blob: e2606ecd345ea6feca72cca830663c27be16ae32 [file] [log] [blame]
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001/*
2 * Copyright (C) 2010 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17/* TO DO:
18 * 1. Perhaps keep several copies of the encrypted key, in case something
19 * goes horribly wrong?
20 *
21 */
22
23#include <sys/types.h>
Ken Sumralle550f782013-08-20 13:48:23 -070024#include <sys/wait.h>
Ken Sumrall8f869aa2010-12-03 03:47:09 -080025#include <sys/stat.h>
Paul Lawrencef4faa572014-01-29 13:31:03 -080026#include <ctype.h>
Ken Sumrall8f869aa2010-12-03 03:47:09 -080027#include <fcntl.h>
Elliott Hughes73737162014-06-25 17:27:42 -070028#include <inttypes.h>
Ken Sumrall8f869aa2010-12-03 03:47:09 -080029#include <unistd.h>
30#include <stdio.h>
31#include <sys/ioctl.h>
32#include <linux/dm-ioctl.h>
33#include <libgen.h>
34#include <stdlib.h>
35#include <sys/param.h>
36#include <string.h>
37#include <sys/mount.h>
38#include <openssl/evp.h>
Adam Langley41405bb2015-01-22 16:45:28 -080039#include <openssl/sha.h>
Ken Sumrall8f869aa2010-12-03 03:47:09 -080040#include <errno.h>
Tao Bao5a95ddb2016-10-05 18:01:19 -070041#include <ext4_utils/ext4.h>
42#include <ext4_utils/ext4_utils.h>
Ken Sumrall29d8da82011-05-18 17:20:07 -070043#include <linux/kdev_t.h>
Ken Sumralle5032c42012-04-01 23:58:44 -070044#include <fs_mgr.h>
Paul Lawrence9c58a872014-09-30 09:12:51 -070045#include <time.h>
Rubin Xu85c01f92014-10-13 12:49:54 +010046#include <math.h>
Jeff Vander Stoepdf725752016-01-29 15:34:43 -080047#include <selinux/selinux.h>
Ken Sumrall8f869aa2010-12-03 03:47:09 -080048#include "cryptfs.h"
Jeff Vander Stoepdf725752016-01-29 15:34:43 -080049#include "secontext.h"
Ken Sumrall8f869aa2010-12-03 03:47:09 -080050#define LOG_TAG "Cryptfs"
51#include "cutils/log.h"
52#include "cutils/properties.h"
Ken Sumralladfba362013-06-04 16:37:52 -070053#include "cutils/android_reboot.h"
Ken Sumrall5d4c68e2011-01-30 19:06:03 -080054#include "hardware_legacy/power.h"
Ken Sumralle550f782013-08-20 13:48:23 -070055#include <logwrap/logwrap.h>
Paul Crowley63c18d32016-02-10 14:02:47 +000056#include "ScryptParameters.h"
Ken Sumrall29d8da82011-05-18 17:20:07 -070057#include "VolumeManager.h"
Ken Sumrall9caab762013-06-11 19:10:20 -070058#include "VoldUtil.h"
Kenny Rootc4c70f12013-06-14 12:11:38 -070059#include "crypto_scrypt.h"
Paul Lawrence731a7a22015-04-28 22:14:15 +000060#include "Ext4Crypt.h"
Daniel Rosenberge82df162014-08-15 22:19:23 +000061#include "f2fs_sparseblock.h"
Paul Lawrence87999172014-02-20 12:21:31 -080062#include "CheckBattery.h"
jessica_yu3f14fe42014-09-22 15:57:40 +080063#include "Process.h"
Ken Sumrall8f869aa2010-12-03 03:47:09 -080064
Yabin Cui1fb59662016-06-24 14:48:49 -070065#include <bootloader_message/bootloader_message.h>
Alex Klyubincfc52022017-02-06 10:11:22 -080066#include <hardware/keymaster0.h>
67#include <hardware/keymaster1.h>
68
69#define UNUSED __attribute__((unused))
Mark Salyzyn3e971272014-01-21 13:27:04 -080070
Mark Salyzyn5eecc442014-02-12 14:16:14 -080071#define UNUSED __attribute__((unused))
72
Ajay Dudani87701e22014-09-17 21:02:52 -070073#ifdef CONFIG_HW_DISK_ENCRYPTION
74#include "cryptfs_hw.h"
75#endif
76
Ken Sumrall8f869aa2010-12-03 03:47:09 -080077#define DM_CRYPT_BUF_SIZE 4096
78
Jason parks70a4b3f2011-01-28 10:10:47 -060079#define HASH_COUNT 2000
80#define KEY_LEN_BYTES 16
81#define IV_LEN_BYTES 16
82
Ken Sumrall29d8da82011-05-18 17:20:07 -070083#define KEY_IN_FOOTER "footer"
84
Paul Lawrence3bd36d52015-06-09 13:37:44 -070085#define DEFAULT_PASSWORD "default_password"
Paul Lawrencef4faa572014-01-29 13:31:03 -080086
Paul Lawrence3d99eba2015-11-20 07:07:19 -080087#define CRYPTO_BLOCK_DEVICE "userdata"
88
89#define BREADCRUMB_FILE "/data/misc/vold/convert_fde"
90
Ken Sumrall29d8da82011-05-18 17:20:07 -070091#define EXT4_FS 1
JP Abgrall62c7af32014-06-16 13:01:23 -070092#define F2FS_FS 2
Ken Sumrall29d8da82011-05-18 17:20:07 -070093
Ken Sumralle919efe2012-09-29 17:07:41 -070094#define TABLE_LOAD_RETRIES 10
95
Shawn Willden47ba10d2014-09-03 17:07:06 -060096#define RSA_KEY_SIZE 2048
97#define RSA_KEY_SIZE_BYTES (RSA_KEY_SIZE / 8)
98#define RSA_EXPONENT 0x10001
Shawn Willdenda6e8992015-06-03 09:40:45 -060099#define KEYMASTER_CRYPTFS_RATE_LIMIT 1 // Maximum one try per second
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700100
Paul Lawrence8e3f4512014-09-08 10:11:17 -0700101#define RETRY_MOUNT_ATTEMPTS 10
102#define RETRY_MOUNT_DELAY_SECONDS 1
103
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800104char *me = "cryptfs";
105
Jason parks70a4b3f2011-01-28 10:10:47 -0600106static unsigned char saved_master_key[KEY_LEN_BYTES];
Ken Sumrall3ad90722011-10-04 20:38:29 -0700107static char *saved_mount_point;
Jason parks70a4b3f2011-01-28 10:10:47 -0600108static int master_key_saved = 0;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700109static struct crypt_persist_data *persist_data = NULL;
Ken Sumrall56ad03c2013-02-13 13:00:19 -0800110
Alex Klyubincfc52022017-02-06 10:11:22 -0800111static int keymaster_init(keymaster0_device_t **keymaster0_dev,
112 keymaster1_device_t **keymaster1_dev)
113{
114 int rc;
115
116 const hw_module_t* mod;
117 rc = hw_get_module_by_class(KEYSTORE_HARDWARE_MODULE_ID, NULL, &mod);
118 if (rc) {
119 ALOGE("could not find any keystore module");
120 goto err;
121 }
122
123 SLOGI("keymaster module name is %s", mod->name);
124 SLOGI("keymaster version is %d", mod->module_api_version);
125
126 *keymaster0_dev = NULL;
127 *keymaster1_dev = NULL;
128 if (mod->module_api_version == KEYMASTER_MODULE_API_VERSION_1_0) {
129 SLOGI("Found keymaster1 module, using keymaster1 API.");
130 rc = keymaster1_open(mod, keymaster1_dev);
131 } else {
132 SLOGI("Found keymaster0 module, using keymaster0 API.");
133 rc = keymaster0_open(mod, keymaster0_dev);
134 }
135
136 if (rc) {
137 ALOGE("could not open keymaster device in %s (%s)",
138 KEYSTORE_HARDWARE_MODULE_ID, strerror(-rc));
139 goto err;
140 }
141
142 return 0;
143
144err:
145 *keymaster0_dev = NULL;
146 *keymaster1_dev = NULL;
147 return rc;
148}
149
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700150/* Should we use keymaster? */
151static int keymaster_check_compatibility()
152{
Alex Klyubincfc52022017-02-06 10:11:22 -0800153 keymaster0_device_t *keymaster0_dev = 0;
154 keymaster1_device_t *keymaster1_dev = 0;
155 int rc = 0;
156
157 if (keymaster_init(&keymaster0_dev, &keymaster1_dev)) {
158 SLOGE("Failed to init keymaster");
159 rc = -1;
160 goto out;
161 }
162
163 if (keymaster1_dev) {
164 rc = 1;
165 goto out;
166 }
167
168 if (!keymaster0_dev || !keymaster0_dev->common.module) {
169 rc = -1;
170 goto out;
171 }
172
173 // TODO(swillden): Check to see if there's any reason to require v0.3. I think v0.1 and v0.2
174 // should work.
175 if (keymaster0_dev->common.module->module_api_version
176 < KEYMASTER_MODULE_API_VERSION_0_3) {
177 rc = 0;
178 goto out;
179 }
180
181 if (!(keymaster0_dev->flags & KEYMASTER_SOFTWARE_ONLY) &&
182 (keymaster0_dev->flags & KEYMASTER_BLOBS_ARE_STANDALONE)) {
183 rc = 1;
184 }
185
186out:
187 if (keymaster1_dev) {
188 keymaster1_close(keymaster1_dev);
189 }
190 if (keymaster0_dev) {
191 keymaster0_close(keymaster0_dev);
192 }
193 return rc;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700194}
195
196/* Create a new keymaster key and store it in this footer */
197static int keymaster_create_key(struct crypt_mnt_ftr *ftr)
198{
Alex Klyubincfc52022017-02-06 10:11:22 -0800199 uint8_t* key = 0;
200 keymaster0_device_t *keymaster0_dev = 0;
201 keymaster1_device_t *keymaster1_dev = 0;
202
Paul Lawrence3d99eba2015-11-20 07:07:19 -0800203 if (ftr->keymaster_blob_size) {
204 SLOGI("Already have key");
205 return 0;
206 }
207
Alex Klyubincfc52022017-02-06 10:11:22 -0800208 if (keymaster_init(&keymaster0_dev, &keymaster1_dev)) {
209 SLOGE("Failed to init keymaster");
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700210 return -1;
211 }
Alex Klyubincfc52022017-02-06 10:11:22 -0800212
213 int rc = 0;
214 size_t key_size = 0;
215 if (keymaster1_dev) {
216 keymaster_key_param_t params[] = {
217 /* Algorithm & size specifications. Stick with RSA for now. Switch to AES later. */
218 keymaster_param_enum(KM_TAG_ALGORITHM, KM_ALGORITHM_RSA),
219 keymaster_param_int(KM_TAG_KEY_SIZE, RSA_KEY_SIZE),
220 keymaster_param_long(KM_TAG_RSA_PUBLIC_EXPONENT, RSA_EXPONENT),
221
222 /* The only allowed purpose for this key is signing. */
223 keymaster_param_enum(KM_TAG_PURPOSE, KM_PURPOSE_SIGN),
224
225 /* Padding & digest specifications. */
226 keymaster_param_enum(KM_TAG_PADDING, KM_PAD_NONE),
227 keymaster_param_enum(KM_TAG_DIGEST, KM_DIGEST_NONE),
228
229 /* Require that the key be usable in standalone mode. File system isn't available. */
230 keymaster_param_enum(KM_TAG_BLOB_USAGE_REQUIREMENTS, KM_BLOB_STANDALONE),
231
232 /* No auth requirements, because cryptfs is not yet integrated with gatekeeper. */
233 keymaster_param_bool(KM_TAG_NO_AUTH_REQUIRED),
234
235 /* Rate-limit key usage attempts, to rate-limit brute force */
236 keymaster_param_int(KM_TAG_MIN_SECONDS_BETWEEN_OPS, KEYMASTER_CRYPTFS_RATE_LIMIT),
237 };
238 keymaster_key_param_set_t param_set = { params, sizeof(params)/sizeof(*params) };
239 keymaster_key_blob_t key_blob;
240 keymaster_error_t error = keymaster1_dev->generate_key(keymaster1_dev, &param_set,
241 &key_blob,
242 NULL /* characteristics */);
243 if (error != KM_ERROR_OK) {
244 SLOGE("Failed to generate keymaster1 key, error %d", error);
245 rc = -1;
246 goto out;
247 }
248
249 key = (uint8_t*)key_blob.key_material;
250 key_size = key_blob.key_material_size;
251 }
252 else if (keymaster0_dev) {
253 keymaster_rsa_keygen_params_t params;
254 memset(&params, '\0', sizeof(params));
255 params.public_exponent = RSA_EXPONENT;
256 params.modulus_size = RSA_KEY_SIZE;
257
258 if (keymaster0_dev->generate_keypair(keymaster0_dev, TYPE_RSA, &params,
259 &key, &key_size)) {
260 SLOGE("Failed to generate keypair");
261 rc = -1;
262 goto out;
263 }
264 } else {
265 SLOGE("Cryptfs bug: keymaster_init succeeded but didn't initialize a device");
266 rc = -1;
267 goto out;
268 }
269
270 if (key_size > KEYMASTER_BLOB_SIZE) {
271 SLOGE("Keymaster key too large for crypto footer");
272 rc = -1;
273 goto out;
274 }
275
276 memcpy(ftr->keymaster_blob, key, key_size);
277 ftr->keymaster_blob_size = key_size;
278
279out:
280 if (keymaster0_dev)
281 keymaster0_close(keymaster0_dev);
282 if (keymaster1_dev)
283 keymaster1_close(keymaster1_dev);
284 free(key);
285 return rc;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700286}
287
Shawn Willdene17a9c42014-09-08 13:04:08 -0600288/* This signs the given object using the keymaster key. */
289static int keymaster_sign_object(struct crypt_mnt_ftr *ftr,
Shawn Willden47ba10d2014-09-03 17:07:06 -0600290 const unsigned char *object,
291 const size_t object_size,
292 unsigned char **signature,
293 size_t *signature_size)
294{
Alex Klyubincfc52022017-02-06 10:11:22 -0800295 int rc = 0;
296 keymaster0_device_t *keymaster0_dev = 0;
297 keymaster1_device_t *keymaster1_dev = 0;
298 if (keymaster_init(&keymaster0_dev, &keymaster1_dev)) {
299 SLOGE("Failed to init keymaster");
300 rc = -1;
301 goto out;
302 }
303
Shawn Willden47ba10d2014-09-03 17:07:06 -0600304 unsigned char to_sign[RSA_KEY_SIZE_BYTES];
Shawn Willdene17a9c42014-09-08 13:04:08 -0600305 size_t to_sign_size = sizeof(to_sign);
Shawn Willden47ba10d2014-09-03 17:07:06 -0600306 memset(to_sign, 0, RSA_KEY_SIZE_BYTES);
Shawn Willden47ba10d2014-09-03 17:07:06 -0600307
Shawn Willdene17a9c42014-09-08 13:04:08 -0600308 // To sign a message with RSA, the message must satisfy two
309 // constraints:
310 //
311 // 1. The message, when interpreted as a big-endian numeric value, must
312 // be strictly less than the public modulus of the RSA key. Note
313 // that because the most significant bit of the public modulus is
314 // guaranteed to be 1 (else it's an (n-1)-bit key, not an n-bit
315 // key), an n-bit message with most significant bit 0 always
316 // satisfies this requirement.
317 //
318 // 2. The message must have the same length in bits as the public
319 // modulus of the RSA key. This requirement isn't mathematically
320 // necessary, but is necessary to ensure consistency in
321 // implementations.
322 switch (ftr->kdf_type) {
Shawn Willdene17a9c42014-09-08 13:04:08 -0600323 case KDF_SCRYPT_KEYMASTER:
324 // This ensures the most significant byte of the signed message
325 // is zero. We could have zero-padded to the left instead, but
326 // this approach is slightly more robust against changes in
327 // object size. However, it's still broken (but not unusably
Shawn Willdenda6e8992015-06-03 09:40:45 -0600328 // so) because we really should be using a proper deterministic
329 // RSA padding function, such as PKCS1.
Shawn Willdene17a9c42014-09-08 13:04:08 -0600330 memcpy(to_sign + 1, object, min(RSA_KEY_SIZE_BYTES - 1, object_size));
331 SLOGI("Signing safely-padded object");
332 break;
333 default:
334 SLOGE("Unknown KDF type %d", ftr->kdf_type);
Alex Klyubincfc52022017-02-06 10:11:22 -0800335 rc = -1;
336 goto out;
Shawn Willdene17a9c42014-09-08 13:04:08 -0600337 }
Alex Klyubincfc52022017-02-06 10:11:22 -0800338
339 if (keymaster0_dev) {
340 keymaster_rsa_sign_params_t params;
341 params.digest_type = DIGEST_NONE;
342 params.padding_type = PADDING_NONE;
343
344 rc = keymaster0_dev->sign_data(keymaster0_dev,
345 &params,
346 ftr->keymaster_blob,
347 ftr->keymaster_blob_size,
348 to_sign,
349 to_sign_size,
350 signature,
351 signature_size);
352 goto out;
353 } else if (keymaster1_dev) {
354 keymaster_key_blob_t key = { ftr->keymaster_blob, ftr->keymaster_blob_size };
355 keymaster_key_param_t params[] = {
356 keymaster_param_enum(KM_TAG_PADDING, KM_PAD_NONE),
357 keymaster_param_enum(KM_TAG_DIGEST, KM_DIGEST_NONE),
358 };
359 keymaster_key_param_set_t param_set = { params, sizeof(params)/sizeof(*params) };
360 keymaster_operation_handle_t op_handle;
361 keymaster_error_t error = keymaster1_dev->begin(keymaster1_dev, KM_PURPOSE_SIGN, &key,
362 &param_set, NULL /* out_params */,
363 &op_handle);
364 if (error == KM_ERROR_KEY_RATE_LIMIT_EXCEEDED) {
365 // Key usage has been rate-limited. Wait a bit and try again.
366 sleep(KEYMASTER_CRYPTFS_RATE_LIMIT);
367 error = keymaster1_dev->begin(keymaster1_dev, KM_PURPOSE_SIGN, &key,
368 &param_set, NULL /* out_params */,
369 &op_handle);
370 }
371 if (error != KM_ERROR_OK) {
372 SLOGE("Error starting keymaster signature transaction: %d", error);
373 rc = -1;
374 goto out;
375 }
376
377 keymaster_blob_t input = { to_sign, to_sign_size };
378 size_t input_consumed;
379 error = keymaster1_dev->update(keymaster1_dev, op_handle, NULL /* in_params */,
380 &input, &input_consumed, NULL /* out_params */,
381 NULL /* output */);
382 if (error != KM_ERROR_OK) {
383 SLOGE("Error sending data to keymaster signature transaction: %d", error);
384 rc = -1;
385 goto out;
386 }
387 if (input_consumed != to_sign_size) {
388 // This should never happen. If it does, it's a bug in the keymaster implementation.
389 SLOGE("Keymaster update() did not consume all data.");
390 keymaster1_dev->abort(keymaster1_dev, op_handle);
391 rc = -1;
392 goto out;
393 }
394
395 keymaster_blob_t tmp_sig;
396 error = keymaster1_dev->finish(keymaster1_dev, op_handle, NULL /* in_params */,
397 NULL /* verify signature */, NULL /* out_params */,
398 &tmp_sig);
399 if (error != KM_ERROR_OK) {
400 SLOGE("Error finishing keymaster signature transaction: %d", error);
401 rc = -1;
402 goto out;
403 }
404
405 *signature = (uint8_t*)tmp_sig.data;
406 *signature_size = tmp_sig.data_length;
407 } else {
408 SLOGE("Cryptfs bug: keymaster_init succeded but didn't initialize a device.");
409 rc = -1;
410 goto out;
411 }
412
413 out:
414 if (keymaster1_dev)
415 keymaster1_close(keymaster1_dev);
416 if (keymaster0_dev)
417 keymaster0_close(keymaster0_dev);
418
419 return rc;
Shawn Willden47ba10d2014-09-03 17:07:06 -0600420}
421
Paul Lawrence399317e2014-03-10 13:20:50 -0700422/* Store password when userdata is successfully decrypted and mounted.
423 * Cleared by cryptfs_clear_password
424 *
425 * To avoid a double prompt at boot, we need to store the CryptKeeper
426 * password and pass it to KeyGuard, which uses it to unlock KeyStore.
427 * Since the entire framework is torn down and rebuilt after encryption,
428 * we have to use a daemon or similar to store the password. Since vold
429 * is secured against IPC except from system processes, it seems a reasonable
430 * place to store this.
431 *
432 * password should be cleared once it has been used.
433 *
434 * password is aged out after password_max_age_seconds seconds.
Paul Lawrence684dbdf2014-02-07 12:07:22 -0800435 */
Paul Lawrence399317e2014-03-10 13:20:50 -0700436static char* password = 0;
437static int password_expiry_time = 0;
438static const int password_max_age_seconds = 60;
Paul Lawrence684dbdf2014-02-07 12:07:22 -0800439
Ken Sumrall56ad03c2013-02-13 13:00:19 -0800440extern struct fstab *fstab;
Ken Sumrall8ddbe402011-01-17 15:26:29 -0800441
Paul Lawrence87999172014-02-20 12:21:31 -0800442enum RebootType {reboot, recovery, shutdown};
443static void cryptfs_reboot(enum RebootType rt)
Ken Sumralladfba362013-06-04 16:37:52 -0700444{
Paul Lawrence87999172014-02-20 12:21:31 -0800445 switch(rt) {
446 case reboot:
447 property_set(ANDROID_RB_PROPERTY, "reboot");
448 break;
449
450 case recovery:
451 property_set(ANDROID_RB_PROPERTY, "reboot,recovery");
452 break;
453
454 case shutdown:
455 property_set(ANDROID_RB_PROPERTY, "shutdown");
456 break;
Ken Sumralladfba362013-06-04 16:37:52 -0700457 }
Paul Lawrence87999172014-02-20 12:21:31 -0800458
Ken Sumralladfba362013-06-04 16:37:52 -0700459 sleep(20);
460
461 /* Shouldn't get here, reboot should happen before sleep times out */
462 return;
463}
464
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800465static void ioctl_init(struct dm_ioctl *io, size_t dataSize, const char *name, unsigned flags)
466{
467 memset(io, 0, dataSize);
468 io->data_size = dataSize;
469 io->data_start = sizeof(struct dm_ioctl);
470 io->version[0] = 4;
471 io->version[1] = 0;
472 io->version[2] = 0;
473 io->flags = flags;
474 if (name) {
Marek Pola5e6b9142015-02-05 14:22:34 +0100475 strlcpy(io->name, name, sizeof(io->name));
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800476 }
477}
478
Kenny Rootc4c70f12013-06-14 12:11:38 -0700479/**
480 * Gets the default device scrypt parameters for key derivation time tuning.
481 * The parameters should lead to about one second derivation time for the
482 * given device.
483 */
484static void get_device_scrypt_params(struct crypt_mnt_ftr *ftr) {
Kenny Rootc4c70f12013-06-14 12:11:38 -0700485 char paramstr[PROPERTY_VALUE_MAX];
Paul Crowley63c18d32016-02-10 14:02:47 +0000486 int Nf, rf, pf;
Kenny Rootc4c70f12013-06-14 12:11:38 -0700487
Paul Crowley63c18d32016-02-10 14:02:47 +0000488 property_get(SCRYPT_PROP, paramstr, SCRYPT_DEFAULTS);
489 if (!parse_scrypt_parameters(paramstr, &Nf, &rf, &pf)) {
490 SLOGW("bad scrypt parameters '%s' should be like '12:8:1'; using defaults", paramstr);
491 parse_scrypt_parameters(SCRYPT_DEFAULTS, &Nf, &rf, &pf);
Kenny Rootc4c70f12013-06-14 12:11:38 -0700492 }
Paul Crowley63c18d32016-02-10 14:02:47 +0000493 ftr->N_factor = Nf;
494 ftr->r_factor = rf;
495 ftr->p_factor = pf;
Kenny Rootc4c70f12013-06-14 12:11:38 -0700496}
497
Ken Sumrall3ed82362011-01-28 23:31:16 -0800498static unsigned int get_fs_size(char *dev)
499{
500 int fd, block_size;
501 struct ext4_super_block sb;
502 off64_t len;
503
Jeff Sharkeyce6a9132015-04-08 21:07:21 -0700504 if ((fd = open(dev, O_RDONLY|O_CLOEXEC)) < 0) {
Ken Sumrall3ed82362011-01-28 23:31:16 -0800505 SLOGE("Cannot open device to get filesystem size ");
506 return 0;
507 }
508
509 if (lseek64(fd, 1024, SEEK_SET) < 0) {
510 SLOGE("Cannot seek to superblock");
511 return 0;
512 }
513
514 if (read(fd, &sb, sizeof(sb)) != sizeof(sb)) {
515 SLOGE("Cannot read superblock");
516 return 0;
517 }
518
519 close(fd);
520
Daniel Rosenberge82df162014-08-15 22:19:23 +0000521 if (le32_to_cpu(sb.s_magic) != EXT4_SUPER_MAGIC) {
522 SLOGE("Not a valid ext4 superblock");
523 return 0;
524 }
Ken Sumrall3ed82362011-01-28 23:31:16 -0800525 block_size = 1024 << sb.s_log_block_size;
526 /* compute length in bytes */
527 len = ( ((off64_t)sb.s_blocks_count_hi << 32) + sb.s_blocks_count_lo) * block_size;
528
529 /* return length in sectors */
530 return (unsigned int) (len / 512);
531}
532
Ken Sumrall160b4d62013-04-22 12:15:39 -0700533static int get_crypt_ftr_info(char **metadata_fname, off64_t *off)
534{
535 static int cached_data = 0;
536 static off64_t cached_off = 0;
537 static char cached_metadata_fname[PROPERTY_VALUE_MAX] = "";
538 int fd;
539 char key_loc[PROPERTY_VALUE_MAX];
540 char real_blkdev[PROPERTY_VALUE_MAX];
Ken Sumrall160b4d62013-04-22 12:15:39 -0700541 int rc = -1;
542
543 if (!cached_data) {
544 fs_mgr_get_crypt_info(fstab, key_loc, real_blkdev, sizeof(key_loc));
545
546 if (!strcmp(key_loc, KEY_IN_FOOTER)) {
Jeff Sharkeyce6a9132015-04-08 21:07:21 -0700547 if ( (fd = open(real_blkdev, O_RDWR|O_CLOEXEC)) < 0) {
Ken Sumrall160b4d62013-04-22 12:15:39 -0700548 SLOGE("Cannot open real block device %s\n", real_blkdev);
549 return -1;
550 }
551
Hiroaki Miyazawa14eab552015-02-04 13:29:15 +0900552 unsigned long nr_sec = 0;
553 get_blkdev_size(fd, &nr_sec);
554 if (nr_sec != 0) {
Ken Sumrall160b4d62013-04-22 12:15:39 -0700555 /* If it's an encrypted Android partition, the last 16 Kbytes contain the
556 * encryption info footer and key, and plenty of bytes to spare for future
557 * growth.
558 */
559 strlcpy(cached_metadata_fname, real_blkdev, sizeof(cached_metadata_fname));
560 cached_off = ((off64_t)nr_sec * 512) - CRYPT_FOOTER_OFFSET;
561 cached_data = 1;
562 } else {
563 SLOGE("Cannot get size of block device %s\n", real_blkdev);
564 }
565 close(fd);
566 } else {
567 strlcpy(cached_metadata_fname, key_loc, sizeof(cached_metadata_fname));
568 cached_off = 0;
569 cached_data = 1;
570 }
571 }
572
573 if (cached_data) {
574 if (metadata_fname) {
575 *metadata_fname = cached_metadata_fname;
576 }
577 if (off) {
578 *off = cached_off;
579 }
580 rc = 0;
581 }
582
583 return rc;
584}
585
Paul Lawrence3d99eba2015-11-20 07:07:19 -0800586/* Set sha256 checksum in structure */
587static void set_ftr_sha(struct crypt_mnt_ftr *crypt_ftr)
588{
589 SHA256_CTX c;
590 SHA256_Init(&c);
591 memset(crypt_ftr->sha256, 0, sizeof(crypt_ftr->sha256));
592 SHA256_Update(&c, crypt_ftr, sizeof(*crypt_ftr));
593 SHA256_Final(crypt_ftr->sha256, &c);
594}
595
Ken Sumralle8744072011-01-18 22:01:55 -0800596/* key or salt can be NULL, in which case just skip writing that value. Useful to
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800597 * update the failed mount count but not change the key.
598 */
Ken Sumrall160b4d62013-04-22 12:15:39 -0700599static int put_crypt_ftr_and_key(struct crypt_mnt_ftr *crypt_ftr)
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800600{
601 int fd;
Tim Murray8439dc92014-12-15 11:56:11 -0800602 unsigned int cnt;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700603 /* starting_off is set to the SEEK_SET offset
604 * where the crypto structure starts
605 */
606 off64_t starting_off;
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800607 int rc = -1;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700608 char *fname = NULL;
Ken Sumrall3be890f2011-09-14 16:53:46 -0700609 struct stat statbuf;
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800610
Paul Lawrence3d99eba2015-11-20 07:07:19 -0800611 set_ftr_sha(crypt_ftr);
612
Ken Sumrall160b4d62013-04-22 12:15:39 -0700613 if (get_crypt_ftr_info(&fname, &starting_off)) {
614 SLOGE("Unable to get crypt_ftr_info\n");
615 return -1;
616 }
617 if (fname[0] != '/') {
Ken Sumralle5032c42012-04-01 23:58:44 -0700618 SLOGE("Unexpected value for crypto key location\n");
Ken Sumrall160b4d62013-04-22 12:15:39 -0700619 return -1;
620 }
Jeff Sharkeyce6a9132015-04-08 21:07:21 -0700621 if ( (fd = open(fname, O_RDWR | O_CREAT|O_CLOEXEC, 0600)) < 0) {
Ken Sumralle550f782013-08-20 13:48:23 -0700622 SLOGE("Cannot open footer file %s for put\n", fname);
Ken Sumrall160b4d62013-04-22 12:15:39 -0700623 return -1;
624 }
625
626 /* Seek to the start of the crypt footer */
627 if (lseek64(fd, starting_off, SEEK_SET) == -1) {
628 SLOGE("Cannot seek to real block device footer\n");
629 goto errout;
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800630 }
631
632 if ((cnt = write(fd, crypt_ftr, sizeof(struct crypt_mnt_ftr))) != sizeof(struct crypt_mnt_ftr)) {
633 SLOGE("Cannot write real block device footer\n");
634 goto errout;
635 }
636
Ken Sumrall3be890f2011-09-14 16:53:46 -0700637 fstat(fd, &statbuf);
638 /* If the keys are kept on a raw block device, do not try to truncate it. */
Ken Sumralle550f782013-08-20 13:48:23 -0700639 if (S_ISREG(statbuf.st_mode)) {
Ken Sumrall29d8da82011-05-18 17:20:07 -0700640 if (ftruncate(fd, 0x4000)) {
Colin Cross59846b62014-02-06 20:34:29 -0800641 SLOGE("Cannot set footer file size\n");
Ken Sumralle8744072011-01-18 22:01:55 -0800642 goto errout;
643 }
644 }
645
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800646 /* Success! */
647 rc = 0;
648
649errout:
650 close(fd);
651 return rc;
652
653}
654
Paul Lawrence3d99eba2015-11-20 07:07:19 -0800655static bool check_ftr_sha(const struct crypt_mnt_ftr *crypt_ftr)
656{
657 struct crypt_mnt_ftr copy;
658 memcpy(&copy, crypt_ftr, sizeof(copy));
659 set_ftr_sha(&copy);
660 return memcmp(copy.sha256, crypt_ftr->sha256, sizeof(copy.sha256)) == 0;
661}
662
Ken Sumrall160b4d62013-04-22 12:15:39 -0700663static inline int unix_read(int fd, void* buff, int len)
664{
665 return TEMP_FAILURE_RETRY(read(fd, buff, len));
666}
667
668static inline int unix_write(int fd, const void* buff, int len)
669{
670 return TEMP_FAILURE_RETRY(write(fd, buff, len));
671}
672
673static void init_empty_persist_data(struct crypt_persist_data *pdata, int len)
674{
675 memset(pdata, 0, len);
676 pdata->persist_magic = PERSIST_DATA_MAGIC;
677 pdata->persist_valid_entries = 0;
678}
679
680/* A routine to update the passed in crypt_ftr to the lastest version.
681 * fd is open read/write on the device that holds the crypto footer and persistent
682 * data, crypt_ftr is a pointer to the struct to be updated, and offset is the
683 * absolute offset to the start of the crypt_mnt_ftr on the passed in fd.
684 */
685static void upgrade_crypt_ftr(int fd, struct crypt_mnt_ftr *crypt_ftr, off64_t offset)
686{
Kenny Root7434b312013-06-14 11:29:53 -0700687 int orig_major = crypt_ftr->major_version;
688 int orig_minor = crypt_ftr->minor_version;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700689
Kenny Root7434b312013-06-14 11:29:53 -0700690 if ((crypt_ftr->major_version == 1) && (crypt_ftr->minor_version == 0)) {
691 struct crypt_persist_data *pdata;
692 off64_t pdata_offset = offset + CRYPT_FOOTER_TO_PERSIST_OFFSET;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700693
Kenny Rootc4c70f12013-06-14 12:11:38 -0700694 SLOGW("upgrading crypto footer to 1.1");
695
Kenny Root7434b312013-06-14 11:29:53 -0700696 pdata = malloc(CRYPT_PERSIST_DATA_SIZE);
697 if (pdata == NULL) {
698 SLOGE("Cannot allocate persisent data\n");
699 return;
700 }
701 memset(pdata, 0, CRYPT_PERSIST_DATA_SIZE);
702
703 /* Need to initialize the persistent data area */
704 if (lseek64(fd, pdata_offset, SEEK_SET) == -1) {
705 SLOGE("Cannot seek to persisent data offset\n");
Henrik Baard91064632015-02-05 15:09:17 +0100706 free(pdata);
Kenny Root7434b312013-06-14 11:29:53 -0700707 return;
708 }
709 /* Write all zeros to the first copy, making it invalid */
710 unix_write(fd, pdata, CRYPT_PERSIST_DATA_SIZE);
711
712 /* Write a valid but empty structure to the second copy */
713 init_empty_persist_data(pdata, CRYPT_PERSIST_DATA_SIZE);
714 unix_write(fd, pdata, CRYPT_PERSIST_DATA_SIZE);
715
716 /* Update the footer */
717 crypt_ftr->persist_data_size = CRYPT_PERSIST_DATA_SIZE;
718 crypt_ftr->persist_data_offset[0] = pdata_offset;
719 crypt_ftr->persist_data_offset[1] = pdata_offset + CRYPT_PERSIST_DATA_SIZE;
720 crypt_ftr->minor_version = 1;
Henrik Baard91064632015-02-05 15:09:17 +0100721 free(pdata);
Ken Sumrall160b4d62013-04-22 12:15:39 -0700722 }
723
Paul Lawrencef4faa572014-01-29 13:31:03 -0800724 if ((crypt_ftr->major_version == 1) && (crypt_ftr->minor_version == 1)) {
Kenny Rootc4c70f12013-06-14 12:11:38 -0700725 SLOGW("upgrading crypto footer to 1.2");
JP Abgrall7bdfa522013-11-15 13:42:56 -0800726 /* But keep the old kdf_type.
727 * It will get updated later to KDF_SCRYPT after the password has been verified.
728 */
Kenny Rootc4c70f12013-06-14 12:11:38 -0700729 crypt_ftr->kdf_type = KDF_PBKDF2;
730 get_device_scrypt_params(crypt_ftr);
731 crypt_ftr->minor_version = 2;
732 }
733
Paul Lawrencef4faa572014-01-29 13:31:03 -0800734 if ((crypt_ftr->major_version == 1) && (crypt_ftr->minor_version == 2)) {
735 SLOGW("upgrading crypto footer to 1.3");
736 crypt_ftr->crypt_type = CRYPT_TYPE_PASSWORD;
737 crypt_ftr->minor_version = 3;
738 }
739
Kenny Root7434b312013-06-14 11:29:53 -0700740 if ((orig_major != crypt_ftr->major_version) || (orig_minor != crypt_ftr->minor_version)) {
741 if (lseek64(fd, offset, SEEK_SET) == -1) {
742 SLOGE("Cannot seek to crypt footer\n");
743 return;
744 }
745 unix_write(fd, crypt_ftr, sizeof(struct crypt_mnt_ftr));
Ken Sumrall160b4d62013-04-22 12:15:39 -0700746 }
Ken Sumrall160b4d62013-04-22 12:15:39 -0700747}
748
749
750static int get_crypt_ftr_and_key(struct crypt_mnt_ftr *crypt_ftr)
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800751{
752 int fd;
Tim Murray8439dc92014-12-15 11:56:11 -0800753 unsigned int cnt;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700754 off64_t starting_off;
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800755 int rc = -1;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700756 char *fname = NULL;
Ken Sumrall29d8da82011-05-18 17:20:07 -0700757 struct stat statbuf;
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800758
Ken Sumrall160b4d62013-04-22 12:15:39 -0700759 if (get_crypt_ftr_info(&fname, &starting_off)) {
760 SLOGE("Unable to get crypt_ftr_info\n");
761 return -1;
762 }
763 if (fname[0] != '/') {
Ken Sumralle5032c42012-04-01 23:58:44 -0700764 SLOGE("Unexpected value for crypto key location\n");
Ken Sumrall160b4d62013-04-22 12:15:39 -0700765 return -1;
766 }
Jeff Sharkeyce6a9132015-04-08 21:07:21 -0700767 if ( (fd = open(fname, O_RDWR|O_CLOEXEC)) < 0) {
Ken Sumralle550f782013-08-20 13:48:23 -0700768 SLOGE("Cannot open footer file %s for get\n", fname);
Ken Sumrall160b4d62013-04-22 12:15:39 -0700769 return -1;
770 }
771
772 /* Make sure it's 16 Kbytes in length */
773 fstat(fd, &statbuf);
774 if (S_ISREG(statbuf.st_mode) && (statbuf.st_size != 0x4000)) {
775 SLOGE("footer file %s is not the expected size!\n", fname);
776 goto errout;
777 }
778
779 /* Seek to the start of the crypt footer */
780 if (lseek64(fd, starting_off, SEEK_SET) == -1) {
781 SLOGE("Cannot seek to real block device footer\n");
782 goto errout;
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800783 }
784
785 if ( (cnt = read(fd, crypt_ftr, sizeof(struct crypt_mnt_ftr))) != sizeof(struct crypt_mnt_ftr)) {
786 SLOGE("Cannot read real block device footer\n");
787 goto errout;
788 }
789
790 if (crypt_ftr->magic != CRYPT_MNT_MAGIC) {
Ken Sumrall29d8da82011-05-18 17:20:07 -0700791 SLOGE("Bad magic for real block device %s\n", fname);
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800792 goto errout;
793 }
794
Kenny Rootc96a5f82013-06-14 12:08:28 -0700795 if (crypt_ftr->major_version != CURRENT_MAJOR_VERSION) {
796 SLOGE("Cannot understand major version %d real block device footer; expected %d\n",
797 crypt_ftr->major_version, CURRENT_MAJOR_VERSION);
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800798 goto errout;
799 }
800
Kenny Rootc96a5f82013-06-14 12:08:28 -0700801 if (crypt_ftr->minor_version > CURRENT_MINOR_VERSION) {
802 SLOGW("Warning: crypto footer minor version %d, expected <= %d, continuing...\n",
803 crypt_ftr->minor_version, CURRENT_MINOR_VERSION);
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800804 }
805
Ken Sumrall160b4d62013-04-22 12:15:39 -0700806 /* If this is a verion 1.0 crypt_ftr, make it a 1.1 crypt footer, and update the
807 * copy on disk before returning.
808 */
Kenny Rootc96a5f82013-06-14 12:08:28 -0700809 if (crypt_ftr->minor_version < CURRENT_MINOR_VERSION) {
Ken Sumrall160b4d62013-04-22 12:15:39 -0700810 upgrade_crypt_ftr(fd, crypt_ftr, starting_off);
Ken Sumralle8744072011-01-18 22:01:55 -0800811 }
812
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800813 /* Success! */
814 rc = 0;
815
816errout:
817 close(fd);
818 return rc;
819}
820
Ken Sumrall160b4d62013-04-22 12:15:39 -0700821static int validate_persistent_data_storage(struct crypt_mnt_ftr *crypt_ftr)
822{
823 if (crypt_ftr->persist_data_offset[0] + crypt_ftr->persist_data_size >
824 crypt_ftr->persist_data_offset[1]) {
825 SLOGE("Crypt_ftr persist data regions overlap");
826 return -1;
827 }
828
829 if (crypt_ftr->persist_data_offset[0] >= crypt_ftr->persist_data_offset[1]) {
830 SLOGE("Crypt_ftr persist data region 0 starts after region 1");
831 return -1;
832 }
833
834 if (((crypt_ftr->persist_data_offset[1] + crypt_ftr->persist_data_size) -
835 (crypt_ftr->persist_data_offset[0] - CRYPT_FOOTER_TO_PERSIST_OFFSET)) >
836 CRYPT_FOOTER_OFFSET) {
837 SLOGE("Persistent data extends past crypto footer");
838 return -1;
839 }
840
841 return 0;
842}
843
844static int load_persistent_data(void)
845{
846 struct crypt_mnt_ftr crypt_ftr;
847 struct crypt_persist_data *pdata = NULL;
848 char encrypted_state[PROPERTY_VALUE_MAX];
849 char *fname;
850 int found = 0;
851 int fd;
852 int ret;
853 int i;
854
855 if (persist_data) {
856 /* Nothing to do, we've already loaded or initialized it */
857 return 0;
858 }
859
860
861 /* If not encrypted, just allocate an empty table and initialize it */
862 property_get("ro.crypto.state", encrypted_state, "");
863 if (strcmp(encrypted_state, "encrypted") ) {
864 pdata = malloc(CRYPT_PERSIST_DATA_SIZE);
865 if (pdata) {
866 init_empty_persist_data(pdata, CRYPT_PERSIST_DATA_SIZE);
867 persist_data = pdata;
868 return 0;
869 }
870 return -1;
871 }
872
873 if(get_crypt_ftr_and_key(&crypt_ftr)) {
874 return -1;
875 }
876
Paul Lawrence8561b5c2014-03-17 14:10:51 -0700877 if ((crypt_ftr.major_version < 1)
878 || (crypt_ftr.major_version == 1 && crypt_ftr.minor_version < 1)) {
Ken Sumrall160b4d62013-04-22 12:15:39 -0700879 SLOGE("Crypt_ftr version doesn't support persistent data");
880 return -1;
881 }
882
883 if (get_crypt_ftr_info(&fname, NULL)) {
884 return -1;
885 }
886
887 ret = validate_persistent_data_storage(&crypt_ftr);
888 if (ret) {
889 return -1;
890 }
891
Jeff Sharkeyce6a9132015-04-08 21:07:21 -0700892 fd = open(fname, O_RDONLY|O_CLOEXEC);
Ken Sumrall160b4d62013-04-22 12:15:39 -0700893 if (fd < 0) {
894 SLOGE("Cannot open %s metadata file", fname);
895 return -1;
896 }
897
Paul Lawrence300dae72016-03-11 11:02:52 -0800898 pdata = malloc(crypt_ftr.persist_data_size);
899 if (pdata == NULL) {
900 SLOGE("Cannot allocate memory for persistent data");
901 goto err;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700902 }
903
904 for (i = 0; i < 2; i++) {
905 if (lseek64(fd, crypt_ftr.persist_data_offset[i], SEEK_SET) < 0) {
906 SLOGE("Cannot seek to read persistent data on %s", fname);
907 goto err2;
908 }
909 if (unix_read(fd, pdata, crypt_ftr.persist_data_size) < 0){
910 SLOGE("Error reading persistent data on iteration %d", i);
911 goto err2;
912 }
913 if (pdata->persist_magic == PERSIST_DATA_MAGIC) {
914 found = 1;
915 break;
916 }
917 }
918
919 if (!found) {
920 SLOGI("Could not find valid persistent data, creating");
921 init_empty_persist_data(pdata, crypt_ftr.persist_data_size);
922 }
923
924 /* Success */
925 persist_data = pdata;
926 close(fd);
927 return 0;
928
929err2:
930 free(pdata);
931
932err:
933 close(fd);
934 return -1;
935}
936
937static int save_persistent_data(void)
938{
939 struct crypt_mnt_ftr crypt_ftr;
940 struct crypt_persist_data *pdata;
941 char *fname;
942 off64_t write_offset;
943 off64_t erase_offset;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700944 int fd;
945 int ret;
946
947 if (persist_data == NULL) {
948 SLOGE("No persistent data to save");
949 return -1;
950 }
951
952 if(get_crypt_ftr_and_key(&crypt_ftr)) {
953 return -1;
954 }
955
Paul Lawrence8561b5c2014-03-17 14:10:51 -0700956 if ((crypt_ftr.major_version < 1)
957 || (crypt_ftr.major_version == 1 && crypt_ftr.minor_version < 1)) {
Ken Sumrall160b4d62013-04-22 12:15:39 -0700958 SLOGE("Crypt_ftr version doesn't support persistent data");
959 return -1;
960 }
961
962 ret = validate_persistent_data_storage(&crypt_ftr);
963 if (ret) {
964 return -1;
965 }
966
967 if (get_crypt_ftr_info(&fname, NULL)) {
968 return -1;
969 }
970
Jeff Sharkeyce6a9132015-04-08 21:07:21 -0700971 fd = open(fname, O_RDWR|O_CLOEXEC);
Ken Sumrall160b4d62013-04-22 12:15:39 -0700972 if (fd < 0) {
973 SLOGE("Cannot open %s metadata file", fname);
974 return -1;
975 }
976
977 pdata = malloc(crypt_ftr.persist_data_size);
978 if (pdata == NULL) {
979 SLOGE("Cannot allocate persistant data");
980 goto err;
981 }
982
983 if (lseek64(fd, crypt_ftr.persist_data_offset[0], SEEK_SET) < 0) {
984 SLOGE("Cannot seek to read persistent data on %s", fname);
985 goto err2;
986 }
987
988 if (unix_read(fd, pdata, crypt_ftr.persist_data_size) < 0) {
989 SLOGE("Error reading persistent data before save");
990 goto err2;
991 }
992
993 if (pdata->persist_magic == PERSIST_DATA_MAGIC) {
994 /* The first copy is the curent valid copy, so write to
995 * the second copy and erase this one */
996 write_offset = crypt_ftr.persist_data_offset[1];
997 erase_offset = crypt_ftr.persist_data_offset[0];
998 } else {
999 /* The second copy must be the valid copy, so write to
1000 * the first copy, and erase the second */
1001 write_offset = crypt_ftr.persist_data_offset[0];
1002 erase_offset = crypt_ftr.persist_data_offset[1];
1003 }
1004
1005 /* Write the new copy first, if successful, then erase the old copy */
Björn Landström96dbee72015-01-20 12:43:56 +01001006 if (lseek64(fd, write_offset, SEEK_SET) < 0) {
Ken Sumrall160b4d62013-04-22 12:15:39 -07001007 SLOGE("Cannot seek to write persistent data");
1008 goto err2;
1009 }
1010 if (unix_write(fd, persist_data, crypt_ftr.persist_data_size) ==
1011 (int) crypt_ftr.persist_data_size) {
Björn Landström96dbee72015-01-20 12:43:56 +01001012 if (lseek64(fd, erase_offset, SEEK_SET) < 0) {
Ken Sumrall160b4d62013-04-22 12:15:39 -07001013 SLOGE("Cannot seek to erase previous persistent data");
1014 goto err2;
1015 }
1016 fsync(fd);
1017 memset(pdata, 0, crypt_ftr.persist_data_size);
1018 if (unix_write(fd, pdata, crypt_ftr.persist_data_size) !=
1019 (int) crypt_ftr.persist_data_size) {
1020 SLOGE("Cannot write to erase previous persistent data");
1021 goto err2;
1022 }
1023 fsync(fd);
1024 } else {
1025 SLOGE("Cannot write to save persistent data");
1026 goto err2;
1027 }
1028
1029 /* Success */
1030 free(pdata);
1031 close(fd);
1032 return 0;
1033
1034err2:
1035 free(pdata);
1036err:
1037 close(fd);
1038 return -1;
1039}
1040
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001041/* Convert a binary key of specified length into an ascii hex string equivalent,
1042 * without the leading 0x and with null termination
1043 */
Jeff Sharkey9c484982015-03-31 10:35:33 -07001044static void convert_key_to_hex_ascii(const unsigned char *master_key,
Paul Lawrence3bd36d52015-06-09 13:37:44 -07001045 unsigned int keysize, char *master_key_ascii) {
1046 unsigned int i, a;
1047 unsigned char nibble;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001048
Paul Lawrence3bd36d52015-06-09 13:37:44 -07001049 for (i=0, a=0; i<keysize; i++, a+=2) {
1050 /* For each byte, write out two ascii hex digits */
1051 nibble = (master_key[i] >> 4) & 0xf;
1052 master_key_ascii[a] = nibble + (nibble > 9 ? 0x37 : 0x30);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001053
Paul Lawrence3bd36d52015-06-09 13:37:44 -07001054 nibble = master_key[i] & 0xf;
1055 master_key_ascii[a+1] = nibble + (nibble > 9 ? 0x37 : 0x30);
1056 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001057
Paul Lawrence3bd36d52015-06-09 13:37:44 -07001058 /* Add the null termination */
1059 master_key_ascii[a] = '\0';
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001060
1061}
1062
Jeff Sharkey9c484982015-03-31 10:35:33 -07001063static int load_crypto_mapping_table(struct crypt_mnt_ftr *crypt_ftr,
1064 const unsigned char *master_key, const char *real_blk_name,
1065 const char *name, int fd, const char *extra_params) {
Dan Albertc07fa3f2014-12-18 10:00:55 -08001066 _Alignas(struct dm_ioctl) char buffer[DM_CRYPT_BUF_SIZE];
Ken Sumralldb5e0262013-02-05 17:39:48 -08001067 struct dm_ioctl *io;
1068 struct dm_target_spec *tgt;
1069 char *crypt_params;
1070 char master_key_ascii[129]; /* Large enough to hold 512 bit key and null */
George Burgess IV605d7ae2016-02-29 13:39:17 -08001071 size_t buff_offset;
Ken Sumralldb5e0262013-02-05 17:39:48 -08001072 int i;
1073
1074 io = (struct dm_ioctl *) buffer;
1075
1076 /* Load the mapping table for this device */
1077 tgt = (struct dm_target_spec *) &buffer[sizeof(struct dm_ioctl)];
1078
1079 ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
1080 io->target_count = 1;
1081 tgt->status = 0;
1082 tgt->sector_start = 0;
1083 tgt->length = crypt_ftr->fs_size;
Ajay Dudani87701e22014-09-17 21:02:52 -07001084#ifdef CONFIG_HW_DISK_ENCRYPTION
Iliyan Malchevbb7d9af2014-11-20 18:42:23 -08001085 if (!strcmp((char *)crypt_ftr->crypto_type_name, "aes-xts")) {
1086 strlcpy(tgt->target_type, "req-crypt", DM_MAX_TYPE_NAME);
1087 }
1088 else {
1089 strlcpy(tgt->target_type, "crypt", DM_MAX_TYPE_NAME);
1090 }
Ajay Dudani87701e22014-09-17 21:02:52 -07001091#else
1092 strlcpy(tgt->target_type, "crypt", DM_MAX_TYPE_NAME);
1093#endif
Ken Sumralldb5e0262013-02-05 17:39:48 -08001094
1095 crypt_params = buffer + sizeof(struct dm_ioctl) + sizeof(struct dm_target_spec);
1096 convert_key_to_hex_ascii(master_key, crypt_ftr->keysize, master_key_ascii);
George Burgess IV605d7ae2016-02-29 13:39:17 -08001097
1098 buff_offset = crypt_params - buffer;
1099 snprintf(crypt_params, sizeof(buffer) - buff_offset, "%s %s 0 %s 0 %s",
1100 crypt_ftr->crypto_type_name, master_key_ascii, real_blk_name,
1101 extra_params);
Ken Sumralldb5e0262013-02-05 17:39:48 -08001102 crypt_params += strlen(crypt_params) + 1;
1103 crypt_params = (char *) (((unsigned long)crypt_params + 7) & ~8); /* Align to an 8 byte boundary */
1104 tgt->next = crypt_params - buffer;
1105
1106 for (i = 0; i < TABLE_LOAD_RETRIES; i++) {
1107 if (! ioctl(fd, DM_TABLE_LOAD, io)) {
1108 break;
1109 }
1110 usleep(500000);
1111 }
1112
1113 if (i == TABLE_LOAD_RETRIES) {
1114 /* We failed to load the table, return an error */
1115 return -1;
1116 } else {
1117 return i + 1;
1118 }
1119}
1120
1121
1122static int get_dm_crypt_version(int fd, const char *name, int *version)
1123{
1124 char buffer[DM_CRYPT_BUF_SIZE];
1125 struct dm_ioctl *io;
1126 struct dm_target_versions *v;
Ken Sumralldb5e0262013-02-05 17:39:48 -08001127
1128 io = (struct dm_ioctl *) buffer;
1129
1130 ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
1131
1132 if (ioctl(fd, DM_LIST_VERSIONS, io)) {
1133 return -1;
1134 }
1135
1136 /* Iterate over the returned versions, looking for name of "crypt".
1137 * When found, get and return the version.
1138 */
1139 v = (struct dm_target_versions *) &buffer[sizeof(struct dm_ioctl)];
1140 while (v->next) {
Ajay Dudani87701e22014-09-17 21:02:52 -07001141#ifdef CONFIG_HW_DISK_ENCRYPTION
Iliyan Malchevbb7d9af2014-11-20 18:42:23 -08001142 if (! strcmp(v->name, "crypt") || ! strcmp(v->name, "req-crypt")) {
Ajay Dudani87701e22014-09-17 21:02:52 -07001143#else
Ken Sumralldb5e0262013-02-05 17:39:48 -08001144 if (! strcmp(v->name, "crypt")) {
Ajay Dudani87701e22014-09-17 21:02:52 -07001145#endif
Ken Sumralldb5e0262013-02-05 17:39:48 -08001146 /* We found the crypt driver, return the version, and get out */
1147 version[0] = v->version[0];
1148 version[1] = v->version[1];
1149 version[2] = v->version[2];
1150 return 0;
1151 }
1152 v = (struct dm_target_versions *)(((char *)v) + v->next);
1153 }
1154
1155 return -1;
1156}
1157
Jeff Sharkey9c484982015-03-31 10:35:33 -07001158static int create_crypto_blk_dev(struct crypt_mnt_ftr *crypt_ftr,
1159 const unsigned char *master_key, const char *real_blk_name,
1160 char *crypto_blk_name, const char *name) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001161 char buffer[DM_CRYPT_BUF_SIZE];
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001162 struct dm_ioctl *io;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001163 unsigned int minor;
Ajay Dudani87701e22014-09-17 21:02:52 -07001164 int fd=0;
Daniel Rosenberg25a52132016-02-26 16:44:36 -08001165 int err;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001166 int retval = -1;
Ken Sumralldb5e0262013-02-05 17:39:48 -08001167 int version[3];
1168 char *extra_params;
1169 int load_count;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001170
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07001171 if ((fd = open("/dev/device-mapper", O_RDWR|O_CLOEXEC)) < 0 ) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001172 SLOGE("Cannot open device-mapper\n");
1173 goto errout;
1174 }
1175
1176 io = (struct dm_ioctl *) buffer;
1177
1178 ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
Daniel Rosenberg25a52132016-02-26 16:44:36 -08001179 err = ioctl(fd, DM_DEV_CREATE, io);
1180 if (err) {
1181 SLOGE("Cannot create dm-crypt device %s: %s\n", name, strerror(errno));
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001182 goto errout;
1183 }
1184
1185 /* Get the device status, in particular, the name of it's device file */
1186 ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
1187 if (ioctl(fd, DM_DEV_STATUS, io)) {
1188 SLOGE("Cannot retrieve dm-crypt device status\n");
1189 goto errout;
1190 }
1191 minor = (io->dev & 0xff) | ((io->dev >> 12) & 0xfff00);
1192 snprintf(crypto_blk_name, MAXPATHLEN, "/dev/block/dm-%u", minor);
1193
Ken Sumralldb5e0262013-02-05 17:39:48 -08001194 extra_params = "";
1195 if (! get_dm_crypt_version(fd, name, version)) {
1196 /* Support for allow_discards was added in version 1.11.0 */
1197 if ((version[0] >= 2) ||
1198 ((version[0] == 1) && (version[1] >= 11))) {
1199 extra_params = "1 allow_discards";
1200 SLOGI("Enabling support for allow_discards in dmcrypt.\n");
1201 }
Ken Sumralle919efe2012-09-29 17:07:41 -07001202 }
1203
Ken Sumralldb5e0262013-02-05 17:39:48 -08001204 load_count = load_crypto_mapping_table(crypt_ftr, master_key, real_blk_name, name,
1205 fd, extra_params);
1206 if (load_count < 0) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001207 SLOGE("Cannot load dm-crypt mapping table.\n");
1208 goto errout;
Ken Sumralldb5e0262013-02-05 17:39:48 -08001209 } else if (load_count > 1) {
1210 SLOGI("Took %d tries to load dmcrypt table.\n", load_count);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001211 }
1212
1213 /* Resume this device to activate it */
Ken Sumralldb5e0262013-02-05 17:39:48 -08001214 ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001215
1216 if (ioctl(fd, DM_DEV_SUSPEND, io)) {
1217 SLOGE("Cannot resume the dm-crypt device\n");
1218 goto errout;
1219 }
1220
1221 /* We made it here with no errors. Woot! */
1222 retval = 0;
1223
1224errout:
1225 close(fd); /* If fd is <0 from a failed open call, it's safe to just ignore the close error */
1226
1227 return retval;
1228}
1229
Ken Sumrall29d8da82011-05-18 17:20:07 -07001230static int delete_crypto_blk_dev(char *name)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001231{
1232 int fd;
1233 char buffer[DM_CRYPT_BUF_SIZE];
1234 struct dm_ioctl *io;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001235 int retval = -1;
1236
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07001237 if ((fd = open("/dev/device-mapper", O_RDWR|O_CLOEXEC)) < 0 ) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001238 SLOGE("Cannot open device-mapper\n");
1239 goto errout;
1240 }
1241
1242 io = (struct dm_ioctl *) buffer;
1243
1244 ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
1245 if (ioctl(fd, DM_DEV_REMOVE, io)) {
1246 SLOGE("Cannot remove dm-crypt device\n");
1247 goto errout;
1248 }
1249
1250 /* We made it here with no errors. Woot! */
1251 retval = 0;
1252
1253errout:
1254 close(fd); /* If fd is <0 from a failed open call, it's safe to just ignore the close error */
1255
1256 return retval;
1257
1258}
1259
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001260static int pbkdf2(const char *passwd, const unsigned char *salt,
Paul Lawrencef4faa572014-01-29 13:31:03 -08001261 unsigned char *ikey, void *params UNUSED)
1262{
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001263 SLOGI("Using pbkdf2 for cryptfs KDF");
1264
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001265 /* Turn the password into a key and IV that can decrypt the master key */
Adam Langleybf0d9722015-11-04 14:51:39 -08001266 return PKCS5_PBKDF2_HMAC_SHA1(passwd, strlen(passwd), salt, SALT_LEN,
1267 HASH_COUNT, KEY_LEN_BYTES + IV_LEN_BYTES,
1268 ikey) != 1;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001269}
1270
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001271static int scrypt(const char *passwd, const unsigned char *salt,
Paul Lawrencef4faa572014-01-29 13:31:03 -08001272 unsigned char *ikey, void *params)
1273{
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001274 SLOGI("Using scrypt for cryptfs KDF");
1275
Kenny Rootc4c70f12013-06-14 12:11:38 -07001276 struct crypt_mnt_ftr *ftr = (struct crypt_mnt_ftr *) params;
1277
1278 int N = 1 << ftr->N_factor;
1279 int r = 1 << ftr->r_factor;
1280 int p = 1 << ftr->p_factor;
1281
1282 /* Turn the password into a key and IV that can decrypt the master key */
Paul Lawrencef4faa572014-01-29 13:31:03 -08001283 unsigned int keysize;
Paul Lawrence3bd36d52015-06-09 13:37:44 -07001284 crypto_scrypt((const uint8_t*)passwd, strlen(passwd),
1285 salt, SALT_LEN, N, r, p, ikey,
1286 KEY_LEN_BYTES + IV_LEN_BYTES);
Paul Lawrencef4faa572014-01-29 13:31:03 -08001287
Paul Lawrence3bd36d52015-06-09 13:37:44 -07001288 return 0;
Kenny Rootc4c70f12013-06-14 12:11:38 -07001289}
1290
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001291static int scrypt_keymaster(const char *passwd, const unsigned char *salt,
1292 unsigned char *ikey, void *params)
1293{
1294 SLOGI("Using scrypt with keymaster for cryptfs KDF");
1295
1296 int rc;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001297 size_t signature_size;
1298 unsigned char* signature;
1299 struct crypt_mnt_ftr *ftr = (struct crypt_mnt_ftr *) params;
1300
1301 int N = 1 << ftr->N_factor;
1302 int r = 1 << ftr->r_factor;
1303 int p = 1 << ftr->p_factor;
1304
Paul Lawrence3bd36d52015-06-09 13:37:44 -07001305 rc = crypto_scrypt((const uint8_t*)passwd, strlen(passwd),
1306 salt, SALT_LEN, N, r, p, ikey,
1307 KEY_LEN_BYTES + IV_LEN_BYTES);
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001308
1309 if (rc) {
1310 SLOGE("scrypt failed");
1311 return -1;
1312 }
1313
Shawn Willdene17a9c42014-09-08 13:04:08 -06001314 if (keymaster_sign_object(ftr, ikey, KEY_LEN_BYTES + IV_LEN_BYTES,
1315 &signature, &signature_size)) {
1316 SLOGE("Signing failed");
1317 return -1;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001318 }
1319
1320 rc = crypto_scrypt(signature, signature_size, salt, SALT_LEN,
1321 N, r, p, ikey, KEY_LEN_BYTES + IV_LEN_BYTES);
1322 free(signature);
1323
1324 if (rc) {
1325 SLOGE("scrypt failed");
1326 return -1;
1327 }
1328
1329 return 0;
1330}
1331
1332static int encrypt_master_key(const char *passwd, const unsigned char *salt,
1333 const unsigned char *decrypted_master_key,
Kenny Rootc4c70f12013-06-14 12:11:38 -07001334 unsigned char *encrypted_master_key,
1335 struct crypt_mnt_ftr *crypt_ftr)
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001336{
1337 unsigned char ikey[32+32] = { 0 }; /* Big enough to hold a 256 bit key and 256 bit IV */
1338 EVP_CIPHER_CTX e_ctx;
1339 int encrypted_len, final_len;
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001340 int rc = 0;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001341
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001342 /* Turn the password into an intermediate key and IV that can decrypt the master key */
Kenny Rootc4c70f12013-06-14 12:11:38 -07001343 get_device_scrypt_params(crypt_ftr);
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001344
1345 switch (crypt_ftr->kdf_type) {
1346 case KDF_SCRYPT_KEYMASTER:
1347 if (keymaster_create_key(crypt_ftr)) {
1348 SLOGE("keymaster_create_key failed");
1349 return -1;
1350 }
1351
1352 if (scrypt_keymaster(passwd, salt, ikey, crypt_ftr)) {
1353 SLOGE("scrypt failed");
1354 return -1;
1355 }
1356 break;
1357
1358 case KDF_SCRYPT:
1359 if (scrypt(passwd, salt, ikey, crypt_ftr)) {
1360 SLOGE("scrypt failed");
1361 return -1;
1362 }
1363 break;
1364
1365 default:
1366 SLOGE("Invalid kdf_type");
Paul Lawrencef4faa572014-01-29 13:31:03 -08001367 return -1;
1368 }
Kenny Rootc4c70f12013-06-14 12:11:38 -07001369
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001370 /* Initialize the decryption engine */
Adam Langley889c4f12014-09-03 14:23:13 -07001371 EVP_CIPHER_CTX_init(&e_ctx);
1372 if (! EVP_EncryptInit_ex(&e_ctx, EVP_aes_128_cbc(), NULL, ikey, ikey+KEY_LEN_BYTES)) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001373 SLOGE("EVP_EncryptInit failed\n");
1374 return -1;
1375 }
1376 EVP_CIPHER_CTX_set_padding(&e_ctx, 0); /* Turn off padding as our data is block aligned */
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001377
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001378 /* Encrypt the master key */
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001379 if (! EVP_EncryptUpdate(&e_ctx, encrypted_master_key, &encrypted_len,
Paul Lawrence731a7a22015-04-28 22:14:15 +00001380 decrypted_master_key, KEY_LEN_BYTES)) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001381 SLOGE("EVP_EncryptUpdate failed\n");
1382 return -1;
1383 }
Adam Langley889c4f12014-09-03 14:23:13 -07001384 if (! EVP_EncryptFinal_ex(&e_ctx, encrypted_master_key + encrypted_len, &final_len)) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001385 SLOGE("EVP_EncryptFinal failed\n");
1386 return -1;
1387 }
1388
1389 if (encrypted_len + final_len != KEY_LEN_BYTES) {
1390 SLOGE("EVP_Encryption length check failed with %d, %d bytes\n", encrypted_len, final_len);
1391 return -1;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001392 }
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001393
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001394 /* Store the scrypt of the intermediate key, so we can validate if it's a
1395 password error or mount error when things go wrong.
1396 Note there's no need to check for errors, since if this is incorrect, we
1397 simply won't wipe userdata, which is the correct default behavior
1398 */
1399 int N = 1 << crypt_ftr->N_factor;
1400 int r = 1 << crypt_ftr->r_factor;
1401 int p = 1 << crypt_ftr->p_factor;
1402
1403 rc = crypto_scrypt(ikey, KEY_LEN_BYTES,
1404 crypt_ftr->salt, sizeof(crypt_ftr->salt), N, r, p,
1405 crypt_ftr->scrypted_intermediate_key,
1406 sizeof(crypt_ftr->scrypted_intermediate_key));
1407
1408 if (rc) {
1409 SLOGE("encrypt_master_key: crypto_scrypt failed");
1410 }
1411
Thurston Hou Yeen Dang06dc3112016-07-18 14:16:37 -07001412 EVP_CIPHER_CTX_cleanup(&e_ctx);
1413
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001414 return 0;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001415}
1416
Paul Lawrence731a7a22015-04-28 22:14:15 +00001417static int decrypt_master_key_aux(const char *passwd, unsigned char *salt,
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001418 unsigned char *encrypted_master_key,
1419 unsigned char *decrypted_master_key,
1420 kdf_func kdf, void *kdf_params,
1421 unsigned char** intermediate_key,
1422 size_t* intermediate_key_size)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001423{
1424 unsigned char ikey[32+32] = { 0 }; /* Big enough to hold a 256 bit key and 256 bit IV */
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001425 EVP_CIPHER_CTX d_ctx;
1426 int decrypted_len, final_len;
1427
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001428 /* Turn the password into an intermediate key and IV that can decrypt the
1429 master key */
Paul Lawrencef4faa572014-01-29 13:31:03 -08001430 if (kdf(passwd, salt, ikey, kdf_params)) {
1431 SLOGE("kdf failed");
1432 return -1;
1433 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001434
1435 /* Initialize the decryption engine */
Adam Langley889c4f12014-09-03 14:23:13 -07001436 EVP_CIPHER_CTX_init(&d_ctx);
1437 if (! EVP_DecryptInit_ex(&d_ctx, EVP_aes_128_cbc(), NULL, ikey, ikey+KEY_LEN_BYTES)) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001438 return -1;
1439 }
1440 EVP_CIPHER_CTX_set_padding(&d_ctx, 0); /* Turn off padding as our data is block aligned */
1441 /* Decrypt the master key */
1442 if (! EVP_DecryptUpdate(&d_ctx, decrypted_master_key, &decrypted_len,
1443 encrypted_master_key, KEY_LEN_BYTES)) {
1444 return -1;
1445 }
Adam Langley889c4f12014-09-03 14:23:13 -07001446 if (! EVP_DecryptFinal_ex(&d_ctx, decrypted_master_key + decrypted_len, &final_len)) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001447 return -1;
1448 }
1449
1450 if (decrypted_len + final_len != KEY_LEN_BYTES) {
1451 return -1;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001452 }
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001453
1454 /* Copy intermediate key if needed by params */
1455 if (intermediate_key && intermediate_key_size) {
1456 *intermediate_key = (unsigned char*) malloc(KEY_LEN_BYTES);
Greg Kaisere8167af2016-04-20 10:50:15 -07001457 if (*intermediate_key) {
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001458 memcpy(*intermediate_key, ikey, KEY_LEN_BYTES);
1459 *intermediate_key_size = KEY_LEN_BYTES;
1460 }
1461 }
1462
Thurston Hou Yeen Dang06dc3112016-07-18 14:16:37 -07001463 EVP_CIPHER_CTX_cleanup(&d_ctx);
1464
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001465 return 0;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001466}
1467
Kenny Rootc4c70f12013-06-14 12:11:38 -07001468static void get_kdf_func(struct crypt_mnt_ftr *ftr, kdf_func *kdf, void** kdf_params)
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001469{
Paul Lawrencedb3730c2015-02-03 13:08:10 -08001470 if (ftr->kdf_type == KDF_SCRYPT_KEYMASTER) {
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001471 *kdf = scrypt_keymaster;
1472 *kdf_params = ftr;
1473 } else if (ftr->kdf_type == KDF_SCRYPT) {
Kenny Rootc4c70f12013-06-14 12:11:38 -07001474 *kdf = scrypt;
1475 *kdf_params = ftr;
1476 } else {
1477 *kdf = pbkdf2;
1478 *kdf_params = NULL;
1479 }
1480}
1481
Paul Lawrence731a7a22015-04-28 22:14:15 +00001482static int decrypt_master_key(const char *passwd, unsigned char *decrypted_master_key,
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001483 struct crypt_mnt_ftr *crypt_ftr,
1484 unsigned char** intermediate_key,
1485 size_t* intermediate_key_size)
Kenny Rootc4c70f12013-06-14 12:11:38 -07001486{
1487 kdf_func kdf;
1488 void *kdf_params;
1489 int ret;
1490
1491 get_kdf_func(crypt_ftr, &kdf, &kdf_params);
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001492 ret = decrypt_master_key_aux(passwd, crypt_ftr->salt, crypt_ftr->master_key,
1493 decrypted_master_key, kdf, kdf_params,
1494 intermediate_key, intermediate_key_size);
Kenny Rootc4c70f12013-06-14 12:11:38 -07001495 if (ret != 0) {
1496 SLOGW("failure decrypting master key");
Kenny Rootc4c70f12013-06-14 12:11:38 -07001497 }
1498
1499 return ret;
1500}
1501
1502static int create_encrypted_random_key(char *passwd, unsigned char *master_key, unsigned char *salt,
1503 struct crypt_mnt_ftr *crypt_ftr) {
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001504 int fd;
Ken Sumralle8744072011-01-18 22:01:55 -08001505 unsigned char key_buf[KEY_LEN_BYTES];
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001506
1507 /* Get some random bits for a key */
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07001508 fd = open("/dev/urandom", O_RDONLY|O_CLOEXEC);
Ken Sumralle8744072011-01-18 22:01:55 -08001509 read(fd, key_buf, sizeof(key_buf));
1510 read(fd, salt, SALT_LEN);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001511 close(fd);
1512
1513 /* Now encrypt it with the password */
Kenny Rootc4c70f12013-06-14 12:11:38 -07001514 return encrypt_master_key(passwd, salt, key_buf, master_key, crypt_ftr);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001515}
1516
Paul Lawrence2f32cda2015-05-05 14:28:25 -07001517int wait_and_unmount(const char *mountpoint, bool kill)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001518{
Greg Hackmann955653e2014-09-24 14:55:20 -07001519 int i, err, rc;
Ken Sumrall2eaf7132011-01-14 12:45:48 -08001520#define WAIT_UNMOUNT_COUNT 20
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001521
1522 /* Now umount the tmpfs filesystem */
1523 for (i=0; i<WAIT_UNMOUNT_COUNT; i++) {
Greg Hackmann6e8440f2014-10-02 17:18:20 -07001524 if (umount(mountpoint) == 0) {
1525 break;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001526 }
Greg Hackmann6e8440f2014-10-02 17:18:20 -07001527
1528 if (errno == EINVAL) {
1529 /* EINVAL is returned if the directory is not a mountpoint,
1530 * i.e. there is no filesystem mounted there. So just get out.
1531 */
1532 break;
1533 }
1534
1535 err = errno;
1536
1537 /* If allowed, be increasingly aggressive before the last two retries */
1538 if (kill) {
1539 if (i == (WAIT_UNMOUNT_COUNT - 3)) {
1540 SLOGW("sending SIGHUP to processes with open files\n");
Jeff Sharkey36801cc2015-03-13 16:09:20 -07001541 vold_killProcessesWithOpenFiles(mountpoint, SIGTERM);
Greg Hackmann6e8440f2014-10-02 17:18:20 -07001542 } else if (i == (WAIT_UNMOUNT_COUNT - 2)) {
1543 SLOGW("sending SIGKILL to processes with open files\n");
Jeff Sharkey36801cc2015-03-13 16:09:20 -07001544 vold_killProcessesWithOpenFiles(mountpoint, SIGKILL);
Greg Hackmann6e8440f2014-10-02 17:18:20 -07001545 }
1546 }
1547
1548 sleep(1);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001549 }
1550
1551 if (i < WAIT_UNMOUNT_COUNT) {
1552 SLOGD("unmounting %s succeeded\n", mountpoint);
1553 rc = 0;
1554 } else {
jessica_yu3f14fe42014-09-22 15:57:40 +08001555 vold_killProcessesWithOpenFiles(mountpoint, 0);
Greg Hackmann955653e2014-09-24 14:55:20 -07001556 SLOGE("unmounting %s failed: %s\n", mountpoint, strerror(err));
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001557 rc = -1;
1558 }
1559
1560 return rc;
1561}
1562
Paul Lawrenceb1ef4662015-06-11 11:15:29 -07001563#define DATA_PREP_TIMEOUT 1000
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001564static int prep_data_fs(void)
1565{
1566 int i;
1567
Jeff Sharkey47695b22016-02-01 17:02:29 -07001568 // NOTE: post_fs_data results in init calling back around to vold, so all
1569 // callers to this method must be async
1570
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001571 /* Do the prep of the /data filesystem */
1572 property_set("vold.post_fs_data_done", "0");
1573 property_set("vold.decrypt", "trigger_post_fs_data");
1574 SLOGD("Just triggered post_fs_data\n");
1575
Ken Sumrallc5872692013-05-14 15:26:31 -07001576 /* Wait a max of 50 seconds, hopefully it takes much less */
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001577 for (i=0; i<DATA_PREP_TIMEOUT; i++) {
Ken Sumrall29d8da82011-05-18 17:20:07 -07001578 char p[PROPERTY_VALUE_MAX];
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001579
1580 property_get("vold.post_fs_data_done", p, "0");
1581 if (*p == '1') {
1582 break;
1583 } else {
Paul Lawrenceb1ef4662015-06-11 11:15:29 -07001584 usleep(50000);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001585 }
1586 }
1587 if (i == DATA_PREP_TIMEOUT) {
1588 /* Ugh, we failed to prep /data in time. Bail. */
Ken Sumrallc5872692013-05-14 15:26:31 -07001589 SLOGE("post_fs_data timed out!\n");
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001590 return -1;
1591 } else {
1592 SLOGD("post_fs_data done\n");
1593 return 0;
1594 }
1595}
1596
Paul Lawrence74f29f12014-08-28 15:54:10 -07001597static void cryptfs_set_corrupt()
1598{
1599 // Mark the footer as bad
1600 struct crypt_mnt_ftr crypt_ftr;
1601 if (get_crypt_ftr_and_key(&crypt_ftr)) {
1602 SLOGE("Failed to get crypto footer - panic");
1603 return;
1604 }
1605
1606 crypt_ftr.flags |= CRYPT_DATA_CORRUPT;
1607 if (put_crypt_ftr_and_key(&crypt_ftr)) {
1608 SLOGE("Failed to set crypto footer - panic");
1609 return;
1610 }
1611}
1612
1613static void cryptfs_trigger_restart_min_framework()
1614{
1615 if (fs_mgr_do_tmpfs_mount(DATA_MNT_POINT)) {
1616 SLOGE("Failed to mount tmpfs on data - panic");
1617 return;
1618 }
1619
1620 if (property_set("vold.decrypt", "trigger_post_fs_data")) {
1621 SLOGE("Failed to trigger post fs data - panic");
1622 return;
1623 }
1624
1625 if (property_set("vold.decrypt", "trigger_restart_min_framework")) {
1626 SLOGE("Failed to trigger restart min framework - panic");
1627 return;
1628 }
1629}
1630
Paul Lawrence8e3f4512014-09-08 10:11:17 -07001631/* returns < 0 on failure */
Paul Lawrencef4faa572014-01-29 13:31:03 -08001632static int cryptfs_restart_internal(int restart_main)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001633{
Ken Sumrall6864b7e2011-01-14 15:20:02 -08001634 char crypto_blkdev[MAXPATHLEN];
Tim Murray8439dc92014-12-15 11:56:11 -08001635 int rc = -1;
Ken Sumrall0cc16632011-01-18 20:32:26 -08001636 static int restart_successful = 0;
1637
1638 /* Validate that it's OK to call this routine */
Jason parks70a4b3f2011-01-28 10:10:47 -06001639 if (! master_key_saved) {
Ken Sumrall0cc16632011-01-18 20:32:26 -08001640 SLOGE("Encrypted filesystem not validated, aborting");
1641 return -1;
1642 }
1643
1644 if (restart_successful) {
1645 SLOGE("System already restarted with encrypted disk, aborting");
1646 return -1;
1647 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001648
Paul Lawrencef4faa572014-01-29 13:31:03 -08001649 if (restart_main) {
1650 /* Here is where we shut down the framework. The init scripts
1651 * start all services in one of three classes: core, main or late_start.
1652 * On boot, we start core and main. Now, we stop main, but not core,
1653 * as core includes vold and a few other really important things that
1654 * we need to keep running. Once main has stopped, we should be able
1655 * to umount the tmpfs /data, then mount the encrypted /data.
1656 * We then restart the class main, and also the class late_start.
1657 * At the moment, I've only put a few things in late_start that I know
1658 * are not needed to bring up the framework, and that also cause problems
1659 * with unmounting the tmpfs /data, but I hope to add add more services
1660 * to the late_start class as we optimize this to decrease the delay
1661 * till the user is asked for the password to the filesystem.
1662 */
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001663
Paul Lawrencef4faa572014-01-29 13:31:03 -08001664 /* The init files are setup to stop the class main when vold.decrypt is
1665 * set to trigger_reset_main.
1666 */
1667 property_set("vold.decrypt", "trigger_reset_main");
1668 SLOGD("Just asked init to shut down class main\n");
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001669
Paul Lawrencef4faa572014-01-29 13:31:03 -08001670 /* Ugh, shutting down the framework is not synchronous, so until it
1671 * can be fixed, this horrible hack will wait a moment for it all to
1672 * shut down before proceeding. Without it, some devices cannot
1673 * restart the graphics services.
1674 */
1675 sleep(2);
1676 }
Ken Sumrall9dedfd42012-10-09 14:16:59 -07001677
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001678 /* Now that the framework is shutdown, we should be able to umount()
1679 * the tmpfs filesystem, and mount the real one.
1680 */
1681
Ken Sumrall6864b7e2011-01-14 15:20:02 -08001682 property_get("ro.crypto.fs_crypto_blkdev", crypto_blkdev, "");
1683 if (strlen(crypto_blkdev) == 0) {
1684 SLOGE("fs_crypto_blkdev not set\n");
1685 return -1;
1686 }
1687
Greg Hackmann6e8440f2014-10-02 17:18:20 -07001688 if (! (rc = wait_and_unmount(DATA_MNT_POINT, true)) ) {
Doug Zongker6fd57712013-12-17 09:43:23 -08001689 /* If ro.crypto.readonly is set to 1, mount the decrypted
1690 * filesystem readonly. This is used when /data is mounted by
1691 * recovery mode.
1692 */
1693 char ro_prop[PROPERTY_VALUE_MAX];
1694 property_get("ro.crypto.readonly", ro_prop, "");
1695 if (strlen(ro_prop) > 0 && atoi(ro_prop)) {
1696 struct fstab_rec* rec = fs_mgr_get_entry_for_mount_point(fstab, DATA_MNT_POINT);
1697 rec->flags |= MS_RDONLY;
1698 }
JP Abgrall62c7af32014-06-16 13:01:23 -07001699
Ken Sumralle5032c42012-04-01 23:58:44 -07001700 /* If that succeeded, then mount the decrypted filesystem */
Paul Lawrence8e3f4512014-09-08 10:11:17 -07001701 int retries = RETRY_MOUNT_ATTEMPTS;
1702 int mount_rc;
Jeff Vander Stoepdf725752016-01-29 15:34:43 -08001703
1704 /*
1705 * fs_mgr_do_mount runs fsck. Use setexeccon to run trusted
1706 * partitions in the fsck domain.
1707 */
1708 if (setexeccon(secontextFsck())){
1709 SLOGE("Failed to setexeccon");
1710 return -1;
1711 }
Paul Lawrence8e3f4512014-09-08 10:11:17 -07001712 while ((mount_rc = fs_mgr_do_mount(fstab, DATA_MNT_POINT,
1713 crypto_blkdev, 0))
1714 != 0) {
1715 if (mount_rc == FS_MGR_DOMNT_BUSY) {
1716 /* TODO: invoke something similar to
1717 Process::killProcessWithOpenFiles(DATA_MNT_POINT,
1718 retries > RETRY_MOUNT_ATTEMPT/2 ? 1 : 2 ) */
1719 SLOGI("Failed to mount %s because it is busy - waiting",
1720 crypto_blkdev);
1721 if (--retries) {
1722 sleep(RETRY_MOUNT_DELAY_SECONDS);
1723 } else {
1724 /* Let's hope that a reboot clears away whatever is keeping
1725 the mount busy */
1726 cryptfs_reboot(reboot);
1727 }
1728 } else {
1729 SLOGE("Failed to mount decrypted data");
1730 cryptfs_set_corrupt();
1731 cryptfs_trigger_restart_min_framework();
1732 SLOGI("Started framework to offer wipe");
Jeff Vander Stoepdf725752016-01-29 15:34:43 -08001733 if (setexeccon(NULL)) {
1734 SLOGE("Failed to setexeccon");
1735 }
Paul Lawrence8e3f4512014-09-08 10:11:17 -07001736 return -1;
1737 }
Paul Lawrence74f29f12014-08-28 15:54:10 -07001738 }
Jeff Vander Stoepdf725752016-01-29 15:34:43 -08001739 if (setexeccon(NULL)) {
1740 SLOGE("Failed to setexeccon");
1741 return -1;
1742 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001743
Ken Sumralle5032c42012-04-01 23:58:44 -07001744 /* Create necessary paths on /data */
1745 if (prep_data_fs()) {
1746 return -1;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001747 }
Seigo Nonakae2ef0c02016-06-20 17:05:40 +09001748 property_set("vold.decrypt", "trigger_load_persist_props");
Ken Sumralle5032c42012-04-01 23:58:44 -07001749
1750 /* startup service classes main and late_start */
1751 property_set("vold.decrypt", "trigger_restart_framework");
1752 SLOGD("Just triggered restart_framework\n");
1753
1754 /* Give it a few moments to get started */
1755 sleep(1);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001756 }
1757
Ken Sumrall0cc16632011-01-18 20:32:26 -08001758 if (rc == 0) {
1759 restart_successful = 1;
1760 }
1761
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001762 return rc;
1763}
1764
Paul Lawrencef4faa572014-01-29 13:31:03 -08001765int cryptfs_restart(void)
1766{
Paul Lawrence05335c32015-03-05 09:46:23 -08001767 SLOGI("cryptfs_restart");
Paul Crowley38132a12016-02-09 09:50:32 +00001768 if (e4crypt_is_native()) {
Paul Lawrence7b6b5652016-02-02 11:14:59 -08001769 SLOGE("cryptfs_restart not valid for file encryption:");
1770 return -1;
Paul Lawrence05335c32015-03-05 09:46:23 -08001771 }
1772
Paul Lawrencef4faa572014-01-29 13:31:03 -08001773 /* Call internal implementation forcing a restart of main service group */
1774 return cryptfs_restart_internal(1);
1775}
1776
Paul Lawrence05335c32015-03-05 09:46:23 -08001777static int do_crypto_complete(char *mount_point)
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08001778{
1779 struct crypt_mnt_ftr crypt_ftr;
Ken Sumrall29d8da82011-05-18 17:20:07 -07001780 char encrypted_state[PROPERTY_VALUE_MAX];
Ken Sumralle1a45852011-12-14 21:24:27 -08001781 char key_loc[PROPERTY_VALUE_MAX];
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08001782
1783 property_get("ro.crypto.state", encrypted_state, "");
1784 if (strcmp(encrypted_state, "encrypted") ) {
1785 SLOGE("not running with encryption, aborting");
Paul Lawrence74f29f12014-08-28 15:54:10 -07001786 return CRYPTO_COMPLETE_NOT_ENCRYPTED;
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08001787 }
1788
Paul Lawrence7b6b5652016-02-02 11:14:59 -08001789 // crypto_complete is full disk encrypted status
Paul Crowley38132a12016-02-09 09:50:32 +00001790 if (e4crypt_is_native()) {
Paul Lawrence7b6b5652016-02-02 11:14:59 -08001791 return CRYPTO_COMPLETE_NOT_ENCRYPTED;
Paul Lawrence05335c32015-03-05 09:46:23 -08001792 }
1793
Ken Sumrall160b4d62013-04-22 12:15:39 -07001794 if (get_crypt_ftr_and_key(&crypt_ftr)) {
Ken Sumrall56ad03c2013-02-13 13:00:19 -08001795 fs_mgr_get_crypt_info(fstab, key_loc, 0, sizeof(key_loc));
Ken Sumralle5032c42012-04-01 23:58:44 -07001796
Ken Sumralle1a45852011-12-14 21:24:27 -08001797 /*
1798 * Only report this error if key_loc is a file and it exists.
1799 * If the device was never encrypted, and /data is not mountable for
1800 * some reason, returning 1 should prevent the UI from presenting the
1801 * a "enter password" screen, or worse, a "press button to wipe the
1802 * device" screen.
1803 */
1804 if ((key_loc[0] == '/') && (access("key_loc", F_OK) == -1)) {
1805 SLOGE("master key file does not exist, aborting");
Paul Lawrence74f29f12014-08-28 15:54:10 -07001806 return CRYPTO_COMPLETE_NOT_ENCRYPTED;
Ken Sumralle1a45852011-12-14 21:24:27 -08001807 } else {
1808 SLOGE("Error getting crypt footer and key\n");
Paul Lawrence74f29f12014-08-28 15:54:10 -07001809 return CRYPTO_COMPLETE_BAD_METADATA;
Ken Sumralle1a45852011-12-14 21:24:27 -08001810 }
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08001811 }
1812
Paul Lawrence74f29f12014-08-28 15:54:10 -07001813 // Test for possible error flags
1814 if (crypt_ftr.flags & CRYPT_ENCRYPTION_IN_PROGRESS){
1815 SLOGE("Encryption process is partway completed\n");
1816 return CRYPTO_COMPLETE_PARTIAL;
1817 }
1818
1819 if (crypt_ftr.flags & CRYPT_INCONSISTENT_STATE){
1820 SLOGE("Encryption process was interrupted but cannot continue\n");
1821 return CRYPTO_COMPLETE_INCONSISTENT;
1822 }
1823
1824 if (crypt_ftr.flags & CRYPT_DATA_CORRUPT){
1825 SLOGE("Encryption is successful but data is corrupt\n");
1826 return CRYPTO_COMPLETE_CORRUPT;
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08001827 }
1828
1829 /* We passed the test! We shall diminish, and return to the west */
Paul Lawrence74f29f12014-08-28 15:54:10 -07001830 return CRYPTO_COMPLETE_ENCRYPTED;
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08001831}
1832
Paul Lawrencef4faa572014-01-29 13:31:03 -08001833static int test_mount_encrypted_fs(struct crypt_mnt_ftr* crypt_ftr,
1834 char *passwd, char *mount_point, char *label)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001835{
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001836 /* Allocate enough space for a 256 bit key, but we may use less */
Ken Sumrall160b4d62013-04-22 12:15:39 -07001837 unsigned char decrypted_master_key[32];
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001838 char crypto_blkdev[MAXPATHLEN];
1839 char real_blkdev[MAXPATHLEN];
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001840 char tmp_mount_point[64];
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001841 unsigned int orig_failed_decrypt_count;
1842 int rc;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001843 int use_keymaster = 0;
1844 int upgrade = 0;
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001845 unsigned char* intermediate_key = 0;
1846 size_t intermediate_key_size = 0;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001847
Paul Lawrencef4faa572014-01-29 13:31:03 -08001848 SLOGD("crypt_ftr->fs_size = %lld\n", crypt_ftr->fs_size);
1849 orig_failed_decrypt_count = crypt_ftr->failed_decrypt_count;
Ken Sumrall0cc16632011-01-18 20:32:26 -08001850
Paul Lawrencef4faa572014-01-29 13:31:03 -08001851 if (! (crypt_ftr->flags & CRYPT_MNT_KEY_UNENCRYPTED) ) {
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001852 if (decrypt_master_key(passwd, decrypted_master_key, crypt_ftr,
1853 &intermediate_key, &intermediate_key_size)) {
JP Abgrall7bdfa522013-11-15 13:42:56 -08001854 SLOGE("Failed to decrypt master key\n");
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001855 rc = -1;
1856 goto errout;
JP Abgrall7bdfa522013-11-15 13:42:56 -08001857 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001858 }
1859
Paul Lawrencef4faa572014-01-29 13:31:03 -08001860 fs_mgr_get_crypt_info(fstab, 0, real_blkdev, sizeof(real_blkdev));
1861
Ajay Dudani87701e22014-09-17 21:02:52 -07001862#ifdef CONFIG_HW_DISK_ENCRYPTION
Iliyan Malchevbb7d9af2014-11-20 18:42:23 -08001863 if (!strcmp((char *)crypt_ftr->crypto_type_name, "aes-xts")) {
1864 if(!set_hw_device_encryption_key(passwd, (char*) crypt_ftr->crypto_type_name)) {
1865 SLOGE("Hardware encryption key does not match");
1866 }
Ajay Dudani87701e22014-09-17 21:02:52 -07001867 }
1868#endif
1869
Paul Lawrence74f29f12014-08-28 15:54:10 -07001870 // Create crypto block device - all (non fatal) code paths
1871 // need it
Paul Lawrencef4faa572014-01-29 13:31:03 -08001872 if (create_crypto_blk_dev(crypt_ftr, decrypted_master_key,
1873 real_blkdev, crypto_blkdev, label)) {
Paul Lawrence74f29f12014-08-28 15:54:10 -07001874 SLOGE("Error creating decrypted block device\n");
1875 rc = -1;
1876 goto errout;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001877 }
1878
Paul Lawrence74f29f12014-08-28 15:54:10 -07001879 /* Work out if the problem is the password or the data */
1880 unsigned char scrypted_intermediate_key[sizeof(crypt_ftr->
1881 scrypted_intermediate_key)];
1882 int N = 1 << crypt_ftr->N_factor;
1883 int r = 1 << crypt_ftr->r_factor;
1884 int p = 1 << crypt_ftr->p_factor;
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001885
Paul Lawrence74f29f12014-08-28 15:54:10 -07001886 rc = crypto_scrypt(intermediate_key, intermediate_key_size,
1887 crypt_ftr->salt, sizeof(crypt_ftr->salt),
1888 N, r, p, scrypted_intermediate_key,
1889 sizeof(scrypted_intermediate_key));
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001890
Paul Lawrence74f29f12014-08-28 15:54:10 -07001891 // Does the key match the crypto footer?
1892 if (rc == 0 && memcmp(scrypted_intermediate_key,
1893 crypt_ftr->scrypted_intermediate_key,
1894 sizeof(scrypted_intermediate_key)) == 0) {
1895 SLOGI("Password matches");
1896 rc = 0;
1897 } else {
1898 /* Try mounting the file system anyway, just in case the problem's with
1899 * the footer, not the key. */
George Burgess IV605d7ae2016-02-29 13:39:17 -08001900 snprintf(tmp_mount_point, sizeof(tmp_mount_point), "%s/tmp_mnt",
1901 mount_point);
Paul Lawrence74f29f12014-08-28 15:54:10 -07001902 mkdir(tmp_mount_point, 0755);
1903 if (fs_mgr_do_mount(fstab, DATA_MNT_POINT, crypto_blkdev, tmp_mount_point)) {
1904 SLOGE("Error temp mounting decrypted block device\n");
1905 delete_crypto_blk_dev(label);
1906
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001907 rc = ++crypt_ftr->failed_decrypt_count;
1908 put_crypt_ftr_and_key(crypt_ftr);
Paul Lawrence74f29f12014-08-28 15:54:10 -07001909 } else {
1910 /* Success! */
1911 SLOGI("Password did not match but decrypted drive mounted - continue");
1912 umount(tmp_mount_point);
1913 rc = 0;
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001914 }
Paul Lawrence74f29f12014-08-28 15:54:10 -07001915 }
1916
1917 if (rc == 0) {
1918 crypt_ftr->failed_decrypt_count = 0;
Paul Lawrence72b8b822014-10-05 12:57:37 -07001919 if (orig_failed_decrypt_count != 0) {
1920 put_crypt_ftr_and_key(crypt_ftr);
1921 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001922
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001923 /* Save the name of the crypto block device
Paul Lawrence74f29f12014-08-28 15:54:10 -07001924 * so we can mount it when restarting the framework. */
Ken Sumrall6864b7e2011-01-14 15:20:02 -08001925 property_set("ro.crypto.fs_crypto_blkdev", crypto_blkdev);
Jason parks70a4b3f2011-01-28 10:10:47 -06001926
1927 /* Also save a the master key so we can reencrypted the key
Paul Lawrence74f29f12014-08-28 15:54:10 -07001928 * the key when we want to change the password on it. */
Jason parks70a4b3f2011-01-28 10:10:47 -06001929 memcpy(saved_master_key, decrypted_master_key, KEY_LEN_BYTES);
Ken Sumrall3ad90722011-10-04 20:38:29 -07001930 saved_mount_point = strdup(mount_point);
Jason parks70a4b3f2011-01-28 10:10:47 -06001931 master_key_saved = 1;
JP Abgrall7bdfa522013-11-15 13:42:56 -08001932 SLOGD("%s(): Master key saved\n", __FUNCTION__);
Ken Sumrall6864b7e2011-01-14 15:20:02 -08001933 rc = 0;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001934
Paul Lawrence74f29f12014-08-28 15:54:10 -07001935 // Upgrade if we're not using the latest KDF.
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001936 use_keymaster = keymaster_check_compatibility();
1937 if (crypt_ftr->kdf_type == KDF_SCRYPT_KEYMASTER) {
Shawn Willden47ba10d2014-09-03 17:07:06 -06001938 // Don't allow downgrade
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001939 } else if (use_keymaster == 1 && crypt_ftr->kdf_type != KDF_SCRYPT_KEYMASTER) {
1940 crypt_ftr->kdf_type = KDF_SCRYPT_KEYMASTER;
1941 upgrade = 1;
1942 } else if (use_keymaster == 0 && crypt_ftr->kdf_type != KDF_SCRYPT) {
Paul Lawrencef4faa572014-01-29 13:31:03 -08001943 crypt_ftr->kdf_type = KDF_SCRYPT;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001944 upgrade = 1;
1945 }
1946
1947 if (upgrade) {
Paul Lawrencef4faa572014-01-29 13:31:03 -08001948 rc = encrypt_master_key(passwd, crypt_ftr->salt, saved_master_key,
1949 crypt_ftr->master_key, crypt_ftr);
JP Abgrall7bdfa522013-11-15 13:42:56 -08001950 if (!rc) {
Paul Lawrencef4faa572014-01-29 13:31:03 -08001951 rc = put_crypt_ftr_and_key(crypt_ftr);
JP Abgrall7bdfa522013-11-15 13:42:56 -08001952 }
1953 SLOGD("Key Derivation Function upgrade: rc=%d\n", rc);
Paul Lawrenceb2f682b2014-09-08 11:28:19 -07001954
1955 // Do not fail even if upgrade failed - machine is bootable
1956 // Note that if this code is ever hit, there is a *serious* problem
1957 // since KDFs should never fail. You *must* fix the kdf before
1958 // proceeding!
1959 if (rc) {
1960 SLOGW("Upgrade failed with error %d,"
1961 " but continuing with previous state",
1962 rc);
1963 rc = 0;
1964 }
JP Abgrall7bdfa522013-11-15 13:42:56 -08001965 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001966 }
1967
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001968 errout:
1969 if (intermediate_key) {
1970 memset(intermediate_key, 0, intermediate_key_size);
1971 free(intermediate_key);
1972 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001973 return rc;
1974}
1975
Ken Sumrall29d8da82011-05-18 17:20:07 -07001976/*
Jeff Sharkey9c484982015-03-31 10:35:33 -07001977 * Called by vold when it's asked to mount an encrypted external
1978 * storage volume. The incoming partition has no crypto header/footer,
1979 * as any metadata is been stored in a separate, small partition.
1980 *
1981 * out_crypto_blkdev must be MAXPATHLEN.
Ken Sumrall29d8da82011-05-18 17:20:07 -07001982 */
Jeff Sharkey9c484982015-03-31 10:35:33 -07001983int cryptfs_setup_ext_volume(const char* label, const char* real_blkdev,
1984 const unsigned char* key, int keysize, char* out_crypto_blkdev) {
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07001985 int fd = open(real_blkdev, O_RDONLY|O_CLOEXEC);
Hiroaki Miyazawa14eab552015-02-04 13:29:15 +09001986 if (fd == -1) {
Jeff Sharkey9c484982015-03-31 10:35:33 -07001987 SLOGE("Failed to open %s: %s", real_blkdev, strerror(errno));
Hiroaki Miyazawa14eab552015-02-04 13:29:15 +09001988 return -1;
1989 }
1990
1991 unsigned long nr_sec = 0;
1992 get_blkdev_size(fd, &nr_sec);
Ken Sumrall29d8da82011-05-18 17:20:07 -07001993 close(fd);
Hiroaki Miyazawa14eab552015-02-04 13:29:15 +09001994
Ken Sumrall29d8da82011-05-18 17:20:07 -07001995 if (nr_sec == 0) {
Jeff Sharkey9c484982015-03-31 10:35:33 -07001996 SLOGE("Failed to get size of %s: %s", real_blkdev, strerror(errno));
Ken Sumrall29d8da82011-05-18 17:20:07 -07001997 return -1;
1998 }
1999
Jeff Sharkey9c484982015-03-31 10:35:33 -07002000 struct crypt_mnt_ftr ext_crypt_ftr;
2001 memset(&ext_crypt_ftr, 0, sizeof(ext_crypt_ftr));
2002 ext_crypt_ftr.fs_size = nr_sec;
2003 ext_crypt_ftr.keysize = keysize;
2004 strcpy((char*) ext_crypt_ftr.crypto_type_name, "aes-cbc-essiv:sha256");
Ken Sumrall29d8da82011-05-18 17:20:07 -07002005
Jeff Sharkey9c484982015-03-31 10:35:33 -07002006 return create_crypto_blk_dev(&ext_crypt_ftr, key, real_blkdev,
2007 out_crypto_blkdev, label);
2008}
Ken Sumrall29d8da82011-05-18 17:20:07 -07002009
Jeff Sharkey9c484982015-03-31 10:35:33 -07002010/*
2011 * Called by vold when it's asked to unmount an encrypted external
2012 * storage volume.
2013 */
2014int cryptfs_revert_ext_volume(const char* label) {
2015 return delete_crypto_blk_dev((char*) label);
Ken Sumrall29d8da82011-05-18 17:20:07 -07002016}
2017
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08002018int cryptfs_crypto_complete(void)
2019{
2020 return do_crypto_complete("/data");
2021}
2022
Paul Lawrencef4faa572014-01-29 13:31:03 -08002023int check_unmounted_and_get_ftr(struct crypt_mnt_ftr* crypt_ftr)
2024{
2025 char encrypted_state[PROPERTY_VALUE_MAX];
2026 property_get("ro.crypto.state", encrypted_state, "");
2027 if ( master_key_saved || strcmp(encrypted_state, "encrypted") ) {
2028 SLOGE("encrypted fs already validated or not running with encryption,"
2029 " aborting");
2030 return -1;
2031 }
2032
2033 if (get_crypt_ftr_and_key(crypt_ftr)) {
2034 SLOGE("Error getting crypt footer and key");
2035 return -1;
2036 }
2037
2038 return 0;
2039}
2040
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002041int cryptfs_check_passwd(char *passwd)
2042{
Paul Lawrence05335c32015-03-05 09:46:23 -08002043 SLOGI("cryptfs_check_passwd");
Paul Crowley38132a12016-02-09 09:50:32 +00002044 if (e4crypt_is_native()) {
Paul Lawrence7b6b5652016-02-02 11:14:59 -08002045 SLOGE("cryptfs_check_passwd not valid for file encryption");
2046 return -1;
Paul Lawrence05335c32015-03-05 09:46:23 -08002047 }
2048
Paul Lawrencef4faa572014-01-29 13:31:03 -08002049 struct crypt_mnt_ftr crypt_ftr;
2050 int rc;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002051
Paul Lawrencef4faa572014-01-29 13:31:03 -08002052 rc = check_unmounted_and_get_ftr(&crypt_ftr);
Paul Lawrence3d99eba2015-11-20 07:07:19 -08002053 if (rc) {
2054 SLOGE("Could not get footer");
Paul Lawrencef4faa572014-01-29 13:31:03 -08002055 return rc;
Paul Lawrence3d99eba2015-11-20 07:07:19 -08002056 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002057
Paul Lawrence3bd36d52015-06-09 13:37:44 -07002058 rc = test_mount_encrypted_fs(&crypt_ftr, passwd,
Paul Lawrence3d99eba2015-11-20 07:07:19 -08002059 DATA_MNT_POINT, CRYPTO_BLOCK_DEVICE);
2060 if (rc) {
2061 SLOGE("Password did not match");
2062 return rc;
2063 }
Paul Lawrence684dbdf2014-02-07 12:07:22 -08002064
Paul Lawrence3d99eba2015-11-20 07:07:19 -08002065 if (crypt_ftr.flags & CRYPT_FORCE_COMPLETE) {
2066 // Here we have a default actual password but a real password
2067 // we must test against the scrypted value
2068 // First, we must delete the crypto block device that
2069 // test_mount_encrypted_fs leaves behind as a side effect
2070 delete_crypto_blk_dev(CRYPTO_BLOCK_DEVICE);
2071 rc = test_mount_encrypted_fs(&crypt_ftr, DEFAULT_PASSWORD,
2072 DATA_MNT_POINT, CRYPTO_BLOCK_DEVICE);
2073 if (rc) {
2074 SLOGE("Default password did not match on reboot encryption");
2075 return rc;
2076 }
2077
2078 crypt_ftr.flags &= ~CRYPT_FORCE_COMPLETE;
2079 put_crypt_ftr_and_key(&crypt_ftr);
2080 rc = cryptfs_changepw(crypt_ftr.crypt_type, passwd);
2081 if (rc) {
2082 SLOGE("Could not change password on reboot encryption");
2083 return rc;
2084 }
2085 }
2086
2087 if (crypt_ftr.crypt_type != CRYPT_TYPE_DEFAULT) {
Paul Lawrence399317e2014-03-10 13:20:50 -07002088 cryptfs_clear_password();
2089 password = strdup(passwd);
2090 struct timespec now;
2091 clock_gettime(CLOCK_BOOTTIME, &now);
2092 password_expiry_time = now.tv_sec + password_max_age_seconds;
Paul Lawrence684dbdf2014-02-07 12:07:22 -08002093 }
2094
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002095 return rc;
2096}
2097
Ken Sumrall3ad90722011-10-04 20:38:29 -07002098int cryptfs_verify_passwd(char *passwd)
2099{
2100 struct crypt_mnt_ftr crypt_ftr;
2101 /* Allocate enough space for a 256 bit key, but we may use less */
Ken Sumrall160b4d62013-04-22 12:15:39 -07002102 unsigned char decrypted_master_key[32];
Ken Sumrall3ad90722011-10-04 20:38:29 -07002103 char encrypted_state[PROPERTY_VALUE_MAX];
2104 int rc;
2105
2106 property_get("ro.crypto.state", encrypted_state, "");
2107 if (strcmp(encrypted_state, "encrypted") ) {
2108 SLOGE("device not encrypted, aborting");
2109 return -2;
2110 }
2111
2112 if (!master_key_saved) {
2113 SLOGE("encrypted fs not yet mounted, aborting");
2114 return -1;
2115 }
2116
2117 if (!saved_mount_point) {
2118 SLOGE("encrypted fs failed to save mount point, aborting");
2119 return -1;
2120 }
2121
Ken Sumrall160b4d62013-04-22 12:15:39 -07002122 if (get_crypt_ftr_and_key(&crypt_ftr)) {
Ken Sumrall3ad90722011-10-04 20:38:29 -07002123 SLOGE("Error getting crypt footer and key\n");
2124 return -1;
2125 }
2126
2127 if (crypt_ftr.flags & CRYPT_MNT_KEY_UNENCRYPTED) {
2128 /* If the device has no password, then just say the password is valid */
2129 rc = 0;
2130 } else {
Paul Lawrenced0c7b172014-08-08 14:28:10 -07002131 decrypt_master_key(passwd, decrypted_master_key, &crypt_ftr, 0, 0);
Ken Sumrall3ad90722011-10-04 20:38:29 -07002132 if (!memcmp(decrypted_master_key, saved_master_key, crypt_ftr.keysize)) {
2133 /* They match, the password is correct */
2134 rc = 0;
2135 } else {
2136 /* If incorrect, sleep for a bit to prevent dictionary attacks */
2137 sleep(1);
2138 rc = 1;
2139 }
2140 }
2141
2142 return rc;
2143}
2144
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002145/* Initialize a crypt_mnt_ftr structure. The keysize is
2146 * defaulted to 16 bytes, and the filesystem size to 0.
2147 * Presumably, at a minimum, the caller will update the
2148 * filesystem size and crypto_type_name after calling this function.
2149 */
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07002150static int cryptfs_init_crypt_mnt_ftr(struct crypt_mnt_ftr *ftr)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002151{
Ken Sumrall160b4d62013-04-22 12:15:39 -07002152 off64_t off;
2153
2154 memset(ftr, 0, sizeof(struct crypt_mnt_ftr));
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002155 ftr->magic = CRYPT_MNT_MAGIC;
Kenny Rootc96a5f82013-06-14 12:08:28 -07002156 ftr->major_version = CURRENT_MAJOR_VERSION;
2157 ftr->minor_version = CURRENT_MINOR_VERSION;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002158 ftr->ftr_size = sizeof(struct crypt_mnt_ftr);
Jason parks70a4b3f2011-01-28 10:10:47 -06002159 ftr->keysize = KEY_LEN_BYTES;
Ken Sumrall160b4d62013-04-22 12:15:39 -07002160
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07002161 switch (keymaster_check_compatibility()) {
2162 case 1:
2163 ftr->kdf_type = KDF_SCRYPT_KEYMASTER;
2164 break;
2165
2166 case 0:
2167 ftr->kdf_type = KDF_SCRYPT;
2168 break;
2169
2170 default:
2171 SLOGE("keymaster_check_compatibility failed");
2172 return -1;
2173 }
2174
Kenny Rootc4c70f12013-06-14 12:11:38 -07002175 get_device_scrypt_params(ftr);
2176
Ken Sumrall160b4d62013-04-22 12:15:39 -07002177 ftr->persist_data_size = CRYPT_PERSIST_DATA_SIZE;
2178 if (get_crypt_ftr_info(NULL, &off) == 0) {
2179 ftr->persist_data_offset[0] = off + CRYPT_FOOTER_TO_PERSIST_OFFSET;
2180 ftr->persist_data_offset[1] = off + CRYPT_FOOTER_TO_PERSIST_OFFSET +
2181 ftr->persist_data_size;
2182 }
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07002183
2184 return 0;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002185}
2186
Ken Sumrall29d8da82011-05-18 17:20:07 -07002187static int cryptfs_enable_wipe(char *crypto_blkdev, off64_t size, int type)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002188{
Ken Sumralle550f782013-08-20 13:48:23 -07002189 const char *args[10];
2190 char size_str[32]; /* Must be large enough to hold a %lld and null byte */
2191 int num_args;
2192 int status;
2193 int tmp;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002194 int rc = -1;
2195
Ken Sumrall29d8da82011-05-18 17:20:07 -07002196 if (type == EXT4_FS) {
Adrien Schildknechte0f409c2016-11-21 15:14:37 -08002197#ifdef TARGET_USES_MKE2FS
2198 args[0] = "/system/bin/mke2fs";
2199 args[1] = "-M";
2200 args[2] = "/data";
2201 args[3] = "-b";
2202 args[4] = "4096";
2203 args[5] = "-t";
2204 args[6] = "ext4";
2205 args[7] = crypto_blkdev;
2206 snprintf(size_str, sizeof(size_str), "%" PRId64, size / (4096 / 512));
2207 args[8] = size_str;
2208 num_args = 9;
2209#else
Ken Sumralle550f782013-08-20 13:48:23 -07002210 args[0] = "/system/bin/make_ext4fs";
2211 args[1] = "-a";
2212 args[2] = "/data";
2213 args[3] = "-l";
Elliott Hughes73737162014-06-25 17:27:42 -07002214 snprintf(size_str, sizeof(size_str), "%" PRId64, size * 512);
Ken Sumralle550f782013-08-20 13:48:23 -07002215 args[4] = size_str;
2216 args[5] = crypto_blkdev;
2217 num_args = 6;
Adrien Schildknechte0f409c2016-11-21 15:14:37 -08002218#endif
Ken Sumralle550f782013-08-20 13:48:23 -07002219 SLOGI("Making empty filesystem with command %s %s %s %s %s %s\n",
2220 args[0], args[1], args[2], args[3], args[4], args[5]);
JP Abgrall62c7af32014-06-16 13:01:23 -07002221 } else if (type == F2FS_FS) {
2222 args[0] = "/system/bin/mkfs.f2fs";
2223 args[1] = "-t";
2224 args[2] = "-d1";
2225 args[3] = crypto_blkdev;
Elliott Hughes73737162014-06-25 17:27:42 -07002226 snprintf(size_str, sizeof(size_str), "%" PRId64, size);
JP Abgrall62c7af32014-06-16 13:01:23 -07002227 args[4] = size_str;
2228 num_args = 5;
2229 SLOGI("Making empty filesystem with command %s %s %s %s %s\n",
2230 args[0], args[1], args[2], args[3], args[4]);
Ken Sumrall29d8da82011-05-18 17:20:07 -07002231 } else {
2232 SLOGE("cryptfs_enable_wipe(): unknown filesystem type %d\n", type);
2233 return -1;
2234 }
2235
Ken Sumralle550f782013-08-20 13:48:23 -07002236 tmp = android_fork_execvp(num_args, (char **)args, &status, false, true);
2237
2238 if (tmp != 0) {
2239 SLOGE("Error creating empty filesystem on %s due to logwrap error\n", crypto_blkdev);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002240 } else {
Ken Sumralle550f782013-08-20 13:48:23 -07002241 if (WIFEXITED(status)) {
2242 if (WEXITSTATUS(status)) {
2243 SLOGE("Error creating filesystem on %s, exit status %d ",
2244 crypto_blkdev, WEXITSTATUS(status));
2245 } else {
2246 SLOGD("Successfully created filesystem on %s\n", crypto_blkdev);
2247 rc = 0;
2248 }
2249 } else {
2250 SLOGE("Error creating filesystem on %s, did not exit normally\n", crypto_blkdev);
2251 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002252 }
2253
2254 return rc;
2255}
2256
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002257#define CRYPT_INPLACE_BUFSIZE 4096
Paul Lawrence87999172014-02-20 12:21:31 -08002258#define CRYPT_SECTORS_PER_BUFSIZE (CRYPT_INPLACE_BUFSIZE / CRYPT_SECTOR_SIZE)
2259#define CRYPT_SECTOR_SIZE 512
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002260
2261/* aligned 32K writes tends to make flash happy.
2262 * SD card association recommends it.
2263 */
Ajay Dudani87701e22014-09-17 21:02:52 -07002264#ifndef CONFIG_HW_DISK_ENCRYPTION
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002265#define BLOCKS_AT_A_TIME 8
Ajay Dudani87701e22014-09-17 21:02:52 -07002266#else
2267#define BLOCKS_AT_A_TIME 1024
2268#endif
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002269
2270struct encryptGroupsData
2271{
2272 int realfd;
2273 int cryptofd;
2274 off64_t numblocks;
2275 off64_t one_pct, cur_pct, new_pct;
2276 off64_t blocks_already_done, tot_numblocks;
Paul Lawrence58c58cf2014-06-04 13:12:21 -07002277 off64_t used_blocks_already_done, tot_used_blocks;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002278 char* real_blkdev, * crypto_blkdev;
2279 int count;
2280 off64_t offset;
2281 char* buffer;
Paul Lawrence87999172014-02-20 12:21:31 -08002282 off64_t last_written_sector;
2283 int completed;
Paul Lawrencea96d9c92014-06-04 14:05:01 -07002284 time_t time_started;
2285 int remaining_time;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002286};
2287
Paul Lawrence58c58cf2014-06-04 13:12:21 -07002288static void update_progress(struct encryptGroupsData* data, int is_used)
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002289{
2290 data->blocks_already_done++;
Paul Lawrence58c58cf2014-06-04 13:12:21 -07002291
2292 if (is_used) {
2293 data->used_blocks_already_done++;
2294 }
Paul Lawrence58c58cf2014-06-04 13:12:21 -07002295 if (data->tot_used_blocks) {
2296 data->new_pct = data->used_blocks_already_done / data->one_pct;
2297 } else {
2298 data->new_pct = data->blocks_already_done / data->one_pct;
2299 }
2300
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002301 if (data->new_pct > data->cur_pct) {
2302 char buf[8];
2303 data->cur_pct = data->new_pct;
Elliott Hughescb33f572014-06-25 18:25:11 -07002304 snprintf(buf, sizeof(buf), "%" PRId64, data->cur_pct);
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002305 property_set("vold.encrypt_progress", buf);
2306 }
Paul Lawrencea96d9c92014-06-04 14:05:01 -07002307
2308 if (data->cur_pct >= 5) {
Paul Lawrence9c58a872014-09-30 09:12:51 -07002309 struct timespec time_now;
2310 if (clock_gettime(CLOCK_MONOTONIC, &time_now)) {
2311 SLOGW("Error getting time");
2312 } else {
2313 double elapsed_time = difftime(time_now.tv_sec, data->time_started);
2314 off64_t remaining_blocks = data->tot_used_blocks
2315 - data->used_blocks_already_done;
2316 int remaining_time = (int)(elapsed_time * remaining_blocks
2317 / data->used_blocks_already_done);
Paul Lawrence71577502014-08-13 14:55:55 -07002318
Paul Lawrence9c58a872014-09-30 09:12:51 -07002319 // Change time only if not yet set, lower, or a lot higher for
2320 // best user experience
2321 if (data->remaining_time == -1
2322 || remaining_time < data->remaining_time
2323 || remaining_time > data->remaining_time + 60) {
2324 char buf[8];
2325 snprintf(buf, sizeof(buf), "%d", remaining_time);
2326 property_set("vold.encrypt_time_remaining", buf);
2327 data->remaining_time = remaining_time;
2328 }
Paul Lawrencea96d9c92014-06-04 14:05:01 -07002329 }
2330 }
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002331}
2332
Paul Lawrence3846be12014-09-22 11:33:54 -07002333static void log_progress(struct encryptGroupsData const* data, bool completed)
2334{
2335 // Precondition - if completed data = 0 else data != 0
2336
2337 // Track progress so we can skip logging blocks
2338 static off64_t offset = -1;
2339
2340 // Need to close existing 'Encrypting from' log?
2341 if (completed || (offset != -1 && data->offset != offset)) {
2342 SLOGI("Encrypted to sector %" PRId64,
2343 offset / info.block_size * CRYPT_SECTOR_SIZE);
2344 offset = -1;
2345 }
2346
2347 // Need to start new 'Encrypting from' log?
2348 if (!completed && offset != data->offset) {
2349 SLOGI("Encrypting from sector %" PRId64,
2350 data->offset / info.block_size * CRYPT_SECTOR_SIZE);
2351 }
2352
2353 // Update offset
2354 if (!completed) {
2355 offset = data->offset + (off64_t)data->count * info.block_size;
2356 }
2357}
2358
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002359static int flush_outstanding_data(struct encryptGroupsData* data)
2360{
2361 if (data->count == 0) {
2362 return 0;
2363 }
2364
Elliott Hughes231bdba2014-06-25 18:36:19 -07002365 SLOGV("Copying %d blocks at offset %" PRIx64, data->count, data->offset);
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002366
2367 if (pread64(data->realfd, data->buffer,
2368 info.block_size * data->count, data->offset)
2369 <= 0) {
2370 SLOGE("Error reading real_blkdev %s for inplace encrypt",
2371 data->real_blkdev);
2372 return -1;
2373 }
2374
2375 if (pwrite64(data->cryptofd, data->buffer,
2376 info.block_size * data->count, data->offset)
2377 <= 0) {
2378 SLOGE("Error writing crypto_blkdev %s for inplace encrypt",
2379 data->crypto_blkdev);
2380 return -1;
Paul Lawrence87999172014-02-20 12:21:31 -08002381 } else {
Paul Lawrence3846be12014-09-22 11:33:54 -07002382 log_progress(data, false);
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002383 }
2384
2385 data->count = 0;
Paul Lawrence87999172014-02-20 12:21:31 -08002386 data->last_written_sector = (data->offset + data->count)
2387 / info.block_size * CRYPT_SECTOR_SIZE - 1;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002388 return 0;
2389}
2390
2391static int encrypt_groups(struct encryptGroupsData* data)
2392{
2393 unsigned int i;
2394 u8 *block_bitmap = 0;
2395 unsigned int block;
2396 off64_t ret;
2397 int rc = -1;
2398
2399 data->buffer = malloc(info.block_size * BLOCKS_AT_A_TIME);
2400 if (!data->buffer) {
2401 SLOGE("Failed to allocate crypto buffer");
2402 goto errout;
2403 }
2404
2405 block_bitmap = malloc(info.block_size);
2406 if (!block_bitmap) {
2407 SLOGE("failed to allocate block bitmap");
2408 goto errout;
2409 }
2410
2411 for (i = 0; i < aux_info.groups; ++i) {
2412 SLOGI("Encrypting group %d", i);
2413
2414 u32 first_block = aux_info.first_data_block + i * info.blocks_per_group;
2415 u32 block_count = min(info.blocks_per_group,
2416 aux_info.len_blocks - first_block);
2417
2418 off64_t offset = (u64)info.block_size
2419 * aux_info.bg_desc[i].bg_block_bitmap;
2420
2421 ret = pread64(data->realfd, block_bitmap, info.block_size, offset);
2422 if (ret != (int)info.block_size) {
2423 SLOGE("failed to read all of block group bitmap %d", i);
2424 goto errout;
2425 }
2426
2427 offset = (u64)info.block_size * first_block;
2428
2429 data->count = 0;
2430
2431 for (block = 0; block < block_count; block++) {
liminghaoaa08e582016-01-06 10:30:49 +08002432 int used = (aux_info.bg_desc[i].bg_flags & EXT4_BG_BLOCK_UNINIT) ?
2433 0 : bitmap_get_bit(block_bitmap, block);
Paul Lawrence58c58cf2014-06-04 13:12:21 -07002434 update_progress(data, used);
2435 if (used) {
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002436 if (data->count == 0) {
2437 data->offset = offset;
2438 }
2439 data->count++;
2440 } else {
2441 if (flush_outstanding_data(data)) {
2442 goto errout;
2443 }
2444 }
2445
2446 offset += info.block_size;
2447
2448 /* Write data if we are aligned or buffer size reached */
2449 if (offset % (info.block_size * BLOCKS_AT_A_TIME) == 0
2450 || data->count == BLOCKS_AT_A_TIME) {
2451 if (flush_outstanding_data(data)) {
2452 goto errout;
2453 }
2454 }
Paul Lawrence87999172014-02-20 12:21:31 -08002455
Paul Lawrence73d7a022014-06-09 14:10:09 -07002456 if (!is_battery_ok_to_continue()) {
Paul Lawrence87999172014-02-20 12:21:31 -08002457 SLOGE("Stopping encryption due to low battery");
2458 rc = 0;
2459 goto errout;
2460 }
2461
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002462 }
2463 if (flush_outstanding_data(data)) {
2464 goto errout;
2465 }
2466 }
2467
Paul Lawrence87999172014-02-20 12:21:31 -08002468 data->completed = 1;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002469 rc = 0;
2470
2471errout:
Paul Lawrence3846be12014-09-22 11:33:54 -07002472 log_progress(0, true);
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002473 free(data->buffer);
2474 free(block_bitmap);
2475 return rc;
2476}
2477
2478static int cryptfs_enable_inplace_ext4(char *crypto_blkdev,
2479 char *real_blkdev,
2480 off64_t size,
2481 off64_t *size_already_done,
Paul Lawrence87999172014-02-20 12:21:31 -08002482 off64_t tot_size,
2483 off64_t previously_encrypted_upto)
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002484{
Paul Lawrence58c58cf2014-06-04 13:12:21 -07002485 u32 i;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002486 struct encryptGroupsData data;
Paul Lawrence74f29f12014-08-28 15:54:10 -07002487 int rc; // Can't initialize without causing warning -Wclobbered
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002488
Paul Lawrence87999172014-02-20 12:21:31 -08002489 if (previously_encrypted_upto > *size_already_done) {
2490 SLOGD("Not fast encrypting since resuming part way through");
2491 return -1;
2492 }
2493
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002494 memset(&data, 0, sizeof(data));
2495 data.real_blkdev = real_blkdev;
2496 data.crypto_blkdev = crypto_blkdev;
2497
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07002498 if ( (data.realfd = open(real_blkdev, O_RDWR|O_CLOEXEC)) < 0) {
JP Abgrall3334c6a2014-10-10 15:52:11 -07002499 SLOGE("Error opening real_blkdev %s for inplace encrypt. err=%d(%s)\n",
2500 real_blkdev, errno, strerror(errno));
Paul Lawrence74f29f12014-08-28 15:54:10 -07002501 rc = -1;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002502 goto errout;
2503 }
2504
David Ng82fd8042015-01-21 13:55:21 -08002505 // Wait until the block device appears. Re-use the mount retry values since it is reasonable.
2506 int retries = RETRY_MOUNT_ATTEMPTS;
2507 while ((data.cryptofd = open(crypto_blkdev, O_WRONLY|O_CLOEXEC)) < 0) {
2508 if (--retries) {
2509 SLOGE("Error opening crypto_blkdev %s for ext4 inplace encrypt. err=%d(%s), retrying\n",
2510 crypto_blkdev, errno, strerror(errno));
2511 sleep(RETRY_MOUNT_DELAY_SECONDS);
2512 } else {
2513 SLOGE("Error opening crypto_blkdev %s for ext4 inplace encrypt. err=%d(%s)\n",
2514 crypto_blkdev, errno, strerror(errno));
2515 rc = ENABLE_INPLACE_ERR_DEV;
2516 goto errout;
2517 }
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002518 }
2519
2520 if (setjmp(setjmp_env)) {
JP Abgrall7fc1de82014-10-10 18:43:41 -07002521 SLOGE("Reading ext4 extent caused an exception\n");
Paul Lawrence74f29f12014-08-28 15:54:10 -07002522 rc = -1;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002523 goto errout;
2524 }
2525
2526 if (read_ext(data.realfd, 0) != 0) {
JP Abgrall7fc1de82014-10-10 18:43:41 -07002527 SLOGE("Failed to read ext4 extent\n");
Paul Lawrence74f29f12014-08-28 15:54:10 -07002528 rc = -1;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002529 goto errout;
2530 }
2531
2532 data.numblocks = size / CRYPT_SECTORS_PER_BUFSIZE;
2533 data.tot_numblocks = tot_size / CRYPT_SECTORS_PER_BUFSIZE;
2534 data.blocks_already_done = *size_already_done / CRYPT_SECTORS_PER_BUFSIZE;
2535
JP Abgrall7fc1de82014-10-10 18:43:41 -07002536 SLOGI("Encrypting ext4 filesystem in place...");
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002537
Paul Lawrence58c58cf2014-06-04 13:12:21 -07002538 data.tot_used_blocks = data.numblocks;
2539 for (i = 0; i < aux_info.groups; ++i) {
2540 data.tot_used_blocks -= aux_info.bg_desc[i].bg_free_blocks_count;
2541 }
2542
2543 data.one_pct = data.tot_used_blocks / 100;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002544 data.cur_pct = 0;
Paul Lawrence9c58a872014-09-30 09:12:51 -07002545
2546 struct timespec time_started = {0};
2547 if (clock_gettime(CLOCK_MONOTONIC, &time_started)) {
2548 SLOGW("Error getting time at start");
2549 // Note - continue anyway - we'll run with 0
2550 }
2551 data.time_started = time_started.tv_sec;
Paul Lawrencea96d9c92014-06-04 14:05:01 -07002552 data.remaining_time = -1;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002553
2554 rc = encrypt_groups(&data);
2555 if (rc) {
2556 SLOGE("Error encrypting groups");
2557 goto errout;
2558 }
2559
Paul Lawrence87999172014-02-20 12:21:31 -08002560 *size_already_done += data.completed ? size : data.last_written_sector;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002561 rc = 0;
2562
2563errout:
2564 close(data.realfd);
2565 close(data.cryptofd);
2566
2567 return rc;
2568}
2569
Paul Lawrence3846be12014-09-22 11:33:54 -07002570static void log_progress_f2fs(u64 block, bool completed)
2571{
2572 // Precondition - if completed data = 0 else data != 0
2573
2574 // Track progress so we can skip logging blocks
2575 static u64 last_block = (u64)-1;
2576
2577 // Need to close existing 'Encrypting from' log?
2578 if (completed || (last_block != (u64)-1 && block != last_block + 1)) {
2579 SLOGI("Encrypted to block %" PRId64, last_block);
2580 last_block = -1;
2581 }
2582
2583 // Need to start new 'Encrypting from' log?
2584 if (!completed && (last_block == (u64)-1 || block != last_block + 1)) {
2585 SLOGI("Encrypting from block %" PRId64, block);
2586 }
2587
2588 // Update offset
2589 if (!completed) {
2590 last_block = block;
2591 }
2592}
2593
Daniel Rosenberge82df162014-08-15 22:19:23 +00002594static int encrypt_one_block_f2fs(u64 pos, void *data)
2595{
2596 struct encryptGroupsData *priv_dat = (struct encryptGroupsData *)data;
2597
2598 priv_dat->blocks_already_done = pos - 1;
2599 update_progress(priv_dat, 1);
2600
2601 off64_t offset = pos * CRYPT_INPLACE_BUFSIZE;
2602
2603 if (pread64(priv_dat->realfd, priv_dat->buffer, CRYPT_INPLACE_BUFSIZE, offset) <= 0) {
JP Abgrall7fc1de82014-10-10 18:43:41 -07002604 SLOGE("Error reading real_blkdev %s for f2fs inplace encrypt", priv_dat->crypto_blkdev);
Daniel Rosenberge82df162014-08-15 22:19:23 +00002605 return -1;
2606 }
2607
2608 if (pwrite64(priv_dat->cryptofd, priv_dat->buffer, CRYPT_INPLACE_BUFSIZE, offset) <= 0) {
JP Abgrall7fc1de82014-10-10 18:43:41 -07002609 SLOGE("Error writing crypto_blkdev %s for f2fs inplace encrypt", priv_dat->crypto_blkdev);
Daniel Rosenberge82df162014-08-15 22:19:23 +00002610 return -1;
2611 } else {
Paul Lawrence3846be12014-09-22 11:33:54 -07002612 log_progress_f2fs(pos, false);
Daniel Rosenberge82df162014-08-15 22:19:23 +00002613 }
2614
2615 return 0;
2616}
2617
2618static int cryptfs_enable_inplace_f2fs(char *crypto_blkdev,
2619 char *real_blkdev,
2620 off64_t size,
2621 off64_t *size_already_done,
2622 off64_t tot_size,
2623 off64_t previously_encrypted_upto)
2624{
Daniel Rosenberge82df162014-08-15 22:19:23 +00002625 struct encryptGroupsData data;
2626 struct f2fs_info *f2fs_info = NULL;
JP Abgrall7fc1de82014-10-10 18:43:41 -07002627 int rc = ENABLE_INPLACE_ERR_OTHER;
Daniel Rosenberge82df162014-08-15 22:19:23 +00002628 if (previously_encrypted_upto > *size_already_done) {
2629 SLOGD("Not fast encrypting since resuming part way through");
JP Abgrall7fc1de82014-10-10 18:43:41 -07002630 return ENABLE_INPLACE_ERR_OTHER;
Daniel Rosenberge82df162014-08-15 22:19:23 +00002631 }
2632 memset(&data, 0, sizeof(data));
2633 data.real_blkdev = real_blkdev;
2634 data.crypto_blkdev = crypto_blkdev;
2635 data.realfd = -1;
2636 data.cryptofd = -1;
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07002637 if ( (data.realfd = open64(real_blkdev, O_RDWR|O_CLOEXEC)) < 0) {
JP Abgrall7fc1de82014-10-10 18:43:41 -07002638 SLOGE("Error opening real_blkdev %s for f2fs inplace encrypt\n",
Daniel Rosenberge82df162014-08-15 22:19:23 +00002639 real_blkdev);
2640 goto errout;
2641 }
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07002642 if ( (data.cryptofd = open64(crypto_blkdev, O_WRONLY|O_CLOEXEC)) < 0) {
JP Abgrall7fc1de82014-10-10 18:43:41 -07002643 SLOGE("Error opening crypto_blkdev %s for f2fs inplace encrypt. err=%d(%s)\n",
JP Abgrall3334c6a2014-10-10 15:52:11 -07002644 crypto_blkdev, errno, strerror(errno));
JP Abgrall7fc1de82014-10-10 18:43:41 -07002645 rc = ENABLE_INPLACE_ERR_DEV;
Daniel Rosenberge82df162014-08-15 22:19:23 +00002646 goto errout;
2647 }
2648
2649 f2fs_info = generate_f2fs_info(data.realfd);
2650 if (!f2fs_info)
2651 goto errout;
2652
2653 data.numblocks = size / CRYPT_SECTORS_PER_BUFSIZE;
2654 data.tot_numblocks = tot_size / CRYPT_SECTORS_PER_BUFSIZE;
2655 data.blocks_already_done = *size_already_done / CRYPT_SECTORS_PER_BUFSIZE;
2656
2657 data.tot_used_blocks = get_num_blocks_used(f2fs_info);
2658
2659 data.one_pct = data.tot_used_blocks / 100;
2660 data.cur_pct = 0;
2661 data.time_started = time(NULL);
2662 data.remaining_time = -1;
2663
2664 data.buffer = malloc(f2fs_info->block_size);
2665 if (!data.buffer) {
2666 SLOGE("Failed to allocate crypto buffer");
2667 goto errout;
2668 }
2669
2670 data.count = 0;
2671
2672 /* Currently, this either runs to completion, or hits a nonrecoverable error */
2673 rc = run_on_used_blocks(data.blocks_already_done, f2fs_info, &encrypt_one_block_f2fs, &data);
2674
2675 if (rc) {
JP Abgrall7fc1de82014-10-10 18:43:41 -07002676 SLOGE("Error in running over f2fs blocks");
2677 rc = ENABLE_INPLACE_ERR_OTHER;
Daniel Rosenberge82df162014-08-15 22:19:23 +00002678 goto errout;
2679 }
2680
2681 *size_already_done += size;
2682 rc = 0;
2683
2684errout:
2685 if (rc)
2686 SLOGE("Failed to encrypt f2fs filesystem on %s", real_blkdev);
2687
Paul Lawrence3846be12014-09-22 11:33:54 -07002688 log_progress_f2fs(0, true);
Daniel Rosenberge82df162014-08-15 22:19:23 +00002689 free(f2fs_info);
2690 free(data.buffer);
2691 close(data.realfd);
2692 close(data.cryptofd);
2693
2694 return rc;
2695}
2696
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002697static int cryptfs_enable_inplace_full(char *crypto_blkdev, char *real_blkdev,
2698 off64_t size, off64_t *size_already_done,
Paul Lawrence87999172014-02-20 12:21:31 -08002699 off64_t tot_size,
2700 off64_t previously_encrypted_upto)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002701{
2702 int realfd, cryptofd;
2703 char *buf[CRYPT_INPLACE_BUFSIZE];
JP Abgrall7fc1de82014-10-10 18:43:41 -07002704 int rc = ENABLE_INPLACE_ERR_OTHER;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002705 off64_t numblocks, i, remainder;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002706 off64_t one_pct, cur_pct, new_pct;
Ken Sumrall29d8da82011-05-18 17:20:07 -07002707 off64_t blocks_already_done, tot_numblocks;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002708
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07002709 if ( (realfd = open(real_blkdev, O_RDONLY|O_CLOEXEC)) < 0) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002710 SLOGE("Error opening real_blkdev %s for inplace encrypt\n", real_blkdev);
JP Abgrall7fc1de82014-10-10 18:43:41 -07002711 return ENABLE_INPLACE_ERR_OTHER;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002712 }
2713
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07002714 if ( (cryptofd = open(crypto_blkdev, O_WRONLY|O_CLOEXEC)) < 0) {
JP Abgrall3334c6a2014-10-10 15:52:11 -07002715 SLOGE("Error opening crypto_blkdev %s for inplace encrypt. err=%d(%s)\n",
2716 crypto_blkdev, errno, strerror(errno));
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002717 close(realfd);
JP Abgrall7fc1de82014-10-10 18:43:41 -07002718 return ENABLE_INPLACE_ERR_DEV;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002719 }
2720
2721 /* This is pretty much a simple loop of reading 4K, and writing 4K.
2722 * The size passed in is the number of 512 byte sectors in the filesystem.
2723 * So compute the number of whole 4K blocks we should read/write,
2724 * and the remainder.
2725 */
2726 numblocks = size / CRYPT_SECTORS_PER_BUFSIZE;
2727 remainder = size % CRYPT_SECTORS_PER_BUFSIZE;
Ken Sumrall29d8da82011-05-18 17:20:07 -07002728 tot_numblocks = tot_size / CRYPT_SECTORS_PER_BUFSIZE;
2729 blocks_already_done = *size_already_done / CRYPT_SECTORS_PER_BUFSIZE;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002730
2731 SLOGE("Encrypting filesystem in place...");
2732
Paul Lawrence87999172014-02-20 12:21:31 -08002733 i = previously_encrypted_upto + 1 - *size_already_done;
2734
2735 if (lseek64(realfd, i * CRYPT_SECTOR_SIZE, SEEK_SET) < 0) {
2736 SLOGE("Cannot seek to previously encrypted point on %s", real_blkdev);
2737 goto errout;
2738 }
2739
2740 if (lseek64(cryptofd, i * CRYPT_SECTOR_SIZE, SEEK_SET) < 0) {
2741 SLOGE("Cannot seek to previously encrypted point on %s", crypto_blkdev);
2742 goto errout;
2743 }
2744
2745 for (;i < size && i % CRYPT_SECTORS_PER_BUFSIZE != 0; ++i) {
2746 if (unix_read(realfd, buf, CRYPT_SECTOR_SIZE) <= 0) {
2747 SLOGE("Error reading initial sectors from real_blkdev %s for "
2748 "inplace encrypt\n", crypto_blkdev);
2749 goto errout;
2750 }
2751 if (unix_write(cryptofd, buf, CRYPT_SECTOR_SIZE) <= 0) {
2752 SLOGE("Error writing initial sectors to crypto_blkdev %s for "
2753 "inplace encrypt\n", crypto_blkdev);
2754 goto errout;
2755 } else {
Elliott Hughescb33f572014-06-25 18:25:11 -07002756 SLOGI("Encrypted 1 block at %" PRId64, i);
Paul Lawrence87999172014-02-20 12:21:31 -08002757 }
2758 }
2759
Ken Sumrall29d8da82011-05-18 17:20:07 -07002760 one_pct = tot_numblocks / 100;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002761 cur_pct = 0;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002762 /* process the majority of the filesystem in blocks */
Paul Lawrence87999172014-02-20 12:21:31 -08002763 for (i/=CRYPT_SECTORS_PER_BUFSIZE; i<numblocks; i++) {
Ken Sumrall29d8da82011-05-18 17:20:07 -07002764 new_pct = (i + blocks_already_done) / one_pct;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002765 if (new_pct > cur_pct) {
2766 char buf[8];
2767
2768 cur_pct = new_pct;
Elliott Hughes73737162014-06-25 17:27:42 -07002769 snprintf(buf, sizeof(buf), "%" PRId64, cur_pct);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002770 property_set("vold.encrypt_progress", buf);
2771 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002772 if (unix_read(realfd, buf, CRYPT_INPLACE_BUFSIZE) <= 0) {
Paul Lawrence87999172014-02-20 12:21:31 -08002773 SLOGE("Error reading real_blkdev %s for inplace encrypt", crypto_blkdev);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002774 goto errout;
2775 }
2776 if (unix_write(cryptofd, buf, CRYPT_INPLACE_BUFSIZE) <= 0) {
Paul Lawrence87999172014-02-20 12:21:31 -08002777 SLOGE("Error writing crypto_blkdev %s for inplace encrypt", crypto_blkdev);
2778 goto errout;
2779 } else {
Elliott Hughescb33f572014-06-25 18:25:11 -07002780 SLOGD("Encrypted %d block at %" PRId64,
Paul Lawrence87999172014-02-20 12:21:31 -08002781 CRYPT_SECTORS_PER_BUFSIZE,
2782 i * CRYPT_SECTORS_PER_BUFSIZE);
2783 }
2784
Paul Lawrence73d7a022014-06-09 14:10:09 -07002785 if (!is_battery_ok_to_continue()) {
Paul Lawrence87999172014-02-20 12:21:31 -08002786 SLOGE("Stopping encryption due to low battery");
2787 *size_already_done += (i + 1) * CRYPT_SECTORS_PER_BUFSIZE - 1;
2788 rc = 0;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002789 goto errout;
2790 }
2791 }
2792
2793 /* Do any remaining sectors */
2794 for (i=0; i<remainder; i++) {
Paul Lawrence87999172014-02-20 12:21:31 -08002795 if (unix_read(realfd, buf, CRYPT_SECTOR_SIZE) <= 0) {
2796 SLOGE("Error reading final sectors from real_blkdev %s for inplace encrypt", crypto_blkdev);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002797 goto errout;
2798 }
Paul Lawrence87999172014-02-20 12:21:31 -08002799 if (unix_write(cryptofd, buf, CRYPT_SECTOR_SIZE) <= 0) {
2800 SLOGE("Error writing final sectors to crypto_blkdev %s for inplace encrypt", crypto_blkdev);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002801 goto errout;
Paul Lawrence87999172014-02-20 12:21:31 -08002802 } else {
2803 SLOGI("Encrypted 1 block at next location");
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002804 }
2805 }
2806
Ken Sumrall29d8da82011-05-18 17:20:07 -07002807 *size_already_done += size;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002808 rc = 0;
2809
2810errout:
2811 close(realfd);
2812 close(cryptofd);
2813
2814 return rc;
2815}
2816
JP Abgrall7fc1de82014-10-10 18:43:41 -07002817/* returns on of the ENABLE_INPLACE_* return codes */
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002818static int cryptfs_enable_inplace(char *crypto_blkdev, char *real_blkdev,
2819 off64_t size, off64_t *size_already_done,
Paul Lawrence87999172014-02-20 12:21:31 -08002820 off64_t tot_size,
2821 off64_t previously_encrypted_upto)
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002822{
JP Abgrall7fc1de82014-10-10 18:43:41 -07002823 int rc_ext4, rc_f2fs, rc_full;
Paul Lawrence87999172014-02-20 12:21:31 -08002824 if (previously_encrypted_upto) {
Elliott Hughescb33f572014-06-25 18:25:11 -07002825 SLOGD("Continuing encryption from %" PRId64, previously_encrypted_upto);
Paul Lawrence87999172014-02-20 12:21:31 -08002826 }
2827
2828 if (*size_already_done + size < previously_encrypted_upto) {
2829 *size_already_done += size;
2830 return 0;
2831 }
2832
Daniel Rosenberge82df162014-08-15 22:19:23 +00002833 /* TODO: identify filesystem type.
2834 * As is, cryptfs_enable_inplace_ext4 will fail on an f2fs partition, and
2835 * then we will drop down to cryptfs_enable_inplace_f2fs.
2836 * */
JP Abgrall7fc1de82014-10-10 18:43:41 -07002837 if ((rc_ext4 = cryptfs_enable_inplace_ext4(crypto_blkdev, real_blkdev,
Daniel Rosenberge82df162014-08-15 22:19:23 +00002838 size, size_already_done,
JP Abgrall7fc1de82014-10-10 18:43:41 -07002839 tot_size, previously_encrypted_upto)) == 0) {
Daniel Rosenberge82df162014-08-15 22:19:23 +00002840 return 0;
2841 }
JP Abgrall7fc1de82014-10-10 18:43:41 -07002842 SLOGD("cryptfs_enable_inplace_ext4()=%d\n", rc_ext4);
Daniel Rosenberge82df162014-08-15 22:19:23 +00002843
JP Abgrall7fc1de82014-10-10 18:43:41 -07002844 if ((rc_f2fs = cryptfs_enable_inplace_f2fs(crypto_blkdev, real_blkdev,
Daniel Rosenberge82df162014-08-15 22:19:23 +00002845 size, size_already_done,
JP Abgrall7fc1de82014-10-10 18:43:41 -07002846 tot_size, previously_encrypted_upto)) == 0) {
Daniel Rosenberge82df162014-08-15 22:19:23 +00002847 return 0;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002848 }
JP Abgrall7fc1de82014-10-10 18:43:41 -07002849 SLOGD("cryptfs_enable_inplace_f2fs()=%d\n", rc_f2fs);
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002850
JP Abgrall7fc1de82014-10-10 18:43:41 -07002851 rc_full = cryptfs_enable_inplace_full(crypto_blkdev, real_blkdev,
Paul Lawrence87999172014-02-20 12:21:31 -08002852 size, size_already_done, tot_size,
2853 previously_encrypted_upto);
JP Abgrall7fc1de82014-10-10 18:43:41 -07002854 SLOGD("cryptfs_enable_inplace_full()=%d\n", rc_full);
2855
2856 /* Hack for b/17898962, the following is the symptom... */
2857 if (rc_ext4 == ENABLE_INPLACE_ERR_DEV
2858 && rc_f2fs == ENABLE_INPLACE_ERR_DEV
2859 && rc_full == ENABLE_INPLACE_ERR_DEV) {
2860 return ENABLE_INPLACE_ERR_DEV;
2861 }
2862 return rc_full;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002863}
2864
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002865#define CRYPTO_ENABLE_WIPE 1
2866#define CRYPTO_ENABLE_INPLACE 2
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002867
2868#define FRAMEWORK_BOOT_WAIT 60
2869
Paul Lawrence87999172014-02-20 12:21:31 -08002870static int cryptfs_SHA256_fileblock(const char* filename, __le8* buf)
2871{
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07002872 int fd = open(filename, O_RDONLY|O_CLOEXEC);
Paul Lawrence87999172014-02-20 12:21:31 -08002873 if (fd == -1) {
2874 SLOGE("Error opening file %s", filename);
2875 return -1;
2876 }
2877
2878 char block[CRYPT_INPLACE_BUFSIZE];
2879 memset(block, 0, sizeof(block));
2880 if (unix_read(fd, block, sizeof(block)) < 0) {
2881 SLOGE("Error reading file %s", filename);
2882 close(fd);
2883 return -1;
2884 }
2885
2886 close(fd);
2887
2888 SHA256_CTX c;
2889 SHA256_Init(&c);
2890 SHA256_Update(&c, block, sizeof(block));
2891 SHA256_Final(buf, &c);
2892
2893 return 0;
2894}
2895
JP Abgrall62c7af32014-06-16 13:01:23 -07002896static int get_fs_type(struct fstab_rec *rec)
2897{
2898 if (!strcmp(rec->fs_type, "ext4")) {
2899 return EXT4_FS;
2900 } else if (!strcmp(rec->fs_type, "f2fs")) {
2901 return F2FS_FS;
2902 } else {
2903 return -1;
2904 }
2905}
2906
Paul Lawrence87999172014-02-20 12:21:31 -08002907static int cryptfs_enable_all_volumes(struct crypt_mnt_ftr *crypt_ftr, int how,
2908 char *crypto_blkdev, char *real_blkdev,
2909 int previously_encrypted_upto)
2910{
2911 off64_t cur_encryption_done=0, tot_encryption_size=0;
Tim Murray8439dc92014-12-15 11:56:11 -08002912 int rc = -1;
Paul Lawrence87999172014-02-20 12:21:31 -08002913
Paul Lawrence73d7a022014-06-09 14:10:09 -07002914 if (!is_battery_ok_to_start()) {
2915 SLOGW("Not starting encryption due to low battery");
Paul Lawrence87999172014-02-20 12:21:31 -08002916 return 0;
2917 }
2918
2919 /* The size of the userdata partition, and add in the vold volumes below */
2920 tot_encryption_size = crypt_ftr->fs_size;
2921
2922 if (how == CRYPTO_ENABLE_WIPE) {
JP Abgrall62c7af32014-06-16 13:01:23 -07002923 struct fstab_rec* rec = fs_mgr_get_entry_for_mount_point(fstab, DATA_MNT_POINT);
2924 int fs_type = get_fs_type(rec);
2925 if (fs_type < 0) {
2926 SLOGE("cryptfs_enable: unsupported fs type %s\n", rec->fs_type);
2927 return -1;
2928 }
2929 rc = cryptfs_enable_wipe(crypto_blkdev, crypt_ftr->fs_size, fs_type);
Paul Lawrence87999172014-02-20 12:21:31 -08002930 } else if (how == CRYPTO_ENABLE_INPLACE) {
2931 rc = cryptfs_enable_inplace(crypto_blkdev, real_blkdev,
2932 crypt_ftr->fs_size, &cur_encryption_done,
2933 tot_encryption_size,
2934 previously_encrypted_upto);
2935
JP Abgrall7fc1de82014-10-10 18:43:41 -07002936 if (rc == ENABLE_INPLACE_ERR_DEV) {
2937 /* Hack for b/17898962 */
2938 SLOGE("cryptfs_enable: crypto block dev failure. Must reboot...\n");
2939 cryptfs_reboot(reboot);
2940 }
2941
Paul Lawrence73d7a022014-06-09 14:10:09 -07002942 if (!rc) {
Paul Lawrence87999172014-02-20 12:21:31 -08002943 crypt_ftr->encrypted_upto = cur_encryption_done;
2944 }
2945
Paul Lawrence73d7a022014-06-09 14:10:09 -07002946 if (!rc && crypt_ftr->encrypted_upto == crypt_ftr->fs_size) {
Paul Lawrence87999172014-02-20 12:21:31 -08002947 /* The inplace routine never actually sets the progress to 100% due
2948 * to the round down nature of integer division, so set it here */
2949 property_set("vold.encrypt_progress", "100");
2950 }
2951 } else {
2952 /* Shouldn't happen */
2953 SLOGE("cryptfs_enable: internal error, unknown option\n");
2954 rc = -1;
2955 }
2956
2957 return rc;
2958}
2959
Paul Lawrence13486032014-02-03 13:28:11 -08002960int cryptfs_enable_internal(char *howarg, int crypt_type, char *passwd,
Paul Lawrence569649f2015-09-09 12:13:00 -07002961 int no_ui)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002962{
2963 int how = 0;
Paul Lawrence87999172014-02-20 12:21:31 -08002964 char crypto_blkdev[MAXPATHLEN], real_blkdev[MAXPATHLEN];
Ken Sumrall160b4d62013-04-22 12:15:39 -07002965 unsigned char decrypted_master_key[KEY_LEN_BYTES];
Hiroaki Miyazawa14eab552015-02-04 13:29:15 +09002966 int rc=-1, i;
Paul Lawrence87999172014-02-20 12:21:31 -08002967 struct crypt_mnt_ftr crypt_ftr;
Ken Sumrall160b4d62013-04-22 12:15:39 -07002968 struct crypt_persist_data *pdata;
Ken Sumrall29d8da82011-05-18 17:20:07 -07002969 char encrypted_state[PROPERTY_VALUE_MAX];
Ken Sumrall5d4c68e2011-01-30 19:06:03 -08002970 char lockid[32] = { 0 };
Ken Sumrall29d8da82011-05-18 17:20:07 -07002971 char key_loc[PROPERTY_VALUE_MAX];
Ken Sumrall29d8da82011-05-18 17:20:07 -07002972 int num_vols;
Paul Lawrence87999172014-02-20 12:21:31 -08002973 off64_t previously_encrypted_upto = 0;
Paul Lawrence3d99eba2015-11-20 07:07:19 -08002974 bool rebootEncryption = false;
Ken Sumrall29d8da82011-05-18 17:20:07 -07002975
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002976 if (!strcmp(howarg, "wipe")) {
2977 how = CRYPTO_ENABLE_WIPE;
2978 } else if (! strcmp(howarg, "inplace")) {
2979 how = CRYPTO_ENABLE_INPLACE;
2980 } else {
2981 /* Shouldn't happen, as CommandListener vets the args */
Ken Sumrall3ed82362011-01-28 23:31:16 -08002982 goto error_unencrypted;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002983 }
2984
Paul Lawrence87999172014-02-20 12:21:31 -08002985 if (how == CRYPTO_ENABLE_INPLACE
Paul Lawrence3d99eba2015-11-20 07:07:19 -08002986 && get_crypt_ftr_and_key(&crypt_ftr) == 0) {
2987 if (crypt_ftr.flags & CRYPT_ENCRYPTION_IN_PROGRESS) {
2988 /* An encryption was underway and was interrupted */
2989 previously_encrypted_upto = crypt_ftr.encrypted_upto;
2990 crypt_ftr.encrypted_upto = 0;
2991 crypt_ftr.flags &= ~CRYPT_ENCRYPTION_IN_PROGRESS;
Paul Lawrence6bfed202014-07-28 12:47:22 -07002992
Paul Lawrence3d99eba2015-11-20 07:07:19 -08002993 /* At this point, we are in an inconsistent state. Until we successfully
2994 complete encryption, a reboot will leave us broken. So mark the
2995 encryption failed in case that happens.
2996 On successfully completing encryption, remove this flag */
2997 crypt_ftr.flags |= CRYPT_INCONSISTENT_STATE;
Paul Lawrence6bfed202014-07-28 12:47:22 -07002998
Paul Lawrence3d99eba2015-11-20 07:07:19 -08002999 put_crypt_ftr_and_key(&crypt_ftr);
3000 } else if (crypt_ftr.flags & CRYPT_FORCE_ENCRYPTION) {
3001 if (!check_ftr_sha(&crypt_ftr)) {
3002 memset(&crypt_ftr, 0, sizeof(crypt_ftr));
3003 put_crypt_ftr_and_key(&crypt_ftr);
3004 goto error_unencrypted;
3005 }
3006
3007 /* Doing a reboot-encryption*/
3008 crypt_ftr.flags &= ~CRYPT_FORCE_ENCRYPTION;
3009 crypt_ftr.flags |= CRYPT_FORCE_COMPLETE;
3010 rebootEncryption = true;
3011 }
Paul Lawrence87999172014-02-20 12:21:31 -08003012 }
3013
3014 property_get("ro.crypto.state", encrypted_state, "");
3015 if (!strcmp(encrypted_state, "encrypted") && !previously_encrypted_upto) {
3016 SLOGE("Device is already running encrypted, aborting");
3017 goto error_unencrypted;
3018 }
3019
3020 // TODO refactor fs_mgr_get_crypt_info to get both in one call
3021 fs_mgr_get_crypt_info(fstab, key_loc, 0, sizeof(key_loc));
Ken Sumrall56ad03c2013-02-13 13:00:19 -08003022 fs_mgr_get_crypt_info(fstab, 0, real_blkdev, sizeof(real_blkdev));
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003023
Ken Sumrall3ed82362011-01-28 23:31:16 -08003024 /* Get the size of the real block device */
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07003025 int fd = open(real_blkdev, O_RDONLY|O_CLOEXEC);
Hiroaki Miyazawa14eab552015-02-04 13:29:15 +09003026 if (fd == -1) {
3027 SLOGE("Cannot open block device %s\n", real_blkdev);
3028 goto error_unencrypted;
3029 }
3030 unsigned long nr_sec;
3031 get_blkdev_size(fd, &nr_sec);
3032 if (nr_sec == 0) {
Ken Sumrall3ed82362011-01-28 23:31:16 -08003033 SLOGE("Cannot get size of block device %s\n", real_blkdev);
3034 goto error_unencrypted;
3035 }
3036 close(fd);
3037
3038 /* If doing inplace encryption, make sure the orig fs doesn't include the crypto footer */
Ken Sumrall29d8da82011-05-18 17:20:07 -07003039 if ((how == CRYPTO_ENABLE_INPLACE) && (!strcmp(key_loc, KEY_IN_FOOTER))) {
Ken Sumrall3ed82362011-01-28 23:31:16 -08003040 unsigned int fs_size_sec, max_fs_size_sec;
Jim Millera70abc62014-08-15 02:00:45 +00003041 fs_size_sec = get_fs_size(real_blkdev);
Daniel Rosenberge82df162014-08-15 22:19:23 +00003042 if (fs_size_sec == 0)
3043 fs_size_sec = get_f2fs_filesystem_size_sec(real_blkdev);
3044
Paul Lawrence87999172014-02-20 12:21:31 -08003045 max_fs_size_sec = nr_sec - (CRYPT_FOOTER_OFFSET / CRYPT_SECTOR_SIZE);
Ken Sumrall3ed82362011-01-28 23:31:16 -08003046
3047 if (fs_size_sec > max_fs_size_sec) {
3048 SLOGE("Orig filesystem overlaps crypto footer region. Cannot encrypt in place.");
3049 goto error_unencrypted;
3050 }
3051 }
3052
Ken Sumrall5d4c68e2011-01-30 19:06:03 -08003053 /* Get a wakelock as this may take a while, and we don't want the
3054 * device to sleep on us. We'll grab a partial wakelock, and if the UI
3055 * wants to keep the screen on, it can grab a full wakelock.
3056 */
Ken Sumrall29d8da82011-05-18 17:20:07 -07003057 snprintf(lockid, sizeof(lockid), "enablecrypto%d", (int) getpid());
Ken Sumrall5d4c68e2011-01-30 19:06:03 -08003058 acquire_wake_lock(PARTIAL_WAKE_LOCK, lockid);
3059
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003060 /* The init files are setup to stop the class main and late start when
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003061 * vold sets trigger_shutdown_framework.
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003062 */
3063 property_set("vold.decrypt", "trigger_shutdown_framework");
3064 SLOGD("Just asked init to shut down class main\n");
3065
Jeff Sharkey9c484982015-03-31 10:35:33 -07003066 /* Ask vold to unmount all devices that it manages */
3067 if (vold_unmountAll()) {
3068 SLOGE("Failed to unmount all vold managed devices");
Ken Sumrall2eaf7132011-01-14 12:45:48 -08003069 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003070
Paul Lawrence3d99eba2015-11-20 07:07:19 -08003071 /* no_ui means we are being called from init, not settings.
3072 Now we always reboot from settings, so !no_ui means reboot
3073 */
3074 bool onlyCreateHeader = false;
3075 if (!no_ui) {
3076 /* Try fallback, which is to reboot and try there */
3077 onlyCreateHeader = true;
3078 FILE* breadcrumb = fopen(BREADCRUMB_FILE, "we");
3079 if (breadcrumb == 0) {
3080 SLOGE("Failed to create breadcrumb file");
3081 goto error_shutting_down;
3082 }
3083 fclose(breadcrumb);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003084 }
3085
3086 /* Do extra work for a better UX when doing the long inplace encryption */
Paul Lawrence3d99eba2015-11-20 07:07:19 -08003087 if (how == CRYPTO_ENABLE_INPLACE && !onlyCreateHeader) {
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003088 /* Now that /data is unmounted, we need to mount a tmpfs
3089 * /data, set a property saying we're doing inplace encryption,
3090 * and restart the framework.
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003091 */
Ken Sumralle5032c42012-04-01 23:58:44 -07003092 if (fs_mgr_do_tmpfs_mount(DATA_MNT_POINT)) {
Ken Sumrall3ed82362011-01-28 23:31:16 -08003093 goto error_shutting_down;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003094 }
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003095 /* Tells the framework that inplace encryption is starting */
Ken Sumrall7df84122011-01-18 14:04:08 -08003096 property_set("vold.encrypt_progress", "0");
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003097
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003098 /* restart the framework. */
3099 /* Create necessary paths on /data */
3100 if (prep_data_fs()) {
Ken Sumrall3ed82362011-01-28 23:31:16 -08003101 goto error_shutting_down;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003102 }
3103
Ken Sumrall92736ef2012-10-17 20:57:14 -07003104 /* Ugh, shutting down the framework is not synchronous, so until it
3105 * can be fixed, this horrible hack will wait a moment for it all to
3106 * shut down before proceeding. Without it, some devices cannot
3107 * restart the graphics services.
3108 */
3109 sleep(2);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003110 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003111
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003112 /* Start the actual work of making an encrypted filesystem */
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003113 /* Initialize a crypt_mnt_ftr for the partition */
Paul Lawrence3d99eba2015-11-20 07:07:19 -08003114 if (previously_encrypted_upto == 0 && !rebootEncryption) {
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07003115 if (cryptfs_init_crypt_mnt_ftr(&crypt_ftr)) {
3116 goto error_shutting_down;
3117 }
Ken Sumrall160b4d62013-04-22 12:15:39 -07003118
Paul Lawrence87999172014-02-20 12:21:31 -08003119 if (!strcmp(key_loc, KEY_IN_FOOTER)) {
3120 crypt_ftr.fs_size = nr_sec
3121 - (CRYPT_FOOTER_OFFSET / CRYPT_SECTOR_SIZE);
3122 } else {
3123 crypt_ftr.fs_size = nr_sec;
3124 }
Paul Lawrence6bfed202014-07-28 12:47:22 -07003125 /* At this point, we are in an inconsistent state. Until we successfully
3126 complete encryption, a reboot will leave us broken. So mark the
3127 encryption failed in case that happens.
3128 On successfully completing encryption, remove this flag */
Paul Lawrence3d99eba2015-11-20 07:07:19 -08003129 if (onlyCreateHeader) {
3130 crypt_ftr.flags |= CRYPT_FORCE_ENCRYPTION;
3131 } else {
3132 crypt_ftr.flags |= CRYPT_INCONSISTENT_STATE;
3133 }
Paul Lawrence87999172014-02-20 12:21:31 -08003134 crypt_ftr.crypt_type = crypt_type;
Ajay Dudani87701e22014-09-17 21:02:52 -07003135#ifndef CONFIG_HW_DISK_ENCRYPTION
3136 strlcpy((char *)crypt_ftr.crypto_type_name, "aes-cbc-essiv:sha256", MAX_CRYPTO_TYPE_NAME_LEN);
3137#else
3138 strlcpy((char *)crypt_ftr.crypto_type_name, "aes-xts", MAX_CRYPTO_TYPE_NAME_LEN);
3139
Iliyan Malchevbb7d9af2014-11-20 18:42:23 -08003140 rc = clear_hw_device_encryption_key();
Ajay Dudani87701e22014-09-17 21:02:52 -07003141 if (!rc) {
3142 SLOGE("Error clearing device encryption hardware key. rc = %d", rc);
3143 }
3144
3145 rc = set_hw_device_encryption_key(passwd,
3146 (char*) crypt_ftr.crypto_type_name);
3147 if (!rc) {
3148 SLOGE("Error initializing device encryption hardware key. rc = %d", rc);
3149 goto error_shutting_down;
3150 }
3151#endif
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003152
Paul Lawrence87999172014-02-20 12:21:31 -08003153 /* Make an encrypted master key */
Paul Lawrence3d99eba2015-11-20 07:07:19 -08003154 if (create_encrypted_random_key(onlyCreateHeader ? DEFAULT_PASSWORD : passwd,
3155 crypt_ftr.master_key, crypt_ftr.salt, &crypt_ftr)) {
Paul Lawrence87999172014-02-20 12:21:31 -08003156 SLOGE("Cannot create encrypted master key\n");
3157 goto error_shutting_down;
3158 }
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003159
Paul Lawrence3d99eba2015-11-20 07:07:19 -08003160 /* Replace scrypted intermediate key if we are preparing for a reboot */
3161 if (onlyCreateHeader) {
3162 unsigned char fake_master_key[KEY_LEN_BYTES];
3163 unsigned char encrypted_fake_master_key[KEY_LEN_BYTES];
3164 memset(fake_master_key, 0, sizeof(fake_master_key));
3165 encrypt_master_key(passwd, crypt_ftr.salt, fake_master_key,
3166 encrypted_fake_master_key, &crypt_ftr);
3167 }
3168
Paul Lawrence87999172014-02-20 12:21:31 -08003169 /* Write the key to the end of the partition */
3170 put_crypt_ftr_and_key(&crypt_ftr);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003171
Paul Lawrence87999172014-02-20 12:21:31 -08003172 /* If any persistent data has been remembered, save it.
3173 * If none, create a valid empty table and save that.
3174 */
3175 if (!persist_data) {
3176 pdata = malloc(CRYPT_PERSIST_DATA_SIZE);
3177 if (pdata) {
3178 init_empty_persist_data(pdata, CRYPT_PERSIST_DATA_SIZE);
3179 persist_data = pdata;
3180 }
3181 }
3182 if (persist_data) {
3183 save_persistent_data();
3184 }
Ken Sumrall160b4d62013-04-22 12:15:39 -07003185 }
3186
Paul Lawrence3d99eba2015-11-20 07:07:19 -08003187 if (onlyCreateHeader) {
3188 sleep(2);
3189 cryptfs_reboot(reboot);
3190 }
3191
3192 if (how == CRYPTO_ENABLE_INPLACE && (!no_ui || rebootEncryption)) {
Ajay Dudani87701e22014-09-17 21:02:52 -07003193 /* startup service classes main and late_start */
3194 property_set("vold.decrypt", "trigger_restart_min_framework");
3195 SLOGD("Just triggered restart_min_framework\n");
3196
3197 /* OK, the framework is restarted and will soon be showing a
3198 * progress bar. Time to setup an encrypted mapping, and
3199 * either write a new filesystem, or encrypt in place updating
3200 * the progress bar as we work.
3201 */
3202 }
3203
Paul Lawrenced0c7b172014-08-08 14:28:10 -07003204 decrypt_master_key(passwd, decrypted_master_key, &crypt_ftr, 0, 0);
Ken Sumrall29d8da82011-05-18 17:20:07 -07003205 create_crypto_blk_dev(&crypt_ftr, decrypted_master_key, real_blkdev, crypto_blkdev,
Paul Lawrence3d99eba2015-11-20 07:07:19 -08003206 CRYPTO_BLOCK_DEVICE);
Ken Sumrall29d8da82011-05-18 17:20:07 -07003207
Paul Lawrence87999172014-02-20 12:21:31 -08003208 /* If we are continuing, check checksums match */
3209 rc = 0;
3210 if (previously_encrypted_upto) {
3211 __le8 hash_first_block[SHA256_DIGEST_LENGTH];
3212 rc = cryptfs_SHA256_fileblock(crypto_blkdev, hash_first_block);
Ken Sumrall128626f2011-06-28 18:45:14 -07003213
Paul Lawrence87999172014-02-20 12:21:31 -08003214 if (!rc && memcmp(hash_first_block, crypt_ftr.hash_first_block,
3215 sizeof(hash_first_block)) != 0) {
3216 SLOGE("Checksums do not match - trigger wipe");
3217 rc = -1;
Ken Sumrall29d8da82011-05-18 17:20:07 -07003218 }
3219 }
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003220
Paul Lawrence87999172014-02-20 12:21:31 -08003221 if (!rc) {
3222 rc = cryptfs_enable_all_volumes(&crypt_ftr, how,
3223 crypto_blkdev, real_blkdev,
3224 previously_encrypted_upto);
3225 }
3226
3227 /* Calculate checksum if we are not finished */
Paul Lawrenceb1eb7a02014-11-25 14:57:32 -08003228 if (!rc && how == CRYPTO_ENABLE_INPLACE
3229 && crypt_ftr.encrypted_upto != crypt_ftr.fs_size) {
Paul Lawrence87999172014-02-20 12:21:31 -08003230 rc = cryptfs_SHA256_fileblock(crypto_blkdev,
3231 crypt_ftr.hash_first_block);
Paul Lawrence73d7a022014-06-09 14:10:09 -07003232 if (rc) {
Paul Lawrence87999172014-02-20 12:21:31 -08003233 SLOGE("Error calculating checksum for continuing encryption");
3234 rc = -1;
Ken Sumrall29d8da82011-05-18 17:20:07 -07003235 }
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003236 }
3237
3238 /* Undo the dm-crypt mapping whether we succeed or not */
Paul Lawrence3d99eba2015-11-20 07:07:19 -08003239 delete_crypto_blk_dev(CRYPTO_BLOCK_DEVICE);
Ken Sumrall29d8da82011-05-18 17:20:07 -07003240
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003241 if (! rc) {
3242 /* Success */
Paul Lawrence6bfed202014-07-28 12:47:22 -07003243 crypt_ftr.flags &= ~CRYPT_INCONSISTENT_STATE;
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08003244
Paul Lawrenceb1eb7a02014-11-25 14:57:32 -08003245 if (how == CRYPTO_ENABLE_INPLACE
3246 && crypt_ftr.encrypted_upto != crypt_ftr.fs_size) {
Paul Lawrence87999172014-02-20 12:21:31 -08003247 SLOGD("Encrypted up to sector %lld - will continue after reboot",
3248 crypt_ftr.encrypted_upto);
Paul Lawrence6bfed202014-07-28 12:47:22 -07003249 crypt_ftr.flags |= CRYPT_ENCRYPTION_IN_PROGRESS;
Paul Lawrence87999172014-02-20 12:21:31 -08003250 }
Paul Lawrence73d7a022014-06-09 14:10:09 -07003251
Paul Lawrence6bfed202014-07-28 12:47:22 -07003252 put_crypt_ftr_and_key(&crypt_ftr);
Ken Sumralld33d4172011-02-01 00:49:13 -08003253
Paul Lawrenceb1eb7a02014-11-25 14:57:32 -08003254 if (how == CRYPTO_ENABLE_WIPE
3255 || crypt_ftr.encrypted_upto == crypt_ftr.fs_size) {
Paul Lawrenceb6672e12014-08-15 07:37:28 -07003256 char value[PROPERTY_VALUE_MAX];
3257 property_get("ro.crypto.state", value, "");
3258 if (!strcmp(value, "")) {
3259 /* default encryption - continue first boot sequence */
3260 property_set("ro.crypto.state", "encrypted");
Paul Lawrence4ed45262016-03-10 15:44:21 -08003261 property_set("ro.crypto.type", "block");
Paul Lawrenceb6672e12014-08-15 07:37:28 -07003262 release_wake_lock(lockid);
Paul Lawrence3d99eba2015-11-20 07:07:19 -08003263 if (rebootEncryption && crypt_ftr.crypt_type != CRYPT_TYPE_DEFAULT) {
3264 // Bring up cryptkeeper that will check the password and set it
3265 property_set("vold.decrypt", "trigger_shutdown_framework");
3266 sleep(2);
3267 property_set("vold.encrypt_progress", "");
3268 cryptfs_trigger_restart_min_framework();
3269 } else {
3270 cryptfs_check_passwd(DEFAULT_PASSWORD);
3271 cryptfs_restart_internal(1);
3272 }
Paul Lawrenceb6672e12014-08-15 07:37:28 -07003273 return 0;
3274 } else {
3275 sleep(2); /* Give the UI a chance to show 100% progress */
Paul Lawrence87999172014-02-20 12:21:31 -08003276 cryptfs_reboot(reboot);
Paul Lawrenceb6672e12014-08-15 07:37:28 -07003277 }
Paul Lawrence87999172014-02-20 12:21:31 -08003278 } else {
Paul Lawrenceb6672e12014-08-15 07:37:28 -07003279 sleep(2); /* Partially encrypted, ensure writes flushed to ssd */
Paul Lawrence87999172014-02-20 12:21:31 -08003280 cryptfs_reboot(shutdown);
3281 }
Ken Sumrall3ed82362011-01-28 23:31:16 -08003282 } else {
Mike Lockwoodee6d8c42012-02-15 13:43:28 -08003283 char value[PROPERTY_VALUE_MAX];
3284
Ken Sumrall319369a2012-06-27 16:30:18 -07003285 property_get("ro.vold.wipe_on_crypt_fail", value, "0");
Mike Lockwoodee6d8c42012-02-15 13:43:28 -08003286 if (!strcmp(value, "1")) {
3287 /* wipe data if encryption failed */
3288 SLOGE("encryption failed - rebooting into recovery to wipe data\n");
Yabin Cuiffa2e092016-04-06 17:21:38 -07003289 if (!write_bootloader_message("--wipe_data\n--reason=cryptfs_enable_internal\n")) {
3290 SLOGE("could not write bootloader message\n");
Mike Lockwoodee6d8c42012-02-15 13:43:28 -08003291 }
Paul Lawrence87999172014-02-20 12:21:31 -08003292 cryptfs_reboot(recovery);
Mike Lockwoodee6d8c42012-02-15 13:43:28 -08003293 } else {
3294 /* set property to trigger dialog */
3295 property_set("vold.encrypt_progress", "error_partially_encrypted");
3296 release_wake_lock(lockid);
3297 }
Ken Sumrall3ed82362011-01-28 23:31:16 -08003298 return -1;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003299 }
3300
Ken Sumrall3ed82362011-01-28 23:31:16 -08003301 /* hrm, the encrypt step claims success, but the reboot failed.
3302 * This should not happen.
3303 * Set the property and return. Hope the framework can deal with it.
3304 */
3305 property_set("vold.encrypt_progress", "error_reboot_failed");
Ken Sumrall5d4c68e2011-01-30 19:06:03 -08003306 release_wake_lock(lockid);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003307 return rc;
Ken Sumrall3ed82362011-01-28 23:31:16 -08003308
3309error_unencrypted:
3310 property_set("vold.encrypt_progress", "error_not_encrypted");
Ken Sumrall5d4c68e2011-01-30 19:06:03 -08003311 if (lockid[0]) {
3312 release_wake_lock(lockid);
3313 }
Ken Sumrall3ed82362011-01-28 23:31:16 -08003314 return -1;
3315
3316error_shutting_down:
3317 /* we failed, and have not encrypted anthing, so the users's data is still intact,
3318 * but the framework is stopped and not restarted to show the error, so it's up to
3319 * vold to restart the system.
3320 */
3321 SLOGE("Error enabling encryption after framework is shutdown, no data changed, restarting system");
Paul Lawrence87999172014-02-20 12:21:31 -08003322 cryptfs_reboot(reboot);
Ken Sumrall3ed82362011-01-28 23:31:16 -08003323
3324 /* shouldn't get here */
3325 property_set("vold.encrypt_progress", "error_shutting_down");
Ken Sumrall5d4c68e2011-01-30 19:06:03 -08003326 if (lockid[0]) {
3327 release_wake_lock(lockid);
3328 }
Ken Sumrall3ed82362011-01-28 23:31:16 -08003329 return -1;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003330}
3331
Paul Lawrence569649f2015-09-09 12:13:00 -07003332int cryptfs_enable(char *howarg, int type, char *passwd, int no_ui)
Paul Lawrence13486032014-02-03 13:28:11 -08003333{
Paul Lawrence569649f2015-09-09 12:13:00 -07003334 return cryptfs_enable_internal(howarg, type, passwd, no_ui);
Paul Lawrence13486032014-02-03 13:28:11 -08003335}
3336
Paul Lawrence569649f2015-09-09 12:13:00 -07003337int cryptfs_enable_default(char *howarg, int no_ui)
Paul Lawrence13486032014-02-03 13:28:11 -08003338{
3339 return cryptfs_enable_internal(howarg, CRYPT_TYPE_DEFAULT,
Paul Lawrence569649f2015-09-09 12:13:00 -07003340 DEFAULT_PASSWORD, no_ui);
Paul Lawrence13486032014-02-03 13:28:11 -08003341}
3342
3343int cryptfs_changepw(int crypt_type, const char *newpw)
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003344{
Paul Crowley38132a12016-02-09 09:50:32 +00003345 if (e4crypt_is_native()) {
Paul Lawrence7b6b5652016-02-02 11:14:59 -08003346 SLOGE("cryptfs_changepw not valid for file encryption");
3347 return -1;
Paul Lawrence05335c32015-03-05 09:46:23 -08003348 }
3349
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003350 struct crypt_mnt_ftr crypt_ftr;
JP Abgrall933216c2015-02-11 13:44:32 -08003351 int rc;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003352
3353 /* This is only allowed after we've successfully decrypted the master key */
Paul Lawrencef4faa572014-01-29 13:31:03 -08003354 if (!master_key_saved) {
Ken Sumrall0cc16632011-01-18 20:32:26 -08003355 SLOGE("Key not saved, aborting");
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003356 return -1;
3357 }
3358
Paul Lawrencef4faa572014-01-29 13:31:03 -08003359 if (crypt_type < 0 || crypt_type > CRYPT_TYPE_MAX_TYPE) {
3360 SLOGE("Invalid crypt_type %d", crypt_type);
3361 return -1;
3362 }
3363
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003364 /* get key */
Ken Sumrall160b4d62013-04-22 12:15:39 -07003365 if (get_crypt_ftr_and_key(&crypt_ftr)) {
Paul Lawrencef4faa572014-01-29 13:31:03 -08003366 SLOGE("Error getting crypt footer and key");
3367 return -1;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003368 }
3369
Paul Lawrencef4faa572014-01-29 13:31:03 -08003370 crypt_ftr.crypt_type = crypt_type;
3371
JP Abgrall933216c2015-02-11 13:44:32 -08003372 rc = encrypt_master_key(crypt_type == CRYPT_TYPE_DEFAULT ? DEFAULT_PASSWORD
Paul Lawrencef4faa572014-01-29 13:31:03 -08003373 : newpw,
3374 crypt_ftr.salt,
3375 saved_master_key,
3376 crypt_ftr.master_key,
3377 &crypt_ftr);
JP Abgrall933216c2015-02-11 13:44:32 -08003378 if (rc) {
3379 SLOGE("Encrypt master key failed: %d", rc);
3380 return -1;
3381 }
Jason parks70a4b3f2011-01-28 10:10:47 -06003382 /* save the key */
Ken Sumrall160b4d62013-04-22 12:15:39 -07003383 put_crypt_ftr_and_key(&crypt_ftr);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003384
Ajay Dudani87701e22014-09-17 21:02:52 -07003385#ifdef CONFIG_HW_DISK_ENCRYPTION
Iliyan Malchevbb7d9af2014-11-20 18:42:23 -08003386 if (!strcmp((char *)crypt_ftr.crypto_type_name, "aes-xts")) {
3387 if (crypt_type == CRYPT_TYPE_DEFAULT) {
3388 int rc = update_hw_device_encryption_key(DEFAULT_PASSWORD, (char*) crypt_ftr.crypto_type_name);
3389 SLOGD("Update hardware encryption key to default for crypt_type: %d. rc = %d", crypt_type, rc);
3390 if (!rc)
3391 return -1;
3392 } else {
3393 int rc = update_hw_device_encryption_key(newpw, (char*) crypt_ftr.crypto_type_name);
3394 SLOGD("Update hardware encryption key for crypt_type: %d. rc = %d", crypt_type, rc);
3395 if (!rc)
3396 return -1;
3397 }
Ajay Dudani87701e22014-09-17 21:02:52 -07003398 }
3399#endif
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003400 return 0;
3401}
Ken Sumrall160b4d62013-04-22 12:15:39 -07003402
Rubin Xu85c01f92014-10-13 12:49:54 +01003403static unsigned int persist_get_max_entries(int encrypted) {
3404 struct crypt_mnt_ftr crypt_ftr;
3405 unsigned int dsize;
3406 unsigned int max_persistent_entries;
3407
3408 /* If encrypted, use the values from the crypt_ftr, otherwise
3409 * use the values for the current spec.
3410 */
3411 if (encrypted) {
3412 if (get_crypt_ftr_and_key(&crypt_ftr)) {
3413 return -1;
3414 }
3415 dsize = crypt_ftr.persist_data_size;
3416 } else {
3417 dsize = CRYPT_PERSIST_DATA_SIZE;
3418 }
3419
3420 max_persistent_entries = (dsize - sizeof(struct crypt_persist_data)) /
3421 sizeof(struct crypt_persist_entry);
3422
3423 return max_persistent_entries;
3424}
3425
3426static int persist_get_key(const char *fieldname, char *value)
Ken Sumrall160b4d62013-04-22 12:15:39 -07003427{
3428 unsigned int i;
3429
3430 if (persist_data == NULL) {
3431 return -1;
3432 }
3433 for (i = 0; i < persist_data->persist_valid_entries; i++) {
3434 if (!strncmp(persist_data->persist_entry[i].key, fieldname, PROPERTY_KEY_MAX)) {
3435 /* We found it! */
3436 strlcpy(value, persist_data->persist_entry[i].val, PROPERTY_VALUE_MAX);
3437 return 0;
3438 }
3439 }
3440
3441 return -1;
3442}
3443
Rubin Xu85c01f92014-10-13 12:49:54 +01003444static int persist_set_key(const char *fieldname, const char *value, int encrypted)
Ken Sumrall160b4d62013-04-22 12:15:39 -07003445{
3446 unsigned int i;
3447 unsigned int num;
Ken Sumrall160b4d62013-04-22 12:15:39 -07003448 unsigned int max_persistent_entries;
Ken Sumrall160b4d62013-04-22 12:15:39 -07003449
3450 if (persist_data == NULL) {
3451 return -1;
3452 }
3453
Rubin Xu85c01f92014-10-13 12:49:54 +01003454 max_persistent_entries = persist_get_max_entries(encrypted);
Ken Sumrall160b4d62013-04-22 12:15:39 -07003455
3456 num = persist_data->persist_valid_entries;
3457
3458 for (i = 0; i < num; i++) {
3459 if (!strncmp(persist_data->persist_entry[i].key, fieldname, PROPERTY_KEY_MAX)) {
3460 /* We found an existing entry, update it! */
3461 memset(persist_data->persist_entry[i].val, 0, PROPERTY_VALUE_MAX);
3462 strlcpy(persist_data->persist_entry[i].val, value, PROPERTY_VALUE_MAX);
3463 return 0;
3464 }
3465 }
3466
3467 /* We didn't find it, add it to the end, if there is room */
3468 if (persist_data->persist_valid_entries < max_persistent_entries) {
3469 memset(&persist_data->persist_entry[num], 0, sizeof(struct crypt_persist_entry));
3470 strlcpy(persist_data->persist_entry[num].key, fieldname, PROPERTY_KEY_MAX);
3471 strlcpy(persist_data->persist_entry[num].val, value, PROPERTY_VALUE_MAX);
3472 persist_data->persist_valid_entries++;
3473 return 0;
3474 }
3475
3476 return -1;
3477}
3478
Rubin Xu85c01f92014-10-13 12:49:54 +01003479/**
3480 * Test if key is part of the multi-entry (field, index) sequence. Return non-zero if key is in the
3481 * sequence and its index is greater than or equal to index. Return 0 otherwise.
3482 */
3483static int match_multi_entry(const char *key, const char *field, unsigned index) {
Rubin Xu85c01f92014-10-13 12:49:54 +01003484 unsigned int field_len;
3485 unsigned int key_index;
3486 field_len = strlen(field);
3487
3488 if (index == 0) {
3489 // The first key in a multi-entry field is just the filedname itself.
3490 if (!strcmp(key, field)) {
3491 return 1;
3492 }
3493 }
3494 // Match key against "%s_%d" % (field, index)
3495 if (strlen(key) < field_len + 1 + 1) {
3496 // Need at least a '_' and a digit.
3497 return 0;
3498 }
3499 if (strncmp(key, field, field_len)) {
3500 // If the key does not begin with field, it's not a match.
3501 return 0;
3502 }
3503 if (1 != sscanf(&key[field_len],"_%d", &key_index)) {
3504 return 0;
3505 }
3506 return key_index >= index;
3507}
3508
3509/*
3510 * Delete entry/entries from persist_data. If the entries are part of a multi-segment field, all
3511 * remaining entries starting from index will be deleted.
3512 * returns PERSIST_DEL_KEY_OK if deletion succeeds,
3513 * PERSIST_DEL_KEY_ERROR_NO_FIELD if the field does not exist,
3514 * and PERSIST_DEL_KEY_ERROR_OTHER if error occurs.
3515 *
3516 */
3517static int persist_del_keys(const char *fieldname, unsigned index)
3518{
3519 unsigned int i;
3520 unsigned int j;
3521 unsigned int num;
3522
3523 if (persist_data == NULL) {
3524 return PERSIST_DEL_KEY_ERROR_OTHER;
3525 }
3526
3527 num = persist_data->persist_valid_entries;
3528
3529 j = 0; // points to the end of non-deleted entries.
3530 // Filter out to-be-deleted entries in place.
3531 for (i = 0; i < num; i++) {
3532 if (!match_multi_entry(persist_data->persist_entry[i].key, fieldname, index)) {
3533 persist_data->persist_entry[j] = persist_data->persist_entry[i];
3534 j++;
3535 }
3536 }
3537
3538 if (j < num) {
3539 persist_data->persist_valid_entries = j;
3540 // Zeroise the remaining entries
3541 memset(&persist_data->persist_entry[j], 0, (num - j) * sizeof(struct crypt_persist_entry));
3542 return PERSIST_DEL_KEY_OK;
3543 } else {
3544 // Did not find an entry matching the given fieldname
3545 return PERSIST_DEL_KEY_ERROR_NO_FIELD;
3546 }
3547}
3548
3549static int persist_count_keys(const char *fieldname)
3550{
3551 unsigned int i;
3552 unsigned int count;
3553
3554 if (persist_data == NULL) {
3555 return -1;
3556 }
3557
3558 count = 0;
3559 for (i = 0; i < persist_data->persist_valid_entries; i++) {
3560 if (match_multi_entry(persist_data->persist_entry[i].key, fieldname, 0)) {
3561 count++;
3562 }
3563 }
3564
3565 return count;
3566}
3567
Ken Sumrall160b4d62013-04-22 12:15:39 -07003568/* Return the value of the specified field. */
Rubin Xu85c01f92014-10-13 12:49:54 +01003569int cryptfs_getfield(const char *fieldname, char *value, int len)
Ken Sumrall160b4d62013-04-22 12:15:39 -07003570{
Paul Crowley38132a12016-02-09 09:50:32 +00003571 if (e4crypt_is_native()) {
Paul Lawrence5a06a642016-02-03 13:39:13 -08003572 SLOGE("Cannot get field when file encrypted");
3573 return -1;
Paul Lawrence368d7942015-04-15 14:12:00 -07003574 }
3575
Ken Sumrall160b4d62013-04-22 12:15:39 -07003576 char temp_value[PROPERTY_VALUE_MAX];
Rubin Xu85c01f92014-10-13 12:49:54 +01003577 /* CRYPTO_GETFIELD_OK is success,
3578 * CRYPTO_GETFIELD_ERROR_NO_FIELD is value not set,
3579 * CRYPTO_GETFIELD_ERROR_BUF_TOO_SMALL is buffer (as given by len) too small,
3580 * CRYPTO_GETFIELD_ERROR_OTHER is any other error
Ken Sumrall160b4d62013-04-22 12:15:39 -07003581 */
Rubin Xu85c01f92014-10-13 12:49:54 +01003582 int rc = CRYPTO_GETFIELD_ERROR_OTHER;
3583 int i;
3584 char temp_field[PROPERTY_KEY_MAX];
Ken Sumrall160b4d62013-04-22 12:15:39 -07003585
3586 if (persist_data == NULL) {
3587 load_persistent_data();
3588 if (persist_data == NULL) {
3589 SLOGE("Getfield error, cannot load persistent data");
3590 goto out;
3591 }
3592 }
3593
Rubin Xu85c01f92014-10-13 12:49:54 +01003594 // Read value from persistent entries. If the original value is split into multiple entries,
3595 // stitch them back together.
Ken Sumrall160b4d62013-04-22 12:15:39 -07003596 if (!persist_get_key(fieldname, temp_value)) {
Rubin Xu85c01f92014-10-13 12:49:54 +01003597 // We found it, copy it to the caller's buffer and keep going until all entries are read.
3598 if (strlcpy(value, temp_value, len) >= (unsigned) len) {
3599 // value too small
3600 rc = CRYPTO_GETFIELD_ERROR_BUF_TOO_SMALL;
3601 goto out;
3602 }
3603 rc = CRYPTO_GETFIELD_OK;
3604
3605 for (i = 1; /* break explicitly */; i++) {
3606 if (snprintf(temp_field, sizeof(temp_field), "%s_%d", fieldname, i) >=
3607 (int) sizeof(temp_field)) {
3608 // If the fieldname is very long, we stop as soon as it begins to overflow the
3609 // maximum field length. At this point we have in fact fully read out the original
3610 // value because cryptfs_setfield would not allow fields with longer names to be
3611 // written in the first place.
3612 break;
3613 }
3614 if (!persist_get_key(temp_field, temp_value)) {
3615 if (strlcat(value, temp_value, len) >= (unsigned)len) {
3616 // value too small.
3617 rc = CRYPTO_GETFIELD_ERROR_BUF_TOO_SMALL;
3618 goto out;
3619 }
3620 } else {
3621 // Exhaust all entries.
3622 break;
3623 }
3624 }
Ken Sumrall160b4d62013-04-22 12:15:39 -07003625 } else {
3626 /* Sadness, it's not there. Return the error */
Rubin Xu85c01f92014-10-13 12:49:54 +01003627 rc = CRYPTO_GETFIELD_ERROR_NO_FIELD;
Ken Sumrall160b4d62013-04-22 12:15:39 -07003628 }
3629
3630out:
3631 return rc;
3632}
3633
3634/* Set the value of the specified field. */
Rubin Xu85c01f92014-10-13 12:49:54 +01003635int cryptfs_setfield(const char *fieldname, const char *value)
Ken Sumrall160b4d62013-04-22 12:15:39 -07003636{
Paul Crowley38132a12016-02-09 09:50:32 +00003637 if (e4crypt_is_native()) {
Paul Lawrence5a06a642016-02-03 13:39:13 -08003638 SLOGE("Cannot set field when file encrypted");
3639 return -1;
Paul Lawrence368d7942015-04-15 14:12:00 -07003640 }
3641
Ken Sumrall160b4d62013-04-22 12:15:39 -07003642 char encrypted_state[PROPERTY_VALUE_MAX];
Rubin Xu85c01f92014-10-13 12:49:54 +01003643 /* 0 is success, negative values are error */
3644 int rc = CRYPTO_SETFIELD_ERROR_OTHER;
Ken Sumrall160b4d62013-04-22 12:15:39 -07003645 int encrypted = 0;
Rubin Xu85c01f92014-10-13 12:49:54 +01003646 unsigned int field_id;
3647 char temp_field[PROPERTY_KEY_MAX];
3648 unsigned int num_entries;
3649 unsigned int max_keylen;
Ken Sumrall160b4d62013-04-22 12:15:39 -07003650
3651 if (persist_data == NULL) {
3652 load_persistent_data();
3653 if (persist_data == NULL) {
3654 SLOGE("Setfield error, cannot load persistent data");
3655 goto out;
3656 }
3657 }
3658
3659 property_get("ro.crypto.state", encrypted_state, "");
3660 if (!strcmp(encrypted_state, "encrypted") ) {
3661 encrypted = 1;
3662 }
3663
Rubin Xu85c01f92014-10-13 12:49:54 +01003664 // Compute the number of entries required to store value, each entry can store up to
3665 // (PROPERTY_VALUE_MAX - 1) chars
3666 if (strlen(value) == 0) {
3667 // Empty value also needs one entry to store.
3668 num_entries = 1;
3669 } else {
3670 num_entries = (strlen(value) + (PROPERTY_VALUE_MAX - 1) - 1) / (PROPERTY_VALUE_MAX - 1);
3671 }
3672
3673 max_keylen = strlen(fieldname);
3674 if (num_entries > 1) {
3675 // Need an extra "_%d" suffix.
3676 max_keylen += 1 + log10(num_entries);
3677 }
3678 if (max_keylen > PROPERTY_KEY_MAX - 1) {
3679 rc = CRYPTO_SETFIELD_ERROR_FIELD_TOO_LONG;
Ken Sumrall160b4d62013-04-22 12:15:39 -07003680 goto out;
3681 }
3682
Rubin Xu85c01f92014-10-13 12:49:54 +01003683 // Make sure we have enough space to write the new value
3684 if (persist_data->persist_valid_entries + num_entries - persist_count_keys(fieldname) >
3685 persist_get_max_entries(encrypted)) {
3686 rc = CRYPTO_SETFIELD_ERROR_VALUE_TOO_LONG;
3687 goto out;
3688 }
3689
3690 // Now that we know persist_data has enough space for value, let's delete the old field first
3691 // to make up space.
3692 persist_del_keys(fieldname, 0);
3693
3694 if (persist_set_key(fieldname, value, encrypted)) {
3695 // fail to set key, should not happen as we have already checked the available space
3696 SLOGE("persist_set_key() error during setfield()");
3697 goto out;
3698 }
3699
3700 for (field_id = 1; field_id < num_entries; field_id++) {
3701 snprintf(temp_field, sizeof(temp_field), "%s_%d", fieldname, field_id);
3702
3703 if (persist_set_key(temp_field, value + field_id * (PROPERTY_VALUE_MAX - 1), encrypted)) {
3704 // fail to set key, should not happen as we have already checked the available space.
3705 SLOGE("persist_set_key() error during setfield()");
3706 goto out;
3707 }
3708 }
3709
Ken Sumrall160b4d62013-04-22 12:15:39 -07003710 /* If we are running encrypted, save the persistent data now */
3711 if (encrypted) {
3712 if (save_persistent_data()) {
3713 SLOGE("Setfield error, cannot save persistent data");
3714 goto out;
3715 }
3716 }
3717
Rubin Xu85c01f92014-10-13 12:49:54 +01003718 rc = CRYPTO_SETFIELD_OK;
Ken Sumrall160b4d62013-04-22 12:15:39 -07003719
3720out:
3721 return rc;
3722}
Paul Lawrencef4faa572014-01-29 13:31:03 -08003723
3724/* Checks userdata. Attempt to mount the volume if default-
3725 * encrypted.
3726 * On success trigger next init phase and return 0.
3727 * Currently do not handle failure - see TODO below.
3728 */
3729int cryptfs_mount_default_encrypted(void)
3730{
Paul Lawrence84274cc2016-04-15 15:41:33 -07003731 int crypt_type = cryptfs_get_password_type();
3732 if (crypt_type < 0 || crypt_type > CRYPT_TYPE_MAX_TYPE) {
3733 SLOGE("Bad crypt type - error");
3734 } else if (crypt_type != CRYPT_TYPE_DEFAULT) {
3735 SLOGD("Password is not default - "
3736 "starting min framework to prompt");
3737 property_set("vold.decrypt", "trigger_restart_min_framework");
3738 return 0;
3739 } else if (cryptfs_check_passwd(DEFAULT_PASSWORD) == 0) {
3740 SLOGD("Password is default - restarting filesystem");
3741 cryptfs_restart_internal(0);
3742 return 0;
Paul Lawrencef4faa572014-01-29 13:31:03 -08003743 } else {
Paul Lawrence84274cc2016-04-15 15:41:33 -07003744 SLOGE("Encrypted, default crypt type but can't decrypt");
Paul Lawrencef4faa572014-01-29 13:31:03 -08003745 }
3746
Paul Lawrence6bfed202014-07-28 12:47:22 -07003747 /** Corrupt. Allow us to boot into framework, which will detect bad
3748 crypto when it calls do_crypto_complete, then do a factory reset
Paul Lawrencef4faa572014-01-29 13:31:03 -08003749 */
Paul Lawrence6bfed202014-07-28 12:47:22 -07003750 property_set("vold.decrypt", "trigger_restart_min_framework");
Paul Lawrencef4faa572014-01-29 13:31:03 -08003751 return 0;
3752}
3753
3754/* Returns type of the password, default, pattern, pin or password.
3755 */
3756int cryptfs_get_password_type(void)
3757{
Paul Crowley38132a12016-02-09 09:50:32 +00003758 if (e4crypt_is_native()) {
Paul Lawrence7b6b5652016-02-02 11:14:59 -08003759 SLOGE("cryptfs_get_password_type not valid for file encryption");
3760 return -1;
Paul Lawrence05335c32015-03-05 09:46:23 -08003761 }
3762
Paul Lawrencef4faa572014-01-29 13:31:03 -08003763 struct crypt_mnt_ftr crypt_ftr;
3764
3765 if (get_crypt_ftr_and_key(&crypt_ftr)) {
3766 SLOGE("Error getting crypt footer and key\n");
3767 return -1;
3768 }
3769
Paul Lawrence6bfed202014-07-28 12:47:22 -07003770 if (crypt_ftr.flags & CRYPT_INCONSISTENT_STATE) {
3771 return -1;
3772 }
3773
Paul Lawrencef4faa572014-01-29 13:31:03 -08003774 return crypt_ftr.crypt_type;
3775}
Paul Lawrence684dbdf2014-02-07 12:07:22 -08003776
Paul Lawrence05335c32015-03-05 09:46:23 -08003777const char* cryptfs_get_password()
Paul Lawrence684dbdf2014-02-07 12:07:22 -08003778{
Paul Crowley38132a12016-02-09 09:50:32 +00003779 if (e4crypt_is_native()) {
Paul Lawrence7b6b5652016-02-02 11:14:59 -08003780 SLOGE("cryptfs_get_password not valid for file encryption");
3781 return 0;
Paul Lawrence05335c32015-03-05 09:46:23 -08003782 }
3783
Paul Lawrence399317e2014-03-10 13:20:50 -07003784 struct timespec now;
Paul Lawrenceef2b5be2014-11-11 12:47:03 -08003785 clock_gettime(CLOCK_BOOTTIME, &now);
Paul Lawrence399317e2014-03-10 13:20:50 -07003786 if (now.tv_sec < password_expiry_time) {
3787 return password;
3788 } else {
3789 cryptfs_clear_password();
3790 return 0;
3791 }
3792}
3793
3794void cryptfs_clear_password()
3795{
3796 if (password) {
3797 size_t len = strlen(password);
3798 memset(password, 0, len);
3799 free(password);
3800 password = 0;
3801 password_expiry_time = 0;
3802 }
Paul Lawrence684dbdf2014-02-07 12:07:22 -08003803}
Paul Lawrence731a7a22015-04-28 22:14:15 +00003804
3805int cryptfs_enable_file()
3806{
Paul Crowley38132a12016-02-09 09:50:32 +00003807 return e4crypt_initialize_global_de();
Paul Lawrence731a7a22015-04-28 22:14:15 +00003808}
3809
Paul Lawrence0c247462015-10-29 10:30:57 -07003810int cryptfs_isConvertibleToFBE()
3811{
3812 struct fstab_rec* rec = fs_mgr_get_entry_for_mount_point(fstab, DATA_MNT_POINT);
3813 return fs_mgr_is_convertible_to_fbe(rec) ? 1 : 0;
3814}
3815
Paul Lawrence731a7a22015-04-28 22:14:15 +00003816int cryptfs_create_default_ftr(struct crypt_mnt_ftr* crypt_ftr, __attribute__((unused))int key_length)
3817{
3818 if (cryptfs_init_crypt_mnt_ftr(crypt_ftr)) {
3819 SLOGE("Failed to initialize crypt_ftr");
3820 return -1;
3821 }
3822
3823 if (create_encrypted_random_key(DEFAULT_PASSWORD, crypt_ftr->master_key,
3824 crypt_ftr->salt, crypt_ftr)) {
3825 SLOGE("Cannot create encrypted master key\n");
3826 return -1;
3827 }
3828
3829 //crypt_ftr->keysize = key_length / 8;
3830 return 0;
3831}
3832
3833int cryptfs_get_master_key(struct crypt_mnt_ftr* ftr, const char* password,
3834 unsigned char* master_key)
3835{
3836 int rc;
3837
Paul Lawrence731a7a22015-04-28 22:14:15 +00003838 unsigned char* intermediate_key = 0;
3839 size_t intermediate_key_size = 0;
Paul Lawrencec78c71b2015-04-14 15:26:29 -07003840
3841 if (password == 0 || *password == 0) {
3842 password = DEFAULT_PASSWORD;
3843 }
3844
Paul Lawrence731a7a22015-04-28 22:14:15 +00003845 rc = decrypt_master_key(password, master_key, ftr, &intermediate_key,
3846 &intermediate_key_size);
3847
Paul Lawrence300dae72016-03-11 11:02:52 -08003848 if (rc) {
3849 SLOGE("Can't calculate intermediate key");
3850 return rc;
3851 }
3852
Paul Lawrencec78c71b2015-04-14 15:26:29 -07003853 int N = 1 << ftr->N_factor;
3854 int r = 1 << ftr->r_factor;
3855 int p = 1 << ftr->p_factor;
3856
3857 unsigned char scrypted_intermediate_key[sizeof(ftr->scrypted_intermediate_key)];
3858
3859 rc = crypto_scrypt(intermediate_key, intermediate_key_size,
3860 ftr->salt, sizeof(ftr->salt), N, r, p,
3861 scrypted_intermediate_key,
3862 sizeof(scrypted_intermediate_key));
3863
3864 free(intermediate_key);
3865
3866 if (rc) {
Paul Lawrence300dae72016-03-11 11:02:52 -08003867 SLOGE("Can't scrypt intermediate key");
Paul Lawrencec78c71b2015-04-14 15:26:29 -07003868 return rc;
3869 }
3870
3871 return memcmp(scrypted_intermediate_key, ftr->scrypted_intermediate_key,
3872 intermediate_key_size);
Paul Lawrence731a7a22015-04-28 22:14:15 +00003873}
3874
3875int cryptfs_set_password(struct crypt_mnt_ftr* ftr, const char* password,
3876 const unsigned char* master_key)
3877{
3878 return encrypt_master_key(password, ftr->salt, master_key, ftr->master_key,
3879 ftr);
3880}
Paul Lawrence6e410592016-05-24 14:20:38 -07003881
3882const char* cryptfs_get_file_encryption_mode()
3883{
3884 struct fstab_rec* rec = fs_mgr_get_entry_for_mount_point(fstab, DATA_MNT_POINT);
3885 return fs_mgr_get_file_encryption_mode(rec);
3886}