blob: b99dd56ee7e2366a33863c79790b96bbdd8858d0 [file] [log] [blame]
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001/*
2 * Copyright (C) 2010 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17/* TO DO:
18 * 1. Perhaps keep several copies of the encrypted key, in case something
19 * goes horribly wrong?
20 *
21 */
22
23#include <sys/types.h>
Ken Sumralle550f782013-08-20 13:48:23 -070024#include <sys/wait.h>
Ken Sumrall8f869aa2010-12-03 03:47:09 -080025#include <sys/stat.h>
Paul Lawrencef4faa572014-01-29 13:31:03 -080026#include <ctype.h>
Ken Sumrall8f869aa2010-12-03 03:47:09 -080027#include <fcntl.h>
Elliott Hughes73737162014-06-25 17:27:42 -070028#include <inttypes.h>
Ken Sumrall8f869aa2010-12-03 03:47:09 -080029#include <unistd.h>
30#include <stdio.h>
31#include <sys/ioctl.h>
32#include <linux/dm-ioctl.h>
33#include <libgen.h>
34#include <stdlib.h>
35#include <sys/param.h>
36#include <string.h>
37#include <sys/mount.h>
38#include <openssl/evp.h>
Adam Langley41405bb2015-01-22 16:45:28 -080039#include <openssl/sha.h>
Ken Sumrall8f869aa2010-12-03 03:47:09 -080040#include <errno.h>
Ken Sumrall3ed82362011-01-28 23:31:16 -080041#include <ext4.h>
Ken Sumrall29d8da82011-05-18 17:20:07 -070042#include <linux/kdev_t.h>
Ken Sumralle5032c42012-04-01 23:58:44 -070043#include <fs_mgr.h>
Paul Lawrence9c58a872014-09-30 09:12:51 -070044#include <time.h>
Rubin Xu85c01f92014-10-13 12:49:54 +010045#include <math.h>
Jeff Vander Stoepdf725752016-01-29 15:34:43 -080046#include <selinux/selinux.h>
Ken Sumrall8f869aa2010-12-03 03:47:09 -080047#include "cryptfs.h"
Jeff Vander Stoepdf725752016-01-29 15:34:43 -080048#include "secontext.h"
Ken Sumrall8f869aa2010-12-03 03:47:09 -080049#define LOG_TAG "Cryptfs"
50#include "cutils/log.h"
51#include "cutils/properties.h"
Ken Sumralladfba362013-06-04 16:37:52 -070052#include "cutils/android_reboot.h"
Ken Sumrall5d4c68e2011-01-30 19:06:03 -080053#include "hardware_legacy/power.h"
Ken Sumralle550f782013-08-20 13:48:23 -070054#include <logwrap/logwrap.h>
Paul Crowley63c18d32016-02-10 14:02:47 +000055#include "ScryptParameters.h"
Ken Sumrall29d8da82011-05-18 17:20:07 -070056#include "VolumeManager.h"
Ken Sumrall9caab762013-06-11 19:10:20 -070057#include "VoldUtil.h"
Kenny Rootc4c70f12013-06-14 12:11:38 -070058#include "crypto_scrypt.h"
Paul Lawrence731a7a22015-04-28 22:14:15 +000059#include "Ext4Crypt.h"
Paul Lawrenceae59fe62014-01-21 08:23:27 -080060#include "ext4_utils.h"
Daniel Rosenberge82df162014-08-15 22:19:23 +000061#include "f2fs_sparseblock.h"
Paul Lawrence87999172014-02-20 12:21:31 -080062#include "CheckBattery.h"
jessica_yu3f14fe42014-09-22 15:57:40 +080063#include "Process.h"
Ken Sumrall8f869aa2010-12-03 03:47:09 -080064
Shawn Willden8af33352015-02-24 09:51:34 -070065#include <hardware/keymaster0.h>
Shawn Willdenda6e8992015-06-03 09:40:45 -060066#include <hardware/keymaster1.h>
Paul Lawrence69f4ebd2014-04-14 12:17:14 -070067
Mark Salyzyn3e971272014-01-21 13:27:04 -080068#define UNUSED __attribute__((unused))
69
Mark Salyzyn5eecc442014-02-12 14:16:14 -080070#define UNUSED __attribute__((unused))
71
Ajay Dudani87701e22014-09-17 21:02:52 -070072#ifdef CONFIG_HW_DISK_ENCRYPTION
73#include "cryptfs_hw.h"
74#endif
75
Ken Sumrall8f869aa2010-12-03 03:47:09 -080076#define DM_CRYPT_BUF_SIZE 4096
77
Jason parks70a4b3f2011-01-28 10:10:47 -060078#define HASH_COUNT 2000
79#define KEY_LEN_BYTES 16
80#define IV_LEN_BYTES 16
81
Ken Sumrall29d8da82011-05-18 17:20:07 -070082#define KEY_IN_FOOTER "footer"
83
Paul Lawrence3bd36d52015-06-09 13:37:44 -070084#define DEFAULT_PASSWORD "default_password"
Paul Lawrencef4faa572014-01-29 13:31:03 -080085
Paul Lawrence3d99eba2015-11-20 07:07:19 -080086#define CRYPTO_BLOCK_DEVICE "userdata"
87
88#define BREADCRUMB_FILE "/data/misc/vold/convert_fde"
89
Ken Sumrall29d8da82011-05-18 17:20:07 -070090#define EXT4_FS 1
JP Abgrall62c7af32014-06-16 13:01:23 -070091#define F2FS_FS 2
Ken Sumrall29d8da82011-05-18 17:20:07 -070092
Ken Sumralle919efe2012-09-29 17:07:41 -070093#define TABLE_LOAD_RETRIES 10
94
Shawn Willden47ba10d2014-09-03 17:07:06 -060095#define RSA_KEY_SIZE 2048
96#define RSA_KEY_SIZE_BYTES (RSA_KEY_SIZE / 8)
97#define RSA_EXPONENT 0x10001
Shawn Willdenda6e8992015-06-03 09:40:45 -060098#define KEYMASTER_CRYPTFS_RATE_LIMIT 1 // Maximum one try per second
Paul Lawrence69f4ebd2014-04-14 12:17:14 -070099
Paul Lawrence8e3f4512014-09-08 10:11:17 -0700100#define RETRY_MOUNT_ATTEMPTS 10
101#define RETRY_MOUNT_DELAY_SECONDS 1
102
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800103char *me = "cryptfs";
104
Jason parks70a4b3f2011-01-28 10:10:47 -0600105static unsigned char saved_master_key[KEY_LEN_BYTES];
Ken Sumrall3ad90722011-10-04 20:38:29 -0700106static char *saved_mount_point;
Jason parks70a4b3f2011-01-28 10:10:47 -0600107static int master_key_saved = 0;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700108static struct crypt_persist_data *persist_data = NULL;
Ken Sumrall56ad03c2013-02-13 13:00:19 -0800109
Shawn Willdenda6e8992015-06-03 09:40:45 -0600110static int keymaster_init(keymaster0_device_t **keymaster0_dev,
111 keymaster1_device_t **keymaster1_dev)
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700112{
113 int rc;
114
115 const hw_module_t* mod;
116 rc = hw_get_module_by_class(KEYSTORE_HARDWARE_MODULE_ID, NULL, &mod);
117 if (rc) {
118 ALOGE("could not find any keystore module");
Shawn Willdenda6e8992015-06-03 09:40:45 -0600119 goto err;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700120 }
121
Shawn Willdenda6e8992015-06-03 09:40:45 -0600122 SLOGI("keymaster module name is %s", mod->name);
123 SLOGI("keymaster version is %d", mod->module_api_version);
124
125 *keymaster0_dev = NULL;
126 *keymaster1_dev = NULL;
127 if (mod->module_api_version == KEYMASTER_MODULE_API_VERSION_1_0) {
128 SLOGI("Found keymaster1 module, using keymaster1 API.");
129 rc = keymaster1_open(mod, keymaster1_dev);
130 } else {
131 SLOGI("Found keymaster0 module, using keymaster0 API.");
132 rc = keymaster0_open(mod, keymaster0_dev);
133 }
134
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700135 if (rc) {
136 ALOGE("could not open keymaster device in %s (%s)",
Shawn Willdenda6e8992015-06-03 09:40:45 -0600137 KEYSTORE_HARDWARE_MODULE_ID, strerror(-rc));
138 goto err;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700139 }
140
141 return 0;
142
Shawn Willdenda6e8992015-06-03 09:40:45 -0600143err:
144 *keymaster0_dev = NULL;
145 *keymaster1_dev = NULL;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700146 return rc;
147}
148
149/* Should we use keymaster? */
150static int keymaster_check_compatibility()
151{
Shawn Willdenda6e8992015-06-03 09:40:45 -0600152 keymaster0_device_t *keymaster0_dev = 0;
153 keymaster1_device_t *keymaster1_dev = 0;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700154 int rc = 0;
155
Shawn Willdenda6e8992015-06-03 09:40:45 -0600156 if (keymaster_init(&keymaster0_dev, &keymaster1_dev)) {
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700157 SLOGE("Failed to init keymaster");
158 rc = -1;
159 goto out;
160 }
161
Shawn Willdenda6e8992015-06-03 09:40:45 -0600162 if (keymaster1_dev) {
163 rc = 1;
164 goto out;
165 }
Paul Lawrence8c008392014-05-06 14:02:48 -0700166
Shawn Willdenda6e8992015-06-03 09:40:45 -0600167 // TODO(swillden): Check to see if there's any reason to require v0.3. I think v0.1 and v0.2
168 // should work.
169 if (keymaster0_dev->common.module->module_api_version
Paul Lawrence8c008392014-05-06 14:02:48 -0700170 < KEYMASTER_MODULE_API_VERSION_0_3) {
171 rc = 0;
172 goto out;
173 }
174
Shawn Willdenda6e8992015-06-03 09:40:45 -0600175 if (!(keymaster0_dev->flags & KEYMASTER_SOFTWARE_ONLY) &&
176 (keymaster0_dev->flags & KEYMASTER_BLOBS_ARE_STANDALONE)) {
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700177 rc = 1;
178 }
179
180out:
Shawn Willdenda6e8992015-06-03 09:40:45 -0600181 if (keymaster1_dev) {
182 keymaster1_close(keymaster1_dev);
183 }
184 if (keymaster0_dev) {
185 keymaster0_close(keymaster0_dev);
186 }
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700187 return rc;
188}
189
190/* Create a new keymaster key and store it in this footer */
191static int keymaster_create_key(struct crypt_mnt_ftr *ftr)
192{
193 uint8_t* key = 0;
Shawn Willdenda6e8992015-06-03 09:40:45 -0600194 keymaster0_device_t *keymaster0_dev = 0;
195 keymaster1_device_t *keymaster1_dev = 0;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700196
Paul Lawrence3d99eba2015-11-20 07:07:19 -0800197 if (ftr->keymaster_blob_size) {
198 SLOGI("Already have key");
199 return 0;
200 }
201
Shawn Willdenda6e8992015-06-03 09:40:45 -0600202 if (keymaster_init(&keymaster0_dev, &keymaster1_dev)) {
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700203 SLOGE("Failed to init keymaster");
204 return -1;
205 }
206
207 int rc = 0;
Shawn Willdenda6e8992015-06-03 09:40:45 -0600208 size_t key_size = 0;
209 if (keymaster1_dev) {
210 keymaster_key_param_t params[] = {
211 /* Algorithm & size specifications. Stick with RSA for now. Switch to AES later. */
212 keymaster_param_enum(KM_TAG_ALGORITHM, KM_ALGORITHM_RSA),
213 keymaster_param_int(KM_TAG_KEY_SIZE, RSA_KEY_SIZE),
214 keymaster_param_long(KM_TAG_RSA_PUBLIC_EXPONENT, RSA_EXPONENT),
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700215
Shawn Willden86af3552015-06-24 07:21:54 -0700216 /* The only allowed purpose for this key is signing. */
217 keymaster_param_enum(KM_TAG_PURPOSE, KM_PURPOSE_SIGN),
218
219 /* Padding & digest specifications. */
Shawn Willdenda6e8992015-06-03 09:40:45 -0600220 keymaster_param_enum(KM_TAG_PADDING, KM_PAD_NONE),
Shawn Willdenda6e8992015-06-03 09:40:45 -0600221 keymaster_param_enum(KM_TAG_DIGEST, KM_DIGEST_NONE),
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700222
Shawn Willdenda6e8992015-06-03 09:40:45 -0600223 /* Require that the key be usable in standalone mode. File system isn't available. */
224 keymaster_param_enum(KM_TAG_BLOB_USAGE_REQUIREMENTS, KM_BLOB_STANDALONE),
225
226 /* No auth requirements, because cryptfs is not yet integrated with gatekeeper. */
227 keymaster_param_bool(KM_TAG_NO_AUTH_REQUIRED),
228
Shawn Willdenda6e8992015-06-03 09:40:45 -0600229 /* Rate-limit key usage attempts, to rate-limit brute force */
230 keymaster_param_int(KM_TAG_MIN_SECONDS_BETWEEN_OPS, KEYMASTER_CRYPTFS_RATE_LIMIT),
231 };
232 keymaster_key_param_set_t param_set = { params, sizeof(params)/sizeof(*params) };
233 keymaster_key_blob_t key_blob;
234 keymaster_error_t error = keymaster1_dev->generate_key(keymaster1_dev, &param_set,
235 &key_blob,
236 NULL /* characteristics */);
237 if (error != KM_ERROR_OK) {
238 SLOGE("Failed to generate keymaster1 key, error %d", error);
239 rc = -1;
240 goto out;
241 }
242
243 key = (uint8_t*)key_blob.key_material;
244 key_size = key_blob.key_material_size;
245 }
246 else if (keymaster0_dev) {
247 keymaster_rsa_keygen_params_t params;
248 memset(&params, '\0', sizeof(params));
249 params.public_exponent = RSA_EXPONENT;
250 params.modulus_size = RSA_KEY_SIZE;
251
252 if (keymaster0_dev->generate_keypair(keymaster0_dev, TYPE_RSA, &params,
253 &key, &key_size)) {
254 SLOGE("Failed to generate keypair");
255 rc = -1;
256 goto out;
257 }
258 } else {
259 SLOGE("Cryptfs bug: keymaster_init succeeded but didn't initialize a device");
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700260 rc = -1;
261 goto out;
262 }
263
264 if (key_size > KEYMASTER_BLOB_SIZE) {
265 SLOGE("Keymaster key too large for crypto footer");
266 rc = -1;
267 goto out;
268 }
269
270 memcpy(ftr->keymaster_blob, key, key_size);
271 ftr->keymaster_blob_size = key_size;
272
273out:
Shawn Willdenda6e8992015-06-03 09:40:45 -0600274 if (keymaster0_dev)
275 keymaster0_close(keymaster0_dev);
276 if (keymaster1_dev)
277 keymaster1_close(keymaster1_dev);
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700278 free(key);
279 return rc;
280}
281
Shawn Willdene17a9c42014-09-08 13:04:08 -0600282/* This signs the given object using the keymaster key. */
283static int keymaster_sign_object(struct crypt_mnt_ftr *ftr,
Shawn Willden47ba10d2014-09-03 17:07:06 -0600284 const unsigned char *object,
285 const size_t object_size,
286 unsigned char **signature,
287 size_t *signature_size)
288{
289 int rc = 0;
Shawn Willdenda6e8992015-06-03 09:40:45 -0600290 keymaster0_device_t *keymaster0_dev = 0;
291 keymaster1_device_t *keymaster1_dev = 0;
292 if (keymaster_init(&keymaster0_dev, &keymaster1_dev)) {
Shawn Willden47ba10d2014-09-03 17:07:06 -0600293 SLOGE("Failed to init keymaster");
Shawn Willdenda6e8992015-06-03 09:40:45 -0600294 rc = -1;
295 goto out;
Shawn Willden47ba10d2014-09-03 17:07:06 -0600296 }
297
Shawn Willden47ba10d2014-09-03 17:07:06 -0600298 unsigned char to_sign[RSA_KEY_SIZE_BYTES];
Shawn Willdene17a9c42014-09-08 13:04:08 -0600299 size_t to_sign_size = sizeof(to_sign);
Shawn Willden47ba10d2014-09-03 17:07:06 -0600300 memset(to_sign, 0, RSA_KEY_SIZE_BYTES);
Shawn Willden47ba10d2014-09-03 17:07:06 -0600301
Shawn Willdene17a9c42014-09-08 13:04:08 -0600302 // To sign a message with RSA, the message must satisfy two
303 // constraints:
304 //
305 // 1. The message, when interpreted as a big-endian numeric value, must
306 // be strictly less than the public modulus of the RSA key. Note
307 // that because the most significant bit of the public modulus is
308 // guaranteed to be 1 (else it's an (n-1)-bit key, not an n-bit
309 // key), an n-bit message with most significant bit 0 always
310 // satisfies this requirement.
311 //
312 // 2. The message must have the same length in bits as the public
313 // modulus of the RSA key. This requirement isn't mathematically
314 // necessary, but is necessary to ensure consistency in
315 // implementations.
316 switch (ftr->kdf_type) {
Shawn Willdene17a9c42014-09-08 13:04:08 -0600317 case KDF_SCRYPT_KEYMASTER:
318 // This ensures the most significant byte of the signed message
319 // is zero. We could have zero-padded to the left instead, but
320 // this approach is slightly more robust against changes in
321 // object size. However, it's still broken (but not unusably
Shawn Willdenda6e8992015-06-03 09:40:45 -0600322 // so) because we really should be using a proper deterministic
323 // RSA padding function, such as PKCS1.
Shawn Willdene17a9c42014-09-08 13:04:08 -0600324 memcpy(to_sign + 1, object, min(RSA_KEY_SIZE_BYTES - 1, object_size));
325 SLOGI("Signing safely-padded object");
326 break;
327 default:
328 SLOGE("Unknown KDF type %d", ftr->kdf_type);
Shawn Willdenda6e8992015-06-03 09:40:45 -0600329 rc = -1;
330 goto out;
Shawn Willdene17a9c42014-09-08 13:04:08 -0600331 }
332
Shawn Willdenda6e8992015-06-03 09:40:45 -0600333 if (keymaster0_dev) {
334 keymaster_rsa_sign_params_t params;
335 params.digest_type = DIGEST_NONE;
336 params.padding_type = PADDING_NONE;
Shawn Willden47ba10d2014-09-03 17:07:06 -0600337
Shawn Willdenda6e8992015-06-03 09:40:45 -0600338 rc = keymaster0_dev->sign_data(keymaster0_dev,
339 &params,
340 ftr->keymaster_blob,
341 ftr->keymaster_blob_size,
342 to_sign,
343 to_sign_size,
344 signature,
345 signature_size);
346 goto out;
347 } else if (keymaster1_dev) {
348 keymaster_key_blob_t key = { ftr->keymaster_blob, ftr->keymaster_blob_size };
349 keymaster_key_param_t params[] = {
350 keymaster_param_enum(KM_TAG_PADDING, KM_PAD_NONE),
351 keymaster_param_enum(KM_TAG_DIGEST, KM_DIGEST_NONE),
352 };
353 keymaster_key_param_set_t param_set = { params, sizeof(params)/sizeof(*params) };
354 keymaster_operation_handle_t op_handle;
355 keymaster_error_t error = keymaster1_dev->begin(keymaster1_dev, KM_PURPOSE_SIGN, &key,
356 &param_set, NULL /* out_params */,
357 &op_handle);
Shawn Willden04170602015-06-18 12:26:59 -0600358 if (error == KM_ERROR_KEY_RATE_LIMIT_EXCEEDED) {
Shawn Willdenda6e8992015-06-03 09:40:45 -0600359 // Key usage has been rate-limited. Wait a bit and try again.
360 sleep(KEYMASTER_CRYPTFS_RATE_LIMIT);
361 error = keymaster1_dev->begin(keymaster1_dev, KM_PURPOSE_SIGN, &key,
362 &param_set, NULL /* out_params */,
363 &op_handle);
364 }
365 if (error != KM_ERROR_OK) {
366 SLOGE("Error starting keymaster signature transaction: %d", error);
367 rc = -1;
368 goto out;
369 }
370
371 keymaster_blob_t input = { to_sign, to_sign_size };
372 size_t input_consumed;
373 error = keymaster1_dev->update(keymaster1_dev, op_handle, NULL /* in_params */,
374 &input, &input_consumed, NULL /* out_params */,
375 NULL /* output */);
376 if (error != KM_ERROR_OK) {
377 SLOGE("Error sending data to keymaster signature transaction: %d", error);
378 rc = -1;
379 goto out;
380 }
381 if (input_consumed != to_sign_size) {
382 // This should never happen. If it does, it's a bug in the keymaster implementation.
383 SLOGE("Keymaster update() did not consume all data.");
384 keymaster1_dev->abort(keymaster1_dev, op_handle);
385 rc = -1;
386 goto out;
387 }
388
389 keymaster_blob_t tmp_sig;
390 error = keymaster1_dev->finish(keymaster1_dev, op_handle, NULL /* in_params */,
391 NULL /* verify signature */, NULL /* out_params */,
392 &tmp_sig);
393 if (error != KM_ERROR_OK) {
394 SLOGE("Error finishing keymaster signature transaction: %d", error);
395 rc = -1;
396 goto out;
397 }
398
399 *signature = (uint8_t*)tmp_sig.data;
400 *signature_size = tmp_sig.data_length;
401 } else {
402 SLOGE("Cryptfs bug: keymaster_init succeded but didn't initialize a device.");
403 rc = -1;
404 goto out;
405 }
406
407 out:
408 if (keymaster1_dev)
409 keymaster1_close(keymaster1_dev);
410 if (keymaster0_dev)
411 keymaster0_close(keymaster0_dev);
412
413 return rc;
Shawn Willden47ba10d2014-09-03 17:07:06 -0600414}
415
Paul Lawrence399317e2014-03-10 13:20:50 -0700416/* Store password when userdata is successfully decrypted and mounted.
417 * Cleared by cryptfs_clear_password
418 *
419 * To avoid a double prompt at boot, we need to store the CryptKeeper
420 * password and pass it to KeyGuard, which uses it to unlock KeyStore.
421 * Since the entire framework is torn down and rebuilt after encryption,
422 * we have to use a daemon or similar to store the password. Since vold
423 * is secured against IPC except from system processes, it seems a reasonable
424 * place to store this.
425 *
426 * password should be cleared once it has been used.
427 *
428 * password is aged out after password_max_age_seconds seconds.
Paul Lawrence684dbdf2014-02-07 12:07:22 -0800429 */
Paul Lawrence399317e2014-03-10 13:20:50 -0700430static char* password = 0;
431static int password_expiry_time = 0;
432static const int password_max_age_seconds = 60;
Paul Lawrence684dbdf2014-02-07 12:07:22 -0800433
Ken Sumrall56ad03c2013-02-13 13:00:19 -0800434extern struct fstab *fstab;
Ken Sumrall8ddbe402011-01-17 15:26:29 -0800435
Paul Lawrence87999172014-02-20 12:21:31 -0800436enum RebootType {reboot, recovery, shutdown};
437static void cryptfs_reboot(enum RebootType rt)
Ken Sumralladfba362013-06-04 16:37:52 -0700438{
Paul Lawrence87999172014-02-20 12:21:31 -0800439 switch(rt) {
440 case reboot:
441 property_set(ANDROID_RB_PROPERTY, "reboot");
442 break;
443
444 case recovery:
445 property_set(ANDROID_RB_PROPERTY, "reboot,recovery");
446 break;
447
448 case shutdown:
449 property_set(ANDROID_RB_PROPERTY, "shutdown");
450 break;
Ken Sumralladfba362013-06-04 16:37:52 -0700451 }
Paul Lawrence87999172014-02-20 12:21:31 -0800452
Ken Sumralladfba362013-06-04 16:37:52 -0700453 sleep(20);
454
455 /* Shouldn't get here, reboot should happen before sleep times out */
456 return;
457}
458
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800459static void ioctl_init(struct dm_ioctl *io, size_t dataSize, const char *name, unsigned flags)
460{
461 memset(io, 0, dataSize);
462 io->data_size = dataSize;
463 io->data_start = sizeof(struct dm_ioctl);
464 io->version[0] = 4;
465 io->version[1] = 0;
466 io->version[2] = 0;
467 io->flags = flags;
468 if (name) {
Marek Pola5e6b9142015-02-05 14:22:34 +0100469 strlcpy(io->name, name, sizeof(io->name));
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800470 }
471}
472
Kenny Rootc4c70f12013-06-14 12:11:38 -0700473/**
474 * Gets the default device scrypt parameters for key derivation time tuning.
475 * The parameters should lead to about one second derivation time for the
476 * given device.
477 */
478static void get_device_scrypt_params(struct crypt_mnt_ftr *ftr) {
Kenny Rootc4c70f12013-06-14 12:11:38 -0700479 char paramstr[PROPERTY_VALUE_MAX];
Paul Crowley63c18d32016-02-10 14:02:47 +0000480 int Nf, rf, pf;
Kenny Rootc4c70f12013-06-14 12:11:38 -0700481
Paul Crowley63c18d32016-02-10 14:02:47 +0000482 property_get(SCRYPT_PROP, paramstr, SCRYPT_DEFAULTS);
483 if (!parse_scrypt_parameters(paramstr, &Nf, &rf, &pf)) {
484 SLOGW("bad scrypt parameters '%s' should be like '12:8:1'; using defaults", paramstr);
485 parse_scrypt_parameters(SCRYPT_DEFAULTS, &Nf, &rf, &pf);
Kenny Rootc4c70f12013-06-14 12:11:38 -0700486 }
Paul Crowley63c18d32016-02-10 14:02:47 +0000487 ftr->N_factor = Nf;
488 ftr->r_factor = rf;
489 ftr->p_factor = pf;
Kenny Rootc4c70f12013-06-14 12:11:38 -0700490}
491
Ken Sumrall3ed82362011-01-28 23:31:16 -0800492static unsigned int get_fs_size(char *dev)
493{
494 int fd, block_size;
495 struct ext4_super_block sb;
496 off64_t len;
497
Jeff Sharkeyce6a9132015-04-08 21:07:21 -0700498 if ((fd = open(dev, O_RDONLY|O_CLOEXEC)) < 0) {
Ken Sumrall3ed82362011-01-28 23:31:16 -0800499 SLOGE("Cannot open device to get filesystem size ");
500 return 0;
501 }
502
503 if (lseek64(fd, 1024, SEEK_SET) < 0) {
504 SLOGE("Cannot seek to superblock");
505 return 0;
506 }
507
508 if (read(fd, &sb, sizeof(sb)) != sizeof(sb)) {
509 SLOGE("Cannot read superblock");
510 return 0;
511 }
512
513 close(fd);
514
Daniel Rosenberge82df162014-08-15 22:19:23 +0000515 if (le32_to_cpu(sb.s_magic) != EXT4_SUPER_MAGIC) {
516 SLOGE("Not a valid ext4 superblock");
517 return 0;
518 }
Ken Sumrall3ed82362011-01-28 23:31:16 -0800519 block_size = 1024 << sb.s_log_block_size;
520 /* compute length in bytes */
521 len = ( ((off64_t)sb.s_blocks_count_hi << 32) + sb.s_blocks_count_lo) * block_size;
522
523 /* return length in sectors */
524 return (unsigned int) (len / 512);
525}
526
Ken Sumrall160b4d62013-04-22 12:15:39 -0700527static int get_crypt_ftr_info(char **metadata_fname, off64_t *off)
528{
529 static int cached_data = 0;
530 static off64_t cached_off = 0;
531 static char cached_metadata_fname[PROPERTY_VALUE_MAX] = "";
532 int fd;
533 char key_loc[PROPERTY_VALUE_MAX];
534 char real_blkdev[PROPERTY_VALUE_MAX];
Ken Sumrall160b4d62013-04-22 12:15:39 -0700535 int rc = -1;
536
537 if (!cached_data) {
538 fs_mgr_get_crypt_info(fstab, key_loc, real_blkdev, sizeof(key_loc));
539
540 if (!strcmp(key_loc, KEY_IN_FOOTER)) {
Jeff Sharkeyce6a9132015-04-08 21:07:21 -0700541 if ( (fd = open(real_blkdev, O_RDWR|O_CLOEXEC)) < 0) {
Ken Sumrall160b4d62013-04-22 12:15:39 -0700542 SLOGE("Cannot open real block device %s\n", real_blkdev);
543 return -1;
544 }
545
Hiroaki Miyazawa14eab552015-02-04 13:29:15 +0900546 unsigned long nr_sec = 0;
547 get_blkdev_size(fd, &nr_sec);
548 if (nr_sec != 0) {
Ken Sumrall160b4d62013-04-22 12:15:39 -0700549 /* If it's an encrypted Android partition, the last 16 Kbytes contain the
550 * encryption info footer and key, and plenty of bytes to spare for future
551 * growth.
552 */
553 strlcpy(cached_metadata_fname, real_blkdev, sizeof(cached_metadata_fname));
554 cached_off = ((off64_t)nr_sec * 512) - CRYPT_FOOTER_OFFSET;
555 cached_data = 1;
556 } else {
557 SLOGE("Cannot get size of block device %s\n", real_blkdev);
558 }
559 close(fd);
560 } else {
561 strlcpy(cached_metadata_fname, key_loc, sizeof(cached_metadata_fname));
562 cached_off = 0;
563 cached_data = 1;
564 }
565 }
566
567 if (cached_data) {
568 if (metadata_fname) {
569 *metadata_fname = cached_metadata_fname;
570 }
571 if (off) {
572 *off = cached_off;
573 }
574 rc = 0;
575 }
576
577 return rc;
578}
579
Paul Lawrence3d99eba2015-11-20 07:07:19 -0800580/* Set sha256 checksum in structure */
581static void set_ftr_sha(struct crypt_mnt_ftr *crypt_ftr)
582{
583 SHA256_CTX c;
584 SHA256_Init(&c);
585 memset(crypt_ftr->sha256, 0, sizeof(crypt_ftr->sha256));
586 SHA256_Update(&c, crypt_ftr, sizeof(*crypt_ftr));
587 SHA256_Final(crypt_ftr->sha256, &c);
588}
589
Ken Sumralle8744072011-01-18 22:01:55 -0800590/* key or salt can be NULL, in which case just skip writing that value. Useful to
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800591 * update the failed mount count but not change the key.
592 */
Ken Sumrall160b4d62013-04-22 12:15:39 -0700593static int put_crypt_ftr_and_key(struct crypt_mnt_ftr *crypt_ftr)
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800594{
595 int fd;
Tim Murray8439dc92014-12-15 11:56:11 -0800596 unsigned int cnt;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700597 /* starting_off is set to the SEEK_SET offset
598 * where the crypto structure starts
599 */
600 off64_t starting_off;
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800601 int rc = -1;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700602 char *fname = NULL;
Ken Sumrall3be890f2011-09-14 16:53:46 -0700603 struct stat statbuf;
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800604
Paul Lawrence3d99eba2015-11-20 07:07:19 -0800605 set_ftr_sha(crypt_ftr);
606
Ken Sumrall160b4d62013-04-22 12:15:39 -0700607 if (get_crypt_ftr_info(&fname, &starting_off)) {
608 SLOGE("Unable to get crypt_ftr_info\n");
609 return -1;
610 }
611 if (fname[0] != '/') {
Ken Sumralle5032c42012-04-01 23:58:44 -0700612 SLOGE("Unexpected value for crypto key location\n");
Ken Sumrall160b4d62013-04-22 12:15:39 -0700613 return -1;
614 }
Jeff Sharkeyce6a9132015-04-08 21:07:21 -0700615 if ( (fd = open(fname, O_RDWR | O_CREAT|O_CLOEXEC, 0600)) < 0) {
Ken Sumralle550f782013-08-20 13:48:23 -0700616 SLOGE("Cannot open footer file %s for put\n", fname);
Ken Sumrall160b4d62013-04-22 12:15:39 -0700617 return -1;
618 }
619
620 /* Seek to the start of the crypt footer */
621 if (lseek64(fd, starting_off, SEEK_SET) == -1) {
622 SLOGE("Cannot seek to real block device footer\n");
623 goto errout;
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800624 }
625
626 if ((cnt = write(fd, crypt_ftr, sizeof(struct crypt_mnt_ftr))) != sizeof(struct crypt_mnt_ftr)) {
627 SLOGE("Cannot write real block device footer\n");
628 goto errout;
629 }
630
Ken Sumrall3be890f2011-09-14 16:53:46 -0700631 fstat(fd, &statbuf);
632 /* If the keys are kept on a raw block device, do not try to truncate it. */
Ken Sumralle550f782013-08-20 13:48:23 -0700633 if (S_ISREG(statbuf.st_mode)) {
Ken Sumrall29d8da82011-05-18 17:20:07 -0700634 if (ftruncate(fd, 0x4000)) {
Colin Cross59846b62014-02-06 20:34:29 -0800635 SLOGE("Cannot set footer file size\n");
Ken Sumralle8744072011-01-18 22:01:55 -0800636 goto errout;
637 }
638 }
639
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800640 /* Success! */
641 rc = 0;
642
643errout:
644 close(fd);
645 return rc;
646
647}
648
Paul Lawrence3d99eba2015-11-20 07:07:19 -0800649static bool check_ftr_sha(const struct crypt_mnt_ftr *crypt_ftr)
650{
651 struct crypt_mnt_ftr copy;
652 memcpy(&copy, crypt_ftr, sizeof(copy));
653 set_ftr_sha(&copy);
654 return memcmp(copy.sha256, crypt_ftr->sha256, sizeof(copy.sha256)) == 0;
655}
656
Ken Sumrall160b4d62013-04-22 12:15:39 -0700657static inline int unix_read(int fd, void* buff, int len)
658{
659 return TEMP_FAILURE_RETRY(read(fd, buff, len));
660}
661
662static inline int unix_write(int fd, const void* buff, int len)
663{
664 return TEMP_FAILURE_RETRY(write(fd, buff, len));
665}
666
667static void init_empty_persist_data(struct crypt_persist_data *pdata, int len)
668{
669 memset(pdata, 0, len);
670 pdata->persist_magic = PERSIST_DATA_MAGIC;
671 pdata->persist_valid_entries = 0;
672}
673
674/* A routine to update the passed in crypt_ftr to the lastest version.
675 * fd is open read/write on the device that holds the crypto footer and persistent
676 * data, crypt_ftr is a pointer to the struct to be updated, and offset is the
677 * absolute offset to the start of the crypt_mnt_ftr on the passed in fd.
678 */
679static void upgrade_crypt_ftr(int fd, struct crypt_mnt_ftr *crypt_ftr, off64_t offset)
680{
Kenny Root7434b312013-06-14 11:29:53 -0700681 int orig_major = crypt_ftr->major_version;
682 int orig_minor = crypt_ftr->minor_version;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700683
Kenny Root7434b312013-06-14 11:29:53 -0700684 if ((crypt_ftr->major_version == 1) && (crypt_ftr->minor_version == 0)) {
685 struct crypt_persist_data *pdata;
686 off64_t pdata_offset = offset + CRYPT_FOOTER_TO_PERSIST_OFFSET;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700687
Kenny Rootc4c70f12013-06-14 12:11:38 -0700688 SLOGW("upgrading crypto footer to 1.1");
689
Kenny Root7434b312013-06-14 11:29:53 -0700690 pdata = malloc(CRYPT_PERSIST_DATA_SIZE);
691 if (pdata == NULL) {
692 SLOGE("Cannot allocate persisent data\n");
693 return;
694 }
695 memset(pdata, 0, CRYPT_PERSIST_DATA_SIZE);
696
697 /* Need to initialize the persistent data area */
698 if (lseek64(fd, pdata_offset, SEEK_SET) == -1) {
699 SLOGE("Cannot seek to persisent data offset\n");
Henrik Baard91064632015-02-05 15:09:17 +0100700 free(pdata);
Kenny Root7434b312013-06-14 11:29:53 -0700701 return;
702 }
703 /* Write all zeros to the first copy, making it invalid */
704 unix_write(fd, pdata, CRYPT_PERSIST_DATA_SIZE);
705
706 /* Write a valid but empty structure to the second copy */
707 init_empty_persist_data(pdata, CRYPT_PERSIST_DATA_SIZE);
708 unix_write(fd, pdata, CRYPT_PERSIST_DATA_SIZE);
709
710 /* Update the footer */
711 crypt_ftr->persist_data_size = CRYPT_PERSIST_DATA_SIZE;
712 crypt_ftr->persist_data_offset[0] = pdata_offset;
713 crypt_ftr->persist_data_offset[1] = pdata_offset + CRYPT_PERSIST_DATA_SIZE;
714 crypt_ftr->minor_version = 1;
Henrik Baard91064632015-02-05 15:09:17 +0100715 free(pdata);
Ken Sumrall160b4d62013-04-22 12:15:39 -0700716 }
717
Paul Lawrencef4faa572014-01-29 13:31:03 -0800718 if ((crypt_ftr->major_version == 1) && (crypt_ftr->minor_version == 1)) {
Kenny Rootc4c70f12013-06-14 12:11:38 -0700719 SLOGW("upgrading crypto footer to 1.2");
JP Abgrall7bdfa522013-11-15 13:42:56 -0800720 /* But keep the old kdf_type.
721 * It will get updated later to KDF_SCRYPT after the password has been verified.
722 */
Kenny Rootc4c70f12013-06-14 12:11:38 -0700723 crypt_ftr->kdf_type = KDF_PBKDF2;
724 get_device_scrypt_params(crypt_ftr);
725 crypt_ftr->minor_version = 2;
726 }
727
Paul Lawrencef4faa572014-01-29 13:31:03 -0800728 if ((crypt_ftr->major_version == 1) && (crypt_ftr->minor_version == 2)) {
729 SLOGW("upgrading crypto footer to 1.3");
730 crypt_ftr->crypt_type = CRYPT_TYPE_PASSWORD;
731 crypt_ftr->minor_version = 3;
732 }
733
Kenny Root7434b312013-06-14 11:29:53 -0700734 if ((orig_major != crypt_ftr->major_version) || (orig_minor != crypt_ftr->minor_version)) {
735 if (lseek64(fd, offset, SEEK_SET) == -1) {
736 SLOGE("Cannot seek to crypt footer\n");
737 return;
738 }
739 unix_write(fd, crypt_ftr, sizeof(struct crypt_mnt_ftr));
Ken Sumrall160b4d62013-04-22 12:15:39 -0700740 }
Ken Sumrall160b4d62013-04-22 12:15:39 -0700741}
742
743
744static int get_crypt_ftr_and_key(struct crypt_mnt_ftr *crypt_ftr)
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800745{
746 int fd;
Tim Murray8439dc92014-12-15 11:56:11 -0800747 unsigned int cnt;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700748 off64_t starting_off;
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800749 int rc = -1;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700750 char *fname = NULL;
Ken Sumrall29d8da82011-05-18 17:20:07 -0700751 struct stat statbuf;
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800752
Ken Sumrall160b4d62013-04-22 12:15:39 -0700753 if (get_crypt_ftr_info(&fname, &starting_off)) {
754 SLOGE("Unable to get crypt_ftr_info\n");
755 return -1;
756 }
757 if (fname[0] != '/') {
Ken Sumralle5032c42012-04-01 23:58:44 -0700758 SLOGE("Unexpected value for crypto key location\n");
Ken Sumrall160b4d62013-04-22 12:15:39 -0700759 return -1;
760 }
Jeff Sharkeyce6a9132015-04-08 21:07:21 -0700761 if ( (fd = open(fname, O_RDWR|O_CLOEXEC)) < 0) {
Ken Sumralle550f782013-08-20 13:48:23 -0700762 SLOGE("Cannot open footer file %s for get\n", fname);
Ken Sumrall160b4d62013-04-22 12:15:39 -0700763 return -1;
764 }
765
766 /* Make sure it's 16 Kbytes in length */
767 fstat(fd, &statbuf);
768 if (S_ISREG(statbuf.st_mode) && (statbuf.st_size != 0x4000)) {
769 SLOGE("footer file %s is not the expected size!\n", fname);
770 goto errout;
771 }
772
773 /* Seek to the start of the crypt footer */
774 if (lseek64(fd, starting_off, SEEK_SET) == -1) {
775 SLOGE("Cannot seek to real block device footer\n");
776 goto errout;
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800777 }
778
779 if ( (cnt = read(fd, crypt_ftr, sizeof(struct crypt_mnt_ftr))) != sizeof(struct crypt_mnt_ftr)) {
780 SLOGE("Cannot read real block device footer\n");
781 goto errout;
782 }
783
784 if (crypt_ftr->magic != CRYPT_MNT_MAGIC) {
Ken Sumrall29d8da82011-05-18 17:20:07 -0700785 SLOGE("Bad magic for real block device %s\n", fname);
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800786 goto errout;
787 }
788
Kenny Rootc96a5f82013-06-14 12:08:28 -0700789 if (crypt_ftr->major_version != CURRENT_MAJOR_VERSION) {
790 SLOGE("Cannot understand major version %d real block device footer; expected %d\n",
791 crypt_ftr->major_version, CURRENT_MAJOR_VERSION);
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800792 goto errout;
793 }
794
Kenny Rootc96a5f82013-06-14 12:08:28 -0700795 if (crypt_ftr->minor_version > CURRENT_MINOR_VERSION) {
796 SLOGW("Warning: crypto footer minor version %d, expected <= %d, continuing...\n",
797 crypt_ftr->minor_version, CURRENT_MINOR_VERSION);
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800798 }
799
Ken Sumrall160b4d62013-04-22 12:15:39 -0700800 /* If this is a verion 1.0 crypt_ftr, make it a 1.1 crypt footer, and update the
801 * copy on disk before returning.
802 */
Kenny Rootc96a5f82013-06-14 12:08:28 -0700803 if (crypt_ftr->minor_version < CURRENT_MINOR_VERSION) {
Ken Sumrall160b4d62013-04-22 12:15:39 -0700804 upgrade_crypt_ftr(fd, crypt_ftr, starting_off);
Ken Sumralle8744072011-01-18 22:01:55 -0800805 }
806
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800807 /* Success! */
808 rc = 0;
809
810errout:
811 close(fd);
812 return rc;
813}
814
Ken Sumrall160b4d62013-04-22 12:15:39 -0700815static int validate_persistent_data_storage(struct crypt_mnt_ftr *crypt_ftr)
816{
817 if (crypt_ftr->persist_data_offset[0] + crypt_ftr->persist_data_size >
818 crypt_ftr->persist_data_offset[1]) {
819 SLOGE("Crypt_ftr persist data regions overlap");
820 return -1;
821 }
822
823 if (crypt_ftr->persist_data_offset[0] >= crypt_ftr->persist_data_offset[1]) {
824 SLOGE("Crypt_ftr persist data region 0 starts after region 1");
825 return -1;
826 }
827
828 if (((crypt_ftr->persist_data_offset[1] + crypt_ftr->persist_data_size) -
829 (crypt_ftr->persist_data_offset[0] - CRYPT_FOOTER_TO_PERSIST_OFFSET)) >
830 CRYPT_FOOTER_OFFSET) {
831 SLOGE("Persistent data extends past crypto footer");
832 return -1;
833 }
834
835 return 0;
836}
837
838static int load_persistent_data(void)
839{
840 struct crypt_mnt_ftr crypt_ftr;
841 struct crypt_persist_data *pdata = NULL;
842 char encrypted_state[PROPERTY_VALUE_MAX];
843 char *fname;
844 int found = 0;
845 int fd;
846 int ret;
847 int i;
848
849 if (persist_data) {
850 /* Nothing to do, we've already loaded or initialized it */
851 return 0;
852 }
853
854
855 /* If not encrypted, just allocate an empty table and initialize it */
856 property_get("ro.crypto.state", encrypted_state, "");
857 if (strcmp(encrypted_state, "encrypted") ) {
858 pdata = malloc(CRYPT_PERSIST_DATA_SIZE);
859 if (pdata) {
860 init_empty_persist_data(pdata, CRYPT_PERSIST_DATA_SIZE);
861 persist_data = pdata;
862 return 0;
863 }
864 return -1;
865 }
866
867 if(get_crypt_ftr_and_key(&crypt_ftr)) {
868 return -1;
869 }
870
Paul Lawrence8561b5c2014-03-17 14:10:51 -0700871 if ((crypt_ftr.major_version < 1)
872 || (crypt_ftr.major_version == 1 && crypt_ftr.minor_version < 1)) {
Ken Sumrall160b4d62013-04-22 12:15:39 -0700873 SLOGE("Crypt_ftr version doesn't support persistent data");
874 return -1;
875 }
876
877 if (get_crypt_ftr_info(&fname, NULL)) {
878 return -1;
879 }
880
881 ret = validate_persistent_data_storage(&crypt_ftr);
882 if (ret) {
883 return -1;
884 }
885
Jeff Sharkeyce6a9132015-04-08 21:07:21 -0700886 fd = open(fname, O_RDONLY|O_CLOEXEC);
Ken Sumrall160b4d62013-04-22 12:15:39 -0700887 if (fd < 0) {
888 SLOGE("Cannot open %s metadata file", fname);
889 return -1;
890 }
891
892 if (persist_data == NULL) {
893 pdata = malloc(crypt_ftr.persist_data_size);
894 if (pdata == NULL) {
895 SLOGE("Cannot allocate memory for persistent data");
896 goto err;
897 }
898 }
899
900 for (i = 0; i < 2; i++) {
901 if (lseek64(fd, crypt_ftr.persist_data_offset[i], SEEK_SET) < 0) {
902 SLOGE("Cannot seek to read persistent data on %s", fname);
903 goto err2;
904 }
905 if (unix_read(fd, pdata, crypt_ftr.persist_data_size) < 0){
906 SLOGE("Error reading persistent data on iteration %d", i);
907 goto err2;
908 }
909 if (pdata->persist_magic == PERSIST_DATA_MAGIC) {
910 found = 1;
911 break;
912 }
913 }
914
915 if (!found) {
916 SLOGI("Could not find valid persistent data, creating");
917 init_empty_persist_data(pdata, crypt_ftr.persist_data_size);
918 }
919
920 /* Success */
921 persist_data = pdata;
922 close(fd);
923 return 0;
924
925err2:
926 free(pdata);
927
928err:
929 close(fd);
930 return -1;
931}
932
933static int save_persistent_data(void)
934{
935 struct crypt_mnt_ftr crypt_ftr;
936 struct crypt_persist_data *pdata;
937 char *fname;
938 off64_t write_offset;
939 off64_t erase_offset;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700940 int fd;
941 int ret;
942
943 if (persist_data == NULL) {
944 SLOGE("No persistent data to save");
945 return -1;
946 }
947
948 if(get_crypt_ftr_and_key(&crypt_ftr)) {
949 return -1;
950 }
951
Paul Lawrence8561b5c2014-03-17 14:10:51 -0700952 if ((crypt_ftr.major_version < 1)
953 || (crypt_ftr.major_version == 1 && crypt_ftr.minor_version < 1)) {
Ken Sumrall160b4d62013-04-22 12:15:39 -0700954 SLOGE("Crypt_ftr version doesn't support persistent data");
955 return -1;
956 }
957
958 ret = validate_persistent_data_storage(&crypt_ftr);
959 if (ret) {
960 return -1;
961 }
962
963 if (get_crypt_ftr_info(&fname, NULL)) {
964 return -1;
965 }
966
Jeff Sharkeyce6a9132015-04-08 21:07:21 -0700967 fd = open(fname, O_RDWR|O_CLOEXEC);
Ken Sumrall160b4d62013-04-22 12:15:39 -0700968 if (fd < 0) {
969 SLOGE("Cannot open %s metadata file", fname);
970 return -1;
971 }
972
973 pdata = malloc(crypt_ftr.persist_data_size);
974 if (pdata == NULL) {
975 SLOGE("Cannot allocate persistant data");
976 goto err;
977 }
978
979 if (lseek64(fd, crypt_ftr.persist_data_offset[0], SEEK_SET) < 0) {
980 SLOGE("Cannot seek to read persistent data on %s", fname);
981 goto err2;
982 }
983
984 if (unix_read(fd, pdata, crypt_ftr.persist_data_size) < 0) {
985 SLOGE("Error reading persistent data before save");
986 goto err2;
987 }
988
989 if (pdata->persist_magic == PERSIST_DATA_MAGIC) {
990 /* The first copy is the curent valid copy, so write to
991 * the second copy and erase this one */
992 write_offset = crypt_ftr.persist_data_offset[1];
993 erase_offset = crypt_ftr.persist_data_offset[0];
994 } else {
995 /* The second copy must be the valid copy, so write to
996 * the first copy, and erase the second */
997 write_offset = crypt_ftr.persist_data_offset[0];
998 erase_offset = crypt_ftr.persist_data_offset[1];
999 }
1000
1001 /* Write the new copy first, if successful, then erase the old copy */
Björn Landström96dbee72015-01-20 12:43:56 +01001002 if (lseek64(fd, write_offset, SEEK_SET) < 0) {
Ken Sumrall160b4d62013-04-22 12:15:39 -07001003 SLOGE("Cannot seek to write persistent data");
1004 goto err2;
1005 }
1006 if (unix_write(fd, persist_data, crypt_ftr.persist_data_size) ==
1007 (int) crypt_ftr.persist_data_size) {
Björn Landström96dbee72015-01-20 12:43:56 +01001008 if (lseek64(fd, erase_offset, SEEK_SET) < 0) {
Ken Sumrall160b4d62013-04-22 12:15:39 -07001009 SLOGE("Cannot seek to erase previous persistent data");
1010 goto err2;
1011 }
1012 fsync(fd);
1013 memset(pdata, 0, crypt_ftr.persist_data_size);
1014 if (unix_write(fd, pdata, crypt_ftr.persist_data_size) !=
1015 (int) crypt_ftr.persist_data_size) {
1016 SLOGE("Cannot write to erase previous persistent data");
1017 goto err2;
1018 }
1019 fsync(fd);
1020 } else {
1021 SLOGE("Cannot write to save persistent data");
1022 goto err2;
1023 }
1024
1025 /* Success */
1026 free(pdata);
1027 close(fd);
1028 return 0;
1029
1030err2:
1031 free(pdata);
1032err:
1033 close(fd);
1034 return -1;
1035}
1036
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001037/* Convert a binary key of specified length into an ascii hex string equivalent,
1038 * without the leading 0x and with null termination
1039 */
Jeff Sharkey9c484982015-03-31 10:35:33 -07001040static void convert_key_to_hex_ascii(const unsigned char *master_key,
Paul Lawrence3bd36d52015-06-09 13:37:44 -07001041 unsigned int keysize, char *master_key_ascii) {
1042 unsigned int i, a;
1043 unsigned char nibble;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001044
Paul Lawrence3bd36d52015-06-09 13:37:44 -07001045 for (i=0, a=0; i<keysize; i++, a+=2) {
1046 /* For each byte, write out two ascii hex digits */
1047 nibble = (master_key[i] >> 4) & 0xf;
1048 master_key_ascii[a] = nibble + (nibble > 9 ? 0x37 : 0x30);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001049
Paul Lawrence3bd36d52015-06-09 13:37:44 -07001050 nibble = master_key[i] & 0xf;
1051 master_key_ascii[a+1] = nibble + (nibble > 9 ? 0x37 : 0x30);
1052 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001053
Paul Lawrence3bd36d52015-06-09 13:37:44 -07001054 /* Add the null termination */
1055 master_key_ascii[a] = '\0';
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001056
1057}
1058
Jeff Sharkey9c484982015-03-31 10:35:33 -07001059static int load_crypto_mapping_table(struct crypt_mnt_ftr *crypt_ftr,
1060 const unsigned char *master_key, const char *real_blk_name,
1061 const char *name, int fd, const char *extra_params) {
Dan Albertc07fa3f2014-12-18 10:00:55 -08001062 _Alignas(struct dm_ioctl) char buffer[DM_CRYPT_BUF_SIZE];
Ken Sumralldb5e0262013-02-05 17:39:48 -08001063 struct dm_ioctl *io;
1064 struct dm_target_spec *tgt;
1065 char *crypt_params;
1066 char master_key_ascii[129]; /* Large enough to hold 512 bit key and null */
1067 int i;
1068
1069 io = (struct dm_ioctl *) buffer;
1070
1071 /* Load the mapping table for this device */
1072 tgt = (struct dm_target_spec *) &buffer[sizeof(struct dm_ioctl)];
1073
1074 ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
1075 io->target_count = 1;
1076 tgt->status = 0;
1077 tgt->sector_start = 0;
1078 tgt->length = crypt_ftr->fs_size;
Ajay Dudani87701e22014-09-17 21:02:52 -07001079#ifdef CONFIG_HW_DISK_ENCRYPTION
Iliyan Malchevbb7d9af2014-11-20 18:42:23 -08001080 if (!strcmp((char *)crypt_ftr->crypto_type_name, "aes-xts")) {
1081 strlcpy(tgt->target_type, "req-crypt", DM_MAX_TYPE_NAME);
1082 }
1083 else {
1084 strlcpy(tgt->target_type, "crypt", DM_MAX_TYPE_NAME);
1085 }
Ajay Dudani87701e22014-09-17 21:02:52 -07001086#else
1087 strlcpy(tgt->target_type, "crypt", DM_MAX_TYPE_NAME);
1088#endif
Ken Sumralldb5e0262013-02-05 17:39:48 -08001089
1090 crypt_params = buffer + sizeof(struct dm_ioctl) + sizeof(struct dm_target_spec);
1091 convert_key_to_hex_ascii(master_key, crypt_ftr->keysize, master_key_ascii);
1092 sprintf(crypt_params, "%s %s 0 %s 0 %s", crypt_ftr->crypto_type_name,
1093 master_key_ascii, real_blk_name, extra_params);
1094 crypt_params += strlen(crypt_params) + 1;
1095 crypt_params = (char *) (((unsigned long)crypt_params + 7) & ~8); /* Align to an 8 byte boundary */
1096 tgt->next = crypt_params - buffer;
1097
1098 for (i = 0; i < TABLE_LOAD_RETRIES; i++) {
1099 if (! ioctl(fd, DM_TABLE_LOAD, io)) {
1100 break;
1101 }
1102 usleep(500000);
1103 }
1104
1105 if (i == TABLE_LOAD_RETRIES) {
1106 /* We failed to load the table, return an error */
1107 return -1;
1108 } else {
1109 return i + 1;
1110 }
1111}
1112
1113
1114static int get_dm_crypt_version(int fd, const char *name, int *version)
1115{
1116 char buffer[DM_CRYPT_BUF_SIZE];
1117 struct dm_ioctl *io;
1118 struct dm_target_versions *v;
Ken Sumralldb5e0262013-02-05 17:39:48 -08001119
1120 io = (struct dm_ioctl *) buffer;
1121
1122 ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
1123
1124 if (ioctl(fd, DM_LIST_VERSIONS, io)) {
1125 return -1;
1126 }
1127
1128 /* Iterate over the returned versions, looking for name of "crypt".
1129 * When found, get and return the version.
1130 */
1131 v = (struct dm_target_versions *) &buffer[sizeof(struct dm_ioctl)];
1132 while (v->next) {
Ajay Dudani87701e22014-09-17 21:02:52 -07001133#ifdef CONFIG_HW_DISK_ENCRYPTION
Iliyan Malchevbb7d9af2014-11-20 18:42:23 -08001134 if (! strcmp(v->name, "crypt") || ! strcmp(v->name, "req-crypt")) {
Ajay Dudani87701e22014-09-17 21:02:52 -07001135#else
Ken Sumralldb5e0262013-02-05 17:39:48 -08001136 if (! strcmp(v->name, "crypt")) {
Ajay Dudani87701e22014-09-17 21:02:52 -07001137#endif
Ken Sumralldb5e0262013-02-05 17:39:48 -08001138 /* We found the crypt driver, return the version, and get out */
1139 version[0] = v->version[0];
1140 version[1] = v->version[1];
1141 version[2] = v->version[2];
1142 return 0;
1143 }
1144 v = (struct dm_target_versions *)(((char *)v) + v->next);
1145 }
1146
1147 return -1;
1148}
1149
Jeff Sharkey9c484982015-03-31 10:35:33 -07001150static int create_crypto_blk_dev(struct crypt_mnt_ftr *crypt_ftr,
1151 const unsigned char *master_key, const char *real_blk_name,
1152 char *crypto_blk_name, const char *name) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001153 char buffer[DM_CRYPT_BUF_SIZE];
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001154 struct dm_ioctl *io;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001155 unsigned int minor;
Ajay Dudani87701e22014-09-17 21:02:52 -07001156 int fd=0;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001157 int retval = -1;
Ken Sumralldb5e0262013-02-05 17:39:48 -08001158 int version[3];
1159 char *extra_params;
1160 int load_count;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001161
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07001162 if ((fd = open("/dev/device-mapper", O_RDWR|O_CLOEXEC)) < 0 ) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001163 SLOGE("Cannot open device-mapper\n");
1164 goto errout;
1165 }
1166
1167 io = (struct dm_ioctl *) buffer;
1168
1169 ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
1170 if (ioctl(fd, DM_DEV_CREATE, io)) {
1171 SLOGE("Cannot create dm-crypt device\n");
1172 goto errout;
1173 }
1174
1175 /* Get the device status, in particular, the name of it's device file */
1176 ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
1177 if (ioctl(fd, DM_DEV_STATUS, io)) {
1178 SLOGE("Cannot retrieve dm-crypt device status\n");
1179 goto errout;
1180 }
1181 minor = (io->dev & 0xff) | ((io->dev >> 12) & 0xfff00);
1182 snprintf(crypto_blk_name, MAXPATHLEN, "/dev/block/dm-%u", minor);
1183
Ken Sumralldb5e0262013-02-05 17:39:48 -08001184 extra_params = "";
1185 if (! get_dm_crypt_version(fd, name, version)) {
1186 /* Support for allow_discards was added in version 1.11.0 */
1187 if ((version[0] >= 2) ||
1188 ((version[0] == 1) && (version[1] >= 11))) {
1189 extra_params = "1 allow_discards";
1190 SLOGI("Enabling support for allow_discards in dmcrypt.\n");
1191 }
Ken Sumralle919efe2012-09-29 17:07:41 -07001192 }
1193
Ken Sumralldb5e0262013-02-05 17:39:48 -08001194 load_count = load_crypto_mapping_table(crypt_ftr, master_key, real_blk_name, name,
1195 fd, extra_params);
1196 if (load_count < 0) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001197 SLOGE("Cannot load dm-crypt mapping table.\n");
1198 goto errout;
Ken Sumralldb5e0262013-02-05 17:39:48 -08001199 } else if (load_count > 1) {
1200 SLOGI("Took %d tries to load dmcrypt table.\n", load_count);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001201 }
1202
1203 /* Resume this device to activate it */
Ken Sumralldb5e0262013-02-05 17:39:48 -08001204 ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001205
1206 if (ioctl(fd, DM_DEV_SUSPEND, io)) {
1207 SLOGE("Cannot resume the dm-crypt device\n");
1208 goto errout;
1209 }
1210
1211 /* We made it here with no errors. Woot! */
1212 retval = 0;
1213
1214errout:
1215 close(fd); /* If fd is <0 from a failed open call, it's safe to just ignore the close error */
1216
1217 return retval;
1218}
1219
Ken Sumrall29d8da82011-05-18 17:20:07 -07001220static int delete_crypto_blk_dev(char *name)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001221{
1222 int fd;
1223 char buffer[DM_CRYPT_BUF_SIZE];
1224 struct dm_ioctl *io;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001225 int retval = -1;
1226
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07001227 if ((fd = open("/dev/device-mapper", O_RDWR|O_CLOEXEC)) < 0 ) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001228 SLOGE("Cannot open device-mapper\n");
1229 goto errout;
1230 }
1231
1232 io = (struct dm_ioctl *) buffer;
1233
1234 ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
1235 if (ioctl(fd, DM_DEV_REMOVE, io)) {
1236 SLOGE("Cannot remove dm-crypt device\n");
1237 goto errout;
1238 }
1239
1240 /* We made it here with no errors. Woot! */
1241 retval = 0;
1242
1243errout:
1244 close(fd); /* If fd is <0 from a failed open call, it's safe to just ignore the close error */
1245
1246 return retval;
1247
1248}
1249
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001250static int pbkdf2(const char *passwd, const unsigned char *salt,
Paul Lawrencef4faa572014-01-29 13:31:03 -08001251 unsigned char *ikey, void *params UNUSED)
1252{
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001253 SLOGI("Using pbkdf2 for cryptfs KDF");
1254
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001255 /* Turn the password into a key and IV that can decrypt the master key */
Adam Langleybf0d9722015-11-04 14:51:39 -08001256 return PKCS5_PBKDF2_HMAC_SHA1(passwd, strlen(passwd), salt, SALT_LEN,
1257 HASH_COUNT, KEY_LEN_BYTES + IV_LEN_BYTES,
1258 ikey) != 1;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001259}
1260
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001261static int scrypt(const char *passwd, const unsigned char *salt,
Paul Lawrencef4faa572014-01-29 13:31:03 -08001262 unsigned char *ikey, void *params)
1263{
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001264 SLOGI("Using scrypt for cryptfs KDF");
1265
Kenny Rootc4c70f12013-06-14 12:11:38 -07001266 struct crypt_mnt_ftr *ftr = (struct crypt_mnt_ftr *) params;
1267
1268 int N = 1 << ftr->N_factor;
1269 int r = 1 << ftr->r_factor;
1270 int p = 1 << ftr->p_factor;
1271
1272 /* Turn the password into a key and IV that can decrypt the master key */
Paul Lawrencef4faa572014-01-29 13:31:03 -08001273 unsigned int keysize;
Paul Lawrence3bd36d52015-06-09 13:37:44 -07001274 crypto_scrypt((const uint8_t*)passwd, strlen(passwd),
1275 salt, SALT_LEN, N, r, p, ikey,
1276 KEY_LEN_BYTES + IV_LEN_BYTES);
Paul Lawrencef4faa572014-01-29 13:31:03 -08001277
Paul Lawrence3bd36d52015-06-09 13:37:44 -07001278 return 0;
Kenny Rootc4c70f12013-06-14 12:11:38 -07001279}
1280
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001281static int scrypt_keymaster(const char *passwd, const unsigned char *salt,
1282 unsigned char *ikey, void *params)
1283{
1284 SLOGI("Using scrypt with keymaster for cryptfs KDF");
1285
1286 int rc;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001287 size_t signature_size;
1288 unsigned char* signature;
1289 struct crypt_mnt_ftr *ftr = (struct crypt_mnt_ftr *) params;
1290
1291 int N = 1 << ftr->N_factor;
1292 int r = 1 << ftr->r_factor;
1293 int p = 1 << ftr->p_factor;
1294
Paul Lawrence3bd36d52015-06-09 13:37:44 -07001295 rc = crypto_scrypt((const uint8_t*)passwd, strlen(passwd),
1296 salt, SALT_LEN, N, r, p, ikey,
1297 KEY_LEN_BYTES + IV_LEN_BYTES);
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001298
1299 if (rc) {
1300 SLOGE("scrypt failed");
1301 return -1;
1302 }
1303
Shawn Willdene17a9c42014-09-08 13:04:08 -06001304 if (keymaster_sign_object(ftr, ikey, KEY_LEN_BYTES + IV_LEN_BYTES,
1305 &signature, &signature_size)) {
1306 SLOGE("Signing failed");
1307 return -1;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001308 }
1309
1310 rc = crypto_scrypt(signature, signature_size, salt, SALT_LEN,
1311 N, r, p, ikey, KEY_LEN_BYTES + IV_LEN_BYTES);
1312 free(signature);
1313
1314 if (rc) {
1315 SLOGE("scrypt failed");
1316 return -1;
1317 }
1318
1319 return 0;
1320}
1321
1322static int encrypt_master_key(const char *passwd, const unsigned char *salt,
1323 const unsigned char *decrypted_master_key,
Kenny Rootc4c70f12013-06-14 12:11:38 -07001324 unsigned char *encrypted_master_key,
1325 struct crypt_mnt_ftr *crypt_ftr)
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001326{
1327 unsigned char ikey[32+32] = { 0 }; /* Big enough to hold a 256 bit key and 256 bit IV */
1328 EVP_CIPHER_CTX e_ctx;
1329 int encrypted_len, final_len;
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001330 int rc = 0;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001331
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001332 /* Turn the password into an intermediate key and IV that can decrypt the master key */
Kenny Rootc4c70f12013-06-14 12:11:38 -07001333 get_device_scrypt_params(crypt_ftr);
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001334
1335 switch (crypt_ftr->kdf_type) {
1336 case KDF_SCRYPT_KEYMASTER:
1337 if (keymaster_create_key(crypt_ftr)) {
1338 SLOGE("keymaster_create_key failed");
1339 return -1;
1340 }
1341
1342 if (scrypt_keymaster(passwd, salt, ikey, crypt_ftr)) {
1343 SLOGE("scrypt failed");
1344 return -1;
1345 }
1346 break;
1347
1348 case KDF_SCRYPT:
1349 if (scrypt(passwd, salt, ikey, crypt_ftr)) {
1350 SLOGE("scrypt failed");
1351 return -1;
1352 }
1353 break;
1354
1355 default:
1356 SLOGE("Invalid kdf_type");
Paul Lawrencef4faa572014-01-29 13:31:03 -08001357 return -1;
1358 }
Kenny Rootc4c70f12013-06-14 12:11:38 -07001359
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001360 /* Initialize the decryption engine */
Adam Langley889c4f12014-09-03 14:23:13 -07001361 EVP_CIPHER_CTX_init(&e_ctx);
1362 if (! EVP_EncryptInit_ex(&e_ctx, EVP_aes_128_cbc(), NULL, ikey, ikey+KEY_LEN_BYTES)) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001363 SLOGE("EVP_EncryptInit failed\n");
1364 return -1;
1365 }
1366 EVP_CIPHER_CTX_set_padding(&e_ctx, 0); /* Turn off padding as our data is block aligned */
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001367
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001368 /* Encrypt the master key */
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001369 if (! EVP_EncryptUpdate(&e_ctx, encrypted_master_key, &encrypted_len,
Paul Lawrence731a7a22015-04-28 22:14:15 +00001370 decrypted_master_key, KEY_LEN_BYTES)) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001371 SLOGE("EVP_EncryptUpdate failed\n");
1372 return -1;
1373 }
Adam Langley889c4f12014-09-03 14:23:13 -07001374 if (! EVP_EncryptFinal_ex(&e_ctx, encrypted_master_key + encrypted_len, &final_len)) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001375 SLOGE("EVP_EncryptFinal failed\n");
1376 return -1;
1377 }
1378
1379 if (encrypted_len + final_len != KEY_LEN_BYTES) {
1380 SLOGE("EVP_Encryption length check failed with %d, %d bytes\n", encrypted_len, final_len);
1381 return -1;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001382 }
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001383
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001384 /* Store the scrypt of the intermediate key, so we can validate if it's a
1385 password error or mount error when things go wrong.
1386 Note there's no need to check for errors, since if this is incorrect, we
1387 simply won't wipe userdata, which is the correct default behavior
1388 */
1389 int N = 1 << crypt_ftr->N_factor;
1390 int r = 1 << crypt_ftr->r_factor;
1391 int p = 1 << crypt_ftr->p_factor;
1392
1393 rc = crypto_scrypt(ikey, KEY_LEN_BYTES,
1394 crypt_ftr->salt, sizeof(crypt_ftr->salt), N, r, p,
1395 crypt_ftr->scrypted_intermediate_key,
1396 sizeof(crypt_ftr->scrypted_intermediate_key));
1397
1398 if (rc) {
1399 SLOGE("encrypt_master_key: crypto_scrypt failed");
1400 }
1401
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001402 return 0;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001403}
1404
Paul Lawrence731a7a22015-04-28 22:14:15 +00001405static int decrypt_master_key_aux(const char *passwd, unsigned char *salt,
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001406 unsigned char *encrypted_master_key,
1407 unsigned char *decrypted_master_key,
1408 kdf_func kdf, void *kdf_params,
1409 unsigned char** intermediate_key,
1410 size_t* intermediate_key_size)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001411{
1412 unsigned char ikey[32+32] = { 0 }; /* Big enough to hold a 256 bit key and 256 bit IV */
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001413 EVP_CIPHER_CTX d_ctx;
1414 int decrypted_len, final_len;
1415
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001416 /* Turn the password into an intermediate key and IV that can decrypt the
1417 master key */
Paul Lawrencef4faa572014-01-29 13:31:03 -08001418 if (kdf(passwd, salt, ikey, kdf_params)) {
1419 SLOGE("kdf failed");
1420 return -1;
1421 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001422
1423 /* Initialize the decryption engine */
Adam Langley889c4f12014-09-03 14:23:13 -07001424 EVP_CIPHER_CTX_init(&d_ctx);
1425 if (! EVP_DecryptInit_ex(&d_ctx, EVP_aes_128_cbc(), NULL, ikey, ikey+KEY_LEN_BYTES)) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001426 return -1;
1427 }
1428 EVP_CIPHER_CTX_set_padding(&d_ctx, 0); /* Turn off padding as our data is block aligned */
1429 /* Decrypt the master key */
1430 if (! EVP_DecryptUpdate(&d_ctx, decrypted_master_key, &decrypted_len,
1431 encrypted_master_key, KEY_LEN_BYTES)) {
1432 return -1;
1433 }
Adam Langley889c4f12014-09-03 14:23:13 -07001434 if (! EVP_DecryptFinal_ex(&d_ctx, decrypted_master_key + decrypted_len, &final_len)) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001435 return -1;
1436 }
1437
1438 if (decrypted_len + final_len != KEY_LEN_BYTES) {
1439 return -1;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001440 }
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001441
1442 /* Copy intermediate key if needed by params */
1443 if (intermediate_key && intermediate_key_size) {
1444 *intermediate_key = (unsigned char*) malloc(KEY_LEN_BYTES);
1445 if (intermediate_key) {
1446 memcpy(*intermediate_key, ikey, KEY_LEN_BYTES);
1447 *intermediate_key_size = KEY_LEN_BYTES;
1448 }
1449 }
1450
1451 return 0;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001452}
1453
Kenny Rootc4c70f12013-06-14 12:11:38 -07001454static void get_kdf_func(struct crypt_mnt_ftr *ftr, kdf_func *kdf, void** kdf_params)
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001455{
Paul Lawrencedb3730c2015-02-03 13:08:10 -08001456 if (ftr->kdf_type == KDF_SCRYPT_KEYMASTER) {
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001457 *kdf = scrypt_keymaster;
1458 *kdf_params = ftr;
1459 } else if (ftr->kdf_type == KDF_SCRYPT) {
Kenny Rootc4c70f12013-06-14 12:11:38 -07001460 *kdf = scrypt;
1461 *kdf_params = ftr;
1462 } else {
1463 *kdf = pbkdf2;
1464 *kdf_params = NULL;
1465 }
1466}
1467
Paul Lawrence731a7a22015-04-28 22:14:15 +00001468static int decrypt_master_key(const char *passwd, unsigned char *decrypted_master_key,
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001469 struct crypt_mnt_ftr *crypt_ftr,
1470 unsigned char** intermediate_key,
1471 size_t* intermediate_key_size)
Kenny Rootc4c70f12013-06-14 12:11:38 -07001472{
1473 kdf_func kdf;
1474 void *kdf_params;
1475 int ret;
1476
1477 get_kdf_func(crypt_ftr, &kdf, &kdf_params);
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001478 ret = decrypt_master_key_aux(passwd, crypt_ftr->salt, crypt_ftr->master_key,
1479 decrypted_master_key, kdf, kdf_params,
1480 intermediate_key, intermediate_key_size);
Kenny Rootc4c70f12013-06-14 12:11:38 -07001481 if (ret != 0) {
1482 SLOGW("failure decrypting master key");
Kenny Rootc4c70f12013-06-14 12:11:38 -07001483 }
1484
1485 return ret;
1486}
1487
1488static int create_encrypted_random_key(char *passwd, unsigned char *master_key, unsigned char *salt,
1489 struct crypt_mnt_ftr *crypt_ftr) {
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001490 int fd;
Ken Sumralle8744072011-01-18 22:01:55 -08001491 unsigned char key_buf[KEY_LEN_BYTES];
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001492
1493 /* Get some random bits for a key */
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07001494 fd = open("/dev/urandom", O_RDONLY|O_CLOEXEC);
Ken Sumralle8744072011-01-18 22:01:55 -08001495 read(fd, key_buf, sizeof(key_buf));
1496 read(fd, salt, SALT_LEN);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001497 close(fd);
1498
1499 /* Now encrypt it with the password */
Kenny Rootc4c70f12013-06-14 12:11:38 -07001500 return encrypt_master_key(passwd, salt, key_buf, master_key, crypt_ftr);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001501}
1502
Paul Lawrence2f32cda2015-05-05 14:28:25 -07001503int wait_and_unmount(const char *mountpoint, bool kill)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001504{
Greg Hackmann955653e2014-09-24 14:55:20 -07001505 int i, err, rc;
Ken Sumrall2eaf7132011-01-14 12:45:48 -08001506#define WAIT_UNMOUNT_COUNT 20
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001507
1508 /* Now umount the tmpfs filesystem */
1509 for (i=0; i<WAIT_UNMOUNT_COUNT; i++) {
Greg Hackmann6e8440f2014-10-02 17:18:20 -07001510 if (umount(mountpoint) == 0) {
1511 break;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001512 }
Greg Hackmann6e8440f2014-10-02 17:18:20 -07001513
1514 if (errno == EINVAL) {
1515 /* EINVAL is returned if the directory is not a mountpoint,
1516 * i.e. there is no filesystem mounted there. So just get out.
1517 */
1518 break;
1519 }
1520
1521 err = errno;
1522
1523 /* If allowed, be increasingly aggressive before the last two retries */
1524 if (kill) {
1525 if (i == (WAIT_UNMOUNT_COUNT - 3)) {
1526 SLOGW("sending SIGHUP to processes with open files\n");
Jeff Sharkey36801cc2015-03-13 16:09:20 -07001527 vold_killProcessesWithOpenFiles(mountpoint, SIGTERM);
Greg Hackmann6e8440f2014-10-02 17:18:20 -07001528 } else if (i == (WAIT_UNMOUNT_COUNT - 2)) {
1529 SLOGW("sending SIGKILL to processes with open files\n");
Jeff Sharkey36801cc2015-03-13 16:09:20 -07001530 vold_killProcessesWithOpenFiles(mountpoint, SIGKILL);
Greg Hackmann6e8440f2014-10-02 17:18:20 -07001531 }
1532 }
1533
1534 sleep(1);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001535 }
1536
1537 if (i < WAIT_UNMOUNT_COUNT) {
1538 SLOGD("unmounting %s succeeded\n", mountpoint);
1539 rc = 0;
1540 } else {
jessica_yu3f14fe42014-09-22 15:57:40 +08001541 vold_killProcessesWithOpenFiles(mountpoint, 0);
Greg Hackmann955653e2014-09-24 14:55:20 -07001542 SLOGE("unmounting %s failed: %s\n", mountpoint, strerror(err));
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001543 rc = -1;
1544 }
1545
1546 return rc;
1547}
1548
Paul Lawrenceb1ef4662015-06-11 11:15:29 -07001549#define DATA_PREP_TIMEOUT 1000
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001550static int prep_data_fs(void)
1551{
1552 int i;
1553
Jeff Sharkey47695b22016-02-01 17:02:29 -07001554 // NOTE: post_fs_data results in init calling back around to vold, so all
1555 // callers to this method must be async
1556
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001557 /* Do the prep of the /data filesystem */
1558 property_set("vold.post_fs_data_done", "0");
1559 property_set("vold.decrypt", "trigger_post_fs_data");
1560 SLOGD("Just triggered post_fs_data\n");
1561
Ken Sumrallc5872692013-05-14 15:26:31 -07001562 /* Wait a max of 50 seconds, hopefully it takes much less */
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001563 for (i=0; i<DATA_PREP_TIMEOUT; i++) {
Ken Sumrall29d8da82011-05-18 17:20:07 -07001564 char p[PROPERTY_VALUE_MAX];
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001565
1566 property_get("vold.post_fs_data_done", p, "0");
1567 if (*p == '1') {
1568 break;
1569 } else {
Paul Lawrenceb1ef4662015-06-11 11:15:29 -07001570 usleep(50000);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001571 }
1572 }
1573 if (i == DATA_PREP_TIMEOUT) {
1574 /* Ugh, we failed to prep /data in time. Bail. */
Ken Sumrallc5872692013-05-14 15:26:31 -07001575 SLOGE("post_fs_data timed out!\n");
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001576 return -1;
1577 } else {
1578 SLOGD("post_fs_data done\n");
1579 return 0;
1580 }
1581}
1582
Paul Lawrence74f29f12014-08-28 15:54:10 -07001583static void cryptfs_set_corrupt()
1584{
1585 // Mark the footer as bad
1586 struct crypt_mnt_ftr crypt_ftr;
1587 if (get_crypt_ftr_and_key(&crypt_ftr)) {
1588 SLOGE("Failed to get crypto footer - panic");
1589 return;
1590 }
1591
1592 crypt_ftr.flags |= CRYPT_DATA_CORRUPT;
1593 if (put_crypt_ftr_and_key(&crypt_ftr)) {
1594 SLOGE("Failed to set crypto footer - panic");
1595 return;
1596 }
1597}
1598
1599static void cryptfs_trigger_restart_min_framework()
1600{
1601 if (fs_mgr_do_tmpfs_mount(DATA_MNT_POINT)) {
1602 SLOGE("Failed to mount tmpfs on data - panic");
1603 return;
1604 }
1605
1606 if (property_set("vold.decrypt", "trigger_post_fs_data")) {
1607 SLOGE("Failed to trigger post fs data - panic");
1608 return;
1609 }
1610
1611 if (property_set("vold.decrypt", "trigger_restart_min_framework")) {
1612 SLOGE("Failed to trigger restart min framework - panic");
1613 return;
1614 }
1615}
1616
Paul Lawrence8e3f4512014-09-08 10:11:17 -07001617/* returns < 0 on failure */
Paul Lawrencef4faa572014-01-29 13:31:03 -08001618static int cryptfs_restart_internal(int restart_main)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001619{
Ken Sumrall6864b7e2011-01-14 15:20:02 -08001620 char crypto_blkdev[MAXPATHLEN];
Tim Murray8439dc92014-12-15 11:56:11 -08001621 int rc = -1;
Ken Sumrall0cc16632011-01-18 20:32:26 -08001622 static int restart_successful = 0;
1623
1624 /* Validate that it's OK to call this routine */
Jason parks70a4b3f2011-01-28 10:10:47 -06001625 if (! master_key_saved) {
Ken Sumrall0cc16632011-01-18 20:32:26 -08001626 SLOGE("Encrypted filesystem not validated, aborting");
1627 return -1;
1628 }
1629
1630 if (restart_successful) {
1631 SLOGE("System already restarted with encrypted disk, aborting");
1632 return -1;
1633 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001634
Paul Lawrencef4faa572014-01-29 13:31:03 -08001635 if (restart_main) {
1636 /* Here is where we shut down the framework. The init scripts
1637 * start all services in one of three classes: core, main or late_start.
1638 * On boot, we start core and main. Now, we stop main, but not core,
1639 * as core includes vold and a few other really important things that
1640 * we need to keep running. Once main has stopped, we should be able
1641 * to umount the tmpfs /data, then mount the encrypted /data.
1642 * We then restart the class main, and also the class late_start.
1643 * At the moment, I've only put a few things in late_start that I know
1644 * are not needed to bring up the framework, and that also cause problems
1645 * with unmounting the tmpfs /data, but I hope to add add more services
1646 * to the late_start class as we optimize this to decrease the delay
1647 * till the user is asked for the password to the filesystem.
1648 */
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001649
Paul Lawrencef4faa572014-01-29 13:31:03 -08001650 /* The init files are setup to stop the class main when vold.decrypt is
1651 * set to trigger_reset_main.
1652 */
1653 property_set("vold.decrypt", "trigger_reset_main");
1654 SLOGD("Just asked init to shut down class main\n");
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001655
Paul Lawrencef4faa572014-01-29 13:31:03 -08001656 /* Ugh, shutting down the framework is not synchronous, so until it
1657 * can be fixed, this horrible hack will wait a moment for it all to
1658 * shut down before proceeding. Without it, some devices cannot
1659 * restart the graphics services.
1660 */
1661 sleep(2);
1662 }
Ken Sumrall9dedfd42012-10-09 14:16:59 -07001663
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001664 /* Now that the framework is shutdown, we should be able to umount()
1665 * the tmpfs filesystem, and mount the real one.
1666 */
1667
Ken Sumrall6864b7e2011-01-14 15:20:02 -08001668 property_get("ro.crypto.fs_crypto_blkdev", crypto_blkdev, "");
1669 if (strlen(crypto_blkdev) == 0) {
1670 SLOGE("fs_crypto_blkdev not set\n");
1671 return -1;
1672 }
1673
Greg Hackmann6e8440f2014-10-02 17:18:20 -07001674 if (! (rc = wait_and_unmount(DATA_MNT_POINT, true)) ) {
Doug Zongker6fd57712013-12-17 09:43:23 -08001675 /* If ro.crypto.readonly is set to 1, mount the decrypted
1676 * filesystem readonly. This is used when /data is mounted by
1677 * recovery mode.
1678 */
1679 char ro_prop[PROPERTY_VALUE_MAX];
1680 property_get("ro.crypto.readonly", ro_prop, "");
1681 if (strlen(ro_prop) > 0 && atoi(ro_prop)) {
1682 struct fstab_rec* rec = fs_mgr_get_entry_for_mount_point(fstab, DATA_MNT_POINT);
1683 rec->flags |= MS_RDONLY;
1684 }
JP Abgrall62c7af32014-06-16 13:01:23 -07001685
Ken Sumralle5032c42012-04-01 23:58:44 -07001686 /* If that succeeded, then mount the decrypted filesystem */
Paul Lawrence8e3f4512014-09-08 10:11:17 -07001687 int retries = RETRY_MOUNT_ATTEMPTS;
1688 int mount_rc;
Jeff Vander Stoepdf725752016-01-29 15:34:43 -08001689
1690 /*
1691 * fs_mgr_do_mount runs fsck. Use setexeccon to run trusted
1692 * partitions in the fsck domain.
1693 */
1694 if (setexeccon(secontextFsck())){
1695 SLOGE("Failed to setexeccon");
1696 return -1;
1697 }
Paul Lawrence8e3f4512014-09-08 10:11:17 -07001698 while ((mount_rc = fs_mgr_do_mount(fstab, DATA_MNT_POINT,
1699 crypto_blkdev, 0))
1700 != 0) {
1701 if (mount_rc == FS_MGR_DOMNT_BUSY) {
1702 /* TODO: invoke something similar to
1703 Process::killProcessWithOpenFiles(DATA_MNT_POINT,
1704 retries > RETRY_MOUNT_ATTEMPT/2 ? 1 : 2 ) */
1705 SLOGI("Failed to mount %s because it is busy - waiting",
1706 crypto_blkdev);
1707 if (--retries) {
1708 sleep(RETRY_MOUNT_DELAY_SECONDS);
1709 } else {
1710 /* Let's hope that a reboot clears away whatever is keeping
1711 the mount busy */
1712 cryptfs_reboot(reboot);
1713 }
1714 } else {
1715 SLOGE("Failed to mount decrypted data");
1716 cryptfs_set_corrupt();
1717 cryptfs_trigger_restart_min_framework();
1718 SLOGI("Started framework to offer wipe");
Jeff Vander Stoepdf725752016-01-29 15:34:43 -08001719 if (setexeccon(NULL)) {
1720 SLOGE("Failed to setexeccon");
1721 }
Paul Lawrence8e3f4512014-09-08 10:11:17 -07001722 return -1;
1723 }
Paul Lawrence74f29f12014-08-28 15:54:10 -07001724 }
Jeff Vander Stoepdf725752016-01-29 15:34:43 -08001725 if (setexeccon(NULL)) {
1726 SLOGE("Failed to setexeccon");
1727 return -1;
1728 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001729
Ken Sumralle5032c42012-04-01 23:58:44 -07001730 property_set("vold.decrypt", "trigger_load_persist_props");
1731 /* Create necessary paths on /data */
1732 if (prep_data_fs()) {
1733 return -1;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001734 }
Ken Sumralle5032c42012-04-01 23:58:44 -07001735
1736 /* startup service classes main and late_start */
1737 property_set("vold.decrypt", "trigger_restart_framework");
1738 SLOGD("Just triggered restart_framework\n");
1739
1740 /* Give it a few moments to get started */
1741 sleep(1);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001742 }
1743
Ken Sumrall0cc16632011-01-18 20:32:26 -08001744 if (rc == 0) {
1745 restart_successful = 1;
1746 }
1747
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001748 return rc;
1749}
1750
Paul Lawrencef4faa572014-01-29 13:31:03 -08001751int cryptfs_restart(void)
1752{
Paul Lawrence05335c32015-03-05 09:46:23 -08001753 SLOGI("cryptfs_restart");
Paul Crowley38132a12016-02-09 09:50:32 +00001754 if (e4crypt_is_native()) {
Paul Lawrence7b6b5652016-02-02 11:14:59 -08001755 SLOGE("cryptfs_restart not valid for file encryption:");
1756 return -1;
Paul Lawrence05335c32015-03-05 09:46:23 -08001757 }
1758
Paul Lawrencef4faa572014-01-29 13:31:03 -08001759 /* Call internal implementation forcing a restart of main service group */
1760 return cryptfs_restart_internal(1);
1761}
1762
Paul Lawrence05335c32015-03-05 09:46:23 -08001763static int do_crypto_complete(char *mount_point)
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08001764{
1765 struct crypt_mnt_ftr crypt_ftr;
Ken Sumrall29d8da82011-05-18 17:20:07 -07001766 char encrypted_state[PROPERTY_VALUE_MAX];
Ken Sumralle1a45852011-12-14 21:24:27 -08001767 char key_loc[PROPERTY_VALUE_MAX];
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08001768
1769 property_get("ro.crypto.state", encrypted_state, "");
1770 if (strcmp(encrypted_state, "encrypted") ) {
1771 SLOGE("not running with encryption, aborting");
Paul Lawrence74f29f12014-08-28 15:54:10 -07001772 return CRYPTO_COMPLETE_NOT_ENCRYPTED;
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08001773 }
1774
Paul Lawrence7b6b5652016-02-02 11:14:59 -08001775 // crypto_complete is full disk encrypted status
Paul Crowley38132a12016-02-09 09:50:32 +00001776 if (e4crypt_is_native()) {
Paul Lawrence7b6b5652016-02-02 11:14:59 -08001777 return CRYPTO_COMPLETE_NOT_ENCRYPTED;
Paul Lawrence05335c32015-03-05 09:46:23 -08001778 }
1779
Ken Sumrall160b4d62013-04-22 12:15:39 -07001780 if (get_crypt_ftr_and_key(&crypt_ftr)) {
Ken Sumrall56ad03c2013-02-13 13:00:19 -08001781 fs_mgr_get_crypt_info(fstab, key_loc, 0, sizeof(key_loc));
Ken Sumralle5032c42012-04-01 23:58:44 -07001782
Ken Sumralle1a45852011-12-14 21:24:27 -08001783 /*
1784 * Only report this error if key_loc is a file and it exists.
1785 * If the device was never encrypted, and /data is not mountable for
1786 * some reason, returning 1 should prevent the UI from presenting the
1787 * a "enter password" screen, or worse, a "press button to wipe the
1788 * device" screen.
1789 */
1790 if ((key_loc[0] == '/') && (access("key_loc", F_OK) == -1)) {
1791 SLOGE("master key file does not exist, aborting");
Paul Lawrence74f29f12014-08-28 15:54:10 -07001792 return CRYPTO_COMPLETE_NOT_ENCRYPTED;
Ken Sumralle1a45852011-12-14 21:24:27 -08001793 } else {
1794 SLOGE("Error getting crypt footer and key\n");
Paul Lawrence74f29f12014-08-28 15:54:10 -07001795 return CRYPTO_COMPLETE_BAD_METADATA;
Ken Sumralle1a45852011-12-14 21:24:27 -08001796 }
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08001797 }
1798
Paul Lawrence74f29f12014-08-28 15:54:10 -07001799 // Test for possible error flags
1800 if (crypt_ftr.flags & CRYPT_ENCRYPTION_IN_PROGRESS){
1801 SLOGE("Encryption process is partway completed\n");
1802 return CRYPTO_COMPLETE_PARTIAL;
1803 }
1804
1805 if (crypt_ftr.flags & CRYPT_INCONSISTENT_STATE){
1806 SLOGE("Encryption process was interrupted but cannot continue\n");
1807 return CRYPTO_COMPLETE_INCONSISTENT;
1808 }
1809
1810 if (crypt_ftr.flags & CRYPT_DATA_CORRUPT){
1811 SLOGE("Encryption is successful but data is corrupt\n");
1812 return CRYPTO_COMPLETE_CORRUPT;
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08001813 }
1814
1815 /* We passed the test! We shall diminish, and return to the west */
Paul Lawrence74f29f12014-08-28 15:54:10 -07001816 return CRYPTO_COMPLETE_ENCRYPTED;
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08001817}
1818
Paul Lawrencef4faa572014-01-29 13:31:03 -08001819static int test_mount_encrypted_fs(struct crypt_mnt_ftr* crypt_ftr,
1820 char *passwd, char *mount_point, char *label)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001821{
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001822 /* Allocate enough space for a 256 bit key, but we may use less */
Ken Sumrall160b4d62013-04-22 12:15:39 -07001823 unsigned char decrypted_master_key[32];
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001824 char crypto_blkdev[MAXPATHLEN];
1825 char real_blkdev[MAXPATHLEN];
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001826 char tmp_mount_point[64];
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001827 unsigned int orig_failed_decrypt_count;
1828 int rc;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001829 int use_keymaster = 0;
1830 int upgrade = 0;
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001831 unsigned char* intermediate_key = 0;
1832 size_t intermediate_key_size = 0;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001833
Paul Lawrencef4faa572014-01-29 13:31:03 -08001834 SLOGD("crypt_ftr->fs_size = %lld\n", crypt_ftr->fs_size);
1835 orig_failed_decrypt_count = crypt_ftr->failed_decrypt_count;
Ken Sumrall0cc16632011-01-18 20:32:26 -08001836
Paul Lawrencef4faa572014-01-29 13:31:03 -08001837 if (! (crypt_ftr->flags & CRYPT_MNT_KEY_UNENCRYPTED) ) {
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001838 if (decrypt_master_key(passwd, decrypted_master_key, crypt_ftr,
1839 &intermediate_key, &intermediate_key_size)) {
JP Abgrall7bdfa522013-11-15 13:42:56 -08001840 SLOGE("Failed to decrypt master key\n");
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001841 rc = -1;
1842 goto errout;
JP Abgrall7bdfa522013-11-15 13:42:56 -08001843 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001844 }
1845
Paul Lawrencef4faa572014-01-29 13:31:03 -08001846 fs_mgr_get_crypt_info(fstab, 0, real_blkdev, sizeof(real_blkdev));
1847
Ajay Dudani87701e22014-09-17 21:02:52 -07001848#ifdef CONFIG_HW_DISK_ENCRYPTION
Iliyan Malchevbb7d9af2014-11-20 18:42:23 -08001849 if (!strcmp((char *)crypt_ftr->crypto_type_name, "aes-xts")) {
1850 if(!set_hw_device_encryption_key(passwd, (char*) crypt_ftr->crypto_type_name)) {
1851 SLOGE("Hardware encryption key does not match");
1852 }
Ajay Dudani87701e22014-09-17 21:02:52 -07001853 }
1854#endif
1855
Paul Lawrence74f29f12014-08-28 15:54:10 -07001856 // Create crypto block device - all (non fatal) code paths
1857 // need it
Paul Lawrencef4faa572014-01-29 13:31:03 -08001858 if (create_crypto_blk_dev(crypt_ftr, decrypted_master_key,
1859 real_blkdev, crypto_blkdev, label)) {
Paul Lawrence74f29f12014-08-28 15:54:10 -07001860 SLOGE("Error creating decrypted block device\n");
1861 rc = -1;
1862 goto errout;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001863 }
1864
Paul Lawrence74f29f12014-08-28 15:54:10 -07001865 /* Work out if the problem is the password or the data */
1866 unsigned char scrypted_intermediate_key[sizeof(crypt_ftr->
1867 scrypted_intermediate_key)];
1868 int N = 1 << crypt_ftr->N_factor;
1869 int r = 1 << crypt_ftr->r_factor;
1870 int p = 1 << crypt_ftr->p_factor;
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001871
Paul Lawrence74f29f12014-08-28 15:54:10 -07001872 rc = crypto_scrypt(intermediate_key, intermediate_key_size,
1873 crypt_ftr->salt, sizeof(crypt_ftr->salt),
1874 N, r, p, scrypted_intermediate_key,
1875 sizeof(scrypted_intermediate_key));
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001876
Paul Lawrence74f29f12014-08-28 15:54:10 -07001877 // Does the key match the crypto footer?
1878 if (rc == 0 && memcmp(scrypted_intermediate_key,
1879 crypt_ftr->scrypted_intermediate_key,
1880 sizeof(scrypted_intermediate_key)) == 0) {
1881 SLOGI("Password matches");
1882 rc = 0;
1883 } else {
1884 /* Try mounting the file system anyway, just in case the problem's with
1885 * the footer, not the key. */
1886 sprintf(tmp_mount_point, "%s/tmp_mnt", mount_point);
1887 mkdir(tmp_mount_point, 0755);
1888 if (fs_mgr_do_mount(fstab, DATA_MNT_POINT, crypto_blkdev, tmp_mount_point)) {
1889 SLOGE("Error temp mounting decrypted block device\n");
1890 delete_crypto_blk_dev(label);
1891
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001892 rc = ++crypt_ftr->failed_decrypt_count;
1893 put_crypt_ftr_and_key(crypt_ftr);
Paul Lawrence74f29f12014-08-28 15:54:10 -07001894 } else {
1895 /* Success! */
1896 SLOGI("Password did not match but decrypted drive mounted - continue");
1897 umount(tmp_mount_point);
1898 rc = 0;
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001899 }
Paul Lawrence74f29f12014-08-28 15:54:10 -07001900 }
1901
1902 if (rc == 0) {
1903 crypt_ftr->failed_decrypt_count = 0;
Paul Lawrence72b8b822014-10-05 12:57:37 -07001904 if (orig_failed_decrypt_count != 0) {
1905 put_crypt_ftr_and_key(crypt_ftr);
1906 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001907
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001908 /* Save the name of the crypto block device
Paul Lawrence74f29f12014-08-28 15:54:10 -07001909 * so we can mount it when restarting the framework. */
Ken Sumrall6864b7e2011-01-14 15:20:02 -08001910 property_set("ro.crypto.fs_crypto_blkdev", crypto_blkdev);
Jason parks70a4b3f2011-01-28 10:10:47 -06001911
1912 /* Also save a the master key so we can reencrypted the key
Paul Lawrence74f29f12014-08-28 15:54:10 -07001913 * the key when we want to change the password on it. */
Jason parks70a4b3f2011-01-28 10:10:47 -06001914 memcpy(saved_master_key, decrypted_master_key, KEY_LEN_BYTES);
Ken Sumrall3ad90722011-10-04 20:38:29 -07001915 saved_mount_point = strdup(mount_point);
Jason parks70a4b3f2011-01-28 10:10:47 -06001916 master_key_saved = 1;
JP Abgrall7bdfa522013-11-15 13:42:56 -08001917 SLOGD("%s(): Master key saved\n", __FUNCTION__);
Ken Sumrall6864b7e2011-01-14 15:20:02 -08001918 rc = 0;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001919
Paul Lawrence74f29f12014-08-28 15:54:10 -07001920 // Upgrade if we're not using the latest KDF.
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001921 use_keymaster = keymaster_check_compatibility();
1922 if (crypt_ftr->kdf_type == KDF_SCRYPT_KEYMASTER) {
Shawn Willden47ba10d2014-09-03 17:07:06 -06001923 // Don't allow downgrade
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001924 } else if (use_keymaster == 1 && crypt_ftr->kdf_type != KDF_SCRYPT_KEYMASTER) {
1925 crypt_ftr->kdf_type = KDF_SCRYPT_KEYMASTER;
1926 upgrade = 1;
1927 } else if (use_keymaster == 0 && crypt_ftr->kdf_type != KDF_SCRYPT) {
Paul Lawrencef4faa572014-01-29 13:31:03 -08001928 crypt_ftr->kdf_type = KDF_SCRYPT;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001929 upgrade = 1;
1930 }
1931
1932 if (upgrade) {
Paul Lawrencef4faa572014-01-29 13:31:03 -08001933 rc = encrypt_master_key(passwd, crypt_ftr->salt, saved_master_key,
1934 crypt_ftr->master_key, crypt_ftr);
JP Abgrall7bdfa522013-11-15 13:42:56 -08001935 if (!rc) {
Paul Lawrencef4faa572014-01-29 13:31:03 -08001936 rc = put_crypt_ftr_and_key(crypt_ftr);
JP Abgrall7bdfa522013-11-15 13:42:56 -08001937 }
1938 SLOGD("Key Derivation Function upgrade: rc=%d\n", rc);
Paul Lawrenceb2f682b2014-09-08 11:28:19 -07001939
1940 // Do not fail even if upgrade failed - machine is bootable
1941 // Note that if this code is ever hit, there is a *serious* problem
1942 // since KDFs should never fail. You *must* fix the kdf before
1943 // proceeding!
1944 if (rc) {
1945 SLOGW("Upgrade failed with error %d,"
1946 " but continuing with previous state",
1947 rc);
1948 rc = 0;
1949 }
JP Abgrall7bdfa522013-11-15 13:42:56 -08001950 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001951 }
1952
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001953 errout:
1954 if (intermediate_key) {
1955 memset(intermediate_key, 0, intermediate_key_size);
1956 free(intermediate_key);
1957 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001958 return rc;
1959}
1960
Ken Sumrall29d8da82011-05-18 17:20:07 -07001961/*
Jeff Sharkey9c484982015-03-31 10:35:33 -07001962 * Called by vold when it's asked to mount an encrypted external
1963 * storage volume. The incoming partition has no crypto header/footer,
1964 * as any metadata is been stored in a separate, small partition.
1965 *
1966 * out_crypto_blkdev must be MAXPATHLEN.
Ken Sumrall29d8da82011-05-18 17:20:07 -07001967 */
Jeff Sharkey9c484982015-03-31 10:35:33 -07001968int cryptfs_setup_ext_volume(const char* label, const char* real_blkdev,
1969 const unsigned char* key, int keysize, char* out_crypto_blkdev) {
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07001970 int fd = open(real_blkdev, O_RDONLY|O_CLOEXEC);
Hiroaki Miyazawa14eab552015-02-04 13:29:15 +09001971 if (fd == -1) {
Jeff Sharkey9c484982015-03-31 10:35:33 -07001972 SLOGE("Failed to open %s: %s", real_blkdev, strerror(errno));
Hiroaki Miyazawa14eab552015-02-04 13:29:15 +09001973 return -1;
1974 }
1975
1976 unsigned long nr_sec = 0;
1977 get_blkdev_size(fd, &nr_sec);
Ken Sumrall29d8da82011-05-18 17:20:07 -07001978 close(fd);
Hiroaki Miyazawa14eab552015-02-04 13:29:15 +09001979
Ken Sumrall29d8da82011-05-18 17:20:07 -07001980 if (nr_sec == 0) {
Jeff Sharkey9c484982015-03-31 10:35:33 -07001981 SLOGE("Failed to get size of %s: %s", real_blkdev, strerror(errno));
Ken Sumrall29d8da82011-05-18 17:20:07 -07001982 return -1;
1983 }
1984
Jeff Sharkey9c484982015-03-31 10:35:33 -07001985 struct crypt_mnt_ftr ext_crypt_ftr;
1986 memset(&ext_crypt_ftr, 0, sizeof(ext_crypt_ftr));
1987 ext_crypt_ftr.fs_size = nr_sec;
1988 ext_crypt_ftr.keysize = keysize;
1989 strcpy((char*) ext_crypt_ftr.crypto_type_name, "aes-cbc-essiv:sha256");
Ken Sumrall29d8da82011-05-18 17:20:07 -07001990
Jeff Sharkey9c484982015-03-31 10:35:33 -07001991 return create_crypto_blk_dev(&ext_crypt_ftr, key, real_blkdev,
1992 out_crypto_blkdev, label);
1993}
Ken Sumrall29d8da82011-05-18 17:20:07 -07001994
Jeff Sharkey9c484982015-03-31 10:35:33 -07001995/*
1996 * Called by vold when it's asked to unmount an encrypted external
1997 * storage volume.
1998 */
1999int cryptfs_revert_ext_volume(const char* label) {
2000 return delete_crypto_blk_dev((char*) label);
Ken Sumrall29d8da82011-05-18 17:20:07 -07002001}
2002
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08002003int cryptfs_crypto_complete(void)
2004{
2005 return do_crypto_complete("/data");
2006}
2007
Paul Lawrencef4faa572014-01-29 13:31:03 -08002008int check_unmounted_and_get_ftr(struct crypt_mnt_ftr* crypt_ftr)
2009{
2010 char encrypted_state[PROPERTY_VALUE_MAX];
2011 property_get("ro.crypto.state", encrypted_state, "");
2012 if ( master_key_saved || strcmp(encrypted_state, "encrypted") ) {
2013 SLOGE("encrypted fs already validated or not running with encryption,"
2014 " aborting");
2015 return -1;
2016 }
2017
2018 if (get_crypt_ftr_and_key(crypt_ftr)) {
2019 SLOGE("Error getting crypt footer and key");
2020 return -1;
2021 }
2022
2023 return 0;
2024}
2025
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002026int cryptfs_check_passwd(char *passwd)
2027{
Paul Lawrence05335c32015-03-05 09:46:23 -08002028 SLOGI("cryptfs_check_passwd");
Paul Crowley38132a12016-02-09 09:50:32 +00002029 if (e4crypt_is_native()) {
Paul Lawrence7b6b5652016-02-02 11:14:59 -08002030 SLOGE("cryptfs_check_passwd not valid for file encryption");
2031 return -1;
Paul Lawrence05335c32015-03-05 09:46:23 -08002032 }
2033
Paul Lawrencef4faa572014-01-29 13:31:03 -08002034 struct crypt_mnt_ftr crypt_ftr;
2035 int rc;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002036
Paul Lawrencef4faa572014-01-29 13:31:03 -08002037 rc = check_unmounted_and_get_ftr(&crypt_ftr);
Paul Lawrence3d99eba2015-11-20 07:07:19 -08002038 if (rc) {
2039 SLOGE("Could not get footer");
Paul Lawrencef4faa572014-01-29 13:31:03 -08002040 return rc;
Paul Lawrence3d99eba2015-11-20 07:07:19 -08002041 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002042
Paul Lawrence3bd36d52015-06-09 13:37:44 -07002043 rc = test_mount_encrypted_fs(&crypt_ftr, passwd,
Paul Lawrence3d99eba2015-11-20 07:07:19 -08002044 DATA_MNT_POINT, CRYPTO_BLOCK_DEVICE);
2045 if (rc) {
2046 SLOGE("Password did not match");
2047 return rc;
2048 }
Paul Lawrence684dbdf2014-02-07 12:07:22 -08002049
Paul Lawrence3d99eba2015-11-20 07:07:19 -08002050 if (crypt_ftr.flags & CRYPT_FORCE_COMPLETE) {
2051 // Here we have a default actual password but a real password
2052 // we must test against the scrypted value
2053 // First, we must delete the crypto block device that
2054 // test_mount_encrypted_fs leaves behind as a side effect
2055 delete_crypto_blk_dev(CRYPTO_BLOCK_DEVICE);
2056 rc = test_mount_encrypted_fs(&crypt_ftr, DEFAULT_PASSWORD,
2057 DATA_MNT_POINT, CRYPTO_BLOCK_DEVICE);
2058 if (rc) {
2059 SLOGE("Default password did not match on reboot encryption");
2060 return rc;
2061 }
2062
2063 crypt_ftr.flags &= ~CRYPT_FORCE_COMPLETE;
2064 put_crypt_ftr_and_key(&crypt_ftr);
2065 rc = cryptfs_changepw(crypt_ftr.crypt_type, passwd);
2066 if (rc) {
2067 SLOGE("Could not change password on reboot encryption");
2068 return rc;
2069 }
2070 }
2071
2072 if (crypt_ftr.crypt_type != CRYPT_TYPE_DEFAULT) {
Paul Lawrence399317e2014-03-10 13:20:50 -07002073 cryptfs_clear_password();
2074 password = strdup(passwd);
2075 struct timespec now;
2076 clock_gettime(CLOCK_BOOTTIME, &now);
2077 password_expiry_time = now.tv_sec + password_max_age_seconds;
Paul Lawrence684dbdf2014-02-07 12:07:22 -08002078 }
2079
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002080 return rc;
2081}
2082
Ken Sumrall3ad90722011-10-04 20:38:29 -07002083int cryptfs_verify_passwd(char *passwd)
2084{
2085 struct crypt_mnt_ftr crypt_ftr;
2086 /* Allocate enough space for a 256 bit key, but we may use less */
Ken Sumrall160b4d62013-04-22 12:15:39 -07002087 unsigned char decrypted_master_key[32];
Ken Sumrall3ad90722011-10-04 20:38:29 -07002088 char encrypted_state[PROPERTY_VALUE_MAX];
2089 int rc;
2090
2091 property_get("ro.crypto.state", encrypted_state, "");
2092 if (strcmp(encrypted_state, "encrypted") ) {
2093 SLOGE("device not encrypted, aborting");
2094 return -2;
2095 }
2096
2097 if (!master_key_saved) {
2098 SLOGE("encrypted fs not yet mounted, aborting");
2099 return -1;
2100 }
2101
2102 if (!saved_mount_point) {
2103 SLOGE("encrypted fs failed to save mount point, aborting");
2104 return -1;
2105 }
2106
Ken Sumrall160b4d62013-04-22 12:15:39 -07002107 if (get_crypt_ftr_and_key(&crypt_ftr)) {
Ken Sumrall3ad90722011-10-04 20:38:29 -07002108 SLOGE("Error getting crypt footer and key\n");
2109 return -1;
2110 }
2111
2112 if (crypt_ftr.flags & CRYPT_MNT_KEY_UNENCRYPTED) {
2113 /* If the device has no password, then just say the password is valid */
2114 rc = 0;
2115 } else {
Paul Lawrenced0c7b172014-08-08 14:28:10 -07002116 decrypt_master_key(passwd, decrypted_master_key, &crypt_ftr, 0, 0);
Ken Sumrall3ad90722011-10-04 20:38:29 -07002117 if (!memcmp(decrypted_master_key, saved_master_key, crypt_ftr.keysize)) {
2118 /* They match, the password is correct */
2119 rc = 0;
2120 } else {
2121 /* If incorrect, sleep for a bit to prevent dictionary attacks */
2122 sleep(1);
2123 rc = 1;
2124 }
2125 }
2126
2127 return rc;
2128}
2129
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002130/* Initialize a crypt_mnt_ftr structure. The keysize is
2131 * defaulted to 16 bytes, and the filesystem size to 0.
2132 * Presumably, at a minimum, the caller will update the
2133 * filesystem size and crypto_type_name after calling this function.
2134 */
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07002135static int cryptfs_init_crypt_mnt_ftr(struct crypt_mnt_ftr *ftr)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002136{
Ken Sumrall160b4d62013-04-22 12:15:39 -07002137 off64_t off;
2138
2139 memset(ftr, 0, sizeof(struct crypt_mnt_ftr));
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002140 ftr->magic = CRYPT_MNT_MAGIC;
Kenny Rootc96a5f82013-06-14 12:08:28 -07002141 ftr->major_version = CURRENT_MAJOR_VERSION;
2142 ftr->minor_version = CURRENT_MINOR_VERSION;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002143 ftr->ftr_size = sizeof(struct crypt_mnt_ftr);
Jason parks70a4b3f2011-01-28 10:10:47 -06002144 ftr->keysize = KEY_LEN_BYTES;
Ken Sumrall160b4d62013-04-22 12:15:39 -07002145
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07002146 switch (keymaster_check_compatibility()) {
2147 case 1:
2148 ftr->kdf_type = KDF_SCRYPT_KEYMASTER;
2149 break;
2150
2151 case 0:
2152 ftr->kdf_type = KDF_SCRYPT;
2153 break;
2154
2155 default:
2156 SLOGE("keymaster_check_compatibility failed");
2157 return -1;
2158 }
2159
Kenny Rootc4c70f12013-06-14 12:11:38 -07002160 get_device_scrypt_params(ftr);
2161
Ken Sumrall160b4d62013-04-22 12:15:39 -07002162 ftr->persist_data_size = CRYPT_PERSIST_DATA_SIZE;
2163 if (get_crypt_ftr_info(NULL, &off) == 0) {
2164 ftr->persist_data_offset[0] = off + CRYPT_FOOTER_TO_PERSIST_OFFSET;
2165 ftr->persist_data_offset[1] = off + CRYPT_FOOTER_TO_PERSIST_OFFSET +
2166 ftr->persist_data_size;
2167 }
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07002168
2169 return 0;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002170}
2171
Ken Sumrall29d8da82011-05-18 17:20:07 -07002172static int cryptfs_enable_wipe(char *crypto_blkdev, off64_t size, int type)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002173{
Ken Sumralle550f782013-08-20 13:48:23 -07002174 const char *args[10];
2175 char size_str[32]; /* Must be large enough to hold a %lld and null byte */
2176 int num_args;
2177 int status;
2178 int tmp;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002179 int rc = -1;
2180
Ken Sumrall29d8da82011-05-18 17:20:07 -07002181 if (type == EXT4_FS) {
Ken Sumralle550f782013-08-20 13:48:23 -07002182 args[0] = "/system/bin/make_ext4fs";
2183 args[1] = "-a";
2184 args[2] = "/data";
2185 args[3] = "-l";
Elliott Hughes73737162014-06-25 17:27:42 -07002186 snprintf(size_str, sizeof(size_str), "%" PRId64, size * 512);
Ken Sumralle550f782013-08-20 13:48:23 -07002187 args[4] = size_str;
2188 args[5] = crypto_blkdev;
2189 num_args = 6;
2190 SLOGI("Making empty filesystem with command %s %s %s %s %s %s\n",
2191 args[0], args[1], args[2], args[3], args[4], args[5]);
JP Abgrall62c7af32014-06-16 13:01:23 -07002192 } else if (type == F2FS_FS) {
2193 args[0] = "/system/bin/mkfs.f2fs";
2194 args[1] = "-t";
2195 args[2] = "-d1";
2196 args[3] = crypto_blkdev;
Elliott Hughes73737162014-06-25 17:27:42 -07002197 snprintf(size_str, sizeof(size_str), "%" PRId64, size);
JP Abgrall62c7af32014-06-16 13:01:23 -07002198 args[4] = size_str;
2199 num_args = 5;
2200 SLOGI("Making empty filesystem with command %s %s %s %s %s\n",
2201 args[0], args[1], args[2], args[3], args[4]);
Ken Sumrall29d8da82011-05-18 17:20:07 -07002202 } else {
2203 SLOGE("cryptfs_enable_wipe(): unknown filesystem type %d\n", type);
2204 return -1;
2205 }
2206
Ken Sumralle550f782013-08-20 13:48:23 -07002207 tmp = android_fork_execvp(num_args, (char **)args, &status, false, true);
2208
2209 if (tmp != 0) {
2210 SLOGE("Error creating empty filesystem on %s due to logwrap error\n", crypto_blkdev);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002211 } else {
Ken Sumralle550f782013-08-20 13:48:23 -07002212 if (WIFEXITED(status)) {
2213 if (WEXITSTATUS(status)) {
2214 SLOGE("Error creating filesystem on %s, exit status %d ",
2215 crypto_blkdev, WEXITSTATUS(status));
2216 } else {
2217 SLOGD("Successfully created filesystem on %s\n", crypto_blkdev);
2218 rc = 0;
2219 }
2220 } else {
2221 SLOGE("Error creating filesystem on %s, did not exit normally\n", crypto_blkdev);
2222 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002223 }
2224
2225 return rc;
2226}
2227
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002228#define CRYPT_INPLACE_BUFSIZE 4096
Paul Lawrence87999172014-02-20 12:21:31 -08002229#define CRYPT_SECTORS_PER_BUFSIZE (CRYPT_INPLACE_BUFSIZE / CRYPT_SECTOR_SIZE)
2230#define CRYPT_SECTOR_SIZE 512
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002231
2232/* aligned 32K writes tends to make flash happy.
2233 * SD card association recommends it.
2234 */
Ajay Dudani87701e22014-09-17 21:02:52 -07002235#ifndef CONFIG_HW_DISK_ENCRYPTION
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002236#define BLOCKS_AT_A_TIME 8
Ajay Dudani87701e22014-09-17 21:02:52 -07002237#else
2238#define BLOCKS_AT_A_TIME 1024
2239#endif
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002240
2241struct encryptGroupsData
2242{
2243 int realfd;
2244 int cryptofd;
2245 off64_t numblocks;
2246 off64_t one_pct, cur_pct, new_pct;
2247 off64_t blocks_already_done, tot_numblocks;
Paul Lawrence58c58cf2014-06-04 13:12:21 -07002248 off64_t used_blocks_already_done, tot_used_blocks;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002249 char* real_blkdev, * crypto_blkdev;
2250 int count;
2251 off64_t offset;
2252 char* buffer;
Paul Lawrence87999172014-02-20 12:21:31 -08002253 off64_t last_written_sector;
2254 int completed;
Paul Lawrencea96d9c92014-06-04 14:05:01 -07002255 time_t time_started;
2256 int remaining_time;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002257};
2258
Paul Lawrence58c58cf2014-06-04 13:12:21 -07002259static void update_progress(struct encryptGroupsData* data, int is_used)
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002260{
2261 data->blocks_already_done++;
Paul Lawrence58c58cf2014-06-04 13:12:21 -07002262
2263 if (is_used) {
2264 data->used_blocks_already_done++;
2265 }
Paul Lawrence58c58cf2014-06-04 13:12:21 -07002266 if (data->tot_used_blocks) {
2267 data->new_pct = data->used_blocks_already_done / data->one_pct;
2268 } else {
2269 data->new_pct = data->blocks_already_done / data->one_pct;
2270 }
2271
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002272 if (data->new_pct > data->cur_pct) {
2273 char buf[8];
2274 data->cur_pct = data->new_pct;
Elliott Hughescb33f572014-06-25 18:25:11 -07002275 snprintf(buf, sizeof(buf), "%" PRId64, data->cur_pct);
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002276 property_set("vold.encrypt_progress", buf);
2277 }
Paul Lawrencea96d9c92014-06-04 14:05:01 -07002278
2279 if (data->cur_pct >= 5) {
Paul Lawrence9c58a872014-09-30 09:12:51 -07002280 struct timespec time_now;
2281 if (clock_gettime(CLOCK_MONOTONIC, &time_now)) {
2282 SLOGW("Error getting time");
2283 } else {
2284 double elapsed_time = difftime(time_now.tv_sec, data->time_started);
2285 off64_t remaining_blocks = data->tot_used_blocks
2286 - data->used_blocks_already_done;
2287 int remaining_time = (int)(elapsed_time * remaining_blocks
2288 / data->used_blocks_already_done);
Paul Lawrence71577502014-08-13 14:55:55 -07002289
Paul Lawrence9c58a872014-09-30 09:12:51 -07002290 // Change time only if not yet set, lower, or a lot higher for
2291 // best user experience
2292 if (data->remaining_time == -1
2293 || remaining_time < data->remaining_time
2294 || remaining_time > data->remaining_time + 60) {
2295 char buf[8];
2296 snprintf(buf, sizeof(buf), "%d", remaining_time);
2297 property_set("vold.encrypt_time_remaining", buf);
2298 data->remaining_time = remaining_time;
2299 }
Paul Lawrencea96d9c92014-06-04 14:05:01 -07002300 }
2301 }
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002302}
2303
Paul Lawrence3846be12014-09-22 11:33:54 -07002304static void log_progress(struct encryptGroupsData const* data, bool completed)
2305{
2306 // Precondition - if completed data = 0 else data != 0
2307
2308 // Track progress so we can skip logging blocks
2309 static off64_t offset = -1;
2310
2311 // Need to close existing 'Encrypting from' log?
2312 if (completed || (offset != -1 && data->offset != offset)) {
2313 SLOGI("Encrypted to sector %" PRId64,
2314 offset / info.block_size * CRYPT_SECTOR_SIZE);
2315 offset = -1;
2316 }
2317
2318 // Need to start new 'Encrypting from' log?
2319 if (!completed && offset != data->offset) {
2320 SLOGI("Encrypting from sector %" PRId64,
2321 data->offset / info.block_size * CRYPT_SECTOR_SIZE);
2322 }
2323
2324 // Update offset
2325 if (!completed) {
2326 offset = data->offset + (off64_t)data->count * info.block_size;
2327 }
2328}
2329
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002330static int flush_outstanding_data(struct encryptGroupsData* data)
2331{
2332 if (data->count == 0) {
2333 return 0;
2334 }
2335
Elliott Hughes231bdba2014-06-25 18:36:19 -07002336 SLOGV("Copying %d blocks at offset %" PRIx64, data->count, data->offset);
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002337
2338 if (pread64(data->realfd, data->buffer,
2339 info.block_size * data->count, data->offset)
2340 <= 0) {
2341 SLOGE("Error reading real_blkdev %s for inplace encrypt",
2342 data->real_blkdev);
2343 return -1;
2344 }
2345
2346 if (pwrite64(data->cryptofd, data->buffer,
2347 info.block_size * data->count, data->offset)
2348 <= 0) {
2349 SLOGE("Error writing crypto_blkdev %s for inplace encrypt",
2350 data->crypto_blkdev);
2351 return -1;
Paul Lawrence87999172014-02-20 12:21:31 -08002352 } else {
Paul Lawrence3846be12014-09-22 11:33:54 -07002353 log_progress(data, false);
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002354 }
2355
2356 data->count = 0;
Paul Lawrence87999172014-02-20 12:21:31 -08002357 data->last_written_sector = (data->offset + data->count)
2358 / info.block_size * CRYPT_SECTOR_SIZE - 1;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002359 return 0;
2360}
2361
2362static int encrypt_groups(struct encryptGroupsData* data)
2363{
2364 unsigned int i;
2365 u8 *block_bitmap = 0;
2366 unsigned int block;
2367 off64_t ret;
2368 int rc = -1;
2369
2370 data->buffer = malloc(info.block_size * BLOCKS_AT_A_TIME);
2371 if (!data->buffer) {
2372 SLOGE("Failed to allocate crypto buffer");
2373 goto errout;
2374 }
2375
2376 block_bitmap = malloc(info.block_size);
2377 if (!block_bitmap) {
2378 SLOGE("failed to allocate block bitmap");
2379 goto errout;
2380 }
2381
2382 for (i = 0; i < aux_info.groups; ++i) {
2383 SLOGI("Encrypting group %d", i);
2384
2385 u32 first_block = aux_info.first_data_block + i * info.blocks_per_group;
2386 u32 block_count = min(info.blocks_per_group,
2387 aux_info.len_blocks - first_block);
2388
2389 off64_t offset = (u64)info.block_size
2390 * aux_info.bg_desc[i].bg_block_bitmap;
2391
2392 ret = pread64(data->realfd, block_bitmap, info.block_size, offset);
2393 if (ret != (int)info.block_size) {
2394 SLOGE("failed to read all of block group bitmap %d", i);
2395 goto errout;
2396 }
2397
2398 offset = (u64)info.block_size * first_block;
2399
2400 data->count = 0;
2401
2402 for (block = 0; block < block_count; block++) {
liminghaoaa08e582016-01-06 10:30:49 +08002403 int used = (aux_info.bg_desc[i].bg_flags & EXT4_BG_BLOCK_UNINIT) ?
2404 0 : bitmap_get_bit(block_bitmap, block);
Paul Lawrence58c58cf2014-06-04 13:12:21 -07002405 update_progress(data, used);
2406 if (used) {
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002407 if (data->count == 0) {
2408 data->offset = offset;
2409 }
2410 data->count++;
2411 } else {
2412 if (flush_outstanding_data(data)) {
2413 goto errout;
2414 }
2415 }
2416
2417 offset += info.block_size;
2418
2419 /* Write data if we are aligned or buffer size reached */
2420 if (offset % (info.block_size * BLOCKS_AT_A_TIME) == 0
2421 || data->count == BLOCKS_AT_A_TIME) {
2422 if (flush_outstanding_data(data)) {
2423 goto errout;
2424 }
2425 }
Paul Lawrence87999172014-02-20 12:21:31 -08002426
Paul Lawrence73d7a022014-06-09 14:10:09 -07002427 if (!is_battery_ok_to_continue()) {
Paul Lawrence87999172014-02-20 12:21:31 -08002428 SLOGE("Stopping encryption due to low battery");
2429 rc = 0;
2430 goto errout;
2431 }
2432
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002433 }
2434 if (flush_outstanding_data(data)) {
2435 goto errout;
2436 }
2437 }
2438
Paul Lawrence87999172014-02-20 12:21:31 -08002439 data->completed = 1;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002440 rc = 0;
2441
2442errout:
Paul Lawrence3846be12014-09-22 11:33:54 -07002443 log_progress(0, true);
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002444 free(data->buffer);
2445 free(block_bitmap);
2446 return rc;
2447}
2448
2449static int cryptfs_enable_inplace_ext4(char *crypto_blkdev,
2450 char *real_blkdev,
2451 off64_t size,
2452 off64_t *size_already_done,
Paul Lawrence87999172014-02-20 12:21:31 -08002453 off64_t tot_size,
2454 off64_t previously_encrypted_upto)
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002455{
Paul Lawrence58c58cf2014-06-04 13:12:21 -07002456 u32 i;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002457 struct encryptGroupsData data;
Paul Lawrence74f29f12014-08-28 15:54:10 -07002458 int rc; // Can't initialize without causing warning -Wclobbered
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002459
Paul Lawrence87999172014-02-20 12:21:31 -08002460 if (previously_encrypted_upto > *size_already_done) {
2461 SLOGD("Not fast encrypting since resuming part way through");
2462 return -1;
2463 }
2464
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002465 memset(&data, 0, sizeof(data));
2466 data.real_blkdev = real_blkdev;
2467 data.crypto_blkdev = crypto_blkdev;
2468
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07002469 if ( (data.realfd = open(real_blkdev, O_RDWR|O_CLOEXEC)) < 0) {
JP Abgrall3334c6a2014-10-10 15:52:11 -07002470 SLOGE("Error opening real_blkdev %s for inplace encrypt. err=%d(%s)\n",
2471 real_blkdev, errno, strerror(errno));
Paul Lawrence74f29f12014-08-28 15:54:10 -07002472 rc = -1;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002473 goto errout;
2474 }
2475
David Ng82fd8042015-01-21 13:55:21 -08002476 // Wait until the block device appears. Re-use the mount retry values since it is reasonable.
2477 int retries = RETRY_MOUNT_ATTEMPTS;
2478 while ((data.cryptofd = open(crypto_blkdev, O_WRONLY|O_CLOEXEC)) < 0) {
2479 if (--retries) {
2480 SLOGE("Error opening crypto_blkdev %s for ext4 inplace encrypt. err=%d(%s), retrying\n",
2481 crypto_blkdev, errno, strerror(errno));
2482 sleep(RETRY_MOUNT_DELAY_SECONDS);
2483 } else {
2484 SLOGE("Error opening crypto_blkdev %s for ext4 inplace encrypt. err=%d(%s)\n",
2485 crypto_blkdev, errno, strerror(errno));
2486 rc = ENABLE_INPLACE_ERR_DEV;
2487 goto errout;
2488 }
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002489 }
2490
2491 if (setjmp(setjmp_env)) {
JP Abgrall7fc1de82014-10-10 18:43:41 -07002492 SLOGE("Reading ext4 extent caused an exception\n");
Paul Lawrence74f29f12014-08-28 15:54:10 -07002493 rc = -1;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002494 goto errout;
2495 }
2496
2497 if (read_ext(data.realfd, 0) != 0) {
JP Abgrall7fc1de82014-10-10 18:43:41 -07002498 SLOGE("Failed to read ext4 extent\n");
Paul Lawrence74f29f12014-08-28 15:54:10 -07002499 rc = -1;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002500 goto errout;
2501 }
2502
2503 data.numblocks = size / CRYPT_SECTORS_PER_BUFSIZE;
2504 data.tot_numblocks = tot_size / CRYPT_SECTORS_PER_BUFSIZE;
2505 data.blocks_already_done = *size_already_done / CRYPT_SECTORS_PER_BUFSIZE;
2506
JP Abgrall7fc1de82014-10-10 18:43:41 -07002507 SLOGI("Encrypting ext4 filesystem in place...");
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002508
Paul Lawrence58c58cf2014-06-04 13:12:21 -07002509 data.tot_used_blocks = data.numblocks;
2510 for (i = 0; i < aux_info.groups; ++i) {
2511 data.tot_used_blocks -= aux_info.bg_desc[i].bg_free_blocks_count;
2512 }
2513
2514 data.one_pct = data.tot_used_blocks / 100;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002515 data.cur_pct = 0;
Paul Lawrence9c58a872014-09-30 09:12:51 -07002516
2517 struct timespec time_started = {0};
2518 if (clock_gettime(CLOCK_MONOTONIC, &time_started)) {
2519 SLOGW("Error getting time at start");
2520 // Note - continue anyway - we'll run with 0
2521 }
2522 data.time_started = time_started.tv_sec;
Paul Lawrencea96d9c92014-06-04 14:05:01 -07002523 data.remaining_time = -1;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002524
2525 rc = encrypt_groups(&data);
2526 if (rc) {
2527 SLOGE("Error encrypting groups");
2528 goto errout;
2529 }
2530
Paul Lawrence87999172014-02-20 12:21:31 -08002531 *size_already_done += data.completed ? size : data.last_written_sector;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002532 rc = 0;
2533
2534errout:
2535 close(data.realfd);
2536 close(data.cryptofd);
2537
2538 return rc;
2539}
2540
Paul Lawrence3846be12014-09-22 11:33:54 -07002541static void log_progress_f2fs(u64 block, bool completed)
2542{
2543 // Precondition - if completed data = 0 else data != 0
2544
2545 // Track progress so we can skip logging blocks
2546 static u64 last_block = (u64)-1;
2547
2548 // Need to close existing 'Encrypting from' log?
2549 if (completed || (last_block != (u64)-1 && block != last_block + 1)) {
2550 SLOGI("Encrypted to block %" PRId64, last_block);
2551 last_block = -1;
2552 }
2553
2554 // Need to start new 'Encrypting from' log?
2555 if (!completed && (last_block == (u64)-1 || block != last_block + 1)) {
2556 SLOGI("Encrypting from block %" PRId64, block);
2557 }
2558
2559 // Update offset
2560 if (!completed) {
2561 last_block = block;
2562 }
2563}
2564
Daniel Rosenberge82df162014-08-15 22:19:23 +00002565static int encrypt_one_block_f2fs(u64 pos, void *data)
2566{
2567 struct encryptGroupsData *priv_dat = (struct encryptGroupsData *)data;
2568
2569 priv_dat->blocks_already_done = pos - 1;
2570 update_progress(priv_dat, 1);
2571
2572 off64_t offset = pos * CRYPT_INPLACE_BUFSIZE;
2573
2574 if (pread64(priv_dat->realfd, priv_dat->buffer, CRYPT_INPLACE_BUFSIZE, offset) <= 0) {
JP Abgrall7fc1de82014-10-10 18:43:41 -07002575 SLOGE("Error reading real_blkdev %s for f2fs inplace encrypt", priv_dat->crypto_blkdev);
Daniel Rosenberge82df162014-08-15 22:19:23 +00002576 return -1;
2577 }
2578
2579 if (pwrite64(priv_dat->cryptofd, priv_dat->buffer, CRYPT_INPLACE_BUFSIZE, offset) <= 0) {
JP Abgrall7fc1de82014-10-10 18:43:41 -07002580 SLOGE("Error writing crypto_blkdev %s for f2fs inplace encrypt", priv_dat->crypto_blkdev);
Daniel Rosenberge82df162014-08-15 22:19:23 +00002581 return -1;
2582 } else {
Paul Lawrence3846be12014-09-22 11:33:54 -07002583 log_progress_f2fs(pos, false);
Daniel Rosenberge82df162014-08-15 22:19:23 +00002584 }
2585
2586 return 0;
2587}
2588
2589static int cryptfs_enable_inplace_f2fs(char *crypto_blkdev,
2590 char *real_blkdev,
2591 off64_t size,
2592 off64_t *size_already_done,
2593 off64_t tot_size,
2594 off64_t previously_encrypted_upto)
2595{
Daniel Rosenberge82df162014-08-15 22:19:23 +00002596 struct encryptGroupsData data;
2597 struct f2fs_info *f2fs_info = NULL;
JP Abgrall7fc1de82014-10-10 18:43:41 -07002598 int rc = ENABLE_INPLACE_ERR_OTHER;
Daniel Rosenberge82df162014-08-15 22:19:23 +00002599 if (previously_encrypted_upto > *size_already_done) {
2600 SLOGD("Not fast encrypting since resuming part way through");
JP Abgrall7fc1de82014-10-10 18:43:41 -07002601 return ENABLE_INPLACE_ERR_OTHER;
Daniel Rosenberge82df162014-08-15 22:19:23 +00002602 }
2603 memset(&data, 0, sizeof(data));
2604 data.real_blkdev = real_blkdev;
2605 data.crypto_blkdev = crypto_blkdev;
2606 data.realfd = -1;
2607 data.cryptofd = -1;
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07002608 if ( (data.realfd = open64(real_blkdev, O_RDWR|O_CLOEXEC)) < 0) {
JP Abgrall7fc1de82014-10-10 18:43:41 -07002609 SLOGE("Error opening real_blkdev %s for f2fs inplace encrypt\n",
Daniel Rosenberge82df162014-08-15 22:19:23 +00002610 real_blkdev);
2611 goto errout;
2612 }
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07002613 if ( (data.cryptofd = open64(crypto_blkdev, O_WRONLY|O_CLOEXEC)) < 0) {
JP Abgrall7fc1de82014-10-10 18:43:41 -07002614 SLOGE("Error opening crypto_blkdev %s for f2fs inplace encrypt. err=%d(%s)\n",
JP Abgrall3334c6a2014-10-10 15:52:11 -07002615 crypto_blkdev, errno, strerror(errno));
JP Abgrall7fc1de82014-10-10 18:43:41 -07002616 rc = ENABLE_INPLACE_ERR_DEV;
Daniel Rosenberge82df162014-08-15 22:19:23 +00002617 goto errout;
2618 }
2619
2620 f2fs_info = generate_f2fs_info(data.realfd);
2621 if (!f2fs_info)
2622 goto errout;
2623
2624 data.numblocks = size / CRYPT_SECTORS_PER_BUFSIZE;
2625 data.tot_numblocks = tot_size / CRYPT_SECTORS_PER_BUFSIZE;
2626 data.blocks_already_done = *size_already_done / CRYPT_SECTORS_PER_BUFSIZE;
2627
2628 data.tot_used_blocks = get_num_blocks_used(f2fs_info);
2629
2630 data.one_pct = data.tot_used_blocks / 100;
2631 data.cur_pct = 0;
2632 data.time_started = time(NULL);
2633 data.remaining_time = -1;
2634
2635 data.buffer = malloc(f2fs_info->block_size);
2636 if (!data.buffer) {
2637 SLOGE("Failed to allocate crypto buffer");
2638 goto errout;
2639 }
2640
2641 data.count = 0;
2642
2643 /* Currently, this either runs to completion, or hits a nonrecoverable error */
2644 rc = run_on_used_blocks(data.blocks_already_done, f2fs_info, &encrypt_one_block_f2fs, &data);
2645
2646 if (rc) {
JP Abgrall7fc1de82014-10-10 18:43:41 -07002647 SLOGE("Error in running over f2fs blocks");
2648 rc = ENABLE_INPLACE_ERR_OTHER;
Daniel Rosenberge82df162014-08-15 22:19:23 +00002649 goto errout;
2650 }
2651
2652 *size_already_done += size;
2653 rc = 0;
2654
2655errout:
2656 if (rc)
2657 SLOGE("Failed to encrypt f2fs filesystem on %s", real_blkdev);
2658
Paul Lawrence3846be12014-09-22 11:33:54 -07002659 log_progress_f2fs(0, true);
Daniel Rosenberge82df162014-08-15 22:19:23 +00002660 free(f2fs_info);
2661 free(data.buffer);
2662 close(data.realfd);
2663 close(data.cryptofd);
2664
2665 return rc;
2666}
2667
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002668static int cryptfs_enable_inplace_full(char *crypto_blkdev, char *real_blkdev,
2669 off64_t size, off64_t *size_already_done,
Paul Lawrence87999172014-02-20 12:21:31 -08002670 off64_t tot_size,
2671 off64_t previously_encrypted_upto)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002672{
2673 int realfd, cryptofd;
2674 char *buf[CRYPT_INPLACE_BUFSIZE];
JP Abgrall7fc1de82014-10-10 18:43:41 -07002675 int rc = ENABLE_INPLACE_ERR_OTHER;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002676 off64_t numblocks, i, remainder;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002677 off64_t one_pct, cur_pct, new_pct;
Ken Sumrall29d8da82011-05-18 17:20:07 -07002678 off64_t blocks_already_done, tot_numblocks;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002679
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07002680 if ( (realfd = open(real_blkdev, O_RDONLY|O_CLOEXEC)) < 0) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002681 SLOGE("Error opening real_blkdev %s for inplace encrypt\n", real_blkdev);
JP Abgrall7fc1de82014-10-10 18:43:41 -07002682 return ENABLE_INPLACE_ERR_OTHER;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002683 }
2684
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07002685 if ( (cryptofd = open(crypto_blkdev, O_WRONLY|O_CLOEXEC)) < 0) {
JP Abgrall3334c6a2014-10-10 15:52:11 -07002686 SLOGE("Error opening crypto_blkdev %s for inplace encrypt. err=%d(%s)\n",
2687 crypto_blkdev, errno, strerror(errno));
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002688 close(realfd);
JP Abgrall7fc1de82014-10-10 18:43:41 -07002689 return ENABLE_INPLACE_ERR_DEV;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002690 }
2691
2692 /* This is pretty much a simple loop of reading 4K, and writing 4K.
2693 * The size passed in is the number of 512 byte sectors in the filesystem.
2694 * So compute the number of whole 4K blocks we should read/write,
2695 * and the remainder.
2696 */
2697 numblocks = size / CRYPT_SECTORS_PER_BUFSIZE;
2698 remainder = size % CRYPT_SECTORS_PER_BUFSIZE;
Ken Sumrall29d8da82011-05-18 17:20:07 -07002699 tot_numblocks = tot_size / CRYPT_SECTORS_PER_BUFSIZE;
2700 blocks_already_done = *size_already_done / CRYPT_SECTORS_PER_BUFSIZE;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002701
2702 SLOGE("Encrypting filesystem in place...");
2703
Paul Lawrence87999172014-02-20 12:21:31 -08002704 i = previously_encrypted_upto + 1 - *size_already_done;
2705
2706 if (lseek64(realfd, i * CRYPT_SECTOR_SIZE, SEEK_SET) < 0) {
2707 SLOGE("Cannot seek to previously encrypted point on %s", real_blkdev);
2708 goto errout;
2709 }
2710
2711 if (lseek64(cryptofd, i * CRYPT_SECTOR_SIZE, SEEK_SET) < 0) {
2712 SLOGE("Cannot seek to previously encrypted point on %s", crypto_blkdev);
2713 goto errout;
2714 }
2715
2716 for (;i < size && i % CRYPT_SECTORS_PER_BUFSIZE != 0; ++i) {
2717 if (unix_read(realfd, buf, CRYPT_SECTOR_SIZE) <= 0) {
2718 SLOGE("Error reading initial sectors from real_blkdev %s for "
2719 "inplace encrypt\n", crypto_blkdev);
2720 goto errout;
2721 }
2722 if (unix_write(cryptofd, buf, CRYPT_SECTOR_SIZE) <= 0) {
2723 SLOGE("Error writing initial sectors to crypto_blkdev %s for "
2724 "inplace encrypt\n", crypto_blkdev);
2725 goto errout;
2726 } else {
Elliott Hughescb33f572014-06-25 18:25:11 -07002727 SLOGI("Encrypted 1 block at %" PRId64, i);
Paul Lawrence87999172014-02-20 12:21:31 -08002728 }
2729 }
2730
Ken Sumrall29d8da82011-05-18 17:20:07 -07002731 one_pct = tot_numblocks / 100;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002732 cur_pct = 0;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002733 /* process the majority of the filesystem in blocks */
Paul Lawrence87999172014-02-20 12:21:31 -08002734 for (i/=CRYPT_SECTORS_PER_BUFSIZE; i<numblocks; i++) {
Ken Sumrall29d8da82011-05-18 17:20:07 -07002735 new_pct = (i + blocks_already_done) / one_pct;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002736 if (new_pct > cur_pct) {
2737 char buf[8];
2738
2739 cur_pct = new_pct;
Elliott Hughes73737162014-06-25 17:27:42 -07002740 snprintf(buf, sizeof(buf), "%" PRId64, cur_pct);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002741 property_set("vold.encrypt_progress", buf);
2742 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002743 if (unix_read(realfd, buf, CRYPT_INPLACE_BUFSIZE) <= 0) {
Paul Lawrence87999172014-02-20 12:21:31 -08002744 SLOGE("Error reading real_blkdev %s for inplace encrypt", crypto_blkdev);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002745 goto errout;
2746 }
2747 if (unix_write(cryptofd, buf, CRYPT_INPLACE_BUFSIZE) <= 0) {
Paul Lawrence87999172014-02-20 12:21:31 -08002748 SLOGE("Error writing crypto_blkdev %s for inplace encrypt", crypto_blkdev);
2749 goto errout;
2750 } else {
Elliott Hughescb33f572014-06-25 18:25:11 -07002751 SLOGD("Encrypted %d block at %" PRId64,
Paul Lawrence87999172014-02-20 12:21:31 -08002752 CRYPT_SECTORS_PER_BUFSIZE,
2753 i * CRYPT_SECTORS_PER_BUFSIZE);
2754 }
2755
Paul Lawrence73d7a022014-06-09 14:10:09 -07002756 if (!is_battery_ok_to_continue()) {
Paul Lawrence87999172014-02-20 12:21:31 -08002757 SLOGE("Stopping encryption due to low battery");
2758 *size_already_done += (i + 1) * CRYPT_SECTORS_PER_BUFSIZE - 1;
2759 rc = 0;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002760 goto errout;
2761 }
2762 }
2763
2764 /* Do any remaining sectors */
2765 for (i=0; i<remainder; i++) {
Paul Lawrence87999172014-02-20 12:21:31 -08002766 if (unix_read(realfd, buf, CRYPT_SECTOR_SIZE) <= 0) {
2767 SLOGE("Error reading final sectors from real_blkdev %s for inplace encrypt", crypto_blkdev);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002768 goto errout;
2769 }
Paul Lawrence87999172014-02-20 12:21:31 -08002770 if (unix_write(cryptofd, buf, CRYPT_SECTOR_SIZE) <= 0) {
2771 SLOGE("Error writing final sectors to crypto_blkdev %s for inplace encrypt", crypto_blkdev);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002772 goto errout;
Paul Lawrence87999172014-02-20 12:21:31 -08002773 } else {
2774 SLOGI("Encrypted 1 block at next location");
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002775 }
2776 }
2777
Ken Sumrall29d8da82011-05-18 17:20:07 -07002778 *size_already_done += size;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002779 rc = 0;
2780
2781errout:
2782 close(realfd);
2783 close(cryptofd);
2784
2785 return rc;
2786}
2787
JP Abgrall7fc1de82014-10-10 18:43:41 -07002788/* returns on of the ENABLE_INPLACE_* return codes */
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002789static int cryptfs_enable_inplace(char *crypto_blkdev, char *real_blkdev,
2790 off64_t size, off64_t *size_already_done,
Paul Lawrence87999172014-02-20 12:21:31 -08002791 off64_t tot_size,
2792 off64_t previously_encrypted_upto)
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002793{
JP Abgrall7fc1de82014-10-10 18:43:41 -07002794 int rc_ext4, rc_f2fs, rc_full;
Paul Lawrence87999172014-02-20 12:21:31 -08002795 if (previously_encrypted_upto) {
Elliott Hughescb33f572014-06-25 18:25:11 -07002796 SLOGD("Continuing encryption from %" PRId64, previously_encrypted_upto);
Paul Lawrence87999172014-02-20 12:21:31 -08002797 }
2798
2799 if (*size_already_done + size < previously_encrypted_upto) {
2800 *size_already_done += size;
2801 return 0;
2802 }
2803
Daniel Rosenberge82df162014-08-15 22:19:23 +00002804 /* TODO: identify filesystem type.
2805 * As is, cryptfs_enable_inplace_ext4 will fail on an f2fs partition, and
2806 * then we will drop down to cryptfs_enable_inplace_f2fs.
2807 * */
JP Abgrall7fc1de82014-10-10 18:43:41 -07002808 if ((rc_ext4 = cryptfs_enable_inplace_ext4(crypto_blkdev, real_blkdev,
Daniel Rosenberge82df162014-08-15 22:19:23 +00002809 size, size_already_done,
JP Abgrall7fc1de82014-10-10 18:43:41 -07002810 tot_size, previously_encrypted_upto)) == 0) {
Daniel Rosenberge82df162014-08-15 22:19:23 +00002811 return 0;
2812 }
JP Abgrall7fc1de82014-10-10 18:43:41 -07002813 SLOGD("cryptfs_enable_inplace_ext4()=%d\n", rc_ext4);
Daniel Rosenberge82df162014-08-15 22:19:23 +00002814
JP Abgrall7fc1de82014-10-10 18:43:41 -07002815 if ((rc_f2fs = cryptfs_enable_inplace_f2fs(crypto_blkdev, real_blkdev,
Daniel Rosenberge82df162014-08-15 22:19:23 +00002816 size, size_already_done,
JP Abgrall7fc1de82014-10-10 18:43:41 -07002817 tot_size, previously_encrypted_upto)) == 0) {
Daniel Rosenberge82df162014-08-15 22:19:23 +00002818 return 0;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002819 }
JP Abgrall7fc1de82014-10-10 18:43:41 -07002820 SLOGD("cryptfs_enable_inplace_f2fs()=%d\n", rc_f2fs);
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002821
JP Abgrall7fc1de82014-10-10 18:43:41 -07002822 rc_full = cryptfs_enable_inplace_full(crypto_blkdev, real_blkdev,
Paul Lawrence87999172014-02-20 12:21:31 -08002823 size, size_already_done, tot_size,
2824 previously_encrypted_upto);
JP Abgrall7fc1de82014-10-10 18:43:41 -07002825 SLOGD("cryptfs_enable_inplace_full()=%d\n", rc_full);
2826
2827 /* Hack for b/17898962, the following is the symptom... */
2828 if (rc_ext4 == ENABLE_INPLACE_ERR_DEV
2829 && rc_f2fs == ENABLE_INPLACE_ERR_DEV
2830 && rc_full == ENABLE_INPLACE_ERR_DEV) {
2831 return ENABLE_INPLACE_ERR_DEV;
2832 }
2833 return rc_full;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002834}
2835
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002836#define CRYPTO_ENABLE_WIPE 1
2837#define CRYPTO_ENABLE_INPLACE 2
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002838
2839#define FRAMEWORK_BOOT_WAIT 60
2840
Paul Lawrence87999172014-02-20 12:21:31 -08002841static int cryptfs_SHA256_fileblock(const char* filename, __le8* buf)
2842{
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07002843 int fd = open(filename, O_RDONLY|O_CLOEXEC);
Paul Lawrence87999172014-02-20 12:21:31 -08002844 if (fd == -1) {
2845 SLOGE("Error opening file %s", filename);
2846 return -1;
2847 }
2848
2849 char block[CRYPT_INPLACE_BUFSIZE];
2850 memset(block, 0, sizeof(block));
2851 if (unix_read(fd, block, sizeof(block)) < 0) {
2852 SLOGE("Error reading file %s", filename);
2853 close(fd);
2854 return -1;
2855 }
2856
2857 close(fd);
2858
2859 SHA256_CTX c;
2860 SHA256_Init(&c);
2861 SHA256_Update(&c, block, sizeof(block));
2862 SHA256_Final(buf, &c);
2863
2864 return 0;
2865}
2866
JP Abgrall62c7af32014-06-16 13:01:23 -07002867static int get_fs_type(struct fstab_rec *rec)
2868{
2869 if (!strcmp(rec->fs_type, "ext4")) {
2870 return EXT4_FS;
2871 } else if (!strcmp(rec->fs_type, "f2fs")) {
2872 return F2FS_FS;
2873 } else {
2874 return -1;
2875 }
2876}
2877
Paul Lawrence87999172014-02-20 12:21:31 -08002878static int cryptfs_enable_all_volumes(struct crypt_mnt_ftr *crypt_ftr, int how,
2879 char *crypto_blkdev, char *real_blkdev,
2880 int previously_encrypted_upto)
2881{
2882 off64_t cur_encryption_done=0, tot_encryption_size=0;
Tim Murray8439dc92014-12-15 11:56:11 -08002883 int rc = -1;
Paul Lawrence87999172014-02-20 12:21:31 -08002884
Paul Lawrence73d7a022014-06-09 14:10:09 -07002885 if (!is_battery_ok_to_start()) {
2886 SLOGW("Not starting encryption due to low battery");
Paul Lawrence87999172014-02-20 12:21:31 -08002887 return 0;
2888 }
2889
2890 /* The size of the userdata partition, and add in the vold volumes below */
2891 tot_encryption_size = crypt_ftr->fs_size;
2892
2893 if (how == CRYPTO_ENABLE_WIPE) {
JP Abgrall62c7af32014-06-16 13:01:23 -07002894 struct fstab_rec* rec = fs_mgr_get_entry_for_mount_point(fstab, DATA_MNT_POINT);
2895 int fs_type = get_fs_type(rec);
2896 if (fs_type < 0) {
2897 SLOGE("cryptfs_enable: unsupported fs type %s\n", rec->fs_type);
2898 return -1;
2899 }
2900 rc = cryptfs_enable_wipe(crypto_blkdev, crypt_ftr->fs_size, fs_type);
Paul Lawrence87999172014-02-20 12:21:31 -08002901 } else if (how == CRYPTO_ENABLE_INPLACE) {
2902 rc = cryptfs_enable_inplace(crypto_blkdev, real_blkdev,
2903 crypt_ftr->fs_size, &cur_encryption_done,
2904 tot_encryption_size,
2905 previously_encrypted_upto);
2906
JP Abgrall7fc1de82014-10-10 18:43:41 -07002907 if (rc == ENABLE_INPLACE_ERR_DEV) {
2908 /* Hack for b/17898962 */
2909 SLOGE("cryptfs_enable: crypto block dev failure. Must reboot...\n");
2910 cryptfs_reboot(reboot);
2911 }
2912
Paul Lawrence73d7a022014-06-09 14:10:09 -07002913 if (!rc) {
Paul Lawrence87999172014-02-20 12:21:31 -08002914 crypt_ftr->encrypted_upto = cur_encryption_done;
2915 }
2916
Paul Lawrence73d7a022014-06-09 14:10:09 -07002917 if (!rc && crypt_ftr->encrypted_upto == crypt_ftr->fs_size) {
Paul Lawrence87999172014-02-20 12:21:31 -08002918 /* The inplace routine never actually sets the progress to 100% due
2919 * to the round down nature of integer division, so set it here */
2920 property_set("vold.encrypt_progress", "100");
2921 }
2922 } else {
2923 /* Shouldn't happen */
2924 SLOGE("cryptfs_enable: internal error, unknown option\n");
2925 rc = -1;
2926 }
2927
2928 return rc;
2929}
2930
Paul Lawrence13486032014-02-03 13:28:11 -08002931int cryptfs_enable_internal(char *howarg, int crypt_type, char *passwd,
Paul Lawrence569649f2015-09-09 12:13:00 -07002932 int no_ui)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002933{
2934 int how = 0;
Paul Lawrence87999172014-02-20 12:21:31 -08002935 char crypto_blkdev[MAXPATHLEN], real_blkdev[MAXPATHLEN];
Ken Sumrall160b4d62013-04-22 12:15:39 -07002936 unsigned char decrypted_master_key[KEY_LEN_BYTES];
Hiroaki Miyazawa14eab552015-02-04 13:29:15 +09002937 int rc=-1, i;
Paul Lawrence87999172014-02-20 12:21:31 -08002938 struct crypt_mnt_ftr crypt_ftr;
Ken Sumrall160b4d62013-04-22 12:15:39 -07002939 struct crypt_persist_data *pdata;
Ken Sumrall29d8da82011-05-18 17:20:07 -07002940 char encrypted_state[PROPERTY_VALUE_MAX];
Ken Sumrall5d4c68e2011-01-30 19:06:03 -08002941 char lockid[32] = { 0 };
Ken Sumrall29d8da82011-05-18 17:20:07 -07002942 char key_loc[PROPERTY_VALUE_MAX];
Ken Sumrall29d8da82011-05-18 17:20:07 -07002943 int num_vols;
Paul Lawrence87999172014-02-20 12:21:31 -08002944 off64_t previously_encrypted_upto = 0;
Paul Lawrence3d99eba2015-11-20 07:07:19 -08002945 bool rebootEncryption = false;
Ken Sumrall29d8da82011-05-18 17:20:07 -07002946
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002947 if (!strcmp(howarg, "wipe")) {
2948 how = CRYPTO_ENABLE_WIPE;
2949 } else if (! strcmp(howarg, "inplace")) {
2950 how = CRYPTO_ENABLE_INPLACE;
2951 } else {
2952 /* Shouldn't happen, as CommandListener vets the args */
Ken Sumrall3ed82362011-01-28 23:31:16 -08002953 goto error_unencrypted;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002954 }
2955
Paul Lawrence87999172014-02-20 12:21:31 -08002956 if (how == CRYPTO_ENABLE_INPLACE
Paul Lawrence3d99eba2015-11-20 07:07:19 -08002957 && get_crypt_ftr_and_key(&crypt_ftr) == 0) {
2958 if (crypt_ftr.flags & CRYPT_ENCRYPTION_IN_PROGRESS) {
2959 /* An encryption was underway and was interrupted */
2960 previously_encrypted_upto = crypt_ftr.encrypted_upto;
2961 crypt_ftr.encrypted_upto = 0;
2962 crypt_ftr.flags &= ~CRYPT_ENCRYPTION_IN_PROGRESS;
Paul Lawrence6bfed202014-07-28 12:47:22 -07002963
Paul Lawrence3d99eba2015-11-20 07:07:19 -08002964 /* At this point, we are in an inconsistent state. Until we successfully
2965 complete encryption, a reboot will leave us broken. So mark the
2966 encryption failed in case that happens.
2967 On successfully completing encryption, remove this flag */
2968 crypt_ftr.flags |= CRYPT_INCONSISTENT_STATE;
Paul Lawrence6bfed202014-07-28 12:47:22 -07002969
Paul Lawrence3d99eba2015-11-20 07:07:19 -08002970 put_crypt_ftr_and_key(&crypt_ftr);
2971 } else if (crypt_ftr.flags & CRYPT_FORCE_ENCRYPTION) {
2972 if (!check_ftr_sha(&crypt_ftr)) {
2973 memset(&crypt_ftr, 0, sizeof(crypt_ftr));
2974 put_crypt_ftr_and_key(&crypt_ftr);
2975 goto error_unencrypted;
2976 }
2977
2978 /* Doing a reboot-encryption*/
2979 crypt_ftr.flags &= ~CRYPT_FORCE_ENCRYPTION;
2980 crypt_ftr.flags |= CRYPT_FORCE_COMPLETE;
2981 rebootEncryption = true;
2982 }
Paul Lawrence87999172014-02-20 12:21:31 -08002983 }
2984
2985 property_get("ro.crypto.state", encrypted_state, "");
2986 if (!strcmp(encrypted_state, "encrypted") && !previously_encrypted_upto) {
2987 SLOGE("Device is already running encrypted, aborting");
2988 goto error_unencrypted;
2989 }
2990
2991 // TODO refactor fs_mgr_get_crypt_info to get both in one call
2992 fs_mgr_get_crypt_info(fstab, key_loc, 0, sizeof(key_loc));
Ken Sumrall56ad03c2013-02-13 13:00:19 -08002993 fs_mgr_get_crypt_info(fstab, 0, real_blkdev, sizeof(real_blkdev));
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002994
Ken Sumrall3ed82362011-01-28 23:31:16 -08002995 /* Get the size of the real block device */
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07002996 int fd = open(real_blkdev, O_RDONLY|O_CLOEXEC);
Hiroaki Miyazawa14eab552015-02-04 13:29:15 +09002997 if (fd == -1) {
2998 SLOGE("Cannot open block device %s\n", real_blkdev);
2999 goto error_unencrypted;
3000 }
3001 unsigned long nr_sec;
3002 get_blkdev_size(fd, &nr_sec);
3003 if (nr_sec == 0) {
Ken Sumrall3ed82362011-01-28 23:31:16 -08003004 SLOGE("Cannot get size of block device %s\n", real_blkdev);
3005 goto error_unencrypted;
3006 }
3007 close(fd);
3008
3009 /* If doing inplace encryption, make sure the orig fs doesn't include the crypto footer */
Ken Sumrall29d8da82011-05-18 17:20:07 -07003010 if ((how == CRYPTO_ENABLE_INPLACE) && (!strcmp(key_loc, KEY_IN_FOOTER))) {
Ken Sumrall3ed82362011-01-28 23:31:16 -08003011 unsigned int fs_size_sec, max_fs_size_sec;
Jim Millera70abc62014-08-15 02:00:45 +00003012 fs_size_sec = get_fs_size(real_blkdev);
Daniel Rosenberge82df162014-08-15 22:19:23 +00003013 if (fs_size_sec == 0)
3014 fs_size_sec = get_f2fs_filesystem_size_sec(real_blkdev);
3015
Paul Lawrence87999172014-02-20 12:21:31 -08003016 max_fs_size_sec = nr_sec - (CRYPT_FOOTER_OFFSET / CRYPT_SECTOR_SIZE);
Ken Sumrall3ed82362011-01-28 23:31:16 -08003017
3018 if (fs_size_sec > max_fs_size_sec) {
3019 SLOGE("Orig filesystem overlaps crypto footer region. Cannot encrypt in place.");
3020 goto error_unencrypted;
3021 }
3022 }
3023
Ken Sumrall5d4c68e2011-01-30 19:06:03 -08003024 /* Get a wakelock as this may take a while, and we don't want the
3025 * device to sleep on us. We'll grab a partial wakelock, and if the UI
3026 * wants to keep the screen on, it can grab a full wakelock.
3027 */
Ken Sumrall29d8da82011-05-18 17:20:07 -07003028 snprintf(lockid, sizeof(lockid), "enablecrypto%d", (int) getpid());
Ken Sumrall5d4c68e2011-01-30 19:06:03 -08003029 acquire_wake_lock(PARTIAL_WAKE_LOCK, lockid);
3030
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003031 /* The init files are setup to stop the class main and late start when
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003032 * vold sets trigger_shutdown_framework.
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003033 */
3034 property_set("vold.decrypt", "trigger_shutdown_framework");
3035 SLOGD("Just asked init to shut down class main\n");
3036
Jeff Sharkey9c484982015-03-31 10:35:33 -07003037 /* Ask vold to unmount all devices that it manages */
3038 if (vold_unmountAll()) {
3039 SLOGE("Failed to unmount all vold managed devices");
Ken Sumrall2eaf7132011-01-14 12:45:48 -08003040 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003041
Paul Lawrence3d99eba2015-11-20 07:07:19 -08003042 /* no_ui means we are being called from init, not settings.
3043 Now we always reboot from settings, so !no_ui means reboot
3044 */
3045 bool onlyCreateHeader = false;
3046 if (!no_ui) {
3047 /* Try fallback, which is to reboot and try there */
3048 onlyCreateHeader = true;
3049 FILE* breadcrumb = fopen(BREADCRUMB_FILE, "we");
3050 if (breadcrumb == 0) {
3051 SLOGE("Failed to create breadcrumb file");
3052 goto error_shutting_down;
3053 }
3054 fclose(breadcrumb);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003055 }
3056
3057 /* Do extra work for a better UX when doing the long inplace encryption */
Paul Lawrence3d99eba2015-11-20 07:07:19 -08003058 if (how == CRYPTO_ENABLE_INPLACE && !onlyCreateHeader) {
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003059 /* Now that /data is unmounted, we need to mount a tmpfs
3060 * /data, set a property saying we're doing inplace encryption,
3061 * and restart the framework.
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003062 */
Ken Sumralle5032c42012-04-01 23:58:44 -07003063 if (fs_mgr_do_tmpfs_mount(DATA_MNT_POINT)) {
Ken Sumrall3ed82362011-01-28 23:31:16 -08003064 goto error_shutting_down;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003065 }
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003066 /* Tells the framework that inplace encryption is starting */
Ken Sumrall7df84122011-01-18 14:04:08 -08003067 property_set("vold.encrypt_progress", "0");
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003068
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003069 /* restart the framework. */
3070 /* Create necessary paths on /data */
3071 if (prep_data_fs()) {
Ken Sumrall3ed82362011-01-28 23:31:16 -08003072 goto error_shutting_down;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003073 }
3074
Ken Sumrall92736ef2012-10-17 20:57:14 -07003075 /* Ugh, shutting down the framework is not synchronous, so until it
3076 * can be fixed, this horrible hack will wait a moment for it all to
3077 * shut down before proceeding. Without it, some devices cannot
3078 * restart the graphics services.
3079 */
3080 sleep(2);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003081 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003082
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003083 /* Start the actual work of making an encrypted filesystem */
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003084 /* Initialize a crypt_mnt_ftr for the partition */
Paul Lawrence3d99eba2015-11-20 07:07:19 -08003085 if (previously_encrypted_upto == 0 && !rebootEncryption) {
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07003086 if (cryptfs_init_crypt_mnt_ftr(&crypt_ftr)) {
3087 goto error_shutting_down;
3088 }
Ken Sumrall160b4d62013-04-22 12:15:39 -07003089
Paul Lawrence87999172014-02-20 12:21:31 -08003090 if (!strcmp(key_loc, KEY_IN_FOOTER)) {
3091 crypt_ftr.fs_size = nr_sec
3092 - (CRYPT_FOOTER_OFFSET / CRYPT_SECTOR_SIZE);
3093 } else {
3094 crypt_ftr.fs_size = nr_sec;
3095 }
Paul Lawrence6bfed202014-07-28 12:47:22 -07003096 /* At this point, we are in an inconsistent state. Until we successfully
3097 complete encryption, a reboot will leave us broken. So mark the
3098 encryption failed in case that happens.
3099 On successfully completing encryption, remove this flag */
Paul Lawrence3d99eba2015-11-20 07:07:19 -08003100 if (onlyCreateHeader) {
3101 crypt_ftr.flags |= CRYPT_FORCE_ENCRYPTION;
3102 } else {
3103 crypt_ftr.flags |= CRYPT_INCONSISTENT_STATE;
3104 }
Paul Lawrence87999172014-02-20 12:21:31 -08003105 crypt_ftr.crypt_type = crypt_type;
Ajay Dudani87701e22014-09-17 21:02:52 -07003106#ifndef CONFIG_HW_DISK_ENCRYPTION
3107 strlcpy((char *)crypt_ftr.crypto_type_name, "aes-cbc-essiv:sha256", MAX_CRYPTO_TYPE_NAME_LEN);
3108#else
3109 strlcpy((char *)crypt_ftr.crypto_type_name, "aes-xts", MAX_CRYPTO_TYPE_NAME_LEN);
3110
Iliyan Malchevbb7d9af2014-11-20 18:42:23 -08003111 rc = clear_hw_device_encryption_key();
Ajay Dudani87701e22014-09-17 21:02:52 -07003112 if (!rc) {
3113 SLOGE("Error clearing device encryption hardware key. rc = %d", rc);
3114 }
3115
3116 rc = set_hw_device_encryption_key(passwd,
3117 (char*) crypt_ftr.crypto_type_name);
3118 if (!rc) {
3119 SLOGE("Error initializing device encryption hardware key. rc = %d", rc);
3120 goto error_shutting_down;
3121 }
3122#endif
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003123
Paul Lawrence87999172014-02-20 12:21:31 -08003124 /* Make an encrypted master key */
Paul Lawrence3d99eba2015-11-20 07:07:19 -08003125 if (create_encrypted_random_key(onlyCreateHeader ? DEFAULT_PASSWORD : passwd,
3126 crypt_ftr.master_key, crypt_ftr.salt, &crypt_ftr)) {
Paul Lawrence87999172014-02-20 12:21:31 -08003127 SLOGE("Cannot create encrypted master key\n");
3128 goto error_shutting_down;
3129 }
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003130
Paul Lawrence3d99eba2015-11-20 07:07:19 -08003131 /* Replace scrypted intermediate key if we are preparing for a reboot */
3132 if (onlyCreateHeader) {
3133 unsigned char fake_master_key[KEY_LEN_BYTES];
3134 unsigned char encrypted_fake_master_key[KEY_LEN_BYTES];
3135 memset(fake_master_key, 0, sizeof(fake_master_key));
3136 encrypt_master_key(passwd, crypt_ftr.salt, fake_master_key,
3137 encrypted_fake_master_key, &crypt_ftr);
3138 }
3139
Paul Lawrence87999172014-02-20 12:21:31 -08003140 /* Write the key to the end of the partition */
3141 put_crypt_ftr_and_key(&crypt_ftr);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003142
Paul Lawrence87999172014-02-20 12:21:31 -08003143 /* If any persistent data has been remembered, save it.
3144 * If none, create a valid empty table and save that.
3145 */
3146 if (!persist_data) {
3147 pdata = malloc(CRYPT_PERSIST_DATA_SIZE);
3148 if (pdata) {
3149 init_empty_persist_data(pdata, CRYPT_PERSIST_DATA_SIZE);
3150 persist_data = pdata;
3151 }
3152 }
3153 if (persist_data) {
3154 save_persistent_data();
3155 }
Ken Sumrall160b4d62013-04-22 12:15:39 -07003156 }
3157
Paul Lawrence3d99eba2015-11-20 07:07:19 -08003158 if (onlyCreateHeader) {
3159 sleep(2);
3160 cryptfs_reboot(reboot);
3161 }
3162
3163 if (how == CRYPTO_ENABLE_INPLACE && (!no_ui || rebootEncryption)) {
Ajay Dudani87701e22014-09-17 21:02:52 -07003164 /* startup service classes main and late_start */
3165 property_set("vold.decrypt", "trigger_restart_min_framework");
3166 SLOGD("Just triggered restart_min_framework\n");
3167
3168 /* OK, the framework is restarted and will soon be showing a
3169 * progress bar. Time to setup an encrypted mapping, and
3170 * either write a new filesystem, or encrypt in place updating
3171 * the progress bar as we work.
3172 */
3173 }
3174
Paul Lawrenced0c7b172014-08-08 14:28:10 -07003175 decrypt_master_key(passwd, decrypted_master_key, &crypt_ftr, 0, 0);
Ken Sumrall29d8da82011-05-18 17:20:07 -07003176 create_crypto_blk_dev(&crypt_ftr, decrypted_master_key, real_blkdev, crypto_blkdev,
Paul Lawrence3d99eba2015-11-20 07:07:19 -08003177 CRYPTO_BLOCK_DEVICE);
Ken Sumrall29d8da82011-05-18 17:20:07 -07003178
Paul Lawrence87999172014-02-20 12:21:31 -08003179 /* If we are continuing, check checksums match */
3180 rc = 0;
3181 if (previously_encrypted_upto) {
3182 __le8 hash_first_block[SHA256_DIGEST_LENGTH];
3183 rc = cryptfs_SHA256_fileblock(crypto_blkdev, hash_first_block);
Ken Sumrall128626f2011-06-28 18:45:14 -07003184
Paul Lawrence87999172014-02-20 12:21:31 -08003185 if (!rc && memcmp(hash_first_block, crypt_ftr.hash_first_block,
3186 sizeof(hash_first_block)) != 0) {
3187 SLOGE("Checksums do not match - trigger wipe");
3188 rc = -1;
Ken Sumrall29d8da82011-05-18 17:20:07 -07003189 }
3190 }
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003191
Paul Lawrence87999172014-02-20 12:21:31 -08003192 if (!rc) {
3193 rc = cryptfs_enable_all_volumes(&crypt_ftr, how,
3194 crypto_blkdev, real_blkdev,
3195 previously_encrypted_upto);
3196 }
3197
3198 /* Calculate checksum if we are not finished */
Paul Lawrenceb1eb7a02014-11-25 14:57:32 -08003199 if (!rc && how == CRYPTO_ENABLE_INPLACE
3200 && crypt_ftr.encrypted_upto != crypt_ftr.fs_size) {
Paul Lawrence87999172014-02-20 12:21:31 -08003201 rc = cryptfs_SHA256_fileblock(crypto_blkdev,
3202 crypt_ftr.hash_first_block);
Paul Lawrence73d7a022014-06-09 14:10:09 -07003203 if (rc) {
Paul Lawrence87999172014-02-20 12:21:31 -08003204 SLOGE("Error calculating checksum for continuing encryption");
3205 rc = -1;
Ken Sumrall29d8da82011-05-18 17:20:07 -07003206 }
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003207 }
3208
3209 /* Undo the dm-crypt mapping whether we succeed or not */
Paul Lawrence3d99eba2015-11-20 07:07:19 -08003210 delete_crypto_blk_dev(CRYPTO_BLOCK_DEVICE);
Ken Sumrall29d8da82011-05-18 17:20:07 -07003211
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003212 if (! rc) {
3213 /* Success */
Paul Lawrence6bfed202014-07-28 12:47:22 -07003214 crypt_ftr.flags &= ~CRYPT_INCONSISTENT_STATE;
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08003215
Paul Lawrenceb1eb7a02014-11-25 14:57:32 -08003216 if (how == CRYPTO_ENABLE_INPLACE
3217 && crypt_ftr.encrypted_upto != crypt_ftr.fs_size) {
Paul Lawrence87999172014-02-20 12:21:31 -08003218 SLOGD("Encrypted up to sector %lld - will continue after reboot",
3219 crypt_ftr.encrypted_upto);
Paul Lawrence6bfed202014-07-28 12:47:22 -07003220 crypt_ftr.flags |= CRYPT_ENCRYPTION_IN_PROGRESS;
Paul Lawrence87999172014-02-20 12:21:31 -08003221 }
Paul Lawrence73d7a022014-06-09 14:10:09 -07003222
Paul Lawrence6bfed202014-07-28 12:47:22 -07003223 put_crypt_ftr_and_key(&crypt_ftr);
Ken Sumralld33d4172011-02-01 00:49:13 -08003224
Paul Lawrenceb1eb7a02014-11-25 14:57:32 -08003225 if (how == CRYPTO_ENABLE_WIPE
3226 || crypt_ftr.encrypted_upto == crypt_ftr.fs_size) {
Paul Lawrenceb6672e12014-08-15 07:37:28 -07003227 char value[PROPERTY_VALUE_MAX];
3228 property_get("ro.crypto.state", value, "");
3229 if (!strcmp(value, "")) {
3230 /* default encryption - continue first boot sequence */
3231 property_set("ro.crypto.state", "encrypted");
3232 release_wake_lock(lockid);
Paul Lawrence3d99eba2015-11-20 07:07:19 -08003233 if (rebootEncryption && crypt_ftr.crypt_type != CRYPT_TYPE_DEFAULT) {
3234 // Bring up cryptkeeper that will check the password and set it
3235 property_set("vold.decrypt", "trigger_shutdown_framework");
3236 sleep(2);
3237 property_set("vold.encrypt_progress", "");
3238 cryptfs_trigger_restart_min_framework();
3239 } else {
3240 cryptfs_check_passwd(DEFAULT_PASSWORD);
3241 cryptfs_restart_internal(1);
3242 }
Paul Lawrenceb6672e12014-08-15 07:37:28 -07003243 return 0;
3244 } else {
3245 sleep(2); /* Give the UI a chance to show 100% progress */
Paul Lawrence87999172014-02-20 12:21:31 -08003246 cryptfs_reboot(reboot);
Paul Lawrenceb6672e12014-08-15 07:37:28 -07003247 }
Paul Lawrence87999172014-02-20 12:21:31 -08003248 } else {
Paul Lawrenceb6672e12014-08-15 07:37:28 -07003249 sleep(2); /* Partially encrypted, ensure writes flushed to ssd */
Paul Lawrence87999172014-02-20 12:21:31 -08003250 cryptfs_reboot(shutdown);
3251 }
Ken Sumrall3ed82362011-01-28 23:31:16 -08003252 } else {
Mike Lockwoodee6d8c42012-02-15 13:43:28 -08003253 char value[PROPERTY_VALUE_MAX];
3254
Ken Sumrall319369a2012-06-27 16:30:18 -07003255 property_get("ro.vold.wipe_on_crypt_fail", value, "0");
Mike Lockwoodee6d8c42012-02-15 13:43:28 -08003256 if (!strcmp(value, "1")) {
3257 /* wipe data if encryption failed */
3258 SLOGE("encryption failed - rebooting into recovery to wipe data\n");
3259 mkdir("/cache/recovery", 0700);
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07003260 int fd = open("/cache/recovery/command", O_RDWR|O_CREAT|O_TRUNC|O_CLOEXEC, 0600);
Mike Lockwoodee6d8c42012-02-15 13:43:28 -08003261 if (fd >= 0) {
Jeff Sharkeydd1a8042014-09-24 11:46:51 -07003262 write(fd, "--wipe_data\n", strlen("--wipe_data\n") + 1);
3263 write(fd, "--reason=cryptfs_enable_internal\n", strlen("--reason=cryptfs_enable_internal\n") + 1);
Mike Lockwoodee6d8c42012-02-15 13:43:28 -08003264 close(fd);
3265 } else {
3266 SLOGE("could not open /cache/recovery/command\n");
3267 }
Paul Lawrence87999172014-02-20 12:21:31 -08003268 cryptfs_reboot(recovery);
Mike Lockwoodee6d8c42012-02-15 13:43:28 -08003269 } else {
3270 /* set property to trigger dialog */
3271 property_set("vold.encrypt_progress", "error_partially_encrypted");
3272 release_wake_lock(lockid);
3273 }
Ken Sumrall3ed82362011-01-28 23:31:16 -08003274 return -1;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003275 }
3276
Ken Sumrall3ed82362011-01-28 23:31:16 -08003277 /* hrm, the encrypt step claims success, but the reboot failed.
3278 * This should not happen.
3279 * Set the property and return. Hope the framework can deal with it.
3280 */
3281 property_set("vold.encrypt_progress", "error_reboot_failed");
Ken Sumrall5d4c68e2011-01-30 19:06:03 -08003282 release_wake_lock(lockid);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003283 return rc;
Ken Sumrall3ed82362011-01-28 23:31:16 -08003284
3285error_unencrypted:
3286 property_set("vold.encrypt_progress", "error_not_encrypted");
Ken Sumrall5d4c68e2011-01-30 19:06:03 -08003287 if (lockid[0]) {
3288 release_wake_lock(lockid);
3289 }
Ken Sumrall3ed82362011-01-28 23:31:16 -08003290 return -1;
3291
3292error_shutting_down:
3293 /* we failed, and have not encrypted anthing, so the users's data is still intact,
3294 * but the framework is stopped and not restarted to show the error, so it's up to
3295 * vold to restart the system.
3296 */
3297 SLOGE("Error enabling encryption after framework is shutdown, no data changed, restarting system");
Paul Lawrence87999172014-02-20 12:21:31 -08003298 cryptfs_reboot(reboot);
Ken Sumrall3ed82362011-01-28 23:31:16 -08003299
3300 /* shouldn't get here */
3301 property_set("vold.encrypt_progress", "error_shutting_down");
Ken Sumrall5d4c68e2011-01-30 19:06:03 -08003302 if (lockid[0]) {
3303 release_wake_lock(lockid);
3304 }
Ken Sumrall3ed82362011-01-28 23:31:16 -08003305 return -1;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003306}
3307
Paul Lawrence569649f2015-09-09 12:13:00 -07003308int cryptfs_enable(char *howarg, int type, char *passwd, int no_ui)
Paul Lawrence13486032014-02-03 13:28:11 -08003309{
Paul Lawrence569649f2015-09-09 12:13:00 -07003310 return cryptfs_enable_internal(howarg, type, passwd, no_ui);
Paul Lawrence13486032014-02-03 13:28:11 -08003311}
3312
Paul Lawrence569649f2015-09-09 12:13:00 -07003313int cryptfs_enable_default(char *howarg, int no_ui)
Paul Lawrence13486032014-02-03 13:28:11 -08003314{
3315 return cryptfs_enable_internal(howarg, CRYPT_TYPE_DEFAULT,
Paul Lawrence569649f2015-09-09 12:13:00 -07003316 DEFAULT_PASSWORD, no_ui);
Paul Lawrence13486032014-02-03 13:28:11 -08003317}
3318
3319int cryptfs_changepw(int crypt_type, const char *newpw)
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003320{
Paul Crowley38132a12016-02-09 09:50:32 +00003321 if (e4crypt_is_native()) {
Paul Lawrence7b6b5652016-02-02 11:14:59 -08003322 SLOGE("cryptfs_changepw not valid for file encryption");
3323 return -1;
Paul Lawrence05335c32015-03-05 09:46:23 -08003324 }
3325
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003326 struct crypt_mnt_ftr crypt_ftr;
JP Abgrall933216c2015-02-11 13:44:32 -08003327 int rc;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003328
3329 /* This is only allowed after we've successfully decrypted the master key */
Paul Lawrencef4faa572014-01-29 13:31:03 -08003330 if (!master_key_saved) {
Ken Sumrall0cc16632011-01-18 20:32:26 -08003331 SLOGE("Key not saved, aborting");
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003332 return -1;
3333 }
3334
Paul Lawrencef4faa572014-01-29 13:31:03 -08003335 if (crypt_type < 0 || crypt_type > CRYPT_TYPE_MAX_TYPE) {
3336 SLOGE("Invalid crypt_type %d", crypt_type);
3337 return -1;
3338 }
3339
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003340 /* get key */
Ken Sumrall160b4d62013-04-22 12:15:39 -07003341 if (get_crypt_ftr_and_key(&crypt_ftr)) {
Paul Lawrencef4faa572014-01-29 13:31:03 -08003342 SLOGE("Error getting crypt footer and key");
3343 return -1;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003344 }
3345
Paul Lawrencef4faa572014-01-29 13:31:03 -08003346 crypt_ftr.crypt_type = crypt_type;
3347
JP Abgrall933216c2015-02-11 13:44:32 -08003348 rc = encrypt_master_key(crypt_type == CRYPT_TYPE_DEFAULT ? DEFAULT_PASSWORD
Paul Lawrencef4faa572014-01-29 13:31:03 -08003349 : newpw,
3350 crypt_ftr.salt,
3351 saved_master_key,
3352 crypt_ftr.master_key,
3353 &crypt_ftr);
JP Abgrall933216c2015-02-11 13:44:32 -08003354 if (rc) {
3355 SLOGE("Encrypt master key failed: %d", rc);
3356 return -1;
3357 }
Jason parks70a4b3f2011-01-28 10:10:47 -06003358 /* save the key */
Ken Sumrall160b4d62013-04-22 12:15:39 -07003359 put_crypt_ftr_and_key(&crypt_ftr);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003360
Ajay Dudani87701e22014-09-17 21:02:52 -07003361#ifdef CONFIG_HW_DISK_ENCRYPTION
Iliyan Malchevbb7d9af2014-11-20 18:42:23 -08003362 if (!strcmp((char *)crypt_ftr.crypto_type_name, "aes-xts")) {
3363 if (crypt_type == CRYPT_TYPE_DEFAULT) {
3364 int rc = update_hw_device_encryption_key(DEFAULT_PASSWORD, (char*) crypt_ftr.crypto_type_name);
3365 SLOGD("Update hardware encryption key to default for crypt_type: %d. rc = %d", crypt_type, rc);
3366 if (!rc)
3367 return -1;
3368 } else {
3369 int rc = update_hw_device_encryption_key(newpw, (char*) crypt_ftr.crypto_type_name);
3370 SLOGD("Update hardware encryption key for crypt_type: %d. rc = %d", crypt_type, rc);
3371 if (!rc)
3372 return -1;
3373 }
Ajay Dudani87701e22014-09-17 21:02:52 -07003374 }
3375#endif
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003376 return 0;
3377}
Ken Sumrall160b4d62013-04-22 12:15:39 -07003378
Rubin Xu85c01f92014-10-13 12:49:54 +01003379static unsigned int persist_get_max_entries(int encrypted) {
3380 struct crypt_mnt_ftr crypt_ftr;
3381 unsigned int dsize;
3382 unsigned int max_persistent_entries;
3383
3384 /* If encrypted, use the values from the crypt_ftr, otherwise
3385 * use the values for the current spec.
3386 */
3387 if (encrypted) {
3388 if (get_crypt_ftr_and_key(&crypt_ftr)) {
3389 return -1;
3390 }
3391 dsize = crypt_ftr.persist_data_size;
3392 } else {
3393 dsize = CRYPT_PERSIST_DATA_SIZE;
3394 }
3395
3396 max_persistent_entries = (dsize - sizeof(struct crypt_persist_data)) /
3397 sizeof(struct crypt_persist_entry);
3398
3399 return max_persistent_entries;
3400}
3401
3402static int persist_get_key(const char *fieldname, char *value)
Ken Sumrall160b4d62013-04-22 12:15:39 -07003403{
3404 unsigned int i;
3405
3406 if (persist_data == NULL) {
3407 return -1;
3408 }
3409 for (i = 0; i < persist_data->persist_valid_entries; i++) {
3410 if (!strncmp(persist_data->persist_entry[i].key, fieldname, PROPERTY_KEY_MAX)) {
3411 /* We found it! */
3412 strlcpy(value, persist_data->persist_entry[i].val, PROPERTY_VALUE_MAX);
3413 return 0;
3414 }
3415 }
3416
3417 return -1;
3418}
3419
Rubin Xu85c01f92014-10-13 12:49:54 +01003420static int persist_set_key(const char *fieldname, const char *value, int encrypted)
Ken Sumrall160b4d62013-04-22 12:15:39 -07003421{
3422 unsigned int i;
3423 unsigned int num;
Ken Sumrall160b4d62013-04-22 12:15:39 -07003424 unsigned int max_persistent_entries;
Ken Sumrall160b4d62013-04-22 12:15:39 -07003425
3426 if (persist_data == NULL) {
3427 return -1;
3428 }
3429
Rubin Xu85c01f92014-10-13 12:49:54 +01003430 max_persistent_entries = persist_get_max_entries(encrypted);
Ken Sumrall160b4d62013-04-22 12:15:39 -07003431
3432 num = persist_data->persist_valid_entries;
3433
3434 for (i = 0; i < num; i++) {
3435 if (!strncmp(persist_data->persist_entry[i].key, fieldname, PROPERTY_KEY_MAX)) {
3436 /* We found an existing entry, update it! */
3437 memset(persist_data->persist_entry[i].val, 0, PROPERTY_VALUE_MAX);
3438 strlcpy(persist_data->persist_entry[i].val, value, PROPERTY_VALUE_MAX);
3439 return 0;
3440 }
3441 }
3442
3443 /* We didn't find it, add it to the end, if there is room */
3444 if (persist_data->persist_valid_entries < max_persistent_entries) {
3445 memset(&persist_data->persist_entry[num], 0, sizeof(struct crypt_persist_entry));
3446 strlcpy(persist_data->persist_entry[num].key, fieldname, PROPERTY_KEY_MAX);
3447 strlcpy(persist_data->persist_entry[num].val, value, PROPERTY_VALUE_MAX);
3448 persist_data->persist_valid_entries++;
3449 return 0;
3450 }
3451
3452 return -1;
3453}
3454
Rubin Xu85c01f92014-10-13 12:49:54 +01003455/**
3456 * Test if key is part of the multi-entry (field, index) sequence. Return non-zero if key is in the
3457 * sequence and its index is greater than or equal to index. Return 0 otherwise.
3458 */
3459static int match_multi_entry(const char *key, const char *field, unsigned index) {
Rubin Xu85c01f92014-10-13 12:49:54 +01003460 unsigned int field_len;
3461 unsigned int key_index;
3462 field_len = strlen(field);
3463
3464 if (index == 0) {
3465 // The first key in a multi-entry field is just the filedname itself.
3466 if (!strcmp(key, field)) {
3467 return 1;
3468 }
3469 }
3470 // Match key against "%s_%d" % (field, index)
3471 if (strlen(key) < field_len + 1 + 1) {
3472 // Need at least a '_' and a digit.
3473 return 0;
3474 }
3475 if (strncmp(key, field, field_len)) {
3476 // If the key does not begin with field, it's not a match.
3477 return 0;
3478 }
3479 if (1 != sscanf(&key[field_len],"_%d", &key_index)) {
3480 return 0;
3481 }
3482 return key_index >= index;
3483}
3484
3485/*
3486 * Delete entry/entries from persist_data. If the entries are part of a multi-segment field, all
3487 * remaining entries starting from index will be deleted.
3488 * returns PERSIST_DEL_KEY_OK if deletion succeeds,
3489 * PERSIST_DEL_KEY_ERROR_NO_FIELD if the field does not exist,
3490 * and PERSIST_DEL_KEY_ERROR_OTHER if error occurs.
3491 *
3492 */
3493static int persist_del_keys(const char *fieldname, unsigned index)
3494{
3495 unsigned int i;
3496 unsigned int j;
3497 unsigned int num;
3498
3499 if (persist_data == NULL) {
3500 return PERSIST_DEL_KEY_ERROR_OTHER;
3501 }
3502
3503 num = persist_data->persist_valid_entries;
3504
3505 j = 0; // points to the end of non-deleted entries.
3506 // Filter out to-be-deleted entries in place.
3507 for (i = 0; i < num; i++) {
3508 if (!match_multi_entry(persist_data->persist_entry[i].key, fieldname, index)) {
3509 persist_data->persist_entry[j] = persist_data->persist_entry[i];
3510 j++;
3511 }
3512 }
3513
3514 if (j < num) {
3515 persist_data->persist_valid_entries = j;
3516 // Zeroise the remaining entries
3517 memset(&persist_data->persist_entry[j], 0, (num - j) * sizeof(struct crypt_persist_entry));
3518 return PERSIST_DEL_KEY_OK;
3519 } else {
3520 // Did not find an entry matching the given fieldname
3521 return PERSIST_DEL_KEY_ERROR_NO_FIELD;
3522 }
3523}
3524
3525static int persist_count_keys(const char *fieldname)
3526{
3527 unsigned int i;
3528 unsigned int count;
3529
3530 if (persist_data == NULL) {
3531 return -1;
3532 }
3533
3534 count = 0;
3535 for (i = 0; i < persist_data->persist_valid_entries; i++) {
3536 if (match_multi_entry(persist_data->persist_entry[i].key, fieldname, 0)) {
3537 count++;
3538 }
3539 }
3540
3541 return count;
3542}
3543
Ken Sumrall160b4d62013-04-22 12:15:39 -07003544/* Return the value of the specified field. */
Rubin Xu85c01f92014-10-13 12:49:54 +01003545int cryptfs_getfield(const char *fieldname, char *value, int len)
Ken Sumrall160b4d62013-04-22 12:15:39 -07003546{
Paul Crowley38132a12016-02-09 09:50:32 +00003547 if (e4crypt_is_native()) {
Paul Lawrence5a06a642016-02-03 13:39:13 -08003548 SLOGE("Cannot get field when file encrypted");
3549 return -1;
Paul Lawrence368d7942015-04-15 14:12:00 -07003550 }
3551
Ken Sumrall160b4d62013-04-22 12:15:39 -07003552 char temp_value[PROPERTY_VALUE_MAX];
Rubin Xu85c01f92014-10-13 12:49:54 +01003553 /* CRYPTO_GETFIELD_OK is success,
3554 * CRYPTO_GETFIELD_ERROR_NO_FIELD is value not set,
3555 * CRYPTO_GETFIELD_ERROR_BUF_TOO_SMALL is buffer (as given by len) too small,
3556 * CRYPTO_GETFIELD_ERROR_OTHER is any other error
Ken Sumrall160b4d62013-04-22 12:15:39 -07003557 */
Rubin Xu85c01f92014-10-13 12:49:54 +01003558 int rc = CRYPTO_GETFIELD_ERROR_OTHER;
3559 int i;
3560 char temp_field[PROPERTY_KEY_MAX];
Ken Sumrall160b4d62013-04-22 12:15:39 -07003561
3562 if (persist_data == NULL) {
3563 load_persistent_data();
3564 if (persist_data == NULL) {
3565 SLOGE("Getfield error, cannot load persistent data");
3566 goto out;
3567 }
3568 }
3569
Rubin Xu85c01f92014-10-13 12:49:54 +01003570 // Read value from persistent entries. If the original value is split into multiple entries,
3571 // stitch them back together.
Ken Sumrall160b4d62013-04-22 12:15:39 -07003572 if (!persist_get_key(fieldname, temp_value)) {
Rubin Xu85c01f92014-10-13 12:49:54 +01003573 // We found it, copy it to the caller's buffer and keep going until all entries are read.
3574 if (strlcpy(value, temp_value, len) >= (unsigned) len) {
3575 // value too small
3576 rc = CRYPTO_GETFIELD_ERROR_BUF_TOO_SMALL;
3577 goto out;
3578 }
3579 rc = CRYPTO_GETFIELD_OK;
3580
3581 for (i = 1; /* break explicitly */; i++) {
3582 if (snprintf(temp_field, sizeof(temp_field), "%s_%d", fieldname, i) >=
3583 (int) sizeof(temp_field)) {
3584 // If the fieldname is very long, we stop as soon as it begins to overflow the
3585 // maximum field length. At this point we have in fact fully read out the original
3586 // value because cryptfs_setfield would not allow fields with longer names to be
3587 // written in the first place.
3588 break;
3589 }
3590 if (!persist_get_key(temp_field, temp_value)) {
3591 if (strlcat(value, temp_value, len) >= (unsigned)len) {
3592 // value too small.
3593 rc = CRYPTO_GETFIELD_ERROR_BUF_TOO_SMALL;
3594 goto out;
3595 }
3596 } else {
3597 // Exhaust all entries.
3598 break;
3599 }
3600 }
Ken Sumrall160b4d62013-04-22 12:15:39 -07003601 } else {
3602 /* Sadness, it's not there. Return the error */
Rubin Xu85c01f92014-10-13 12:49:54 +01003603 rc = CRYPTO_GETFIELD_ERROR_NO_FIELD;
Ken Sumrall160b4d62013-04-22 12:15:39 -07003604 }
3605
3606out:
3607 return rc;
3608}
3609
3610/* Set the value of the specified field. */
Rubin Xu85c01f92014-10-13 12:49:54 +01003611int cryptfs_setfield(const char *fieldname, const char *value)
Ken Sumrall160b4d62013-04-22 12:15:39 -07003612{
Paul Crowley38132a12016-02-09 09:50:32 +00003613 if (e4crypt_is_native()) {
Paul Lawrence5a06a642016-02-03 13:39:13 -08003614 SLOGE("Cannot set field when file encrypted");
3615 return -1;
Paul Lawrence368d7942015-04-15 14:12:00 -07003616 }
3617
Ken Sumrall160b4d62013-04-22 12:15:39 -07003618 char encrypted_state[PROPERTY_VALUE_MAX];
Rubin Xu85c01f92014-10-13 12:49:54 +01003619 /* 0 is success, negative values are error */
3620 int rc = CRYPTO_SETFIELD_ERROR_OTHER;
Ken Sumrall160b4d62013-04-22 12:15:39 -07003621 int encrypted = 0;
Rubin Xu85c01f92014-10-13 12:49:54 +01003622 unsigned int field_id;
3623 char temp_field[PROPERTY_KEY_MAX];
3624 unsigned int num_entries;
3625 unsigned int max_keylen;
Ken Sumrall160b4d62013-04-22 12:15:39 -07003626
3627 if (persist_data == NULL) {
3628 load_persistent_data();
3629 if (persist_data == NULL) {
3630 SLOGE("Setfield error, cannot load persistent data");
3631 goto out;
3632 }
3633 }
3634
3635 property_get("ro.crypto.state", encrypted_state, "");
3636 if (!strcmp(encrypted_state, "encrypted") ) {
3637 encrypted = 1;
3638 }
3639
Rubin Xu85c01f92014-10-13 12:49:54 +01003640 // Compute the number of entries required to store value, each entry can store up to
3641 // (PROPERTY_VALUE_MAX - 1) chars
3642 if (strlen(value) == 0) {
3643 // Empty value also needs one entry to store.
3644 num_entries = 1;
3645 } else {
3646 num_entries = (strlen(value) + (PROPERTY_VALUE_MAX - 1) - 1) / (PROPERTY_VALUE_MAX - 1);
3647 }
3648
3649 max_keylen = strlen(fieldname);
3650 if (num_entries > 1) {
3651 // Need an extra "_%d" suffix.
3652 max_keylen += 1 + log10(num_entries);
3653 }
3654 if (max_keylen > PROPERTY_KEY_MAX - 1) {
3655 rc = CRYPTO_SETFIELD_ERROR_FIELD_TOO_LONG;
Ken Sumrall160b4d62013-04-22 12:15:39 -07003656 goto out;
3657 }
3658
Rubin Xu85c01f92014-10-13 12:49:54 +01003659 // Make sure we have enough space to write the new value
3660 if (persist_data->persist_valid_entries + num_entries - persist_count_keys(fieldname) >
3661 persist_get_max_entries(encrypted)) {
3662 rc = CRYPTO_SETFIELD_ERROR_VALUE_TOO_LONG;
3663 goto out;
3664 }
3665
3666 // Now that we know persist_data has enough space for value, let's delete the old field first
3667 // to make up space.
3668 persist_del_keys(fieldname, 0);
3669
3670 if (persist_set_key(fieldname, value, encrypted)) {
3671 // fail to set key, should not happen as we have already checked the available space
3672 SLOGE("persist_set_key() error during setfield()");
3673 goto out;
3674 }
3675
3676 for (field_id = 1; field_id < num_entries; field_id++) {
3677 snprintf(temp_field, sizeof(temp_field), "%s_%d", fieldname, field_id);
3678
3679 if (persist_set_key(temp_field, value + field_id * (PROPERTY_VALUE_MAX - 1), encrypted)) {
3680 // fail to set key, should not happen as we have already checked the available space.
3681 SLOGE("persist_set_key() error during setfield()");
3682 goto out;
3683 }
3684 }
3685
Ken Sumrall160b4d62013-04-22 12:15:39 -07003686 /* If we are running encrypted, save the persistent data now */
3687 if (encrypted) {
3688 if (save_persistent_data()) {
3689 SLOGE("Setfield error, cannot save persistent data");
3690 goto out;
3691 }
3692 }
3693
Rubin Xu85c01f92014-10-13 12:49:54 +01003694 rc = CRYPTO_SETFIELD_OK;
Ken Sumrall160b4d62013-04-22 12:15:39 -07003695
3696out:
3697 return rc;
3698}
Paul Lawrencef4faa572014-01-29 13:31:03 -08003699
3700/* Checks userdata. Attempt to mount the volume if default-
3701 * encrypted.
3702 * On success trigger next init phase and return 0.
3703 * Currently do not handle failure - see TODO below.
3704 */
3705int cryptfs_mount_default_encrypted(void)
3706{
3707 char decrypt_state[PROPERTY_VALUE_MAX];
3708 property_get("vold.decrypt", decrypt_state, "0");
3709 if (!strcmp(decrypt_state, "0")) {
3710 SLOGE("Not encrypted - should not call here");
3711 } else {
3712 int crypt_type = cryptfs_get_password_type();
3713 if (crypt_type < 0 || crypt_type > CRYPT_TYPE_MAX_TYPE) {
3714 SLOGE("Bad crypt type - error");
3715 } else if (crypt_type != CRYPT_TYPE_DEFAULT) {
3716 SLOGD("Password is not default - "
3717 "starting min framework to prompt");
3718 property_set("vold.decrypt", "trigger_restart_min_framework");
3719 return 0;
3720 } else if (cryptfs_check_passwd(DEFAULT_PASSWORD) == 0) {
3721 SLOGD("Password is default - restarting filesystem");
3722 cryptfs_restart_internal(0);
3723 return 0;
3724 } else {
3725 SLOGE("Encrypted, default crypt type but can't decrypt");
3726 }
3727 }
3728
Paul Lawrence6bfed202014-07-28 12:47:22 -07003729 /** Corrupt. Allow us to boot into framework, which will detect bad
3730 crypto when it calls do_crypto_complete, then do a factory reset
Paul Lawrencef4faa572014-01-29 13:31:03 -08003731 */
Paul Lawrence6bfed202014-07-28 12:47:22 -07003732 property_set("vold.decrypt", "trigger_restart_min_framework");
Paul Lawrencef4faa572014-01-29 13:31:03 -08003733 return 0;
3734}
3735
3736/* Returns type of the password, default, pattern, pin or password.
3737 */
3738int cryptfs_get_password_type(void)
3739{
Paul Crowley38132a12016-02-09 09:50:32 +00003740 if (e4crypt_is_native()) {
Paul Lawrence7b6b5652016-02-02 11:14:59 -08003741 SLOGE("cryptfs_get_password_type not valid for file encryption");
3742 return -1;
Paul Lawrence05335c32015-03-05 09:46:23 -08003743 }
3744
Paul Lawrencef4faa572014-01-29 13:31:03 -08003745 struct crypt_mnt_ftr crypt_ftr;
3746
3747 if (get_crypt_ftr_and_key(&crypt_ftr)) {
3748 SLOGE("Error getting crypt footer and key\n");
3749 return -1;
3750 }
3751
Paul Lawrence6bfed202014-07-28 12:47:22 -07003752 if (crypt_ftr.flags & CRYPT_INCONSISTENT_STATE) {
3753 return -1;
3754 }
3755
Paul Lawrencef4faa572014-01-29 13:31:03 -08003756 return crypt_ftr.crypt_type;
3757}
Paul Lawrence684dbdf2014-02-07 12:07:22 -08003758
Paul Lawrence05335c32015-03-05 09:46:23 -08003759const char* cryptfs_get_password()
Paul Lawrence684dbdf2014-02-07 12:07:22 -08003760{
Paul Crowley38132a12016-02-09 09:50:32 +00003761 if (e4crypt_is_native()) {
Paul Lawrence7b6b5652016-02-02 11:14:59 -08003762 SLOGE("cryptfs_get_password not valid for file encryption");
3763 return 0;
Paul Lawrence05335c32015-03-05 09:46:23 -08003764 }
3765
Paul Lawrence399317e2014-03-10 13:20:50 -07003766 struct timespec now;
Paul Lawrenceef2b5be2014-11-11 12:47:03 -08003767 clock_gettime(CLOCK_BOOTTIME, &now);
Paul Lawrence399317e2014-03-10 13:20:50 -07003768 if (now.tv_sec < password_expiry_time) {
3769 return password;
3770 } else {
3771 cryptfs_clear_password();
3772 return 0;
3773 }
3774}
3775
3776void cryptfs_clear_password()
3777{
3778 if (password) {
3779 size_t len = strlen(password);
3780 memset(password, 0, len);
3781 free(password);
3782 password = 0;
3783 password_expiry_time = 0;
3784 }
Paul Lawrence684dbdf2014-02-07 12:07:22 -08003785}
Paul Lawrence731a7a22015-04-28 22:14:15 +00003786
3787int cryptfs_enable_file()
3788{
Paul Crowley38132a12016-02-09 09:50:32 +00003789 return e4crypt_initialize_global_de();
Paul Lawrence731a7a22015-04-28 22:14:15 +00003790}
3791
Paul Lawrence0c247462015-10-29 10:30:57 -07003792int cryptfs_isConvertibleToFBE()
3793{
3794 struct fstab_rec* rec = fs_mgr_get_entry_for_mount_point(fstab, DATA_MNT_POINT);
3795 return fs_mgr_is_convertible_to_fbe(rec) ? 1 : 0;
3796}
3797
Paul Lawrence731a7a22015-04-28 22:14:15 +00003798int cryptfs_create_default_ftr(struct crypt_mnt_ftr* crypt_ftr, __attribute__((unused))int key_length)
3799{
3800 if (cryptfs_init_crypt_mnt_ftr(crypt_ftr)) {
3801 SLOGE("Failed to initialize crypt_ftr");
3802 return -1;
3803 }
3804
3805 if (create_encrypted_random_key(DEFAULT_PASSWORD, crypt_ftr->master_key,
3806 crypt_ftr->salt, crypt_ftr)) {
3807 SLOGE("Cannot create encrypted master key\n");
3808 return -1;
3809 }
3810
3811 //crypt_ftr->keysize = key_length / 8;
3812 return 0;
3813}
3814
3815int cryptfs_get_master_key(struct crypt_mnt_ftr* ftr, const char* password,
3816 unsigned char* master_key)
3817{
3818 int rc;
3819
Paul Lawrence731a7a22015-04-28 22:14:15 +00003820 unsigned char* intermediate_key = 0;
3821 size_t intermediate_key_size = 0;
Paul Lawrencec78c71b2015-04-14 15:26:29 -07003822
3823 if (password == 0 || *password == 0) {
3824 password = DEFAULT_PASSWORD;
3825 }
3826
Paul Lawrence731a7a22015-04-28 22:14:15 +00003827 rc = decrypt_master_key(password, master_key, ftr, &intermediate_key,
3828 &intermediate_key_size);
3829
Paul Lawrencec78c71b2015-04-14 15:26:29 -07003830 int N = 1 << ftr->N_factor;
3831 int r = 1 << ftr->r_factor;
3832 int p = 1 << ftr->p_factor;
3833
3834 unsigned char scrypted_intermediate_key[sizeof(ftr->scrypted_intermediate_key)];
3835
3836 rc = crypto_scrypt(intermediate_key, intermediate_key_size,
3837 ftr->salt, sizeof(ftr->salt), N, r, p,
3838 scrypted_intermediate_key,
3839 sizeof(scrypted_intermediate_key));
3840
3841 free(intermediate_key);
3842
3843 if (rc) {
3844 SLOGE("Can't calculate intermediate key");
3845 return rc;
3846 }
3847
3848 return memcmp(scrypted_intermediate_key, ftr->scrypted_intermediate_key,
3849 intermediate_key_size);
Paul Lawrence731a7a22015-04-28 22:14:15 +00003850}
3851
3852int cryptfs_set_password(struct crypt_mnt_ftr* ftr, const char* password,
3853 const unsigned char* master_key)
3854{
3855 return encrypt_master_key(password, ftr->salt, master_key, ftr->master_key,
3856 ftr);
3857}