blob: 33fa19b9eb218c459c3cd018083c02ce8230976b [file] [log] [blame]
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001/*
2 * Copyright (C) 2010 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17/* TO DO:
18 * 1. Perhaps keep several copies of the encrypted key, in case something
19 * goes horribly wrong?
20 *
21 */
22
23#include <sys/types.h>
Ken Sumralle550f782013-08-20 13:48:23 -070024#include <sys/wait.h>
Ken Sumrall8f869aa2010-12-03 03:47:09 -080025#include <sys/stat.h>
Paul Lawrencef4faa572014-01-29 13:31:03 -080026#include <ctype.h>
Ken Sumrall8f869aa2010-12-03 03:47:09 -080027#include <fcntl.h>
Elliott Hughes73737162014-06-25 17:27:42 -070028#include <inttypes.h>
Ken Sumrall8f869aa2010-12-03 03:47:09 -080029#include <unistd.h>
30#include <stdio.h>
31#include <sys/ioctl.h>
32#include <linux/dm-ioctl.h>
33#include <libgen.h>
34#include <stdlib.h>
35#include <sys/param.h>
36#include <string.h>
37#include <sys/mount.h>
38#include <openssl/evp.h>
Adam Langley41405bb2015-01-22 16:45:28 -080039#include <openssl/sha.h>
Ken Sumrall8f869aa2010-12-03 03:47:09 -080040#include <errno.h>
Ken Sumrall3ed82362011-01-28 23:31:16 -080041#include <ext4.h>
Ken Sumrall29d8da82011-05-18 17:20:07 -070042#include <linux/kdev_t.h>
Ken Sumralle5032c42012-04-01 23:58:44 -070043#include <fs_mgr.h>
Paul Lawrence9c58a872014-09-30 09:12:51 -070044#include <time.h>
Rubin Xu85c01f92014-10-13 12:49:54 +010045#include <math.h>
Ken Sumrall8f869aa2010-12-03 03:47:09 -080046#include "cryptfs.h"
47#define LOG_TAG "Cryptfs"
48#include "cutils/log.h"
49#include "cutils/properties.h"
Ken Sumralladfba362013-06-04 16:37:52 -070050#include "cutils/android_reboot.h"
Ken Sumrall5d4c68e2011-01-30 19:06:03 -080051#include "hardware_legacy/power.h"
Ken Sumralle550f782013-08-20 13:48:23 -070052#include <logwrap/logwrap.h>
Ken Sumrall29d8da82011-05-18 17:20:07 -070053#include "VolumeManager.h"
Ken Sumrall9caab762013-06-11 19:10:20 -070054#include "VoldUtil.h"
Kenny Rootc4c70f12013-06-14 12:11:38 -070055#include "crypto_scrypt.h"
Paul Lawrence731a7a22015-04-28 22:14:15 +000056#include "Ext4Crypt.h"
57#include "ext4_crypt_init_extensions.h"
Paul Lawrenceae59fe62014-01-21 08:23:27 -080058#include "ext4_utils.h"
Daniel Rosenberge82df162014-08-15 22:19:23 +000059#include "f2fs_sparseblock.h"
Paul Lawrence87999172014-02-20 12:21:31 -080060#include "CheckBattery.h"
jessica_yu3f14fe42014-09-22 15:57:40 +080061#include "Process.h"
Ken Sumrall8f869aa2010-12-03 03:47:09 -080062
Shawn Willden8af33352015-02-24 09:51:34 -070063#include <hardware/keymaster0.h>
Shawn Willdenda6e8992015-06-03 09:40:45 -060064#include <hardware/keymaster1.h>
Paul Lawrence69f4ebd2014-04-14 12:17:14 -070065
Mark Salyzyn3e971272014-01-21 13:27:04 -080066#define UNUSED __attribute__((unused))
67
Mark Salyzyn5eecc442014-02-12 14:16:14 -080068#define UNUSED __attribute__((unused))
69
Ajay Dudani87701e22014-09-17 21:02:52 -070070#ifdef CONFIG_HW_DISK_ENCRYPTION
71#include "cryptfs_hw.h"
72#endif
73
Ken Sumrall8f869aa2010-12-03 03:47:09 -080074#define DM_CRYPT_BUF_SIZE 4096
75
Jason parks70a4b3f2011-01-28 10:10:47 -060076#define HASH_COUNT 2000
77#define KEY_LEN_BYTES 16
78#define IV_LEN_BYTES 16
79
Ken Sumrall29d8da82011-05-18 17:20:07 -070080#define KEY_IN_FOOTER "footer"
81
Paul Lawrence3bd36d52015-06-09 13:37:44 -070082#define DEFAULT_PASSWORD "default_password"
Paul Lawrencef4faa572014-01-29 13:31:03 -080083
Ken Sumrall29d8da82011-05-18 17:20:07 -070084#define EXT4_FS 1
JP Abgrall62c7af32014-06-16 13:01:23 -070085#define F2FS_FS 2
Ken Sumrall29d8da82011-05-18 17:20:07 -070086
Ken Sumralle919efe2012-09-29 17:07:41 -070087#define TABLE_LOAD_RETRIES 10
88
Shawn Willden47ba10d2014-09-03 17:07:06 -060089#define RSA_KEY_SIZE 2048
90#define RSA_KEY_SIZE_BYTES (RSA_KEY_SIZE / 8)
91#define RSA_EXPONENT 0x10001
Shawn Willdenda6e8992015-06-03 09:40:45 -060092#define KEYMASTER_CRYPTFS_RATE_LIMIT 1 // Maximum one try per second
Paul Lawrence69f4ebd2014-04-14 12:17:14 -070093
Paul Lawrence8e3f4512014-09-08 10:11:17 -070094#define RETRY_MOUNT_ATTEMPTS 10
95#define RETRY_MOUNT_DELAY_SECONDS 1
96
Ken Sumrall8f869aa2010-12-03 03:47:09 -080097char *me = "cryptfs";
98
Jason parks70a4b3f2011-01-28 10:10:47 -060099static unsigned char saved_master_key[KEY_LEN_BYTES];
Ken Sumrall3ad90722011-10-04 20:38:29 -0700100static char *saved_mount_point;
Jason parks70a4b3f2011-01-28 10:10:47 -0600101static int master_key_saved = 0;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700102static struct crypt_persist_data *persist_data = NULL;
Ken Sumrall56ad03c2013-02-13 13:00:19 -0800103
Shawn Willdenda6e8992015-06-03 09:40:45 -0600104static int keymaster_init(keymaster0_device_t **keymaster0_dev,
105 keymaster1_device_t **keymaster1_dev)
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700106{
107 int rc;
108
109 const hw_module_t* mod;
110 rc = hw_get_module_by_class(KEYSTORE_HARDWARE_MODULE_ID, NULL, &mod);
111 if (rc) {
112 ALOGE("could not find any keystore module");
Shawn Willdenda6e8992015-06-03 09:40:45 -0600113 goto err;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700114 }
115
Shawn Willdenda6e8992015-06-03 09:40:45 -0600116 SLOGI("keymaster module name is %s", mod->name);
117 SLOGI("keymaster version is %d", mod->module_api_version);
118
119 *keymaster0_dev = NULL;
120 *keymaster1_dev = NULL;
121 if (mod->module_api_version == KEYMASTER_MODULE_API_VERSION_1_0) {
122 SLOGI("Found keymaster1 module, using keymaster1 API.");
123 rc = keymaster1_open(mod, keymaster1_dev);
124 } else {
125 SLOGI("Found keymaster0 module, using keymaster0 API.");
126 rc = keymaster0_open(mod, keymaster0_dev);
127 }
128
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700129 if (rc) {
130 ALOGE("could not open keymaster device in %s (%s)",
Shawn Willdenda6e8992015-06-03 09:40:45 -0600131 KEYSTORE_HARDWARE_MODULE_ID, strerror(-rc));
132 goto err;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700133 }
134
135 return 0;
136
Shawn Willdenda6e8992015-06-03 09:40:45 -0600137err:
138 *keymaster0_dev = NULL;
139 *keymaster1_dev = NULL;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700140 return rc;
141}
142
143/* Should we use keymaster? */
144static int keymaster_check_compatibility()
145{
Shawn Willdenda6e8992015-06-03 09:40:45 -0600146 keymaster0_device_t *keymaster0_dev = 0;
147 keymaster1_device_t *keymaster1_dev = 0;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700148 int rc = 0;
149
Shawn Willdenda6e8992015-06-03 09:40:45 -0600150 if (keymaster_init(&keymaster0_dev, &keymaster1_dev)) {
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700151 SLOGE("Failed to init keymaster");
152 rc = -1;
153 goto out;
154 }
155
Shawn Willdenda6e8992015-06-03 09:40:45 -0600156 if (keymaster1_dev) {
157 rc = 1;
158 goto out;
159 }
Paul Lawrence8c008392014-05-06 14:02:48 -0700160
Shawn Willdenda6e8992015-06-03 09:40:45 -0600161 // TODO(swillden): Check to see if there's any reason to require v0.3. I think v0.1 and v0.2
162 // should work.
163 if (keymaster0_dev->common.module->module_api_version
Paul Lawrence8c008392014-05-06 14:02:48 -0700164 < KEYMASTER_MODULE_API_VERSION_0_3) {
165 rc = 0;
166 goto out;
167 }
168
Shawn Willdenda6e8992015-06-03 09:40:45 -0600169 if (!(keymaster0_dev->flags & KEYMASTER_SOFTWARE_ONLY) &&
170 (keymaster0_dev->flags & KEYMASTER_BLOBS_ARE_STANDALONE)) {
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700171 rc = 1;
172 }
173
174out:
Shawn Willdenda6e8992015-06-03 09:40:45 -0600175 if (keymaster1_dev) {
176 keymaster1_close(keymaster1_dev);
177 }
178 if (keymaster0_dev) {
179 keymaster0_close(keymaster0_dev);
180 }
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700181 return rc;
182}
183
184/* Create a new keymaster key and store it in this footer */
185static int keymaster_create_key(struct crypt_mnt_ftr *ftr)
186{
187 uint8_t* key = 0;
Shawn Willdenda6e8992015-06-03 09:40:45 -0600188 keymaster0_device_t *keymaster0_dev = 0;
189 keymaster1_device_t *keymaster1_dev = 0;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700190
Shawn Willdenda6e8992015-06-03 09:40:45 -0600191 if (keymaster_init(&keymaster0_dev, &keymaster1_dev)) {
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700192 SLOGE("Failed to init keymaster");
193 return -1;
194 }
195
196 int rc = 0;
Shawn Willdenda6e8992015-06-03 09:40:45 -0600197 size_t key_size = 0;
198 if (keymaster1_dev) {
199 keymaster_key_param_t params[] = {
200 /* Algorithm & size specifications. Stick with RSA for now. Switch to AES later. */
201 keymaster_param_enum(KM_TAG_ALGORITHM, KM_ALGORITHM_RSA),
202 keymaster_param_int(KM_TAG_KEY_SIZE, RSA_KEY_SIZE),
203 keymaster_param_long(KM_TAG_RSA_PUBLIC_EXPONENT, RSA_EXPONENT),
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700204
Shawn Willden86af3552015-06-24 07:21:54 -0700205 /* The only allowed purpose for this key is signing. */
206 keymaster_param_enum(KM_TAG_PURPOSE, KM_PURPOSE_SIGN),
207
208 /* Padding & digest specifications. */
Shawn Willdenda6e8992015-06-03 09:40:45 -0600209 keymaster_param_enum(KM_TAG_PADDING, KM_PAD_NONE),
Shawn Willdenda6e8992015-06-03 09:40:45 -0600210 keymaster_param_enum(KM_TAG_DIGEST, KM_DIGEST_NONE),
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700211
Shawn Willdenda6e8992015-06-03 09:40:45 -0600212 /* Require that the key be usable in standalone mode. File system isn't available. */
213 keymaster_param_enum(KM_TAG_BLOB_USAGE_REQUIREMENTS, KM_BLOB_STANDALONE),
214
215 /* No auth requirements, because cryptfs is not yet integrated with gatekeeper. */
216 keymaster_param_bool(KM_TAG_NO_AUTH_REQUIRED),
217
Shawn Willdenda6e8992015-06-03 09:40:45 -0600218 /* Rate-limit key usage attempts, to rate-limit brute force */
219 keymaster_param_int(KM_TAG_MIN_SECONDS_BETWEEN_OPS, KEYMASTER_CRYPTFS_RATE_LIMIT),
220 };
221 keymaster_key_param_set_t param_set = { params, sizeof(params)/sizeof(*params) };
222 keymaster_key_blob_t key_blob;
223 keymaster_error_t error = keymaster1_dev->generate_key(keymaster1_dev, &param_set,
224 &key_blob,
225 NULL /* characteristics */);
226 if (error != KM_ERROR_OK) {
227 SLOGE("Failed to generate keymaster1 key, error %d", error);
228 rc = -1;
229 goto out;
230 }
231
232 key = (uint8_t*)key_blob.key_material;
233 key_size = key_blob.key_material_size;
234 }
235 else if (keymaster0_dev) {
236 keymaster_rsa_keygen_params_t params;
237 memset(&params, '\0', sizeof(params));
238 params.public_exponent = RSA_EXPONENT;
239 params.modulus_size = RSA_KEY_SIZE;
240
241 if (keymaster0_dev->generate_keypair(keymaster0_dev, TYPE_RSA, &params,
242 &key, &key_size)) {
243 SLOGE("Failed to generate keypair");
244 rc = -1;
245 goto out;
246 }
247 } else {
248 SLOGE("Cryptfs bug: keymaster_init succeeded but didn't initialize a device");
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700249 rc = -1;
250 goto out;
251 }
252
253 if (key_size > KEYMASTER_BLOB_SIZE) {
254 SLOGE("Keymaster key too large for crypto footer");
255 rc = -1;
256 goto out;
257 }
258
259 memcpy(ftr->keymaster_blob, key, key_size);
260 ftr->keymaster_blob_size = key_size;
261
262out:
Shawn Willdenda6e8992015-06-03 09:40:45 -0600263 if (keymaster0_dev)
264 keymaster0_close(keymaster0_dev);
265 if (keymaster1_dev)
266 keymaster1_close(keymaster1_dev);
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700267 free(key);
268 return rc;
269}
270
Shawn Willdene17a9c42014-09-08 13:04:08 -0600271/* This signs the given object using the keymaster key. */
272static int keymaster_sign_object(struct crypt_mnt_ftr *ftr,
Shawn Willden47ba10d2014-09-03 17:07:06 -0600273 const unsigned char *object,
274 const size_t object_size,
275 unsigned char **signature,
276 size_t *signature_size)
277{
278 int rc = 0;
Shawn Willdenda6e8992015-06-03 09:40:45 -0600279 keymaster0_device_t *keymaster0_dev = 0;
280 keymaster1_device_t *keymaster1_dev = 0;
281 if (keymaster_init(&keymaster0_dev, &keymaster1_dev)) {
Shawn Willden47ba10d2014-09-03 17:07:06 -0600282 SLOGE("Failed to init keymaster");
Shawn Willdenda6e8992015-06-03 09:40:45 -0600283 rc = -1;
284 goto out;
Shawn Willden47ba10d2014-09-03 17:07:06 -0600285 }
286
Shawn Willden47ba10d2014-09-03 17:07:06 -0600287 unsigned char to_sign[RSA_KEY_SIZE_BYTES];
Shawn Willdene17a9c42014-09-08 13:04:08 -0600288 size_t to_sign_size = sizeof(to_sign);
Shawn Willden47ba10d2014-09-03 17:07:06 -0600289 memset(to_sign, 0, RSA_KEY_SIZE_BYTES);
Shawn Willden47ba10d2014-09-03 17:07:06 -0600290
Shawn Willdene17a9c42014-09-08 13:04:08 -0600291 // To sign a message with RSA, the message must satisfy two
292 // constraints:
293 //
294 // 1. The message, when interpreted as a big-endian numeric value, must
295 // be strictly less than the public modulus of the RSA key. Note
296 // that because the most significant bit of the public modulus is
297 // guaranteed to be 1 (else it's an (n-1)-bit key, not an n-bit
298 // key), an n-bit message with most significant bit 0 always
299 // satisfies this requirement.
300 //
301 // 2. The message must have the same length in bits as the public
302 // modulus of the RSA key. This requirement isn't mathematically
303 // necessary, but is necessary to ensure consistency in
304 // implementations.
305 switch (ftr->kdf_type) {
Shawn Willdene17a9c42014-09-08 13:04:08 -0600306 case KDF_SCRYPT_KEYMASTER:
307 // This ensures the most significant byte of the signed message
308 // is zero. We could have zero-padded to the left instead, but
309 // this approach is slightly more robust against changes in
310 // object size. However, it's still broken (but not unusably
Shawn Willdenda6e8992015-06-03 09:40:45 -0600311 // so) because we really should be using a proper deterministic
312 // RSA padding function, such as PKCS1.
Shawn Willdene17a9c42014-09-08 13:04:08 -0600313 memcpy(to_sign + 1, object, min(RSA_KEY_SIZE_BYTES - 1, object_size));
314 SLOGI("Signing safely-padded object");
315 break;
316 default:
317 SLOGE("Unknown KDF type %d", ftr->kdf_type);
Shawn Willdenda6e8992015-06-03 09:40:45 -0600318 rc = -1;
319 goto out;
Shawn Willdene17a9c42014-09-08 13:04:08 -0600320 }
321
Shawn Willdenda6e8992015-06-03 09:40:45 -0600322 if (keymaster0_dev) {
323 keymaster_rsa_sign_params_t params;
324 params.digest_type = DIGEST_NONE;
325 params.padding_type = PADDING_NONE;
Shawn Willden47ba10d2014-09-03 17:07:06 -0600326
Shawn Willdenda6e8992015-06-03 09:40:45 -0600327 rc = keymaster0_dev->sign_data(keymaster0_dev,
328 &params,
329 ftr->keymaster_blob,
330 ftr->keymaster_blob_size,
331 to_sign,
332 to_sign_size,
333 signature,
334 signature_size);
335 goto out;
336 } else if (keymaster1_dev) {
337 keymaster_key_blob_t key = { ftr->keymaster_blob, ftr->keymaster_blob_size };
338 keymaster_key_param_t params[] = {
339 keymaster_param_enum(KM_TAG_PADDING, KM_PAD_NONE),
340 keymaster_param_enum(KM_TAG_DIGEST, KM_DIGEST_NONE),
341 };
342 keymaster_key_param_set_t param_set = { params, sizeof(params)/sizeof(*params) };
343 keymaster_operation_handle_t op_handle;
344 keymaster_error_t error = keymaster1_dev->begin(keymaster1_dev, KM_PURPOSE_SIGN, &key,
345 &param_set, NULL /* out_params */,
346 &op_handle);
Shawn Willden04170602015-06-18 12:26:59 -0600347 if (error == KM_ERROR_KEY_RATE_LIMIT_EXCEEDED) {
Shawn Willdenda6e8992015-06-03 09:40:45 -0600348 // Key usage has been rate-limited. Wait a bit and try again.
349 sleep(KEYMASTER_CRYPTFS_RATE_LIMIT);
350 error = keymaster1_dev->begin(keymaster1_dev, KM_PURPOSE_SIGN, &key,
351 &param_set, NULL /* out_params */,
352 &op_handle);
353 }
354 if (error != KM_ERROR_OK) {
355 SLOGE("Error starting keymaster signature transaction: %d", error);
356 rc = -1;
357 goto out;
358 }
359
360 keymaster_blob_t input = { to_sign, to_sign_size };
361 size_t input_consumed;
362 error = keymaster1_dev->update(keymaster1_dev, op_handle, NULL /* in_params */,
363 &input, &input_consumed, NULL /* out_params */,
364 NULL /* output */);
365 if (error != KM_ERROR_OK) {
366 SLOGE("Error sending data to keymaster signature transaction: %d", error);
367 rc = -1;
368 goto out;
369 }
370 if (input_consumed != to_sign_size) {
371 // This should never happen. If it does, it's a bug in the keymaster implementation.
372 SLOGE("Keymaster update() did not consume all data.");
373 keymaster1_dev->abort(keymaster1_dev, op_handle);
374 rc = -1;
375 goto out;
376 }
377
378 keymaster_blob_t tmp_sig;
379 error = keymaster1_dev->finish(keymaster1_dev, op_handle, NULL /* in_params */,
380 NULL /* verify signature */, NULL /* out_params */,
381 &tmp_sig);
382 if (error != KM_ERROR_OK) {
383 SLOGE("Error finishing keymaster signature transaction: %d", error);
384 rc = -1;
385 goto out;
386 }
387
388 *signature = (uint8_t*)tmp_sig.data;
389 *signature_size = tmp_sig.data_length;
390 } else {
391 SLOGE("Cryptfs bug: keymaster_init succeded but didn't initialize a device.");
392 rc = -1;
393 goto out;
394 }
395
396 out:
397 if (keymaster1_dev)
398 keymaster1_close(keymaster1_dev);
399 if (keymaster0_dev)
400 keymaster0_close(keymaster0_dev);
401
402 return rc;
Shawn Willden47ba10d2014-09-03 17:07:06 -0600403}
404
Paul Lawrence399317e2014-03-10 13:20:50 -0700405/* Store password when userdata is successfully decrypted and mounted.
406 * Cleared by cryptfs_clear_password
407 *
408 * To avoid a double prompt at boot, we need to store the CryptKeeper
409 * password and pass it to KeyGuard, which uses it to unlock KeyStore.
410 * Since the entire framework is torn down and rebuilt after encryption,
411 * we have to use a daemon or similar to store the password. Since vold
412 * is secured against IPC except from system processes, it seems a reasonable
413 * place to store this.
414 *
415 * password should be cleared once it has been used.
416 *
417 * password is aged out after password_max_age_seconds seconds.
Paul Lawrence684dbdf2014-02-07 12:07:22 -0800418 */
Paul Lawrence399317e2014-03-10 13:20:50 -0700419static char* password = 0;
420static int password_expiry_time = 0;
421static const int password_max_age_seconds = 60;
Paul Lawrence684dbdf2014-02-07 12:07:22 -0800422
Ken Sumrall56ad03c2013-02-13 13:00:19 -0800423extern struct fstab *fstab;
Ken Sumrall8ddbe402011-01-17 15:26:29 -0800424
Paul Lawrence87999172014-02-20 12:21:31 -0800425enum RebootType {reboot, recovery, shutdown};
426static void cryptfs_reboot(enum RebootType rt)
Ken Sumralladfba362013-06-04 16:37:52 -0700427{
Paul Lawrence87999172014-02-20 12:21:31 -0800428 switch(rt) {
429 case reboot:
430 property_set(ANDROID_RB_PROPERTY, "reboot");
431 break;
432
433 case recovery:
434 property_set(ANDROID_RB_PROPERTY, "reboot,recovery");
435 break;
436
437 case shutdown:
438 property_set(ANDROID_RB_PROPERTY, "shutdown");
439 break;
Ken Sumralladfba362013-06-04 16:37:52 -0700440 }
Paul Lawrence87999172014-02-20 12:21:31 -0800441
Ken Sumralladfba362013-06-04 16:37:52 -0700442 sleep(20);
443
444 /* Shouldn't get here, reboot should happen before sleep times out */
445 return;
446}
447
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800448static void ioctl_init(struct dm_ioctl *io, size_t dataSize, const char *name, unsigned flags)
449{
450 memset(io, 0, dataSize);
451 io->data_size = dataSize;
452 io->data_start = sizeof(struct dm_ioctl);
453 io->version[0] = 4;
454 io->version[1] = 0;
455 io->version[2] = 0;
456 io->flags = flags;
457 if (name) {
Marek Pola5e6b9142015-02-05 14:22:34 +0100458 strlcpy(io->name, name, sizeof(io->name));
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800459 }
460}
461
Kenny Rootc4c70f12013-06-14 12:11:38 -0700462/**
463 * Gets the default device scrypt parameters for key derivation time tuning.
464 * The parameters should lead to about one second derivation time for the
465 * given device.
466 */
467static void get_device_scrypt_params(struct crypt_mnt_ftr *ftr) {
468 const int default_params[] = SCRYPT_DEFAULTS;
469 int params[] = SCRYPT_DEFAULTS;
470 char paramstr[PROPERTY_VALUE_MAX];
471 char *token;
472 char *saveptr;
473 int i;
474
475 property_get(SCRYPT_PROP, paramstr, "");
476 if (paramstr[0] != '\0') {
477 /*
478 * The token we're looking for should be three integers separated by
479 * colons (e.g., "12:8:1"). Scan the property to make sure it matches.
480 */
Kenny Root2947e342013-08-14 15:54:49 -0700481 for (i = 0, token = strtok_r(paramstr, ":", &saveptr);
482 token != NULL && i < 3;
Kenny Rootc4c70f12013-06-14 12:11:38 -0700483 i++, token = strtok_r(NULL, ":", &saveptr)) {
484 char *endptr;
485 params[i] = strtol(token, &endptr, 10);
486
487 /*
488 * Check that there was a valid number and it's 8-bit. If not,
489 * break out and the end check will take the default values.
490 */
491 if ((*token == '\0') || (*endptr != '\0') || params[i] < 0 || params[i] > 255) {
492 break;
493 }
494 }
495
496 /*
497 * If there were not enough tokens or a token was malformed (not an
498 * integer), it will end up here and the default parameters can be
499 * taken.
500 */
501 if ((i != 3) || (token != NULL)) {
502 SLOGW("bad scrypt parameters '%s' should be like '12:8:1'; using defaults", paramstr);
503 memcpy(params, default_params, sizeof(params));
504 }
505 }
506
507 ftr->N_factor = params[0];
508 ftr->r_factor = params[1];
509 ftr->p_factor = params[2];
510}
511
Ken Sumrall3ed82362011-01-28 23:31:16 -0800512static unsigned int get_fs_size(char *dev)
513{
514 int fd, block_size;
515 struct ext4_super_block sb;
516 off64_t len;
517
Jeff Sharkeyce6a9132015-04-08 21:07:21 -0700518 if ((fd = open(dev, O_RDONLY|O_CLOEXEC)) < 0) {
Ken Sumrall3ed82362011-01-28 23:31:16 -0800519 SLOGE("Cannot open device to get filesystem size ");
520 return 0;
521 }
522
523 if (lseek64(fd, 1024, SEEK_SET) < 0) {
524 SLOGE("Cannot seek to superblock");
525 return 0;
526 }
527
528 if (read(fd, &sb, sizeof(sb)) != sizeof(sb)) {
529 SLOGE("Cannot read superblock");
530 return 0;
531 }
532
533 close(fd);
534
Daniel Rosenberge82df162014-08-15 22:19:23 +0000535 if (le32_to_cpu(sb.s_magic) != EXT4_SUPER_MAGIC) {
536 SLOGE("Not a valid ext4 superblock");
537 return 0;
538 }
Ken Sumrall3ed82362011-01-28 23:31:16 -0800539 block_size = 1024 << sb.s_log_block_size;
540 /* compute length in bytes */
541 len = ( ((off64_t)sb.s_blocks_count_hi << 32) + sb.s_blocks_count_lo) * block_size;
542
543 /* return length in sectors */
544 return (unsigned int) (len / 512);
545}
546
Ken Sumrall160b4d62013-04-22 12:15:39 -0700547static int get_crypt_ftr_info(char **metadata_fname, off64_t *off)
548{
549 static int cached_data = 0;
550 static off64_t cached_off = 0;
551 static char cached_metadata_fname[PROPERTY_VALUE_MAX] = "";
552 int fd;
553 char key_loc[PROPERTY_VALUE_MAX];
554 char real_blkdev[PROPERTY_VALUE_MAX];
Ken Sumrall160b4d62013-04-22 12:15:39 -0700555 int rc = -1;
556
557 if (!cached_data) {
558 fs_mgr_get_crypt_info(fstab, key_loc, real_blkdev, sizeof(key_loc));
559
560 if (!strcmp(key_loc, KEY_IN_FOOTER)) {
Jeff Sharkeyce6a9132015-04-08 21:07:21 -0700561 if ( (fd = open(real_blkdev, O_RDWR|O_CLOEXEC)) < 0) {
Ken Sumrall160b4d62013-04-22 12:15:39 -0700562 SLOGE("Cannot open real block device %s\n", real_blkdev);
563 return -1;
564 }
565
Hiroaki Miyazawa14eab552015-02-04 13:29:15 +0900566 unsigned long nr_sec = 0;
567 get_blkdev_size(fd, &nr_sec);
568 if (nr_sec != 0) {
Ken Sumrall160b4d62013-04-22 12:15:39 -0700569 /* If it's an encrypted Android partition, the last 16 Kbytes contain the
570 * encryption info footer and key, and plenty of bytes to spare for future
571 * growth.
572 */
573 strlcpy(cached_metadata_fname, real_blkdev, sizeof(cached_metadata_fname));
574 cached_off = ((off64_t)nr_sec * 512) - CRYPT_FOOTER_OFFSET;
575 cached_data = 1;
576 } else {
577 SLOGE("Cannot get size of block device %s\n", real_blkdev);
578 }
579 close(fd);
580 } else {
581 strlcpy(cached_metadata_fname, key_loc, sizeof(cached_metadata_fname));
582 cached_off = 0;
583 cached_data = 1;
584 }
585 }
586
587 if (cached_data) {
588 if (metadata_fname) {
589 *metadata_fname = cached_metadata_fname;
590 }
591 if (off) {
592 *off = cached_off;
593 }
594 rc = 0;
595 }
596
597 return rc;
598}
599
Ken Sumralle8744072011-01-18 22:01:55 -0800600/* key or salt can be NULL, in which case just skip writing that value. Useful to
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800601 * update the failed mount count but not change the key.
602 */
Ken Sumrall160b4d62013-04-22 12:15:39 -0700603static int put_crypt_ftr_and_key(struct crypt_mnt_ftr *crypt_ftr)
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800604{
605 int fd;
Tim Murray8439dc92014-12-15 11:56:11 -0800606 unsigned int cnt;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700607 /* starting_off is set to the SEEK_SET offset
608 * where the crypto structure starts
609 */
610 off64_t starting_off;
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800611 int rc = -1;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700612 char *fname = NULL;
Ken Sumrall3be890f2011-09-14 16:53:46 -0700613 struct stat statbuf;
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800614
Ken Sumrall160b4d62013-04-22 12:15:39 -0700615 if (get_crypt_ftr_info(&fname, &starting_off)) {
616 SLOGE("Unable to get crypt_ftr_info\n");
617 return -1;
618 }
619 if (fname[0] != '/') {
Ken Sumralle5032c42012-04-01 23:58:44 -0700620 SLOGE("Unexpected value for crypto key location\n");
Ken Sumrall160b4d62013-04-22 12:15:39 -0700621 return -1;
622 }
Jeff Sharkeyce6a9132015-04-08 21:07:21 -0700623 if ( (fd = open(fname, O_RDWR | O_CREAT|O_CLOEXEC, 0600)) < 0) {
Ken Sumralle550f782013-08-20 13:48:23 -0700624 SLOGE("Cannot open footer file %s for put\n", fname);
Ken Sumrall160b4d62013-04-22 12:15:39 -0700625 return -1;
626 }
627
628 /* Seek to the start of the crypt footer */
629 if (lseek64(fd, starting_off, SEEK_SET) == -1) {
630 SLOGE("Cannot seek to real block device footer\n");
631 goto errout;
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800632 }
633
634 if ((cnt = write(fd, crypt_ftr, sizeof(struct crypt_mnt_ftr))) != sizeof(struct crypt_mnt_ftr)) {
635 SLOGE("Cannot write real block device footer\n");
636 goto errout;
637 }
638
Ken Sumrall3be890f2011-09-14 16:53:46 -0700639 fstat(fd, &statbuf);
640 /* If the keys are kept on a raw block device, do not try to truncate it. */
Ken Sumralle550f782013-08-20 13:48:23 -0700641 if (S_ISREG(statbuf.st_mode)) {
Ken Sumrall29d8da82011-05-18 17:20:07 -0700642 if (ftruncate(fd, 0x4000)) {
Colin Cross59846b62014-02-06 20:34:29 -0800643 SLOGE("Cannot set footer file size\n");
Ken Sumralle8744072011-01-18 22:01:55 -0800644 goto errout;
645 }
646 }
647
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800648 /* Success! */
649 rc = 0;
650
651errout:
652 close(fd);
653 return rc;
654
655}
656
Ken Sumrall160b4d62013-04-22 12:15:39 -0700657static inline int unix_read(int fd, void* buff, int len)
658{
659 return TEMP_FAILURE_RETRY(read(fd, buff, len));
660}
661
662static inline int unix_write(int fd, const void* buff, int len)
663{
664 return TEMP_FAILURE_RETRY(write(fd, buff, len));
665}
666
667static void init_empty_persist_data(struct crypt_persist_data *pdata, int len)
668{
669 memset(pdata, 0, len);
670 pdata->persist_magic = PERSIST_DATA_MAGIC;
671 pdata->persist_valid_entries = 0;
672}
673
674/* A routine to update the passed in crypt_ftr to the lastest version.
675 * fd is open read/write on the device that holds the crypto footer and persistent
676 * data, crypt_ftr is a pointer to the struct to be updated, and offset is the
677 * absolute offset to the start of the crypt_mnt_ftr on the passed in fd.
678 */
679static void upgrade_crypt_ftr(int fd, struct crypt_mnt_ftr *crypt_ftr, off64_t offset)
680{
Kenny Root7434b312013-06-14 11:29:53 -0700681 int orig_major = crypt_ftr->major_version;
682 int orig_minor = crypt_ftr->minor_version;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700683
Kenny Root7434b312013-06-14 11:29:53 -0700684 if ((crypt_ftr->major_version == 1) && (crypt_ftr->minor_version == 0)) {
685 struct crypt_persist_data *pdata;
686 off64_t pdata_offset = offset + CRYPT_FOOTER_TO_PERSIST_OFFSET;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700687
Kenny Rootc4c70f12013-06-14 12:11:38 -0700688 SLOGW("upgrading crypto footer to 1.1");
689
Kenny Root7434b312013-06-14 11:29:53 -0700690 pdata = malloc(CRYPT_PERSIST_DATA_SIZE);
691 if (pdata == NULL) {
692 SLOGE("Cannot allocate persisent data\n");
693 return;
694 }
695 memset(pdata, 0, CRYPT_PERSIST_DATA_SIZE);
696
697 /* Need to initialize the persistent data area */
698 if (lseek64(fd, pdata_offset, SEEK_SET) == -1) {
699 SLOGE("Cannot seek to persisent data offset\n");
Henrik Baard91064632015-02-05 15:09:17 +0100700 free(pdata);
Kenny Root7434b312013-06-14 11:29:53 -0700701 return;
702 }
703 /* Write all zeros to the first copy, making it invalid */
704 unix_write(fd, pdata, CRYPT_PERSIST_DATA_SIZE);
705
706 /* Write a valid but empty structure to the second copy */
707 init_empty_persist_data(pdata, CRYPT_PERSIST_DATA_SIZE);
708 unix_write(fd, pdata, CRYPT_PERSIST_DATA_SIZE);
709
710 /* Update the footer */
711 crypt_ftr->persist_data_size = CRYPT_PERSIST_DATA_SIZE;
712 crypt_ftr->persist_data_offset[0] = pdata_offset;
713 crypt_ftr->persist_data_offset[1] = pdata_offset + CRYPT_PERSIST_DATA_SIZE;
714 crypt_ftr->minor_version = 1;
Henrik Baard91064632015-02-05 15:09:17 +0100715 free(pdata);
Ken Sumrall160b4d62013-04-22 12:15:39 -0700716 }
717
Paul Lawrencef4faa572014-01-29 13:31:03 -0800718 if ((crypt_ftr->major_version == 1) && (crypt_ftr->minor_version == 1)) {
Kenny Rootc4c70f12013-06-14 12:11:38 -0700719 SLOGW("upgrading crypto footer to 1.2");
JP Abgrall7bdfa522013-11-15 13:42:56 -0800720 /* But keep the old kdf_type.
721 * It will get updated later to KDF_SCRYPT after the password has been verified.
722 */
Kenny Rootc4c70f12013-06-14 12:11:38 -0700723 crypt_ftr->kdf_type = KDF_PBKDF2;
724 get_device_scrypt_params(crypt_ftr);
725 crypt_ftr->minor_version = 2;
726 }
727
Paul Lawrencef4faa572014-01-29 13:31:03 -0800728 if ((crypt_ftr->major_version == 1) && (crypt_ftr->minor_version == 2)) {
729 SLOGW("upgrading crypto footer to 1.3");
730 crypt_ftr->crypt_type = CRYPT_TYPE_PASSWORD;
731 crypt_ftr->minor_version = 3;
732 }
733
Kenny Root7434b312013-06-14 11:29:53 -0700734 if ((orig_major != crypt_ftr->major_version) || (orig_minor != crypt_ftr->minor_version)) {
735 if (lseek64(fd, offset, SEEK_SET) == -1) {
736 SLOGE("Cannot seek to crypt footer\n");
737 return;
738 }
739 unix_write(fd, crypt_ftr, sizeof(struct crypt_mnt_ftr));
Ken Sumrall160b4d62013-04-22 12:15:39 -0700740 }
Ken Sumrall160b4d62013-04-22 12:15:39 -0700741}
742
743
744static int get_crypt_ftr_and_key(struct crypt_mnt_ftr *crypt_ftr)
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800745{
746 int fd;
Tim Murray8439dc92014-12-15 11:56:11 -0800747 unsigned int cnt;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700748 off64_t starting_off;
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800749 int rc = -1;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700750 char *fname = NULL;
Ken Sumrall29d8da82011-05-18 17:20:07 -0700751 struct stat statbuf;
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800752
Ken Sumrall160b4d62013-04-22 12:15:39 -0700753 if (get_crypt_ftr_info(&fname, &starting_off)) {
754 SLOGE("Unable to get crypt_ftr_info\n");
755 return -1;
756 }
757 if (fname[0] != '/') {
Ken Sumralle5032c42012-04-01 23:58:44 -0700758 SLOGE("Unexpected value for crypto key location\n");
Ken Sumrall160b4d62013-04-22 12:15:39 -0700759 return -1;
760 }
Jeff Sharkeyce6a9132015-04-08 21:07:21 -0700761 if ( (fd = open(fname, O_RDWR|O_CLOEXEC)) < 0) {
Ken Sumralle550f782013-08-20 13:48:23 -0700762 SLOGE("Cannot open footer file %s for get\n", fname);
Ken Sumrall160b4d62013-04-22 12:15:39 -0700763 return -1;
764 }
765
766 /* Make sure it's 16 Kbytes in length */
767 fstat(fd, &statbuf);
768 if (S_ISREG(statbuf.st_mode) && (statbuf.st_size != 0x4000)) {
769 SLOGE("footer file %s is not the expected size!\n", fname);
770 goto errout;
771 }
772
773 /* Seek to the start of the crypt footer */
774 if (lseek64(fd, starting_off, SEEK_SET) == -1) {
775 SLOGE("Cannot seek to real block device footer\n");
776 goto errout;
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800777 }
778
779 if ( (cnt = read(fd, crypt_ftr, sizeof(struct crypt_mnt_ftr))) != sizeof(struct crypt_mnt_ftr)) {
780 SLOGE("Cannot read real block device footer\n");
781 goto errout;
782 }
783
784 if (crypt_ftr->magic != CRYPT_MNT_MAGIC) {
Ken Sumrall29d8da82011-05-18 17:20:07 -0700785 SLOGE("Bad magic for real block device %s\n", fname);
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800786 goto errout;
787 }
788
Kenny Rootc96a5f82013-06-14 12:08:28 -0700789 if (crypt_ftr->major_version != CURRENT_MAJOR_VERSION) {
790 SLOGE("Cannot understand major version %d real block device footer; expected %d\n",
791 crypt_ftr->major_version, CURRENT_MAJOR_VERSION);
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800792 goto errout;
793 }
794
Kenny Rootc96a5f82013-06-14 12:08:28 -0700795 if (crypt_ftr->minor_version > CURRENT_MINOR_VERSION) {
796 SLOGW("Warning: crypto footer minor version %d, expected <= %d, continuing...\n",
797 crypt_ftr->minor_version, CURRENT_MINOR_VERSION);
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800798 }
799
Ken Sumrall160b4d62013-04-22 12:15:39 -0700800 /* If this is a verion 1.0 crypt_ftr, make it a 1.1 crypt footer, and update the
801 * copy on disk before returning.
802 */
Kenny Rootc96a5f82013-06-14 12:08:28 -0700803 if (crypt_ftr->minor_version < CURRENT_MINOR_VERSION) {
Ken Sumrall160b4d62013-04-22 12:15:39 -0700804 upgrade_crypt_ftr(fd, crypt_ftr, starting_off);
Ken Sumralle8744072011-01-18 22:01:55 -0800805 }
806
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800807 /* Success! */
808 rc = 0;
809
810errout:
811 close(fd);
812 return rc;
813}
814
Ken Sumrall160b4d62013-04-22 12:15:39 -0700815static int validate_persistent_data_storage(struct crypt_mnt_ftr *crypt_ftr)
816{
817 if (crypt_ftr->persist_data_offset[0] + crypt_ftr->persist_data_size >
818 crypt_ftr->persist_data_offset[1]) {
819 SLOGE("Crypt_ftr persist data regions overlap");
820 return -1;
821 }
822
823 if (crypt_ftr->persist_data_offset[0] >= crypt_ftr->persist_data_offset[1]) {
824 SLOGE("Crypt_ftr persist data region 0 starts after region 1");
825 return -1;
826 }
827
828 if (((crypt_ftr->persist_data_offset[1] + crypt_ftr->persist_data_size) -
829 (crypt_ftr->persist_data_offset[0] - CRYPT_FOOTER_TO_PERSIST_OFFSET)) >
830 CRYPT_FOOTER_OFFSET) {
831 SLOGE("Persistent data extends past crypto footer");
832 return -1;
833 }
834
835 return 0;
836}
837
838static int load_persistent_data(void)
839{
840 struct crypt_mnt_ftr crypt_ftr;
841 struct crypt_persist_data *pdata = NULL;
842 char encrypted_state[PROPERTY_VALUE_MAX];
843 char *fname;
844 int found = 0;
845 int fd;
846 int ret;
847 int i;
848
849 if (persist_data) {
850 /* Nothing to do, we've already loaded or initialized it */
851 return 0;
852 }
853
854
855 /* If not encrypted, just allocate an empty table and initialize it */
856 property_get("ro.crypto.state", encrypted_state, "");
857 if (strcmp(encrypted_state, "encrypted") ) {
858 pdata = malloc(CRYPT_PERSIST_DATA_SIZE);
859 if (pdata) {
860 init_empty_persist_data(pdata, CRYPT_PERSIST_DATA_SIZE);
861 persist_data = pdata;
862 return 0;
863 }
864 return -1;
865 }
866
867 if(get_crypt_ftr_and_key(&crypt_ftr)) {
868 return -1;
869 }
870
Paul Lawrence8561b5c2014-03-17 14:10:51 -0700871 if ((crypt_ftr.major_version < 1)
872 || (crypt_ftr.major_version == 1 && crypt_ftr.minor_version < 1)) {
Ken Sumrall160b4d62013-04-22 12:15:39 -0700873 SLOGE("Crypt_ftr version doesn't support persistent data");
874 return -1;
875 }
876
877 if (get_crypt_ftr_info(&fname, NULL)) {
878 return -1;
879 }
880
881 ret = validate_persistent_data_storage(&crypt_ftr);
882 if (ret) {
883 return -1;
884 }
885
Jeff Sharkeyce6a9132015-04-08 21:07:21 -0700886 fd = open(fname, O_RDONLY|O_CLOEXEC);
Ken Sumrall160b4d62013-04-22 12:15:39 -0700887 if (fd < 0) {
888 SLOGE("Cannot open %s metadata file", fname);
889 return -1;
890 }
891
892 if (persist_data == NULL) {
893 pdata = malloc(crypt_ftr.persist_data_size);
894 if (pdata == NULL) {
895 SLOGE("Cannot allocate memory for persistent data");
896 goto err;
897 }
898 }
899
900 for (i = 0; i < 2; i++) {
901 if (lseek64(fd, crypt_ftr.persist_data_offset[i], SEEK_SET) < 0) {
902 SLOGE("Cannot seek to read persistent data on %s", fname);
903 goto err2;
904 }
905 if (unix_read(fd, pdata, crypt_ftr.persist_data_size) < 0){
906 SLOGE("Error reading persistent data on iteration %d", i);
907 goto err2;
908 }
909 if (pdata->persist_magic == PERSIST_DATA_MAGIC) {
910 found = 1;
911 break;
912 }
913 }
914
915 if (!found) {
916 SLOGI("Could not find valid persistent data, creating");
917 init_empty_persist_data(pdata, crypt_ftr.persist_data_size);
918 }
919
920 /* Success */
921 persist_data = pdata;
922 close(fd);
923 return 0;
924
925err2:
926 free(pdata);
927
928err:
929 close(fd);
930 return -1;
931}
932
933static int save_persistent_data(void)
934{
935 struct crypt_mnt_ftr crypt_ftr;
936 struct crypt_persist_data *pdata;
937 char *fname;
938 off64_t write_offset;
939 off64_t erase_offset;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700940 int fd;
941 int ret;
942
943 if (persist_data == NULL) {
944 SLOGE("No persistent data to save");
945 return -1;
946 }
947
948 if(get_crypt_ftr_and_key(&crypt_ftr)) {
949 return -1;
950 }
951
Paul Lawrence8561b5c2014-03-17 14:10:51 -0700952 if ((crypt_ftr.major_version < 1)
953 || (crypt_ftr.major_version == 1 && crypt_ftr.minor_version < 1)) {
Ken Sumrall160b4d62013-04-22 12:15:39 -0700954 SLOGE("Crypt_ftr version doesn't support persistent data");
955 return -1;
956 }
957
958 ret = validate_persistent_data_storage(&crypt_ftr);
959 if (ret) {
960 return -1;
961 }
962
963 if (get_crypt_ftr_info(&fname, NULL)) {
964 return -1;
965 }
966
Jeff Sharkeyce6a9132015-04-08 21:07:21 -0700967 fd = open(fname, O_RDWR|O_CLOEXEC);
Ken Sumrall160b4d62013-04-22 12:15:39 -0700968 if (fd < 0) {
969 SLOGE("Cannot open %s metadata file", fname);
970 return -1;
971 }
972
973 pdata = malloc(crypt_ftr.persist_data_size);
974 if (pdata == NULL) {
975 SLOGE("Cannot allocate persistant data");
976 goto err;
977 }
978
979 if (lseek64(fd, crypt_ftr.persist_data_offset[0], SEEK_SET) < 0) {
980 SLOGE("Cannot seek to read persistent data on %s", fname);
981 goto err2;
982 }
983
984 if (unix_read(fd, pdata, crypt_ftr.persist_data_size) < 0) {
985 SLOGE("Error reading persistent data before save");
986 goto err2;
987 }
988
989 if (pdata->persist_magic == PERSIST_DATA_MAGIC) {
990 /* The first copy is the curent valid copy, so write to
991 * the second copy and erase this one */
992 write_offset = crypt_ftr.persist_data_offset[1];
993 erase_offset = crypt_ftr.persist_data_offset[0];
994 } else {
995 /* The second copy must be the valid copy, so write to
996 * the first copy, and erase the second */
997 write_offset = crypt_ftr.persist_data_offset[0];
998 erase_offset = crypt_ftr.persist_data_offset[1];
999 }
1000
1001 /* Write the new copy first, if successful, then erase the old copy */
Björn Landström96dbee72015-01-20 12:43:56 +01001002 if (lseek64(fd, write_offset, SEEK_SET) < 0) {
Ken Sumrall160b4d62013-04-22 12:15:39 -07001003 SLOGE("Cannot seek to write persistent data");
1004 goto err2;
1005 }
1006 if (unix_write(fd, persist_data, crypt_ftr.persist_data_size) ==
1007 (int) crypt_ftr.persist_data_size) {
Björn Landström96dbee72015-01-20 12:43:56 +01001008 if (lseek64(fd, erase_offset, SEEK_SET) < 0) {
Ken Sumrall160b4d62013-04-22 12:15:39 -07001009 SLOGE("Cannot seek to erase previous persistent data");
1010 goto err2;
1011 }
1012 fsync(fd);
1013 memset(pdata, 0, crypt_ftr.persist_data_size);
1014 if (unix_write(fd, pdata, crypt_ftr.persist_data_size) !=
1015 (int) crypt_ftr.persist_data_size) {
1016 SLOGE("Cannot write to erase previous persistent data");
1017 goto err2;
1018 }
1019 fsync(fd);
1020 } else {
1021 SLOGE("Cannot write to save persistent data");
1022 goto err2;
1023 }
1024
1025 /* Success */
1026 free(pdata);
1027 close(fd);
1028 return 0;
1029
1030err2:
1031 free(pdata);
1032err:
1033 close(fd);
1034 return -1;
1035}
1036
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001037/* Convert a binary key of specified length into an ascii hex string equivalent,
1038 * without the leading 0x and with null termination
1039 */
Jeff Sharkey9c484982015-03-31 10:35:33 -07001040static void convert_key_to_hex_ascii(const unsigned char *master_key,
Paul Lawrence3bd36d52015-06-09 13:37:44 -07001041 unsigned int keysize, char *master_key_ascii) {
1042 unsigned int i, a;
1043 unsigned char nibble;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001044
Paul Lawrence3bd36d52015-06-09 13:37:44 -07001045 for (i=0, a=0; i<keysize; i++, a+=2) {
1046 /* For each byte, write out two ascii hex digits */
1047 nibble = (master_key[i] >> 4) & 0xf;
1048 master_key_ascii[a] = nibble + (nibble > 9 ? 0x37 : 0x30);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001049
Paul Lawrence3bd36d52015-06-09 13:37:44 -07001050 nibble = master_key[i] & 0xf;
1051 master_key_ascii[a+1] = nibble + (nibble > 9 ? 0x37 : 0x30);
1052 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001053
Paul Lawrence3bd36d52015-06-09 13:37:44 -07001054 /* Add the null termination */
1055 master_key_ascii[a] = '\0';
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001056
1057}
1058
Jeff Sharkey9c484982015-03-31 10:35:33 -07001059static int load_crypto_mapping_table(struct crypt_mnt_ftr *crypt_ftr,
1060 const unsigned char *master_key, const char *real_blk_name,
1061 const char *name, int fd, const char *extra_params) {
Dan Albertc07fa3f2014-12-18 10:00:55 -08001062 _Alignas(struct dm_ioctl) char buffer[DM_CRYPT_BUF_SIZE];
Ken Sumralldb5e0262013-02-05 17:39:48 -08001063 struct dm_ioctl *io;
1064 struct dm_target_spec *tgt;
1065 char *crypt_params;
1066 char master_key_ascii[129]; /* Large enough to hold 512 bit key and null */
1067 int i;
1068
1069 io = (struct dm_ioctl *) buffer;
1070
1071 /* Load the mapping table for this device */
1072 tgt = (struct dm_target_spec *) &buffer[sizeof(struct dm_ioctl)];
1073
1074 ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
1075 io->target_count = 1;
1076 tgt->status = 0;
1077 tgt->sector_start = 0;
1078 tgt->length = crypt_ftr->fs_size;
Ajay Dudani87701e22014-09-17 21:02:52 -07001079#ifdef CONFIG_HW_DISK_ENCRYPTION
Iliyan Malchevbb7d9af2014-11-20 18:42:23 -08001080 if (!strcmp((char *)crypt_ftr->crypto_type_name, "aes-xts")) {
1081 strlcpy(tgt->target_type, "req-crypt", DM_MAX_TYPE_NAME);
1082 }
1083 else {
1084 strlcpy(tgt->target_type, "crypt", DM_MAX_TYPE_NAME);
1085 }
Ajay Dudani87701e22014-09-17 21:02:52 -07001086#else
1087 strlcpy(tgt->target_type, "crypt", DM_MAX_TYPE_NAME);
1088#endif
Ken Sumralldb5e0262013-02-05 17:39:48 -08001089
1090 crypt_params = buffer + sizeof(struct dm_ioctl) + sizeof(struct dm_target_spec);
1091 convert_key_to_hex_ascii(master_key, crypt_ftr->keysize, master_key_ascii);
1092 sprintf(crypt_params, "%s %s 0 %s 0 %s", crypt_ftr->crypto_type_name,
1093 master_key_ascii, real_blk_name, extra_params);
1094 crypt_params += strlen(crypt_params) + 1;
1095 crypt_params = (char *) (((unsigned long)crypt_params + 7) & ~8); /* Align to an 8 byte boundary */
1096 tgt->next = crypt_params - buffer;
1097
1098 for (i = 0; i < TABLE_LOAD_RETRIES; i++) {
1099 if (! ioctl(fd, DM_TABLE_LOAD, io)) {
1100 break;
1101 }
1102 usleep(500000);
1103 }
1104
1105 if (i == TABLE_LOAD_RETRIES) {
1106 /* We failed to load the table, return an error */
1107 return -1;
1108 } else {
1109 return i + 1;
1110 }
1111}
1112
1113
1114static int get_dm_crypt_version(int fd, const char *name, int *version)
1115{
1116 char buffer[DM_CRYPT_BUF_SIZE];
1117 struct dm_ioctl *io;
1118 struct dm_target_versions *v;
Ken Sumralldb5e0262013-02-05 17:39:48 -08001119
1120 io = (struct dm_ioctl *) buffer;
1121
1122 ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
1123
1124 if (ioctl(fd, DM_LIST_VERSIONS, io)) {
1125 return -1;
1126 }
1127
1128 /* Iterate over the returned versions, looking for name of "crypt".
1129 * When found, get and return the version.
1130 */
1131 v = (struct dm_target_versions *) &buffer[sizeof(struct dm_ioctl)];
1132 while (v->next) {
Ajay Dudani87701e22014-09-17 21:02:52 -07001133#ifdef CONFIG_HW_DISK_ENCRYPTION
Iliyan Malchevbb7d9af2014-11-20 18:42:23 -08001134 if (! strcmp(v->name, "crypt") || ! strcmp(v->name, "req-crypt")) {
Ajay Dudani87701e22014-09-17 21:02:52 -07001135#else
Ken Sumralldb5e0262013-02-05 17:39:48 -08001136 if (! strcmp(v->name, "crypt")) {
Ajay Dudani87701e22014-09-17 21:02:52 -07001137#endif
Ken Sumralldb5e0262013-02-05 17:39:48 -08001138 /* We found the crypt driver, return the version, and get out */
1139 version[0] = v->version[0];
1140 version[1] = v->version[1];
1141 version[2] = v->version[2];
1142 return 0;
1143 }
1144 v = (struct dm_target_versions *)(((char *)v) + v->next);
1145 }
1146
1147 return -1;
1148}
1149
Jeff Sharkey9c484982015-03-31 10:35:33 -07001150static int create_crypto_blk_dev(struct crypt_mnt_ftr *crypt_ftr,
1151 const unsigned char *master_key, const char *real_blk_name,
1152 char *crypto_blk_name, const char *name) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001153 char buffer[DM_CRYPT_BUF_SIZE];
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001154 struct dm_ioctl *io;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001155 unsigned int minor;
Ajay Dudani87701e22014-09-17 21:02:52 -07001156 int fd=0;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001157 int retval = -1;
Ken Sumralldb5e0262013-02-05 17:39:48 -08001158 int version[3];
1159 char *extra_params;
1160 int load_count;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001161
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07001162 if ((fd = open("/dev/device-mapper", O_RDWR|O_CLOEXEC)) < 0 ) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001163 SLOGE("Cannot open device-mapper\n");
1164 goto errout;
1165 }
1166
1167 io = (struct dm_ioctl *) buffer;
1168
1169 ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
1170 if (ioctl(fd, DM_DEV_CREATE, io)) {
1171 SLOGE("Cannot create dm-crypt device\n");
1172 goto errout;
1173 }
1174
1175 /* Get the device status, in particular, the name of it's device file */
1176 ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
1177 if (ioctl(fd, DM_DEV_STATUS, io)) {
1178 SLOGE("Cannot retrieve dm-crypt device status\n");
1179 goto errout;
1180 }
1181 minor = (io->dev & 0xff) | ((io->dev >> 12) & 0xfff00);
1182 snprintf(crypto_blk_name, MAXPATHLEN, "/dev/block/dm-%u", minor);
1183
Ken Sumralldb5e0262013-02-05 17:39:48 -08001184 extra_params = "";
1185 if (! get_dm_crypt_version(fd, name, version)) {
1186 /* Support for allow_discards was added in version 1.11.0 */
1187 if ((version[0] >= 2) ||
1188 ((version[0] == 1) && (version[1] >= 11))) {
1189 extra_params = "1 allow_discards";
1190 SLOGI("Enabling support for allow_discards in dmcrypt.\n");
1191 }
Ken Sumralle919efe2012-09-29 17:07:41 -07001192 }
1193
Ken Sumralldb5e0262013-02-05 17:39:48 -08001194 load_count = load_crypto_mapping_table(crypt_ftr, master_key, real_blk_name, name,
1195 fd, extra_params);
1196 if (load_count < 0) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001197 SLOGE("Cannot load dm-crypt mapping table.\n");
1198 goto errout;
Ken Sumralldb5e0262013-02-05 17:39:48 -08001199 } else if (load_count > 1) {
1200 SLOGI("Took %d tries to load dmcrypt table.\n", load_count);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001201 }
1202
1203 /* Resume this device to activate it */
Ken Sumralldb5e0262013-02-05 17:39:48 -08001204 ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001205
1206 if (ioctl(fd, DM_DEV_SUSPEND, io)) {
1207 SLOGE("Cannot resume the dm-crypt device\n");
1208 goto errout;
1209 }
1210
1211 /* We made it here with no errors. Woot! */
1212 retval = 0;
1213
1214errout:
1215 close(fd); /* If fd is <0 from a failed open call, it's safe to just ignore the close error */
1216
1217 return retval;
1218}
1219
Ken Sumrall29d8da82011-05-18 17:20:07 -07001220static int delete_crypto_blk_dev(char *name)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001221{
1222 int fd;
1223 char buffer[DM_CRYPT_BUF_SIZE];
1224 struct dm_ioctl *io;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001225 int retval = -1;
1226
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07001227 if ((fd = open("/dev/device-mapper", O_RDWR|O_CLOEXEC)) < 0 ) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001228 SLOGE("Cannot open device-mapper\n");
1229 goto errout;
1230 }
1231
1232 io = (struct dm_ioctl *) buffer;
1233
1234 ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
1235 if (ioctl(fd, DM_DEV_REMOVE, io)) {
1236 SLOGE("Cannot remove dm-crypt device\n");
1237 goto errout;
1238 }
1239
1240 /* We made it here with no errors. Woot! */
1241 retval = 0;
1242
1243errout:
1244 close(fd); /* If fd is <0 from a failed open call, it's safe to just ignore the close error */
1245
1246 return retval;
1247
1248}
1249
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001250static int pbkdf2(const char *passwd, const unsigned char *salt,
Paul Lawrencef4faa572014-01-29 13:31:03 -08001251 unsigned char *ikey, void *params UNUSED)
1252{
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001253 SLOGI("Using pbkdf2 for cryptfs KDF");
1254
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001255 /* Turn the password into a key and IV that can decrypt the master key */
Paul Lawrence3bd36d52015-06-09 13:37:44 -07001256 PKCS5_PBKDF2_HMAC_SHA1(passwd, strlen(passwd),
1257 salt, SALT_LEN,
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001258 HASH_COUNT, KEY_LEN_BYTES+IV_LEN_BYTES, ikey);
Paul Lawrencef4faa572014-01-29 13:31:03 -08001259
Paul Lawrencef4faa572014-01-29 13:31:03 -08001260 return 0;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001261}
1262
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001263static int scrypt(const char *passwd, const unsigned char *salt,
Paul Lawrencef4faa572014-01-29 13:31:03 -08001264 unsigned char *ikey, void *params)
1265{
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001266 SLOGI("Using scrypt for cryptfs KDF");
1267
Kenny Rootc4c70f12013-06-14 12:11:38 -07001268 struct crypt_mnt_ftr *ftr = (struct crypt_mnt_ftr *) params;
1269
1270 int N = 1 << ftr->N_factor;
1271 int r = 1 << ftr->r_factor;
1272 int p = 1 << ftr->p_factor;
1273
1274 /* Turn the password into a key and IV that can decrypt the master key */
Paul Lawrencef4faa572014-01-29 13:31:03 -08001275 unsigned int keysize;
Paul Lawrence3bd36d52015-06-09 13:37:44 -07001276 crypto_scrypt((const uint8_t*)passwd, strlen(passwd),
1277 salt, SALT_LEN, N, r, p, ikey,
1278 KEY_LEN_BYTES + IV_LEN_BYTES);
Paul Lawrencef4faa572014-01-29 13:31:03 -08001279
Paul Lawrence3bd36d52015-06-09 13:37:44 -07001280 return 0;
Kenny Rootc4c70f12013-06-14 12:11:38 -07001281}
1282
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001283static int scrypt_keymaster(const char *passwd, const unsigned char *salt,
1284 unsigned char *ikey, void *params)
1285{
1286 SLOGI("Using scrypt with keymaster for cryptfs KDF");
1287
1288 int rc;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001289 size_t signature_size;
1290 unsigned char* signature;
1291 struct crypt_mnt_ftr *ftr = (struct crypt_mnt_ftr *) params;
1292
1293 int N = 1 << ftr->N_factor;
1294 int r = 1 << ftr->r_factor;
1295 int p = 1 << ftr->p_factor;
1296
Paul Lawrence3bd36d52015-06-09 13:37:44 -07001297 rc = crypto_scrypt((const uint8_t*)passwd, strlen(passwd),
1298 salt, SALT_LEN, N, r, p, ikey,
1299 KEY_LEN_BYTES + IV_LEN_BYTES);
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001300
1301 if (rc) {
1302 SLOGE("scrypt failed");
1303 return -1;
1304 }
1305
Shawn Willdene17a9c42014-09-08 13:04:08 -06001306 if (keymaster_sign_object(ftr, ikey, KEY_LEN_BYTES + IV_LEN_BYTES,
1307 &signature, &signature_size)) {
1308 SLOGE("Signing failed");
1309 return -1;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001310 }
1311
1312 rc = crypto_scrypt(signature, signature_size, salt, SALT_LEN,
1313 N, r, p, ikey, KEY_LEN_BYTES + IV_LEN_BYTES);
1314 free(signature);
1315
1316 if (rc) {
1317 SLOGE("scrypt failed");
1318 return -1;
1319 }
1320
1321 return 0;
1322}
1323
1324static int encrypt_master_key(const char *passwd, const unsigned char *salt,
1325 const unsigned char *decrypted_master_key,
Kenny Rootc4c70f12013-06-14 12:11:38 -07001326 unsigned char *encrypted_master_key,
1327 struct crypt_mnt_ftr *crypt_ftr)
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001328{
1329 unsigned char ikey[32+32] = { 0 }; /* Big enough to hold a 256 bit key and 256 bit IV */
1330 EVP_CIPHER_CTX e_ctx;
1331 int encrypted_len, final_len;
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001332 int rc = 0;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001333
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001334 /* Turn the password into an intermediate key and IV that can decrypt the master key */
Kenny Rootc4c70f12013-06-14 12:11:38 -07001335 get_device_scrypt_params(crypt_ftr);
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001336
1337 switch (crypt_ftr->kdf_type) {
1338 case KDF_SCRYPT_KEYMASTER:
1339 if (keymaster_create_key(crypt_ftr)) {
1340 SLOGE("keymaster_create_key failed");
1341 return -1;
1342 }
1343
1344 if (scrypt_keymaster(passwd, salt, ikey, crypt_ftr)) {
1345 SLOGE("scrypt failed");
1346 return -1;
1347 }
1348 break;
1349
1350 case KDF_SCRYPT:
1351 if (scrypt(passwd, salt, ikey, crypt_ftr)) {
1352 SLOGE("scrypt failed");
1353 return -1;
1354 }
1355 break;
1356
1357 default:
1358 SLOGE("Invalid kdf_type");
Paul Lawrencef4faa572014-01-29 13:31:03 -08001359 return -1;
1360 }
Kenny Rootc4c70f12013-06-14 12:11:38 -07001361
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001362 /* Initialize the decryption engine */
Adam Langley889c4f12014-09-03 14:23:13 -07001363 EVP_CIPHER_CTX_init(&e_ctx);
1364 if (! EVP_EncryptInit_ex(&e_ctx, EVP_aes_128_cbc(), NULL, ikey, ikey+KEY_LEN_BYTES)) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001365 SLOGE("EVP_EncryptInit failed\n");
1366 return -1;
1367 }
1368 EVP_CIPHER_CTX_set_padding(&e_ctx, 0); /* Turn off padding as our data is block aligned */
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001369
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001370 /* Encrypt the master key */
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001371 if (! EVP_EncryptUpdate(&e_ctx, encrypted_master_key, &encrypted_len,
Paul Lawrence731a7a22015-04-28 22:14:15 +00001372 decrypted_master_key, KEY_LEN_BYTES)) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001373 SLOGE("EVP_EncryptUpdate failed\n");
1374 return -1;
1375 }
Adam Langley889c4f12014-09-03 14:23:13 -07001376 if (! EVP_EncryptFinal_ex(&e_ctx, encrypted_master_key + encrypted_len, &final_len)) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001377 SLOGE("EVP_EncryptFinal failed\n");
1378 return -1;
1379 }
1380
1381 if (encrypted_len + final_len != KEY_LEN_BYTES) {
1382 SLOGE("EVP_Encryption length check failed with %d, %d bytes\n", encrypted_len, final_len);
1383 return -1;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001384 }
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001385
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001386 /* Store the scrypt of the intermediate key, so we can validate if it's a
1387 password error or mount error when things go wrong.
1388 Note there's no need to check for errors, since if this is incorrect, we
1389 simply won't wipe userdata, which is the correct default behavior
1390 */
1391 int N = 1 << crypt_ftr->N_factor;
1392 int r = 1 << crypt_ftr->r_factor;
1393 int p = 1 << crypt_ftr->p_factor;
1394
1395 rc = crypto_scrypt(ikey, KEY_LEN_BYTES,
1396 crypt_ftr->salt, sizeof(crypt_ftr->salt), N, r, p,
1397 crypt_ftr->scrypted_intermediate_key,
1398 sizeof(crypt_ftr->scrypted_intermediate_key));
1399
1400 if (rc) {
1401 SLOGE("encrypt_master_key: crypto_scrypt failed");
1402 }
1403
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001404 return 0;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001405}
1406
Paul Lawrence731a7a22015-04-28 22:14:15 +00001407static int decrypt_master_key_aux(const char *passwd, unsigned char *salt,
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001408 unsigned char *encrypted_master_key,
1409 unsigned char *decrypted_master_key,
1410 kdf_func kdf, void *kdf_params,
1411 unsigned char** intermediate_key,
1412 size_t* intermediate_key_size)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001413{
1414 unsigned char ikey[32+32] = { 0 }; /* Big enough to hold a 256 bit key and 256 bit IV */
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001415 EVP_CIPHER_CTX d_ctx;
1416 int decrypted_len, final_len;
1417
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001418 /* Turn the password into an intermediate key and IV that can decrypt the
1419 master key */
Paul Lawrencef4faa572014-01-29 13:31:03 -08001420 if (kdf(passwd, salt, ikey, kdf_params)) {
1421 SLOGE("kdf failed");
1422 return -1;
1423 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001424
1425 /* Initialize the decryption engine */
Adam Langley889c4f12014-09-03 14:23:13 -07001426 EVP_CIPHER_CTX_init(&d_ctx);
1427 if (! EVP_DecryptInit_ex(&d_ctx, EVP_aes_128_cbc(), NULL, ikey, ikey+KEY_LEN_BYTES)) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001428 return -1;
1429 }
1430 EVP_CIPHER_CTX_set_padding(&d_ctx, 0); /* Turn off padding as our data is block aligned */
1431 /* Decrypt the master key */
1432 if (! EVP_DecryptUpdate(&d_ctx, decrypted_master_key, &decrypted_len,
1433 encrypted_master_key, KEY_LEN_BYTES)) {
1434 return -1;
1435 }
Adam Langley889c4f12014-09-03 14:23:13 -07001436 if (! EVP_DecryptFinal_ex(&d_ctx, decrypted_master_key + decrypted_len, &final_len)) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001437 return -1;
1438 }
1439
1440 if (decrypted_len + final_len != KEY_LEN_BYTES) {
1441 return -1;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001442 }
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001443
1444 /* Copy intermediate key if needed by params */
1445 if (intermediate_key && intermediate_key_size) {
1446 *intermediate_key = (unsigned char*) malloc(KEY_LEN_BYTES);
1447 if (intermediate_key) {
1448 memcpy(*intermediate_key, ikey, KEY_LEN_BYTES);
1449 *intermediate_key_size = KEY_LEN_BYTES;
1450 }
1451 }
1452
1453 return 0;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001454}
1455
Kenny Rootc4c70f12013-06-14 12:11:38 -07001456static void get_kdf_func(struct crypt_mnt_ftr *ftr, kdf_func *kdf, void** kdf_params)
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001457{
Paul Lawrencedb3730c2015-02-03 13:08:10 -08001458 if (ftr->kdf_type == KDF_SCRYPT_KEYMASTER) {
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001459 *kdf = scrypt_keymaster;
1460 *kdf_params = ftr;
1461 } else if (ftr->kdf_type == KDF_SCRYPT) {
Kenny Rootc4c70f12013-06-14 12:11:38 -07001462 *kdf = scrypt;
1463 *kdf_params = ftr;
1464 } else {
1465 *kdf = pbkdf2;
1466 *kdf_params = NULL;
1467 }
1468}
1469
Paul Lawrence731a7a22015-04-28 22:14:15 +00001470static int decrypt_master_key(const char *passwd, unsigned char *decrypted_master_key,
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001471 struct crypt_mnt_ftr *crypt_ftr,
1472 unsigned char** intermediate_key,
1473 size_t* intermediate_key_size)
Kenny Rootc4c70f12013-06-14 12:11:38 -07001474{
1475 kdf_func kdf;
1476 void *kdf_params;
1477 int ret;
1478
1479 get_kdf_func(crypt_ftr, &kdf, &kdf_params);
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001480 ret = decrypt_master_key_aux(passwd, crypt_ftr->salt, crypt_ftr->master_key,
1481 decrypted_master_key, kdf, kdf_params,
1482 intermediate_key, intermediate_key_size);
Kenny Rootc4c70f12013-06-14 12:11:38 -07001483 if (ret != 0) {
1484 SLOGW("failure decrypting master key");
Kenny Rootc4c70f12013-06-14 12:11:38 -07001485 }
1486
1487 return ret;
1488}
1489
1490static int create_encrypted_random_key(char *passwd, unsigned char *master_key, unsigned char *salt,
1491 struct crypt_mnt_ftr *crypt_ftr) {
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001492 int fd;
Ken Sumralle8744072011-01-18 22:01:55 -08001493 unsigned char key_buf[KEY_LEN_BYTES];
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001494
1495 /* Get some random bits for a key */
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07001496 fd = open("/dev/urandom", O_RDONLY|O_CLOEXEC);
Ken Sumralle8744072011-01-18 22:01:55 -08001497 read(fd, key_buf, sizeof(key_buf));
1498 read(fd, salt, SALT_LEN);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001499 close(fd);
1500
1501 /* Now encrypt it with the password */
Kenny Rootc4c70f12013-06-14 12:11:38 -07001502 return encrypt_master_key(passwd, salt, key_buf, master_key, crypt_ftr);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001503}
1504
Paul Lawrence2f32cda2015-05-05 14:28:25 -07001505int wait_and_unmount(const char *mountpoint, bool kill)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001506{
Greg Hackmann955653e2014-09-24 14:55:20 -07001507 int i, err, rc;
Ken Sumrall2eaf7132011-01-14 12:45:48 -08001508#define WAIT_UNMOUNT_COUNT 20
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001509
1510 /* Now umount the tmpfs filesystem */
1511 for (i=0; i<WAIT_UNMOUNT_COUNT; i++) {
Greg Hackmann6e8440f2014-10-02 17:18:20 -07001512 if (umount(mountpoint) == 0) {
1513 break;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001514 }
Greg Hackmann6e8440f2014-10-02 17:18:20 -07001515
1516 if (errno == EINVAL) {
1517 /* EINVAL is returned if the directory is not a mountpoint,
1518 * i.e. there is no filesystem mounted there. So just get out.
1519 */
1520 break;
1521 }
1522
1523 err = errno;
1524
1525 /* If allowed, be increasingly aggressive before the last two retries */
1526 if (kill) {
1527 if (i == (WAIT_UNMOUNT_COUNT - 3)) {
1528 SLOGW("sending SIGHUP to processes with open files\n");
Jeff Sharkey36801cc2015-03-13 16:09:20 -07001529 vold_killProcessesWithOpenFiles(mountpoint, SIGTERM);
Greg Hackmann6e8440f2014-10-02 17:18:20 -07001530 } else if (i == (WAIT_UNMOUNT_COUNT - 2)) {
1531 SLOGW("sending SIGKILL to processes with open files\n");
Jeff Sharkey36801cc2015-03-13 16:09:20 -07001532 vold_killProcessesWithOpenFiles(mountpoint, SIGKILL);
Greg Hackmann6e8440f2014-10-02 17:18:20 -07001533 }
1534 }
1535
1536 sleep(1);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001537 }
1538
1539 if (i < WAIT_UNMOUNT_COUNT) {
1540 SLOGD("unmounting %s succeeded\n", mountpoint);
1541 rc = 0;
1542 } else {
jessica_yu3f14fe42014-09-22 15:57:40 +08001543 vold_killProcessesWithOpenFiles(mountpoint, 0);
Greg Hackmann955653e2014-09-24 14:55:20 -07001544 SLOGE("unmounting %s failed: %s\n", mountpoint, strerror(err));
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001545 rc = -1;
1546 }
1547
1548 return rc;
1549}
1550
Paul Lawrenceb1ef4662015-06-11 11:15:29 -07001551#define DATA_PREP_TIMEOUT 1000
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001552static int prep_data_fs(void)
1553{
1554 int i;
1555
1556 /* Do the prep of the /data filesystem */
1557 property_set("vold.post_fs_data_done", "0");
1558 property_set("vold.decrypt", "trigger_post_fs_data");
1559 SLOGD("Just triggered post_fs_data\n");
1560
Ken Sumrallc5872692013-05-14 15:26:31 -07001561 /* Wait a max of 50 seconds, hopefully it takes much less */
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001562 for (i=0; i<DATA_PREP_TIMEOUT; i++) {
Ken Sumrall29d8da82011-05-18 17:20:07 -07001563 char p[PROPERTY_VALUE_MAX];
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001564
1565 property_get("vold.post_fs_data_done", p, "0");
1566 if (*p == '1') {
1567 break;
1568 } else {
Paul Lawrenceb1ef4662015-06-11 11:15:29 -07001569 usleep(50000);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001570 }
1571 }
1572 if (i == DATA_PREP_TIMEOUT) {
1573 /* Ugh, we failed to prep /data in time. Bail. */
Ken Sumrallc5872692013-05-14 15:26:31 -07001574 SLOGE("post_fs_data timed out!\n");
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001575 return -1;
1576 } else {
1577 SLOGD("post_fs_data done\n");
1578 return 0;
1579 }
1580}
1581
Paul Lawrence74f29f12014-08-28 15:54:10 -07001582static void cryptfs_set_corrupt()
1583{
1584 // Mark the footer as bad
1585 struct crypt_mnt_ftr crypt_ftr;
1586 if (get_crypt_ftr_and_key(&crypt_ftr)) {
1587 SLOGE("Failed to get crypto footer - panic");
1588 return;
1589 }
1590
1591 crypt_ftr.flags |= CRYPT_DATA_CORRUPT;
1592 if (put_crypt_ftr_and_key(&crypt_ftr)) {
1593 SLOGE("Failed to set crypto footer - panic");
1594 return;
1595 }
1596}
1597
1598static void cryptfs_trigger_restart_min_framework()
1599{
1600 if (fs_mgr_do_tmpfs_mount(DATA_MNT_POINT)) {
1601 SLOGE("Failed to mount tmpfs on data - panic");
1602 return;
1603 }
1604
1605 if (property_set("vold.decrypt", "trigger_post_fs_data")) {
1606 SLOGE("Failed to trigger post fs data - panic");
1607 return;
1608 }
1609
1610 if (property_set("vold.decrypt", "trigger_restart_min_framework")) {
1611 SLOGE("Failed to trigger restart min framework - panic");
1612 return;
1613 }
1614}
1615
Paul Lawrence8e3f4512014-09-08 10:11:17 -07001616/* returns < 0 on failure */
Paul Lawrencef4faa572014-01-29 13:31:03 -08001617static int cryptfs_restart_internal(int restart_main)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001618{
Ken Sumrall6864b7e2011-01-14 15:20:02 -08001619 char crypto_blkdev[MAXPATHLEN];
Tim Murray8439dc92014-12-15 11:56:11 -08001620 int rc = -1;
Ken Sumrall0cc16632011-01-18 20:32:26 -08001621 static int restart_successful = 0;
1622
1623 /* Validate that it's OK to call this routine */
Jason parks70a4b3f2011-01-28 10:10:47 -06001624 if (! master_key_saved) {
Ken Sumrall0cc16632011-01-18 20:32:26 -08001625 SLOGE("Encrypted filesystem not validated, aborting");
1626 return -1;
1627 }
1628
1629 if (restart_successful) {
1630 SLOGE("System already restarted with encrypted disk, aborting");
1631 return -1;
1632 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001633
Paul Lawrencef4faa572014-01-29 13:31:03 -08001634 if (restart_main) {
1635 /* Here is where we shut down the framework. The init scripts
1636 * start all services in one of three classes: core, main or late_start.
1637 * On boot, we start core and main. Now, we stop main, but not core,
1638 * as core includes vold and a few other really important things that
1639 * we need to keep running. Once main has stopped, we should be able
1640 * to umount the tmpfs /data, then mount the encrypted /data.
1641 * We then restart the class main, and also the class late_start.
1642 * At the moment, I've only put a few things in late_start that I know
1643 * are not needed to bring up the framework, and that also cause problems
1644 * with unmounting the tmpfs /data, but I hope to add add more services
1645 * to the late_start class as we optimize this to decrease the delay
1646 * till the user is asked for the password to the filesystem.
1647 */
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001648
Paul Lawrencef4faa572014-01-29 13:31:03 -08001649 /* The init files are setup to stop the class main when vold.decrypt is
1650 * set to trigger_reset_main.
1651 */
1652 property_set("vold.decrypt", "trigger_reset_main");
1653 SLOGD("Just asked init to shut down class main\n");
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001654
Paul Lawrencef4faa572014-01-29 13:31:03 -08001655 /* Ugh, shutting down the framework is not synchronous, so until it
1656 * can be fixed, this horrible hack will wait a moment for it all to
1657 * shut down before proceeding. Without it, some devices cannot
1658 * restart the graphics services.
1659 */
1660 sleep(2);
1661 }
Ken Sumrall9dedfd42012-10-09 14:16:59 -07001662
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001663 /* Now that the framework is shutdown, we should be able to umount()
1664 * the tmpfs filesystem, and mount the real one.
1665 */
1666
Ken Sumrall6864b7e2011-01-14 15:20:02 -08001667 property_get("ro.crypto.fs_crypto_blkdev", crypto_blkdev, "");
1668 if (strlen(crypto_blkdev) == 0) {
1669 SLOGE("fs_crypto_blkdev not set\n");
1670 return -1;
1671 }
1672
Greg Hackmann6e8440f2014-10-02 17:18:20 -07001673 if (! (rc = wait_and_unmount(DATA_MNT_POINT, true)) ) {
Doug Zongker6fd57712013-12-17 09:43:23 -08001674 /* If ro.crypto.readonly is set to 1, mount the decrypted
1675 * filesystem readonly. This is used when /data is mounted by
1676 * recovery mode.
1677 */
1678 char ro_prop[PROPERTY_VALUE_MAX];
1679 property_get("ro.crypto.readonly", ro_prop, "");
1680 if (strlen(ro_prop) > 0 && atoi(ro_prop)) {
1681 struct fstab_rec* rec = fs_mgr_get_entry_for_mount_point(fstab, DATA_MNT_POINT);
1682 rec->flags |= MS_RDONLY;
1683 }
JP Abgrall62c7af32014-06-16 13:01:23 -07001684
Ken Sumralle5032c42012-04-01 23:58:44 -07001685 /* If that succeeded, then mount the decrypted filesystem */
Paul Lawrence8e3f4512014-09-08 10:11:17 -07001686 int retries = RETRY_MOUNT_ATTEMPTS;
1687 int mount_rc;
1688 while ((mount_rc = fs_mgr_do_mount(fstab, DATA_MNT_POINT,
1689 crypto_blkdev, 0))
1690 != 0) {
1691 if (mount_rc == FS_MGR_DOMNT_BUSY) {
1692 /* TODO: invoke something similar to
1693 Process::killProcessWithOpenFiles(DATA_MNT_POINT,
1694 retries > RETRY_MOUNT_ATTEMPT/2 ? 1 : 2 ) */
1695 SLOGI("Failed to mount %s because it is busy - waiting",
1696 crypto_blkdev);
1697 if (--retries) {
1698 sleep(RETRY_MOUNT_DELAY_SECONDS);
1699 } else {
1700 /* Let's hope that a reboot clears away whatever is keeping
1701 the mount busy */
1702 cryptfs_reboot(reboot);
1703 }
1704 } else {
1705 SLOGE("Failed to mount decrypted data");
1706 cryptfs_set_corrupt();
1707 cryptfs_trigger_restart_min_framework();
1708 SLOGI("Started framework to offer wipe");
1709 return -1;
1710 }
Paul Lawrence74f29f12014-08-28 15:54:10 -07001711 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001712
Ken Sumralle5032c42012-04-01 23:58:44 -07001713 property_set("vold.decrypt", "trigger_load_persist_props");
1714 /* Create necessary paths on /data */
1715 if (prep_data_fs()) {
1716 return -1;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001717 }
Ken Sumralle5032c42012-04-01 23:58:44 -07001718
1719 /* startup service classes main and late_start */
1720 property_set("vold.decrypt", "trigger_restart_framework");
1721 SLOGD("Just triggered restart_framework\n");
1722
1723 /* Give it a few moments to get started */
1724 sleep(1);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001725 }
1726
Ken Sumrall0cc16632011-01-18 20:32:26 -08001727 if (rc == 0) {
1728 restart_successful = 1;
1729 }
1730
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001731 return rc;
1732}
1733
Paul Lawrencef4faa572014-01-29 13:31:03 -08001734int cryptfs_restart(void)
1735{
Paul Lawrence05335c32015-03-05 09:46:23 -08001736 SLOGI("cryptfs_restart");
1737 if (e4crypt_crypto_complete(DATA_MNT_POINT) == 0) {
1738 struct fstab_rec* rec;
1739 int rc;
1740
1741 if (e4crypt_restart(DATA_MNT_POINT)) {
1742 SLOGE("Can't unmount e4crypt temp volume\n");
1743 return -1;
1744 }
1745
1746 rec = fs_mgr_get_entry_for_mount_point(fstab, DATA_MNT_POINT);
1747 if (!rec) {
1748 SLOGE("Can't get fstab record for %s\n", DATA_MNT_POINT);
1749 return -1;
1750 }
1751
1752 rc = fs_mgr_do_mount(fstab, DATA_MNT_POINT, rec->blk_device, 0);
1753 if (rc) {
1754 SLOGE("Can't mount %s\n", DATA_MNT_POINT);
1755 return rc;
1756 }
1757
1758 property_set("vold.decrypt", "trigger_restart_framework");
1759 return 0;
1760 }
1761
Paul Lawrencef4faa572014-01-29 13:31:03 -08001762 /* Call internal implementation forcing a restart of main service group */
1763 return cryptfs_restart_internal(1);
1764}
1765
Paul Lawrence05335c32015-03-05 09:46:23 -08001766static int do_crypto_complete(char *mount_point)
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08001767{
1768 struct crypt_mnt_ftr crypt_ftr;
Ken Sumrall29d8da82011-05-18 17:20:07 -07001769 char encrypted_state[PROPERTY_VALUE_MAX];
Ken Sumralle1a45852011-12-14 21:24:27 -08001770 char key_loc[PROPERTY_VALUE_MAX];
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08001771
1772 property_get("ro.crypto.state", encrypted_state, "");
1773 if (strcmp(encrypted_state, "encrypted") ) {
1774 SLOGE("not running with encryption, aborting");
Paul Lawrence74f29f12014-08-28 15:54:10 -07001775 return CRYPTO_COMPLETE_NOT_ENCRYPTED;
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08001776 }
1777
Paul Lawrence05335c32015-03-05 09:46:23 -08001778 if (e4crypt_crypto_complete(mount_point) == 0) {
1779 return CRYPTO_COMPLETE_ENCRYPTED;
1780 }
1781
Ken Sumrall160b4d62013-04-22 12:15:39 -07001782 if (get_crypt_ftr_and_key(&crypt_ftr)) {
Ken Sumrall56ad03c2013-02-13 13:00:19 -08001783 fs_mgr_get_crypt_info(fstab, key_loc, 0, sizeof(key_loc));
Ken Sumralle5032c42012-04-01 23:58:44 -07001784
Ken Sumralle1a45852011-12-14 21:24:27 -08001785 /*
1786 * Only report this error if key_loc is a file and it exists.
1787 * If the device was never encrypted, and /data is not mountable for
1788 * some reason, returning 1 should prevent the UI from presenting the
1789 * a "enter password" screen, or worse, a "press button to wipe the
1790 * device" screen.
1791 */
1792 if ((key_loc[0] == '/') && (access("key_loc", F_OK) == -1)) {
1793 SLOGE("master key file does not exist, aborting");
Paul Lawrence74f29f12014-08-28 15:54:10 -07001794 return CRYPTO_COMPLETE_NOT_ENCRYPTED;
Ken Sumralle1a45852011-12-14 21:24:27 -08001795 } else {
1796 SLOGE("Error getting crypt footer and key\n");
Paul Lawrence74f29f12014-08-28 15:54:10 -07001797 return CRYPTO_COMPLETE_BAD_METADATA;
Ken Sumralle1a45852011-12-14 21:24:27 -08001798 }
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08001799 }
1800
Paul Lawrence74f29f12014-08-28 15:54:10 -07001801 // Test for possible error flags
1802 if (crypt_ftr.flags & CRYPT_ENCRYPTION_IN_PROGRESS){
1803 SLOGE("Encryption process is partway completed\n");
1804 return CRYPTO_COMPLETE_PARTIAL;
1805 }
1806
1807 if (crypt_ftr.flags & CRYPT_INCONSISTENT_STATE){
1808 SLOGE("Encryption process was interrupted but cannot continue\n");
1809 return CRYPTO_COMPLETE_INCONSISTENT;
1810 }
1811
1812 if (crypt_ftr.flags & CRYPT_DATA_CORRUPT){
1813 SLOGE("Encryption is successful but data is corrupt\n");
1814 return CRYPTO_COMPLETE_CORRUPT;
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08001815 }
1816
1817 /* We passed the test! We shall diminish, and return to the west */
Paul Lawrence74f29f12014-08-28 15:54:10 -07001818 return CRYPTO_COMPLETE_ENCRYPTED;
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08001819}
1820
Paul Lawrencef4faa572014-01-29 13:31:03 -08001821static int test_mount_encrypted_fs(struct crypt_mnt_ftr* crypt_ftr,
1822 char *passwd, char *mount_point, char *label)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001823{
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001824 /* Allocate enough space for a 256 bit key, but we may use less */
Ken Sumrall160b4d62013-04-22 12:15:39 -07001825 unsigned char decrypted_master_key[32];
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001826 char crypto_blkdev[MAXPATHLEN];
1827 char real_blkdev[MAXPATHLEN];
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001828 char tmp_mount_point[64];
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001829 unsigned int orig_failed_decrypt_count;
1830 int rc;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001831 int use_keymaster = 0;
1832 int upgrade = 0;
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001833 unsigned char* intermediate_key = 0;
1834 size_t intermediate_key_size = 0;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001835
Paul Lawrencef4faa572014-01-29 13:31:03 -08001836 SLOGD("crypt_ftr->fs_size = %lld\n", crypt_ftr->fs_size);
1837 orig_failed_decrypt_count = crypt_ftr->failed_decrypt_count;
Ken Sumrall0cc16632011-01-18 20:32:26 -08001838
Paul Lawrencef4faa572014-01-29 13:31:03 -08001839 if (! (crypt_ftr->flags & CRYPT_MNT_KEY_UNENCRYPTED) ) {
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001840 if (decrypt_master_key(passwd, decrypted_master_key, crypt_ftr,
1841 &intermediate_key, &intermediate_key_size)) {
JP Abgrall7bdfa522013-11-15 13:42:56 -08001842 SLOGE("Failed to decrypt master key\n");
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001843 rc = -1;
1844 goto errout;
JP Abgrall7bdfa522013-11-15 13:42:56 -08001845 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001846 }
1847
Paul Lawrencef4faa572014-01-29 13:31:03 -08001848 fs_mgr_get_crypt_info(fstab, 0, real_blkdev, sizeof(real_blkdev));
1849
Ajay Dudani87701e22014-09-17 21:02:52 -07001850#ifdef CONFIG_HW_DISK_ENCRYPTION
Iliyan Malchevbb7d9af2014-11-20 18:42:23 -08001851 if (!strcmp((char *)crypt_ftr->crypto_type_name, "aes-xts")) {
1852 if(!set_hw_device_encryption_key(passwd, (char*) crypt_ftr->crypto_type_name)) {
1853 SLOGE("Hardware encryption key does not match");
1854 }
Ajay Dudani87701e22014-09-17 21:02:52 -07001855 }
1856#endif
1857
Paul Lawrence74f29f12014-08-28 15:54:10 -07001858 // Create crypto block device - all (non fatal) code paths
1859 // need it
Paul Lawrencef4faa572014-01-29 13:31:03 -08001860 if (create_crypto_blk_dev(crypt_ftr, decrypted_master_key,
1861 real_blkdev, crypto_blkdev, label)) {
Paul Lawrence74f29f12014-08-28 15:54:10 -07001862 SLOGE("Error creating decrypted block device\n");
1863 rc = -1;
1864 goto errout;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001865 }
1866
Paul Lawrence74f29f12014-08-28 15:54:10 -07001867 /* Work out if the problem is the password or the data */
1868 unsigned char scrypted_intermediate_key[sizeof(crypt_ftr->
1869 scrypted_intermediate_key)];
1870 int N = 1 << crypt_ftr->N_factor;
1871 int r = 1 << crypt_ftr->r_factor;
1872 int p = 1 << crypt_ftr->p_factor;
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001873
Paul Lawrence74f29f12014-08-28 15:54:10 -07001874 rc = crypto_scrypt(intermediate_key, intermediate_key_size,
1875 crypt_ftr->salt, sizeof(crypt_ftr->salt),
1876 N, r, p, scrypted_intermediate_key,
1877 sizeof(scrypted_intermediate_key));
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001878
Paul Lawrence74f29f12014-08-28 15:54:10 -07001879 // Does the key match the crypto footer?
1880 if (rc == 0 && memcmp(scrypted_intermediate_key,
1881 crypt_ftr->scrypted_intermediate_key,
1882 sizeof(scrypted_intermediate_key)) == 0) {
1883 SLOGI("Password matches");
1884 rc = 0;
1885 } else {
1886 /* Try mounting the file system anyway, just in case the problem's with
1887 * the footer, not the key. */
1888 sprintf(tmp_mount_point, "%s/tmp_mnt", mount_point);
1889 mkdir(tmp_mount_point, 0755);
1890 if (fs_mgr_do_mount(fstab, DATA_MNT_POINT, crypto_blkdev, tmp_mount_point)) {
1891 SLOGE("Error temp mounting decrypted block device\n");
1892 delete_crypto_blk_dev(label);
1893
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001894 rc = ++crypt_ftr->failed_decrypt_count;
1895 put_crypt_ftr_and_key(crypt_ftr);
Paul Lawrence74f29f12014-08-28 15:54:10 -07001896 } else {
1897 /* Success! */
1898 SLOGI("Password did not match but decrypted drive mounted - continue");
1899 umount(tmp_mount_point);
1900 rc = 0;
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001901 }
Paul Lawrence74f29f12014-08-28 15:54:10 -07001902 }
1903
1904 if (rc == 0) {
1905 crypt_ftr->failed_decrypt_count = 0;
Paul Lawrence72b8b822014-10-05 12:57:37 -07001906 if (orig_failed_decrypt_count != 0) {
1907 put_crypt_ftr_and_key(crypt_ftr);
1908 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001909
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001910 /* Save the name of the crypto block device
Paul Lawrence74f29f12014-08-28 15:54:10 -07001911 * so we can mount it when restarting the framework. */
Ken Sumrall6864b7e2011-01-14 15:20:02 -08001912 property_set("ro.crypto.fs_crypto_blkdev", crypto_blkdev);
Jason parks70a4b3f2011-01-28 10:10:47 -06001913
1914 /* Also save a the master key so we can reencrypted the key
Paul Lawrence74f29f12014-08-28 15:54:10 -07001915 * the key when we want to change the password on it. */
Jason parks70a4b3f2011-01-28 10:10:47 -06001916 memcpy(saved_master_key, decrypted_master_key, KEY_LEN_BYTES);
Ken Sumrall3ad90722011-10-04 20:38:29 -07001917 saved_mount_point = strdup(mount_point);
Jason parks70a4b3f2011-01-28 10:10:47 -06001918 master_key_saved = 1;
JP Abgrall7bdfa522013-11-15 13:42:56 -08001919 SLOGD("%s(): Master key saved\n", __FUNCTION__);
Ken Sumrall6864b7e2011-01-14 15:20:02 -08001920 rc = 0;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001921
Paul Lawrence74f29f12014-08-28 15:54:10 -07001922 // Upgrade if we're not using the latest KDF.
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001923 use_keymaster = keymaster_check_compatibility();
1924 if (crypt_ftr->kdf_type == KDF_SCRYPT_KEYMASTER) {
Shawn Willden47ba10d2014-09-03 17:07:06 -06001925 // Don't allow downgrade
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001926 } else if (use_keymaster == 1 && crypt_ftr->kdf_type != KDF_SCRYPT_KEYMASTER) {
1927 crypt_ftr->kdf_type = KDF_SCRYPT_KEYMASTER;
1928 upgrade = 1;
1929 } else if (use_keymaster == 0 && crypt_ftr->kdf_type != KDF_SCRYPT) {
Paul Lawrencef4faa572014-01-29 13:31:03 -08001930 crypt_ftr->kdf_type = KDF_SCRYPT;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001931 upgrade = 1;
1932 }
1933
1934 if (upgrade) {
Paul Lawrencef4faa572014-01-29 13:31:03 -08001935 rc = encrypt_master_key(passwd, crypt_ftr->salt, saved_master_key,
1936 crypt_ftr->master_key, crypt_ftr);
JP Abgrall7bdfa522013-11-15 13:42:56 -08001937 if (!rc) {
Paul Lawrencef4faa572014-01-29 13:31:03 -08001938 rc = put_crypt_ftr_and_key(crypt_ftr);
JP Abgrall7bdfa522013-11-15 13:42:56 -08001939 }
1940 SLOGD("Key Derivation Function upgrade: rc=%d\n", rc);
Paul Lawrenceb2f682b2014-09-08 11:28:19 -07001941
1942 // Do not fail even if upgrade failed - machine is bootable
1943 // Note that if this code is ever hit, there is a *serious* problem
1944 // since KDFs should never fail. You *must* fix the kdf before
1945 // proceeding!
1946 if (rc) {
1947 SLOGW("Upgrade failed with error %d,"
1948 " but continuing with previous state",
1949 rc);
1950 rc = 0;
1951 }
JP Abgrall7bdfa522013-11-15 13:42:56 -08001952 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001953 }
1954
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001955 errout:
1956 if (intermediate_key) {
1957 memset(intermediate_key, 0, intermediate_key_size);
1958 free(intermediate_key);
1959 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001960 return rc;
1961}
1962
Ken Sumrall29d8da82011-05-18 17:20:07 -07001963/*
Jeff Sharkey9c484982015-03-31 10:35:33 -07001964 * Called by vold when it's asked to mount an encrypted external
1965 * storage volume. The incoming partition has no crypto header/footer,
1966 * as any metadata is been stored in a separate, small partition.
1967 *
1968 * out_crypto_blkdev must be MAXPATHLEN.
Ken Sumrall29d8da82011-05-18 17:20:07 -07001969 */
Jeff Sharkey9c484982015-03-31 10:35:33 -07001970int cryptfs_setup_ext_volume(const char* label, const char* real_blkdev,
1971 const unsigned char* key, int keysize, char* out_crypto_blkdev) {
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07001972 int fd = open(real_blkdev, O_RDONLY|O_CLOEXEC);
Hiroaki Miyazawa14eab552015-02-04 13:29:15 +09001973 if (fd == -1) {
Jeff Sharkey9c484982015-03-31 10:35:33 -07001974 SLOGE("Failed to open %s: %s", real_blkdev, strerror(errno));
Hiroaki Miyazawa14eab552015-02-04 13:29:15 +09001975 return -1;
1976 }
1977
1978 unsigned long nr_sec = 0;
1979 get_blkdev_size(fd, &nr_sec);
Ken Sumrall29d8da82011-05-18 17:20:07 -07001980 close(fd);
Hiroaki Miyazawa14eab552015-02-04 13:29:15 +09001981
Ken Sumrall29d8da82011-05-18 17:20:07 -07001982 if (nr_sec == 0) {
Jeff Sharkey9c484982015-03-31 10:35:33 -07001983 SLOGE("Failed to get size of %s: %s", real_blkdev, strerror(errno));
Ken Sumrall29d8da82011-05-18 17:20:07 -07001984 return -1;
1985 }
1986
Jeff Sharkey9c484982015-03-31 10:35:33 -07001987 struct crypt_mnt_ftr ext_crypt_ftr;
1988 memset(&ext_crypt_ftr, 0, sizeof(ext_crypt_ftr));
1989 ext_crypt_ftr.fs_size = nr_sec;
1990 ext_crypt_ftr.keysize = keysize;
1991 strcpy((char*) ext_crypt_ftr.crypto_type_name, "aes-cbc-essiv:sha256");
Ken Sumrall29d8da82011-05-18 17:20:07 -07001992
Jeff Sharkey9c484982015-03-31 10:35:33 -07001993 return create_crypto_blk_dev(&ext_crypt_ftr, key, real_blkdev,
1994 out_crypto_blkdev, label);
1995}
Ken Sumrall29d8da82011-05-18 17:20:07 -07001996
Jeff Sharkey9c484982015-03-31 10:35:33 -07001997/*
1998 * Called by vold when it's asked to unmount an encrypted external
1999 * storage volume.
2000 */
2001int cryptfs_revert_ext_volume(const char* label) {
2002 return delete_crypto_blk_dev((char*) label);
Ken Sumrall29d8da82011-05-18 17:20:07 -07002003}
2004
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08002005int cryptfs_crypto_complete(void)
2006{
2007 return do_crypto_complete("/data");
2008}
2009
Paul Lawrencef4faa572014-01-29 13:31:03 -08002010int check_unmounted_and_get_ftr(struct crypt_mnt_ftr* crypt_ftr)
2011{
2012 char encrypted_state[PROPERTY_VALUE_MAX];
2013 property_get("ro.crypto.state", encrypted_state, "");
2014 if ( master_key_saved || strcmp(encrypted_state, "encrypted") ) {
2015 SLOGE("encrypted fs already validated or not running with encryption,"
2016 " aborting");
2017 return -1;
2018 }
2019
2020 if (get_crypt_ftr_and_key(crypt_ftr)) {
2021 SLOGE("Error getting crypt footer and key");
2022 return -1;
2023 }
2024
2025 return 0;
2026}
2027
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002028int cryptfs_check_passwd(char *passwd)
2029{
Paul Lawrence05335c32015-03-05 09:46:23 -08002030 SLOGI("cryptfs_check_passwd");
2031 if (e4crypt_crypto_complete(DATA_MNT_POINT) == 0) {
2032 return e4crypt_check_passwd(DATA_MNT_POINT, passwd);
2033 }
2034
Paul Lawrencef4faa572014-01-29 13:31:03 -08002035 struct crypt_mnt_ftr crypt_ftr;
2036 int rc;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002037
Paul Lawrencef4faa572014-01-29 13:31:03 -08002038 rc = check_unmounted_and_get_ftr(&crypt_ftr);
2039 if (rc)
2040 return rc;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002041
Paul Lawrence3bd36d52015-06-09 13:37:44 -07002042 rc = test_mount_encrypted_fs(&crypt_ftr, passwd,
2043 DATA_MNT_POINT, "userdata");
Paul Lawrence684dbdf2014-02-07 12:07:22 -08002044
2045 if (rc == 0 && crypt_ftr.crypt_type != CRYPT_TYPE_DEFAULT) {
Paul Lawrence399317e2014-03-10 13:20:50 -07002046 cryptfs_clear_password();
2047 password = strdup(passwd);
2048 struct timespec now;
2049 clock_gettime(CLOCK_BOOTTIME, &now);
2050 password_expiry_time = now.tv_sec + password_max_age_seconds;
Paul Lawrence684dbdf2014-02-07 12:07:22 -08002051 }
2052
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002053 return rc;
2054}
2055
Ken Sumrall3ad90722011-10-04 20:38:29 -07002056int cryptfs_verify_passwd(char *passwd)
2057{
2058 struct crypt_mnt_ftr crypt_ftr;
2059 /* Allocate enough space for a 256 bit key, but we may use less */
Ken Sumrall160b4d62013-04-22 12:15:39 -07002060 unsigned char decrypted_master_key[32];
Ken Sumrall3ad90722011-10-04 20:38:29 -07002061 char encrypted_state[PROPERTY_VALUE_MAX];
2062 int rc;
2063
2064 property_get("ro.crypto.state", encrypted_state, "");
2065 if (strcmp(encrypted_state, "encrypted") ) {
2066 SLOGE("device not encrypted, aborting");
2067 return -2;
2068 }
2069
2070 if (!master_key_saved) {
2071 SLOGE("encrypted fs not yet mounted, aborting");
2072 return -1;
2073 }
2074
2075 if (!saved_mount_point) {
2076 SLOGE("encrypted fs failed to save mount point, aborting");
2077 return -1;
2078 }
2079
Ken Sumrall160b4d62013-04-22 12:15:39 -07002080 if (get_crypt_ftr_and_key(&crypt_ftr)) {
Ken Sumrall3ad90722011-10-04 20:38:29 -07002081 SLOGE("Error getting crypt footer and key\n");
2082 return -1;
2083 }
2084
2085 if (crypt_ftr.flags & CRYPT_MNT_KEY_UNENCRYPTED) {
2086 /* If the device has no password, then just say the password is valid */
2087 rc = 0;
2088 } else {
Paul Lawrenced0c7b172014-08-08 14:28:10 -07002089 decrypt_master_key(passwd, decrypted_master_key, &crypt_ftr, 0, 0);
Ken Sumrall3ad90722011-10-04 20:38:29 -07002090 if (!memcmp(decrypted_master_key, saved_master_key, crypt_ftr.keysize)) {
2091 /* They match, the password is correct */
2092 rc = 0;
2093 } else {
2094 /* If incorrect, sleep for a bit to prevent dictionary attacks */
2095 sleep(1);
2096 rc = 1;
2097 }
2098 }
2099
2100 return rc;
2101}
2102
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002103/* Initialize a crypt_mnt_ftr structure. The keysize is
2104 * defaulted to 16 bytes, and the filesystem size to 0.
2105 * Presumably, at a minimum, the caller will update the
2106 * filesystem size and crypto_type_name after calling this function.
2107 */
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07002108static int cryptfs_init_crypt_mnt_ftr(struct crypt_mnt_ftr *ftr)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002109{
Ken Sumrall160b4d62013-04-22 12:15:39 -07002110 off64_t off;
2111
2112 memset(ftr, 0, sizeof(struct crypt_mnt_ftr));
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002113 ftr->magic = CRYPT_MNT_MAGIC;
Kenny Rootc96a5f82013-06-14 12:08:28 -07002114 ftr->major_version = CURRENT_MAJOR_VERSION;
2115 ftr->minor_version = CURRENT_MINOR_VERSION;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002116 ftr->ftr_size = sizeof(struct crypt_mnt_ftr);
Jason parks70a4b3f2011-01-28 10:10:47 -06002117 ftr->keysize = KEY_LEN_BYTES;
Ken Sumrall160b4d62013-04-22 12:15:39 -07002118
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07002119 switch (keymaster_check_compatibility()) {
2120 case 1:
2121 ftr->kdf_type = KDF_SCRYPT_KEYMASTER;
2122 break;
2123
2124 case 0:
2125 ftr->kdf_type = KDF_SCRYPT;
2126 break;
2127
2128 default:
2129 SLOGE("keymaster_check_compatibility failed");
2130 return -1;
2131 }
2132
Kenny Rootc4c70f12013-06-14 12:11:38 -07002133 get_device_scrypt_params(ftr);
2134
Ken Sumrall160b4d62013-04-22 12:15:39 -07002135 ftr->persist_data_size = CRYPT_PERSIST_DATA_SIZE;
2136 if (get_crypt_ftr_info(NULL, &off) == 0) {
2137 ftr->persist_data_offset[0] = off + CRYPT_FOOTER_TO_PERSIST_OFFSET;
2138 ftr->persist_data_offset[1] = off + CRYPT_FOOTER_TO_PERSIST_OFFSET +
2139 ftr->persist_data_size;
2140 }
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07002141
2142 return 0;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002143}
2144
Ken Sumrall29d8da82011-05-18 17:20:07 -07002145static int cryptfs_enable_wipe(char *crypto_blkdev, off64_t size, int type)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002146{
Ken Sumralle550f782013-08-20 13:48:23 -07002147 const char *args[10];
2148 char size_str[32]; /* Must be large enough to hold a %lld and null byte */
2149 int num_args;
2150 int status;
2151 int tmp;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002152 int rc = -1;
2153
Ken Sumrall29d8da82011-05-18 17:20:07 -07002154 if (type == EXT4_FS) {
Ken Sumralle550f782013-08-20 13:48:23 -07002155 args[0] = "/system/bin/make_ext4fs";
2156 args[1] = "-a";
2157 args[2] = "/data";
2158 args[3] = "-l";
Elliott Hughes73737162014-06-25 17:27:42 -07002159 snprintf(size_str, sizeof(size_str), "%" PRId64, size * 512);
Ken Sumralle550f782013-08-20 13:48:23 -07002160 args[4] = size_str;
2161 args[5] = crypto_blkdev;
2162 num_args = 6;
2163 SLOGI("Making empty filesystem with command %s %s %s %s %s %s\n",
2164 args[0], args[1], args[2], args[3], args[4], args[5]);
JP Abgrall62c7af32014-06-16 13:01:23 -07002165 } else if (type == F2FS_FS) {
2166 args[0] = "/system/bin/mkfs.f2fs";
2167 args[1] = "-t";
2168 args[2] = "-d1";
2169 args[3] = crypto_blkdev;
Elliott Hughes73737162014-06-25 17:27:42 -07002170 snprintf(size_str, sizeof(size_str), "%" PRId64, size);
JP Abgrall62c7af32014-06-16 13:01:23 -07002171 args[4] = size_str;
2172 num_args = 5;
2173 SLOGI("Making empty filesystem with command %s %s %s %s %s\n",
2174 args[0], args[1], args[2], args[3], args[4]);
Ken Sumrall29d8da82011-05-18 17:20:07 -07002175 } else {
2176 SLOGE("cryptfs_enable_wipe(): unknown filesystem type %d\n", type);
2177 return -1;
2178 }
2179
Ken Sumralle550f782013-08-20 13:48:23 -07002180 tmp = android_fork_execvp(num_args, (char **)args, &status, false, true);
2181
2182 if (tmp != 0) {
2183 SLOGE("Error creating empty filesystem on %s due to logwrap error\n", crypto_blkdev);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002184 } else {
Ken Sumralle550f782013-08-20 13:48:23 -07002185 if (WIFEXITED(status)) {
2186 if (WEXITSTATUS(status)) {
2187 SLOGE("Error creating filesystem on %s, exit status %d ",
2188 crypto_blkdev, WEXITSTATUS(status));
2189 } else {
2190 SLOGD("Successfully created filesystem on %s\n", crypto_blkdev);
2191 rc = 0;
2192 }
2193 } else {
2194 SLOGE("Error creating filesystem on %s, did not exit normally\n", crypto_blkdev);
2195 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002196 }
2197
2198 return rc;
2199}
2200
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002201#define CRYPT_INPLACE_BUFSIZE 4096
Paul Lawrence87999172014-02-20 12:21:31 -08002202#define CRYPT_SECTORS_PER_BUFSIZE (CRYPT_INPLACE_BUFSIZE / CRYPT_SECTOR_SIZE)
2203#define CRYPT_SECTOR_SIZE 512
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002204
2205/* aligned 32K writes tends to make flash happy.
2206 * SD card association recommends it.
2207 */
Ajay Dudani87701e22014-09-17 21:02:52 -07002208#ifndef CONFIG_HW_DISK_ENCRYPTION
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002209#define BLOCKS_AT_A_TIME 8
Ajay Dudani87701e22014-09-17 21:02:52 -07002210#else
2211#define BLOCKS_AT_A_TIME 1024
2212#endif
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002213
2214struct encryptGroupsData
2215{
2216 int realfd;
2217 int cryptofd;
2218 off64_t numblocks;
2219 off64_t one_pct, cur_pct, new_pct;
2220 off64_t blocks_already_done, tot_numblocks;
Paul Lawrence58c58cf2014-06-04 13:12:21 -07002221 off64_t used_blocks_already_done, tot_used_blocks;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002222 char* real_blkdev, * crypto_blkdev;
2223 int count;
2224 off64_t offset;
2225 char* buffer;
Paul Lawrence87999172014-02-20 12:21:31 -08002226 off64_t last_written_sector;
2227 int completed;
Paul Lawrencea96d9c92014-06-04 14:05:01 -07002228 time_t time_started;
2229 int remaining_time;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002230};
2231
Paul Lawrence58c58cf2014-06-04 13:12:21 -07002232static void update_progress(struct encryptGroupsData* data, int is_used)
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002233{
2234 data->blocks_already_done++;
Paul Lawrence58c58cf2014-06-04 13:12:21 -07002235
2236 if (is_used) {
2237 data->used_blocks_already_done++;
2238 }
Paul Lawrence58c58cf2014-06-04 13:12:21 -07002239 if (data->tot_used_blocks) {
2240 data->new_pct = data->used_blocks_already_done / data->one_pct;
2241 } else {
2242 data->new_pct = data->blocks_already_done / data->one_pct;
2243 }
2244
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002245 if (data->new_pct > data->cur_pct) {
2246 char buf[8];
2247 data->cur_pct = data->new_pct;
Elliott Hughescb33f572014-06-25 18:25:11 -07002248 snprintf(buf, sizeof(buf), "%" PRId64, data->cur_pct);
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002249 property_set("vold.encrypt_progress", buf);
2250 }
Paul Lawrencea96d9c92014-06-04 14:05:01 -07002251
2252 if (data->cur_pct >= 5) {
Paul Lawrence9c58a872014-09-30 09:12:51 -07002253 struct timespec time_now;
2254 if (clock_gettime(CLOCK_MONOTONIC, &time_now)) {
2255 SLOGW("Error getting time");
2256 } else {
2257 double elapsed_time = difftime(time_now.tv_sec, data->time_started);
2258 off64_t remaining_blocks = data->tot_used_blocks
2259 - data->used_blocks_already_done;
2260 int remaining_time = (int)(elapsed_time * remaining_blocks
2261 / data->used_blocks_already_done);
Paul Lawrence71577502014-08-13 14:55:55 -07002262
Paul Lawrence9c58a872014-09-30 09:12:51 -07002263 // Change time only if not yet set, lower, or a lot higher for
2264 // best user experience
2265 if (data->remaining_time == -1
2266 || remaining_time < data->remaining_time
2267 || remaining_time > data->remaining_time + 60) {
2268 char buf[8];
2269 snprintf(buf, sizeof(buf), "%d", remaining_time);
2270 property_set("vold.encrypt_time_remaining", buf);
2271 data->remaining_time = remaining_time;
2272 }
Paul Lawrencea96d9c92014-06-04 14:05:01 -07002273 }
2274 }
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002275}
2276
Paul Lawrence3846be12014-09-22 11:33:54 -07002277static void log_progress(struct encryptGroupsData const* data, bool completed)
2278{
2279 // Precondition - if completed data = 0 else data != 0
2280
2281 // Track progress so we can skip logging blocks
2282 static off64_t offset = -1;
2283
2284 // Need to close existing 'Encrypting from' log?
2285 if (completed || (offset != -1 && data->offset != offset)) {
2286 SLOGI("Encrypted to sector %" PRId64,
2287 offset / info.block_size * CRYPT_SECTOR_SIZE);
2288 offset = -1;
2289 }
2290
2291 // Need to start new 'Encrypting from' log?
2292 if (!completed && offset != data->offset) {
2293 SLOGI("Encrypting from sector %" PRId64,
2294 data->offset / info.block_size * CRYPT_SECTOR_SIZE);
2295 }
2296
2297 // Update offset
2298 if (!completed) {
2299 offset = data->offset + (off64_t)data->count * info.block_size;
2300 }
2301}
2302
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002303static int flush_outstanding_data(struct encryptGroupsData* data)
2304{
2305 if (data->count == 0) {
2306 return 0;
2307 }
2308
Elliott Hughes231bdba2014-06-25 18:36:19 -07002309 SLOGV("Copying %d blocks at offset %" PRIx64, data->count, data->offset);
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002310
2311 if (pread64(data->realfd, data->buffer,
2312 info.block_size * data->count, data->offset)
2313 <= 0) {
2314 SLOGE("Error reading real_blkdev %s for inplace encrypt",
2315 data->real_blkdev);
2316 return -1;
2317 }
2318
2319 if (pwrite64(data->cryptofd, data->buffer,
2320 info.block_size * data->count, data->offset)
2321 <= 0) {
2322 SLOGE("Error writing crypto_blkdev %s for inplace encrypt",
2323 data->crypto_blkdev);
2324 return -1;
Paul Lawrence87999172014-02-20 12:21:31 -08002325 } else {
Paul Lawrence3846be12014-09-22 11:33:54 -07002326 log_progress(data, false);
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002327 }
2328
2329 data->count = 0;
Paul Lawrence87999172014-02-20 12:21:31 -08002330 data->last_written_sector = (data->offset + data->count)
2331 / info.block_size * CRYPT_SECTOR_SIZE - 1;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002332 return 0;
2333}
2334
2335static int encrypt_groups(struct encryptGroupsData* data)
2336{
2337 unsigned int i;
2338 u8 *block_bitmap = 0;
2339 unsigned int block;
2340 off64_t ret;
2341 int rc = -1;
2342
2343 data->buffer = malloc(info.block_size * BLOCKS_AT_A_TIME);
2344 if (!data->buffer) {
2345 SLOGE("Failed to allocate crypto buffer");
2346 goto errout;
2347 }
2348
2349 block_bitmap = malloc(info.block_size);
2350 if (!block_bitmap) {
2351 SLOGE("failed to allocate block bitmap");
2352 goto errout;
2353 }
2354
2355 for (i = 0; i < aux_info.groups; ++i) {
2356 SLOGI("Encrypting group %d", i);
2357
2358 u32 first_block = aux_info.first_data_block + i * info.blocks_per_group;
2359 u32 block_count = min(info.blocks_per_group,
2360 aux_info.len_blocks - first_block);
2361
2362 off64_t offset = (u64)info.block_size
2363 * aux_info.bg_desc[i].bg_block_bitmap;
2364
2365 ret = pread64(data->realfd, block_bitmap, info.block_size, offset);
2366 if (ret != (int)info.block_size) {
2367 SLOGE("failed to read all of block group bitmap %d", i);
2368 goto errout;
2369 }
2370
2371 offset = (u64)info.block_size * first_block;
2372
2373 data->count = 0;
2374
2375 for (block = 0; block < block_count; block++) {
Paul Lawrence58c58cf2014-06-04 13:12:21 -07002376 int used = bitmap_get_bit(block_bitmap, block);
2377 update_progress(data, used);
2378 if (used) {
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002379 if (data->count == 0) {
2380 data->offset = offset;
2381 }
2382 data->count++;
2383 } else {
2384 if (flush_outstanding_data(data)) {
2385 goto errout;
2386 }
2387 }
2388
2389 offset += info.block_size;
2390
2391 /* Write data if we are aligned or buffer size reached */
2392 if (offset % (info.block_size * BLOCKS_AT_A_TIME) == 0
2393 || data->count == BLOCKS_AT_A_TIME) {
2394 if (flush_outstanding_data(data)) {
2395 goto errout;
2396 }
2397 }
Paul Lawrence87999172014-02-20 12:21:31 -08002398
Paul Lawrence73d7a022014-06-09 14:10:09 -07002399 if (!is_battery_ok_to_continue()) {
Paul Lawrence87999172014-02-20 12:21:31 -08002400 SLOGE("Stopping encryption due to low battery");
2401 rc = 0;
2402 goto errout;
2403 }
2404
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002405 }
2406 if (flush_outstanding_data(data)) {
2407 goto errout;
2408 }
2409 }
2410
Paul Lawrence87999172014-02-20 12:21:31 -08002411 data->completed = 1;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002412 rc = 0;
2413
2414errout:
Paul Lawrence3846be12014-09-22 11:33:54 -07002415 log_progress(0, true);
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002416 free(data->buffer);
2417 free(block_bitmap);
2418 return rc;
2419}
2420
2421static int cryptfs_enable_inplace_ext4(char *crypto_blkdev,
2422 char *real_blkdev,
2423 off64_t size,
2424 off64_t *size_already_done,
Paul Lawrence87999172014-02-20 12:21:31 -08002425 off64_t tot_size,
2426 off64_t previously_encrypted_upto)
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002427{
Paul Lawrence58c58cf2014-06-04 13:12:21 -07002428 u32 i;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002429 struct encryptGroupsData data;
Paul Lawrence74f29f12014-08-28 15:54:10 -07002430 int rc; // Can't initialize without causing warning -Wclobbered
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002431
Paul Lawrence87999172014-02-20 12:21:31 -08002432 if (previously_encrypted_upto > *size_already_done) {
2433 SLOGD("Not fast encrypting since resuming part way through");
2434 return -1;
2435 }
2436
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002437 memset(&data, 0, sizeof(data));
2438 data.real_blkdev = real_blkdev;
2439 data.crypto_blkdev = crypto_blkdev;
2440
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07002441 if ( (data.realfd = open(real_blkdev, O_RDWR|O_CLOEXEC)) < 0) {
JP Abgrall3334c6a2014-10-10 15:52:11 -07002442 SLOGE("Error opening real_blkdev %s for inplace encrypt. err=%d(%s)\n",
2443 real_blkdev, errno, strerror(errno));
Paul Lawrence74f29f12014-08-28 15:54:10 -07002444 rc = -1;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002445 goto errout;
2446 }
2447
David Ng82fd8042015-01-21 13:55:21 -08002448 // Wait until the block device appears. Re-use the mount retry values since it is reasonable.
2449 int retries = RETRY_MOUNT_ATTEMPTS;
2450 while ((data.cryptofd = open(crypto_blkdev, O_WRONLY|O_CLOEXEC)) < 0) {
2451 if (--retries) {
2452 SLOGE("Error opening crypto_blkdev %s for ext4 inplace encrypt. err=%d(%s), retrying\n",
2453 crypto_blkdev, errno, strerror(errno));
2454 sleep(RETRY_MOUNT_DELAY_SECONDS);
2455 } else {
2456 SLOGE("Error opening crypto_blkdev %s for ext4 inplace encrypt. err=%d(%s)\n",
2457 crypto_blkdev, errno, strerror(errno));
2458 rc = ENABLE_INPLACE_ERR_DEV;
2459 goto errout;
2460 }
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002461 }
2462
2463 if (setjmp(setjmp_env)) {
JP Abgrall7fc1de82014-10-10 18:43:41 -07002464 SLOGE("Reading ext4 extent caused an exception\n");
Paul Lawrence74f29f12014-08-28 15:54:10 -07002465 rc = -1;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002466 goto errout;
2467 }
2468
2469 if (read_ext(data.realfd, 0) != 0) {
JP Abgrall7fc1de82014-10-10 18:43:41 -07002470 SLOGE("Failed to read ext4 extent\n");
Paul Lawrence74f29f12014-08-28 15:54:10 -07002471 rc = -1;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002472 goto errout;
2473 }
2474
2475 data.numblocks = size / CRYPT_SECTORS_PER_BUFSIZE;
2476 data.tot_numblocks = tot_size / CRYPT_SECTORS_PER_BUFSIZE;
2477 data.blocks_already_done = *size_already_done / CRYPT_SECTORS_PER_BUFSIZE;
2478
JP Abgrall7fc1de82014-10-10 18:43:41 -07002479 SLOGI("Encrypting ext4 filesystem in place...");
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002480
Paul Lawrence58c58cf2014-06-04 13:12:21 -07002481 data.tot_used_blocks = data.numblocks;
2482 for (i = 0; i < aux_info.groups; ++i) {
2483 data.tot_used_blocks -= aux_info.bg_desc[i].bg_free_blocks_count;
2484 }
2485
2486 data.one_pct = data.tot_used_blocks / 100;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002487 data.cur_pct = 0;
Paul Lawrence9c58a872014-09-30 09:12:51 -07002488
2489 struct timespec time_started = {0};
2490 if (clock_gettime(CLOCK_MONOTONIC, &time_started)) {
2491 SLOGW("Error getting time at start");
2492 // Note - continue anyway - we'll run with 0
2493 }
2494 data.time_started = time_started.tv_sec;
Paul Lawrencea96d9c92014-06-04 14:05:01 -07002495 data.remaining_time = -1;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002496
2497 rc = encrypt_groups(&data);
2498 if (rc) {
2499 SLOGE("Error encrypting groups");
2500 goto errout;
2501 }
2502
Paul Lawrence87999172014-02-20 12:21:31 -08002503 *size_already_done += data.completed ? size : data.last_written_sector;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002504 rc = 0;
2505
2506errout:
2507 close(data.realfd);
2508 close(data.cryptofd);
2509
2510 return rc;
2511}
2512
Paul Lawrence3846be12014-09-22 11:33:54 -07002513static void log_progress_f2fs(u64 block, bool completed)
2514{
2515 // Precondition - if completed data = 0 else data != 0
2516
2517 // Track progress so we can skip logging blocks
2518 static u64 last_block = (u64)-1;
2519
2520 // Need to close existing 'Encrypting from' log?
2521 if (completed || (last_block != (u64)-1 && block != last_block + 1)) {
2522 SLOGI("Encrypted to block %" PRId64, last_block);
2523 last_block = -1;
2524 }
2525
2526 // Need to start new 'Encrypting from' log?
2527 if (!completed && (last_block == (u64)-1 || block != last_block + 1)) {
2528 SLOGI("Encrypting from block %" PRId64, block);
2529 }
2530
2531 // Update offset
2532 if (!completed) {
2533 last_block = block;
2534 }
2535}
2536
Daniel Rosenberge82df162014-08-15 22:19:23 +00002537static int encrypt_one_block_f2fs(u64 pos, void *data)
2538{
2539 struct encryptGroupsData *priv_dat = (struct encryptGroupsData *)data;
2540
2541 priv_dat->blocks_already_done = pos - 1;
2542 update_progress(priv_dat, 1);
2543
2544 off64_t offset = pos * CRYPT_INPLACE_BUFSIZE;
2545
2546 if (pread64(priv_dat->realfd, priv_dat->buffer, CRYPT_INPLACE_BUFSIZE, offset) <= 0) {
JP Abgrall7fc1de82014-10-10 18:43:41 -07002547 SLOGE("Error reading real_blkdev %s for f2fs inplace encrypt", priv_dat->crypto_blkdev);
Daniel Rosenberge82df162014-08-15 22:19:23 +00002548 return -1;
2549 }
2550
2551 if (pwrite64(priv_dat->cryptofd, priv_dat->buffer, CRYPT_INPLACE_BUFSIZE, offset) <= 0) {
JP Abgrall7fc1de82014-10-10 18:43:41 -07002552 SLOGE("Error writing crypto_blkdev %s for f2fs inplace encrypt", priv_dat->crypto_blkdev);
Daniel Rosenberge82df162014-08-15 22:19:23 +00002553 return -1;
2554 } else {
Paul Lawrence3846be12014-09-22 11:33:54 -07002555 log_progress_f2fs(pos, false);
Daniel Rosenberge82df162014-08-15 22:19:23 +00002556 }
2557
2558 return 0;
2559}
2560
2561static int cryptfs_enable_inplace_f2fs(char *crypto_blkdev,
2562 char *real_blkdev,
2563 off64_t size,
2564 off64_t *size_already_done,
2565 off64_t tot_size,
2566 off64_t previously_encrypted_upto)
2567{
Daniel Rosenberge82df162014-08-15 22:19:23 +00002568 struct encryptGroupsData data;
2569 struct f2fs_info *f2fs_info = NULL;
JP Abgrall7fc1de82014-10-10 18:43:41 -07002570 int rc = ENABLE_INPLACE_ERR_OTHER;
Daniel Rosenberge82df162014-08-15 22:19:23 +00002571 if (previously_encrypted_upto > *size_already_done) {
2572 SLOGD("Not fast encrypting since resuming part way through");
JP Abgrall7fc1de82014-10-10 18:43:41 -07002573 return ENABLE_INPLACE_ERR_OTHER;
Daniel Rosenberge82df162014-08-15 22:19:23 +00002574 }
2575 memset(&data, 0, sizeof(data));
2576 data.real_blkdev = real_blkdev;
2577 data.crypto_blkdev = crypto_blkdev;
2578 data.realfd = -1;
2579 data.cryptofd = -1;
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07002580 if ( (data.realfd = open64(real_blkdev, O_RDWR|O_CLOEXEC)) < 0) {
JP Abgrall7fc1de82014-10-10 18:43:41 -07002581 SLOGE("Error opening real_blkdev %s for f2fs inplace encrypt\n",
Daniel Rosenberge82df162014-08-15 22:19:23 +00002582 real_blkdev);
2583 goto errout;
2584 }
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07002585 if ( (data.cryptofd = open64(crypto_blkdev, O_WRONLY|O_CLOEXEC)) < 0) {
JP Abgrall7fc1de82014-10-10 18:43:41 -07002586 SLOGE("Error opening crypto_blkdev %s for f2fs inplace encrypt. err=%d(%s)\n",
JP Abgrall3334c6a2014-10-10 15:52:11 -07002587 crypto_blkdev, errno, strerror(errno));
JP Abgrall7fc1de82014-10-10 18:43:41 -07002588 rc = ENABLE_INPLACE_ERR_DEV;
Daniel Rosenberge82df162014-08-15 22:19:23 +00002589 goto errout;
2590 }
2591
2592 f2fs_info = generate_f2fs_info(data.realfd);
2593 if (!f2fs_info)
2594 goto errout;
2595
2596 data.numblocks = size / CRYPT_SECTORS_PER_BUFSIZE;
2597 data.tot_numblocks = tot_size / CRYPT_SECTORS_PER_BUFSIZE;
2598 data.blocks_already_done = *size_already_done / CRYPT_SECTORS_PER_BUFSIZE;
2599
2600 data.tot_used_blocks = get_num_blocks_used(f2fs_info);
2601
2602 data.one_pct = data.tot_used_blocks / 100;
2603 data.cur_pct = 0;
2604 data.time_started = time(NULL);
2605 data.remaining_time = -1;
2606
2607 data.buffer = malloc(f2fs_info->block_size);
2608 if (!data.buffer) {
2609 SLOGE("Failed to allocate crypto buffer");
2610 goto errout;
2611 }
2612
2613 data.count = 0;
2614
2615 /* Currently, this either runs to completion, or hits a nonrecoverable error */
2616 rc = run_on_used_blocks(data.blocks_already_done, f2fs_info, &encrypt_one_block_f2fs, &data);
2617
2618 if (rc) {
JP Abgrall7fc1de82014-10-10 18:43:41 -07002619 SLOGE("Error in running over f2fs blocks");
2620 rc = ENABLE_INPLACE_ERR_OTHER;
Daniel Rosenberge82df162014-08-15 22:19:23 +00002621 goto errout;
2622 }
2623
2624 *size_already_done += size;
2625 rc = 0;
2626
2627errout:
2628 if (rc)
2629 SLOGE("Failed to encrypt f2fs filesystem on %s", real_blkdev);
2630
Paul Lawrence3846be12014-09-22 11:33:54 -07002631 log_progress_f2fs(0, true);
Daniel Rosenberge82df162014-08-15 22:19:23 +00002632 free(f2fs_info);
2633 free(data.buffer);
2634 close(data.realfd);
2635 close(data.cryptofd);
2636
2637 return rc;
2638}
2639
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002640static int cryptfs_enable_inplace_full(char *crypto_blkdev, char *real_blkdev,
2641 off64_t size, off64_t *size_already_done,
Paul Lawrence87999172014-02-20 12:21:31 -08002642 off64_t tot_size,
2643 off64_t previously_encrypted_upto)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002644{
2645 int realfd, cryptofd;
2646 char *buf[CRYPT_INPLACE_BUFSIZE];
JP Abgrall7fc1de82014-10-10 18:43:41 -07002647 int rc = ENABLE_INPLACE_ERR_OTHER;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002648 off64_t numblocks, i, remainder;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002649 off64_t one_pct, cur_pct, new_pct;
Ken Sumrall29d8da82011-05-18 17:20:07 -07002650 off64_t blocks_already_done, tot_numblocks;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002651
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07002652 if ( (realfd = open(real_blkdev, O_RDONLY|O_CLOEXEC)) < 0) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002653 SLOGE("Error opening real_blkdev %s for inplace encrypt\n", real_blkdev);
JP Abgrall7fc1de82014-10-10 18:43:41 -07002654 return ENABLE_INPLACE_ERR_OTHER;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002655 }
2656
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07002657 if ( (cryptofd = open(crypto_blkdev, O_WRONLY|O_CLOEXEC)) < 0) {
JP Abgrall3334c6a2014-10-10 15:52:11 -07002658 SLOGE("Error opening crypto_blkdev %s for inplace encrypt. err=%d(%s)\n",
2659 crypto_blkdev, errno, strerror(errno));
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002660 close(realfd);
JP Abgrall7fc1de82014-10-10 18:43:41 -07002661 return ENABLE_INPLACE_ERR_DEV;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002662 }
2663
2664 /* This is pretty much a simple loop of reading 4K, and writing 4K.
2665 * The size passed in is the number of 512 byte sectors in the filesystem.
2666 * So compute the number of whole 4K blocks we should read/write,
2667 * and the remainder.
2668 */
2669 numblocks = size / CRYPT_SECTORS_PER_BUFSIZE;
2670 remainder = size % CRYPT_SECTORS_PER_BUFSIZE;
Ken Sumrall29d8da82011-05-18 17:20:07 -07002671 tot_numblocks = tot_size / CRYPT_SECTORS_PER_BUFSIZE;
2672 blocks_already_done = *size_already_done / CRYPT_SECTORS_PER_BUFSIZE;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002673
2674 SLOGE("Encrypting filesystem in place...");
2675
Paul Lawrence87999172014-02-20 12:21:31 -08002676 i = previously_encrypted_upto + 1 - *size_already_done;
2677
2678 if (lseek64(realfd, i * CRYPT_SECTOR_SIZE, SEEK_SET) < 0) {
2679 SLOGE("Cannot seek to previously encrypted point on %s", real_blkdev);
2680 goto errout;
2681 }
2682
2683 if (lseek64(cryptofd, i * CRYPT_SECTOR_SIZE, SEEK_SET) < 0) {
2684 SLOGE("Cannot seek to previously encrypted point on %s", crypto_blkdev);
2685 goto errout;
2686 }
2687
2688 for (;i < size && i % CRYPT_SECTORS_PER_BUFSIZE != 0; ++i) {
2689 if (unix_read(realfd, buf, CRYPT_SECTOR_SIZE) <= 0) {
2690 SLOGE("Error reading initial sectors from real_blkdev %s for "
2691 "inplace encrypt\n", crypto_blkdev);
2692 goto errout;
2693 }
2694 if (unix_write(cryptofd, buf, CRYPT_SECTOR_SIZE) <= 0) {
2695 SLOGE("Error writing initial sectors to crypto_blkdev %s for "
2696 "inplace encrypt\n", crypto_blkdev);
2697 goto errout;
2698 } else {
Elliott Hughescb33f572014-06-25 18:25:11 -07002699 SLOGI("Encrypted 1 block at %" PRId64, i);
Paul Lawrence87999172014-02-20 12:21:31 -08002700 }
2701 }
2702
Ken Sumrall29d8da82011-05-18 17:20:07 -07002703 one_pct = tot_numblocks / 100;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002704 cur_pct = 0;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002705 /* process the majority of the filesystem in blocks */
Paul Lawrence87999172014-02-20 12:21:31 -08002706 for (i/=CRYPT_SECTORS_PER_BUFSIZE; i<numblocks; i++) {
Ken Sumrall29d8da82011-05-18 17:20:07 -07002707 new_pct = (i + blocks_already_done) / one_pct;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002708 if (new_pct > cur_pct) {
2709 char buf[8];
2710
2711 cur_pct = new_pct;
Elliott Hughes73737162014-06-25 17:27:42 -07002712 snprintf(buf, sizeof(buf), "%" PRId64, cur_pct);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002713 property_set("vold.encrypt_progress", buf);
2714 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002715 if (unix_read(realfd, buf, CRYPT_INPLACE_BUFSIZE) <= 0) {
Paul Lawrence87999172014-02-20 12:21:31 -08002716 SLOGE("Error reading real_blkdev %s for inplace encrypt", crypto_blkdev);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002717 goto errout;
2718 }
2719 if (unix_write(cryptofd, buf, CRYPT_INPLACE_BUFSIZE) <= 0) {
Paul Lawrence87999172014-02-20 12:21:31 -08002720 SLOGE("Error writing crypto_blkdev %s for inplace encrypt", crypto_blkdev);
2721 goto errout;
2722 } else {
Elliott Hughescb33f572014-06-25 18:25:11 -07002723 SLOGD("Encrypted %d block at %" PRId64,
Paul Lawrence87999172014-02-20 12:21:31 -08002724 CRYPT_SECTORS_PER_BUFSIZE,
2725 i * CRYPT_SECTORS_PER_BUFSIZE);
2726 }
2727
Paul Lawrence73d7a022014-06-09 14:10:09 -07002728 if (!is_battery_ok_to_continue()) {
Paul Lawrence87999172014-02-20 12:21:31 -08002729 SLOGE("Stopping encryption due to low battery");
2730 *size_already_done += (i + 1) * CRYPT_SECTORS_PER_BUFSIZE - 1;
2731 rc = 0;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002732 goto errout;
2733 }
2734 }
2735
2736 /* Do any remaining sectors */
2737 for (i=0; i<remainder; i++) {
Paul Lawrence87999172014-02-20 12:21:31 -08002738 if (unix_read(realfd, buf, CRYPT_SECTOR_SIZE) <= 0) {
2739 SLOGE("Error reading final sectors from real_blkdev %s for inplace encrypt", crypto_blkdev);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002740 goto errout;
2741 }
Paul Lawrence87999172014-02-20 12:21:31 -08002742 if (unix_write(cryptofd, buf, CRYPT_SECTOR_SIZE) <= 0) {
2743 SLOGE("Error writing final sectors to crypto_blkdev %s for inplace encrypt", crypto_blkdev);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002744 goto errout;
Paul Lawrence87999172014-02-20 12:21:31 -08002745 } else {
2746 SLOGI("Encrypted 1 block at next location");
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002747 }
2748 }
2749
Ken Sumrall29d8da82011-05-18 17:20:07 -07002750 *size_already_done += size;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002751 rc = 0;
2752
2753errout:
2754 close(realfd);
2755 close(cryptofd);
2756
2757 return rc;
2758}
2759
JP Abgrall7fc1de82014-10-10 18:43:41 -07002760/* returns on of the ENABLE_INPLACE_* return codes */
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002761static int cryptfs_enable_inplace(char *crypto_blkdev, char *real_blkdev,
2762 off64_t size, off64_t *size_already_done,
Paul Lawrence87999172014-02-20 12:21:31 -08002763 off64_t tot_size,
2764 off64_t previously_encrypted_upto)
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002765{
JP Abgrall7fc1de82014-10-10 18:43:41 -07002766 int rc_ext4, rc_f2fs, rc_full;
Paul Lawrence87999172014-02-20 12:21:31 -08002767 if (previously_encrypted_upto) {
Elliott Hughescb33f572014-06-25 18:25:11 -07002768 SLOGD("Continuing encryption from %" PRId64, previously_encrypted_upto);
Paul Lawrence87999172014-02-20 12:21:31 -08002769 }
2770
2771 if (*size_already_done + size < previously_encrypted_upto) {
2772 *size_already_done += size;
2773 return 0;
2774 }
2775
Daniel Rosenberge82df162014-08-15 22:19:23 +00002776 /* TODO: identify filesystem type.
2777 * As is, cryptfs_enable_inplace_ext4 will fail on an f2fs partition, and
2778 * then we will drop down to cryptfs_enable_inplace_f2fs.
2779 * */
JP Abgrall7fc1de82014-10-10 18:43:41 -07002780 if ((rc_ext4 = cryptfs_enable_inplace_ext4(crypto_blkdev, real_blkdev,
Daniel Rosenberge82df162014-08-15 22:19:23 +00002781 size, size_already_done,
JP Abgrall7fc1de82014-10-10 18:43:41 -07002782 tot_size, previously_encrypted_upto)) == 0) {
Daniel Rosenberge82df162014-08-15 22:19:23 +00002783 return 0;
2784 }
JP Abgrall7fc1de82014-10-10 18:43:41 -07002785 SLOGD("cryptfs_enable_inplace_ext4()=%d\n", rc_ext4);
Daniel Rosenberge82df162014-08-15 22:19:23 +00002786
JP Abgrall7fc1de82014-10-10 18:43:41 -07002787 if ((rc_f2fs = cryptfs_enable_inplace_f2fs(crypto_blkdev, real_blkdev,
Daniel Rosenberge82df162014-08-15 22:19:23 +00002788 size, size_already_done,
JP Abgrall7fc1de82014-10-10 18:43:41 -07002789 tot_size, previously_encrypted_upto)) == 0) {
Daniel Rosenberge82df162014-08-15 22:19:23 +00002790 return 0;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002791 }
JP Abgrall7fc1de82014-10-10 18:43:41 -07002792 SLOGD("cryptfs_enable_inplace_f2fs()=%d\n", rc_f2fs);
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002793
JP Abgrall7fc1de82014-10-10 18:43:41 -07002794 rc_full = cryptfs_enable_inplace_full(crypto_blkdev, real_blkdev,
Paul Lawrence87999172014-02-20 12:21:31 -08002795 size, size_already_done, tot_size,
2796 previously_encrypted_upto);
JP Abgrall7fc1de82014-10-10 18:43:41 -07002797 SLOGD("cryptfs_enable_inplace_full()=%d\n", rc_full);
2798
2799 /* Hack for b/17898962, the following is the symptom... */
2800 if (rc_ext4 == ENABLE_INPLACE_ERR_DEV
2801 && rc_f2fs == ENABLE_INPLACE_ERR_DEV
2802 && rc_full == ENABLE_INPLACE_ERR_DEV) {
2803 return ENABLE_INPLACE_ERR_DEV;
2804 }
2805 return rc_full;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002806}
2807
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002808#define CRYPTO_ENABLE_WIPE 1
2809#define CRYPTO_ENABLE_INPLACE 2
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002810
2811#define FRAMEWORK_BOOT_WAIT 60
2812
Paul Lawrence87999172014-02-20 12:21:31 -08002813static int cryptfs_SHA256_fileblock(const char* filename, __le8* buf)
2814{
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07002815 int fd = open(filename, O_RDONLY|O_CLOEXEC);
Paul Lawrence87999172014-02-20 12:21:31 -08002816 if (fd == -1) {
2817 SLOGE("Error opening file %s", filename);
2818 return -1;
2819 }
2820
2821 char block[CRYPT_INPLACE_BUFSIZE];
2822 memset(block, 0, sizeof(block));
2823 if (unix_read(fd, block, sizeof(block)) < 0) {
2824 SLOGE("Error reading file %s", filename);
2825 close(fd);
2826 return -1;
2827 }
2828
2829 close(fd);
2830
2831 SHA256_CTX c;
2832 SHA256_Init(&c);
2833 SHA256_Update(&c, block, sizeof(block));
2834 SHA256_Final(buf, &c);
2835
2836 return 0;
2837}
2838
JP Abgrall62c7af32014-06-16 13:01:23 -07002839static int get_fs_type(struct fstab_rec *rec)
2840{
2841 if (!strcmp(rec->fs_type, "ext4")) {
2842 return EXT4_FS;
2843 } else if (!strcmp(rec->fs_type, "f2fs")) {
2844 return F2FS_FS;
2845 } else {
2846 return -1;
2847 }
2848}
2849
Paul Lawrence87999172014-02-20 12:21:31 -08002850static int cryptfs_enable_all_volumes(struct crypt_mnt_ftr *crypt_ftr, int how,
2851 char *crypto_blkdev, char *real_blkdev,
2852 int previously_encrypted_upto)
2853{
2854 off64_t cur_encryption_done=0, tot_encryption_size=0;
Tim Murray8439dc92014-12-15 11:56:11 -08002855 int rc = -1;
Paul Lawrence87999172014-02-20 12:21:31 -08002856
Paul Lawrence73d7a022014-06-09 14:10:09 -07002857 if (!is_battery_ok_to_start()) {
2858 SLOGW("Not starting encryption due to low battery");
Paul Lawrence87999172014-02-20 12:21:31 -08002859 return 0;
2860 }
2861
2862 /* The size of the userdata partition, and add in the vold volumes below */
2863 tot_encryption_size = crypt_ftr->fs_size;
2864
2865 if (how == CRYPTO_ENABLE_WIPE) {
JP Abgrall62c7af32014-06-16 13:01:23 -07002866 struct fstab_rec* rec = fs_mgr_get_entry_for_mount_point(fstab, DATA_MNT_POINT);
2867 int fs_type = get_fs_type(rec);
2868 if (fs_type < 0) {
2869 SLOGE("cryptfs_enable: unsupported fs type %s\n", rec->fs_type);
2870 return -1;
2871 }
2872 rc = cryptfs_enable_wipe(crypto_blkdev, crypt_ftr->fs_size, fs_type);
Paul Lawrence87999172014-02-20 12:21:31 -08002873 } else if (how == CRYPTO_ENABLE_INPLACE) {
2874 rc = cryptfs_enable_inplace(crypto_blkdev, real_blkdev,
2875 crypt_ftr->fs_size, &cur_encryption_done,
2876 tot_encryption_size,
2877 previously_encrypted_upto);
2878
JP Abgrall7fc1de82014-10-10 18:43:41 -07002879 if (rc == ENABLE_INPLACE_ERR_DEV) {
2880 /* Hack for b/17898962 */
2881 SLOGE("cryptfs_enable: crypto block dev failure. Must reboot...\n");
2882 cryptfs_reboot(reboot);
2883 }
2884
Paul Lawrence73d7a022014-06-09 14:10:09 -07002885 if (!rc) {
Paul Lawrence87999172014-02-20 12:21:31 -08002886 crypt_ftr->encrypted_upto = cur_encryption_done;
2887 }
2888
Paul Lawrence73d7a022014-06-09 14:10:09 -07002889 if (!rc && crypt_ftr->encrypted_upto == crypt_ftr->fs_size) {
Paul Lawrence87999172014-02-20 12:21:31 -08002890 /* The inplace routine never actually sets the progress to 100% due
2891 * to the round down nature of integer division, so set it here */
2892 property_set("vold.encrypt_progress", "100");
2893 }
2894 } else {
2895 /* Shouldn't happen */
2896 SLOGE("cryptfs_enable: internal error, unknown option\n");
2897 rc = -1;
2898 }
2899
2900 return rc;
2901}
2902
Paul Lawrence13486032014-02-03 13:28:11 -08002903int cryptfs_enable_internal(char *howarg, int crypt_type, char *passwd,
2904 int allow_reboot)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002905{
2906 int how = 0;
Paul Lawrence87999172014-02-20 12:21:31 -08002907 char crypto_blkdev[MAXPATHLEN], real_blkdev[MAXPATHLEN];
Ken Sumrall160b4d62013-04-22 12:15:39 -07002908 unsigned char decrypted_master_key[KEY_LEN_BYTES];
Hiroaki Miyazawa14eab552015-02-04 13:29:15 +09002909 int rc=-1, i;
Paul Lawrence87999172014-02-20 12:21:31 -08002910 struct crypt_mnt_ftr crypt_ftr;
Ken Sumrall160b4d62013-04-22 12:15:39 -07002911 struct crypt_persist_data *pdata;
Ken Sumrall29d8da82011-05-18 17:20:07 -07002912 char encrypted_state[PROPERTY_VALUE_MAX];
Ken Sumrall5d4c68e2011-01-30 19:06:03 -08002913 char lockid[32] = { 0 };
Ken Sumrall29d8da82011-05-18 17:20:07 -07002914 char key_loc[PROPERTY_VALUE_MAX];
Ken Sumrall29d8da82011-05-18 17:20:07 -07002915 int num_vols;
Paul Lawrence87999172014-02-20 12:21:31 -08002916 off64_t previously_encrypted_upto = 0;
Ken Sumrall29d8da82011-05-18 17:20:07 -07002917
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002918 if (!strcmp(howarg, "wipe")) {
2919 how = CRYPTO_ENABLE_WIPE;
2920 } else if (! strcmp(howarg, "inplace")) {
2921 how = CRYPTO_ENABLE_INPLACE;
2922 } else {
2923 /* Shouldn't happen, as CommandListener vets the args */
Ken Sumrall3ed82362011-01-28 23:31:16 -08002924 goto error_unencrypted;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002925 }
2926
Paul Lawrence87999172014-02-20 12:21:31 -08002927 /* See if an encryption was underway and interrupted */
2928 if (how == CRYPTO_ENABLE_INPLACE
2929 && get_crypt_ftr_and_key(&crypt_ftr) == 0
2930 && (crypt_ftr.flags & CRYPT_ENCRYPTION_IN_PROGRESS)) {
2931 previously_encrypted_upto = crypt_ftr.encrypted_upto;
2932 crypt_ftr.encrypted_upto = 0;
Paul Lawrence6bfed202014-07-28 12:47:22 -07002933 crypt_ftr.flags &= ~CRYPT_ENCRYPTION_IN_PROGRESS;
2934
2935 /* At this point, we are in an inconsistent state. Until we successfully
2936 complete encryption, a reboot will leave us broken. So mark the
2937 encryption failed in case that happens.
2938 On successfully completing encryption, remove this flag */
2939 crypt_ftr.flags |= CRYPT_INCONSISTENT_STATE;
2940
2941 put_crypt_ftr_and_key(&crypt_ftr);
Paul Lawrence87999172014-02-20 12:21:31 -08002942 }
2943
2944 property_get("ro.crypto.state", encrypted_state, "");
2945 if (!strcmp(encrypted_state, "encrypted") && !previously_encrypted_upto) {
2946 SLOGE("Device is already running encrypted, aborting");
2947 goto error_unencrypted;
2948 }
2949
2950 // TODO refactor fs_mgr_get_crypt_info to get both in one call
2951 fs_mgr_get_crypt_info(fstab, key_loc, 0, sizeof(key_loc));
Ken Sumrall56ad03c2013-02-13 13:00:19 -08002952 fs_mgr_get_crypt_info(fstab, 0, real_blkdev, sizeof(real_blkdev));
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002953
Ken Sumrall3ed82362011-01-28 23:31:16 -08002954 /* Get the size of the real block device */
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07002955 int fd = open(real_blkdev, O_RDONLY|O_CLOEXEC);
Hiroaki Miyazawa14eab552015-02-04 13:29:15 +09002956 if (fd == -1) {
2957 SLOGE("Cannot open block device %s\n", real_blkdev);
2958 goto error_unencrypted;
2959 }
2960 unsigned long nr_sec;
2961 get_blkdev_size(fd, &nr_sec);
2962 if (nr_sec == 0) {
Ken Sumrall3ed82362011-01-28 23:31:16 -08002963 SLOGE("Cannot get size of block device %s\n", real_blkdev);
2964 goto error_unencrypted;
2965 }
2966 close(fd);
2967
2968 /* If doing inplace encryption, make sure the orig fs doesn't include the crypto footer */
Ken Sumrall29d8da82011-05-18 17:20:07 -07002969 if ((how == CRYPTO_ENABLE_INPLACE) && (!strcmp(key_loc, KEY_IN_FOOTER))) {
Ken Sumrall3ed82362011-01-28 23:31:16 -08002970 unsigned int fs_size_sec, max_fs_size_sec;
Jim Millera70abc62014-08-15 02:00:45 +00002971 fs_size_sec = get_fs_size(real_blkdev);
Daniel Rosenberge82df162014-08-15 22:19:23 +00002972 if (fs_size_sec == 0)
2973 fs_size_sec = get_f2fs_filesystem_size_sec(real_blkdev);
2974
Paul Lawrence87999172014-02-20 12:21:31 -08002975 max_fs_size_sec = nr_sec - (CRYPT_FOOTER_OFFSET / CRYPT_SECTOR_SIZE);
Ken Sumrall3ed82362011-01-28 23:31:16 -08002976
2977 if (fs_size_sec > max_fs_size_sec) {
2978 SLOGE("Orig filesystem overlaps crypto footer region. Cannot encrypt in place.");
2979 goto error_unencrypted;
2980 }
2981 }
2982
Ken Sumrall5d4c68e2011-01-30 19:06:03 -08002983 /* Get a wakelock as this may take a while, and we don't want the
2984 * device to sleep on us. We'll grab a partial wakelock, and if the UI
2985 * wants to keep the screen on, it can grab a full wakelock.
2986 */
Ken Sumrall29d8da82011-05-18 17:20:07 -07002987 snprintf(lockid, sizeof(lockid), "enablecrypto%d", (int) getpid());
Ken Sumrall5d4c68e2011-01-30 19:06:03 -08002988 acquire_wake_lock(PARTIAL_WAKE_LOCK, lockid);
2989
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002990 /* The init files are setup to stop the class main and late start when
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002991 * vold sets trigger_shutdown_framework.
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002992 */
2993 property_set("vold.decrypt", "trigger_shutdown_framework");
2994 SLOGD("Just asked init to shut down class main\n");
2995
Jeff Sharkey9c484982015-03-31 10:35:33 -07002996 /* Ask vold to unmount all devices that it manages */
2997 if (vold_unmountAll()) {
2998 SLOGE("Failed to unmount all vold managed devices");
Ken Sumrall2eaf7132011-01-14 12:45:48 -08002999 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003000
3001 /* Now unmount the /data partition. */
Greg Hackmann6e8440f2014-10-02 17:18:20 -07003002 if (wait_and_unmount(DATA_MNT_POINT, false)) {
JP Abgrall502dc742013-11-01 13:06:20 -07003003 if (allow_reboot) {
3004 goto error_shutting_down;
3005 } else {
3006 goto error_unencrypted;
3007 }
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003008 }
3009
3010 /* Do extra work for a better UX when doing the long inplace encryption */
3011 if (how == CRYPTO_ENABLE_INPLACE) {
3012 /* Now that /data is unmounted, we need to mount a tmpfs
3013 * /data, set a property saying we're doing inplace encryption,
3014 * and restart the framework.
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003015 */
Ken Sumralle5032c42012-04-01 23:58:44 -07003016 if (fs_mgr_do_tmpfs_mount(DATA_MNT_POINT)) {
Ken Sumrall3ed82362011-01-28 23:31:16 -08003017 goto error_shutting_down;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003018 }
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003019 /* Tells the framework that inplace encryption is starting */
Ken Sumrall7df84122011-01-18 14:04:08 -08003020 property_set("vold.encrypt_progress", "0");
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003021
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003022 /* restart the framework. */
3023 /* Create necessary paths on /data */
3024 if (prep_data_fs()) {
Ken Sumrall3ed82362011-01-28 23:31:16 -08003025 goto error_shutting_down;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003026 }
3027
Ken Sumrall92736ef2012-10-17 20:57:14 -07003028 /* Ugh, shutting down the framework is not synchronous, so until it
3029 * can be fixed, this horrible hack will wait a moment for it all to
3030 * shut down before proceeding. Without it, some devices cannot
3031 * restart the graphics services.
3032 */
3033 sleep(2);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003034 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003035
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003036 /* Start the actual work of making an encrypted filesystem */
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003037 /* Initialize a crypt_mnt_ftr for the partition */
Paul Lawrence87999172014-02-20 12:21:31 -08003038 if (previously_encrypted_upto == 0) {
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07003039 if (cryptfs_init_crypt_mnt_ftr(&crypt_ftr)) {
3040 goto error_shutting_down;
3041 }
Ken Sumrall160b4d62013-04-22 12:15:39 -07003042
Paul Lawrence87999172014-02-20 12:21:31 -08003043 if (!strcmp(key_loc, KEY_IN_FOOTER)) {
3044 crypt_ftr.fs_size = nr_sec
3045 - (CRYPT_FOOTER_OFFSET / CRYPT_SECTOR_SIZE);
3046 } else {
3047 crypt_ftr.fs_size = nr_sec;
3048 }
Paul Lawrence6bfed202014-07-28 12:47:22 -07003049 /* At this point, we are in an inconsistent state. Until we successfully
3050 complete encryption, a reboot will leave us broken. So mark the
3051 encryption failed in case that happens.
3052 On successfully completing encryption, remove this flag */
3053 crypt_ftr.flags |= CRYPT_INCONSISTENT_STATE;
Paul Lawrence87999172014-02-20 12:21:31 -08003054 crypt_ftr.crypt_type = crypt_type;
Ajay Dudani87701e22014-09-17 21:02:52 -07003055#ifndef CONFIG_HW_DISK_ENCRYPTION
3056 strlcpy((char *)crypt_ftr.crypto_type_name, "aes-cbc-essiv:sha256", MAX_CRYPTO_TYPE_NAME_LEN);
3057#else
3058 strlcpy((char *)crypt_ftr.crypto_type_name, "aes-xts", MAX_CRYPTO_TYPE_NAME_LEN);
3059
Iliyan Malchevbb7d9af2014-11-20 18:42:23 -08003060 rc = clear_hw_device_encryption_key();
Ajay Dudani87701e22014-09-17 21:02:52 -07003061 if (!rc) {
3062 SLOGE("Error clearing device encryption hardware key. rc = %d", rc);
3063 }
3064
3065 rc = set_hw_device_encryption_key(passwd,
3066 (char*) crypt_ftr.crypto_type_name);
3067 if (!rc) {
3068 SLOGE("Error initializing device encryption hardware key. rc = %d", rc);
3069 goto error_shutting_down;
3070 }
3071#endif
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003072
Paul Lawrence87999172014-02-20 12:21:31 -08003073 /* Make an encrypted master key */
3074 if (create_encrypted_random_key(passwd, crypt_ftr.master_key, crypt_ftr.salt, &crypt_ftr)) {
3075 SLOGE("Cannot create encrypted master key\n");
3076 goto error_shutting_down;
3077 }
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003078
Paul Lawrence87999172014-02-20 12:21:31 -08003079 /* Write the key to the end of the partition */
3080 put_crypt_ftr_and_key(&crypt_ftr);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003081
Paul Lawrence87999172014-02-20 12:21:31 -08003082 /* If any persistent data has been remembered, save it.
3083 * If none, create a valid empty table and save that.
3084 */
3085 if (!persist_data) {
3086 pdata = malloc(CRYPT_PERSIST_DATA_SIZE);
3087 if (pdata) {
3088 init_empty_persist_data(pdata, CRYPT_PERSIST_DATA_SIZE);
3089 persist_data = pdata;
3090 }
3091 }
3092 if (persist_data) {
3093 save_persistent_data();
3094 }
Ken Sumrall160b4d62013-04-22 12:15:39 -07003095 }
3096
Ajay Dudani87701e22014-09-17 21:02:52 -07003097 if (how == CRYPTO_ENABLE_INPLACE) {
3098 /* startup service classes main and late_start */
3099 property_set("vold.decrypt", "trigger_restart_min_framework");
3100 SLOGD("Just triggered restart_min_framework\n");
3101
3102 /* OK, the framework is restarted and will soon be showing a
3103 * progress bar. Time to setup an encrypted mapping, and
3104 * either write a new filesystem, or encrypt in place updating
3105 * the progress bar as we work.
3106 */
3107 }
3108
Paul Lawrenced0c7b172014-08-08 14:28:10 -07003109 decrypt_master_key(passwd, decrypted_master_key, &crypt_ftr, 0, 0);
Ken Sumrall29d8da82011-05-18 17:20:07 -07003110 create_crypto_blk_dev(&crypt_ftr, decrypted_master_key, real_blkdev, crypto_blkdev,
3111 "userdata");
3112
Paul Lawrence87999172014-02-20 12:21:31 -08003113 /* If we are continuing, check checksums match */
3114 rc = 0;
3115 if (previously_encrypted_upto) {
3116 __le8 hash_first_block[SHA256_DIGEST_LENGTH];
3117 rc = cryptfs_SHA256_fileblock(crypto_blkdev, hash_first_block);
Ken Sumrall128626f2011-06-28 18:45:14 -07003118
Paul Lawrence87999172014-02-20 12:21:31 -08003119 if (!rc && memcmp(hash_first_block, crypt_ftr.hash_first_block,
3120 sizeof(hash_first_block)) != 0) {
3121 SLOGE("Checksums do not match - trigger wipe");
3122 rc = -1;
Ken Sumrall29d8da82011-05-18 17:20:07 -07003123 }
3124 }
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003125
Paul Lawrence87999172014-02-20 12:21:31 -08003126 if (!rc) {
3127 rc = cryptfs_enable_all_volumes(&crypt_ftr, how,
3128 crypto_blkdev, real_blkdev,
3129 previously_encrypted_upto);
3130 }
3131
3132 /* Calculate checksum if we are not finished */
Paul Lawrenceb1eb7a02014-11-25 14:57:32 -08003133 if (!rc && how == CRYPTO_ENABLE_INPLACE
3134 && crypt_ftr.encrypted_upto != crypt_ftr.fs_size) {
Paul Lawrence87999172014-02-20 12:21:31 -08003135 rc = cryptfs_SHA256_fileblock(crypto_blkdev,
3136 crypt_ftr.hash_first_block);
Paul Lawrence73d7a022014-06-09 14:10:09 -07003137 if (rc) {
Paul Lawrence87999172014-02-20 12:21:31 -08003138 SLOGE("Error calculating checksum for continuing encryption");
3139 rc = -1;
Ken Sumrall29d8da82011-05-18 17:20:07 -07003140 }
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003141 }
3142
3143 /* Undo the dm-crypt mapping whether we succeed or not */
Ken Sumrall29d8da82011-05-18 17:20:07 -07003144 delete_crypto_blk_dev("userdata");
Ken Sumrall29d8da82011-05-18 17:20:07 -07003145
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003146 if (! rc) {
3147 /* Success */
Paul Lawrence6bfed202014-07-28 12:47:22 -07003148 crypt_ftr.flags &= ~CRYPT_INCONSISTENT_STATE;
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08003149
Paul Lawrenceb1eb7a02014-11-25 14:57:32 -08003150 if (how == CRYPTO_ENABLE_INPLACE
3151 && crypt_ftr.encrypted_upto != crypt_ftr.fs_size) {
Paul Lawrence87999172014-02-20 12:21:31 -08003152 SLOGD("Encrypted up to sector %lld - will continue after reboot",
3153 crypt_ftr.encrypted_upto);
Paul Lawrence6bfed202014-07-28 12:47:22 -07003154 crypt_ftr.flags |= CRYPT_ENCRYPTION_IN_PROGRESS;
Paul Lawrence87999172014-02-20 12:21:31 -08003155 }
Paul Lawrence73d7a022014-06-09 14:10:09 -07003156
Paul Lawrence6bfed202014-07-28 12:47:22 -07003157 put_crypt_ftr_and_key(&crypt_ftr);
Ken Sumralld33d4172011-02-01 00:49:13 -08003158
Paul Lawrenceb1eb7a02014-11-25 14:57:32 -08003159 if (how == CRYPTO_ENABLE_WIPE
3160 || crypt_ftr.encrypted_upto == crypt_ftr.fs_size) {
Paul Lawrenceb6672e12014-08-15 07:37:28 -07003161 char value[PROPERTY_VALUE_MAX];
3162 property_get("ro.crypto.state", value, "");
3163 if (!strcmp(value, "")) {
3164 /* default encryption - continue first boot sequence */
3165 property_set("ro.crypto.state", "encrypted");
3166 release_wake_lock(lockid);
3167 cryptfs_check_passwd(DEFAULT_PASSWORD);
3168 cryptfs_restart_internal(1);
3169 return 0;
3170 } else {
3171 sleep(2); /* Give the UI a chance to show 100% progress */
Paul Lawrence87999172014-02-20 12:21:31 -08003172 cryptfs_reboot(reboot);
Paul Lawrenceb6672e12014-08-15 07:37:28 -07003173 }
Paul Lawrence87999172014-02-20 12:21:31 -08003174 } else {
Paul Lawrenceb6672e12014-08-15 07:37:28 -07003175 sleep(2); /* Partially encrypted, ensure writes flushed to ssd */
Paul Lawrence87999172014-02-20 12:21:31 -08003176 cryptfs_reboot(shutdown);
3177 }
Ken Sumrall3ed82362011-01-28 23:31:16 -08003178 } else {
Mike Lockwoodee6d8c42012-02-15 13:43:28 -08003179 char value[PROPERTY_VALUE_MAX];
3180
Ken Sumrall319369a2012-06-27 16:30:18 -07003181 property_get("ro.vold.wipe_on_crypt_fail", value, "0");
Mike Lockwoodee6d8c42012-02-15 13:43:28 -08003182 if (!strcmp(value, "1")) {
3183 /* wipe data if encryption failed */
3184 SLOGE("encryption failed - rebooting into recovery to wipe data\n");
3185 mkdir("/cache/recovery", 0700);
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07003186 int fd = open("/cache/recovery/command", O_RDWR|O_CREAT|O_TRUNC|O_CLOEXEC, 0600);
Mike Lockwoodee6d8c42012-02-15 13:43:28 -08003187 if (fd >= 0) {
Jeff Sharkeydd1a8042014-09-24 11:46:51 -07003188 write(fd, "--wipe_data\n", strlen("--wipe_data\n") + 1);
3189 write(fd, "--reason=cryptfs_enable_internal\n", strlen("--reason=cryptfs_enable_internal\n") + 1);
Mike Lockwoodee6d8c42012-02-15 13:43:28 -08003190 close(fd);
3191 } else {
3192 SLOGE("could not open /cache/recovery/command\n");
3193 }
Paul Lawrence87999172014-02-20 12:21:31 -08003194 cryptfs_reboot(recovery);
Mike Lockwoodee6d8c42012-02-15 13:43:28 -08003195 } else {
3196 /* set property to trigger dialog */
3197 property_set("vold.encrypt_progress", "error_partially_encrypted");
3198 release_wake_lock(lockid);
3199 }
Ken Sumrall3ed82362011-01-28 23:31:16 -08003200 return -1;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003201 }
3202
Ken Sumrall3ed82362011-01-28 23:31:16 -08003203 /* hrm, the encrypt step claims success, but the reboot failed.
3204 * This should not happen.
3205 * Set the property and return. Hope the framework can deal with it.
3206 */
3207 property_set("vold.encrypt_progress", "error_reboot_failed");
Ken Sumrall5d4c68e2011-01-30 19:06:03 -08003208 release_wake_lock(lockid);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003209 return rc;
Ken Sumrall3ed82362011-01-28 23:31:16 -08003210
3211error_unencrypted:
3212 property_set("vold.encrypt_progress", "error_not_encrypted");
Ken Sumrall5d4c68e2011-01-30 19:06:03 -08003213 if (lockid[0]) {
3214 release_wake_lock(lockid);
3215 }
Ken Sumrall3ed82362011-01-28 23:31:16 -08003216 return -1;
3217
3218error_shutting_down:
3219 /* we failed, and have not encrypted anthing, so the users's data is still intact,
3220 * but the framework is stopped and not restarted to show the error, so it's up to
3221 * vold to restart the system.
3222 */
3223 SLOGE("Error enabling encryption after framework is shutdown, no data changed, restarting system");
Paul Lawrence87999172014-02-20 12:21:31 -08003224 cryptfs_reboot(reboot);
Ken Sumrall3ed82362011-01-28 23:31:16 -08003225
3226 /* shouldn't get here */
3227 property_set("vold.encrypt_progress", "error_shutting_down");
Ken Sumrall5d4c68e2011-01-30 19:06:03 -08003228 if (lockid[0]) {
3229 release_wake_lock(lockid);
3230 }
Ken Sumrall3ed82362011-01-28 23:31:16 -08003231 return -1;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003232}
3233
Paul Lawrence45f10532014-04-04 18:11:56 +00003234int cryptfs_enable(char *howarg, int type, char *passwd, int allow_reboot)
Paul Lawrence13486032014-02-03 13:28:11 -08003235{
Paul Lawrence3bd36d52015-06-09 13:37:44 -07003236 return cryptfs_enable_internal(howarg, type, passwd, allow_reboot);
Paul Lawrence13486032014-02-03 13:28:11 -08003237}
3238
3239int cryptfs_enable_default(char *howarg, int allow_reboot)
3240{
3241 return cryptfs_enable_internal(howarg, CRYPT_TYPE_DEFAULT,
3242 DEFAULT_PASSWORD, allow_reboot);
3243}
3244
3245int cryptfs_changepw(int crypt_type, const char *newpw)
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003246{
Paul Lawrence05335c32015-03-05 09:46:23 -08003247 if (e4crypt_crypto_complete(DATA_MNT_POINT) == 0) {
Paul Lawrencef733ae62015-07-07 15:43:14 -07003248 return e4crypt_change_password(DATA_MNT_POINT, crypt_type,
3249 crypt_type == CRYPT_TYPE_DEFAULT ? DEFAULT_PASSWORD
3250 : newpw);
Paul Lawrence05335c32015-03-05 09:46:23 -08003251 }
3252
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003253 struct crypt_mnt_ftr crypt_ftr;
JP Abgrall933216c2015-02-11 13:44:32 -08003254 int rc;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003255
3256 /* This is only allowed after we've successfully decrypted the master key */
Paul Lawrencef4faa572014-01-29 13:31:03 -08003257 if (!master_key_saved) {
Ken Sumrall0cc16632011-01-18 20:32:26 -08003258 SLOGE("Key not saved, aborting");
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003259 return -1;
3260 }
3261
Paul Lawrencef4faa572014-01-29 13:31:03 -08003262 if (crypt_type < 0 || crypt_type > CRYPT_TYPE_MAX_TYPE) {
3263 SLOGE("Invalid crypt_type %d", crypt_type);
3264 return -1;
3265 }
3266
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003267 /* get key */
Ken Sumrall160b4d62013-04-22 12:15:39 -07003268 if (get_crypt_ftr_and_key(&crypt_ftr)) {
Paul Lawrencef4faa572014-01-29 13:31:03 -08003269 SLOGE("Error getting crypt footer and key");
3270 return -1;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003271 }
3272
Paul Lawrencef4faa572014-01-29 13:31:03 -08003273 crypt_ftr.crypt_type = crypt_type;
3274
JP Abgrall933216c2015-02-11 13:44:32 -08003275 rc = encrypt_master_key(crypt_type == CRYPT_TYPE_DEFAULT ? DEFAULT_PASSWORD
Paul Lawrencef4faa572014-01-29 13:31:03 -08003276 : newpw,
3277 crypt_ftr.salt,
3278 saved_master_key,
3279 crypt_ftr.master_key,
3280 &crypt_ftr);
JP Abgrall933216c2015-02-11 13:44:32 -08003281 if (rc) {
3282 SLOGE("Encrypt master key failed: %d", rc);
3283 return -1;
3284 }
Jason parks70a4b3f2011-01-28 10:10:47 -06003285 /* save the key */
Ken Sumrall160b4d62013-04-22 12:15:39 -07003286 put_crypt_ftr_and_key(&crypt_ftr);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003287
Ajay Dudani87701e22014-09-17 21:02:52 -07003288#ifdef CONFIG_HW_DISK_ENCRYPTION
Iliyan Malchevbb7d9af2014-11-20 18:42:23 -08003289 if (!strcmp((char *)crypt_ftr.crypto_type_name, "aes-xts")) {
3290 if (crypt_type == CRYPT_TYPE_DEFAULT) {
3291 int rc = update_hw_device_encryption_key(DEFAULT_PASSWORD, (char*) crypt_ftr.crypto_type_name);
3292 SLOGD("Update hardware encryption key to default for crypt_type: %d. rc = %d", crypt_type, rc);
3293 if (!rc)
3294 return -1;
3295 } else {
3296 int rc = update_hw_device_encryption_key(newpw, (char*) crypt_ftr.crypto_type_name);
3297 SLOGD("Update hardware encryption key for crypt_type: %d. rc = %d", crypt_type, rc);
3298 if (!rc)
3299 return -1;
3300 }
Ajay Dudani87701e22014-09-17 21:02:52 -07003301 }
3302#endif
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003303 return 0;
3304}
Ken Sumrall160b4d62013-04-22 12:15:39 -07003305
Rubin Xu85c01f92014-10-13 12:49:54 +01003306static unsigned int persist_get_max_entries(int encrypted) {
3307 struct crypt_mnt_ftr crypt_ftr;
3308 unsigned int dsize;
3309 unsigned int max_persistent_entries;
3310
3311 /* If encrypted, use the values from the crypt_ftr, otherwise
3312 * use the values for the current spec.
3313 */
3314 if (encrypted) {
3315 if (get_crypt_ftr_and_key(&crypt_ftr)) {
3316 return -1;
3317 }
3318 dsize = crypt_ftr.persist_data_size;
3319 } else {
3320 dsize = CRYPT_PERSIST_DATA_SIZE;
3321 }
3322
3323 max_persistent_entries = (dsize - sizeof(struct crypt_persist_data)) /
3324 sizeof(struct crypt_persist_entry);
3325
3326 return max_persistent_entries;
3327}
3328
3329static int persist_get_key(const char *fieldname, char *value)
Ken Sumrall160b4d62013-04-22 12:15:39 -07003330{
3331 unsigned int i;
3332
3333 if (persist_data == NULL) {
3334 return -1;
3335 }
3336 for (i = 0; i < persist_data->persist_valid_entries; i++) {
3337 if (!strncmp(persist_data->persist_entry[i].key, fieldname, PROPERTY_KEY_MAX)) {
3338 /* We found it! */
3339 strlcpy(value, persist_data->persist_entry[i].val, PROPERTY_VALUE_MAX);
3340 return 0;
3341 }
3342 }
3343
3344 return -1;
3345}
3346
Rubin Xu85c01f92014-10-13 12:49:54 +01003347static int persist_set_key(const char *fieldname, const char *value, int encrypted)
Ken Sumrall160b4d62013-04-22 12:15:39 -07003348{
3349 unsigned int i;
3350 unsigned int num;
Ken Sumrall160b4d62013-04-22 12:15:39 -07003351 unsigned int max_persistent_entries;
Ken Sumrall160b4d62013-04-22 12:15:39 -07003352
3353 if (persist_data == NULL) {
3354 return -1;
3355 }
3356
Rubin Xu85c01f92014-10-13 12:49:54 +01003357 max_persistent_entries = persist_get_max_entries(encrypted);
Ken Sumrall160b4d62013-04-22 12:15:39 -07003358
3359 num = persist_data->persist_valid_entries;
3360
3361 for (i = 0; i < num; i++) {
3362 if (!strncmp(persist_data->persist_entry[i].key, fieldname, PROPERTY_KEY_MAX)) {
3363 /* We found an existing entry, update it! */
3364 memset(persist_data->persist_entry[i].val, 0, PROPERTY_VALUE_MAX);
3365 strlcpy(persist_data->persist_entry[i].val, value, PROPERTY_VALUE_MAX);
3366 return 0;
3367 }
3368 }
3369
3370 /* We didn't find it, add it to the end, if there is room */
3371 if (persist_data->persist_valid_entries < max_persistent_entries) {
3372 memset(&persist_data->persist_entry[num], 0, sizeof(struct crypt_persist_entry));
3373 strlcpy(persist_data->persist_entry[num].key, fieldname, PROPERTY_KEY_MAX);
3374 strlcpy(persist_data->persist_entry[num].val, value, PROPERTY_VALUE_MAX);
3375 persist_data->persist_valid_entries++;
3376 return 0;
3377 }
3378
3379 return -1;
3380}
3381
Rubin Xu85c01f92014-10-13 12:49:54 +01003382/**
3383 * Test if key is part of the multi-entry (field, index) sequence. Return non-zero if key is in the
3384 * sequence and its index is greater than or equal to index. Return 0 otherwise.
3385 */
3386static int match_multi_entry(const char *key, const char *field, unsigned index) {
Rubin Xu85c01f92014-10-13 12:49:54 +01003387 unsigned int field_len;
3388 unsigned int key_index;
3389 field_len = strlen(field);
3390
3391 if (index == 0) {
3392 // The first key in a multi-entry field is just the filedname itself.
3393 if (!strcmp(key, field)) {
3394 return 1;
3395 }
3396 }
3397 // Match key against "%s_%d" % (field, index)
3398 if (strlen(key) < field_len + 1 + 1) {
3399 // Need at least a '_' and a digit.
3400 return 0;
3401 }
3402 if (strncmp(key, field, field_len)) {
3403 // If the key does not begin with field, it's not a match.
3404 return 0;
3405 }
3406 if (1 != sscanf(&key[field_len],"_%d", &key_index)) {
3407 return 0;
3408 }
3409 return key_index >= index;
3410}
3411
3412/*
3413 * Delete entry/entries from persist_data. If the entries are part of a multi-segment field, all
3414 * remaining entries starting from index will be deleted.
3415 * returns PERSIST_DEL_KEY_OK if deletion succeeds,
3416 * PERSIST_DEL_KEY_ERROR_NO_FIELD if the field does not exist,
3417 * and PERSIST_DEL_KEY_ERROR_OTHER if error occurs.
3418 *
3419 */
3420static int persist_del_keys(const char *fieldname, unsigned index)
3421{
3422 unsigned int i;
3423 unsigned int j;
3424 unsigned int num;
3425
3426 if (persist_data == NULL) {
3427 return PERSIST_DEL_KEY_ERROR_OTHER;
3428 }
3429
3430 num = persist_data->persist_valid_entries;
3431
3432 j = 0; // points to the end of non-deleted entries.
3433 // Filter out to-be-deleted entries in place.
3434 for (i = 0; i < num; i++) {
3435 if (!match_multi_entry(persist_data->persist_entry[i].key, fieldname, index)) {
3436 persist_data->persist_entry[j] = persist_data->persist_entry[i];
3437 j++;
3438 }
3439 }
3440
3441 if (j < num) {
3442 persist_data->persist_valid_entries = j;
3443 // Zeroise the remaining entries
3444 memset(&persist_data->persist_entry[j], 0, (num - j) * sizeof(struct crypt_persist_entry));
3445 return PERSIST_DEL_KEY_OK;
3446 } else {
3447 // Did not find an entry matching the given fieldname
3448 return PERSIST_DEL_KEY_ERROR_NO_FIELD;
3449 }
3450}
3451
3452static int persist_count_keys(const char *fieldname)
3453{
3454 unsigned int i;
3455 unsigned int count;
3456
3457 if (persist_data == NULL) {
3458 return -1;
3459 }
3460
3461 count = 0;
3462 for (i = 0; i < persist_data->persist_valid_entries; i++) {
3463 if (match_multi_entry(persist_data->persist_entry[i].key, fieldname, 0)) {
3464 count++;
3465 }
3466 }
3467
3468 return count;
3469}
3470
Ken Sumrall160b4d62013-04-22 12:15:39 -07003471/* Return the value of the specified field. */
Rubin Xu85c01f92014-10-13 12:49:54 +01003472int cryptfs_getfield(const char *fieldname, char *value, int len)
Ken Sumrall160b4d62013-04-22 12:15:39 -07003473{
Paul Lawrence368d7942015-04-15 14:12:00 -07003474 if (e4crypt_crypto_complete(DATA_MNT_POINT) == 0) {
3475 return e4crypt_get_field(DATA_MNT_POINT, fieldname, value, len);
3476 }
3477
Ken Sumrall160b4d62013-04-22 12:15:39 -07003478 char temp_value[PROPERTY_VALUE_MAX];
Rubin Xu85c01f92014-10-13 12:49:54 +01003479 /* CRYPTO_GETFIELD_OK is success,
3480 * CRYPTO_GETFIELD_ERROR_NO_FIELD is value not set,
3481 * CRYPTO_GETFIELD_ERROR_BUF_TOO_SMALL is buffer (as given by len) too small,
3482 * CRYPTO_GETFIELD_ERROR_OTHER is any other error
Ken Sumrall160b4d62013-04-22 12:15:39 -07003483 */
Rubin Xu85c01f92014-10-13 12:49:54 +01003484 int rc = CRYPTO_GETFIELD_ERROR_OTHER;
3485 int i;
3486 char temp_field[PROPERTY_KEY_MAX];
Ken Sumrall160b4d62013-04-22 12:15:39 -07003487
3488 if (persist_data == NULL) {
3489 load_persistent_data();
3490 if (persist_data == NULL) {
3491 SLOGE("Getfield error, cannot load persistent data");
3492 goto out;
3493 }
3494 }
3495
Rubin Xu85c01f92014-10-13 12:49:54 +01003496 // Read value from persistent entries. If the original value is split into multiple entries,
3497 // stitch them back together.
Ken Sumrall160b4d62013-04-22 12:15:39 -07003498 if (!persist_get_key(fieldname, temp_value)) {
Rubin Xu85c01f92014-10-13 12:49:54 +01003499 // We found it, copy it to the caller's buffer and keep going until all entries are read.
3500 if (strlcpy(value, temp_value, len) >= (unsigned) len) {
3501 // value too small
3502 rc = CRYPTO_GETFIELD_ERROR_BUF_TOO_SMALL;
3503 goto out;
3504 }
3505 rc = CRYPTO_GETFIELD_OK;
3506
3507 for (i = 1; /* break explicitly */; i++) {
3508 if (snprintf(temp_field, sizeof(temp_field), "%s_%d", fieldname, i) >=
3509 (int) sizeof(temp_field)) {
3510 // If the fieldname is very long, we stop as soon as it begins to overflow the
3511 // maximum field length. At this point we have in fact fully read out the original
3512 // value because cryptfs_setfield would not allow fields with longer names to be
3513 // written in the first place.
3514 break;
3515 }
3516 if (!persist_get_key(temp_field, temp_value)) {
3517 if (strlcat(value, temp_value, len) >= (unsigned)len) {
3518 // value too small.
3519 rc = CRYPTO_GETFIELD_ERROR_BUF_TOO_SMALL;
3520 goto out;
3521 }
3522 } else {
3523 // Exhaust all entries.
3524 break;
3525 }
3526 }
Ken Sumrall160b4d62013-04-22 12:15:39 -07003527 } else {
3528 /* Sadness, it's not there. Return the error */
Rubin Xu85c01f92014-10-13 12:49:54 +01003529 rc = CRYPTO_GETFIELD_ERROR_NO_FIELD;
Ken Sumrall160b4d62013-04-22 12:15:39 -07003530 }
3531
3532out:
3533 return rc;
3534}
3535
3536/* Set the value of the specified field. */
Rubin Xu85c01f92014-10-13 12:49:54 +01003537int cryptfs_setfield(const char *fieldname, const char *value)
Ken Sumrall160b4d62013-04-22 12:15:39 -07003538{
Paul Lawrence368d7942015-04-15 14:12:00 -07003539 if (e4crypt_crypto_complete(DATA_MNT_POINT) == 0) {
3540 return e4crypt_set_field(DATA_MNT_POINT, fieldname, value);
3541 }
3542
Ken Sumrall160b4d62013-04-22 12:15:39 -07003543 char encrypted_state[PROPERTY_VALUE_MAX];
Rubin Xu85c01f92014-10-13 12:49:54 +01003544 /* 0 is success, negative values are error */
3545 int rc = CRYPTO_SETFIELD_ERROR_OTHER;
Ken Sumrall160b4d62013-04-22 12:15:39 -07003546 int encrypted = 0;
Rubin Xu85c01f92014-10-13 12:49:54 +01003547 unsigned int field_id;
3548 char temp_field[PROPERTY_KEY_MAX];
3549 unsigned int num_entries;
3550 unsigned int max_keylen;
Ken Sumrall160b4d62013-04-22 12:15:39 -07003551
3552 if (persist_data == NULL) {
3553 load_persistent_data();
3554 if (persist_data == NULL) {
3555 SLOGE("Setfield error, cannot load persistent data");
3556 goto out;
3557 }
3558 }
3559
3560 property_get("ro.crypto.state", encrypted_state, "");
3561 if (!strcmp(encrypted_state, "encrypted") ) {
3562 encrypted = 1;
3563 }
3564
Rubin Xu85c01f92014-10-13 12:49:54 +01003565 // Compute the number of entries required to store value, each entry can store up to
3566 // (PROPERTY_VALUE_MAX - 1) chars
3567 if (strlen(value) == 0) {
3568 // Empty value also needs one entry to store.
3569 num_entries = 1;
3570 } else {
3571 num_entries = (strlen(value) + (PROPERTY_VALUE_MAX - 1) - 1) / (PROPERTY_VALUE_MAX - 1);
3572 }
3573
3574 max_keylen = strlen(fieldname);
3575 if (num_entries > 1) {
3576 // Need an extra "_%d" suffix.
3577 max_keylen += 1 + log10(num_entries);
3578 }
3579 if (max_keylen > PROPERTY_KEY_MAX - 1) {
3580 rc = CRYPTO_SETFIELD_ERROR_FIELD_TOO_LONG;
Ken Sumrall160b4d62013-04-22 12:15:39 -07003581 goto out;
3582 }
3583
Rubin Xu85c01f92014-10-13 12:49:54 +01003584 // Make sure we have enough space to write the new value
3585 if (persist_data->persist_valid_entries + num_entries - persist_count_keys(fieldname) >
3586 persist_get_max_entries(encrypted)) {
3587 rc = CRYPTO_SETFIELD_ERROR_VALUE_TOO_LONG;
3588 goto out;
3589 }
3590
3591 // Now that we know persist_data has enough space for value, let's delete the old field first
3592 // to make up space.
3593 persist_del_keys(fieldname, 0);
3594
3595 if (persist_set_key(fieldname, value, encrypted)) {
3596 // fail to set key, should not happen as we have already checked the available space
3597 SLOGE("persist_set_key() error during setfield()");
3598 goto out;
3599 }
3600
3601 for (field_id = 1; field_id < num_entries; field_id++) {
3602 snprintf(temp_field, sizeof(temp_field), "%s_%d", fieldname, field_id);
3603
3604 if (persist_set_key(temp_field, value + field_id * (PROPERTY_VALUE_MAX - 1), encrypted)) {
3605 // fail to set key, should not happen as we have already checked the available space.
3606 SLOGE("persist_set_key() error during setfield()");
3607 goto out;
3608 }
3609 }
3610
Ken Sumrall160b4d62013-04-22 12:15:39 -07003611 /* If we are running encrypted, save the persistent data now */
3612 if (encrypted) {
3613 if (save_persistent_data()) {
3614 SLOGE("Setfield error, cannot save persistent data");
3615 goto out;
3616 }
3617 }
3618
Rubin Xu85c01f92014-10-13 12:49:54 +01003619 rc = CRYPTO_SETFIELD_OK;
Ken Sumrall160b4d62013-04-22 12:15:39 -07003620
3621out:
3622 return rc;
3623}
Paul Lawrencef4faa572014-01-29 13:31:03 -08003624
3625/* Checks userdata. Attempt to mount the volume if default-
3626 * encrypted.
3627 * On success trigger next init phase and return 0.
3628 * Currently do not handle failure - see TODO below.
3629 */
3630int cryptfs_mount_default_encrypted(void)
3631{
3632 char decrypt_state[PROPERTY_VALUE_MAX];
3633 property_get("vold.decrypt", decrypt_state, "0");
3634 if (!strcmp(decrypt_state, "0")) {
3635 SLOGE("Not encrypted - should not call here");
3636 } else {
3637 int crypt_type = cryptfs_get_password_type();
3638 if (crypt_type < 0 || crypt_type > CRYPT_TYPE_MAX_TYPE) {
3639 SLOGE("Bad crypt type - error");
3640 } else if (crypt_type != CRYPT_TYPE_DEFAULT) {
3641 SLOGD("Password is not default - "
3642 "starting min framework to prompt");
3643 property_set("vold.decrypt", "trigger_restart_min_framework");
3644 return 0;
3645 } else if (cryptfs_check_passwd(DEFAULT_PASSWORD) == 0) {
3646 SLOGD("Password is default - restarting filesystem");
3647 cryptfs_restart_internal(0);
3648 return 0;
3649 } else {
3650 SLOGE("Encrypted, default crypt type but can't decrypt");
3651 }
3652 }
3653
Paul Lawrence6bfed202014-07-28 12:47:22 -07003654 /** Corrupt. Allow us to boot into framework, which will detect bad
3655 crypto when it calls do_crypto_complete, then do a factory reset
Paul Lawrencef4faa572014-01-29 13:31:03 -08003656 */
Paul Lawrence6bfed202014-07-28 12:47:22 -07003657 property_set("vold.decrypt", "trigger_restart_min_framework");
Paul Lawrencef4faa572014-01-29 13:31:03 -08003658 return 0;
3659}
3660
3661/* Returns type of the password, default, pattern, pin or password.
3662 */
3663int cryptfs_get_password_type(void)
3664{
Paul Lawrence05335c32015-03-05 09:46:23 -08003665 if (e4crypt_crypto_complete(DATA_MNT_POINT) == 0) {
3666 return e4crypt_get_password_type(DATA_MNT_POINT);
3667 }
3668
Paul Lawrencef4faa572014-01-29 13:31:03 -08003669 struct crypt_mnt_ftr crypt_ftr;
3670
3671 if (get_crypt_ftr_and_key(&crypt_ftr)) {
3672 SLOGE("Error getting crypt footer and key\n");
3673 return -1;
3674 }
3675
Paul Lawrence6bfed202014-07-28 12:47:22 -07003676 if (crypt_ftr.flags & CRYPT_INCONSISTENT_STATE) {
3677 return -1;
3678 }
3679
Paul Lawrencef4faa572014-01-29 13:31:03 -08003680 return crypt_ftr.crypt_type;
3681}
Paul Lawrence684dbdf2014-02-07 12:07:22 -08003682
Paul Lawrence05335c32015-03-05 09:46:23 -08003683const char* cryptfs_get_password()
Paul Lawrence684dbdf2014-02-07 12:07:22 -08003684{
Paul Lawrence05335c32015-03-05 09:46:23 -08003685 if (e4crypt_crypto_complete(DATA_MNT_POINT) == 0) {
3686 return e4crypt_get_password(DATA_MNT_POINT);
3687 }
3688
Paul Lawrence399317e2014-03-10 13:20:50 -07003689 struct timespec now;
Paul Lawrenceef2b5be2014-11-11 12:47:03 -08003690 clock_gettime(CLOCK_BOOTTIME, &now);
Paul Lawrence399317e2014-03-10 13:20:50 -07003691 if (now.tv_sec < password_expiry_time) {
3692 return password;
3693 } else {
3694 cryptfs_clear_password();
3695 return 0;
3696 }
3697}
3698
3699void cryptfs_clear_password()
3700{
Paul Lawrence86c942a2015-05-06 13:53:43 -07003701 if (e4crypt_crypto_complete(DATA_MNT_POINT) == 0) {
3702 e4crypt_clear_password(DATA_MNT_POINT);
3703 }
3704
Paul Lawrence399317e2014-03-10 13:20:50 -07003705 if (password) {
3706 size_t len = strlen(password);
3707 memset(password, 0, len);
3708 free(password);
3709 password = 0;
3710 password_expiry_time = 0;
3711 }
Paul Lawrence684dbdf2014-02-07 12:07:22 -08003712}
Paul Lawrence731a7a22015-04-28 22:14:15 +00003713
3714int cryptfs_enable_file()
3715{
3716 return e4crypt_enable(DATA_MNT_POINT);
3717}
3718
3719int cryptfs_create_default_ftr(struct crypt_mnt_ftr* crypt_ftr, __attribute__((unused))int key_length)
3720{
3721 if (cryptfs_init_crypt_mnt_ftr(crypt_ftr)) {
3722 SLOGE("Failed to initialize crypt_ftr");
3723 return -1;
3724 }
3725
3726 if (create_encrypted_random_key(DEFAULT_PASSWORD, crypt_ftr->master_key,
3727 crypt_ftr->salt, crypt_ftr)) {
3728 SLOGE("Cannot create encrypted master key\n");
3729 return -1;
3730 }
3731
3732 //crypt_ftr->keysize = key_length / 8;
3733 return 0;
3734}
3735
3736int cryptfs_get_master_key(struct crypt_mnt_ftr* ftr, const char* password,
3737 unsigned char* master_key)
3738{
3739 int rc;
3740
Paul Lawrence731a7a22015-04-28 22:14:15 +00003741 unsigned char* intermediate_key = 0;
3742 size_t intermediate_key_size = 0;
Paul Lawrencec78c71b2015-04-14 15:26:29 -07003743
3744 if (password == 0 || *password == 0) {
3745 password = DEFAULT_PASSWORD;
3746 }
3747
Paul Lawrence731a7a22015-04-28 22:14:15 +00003748 rc = decrypt_master_key(password, master_key, ftr, &intermediate_key,
3749 &intermediate_key_size);
3750
Paul Lawrencec78c71b2015-04-14 15:26:29 -07003751 int N = 1 << ftr->N_factor;
3752 int r = 1 << ftr->r_factor;
3753 int p = 1 << ftr->p_factor;
3754
3755 unsigned char scrypted_intermediate_key[sizeof(ftr->scrypted_intermediate_key)];
3756
3757 rc = crypto_scrypt(intermediate_key, intermediate_key_size,
3758 ftr->salt, sizeof(ftr->salt), N, r, p,
3759 scrypted_intermediate_key,
3760 sizeof(scrypted_intermediate_key));
3761
3762 free(intermediate_key);
3763
3764 if (rc) {
3765 SLOGE("Can't calculate intermediate key");
3766 return rc;
3767 }
3768
3769 return memcmp(scrypted_intermediate_key, ftr->scrypted_intermediate_key,
3770 intermediate_key_size);
Paul Lawrence731a7a22015-04-28 22:14:15 +00003771}
3772
3773int cryptfs_set_password(struct crypt_mnt_ftr* ftr, const char* password,
3774 const unsigned char* master_key)
3775{
3776 return encrypt_master_key(password, ftr->salt, master_key, ftr->master_key,
3777 ftr);
3778}