blob: 154feeed6762b878fa91944b86ae742ed5b4b840 [file] [log] [blame]
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001/*
2 * Copyright (C) 2010 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17/* TO DO:
18 * 1. Perhaps keep several copies of the encrypted key, in case something
19 * goes horribly wrong?
20 *
21 */
22
23#include <sys/types.h>
Ken Sumralle550f782013-08-20 13:48:23 -070024#include <sys/wait.h>
Ken Sumrall8f869aa2010-12-03 03:47:09 -080025#include <sys/stat.h>
Paul Lawrencef4faa572014-01-29 13:31:03 -080026#include <ctype.h>
Ken Sumrall8f869aa2010-12-03 03:47:09 -080027#include <fcntl.h>
Elliott Hughes73737162014-06-25 17:27:42 -070028#include <inttypes.h>
Ken Sumrall8f869aa2010-12-03 03:47:09 -080029#include <unistd.h>
30#include <stdio.h>
31#include <sys/ioctl.h>
32#include <linux/dm-ioctl.h>
33#include <libgen.h>
34#include <stdlib.h>
35#include <sys/param.h>
36#include <string.h>
37#include <sys/mount.h>
38#include <openssl/evp.h>
Adam Langley41405bb2015-01-22 16:45:28 -080039#include <openssl/sha.h>
Ken Sumrall8f869aa2010-12-03 03:47:09 -080040#include <errno.h>
Ken Sumrall3ed82362011-01-28 23:31:16 -080041#include <ext4.h>
Ken Sumrall29d8da82011-05-18 17:20:07 -070042#include <linux/kdev_t.h>
Ken Sumralle5032c42012-04-01 23:58:44 -070043#include <fs_mgr.h>
Paul Lawrence9c58a872014-09-30 09:12:51 -070044#include <time.h>
Rubin Xu85c01f92014-10-13 12:49:54 +010045#include <math.h>
Ken Sumrall8f869aa2010-12-03 03:47:09 -080046#include "cryptfs.h"
47#define LOG_TAG "Cryptfs"
48#include "cutils/log.h"
49#include "cutils/properties.h"
Ken Sumralladfba362013-06-04 16:37:52 -070050#include "cutils/android_reboot.h"
Ken Sumrall5d4c68e2011-01-30 19:06:03 -080051#include "hardware_legacy/power.h"
Ken Sumralle550f782013-08-20 13:48:23 -070052#include <logwrap/logwrap.h>
Ken Sumrall29d8da82011-05-18 17:20:07 -070053#include "VolumeManager.h"
Ken Sumrall9caab762013-06-11 19:10:20 -070054#include "VoldUtil.h"
Kenny Rootc4c70f12013-06-14 12:11:38 -070055#include "crypto_scrypt.h"
Paul Lawrence707fd6c2015-04-28 22:14:15 +000056#include "Ext4Crypt.h"
57#include "ext4_crypt_init_extensions.h"
Paul Lawrenceae59fe62014-01-21 08:23:27 -080058#include "ext4_utils.h"
Daniel Rosenberge82df162014-08-15 22:19:23 +000059#include "f2fs_sparseblock.h"
Paul Lawrence87999172014-02-20 12:21:31 -080060#include "CheckBattery.h"
jessica_yu3f14fe42014-09-22 15:57:40 +080061#include "Process.h"
Ken Sumrall8f869aa2010-12-03 03:47:09 -080062
Shawn Willden8af33352015-02-24 09:51:34 -070063#include <hardware/keymaster0.h>
Paul Lawrence69f4ebd2014-04-14 12:17:14 -070064
Mark Salyzyn3e971272014-01-21 13:27:04 -080065#define UNUSED __attribute__((unused))
66
Mark Salyzyn5eecc442014-02-12 14:16:14 -080067#define UNUSED __attribute__((unused))
68
Ajay Dudani87701e22014-09-17 21:02:52 -070069#ifdef CONFIG_HW_DISK_ENCRYPTION
70#include "cryptfs_hw.h"
71#endif
72
Ken Sumrall8f869aa2010-12-03 03:47:09 -080073#define DM_CRYPT_BUF_SIZE 4096
74
Jason parks70a4b3f2011-01-28 10:10:47 -060075#define HASH_COUNT 2000
76#define KEY_LEN_BYTES 16
77#define IV_LEN_BYTES 16
78
Ken Sumrall29d8da82011-05-18 17:20:07 -070079#define KEY_IN_FOOTER "footer"
80
Paul Lawrencef4faa572014-01-29 13:31:03 -080081// "default_password" encoded into hex (d=0x64 etc)
82#define DEFAULT_PASSWORD "64656661756c745f70617373776f7264"
83
Ken Sumrall29d8da82011-05-18 17:20:07 -070084#define EXT4_FS 1
JP Abgrall62c7af32014-06-16 13:01:23 -070085#define F2FS_FS 2
Ken Sumrall29d8da82011-05-18 17:20:07 -070086
Ken Sumralle919efe2012-09-29 17:07:41 -070087#define TABLE_LOAD_RETRIES 10
88
Shawn Willden47ba10d2014-09-03 17:07:06 -060089#define RSA_KEY_SIZE 2048
90#define RSA_KEY_SIZE_BYTES (RSA_KEY_SIZE / 8)
91#define RSA_EXPONENT 0x10001
Paul Lawrence69f4ebd2014-04-14 12:17:14 -070092
Paul Lawrence8e3f4512014-09-08 10:11:17 -070093#define RETRY_MOUNT_ATTEMPTS 10
94#define RETRY_MOUNT_DELAY_SECONDS 1
95
Ken Sumrall8f869aa2010-12-03 03:47:09 -080096char *me = "cryptfs";
97
Jason parks70a4b3f2011-01-28 10:10:47 -060098static unsigned char saved_master_key[KEY_LEN_BYTES];
Ken Sumrall3ad90722011-10-04 20:38:29 -070099static char *saved_mount_point;
Jason parks70a4b3f2011-01-28 10:10:47 -0600100static int master_key_saved = 0;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700101static struct crypt_persist_data *persist_data = NULL;
Ken Sumrall56ad03c2013-02-13 13:00:19 -0800102
Shawn Willden8af33352015-02-24 09:51:34 -0700103static int keymaster_init(keymaster0_device_t **keymaster_dev)
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700104{
105 int rc;
106
107 const hw_module_t* mod;
108 rc = hw_get_module_by_class(KEYSTORE_HARDWARE_MODULE_ID, NULL, &mod);
109 if (rc) {
110 ALOGE("could not find any keystore module");
111 goto out;
112 }
113
Shawn Willden8af33352015-02-24 09:51:34 -0700114 rc = keymaster0_open(mod, keymaster_dev);
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700115 if (rc) {
116 ALOGE("could not open keymaster device in %s (%s)",
117 KEYSTORE_HARDWARE_MODULE_ID, strerror(-rc));
118 goto out;
119 }
120
121 return 0;
122
123out:
124 *keymaster_dev = NULL;
125 return rc;
126}
127
128/* Should we use keymaster? */
129static int keymaster_check_compatibility()
130{
Shawn Willden8af33352015-02-24 09:51:34 -0700131 keymaster0_device_t *keymaster_dev = 0;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700132 int rc = 0;
133
134 if (keymaster_init(&keymaster_dev)) {
135 SLOGE("Failed to init keymaster");
136 rc = -1;
137 goto out;
138 }
139
Paul Lawrence8c008392014-05-06 14:02:48 -0700140 SLOGI("keymaster version is %d", keymaster_dev->common.module->module_api_version);
141
142 if (keymaster_dev->common.module->module_api_version
143 < KEYMASTER_MODULE_API_VERSION_0_3) {
144 rc = 0;
145 goto out;
146 }
147
Shawn Willden7c49ab02014-10-30 08:12:32 -0600148 if (!(keymaster_dev->flags & KEYMASTER_SOFTWARE_ONLY) &&
149 (keymaster_dev->flags & KEYMASTER_BLOBS_ARE_STANDALONE)) {
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700150 rc = 1;
151 }
152
153out:
Shawn Willden8af33352015-02-24 09:51:34 -0700154 keymaster0_close(keymaster_dev);
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700155 return rc;
156}
157
158/* Create a new keymaster key and store it in this footer */
159static int keymaster_create_key(struct crypt_mnt_ftr *ftr)
160{
161 uint8_t* key = 0;
Shawn Willden8af33352015-02-24 09:51:34 -0700162 keymaster0_device_t *keymaster_dev = 0;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700163
164 if (keymaster_init(&keymaster_dev)) {
165 SLOGE("Failed to init keymaster");
166 return -1;
167 }
168
169 int rc = 0;
170
171 keymaster_rsa_keygen_params_t params;
172 memset(&params, '\0', sizeof(params));
Shawn Willden47ba10d2014-09-03 17:07:06 -0600173 params.public_exponent = RSA_EXPONENT;
174 params.modulus_size = RSA_KEY_SIZE;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700175
176 size_t key_size;
177 if (keymaster_dev->generate_keypair(keymaster_dev, TYPE_RSA, &params,
178 &key, &key_size)) {
179 SLOGE("Failed to generate keypair");
180 rc = -1;
181 goto out;
182 }
183
184 if (key_size > KEYMASTER_BLOB_SIZE) {
185 SLOGE("Keymaster key too large for crypto footer");
186 rc = -1;
187 goto out;
188 }
189
190 memcpy(ftr->keymaster_blob, key, key_size);
191 ftr->keymaster_blob_size = key_size;
192
193out:
Shawn Willden8af33352015-02-24 09:51:34 -0700194 keymaster0_close(keymaster_dev);
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700195 free(key);
196 return rc;
197}
198
Shawn Willdene17a9c42014-09-08 13:04:08 -0600199/* This signs the given object using the keymaster key. */
200static int keymaster_sign_object(struct crypt_mnt_ftr *ftr,
Shawn Willden47ba10d2014-09-03 17:07:06 -0600201 const unsigned char *object,
202 const size_t object_size,
203 unsigned char **signature,
204 size_t *signature_size)
205{
206 int rc = 0;
Shawn Willden8af33352015-02-24 09:51:34 -0700207 keymaster0_device_t *keymaster_dev = 0;
Shawn Willden47ba10d2014-09-03 17:07:06 -0600208 if (keymaster_init(&keymaster_dev)) {
209 SLOGE("Failed to init keymaster");
210 return -1;
211 }
212
213 /* We currently set the digest type to DIGEST_NONE because it's the
214 * only supported value for keymaster. A similar issue exists with
215 * PADDING_NONE. Long term both of these should likely change.
216 */
217 keymaster_rsa_sign_params_t params;
218 params.digest_type = DIGEST_NONE;
219 params.padding_type = PADDING_NONE;
220
221 unsigned char to_sign[RSA_KEY_SIZE_BYTES];
Shawn Willdene17a9c42014-09-08 13:04:08 -0600222 size_t to_sign_size = sizeof(to_sign);
Shawn Willden47ba10d2014-09-03 17:07:06 -0600223 memset(to_sign, 0, RSA_KEY_SIZE_BYTES);
Shawn Willden47ba10d2014-09-03 17:07:06 -0600224
Shawn Willdene17a9c42014-09-08 13:04:08 -0600225 // To sign a message with RSA, the message must satisfy two
226 // constraints:
227 //
228 // 1. The message, when interpreted as a big-endian numeric value, must
229 // be strictly less than the public modulus of the RSA key. Note
230 // that because the most significant bit of the public modulus is
231 // guaranteed to be 1 (else it's an (n-1)-bit key, not an n-bit
232 // key), an n-bit message with most significant bit 0 always
233 // satisfies this requirement.
234 //
235 // 2. The message must have the same length in bits as the public
236 // modulus of the RSA key. This requirement isn't mathematically
237 // necessary, but is necessary to ensure consistency in
238 // implementations.
239 switch (ftr->kdf_type) {
Shawn Willdene17a9c42014-09-08 13:04:08 -0600240 case KDF_SCRYPT_KEYMASTER:
241 // This ensures the most significant byte of the signed message
242 // is zero. We could have zero-padded to the left instead, but
243 // this approach is slightly more robust against changes in
244 // object size. However, it's still broken (but not unusably
245 // so) because we really should be using a proper RSA padding
246 // function, such as OAEP.
247 //
248 // TODO(paullawrence): When keymaster 0.4 is available, change
249 // this to use the padding options it provides.
250 memcpy(to_sign + 1, object, min(RSA_KEY_SIZE_BYTES - 1, object_size));
251 SLOGI("Signing safely-padded object");
252 break;
253 default:
254 SLOGE("Unknown KDF type %d", ftr->kdf_type);
255 return -1;
256 }
257
Shawn Willden47ba10d2014-09-03 17:07:06 -0600258 rc = keymaster_dev->sign_data(keymaster_dev,
259 &params,
260 ftr->keymaster_blob,
261 ftr->keymaster_blob_size,
262 to_sign,
Shawn Willdene17a9c42014-09-08 13:04:08 -0600263 to_sign_size,
Shawn Willden47ba10d2014-09-03 17:07:06 -0600264 signature,
265 signature_size);
266
Shawn Willden8af33352015-02-24 09:51:34 -0700267 keymaster0_close(keymaster_dev);
Shawn Willden47ba10d2014-09-03 17:07:06 -0600268 return rc;
269}
270
Paul Lawrence399317e2014-03-10 13:20:50 -0700271/* Store password when userdata is successfully decrypted and mounted.
272 * Cleared by cryptfs_clear_password
273 *
274 * To avoid a double prompt at boot, we need to store the CryptKeeper
275 * password and pass it to KeyGuard, which uses it to unlock KeyStore.
276 * Since the entire framework is torn down and rebuilt after encryption,
277 * we have to use a daemon or similar to store the password. Since vold
278 * is secured against IPC except from system processes, it seems a reasonable
279 * place to store this.
280 *
281 * password should be cleared once it has been used.
282 *
283 * password is aged out after password_max_age_seconds seconds.
Paul Lawrence684dbdf2014-02-07 12:07:22 -0800284 */
Paul Lawrence399317e2014-03-10 13:20:50 -0700285static char* password = 0;
286static int password_expiry_time = 0;
287static const int password_max_age_seconds = 60;
Paul Lawrence684dbdf2014-02-07 12:07:22 -0800288
Ken Sumrall56ad03c2013-02-13 13:00:19 -0800289extern struct fstab *fstab;
Ken Sumrall8ddbe402011-01-17 15:26:29 -0800290
Paul Lawrence87999172014-02-20 12:21:31 -0800291enum RebootType {reboot, recovery, shutdown};
292static void cryptfs_reboot(enum RebootType rt)
Ken Sumralladfba362013-06-04 16:37:52 -0700293{
Paul Lawrence87999172014-02-20 12:21:31 -0800294 switch(rt) {
295 case reboot:
296 property_set(ANDROID_RB_PROPERTY, "reboot");
297 break;
298
299 case recovery:
300 property_set(ANDROID_RB_PROPERTY, "reboot,recovery");
301 break;
302
303 case shutdown:
304 property_set(ANDROID_RB_PROPERTY, "shutdown");
305 break;
Ken Sumralladfba362013-06-04 16:37:52 -0700306 }
Paul Lawrence87999172014-02-20 12:21:31 -0800307
Ken Sumralladfba362013-06-04 16:37:52 -0700308 sleep(20);
309
310 /* Shouldn't get here, reboot should happen before sleep times out */
311 return;
312}
313
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800314static void ioctl_init(struct dm_ioctl *io, size_t dataSize, const char *name, unsigned flags)
315{
316 memset(io, 0, dataSize);
317 io->data_size = dataSize;
318 io->data_start = sizeof(struct dm_ioctl);
319 io->version[0] = 4;
320 io->version[1] = 0;
321 io->version[2] = 0;
322 io->flags = flags;
323 if (name) {
Marek Pola5e6b9142015-02-05 14:22:34 +0100324 strlcpy(io->name, name, sizeof(io->name));
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800325 }
326}
327
Kenny Rootc4c70f12013-06-14 12:11:38 -0700328/**
329 * Gets the default device scrypt parameters for key derivation time tuning.
330 * The parameters should lead to about one second derivation time for the
331 * given device.
332 */
333static void get_device_scrypt_params(struct crypt_mnt_ftr *ftr) {
334 const int default_params[] = SCRYPT_DEFAULTS;
335 int params[] = SCRYPT_DEFAULTS;
336 char paramstr[PROPERTY_VALUE_MAX];
337 char *token;
338 char *saveptr;
339 int i;
340
341 property_get(SCRYPT_PROP, paramstr, "");
342 if (paramstr[0] != '\0') {
343 /*
344 * The token we're looking for should be three integers separated by
345 * colons (e.g., "12:8:1"). Scan the property to make sure it matches.
346 */
Kenny Root2947e342013-08-14 15:54:49 -0700347 for (i = 0, token = strtok_r(paramstr, ":", &saveptr);
348 token != NULL && i < 3;
Kenny Rootc4c70f12013-06-14 12:11:38 -0700349 i++, token = strtok_r(NULL, ":", &saveptr)) {
350 char *endptr;
351 params[i] = strtol(token, &endptr, 10);
352
353 /*
354 * Check that there was a valid number and it's 8-bit. If not,
355 * break out and the end check will take the default values.
356 */
357 if ((*token == '\0') || (*endptr != '\0') || params[i] < 0 || params[i] > 255) {
358 break;
359 }
360 }
361
362 /*
363 * If there were not enough tokens or a token was malformed (not an
364 * integer), it will end up here and the default parameters can be
365 * taken.
366 */
367 if ((i != 3) || (token != NULL)) {
368 SLOGW("bad scrypt parameters '%s' should be like '12:8:1'; using defaults", paramstr);
369 memcpy(params, default_params, sizeof(params));
370 }
371 }
372
373 ftr->N_factor = params[0];
374 ftr->r_factor = params[1];
375 ftr->p_factor = params[2];
376}
377
Ken Sumrall3ed82362011-01-28 23:31:16 -0800378static unsigned int get_fs_size(char *dev)
379{
380 int fd, block_size;
381 struct ext4_super_block sb;
382 off64_t len;
383
Jeff Sharkeyce6a9132015-04-08 21:07:21 -0700384 if ((fd = open(dev, O_RDONLY|O_CLOEXEC)) < 0) {
Ken Sumrall3ed82362011-01-28 23:31:16 -0800385 SLOGE("Cannot open device to get filesystem size ");
386 return 0;
387 }
388
389 if (lseek64(fd, 1024, SEEK_SET) < 0) {
390 SLOGE("Cannot seek to superblock");
391 return 0;
392 }
393
394 if (read(fd, &sb, sizeof(sb)) != sizeof(sb)) {
395 SLOGE("Cannot read superblock");
396 return 0;
397 }
398
399 close(fd);
400
Daniel Rosenberge82df162014-08-15 22:19:23 +0000401 if (le32_to_cpu(sb.s_magic) != EXT4_SUPER_MAGIC) {
402 SLOGE("Not a valid ext4 superblock");
403 return 0;
404 }
Ken Sumrall3ed82362011-01-28 23:31:16 -0800405 block_size = 1024 << sb.s_log_block_size;
406 /* compute length in bytes */
407 len = ( ((off64_t)sb.s_blocks_count_hi << 32) + sb.s_blocks_count_lo) * block_size;
408
409 /* return length in sectors */
410 return (unsigned int) (len / 512);
411}
412
Ken Sumrall160b4d62013-04-22 12:15:39 -0700413static int get_crypt_ftr_info(char **metadata_fname, off64_t *off)
414{
415 static int cached_data = 0;
416 static off64_t cached_off = 0;
417 static char cached_metadata_fname[PROPERTY_VALUE_MAX] = "";
418 int fd;
419 char key_loc[PROPERTY_VALUE_MAX];
420 char real_blkdev[PROPERTY_VALUE_MAX];
Ken Sumrall160b4d62013-04-22 12:15:39 -0700421 int rc = -1;
422
423 if (!cached_data) {
424 fs_mgr_get_crypt_info(fstab, key_loc, real_blkdev, sizeof(key_loc));
425
426 if (!strcmp(key_loc, KEY_IN_FOOTER)) {
Jeff Sharkeyce6a9132015-04-08 21:07:21 -0700427 if ( (fd = open(real_blkdev, O_RDWR|O_CLOEXEC)) < 0) {
Ken Sumrall160b4d62013-04-22 12:15:39 -0700428 SLOGE("Cannot open real block device %s\n", real_blkdev);
429 return -1;
430 }
431
Hiroaki Miyazawa14eab552015-02-04 13:29:15 +0900432 unsigned long nr_sec = 0;
433 get_blkdev_size(fd, &nr_sec);
434 if (nr_sec != 0) {
Ken Sumrall160b4d62013-04-22 12:15:39 -0700435 /* If it's an encrypted Android partition, the last 16 Kbytes contain the
436 * encryption info footer and key, and plenty of bytes to spare for future
437 * growth.
438 */
439 strlcpy(cached_metadata_fname, real_blkdev, sizeof(cached_metadata_fname));
440 cached_off = ((off64_t)nr_sec * 512) - CRYPT_FOOTER_OFFSET;
441 cached_data = 1;
442 } else {
443 SLOGE("Cannot get size of block device %s\n", real_blkdev);
444 }
445 close(fd);
446 } else {
447 strlcpy(cached_metadata_fname, key_loc, sizeof(cached_metadata_fname));
448 cached_off = 0;
449 cached_data = 1;
450 }
451 }
452
453 if (cached_data) {
454 if (metadata_fname) {
455 *metadata_fname = cached_metadata_fname;
456 }
457 if (off) {
458 *off = cached_off;
459 }
460 rc = 0;
461 }
462
463 return rc;
464}
465
Ken Sumralle8744072011-01-18 22:01:55 -0800466/* key or salt can be NULL, in which case just skip writing that value. Useful to
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800467 * update the failed mount count but not change the key.
468 */
Ken Sumrall160b4d62013-04-22 12:15:39 -0700469static int put_crypt_ftr_and_key(struct crypt_mnt_ftr *crypt_ftr)
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800470{
471 int fd;
Tim Murray8439dc92014-12-15 11:56:11 -0800472 unsigned int cnt;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700473 /* starting_off is set to the SEEK_SET offset
474 * where the crypto structure starts
475 */
476 off64_t starting_off;
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800477 int rc = -1;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700478 char *fname = NULL;
Ken Sumrall3be890f2011-09-14 16:53:46 -0700479 struct stat statbuf;
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800480
Ken Sumrall160b4d62013-04-22 12:15:39 -0700481 if (get_crypt_ftr_info(&fname, &starting_off)) {
482 SLOGE("Unable to get crypt_ftr_info\n");
483 return -1;
484 }
485 if (fname[0] != '/') {
Ken Sumralle5032c42012-04-01 23:58:44 -0700486 SLOGE("Unexpected value for crypto key location\n");
Ken Sumrall160b4d62013-04-22 12:15:39 -0700487 return -1;
488 }
Jeff Sharkeyce6a9132015-04-08 21:07:21 -0700489 if ( (fd = open(fname, O_RDWR | O_CREAT|O_CLOEXEC, 0600)) < 0) {
Ken Sumralle550f782013-08-20 13:48:23 -0700490 SLOGE("Cannot open footer file %s for put\n", fname);
Ken Sumrall160b4d62013-04-22 12:15:39 -0700491 return -1;
492 }
493
494 /* Seek to the start of the crypt footer */
495 if (lseek64(fd, starting_off, SEEK_SET) == -1) {
496 SLOGE("Cannot seek to real block device footer\n");
497 goto errout;
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800498 }
499
500 if ((cnt = write(fd, crypt_ftr, sizeof(struct crypt_mnt_ftr))) != sizeof(struct crypt_mnt_ftr)) {
501 SLOGE("Cannot write real block device footer\n");
502 goto errout;
503 }
504
Ken Sumrall3be890f2011-09-14 16:53:46 -0700505 fstat(fd, &statbuf);
506 /* If the keys are kept on a raw block device, do not try to truncate it. */
Ken Sumralle550f782013-08-20 13:48:23 -0700507 if (S_ISREG(statbuf.st_mode)) {
Ken Sumrall29d8da82011-05-18 17:20:07 -0700508 if (ftruncate(fd, 0x4000)) {
Colin Cross59846b62014-02-06 20:34:29 -0800509 SLOGE("Cannot set footer file size\n");
Ken Sumralle8744072011-01-18 22:01:55 -0800510 goto errout;
511 }
512 }
513
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800514 /* Success! */
515 rc = 0;
516
517errout:
518 close(fd);
519 return rc;
520
521}
522
Ken Sumrall160b4d62013-04-22 12:15:39 -0700523static inline int unix_read(int fd, void* buff, int len)
524{
525 return TEMP_FAILURE_RETRY(read(fd, buff, len));
526}
527
528static inline int unix_write(int fd, const void* buff, int len)
529{
530 return TEMP_FAILURE_RETRY(write(fd, buff, len));
531}
532
533static void init_empty_persist_data(struct crypt_persist_data *pdata, int len)
534{
535 memset(pdata, 0, len);
536 pdata->persist_magic = PERSIST_DATA_MAGIC;
537 pdata->persist_valid_entries = 0;
538}
539
540/* A routine to update the passed in crypt_ftr to the lastest version.
541 * fd is open read/write on the device that holds the crypto footer and persistent
542 * data, crypt_ftr is a pointer to the struct to be updated, and offset is the
543 * absolute offset to the start of the crypt_mnt_ftr on the passed in fd.
544 */
545static void upgrade_crypt_ftr(int fd, struct crypt_mnt_ftr *crypt_ftr, off64_t offset)
546{
Kenny Root7434b312013-06-14 11:29:53 -0700547 int orig_major = crypt_ftr->major_version;
548 int orig_minor = crypt_ftr->minor_version;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700549
Kenny Root7434b312013-06-14 11:29:53 -0700550 if ((crypt_ftr->major_version == 1) && (crypt_ftr->minor_version == 0)) {
551 struct crypt_persist_data *pdata;
552 off64_t pdata_offset = offset + CRYPT_FOOTER_TO_PERSIST_OFFSET;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700553
Kenny Rootc4c70f12013-06-14 12:11:38 -0700554 SLOGW("upgrading crypto footer to 1.1");
555
Kenny Root7434b312013-06-14 11:29:53 -0700556 pdata = malloc(CRYPT_PERSIST_DATA_SIZE);
557 if (pdata == NULL) {
558 SLOGE("Cannot allocate persisent data\n");
559 return;
560 }
561 memset(pdata, 0, CRYPT_PERSIST_DATA_SIZE);
562
563 /* Need to initialize the persistent data area */
564 if (lseek64(fd, pdata_offset, SEEK_SET) == -1) {
565 SLOGE("Cannot seek to persisent data offset\n");
Henrik Baard91064632015-02-05 15:09:17 +0100566 free(pdata);
Kenny Root7434b312013-06-14 11:29:53 -0700567 return;
568 }
569 /* Write all zeros to the first copy, making it invalid */
570 unix_write(fd, pdata, CRYPT_PERSIST_DATA_SIZE);
571
572 /* Write a valid but empty structure to the second copy */
573 init_empty_persist_data(pdata, CRYPT_PERSIST_DATA_SIZE);
574 unix_write(fd, pdata, CRYPT_PERSIST_DATA_SIZE);
575
576 /* Update the footer */
577 crypt_ftr->persist_data_size = CRYPT_PERSIST_DATA_SIZE;
578 crypt_ftr->persist_data_offset[0] = pdata_offset;
579 crypt_ftr->persist_data_offset[1] = pdata_offset + CRYPT_PERSIST_DATA_SIZE;
580 crypt_ftr->minor_version = 1;
Henrik Baard91064632015-02-05 15:09:17 +0100581 free(pdata);
Ken Sumrall160b4d62013-04-22 12:15:39 -0700582 }
583
Paul Lawrencef4faa572014-01-29 13:31:03 -0800584 if ((crypt_ftr->major_version == 1) && (crypt_ftr->minor_version == 1)) {
Kenny Rootc4c70f12013-06-14 12:11:38 -0700585 SLOGW("upgrading crypto footer to 1.2");
JP Abgrall7bdfa522013-11-15 13:42:56 -0800586 /* But keep the old kdf_type.
587 * It will get updated later to KDF_SCRYPT after the password has been verified.
588 */
Kenny Rootc4c70f12013-06-14 12:11:38 -0700589 crypt_ftr->kdf_type = KDF_PBKDF2;
590 get_device_scrypt_params(crypt_ftr);
591 crypt_ftr->minor_version = 2;
592 }
593
Paul Lawrencef4faa572014-01-29 13:31:03 -0800594 if ((crypt_ftr->major_version == 1) && (crypt_ftr->minor_version == 2)) {
595 SLOGW("upgrading crypto footer to 1.3");
596 crypt_ftr->crypt_type = CRYPT_TYPE_PASSWORD;
597 crypt_ftr->minor_version = 3;
598 }
599
Kenny Root7434b312013-06-14 11:29:53 -0700600 if ((orig_major != crypt_ftr->major_version) || (orig_minor != crypt_ftr->minor_version)) {
601 if (lseek64(fd, offset, SEEK_SET) == -1) {
602 SLOGE("Cannot seek to crypt footer\n");
603 return;
604 }
605 unix_write(fd, crypt_ftr, sizeof(struct crypt_mnt_ftr));
Ken Sumrall160b4d62013-04-22 12:15:39 -0700606 }
Ken Sumrall160b4d62013-04-22 12:15:39 -0700607}
608
609
610static int get_crypt_ftr_and_key(struct crypt_mnt_ftr *crypt_ftr)
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800611{
612 int fd;
Tim Murray8439dc92014-12-15 11:56:11 -0800613 unsigned int cnt;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700614 off64_t starting_off;
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800615 int rc = -1;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700616 char *fname = NULL;
Ken Sumrall29d8da82011-05-18 17:20:07 -0700617 struct stat statbuf;
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800618
Ken Sumrall160b4d62013-04-22 12:15:39 -0700619 if (get_crypt_ftr_info(&fname, &starting_off)) {
620 SLOGE("Unable to get crypt_ftr_info\n");
621 return -1;
622 }
623 if (fname[0] != '/') {
Ken Sumralle5032c42012-04-01 23:58:44 -0700624 SLOGE("Unexpected value for crypto key location\n");
Ken Sumrall160b4d62013-04-22 12:15:39 -0700625 return -1;
626 }
Jeff Sharkeyce6a9132015-04-08 21:07:21 -0700627 if ( (fd = open(fname, O_RDWR|O_CLOEXEC)) < 0) {
Ken Sumralle550f782013-08-20 13:48:23 -0700628 SLOGE("Cannot open footer file %s for get\n", fname);
Ken Sumrall160b4d62013-04-22 12:15:39 -0700629 return -1;
630 }
631
632 /* Make sure it's 16 Kbytes in length */
633 fstat(fd, &statbuf);
634 if (S_ISREG(statbuf.st_mode) && (statbuf.st_size != 0x4000)) {
635 SLOGE("footer file %s is not the expected size!\n", fname);
636 goto errout;
637 }
638
639 /* Seek to the start of the crypt footer */
640 if (lseek64(fd, starting_off, SEEK_SET) == -1) {
641 SLOGE("Cannot seek to real block device footer\n");
642 goto errout;
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800643 }
644
645 if ( (cnt = read(fd, crypt_ftr, sizeof(struct crypt_mnt_ftr))) != sizeof(struct crypt_mnt_ftr)) {
646 SLOGE("Cannot read real block device footer\n");
647 goto errout;
648 }
649
650 if (crypt_ftr->magic != CRYPT_MNT_MAGIC) {
Ken Sumrall29d8da82011-05-18 17:20:07 -0700651 SLOGE("Bad magic for real block device %s\n", fname);
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800652 goto errout;
653 }
654
Kenny Rootc96a5f82013-06-14 12:08:28 -0700655 if (crypt_ftr->major_version != CURRENT_MAJOR_VERSION) {
656 SLOGE("Cannot understand major version %d real block device footer; expected %d\n",
657 crypt_ftr->major_version, CURRENT_MAJOR_VERSION);
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800658 goto errout;
659 }
660
Kenny Rootc96a5f82013-06-14 12:08:28 -0700661 if (crypt_ftr->minor_version > CURRENT_MINOR_VERSION) {
662 SLOGW("Warning: crypto footer minor version %d, expected <= %d, continuing...\n",
663 crypt_ftr->minor_version, CURRENT_MINOR_VERSION);
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800664 }
665
Ken Sumrall160b4d62013-04-22 12:15:39 -0700666 /* If this is a verion 1.0 crypt_ftr, make it a 1.1 crypt footer, and update the
667 * copy on disk before returning.
668 */
Kenny Rootc96a5f82013-06-14 12:08:28 -0700669 if (crypt_ftr->minor_version < CURRENT_MINOR_VERSION) {
Ken Sumrall160b4d62013-04-22 12:15:39 -0700670 upgrade_crypt_ftr(fd, crypt_ftr, starting_off);
Ken Sumralle8744072011-01-18 22:01:55 -0800671 }
672
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800673 /* Success! */
674 rc = 0;
675
676errout:
677 close(fd);
678 return rc;
679}
680
Ken Sumrall160b4d62013-04-22 12:15:39 -0700681static int validate_persistent_data_storage(struct crypt_mnt_ftr *crypt_ftr)
682{
683 if (crypt_ftr->persist_data_offset[0] + crypt_ftr->persist_data_size >
684 crypt_ftr->persist_data_offset[1]) {
685 SLOGE("Crypt_ftr persist data regions overlap");
686 return -1;
687 }
688
689 if (crypt_ftr->persist_data_offset[0] >= crypt_ftr->persist_data_offset[1]) {
690 SLOGE("Crypt_ftr persist data region 0 starts after region 1");
691 return -1;
692 }
693
694 if (((crypt_ftr->persist_data_offset[1] + crypt_ftr->persist_data_size) -
695 (crypt_ftr->persist_data_offset[0] - CRYPT_FOOTER_TO_PERSIST_OFFSET)) >
696 CRYPT_FOOTER_OFFSET) {
697 SLOGE("Persistent data extends past crypto footer");
698 return -1;
699 }
700
701 return 0;
702}
703
704static int load_persistent_data(void)
705{
706 struct crypt_mnt_ftr crypt_ftr;
707 struct crypt_persist_data *pdata = NULL;
708 char encrypted_state[PROPERTY_VALUE_MAX];
709 char *fname;
710 int found = 0;
711 int fd;
712 int ret;
713 int i;
714
715 if (persist_data) {
716 /* Nothing to do, we've already loaded or initialized it */
717 return 0;
718 }
719
720
721 /* If not encrypted, just allocate an empty table and initialize it */
722 property_get("ro.crypto.state", encrypted_state, "");
723 if (strcmp(encrypted_state, "encrypted") ) {
724 pdata = malloc(CRYPT_PERSIST_DATA_SIZE);
725 if (pdata) {
726 init_empty_persist_data(pdata, CRYPT_PERSIST_DATA_SIZE);
727 persist_data = pdata;
728 return 0;
729 }
730 return -1;
731 }
732
733 if(get_crypt_ftr_and_key(&crypt_ftr)) {
734 return -1;
735 }
736
Paul Lawrence8561b5c2014-03-17 14:10:51 -0700737 if ((crypt_ftr.major_version < 1)
738 || (crypt_ftr.major_version == 1 && crypt_ftr.minor_version < 1)) {
Ken Sumrall160b4d62013-04-22 12:15:39 -0700739 SLOGE("Crypt_ftr version doesn't support persistent data");
740 return -1;
741 }
742
743 if (get_crypt_ftr_info(&fname, NULL)) {
744 return -1;
745 }
746
747 ret = validate_persistent_data_storage(&crypt_ftr);
748 if (ret) {
749 return -1;
750 }
751
Jeff Sharkeyce6a9132015-04-08 21:07:21 -0700752 fd = open(fname, O_RDONLY|O_CLOEXEC);
Ken Sumrall160b4d62013-04-22 12:15:39 -0700753 if (fd < 0) {
754 SLOGE("Cannot open %s metadata file", fname);
755 return -1;
756 }
757
758 if (persist_data == NULL) {
759 pdata = malloc(crypt_ftr.persist_data_size);
760 if (pdata == NULL) {
761 SLOGE("Cannot allocate memory for persistent data");
762 goto err;
763 }
764 }
765
766 for (i = 0; i < 2; i++) {
767 if (lseek64(fd, crypt_ftr.persist_data_offset[i], SEEK_SET) < 0) {
768 SLOGE("Cannot seek to read persistent data on %s", fname);
769 goto err2;
770 }
771 if (unix_read(fd, pdata, crypt_ftr.persist_data_size) < 0){
772 SLOGE("Error reading persistent data on iteration %d", i);
773 goto err2;
774 }
775 if (pdata->persist_magic == PERSIST_DATA_MAGIC) {
776 found = 1;
777 break;
778 }
779 }
780
781 if (!found) {
782 SLOGI("Could not find valid persistent data, creating");
783 init_empty_persist_data(pdata, crypt_ftr.persist_data_size);
784 }
785
786 /* Success */
787 persist_data = pdata;
788 close(fd);
789 return 0;
790
791err2:
792 free(pdata);
793
794err:
795 close(fd);
796 return -1;
797}
798
799static int save_persistent_data(void)
800{
801 struct crypt_mnt_ftr crypt_ftr;
802 struct crypt_persist_data *pdata;
803 char *fname;
804 off64_t write_offset;
805 off64_t erase_offset;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700806 int fd;
807 int ret;
808
809 if (persist_data == NULL) {
810 SLOGE("No persistent data to save");
811 return -1;
812 }
813
814 if(get_crypt_ftr_and_key(&crypt_ftr)) {
815 return -1;
816 }
817
Paul Lawrence8561b5c2014-03-17 14:10:51 -0700818 if ((crypt_ftr.major_version < 1)
819 || (crypt_ftr.major_version == 1 && crypt_ftr.minor_version < 1)) {
Ken Sumrall160b4d62013-04-22 12:15:39 -0700820 SLOGE("Crypt_ftr version doesn't support persistent data");
821 return -1;
822 }
823
824 ret = validate_persistent_data_storage(&crypt_ftr);
825 if (ret) {
826 return -1;
827 }
828
829 if (get_crypt_ftr_info(&fname, NULL)) {
830 return -1;
831 }
832
Jeff Sharkeyce6a9132015-04-08 21:07:21 -0700833 fd = open(fname, O_RDWR|O_CLOEXEC);
Ken Sumrall160b4d62013-04-22 12:15:39 -0700834 if (fd < 0) {
835 SLOGE("Cannot open %s metadata file", fname);
836 return -1;
837 }
838
839 pdata = malloc(crypt_ftr.persist_data_size);
840 if (pdata == NULL) {
841 SLOGE("Cannot allocate persistant data");
842 goto err;
843 }
844
845 if (lseek64(fd, crypt_ftr.persist_data_offset[0], SEEK_SET) < 0) {
846 SLOGE("Cannot seek to read persistent data on %s", fname);
847 goto err2;
848 }
849
850 if (unix_read(fd, pdata, crypt_ftr.persist_data_size) < 0) {
851 SLOGE("Error reading persistent data before save");
852 goto err2;
853 }
854
855 if (pdata->persist_magic == PERSIST_DATA_MAGIC) {
856 /* The first copy is the curent valid copy, so write to
857 * the second copy and erase this one */
858 write_offset = crypt_ftr.persist_data_offset[1];
859 erase_offset = crypt_ftr.persist_data_offset[0];
860 } else {
861 /* The second copy must be the valid copy, so write to
862 * the first copy, and erase the second */
863 write_offset = crypt_ftr.persist_data_offset[0];
864 erase_offset = crypt_ftr.persist_data_offset[1];
865 }
866
867 /* Write the new copy first, if successful, then erase the old copy */
Björn Landström96dbee72015-01-20 12:43:56 +0100868 if (lseek64(fd, write_offset, SEEK_SET) < 0) {
Ken Sumrall160b4d62013-04-22 12:15:39 -0700869 SLOGE("Cannot seek to write persistent data");
870 goto err2;
871 }
872 if (unix_write(fd, persist_data, crypt_ftr.persist_data_size) ==
873 (int) crypt_ftr.persist_data_size) {
Björn Landström96dbee72015-01-20 12:43:56 +0100874 if (lseek64(fd, erase_offset, SEEK_SET) < 0) {
Ken Sumrall160b4d62013-04-22 12:15:39 -0700875 SLOGE("Cannot seek to erase previous persistent data");
876 goto err2;
877 }
878 fsync(fd);
879 memset(pdata, 0, crypt_ftr.persist_data_size);
880 if (unix_write(fd, pdata, crypt_ftr.persist_data_size) !=
881 (int) crypt_ftr.persist_data_size) {
882 SLOGE("Cannot write to erase previous persistent data");
883 goto err2;
884 }
885 fsync(fd);
886 } else {
887 SLOGE("Cannot write to save persistent data");
888 goto err2;
889 }
890
891 /* Success */
892 free(pdata);
893 close(fd);
894 return 0;
895
896err2:
897 free(pdata);
898err:
899 close(fd);
900 return -1;
901}
902
Paul Lawrencef4faa572014-01-29 13:31:03 -0800903static int hexdigit (char c)
904{
905 if (c >= '0' && c <= '9') return c - '0';
906 c = tolower(c);
907 if (c >= 'a' && c <= 'f') return c - 'a' + 10;
908 return -1;
909}
910
911static unsigned char* convert_hex_ascii_to_key(const char* master_key_ascii,
912 unsigned int* out_keysize)
913{
914 unsigned int i;
915 *out_keysize = 0;
916
917 size_t size = strlen (master_key_ascii);
918 if (size % 2) {
919 SLOGE("Trying to convert ascii string of odd length");
920 return NULL;
921 }
922
923 unsigned char* master_key = (unsigned char*) malloc(size / 2);
924 if (master_key == 0) {
925 SLOGE("Cannot allocate");
926 return NULL;
927 }
928
929 for (i = 0; i < size; i += 2) {
930 int high_nibble = hexdigit (master_key_ascii[i]);
931 int low_nibble = hexdigit (master_key_ascii[i + 1]);
932
933 if(high_nibble < 0 || low_nibble < 0) {
934 SLOGE("Invalid hex string");
935 free (master_key);
936 return NULL;
937 }
938
939 master_key[*out_keysize] = high_nibble * 16 + low_nibble;
940 (*out_keysize)++;
941 }
942
943 return master_key;
944}
945
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800946/* Convert a binary key of specified length into an ascii hex string equivalent,
947 * without the leading 0x and with null termination
948 */
Jeff Sharkey9c484982015-03-31 10:35:33 -0700949static void convert_key_to_hex_ascii(const unsigned char *master_key,
950 unsigned int keysize, char *master_key_ascii) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800951 unsigned int i, a;
952 unsigned char nibble;
953
954 for (i=0, a=0; i<keysize; i++, a+=2) {
955 /* For each byte, write out two ascii hex digits */
956 nibble = (master_key[i] >> 4) & 0xf;
957 master_key_ascii[a] = nibble + (nibble > 9 ? 0x37 : 0x30);
958
959 nibble = master_key[i] & 0xf;
960 master_key_ascii[a+1] = nibble + (nibble > 9 ? 0x37 : 0x30);
961 }
962
963 /* Add the null termination */
964 master_key_ascii[a] = '\0';
965
966}
967
Jeff Sharkey9c484982015-03-31 10:35:33 -0700968static int load_crypto_mapping_table(struct crypt_mnt_ftr *crypt_ftr,
969 const unsigned char *master_key, const char *real_blk_name,
970 const char *name, int fd, const char *extra_params) {
Dan Albertc07fa3f2014-12-18 10:00:55 -0800971 _Alignas(struct dm_ioctl) char buffer[DM_CRYPT_BUF_SIZE];
Ken Sumralldb5e0262013-02-05 17:39:48 -0800972 struct dm_ioctl *io;
973 struct dm_target_spec *tgt;
974 char *crypt_params;
975 char master_key_ascii[129]; /* Large enough to hold 512 bit key and null */
976 int i;
977
978 io = (struct dm_ioctl *) buffer;
979
980 /* Load the mapping table for this device */
981 tgt = (struct dm_target_spec *) &buffer[sizeof(struct dm_ioctl)];
982
983 ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
984 io->target_count = 1;
985 tgt->status = 0;
986 tgt->sector_start = 0;
987 tgt->length = crypt_ftr->fs_size;
Ajay Dudani87701e22014-09-17 21:02:52 -0700988#ifdef CONFIG_HW_DISK_ENCRYPTION
Iliyan Malchevbb7d9af2014-11-20 18:42:23 -0800989 if (!strcmp((char *)crypt_ftr->crypto_type_name, "aes-xts")) {
990 strlcpy(tgt->target_type, "req-crypt", DM_MAX_TYPE_NAME);
991 }
992 else {
993 strlcpy(tgt->target_type, "crypt", DM_MAX_TYPE_NAME);
994 }
Ajay Dudani87701e22014-09-17 21:02:52 -0700995#else
996 strlcpy(tgt->target_type, "crypt", DM_MAX_TYPE_NAME);
997#endif
Ken Sumralldb5e0262013-02-05 17:39:48 -0800998
999 crypt_params = buffer + sizeof(struct dm_ioctl) + sizeof(struct dm_target_spec);
1000 convert_key_to_hex_ascii(master_key, crypt_ftr->keysize, master_key_ascii);
1001 sprintf(crypt_params, "%s %s 0 %s 0 %s", crypt_ftr->crypto_type_name,
1002 master_key_ascii, real_blk_name, extra_params);
1003 crypt_params += strlen(crypt_params) + 1;
1004 crypt_params = (char *) (((unsigned long)crypt_params + 7) & ~8); /* Align to an 8 byte boundary */
1005 tgt->next = crypt_params - buffer;
1006
1007 for (i = 0; i < TABLE_LOAD_RETRIES; i++) {
1008 if (! ioctl(fd, DM_TABLE_LOAD, io)) {
1009 break;
1010 }
1011 usleep(500000);
1012 }
1013
1014 if (i == TABLE_LOAD_RETRIES) {
1015 /* We failed to load the table, return an error */
1016 return -1;
1017 } else {
1018 return i + 1;
1019 }
1020}
1021
1022
1023static int get_dm_crypt_version(int fd, const char *name, int *version)
1024{
1025 char buffer[DM_CRYPT_BUF_SIZE];
1026 struct dm_ioctl *io;
1027 struct dm_target_versions *v;
Ken Sumralldb5e0262013-02-05 17:39:48 -08001028
1029 io = (struct dm_ioctl *) buffer;
1030
1031 ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
1032
1033 if (ioctl(fd, DM_LIST_VERSIONS, io)) {
1034 return -1;
1035 }
1036
1037 /* Iterate over the returned versions, looking for name of "crypt".
1038 * When found, get and return the version.
1039 */
1040 v = (struct dm_target_versions *) &buffer[sizeof(struct dm_ioctl)];
1041 while (v->next) {
Ajay Dudani87701e22014-09-17 21:02:52 -07001042#ifdef CONFIG_HW_DISK_ENCRYPTION
Iliyan Malchevbb7d9af2014-11-20 18:42:23 -08001043 if (! strcmp(v->name, "crypt") || ! strcmp(v->name, "req-crypt")) {
Ajay Dudani87701e22014-09-17 21:02:52 -07001044#else
Ken Sumralldb5e0262013-02-05 17:39:48 -08001045 if (! strcmp(v->name, "crypt")) {
Ajay Dudani87701e22014-09-17 21:02:52 -07001046#endif
Ken Sumralldb5e0262013-02-05 17:39:48 -08001047 /* We found the crypt driver, return the version, and get out */
1048 version[0] = v->version[0];
1049 version[1] = v->version[1];
1050 version[2] = v->version[2];
1051 return 0;
1052 }
1053 v = (struct dm_target_versions *)(((char *)v) + v->next);
1054 }
1055
1056 return -1;
1057}
1058
Jeff Sharkey9c484982015-03-31 10:35:33 -07001059static int create_crypto_blk_dev(struct crypt_mnt_ftr *crypt_ftr,
1060 const unsigned char *master_key, const char *real_blk_name,
1061 char *crypto_blk_name, const char *name) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001062 char buffer[DM_CRYPT_BUF_SIZE];
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001063 struct dm_ioctl *io;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001064 unsigned int minor;
Ajay Dudani87701e22014-09-17 21:02:52 -07001065 int fd=0;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001066 int retval = -1;
Ken Sumralldb5e0262013-02-05 17:39:48 -08001067 int version[3];
1068 char *extra_params;
1069 int load_count;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001070
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07001071 if ((fd = open("/dev/device-mapper", O_RDWR|O_CLOEXEC)) < 0 ) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001072 SLOGE("Cannot open device-mapper\n");
1073 goto errout;
1074 }
1075
1076 io = (struct dm_ioctl *) buffer;
1077
1078 ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
1079 if (ioctl(fd, DM_DEV_CREATE, io)) {
1080 SLOGE("Cannot create dm-crypt device\n");
1081 goto errout;
1082 }
1083
1084 /* Get the device status, in particular, the name of it's device file */
1085 ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
1086 if (ioctl(fd, DM_DEV_STATUS, io)) {
1087 SLOGE("Cannot retrieve dm-crypt device status\n");
1088 goto errout;
1089 }
1090 minor = (io->dev & 0xff) | ((io->dev >> 12) & 0xfff00);
1091 snprintf(crypto_blk_name, MAXPATHLEN, "/dev/block/dm-%u", minor);
1092
Ken Sumralldb5e0262013-02-05 17:39:48 -08001093 extra_params = "";
1094 if (! get_dm_crypt_version(fd, name, version)) {
1095 /* Support for allow_discards was added in version 1.11.0 */
1096 if ((version[0] >= 2) ||
1097 ((version[0] == 1) && (version[1] >= 11))) {
1098 extra_params = "1 allow_discards";
1099 SLOGI("Enabling support for allow_discards in dmcrypt.\n");
1100 }
Ken Sumralle919efe2012-09-29 17:07:41 -07001101 }
1102
Ken Sumralldb5e0262013-02-05 17:39:48 -08001103 load_count = load_crypto_mapping_table(crypt_ftr, master_key, real_blk_name, name,
1104 fd, extra_params);
1105 if (load_count < 0) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001106 SLOGE("Cannot load dm-crypt mapping table.\n");
1107 goto errout;
Ken Sumralldb5e0262013-02-05 17:39:48 -08001108 } else if (load_count > 1) {
1109 SLOGI("Took %d tries to load dmcrypt table.\n", load_count);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001110 }
1111
1112 /* Resume this device to activate it */
Ken Sumralldb5e0262013-02-05 17:39:48 -08001113 ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001114
1115 if (ioctl(fd, DM_DEV_SUSPEND, io)) {
1116 SLOGE("Cannot resume the dm-crypt device\n");
1117 goto errout;
1118 }
1119
1120 /* We made it here with no errors. Woot! */
1121 retval = 0;
1122
1123errout:
1124 close(fd); /* If fd is <0 from a failed open call, it's safe to just ignore the close error */
1125
1126 return retval;
1127}
1128
Ken Sumrall29d8da82011-05-18 17:20:07 -07001129static int delete_crypto_blk_dev(char *name)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001130{
1131 int fd;
1132 char buffer[DM_CRYPT_BUF_SIZE];
1133 struct dm_ioctl *io;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001134 int retval = -1;
1135
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07001136 if ((fd = open("/dev/device-mapper", O_RDWR|O_CLOEXEC)) < 0 ) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001137 SLOGE("Cannot open device-mapper\n");
1138 goto errout;
1139 }
1140
1141 io = (struct dm_ioctl *) buffer;
1142
1143 ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
1144 if (ioctl(fd, DM_DEV_REMOVE, io)) {
1145 SLOGE("Cannot remove dm-crypt device\n");
1146 goto errout;
1147 }
1148
1149 /* We made it here with no errors. Woot! */
1150 retval = 0;
1151
1152errout:
1153 close(fd); /* If fd is <0 from a failed open call, it's safe to just ignore the close error */
1154
1155 return retval;
1156
1157}
1158
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001159static int pbkdf2(const char *passwd, const unsigned char *salt,
Paul Lawrencef4faa572014-01-29 13:31:03 -08001160 unsigned char *ikey, void *params UNUSED)
1161{
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001162 SLOGI("Using pbkdf2 for cryptfs KDF");
1163
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001164 /* Turn the password into a key and IV that can decrypt the master key */
Paul Lawrencef4faa572014-01-29 13:31:03 -08001165 unsigned int keysize;
1166 char* master_key = (char*)convert_hex_ascii_to_key(passwd, &keysize);
1167 if (!master_key) return -1;
1168 PKCS5_PBKDF2_HMAC_SHA1(master_key, keysize, salt, SALT_LEN,
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001169 HASH_COUNT, KEY_LEN_BYTES+IV_LEN_BYTES, ikey);
Paul Lawrencef4faa572014-01-29 13:31:03 -08001170
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001171 memset(master_key, 0, keysize);
Paul Lawrencef4faa572014-01-29 13:31:03 -08001172 free (master_key);
1173 return 0;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001174}
1175
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001176static int scrypt(const char *passwd, const unsigned char *salt,
Paul Lawrencef4faa572014-01-29 13:31:03 -08001177 unsigned char *ikey, void *params)
1178{
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001179 SLOGI("Using scrypt for cryptfs KDF");
1180
Kenny Rootc4c70f12013-06-14 12:11:38 -07001181 struct crypt_mnt_ftr *ftr = (struct crypt_mnt_ftr *) params;
1182
1183 int N = 1 << ftr->N_factor;
1184 int r = 1 << ftr->r_factor;
1185 int p = 1 << ftr->p_factor;
1186
1187 /* Turn the password into a key and IV that can decrypt the master key */
Paul Lawrencef4faa572014-01-29 13:31:03 -08001188 unsigned int keysize;
1189 unsigned char* master_key = convert_hex_ascii_to_key(passwd, &keysize);
1190 if (!master_key) return -1;
1191 crypto_scrypt(master_key, keysize, salt, SALT_LEN, N, r, p, ikey,
Kenny Rootc4c70f12013-06-14 12:11:38 -07001192 KEY_LEN_BYTES + IV_LEN_BYTES);
Paul Lawrencef4faa572014-01-29 13:31:03 -08001193
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001194 memset(master_key, 0, keysize);
Paul Lawrencef4faa572014-01-29 13:31:03 -08001195 free (master_key);
1196 return 0;
Kenny Rootc4c70f12013-06-14 12:11:38 -07001197}
1198
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001199static int scrypt_keymaster(const char *passwd, const unsigned char *salt,
1200 unsigned char *ikey, void *params)
1201{
1202 SLOGI("Using scrypt with keymaster for cryptfs KDF");
1203
1204 int rc;
1205 unsigned int key_size;
1206 size_t signature_size;
1207 unsigned char* signature;
1208 struct crypt_mnt_ftr *ftr = (struct crypt_mnt_ftr *) params;
1209
1210 int N = 1 << ftr->N_factor;
1211 int r = 1 << ftr->r_factor;
1212 int p = 1 << ftr->p_factor;
1213
1214 unsigned char* master_key = convert_hex_ascii_to_key(passwd, &key_size);
1215 if (!master_key) {
1216 SLOGE("Failed to convert passwd from hex");
1217 return -1;
1218 }
1219
1220 rc = crypto_scrypt(master_key, key_size, salt, SALT_LEN,
1221 N, r, p, ikey, KEY_LEN_BYTES + IV_LEN_BYTES);
1222 memset(master_key, 0, key_size);
1223 free(master_key);
1224
1225 if (rc) {
1226 SLOGE("scrypt failed");
1227 return -1;
1228 }
1229
Shawn Willdene17a9c42014-09-08 13:04:08 -06001230 if (keymaster_sign_object(ftr, ikey, KEY_LEN_BYTES + IV_LEN_BYTES,
1231 &signature, &signature_size)) {
1232 SLOGE("Signing failed");
1233 return -1;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001234 }
1235
1236 rc = crypto_scrypt(signature, signature_size, salt, SALT_LEN,
1237 N, r, p, ikey, KEY_LEN_BYTES + IV_LEN_BYTES);
1238 free(signature);
1239
1240 if (rc) {
1241 SLOGE("scrypt failed");
1242 return -1;
1243 }
1244
1245 return 0;
1246}
1247
1248static int encrypt_master_key(const char *passwd, const unsigned char *salt,
1249 const unsigned char *decrypted_master_key,
Kenny Rootc4c70f12013-06-14 12:11:38 -07001250 unsigned char *encrypted_master_key,
1251 struct crypt_mnt_ftr *crypt_ftr)
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001252{
1253 unsigned char ikey[32+32] = { 0 }; /* Big enough to hold a 256 bit key and 256 bit IV */
1254 EVP_CIPHER_CTX e_ctx;
1255 int encrypted_len, final_len;
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001256 int rc = 0;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001257
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001258 /* Turn the password into an intermediate key and IV that can decrypt the master key */
Kenny Rootc4c70f12013-06-14 12:11:38 -07001259 get_device_scrypt_params(crypt_ftr);
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001260
1261 switch (crypt_ftr->kdf_type) {
1262 case KDF_SCRYPT_KEYMASTER:
1263 if (keymaster_create_key(crypt_ftr)) {
1264 SLOGE("keymaster_create_key failed");
1265 return -1;
1266 }
1267
1268 if (scrypt_keymaster(passwd, salt, ikey, crypt_ftr)) {
1269 SLOGE("scrypt failed");
1270 return -1;
1271 }
1272 break;
1273
1274 case KDF_SCRYPT:
1275 if (scrypt(passwd, salt, ikey, crypt_ftr)) {
1276 SLOGE("scrypt failed");
1277 return -1;
1278 }
1279 break;
1280
1281 default:
1282 SLOGE("Invalid kdf_type");
Paul Lawrencef4faa572014-01-29 13:31:03 -08001283 return -1;
1284 }
Kenny Rootc4c70f12013-06-14 12:11:38 -07001285
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001286 /* Initialize the decryption engine */
Adam Langley889c4f12014-09-03 14:23:13 -07001287 EVP_CIPHER_CTX_init(&e_ctx);
1288 if (! EVP_EncryptInit_ex(&e_ctx, EVP_aes_128_cbc(), NULL, ikey, ikey+KEY_LEN_BYTES)) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001289 SLOGE("EVP_EncryptInit failed\n");
1290 return -1;
1291 }
1292 EVP_CIPHER_CTX_set_padding(&e_ctx, 0); /* Turn off padding as our data is block aligned */
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001293
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001294 /* Encrypt the master key */
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001295 if (! EVP_EncryptUpdate(&e_ctx, encrypted_master_key, &encrypted_len,
Paul Lawrence707fd6c2015-04-28 22:14:15 +00001296 decrypted_master_key, KEY_LEN_BYTES)) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001297 SLOGE("EVP_EncryptUpdate failed\n");
1298 return -1;
1299 }
Adam Langley889c4f12014-09-03 14:23:13 -07001300 if (! EVP_EncryptFinal_ex(&e_ctx, encrypted_master_key + encrypted_len, &final_len)) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001301 SLOGE("EVP_EncryptFinal failed\n");
1302 return -1;
1303 }
1304
1305 if (encrypted_len + final_len != KEY_LEN_BYTES) {
1306 SLOGE("EVP_Encryption length check failed with %d, %d bytes\n", encrypted_len, final_len);
1307 return -1;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001308 }
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001309
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001310 /* Store the scrypt of the intermediate key, so we can validate if it's a
1311 password error or mount error when things go wrong.
1312 Note there's no need to check for errors, since if this is incorrect, we
1313 simply won't wipe userdata, which is the correct default behavior
1314 */
1315 int N = 1 << crypt_ftr->N_factor;
1316 int r = 1 << crypt_ftr->r_factor;
1317 int p = 1 << crypt_ftr->p_factor;
1318
1319 rc = crypto_scrypt(ikey, KEY_LEN_BYTES,
1320 crypt_ftr->salt, sizeof(crypt_ftr->salt), N, r, p,
1321 crypt_ftr->scrypted_intermediate_key,
1322 sizeof(crypt_ftr->scrypted_intermediate_key));
1323
1324 if (rc) {
1325 SLOGE("encrypt_master_key: crypto_scrypt failed");
1326 }
1327
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001328 return 0;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001329}
1330
Paul Lawrence707fd6c2015-04-28 22:14:15 +00001331static int decrypt_master_key_aux(const char *passwd, unsigned char *salt,
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001332 unsigned char *encrypted_master_key,
1333 unsigned char *decrypted_master_key,
1334 kdf_func kdf, void *kdf_params,
1335 unsigned char** intermediate_key,
1336 size_t* intermediate_key_size)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001337{
1338 unsigned char ikey[32+32] = { 0 }; /* Big enough to hold a 256 bit key and 256 bit IV */
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001339 EVP_CIPHER_CTX d_ctx;
1340 int decrypted_len, final_len;
1341
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001342 /* Turn the password into an intermediate key and IV that can decrypt the
1343 master key */
Paul Lawrencef4faa572014-01-29 13:31:03 -08001344 if (kdf(passwd, salt, ikey, kdf_params)) {
1345 SLOGE("kdf failed");
1346 return -1;
1347 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001348
1349 /* Initialize the decryption engine */
Adam Langley889c4f12014-09-03 14:23:13 -07001350 EVP_CIPHER_CTX_init(&d_ctx);
1351 if (! EVP_DecryptInit_ex(&d_ctx, EVP_aes_128_cbc(), NULL, ikey, ikey+KEY_LEN_BYTES)) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001352 return -1;
1353 }
1354 EVP_CIPHER_CTX_set_padding(&d_ctx, 0); /* Turn off padding as our data is block aligned */
1355 /* Decrypt the master key */
1356 if (! EVP_DecryptUpdate(&d_ctx, decrypted_master_key, &decrypted_len,
1357 encrypted_master_key, KEY_LEN_BYTES)) {
1358 return -1;
1359 }
Adam Langley889c4f12014-09-03 14:23:13 -07001360 if (! EVP_DecryptFinal_ex(&d_ctx, decrypted_master_key + decrypted_len, &final_len)) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001361 return -1;
1362 }
1363
1364 if (decrypted_len + final_len != KEY_LEN_BYTES) {
1365 return -1;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001366 }
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001367
1368 /* Copy intermediate key if needed by params */
1369 if (intermediate_key && intermediate_key_size) {
1370 *intermediate_key = (unsigned char*) malloc(KEY_LEN_BYTES);
1371 if (intermediate_key) {
1372 memcpy(*intermediate_key, ikey, KEY_LEN_BYTES);
1373 *intermediate_key_size = KEY_LEN_BYTES;
1374 }
1375 }
1376
1377 return 0;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001378}
1379
Kenny Rootc4c70f12013-06-14 12:11:38 -07001380static void get_kdf_func(struct crypt_mnt_ftr *ftr, kdf_func *kdf, void** kdf_params)
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001381{
Paul Lawrencedb3730c2015-02-03 13:08:10 -08001382 if (ftr->kdf_type == KDF_SCRYPT_KEYMASTER) {
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001383 *kdf = scrypt_keymaster;
1384 *kdf_params = ftr;
1385 } else if (ftr->kdf_type == KDF_SCRYPT) {
Kenny Rootc4c70f12013-06-14 12:11:38 -07001386 *kdf = scrypt;
1387 *kdf_params = ftr;
1388 } else {
1389 *kdf = pbkdf2;
1390 *kdf_params = NULL;
1391 }
1392}
1393
Paul Lawrence707fd6c2015-04-28 22:14:15 +00001394static int decrypt_master_key(const char *passwd, unsigned char *decrypted_master_key,
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001395 struct crypt_mnt_ftr *crypt_ftr,
1396 unsigned char** intermediate_key,
1397 size_t* intermediate_key_size)
Kenny Rootc4c70f12013-06-14 12:11:38 -07001398{
1399 kdf_func kdf;
1400 void *kdf_params;
1401 int ret;
1402
1403 get_kdf_func(crypt_ftr, &kdf, &kdf_params);
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001404 ret = decrypt_master_key_aux(passwd, crypt_ftr->salt, crypt_ftr->master_key,
1405 decrypted_master_key, kdf, kdf_params,
1406 intermediate_key, intermediate_key_size);
Kenny Rootc4c70f12013-06-14 12:11:38 -07001407 if (ret != 0) {
1408 SLOGW("failure decrypting master key");
Kenny Rootc4c70f12013-06-14 12:11:38 -07001409 }
1410
1411 return ret;
1412}
1413
1414static int create_encrypted_random_key(char *passwd, unsigned char *master_key, unsigned char *salt,
1415 struct crypt_mnt_ftr *crypt_ftr) {
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001416 int fd;
Ken Sumralle8744072011-01-18 22:01:55 -08001417 unsigned char key_buf[KEY_LEN_BYTES];
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001418
1419 /* Get some random bits for a key */
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07001420 fd = open("/dev/urandom", O_RDONLY|O_CLOEXEC);
Ken Sumralle8744072011-01-18 22:01:55 -08001421 read(fd, key_buf, sizeof(key_buf));
1422 read(fd, salt, SALT_LEN);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001423 close(fd);
1424
1425 /* Now encrypt it with the password */
Kenny Rootc4c70f12013-06-14 12:11:38 -07001426 return encrypt_master_key(passwd, salt, key_buf, master_key, crypt_ftr);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001427}
1428
Paul Lawrence29b54aa2015-05-05 14:28:25 -07001429int wait_and_unmount(const char *mountpoint, bool kill)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001430{
Greg Hackmann955653e2014-09-24 14:55:20 -07001431 int i, err, rc;
Ken Sumrall2eaf7132011-01-14 12:45:48 -08001432#define WAIT_UNMOUNT_COUNT 20
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001433
1434 /* Now umount the tmpfs filesystem */
1435 for (i=0; i<WAIT_UNMOUNT_COUNT; i++) {
Greg Hackmann6e8440f2014-10-02 17:18:20 -07001436 if (umount(mountpoint) == 0) {
1437 break;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001438 }
Greg Hackmann6e8440f2014-10-02 17:18:20 -07001439
1440 if (errno == EINVAL) {
1441 /* EINVAL is returned if the directory is not a mountpoint,
1442 * i.e. there is no filesystem mounted there. So just get out.
1443 */
1444 break;
1445 }
1446
1447 err = errno;
1448
1449 /* If allowed, be increasingly aggressive before the last two retries */
1450 if (kill) {
1451 if (i == (WAIT_UNMOUNT_COUNT - 3)) {
1452 SLOGW("sending SIGHUP to processes with open files\n");
Jeff Sharkey36801cc2015-03-13 16:09:20 -07001453 vold_killProcessesWithOpenFiles(mountpoint, SIGTERM);
Greg Hackmann6e8440f2014-10-02 17:18:20 -07001454 } else if (i == (WAIT_UNMOUNT_COUNT - 2)) {
1455 SLOGW("sending SIGKILL to processes with open files\n");
Jeff Sharkey36801cc2015-03-13 16:09:20 -07001456 vold_killProcessesWithOpenFiles(mountpoint, SIGKILL);
Greg Hackmann6e8440f2014-10-02 17:18:20 -07001457 }
1458 }
1459
1460 sleep(1);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001461 }
1462
1463 if (i < WAIT_UNMOUNT_COUNT) {
1464 SLOGD("unmounting %s succeeded\n", mountpoint);
1465 rc = 0;
1466 } else {
jessica_yu3f14fe42014-09-22 15:57:40 +08001467 vold_killProcessesWithOpenFiles(mountpoint, 0);
Greg Hackmann955653e2014-09-24 14:55:20 -07001468 SLOGE("unmounting %s failed: %s\n", mountpoint, strerror(err));
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001469 rc = -1;
1470 }
1471
1472 return rc;
1473}
1474
Ken Sumrallc5872692013-05-14 15:26:31 -07001475#define DATA_PREP_TIMEOUT 200
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001476static int prep_data_fs(void)
1477{
1478 int i;
1479
1480 /* Do the prep of the /data filesystem */
1481 property_set("vold.post_fs_data_done", "0");
1482 property_set("vold.decrypt", "trigger_post_fs_data");
1483 SLOGD("Just triggered post_fs_data\n");
1484
Ken Sumrallc5872692013-05-14 15:26:31 -07001485 /* Wait a max of 50 seconds, hopefully it takes much less */
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001486 for (i=0; i<DATA_PREP_TIMEOUT; i++) {
Ken Sumrall29d8da82011-05-18 17:20:07 -07001487 char p[PROPERTY_VALUE_MAX];
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001488
1489 property_get("vold.post_fs_data_done", p, "0");
1490 if (*p == '1') {
1491 break;
1492 } else {
1493 usleep(250000);
1494 }
1495 }
1496 if (i == DATA_PREP_TIMEOUT) {
1497 /* Ugh, we failed to prep /data in time. Bail. */
Ken Sumrallc5872692013-05-14 15:26:31 -07001498 SLOGE("post_fs_data timed out!\n");
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001499 return -1;
1500 } else {
1501 SLOGD("post_fs_data done\n");
1502 return 0;
1503 }
1504}
1505
Paul Lawrence74f29f12014-08-28 15:54:10 -07001506static void cryptfs_set_corrupt()
1507{
1508 // Mark the footer as bad
1509 struct crypt_mnt_ftr crypt_ftr;
1510 if (get_crypt_ftr_and_key(&crypt_ftr)) {
1511 SLOGE("Failed to get crypto footer - panic");
1512 return;
1513 }
1514
1515 crypt_ftr.flags |= CRYPT_DATA_CORRUPT;
1516 if (put_crypt_ftr_and_key(&crypt_ftr)) {
1517 SLOGE("Failed to set crypto footer - panic");
1518 return;
1519 }
1520}
1521
1522static void cryptfs_trigger_restart_min_framework()
1523{
1524 if (fs_mgr_do_tmpfs_mount(DATA_MNT_POINT)) {
1525 SLOGE("Failed to mount tmpfs on data - panic");
1526 return;
1527 }
1528
1529 if (property_set("vold.decrypt", "trigger_post_fs_data")) {
1530 SLOGE("Failed to trigger post fs data - panic");
1531 return;
1532 }
1533
1534 if (property_set("vold.decrypt", "trigger_restart_min_framework")) {
1535 SLOGE("Failed to trigger restart min framework - panic");
1536 return;
1537 }
1538}
1539
Paul Lawrence8e3f4512014-09-08 10:11:17 -07001540/* returns < 0 on failure */
Paul Lawrencef4faa572014-01-29 13:31:03 -08001541static int cryptfs_restart_internal(int restart_main)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001542{
Ken Sumrall6864b7e2011-01-14 15:20:02 -08001543 char crypto_blkdev[MAXPATHLEN];
Tim Murray8439dc92014-12-15 11:56:11 -08001544 int rc = -1;
Ken Sumrall0cc16632011-01-18 20:32:26 -08001545 static int restart_successful = 0;
1546
1547 /* Validate that it's OK to call this routine */
Jason parks70a4b3f2011-01-28 10:10:47 -06001548 if (! master_key_saved) {
Ken Sumrall0cc16632011-01-18 20:32:26 -08001549 SLOGE("Encrypted filesystem not validated, aborting");
1550 return -1;
1551 }
1552
1553 if (restart_successful) {
1554 SLOGE("System already restarted with encrypted disk, aborting");
1555 return -1;
1556 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001557
Paul Lawrencef4faa572014-01-29 13:31:03 -08001558 if (restart_main) {
1559 /* Here is where we shut down the framework. The init scripts
1560 * start all services in one of three classes: core, main or late_start.
1561 * On boot, we start core and main. Now, we stop main, but not core,
1562 * as core includes vold and a few other really important things that
1563 * we need to keep running. Once main has stopped, we should be able
1564 * to umount the tmpfs /data, then mount the encrypted /data.
1565 * We then restart the class main, and also the class late_start.
1566 * At the moment, I've only put a few things in late_start that I know
1567 * are not needed to bring up the framework, and that also cause problems
1568 * with unmounting the tmpfs /data, but I hope to add add more services
1569 * to the late_start class as we optimize this to decrease the delay
1570 * till the user is asked for the password to the filesystem.
1571 */
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001572
Paul Lawrencef4faa572014-01-29 13:31:03 -08001573 /* The init files are setup to stop the class main when vold.decrypt is
1574 * set to trigger_reset_main.
1575 */
1576 property_set("vold.decrypt", "trigger_reset_main");
1577 SLOGD("Just asked init to shut down class main\n");
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001578
Paul Lawrencef4faa572014-01-29 13:31:03 -08001579 /* Ugh, shutting down the framework is not synchronous, so until it
1580 * can be fixed, this horrible hack will wait a moment for it all to
1581 * shut down before proceeding. Without it, some devices cannot
1582 * restart the graphics services.
1583 */
1584 sleep(2);
1585 }
Ken Sumrall9dedfd42012-10-09 14:16:59 -07001586
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001587 /* Now that the framework is shutdown, we should be able to umount()
1588 * the tmpfs filesystem, and mount the real one.
1589 */
1590
Ken Sumrall6864b7e2011-01-14 15:20:02 -08001591 property_get("ro.crypto.fs_crypto_blkdev", crypto_blkdev, "");
1592 if (strlen(crypto_blkdev) == 0) {
1593 SLOGE("fs_crypto_blkdev not set\n");
1594 return -1;
1595 }
1596
Greg Hackmann6e8440f2014-10-02 17:18:20 -07001597 if (! (rc = wait_and_unmount(DATA_MNT_POINT, true)) ) {
Doug Zongker6fd57712013-12-17 09:43:23 -08001598 /* If ro.crypto.readonly is set to 1, mount the decrypted
1599 * filesystem readonly. This is used when /data is mounted by
1600 * recovery mode.
1601 */
1602 char ro_prop[PROPERTY_VALUE_MAX];
1603 property_get("ro.crypto.readonly", ro_prop, "");
1604 if (strlen(ro_prop) > 0 && atoi(ro_prop)) {
1605 struct fstab_rec* rec = fs_mgr_get_entry_for_mount_point(fstab, DATA_MNT_POINT);
1606 rec->flags |= MS_RDONLY;
1607 }
JP Abgrall62c7af32014-06-16 13:01:23 -07001608
Ken Sumralle5032c42012-04-01 23:58:44 -07001609 /* If that succeeded, then mount the decrypted filesystem */
Paul Lawrence8e3f4512014-09-08 10:11:17 -07001610 int retries = RETRY_MOUNT_ATTEMPTS;
1611 int mount_rc;
1612 while ((mount_rc = fs_mgr_do_mount(fstab, DATA_MNT_POINT,
1613 crypto_blkdev, 0))
1614 != 0) {
1615 if (mount_rc == FS_MGR_DOMNT_BUSY) {
1616 /* TODO: invoke something similar to
1617 Process::killProcessWithOpenFiles(DATA_MNT_POINT,
1618 retries > RETRY_MOUNT_ATTEMPT/2 ? 1 : 2 ) */
1619 SLOGI("Failed to mount %s because it is busy - waiting",
1620 crypto_blkdev);
1621 if (--retries) {
1622 sleep(RETRY_MOUNT_DELAY_SECONDS);
1623 } else {
1624 /* Let's hope that a reboot clears away whatever is keeping
1625 the mount busy */
1626 cryptfs_reboot(reboot);
1627 }
1628 } else {
1629 SLOGE("Failed to mount decrypted data");
1630 cryptfs_set_corrupt();
1631 cryptfs_trigger_restart_min_framework();
1632 SLOGI("Started framework to offer wipe");
1633 return -1;
1634 }
Paul Lawrence74f29f12014-08-28 15:54:10 -07001635 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001636
Ken Sumralle5032c42012-04-01 23:58:44 -07001637 property_set("vold.decrypt", "trigger_load_persist_props");
1638 /* Create necessary paths on /data */
1639 if (prep_data_fs()) {
1640 return -1;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001641 }
Ken Sumralle5032c42012-04-01 23:58:44 -07001642
1643 /* startup service classes main and late_start */
1644 property_set("vold.decrypt", "trigger_restart_framework");
1645 SLOGD("Just triggered restart_framework\n");
1646
1647 /* Give it a few moments to get started */
1648 sleep(1);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001649 }
1650
Ken Sumrall0cc16632011-01-18 20:32:26 -08001651 if (rc == 0) {
1652 restart_successful = 1;
1653 }
1654
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001655 return rc;
1656}
1657
Paul Lawrencef4faa572014-01-29 13:31:03 -08001658int cryptfs_restart(void)
1659{
Paul Lawrence05335c32015-03-05 09:46:23 -08001660 SLOGI("cryptfs_restart");
1661 if (e4crypt_crypto_complete(DATA_MNT_POINT) == 0) {
1662 struct fstab_rec* rec;
1663 int rc;
1664
1665 if (e4crypt_restart(DATA_MNT_POINT)) {
1666 SLOGE("Can't unmount e4crypt temp volume\n");
1667 return -1;
1668 }
1669
1670 rec = fs_mgr_get_entry_for_mount_point(fstab, DATA_MNT_POINT);
1671 if (!rec) {
1672 SLOGE("Can't get fstab record for %s\n", DATA_MNT_POINT);
1673 return -1;
1674 }
1675
1676 rc = fs_mgr_do_mount(fstab, DATA_MNT_POINT, rec->blk_device, 0);
1677 if (rc) {
1678 SLOGE("Can't mount %s\n", DATA_MNT_POINT);
1679 return rc;
1680 }
1681
1682 property_set("vold.decrypt", "trigger_restart_framework");
1683 return 0;
1684 }
1685
Paul Lawrencef4faa572014-01-29 13:31:03 -08001686 /* Call internal implementation forcing a restart of main service group */
1687 return cryptfs_restart_internal(1);
1688}
1689
Paul Lawrence05335c32015-03-05 09:46:23 -08001690static int do_crypto_complete(char *mount_point)
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08001691{
1692 struct crypt_mnt_ftr crypt_ftr;
Ken Sumrall29d8da82011-05-18 17:20:07 -07001693 char encrypted_state[PROPERTY_VALUE_MAX];
Ken Sumralle1a45852011-12-14 21:24:27 -08001694 char key_loc[PROPERTY_VALUE_MAX];
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08001695
1696 property_get("ro.crypto.state", encrypted_state, "");
1697 if (strcmp(encrypted_state, "encrypted") ) {
1698 SLOGE("not running with encryption, aborting");
Paul Lawrence74f29f12014-08-28 15:54:10 -07001699 return CRYPTO_COMPLETE_NOT_ENCRYPTED;
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08001700 }
1701
Paul Lawrence05335c32015-03-05 09:46:23 -08001702 if (e4crypt_crypto_complete(mount_point) == 0) {
1703 return CRYPTO_COMPLETE_ENCRYPTED;
1704 }
1705
Ken Sumrall160b4d62013-04-22 12:15:39 -07001706 if (get_crypt_ftr_and_key(&crypt_ftr)) {
Ken Sumrall56ad03c2013-02-13 13:00:19 -08001707 fs_mgr_get_crypt_info(fstab, key_loc, 0, sizeof(key_loc));
Ken Sumralle5032c42012-04-01 23:58:44 -07001708
Ken Sumralle1a45852011-12-14 21:24:27 -08001709 /*
1710 * Only report this error if key_loc is a file and it exists.
1711 * If the device was never encrypted, and /data is not mountable for
1712 * some reason, returning 1 should prevent the UI from presenting the
1713 * a "enter password" screen, or worse, a "press button to wipe the
1714 * device" screen.
1715 */
1716 if ((key_loc[0] == '/') && (access("key_loc", F_OK) == -1)) {
1717 SLOGE("master key file does not exist, aborting");
Paul Lawrence74f29f12014-08-28 15:54:10 -07001718 return CRYPTO_COMPLETE_NOT_ENCRYPTED;
Ken Sumralle1a45852011-12-14 21:24:27 -08001719 } else {
1720 SLOGE("Error getting crypt footer and key\n");
Paul Lawrence74f29f12014-08-28 15:54:10 -07001721 return CRYPTO_COMPLETE_BAD_METADATA;
Ken Sumralle1a45852011-12-14 21:24:27 -08001722 }
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08001723 }
1724
Paul Lawrence74f29f12014-08-28 15:54:10 -07001725 // Test for possible error flags
1726 if (crypt_ftr.flags & CRYPT_ENCRYPTION_IN_PROGRESS){
1727 SLOGE("Encryption process is partway completed\n");
1728 return CRYPTO_COMPLETE_PARTIAL;
1729 }
1730
1731 if (crypt_ftr.flags & CRYPT_INCONSISTENT_STATE){
1732 SLOGE("Encryption process was interrupted but cannot continue\n");
1733 return CRYPTO_COMPLETE_INCONSISTENT;
1734 }
1735
1736 if (crypt_ftr.flags & CRYPT_DATA_CORRUPT){
1737 SLOGE("Encryption is successful but data is corrupt\n");
1738 return CRYPTO_COMPLETE_CORRUPT;
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08001739 }
1740
1741 /* We passed the test! We shall diminish, and return to the west */
Paul Lawrence74f29f12014-08-28 15:54:10 -07001742 return CRYPTO_COMPLETE_ENCRYPTED;
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08001743}
1744
Paul Lawrencef4faa572014-01-29 13:31:03 -08001745static int test_mount_encrypted_fs(struct crypt_mnt_ftr* crypt_ftr,
1746 char *passwd, char *mount_point, char *label)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001747{
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001748 /* Allocate enough space for a 256 bit key, but we may use less */
Ken Sumrall160b4d62013-04-22 12:15:39 -07001749 unsigned char decrypted_master_key[32];
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001750 char crypto_blkdev[MAXPATHLEN];
1751 char real_blkdev[MAXPATHLEN];
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001752 char tmp_mount_point[64];
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001753 unsigned int orig_failed_decrypt_count;
1754 int rc;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001755 int use_keymaster = 0;
1756 int upgrade = 0;
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001757 unsigned char* intermediate_key = 0;
1758 size_t intermediate_key_size = 0;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001759
Paul Lawrencef4faa572014-01-29 13:31:03 -08001760 SLOGD("crypt_ftr->fs_size = %lld\n", crypt_ftr->fs_size);
1761 orig_failed_decrypt_count = crypt_ftr->failed_decrypt_count;
Ken Sumrall0cc16632011-01-18 20:32:26 -08001762
Paul Lawrencef4faa572014-01-29 13:31:03 -08001763 if (! (crypt_ftr->flags & CRYPT_MNT_KEY_UNENCRYPTED) ) {
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001764 if (decrypt_master_key(passwd, decrypted_master_key, crypt_ftr,
1765 &intermediate_key, &intermediate_key_size)) {
JP Abgrall7bdfa522013-11-15 13:42:56 -08001766 SLOGE("Failed to decrypt master key\n");
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001767 rc = -1;
1768 goto errout;
JP Abgrall7bdfa522013-11-15 13:42:56 -08001769 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001770 }
1771
Paul Lawrencef4faa572014-01-29 13:31:03 -08001772 fs_mgr_get_crypt_info(fstab, 0, real_blkdev, sizeof(real_blkdev));
1773
Ajay Dudani87701e22014-09-17 21:02:52 -07001774#ifdef CONFIG_HW_DISK_ENCRYPTION
Iliyan Malchevbb7d9af2014-11-20 18:42:23 -08001775 if (!strcmp((char *)crypt_ftr->crypto_type_name, "aes-xts")) {
1776 if(!set_hw_device_encryption_key(passwd, (char*) crypt_ftr->crypto_type_name)) {
1777 SLOGE("Hardware encryption key does not match");
1778 }
Ajay Dudani87701e22014-09-17 21:02:52 -07001779 }
1780#endif
1781
Paul Lawrence74f29f12014-08-28 15:54:10 -07001782 // Create crypto block device - all (non fatal) code paths
1783 // need it
Paul Lawrencef4faa572014-01-29 13:31:03 -08001784 if (create_crypto_blk_dev(crypt_ftr, decrypted_master_key,
1785 real_blkdev, crypto_blkdev, label)) {
Paul Lawrence74f29f12014-08-28 15:54:10 -07001786 SLOGE("Error creating decrypted block device\n");
1787 rc = -1;
1788 goto errout;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001789 }
1790
Paul Lawrence74f29f12014-08-28 15:54:10 -07001791 /* Work out if the problem is the password or the data */
1792 unsigned char scrypted_intermediate_key[sizeof(crypt_ftr->
1793 scrypted_intermediate_key)];
1794 int N = 1 << crypt_ftr->N_factor;
1795 int r = 1 << crypt_ftr->r_factor;
1796 int p = 1 << crypt_ftr->p_factor;
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001797
Paul Lawrence74f29f12014-08-28 15:54:10 -07001798 rc = crypto_scrypt(intermediate_key, intermediate_key_size,
1799 crypt_ftr->salt, sizeof(crypt_ftr->salt),
1800 N, r, p, scrypted_intermediate_key,
1801 sizeof(scrypted_intermediate_key));
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001802
Paul Lawrence74f29f12014-08-28 15:54:10 -07001803 // Does the key match the crypto footer?
1804 if (rc == 0 && memcmp(scrypted_intermediate_key,
1805 crypt_ftr->scrypted_intermediate_key,
1806 sizeof(scrypted_intermediate_key)) == 0) {
1807 SLOGI("Password matches");
1808 rc = 0;
1809 } else {
1810 /* Try mounting the file system anyway, just in case the problem's with
1811 * the footer, not the key. */
1812 sprintf(tmp_mount_point, "%s/tmp_mnt", mount_point);
1813 mkdir(tmp_mount_point, 0755);
1814 if (fs_mgr_do_mount(fstab, DATA_MNT_POINT, crypto_blkdev, tmp_mount_point)) {
1815 SLOGE("Error temp mounting decrypted block device\n");
1816 delete_crypto_blk_dev(label);
1817
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001818 rc = ++crypt_ftr->failed_decrypt_count;
1819 put_crypt_ftr_and_key(crypt_ftr);
Paul Lawrence74f29f12014-08-28 15:54:10 -07001820 } else {
1821 /* Success! */
1822 SLOGI("Password did not match but decrypted drive mounted - continue");
1823 umount(tmp_mount_point);
1824 rc = 0;
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001825 }
Paul Lawrence74f29f12014-08-28 15:54:10 -07001826 }
1827
1828 if (rc == 0) {
1829 crypt_ftr->failed_decrypt_count = 0;
Paul Lawrence72b8b822014-10-05 12:57:37 -07001830 if (orig_failed_decrypt_count != 0) {
1831 put_crypt_ftr_and_key(crypt_ftr);
1832 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001833
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001834 /* Save the name of the crypto block device
Paul Lawrence74f29f12014-08-28 15:54:10 -07001835 * so we can mount it when restarting the framework. */
Ken Sumrall6864b7e2011-01-14 15:20:02 -08001836 property_set("ro.crypto.fs_crypto_blkdev", crypto_blkdev);
Jason parks70a4b3f2011-01-28 10:10:47 -06001837
1838 /* Also save a the master key so we can reencrypted the key
Paul Lawrence74f29f12014-08-28 15:54:10 -07001839 * the key when we want to change the password on it. */
Jason parks70a4b3f2011-01-28 10:10:47 -06001840 memcpy(saved_master_key, decrypted_master_key, KEY_LEN_BYTES);
Ken Sumrall3ad90722011-10-04 20:38:29 -07001841 saved_mount_point = strdup(mount_point);
Jason parks70a4b3f2011-01-28 10:10:47 -06001842 master_key_saved = 1;
JP Abgrall7bdfa522013-11-15 13:42:56 -08001843 SLOGD("%s(): Master key saved\n", __FUNCTION__);
Ken Sumrall6864b7e2011-01-14 15:20:02 -08001844 rc = 0;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001845
Paul Lawrence74f29f12014-08-28 15:54:10 -07001846 // Upgrade if we're not using the latest KDF.
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001847 use_keymaster = keymaster_check_compatibility();
1848 if (crypt_ftr->kdf_type == KDF_SCRYPT_KEYMASTER) {
Shawn Willden47ba10d2014-09-03 17:07:06 -06001849 // Don't allow downgrade
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001850 } else if (use_keymaster == 1 && crypt_ftr->kdf_type != KDF_SCRYPT_KEYMASTER) {
1851 crypt_ftr->kdf_type = KDF_SCRYPT_KEYMASTER;
1852 upgrade = 1;
1853 } else if (use_keymaster == 0 && crypt_ftr->kdf_type != KDF_SCRYPT) {
Paul Lawrencef4faa572014-01-29 13:31:03 -08001854 crypt_ftr->kdf_type = KDF_SCRYPT;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001855 upgrade = 1;
1856 }
1857
1858 if (upgrade) {
Paul Lawrencef4faa572014-01-29 13:31:03 -08001859 rc = encrypt_master_key(passwd, crypt_ftr->salt, saved_master_key,
1860 crypt_ftr->master_key, crypt_ftr);
JP Abgrall7bdfa522013-11-15 13:42:56 -08001861 if (!rc) {
Paul Lawrencef4faa572014-01-29 13:31:03 -08001862 rc = put_crypt_ftr_and_key(crypt_ftr);
JP Abgrall7bdfa522013-11-15 13:42:56 -08001863 }
1864 SLOGD("Key Derivation Function upgrade: rc=%d\n", rc);
Paul Lawrenceb2f682b2014-09-08 11:28:19 -07001865
1866 // Do not fail even if upgrade failed - machine is bootable
1867 // Note that if this code is ever hit, there is a *serious* problem
1868 // since KDFs should never fail. You *must* fix the kdf before
1869 // proceeding!
1870 if (rc) {
1871 SLOGW("Upgrade failed with error %d,"
1872 " but continuing with previous state",
1873 rc);
1874 rc = 0;
1875 }
JP Abgrall7bdfa522013-11-15 13:42:56 -08001876 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001877 }
1878
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001879 errout:
1880 if (intermediate_key) {
1881 memset(intermediate_key, 0, intermediate_key_size);
1882 free(intermediate_key);
1883 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001884 return rc;
1885}
1886
Ken Sumrall29d8da82011-05-18 17:20:07 -07001887/*
Jeff Sharkey9c484982015-03-31 10:35:33 -07001888 * Called by vold when it's asked to mount an encrypted external
1889 * storage volume. The incoming partition has no crypto header/footer,
1890 * as any metadata is been stored in a separate, small partition.
1891 *
1892 * out_crypto_blkdev must be MAXPATHLEN.
Ken Sumrall29d8da82011-05-18 17:20:07 -07001893 */
Jeff Sharkey9c484982015-03-31 10:35:33 -07001894int cryptfs_setup_ext_volume(const char* label, const char* real_blkdev,
1895 const unsigned char* key, int keysize, char* out_crypto_blkdev) {
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07001896 int fd = open(real_blkdev, O_RDONLY|O_CLOEXEC);
Hiroaki Miyazawa14eab552015-02-04 13:29:15 +09001897 if (fd == -1) {
Jeff Sharkey9c484982015-03-31 10:35:33 -07001898 SLOGE("Failed to open %s: %s", real_blkdev, strerror(errno));
Hiroaki Miyazawa14eab552015-02-04 13:29:15 +09001899 return -1;
1900 }
1901
1902 unsigned long nr_sec = 0;
1903 get_blkdev_size(fd, &nr_sec);
Ken Sumrall29d8da82011-05-18 17:20:07 -07001904 close(fd);
Hiroaki Miyazawa14eab552015-02-04 13:29:15 +09001905
Ken Sumrall29d8da82011-05-18 17:20:07 -07001906 if (nr_sec == 0) {
Jeff Sharkey9c484982015-03-31 10:35:33 -07001907 SLOGE("Failed to get size of %s: %s", real_blkdev, strerror(errno));
Ken Sumrall29d8da82011-05-18 17:20:07 -07001908 return -1;
1909 }
1910
Jeff Sharkey9c484982015-03-31 10:35:33 -07001911 struct crypt_mnt_ftr ext_crypt_ftr;
1912 memset(&ext_crypt_ftr, 0, sizeof(ext_crypt_ftr));
1913 ext_crypt_ftr.fs_size = nr_sec;
1914 ext_crypt_ftr.keysize = keysize;
1915 strcpy((char*) ext_crypt_ftr.crypto_type_name, "aes-cbc-essiv:sha256");
Ken Sumrall29d8da82011-05-18 17:20:07 -07001916
Jeff Sharkey9c484982015-03-31 10:35:33 -07001917 return create_crypto_blk_dev(&ext_crypt_ftr, key, real_blkdev,
1918 out_crypto_blkdev, label);
1919}
Ken Sumrall29d8da82011-05-18 17:20:07 -07001920
Jeff Sharkey9c484982015-03-31 10:35:33 -07001921/*
1922 * Called by vold when it's asked to unmount an encrypted external
1923 * storage volume.
1924 */
1925int cryptfs_revert_ext_volume(const char* label) {
1926 return delete_crypto_blk_dev((char*) label);
Ken Sumrall29d8da82011-05-18 17:20:07 -07001927}
1928
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08001929int cryptfs_crypto_complete(void)
1930{
1931 return do_crypto_complete("/data");
1932}
1933
Paul Lawrencef4faa572014-01-29 13:31:03 -08001934int check_unmounted_and_get_ftr(struct crypt_mnt_ftr* crypt_ftr)
1935{
1936 char encrypted_state[PROPERTY_VALUE_MAX];
1937 property_get("ro.crypto.state", encrypted_state, "");
1938 if ( master_key_saved || strcmp(encrypted_state, "encrypted") ) {
1939 SLOGE("encrypted fs already validated or not running with encryption,"
1940 " aborting");
1941 return -1;
1942 }
1943
1944 if (get_crypt_ftr_and_key(crypt_ftr)) {
1945 SLOGE("Error getting crypt footer and key");
1946 return -1;
1947 }
1948
1949 return 0;
1950}
1951
Paul Lawrencefc615042014-10-04 15:32:29 -07001952/*
1953 * TODO - transition patterns to new format in calling code
1954 * and remove this vile hack, and the use of hex in
1955 * the password passing code.
1956 *
1957 * Patterns are passed in zero based (i.e. the top left dot
1958 * is represented by zero, the top middle one etc), but we want
1959 * to store them '1' based.
1960 * This is to allow us to migrate the calling code to use this
1961 * convention. It also solves a nasty problem whereby scrypt ignores
1962 * trailing zeros, so patterns ending at the top left could be
1963 * truncated, and similarly, you could add the top left to any
1964 * pattern and still match.
1965 * adjust_passwd is a hack function that returns the alternate representation
1966 * if the password appears to be a pattern (hex numbers all less than 09)
1967 * If it succeeds we need to try both, and in particular try the alternate
1968 * first. If the original matches, then we need to update the footer
1969 * with the alternate.
1970 * All code that accepts passwords must adjust them first. Since
1971 * cryptfs_check_passwd is always the first function called after a migration
1972 * (and indeed on any boot) we only need to do the double try in this
1973 * function.
1974 */
1975char* adjust_passwd(const char* passwd)
1976{
1977 size_t index, length;
1978
1979 if (!passwd) {
1980 return 0;
1981 }
1982
1983 // Check even length. Hex encoded passwords are always
1984 // an even length, since each character encodes to two characters.
1985 length = strlen(passwd);
1986 if (length % 2) {
1987 SLOGW("Password not correctly hex encoded.");
1988 return 0;
1989 }
1990
1991 // Check password is old-style pattern - a collection of hex
1992 // encoded bytes less than 9 (00 through 08)
1993 for (index = 0; index < length; index +=2) {
1994 if (passwd[index] != '0'
1995 || passwd[index + 1] < '0' || passwd[index + 1] > '8') {
1996 return 0;
1997 }
1998 }
1999
2000 // Allocate room for adjusted passwd and null terminate
2001 char* adjusted = malloc(length + 1);
2002 adjusted[length] = 0;
2003
2004 // Add 0x31 ('1') to each character
2005 for (index = 0; index < length; index += 2) {
2006 // output is 31 through 39 so set first byte to three, second to src + 1
2007 adjusted[index] = '3';
2008 adjusted[index + 1] = passwd[index + 1] + 1;
2009 }
2010
2011 return adjusted;
2012}
2013
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002014int cryptfs_check_passwd(char *passwd)
2015{
Paul Lawrence05335c32015-03-05 09:46:23 -08002016 SLOGI("cryptfs_check_passwd");
2017 if (e4crypt_crypto_complete(DATA_MNT_POINT) == 0) {
2018 return e4crypt_check_passwd(DATA_MNT_POINT, passwd);
2019 }
2020
Paul Lawrencef4faa572014-01-29 13:31:03 -08002021 struct crypt_mnt_ftr crypt_ftr;
2022 int rc;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002023
Paul Lawrencef4faa572014-01-29 13:31:03 -08002024 rc = check_unmounted_and_get_ftr(&crypt_ftr);
2025 if (rc)
2026 return rc;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002027
Paul Lawrencefc615042014-10-04 15:32:29 -07002028 char* adjusted_passwd = adjust_passwd(passwd);
2029 if (adjusted_passwd) {
2030 int failed_decrypt_count = crypt_ftr.failed_decrypt_count;
2031 rc = test_mount_encrypted_fs(&crypt_ftr, adjusted_passwd,
2032 DATA_MNT_POINT, "userdata");
2033
2034 // Maybe the original one still works?
2035 if (rc) {
2036 // Don't double count this failure
2037 crypt_ftr.failed_decrypt_count = failed_decrypt_count;
2038 rc = test_mount_encrypted_fs(&crypt_ftr, passwd,
2039 DATA_MNT_POINT, "userdata");
2040 if (!rc) {
2041 // cryptfs_changepw also adjusts so pass original
2042 // Note that adjust_passwd only recognises patterns
2043 // so we can safely use CRYPT_TYPE_PATTERN
2044 SLOGI("Updating pattern to new format");
2045 cryptfs_changepw(CRYPT_TYPE_PATTERN, passwd);
2046 }
2047 }
2048 free(adjusted_passwd);
2049 } else {
2050 rc = test_mount_encrypted_fs(&crypt_ftr, passwd,
2051 DATA_MNT_POINT, "userdata");
2052 }
Paul Lawrence684dbdf2014-02-07 12:07:22 -08002053
2054 if (rc == 0 && crypt_ftr.crypt_type != CRYPT_TYPE_DEFAULT) {
Paul Lawrence399317e2014-03-10 13:20:50 -07002055 cryptfs_clear_password();
2056 password = strdup(passwd);
2057 struct timespec now;
2058 clock_gettime(CLOCK_BOOTTIME, &now);
2059 password_expiry_time = now.tv_sec + password_max_age_seconds;
Paul Lawrence684dbdf2014-02-07 12:07:22 -08002060 }
2061
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002062 return rc;
2063}
2064
Ken Sumrall3ad90722011-10-04 20:38:29 -07002065int cryptfs_verify_passwd(char *passwd)
2066{
2067 struct crypt_mnt_ftr crypt_ftr;
2068 /* Allocate enough space for a 256 bit key, but we may use less */
Ken Sumrall160b4d62013-04-22 12:15:39 -07002069 unsigned char decrypted_master_key[32];
Ken Sumrall3ad90722011-10-04 20:38:29 -07002070 char encrypted_state[PROPERTY_VALUE_MAX];
2071 int rc;
2072
2073 property_get("ro.crypto.state", encrypted_state, "");
2074 if (strcmp(encrypted_state, "encrypted") ) {
2075 SLOGE("device not encrypted, aborting");
2076 return -2;
2077 }
2078
2079 if (!master_key_saved) {
2080 SLOGE("encrypted fs not yet mounted, aborting");
2081 return -1;
2082 }
2083
2084 if (!saved_mount_point) {
2085 SLOGE("encrypted fs failed to save mount point, aborting");
2086 return -1;
2087 }
2088
Ken Sumrall160b4d62013-04-22 12:15:39 -07002089 if (get_crypt_ftr_and_key(&crypt_ftr)) {
Ken Sumrall3ad90722011-10-04 20:38:29 -07002090 SLOGE("Error getting crypt footer and key\n");
2091 return -1;
2092 }
2093
2094 if (crypt_ftr.flags & CRYPT_MNT_KEY_UNENCRYPTED) {
2095 /* If the device has no password, then just say the password is valid */
2096 rc = 0;
2097 } else {
Paul Lawrencefc615042014-10-04 15:32:29 -07002098 char* adjusted_passwd = adjust_passwd(passwd);
2099 if (adjusted_passwd) {
2100 passwd = adjusted_passwd;
2101 }
2102
Paul Lawrenced0c7b172014-08-08 14:28:10 -07002103 decrypt_master_key(passwd, decrypted_master_key, &crypt_ftr, 0, 0);
Ken Sumrall3ad90722011-10-04 20:38:29 -07002104 if (!memcmp(decrypted_master_key, saved_master_key, crypt_ftr.keysize)) {
2105 /* They match, the password is correct */
2106 rc = 0;
2107 } else {
2108 /* If incorrect, sleep for a bit to prevent dictionary attacks */
2109 sleep(1);
2110 rc = 1;
2111 }
Paul Lawrencefc615042014-10-04 15:32:29 -07002112
2113 free(adjusted_passwd);
Ken Sumrall3ad90722011-10-04 20:38:29 -07002114 }
2115
2116 return rc;
2117}
2118
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002119/* Initialize a crypt_mnt_ftr structure. The keysize is
2120 * defaulted to 16 bytes, and the filesystem size to 0.
2121 * Presumably, at a minimum, the caller will update the
2122 * filesystem size and crypto_type_name after calling this function.
2123 */
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07002124static int cryptfs_init_crypt_mnt_ftr(struct crypt_mnt_ftr *ftr)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002125{
Ken Sumrall160b4d62013-04-22 12:15:39 -07002126 off64_t off;
2127
2128 memset(ftr, 0, sizeof(struct crypt_mnt_ftr));
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002129 ftr->magic = CRYPT_MNT_MAGIC;
Kenny Rootc96a5f82013-06-14 12:08:28 -07002130 ftr->major_version = CURRENT_MAJOR_VERSION;
2131 ftr->minor_version = CURRENT_MINOR_VERSION;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002132 ftr->ftr_size = sizeof(struct crypt_mnt_ftr);
Jason parks70a4b3f2011-01-28 10:10:47 -06002133 ftr->keysize = KEY_LEN_BYTES;
Ken Sumrall160b4d62013-04-22 12:15:39 -07002134
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07002135 switch (keymaster_check_compatibility()) {
2136 case 1:
2137 ftr->kdf_type = KDF_SCRYPT_KEYMASTER;
2138 break;
2139
2140 case 0:
2141 ftr->kdf_type = KDF_SCRYPT;
2142 break;
2143
2144 default:
2145 SLOGE("keymaster_check_compatibility failed");
2146 return -1;
2147 }
2148
Kenny Rootc4c70f12013-06-14 12:11:38 -07002149 get_device_scrypt_params(ftr);
2150
Ken Sumrall160b4d62013-04-22 12:15:39 -07002151 ftr->persist_data_size = CRYPT_PERSIST_DATA_SIZE;
2152 if (get_crypt_ftr_info(NULL, &off) == 0) {
2153 ftr->persist_data_offset[0] = off + CRYPT_FOOTER_TO_PERSIST_OFFSET;
2154 ftr->persist_data_offset[1] = off + CRYPT_FOOTER_TO_PERSIST_OFFSET +
2155 ftr->persist_data_size;
2156 }
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07002157
2158 return 0;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002159}
2160
Ken Sumrall29d8da82011-05-18 17:20:07 -07002161static int cryptfs_enable_wipe(char *crypto_blkdev, off64_t size, int type)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002162{
Ken Sumralle550f782013-08-20 13:48:23 -07002163 const char *args[10];
2164 char size_str[32]; /* Must be large enough to hold a %lld and null byte */
2165 int num_args;
2166 int status;
2167 int tmp;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002168 int rc = -1;
2169
Ken Sumrall29d8da82011-05-18 17:20:07 -07002170 if (type == EXT4_FS) {
Ken Sumralle550f782013-08-20 13:48:23 -07002171 args[0] = "/system/bin/make_ext4fs";
2172 args[1] = "-a";
2173 args[2] = "/data";
2174 args[3] = "-l";
Elliott Hughes73737162014-06-25 17:27:42 -07002175 snprintf(size_str, sizeof(size_str), "%" PRId64, size * 512);
Ken Sumralle550f782013-08-20 13:48:23 -07002176 args[4] = size_str;
2177 args[5] = crypto_blkdev;
2178 num_args = 6;
2179 SLOGI("Making empty filesystem with command %s %s %s %s %s %s\n",
2180 args[0], args[1], args[2], args[3], args[4], args[5]);
JP Abgrall62c7af32014-06-16 13:01:23 -07002181 } else if (type == F2FS_FS) {
2182 args[0] = "/system/bin/mkfs.f2fs";
2183 args[1] = "-t";
2184 args[2] = "-d1";
2185 args[3] = crypto_blkdev;
Elliott Hughes73737162014-06-25 17:27:42 -07002186 snprintf(size_str, sizeof(size_str), "%" PRId64, size);
JP Abgrall62c7af32014-06-16 13:01:23 -07002187 args[4] = size_str;
2188 num_args = 5;
2189 SLOGI("Making empty filesystem with command %s %s %s %s %s\n",
2190 args[0], args[1], args[2], args[3], args[4]);
Ken Sumrall29d8da82011-05-18 17:20:07 -07002191 } else {
2192 SLOGE("cryptfs_enable_wipe(): unknown filesystem type %d\n", type);
2193 return -1;
2194 }
2195
Ken Sumralle550f782013-08-20 13:48:23 -07002196 tmp = android_fork_execvp(num_args, (char **)args, &status, false, true);
2197
2198 if (tmp != 0) {
2199 SLOGE("Error creating empty filesystem on %s due to logwrap error\n", crypto_blkdev);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002200 } else {
Ken Sumralle550f782013-08-20 13:48:23 -07002201 if (WIFEXITED(status)) {
2202 if (WEXITSTATUS(status)) {
2203 SLOGE("Error creating filesystem on %s, exit status %d ",
2204 crypto_blkdev, WEXITSTATUS(status));
2205 } else {
2206 SLOGD("Successfully created filesystem on %s\n", crypto_blkdev);
2207 rc = 0;
2208 }
2209 } else {
2210 SLOGE("Error creating filesystem on %s, did not exit normally\n", crypto_blkdev);
2211 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002212 }
2213
2214 return rc;
2215}
2216
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002217#define CRYPT_INPLACE_BUFSIZE 4096
Paul Lawrence87999172014-02-20 12:21:31 -08002218#define CRYPT_SECTORS_PER_BUFSIZE (CRYPT_INPLACE_BUFSIZE / CRYPT_SECTOR_SIZE)
2219#define CRYPT_SECTOR_SIZE 512
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002220
2221/* aligned 32K writes tends to make flash happy.
2222 * SD card association recommends it.
2223 */
Ajay Dudani87701e22014-09-17 21:02:52 -07002224#ifndef CONFIG_HW_DISK_ENCRYPTION
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002225#define BLOCKS_AT_A_TIME 8
Ajay Dudani87701e22014-09-17 21:02:52 -07002226#else
2227#define BLOCKS_AT_A_TIME 1024
2228#endif
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002229
2230struct encryptGroupsData
2231{
2232 int realfd;
2233 int cryptofd;
2234 off64_t numblocks;
2235 off64_t one_pct, cur_pct, new_pct;
2236 off64_t blocks_already_done, tot_numblocks;
Paul Lawrence58c58cf2014-06-04 13:12:21 -07002237 off64_t used_blocks_already_done, tot_used_blocks;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002238 char* real_blkdev, * crypto_blkdev;
2239 int count;
2240 off64_t offset;
2241 char* buffer;
Paul Lawrence87999172014-02-20 12:21:31 -08002242 off64_t last_written_sector;
2243 int completed;
Paul Lawrencea96d9c92014-06-04 14:05:01 -07002244 time_t time_started;
2245 int remaining_time;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002246};
2247
Paul Lawrence58c58cf2014-06-04 13:12:21 -07002248static void update_progress(struct encryptGroupsData* data, int is_used)
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002249{
2250 data->blocks_already_done++;
Paul Lawrence58c58cf2014-06-04 13:12:21 -07002251
2252 if (is_used) {
2253 data->used_blocks_already_done++;
2254 }
Paul Lawrence58c58cf2014-06-04 13:12:21 -07002255 if (data->tot_used_blocks) {
2256 data->new_pct = data->used_blocks_already_done / data->one_pct;
2257 } else {
2258 data->new_pct = data->blocks_already_done / data->one_pct;
2259 }
2260
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002261 if (data->new_pct > data->cur_pct) {
2262 char buf[8];
2263 data->cur_pct = data->new_pct;
Elliott Hughescb33f572014-06-25 18:25:11 -07002264 snprintf(buf, sizeof(buf), "%" PRId64, data->cur_pct);
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002265 property_set("vold.encrypt_progress", buf);
2266 }
Paul Lawrencea96d9c92014-06-04 14:05:01 -07002267
2268 if (data->cur_pct >= 5) {
Paul Lawrence9c58a872014-09-30 09:12:51 -07002269 struct timespec time_now;
2270 if (clock_gettime(CLOCK_MONOTONIC, &time_now)) {
2271 SLOGW("Error getting time");
2272 } else {
2273 double elapsed_time = difftime(time_now.tv_sec, data->time_started);
2274 off64_t remaining_blocks = data->tot_used_blocks
2275 - data->used_blocks_already_done;
2276 int remaining_time = (int)(elapsed_time * remaining_blocks
2277 / data->used_blocks_already_done);
Paul Lawrence71577502014-08-13 14:55:55 -07002278
Paul Lawrence9c58a872014-09-30 09:12:51 -07002279 // Change time only if not yet set, lower, or a lot higher for
2280 // best user experience
2281 if (data->remaining_time == -1
2282 || remaining_time < data->remaining_time
2283 || remaining_time > data->remaining_time + 60) {
2284 char buf[8];
2285 snprintf(buf, sizeof(buf), "%d", remaining_time);
2286 property_set("vold.encrypt_time_remaining", buf);
2287 data->remaining_time = remaining_time;
2288 }
Paul Lawrencea96d9c92014-06-04 14:05:01 -07002289 }
2290 }
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002291}
2292
Paul Lawrence3846be12014-09-22 11:33:54 -07002293static void log_progress(struct encryptGroupsData const* data, bool completed)
2294{
2295 // Precondition - if completed data = 0 else data != 0
2296
2297 // Track progress so we can skip logging blocks
2298 static off64_t offset = -1;
2299
2300 // Need to close existing 'Encrypting from' log?
2301 if (completed || (offset != -1 && data->offset != offset)) {
2302 SLOGI("Encrypted to sector %" PRId64,
2303 offset / info.block_size * CRYPT_SECTOR_SIZE);
2304 offset = -1;
2305 }
2306
2307 // Need to start new 'Encrypting from' log?
2308 if (!completed && offset != data->offset) {
2309 SLOGI("Encrypting from sector %" PRId64,
2310 data->offset / info.block_size * CRYPT_SECTOR_SIZE);
2311 }
2312
2313 // Update offset
2314 if (!completed) {
2315 offset = data->offset + (off64_t)data->count * info.block_size;
2316 }
2317}
2318
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002319static int flush_outstanding_data(struct encryptGroupsData* data)
2320{
2321 if (data->count == 0) {
2322 return 0;
2323 }
2324
Elliott Hughes231bdba2014-06-25 18:36:19 -07002325 SLOGV("Copying %d blocks at offset %" PRIx64, data->count, data->offset);
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002326
2327 if (pread64(data->realfd, data->buffer,
2328 info.block_size * data->count, data->offset)
2329 <= 0) {
2330 SLOGE("Error reading real_blkdev %s for inplace encrypt",
2331 data->real_blkdev);
2332 return -1;
2333 }
2334
2335 if (pwrite64(data->cryptofd, data->buffer,
2336 info.block_size * data->count, data->offset)
2337 <= 0) {
2338 SLOGE("Error writing crypto_blkdev %s for inplace encrypt",
2339 data->crypto_blkdev);
2340 return -1;
Paul Lawrence87999172014-02-20 12:21:31 -08002341 } else {
Paul Lawrence3846be12014-09-22 11:33:54 -07002342 log_progress(data, false);
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002343 }
2344
2345 data->count = 0;
Paul Lawrence87999172014-02-20 12:21:31 -08002346 data->last_written_sector = (data->offset + data->count)
2347 / info.block_size * CRYPT_SECTOR_SIZE - 1;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002348 return 0;
2349}
2350
2351static int encrypt_groups(struct encryptGroupsData* data)
2352{
2353 unsigned int i;
2354 u8 *block_bitmap = 0;
2355 unsigned int block;
2356 off64_t ret;
2357 int rc = -1;
2358
2359 data->buffer = malloc(info.block_size * BLOCKS_AT_A_TIME);
2360 if (!data->buffer) {
2361 SLOGE("Failed to allocate crypto buffer");
2362 goto errout;
2363 }
2364
2365 block_bitmap = malloc(info.block_size);
2366 if (!block_bitmap) {
2367 SLOGE("failed to allocate block bitmap");
2368 goto errout;
2369 }
2370
2371 for (i = 0; i < aux_info.groups; ++i) {
2372 SLOGI("Encrypting group %d", i);
2373
2374 u32 first_block = aux_info.first_data_block + i * info.blocks_per_group;
2375 u32 block_count = min(info.blocks_per_group,
2376 aux_info.len_blocks - first_block);
2377
2378 off64_t offset = (u64)info.block_size
2379 * aux_info.bg_desc[i].bg_block_bitmap;
2380
2381 ret = pread64(data->realfd, block_bitmap, info.block_size, offset);
2382 if (ret != (int)info.block_size) {
2383 SLOGE("failed to read all of block group bitmap %d", i);
2384 goto errout;
2385 }
2386
2387 offset = (u64)info.block_size * first_block;
2388
2389 data->count = 0;
2390
2391 for (block = 0; block < block_count; block++) {
Paul Lawrence58c58cf2014-06-04 13:12:21 -07002392 int used = bitmap_get_bit(block_bitmap, block);
2393 update_progress(data, used);
2394 if (used) {
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002395 if (data->count == 0) {
2396 data->offset = offset;
2397 }
2398 data->count++;
2399 } else {
2400 if (flush_outstanding_data(data)) {
2401 goto errout;
2402 }
2403 }
2404
2405 offset += info.block_size;
2406
2407 /* Write data if we are aligned or buffer size reached */
2408 if (offset % (info.block_size * BLOCKS_AT_A_TIME) == 0
2409 || data->count == BLOCKS_AT_A_TIME) {
2410 if (flush_outstanding_data(data)) {
2411 goto errout;
2412 }
2413 }
Paul Lawrence87999172014-02-20 12:21:31 -08002414
Paul Lawrence73d7a022014-06-09 14:10:09 -07002415 if (!is_battery_ok_to_continue()) {
Paul Lawrence87999172014-02-20 12:21:31 -08002416 SLOGE("Stopping encryption due to low battery");
2417 rc = 0;
2418 goto errout;
2419 }
2420
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002421 }
2422 if (flush_outstanding_data(data)) {
2423 goto errout;
2424 }
2425 }
2426
Paul Lawrence87999172014-02-20 12:21:31 -08002427 data->completed = 1;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002428 rc = 0;
2429
2430errout:
Paul Lawrence3846be12014-09-22 11:33:54 -07002431 log_progress(0, true);
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002432 free(data->buffer);
2433 free(block_bitmap);
2434 return rc;
2435}
2436
2437static int cryptfs_enable_inplace_ext4(char *crypto_blkdev,
2438 char *real_blkdev,
2439 off64_t size,
2440 off64_t *size_already_done,
Paul Lawrence87999172014-02-20 12:21:31 -08002441 off64_t tot_size,
2442 off64_t previously_encrypted_upto)
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002443{
Paul Lawrence58c58cf2014-06-04 13:12:21 -07002444 u32 i;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002445 struct encryptGroupsData data;
Paul Lawrence74f29f12014-08-28 15:54:10 -07002446 int rc; // Can't initialize without causing warning -Wclobbered
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002447
Paul Lawrence87999172014-02-20 12:21:31 -08002448 if (previously_encrypted_upto > *size_already_done) {
2449 SLOGD("Not fast encrypting since resuming part way through");
2450 return -1;
2451 }
2452
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002453 memset(&data, 0, sizeof(data));
2454 data.real_blkdev = real_blkdev;
2455 data.crypto_blkdev = crypto_blkdev;
2456
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07002457 if ( (data.realfd = open(real_blkdev, O_RDWR|O_CLOEXEC)) < 0) {
JP Abgrall3334c6a2014-10-10 15:52:11 -07002458 SLOGE("Error opening real_blkdev %s for inplace encrypt. err=%d(%s)\n",
2459 real_blkdev, errno, strerror(errno));
Paul Lawrence74f29f12014-08-28 15:54:10 -07002460 rc = -1;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002461 goto errout;
2462 }
2463
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07002464 if ( (data.cryptofd = open(crypto_blkdev, O_WRONLY|O_CLOEXEC)) < 0) {
JP Abgrall7fc1de82014-10-10 18:43:41 -07002465 SLOGE("Error opening crypto_blkdev %s for ext4 inplace encrypt. err=%d(%s)\n",
JP Abgrall3334c6a2014-10-10 15:52:11 -07002466 crypto_blkdev, errno, strerror(errno));
JP Abgrall7fc1de82014-10-10 18:43:41 -07002467 rc = ENABLE_INPLACE_ERR_DEV;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002468 goto errout;
2469 }
2470
2471 if (setjmp(setjmp_env)) {
JP Abgrall7fc1de82014-10-10 18:43:41 -07002472 SLOGE("Reading ext4 extent caused an exception\n");
Paul Lawrence74f29f12014-08-28 15:54:10 -07002473 rc = -1;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002474 goto errout;
2475 }
2476
2477 if (read_ext(data.realfd, 0) != 0) {
JP Abgrall7fc1de82014-10-10 18:43:41 -07002478 SLOGE("Failed to read ext4 extent\n");
Paul Lawrence74f29f12014-08-28 15:54:10 -07002479 rc = -1;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002480 goto errout;
2481 }
2482
2483 data.numblocks = size / CRYPT_SECTORS_PER_BUFSIZE;
2484 data.tot_numblocks = tot_size / CRYPT_SECTORS_PER_BUFSIZE;
2485 data.blocks_already_done = *size_already_done / CRYPT_SECTORS_PER_BUFSIZE;
2486
JP Abgrall7fc1de82014-10-10 18:43:41 -07002487 SLOGI("Encrypting ext4 filesystem in place...");
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002488
Paul Lawrence58c58cf2014-06-04 13:12:21 -07002489 data.tot_used_blocks = data.numblocks;
2490 for (i = 0; i < aux_info.groups; ++i) {
2491 data.tot_used_blocks -= aux_info.bg_desc[i].bg_free_blocks_count;
2492 }
2493
2494 data.one_pct = data.tot_used_blocks / 100;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002495 data.cur_pct = 0;
Paul Lawrence9c58a872014-09-30 09:12:51 -07002496
2497 struct timespec time_started = {0};
2498 if (clock_gettime(CLOCK_MONOTONIC, &time_started)) {
2499 SLOGW("Error getting time at start");
2500 // Note - continue anyway - we'll run with 0
2501 }
2502 data.time_started = time_started.tv_sec;
Paul Lawrencea96d9c92014-06-04 14:05:01 -07002503 data.remaining_time = -1;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002504
2505 rc = encrypt_groups(&data);
2506 if (rc) {
2507 SLOGE("Error encrypting groups");
2508 goto errout;
2509 }
2510
Paul Lawrence87999172014-02-20 12:21:31 -08002511 *size_already_done += data.completed ? size : data.last_written_sector;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002512 rc = 0;
2513
2514errout:
2515 close(data.realfd);
2516 close(data.cryptofd);
2517
2518 return rc;
2519}
2520
Paul Lawrence3846be12014-09-22 11:33:54 -07002521static void log_progress_f2fs(u64 block, bool completed)
2522{
2523 // Precondition - if completed data = 0 else data != 0
2524
2525 // Track progress so we can skip logging blocks
2526 static u64 last_block = (u64)-1;
2527
2528 // Need to close existing 'Encrypting from' log?
2529 if (completed || (last_block != (u64)-1 && block != last_block + 1)) {
2530 SLOGI("Encrypted to block %" PRId64, last_block);
2531 last_block = -1;
2532 }
2533
2534 // Need to start new 'Encrypting from' log?
2535 if (!completed && (last_block == (u64)-1 || block != last_block + 1)) {
2536 SLOGI("Encrypting from block %" PRId64, block);
2537 }
2538
2539 // Update offset
2540 if (!completed) {
2541 last_block = block;
2542 }
2543}
2544
Daniel Rosenberge82df162014-08-15 22:19:23 +00002545static int encrypt_one_block_f2fs(u64 pos, void *data)
2546{
2547 struct encryptGroupsData *priv_dat = (struct encryptGroupsData *)data;
2548
2549 priv_dat->blocks_already_done = pos - 1;
2550 update_progress(priv_dat, 1);
2551
2552 off64_t offset = pos * CRYPT_INPLACE_BUFSIZE;
2553
2554 if (pread64(priv_dat->realfd, priv_dat->buffer, CRYPT_INPLACE_BUFSIZE, offset) <= 0) {
JP Abgrall7fc1de82014-10-10 18:43:41 -07002555 SLOGE("Error reading real_blkdev %s for f2fs inplace encrypt", priv_dat->crypto_blkdev);
Daniel Rosenberge82df162014-08-15 22:19:23 +00002556 return -1;
2557 }
2558
2559 if (pwrite64(priv_dat->cryptofd, priv_dat->buffer, CRYPT_INPLACE_BUFSIZE, offset) <= 0) {
JP Abgrall7fc1de82014-10-10 18:43:41 -07002560 SLOGE("Error writing crypto_blkdev %s for f2fs inplace encrypt", priv_dat->crypto_blkdev);
Daniel Rosenberge82df162014-08-15 22:19:23 +00002561 return -1;
2562 } else {
Paul Lawrence3846be12014-09-22 11:33:54 -07002563 log_progress_f2fs(pos, false);
Daniel Rosenberge82df162014-08-15 22:19:23 +00002564 }
2565
2566 return 0;
2567}
2568
2569static int cryptfs_enable_inplace_f2fs(char *crypto_blkdev,
2570 char *real_blkdev,
2571 off64_t size,
2572 off64_t *size_already_done,
2573 off64_t tot_size,
2574 off64_t previously_encrypted_upto)
2575{
Daniel Rosenberge82df162014-08-15 22:19:23 +00002576 struct encryptGroupsData data;
2577 struct f2fs_info *f2fs_info = NULL;
JP Abgrall7fc1de82014-10-10 18:43:41 -07002578 int rc = ENABLE_INPLACE_ERR_OTHER;
Daniel Rosenberge82df162014-08-15 22:19:23 +00002579 if (previously_encrypted_upto > *size_already_done) {
2580 SLOGD("Not fast encrypting since resuming part way through");
JP Abgrall7fc1de82014-10-10 18:43:41 -07002581 return ENABLE_INPLACE_ERR_OTHER;
Daniel Rosenberge82df162014-08-15 22:19:23 +00002582 }
2583 memset(&data, 0, sizeof(data));
2584 data.real_blkdev = real_blkdev;
2585 data.crypto_blkdev = crypto_blkdev;
2586 data.realfd = -1;
2587 data.cryptofd = -1;
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07002588 if ( (data.realfd = open64(real_blkdev, O_RDWR|O_CLOEXEC)) < 0) {
JP Abgrall7fc1de82014-10-10 18:43:41 -07002589 SLOGE("Error opening real_blkdev %s for f2fs inplace encrypt\n",
Daniel Rosenberge82df162014-08-15 22:19:23 +00002590 real_blkdev);
2591 goto errout;
2592 }
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07002593 if ( (data.cryptofd = open64(crypto_blkdev, O_WRONLY|O_CLOEXEC)) < 0) {
JP Abgrall7fc1de82014-10-10 18:43:41 -07002594 SLOGE("Error opening crypto_blkdev %s for f2fs inplace encrypt. err=%d(%s)\n",
JP Abgrall3334c6a2014-10-10 15:52:11 -07002595 crypto_blkdev, errno, strerror(errno));
JP Abgrall7fc1de82014-10-10 18:43:41 -07002596 rc = ENABLE_INPLACE_ERR_DEV;
Daniel Rosenberge82df162014-08-15 22:19:23 +00002597 goto errout;
2598 }
2599
2600 f2fs_info = generate_f2fs_info(data.realfd);
2601 if (!f2fs_info)
2602 goto errout;
2603
2604 data.numblocks = size / CRYPT_SECTORS_PER_BUFSIZE;
2605 data.tot_numblocks = tot_size / CRYPT_SECTORS_PER_BUFSIZE;
2606 data.blocks_already_done = *size_already_done / CRYPT_SECTORS_PER_BUFSIZE;
2607
2608 data.tot_used_blocks = get_num_blocks_used(f2fs_info);
2609
2610 data.one_pct = data.tot_used_blocks / 100;
2611 data.cur_pct = 0;
2612 data.time_started = time(NULL);
2613 data.remaining_time = -1;
2614
2615 data.buffer = malloc(f2fs_info->block_size);
2616 if (!data.buffer) {
2617 SLOGE("Failed to allocate crypto buffer");
2618 goto errout;
2619 }
2620
2621 data.count = 0;
2622
2623 /* Currently, this either runs to completion, or hits a nonrecoverable error */
2624 rc = run_on_used_blocks(data.blocks_already_done, f2fs_info, &encrypt_one_block_f2fs, &data);
2625
2626 if (rc) {
JP Abgrall7fc1de82014-10-10 18:43:41 -07002627 SLOGE("Error in running over f2fs blocks");
2628 rc = ENABLE_INPLACE_ERR_OTHER;
Daniel Rosenberge82df162014-08-15 22:19:23 +00002629 goto errout;
2630 }
2631
2632 *size_already_done += size;
2633 rc = 0;
2634
2635errout:
2636 if (rc)
2637 SLOGE("Failed to encrypt f2fs filesystem on %s", real_blkdev);
2638
Paul Lawrence3846be12014-09-22 11:33:54 -07002639 log_progress_f2fs(0, true);
Daniel Rosenberge82df162014-08-15 22:19:23 +00002640 free(f2fs_info);
2641 free(data.buffer);
2642 close(data.realfd);
2643 close(data.cryptofd);
2644
2645 return rc;
2646}
2647
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002648static int cryptfs_enable_inplace_full(char *crypto_blkdev, char *real_blkdev,
2649 off64_t size, off64_t *size_already_done,
Paul Lawrence87999172014-02-20 12:21:31 -08002650 off64_t tot_size,
2651 off64_t previously_encrypted_upto)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002652{
2653 int realfd, cryptofd;
2654 char *buf[CRYPT_INPLACE_BUFSIZE];
JP Abgrall7fc1de82014-10-10 18:43:41 -07002655 int rc = ENABLE_INPLACE_ERR_OTHER;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002656 off64_t numblocks, i, remainder;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002657 off64_t one_pct, cur_pct, new_pct;
Ken Sumrall29d8da82011-05-18 17:20:07 -07002658 off64_t blocks_already_done, tot_numblocks;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002659
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07002660 if ( (realfd = open(real_blkdev, O_RDONLY|O_CLOEXEC)) < 0) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002661 SLOGE("Error opening real_blkdev %s for inplace encrypt\n", real_blkdev);
JP Abgrall7fc1de82014-10-10 18:43:41 -07002662 return ENABLE_INPLACE_ERR_OTHER;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002663 }
2664
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07002665 if ( (cryptofd = open(crypto_blkdev, O_WRONLY|O_CLOEXEC)) < 0) {
JP Abgrall3334c6a2014-10-10 15:52:11 -07002666 SLOGE("Error opening crypto_blkdev %s for inplace encrypt. err=%d(%s)\n",
2667 crypto_blkdev, errno, strerror(errno));
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002668 close(realfd);
JP Abgrall7fc1de82014-10-10 18:43:41 -07002669 return ENABLE_INPLACE_ERR_DEV;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002670 }
2671
2672 /* This is pretty much a simple loop of reading 4K, and writing 4K.
2673 * The size passed in is the number of 512 byte sectors in the filesystem.
2674 * So compute the number of whole 4K blocks we should read/write,
2675 * and the remainder.
2676 */
2677 numblocks = size / CRYPT_SECTORS_PER_BUFSIZE;
2678 remainder = size % CRYPT_SECTORS_PER_BUFSIZE;
Ken Sumrall29d8da82011-05-18 17:20:07 -07002679 tot_numblocks = tot_size / CRYPT_SECTORS_PER_BUFSIZE;
2680 blocks_already_done = *size_already_done / CRYPT_SECTORS_PER_BUFSIZE;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002681
2682 SLOGE("Encrypting filesystem in place...");
2683
Paul Lawrence87999172014-02-20 12:21:31 -08002684 i = previously_encrypted_upto + 1 - *size_already_done;
2685
2686 if (lseek64(realfd, i * CRYPT_SECTOR_SIZE, SEEK_SET) < 0) {
2687 SLOGE("Cannot seek to previously encrypted point on %s", real_blkdev);
2688 goto errout;
2689 }
2690
2691 if (lseek64(cryptofd, i * CRYPT_SECTOR_SIZE, SEEK_SET) < 0) {
2692 SLOGE("Cannot seek to previously encrypted point on %s", crypto_blkdev);
2693 goto errout;
2694 }
2695
2696 for (;i < size && i % CRYPT_SECTORS_PER_BUFSIZE != 0; ++i) {
2697 if (unix_read(realfd, buf, CRYPT_SECTOR_SIZE) <= 0) {
2698 SLOGE("Error reading initial sectors from real_blkdev %s for "
2699 "inplace encrypt\n", crypto_blkdev);
2700 goto errout;
2701 }
2702 if (unix_write(cryptofd, buf, CRYPT_SECTOR_SIZE) <= 0) {
2703 SLOGE("Error writing initial sectors to crypto_blkdev %s for "
2704 "inplace encrypt\n", crypto_blkdev);
2705 goto errout;
2706 } else {
Elliott Hughescb33f572014-06-25 18:25:11 -07002707 SLOGI("Encrypted 1 block at %" PRId64, i);
Paul Lawrence87999172014-02-20 12:21:31 -08002708 }
2709 }
2710
Ken Sumrall29d8da82011-05-18 17:20:07 -07002711 one_pct = tot_numblocks / 100;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002712 cur_pct = 0;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002713 /* process the majority of the filesystem in blocks */
Paul Lawrence87999172014-02-20 12:21:31 -08002714 for (i/=CRYPT_SECTORS_PER_BUFSIZE; i<numblocks; i++) {
Ken Sumrall29d8da82011-05-18 17:20:07 -07002715 new_pct = (i + blocks_already_done) / one_pct;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002716 if (new_pct > cur_pct) {
2717 char buf[8];
2718
2719 cur_pct = new_pct;
Elliott Hughes73737162014-06-25 17:27:42 -07002720 snprintf(buf, sizeof(buf), "%" PRId64, cur_pct);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002721 property_set("vold.encrypt_progress", buf);
2722 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002723 if (unix_read(realfd, buf, CRYPT_INPLACE_BUFSIZE) <= 0) {
Paul Lawrence87999172014-02-20 12:21:31 -08002724 SLOGE("Error reading real_blkdev %s for inplace encrypt", crypto_blkdev);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002725 goto errout;
2726 }
2727 if (unix_write(cryptofd, buf, CRYPT_INPLACE_BUFSIZE) <= 0) {
Paul Lawrence87999172014-02-20 12:21:31 -08002728 SLOGE("Error writing crypto_blkdev %s for inplace encrypt", crypto_blkdev);
2729 goto errout;
2730 } else {
Elliott Hughescb33f572014-06-25 18:25:11 -07002731 SLOGD("Encrypted %d block at %" PRId64,
Paul Lawrence87999172014-02-20 12:21:31 -08002732 CRYPT_SECTORS_PER_BUFSIZE,
2733 i * CRYPT_SECTORS_PER_BUFSIZE);
2734 }
2735
Paul Lawrence73d7a022014-06-09 14:10:09 -07002736 if (!is_battery_ok_to_continue()) {
Paul Lawrence87999172014-02-20 12:21:31 -08002737 SLOGE("Stopping encryption due to low battery");
2738 *size_already_done += (i + 1) * CRYPT_SECTORS_PER_BUFSIZE - 1;
2739 rc = 0;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002740 goto errout;
2741 }
2742 }
2743
2744 /* Do any remaining sectors */
2745 for (i=0; i<remainder; i++) {
Paul Lawrence87999172014-02-20 12:21:31 -08002746 if (unix_read(realfd, buf, CRYPT_SECTOR_SIZE) <= 0) {
2747 SLOGE("Error reading final sectors from real_blkdev %s for inplace encrypt", crypto_blkdev);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002748 goto errout;
2749 }
Paul Lawrence87999172014-02-20 12:21:31 -08002750 if (unix_write(cryptofd, buf, CRYPT_SECTOR_SIZE) <= 0) {
2751 SLOGE("Error writing final sectors to crypto_blkdev %s for inplace encrypt", crypto_blkdev);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002752 goto errout;
Paul Lawrence87999172014-02-20 12:21:31 -08002753 } else {
2754 SLOGI("Encrypted 1 block at next location");
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002755 }
2756 }
2757
Ken Sumrall29d8da82011-05-18 17:20:07 -07002758 *size_already_done += size;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002759 rc = 0;
2760
2761errout:
2762 close(realfd);
2763 close(cryptofd);
2764
2765 return rc;
2766}
2767
JP Abgrall7fc1de82014-10-10 18:43:41 -07002768/* returns on of the ENABLE_INPLACE_* return codes */
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002769static int cryptfs_enable_inplace(char *crypto_blkdev, char *real_blkdev,
2770 off64_t size, off64_t *size_already_done,
Paul Lawrence87999172014-02-20 12:21:31 -08002771 off64_t tot_size,
2772 off64_t previously_encrypted_upto)
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002773{
JP Abgrall7fc1de82014-10-10 18:43:41 -07002774 int rc_ext4, rc_f2fs, rc_full;
Paul Lawrence87999172014-02-20 12:21:31 -08002775 if (previously_encrypted_upto) {
Elliott Hughescb33f572014-06-25 18:25:11 -07002776 SLOGD("Continuing encryption from %" PRId64, previously_encrypted_upto);
Paul Lawrence87999172014-02-20 12:21:31 -08002777 }
2778
2779 if (*size_already_done + size < previously_encrypted_upto) {
2780 *size_already_done += size;
2781 return 0;
2782 }
2783
Daniel Rosenberge82df162014-08-15 22:19:23 +00002784 /* TODO: identify filesystem type.
2785 * As is, cryptfs_enable_inplace_ext4 will fail on an f2fs partition, and
2786 * then we will drop down to cryptfs_enable_inplace_f2fs.
2787 * */
JP Abgrall7fc1de82014-10-10 18:43:41 -07002788 if ((rc_ext4 = cryptfs_enable_inplace_ext4(crypto_blkdev, real_blkdev,
Daniel Rosenberge82df162014-08-15 22:19:23 +00002789 size, size_already_done,
JP Abgrall7fc1de82014-10-10 18:43:41 -07002790 tot_size, previously_encrypted_upto)) == 0) {
Daniel Rosenberge82df162014-08-15 22:19:23 +00002791 return 0;
2792 }
JP Abgrall7fc1de82014-10-10 18:43:41 -07002793 SLOGD("cryptfs_enable_inplace_ext4()=%d\n", rc_ext4);
Daniel Rosenberge82df162014-08-15 22:19:23 +00002794
JP Abgrall7fc1de82014-10-10 18:43:41 -07002795 if ((rc_f2fs = cryptfs_enable_inplace_f2fs(crypto_blkdev, real_blkdev,
Daniel Rosenberge82df162014-08-15 22:19:23 +00002796 size, size_already_done,
JP Abgrall7fc1de82014-10-10 18:43:41 -07002797 tot_size, previously_encrypted_upto)) == 0) {
Daniel Rosenberge82df162014-08-15 22:19:23 +00002798 return 0;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002799 }
JP Abgrall7fc1de82014-10-10 18:43:41 -07002800 SLOGD("cryptfs_enable_inplace_f2fs()=%d\n", rc_f2fs);
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002801
JP Abgrall7fc1de82014-10-10 18:43:41 -07002802 rc_full = cryptfs_enable_inplace_full(crypto_blkdev, real_blkdev,
Paul Lawrence87999172014-02-20 12:21:31 -08002803 size, size_already_done, tot_size,
2804 previously_encrypted_upto);
JP Abgrall7fc1de82014-10-10 18:43:41 -07002805 SLOGD("cryptfs_enable_inplace_full()=%d\n", rc_full);
2806
2807 /* Hack for b/17898962, the following is the symptom... */
2808 if (rc_ext4 == ENABLE_INPLACE_ERR_DEV
2809 && rc_f2fs == ENABLE_INPLACE_ERR_DEV
2810 && rc_full == ENABLE_INPLACE_ERR_DEV) {
2811 return ENABLE_INPLACE_ERR_DEV;
2812 }
2813 return rc_full;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002814}
2815
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002816#define CRYPTO_ENABLE_WIPE 1
2817#define CRYPTO_ENABLE_INPLACE 2
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002818
2819#define FRAMEWORK_BOOT_WAIT 60
2820
Paul Lawrence87999172014-02-20 12:21:31 -08002821static int cryptfs_SHA256_fileblock(const char* filename, __le8* buf)
2822{
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07002823 int fd = open(filename, O_RDONLY|O_CLOEXEC);
Paul Lawrence87999172014-02-20 12:21:31 -08002824 if (fd == -1) {
2825 SLOGE("Error opening file %s", filename);
2826 return -1;
2827 }
2828
2829 char block[CRYPT_INPLACE_BUFSIZE];
2830 memset(block, 0, sizeof(block));
2831 if (unix_read(fd, block, sizeof(block)) < 0) {
2832 SLOGE("Error reading file %s", filename);
2833 close(fd);
2834 return -1;
2835 }
2836
2837 close(fd);
2838
2839 SHA256_CTX c;
2840 SHA256_Init(&c);
2841 SHA256_Update(&c, block, sizeof(block));
2842 SHA256_Final(buf, &c);
2843
2844 return 0;
2845}
2846
JP Abgrall62c7af32014-06-16 13:01:23 -07002847static int get_fs_type(struct fstab_rec *rec)
2848{
2849 if (!strcmp(rec->fs_type, "ext4")) {
2850 return EXT4_FS;
2851 } else if (!strcmp(rec->fs_type, "f2fs")) {
2852 return F2FS_FS;
2853 } else {
2854 return -1;
2855 }
2856}
2857
Paul Lawrence87999172014-02-20 12:21:31 -08002858static int cryptfs_enable_all_volumes(struct crypt_mnt_ftr *crypt_ftr, int how,
2859 char *crypto_blkdev, char *real_blkdev,
2860 int previously_encrypted_upto)
2861{
2862 off64_t cur_encryption_done=0, tot_encryption_size=0;
Tim Murray8439dc92014-12-15 11:56:11 -08002863 int rc = -1;
Paul Lawrence87999172014-02-20 12:21:31 -08002864
Paul Lawrence73d7a022014-06-09 14:10:09 -07002865 if (!is_battery_ok_to_start()) {
2866 SLOGW("Not starting encryption due to low battery");
Paul Lawrence87999172014-02-20 12:21:31 -08002867 return 0;
2868 }
2869
2870 /* The size of the userdata partition, and add in the vold volumes below */
2871 tot_encryption_size = crypt_ftr->fs_size;
2872
2873 if (how == CRYPTO_ENABLE_WIPE) {
JP Abgrall62c7af32014-06-16 13:01:23 -07002874 struct fstab_rec* rec = fs_mgr_get_entry_for_mount_point(fstab, DATA_MNT_POINT);
2875 int fs_type = get_fs_type(rec);
2876 if (fs_type < 0) {
2877 SLOGE("cryptfs_enable: unsupported fs type %s\n", rec->fs_type);
2878 return -1;
2879 }
2880 rc = cryptfs_enable_wipe(crypto_blkdev, crypt_ftr->fs_size, fs_type);
Paul Lawrence87999172014-02-20 12:21:31 -08002881 } else if (how == CRYPTO_ENABLE_INPLACE) {
2882 rc = cryptfs_enable_inplace(crypto_blkdev, real_blkdev,
2883 crypt_ftr->fs_size, &cur_encryption_done,
2884 tot_encryption_size,
2885 previously_encrypted_upto);
2886
JP Abgrall7fc1de82014-10-10 18:43:41 -07002887 if (rc == ENABLE_INPLACE_ERR_DEV) {
2888 /* Hack for b/17898962 */
2889 SLOGE("cryptfs_enable: crypto block dev failure. Must reboot...\n");
2890 cryptfs_reboot(reboot);
2891 }
2892
Paul Lawrence73d7a022014-06-09 14:10:09 -07002893 if (!rc) {
Paul Lawrence87999172014-02-20 12:21:31 -08002894 crypt_ftr->encrypted_upto = cur_encryption_done;
2895 }
2896
Paul Lawrence73d7a022014-06-09 14:10:09 -07002897 if (!rc && crypt_ftr->encrypted_upto == crypt_ftr->fs_size) {
Paul Lawrence87999172014-02-20 12:21:31 -08002898 /* The inplace routine never actually sets the progress to 100% due
2899 * to the round down nature of integer division, so set it here */
2900 property_set("vold.encrypt_progress", "100");
2901 }
2902 } else {
2903 /* Shouldn't happen */
2904 SLOGE("cryptfs_enable: internal error, unknown option\n");
2905 rc = -1;
2906 }
2907
2908 return rc;
2909}
2910
Paul Lawrence13486032014-02-03 13:28:11 -08002911int cryptfs_enable_internal(char *howarg, int crypt_type, char *passwd,
2912 int allow_reboot)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002913{
2914 int how = 0;
Paul Lawrence87999172014-02-20 12:21:31 -08002915 char crypto_blkdev[MAXPATHLEN], real_blkdev[MAXPATHLEN];
Ken Sumrall160b4d62013-04-22 12:15:39 -07002916 unsigned char decrypted_master_key[KEY_LEN_BYTES];
Hiroaki Miyazawa14eab552015-02-04 13:29:15 +09002917 int rc=-1, i;
Paul Lawrence87999172014-02-20 12:21:31 -08002918 struct crypt_mnt_ftr crypt_ftr;
Ken Sumrall160b4d62013-04-22 12:15:39 -07002919 struct crypt_persist_data *pdata;
Ken Sumrall29d8da82011-05-18 17:20:07 -07002920 char encrypted_state[PROPERTY_VALUE_MAX];
Ken Sumrall5d4c68e2011-01-30 19:06:03 -08002921 char lockid[32] = { 0 };
Ken Sumrall29d8da82011-05-18 17:20:07 -07002922 char key_loc[PROPERTY_VALUE_MAX];
Ken Sumrall29d8da82011-05-18 17:20:07 -07002923 int num_vols;
Paul Lawrence87999172014-02-20 12:21:31 -08002924 off64_t previously_encrypted_upto = 0;
Ken Sumrall29d8da82011-05-18 17:20:07 -07002925
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002926 if (!strcmp(howarg, "wipe")) {
2927 how = CRYPTO_ENABLE_WIPE;
2928 } else if (! strcmp(howarg, "inplace")) {
2929 how = CRYPTO_ENABLE_INPLACE;
2930 } else {
2931 /* Shouldn't happen, as CommandListener vets the args */
Ken Sumrall3ed82362011-01-28 23:31:16 -08002932 goto error_unencrypted;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002933 }
2934
Paul Lawrence87999172014-02-20 12:21:31 -08002935 /* See if an encryption was underway and interrupted */
2936 if (how == CRYPTO_ENABLE_INPLACE
2937 && get_crypt_ftr_and_key(&crypt_ftr) == 0
2938 && (crypt_ftr.flags & CRYPT_ENCRYPTION_IN_PROGRESS)) {
2939 previously_encrypted_upto = crypt_ftr.encrypted_upto;
2940 crypt_ftr.encrypted_upto = 0;
Paul Lawrence6bfed202014-07-28 12:47:22 -07002941 crypt_ftr.flags &= ~CRYPT_ENCRYPTION_IN_PROGRESS;
2942
2943 /* At this point, we are in an inconsistent state. Until we successfully
2944 complete encryption, a reboot will leave us broken. So mark the
2945 encryption failed in case that happens.
2946 On successfully completing encryption, remove this flag */
2947 crypt_ftr.flags |= CRYPT_INCONSISTENT_STATE;
2948
2949 put_crypt_ftr_and_key(&crypt_ftr);
Paul Lawrence87999172014-02-20 12:21:31 -08002950 }
2951
2952 property_get("ro.crypto.state", encrypted_state, "");
2953 if (!strcmp(encrypted_state, "encrypted") && !previously_encrypted_upto) {
2954 SLOGE("Device is already running encrypted, aborting");
2955 goto error_unencrypted;
2956 }
2957
2958 // TODO refactor fs_mgr_get_crypt_info to get both in one call
2959 fs_mgr_get_crypt_info(fstab, key_loc, 0, sizeof(key_loc));
Ken Sumrall56ad03c2013-02-13 13:00:19 -08002960 fs_mgr_get_crypt_info(fstab, 0, real_blkdev, sizeof(real_blkdev));
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002961
Ken Sumrall3ed82362011-01-28 23:31:16 -08002962 /* Get the size of the real block device */
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07002963 int fd = open(real_blkdev, O_RDONLY|O_CLOEXEC);
Hiroaki Miyazawa14eab552015-02-04 13:29:15 +09002964 if (fd == -1) {
2965 SLOGE("Cannot open block device %s\n", real_blkdev);
2966 goto error_unencrypted;
2967 }
2968 unsigned long nr_sec;
2969 get_blkdev_size(fd, &nr_sec);
2970 if (nr_sec == 0) {
Ken Sumrall3ed82362011-01-28 23:31:16 -08002971 SLOGE("Cannot get size of block device %s\n", real_blkdev);
2972 goto error_unencrypted;
2973 }
2974 close(fd);
2975
2976 /* If doing inplace encryption, make sure the orig fs doesn't include the crypto footer */
Ken Sumrall29d8da82011-05-18 17:20:07 -07002977 if ((how == CRYPTO_ENABLE_INPLACE) && (!strcmp(key_loc, KEY_IN_FOOTER))) {
Ken Sumrall3ed82362011-01-28 23:31:16 -08002978 unsigned int fs_size_sec, max_fs_size_sec;
Jim Millera70abc62014-08-15 02:00:45 +00002979 fs_size_sec = get_fs_size(real_blkdev);
Daniel Rosenberge82df162014-08-15 22:19:23 +00002980 if (fs_size_sec == 0)
2981 fs_size_sec = get_f2fs_filesystem_size_sec(real_blkdev);
2982
Paul Lawrence87999172014-02-20 12:21:31 -08002983 max_fs_size_sec = nr_sec - (CRYPT_FOOTER_OFFSET / CRYPT_SECTOR_SIZE);
Ken Sumrall3ed82362011-01-28 23:31:16 -08002984
2985 if (fs_size_sec > max_fs_size_sec) {
2986 SLOGE("Orig filesystem overlaps crypto footer region. Cannot encrypt in place.");
2987 goto error_unencrypted;
2988 }
2989 }
2990
Ken Sumrall5d4c68e2011-01-30 19:06:03 -08002991 /* Get a wakelock as this may take a while, and we don't want the
2992 * device to sleep on us. We'll grab a partial wakelock, and if the UI
2993 * wants to keep the screen on, it can grab a full wakelock.
2994 */
Ken Sumrall29d8da82011-05-18 17:20:07 -07002995 snprintf(lockid, sizeof(lockid), "enablecrypto%d", (int) getpid());
Ken Sumrall5d4c68e2011-01-30 19:06:03 -08002996 acquire_wake_lock(PARTIAL_WAKE_LOCK, lockid);
2997
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002998 /* The init files are setup to stop the class main and late start when
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002999 * vold sets trigger_shutdown_framework.
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003000 */
3001 property_set("vold.decrypt", "trigger_shutdown_framework");
3002 SLOGD("Just asked init to shut down class main\n");
3003
Jeff Sharkey9c484982015-03-31 10:35:33 -07003004 /* Ask vold to unmount all devices that it manages */
3005 if (vold_unmountAll()) {
3006 SLOGE("Failed to unmount all vold managed devices");
Ken Sumrall2eaf7132011-01-14 12:45:48 -08003007 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003008
3009 /* Now unmount the /data partition. */
Greg Hackmann6e8440f2014-10-02 17:18:20 -07003010 if (wait_and_unmount(DATA_MNT_POINT, false)) {
JP Abgrall502dc742013-11-01 13:06:20 -07003011 if (allow_reboot) {
3012 goto error_shutting_down;
3013 } else {
3014 goto error_unencrypted;
3015 }
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003016 }
3017
3018 /* Do extra work for a better UX when doing the long inplace encryption */
3019 if (how == CRYPTO_ENABLE_INPLACE) {
3020 /* Now that /data is unmounted, we need to mount a tmpfs
3021 * /data, set a property saying we're doing inplace encryption,
3022 * and restart the framework.
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003023 */
Ken Sumralle5032c42012-04-01 23:58:44 -07003024 if (fs_mgr_do_tmpfs_mount(DATA_MNT_POINT)) {
Ken Sumrall3ed82362011-01-28 23:31:16 -08003025 goto error_shutting_down;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003026 }
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003027 /* Tells the framework that inplace encryption is starting */
Ken Sumrall7df84122011-01-18 14:04:08 -08003028 property_set("vold.encrypt_progress", "0");
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003029
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003030 /* restart the framework. */
3031 /* Create necessary paths on /data */
3032 if (prep_data_fs()) {
Ken Sumrall3ed82362011-01-28 23:31:16 -08003033 goto error_shutting_down;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003034 }
3035
Ken Sumrall92736ef2012-10-17 20:57:14 -07003036 /* Ugh, shutting down the framework is not synchronous, so until it
3037 * can be fixed, this horrible hack will wait a moment for it all to
3038 * shut down before proceeding. Without it, some devices cannot
3039 * restart the graphics services.
3040 */
3041 sleep(2);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003042 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003043
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003044 /* Start the actual work of making an encrypted filesystem */
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003045 /* Initialize a crypt_mnt_ftr for the partition */
Paul Lawrence87999172014-02-20 12:21:31 -08003046 if (previously_encrypted_upto == 0) {
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07003047 if (cryptfs_init_crypt_mnt_ftr(&crypt_ftr)) {
3048 goto error_shutting_down;
3049 }
Ken Sumrall160b4d62013-04-22 12:15:39 -07003050
Paul Lawrence87999172014-02-20 12:21:31 -08003051 if (!strcmp(key_loc, KEY_IN_FOOTER)) {
3052 crypt_ftr.fs_size = nr_sec
3053 - (CRYPT_FOOTER_OFFSET / CRYPT_SECTOR_SIZE);
3054 } else {
3055 crypt_ftr.fs_size = nr_sec;
3056 }
Paul Lawrence6bfed202014-07-28 12:47:22 -07003057 /* At this point, we are in an inconsistent state. Until we successfully
3058 complete encryption, a reboot will leave us broken. So mark the
3059 encryption failed in case that happens.
3060 On successfully completing encryption, remove this flag */
3061 crypt_ftr.flags |= CRYPT_INCONSISTENT_STATE;
Paul Lawrence87999172014-02-20 12:21:31 -08003062 crypt_ftr.crypt_type = crypt_type;
Ajay Dudani87701e22014-09-17 21:02:52 -07003063#ifndef CONFIG_HW_DISK_ENCRYPTION
3064 strlcpy((char *)crypt_ftr.crypto_type_name, "aes-cbc-essiv:sha256", MAX_CRYPTO_TYPE_NAME_LEN);
3065#else
3066 strlcpy((char *)crypt_ftr.crypto_type_name, "aes-xts", MAX_CRYPTO_TYPE_NAME_LEN);
3067
Iliyan Malchevbb7d9af2014-11-20 18:42:23 -08003068 rc = clear_hw_device_encryption_key();
Ajay Dudani87701e22014-09-17 21:02:52 -07003069 if (!rc) {
3070 SLOGE("Error clearing device encryption hardware key. rc = %d", rc);
3071 }
3072
3073 rc = set_hw_device_encryption_key(passwd,
3074 (char*) crypt_ftr.crypto_type_name);
3075 if (!rc) {
3076 SLOGE("Error initializing device encryption hardware key. rc = %d", rc);
3077 goto error_shutting_down;
3078 }
3079#endif
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003080
Paul Lawrence87999172014-02-20 12:21:31 -08003081 /* Make an encrypted master key */
3082 if (create_encrypted_random_key(passwd, crypt_ftr.master_key, crypt_ftr.salt, &crypt_ftr)) {
3083 SLOGE("Cannot create encrypted master key\n");
3084 goto error_shutting_down;
3085 }
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003086
Paul Lawrence87999172014-02-20 12:21:31 -08003087 /* Write the key to the end of the partition */
3088 put_crypt_ftr_and_key(&crypt_ftr);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003089
Paul Lawrence87999172014-02-20 12:21:31 -08003090 /* If any persistent data has been remembered, save it.
3091 * If none, create a valid empty table and save that.
3092 */
3093 if (!persist_data) {
3094 pdata = malloc(CRYPT_PERSIST_DATA_SIZE);
3095 if (pdata) {
3096 init_empty_persist_data(pdata, CRYPT_PERSIST_DATA_SIZE);
3097 persist_data = pdata;
3098 }
3099 }
3100 if (persist_data) {
3101 save_persistent_data();
3102 }
Ken Sumrall160b4d62013-04-22 12:15:39 -07003103 }
3104
Ajay Dudani87701e22014-09-17 21:02:52 -07003105 if (how == CRYPTO_ENABLE_INPLACE) {
3106 /* startup service classes main and late_start */
3107 property_set("vold.decrypt", "trigger_restart_min_framework");
3108 SLOGD("Just triggered restart_min_framework\n");
3109
3110 /* OK, the framework is restarted and will soon be showing a
3111 * progress bar. Time to setup an encrypted mapping, and
3112 * either write a new filesystem, or encrypt in place updating
3113 * the progress bar as we work.
3114 */
3115 }
3116
Paul Lawrenced0c7b172014-08-08 14:28:10 -07003117 decrypt_master_key(passwd, decrypted_master_key, &crypt_ftr, 0, 0);
Ken Sumrall29d8da82011-05-18 17:20:07 -07003118 create_crypto_blk_dev(&crypt_ftr, decrypted_master_key, real_blkdev, crypto_blkdev,
3119 "userdata");
3120
Paul Lawrence87999172014-02-20 12:21:31 -08003121 /* If we are continuing, check checksums match */
3122 rc = 0;
3123 if (previously_encrypted_upto) {
3124 __le8 hash_first_block[SHA256_DIGEST_LENGTH];
3125 rc = cryptfs_SHA256_fileblock(crypto_blkdev, hash_first_block);
Ken Sumrall128626f2011-06-28 18:45:14 -07003126
Paul Lawrence87999172014-02-20 12:21:31 -08003127 if (!rc && memcmp(hash_first_block, crypt_ftr.hash_first_block,
3128 sizeof(hash_first_block)) != 0) {
3129 SLOGE("Checksums do not match - trigger wipe");
3130 rc = -1;
Ken Sumrall29d8da82011-05-18 17:20:07 -07003131 }
3132 }
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003133
Paul Lawrence87999172014-02-20 12:21:31 -08003134 if (!rc) {
3135 rc = cryptfs_enable_all_volumes(&crypt_ftr, how,
3136 crypto_blkdev, real_blkdev,
3137 previously_encrypted_upto);
3138 }
3139
3140 /* Calculate checksum if we are not finished */
Paul Lawrenceb1eb7a02014-11-25 14:57:32 -08003141 if (!rc && how == CRYPTO_ENABLE_INPLACE
3142 && crypt_ftr.encrypted_upto != crypt_ftr.fs_size) {
Paul Lawrence87999172014-02-20 12:21:31 -08003143 rc = cryptfs_SHA256_fileblock(crypto_blkdev,
3144 crypt_ftr.hash_first_block);
Paul Lawrence73d7a022014-06-09 14:10:09 -07003145 if (rc) {
Paul Lawrence87999172014-02-20 12:21:31 -08003146 SLOGE("Error calculating checksum for continuing encryption");
3147 rc = -1;
Ken Sumrall29d8da82011-05-18 17:20:07 -07003148 }
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003149 }
3150
3151 /* Undo the dm-crypt mapping whether we succeed or not */
Ken Sumrall29d8da82011-05-18 17:20:07 -07003152 delete_crypto_blk_dev("userdata");
Ken Sumrall29d8da82011-05-18 17:20:07 -07003153
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003154 if (! rc) {
3155 /* Success */
Paul Lawrence6bfed202014-07-28 12:47:22 -07003156 crypt_ftr.flags &= ~CRYPT_INCONSISTENT_STATE;
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08003157
Paul Lawrenceb1eb7a02014-11-25 14:57:32 -08003158 if (how == CRYPTO_ENABLE_INPLACE
3159 && crypt_ftr.encrypted_upto != crypt_ftr.fs_size) {
Paul Lawrence87999172014-02-20 12:21:31 -08003160 SLOGD("Encrypted up to sector %lld - will continue after reboot",
3161 crypt_ftr.encrypted_upto);
Paul Lawrence6bfed202014-07-28 12:47:22 -07003162 crypt_ftr.flags |= CRYPT_ENCRYPTION_IN_PROGRESS;
Paul Lawrence87999172014-02-20 12:21:31 -08003163 }
Paul Lawrence73d7a022014-06-09 14:10:09 -07003164
Paul Lawrence6bfed202014-07-28 12:47:22 -07003165 put_crypt_ftr_and_key(&crypt_ftr);
Ken Sumralld33d4172011-02-01 00:49:13 -08003166
Paul Lawrenceb1eb7a02014-11-25 14:57:32 -08003167 if (how == CRYPTO_ENABLE_WIPE
3168 || crypt_ftr.encrypted_upto == crypt_ftr.fs_size) {
Paul Lawrenceb6672e12014-08-15 07:37:28 -07003169 char value[PROPERTY_VALUE_MAX];
3170 property_get("ro.crypto.state", value, "");
3171 if (!strcmp(value, "")) {
3172 /* default encryption - continue first boot sequence */
3173 property_set("ro.crypto.state", "encrypted");
3174 release_wake_lock(lockid);
3175 cryptfs_check_passwd(DEFAULT_PASSWORD);
3176 cryptfs_restart_internal(1);
3177 return 0;
3178 } else {
3179 sleep(2); /* Give the UI a chance to show 100% progress */
Paul Lawrence87999172014-02-20 12:21:31 -08003180 cryptfs_reboot(reboot);
Paul Lawrenceb6672e12014-08-15 07:37:28 -07003181 }
Paul Lawrence87999172014-02-20 12:21:31 -08003182 } else {
Paul Lawrenceb6672e12014-08-15 07:37:28 -07003183 sleep(2); /* Partially encrypted, ensure writes flushed to ssd */
Paul Lawrence87999172014-02-20 12:21:31 -08003184 cryptfs_reboot(shutdown);
3185 }
Ken Sumrall3ed82362011-01-28 23:31:16 -08003186 } else {
Mike Lockwoodee6d8c42012-02-15 13:43:28 -08003187 char value[PROPERTY_VALUE_MAX];
3188
Ken Sumrall319369a2012-06-27 16:30:18 -07003189 property_get("ro.vold.wipe_on_crypt_fail", value, "0");
Mike Lockwoodee6d8c42012-02-15 13:43:28 -08003190 if (!strcmp(value, "1")) {
3191 /* wipe data if encryption failed */
3192 SLOGE("encryption failed - rebooting into recovery to wipe data\n");
3193 mkdir("/cache/recovery", 0700);
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07003194 int fd = open("/cache/recovery/command", O_RDWR|O_CREAT|O_TRUNC|O_CLOEXEC, 0600);
Mike Lockwoodee6d8c42012-02-15 13:43:28 -08003195 if (fd >= 0) {
Jeff Sharkeydd1a8042014-09-24 11:46:51 -07003196 write(fd, "--wipe_data\n", strlen("--wipe_data\n") + 1);
3197 write(fd, "--reason=cryptfs_enable_internal\n", strlen("--reason=cryptfs_enable_internal\n") + 1);
Mike Lockwoodee6d8c42012-02-15 13:43:28 -08003198 close(fd);
3199 } else {
3200 SLOGE("could not open /cache/recovery/command\n");
3201 }
Paul Lawrence87999172014-02-20 12:21:31 -08003202 cryptfs_reboot(recovery);
Mike Lockwoodee6d8c42012-02-15 13:43:28 -08003203 } else {
3204 /* set property to trigger dialog */
3205 property_set("vold.encrypt_progress", "error_partially_encrypted");
3206 release_wake_lock(lockid);
3207 }
Ken Sumrall3ed82362011-01-28 23:31:16 -08003208 return -1;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003209 }
3210
Ken Sumrall3ed82362011-01-28 23:31:16 -08003211 /* hrm, the encrypt step claims success, but the reboot failed.
3212 * This should not happen.
3213 * Set the property and return. Hope the framework can deal with it.
3214 */
3215 property_set("vold.encrypt_progress", "error_reboot_failed");
Ken Sumrall5d4c68e2011-01-30 19:06:03 -08003216 release_wake_lock(lockid);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003217 return rc;
Ken Sumrall3ed82362011-01-28 23:31:16 -08003218
3219error_unencrypted:
3220 property_set("vold.encrypt_progress", "error_not_encrypted");
Ken Sumrall5d4c68e2011-01-30 19:06:03 -08003221 if (lockid[0]) {
3222 release_wake_lock(lockid);
3223 }
Ken Sumrall3ed82362011-01-28 23:31:16 -08003224 return -1;
3225
3226error_shutting_down:
3227 /* we failed, and have not encrypted anthing, so the users's data is still intact,
3228 * but the framework is stopped and not restarted to show the error, so it's up to
3229 * vold to restart the system.
3230 */
3231 SLOGE("Error enabling encryption after framework is shutdown, no data changed, restarting system");
Paul Lawrence87999172014-02-20 12:21:31 -08003232 cryptfs_reboot(reboot);
Ken Sumrall3ed82362011-01-28 23:31:16 -08003233
3234 /* shouldn't get here */
3235 property_set("vold.encrypt_progress", "error_shutting_down");
Ken Sumrall5d4c68e2011-01-30 19:06:03 -08003236 if (lockid[0]) {
3237 release_wake_lock(lockid);
3238 }
Ken Sumrall3ed82362011-01-28 23:31:16 -08003239 return -1;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003240}
3241
Paul Lawrence45f10532014-04-04 18:11:56 +00003242int cryptfs_enable(char *howarg, int type, char *passwd, int allow_reboot)
Paul Lawrence13486032014-02-03 13:28:11 -08003243{
Paul Lawrencefc615042014-10-04 15:32:29 -07003244 char* adjusted_passwd = adjust_passwd(passwd);
3245 if (adjusted_passwd) {
3246 passwd = adjusted_passwd;
3247 }
3248
3249 int rc = cryptfs_enable_internal(howarg, type, passwd, allow_reboot);
3250
3251 free(adjusted_passwd);
3252 return rc;
Paul Lawrence13486032014-02-03 13:28:11 -08003253}
3254
3255int cryptfs_enable_default(char *howarg, int allow_reboot)
3256{
3257 return cryptfs_enable_internal(howarg, CRYPT_TYPE_DEFAULT,
3258 DEFAULT_PASSWORD, allow_reboot);
3259}
3260
3261int cryptfs_changepw(int crypt_type, const char *newpw)
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003262{
Paul Lawrence05335c32015-03-05 09:46:23 -08003263 if (e4crypt_crypto_complete(DATA_MNT_POINT) == 0) {
3264 return e4crypt_change_password(DATA_MNT_POINT, crypt_type, newpw);
3265 }
3266
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003267 struct crypt_mnt_ftr crypt_ftr;
JP Abgrall933216c2015-02-11 13:44:32 -08003268 int rc;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003269
3270 /* This is only allowed after we've successfully decrypted the master key */
Paul Lawrencef4faa572014-01-29 13:31:03 -08003271 if (!master_key_saved) {
Ken Sumrall0cc16632011-01-18 20:32:26 -08003272 SLOGE("Key not saved, aborting");
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003273 return -1;
3274 }
3275
Paul Lawrencef4faa572014-01-29 13:31:03 -08003276 if (crypt_type < 0 || crypt_type > CRYPT_TYPE_MAX_TYPE) {
3277 SLOGE("Invalid crypt_type %d", crypt_type);
3278 return -1;
3279 }
3280
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003281 /* get key */
Ken Sumrall160b4d62013-04-22 12:15:39 -07003282 if (get_crypt_ftr_and_key(&crypt_ftr)) {
Paul Lawrencef4faa572014-01-29 13:31:03 -08003283 SLOGE("Error getting crypt footer and key");
3284 return -1;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003285 }
3286
Paul Lawrencef4faa572014-01-29 13:31:03 -08003287 crypt_ftr.crypt_type = crypt_type;
3288
Paul Lawrencefc615042014-10-04 15:32:29 -07003289 char* adjusted_passwd = adjust_passwd(newpw);
3290 if (adjusted_passwd) {
3291 newpw = adjusted_passwd;
3292 }
3293
JP Abgrall933216c2015-02-11 13:44:32 -08003294 rc = encrypt_master_key(crypt_type == CRYPT_TYPE_DEFAULT ? DEFAULT_PASSWORD
Paul Lawrencef4faa572014-01-29 13:31:03 -08003295 : newpw,
3296 crypt_ftr.salt,
3297 saved_master_key,
3298 crypt_ftr.master_key,
3299 &crypt_ftr);
JP Abgrall933216c2015-02-11 13:44:32 -08003300 free(adjusted_passwd);
3301 if (rc) {
3302 SLOGE("Encrypt master key failed: %d", rc);
3303 return -1;
3304 }
Jason parks70a4b3f2011-01-28 10:10:47 -06003305 /* save the key */
Ken Sumrall160b4d62013-04-22 12:15:39 -07003306 put_crypt_ftr_and_key(&crypt_ftr);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003307
Ajay Dudani87701e22014-09-17 21:02:52 -07003308#ifdef CONFIG_HW_DISK_ENCRYPTION
Iliyan Malchevbb7d9af2014-11-20 18:42:23 -08003309 if (!strcmp((char *)crypt_ftr.crypto_type_name, "aes-xts")) {
3310 if (crypt_type == CRYPT_TYPE_DEFAULT) {
3311 int rc = update_hw_device_encryption_key(DEFAULT_PASSWORD, (char*) crypt_ftr.crypto_type_name);
3312 SLOGD("Update hardware encryption key to default for crypt_type: %d. rc = %d", crypt_type, rc);
3313 if (!rc)
3314 return -1;
3315 } else {
3316 int rc = update_hw_device_encryption_key(newpw, (char*) crypt_ftr.crypto_type_name);
3317 SLOGD("Update hardware encryption key for crypt_type: %d. rc = %d", crypt_type, rc);
3318 if (!rc)
3319 return -1;
3320 }
Ajay Dudani87701e22014-09-17 21:02:52 -07003321 }
3322#endif
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003323 return 0;
3324}
Ken Sumrall160b4d62013-04-22 12:15:39 -07003325
Rubin Xu85c01f92014-10-13 12:49:54 +01003326static unsigned int persist_get_max_entries(int encrypted) {
3327 struct crypt_mnt_ftr crypt_ftr;
3328 unsigned int dsize;
3329 unsigned int max_persistent_entries;
3330
3331 /* If encrypted, use the values from the crypt_ftr, otherwise
3332 * use the values for the current spec.
3333 */
3334 if (encrypted) {
3335 if (get_crypt_ftr_and_key(&crypt_ftr)) {
3336 return -1;
3337 }
3338 dsize = crypt_ftr.persist_data_size;
3339 } else {
3340 dsize = CRYPT_PERSIST_DATA_SIZE;
3341 }
3342
3343 max_persistent_entries = (dsize - sizeof(struct crypt_persist_data)) /
3344 sizeof(struct crypt_persist_entry);
3345
3346 return max_persistent_entries;
3347}
3348
3349static int persist_get_key(const char *fieldname, char *value)
Ken Sumrall160b4d62013-04-22 12:15:39 -07003350{
3351 unsigned int i;
3352
3353 if (persist_data == NULL) {
3354 return -1;
3355 }
3356 for (i = 0; i < persist_data->persist_valid_entries; i++) {
3357 if (!strncmp(persist_data->persist_entry[i].key, fieldname, PROPERTY_KEY_MAX)) {
3358 /* We found it! */
3359 strlcpy(value, persist_data->persist_entry[i].val, PROPERTY_VALUE_MAX);
3360 return 0;
3361 }
3362 }
3363
3364 return -1;
3365}
3366
Rubin Xu85c01f92014-10-13 12:49:54 +01003367static int persist_set_key(const char *fieldname, const char *value, int encrypted)
Ken Sumrall160b4d62013-04-22 12:15:39 -07003368{
3369 unsigned int i;
3370 unsigned int num;
Ken Sumrall160b4d62013-04-22 12:15:39 -07003371 unsigned int max_persistent_entries;
Ken Sumrall160b4d62013-04-22 12:15:39 -07003372
3373 if (persist_data == NULL) {
3374 return -1;
3375 }
3376
Rubin Xu85c01f92014-10-13 12:49:54 +01003377 max_persistent_entries = persist_get_max_entries(encrypted);
Ken Sumrall160b4d62013-04-22 12:15:39 -07003378
3379 num = persist_data->persist_valid_entries;
3380
3381 for (i = 0; i < num; i++) {
3382 if (!strncmp(persist_data->persist_entry[i].key, fieldname, PROPERTY_KEY_MAX)) {
3383 /* We found an existing entry, update it! */
3384 memset(persist_data->persist_entry[i].val, 0, PROPERTY_VALUE_MAX);
3385 strlcpy(persist_data->persist_entry[i].val, value, PROPERTY_VALUE_MAX);
3386 return 0;
3387 }
3388 }
3389
3390 /* We didn't find it, add it to the end, if there is room */
3391 if (persist_data->persist_valid_entries < max_persistent_entries) {
3392 memset(&persist_data->persist_entry[num], 0, sizeof(struct crypt_persist_entry));
3393 strlcpy(persist_data->persist_entry[num].key, fieldname, PROPERTY_KEY_MAX);
3394 strlcpy(persist_data->persist_entry[num].val, value, PROPERTY_VALUE_MAX);
3395 persist_data->persist_valid_entries++;
3396 return 0;
3397 }
3398
3399 return -1;
3400}
3401
Rubin Xu85c01f92014-10-13 12:49:54 +01003402/**
3403 * Test if key is part of the multi-entry (field, index) sequence. Return non-zero if key is in the
3404 * sequence and its index is greater than or equal to index. Return 0 otherwise.
3405 */
3406static int match_multi_entry(const char *key, const char *field, unsigned index) {
Rubin Xu85c01f92014-10-13 12:49:54 +01003407 unsigned int field_len;
3408 unsigned int key_index;
3409 field_len = strlen(field);
3410
3411 if (index == 0) {
3412 // The first key in a multi-entry field is just the filedname itself.
3413 if (!strcmp(key, field)) {
3414 return 1;
3415 }
3416 }
3417 // Match key against "%s_%d" % (field, index)
3418 if (strlen(key) < field_len + 1 + 1) {
3419 // Need at least a '_' and a digit.
3420 return 0;
3421 }
3422 if (strncmp(key, field, field_len)) {
3423 // If the key does not begin with field, it's not a match.
3424 return 0;
3425 }
3426 if (1 != sscanf(&key[field_len],"_%d", &key_index)) {
3427 return 0;
3428 }
3429 return key_index >= index;
3430}
3431
3432/*
3433 * Delete entry/entries from persist_data. If the entries are part of a multi-segment field, all
3434 * remaining entries starting from index will be deleted.
3435 * returns PERSIST_DEL_KEY_OK if deletion succeeds,
3436 * PERSIST_DEL_KEY_ERROR_NO_FIELD if the field does not exist,
3437 * and PERSIST_DEL_KEY_ERROR_OTHER if error occurs.
3438 *
3439 */
3440static int persist_del_keys(const char *fieldname, unsigned index)
3441{
3442 unsigned int i;
3443 unsigned int j;
3444 unsigned int num;
3445
3446 if (persist_data == NULL) {
3447 return PERSIST_DEL_KEY_ERROR_OTHER;
3448 }
3449
3450 num = persist_data->persist_valid_entries;
3451
3452 j = 0; // points to the end of non-deleted entries.
3453 // Filter out to-be-deleted entries in place.
3454 for (i = 0; i < num; i++) {
3455 if (!match_multi_entry(persist_data->persist_entry[i].key, fieldname, index)) {
3456 persist_data->persist_entry[j] = persist_data->persist_entry[i];
3457 j++;
3458 }
3459 }
3460
3461 if (j < num) {
3462 persist_data->persist_valid_entries = j;
3463 // Zeroise the remaining entries
3464 memset(&persist_data->persist_entry[j], 0, (num - j) * sizeof(struct crypt_persist_entry));
3465 return PERSIST_DEL_KEY_OK;
3466 } else {
3467 // Did not find an entry matching the given fieldname
3468 return PERSIST_DEL_KEY_ERROR_NO_FIELD;
3469 }
3470}
3471
3472static int persist_count_keys(const char *fieldname)
3473{
3474 unsigned int i;
3475 unsigned int count;
3476
3477 if (persist_data == NULL) {
3478 return -1;
3479 }
3480
3481 count = 0;
3482 for (i = 0; i < persist_data->persist_valid_entries; i++) {
3483 if (match_multi_entry(persist_data->persist_entry[i].key, fieldname, 0)) {
3484 count++;
3485 }
3486 }
3487
3488 return count;
3489}
3490
Ken Sumrall160b4d62013-04-22 12:15:39 -07003491/* Return the value of the specified field. */
Rubin Xu85c01f92014-10-13 12:49:54 +01003492int cryptfs_getfield(const char *fieldname, char *value, int len)
Ken Sumrall160b4d62013-04-22 12:15:39 -07003493{
Paul Lawrence4e727452015-04-15 14:12:00 -07003494 if (e4crypt_crypto_complete(DATA_MNT_POINT) == 0) {
3495 return e4crypt_get_field(DATA_MNT_POINT, fieldname, value, len);
3496 }
3497
Ken Sumrall160b4d62013-04-22 12:15:39 -07003498 char temp_value[PROPERTY_VALUE_MAX];
Rubin Xu85c01f92014-10-13 12:49:54 +01003499 /* CRYPTO_GETFIELD_OK is success,
3500 * CRYPTO_GETFIELD_ERROR_NO_FIELD is value not set,
3501 * CRYPTO_GETFIELD_ERROR_BUF_TOO_SMALL is buffer (as given by len) too small,
3502 * CRYPTO_GETFIELD_ERROR_OTHER is any other error
Ken Sumrall160b4d62013-04-22 12:15:39 -07003503 */
Rubin Xu85c01f92014-10-13 12:49:54 +01003504 int rc = CRYPTO_GETFIELD_ERROR_OTHER;
3505 int i;
3506 char temp_field[PROPERTY_KEY_MAX];
Ken Sumrall160b4d62013-04-22 12:15:39 -07003507
3508 if (persist_data == NULL) {
3509 load_persistent_data();
3510 if (persist_data == NULL) {
3511 SLOGE("Getfield error, cannot load persistent data");
3512 goto out;
3513 }
3514 }
3515
Rubin Xu85c01f92014-10-13 12:49:54 +01003516 // Read value from persistent entries. If the original value is split into multiple entries,
3517 // stitch them back together.
Ken Sumrall160b4d62013-04-22 12:15:39 -07003518 if (!persist_get_key(fieldname, temp_value)) {
Rubin Xu85c01f92014-10-13 12:49:54 +01003519 // We found it, copy it to the caller's buffer and keep going until all entries are read.
3520 if (strlcpy(value, temp_value, len) >= (unsigned) len) {
3521 // value too small
3522 rc = CRYPTO_GETFIELD_ERROR_BUF_TOO_SMALL;
3523 goto out;
3524 }
3525 rc = CRYPTO_GETFIELD_OK;
3526
3527 for (i = 1; /* break explicitly */; i++) {
3528 if (snprintf(temp_field, sizeof(temp_field), "%s_%d", fieldname, i) >=
3529 (int) sizeof(temp_field)) {
3530 // If the fieldname is very long, we stop as soon as it begins to overflow the
3531 // maximum field length. At this point we have in fact fully read out the original
3532 // value because cryptfs_setfield would not allow fields with longer names to be
3533 // written in the first place.
3534 break;
3535 }
3536 if (!persist_get_key(temp_field, temp_value)) {
3537 if (strlcat(value, temp_value, len) >= (unsigned)len) {
3538 // value too small.
3539 rc = CRYPTO_GETFIELD_ERROR_BUF_TOO_SMALL;
3540 goto out;
3541 }
3542 } else {
3543 // Exhaust all entries.
3544 break;
3545 }
3546 }
Ken Sumrall160b4d62013-04-22 12:15:39 -07003547 } else {
3548 /* Sadness, it's not there. Return the error */
Rubin Xu85c01f92014-10-13 12:49:54 +01003549 rc = CRYPTO_GETFIELD_ERROR_NO_FIELD;
Ken Sumrall160b4d62013-04-22 12:15:39 -07003550 }
3551
3552out:
3553 return rc;
3554}
3555
3556/* Set the value of the specified field. */
Rubin Xu85c01f92014-10-13 12:49:54 +01003557int cryptfs_setfield(const char *fieldname, const char *value)
Ken Sumrall160b4d62013-04-22 12:15:39 -07003558{
Paul Lawrence4e727452015-04-15 14:12:00 -07003559 if (e4crypt_crypto_complete(DATA_MNT_POINT) == 0) {
3560 return e4crypt_set_field(DATA_MNT_POINT, fieldname, value);
3561 }
3562
Ken Sumrall160b4d62013-04-22 12:15:39 -07003563 char encrypted_state[PROPERTY_VALUE_MAX];
Rubin Xu85c01f92014-10-13 12:49:54 +01003564 /* 0 is success, negative values are error */
3565 int rc = CRYPTO_SETFIELD_ERROR_OTHER;
Ken Sumrall160b4d62013-04-22 12:15:39 -07003566 int encrypted = 0;
Rubin Xu85c01f92014-10-13 12:49:54 +01003567 unsigned int field_id;
3568 char temp_field[PROPERTY_KEY_MAX];
3569 unsigned int num_entries;
3570 unsigned int max_keylen;
Ken Sumrall160b4d62013-04-22 12:15:39 -07003571
3572 if (persist_data == NULL) {
3573 load_persistent_data();
3574 if (persist_data == NULL) {
3575 SLOGE("Setfield error, cannot load persistent data");
3576 goto out;
3577 }
3578 }
3579
3580 property_get("ro.crypto.state", encrypted_state, "");
3581 if (!strcmp(encrypted_state, "encrypted") ) {
3582 encrypted = 1;
3583 }
3584
Rubin Xu85c01f92014-10-13 12:49:54 +01003585 // Compute the number of entries required to store value, each entry can store up to
3586 // (PROPERTY_VALUE_MAX - 1) chars
3587 if (strlen(value) == 0) {
3588 // Empty value also needs one entry to store.
3589 num_entries = 1;
3590 } else {
3591 num_entries = (strlen(value) + (PROPERTY_VALUE_MAX - 1) - 1) / (PROPERTY_VALUE_MAX - 1);
3592 }
3593
3594 max_keylen = strlen(fieldname);
3595 if (num_entries > 1) {
3596 // Need an extra "_%d" suffix.
3597 max_keylen += 1 + log10(num_entries);
3598 }
3599 if (max_keylen > PROPERTY_KEY_MAX - 1) {
3600 rc = CRYPTO_SETFIELD_ERROR_FIELD_TOO_LONG;
Ken Sumrall160b4d62013-04-22 12:15:39 -07003601 goto out;
3602 }
3603
Rubin Xu85c01f92014-10-13 12:49:54 +01003604 // Make sure we have enough space to write the new value
3605 if (persist_data->persist_valid_entries + num_entries - persist_count_keys(fieldname) >
3606 persist_get_max_entries(encrypted)) {
3607 rc = CRYPTO_SETFIELD_ERROR_VALUE_TOO_LONG;
3608 goto out;
3609 }
3610
3611 // Now that we know persist_data has enough space for value, let's delete the old field first
3612 // to make up space.
3613 persist_del_keys(fieldname, 0);
3614
3615 if (persist_set_key(fieldname, value, encrypted)) {
3616 // fail to set key, should not happen as we have already checked the available space
3617 SLOGE("persist_set_key() error during setfield()");
3618 goto out;
3619 }
3620
3621 for (field_id = 1; field_id < num_entries; field_id++) {
3622 snprintf(temp_field, sizeof(temp_field), "%s_%d", fieldname, field_id);
3623
3624 if (persist_set_key(temp_field, value + field_id * (PROPERTY_VALUE_MAX - 1), encrypted)) {
3625 // fail to set key, should not happen as we have already checked the available space.
3626 SLOGE("persist_set_key() error during setfield()");
3627 goto out;
3628 }
3629 }
3630
Ken Sumrall160b4d62013-04-22 12:15:39 -07003631 /* If we are running encrypted, save the persistent data now */
3632 if (encrypted) {
3633 if (save_persistent_data()) {
3634 SLOGE("Setfield error, cannot save persistent data");
3635 goto out;
3636 }
3637 }
3638
Rubin Xu85c01f92014-10-13 12:49:54 +01003639 rc = CRYPTO_SETFIELD_OK;
Ken Sumrall160b4d62013-04-22 12:15:39 -07003640
3641out:
3642 return rc;
3643}
Paul Lawrencef4faa572014-01-29 13:31:03 -08003644
3645/* Checks userdata. Attempt to mount the volume if default-
3646 * encrypted.
3647 * On success trigger next init phase and return 0.
3648 * Currently do not handle failure - see TODO below.
3649 */
3650int cryptfs_mount_default_encrypted(void)
3651{
3652 char decrypt_state[PROPERTY_VALUE_MAX];
3653 property_get("vold.decrypt", decrypt_state, "0");
3654 if (!strcmp(decrypt_state, "0")) {
3655 SLOGE("Not encrypted - should not call here");
3656 } else {
3657 int crypt_type = cryptfs_get_password_type();
3658 if (crypt_type < 0 || crypt_type > CRYPT_TYPE_MAX_TYPE) {
3659 SLOGE("Bad crypt type - error");
3660 } else if (crypt_type != CRYPT_TYPE_DEFAULT) {
3661 SLOGD("Password is not default - "
3662 "starting min framework to prompt");
3663 property_set("vold.decrypt", "trigger_restart_min_framework");
3664 return 0;
3665 } else if (cryptfs_check_passwd(DEFAULT_PASSWORD) == 0) {
3666 SLOGD("Password is default - restarting filesystem");
3667 cryptfs_restart_internal(0);
3668 return 0;
3669 } else {
3670 SLOGE("Encrypted, default crypt type but can't decrypt");
3671 }
3672 }
3673
Paul Lawrence6bfed202014-07-28 12:47:22 -07003674 /** Corrupt. Allow us to boot into framework, which will detect bad
3675 crypto when it calls do_crypto_complete, then do a factory reset
Paul Lawrencef4faa572014-01-29 13:31:03 -08003676 */
Paul Lawrence6bfed202014-07-28 12:47:22 -07003677 property_set("vold.decrypt", "trigger_restart_min_framework");
Paul Lawrencef4faa572014-01-29 13:31:03 -08003678 return 0;
3679}
3680
3681/* Returns type of the password, default, pattern, pin or password.
3682 */
3683int cryptfs_get_password_type(void)
3684{
Paul Lawrence05335c32015-03-05 09:46:23 -08003685 if (e4crypt_crypto_complete(DATA_MNT_POINT) == 0) {
3686 return e4crypt_get_password_type(DATA_MNT_POINT);
3687 }
3688
Paul Lawrencef4faa572014-01-29 13:31:03 -08003689 struct crypt_mnt_ftr crypt_ftr;
3690
3691 if (get_crypt_ftr_and_key(&crypt_ftr)) {
3692 SLOGE("Error getting crypt footer and key\n");
3693 return -1;
3694 }
3695
Paul Lawrence6bfed202014-07-28 12:47:22 -07003696 if (crypt_ftr.flags & CRYPT_INCONSISTENT_STATE) {
3697 return -1;
3698 }
3699
Paul Lawrencef4faa572014-01-29 13:31:03 -08003700 return crypt_ftr.crypt_type;
3701}
Paul Lawrence684dbdf2014-02-07 12:07:22 -08003702
Paul Lawrence05335c32015-03-05 09:46:23 -08003703const char* cryptfs_get_password()
Paul Lawrence684dbdf2014-02-07 12:07:22 -08003704{
Paul Lawrence05335c32015-03-05 09:46:23 -08003705 if (e4crypt_crypto_complete(DATA_MNT_POINT) == 0) {
3706 return e4crypt_get_password(DATA_MNT_POINT);
3707 }
3708
Paul Lawrence399317e2014-03-10 13:20:50 -07003709 struct timespec now;
Paul Lawrenceef2b5be2014-11-11 12:47:03 -08003710 clock_gettime(CLOCK_BOOTTIME, &now);
Paul Lawrence399317e2014-03-10 13:20:50 -07003711 if (now.tv_sec < password_expiry_time) {
3712 return password;
3713 } else {
3714 cryptfs_clear_password();
3715 return 0;
3716 }
3717}
3718
3719void cryptfs_clear_password()
3720{
Paul Lawrence00f4aad2015-05-06 13:53:43 -07003721 if (e4crypt_crypto_complete(DATA_MNT_POINT) == 0) {
3722 e4crypt_clear_password(DATA_MNT_POINT);
3723 }
3724
Paul Lawrence399317e2014-03-10 13:20:50 -07003725 if (password) {
3726 size_t len = strlen(password);
3727 memset(password, 0, len);
3728 free(password);
3729 password = 0;
3730 password_expiry_time = 0;
3731 }
Paul Lawrence684dbdf2014-02-07 12:07:22 -08003732}
Paul Lawrence707fd6c2015-04-28 22:14:15 +00003733
3734int cryptfs_enable_file()
3735{
3736 return e4crypt_enable(DATA_MNT_POINT);
3737}
3738
3739int cryptfs_create_default_ftr(struct crypt_mnt_ftr* crypt_ftr, __attribute__((unused))int key_length)
3740{
3741 if (cryptfs_init_crypt_mnt_ftr(crypt_ftr)) {
3742 SLOGE("Failed to initialize crypt_ftr");
3743 return -1;
3744 }
3745
3746 if (create_encrypted_random_key(DEFAULT_PASSWORD, crypt_ftr->master_key,
3747 crypt_ftr->salt, crypt_ftr)) {
3748 SLOGE("Cannot create encrypted master key\n");
3749 return -1;
3750 }
3751
3752 //crypt_ftr->keysize = key_length / 8;
3753 return 0;
3754}
3755
3756int cryptfs_get_master_key(struct crypt_mnt_ftr* ftr, const char* password,
3757 unsigned char* master_key)
3758{
3759 int rc;
3760
Paul Lawrence707fd6c2015-04-28 22:14:15 +00003761 unsigned char* intermediate_key = 0;
3762 size_t intermediate_key_size = 0;
Paul Lawrence3ca21e22015-04-14 15:26:29 -07003763
3764 if (password == 0 || *password == 0) {
3765 password = DEFAULT_PASSWORD;
3766 }
3767
Paul Lawrence707fd6c2015-04-28 22:14:15 +00003768 rc = decrypt_master_key(password, master_key, ftr, &intermediate_key,
3769 &intermediate_key_size);
3770
Paul Lawrence3ca21e22015-04-14 15:26:29 -07003771 int N = 1 << ftr->N_factor;
3772 int r = 1 << ftr->r_factor;
3773 int p = 1 << ftr->p_factor;
3774
3775 unsigned char scrypted_intermediate_key[sizeof(ftr->scrypted_intermediate_key)];
3776
3777 rc = crypto_scrypt(intermediate_key, intermediate_key_size,
3778 ftr->salt, sizeof(ftr->salt), N, r, p,
3779 scrypted_intermediate_key,
3780 sizeof(scrypted_intermediate_key));
3781
3782 free(intermediate_key);
3783
3784 if (rc) {
3785 SLOGE("Can't calculate intermediate key");
3786 return rc;
3787 }
3788
3789 return memcmp(scrypted_intermediate_key, ftr->scrypted_intermediate_key,
3790 intermediate_key_size);
Paul Lawrence707fd6c2015-04-28 22:14:15 +00003791}
3792
3793int cryptfs_set_password(struct crypt_mnt_ftr* ftr, const char* password,
3794 const unsigned char* master_key)
3795{
3796 return encrypt_master_key(password, ftr->salt, master_key, ftr->master_key,
3797 ftr);
3798}