 struct encryptGroupsData data;
2612 struct f2fs_info *f2fs_info = NULL;
JP Abgrall7fc1de82014-10-10 18:43:41 -07002613 int rc = ENABLE_INPLACE_ERR_OTHER;
Daniel Rosenberge82df162014-08-15 22:19:23 +00002614 if (previously_encrypted_upto > *size_already_done) {
2615 SLOGD("Not fast encrypting since resuming part way through");
JP Abgrall7fc1de82014-10-10 18:43:41 -07002616 return ENABLE_INPLACE_ERR_OTHER;
Daniel Rosenberge82df162014-08-15 22:19:23 +00002617 }
2618 memset(&data, 0, sizeof(data));
2619 data.real_blkdev = real_blkdev;
2620 data.crypto_blkdev = crypto_blkdev;
2621 data.realfd = -1;
2622 data.cryptofd = -1;
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07002623 if ( (data.realfd = open64(real_blkdev, O_RDWR|O_CLOEXEC)) < 0) {
JP Abgrall7fc1de82014-10-10 18:43:41 -07002624 SLOGE("Error opening real_blkdev %s for f2fs inplace encrypt\n",
Daniel Rosenberge82df162014-08-15 22:19:23 +00002625 real_blkdev);
2626 goto errout;
2627 }
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07002628 if ( (data.cryptofd = open64(crypto_blkdev, O_WRONLY|O_CLOEXEC)) < 0) {
JP Abgrall7fc1de82014-10-10 18:43:41 -07002629 SLOGE("Error opening crypto_blkdev %s for f2fs inplace encrypt. err=%d(%s)\n",
JP Abgrall3334c6a2014-10-10 15:52:11 -07002630 crypto_blkdev, errno, strerror(errno));
JP Abgrall7fc1de82014-10-10 18:43:41 -07002631 rc = ENABLE_INPLACE_ERR_DEV;
Daniel Rosenberge82df162014-08-15 22:19:23 +00002632 goto errout;
2633 }
2634
2635 f2fs_info = generate_f2fs_info(data.realfd);
2636 if (!f2fs_info)
2637 goto errout;
2638
2639 data.numblocks = size / CRYPT_SECTORS_PER_BUFSIZE;
2640 data.tot_numblocks = tot_size / CRYPT_SECTORS_PER_BUFSIZE;
2641 data.blocks_already_done = *size_already_done / CRYPT_SECTORS_PER_BUFSIZE;
2642
2643 data.tot_used_blocks = get_num_blocks_used(f2fs_info);
2644
2645 data.one_pct = data.tot_used_blocks / 100;
2646 data.cur_pct = 0;
2647 data.time_started = time(NULL);
2648 data.remaining_time = -1;
2649
2650 data.buffer = malloc(f2fs_info->block_size);
2651 if (!data.buffer) {
2652 SLOGE("Failed to allocate crypto buffer");
2653 goto errout;
2654 }
2655
2656 data.count = 0;
2657
2658 /* Currently, this either runs to completion, or hits a nonrecoverable error */
2659 rc = run_on_used_blocks(data.blocks_already_done, f2fs_info, &encrypt_one_block_f2fs, &data);
2660
2661 if (rc) {
JP Abgrall7fc1de82014-10-10 18:43:41 -07002662 SLOGE("Error in running over f2fs blocks");
2663 rc = ENABLE_INPLACE_ERR_OTHER;
Daniel Rosenberge82df162014-08-15 22:19:23 +00002664 goto errout;
2665 }
2666
2667 *size_already_done += size;
2668 rc = 0;
2669
2670errout:
2671 if (rc)
2672 SLOGE("Failed to encrypt f2fs filesystem on %s", real_blkdev);
2673
Paul Lawrence3846be12014-09-22 11:33:54 -07002674 log_progress_f2fs(0, true);
Daniel Rosenberge82df162014-08-15 22:19:23 +00002675 free(f2fs_info);
2676 free(data.buffer);
2677 close(data.realfd);
2678 close(data.cryptofd);
2679
2680 return rc;
2681}
2682
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002683static int cryptfs_enable_inplace_full(char *crypto_blkdev, char *real_blkdev,
2684 off64_t size, off64_t *size_already_done,
Paul Lawrence87999172014-02-20 12:21:31 -08002685 off64_t tot_size,
2686 off64_t previously_encrypted_upto)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002687{
2688 int realfd, cryptofd;
2689 char *buf[CRYPT_INPLACE_BUFSIZE];
JP Abgrall7fc1de82014-10-10 18:43:41 -07002690 int rc = ENABLE_INPLACE_ERR_OTHER;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002691 off64_t numblocks, i, remainder;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002692 off64_t one_pct, cur_pct, new_pct;
Ken Sumrall29d8da82011-05-18 17:20:07 -07002693 off64_t blocks_already_done, tot_numblocks;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002694
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07002695 if ( (realfd = open(real_blkdev, O_RDONLY|O_CLOEXEC)) < 0) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002696 SLOGE("Error opening real_blkdev %s for inplace encrypt\n", real_blkdev);
JP Abgrall7fc1de82014-10-10 18:43:41 -07002697 return ENABLE_INPLACE_ERR_OTHER;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002698 }
2699
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07002700 if ( (cryptofd = open(crypto_blkdev, O_WRONLY|O_CLOEXEC)) < 0) {
JP Abgrall3334c6a2014-10-10 15:52:11 -07002701 SLOGE("Error opening crypto_blkdev %s for inplace encrypt. err=%d(%s)\n",
2702 crypto_blkdev, errno, strerror(errno));
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002703 close(realfd);
JP Abgrall7fc1de82014-10-10 18:43:41 -07002704 return ENABLE_INPLACE_ERR_DEV;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002705 }
2706
2707 /* This is pretty much a simple loop of reading 4K, and writing 4K.
2708 * The size passed in is the number of 512 byte sectors in the filesystem.
2709 * So compute the number of whole 4K blocks we should read/write,
2710 * and the remainder.
2711 */
2712 numblocks = size / CRYPT_SECTORS_PER_BUFSIZE;
2713 remainder = size % CRYPT_SECTORS_PER_BUFSIZE;
Ken Sumrall29d8da82011-05-18 17:20:07 -07002714 tot_numblocks = tot_size / CRYPT_SECTORS_PER_BUFSIZE;
2715 blocks_already_done = *size_already_done / CRYPT_SECTORS_PER_BUFSIZE;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002716
2717 SLOGE("Encrypting filesystem in place...");
2718
Paul Lawrence87999172014-02-20 12:21:31 -08002719 i = previously_encrypted_upto + 1 - *size_already_done;
2720
2721 if (lseek64(realfd, i * CRYPT_SECTOR_SIZE, SEEK_SET) < 0) {
2722 SLOGE("Cannot seek to previously encrypted point on %s", real_blkdev);
2723 goto errout;
2724 }
2725
2726 if (lseek64(cryptofd, i * CRYPT_SECTOR_SIZE, SEEK_SET) < 0) {
2727 SLOGE("Cannot seek to previously encrypted point on %s", crypto_blkdev);
2728 goto errout;
2729 }
2730
2731 for (;i < size && i % CRYPT_SECTORS_PER_BUFSIZE != 0; ++i) {
2732 if (unix_read(realfd, buf, CRYPT_SECTOR_SIZE) <= 0) {
2733 SLOGE("Error reading initial sectors from real_blkdev %s for "
2734 "inplace encrypt\n", crypto_blkdev);
2735 goto errout;
2736 }
2737 if (unix_write(cryptofd, buf, CRYPT_SECTOR_SIZE) <= 0) {
2738 SLOGE("Error writing initial sectors to crypto_blkdev %s for "
2739 "inplace encrypt\n", crypto_blkdev);
2740 goto errout;
2741 } else {
Elliott Hughescb33f572014-06-25 18:25:11 -07002742 SLOGI("Encrypted 1 block at %" PRId64, i);
Paul Lawrence87999172014-02-20 12:21:31 -08002743 }
2744 }
2745
Ken Sumrall29d8da82011-05-18 17:20:07 -07002746 one_pct = tot_numblocks / 100;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002747 cur_pct = 0;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002748 /* process the majority of the filesystem in blocks */
Paul Lawrence87999172014-02-20 12:21:31 -08002749 for (i/=CRYPT_SECTORS_PER_BUFSIZE; i<numblocks; i++) {
Ken Sumrall29d8da82011-05-18 17:20:07 -07002750 new_pct = (i + blocks_already_done) / one_pct;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002751 if (new_pct > cur_pct) {
2752 char buf[8];
2753
2754 cur_pct = new_pct;
Elliott Hughes73737162014-06-25 17:27:42 -07002755 snprintf(buf, sizeof(buf), "%" PRId64, cur_pct);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002756 property_set("vold.encrypt_progress", buf);
2757 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002758 if (unix_read(realfd, buf, CRYPT_INPLACE_BUFSIZE) <= 0) {
Paul Lawrence87999172014-02-20 12:21:31 -08002759 SLOGE("Error reading real_blkdev %s for inplace encrypt", crypto_blkdev);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002760 goto errout;
2761 }
2762 if (unix_write(cryptofd, buf, CRYPT_INPLACE_BUFSIZE) <= 0) {
Paul Lawrence87999172014-02-20 12:21:31 -08002763 SLOGE("Error writing crypto_blkdev %s for inplace encrypt", crypto_blkdev);
2764 goto errout;
2765 } else {
Elliott Hughescb33f572014-06-25 18:25:11 -07002766 SLOGD("Encrypted %d block at %" PRId64,
Paul Lawrence87999172014-02-20 12:21:31 -08002767 CRYPT_SECTORS_PER_BUFSIZE,
2768 i * CRYPT_SECTORS_PER_BUFSIZE);
2769 }
2770
Paul Lawrence73d7a022014-06-09 14:10:09 -07002771 if (!is_battery_ok_to_continue()) {
Paul Lawrence87999172014-02-20 12:21:31 -08002772 SLOGE("Stopping encryption due to low battery");
2773 *size_already_done += (i + 1) * CRYPT_SECTORS_PER_BUFSIZE - 1;
2774 rc = 0;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002775 goto errout;
2776 }
2777 }
2778
2779 /* Do any remaining sectors */
2780 for (i=0; i<remainder; i++) {
Paul Lawrence87999172014-02-20 12:21:31 -08002781 if (unix_read(realfd, buf, CRYPT_SECTOR_SIZE) <= 0) {
2782 SLOGE("Error reading final sectors from real_blkdev %s for inplace encrypt", crypto_blkdev);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002783 goto errout;
2784 }
Paul Lawrence87999172014-02-20 12:21:31 -08002785 if (unix_write(cryptofd, buf, CRYPT_SECTOR_SIZE) <= 0) {
2786 SLOGE("Error writing final sectors to crypto_blkdev %s for inplace encrypt", crypto_blkdev);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002787 goto errout;
Paul Lawrence87999172014-02-20 12:21:31 -08002788 } else {
2789 SLOGI("Encrypted 1 block at next location");
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002790 }
2791 }
2792
Ken Sumrall29d8da82011-05-18 17:20:07 -07002793 *size_already_done += size;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002794 rc = 0;
2795
2796errout:
2797 close(realfd);
2798 close(cryptofd);
2799
2800 return rc;
2801}
2802
JP Abgrall7fc1de82014-10-10 18:43:41 -07002803/* returns on of the ENABLE_INPLACE_* return codes */
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002804static int cryptfs_enable_inplace(char *crypto_blkdev, char *real_blkdev,
2805 off64_t size, off64_t *size_already_done,
Paul Lawrence87999172014-02-20 12:21:31 -08002806 off64_t tot_size,
2807 off64_t previously_encrypted_upto)
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002808{
JP Abgrall7fc1de82014-10-10 18:43:41 -07002809 int rc_ext4, rc_f2fs, rc_full;
Paul Lawrence87999172014-02-20 12:21:31 -08002810 if (previously_encrypted_upto) {
Elliott Hughescb33f572014-06-25 18:25:11 -07002811 SLOGD("Continuing encryption from %" PRId64, previously_encrypted_upto);
Paul Lawrence87999172014-02-20 12:21:31 -08002812 }
2813
2814 if (*size_already_done + size < previously_encrypted_upto) {
2815 *size_already_done += size;
2816 return 0;
2817 }
2818
Daniel Rosenberge82df162014-08-15 22:19:23 +00002819 /* TODO: identify filesystem type.
2820 * As is, cryptfs_enable_inplace_ext4 will fail on an f2fs partition, and
2821 * then we will drop down to cryptfs_enable_inplace_f2fs.
2822 * */
JP Abgrall7fc1de82014-10-10 18:43:41 -07002823 if ((rc_ext4 = cryptfs_enable_inplace_ext4(crypto_blkdev, real_blkdev,
Daniel Rosenberge82df162014-08-15 22:19:23 +00002824 size, size_already_done,
JP Abgrall7fc1de82014-10-10 18:43:41 -07002825 tot_size, previously_encrypted_upto)) == 0) {
Daniel Rosenberge82df162014-08-15 22:19:23 +00002826 return 0;
2827 }
JP Abgrall7fc1de82014-10-10 18:43:41 -07002828 SLOGD("cryptfs_enable_inplace_ext4()=%d\n", rc_ext4);
Daniel Rosenberge82df162014-08-15 22:19:23 +00002829
JP Abgrall7fc1de82014-10-10 18:43:41 -07002830 if ((rc_f2fs = cryptfs_enable_inplace_f2fs(crypto_blkdev, real_blkdev,
Daniel Rosenberge82df162014-08-15 22:19:23 +00002831 size, size_already_done,
JP Abgrall7fc1de82014-10-10 18:43:41 -07002832 tot_size, previously_encrypted_upto)) == 0) {
Daniel Rosenberge82df162014-08-15 22:19:23 +00002833 return 0;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002834 }
JP Abgrall7fc1de82014-10-10 18:43:41 -07002835 SLOGD("cryptfs_enable_inplace_f2fs()=%d\n", rc_f2fs);
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002836
JP Abgrall7fc1de82014-10-10 18:43:41 -07002837 rc_full = cryptfs_enable_inplace_full(crypto_blkdev, real_blkdev,
Paul Lawrence87999172014-02-20 12:21:31 -08002838 size, size_already_done, tot_size,
2839 previously_encrypted_upto);
JP Abgrall7fc1de82014-10-10 18:43:41 -07002840 SLOGD("cryptfs_enable_inplace_full()=%d\n", rc_full);
2841
2842 /* Hack for b/17898962, the following is the symptom... */
2843 if (rc_ext4 == ENABLE_INPLACE_ERR_DEV
2844 && rc_f2fs == ENABLE_INPLACE_ERR_DEV
2845 && rc_full == ENABLE_INPLACE_ERR_DEV) {
2846 return ENABLE_INPLACE_ERR_DEV;
2847 }
2848 return rc_full;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002849}
2850
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002851#define CRYPTO_ENABLE_WIPE 1
2852#define CRYPTO_ENABLE_INPLACE 2
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002853
2854#define FRAMEWORK_BOOT_WAIT 60
2855
Paul Lawrence87999172014-02-20 12:21:31 -08002856static int cryptfs_SHA256_fileblock(const char* filename, __le8* buf)
2857{
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07002858 int fd = open(filename, O_RDONLY|O_CLOEXEC);
Paul Lawrence87999172014-02-20 12:21:31 -08002859 if (fd == -1) {
2860 SLOGE("Error opening file %s", filename);
2861 return -1;
2862 }
2863
2864 char block[CRYPT_INPLACE_BUFSIZE];
2865 memset(block, 0, sizeof(block));
2866 if (unix_read(fd, block, sizeof(block)) < 0) {
2867 SLOGE("Error reading file %s", filename);
2868 close(fd);
2869 return -1;
2870 }
2871
2872 close(fd);
2873
2874 SHA256_CTX c;
2875 SHA256_Init(&c);
2876 SHA256_Update(&c, block, sizeof(block));
2877 SHA256_Final(buf, &c);
2878
2879 return 0;
2880}
2881
JP Abgrall62c7af32014-06-16 13:01:23 -07002882static int get_fs_type(struct fstab_rec *rec)
2883{
2884 if (!strcmp(rec->fs_type, "ext4")) {
2885 return EXT4_FS;
2886 } else if (!strcmp(rec->fs_type, "f2fs")) {
2887 return F2FS_FS;
2888 } else {
2889 return -1;
2890 }
2891}
2892
Paul Lawrence87999172014-02-20 12:21:31 -08002893static int cryptfs_enable_all_volumes(struct crypt_mnt_ftr *crypt_ftr, int how,
2894 char *crypto_blkdev, char *real_blkdev,
2895 int previously_encrypted_upto)
2896{
2897 off64_t cur_encryption_done=0, tot_encryption_size=0;
Tim Murray8439dc92014-12-15 11:56:11 -08002898 int rc = -1;
Paul Lawrence87999172014-02-20 12:21:31 -08002899
Paul Lawrence73d7a022014-06-09 14:10:09 -07002900 if (!is_battery_ok_to_start()) {
2901 SLOGW("Not starting encryption due to low battery");
Paul Lawrence87999172014-02-20 12:21:31 -08002902 return 0;
2903 }
2904
2905 /* The size of the userdata partition, and add in the vold volumes below */
2906 tot_encryption_size = crypt_ftr->fs_size;
2907
2908 if (how == CRYPTO_ENABLE_WIPE) {
JP Abgrall62c7af32014-06-16 13:01:23 -07002909 struct fstab_rec* rec = fs_mgr_get_entry_for_mount_point(fstab, DATA_MNT_POINT);
2910 int fs_type = get_fs_type(rec);
2911 if (fs_type < 0) {
2912 SLOGE("cryptfs_enable: unsupported fs type %s\n", rec->fs_type);
2913 return -1;
2914 }
2915 rc = cryptfs_enable_wipe(crypto_blkdev, crypt_ftr->fs_size, fs_type);
Paul Lawrence87999172014-02-20 12:21:31 -08002916 } else if (how == CRYPTO_ENABLE_INPLACE) {
2917 rc = cryptfs_enable_inplace(crypto_blkdev, real_blkdev,
2918 crypt_ftr->fs_size, &cur_encryption_done,
2919 tot_encryption_size,
2920 previously_encrypted_upto);
2921
JP Abgrall7fc1de82014-10-10 18:43:41 -07002922 if (rc == ENABLE_INPLACE_ERR_DEV) {
2923 /* Hack for b/17898962 */
2924 SLOGE("cryptfs_enable: crypto block dev failure. Must reboot...\n");
2925 cryptfs_reboot(reboot);
2926 }
2927
Paul Lawrence73d7a022014-06-09 14:10:09 -07002928 if (!rc) {
Paul Lawrence87999172014-02-20 12:21:31 -08002929 crypt_ftr->encrypted_upto = cur_encryption_done;
2930 }
2931
Paul Lawrence73d7a022014-06-09 14:10:09 -07002932 if (!rc && crypt_ftr->encrypted_upto == crypt_ftr->fs_size) {
Paul Lawrence87999172014-02-20 12:21:31 -08002933 /* The inplace routine never actually sets the progress to 100% due
2934 * to the round down nature of integer division, so set it here */
2935 property_set("vold.encrypt_progress", "100");
2936 }
2937 } else {
2938 /* Shouldn't happen */
2939 SLOGE("cryptfs_enable: internal error, unknown option\n");
2940 rc = -1;
2941 }
2942
2943 return rc;
2944}
2945
Paul Lawrence13486032014-02-03 13:28:11 -08002946int cryptfs_enable_internal(char *howarg, int crypt_type, char *passwd,
Paul Lawrence569649f2015-09-09 12:13:00 -07002947 int no_ui)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002948{
2949 int how = 0;
Paul Lawrence87999172014-02-20 12:21:31 -08002950 char crypto_blkdev[MAXPATHLEN], real_blkdev[MAXPATHLEN];
Ken Sumrall160b4d62013-04-22 12:15:39 -07002951 unsigned char decrypted_master_key[KEY_LEN_BYTES];
Hiroaki Miyazawa14eab552015-02-04 13:29:15 +09002952 int rc=-1, i;
Paul Lawrence87999172014-02-20 12:21:31 -08002953 struct crypt_mnt_ftr crypt_ftr;
Ken Sumrall160b4d62013-04-22 12:15:39 -07002954 struct crypt_persist_data *pdata;
Ken Sumrall29d8da82011-05-18 17:20:07 -07002955 char encrypted_state[PROPERTY_VALUE_MAX];
Ken Sumrall5d4c68e2011-01-30 19:06:03 -08002956 char lockid[32] = { 0 };
Ken Sumrall29d8da82011-05-18 17:20:07 -07002957 char key_loc[PROPERTY_VALUE_MAX];
Ken Sumrall29d8da82011-05-18 17:20:07 -07002958 int num_vols;
Paul Lawrence87999172014-02-20 12:21:31 -08002959 off64_t previously_encrypted_upto = 0;
Paul Lawrence3d99eba2015-11-20 07:07:19 -08002960 bool rebootEncryption = false;
Ken Sumrall29d8da82011-05-18 17:20:07 -07002961
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002962 if (!strcmp(howarg, "wipe")) {
2963 how = CRYPTO_ENABLE_WIPE;
2964 } else if (! strcmp(howarg, "inplace")) {
2965 how = CRYPTO_ENABLE_INPLACE;
2966 } else {
2967 /* Shouldn't happen, as CommandListener vets the args */
Ken Sumrall3ed82362011-01-28 23:31:16 -08002968 goto error_unencrypted;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002969 }
2970
Paul Lawrence87999172014-02-20 12:21:31 -08002971 if (how == CRYPTO_ENABLE_INPLACE
Paul Lawrence3d99eba2015-11-20 07:07:19 -08002972 && get_crypt_ftr_and_key(&crypt_ftr) == 0) {
2973 if (crypt_ftr.flags & CRYPT_ENCRYPTION_IN_PROGRESS) {
2974 /* An encryption was underway and was interrupted */
2975 previously_encrypted_upto = crypt_ftr.encrypted_upto;
2976 crypt_ftr.encrypted_upto = 0;
2977 crypt_ftr.flags &= ~CRYPT_ENCRYPTION_IN_PROGRESS;
Paul Lawrence6bfed202014-07-28 12:47:22 -07002978
Paul Lawrence3d99eba2015-11-20 07:07:19 -08002979 /* At this point, we are in an inconsistent state. Until we successfully
2980 complete encryption, a reboot will leave us broken. So mark the
2981 encryption failed in case that happens.
2982 On successfully completing encryption, remove this flag */
2983 crypt_ftr.flags |= CRYPT_INCONSISTENT_STATE;
Paul Lawrence6bfed202014-07-28 12:47:22 -07002984
Paul Lawrence3d99eba2015-11-20 07:07:19 -08002985 put_crypt_ftr_and_key(&crypt_ftr);
2986 } else if (crypt_ftr.flags & CRYPT_FORCE_ENCRYPTION) {
2987 if (!check_ftr_sha(&crypt_ftr)) {
2988 memset(&crypt_ftr, 0, sizeof(crypt_ftr));
2989 put_crypt_ftr_and_key(&crypt_ftr);
2990 goto error_unencrypted;
2991 }
2992
2993 /* Doing a reboot-encryption*/
2994 crypt_ftr.flags &= ~CRYPT_FORCE_ENCRYPTION;
2995 crypt_ftr.flags |= CRYPT_FORCE_COMPLETE;
2996 rebootEncryption = true;
2997 }
Paul Lawrence87999172014-02-20 12:21:31 -08002998 }
2999
3000 property_get("ro.crypto.state", encrypted_state, "");
3001 if (!strcmp(encrypted_state, "encrypted") && !previously_encrypted_upto) {
3002 SLOGE("Device is already running encrypted, aborting");
3003 goto error_unencrypted;
3004 }
3005
3006 // TODO refactor fs_mgr_get_crypt_info to get both in one call
3007 fs_mgr_get_crypt_info(fstab, key_loc, 0, sizeof(key_loc));
Ken Sumrall56ad03c2013-02-13 13:00:19 -08003008 fs_mgr_get_crypt_info(fstab, 0, real_blkdev, sizeof(real_blkdev));
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003009
Ken Sumrall3ed82362011-01-28 23:31:16 -08003010 /* Get the size of the real block device */
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07003011 int fd = open(real_blkdev, O_RDONLY|O_CLOEXEC);
Hiroaki Miyazawa14eab552015-02-04 13:29:15 +09003012 if (fd == -1) {
3013 SLOGE("Cannot open block device %s\n", real_blkdev);
3014 goto error_unencrypted;
3015 }
3016 unsigned long nr_sec;
3017 get_blkdev_size(fd, &nr_sec);
3018 if (nr_sec == 0) {
Ken Sumrall3ed82362011-01-28 23:31:16 -08003019 SLOGE("Cannot get size of block device %s\n", real_blkdev);
3020 goto error_unencrypted;
3021 }
3022 close(fd);
3023
3024 /* If doing inplace encryption, make sure the orig fs doesn't include the crypto footer */
Ken Sumrall29d8da82011-05-18 17:20:07 -07003025 if ((how == CRYPTO_ENABLE_INPLACE) && (!strcmp(key_loc, KEY_IN_FOOTER))) {
Ken Sumrall3ed82362011-01-28 23:31:16 -08003026 unsigned int fs_size_sec, max_fs_size_sec;
Jim Millera70abc62014-08-15 02:00:45 +00003027 fs_size_sec = get_fs_size(real_blkdev);
Daniel Rosenberge82df162014-08-15 22:19:23 +00003028 if (fs_size_sec == 0)
3029 fs_size_sec = get_f2fs_filesystem_size_sec(real_blkdev);
3030
Paul Lawrence87999172014-02-20 12:21:31 -08003031 max_fs_size_sec = nr_sec - (CRYPT_FOOTER_OFFSET / CRYPT_SECTOR_SIZE);
Ken Sumrall3ed82362011-01-28 23:31:16 -08003032
3033 if (fs_size_sec > max_fs_size_sec) {
3034 SLOGE("Orig filesystem overlaps crypto footer region. Cannot encrypt in place.");
3035 goto error_unencrypted;
3036 }
3037 }
3038
Ken Sumrall5d4c68e2011-01-30 19:06:03 -08003039 /* Get a wakelock as this may take a while, and we don't want the
3040 * device to sleep on us. We'll grab a partial wakelock, and if the UI
3041 * wants to keep the screen on, it can grab a full wakelock.
3042 */
Ken Sumrall29d8da82011-05-18 17:20:07 -07003043 snprintf(lockid, sizeof(lockid), "enablecrypto%d", (int) getpid());
Ken Sumrall5d4c68e2011-01-30 19:06:03 -08003044 acquire_wake_lock(PARTIAL_WAKE_LOCK, lockid);
3045
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003046 /* The init files are setup to stop the class main and late start when
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003047 * vold sets trigger_shutdown_framework.
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003048 */
3049 property_set("vold.decrypt", "trigger_shutdown_framework");
3050 SLOGD("Just asked init to shut down class main\n");
3051
Jeff Sharkey9c484982015-03-31 10:35:33 -07003052 /* Ask vold to unmount all devices that it manages */
3053 if (vold_unmountAll()) {
3054 SLOGE("Failed to unmount all vold managed devices");
Ken Sumrall2eaf7132011-01-14 12:45:48 -08003055 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003056
Paul Lawrence3d99eba2015-11-20 07:07:19 -08003057 /* no_ui means we are being called from init, not settings.
3058 Now we always reboot from settings, so !no_ui means reboot
3059 */
3060 bool onlyCreateHeader = false;
3061 if (!no_ui) {
3062 /* Try fallback, which is to reboot and try there */
3063 onlyCreateHeader = true;
3064 FILE* breadcrumb = fopen(BREADCRUMB_FILE, "we");
3065 if (breadcrumb == 0) {
3066 SLOGE("Failed to create breadcrumb file");
3067 goto error_shutting_down;
3068 }
3069 fclose(breadcrumb);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003070 }
3071
3072 /* Do extra work for a better UX when doing the long inplace encryption */
Paul Lawrence3d99eba2015-11-20 07:07:19 -08003073 if (how == CRYPTO_ENABLE_INPLACE && !onlyCreateHeader) {
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003074 /* Now that /data is unmounted, we need to mount a tmpfs
3075 * /data, set a property saying we're doing inplace encryption,
3076 * and restart the framework.
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003077 */
Ken Sumralle5032c42012-04-01 23:58:44 -07003078 if (fs_mgr_do_tmpfs_mount(DATA_MNT_POINT)) {
Ken Sumrall3ed82362011-01-28 23:31:16 -08003079 goto error_shutting_down;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003080 }
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003081 /* Tells the framework that inplace encryption is starting */
Ken Sumrall7df84122011-01-18 14:04:08 -08003082 property_set("vold.encrypt_progress", "0");
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003083
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003084 /* restart the framework. */
3085 /* Create necessary paths on /data */
3086 if (prep_data_fs()) {
Ken Sumrall3ed82362011-01-28 23:31:16 -08003087 goto error_shutting_down;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003088 }
3089
Ken Sumrall92736ef2012-10-17 20:57:14 -07003090 /* Ugh, shutting down the framework is not synchronous, so until it
3091 * can be fixed, this horrible hack will wait a moment for it all to
3092 * shut down before proceeding. Without it, some devices cannot
3093 * restart the graphics services.
3094 */
3095 sleep(2);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003096 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003097
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003098 /* Start the actual work of making an encrypted filesystem */
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003099 /* Initialize a crypt_mnt_ftr for the partition */
Paul Lawrence3d99eba2015-11-20 07:07:19 -08003100 if (previously_encrypted_upto == 0 && !rebootEncryption) {
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07003101 if (cryptfs_init_crypt_mnt_ftr(&crypt_ftr)) {
3102 goto error_shutting_down;
3103 }
Ken Sumrall160b4d62013-04-22 12:15:39 -07003104
Paul Lawrence87999172014-02-20 12:21:31 -08003105 if (!strcmp(key_loc, KEY_IN_FOOTER)) {
3106 crypt_ftr.fs_size = nr_sec
3107 - (CRYPT_FOOTER_OFFSET / CRYPT_SECTOR_SIZE);
3108 } else {
3109 crypt_ftr.fs_size = nr_sec;
3110 }
Paul Lawrence6bfed202014-07-28 12:47:22 -07003111 /* At this point, we are in an inconsistent state. Until we successfully
3112 complete encryption, a reboot will leave us broken. So mark the
3113 encryption failed in case that happens.
3114 On successfully completing encryption, remove this flag */
Paul Lawrence3d99eba2015-11-20 07:07:19 -08003115 if (onlyCreateHeader) {
3116 crypt_ftr.flags |= CRYPT_FORCE_ENCRYPTION;
3117 } else {
3118 crypt_ftr.flags |= CRYPT_INCONSISTENT_STATE;
3119 }
Paul Lawrence87999172014-02-20 12:21:31 -08003120 crypt_ftr.crypt_type = crypt_type;
Ajay Dudani87701e22014-09-17 21:02:52 -07003121#ifndef CONFIG_HW_DISK_ENCRYPTION
3122 strlcpy((char *)crypt_ftr.crypto_type_name, "aes-cbc-essiv:sha256", MAX_CRYPTO_TYPE_NAME_LEN);
3123#else
3124 strlcpy((char *)crypt_ftr.crypto_type_name, "aes-xts", MAX_CRYPTO_TYPE_NAME_LEN);
3125
Iliyan Malchevbb7d9af2014-11-20 18:42:23 -08003126 rc = clear_hw_device_encryption_key();
Ajay Dudani87701e22014-09-17 21:02:52 -07003127 if (!rc) {
3128 SLOGE("Error clearing device encryption hardware key. rc = %d", rc);
3129 }
3130
3131 rc = set_hw_device_encryption_key(passwd,
3132 (char*) crypt_ftr.crypto_type_name);
3133 if (!rc) {
3134 SLOGE("Error initializing device encryption hardware key. rc = %d", rc);
3135 goto error_shutting_down;
3136 }
3137#endif
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003138
Paul Lawrence87999172014-02-20 12:21:31 -08003139 /* Make an encrypted master key */
Paul Lawrence3d99eba2015-11-20 07:07:19 -08003140 if (create_encrypted_random_key(onlyCreateHeader ? DEFAULT_PASSWORD : passwd,
3141 crypt_ftr.master_key, crypt_ftr.salt, &crypt_ftr)) {
Paul Lawrence87999172014-02-20 12:21:31 -08003142 SLOGE("Cannot create encrypted master key\n");
3143 goto error_shutting_down;
3144 }
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003145
Paul Lawrence3d99eba2015-11-20 07:07:19 -08003146 /* Replace scrypted intermediate key if we are preparing for a reboot */
3147 if (onlyCreateHeader) {
3148 unsigned char fake_master_key[KEY_LEN_BYTES];
3149 unsigned char encrypted_fake_master_key[KEY_LEN_BYTES];
3150 memset(fake_master_key, 0, sizeof(fake_master_key));
3151 encrypt_master_key(passwd, crypt_ftr.salt, fake_master_key,
3152 encrypted_fake_master_key, &crypt_ftr);
3153 }
3154
Paul Lawrence87999172014-02-20 12:21:31 -08003155 /* Write the key to the end of the partition */
3156 put_crypt_ftr_and_key(&crypt_ftr);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003157
Paul Lawrence87999172014-02-20 12:21:31 -08003158 /* If any persistent data has been remembered, save it.
3159 * If none, create a valid empty table and save that.
3160 */
3161 if (!persist_data) {
3162 pdata = malloc(CRYPT_PERSIST_DATA_SIZE);
3163 if (pdata) {
3164 init_empty_persist_data(pdata, CRYPT_PERSIST_DATA_SIZE);
3165 persist_data = pdata;
3166 }
3167 }
3168 if (persist_data) {
3169 save_persistent_data();
3170 }
Ken Sumrall160b4d62013-04-22 12:15:39 -07003171 }
3172
Paul Lawrence3d99eba2015-11-20 07:07:19 -08003173 if (onlyCreateHeader) {
3174 sleep(2);
3175 cryptfs_reboot(reboot);
3176 }
3177
3178 if (how == CRYPTO_ENABLE_INPLACE && (!no_ui || rebootEncryption)) {
Ajay Dudani87701e22014-09-17 21:02:52 -07003179 /* startup service classes main and late_start */
3180 property_set("vold.decrypt", "trigger_restart_min_framework");
3181 SLOGD("Just triggered restart_min_framework\n");
3182
3183 /* OK, the framework is restarted and will soon be showing a
3184 * progress bar. Time to setup an encrypted mapping, and
3185 * either write a new filesystem, or encrypt in place updating
3186 * the progress bar as we work.
3187 */
3188 }
3189
Paul Lawrenced0c7b172014-08-08 14:28:10 -07003190 decrypt_master_key(passwd, decrypted_master_key, &crypt_ftr, 0, 0);
Ken Sumrall29d8da82011-05-18 17:20:07 -07003191 create_crypto_blk_dev(&crypt_ftr, decrypted_master_key, real_blkdev, crypto_blkdev,
Paul Lawrence3d99eba2015-11-20 07:07:19 -08003192 CRYPTO_BLOCK_DEVICE);
Ken Sumrall29d8da82011-05-18 17:20:07 -07003193
Paul Lawrence87999172014-02-20 12:21:31 -08003194 /* If we are continuing, check checksums match */
3195 rc = 0;
3196 if (previously_encrypted_upto) {
3197 __le8 hash_first_block[SHA256_DIGEST_LENGTH];
3198 rc = cryptfs_SHA256_fileblock(crypto_blkdev, hash_first_block);
Ken Sumrall128626f2011-06-28 18:45:14 -07003199
Paul Lawrence87999172014-02-20 12:21:31 -08003200 if (!rc && memcmp(hash_first_block, crypt_ftr.hash_first_block,
3201 sizeof(hash_first_block)) != 0) {
3202 SLOGE("Checksums do not match - trigger wipe");
3203 rc = -1;
Ken Sumrall29d8da82011-05-18 17:20:07 -07003204 }
3205 }
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003206
Paul Lawrence87999172014-02-20 12:21:31 -08003207 if (!rc) {
3208 rc = cryptfs_enable_all_volumes(&crypt_ftr, how,
3209 crypto_blkdev, real_blkdev,
3210 previously_encrypted_upto);
3211 }
3212
3213 /* Calculate checksum if we are not finished */
Paul Lawrenceb1eb7a02014-11-25 14:57:32 -08003214 if (!rc && how == CRYPTO_ENABLE_INPLACE
3215 && crypt_ftr.encrypted_upto != crypt_ftr.fs_size) {
Paul Lawrence87999172014-02-20 12:21:31 -08003216 rc = cryptfs_SHA256_fileblock(crypto_blkdev,
3217 crypt_ftr.hash_first_block);
Paul Lawrence73d7a022014-06-09 14:10:09 -07003218 if (rc) {
Paul Lawrence87999172014-02-20 12:21:31 -08003219 SLOGE("Error calculating checksum for continuing encryption");
3220 rc = -1;
Ken Sumrall29d8da82011-05-18 17:20:07 -07003221 }
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003222 }
3223
3224 /* Undo the dm-crypt mapping whether we succeed or not */
Paul Lawrence3d99eba2015-11-20 07:07:19 -08003225 delete_crypto_blk_dev(CRYPTO_BLOCK_DEVICE);
Ken Sumrall29d8da82011-05-18 17:20:07 -07003226
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003227 if (! rc) {
3228 /* Success */
Paul Lawrence6bfed202014-07-28 12:47:22 -07003229 crypt_ftr.flags &= ~CRYPT_INCONSISTENT_STATE;
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08003230
Paul Lawrenceb1eb7a02014-11-25 14:57:32 -08003231 if (how == CRYPTO_ENABLE_INPLACE
3232 && crypt_ftr.encrypted_upto != crypt_ftr.fs_size) {
Paul Lawrence87999172014-02-20 12:21:31 -08003233 SLOGD("Encrypted up to sector %lld - will continue after reboot",
3234 crypt_ftr.encrypted_upto);
Paul Lawrence6bfed202014-07-28 12:47:22 -07003235 crypt_ftr.flags |= CRYPT_ENCRYPTION_IN_PROGRESS;
Paul Lawrence87999172014-02-20 12:21:31 -08003236 }
Paul Lawrence73d7a022014-06-09 14:10:09 -07003237
Paul Lawrence6bfed202014-07-28 12:47:22 -07003238 put_crypt_ftr_and_key(&crypt_ftr);
Ken Sumralld33d4172011-02-01 00:49:13 -08003239
Paul Lawrenceb1eb7a02014-11-25 14:57:32 -08003240 if (how == CRYPTO_ENABLE_WIPE
3241 || crypt_ftr.encrypted_upto == crypt_ftr.fs_size) {
Paul Lawrenceb6672e12014-08-15 07:37:28 -07003242 char value[PROPERTY_VALUE_MAX];
3243 property_get("ro.crypto.state", value, "");
3244 if (!strcmp(value, "")) {
3245 /* default encryption - continue first boot sequence */
3246 property_set("ro.crypto.state", "encrypted");
Paul Lawrence4ed45262016-03-10 15:44:21 -08003247 property_set("ro.crypto.type", "block");
Paul Lawrenceb6672e12014-08-15 07:37:28 -07003248 release_wake_lock(lockid);
Paul Lawrence3d99eba2015-11-20 07:07:19 -08003249 if (rebootEncryption && crypt_ftr.crypt_type != CRYPT_TYPE_DEFAULT) {
3250 // Bring up cryptkeeper that will check the password and set it
3251 property_set("vold.decrypt", "trigger_shutdown_framework");
3252 sleep(2);
3253 property_set("vold.encrypt_progress", "");
3254 cryptfs_trigger_restart_min_framework();
3255 } else {
3256 cryptfs_check_passwd(DEFAULT_PASSWORD);
3257 cryptfs_restart_internal(1);
3258 }
Paul Lawrenceb6672e12014-08-15 07:37:28 -07003259 return 0;
3260 } else {
3261 sleep(2); /* Give the UI a chance to show 100% progress */
Paul Lawrence87999172014-02-20 12:21:31 -08003262 cryptfs_reboot(reboot);
Paul Lawrenceb6672e12014-08-15 07:37:28 -07003263 }
Paul Lawrence87999172014-02-20 12:21:31 -08003264 } else {
Paul Lawrenceb6672e12014-08-15 07:37:28 -07003265 sleep(2); /* Partially encrypted, ensure writes flushed to ssd */
Paul Lawrence87999172014-02-20 12:21:31 -08003266 cryptfs_reboot(shutdown);
3267 }
Ken Sumrall3ed82362011-01-28 23:31:16 -08003268 } else {
Mike Lockwoodee6d8c42012-02-15 13:43:28 -08003269 char value[PROPERTY_VALUE_MAX];
3270
Ken Sumrall319369a2012-06-27 16:30:18 -07003271 property_get("ro.vold.wipe_on_crypt_fail", value, "0");
Mike Lockwoodee6d8c42012-02-15 13:43:28 -08003272 if (!strcmp(value, "1")) {
3273 /* wipe data if encryption failed */
3274 SLOGE("encryption failed - rebooting into recovery to wipe data\n");
Yabin Cuiffa2e092016-04-06 17:21:38 -07003275 if (!write_bootloader_message("--wipe_data\n--reason=cryptfs_enable_internal\n")) {
3276 SLOGE("could not write bootloader message\n");
Mike Lockwoodee6d8c42012-02-15 13:43:28 -08003277 }
Paul Lawrence87999172014-02-20 12:21:31 -08003278 cryptfs_reboot(recovery);
Mike Lockwoodee6d8c42012-02-15 13:43:28 -08003279 } else {
3280 /* set property to trigger dialog */
3281 property_set("vold.encrypt_progress", "error_partially_encrypted");
3282 release_wake_lock(lockid);
3283 }
Ken Sumrall3ed82362011-01-28 23:31:16 -08003284 return -1;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003285 }
3286
Ken Sumrall3ed82362011-01-28 23:31:16 -08003287 /* hrm, the encrypt step claims success, but the reboot failed.
3288 * This should not happen.
3289 * Set the property and return. Hope the framework can deal with it.
3290 */
3291 property_set("vold.encrypt_progress", "error_reboot_failed");
Ken Sumrall5d4c68e2011-01-30 19:06:03 -08003292 release_wake_lock(lockid);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003293 return rc;
Ken Sumrall3ed82362011-01-28 23:31:16 -08003294
3295error_unencrypted:
3296 property_set("vold.encrypt_progress", "error_not_encrypted");
Ken Sumrall5d4c68e2011-01-30 19:06:03 -08003297 if (lockid[0]) {
3298 release_wake_lock(lockid);
3299 }
Ken Sumrall3ed82362011-01-28 23:31:16 -08003300 return -1;
3301
3302error_shutting_down:
3303 /* we failed, and have not encrypted anthing, so the users's data is still intact,
3304 * but the framework is stopped and not restarted to show the error, so it's up to
3305 * vold to restart the system.
3306 */
3307 SLOGE("Error enabling encryption after framework is shutdown, no data changed, restarting system");
Paul Lawrence87999172014-02-20 12:21:31 -08003308 cryptfs_reboot(reboot);
Ken Sumrall3ed82362011-01-28 23:31:16 -08003309
3310 /* shouldn't get here */
3311 property_set("vold.encrypt_progress", "error_shutting_down");
Ken Sumrall5d4c68e2011-01-30 19:06:03 -08003312 if (lockid[0]) {
3313 release_wake_lock(lockid);
3314 }
Ken Sumrall3ed82362011-01-28 23:31:16 -08003315 return -1;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003316}
3317
Paul Lawrence569649f2015-09-09 12:13:00 -07003318int cryptfs_enable(char *howarg, int type, char *passwd, int no_ui)
Paul Lawrence13486032014-02-03 13:28:11 -08003319{
Paul Lawrence569649f2015-09-09 12:13:00 -07003320 return cryptfs_enable_internal(howarg, type, passwd, no_ui);
Paul Lawrence13486032014-02-03 13:28:11 -08003321}
3322
Paul Lawrence569649f2015-09-09 12:13:00 -07003323int cryptfs_enable_default(char *howarg, int no_ui)
Paul Lawrence13486032014-02-03 13:28:11 -08003324{
3325 return cryptfs_enable_internal(howarg, CRYPT_TYPE_DEFAULT,
Paul Lawrence569649f2015-09-09 12:13:00 -07003326 DEFAULT_PASSWORD, no_ui);
Paul Lawrence13486032014-02-03 13:28:11 -08003327}
3328
3329int cryptfs_changepw(int crypt_type, const char *newpw)
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003330{
Paul Crowley38132a12016-02-09 09:50:32 +00003331 if (e4crypt_is_native()) {
Paul Lawrence7b6b5652016-02-02 11:14:59 -08003332 SLOGE("cryptfs_changepw not valid for file encryption");
3333 return -1;
Paul Lawrence05335c32015-03-05 09:46:23 -08003334 }
3335
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003336 struct crypt_mnt_ftr crypt_ftr;
JP Abgrall933216c2015-02-11 13:44:32 -08003337 int rc;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003338
3339 /* This is only allowed after we've successfully decrypted the master key */
Paul Lawrencef4faa572014-01-29 13:31:03 -08003340 if (!master_key_saved) {
Ken Sumrall0cc16632011-01-18 20:32:26 -08003341 SLOGE("Key not saved, aborting");
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003342 return -1;
3343 }
3344
Paul Lawrencef4faa572014-01-29 13:31:03 -08003345 if (crypt_type < 0 || crypt_type > CRYPT_TYPE_MAX_TYPE) {
3346 SLOGE("Invalid crypt_type %d", crypt_type);
3347 return -1;
3348 }
3349
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003350 /* get key */
Ken Sumrall160b4d62013-04-22 12:15:39 -07003351 if (get_crypt_ftr_and_key(&crypt_ftr)) {
Paul Lawrencef4faa572014-01-29 13:31:03 -08003352 SLOGE("Error getting crypt footer and key");
3353 return -1;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003354 }
3355
Paul Lawrencef4faa572014-01-29 13:31:03 -08003356 crypt_ftr.crypt_type = crypt_type;
3357
JP Abgrall933216c2015-02-11 13:44:32 -08003358 rc = encrypt_master_key(crypt_type == CRYPT_TYPE_DEFAULT ? DEFAULT_PASSWORD
Paul Lawrencef4faa572014-01-29 13:31:03 -08003359 : newpw,
3360 crypt_ftr.salt,
3361 saved_master_key,
3362 crypt_ftr.master_key,
3363 &crypt_ftr);
JP Abgrall933216c2015-02-11 13:44:32 -08003364 if (rc) {
3365 SLOGE("Encrypt master key failed: %d", rc);
3366 return -1;
3367 }
Jason parks70a4b3f2011-01-28 10:10:47 -06003368 /* save the key */
Ken Sumrall160b4d62013-04-22 12:15:39 -07003369 put_crypt_ftr_and_key(&crypt_ftr);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003370
Ajay Dudani87701e22014-09-17 21:02:52 -07003371#ifdef CONFIG_HW_DISK_ENCRYPTION
Iliyan Malchevbb7d9af2014-11-20 18:42:23 -08003372 if (!strcmp((char *)crypt_ftr.crypto_type_name, "aes-xts")) {
3373 if (crypt_type == CRYPT_TYPE_DEFAULT) {
3374 int rc = update_hw_device_encryption_key(DEFAULT_PASSWORD, (char*) crypt_ftr.crypto_type_name);
3375 SLOGD("Update hardware encryption key to default for crypt_type: %d. rc = %d", crypt_type, rc);
3376 if (!rc)
3377 return -1;
3378 } else {
3379 int rc = update_hw_device_encryption_key(newpw, (char*) crypt_ftr.crypto_type_name);
3380 SLOGD("Update hardware encryption key for crypt_type: %d. rc = %d", crypt_type, rc);
3381 if (!rc)
3382 return -1;
3383 }
Ajay Dudani87701e22014-09-17 21:02:52 -07003384 }
3385#endif
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003386 return 0;
3387}
Ken Sumrall160b4d62013-04-22 12:15:39 -07003388
Rubin Xu85c01f92014-10-13 12:49:54 +01003389static unsigned int persist_get_max_entries(int encrypted) {
3390 struct crypt_mnt_ftr crypt_ftr;
3391 unsigned int dsize;
3392 unsigned int max_persistent_entries;
3393
3394 /* If encrypted, use the values from the crypt_ftr, otherwise
3395 * use the values for the current spec.
3396 */
3397 if (encrypted) {
3398 if (get_crypt_ftr_and_key(&crypt_ftr)) {
3399 return -1;
3400 }
3401 dsize = crypt_ftr.persist_data_size;
3402 } else {
3403 dsize = CRYPT_PERSIST_DATA_SIZE;
3404 }
3405
3406 max_persistent_entries = (dsize - sizeof(struct crypt_persist_data)) /
3407 sizeof(struct crypt_persist_entry);
3408
3409 return max_persistent_entries;
3410}
3411
3412static int persist_get_key(const char *fieldname, char *value)
Ken Sumrall160b4d62013-04-22 12:15:39 -07003413{
3414 unsigned int i;
3415
3416 if (persist_data == NULL) {
3417 return -1;
3418 }
3419 for (i = 0; i < persist_data->persist_valid_entries; i++) {
3420 if (!strncmp(persist_data->persist_entry[i].key, fieldname, PROPERTY_KEY_MAX)) {
3421 /* We found it! */
3422 strlcpy(value, persist_data->persist_entry[i].val, PROPERTY_VALUE_MAX);
3423 return 0;
3424 }
3425 }
3426
3427 return -1;
3428}
3429
Rubin Xu85c01f92014-10-13 12:49:54 +01003430static int persist_set_key(const char *fieldname, const char *value, int encrypted)
Ken Sumrall160b4d62013-04-22 12:15:39 -07003431{
3432 unsigned int i;
3433 unsigned int num;
Ken Sumrall160b4d62013-04-22 12:15:39 -07003434 unsigned int max_persistent_entries;
Ken Sumrall160b4d62013-04-22 12:15:39 -07003435
3436 if (persist_data == NULL) {
3437 return -1;
3438 }
3439
Rubin Xu85c01f92014-10-13 12:49:54 +01003440 max_persistent_entries = persist_get_max_entries(encrypted);
Ken Sumrall160b4d62013-04-22 12:15:39 -07003441
3442 num = persist_data->persist_valid_entries;
3443
3444 for (i = 0; i < num; i++) {
3445 if (!strncmp(persist_data->persist_entry[i].key, fieldname, PROPERTY_KEY_MAX)) {
3446 /* We found an existing entry, update it! */
3447 memset(persist_data->persist_entry[i].val, 0, PROPERTY_VALUE_MAX);
3448 strlcpy(persist_data->persist_entry[i].val, value, PROPERTY_VALUE_MAX);
3449 return 0;
3450 }
3451 }
3452
3453 /* We didn't find it, add it to the end, if there is room */
3454 if (persist_data->persist_valid_entries < max_persistent_entries) {
3455 memset(&persist_data->persist_entry[num], 0, sizeof(struct crypt_persist_entry));
3456 strlcpy(persist_data->persist_entry[num].key, fieldname, PROPERTY_KEY_MAX);
3457 strlcpy(persist_data->persist_entry[num].val, value, PROPERTY_VALUE_MAX);
3458 persist_data->persist_valid_entries++;
3459 return 0;
3460 }
3461
3462 return -1;
3463}
3464
Rubin Xu85c01f92014-10-13 12:49:54 +01003465/**
3466 * Test if key is part of the multi-entry (field, index) sequence. Return non-zero if key is in the
3467 * sequence and its index is greater than or equal to index. Return 0 otherwise.
3468 */
3469static int match_multi_entry(const char *key, const char *field, unsigned index) {
Rubin Xu85c01f92014-10-13 12:49:54 +01003470 unsigned int field_len;
3471 unsigned int key_index;
3472 field_len = strlen(field);
3473
3474 if (index == 0) {
3475 // The first key in a multi-entry field is just the filedname itself.
3476 if (!strcmp(key, field)) {
3477 return 1;
3478 }
3479 }
3480 // Match key against "%s_%d" % (field, index)
3481 if (strlen(key) < field_len + 1 + 1) {
3482 // Need at least a '_' and a digit.
3483 return 0;
3484 }
3485 if (strncmp(key, field, field_len)) {
3486 // If the key does not begin with field, it's not a match.
3487 return 0;
3488 }
3489 if (1 != sscanf(&key[field_len],"_%d", &key_index)) {
3490 return 0;
3491 }
3492 return key_index >= index;
3493}
3494
3495/*
3496 * Delete entry/entries from persist_data. If the entries are part of a multi-segment field, all
3497 * remaining entries starting from index will be deleted.
3498 * returns PERSIST_DEL_KEY_OK if deletion succeeds,
3499 * PERSIST_DEL_KEY_ERROR_NO_FIELD if the field does not exist,
3500 * and PERSIST_DEL_KEY_ERROR_OTHER if error occurs.
3501 *
3502 */
3503static int persist_del_keys(const char *fieldname, unsigned index)
3504{
3505 unsigned int i;
3506 unsigned int j;
3507 unsigned int num;
3508
3509 if (persist_data == NULL) {
3510 return PERSIST_DEL_KEY_ERROR_OTHER;
3511 }
3512
3513 num = persist_data->persist_valid_entries;
3514
3515 j = 0; // points to the end of non-deleted entries.
3516 // Filter out to-be-deleted entries in place.
3517 for (i = 0; i < num; i++) {
3518 if (!match_multi_entry(persist_data->persist_entry[i].key, fieldname, index)) {
3519 persist_data->persist_entry[j] = persist_data->persist_entry[i];
3520 j++;
3521 }
3522 }
3523
3524 if (j < num) {
3525 persist_data->persist_valid_entries = j;
3526 // Zeroise the remaining entries
3527 memset(&persist_data->persist_entry[j], 0, (num - j) * sizeof(struct crypt_persist_entry));
3528 return PERSIST_DEL_KEY_OK;
3529 } else {
3530 // Did not find an entry matching the given fieldname
3531 return PERSIST_DEL_KEY_ERROR_NO_FIELD;
3532 }
3533}
3534
3535static int persist_count_keys(const char *fieldname)
3536{
3537 unsigned int i;
3538 unsigned int count;
3539
3540 if (persist_data == NULL) {
3541 return -1;
3542 }
3543
3544 count = 0;
3545 for (i = 0; i < persist_data->persist_valid_entries; i++) {
3546 if (match_multi_entry(persist_data->persist_entry[i].key, fieldname, 0)) {
3547 count++;
3548 }
3549 }
3550
3551 return count;
3552}
3553
Ken Sumrall160b4d62013-04-22 12:15:39 -07003554/* Return the value of the specified field. */
Rubin Xu85c01f92014-10-13 12:49:54 +01003555int cryptfs_getfield(const char *fieldname, char *value, int len)
Ken Sumrall160b4d62013-04-22 12:15:39 -07003556{
Paul Crowley38132a12016-02-09 09:50:32 +00003557 if (e4crypt_is_native()) {
Paul Lawrence5a06a642016-02-03 13:39:13 -08003558 SLOGE("Cannot get field when file encrypted");
3559 return -1;
Paul Lawrence368d7942015-04-15 14:12:00 -07003560 }
3561
Ken Sumrall160b4d62013-04-22 12:15:39 -07003562 char temp_value[PROPERTY_VALUE_MAX];
Rubin Xu85c01f92014-10-13 12:49:54 +01003563 /* CRYPTO_GETFIELD_OK is success,
3564 * CRYPTO_GETFIELD_ERROR_NO_FIELD is value not set,
3565 * CRYPTO_GETFIELD_ERROR_BUF_TOO_SMALL is buffer (as given by len) too small,
3566 * CRYPTO_GETFIELD_ERROR_OTHER is any other error
Ken Sumrall160b4d62013-04-22 12:15:39 -07003567 */
Rubin Xu85c01f92014-10-13 12:49:54 +01003568 int rc = CRYPTO_GETFIELD_ERROR_OTHER;
3569 int i;
3570 char temp_field[PROPERTY_KEY_MAX];
Ken Sumrall160b4d62013-04-22 12:15:39 -07003571
3572 if (persist_data == NULL) {
3573 load_persistent_data();
3574 if (persist_data == NULL) {
3575 SLOGE("Getfield error, cannot load persistent data");
3576 goto out;
3577 }
3578 }
3579
Rubin Xu85c01f92014-10-13 12:49:54 +01003580 // Read value from persistent entries. If the original value is split into multiple entries,
3581 // stitch them back together.
Ken Sumrall160b4d62013-04-22 12:15:39 -07003582 if (!persist_get_key(fieldname, temp_value)) {
Rubin Xu85c01f92014-10-13 12:49:54 +01003583 // We found it, copy it to the caller's buffer and keep going until all entries are read.
3584 if (strlcpy(value, temp_value, len) >= (unsigned) len) {
3585 // value too small
3586 rc = CRYPTO_GETFIELD_ERROR_BUF_TOO_SMALL;
3587 goto out;
3588 }
3589 rc = CRYPTO_GETFIELD_OK;
3590
3591 for (i = 1; /* break explicitly */; i++) {
3592 if (snprintf(temp_field, sizeof(temp_field), "%s_%d", fieldname, i) >=
3593 (int) sizeof(temp_field)) {
3594 // If the fieldname is very long, we stop as soon as it begins to overflow the
3595 // maximum field length. At this point we have in fact fully read out the original
3596 // value because cryptfs_setfield would not allow fields with longer names to be
3597 // written in the first place.
3598 break;
3599 }
3600 if (!persist_get_key(temp_field, temp_value)) {
3601 if (strlcat(value, temp_value, len) >= (unsigned)len) {
3602 // value too small.
3603 rc = CRYPTO_GETFIELD_ERROR_BUF_TOO_SMALL;
3604 goto out;
3605 }
3606 } else {
3607 // Exhaust all entries.
3608 break;
3609 }
3610 }
Ken Sumrall160b4d62013-04-22 12:15:39 -07003611 } else {
3612 /* Sadness, it's not there. Return the error */
Rubin Xu85c01f92014-10-13 12:49:54 +01003613 rc = CRYPTO_GETFIELD_ERROR_NO_FIELD;
Ken Sumrall160b4d62013-04-22 12:15:39 -07003614 }
3615
3616out:
3617 return rc;
3618}
3619
3620/* Set the value of the specified field. */
Rubin Xu85c01f92014-10-13 12:49:54 +01003621int cryptfs_setfield(const char *fieldname, const char *value)
Ken Sumrall160b4d62013-04-22 12:15:39 -07003622{
Paul Crowley38132a12016-02-09 09:50:32 +00003623 if (e4crypt_is_native()) {
Paul Lawrence5a06a642016-02-03 13:39:13 -08003624 SLOGE("Cannot set field when file encrypted");
3625 return -1;
Paul Lawrence368d7942015-04-15 14:12:00 -07003626 }
3627
Ken Sumrall160b4d62013-04-22 12:15:39 -07003628 char encrypted_state[PROPERTY_VALUE_MAX];
Rubin Xu85c01f92014-10-13 12:49:54 +01003629 /* 0 is success, negative values are error */
3630 int rc = CRYPTO_SETFIELD_ERROR_OTHER;
Ken Sumrall160b4d62013-04-22 12:15:39 -07003631 int encrypted = 0;
Rubin Xu85c01f92014-10-13 12:49:54 +01003632 unsigned int field_id;
3633 char temp_field[PROPERTY_KEY_MAX];
3634 unsigned int num_entries;
3635 unsigned int max_keylen;
Ken Sumrall160b4d62013-04-22 12:15:39 -07003636
3637 if (persist_data == NULL) {
3638 load_persistent_data();
3639 if (persist_data == NULL) {
3640 SLOGE("Setfield error, cannot load persistent data");
3641 goto out;
3642 }
3643 }
3644
3645 property_get("ro.crypto.state", encrypted_state, "");
3646 if (!strcmp(encrypted_state, "encrypted") ) {
3647 encrypted = 1;
3648 }
3649
Rubin Xu85c01f92014-10-13 12:49:54 +01003650 // Compute the number of entries required to store value, each entry can store up to
3651 // (PROPERTY_VALUE_MAX - 1) chars
3652 if (strlen(value) == 0) {
3653 // Empty value also needs one entry to store.
3654 num_entries = 1;
3655 } else {
3656 num_entries = (strlen(value) + (PROPERTY_VALUE_MAX - 1) - 1) / (PROPERTY_VALUE_MAX - 1);
3657 }
3658
3659 max_keylen = strlen(fieldname);
3660 if (num_entries > 1) {
3661 // Need an extra "_%d" suffix.
3662 max_keylen += 1 + log10(num_entries);
3663 }
3664 if (max_keylen > PROPERTY_KEY_MAX - 1) {
3665 rc = CRYPTO_SETFIELD_ERROR_FIELD_TOO_LONG;
Ken Sumrall160b4d62013-04-22 12:15:39 -07003666 goto out;
3667 }
3668
Rubin Xu85c01f92014-10-13 12:49:54 +01003669 // Make sure we have enough space to write the new value
3670 if (persist_data->persist_valid_entries + num_entries - persist_count_keys(fieldname) >
3671 persist_get_max_entries(encrypted)) {
3672 rc = CRYPTO_SETFIELD_ERROR_VALUE_TOO_LONG;
3673 goto out;
3674 }
3675
3676 // Now that we know persist_data has enough space for value, let's delete the old field first
3677 // to make up space.
3678 persist_del_keys(fieldname, 0);
3679
3680 if (persist_set_key(fieldname, value, encrypted)) {
3681 // fail to set key, should not happen as we have already checked the available space
3682 SLOGE("persist_set_key() error during setfield()");
3683 goto out;
3684 }
3685
3686 for (field_id = 1; field_id < num_entries; field_id++) {
3687 snprintf(temp_field, sizeof(temp_field), "%s_%d", fieldname, field_id);
3688
3689 if (persist_set_key(temp_field, value + field_id * (PROPERTY_VALUE_MAX - 1), encrypted)) {
3690 // fail to set key, should not happen as we have already checked the available space.
3691 SLOGE("persist_set_key() error during setfield()");
3692 goto out;
3693 }
3694 }
3695
Ken Sumrall160b4d62013-04-22 12:15:39 -07003696 /* If we are running encrypted, save the persistent data now */
3697 if (encrypted) {
3698 if (save_persistent_data()) {
3699 SLOGE("Setfield error, cannot save persistent data");
3700 goto out;
3701 }
3702 }
3703
Rubin Xu85c01f92014-10-13 12:49:54 +01003704 rc = CRYPTO_SETFIELD_OK;
Ken Sumrall160b4d62013-04-22 12:15:39 -07003705
3706out:
3707 return rc;
3708}
Paul Lawrencef4faa572014-01-29 13:31:03 -08003709
3710/* Checks userdata. Attempt to mount the volume if default-
3711 * encrypted.
3712 * On success trigger next init phase and return 0.
3713 * Currently do not handle failure - see TODO below.
3714 */
3715int cryptfs_mount_default_encrypted(void)
3716{
Paul Lawrence84274cc2016-04-15 15:41:33 -07003717 int crypt_type = cryptfs_get_password_type();
3718 if (crypt_type < 0 || crypt_type > CRYPT_TYPE_MAX_TYPE) {
3719 SLOGE("Bad crypt type - error");
3720 } else if (crypt_type != CRYPT_TYPE_DEFAULT) {
3721 SLOGD("Password is not default - "
3722 "starting min framework to prompt");
3723 property_set("vold.decrypt", "trigger_restart_min_framework");
3724 return 0;
3725 } else if (cryptfs_check_passwd(DEFAULT_PASSWORD) == 0) {
3726 SLOGD("Password is default - restarting filesystem");
3727 cryptfs_restart_internal(0);
3728 return 0;
Paul Lawrencef4faa572014-01-29 13:31:03 -08003729 } else {
Paul Lawrence84274cc2016-04-15 15:41:33 -07003730 SLOGE("Encrypted, default crypt type but can't decrypt");
Paul Lawrencef4faa572014-01-29 13:31:03 -08003731 }
3732
Paul Lawrence6bfed202014-07-28 12:47:22 -07003733 /** Corrupt. Allow us to boot into framework, which will detect bad
3734 crypto when it calls do_crypto_complete, then do a factory reset
Paul Lawrencef4faa572014-01-29 13:31:03 -08003735 */
Paul Lawrence6bfed202014-07-28 12:47:22 -07003736 property_set("vold.decrypt", "trigger_restart_min_framework");
Paul Lawrencef4faa572014-01-29 13:31:03 -08003737 return 0;
3738}
3739
3740/* Returns type of the password, default, pattern, pin or password.
3741 */
3742int cryptfs_get_password_type(void)
3743{
Paul Crowley38132a12016-02-09 09:50:32 +00003744 if (e4crypt_is_native()) {
Paul Lawrence7b6b5652016-02-02 11:14:59 -08003745 SLOGE("cryptfs_get_password_type not valid for file encryption");
3746 return -1;
Paul Lawrence05335c32015-03-05 09:46:23 -08003747 }
3748
Paul Lawrencef4faa572014-01-29 13:31:03 -08003749 struct crypt_mnt_ftr crypt_ftr;
3750
3751 if (get_crypt_ftr_and_key(&crypt_ftr)) {
3752 SLOGE("Error getting crypt footer and key\n");
3753 return -1;
3754 }
3755
Paul Lawrence6bfed202014-07-28 12:47:22 -07003756 if (crypt_ftr.flags & CRYPT_INCONSISTENT_STATE) {
3757 return -1;
3758 }
3759
Paul Lawrencef4faa572014-01-29 13:31:03 -08003760 return crypt_ftr.crypt_type;
3761}
Paul Lawrence684dbdf2014-02-07 12:07:22 -08003762
Paul Lawrence05335c32015-03-05 09:46:23 -08003763const char* cryptfs_get_password()
Paul Lawrence684dbdf2014-02-07 12:07:22 -08003764{
Paul Crowley38132a12016-02-09 09:50:32 +00003765 if (e4crypt_is_native()) {
Paul Lawrence7b6b5652016-02-02 11:14:59 -08003766 SLOGE("cryptfs_get_password not valid for file encryption");
3767 return 0;
Paul Lawrence05335c32015-03-05 09:46:23 -08003768 }
3769
Paul Lawrence399317e2014-03-10 13:20:50 -07003770 struct timespec now;
Paul Lawrenceef2b5be2014-11-11 12:47:03 -08003771 clock_gettime(CLOCK_BOOTTIME, &now);
Paul Lawrence399317e2014-03-10 13:20:50 -07003772 if (now.tv_sec < password_expiry_time) {
3773 return password;
3774 } else {
3775 cryptfs_clear_password();
3776 return 0;
3777 }
3778}
3779
3780void cryptfs_clear_password()
3781{
3782 if (password) {
3783 size_t len = strlen(password);
3784 memset(password, 0, len);
3785 free(password);
3786 password = 0;
3787 password_expiry_time = 0;
3788 }
Paul Lawrence684dbdf2014-02-07 12:07:22 -08003789}
Paul Lawrence731a7a22015-04-28 22:14:15 +00003790
3791int cryptfs_enable_file()
3792{
Paul Crowley38132a12016-02-09 09:50:32 +00003793 return e4crypt_initialize_global_de();
Paul Lawrence731a7a22015-04-28 22:14:15 +00003794}
3795
Paul Lawrence0c247462015-10-29 10:30:57 -07003796int cryptfs_isConvertibleToFBE()
3797{
3798 struct fstab_rec* rec = fs_mgr_get_entry_for_mount_point(fstab, DATA_MNT_POINT);
3799 return fs_mgr_is_convertible_to_fbe(rec) ? 1 : 0;
3800}
3801
Paul Lawrence731a7a22015-04-28 22:14:15 +00003802int cryptfs_create_default_ftr(struct crypt_mnt_ftr* crypt_ftr, __attribute__((unused))int key_length)
3803{
3804 if (cryptfs_init_crypt_mnt_ftr(crypt_ftr)) {
3805 SLOGE("Failed to initialize crypt_ftr");
3806 return -1;
3807 }
3808
3809 if (create_encrypted_random_key(DEFAULT_PASSWORD, crypt_ftr->master_key,
3810 crypt_ftr->salt, crypt_ftr)) {
3811 SLOGE("Cannot create encrypted master key\n");
3812 return -1;
3813 }
3814
3815 //crypt_ftr->keysize = key_length / 8;
3816 return 0;
3817}
3818
3819int cryptfs_get_master_key(struct crypt_mnt_ftr* ftr, const char* password,
3820 unsigned char* master_key)
3821{
3822 int rc;
3823
Paul Lawrence731a7a22015-04-28 22:14:15 +00003824 unsigned char* intermediate_key = 0;
3825 size_t intermediate_key_size = 0;
Paul Lawrencec78c71b2015-04-14 15:26:29 -07003826
3827 if (password == 0 || *password == 0) {
3828 password = DEFAULT_PASSWORD;
3829 }
3830
Paul Lawrence731a7a22015-04-28 22:14:15 +00003831 rc = decrypt_master_key(password, master_key, ftr, &intermediate_key,
3832 &intermediate_key_size);
3833
Paul Lawrence300dae72016-03-11 11:02:52 -08003834 if (rc) {
3835 SLOGE("Can't calculate intermediate key");
3836 return rc;
3837 }
3838
Paul Lawrencec78c71b2015-04-14 15:26:29 -07003839 int N = 1 << ftr->N_factor;
3840 int r = 1 << ftr->r_factor;
3841 int p = 1 << ftr->p_factor;
3842
3843 unsigned char scrypted_intermediate_key[sizeof(ftr->scrypted_intermediate_key)];
3844
3845 rc = crypto_scrypt(intermediate_key, intermediate_key_size,
3846 ftr->salt, sizeof(ftr->salt), N, r, p,
3847 scrypted_intermediate_key,
3848 sizeof(scrypted_intermediate_key));
3849
3850 free(intermediate_key);
3851
3852 if (rc) {
Paul Lawrence300dae72016-03-11 11:02:52 -08003853 SLOGE("Can't scrypt intermediate key");
Paul Lawrencec78c71b2015-04-14 15:26:29 -07003854 return rc;
3855 }
3856
3857 return memcmp(scrypted_intermediate_key, ftr->scrypted_intermediate_key,
3858 intermediate_key_size);
Paul Lawrence731a7a22015-04-28 22:14:15 +00003859}
3860
3861int cryptfs_set_password(struct crypt_mnt_ftr* ftr, const char* password,
3862 const unsigned char* master_key)
3863{
3864 return encrypt_master_key(password, ftr->salt, master_key, ftr->master_key,
3865 ftr);
3866}
Paul Lawrence6e410592016-05-24 14:20:38 -07003867
3868const char* cryptfs_get_file_encryption_mode()
3869{
3870 struct fstab_rec* rec = fs_mgr_get_entry_for_mount_point(fstab, DATA_MNT_POINT);
3871 return fs_mgr_get_file_encryption_mode(rec);
3872}