blob: a905ff64a2d37f3d3562a4e5310eafa86d577738 [file] [log] [blame]
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001/*
2 * Copyright (C) 2010 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17/* TO DO:
18 * 1. Perhaps keep several copies of the encrypted key, in case something
19 * goes horribly wrong?
20 *
21 */
22
23#include <sys/types.h>
Ken Sumralle550f782013-08-20 13:48:23 -070024#include <sys/wait.h>
Ken Sumrall8f869aa2010-12-03 03:47:09 -080025#include <sys/stat.h>
Paul Lawrencef4faa572014-01-29 13:31:03 -080026#include <ctype.h>
Ken Sumrall8f869aa2010-12-03 03:47:09 -080027#include <fcntl.h>
Elliott Hughes73737162014-06-25 17:27:42 -070028#include <inttypes.h>
Ken Sumrall8f869aa2010-12-03 03:47:09 -080029#include <unistd.h>
30#include <stdio.h>
31#include <sys/ioctl.h>
32#include <linux/dm-ioctl.h>
33#include <libgen.h>
34#include <stdlib.h>
35#include <sys/param.h>
36#include <string.h>
37#include <sys/mount.h>
38#include <openssl/evp.h>
Adam Langley41405bb2015-01-22 16:45:28 -080039#include <openssl/sha.h>
Ken Sumrall8f869aa2010-12-03 03:47:09 -080040#include <errno.h>
Ken Sumrall3ed82362011-01-28 23:31:16 -080041#include <ext4.h>
Ken Sumrall29d8da82011-05-18 17:20:07 -070042#include <linux/kdev_t.h>
Ken Sumralle5032c42012-04-01 23:58:44 -070043#include <fs_mgr.h>
Paul Lawrence9c58a872014-09-30 09:12:51 -070044#include <time.h>
Rubin Xu85c01f92014-10-13 12:49:54 +010045#include <math.h>
Ken Sumrall8f869aa2010-12-03 03:47:09 -080046#include "cryptfs.h"
47#define LOG_TAG "Cryptfs"
48#include "cutils/log.h"
49#include "cutils/properties.h"
Ken Sumralladfba362013-06-04 16:37:52 -070050#include "cutils/android_reboot.h"
Ken Sumrall5d4c68e2011-01-30 19:06:03 -080051#include "hardware_legacy/power.h"
Ken Sumralle550f782013-08-20 13:48:23 -070052#include <logwrap/logwrap.h>
Ken Sumrall29d8da82011-05-18 17:20:07 -070053#include "VolumeManager.h"
Ken Sumrall9caab762013-06-11 19:10:20 -070054#include "VoldUtil.h"
Kenny Rootc4c70f12013-06-14 12:11:38 -070055#include "crypto_scrypt.h"
Paul Lawrence731a7a22015-04-28 22:14:15 +000056#include "Ext4Crypt.h"
57#include "ext4_crypt_init_extensions.h"
Paul Lawrenceae59fe62014-01-21 08:23:27 -080058#include "ext4_utils.h"
Daniel Rosenberge82df162014-08-15 22:19:23 +000059#include "f2fs_sparseblock.h"
Paul Lawrence87999172014-02-20 12:21:31 -080060#include "CheckBattery.h"
jessica_yu3f14fe42014-09-22 15:57:40 +080061#include "Process.h"
Ken Sumrall8f869aa2010-12-03 03:47:09 -080062
Shawn Willden8af33352015-02-24 09:51:34 -070063#include <hardware/keymaster0.h>
Shawn Willdenda6e8992015-06-03 09:40:45 -060064#include <hardware/keymaster1.h>
Paul Lawrence69f4ebd2014-04-14 12:17:14 -070065
Mark Salyzyn3e971272014-01-21 13:27:04 -080066#define UNUSED __attribute__((unused))
67
Mark Salyzyn5eecc442014-02-12 14:16:14 -080068#define UNUSED __attribute__((unused))
69
Ajay Dudani87701e22014-09-17 21:02:52 -070070#ifdef CONFIG_HW_DISK_ENCRYPTION
71#include "cryptfs_hw.h"
72#endif
73
Ken Sumrall8f869aa2010-12-03 03:47:09 -080074#define DM_CRYPT_BUF_SIZE 4096
75
Jason parks70a4b3f2011-01-28 10:10:47 -060076#define HASH_COUNT 2000
77#define KEY_LEN_BYTES 16
78#define IV_LEN_BYTES 16
79
Ken Sumrall29d8da82011-05-18 17:20:07 -070080#define KEY_IN_FOOTER "footer"
81
Paul Lawrence3bd36d52015-06-09 13:37:44 -070082#define DEFAULT_PASSWORD "default_password"
Paul Lawrencef4faa572014-01-29 13:31:03 -080083
Ken Sumrall29d8da82011-05-18 17:20:07 -070084#define EXT4_FS 1
JP Abgrall62c7af32014-06-16 13:01:23 -070085#define F2FS_FS 2
Ken Sumrall29d8da82011-05-18 17:20:07 -070086
Ken Sumralle919efe2012-09-29 17:07:41 -070087#define TABLE_LOAD_RETRIES 10
88
Shawn Willden47ba10d2014-09-03 17:07:06 -060089#define RSA_KEY_SIZE 2048
90#define RSA_KEY_SIZE_BYTES (RSA_KEY_SIZE / 8)
91#define RSA_EXPONENT 0x10001
Shawn Willdenda6e8992015-06-03 09:40:45 -060092#define KEYMASTER_CRYPTFS_RATE_LIMIT 1 // Maximum one try per second
Paul Lawrence69f4ebd2014-04-14 12:17:14 -070093
Paul Lawrence8e3f4512014-09-08 10:11:17 -070094#define RETRY_MOUNT_ATTEMPTS 10
95#define RETRY_MOUNT_DELAY_SECONDS 1
96
Ken Sumrall8f869aa2010-12-03 03:47:09 -080097char *me = "cryptfs";
98
Jason parks70a4b3f2011-01-28 10:10:47 -060099static unsigned char saved_master_key[KEY_LEN_BYTES];
Ken Sumrall3ad90722011-10-04 20:38:29 -0700100static char *saved_mount_point;
Jason parks70a4b3f2011-01-28 10:10:47 -0600101static int master_key_saved = 0;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700102static struct crypt_persist_data *persist_data = NULL;
Ken Sumrall56ad03c2013-02-13 13:00:19 -0800103
Shawn Willdenda6e8992015-06-03 09:40:45 -0600104static int keymaster_init(keymaster0_device_t **keymaster0_dev,
105 keymaster1_device_t **keymaster1_dev)
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700106{
107 int rc;
108
109 const hw_module_t* mod;
110 rc = hw_get_module_by_class(KEYSTORE_HARDWARE_MODULE_ID, NULL, &mod);
111 if (rc) {
112 ALOGE("could not find any keystore module");
Shawn Willdenda6e8992015-06-03 09:40:45 -0600113 goto err;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700114 }
115
Shawn Willdenda6e8992015-06-03 09:40:45 -0600116 SLOGI("keymaster module name is %s", mod->name);
117 SLOGI("keymaster version is %d", mod->module_api_version);
118
119 *keymaster0_dev = NULL;
120 *keymaster1_dev = NULL;
121 if (mod->module_api_version == KEYMASTER_MODULE_API_VERSION_1_0) {
122 SLOGI("Found keymaster1 module, using keymaster1 API.");
123 rc = keymaster1_open(mod, keymaster1_dev);
124 } else {
125 SLOGI("Found keymaster0 module, using keymaster0 API.");
126 rc = keymaster0_open(mod, keymaster0_dev);
127 }
128
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700129 if (rc) {
130 ALOGE("could not open keymaster device in %s (%s)",
Shawn Willdenda6e8992015-06-03 09:40:45 -0600131 KEYSTORE_HARDWARE_MODULE_ID, strerror(-rc));
132 goto err;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700133 }
134
135 return 0;
136
Shawn Willdenda6e8992015-06-03 09:40:45 -0600137err:
138 *keymaster0_dev = NULL;
139 *keymaster1_dev = NULL;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700140 return rc;
141}
142
143/* Should we use keymaster? */
144static int keymaster_check_compatibility()
145{
Shawn Willdenda6e8992015-06-03 09:40:45 -0600146 keymaster0_device_t *keymaster0_dev = 0;
147 keymaster1_device_t *keymaster1_dev = 0;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700148 int rc = 0;
149
Shawn Willdenda6e8992015-06-03 09:40:45 -0600150 if (keymaster_init(&keymaster0_dev, &keymaster1_dev)) {
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700151 SLOGE("Failed to init keymaster");
152 rc = -1;
153 goto out;
154 }
155
Shawn Willdenda6e8992015-06-03 09:40:45 -0600156 if (keymaster1_dev) {
157 rc = 1;
158 goto out;
159 }
Paul Lawrence8c008392014-05-06 14:02:48 -0700160
Shawn Willdenda6e8992015-06-03 09:40:45 -0600161 // TODO(swillden): Check to see if there's any reason to require v0.3. I think v0.1 and v0.2
162 // should work.
163 if (keymaster0_dev->common.module->module_api_version
Paul Lawrence8c008392014-05-06 14:02:48 -0700164 < KEYMASTER_MODULE_API_VERSION_0_3) {
165 rc = 0;
166 goto out;
167 }
168
Shawn Willdenda6e8992015-06-03 09:40:45 -0600169 if (!(keymaster0_dev->flags & KEYMASTER_SOFTWARE_ONLY) &&
170 (keymaster0_dev->flags & KEYMASTER_BLOBS_ARE_STANDALONE)) {
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700171 rc = 1;
172 }
173
174out:
Shawn Willdenda6e8992015-06-03 09:40:45 -0600175 if (keymaster1_dev) {
176 keymaster1_close(keymaster1_dev);
177 }
178 if (keymaster0_dev) {
179 keymaster0_close(keymaster0_dev);
180 }
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700181 return rc;
182}
183
184/* Create a new keymaster key and store it in this footer */
185static int keymaster_create_key(struct crypt_mnt_ftr *ftr)
186{
187 uint8_t* key = 0;
Shawn Willdenda6e8992015-06-03 09:40:45 -0600188 keymaster0_device_t *keymaster0_dev = 0;
189 keymaster1_device_t *keymaster1_dev = 0;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700190
Shawn Willdenda6e8992015-06-03 09:40:45 -0600191 if (keymaster_init(&keymaster0_dev, &keymaster1_dev)) {
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700192 SLOGE("Failed to init keymaster");
193 return -1;
194 }
195
196 int rc = 0;
Shawn Willdenda6e8992015-06-03 09:40:45 -0600197 size_t key_size = 0;
198 if (keymaster1_dev) {
199 keymaster_key_param_t params[] = {
200 /* Algorithm & size specifications. Stick with RSA for now. Switch to AES later. */
201 keymaster_param_enum(KM_TAG_ALGORITHM, KM_ALGORITHM_RSA),
202 keymaster_param_int(KM_TAG_KEY_SIZE, RSA_KEY_SIZE),
203 keymaster_param_long(KM_TAG_RSA_PUBLIC_EXPONENT, RSA_EXPONENT),
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700204
Shawn Willden86af3552015-06-24 07:21:54 -0700205 /* The only allowed purpose for this key is signing. */
206 keymaster_param_enum(KM_TAG_PURPOSE, KM_PURPOSE_SIGN),
207
208 /* Padding & digest specifications. */
Shawn Willdenda6e8992015-06-03 09:40:45 -0600209 keymaster_param_enum(KM_TAG_PADDING, KM_PAD_NONE),
Shawn Willdenda6e8992015-06-03 09:40:45 -0600210 keymaster_param_enum(KM_TAG_DIGEST, KM_DIGEST_NONE),
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700211
Shawn Willdenda6e8992015-06-03 09:40:45 -0600212 /* Require that the key be usable in standalone mode. File system isn't available. */
213 keymaster_param_enum(KM_TAG_BLOB_USAGE_REQUIREMENTS, KM_BLOB_STANDALONE),
214
215 /* No auth requirements, because cryptfs is not yet integrated with gatekeeper. */
216 keymaster_param_bool(KM_TAG_NO_AUTH_REQUIRED),
217
Shawn Willdenda6e8992015-06-03 09:40:45 -0600218 /* Rate-limit key usage attempts, to rate-limit brute force */
219 keymaster_param_int(KM_TAG_MIN_SECONDS_BETWEEN_OPS, KEYMASTER_CRYPTFS_RATE_LIMIT),
220 };
221 keymaster_key_param_set_t param_set = { params, sizeof(params)/sizeof(*params) };
222 keymaster_key_blob_t key_blob;
223 keymaster_error_t error = keymaster1_dev->generate_key(keymaster1_dev, &param_set,
224 &key_blob,
225 NULL /* characteristics */);
226 if (error != KM_ERROR_OK) {
227 SLOGE("Failed to generate keymaster1 key, error %d", error);
228 rc = -1;
229 goto out;
230 }
231
232 key = (uint8_t*)key_blob.key_material;
233 key_size = key_blob.key_material_size;
234 }
235 else if (keymaster0_dev) {
236 keymaster_rsa_keygen_params_t params;
237 memset(&params, '\0', sizeof(params));
238 params.public_exponent = RSA_EXPONENT;
239 params.modulus_size = RSA_KEY_SIZE;
240
241 if (keymaster0_dev->generate_keypair(keymaster0_dev, TYPE_RSA, &params,
242 &key, &key_size)) {
243 SLOGE("Failed to generate keypair");
244 rc = -1;
245 goto out;
246 }
247 } else {
248 SLOGE("Cryptfs bug: keymaster_init succeeded but didn't initialize a device");
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700249 rc = -1;
250 goto out;
251 }
252
253 if (key_size > KEYMASTER_BLOB_SIZE) {
254 SLOGE("Keymaster key too large for crypto footer");
255 rc = -1;
256 goto out;
257 }
258
259 memcpy(ftr->keymaster_blob, key, key_size);
260 ftr->keymaster_blob_size = key_size;
261
262out:
Shawn Willdenda6e8992015-06-03 09:40:45 -0600263 if (keymaster0_dev)
264 keymaster0_close(keymaster0_dev);
265 if (keymaster1_dev)
266 keymaster1_close(keymaster1_dev);
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700267 free(key);
268 return rc;
269}
270
Shawn Willdene17a9c42014-09-08 13:04:08 -0600271/* This signs the given object using the keymaster key. */
272static int keymaster_sign_object(struct crypt_mnt_ftr *ftr,
Shawn Willden47ba10d2014-09-03 17:07:06 -0600273 const unsigned char *object,
274 const size_t object_size,
275 unsigned char **signature,
276 size_t *signature_size)
277{
278 int rc = 0;
Shawn Willdenda6e8992015-06-03 09:40:45 -0600279 keymaster0_device_t *keymaster0_dev = 0;
280 keymaster1_device_t *keymaster1_dev = 0;
281 if (keymaster_init(&keymaster0_dev, &keymaster1_dev)) {
Shawn Willden47ba10d2014-09-03 17:07:06 -0600282 SLOGE("Failed to init keymaster");
Shawn Willdenda6e8992015-06-03 09:40:45 -0600283 rc = -1;
284 goto out;
Shawn Willden47ba10d2014-09-03 17:07:06 -0600285 }
286
Shawn Willden47ba10d2014-09-03 17:07:06 -0600287 unsigned char to_sign[RSA_KEY_SIZE_BYTES];
Shawn Willdene17a9c42014-09-08 13:04:08 -0600288 size_t to_sign_size = sizeof(to_sign);
Shawn Willden47ba10d2014-09-03 17:07:06 -0600289 memset(to_sign, 0, RSA_KEY_SIZE_BYTES);
Shawn Willden47ba10d2014-09-03 17:07:06 -0600290
Shawn Willdene17a9c42014-09-08 13:04:08 -0600291 // To sign a message with RSA, the message must satisfy two
292 // constraints:
293 //
294 // 1. The message, when interpreted as a big-endian numeric value, must
295 // be strictly less than the public modulus of the RSA key. Note
296 // that because the most significant bit of the public modulus is
297 // guaranteed to be 1 (else it's an (n-1)-bit key, not an n-bit
298 // key), an n-bit message with most significant bit 0 always
299 // satisfies this requirement.
300 //
301 // 2. The message must have the same length in bits as the public
302 // modulus of the RSA key. This requirement isn't mathematically
303 // necessary, but is necessary to ensure consistency in
304 // implementations.
305 switch (ftr->kdf_type) {
Shawn Willdene17a9c42014-09-08 13:04:08 -0600306 case KDF_SCRYPT_KEYMASTER:
307 // This ensures the most significant byte of the signed message
308 // is zero. We could have zero-padded to the left instead, but
309 // this approach is slightly more robust against changes in
310 // object size. However, it's still broken (but not unusably
Shawn Willdenda6e8992015-06-03 09:40:45 -0600311 // so) because we really should be using a proper deterministic
312 // RSA padding function, such as PKCS1.
Shawn Willdene17a9c42014-09-08 13:04:08 -0600313 memcpy(to_sign + 1, object, min(RSA_KEY_SIZE_BYTES - 1, object_size));
314 SLOGI("Signing safely-padded object");
315 break;
316 default:
317 SLOGE("Unknown KDF type %d", ftr->kdf_type);
Shawn Willdenda6e8992015-06-03 09:40:45 -0600318 rc = -1;
319 goto out;
Shawn Willdene17a9c42014-09-08 13:04:08 -0600320 }
321
Shawn Willdenda6e8992015-06-03 09:40:45 -0600322 if (keymaster0_dev) {
323 keymaster_rsa_sign_params_t params;
324 params.digest_type = DIGEST_NONE;
325 params.padding_type = PADDING_NONE;
Shawn Willden47ba10d2014-09-03 17:07:06 -0600326
Shawn Willdenda6e8992015-06-03 09:40:45 -0600327 rc = keymaster0_dev->sign_data(keymaster0_dev,
328 &params,
329 ftr->keymaster_blob,
330 ftr->keymaster_blob_size,
331 to_sign,
332 to_sign_size,
333 signature,
334 signature_size);
335 goto out;
336 } else if (keymaster1_dev) {
337 keymaster_key_blob_t key = { ftr->keymaster_blob, ftr->keymaster_blob_size };
338 keymaster_key_param_t params[] = {
339 keymaster_param_enum(KM_TAG_PADDING, KM_PAD_NONE),
340 keymaster_param_enum(KM_TAG_DIGEST, KM_DIGEST_NONE),
341 };
342 keymaster_key_param_set_t param_set = { params, sizeof(params)/sizeof(*params) };
343 keymaster_operation_handle_t op_handle;
344 keymaster_error_t error = keymaster1_dev->begin(keymaster1_dev, KM_PURPOSE_SIGN, &key,
345 &param_set, NULL /* out_params */,
346 &op_handle);
Shawn Willden04170602015-06-18 12:26:59 -0600347 if (error == KM_ERROR_KEY_RATE_LIMIT_EXCEEDED) {
Shawn Willdenda6e8992015-06-03 09:40:45 -0600348 // Key usage has been rate-limited. Wait a bit and try again.
349 sleep(KEYMASTER_CRYPTFS_RATE_LIMIT);
350 error = keymaster1_dev->begin(keymaster1_dev, KM_PURPOSE_SIGN, &key,
351 &param_set, NULL /* out_params */,
352 &op_handle);
353 }
354 if (error != KM_ERROR_OK) {
355 SLOGE("Error starting keymaster signature transaction: %d", error);
356 rc = -1;
357 goto out;
358 }
359
360 keymaster_blob_t input = { to_sign, to_sign_size };
361 size_t input_consumed;
362 error = keymaster1_dev->update(keymaster1_dev, op_handle, NULL /* in_params */,
363 &input, &input_consumed, NULL /* out_params */,
364 NULL /* output */);
365 if (error != KM_ERROR_OK) {
366 SLOGE("Error sending data to keymaster signature transaction: %d", error);
367 rc = -1;
368 goto out;
369 }
370 if (input_consumed != to_sign_size) {
371 // This should never happen. If it does, it's a bug in the keymaster implementation.
372 SLOGE("Keymaster update() did not consume all data.");
373 keymaster1_dev->abort(keymaster1_dev, op_handle);
374 rc = -1;
375 goto out;
376 }
377
378 keymaster_blob_t tmp_sig;
379 error = keymaster1_dev->finish(keymaster1_dev, op_handle, NULL /* in_params */,
380 NULL /* verify signature */, NULL /* out_params */,
381 &tmp_sig);
382 if (error != KM_ERROR_OK) {
383 SLOGE("Error finishing keymaster signature transaction: %d", error);
384 rc = -1;
385 goto out;
386 }
387
388 *signature = (uint8_t*)tmp_sig.data;
389 *signature_size = tmp_sig.data_length;
390 } else {
391 SLOGE("Cryptfs bug: keymaster_init succeded but didn't initialize a device.");
392 rc = -1;
393 goto out;
394 }
395
396 out:
397 if (keymaster1_dev)
398 keymaster1_close(keymaster1_dev);
399 if (keymaster0_dev)
400 keymaster0_close(keymaster0_dev);
401
402 return rc;
Shawn Willden47ba10d2014-09-03 17:07:06 -0600403}
404
Paul Lawrence399317e2014-03-10 13:20:50 -0700405/* Store password when userdata is successfully decrypted and mounted.
406 * Cleared by cryptfs_clear_password
407 *
408 * To avoid a double prompt at boot, we need to store the CryptKeeper
409 * password and pass it to KeyGuard, which uses it to unlock KeyStore.
410 * Since the entire framework is torn down and rebuilt after encryption,
411 * we have to use a daemon or similar to store the password. Since vold
412 * is secured against IPC except from system processes, it seems a reasonable
413 * place to store this.
414 *
415 * password should be cleared once it has been used.
416 *
417 * password is aged out after password_max_age_seconds seconds.
Paul Lawrence684dbdf2014-02-07 12:07:22 -0800418 */
Paul Lawrence399317e2014-03-10 13:20:50 -0700419static char* password = 0;
420static int password_expiry_time = 0;
421static const int password_max_age_seconds = 60;
Paul Lawrence684dbdf2014-02-07 12:07:22 -0800422
Ken Sumrall56ad03c2013-02-13 13:00:19 -0800423extern struct fstab *fstab;
Ken Sumrall8ddbe402011-01-17 15:26:29 -0800424
Paul Lawrence87999172014-02-20 12:21:31 -0800425enum RebootType {reboot, recovery, shutdown};
426static void cryptfs_reboot(enum RebootType rt)
Ken Sumralladfba362013-06-04 16:37:52 -0700427{
Paul Lawrence87999172014-02-20 12:21:31 -0800428 switch(rt) {
429 case reboot:
430 property_set(ANDROID_RB_PROPERTY, "reboot");
431 break;
432
433 case recovery:
434 property_set(ANDROID_RB_PROPERTY, "reboot,recovery");
435 break;
436
437 case shutdown:
438 property_set(ANDROID_RB_PROPERTY, "shutdown");
439 break;
Ken Sumralladfba362013-06-04 16:37:52 -0700440 }
Paul Lawrence87999172014-02-20 12:21:31 -0800441
Ken Sumralladfba362013-06-04 16:37:52 -0700442 sleep(20);
443
444 /* Shouldn't get here, reboot should happen before sleep times out */
445 return;
446}
447
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800448static void ioctl_init(struct dm_ioctl *io, size_t dataSize, const char *name, unsigned flags)
449{
450 memset(io, 0, dataSize);
451 io->data_size = dataSize;
452 io->data_start = sizeof(struct dm_ioctl);
453 io->version[0] = 4;
454 io->version[1] = 0;
455 io->version[2] = 0;
456 io->flags = flags;
457 if (name) {
Marek Pola5e6b9142015-02-05 14:22:34 +0100458 strlcpy(io->name, name, sizeof(io->name));
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800459 }
460}
461
Kenny Rootc4c70f12013-06-14 12:11:38 -0700462/**
463 * Gets the default device scrypt parameters for key derivation time tuning.
464 * The parameters should lead to about one second derivation time for the
465 * given device.
466 */
467static void get_device_scrypt_params(struct crypt_mnt_ftr *ftr) {
468 const int default_params[] = SCRYPT_DEFAULTS;
469 int params[] = SCRYPT_DEFAULTS;
470 char paramstr[PROPERTY_VALUE_MAX];
471 char *token;
472 char *saveptr;
473 int i;
474
475 property_get(SCRYPT_PROP, paramstr, "");
476 if (paramstr[0] != '\0') {
477 /*
478 * The token we're looking for should be three integers separated by
479 * colons (e.g., "12:8:1"). Scan the property to make sure it matches.
480 */
Kenny Root2947e342013-08-14 15:54:49 -0700481 for (i = 0, token = strtok_r(paramstr, ":", &saveptr);
482 token != NULL && i < 3;
Kenny Rootc4c70f12013-06-14 12:11:38 -0700483 i++, token = strtok_r(NULL, ":", &saveptr)) {
484 char *endptr;
485 params[i] = strtol(token, &endptr, 10);
486
487 /*
488 * Check that there was a valid number and it's 8-bit. If not,
489 * break out and the end check will take the default values.
490 */
491 if ((*token == '\0') || (*endptr != '\0') || params[i] < 0 || params[i] > 255) {
492 break;
493 }
494 }
495
496 /*
497 * If there were not enough tokens or a token was malformed (not an
498 * integer), it will end up here and the default parameters can be
499 * taken.
500 */
501 if ((i != 3) || (token != NULL)) {
502 SLOGW("bad scrypt parameters '%s' should be like '12:8:1'; using defaults", paramstr);
503 memcpy(params, default_params, sizeof(params));
504 }
505 }
506
507 ftr->N_factor = params[0];
508 ftr->r_factor = params[1];
509 ftr->p_factor = params[2];
510}
511
Ken Sumrall3ed82362011-01-28 23:31:16 -0800512static unsigned int get_fs_size(char *dev)
513{
514 int fd, block_size;
515 struct ext4_super_block sb;
516 off64_t len;
517
Jeff Sharkeyce6a9132015-04-08 21:07:21 -0700518 if ((fd = open(dev, O_RDONLY|O_CLOEXEC)) < 0) {
Ken Sumrall3ed82362011-01-28 23:31:16 -0800519 SLOGE("Cannot open device to get filesystem size ");
520 return 0;
521 }
522
523 if (lseek64(fd, 1024, SEEK_SET) < 0) {
524 SLOGE("Cannot seek to superblock");
525 return 0;
526 }
527
528 if (read(fd, &sb, sizeof(sb)) != sizeof(sb)) {
529 SLOGE("Cannot read superblock");
530 return 0;
531 }
532
533 close(fd);
534
Daniel Rosenberge82df162014-08-15 22:19:23 +0000535 if (le32_to_cpu(sb.s_magic) != EXT4_SUPER_MAGIC) {
536 SLOGE("Not a valid ext4 superblock");
537 return 0;
538 }
Ken Sumrall3ed82362011-01-28 23:31:16 -0800539 block_size = 1024 << sb.s_log_block_size;
540 /* compute length in bytes */
541 len = ( ((off64_t)sb.s_blocks_count_hi << 32) + sb.s_blocks_count_lo) * block_size;
542
543 /* return length in sectors */
544 return (unsigned int) (len / 512);
545}
546
Ken Sumrall160b4d62013-04-22 12:15:39 -0700547static int get_crypt_ftr_info(char **metadata_fname, off64_t *off)
548{
549 static int cached_data = 0;
550 static off64_t cached_off = 0;
551 static char cached_metadata_fname[PROPERTY_VALUE_MAX] = "";
552 int fd;
553 char key_loc[PROPERTY_VALUE_MAX];
554 char real_blkdev[PROPERTY_VALUE_MAX];
Ken Sumrall160b4d62013-04-22 12:15:39 -0700555 int rc = -1;
556
557 if (!cached_data) {
558 fs_mgr_get_crypt_info(fstab, key_loc, real_blkdev, sizeof(key_loc));
559
560 if (!strcmp(key_loc, KEY_IN_FOOTER)) {
Jeff Sharkeyce6a9132015-04-08 21:07:21 -0700561 if ( (fd = open(real_blkdev, O_RDWR|O_CLOEXEC)) < 0) {
Ken Sumrall160b4d62013-04-22 12:15:39 -0700562 SLOGE("Cannot open real block device %s\n", real_blkdev);
563 return -1;
564 }
565
Hiroaki Miyazawa14eab552015-02-04 13:29:15 +0900566 unsigned long nr_sec = 0;
567 get_blkdev_size(fd, &nr_sec);
568 if (nr_sec != 0) {
Ken Sumrall160b4d62013-04-22 12:15:39 -0700569 /* If it's an encrypted Android partition, the last 16 Kbytes contain the
570 * encryption info footer and key, and plenty of bytes to spare for future
571 * growth.
572 */
573 strlcpy(cached_metadata_fname, real_blkdev, sizeof(cached_metadata_fname));
574 cached_off = ((off64_t)nr_sec * 512) - CRYPT_FOOTER_OFFSET;
575 cached_data = 1;
576 } else {
577 SLOGE("Cannot get size of block device %s\n", real_blkdev);
578 }
579 close(fd);
580 } else {
581 strlcpy(cached_metadata_fname, key_loc, sizeof(cached_metadata_fname));
582 cached_off = 0;
583 cached_data = 1;
584 }
585 }
586
587 if (cached_data) {
588 if (metadata_fname) {
589 *metadata_fname = cached_metadata_fname;
590 }
591 if (off) {
592 *off = cached_off;
593 }
594 rc = 0;
595 }
596
597 return rc;
598}
599
Ken Sumralle8744072011-01-18 22:01:55 -0800600/* key or salt can be NULL, in which case just skip writing that value. Useful to
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800601 * update the failed mount count but not change the key.
602 */
Ken Sumrall160b4d62013-04-22 12:15:39 -0700603static int put_crypt_ftr_and_key(struct crypt_mnt_ftr *crypt_ftr)
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800604{
605 int fd;
Tim Murray8439dc92014-12-15 11:56:11 -0800606 unsigned int cnt;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700607 /* starting_off is set to the SEEK_SET offset
608 * where the crypto structure starts
609 */
610 off64_t starting_off;
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800611 int rc = -1;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700612 char *fname = NULL;
Ken Sumrall3be890f2011-09-14 16:53:46 -0700613 struct stat statbuf;
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800614
Ken Sumrall160b4d62013-04-22 12:15:39 -0700615 if (get_crypt_ftr_info(&fname, &starting_off)) {
616 SLOGE("Unable to get crypt_ftr_info\n");
617 return -1;
618 }
619 if (fname[0] != '/') {
Ken Sumralle5032c42012-04-01 23:58:44 -0700620 SLOGE("Unexpected value for crypto key location\n");
Ken Sumrall160b4d62013-04-22 12:15:39 -0700621 return -1;
622 }
Jeff Sharkeyce6a9132015-04-08 21:07:21 -0700623 if ( (fd = open(fname, O_RDWR | O_CREAT|O_CLOEXEC, 0600)) < 0) {
Ken Sumralle550f782013-08-20 13:48:23 -0700624 SLOGE("Cannot open footer file %s for put\n", fname);
Ken Sumrall160b4d62013-04-22 12:15:39 -0700625 return -1;
626 }
627
628 /* Seek to the start of the crypt footer */
629 if (lseek64(fd, starting_off, SEEK_SET) == -1) {
630 SLOGE("Cannot seek to real block device footer\n");
631 goto errout;
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800632 }
633
634 if ((cnt = write(fd, crypt_ftr, sizeof(struct crypt_mnt_ftr))) != sizeof(struct crypt_mnt_ftr)) {
635 SLOGE("Cannot write real block device footer\n");
636 goto errout;
637 }
638
Ken Sumrall3be890f2011-09-14 16:53:46 -0700639 fstat(fd, &statbuf);
640 /* If the keys are kept on a raw block device, do not try to truncate it. */
Ken Sumralle550f782013-08-20 13:48:23 -0700641 if (S_ISREG(statbuf.st_mode)) {
Ken Sumrall29d8da82011-05-18 17:20:07 -0700642 if (ftruncate(fd, 0x4000)) {
Colin Cross59846b62014-02-06 20:34:29 -0800643 SLOGE("Cannot set footer file size\n");
Ken Sumralle8744072011-01-18 22:01:55 -0800644 goto errout;
645 }
646 }
647
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800648 /* Success! */
649 rc = 0;
650
651errout:
652 close(fd);
653 return rc;
654
655}
656
Ken Sumrall160b4d62013-04-22 12:15:39 -0700657static inline int unix_read(int fd, void* buff, int len)
658{
659 return TEMP_FAILURE_RETRY(read(fd, buff, len));
660}
661
662static inline int unix_write(int fd, const void* buff, int len)
663{
664 return TEMP_FAILURE_RETRY(write(fd, buff, len));
665}
666
667static void init_empty_persist_data(struct crypt_persist_data *pdata, int len)
668{
669 memset(pdata, 0, len);
670 pdata->persist_magic = PERSIST_DATA_MAGIC;
671 pdata->persist_valid_entries = 0;
672}
673
674/* A routine to update the passed in crypt_ftr to the lastest version.
675 * fd is open read/write on the device that holds the crypto footer and persistent
676 * data, crypt_ftr is a pointer to the struct to be updated, and offset is the
677 * absolute offset to the start of the crypt_mnt_ftr on the passed in fd.
678 */
679static void upgrade_crypt_ftr(int fd, struct crypt_mnt_ftr *crypt_ftr, off64_t offset)
680{
Kenny Root7434b312013-06-14 11:29:53 -0700681 int orig_major = crypt_ftr->major_version;
682 int orig_minor = crypt_ftr->minor_version;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700683
Kenny Root7434b312013-06-14 11:29:53 -0700684 if ((crypt_ftr->major_version == 1) && (crypt_ftr->minor_version == 0)) {
685 struct crypt_persist_data *pdata;
686 off64_t pdata_offset = offset + CRYPT_FOOTER_TO_PERSIST_OFFSET;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700687
Kenny Rootc4c70f12013-06-14 12:11:38 -0700688 SLOGW("upgrading crypto footer to 1.1");
689
Kenny Root7434b312013-06-14 11:29:53 -0700690 pdata = malloc(CRYPT_PERSIST_DATA_SIZE);
691 if (pdata == NULL) {
692 SLOGE("Cannot allocate persisent data\n");
693 return;
694 }
695 memset(pdata, 0, CRYPT_PERSIST_DATA_SIZE);
696
697 /* Need to initialize the persistent data area */
698 if (lseek64(fd, pdata_offset, SEEK_SET) == -1) {
699 SLOGE("Cannot seek to persisent data offset\n");
Henrik Baard91064632015-02-05 15:09:17 +0100700 free(pdata);
Kenny Root7434b312013-06-14 11:29:53 -0700701 return;
702 }
703 /* Write all zeros to the first copy, making it invalid */
704 unix_write(fd, pdata, CRYPT_PERSIST_DATA_SIZE);
705
706 /* Write a valid but empty structure to the second copy */
707 init_empty_persist_data(pdata, CRYPT_PERSIST_DATA_SIZE);
708 unix_write(fd, pdata, CRYPT_PERSIST_DATA_SIZE);
709
710 /* Update the footer */
711 crypt_ftr->persist_data_size = CRYPT_PERSIST_DATA_SIZE;
712 crypt_ftr->persist_data_offset[0] = pdata_offset;
713 crypt_ftr->persist_data_offset[1] = pdata_offset + CRYPT_PERSIST_DATA_SIZE;
714 crypt_ftr->minor_version = 1;
Henrik Baard91064632015-02-05 15:09:17 +0100715 free(pdata);
Ken Sumrall160b4d62013-04-22 12:15:39 -0700716 }
717
Paul Lawrencef4faa572014-01-29 13:31:03 -0800718 if ((crypt_ftr->major_version == 1) && (crypt_ftr->minor_version == 1)) {
Kenny Rootc4c70f12013-06-14 12:11:38 -0700719 SLOGW("upgrading crypto footer to 1.2");
JP Abgrall7bdfa522013-11-15 13:42:56 -0800720 /* But keep the old kdf_type.
721 * It will get updated later to KDF_SCRYPT after the password has been verified.
722 */
Kenny Rootc4c70f12013-06-14 12:11:38 -0700723 crypt_ftr->kdf_type = KDF_PBKDF2;
724 get_device_scrypt_params(crypt_ftr);
725 crypt_ftr->minor_version = 2;
726 }
727
Paul Lawrencef4faa572014-01-29 13:31:03 -0800728 if ((crypt_ftr->major_version == 1) && (crypt_ftr->minor_version == 2)) {
729 SLOGW("upgrading crypto footer to 1.3");
730 crypt_ftr->crypt_type = CRYPT_TYPE_PASSWORD;
731 crypt_ftr->minor_version = 3;
732 }
733
Kenny Root7434b312013-06-14 11:29:53 -0700734 if ((orig_major != crypt_ftr->major_version) || (orig_minor != crypt_ftr->minor_version)) {
735 if (lseek64(fd, offset, SEEK_SET) == -1) {
736 SLOGE("Cannot seek to crypt footer\n");
737 return;
738 }
739 unix_write(fd, crypt_ftr, sizeof(struct crypt_mnt_ftr));
Ken Sumrall160b4d62013-04-22 12:15:39 -0700740 }
Ken Sumrall160b4d62013-04-22 12:15:39 -0700741}
742
743
744static int get_crypt_ftr_and_key(struct crypt_mnt_ftr *crypt_ftr)
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800745{
746 int fd;
Tim Murray8439dc92014-12-15 11:56:11 -0800747 unsigned int cnt;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700748 off64_t starting_off;
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800749 int rc = -1;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700750 char *fname = NULL;
Ken Sumrall29d8da82011-05-18 17:20:07 -0700751 struct stat statbuf;
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800752
Ken Sumrall160b4d62013-04-22 12:15:39 -0700753 if (get_crypt_ftr_info(&fname, &starting_off)) {
754 SLOGE("Unable to get crypt_ftr_info\n");
755 return -1;
756 }
757 if (fname[0] != '/') {
Ken Sumralle5032c42012-04-01 23:58:44 -0700758 SLOGE("Unexpected value for crypto key location\n");
Ken Sumrall160b4d62013-04-22 12:15:39 -0700759 return -1;
760 }
Jeff Sharkeyce6a9132015-04-08 21:07:21 -0700761 if ( (fd = open(fname, O_RDWR|O_CLOEXEC)) < 0) {
Ken Sumralle550f782013-08-20 13:48:23 -0700762 SLOGE("Cannot open footer file %s for get\n", fname);
Ken Sumrall160b4d62013-04-22 12:15:39 -0700763 return -1;
764 }
765
766 /* Make sure it's 16 Kbytes in length */
767 fstat(fd, &statbuf);
768 if (S_ISREG(statbuf.st_mode) && (statbuf.st_size != 0x4000)) {
769 SLOGE("footer file %s is not the expected size!\n", fname);
770 goto errout;
771 }
772
773 /* Seek to the start of the crypt footer */
774 if (lseek64(fd, starting_off, SEEK_SET) == -1) {
775 SLOGE("Cannot seek to real block device footer\n");
776 goto errout;
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800777 }
778
779 if ( (cnt = read(fd, crypt_ftr, sizeof(struct crypt_mnt_ftr))) != sizeof(struct crypt_mnt_ftr)) {
780 SLOGE("Cannot read real block device footer\n");
781 goto errout;
782 }
783
784 if (crypt_ftr->magic != CRYPT_MNT_MAGIC) {
Ken Sumrall29d8da82011-05-18 17:20:07 -0700785 SLOGE("Bad magic for real block device %s\n", fname);
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800786 goto errout;
787 }
788
Kenny Rootc96a5f82013-06-14 12:08:28 -0700789 if (crypt_ftr->major_version != CURRENT_MAJOR_VERSION) {
790 SLOGE("Cannot understand major version %d real block device footer; expected %d\n",
791 crypt_ftr->major_version, CURRENT_MAJOR_VERSION);
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800792 goto errout;
793 }
794
Kenny Rootc96a5f82013-06-14 12:08:28 -0700795 if (crypt_ftr->minor_version > CURRENT_MINOR_VERSION) {
796 SLOGW("Warning: crypto footer minor version %d, expected <= %d, continuing...\n",
797 crypt_ftr->minor_version, CURRENT_MINOR_VERSION);
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800798 }
799
Ken Sumrall160b4d62013-04-22 12:15:39 -0700800 /* If this is a verion 1.0 crypt_ftr, make it a 1.1 crypt footer, and update the
801 * copy on disk before returning.
802 */
Kenny Rootc96a5f82013-06-14 12:08:28 -0700803 if (crypt_ftr->minor_version < CURRENT_MINOR_VERSION) {
Ken Sumrall160b4d62013-04-22 12:15:39 -0700804 upgrade_crypt_ftr(fd, crypt_ftr, starting_off);
Ken Sumralle8744072011-01-18 22:01:55 -0800805 }
806
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800807 /* Success! */
808 rc = 0;
809
810errout:
811 close(fd);
812 return rc;
813}
814
Ken Sumrall160b4d62013-04-22 12:15:39 -0700815static int validate_persistent_data_storage(struct crypt_mnt_ftr *crypt_ftr)
816{
817 if (crypt_ftr->persist_data_offset[0] + crypt_ftr->persist_data_size >
818 crypt_ftr->persist_data_offset[1]) {
819 SLOGE("Crypt_ftr persist data regions overlap");
820 return -1;
821 }
822
823 if (crypt_ftr->persist_data_offset[0] >= crypt_ftr->persist_data_offset[1]) {
824 SLOGE("Crypt_ftr persist data region 0 starts after region 1");
825 return -1;
826 }
827
828 if (((crypt_ftr->persist_data_offset[1] + crypt_ftr->persist_data_size) -
829 (crypt_ftr->persist_data_offset[0] - CRYPT_FOOTER_TO_PERSIST_OFFSET)) >
830 CRYPT_FOOTER_OFFSET) {
831 SLOGE("Persistent data extends past crypto footer");
832 return -1;
833 }
834
835 return 0;
836}
837
838static int load_persistent_data(void)
839{
840 struct crypt_mnt_ftr crypt_ftr;
841 struct crypt_persist_data *pdata = NULL;
842 char encrypted_state[PROPERTY_VALUE_MAX];
843 char *fname;
844 int found = 0;
845 int fd;
846 int ret;
847 int i;
848
849 if (persist_data) {
850 /* Nothing to do, we've already loaded or initialized it */
851 return 0;
852 }
853
854
855 /* If not encrypted, just allocate an empty table and initialize it */
856 property_get("ro.crypto.state", encrypted_state, "");
857 if (strcmp(encrypted_state, "encrypted") ) {
858 pdata = malloc(CRYPT_PERSIST_DATA_SIZE);
859 if (pdata) {
860 init_empty_persist_data(pdata, CRYPT_PERSIST_DATA_SIZE);
861 persist_data = pdata;
862 return 0;
863 }
864 return -1;
865 }
866
867 if(get_crypt_ftr_and_key(&crypt_ftr)) {
868 return -1;
869 }
870
Paul Lawrence8561b5c2014-03-17 14:10:51 -0700871 if ((crypt_ftr.major_version < 1)
872 || (crypt_ftr.major_version == 1 && crypt_ftr.minor_version < 1)) {
Ken Sumrall160b4d62013-04-22 12:15:39 -0700873 SLOGE("Crypt_ftr version doesn't support persistent data");
874 return -1;
875 }
876
877 if (get_crypt_ftr_info(&fname, NULL)) {
878 return -1;
879 }
880
881 ret = validate_persistent_data_storage(&crypt_ftr);
882 if (ret) {
883 return -1;
884 }
885
Jeff Sharkeyce6a9132015-04-08 21:07:21 -0700886 fd = open(fname, O_RDONLY|O_CLOEXEC);
Ken Sumrall160b4d62013-04-22 12:15:39 -0700887 if (fd < 0) {
888 SLOGE("Cannot open %s metadata file", fname);
889 return -1;
890 }
891
892 if (persist_data == NULL) {
893 pdata = malloc(crypt_ftr.persist_data_size);
894 if (pdata == NULL) {
895 SLOGE("Cannot allocate memory for persistent data");
896 goto err;
897 }
898 }
899
900 for (i = 0; i < 2; i++) {
901 if (lseek64(fd, crypt_ftr.persist_data_offset[i], SEEK_SET) < 0) {
902 SLOGE("Cannot seek to read persistent data on %s", fname);
903 goto err2;
904 }
905 if (unix_read(fd, pdata, crypt_ftr.persist_data_size) < 0){
906 SLOGE("Error reading persistent data on iteration %d", i);
907 goto err2;
908 }
909 if (pdata->persist_magic == PERSIST_DATA_MAGIC) {
910 found = 1;
911 break;
912 }
913 }
914
915 if (!found) {
916 SLOGI("Could not find valid persistent data, creating");
917 init_empty_persist_data(pdata, crypt_ftr.persist_data_size);
918 }
919
920 /* Success */
921 persist_data = pdata;
922 close(fd);
923 return 0;
924
925err2:
926 free(pdata);
927
928err:
929 close(fd);
930 return -1;
931}
932
933static int save_persistent_data(void)
934{
935 struct crypt_mnt_ftr crypt_ftr;
936 struct crypt_persist_data *pdata;
937 char *fname;
938 off64_t write_offset;
939 off64_t erase_offset;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700940 int fd;
941 int ret;
942
943 if (persist_data == NULL) {
944 SLOGE("No persistent data to save");
945 return -1;
946 }
947
948 if(get_crypt_ftr_and_key(&crypt_ftr)) {
949 return -1;
950 }
951
Paul Lawrence8561b5c2014-03-17 14:10:51 -0700952 if ((crypt_ftr.major_version < 1)
953 || (crypt_ftr.major_version == 1 && crypt_ftr.minor_version < 1)) {
Ken Sumrall160b4d62013-04-22 12:15:39 -0700954 SLOGE("Crypt_ftr version doesn't support persistent data");
955 return -1;
956 }
957
958 ret = validate_persistent_data_storage(&crypt_ftr);
959 if (ret) {
960 return -1;
961 }
962
963 if (get_crypt_ftr_info(&fname, NULL)) {
964 return -1;
965 }
966
Jeff Sharkeyce6a9132015-04-08 21:07:21 -0700967 fd = open(fname, O_RDWR|O_CLOEXEC);
Ken Sumrall160b4d62013-04-22 12:15:39 -0700968 if (fd < 0) {
969 SLOGE("Cannot open %s metadata file", fname);
970 return -1;
971 }
972
973 pdata = malloc(crypt_ftr.persist_data_size);
974 if (pdata == NULL) {
975 SLOGE("Cannot allocate persistant data");
976 goto err;
977 }
978
979 if (lseek64(fd, crypt_ftr.persist_data_offset[0], SEEK_SET) < 0) {
980 SLOGE("Cannot seek to read persistent data on %s", fname);
981 goto err2;
982 }
983
984 if (unix_read(fd, pdata, crypt_ftr.persist_data_size) < 0) {
985 SLOGE("Error reading persistent data before save");
986 goto err2;
987 }
988
989 if (pdata->persist_magic == PERSIST_DATA_MAGIC) {
990 /* The first copy is the curent valid copy, so write to
991 * the second copy and erase this one */
992 write_offset = crypt_ftr.persist_data_offset[1];
993 erase_offset = crypt_ftr.persist_data_offset[0];
994 } else {
995 /* The second copy must be the valid copy, so write to
996 * the first copy, and erase the second */
997 write_offset = crypt_ftr.persist_data_offset[0];
998 erase_offset = crypt_ftr.persist_data_offset[1];
999 }
1000
1001 /* Write the new copy first, if successful, then erase the old copy */
Björn Landström96dbee72015-01-20 12:43:56 +01001002 if (lseek64(fd, write_offset, SEEK_SET) < 0) {
Ken Sumrall160b4d62013-04-22 12:15:39 -07001003 SLOGE("Cannot seek to write persistent data");
1004 goto err2;
1005 }
1006 if (unix_write(fd, persist_data, crypt_ftr.persist_data_size) ==
1007 (int) crypt_ftr.persist_data_size) {
Björn Landström96dbee72015-01-20 12:43:56 +01001008 if (lseek64(fd, erase_offset, SEEK_SET) < 0) {
Ken Sumrall160b4d62013-04-22 12:15:39 -07001009 SLOGE("Cannot seek to erase previous persistent data");
1010 goto err2;
1011 }
1012 fsync(fd);
1013 memset(pdata, 0, crypt_ftr.persist_data_size);
1014 if (unix_write(fd, pdata, crypt_ftr.persist_data_size) !=
1015 (int) crypt_ftr.persist_data_size) {
1016 SLOGE("Cannot write to erase previous persistent data");
1017 goto err2;
1018 }
1019 fsync(fd);
1020 } else {
1021 SLOGE("Cannot write to save persistent data");
1022 goto err2;
1023 }
1024
1025 /* Success */
1026 free(pdata);
1027 close(fd);
1028 return 0;
1029
1030err2:
1031 free(pdata);
1032err:
1033 close(fd);
1034 return -1;
1035}
1036
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001037/* Convert a binary key of specified length into an ascii hex string equivalent,
1038 * without the leading 0x and with null termination
1039 */
Jeff Sharkey9c484982015-03-31 10:35:33 -07001040static void convert_key_to_hex_ascii(const unsigned char *master_key,
Paul Lawrence3bd36d52015-06-09 13:37:44 -07001041 unsigned int keysize, char *master_key_ascii) {
1042 unsigned int i, a;
1043 unsigned char nibble;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001044
Paul Lawrence3bd36d52015-06-09 13:37:44 -07001045 for (i=0, a=0; i<keysize; i++, a+=2) {
1046 /* For each byte, write out two ascii hex digits */
1047 nibble = (master_key[i] >> 4) & 0xf;
1048 master_key_ascii[a] = nibble + (nibble > 9 ? 0x37 : 0x30);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001049
Paul Lawrence3bd36d52015-06-09 13:37:44 -07001050 nibble = master_key[i] & 0xf;
1051 master_key_ascii[a+1] = nibble + (nibble > 9 ? 0x37 : 0x30);
1052 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001053
Paul Lawrence3bd36d52015-06-09 13:37:44 -07001054 /* Add the null termination */
1055 master_key_ascii[a] = '\0';
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001056
1057}
1058
Jeff Sharkey9c484982015-03-31 10:35:33 -07001059static int load_crypto_mapping_table(struct crypt_mnt_ftr *crypt_ftr,
1060 const unsigned char *master_key, const char *real_blk_name,
1061 const char *name, int fd, const char *extra_params) {
Dan Albertc07fa3f2014-12-18 10:00:55 -08001062 _Alignas(struct dm_ioctl) char buffer[DM_CRYPT_BUF_SIZE];
Ken Sumralldb5e0262013-02-05 17:39:48 -08001063 struct dm_ioctl *io;
1064 struct dm_target_spec *tgt;
1065 char *crypt_params;
1066 char master_key_ascii[129]; /* Large enough to hold 512 bit key and null */
1067 int i;
1068
1069 io = (struct dm_ioctl *) buffer;
1070
1071 /* Load the mapping table for this device */
1072 tgt = (struct dm_target_spec *) &buffer[sizeof(struct dm_ioctl)];
1073
1074 ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
1075 io->target_count = 1;
1076 tgt->status = 0;
1077 tgt->sector_start = 0;
1078 tgt->length = crypt_ftr->fs_size;
Ajay Dudani87701e22014-09-17 21:02:52 -07001079#ifdef CONFIG_HW_DISK_ENCRYPTION
Iliyan Malchevbb7d9af2014-11-20 18:42:23 -08001080 if (!strcmp((char *)crypt_ftr->crypto_type_name, "aes-xts")) {
1081 strlcpy(tgt->target_type, "req-crypt", DM_MAX_TYPE_NAME);
1082 }
1083 else {
1084 strlcpy(tgt->target_type, "crypt", DM_MAX_TYPE_NAME);
1085 }
Ajay Dudani87701e22014-09-17 21:02:52 -07001086#else
1087 strlcpy(tgt->target_type, "crypt", DM_MAX_TYPE_NAME);
1088#endif
Ken Sumralldb5e0262013-02-05 17:39:48 -08001089
1090 crypt_params = buffer + sizeof(struct dm_ioctl) + sizeof(struct dm_target_spec);
1091 convert_key_to_hex_ascii(master_key, crypt_ftr->keysize, master_key_ascii);
1092 sprintf(crypt_params, "%s %s 0 %s 0 %s", crypt_ftr->crypto_type_name,
1093 master_key_ascii, real_blk_name, extra_params);
1094 crypt_params += strlen(crypt_params) + 1;
1095 crypt_params = (char *) (((unsigned long)crypt_params + 7) & ~8); /* Align to an 8 byte boundary */
1096 tgt->next = crypt_params - buffer;
1097
1098 for (i = 0; i < TABLE_LOAD_RETRIES; i++) {
1099 if (! ioctl(fd, DM_TABLE_LOAD, io)) {
1100 break;
1101 }
1102 usleep(500000);
1103 }
1104
1105 if (i == TABLE_LOAD_RETRIES) {
1106 /* We failed to load the table, return an error */
1107 return -1;
1108 } else {
1109 return i + 1;
1110 }
1111}
1112
1113
1114static int get_dm_crypt_version(int fd, const char *name, int *version)
1115{
1116 char buffer[DM_CRYPT_BUF_SIZE];
1117 struct dm_ioctl *io;
1118 struct dm_target_versions *v;
Ken Sumralldb5e0262013-02-05 17:39:48 -08001119
1120 io = (struct dm_ioctl *) buffer;
1121
1122 ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
1123
1124 if (ioctl(fd, DM_LIST_VERSIONS, io)) {
1125 return -1;
1126 }
1127
1128 /* Iterate over the returned versions, looking for name of "crypt".
1129 * When found, get and return the version.
1130 */
1131 v = (struct dm_target_versions *) &buffer[sizeof(struct dm_ioctl)];
1132 while (v->next) {
Ajay Dudani87701e22014-09-17 21:02:52 -07001133#ifdef CONFIG_HW_DISK_ENCRYPTION
Iliyan Malchevbb7d9af2014-11-20 18:42:23 -08001134 if (! strcmp(v->name, "crypt") || ! strcmp(v->name, "req-crypt")) {
Ajay Dudani87701e22014-09-17 21:02:52 -07001135#else
Ken Sumralldb5e0262013-02-05 17:39:48 -08001136 if (! strcmp(v->name, "crypt")) {
Ajay Dudani87701e22014-09-17 21:02:52 -07001137#endif
Ken Sumralldb5e0262013-02-05 17:39:48 -08001138 /* We found the crypt driver, return the version, and get out */
1139 version[0] = v->version[0];
1140 version[1] = v->version[1];
1141 version[2] = v->version[2];
1142 return 0;
1143 }
1144 v = (struct dm_target_versions *)(((char *)v) + v->next);
1145 }
1146
1147 return -1;
1148}
1149
Jeff Sharkey9c484982015-03-31 10:35:33 -07001150static int create_crypto_blk_dev(struct crypt_mnt_ftr *crypt_ftr,
1151 const unsigned char *master_key, const char *real_blk_name,
1152 char *crypto_blk_name, const char *name) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001153 char buffer[DM_CRYPT_BUF_SIZE];
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001154 struct dm_ioctl *io;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001155 unsigned int minor;
Ajay Dudani87701e22014-09-17 21:02:52 -07001156 int fd=0;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001157 int retval = -1;
Ken Sumralldb5e0262013-02-05 17:39:48 -08001158 int version[3];
1159 char *extra_params;
1160 int load_count;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001161
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07001162 if ((fd = open("/dev/device-mapper", O_RDWR|O_CLOEXEC)) < 0 ) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001163 SLOGE("Cannot open device-mapper\n");
1164 goto errout;
1165 }
1166
1167 io = (struct dm_ioctl *) buffer;
1168
1169 ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
1170 if (ioctl(fd, DM_DEV_CREATE, io)) {
1171 SLOGE("Cannot create dm-crypt device\n");
1172 goto errout;
1173 }
1174
1175 /* Get the device status, in particular, the name of it's device file */
1176 ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
1177 if (ioctl(fd, DM_DEV_STATUS, io)) {
1178 SLOGE("Cannot retrieve dm-crypt device status\n");
1179 goto errout;
1180 }
1181 minor = (io->dev & 0xff) | ((io->dev >> 12) & 0xfff00);
1182 snprintf(crypto_blk_name, MAXPATHLEN, "/dev/block/dm-%u", minor);
1183
Ken Sumralldb5e0262013-02-05 17:39:48 -08001184 extra_params = "";
1185 if (! get_dm_crypt_version(fd, name, version)) {
1186 /* Support for allow_discards was added in version 1.11.0 */
1187 if ((version[0] >= 2) ||
1188 ((version[0] == 1) && (version[1] >= 11))) {
1189 extra_params = "1 allow_discards";
1190 SLOGI("Enabling support for allow_discards in dmcrypt.\n");
1191 }
Ken Sumralle919efe2012-09-29 17:07:41 -07001192 }
1193
Ken Sumralldb5e0262013-02-05 17:39:48 -08001194 load_count = load_crypto_mapping_table(crypt_ftr, master_key, real_blk_name, name,
1195 fd, extra_params);
1196 if (load_count < 0) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001197 SLOGE("Cannot load dm-crypt mapping table.\n");
1198 goto errout;
Ken Sumralldb5e0262013-02-05 17:39:48 -08001199 } else if (load_count > 1) {
1200 SLOGI("Took %d tries to load dmcrypt table.\n", load_count);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001201 }
1202
1203 /* Resume this device to activate it */
Ken Sumralldb5e0262013-02-05 17:39:48 -08001204 ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001205
1206 if (ioctl(fd, DM_DEV_SUSPEND, io)) {
1207 SLOGE("Cannot resume the dm-crypt device\n");
1208 goto errout;
1209 }
1210
1211 /* We made it here with no errors. Woot! */
1212 retval = 0;
1213
1214errout:
1215 close(fd); /* If fd is <0 from a failed open call, it's safe to just ignore the close error */
1216
1217 return retval;
1218}
1219
Ken Sumrall29d8da82011-05-18 17:20:07 -07001220static int delete_crypto_blk_dev(char *name)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001221{
1222 int fd;
1223 char buffer[DM_CRYPT_BUF_SIZE];
1224 struct dm_ioctl *io;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001225 int retval = -1;
1226
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07001227 if ((fd = open("/dev/device-mapper", O_RDWR|O_CLOEXEC)) < 0 ) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001228 SLOGE("Cannot open device-mapper\n");
1229 goto errout;
1230 }
1231
1232 io = (struct dm_ioctl *) buffer;
1233
1234 ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
1235 if (ioctl(fd, DM_DEV_REMOVE, io)) {
1236 SLOGE("Cannot remove dm-crypt device\n");
1237 goto errout;
1238 }
1239
1240 /* We made it here with no errors. Woot! */
1241 retval = 0;
1242
1243errout:
1244 close(fd); /* If fd is <0 from a failed open call, it's safe to just ignore the close error */
1245
1246 return retval;
1247
1248}
1249
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001250static int pbkdf2(const char *passwd, const unsigned char *salt,
Paul Lawrencef4faa572014-01-29 13:31:03 -08001251 unsigned char *ikey, void *params UNUSED)
1252{
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001253 SLOGI("Using pbkdf2 for cryptfs KDF");
1254
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001255 /* Turn the password into a key and IV that can decrypt the master key */
Paul Lawrence3bd36d52015-06-09 13:37:44 -07001256 PKCS5_PBKDF2_HMAC_SHA1(passwd, strlen(passwd),
1257 salt, SALT_LEN,
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001258 HASH_COUNT, KEY_LEN_BYTES+IV_LEN_BYTES, ikey);
Paul Lawrencef4faa572014-01-29 13:31:03 -08001259
Paul Lawrencef4faa572014-01-29 13:31:03 -08001260 return 0;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001261}
1262
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001263static int scrypt(const char *passwd, const unsigned char *salt,
Paul Lawrencef4faa572014-01-29 13:31:03 -08001264 unsigned char *ikey, void *params)
1265{
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001266 SLOGI("Using scrypt for cryptfs KDF");
1267
Kenny Rootc4c70f12013-06-14 12:11:38 -07001268 struct crypt_mnt_ftr *ftr = (struct crypt_mnt_ftr *) params;
1269
1270 int N = 1 << ftr->N_factor;
1271 int r = 1 << ftr->r_factor;
1272 int p = 1 << ftr->p_factor;
1273
1274 /* Turn the password into a key and IV that can decrypt the master key */
Paul Lawrencef4faa572014-01-29 13:31:03 -08001275 unsigned int keysize;
Paul Lawrence3bd36d52015-06-09 13:37:44 -07001276 crypto_scrypt((const uint8_t*)passwd, strlen(passwd),
1277 salt, SALT_LEN, N, r, p, ikey,
1278 KEY_LEN_BYTES + IV_LEN_BYTES);
Paul Lawrencef4faa572014-01-29 13:31:03 -08001279
Paul Lawrence3bd36d52015-06-09 13:37:44 -07001280 return 0;
Kenny Rootc4c70f12013-06-14 12:11:38 -07001281}
1282
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001283static int scrypt_keymaster(const char *passwd, const unsigned char *salt,
1284 unsigned char *ikey, void *params)
1285{
1286 SLOGI("Using scrypt with keymaster for cryptfs KDF");
1287
1288 int rc;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001289 size_t signature_size;
1290 unsigned char* signature;
1291 struct crypt_mnt_ftr *ftr = (struct crypt_mnt_ftr *) params;
1292
1293 int N = 1 << ftr->N_factor;
1294 int r = 1 << ftr->r_factor;
1295 int p = 1 << ftr->p_factor;
1296
Paul Lawrence3bd36d52015-06-09 13:37:44 -07001297 rc = crypto_scrypt((const uint8_t*)passwd, strlen(passwd),
1298 salt, SALT_LEN, N, r, p, ikey,
1299 KEY_LEN_BYTES + IV_LEN_BYTES);
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001300
1301 if (rc) {
1302 SLOGE("scrypt failed");
1303 return -1;
1304 }
1305
Shawn Willdene17a9c42014-09-08 13:04:08 -06001306 if (keymaster_sign_object(ftr, ikey, KEY_LEN_BYTES + IV_LEN_BYTES,
1307 &signature, &signature_size)) {
1308 SLOGE("Signing failed");
1309 return -1;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001310 }
1311
1312 rc = crypto_scrypt(signature, signature_size, salt, SALT_LEN,
1313 N, r, p, ikey, KEY_LEN_BYTES + IV_LEN_BYTES);
1314 free(signature);
1315
1316 if (rc) {
1317 SLOGE("scrypt failed");
1318 return -1;
1319 }
1320
1321 return 0;
1322}
1323
1324static int encrypt_master_key(const char *passwd, const unsigned char *salt,
1325 const unsigned char *decrypted_master_key,
Kenny Rootc4c70f12013-06-14 12:11:38 -07001326 unsigned char *encrypted_master_key,
1327 struct crypt_mnt_ftr *crypt_ftr)
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001328{
1329 unsigned char ikey[32+32] = { 0 }; /* Big enough to hold a 256 bit key and 256 bit IV */
1330 EVP_CIPHER_CTX e_ctx;
1331 int encrypted_len, final_len;
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001332 int rc = 0;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001333
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001334 /* Turn the password into an intermediate key and IV that can decrypt the master key */
Kenny Rootc4c70f12013-06-14 12:11:38 -07001335 get_device_scrypt_params(crypt_ftr);
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001336
1337 switch (crypt_ftr->kdf_type) {
1338 case KDF_SCRYPT_KEYMASTER:
1339 if (keymaster_create_key(crypt_ftr)) {
1340 SLOGE("keymaster_create_key failed");
1341 return -1;
1342 }
1343
1344 if (scrypt_keymaster(passwd, salt, ikey, crypt_ftr)) {
1345 SLOGE("scrypt failed");
1346 return -1;
1347 }
1348 break;
1349
1350 case KDF_SCRYPT:
1351 if (scrypt(passwd, salt, ikey, crypt_ftr)) {
1352 SLOGE("scrypt failed");
1353 return -1;
1354 }
1355 break;
1356
1357 default:
1358 SLOGE("Invalid kdf_type");
Paul Lawrencef4faa572014-01-29 13:31:03 -08001359 return -1;
1360 }
Kenny Rootc4c70f12013-06-14 12:11:38 -07001361
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001362 /* Initialize the decryption engine */
Adam Langley889c4f12014-09-03 14:23:13 -07001363 EVP_CIPHER_CTX_init(&e_ctx);
1364 if (! EVP_EncryptInit_ex(&e_ctx, EVP_aes_128_cbc(), NULL, ikey, ikey+KEY_LEN_BYTES)) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001365 SLOGE("EVP_EncryptInit failed\n");
1366 return -1;
1367 }
1368 EVP_CIPHER_CTX_set_padding(&e_ctx, 0); /* Turn off padding as our data is block aligned */
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001369
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001370 /* Encrypt the master key */
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001371 if (! EVP_EncryptUpdate(&e_ctx, encrypted_master_key, &encrypted_len,
Paul Lawrence731a7a22015-04-28 22:14:15 +00001372 decrypted_master_key, KEY_LEN_BYTES)) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001373 SLOGE("EVP_EncryptUpdate failed\n");
1374 return -1;
1375 }
Adam Langley889c4f12014-09-03 14:23:13 -07001376 if (! EVP_EncryptFinal_ex(&e_ctx, encrypted_master_key + encrypted_len, &final_len)) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001377 SLOGE("EVP_EncryptFinal failed\n");
1378 return -1;
1379 }
1380
1381 if (encrypted_len + final_len != KEY_LEN_BYTES) {
1382 SLOGE("EVP_Encryption length check failed with %d, %d bytes\n", encrypted_len, final_len);
1383 return -1;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001384 }
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001385
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001386 /* Store the scrypt of the intermediate key, so we can validate if it's a
1387 password error or mount error when things go wrong.
1388 Note there's no need to check for errors, since if this is incorrect, we
1389 simply won't wipe userdata, which is the correct default behavior
1390 */
1391 int N = 1 << crypt_ftr->N_factor;
1392 int r = 1 << crypt_ftr->r_factor;
1393 int p = 1 << crypt_ftr->p_factor;
1394
1395 rc = crypto_scrypt(ikey, KEY_LEN_BYTES,
1396 crypt_ftr->salt, sizeof(crypt_ftr->salt), N, r, p,
1397 crypt_ftr->scrypted_intermediate_key,
1398 sizeof(crypt_ftr->scrypted_intermediate_key));
1399
1400 if (rc) {
1401 SLOGE("encrypt_master_key: crypto_scrypt failed");
1402 }
1403
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001404 return 0;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001405}
1406
Paul Lawrence731a7a22015-04-28 22:14:15 +00001407static int decrypt_master_key_aux(const char *passwd, unsigned char *salt,
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001408 unsigned char *encrypted_master_key,
1409 unsigned char *decrypted_master_key,
1410 kdf_func kdf, void *kdf_params,
1411 unsigned char** intermediate_key,
1412 size_t* intermediate_key_size)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001413{
1414 unsigned char ikey[32+32] = { 0 }; /* Big enough to hold a 256 bit key and 256 bit IV */
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001415 EVP_CIPHER_CTX d_ctx;
1416 int decrypted_len, final_len;
1417
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001418 /* Turn the password into an intermediate key and IV that can decrypt the
1419 master key */
Paul Lawrencef4faa572014-01-29 13:31:03 -08001420 if (kdf(passwd, salt, ikey, kdf_params)) {
1421 SLOGE("kdf failed");
1422 return -1;
1423 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001424
1425 /* Initialize the decryption engine */
Adam Langley889c4f12014-09-03 14:23:13 -07001426 EVP_CIPHER_CTX_init(&d_ctx);
1427 if (! EVP_DecryptInit_ex(&d_ctx, EVP_aes_128_cbc(), NULL, ikey, ikey+KEY_LEN_BYTES)) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001428 return -1;
1429 }
1430 EVP_CIPHER_CTX_set_padding(&d_ctx, 0); /* Turn off padding as our data is block aligned */
1431 /* Decrypt the master key */
1432 if (! EVP_DecryptUpdate(&d_ctx, decrypted_master_key, &decrypted_len,
1433 encrypted_master_key, KEY_LEN_BYTES)) {
1434 return -1;
1435 }
Adam Langley889c4f12014-09-03 14:23:13 -07001436 if (! EVP_DecryptFinal_ex(&d_ctx, decrypted_master_key + decrypted_len, &final_len)) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001437 return -1;
1438 }
1439
1440 if (decrypted_len + final_len != KEY_LEN_BYTES) {
1441 return -1;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001442 }
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001443
1444 /* Copy intermediate key if needed by params */
1445 if (intermediate_key && intermediate_key_size) {
1446 *intermediate_key = (unsigned char*) malloc(KEY_LEN_BYTES);
1447 if (intermediate_key) {
1448 memcpy(*intermediate_key, ikey, KEY_LEN_BYTES);
1449 *intermediate_key_size = KEY_LEN_BYTES;
1450 }
1451 }
1452
1453 return 0;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001454}
1455
Kenny Rootc4c70f12013-06-14 12:11:38 -07001456static void get_kdf_func(struct crypt_mnt_ftr *ftr, kdf_func *kdf, void** kdf_params)
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001457{
Paul Lawrencedb3730c2015-02-03 13:08:10 -08001458 if (ftr->kdf_type == KDF_SCRYPT_KEYMASTER) {
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001459 *kdf = scrypt_keymaster;
1460 *kdf_params = ftr;
1461 } else if (ftr->kdf_type == KDF_SCRYPT) {
Kenny Rootc4c70f12013-06-14 12:11:38 -07001462 *kdf = scrypt;
1463 *kdf_params = ftr;
1464 } else {
1465 *kdf = pbkdf2;
1466 *kdf_params = NULL;
1467 }
1468}
1469
Paul Lawrence731a7a22015-04-28 22:14:15 +00001470static int decrypt_master_key(const char *passwd, unsigned char *decrypted_master_key,
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001471 struct crypt_mnt_ftr *crypt_ftr,
1472 unsigned char** intermediate_key,
1473 size_t* intermediate_key_size)
Kenny Rootc4c70f12013-06-14 12:11:38 -07001474{
1475 kdf_func kdf;
1476 void *kdf_params;
1477 int ret;
1478
1479 get_kdf_func(crypt_ftr, &kdf, &kdf_params);
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001480 ret = decrypt_master_key_aux(passwd, crypt_ftr->salt, crypt_ftr->master_key,
1481 decrypted_master_key, kdf, kdf_params,
1482 intermediate_key, intermediate_key_size);
Kenny Rootc4c70f12013-06-14 12:11:38 -07001483 if (ret != 0) {
1484 SLOGW("failure decrypting master key");
Kenny Rootc4c70f12013-06-14 12:11:38 -07001485 }
1486
1487 return ret;
1488}
1489
1490static int create_encrypted_random_key(char *passwd, unsigned char *master_key, unsigned char *salt,
1491 struct crypt_mnt_ftr *crypt_ftr) {
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001492 int fd;
Ken Sumralle8744072011-01-18 22:01:55 -08001493 unsigned char key_buf[KEY_LEN_BYTES];
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001494
1495 /* Get some random bits for a key */
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07001496 fd = open("/dev/urandom", O_RDONLY|O_CLOEXEC);
Ken Sumralle8744072011-01-18 22:01:55 -08001497 read(fd, key_buf, sizeof(key_buf));
1498 read(fd, salt, SALT_LEN);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001499 close(fd);
1500
1501 /* Now encrypt it with the password */
Kenny Rootc4c70f12013-06-14 12:11:38 -07001502 return encrypt_master_key(passwd, salt, key_buf, master_key, crypt_ftr);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001503}
1504
Paul Lawrence2f32cda2015-05-05 14:28:25 -07001505int wait_and_unmount(const char *mountpoint, bool kill)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001506{
Greg Hackmann955653e2014-09-24 14:55:20 -07001507 int i, err, rc;
Ken Sumrall2eaf7132011-01-14 12:45:48 -08001508#define WAIT_UNMOUNT_COUNT 20
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001509
1510 /* Now umount the tmpfs filesystem */
1511 for (i=0; i<WAIT_UNMOUNT_COUNT; i++) {
Greg Hackmann6e8440f2014-10-02 17:18:20 -07001512 if (umount(mountpoint) == 0) {
1513 break;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001514 }
Greg Hackmann6e8440f2014-10-02 17:18:20 -07001515
1516 if (errno == EINVAL) {
1517 /* EINVAL is returned if the directory is not a mountpoint,
1518 * i.e. there is no filesystem mounted there. So just get out.
1519 */
1520 break;
1521 }
1522
1523 err = errno;
1524
1525 /* If allowed, be increasingly aggressive before the last two retries */
1526 if (kill) {
1527 if (i == (WAIT_UNMOUNT_COUNT - 3)) {
1528 SLOGW("sending SIGHUP to processes with open files\n");
Jeff Sharkey36801cc2015-03-13 16:09:20 -07001529 vold_killProcessesWithOpenFiles(mountpoint, SIGTERM);
Greg Hackmann6e8440f2014-10-02 17:18:20 -07001530 } else if (i == (WAIT_UNMOUNT_COUNT - 2)) {
1531 SLOGW("sending SIGKILL to processes with open files\n");
Jeff Sharkey36801cc2015-03-13 16:09:20 -07001532 vold_killProcessesWithOpenFiles(mountpoint, SIGKILL);
Greg Hackmann6e8440f2014-10-02 17:18:20 -07001533 }
1534 }
1535
1536 sleep(1);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001537 }
1538
1539 if (i < WAIT_UNMOUNT_COUNT) {
1540 SLOGD("unmounting %s succeeded\n", mountpoint);
1541 rc = 0;
1542 } else {
jessica_yu3f14fe42014-09-22 15:57:40 +08001543 vold_killProcessesWithOpenFiles(mountpoint, 0);
Greg Hackmann955653e2014-09-24 14:55:20 -07001544 SLOGE("unmounting %s failed: %s\n", mountpoint, strerror(err));
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001545 rc = -1;
1546 }
1547
1548 return rc;
1549}
1550
Paul Lawrenceb1ef4662015-06-11 11:15:29 -07001551#define DATA_PREP_TIMEOUT 1000
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001552static int prep_data_fs(void)
1553{
1554 int i;
1555
1556 /* Do the prep of the /data filesystem */
1557 property_set("vold.post_fs_data_done", "0");
1558 property_set("vold.decrypt", "trigger_post_fs_data");
1559 SLOGD("Just triggered post_fs_data\n");
1560
Ken Sumrallc5872692013-05-14 15:26:31 -07001561 /* Wait a max of 50 seconds, hopefully it takes much less */
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001562 for (i=0; i<DATA_PREP_TIMEOUT; i++) {
Ken Sumrall29d8da82011-05-18 17:20:07 -07001563 char p[PROPERTY_VALUE_MAX];
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001564
1565 property_get("vold.post_fs_data_done", p, "0");
1566 if (*p == '1') {
1567 break;
1568 } else {
Paul Lawrenceb1ef4662015-06-11 11:15:29 -07001569 usleep(50000);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001570 }
1571 }
1572 if (i == DATA_PREP_TIMEOUT) {
1573 /* Ugh, we failed to prep /data in time. Bail. */
Ken Sumrallc5872692013-05-14 15:26:31 -07001574 SLOGE("post_fs_data timed out!\n");
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001575 return -1;
1576 } else {
1577 SLOGD("post_fs_data done\n");
1578 return 0;
1579 }
1580}
1581
Paul Lawrence74f29f12014-08-28 15:54:10 -07001582static void cryptfs_set_corrupt()
1583{
1584 // Mark the footer as bad
1585 struct crypt_mnt_ftr crypt_ftr;
1586 if (get_crypt_ftr_and_key(&crypt_ftr)) {
1587 SLOGE("Failed to get crypto footer - panic");
1588 return;
1589 }
1590
1591 crypt_ftr.flags |= CRYPT_DATA_CORRUPT;
1592 if (put_crypt_ftr_and_key(&crypt_ftr)) {
1593 SLOGE("Failed to set crypto footer - panic");
1594 return;
1595 }
1596}
1597
1598static void cryptfs_trigger_restart_min_framework()
1599{
1600 if (fs_mgr_do_tmpfs_mount(DATA_MNT_POINT)) {
1601 SLOGE("Failed to mount tmpfs on data - panic");
1602 return;
1603 }
1604
1605 if (property_set("vold.decrypt", "trigger_post_fs_data")) {
1606 SLOGE("Failed to trigger post fs data - panic");
1607 return;
1608 }
1609
1610 if (property_set("vold.decrypt", "trigger_restart_min_framework")) {
1611 SLOGE("Failed to trigger restart min framework - panic");
1612 return;
1613 }
1614}
1615
Paul Lawrence8e3f4512014-09-08 10:11:17 -07001616/* returns < 0 on failure */
Paul Lawrencef4faa572014-01-29 13:31:03 -08001617static int cryptfs_restart_internal(int restart_main)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001618{
Ken Sumrall6864b7e2011-01-14 15:20:02 -08001619 char crypto_blkdev[MAXPATHLEN];
Tim Murray8439dc92014-12-15 11:56:11 -08001620 int rc = -1;
Ken Sumrall0cc16632011-01-18 20:32:26 -08001621 static int restart_successful = 0;
1622
1623 /* Validate that it's OK to call this routine */
Jason parks70a4b3f2011-01-28 10:10:47 -06001624 if (! master_key_saved) {
Ken Sumrall0cc16632011-01-18 20:32:26 -08001625 SLOGE("Encrypted filesystem not validated, aborting");
1626 return -1;
1627 }
1628
1629 if (restart_successful) {
1630 SLOGE("System already restarted with encrypted disk, aborting");
1631 return -1;
1632 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001633
Paul Lawrencef4faa572014-01-29 13:31:03 -08001634 if (restart_main) {
1635 /* Here is where we shut down the framework. The init scripts
1636 * start all services in one of three classes: core, main or late_start.
1637 * On boot, we start core and main. Now, we stop main, but not core,
1638 * as core includes vold and a few other really important things that
1639 * we need to keep running. Once main has stopped, we should be able
1640 * to umount the tmpfs /data, then mount the encrypted /data.
1641 * We then restart the class main, and also the class late_start.
1642 * At the moment, I've only put a few things in late_start that I know
1643 * are not needed to bring up the framework, and that also cause problems
1644 * with unmounting the tmpfs /data, but I hope to add add more services
1645 * to the late_start class as we optimize this to decrease the delay
1646 * till the user is asked for the password to the filesystem.
1647 */
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001648
Paul Lawrencef4faa572014-01-29 13:31:03 -08001649 /* The init files are setup to stop the class main when vold.decrypt is
1650 * set to trigger_reset_main.
1651 */
1652 property_set("vold.decrypt", "trigger_reset_main");
1653 SLOGD("Just asked init to shut down class main\n");
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001654
Paul Lawrencef4faa572014-01-29 13:31:03 -08001655 /* Ugh, shutting down the framework is not synchronous, so until it
1656 * can be fixed, this horrible hack will wait a moment for it all to
1657 * shut down before proceeding. Without it, some devices cannot
1658 * restart the graphics services.
1659 */
1660 sleep(2);
1661 }
Ken Sumrall9dedfd42012-10-09 14:16:59 -07001662
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001663 /* Now that the framework is shutdown, we should be able to umount()
1664 * the tmpfs filesystem, and mount the real one.
1665 */
1666
Ken Sumrall6864b7e2011-01-14 15:20:02 -08001667 property_get("ro.crypto.fs_crypto_blkdev", crypto_blkdev, "");
1668 if (strlen(crypto_blkdev) == 0) {
1669 SLOGE("fs_crypto_blkdev not set\n");
1670 return -1;
1671 }
1672
Greg Hackmann6e8440f2014-10-02 17:18:20 -07001673 if (! (rc = wait_and_unmount(DATA_MNT_POINT, true)) ) {
Doug Zongker6fd57712013-12-17 09:43:23 -08001674 /* If ro.crypto.readonly is set to 1, mount the decrypted
1675 * filesystem readonly. This is used when /data is mounted by
1676 * recovery mode.
1677 */
1678 char ro_prop[PROPERTY_VALUE_MAX];
1679 property_get("ro.crypto.readonly", ro_prop, "");
1680 if (strlen(ro_prop) > 0 && atoi(ro_prop)) {
1681 struct fstab_rec* rec = fs_mgr_get_entry_for_mount_point(fstab, DATA_MNT_POINT);
1682 rec->flags |= MS_RDONLY;
1683 }
JP Abgrall62c7af32014-06-16 13:01:23 -07001684
Ken Sumralle5032c42012-04-01 23:58:44 -07001685 /* If that succeeded, then mount the decrypted filesystem */
Paul Lawrence8e3f4512014-09-08 10:11:17 -07001686 int retries = RETRY_MOUNT_ATTEMPTS;
1687 int mount_rc;
1688 while ((mount_rc = fs_mgr_do_mount(fstab, DATA_MNT_POINT,
1689 crypto_blkdev, 0))
1690 != 0) {
1691 if (mount_rc == FS_MGR_DOMNT_BUSY) {
1692 /* TODO: invoke something similar to
1693 Process::killProcessWithOpenFiles(DATA_MNT_POINT,
1694 retries > RETRY_MOUNT_ATTEMPT/2 ? 1 : 2 ) */
1695 SLOGI("Failed to mount %s because it is busy - waiting",
1696 crypto_blkdev);
1697 if (--retries) {
1698 sleep(RETRY_MOUNT_DELAY_SECONDS);
1699 } else {
1700 /* Let's hope that a reboot clears away whatever is keeping
1701 the mount busy */
1702 cryptfs_reboot(reboot);
1703 }
1704 } else {
1705 SLOGE("Failed to mount decrypted data");
1706 cryptfs_set_corrupt();
1707 cryptfs_trigger_restart_min_framework();
1708 SLOGI("Started framework to offer wipe");
1709 return -1;
1710 }
Paul Lawrence74f29f12014-08-28 15:54:10 -07001711 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001712
Ken Sumralle5032c42012-04-01 23:58:44 -07001713 property_set("vold.decrypt", "trigger_load_persist_props");
1714 /* Create necessary paths on /data */
1715 if (prep_data_fs()) {
1716 return -1;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001717 }
Ken Sumralle5032c42012-04-01 23:58:44 -07001718
1719 /* startup service classes main and late_start */
1720 property_set("vold.decrypt", "trigger_restart_framework");
1721 SLOGD("Just triggered restart_framework\n");
1722
1723 /* Give it a few moments to get started */
1724 sleep(1);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001725 }
1726
Ken Sumrall0cc16632011-01-18 20:32:26 -08001727 if (rc == 0) {
1728 restart_successful = 1;
1729 }
1730
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001731 return rc;
1732}
1733
Paul Lawrencef4faa572014-01-29 13:31:03 -08001734int cryptfs_restart(void)
1735{
Paul Lawrence05335c32015-03-05 09:46:23 -08001736 SLOGI("cryptfs_restart");
1737 if (e4crypt_crypto_complete(DATA_MNT_POINT) == 0) {
1738 struct fstab_rec* rec;
1739 int rc;
1740
1741 if (e4crypt_restart(DATA_MNT_POINT)) {
1742 SLOGE("Can't unmount e4crypt temp volume\n");
1743 return -1;
1744 }
1745
1746 rec = fs_mgr_get_entry_for_mount_point(fstab, DATA_MNT_POINT);
1747 if (!rec) {
1748 SLOGE("Can't get fstab record for %s\n", DATA_MNT_POINT);
1749 return -1;
1750 }
1751
1752 rc = fs_mgr_do_mount(fstab, DATA_MNT_POINT, rec->blk_device, 0);
1753 if (rc) {
1754 SLOGE("Can't mount %s\n", DATA_MNT_POINT);
1755 return rc;
1756 }
1757
1758 property_set("vold.decrypt", "trigger_restart_framework");
1759 return 0;
1760 }
1761
Paul Lawrencef4faa572014-01-29 13:31:03 -08001762 /* Call internal implementation forcing a restart of main service group */
1763 return cryptfs_restart_internal(1);
1764}
1765
Paul Lawrence05335c32015-03-05 09:46:23 -08001766static int do_crypto_complete(char *mount_point)
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08001767{
1768 struct crypt_mnt_ftr crypt_ftr;
Ken Sumrall29d8da82011-05-18 17:20:07 -07001769 char encrypted_state[PROPERTY_VALUE_MAX];
Ken Sumralle1a45852011-12-14 21:24:27 -08001770 char key_loc[PROPERTY_VALUE_MAX];
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08001771
1772 property_get("ro.crypto.state", encrypted_state, "");
1773 if (strcmp(encrypted_state, "encrypted") ) {
1774 SLOGE("not running with encryption, aborting");
Paul Lawrence74f29f12014-08-28 15:54:10 -07001775 return CRYPTO_COMPLETE_NOT_ENCRYPTED;
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08001776 }
1777
Paul Lawrence05335c32015-03-05 09:46:23 -08001778 if (e4crypt_crypto_complete(mount_point) == 0) {
1779 return CRYPTO_COMPLETE_ENCRYPTED;
1780 }
1781
Ken Sumrall160b4d62013-04-22 12:15:39 -07001782 if (get_crypt_ftr_and_key(&crypt_ftr)) {
Ken Sumrall56ad03c2013-02-13 13:00:19 -08001783 fs_mgr_get_crypt_info(fstab, key_loc, 0, sizeof(key_loc));
Ken Sumralle5032c42012-04-01 23:58:44 -07001784
Ken Sumralle1a45852011-12-14 21:24:27 -08001785 /*
1786 * Only report this error if key_loc is a file and it exists.
1787 * If the device was never encrypted, and /data is not mountable for
1788 * some reason, returning 1 should prevent the UI from presenting the
1789 * a "enter password" screen, or worse, a "press button to wipe the
1790 * device" screen.
1791 */
1792 if ((key_loc[0] == '/') && (access("key_loc", F_OK) == -1)) {
1793 SLOGE("master key file does not exist, aborting");
Paul Lawrence74f29f12014-08-28 15:54:10 -07001794 return CRYPTO_COMPLETE_NOT_ENCRYPTED;
Ken Sumralle1a45852011-12-14 21:24:27 -08001795 } else {
1796 SLOGE("Error getting crypt footer and key\n");
Paul Lawrence74f29f12014-08-28 15:54:10 -07001797 return CRYPTO_COMPLETE_BAD_METADATA;
Ken Sumralle1a45852011-12-14 21:24:27 -08001798 }
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08001799 }
1800
Paul Lawrence74f29f12014-08-28 15:54:10 -07001801 // Test for possible error flags
1802 if (crypt_ftr.flags & CRYPT_ENCRYPTION_IN_PROGRESS){
1803 SLOGE("Encryption process is partway completed\n");
1804 return CRYPTO_COMPLETE_PARTIAL;
1805 }
1806
1807 if (crypt_ftr.flags & CRYPT_INCONSISTENT_STATE){
1808 SLOGE("Encryption process was interrupted but cannot continue\n");
1809 return CRYPTO_COMPLETE_INCONSISTENT;
1810 }
1811
1812 if (crypt_ftr.flags & CRYPT_DATA_CORRUPT){
1813 SLOGE("Encryption is successful but data is corrupt\n");
1814 return CRYPTO_COMPLETE_CORRUPT;
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08001815 }
1816
1817 /* We passed the test! We shall diminish, and return to the west */
Paul Lawrence74f29f12014-08-28 15:54:10 -07001818 return CRYPTO_COMPLETE_ENCRYPTED;
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08001819}
1820
Paul Lawrencef4faa572014-01-29 13:31:03 -08001821static int test_mount_encrypted_fs(struct crypt_mnt_ftr* crypt_ftr,
1822 char *passwd, char *mount_point, char *label)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001823{
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001824 /* Allocate enough space for a 256 bit key, but we may use less */
Ken Sumrall160b4d62013-04-22 12:15:39 -07001825 unsigned char decrypted_master_key[32];
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001826 char crypto_blkdev[MAXPATHLEN];
1827 char real_blkdev[MAXPATHLEN];
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001828 char tmp_mount_point[64];
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001829 unsigned int orig_failed_decrypt_count;
1830 int rc;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001831 int use_keymaster = 0;
1832 int upgrade = 0;
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001833 unsigned char* intermediate_key = 0;
1834 size_t intermediate_key_size = 0;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001835
Paul Lawrencef4faa572014-01-29 13:31:03 -08001836 SLOGD("crypt_ftr->fs_size = %lld\n", crypt_ftr->fs_size);
1837 orig_failed_decrypt_count = crypt_ftr->failed_decrypt_count;
Ken Sumrall0cc16632011-01-18 20:32:26 -08001838
Paul Lawrencef4faa572014-01-29 13:31:03 -08001839 if (! (crypt_ftr->flags & CRYPT_MNT_KEY_UNENCRYPTED) ) {
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001840 if (decrypt_master_key(passwd, decrypted_master_key, crypt_ftr,
1841 &intermediate_key, &intermediate_key_size)) {
JP Abgrall7bdfa522013-11-15 13:42:56 -08001842 SLOGE("Failed to decrypt master key\n");
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001843 rc = -1;
1844 goto errout;
JP Abgrall7bdfa522013-11-15 13:42:56 -08001845 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001846 }
1847
Paul Lawrencef4faa572014-01-29 13:31:03 -08001848 fs_mgr_get_crypt_info(fstab, 0, real_blkdev, sizeof(real_blkdev));
1849
Ajay Dudani87701e22014-09-17 21:02:52 -07001850#ifdef CONFIG_HW_DISK_ENCRYPTION
Iliyan Malchevbb7d9af2014-11-20 18:42:23 -08001851 if (!strcmp((char *)crypt_ftr->crypto_type_name, "aes-xts")) {
1852 if(!set_hw_device_encryption_key(passwd, (char*) crypt_ftr->crypto_type_name)) {
1853 SLOGE("Hardware encryption key does not match");
1854 }
Ajay Dudani87701e22014-09-17 21:02:52 -07001855 }
1856#endif
1857
Paul Lawrence74f29f12014-08-28 15:54:10 -07001858 // Create crypto block device - all (non fatal) code paths
1859 // need it
Paul Lawrencef4faa572014-01-29 13:31:03 -08001860 if (create_crypto_blk_dev(crypt_ftr, decrypted_master_key,
1861 real_blkdev, crypto_blkdev, label)) {
Paul Lawrence74f29f12014-08-28 15:54:10 -07001862 SLOGE("Error creating decrypted block device\n");
1863 rc = -1;
1864 goto errout;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001865 }
1866
Paul Lawrence74f29f12014-08-28 15:54:10 -07001867 /* Work out if the problem is the password or the data */
1868 unsigned char scrypted_intermediate_key[sizeof(crypt_ftr->
1869 scrypted_intermediate_key)];
1870 int N = 1 << crypt_ftr->N_factor;
1871 int r = 1 << crypt_ftr->r_factor;
1872 int p = 1 << crypt_ftr->p_factor;
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001873
Paul Lawrence74f29f12014-08-28 15:54:10 -07001874 rc = crypto_scrypt(intermediate_key, intermediate_key_size,
1875 crypt_ftr->salt, sizeof(crypt_ftr->salt),
1876 N, r, p, scrypted_intermediate_key,
1877 sizeof(scrypted_intermediate_key));
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001878
Paul Lawrence74f29f12014-08-28 15:54:10 -07001879 // Does the key match the crypto footer?
1880 if (rc == 0 && memcmp(scrypted_intermediate_key,
1881 crypt_ftr->scrypted_intermediate_key,
1882 sizeof(scrypted_intermediate_key)) == 0) {
1883 SLOGI("Password matches");
1884 rc = 0;
1885 } else {
1886 /* Try mounting the file system anyway, just in case the problem's with
1887 * the footer, not the key. */
1888 sprintf(tmp_mount_point, "%s/tmp_mnt", mount_point);
1889 mkdir(tmp_mount_point, 0755);
1890 if (fs_mgr_do_mount(fstab, DATA_MNT_POINT, crypto_blkdev, tmp_mount_point)) {
1891 SLOGE("Error temp mounting decrypted block device\n");
1892 delete_crypto_blk_dev(label);
1893
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001894 rc = ++crypt_ftr->failed_decrypt_count;
1895 put_crypt_ftr_and_key(crypt_ftr);
Paul Lawrence74f29f12014-08-28 15:54:10 -07001896 } else {
1897 /* Success! */
1898 SLOGI("Password did not match but decrypted drive mounted - continue");
1899 umount(tmp_mount_point);
1900 rc = 0;
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001901 }
Paul Lawrence74f29f12014-08-28 15:54:10 -07001902 }
1903
1904 if (rc == 0) {
1905 crypt_ftr->failed_decrypt_count = 0;
Paul Lawrence72b8b822014-10-05 12:57:37 -07001906 if (orig_failed_decrypt_count != 0) {
1907 put_crypt_ftr_and_key(crypt_ftr);
1908 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001909
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001910 /* Save the name of the crypto block device
Paul Lawrence74f29f12014-08-28 15:54:10 -07001911 * so we can mount it when restarting the framework. */
Ken Sumrall6864b7e2011-01-14 15:20:02 -08001912 property_set("ro.crypto.fs_crypto_blkdev", crypto_blkdev);
Jason parks70a4b3f2011-01-28 10:10:47 -06001913
1914 /* Also save a the master key so we can reencrypted the key
Paul Lawrence74f29f12014-08-28 15:54:10 -07001915 * the key when we want to change the password on it. */
Jason parks70a4b3f2011-01-28 10:10:47 -06001916 memcpy(saved_master_key, decrypted_master_key, KEY_LEN_BYTES);
Ken Sumrall3ad90722011-10-04 20:38:29 -07001917 saved_mount_point = strdup(mount_point);
Jason parks70a4b3f2011-01-28 10:10:47 -06001918 master_key_saved = 1;
JP Abgrall7bdfa522013-11-15 13:42:56 -08001919 SLOGD("%s(): Master key saved\n", __FUNCTION__);
Ken Sumrall6864b7e2011-01-14 15:20:02 -08001920 rc = 0;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001921
Paul Lawrence74f29f12014-08-28 15:54:10 -07001922 // Upgrade if we're not using the latest KDF.
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001923 use_keymaster = keymaster_check_compatibility();
1924 if (crypt_ftr->kdf_type == KDF_SCRYPT_KEYMASTER) {
Shawn Willden47ba10d2014-09-03 17:07:06 -06001925 // Don't allow downgrade
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001926 } else if (use_keymaster == 1 && crypt_ftr->kdf_type != KDF_SCRYPT_KEYMASTER) {
1927 crypt_ftr->kdf_type = KDF_SCRYPT_KEYMASTER;
1928 upgrade = 1;
1929 } else if (use_keymaster == 0 && crypt_ftr->kdf_type != KDF_SCRYPT) {
Paul Lawrencef4faa572014-01-29 13:31:03 -08001930 crypt_ftr->kdf_type = KDF_SCRYPT;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001931 upgrade = 1;
1932 }
1933
1934 if (upgrade) {
Paul Lawrencef4faa572014-01-29 13:31:03 -08001935 rc = encrypt_master_key(passwd, crypt_ftr->salt, saved_master_key,
1936 crypt_ftr->master_key, crypt_ftr);
JP Abgrall7bdfa522013-11-15 13:42:56 -08001937 if (!rc) {
Paul Lawrencef4faa572014-01-29 13:31:03 -08001938 rc = put_crypt_ftr_and_key(crypt_ftr);
JP Abgrall7bdfa522013-11-15 13:42:56 -08001939 }
1940 SLOGD("Key Derivation Function upgrade: rc=%d\n", rc);
Paul Lawrenceb2f682b2014-09-08 11:28:19 -07001941
1942 // Do not fail even if upgrade failed - machine is bootable
1943 // Note that if this code is ever hit, there is a *serious* problem
1944 // since KDFs should never fail. You *must* fix the kdf before
1945 // proceeding!
1946 if (rc) {
1947 SLOGW("Upgrade failed with error %d,"
1948 " but continuing with previous state",
1949 rc);
1950 rc = 0;
1951 }
JP Abgrall7bdfa522013-11-15 13:42:56 -08001952 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001953 }
1954
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001955 errout:
1956 if (intermediate_key) {
1957 memset(intermediate_key, 0, intermediate_key_size);
1958 free(intermediate_key);
1959 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001960 return rc;
1961}
1962
Ken Sumrall29d8da82011-05-18 17:20:07 -07001963/*
Jeff Sharkey9c484982015-03-31 10:35:33 -07001964 * Called by vold when it's asked to mount an encrypted external
1965 * storage volume. The incoming partition has no crypto header/footer,
1966 * as any metadata is been stored in a separate, small partition.
1967 *
1968 * out_crypto_blkdev must be MAXPATHLEN.
Ken Sumrall29d8da82011-05-18 17:20:07 -07001969 */
Jeff Sharkey9c484982015-03-31 10:35:33 -07001970int cryptfs_setup_ext_volume(const char* label, const char* real_blkdev,
1971 const unsigned char* key, int keysize, char* out_crypto_blkdev) {
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07001972 int fd = open(real_blkdev, O_RDONLY|O_CLOEXEC);
Hiroaki Miyazawa14eab552015-02-04 13:29:15 +09001973 if (fd == -1) {
Jeff Sharkey9c484982015-03-31 10:35:33 -07001974 SLOGE("Failed to open %s: %s", real_blkdev, strerror(errno));
Hiroaki Miyazawa14eab552015-02-04 13:29:15 +09001975 return -1;
1976 }
1977
1978 unsigned long nr_sec = 0;
1979 get_blkdev_size(fd, &nr_sec);
Ken Sumrall29d8da82011-05-18 17:20:07 -07001980 close(fd);
Hiroaki Miyazawa14eab552015-02-04 13:29:15 +09001981
Ken Sumrall29d8da82011-05-18 17:20:07 -07001982 if (nr_sec == 0) {
Jeff Sharkey9c484982015-03-31 10:35:33 -07001983 SLOGE("Failed to get size of %s: %s", real_blkdev, strerror(errno));
Ken Sumrall29d8da82011-05-18 17:20:07 -07001984 return -1;
1985 }
1986
Jeff Sharkey9c484982015-03-31 10:35:33 -07001987 struct crypt_mnt_ftr ext_crypt_ftr;
1988 memset(&ext_crypt_ftr, 0, sizeof(ext_crypt_ftr));
1989 ext_crypt_ftr.fs_size = nr_sec;
1990 ext_crypt_ftr.keysize = keysize;
1991 strcpy((char*) ext_crypt_ftr.crypto_type_name, "aes-cbc-essiv:sha256");
Ken Sumrall29d8da82011-05-18 17:20:07 -07001992
Jeff Sharkey9c484982015-03-31 10:35:33 -07001993 return create_crypto_blk_dev(&ext_crypt_ftr, key, real_blkdev,
1994 out_crypto_blkdev, label);
1995}
Ken Sumrall29d8da82011-05-18 17:20:07 -07001996
Jeff Sharkey9c484982015-03-31 10:35:33 -07001997/*
1998 * Called by vold when it's asked to unmount an encrypted external
1999 * storage volume.
2000 */
2001int cryptfs_revert_ext_volume(const char* label) {
2002 return delete_crypto_blk_dev((char*) label);
Ken Sumrall29d8da82011-05-18 17:20:07 -07002003}
2004
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08002005int cryptfs_crypto_complete(void)
2006{
2007 return do_crypto_complete("/data");
2008}
2009
Paul Lawrencef4faa572014-01-29 13:31:03 -08002010int check_unmounted_and_get_ftr(struct crypt_mnt_ftr* crypt_ftr)
2011{
2012 char encrypted_state[PROPERTY_VALUE_MAX];
2013 property_get("ro.crypto.state", encrypted_state, "");
2014 if ( master_key_saved || strcmp(encrypted_state, "encrypted") ) {
2015 SLOGE("encrypted fs already validated or not running with encryption,"
2016 " aborting");
2017 return -1;
2018 }
2019
2020 if (get_crypt_ftr_and_key(crypt_ftr)) {
2021 SLOGE("Error getting crypt footer and key");
2022 return -1;
2023 }
2024
2025 return 0;
2026}
2027
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002028int cryptfs_check_passwd(char *passwd)
2029{
Paul Lawrence05335c32015-03-05 09:46:23 -08002030 SLOGI("cryptfs_check_passwd");
2031 if (e4crypt_crypto_complete(DATA_MNT_POINT) == 0) {
2032 return e4crypt_check_passwd(DATA_MNT_POINT, passwd);
2033 }
2034
Paul Lawrencef4faa572014-01-29 13:31:03 -08002035 struct crypt_mnt_ftr crypt_ftr;
2036 int rc;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002037
Paul Lawrencef4faa572014-01-29 13:31:03 -08002038 rc = check_unmounted_and_get_ftr(&crypt_ftr);
2039 if (rc)
2040 return rc;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002041
Paul Lawrence3bd36d52015-06-09 13:37:44 -07002042 rc = test_mount_encrypted_fs(&crypt_ftr, passwd,
2043 DATA_MNT_POINT, "userdata");
Paul Lawrence684dbdf2014-02-07 12:07:22 -08002044
2045 if (rc == 0 && crypt_ftr.crypt_type != CRYPT_TYPE_DEFAULT) {
Paul Lawrence399317e2014-03-10 13:20:50 -07002046 cryptfs_clear_password();
2047 password = strdup(passwd);
2048 struct timespec now;
2049 clock_gettime(CLOCK_BOOTTIME, &now);
2050 password_expiry_time = now.tv_sec + password_max_age_seconds;
Paul Lawrence684dbdf2014-02-07 12:07:22 -08002051 }
2052
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002053 return rc;
2054}
2055
Ken Sumrall3ad90722011-10-04 20:38:29 -07002056int cryptfs_verify_passwd(char *passwd)
2057{
2058 struct crypt_mnt_ftr crypt_ftr;
2059 /* Allocate enough space for a 256 bit key, but we may use less */
Ken Sumrall160b4d62013-04-22 12:15:39 -07002060 unsigned char decrypted_master_key[32];
Ken Sumrall3ad90722011-10-04 20:38:29 -07002061 char encrypted_state[PROPERTY_VALUE_MAX];
2062 int rc;
2063
2064 property_get("ro.crypto.state", encrypted_state, "");
2065 if (strcmp(encrypted_state, "encrypted") ) {
2066 SLOGE("device not encrypted, aborting");
2067 return -2;
2068 }
2069
2070 if (!master_key_saved) {
2071 SLOGE("encrypted fs not yet mounted, aborting");
2072 return -1;
2073 }
2074
2075 if (!saved_mount_point) {
2076 SLOGE("encrypted fs failed to save mount point, aborting");
2077 return -1;
2078 }
2079
Ken Sumrall160b4d62013-04-22 12:15:39 -07002080 if (get_crypt_ftr_and_key(&crypt_ftr)) {
Ken Sumrall3ad90722011-10-04 20:38:29 -07002081 SLOGE("Error getting crypt footer and key\n");
2082 return -1;
2083 }
2084
2085 if (crypt_ftr.flags & CRYPT_MNT_KEY_UNENCRYPTED) {
2086 /* If the device has no password, then just say the password is valid */
2087 rc = 0;
2088 } else {
Paul Lawrenced0c7b172014-08-08 14:28:10 -07002089 decrypt_master_key(passwd, decrypted_master_key, &crypt_ftr, 0, 0);
Ken Sumrall3ad90722011-10-04 20:38:29 -07002090 if (!memcmp(decrypted_master_key, saved_master_key, crypt_ftr.keysize)) {
2091 /* They match, the password is correct */
2092 rc = 0;
2093 } else {
2094 /* If incorrect, sleep for a bit to prevent dictionary attacks */
2095 sleep(1);
2096 rc = 1;
2097 }
2098 }
2099
2100 return rc;
2101}
2102
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002103/* Initialize a crypt_mnt_ftr structure. The keysize is
2104 * defaulted to 16 bytes, and the filesystem size to 0.
2105 * Presumably, at a minimum, the caller will update the
2106 * filesystem size and crypto_type_name after calling this function.
2107 */
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07002108static int cryptfs_init_crypt_mnt_ftr(struct crypt_mnt_ftr *ftr)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002109{
Ken Sumrall160b4d62013-04-22 12:15:39 -07002110 off64_t off;
2111
2112 memset(ftr, 0, sizeof(struct crypt_mnt_ftr));
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002113 ftr->magic = CRYPT_MNT_MAGIC;
Kenny Rootc96a5f82013-06-14 12:08:28 -07002114 ftr->major_version = CURRENT_MAJOR_VERSION;
2115 ftr->minor_version = CURRENT_MINOR_VERSION;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002116 ftr->ftr_size = sizeof(struct crypt_mnt_ftr);
Jason parks70a4b3f2011-01-28 10:10:47 -06002117 ftr->keysize = KEY_LEN_BYTES;
Ken Sumrall160b4d62013-04-22 12:15:39 -07002118
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07002119 switch (keymaster_check_compatibility()) {
2120 case 1:
2121 ftr->kdf_type = KDF_SCRYPT_KEYMASTER;
2122 break;
2123
2124 case 0:
2125 ftr->kdf_type = KDF_SCRYPT;
2126 break;
2127
2128 default:
2129 SLOGE("keymaster_check_compatibility failed");
2130 return -1;
2131 }
2132
Kenny Rootc4c70f12013-06-14 12:11:38 -07002133 get_device_scrypt_params(ftr);
2134
Ken Sumrall160b4d62013-04-22 12:15:39 -07002135 ftr->persist_data_size = CRYPT_PERSIST_DATA_SIZE;
2136 if (get_crypt_ftr_info(NULL, &off) == 0) {
2137 ftr->persist_data_offset[0] = off + CRYPT_FOOTER_TO_PERSIST_OFFSET;
2138 ftr->persist_data_offset[1] = off + CRYPT_FOOTER_TO_PERSIST_OFFSET +
2139 ftr->persist_data_size;
2140 }
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07002141
2142 return 0;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002143}
2144
Ken Sumrall29d8da82011-05-18 17:20:07 -07002145static int cryptfs_enable_wipe(char *crypto_blkdev, off64_t size, int type)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002146{
Ken Sumralle550f782013-08-20 13:48:23 -07002147 const char *args[10];
2148 char size_str[32]; /* Must be large enough to hold a %lld and null byte */
2149 int num_args;
2150 int status;
2151 int tmp;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002152 int rc = -1;
2153
Ken Sumrall29d8da82011-05-18 17:20:07 -07002154 if (type == EXT4_FS) {
Ken Sumralle550f782013-08-20 13:48:23 -07002155 args[0] = "/system/bin/make_ext4fs";
2156 args[1] = "-a";
2157 args[2] = "/data";
2158 args[3] = "-l";
Elliott Hughes73737162014-06-25 17:27:42 -07002159 snprintf(size_str, sizeof(size_str), "%" PRId64, size * 512);
Ken Sumralle550f782013-08-20 13:48:23 -07002160 args[4] = size_str;
2161 args[5] = crypto_blkdev;
2162 num_args = 6;
2163 SLOGI("Making empty filesystem with command %s %s %s %s %s %s\n",
2164 args[0], args[1], args[2], args[3], args[4], args[5]);
JP Abgrall62c7af32014-06-16 13:01:23 -07002165 } else if (type == F2FS_FS) {
2166 args[0] = "/system/bin/mkfs.f2fs";
2167 args[1] = "-t";
2168 args[2] = "-d1";
2169 args[3] = crypto_blkdev;
Elliott Hughes73737162014-06-25 17:27:42 -07002170 snprintf(size_str, sizeof(size_str), "%" PRId64, size);
JP Abgrall62c7af32014-06-16 13:01:23 -07002171 args[4] = size_str;
2172 num_args = 5;
2173 SLOGI("Making empty filesystem with command %s %s %s %s %s\n",
2174 args[0], args[1], args[2], args[3], args[4]);
Ken Sumrall29d8da82011-05-18 17:20:07 -07002175 } else {
2176 SLOGE("cryptfs_enable_wipe(): unknown filesystem type %d\n", type);
2177 return -1;
2178 }
2179
Ken Sumralle550f782013-08-20 13:48:23 -07002180 tmp = android_fork_execvp(num_args, (char **)args, &status, false, true);
2181
2182 if (tmp != 0) {
2183 SLOGE("Error creating empty filesystem on %s due to logwrap error\n", crypto_blkdev);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002184 } else {
Ken Sumralle550f782013-08-20 13:48:23 -07002185 if (WIFEXITED(status)) {
2186 if (WEXITSTATUS(status)) {
2187 SLOGE("Error creating filesystem on %s, exit status %d ",
2188 crypto_blkdev, WEXITSTATUS(status));
2189 } else {
2190 SLOGD("Successfully created filesystem on %s\n", crypto_blkdev);
2191 rc = 0;
2192 }
2193 } else {
2194 SLOGE("Error creating filesystem on %s, did not exit normally\n", crypto_blkdev);
2195 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002196 }
2197
2198 return rc;
2199}
2200
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002201#define CRYPT_INPLACE_BUFSIZE 4096
Paul Lawrence87999172014-02-20 12:21:31 -08002202#define CRYPT_SECTORS_PER_BUFSIZE (CRYPT_INPLACE_BUFSIZE / CRYPT_SECTOR_SIZE)
2203#define CRYPT_SECTOR_SIZE 512
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002204
2205/* aligned 32K writes tends to make flash happy.
2206 * SD card association recommends it.
2207 */
Ajay Dudani87701e22014-09-17 21:02:52 -07002208#ifndef CONFIG_HW_DISK_ENCRYPTION
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002209#define BLOCKS_AT_A_TIME 8
Ajay Dudani87701e22014-09-17 21:02:52 -07002210#else
2211#define BLOCKS_AT_A_TIME 1024
2212#endif
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002213
2214struct encryptGroupsData
2215{
2216 int realfd;
2217 int cryptofd;
2218 off64_t numblocks;
2219 off64_t one_pct, cur_pct, new_pct;
2220 off64_t blocks_already_done, tot_numblocks;
Paul Lawrence58c58cf2014-06-04 13:12:21 -07002221 off64_t used_blocks_already_done, tot_used_blocks;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002222 char* real_blkdev, * crypto_blkdev;
2223 int count;
2224 off64_t offset;
2225 char* buffer;
Paul Lawrence87999172014-02-20 12:21:31 -08002226 off64_t last_written_sector;
2227 int completed;
Paul Lawrencea96d9c92014-06-04 14:05:01 -07002228 time_t time_started;
2229 int remaining_time;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002230};
2231
Paul Lawrence58c58cf2014-06-04 13:12:21 -07002232static void update_progress(struct encryptGroupsData* data, int is_used)
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002233{
2234 data->blocks_already_done++;
Paul Lawrence58c58cf2014-06-04 13:12:21 -07002235
2236 if (is_used) {
2237 data->used_blocks_already_done++;
2238 }
Paul Lawrence58c58cf2014-06-04 13:12:21 -07002239 if (data->tot_used_blocks) {
2240 data->new_pct = data->used_blocks_already_done / data->one_pct;
2241 } else {
2242 data->new_pct = data->blocks_already_done / data->one_pct;
2243 }
2244
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002245 if (data->new_pct > data->cur_pct) {
2246 char buf[8];
2247 data->cur_pct = data->new_pct;
Elliott Hughescb33f572014-06-25 18:25:11 -07002248 snprintf(buf, sizeof(buf), "%" PRId64, data->cur_pct);
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002249 property_set("vold.encrypt_progress", buf);
2250 }
Paul Lawrencea96d9c92014-06-04 14:05:01 -07002251
2252 if (data->cur_pct >= 5) {
Paul Lawrence9c58a872014-09-30 09:12:51 -07002253 struct timespec time_now;
2254 if (clock_gettime(CLOCK_MONOTONIC, &time_now)) {
2255 SLOGW("Error getting time");
2256 } else {
2257 double elapsed_time = difftime(time_now.tv_sec, data->time_started);
2258 off64_t remaining_blocks = data->tot_used_blocks
2259 - data->used_blocks_already_done;
2260 int remaining_time = (int)(elapsed_time * remaining_blocks
2261 / data->used_blocks_already_done);
Paul Lawrence71577502014-08-13 14:55:55 -07002262
Paul Lawrence9c58a872014-09-30 09:12:51 -07002263 // Change time only if not yet set, lower, or a lot higher for
2264 // best user experience
2265 if (data->remaining_time == -1
2266 || remaining_time < data->remaining_time
2267 || remaining_time > data->remaining_time + 60) {
2268 char buf[8];
2269 snprintf(buf, sizeof(buf), "%d", remaining_time);
2270 property_set("vold.encrypt_time_remaining", buf);
2271 data->remaining_time = remaining_time;
2272 }
Paul Lawrencea96d9c92014-06-04 14:05:01 -07002273 }
2274 }
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002275}
2276
Paul Lawrence3846be12014-09-22 11:33:54 -07002277static void log_progress(struct encryptGroupsData const* data, bool completed)
2278{
2279 // Precondition - if completed data = 0 else data != 0
2280
2281 // Track progress so we can skip logging blocks
2282 static off64_t offset = -1;
2283
2284 // Need to close existing 'Encrypting from' log?
2285 if (completed || (offset != -1 && data->offset != offset)) {
2286 SLOGI("Encrypted to sector %" PRId64,
2287 offset / info.block_size * CRYPT_SECTOR_SIZE);
2288 offset = -1;
2289 }
2290
2291 // Need to start new 'Encrypting from' log?
2292 if (!completed && offset != data->offset) {
2293 SLOGI("Encrypting from sector %" PRId64,
2294 data->offset / info.block_size * CRYPT_SECTOR_SIZE);
2295 }
2296
2297 // Update offset
2298 if (!completed) {
2299 offset = data->offset + (off64_t)data->count * info.block_size;
2300 }
2301}
2302
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002303static int flush_outstanding_data(struct encryptGroupsData* data)
2304{
2305 if (data->count == 0) {
2306 return 0;
2307 }
2308
Elliott Hughes231bdba2014-06-25 18:36:19 -07002309 SLOGV("Copying %d blocks at offset %" PRIx64, data->count, data->offset);
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002310
2311 if (pread64(data->realfd, data->buffer,
2312 info.block_size * data->count, data->offset)
2313 <= 0) {
2314 SLOGE("Error reading real_blkdev %s for inplace encrypt",
2315 data->real_blkdev);
2316 return -1;
2317 }
2318
2319 if (pwrite64(data->cryptofd, data->buffer,
2320 info.block_size * data->count, data->offset)
2321 <= 0) {
2322 SLOGE("Error writing crypto_blkdev %s for inplace encrypt",
2323 data->crypto_blkdev);
2324 return -1;
Paul Lawrence87999172014-02-20 12:21:31 -08002325 } else {
Paul Lawrence3846be12014-09-22 11:33:54 -07002326 log_progress(data, false);
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002327 }
2328
2329 data->count = 0;
Paul Lawrence87999172014-02-20 12:21:31 -08002330 data->last_written_sector = (data->offset + data->count)
2331 / info.block_size * CRYPT_SECTOR_SIZE - 1;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002332 return 0;
2333}
2334
2335static int encrypt_groups(struct encryptGroupsData* data)
2336{
2337 unsigned int i;
2338 u8 *block_bitmap = 0;
2339 unsigned int block;
2340 off64_t ret;
2341 int rc = -1;
2342
2343 data->buffer = malloc(info.block_size * BLOCKS_AT_A_TIME);
2344 if (!data->buffer) {
2345 SLOGE("Failed to allocate crypto buffer");
2346 goto errout;
2347 }
2348
2349 block_bitmap = malloc(info.block_size);
2350 if (!block_bitmap) {
2351 SLOGE("failed to allocate block bitmap");
2352 goto errout;
2353 }
2354
2355 for (i = 0; i < aux_info.groups; ++i) {
2356 SLOGI("Encrypting group %d", i);
2357
2358 u32 first_block = aux_info.first_data_block + i * info.blocks_per_group;
2359 u32 block_count = min(info.blocks_per_group,
2360 aux_info.len_blocks - first_block);
2361
2362 off64_t offset = (u64)info.block_size
2363 * aux_info.bg_desc[i].bg_block_bitmap;
2364
2365 ret = pread64(data->realfd, block_bitmap, info.block_size, offset);
2366 if (ret != (int)info.block_size) {
2367 SLOGE("failed to read all of block group bitmap %d", i);
2368 goto errout;
2369 }
2370
2371 offset = (u64)info.block_size * first_block;
2372
2373 data->count = 0;
2374
2375 for (block = 0; block < block_count; block++) {
Paul Lawrence58c58cf2014-06-04 13:12:21 -07002376 int used = bitmap_get_bit(block_bitmap, block);
2377 update_progress(data, used);
2378 if (used) {
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002379 if (data->count == 0) {
2380 data->offset = offset;
2381 }
2382 data->count++;
2383 } else {
2384 if (flush_outstanding_data(data)) {
2385 goto errout;
2386 }
2387 }
2388
2389 offset += info.block_size;
2390
2391 /* Write data if we are aligned or buffer size reached */
2392 if (offset % (info.block_size * BLOCKS_AT_A_TIME) == 0
2393 || data->count == BLOCKS_AT_A_TIME) {
2394 if (flush_outstanding_data(data)) {
2395 goto errout;
2396 }
2397 }
Paul Lawrence87999172014-02-20 12:21:31 -08002398
Paul Lawrence73d7a022014-06-09 14:10:09 -07002399 if (!is_battery_ok_to_continue()) {
Paul Lawrence87999172014-02-20 12:21:31 -08002400 SLOGE("Stopping encryption due to low battery");
2401 rc = 0;
2402 goto errout;
2403 }
2404
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002405 }
2406 if (flush_outstanding_data(data)) {
2407 goto errout;
2408 }
2409 }
2410
Paul Lawrence87999172014-02-20 12:21:31 -08002411 data->completed = 1;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002412 rc = 0;
2413
2414errout:
Paul Lawrence3846be12014-09-22 11:33:54 -07002415 log_progress(0, true);
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002416 free(data->buffer);
2417 free(block_bitmap);
2418 return rc;
2419}
2420
2421static int cryptfs_enable_inplace_ext4(char *crypto_blkdev,
2422 char *real_blkdev,
2423 off64_t size,
2424 off64_t *size_already_done,
Paul Lawrence87999172014-02-20 12:21:31 -08002425 off64_t tot_size,
2426 off64_t previously_encrypted_upto)
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002427{
Paul Lawrence58c58cf2014-06-04 13:12:21 -07002428 u32 i;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002429 struct encryptGroupsData data;
Paul Lawrence74f29f12014-08-28 15:54:10 -07002430 int rc; // Can't initialize without causing warning -Wclobbered
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002431
Paul Lawrence87999172014-02-20 12:21:31 -08002432 if (previously_encrypted_upto > *size_already_done) {
2433 SLOGD("Not fast encrypting since resuming part way through");
2434 return -1;
2435 }
2436
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002437 memset(&data, 0, sizeof(data));
2438 data.real_blkdev = real_blkdev;
2439 data.crypto_blkdev = crypto_blkdev;
2440
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07002441 if ( (data.realfd = open(real_blkdev, O_RDWR|O_CLOEXEC)) < 0) {
JP Abgrall3334c6a2014-10-10 15:52:11 -07002442 SLOGE("Error opening real_blkdev %s for inplace encrypt. err=%d(%s)\n",
2443 real_blkdev, errno, strerror(errno));
Paul Lawrence74f29f12014-08-28 15:54:10 -07002444 rc = -1;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002445 goto errout;
2446 }
2447
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07002448 if ( (data.cryptofd = open(crypto_blkdev, O_WRONLY|O_CLOEXEC)) < 0) {
JP Abgrall7fc1de82014-10-10 18:43:41 -07002449 SLOGE("Error opening crypto_blkdev %s for ext4 inplace encrypt. err=%d(%s)\n",
JP Abgrall3334c6a2014-10-10 15:52:11 -07002450 crypto_blkdev, errno, strerror(errno));
JP Abgrall7fc1de82014-10-10 18:43:41 -07002451 rc = ENABLE_INPLACE_ERR_DEV;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002452 goto errout;
2453 }
2454
2455 if (setjmp(setjmp_env)) {
JP Abgrall7fc1de82014-10-10 18:43:41 -07002456 SLOGE("Reading ext4 extent caused an exception\n");
Paul Lawrence74f29f12014-08-28 15:54:10 -07002457 rc = -1;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002458 goto errout;
2459 }
2460
2461 if (read_ext(data.realfd, 0) != 0) {
JP Abgrall7fc1de82014-10-10 18:43:41 -07002462 SLOGE("Failed to read ext4 extent\n");
Paul Lawrence74f29f12014-08-28 15:54:10 -07002463 rc = -1;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002464 goto errout;
2465 }
2466
2467 data.numblocks = size / CRYPT_SECTORS_PER_BUFSIZE;
2468 data.tot_numblocks = tot_size / CRYPT_SECTORS_PER_BUFSIZE;
2469 data.blocks_already_done = *size_already_done / CRYPT_SECTORS_PER_BUFSIZE;
2470
JP Abgrall7fc1de82014-10-10 18:43:41 -07002471 SLOGI("Encrypting ext4 filesystem in place...");
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002472
Paul Lawrence58c58cf2014-06-04 13:12:21 -07002473 data.tot_used_blocks = data.numblocks;
2474 for (i = 0; i < aux_info.groups; ++i) {
2475 data.tot_used_blocks -= aux_info.bg_desc[i].bg_free_blocks_count;
2476 }
2477
2478 data.one_pct = data.tot_used_blocks / 100;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002479 data.cur_pct = 0;
Paul Lawrence9c58a872014-09-30 09:12:51 -07002480
2481 struct timespec time_started = {0};
2482 if (clock_gettime(CLOCK_MONOTONIC, &time_started)) {
2483 SLOGW("Error getting time at start");
2484 // Note - continue anyway - we'll run with 0
2485 }
2486 data.time_started = time_started.tv_sec;
Paul Lawrencea96d9c92014-06-04 14:05:01 -07002487 data.remaining_time = -1;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002488
2489 rc = encrypt_groups(&data);
2490 if (rc) {
2491 SLOGE("Error encrypting groups");
2492 goto errout;
2493 }
2494
Paul Lawrence87999172014-02-20 12:21:31 -08002495 *size_already_done += data.completed ? size : data.last_written_sector;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002496 rc = 0;
2497
2498errout:
2499 close(data.realfd);
2500 close(data.cryptofd);
2501
2502 return rc;
2503}
2504
Paul Lawrence3846be12014-09-22 11:33:54 -07002505static void log_progress_f2fs(u64 block, bool completed)
2506{
2507 // Precondition - if completed data = 0 else data != 0
2508
2509 // Track progress so we can skip logging blocks
2510 static u64 last_block = (u64)-1;
2511
2512 // Need to close existing 'Encrypting from' log?
2513 if (completed || (last_block != (u64)-1 && block != last_block + 1)) {
2514 SLOGI("Encrypted to block %" PRId64, last_block);
2515 last_block = -1;
2516 }
2517
2518 // Need to start new 'Encrypting from' log?
2519 if (!completed && (last_block == (u64)-1 || block != last_block + 1)) {
2520 SLOGI("Encrypting from block %" PRId64, block);
2521 }
2522
2523 // Update offset
2524 if (!completed) {
2525 last_block = block;
2526 }
2527}
2528
Daniel Rosenberge82df162014-08-15 22:19:23 +00002529static int encrypt_one_block_f2fs(u64 pos, void *data)
2530{
2531 struct encryptGroupsData *priv_dat = (struct encryptGroupsData *)data;
2532
2533 priv_dat->blocks_already_done = pos - 1;
2534 update_progress(priv_dat, 1);
2535
2536 off64_t offset = pos * CRYPT_INPLACE_BUFSIZE;
2537
2538 if (pread64(priv_dat->realfd, priv_dat->buffer, CRYPT_INPLACE_BUFSIZE, offset) <= 0) {
JP Abgrall7fc1de82014-10-10 18:43:41 -07002539 SLOGE("Error reading real_blkdev %s for f2fs inplace encrypt", priv_dat->crypto_blkdev);
Daniel Rosenberge82df162014-08-15 22:19:23 +00002540 return -1;
2541 }
2542
2543 if (pwrite64(priv_dat->cryptofd, priv_dat->buffer, CRYPT_INPLACE_BUFSIZE, offset) <= 0) {
JP Abgrall7fc1de82014-10-10 18:43:41 -07002544 SLOGE("Error writing crypto_blkdev %s for f2fs inplace encrypt", priv_dat->crypto_blkdev);
Daniel Rosenberge82df162014-08-15 22:19:23 +00002545 return -1;
2546 } else {
Paul Lawrence3846be12014-09-22 11:33:54 -07002547 log_progress_f2fs(pos, false);
Daniel Rosenberge82df162014-08-15 22:19:23 +00002548 }
2549
2550 return 0;
2551}
2552
2553static int cryptfs_enable_inplace_f2fs(char *crypto_blkdev,
2554 char *real_blkdev,
2555 off64_t size,
2556 off64_t *size_already_done,
2557 off64_t tot_size,
2558 off64_t previously_encrypted_upto)
2559{
Daniel Rosenberge82df162014-08-15 22:19:23 +00002560 struct encryptGroupsData data;
2561 struct f2fs_info *f2fs_info = NULL;
JP Abgrall7fc1de82014-10-10 18:43:41 -07002562 int rc = ENABLE_INPLACE_ERR_OTHER;
Daniel Rosenberge82df162014-08-15 22:19:23 +00002563 if (previously_encrypted_upto > *size_already_done) {
2564 SLOGD("Not fast encrypting since resuming part way through");
JP Abgrall7fc1de82014-10-10 18:43:41 -07002565 return ENABLE_INPLACE_ERR_OTHER;
Daniel Rosenberge82df162014-08-15 22:19:23 +00002566 }
2567 memset(&data, 0, sizeof(data));
2568 data.real_blkdev = real_blkdev;
2569 data.crypto_blkdev = crypto_blkdev;
2570 data.realfd = -1;
2571 data.cryptofd = -1;
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07002572 if ( (data.realfd = open64(real_blkdev, O_RDWR|O_CLOEXEC)) < 0) {
JP Abgrall7fc1de82014-10-10 18:43:41 -07002573 SLOGE("Error opening real_blkdev %s for f2fs inplace encrypt\n",
Daniel Rosenberge82df162014-08-15 22:19:23 +00002574 real_blkdev);
2575 goto errout;
2576 }
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07002577 if ( (data.cryptofd = open64(crypto_blkdev, O_WRONLY|O_CLOEXEC)) < 0) {
JP Abgrall7fc1de82014-10-10 18:43:41 -07002578 SLOGE("Error opening crypto_blkdev %s for f2fs inplace encrypt. err=%d(%s)\n",
JP Abgrall3334c6a2014-10-10 15:52:11 -07002579 crypto_blkdev, errno, strerror(errno));
JP Abgrall7fc1de82014-10-10 18:43:41 -07002580 rc = ENABLE_INPLACE_ERR_DEV;
Daniel Rosenberge82df162014-08-15 22:19:23 +00002581 goto errout;
2582 }
2583
2584 f2fs_info = generate_f2fs_info(data.realfd);
2585 if (!f2fs_info)
2586 goto errout;
2587
2588 data.numblocks = size / CRYPT_SECTORS_PER_BUFSIZE;
2589 data.tot_numblocks = tot_size / CRYPT_SECTORS_PER_BUFSIZE;
2590 data.blocks_already_done = *size_already_done / CRYPT_SECTORS_PER_BUFSIZE;
2591
2592 data.tot_used_blocks = get_num_blocks_used(f2fs_info);
2593
2594 data.one_pct = data.tot_used_blocks / 100;
2595 data.cur_pct = 0;
2596 data.time_started = time(NULL);
2597 data.remaining_time = -1;
2598
2599 data.buffer = malloc(f2fs_info->block_size);
2600 if (!data.buffer) {
2601 SLOGE("Failed to allocate crypto buffer");
2602 goto errout;
2603 }
2604
2605 data.count = 0;
2606
2607 /* Currently, this either runs to completion, or hits a nonrecoverable error */
2608 rc = run_on_used_blocks(data.blocks_already_done, f2fs_info, &encrypt_one_block_f2fs, &data);
2609
2610 if (rc) {
JP Abgrall7fc1de82014-10-10 18:43:41 -07002611 SLOGE("Error in running over f2fs blocks");
2612 rc = ENABLE_INPLACE_ERR_OTHER;
Daniel Rosenberge82df162014-08-15 22:19:23 +00002613 goto errout;
2614 }
2615
2616 *size_already_done += size;
2617 rc = 0;
2618
2619errout:
2620 if (rc)
2621 SLOGE("Failed to encrypt f2fs filesystem on %s", real_blkdev);
2622
Paul Lawrence3846be12014-09-22 11:33:54 -07002623 log_progress_f2fs(0, true);
Daniel Rosenberge82df162014-08-15 22:19:23 +00002624 free(f2fs_info);
2625 free(data.buffer);
2626 close(data.realfd);
2627 close(data.cryptofd);
2628
2629 return rc;
2630}
2631
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002632static int cryptfs_enable_inplace_full(char *crypto_blkdev, char *real_blkdev,
2633 off64_t size, off64_t *size_already_done,
Paul Lawrence87999172014-02-20 12:21:31 -08002634 off64_t tot_size,
2635 off64_t previously_encrypted_upto)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002636{
2637 int realfd, cryptofd;
2638 char *buf[CRYPT_INPLACE_BUFSIZE];
JP Abgrall7fc1de82014-10-10 18:43:41 -07002639 int rc = ENABLE_INPLACE_ERR_OTHER;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002640 off64_t numblocks, i, remainder;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002641 off64_t one_pct, cur_pct, new_pct;
Ken Sumrall29d8da82011-05-18 17:20:07 -07002642 off64_t blocks_already_done, tot_numblocks;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002643
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07002644 if ( (realfd = open(real_blkdev, O_RDONLY|O_CLOEXEC)) < 0) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002645 SLOGE("Error opening real_blkdev %s for inplace encrypt\n", real_blkdev);
JP Abgrall7fc1de82014-10-10 18:43:41 -07002646 return ENABLE_INPLACE_ERR_OTHER;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002647 }
2648
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07002649 if ( (cryptofd = open(crypto_blkdev, O_WRONLY|O_CLOEXEC)) < 0) {
JP Abgrall3334c6a2014-10-10 15:52:11 -07002650 SLOGE("Error opening crypto_blkdev %s for inplace encrypt. err=%d(%s)\n",
2651 crypto_blkdev, errno, strerror(errno));
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002652 close(realfd);
JP Abgrall7fc1de82014-10-10 18:43:41 -07002653 return ENABLE_INPLACE_ERR_DEV;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002654 }
2655
2656 /* This is pretty much a simple loop of reading 4K, and writing 4K.
2657 * The size passed in is the number of 512 byte sectors in the filesystem.
2658 * So compute the number of whole 4K blocks we should read/write,
2659 * and the remainder.
2660 */
2661 numblocks = size / CRYPT_SECTORS_PER_BUFSIZE;
2662 remainder = size % CRYPT_SECTORS_PER_BUFSIZE;
Ken Sumrall29d8da82011-05-18 17:20:07 -07002663 tot_numblocks = tot_size / CRYPT_SECTORS_PER_BUFSIZE;
2664 blocks_already_done = *size_already_done / CRYPT_SECTORS_PER_BUFSIZE;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002665
2666 SLOGE("Encrypting filesystem in place...");
2667
Paul Lawrence87999172014-02-20 12:21:31 -08002668 i = previously_encrypted_upto + 1 - *size_already_done;
2669
2670 if (lseek64(realfd, i * CRYPT_SECTOR_SIZE, SEEK_SET) < 0) {
2671 SLOGE("Cannot seek to previously encrypted point on %s", real_blkdev);
2672 goto errout;
2673 }
2674
2675 if (lseek64(cryptofd, i * CRYPT_SECTOR_SIZE, SEEK_SET) < 0) {
2676 SLOGE("Cannot seek to previously encrypted point on %s", crypto_blkdev);
2677 goto errout;
2678 }
2679
2680 for (;i < size && i % CRYPT_SECTORS_PER_BUFSIZE != 0; ++i) {
2681 if (unix_read(realfd, buf, CRYPT_SECTOR_SIZE) <= 0) {
2682 SLOGE("Error reading initial sectors from real_blkdev %s for "
2683 "inplace encrypt\n", crypto_blkdev);
2684 goto errout;
2685 }
2686 if (unix_write(cryptofd, buf, CRYPT_SECTOR_SIZE) <= 0) {
2687 SLOGE("Error writing initial sectors to crypto_blkdev %s for "
2688 "inplace encrypt\n", crypto_blkdev);
2689 goto errout;
2690 } else {
Elliott Hughescb33f572014-06-25 18:25:11 -07002691 SLOGI("Encrypted 1 block at %" PRId64, i);
Paul Lawrence87999172014-02-20 12:21:31 -08002692 }
2693 }
2694
Ken Sumrall29d8da82011-05-18 17:20:07 -07002695 one_pct = tot_numblocks / 100;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002696 cur_pct = 0;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002697 /* process the majority of the filesystem in blocks */
Paul Lawrence87999172014-02-20 12:21:31 -08002698 for (i/=CRYPT_SECTORS_PER_BUFSIZE; i<numblocks; i++) {
Ken Sumrall29d8da82011-05-18 17:20:07 -07002699 new_pct = (i + blocks_already_done) / one_pct;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002700 if (new_pct > cur_pct) {
2701 char buf[8];
2702
2703 cur_pct = new_pct;
Elliott Hughes73737162014-06-25 17:27:42 -07002704 snprintf(buf, sizeof(buf), "%" PRId64, cur_pct);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002705 property_set("vold.encrypt_progress", buf);
2706 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002707 if (unix_read(realfd, buf, CRYPT_INPLACE_BUFSIZE) <= 0) {
Paul Lawrence87999172014-02-20 12:21:31 -08002708 SLOGE("Error reading real_blkdev %s for inplace encrypt", crypto_blkdev);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002709 goto errout;
2710 }
2711 if (unix_write(cryptofd, buf, CRYPT_INPLACE_BUFSIZE) <= 0) {
Paul Lawrence87999172014-02-20 12:21:31 -08002712 SLOGE("Error writing crypto_blkdev %s for inplace encrypt", crypto_blkdev);
2713 goto errout;
2714 } else {
Elliott Hughescb33f572014-06-25 18:25:11 -07002715 SLOGD("Encrypted %d block at %" PRId64,
Paul Lawrence87999172014-02-20 12:21:31 -08002716 CRYPT_SECTORS_PER_BUFSIZE,
2717 i * CRYPT_SECTORS_PER_BUFSIZE);
2718 }
2719
Paul Lawrence73d7a022014-06-09 14:10:09 -07002720 if (!is_battery_ok_to_continue()) {
Paul Lawrence87999172014-02-20 12:21:31 -08002721 SLOGE("Stopping encryption due to low battery");
2722 *size_already_done += (i + 1) * CRYPT_SECTORS_PER_BUFSIZE - 1;
2723 rc = 0;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002724 goto errout;
2725 }
2726 }
2727
2728 /* Do any remaining sectors */
2729 for (i=0; i<remainder; i++) {
Paul Lawrence87999172014-02-20 12:21:31 -08002730 if (unix_read(realfd, buf, CRYPT_SECTOR_SIZE) <= 0) {
2731 SLOGE("Error reading final sectors from real_blkdev %s for inplace encrypt", crypto_blkdev);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002732 goto errout;
2733 }
Paul Lawrence87999172014-02-20 12:21:31 -08002734 if (unix_write(cryptofd, buf, CRYPT_SECTOR_SIZE) <= 0) {
2735 SLOGE("Error writing final sectors to crypto_blkdev %s for inplace encrypt", crypto_blkdev);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002736 goto errout;
Paul Lawrence87999172014-02-20 12:21:31 -08002737 } else {
2738 SLOGI("Encrypted 1 block at next location");
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002739 }
2740 }
2741
Ken Sumrall29d8da82011-05-18 17:20:07 -07002742 *size_already_done += size;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002743 rc = 0;
2744
2745errout:
2746 close(realfd);
2747 close(cryptofd);
2748
2749 return rc;
2750}
2751
JP Abgrall7fc1de82014-10-10 18:43:41 -07002752/* returns on of the ENABLE_INPLACE_* return codes */
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002753static int cryptfs_enable_inplace(char *crypto_blkdev, char *real_blkdev,
2754 off64_t size, off64_t *size_already_done,
Paul Lawrence87999172014-02-20 12:21:31 -08002755 off64_t tot_size,
2756 off64_t previously_encrypted_upto)
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002757{
JP Abgrall7fc1de82014-10-10 18:43:41 -07002758 int rc_ext4, rc_f2fs, rc_full;
Paul Lawrence87999172014-02-20 12:21:31 -08002759 if (previously_encrypted_upto) {
Elliott Hughescb33f572014-06-25 18:25:11 -07002760 SLOGD("Continuing encryption from %" PRId64, previously_encrypted_upto);
Paul Lawrence87999172014-02-20 12:21:31 -08002761 }
2762
2763 if (*size_already_done + size < previously_encrypted_upto) {
2764 *size_already_done += size;
2765 return 0;
2766 }
2767
Daniel Rosenberge82df162014-08-15 22:19:23 +00002768 /* TODO: identify filesystem type.
2769 * As is, cryptfs_enable_inplace_ext4 will fail on an f2fs partition, and
2770 * then we will drop down to cryptfs_enable_inplace_f2fs.
2771 * */
JP Abgrall7fc1de82014-10-10 18:43:41 -07002772 if ((rc_ext4 = cryptfs_enable_inplace_ext4(crypto_blkdev, real_blkdev,
Daniel Rosenberge82df162014-08-15 22:19:23 +00002773 size, size_already_done,
JP Abgrall7fc1de82014-10-10 18:43:41 -07002774 tot_size, previously_encrypted_upto)) == 0) {
Daniel Rosenberge82df162014-08-15 22:19:23 +00002775 return 0;
2776 }
JP Abgrall7fc1de82014-10-10 18:43:41 -07002777 SLOGD("cryptfs_enable_inplace_ext4()=%d\n", rc_ext4);
Daniel Rosenberge82df162014-08-15 22:19:23 +00002778
JP Abgrall7fc1de82014-10-10 18:43:41 -07002779 if ((rc_f2fs = cryptfs_enable_inplace_f2fs(crypto_blkdev, real_blkdev,
Daniel Rosenberge82df162014-08-15 22:19:23 +00002780 size, size_already_done,
JP Abgrall7fc1de82014-10-10 18:43:41 -07002781 tot_size, previously_encrypted_upto)) == 0) {
Daniel Rosenberge82df162014-08-15 22:19:23 +00002782 return 0;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002783 }
JP Abgrall7fc1de82014-10-10 18:43:41 -07002784 SLOGD("cryptfs_enable_inplace_f2fs()=%d\n", rc_f2fs);
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002785
JP Abgrall7fc1de82014-10-10 18:43:41 -07002786 rc_full = cryptfs_enable_inplace_full(crypto_blkdev, real_blkdev,
Paul Lawrence87999172014-02-20 12:21:31 -08002787 size, size_already_done, tot_size,
2788 previously_encrypted_upto);
JP Abgrall7fc1de82014-10-10 18:43:41 -07002789 SLOGD("cryptfs_enable_inplace_full()=%d\n", rc_full);
2790
2791 /* Hack for b/17898962, the following is the symptom... */
2792 if (rc_ext4 == ENABLE_INPLACE_ERR_DEV
2793 && rc_f2fs == ENABLE_INPLACE_ERR_DEV
2794 && rc_full == ENABLE_INPLACE_ERR_DEV) {
2795 return ENABLE_INPLACE_ERR_DEV;
2796 }
2797 return rc_full;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002798}
2799
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002800#define CRYPTO_ENABLE_WIPE 1
2801#define CRYPTO_ENABLE_INPLACE 2
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002802
2803#define FRAMEWORK_BOOT_WAIT 60
2804
Paul Lawrence87999172014-02-20 12:21:31 -08002805static int cryptfs_SHA256_fileblock(const char* filename, __le8* buf)
2806{
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07002807 int fd = open(filename, O_RDONLY|O_CLOEXEC);
Paul Lawrence87999172014-02-20 12:21:31 -08002808 if (fd == -1) {
2809 SLOGE("Error opening file %s", filename);
2810 return -1;
2811 }
2812
2813 char block[CRYPT_INPLACE_BUFSIZE];
2814 memset(block, 0, sizeof(block));
2815 if (unix_read(fd, block, sizeof(block)) < 0) {
2816 SLOGE("Error reading file %s", filename);
2817 close(fd);
2818 return -1;
2819 }
2820
2821 close(fd);
2822
2823 SHA256_CTX c;
2824 SHA256_Init(&c);
2825 SHA256_Update(&c, block, sizeof(block));
2826 SHA256_Final(buf, &c);
2827
2828 return 0;
2829}
2830
JP Abgrall62c7af32014-06-16 13:01:23 -07002831static int get_fs_type(struct fstab_rec *rec)
2832{
2833 if (!strcmp(rec->fs_type, "ext4")) {
2834 return EXT4_FS;
2835 } else if (!strcmp(rec->fs_type, "f2fs")) {
2836 return F2FS_FS;
2837 } else {
2838 return -1;
2839 }
2840}
2841
Paul Lawrence87999172014-02-20 12:21:31 -08002842static int cryptfs_enable_all_volumes(struct crypt_mnt_ftr *crypt_ftr, int how,
2843 char *crypto_blkdev, char *real_blkdev,
2844 int previously_encrypted_upto)
2845{
2846 off64_t cur_encryption_done=0, tot_encryption_size=0;
Tim Murray8439dc92014-12-15 11:56:11 -08002847 int rc = -1;
Paul Lawrence87999172014-02-20 12:21:31 -08002848
Paul Lawrence73d7a022014-06-09 14:10:09 -07002849 if (!is_battery_ok_to_start()) {
2850 SLOGW("Not starting encryption due to low battery");
Paul Lawrence87999172014-02-20 12:21:31 -08002851 return 0;
2852 }
2853
2854 /* The size of the userdata partition, and add in the vold volumes below */
2855 tot_encryption_size = crypt_ftr->fs_size;
2856
2857 if (how == CRYPTO_ENABLE_WIPE) {
JP Abgrall62c7af32014-06-16 13:01:23 -07002858 struct fstab_rec* rec = fs_mgr_get_entry_for_mount_point(fstab, DATA_MNT_POINT);
2859 int fs_type = get_fs_type(rec);
2860 if (fs_type < 0) {
2861 SLOGE("cryptfs_enable: unsupported fs type %s\n", rec->fs_type);
2862 return -1;
2863 }
2864 rc = cryptfs_enable_wipe(crypto_blkdev, crypt_ftr->fs_size, fs_type);
Paul Lawrence87999172014-02-20 12:21:31 -08002865 } else if (how == CRYPTO_ENABLE_INPLACE) {
2866 rc = cryptfs_enable_inplace(crypto_blkdev, real_blkdev,
2867 crypt_ftr->fs_size, &cur_encryption_done,
2868 tot_encryption_size,
2869 previously_encrypted_upto);
2870
JP Abgrall7fc1de82014-10-10 18:43:41 -07002871 if (rc == ENABLE_INPLACE_ERR_DEV) {
2872 /* Hack for b/17898962 */
2873 SLOGE("cryptfs_enable: crypto block dev failure. Must reboot...\n");
2874 cryptfs_reboot(reboot);
2875 }
2876
Paul Lawrence73d7a022014-06-09 14:10:09 -07002877 if (!rc) {
Paul Lawrence87999172014-02-20 12:21:31 -08002878 crypt_ftr->encrypted_upto = cur_encryption_done;
2879 }
2880
Paul Lawrence73d7a022014-06-09 14:10:09 -07002881 if (!rc && crypt_ftr->encrypted_upto == crypt_ftr->fs_size) {
Paul Lawrence87999172014-02-20 12:21:31 -08002882 /* The inplace routine never actually sets the progress to 100% due
2883 * to the round down nature of integer division, so set it here */
2884 property_set("vold.encrypt_progress", "100");
2885 }
2886 } else {
2887 /* Shouldn't happen */
2888 SLOGE("cryptfs_enable: internal error, unknown option\n");
2889 rc = -1;
2890 }
2891
2892 return rc;
2893}
2894
Paul Lawrence13486032014-02-03 13:28:11 -08002895int cryptfs_enable_internal(char *howarg, int crypt_type, char *passwd,
2896 int allow_reboot)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002897{
2898 int how = 0;
Paul Lawrence87999172014-02-20 12:21:31 -08002899 char crypto_blkdev[MAXPATHLEN], real_blkdev[MAXPATHLEN];
Ken Sumrall160b4d62013-04-22 12:15:39 -07002900 unsigned char decrypted_master_key[KEY_LEN_BYTES];
Hiroaki Miyazawa14eab552015-02-04 13:29:15 +09002901 int rc=-1, i;
Paul Lawrence87999172014-02-20 12:21:31 -08002902 struct crypt_mnt_ftr crypt_ftr;
Ken Sumrall160b4d62013-04-22 12:15:39 -07002903 struct crypt_persist_data *pdata;
Ken Sumrall29d8da82011-05-18 17:20:07 -07002904 char encrypted_state[PROPERTY_VALUE_MAX];
Ken Sumrall5d4c68e2011-01-30 19:06:03 -08002905 char lockid[32] = { 0 };
Ken Sumrall29d8da82011-05-18 17:20:07 -07002906 char key_loc[PROPERTY_VALUE_MAX];
Ken Sumrall29d8da82011-05-18 17:20:07 -07002907 int num_vols;
Paul Lawrence87999172014-02-20 12:21:31 -08002908 off64_t previously_encrypted_upto = 0;
Ken Sumrall29d8da82011-05-18 17:20:07 -07002909
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002910 if (!strcmp(howarg, "wipe")) {
2911 how = CRYPTO_ENABLE_WIPE;
2912 } else if (! strcmp(howarg, "inplace")) {
2913 how = CRYPTO_ENABLE_INPLACE;
2914 } else {
2915 /* Shouldn't happen, as CommandListener vets the args */
Ken Sumrall3ed82362011-01-28 23:31:16 -08002916 goto error_unencrypted;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002917 }
2918
Paul Lawrence87999172014-02-20 12:21:31 -08002919 /* See if an encryption was underway and interrupted */
2920 if (how == CRYPTO_ENABLE_INPLACE
2921 && get_crypt_ftr_and_key(&crypt_ftr) == 0
2922 && (crypt_ftr.flags & CRYPT_ENCRYPTION_IN_PROGRESS)) {
2923 previously_encrypted_upto = crypt_ftr.encrypted_upto;
2924 crypt_ftr.encrypted_upto = 0;
Paul Lawrence6bfed202014-07-28 12:47:22 -07002925 crypt_ftr.flags &= ~CRYPT_ENCRYPTION_IN_PROGRESS;
2926
2927 /* At this point, we are in an inconsistent state. Until we successfully
2928 complete encryption, a reboot will leave us broken. So mark the
2929 encryption failed in case that happens.
2930 On successfully completing encryption, remove this flag */
2931 crypt_ftr.flags |= CRYPT_INCONSISTENT_STATE;
2932
2933 put_crypt_ftr_and_key(&crypt_ftr);
Paul Lawrence87999172014-02-20 12:21:31 -08002934 }
2935
2936 property_get("ro.crypto.state", encrypted_state, "");
2937 if (!strcmp(encrypted_state, "encrypted") && !previously_encrypted_upto) {
2938 SLOGE("Device is already running encrypted, aborting");
2939 goto error_unencrypted;
2940 }
2941
2942 // TODO refactor fs_mgr_get_crypt_info to get both in one call
2943 fs_mgr_get_crypt_info(fstab, key_loc, 0, sizeof(key_loc));
Ken Sumrall56ad03c2013-02-13 13:00:19 -08002944 fs_mgr_get_crypt_info(fstab, 0, real_blkdev, sizeof(real_blkdev));
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002945
Ken Sumrall3ed82362011-01-28 23:31:16 -08002946 /* Get the size of the real block device */
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07002947 int fd = open(real_blkdev, O_RDONLY|O_CLOEXEC);
Hiroaki Miyazawa14eab552015-02-04 13:29:15 +09002948 if (fd == -1) {
2949 SLOGE("Cannot open block device %s\n", real_blkdev);
2950 goto error_unencrypted;
2951 }
2952 unsigned long nr_sec;
2953 get_blkdev_size(fd, &nr_sec);
2954 if (nr_sec == 0) {
Ken Sumrall3ed82362011-01-28 23:31:16 -08002955 SLOGE("Cannot get size of block device %s\n", real_blkdev);
2956 goto error_unencrypted;
2957 }
2958 close(fd);
2959
2960 /* If doing inplace encryption, make sure the orig fs doesn't include the crypto footer */
Ken Sumrall29d8da82011-05-18 17:20:07 -07002961 if ((how == CRYPTO_ENABLE_INPLACE) && (!strcmp(key_loc, KEY_IN_FOOTER))) {
Ken Sumrall3ed82362011-01-28 23:31:16 -08002962 unsigned int fs_size_sec, max_fs_size_sec;
Jim Millera70abc62014-08-15 02:00:45 +00002963 fs_size_sec = get_fs_size(real_blkdev);
Daniel Rosenberge82df162014-08-15 22:19:23 +00002964 if (fs_size_sec == 0)
2965 fs_size_sec = get_f2fs_filesystem_size_sec(real_blkdev);
2966
Paul Lawrence87999172014-02-20 12:21:31 -08002967 max_fs_size_sec = nr_sec - (CRYPT_FOOTER_OFFSET / CRYPT_SECTOR_SIZE);
Ken Sumrall3ed82362011-01-28 23:31:16 -08002968
2969 if (fs_size_sec > max_fs_size_sec) {
2970 SLOGE("Orig filesystem overlaps crypto footer region. Cannot encrypt in place.");
2971 goto error_unencrypted;
2972 }
2973 }
2974
Ken Sumrall5d4c68e2011-01-30 19:06:03 -08002975 /* Get a wakelock as this may take a while, and we don't want the
2976 * device to sleep on us. We'll grab a partial wakelock, and if the UI
2977 * wants to keep the screen on, it can grab a full wakelock.
2978 */
Ken Sumrall29d8da82011-05-18 17:20:07 -07002979 snprintf(lockid, sizeof(lockid), "enablecrypto%d", (int) getpid());
Ken Sumrall5d4c68e2011-01-30 19:06:03 -08002980 acquire_wake_lock(PARTIAL_WAKE_LOCK, lockid);
2981
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002982 /* The init files are setup to stop the class main and late start when
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002983 * vold sets trigger_shutdown_framework.
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002984 */
2985 property_set("vold.decrypt", "trigger_shutdown_framework");
2986 SLOGD("Just asked init to shut down class main\n");
2987
Jeff Sharkey9c484982015-03-31 10:35:33 -07002988 /* Ask vold to unmount all devices that it manages */
2989 if (vold_unmountAll()) {
2990 SLOGE("Failed to unmount all vold managed devices");
Ken Sumrall2eaf7132011-01-14 12:45:48 -08002991 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002992
2993 /* Now unmount the /data partition. */
Greg Hackmann6e8440f2014-10-02 17:18:20 -07002994 if (wait_and_unmount(DATA_MNT_POINT, false)) {
JP Abgrall502dc742013-11-01 13:06:20 -07002995 if (allow_reboot) {
2996 goto error_shutting_down;
2997 } else {
2998 goto error_unencrypted;
2999 }
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003000 }
3001
3002 /* Do extra work for a better UX when doing the long inplace encryption */
3003 if (how == CRYPTO_ENABLE_INPLACE) {
3004 /* Now that /data is unmounted, we need to mount a tmpfs
3005 * /data, set a property saying we're doing inplace encryption,
3006 * and restart the framework.
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003007 */
Ken Sumralle5032c42012-04-01 23:58:44 -07003008 if (fs_mgr_do_tmpfs_mount(DATA_MNT_POINT)) {
Ken Sumrall3ed82362011-01-28 23:31:16 -08003009 goto error_shutting_down;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003010 }
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003011 /* Tells the framework that inplace encryption is starting */
Ken Sumrall7df84122011-01-18 14:04:08 -08003012 property_set("vold.encrypt_progress", "0");
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003013
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003014 /* restart the framework. */
3015 /* Create necessary paths on /data */
3016 if (prep_data_fs()) {
Ken Sumrall3ed82362011-01-28 23:31:16 -08003017 goto error_shutting_down;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003018 }
3019
Ken Sumrall92736ef2012-10-17 20:57:14 -07003020 /* Ugh, shutting down the framework is not synchronous, so until it
3021 * can be fixed, this horrible hack will wait a moment for it all to
3022 * shut down before proceeding. Without it, some devices cannot
3023 * restart the graphics services.
3024 */
3025 sleep(2);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003026 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003027
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003028 /* Start the actual work of making an encrypted filesystem */
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003029 /* Initialize a crypt_mnt_ftr for the partition */
Paul Lawrence87999172014-02-20 12:21:31 -08003030 if (previously_encrypted_upto == 0) {
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07003031 if (cryptfs_init_crypt_mnt_ftr(&crypt_ftr)) {
3032 goto error_shutting_down;
3033 }
Ken Sumrall160b4d62013-04-22 12:15:39 -07003034
Paul Lawrence87999172014-02-20 12:21:31 -08003035 if (!strcmp(key_loc, KEY_IN_FOOTER)) {
3036 crypt_ftr.fs_size = nr_sec
3037 - (CRYPT_FOOTER_OFFSET / CRYPT_SECTOR_SIZE);
3038 } else {
3039 crypt_ftr.fs_size = nr_sec;
3040 }
Paul Lawrence6bfed202014-07-28 12:47:22 -07003041 /* At this point, we are in an inconsistent state. Until we successfully
3042 complete encryption, a reboot will leave us broken. So mark the
3043 encryption failed in case that happens.
3044 On successfully completing encryption, remove this flag */
3045 crypt_ftr.flags |= CRYPT_INCONSISTENT_STATE;
Paul Lawrence87999172014-02-20 12:21:31 -08003046 crypt_ftr.crypt_type = crypt_type;
Ajay Dudani87701e22014-09-17 21:02:52 -07003047#ifndef CONFIG_HW_DISK_ENCRYPTION
3048 strlcpy((char *)crypt_ftr.crypto_type_name, "aes-cbc-essiv:sha256", MAX_CRYPTO_TYPE_NAME_LEN);
3049#else
3050 strlcpy((char *)crypt_ftr.crypto_type_name, "aes-xts", MAX_CRYPTO_TYPE_NAME_LEN);
3051
Iliyan Malchevbb7d9af2014-11-20 18:42:23 -08003052 rc = clear_hw_device_encryption_key();
Ajay Dudani87701e22014-09-17 21:02:52 -07003053 if (!rc) {
3054 SLOGE("Error clearing device encryption hardware key. rc = %d", rc);
3055 }
3056
3057 rc = set_hw_device_encryption_key(passwd,
3058 (char*) crypt_ftr.crypto_type_name);
3059 if (!rc) {
3060 SLOGE("Error initializing device encryption hardware key. rc = %d", rc);
3061 goto error_shutting_down;
3062 }
3063#endif
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003064
Paul Lawrence87999172014-02-20 12:21:31 -08003065 /* Make an encrypted master key */
3066 if (create_encrypted_random_key(passwd, crypt_ftr.master_key, crypt_ftr.salt, &crypt_ftr)) {
3067 SLOGE("Cannot create encrypted master key\n");
3068 goto error_shutting_down;
3069 }
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003070
Paul Lawrence87999172014-02-20 12:21:31 -08003071 /* Write the key to the end of the partition */
3072 put_crypt_ftr_and_key(&crypt_ftr);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003073
Paul Lawrence87999172014-02-20 12:21:31 -08003074 /* If any persistent data has been remembered, save it.
3075 * If none, create a valid empty table and save that.
3076 */
3077 if (!persist_data) {
3078 pdata = malloc(CRYPT_PERSIST_DATA_SIZE);
3079 if (pdata) {
3080 init_empty_persist_data(pdata, CRYPT_PERSIST_DATA_SIZE);
3081 persist_data = pdata;
3082 }
3083 }
3084 if (persist_data) {
3085 save_persistent_data();
3086 }
Ken Sumrall160b4d62013-04-22 12:15:39 -07003087 }
3088
Ajay Dudani87701e22014-09-17 21:02:52 -07003089 if (how == CRYPTO_ENABLE_INPLACE) {
3090 /* startup service classes main and late_start */
3091 property_set("vold.decrypt", "trigger_restart_min_framework");
3092 SLOGD("Just triggered restart_min_framework\n");
3093
3094 /* OK, the framework is restarted and will soon be showing a
3095 * progress bar. Time to setup an encrypted mapping, and
3096 * either write a new filesystem, or encrypt in place updating
3097 * the progress bar as we work.
3098 */
3099 }
3100
Paul Lawrenced0c7b172014-08-08 14:28:10 -07003101 decrypt_master_key(passwd, decrypted_master_key, &crypt_ftr, 0, 0);
Ken Sumrall29d8da82011-05-18 17:20:07 -07003102 create_crypto_blk_dev(&crypt_ftr, decrypted_master_key, real_blkdev, crypto_blkdev,
3103 "userdata");
3104
Paul Lawrence87999172014-02-20 12:21:31 -08003105 /* If we are continuing, check checksums match */
3106 rc = 0;
3107 if (previously_encrypted_upto) {
3108 __le8 hash_first_block[SHA256_DIGEST_LENGTH];
3109 rc = cryptfs_SHA256_fileblock(crypto_blkdev, hash_first_block);
Ken Sumrall128626f2011-06-28 18:45:14 -07003110
Paul Lawrence87999172014-02-20 12:21:31 -08003111 if (!rc && memcmp(hash_first_block, crypt_ftr.hash_first_block,
3112 sizeof(hash_first_block)) != 0) {
3113 SLOGE("Checksums do not match - trigger wipe");
3114 rc = -1;
Ken Sumrall29d8da82011-05-18 17:20:07 -07003115 }
3116 }
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003117
Paul Lawrence87999172014-02-20 12:21:31 -08003118 if (!rc) {
3119 rc = cryptfs_enable_all_volumes(&crypt_ftr, how,
3120 crypto_blkdev, real_blkdev,
3121 previously_encrypted_upto);
3122 }
3123
3124 /* Calculate checksum if we are not finished */
Paul Lawrenceb1eb7a02014-11-25 14:57:32 -08003125 if (!rc && how == CRYPTO_ENABLE_INPLACE
3126 && crypt_ftr.encrypted_upto != crypt_ftr.fs_size) {
Paul Lawrence87999172014-02-20 12:21:31 -08003127 rc = cryptfs_SHA256_fileblock(crypto_blkdev,
3128 crypt_ftr.hash_first_block);
Paul Lawrence73d7a022014-06-09 14:10:09 -07003129 if (rc) {
Paul Lawrence87999172014-02-20 12:21:31 -08003130 SLOGE("Error calculating checksum for continuing encryption");
3131 rc = -1;
Ken Sumrall29d8da82011-05-18 17:20:07 -07003132 }
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003133 }
3134
3135 /* Undo the dm-crypt mapping whether we succeed or not */
Ken Sumrall29d8da82011-05-18 17:20:07 -07003136 delete_crypto_blk_dev("userdata");
Ken Sumrall29d8da82011-05-18 17:20:07 -07003137
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003138 if (! rc) {
3139 /* Success */
Paul Lawrence6bfed202014-07-28 12:47:22 -07003140 crypt_ftr.flags &= ~CRYPT_INCONSISTENT_STATE;
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08003141
Paul Lawrenceb1eb7a02014-11-25 14:57:32 -08003142 if (how == CRYPTO_ENABLE_INPLACE
3143 && crypt_ftr.encrypted_upto != crypt_ftr.fs_size) {
Paul Lawrence87999172014-02-20 12:21:31 -08003144 SLOGD("Encrypted up to sector %lld - will continue after reboot",
3145 crypt_ftr.encrypted_upto);
Paul Lawrence6bfed202014-07-28 12:47:22 -07003146 crypt_ftr.flags |= CRYPT_ENCRYPTION_IN_PROGRESS;
Paul Lawrence87999172014-02-20 12:21:31 -08003147 }
Paul Lawrence73d7a022014-06-09 14:10:09 -07003148
Paul Lawrence6bfed202014-07-28 12:47:22 -07003149 put_crypt_ftr_and_key(&crypt_ftr);
Ken Sumralld33d4172011-02-01 00:49:13 -08003150
Paul Lawrenceb1eb7a02014-11-25 14:57:32 -08003151 if (how == CRYPTO_ENABLE_WIPE
3152 || crypt_ftr.encrypted_upto == crypt_ftr.fs_size) {
Paul Lawrenceb6672e12014-08-15 07:37:28 -07003153 char value[PROPERTY_VALUE_MAX];
3154 property_get("ro.crypto.state", value, "");
3155 if (!strcmp(value, "")) {
3156 /* default encryption - continue first boot sequence */
3157 property_set("ro.crypto.state", "encrypted");
3158 release_wake_lock(lockid);
3159 cryptfs_check_passwd(DEFAULT_PASSWORD);
3160 cryptfs_restart_internal(1);
3161 return 0;
3162 } else {
3163 sleep(2); /* Give the UI a chance to show 100% progress */
Paul Lawrence87999172014-02-20 12:21:31 -08003164 cryptfs_reboot(reboot);
Paul Lawrenceb6672e12014-08-15 07:37:28 -07003165 }
Paul Lawrence87999172014-02-20 12:21:31 -08003166 } else {
Paul Lawrenceb6672e12014-08-15 07:37:28 -07003167 sleep(2); /* Partially encrypted, ensure writes flushed to ssd */
Paul Lawrence87999172014-02-20 12:21:31 -08003168 cryptfs_reboot(shutdown);
3169 }
Ken Sumrall3ed82362011-01-28 23:31:16 -08003170 } else {
Mike Lockwoodee6d8c42012-02-15 13:43:28 -08003171 char value[PROPERTY_VALUE_MAX];
3172
Ken Sumrall319369a2012-06-27 16:30:18 -07003173 property_get("ro.vold.wipe_on_crypt_fail", value, "0");
Mike Lockwoodee6d8c42012-02-15 13:43:28 -08003174 if (!strcmp(value, "1")) {
3175 /* wipe data if encryption failed */
3176 SLOGE("encryption failed - rebooting into recovery to wipe data\n");
3177 mkdir("/cache/recovery", 0700);
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07003178 int fd = open("/cache/recovery/command", O_RDWR|O_CREAT|O_TRUNC|O_CLOEXEC, 0600);
Mike Lockwoodee6d8c42012-02-15 13:43:28 -08003179 if (fd >= 0) {
Jeff Sharkeydd1a8042014-09-24 11:46:51 -07003180 write(fd, "--wipe_data\n", strlen("--wipe_data\n") + 1);
3181 write(fd, "--reason=cryptfs_enable_internal\n", strlen("--reason=cryptfs_enable_internal\n") + 1);
Mike Lockwoodee6d8c42012-02-15 13:43:28 -08003182 close(fd);
3183 } else {
3184 SLOGE("could not open /cache/recovery/command\n");
3185 }
Paul Lawrence87999172014-02-20 12:21:31 -08003186 cryptfs_reboot(recovery);
Mike Lockwoodee6d8c42012-02-15 13:43:28 -08003187 } else {
3188 /* set property to trigger dialog */
3189 property_set("vold.encrypt_progress", "error_partially_encrypted");
3190 release_wake_lock(lockid);
3191 }
Ken Sumrall3ed82362011-01-28 23:31:16 -08003192 return -1;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003193 }
3194
Ken Sumrall3ed82362011-01-28 23:31:16 -08003195 /* hrm, the encrypt step claims success, but the reboot failed.
3196 * This should not happen.
3197 * Set the property and return. Hope the framework can deal with it.
3198 */
3199 property_set("vold.encrypt_progress", "error_reboot_failed");
Ken Sumrall5d4c68e2011-01-30 19:06:03 -08003200 release_wake_lock(lockid);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003201 return rc;
Ken Sumrall3ed82362011-01-28 23:31:16 -08003202
3203error_unencrypted:
3204 property_set("vold.encrypt_progress", "error_not_encrypted");
Ken Sumrall5d4c68e2011-01-30 19:06:03 -08003205 if (lockid[0]) {
3206 release_wake_lock(lockid);
3207 }
Ken Sumrall3ed82362011-01-28 23:31:16 -08003208 return -1;
3209
3210error_shutting_down:
3211 /* we failed, and have not encrypted anthing, so the users's data is still intact,
3212 * but the framework is stopped and not restarted to show the error, so it's up to
3213 * vold to restart the system.
3214 */
3215 SLOGE("Error enabling encryption after framework is shutdown, no data changed, restarting system");
Paul Lawrence87999172014-02-20 12:21:31 -08003216 cryptfs_reboot(reboot);
Ken Sumrall3ed82362011-01-28 23:31:16 -08003217
3218 /* shouldn't get here */
3219 property_set("vold.encrypt_progress", "error_shutting_down");
Ken Sumrall5d4c68e2011-01-30 19:06:03 -08003220 if (lockid[0]) {
3221 release_wake_lock(lockid);
3222 }
Ken Sumrall3ed82362011-01-28 23:31:16 -08003223 return -1;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003224}
3225
Paul Lawrence45f10532014-04-04 18:11:56 +00003226int cryptfs_enable(char *howarg, int type, char *passwd, int allow_reboot)
Paul Lawrence13486032014-02-03 13:28:11 -08003227{
Paul Lawrence3bd36d52015-06-09 13:37:44 -07003228 return cryptfs_enable_internal(howarg, type, passwd, allow_reboot);
Paul Lawrence13486032014-02-03 13:28:11 -08003229}
3230
3231int cryptfs_enable_default(char *howarg, int allow_reboot)
3232{
3233 return cryptfs_enable_internal(howarg, CRYPT_TYPE_DEFAULT,
3234 DEFAULT_PASSWORD, allow_reboot);
3235}
3236
3237int cryptfs_changepw(int crypt_type, const char *newpw)
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003238{
Paul Lawrence05335c32015-03-05 09:46:23 -08003239 if (e4crypt_crypto_complete(DATA_MNT_POINT) == 0) {
3240 return e4crypt_change_password(DATA_MNT_POINT, crypt_type, newpw);
3241 }
3242
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003243 struct crypt_mnt_ftr crypt_ftr;
JP Abgrall933216c2015-02-11 13:44:32 -08003244 int rc;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003245
3246 /* This is only allowed after we've successfully decrypted the master key */
Paul Lawrencef4faa572014-01-29 13:31:03 -08003247 if (!master_key_saved) {
Ken Sumrall0cc16632011-01-18 20:32:26 -08003248 SLOGE("Key not saved, aborting");
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003249 return -1;
3250 }
3251
Paul Lawrencef4faa572014-01-29 13:31:03 -08003252 if (crypt_type < 0 || crypt_type > CRYPT_TYPE_MAX_TYPE) {
3253 SLOGE("Invalid crypt_type %d", crypt_type);
3254 return -1;
3255 }
3256
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003257 /* get key */
Ken Sumrall160b4d62013-04-22 12:15:39 -07003258 if (get_crypt_ftr_and_key(&crypt_ftr)) {
Paul Lawrencef4faa572014-01-29 13:31:03 -08003259 SLOGE("Error getting crypt footer and key");
3260 return -1;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003261 }
3262
Paul Lawrencef4faa572014-01-29 13:31:03 -08003263 crypt_ftr.crypt_type = crypt_type;
3264
JP Abgrall933216c2015-02-11 13:44:32 -08003265 rc = encrypt_master_key(crypt_type == CRYPT_TYPE_DEFAULT ? DEFAULT_PASSWORD
Paul Lawrencef4faa572014-01-29 13:31:03 -08003266 : newpw,
3267 crypt_ftr.salt,
3268 saved_master_key,
3269 crypt_ftr.master_key,
3270 &crypt_ftr);
JP Abgrall933216c2015-02-11 13:44:32 -08003271 if (rc) {
3272 SLOGE("Encrypt master key failed: %d", rc);
3273 return -1;
3274 }
Jason parks70a4b3f2011-01-28 10:10:47 -06003275 /* save the key */
Ken Sumrall160b4d62013-04-22 12:15:39 -07003276 put_crypt_ftr_and_key(&crypt_ftr);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003277
Ajay Dudani87701e22014-09-17 21:02:52 -07003278#ifdef CONFIG_HW_DISK_ENCRYPTION
Iliyan Malchevbb7d9af2014-11-20 18:42:23 -08003279 if (!strcmp((char *)crypt_ftr.crypto_type_name, "aes-xts")) {
3280 if (crypt_type == CRYPT_TYPE_DEFAULT) {
3281 int rc = update_hw_device_encryption_key(DEFAULT_PASSWORD, (char*) crypt_ftr.crypto_type_name);
3282 SLOGD("Update hardware encryption key to default for crypt_type: %d. rc = %d", crypt_type, rc);
3283 if (!rc)
3284 return -1;
3285 } else {
3286 int rc = update_hw_device_encryption_key(newpw, (char*) crypt_ftr.crypto_type_name);
3287 SLOGD("Update hardware encryption key for crypt_type: %d. rc = %d", crypt_type, rc);
3288 if (!rc)
3289 return -1;
3290 }
Ajay Dudani87701e22014-09-17 21:02:52 -07003291 }
3292#endif
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003293 return 0;
3294}
Ken Sumrall160b4d62013-04-22 12:15:39 -07003295
Rubin Xu85c01f92014-10-13 12:49:54 +01003296static unsigned int persist_get_max_entries(int encrypted) {
3297 struct crypt_mnt_ftr crypt_ftr;
3298 unsigned int dsize;
3299 unsigned int max_persistent_entries;
3300
3301 /* If encrypted, use the values from the crypt_ftr, otherwise
3302 * use the values for the current spec.
3303 */
3304 if (encrypted) {
3305 if (get_crypt_ftr_and_key(&crypt_ftr)) {
3306 return -1;
3307 }
3308 dsize = crypt_ftr.persist_data_size;
3309 } else {
3310 dsize = CRYPT_PERSIST_DATA_SIZE;
3311 }
3312
3313 max_persistent_entries = (dsize - sizeof(struct crypt_persist_data)) /
3314 sizeof(struct crypt_persist_entry);
3315
3316 return max_persistent_entries;
3317}
3318
3319static int persist_get_key(const char *fieldname, char *value)
Ken Sumrall160b4d62013-04-22 12:15:39 -07003320{
3321 unsigned int i;
3322
3323 if (persist_data == NULL) {
3324 return -1;
3325 }
3326 for (i = 0; i < persist_data->persist_valid_entries; i++) {
3327 if (!strncmp(persist_data->persist_entry[i].key, fieldname, PROPERTY_KEY_MAX)) {
3328 /* We found it! */
3329 strlcpy(value, persist_data->persist_entry[i].val, PROPERTY_VALUE_MAX);
3330 return 0;
3331 }
3332 }
3333
3334 return -1;
3335}
3336
Rubin Xu85c01f92014-10-13 12:49:54 +01003337static int persist_set_key(const char *fieldname, const char *value, int encrypted)
Ken Sumrall160b4d62013-04-22 12:15:39 -07003338{
3339 unsigned int i;
3340 unsigned int num;
Ken Sumrall160b4d62013-04-22 12:15:39 -07003341 unsigned int max_persistent_entries;
Ken Sumrall160b4d62013-04-22 12:15:39 -07003342
3343 if (persist_data == NULL) {
3344 return -1;
3345 }
3346
Rubin Xu85c01f92014-10-13 12:49:54 +01003347 max_persistent_entries = persist_get_max_entries(encrypted);
Ken Sumrall160b4d62013-04-22 12:15:39 -07003348
3349 num = persist_data->persist_valid_entries;
3350
3351 for (i = 0; i < num; i++) {
3352 if (!strncmp(persist_data->persist_entry[i].key, fieldname, PROPERTY_KEY_MAX)) {
3353 /* We found an existing entry, update it! */
3354 memset(persist_data->persist_entry[i].val, 0, PROPERTY_VALUE_MAX);
3355 strlcpy(persist_data->persist_entry[i].val, value, PROPERTY_VALUE_MAX);
3356 return 0;
3357 }
3358 }
3359
3360 /* We didn't find it, add it to the end, if there is room */
3361 if (persist_data->persist_valid_entries < max_persistent_entries) {
3362 memset(&persist_data->persist_entry[num], 0, sizeof(struct crypt_persist_entry));
3363 strlcpy(persist_data->persist_entry[num].key, fieldname, PROPERTY_KEY_MAX);
3364 strlcpy(persist_data->persist_entry[num].val, value, PROPERTY_VALUE_MAX);
3365 persist_data->persist_valid_entries++;
3366 return 0;
3367 }
3368
3369 return -1;
3370}
3371
Rubin Xu85c01f92014-10-13 12:49:54 +01003372/**
3373 * Test if key is part of the multi-entry (field, index) sequence. Return non-zero if key is in the
3374 * sequence and its index is greater than or equal to index. Return 0 otherwise.
3375 */
3376static int match_multi_entry(const char *key, const char *field, unsigned index) {
Rubin Xu85c01f92014-10-13 12:49:54 +01003377 unsigned int field_len;
3378 unsigned int key_index;
3379 field_len = strlen(field);
3380
3381 if (index == 0) {
3382 // The first key in a multi-entry field is just the filedname itself.
3383 if (!strcmp(key, field)) {
3384 return 1;
3385 }
3386 }
3387 // Match key against "%s_%d" % (field, index)
3388 if (strlen(key) < field_len + 1 + 1) {
3389 // Need at least a '_' and a digit.
3390 return 0;
3391 }
3392 if (strncmp(key, field, field_len)) {
3393 // If the key does not begin with field, it's not a match.
3394 return 0;
3395 }
3396 if (1 != sscanf(&key[field_len],"_%d", &key_index)) {
3397 return 0;
3398 }
3399 return key_index >= index;
3400}
3401
3402/*
3403 * Delete entry/entries from persist_data. If the entries are part of a multi-segment field, all
3404 * remaining entries starting from index will be deleted.
3405 * returns PERSIST_DEL_KEY_OK if deletion succeeds,
3406 * PERSIST_DEL_KEY_ERROR_NO_FIELD if the field does not exist,
3407 * and PERSIST_DEL_KEY_ERROR_OTHER if error occurs.
3408 *
3409 */
3410static int persist_del_keys(const char *fieldname, unsigned index)
3411{
3412 unsigned int i;
3413 unsigned int j;
3414 unsigned int num;
3415
3416 if (persist_data == NULL) {
3417 return PERSIST_DEL_KEY_ERROR_OTHER;
3418 }
3419
3420 num = persist_data->persist_valid_entries;
3421
3422 j = 0; // points to the end of non-deleted entries.
3423 // Filter out to-be-deleted entries in place.
3424 for (i = 0; i < num; i++) {
3425 if (!match_multi_entry(persist_data->persist_entry[i].key, fieldname, index)) {
3426 persist_data->persist_entry[j] = persist_data->persist_entry[i];
3427 j++;
3428 }
3429 }
3430
3431 if (j < num) {
3432 persist_data->persist_valid_entries = j;
3433 // Zeroise the remaining entries
3434 memset(&persist_data->persist_entry[j], 0, (num - j) * sizeof(struct crypt_persist_entry));
3435 return PERSIST_DEL_KEY_OK;
3436 } else {
3437 // Did not find an entry matching the given fieldname
3438 return PERSIST_DEL_KEY_ERROR_NO_FIELD;
3439 }
3440}
3441
3442static int persist_count_keys(const char *fieldname)
3443{
3444 unsigned int i;
3445 unsigned int count;
3446
3447 if (persist_data == NULL) {
3448 return -1;
3449 }
3450
3451 count = 0;
3452 for (i = 0; i < persist_data->persist_valid_entries; i++) {
3453 if (match_multi_entry(persist_data->persist_entry[i].key, fieldname, 0)) {
3454 count++;
3455 }
3456 }
3457
3458 return count;
3459}
3460
Ken Sumrall160b4d62013-04-22 12:15:39 -07003461/* Return the value of the specified field. */
Rubin Xu85c01f92014-10-13 12:49:54 +01003462int cryptfs_getfield(const char *fieldname, char *value, int len)
Ken Sumrall160b4d62013-04-22 12:15:39 -07003463{
Paul Lawrence368d7942015-04-15 14:12:00 -07003464 if (e4crypt_crypto_complete(DATA_MNT_POINT) == 0) {
3465 return e4crypt_get_field(DATA_MNT_POINT, fieldname, value, len);
3466 }
3467
Ken Sumrall160b4d62013-04-22 12:15:39 -07003468 char temp_value[PROPERTY_VALUE_MAX];
Rubin Xu85c01f92014-10-13 12:49:54 +01003469 /* CRYPTO_GETFIELD_OK is success,
3470 * CRYPTO_GETFIELD_ERROR_NO_FIELD is value not set,
3471 * CRYPTO_GETFIELD_ERROR_BUF_TOO_SMALL is buffer (as given by len) too small,
3472 * CRYPTO_GETFIELD_ERROR_OTHER is any other error
Ken Sumrall160b4d62013-04-22 12:15:39 -07003473 */
Rubin Xu85c01f92014-10-13 12:49:54 +01003474 int rc = CRYPTO_GETFIELD_ERROR_OTHER;
3475 int i;
3476 char temp_field[PROPERTY_KEY_MAX];
Ken Sumrall160b4d62013-04-22 12:15:39 -07003477
3478 if (persist_data == NULL) {
3479 load_persistent_data();
3480 if (persist_data == NULL) {
3481 SLOGE("Getfield error, cannot load persistent data");
3482 goto out;
3483 }
3484 }
3485
Rubin Xu85c01f92014-10-13 12:49:54 +01003486 // Read value from persistent entries. If the original value is split into multiple entries,
3487 // stitch them back together.
Ken Sumrall160b4d62013-04-22 12:15:39 -07003488 if (!persist_get_key(fieldname, temp_value)) {
Rubin Xu85c01f92014-10-13 12:49:54 +01003489 // We found it, copy it to the caller's buffer and keep going until all entries are read.
3490 if (strlcpy(value, temp_value, len) >= (unsigned) len) {
3491 // value too small
3492 rc = CRYPTO_GETFIELD_ERROR_BUF_TOO_SMALL;
3493 goto out;
3494 }
3495 rc = CRYPTO_GETFIELD_OK;
3496
3497 for (i = 1; /* break explicitly */; i++) {
3498 if (snprintf(temp_field, sizeof(temp_field), "%s_%d", fieldname, i) >=
3499 (int) sizeof(temp_field)) {
3500 // If the fieldname is very long, we stop as soon as it begins to overflow the
3501 // maximum field length. At this point we have in fact fully read out the original
3502 // value because cryptfs_setfield would not allow fields with longer names to be
3503 // written in the first place.
3504 break;
3505 }
3506 if (!persist_get_key(temp_field, temp_value)) {
3507 if (strlcat(value, temp_value, len) >= (unsigned)len) {
3508 // value too small.
3509 rc = CRYPTO_GETFIELD_ERROR_BUF_TOO_SMALL;
3510 goto out;
3511 }
3512 } else {
3513 // Exhaust all entries.
3514 break;
3515 }
3516 }
Ken Sumrall160b4d62013-04-22 12:15:39 -07003517 } else {
3518 /* Sadness, it's not there. Return the error */
Rubin Xu85c01f92014-10-13 12:49:54 +01003519 rc = CRYPTO_GETFIELD_ERROR_NO_FIELD;
Ken Sumrall160b4d62013-04-22 12:15:39 -07003520 }
3521
3522out:
3523 return rc;
3524}
3525
3526/* Set the value of the specified field. */
Rubin Xu85c01f92014-10-13 12:49:54 +01003527int cryptfs_setfield(const char *fieldname, const char *value)
Ken Sumrall160b4d62013-04-22 12:15:39 -07003528{
Paul Lawrence368d7942015-04-15 14:12:00 -07003529 if (e4crypt_crypto_complete(DATA_MNT_POINT) == 0) {
3530 return e4crypt_set_field(DATA_MNT_POINT, fieldname, value);
3531 }
3532
Ken Sumrall160b4d62013-04-22 12:15:39 -07003533 char encrypted_state[PROPERTY_VALUE_MAX];
Rubin Xu85c01f92014-10-13 12:49:54 +01003534 /* 0 is success, negative values are error */
3535 int rc = CRYPTO_SETFIELD_ERROR_OTHER;
Ken Sumrall160b4d62013-04-22 12:15:39 -07003536 int encrypted = 0;
Rubin Xu85c01f92014-10-13 12:49:54 +01003537 unsigned int field_id;
3538 char temp_field[PROPERTY_KEY_MAX];
3539 unsigned int num_entries;
3540 unsigned int max_keylen;
Ken Sumrall160b4d62013-04-22 12:15:39 -07003541
3542 if (persist_data == NULL) {
3543 load_persistent_data();
3544 if (persist_data == NULL) {
3545 SLOGE("Setfield error, cannot load persistent data");
3546 goto out;
3547 }
3548 }
3549
3550 property_get("ro.crypto.state", encrypted_state, "");
3551 if (!strcmp(encrypted_state, "encrypted") ) {
3552 encrypted = 1;
3553 }
3554
Rubin Xu85c01f92014-10-13 12:49:54 +01003555 // Compute the number of entries required to store value, each entry can store up to
3556 // (PROPERTY_VALUE_MAX - 1) chars
3557 if (strlen(value) == 0) {
3558 // Empty value also needs one entry to store.
3559 num_entries = 1;
3560 } else {
3561 num_entries = (strlen(value) + (PROPERTY_VALUE_MAX - 1) - 1) / (PROPERTY_VALUE_MAX - 1);
3562 }
3563
3564 max_keylen = strlen(fieldname);
3565 if (num_entries > 1) {
3566 // Need an extra "_%d" suffix.
3567 max_keylen += 1 + log10(num_entries);
3568 }
3569 if (max_keylen > PROPERTY_KEY_MAX - 1) {
3570 rc = CRYPTO_SETFIELD_ERROR_FIELD_TOO_LONG;
Ken Sumrall160b4d62013-04-22 12:15:39 -07003571 goto out;
3572 }
3573
Rubin Xu85c01f92014-10-13 12:49:54 +01003574 // Make sure we have enough space to write the new value
3575 if (persist_data->persist_valid_entries + num_entries - persist_count_keys(fieldname) >
3576 persist_get_max_entries(encrypted)) {
3577 rc = CRYPTO_SETFIELD_ERROR_VALUE_TOO_LONG;
3578 goto out;
3579 }
3580
3581 // Now that we know persist_data has enough space for value, let's delete the old field first
3582 // to make up space.
3583 persist_del_keys(fieldname, 0);
3584
3585 if (persist_set_key(fieldname, value, encrypted)) {
3586 // fail to set key, should not happen as we have already checked the available space
3587 SLOGE("persist_set_key() error during setfield()");
3588 goto out;
3589 }
3590
3591 for (field_id = 1; field_id < num_entries; field_id++) {
3592 snprintf(temp_field, sizeof(temp_field), "%s_%d", fieldname, field_id);
3593
3594 if (persist_set_key(temp_field, value + field_id * (PROPERTY_VALUE_MAX - 1), encrypted)) {
3595 // fail to set key, should not happen as we have already checked the available space.
3596 SLOGE("persist_set_key() error during setfield()");
3597 goto out;
3598 }
3599 }
3600
Ken Sumrall160b4d62013-04-22 12:15:39 -07003601 /* If we are running encrypted, save the persistent data now */
3602 if (encrypted) {
3603 if (save_persistent_data()) {
3604 SLOGE("Setfield error, cannot save persistent data");
3605 goto out;
3606 }
3607 }
3608
Rubin Xu85c01f92014-10-13 12:49:54 +01003609 rc = CRYPTO_SETFIELD_OK;
Ken Sumrall160b4d62013-04-22 12:15:39 -07003610
3611out:
3612 return rc;
3613}
Paul Lawrencef4faa572014-01-29 13:31:03 -08003614
3615/* Checks userdata. Attempt to mount the volume if default-
3616 * encrypted.
3617 * On success trigger next init phase and return 0.
3618 * Currently do not handle failure - see TODO below.
3619 */
3620int cryptfs_mount_default_encrypted(void)
3621{
3622 char decrypt_state[PROPERTY_VALUE_MAX];
3623 property_get("vold.decrypt", decrypt_state, "0");
3624 if (!strcmp(decrypt_state, "0")) {
3625 SLOGE("Not encrypted - should not call here");
3626 } else {
3627 int crypt_type = cryptfs_get_password_type();
3628 if (crypt_type < 0 || crypt_type > CRYPT_TYPE_MAX_TYPE) {
3629 SLOGE("Bad crypt type - error");
3630 } else if (crypt_type != CRYPT_TYPE_DEFAULT) {
3631 SLOGD("Password is not default - "
3632 "starting min framework to prompt");
3633 property_set("vold.decrypt", "trigger_restart_min_framework");
3634 return 0;
3635 } else if (cryptfs_check_passwd(DEFAULT_PASSWORD) == 0) {
3636 SLOGD("Password is default - restarting filesystem");
3637 cryptfs_restart_internal(0);
3638 return 0;
3639 } else {
3640 SLOGE("Encrypted, default crypt type but can't decrypt");
3641 }
3642 }
3643
Paul Lawrence6bfed202014-07-28 12:47:22 -07003644 /** Corrupt. Allow us to boot into framework, which will detect bad
3645 crypto when it calls do_crypto_complete, then do a factory reset
Paul Lawrencef4faa572014-01-29 13:31:03 -08003646 */
Paul Lawrence6bfed202014-07-28 12:47:22 -07003647 property_set("vold.decrypt", "trigger_restart_min_framework");
Paul Lawrencef4faa572014-01-29 13:31:03 -08003648 return 0;
3649}
3650
3651/* Returns type of the password, default, pattern, pin or password.
3652 */
3653int cryptfs_get_password_type(void)
3654{
Paul Lawrence05335c32015-03-05 09:46:23 -08003655 if (e4crypt_crypto_complete(DATA_MNT_POINT) == 0) {
3656 return e4crypt_get_password_type(DATA_MNT_POINT);
3657 }
3658
Paul Lawrencef4faa572014-01-29 13:31:03 -08003659 struct crypt_mnt_ftr crypt_ftr;
3660
3661 if (get_crypt_ftr_and_key(&crypt_ftr)) {
3662 SLOGE("Error getting crypt footer and key\n");
3663 return -1;
3664 }
3665
Paul Lawrence6bfed202014-07-28 12:47:22 -07003666 if (crypt_ftr.flags & CRYPT_INCONSISTENT_STATE) {
3667 return -1;
3668 }
3669
Paul Lawrencef4faa572014-01-29 13:31:03 -08003670 return crypt_ftr.crypt_type;
3671}
Paul Lawrence684dbdf2014-02-07 12:07:22 -08003672
Paul Lawrence05335c32015-03-05 09:46:23 -08003673const char* cryptfs_get_password()
Paul Lawrence684dbdf2014-02-07 12:07:22 -08003674{
Paul Lawrence05335c32015-03-05 09:46:23 -08003675 if (e4crypt_crypto_complete(DATA_MNT_POINT) == 0) {
3676 return e4crypt_get_password(DATA_MNT_POINT);
3677 }
3678
Paul Lawrence399317e2014-03-10 13:20:50 -07003679 struct timespec now;
Paul Lawrenceef2b5be2014-11-11 12:47:03 -08003680 clock_gettime(CLOCK_BOOTTIME, &now);
Paul Lawrence399317e2014-03-10 13:20:50 -07003681 if (now.tv_sec < password_expiry_time) {
3682 return password;
3683 } else {
3684 cryptfs_clear_password();
3685 return 0;
3686 }
3687}
3688
3689void cryptfs_clear_password()
3690{
Paul Lawrence86c942a2015-05-06 13:53:43 -07003691 if (e4crypt_crypto_complete(DATA_MNT_POINT) == 0) {
3692 e4crypt_clear_password(DATA_MNT_POINT);
3693 }
3694
Paul Lawrence399317e2014-03-10 13:20:50 -07003695 if (password) {
3696 size_t len = strlen(password);
3697 memset(password, 0, len);
3698 free(password);
3699 password = 0;
3700 password_expiry_time = 0;
3701 }
Paul Lawrence684dbdf2014-02-07 12:07:22 -08003702}
Paul Lawrence731a7a22015-04-28 22:14:15 +00003703
3704int cryptfs_enable_file()
3705{
3706 return e4crypt_enable(DATA_MNT_POINT);
3707}
3708
3709int cryptfs_create_default_ftr(struct crypt_mnt_ftr* crypt_ftr, __attribute__((unused))int key_length)
3710{
3711 if (cryptfs_init_crypt_mnt_ftr(crypt_ftr)) {
3712 SLOGE("Failed to initialize crypt_ftr");
3713 return -1;
3714 }
3715
3716 if (create_encrypted_random_key(DEFAULT_PASSWORD, crypt_ftr->master_key,
3717 crypt_ftr->salt, crypt_ftr)) {
3718 SLOGE("Cannot create encrypted master key\n");
3719 return -1;
3720 }
3721
3722 //crypt_ftr->keysize = key_length / 8;
3723 return 0;
3724}
3725
3726int cryptfs_get_master_key(struct crypt_mnt_ftr* ftr, const char* password,
3727 unsigned char* master_key)
3728{
3729 int rc;
3730
Paul Lawrence731a7a22015-04-28 22:14:15 +00003731 unsigned char* intermediate_key = 0;
3732 size_t intermediate_key_size = 0;
Paul Lawrencec78c71b2015-04-14 15:26:29 -07003733
3734 if (password == 0 || *password == 0) {
3735 password = DEFAULT_PASSWORD;
3736 }
3737
Paul Lawrence731a7a22015-04-28 22:14:15 +00003738 rc = decrypt_master_key(password, master_key, ftr, &intermediate_key,
3739 &intermediate_key_size);
3740
Paul Lawrencec78c71b2015-04-14 15:26:29 -07003741 int N = 1 << ftr->N_factor;
3742 int r = 1 << ftr->r_factor;
3743 int p = 1 << ftr->p_factor;
3744
3745 unsigned char scrypted_intermediate_key[sizeof(ftr->scrypted_intermediate_key)];
3746
3747 rc = crypto_scrypt(intermediate_key, intermediate_key_size,
3748 ftr->salt, sizeof(ftr->salt), N, r, p,
3749 scrypted_intermediate_key,
3750 sizeof(scrypted_intermediate_key));
3751
3752 free(intermediate_key);
3753
3754 if (rc) {
3755 SLOGE("Can't calculate intermediate key");
3756 return rc;
3757 }
3758
3759 return memcmp(scrypted_intermediate_key, ftr->scrypted_intermediate_key,
3760 intermediate_key_size);
Paul Lawrence731a7a22015-04-28 22:14:15 +00003761}
3762
3763int cryptfs_set_password(struct crypt_mnt_ftr* ftr, const char* password,
3764 const unsigned char* master_key)
3765{
3766 return encrypt_master_key(password, ftr->salt, master_key, ftr->master_key,
3767 ftr);
3768}