blob: 23bf2e13a3006838b0c7956020cf88aa026eb424 [file] [log] [blame]
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001/*
2 * Copyright (C) 2010 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17/* TO DO:
18 * 1. Perhaps keep several copies of the encrypted key, in case something
19 * goes horribly wrong?
20 *
21 */
22
23#include <sys/types.h>
Ken Sumralle550f782013-08-20 13:48:23 -070024#include <sys/wait.h>
Ken Sumrall8f869aa2010-12-03 03:47:09 -080025#include <sys/stat.h>
Paul Lawrencef4faa572014-01-29 13:31:03 -080026#include <ctype.h>
Ken Sumrall8f869aa2010-12-03 03:47:09 -080027#include <fcntl.h>
Elliott Hughes73737162014-06-25 17:27:42 -070028#include <inttypes.h>
Ken Sumrall8f869aa2010-12-03 03:47:09 -080029#include <unistd.h>
30#include <stdio.h>
31#include <sys/ioctl.h>
32#include <linux/dm-ioctl.h>
33#include <libgen.h>
34#include <stdlib.h>
35#include <sys/param.h>
36#include <string.h>
37#include <sys/mount.h>
38#include <openssl/evp.h>
Adam Langley41405bb2015-01-22 16:45:28 -080039#include <openssl/sha.h>
Ken Sumrall8f869aa2010-12-03 03:47:09 -080040#include <errno.h>
Ken Sumrall3ed82362011-01-28 23:31:16 -080041#include <ext4.h>
Ken Sumrall29d8da82011-05-18 17:20:07 -070042#include <linux/kdev_t.h>
Ken Sumralle5032c42012-04-01 23:58:44 -070043#include <fs_mgr.h>
Paul Lawrence9c58a872014-09-30 09:12:51 -070044#include <time.h>
Rubin Xu85c01f92014-10-13 12:49:54 +010045#include <math.h>
Ken Sumrall8f869aa2010-12-03 03:47:09 -080046#include "cryptfs.h"
47#define LOG_TAG "Cryptfs"
48#include "cutils/log.h"
49#include "cutils/properties.h"
Ken Sumralladfba362013-06-04 16:37:52 -070050#include "cutils/android_reboot.h"
Ken Sumrall5d4c68e2011-01-30 19:06:03 -080051#include "hardware_legacy/power.h"
Ken Sumralle550f782013-08-20 13:48:23 -070052#include <logwrap/logwrap.h>
Ken Sumrall29d8da82011-05-18 17:20:07 -070053#include "VolumeManager.h"
Ken Sumrall9caab762013-06-11 19:10:20 -070054#include "VoldUtil.h"
Kenny Rootc4c70f12013-06-14 12:11:38 -070055#include "crypto_scrypt.h"
Paul Lawrence731a7a22015-04-28 22:14:15 +000056#include "Ext4Crypt.h"
57#include "ext4_crypt_init_extensions.h"
Paul Lawrenceae59fe62014-01-21 08:23:27 -080058#include "ext4_utils.h"
Daniel Rosenberge82df162014-08-15 22:19:23 +000059#include "f2fs_sparseblock.h"
Paul Lawrence87999172014-02-20 12:21:31 -080060#include "CheckBattery.h"
jessica_yu3f14fe42014-09-22 15:57:40 +080061#include "Process.h"
Ken Sumrall8f869aa2010-12-03 03:47:09 -080062
Shawn Willden8af33352015-02-24 09:51:34 -070063#include <hardware/keymaster0.h>
Shawn Willdenda6e8992015-06-03 09:40:45 -060064#include <hardware/keymaster1.h>
Paul Lawrence69f4ebd2014-04-14 12:17:14 -070065
Mark Salyzyn3e971272014-01-21 13:27:04 -080066#define UNUSED __attribute__((unused))
67
Mark Salyzyn5eecc442014-02-12 14:16:14 -080068#define UNUSED __attribute__((unused))
69
Ajay Dudani87701e22014-09-17 21:02:52 -070070#ifdef CONFIG_HW_DISK_ENCRYPTION
71#include "cryptfs_hw.h"
72#endif
73
Ken Sumrall8f869aa2010-12-03 03:47:09 -080074#define DM_CRYPT_BUF_SIZE 4096
75
Jason parks70a4b3f2011-01-28 10:10:47 -060076#define HASH_COUNT 2000
77#define KEY_LEN_BYTES 16
78#define IV_LEN_BYTES 16
79
Ken Sumrall29d8da82011-05-18 17:20:07 -070080#define KEY_IN_FOOTER "footer"
81
Paul Lawrence3bd36d52015-06-09 13:37:44 -070082#define DEFAULT_PASSWORD "default_password"
Paul Lawrencef4faa572014-01-29 13:31:03 -080083
Ken Sumrall29d8da82011-05-18 17:20:07 -070084#define EXT4_FS 1
JP Abgrall62c7af32014-06-16 13:01:23 -070085#define F2FS_FS 2
Ken Sumrall29d8da82011-05-18 17:20:07 -070086
Ken Sumralle919efe2012-09-29 17:07:41 -070087#define TABLE_LOAD_RETRIES 10
88
Shawn Willden47ba10d2014-09-03 17:07:06 -060089#define RSA_KEY_SIZE 2048
90#define RSA_KEY_SIZE_BYTES (RSA_KEY_SIZE / 8)
91#define RSA_EXPONENT 0x10001
Shawn Willdenda6e8992015-06-03 09:40:45 -060092#define KEYMASTER_CRYPTFS_RATE_LIMIT 1 // Maximum one try per second
93#define KEYMASTER_CRYPTFS_APP_ID "vold cryptfs"
Paul Lawrence69f4ebd2014-04-14 12:17:14 -070094
Paul Lawrence8e3f4512014-09-08 10:11:17 -070095#define RETRY_MOUNT_ATTEMPTS 10
96#define RETRY_MOUNT_DELAY_SECONDS 1
97
Ken Sumrall8f869aa2010-12-03 03:47:09 -080098char *me = "cryptfs";
99
Jason parks70a4b3f2011-01-28 10:10:47 -0600100static unsigned char saved_master_key[KEY_LEN_BYTES];
Ken Sumrall3ad90722011-10-04 20:38:29 -0700101static char *saved_mount_point;
Jason parks70a4b3f2011-01-28 10:10:47 -0600102static int master_key_saved = 0;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700103static struct crypt_persist_data *persist_data = NULL;
Ken Sumrall56ad03c2013-02-13 13:00:19 -0800104
Shawn Willdenda6e8992015-06-03 09:40:45 -0600105static int keymaster_init(keymaster0_device_t **keymaster0_dev,
106 keymaster1_device_t **keymaster1_dev)
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700107{
108 int rc;
109
110 const hw_module_t* mod;
111 rc = hw_get_module_by_class(KEYSTORE_HARDWARE_MODULE_ID, NULL, &mod);
112 if (rc) {
113 ALOGE("could not find any keystore module");
Shawn Willdenda6e8992015-06-03 09:40:45 -0600114 goto err;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700115 }
116
Shawn Willdenda6e8992015-06-03 09:40:45 -0600117 SLOGI("keymaster module name is %s", mod->name);
118 SLOGI("keymaster version is %d", mod->module_api_version);
119
120 *keymaster0_dev = NULL;
121 *keymaster1_dev = NULL;
122 if (mod->module_api_version == KEYMASTER_MODULE_API_VERSION_1_0) {
123 SLOGI("Found keymaster1 module, using keymaster1 API.");
124 rc = keymaster1_open(mod, keymaster1_dev);
125 } else {
126 SLOGI("Found keymaster0 module, using keymaster0 API.");
127 rc = keymaster0_open(mod, keymaster0_dev);
128 }
129
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700130 if (rc) {
131 ALOGE("could not open keymaster device in %s (%s)",
Shawn Willdenda6e8992015-06-03 09:40:45 -0600132 KEYSTORE_HARDWARE_MODULE_ID, strerror(-rc));
133 goto err;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700134 }
135
136 return 0;
137
Shawn Willdenda6e8992015-06-03 09:40:45 -0600138err:
139 *keymaster0_dev = NULL;
140 *keymaster1_dev = NULL;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700141 return rc;
142}
143
144/* Should we use keymaster? */
145static int keymaster_check_compatibility()
146{
Shawn Willdenda6e8992015-06-03 09:40:45 -0600147 keymaster0_device_t *keymaster0_dev = 0;
148 keymaster1_device_t *keymaster1_dev = 0;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700149 int rc = 0;
150
Shawn Willdenda6e8992015-06-03 09:40:45 -0600151 if (keymaster_init(&keymaster0_dev, &keymaster1_dev)) {
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700152 SLOGE("Failed to init keymaster");
153 rc = -1;
154 goto out;
155 }
156
Shawn Willdenda6e8992015-06-03 09:40:45 -0600157 if (keymaster1_dev) {
158 rc = 1;
159 goto out;
160 }
Paul Lawrence8c008392014-05-06 14:02:48 -0700161
Shawn Willdenda6e8992015-06-03 09:40:45 -0600162 // TODO(swillden): Check to see if there's any reason to require v0.3. I think v0.1 and v0.2
163 // should work.
164 if (keymaster0_dev->common.module->module_api_version
Paul Lawrence8c008392014-05-06 14:02:48 -0700165 < KEYMASTER_MODULE_API_VERSION_0_3) {
166 rc = 0;
167 goto out;
168 }
169
Shawn Willdenda6e8992015-06-03 09:40:45 -0600170 if (!(keymaster0_dev->flags & KEYMASTER_SOFTWARE_ONLY) &&
171 (keymaster0_dev->flags & KEYMASTER_BLOBS_ARE_STANDALONE)) {
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700172 rc = 1;
173 }
174
175out:
Shawn Willdenda6e8992015-06-03 09:40:45 -0600176 if (keymaster1_dev) {
177 keymaster1_close(keymaster1_dev);
178 }
179 if (keymaster0_dev) {
180 keymaster0_close(keymaster0_dev);
181 }
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700182 return rc;
183}
184
185/* Create a new keymaster key and store it in this footer */
186static int keymaster_create_key(struct crypt_mnt_ftr *ftr)
187{
188 uint8_t* key = 0;
Shawn Willdenda6e8992015-06-03 09:40:45 -0600189 keymaster0_device_t *keymaster0_dev = 0;
190 keymaster1_device_t *keymaster1_dev = 0;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700191
Shawn Willdenda6e8992015-06-03 09:40:45 -0600192 if (keymaster_init(&keymaster0_dev, &keymaster1_dev)) {
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700193 SLOGE("Failed to init keymaster");
194 return -1;
195 }
196
197 int rc = 0;
Shawn Willdenda6e8992015-06-03 09:40:45 -0600198 size_t key_size = 0;
199 if (keymaster1_dev) {
200 keymaster_key_param_t params[] = {
201 /* Algorithm & size specifications. Stick with RSA for now. Switch to AES later. */
202 keymaster_param_enum(KM_TAG_ALGORITHM, KM_ALGORITHM_RSA),
203 keymaster_param_int(KM_TAG_KEY_SIZE, RSA_KEY_SIZE),
204 keymaster_param_long(KM_TAG_RSA_PUBLIC_EXPONENT, RSA_EXPONENT),
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700205
Shawn Willdenda6e8992015-06-03 09:40:45 -0600206 /* Padding & digest specifications. We'll use none/none, but add better options
207 * just in case we want to use them later. Actual selection is done at operation
208 * time, but restricted to options specified at keygen. */
209 keymaster_param_enum(KM_TAG_PADDING, KM_PAD_NONE),
210 keymaster_param_enum(KM_TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN),
211 keymaster_param_enum(KM_TAG_DIGEST, KM_DIGEST_NONE),
212 keymaster_param_enum(KM_TAG_DIGEST, KM_DIGEST_SHA_2_256),
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700213
Shawn Willdenda6e8992015-06-03 09:40:45 -0600214 /* Require that the key be usable in standalone mode. File system isn't available. */
215 keymaster_param_enum(KM_TAG_BLOB_USAGE_REQUIREMENTS, KM_BLOB_STANDALONE),
216
217 /* No auth requirements, because cryptfs is not yet integrated with gatekeeper. */
218 keymaster_param_bool(KM_TAG_NO_AUTH_REQUIRED),
219
220 /* Set app ID to a value keystore will never use */
221 keymaster_param_blob(KM_TAG_APPLICATION_ID, (uint8_t*)KEYMASTER_CRYPTFS_APP_ID,
222 sizeof(KEYMASTER_CRYPTFS_APP_ID)),
223
224 /* Rate-limit key usage attempts, to rate-limit brute force */
225 keymaster_param_int(KM_TAG_MIN_SECONDS_BETWEEN_OPS, KEYMASTER_CRYPTFS_RATE_LIMIT),
226 };
227 keymaster_key_param_set_t param_set = { params, sizeof(params)/sizeof(*params) };
228 keymaster_key_blob_t key_blob;
229 keymaster_error_t error = keymaster1_dev->generate_key(keymaster1_dev, &param_set,
230 &key_blob,
231 NULL /* characteristics */);
232 if (error != KM_ERROR_OK) {
233 SLOGE("Failed to generate keymaster1 key, error %d", error);
234 rc = -1;
235 goto out;
236 }
237
238 key = (uint8_t*)key_blob.key_material;
239 key_size = key_blob.key_material_size;
240 }
241 else if (keymaster0_dev) {
242 keymaster_rsa_keygen_params_t params;
243 memset(&params, '\0', sizeof(params));
244 params.public_exponent = RSA_EXPONENT;
245 params.modulus_size = RSA_KEY_SIZE;
246
247 if (keymaster0_dev->generate_keypair(keymaster0_dev, TYPE_RSA, &params,
248 &key, &key_size)) {
249 SLOGE("Failed to generate keypair");
250 rc = -1;
251 goto out;
252 }
253 } else {
254 SLOGE("Cryptfs bug: keymaster_init succeeded but didn't initialize a device");
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700255 rc = -1;
256 goto out;
257 }
258
259 if (key_size > KEYMASTER_BLOB_SIZE) {
260 SLOGE("Keymaster key too large for crypto footer");
261 rc = -1;
262 goto out;
263 }
264
265 memcpy(ftr->keymaster_blob, key, key_size);
266 ftr->keymaster_blob_size = key_size;
267
268out:
Shawn Willdenda6e8992015-06-03 09:40:45 -0600269 if (keymaster0_dev)
270 keymaster0_close(keymaster0_dev);
271 if (keymaster1_dev)
272 keymaster1_close(keymaster1_dev);
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700273 free(key);
274 return rc;
275}
276
Shawn Willdene17a9c42014-09-08 13:04:08 -0600277/* This signs the given object using the keymaster key. */
278static int keymaster_sign_object(struct crypt_mnt_ftr *ftr,
Shawn Willden47ba10d2014-09-03 17:07:06 -0600279 const unsigned char *object,
280 const size_t object_size,
281 unsigned char **signature,
282 size_t *signature_size)
283{
284 int rc = 0;
Shawn Willdenda6e8992015-06-03 09:40:45 -0600285 keymaster0_device_t *keymaster0_dev = 0;
286 keymaster1_device_t *keymaster1_dev = 0;
287 if (keymaster_init(&keymaster0_dev, &keymaster1_dev)) {
Shawn Willden47ba10d2014-09-03 17:07:06 -0600288 SLOGE("Failed to init keymaster");
Shawn Willdenda6e8992015-06-03 09:40:45 -0600289 rc = -1;
290 goto out;
Shawn Willden47ba10d2014-09-03 17:07:06 -0600291 }
292
Shawn Willden47ba10d2014-09-03 17:07:06 -0600293 unsigned char to_sign[RSA_KEY_SIZE_BYTES];
Shawn Willdene17a9c42014-09-08 13:04:08 -0600294 size_t to_sign_size = sizeof(to_sign);
Shawn Willden47ba10d2014-09-03 17:07:06 -0600295 memset(to_sign, 0, RSA_KEY_SIZE_BYTES);
Shawn Willden47ba10d2014-09-03 17:07:06 -0600296
Shawn Willdene17a9c42014-09-08 13:04:08 -0600297 // To sign a message with RSA, the message must satisfy two
298 // constraints:
299 //
300 // 1. The message, when interpreted as a big-endian numeric value, must
301 // be strictly less than the public modulus of the RSA key. Note
302 // that because the most significant bit of the public modulus is
303 // guaranteed to be 1 (else it's an (n-1)-bit key, not an n-bit
304 // key), an n-bit message with most significant bit 0 always
305 // satisfies this requirement.
306 //
307 // 2. The message must have the same length in bits as the public
308 // modulus of the RSA key. This requirement isn't mathematically
309 // necessary, but is necessary to ensure consistency in
310 // implementations.
311 switch (ftr->kdf_type) {
Shawn Willdene17a9c42014-09-08 13:04:08 -0600312 case KDF_SCRYPT_KEYMASTER:
313 // This ensures the most significant byte of the signed message
314 // is zero. We could have zero-padded to the left instead, but
315 // this approach is slightly more robust against changes in
316 // object size. However, it's still broken (but not unusably
Shawn Willdenda6e8992015-06-03 09:40:45 -0600317 // so) because we really should be using a proper deterministic
318 // RSA padding function, such as PKCS1.
Shawn Willdene17a9c42014-09-08 13:04:08 -0600319 memcpy(to_sign + 1, object, min(RSA_KEY_SIZE_BYTES - 1, object_size));
320 SLOGI("Signing safely-padded object");
321 break;
322 default:
323 SLOGE("Unknown KDF type %d", ftr->kdf_type);
Shawn Willdenda6e8992015-06-03 09:40:45 -0600324 rc = -1;
325 goto out;
Shawn Willdene17a9c42014-09-08 13:04:08 -0600326 }
327
Shawn Willdenda6e8992015-06-03 09:40:45 -0600328 if (keymaster0_dev) {
329 keymaster_rsa_sign_params_t params;
330 params.digest_type = DIGEST_NONE;
331 params.padding_type = PADDING_NONE;
Shawn Willden47ba10d2014-09-03 17:07:06 -0600332
Shawn Willdenda6e8992015-06-03 09:40:45 -0600333 rc = keymaster0_dev->sign_data(keymaster0_dev,
334 &params,
335 ftr->keymaster_blob,
336 ftr->keymaster_blob_size,
337 to_sign,
338 to_sign_size,
339 signature,
340 signature_size);
341 goto out;
342 } else if (keymaster1_dev) {
343 keymaster_key_blob_t key = { ftr->keymaster_blob, ftr->keymaster_blob_size };
344 keymaster_key_param_t params[] = {
345 keymaster_param_enum(KM_TAG_PADDING, KM_PAD_NONE),
346 keymaster_param_enum(KM_TAG_DIGEST, KM_DIGEST_NONE),
347 };
348 keymaster_key_param_set_t param_set = { params, sizeof(params)/sizeof(*params) };
349 keymaster_operation_handle_t op_handle;
350 keymaster_error_t error = keymaster1_dev->begin(keymaster1_dev, KM_PURPOSE_SIGN, &key,
351 &param_set, NULL /* out_params */,
352 &op_handle);
353 if (error == KM_ERROR_VERIFICATION_FAILED) {
354 // Key usage has been rate-limited. Wait a bit and try again.
355 sleep(KEYMASTER_CRYPTFS_RATE_LIMIT);
356 error = keymaster1_dev->begin(keymaster1_dev, KM_PURPOSE_SIGN, &key,
357 &param_set, NULL /* out_params */,
358 &op_handle);
359 }
360 if (error != KM_ERROR_OK) {
361 SLOGE("Error starting keymaster signature transaction: %d", error);
362 rc = -1;
363 goto out;
364 }
365
366 keymaster_blob_t input = { to_sign, to_sign_size };
367 size_t input_consumed;
368 error = keymaster1_dev->update(keymaster1_dev, op_handle, NULL /* in_params */,
369 &input, &input_consumed, NULL /* out_params */,
370 NULL /* output */);
371 if (error != KM_ERROR_OK) {
372 SLOGE("Error sending data to keymaster signature transaction: %d", error);
373 rc = -1;
374 goto out;
375 }
376 if (input_consumed != to_sign_size) {
377 // This should never happen. If it does, it's a bug in the keymaster implementation.
378 SLOGE("Keymaster update() did not consume all data.");
379 keymaster1_dev->abort(keymaster1_dev, op_handle);
380 rc = -1;
381 goto out;
382 }
383
384 keymaster_blob_t tmp_sig;
385 error = keymaster1_dev->finish(keymaster1_dev, op_handle, NULL /* in_params */,
386 NULL /* verify signature */, NULL /* out_params */,
387 &tmp_sig);
388 if (error != KM_ERROR_OK) {
389 SLOGE("Error finishing keymaster signature transaction: %d", error);
390 rc = -1;
391 goto out;
392 }
393
394 *signature = (uint8_t*)tmp_sig.data;
395 *signature_size = tmp_sig.data_length;
396 } else {
397 SLOGE("Cryptfs bug: keymaster_init succeded but didn't initialize a device.");
398 rc = -1;
399 goto out;
400 }
401
402 out:
403 if (keymaster1_dev)
404 keymaster1_close(keymaster1_dev);
405 if (keymaster0_dev)
406 keymaster0_close(keymaster0_dev);
407
408 return rc;
Shawn Willden47ba10d2014-09-03 17:07:06 -0600409}
410
Paul Lawrence399317e2014-03-10 13:20:50 -0700411/* Store password when userdata is successfully decrypted and mounted.
412 * Cleared by cryptfs_clear_password
413 *
414 * To avoid a double prompt at boot, we need to store the CryptKeeper
415 * password and pass it to KeyGuard, which uses it to unlock KeyStore.
416 * Since the entire framework is torn down and rebuilt after encryption,
417 * we have to use a daemon or similar to store the password. Since vold
418 * is secured against IPC except from system processes, it seems a reasonable
419 * place to store this.
420 *
421 * password should be cleared once it has been used.
422 *
423 * password is aged out after password_max_age_seconds seconds.
Paul Lawrence684dbdf2014-02-07 12:07:22 -0800424 */
Paul Lawrence399317e2014-03-10 13:20:50 -0700425static char* password = 0;
426static int password_expiry_time = 0;
427static const int password_max_age_seconds = 60;
Paul Lawrence684dbdf2014-02-07 12:07:22 -0800428
Ken Sumrall56ad03c2013-02-13 13:00:19 -0800429extern struct fstab *fstab;
Ken Sumrall8ddbe402011-01-17 15:26:29 -0800430
Paul Lawrence87999172014-02-20 12:21:31 -0800431enum RebootType {reboot, recovery, shutdown};
432static void cryptfs_reboot(enum RebootType rt)
Ken Sumralladfba362013-06-04 16:37:52 -0700433{
Paul Lawrence87999172014-02-20 12:21:31 -0800434 switch(rt) {
435 case reboot:
436 property_set(ANDROID_RB_PROPERTY, "reboot");
437 break;
438
439 case recovery:
440 property_set(ANDROID_RB_PROPERTY, "reboot,recovery");
441 break;
442
443 case shutdown:
444 property_set(ANDROID_RB_PROPERTY, "shutdown");
445 break;
Ken Sumralladfba362013-06-04 16:37:52 -0700446 }
Paul Lawrence87999172014-02-20 12:21:31 -0800447
Ken Sumralladfba362013-06-04 16:37:52 -0700448 sleep(20);
449
450 /* Shouldn't get here, reboot should happen before sleep times out */
451 return;
452}
453
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800454static void ioctl_init(struct dm_ioctl *io, size_t dataSize, const char *name, unsigned flags)
455{
456 memset(io, 0, dataSize);
457 io->data_size = dataSize;
458 io->data_start = sizeof(struct dm_ioctl);
459 io->version[0] = 4;
460 io->version[1] = 0;
461 io->version[2] = 0;
462 io->flags = flags;
463 if (name) {
Marek Pola5e6b9142015-02-05 14:22:34 +0100464 strlcpy(io->name, name, sizeof(io->name));
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800465 }
466}
467
Kenny Rootc4c70f12013-06-14 12:11:38 -0700468/**
469 * Gets the default device scrypt parameters for key derivation time tuning.
470 * The parameters should lead to about one second derivation time for the
471 * given device.
472 */
473static void get_device_scrypt_params(struct crypt_mnt_ftr *ftr) {
474 const int default_params[] = SCRYPT_DEFAULTS;
475 int params[] = SCRYPT_DEFAULTS;
476 char paramstr[PROPERTY_VALUE_MAX];
477 char *token;
478 char *saveptr;
479 int i;
480
481 property_get(SCRYPT_PROP, paramstr, "");
482 if (paramstr[0] != '\0') {
483 /*
484 * The token we're looking for should be three integers separated by
485 * colons (e.g., "12:8:1"). Scan the property to make sure it matches.
486 */
Kenny Root2947e342013-08-14 15:54:49 -0700487 for (i = 0, token = strtok_r(paramstr, ":", &saveptr);
488 token != NULL && i < 3;
Kenny Rootc4c70f12013-06-14 12:11:38 -0700489 i++, token = strtok_r(NULL, ":", &saveptr)) {
490 char *endptr;
491 params[i] = strtol(token, &endptr, 10);
492
493 /*
494 * Check that there was a valid number and it's 8-bit. If not,
495 * break out and the end check will take the default values.
496 */
497 if ((*token == '\0') || (*endptr != '\0') || params[i] < 0 || params[i] > 255) {
498 break;
499 }
500 }
501
502 /*
503 * If there were not enough tokens or a token was malformed (not an
504 * integer), it will end up here and the default parameters can be
505 * taken.
506 */
507 if ((i != 3) || (token != NULL)) {
508 SLOGW("bad scrypt parameters '%s' should be like '12:8:1'; using defaults", paramstr);
509 memcpy(params, default_params, sizeof(params));
510 }
511 }
512
513 ftr->N_factor = params[0];
514 ftr->r_factor = params[1];
515 ftr->p_factor = params[2];
516}
517
Ken Sumrall3ed82362011-01-28 23:31:16 -0800518static unsigned int get_fs_size(char *dev)
519{
520 int fd, block_size;
521 struct ext4_super_block sb;
522 off64_t len;
523
Jeff Sharkeyce6a9132015-04-08 21:07:21 -0700524 if ((fd = open(dev, O_RDONLY|O_CLOEXEC)) < 0) {
Ken Sumrall3ed82362011-01-28 23:31:16 -0800525 SLOGE("Cannot open device to get filesystem size ");
526 return 0;
527 }
528
529 if (lseek64(fd, 1024, SEEK_SET) < 0) {
530 SLOGE("Cannot seek to superblock");
531 return 0;
532 }
533
534 if (read(fd, &sb, sizeof(sb)) != sizeof(sb)) {
535 SLOGE("Cannot read superblock");
536 return 0;
537 }
538
539 close(fd);
540
Daniel Rosenberge82df162014-08-15 22:19:23 +0000541 if (le32_to_cpu(sb.s_magic) != EXT4_SUPER_MAGIC) {
542 SLOGE("Not a valid ext4 superblock");
543 return 0;
544 }
Ken Sumrall3ed82362011-01-28 23:31:16 -0800545 block_size = 1024 << sb.s_log_block_size;
546 /* compute length in bytes */
547 len = ( ((off64_t)sb.s_blocks_count_hi << 32) + sb.s_blocks_count_lo) * block_size;
548
549 /* return length in sectors */
550 return (unsigned int) (len / 512);
551}
552
Ken Sumrall160b4d62013-04-22 12:15:39 -0700553static int get_crypt_ftr_info(char **metadata_fname, off64_t *off)
554{
555 static int cached_data = 0;
556 static off64_t cached_off = 0;
557 static char cached_metadata_fname[PROPERTY_VALUE_MAX] = "";
558 int fd;
559 char key_loc[PROPERTY_VALUE_MAX];
560 char real_blkdev[PROPERTY_VALUE_MAX];
Ken Sumrall160b4d62013-04-22 12:15:39 -0700561 int rc = -1;
562
563 if (!cached_data) {
564 fs_mgr_get_crypt_info(fstab, key_loc, real_blkdev, sizeof(key_loc));
565
566 if (!strcmp(key_loc, KEY_IN_FOOTER)) {
Jeff Sharkeyce6a9132015-04-08 21:07:21 -0700567 if ( (fd = open(real_blkdev, O_RDWR|O_CLOEXEC)) < 0) {
Ken Sumrall160b4d62013-04-22 12:15:39 -0700568 SLOGE("Cannot open real block device %s\n", real_blkdev);
569 return -1;
570 }
571
Hiroaki Miyazawa14eab552015-02-04 13:29:15 +0900572 unsigned long nr_sec = 0;
573 get_blkdev_size(fd, &nr_sec);
574 if (nr_sec != 0) {
Ken Sumrall160b4d62013-04-22 12:15:39 -0700575 /* If it's an encrypted Android partition, the last 16 Kbytes contain the
576 * encryption info footer and key, and plenty of bytes to spare for future
577 * growth.
578 */
579 strlcpy(cached_metadata_fname, real_blkdev, sizeof(cached_metadata_fname));
580 cached_off = ((off64_t)nr_sec * 512) - CRYPT_FOOTER_OFFSET;
581 cached_data = 1;
582 } else {
583 SLOGE("Cannot get size of block device %s\n", real_blkdev);
584 }
585 close(fd);
586 } else {
587 strlcpy(cached_metadata_fname, key_loc, sizeof(cached_metadata_fname));
588 cached_off = 0;
589 cached_data = 1;
590 }
591 }
592
593 if (cached_data) {
594 if (metadata_fname) {
595 *metadata_fname = cached_metadata_fname;
596 }
597 if (off) {
598 *off = cached_off;
599 }
600 rc = 0;
601 }
602
603 return rc;
604}
605
Ken Sumralle8744072011-01-18 22:01:55 -0800606/* key or salt can be NULL, in which case just skip writing that value. Useful to
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800607 * update the failed mount count but not change the key.
608 */
Ken Sumrall160b4d62013-04-22 12:15:39 -0700609static int put_crypt_ftr_and_key(struct crypt_mnt_ftr *crypt_ftr)
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800610{
611 int fd;
Tim Murray8439dc92014-12-15 11:56:11 -0800612 unsigned int cnt;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700613 /* starting_off is set to the SEEK_SET offset
614 * where the crypto structure starts
615 */
616 off64_t starting_off;
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800617 int rc = -1;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700618 char *fname = NULL;
Ken Sumrall3be890f2011-09-14 16:53:46 -0700619 struct stat statbuf;
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800620
Ken Sumrall160b4d62013-04-22 12:15:39 -0700621 if (get_crypt_ftr_info(&fname, &starting_off)) {
622 SLOGE("Unable to get crypt_ftr_info\n");
623 return -1;
624 }
625 if (fname[0] != '/') {
Ken Sumralle5032c42012-04-01 23:58:44 -0700626 SLOGE("Unexpected value for crypto key location\n");
Ken Sumrall160b4d62013-04-22 12:15:39 -0700627 return -1;
628 }
Jeff Sharkeyce6a9132015-04-08 21:07:21 -0700629 if ( (fd = open(fname, O_RDWR | O_CREAT|O_CLOEXEC, 0600)) < 0) {
Ken Sumralle550f782013-08-20 13:48:23 -0700630 SLOGE("Cannot open footer file %s for put\n", fname);
Ken Sumrall160b4d62013-04-22 12:15:39 -0700631 return -1;
632 }
633
634 /* Seek to the start of the crypt footer */
635 if (lseek64(fd, starting_off, SEEK_SET) == -1) {
636 SLOGE("Cannot seek to real block device footer\n");
637 goto errout;
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800638 }
639
640 if ((cnt = write(fd, crypt_ftr, sizeof(struct crypt_mnt_ftr))) != sizeof(struct crypt_mnt_ftr)) {
641 SLOGE("Cannot write real block device footer\n");
642 goto errout;
643 }
644
Ken Sumrall3be890f2011-09-14 16:53:46 -0700645 fstat(fd, &statbuf);
646 /* If the keys are kept on a raw block device, do not try to truncate it. */
Ken Sumralle550f782013-08-20 13:48:23 -0700647 if (S_ISREG(statbuf.st_mode)) {
Ken Sumrall29d8da82011-05-18 17:20:07 -0700648 if (ftruncate(fd, 0x4000)) {
Colin Cross59846b62014-02-06 20:34:29 -0800649 SLOGE("Cannot set footer file size\n");
Ken Sumralle8744072011-01-18 22:01:55 -0800650 goto errout;
651 }
652 }
653
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800654 /* Success! */
655 rc = 0;
656
657errout:
658 close(fd);
659 return rc;
660
661}
662
Ken Sumrall160b4d62013-04-22 12:15:39 -0700663static inline int unix_read(int fd, void* buff, int len)
664{
665 return TEMP_FAILURE_RETRY(read(fd, buff, len));
666}
667
668static inline int unix_write(int fd, const void* buff, int len)
669{
670 return TEMP_FAILURE_RETRY(write(fd, buff, len));
671}
672
673static void init_empty_persist_data(struct crypt_persist_data *pdata, int len)
674{
675 memset(pdata, 0, len);
676 pdata->persist_magic = PERSIST_DATA_MAGIC;
677 pdata->persist_valid_entries = 0;
678}
679
680/* A routine to update the passed in crypt_ftr to the lastest version.
681 * fd is open read/write on the device that holds the crypto footer and persistent
682 * data, crypt_ftr is a pointer to the struct to be updated, and offset is the
683 * absolute offset to the start of the crypt_mnt_ftr on the passed in fd.
684 */
685static void upgrade_crypt_ftr(int fd, struct crypt_mnt_ftr *crypt_ftr, off64_t offset)
686{
Kenny Root7434b312013-06-14 11:29:53 -0700687 int orig_major = crypt_ftr->major_version;
688 int orig_minor = crypt_ftr->minor_version;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700689
Kenny Root7434b312013-06-14 11:29:53 -0700690 if ((crypt_ftr->major_version == 1) && (crypt_ftr->minor_version == 0)) {
691 struct crypt_persist_data *pdata;
692 off64_t pdata_offset = offset + CRYPT_FOOTER_TO_PERSIST_OFFSET;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700693
Kenny Rootc4c70f12013-06-14 12:11:38 -0700694 SLOGW("upgrading crypto footer to 1.1");
695
Kenny Root7434b312013-06-14 11:29:53 -0700696 pdata = malloc(CRYPT_PERSIST_DATA_SIZE);
697 if (pdata == NULL) {
698 SLOGE("Cannot allocate persisent data\n");
699 return;
700 }
701 memset(pdata, 0, CRYPT_PERSIST_DATA_SIZE);
702
703 /* Need to initialize the persistent data area */
704 if (lseek64(fd, pdata_offset, SEEK_SET) == -1) {
705 SLOGE("Cannot seek to persisent data offset\n");
Henrik Baard91064632015-02-05 15:09:17 +0100706 free(pdata);
Kenny Root7434b312013-06-14 11:29:53 -0700707 return;
708 }
709 /* Write all zeros to the first copy, making it invalid */
710 unix_write(fd, pdata, CRYPT_PERSIST_DATA_SIZE);
711
712 /* Write a valid but empty structure to the second copy */
713 init_empty_persist_data(pdata, CRYPT_PERSIST_DATA_SIZE);
714 unix_write(fd, pdata, CRYPT_PERSIST_DATA_SIZE);
715
716 /* Update the footer */
717 crypt_ftr->persist_data_size = CRYPT_PERSIST_DATA_SIZE;
718 crypt_ftr->persist_data_offset[0] = pdata_offset;
719 crypt_ftr->persist_data_offset[1] = pdata_offset + CRYPT_PERSIST_DATA_SIZE;
720 crypt_ftr->minor_version = 1;
Henrik Baard91064632015-02-05 15:09:17 +0100721 free(pdata);
Ken Sumrall160b4d62013-04-22 12:15:39 -0700722 }
723
Paul Lawrencef4faa572014-01-29 13:31:03 -0800724 if ((crypt_ftr->major_version == 1) && (crypt_ftr->minor_version == 1)) {
Kenny Rootc4c70f12013-06-14 12:11:38 -0700725 SLOGW("upgrading crypto footer to 1.2");
JP Abgrall7bdfa522013-11-15 13:42:56 -0800726 /* But keep the old kdf_type.
727 * It will get updated later to KDF_SCRYPT after the password has been verified.
728 */
Kenny Rootc4c70f12013-06-14 12:11:38 -0700729 crypt_ftr->kdf_type = KDF_PBKDF2;
730 get_device_scrypt_params(crypt_ftr);
731 crypt_ftr->minor_version = 2;
732 }
733
Paul Lawrencef4faa572014-01-29 13:31:03 -0800734 if ((crypt_ftr->major_version == 1) && (crypt_ftr->minor_version == 2)) {
735 SLOGW("upgrading crypto footer to 1.3");
736 crypt_ftr->crypt_type = CRYPT_TYPE_PASSWORD;
737 crypt_ftr->minor_version = 3;
738 }
739
Kenny Root7434b312013-06-14 11:29:53 -0700740 if ((orig_major != crypt_ftr->major_version) || (orig_minor != crypt_ftr->minor_version)) {
741 if (lseek64(fd, offset, SEEK_SET) == -1) {
742 SLOGE("Cannot seek to crypt footer\n");
743 return;
744 }
745 unix_write(fd, crypt_ftr, sizeof(struct crypt_mnt_ftr));
Ken Sumrall160b4d62013-04-22 12:15:39 -0700746 }
Ken Sumrall160b4d62013-04-22 12:15:39 -0700747}
748
749
750static int get_crypt_ftr_and_key(struct crypt_mnt_ftr *crypt_ftr)
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800751{
752 int fd;
Tim Murray8439dc92014-12-15 11:56:11 -0800753 unsigned int cnt;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700754 off64_t starting_off;
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800755 int rc = -1;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700756 char *fname = NULL;
Ken Sumrall29d8da82011-05-18 17:20:07 -0700757 struct stat statbuf;
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800758
Ken Sumrall160b4d62013-04-22 12:15:39 -0700759 if (get_crypt_ftr_info(&fname, &starting_off)) {
760 SLOGE("Unable to get crypt_ftr_info\n");
761 return -1;
762 }
763 if (fname[0] != '/') {
Ken Sumralle5032c42012-04-01 23:58:44 -0700764 SLOGE("Unexpected value for crypto key location\n");
Ken Sumrall160b4d62013-04-22 12:15:39 -0700765 return -1;
766 }
Jeff Sharkeyce6a9132015-04-08 21:07:21 -0700767 if ( (fd = open(fname, O_RDWR|O_CLOEXEC)) < 0) {
Ken Sumralle550f782013-08-20 13:48:23 -0700768 SLOGE("Cannot open footer file %s for get\n", fname);
Ken Sumrall160b4d62013-04-22 12:15:39 -0700769 return -1;
770 }
771
772 /* Make sure it's 16 Kbytes in length */
773 fstat(fd, &statbuf);
774 if (S_ISREG(statbuf.st_mode) && (statbuf.st_size != 0x4000)) {
775 SLOGE("footer file %s is not the expected size!\n", fname);
776 goto errout;
777 }
778
779 /* Seek to the start of the crypt footer */
780 if (lseek64(fd, starting_off, SEEK_SET) == -1) {
781 SLOGE("Cannot seek to real block device footer\n");
782 goto errout;
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800783 }
784
785 if ( (cnt = read(fd, crypt_ftr, sizeof(struct crypt_mnt_ftr))) != sizeof(struct crypt_mnt_ftr)) {
786 SLOGE("Cannot read real block device footer\n");
787 goto errout;
788 }
789
790 if (crypt_ftr->magic != CRYPT_MNT_MAGIC) {
Ken Sumrall29d8da82011-05-18 17:20:07 -0700791 SLOGE("Bad magic for real block device %s\n", fname);
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800792 goto errout;
793 }
794
Kenny Rootc96a5f82013-06-14 12:08:28 -0700795 if (crypt_ftr->major_version != CURRENT_MAJOR_VERSION) {
796 SLOGE("Cannot understand major version %d real block device footer; expected %d\n",
797 crypt_ftr->major_version, CURRENT_MAJOR_VERSION);
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800798 goto errout;
799 }
800
Kenny Rootc96a5f82013-06-14 12:08:28 -0700801 if (crypt_ftr->minor_version > CURRENT_MINOR_VERSION) {
802 SLOGW("Warning: crypto footer minor version %d, expected <= %d, continuing...\n",
803 crypt_ftr->minor_version, CURRENT_MINOR_VERSION);
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800804 }
805
Ken Sumrall160b4d62013-04-22 12:15:39 -0700806 /* If this is a verion 1.0 crypt_ftr, make it a 1.1 crypt footer, and update the
807 * copy on disk before returning.
808 */
Kenny Rootc96a5f82013-06-14 12:08:28 -0700809 if (crypt_ftr->minor_version < CURRENT_MINOR_VERSION) {
Ken Sumrall160b4d62013-04-22 12:15:39 -0700810 upgrade_crypt_ftr(fd, crypt_ftr, starting_off);
Ken Sumralle8744072011-01-18 22:01:55 -0800811 }
812
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800813 /* Success! */
814 rc = 0;
815
816errout:
817 close(fd);
818 return rc;
819}
820
Ken Sumrall160b4d62013-04-22 12:15:39 -0700821static int validate_persistent_data_storage(struct crypt_mnt_ftr *crypt_ftr)
822{
823 if (crypt_ftr->persist_data_offset[0] + crypt_ftr->persist_data_size >
824 crypt_ftr->persist_data_offset[1]) {
825 SLOGE("Crypt_ftr persist data regions overlap");
826 return -1;
827 }
828
829 if (crypt_ftr->persist_data_offset[0] >= crypt_ftr->persist_data_offset[1]) {
830 SLOGE("Crypt_ftr persist data region 0 starts after region 1");
831 return -1;
832 }
833
834 if (((crypt_ftr->persist_data_offset[1] + crypt_ftr->persist_data_size) -
835 (crypt_ftr->persist_data_offset[0] - CRYPT_FOOTER_TO_PERSIST_OFFSET)) >
836 CRYPT_FOOTER_OFFSET) {
837 SLOGE("Persistent data extends past crypto footer");
838 return -1;
839 }
840
841 return 0;
842}
843
844static int load_persistent_data(void)
845{
846 struct crypt_mnt_ftr crypt_ftr;
847 struct crypt_persist_data *pdata = NULL;
848 char encrypted_state[PROPERTY_VALUE_MAX];
849 char *fname;
850 int found = 0;
851 int fd;
852 int ret;
853 int i;
854
855 if (persist_data) {
856 /* Nothing to do, we've already loaded or initialized it */
857 return 0;
858 }
859
860
861 /* If not encrypted, just allocate an empty table and initialize it */
862 property_get("ro.crypto.state", encrypted_state, "");
863 if (strcmp(encrypted_state, "encrypted") ) {
864 pdata = malloc(CRYPT_PERSIST_DATA_SIZE);
865 if (pdata) {
866 init_empty_persist_data(pdata, CRYPT_PERSIST_DATA_SIZE);
867 persist_data = pdata;
868 return 0;
869 }
870 return -1;
871 }
872
873 if(get_crypt_ftr_and_key(&crypt_ftr)) {
874 return -1;
875 }
876
Paul Lawrence8561b5c2014-03-17 14:10:51 -0700877 if ((crypt_ftr.major_version < 1)
878 || (crypt_ftr.major_version == 1 && crypt_ftr.minor_version < 1)) {
Ken Sumrall160b4d62013-04-22 12:15:39 -0700879 SLOGE("Crypt_ftr version doesn't support persistent data");
880 return -1;
881 }
882
883 if (get_crypt_ftr_info(&fname, NULL)) {
884 return -1;
885 }
886
887 ret = validate_persistent_data_storage(&crypt_ftr);
888 if (ret) {
889 return -1;
890 }
891
Jeff Sharkeyce6a9132015-04-08 21:07:21 -0700892 fd = open(fname, O_RDONLY|O_CLOEXEC);
Ken Sumrall160b4d62013-04-22 12:15:39 -0700893 if (fd < 0) {
894 SLOGE("Cannot open %s metadata file", fname);
895 return -1;
896 }
897
898 if (persist_data == NULL) {
899 pdata = malloc(crypt_ftr.persist_data_size);
900 if (pdata == NULL) {
901 SLOGE("Cannot allocate memory for persistent data");
902 goto err;
903 }
904 }
905
906 for (i = 0; i < 2; i++) {
907 if (lseek64(fd, crypt_ftr.persist_data_offset[i], SEEK_SET) < 0) {
908 SLOGE("Cannot seek to read persistent data on %s", fname);
909 goto err2;
910 }
911 if (unix_read(fd, pdata, crypt_ftr.persist_data_size) < 0){
912 SLOGE("Error reading persistent data on iteration %d", i);
913 goto err2;
914 }
915 if (pdata->persist_magic == PERSIST_DATA_MAGIC) {
916 found = 1;
917 break;
918 }
919 }
920
921 if (!found) {
922 SLOGI("Could not find valid persistent data, creating");
923 init_empty_persist_data(pdata, crypt_ftr.persist_data_size);
924 }
925
926 /* Success */
927 persist_data = pdata;
928 close(fd);
929 return 0;
930
931err2:
932 free(pdata);
933
934err:
935 close(fd);
936 return -1;
937}
938
939static int save_persistent_data(void)
940{
941 struct crypt_mnt_ftr crypt_ftr;
942 struct crypt_persist_data *pdata;
943 char *fname;
944 off64_t write_offset;
945 off64_t erase_offset;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700946 int fd;
947 int ret;
948
949 if (persist_data == NULL) {
950 SLOGE("No persistent data to save");
951 return -1;
952 }
953
954 if(get_crypt_ftr_and_key(&crypt_ftr)) {
955 return -1;
956 }
957
Paul Lawrence8561b5c2014-03-17 14:10:51 -0700958 if ((crypt_ftr.major_version < 1)
959 || (crypt_ftr.major_version == 1 && crypt_ftr.minor_version < 1)) {
Ken Sumrall160b4d62013-04-22 12:15:39 -0700960 SLOGE("Crypt_ftr version doesn't support persistent data");
961 return -1;
962 }
963
964 ret = validate_persistent_data_storage(&crypt_ftr);
965 if (ret) {
966 return -1;
967 }
968
969 if (get_crypt_ftr_info(&fname, NULL)) {
970 return -1;
971 }
972
Jeff Sharkeyce6a9132015-04-08 21:07:21 -0700973 fd = open(fname, O_RDWR|O_CLOEXEC);
Ken Sumrall160b4d62013-04-22 12:15:39 -0700974 if (fd < 0) {
975 SLOGE("Cannot open %s metadata file", fname);
976 return -1;
977 }
978
979 pdata = malloc(crypt_ftr.persist_data_size);
980 if (pdata == NULL) {
981 SLOGE("Cannot allocate persistant data");
982 goto err;
983 }
984
985 if (lseek64(fd, crypt_ftr.persist_data_offset[0], SEEK_SET) < 0) {
986 SLOGE("Cannot seek to read persistent data on %s", fname);
987 goto err2;
988 }
989
990 if (unix_read(fd, pdata, crypt_ftr.persist_data_size) < 0) {
991 SLOGE("Error reading persistent data before save");
992 goto err2;
993 }
994
995 if (pdata->persist_magic == PERSIST_DATA_MAGIC) {
996 /* The first copy is the curent valid copy, so write to
997 * the second copy and erase this one */
998 write_offset = crypt_ftr.persist_data_offset[1];
999 erase_offset = crypt_ftr.persist_data_offset[0];
1000 } else {
1001 /* The second copy must be the valid copy, so write to
1002 * the first copy, and erase the second */
1003 write_offset = crypt_ftr.persist_data_offset[0];
1004 erase_offset = crypt_ftr.persist_data_offset[1];
1005 }
1006
1007 /* Write the new copy first, if successful, then erase the old copy */
Björn Landström96dbee72015-01-20 12:43:56 +01001008 if (lseek64(fd, write_offset, SEEK_SET) < 0) {
Ken Sumrall160b4d62013-04-22 12:15:39 -07001009 SLOGE("Cannot seek to write persistent data");
1010 goto err2;
1011 }
1012 if (unix_write(fd, persist_data, crypt_ftr.persist_data_size) ==
1013 (int) crypt_ftr.persist_data_size) {
Björn Landström96dbee72015-01-20 12:43:56 +01001014 if (lseek64(fd, erase_offset, SEEK_SET) < 0) {
Ken Sumrall160b4d62013-04-22 12:15:39 -07001015 SLOGE("Cannot seek to erase previous persistent data");
1016 goto err2;
1017 }
1018 fsync(fd);
1019 memset(pdata, 0, crypt_ftr.persist_data_size);
1020 if (unix_write(fd, pdata, crypt_ftr.persist_data_size) !=
1021 (int) crypt_ftr.persist_data_size) {
1022 SLOGE("Cannot write to erase previous persistent data");
1023 goto err2;
1024 }
1025 fsync(fd);
1026 } else {
1027 SLOGE("Cannot write to save persistent data");
1028 goto err2;
1029 }
1030
1031 /* Success */
1032 free(pdata);
1033 close(fd);
1034 return 0;
1035
1036err2:
1037 free(pdata);
1038err:
1039 close(fd);
1040 return -1;
1041}
1042
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001043/* Convert a binary key of specified length into an ascii hex string equivalent,
1044 * without the leading 0x and with null termination
1045 */
Jeff Sharkey9c484982015-03-31 10:35:33 -07001046static void convert_key_to_hex_ascii(const unsigned char *master_key,
Paul Lawrence3bd36d52015-06-09 13:37:44 -07001047 unsigned int keysize, char *master_key_ascii) {
1048 unsigned int i, a;
1049 unsigned char nibble;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001050
Paul Lawrence3bd36d52015-06-09 13:37:44 -07001051 for (i=0, a=0; i<keysize; i++, a+=2) {
1052 /* For each byte, write out two ascii hex digits */
1053 nibble = (master_key[i] >> 4) & 0xf;
1054 master_key_ascii[a] = nibble + (nibble > 9 ? 0x37 : 0x30);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001055
Paul Lawrence3bd36d52015-06-09 13:37:44 -07001056 nibble = master_key[i] & 0xf;
1057 master_key_ascii[a+1] = nibble + (nibble > 9 ? 0x37 : 0x30);
1058 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001059
Paul Lawrence3bd36d52015-06-09 13:37:44 -07001060 /* Add the null termination */
1061 master_key_ascii[a] = '\0';
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001062
1063}
1064
Jeff Sharkey9c484982015-03-31 10:35:33 -07001065static int load_crypto_mapping_table(struct crypt_mnt_ftr *crypt_ftr,
1066 const unsigned char *master_key, const char *real_blk_name,
1067 const char *name, int fd, const char *extra_params) {
Dan Albertc07fa3f2014-12-18 10:00:55 -08001068 _Alignas(struct dm_ioctl) char buffer[DM_CRYPT_BUF_SIZE];
Ken Sumralldb5e0262013-02-05 17:39:48 -08001069 struct dm_ioctl *io;
1070 struct dm_target_spec *tgt;
1071 char *crypt_params;
1072 char master_key_ascii[129]; /* Large enough to hold 512 bit key and null */
1073 int i;
1074
1075 io = (struct dm_ioctl *) buffer;
1076
1077 /* Load the mapping table for this device */
1078 tgt = (struct dm_target_spec *) &buffer[sizeof(struct dm_ioctl)];
1079
1080 ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
1081 io->target_count = 1;
1082 tgt->status = 0;
1083 tgt->sector_start = 0;
1084 tgt->length = crypt_ftr->fs_size;
Ajay Dudani87701e22014-09-17 21:02:52 -07001085#ifdef CONFIG_HW_DISK_ENCRYPTION
Iliyan Malchevbb7d9af2014-11-20 18:42:23 -08001086 if (!strcmp((char *)crypt_ftr->crypto_type_name, "aes-xts")) {
1087 strlcpy(tgt->target_type, "req-crypt", DM_MAX_TYPE_NAME);
1088 }
1089 else {
1090 strlcpy(tgt->target_type, "crypt", DM_MAX_TYPE_NAME);
1091 }
Ajay Dudani87701e22014-09-17 21:02:52 -07001092#else
1093 strlcpy(tgt->target_type, "crypt", DM_MAX_TYPE_NAME);
1094#endif
Ken Sumralldb5e0262013-02-05 17:39:48 -08001095
1096 crypt_params = buffer + sizeof(struct dm_ioctl) + sizeof(struct dm_target_spec);
1097 convert_key_to_hex_ascii(master_key, crypt_ftr->keysize, master_key_ascii);
1098 sprintf(crypt_params, "%s %s 0 %s 0 %s", crypt_ftr->crypto_type_name,
1099 master_key_ascii, real_blk_name, extra_params);
1100 crypt_params += strlen(crypt_params) + 1;
1101 crypt_params = (char *) (((unsigned long)crypt_params + 7) & ~8); /* Align to an 8 byte boundary */
1102 tgt->next = crypt_params - buffer;
1103
1104 for (i = 0; i < TABLE_LOAD_RETRIES; i++) {
1105 if (! ioctl(fd, DM_TABLE_LOAD, io)) {
1106 break;
1107 }
1108 usleep(500000);
1109 }
1110
1111 if (i == TABLE_LOAD_RETRIES) {
1112 /* We failed to load the table, return an error */
1113 return -1;
1114 } else {
1115 return i + 1;
1116 }
1117}
1118
1119
1120static int get_dm_crypt_version(int fd, const char *name, int *version)
1121{
1122 char buffer[DM_CRYPT_BUF_SIZE];
1123 struct dm_ioctl *io;
1124 struct dm_target_versions *v;
Ken Sumralldb5e0262013-02-05 17:39:48 -08001125
1126 io = (struct dm_ioctl *) buffer;
1127
1128 ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
1129
1130 if (ioctl(fd, DM_LIST_VERSIONS, io)) {
1131 return -1;
1132 }
1133
1134 /* Iterate over the returned versions, looking for name of "crypt".
1135 * When found, get and return the version.
1136 */
1137 v = (struct dm_target_versions *) &buffer[sizeof(struct dm_ioctl)];
1138 while (v->next) {
Ajay Dudani87701e22014-09-17 21:02:52 -07001139#ifdef CONFIG_HW_DISK_ENCRYPTION
Iliyan Malchevbb7d9af2014-11-20 18:42:23 -08001140 if (! strcmp(v->name, "crypt") || ! strcmp(v->name, "req-crypt")) {
Ajay Dudani87701e22014-09-17 21:02:52 -07001141#else
Ken Sumralldb5e0262013-02-05 17:39:48 -08001142 if (! strcmp(v->name, "crypt")) {
Ajay Dudani87701e22014-09-17 21:02:52 -07001143#endif
Ken Sumralldb5e0262013-02-05 17:39:48 -08001144 /* We found the crypt driver, return the version, and get out */
1145 version[0] = v->version[0];
1146 version[1] = v->version[1];
1147 version[2] = v->version[2];
1148 return 0;
1149 }
1150 v = (struct dm_target_versions *)(((char *)v) + v->next);
1151 }
1152
1153 return -1;
1154}
1155
Jeff Sharkey9c484982015-03-31 10:35:33 -07001156static int create_crypto_blk_dev(struct crypt_mnt_ftr *crypt_ftr,
1157 const unsigned char *master_key, const char *real_blk_name,
1158 char *crypto_blk_name, const char *name) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001159 char buffer[DM_CRYPT_BUF_SIZE];
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001160 struct dm_ioctl *io;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001161 unsigned int minor;
Ajay Dudani87701e22014-09-17 21:02:52 -07001162 int fd=0;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001163 int retval = -1;
Ken Sumralldb5e0262013-02-05 17:39:48 -08001164 int version[3];
1165 char *extra_params;
1166 int load_count;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001167
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07001168 if ((fd = open("/dev/device-mapper", O_RDWR|O_CLOEXEC)) < 0 ) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001169 SLOGE("Cannot open device-mapper\n");
1170 goto errout;
1171 }
1172
1173 io = (struct dm_ioctl *) buffer;
1174
1175 ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
1176 if (ioctl(fd, DM_DEV_CREATE, io)) {
1177 SLOGE("Cannot create dm-crypt device\n");
1178 goto errout;
1179 }
1180
1181 /* Get the device status, in particular, the name of it's device file */
1182 ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
1183 if (ioctl(fd, DM_DEV_STATUS, io)) {
1184 SLOGE("Cannot retrieve dm-crypt device status\n");
1185 goto errout;
1186 }
1187 minor = (io->dev & 0xff) | ((io->dev >> 12) & 0xfff00);
1188 snprintf(crypto_blk_name, MAXPATHLEN, "/dev/block/dm-%u", minor);
1189
Ken Sumralldb5e0262013-02-05 17:39:48 -08001190 extra_params = "";
1191 if (! get_dm_crypt_version(fd, name, version)) {
1192 /* Support for allow_discards was added in version 1.11.0 */
1193 if ((version[0] >= 2) ||
1194 ((version[0] == 1) && (version[1] >= 11))) {
1195 extra_params = "1 allow_discards";
1196 SLOGI("Enabling support for allow_discards in dmcrypt.\n");
1197 }
Ken Sumralle919efe2012-09-29 17:07:41 -07001198 }
1199
Ken Sumralldb5e0262013-02-05 17:39:48 -08001200 load_count = load_crypto_mapping_table(crypt_ftr, master_key, real_blk_name, name,
1201 fd, extra_params);
1202 if (load_count < 0) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001203 SLOGE("Cannot load dm-crypt mapping table.\n");
1204 goto errout;
Ken Sumralldb5e0262013-02-05 17:39:48 -08001205 } else if (load_count > 1) {
1206 SLOGI("Took %d tries to load dmcrypt table.\n", load_count);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001207 }
1208
1209 /* Resume this device to activate it */
Ken Sumralldb5e0262013-02-05 17:39:48 -08001210 ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001211
1212 if (ioctl(fd, DM_DEV_SUSPEND, io)) {
1213 SLOGE("Cannot resume the dm-crypt device\n");
1214 goto errout;
1215 }
1216
1217 /* We made it here with no errors. Woot! */
1218 retval = 0;
1219
1220errout:
1221 close(fd); /* If fd is <0 from a failed open call, it's safe to just ignore the close error */
1222
1223 return retval;
1224}
1225
Ken Sumrall29d8da82011-05-18 17:20:07 -07001226static int delete_crypto_blk_dev(char *name)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001227{
1228 int fd;
1229 char buffer[DM_CRYPT_BUF_SIZE];
1230 struct dm_ioctl *io;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001231 int retval = -1;
1232
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07001233 if ((fd = open("/dev/device-mapper", O_RDWR|O_CLOEXEC)) < 0 ) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001234 SLOGE("Cannot open device-mapper\n");
1235 goto errout;
1236 }
1237
1238 io = (struct dm_ioctl *) buffer;
1239
1240 ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
1241 if (ioctl(fd, DM_DEV_REMOVE, io)) {
1242 SLOGE("Cannot remove dm-crypt device\n");
1243 goto errout;
1244 }
1245
1246 /* We made it here with no errors. Woot! */
1247 retval = 0;
1248
1249errout:
1250 close(fd); /* If fd is <0 from a failed open call, it's safe to just ignore the close error */
1251
1252 return retval;
1253
1254}
1255
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001256static int pbkdf2(const char *passwd, const unsigned char *salt,
Paul Lawrencef4faa572014-01-29 13:31:03 -08001257 unsigned char *ikey, void *params UNUSED)
1258{
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001259 SLOGI("Using pbkdf2 for cryptfs KDF");
1260
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001261 /* Turn the password into a key and IV that can decrypt the master key */
Paul Lawrence3bd36d52015-06-09 13:37:44 -07001262 PKCS5_PBKDF2_HMAC_SHA1(passwd, strlen(passwd),
1263 salt, SALT_LEN,
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001264 HASH_COUNT, KEY_LEN_BYTES+IV_LEN_BYTES, ikey);
Paul Lawrencef4faa572014-01-29 13:31:03 -08001265
Paul Lawrencef4faa572014-01-29 13:31:03 -08001266 return 0;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001267}
1268
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001269static int scrypt(const char *passwd, const unsigned char *salt,
Paul Lawrencef4faa572014-01-29 13:31:03 -08001270 unsigned char *ikey, void *params)
1271{
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001272 SLOGI("Using scrypt for cryptfs KDF");
1273
Kenny Rootc4c70f12013-06-14 12:11:38 -07001274 struct crypt_mnt_ftr *ftr = (struct crypt_mnt_ftr *) params;
1275
1276 int N = 1 << ftr->N_factor;
1277 int r = 1 << ftr->r_factor;
1278 int p = 1 << ftr->p_factor;
1279
1280 /* Turn the password into a key and IV that can decrypt the master key */
Paul Lawrencef4faa572014-01-29 13:31:03 -08001281 unsigned int keysize;
Paul Lawrence3bd36d52015-06-09 13:37:44 -07001282 crypto_scrypt((const uint8_t*)passwd, strlen(passwd),
1283 salt, SALT_LEN, N, r, p, ikey,
1284 KEY_LEN_BYTES + IV_LEN_BYTES);
Paul Lawrencef4faa572014-01-29 13:31:03 -08001285
Paul Lawrence3bd36d52015-06-09 13:37:44 -07001286 return 0;
Kenny Rootc4c70f12013-06-14 12:11:38 -07001287}
1288
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001289static int scrypt_keymaster(const char *passwd, const unsigned char *salt,
1290 unsigned char *ikey, void *params)
1291{
1292 SLOGI("Using scrypt with keymaster for cryptfs KDF");
1293
1294 int rc;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001295 size_t signature_size;
1296 unsigned char* signature;
1297 struct crypt_mnt_ftr *ftr = (struct crypt_mnt_ftr *) params;
1298
1299 int N = 1 << ftr->N_factor;
1300 int r = 1 << ftr->r_factor;
1301 int p = 1 << ftr->p_factor;
1302
Paul Lawrence3bd36d52015-06-09 13:37:44 -07001303 rc = crypto_scrypt((const uint8_t*)passwd, strlen(passwd),
1304 salt, SALT_LEN, N, r, p, ikey,
1305 KEY_LEN_BYTES + IV_LEN_BYTES);
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001306
1307 if (rc) {
1308 SLOGE("scrypt failed");
1309 return -1;
1310 }
1311
Shawn Willdene17a9c42014-09-08 13:04:08 -06001312 if (keymaster_sign_object(ftr, ikey, KEY_LEN_BYTES + IV_LEN_BYTES,
1313 &signature, &signature_size)) {
1314 SLOGE("Signing failed");
1315 return -1;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001316 }
1317
1318 rc = crypto_scrypt(signature, signature_size, salt, SALT_LEN,
1319 N, r, p, ikey, KEY_LEN_BYTES + IV_LEN_BYTES);
1320 free(signature);
1321
1322 if (rc) {
1323 SLOGE("scrypt failed");
1324 return -1;
1325 }
1326
1327 return 0;
1328}
1329
1330static int encrypt_master_key(const char *passwd, const unsigned char *salt,
1331 const unsigned char *decrypted_master_key,
Kenny Rootc4c70f12013-06-14 12:11:38 -07001332 unsigned char *encrypted_master_key,
1333 struct crypt_mnt_ftr *crypt_ftr)
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001334{
1335 unsigned char ikey[32+32] = { 0 }; /* Big enough to hold a 256 bit key and 256 bit IV */
1336 EVP_CIPHER_CTX e_ctx;
1337 int encrypted_len, final_len;
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001338 int rc = 0;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001339
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001340 /* Turn the password into an intermediate key and IV that can decrypt the master key */
Kenny Rootc4c70f12013-06-14 12:11:38 -07001341 get_device_scrypt_params(crypt_ftr);
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001342
1343 switch (crypt_ftr->kdf_type) {
1344 case KDF_SCRYPT_KEYMASTER:
1345 if (keymaster_create_key(crypt_ftr)) {
1346 SLOGE("keymaster_create_key failed");
1347 return -1;
1348 }
1349
1350 if (scrypt_keymaster(passwd, salt, ikey, crypt_ftr)) {
1351 SLOGE("scrypt failed");
1352 return -1;
1353 }
1354 break;
1355
1356 case KDF_SCRYPT:
1357 if (scrypt(passwd, salt, ikey, crypt_ftr)) {
1358 SLOGE("scrypt failed");
1359 return -1;
1360 }
1361 break;
1362
1363 default:
1364 SLOGE("Invalid kdf_type");
Paul Lawrencef4faa572014-01-29 13:31:03 -08001365 return -1;
1366 }
Kenny Rootc4c70f12013-06-14 12:11:38 -07001367
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001368 /* Initialize the decryption engine */
Adam Langley889c4f12014-09-03 14:23:13 -07001369 EVP_CIPHER_CTX_init(&e_ctx);
1370 if (! EVP_EncryptInit_ex(&e_ctx, EVP_aes_128_cbc(), NULL, ikey, ikey+KEY_LEN_BYTES)) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001371 SLOGE("EVP_EncryptInit failed\n");
1372 return -1;
1373 }
1374 EVP_CIPHER_CTX_set_padding(&e_ctx, 0); /* Turn off padding as our data is block aligned */
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001375
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001376 /* Encrypt the master key */
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001377 if (! EVP_EncryptUpdate(&e_ctx, encrypted_master_key, &encrypted_len,
Paul Lawrence731a7a22015-04-28 22:14:15 +00001378 decrypted_master_key, KEY_LEN_BYTES)) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001379 SLOGE("EVP_EncryptUpdate failed\n");
1380 return -1;
1381 }
Adam Langley889c4f12014-09-03 14:23:13 -07001382 if (! EVP_EncryptFinal_ex(&e_ctx, encrypted_master_key + encrypted_len, &final_len)) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001383 SLOGE("EVP_EncryptFinal failed\n");
1384 return -1;
1385 }
1386
1387 if (encrypted_len + final_len != KEY_LEN_BYTES) {
1388 SLOGE("EVP_Encryption length check failed with %d, %d bytes\n", encrypted_len, final_len);
1389 return -1;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001390 }
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001391
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001392 /* Store the scrypt of the intermediate key, so we can validate if it's a
1393 password error or mount error when things go wrong.
1394 Note there's no need to check for errors, since if this is incorrect, we
1395 simply won't wipe userdata, which is the correct default behavior
1396 */
1397 int N = 1 << crypt_ftr->N_factor;
1398 int r = 1 << crypt_ftr->r_factor;
1399 int p = 1 << crypt_ftr->p_factor;
1400
1401 rc = crypto_scrypt(ikey, KEY_LEN_BYTES,
1402 crypt_ftr->salt, sizeof(crypt_ftr->salt), N, r, p,
1403 crypt_ftr->scrypted_intermediate_key,
1404 sizeof(crypt_ftr->scrypted_intermediate_key));
1405
1406 if (rc) {
1407 SLOGE("encrypt_master_key: crypto_scrypt failed");
1408 }
1409
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001410 return 0;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001411}
1412
Paul Lawrence731a7a22015-04-28 22:14:15 +00001413static int decrypt_master_key_aux(const char *passwd, unsigned char *salt,
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001414 unsigned char *encrypted_master_key,
1415 unsigned char *decrypted_master_key,
1416 kdf_func kdf, void *kdf_params,
1417 unsigned char** intermediate_key,
1418 size_t* intermediate_key_size)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001419{
1420 unsigned char ikey[32+32] = { 0 }; /* Big enough to hold a 256 bit key and 256 bit IV */
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001421 EVP_CIPHER_CTX d_ctx;
1422 int decrypted_len, final_len;
1423
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001424 /* Turn the password into an intermediate key and IV that can decrypt the
1425 master key */
Paul Lawrencef4faa572014-01-29 13:31:03 -08001426 if (kdf(passwd, salt, ikey, kdf_params)) {
1427 SLOGE("kdf failed");
1428 return -1;
1429 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001430
1431 /* Initialize the decryption engine */
Adam Langley889c4f12014-09-03 14:23:13 -07001432 EVP_CIPHER_CTX_init(&d_ctx);
1433 if (! EVP_DecryptInit_ex(&d_ctx, EVP_aes_128_cbc(), NULL, ikey, ikey+KEY_LEN_BYTES)) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001434 return -1;
1435 }
1436 EVP_CIPHER_CTX_set_padding(&d_ctx, 0); /* Turn off padding as our data is block aligned */
1437 /* Decrypt the master key */
1438 if (! EVP_DecryptUpdate(&d_ctx, decrypted_master_key, &decrypted_len,
1439 encrypted_master_key, KEY_LEN_BYTES)) {
1440 return -1;
1441 }
Adam Langley889c4f12014-09-03 14:23:13 -07001442 if (! EVP_DecryptFinal_ex(&d_ctx, decrypted_master_key + decrypted_len, &final_len)) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001443 return -1;
1444 }
1445
1446 if (decrypted_len + final_len != KEY_LEN_BYTES) {
1447 return -1;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001448 }
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001449
1450 /* Copy intermediate key if needed by params */
1451 if (intermediate_key && intermediate_key_size) {
1452 *intermediate_key = (unsigned char*) malloc(KEY_LEN_BYTES);
1453 if (intermediate_key) {
1454 memcpy(*intermediate_key, ikey, KEY_LEN_BYTES);
1455 *intermediate_key_size = KEY_LEN_BYTES;
1456 }
1457 }
1458
1459 return 0;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001460}
1461
Kenny Rootc4c70f12013-06-14 12:11:38 -07001462static void get_kdf_func(struct crypt_mnt_ftr *ftr, kdf_func *kdf, void** kdf_params)
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001463{
Paul Lawrencedb3730c2015-02-03 13:08:10 -08001464 if (ftr->kdf_type == KDF_SCRYPT_KEYMASTER) {
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001465 *kdf = scrypt_keymaster;
1466 *kdf_params = ftr;
1467 } else if (ftr->kdf_type == KDF_SCRYPT) {
Kenny Rootc4c70f12013-06-14 12:11:38 -07001468 *kdf = scrypt;
1469 *kdf_params = ftr;
1470 } else {
1471 *kdf = pbkdf2;
1472 *kdf_params = NULL;
1473 }
1474}
1475
Paul Lawrence731a7a22015-04-28 22:14:15 +00001476static int decrypt_master_key(const char *passwd, unsigned char *decrypted_master_key,
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001477 struct crypt_mnt_ftr *crypt_ftr,
1478 unsigned char** intermediate_key,
1479 size_t* intermediate_key_size)
Kenny Rootc4c70f12013-06-14 12:11:38 -07001480{
1481 kdf_func kdf;
1482 void *kdf_params;
1483 int ret;
1484
1485 get_kdf_func(crypt_ftr, &kdf, &kdf_params);
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001486 ret = decrypt_master_key_aux(passwd, crypt_ftr->salt, crypt_ftr->master_key,
1487 decrypted_master_key, kdf, kdf_params,
1488 intermediate_key, intermediate_key_size);
Kenny Rootc4c70f12013-06-14 12:11:38 -07001489 if (ret != 0) {
1490 SLOGW("failure decrypting master key");
Kenny Rootc4c70f12013-06-14 12:11:38 -07001491 }
1492
1493 return ret;
1494}
1495
1496static int create_encrypted_random_key(char *passwd, unsigned char *master_key, unsigned char *salt,
1497 struct crypt_mnt_ftr *crypt_ftr) {
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001498 int fd;
Ken Sumralle8744072011-01-18 22:01:55 -08001499 unsigned char key_buf[KEY_LEN_BYTES];
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001500
1501 /* Get some random bits for a key */
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07001502 fd = open("/dev/urandom", O_RDONLY|O_CLOEXEC);
Ken Sumralle8744072011-01-18 22:01:55 -08001503 read(fd, key_buf, sizeof(key_buf));
1504 read(fd, salt, SALT_LEN);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001505 close(fd);
1506
1507 /* Now encrypt it with the password */
Kenny Rootc4c70f12013-06-14 12:11:38 -07001508 return encrypt_master_key(passwd, salt, key_buf, master_key, crypt_ftr);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001509}
1510
Paul Lawrence2f32cda2015-05-05 14:28:25 -07001511int wait_and_unmount(const char *mountpoint, bool kill)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001512{
Greg Hackmann955653e2014-09-24 14:55:20 -07001513 int i, err, rc;
Ken Sumrall2eaf7132011-01-14 12:45:48 -08001514#define WAIT_UNMOUNT_COUNT 20
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001515
1516 /* Now umount the tmpfs filesystem */
1517 for (i=0; i<WAIT_UNMOUNT_COUNT; i++) {
Greg Hackmann6e8440f2014-10-02 17:18:20 -07001518 if (umount(mountpoint) == 0) {
1519 break;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001520 }
Greg Hackmann6e8440f2014-10-02 17:18:20 -07001521
1522 if (errno == EINVAL) {
1523 /* EINVAL is returned if the directory is not a mountpoint,
1524 * i.e. there is no filesystem mounted there. So just get out.
1525 */
1526 break;
1527 }
1528
1529 err = errno;
1530
1531 /* If allowed, be increasingly aggressive before the last two retries */
1532 if (kill) {
1533 if (i == (WAIT_UNMOUNT_COUNT - 3)) {
1534 SLOGW("sending SIGHUP to processes with open files\n");
Jeff Sharkey36801cc2015-03-13 16:09:20 -07001535 vold_killProcessesWithOpenFiles(mountpoint, SIGTERM);
Greg Hackmann6e8440f2014-10-02 17:18:20 -07001536 } else if (i == (WAIT_UNMOUNT_COUNT - 2)) {
1537 SLOGW("sending SIGKILL to processes with open files\n");
Jeff Sharkey36801cc2015-03-13 16:09:20 -07001538 vold_killProcessesWithOpenFiles(mountpoint, SIGKILL);
Greg Hackmann6e8440f2014-10-02 17:18:20 -07001539 }
1540 }
1541
1542 sleep(1);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001543 }
1544
1545 if (i < WAIT_UNMOUNT_COUNT) {
1546 SLOGD("unmounting %s succeeded\n", mountpoint);
1547 rc = 0;
1548 } else {
jessica_yu3f14fe42014-09-22 15:57:40 +08001549 vold_killProcessesWithOpenFiles(mountpoint, 0);
Greg Hackmann955653e2014-09-24 14:55:20 -07001550 SLOGE("unmounting %s failed: %s\n", mountpoint, strerror(err));
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001551 rc = -1;
1552 }
1553
1554 return rc;
1555}
1556
Paul Lawrenceb1ef4662015-06-11 11:15:29 -07001557#define DATA_PREP_TIMEOUT 1000
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001558static int prep_data_fs(void)
1559{
1560 int i;
1561
1562 /* Do the prep of the /data filesystem */
1563 property_set("vold.post_fs_data_done", "0");
1564 property_set("vold.decrypt", "trigger_post_fs_data");
1565 SLOGD("Just triggered post_fs_data\n");
1566
Ken Sumrallc5872692013-05-14 15:26:31 -07001567 /* Wait a max of 50 seconds, hopefully it takes much less */
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001568 for (i=0; i<DATA_PREP_TIMEOUT; i++) {
Ken Sumrall29d8da82011-05-18 17:20:07 -07001569 char p[PROPERTY_VALUE_MAX];
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001570
1571 property_get("vold.post_fs_data_done", p, "0");
1572 if (*p == '1') {
1573 break;
1574 } else {
Paul Lawrenceb1ef4662015-06-11 11:15:29 -07001575 usleep(50000);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001576 }
1577 }
1578 if (i == DATA_PREP_TIMEOUT) {
1579 /* Ugh, we failed to prep /data in time. Bail. */
Ken Sumrallc5872692013-05-14 15:26:31 -07001580 SLOGE("post_fs_data timed out!\n");
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001581 return -1;
1582 } else {
1583 SLOGD("post_fs_data done\n");
1584 return 0;
1585 }
1586}
1587
Paul Lawrence74f29f12014-08-28 15:54:10 -07001588static void cryptfs_set_corrupt()
1589{
1590 // Mark the footer as bad
1591 struct crypt_mnt_ftr crypt_ftr;
1592 if (get_crypt_ftr_and_key(&crypt_ftr)) {
1593 SLOGE("Failed to get crypto footer - panic");
1594 return;
1595 }
1596
1597 crypt_ftr.flags |= CRYPT_DATA_CORRUPT;
1598 if (put_crypt_ftr_and_key(&crypt_ftr)) {
1599 SLOGE("Failed to set crypto footer - panic");
1600 return;
1601 }
1602}
1603
1604static void cryptfs_trigger_restart_min_framework()
1605{
1606 if (fs_mgr_do_tmpfs_mount(DATA_MNT_POINT)) {
1607 SLOGE("Failed to mount tmpfs on data - panic");
1608 return;
1609 }
1610
1611 if (property_set("vold.decrypt", "trigger_post_fs_data")) {
1612 SLOGE("Failed to trigger post fs data - panic");
1613 return;
1614 }
1615
1616 if (property_set("vold.decrypt", "trigger_restart_min_framework")) {
1617 SLOGE("Failed to trigger restart min framework - panic");
1618 return;
1619 }
1620}
1621
Paul Lawrence8e3f4512014-09-08 10:11:17 -07001622/* returns < 0 on failure */
Paul Lawrencef4faa572014-01-29 13:31:03 -08001623static int cryptfs_restart_internal(int restart_main)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001624{
Ken Sumrall6864b7e2011-01-14 15:20:02 -08001625 char crypto_blkdev[MAXPATHLEN];
Tim Murray8439dc92014-12-15 11:56:11 -08001626 int rc = -1;
Ken Sumrall0cc16632011-01-18 20:32:26 -08001627 static int restart_successful = 0;
1628
1629 /* Validate that it's OK to call this routine */
Jason parks70a4b3f2011-01-28 10:10:47 -06001630 if (! master_key_saved) {
Ken Sumrall0cc16632011-01-18 20:32:26 -08001631 SLOGE("Encrypted filesystem not validated, aborting");
1632 return -1;
1633 }
1634
1635 if (restart_successful) {
1636 SLOGE("System already restarted with encrypted disk, aborting");
1637 return -1;
1638 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001639
Paul Lawrencef4faa572014-01-29 13:31:03 -08001640 if (restart_main) {
1641 /* Here is where we shut down the framework. The init scripts
1642 * start all services in one of three classes: core, main or late_start.
1643 * On boot, we start core and main. Now, we stop main, but not core,
1644 * as core includes vold and a few other really important things that
1645 * we need to keep running. Once main has stopped, we should be able
1646 * to umount the tmpfs /data, then mount the encrypted /data.
1647 * We then restart the class main, and also the class late_start.
1648 * At the moment, I've only put a few things in late_start that I know
1649 * are not needed to bring up the framework, and that also cause problems
1650 * with unmounting the tmpfs /data, but I hope to add add more services
1651 * to the late_start class as we optimize this to decrease the delay
1652 * till the user is asked for the password to the filesystem.
1653 */
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001654
Paul Lawrencef4faa572014-01-29 13:31:03 -08001655 /* The init files are setup to stop the class main when vold.decrypt is
1656 * set to trigger_reset_main.
1657 */
1658 property_set("vold.decrypt", "trigger_reset_main");
1659 SLOGD("Just asked init to shut down class main\n");
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001660
Paul Lawrencef4faa572014-01-29 13:31:03 -08001661 /* Ugh, shutting down the framework is not synchronous, so until it
1662 * can be fixed, this horrible hack will wait a moment for it all to
1663 * shut down before proceeding. Without it, some devices cannot
1664 * restart the graphics services.
1665 */
1666 sleep(2);
1667 }
Ken Sumrall9dedfd42012-10-09 14:16:59 -07001668
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001669 /* Now that the framework is shutdown, we should be able to umount()
1670 * the tmpfs filesystem, and mount the real one.
1671 */
1672
Ken Sumrall6864b7e2011-01-14 15:20:02 -08001673 property_get("ro.crypto.fs_crypto_blkdev", crypto_blkdev, "");
1674 if (strlen(crypto_blkdev) == 0) {
1675 SLOGE("fs_crypto_blkdev not set\n");
1676 return -1;
1677 }
1678
Greg Hackmann6e8440f2014-10-02 17:18:20 -07001679 if (! (rc = wait_and_unmount(DATA_MNT_POINT, true)) ) {
Doug Zongker6fd57712013-12-17 09:43:23 -08001680 /* If ro.crypto.readonly is set to 1, mount the decrypted
1681 * filesystem readonly. This is used when /data is mounted by
1682 * recovery mode.
1683 */
1684 char ro_prop[PROPERTY_VALUE_MAX];
1685 property_get("ro.crypto.readonly", ro_prop, "");
1686 if (strlen(ro_prop) > 0 && atoi(ro_prop)) {
1687 struct fstab_rec* rec = fs_mgr_get_entry_for_mount_point(fstab, DATA_MNT_POINT);
1688 rec->flags |= MS_RDONLY;
1689 }
JP Abgrall62c7af32014-06-16 13:01:23 -07001690
Ken Sumralle5032c42012-04-01 23:58:44 -07001691 /* If that succeeded, then mount the decrypted filesystem */
Paul Lawrence8e3f4512014-09-08 10:11:17 -07001692 int retries = RETRY_MOUNT_ATTEMPTS;
1693 int mount_rc;
1694 while ((mount_rc = fs_mgr_do_mount(fstab, DATA_MNT_POINT,
1695 crypto_blkdev, 0))
1696 != 0) {
1697 if (mount_rc == FS_MGR_DOMNT_BUSY) {
1698 /* TODO: invoke something similar to
1699 Process::killProcessWithOpenFiles(DATA_MNT_POINT,
1700 retries > RETRY_MOUNT_ATTEMPT/2 ? 1 : 2 ) */
1701 SLOGI("Failed to mount %s because it is busy - waiting",
1702 crypto_blkdev);
1703 if (--retries) {
1704 sleep(RETRY_MOUNT_DELAY_SECONDS);
1705 } else {
1706 /* Let's hope that a reboot clears away whatever is keeping
1707 the mount busy */
1708 cryptfs_reboot(reboot);
1709 }
1710 } else {
1711 SLOGE("Failed to mount decrypted data");
1712 cryptfs_set_corrupt();
1713 cryptfs_trigger_restart_min_framework();
1714 SLOGI("Started framework to offer wipe");
1715 return -1;
1716 }
Paul Lawrence74f29f12014-08-28 15:54:10 -07001717 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001718
Ken Sumralle5032c42012-04-01 23:58:44 -07001719 property_set("vold.decrypt", "trigger_load_persist_props");
1720 /* Create necessary paths on /data */
1721 if (prep_data_fs()) {
1722 return -1;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001723 }
Ken Sumralle5032c42012-04-01 23:58:44 -07001724
1725 /* startup service classes main and late_start */
1726 property_set("vold.decrypt", "trigger_restart_framework");
1727 SLOGD("Just triggered restart_framework\n");
1728
1729 /* Give it a few moments to get started */
1730 sleep(1);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001731 }
1732
Ken Sumrall0cc16632011-01-18 20:32:26 -08001733 if (rc == 0) {
1734 restart_successful = 1;
1735 }
1736
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001737 return rc;
1738}
1739
Paul Lawrencef4faa572014-01-29 13:31:03 -08001740int cryptfs_restart(void)
1741{
Paul Lawrence05335c32015-03-05 09:46:23 -08001742 SLOGI("cryptfs_restart");
1743 if (e4crypt_crypto_complete(DATA_MNT_POINT) == 0) {
1744 struct fstab_rec* rec;
1745 int rc;
1746
1747 if (e4crypt_restart(DATA_MNT_POINT)) {
1748 SLOGE("Can't unmount e4crypt temp volume\n");
1749 return -1;
1750 }
1751
1752 rec = fs_mgr_get_entry_for_mount_point(fstab, DATA_MNT_POINT);
1753 if (!rec) {
1754 SLOGE("Can't get fstab record for %s\n", DATA_MNT_POINT);
1755 return -1;
1756 }
1757
1758 rc = fs_mgr_do_mount(fstab, DATA_MNT_POINT, rec->blk_device, 0);
1759 if (rc) {
1760 SLOGE("Can't mount %s\n", DATA_MNT_POINT);
1761 return rc;
1762 }
1763
1764 property_set("vold.decrypt", "trigger_restart_framework");
1765 return 0;
1766 }
1767
Paul Lawrencef4faa572014-01-29 13:31:03 -08001768 /* Call internal implementation forcing a restart of main service group */
1769 return cryptfs_restart_internal(1);
1770}
1771
Paul Lawrence05335c32015-03-05 09:46:23 -08001772static int do_crypto_complete(char *mount_point)
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08001773{
1774 struct crypt_mnt_ftr crypt_ftr;
Ken Sumrall29d8da82011-05-18 17:20:07 -07001775 char encrypted_state[PROPERTY_VALUE_MAX];
Ken Sumralle1a45852011-12-14 21:24:27 -08001776 char key_loc[PROPERTY_VALUE_MAX];
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08001777
1778 property_get("ro.crypto.state", encrypted_state, "");
1779 if (strcmp(encrypted_state, "encrypted") ) {
1780 SLOGE("not running with encryption, aborting");
Paul Lawrence74f29f12014-08-28 15:54:10 -07001781 return CRYPTO_COMPLETE_NOT_ENCRYPTED;
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08001782 }
1783
Paul Lawrence05335c32015-03-05 09:46:23 -08001784 if (e4crypt_crypto_complete(mount_point) == 0) {
1785 return CRYPTO_COMPLETE_ENCRYPTED;
1786 }
1787
Ken Sumrall160b4d62013-04-22 12:15:39 -07001788 if (get_crypt_ftr_and_key(&crypt_ftr)) {
Ken Sumrall56ad03c2013-02-13 13:00:19 -08001789 fs_mgr_get_crypt_info(fstab, key_loc, 0, sizeof(key_loc));
Ken Sumralle5032c42012-04-01 23:58:44 -07001790
Ken Sumralle1a45852011-12-14 21:24:27 -08001791 /*
1792 * Only report this error if key_loc is a file and it exists.
1793 * If the device was never encrypted, and /data is not mountable for
1794 * some reason, returning 1 should prevent the UI from presenting the
1795 * a "enter password" screen, or worse, a "press button to wipe the
1796 * device" screen.
1797 */
1798 if ((key_loc[0] == '/') && (access("key_loc", F_OK) == -1)) {
1799 SLOGE("master key file does not exist, aborting");
Paul Lawrence74f29f12014-08-28 15:54:10 -07001800 return CRYPTO_COMPLETE_NOT_ENCRYPTED;
Ken Sumralle1a45852011-12-14 21:24:27 -08001801 } else {
1802 SLOGE("Error getting crypt footer and key\n");
Paul Lawrence74f29f12014-08-28 15:54:10 -07001803 return CRYPTO_COMPLETE_BAD_METADATA;
Ken Sumralle1a45852011-12-14 21:24:27 -08001804 }
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08001805 }
1806
Paul Lawrence74f29f12014-08-28 15:54:10 -07001807 // Test for possible error flags
1808 if (crypt_ftr.flags & CRYPT_ENCRYPTION_IN_PROGRESS){
1809 SLOGE("Encryption process is partway completed\n");
1810 return CRYPTO_COMPLETE_PARTIAL;
1811 }
1812
1813 if (crypt_ftr.flags & CRYPT_INCONSISTENT_STATE){
1814 SLOGE("Encryption process was interrupted but cannot continue\n");
1815 return CRYPTO_COMPLETE_INCONSISTENT;
1816 }
1817
1818 if (crypt_ftr.flags & CRYPT_DATA_CORRUPT){
1819 SLOGE("Encryption is successful but data is corrupt\n");
1820 return CRYPTO_COMPLETE_CORRUPT;
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08001821 }
1822
1823 /* We passed the test! We shall diminish, and return to the west */
Paul Lawrence74f29f12014-08-28 15:54:10 -07001824 return CRYPTO_COMPLETE_ENCRYPTED;
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08001825}
1826
Paul Lawrencef4faa572014-01-29 13:31:03 -08001827static int test_mount_encrypted_fs(struct crypt_mnt_ftr* crypt_ftr,
1828 char *passwd, char *mount_point, char *label)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001829{
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001830 /* Allocate enough space for a 256 bit key, but we may use less */
Ken Sumrall160b4d62013-04-22 12:15:39 -07001831 unsigned char decrypted_master_key[32];
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001832 char crypto_blkdev[MAXPATHLEN];
1833 char real_blkdev[MAXPATHLEN];
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001834 char tmp_mount_point[64];
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001835 unsigned int orig_failed_decrypt_count;
1836 int rc;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001837 int use_keymaster = 0;
1838 int upgrade = 0;
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001839 unsigned char* intermediate_key = 0;
1840 size_t intermediate_key_size = 0;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001841
Paul Lawrencef4faa572014-01-29 13:31:03 -08001842 SLOGD("crypt_ftr->fs_size = %lld\n", crypt_ftr->fs_size);
1843 orig_failed_decrypt_count = crypt_ftr->failed_decrypt_count;
Ken Sumrall0cc16632011-01-18 20:32:26 -08001844
Paul Lawrencef4faa572014-01-29 13:31:03 -08001845 if (! (crypt_ftr->flags & CRYPT_MNT_KEY_UNENCRYPTED) ) {
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001846 if (decrypt_master_key(passwd, decrypted_master_key, crypt_ftr,
1847 &intermediate_key, &intermediate_key_size)) {
JP Abgrall7bdfa522013-11-15 13:42:56 -08001848 SLOGE("Failed to decrypt master key\n");
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001849 rc = -1;
1850 goto errout;
JP Abgrall7bdfa522013-11-15 13:42:56 -08001851 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001852 }
1853
Paul Lawrencef4faa572014-01-29 13:31:03 -08001854 fs_mgr_get_crypt_info(fstab, 0, real_blkdev, sizeof(real_blkdev));
1855
Ajay Dudani87701e22014-09-17 21:02:52 -07001856#ifdef CONFIG_HW_DISK_ENCRYPTION
Iliyan Malchevbb7d9af2014-11-20 18:42:23 -08001857 if (!strcmp((char *)crypt_ftr->crypto_type_name, "aes-xts")) {
1858 if(!set_hw_device_encryption_key(passwd, (char*) crypt_ftr->crypto_type_name)) {
1859 SLOGE("Hardware encryption key does not match");
1860 }
Ajay Dudani87701e22014-09-17 21:02:52 -07001861 }
1862#endif
1863
Paul Lawrence74f29f12014-08-28 15:54:10 -07001864 // Create crypto block device - all (non fatal) code paths
1865 // need it
Paul Lawrencef4faa572014-01-29 13:31:03 -08001866 if (create_crypto_blk_dev(crypt_ftr, decrypted_master_key,
1867 real_blkdev, crypto_blkdev, label)) {
Paul Lawrence74f29f12014-08-28 15:54:10 -07001868 SLOGE("Error creating decrypted block device\n");
1869 rc = -1;
1870 goto errout;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001871 }
1872
Paul Lawrence74f29f12014-08-28 15:54:10 -07001873 /* Work out if the problem is the password or the data */
1874 unsigned char scrypted_intermediate_key[sizeof(crypt_ftr->
1875 scrypted_intermediate_key)];
1876 int N = 1 << crypt_ftr->N_factor;
1877 int r = 1 << crypt_ftr->r_factor;
1878 int p = 1 << crypt_ftr->p_factor;
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001879
Paul Lawrence74f29f12014-08-28 15:54:10 -07001880 rc = crypto_scrypt(intermediate_key, intermediate_key_size,
1881 crypt_ftr->salt, sizeof(crypt_ftr->salt),
1882 N, r, p, scrypted_intermediate_key,
1883 sizeof(scrypted_intermediate_key));
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001884
Paul Lawrence74f29f12014-08-28 15:54:10 -07001885 // Does the key match the crypto footer?
1886 if (rc == 0 && memcmp(scrypted_intermediate_key,
1887 crypt_ftr->scrypted_intermediate_key,
1888 sizeof(scrypted_intermediate_key)) == 0) {
1889 SLOGI("Password matches");
1890 rc = 0;
1891 } else {
1892 /* Try mounting the file system anyway, just in case the problem's with
1893 * the footer, not the key. */
1894 sprintf(tmp_mount_point, "%s/tmp_mnt", mount_point);
1895 mkdir(tmp_mount_point, 0755);
1896 if (fs_mgr_do_mount(fstab, DATA_MNT_POINT, crypto_blkdev, tmp_mount_point)) {
1897 SLOGE("Error temp mounting decrypted block device\n");
1898 delete_crypto_blk_dev(label);
1899
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001900 rc = ++crypt_ftr->failed_decrypt_count;
1901 put_crypt_ftr_and_key(crypt_ftr);
Paul Lawrence74f29f12014-08-28 15:54:10 -07001902 } else {
1903 /* Success! */
1904 SLOGI("Password did not match but decrypted drive mounted - continue");
1905 umount(tmp_mount_point);
1906 rc = 0;
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001907 }
Paul Lawrence74f29f12014-08-28 15:54:10 -07001908 }
1909
1910 if (rc == 0) {
1911 crypt_ftr->failed_decrypt_count = 0;
Paul Lawrence72b8b822014-10-05 12:57:37 -07001912 if (orig_failed_decrypt_count != 0) {
1913 put_crypt_ftr_and_key(crypt_ftr);
1914 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001915
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001916 /* Save the name of the crypto block device
Paul Lawrence74f29f12014-08-28 15:54:10 -07001917 * so we can mount it when restarting the framework. */
Ken Sumrall6864b7e2011-01-14 15:20:02 -08001918 property_set("ro.crypto.fs_crypto_blkdev", crypto_blkdev);
Jason parks70a4b3f2011-01-28 10:10:47 -06001919
1920 /* Also save a the master key so we can reencrypted the key
Paul Lawrence74f29f12014-08-28 15:54:10 -07001921 * the key when we want to change the password on it. */
Jason parks70a4b3f2011-01-28 10:10:47 -06001922 memcpy(saved_master_key, decrypted_master_key, KEY_LEN_BYTES);
Ken Sumrall3ad90722011-10-04 20:38:29 -07001923 saved_mount_point = strdup(mount_point);
Jason parks70a4b3f2011-01-28 10:10:47 -06001924 master_key_saved = 1;
JP Abgrall7bdfa522013-11-15 13:42:56 -08001925 SLOGD("%s(): Master key saved\n", __FUNCTION__);
Ken Sumrall6864b7e2011-01-14 15:20:02 -08001926 rc = 0;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001927
Paul Lawrence74f29f12014-08-28 15:54:10 -07001928 // Upgrade if we're not using the latest KDF.
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001929 use_keymaster = keymaster_check_compatibility();
1930 if (crypt_ftr->kdf_type == KDF_SCRYPT_KEYMASTER) {
Shawn Willden47ba10d2014-09-03 17:07:06 -06001931 // Don't allow downgrade
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001932 } else if (use_keymaster == 1 && crypt_ftr->kdf_type != KDF_SCRYPT_KEYMASTER) {
1933 crypt_ftr->kdf_type = KDF_SCRYPT_KEYMASTER;
1934 upgrade = 1;
1935 } else if (use_keymaster == 0 && crypt_ftr->kdf_type != KDF_SCRYPT) {
Paul Lawrencef4faa572014-01-29 13:31:03 -08001936 crypt_ftr->kdf_type = KDF_SCRYPT;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001937 upgrade = 1;
1938 }
1939
1940 if (upgrade) {
Paul Lawrencef4faa572014-01-29 13:31:03 -08001941 rc = encrypt_master_key(passwd, crypt_ftr->salt, saved_master_key,
1942 crypt_ftr->master_key, crypt_ftr);
JP Abgrall7bdfa522013-11-15 13:42:56 -08001943 if (!rc) {
Paul Lawrencef4faa572014-01-29 13:31:03 -08001944 rc = put_crypt_ftr_and_key(crypt_ftr);
JP Abgrall7bdfa522013-11-15 13:42:56 -08001945 }
1946 SLOGD("Key Derivation Function upgrade: rc=%d\n", rc);
Paul Lawrenceb2f682b2014-09-08 11:28:19 -07001947
1948 // Do not fail even if upgrade failed - machine is bootable
1949 // Note that if this code is ever hit, there is a *serious* problem
1950 // since KDFs should never fail. You *must* fix the kdf before
1951 // proceeding!
1952 if (rc) {
1953 SLOGW("Upgrade failed with error %d,"
1954 " but continuing with previous state",
1955 rc);
1956 rc = 0;
1957 }
JP Abgrall7bdfa522013-11-15 13:42:56 -08001958 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001959 }
1960
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001961 errout:
1962 if (intermediate_key) {
1963 memset(intermediate_key, 0, intermediate_key_size);
1964 free(intermediate_key);
1965 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001966 return rc;
1967}
1968
Ken Sumrall29d8da82011-05-18 17:20:07 -07001969/*
Jeff Sharkey9c484982015-03-31 10:35:33 -07001970 * Called by vold when it's asked to mount an encrypted external
1971 * storage volume. The incoming partition has no crypto header/footer,
1972 * as any metadata is been stored in a separate, small partition.
1973 *
1974 * out_crypto_blkdev must be MAXPATHLEN.
Ken Sumrall29d8da82011-05-18 17:20:07 -07001975 */
Jeff Sharkey9c484982015-03-31 10:35:33 -07001976int cryptfs_setup_ext_volume(const char* label, const char* real_blkdev,
1977 const unsigned char* key, int keysize, char* out_crypto_blkdev) {
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07001978 int fd = open(real_blkdev, O_RDONLY|O_CLOEXEC);
Hiroaki Miyazawa14eab552015-02-04 13:29:15 +09001979 if (fd == -1) {
Jeff Sharkey9c484982015-03-31 10:35:33 -07001980 SLOGE("Failed to open %s: %s", real_blkdev, strerror(errno));
Hiroaki Miyazawa14eab552015-02-04 13:29:15 +09001981 return -1;
1982 }
1983
1984 unsigned long nr_sec = 0;
1985 get_blkdev_size(fd, &nr_sec);
Ken Sumrall29d8da82011-05-18 17:20:07 -07001986 close(fd);
Hiroaki Miyazawa14eab552015-02-04 13:29:15 +09001987
Ken Sumrall29d8da82011-05-18 17:20:07 -07001988 if (nr_sec == 0) {
Jeff Sharkey9c484982015-03-31 10:35:33 -07001989 SLOGE("Failed to get size of %s: %s", real_blkdev, strerror(errno));
Ken Sumrall29d8da82011-05-18 17:20:07 -07001990 return -1;
1991 }
1992
Jeff Sharkey9c484982015-03-31 10:35:33 -07001993 struct crypt_mnt_ftr ext_crypt_ftr;
1994 memset(&ext_crypt_ftr, 0, sizeof(ext_crypt_ftr));
1995 ext_crypt_ftr.fs_size = nr_sec;
1996 ext_crypt_ftr.keysize = keysize;
1997 strcpy((char*) ext_crypt_ftr.crypto_type_name, "aes-cbc-essiv:sha256");
Ken Sumrall29d8da82011-05-18 17:20:07 -07001998
Jeff Sharkey9c484982015-03-31 10:35:33 -07001999 return create_crypto_blk_dev(&ext_crypt_ftr, key, real_blkdev,
2000 out_crypto_blkdev, label);
2001}
Ken Sumrall29d8da82011-05-18 17:20:07 -07002002
Jeff Sharkey9c484982015-03-31 10:35:33 -07002003/*
2004 * Called by vold when it's asked to unmount an encrypted external
2005 * storage volume.
2006 */
2007int cryptfs_revert_ext_volume(const char* label) {
2008 return delete_crypto_blk_dev((char*) label);
Ken Sumrall29d8da82011-05-18 17:20:07 -07002009}
2010
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08002011int cryptfs_crypto_complete(void)
2012{
2013 return do_crypto_complete("/data");
2014}
2015
Paul Lawrencef4faa572014-01-29 13:31:03 -08002016int check_unmounted_and_get_ftr(struct crypt_mnt_ftr* crypt_ftr)
2017{
2018 char encrypted_state[PROPERTY_VALUE_MAX];
2019 property_get("ro.crypto.state", encrypted_state, "");
2020 if ( master_key_saved || strcmp(encrypted_state, "encrypted") ) {
2021 SLOGE("encrypted fs already validated or not running with encryption,"
2022 " aborting");
2023 return -1;
2024 }
2025
2026 if (get_crypt_ftr_and_key(crypt_ftr)) {
2027 SLOGE("Error getting crypt footer and key");
2028 return -1;
2029 }
2030
2031 return 0;
2032}
2033
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002034int cryptfs_check_passwd(char *passwd)
2035{
Paul Lawrence05335c32015-03-05 09:46:23 -08002036 SLOGI("cryptfs_check_passwd");
2037 if (e4crypt_crypto_complete(DATA_MNT_POINT) == 0) {
2038 return e4crypt_check_passwd(DATA_MNT_POINT, passwd);
2039 }
2040
Paul Lawrencef4faa572014-01-29 13:31:03 -08002041 struct crypt_mnt_ftr crypt_ftr;
2042 int rc;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002043
Paul Lawrencef4faa572014-01-29 13:31:03 -08002044 rc = check_unmounted_and_get_ftr(&crypt_ftr);
2045 if (rc)
2046 return rc;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002047
Paul Lawrence3bd36d52015-06-09 13:37:44 -07002048 rc = test_mount_encrypted_fs(&crypt_ftr, passwd,
2049 DATA_MNT_POINT, "userdata");
Paul Lawrence684dbdf2014-02-07 12:07:22 -08002050
2051 if (rc == 0 && crypt_ftr.crypt_type != CRYPT_TYPE_DEFAULT) {
Paul Lawrence399317e2014-03-10 13:20:50 -07002052 cryptfs_clear_password();
2053 password = strdup(passwd);
2054 struct timespec now;
2055 clock_gettime(CLOCK_BOOTTIME, &now);
2056 password_expiry_time = now.tv_sec + password_max_age_seconds;
Paul Lawrence684dbdf2014-02-07 12:07:22 -08002057 }
2058
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002059 return rc;
2060}
2061
Ken Sumrall3ad90722011-10-04 20:38:29 -07002062int cryptfs_verify_passwd(char *passwd)
2063{
2064 struct crypt_mnt_ftr crypt_ftr;
2065 /* Allocate enough space for a 256 bit key, but we may use less */
Ken Sumrall160b4d62013-04-22 12:15:39 -07002066 unsigned char decrypted_master_key[32];
Ken Sumrall3ad90722011-10-04 20:38:29 -07002067 char encrypted_state[PROPERTY_VALUE_MAX];
2068 int rc;
2069
2070 property_get("ro.crypto.state", encrypted_state, "");
2071 if (strcmp(encrypted_state, "encrypted") ) {
2072 SLOGE("device not encrypted, aborting");
2073 return -2;
2074 }
2075
2076 if (!master_key_saved) {
2077 SLOGE("encrypted fs not yet mounted, aborting");
2078 return -1;
2079 }
2080
2081 if (!saved_mount_point) {
2082 SLOGE("encrypted fs failed to save mount point, aborting");
2083 return -1;
2084 }
2085
Ken Sumrall160b4d62013-04-22 12:15:39 -07002086 if (get_crypt_ftr_and_key(&crypt_ftr)) {
Ken Sumrall3ad90722011-10-04 20:38:29 -07002087 SLOGE("Error getting crypt footer and key\n");
2088 return -1;
2089 }
2090
2091 if (crypt_ftr.flags & CRYPT_MNT_KEY_UNENCRYPTED) {
2092 /* If the device has no password, then just say the password is valid */
2093 rc = 0;
2094 } else {
Paul Lawrenced0c7b172014-08-08 14:28:10 -07002095 decrypt_master_key(passwd, decrypted_master_key, &crypt_ftr, 0, 0);
Ken Sumrall3ad90722011-10-04 20:38:29 -07002096 if (!memcmp(decrypted_master_key, saved_master_key, crypt_ftr.keysize)) {
2097 /* They match, the password is correct */
2098 rc = 0;
2099 } else {
2100 /* If incorrect, sleep for a bit to prevent dictionary attacks */
2101 sleep(1);
2102 rc = 1;
2103 }
2104 }
2105
2106 return rc;
2107}
2108
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002109/* Initialize a crypt_mnt_ftr structure. The keysize is
2110 * defaulted to 16 bytes, and the filesystem size to 0.
2111 * Presumably, at a minimum, the caller will update the
2112 * filesystem size and crypto_type_name after calling this function.
2113 */
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07002114static int cryptfs_init_crypt_mnt_ftr(struct crypt_mnt_ftr *ftr)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002115{
Ken Sumrall160b4d62013-04-22 12:15:39 -07002116 off64_t off;
2117
2118 memset(ftr, 0, sizeof(struct crypt_mnt_ftr));
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002119 ftr->magic = CRYPT_MNT_MAGIC;
Kenny Rootc96a5f82013-06-14 12:08:28 -07002120 ftr->major_version = CURRENT_MAJOR_VERSION;
2121 ftr->minor_version = CURRENT_MINOR_VERSION;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002122 ftr->ftr_size = sizeof(struct crypt_mnt_ftr);
Jason parks70a4b3f2011-01-28 10:10:47 -06002123 ftr->keysize = KEY_LEN_BYTES;
Ken Sumrall160b4d62013-04-22 12:15:39 -07002124
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07002125 switch (keymaster_check_compatibility()) {
2126 case 1:
2127 ftr->kdf_type = KDF_SCRYPT_KEYMASTER;
2128 break;
2129
2130 case 0:
2131 ftr->kdf_type = KDF_SCRYPT;
2132 break;
2133
2134 default:
2135 SLOGE("keymaster_check_compatibility failed");
2136 return -1;
2137 }
2138
Kenny Rootc4c70f12013-06-14 12:11:38 -07002139 get_device_scrypt_params(ftr);
2140
Ken Sumrall160b4d62013-04-22 12:15:39 -07002141 ftr->persist_data_size = CRYPT_PERSIST_DATA_SIZE;
2142 if (get_crypt_ftr_info(NULL, &off) == 0) {
2143 ftr->persist_data_offset[0] = off + CRYPT_FOOTER_TO_PERSIST_OFFSET;
2144 ftr->persist_data_offset[1] = off + CRYPT_FOOTER_TO_PERSIST_OFFSET +
2145 ftr->persist_data_size;
2146 }
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07002147
2148 return 0;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002149}
2150
Ken Sumrall29d8da82011-05-18 17:20:07 -07002151static int cryptfs_enable_wipe(char *crypto_blkdev, off64_t size, int type)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002152{
Ken Sumralle550f782013-08-20 13:48:23 -07002153 const char *args[10];
2154 char size_str[32]; /* Must be large enough to hold a %lld and null byte */
2155 int num_args;
2156 int status;
2157 int tmp;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002158 int rc = -1;
2159
Ken Sumrall29d8da82011-05-18 17:20:07 -07002160 if (type == EXT4_FS) {
Ken Sumralle550f782013-08-20 13:48:23 -07002161 args[0] = "/system/bin/make_ext4fs";
2162 args[1] = "-a";
2163 args[2] = "/data";
2164 args[3] = "-l";
Elliott Hughes73737162014-06-25 17:27:42 -07002165 snprintf(size_str, sizeof(size_str), "%" PRId64, size * 512);
Ken Sumralle550f782013-08-20 13:48:23 -07002166 args[4] = size_str;
2167 args[5] = crypto_blkdev;
2168 num_args = 6;
2169 SLOGI("Making empty filesystem with command %s %s %s %s %s %s\n",
2170 args[0], args[1], args[2], args[3], args[4], args[5]);
JP Abgrall62c7af32014-06-16 13:01:23 -07002171 } else if (type == F2FS_FS) {
2172 args[0] = "/system/bin/mkfs.f2fs";
2173 args[1] = "-t";
2174 args[2] = "-d1";
2175 args[3] = crypto_blkdev;
Elliott Hughes73737162014-06-25 17:27:42 -07002176 snprintf(size_str, sizeof(size_str), "%" PRId64, size);
JP Abgrall62c7af32014-06-16 13:01:23 -07002177 args[4] = size_str;
2178 num_args = 5;
2179 SLOGI("Making empty filesystem with command %s %s %s %s %s\n",
2180 args[0], args[1], args[2], args[3], args[4]);
Ken Sumrall29d8da82011-05-18 17:20:07 -07002181 } else {
2182 SLOGE("cryptfs_enable_wipe(): unknown filesystem type %d\n", type);
2183 return -1;
2184 }
2185
Ken Sumralle550f782013-08-20 13:48:23 -07002186 tmp = android_fork_execvp(num_args, (char **)args, &status, false, true);
2187
2188 if (tmp != 0) {
2189 SLOGE("Error creating empty filesystem on %s due to logwrap error\n", crypto_blkdev);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002190 } else {
Ken Sumralle550f782013-08-20 13:48:23 -07002191 if (WIFEXITED(status)) {
2192 if (WEXITSTATUS(status)) {
2193 SLOGE("Error creating filesystem on %s, exit status %d ",
2194 crypto_blkdev, WEXITSTATUS(status));
2195 } else {
2196 SLOGD("Successfully created filesystem on %s\n", crypto_blkdev);
2197 rc = 0;
2198 }
2199 } else {
2200 SLOGE("Error creating filesystem on %s, did not exit normally\n", crypto_blkdev);
2201 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002202 }
2203
2204 return rc;
2205}
2206
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002207#define CRYPT_INPLACE_BUFSIZE 4096
Paul Lawrence87999172014-02-20 12:21:31 -08002208#define CRYPT_SECTORS_PER_BUFSIZE (CRYPT_INPLACE_BUFSIZE / CRYPT_SECTOR_SIZE)
2209#define CRYPT_SECTOR_SIZE 512
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002210
2211/* aligned 32K writes tends to make flash happy.
2212 * SD card association recommends it.
2213 */
Ajay Dudani87701e22014-09-17 21:02:52 -07002214#ifndef CONFIG_HW_DISK_ENCRYPTION
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002215#define BLOCKS_AT_A_TIME 8
Ajay Dudani87701e22014-09-17 21:02:52 -07002216#else
2217#define BLOCKS_AT_A_TIME 1024
2218#endif
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002219
2220struct encryptGroupsData
2221{
2222 int realfd;
2223 int cryptofd;
2224 off64_t numblocks;
2225 off64_t one_pct, cur_pct, new_pct;
2226 off64_t blocks_already_done, tot_numblocks;
Paul Lawrence58c58cf2014-06-04 13:12:21 -07002227 off64_t used_blocks_already_done, tot_used_blocks;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002228 char* real_blkdev, * crypto_blkdev;
2229 int count;
2230 off64_t offset;
2231 char* buffer;
Paul Lawrence87999172014-02-20 12:21:31 -08002232 off64_t last_written_sector;
2233 int completed;
Paul Lawrencea96d9c92014-06-04 14:05:01 -07002234 time_t time_started;
2235 int remaining_time;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002236};
2237
Paul Lawrence58c58cf2014-06-04 13:12:21 -07002238static void update_progress(struct encryptGroupsData* data, int is_used)
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002239{
2240 data->blocks_already_done++;
Paul Lawrence58c58cf2014-06-04 13:12:21 -07002241
2242 if (is_used) {
2243 data->used_blocks_already_done++;
2244 }
Paul Lawrence58c58cf2014-06-04 13:12:21 -07002245 if (data->tot_used_blocks) {
2246 data->new_pct = data->used_blocks_already_done / data->one_pct;
2247 } else {
2248 data->new_pct = data->blocks_already_done / data->one_pct;
2249 }
2250
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002251 if (data->new_pct > data->cur_pct) {
2252 char buf[8];
2253 data->cur_pct = data->new_pct;
Elliott Hughescb33f572014-06-25 18:25:11 -07002254 snprintf(buf, sizeof(buf), "%" PRId64, data->cur_pct);
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002255 property_set("vold.encrypt_progress", buf);
2256 }
Paul Lawrencea96d9c92014-06-04 14:05:01 -07002257
2258 if (data->cur_pct >= 5) {
Paul Lawrence9c58a872014-09-30 09:12:51 -07002259 struct timespec time_now;
2260 if (clock_gettime(CLOCK_MONOTONIC, &time_now)) {
2261 SLOGW("Error getting time");
2262 } else {
2263 double elapsed_time = difftime(time_now.tv_sec, data->time_started);
2264 off64_t remaining_blocks = data->tot_used_blocks
2265 - data->used_blocks_already_done;
2266 int remaining_time = (int)(elapsed_time * remaining_blocks
2267 / data->used_blocks_already_done);
Paul Lawrence71577502014-08-13 14:55:55 -07002268
Paul Lawrence9c58a872014-09-30 09:12:51 -07002269 // Change time only if not yet set, lower, or a lot higher for
2270 // best user experience
2271 if (data->remaining_time == -1
2272 || remaining_time < data->remaining_time
2273 || remaining_time > data->remaining_time + 60) {
2274 char buf[8];
2275 snprintf(buf, sizeof(buf), "%d", remaining_time);
2276 property_set("vold.encrypt_time_remaining", buf);
2277 data->remaining_time = remaining_time;
2278 }
Paul Lawrencea96d9c92014-06-04 14:05:01 -07002279 }
2280 }
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002281}
2282
Paul Lawrence3846be12014-09-22 11:33:54 -07002283static void log_progress(struct encryptGroupsData const* data, bool completed)
2284{
2285 // Precondition - if completed data = 0 else data != 0
2286
2287 // Track progress so we can skip logging blocks
2288 static off64_t offset = -1;
2289
2290 // Need to close existing 'Encrypting from' log?
2291 if (completed || (offset != -1 && data->offset != offset)) {
2292 SLOGI("Encrypted to sector %" PRId64,
2293 offset / info.block_size * CRYPT_SECTOR_SIZE);
2294 offset = -1;
2295 }
2296
2297 // Need to start new 'Encrypting from' log?
2298 if (!completed && offset != data->offset) {
2299 SLOGI("Encrypting from sector %" PRId64,
2300 data->offset / info.block_size * CRYPT_SECTOR_SIZE);
2301 }
2302
2303 // Update offset
2304 if (!completed) {
2305 offset = data->offset + (off64_t)data->count * info.block_size;
2306 }
2307}
2308
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002309static int flush_outstanding_data(struct encryptGroupsData* data)
2310{
2311 if (data->count == 0) {
2312 return 0;
2313 }
2314
Elliott Hughes231bdba2014-06-25 18:36:19 -07002315 SLOGV("Copying %d blocks at offset %" PRIx64, data->count, data->offset);
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002316
2317 if (pread64(data->realfd, data->buffer,
2318 info.block_size * data->count, data->offset)
2319 <= 0) {
2320 SLOGE("Error reading real_blkdev %s for inplace encrypt",
2321 data->real_blkdev);
2322 return -1;
2323 }
2324
2325 if (pwrite64(data->cryptofd, data->buffer,
2326 info.block_size * data->count, data->offset)
2327 <= 0) {
2328 SLOGE("Error writing crypto_blkdev %s for inplace encrypt",
2329 data->crypto_blkdev);
2330 return -1;
Paul Lawrence87999172014-02-20 12:21:31 -08002331 } else {
Paul Lawrence3846be12014-09-22 11:33:54 -07002332 log_progress(data, false);
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002333 }
2334
2335 data->count = 0;
Paul Lawrence87999172014-02-20 12:21:31 -08002336 data->last_written_sector = (data->offset + data->count)
2337 / info.block_size * CRYPT_SECTOR_SIZE - 1;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002338 return 0;
2339}
2340
2341static int encrypt_groups(struct encryptGroupsData* data)
2342{
2343 unsigned int i;
2344 u8 *block_bitmap = 0;
2345 unsigned int block;
2346 off64_t ret;
2347 int rc = -1;
2348
2349 data->buffer = malloc(info.block_size * BLOCKS_AT_A_TIME);
2350 if (!data->buffer) {
2351 SLOGE("Failed to allocate crypto buffer");
2352 goto errout;
2353 }
2354
2355 block_bitmap = malloc(info.block_size);
2356 if (!block_bitmap) {
2357 SLOGE("failed to allocate block bitmap");
2358 goto errout;
2359 }
2360
2361 for (i = 0; i < aux_info.groups; ++i) {
2362 SLOGI("Encrypting group %d", i);
2363
2364 u32 first_block = aux_info.first_data_block + i * info.blocks_per_group;
2365 u32 block_count = min(info.blocks_per_group,
2366 aux_info.len_blocks - first_block);
2367
2368 off64_t offset = (u64)info.block_size
2369 * aux_info.bg_desc[i].bg_block_bitmap;
2370
2371 ret = pread64(data->realfd, block_bitmap, info.block_size, offset);
2372 if (ret != (int)info.block_size) {
2373 SLOGE("failed to read all of block group bitmap %d", i);
2374 goto errout;
2375 }
2376
2377 offset = (u64)info.block_size * first_block;
2378
2379 data->count = 0;
2380
2381 for (block = 0; block < block_count; block++) {
Paul Lawrence58c58cf2014-06-04 13:12:21 -07002382 int used = bitmap_get_bit(block_bitmap, block);
2383 update_progress(data, used);
2384 if (used) {
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002385 if (data->count == 0) {
2386 data->offset = offset;
2387 }
2388 data->count++;
2389 } else {
2390 if (flush_outstanding_data(data)) {
2391 goto errout;
2392 }
2393 }
2394
2395 offset += info.block_size;
2396
2397 /* Write data if we are aligned or buffer size reached */
2398 if (offset % (info.block_size * BLOCKS_AT_A_TIME) == 0
2399 || data->count == BLOCKS_AT_A_TIME) {
2400 if (flush_outstanding_data(data)) {
2401 goto errout;
2402 }
2403 }
Paul Lawrence87999172014-02-20 12:21:31 -08002404
Paul Lawrence73d7a022014-06-09 14:10:09 -07002405 if (!is_battery_ok_to_continue()) {
Paul Lawrence87999172014-02-20 12:21:31 -08002406 SLOGE("Stopping encryption due to low battery");
2407 rc = 0;
2408 goto errout;
2409 }
2410
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002411 }
2412 if (flush_outstanding_data(data)) {
2413 goto errout;
2414 }
2415 }
2416
Paul Lawrence87999172014-02-20 12:21:31 -08002417 data->completed = 1;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002418 rc = 0;
2419
2420errout:
Paul Lawrence3846be12014-09-22 11:33:54 -07002421 log_progress(0, true);
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002422 free(data->buffer);
2423 free(block_bitmap);
2424 return rc;
2425}
2426
2427static int cryptfs_enable_inplace_ext4(char *crypto_blkdev,
2428 char *real_blkdev,
2429 off64_t size,
2430 off64_t *size_already_done,
Paul Lawrence87999172014-02-20 12:21:31 -08002431 off64_t tot_size,
2432 off64_t previously_encrypted_upto)
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002433{
Paul Lawrence58c58cf2014-06-04 13:12:21 -07002434 u32 i;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002435 struct encryptGroupsData data;
Paul Lawrence74f29f12014-08-28 15:54:10 -07002436 int rc; // Can't initialize without causing warning -Wclobbered
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002437
Paul Lawrence87999172014-02-20 12:21:31 -08002438 if (previously_encrypted_upto > *size_already_done) {
2439 SLOGD("Not fast encrypting since resuming part way through");
2440 return -1;
2441 }
2442
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002443 memset(&data, 0, sizeof(data));
2444 data.real_blkdev = real_blkdev;
2445 data.crypto_blkdev = crypto_blkdev;
2446
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07002447 if ( (data.realfd = open(real_blkdev, O_RDWR|O_CLOEXEC)) < 0) {
JP Abgrall3334c6a2014-10-10 15:52:11 -07002448 SLOGE("Error opening real_blkdev %s for inplace encrypt. err=%d(%s)\n",
2449 real_blkdev, errno, strerror(errno));
Paul Lawrence74f29f12014-08-28 15:54:10 -07002450 rc = -1;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002451 goto errout;
2452 }
2453
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07002454 if ( (data.cryptofd = open(crypto_blkdev, O_WRONLY|O_CLOEXEC)) < 0) {
JP Abgrall7fc1de82014-10-10 18:43:41 -07002455 SLOGE("Error opening crypto_blkdev %s for ext4 inplace encrypt. err=%d(%s)\n",
JP Abgrall3334c6a2014-10-10 15:52:11 -07002456 crypto_blkdev, errno, strerror(errno));
JP Abgrall7fc1de82014-10-10 18:43:41 -07002457 rc = ENABLE_INPLACE_ERR_DEV;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002458 goto errout;
2459 }
2460
2461 if (setjmp(setjmp_env)) {
JP Abgrall7fc1de82014-10-10 18:43:41 -07002462 SLOGE("Reading ext4 extent caused an exception\n");
Paul Lawrence74f29f12014-08-28 15:54:10 -07002463 rc = -1;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002464 goto errout;
2465 }
2466
2467 if (read_ext(data.realfd, 0) != 0) {
JP Abgrall7fc1de82014-10-10 18:43:41 -07002468 SLOGE("Failed to read ext4 extent\n");
Paul Lawrence74f29f12014-08-28 15:54:10 -07002469 rc = -1;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002470 goto errout;
2471 }
2472
2473 data.numblocks = size / CRYPT_SECTORS_PER_BUFSIZE;
2474 data.tot_numblocks = tot_size / CRYPT_SECTORS_PER_BUFSIZE;
2475 data.blocks_already_done = *size_already_done / CRYPT_SECTORS_PER_BUFSIZE;
2476
JP Abgrall7fc1de82014-10-10 18:43:41 -07002477 SLOGI("Encrypting ext4 filesystem in place...");
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002478
Paul Lawrence58c58cf2014-06-04 13:12:21 -07002479 data.tot_used_blocks = data.numblocks;
2480 for (i = 0; i < aux_info.groups; ++i) {
2481 data.tot_used_blocks -= aux_info.bg_desc[i].bg_free_blocks_count;
2482 }
2483
2484 data.one_pct = data.tot_used_blocks / 100;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002485 data.cur_pct = 0;
Paul Lawrence9c58a872014-09-30 09:12:51 -07002486
2487 struct timespec time_started = {0};
2488 if (clock_gettime(CLOCK_MONOTONIC, &time_started)) {
2489 SLOGW("Error getting time at start");
2490 // Note - continue anyway - we'll run with 0
2491 }
2492 data.time_started = time_started.tv_sec;
Paul Lawrencea96d9c92014-06-04 14:05:01 -07002493 data.remaining_time = -1;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002494
2495 rc = encrypt_groups(&data);
2496 if (rc) {
2497 SLOGE("Error encrypting groups");
2498 goto errout;
2499 }
2500
Paul Lawrence87999172014-02-20 12:21:31 -08002501 *size_already_done += data.completed ? size : data.last_written_sector;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002502 rc = 0;
2503
2504errout:
2505 close(data.realfd);
2506 close(data.cryptofd);
2507
2508 return rc;
2509}
2510
Paul Lawrence3846be12014-09-22 11:33:54 -07002511static void log_progress_f2fs(u64 block, bool completed)
2512{
2513 // Precondition - if completed data = 0 else data != 0
2514
2515 // Track progress so we can skip logging blocks
2516 static u64 last_block = (u64)-1;
2517
2518 // Need to close existing 'Encrypting from' log?
2519 if (completed || (last_block != (u64)-1 && block != last_block + 1)) {
2520 SLOGI("Encrypted to block %" PRId64, last_block);
2521 last_block = -1;
2522 }
2523
2524 // Need to start new 'Encrypting from' log?
2525 if (!completed && (last_block == (u64)-1 || block != last_block + 1)) {
2526 SLOGI("Encrypting from block %" PRId64, block);
2527 }
2528
2529 // Update offset
2530 if (!completed) {
2531 last_block = block;
2532 }
2533}
2534
Daniel Rosenberge82df162014-08-15 22:19:23 +00002535static int encrypt_one_block_f2fs(u64 pos, void *data)
2536{
2537 struct encryptGroupsData *priv_dat = (struct encryptGroupsData *)data;
2538
2539 priv_dat->blocks_already_done = pos - 1;
2540 update_progress(priv_dat, 1);
2541
2542 off64_t offset = pos * CRYPT_INPLACE_BUFSIZE;
2543
2544 if (pread64(priv_dat->realfd, priv_dat->buffer, CRYPT_INPLACE_BUFSIZE, offset) <= 0) {
JP Abgrall7fc1de82014-10-10 18:43:41 -07002545 SLOGE("Error reading real_blkdev %s for f2fs inplace encrypt", priv_dat->crypto_blkdev);
Daniel Rosenberge82df162014-08-15 22:19:23 +00002546 return -1;
2547 }
2548
2549 if (pwrite64(priv_dat->cryptofd, priv_dat->buffer, CRYPT_INPLACE_BUFSIZE, offset) <= 0) {
JP Abgrall7fc1de82014-10-10 18:43:41 -07002550 SLOGE("Error writing crypto_blkdev %s for f2fs inplace encrypt", priv_dat->crypto_blkdev);
Daniel Rosenberge82df162014-08-15 22:19:23 +00002551 return -1;
2552 } else {
Paul Lawrence3846be12014-09-22 11:33:54 -07002553 log_progress_f2fs(pos, false);
Daniel Rosenberge82df162014-08-15 22:19:23 +00002554 }
2555
2556 return 0;
2557}
2558
2559static int cryptfs_enable_inplace_f2fs(char *crypto_blkdev,
2560 char *real_blkdev,
2561 off64_t size,
2562 off64_t *size_already_done,
2563 off64_t tot_size,
2564 off64_t previously_encrypted_upto)
2565{
Daniel Rosenberge82df162014-08-15 22:19:23 +00002566 struct encryptGroupsData data;
2567 struct f2fs_info *f2fs_info = NULL;
JP Abgrall7fc1de82014-10-10 18:43:41 -07002568 int rc = ENABLE_INPLACE_ERR_OTHER;
Daniel Rosenberge82df162014-08-15 22:19:23 +00002569 if (previously_encrypted_upto > *size_already_done) {
2570 SLOGD("Not fast encrypting since resuming part way through");
JP Abgrall7fc1de82014-10-10 18:43:41 -07002571 return ENABLE_INPLACE_ERR_OTHER;
Daniel Rosenberge82df162014-08-15 22:19:23 +00002572 }
2573 memset(&data, 0, sizeof(data));
2574 data.real_blkdev = real_blkdev;
2575 data.crypto_blkdev = crypto_blkdev;
2576 data.realfd = -1;
2577 data.cryptofd = -1;
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07002578 if ( (data.realfd = open64(real_blkdev, O_RDWR|O_CLOEXEC)) < 0) {
JP Abgrall7fc1de82014-10-10 18:43:41 -07002579 SLOGE("Error opening real_blkdev %s for f2fs inplace encrypt\n",
Daniel Rosenberge82df162014-08-15 22:19:23 +00002580 real_blkdev);
2581 goto errout;
2582 }
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07002583 if ( (data.cryptofd = open64(crypto_blkdev, O_WRONLY|O_CLOEXEC)) < 0) {
JP Abgrall7fc1de82014-10-10 18:43:41 -07002584 SLOGE("Error opening crypto_blkdev %s for f2fs inplace encrypt. err=%d(%s)\n",
JP Abgrall3334c6a2014-10-10 15:52:11 -07002585 crypto_blkdev, errno, strerror(errno));
JP Abgrall7fc1de82014-10-10 18:43:41 -07002586 rc = ENABLE_INPLACE_ERR_DEV;
Daniel Rosenberge82df162014-08-15 22:19:23 +00002587 goto errout;
2588 }
2589
2590 f2fs_info = generate_f2fs_info(data.realfd);
2591 if (!f2fs_info)
2592 goto errout;
2593
2594 data.numblocks = size / CRYPT_SECTORS_PER_BUFSIZE;
2595 data.tot_numblocks = tot_size / CRYPT_SECTORS_PER_BUFSIZE;
2596 data.blocks_already_done = *size_already_done / CRYPT_SECTORS_PER_BUFSIZE;
2597
2598 data.tot_used_blocks = get_num_blocks_used(f2fs_info);
2599
2600 data.one_pct = data.tot_used_blocks / 100;
2601 data.cur_pct = 0;
2602 data.time_started = time(NULL);
2603 data.remaining_time = -1;
2604
2605 data.buffer = malloc(f2fs_info->block_size);
2606 if (!data.buffer) {
2607 SLOGE("Failed to allocate crypto buffer");
2608 goto errout;
2609 }
2610
2611 data.count = 0;
2612
2613 /* Currently, this either runs to completion, or hits a nonrecoverable error */
2614 rc = run_on_used_blocks(data.blocks_already_done, f2fs_info, &encrypt_one_block_f2fs, &data);
2615
2616 if (rc) {
JP Abgrall7fc1de82014-10-10 18:43:41 -07002617 SLOGE("Error in running over f2fs blocks");
2618 rc = ENABLE_INPLACE_ERR_OTHER;
Daniel Rosenberge82df162014-08-15 22:19:23 +00002619 goto errout;
2620 }
2621
2622 *size_already_done += size;
2623 rc = 0;
2624
2625errout:
2626 if (rc)
2627 SLOGE("Failed to encrypt f2fs filesystem on %s", real_blkdev);
2628
Paul Lawrence3846be12014-09-22 11:33:54 -07002629 log_progress_f2fs(0, true);
Daniel Rosenberge82df162014-08-15 22:19:23 +00002630 free(f2fs_info);
2631 free(data.buffer);
2632 close(data.realfd);
2633 close(data.cryptofd);
2634
2635 return rc;
2636}
2637
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002638static int cryptfs_enable_inplace_full(char *crypto_blkdev, char *real_blkdev,
2639 off64_t size, off64_t *size_already_done,
Paul Lawrence87999172014-02-20 12:21:31 -08002640 off64_t tot_size,
2641 off64_t previously_encrypted_upto)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002642{
2643 int realfd, cryptofd;
2644 char *buf[CRYPT_INPLACE_BUFSIZE];
JP Abgrall7fc1de82014-10-10 18:43:41 -07002645 int rc = ENABLE_INPLACE_ERR_OTHER;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002646 off64_t numblocks, i, remainder;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002647 off64_t one_pct, cur_pct, new_pct;
Ken Sumrall29d8da82011-05-18 17:20:07 -07002648 off64_t blocks_already_done, tot_numblocks;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002649
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07002650 if ( (realfd = open(real_blkdev, O_RDONLY|O_CLOEXEC)) < 0) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002651 SLOGE("Error opening real_blkdev %s for inplace encrypt\n", real_blkdev);
JP Abgrall7fc1de82014-10-10 18:43:41 -07002652 return ENABLE_INPLACE_ERR_OTHER;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002653 }
2654
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07002655 if ( (cryptofd = open(crypto_blkdev, O_WRONLY|O_CLOEXEC)) < 0) {
JP Abgrall3334c6a2014-10-10 15:52:11 -07002656 SLOGE("Error opening crypto_blkdev %s for inplace encrypt. err=%d(%s)\n",
2657 crypto_blkdev, errno, strerror(errno));
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002658 close(realfd);
JP Abgrall7fc1de82014-10-10 18:43:41 -07002659 return ENABLE_INPLACE_ERR_DEV;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002660 }
2661
2662 /* This is pretty much a simple loop of reading 4K, and writing 4K.
2663 * The size passed in is the number of 512 byte sectors in the filesystem.
2664 * So compute the number of whole 4K blocks we should read/write,
2665 * and the remainder.
2666 */
2667 numblocks = size / CRYPT_SECTORS_PER_BUFSIZE;
2668 remainder = size % CRYPT_SECTORS_PER_BUFSIZE;
Ken Sumrall29d8da82011-05-18 17:20:07 -07002669 tot_numblocks = tot_size / CRYPT_SECTORS_PER_BUFSIZE;
2670 blocks_already_done = *size_already_done / CRYPT_SECTORS_PER_BUFSIZE;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002671
2672 SLOGE("Encrypting filesystem in place...");
2673
Paul Lawrence87999172014-02-20 12:21:31 -08002674 i = previously_encrypted_upto + 1 - *size_already_done;
2675
2676 if (lseek64(realfd, i * CRYPT_SECTOR_SIZE, SEEK_SET) < 0) {
2677 SLOGE("Cannot seek to previously encrypted point on %s", real_blkdev);
2678 goto errout;
2679 }
2680
2681 if (lseek64(cryptofd, i * CRYPT_SECTOR_SIZE, SEEK_SET) < 0) {
2682 SLOGE("Cannot seek to previously encrypted point on %s", crypto_blkdev);
2683 goto errout;
2684 }
2685
2686 for (;i < size && i % CRYPT_SECTORS_PER_BUFSIZE != 0; ++i) {
2687 if (unix_read(realfd, buf, CRYPT_SECTOR_SIZE) <= 0) {
2688 SLOGE("Error reading initial sectors from real_blkdev %s for "
2689 "inplace encrypt\n", crypto_blkdev);
2690 goto errout;
2691 }
2692 if (unix_write(cryptofd, buf, CRYPT_SECTOR_SIZE) <= 0) {
2693 SLOGE("Error writing initial sectors to crypto_blkdev %s for "
2694 "inplace encrypt\n", crypto_blkdev);
2695 goto errout;
2696 } else {
Elliott Hughescb33f572014-06-25 18:25:11 -07002697 SLOGI("Encrypted 1 block at %" PRId64, i);
Paul Lawrence87999172014-02-20 12:21:31 -08002698 }
2699 }
2700
Ken Sumrall29d8da82011-05-18 17:20:07 -07002701 one_pct = tot_numblocks / 100;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002702 cur_pct = 0;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002703 /* process the majority of the filesystem in blocks */
Paul Lawrence87999172014-02-20 12:21:31 -08002704 for (i/=CRYPT_SECTORS_PER_BUFSIZE; i<numblocks; i++) {
Ken Sumrall29d8da82011-05-18 17:20:07 -07002705 new_pct = (i + blocks_already_done) / one_pct;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002706 if (new_pct > cur_pct) {
2707 char buf[8];
2708
2709 cur_pct = new_pct;
Elliott Hughes73737162014-06-25 17:27:42 -07002710 snprintf(buf, sizeof(buf), "%" PRId64, cur_pct);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002711 property_set("vold.encrypt_progress", buf);
2712 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002713 if (unix_read(realfd, buf, CRYPT_INPLACE_BUFSIZE) <= 0) {
Paul Lawrence87999172014-02-20 12:21:31 -08002714 SLOGE("Error reading real_blkdev %s for inplace encrypt", crypto_blkdev);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002715 goto errout;
2716 }
2717 if (unix_write(cryptofd, buf, CRYPT_INPLACE_BUFSIZE) <= 0) {
Paul Lawrence87999172014-02-20 12:21:31 -08002718 SLOGE("Error writing crypto_blkdev %s for inplace encrypt", crypto_blkdev);
2719 goto errout;
2720 } else {
Elliott Hughescb33f572014-06-25 18:25:11 -07002721 SLOGD("Encrypted %d block at %" PRId64,
Paul Lawrence87999172014-02-20 12:21:31 -08002722 CRYPT_SECTORS_PER_BUFSIZE,
2723 i * CRYPT_SECTORS_PER_BUFSIZE);
2724 }
2725
Paul Lawrence73d7a022014-06-09 14:10:09 -07002726 if (!is_battery_ok_to_continue()) {
Paul Lawrence87999172014-02-20 12:21:31 -08002727 SLOGE("Stopping encryption due to low battery");
2728 *size_already_done += (i + 1) * CRYPT_SECTORS_PER_BUFSIZE - 1;
2729 rc = 0;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002730 goto errout;
2731 }
2732 }
2733
2734 /* Do any remaining sectors */
2735 for (i=0; i<remainder; i++) {
Paul Lawrence87999172014-02-20 12:21:31 -08002736 if (unix_read(realfd, buf, CRYPT_SECTOR_SIZE) <= 0) {
2737 SLOGE("Error reading final sectors from real_blkdev %s for inplace encrypt", crypto_blkdev);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002738 goto errout;
2739 }
Paul Lawrence87999172014-02-20 12:21:31 -08002740 if (unix_write(cryptofd, buf, CRYPT_SECTOR_SIZE) <= 0) {
2741 SLOGE("Error writing final sectors to crypto_blkdev %s for inplace encrypt", crypto_blkdev);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002742 goto errout;
Paul Lawrence87999172014-02-20 12:21:31 -08002743 } else {
2744 SLOGI("Encrypted 1 block at next location");
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002745 }
2746 }
2747
Ken Sumrall29d8da82011-05-18 17:20:07 -07002748 *size_already_done += size;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002749 rc = 0;
2750
2751errout:
2752 close(realfd);
2753 close(cryptofd);
2754
2755 return rc;
2756}
2757
JP Abgrall7fc1de82014-10-10 18:43:41 -07002758/* returns on of the ENABLE_INPLACE_* return codes */
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002759static int cryptfs_enable_inplace(char *crypto_blkdev, char *real_blkdev,
2760 off64_t size, off64_t *size_already_done,
Paul Lawrence87999172014-02-20 12:21:31 -08002761 off64_t tot_size,
2762 off64_t previously_encrypted_upto)
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002763{
JP Abgrall7fc1de82014-10-10 18:43:41 -07002764 int rc_ext4, rc_f2fs, rc_full;
Paul Lawrence87999172014-02-20 12:21:31 -08002765 if (previously_encrypted_upto) {
Elliott Hughescb33f572014-06-25 18:25:11 -07002766 SLOGD("Continuing encryption from %" PRId64, previously_encrypted_upto);
Paul Lawrence87999172014-02-20 12:21:31 -08002767 }
2768
2769 if (*size_already_done + size < previously_encrypted_upto) {
2770 *size_already_done += size;
2771 return 0;
2772 }
2773
Daniel Rosenberge82df162014-08-15 22:19:23 +00002774 /* TODO: identify filesystem type.
2775 * As is, cryptfs_enable_inplace_ext4 will fail on an f2fs partition, and
2776 * then we will drop down to cryptfs_enable_inplace_f2fs.
2777 * */
JP Abgrall7fc1de82014-10-10 18:43:41 -07002778 if ((rc_ext4 = cryptfs_enable_inplace_ext4(crypto_blkdev, real_blkdev,
Daniel Rosenberge82df162014-08-15 22:19:23 +00002779 size, size_already_done,
JP Abgrall7fc1de82014-10-10 18:43:41 -07002780 tot_size, previously_encrypted_upto)) == 0) {
Daniel Rosenberge82df162014-08-15 22:19:23 +00002781 return 0;
2782 }
JP Abgrall7fc1de82014-10-10 18:43:41 -07002783 SLOGD("cryptfs_enable_inplace_ext4()=%d\n", rc_ext4);
Daniel Rosenberge82df162014-08-15 22:19:23 +00002784
JP Abgrall7fc1de82014-10-10 18:43:41 -07002785 if ((rc_f2fs = cryptfs_enable_inplace_f2fs(crypto_blkdev, real_blkdev,
Daniel Rosenberge82df162014-08-15 22:19:23 +00002786 size, size_already_done,
JP Abgrall7fc1de82014-10-10 18:43:41 -07002787 tot_size, previously_encrypted_upto)) == 0) {
Daniel Rosenberge82df162014-08-15 22:19:23 +00002788 return 0;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002789 }
JP Abgrall7fc1de82014-10-10 18:43:41 -07002790 SLOGD("cryptfs_enable_inplace_f2fs()=%d\n", rc_f2fs);
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002791
JP Abgrall7fc1de82014-10-10 18:43:41 -07002792 rc_full = cryptfs_enable_inplace_full(crypto_blkdev, real_blkdev,
Paul Lawrence87999172014-02-20 12:21:31 -08002793 size, size_already_done, tot_size,
2794 previously_encrypted_upto);
JP Abgrall7fc1de82014-10-10 18:43:41 -07002795 SLOGD("cryptfs_enable_inplace_full()=%d\n", rc_full);
2796
2797 /* Hack for b/17898962, the following is the symptom... */
2798 if (rc_ext4 == ENABLE_INPLACE_ERR_DEV
2799 && rc_f2fs == ENABLE_INPLACE_ERR_DEV
2800 && rc_full == ENABLE_INPLACE_ERR_DEV) {
2801 return ENABLE_INPLACE_ERR_DEV;
2802 }
2803 return rc_full;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002804}
2805
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002806#define CRYPTO_ENABLE_WIPE 1
2807#define CRYPTO_ENABLE_INPLACE 2
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002808
2809#define FRAMEWORK_BOOT_WAIT 60
2810
Paul Lawrence87999172014-02-20 12:21:31 -08002811static int cryptfs_SHA256_fileblock(const char* filename, __le8* buf)
2812{
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07002813 int fd = open(filename, O_RDONLY|O_CLOEXEC);
Paul Lawrence87999172014-02-20 12:21:31 -08002814 if (fd == -1) {
2815 SLOGE("Error opening file %s", filename);
2816 return -1;
2817 }
2818
2819 char block[CRYPT_INPLACE_BUFSIZE];
2820 memset(block, 0, sizeof(block));
2821 if (unix_read(fd, block, sizeof(block)) < 0) {
2822 SLOGE("Error reading file %s", filename);
2823 close(fd);
2824 return -1;
2825 }
2826
2827 close(fd);
2828
2829 SHA256_CTX c;
2830 SHA256_Init(&c);
2831 SHA256_Update(&c, block, sizeof(block));
2832 SHA256_Final(buf, &c);
2833
2834 return 0;
2835}
2836
JP Abgrall62c7af32014-06-16 13:01:23 -07002837static int get_fs_type(struct fstab_rec *rec)
2838{
2839 if (!strcmp(rec->fs_type, "ext4")) {
2840 return EXT4_FS;
2841 } else if (!strcmp(rec->fs_type, "f2fs")) {
2842 return F2FS_FS;
2843 } else {
2844 return -1;
2845 }
2846}
2847
Paul Lawrence87999172014-02-20 12:21:31 -08002848static int cryptfs_enable_all_volumes(struct crypt_mnt_ftr *crypt_ftr, int how,
2849 char *crypto_blkdev, char *real_blkdev,
2850 int previously_encrypted_upto)
2851{
2852 off64_t cur_encryption_done=0, tot_encryption_size=0;
Tim Murray8439dc92014-12-15 11:56:11 -08002853 int rc = -1;
Paul Lawrence87999172014-02-20 12:21:31 -08002854
Paul Lawrence73d7a022014-06-09 14:10:09 -07002855 if (!is_battery_ok_to_start()) {
2856 SLOGW("Not starting encryption due to low battery");
Paul Lawrence87999172014-02-20 12:21:31 -08002857 return 0;
2858 }
2859
2860 /* The size of the userdata partition, and add in the vold volumes below */
2861 tot_encryption_size = crypt_ftr->fs_size;
2862
2863 if (how == CRYPTO_ENABLE_WIPE) {
JP Abgrall62c7af32014-06-16 13:01:23 -07002864 struct fstab_rec* rec = fs_mgr_get_entry_for_mount_point(fstab, DATA_MNT_POINT);
2865 int fs_type = get_fs_type(rec);
2866 if (fs_type < 0) {
2867 SLOGE("cryptfs_enable: unsupported fs type %s\n", rec->fs_type);
2868 return -1;
2869 }
2870 rc = cryptfs_enable_wipe(crypto_blkdev, crypt_ftr->fs_size, fs_type);
Paul Lawrence87999172014-02-20 12:21:31 -08002871 } else if (how == CRYPTO_ENABLE_INPLACE) {
2872 rc = cryptfs_enable_inplace(crypto_blkdev, real_blkdev,
2873 crypt_ftr->fs_size, &cur_encryption_done,
2874 tot_encryption_size,
2875 previously_encrypted_upto);
2876
JP Abgrall7fc1de82014-10-10 18:43:41 -07002877 if (rc == ENABLE_INPLACE_ERR_DEV) {
2878 /* Hack for b/17898962 */
2879 SLOGE("cryptfs_enable: crypto block dev failure. Must reboot...\n");
2880 cryptfs_reboot(reboot);
2881 }
2882
Paul Lawrence73d7a022014-06-09 14:10:09 -07002883 if (!rc) {
Paul Lawrence87999172014-02-20 12:21:31 -08002884 crypt_ftr->encrypted_upto = cur_encryption_done;
2885 }
2886
Paul Lawrence73d7a022014-06-09 14:10:09 -07002887 if (!rc && crypt_ftr->encrypted_upto == crypt_ftr->fs_size) {
Paul Lawrence87999172014-02-20 12:21:31 -08002888 /* The inplace routine never actually sets the progress to 100% due
2889 * to the round down nature of integer division, so set it here */
2890 property_set("vold.encrypt_progress", "100");
2891 }
2892 } else {
2893 /* Shouldn't happen */
2894 SLOGE("cryptfs_enable: internal error, unknown option\n");
2895 rc = -1;
2896 }
2897
2898 return rc;
2899}
2900
Paul Lawrence13486032014-02-03 13:28:11 -08002901int cryptfs_enable_internal(char *howarg, int crypt_type, char *passwd,
2902 int allow_reboot)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002903{
2904 int how = 0;
Paul Lawrence87999172014-02-20 12:21:31 -08002905 char crypto_blkdev[MAXPATHLEN], real_blkdev[MAXPATHLEN];
Ken Sumrall160b4d62013-04-22 12:15:39 -07002906 unsigned char decrypted_master_key[KEY_LEN_BYTES];
Hiroaki Miyazawa14eab552015-02-04 13:29:15 +09002907 int rc=-1, i;
Paul Lawrence87999172014-02-20 12:21:31 -08002908 struct crypt_mnt_ftr crypt_ftr;
Ken Sumrall160b4d62013-04-22 12:15:39 -07002909 struct crypt_persist_data *pdata;
Ken Sumrall29d8da82011-05-18 17:20:07 -07002910 char encrypted_state[PROPERTY_VALUE_MAX];
Ken Sumrall5d4c68e2011-01-30 19:06:03 -08002911 char lockid[32] = { 0 };
Ken Sumrall29d8da82011-05-18 17:20:07 -07002912 char key_loc[PROPERTY_VALUE_MAX];
Ken Sumrall29d8da82011-05-18 17:20:07 -07002913 int num_vols;
Paul Lawrence87999172014-02-20 12:21:31 -08002914 off64_t previously_encrypted_upto = 0;
Ken Sumrall29d8da82011-05-18 17:20:07 -07002915
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002916 if (!strcmp(howarg, "wipe")) {
2917 how = CRYPTO_ENABLE_WIPE;
2918 } else if (! strcmp(howarg, "inplace")) {
2919 how = CRYPTO_ENABLE_INPLACE;
2920 } else {
2921 /* Shouldn't happen, as CommandListener vets the args */
Ken Sumrall3ed82362011-01-28 23:31:16 -08002922 goto error_unencrypted;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002923 }
2924
Paul Lawrence87999172014-02-20 12:21:31 -08002925 /* See if an encryption was underway and interrupted */
2926 if (how == CRYPTO_ENABLE_INPLACE
2927 && get_crypt_ftr_and_key(&crypt_ftr) == 0
2928 && (crypt_ftr.flags & CRYPT_ENCRYPTION_IN_PROGRESS)) {
2929 previously_encrypted_upto = crypt_ftr.encrypted_upto;
2930 crypt_ftr.encrypted_upto = 0;
Paul Lawrence6bfed202014-07-28 12:47:22 -07002931 crypt_ftr.flags &= ~CRYPT_ENCRYPTION_IN_PROGRESS;
2932
2933 /* At this point, we are in an inconsistent state. Until we successfully
2934 complete encryption, a reboot will leave us broken. So mark the
2935 encryption failed in case that happens.
2936 On successfully completing encryption, remove this flag */
2937 crypt_ftr.flags |= CRYPT_INCONSISTENT_STATE;
2938
2939 put_crypt_ftr_and_key(&crypt_ftr);
Paul Lawrence87999172014-02-20 12:21:31 -08002940 }
2941
2942 property_get("ro.crypto.state", encrypted_state, "");
2943 if (!strcmp(encrypted_state, "encrypted") && !previously_encrypted_upto) {
2944 SLOGE("Device is already running encrypted, aborting");
2945 goto error_unencrypted;
2946 }
2947
2948 // TODO refactor fs_mgr_get_crypt_info to get both in one call
2949 fs_mgr_get_crypt_info(fstab, key_loc, 0, sizeof(key_loc));
Ken Sumrall56ad03c2013-02-13 13:00:19 -08002950 fs_mgr_get_crypt_info(fstab, 0, real_blkdev, sizeof(real_blkdev));
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002951
Ken Sumrall3ed82362011-01-28 23:31:16 -08002952 /* Get the size of the real block device */
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07002953 int fd = open(real_blkdev, O_RDONLY|O_CLOEXEC);
Hiroaki Miyazawa14eab552015-02-04 13:29:15 +09002954 if (fd == -1) {
2955 SLOGE("Cannot open block device %s\n", real_blkdev);
2956 goto error_unencrypted;
2957 }
2958 unsigned long nr_sec;
2959 get_blkdev_size(fd, &nr_sec);
2960 if (nr_sec == 0) {
Ken Sumrall3ed82362011-01-28 23:31:16 -08002961 SLOGE("Cannot get size of block device %s\n", real_blkdev);
2962 goto error_unencrypted;
2963 }
2964 close(fd);
2965
2966 /* If doing inplace encryption, make sure the orig fs doesn't include the crypto footer */
Ken Sumrall29d8da82011-05-18 17:20:07 -07002967 if ((how == CRYPTO_ENABLE_INPLACE) && (!strcmp(key_loc, KEY_IN_FOOTER))) {
Ken Sumrall3ed82362011-01-28 23:31:16 -08002968 unsigned int fs_size_sec, max_fs_size_sec;
Jim Millera70abc62014-08-15 02:00:45 +00002969 fs_size_sec = get_fs_size(real_blkdev);
Daniel Rosenberge82df162014-08-15 22:19:23 +00002970 if (fs_size_sec == 0)
2971 fs_size_sec = get_f2fs_filesystem_size_sec(real_blkdev);
2972
Paul Lawrence87999172014-02-20 12:21:31 -08002973 max_fs_size_sec = nr_sec - (CRYPT_FOOTER_OFFSET / CRYPT_SECTOR_SIZE);
Ken Sumrall3ed82362011-01-28 23:31:16 -08002974
2975 if (fs_size_sec > max_fs_size_sec) {
2976 SLOGE("Orig filesystem overlaps crypto footer region. Cannot encrypt in place.");
2977 goto error_unencrypted;
2978 }
2979 }
2980
Ken Sumrall5d4c68e2011-01-30 19:06:03 -08002981 /* Get a wakelock as this may take a while, and we don't want the
2982 * device to sleep on us. We'll grab a partial wakelock, and if the UI
2983 * wants to keep the screen on, it can grab a full wakelock.
2984 */
Ken Sumrall29d8da82011-05-18 17:20:07 -07002985 snprintf(lockid, sizeof(lockid), "enablecrypto%d", (int) getpid());
Ken Sumrall5d4c68e2011-01-30 19:06:03 -08002986 acquire_wake_lock(PARTIAL_WAKE_LOCK, lockid);
2987
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002988 /* The init files are setup to stop the class main and late start when
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002989 * vold sets trigger_shutdown_framework.
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002990 */
2991 property_set("vold.decrypt", "trigger_shutdown_framework");
2992 SLOGD("Just asked init to shut down class main\n");
2993
Jeff Sharkey9c484982015-03-31 10:35:33 -07002994 /* Ask vold to unmount all devices that it manages */
2995 if (vold_unmountAll()) {
2996 SLOGE("Failed to unmount all vold managed devices");
Ken Sumrall2eaf7132011-01-14 12:45:48 -08002997 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002998
2999 /* Now unmount the /data partition. */
Greg Hackmann6e8440f2014-10-02 17:18:20 -07003000 if (wait_and_unmount(DATA_MNT_POINT, false)) {
JP Abgrall502dc742013-11-01 13:06:20 -07003001 if (allow_reboot) {
3002 goto error_shutting_down;
3003 } else {
3004 goto error_unencrypted;
3005 }
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003006 }
3007
3008 /* Do extra work for a better UX when doing the long inplace encryption */
3009 if (how == CRYPTO_ENABLE_INPLACE) {
3010 /* Now that /data is unmounted, we need to mount a tmpfs
3011 * /data, set a property saying we're doing inplace encryption,
3012 * and restart the framework.
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003013 */
Ken Sumralle5032c42012-04-01 23:58:44 -07003014 if (fs_mgr_do_tmpfs_mount(DATA_MNT_POINT)) {
Ken Sumrall3ed82362011-01-28 23:31:16 -08003015 goto error_shutting_down;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003016 }
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003017 /* Tells the framework that inplace encryption is starting */
Ken Sumrall7df84122011-01-18 14:04:08 -08003018 property_set("vold.encrypt_progress", "0");
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003019
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003020 /* restart the framework. */
3021 /* Create necessary paths on /data */
3022 if (prep_data_fs()) {
Ken Sumrall3ed82362011-01-28 23:31:16 -08003023 goto error_shutting_down;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003024 }
3025
Ken Sumrall92736ef2012-10-17 20:57:14 -07003026 /* Ugh, shutting down the framework is not synchronous, so until it
3027 * can be fixed, this horrible hack will wait a moment for it all to
3028 * shut down before proceeding. Without it, some devices cannot
3029 * restart the graphics services.
3030 */
3031 sleep(2);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003032 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003033
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003034 /* Start the actual work of making an encrypted filesystem */
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003035 /* Initialize a crypt_mnt_ftr for the partition */
Paul Lawrence87999172014-02-20 12:21:31 -08003036 if (previously_encrypted_upto == 0) {
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07003037 if (cryptfs_init_crypt_mnt_ftr(&crypt_ftr)) {
3038 goto error_shutting_down;
3039 }
Ken Sumrall160b4d62013-04-22 12:15:39 -07003040
Paul Lawrence87999172014-02-20 12:21:31 -08003041 if (!strcmp(key_loc, KEY_IN_FOOTER)) {
3042 crypt_ftr.fs_size = nr_sec
3043 - (CRYPT_FOOTER_OFFSET / CRYPT_SECTOR_SIZE);
3044 } else {
3045 crypt_ftr.fs_size = nr_sec;
3046 }
Paul Lawrence6bfed202014-07-28 12:47:22 -07003047 /* At this point, we are in an inconsistent state. Until we successfully
3048 complete encryption, a reboot will leave us broken. So mark the
3049 encryption failed in case that happens.
3050 On successfully completing encryption, remove this flag */
3051 crypt_ftr.flags |= CRYPT_INCONSISTENT_STATE;
Paul Lawrence87999172014-02-20 12:21:31 -08003052 crypt_ftr.crypt_type = crypt_type;
Ajay Dudani87701e22014-09-17 21:02:52 -07003053#ifndef CONFIG_HW_DISK_ENCRYPTION
3054 strlcpy((char *)crypt_ftr.crypto_type_name, "aes-cbc-essiv:sha256", MAX_CRYPTO_TYPE_NAME_LEN);
3055#else
3056 strlcpy((char *)crypt_ftr.crypto_type_name, "aes-xts", MAX_CRYPTO_TYPE_NAME_LEN);
3057
Iliyan Malchevbb7d9af2014-11-20 18:42:23 -08003058 rc = clear_hw_device_encryption_key();
Ajay Dudani87701e22014-09-17 21:02:52 -07003059 if (!rc) {
3060 SLOGE("Error clearing device encryption hardware key. rc = %d", rc);
3061 }
3062
3063 rc = set_hw_device_encryption_key(passwd,
3064 (char*) crypt_ftr.crypto_type_name);
3065 if (!rc) {
3066 SLOGE("Error initializing device encryption hardware key. rc = %d", rc);
3067 goto error_shutting_down;
3068 }
3069#endif
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003070
Paul Lawrence87999172014-02-20 12:21:31 -08003071 /* Make an encrypted master key */
3072 if (create_encrypted_random_key(passwd, crypt_ftr.master_key, crypt_ftr.salt, &crypt_ftr)) {
3073 SLOGE("Cannot create encrypted master key\n");
3074 goto error_shutting_down;
3075 }
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003076
Paul Lawrence87999172014-02-20 12:21:31 -08003077 /* Write the key to the end of the partition */
3078 put_crypt_ftr_and_key(&crypt_ftr);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003079
Paul Lawrence87999172014-02-20 12:21:31 -08003080 /* If any persistent data has been remembered, save it.
3081 * If none, create a valid empty table and save that.
3082 */
3083 if (!persist_data) {
3084 pdata = malloc(CRYPT_PERSIST_DATA_SIZE);
3085 if (pdata) {
3086 init_empty_persist_data(pdata, CRYPT_PERSIST_DATA_SIZE);
3087 persist_data = pdata;
3088 }
3089 }
3090 if (persist_data) {
3091 save_persistent_data();
3092 }
Ken Sumrall160b4d62013-04-22 12:15:39 -07003093 }
3094
Ajay Dudani87701e22014-09-17 21:02:52 -07003095 if (how == CRYPTO_ENABLE_INPLACE) {
3096 /* startup service classes main and late_start */
3097 property_set("vold.decrypt", "trigger_restart_min_framework");
3098 SLOGD("Just triggered restart_min_framework\n");
3099
3100 /* OK, the framework is restarted and will soon be showing a
3101 * progress bar. Time to setup an encrypted mapping, and
3102 * either write a new filesystem, or encrypt in place updating
3103 * the progress bar as we work.
3104 */
3105 }
3106
Paul Lawrenced0c7b172014-08-08 14:28:10 -07003107 decrypt_master_key(passwd, decrypted_master_key, &crypt_ftr, 0, 0);
Ken Sumrall29d8da82011-05-18 17:20:07 -07003108 create_crypto_blk_dev(&crypt_ftr, decrypted_master_key, real_blkdev, crypto_blkdev,
3109 "userdata");
3110
Paul Lawrence87999172014-02-20 12:21:31 -08003111 /* If we are continuing, check checksums match */
3112 rc = 0;
3113 if (previously_encrypted_upto) {
3114 __le8 hash_first_block[SHA256_DIGEST_LENGTH];
3115 rc = cryptfs_SHA256_fileblock(crypto_blkdev, hash_first_block);
Ken Sumrall128626f2011-06-28 18:45:14 -07003116
Paul Lawrence87999172014-02-20 12:21:31 -08003117 if (!rc && memcmp(hash_first_block, crypt_ftr.hash_first_block,
3118 sizeof(hash_first_block)) != 0) {
3119 SLOGE("Checksums do not match - trigger wipe");
3120 rc = -1;
Ken Sumrall29d8da82011-05-18 17:20:07 -07003121 }
3122 }
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003123
Paul Lawrence87999172014-02-20 12:21:31 -08003124 if (!rc) {
3125 rc = cryptfs_enable_all_volumes(&crypt_ftr, how,
3126 crypto_blkdev, real_blkdev,
3127 previously_encrypted_upto);
3128 }
3129
3130 /* Calculate checksum if we are not finished */
Paul Lawrenceb1eb7a02014-11-25 14:57:32 -08003131 if (!rc && how == CRYPTO_ENABLE_INPLACE
3132 && crypt_ftr.encrypted_upto != crypt_ftr.fs_size) {
Paul Lawrence87999172014-02-20 12:21:31 -08003133 rc = cryptfs_SHA256_fileblock(crypto_blkdev,
3134 crypt_ftr.hash_first_block);
Paul Lawrence73d7a022014-06-09 14:10:09 -07003135 if (rc) {
Paul Lawrence87999172014-02-20 12:21:31 -08003136 SLOGE("Error calculating checksum for continuing encryption");
3137 rc = -1;
Ken Sumrall29d8da82011-05-18 17:20:07 -07003138 }
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003139 }
3140
3141 /* Undo the dm-crypt mapping whether we succeed or not */
Ken Sumrall29d8da82011-05-18 17:20:07 -07003142 delete_crypto_blk_dev("userdata");
Ken Sumrall29d8da82011-05-18 17:20:07 -07003143
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003144 if (! rc) {
3145 /* Success */
Paul Lawrence6bfed202014-07-28 12:47:22 -07003146 crypt_ftr.flags &= ~CRYPT_INCONSISTENT_STATE;
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08003147
Paul Lawrenceb1eb7a02014-11-25 14:57:32 -08003148 if (how == CRYPTO_ENABLE_INPLACE
3149 && crypt_ftr.encrypted_upto != crypt_ftr.fs_size) {
Paul Lawrence87999172014-02-20 12:21:31 -08003150 SLOGD("Encrypted up to sector %lld - will continue after reboot",
3151 crypt_ftr.encrypted_upto);
Paul Lawrence6bfed202014-07-28 12:47:22 -07003152 crypt_ftr.flags |= CRYPT_ENCRYPTION_IN_PROGRESS;
Paul Lawrence87999172014-02-20 12:21:31 -08003153 }
Paul Lawrence73d7a022014-06-09 14:10:09 -07003154
Paul Lawrence6bfed202014-07-28 12:47:22 -07003155 put_crypt_ftr_and_key(&crypt_ftr);
Ken Sumralld33d4172011-02-01 00:49:13 -08003156
Paul Lawrenceb1eb7a02014-11-25 14:57:32 -08003157 if (how == CRYPTO_ENABLE_WIPE
3158 || crypt_ftr.encrypted_upto == crypt_ftr.fs_size) {
Paul Lawrenceb6672e12014-08-15 07:37:28 -07003159 char value[PROPERTY_VALUE_MAX];
3160 property_get("ro.crypto.state", value, "");
3161 if (!strcmp(value, "")) {
3162 /* default encryption - continue first boot sequence */
3163 property_set("ro.crypto.state", "encrypted");
3164 release_wake_lock(lockid);
3165 cryptfs_check_passwd(DEFAULT_PASSWORD);
3166 cryptfs_restart_internal(1);
3167 return 0;
3168 } else {
3169 sleep(2); /* Give the UI a chance to show 100% progress */
Paul Lawrence87999172014-02-20 12:21:31 -08003170 cryptfs_reboot(reboot);
Paul Lawrenceb6672e12014-08-15 07:37:28 -07003171 }
Paul Lawrence87999172014-02-20 12:21:31 -08003172 } else {
Paul Lawrenceb6672e12014-08-15 07:37:28 -07003173 sleep(2); /* Partially encrypted, ensure writes flushed to ssd */
Paul Lawrence87999172014-02-20 12:21:31 -08003174 cryptfs_reboot(shutdown);
3175 }
Ken Sumrall3ed82362011-01-28 23:31:16 -08003176 } else {
Mike Lockwoodee6d8c42012-02-15 13:43:28 -08003177 char value[PROPERTY_VALUE_MAX];
3178
Ken Sumrall319369a2012-06-27 16:30:18 -07003179 property_get("ro.vold.wipe_on_crypt_fail", value, "0");
Mike Lockwoodee6d8c42012-02-15 13:43:28 -08003180 if (!strcmp(value, "1")) {
3181 /* wipe data if encryption failed */
3182 SLOGE("encryption failed - rebooting into recovery to wipe data\n");
3183 mkdir("/cache/recovery", 0700);
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07003184 int fd = open("/cache/recovery/command", O_RDWR|O_CREAT|O_TRUNC|O_CLOEXEC, 0600);
Mike Lockwoodee6d8c42012-02-15 13:43:28 -08003185 if (fd >= 0) {
Jeff Sharkeydd1a8042014-09-24 11:46:51 -07003186 write(fd, "--wipe_data\n", strlen("--wipe_data\n") + 1);
3187 write(fd, "--reason=cryptfs_enable_internal\n", strlen("--reason=cryptfs_enable_internal\n") + 1);
Mike Lockwoodee6d8c42012-02-15 13:43:28 -08003188 close(fd);
3189 } else {
3190 SLOGE("could not open /cache/recovery/command\n");
3191 }
Paul Lawrence87999172014-02-20 12:21:31 -08003192 cryptfs_reboot(recovery);
Mike Lockwoodee6d8c42012-02-15 13:43:28 -08003193 } else {
3194 /* set property to trigger dialog */
3195 property_set("vold.encrypt_progress", "error_partially_encrypted");
3196 release_wake_lock(lockid);
3197 }
Ken Sumrall3ed82362011-01-28 23:31:16 -08003198 return -1;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003199 }
3200
Ken Sumrall3ed82362011-01-28 23:31:16 -08003201 /* hrm, the encrypt step claims success, but the reboot failed.
3202 * This should not happen.
3203 * Set the property and return. Hope the framework can deal with it.
3204 */
3205 property_set("vold.encrypt_progress", "error_reboot_failed");
Ken Sumrall5d4c68e2011-01-30 19:06:03 -08003206 release_wake_lock(lockid);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003207 return rc;
Ken Sumrall3ed82362011-01-28 23:31:16 -08003208
3209error_unencrypted:
3210 property_set("vold.encrypt_progress", "error_not_encrypted");
Ken Sumrall5d4c68e2011-01-30 19:06:03 -08003211 if (lockid[0]) {
3212 release_wake_lock(lockid);
3213 }
Ken Sumrall3ed82362011-01-28 23:31:16 -08003214 return -1;
3215
3216error_shutting_down:
3217 /* we failed, and have not encrypted anthing, so the users's data is still intact,
3218 * but the framework is stopped and not restarted to show the error, so it's up to
3219 * vold to restart the system.
3220 */
3221 SLOGE("Error enabling encryption after framework is shutdown, no data changed, restarting system");
Paul Lawrence87999172014-02-20 12:21:31 -08003222 cryptfs_reboot(reboot);
Ken Sumrall3ed82362011-01-28 23:31:16 -08003223
3224 /* shouldn't get here */
3225 property_set("vold.encrypt_progress", "error_shutting_down");
Ken Sumrall5d4c68e2011-01-30 19:06:03 -08003226 if (lockid[0]) {
3227 release_wake_lock(lockid);
3228 }
Ken Sumrall3ed82362011-01-28 23:31:16 -08003229 return -1;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003230}
3231
Paul Lawrence45f10532014-04-04 18:11:56 +00003232int cryptfs_enable(char *howarg, int type, char *passwd, int allow_reboot)
Paul Lawrence13486032014-02-03 13:28:11 -08003233{
Paul Lawrence3bd36d52015-06-09 13:37:44 -07003234 return cryptfs_enable_internal(howarg, type, passwd, allow_reboot);
Paul Lawrence13486032014-02-03 13:28:11 -08003235}
3236
3237int cryptfs_enable_default(char *howarg, int allow_reboot)
3238{
3239 return cryptfs_enable_internal(howarg, CRYPT_TYPE_DEFAULT,
3240 DEFAULT_PASSWORD, allow_reboot);
3241}
3242
3243int cryptfs_changepw(int crypt_type, const char *newpw)
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003244{
Paul Lawrence05335c32015-03-05 09:46:23 -08003245 if (e4crypt_crypto_complete(DATA_MNT_POINT) == 0) {
3246 return e4crypt_change_password(DATA_MNT_POINT, crypt_type, newpw);
3247 }
3248
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003249 struct crypt_mnt_ftr crypt_ftr;
JP Abgrall933216c2015-02-11 13:44:32 -08003250 int rc;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003251
3252 /* This is only allowed after we've successfully decrypted the master key */
Paul Lawrencef4faa572014-01-29 13:31:03 -08003253 if (!master_key_saved) {
Ken Sumrall0cc16632011-01-18 20:32:26 -08003254 SLOGE("Key not saved, aborting");
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003255 return -1;
3256 }
3257
Paul Lawrencef4faa572014-01-29 13:31:03 -08003258 if (crypt_type < 0 || crypt_type > CRYPT_TYPE_MAX_TYPE) {
3259 SLOGE("Invalid crypt_type %d", crypt_type);
3260 return -1;
3261 }
3262
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003263 /* get key */
Ken Sumrall160b4d62013-04-22 12:15:39 -07003264 if (get_crypt_ftr_and_key(&crypt_ftr)) {
Paul Lawrencef4faa572014-01-29 13:31:03 -08003265 SLOGE("Error getting crypt footer and key");
3266 return -1;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003267 }
3268
Paul Lawrencef4faa572014-01-29 13:31:03 -08003269 crypt_ftr.crypt_type = crypt_type;
3270
JP Abgrall933216c2015-02-11 13:44:32 -08003271 rc = encrypt_master_key(crypt_type == CRYPT_TYPE_DEFAULT ? DEFAULT_PASSWORD
Paul Lawrencef4faa572014-01-29 13:31:03 -08003272 : newpw,
3273 crypt_ftr.salt,
3274 saved_master_key,
3275 crypt_ftr.master_key,
3276 &crypt_ftr);
JP Abgrall933216c2015-02-11 13:44:32 -08003277 if (rc) {
3278 SLOGE("Encrypt master key failed: %d", rc);
3279 return -1;
3280 }
Jason parks70a4b3f2011-01-28 10:10:47 -06003281 /* save the key */
Ken Sumrall160b4d62013-04-22 12:15:39 -07003282 put_crypt_ftr_and_key(&crypt_ftr);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003283
Ajay Dudani87701e22014-09-17 21:02:52 -07003284#ifdef CONFIG_HW_DISK_ENCRYPTION
Iliyan Malchevbb7d9af2014-11-20 18:42:23 -08003285 if (!strcmp((char *)crypt_ftr.crypto_type_name, "aes-xts")) {
3286 if (crypt_type == CRYPT_TYPE_DEFAULT) {
3287 int rc = update_hw_device_encryption_key(DEFAULT_PASSWORD, (char*) crypt_ftr.crypto_type_name);
3288 SLOGD("Update hardware encryption key to default for crypt_type: %d. rc = %d", crypt_type, rc);
3289 if (!rc)
3290 return -1;
3291 } else {
3292 int rc = update_hw_device_encryption_key(newpw, (char*) crypt_ftr.crypto_type_name);
3293 SLOGD("Update hardware encryption key for crypt_type: %d. rc = %d", crypt_type, rc);
3294 if (!rc)
3295 return -1;
3296 }
Ajay Dudani87701e22014-09-17 21:02:52 -07003297 }
3298#endif
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003299 return 0;
3300}
Ken Sumrall160b4d62013-04-22 12:15:39 -07003301
Rubin Xu85c01f92014-10-13 12:49:54 +01003302static unsigned int persist_get_max_entries(int encrypted) {
3303 struct crypt_mnt_ftr crypt_ftr;
3304 unsigned int dsize;
3305 unsigned int max_persistent_entries;
3306
3307 /* If encrypted, use the values from the crypt_ftr, otherwise
3308 * use the values for the current spec.
3309 */
3310 if (encrypted) {
3311 if (get_crypt_ftr_and_key(&crypt_ftr)) {
3312 return -1;
3313 }
3314 dsize = crypt_ftr.persist_data_size;
3315 } else {
3316 dsize = CRYPT_PERSIST_DATA_SIZE;
3317 }
3318
3319 max_persistent_entries = (dsize - sizeof(struct crypt_persist_data)) /
3320 sizeof(struct crypt_persist_entry);
3321
3322 return max_persistent_entries;
3323}
3324
3325static int persist_get_key(const char *fieldname, char *value)
Ken Sumrall160b4d62013-04-22 12:15:39 -07003326{
3327 unsigned int i;
3328
3329 if (persist_data == NULL) {
3330 return -1;
3331 }
3332 for (i = 0; i < persist_data->persist_valid_entries; i++) {
3333 if (!strncmp(persist_data->persist_entry[i].key, fieldname, PROPERTY_KEY_MAX)) {
3334 /* We found it! */
3335 strlcpy(value, persist_data->persist_entry[i].val, PROPERTY_VALUE_MAX);
3336 return 0;
3337 }
3338 }
3339
3340 return -1;
3341}
3342
Rubin Xu85c01f92014-10-13 12:49:54 +01003343static int persist_set_key(const char *fieldname, const char *value, int encrypted)
Ken Sumrall160b4d62013-04-22 12:15:39 -07003344{
3345 unsigned int i;
3346 unsigned int num;
Ken Sumrall160b4d62013-04-22 12:15:39 -07003347 unsigned int max_persistent_entries;
Ken Sumrall160b4d62013-04-22 12:15:39 -07003348
3349 if (persist_data == NULL) {
3350 return -1;
3351 }
3352
Rubin Xu85c01f92014-10-13 12:49:54 +01003353 max_persistent_entries = persist_get_max_entries(encrypted);
Ken Sumrall160b4d62013-04-22 12:15:39 -07003354
3355 num = persist_data->persist_valid_entries;
3356
3357 for (i = 0; i < num; i++) {
3358 if (!strncmp(persist_data->persist_entry[i].key, fieldname, PROPERTY_KEY_MAX)) {
3359 /* We found an existing entry, update it! */
3360 memset(persist_data->persist_entry[i].val, 0, PROPERTY_VALUE_MAX);
3361 strlcpy(persist_data->persist_entry[i].val, value, PROPERTY_VALUE_MAX);
3362 return 0;
3363 }
3364 }
3365
3366 /* We didn't find it, add it to the end, if there is room */
3367 if (persist_data->persist_valid_entries < max_persistent_entries) {
3368 memset(&persist_data->persist_entry[num], 0, sizeof(struct crypt_persist_entry));
3369 strlcpy(persist_data->persist_entry[num].key, fieldname, PROPERTY_KEY_MAX);
3370 strlcpy(persist_data->persist_entry[num].val, value, PROPERTY_VALUE_MAX);
3371 persist_data->persist_valid_entries++;
3372 return 0;
3373 }
3374
3375 return -1;
3376}
3377
Rubin Xu85c01f92014-10-13 12:49:54 +01003378/**
3379 * Test if key is part of the multi-entry (field, index) sequence. Return non-zero if key is in the
3380 * sequence and its index is greater than or equal to index. Return 0 otherwise.
3381 */
3382static int match_multi_entry(const char *key, const char *field, unsigned index) {
Rubin Xu85c01f92014-10-13 12:49:54 +01003383 unsigned int field_len;
3384 unsigned int key_index;
3385 field_len = strlen(field);
3386
3387 if (index == 0) {
3388 // The first key in a multi-entry field is just the filedname itself.
3389 if (!strcmp(key, field)) {
3390 return 1;
3391 }
3392 }
3393 // Match key against "%s_%d" % (field, index)
3394 if (strlen(key) < field_len + 1 + 1) {
3395 // Need at least a '_' and a digit.
3396 return 0;
3397 }
3398 if (strncmp(key, field, field_len)) {
3399 // If the key does not begin with field, it's not a match.
3400 return 0;
3401 }
3402 if (1 != sscanf(&key[field_len],"_%d", &key_index)) {
3403 return 0;
3404 }
3405 return key_index >= index;
3406}
3407
3408/*
3409 * Delete entry/entries from persist_data. If the entries are part of a multi-segment field, all
3410 * remaining entries starting from index will be deleted.
3411 * returns PERSIST_DEL_KEY_OK if deletion succeeds,
3412 * PERSIST_DEL_KEY_ERROR_NO_FIELD if the field does not exist,
3413 * and PERSIST_DEL_KEY_ERROR_OTHER if error occurs.
3414 *
3415 */
3416static int persist_del_keys(const char *fieldname, unsigned index)
3417{
3418 unsigned int i;
3419 unsigned int j;
3420 unsigned int num;
3421
3422 if (persist_data == NULL) {
3423 return PERSIST_DEL_KEY_ERROR_OTHER;
3424 }
3425
3426 num = persist_data->persist_valid_entries;
3427
3428 j = 0; // points to the end of non-deleted entries.
3429 // Filter out to-be-deleted entries in place.
3430 for (i = 0; i < num; i++) {
3431 if (!match_multi_entry(persist_data->persist_entry[i].key, fieldname, index)) {
3432 persist_data->persist_entry[j] = persist_data->persist_entry[i];
3433 j++;
3434 }
3435 }
3436
3437 if (j < num) {
3438 persist_data->persist_valid_entries = j;
3439 // Zeroise the remaining entries
3440 memset(&persist_data->persist_entry[j], 0, (num - j) * sizeof(struct crypt_persist_entry));
3441 return PERSIST_DEL_KEY_OK;
3442 } else {
3443 // Did not find an entry matching the given fieldname
3444 return PERSIST_DEL_KEY_ERROR_NO_FIELD;
3445 }
3446}
3447
3448static int persist_count_keys(const char *fieldname)
3449{
3450 unsigned int i;
3451 unsigned int count;
3452
3453 if (persist_data == NULL) {
3454 return -1;
3455 }
3456
3457 count = 0;
3458 for (i = 0; i < persist_data->persist_valid_entries; i++) {
3459 if (match_multi_entry(persist_data->persist_entry[i].key, fieldname, 0)) {
3460 count++;
3461 }
3462 }
3463
3464 return count;
3465}
3466
Ken Sumrall160b4d62013-04-22 12:15:39 -07003467/* Return the value of the specified field. */
Rubin Xu85c01f92014-10-13 12:49:54 +01003468int cryptfs_getfield(const char *fieldname, char *value, int len)
Ken Sumrall160b4d62013-04-22 12:15:39 -07003469{
Paul Lawrence368d7942015-04-15 14:12:00 -07003470 if (e4crypt_crypto_complete(DATA_MNT_POINT) == 0) {
3471 return e4crypt_get_field(DATA_MNT_POINT, fieldname, value, len);
3472 }
3473
Ken Sumrall160b4d62013-04-22 12:15:39 -07003474 char temp_value[PROPERTY_VALUE_MAX];
Rubin Xu85c01f92014-10-13 12:49:54 +01003475 /* CRYPTO_GETFIELD_OK is success,
3476 * CRYPTO_GETFIELD_ERROR_NO_FIELD is value not set,
3477 * CRYPTO_GETFIELD_ERROR_BUF_TOO_SMALL is buffer (as given by len) too small,
3478 * CRYPTO_GETFIELD_ERROR_OTHER is any other error
Ken Sumrall160b4d62013-04-22 12:15:39 -07003479 */
Rubin Xu85c01f92014-10-13 12:49:54 +01003480 int rc = CRYPTO_GETFIELD_ERROR_OTHER;
3481 int i;
3482 char temp_field[PROPERTY_KEY_MAX];
Ken Sumrall160b4d62013-04-22 12:15:39 -07003483
3484 if (persist_data == NULL) {
3485 load_persistent_data();
3486 if (persist_data == NULL) {
3487 SLOGE("Getfield error, cannot load persistent data");
3488 goto out;
3489 }
3490 }
3491
Rubin Xu85c01f92014-10-13 12:49:54 +01003492 // Read value from persistent entries. If the original value is split into multiple entries,
3493 // stitch them back together.
Ken Sumrall160b4d62013-04-22 12:15:39 -07003494 if (!persist_get_key(fieldname, temp_value)) {
Rubin Xu85c01f92014-10-13 12:49:54 +01003495 // We found it, copy it to the caller's buffer and keep going until all entries are read.
3496 if (strlcpy(value, temp_value, len) >= (unsigned) len) {
3497 // value too small
3498 rc = CRYPTO_GETFIELD_ERROR_BUF_TOO_SMALL;
3499 goto out;
3500 }
3501 rc = CRYPTO_GETFIELD_OK;
3502
3503 for (i = 1; /* break explicitly */; i++) {
3504 if (snprintf(temp_field, sizeof(temp_field), "%s_%d", fieldname, i) >=
3505 (int) sizeof(temp_field)) {
3506 // If the fieldname is very long, we stop as soon as it begins to overflow the
3507 // maximum field length. At this point we have in fact fully read out the original
3508 // value because cryptfs_setfield would not allow fields with longer names to be
3509 // written in the first place.
3510 break;
3511 }
3512 if (!persist_get_key(temp_field, temp_value)) {
3513 if (strlcat(value, temp_value, len) >= (unsigned)len) {
3514 // value too small.
3515 rc = CRYPTO_GETFIELD_ERROR_BUF_TOO_SMALL;
3516 goto out;
3517 }
3518 } else {
3519 // Exhaust all entries.
3520 break;
3521 }
3522 }
Ken Sumrall160b4d62013-04-22 12:15:39 -07003523 } else {
3524 /* Sadness, it's not there. Return the error */
Rubin Xu85c01f92014-10-13 12:49:54 +01003525 rc = CRYPTO_GETFIELD_ERROR_NO_FIELD;
Ken Sumrall160b4d62013-04-22 12:15:39 -07003526 }
3527
3528out:
3529 return rc;
3530}
3531
3532/* Set the value of the specified field. */
Rubin Xu85c01f92014-10-13 12:49:54 +01003533int cryptfs_setfield(const char *fieldname, const char *value)
Ken Sumrall160b4d62013-04-22 12:15:39 -07003534{
Paul Lawrence368d7942015-04-15 14:12:00 -07003535 if (e4crypt_crypto_complete(DATA_MNT_POINT) == 0) {
3536 return e4crypt_set_field(DATA_MNT_POINT, fieldname, value);
3537 }
3538
Ken Sumrall160b4d62013-04-22 12:15:39 -07003539 char encrypted_state[PROPERTY_VALUE_MAX];
Rubin Xu85c01f92014-10-13 12:49:54 +01003540 /* 0 is success, negative values are error */
3541 int rc = CRYPTO_SETFIELD_ERROR_OTHER;
Ken Sumrall160b4d62013-04-22 12:15:39 -07003542 int encrypted = 0;
Rubin Xu85c01f92014-10-13 12:49:54 +01003543 unsigned int field_id;
3544 char temp_field[PROPERTY_KEY_MAX];
3545 unsigned int num_entries;
3546 unsigned int max_keylen;
Ken Sumrall160b4d62013-04-22 12:15:39 -07003547
3548 if (persist_data == NULL) {
3549 load_persistent_data();
3550 if (persist_data == NULL) {
3551 SLOGE("Setfield error, cannot load persistent data");
3552 goto out;
3553 }
3554 }
3555
3556 property_get("ro.crypto.state", encrypted_state, "");
3557 if (!strcmp(encrypted_state, "encrypted") ) {
3558 encrypted = 1;
3559 }
3560
Rubin Xu85c01f92014-10-13 12:49:54 +01003561 // Compute the number of entries required to store value, each entry can store up to
3562 // (PROPERTY_VALUE_MAX - 1) chars
3563 if (strlen(value) == 0) {
3564 // Empty value also needs one entry to store.
3565 num_entries = 1;
3566 } else {
3567 num_entries = (strlen(value) + (PROPERTY_VALUE_MAX - 1) - 1) / (PROPERTY_VALUE_MAX - 1);
3568 }
3569
3570 max_keylen = strlen(fieldname);
3571 if (num_entries > 1) {
3572 // Need an extra "_%d" suffix.
3573 max_keylen += 1 + log10(num_entries);
3574 }
3575 if (max_keylen > PROPERTY_KEY_MAX - 1) {
3576 rc = CRYPTO_SETFIELD_ERROR_FIELD_TOO_LONG;
Ken Sumrall160b4d62013-04-22 12:15:39 -07003577 goto out;
3578 }
3579
Rubin Xu85c01f92014-10-13 12:49:54 +01003580 // Make sure we have enough space to write the new value
3581 if (persist_data->persist_valid_entries + num_entries - persist_count_keys(fieldname) >
3582 persist_get_max_entries(encrypted)) {
3583 rc = CRYPTO_SETFIELD_ERROR_VALUE_TOO_LONG;
3584 goto out;
3585 }
3586
3587 // Now that we know persist_data has enough space for value, let's delete the old field first
3588 // to make up space.
3589 persist_del_keys(fieldname, 0);
3590
3591 if (persist_set_key(fieldname, value, encrypted)) {
3592 // fail to set key, should not happen as we have already checked the available space
3593 SLOGE("persist_set_key() error during setfield()");
3594 goto out;
3595 }
3596
3597 for (field_id = 1; field_id < num_entries; field_id++) {
3598 snprintf(temp_field, sizeof(temp_field), "%s_%d", fieldname, field_id);
3599
3600 if (persist_set_key(temp_field, value + field_id * (PROPERTY_VALUE_MAX - 1), encrypted)) {
3601 // fail to set key, should not happen as we have already checked the available space.
3602 SLOGE("persist_set_key() error during setfield()");
3603 goto out;
3604 }
3605 }
3606
Ken Sumrall160b4d62013-04-22 12:15:39 -07003607 /* If we are running encrypted, save the persistent data now */
3608 if (encrypted) {
3609 if (save_persistent_data()) {
3610 SLOGE("Setfield error, cannot save persistent data");
3611 goto out;
3612 }
3613 }
3614
Rubin Xu85c01f92014-10-13 12:49:54 +01003615 rc = CRYPTO_SETFIELD_OK;
Ken Sumrall160b4d62013-04-22 12:15:39 -07003616
3617out:
3618 return rc;
3619}
Paul Lawrencef4faa572014-01-29 13:31:03 -08003620
3621/* Checks userdata. Attempt to mount the volume if default-
3622 * encrypted.
3623 * On success trigger next init phase and return 0.
3624 * Currently do not handle failure - see TODO below.
3625 */
3626int cryptfs_mount_default_encrypted(void)
3627{
3628 char decrypt_state[PROPERTY_VALUE_MAX];
3629 property_get("vold.decrypt", decrypt_state, "0");
3630 if (!strcmp(decrypt_state, "0")) {
3631 SLOGE("Not encrypted - should not call here");
3632 } else {
3633 int crypt_type = cryptfs_get_password_type();
3634 if (crypt_type < 0 || crypt_type > CRYPT_TYPE_MAX_TYPE) {
3635 SLOGE("Bad crypt type - error");
3636 } else if (crypt_type != CRYPT_TYPE_DEFAULT) {
3637 SLOGD("Password is not default - "
3638 "starting min framework to prompt");
3639 property_set("vold.decrypt", "trigger_restart_min_framework");
3640 return 0;
3641 } else if (cryptfs_check_passwd(DEFAULT_PASSWORD) == 0) {
3642 SLOGD("Password is default - restarting filesystem");
3643 cryptfs_restart_internal(0);
3644 return 0;
3645 } else {
3646 SLOGE("Encrypted, default crypt type but can't decrypt");
3647 }
3648 }
3649
Paul Lawrence6bfed202014-07-28 12:47:22 -07003650 /** Corrupt. Allow us to boot into framework, which will detect bad
3651 crypto when it calls do_crypto_complete, then do a factory reset
Paul Lawrencef4faa572014-01-29 13:31:03 -08003652 */
Paul Lawrence6bfed202014-07-28 12:47:22 -07003653 property_set("vold.decrypt", "trigger_restart_min_framework");
Paul Lawrencef4faa572014-01-29 13:31:03 -08003654 return 0;
3655}
3656
3657/* Returns type of the password, default, pattern, pin or password.
3658 */
3659int cryptfs_get_password_type(void)
3660{
Paul Lawrence05335c32015-03-05 09:46:23 -08003661 if (e4crypt_crypto_complete(DATA_MNT_POINT) == 0) {
3662 return e4crypt_get_password_type(DATA_MNT_POINT);
3663 }
3664
Paul Lawrencef4faa572014-01-29 13:31:03 -08003665 struct crypt_mnt_ftr crypt_ftr;
3666
3667 if (get_crypt_ftr_and_key(&crypt_ftr)) {
3668 SLOGE("Error getting crypt footer and key\n");
3669 return -1;
3670 }
3671
Paul Lawrence6bfed202014-07-28 12:47:22 -07003672 if (crypt_ftr.flags & CRYPT_INCONSISTENT_STATE) {
3673 return -1;
3674 }
3675
Paul Lawrencef4faa572014-01-29 13:31:03 -08003676 return crypt_ftr.crypt_type;
3677}
Paul Lawrence684dbdf2014-02-07 12:07:22 -08003678
Paul Lawrence05335c32015-03-05 09:46:23 -08003679const char* cryptfs_get_password()
Paul Lawrence684dbdf2014-02-07 12:07:22 -08003680{
Paul Lawrence05335c32015-03-05 09:46:23 -08003681 if (e4crypt_crypto_complete(DATA_MNT_POINT) == 0) {
3682 return e4crypt_get_password(DATA_MNT_POINT);
3683 }
3684
Paul Lawrence399317e2014-03-10 13:20:50 -07003685 struct timespec now;
Paul Lawrenceef2b5be2014-11-11 12:47:03 -08003686 clock_gettime(CLOCK_BOOTTIME, &now);
Paul Lawrence399317e2014-03-10 13:20:50 -07003687 if (now.tv_sec < password_expiry_time) {
3688 return password;
3689 } else {
3690 cryptfs_clear_password();
3691 return 0;
3692 }
3693}
3694
3695void cryptfs_clear_password()
3696{
Paul Lawrence86c942a2015-05-06 13:53:43 -07003697 if (e4crypt_crypto_complete(DATA_MNT_POINT) == 0) {
3698 e4crypt_clear_password(DATA_MNT_POINT);
3699 }
3700
Paul Lawrence399317e2014-03-10 13:20:50 -07003701 if (password) {
3702 size_t len = strlen(password);
3703 memset(password, 0, len);
3704 free(password);
3705 password = 0;
3706 password_expiry_time = 0;
3707 }
Paul Lawrence684dbdf2014-02-07 12:07:22 -08003708}
Paul Lawrence731a7a22015-04-28 22:14:15 +00003709
3710int cryptfs_enable_file()
3711{
3712 return e4crypt_enable(DATA_MNT_POINT);
3713}
3714
3715int cryptfs_create_default_ftr(struct crypt_mnt_ftr* crypt_ftr, __attribute__((unused))int key_length)
3716{
3717 if (cryptfs_init_crypt_mnt_ftr(crypt_ftr)) {
3718 SLOGE("Failed to initialize crypt_ftr");
3719 return -1;
3720 }
3721
3722 if (create_encrypted_random_key(DEFAULT_PASSWORD, crypt_ftr->master_key,
3723 crypt_ftr->salt, crypt_ftr)) {
3724 SLOGE("Cannot create encrypted master key\n");
3725 return -1;
3726 }
3727
3728 //crypt_ftr->keysize = key_length / 8;
3729 return 0;
3730}
3731
3732int cryptfs_get_master_key(struct crypt_mnt_ftr* ftr, const char* password,
3733 unsigned char* master_key)
3734{
3735 int rc;
3736
Paul Lawrence731a7a22015-04-28 22:14:15 +00003737 unsigned char* intermediate_key = 0;
3738 size_t intermediate_key_size = 0;
Paul Lawrencec78c71b2015-04-14 15:26:29 -07003739
3740 if (password == 0 || *password == 0) {
3741 password = DEFAULT_PASSWORD;
3742 }
3743
Paul Lawrence731a7a22015-04-28 22:14:15 +00003744 rc = decrypt_master_key(password, master_key, ftr, &intermediate_key,
3745 &intermediate_key_size);
3746
Paul Lawrencec78c71b2015-04-14 15:26:29 -07003747 int N = 1 << ftr->N_factor;
3748 int r = 1 << ftr->r_factor;
3749 int p = 1 << ftr->p_factor;
3750
3751 unsigned char scrypted_intermediate_key[sizeof(ftr->scrypted_intermediate_key)];
3752
3753 rc = crypto_scrypt(intermediate_key, intermediate_key_size,
3754 ftr->salt, sizeof(ftr->salt), N, r, p,
3755 scrypted_intermediate_key,
3756 sizeof(scrypted_intermediate_key));
3757
3758 free(intermediate_key);
3759
3760 if (rc) {
3761 SLOGE("Can't calculate intermediate key");
3762 return rc;
3763 }
3764
3765 return memcmp(scrypted_intermediate_key, ftr->scrypted_intermediate_key,
3766 intermediate_key_size);
Paul Lawrence731a7a22015-04-28 22:14:15 +00003767}
3768
3769int cryptfs_set_password(struct crypt_mnt_ftr* ftr, const char* password,
3770 const unsigned char* master_key)
3771{
3772 return encrypt_master_key(password, ftr->salt, master_key, ftr->master_key,
3773 ftr);
3774}