blob: eb9a8edfa49cdc3af08d356a7c0a9894732461e2 [file] [log] [blame]
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001/*
2 * Copyright (C) 2010 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17/* TO DO:
18 * 1. Perhaps keep several copies of the encrypted key, in case something
19 * goes horribly wrong?
20 *
21 */
22
23#include <sys/types.h>
Ken Sumralle550f782013-08-20 13:48:23 -070024#include <sys/wait.h>
Ken Sumrall8f869aa2010-12-03 03:47:09 -080025#include <sys/stat.h>
Paul Lawrencef4faa572014-01-29 13:31:03 -080026#include <ctype.h>
Ken Sumrall8f869aa2010-12-03 03:47:09 -080027#include <fcntl.h>
Elliott Hughes73737162014-06-25 17:27:42 -070028#include <inttypes.h>
Ken Sumrall8f869aa2010-12-03 03:47:09 -080029#include <unistd.h>
30#include <stdio.h>
31#include <sys/ioctl.h>
32#include <linux/dm-ioctl.h>
33#include <libgen.h>
34#include <stdlib.h>
35#include <sys/param.h>
36#include <string.h>
37#include <sys/mount.h>
38#include <openssl/evp.h>
Adam Langley41405bb2015-01-22 16:45:28 -080039#include <openssl/sha.h>
Ken Sumrall8f869aa2010-12-03 03:47:09 -080040#include <errno.h>
Ken Sumrall3ed82362011-01-28 23:31:16 -080041#include <ext4.h>
Ken Sumrall29d8da82011-05-18 17:20:07 -070042#include <linux/kdev_t.h>
Ken Sumralle5032c42012-04-01 23:58:44 -070043#include <fs_mgr.h>
Paul Lawrence9c58a872014-09-30 09:12:51 -070044#include <time.h>
Rubin Xu85c01f92014-10-13 12:49:54 +010045#include <math.h>
Jeff Vander Stoepdf725752016-01-29 15:34:43 -080046#include <selinux/selinux.h>
Ken Sumrall8f869aa2010-12-03 03:47:09 -080047#include "cryptfs.h"
Jeff Vander Stoepdf725752016-01-29 15:34:43 -080048#include "secontext.h"
Ken Sumrall8f869aa2010-12-03 03:47:09 -080049#define LOG_TAG "Cryptfs"
50#include "cutils/log.h"
51#include "cutils/properties.h"
Ken Sumralladfba362013-06-04 16:37:52 -070052#include "cutils/android_reboot.h"
Ken Sumrall5d4c68e2011-01-30 19:06:03 -080053#include "hardware_legacy/power.h"
Ken Sumralle550f782013-08-20 13:48:23 -070054#include <logwrap/logwrap.h>
Paul Crowley63c18d32016-02-10 14:02:47 +000055#include "ScryptParameters.h"
Ken Sumrall29d8da82011-05-18 17:20:07 -070056#include "VolumeManager.h"
Ken Sumrall9caab762013-06-11 19:10:20 -070057#include "VoldUtil.h"
Kenny Rootc4c70f12013-06-14 12:11:38 -070058#include "crypto_scrypt.h"
Paul Lawrence731a7a22015-04-28 22:14:15 +000059#include "Ext4Crypt.h"
Paul Lawrenceae59fe62014-01-21 08:23:27 -080060#include "ext4_utils.h"
Daniel Rosenberge82df162014-08-15 22:19:23 +000061#include "f2fs_sparseblock.h"
Paul Lawrence87999172014-02-20 12:21:31 -080062#include "CheckBattery.h"
jessica_yu3f14fe42014-09-22 15:57:40 +080063#include "Process.h"
Ken Sumrall8f869aa2010-12-03 03:47:09 -080064
Yabin Cuiffa2e092016-04-06 17:21:38 -070065#include <bootloader_message_writer.h>
Shawn Willden8af33352015-02-24 09:51:34 -070066#include <hardware/keymaster0.h>
Shawn Willdenda6e8992015-06-03 09:40:45 -060067#include <hardware/keymaster1.h>
Paul Lawrence69f4ebd2014-04-14 12:17:14 -070068
Mark Salyzyn3e971272014-01-21 13:27:04 -080069#define UNUSED __attribute__((unused))
70
Mark Salyzyn5eecc442014-02-12 14:16:14 -080071#define UNUSED __attribute__((unused))
72
Ajay Dudani87701e22014-09-17 21:02:52 -070073#ifdef CONFIG_HW_DISK_ENCRYPTION
74#include "cryptfs_hw.h"
75#endif
76
Ken Sumrall8f869aa2010-12-03 03:47:09 -080077#define DM_CRYPT_BUF_SIZE 4096
78
Jason parks70a4b3f2011-01-28 10:10:47 -060079#define HASH_COUNT 2000
80#define KEY_LEN_BYTES 16
81#define IV_LEN_BYTES 16
82
Ken Sumrall29d8da82011-05-18 17:20:07 -070083#define KEY_IN_FOOTER "footer"
84
Paul Lawrence3bd36d52015-06-09 13:37:44 -070085#define DEFAULT_PASSWORD "default_password"
Paul Lawrencef4faa572014-01-29 13:31:03 -080086
Paul Lawrence3d99eba2015-11-20 07:07:19 -080087#define CRYPTO_BLOCK_DEVICE "userdata"
88
89#define BREADCRUMB_FILE "/data/misc/vold/convert_fde"
90
Ken Sumrall29d8da82011-05-18 17:20:07 -070091#define EXT4_FS 1
JP Abgrall62c7af32014-06-16 13:01:23 -070092#define F2FS_FS 2
Ken Sumrall29d8da82011-05-18 17:20:07 -070093
Ken Sumralle919efe2012-09-29 17:07:41 -070094#define TABLE_LOAD_RETRIES 10
95
Shawn Willden47ba10d2014-09-03 17:07:06 -060096#define RSA_KEY_SIZE 2048
97#define RSA_KEY_SIZE_BYTES (RSA_KEY_SIZE / 8)
98#define RSA_EXPONENT 0x10001
Shawn Willdenda6e8992015-06-03 09:40:45 -060099#define KEYMASTER_CRYPTFS_RATE_LIMIT 1 // Maximum one try per second
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700100
Paul Lawrence8e3f4512014-09-08 10:11:17 -0700101#define RETRY_MOUNT_ATTEMPTS 10
102#define RETRY_MOUNT_DELAY_SECONDS 1
103
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800104char *me = "cryptfs";
105
Jason parks70a4b3f2011-01-28 10:10:47 -0600106static unsigned char saved_master_key[KEY_LEN_BYTES];
Ken Sumrall3ad90722011-10-04 20:38:29 -0700107static char *saved_mount_point;
Jason parks70a4b3f2011-01-28 10:10:47 -0600108static int master_key_saved = 0;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700109static struct crypt_persist_data *persist_data = NULL;
Ken Sumrall56ad03c2013-02-13 13:00:19 -0800110
Shawn Willdenda6e8992015-06-03 09:40:45 -0600111static int keymaster_init(keymaster0_device_t **keymaster0_dev,
112 keymaster1_device_t **keymaster1_dev)
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700113{
114 int rc;
115
116 const hw_module_t* mod;
117 rc = hw_get_module_by_class(KEYSTORE_HARDWARE_MODULE_ID, NULL, &mod);
118 if (rc) {
119 ALOGE("could not find any keystore module");
Shawn Willdenda6e8992015-06-03 09:40:45 -0600120 goto err;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700121 }
122
Shawn Willdenda6e8992015-06-03 09:40:45 -0600123 SLOGI("keymaster module name is %s", mod->name);
124 SLOGI("keymaster version is %d", mod->module_api_version);
125
126 *keymaster0_dev = NULL;
127 *keymaster1_dev = NULL;
128 if (mod->module_api_version == KEYMASTER_MODULE_API_VERSION_1_0) {
129 SLOGI("Found keymaster1 module, using keymaster1 API.");
130 rc = keymaster1_open(mod, keymaster1_dev);
131 } else {
132 SLOGI("Found keymaster0 module, using keymaster0 API.");
133 rc = keymaster0_open(mod, keymaster0_dev);
134 }
135
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700136 if (rc) {
137 ALOGE("could not open keymaster device in %s (%s)",
Shawn Willdenda6e8992015-06-03 09:40:45 -0600138 KEYSTORE_HARDWARE_MODULE_ID, strerror(-rc));
139 goto err;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700140 }
141
142 return 0;
143
Shawn Willdenda6e8992015-06-03 09:40:45 -0600144err:
145 *keymaster0_dev = NULL;
146 *keymaster1_dev = NULL;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700147 return rc;
148}
149
150/* Should we use keymaster? */
151static int keymaster_check_compatibility()
152{
Shawn Willdenda6e8992015-06-03 09:40:45 -0600153 keymaster0_device_t *keymaster0_dev = 0;
154 keymaster1_device_t *keymaster1_dev = 0;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700155 int rc = 0;
156
Shawn Willdenda6e8992015-06-03 09:40:45 -0600157 if (keymaster_init(&keymaster0_dev, &keymaster1_dev)) {
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700158 SLOGE("Failed to init keymaster");
159 rc = -1;
160 goto out;
161 }
162
Shawn Willdenda6e8992015-06-03 09:40:45 -0600163 if (keymaster1_dev) {
164 rc = 1;
165 goto out;
166 }
Paul Lawrence8c008392014-05-06 14:02:48 -0700167
Paul Lawrence300dae72016-03-11 11:02:52 -0800168 if (!keymaster0_dev || !keymaster0_dev->common.module) {
169 rc = -1;
170 goto out;
171 }
172
Shawn Willdenda6e8992015-06-03 09:40:45 -0600173 // TODO(swillden): Check to see if there's any reason to require v0.3. I think v0.1 and v0.2
174 // should work.
175 if (keymaster0_dev->common.module->module_api_version
Paul Lawrence8c008392014-05-06 14:02:48 -0700176 < KEYMASTER_MODULE_API_VERSION_0_3) {
177 rc = 0;
178 goto out;
179 }
180
Shawn Willdenda6e8992015-06-03 09:40:45 -0600181 if (!(keymaster0_dev->flags & KEYMASTER_SOFTWARE_ONLY) &&
182 (keymaster0_dev->flags & KEYMASTER_BLOBS_ARE_STANDALONE)) {
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700183 rc = 1;
184 }
185
186out:
Shawn Willdenda6e8992015-06-03 09:40:45 -0600187 if (keymaster1_dev) {
188 keymaster1_close(keymaster1_dev);
189 }
190 if (keymaster0_dev) {
191 keymaster0_close(keymaster0_dev);
192 }
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700193 return rc;
194}
195
196/* Create a new keymaster key and store it in this footer */
197static int keymaster_create_key(struct crypt_mnt_ftr *ftr)
198{
199 uint8_t* key = 0;
Shawn Willdenda6e8992015-06-03 09:40:45 -0600200 keymaster0_device_t *keymaster0_dev = 0;
201 keymaster1_device_t *keymaster1_dev = 0;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700202
Paul Lawrence3d99eba2015-11-20 07:07:19 -0800203 if (ftr->keymaster_blob_size) {
204 SLOGI("Already have key");
205 return 0;
206 }
207
Shawn Willdenda6e8992015-06-03 09:40:45 -0600208 if (keymaster_init(&keymaster0_dev, &keymaster1_dev)) {
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700209 SLOGE("Failed to init keymaster");
210 return -1;
211 }
212
213 int rc = 0;
Shawn Willdenda6e8992015-06-03 09:40:45 -0600214 size_t key_size = 0;
215 if (keymaster1_dev) {
216 keymaster_key_param_t params[] = {
217 /* Algorithm & size specifications. Stick with RSA for now. Switch to AES later. */
218 keymaster_param_enum(KM_TAG_ALGORITHM, KM_ALGORITHM_RSA),
219 keymaster_param_int(KM_TAG_KEY_SIZE, RSA_KEY_SIZE),
220 keymaster_param_long(KM_TAG_RSA_PUBLIC_EXPONENT, RSA_EXPONENT),
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700221
Shawn Willden86af3552015-06-24 07:21:54 -0700222 /* The only allowed purpose for this key is signing. */
223 keymaster_param_enum(KM_TAG_PURPOSE, KM_PURPOSE_SIGN),
224
225 /* Padding & digest specifications. */
Shawn Willdenda6e8992015-06-03 09:40:45 -0600226 keymaster_param_enum(KM_TAG_PADDING, KM_PAD_NONE),
Shawn Willdenda6e8992015-06-03 09:40:45 -0600227 keymaster_param_enum(KM_TAG_DIGEST, KM_DIGEST_NONE),
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700228
Shawn Willdenda6e8992015-06-03 09:40:45 -0600229 /* Require that the key be usable in standalone mode. File system isn't available. */
230 keymaster_param_enum(KM_TAG_BLOB_USAGE_REQUIREMENTS, KM_BLOB_STANDALONE),
231
232 /* No auth requirements, because cryptfs is not yet integrated with gatekeeper. */
233 keymaster_param_bool(KM_TAG_NO_AUTH_REQUIRED),
234
Shawn Willdenda6e8992015-06-03 09:40:45 -0600235 /* Rate-limit key usage attempts, to rate-limit brute force */
236 keymaster_param_int(KM_TAG_MIN_SECONDS_BETWEEN_OPS, KEYMASTER_CRYPTFS_RATE_LIMIT),
237 };
238 keymaster_key_param_set_t param_set = { params, sizeof(params)/sizeof(*params) };
239 keymaster_key_blob_t key_blob;
240 keymaster_error_t error = keymaster1_dev->generate_key(keymaster1_dev, &param_set,
241 &key_blob,
242 NULL /* characteristics */);
243 if (error != KM_ERROR_OK) {
244 SLOGE("Failed to generate keymaster1 key, error %d", error);
245 rc = -1;
246 goto out;
247 }
248
249 key = (uint8_t*)key_blob.key_material;
250 key_size = key_blob.key_material_size;
251 }
252 else if (keymaster0_dev) {
253 keymaster_rsa_keygen_params_t params;
254 memset(&params, '\0', sizeof(params));
255 params.public_exponent = RSA_EXPONENT;
256 params.modulus_size = RSA_KEY_SIZE;
257
258 if (keymaster0_dev->generate_keypair(keymaster0_dev, TYPE_RSA, &params,
259 &key, &key_size)) {
260 SLOGE("Failed to generate keypair");
261 rc = -1;
262 goto out;
263 }
264 } else {
265 SLOGE("Cryptfs bug: keymaster_init succeeded but didn't initialize a device");
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700266 rc = -1;
267 goto out;
268 }
269
270 if (key_size > KEYMASTER_BLOB_SIZE) {
271 SLOGE("Keymaster key too large for crypto footer");
272 rc = -1;
273 goto out;
274 }
275
276 memcpy(ftr->keymaster_blob, key, key_size);
277 ftr->keymaster_blob_size = key_size;
278
279out:
Shawn Willdenda6e8992015-06-03 09:40:45 -0600280 if (keymaster0_dev)
281 keymaster0_close(keymaster0_dev);
282 if (keymaster1_dev)
283 keymaster1_close(keymaster1_dev);
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700284 free(key);
285 return rc;
286}
287
Shawn Willdene17a9c42014-09-08 13:04:08 -0600288/* This signs the given object using the keymaster key. */
289static int keymaster_sign_object(struct crypt_mnt_ftr *ftr,
Shawn Willden47ba10d2014-09-03 17:07:06 -0600290 const unsigned char *object,
291 const size_t object_size,
292 unsigned char **signature,
293 size_t *signature_size)
294{
295 int rc = 0;
Shawn Willdenda6e8992015-06-03 09:40:45 -0600296 keymaster0_device_t *keymaster0_dev = 0;
297 keymaster1_device_t *keymaster1_dev = 0;
298 if (keymaster_init(&keymaster0_dev, &keymaster1_dev)) {
Shawn Willden47ba10d2014-09-03 17:07:06 -0600299 SLOGE("Failed to init keymaster");
Shawn Willdenda6e8992015-06-03 09:40:45 -0600300 rc = -1;
301 goto out;
Shawn Willden47ba10d2014-09-03 17:07:06 -0600302 }
303
Shawn Willden47ba10d2014-09-03 17:07:06 -0600304 unsigned char to_sign[RSA_KEY_SIZE_BYTES];
Shawn Willdene17a9c42014-09-08 13:04:08 -0600305 size_t to_sign_size = sizeof(to_sign);
Shawn Willden47ba10d2014-09-03 17:07:06 -0600306 memset(to_sign, 0, RSA_KEY_SIZE_BYTES);
Shawn Willden47ba10d2014-09-03 17:07:06 -0600307
Shawn Willdene17a9c42014-09-08 13:04:08 -0600308 // To sign a message with RSA, the message must satisfy two
309 // constraints:
310 //
311 // 1. The message, when interpreted as a big-endian numeric value, must
312 // be strictly less than the public modulus of the RSA key. Note
313 // that because the most significant bit of the public modulus is
314 // guaranteed to be 1 (else it's an (n-1)-bit key, not an n-bit
315 // key), an n-bit message with most significant bit 0 always
316 // satisfies this requirement.
317 //
318 // 2. The message must have the same length in bits as the public
319 // modulus of the RSA key. This requirement isn't mathematically
320 // necessary, but is necessary to ensure consistency in
321 // implementations.
322 switch (ftr->kdf_type) {
Shawn Willdene17a9c42014-09-08 13:04:08 -0600323 case KDF_SCRYPT_KEYMASTER:
324 // This ensures the most significant byte of the signed message
325 // is zero. We could have zero-padded to the left instead, but
326 // this approach is slightly more robust against changes in
327 // object size. However, it's still broken (but not unusably
Shawn Willdenda6e8992015-06-03 09:40:45 -0600328 // so) because we really should be using a proper deterministic
329 // RSA padding function, such as PKCS1.
Shawn Willdene17a9c42014-09-08 13:04:08 -0600330 memcpy(to_sign + 1, object, min(RSA_KEY_SIZE_BYTES - 1, object_size));
331 SLOGI("Signing safely-padded object");
332 break;
333 default:
334 SLOGE("Unknown KDF type %d", ftr->kdf_type);
Shawn Willdenda6e8992015-06-03 09:40:45 -0600335 rc = -1;
336 goto out;
Shawn Willdene17a9c42014-09-08 13:04:08 -0600337 }
338
Shawn Willdenda6e8992015-06-03 09:40:45 -0600339 if (keymaster0_dev) {
340 keymaster_rsa_sign_params_t params;
341 params.digest_type = DIGEST_NONE;
342 params.padding_type = PADDING_NONE;
Shawn Willden47ba10d2014-09-03 17:07:06 -0600343
Shawn Willdenda6e8992015-06-03 09:40:45 -0600344 rc = keymaster0_dev->sign_data(keymaster0_dev,
345 &params,
346 ftr->keymaster_blob,
347 ftr->keymaster_blob_size,
348 to_sign,
349 to_sign_size,
350 signature,
351 signature_size);
352 goto out;
353 } else if (keymaster1_dev) {
354 keymaster_key_blob_t key = { ftr->keymaster_blob, ftr->keymaster_blob_size };
355 keymaster_key_param_t params[] = {
356 keymaster_param_enum(KM_TAG_PADDING, KM_PAD_NONE),
357 keymaster_param_enum(KM_TAG_DIGEST, KM_DIGEST_NONE),
358 };
359 keymaster_key_param_set_t param_set = { params, sizeof(params)/sizeof(*params) };
360 keymaster_operation_handle_t op_handle;
361 keymaster_error_t error = keymaster1_dev->begin(keymaster1_dev, KM_PURPOSE_SIGN, &key,
362 &param_set, NULL /* out_params */,
363 &op_handle);
Shawn Willden04170602015-06-18 12:26:59 -0600364 if (error == KM_ERROR_KEY_RATE_LIMIT_EXCEEDED) {
Shawn Willdenda6e8992015-06-03 09:40:45 -0600365 // Key usage has been rate-limited. Wait a bit and try again.
366 sleep(KEYMASTER_CRYPTFS_RATE_LIMIT);
367 error = keymaster1_dev->begin(keymaster1_dev, KM_PURPOSE_SIGN, &key,
368 &param_set, NULL /* out_params */,
369 &op_handle);
370 }
371 if (error != KM_ERROR_OK) {
372 SLOGE("Error starting keymaster signature transaction: %d", error);
373 rc = -1;
374 goto out;
375 }
376
377 keymaster_blob_t input = { to_sign, to_sign_size };
378 size_t input_consumed;
379 error = keymaster1_dev->update(keymaster1_dev, op_handle, NULL /* in_params */,
380 &input, &input_consumed, NULL /* out_params */,
381 NULL /* output */);
382 if (error != KM_ERROR_OK) {
383 SLOGE("Error sending data to keymaster signature transaction: %d", error);
384 rc = -1;
385 goto out;
386 }
387 if (input_consumed != to_sign_size) {
388 // This should never happen. If it does, it's a bug in the keymaster implementation.
389 SLOGE("Keymaster update() did not consume all data.");
390 keymaster1_dev->abort(keymaster1_dev, op_handle);
391 rc = -1;
392 goto out;
393 }
394
395 keymaster_blob_t tmp_sig;
396 error = keymaster1_dev->finish(keymaster1_dev, op_handle, NULL /* in_params */,
397 NULL /* verify signature */, NULL /* out_params */,
398 &tmp_sig);
399 if (error != KM_ERROR_OK) {
400 SLOGE("Error finishing keymaster signature transaction: %d", error);
401 rc = -1;
402 goto out;
403 }
404
405 *signature = (uint8_t*)tmp_sig.data;
406 *signature_size = tmp_sig.data_length;
407 } else {
408 SLOGE("Cryptfs bug: keymaster_init succeded but didn't initialize a device.");
409 rc = -1;
410 goto out;
411 }
412
413 out:
414 if (keymaster1_dev)
415 keymaster1_close(keymaster1_dev);
416 if (keymaster0_dev)
417 keymaster0_close(keymaster0_dev);
418
419 return rc;
Shawn Willden47ba10d2014-09-03 17:07:06 -0600420}
421
Paul Lawrence399317e2014-03-10 13:20:50 -0700422/* Store password when userdata is successfully decrypted and mounted.
423 * Cleared by cryptfs_clear_password
424 *
425 * To avoid a double prompt at boot, we need to store the CryptKeeper
426 * password and pass it to KeyGuard, which uses it to unlock KeyStore.
427 * Since the entire framework is torn down and rebuilt after encryption,
428 * we have to use a daemon or similar to store the password. Since vold
429 * is secured against IPC except from system processes, it seems a reasonable
430 * place to store this.
431 *
432 * password should be cleared once it has been used.
433 *
434 * password is aged out after password_max_age_seconds seconds.
Paul Lawrence684dbdf2014-02-07 12:07:22 -0800435 */
Paul Lawrence399317e2014-03-10 13:20:50 -0700436static char* password = 0;
437static int password_expiry_time = 0;
438static const int password_max_age_seconds = 60;
Paul Lawrence684dbdf2014-02-07 12:07:22 -0800439
Ken Sumrall56ad03c2013-02-13 13:00:19 -0800440extern struct fstab *fstab;
Ken Sumrall8ddbe402011-01-17 15:26:29 -0800441
Paul Lawrence87999172014-02-20 12:21:31 -0800442enum RebootType {reboot, recovery, shutdown};
443static void cryptfs_reboot(enum RebootType rt)
Ken Sumralladfba362013-06-04 16:37:52 -0700444{
Paul Lawrence87999172014-02-20 12:21:31 -0800445 switch(rt) {
446 case reboot:
447 property_set(ANDROID_RB_PROPERTY, "reboot");
448 break;
449
450 case recovery:
451 property_set(ANDROID_RB_PROPERTY, "reboot,recovery");
452 break;
453
454 case shutdown:
455 property_set(ANDROID_RB_PROPERTY, "shutdown");
456 break;
Ken Sumralladfba362013-06-04 16:37:52 -0700457 }
Paul Lawrence87999172014-02-20 12:21:31 -0800458
Ken Sumralladfba362013-06-04 16:37:52 -0700459 sleep(20);
460
461 /* Shouldn't get here, reboot should happen before sleep times out */
462 return;
463}
464
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800465static void ioctl_init(struct dm_ioctl *io, size_t dataSize, const char *name, unsigned flags)
466{
467 memset(io, 0, dataSize);
468 io->data_size = dataSize;
469 io->data_start = sizeof(struct dm_ioctl);
470 io->version[0] = 4;
471 io->version[1] = 0;
472 io->version[2] = 0;
473 io->flags = flags;
474 if (name) {
Marek Pola5e6b9142015-02-05 14:22:34 +0100475 strlcpy(io->name, name, sizeof(io->name));
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800476 }
477}
478
Kenny Rootc4c70f12013-06-14 12:11:38 -0700479/**
480 * Gets the default device scrypt parameters for key derivation time tuning.
481 * The parameters should lead to about one second derivation time for the
482 * given device.
483 */
484static void get_device_scrypt_params(struct crypt_mnt_ftr *ftr) {
Kenny Rootc4c70f12013-06-14 12:11:38 -0700485 char paramstr[PROPERTY_VALUE_MAX];
Paul Crowley63c18d32016-02-10 14:02:47 +0000486 int Nf, rf, pf;
Kenny Rootc4c70f12013-06-14 12:11:38 -0700487
Paul Crowley63c18d32016-02-10 14:02:47 +0000488 property_get(SCRYPT_PROP, paramstr, SCRYPT_DEFAULTS);
489 if (!parse_scrypt_parameters(paramstr, &Nf, &rf, &pf)) {
490 SLOGW("bad scrypt parameters '%s' should be like '12:8:1'; using defaults", paramstr);
491 parse_scrypt_parameters(SCRYPT_DEFAULTS, &Nf, &rf, &pf);
Kenny Rootc4c70f12013-06-14 12:11:38 -0700492 }
Paul Crowley63c18d32016-02-10 14:02:47 +0000493 ftr->N_factor = Nf;
494 ftr->r_factor = rf;
495 ftr->p_factor = pf;
Kenny Rootc4c70f12013-06-14 12:11:38 -0700496}
497
Ken Sumrall3ed82362011-01-28 23:31:16 -0800498static unsigned int get_fs_size(char *dev)
499{
500 int fd, block_size;
501 struct ext4_super_block sb;
502 off64_t len;
503
Jeff Sharkeyce6a9132015-04-08 21:07:21 -0700504 if ((fd = open(dev, O_RDONLY|O_CLOEXEC)) < 0) {
Ken Sumrall3ed82362011-01-28 23:31:16 -0800505 SLOGE("Cannot open device to get filesystem size ");
506 return 0;
507 }
508
509 if (lseek64(fd, 1024, SEEK_SET) < 0) {
510 SLOGE("Cannot seek to superblock");
511 return 0;
512 }
513
514 if (read(fd, &sb, sizeof(sb)) != sizeof(sb)) {
515 SLOGE("Cannot read superblock");
516 return 0;
517 }
518
519 close(fd);
520
Daniel Rosenberge82df162014-08-15 22:19:23 +0000521 if (le32_to_cpu(sb.s_magic) != EXT4_SUPER_MAGIC) {
522 SLOGE("Not a valid ext4 superblock");
523 return 0;
524 }
Ken Sumrall3ed82362011-01-28 23:31:16 -0800525 block_size = 1024 << sb.s_log_block_size;
526 /* compute length in bytes */
527 len = ( ((off64_t)sb.s_blocks_count_hi << 32) + sb.s_blocks_count_lo) * block_size;
528
529 /* return length in sectors */
530 return (unsigned int) (len / 512);
531}
532
Ken Sumrall160b4d62013-04-22 12:15:39 -0700533static int get_crypt_ftr_info(char **metadata_fname, off64_t *off)
534{
535 static int cached_data = 0;
536 static off64_t cached_off = 0;
537 static char cached_metadata_fname[PROPERTY_VALUE_MAX] = "";
538 int fd;
539 char key_loc[PROPERTY_VALUE_MAX];
540 char real_blkdev[PROPERTY_VALUE_MAX];
Ken Sumrall160b4d62013-04-22 12:15:39 -0700541 int rc = -1;
542
543 if (!cached_data) {
544 fs_mgr_get_crypt_info(fstab, key_loc, real_blkdev, sizeof(key_loc));
545
546 if (!strcmp(key_loc, KEY_IN_FOOTER)) {
Jeff Sharkeyce6a9132015-04-08 21:07:21 -0700547 if ( (fd = open(real_blkdev, O_RDWR|O_CLOEXEC)) < 0) {
Ken Sumrall160b4d62013-04-22 12:15:39 -0700548 SLOGE("Cannot open real block device %s\n", real_blkdev);
549 return -1;
550 }
551
Hiroaki Miyazawa14eab552015-02-04 13:29:15 +0900552 unsigned long nr_sec = 0;
553 get_blkdev_size(fd, &nr_sec);
554 if (nr_sec != 0) {
Ken Sumrall160b4d62013-04-22 12:15:39 -0700555 /* If it's an encrypted Android partition, the last 16 Kbytes contain the
556 * encryption info footer and key, and plenty of bytes to spare for future
557 * growth.
558 */
559 strlcpy(cached_metadata_fname, real_blkdev, sizeof(cached_metadata_fname));
560 cached_off = ((off64_t)nr_sec * 512) - CRYPT_FOOTER_OFFSET;
561 cached_data = 1;
562 } else {
563 SLOGE("Cannot get size of block device %s\n", real_blkdev);
564 }
565 close(fd);
566 } else {
567 strlcpy(cached_metadata_fname, key_loc, sizeof(cached_metadata_fname));
568 cached_off = 0;
569 cached_data = 1;
570 }
571 }
572
573 if (cached_data) {
574 if (metadata_fname) {
575 *metadata_fname = cached_metadata_fname;
576 }
577 if (off) {
578 *off = cached_off;
579 }
580 rc = 0;
581 }
582
583 return rc;
584}
585
Paul Lawrence3d99eba2015-11-20 07:07:19 -0800586/* Set sha256 checksum in structure */
587static void set_ftr_sha(struct crypt_mnt_ftr *crypt_ftr)
588{
589 SHA256_CTX c;
590 SHA256_Init(&c);
591 memset(crypt_ftr->sha256, 0, sizeof(crypt_ftr->sha256));
592 SHA256_Update(&c, crypt_ftr, sizeof(*crypt_ftr));
593 SHA256_Final(crypt_ftr->sha256, &c);
594}
595
Ken Sumralle8744072011-01-18 22:01:55 -0800596/* key or salt can be NULL, in which case just skip writing that value. Useful to
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800597 * update the failed mount count but not change the key.
598 */
Ken Sumrall160b4d62013-04-22 12:15:39 -0700599static int put_crypt_ftr_and_key(struct crypt_mnt_ftr *crypt_ftr)
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800600{
601 int fd;
Tim Murray8439dc92014-12-15 11:56:11 -0800602 unsigned int cnt;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700603 /* starting_off is set to the SEEK_SET offset
604 * where the crypto structure starts
605 */
606 off64_t starting_off;
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800607 int rc = -1;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700608 char *fname = NULL;
Ken Sumrall3be890f2011-09-14 16:53:46 -0700609 struct stat statbuf;
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800610
Paul Lawrence3d99eba2015-11-20 07:07:19 -0800611 set_ftr_sha(crypt_ftr);
612
Ken Sumrall160b4d62013-04-22 12:15:39 -0700613 if (get_crypt_ftr_info(&fname, &starting_off)) {
614 SLOGE("Unable to get crypt_ftr_info\n");
615 return -1;
616 }
617 if (fname[0] != '/') {
Ken Sumralle5032c42012-04-01 23:58:44 -0700618 SLOGE("Unexpected value for crypto key location\n");
Ken Sumrall160b4d62013-04-22 12:15:39 -0700619 return -1;
620 }
Jeff Sharkeyce6a9132015-04-08 21:07:21 -0700621 if ( (fd = open(fname, O_RDWR | O_CREAT|O_CLOEXEC, 0600)) < 0) {
Ken Sumralle550f782013-08-20 13:48:23 -0700622 SLOGE("Cannot open footer file %s for put\n", fname);
Ken Sumrall160b4d62013-04-22 12:15:39 -0700623 return -1;
624 }
625
626 /* Seek to the start of the crypt footer */
627 if (lseek64(fd, starting_off, SEEK_SET) == -1) {
628 SLOGE("Cannot seek to real block device footer\n");
629 goto errout;
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800630 }
631
632 if ((cnt = write(fd, crypt_ftr, sizeof(struct crypt_mnt_ftr))) != sizeof(struct crypt_mnt_ftr)) {
633 SLOGE("Cannot write real block device footer\n");
634 goto errout;
635 }
636
Ken Sumrall3be890f2011-09-14 16:53:46 -0700637 fstat(fd, &statbuf);
638 /* If the keys are kept on a raw block device, do not try to truncate it. */
Ken Sumralle550f782013-08-20 13:48:23 -0700639 if (S_ISREG(statbuf.st_mode)) {
Ken Sumrall29d8da82011-05-18 17:20:07 -0700640 if (ftruncate(fd, 0x4000)) {
Colin Cross59846b62014-02-06 20:34:29 -0800641 SLOGE("Cannot set footer file size\n");
Ken Sumralle8744072011-01-18 22:01:55 -0800642 goto errout;
643 }
644 }
645
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800646 /* Success! */
647 rc = 0;
648
649errout:
650 close(fd);
651 return rc;
652
653}
654
Paul Lawrence3d99eba2015-11-20 07:07:19 -0800655static bool check_ftr_sha(const struct crypt_mnt_ftr *crypt_ftr)
656{
657 struct crypt_mnt_ftr copy;
658 memcpy(&copy, crypt_ftr, sizeof(copy));
659 set_ftr_sha(&copy);
660 return memcmp(copy.sha256, crypt_ftr->sha256, sizeof(copy.sha256)) == 0;
661}
662
Ken Sumrall160b4d62013-04-22 12:15:39 -0700663static inline int unix_read(int fd, void* buff, int len)
664{
665 return TEMP_FAILURE_RETRY(read(fd, buff, len));
666}
667
668static inline int unix_write(int fd, const void* buff, int len)
669{
670 return TEMP_FAILURE_RETRY(write(fd, buff, len));
671}
672
673static void init_empty_persist_data(struct crypt_persist_data *pdata, int len)
674{
675 memset(pdata, 0, len);
676 pdata->persist_magic = PERSIST_DATA_MAGIC;
677 pdata->persist_valid_entries = 0;
678}
679
680/* A routine to update the passed in crypt_ftr to the lastest version.
681 * fd is open read/write on the device that holds the crypto footer and persistent
682 * data, crypt_ftr is a pointer to the struct to be updated, and offset is the
683 * absolute offset to the start of the crypt_mnt_ftr on the passed in fd.
684 */
685static void upgrade_crypt_ftr(int fd, struct crypt_mnt_ftr *crypt_ftr, off64_t offset)
686{
Kenny Root7434b312013-06-14 11:29:53 -0700687 int orig_major = crypt_ftr->major_version;
688 int orig_minor = crypt_ftr->minor_version;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700689
Kenny Root7434b312013-06-14 11:29:53 -0700690 if ((crypt_ftr->major_version == 1) && (crypt_ftr->minor_version == 0)) {
691 struct crypt_persist_data *pdata;
692 off64_t pdata_offset = offset + CRYPT_FOOTER_TO_PERSIST_OFFSET;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700693
Kenny Rootc4c70f12013-06-14 12:11:38 -0700694 SLOGW("upgrading crypto footer to 1.1");
695
Kenny Root7434b312013-06-14 11:29:53 -0700696 pdata = malloc(CRYPT_PERSIST_DATA_SIZE);
697 if (pdata == NULL) {
698 SLOGE("Cannot allocate persisent data\n");
699 return;
700 }
701 memset(pdata, 0, CRYPT_PERSIST_DATA_SIZE);
702
703 /* Need to initialize the persistent data area */
704 if (lseek64(fd, pdata_offset, SEEK_SET) == -1) {
705 SLOGE("Cannot seek to persisent data offset\n");
Henrik Baard91064632015-02-05 15:09:17 +0100706 free(pdata);
Kenny Root7434b312013-06-14 11:29:53 -0700707 return;
708 }
709 /* Write all zeros to the first copy, making it invalid */
710 unix_write(fd, pdata, CRYPT_PERSIST_DATA_SIZE);
711
712 /* Write a valid but empty structure to the second copy */
713 init_empty_persist_data(pdata, CRYPT_PERSIST_DATA_SIZE);
714 unix_write(fd, pdata, CRYPT_PERSIST_DATA_SIZE);
715
716 /* Update the footer */
717 crypt_ftr->persist_data_size = CRYPT_PERSIST_DATA_SIZE;
718 crypt_ftr->persist_data_offset[0] = pdata_offset;
719 crypt_ftr->persist_data_offset[1] = pdata_offset + CRYPT_PERSIST_DATA_SIZE;
720 crypt_ftr->minor_version = 1;
Henrik Baard91064632015-02-05 15:09:17 +0100721 free(pdata);
Ken Sumrall160b4d62013-04-22 12:15:39 -0700722 }
723
Paul Lawrencef4faa572014-01-29 13:31:03 -0800724 if ((crypt_ftr->major_version == 1) && (crypt_ftr->minor_version == 1)) {
Kenny Rootc4c70f12013-06-14 12:11:38 -0700725 SLOGW("upgrading crypto footer to 1.2");
JP Abgrall7bdfa522013-11-15 13:42:56 -0800726 /* But keep the old kdf_type.
727 * It will get updated later to KDF_SCRYPT after the password has been verified.
728 */
Kenny Rootc4c70f12013-06-14 12:11:38 -0700729 crypt_ftr->kdf_type = KDF_PBKDF2;
730 get_device_scrypt_params(crypt_ftr);
731 crypt_ftr->minor_version = 2;
732 }
733
Paul Lawrencef4faa572014-01-29 13:31:03 -0800734 if ((crypt_ftr->major_version == 1) && (crypt_ftr->minor_version == 2)) {
735 SLOGW("upgrading crypto footer to 1.3");
736 crypt_ftr->crypt_type = CRYPT_TYPE_PASSWORD;
737 crypt_ftr->minor_version = 3;
738 }
739
Kenny Root7434b312013-06-14 11:29:53 -0700740 if ((orig_major != crypt_ftr->major_version) || (orig_minor != crypt_ftr->minor_version)) {
741 if (lseek64(fd, offset, SEEK_SET) == -1) {
742 SLOGE("Cannot seek to crypt footer\n");
743 return;
744 }
745 unix_write(fd, crypt_ftr, sizeof(struct crypt_mnt_ftr));
Ken Sumrall160b4d62013-04-22 12:15:39 -0700746 }
Ken Sumrall160b4d62013-04-22 12:15:39 -0700747}
748
749
750static int get_crypt_ftr_and_key(struct crypt_mnt_ftr *crypt_ftr)
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800751{
752 int fd;
Tim Murray8439dc92014-12-15 11:56:11 -0800753 unsigned int cnt;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700754 off64_t starting_off;
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800755 int rc = -1;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700756 char *fname = NULL;
Ken Sumrall29d8da82011-05-18 17:20:07 -0700757 struct stat statbuf;
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800758
Ken Sumrall160b4d62013-04-22 12:15:39 -0700759 if (get_crypt_ftr_info(&fname, &starting_off)) {
760 SLOGE("Unable to get crypt_ftr_info\n");
761 return -1;
762 }
763 if (fname[0] != '/') {
Ken Sumralle5032c42012-04-01 23:58:44 -0700764 SLOGE("Unexpected value for crypto key location\n");
Ken Sumrall160b4d62013-04-22 12:15:39 -0700765 return -1;
766 }
Jeff Sharkeyce6a9132015-04-08 21:07:21 -0700767 if ( (fd = open(fname, O_RDWR|O_CLOEXEC)) < 0) {
Ken Sumralle550f782013-08-20 13:48:23 -0700768 SLOGE("Cannot open footer file %s for get\n", fname);
Ken Sumrall160b4d62013-04-22 12:15:39 -0700769 return -1;
770 }
771
772 /* Make sure it's 16 Kbytes in length */
773 fstat(fd, &statbuf);
774 if (S_ISREG(statbuf.st_mode) && (statbuf.st_size != 0x4000)) {
775 SLOGE("footer file %s is not the expected size!\n", fname);
776 goto errout;
777 }
778
779 /* Seek to the start of the crypt footer */
780 if (lseek64(fd, starting_off, SEEK_SET) == -1) {
781 SLOGE("Cannot seek to real block device footer\n");
782 goto errout;
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800783 }
784
785 if ( (cnt = read(fd, crypt_ftr, sizeof(struct crypt_mnt_ftr))) != sizeof(struct crypt_mnt_ftr)) {
786 SLOGE("Cannot read real block device footer\n");
787 goto errout;
788 }
789
790 if (crypt_ftr->magic != CRYPT_MNT_MAGIC) {
Ken Sumrall29d8da82011-05-18 17:20:07 -0700791 SLOGE("Bad magic for real block device %s\n", fname);
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800792 goto errout;
793 }
794
Kenny Rootc96a5f82013-06-14 12:08:28 -0700795 if (crypt_ftr->major_version != CURRENT_MAJOR_VERSION) {
796 SLOGE("Cannot understand major version %d real block device footer; expected %d\n",
797 crypt_ftr->major_version, CURRENT_MAJOR_VERSION);
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800798 goto errout;
799 }
800
Kenny Rootc96a5f82013-06-14 12:08:28 -0700801 if (crypt_ftr->minor_version > CURRENT_MINOR_VERSION) {
802 SLOGW("Warning: crypto footer minor version %d, expected <= %d, continuing...\n",
803 crypt_ftr->minor_version, CURRENT_MINOR_VERSION);
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800804 }
805
Ken Sumrall160b4d62013-04-22 12:15:39 -0700806 /* If this is a verion 1.0 crypt_ftr, make it a 1.1 crypt footer, and update the
807 * copy on disk before returning.
808 */
Kenny Rootc96a5f82013-06-14 12:08:28 -0700809 if (crypt_ftr->minor_version < CURRENT_MINOR_VERSION) {
Ken Sumrall160b4d62013-04-22 12:15:39 -0700810 upgrade_crypt_ftr(fd, crypt_ftr, starting_off);
Ken Sumralle8744072011-01-18 22:01:55 -0800811 }
812
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800813 /* Success! */
814 rc = 0;
815
816errout:
817 close(fd);
818 return rc;
819}
820
Ken Sumrall160b4d62013-04-22 12:15:39 -0700821static int validate_persistent_data_storage(struct crypt_mnt_ftr *crypt_ftr)
822{
823 if (crypt_ftr->persist_data_offset[0] + crypt_ftr->persist_data_size >
824 crypt_ftr->persist_data_offset[1]) {
825 SLOGE("Crypt_ftr persist data regions overlap");
826 return -1;
827 }
828
829 if (crypt_ftr->persist_data_offset[0] >= crypt_ftr->persist_data_offset[1]) {
830 SLOGE("Crypt_ftr persist data region 0 starts after region 1");
831 return -1;
832 }
833
834 if (((crypt_ftr->persist_data_offset[1] + crypt_ftr->persist_data_size) -
835 (crypt_ftr->persist_data_offset[0] - CRYPT_FOOTER_TO_PERSIST_OFFSET)) >
836 CRYPT_FOOTER_OFFSET) {
837 SLOGE("Persistent data extends past crypto footer");
838 return -1;
839 }
840
841 return 0;
842}
843
844static int load_persistent_data(void)
845{
846 struct crypt_mnt_ftr crypt_ftr;
847 struct crypt_persist_data *pdata = NULL;
848 char encrypted_state[PROPERTY_VALUE_MAX];
849 char *fname;
850 int found = 0;
851 int fd;
852 int ret;
853 int i;
854
855 if (persist_data) {
856 /* Nothing to do, we've already loaded or initialized it */
857 return 0;
858 }
859
860
861 /* If not encrypted, just allocate an empty table and initialize it */
862 property_get("ro.crypto.state", encrypted_state, "");
863 if (strcmp(encrypted_state, "encrypted") ) {
864 pdata = malloc(CRYPT_PERSIST_DATA_SIZE);
865 if (pdata) {
866 init_empty_persist_data(pdata, CRYPT_PERSIST_DATA_SIZE);
867 persist_data = pdata;
868 return 0;
869 }
870 return -1;
871 }
872
873 if(get_crypt_ftr_and_key(&crypt_ftr)) {
874 return -1;
875 }
876
Paul Lawrence8561b5c2014-03-17 14:10:51 -0700877 if ((crypt_ftr.major_version < 1)
878 || (crypt_ftr.major_version == 1 && crypt_ftr.minor_version < 1)) {
Ken Sumrall160b4d62013-04-22 12:15:39 -0700879 SLOGE("Crypt_ftr version doesn't support persistent data");
880 return -1;
881 }
882
883 if (get_crypt_ftr_info(&fname, NULL)) {
884 return -1;
885 }
886
887 ret = validate_persistent_data_storage(&crypt_ftr);
888 if (ret) {
889 return -1;
890 }
891
Jeff Sharkeyce6a9132015-04-08 21:07:21 -0700892 fd = open(fname, O_RDONLY|O_CLOEXEC);
Ken Sumrall160b4d62013-04-22 12:15:39 -0700893 if (fd < 0) {
894 SLOGE("Cannot open %s metadata file", fname);
895 return -1;
896 }
897
Paul Lawrence300dae72016-03-11 11:02:52 -0800898 pdata = malloc(crypt_ftr.persist_data_size);
899 if (pdata == NULL) {
900 SLOGE("Cannot allocate memory for persistent data");
901 goto err;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700902 }
903
904 for (i = 0; i < 2; i++) {
905 if (lseek64(fd, crypt_ftr.persist_data_offset[i], SEEK_SET) < 0) {
906 SLOGE("Cannot seek to read persistent data on %s", fname);
907 goto err2;
908 }
909 if (unix_read(fd, pdata, crypt_ftr.persist_data_size) < 0){
910 SLOGE("Error reading persistent data on iteration %d", i);
911 goto err2;
912 }
913 if (pdata->persist_magic == PERSIST_DATA_MAGIC) {
914 found = 1;
915 break;
916 }
917 }
918
919 if (!found) {
920 SLOGI("Could not find valid persistent data, creating");
921 init_empty_persist_data(pdata, crypt_ftr.persist_data_size);
922 }
923
924 /* Success */
925 persist_data = pdata;
926 close(fd);
927 return 0;
928
929err2:
930 free(pdata);
931
932err:
933 close(fd);
934 return -1;
935}
936
937static int save_persistent_data(void)
938{
939 struct crypt_mnt_ftr crypt_ftr;
940 struct crypt_persist_data *pdata;
941 char *fname;
942 off64_t write_offset;
943 off64_t erase_offset;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700944 int fd;
945 int ret;
946
947 if (persist_data == NULL) {
948 SLOGE("No persistent data to save");
949 return -1;
950 }
951
952 if(get_crypt_ftr_and_key(&crypt_ftr)) {
953 return -1;
954 }
955
Paul Lawrence8561b5c2014-03-17 14:10:51 -0700956 if ((crypt_ftr.major_version < 1)
957 || (crypt_ftr.major_version == 1 && crypt_ftr.minor_version < 1)) {
Ken Sumrall160b4d62013-04-22 12:15:39 -0700958 SLOGE("Crypt_ftr version doesn't support persistent data");
959 return -1;
960 }
961
962 ret = validate_persistent_data_storage(&crypt_ftr);
963 if (ret) {
964 return -1;
965 }
966
967 if (get_crypt_ftr_info(&fname, NULL)) {
968 return -1;
969 }
970
Jeff Sharkeyce6a9132015-04-08 21:07:21 -0700971 fd = open(fname, O_RDWR|O_CLOEXEC);
Ken Sumrall160b4d62013-04-22 12:15:39 -0700972 if (fd < 0) {
973 SLOGE("Cannot open %s metadata file", fname);
974 return -1;
975 }
976
977 pdata = malloc(crypt_ftr.persist_data_size);
978 if (pdata == NULL) {
979 SLOGE("Cannot allocate persistant data");
980 goto err;
981 }
982
983 if (lseek64(fd, crypt_ftr.persist_data_offset[0], SEEK_SET) < 0) {
984 SLOGE("Cannot seek to read persistent data on %s", fname);
985 goto err2;
986 }
987
988 if (unix_read(fd, pdata, crypt_ftr.persist_data_size) < 0) {
989 SLOGE("Error reading persistent data before save");
990 goto err2;
991 }
992
993 if (pdata->persist_magic == PERSIST_DATA_MAGIC) {
994 /* The first copy is the curent valid copy, so write to
995 * the second copy and erase this one */
996 write_offset = crypt_ftr.persist_data_offset[1];
997 erase_offset = crypt_ftr.persist_data_offset[0];
998 } else {
999 /* The second copy must be the valid copy, so write to
1000 * the first copy, and erase the second */
1001 write_offset = crypt_ftr.persist_data_offset[0];
1002 erase_offset = crypt_ftr.persist_data_offset[1];
1003 }
1004
1005 /* Write the new copy first, if successful, then erase the old copy */
Björn Landström96dbee72015-01-20 12:43:56 +01001006 if (lseek64(fd, write_offset, SEEK_SET) < 0) {
Ken Sumrall160b4d62013-04-22 12:15:39 -07001007 SLOGE("Cannot seek to write persistent data");
1008 goto err2;
1009 }
1010 if (unix_write(fd, persist_data, crypt_ftr.persist_data_size) ==
1011 (int) crypt_ftr.persist_data_size) {
Björn Landström96dbee72015-01-20 12:43:56 +01001012 if (lseek64(fd, erase_offset, SEEK_SET) < 0) {
Ken Sumrall160b4d62013-04-22 12:15:39 -07001013 SLOGE("Cannot seek to erase previous persistent data");
1014 goto err2;
1015 }
1016 fsync(fd);
1017 memset(pdata, 0, crypt_ftr.persist_data_size);
1018 if (unix_write(fd, pdata, crypt_ftr.persist_data_size) !=
1019 (int) crypt_ftr.persist_data_size) {
1020 SLOGE("Cannot write to erase previous persistent data");
1021 goto err2;
1022 }
1023 fsync(fd);
1024 } else {
1025 SLOGE("Cannot write to save persistent data");
1026 goto err2;
1027 }
1028
1029 /* Success */
1030 free(pdata);
1031 close(fd);
1032 return 0;
1033
1034err2:
1035 free(pdata);
1036err:
1037 close(fd);
1038 return -1;
1039}
1040
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001041/* Convert a binary key of specified length into an ascii hex string equivalent,
1042 * without the leading 0x and with null termination
1043 */
Jeff Sharkey9c484982015-03-31 10:35:33 -07001044static void convert_key_to_hex_ascii(const unsigned char *master_key,
Paul Lawrence3bd36d52015-06-09 13:37:44 -07001045 unsigned int keysize, char *master_key_ascii) {
1046 unsigned int i, a;
1047 unsigned char nibble;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001048
Paul Lawrence3bd36d52015-06-09 13:37:44 -07001049 for (i=0, a=0; i<keysize; i++, a+=2) {
1050 /* For each byte, write out two ascii hex digits */
1051 nibble = (master_key[i] >> 4) & 0xf;
1052 master_key_ascii[a] = nibble + (nibble > 9 ? 0x37 : 0x30);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001053
Paul Lawrence3bd36d52015-06-09 13:37:44 -07001054 nibble = master_key[i] & 0xf;
1055 master_key_ascii[a+1] = nibble + (nibble > 9 ? 0x37 : 0x30);
1056 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001057
Paul Lawrence3bd36d52015-06-09 13:37:44 -07001058 /* Add the null termination */
1059 master_key_ascii[a] = '\0';
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001060
1061}
1062
Jeff Sharkey9c484982015-03-31 10:35:33 -07001063static int load_crypto_mapping_table(struct crypt_mnt_ftr *crypt_ftr,
1064 const unsigned char *master_key, const char *real_blk_name,
1065 const char *name, int fd, const char *extra_params) {
Dan Albertc07fa3f2014-12-18 10:00:55 -08001066 _Alignas(struct dm_ioctl) char buffer[DM_CRYPT_BUF_SIZE];
Ken Sumralldb5e0262013-02-05 17:39:48 -08001067 struct dm_ioctl *io;
1068 struct dm_target_spec *tgt;
1069 char *crypt_params;
1070 char master_key_ascii[129]; /* Large enough to hold 512 bit key and null */
1071 int i;
1072
1073 io = (struct dm_ioctl *) buffer;
1074
1075 /* Load the mapping table for this device */
1076 tgt = (struct dm_target_spec *) &buffer[sizeof(struct dm_ioctl)];
1077
1078 ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
1079 io->target_count = 1;
1080 tgt->status = 0;
1081 tgt->sector_start = 0;
1082 tgt->length = crypt_ftr->fs_size;
Ajay Dudani87701e22014-09-17 21:02:52 -07001083#ifdef CONFIG_HW_DISK_ENCRYPTION
Iliyan Malchevbb7d9af2014-11-20 18:42:23 -08001084 if (!strcmp((char *)crypt_ftr->crypto_type_name, "aes-xts")) {
1085 strlcpy(tgt->target_type, "req-crypt", DM_MAX_TYPE_NAME);
1086 }
1087 else {
1088 strlcpy(tgt->target_type, "crypt", DM_MAX_TYPE_NAME);
1089 }
Ajay Dudani87701e22014-09-17 21:02:52 -07001090#else
1091 strlcpy(tgt->target_type, "crypt", DM_MAX_TYPE_NAME);
1092#endif
Ken Sumralldb5e0262013-02-05 17:39:48 -08001093
1094 crypt_params = buffer + sizeof(struct dm_ioctl) + sizeof(struct dm_target_spec);
1095 convert_key_to_hex_ascii(master_key, crypt_ftr->keysize, master_key_ascii);
1096 sprintf(crypt_params, "%s %s 0 %s 0 %s", crypt_ftr->crypto_type_name,
1097 master_key_ascii, real_blk_name, extra_params);
1098 crypt_params += strlen(crypt_params) + 1;
1099 crypt_params = (char *) (((unsigned long)crypt_params + 7) & ~8); /* Align to an 8 byte boundary */
1100 tgt->next = crypt_params - buffer;
1101
1102 for (i = 0; i < TABLE_LOAD_RETRIES; i++) {
1103 if (! ioctl(fd, DM_TABLE_LOAD, io)) {
1104 break;
1105 }
1106 usleep(500000);
1107 }
1108
1109 if (i == TABLE_LOAD_RETRIES) {
1110 /* We failed to load the table, return an error */
1111 return -1;
1112 } else {
1113 return i + 1;
1114 }
1115}
1116
1117
1118static int get_dm_crypt_version(int fd, const char *name, int *version)
1119{
1120 char buffer[DM_CRYPT_BUF_SIZE];
1121 struct dm_ioctl *io;
1122 struct dm_target_versions *v;
Ken Sumralldb5e0262013-02-05 17:39:48 -08001123
1124 io = (struct dm_ioctl *) buffer;
1125
1126 ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
1127
1128 if (ioctl(fd, DM_LIST_VERSIONS, io)) {
1129 return -1;
1130 }
1131
1132 /* Iterate over the returned versions, looking for name of "crypt".
1133 * When found, get and return the version.
1134 */
1135 v = (struct dm_target_versions *) &buffer[sizeof(struct dm_ioctl)];
1136 while (v->next) {
Ajay Dudani87701e22014-09-17 21:02:52 -07001137#ifdef CONFIG_HW_DISK_ENCRYPTION
Iliyan Malchevbb7d9af2014-11-20 18:42:23 -08001138 if (! strcmp(v->name, "crypt") || ! strcmp(v->name, "req-crypt")) {
Ajay Dudani87701e22014-09-17 21:02:52 -07001139#else
Ken Sumralldb5e0262013-02-05 17:39:48 -08001140 if (! strcmp(v->name, "crypt")) {
Ajay Dudani87701e22014-09-17 21:02:52 -07001141#endif
Ken Sumralldb5e0262013-02-05 17:39:48 -08001142 /* We found the crypt driver, return the version, and get out */
1143 version[0] = v->version[0];
1144 version[1] = v->version[1];
1145 version[2] = v->version[2];
1146 return 0;
1147 }
1148 v = (struct dm_target_versions *)(((char *)v) + v->next);
1149 }
1150
1151 return -1;
1152}
1153
Jeff Sharkey9c484982015-03-31 10:35:33 -07001154static int create_crypto_blk_dev(struct crypt_mnt_ftr *crypt_ftr,
1155 const unsigned char *master_key, const char *real_blk_name,
1156 char *crypto_blk_name, const char *name) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001157 char buffer[DM_CRYPT_BUF_SIZE];
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001158 struct dm_ioctl *io;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001159 unsigned int minor;
Ajay Dudani87701e22014-09-17 21:02:52 -07001160 int fd=0;
Daniel Rosenberg25a52132016-02-26 16:44:36 -08001161 int err;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001162 int retval = -1;
Ken Sumralldb5e0262013-02-05 17:39:48 -08001163 int version[3];
1164 char *extra_params;
1165 int load_count;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001166
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07001167 if ((fd = open("/dev/device-mapper", O_RDWR|O_CLOEXEC)) < 0 ) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001168 SLOGE("Cannot open device-mapper\n");
1169 goto errout;
1170 }
1171
1172 io = (struct dm_ioctl *) buffer;
1173
1174 ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
Daniel Rosenberg25a52132016-02-26 16:44:36 -08001175 err = ioctl(fd, DM_DEV_CREATE, io);
1176 if (err) {
1177 SLOGE("Cannot create dm-crypt device %s: %s\n", name, strerror(errno));
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001178 goto errout;
1179 }
1180
1181 /* Get the device status, in particular, the name of it's device file */
1182 ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
1183 if (ioctl(fd, DM_DEV_STATUS, io)) {
1184 SLOGE("Cannot retrieve dm-crypt device status\n");
1185 goto errout;
1186 }
1187 minor = (io->dev & 0xff) | ((io->dev >> 12) & 0xfff00);
1188 snprintf(crypto_blk_name, MAXPATHLEN, "/dev/block/dm-%u", minor);
1189
Ken Sumralldb5e0262013-02-05 17:39:48 -08001190 extra_params = "";
1191 if (! get_dm_crypt_version(fd, name, version)) {
1192 /* Support for allow_discards was added in version 1.11.0 */
1193 if ((version[0] >= 2) ||
1194 ((version[0] == 1) && (version[1] >= 11))) {
1195 extra_params = "1 allow_discards";
1196 SLOGI("Enabling support for allow_discards in dmcrypt.\n");
1197 }
Ken Sumralle919efe2012-09-29 17:07:41 -07001198 }
1199
Ken Sumralldb5e0262013-02-05 17:39:48 -08001200 load_count = load_crypto_mapping_table(crypt_ftr, master_key, real_blk_name, name,
1201 fd, extra_params);
1202 if (load_count < 0) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001203 SLOGE("Cannot load dm-crypt mapping table.\n");
1204 goto errout;
Ken Sumralldb5e0262013-02-05 17:39:48 -08001205 } else if (load_count > 1) {
1206 SLOGI("Took %d tries to load dmcrypt table.\n", load_count);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001207 }
1208
1209 /* Resume this device to activate it */
Ken Sumralldb5e0262013-02-05 17:39:48 -08001210 ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001211
1212 if (ioctl(fd, DM_DEV_SUSPEND, io)) {
1213 SLOGE("Cannot resume the dm-crypt device\n");
1214 goto errout;
1215 }
1216
1217 /* We made it here with no errors. Woot! */
1218 retval = 0;
1219
1220errout:
1221 close(fd); /* If fd is <0 from a failed open call, it's safe to just ignore the close error */
1222
1223 return retval;
1224}
1225
Ken Sumrall29d8da82011-05-18 17:20:07 -07001226static int delete_crypto_blk_dev(char *name)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001227{
1228 int fd;
1229 char buffer[DM_CRYPT_BUF_SIZE];
1230 struct dm_ioctl *io;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001231 int retval = -1;
1232
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07001233 if ((fd = open("/dev/device-mapper", O_RDWR|O_CLOEXEC)) < 0 ) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001234 SLOGE("Cannot open device-mapper\n");
1235 goto errout;
1236 }
1237
1238 io = (struct dm_ioctl *) buffer;
1239
1240 ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
1241 if (ioctl(fd, DM_DEV_REMOVE, io)) {
1242 SLOGE("Cannot remove dm-crypt device\n");
1243 goto errout;
1244 }
1245
1246 /* We made it here with no errors. Woot! */
1247 retval = 0;
1248
1249errout:
1250 close(fd); /* If fd is <0 from a failed open call, it's safe to just ignore the close error */
1251
1252 return retval;
1253
1254}
1255
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001256static int pbkdf2(const char *passwd, const unsigned char *salt,
Paul Lawrencef4faa572014-01-29 13:31:03 -08001257 unsigned char *ikey, void *params UNUSED)
1258{
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001259 SLOGI("Using pbkdf2 for cryptfs KDF");
1260
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001261 /* Turn the password into a key and IV that can decrypt the master key */
Adam Langleybf0d9722015-11-04 14:51:39 -08001262 return PKCS5_PBKDF2_HMAC_SHA1(passwd, strlen(passwd), salt, SALT_LEN,
1263 HASH_COUNT, KEY_LEN_BYTES + IV_LEN_BYTES,
1264 ikey) != 1;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001265}
1266
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001267static int scrypt(const char *passwd, const unsigned char *salt,
Paul Lawrencef4faa572014-01-29 13:31:03 -08001268 unsigned char *ikey, void *params)
1269{
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001270 SLOGI("Using scrypt for cryptfs KDF");
1271
Kenny Rootc4c70f12013-06-14 12:11:38 -07001272 struct crypt_mnt_ftr *ftr = (struct crypt_mnt_ftr *) params;
1273
1274 int N = 1 << ftr->N_factor;
1275 int r = 1 << ftr->r_factor;
1276 int p = 1 << ftr->p_factor;
1277
1278 /* Turn the password into a key and IV that can decrypt the master key */
Paul Lawrencef4faa572014-01-29 13:31:03 -08001279 unsigned int keysize;
Paul Lawrence3bd36d52015-06-09 13:37:44 -07001280 crypto_scrypt((const uint8_t*)passwd, strlen(passwd),
1281 salt, SALT_LEN, N, r, p, ikey,
1282 KEY_LEN_BYTES + IV_LEN_BYTES);
Paul Lawrencef4faa572014-01-29 13:31:03 -08001283
Paul Lawrence3bd36d52015-06-09 13:37:44 -07001284 return 0;
Kenny Rootc4c70f12013-06-14 12:11:38 -07001285}
1286
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001287static int scrypt_keymaster(const char *passwd, const unsigned char *salt,
1288 unsigned char *ikey, void *params)
1289{
1290 SLOGI("Using scrypt with keymaster for cryptfs KDF");
1291
1292 int rc;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001293 size_t signature_size;
1294 unsigned char* signature;
1295 struct crypt_mnt_ftr *ftr = (struct crypt_mnt_ftr *) params;
1296
1297 int N = 1 << ftr->N_factor;
1298 int r = 1 << ftr->r_factor;
1299 int p = 1 << ftr->p_factor;
1300
Paul Lawrence3bd36d52015-06-09 13:37:44 -07001301 rc = crypto_scrypt((const uint8_t*)passwd, strlen(passwd),
1302 salt, SALT_LEN, N, r, p, ikey,
1303 KEY_LEN_BYTES + IV_LEN_BYTES);
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001304
1305 if (rc) {
1306 SLOGE("scrypt failed");
1307 return -1;
1308 }
1309
Shawn Willdene17a9c42014-09-08 13:04:08 -06001310 if (keymaster_sign_object(ftr, ikey, KEY_LEN_BYTES + IV_LEN_BYTES,
1311 &signature, &signature_size)) {
1312 SLOGE("Signing failed");
1313 return -1;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001314 }
1315
1316 rc = crypto_scrypt(signature, signature_size, salt, SALT_LEN,
1317 N, r, p, ikey, KEY_LEN_BYTES + IV_LEN_BYTES);
1318 free(signature);
1319
1320 if (rc) {
1321 SLOGE("scrypt failed");
1322 return -1;
1323 }
1324
1325 return 0;
1326}
1327
1328static int encrypt_master_key(const char *passwd, const unsigned char *salt,
1329 const unsigned char *decrypted_master_key,
Kenny Rootc4c70f12013-06-14 12:11:38 -07001330 unsigned char *encrypted_master_key,
1331 struct crypt_mnt_ftr *crypt_ftr)
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001332{
1333 unsigned char ikey[32+32] = { 0 }; /* Big enough to hold a 256 bit key and 256 bit IV */
1334 EVP_CIPHER_CTX e_ctx;
1335 int encrypted_len, final_len;
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001336 int rc = 0;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001337
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001338 /* Turn the password into an intermediate key and IV that can decrypt the master key */
Kenny Rootc4c70f12013-06-14 12:11:38 -07001339 get_device_scrypt_params(crypt_ftr);
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001340
1341 switch (crypt_ftr->kdf_type) {
1342 case KDF_SCRYPT_KEYMASTER:
1343 if (keymaster_create_key(crypt_ftr)) {
1344 SLOGE("keymaster_create_key failed");
1345 return -1;
1346 }
1347
1348 if (scrypt_keymaster(passwd, salt, ikey, crypt_ftr)) {
1349 SLOGE("scrypt failed");
1350 return -1;
1351 }
1352 break;
1353
1354 case KDF_SCRYPT:
1355 if (scrypt(passwd, salt, ikey, crypt_ftr)) {
1356 SLOGE("scrypt failed");
1357 return -1;
1358 }
1359 break;
1360
1361 default:
1362 SLOGE("Invalid kdf_type");
Paul Lawrencef4faa572014-01-29 13:31:03 -08001363 return -1;
1364 }
Kenny Rootc4c70f12013-06-14 12:11:38 -07001365
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001366 /* Initialize the decryption engine */
Adam Langley889c4f12014-09-03 14:23:13 -07001367 EVP_CIPHER_CTX_init(&e_ctx);
1368 if (! EVP_EncryptInit_ex(&e_ctx, EVP_aes_128_cbc(), NULL, ikey, ikey+KEY_LEN_BYTES)) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001369 SLOGE("EVP_EncryptInit failed\n");
1370 return -1;
1371 }
1372 EVP_CIPHER_CTX_set_padding(&e_ctx, 0); /* Turn off padding as our data is block aligned */
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001373
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001374 /* Encrypt the master key */
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001375 if (! EVP_EncryptUpdate(&e_ctx, encrypted_master_key, &encrypted_len,
Paul Lawrence731a7a22015-04-28 22:14:15 +00001376 decrypted_master_key, KEY_LEN_BYTES)) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001377 SLOGE("EVP_EncryptUpdate failed\n");
1378 return -1;
1379 }
Adam Langley889c4f12014-09-03 14:23:13 -07001380 if (! EVP_EncryptFinal_ex(&e_ctx, encrypted_master_key + encrypted_len, &final_len)) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001381 SLOGE("EVP_EncryptFinal failed\n");
1382 return -1;
1383 }
1384
1385 if (encrypted_len + final_len != KEY_LEN_BYTES) {
1386 SLOGE("EVP_Encryption length check failed with %d, %d bytes\n", encrypted_len, final_len);
1387 return -1;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001388 }
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001389
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001390 /* Store the scrypt of the intermediate key, so we can validate if it's a
1391 password error or mount error when things go wrong.
1392 Note there's no need to check for errors, since if this is incorrect, we
1393 simply won't wipe userdata, which is the correct default behavior
1394 */
1395 int N = 1 << crypt_ftr->N_factor;
1396 int r = 1 << crypt_ftr->r_factor;
1397 int p = 1 << crypt_ftr->p_factor;
1398
1399 rc = crypto_scrypt(ikey, KEY_LEN_BYTES,
1400 crypt_ftr->salt, sizeof(crypt_ftr->salt), N, r, p,
1401 crypt_ftr->scrypted_intermediate_key,
1402 sizeof(crypt_ftr->scrypted_intermediate_key));
1403
1404 if (rc) {
1405 SLOGE("encrypt_master_key: crypto_scrypt failed");
1406 }
1407
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001408 return 0;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001409}
1410
Paul Lawrence731a7a22015-04-28 22:14:15 +00001411static int decrypt_master_key_aux(const char *passwd, unsigned char *salt,
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001412 unsigned char *encrypted_master_key,
1413 unsigned char *decrypted_master_key,
1414 kdf_func kdf, void *kdf_params,
1415 unsigned char** intermediate_key,
1416 size_t* intermediate_key_size)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001417{
1418 unsigned char ikey[32+32] = { 0 }; /* Big enough to hold a 256 bit key and 256 bit IV */
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001419 EVP_CIPHER_CTX d_ctx;
1420 int decrypted_len, final_len;
1421
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001422 /* Turn the password into an intermediate key and IV that can decrypt the
1423 master key */
Paul Lawrencef4faa572014-01-29 13:31:03 -08001424 if (kdf(passwd, salt, ikey, kdf_params)) {
1425 SLOGE("kdf failed");
1426 return -1;
1427 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001428
1429 /* Initialize the decryption engine */
Adam Langley889c4f12014-09-03 14:23:13 -07001430 EVP_CIPHER_CTX_init(&d_ctx);
1431 if (! EVP_DecryptInit_ex(&d_ctx, EVP_aes_128_cbc(), NULL, ikey, ikey+KEY_LEN_BYTES)) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001432 return -1;
1433 }
1434 EVP_CIPHER_CTX_set_padding(&d_ctx, 0); /* Turn off padding as our data is block aligned */
1435 /* Decrypt the master key */
1436 if (! EVP_DecryptUpdate(&d_ctx, decrypted_master_key, &decrypted_len,
1437 encrypted_master_key, KEY_LEN_BYTES)) {
1438 return -1;
1439 }
Adam Langley889c4f12014-09-03 14:23:13 -07001440 if (! EVP_DecryptFinal_ex(&d_ctx, decrypted_master_key + decrypted_len, &final_len)) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001441 return -1;
1442 }
1443
1444 if (decrypted_len + final_len != KEY_LEN_BYTES) {
1445 return -1;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001446 }
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001447
1448 /* Copy intermediate key if needed by params */
1449 if (intermediate_key && intermediate_key_size) {
1450 *intermediate_key = (unsigned char*) malloc(KEY_LEN_BYTES);
1451 if (intermediate_key) {
1452 memcpy(*intermediate_key, ikey, KEY_LEN_BYTES);
1453 *intermediate_key_size = KEY_LEN_BYTES;
1454 }
1455 }
1456
1457 return 0;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001458}
1459
Kenny Rootc4c70f12013-06-14 12:11:38 -07001460static void get_kdf_func(struct crypt_mnt_ftr *ftr, kdf_func *kdf, void** kdf_params)
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001461{
Paul Lawrencedb3730c2015-02-03 13:08:10 -08001462 if (ftr->kdf_type == KDF_SCRYPT_KEYMASTER) {
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001463 *kdf = scrypt_keymaster;
1464 *kdf_params = ftr;
1465 } else if (ftr->kdf_type == KDF_SCRYPT) {
Kenny Rootc4c70f12013-06-14 12:11:38 -07001466 *kdf = scrypt;
1467 *kdf_params = ftr;
1468 } else {
1469 *kdf = pbkdf2;
1470 *kdf_params = NULL;
1471 }
1472}
1473
Paul Lawrence731a7a22015-04-28 22:14:15 +00001474static int decrypt_master_key(const char *passwd, unsigned char *decrypted_master_key,
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001475 struct crypt_mnt_ftr *crypt_ftr,
1476 unsigned char** intermediate_key,
1477 size_t* intermediate_key_size)
Kenny Rootc4c70f12013-06-14 12:11:38 -07001478{
1479 kdf_func kdf;
1480 void *kdf_params;
1481 int ret;
1482
1483 get_kdf_func(crypt_ftr, &kdf, &kdf_params);
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001484 ret = decrypt_master_key_aux(passwd, crypt_ftr->salt, crypt_ftr->master_key,
1485 decrypted_master_key, kdf, kdf_params,
1486 intermediate_key, intermediate_key_size);
Kenny Rootc4c70f12013-06-14 12:11:38 -07001487 if (ret != 0) {
1488 SLOGW("failure decrypting master key");
Kenny Rootc4c70f12013-06-14 12:11:38 -07001489 }
1490
1491 return ret;
1492}
1493
1494static int create_encrypted_random_key(char *passwd, unsigned char *master_key, unsigned char *salt,
1495 struct crypt_mnt_ftr *crypt_ftr) {
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001496 int fd;
Ken Sumralle8744072011-01-18 22:01:55 -08001497 unsigned char key_buf[KEY_LEN_BYTES];
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001498
1499 /* Get some random bits for a key */
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07001500 fd = open("/dev/urandom", O_RDONLY|O_CLOEXEC);
Ken Sumralle8744072011-01-18 22:01:55 -08001501 read(fd, key_buf, sizeof(key_buf));
1502 read(fd, salt, SALT_LEN);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001503 close(fd);
1504
1505 /* Now encrypt it with the password */
Kenny Rootc4c70f12013-06-14 12:11:38 -07001506 return encrypt_master_key(passwd, salt, key_buf, master_key, crypt_ftr);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001507}
1508
Paul Lawrence2f32cda2015-05-05 14:28:25 -07001509int wait_and_unmount(const char *mountpoint, bool kill)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001510{
Greg Hackmann955653e2014-09-24 14:55:20 -07001511 int i, err, rc;
Ken Sumrall2eaf7132011-01-14 12:45:48 -08001512#define WAIT_UNMOUNT_COUNT 20
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001513
1514 /* Now umount the tmpfs filesystem */
1515 for (i=0; i<WAIT_UNMOUNT_COUNT; i++) {
Greg Hackmann6e8440f2014-10-02 17:18:20 -07001516 if (umount(mountpoint) == 0) {
1517 break;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001518 }
Greg Hackmann6e8440f2014-10-02 17:18:20 -07001519
1520 if (errno == EINVAL) {
1521 /* EINVAL is returned if the directory is not a mountpoint,
1522 * i.e. there is no filesystem mounted there. So just get out.
1523 */
1524 break;
1525 }
1526
1527 err = errno;
1528
1529 /* If allowed, be increasingly aggressive before the last two retries */
1530 if (kill) {
1531 if (i == (WAIT_UNMOUNT_COUNT - 3)) {
1532 SLOGW("sending SIGHUP to processes with open files\n");
Jeff Sharkey36801cc2015-03-13 16:09:20 -07001533 vold_killProcessesWithOpenFiles(mountpoint, SIGTERM);
Greg Hackmann6e8440f2014-10-02 17:18:20 -07001534 } else if (i == (WAIT_UNMOUNT_COUNT - 2)) {
1535 SLOGW("sending SIGKILL to processes with open files\n");
Jeff Sharkey36801cc2015-03-13 16:09:20 -07001536 vold_killProcessesWithOpenFiles(mountpoint, SIGKILL);
Greg Hackmann6e8440f2014-10-02 17:18:20 -07001537 }
1538 }
1539
1540 sleep(1);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001541 }
1542
1543 if (i < WAIT_UNMOUNT_COUNT) {
1544 SLOGD("unmounting %s succeeded\n", mountpoint);
1545 rc = 0;
1546 } else {
jessica_yu3f14fe42014-09-22 15:57:40 +08001547 vold_killProcessesWithOpenFiles(mountpoint, 0);
Greg Hackmann955653e2014-09-24 14:55:20 -07001548 SLOGE("unmounting %s failed: %s\n", mountpoint, strerror(err));
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001549 rc = -1;
1550 }
1551
1552 return rc;
1553}
1554
Paul Lawrenceb1ef4662015-06-11 11:15:29 -07001555#define DATA_PREP_TIMEOUT 1000
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001556static int prep_data_fs(void)
1557{
1558 int i;
1559
Jeff Sharkey47695b22016-02-01 17:02:29 -07001560 // NOTE: post_fs_data results in init calling back around to vold, so all
1561 // callers to this method must be async
1562
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001563 /* Do the prep of the /data filesystem */
1564 property_set("vold.post_fs_data_done", "0");
1565 property_set("vold.decrypt", "trigger_post_fs_data");
1566 SLOGD("Just triggered post_fs_data\n");
1567
Ken Sumrallc5872692013-05-14 15:26:31 -07001568 /* Wait a max of 50 seconds, hopefully it takes much less */
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001569 for (i=0; i<DATA_PREP_TIMEOUT; i++) {
Ken Sumrall29d8da82011-05-18 17:20:07 -07001570 char p[PROPERTY_VALUE_MAX];
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001571
1572 property_get("vold.post_fs_data_done", p, "0");
1573 if (*p == '1') {
1574 break;
1575 } else {
Paul Lawrenceb1ef4662015-06-11 11:15:29 -07001576 usleep(50000);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001577 }
1578 }
1579 if (i == DATA_PREP_TIMEOUT) {
1580 /* Ugh, we failed to prep /data in time. Bail. */
Ken Sumrallc5872692013-05-14 15:26:31 -07001581 SLOGE("post_fs_data timed out!\n");
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001582 return -1;
1583 } else {
1584 SLOGD("post_fs_data done\n");
1585 return 0;
1586 }
1587}
1588
Paul Lawrence74f29f12014-08-28 15:54:10 -07001589static void cryptfs_set_corrupt()
1590{
1591 // Mark the footer as bad
1592 struct crypt_mnt_ftr crypt_ftr;
1593 if (get_crypt_ftr_and_key(&crypt_ftr)) {
1594 SLOGE("Failed to get crypto footer - panic");
1595 return;
1596 }
1597
1598 crypt_ftr.flags |= CRYPT_DATA_CORRUPT;
1599 if (put_crypt_ftr_and_key(&crypt_ftr)) {
1600 SLOGE("Failed to set crypto footer - panic");
1601 return;
1602 }
1603}
1604
1605static void cryptfs_trigger_restart_min_framework()
1606{
1607 if (fs_mgr_do_tmpfs_mount(DATA_MNT_POINT)) {
1608 SLOGE("Failed to mount tmpfs on data - panic");
1609 return;
1610 }
1611
1612 if (property_set("vold.decrypt", "trigger_post_fs_data")) {
1613 SLOGE("Failed to trigger post fs data - panic");
1614 return;
1615 }
1616
1617 if (property_set("vold.decrypt", "trigger_restart_min_framework")) {
1618 SLOGE("Failed to trigger restart min framework - panic");
1619 return;
1620 }
1621}
1622
Paul Lawrence8e3f4512014-09-08 10:11:17 -07001623/* returns < 0 on failure */
Paul Lawrencef4faa572014-01-29 13:31:03 -08001624static int cryptfs_restart_internal(int restart_main)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001625{
Ken Sumrall6864b7e2011-01-14 15:20:02 -08001626 char crypto_blkdev[MAXPATHLEN];
Tim Murray8439dc92014-12-15 11:56:11 -08001627 int rc = -1;
Ken Sumrall0cc16632011-01-18 20:32:26 -08001628 static int restart_successful = 0;
1629
1630 /* Validate that it's OK to call this routine */
Jason parks70a4b3f2011-01-28 10:10:47 -06001631 if (! master_key_saved) {
Ken Sumrall0cc16632011-01-18 20:32:26 -08001632 SLOGE("Encrypted filesystem not validated, aborting");
1633 return -1;
1634 }
1635
1636 if (restart_successful) {
1637 SLOGE("System already restarted with encrypted disk, aborting");
1638 return -1;
1639 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001640
Paul Lawrencef4faa572014-01-29 13:31:03 -08001641 if (restart_main) {
1642 /* Here is where we shut down the framework. The init scripts
1643 * start all services in one of three classes: core, main or late_start.
1644 * On boot, we start core and main. Now, we stop main, but not core,
1645 * as core includes vold and a few other really important things that
1646 * we need to keep running. Once main has stopped, we should be able
1647 * to umount the tmpfs /data, then mount the encrypted /data.
1648 * We then restart the class main, and also the class late_start.
1649 * At the moment, I've only put a few things in late_start that I know
1650 * are not needed to bring up the framework, and that also cause problems
1651 * with unmounting the tmpfs /data, but I hope to add add more services
1652 * to the late_start class as we optimize this to decrease the delay
1653 * till the user is asked for the password to the filesystem.
1654 */
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001655
Paul Lawrencef4faa572014-01-29 13:31:03 -08001656 /* The init files are setup to stop the class main when vold.decrypt is
1657 * set to trigger_reset_main.
1658 */
1659 property_set("vold.decrypt", "trigger_reset_main");
1660 SLOGD("Just asked init to shut down class main\n");
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001661
Paul Lawrencef4faa572014-01-29 13:31:03 -08001662 /* Ugh, shutting down the framework is not synchronous, so until it
1663 * can be fixed, this horrible hack will wait a moment for it all to
1664 * shut down before proceeding. Without it, some devices cannot
1665 * restart the graphics services.
1666 */
1667 sleep(2);
1668 }
Ken Sumrall9dedfd42012-10-09 14:16:59 -07001669
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001670 /* Now that the framework is shutdown, we should be able to umount()
1671 * the tmpfs filesystem, and mount the real one.
1672 */
1673
Ken Sumrall6864b7e2011-01-14 15:20:02 -08001674 property_get("ro.crypto.fs_crypto_blkdev", crypto_blkdev, "");
1675 if (strlen(crypto_blkdev) == 0) {
1676 SLOGE("fs_crypto_blkdev not set\n");
1677 return -1;
1678 }
1679
Greg Hackmann6e8440f2014-10-02 17:18:20 -07001680 if (! (rc = wait_and_unmount(DATA_MNT_POINT, true)) ) {
Doug Zongker6fd57712013-12-17 09:43:23 -08001681 /* If ro.crypto.readonly is set to 1, mount the decrypted
1682 * filesystem readonly. This is used when /data is mounted by
1683 * recovery mode.
1684 */
1685 char ro_prop[PROPERTY_VALUE_MAX];
1686 property_get("ro.crypto.readonly", ro_prop, "");
1687 if (strlen(ro_prop) > 0 && atoi(ro_prop)) {
1688 struct fstab_rec* rec = fs_mgr_get_entry_for_mount_point(fstab, DATA_MNT_POINT);
1689 rec->flags |= MS_RDONLY;
1690 }
JP Abgrall62c7af32014-06-16 13:01:23 -07001691
Ken Sumralle5032c42012-04-01 23:58:44 -07001692 /* If that succeeded, then mount the decrypted filesystem */
Paul Lawrence8e3f4512014-09-08 10:11:17 -07001693 int retries = RETRY_MOUNT_ATTEMPTS;
1694 int mount_rc;
Jeff Vander Stoepdf725752016-01-29 15:34:43 -08001695
1696 /*
1697 * fs_mgr_do_mount runs fsck. Use setexeccon to run trusted
1698 * partitions in the fsck domain.
1699 */
1700 if (setexeccon(secontextFsck())){
1701 SLOGE("Failed to setexeccon");
1702 return -1;
1703 }
Paul Lawrence8e3f4512014-09-08 10:11:17 -07001704 while ((mount_rc = fs_mgr_do_mount(fstab, DATA_MNT_POINT,
1705 crypto_blkdev, 0))
1706 != 0) {
1707 if (mount_rc == FS_MGR_DOMNT_BUSY) {
1708 /* TODO: invoke something similar to
1709 Process::killProcessWithOpenFiles(DATA_MNT_POINT,
1710 retries > RETRY_MOUNT_ATTEMPT/2 ? 1 : 2 ) */
1711 SLOGI("Failed to mount %s because it is busy - waiting",
1712 crypto_blkdev);
1713 if (--retries) {
1714 sleep(RETRY_MOUNT_DELAY_SECONDS);
1715 } else {
1716 /* Let's hope that a reboot clears away whatever is keeping
1717 the mount busy */
1718 cryptfs_reboot(reboot);
1719 }
1720 } else {
1721 SLOGE("Failed to mount decrypted data");
1722 cryptfs_set_corrupt();
1723 cryptfs_trigger_restart_min_framework();
1724 SLOGI("Started framework to offer wipe");
Jeff Vander Stoepdf725752016-01-29 15:34:43 -08001725 if (setexeccon(NULL)) {
1726 SLOGE("Failed to setexeccon");
1727 }
Paul Lawrence8e3f4512014-09-08 10:11:17 -07001728 return -1;
1729 }
Paul Lawrence74f29f12014-08-28 15:54:10 -07001730 }
Jeff Vander Stoepdf725752016-01-29 15:34:43 -08001731 if (setexeccon(NULL)) {
1732 SLOGE("Failed to setexeccon");
1733 return -1;
1734 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001735
Ken Sumralle5032c42012-04-01 23:58:44 -07001736 property_set("vold.decrypt", "trigger_load_persist_props");
1737 /* Create necessary paths on /data */
1738 if (prep_data_fs()) {
1739 return -1;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001740 }
Ken Sumralle5032c42012-04-01 23:58:44 -07001741
1742 /* startup service classes main and late_start */
1743 property_set("vold.decrypt", "trigger_restart_framework");
1744 SLOGD("Just triggered restart_framework\n");
1745
1746 /* Give it a few moments to get started */
1747 sleep(1);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001748 }
1749
Ken Sumrall0cc16632011-01-18 20:32:26 -08001750 if (rc == 0) {
1751 restart_successful = 1;
1752 }
1753
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001754 return rc;
1755}
1756
Paul Lawrencef4faa572014-01-29 13:31:03 -08001757int cryptfs_restart(void)
1758{
Paul Lawrence05335c32015-03-05 09:46:23 -08001759 SLOGI("cryptfs_restart");
Paul Crowley38132a12016-02-09 09:50:32 +00001760 if (e4crypt_is_native()) {
Paul Lawrence7b6b5652016-02-02 11:14:59 -08001761 SLOGE("cryptfs_restart not valid for file encryption:");
1762 return -1;
Paul Lawrence05335c32015-03-05 09:46:23 -08001763 }
1764
Paul Lawrencef4faa572014-01-29 13:31:03 -08001765 /* Call internal implementation forcing a restart of main service group */
1766 return cryptfs_restart_internal(1);
1767}
1768
Paul Lawrence05335c32015-03-05 09:46:23 -08001769static int do_crypto_complete(char *mount_point)
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08001770{
1771 struct crypt_mnt_ftr crypt_ftr;
Ken Sumrall29d8da82011-05-18 17:20:07 -07001772 char encrypted_state[PROPERTY_VALUE_MAX];
Ken Sumralle1a45852011-12-14 21:24:27 -08001773 char key_loc[PROPERTY_VALUE_MAX];
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08001774
1775 property_get("ro.crypto.state", encrypted_state, "");
1776 if (strcmp(encrypted_state, "encrypted") ) {
1777 SLOGE("not running with encryption, aborting");
Paul Lawrence74f29f12014-08-28 15:54:10 -07001778 return CRYPTO_COMPLETE_NOT_ENCRYPTED;
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08001779 }
1780
Paul Lawrence7b6b5652016-02-02 11:14:59 -08001781 // crypto_complete is full disk encrypted status
Paul Crowley38132a12016-02-09 09:50:32 +00001782 if (e4crypt_is_native()) {
Paul Lawrence7b6b5652016-02-02 11:14:59 -08001783 return CRYPTO_COMPLETE_NOT_ENCRYPTED;
Paul Lawrence05335c32015-03-05 09:46:23 -08001784 }
1785
Ken Sumrall160b4d62013-04-22 12:15:39 -07001786 if (get_crypt_ftr_and_key(&crypt_ftr)) {
Ken Sumrall56ad03c2013-02-13 13:00:19 -08001787 fs_mgr_get_crypt_info(fstab, key_loc, 0, sizeof(key_loc));
Ken Sumralle5032c42012-04-01 23:58:44 -07001788
Ken Sumralle1a45852011-12-14 21:24:27 -08001789 /*
1790 * Only report this error if key_loc is a file and it exists.
1791 * If the device was never encrypted, and /data is not mountable for
1792 * some reason, returning 1 should prevent the UI from presenting the
1793 * a "enter password" screen, or worse, a "press button to wipe the
1794 * device" screen.
1795 */
1796 if ((key_loc[0] == '/') && (access("key_loc", F_OK) == -1)) {
1797 SLOGE("master key file does not exist, aborting");
Paul Lawrence74f29f12014-08-28 15:54:10 -07001798 return CRYPTO_COMPLETE_NOT_ENCRYPTED;
Ken Sumralle1a45852011-12-14 21:24:27 -08001799 } else {
1800 SLOGE("Error getting crypt footer and key\n");
Paul Lawrence74f29f12014-08-28 15:54:10 -07001801 return CRYPTO_COMPLETE_BAD_METADATA;
Ken Sumralle1a45852011-12-14 21:24:27 -08001802 }
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08001803 }
1804
Paul Lawrence74f29f12014-08-28 15:54:10 -07001805 // Test for possible error flags
1806 if (crypt_ftr.flags & CRYPT_ENCRYPTION_IN_PROGRESS){
1807 SLOGE("Encryption process is partway completed\n");
1808 return CRYPTO_COMPLETE_PARTIAL;
1809 }
1810
1811 if (crypt_ftr.flags & CRYPT_INCONSISTENT_STATE){
1812 SLOGE("Encryption process was interrupted but cannot continue\n");
1813 return CRYPTO_COMPLETE_INCONSISTENT;
1814 }
1815
1816 if (crypt_ftr.flags & CRYPT_DATA_CORRUPT){
1817 SLOGE("Encryption is successful but data is corrupt\n");
1818 return CRYPTO_COMPLETE_CORRUPT;
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08001819 }
1820
1821 /* We passed the test! We shall diminish, and return to the west */
Paul Lawrence74f29f12014-08-28 15:54:10 -07001822 return CRYPTO_COMPLETE_ENCRYPTED;
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08001823}
1824
Paul Lawrencef4faa572014-01-29 13:31:03 -08001825static int test_mount_encrypted_fs(struct crypt_mnt_ftr* crypt_ftr,
1826 char *passwd, char *mount_point, char *label)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001827{
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001828 /* Allocate enough space for a 256 bit key, but we may use less */
Ken Sumrall160b4d62013-04-22 12:15:39 -07001829 unsigned char decrypted_master_key[32];
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001830 char crypto_blkdev[MAXPATHLEN];
1831 char real_blkdev[MAXPATHLEN];
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001832 char tmp_mount_point[64];
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001833 unsigned int orig_failed_decrypt_count;
1834 int rc;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001835 int use_keymaster = 0;
1836 int upgrade = 0;
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001837 unsigned char* intermediate_key = 0;
1838 size_t intermediate_key_size = 0;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001839
Paul Lawrencef4faa572014-01-29 13:31:03 -08001840 SLOGD("crypt_ftr->fs_size = %lld\n", crypt_ftr->fs_size);
1841 orig_failed_decrypt_count = crypt_ftr->failed_decrypt_count;
Ken Sumrall0cc16632011-01-18 20:32:26 -08001842
Paul Lawrencef4faa572014-01-29 13:31:03 -08001843 if (! (crypt_ftr->flags & CRYPT_MNT_KEY_UNENCRYPTED) ) {
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001844 if (decrypt_master_key(passwd, decrypted_master_key, crypt_ftr,
1845 &intermediate_key, &intermediate_key_size)) {
JP Abgrall7bdfa522013-11-15 13:42:56 -08001846 SLOGE("Failed to decrypt master key\n");
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001847 rc = -1;
1848 goto errout;
JP Abgrall7bdfa522013-11-15 13:42:56 -08001849 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001850 }
1851
Paul Lawrencef4faa572014-01-29 13:31:03 -08001852 fs_mgr_get_crypt_info(fstab, 0, real_blkdev, sizeof(real_blkdev));
1853
Ajay Dudani87701e22014-09-17 21:02:52 -07001854#ifdef CONFIG_HW_DISK_ENCRYPTION
Iliyan Malchevbb7d9af2014-11-20 18:42:23 -08001855 if (!strcmp((char *)crypt_ftr->crypto_type_name, "aes-xts")) {
1856 if(!set_hw_device_encryption_key(passwd, (char*) crypt_ftr->crypto_type_name)) {
1857 SLOGE("Hardware encryption key does not match");
1858 }
Ajay Dudani87701e22014-09-17 21:02:52 -07001859 }
1860#endif
1861
Paul Lawrence74f29f12014-08-28 15:54:10 -07001862 // Create crypto block device - all (non fatal) code paths
1863 // need it
Paul Lawrencef4faa572014-01-29 13:31:03 -08001864 if (create_crypto_blk_dev(crypt_ftr, decrypted_master_key,
1865 real_blkdev, crypto_blkdev, label)) {
Paul Lawrence74f29f12014-08-28 15:54:10 -07001866 SLOGE("Error creating decrypted block device\n");
1867 rc = -1;
1868 goto errout;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001869 }
1870
Paul Lawrence74f29f12014-08-28 15:54:10 -07001871 /* Work out if the problem is the password or the data */
1872 unsigned char scrypted_intermediate_key[sizeof(crypt_ftr->
1873 scrypted_intermediate_key)];
1874 int N = 1 << crypt_ftr->N_factor;
1875 int r = 1 << crypt_ftr->r_factor;
1876 int p = 1 << crypt_ftr->p_factor;
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001877
Paul Lawrence74f29f12014-08-28 15:54:10 -07001878 rc = crypto_scrypt(intermediate_key, intermediate_key_size,
1879 crypt_ftr->salt, sizeof(crypt_ftr->salt),
1880 N, r, p, scrypted_intermediate_key,
1881 sizeof(scrypted_intermediate_key));
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001882
Paul Lawrence74f29f12014-08-28 15:54:10 -07001883 // Does the key match the crypto footer?
1884 if (rc == 0 && memcmp(scrypted_intermediate_key,
1885 crypt_ftr->scrypted_intermediate_key,
1886 sizeof(scrypted_intermediate_key)) == 0) {
1887 SLOGI("Password matches");
1888 rc = 0;
1889 } else {
1890 /* Try mounting the file system anyway, just in case the problem's with
1891 * the footer, not the key. */
1892 sprintf(tmp_mount_point, "%s/tmp_mnt", mount_point);
1893 mkdir(tmp_mount_point, 0755);
1894 if (fs_mgr_do_mount(fstab, DATA_MNT_POINT, crypto_blkdev, tmp_mount_point)) {
1895 SLOGE("Error temp mounting decrypted block device\n");
1896 delete_crypto_blk_dev(label);
1897
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001898 rc = ++crypt_ftr->failed_decrypt_count;
1899 put_crypt_ftr_and_key(crypt_ftr);
Paul Lawrence74f29f12014-08-28 15:54:10 -07001900 } else {
1901 /* Success! */
1902 SLOGI("Password did not match but decrypted drive mounted - continue");
1903 umount(tmp_mount_point);
1904 rc = 0;
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001905 }
Paul Lawrence74f29f12014-08-28 15:54:10 -07001906 }
1907
1908 if (rc == 0) {
1909 crypt_ftr->failed_decrypt_count = 0;
Paul Lawrence72b8b822014-10-05 12:57:37 -07001910 if (orig_failed_decrypt_count != 0) {
1911 put_crypt_ftr_and_key(crypt_ftr);
1912 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001913
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001914 /* Save the name of the crypto block device
Paul Lawrence74f29f12014-08-28 15:54:10 -07001915 * so we can mount it when restarting the framework. */
Ken Sumrall6864b7e2011-01-14 15:20:02 -08001916 property_set("ro.crypto.fs_crypto_blkdev", crypto_blkdev);
Jason parks70a4b3f2011-01-28 10:10:47 -06001917
1918 /* Also save a the master key so we can reencrypted the key
Paul Lawrence74f29f12014-08-28 15:54:10 -07001919 * the key when we want to change the password on it. */
Jason parks70a4b3f2011-01-28 10:10:47 -06001920 memcpy(saved_master_key, decrypted_master_key, KEY_LEN_BYTES);
Ken Sumrall3ad90722011-10-04 20:38:29 -07001921 saved_mount_point = strdup(mount_point);
Jason parks70a4b3f2011-01-28 10:10:47 -06001922 master_key_saved = 1;
JP Abgrall7bdfa522013-11-15 13:42:56 -08001923 SLOGD("%s(): Master key saved\n", __FUNCTION__);
Ken Sumrall6864b7e2011-01-14 15:20:02 -08001924 rc = 0;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001925
Paul Lawrence74f29f12014-08-28 15:54:10 -07001926 // Upgrade if we're not using the latest KDF.
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001927 use_keymaster = keymaster_check_compatibility();
1928 if (crypt_ftr->kdf_type == KDF_SCRYPT_KEYMASTER) {
Shawn Willden47ba10d2014-09-03 17:07:06 -06001929 // Don't allow downgrade
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001930 } else if (use_keymaster == 1 && crypt_ftr->kdf_type != KDF_SCRYPT_KEYMASTER) {
1931 crypt_ftr->kdf_type = KDF_SCRYPT_KEYMASTER;
1932 upgrade = 1;
1933 } else if (use_keymaster == 0 && crypt_ftr->kdf_type != KDF_SCRYPT) {
Paul Lawrencef4faa572014-01-29 13:31:03 -08001934 crypt_ftr->kdf_type = KDF_SCRYPT;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001935 upgrade = 1;
1936 }
1937
1938 if (upgrade) {
Paul Lawrencef4faa572014-01-29 13:31:03 -08001939 rc = encrypt_master_key(passwd, crypt_ftr->salt, saved_master_key,
1940 crypt_ftr->master_key, crypt_ftr);
JP Abgrall7bdfa522013-11-15 13:42:56 -08001941 if (!rc) {
Paul Lawrencef4faa572014-01-29 13:31:03 -08001942 rc = put_crypt_ftr_and_key(crypt_ftr);
JP Abgrall7bdfa522013-11-15 13:42:56 -08001943 }
1944 SLOGD("Key Derivation Function upgrade: rc=%d\n", rc);
Paul Lawrenceb2f682b2014-09-08 11:28:19 -07001945
1946 // Do not fail even if upgrade failed - machine is bootable
1947 // Note that if this code is ever hit, there is a *serious* problem
1948 // since KDFs should never fail. You *must* fix the kdf before
1949 // proceeding!
1950 if (rc) {
1951 SLOGW("Upgrade failed with error %d,"
1952 " but continuing with previous state",
1953 rc);
1954 rc = 0;
1955 }
JP Abgrall7bdfa522013-11-15 13:42:56 -08001956 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001957 }
1958
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001959 errout:
1960 if (intermediate_key) {
1961 memset(intermediate_key, 0, intermediate_key_size);
1962 free(intermediate_key);
1963 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001964 return rc;
1965}
1966
Ken Sumrall29d8da82011-05-18 17:20:07 -07001967/*
Jeff Sharkey9c484982015-03-31 10:35:33 -07001968 * Called by vold when it's asked to mount an encrypted external
1969 * storage volume. The incoming partition has no crypto header/footer,
1970 * as any metadata is been stored in a separate, small partition.
1971 *
1972 * out_crypto_blkdev must be MAXPATHLEN.
Ken Sumrall29d8da82011-05-18 17:20:07 -07001973 */
Jeff Sharkey9c484982015-03-31 10:35:33 -07001974int cryptfs_setup_ext_volume(const char* label, const char* real_blkdev,
1975 const unsigned char* key, int keysize, char* out_crypto_blkdev) {
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07001976 int fd = open(real_blkdev, O_RDONLY|O_CLOEXEC);
Hiroaki Miyazawa14eab552015-02-04 13:29:15 +09001977 if (fd == -1) {
Jeff Sharkey9c484982015-03-31 10:35:33 -07001978 SLOGE("Failed to open %s: %s", real_blkdev, strerror(errno));
Hiroaki Miyazawa14eab552015-02-04 13:29:15 +09001979 return -1;
1980 }
1981
1982 unsigned long nr_sec = 0;
1983 get_blkdev_size(fd, &nr_sec);
Ken Sumrall29d8da82011-05-18 17:20:07 -07001984 close(fd);
Hiroaki Miyazawa14eab552015-02-04 13:29:15 +09001985
Ken Sumrall29d8da82011-05-18 17:20:07 -07001986 if (nr_sec == 0) {
Jeff Sharkey9c484982015-03-31 10:35:33 -07001987 SLOGE("Failed to get size of %s: %s", real_blkdev, strerror(errno));
Ken Sumrall29d8da82011-05-18 17:20:07 -07001988 return -1;
1989 }
1990
Jeff Sharkey9c484982015-03-31 10:35:33 -07001991 struct crypt_mnt_ftr ext_crypt_ftr;
1992 memset(&ext_crypt_ftr, 0, sizeof(ext_crypt_ftr));
1993 ext_crypt_ftr.fs_size = nr_sec;
1994 ext_crypt_ftr.keysize = keysize;
1995 strcpy((char*) ext_crypt_ftr.crypto_type_name, "aes-cbc-essiv:sha256");
Ken Sumrall29d8da82011-05-18 17:20:07 -07001996
Jeff Sharkey9c484982015-03-31 10:35:33 -07001997 return create_crypto_blk_dev(&ext_crypt_ftr, key, real_blkdev,
1998 out_crypto_blkdev, label);
1999}
Ken Sumrall29d8da82011-05-18 17:20:07 -07002000
Jeff Sharkey9c484982015-03-31 10:35:33 -07002001/*
2002 * Called by vold when it's asked to unmount an encrypted external
2003 * storage volume.
2004 */
2005int cryptfs_revert_ext_volume(const char* label) {
2006 return delete_crypto_blk_dev((char*) label);
Ken Sumrall29d8da82011-05-18 17:20:07 -07002007}
2008
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08002009int cryptfs_crypto_complete(void)
2010{
2011 return do_crypto_complete("/data");
2012}
2013
Paul Lawrencef4faa572014-01-29 13:31:03 -08002014int check_unmounted_and_get_ftr(struct crypt_mnt_ftr* crypt_ftr)
2015{
2016 char encrypted_state[PROPERTY_VALUE_MAX];
2017 property_get("ro.crypto.state", encrypted_state, "");
2018 if ( master_key_saved || strcmp(encrypted_state, "encrypted") ) {
2019 SLOGE("encrypted fs already validated or not running with encryption,"
2020 " aborting");
2021 return -1;
2022 }
2023
2024 if (get_crypt_ftr_and_key(crypt_ftr)) {
2025 SLOGE("Error getting crypt footer and key");
2026 return -1;
2027 }
2028
2029 return 0;
2030}
2031
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002032int cryptfs_check_passwd(char *passwd)
2033{
Paul Lawrence05335c32015-03-05 09:46:23 -08002034 SLOGI("cryptfs_check_passwd");
Paul Crowley38132a12016-02-09 09:50:32 +00002035 if (e4crypt_is_native()) {
Paul Lawrence7b6b5652016-02-02 11:14:59 -08002036 SLOGE("cryptfs_check_passwd not valid for file encryption");
2037 return -1;
Paul Lawrence05335c32015-03-05 09:46:23 -08002038 }
2039
Paul Lawrencef4faa572014-01-29 13:31:03 -08002040 struct crypt_mnt_ftr crypt_ftr;
2041 int rc;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002042
Paul Lawrencef4faa572014-01-29 13:31:03 -08002043 rc = check_unmounted_and_get_ftr(&crypt_ftr);
Paul Lawrence3d99eba2015-11-20 07:07:19 -08002044 if (rc) {
2045 SLOGE("Could not get footer");
Paul Lawrencef4faa572014-01-29 13:31:03 -08002046 return rc;
Paul Lawrence3d99eba2015-11-20 07:07:19 -08002047 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002048
Paul Lawrence3bd36d52015-06-09 13:37:44 -07002049 rc = test_mount_encrypted_fs(&crypt_ftr, passwd,
Paul Lawrence3d99eba2015-11-20 07:07:19 -08002050 DATA_MNT_POINT, CRYPTO_BLOCK_DEVICE);
2051 if (rc) {
2052 SLOGE("Password did not match");
2053 return rc;
2054 }
Paul Lawrence684dbdf2014-02-07 12:07:22 -08002055
Paul Lawrence3d99eba2015-11-20 07:07:19 -08002056 if (crypt_ftr.flags & CRYPT_FORCE_COMPLETE) {
2057 // Here we have a default actual password but a real password
2058 // we must test against the scrypted value
2059 // First, we must delete the crypto block device that
2060 // test_mount_encrypted_fs leaves behind as a side effect
2061 delete_crypto_blk_dev(CRYPTO_BLOCK_DEVICE);
2062 rc = test_mount_encrypted_fs(&crypt_ftr, DEFAULT_PASSWORD,
2063 DATA_MNT_POINT, CRYPTO_BLOCK_DEVICE);
2064 if (rc) {
2065 SLOGE("Default password did not match on reboot encryption");
2066 return rc;
2067 }
2068
2069 crypt_ftr.flags &= ~CRYPT_FORCE_COMPLETE;
2070 put_crypt_ftr_and_key(&crypt_ftr);
2071 rc = cryptfs_changepw(crypt_ftr.crypt_type, passwd);
2072 if (rc) {
2073 SLOGE("Could not change password on reboot encryption");
2074 return rc;
2075 }
2076 }
2077
2078 if (crypt_ftr.crypt_type != CRYPT_TYPE_DEFAULT) {
Paul Lawrence399317e2014-03-10 13:20:50 -07002079 cryptfs_clear_password();
2080 password = strdup(passwd);
2081 struct timespec now;
2082 clock_gettime(CLOCK_BOOTTIME, &now);
2083 password_expiry_time = now.tv_sec + password_max_age_seconds;
Paul Lawrence684dbdf2014-02-07 12:07:22 -08002084 }
2085
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002086 return rc;
2087}
2088
Ken Sumrall3ad90722011-10-04 20:38:29 -07002089int cryptfs_verify_passwd(char *passwd)
2090{
2091 struct crypt_mnt_ftr crypt_ftr;
2092 /* Allocate enough space for a 256 bit key, but we may use less */
Ken Sumrall160b4d62013-04-22 12:15:39 -07002093 unsigned char decrypted_master_key[32];
Ken Sumrall3ad90722011-10-04 20:38:29 -07002094 char encrypted_state[PROPERTY_VALUE_MAX];
2095 int rc;
2096
2097 property_get("ro.crypto.state", encrypted_state, "");
2098 if (strcmp(encrypted_state, "encrypted") ) {
2099 SLOGE("device not encrypted, aborting");
2100 return -2;
2101 }
2102
2103 if (!master_key_saved) {
2104 SLOGE("encrypted fs not yet mounted, aborting");
2105 return -1;
2106 }
2107
2108 if (!saved_mount_point) {
2109 SLOGE("encrypted fs failed to save mount point, aborting");
2110 return -1;
2111 }
2112
Ken Sumrall160b4d62013-04-22 12:15:39 -07002113 if (get_crypt_ftr_and_key(&crypt_ftr)) {
Ken Sumrall3ad90722011-10-04 20:38:29 -07002114 SLOGE("Error getting crypt footer and key\n");
2115 return -1;
2116 }
2117
2118 if (crypt_ftr.flags & CRYPT_MNT_KEY_UNENCRYPTED) {
2119 /* If the device has no password, then just say the password is valid */
2120 rc = 0;
2121 } else {
Paul Lawrenced0c7b172014-08-08 14:28:10 -07002122 decrypt_master_key(passwd, decrypted_master_key, &crypt_ftr, 0, 0);
Ken Sumrall3ad90722011-10-04 20:38:29 -07002123 if (!memcmp(decrypted_master_key, saved_master_key, crypt_ftr.keysize)) {
2124 /* They match, the password is correct */
2125 rc = 0;
2126 } else {
2127 /* If incorrect, sleep for a bit to prevent dictionary attacks */
2128 sleep(1);
2129 rc = 1;
2130 }
2131 }
2132
2133 return rc;
2134}
2135
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002136/* Initialize a crypt_mnt_ftr structure. The keysize is
2137 * defaulted to 16 bytes, and the filesystem size to 0.
2138 * Presumably, at a minimum, the caller will update the
2139 * filesystem size and crypto_type_name after calling this function.
2140 */
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07002141static int cryptfs_init_crypt_mnt_ftr(struct crypt_mnt_ftr *ftr)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002142{
Ken Sumrall160b4d62013-04-22 12:15:39 -07002143 off64_t off;
2144
2145 memset(ftr, 0, sizeof(struct crypt_mnt_ftr));
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002146 ftr->magic = CRYPT_MNT_MAGIC;
Kenny Rootc96a5f82013-06-14 12:08:28 -07002147 ftr->major_version = CURRENT_MAJOR_VERSION;
2148 ftr->minor_version = CURRENT_MINOR_VERSION;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002149 ftr->ftr_size = sizeof(struct crypt_mnt_ftr);
Jason parks70a4b3f2011-01-28 10:10:47 -06002150 ftr->keysize = KEY_LEN_BYTES;
Ken Sumrall160b4d62013-04-22 12:15:39 -07002151
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07002152 switch (keymaster_check_compatibility()) {
2153 case 1:
2154 ftr->kdf_type = KDF_SCRYPT_KEYMASTER;
2155 break;
2156
2157 case 0:
2158 ftr->kdf_type = KDF_SCRYPT;
2159 break;
2160
2161 default:
2162 SLOGE("keymaster_check_compatibility failed");
2163 return -1;
2164 }
2165
Kenny Rootc4c70f12013-06-14 12:11:38 -07002166 get_device_scrypt_params(ftr);
2167
Ken Sumrall160b4d62013-04-22 12:15:39 -07002168 ftr->persist_data_size = CRYPT_PERSIST_DATA_SIZE;
2169 if (get_crypt_ftr_info(NULL, &off) == 0) {
2170 ftr->persist_data_offset[0] = off + CRYPT_FOOTER_TO_PERSIST_OFFSET;
2171 ftr->persist_data_offset[1] = off + CRYPT_FOOTER_TO_PERSIST_OFFSET +
2172 ftr->persist_data_size;
2173 }
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07002174
2175 return 0;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002176}
2177
Ken Sumrall29d8da82011-05-18 17:20:07 -07002178static int cryptfs_enable_wipe(char *crypto_blkdev, off64_t size, int type)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002179{
Ken Sumralle550f782013-08-20 13:48:23 -07002180 const char *args[10];
2181 char size_str[32]; /* Must be large enough to hold a %lld and null byte */
2182 int num_args;
2183 int status;
2184 int tmp;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002185 int rc = -1;
2186
Ken Sumrall29d8da82011-05-18 17:20:07 -07002187 if (type == EXT4_FS) {
Ken Sumralle550f782013-08-20 13:48:23 -07002188 args[0] = "/system/bin/make_ext4fs";
2189 args[1] = "-a";
2190 args[2] = "/data";
2191 args[3] = "-l";
Elliott Hughes73737162014-06-25 17:27:42 -07002192 snprintf(size_str, sizeof(size_str), "%" PRId64, size * 512);
Ken Sumralle550f782013-08-20 13:48:23 -07002193 args[4] = size_str;
2194 args[5] = crypto_blkdev;
2195 num_args = 6;
2196 SLOGI("Making empty filesystem with command %s %s %s %s %s %s\n",
2197 args[0], args[1], args[2], args[3], args[4], args[5]);
JP Abgrall62c7af32014-06-16 13:01:23 -07002198 } else if (type == F2FS_FS) {
2199 args[0] = "/system/bin/mkfs.f2fs";
2200 args[1] = "-t";
2201 args[2] = "-d1";
2202 args[3] = crypto_blkdev;
Elliott Hughes73737162014-06-25 17:27:42 -07002203 snprintf(size_str, sizeof(size_str), "%" PRId64, size);
JP Abgrall62c7af32014-06-16 13:01:23 -07002204 args[4] = size_str;
2205 num_args = 5;
2206 SLOGI("Making empty filesystem with command %s %s %s %s %s\n",
2207 args[0], args[1], args[2], args[3], args[4]);
Ken Sumrall29d8da82011-05-18 17:20:07 -07002208 } else {
2209 SLOGE("cryptfs_enable_wipe(): unknown filesystem type %d\n", type);
2210 return -1;
2211 }
2212
Ken Sumralle550f782013-08-20 13:48:23 -07002213 tmp = android_fork_execvp(num_args, (char **)args, &status, false, true);
2214
2215 if (tmp != 0) {
2216 SLOGE("Error creating empty filesystem on %s due to logwrap error\n", crypto_blkdev);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002217 } else {
Ken Sumralle550f782013-08-20 13:48:23 -07002218 if (WIFEXITED(status)) {
2219 if (WEXITSTATUS(status)) {
2220 SLOGE("Error creating filesystem on %s, exit status %d ",
2221 crypto_blkdev, WEXITSTATUS(status));
2222 } else {
2223 SLOGD("Successfully created filesystem on %s\n", crypto_blkdev);
2224 rc = 0;
2225 }
2226 } else {
2227 SLOGE("Error creating filesystem on %s, did not exit normally\n", crypto_blkdev);
2228 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002229 }
2230
2231 return rc;
2232}
2233
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002234#define CRYPT_INPLACE_BUFSIZE 4096
Paul Lawrence87999172014-02-20 12:21:31 -08002235#define CRYPT_SECTORS_PER_BUFSIZE (CRYPT_INPLACE_BUFSIZE / CRYPT_SECTOR_SIZE)
2236#define CRYPT_SECTOR_SIZE 512
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002237
2238/* aligned 32K writes tends to make flash happy.
2239 * SD card association recommends it.
2240 */
Ajay Dudani87701e22014-09-17 21:02:52 -07002241#ifndef CONFIG_HW_DISK_ENCRYPTION
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002242#define BLOCKS_AT_A_TIME 8
Ajay Dudani87701e22014-09-17 21:02:52 -07002243#else
2244#define BLOCKS_AT_A_TIME 1024
2245#endif
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002246
2247struct encryptGroupsData
2248{
2249 int realfd;
2250 int cryptofd;
2251 off64_t numblocks;
2252 off64_t one_pct, cur_pct, new_pct;
2253 off64_t blocks_already_done, tot_numblocks;
Paul Lawrence58c58cf2014-06-04 13:12:21 -07002254 off64_t used_blocks_already_done, tot_used_blocks;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002255 char* real_blkdev, * crypto_blkdev;
2256 int count;
2257 off64_t offset;
2258 char* buffer;
Paul Lawrence87999172014-02-20 12:21:31 -08002259 off64_t last_written_sector;
2260 int completed;
Paul Lawrencea96d9c92014-06-04 14:05:01 -07002261 time_t time_started;
2262 int remaining_time;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002263};
2264
Paul Lawrence58c58cf2014-06-04 13:12:21 -07002265static void update_progress(struct encryptGroupsData* data, int is_used)
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002266{
2267 data->blocks_already_done++;
Paul Lawrence58c58cf2014-06-04 13:12:21 -07002268
2269 if (is_used) {
2270 data->used_blocks_already_done++;
2271 }
Paul Lawrence58c58cf2014-06-04 13:12:21 -07002272 if (data->tot_used_blocks) {
2273 data->new_pct = data->used_blocks_already_done / data->one_pct;
2274 } else {
2275 data->new_pct = data->blocks_already_done / data->one_pct;
2276 }
2277
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002278 if (data->new_pct > data->cur_pct) {
2279 char buf[8];
2280 data->cur_pct = data->new_pct;
Elliott Hughescb33f572014-06-25 18:25:11 -07002281 snprintf(buf, sizeof(buf), "%" PRId64, data->cur_pct);
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002282 property_set("vold.encrypt_progress", buf);
2283 }
Paul Lawrencea96d9c92014-06-04 14:05:01 -07002284
2285 if (data->cur_pct >= 5) {
Paul Lawrence9c58a872014-09-30 09:12:51 -07002286 struct timespec time_now;
2287 if (clock_gettime(CLOCK_MONOTONIC, &time_now)) {
2288 SLOGW("Error getting time");
2289 } else {
2290 double elapsed_time = difftime(time_now.tv_sec, data->time_started);
2291 off64_t remaining_blocks = data->tot_used_blocks
2292 - data->used_blocks_already_done;
2293 int remaining_time = (int)(elapsed_time * remaining_blocks
2294 / data->used_blocks_already_done);
Paul Lawrence71577502014-08-13 14:55:55 -07002295
Paul Lawrence9c58a872014-09-30 09:12:51 -07002296 // Change time only if not yet set, lower, or a lot higher for
2297 // best user experience
2298 if (data->remaining_time == -1
2299 || remaining_time < data->remaining_time
2300 || remaining_time > data->remaining_time + 60) {
2301 char buf[8];
2302 snprintf(buf, sizeof(buf), "%d", remaining_time);
2303 property_set("vold.encrypt_time_remaining", buf);
2304 data->remaining_time = remaining_time;
2305 }
Paul Lawrencea96d9c92014-06-04 14:05:01 -07002306 }
2307 }
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002308}
2309
Paul Lawrence3846be12014-09-22 11:33:54 -07002310static void log_progress(struct encryptGroupsData const* data, bool completed)
2311{
2312 // Precondition - if completed data = 0 else data != 0
2313
2314 // Track progress so we can skip logging blocks
2315 static off64_t offset = -1;
2316
2317 // Need to close existing 'Encrypting from' log?
2318 if (completed || (offset != -1 && data->offset != offset)) {
2319 SLOGI("Encrypted to sector %" PRId64,
2320 offset / info.block_size * CRYPT_SECTOR_SIZE);
2321 offset = -1;
2322 }
2323
2324 // Need to start new 'Encrypting from' log?
2325 if (!completed && offset != data->offset) {
2326 SLOGI("Encrypting from sector %" PRId64,
2327 data->offset / info.block_size * CRYPT_SECTOR_SIZE);
2328 }
2329
2330 // Update offset
2331 if (!completed) {
2332 offset = data->offset + (off64_t)data->count * info.block_size;
2333 }
2334}
2335
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002336static int flush_outstanding_data(struct encryptGroupsData* data)
2337{
2338 if (data->count == 0) {
2339 return 0;
2340 }
2341
Elliott Hughes231bdba2014-06-25 18:36:19 -07002342 SLOGV("Copying %d blocks at offset %" PRIx64, data->count, data->offset);
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002343
2344 if (pread64(data->realfd, data->buffer,
2345 info.block_size * data->count, data->offset)
2346 <= 0) {
2347 SLOGE("Error reading real_blkdev %s for inplace encrypt",
2348 data->real_blkdev);
2349 return -1;
2350 }
2351
2352 if (pwrite64(data->cryptofd, data->buffer,
2353 info.block_size * data->count, data->offset)
2354 <= 0) {
2355 SLOGE("Error writing crypto_blkdev %s for inplace encrypt",
2356 data->crypto_blkdev);
2357 return -1;
Paul Lawrence87999172014-02-20 12:21:31 -08002358 } else {
Paul Lawrence3846be12014-09-22 11:33:54 -07002359 log_progress(data, false);
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002360 }
2361
2362 data->count = 0;
Paul Lawrence87999172014-02-20 12:21:31 -08002363 data->last_written_sector = (data->offset + data->count)
2364 / info.block_size * CRYPT_SECTOR_SIZE - 1;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002365 return 0;
2366}
2367
2368static int encrypt_groups(struct encryptGroupsData* data)
2369{
2370 unsigned int i;
2371 u8 *block_bitmap = 0;
2372 unsigned int block;
2373 off64_t ret;
2374 int rc = -1;
2375
2376 data->buffer = malloc(info.block_size * BLOCKS_AT_A_TIME);
2377 if (!data->buffer) {
2378 SLOGE("Failed to allocate crypto buffer");
2379 goto errout;
2380 }
2381
2382 block_bitmap = malloc(info.block_size);
2383 if (!block_bitmap) {
2384 SLOGE("failed to allocate block bitmap");
2385 goto errout;
2386 }
2387
2388 for (i = 0; i < aux_info.groups; ++i) {
2389 SLOGI("Encrypting group %d", i);
2390
2391 u32 first_block = aux_info.first_data_block + i * info.blocks_per_group;
2392 u32 block_count = min(info.blocks_per_group,
2393 aux_info.len_blocks - first_block);
2394
2395 off64_t offset = (u64)info.block_size
2396 * aux_info.bg_desc[i].bg_block_bitmap;
2397
2398 ret = pread64(data->realfd, block_bitmap, info.block_size, offset);
2399 if (ret != (int)info.block_size) {
2400 SLOGE("failed to read all of block group bitmap %d", i);
2401 goto errout;
2402 }
2403
2404 offset = (u64)info.block_size * first_block;
2405
2406 data->count = 0;
2407
2408 for (block = 0; block < block_count; block++) {
liminghaoaa08e582016-01-06 10:30:49 +08002409 int used = (aux_info.bg_desc[i].bg_flags & EXT4_BG_BLOCK_UNINIT) ?
2410 0 : bitmap_get_bit(block_bitmap, block);
Paul Lawrence58c58cf2014-06-04 13:12:21 -07002411 update_progress(data, used);
2412 if (used) {
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002413 if (data->count == 0) {
2414 data->offset = offset;
2415 }
2416 data->count++;
2417 } else {
2418 if (flush_outstanding_data(data)) {
2419 goto errout;
2420 }
2421 }
2422
2423 offset += info.block_size;
2424
2425 /* Write data if we are aligned or buffer size reached */
2426 if (offset % (info.block_size * BLOCKS_AT_A_TIME) == 0
2427 || data->count == BLOCKS_AT_A_TIME) {
2428 if (flush_outstanding_data(data)) {
2429 goto errout;
2430 }
2431 }
Paul Lawrence87999172014-02-20 12:21:31 -08002432
Paul Lawrence73d7a022014-06-09 14:10:09 -07002433 if (!is_battery_ok_to_continue()) {
Paul Lawrence87999172014-02-20 12:21:31 -08002434 SLOGE("Stopping encryption due to low battery");
2435 rc = 0;
2436 goto errout;
2437 }
2438
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002439 }
2440 if (flush_outstanding_data(data)) {
2441 goto errout;
2442 }
2443 }
2444
Paul Lawrence87999172014-02-20 12:21:31 -08002445 data->completed = 1;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002446 rc = 0;
2447
2448errout:
Paul Lawrence3846be12014-09-22 11:33:54 -07002449 log_progress(0, true);
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002450 free(data->buffer);
2451 free(block_bitmap);
2452 return rc;
2453}
2454
2455static int cryptfs_enable_inplace_ext4(char *crypto_blkdev,
2456 char *real_blkdev,
2457 off64_t size,
2458 off64_t *size_already_done,
Paul Lawrence87999172014-02-20 12:21:31 -08002459 off64_t tot_size,
2460 off64_t previously_encrypted_upto)
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002461{
Paul Lawrence58c58cf2014-06-04 13:12:21 -07002462 u32 i;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002463 struct encryptGroupsData data;
Paul Lawrence74f29f12014-08-28 15:54:10 -07002464 int rc; // Can't initialize without causing warning -Wclobbered
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002465
Paul Lawrence87999172014-02-20 12:21:31 -08002466 if (previously_encrypted_upto > *size_already_done) {
2467 SLOGD("Not fast encrypting since resuming part way through");
2468 return -1;
2469 }
2470
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002471 memset(&data, 0, sizeof(data));
2472 data.real_blkdev = real_blkdev;
2473 data.crypto_blkdev = crypto_blkdev;
2474
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07002475 if ( (data.realfd = open(real_blkdev, O_RDWR|O_CLOEXEC)) < 0) {
JP Abgrall3334c6a2014-10-10 15:52:11 -07002476 SLOGE("Error opening real_blkdev %s for inplace encrypt. err=%d(%s)\n",
2477 real_blkdev, errno, strerror(errno));
Paul Lawrence74f29f12014-08-28 15:54:10 -07002478 rc = -1;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002479 goto errout;
2480 }
2481
David Ng82fd8042015-01-21 13:55:21 -08002482 // Wait until the block device appears. Re-use the mount retry values since it is reasonable.
2483 int retries = RETRY_MOUNT_ATTEMPTS;
2484 while ((data.cryptofd = open(crypto_blkdev, O_WRONLY|O_CLOEXEC)) < 0) {
2485 if (--retries) {
2486 SLOGE("Error opening crypto_blkdev %s for ext4 inplace encrypt. err=%d(%s), retrying\n",
2487 crypto_blkdev, errno, strerror(errno));
2488 sleep(RETRY_MOUNT_DELAY_SECONDS);
2489 } else {
2490 SLOGE("Error opening crypto_blkdev %s for ext4 inplace encrypt. err=%d(%s)\n",
2491 crypto_blkdev, errno, strerror(errno));
2492 rc = ENABLE_INPLACE_ERR_DEV;
2493 goto errout;
2494 }
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002495 }
2496
2497 if (setjmp(setjmp_env)) {
JP Abgrall7fc1de82014-10-10 18:43:41 -07002498 SLOGE("Reading ext4 extent caused an exception\n");
Paul Lawrence74f29f12014-08-28 15:54:10 -07002499 rc = -1;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002500 goto errout;
2501 }
2502
2503 if (read_ext(data.realfd, 0) != 0) {
JP Abgrall7fc1de82014-10-10 18:43:41 -07002504 SLOGE("Failed to read ext4 extent\n");
Paul Lawrence74f29f12014-08-28 15:54:10 -07002505 rc = -1;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002506 goto errout;
2507 }
2508
2509 data.numblocks = size / CRYPT_SECTORS_PER_BUFSIZE;
2510 data.tot_numblocks = tot_size / CRYPT_SECTORS_PER_BUFSIZE;
2511 data.blocks_already_done = *size_already_done / CRYPT_SECTORS_PER_BUFSIZE;
2512
JP Abgrall7fc1de82014-10-10 18:43:41 -07002513 SLOGI("Encrypting ext4 filesystem in place...");
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002514
Paul Lawrence58c58cf2014-06-04 13:12:21 -07002515 data.tot_used_blocks = data.numblocks;
2516 for (i = 0; i < aux_info.groups; ++i) {
2517 data.tot_used_blocks -= aux_info.bg_desc[i].bg_free_blocks_count;
2518 }
2519
2520 data.one_pct = data.tot_used_blocks / 100;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002521 data.cur_pct = 0;
Paul Lawrence9c58a872014-09-30 09:12:51 -07002522
2523 struct timespec time_started = {0};
2524 if (clock_gettime(CLOCK_MONOTONIC, &time_started)) {
2525 SLOGW("Error getting time at start");
2526 // Note - continue anyway - we'll run with 0
2527 }
2528 data.time_started = time_started.tv_sec;
Paul Lawrencea96d9c92014-06-04 14:05:01 -07002529 data.remaining_time = -1;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002530
2531 rc = encrypt_groups(&data);
2532 if (rc) {
2533 SLOGE("Error encrypting groups");
2534 goto errout;
2535 }
2536
Paul Lawrence87999172014-02-20 12:21:31 -08002537 *size_already_done += data.completed ? size : data.last_written_sector;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002538 rc = 0;
2539
2540errout:
2541 close(data.realfd);
2542 close(data.cryptofd);
2543
2544 return rc;
2545}
2546
Paul Lawrence3846be12014-09-22 11:33:54 -07002547static void log_progress_f2fs(u64 block, bool completed)
2548{
2549 // Precondition - if completed data = 0 else data != 0
2550
2551 // Track progress so we can skip logging blocks
2552 static u64 last_block = (u64)-1;
2553
2554 // Need to close existing 'Encrypting from' log?
2555 if (completed || (last_block != (u64)-1 && block != last_block + 1)) {
2556 SLOGI("Encrypted to block %" PRId64, last_block);
2557 last_block = -1;
2558 }
2559
2560 // Need to start new 'Encrypting from' log?
2561 if (!completed && (last_block == (u64)-1 || block != last_block + 1)) {
2562 SLOGI("Encrypting from block %" PRId64, block);
2563 }
2564
2565 // Update offset
2566 if (!completed) {
2567 last_block = block;
2568 }
2569}
2570
Daniel Rosenberge82df162014-08-15 22:19:23 +00002571static int encrypt_one_block_f2fs(u64 pos, void *data)
2572{
2573 struct encryptGroupsData *priv_dat = (struct encryptGroupsData *)data;
2574
2575 priv_dat->blocks_already_done = pos - 1;
2576 update_progress(priv_dat, 1);
2577
2578 off64_t offset = pos * CRYPT_INPLACE_BUFSIZE;
2579
2580 if (pread64(priv_dat->realfd, priv_dat->buffer, CRYPT_INPLACE_BUFSIZE, offset) <= 0) {
JP Abgrall7fc1de82014-10-10 18:43:41 -07002581 SLOGE("Error reading real_blkdev %s for f2fs inplace encrypt", priv_dat->crypto_blkdev);
Daniel Rosenberge82df162014-08-15 22:19:23 +00002582 return -1;
2583 }
2584
2585 if (pwrite64(priv_dat->cryptofd, priv_dat->buffer, CRYPT_INPLACE_BUFSIZE, offset) <= 0) {
JP Abgrall7fc1de82014-10-10 18:43:41 -07002586 SLOGE("Error writing crypto_blkdev %s for f2fs inplace encrypt", priv_dat->crypto_blkdev);
Daniel Rosenberge82df162014-08-15 22:19:23 +00002587 return -1;
2588 } else {
Paul Lawrence3846be12014-09-22 11:33:54 -07002589 log_progress_f2fs(pos, false);
Daniel Rosenberge82df162014-08-15 22:19:23 +00002590 }
2591
2592 return 0;
2593}
2594
2595static int cryptfs_enable_inplace_f2fs(char *crypto_blkdev,
2596 char *real_blkdev,
2597 off64_t size,
2598 off64_t *size_already_done,
2599 off64_t tot_size,
2600 off64_t previously_encrypted_upto)
2601{
Daniel Rosenberge82df162014-08-15 22:19:23 +00002602 struct encryptGroupsData data;
2603 struct f2fs_info *f2fs_info = NULL;
JP Abgrall7fc1de82014-10-10 18:43:41 -07002604 int rc = ENABLE_INPLACE_ERR_OTHER;
Daniel Rosenberge82df162014-08-15 22:19:23 +00002605 if (previously_encrypted_upto > *size_already_done) {
2606 SLOGD("Not fast encrypting since resuming part way through");
JP Abgrall7fc1de82014-10-10 18:43:41 -07002607 return ENABLE_INPLACE_ERR_OTHER;
Daniel Rosenberge82df162014-08-15 22:19:23 +00002608 }
2609 memset(&data, 0, sizeof(data));
2610 data.real_blkdev = real_blkdev;
2611 data.crypto_blkdev = crypto_blkdev;
2612 data.realfd = -1;
2613 data.cryptofd = -1;
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07002614 if ( (data.realfd = open64(real_blkdev, O_RDWR|O_CLOEXEC)) < 0) {
JP Abgrall7fc1de82014-10-10 18:43:41 -07002615 SLOGE("Error opening real_blkdev %s for f2fs inplace encrypt\n",
Daniel Rosenberge82df162014-08-15 22:19:23 +00002616 real_blkdev);
2617 goto errout;
2618 }
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07002619 if ( (data.cryptofd = open64(crypto_blkdev, O_WRONLY|O_CLOEXEC)) < 0) {
JP Abgrall7fc1de82014-10-10 18:43:41 -07002620 SLOGE("Error opening crypto_blkdev %s for f2fs inplace encrypt. err=%d(%s)\n",
JP Abgrall3334c6a2014-10-10 15:52:11 -07002621 crypto_blkdev, errno, strerror(errno));
JP Abgrall7fc1de82014-10-10 18:43:41 -07002622 rc = ENABLE_INPLACE_ERR_DEV;
Daniel Rosenberge82df162014-08-15 22:19:23 +00002623 goto errout;
2624 }
2625
2626 f2fs_info = generate_f2fs_info(data.realfd);
2627 if (!f2fs_info)
2628 goto errout;
2629
2630 data.numblocks = size / CRYPT_SECTORS_PER_BUFSIZE;
2631 data.tot_numblocks = tot_size / CRYPT_SECTORS_PER_BUFSIZE;
2632 data.blocks_already_done = *size_already_done / CRYPT_SECTORS_PER_BUFSIZE;
2633
2634 data.tot_used_blocks = get_num_blocks_used(f2fs_info);
2635
2636 data.one_pct = data.tot_used_blocks / 100;
2637 data.cur_pct = 0;
2638 data.time_started = time(NULL);
2639 data.remaining_time = -1;
2640
2641 data.buffer = malloc(f2fs_info->block_size);
2642 if (!data.buffer) {
2643 SLOGE("Failed to allocate crypto buffer");
2644 goto errout;
2645 }
2646
2647 data.count = 0;
2648
2649 /* Currently, this either runs to completion, or hits a nonrecoverable error */
2650 rc = run_on_used_blocks(data.blocks_already_done, f2fs_info, &encrypt_one_block_f2fs, &data);
2651
2652 if (rc) {
JP Abgrall7fc1de82014-10-10 18:43:41 -07002653 SLOGE("Error in running over f2fs blocks");
2654 rc = ENABLE_INPLACE_ERR_OTHER;
Daniel Rosenberge82df162014-08-15 22:19:23 +00002655 goto errout;
2656 }
2657
2658 *size_already_done += size;
2659 rc = 0;
2660
2661errout:
2662 if (rc)
2663 SLOGE("Failed to encrypt f2fs filesystem on %s", real_blkdev);
2664
Paul Lawrence3846be12014-09-22 11:33:54 -07002665 log_progress_f2fs(0, true);
Daniel Rosenberge82df162014-08-15 22:19:23 +00002666 free(f2fs_info);
2667 free(data.buffer);
2668 close(data.realfd);
2669 close(data.cryptofd);
2670
2671 return rc;
2672}
2673
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002674static int cryptfs_enable_inplace_full(char *crypto_blkdev, char *real_blkdev,
2675 off64_t size, off64_t *size_already_done,
Paul Lawrence87999172014-02-20 12:21:31 -08002676 off64_t tot_size,
2677 off64_t previously_encrypted_upto)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002678{
2679 int realfd, cryptofd;
2680 char *buf[CRYPT_INPLACE_BUFSIZE];
JP Abgrall7fc1de82014-10-10 18:43:41 -07002681 int rc = ENABLE_INPLACE_ERR_OTHER;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002682 off64_t numblocks, i, remainder;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002683 off64_t one_pct, cur_pct, new_pct;
Ken Sumrall29d8da82011-05-18 17:20:07 -07002684 off64_t blocks_already_done, tot_numblocks;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002685
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07002686 if ( (realfd = open(real_blkdev, O_RDONLY|O_CLOEXEC)) < 0) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002687 SLOGE("Error opening real_blkdev %s for inplace encrypt\n", real_blkdev);
JP Abgrall7fc1de82014-10-10 18:43:41 -07002688 return ENABLE_INPLACE_ERR_OTHER;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002689 }
2690
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07002691 if ( (cryptofd = open(crypto_blkdev, O_WRONLY|O_CLOEXEC)) < 0) {
JP Abgrall3334c6a2014-10-10 15:52:11 -07002692 SLOGE("Error opening crypto_blkdev %s for inplace encrypt. err=%d(%s)\n",
2693 crypto_blkdev, errno, strerror(errno));
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002694 close(realfd);
JP Abgrall7fc1de82014-10-10 18:43:41 -07002695 return ENABLE_INPLACE_ERR_DEV;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002696 }
2697
2698 /* This is pretty much a simple loop of reading 4K, and writing 4K.
2699 * The size passed in is the number of 512 byte sectors in the filesystem.
2700 * So compute the number of whole 4K blocks we should read/write,
2701 * and the remainder.
2702 */
2703 numblocks = size / CRYPT_SECTORS_PER_BUFSIZE;
2704 remainder = size % CRYPT_SECTORS_PER_BUFSIZE;
Ken Sumrall29d8da82011-05-18 17:20:07 -07002705 tot_numblocks = tot_size / CRYPT_SECTORS_PER_BUFSIZE;
2706 blocks_already_done = *size_already_done / CRYPT_SECTORS_PER_BUFSIZE;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002707
2708 SLOGE("Encrypting filesystem in place...");
2709
Paul Lawrence87999172014-02-20 12:21:31 -08002710 i = previously_encrypted_upto + 1 - *size_already_done;
2711
2712 if (lseek64(realfd, i * CRYPT_SECTOR_SIZE, SEEK_SET) < 0) {
2713 SLOGE("Cannot seek to previously encrypted point on %s", real_blkdev);
2714 goto errout;
2715 }
2716
2717 if (lseek64(cryptofd, i * CRYPT_SECTOR_SIZE, SEEK_SET) < 0) {
2718 SLOGE("Cannot seek to previously encrypted point on %s", crypto_blkdev);
2719 goto errout;
2720 }
2721
2722 for (;i < size && i % CRYPT_SECTORS_PER_BUFSIZE != 0; ++i) {
2723 if (unix_read(realfd, buf, CRYPT_SECTOR_SIZE) <= 0) {
2724 SLOGE("Error reading initial sectors from real_blkdev %s for "
2725 "inplace encrypt\n", crypto_blkdev);
2726 goto errout;
2727 }
2728 if (unix_write(cryptofd, buf, CRYPT_SECTOR_SIZE) <= 0) {
2729 SLOGE("Error writing initial sectors to crypto_blkdev %s for "
2730 "inplace encrypt\n", crypto_blkdev);
2731 goto errout;
2732 } else {
Elliott Hughescb33f572014-06-25 18:25:11 -07002733 SLOGI("Encrypted 1 block at %" PRId64, i);
Paul Lawrence87999172014-02-20 12:21:31 -08002734 }
2735 }
2736
Ken Sumrall29d8da82011-05-18 17:20:07 -07002737 one_pct = tot_numblocks / 100;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002738 cur_pct = 0;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002739 /* process the majority of the filesystem in blocks */
Paul Lawrence87999172014-02-20 12:21:31 -08002740 for (i/=CRYPT_SECTORS_PER_BUFSIZE; i<numblocks; i++) {
Ken Sumrall29d8da82011-05-18 17:20:07 -07002741 new_pct = (i + blocks_already_done) / one_pct;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002742 if (new_pct > cur_pct) {
2743 char buf[8];
2744
2745 cur_pct = new_pct;
Elliott Hughes73737162014-06-25 17:27:42 -07002746 snprintf(buf, sizeof(buf), "%" PRId64, cur_pct);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002747 property_set("vold.encrypt_progress", buf);
2748 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002749 if (unix_read(realfd, buf, CRYPT_INPLACE_BUFSIZE) <= 0) {
Paul Lawrence87999172014-02-20 12:21:31 -08002750 SLOGE("Error reading real_blkdev %s for inplace encrypt", crypto_blkdev);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002751 goto errout;
2752 }
2753 if (unix_write(cryptofd, buf, CRYPT_INPLACE_BUFSIZE) <= 0) {
Paul Lawrence87999172014-02-20 12:21:31 -08002754 SLOGE("Error writing crypto_blkdev %s for inplace encrypt", crypto_blkdev);
2755 goto errout;
2756 } else {
Elliott Hughescb33f572014-06-25 18:25:11 -07002757 SLOGD("Encrypted %d block at %" PRId64,
Paul Lawrence87999172014-02-20 12:21:31 -08002758 CRYPT_SECTORS_PER_BUFSIZE,
2759 i * CRYPT_SECTORS_PER_BUFSIZE);
2760 }
2761
Paul Lawrence73d7a022014-06-09 14:10:09 -07002762 if (!is_battery_ok_to_continue()) {
Paul Lawrence87999172014-02-20 12:21:31 -08002763 SLOGE("Stopping encryption due to low battery");
2764 *size_already_done += (i + 1) * CRYPT_SECTORS_PER_BUFSIZE - 1;
2765 rc = 0;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002766 goto errout;
2767 }
2768 }
2769
2770 /* Do any remaining sectors */
2771 for (i=0; i<remainder; i++) {
Paul Lawrence87999172014-02-20 12:21:31 -08002772 if (unix_read(realfd, buf, CRYPT_SECTOR_SIZE) <= 0) {
2773 SLOGE("Error reading final sectors from real_blkdev %s for inplace encrypt", crypto_blkdev);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002774 goto errout;
2775 }
Paul Lawrence87999172014-02-20 12:21:31 -08002776 if (unix_write(cryptofd, buf, CRYPT_SECTOR_SIZE) <= 0) {
2777 SLOGE("Error writing final sectors to crypto_blkdev %s for inplace encrypt", crypto_blkdev);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002778 goto errout;
Paul Lawrence87999172014-02-20 12:21:31 -08002779 } else {
2780 SLOGI("Encrypted 1 block at next location");
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002781 }
2782 }
2783
Ken Sumrall29d8da82011-05-18 17:20:07 -07002784 *size_already_done += size;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002785 rc = 0;
2786
2787errout:
2788 close(realfd);
2789 close(cryptofd);
2790
2791 return rc;
2792}
2793
JP Abgrall7fc1de82014-10-10 18:43:41 -07002794/* returns on of the ENABLE_INPLACE_* return codes */
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002795static int cryptfs_enable_inplace(char *crypto_blkdev, char *real_blkdev,
2796 off64_t size, off64_t *size_already_done,
Paul Lawrence87999172014-02-20 12:21:31 -08002797 off64_t tot_size,
2798 off64_t previously_encrypted_upto)
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002799{
JP Abgrall7fc1de82014-10-10 18:43:41 -07002800 int rc_ext4, rc_f2fs, rc_full;
Paul Lawrence87999172014-02-20 12:21:31 -08002801 if (previously_encrypted_upto) {
Elliott Hughescb33f572014-06-25 18:25:11 -07002802 SLOGD("Continuing encryption from %" PRId64, previously_encrypted_upto);
Paul Lawrence87999172014-02-20 12:21:31 -08002803 }
2804
2805 if (*size_already_done + size < previously_encrypted_upto) {
2806 *size_already_done += size;
2807 return 0;
2808 }
2809
Daniel Rosenberge82df162014-08-15 22:19:23 +00002810 /* TODO: identify filesystem type.
2811 * As is, cryptfs_enable_inplace_ext4 will fail on an f2fs partition, and
2812 * then we will drop down to cryptfs_enable_inplace_f2fs.
2813 * */
JP Abgrall7fc1de82014-10-10 18:43:41 -07002814 if ((rc_ext4 = cryptfs_enable_inplace_ext4(crypto_blkdev, real_blkdev,
Daniel Rosenberge82df162014-08-15 22:19:23 +00002815 size, size_already_done,
JP Abgrall7fc1de82014-10-10 18:43:41 -07002816 tot_size, previously_encrypted_upto)) == 0) {
Daniel Rosenberge82df162014-08-15 22:19:23 +00002817 return 0;
2818 }
JP Abgrall7fc1de82014-10-10 18:43:41 -07002819 SLOGD("cryptfs_enable_inplace_ext4()=%d\n", rc_ext4);
Daniel Rosenberge82df162014-08-15 22:19:23 +00002820
JP Abgrall7fc1de82014-10-10 18:43:41 -07002821 if ((rc_f2fs = cryptfs_enable_inplace_f2fs(crypto_blkdev, real_blkdev,
Daniel Rosenberge82df162014-08-15 22:19:23 +00002822 size, size_already_done,
JP Abgrall7fc1de82014-10-10 18:43:41 -07002823 tot_size, previously_encrypted_upto)) == 0) {
Daniel Rosenberge82df162014-08-15 22:19:23 +00002824 return 0;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002825 }
JP Abgrall7fc1de82014-10-10 18:43:41 -07002826 SLOGD("cryptfs_enable_inplace_f2fs()=%d\n", rc_f2fs);
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002827
JP Abgrall7fc1de82014-10-10 18:43:41 -07002828 rc_full = cryptfs_enable_inplace_full(crypto_blkdev, real_blkdev,
Paul Lawrence87999172014-02-20 12:21:31 -08002829 size, size_already_done, tot_size,
2830 previously_encrypted_upto);
JP Abgrall7fc1de82014-10-10 18:43:41 -07002831 SLOGD("cryptfs_enable_inplace_full()=%d\n", rc_full);
2832
2833 /* Hack for b/17898962, the following is the symptom... */
2834 if (rc_ext4 == ENABLE_INPLACE_ERR_DEV
2835 && rc_f2fs == ENABLE_INPLACE_ERR_DEV
2836 && rc_full == ENABLE_INPLACE_ERR_DEV) {
2837 return ENABLE_INPLACE_ERR_DEV;
2838 }
2839 return rc_full;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002840}
2841
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002842#define CRYPTO_ENABLE_WIPE 1
2843#define CRYPTO_ENABLE_INPLACE 2
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002844
2845#define FRAMEWORK_BOOT_WAIT 60
2846
Paul Lawrence87999172014-02-20 12:21:31 -08002847static int cryptfs_SHA256_fileblock(const char* filename, __le8* buf)
2848{
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07002849 int fd = open(filename, O_RDONLY|O_CLOEXEC);
Paul Lawrence87999172014-02-20 12:21:31 -08002850 if (fd == -1) {
2851 SLOGE("Error opening file %s", filename);
2852 return -1;
2853 }
2854
2855 char block[CRYPT_INPLACE_BUFSIZE];
2856 memset(block, 0, sizeof(block));
2857 if (unix_read(fd, block, sizeof(block)) < 0) {
2858 SLOGE("Error reading file %s", filename);
2859 close(fd);
2860 return -1;
2861 }
2862
2863 close(fd);
2864
2865 SHA256_CTX c;
2866 SHA256_Init(&c);
2867 SHA256_Update(&c, block, sizeof(block));
2868 SHA256_Final(buf, &c);
2869
2870 return 0;
2871}
2872
JP Abgrall62c7af32014-06-16 13:01:23 -07002873static int get_fs_type(struct fstab_rec *rec)
2874{
2875 if (!strcmp(rec->fs_type, "ext4")) {
2876 return EXT4_FS;
2877 } else if (!strcmp(rec->fs_type, "f2fs")) {
2878 return F2FS_FS;
2879 } else {
2880 return -1;
2881 }
2882}
2883
Paul Lawrence87999172014-02-20 12:21:31 -08002884static int cryptfs_enable_all_volumes(struct crypt_mnt_ftr *crypt_ftr, int how,
2885 char *crypto_blkdev, char *real_blkdev,
2886 int previously_encrypted_upto)
2887{
2888 off64_t cur_encryption_done=0, tot_encryption_size=0;
Tim Murray8439dc92014-12-15 11:56:11 -08002889 int rc = -1;
Paul Lawrence87999172014-02-20 12:21:31 -08002890
Paul Lawrence73d7a022014-06-09 14:10:09 -07002891 if (!is_battery_ok_to_start()) {
2892 SLOGW("Not starting encryption due to low battery");
Paul Lawrence87999172014-02-20 12:21:31 -08002893 return 0;
2894 }
2895
2896 /* The size of the userdata partition, and add in the vold volumes below */
2897 tot_encryption_size = crypt_ftr->fs_size;
2898
2899 if (how == CRYPTO_ENABLE_WIPE) {
JP Abgrall62c7af32014-06-16 13:01:23 -07002900 struct fstab_rec* rec = fs_mgr_get_entry_for_mount_point(fstab, DATA_MNT_POINT);
2901 int fs_type = get_fs_type(rec);
2902 if (fs_type < 0) {
2903 SLOGE("cryptfs_enable: unsupported fs type %s\n", rec->fs_type);
2904 return -1;
2905 }
2906 rc = cryptfs_enable_wipe(crypto_blkdev, crypt_ftr->fs_size, fs_type);
Paul Lawrence87999172014-02-20 12:21:31 -08002907 } else if (how == CRYPTO_ENABLE_INPLACE) {
2908 rc = cryptfs_enable_inplace(crypto_blkdev, real_blkdev,
2909 crypt_ftr->fs_size, &cur_encryption_done,
2910 tot_encryption_size,
2911 previously_encrypted_upto);
2912
JP Abgrall7fc1de82014-10-10 18:43:41 -07002913 if (rc == ENABLE_INPLACE_ERR_DEV) {
2914 /* Hack for b/17898962 */
2915 SLOGE("cryptfs_enable: crypto block dev failure. Must reboot...\n");
2916 cryptfs_reboot(reboot);
2917 }
2918
Paul Lawrence73d7a022014-06-09 14:10:09 -07002919 if (!rc) {
Paul Lawrence87999172014-02-20 12:21:31 -08002920 crypt_ftr->encrypted_upto = cur_encryption_done;
2921 }
2922
Paul Lawrence73d7a022014-06-09 14:10:09 -07002923 if (!rc && crypt_ftr->encrypted_upto == crypt_ftr->fs_size) {
Paul Lawrence87999172014-02-20 12:21:31 -08002924 /* The inplace routine never actually sets the progress to 100% due
2925 * to the round down nature of integer division, so set it here */
2926 property_set("vold.encrypt_progress", "100");
2927 }
2928 } else {
2929 /* Shouldn't happen */
2930 SLOGE("cryptfs_enable: internal error, unknown option\n");
2931 rc = -1;
2932 }
2933
2934 return rc;
2935}
2936
Paul Lawrence13486032014-02-03 13:28:11 -08002937int cryptfs_enable_internal(char *howarg, int crypt_type, char *passwd,
Paul Lawrence569649f2015-09-09 12:13:00 -07002938 int no_ui)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002939{
2940 int how = 0;
Paul Lawrence87999172014-02-20 12:21:31 -08002941 char crypto_blkdev[MAXPATHLEN], real_blkdev[MAXPATHLEN];
Ken Sumrall160b4d62013-04-22 12:15:39 -07002942 unsigned char decrypted_master_key[KEY_LEN_BYTES];
Hiroaki Miyazawa14eab552015-02-04 13:29:15 +09002943 int rc=-1, i;
Paul Lawrence87999172014-02-20 12:21:31 -08002944 struct crypt_mnt_ftr crypt_ftr;
Ken Sumrall160b4d62013-04-22 12:15:39 -07002945 struct crypt_persist_data *pdata;
Ken Sumrall29d8da82011-05-18 17:20:07 -07002946 char encrypted_state[PROPERTY_VALUE_MAX];
Ken Sumrall5d4c68e2011-01-30 19:06:03 -08002947 char lockid[32] = { 0 };
Ken Sumrall29d8da82011-05-18 17:20:07 -07002948 char key_loc[PROPERTY_VALUE_MAX];
Ken Sumrall29d8da82011-05-18 17:20:07 -07002949 int num_vols;
Paul Lawrence87999172014-02-20 12:21:31 -08002950 off64_t previously_encrypted_upto = 0;
Paul Lawrence3d99eba2015-11-20 07:07:19 -08002951 bool rebootEncryption = false;
Ken Sumrall29d8da82011-05-18 17:20:07 -07002952
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002953 if (!strcmp(howarg, "wipe")) {
2954 how = CRYPTO_ENABLE_WIPE;
2955 } else if (! strcmp(howarg, "inplace")) {
2956 how = CRYPTO_ENABLE_INPLACE;
2957 } else {
2958 /* Shouldn't happen, as CommandListener vets the args */
Ken Sumrall3ed82362011-01-28 23:31:16 -08002959 goto error_unencrypted;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002960 }
2961
Paul Lawrence87999172014-02-20 12:21:31 -08002962 if (how == CRYPTO_ENABLE_INPLACE
Paul Lawrence3d99eba2015-11-20 07:07:19 -08002963 && get_crypt_ftr_and_key(&crypt_ftr) == 0) {
2964 if (crypt_ftr.flags & CRYPT_ENCRYPTION_IN_PROGRESS) {
2965 /* An encryption was underway and was interrupted */
2966 previously_encrypted_upto = crypt_ftr.encrypted_upto;
2967 crypt_ftr.encrypted_upto = 0;
2968 crypt_ftr.flags &= ~CRYPT_ENCRYPTION_IN_PROGRESS;
Paul Lawrence6bfed202014-07-28 12:47:22 -07002969
Paul Lawrence3d99eba2015-11-20 07:07:19 -08002970 /* At this point, we are in an inconsistent state. Until we successfully
2971 complete encryption, a reboot will leave us broken. So mark the
2972 encryption failed in case that happens.
2973 On successfully completing encryption, remove this flag */
2974 crypt_ftr.flags |= CRYPT_INCONSISTENT_STATE;
Paul Lawrence6bfed202014-07-28 12:47:22 -07002975
Paul Lawrence3d99eba2015-11-20 07:07:19 -08002976 put_crypt_ftr_and_key(&crypt_ftr);
2977 } else if (crypt_ftr.flags & CRYPT_FORCE_ENCRYPTION) {
2978 if (!check_ftr_sha(&crypt_ftr)) {
2979 memset(&crypt_ftr, 0, sizeof(crypt_ftr));
2980 put_crypt_ftr_and_key(&crypt_ftr);
2981 goto error_unencrypted;
2982 }
2983
2984 /* Doing a reboot-encryption*/
2985 crypt_ftr.flags &= ~CRYPT_FORCE_ENCRYPTION;
2986 crypt_ftr.flags |= CRYPT_FORCE_COMPLETE;
2987 rebootEncryption = true;
2988 }
Paul Lawrence87999172014-02-20 12:21:31 -08002989 }
2990
2991 property_get("ro.crypto.state", encrypted_state, "");
2992 if (!strcmp(encrypted_state, "encrypted") && !previously_encrypted_upto) {
2993 SLOGE("Device is already running encrypted, aborting");
2994 goto error_unencrypted;
2995 }
2996
2997 // TODO refactor fs_mgr_get_crypt_info to get both in one call
2998 fs_mgr_get_crypt_info(fstab, key_loc, 0, sizeof(key_loc));
Ken Sumrall56ad03c2013-02-13 13:00:19 -08002999 fs_mgr_get_crypt_info(fstab, 0, real_blkdev, sizeof(real_blkdev));
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003000
Ken Sumrall3ed82362011-01-28 23:31:16 -08003001 /* Get the size of the real block device */
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07003002 int fd = open(real_blkdev, O_RDONLY|O_CLOEXEC);
Hiroaki Miyazawa14eab552015-02-04 13:29:15 +09003003 if (fd == -1) {
3004 SLOGE("Cannot open block device %s\n", real_blkdev);
3005 goto error_unencrypted;
3006 }
3007 unsigned long nr_sec;
3008 get_blkdev_size(fd, &nr_sec);
3009 if (nr_sec == 0) {
Ken Sumrall3ed82362011-01-28 23:31:16 -08003010 SLOGE("Cannot get size of block device %s\n", real_blkdev);
3011 goto error_unencrypted;
3012 }
3013 close(fd);
3014
3015 /* If doing inplace encryption, make sure the orig fs doesn't include the crypto footer */
Ken Sumrall29d8da82011-05-18 17:20:07 -07003016 if ((how == CRYPTO_ENABLE_INPLACE) && (!strcmp(key_loc, KEY_IN_FOOTER))) {
Ken Sumrall3ed82362011-01-28 23:31:16 -08003017 unsigned int fs_size_sec, max_fs_size_sec;
Jim Millera70abc62014-08-15 02:00:45 +00003018 fs_size_sec = get_fs_size(real_blkdev);
Daniel Rosenberge82df162014-08-15 22:19:23 +00003019 if (fs_size_sec == 0)
3020 fs_size_sec = get_f2fs_filesystem_size_sec(real_blkdev);
3021
Paul Lawrence87999172014-02-20 12:21:31 -08003022 max_fs_size_sec = nr_sec - (CRYPT_FOOTER_OFFSET / CRYPT_SECTOR_SIZE);
Ken Sumrall3ed82362011-01-28 23:31:16 -08003023
3024 if (fs_size_sec > max_fs_size_sec) {
3025 SLOGE("Orig filesystem overlaps crypto footer region. Cannot encrypt in place.");
3026 goto error_unencrypted;
3027 }
3028 }
3029
Ken Sumrall5d4c68e2011-01-30 19:06:03 -08003030 /* Get a wakelock as this may take a while, and we don't want the
3031 * device to sleep on us. We'll grab a partial wakelock, and if the UI
3032 * wants to keep the screen on, it can grab a full wakelock.
3033 */
Ken Sumrall29d8da82011-05-18 17:20:07 -07003034 snprintf(lockid, sizeof(lockid), "enablecrypto%d", (int) getpid());
Ken Sumrall5d4c68e2011-01-30 19:06:03 -08003035 acquire_wake_lock(PARTIAL_WAKE_LOCK, lockid);
3036
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003037 /* The init files are setup to stop the class main and late start when
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003038 * vold sets trigger_shutdown_framework.
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003039 */
3040 property_set("vold.decrypt", "trigger_shutdown_framework");
3041 SLOGD("Just asked init to shut down class main\n");
3042
Jeff Sharkey9c484982015-03-31 10:35:33 -07003043 /* Ask vold to unmount all devices that it manages */
3044 if (vold_unmountAll()) {
3045 SLOGE("Failed to unmount all vold managed devices");
Ken Sumrall2eaf7132011-01-14 12:45:48 -08003046 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003047
Paul Lawrence3d99eba2015-11-20 07:07:19 -08003048 /* no_ui means we are being called from init, not settings.
3049 Now we always reboot from settings, so !no_ui means reboot
3050 */
3051 bool onlyCreateHeader = false;
3052 if (!no_ui) {
3053 /* Try fallback, which is to reboot and try there */
3054 onlyCreateHeader = true;
3055 FILE* breadcrumb = fopen(BREADCRUMB_FILE, "we");
3056 if (breadcrumb == 0) {
3057 SLOGE("Failed to create breadcrumb file");
3058 goto error_shutting_down;
3059 }
3060 fclose(breadcrumb);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003061 }
3062
3063 /* Do extra work for a better UX when doing the long inplace encryption */
Paul Lawrence3d99eba2015-11-20 07:07:19 -08003064 if (how == CRYPTO_ENABLE_INPLACE && !onlyCreateHeader) {
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003065 /* Now that /data is unmounted, we need to mount a tmpfs
3066 * /data, set a property saying we're doing inplace encryption,
3067 * and restart the framework.
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003068 */
Ken Sumralle5032c42012-04-01 23:58:44 -07003069 if (fs_mgr_do_tmpfs_mount(DATA_MNT_POINT)) {
Ken Sumrall3ed82362011-01-28 23:31:16 -08003070 goto error_shutting_down;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003071 }
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003072 /* Tells the framework that inplace encryption is starting */
Ken Sumrall7df84122011-01-18 14:04:08 -08003073 property_set("vold.encrypt_progress", "0");
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003074
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003075 /* restart the framework. */
3076 /* Create necessary paths on /data */
3077 if (prep_data_fs()) {
Ken Sumrall3ed82362011-01-28 23:31:16 -08003078 goto error_shutting_down;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003079 }
3080
Ken Sumrall92736ef2012-10-17 20:57:14 -07003081 /* Ugh, shutting down the framework is not synchronous, so until it
3082 * can be fixed, this horrible hack will wait a moment for it all to
3083 * shut down before proceeding. Without it, some devices cannot
3084 * restart the graphics services.
3085 */
3086 sleep(2);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003087 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003088
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003089 /* Start the actual work of making an encrypted filesystem */
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003090 /* Initialize a crypt_mnt_ftr for the partition */
Paul Lawrence3d99eba2015-11-20 07:07:19 -08003091 if (previously_encrypted_upto == 0 && !rebootEncryption) {
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07003092 if (cryptfs_init_crypt_mnt_ftr(&crypt_ftr)) {
3093 goto error_shutting_down;
3094 }
Ken Sumrall160b4d62013-04-22 12:15:39 -07003095
Paul Lawrence87999172014-02-20 12:21:31 -08003096 if (!strcmp(key_loc, KEY_IN_FOOTER)) {
3097 crypt_ftr.fs_size = nr_sec
3098 - (CRYPT_FOOTER_OFFSET / CRYPT_SECTOR_SIZE);
3099 } else {
3100 crypt_ftr.fs_size = nr_sec;
3101 }
Paul Lawrence6bfed202014-07-28 12:47:22 -07003102 /* At this point, we are in an inconsistent state. Until we successfully
3103 complete encryption, a reboot will leave us broken. So mark the
3104 encryption failed in case that happens.
3105 On successfully completing encryption, remove this flag */
Paul Lawrence3d99eba2015-11-20 07:07:19 -08003106 if (onlyCreateHeader) {
3107 crypt_ftr.flags |= CRYPT_FORCE_ENCRYPTION;
3108 } else {
3109 crypt_ftr.flags |= CRYPT_INCONSISTENT_STATE;
3110 }
Paul Lawrence87999172014-02-20 12:21:31 -08003111 crypt_ftr.crypt_type = crypt_type;
Ajay Dudani87701e22014-09-17 21:02:52 -07003112#ifndef CONFIG_HW_DISK_ENCRYPTION
3113 strlcpy((char *)crypt_ftr.crypto_type_name, "aes-cbc-essiv:sha256", MAX_CRYPTO_TYPE_NAME_LEN);
3114#else
3115 strlcpy((char *)crypt_ftr.crypto_type_name, "aes-xts", MAX_CRYPTO_TYPE_NAME_LEN);
3116
Iliyan Malchevbb7d9af2014-11-20 18:42:23 -08003117 rc = clear_hw_device_encryption_key();
Ajay Dudani87701e22014-09-17 21:02:52 -07003118 if (!rc) {
3119 SLOGE("Error clearing device encryption hardware key. rc = %d", rc);
3120 }
3121
3122 rc = set_hw_device_encryption_key(passwd,
3123 (char*) crypt_ftr.crypto_type_name);
3124 if (!rc) {
3125 SLOGE("Error initializing device encryption hardware key. rc = %d", rc);
3126 goto error_shutting_down;
3127 }
3128#endif
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003129
Paul Lawrence87999172014-02-20 12:21:31 -08003130 /* Make an encrypted master key */
Paul Lawrence3d99eba2015-11-20 07:07:19 -08003131 if (create_encrypted_random_key(onlyCreateHeader ? DEFAULT_PASSWORD : passwd,
3132 crypt_ftr.master_key, crypt_ftr.salt, &crypt_ftr)) {
Paul Lawrence87999172014-02-20 12:21:31 -08003133 SLOGE("Cannot create encrypted master key\n");
3134 goto error_shutting_down;
3135 }
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003136
Paul Lawrence3d99eba2015-11-20 07:07:19 -08003137 /* Replace scrypted intermediate key if we are preparing for a reboot */
3138 if (onlyCreateHeader) {
3139 unsigned char fake_master_key[KEY_LEN_BYTES];
3140 unsigned char encrypted_fake_master_key[KEY_LEN_BYTES];
3141 memset(fake_master_key, 0, sizeof(fake_master_key));
3142 encrypt_master_key(passwd, crypt_ftr.salt, fake_master_key,
3143 encrypted_fake_master_key, &crypt_ftr);
3144 }
3145
Paul Lawrence87999172014-02-20 12:21:31 -08003146 /* Write the key to the end of the partition */
3147 put_crypt_ftr_and_key(&crypt_ftr);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003148
Paul Lawrence87999172014-02-20 12:21:31 -08003149 /* If any persistent data has been remembered, save it.
3150 * If none, create a valid empty table and save that.
3151 */
3152 if (!persist_data) {
3153 pdata = malloc(CRYPT_PERSIST_DATA_SIZE);
3154 if (pdata) {
3155 init_empty_persist_data(pdata, CRYPT_PERSIST_DATA_SIZE);
3156 persist_data = pdata;
3157 }
3158 }
3159 if (persist_data) {
3160 save_persistent_data();
3161 }
Ken Sumrall160b4d62013-04-22 12:15:39 -07003162 }
3163
Paul Lawrence3d99eba2015-11-20 07:07:19 -08003164 if (onlyCreateHeader) {
3165 sleep(2);
3166 cryptfs_reboot(reboot);
3167 }
3168
3169 if (how == CRYPTO_ENABLE_INPLACE && (!no_ui || rebootEncryption)) {
Ajay Dudani87701e22014-09-17 21:02:52 -07003170 /* startup service classes main and late_start */
3171 property_set("vold.decrypt", "trigger_restart_min_framework");
3172 SLOGD("Just triggered restart_min_framework\n");
3173
3174 /* OK, the framework is restarted and will soon be showing a
3175 * progress bar. Time to setup an encrypted mapping, and
3176 * either write a new filesystem, or encrypt in place updating
3177 * the progress bar as we work.
3178 */
3179 }
3180
Paul Lawrenced0c7b172014-08-08 14:28:10 -07003181 decrypt_master_key(passwd, decrypted_master_key, &crypt_ftr, 0, 0);
Ken Sumrall29d8da82011-05-18 17:20:07 -07003182 create_crypto_blk_dev(&crypt_ftr, decrypted_master_key, real_blkdev, crypto_blkdev,
Paul Lawrence3d99eba2015-11-20 07:07:19 -08003183 CRYPTO_BLOCK_DEVICE);
Ken Sumrall29d8da82011-05-18 17:20:07 -07003184
Paul Lawrence87999172014-02-20 12:21:31 -08003185 /* If we are continuing, check checksums match */
3186 rc = 0;
3187 if (previously_encrypted_upto) {
3188 __le8 hash_first_block[SHA256_DIGEST_LENGTH];
3189 rc = cryptfs_SHA256_fileblock(crypto_blkdev, hash_first_block);
Ken Sumrall128626f2011-06-28 18:45:14 -07003190
Paul Lawrence87999172014-02-20 12:21:31 -08003191 if (!rc && memcmp(hash_first_block, crypt_ftr.hash_first_block,
3192 sizeof(hash_first_block)) != 0) {
3193 SLOGE("Checksums do not match - trigger wipe");
3194 rc = -1;
Ken Sumrall29d8da82011-05-18 17:20:07 -07003195 }
3196 }
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003197
Paul Lawrence87999172014-02-20 12:21:31 -08003198 if (!rc) {
3199 rc = cryptfs_enable_all_volumes(&crypt_ftr, how,
3200 crypto_blkdev, real_blkdev,
3201 previously_encrypted_upto);
3202 }
3203
3204 /* Calculate checksum if we are not finished */
Paul Lawrenceb1eb7a02014-11-25 14:57:32 -08003205 if (!rc && how == CRYPTO_ENABLE_INPLACE
3206 && crypt_ftr.encrypted_upto != crypt_ftr.fs_size) {
Paul Lawrence87999172014-02-20 12:21:31 -08003207 rc = cryptfs_SHA256_fileblock(crypto_blkdev,
3208 crypt_ftr.hash_first_block);
Paul Lawrence73d7a022014-06-09 14:10:09 -07003209 if (rc) {
Paul Lawrence87999172014-02-20 12:21:31 -08003210 SLOGE("Error calculating checksum for continuing encryption");
3211 rc = -1;
Ken Sumrall29d8da82011-05-18 17:20:07 -07003212 }
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003213 }
3214
3215 /* Undo the dm-crypt mapping whether we succeed or not */
Paul Lawrence3d99eba2015-11-20 07:07:19 -08003216 delete_crypto_blk_dev(CRYPTO_BLOCK_DEVICE);
Ken Sumrall29d8da82011-05-18 17:20:07 -07003217
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003218 if (! rc) {
3219 /* Success */
Paul Lawrence6bfed202014-07-28 12:47:22 -07003220 crypt_ftr.flags &= ~CRYPT_INCONSISTENT_STATE;
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08003221
Paul Lawrenceb1eb7a02014-11-25 14:57:32 -08003222 if (how == CRYPTO_ENABLE_INPLACE
3223 && crypt_ftr.encrypted_upto != crypt_ftr.fs_size) {
Paul Lawrence87999172014-02-20 12:21:31 -08003224 SLOGD("Encrypted up to sector %lld - will continue after reboot",
3225 crypt_ftr.encrypted_upto);
Paul Lawrence6bfed202014-07-28 12:47:22 -07003226 crypt_ftr.flags |= CRYPT_ENCRYPTION_IN_PROGRESS;
Paul Lawrence87999172014-02-20 12:21:31 -08003227 }
Paul Lawrence73d7a022014-06-09 14:10:09 -07003228
Paul Lawrence6bfed202014-07-28 12:47:22 -07003229 put_crypt_ftr_and_key(&crypt_ftr);
Ken Sumralld33d4172011-02-01 00:49:13 -08003230
Paul Lawrenceb1eb7a02014-11-25 14:57:32 -08003231 if (how == CRYPTO_ENABLE_WIPE
3232 || crypt_ftr.encrypted_upto == crypt_ftr.fs_size) {
Paul Lawrenceb6672e12014-08-15 07:37:28 -07003233 char value[PROPERTY_VALUE_MAX];
3234 property_get("ro.crypto.state", value, "");
3235 if (!strcmp(value, "")) {
3236 /* default encryption - continue first boot sequence */
3237 property_set("ro.crypto.state", "encrypted");
Paul Lawrence4ed45262016-03-10 15:44:21 -08003238 property_set("ro.crypto.type", "block");
Paul Lawrenceb6672e12014-08-15 07:37:28 -07003239 release_wake_lock(lockid);
Paul Lawrence3d99eba2015-11-20 07:07:19 -08003240 if (rebootEncryption && crypt_ftr.crypt_type != CRYPT_TYPE_DEFAULT) {
3241 // Bring up cryptkeeper that will check the password and set it
3242 property_set("vold.decrypt", "trigger_shutdown_framework");
3243 sleep(2);
3244 property_set("vold.encrypt_progress", "");
3245 cryptfs_trigger_restart_min_framework();
3246 } else {
3247 cryptfs_check_passwd(DEFAULT_PASSWORD);
3248 cryptfs_restart_internal(1);
3249 }
Paul Lawrenceb6672e12014-08-15 07:37:28 -07003250 return 0;
3251 } else {
3252 sleep(2); /* Give the UI a chance to show 100% progress */
Paul Lawrence87999172014-02-20 12:21:31 -08003253 cryptfs_reboot(reboot);
Paul Lawrenceb6672e12014-08-15 07:37:28 -07003254 }
Paul Lawrence87999172014-02-20 12:21:31 -08003255 } else {
Paul Lawrenceb6672e12014-08-15 07:37:28 -07003256 sleep(2); /* Partially encrypted, ensure writes flushed to ssd */
Paul Lawrence87999172014-02-20 12:21:31 -08003257 cryptfs_reboot(shutdown);
3258 }
Ken Sumrall3ed82362011-01-28 23:31:16 -08003259 } else {
Mike Lockwoodee6d8c42012-02-15 13:43:28 -08003260 char value[PROPERTY_VALUE_MAX];
3261
Ken Sumrall319369a2012-06-27 16:30:18 -07003262 property_get("ro.vold.wipe_on_crypt_fail", value, "0");
Mike Lockwoodee6d8c42012-02-15 13:43:28 -08003263 if (!strcmp(value, "1")) {
3264 /* wipe data if encryption failed */
3265 SLOGE("encryption failed - rebooting into recovery to wipe data\n");
Yabin Cuiffa2e092016-04-06 17:21:38 -07003266 if (!write_bootloader_message("--wipe_data\n--reason=cryptfs_enable_internal\n")) {
3267 SLOGE("could not write bootloader message\n");
Mike Lockwoodee6d8c42012-02-15 13:43:28 -08003268 }
Paul Lawrence87999172014-02-20 12:21:31 -08003269 cryptfs_reboot(recovery);
Mike Lockwoodee6d8c42012-02-15 13:43:28 -08003270 } else {
3271 /* set property to trigger dialog */
3272 property_set("vold.encrypt_progress", "error_partially_encrypted");
3273 release_wake_lock(lockid);
3274 }
Ken Sumrall3ed82362011-01-28 23:31:16 -08003275 return -1;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003276 }
3277
Ken Sumrall3ed82362011-01-28 23:31:16 -08003278 /* hrm, the encrypt step claims success, but the reboot failed.
3279 * This should not happen.
3280 * Set the property and return. Hope the framework can deal with it.
3281 */
3282 property_set("vold.encrypt_progress", "error_reboot_failed");
Ken Sumrall5d4c68e2011-01-30 19:06:03 -08003283 release_wake_lock(lockid);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003284 return rc;
Ken Sumrall3ed82362011-01-28 23:31:16 -08003285
3286error_unencrypted:
3287 property_set("vold.encrypt_progress", "error_not_encrypted");
Ken Sumrall5d4c68e2011-01-30 19:06:03 -08003288 if (lockid[0]) {
3289 release_wake_lock(lockid);
3290 }
Ken Sumrall3ed82362011-01-28 23:31:16 -08003291 return -1;
3292
3293error_shutting_down:
3294 /* we failed, and have not encrypted anthing, so the users's data is still intact,
3295 * but the framework is stopped and not restarted to show the error, so it's up to
3296 * vold to restart the system.
3297 */
3298 SLOGE("Error enabling encryption after framework is shutdown, no data changed, restarting system");
Paul Lawrence87999172014-02-20 12:21:31 -08003299 cryptfs_reboot(reboot);
Ken Sumrall3ed82362011-01-28 23:31:16 -08003300
3301 /* shouldn't get here */
3302 property_set("vold.encrypt_progress", "error_shutting_down");
Ken Sumrall5d4c68e2011-01-30 19:06:03 -08003303 if (lockid[0]) {
3304 release_wake_lock(lockid);
3305 }
Ken Sumrall3ed82362011-01-28 23:31:16 -08003306 return -1;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003307}
3308
Paul Lawrence569649f2015-09-09 12:13:00 -07003309int cryptfs_enable(char *howarg, int type, char *passwd, int no_ui)
Paul Lawrence13486032014-02-03 13:28:11 -08003310{
Paul Lawrence569649f2015-09-09 12:13:00 -07003311 return cryptfs_enable_internal(howarg, type, passwd, no_ui);
Paul Lawrence13486032014-02-03 13:28:11 -08003312}
3313
Paul Lawrence569649f2015-09-09 12:13:00 -07003314int cryptfs_enable_default(char *howarg, int no_ui)
Paul Lawrence13486032014-02-03 13:28:11 -08003315{
3316 return cryptfs_enable_internal(howarg, CRYPT_TYPE_DEFAULT,
Paul Lawrence569649f2015-09-09 12:13:00 -07003317 DEFAULT_PASSWORD, no_ui);
Paul Lawrence13486032014-02-03 13:28:11 -08003318}
3319
3320int cryptfs_changepw(int crypt_type, const char *newpw)
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003321{
Paul Crowley38132a12016-02-09 09:50:32 +00003322 if (e4crypt_is_native()) {
Paul Lawrence7b6b5652016-02-02 11:14:59 -08003323 SLOGE("cryptfs_changepw not valid for file encryption");
3324 return -1;
Paul Lawrence05335c32015-03-05 09:46:23 -08003325 }
3326
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003327 struct crypt_mnt_ftr crypt_ftr;
JP Abgrall933216c2015-02-11 13:44:32 -08003328 int rc;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003329
3330 /* This is only allowed after we've successfully decrypted the master key */
Paul Lawrencef4faa572014-01-29 13:31:03 -08003331 if (!master_key_saved) {
Ken Sumrall0cc16632011-01-18 20:32:26 -08003332 SLOGE("Key not saved, aborting");
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003333 return -1;
3334 }
3335
Paul Lawrencef4faa572014-01-29 13:31:03 -08003336 if (crypt_type < 0 || crypt_type > CRYPT_TYPE_MAX_TYPE) {
3337 SLOGE("Invalid crypt_type %d", crypt_type);
3338 return -1;
3339 }
3340
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003341 /* get key */
Ken Sumrall160b4d62013-04-22 12:15:39 -07003342 if (get_crypt_ftr_and_key(&crypt_ftr)) {
Paul Lawrencef4faa572014-01-29 13:31:03 -08003343 SLOGE("Error getting crypt footer and key");
3344 return -1;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003345 }
3346
Paul Lawrencef4faa572014-01-29 13:31:03 -08003347 crypt_ftr.crypt_type = crypt_type;
3348
JP Abgrall933216c2015-02-11 13:44:32 -08003349 rc = encrypt_master_key(crypt_type == CRYPT_TYPE_DEFAULT ? DEFAULT_PASSWORD
Paul Lawrencef4faa572014-01-29 13:31:03 -08003350 : newpw,
3351 crypt_ftr.salt,
3352 saved_master_key,
3353 crypt_ftr.master_key,
3354 &crypt_ftr);
JP Abgrall933216c2015-02-11 13:44:32 -08003355 if (rc) {
3356 SLOGE("Encrypt master key failed: %d", rc);
3357 return -1;
3358 }
Jason parks70a4b3f2011-01-28 10:10:47 -06003359 /* save the key */
Ken Sumrall160b4d62013-04-22 12:15:39 -07003360 put_crypt_ftr_and_key(&crypt_ftr);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003361
Ajay Dudani87701e22014-09-17 21:02:52 -07003362#ifdef CONFIG_HW_DISK_ENCRYPTION
Iliyan Malchevbb7d9af2014-11-20 18:42:23 -08003363 if (!strcmp((char *)crypt_ftr.crypto_type_name, "aes-xts")) {
3364 if (crypt_type == CRYPT_TYPE_DEFAULT) {
3365 int rc = update_hw_device_encryption_key(DEFAULT_PASSWORD, (char*) crypt_ftr.crypto_type_name);
3366 SLOGD("Update hardware encryption key to default for crypt_type: %d. rc = %d", crypt_type, rc);
3367 if (!rc)
3368 return -1;
3369 } else {
3370 int rc = update_hw_device_encryption_key(newpw, (char*) crypt_ftr.crypto_type_name);
3371 SLOGD("Update hardware encryption key for crypt_type: %d. rc = %d", crypt_type, rc);
3372 if (!rc)
3373 return -1;
3374 }
Ajay Dudani87701e22014-09-17 21:02:52 -07003375 }
3376#endif
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003377 return 0;
3378}
Ken Sumrall160b4d62013-04-22 12:15:39 -07003379
Rubin Xu85c01f92014-10-13 12:49:54 +01003380static unsigned int persist_get_max_entries(int encrypted) {
3381 struct crypt_mnt_ftr crypt_ftr;
3382 unsigned int dsize;
3383 unsigned int max_persistent_entries;
3384
3385 /* If encrypted, use the values from the crypt_ftr, otherwise
3386 * use the values for the current spec.
3387 */
3388 if (encrypted) {
3389 if (get_crypt_ftr_and_key(&crypt_ftr)) {
3390 return -1;
3391 }
3392 dsize = crypt_ftr.persist_data_size;
3393 } else {
3394 dsize = CRYPT_PERSIST_DATA_SIZE;
3395 }
3396
3397 max_persistent_entries = (dsize - sizeof(struct crypt_persist_data)) /
3398 sizeof(struct crypt_persist_entry);
3399
3400 return max_persistent_entries;
3401}
3402
3403static int persist_get_key(const char *fieldname, char *value)
Ken Sumrall160b4d62013-04-22 12:15:39 -07003404{
3405 unsigned int i;
3406
3407 if (persist_data == NULL) {
3408 return -1;
3409 }
3410 for (i = 0; i < persist_data->persist_valid_entries; i++) {
3411 if (!strncmp(persist_data->persist_entry[i].key, fieldname, PROPERTY_KEY_MAX)) {
3412 /* We found it! */
3413 strlcpy(value, persist_data->persist_entry[i].val, PROPERTY_VALUE_MAX);
3414 return 0;
3415 }
3416 }
3417
3418 return -1;
3419}
3420
Rubin Xu85c01f92014-10-13 12:49:54 +01003421static int persist_set_key(const char *fieldname, const char *value, int encrypted)
Ken Sumrall160b4d62013-04-22 12:15:39 -07003422{
3423 unsigned int i;
3424 unsigned int num;
Ken Sumrall160b4d62013-04-22 12:15:39 -07003425 unsigned int max_persistent_entries;
Ken Sumrall160b4d62013-04-22 12:15:39 -07003426
3427 if (persist_data == NULL) {
3428 return -1;
3429 }
3430
Rubin Xu85c01f92014-10-13 12:49:54 +01003431 max_persistent_entries = persist_get_max_entries(encrypted);
Ken Sumrall160b4d62013-04-22 12:15:39 -07003432
3433 num = persist_data->persist_valid_entries;
3434
3435 for (i = 0; i < num; i++) {
3436 if (!strncmp(persist_data->persist_entry[i].key, fieldname, PROPERTY_KEY_MAX)) {
3437 /* We found an existing entry, update it! */
3438 memset(persist_data->persist_entry[i].val, 0, PROPERTY_VALUE_MAX);
3439 strlcpy(persist_data->persist_entry[i].val, value, PROPERTY_VALUE_MAX);
3440 return 0;
3441 }
3442 }
3443
3444 /* We didn't find it, add it to the end, if there is room */
3445 if (persist_data->persist_valid_entries < max_persistent_entries) {
3446 memset(&persist_data->persist_entry[num], 0, sizeof(struct crypt_persist_entry));
3447 strlcpy(persist_data->persist_entry[num].key, fieldname, PROPERTY_KEY_MAX);
3448 strlcpy(persist_data->persist_entry[num].val, value, PROPERTY_VALUE_MAX);
3449 persist_data->persist_valid_entries++;
3450 return 0;
3451 }
3452
3453 return -1;
3454}
3455
Rubin Xu85c01f92014-10-13 12:49:54 +01003456/**
3457 * Test if key is part of the multi-entry (field, index) sequence. Return non-zero if key is in the
3458 * sequence and its index is greater than or equal to index. Return 0 otherwise.
3459 */
3460static int match_multi_entry(const char *key, const char *field, unsigned index) {
Rubin Xu85c01f92014-10-13 12:49:54 +01003461 unsigned int field_len;
3462 unsigned int key_index;
3463 field_len = strlen(field);
3464
3465 if (index == 0) {
3466 // The first key in a multi-entry field is just the filedname itself.
3467 if (!strcmp(key, field)) {
3468 return 1;
3469 }
3470 }
3471 // Match key against "%s_%d" % (field, index)
3472 if (strlen(key) < field_len + 1 + 1) {
3473 // Need at least a '_' and a digit.
3474 return 0;
3475 }
3476 if (strncmp(key, field, field_len)) {
3477 // If the key does not begin with field, it's not a match.
3478 return 0;
3479 }
3480 if (1 != sscanf(&key[field_len],"_%d", &key_index)) {
3481 return 0;
3482 }
3483 return key_index >= index;
3484}
3485
3486/*
3487 * Delete entry/entries from persist_data. If the entries are part of a multi-segment field, all
3488 * remaining entries starting from index will be deleted.
3489 * returns PERSIST_DEL_KEY_OK if deletion succeeds,
3490 * PERSIST_DEL_KEY_ERROR_NO_FIELD if the field does not exist,
3491 * and PERSIST_DEL_KEY_ERROR_OTHER if error occurs.
3492 *
3493 */
3494static int persist_del_keys(const char *fieldname, unsigned index)
3495{
3496 unsigned int i;
3497 unsigned int j;
3498 unsigned int num;
3499
3500 if (persist_data == NULL) {
3501 return PERSIST_DEL_KEY_ERROR_OTHER;
3502 }
3503
3504 num = persist_data->persist_valid_entries;
3505
3506 j = 0; // points to the end of non-deleted entries.
3507 // Filter out to-be-deleted entries in place.
3508 for (i = 0; i < num; i++) {
3509 if (!match_multi_entry(persist_data->persist_entry[i].key, fieldname, index)) {
3510 persist_data->persist_entry[j] = persist_data->persist_entry[i];
3511 j++;
3512 }
3513 }
3514
3515 if (j < num) {
3516 persist_data->persist_valid_entries = j;
3517 // Zeroise the remaining entries
3518 memset(&persist_data->persist_entry[j], 0, (num - j) * sizeof(struct crypt_persist_entry));
3519 return PERSIST_DEL_KEY_OK;
3520 } else {
3521 // Did not find an entry matching the given fieldname
3522 return PERSIST_DEL_KEY_ERROR_NO_FIELD;
3523 }
3524}
3525
3526static int persist_count_keys(const char *fieldname)
3527{
3528 unsigned int i;
3529 unsigned int count;
3530
3531 if (persist_data == NULL) {
3532 return -1;
3533 }
3534
3535 count = 0;
3536 for (i = 0; i < persist_data->persist_valid_entries; i++) {
3537 if (match_multi_entry(persist_data->persist_entry[i].key, fieldname, 0)) {
3538 count++;
3539 }
3540 }
3541
3542 return count;
3543}
3544
Ken Sumrall160b4d62013-04-22 12:15:39 -07003545/* Return the value of the specified field. */
Rubin Xu85c01f92014-10-13 12:49:54 +01003546int cryptfs_getfield(const char *fieldname, char *value, int len)
Ken Sumrall160b4d62013-04-22 12:15:39 -07003547{
Paul Crowley38132a12016-02-09 09:50:32 +00003548 if (e4crypt_is_native()) {
Paul Lawrence5a06a642016-02-03 13:39:13 -08003549 SLOGE("Cannot get field when file encrypted");
3550 return -1;
Paul Lawrence368d7942015-04-15 14:12:00 -07003551 }
3552
Ken Sumrall160b4d62013-04-22 12:15:39 -07003553 char temp_value[PROPERTY_VALUE_MAX];
Rubin Xu85c01f92014-10-13 12:49:54 +01003554 /* CRYPTO_GETFIELD_OK is success,
3555 * CRYPTO_GETFIELD_ERROR_NO_FIELD is value not set,
3556 * CRYPTO_GETFIELD_ERROR_BUF_TOO_SMALL is buffer (as given by len) too small,
3557 * CRYPTO_GETFIELD_ERROR_OTHER is any other error
Ken Sumrall160b4d62013-04-22 12:15:39 -07003558 */
Rubin Xu85c01f92014-10-13 12:49:54 +01003559 int rc = CRYPTO_GETFIELD_ERROR_OTHER;
3560 int i;
3561 char temp_field[PROPERTY_KEY_MAX];
Ken Sumrall160b4d62013-04-22 12:15:39 -07003562
3563 if (persist_data == NULL) {
3564 load_persistent_data();
3565 if (persist_data == NULL) {
3566 SLOGE("Getfield error, cannot load persistent data");
3567 goto out;
3568 }
3569 }
3570
Rubin Xu85c01f92014-10-13 12:49:54 +01003571 // Read value from persistent entries. If the original value is split into multiple entries,
3572 // stitch them back together.
Ken Sumrall160b4d62013-04-22 12:15:39 -07003573 if (!persist_get_key(fieldname, temp_value)) {
Rubin Xu85c01f92014-10-13 12:49:54 +01003574 // We found it, copy it to the caller's buffer and keep going until all entries are read.
3575 if (strlcpy(value, temp_value, len) >= (unsigned) len) {
3576 // value too small
3577 rc = CRYPTO_GETFIELD_ERROR_BUF_TOO_SMALL;
3578 goto out;
3579 }
3580 rc = CRYPTO_GETFIELD_OK;
3581
3582 for (i = 1; /* break explicitly */; i++) {
3583 if (snprintf(temp_field, sizeof(temp_field), "%s_%d", fieldname, i) >=
3584 (int) sizeof(temp_field)) {
3585 // If the fieldname is very long, we stop as soon as it begins to overflow the
3586 // maximum field length. At this point we have in fact fully read out the original
3587 // value because cryptfs_setfield would not allow fields with longer names to be
3588 // written in the first place.
3589 break;
3590 }
3591 if (!persist_get_key(temp_field, temp_value)) {
3592 if (strlcat(value, temp_value, len) >= (unsigned)len) {
3593 // value too small.
3594 rc = CRYPTO_GETFIELD_ERROR_BUF_TOO_SMALL;
3595 goto out;
3596 }
3597 } else {
3598 // Exhaust all entries.
3599 break;
3600 }
3601 }
Ken Sumrall160b4d62013-04-22 12:15:39 -07003602 } else {
3603 /* Sadness, it's not there. Return the error */
Rubin Xu85c01f92014-10-13 12:49:54 +01003604 rc = CRYPTO_GETFIELD_ERROR_NO_FIELD;
Ken Sumrall160b4d62013-04-22 12:15:39 -07003605 }
3606
3607out:
3608 return rc;
3609}
3610
3611/* Set the value of the specified field. */
Rubin Xu85c01f92014-10-13 12:49:54 +01003612int cryptfs_setfield(const char *fieldname, const char *value)
Ken Sumrall160b4d62013-04-22 12:15:39 -07003613{
Paul Crowley38132a12016-02-09 09:50:32 +00003614 if (e4crypt_is_native()) {
Paul Lawrence5a06a642016-02-03 13:39:13 -08003615 SLOGE("Cannot set field when file encrypted");
3616 return -1;
Paul Lawrence368d7942015-04-15 14:12:00 -07003617 }
3618
Ken Sumrall160b4d62013-04-22 12:15:39 -07003619 char encrypted_state[PROPERTY_VALUE_MAX];
Rubin Xu85c01f92014-10-13 12:49:54 +01003620 /* 0 is success, negative values are error */
3621 int rc = CRYPTO_SETFIELD_ERROR_OTHER;
Ken Sumrall160b4d62013-04-22 12:15:39 -07003622 int encrypted = 0;
Rubin Xu85c01f92014-10-13 12:49:54 +01003623 unsigned int field_id;
3624 char temp_field[PROPERTY_KEY_MAX];
3625 unsigned int num_entries;
3626 unsigned int max_keylen;
Ken Sumrall160b4d62013-04-22 12:15:39 -07003627
3628 if (persist_data == NULL) {
3629 load_persistent_data();
3630 if (persist_data == NULL) {
3631 SLOGE("Setfield error, cannot load persistent data");
3632 goto out;
3633 }
3634 }
3635
3636 property_get("ro.crypto.state", encrypted_state, "");
3637 if (!strcmp(encrypted_state, "encrypted") ) {
3638 encrypted = 1;
3639 }
3640
Rubin Xu85c01f92014-10-13 12:49:54 +01003641 // Compute the number of entries required to store value, each entry can store up to
3642 // (PROPERTY_VALUE_MAX - 1) chars
3643 if (strlen(value) == 0) {
3644 // Empty value also needs one entry to store.
3645 num_entries = 1;
3646 } else {
3647 num_entries = (strlen(value) + (PROPERTY_VALUE_MAX - 1) - 1) / (PROPERTY_VALUE_MAX - 1);
3648 }
3649
3650 max_keylen = strlen(fieldname);
3651 if (num_entries > 1) {
3652 // Need an extra "_%d" suffix.
3653 max_keylen += 1 + log10(num_entries);
3654 }
3655 if (max_keylen > PROPERTY_KEY_MAX - 1) {
3656 rc = CRYPTO_SETFIELD_ERROR_FIELD_TOO_LONG;
Ken Sumrall160b4d62013-04-22 12:15:39 -07003657 goto out;
3658 }
3659
Rubin Xu85c01f92014-10-13 12:49:54 +01003660 // Make sure we have enough space to write the new value
3661 if (persist_data->persist_valid_entries + num_entries - persist_count_keys(fieldname) >
3662 persist_get_max_entries(encrypted)) {
3663 rc = CRYPTO_SETFIELD_ERROR_VALUE_TOO_LONG;
3664 goto out;
3665 }
3666
3667 // Now that we know persist_data has enough space for value, let's delete the old field first
3668 // to make up space.
3669 persist_del_keys(fieldname, 0);
3670
3671 if (persist_set_key(fieldname, value, encrypted)) {
3672 // fail to set key, should not happen as we have already checked the available space
3673 SLOGE("persist_set_key() error during setfield()");
3674 goto out;
3675 }
3676
3677 for (field_id = 1; field_id < num_entries; field_id++) {
3678 snprintf(temp_field, sizeof(temp_field), "%s_%d", fieldname, field_id);
3679
3680 if (persist_set_key(temp_field, value + field_id * (PROPERTY_VALUE_MAX - 1), encrypted)) {
3681 // fail to set key, should not happen as we have already checked the available space.
3682 SLOGE("persist_set_key() error during setfield()");
3683 goto out;
3684 }
3685 }
3686
Ken Sumrall160b4d62013-04-22 12:15:39 -07003687 /* If we are running encrypted, save the persistent data now */
3688 if (encrypted) {
3689 if (save_persistent_data()) {
3690 SLOGE("Setfield error, cannot save persistent data");
3691 goto out;
3692 }
3693 }
3694
Rubin Xu85c01f92014-10-13 12:49:54 +01003695 rc = CRYPTO_SETFIELD_OK;
Ken Sumrall160b4d62013-04-22 12:15:39 -07003696
3697out:
3698 return rc;
3699}
Paul Lawrencef4faa572014-01-29 13:31:03 -08003700
3701/* Checks userdata. Attempt to mount the volume if default-
3702 * encrypted.
3703 * On success trigger next init phase and return 0.
3704 * Currently do not handle failure - see TODO below.
3705 */
3706int cryptfs_mount_default_encrypted(void)
3707{
Paul Lawrence84274cc2016-04-15 15:41:33 -07003708 int crypt_type = cryptfs_get_password_type();
3709 if (crypt_type < 0 || crypt_type > CRYPT_TYPE_MAX_TYPE) {
3710 SLOGE("Bad crypt type - error");
3711 } else if (crypt_type != CRYPT_TYPE_DEFAULT) {
3712 SLOGD("Password is not default - "
3713 "starting min framework to prompt");
3714 property_set("vold.decrypt", "trigger_restart_min_framework");
3715 return 0;
3716 } else if (cryptfs_check_passwd(DEFAULT_PASSWORD) == 0) {
3717 SLOGD("Password is default - restarting filesystem");
3718 cryptfs_restart_internal(0);
3719 return 0;
Paul Lawrencef4faa572014-01-29 13:31:03 -08003720 } else {
Paul Lawrence84274cc2016-04-15 15:41:33 -07003721 SLOGE("Encrypted, default crypt type but can't decrypt");
Paul Lawrencef4faa572014-01-29 13:31:03 -08003722 }
3723
Paul Lawrence6bfed202014-07-28 12:47:22 -07003724 /** Corrupt. Allow us to boot into framework, which will detect bad
3725 crypto when it calls do_crypto_complete, then do a factory reset
Paul Lawrencef4faa572014-01-29 13:31:03 -08003726 */
Paul Lawrence6bfed202014-07-28 12:47:22 -07003727 property_set("vold.decrypt", "trigger_restart_min_framework");
Paul Lawrencef4faa572014-01-29 13:31:03 -08003728 return 0;
3729}
3730
3731/* Returns type of the password, default, pattern, pin or password.
3732 */
3733int cryptfs_get_password_type(void)
3734{
Paul Crowley38132a12016-02-09 09:50:32 +00003735 if (e4crypt_is_native()) {
Paul Lawrence7b6b5652016-02-02 11:14:59 -08003736 SLOGE("cryptfs_get_password_type not valid for file encryption");
3737 return -1;
Paul Lawrence05335c32015-03-05 09:46:23 -08003738 }
3739
Paul Lawrencef4faa572014-01-29 13:31:03 -08003740 struct crypt_mnt_ftr crypt_ftr;
3741
3742 if (get_crypt_ftr_and_key(&crypt_ftr)) {
3743 SLOGE("Error getting crypt footer and key\n");
3744 return -1;
3745 }
3746
Paul Lawrence6bfed202014-07-28 12:47:22 -07003747 if (crypt_ftr.flags & CRYPT_INCONSISTENT_STATE) {
3748 return -1;
3749 }
3750
Paul Lawrencef4faa572014-01-29 13:31:03 -08003751 return crypt_ftr.crypt_type;
3752}
Paul Lawrence684dbdf2014-02-07 12:07:22 -08003753
Paul Lawrence05335c32015-03-05 09:46:23 -08003754const char* cryptfs_get_password()
Paul Lawrence684dbdf2014-02-07 12:07:22 -08003755{
Paul Crowley38132a12016-02-09 09:50:32 +00003756 if (e4crypt_is_native()) {
Paul Lawrence7b6b5652016-02-02 11:14:59 -08003757 SLOGE("cryptfs_get_password not valid for file encryption");
3758 return 0;
Paul Lawrence05335c32015-03-05 09:46:23 -08003759 }
3760
Paul Lawrence399317e2014-03-10 13:20:50 -07003761 struct timespec now;
Paul Lawrenceef2b5be2014-11-11 12:47:03 -08003762 clock_gettime(CLOCK_BOOTTIME, &now);
Paul Lawrence399317e2014-03-10 13:20:50 -07003763 if (now.tv_sec < password_expiry_time) {
3764 return password;
3765 } else {
3766 cryptfs_clear_password();
3767 return 0;
3768 }
3769}
3770
3771void cryptfs_clear_password()
3772{
3773 if (password) {
3774 size_t len = strlen(password);
3775 memset(password, 0, len);
3776 free(password);
3777 password = 0;
3778 password_expiry_time = 0;
3779 }
Paul Lawrence684dbdf2014-02-07 12:07:22 -08003780}
Paul Lawrence731a7a22015-04-28 22:14:15 +00003781
3782int cryptfs_enable_file()
3783{
Paul Crowley38132a12016-02-09 09:50:32 +00003784 return e4crypt_initialize_global_de();
Paul Lawrence731a7a22015-04-28 22:14:15 +00003785}
3786
Paul Lawrence0c247462015-10-29 10:30:57 -07003787int cryptfs_isConvertibleToFBE()
3788{
3789 struct fstab_rec* rec = fs_mgr_get_entry_for_mount_point(fstab, DATA_MNT_POINT);
3790 return fs_mgr_is_convertible_to_fbe(rec) ? 1 : 0;
3791}
3792
Paul Lawrence731a7a22015-04-28 22:14:15 +00003793int cryptfs_create_default_ftr(struct crypt_mnt_ftr* crypt_ftr, __attribute__((unused))int key_length)
3794{
3795 if (cryptfs_init_crypt_mnt_ftr(crypt_ftr)) {
3796 SLOGE("Failed to initialize crypt_ftr");
3797 return -1;
3798 }
3799
3800 if (create_encrypted_random_key(DEFAULT_PASSWORD, crypt_ftr->master_key,
3801 crypt_ftr->salt, crypt_ftr)) {
3802 SLOGE("Cannot create encrypted master key\n");
3803 return -1;
3804 }
3805
3806 //crypt_ftr->keysize = key_length / 8;
3807 return 0;
3808}
3809
3810int cryptfs_get_master_key(struct crypt_mnt_ftr* ftr, const char* password,
3811 unsigned char* master_key)
3812{
3813 int rc;
3814
Paul Lawrence731a7a22015-04-28 22:14:15 +00003815 unsigned char* intermediate_key = 0;
3816 size_t intermediate_key_size = 0;
Paul Lawrencec78c71b2015-04-14 15:26:29 -07003817
3818 if (password == 0 || *password == 0) {
3819 password = DEFAULT_PASSWORD;
3820 }
3821
Paul Lawrence731a7a22015-04-28 22:14:15 +00003822 rc = decrypt_master_key(password, master_key, ftr, &intermediate_key,
3823 &intermediate_key_size);
3824
Paul Lawrence300dae72016-03-11 11:02:52 -08003825 if (rc) {
3826 SLOGE("Can't calculate intermediate key");
3827 return rc;
3828 }
3829
Paul Lawrencec78c71b2015-04-14 15:26:29 -07003830 int N = 1 << ftr->N_factor;
3831 int r = 1 << ftr->r_factor;
3832 int p = 1 << ftr->p_factor;
3833
3834 unsigned char scrypted_intermediate_key[sizeof(ftr->scrypted_intermediate_key)];
3835
3836 rc = crypto_scrypt(intermediate_key, intermediate_key_size,
3837 ftr->salt, sizeof(ftr->salt), N, r, p,
3838 scrypted_intermediate_key,
3839 sizeof(scrypted_intermediate_key));
3840
3841 free(intermediate_key);
3842
3843 if (rc) {
Paul Lawrence300dae72016-03-11 11:02:52 -08003844 SLOGE("Can't scrypt intermediate key");
Paul Lawrencec78c71b2015-04-14 15:26:29 -07003845 return rc;
3846 }
3847
3848 return memcmp(scrypted_intermediate_key, ftr->scrypted_intermediate_key,
3849 intermediate_key_size);
Paul Lawrence731a7a22015-04-28 22:14:15 +00003850}
3851
3852int cryptfs_set_password(struct crypt_mnt_ftr* ftr, const char* password,
3853 const unsigned char* master_key)
3854{
3855 return encrypt_master_key(password, ftr->salt, master_key, ftr->master_key,
3856 ftr);
3857}