blob: 10efb90c330091e19af02e26f6397487f40a0ef1 [file] [log] [blame]
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001/*
2 * Copyright (C) 2010 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17/* TO DO:
18 * 1. Perhaps keep several copies of the encrypted key, in case something
19 * goes horribly wrong?
20 *
21 */
22
23#include <sys/types.h>
Ken Sumralle550f782013-08-20 13:48:23 -070024#include <sys/wait.h>
Ken Sumrall8f869aa2010-12-03 03:47:09 -080025#include <sys/stat.h>
Paul Lawrencef4faa572014-01-29 13:31:03 -080026#include <ctype.h>
Ken Sumrall8f869aa2010-12-03 03:47:09 -080027#include <fcntl.h>
Elliott Hughes73737162014-06-25 17:27:42 -070028#include <inttypes.h>
Ken Sumrall8f869aa2010-12-03 03:47:09 -080029#include <unistd.h>
30#include <stdio.h>
31#include <sys/ioctl.h>
32#include <linux/dm-ioctl.h>
33#include <libgen.h>
34#include <stdlib.h>
35#include <sys/param.h>
36#include <string.h>
37#include <sys/mount.h>
38#include <openssl/evp.h>
Adam Langley41405bb2015-01-22 16:45:28 -080039#include <openssl/sha.h>
Ken Sumrall8f869aa2010-12-03 03:47:09 -080040#include <errno.h>
Ken Sumrall3ed82362011-01-28 23:31:16 -080041#include <ext4.h>
Ken Sumrall29d8da82011-05-18 17:20:07 -070042#include <linux/kdev_t.h>
Ken Sumralle5032c42012-04-01 23:58:44 -070043#include <fs_mgr.h>
Paul Lawrence9c58a872014-09-30 09:12:51 -070044#include <time.h>
Rubin Xu85c01f92014-10-13 12:49:54 +010045#include <math.h>
Jeff Vander Stoepdf725752016-01-29 15:34:43 -080046#include <selinux/selinux.h>
Ken Sumrall8f869aa2010-12-03 03:47:09 -080047#include "cryptfs.h"
Jeff Vander Stoepdf725752016-01-29 15:34:43 -080048#include "secontext.h"
Ken Sumrall8f869aa2010-12-03 03:47:09 -080049#define LOG_TAG "Cryptfs"
50#include "cutils/log.h"
51#include "cutils/properties.h"
Ken Sumralladfba362013-06-04 16:37:52 -070052#include "cutils/android_reboot.h"
Ken Sumrall5d4c68e2011-01-30 19:06:03 -080053#include "hardware_legacy/power.h"
Ken Sumralle550f782013-08-20 13:48:23 -070054#include <logwrap/logwrap.h>
Paul Crowley63c18d32016-02-10 14:02:47 +000055#include "ScryptParameters.h"
Ken Sumrall29d8da82011-05-18 17:20:07 -070056#include "VolumeManager.h"
Ken Sumrall9caab762013-06-11 19:10:20 -070057#include "VoldUtil.h"
Kenny Rootc4c70f12013-06-14 12:11:38 -070058#include "crypto_scrypt.h"
Paul Lawrence731a7a22015-04-28 22:14:15 +000059#include "Ext4Crypt.h"
Paul Lawrenceae59fe62014-01-21 08:23:27 -080060#include "ext4_utils.h"
Daniel Rosenberge82df162014-08-15 22:19:23 +000061#include "f2fs_sparseblock.h"
Paul Lawrence87999172014-02-20 12:21:31 -080062#include "CheckBattery.h"
jessica_yu3f14fe42014-09-22 15:57:40 +080063#include "Process.h"
Ken Sumrall8f869aa2010-12-03 03:47:09 -080064
Yabin Cuiffa2e092016-04-06 17:21:38 -070065#include <bootloader_message_writer.h>
Shawn Willden8af33352015-02-24 09:51:34 -070066#include <hardware/keymaster0.h>
Shawn Willdenda6e8992015-06-03 09:40:45 -060067#include <hardware/keymaster1.h>
Paul Lawrence69f4ebd2014-04-14 12:17:14 -070068
Mark Salyzyn3e971272014-01-21 13:27:04 -080069#define UNUSED __attribute__((unused))
70
Mark Salyzyn5eecc442014-02-12 14:16:14 -080071#define UNUSED __attribute__((unused))
72
Ajay Dudani87701e22014-09-17 21:02:52 -070073#ifdef CONFIG_HW_DISK_ENCRYPTION
74#include "cryptfs_hw.h"
75#endif
76
Ken Sumrall8f869aa2010-12-03 03:47:09 -080077#define DM_CRYPT_BUF_SIZE 4096
78
Jason parks70a4b3f2011-01-28 10:10:47 -060079#define HASH_COUNT 2000
80#define KEY_LEN_BYTES 16
81#define IV_LEN_BYTES 16
82
Ken Sumrall29d8da82011-05-18 17:20:07 -070083#define KEY_IN_FOOTER "footer"
84
Paul Lawrence3bd36d52015-06-09 13:37:44 -070085#define DEFAULT_PASSWORD "default_password"
Paul Lawrencef4faa572014-01-29 13:31:03 -080086
Paul Lawrence3d99eba2015-11-20 07:07:19 -080087#define CRYPTO_BLOCK_DEVICE "userdata"
88
89#define BREADCRUMB_FILE "/data/misc/vold/convert_fde"
90
Ken Sumrall29d8da82011-05-18 17:20:07 -070091#define EXT4_FS 1
JP Abgrall62c7af32014-06-16 13:01:23 -070092#define F2FS_FS 2
Ken Sumrall29d8da82011-05-18 17:20:07 -070093
Ken Sumralle919efe2012-09-29 17:07:41 -070094#define TABLE_LOAD_RETRIES 10
95
Shawn Willden47ba10d2014-09-03 17:07:06 -060096#define RSA_KEY_SIZE 2048
97#define RSA_KEY_SIZE_BYTES (RSA_KEY_SIZE / 8)
98#define RSA_EXPONENT 0x10001
Shawn Willdenda6e8992015-06-03 09:40:45 -060099#define KEYMASTER_CRYPTFS_RATE_LIMIT 1 // Maximum one try per second
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700100
Paul Lawrence8e3f4512014-09-08 10:11:17 -0700101#define RETRY_MOUNT_ATTEMPTS 10
102#define RETRY_MOUNT_DELAY_SECONDS 1
103
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800104char *me = "cryptfs";
105
Jason parks70a4b3f2011-01-28 10:10:47 -0600106static unsigned char saved_master_key[KEY_LEN_BYTES];
Ken Sumrall3ad90722011-10-04 20:38:29 -0700107static char *saved_mount_point;
Jason parks70a4b3f2011-01-28 10:10:47 -0600108static int master_key_saved = 0;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700109static struct crypt_persist_data *persist_data = NULL;
Ken Sumrall56ad03c2013-02-13 13:00:19 -0800110
Shawn Willdenda6e8992015-06-03 09:40:45 -0600111static int keymaster_init(keymaster0_device_t **keymaster0_dev,
112 keymaster1_device_t **keymaster1_dev)
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700113{
114 int rc;
115
116 const hw_module_t* mod;
117 rc = hw_get_module_by_class(KEYSTORE_HARDWARE_MODULE_ID, NULL, &mod);
118 if (rc) {
119 ALOGE("could not find any keystore module");
Shawn Willdenda6e8992015-06-03 09:40:45 -0600120 goto err;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700121 }
122
Shawn Willdenda6e8992015-06-03 09:40:45 -0600123 SLOGI("keymaster module name is %s", mod->name);
124 SLOGI("keymaster version is %d", mod->module_api_version);
125
126 *keymaster0_dev = NULL;
127 *keymaster1_dev = NULL;
128 if (mod->module_api_version == KEYMASTER_MODULE_API_VERSION_1_0) {
129 SLOGI("Found keymaster1 module, using keymaster1 API.");
130 rc = keymaster1_open(mod, keymaster1_dev);
131 } else {
132 SLOGI("Found keymaster0 module, using keymaster0 API.");
133 rc = keymaster0_open(mod, keymaster0_dev);
134 }
135
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700136 if (rc) {
137 ALOGE("could not open keymaster device in %s (%s)",
Shawn Willdenda6e8992015-06-03 09:40:45 -0600138 KEYSTORE_HARDWARE_MODULE_ID, strerror(-rc));
139 goto err;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700140 }
141
142 return 0;
143
Shawn Willdenda6e8992015-06-03 09:40:45 -0600144err:
145 *keymaster0_dev = NULL;
146 *keymaster1_dev = NULL;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700147 return rc;
148}
149
150/* Should we use keymaster? */
151static int keymaster_check_compatibility()
152{
Shawn Willdenda6e8992015-06-03 09:40:45 -0600153 keymaster0_device_t *keymaster0_dev = 0;
154 keymaster1_device_t *keymaster1_dev = 0;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700155 int rc = 0;
156
Shawn Willdenda6e8992015-06-03 09:40:45 -0600157 if (keymaster_init(&keymaster0_dev, &keymaster1_dev)) {
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700158 SLOGE("Failed to init keymaster");
159 rc = -1;
160 goto out;
161 }
162
Shawn Willdenda6e8992015-06-03 09:40:45 -0600163 if (keymaster1_dev) {
164 rc = 1;
165 goto out;
166 }
Paul Lawrence8c008392014-05-06 14:02:48 -0700167
Paul Lawrence300dae72016-03-11 11:02:52 -0800168 if (!keymaster0_dev || !keymaster0_dev->common.module) {
169 rc = -1;
170 goto out;
171 }
172
Shawn Willdenda6e8992015-06-03 09:40:45 -0600173 // TODO(swillden): Check to see if there's any reason to require v0.3. I think v0.1 and v0.2
174 // should work.
175 if (keymaster0_dev->common.module->module_api_version
Paul Lawrence8c008392014-05-06 14:02:48 -0700176 < KEYMASTER_MODULE_API_VERSION_0_3) {
177 rc = 0;
178 goto out;
179 }
180
Shawn Willdenda6e8992015-06-03 09:40:45 -0600181 if (!(keymaster0_dev->flags & KEYMASTER_SOFTWARE_ONLY) &&
182 (keymaster0_dev->flags & KEYMASTER_BLOBS_ARE_STANDALONE)) {
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700183 rc = 1;
184 }
185
186out:
Shawn Willdenda6e8992015-06-03 09:40:45 -0600187 if (keymaster1_dev) {
188 keymaster1_close(keymaster1_dev);
189 }
190 if (keymaster0_dev) {
191 keymaster0_close(keymaster0_dev);
192 }
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700193 return rc;
194}
195
196/* Create a new keymaster key and store it in this footer */
197static int keymaster_create_key(struct crypt_mnt_ftr *ftr)
198{
199 uint8_t* key = 0;
Shawn Willdenda6e8992015-06-03 09:40:45 -0600200 keymaster0_device_t *keymaster0_dev = 0;
201 keymaster1_device_t *keymaster1_dev = 0;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700202
Paul Lawrence3d99eba2015-11-20 07:07:19 -0800203 if (ftr->keymaster_blob_size) {
204 SLOGI("Already have key");
205 return 0;
206 }
207
Shawn Willdenda6e8992015-06-03 09:40:45 -0600208 if (keymaster_init(&keymaster0_dev, &keymaster1_dev)) {
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700209 SLOGE("Failed to init keymaster");
210 return -1;
211 }
212
213 int rc = 0;
Shawn Willdenda6e8992015-06-03 09:40:45 -0600214 size_t key_size = 0;
215 if (keymaster1_dev) {
216 keymaster_key_param_t params[] = {
217 /* Algorithm & size specifications. Stick with RSA for now. Switch to AES later. */
218 keymaster_param_enum(KM_TAG_ALGORITHM, KM_ALGORITHM_RSA),
219 keymaster_param_int(KM_TAG_KEY_SIZE, RSA_KEY_SIZE),
220 keymaster_param_long(KM_TAG_RSA_PUBLIC_EXPONENT, RSA_EXPONENT),
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700221
Shawn Willden86af3552015-06-24 07:21:54 -0700222 /* The only allowed purpose for this key is signing. */
223 keymaster_param_enum(KM_TAG_PURPOSE, KM_PURPOSE_SIGN),
224
225 /* Padding & digest specifications. */
Shawn Willdenda6e8992015-06-03 09:40:45 -0600226 keymaster_param_enum(KM_TAG_PADDING, KM_PAD_NONE),
Shawn Willdenda6e8992015-06-03 09:40:45 -0600227 keymaster_param_enum(KM_TAG_DIGEST, KM_DIGEST_NONE),
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700228
Shawn Willdenda6e8992015-06-03 09:40:45 -0600229 /* Require that the key be usable in standalone mode. File system isn't available. */
230 keymaster_param_enum(KM_TAG_BLOB_USAGE_REQUIREMENTS, KM_BLOB_STANDALONE),
231
232 /* No auth requirements, because cryptfs is not yet integrated with gatekeeper. */
233 keymaster_param_bool(KM_TAG_NO_AUTH_REQUIRED),
234
Shawn Willdenda6e8992015-06-03 09:40:45 -0600235 /* Rate-limit key usage attempts, to rate-limit brute force */
236 keymaster_param_int(KM_TAG_MIN_SECONDS_BETWEEN_OPS, KEYMASTER_CRYPTFS_RATE_LIMIT),
237 };
238 keymaster_key_param_set_t param_set = { params, sizeof(params)/sizeof(*params) };
239 keymaster_key_blob_t key_blob;
240 keymaster_error_t error = keymaster1_dev->generate_key(keymaster1_dev, &param_set,
241 &key_blob,
242 NULL /* characteristics */);
243 if (error != KM_ERROR_OK) {
244 SLOGE("Failed to generate keymaster1 key, error %d", error);
245 rc = -1;
246 goto out;
247 }
248
249 key = (uint8_t*)key_blob.key_material;
250 key_size = key_blob.key_material_size;
251 }
252 else if (keymaster0_dev) {
253 keymaster_rsa_keygen_params_t params;
254 memset(&params, '\0', sizeof(params));
255 params.public_exponent = RSA_EXPONENT;
256 params.modulus_size = RSA_KEY_SIZE;
257
258 if (keymaster0_dev->generate_keypair(keymaster0_dev, TYPE_RSA, &params,
259 &key, &key_size)) {
260 SLOGE("Failed to generate keypair");
261 rc = -1;
262 goto out;
263 }
264 } else {
265 SLOGE("Cryptfs bug: keymaster_init succeeded but didn't initialize a device");
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700266 rc = -1;
267 goto out;
268 }
269
270 if (key_size > KEYMASTER_BLOB_SIZE) {
271 SLOGE("Keymaster key too large for crypto footer");
272 rc = -1;
273 goto out;
274 }
275
276 memcpy(ftr->keymaster_blob, key, key_size);
277 ftr->keymaster_blob_size = key_size;
278
279out:
Shawn Willdenda6e8992015-06-03 09:40:45 -0600280 if (keymaster0_dev)
281 keymaster0_close(keymaster0_dev);
282 if (keymaster1_dev)
283 keymaster1_close(keymaster1_dev);
Paul Lawrence69f4ebd2014-04-14 12:17:14 -0700284 free(key);
285 return rc;
286}
287
Shawn Willdene17a9c42014-09-08 13:04:08 -0600288/* This signs the given object using the keymaster key. */
289static int keymaster_sign_object(struct crypt_mnt_ftr *ftr,
Shawn Willden47ba10d2014-09-03 17:07:06 -0600290 const unsigned char *object,
291 const size_t object_size,
292 unsigned char **signature,
293 size_t *signature_size)
294{
295 int rc = 0;
Shawn Willdenda6e8992015-06-03 09:40:45 -0600296 keymaster0_device_t *keymaster0_dev = 0;
297 keymaster1_device_t *keymaster1_dev = 0;
298 if (keymaster_init(&keymaster0_dev, &keymaster1_dev)) {
Shawn Willden47ba10d2014-09-03 17:07:06 -0600299 SLOGE("Failed to init keymaster");
Shawn Willdenda6e8992015-06-03 09:40:45 -0600300 rc = -1;
301 goto out;
Shawn Willden47ba10d2014-09-03 17:07:06 -0600302 }
303
Shawn Willden47ba10d2014-09-03 17:07:06 -0600304 unsigned char to_sign[RSA_KEY_SIZE_BYTES];
Shawn Willdene17a9c42014-09-08 13:04:08 -0600305 size_t to_sign_size = sizeof(to_sign);
Shawn Willden47ba10d2014-09-03 17:07:06 -0600306 memset(to_sign, 0, RSA_KEY_SIZE_BYTES);
Shawn Willden47ba10d2014-09-03 17:07:06 -0600307
Shawn Willdene17a9c42014-09-08 13:04:08 -0600308 // To sign a message with RSA, the message must satisfy two
309 // constraints:
310 //
311 // 1. The message, when interpreted as a big-endian numeric value, must
312 // be strictly less than the public modulus of the RSA key. Note
313 // that because the most significant bit of the public modulus is
314 // guaranteed to be 1 (else it's an (n-1)-bit key, not an n-bit
315 // key), an n-bit message with most significant bit 0 always
316 // satisfies this requirement.
317 //
318 // 2. The message must have the same length in bits as the public
319 // modulus of the RSA key. This requirement isn't mathematically
320 // necessary, but is necessary to ensure consistency in
321 // implementations.
322 switch (ftr->kdf_type) {
Shawn Willdene17a9c42014-09-08 13:04:08 -0600323 case KDF_SCRYPT_KEYMASTER:
324 // This ensures the most significant byte of the signed message
325 // is zero. We could have zero-padded to the left instead, but
326 // this approach is slightly more robust against changes in
327 // object size. However, it's still broken (but not unusably
Shawn Willdenda6e8992015-06-03 09:40:45 -0600328 // so) because we really should be using a proper deterministic
329 // RSA padding function, such as PKCS1.
Shawn Willdene17a9c42014-09-08 13:04:08 -0600330 memcpy(to_sign + 1, object, min(RSA_KEY_SIZE_BYTES - 1, object_size));
331 SLOGI("Signing safely-padded object");
332 break;
333 default:
334 SLOGE("Unknown KDF type %d", ftr->kdf_type);
Shawn Willdenda6e8992015-06-03 09:40:45 -0600335 rc = -1;
336 goto out;
Shawn Willdene17a9c42014-09-08 13:04:08 -0600337 }
338
Shawn Willdenda6e8992015-06-03 09:40:45 -0600339 if (keymaster0_dev) {
340 keymaster_rsa_sign_params_t params;
341 params.digest_type = DIGEST_NONE;
342 params.padding_type = PADDING_NONE;
Shawn Willden47ba10d2014-09-03 17:07:06 -0600343
Shawn Willdenda6e8992015-06-03 09:40:45 -0600344 rc = keymaster0_dev->sign_data(keymaster0_dev,
345 &params,
346 ftr->keymaster_blob,
347 ftr->keymaster_blob_size,
348 to_sign,
349 to_sign_size,
350 signature,
351 signature_size);
352 goto out;
353 } else if (keymaster1_dev) {
354 keymaster_key_blob_t key = { ftr->keymaster_blob, ftr->keymaster_blob_size };
355 keymaster_key_param_t params[] = {
356 keymaster_param_enum(KM_TAG_PADDING, KM_PAD_NONE),
357 keymaster_param_enum(KM_TAG_DIGEST, KM_DIGEST_NONE),
358 };
359 keymaster_key_param_set_t param_set = { params, sizeof(params)/sizeof(*params) };
360 keymaster_operation_handle_t op_handle;
361 keymaster_error_t error = keymaster1_dev->begin(keymaster1_dev, KM_PURPOSE_SIGN, &key,
362 &param_set, NULL /* out_params */,
363 &op_handle);
Shawn Willden04170602015-06-18 12:26:59 -0600364 if (error == KM_ERROR_KEY_RATE_LIMIT_EXCEEDED) {
Shawn Willdenda6e8992015-06-03 09:40:45 -0600365 // Key usage has been rate-limited. Wait a bit and try again.
366 sleep(KEYMASTER_CRYPTFS_RATE_LIMIT);
367 error = keymaster1_dev->begin(keymaster1_dev, KM_PURPOSE_SIGN, &key,
368 &param_set, NULL /* out_params */,
369 &op_handle);
370 }
371 if (error != KM_ERROR_OK) {
372 SLOGE("Error starting keymaster signature transaction: %d", error);
373 rc = -1;
374 goto out;
375 }
376
377 keymaster_blob_t input = { to_sign, to_sign_size };
378 size_t input_consumed;
379 error = keymaster1_dev->update(keymaster1_dev, op_handle, NULL /* in_params */,
380 &input, &input_consumed, NULL /* out_params */,
381 NULL /* output */);
382 if (error != KM_ERROR_OK) {
383 SLOGE("Error sending data to keymaster signature transaction: %d", error);
384 rc = -1;
385 goto out;
386 }
387 if (input_consumed != to_sign_size) {
388 // This should never happen. If it does, it's a bug in the keymaster implementation.
389 SLOGE("Keymaster update() did not consume all data.");
390 keymaster1_dev->abort(keymaster1_dev, op_handle);
391 rc = -1;
392 goto out;
393 }
394
395 keymaster_blob_t tmp_sig;
396 error = keymaster1_dev->finish(keymaster1_dev, op_handle, NULL /* in_params */,
397 NULL /* verify signature */, NULL /* out_params */,
398 &tmp_sig);
399 if (error != KM_ERROR_OK) {
400 SLOGE("Error finishing keymaster signature transaction: %d", error);
401 rc = -1;
402 goto out;
403 }
404
405 *signature = (uint8_t*)tmp_sig.data;
406 *signature_size = tmp_sig.data_length;
407 } else {
408 SLOGE("Cryptfs bug: keymaster_init succeded but didn't initialize a device.");
409 rc = -1;
410 goto out;
411 }
412
413 out:
414 if (keymaster1_dev)
415 keymaster1_close(keymaster1_dev);
416 if (keymaster0_dev)
417 keymaster0_close(keymaster0_dev);
418
419 return rc;
Shawn Willden47ba10d2014-09-03 17:07:06 -0600420}
421
Paul Lawrence399317e2014-03-10 13:20:50 -0700422/* Store password when userdata is successfully decrypted and mounted.
423 * Cleared by cryptfs_clear_password
424 *
425 * To avoid a double prompt at boot, we need to store the CryptKeeper
426 * password and pass it to KeyGuard, which uses it to unlock KeyStore.
427 * Since the entire framework is torn down and rebuilt after encryption,
428 * we have to use a daemon or similar to store the password. Since vold
429 * is secured against IPC except from system processes, it seems a reasonable
430 * place to store this.
431 *
432 * password should be cleared once it has been used.
433 *
434 * password is aged out after password_max_age_seconds seconds.
Paul Lawrence684dbdf2014-02-07 12:07:22 -0800435 */
Paul Lawrence399317e2014-03-10 13:20:50 -0700436static char* password = 0;
437static int password_expiry_time = 0;
438static const int password_max_age_seconds = 60;
Paul Lawrence684dbdf2014-02-07 12:07:22 -0800439
Ken Sumrall56ad03c2013-02-13 13:00:19 -0800440extern struct fstab *fstab;
Ken Sumrall8ddbe402011-01-17 15:26:29 -0800441
Paul Lawrence87999172014-02-20 12:21:31 -0800442enum RebootType {reboot, recovery, shutdown};
443static void cryptfs_reboot(enum RebootType rt)
Ken Sumralladfba362013-06-04 16:37:52 -0700444{
Paul Lawrence87999172014-02-20 12:21:31 -0800445 switch(rt) {
446 case reboot:
447 property_set(ANDROID_RB_PROPERTY, "reboot");
448 break;
449
450 case recovery:
451 property_set(ANDROID_RB_PROPERTY, "reboot,recovery");
452 break;
453
454 case shutdown:
455 property_set(ANDROID_RB_PROPERTY, "shutdown");
456 break;
Ken Sumralladfba362013-06-04 16:37:52 -0700457 }
Paul Lawrence87999172014-02-20 12:21:31 -0800458
Ken Sumralladfba362013-06-04 16:37:52 -0700459 sleep(20);
460
461 /* Shouldn't get here, reboot should happen before sleep times out */
462 return;
463}
464
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800465static void ioctl_init(struct dm_ioctl *io, size_t dataSize, const char *name, unsigned flags)
466{
467 memset(io, 0, dataSize);
468 io->data_size = dataSize;
469 io->data_start = sizeof(struct dm_ioctl);
470 io->version[0] = 4;
471 io->version[1] = 0;
472 io->version[2] = 0;
473 io->flags = flags;
474 if (name) {
Marek Pola5e6b9142015-02-05 14:22:34 +0100475 strlcpy(io->name, name, sizeof(io->name));
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800476 }
477}
478
Kenny Rootc4c70f12013-06-14 12:11:38 -0700479/**
480 * Gets the default device scrypt parameters for key derivation time tuning.
481 * The parameters should lead to about one second derivation time for the
482 * given device.
483 */
484static void get_device_scrypt_params(struct crypt_mnt_ftr *ftr) {
Kenny Rootc4c70f12013-06-14 12:11:38 -0700485 char paramstr[PROPERTY_VALUE_MAX];
Paul Crowley63c18d32016-02-10 14:02:47 +0000486 int Nf, rf, pf;
Kenny Rootc4c70f12013-06-14 12:11:38 -0700487
Paul Crowley63c18d32016-02-10 14:02:47 +0000488 property_get(SCRYPT_PROP, paramstr, SCRYPT_DEFAULTS);
489 if (!parse_scrypt_parameters(paramstr, &Nf, &rf, &pf)) {
490 SLOGW("bad scrypt parameters '%s' should be like '12:8:1'; using defaults", paramstr);
491 parse_scrypt_parameters(SCRYPT_DEFAULTS, &Nf, &rf, &pf);
Kenny Rootc4c70f12013-06-14 12:11:38 -0700492 }
Paul Crowley63c18d32016-02-10 14:02:47 +0000493 ftr->N_factor = Nf;
494 ftr->r_factor = rf;
495 ftr->p_factor = pf;
Kenny Rootc4c70f12013-06-14 12:11:38 -0700496}
497
Ken Sumrall3ed82362011-01-28 23:31:16 -0800498static unsigned int get_fs_size(char *dev)
499{
500 int fd, block_size;
501 struct ext4_super_block sb;
502 off64_t len;
503
Jeff Sharkeyce6a9132015-04-08 21:07:21 -0700504 if ((fd = open(dev, O_RDONLY|O_CLOEXEC)) < 0) {
Ken Sumrall3ed82362011-01-28 23:31:16 -0800505 SLOGE("Cannot open device to get filesystem size ");
506 return 0;
507 }
508
509 if (lseek64(fd, 1024, SEEK_SET) < 0) {
510 SLOGE("Cannot seek to superblock");
511 return 0;
512 }
513
514 if (read(fd, &sb, sizeof(sb)) != sizeof(sb)) {
515 SLOGE("Cannot read superblock");
516 return 0;
517 }
518
519 close(fd);
520
Daniel Rosenberge82df162014-08-15 22:19:23 +0000521 if (le32_to_cpu(sb.s_magic) != EXT4_SUPER_MAGIC) {
522 SLOGE("Not a valid ext4 superblock");
523 return 0;
524 }
Ken Sumrall3ed82362011-01-28 23:31:16 -0800525 block_size = 1024 << sb.s_log_block_size;
526 /* compute length in bytes */
527 len = ( ((off64_t)sb.s_blocks_count_hi << 32) + sb.s_blocks_count_lo) * block_size;
528
529 /* return length in sectors */
530 return (unsigned int) (len / 512);
531}
532
Ken Sumrall160b4d62013-04-22 12:15:39 -0700533static int get_crypt_ftr_info(char **metadata_fname, off64_t *off)
534{
535 static int cached_data = 0;
536 static off64_t cached_off = 0;
537 static char cached_metadata_fname[PROPERTY_VALUE_MAX] = "";
538 int fd;
539 char key_loc[PROPERTY_VALUE_MAX];
540 char real_blkdev[PROPERTY_VALUE_MAX];
Ken Sumrall160b4d62013-04-22 12:15:39 -0700541 int rc = -1;
542
543 if (!cached_data) {
544 fs_mgr_get_crypt_info(fstab, key_loc, real_blkdev, sizeof(key_loc));
545
546 if (!strcmp(key_loc, KEY_IN_FOOTER)) {
Jeff Sharkeyce6a9132015-04-08 21:07:21 -0700547 if ( (fd = open(real_blkdev, O_RDWR|O_CLOEXEC)) < 0) {
Ken Sumrall160b4d62013-04-22 12:15:39 -0700548 SLOGE("Cannot open real block device %s\n", real_blkdev);
549 return -1;
550 }
551
Hiroaki Miyazawa14eab552015-02-04 13:29:15 +0900552 unsigned long nr_sec = 0;
553 get_blkdev_size(fd, &nr_sec);
554 if (nr_sec != 0) {
Ken Sumrall160b4d62013-04-22 12:15:39 -0700555 /* If it's an encrypted Android partition, the last 16 Kbytes contain the
556 * encryption info footer and key, and plenty of bytes to spare for future
557 * growth.
558 */
559 strlcpy(cached_metadata_fname, real_blkdev, sizeof(cached_metadata_fname));
560 cached_off = ((off64_t)nr_sec * 512) - CRYPT_FOOTER_OFFSET;
561 cached_data = 1;
562 } else {
563 SLOGE("Cannot get size of block device %s\n", real_blkdev);
564 }
565 close(fd);
566 } else {
567 strlcpy(cached_metadata_fname, key_loc, sizeof(cached_metadata_fname));
568 cached_off = 0;
569 cached_data = 1;
570 }
571 }
572
573 if (cached_data) {
574 if (metadata_fname) {
575 *metadata_fname = cached_metadata_fname;
576 }
577 if (off) {
578 *off = cached_off;
579 }
580 rc = 0;
581 }
582
583 return rc;
584}
585
Paul Lawrence3d99eba2015-11-20 07:07:19 -0800586/* Set sha256 checksum in structure */
587static void set_ftr_sha(struct crypt_mnt_ftr *crypt_ftr)
588{
589 SHA256_CTX c;
590 SHA256_Init(&c);
591 memset(crypt_ftr->sha256, 0, sizeof(crypt_ftr->sha256));
592 SHA256_Update(&c, crypt_ftr, sizeof(*crypt_ftr));
593 SHA256_Final(crypt_ftr->sha256, &c);
594}
595
Ken Sumralle8744072011-01-18 22:01:55 -0800596/* key or salt can be NULL, in which case just skip writing that value. Useful to
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800597 * update the failed mount count but not change the key.
598 */
Ken Sumrall160b4d62013-04-22 12:15:39 -0700599static int put_crypt_ftr_and_key(struct crypt_mnt_ftr *crypt_ftr)
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800600{
601 int fd;
Tim Murray8439dc92014-12-15 11:56:11 -0800602 unsigned int cnt;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700603 /* starting_off is set to the SEEK_SET offset
604 * where the crypto structure starts
605 */
606 off64_t starting_off;
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800607 int rc = -1;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700608 char *fname = NULL;
Ken Sumrall3be890f2011-09-14 16:53:46 -0700609 struct stat statbuf;
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800610
Paul Lawrence3d99eba2015-11-20 07:07:19 -0800611 set_ftr_sha(crypt_ftr);
612
Ken Sumrall160b4d62013-04-22 12:15:39 -0700613 if (get_crypt_ftr_info(&fname, &starting_off)) {
614 SLOGE("Unable to get crypt_ftr_info\n");
615 return -1;
616 }
617 if (fname[0] != '/') {
Ken Sumralle5032c42012-04-01 23:58:44 -0700618 SLOGE("Unexpected value for crypto key location\n");
Ken Sumrall160b4d62013-04-22 12:15:39 -0700619 return -1;
620 }
Jeff Sharkeyce6a9132015-04-08 21:07:21 -0700621 if ( (fd = open(fname, O_RDWR | O_CREAT|O_CLOEXEC, 0600)) < 0) {
Ken Sumralle550f782013-08-20 13:48:23 -0700622 SLOGE("Cannot open footer file %s for put\n", fname);
Ken Sumrall160b4d62013-04-22 12:15:39 -0700623 return -1;
624 }
625
626 /* Seek to the start of the crypt footer */
627 if (lseek64(fd, starting_off, SEEK_SET) == -1) {
628 SLOGE("Cannot seek to real block device footer\n");
629 goto errout;
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800630 }
631
632 if ((cnt = write(fd, crypt_ftr, sizeof(struct crypt_mnt_ftr))) != sizeof(struct crypt_mnt_ftr)) {
633 SLOGE("Cannot write real block device footer\n");
634 goto errout;
635 }
636
Ken Sumrall3be890f2011-09-14 16:53:46 -0700637 fstat(fd, &statbuf);
638 /* If the keys are kept on a raw block device, do not try to truncate it. */
Ken Sumralle550f782013-08-20 13:48:23 -0700639 if (S_ISREG(statbuf.st_mode)) {
Ken Sumrall29d8da82011-05-18 17:20:07 -0700640 if (ftruncate(fd, 0x4000)) {
Colin Cross59846b62014-02-06 20:34:29 -0800641 SLOGE("Cannot set footer file size\n");
Ken Sumralle8744072011-01-18 22:01:55 -0800642 goto errout;
643 }
644 }
645
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800646 /* Success! */
647 rc = 0;
648
649errout:
650 close(fd);
651 return rc;
652
653}
654
Paul Lawrence3d99eba2015-11-20 07:07:19 -0800655static bool check_ftr_sha(const struct crypt_mnt_ftr *crypt_ftr)
656{
657 struct crypt_mnt_ftr copy;
658 memcpy(&copy, crypt_ftr, sizeof(copy));
659 set_ftr_sha(&copy);
660 return memcmp(copy.sha256, crypt_ftr->sha256, sizeof(copy.sha256)) == 0;
661}
662
Ken Sumrall160b4d62013-04-22 12:15:39 -0700663static inline int unix_read(int fd, void* buff, int len)
664{
665 return TEMP_FAILURE_RETRY(read(fd, buff, len));
666}
667
668static inline int unix_write(int fd, const void* buff, int len)
669{
670 return TEMP_FAILURE_RETRY(write(fd, buff, len));
671}
672
673static void init_empty_persist_data(struct crypt_persist_data *pdata, int len)
674{
675 memset(pdata, 0, len);
676 pdata->persist_magic = PERSIST_DATA_MAGIC;
677 pdata->persist_valid_entries = 0;
678}
679
680/* A routine to update the passed in crypt_ftr to the lastest version.
681 * fd is open read/write on the device that holds the crypto footer and persistent
682 * data, crypt_ftr is a pointer to the struct to be updated, and offset is the
683 * absolute offset to the start of the crypt_mnt_ftr on the passed in fd.
684 */
685static void upgrade_crypt_ftr(int fd, struct crypt_mnt_ftr *crypt_ftr, off64_t offset)
686{
Kenny Root7434b312013-06-14 11:29:53 -0700687 int orig_major = crypt_ftr->major_version;
688 int orig_minor = crypt_ftr->minor_version;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700689
Kenny Root7434b312013-06-14 11:29:53 -0700690 if ((crypt_ftr->major_version == 1) && (crypt_ftr->minor_version == 0)) {
691 struct crypt_persist_data *pdata;
692 off64_t pdata_offset = offset + CRYPT_FOOTER_TO_PERSIST_OFFSET;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700693
Kenny Rootc4c70f12013-06-14 12:11:38 -0700694 SLOGW("upgrading crypto footer to 1.1");
695
Kenny Root7434b312013-06-14 11:29:53 -0700696 pdata = malloc(CRYPT_PERSIST_DATA_SIZE);
697 if (pdata == NULL) {
698 SLOGE("Cannot allocate persisent data\n");
699 return;
700 }
701 memset(pdata, 0, CRYPT_PERSIST_DATA_SIZE);
702
703 /* Need to initialize the persistent data area */
704 if (lseek64(fd, pdata_offset, SEEK_SET) == -1) {
705 SLOGE("Cannot seek to persisent data offset\n");
Henrik Baard91064632015-02-05 15:09:17 +0100706 free(pdata);
Kenny Root7434b312013-06-14 11:29:53 -0700707 return;
708 }
709 /* Write all zeros to the first copy, making it invalid */
710 unix_write(fd, pdata, CRYPT_PERSIST_DATA_SIZE);
711
712 /* Write a valid but empty structure to the second copy */
713 init_empty_persist_data(pdata, CRYPT_PERSIST_DATA_SIZE);
714 unix_write(fd, pdata, CRYPT_PERSIST_DATA_SIZE);
715
716 /* Update the footer */
717 crypt_ftr->persist_data_size = CRYPT_PERSIST_DATA_SIZE;
718 crypt_ftr->persist_data_offset[0] = pdata_offset;
719 crypt_ftr->persist_data_offset[1] = pdata_offset + CRYPT_PERSIST_DATA_SIZE;
720 crypt_ftr->minor_version = 1;
Henrik Baard91064632015-02-05 15:09:17 +0100721 free(pdata);
Ken Sumrall160b4d62013-04-22 12:15:39 -0700722 }
723
Paul Lawrencef4faa572014-01-29 13:31:03 -0800724 if ((crypt_ftr->major_version == 1) && (crypt_ftr->minor_version == 1)) {
Kenny Rootc4c70f12013-06-14 12:11:38 -0700725 SLOGW("upgrading crypto footer to 1.2");
JP Abgrall7bdfa522013-11-15 13:42:56 -0800726 /* But keep the old kdf_type.
727 * It will get updated later to KDF_SCRYPT after the password has been verified.
728 */
Kenny Rootc4c70f12013-06-14 12:11:38 -0700729 crypt_ftr->kdf_type = KDF_PBKDF2;
730 get_device_scrypt_params(crypt_ftr);
731 crypt_ftr->minor_version = 2;
732 }
733
Paul Lawrencef4faa572014-01-29 13:31:03 -0800734 if ((crypt_ftr->major_version == 1) && (crypt_ftr->minor_version == 2)) {
735 SLOGW("upgrading crypto footer to 1.3");
736 crypt_ftr->crypt_type = CRYPT_TYPE_PASSWORD;
737 crypt_ftr->minor_version = 3;
738 }
739
Kenny Root7434b312013-06-14 11:29:53 -0700740 if ((orig_major != crypt_ftr->major_version) || (orig_minor != crypt_ftr->minor_version)) {
741 if (lseek64(fd, offset, SEEK_SET) == -1) {
742 SLOGE("Cannot seek to crypt footer\n");
743 return;
744 }
745 unix_write(fd, crypt_ftr, sizeof(struct crypt_mnt_ftr));
Ken Sumrall160b4d62013-04-22 12:15:39 -0700746 }
Ken Sumrall160b4d62013-04-22 12:15:39 -0700747}
748
749
750static int get_crypt_ftr_and_key(struct crypt_mnt_ftr *crypt_ftr)
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800751{
752 int fd;
Tim Murray8439dc92014-12-15 11:56:11 -0800753 unsigned int cnt;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700754 off64_t starting_off;
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800755 int rc = -1;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700756 char *fname = NULL;
Ken Sumrall29d8da82011-05-18 17:20:07 -0700757 struct stat statbuf;
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800758
Ken Sumrall160b4d62013-04-22 12:15:39 -0700759 if (get_crypt_ftr_info(&fname, &starting_off)) {
760 SLOGE("Unable to get crypt_ftr_info\n");
761 return -1;
762 }
763 if (fname[0] != '/') {
Ken Sumralle5032c42012-04-01 23:58:44 -0700764 SLOGE("Unexpected value for crypto key location\n");
Ken Sumrall160b4d62013-04-22 12:15:39 -0700765 return -1;
766 }
Jeff Sharkeyce6a9132015-04-08 21:07:21 -0700767 if ( (fd = open(fname, O_RDWR|O_CLOEXEC)) < 0) {
Ken Sumralle550f782013-08-20 13:48:23 -0700768 SLOGE("Cannot open footer file %s for get\n", fname);
Ken Sumrall160b4d62013-04-22 12:15:39 -0700769 return -1;
770 }
771
772 /* Make sure it's 16 Kbytes in length */
773 fstat(fd, &statbuf);
774 if (S_ISREG(statbuf.st_mode) && (statbuf.st_size != 0x4000)) {
775 SLOGE("footer file %s is not the expected size!\n", fname);
776 goto errout;
777 }
778
779 /* Seek to the start of the crypt footer */
780 if (lseek64(fd, starting_off, SEEK_SET) == -1) {
781 SLOGE("Cannot seek to real block device footer\n");
782 goto errout;
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800783 }
784
785 if ( (cnt = read(fd, crypt_ftr, sizeof(struct crypt_mnt_ftr))) != sizeof(struct crypt_mnt_ftr)) {
786 SLOGE("Cannot read real block device footer\n");
787 goto errout;
788 }
789
790 if (crypt_ftr->magic != CRYPT_MNT_MAGIC) {
Ken Sumrall29d8da82011-05-18 17:20:07 -0700791 SLOGE("Bad magic for real block device %s\n", fname);
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800792 goto errout;
793 }
794
Kenny Rootc96a5f82013-06-14 12:08:28 -0700795 if (crypt_ftr->major_version != CURRENT_MAJOR_VERSION) {
796 SLOGE("Cannot understand major version %d real block device footer; expected %d\n",
797 crypt_ftr->major_version, CURRENT_MAJOR_VERSION);
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800798 goto errout;
799 }
800
Kenny Rootc96a5f82013-06-14 12:08:28 -0700801 if (crypt_ftr->minor_version > CURRENT_MINOR_VERSION) {
802 SLOGW("Warning: crypto footer minor version %d, expected <= %d, continuing...\n",
803 crypt_ftr->minor_version, CURRENT_MINOR_VERSION);
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800804 }
805
Ken Sumrall160b4d62013-04-22 12:15:39 -0700806 /* If this is a verion 1.0 crypt_ftr, make it a 1.1 crypt footer, and update the
807 * copy on disk before returning.
808 */
Kenny Rootc96a5f82013-06-14 12:08:28 -0700809 if (crypt_ftr->minor_version < CURRENT_MINOR_VERSION) {
Ken Sumrall160b4d62013-04-22 12:15:39 -0700810 upgrade_crypt_ftr(fd, crypt_ftr, starting_off);
Ken Sumralle8744072011-01-18 22:01:55 -0800811 }
812
Ken Sumrall8f869aa2010-12-03 03:47:09 -0800813 /* Success! */
814 rc = 0;
815
816errout:
817 close(fd);
818 return rc;
819}
820
Ken Sumrall160b4d62013-04-22 12:15:39 -0700821static int validate_persistent_data_storage(struct crypt_mnt_ftr *crypt_ftr)
822{
823 if (crypt_ftr->persist_data_offset[0] + crypt_ftr->persist_data_size >
824 crypt_ftr->persist_data_offset[1]) {
825 SLOGE("Crypt_ftr persist data regions overlap");
826 return -1;
827 }
828
829 if (crypt_ftr->persist_data_offset[0] >= crypt_ftr->persist_data_offset[1]) {
830 SLOGE("Crypt_ftr persist data region 0 starts after region 1");
831 return -1;
832 }
833
834 if (((crypt_ftr->persist_data_offset[1] + crypt_ftr->persist_data_size) -
835 (crypt_ftr->persist_data_offset[0] - CRYPT_FOOTER_TO_PERSIST_OFFSET)) >
836 CRYPT_FOOTER_OFFSET) {
837 SLOGE("Persistent data extends past crypto footer");
838 return -1;
839 }
840
841 return 0;
842}
843
844static int load_persistent_data(void)
845{
846 struct crypt_mnt_ftr crypt_ftr;
847 struct crypt_persist_data *pdata = NULL;
848 char encrypted_state[PROPERTY_VALUE_MAX];
849 char *fname;
850 int found = 0;
851 int fd;
852 int ret;
853 int i;
854
855 if (persist_data) {
856 /* Nothing to do, we've already loaded or initialized it */
857 return 0;
858 }
859
860
861 /* If not encrypted, just allocate an empty table and initialize it */
862 property_get("ro.crypto.state", encrypted_state, "");
863 if (strcmp(encrypted_state, "encrypted") ) {
864 pdata = malloc(CRYPT_PERSIST_DATA_SIZE);
865 if (pdata) {
866 init_empty_persist_data(pdata, CRYPT_PERSIST_DATA_SIZE);
867 persist_data = pdata;
868 return 0;
869 }
870 return -1;
871 }
872
873 if(get_crypt_ftr_and_key(&crypt_ftr)) {
874 return -1;
875 }
876
Paul Lawrence8561b5c2014-03-17 14:10:51 -0700877 if ((crypt_ftr.major_version < 1)
878 || (crypt_ftr.major_version == 1 && crypt_ftr.minor_version < 1)) {
Ken Sumrall160b4d62013-04-22 12:15:39 -0700879 SLOGE("Crypt_ftr version doesn't support persistent data");
880 return -1;
881 }
882
883 if (get_crypt_ftr_info(&fname, NULL)) {
884 return -1;
885 }
886
887 ret = validate_persistent_data_storage(&crypt_ftr);
888 if (ret) {
889 return -1;
890 }
891
Jeff Sharkeyce6a9132015-04-08 21:07:21 -0700892 fd = open(fname, O_RDONLY|O_CLOEXEC);
Ken Sumrall160b4d62013-04-22 12:15:39 -0700893 if (fd < 0) {
894 SLOGE("Cannot open %s metadata file", fname);
895 return -1;
896 }
897
Paul Lawrence300dae72016-03-11 11:02:52 -0800898 pdata = malloc(crypt_ftr.persist_data_size);
899 if (pdata == NULL) {
900 SLOGE("Cannot allocate memory for persistent data");
901 goto err;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700902 }
903
904 for (i = 0; i < 2; i++) {
905 if (lseek64(fd, crypt_ftr.persist_data_offset[i], SEEK_SET) < 0) {
906 SLOGE("Cannot seek to read persistent data on %s", fname);
907 goto err2;
908 }
909 if (unix_read(fd, pdata, crypt_ftr.persist_data_size) < 0){
910 SLOGE("Error reading persistent data on iteration %d", i);
911 goto err2;
912 }
913 if (pdata->persist_magic == PERSIST_DATA_MAGIC) {
914 found = 1;
915 break;
916 }
917 }
918
919 if (!found) {
920 SLOGI("Could not find valid persistent data, creating");
921 init_empty_persist_data(pdata, crypt_ftr.persist_data_size);
922 }
923
924 /* Success */
925 persist_data = pdata;
926 close(fd);
927 return 0;
928
929err2:
930 free(pdata);
931
932err:
933 close(fd);
934 return -1;
935}
936
937static int save_persistent_data(void)
938{
939 struct crypt_mnt_ftr crypt_ftr;
940 struct crypt_persist_data *pdata;
941 char *fname;
942 off64_t write_offset;
943 off64_t erase_offset;
Ken Sumrall160b4d62013-04-22 12:15:39 -0700944 int fd;
945 int ret;
946
947 if (persist_data == NULL) {
948 SLOGE("No persistent data to save");
949 return -1;
950 }
951
952 if(get_crypt_ftr_and_key(&crypt_ftr)) {
953 return -1;
954 }
955
Paul Lawrence8561b5c2014-03-17 14:10:51 -0700956 if ((crypt_ftr.major_version < 1)
957 || (crypt_ftr.major_version == 1 && crypt_ftr.minor_version < 1)) {
Ken Sumrall160b4d62013-04-22 12:15:39 -0700958 SLOGE("Crypt_ftr version doesn't support persistent data");
959 return -1;
960 }
961
962 ret = validate_persistent_data_storage(&crypt_ftr);
963 if (ret) {
964 return -1;
965 }
966
967 if (get_crypt_ftr_info(&fname, NULL)) {
968 return -1;
969 }
970
Jeff Sharkeyce6a9132015-04-08 21:07:21 -0700971 fd = open(fname, O_RDWR|O_CLOEXEC);
Ken Sumrall160b4d62013-04-22 12:15:39 -0700972 if (fd < 0) {
973 SLOGE("Cannot open %s metadata file", fname);
974 return -1;
975 }
976
977 pdata = malloc(crypt_ftr.persist_data_size);
978 if (pdata == NULL) {
979 SLOGE("Cannot allocate persistant data");
980 goto err;
981 }
982
983 if (lseek64(fd, crypt_ftr.persist_data_offset[0], SEEK_SET) < 0) {
984 SLOGE("Cannot seek to read persistent data on %s", fname);
985 goto err2;
986 }
987
988 if (unix_read(fd, pdata, crypt_ftr.persist_data_size) < 0) {
989 SLOGE("Error reading persistent data before save");
990 goto err2;
991 }
992
993 if (pdata->persist_magic == PERSIST_DATA_MAGIC) {
994 /* The first copy is the curent valid copy, so write to
995 * the second copy and erase this one */
996 write_offset = crypt_ftr.persist_data_offset[1];
997 erase_offset = crypt_ftr.persist_data_offset[0];
998 } else {
999 /* The second copy must be the valid copy, so write to
1000 * the first copy, and erase the second */
1001 write_offset = crypt_ftr.persist_data_offset[0];
1002 erase_offset = crypt_ftr.persist_data_offset[1];
1003 }
1004
1005 /* Write the new copy first, if successful, then erase the old copy */
Björn Landström96dbee72015-01-20 12:43:56 +01001006 if (lseek64(fd, write_offset, SEEK_SET) < 0) {
Ken Sumrall160b4d62013-04-22 12:15:39 -07001007 SLOGE("Cannot seek to write persistent data");
1008 goto err2;
1009 }
1010 if (unix_write(fd, persist_data, crypt_ftr.persist_data_size) ==
1011 (int) crypt_ftr.persist_data_size) {
Björn Landström96dbee72015-01-20 12:43:56 +01001012 if (lseek64(fd, erase_offset, SEEK_SET) < 0) {
Ken Sumrall160b4d62013-04-22 12:15:39 -07001013 SLOGE("Cannot seek to erase previous persistent data");
1014 goto err2;
1015 }
1016 fsync(fd);
1017 memset(pdata, 0, crypt_ftr.persist_data_size);
1018 if (unix_write(fd, pdata, crypt_ftr.persist_data_size) !=
1019 (int) crypt_ftr.persist_data_size) {
1020 SLOGE("Cannot write to erase previous persistent data");
1021 goto err2;
1022 }
1023 fsync(fd);
1024 } else {
1025 SLOGE("Cannot write to save persistent data");
1026 goto err2;
1027 }
1028
1029 /* Success */
1030 free(pdata);
1031 close(fd);
1032 return 0;
1033
1034err2:
1035 free(pdata);
1036err:
1037 close(fd);
1038 return -1;
1039}
1040
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001041/* Convert a binary key of specified length into an ascii hex string equivalent,
1042 * without the leading 0x and with null termination
1043 */
Jeff Sharkey9c484982015-03-31 10:35:33 -07001044static void convert_key_to_hex_ascii(const unsigned char *master_key,
Paul Lawrence3bd36d52015-06-09 13:37:44 -07001045 unsigned int keysize, char *master_key_ascii) {
1046 unsigned int i, a;
1047 unsigned char nibble;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001048
Paul Lawrence3bd36d52015-06-09 13:37:44 -07001049 for (i=0, a=0; i<keysize; i++, a+=2) {
1050 /* For each byte, write out two ascii hex digits */
1051 nibble = (master_key[i] >> 4) & 0xf;
1052 master_key_ascii[a] = nibble + (nibble > 9 ? 0x37 : 0x30);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001053
Paul Lawrence3bd36d52015-06-09 13:37:44 -07001054 nibble = master_key[i] & 0xf;
1055 master_key_ascii[a+1] = nibble + (nibble > 9 ? 0x37 : 0x30);
1056 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001057
Paul Lawrence3bd36d52015-06-09 13:37:44 -07001058 /* Add the null termination */
1059 master_key_ascii[a] = '\0';
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001060
1061}
1062
Jeff Sharkey9c484982015-03-31 10:35:33 -07001063static int load_crypto_mapping_table(struct crypt_mnt_ftr *crypt_ftr,
1064 const unsigned char *master_key, const char *real_blk_name,
1065 const char *name, int fd, const char *extra_params) {
Dan Albertc07fa3f2014-12-18 10:00:55 -08001066 _Alignas(struct dm_ioctl) char buffer[DM_CRYPT_BUF_SIZE];
Ken Sumralldb5e0262013-02-05 17:39:48 -08001067 struct dm_ioctl *io;
1068 struct dm_target_spec *tgt;
1069 char *crypt_params;
1070 char master_key_ascii[129]; /* Large enough to hold 512 bit key and null */
George Burgess IV605d7ae2016-02-29 13:39:17 -08001071 size_t buff_offset;
Ken Sumralldb5e0262013-02-05 17:39:48 -08001072 int i;
1073
1074 io = (struct dm_ioctl *) buffer;
1075
1076 /* Load the mapping table for this device */
1077 tgt = (struct dm_target_spec *) &buffer[sizeof(struct dm_ioctl)];
1078
1079 ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
1080 io->target_count = 1;
1081 tgt->status = 0;
1082 tgt->sector_start = 0;
1083 tgt->length = crypt_ftr->fs_size;
Ajay Dudani87701e22014-09-17 21:02:52 -07001084#ifdef CONFIG_HW_DISK_ENCRYPTION
Iliyan Malchevbb7d9af2014-11-20 18:42:23 -08001085 if (!strcmp((char *)crypt_ftr->crypto_type_name, "aes-xts")) {
1086 strlcpy(tgt->target_type, "req-crypt", DM_MAX_TYPE_NAME);
1087 }
1088 else {
1089 strlcpy(tgt->target_type, "crypt", DM_MAX_TYPE_NAME);
1090 }
Ajay Dudani87701e22014-09-17 21:02:52 -07001091#else
1092 strlcpy(tgt->target_type, "crypt", DM_MAX_TYPE_NAME);
1093#endif
Ken Sumralldb5e0262013-02-05 17:39:48 -08001094
1095 crypt_params = buffer + sizeof(struct dm_ioctl) + sizeof(struct dm_target_spec);
1096 convert_key_to_hex_ascii(master_key, crypt_ftr->keysize, master_key_ascii);
George Burgess IV605d7ae2016-02-29 13:39:17 -08001097
1098 buff_offset = crypt_params - buffer;
1099 snprintf(crypt_params, sizeof(buffer) - buff_offset, "%s %s 0 %s 0 %s",
1100 crypt_ftr->crypto_type_name, master_key_ascii, real_blk_name,
1101 extra_params);
Ken Sumralldb5e0262013-02-05 17:39:48 -08001102 crypt_params += strlen(crypt_params) + 1;
1103 crypt_params = (char *) (((unsigned long)crypt_params + 7) & ~8); /* Align to an 8 byte boundary */
1104 tgt->next = crypt_params - buffer;
1105
1106 for (i = 0; i < TABLE_LOAD_RETRIES; i++) {
1107 if (! ioctl(fd, DM_TABLE_LOAD, io)) {
1108 break;
1109 }
1110 usleep(500000);
1111 }
1112
1113 if (i == TABLE_LOAD_RETRIES) {
1114 /* We failed to load the table, return an error */
1115 return -1;
1116 } else {
1117 return i + 1;
1118 }
1119}
1120
1121
1122static int get_dm_crypt_version(int fd, const char *name, int *version)
1123{
1124 char buffer[DM_CRYPT_BUF_SIZE];
1125 struct dm_ioctl *io;
1126 struct dm_target_versions *v;
Ken Sumralldb5e0262013-02-05 17:39:48 -08001127
1128 io = (struct dm_ioctl *) buffer;
1129
1130 ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
1131
1132 if (ioctl(fd, DM_LIST_VERSIONS, io)) {
1133 return -1;
1134 }
1135
1136 /* Iterate over the returned versions, looking for name of "crypt".
1137 * When found, get and return the version.
1138 */
1139 v = (struct dm_target_versions *) &buffer[sizeof(struct dm_ioctl)];
1140 while (v->next) {
Ajay Dudani87701e22014-09-17 21:02:52 -07001141#ifdef CONFIG_HW_DISK_ENCRYPTION
Iliyan Malchevbb7d9af2014-11-20 18:42:23 -08001142 if (! strcmp(v->name, "crypt") || ! strcmp(v->name, "req-crypt")) {
Ajay Dudani87701e22014-09-17 21:02:52 -07001143#else
Ken Sumralldb5e0262013-02-05 17:39:48 -08001144 if (! strcmp(v->name, "crypt")) {
Ajay Dudani87701e22014-09-17 21:02:52 -07001145#endif
Ken Sumralldb5e0262013-02-05 17:39:48 -08001146 /* We found the crypt driver, return the version, and get out */
1147 version[0] = v->version[0];
1148 version[1] = v->version[1];
1149 version[2] = v->version[2];
1150 return 0;
1151 }
1152 v = (struct dm_target_versions *)(((char *)v) + v->next);
1153 }
1154
1155 return -1;
1156}
1157
Jeff Sharkey9c484982015-03-31 10:35:33 -07001158static int create_crypto_blk_dev(struct crypt_mnt_ftr *crypt_ftr,
1159 const unsigned char *master_key, const char *real_blk_name,
1160 char *crypto_blk_name, const char *name) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001161 char buffer[DM_CRYPT_BUF_SIZE];
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001162 struct dm_ioctl *io;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001163 unsigned int minor;
Ajay Dudani87701e22014-09-17 21:02:52 -07001164 int fd=0;
Daniel Rosenberg25a52132016-02-26 16:44:36 -08001165 int err;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001166 int retval = -1;
Ken Sumralldb5e0262013-02-05 17:39:48 -08001167 int version[3];
1168 char *extra_params;
1169 int load_count;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001170
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07001171 if ((fd = open("/dev/device-mapper", O_RDWR|O_CLOEXEC)) < 0 ) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001172 SLOGE("Cannot open device-mapper\n");
1173 goto errout;
1174 }
1175
1176 io = (struct dm_ioctl *) buffer;
1177
1178 ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
Daniel Rosenberg25a52132016-02-26 16:44:36 -08001179 err = ioctl(fd, DM_DEV_CREATE, io);
1180 if (err) {
1181 SLOGE("Cannot create dm-crypt device %s: %s\n", name, strerror(errno));
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001182 goto errout;
1183 }
1184
1185 /* Get the device status, in particular, the name of it's device file */
1186 ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
1187 if (ioctl(fd, DM_DEV_STATUS, io)) {
1188 SLOGE("Cannot retrieve dm-crypt device status\n");
1189 goto errout;
1190 }
1191 minor = (io->dev & 0xff) | ((io->dev >> 12) & 0xfff00);
1192 snprintf(crypto_blk_name, MAXPATHLEN, "/dev/block/dm-%u", minor);
1193
Ken Sumralldb5e0262013-02-05 17:39:48 -08001194 extra_params = "";
1195 if (! get_dm_crypt_version(fd, name, version)) {
1196 /* Support for allow_discards was added in version 1.11.0 */
1197 if ((version[0] >= 2) ||
1198 ((version[0] == 1) && (version[1] >= 11))) {
1199 extra_params = "1 allow_discards";
1200 SLOGI("Enabling support for allow_discards in dmcrypt.\n");
1201 }
Ken Sumralle919efe2012-09-29 17:07:41 -07001202 }
1203
Ken Sumralldb5e0262013-02-05 17:39:48 -08001204 load_count = load_crypto_mapping_table(crypt_ftr, master_key, real_blk_name, name,
1205 fd, extra_params);
1206 if (load_count < 0) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001207 SLOGE("Cannot load dm-crypt mapping table.\n");
1208 goto errout;
Ken Sumralldb5e0262013-02-05 17:39:48 -08001209 } else if (load_count > 1) {
1210 SLOGI("Took %d tries to load dmcrypt table.\n", load_count);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001211 }
1212
1213 /* Resume this device to activate it */
Ken Sumralldb5e0262013-02-05 17:39:48 -08001214 ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001215
1216 if (ioctl(fd, DM_DEV_SUSPEND, io)) {
1217 SLOGE("Cannot resume the dm-crypt device\n");
1218 goto errout;
1219 }
1220
1221 /* We made it here with no errors. Woot! */
1222 retval = 0;
1223
1224errout:
1225 close(fd); /* If fd is <0 from a failed open call, it's safe to just ignore the close error */
1226
1227 return retval;
1228}
1229
Ken Sumrall29d8da82011-05-18 17:20:07 -07001230static int delete_crypto_blk_dev(char *name)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001231{
1232 int fd;
1233 char buffer[DM_CRYPT_BUF_SIZE];
1234 struct dm_ioctl *io;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001235 int retval = -1;
1236
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07001237 if ((fd = open("/dev/device-mapper", O_RDWR|O_CLOEXEC)) < 0 ) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001238 SLOGE("Cannot open device-mapper\n");
1239 goto errout;
1240 }
1241
1242 io = (struct dm_ioctl *) buffer;
1243
1244 ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
1245 if (ioctl(fd, DM_DEV_REMOVE, io)) {
1246 SLOGE("Cannot remove dm-crypt device\n");
1247 goto errout;
1248 }
1249
1250 /* We made it here with no errors. Woot! */
1251 retval = 0;
1252
1253errout:
1254 close(fd); /* If fd is <0 from a failed open call, it's safe to just ignore the close error */
1255
1256 return retval;
1257
1258}
1259
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001260static int pbkdf2(const char *passwd, const unsigned char *salt,
Paul Lawrencef4faa572014-01-29 13:31:03 -08001261 unsigned char *ikey, void *params UNUSED)
1262{
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001263 SLOGI("Using pbkdf2 for cryptfs KDF");
1264
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001265 /* Turn the password into a key and IV that can decrypt the master key */
Adam Langleybf0d9722015-11-04 14:51:39 -08001266 return PKCS5_PBKDF2_HMAC_SHA1(passwd, strlen(passwd), salt, SALT_LEN,
1267 HASH_COUNT, KEY_LEN_BYTES + IV_LEN_BYTES,
1268 ikey) != 1;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001269}
1270
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001271static int scrypt(const char *passwd, const unsigned char *salt,
Paul Lawrencef4faa572014-01-29 13:31:03 -08001272 unsigned char *ikey, void *params)
1273{
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001274 SLOGI("Using scrypt for cryptfs KDF");
1275
Kenny Rootc4c70f12013-06-14 12:11:38 -07001276 struct crypt_mnt_ftr *ftr = (struct crypt_mnt_ftr *) params;
1277
1278 int N = 1 << ftr->N_factor;
1279 int r = 1 << ftr->r_factor;
1280 int p = 1 << ftr->p_factor;
1281
1282 /* Turn the password into a key and IV that can decrypt the master key */
Paul Lawrencef4faa572014-01-29 13:31:03 -08001283 unsigned int keysize;
Paul Lawrence3bd36d52015-06-09 13:37:44 -07001284 crypto_scrypt((const uint8_t*)passwd, strlen(passwd),
1285 salt, SALT_LEN, N, r, p, ikey,
1286 KEY_LEN_BYTES + IV_LEN_BYTES);
Paul Lawrencef4faa572014-01-29 13:31:03 -08001287
Paul Lawrence3bd36d52015-06-09 13:37:44 -07001288 return 0;
Kenny Rootc4c70f12013-06-14 12:11:38 -07001289}
1290
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001291static int scrypt_keymaster(const char *passwd, const unsigned char *salt,
1292 unsigned char *ikey, void *params)
1293{
1294 SLOGI("Using scrypt with keymaster for cryptfs KDF");
1295
1296 int rc;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001297 size_t signature_size;
1298 unsigned char* signature;
1299 struct crypt_mnt_ftr *ftr = (struct crypt_mnt_ftr *) params;
1300
1301 int N = 1 << ftr->N_factor;
1302 int r = 1 << ftr->r_factor;
1303 int p = 1 << ftr->p_factor;
1304
Paul Lawrence3bd36d52015-06-09 13:37:44 -07001305 rc = crypto_scrypt((const uint8_t*)passwd, strlen(passwd),
1306 salt, SALT_LEN, N, r, p, ikey,
1307 KEY_LEN_BYTES + IV_LEN_BYTES);
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001308
1309 if (rc) {
1310 SLOGE("scrypt failed");
1311 return -1;
1312 }
1313
Shawn Willdene17a9c42014-09-08 13:04:08 -06001314 if (keymaster_sign_object(ftr, ikey, KEY_LEN_BYTES + IV_LEN_BYTES,
1315 &signature, &signature_size)) {
1316 SLOGE("Signing failed");
1317 return -1;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001318 }
1319
1320 rc = crypto_scrypt(signature, signature_size, salt, SALT_LEN,
1321 N, r, p, ikey, KEY_LEN_BYTES + IV_LEN_BYTES);
1322 free(signature);
1323
1324 if (rc) {
1325 SLOGE("scrypt failed");
1326 return -1;
1327 }
1328
1329 return 0;
1330}
1331
1332static int encrypt_master_key(const char *passwd, const unsigned char *salt,
1333 const unsigned char *decrypted_master_key,
Kenny Rootc4c70f12013-06-14 12:11:38 -07001334 unsigned char *encrypted_master_key,
1335 struct crypt_mnt_ftr *crypt_ftr)
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001336{
1337 unsigned char ikey[32+32] = { 0 }; /* Big enough to hold a 256 bit key and 256 bit IV */
1338 EVP_CIPHER_CTX e_ctx;
1339 int encrypted_len, final_len;
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001340 int rc = 0;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001341
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001342 /* Turn the password into an intermediate key and IV that can decrypt the master key */
Kenny Rootc4c70f12013-06-14 12:11:38 -07001343 get_device_scrypt_params(crypt_ftr);
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001344
1345 switch (crypt_ftr->kdf_type) {
1346 case KDF_SCRYPT_KEYMASTER:
1347 if (keymaster_create_key(crypt_ftr)) {
1348 SLOGE("keymaster_create_key failed");
1349 return -1;
1350 }
1351
1352 if (scrypt_keymaster(passwd, salt, ikey, crypt_ftr)) {
1353 SLOGE("scrypt failed");
1354 return -1;
1355 }
1356 break;
1357
1358 case KDF_SCRYPT:
1359 if (scrypt(passwd, salt, ikey, crypt_ftr)) {
1360 SLOGE("scrypt failed");
1361 return -1;
1362 }
1363 break;
1364
1365 default:
1366 SLOGE("Invalid kdf_type");
Paul Lawrencef4faa572014-01-29 13:31:03 -08001367 return -1;
1368 }
Kenny Rootc4c70f12013-06-14 12:11:38 -07001369
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001370 /* Initialize the decryption engine */
Adam Langley889c4f12014-09-03 14:23:13 -07001371 EVP_CIPHER_CTX_init(&e_ctx);
1372 if (! EVP_EncryptInit_ex(&e_ctx, EVP_aes_128_cbc(), NULL, ikey, ikey+KEY_LEN_BYTES)) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001373 SLOGE("EVP_EncryptInit failed\n");
1374 return -1;
1375 }
1376 EVP_CIPHER_CTX_set_padding(&e_ctx, 0); /* Turn off padding as our data is block aligned */
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001377
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001378 /* Encrypt the master key */
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001379 if (! EVP_EncryptUpdate(&e_ctx, encrypted_master_key, &encrypted_len,
Paul Lawrence731a7a22015-04-28 22:14:15 +00001380 decrypted_master_key, KEY_LEN_BYTES)) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001381 SLOGE("EVP_EncryptUpdate failed\n");
1382 return -1;
1383 }
Adam Langley889c4f12014-09-03 14:23:13 -07001384 if (! EVP_EncryptFinal_ex(&e_ctx, encrypted_master_key + encrypted_len, &final_len)) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001385 SLOGE("EVP_EncryptFinal failed\n");
1386 return -1;
1387 }
1388
1389 if (encrypted_len + final_len != KEY_LEN_BYTES) {
1390 SLOGE("EVP_Encryption length check failed with %d, %d bytes\n", encrypted_len, final_len);
1391 return -1;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001392 }
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001393
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001394 /* Store the scrypt of the intermediate key, so we can validate if it's a
1395 password error or mount error when things go wrong.
1396 Note there's no need to check for errors, since if this is incorrect, we
1397 simply won't wipe userdata, which is the correct default behavior
1398 */
1399 int N = 1 << crypt_ftr->N_factor;
1400 int r = 1 << crypt_ftr->r_factor;
1401 int p = 1 << crypt_ftr->p_factor;
1402
1403 rc = crypto_scrypt(ikey, KEY_LEN_BYTES,
1404 crypt_ftr->salt, sizeof(crypt_ftr->salt), N, r, p,
1405 crypt_ftr->scrypted_intermediate_key,
1406 sizeof(crypt_ftr->scrypted_intermediate_key));
1407
1408 if (rc) {
1409 SLOGE("encrypt_master_key: crypto_scrypt failed");
1410 }
1411
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001412 return 0;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001413}
1414
Paul Lawrence731a7a22015-04-28 22:14:15 +00001415static int decrypt_master_key_aux(const char *passwd, unsigned char *salt,
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001416 unsigned char *encrypted_master_key,
1417 unsigned char *decrypted_master_key,
1418 kdf_func kdf, void *kdf_params,
1419 unsigned char** intermediate_key,
1420 size_t* intermediate_key_size)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001421{
1422 unsigned char ikey[32+32] = { 0 }; /* Big enough to hold a 256 bit key and 256 bit IV */
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001423 EVP_CIPHER_CTX d_ctx;
1424 int decrypted_len, final_len;
1425
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001426 /* Turn the password into an intermediate key and IV that can decrypt the
1427 master key */
Paul Lawrencef4faa572014-01-29 13:31:03 -08001428 if (kdf(passwd, salt, ikey, kdf_params)) {
1429 SLOGE("kdf failed");
1430 return -1;
1431 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001432
1433 /* Initialize the decryption engine */
Adam Langley889c4f12014-09-03 14:23:13 -07001434 EVP_CIPHER_CTX_init(&d_ctx);
1435 if (! EVP_DecryptInit_ex(&d_ctx, EVP_aes_128_cbc(), NULL, ikey, ikey+KEY_LEN_BYTES)) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001436 return -1;
1437 }
1438 EVP_CIPHER_CTX_set_padding(&d_ctx, 0); /* Turn off padding as our data is block aligned */
1439 /* Decrypt the master key */
1440 if (! EVP_DecryptUpdate(&d_ctx, decrypted_master_key, &decrypted_len,
1441 encrypted_master_key, KEY_LEN_BYTES)) {
1442 return -1;
1443 }
Adam Langley889c4f12014-09-03 14:23:13 -07001444 if (! EVP_DecryptFinal_ex(&d_ctx, decrypted_master_key + decrypted_len, &final_len)) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001445 return -1;
1446 }
1447
1448 if (decrypted_len + final_len != KEY_LEN_BYTES) {
1449 return -1;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001450 }
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001451
1452 /* Copy intermediate key if needed by params */
1453 if (intermediate_key && intermediate_key_size) {
1454 *intermediate_key = (unsigned char*) malloc(KEY_LEN_BYTES);
Greg Kaisere8167af2016-04-20 10:50:15 -07001455 if (*intermediate_key) {
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001456 memcpy(*intermediate_key, ikey, KEY_LEN_BYTES);
1457 *intermediate_key_size = KEY_LEN_BYTES;
1458 }
1459 }
1460
1461 return 0;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001462}
1463
Kenny Rootc4c70f12013-06-14 12:11:38 -07001464static void get_kdf_func(struct crypt_mnt_ftr *ftr, kdf_func *kdf, void** kdf_params)
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001465{
Paul Lawrencedb3730c2015-02-03 13:08:10 -08001466 if (ftr->kdf_type == KDF_SCRYPT_KEYMASTER) {
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001467 *kdf = scrypt_keymaster;
1468 *kdf_params = ftr;
1469 } else if (ftr->kdf_type == KDF_SCRYPT) {
Kenny Rootc4c70f12013-06-14 12:11:38 -07001470 *kdf = scrypt;
1471 *kdf_params = ftr;
1472 } else {
1473 *kdf = pbkdf2;
1474 *kdf_params = NULL;
1475 }
1476}
1477
Paul Lawrence731a7a22015-04-28 22:14:15 +00001478static int decrypt_master_key(const char *passwd, unsigned char *decrypted_master_key,
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001479 struct crypt_mnt_ftr *crypt_ftr,
1480 unsigned char** intermediate_key,
1481 size_t* intermediate_key_size)
Kenny Rootc4c70f12013-06-14 12:11:38 -07001482{
1483 kdf_func kdf;
1484 void *kdf_params;
1485 int ret;
1486
1487 get_kdf_func(crypt_ftr, &kdf, &kdf_params);
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001488 ret = decrypt_master_key_aux(passwd, crypt_ftr->salt, crypt_ftr->master_key,
1489 decrypted_master_key, kdf, kdf_params,
1490 intermediate_key, intermediate_key_size);
Kenny Rootc4c70f12013-06-14 12:11:38 -07001491 if (ret != 0) {
1492 SLOGW("failure decrypting master key");
Kenny Rootc4c70f12013-06-14 12:11:38 -07001493 }
1494
1495 return ret;
1496}
1497
1498static int create_encrypted_random_key(char *passwd, unsigned char *master_key, unsigned char *salt,
1499 struct crypt_mnt_ftr *crypt_ftr) {
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001500 int fd;
Ken Sumralle8744072011-01-18 22:01:55 -08001501 unsigned char key_buf[KEY_LEN_BYTES];
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001502
1503 /* Get some random bits for a key */
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07001504 fd = open("/dev/urandom", O_RDONLY|O_CLOEXEC);
Ken Sumralle8744072011-01-18 22:01:55 -08001505 read(fd, key_buf, sizeof(key_buf));
1506 read(fd, salt, SALT_LEN);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001507 close(fd);
1508
1509 /* Now encrypt it with the password */
Kenny Rootc4c70f12013-06-14 12:11:38 -07001510 return encrypt_master_key(passwd, salt, key_buf, master_key, crypt_ftr);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001511}
1512
Paul Lawrence2f32cda2015-05-05 14:28:25 -07001513int wait_and_unmount(const char *mountpoint, bool kill)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001514{
Greg Hackmann955653e2014-09-24 14:55:20 -07001515 int i, err, rc;
Ken Sumrall2eaf7132011-01-14 12:45:48 -08001516#define WAIT_UNMOUNT_COUNT 20
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001517
1518 /* Now umount the tmpfs filesystem */
1519 for (i=0; i<WAIT_UNMOUNT_COUNT; i++) {
Greg Hackmann6e8440f2014-10-02 17:18:20 -07001520 if (umount(mountpoint) == 0) {
1521 break;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001522 }
Greg Hackmann6e8440f2014-10-02 17:18:20 -07001523
1524 if (errno == EINVAL) {
1525 /* EINVAL is returned if the directory is not a mountpoint,
1526 * i.e. there is no filesystem mounted there. So just get out.
1527 */
1528 break;
1529 }
1530
1531 err = errno;
1532
1533 /* If allowed, be increasingly aggressive before the last two retries */
1534 if (kill) {
1535 if (i == (WAIT_UNMOUNT_COUNT - 3)) {
1536 SLOGW("sending SIGHUP to processes with open files\n");
Jeff Sharkey36801cc2015-03-13 16:09:20 -07001537 vold_killProcessesWithOpenFiles(mountpoint, SIGTERM);
Greg Hackmann6e8440f2014-10-02 17:18:20 -07001538 } else if (i == (WAIT_UNMOUNT_COUNT - 2)) {
1539 SLOGW("sending SIGKILL to processes with open files\n");
Jeff Sharkey36801cc2015-03-13 16:09:20 -07001540 vold_killProcessesWithOpenFiles(mountpoint, SIGKILL);
Greg Hackmann6e8440f2014-10-02 17:18:20 -07001541 }
1542 }
1543
1544 sleep(1);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001545 }
1546
1547 if (i < WAIT_UNMOUNT_COUNT) {
1548 SLOGD("unmounting %s succeeded\n", mountpoint);
1549 rc = 0;
1550 } else {
jessica_yu3f14fe42014-09-22 15:57:40 +08001551 vold_killProcessesWithOpenFiles(mountpoint, 0);
Greg Hackmann955653e2014-09-24 14:55:20 -07001552 SLOGE("unmounting %s failed: %s\n", mountpoint, strerror(err));
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001553 rc = -1;
1554 }
1555
1556 return rc;
1557}
1558
Paul Lawrenceb1ef4662015-06-11 11:15:29 -07001559#define DATA_PREP_TIMEOUT 1000
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001560static int prep_data_fs(void)
1561{
1562 int i;
1563
Jeff Sharkey47695b22016-02-01 17:02:29 -07001564 // NOTE: post_fs_data results in init calling back around to vold, so all
1565 // callers to this method must be async
1566
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001567 /* Do the prep of the /data filesystem */
1568 property_set("vold.post_fs_data_done", "0");
1569 property_set("vold.decrypt", "trigger_post_fs_data");
1570 SLOGD("Just triggered post_fs_data\n");
1571
Ken Sumrallc5872692013-05-14 15:26:31 -07001572 /* Wait a max of 50 seconds, hopefully it takes much less */
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001573 for (i=0; i<DATA_PREP_TIMEOUT; i++) {
Ken Sumrall29d8da82011-05-18 17:20:07 -07001574 char p[PROPERTY_VALUE_MAX];
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001575
1576 property_get("vold.post_fs_data_done", p, "0");
1577 if (*p == '1') {
1578 break;
1579 } else {
Paul Lawrenceb1ef4662015-06-11 11:15:29 -07001580 usleep(50000);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001581 }
1582 }
1583 if (i == DATA_PREP_TIMEOUT) {
1584 /* Ugh, we failed to prep /data in time. Bail. */
Ken Sumrallc5872692013-05-14 15:26:31 -07001585 SLOGE("post_fs_data timed out!\n");
Ken Sumrall8ddbe402011-01-17 15:26:29 -08001586 return -1;
1587 } else {
1588 SLOGD("post_fs_data done\n");
1589 return 0;
1590 }
1591}
1592
Paul Lawrence74f29f12014-08-28 15:54:10 -07001593static void cryptfs_set_corrupt()
1594{
1595 // Mark the footer as bad
1596 struct crypt_mnt_ftr crypt_ftr;
1597 if (get_crypt_ftr_and_key(&crypt_ftr)) {
1598 SLOGE("Failed to get crypto footer - panic");
1599 return;
1600 }
1601
1602 crypt_ftr.flags |= CRYPT_DATA_CORRUPT;
1603 if (put_crypt_ftr_and_key(&crypt_ftr)) {
1604 SLOGE("Failed to set crypto footer - panic");
1605 return;
1606 }
1607}
1608
1609static void cryptfs_trigger_restart_min_framework()
1610{
1611 if (fs_mgr_do_tmpfs_mount(DATA_MNT_POINT)) {
1612 SLOGE("Failed to mount tmpfs on data - panic");
1613 return;
1614 }
1615
1616 if (property_set("vold.decrypt", "trigger_post_fs_data")) {
1617 SLOGE("Failed to trigger post fs data - panic");
1618 return;
1619 }
1620
1621 if (property_set("vold.decrypt", "trigger_restart_min_framework")) {
1622 SLOGE("Failed to trigger restart min framework - panic");
1623 return;
1624 }
1625}
1626
Paul Lawrence8e3f4512014-09-08 10:11:17 -07001627/* returns < 0 on failure */
Paul Lawrencef4faa572014-01-29 13:31:03 -08001628static int cryptfs_restart_internal(int restart_main)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001629{
Ken Sumrall6864b7e2011-01-14 15:20:02 -08001630 char crypto_blkdev[MAXPATHLEN];
Tim Murray8439dc92014-12-15 11:56:11 -08001631 int rc = -1;
Ken Sumrall0cc16632011-01-18 20:32:26 -08001632 static int restart_successful = 0;
1633
1634 /* Validate that it's OK to call this routine */
Jason parks70a4b3f2011-01-28 10:10:47 -06001635 if (! master_key_saved) {
Ken Sumrall0cc16632011-01-18 20:32:26 -08001636 SLOGE("Encrypted filesystem not validated, aborting");
1637 return -1;
1638 }
1639
1640 if (restart_successful) {
1641 SLOGE("System already restarted with encrypted disk, aborting");
1642 return -1;
1643 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001644
Paul Lawrencef4faa572014-01-29 13:31:03 -08001645 if (restart_main) {
1646 /* Here is where we shut down the framework. The init scripts
1647 * start all services in one of three classes: core, main or late_start.
1648 * On boot, we start core and main. Now, we stop main, but not core,
1649 * as core includes vold and a few other really important things that
1650 * we need to keep running. Once main has stopped, we should be able
1651 * to umount the tmpfs /data, then mount the encrypted /data.
1652 * We then restart the class main, and also the class late_start.
1653 * At the moment, I've only put a few things in late_start that I know
1654 * are not needed to bring up the framework, and that also cause problems
1655 * with unmounting the tmpfs /data, but I hope to add add more services
1656 * to the late_start class as we optimize this to decrease the delay
1657 * till the user is asked for the password to the filesystem.
1658 */
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001659
Paul Lawrencef4faa572014-01-29 13:31:03 -08001660 /* The init files are setup to stop the class main when vold.decrypt is
1661 * set to trigger_reset_main.
1662 */
1663 property_set("vold.decrypt", "trigger_reset_main");
1664 SLOGD("Just asked init to shut down class main\n");
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001665
Paul Lawrencef4faa572014-01-29 13:31:03 -08001666 /* Ugh, shutting down the framework is not synchronous, so until it
1667 * can be fixed, this horrible hack will wait a moment for it all to
1668 * shut down before proceeding. Without it, some devices cannot
1669 * restart the graphics services.
1670 */
1671 sleep(2);
1672 }
Ken Sumrall9dedfd42012-10-09 14:16:59 -07001673
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001674 /* Now that the framework is shutdown, we should be able to umount()
1675 * the tmpfs filesystem, and mount the real one.
1676 */
1677
Ken Sumrall6864b7e2011-01-14 15:20:02 -08001678 property_get("ro.crypto.fs_crypto_blkdev", crypto_blkdev, "");
1679 if (strlen(crypto_blkdev) == 0) {
1680 SLOGE("fs_crypto_blkdev not set\n");
1681 return -1;
1682 }
1683
Greg Hackmann6e8440f2014-10-02 17:18:20 -07001684 if (! (rc = wait_and_unmount(DATA_MNT_POINT, true)) ) {
Doug Zongker6fd57712013-12-17 09:43:23 -08001685 /* If ro.crypto.readonly is set to 1, mount the decrypted
1686 * filesystem readonly. This is used when /data is mounted by
1687 * recovery mode.
1688 */
1689 char ro_prop[PROPERTY_VALUE_MAX];
1690 property_get("ro.crypto.readonly", ro_prop, "");
1691 if (strlen(ro_prop) > 0 && atoi(ro_prop)) {
1692 struct fstab_rec* rec = fs_mgr_get_entry_for_mount_point(fstab, DATA_MNT_POINT);
1693 rec->flags |= MS_RDONLY;
1694 }
JP Abgrall62c7af32014-06-16 13:01:23 -07001695
Ken Sumralle5032c42012-04-01 23:58:44 -07001696 /* If that succeeded, then mount the decrypted filesystem */
Paul Lawrence8e3f4512014-09-08 10:11:17 -07001697 int retries = RETRY_MOUNT_ATTEMPTS;
1698 int mount_rc;
Jeff Vander Stoepdf725752016-01-29 15:34:43 -08001699
1700 /*
1701 * fs_mgr_do_mount runs fsck. Use setexeccon to run trusted
1702 * partitions in the fsck domain.
1703 */
1704 if (setexeccon(secontextFsck())){
1705 SLOGE("Failed to setexeccon");
1706 return -1;
1707 }
Paul Lawrence8e3f4512014-09-08 10:11:17 -07001708 while ((mount_rc = fs_mgr_do_mount(fstab, DATA_MNT_POINT,
1709 crypto_blkdev, 0))
1710 != 0) {
1711 if (mount_rc == FS_MGR_DOMNT_BUSY) {
1712 /* TODO: invoke something similar to
1713 Process::killProcessWithOpenFiles(DATA_MNT_POINT,
1714 retries > RETRY_MOUNT_ATTEMPT/2 ? 1 : 2 ) */
1715 SLOGI("Failed to mount %s because it is busy - waiting",
1716 crypto_blkdev);
1717 if (--retries) {
1718 sleep(RETRY_MOUNT_DELAY_SECONDS);
1719 } else {
1720 /* Let's hope that a reboot clears away whatever is keeping
1721 the mount busy */
1722 cryptfs_reboot(reboot);
1723 }
1724 } else {
1725 SLOGE("Failed to mount decrypted data");
1726 cryptfs_set_corrupt();
1727 cryptfs_trigger_restart_min_framework();
1728 SLOGI("Started framework to offer wipe");
Jeff Vander Stoepdf725752016-01-29 15:34:43 -08001729 if (setexeccon(NULL)) {
1730 SLOGE("Failed to setexeccon");
1731 }
Paul Lawrence8e3f4512014-09-08 10:11:17 -07001732 return -1;
1733 }
Paul Lawrence74f29f12014-08-28 15:54:10 -07001734 }
Jeff Vander Stoepdf725752016-01-29 15:34:43 -08001735 if (setexeccon(NULL)) {
1736 SLOGE("Failed to setexeccon");
1737 return -1;
1738 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001739
Ken Sumralle5032c42012-04-01 23:58:44 -07001740 property_set("vold.decrypt", "trigger_load_persist_props");
1741 /* Create necessary paths on /data */
1742 if (prep_data_fs()) {
1743 return -1;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001744 }
Ken Sumralle5032c42012-04-01 23:58:44 -07001745
1746 /* startup service classes main and late_start */
1747 property_set("vold.decrypt", "trigger_restart_framework");
1748 SLOGD("Just triggered restart_framework\n");
1749
1750 /* Give it a few moments to get started */
1751 sleep(1);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001752 }
1753
Ken Sumrall0cc16632011-01-18 20:32:26 -08001754 if (rc == 0) {
1755 restart_successful = 1;
1756 }
1757
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001758 return rc;
1759}
1760
Paul Lawrencef4faa572014-01-29 13:31:03 -08001761int cryptfs_restart(void)
1762{
Paul Lawrence05335c32015-03-05 09:46:23 -08001763 SLOGI("cryptfs_restart");
Paul Crowley38132a12016-02-09 09:50:32 +00001764 if (e4crypt_is_native()) {
Paul Lawrence7b6b5652016-02-02 11:14:59 -08001765 SLOGE("cryptfs_restart not valid for file encryption:");
1766 return -1;
Paul Lawrence05335c32015-03-05 09:46:23 -08001767 }
1768
Paul Lawrencef4faa572014-01-29 13:31:03 -08001769 /* Call internal implementation forcing a restart of main service group */
1770 return cryptfs_restart_internal(1);
1771}
1772
Paul Lawrence05335c32015-03-05 09:46:23 -08001773static int do_crypto_complete(char *mount_point)
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08001774{
1775 struct crypt_mnt_ftr crypt_ftr;
Ken Sumrall29d8da82011-05-18 17:20:07 -07001776 char encrypted_state[PROPERTY_VALUE_MAX];
Ken Sumralle1a45852011-12-14 21:24:27 -08001777 char key_loc[PROPERTY_VALUE_MAX];
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08001778
1779 property_get("ro.crypto.state", encrypted_state, "");
1780 if (strcmp(encrypted_state, "encrypted") ) {
1781 SLOGE("not running with encryption, aborting");
Paul Lawrence74f29f12014-08-28 15:54:10 -07001782 return CRYPTO_COMPLETE_NOT_ENCRYPTED;
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08001783 }
1784
Paul Lawrence7b6b5652016-02-02 11:14:59 -08001785 // crypto_complete is full disk encrypted status
Paul Crowley38132a12016-02-09 09:50:32 +00001786 if (e4crypt_is_native()) {
Paul Lawrence7b6b5652016-02-02 11:14:59 -08001787 return CRYPTO_COMPLETE_NOT_ENCRYPTED;
Paul Lawrence05335c32015-03-05 09:46:23 -08001788 }
1789
Ken Sumrall160b4d62013-04-22 12:15:39 -07001790 if (get_crypt_ftr_and_key(&crypt_ftr)) {
Ken Sumrall56ad03c2013-02-13 13:00:19 -08001791 fs_mgr_get_crypt_info(fstab, key_loc, 0, sizeof(key_loc));
Ken Sumralle5032c42012-04-01 23:58:44 -07001792
Ken Sumralle1a45852011-12-14 21:24:27 -08001793 /*
1794 * Only report this error if key_loc is a file and it exists.
1795 * If the device was never encrypted, and /data is not mountable for
1796 * some reason, returning 1 should prevent the UI from presenting the
1797 * a "enter password" screen, or worse, a "press button to wipe the
1798 * device" screen.
1799 */
1800 if ((key_loc[0] == '/') && (access("key_loc", F_OK) == -1)) {
1801 SLOGE("master key file does not exist, aborting");
Paul Lawrence74f29f12014-08-28 15:54:10 -07001802 return CRYPTO_COMPLETE_NOT_ENCRYPTED;
Ken Sumralle1a45852011-12-14 21:24:27 -08001803 } else {
1804 SLOGE("Error getting crypt footer and key\n");
Paul Lawrence74f29f12014-08-28 15:54:10 -07001805 return CRYPTO_COMPLETE_BAD_METADATA;
Ken Sumralle1a45852011-12-14 21:24:27 -08001806 }
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08001807 }
1808
Paul Lawrence74f29f12014-08-28 15:54:10 -07001809 // Test for possible error flags
1810 if (crypt_ftr.flags & CRYPT_ENCRYPTION_IN_PROGRESS){
1811 SLOGE("Encryption process is partway completed\n");
1812 return CRYPTO_COMPLETE_PARTIAL;
1813 }
1814
1815 if (crypt_ftr.flags & CRYPT_INCONSISTENT_STATE){
1816 SLOGE("Encryption process was interrupted but cannot continue\n");
1817 return CRYPTO_COMPLETE_INCONSISTENT;
1818 }
1819
1820 if (crypt_ftr.flags & CRYPT_DATA_CORRUPT){
1821 SLOGE("Encryption is successful but data is corrupt\n");
1822 return CRYPTO_COMPLETE_CORRUPT;
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08001823 }
1824
1825 /* We passed the test! We shall diminish, and return to the west */
Paul Lawrence74f29f12014-08-28 15:54:10 -07001826 return CRYPTO_COMPLETE_ENCRYPTED;
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08001827}
1828
Paul Lawrencef4faa572014-01-29 13:31:03 -08001829static int test_mount_encrypted_fs(struct crypt_mnt_ftr* crypt_ftr,
1830 char *passwd, char *mount_point, char *label)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001831{
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001832 /* Allocate enough space for a 256 bit key, but we may use less */
Ken Sumrall160b4d62013-04-22 12:15:39 -07001833 unsigned char decrypted_master_key[32];
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001834 char crypto_blkdev[MAXPATHLEN];
1835 char real_blkdev[MAXPATHLEN];
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001836 char tmp_mount_point[64];
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001837 unsigned int orig_failed_decrypt_count;
1838 int rc;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001839 int use_keymaster = 0;
1840 int upgrade = 0;
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001841 unsigned char* intermediate_key = 0;
1842 size_t intermediate_key_size = 0;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001843
Paul Lawrencef4faa572014-01-29 13:31:03 -08001844 SLOGD("crypt_ftr->fs_size = %lld\n", crypt_ftr->fs_size);
1845 orig_failed_decrypt_count = crypt_ftr->failed_decrypt_count;
Ken Sumrall0cc16632011-01-18 20:32:26 -08001846
Paul Lawrencef4faa572014-01-29 13:31:03 -08001847 if (! (crypt_ftr->flags & CRYPT_MNT_KEY_UNENCRYPTED) ) {
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001848 if (decrypt_master_key(passwd, decrypted_master_key, crypt_ftr,
1849 &intermediate_key, &intermediate_key_size)) {
JP Abgrall7bdfa522013-11-15 13:42:56 -08001850 SLOGE("Failed to decrypt master key\n");
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001851 rc = -1;
1852 goto errout;
JP Abgrall7bdfa522013-11-15 13:42:56 -08001853 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001854 }
1855
Paul Lawrencef4faa572014-01-29 13:31:03 -08001856 fs_mgr_get_crypt_info(fstab, 0, real_blkdev, sizeof(real_blkdev));
1857
Ajay Dudani87701e22014-09-17 21:02:52 -07001858#ifdef CONFIG_HW_DISK_ENCRYPTION
Iliyan Malchevbb7d9af2014-11-20 18:42:23 -08001859 if (!strcmp((char *)crypt_ftr->crypto_type_name, "aes-xts")) {
1860 if(!set_hw_device_encryption_key(passwd, (char*) crypt_ftr->crypto_type_name)) {
1861 SLOGE("Hardware encryption key does not match");
1862 }
Ajay Dudani87701e22014-09-17 21:02:52 -07001863 }
1864#endif
1865
Paul Lawrence74f29f12014-08-28 15:54:10 -07001866 // Create crypto block device - all (non fatal) code paths
1867 // need it
Paul Lawrencef4faa572014-01-29 13:31:03 -08001868 if (create_crypto_blk_dev(crypt_ftr, decrypted_master_key,
1869 real_blkdev, crypto_blkdev, label)) {
Paul Lawrence74f29f12014-08-28 15:54:10 -07001870 SLOGE("Error creating decrypted block device\n");
1871 rc = -1;
1872 goto errout;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001873 }
1874
Paul Lawrence74f29f12014-08-28 15:54:10 -07001875 /* Work out if the problem is the password or the data */
1876 unsigned char scrypted_intermediate_key[sizeof(crypt_ftr->
1877 scrypted_intermediate_key)];
1878 int N = 1 << crypt_ftr->N_factor;
1879 int r = 1 << crypt_ftr->r_factor;
1880 int p = 1 << crypt_ftr->p_factor;
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001881
Paul Lawrence74f29f12014-08-28 15:54:10 -07001882 rc = crypto_scrypt(intermediate_key, intermediate_key_size,
1883 crypt_ftr->salt, sizeof(crypt_ftr->salt),
1884 N, r, p, scrypted_intermediate_key,
1885 sizeof(scrypted_intermediate_key));
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001886
Paul Lawrence74f29f12014-08-28 15:54:10 -07001887 // Does the key match the crypto footer?
1888 if (rc == 0 && memcmp(scrypted_intermediate_key,
1889 crypt_ftr->scrypted_intermediate_key,
1890 sizeof(scrypted_intermediate_key)) == 0) {
1891 SLOGI("Password matches");
1892 rc = 0;
1893 } else {
1894 /* Try mounting the file system anyway, just in case the problem's with
1895 * the footer, not the key. */
George Burgess IV605d7ae2016-02-29 13:39:17 -08001896 snprintf(tmp_mount_point, sizeof(tmp_mount_point), "%s/tmp_mnt",
1897 mount_point);
Paul Lawrence74f29f12014-08-28 15:54:10 -07001898 mkdir(tmp_mount_point, 0755);
1899 if (fs_mgr_do_mount(fstab, DATA_MNT_POINT, crypto_blkdev, tmp_mount_point)) {
1900 SLOGE("Error temp mounting decrypted block device\n");
1901 delete_crypto_blk_dev(label);
1902
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001903 rc = ++crypt_ftr->failed_decrypt_count;
1904 put_crypt_ftr_and_key(crypt_ftr);
Paul Lawrence74f29f12014-08-28 15:54:10 -07001905 } else {
1906 /* Success! */
1907 SLOGI("Password did not match but decrypted drive mounted - continue");
1908 umount(tmp_mount_point);
1909 rc = 0;
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001910 }
Paul Lawrence74f29f12014-08-28 15:54:10 -07001911 }
1912
1913 if (rc == 0) {
1914 crypt_ftr->failed_decrypt_count = 0;
Paul Lawrence72b8b822014-10-05 12:57:37 -07001915 if (orig_failed_decrypt_count != 0) {
1916 put_crypt_ftr_and_key(crypt_ftr);
1917 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001918
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001919 /* Save the name of the crypto block device
Paul Lawrence74f29f12014-08-28 15:54:10 -07001920 * so we can mount it when restarting the framework. */
Ken Sumrall6864b7e2011-01-14 15:20:02 -08001921 property_set("ro.crypto.fs_crypto_blkdev", crypto_blkdev);
Jason parks70a4b3f2011-01-28 10:10:47 -06001922
1923 /* Also save a the master key so we can reencrypted the key
Paul Lawrence74f29f12014-08-28 15:54:10 -07001924 * the key when we want to change the password on it. */
Jason parks70a4b3f2011-01-28 10:10:47 -06001925 memcpy(saved_master_key, decrypted_master_key, KEY_LEN_BYTES);
Ken Sumrall3ad90722011-10-04 20:38:29 -07001926 saved_mount_point = strdup(mount_point);
Jason parks70a4b3f2011-01-28 10:10:47 -06001927 master_key_saved = 1;
JP Abgrall7bdfa522013-11-15 13:42:56 -08001928 SLOGD("%s(): Master key saved\n", __FUNCTION__);
Ken Sumrall6864b7e2011-01-14 15:20:02 -08001929 rc = 0;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001930
Paul Lawrence74f29f12014-08-28 15:54:10 -07001931 // Upgrade if we're not using the latest KDF.
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001932 use_keymaster = keymaster_check_compatibility();
1933 if (crypt_ftr->kdf_type == KDF_SCRYPT_KEYMASTER) {
Shawn Willden47ba10d2014-09-03 17:07:06 -06001934 // Don't allow downgrade
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001935 } else if (use_keymaster == 1 && crypt_ftr->kdf_type != KDF_SCRYPT_KEYMASTER) {
1936 crypt_ftr->kdf_type = KDF_SCRYPT_KEYMASTER;
1937 upgrade = 1;
1938 } else if (use_keymaster == 0 && crypt_ftr->kdf_type != KDF_SCRYPT) {
Paul Lawrencef4faa572014-01-29 13:31:03 -08001939 crypt_ftr->kdf_type = KDF_SCRYPT;
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07001940 upgrade = 1;
1941 }
1942
1943 if (upgrade) {
Paul Lawrencef4faa572014-01-29 13:31:03 -08001944 rc = encrypt_master_key(passwd, crypt_ftr->salt, saved_master_key,
1945 crypt_ftr->master_key, crypt_ftr);
JP Abgrall7bdfa522013-11-15 13:42:56 -08001946 if (!rc) {
Paul Lawrencef4faa572014-01-29 13:31:03 -08001947 rc = put_crypt_ftr_and_key(crypt_ftr);
JP Abgrall7bdfa522013-11-15 13:42:56 -08001948 }
1949 SLOGD("Key Derivation Function upgrade: rc=%d\n", rc);
Paul Lawrenceb2f682b2014-09-08 11:28:19 -07001950
1951 // Do not fail even if upgrade failed - machine is bootable
1952 // Note that if this code is ever hit, there is a *serious* problem
1953 // since KDFs should never fail. You *must* fix the kdf before
1954 // proceeding!
1955 if (rc) {
1956 SLOGW("Upgrade failed with error %d,"
1957 " but continuing with previous state",
1958 rc);
1959 rc = 0;
1960 }
JP Abgrall7bdfa522013-11-15 13:42:56 -08001961 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001962 }
1963
Paul Lawrenced0c7b172014-08-08 14:28:10 -07001964 errout:
1965 if (intermediate_key) {
1966 memset(intermediate_key, 0, intermediate_key_size);
1967 free(intermediate_key);
1968 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08001969 return rc;
1970}
1971
Ken Sumrall29d8da82011-05-18 17:20:07 -07001972/*
Jeff Sharkey9c484982015-03-31 10:35:33 -07001973 * Called by vold when it's asked to mount an encrypted external
1974 * storage volume. The incoming partition has no crypto header/footer,
1975 * as any metadata is been stored in a separate, small partition.
1976 *
1977 * out_crypto_blkdev must be MAXPATHLEN.
Ken Sumrall29d8da82011-05-18 17:20:07 -07001978 */
Jeff Sharkey9c484982015-03-31 10:35:33 -07001979int cryptfs_setup_ext_volume(const char* label, const char* real_blkdev,
1980 const unsigned char* key, int keysize, char* out_crypto_blkdev) {
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07001981 int fd = open(real_blkdev, O_RDONLY|O_CLOEXEC);
Hiroaki Miyazawa14eab552015-02-04 13:29:15 +09001982 if (fd == -1) {
Jeff Sharkey9c484982015-03-31 10:35:33 -07001983 SLOGE("Failed to open %s: %s", real_blkdev, strerror(errno));
Hiroaki Miyazawa14eab552015-02-04 13:29:15 +09001984 return -1;
1985 }
1986
1987 unsigned long nr_sec = 0;
1988 get_blkdev_size(fd, &nr_sec);
Ken Sumrall29d8da82011-05-18 17:20:07 -07001989 close(fd);
Hiroaki Miyazawa14eab552015-02-04 13:29:15 +09001990
Ken Sumrall29d8da82011-05-18 17:20:07 -07001991 if (nr_sec == 0) {
Jeff Sharkey9c484982015-03-31 10:35:33 -07001992 SLOGE("Failed to get size of %s: %s", real_blkdev, strerror(errno));
Ken Sumrall29d8da82011-05-18 17:20:07 -07001993 return -1;
1994 }
1995
Jeff Sharkey9c484982015-03-31 10:35:33 -07001996 struct crypt_mnt_ftr ext_crypt_ftr;
1997 memset(&ext_crypt_ftr, 0, sizeof(ext_crypt_ftr));
1998 ext_crypt_ftr.fs_size = nr_sec;
1999 ext_crypt_ftr.keysize = keysize;
2000 strcpy((char*) ext_crypt_ftr.crypto_type_name, "aes-cbc-essiv:sha256");
Ken Sumrall29d8da82011-05-18 17:20:07 -07002001
Jeff Sharkey9c484982015-03-31 10:35:33 -07002002 return create_crypto_blk_dev(&ext_crypt_ftr, key, real_blkdev,
2003 out_crypto_blkdev, label);
2004}
Ken Sumrall29d8da82011-05-18 17:20:07 -07002005
Jeff Sharkey9c484982015-03-31 10:35:33 -07002006/*
2007 * Called by vold when it's asked to unmount an encrypted external
2008 * storage volume.
2009 */
2010int cryptfs_revert_ext_volume(const char* label) {
2011 return delete_crypto_blk_dev((char*) label);
Ken Sumrall29d8da82011-05-18 17:20:07 -07002012}
2013
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08002014int cryptfs_crypto_complete(void)
2015{
2016 return do_crypto_complete("/data");
2017}
2018
Paul Lawrencef4faa572014-01-29 13:31:03 -08002019int check_unmounted_and_get_ftr(struct crypt_mnt_ftr* crypt_ftr)
2020{
2021 char encrypted_state[PROPERTY_VALUE_MAX];
2022 property_get("ro.crypto.state", encrypted_state, "");
2023 if ( master_key_saved || strcmp(encrypted_state, "encrypted") ) {
2024 SLOGE("encrypted fs already validated or not running with encryption,"
2025 " aborting");
2026 return -1;
2027 }
2028
2029 if (get_crypt_ftr_and_key(crypt_ftr)) {
2030 SLOGE("Error getting crypt footer and key");
2031 return -1;
2032 }
2033
2034 return 0;
2035}
2036
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002037int cryptfs_check_passwd(char *passwd)
2038{
Paul Lawrence05335c32015-03-05 09:46:23 -08002039 SLOGI("cryptfs_check_passwd");
Paul Crowley38132a12016-02-09 09:50:32 +00002040 if (e4crypt_is_native()) {
Paul Lawrence7b6b5652016-02-02 11:14:59 -08002041 SLOGE("cryptfs_check_passwd not valid for file encryption");
2042 return -1;
Paul Lawrence05335c32015-03-05 09:46:23 -08002043 }
2044
Paul Lawrencef4faa572014-01-29 13:31:03 -08002045 struct crypt_mnt_ftr crypt_ftr;
2046 int rc;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002047
Paul Lawrencef4faa572014-01-29 13:31:03 -08002048 rc = check_unmounted_and_get_ftr(&crypt_ftr);
Paul Lawrence3d99eba2015-11-20 07:07:19 -08002049 if (rc) {
2050 SLOGE("Could not get footer");
Paul Lawrencef4faa572014-01-29 13:31:03 -08002051 return rc;
Paul Lawrence3d99eba2015-11-20 07:07:19 -08002052 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002053
Paul Lawrence3bd36d52015-06-09 13:37:44 -07002054 rc = test_mount_encrypted_fs(&crypt_ftr, passwd,
Paul Lawrence3d99eba2015-11-20 07:07:19 -08002055 DATA_MNT_POINT, CRYPTO_BLOCK_DEVICE);
2056 if (rc) {
2057 SLOGE("Password did not match");
2058 return rc;
2059 }
Paul Lawrence684dbdf2014-02-07 12:07:22 -08002060
Paul Lawrence3d99eba2015-11-20 07:07:19 -08002061 if (crypt_ftr.flags & CRYPT_FORCE_COMPLETE) {
2062 // Here we have a default actual password but a real password
2063 // we must test against the scrypted value
2064 // First, we must delete the crypto block device that
2065 // test_mount_encrypted_fs leaves behind as a side effect
2066 delete_crypto_blk_dev(CRYPTO_BLOCK_DEVICE);
2067 rc = test_mount_encrypted_fs(&crypt_ftr, DEFAULT_PASSWORD,
2068 DATA_MNT_POINT, CRYPTO_BLOCK_DEVICE);
2069 if (rc) {
2070 SLOGE("Default password did not match on reboot encryption");
2071 return rc;
2072 }
2073
2074 crypt_ftr.flags &= ~CRYPT_FORCE_COMPLETE;
2075 put_crypt_ftr_and_key(&crypt_ftr);
2076 rc = cryptfs_changepw(crypt_ftr.crypt_type, passwd);
2077 if (rc) {
2078 SLOGE("Could not change password on reboot encryption");
2079 return rc;
2080 }
2081 }
2082
2083 if (crypt_ftr.crypt_type != CRYPT_TYPE_DEFAULT) {
Paul Lawrence399317e2014-03-10 13:20:50 -07002084 cryptfs_clear_password();
2085 password = strdup(passwd);
2086 struct timespec now;
2087 clock_gettime(CLOCK_BOOTTIME, &now);
2088 password_expiry_time = now.tv_sec + password_max_age_seconds;
Paul Lawrence684dbdf2014-02-07 12:07:22 -08002089 }
2090
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002091 return rc;
2092}
2093
Ken Sumrall3ad90722011-10-04 20:38:29 -07002094int cryptfs_verify_passwd(char *passwd)
2095{
2096 struct crypt_mnt_ftr crypt_ftr;
2097 /* Allocate enough space for a 256 bit key, but we may use less */
Ken Sumrall160b4d62013-04-22 12:15:39 -07002098 unsigned char decrypted_master_key[32];
Ken Sumrall3ad90722011-10-04 20:38:29 -07002099 char encrypted_state[PROPERTY_VALUE_MAX];
2100 int rc;
2101
2102 property_get("ro.crypto.state", encrypted_state, "");
2103 if (strcmp(encrypted_state, "encrypted") ) {
2104 SLOGE("device not encrypted, aborting");
2105 return -2;
2106 }
2107
2108 if (!master_key_saved) {
2109 SLOGE("encrypted fs not yet mounted, aborting");
2110 return -1;
2111 }
2112
2113 if (!saved_mount_point) {
2114 SLOGE("encrypted fs failed to save mount point, aborting");
2115 return -1;
2116 }
2117
Ken Sumrall160b4d62013-04-22 12:15:39 -07002118 if (get_crypt_ftr_and_key(&crypt_ftr)) {
Ken Sumrall3ad90722011-10-04 20:38:29 -07002119 SLOGE("Error getting crypt footer and key\n");
2120 return -1;
2121 }
2122
2123 if (crypt_ftr.flags & CRYPT_MNT_KEY_UNENCRYPTED) {
2124 /* If the device has no password, then just say the password is valid */
2125 rc = 0;
2126 } else {
Paul Lawrenced0c7b172014-08-08 14:28:10 -07002127 decrypt_master_key(passwd, decrypted_master_key, &crypt_ftr, 0, 0);
Ken Sumrall3ad90722011-10-04 20:38:29 -07002128 if (!memcmp(decrypted_master_key, saved_master_key, crypt_ftr.keysize)) {
2129 /* They match, the password is correct */
2130 rc = 0;
2131 } else {
2132 /* If incorrect, sleep for a bit to prevent dictionary attacks */
2133 sleep(1);
2134 rc = 1;
2135 }
2136 }
2137
2138 return rc;
2139}
2140
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002141/* Initialize a crypt_mnt_ftr structure. The keysize is
2142 * defaulted to 16 bytes, and the filesystem size to 0.
2143 * Presumably, at a minimum, the caller will update the
2144 * filesystem size and crypto_type_name after calling this function.
2145 */
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07002146static int cryptfs_init_crypt_mnt_ftr(struct crypt_mnt_ftr *ftr)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002147{
Ken Sumrall160b4d62013-04-22 12:15:39 -07002148 off64_t off;
2149
2150 memset(ftr, 0, sizeof(struct crypt_mnt_ftr));
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002151 ftr->magic = CRYPT_MNT_MAGIC;
Kenny Rootc96a5f82013-06-14 12:08:28 -07002152 ftr->major_version = CURRENT_MAJOR_VERSION;
2153 ftr->minor_version = CURRENT_MINOR_VERSION;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002154 ftr->ftr_size = sizeof(struct crypt_mnt_ftr);
Jason parks70a4b3f2011-01-28 10:10:47 -06002155 ftr->keysize = KEY_LEN_BYTES;
Ken Sumrall160b4d62013-04-22 12:15:39 -07002156
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07002157 switch (keymaster_check_compatibility()) {
2158 case 1:
2159 ftr->kdf_type = KDF_SCRYPT_KEYMASTER;
2160 break;
2161
2162 case 0:
2163 ftr->kdf_type = KDF_SCRYPT;
2164 break;
2165
2166 default:
2167 SLOGE("keymaster_check_compatibility failed");
2168 return -1;
2169 }
2170
Kenny Rootc4c70f12013-06-14 12:11:38 -07002171 get_device_scrypt_params(ftr);
2172
Ken Sumrall160b4d62013-04-22 12:15:39 -07002173 ftr->persist_data_size = CRYPT_PERSIST_DATA_SIZE;
2174 if (get_crypt_ftr_info(NULL, &off) == 0) {
2175 ftr->persist_data_offset[0] = off + CRYPT_FOOTER_TO_PERSIST_OFFSET;
2176 ftr->persist_data_offset[1] = off + CRYPT_FOOTER_TO_PERSIST_OFFSET +
2177 ftr->persist_data_size;
2178 }
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07002179
2180 return 0;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002181}
2182
Ken Sumrall29d8da82011-05-18 17:20:07 -07002183static int cryptfs_enable_wipe(char *crypto_blkdev, off64_t size, int type)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002184{
Ken Sumralle550f782013-08-20 13:48:23 -07002185 const char *args[10];
2186 char size_str[32]; /* Must be large enough to hold a %lld and null byte */
2187 int num_args;
2188 int status;
2189 int tmp;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002190 int rc = -1;
2191
Ken Sumrall29d8da82011-05-18 17:20:07 -07002192 if (type == EXT4_FS) {
Ken Sumralle550f782013-08-20 13:48:23 -07002193 args[0] = "/system/bin/make_ext4fs";
2194 args[1] = "-a";
2195 args[2] = "/data";
2196 args[3] = "-l";
Elliott Hughes73737162014-06-25 17:27:42 -07002197 snprintf(size_str, sizeof(size_str), "%" PRId64, size * 512);
Ken Sumralle550f782013-08-20 13:48:23 -07002198 args[4] = size_str;
2199 args[5] = crypto_blkdev;
2200 num_args = 6;
2201 SLOGI("Making empty filesystem with command %s %s %s %s %s %s\n",
2202 args[0], args[1], args[2], args[3], args[4], args[5]);
JP Abgrall62c7af32014-06-16 13:01:23 -07002203 } else if (type == F2FS_FS) {
2204 args[0] = "/system/bin/mkfs.f2fs";
2205 args[1] = "-t";
2206 args[2] = "-d1";
2207 args[3] = crypto_blkdev;
Elliott Hughes73737162014-06-25 17:27:42 -07002208 snprintf(size_str, sizeof(size_str), "%" PRId64, size);
JP Abgrall62c7af32014-06-16 13:01:23 -07002209 args[4] = size_str;
2210 num_args = 5;
2211 SLOGI("Making empty filesystem with command %s %s %s %s %s\n",
2212 args[0], args[1], args[2], args[3], args[4]);
Ken Sumrall29d8da82011-05-18 17:20:07 -07002213 } else {
2214 SLOGE("cryptfs_enable_wipe(): unknown filesystem type %d\n", type);
2215 return -1;
2216 }
2217
Ken Sumralle550f782013-08-20 13:48:23 -07002218 tmp = android_fork_execvp(num_args, (char **)args, &status, false, true);
2219
2220 if (tmp != 0) {
2221 SLOGE("Error creating empty filesystem on %s due to logwrap error\n", crypto_blkdev);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002222 } else {
Ken Sumralle550f782013-08-20 13:48:23 -07002223 if (WIFEXITED(status)) {
2224 if (WEXITSTATUS(status)) {
2225 SLOGE("Error creating filesystem on %s, exit status %d ",
2226 crypto_blkdev, WEXITSTATUS(status));
2227 } else {
2228 SLOGD("Successfully created filesystem on %s\n", crypto_blkdev);
2229 rc = 0;
2230 }
2231 } else {
2232 SLOGE("Error creating filesystem on %s, did not exit normally\n", crypto_blkdev);
2233 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002234 }
2235
2236 return rc;
2237}
2238
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002239#define CRYPT_INPLACE_BUFSIZE 4096
Paul Lawrence87999172014-02-20 12:21:31 -08002240#define CRYPT_SECTORS_PER_BUFSIZE (CRYPT_INPLACE_BUFSIZE / CRYPT_SECTOR_SIZE)
2241#define CRYPT_SECTOR_SIZE 512
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002242
2243/* aligned 32K writes tends to make flash happy.
2244 * SD card association recommends it.
2245 */
Ajay Dudani87701e22014-09-17 21:02:52 -07002246#ifndef CONFIG_HW_DISK_ENCRYPTION
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002247#define BLOCKS_AT_A_TIME 8
Ajay Dudani87701e22014-09-17 21:02:52 -07002248#else
2249#define BLOCKS_AT_A_TIME 1024
2250#endif
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002251
2252struct encryptGroupsData
2253{
2254 int realfd;
2255 int cryptofd;
2256 off64_t numblocks;
2257 off64_t one_pct, cur_pct, new_pct;
2258 off64_t blocks_already_done, tot_numblocks;
Paul Lawrence58c58cf2014-06-04 13:12:21 -07002259 off64_t used_blocks_already_done, tot_used_blocks;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002260 char* real_blkdev, * crypto_blkdev;
2261 int count;
2262 off64_t offset;
2263 char* buffer;
Paul Lawrence87999172014-02-20 12:21:31 -08002264 off64_t last_written_sector;
2265 int completed;
Paul Lawrencea96d9c92014-06-04 14:05:01 -07002266 time_t time_started;
2267 int remaining_time;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002268};
2269
Paul Lawrence58c58cf2014-06-04 13:12:21 -07002270static void update_progress(struct encryptGroupsData* data, int is_used)
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002271{
2272 data->blocks_already_done++;
Paul Lawrence58c58cf2014-06-04 13:12:21 -07002273
2274 if (is_used) {
2275 data->used_blocks_already_done++;
2276 }
Paul Lawrence58c58cf2014-06-04 13:12:21 -07002277 if (data->tot_used_blocks) {
2278 data->new_pct = data->used_blocks_already_done / data->one_pct;
2279 } else {
2280 data->new_pct = data->blocks_already_done / data->one_pct;
2281 }
2282
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002283 if (data->new_pct > data->cur_pct) {
2284 char buf[8];
2285 data->cur_pct = data->new_pct;
Elliott Hughescb33f572014-06-25 18:25:11 -07002286 snprintf(buf, sizeof(buf), "%" PRId64, data->cur_pct);
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002287 property_set("vold.encrypt_progress", buf);
2288 }
Paul Lawrencea96d9c92014-06-04 14:05:01 -07002289
2290 if (data->cur_pct >= 5) {
Paul Lawrence9c58a872014-09-30 09:12:51 -07002291 struct timespec time_now;
2292 if (clock_gettime(CLOCK_MONOTONIC, &time_now)) {
2293 SLOGW("Error getting time");
2294 } else {
2295 double elapsed_time = difftime(time_now.tv_sec, data->time_started);
2296 off64_t remaining_blocks = data->tot_used_blocks
2297 - data->used_blocks_already_done;
2298 int remaining_time = (int)(elapsed_time * remaining_blocks
2299 / data->used_blocks_already_done);
Paul Lawrence71577502014-08-13 14:55:55 -07002300
Paul Lawrence9c58a872014-09-30 09:12:51 -07002301 // Change time only if not yet set, lower, or a lot higher for
2302 // best user experience
2303 if (data->remaining_time == -1
2304 || remaining_time < data->remaining_time
2305 || remaining_time > data->remaining_time + 60) {
2306 char buf[8];
2307 snprintf(buf, sizeof(buf), "%d", remaining_time);
2308 property_set("vold.encrypt_time_remaining", buf);
2309 data->remaining_time = remaining_time;
2310 }
Paul Lawrencea96d9c92014-06-04 14:05:01 -07002311 }
2312 }
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002313}
2314
Paul Lawrence3846be12014-09-22 11:33:54 -07002315static void log_progress(struct encryptGroupsData const* data, bool completed)
2316{
2317 // Precondition - if completed data = 0 else data != 0
2318
2319 // Track progress so we can skip logging blocks
2320 static off64_t offset = -1;
2321
2322 // Need to close existing 'Encrypting from' log?
2323 if (completed || (offset != -1 && data->offset != offset)) {
2324 SLOGI("Encrypted to sector %" PRId64,
2325 offset / info.block_size * CRYPT_SECTOR_SIZE);
2326 offset = -1;
2327 }
2328
2329 // Need to start new 'Encrypting from' log?
2330 if (!completed && offset != data->offset) {
2331 SLOGI("Encrypting from sector %" PRId64,
2332 data->offset / info.block_size * CRYPT_SECTOR_SIZE);
2333 }
2334
2335 // Update offset
2336 if (!completed) {
2337 offset = data->offset + (off64_t)data->count * info.block_size;
2338 }
2339}
2340
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002341static int flush_outstanding_data(struct encryptGroupsData* data)
2342{
2343 if (data->count == 0) {
2344 return 0;
2345 }
2346
Elliott Hughes231bdba2014-06-25 18:36:19 -07002347 SLOGV("Copying %d blocks at offset %" PRIx64, data->count, data->offset);
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002348
2349 if (pread64(data->realfd, data->buffer,
2350 info.block_size * data->count, data->offset)
2351 <= 0) {
2352 SLOGE("Error reading real_blkdev %s for inplace encrypt",
2353 data->real_blkdev);
2354 return -1;
2355 }
2356
2357 if (pwrite64(data->cryptofd, data->buffer,
2358 info.block_size * data->count, data->offset)
2359 <= 0) {
2360 SLOGE("Error writing crypto_blkdev %s for inplace encrypt",
2361 data->crypto_blkdev);
2362 return -1;
Paul Lawrence87999172014-02-20 12:21:31 -08002363 } else {
Paul Lawrence3846be12014-09-22 11:33:54 -07002364 log_progress(data, false);
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002365 }
2366
2367 data->count = 0;
Paul Lawrence87999172014-02-20 12:21:31 -08002368 data->last_written_sector = (data->offset + data->count)
2369 / info.block_size * CRYPT_SECTOR_SIZE - 1;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002370 return 0;
2371}
2372
2373static int encrypt_groups(struct encryptGroupsData* data)
2374{
2375 unsigned int i;
2376 u8 *block_bitmap = 0;
2377 unsigned int block;
2378 off64_t ret;
2379 int rc = -1;
2380
2381 data->buffer = malloc(info.block_size * BLOCKS_AT_A_TIME);
2382 if (!data->buffer) {
2383 SLOGE("Failed to allocate crypto buffer");
2384 goto errout;
2385 }
2386
2387 block_bitmap = malloc(info.block_size);
2388 if (!block_bitmap) {
2389 SLOGE("failed to allocate block bitmap");
2390 goto errout;
2391 }
2392
2393 for (i = 0; i < aux_info.groups; ++i) {
2394 SLOGI("Encrypting group %d", i);
2395
2396 u32 first_block = aux_info.first_data_block + i * info.blocks_per_group;
2397 u32 block_count = min(info.blocks_per_group,
2398 aux_info.len_blocks - first_block);
2399
2400 off64_t offset = (u64)info.block_size
2401 * aux_info.bg_desc[i].bg_block_bitmap;
2402
2403 ret = pread64(data->realfd, block_bitmap, info.block_size, offset);
2404 if (ret != (int)info.block_size) {
2405 SLOGE("failed to read all of block group bitmap %d", i);
2406 goto errout;
2407 }
2408
2409 offset = (u64)info.block_size * first_block;
2410
2411 data->count = 0;
2412
2413 for (block = 0; block < block_count; block++) {
liminghaoaa08e582016-01-06 10:30:49 +08002414 int used = (aux_info.bg_desc[i].bg_flags & EXT4_BG_BLOCK_UNINIT) ?
2415 0 : bitmap_get_bit(block_bitmap, block);
Paul Lawrence58c58cf2014-06-04 13:12:21 -07002416 update_progress(data, used);
2417 if (used) {
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002418 if (data->count == 0) {
2419 data->offset = offset;
2420 }
2421 data->count++;
2422 } else {
2423 if (flush_outstanding_data(data)) {
2424 goto errout;
2425 }
2426 }
2427
2428 offset += info.block_size;
2429
2430 /* Write data if we are aligned or buffer size reached */
2431 if (offset % (info.block_size * BLOCKS_AT_A_TIME) == 0
2432 || data->count == BLOCKS_AT_A_TIME) {
2433 if (flush_outstanding_data(data)) {
2434 goto errout;
2435 }
2436 }
Paul Lawrence87999172014-02-20 12:21:31 -08002437
Paul Lawrence73d7a022014-06-09 14:10:09 -07002438 if (!is_battery_ok_to_continue()) {
Paul Lawrence87999172014-02-20 12:21:31 -08002439 SLOGE("Stopping encryption due to low battery");
2440 rc = 0;
2441 goto errout;
2442 }
2443
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002444 }
2445 if (flush_outstanding_data(data)) {
2446 goto errout;
2447 }
2448 }
2449
Paul Lawrence87999172014-02-20 12:21:31 -08002450 data->completed = 1;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002451 rc = 0;
2452
2453errout:
Paul Lawrence3846be12014-09-22 11:33:54 -07002454 log_progress(0, true);
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002455 free(data->buffer);
2456 free(block_bitmap);
2457 return rc;
2458}
2459
2460static int cryptfs_enable_inplace_ext4(char *crypto_blkdev,
2461 char *real_blkdev,
2462 off64_t size,
2463 off64_t *size_already_done,
Paul Lawrence87999172014-02-20 12:21:31 -08002464 off64_t tot_size,
2465 off64_t previously_encrypted_upto)
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002466{
Paul Lawrence58c58cf2014-06-04 13:12:21 -07002467 u32 i;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002468 struct encryptGroupsData data;
Paul Lawrence74f29f12014-08-28 15:54:10 -07002469 int rc; // Can't initialize without causing warning -Wclobbered
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002470
Paul Lawrence87999172014-02-20 12:21:31 -08002471 if (previously_encrypted_upto > *size_already_done) {
2472 SLOGD("Not fast encrypting since resuming part way through");
2473 return -1;
2474 }
2475
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002476 memset(&data, 0, sizeof(data));
2477 data.real_blkdev = real_blkdev;
2478 data.crypto_blkdev = crypto_blkdev;
2479
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07002480 if ( (data.realfd = open(real_blkdev, O_RDWR|O_CLOEXEC)) < 0) {
JP Abgrall3334c6a2014-10-10 15:52:11 -07002481 SLOGE("Error opening real_blkdev %s for inplace encrypt. err=%d(%s)\n",
2482 real_blkdev, errno, strerror(errno));
Paul Lawrence74f29f12014-08-28 15:54:10 -07002483 rc = -1;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002484 goto errout;
2485 }
2486
David Ng82fd8042015-01-21 13:55:21 -08002487 // Wait until the block device appears. Re-use the mount retry values since it is reasonable.
2488 int retries = RETRY_MOUNT_ATTEMPTS;
2489 while ((data.cryptofd = open(crypto_blkdev, O_WRONLY|O_CLOEXEC)) < 0) {
2490 if (--retries) {
2491 SLOGE("Error opening crypto_blkdev %s for ext4 inplace encrypt. err=%d(%s), retrying\n",
2492 crypto_blkdev, errno, strerror(errno));
2493 sleep(RETRY_MOUNT_DELAY_SECONDS);
2494 } else {
2495 SLOGE("Error opening crypto_blkdev %s for ext4 inplace encrypt. err=%d(%s)\n",
2496 crypto_blkdev, errno, strerror(errno));
2497 rc = ENABLE_INPLACE_ERR_DEV;
2498 goto errout;
2499 }
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002500 }
2501
2502 if (setjmp(setjmp_env)) {
JP Abgrall7fc1de82014-10-10 18:43:41 -07002503 SLOGE("Reading ext4 extent caused an exception\n");
Paul Lawrence74f29f12014-08-28 15:54:10 -07002504 rc = -1;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002505 goto errout;
2506 }
2507
2508 if (read_ext(data.realfd, 0) != 0) {
JP Abgrall7fc1de82014-10-10 18:43:41 -07002509 SLOGE("Failed to read ext4 extent\n");
Paul Lawrence74f29f12014-08-28 15:54:10 -07002510 rc = -1;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002511 goto errout;
2512 }
2513
2514 data.numblocks = size / CRYPT_SECTORS_PER_BUFSIZE;
2515 data.tot_numblocks = tot_size / CRYPT_SECTORS_PER_BUFSIZE;
2516 data.blocks_already_done = *size_already_done / CRYPT_SECTORS_PER_BUFSIZE;
2517
JP Abgrall7fc1de82014-10-10 18:43:41 -07002518 SLOGI("Encrypting ext4 filesystem in place...");
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002519
Paul Lawrence58c58cf2014-06-04 13:12:21 -07002520 data.tot_used_blocks = data.numblocks;
2521 for (i = 0; i < aux_info.groups; ++i) {
2522 data.tot_used_blocks -= aux_info.bg_desc[i].bg_free_blocks_count;
2523 }
2524
2525 data.one_pct = data.tot_used_blocks / 100;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002526 data.cur_pct = 0;
Paul Lawrence9c58a872014-09-30 09:12:51 -07002527
2528 struct timespec time_started = {0};
2529 if (clock_gettime(CLOCK_MONOTONIC, &time_started)) {
2530 SLOGW("Error getting time at start");
2531 // Note - continue anyway - we'll run with 0
2532 }
2533 data.time_started = time_started.tv_sec;
Paul Lawrencea96d9c92014-06-04 14:05:01 -07002534 data.remaining_time = -1;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002535
2536 rc = encrypt_groups(&data);
2537 if (rc) {
2538 SLOGE("Error encrypting groups");
2539 goto errout;
2540 }
2541
Paul Lawrence87999172014-02-20 12:21:31 -08002542 *size_already_done += data.completed ? size : data.last_written_sector;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002543 rc = 0;
2544
2545errout:
2546 close(data.realfd);
2547 close(data.cryptofd);
2548
2549 return rc;
2550}
2551
Paul Lawrence3846be12014-09-22 11:33:54 -07002552static void log_progress_f2fs(u64 block, bool completed)
2553{
2554 // Precondition - if completed data = 0 else data != 0
2555
2556 // Track progress so we can skip logging blocks
2557 static u64 last_block = (u64)-1;
2558
2559 // Need to close existing 'Encrypting from' log?
2560 if (completed || (last_block != (u64)-1 && block != last_block + 1)) {
2561 SLOGI("Encrypted to block %" PRId64, last_block);
2562 last_block = -1;
2563 }
2564
2565 // Need to start new 'Encrypting from' log?
2566 if (!completed && (last_block == (u64)-1 || block != last_block + 1)) {
2567 SLOGI("Encrypting from block %" PRId64, block);
2568 }
2569
2570 // Update offset
2571 if (!completed) {
2572 last_block = block;
2573 }
2574}
2575
Daniel Rosenberge82df162014-08-15 22:19:23 +00002576static int encrypt_one_block_f2fs(u64 pos, void *data)
2577{
2578 struct encryptGroupsData *priv_dat = (struct encryptGroupsData *)data;
2579
2580 priv_dat->blocks_already_done = pos - 1;
2581 update_progress(priv_dat, 1);
2582
2583 off64_t offset = pos * CRYPT_INPLACE_BUFSIZE;
2584
2585 if (pread64(priv_dat->realfd, priv_dat->buffer, CRYPT_INPLACE_BUFSIZE, offset) <= 0) {
JP Abgrall7fc1de82014-10-10 18:43:41 -07002586 SLOGE("Error reading real_blkdev %s for f2fs inplace encrypt", priv_dat->crypto_blkdev);
Daniel Rosenberge82df162014-08-15 22:19:23 +00002587 return -1;
2588 }
2589
2590 if (pwrite64(priv_dat->cryptofd, priv_dat->buffer, CRYPT_INPLACE_BUFSIZE, offset) <= 0) {
JP Abgrall7fc1de82014-10-10 18:43:41 -07002591 SLOGE("Error writing crypto_blkdev %s for f2fs inplace encrypt", priv_dat->crypto_blkdev);
Daniel Rosenberge82df162014-08-15 22:19:23 +00002592 return -1;
2593 } else {
Paul Lawrence3846be12014-09-22 11:33:54 -07002594 log_progress_f2fs(pos, false);
Daniel Rosenberge82df162014-08-15 22:19:23 +00002595 }
2596
2597 return 0;
2598}
2599
2600static int cryptfs_enable_inplace_f2fs(char *crypto_blkdev,
2601 char *real_blkdev,
2602 off64_t size,
2603 off64_t *size_already_done,
2604 off64_t tot_size,
2605 off64_t previously_encrypted_upto)
2606{
Daniel Rosenberge82df162014-08-15 22:19:23 +00002607 struct encryptGroupsData data;
2608 struct f2fs_info *f2fs_info = NULL;
JP Abgrall7fc1de82014-10-10 18:43:41 -07002609 int rc = ENABLE_INPLACE_ERR_OTHER;
Daniel Rosenberge82df162014-08-15 22:19:23 +00002610 if (previously_encrypted_upto > *size_already_done) {
2611 SLOGD("Not fast encrypting since resuming part way through");
JP Abgrall7fc1de82014-10-10 18:43:41 -07002612 return ENABLE_INPLACE_ERR_OTHER;
Daniel Rosenberge82df162014-08-15 22:19:23 +00002613 }
2614 memset(&data, 0, sizeof(data));
2615 data.real_blkdev = real_blkdev;
2616 data.crypto_blkdev = crypto_blkdev;
2617 data.realfd = -1;
2618 data.cryptofd = -1;
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07002619 if ( (data.realfd = open64(real_blkdev, O_RDWR|O_CLOEXEC)) < 0) {
JP Abgrall7fc1de82014-10-10 18:43:41 -07002620 SLOGE("Error opening real_blkdev %s for f2fs inplace encrypt\n",
Daniel Rosenberge82df162014-08-15 22:19:23 +00002621 real_blkdev);
2622 goto errout;
2623 }
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07002624 if ( (data.cryptofd = open64(crypto_blkdev, O_WRONLY|O_CLOEXEC)) < 0) {
JP Abgrall7fc1de82014-10-10 18:43:41 -07002625 SLOGE("Error opening crypto_blkdev %s for f2fs inplace encrypt. err=%d(%s)\n",
JP Abgrall3334c6a2014-10-10 15:52:11 -07002626 crypto_blkdev, errno, strerror(errno));
JP Abgrall7fc1de82014-10-10 18:43:41 -07002627 rc = ENABLE_INPLACE_ERR_DEV;
Daniel Rosenberge82df162014-08-15 22:19:23 +00002628 goto errout;
2629 }
2630
2631 f2fs_info = generate_f2fs_info(data.realfd);
2632 if (!f2fs_info)
2633 goto errout;
2634
2635 data.numblocks = size / CRYPT_SECTORS_PER_BUFSIZE;
2636 data.tot_numblocks = tot_size / CRYPT_SECTORS_PER_BUFSIZE;
2637 data.blocks_already_done = *size_already_done / CRYPT_SECTORS_PER_BUFSIZE;
2638
2639 data.tot_used_blocks = get_num_blocks_used(f2fs_info);
2640
2641 data.one_pct = data.tot_used_blocks / 100;
2642 data.cur_pct = 0;
2643 data.time_started = time(NULL);
2644 data.remaining_time = -1;
2645
2646 data.buffer = malloc(f2fs_info->block_size);
2647 if (!data.buffer) {
2648 SLOGE("Failed to allocate crypto buffer");
2649 goto errout;
2650 }
2651
2652 data.count = 0;
2653
2654 /* Currently, this either runs to completion, or hits a nonrecoverable error */
2655 rc = run_on_used_blocks(data.blocks_already_done, f2fs_info, &encrypt_one_block_f2fs, &data);
2656
2657 if (rc) {
JP Abgrall7fc1de82014-10-10 18:43:41 -07002658 SLOGE("Error in running over f2fs blocks");
2659 rc = ENABLE_INPLACE_ERR_OTHER;
Daniel Rosenberge82df162014-08-15 22:19:23 +00002660 goto errout;
2661 }
2662
2663 *size_already_done += size;
2664 rc = 0;
2665
2666errout:
2667 if (rc)
2668 SLOGE("Failed to encrypt f2fs filesystem on %s", real_blkdev);
2669
Paul Lawrence3846be12014-09-22 11:33:54 -07002670 log_progress_f2fs(0, true);
Daniel Rosenberge82df162014-08-15 22:19:23 +00002671 free(f2fs_info);
2672 free(data.buffer);
2673 close(data.realfd);
2674 close(data.cryptofd);
2675
2676 return rc;
2677}
2678
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002679static int cryptfs_enable_inplace_full(char *crypto_blkdev, char *real_blkdev,
2680 off64_t size, off64_t *size_already_done,
Paul Lawrence87999172014-02-20 12:21:31 -08002681 off64_t tot_size,
2682 off64_t previously_encrypted_upto)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002683{
2684 int realfd, cryptofd;
2685 char *buf[CRYPT_INPLACE_BUFSIZE];
JP Abgrall7fc1de82014-10-10 18:43:41 -07002686 int rc = ENABLE_INPLACE_ERR_OTHER;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002687 off64_t numblocks, i, remainder;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002688 off64_t one_pct, cur_pct, new_pct;
Ken Sumrall29d8da82011-05-18 17:20:07 -07002689 off64_t blocks_already_done, tot_numblocks;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002690
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07002691 if ( (realfd = open(real_blkdev, O_RDONLY|O_CLOEXEC)) < 0) {
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002692 SLOGE("Error opening real_blkdev %s for inplace encrypt\n", real_blkdev);
JP Abgrall7fc1de82014-10-10 18:43:41 -07002693 return ENABLE_INPLACE_ERR_OTHER;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002694 }
2695
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07002696 if ( (cryptofd = open(crypto_blkdev, O_WRONLY|O_CLOEXEC)) < 0) {
JP Abgrall3334c6a2014-10-10 15:52:11 -07002697 SLOGE("Error opening crypto_blkdev %s for inplace encrypt. err=%d(%s)\n",
2698 crypto_blkdev, errno, strerror(errno));
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002699 close(realfd);
JP Abgrall7fc1de82014-10-10 18:43:41 -07002700 return ENABLE_INPLACE_ERR_DEV;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002701 }
2702
2703 /* This is pretty much a simple loop of reading 4K, and writing 4K.
2704 * The size passed in is the number of 512 byte sectors in the filesystem.
2705 * So compute the number of whole 4K blocks we should read/write,
2706 * and the remainder.
2707 */
2708 numblocks = size / CRYPT_SECTORS_PER_BUFSIZE;
2709 remainder = size % CRYPT_SECTORS_PER_BUFSIZE;
Ken Sumrall29d8da82011-05-18 17:20:07 -07002710 tot_numblocks = tot_size / CRYPT_SECTORS_PER_BUFSIZE;
2711 blocks_already_done = *size_already_done / CRYPT_SECTORS_PER_BUFSIZE;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002712
2713 SLOGE("Encrypting filesystem in place...");
2714
Paul Lawrence87999172014-02-20 12:21:31 -08002715 i = previously_encrypted_upto + 1 - *size_already_done;
2716
2717 if (lseek64(realfd, i * CRYPT_SECTOR_SIZE, SEEK_SET) < 0) {
2718 SLOGE("Cannot seek to previously encrypted point on %s", real_blkdev);
2719 goto errout;
2720 }
2721
2722 if (lseek64(cryptofd, i * CRYPT_SECTOR_SIZE, SEEK_SET) < 0) {
2723 SLOGE("Cannot seek to previously encrypted point on %s", crypto_blkdev);
2724 goto errout;
2725 }
2726
2727 for (;i < size && i % CRYPT_SECTORS_PER_BUFSIZE != 0; ++i) {
2728 if (unix_read(realfd, buf, CRYPT_SECTOR_SIZE) <= 0) {
2729 SLOGE("Error reading initial sectors from real_blkdev %s for "
2730 "inplace encrypt\n", crypto_blkdev);
2731 goto errout;
2732 }
2733 if (unix_write(cryptofd, buf, CRYPT_SECTOR_SIZE) <= 0) {
2734 SLOGE("Error writing initial sectors to crypto_blkdev %s for "
2735 "inplace encrypt\n", crypto_blkdev);
2736 goto errout;
2737 } else {
Elliott Hughescb33f572014-06-25 18:25:11 -07002738 SLOGI("Encrypted 1 block at %" PRId64, i);
Paul Lawrence87999172014-02-20 12:21:31 -08002739 }
2740 }
2741
Ken Sumrall29d8da82011-05-18 17:20:07 -07002742 one_pct = tot_numblocks / 100;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002743 cur_pct = 0;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002744 /* process the majority of the filesystem in blocks */
Paul Lawrence87999172014-02-20 12:21:31 -08002745 for (i/=CRYPT_SECTORS_PER_BUFSIZE; i<numblocks; i++) {
Ken Sumrall29d8da82011-05-18 17:20:07 -07002746 new_pct = (i + blocks_already_done) / one_pct;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002747 if (new_pct > cur_pct) {
2748 char buf[8];
2749
2750 cur_pct = new_pct;
Elliott Hughes73737162014-06-25 17:27:42 -07002751 snprintf(buf, sizeof(buf), "%" PRId64, cur_pct);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002752 property_set("vold.encrypt_progress", buf);
2753 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002754 if (unix_read(realfd, buf, CRYPT_INPLACE_BUFSIZE) <= 0) {
Paul Lawrence87999172014-02-20 12:21:31 -08002755 SLOGE("Error reading real_blkdev %s for inplace encrypt", crypto_blkdev);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002756 goto errout;
2757 }
2758 if (unix_write(cryptofd, buf, CRYPT_INPLACE_BUFSIZE) <= 0) {
Paul Lawrence87999172014-02-20 12:21:31 -08002759 SLOGE("Error writing crypto_blkdev %s for inplace encrypt", crypto_blkdev);
2760 goto errout;
2761 } else {
Elliott Hughescb33f572014-06-25 18:25:11 -07002762 SLOGD("Encrypted %d block at %" PRId64,
Paul Lawrence87999172014-02-20 12:21:31 -08002763 CRYPT_SECTORS_PER_BUFSIZE,
2764 i * CRYPT_SECTORS_PER_BUFSIZE);
2765 }
2766
Paul Lawrence73d7a022014-06-09 14:10:09 -07002767 if (!is_battery_ok_to_continue()) {
Paul Lawrence87999172014-02-20 12:21:31 -08002768 SLOGE("Stopping encryption due to low battery");
2769 *size_already_done += (i + 1) * CRYPT_SECTORS_PER_BUFSIZE - 1;
2770 rc = 0;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002771 goto errout;
2772 }
2773 }
2774
2775 /* Do any remaining sectors */
2776 for (i=0; i<remainder; i++) {
Paul Lawrence87999172014-02-20 12:21:31 -08002777 if (unix_read(realfd, buf, CRYPT_SECTOR_SIZE) <= 0) {
2778 SLOGE("Error reading final sectors from real_blkdev %s for inplace encrypt", crypto_blkdev);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002779 goto errout;
2780 }
Paul Lawrence87999172014-02-20 12:21:31 -08002781 if (unix_write(cryptofd, buf, CRYPT_SECTOR_SIZE) <= 0) {
2782 SLOGE("Error writing final sectors to crypto_blkdev %s for inplace encrypt", crypto_blkdev);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002783 goto errout;
Paul Lawrence87999172014-02-20 12:21:31 -08002784 } else {
2785 SLOGI("Encrypted 1 block at next location");
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002786 }
2787 }
2788
Ken Sumrall29d8da82011-05-18 17:20:07 -07002789 *size_already_done += size;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002790 rc = 0;
2791
2792errout:
2793 close(realfd);
2794 close(cryptofd);
2795
2796 return rc;
2797}
2798
JP Abgrall7fc1de82014-10-10 18:43:41 -07002799/* returns on of the ENABLE_INPLACE_* return codes */
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002800static int cryptfs_enable_inplace(char *crypto_blkdev, char *real_blkdev,
2801 off64_t size, off64_t *size_already_done,
Paul Lawrence87999172014-02-20 12:21:31 -08002802 off64_t tot_size,
2803 off64_t previously_encrypted_upto)
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002804{
JP Abgrall7fc1de82014-10-10 18:43:41 -07002805 int rc_ext4, rc_f2fs, rc_full;
Paul Lawrence87999172014-02-20 12:21:31 -08002806 if (previously_encrypted_upto) {
Elliott Hughescb33f572014-06-25 18:25:11 -07002807 SLOGD("Continuing encryption from %" PRId64, previously_encrypted_upto);
Paul Lawrence87999172014-02-20 12:21:31 -08002808 }
2809
2810 if (*size_already_done + size < previously_encrypted_upto) {
2811 *size_already_done += size;
2812 return 0;
2813 }
2814
Daniel Rosenberge82df162014-08-15 22:19:23 +00002815 /* TODO: identify filesystem type.
2816 * As is, cryptfs_enable_inplace_ext4 will fail on an f2fs partition, and
2817 * then we will drop down to cryptfs_enable_inplace_f2fs.
2818 * */
JP Abgrall7fc1de82014-10-10 18:43:41 -07002819 if ((rc_ext4 = cryptfs_enable_inplace_ext4(crypto_blkdev, real_blkdev,
Daniel Rosenberge82df162014-08-15 22:19:23 +00002820 size, size_already_done,
JP Abgrall7fc1de82014-10-10 18:43:41 -07002821 tot_size, previously_encrypted_upto)) == 0) {
Daniel Rosenberge82df162014-08-15 22:19:23 +00002822 return 0;
2823 }
JP Abgrall7fc1de82014-10-10 18:43:41 -07002824 SLOGD("cryptfs_enable_inplace_ext4()=%d\n", rc_ext4);
Daniel Rosenberge82df162014-08-15 22:19:23 +00002825
JP Abgrall7fc1de82014-10-10 18:43:41 -07002826 if ((rc_f2fs = cryptfs_enable_inplace_f2fs(crypto_blkdev, real_blkdev,
Daniel Rosenberge82df162014-08-15 22:19:23 +00002827 size, size_already_done,
JP Abgrall7fc1de82014-10-10 18:43:41 -07002828 tot_size, previously_encrypted_upto)) == 0) {
Daniel Rosenberge82df162014-08-15 22:19:23 +00002829 return 0;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002830 }
JP Abgrall7fc1de82014-10-10 18:43:41 -07002831 SLOGD("cryptfs_enable_inplace_f2fs()=%d\n", rc_f2fs);
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002832
JP Abgrall7fc1de82014-10-10 18:43:41 -07002833 rc_full = cryptfs_enable_inplace_full(crypto_blkdev, real_blkdev,
Paul Lawrence87999172014-02-20 12:21:31 -08002834 size, size_already_done, tot_size,
2835 previously_encrypted_upto);
JP Abgrall7fc1de82014-10-10 18:43:41 -07002836 SLOGD("cryptfs_enable_inplace_full()=%d\n", rc_full);
2837
2838 /* Hack for b/17898962, the following is the symptom... */
2839 if (rc_ext4 == ENABLE_INPLACE_ERR_DEV
2840 && rc_f2fs == ENABLE_INPLACE_ERR_DEV
2841 && rc_full == ENABLE_INPLACE_ERR_DEV) {
2842 return ENABLE_INPLACE_ERR_DEV;
2843 }
2844 return rc_full;
Paul Lawrenceae59fe62014-01-21 08:23:27 -08002845}
2846
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002847#define CRYPTO_ENABLE_WIPE 1
2848#define CRYPTO_ENABLE_INPLACE 2
Ken Sumrall8ddbe402011-01-17 15:26:29 -08002849
2850#define FRAMEWORK_BOOT_WAIT 60
2851
Paul Lawrence87999172014-02-20 12:21:31 -08002852static int cryptfs_SHA256_fileblock(const char* filename, __le8* buf)
2853{
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07002854 int fd = open(filename, O_RDONLY|O_CLOEXEC);
Paul Lawrence87999172014-02-20 12:21:31 -08002855 if (fd == -1) {
2856 SLOGE("Error opening file %s", filename);
2857 return -1;
2858 }
2859
2860 char block[CRYPT_INPLACE_BUFSIZE];
2861 memset(block, 0, sizeof(block));
2862 if (unix_read(fd, block, sizeof(block)) < 0) {
2863 SLOGE("Error reading file %s", filename);
2864 close(fd);
2865 return -1;
2866 }
2867
2868 close(fd);
2869
2870 SHA256_CTX c;
2871 SHA256_Init(&c);
2872 SHA256_Update(&c, block, sizeof(block));
2873 SHA256_Final(buf, &c);
2874
2875 return 0;
2876}
2877
JP Abgrall62c7af32014-06-16 13:01:23 -07002878static int get_fs_type(struct fstab_rec *rec)
2879{
2880 if (!strcmp(rec->fs_type, "ext4")) {
2881 return EXT4_FS;
2882 } else if (!strcmp(rec->fs_type, "f2fs")) {
2883 return F2FS_FS;
2884 } else {
2885 return -1;
2886 }
2887}
2888
Paul Lawrence87999172014-02-20 12:21:31 -08002889static int cryptfs_enable_all_volumes(struct crypt_mnt_ftr *crypt_ftr, int how,
2890 char *crypto_blkdev, char *real_blkdev,
2891 int previously_encrypted_upto)
2892{
2893 off64_t cur_encryption_done=0, tot_encryption_size=0;
Tim Murray8439dc92014-12-15 11:56:11 -08002894 int rc = -1;
Paul Lawrence87999172014-02-20 12:21:31 -08002895
Paul Lawrence73d7a022014-06-09 14:10:09 -07002896 if (!is_battery_ok_to_start()) {
2897 SLOGW("Not starting encryption due to low battery");
Paul Lawrence87999172014-02-20 12:21:31 -08002898 return 0;
2899 }
2900
2901 /* The size of the userdata partition, and add in the vold volumes below */
2902 tot_encryption_size = crypt_ftr->fs_size;
2903
2904 if (how == CRYPTO_ENABLE_WIPE) {
JP Abgrall62c7af32014-06-16 13:01:23 -07002905 struct fstab_rec* rec = fs_mgr_get_entry_for_mount_point(fstab, DATA_MNT_POINT);
2906 int fs_type = get_fs_type(rec);
2907 if (fs_type < 0) {
2908 SLOGE("cryptfs_enable: unsupported fs type %s\n", rec->fs_type);
2909 return -1;
2910 }
2911 rc = cryptfs_enable_wipe(crypto_blkdev, crypt_ftr->fs_size, fs_type);
Paul Lawrence87999172014-02-20 12:21:31 -08002912 } else if (how == CRYPTO_ENABLE_INPLACE) {
2913 rc = cryptfs_enable_inplace(crypto_blkdev, real_blkdev,
2914 crypt_ftr->fs_size, &cur_encryption_done,
2915 tot_encryption_size,
2916 previously_encrypted_upto);
2917
JP Abgrall7fc1de82014-10-10 18:43:41 -07002918 if (rc == ENABLE_INPLACE_ERR_DEV) {
2919 /* Hack for b/17898962 */
2920 SLOGE("cryptfs_enable: crypto block dev failure. Must reboot...\n");
2921 cryptfs_reboot(reboot);
2922 }
2923
Paul Lawrence73d7a022014-06-09 14:10:09 -07002924 if (!rc) {
Paul Lawrence87999172014-02-20 12:21:31 -08002925 crypt_ftr->encrypted_upto = cur_encryption_done;
2926 }
2927
Paul Lawrence73d7a022014-06-09 14:10:09 -07002928 if (!rc && crypt_ftr->encrypted_upto == crypt_ftr->fs_size) {
Paul Lawrence87999172014-02-20 12:21:31 -08002929 /* The inplace routine never actually sets the progress to 100% due
2930 * to the round down nature of integer division, so set it here */
2931 property_set("vold.encrypt_progress", "100");
2932 }
2933 } else {
2934 /* Shouldn't happen */
2935 SLOGE("cryptfs_enable: internal error, unknown option\n");
2936 rc = -1;
2937 }
2938
2939 return rc;
2940}
2941
Paul Lawrence13486032014-02-03 13:28:11 -08002942int cryptfs_enable_internal(char *howarg, int crypt_type, char *passwd,
Paul Lawrence569649f2015-09-09 12:13:00 -07002943 int no_ui)
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002944{
2945 int how = 0;
Paul Lawrence87999172014-02-20 12:21:31 -08002946 char crypto_blkdev[MAXPATHLEN], real_blkdev[MAXPATHLEN];
Ken Sumrall160b4d62013-04-22 12:15:39 -07002947 unsigned char decrypted_master_key[KEY_LEN_BYTES];
Hiroaki Miyazawa14eab552015-02-04 13:29:15 +09002948 int rc=-1, i;
Paul Lawrence87999172014-02-20 12:21:31 -08002949 struct crypt_mnt_ftr crypt_ftr;
Ken Sumrall160b4d62013-04-22 12:15:39 -07002950 struct crypt_persist_data *pdata;
Ken Sumrall29d8da82011-05-18 17:20:07 -07002951 char encrypted_state[PROPERTY_VALUE_MAX];
Ken Sumrall5d4c68e2011-01-30 19:06:03 -08002952 char lockid[32] = { 0 };
Ken Sumrall29d8da82011-05-18 17:20:07 -07002953 char key_loc[PROPERTY_VALUE_MAX];
Ken Sumrall29d8da82011-05-18 17:20:07 -07002954 int num_vols;
Paul Lawrence87999172014-02-20 12:21:31 -08002955 off64_t previously_encrypted_upto = 0;
Paul Lawrence3d99eba2015-11-20 07:07:19 -08002956 bool rebootEncryption = false;
Ken Sumrall29d8da82011-05-18 17:20:07 -07002957
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002958 if (!strcmp(howarg, "wipe")) {
2959 how = CRYPTO_ENABLE_WIPE;
2960 } else if (! strcmp(howarg, "inplace")) {
2961 how = CRYPTO_ENABLE_INPLACE;
2962 } else {
2963 /* Shouldn't happen, as CommandListener vets the args */
Ken Sumrall3ed82362011-01-28 23:31:16 -08002964 goto error_unencrypted;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08002965 }
2966
Paul Lawrence87999172014-02-20 12:21:31 -08002967 if (how == CRYPTO_ENABLE_INPLACE
Paul Lawrence3d99eba2015-11-20 07:07:19 -08002968 && get_crypt_ftr_and_key(&crypt_ftr) == 0) {
2969 if (crypt_ftr.flags & CRYPT_ENCRYPTION_IN_PROGRESS) {
2970 /* An encryption was underway and was interrupted */
2971 previously_encrypted_upto = crypt_ftr.encrypted_upto;
2972 crypt_ftr.encrypted_upto = 0;
2973 crypt_ftr.flags &= ~CRYPT_ENCRYPTION_IN_PROGRESS;
Paul Lawrence6bfed202014-07-28 12:47:22 -07002974
Paul Lawrence3d99eba2015-11-20 07:07:19 -08002975 /* At this point, we are in an inconsistent state. Until we successfully
2976 complete encryption, a reboot will leave us broken. So mark the
2977 encryption failed in case that happens.
2978 On successfully completing encryption, remove this flag */
2979 crypt_ftr.flags |= CRYPT_INCONSISTENT_STATE;
Paul Lawrence6bfed202014-07-28 12:47:22 -07002980
Paul Lawrence3d99eba2015-11-20 07:07:19 -08002981 put_crypt_ftr_and_key(&crypt_ftr);
2982 } else if (crypt_ftr.flags & CRYPT_FORCE_ENCRYPTION) {
2983 if (!check_ftr_sha(&crypt_ftr)) {
2984 memset(&crypt_ftr, 0, sizeof(crypt_ftr));
2985 put_crypt_ftr_and_key(&crypt_ftr);
2986 goto error_unencrypted;
2987 }
2988
2989 /* Doing a reboot-encryption*/
2990 crypt_ftr.flags &= ~CRYPT_FORCE_ENCRYPTION;
2991 crypt_ftr.flags |= CRYPT_FORCE_COMPLETE;
2992 rebootEncryption = true;
2993 }
Paul Lawrence87999172014-02-20 12:21:31 -08002994 }
2995
2996 property_get("ro.crypto.state", encrypted_state, "");
2997 if (!strcmp(encrypted_state, "encrypted") && !previously_encrypted_upto) {
2998 SLOGE("Device is already running encrypted, aborting");
2999 goto error_unencrypted;
3000 }
3001
3002 // TODO refactor fs_mgr_get_crypt_info to get both in one call
3003 fs_mgr_get_crypt_info(fstab, key_loc, 0, sizeof(key_loc));
Ken Sumrall56ad03c2013-02-13 13:00:19 -08003004 fs_mgr_get_crypt_info(fstab, 0, real_blkdev, sizeof(real_blkdev));
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003005
Ken Sumrall3ed82362011-01-28 23:31:16 -08003006 /* Get the size of the real block device */
Jeff Sharkeyce6a9132015-04-08 21:07:21 -07003007 int fd = open(real_blkdev, O_RDONLY|O_CLOEXEC);
Hiroaki Miyazawa14eab552015-02-04 13:29:15 +09003008 if (fd == -1) {
3009 SLOGE("Cannot open block device %s\n", real_blkdev);
3010 goto error_unencrypted;
3011 }
3012 unsigned long nr_sec;
3013 get_blkdev_size(fd, &nr_sec);
3014 if (nr_sec == 0) {
Ken Sumrall3ed82362011-01-28 23:31:16 -08003015 SLOGE("Cannot get size of block device %s\n", real_blkdev);
3016 goto error_unencrypted;
3017 }
3018 close(fd);
3019
3020 /* If doing inplace encryption, make sure the orig fs doesn't include the crypto footer */
Ken Sumrall29d8da82011-05-18 17:20:07 -07003021 if ((how == CRYPTO_ENABLE_INPLACE) && (!strcmp(key_loc, KEY_IN_FOOTER))) {
Ken Sumrall3ed82362011-01-28 23:31:16 -08003022 unsigned int fs_size_sec, max_fs_size_sec;
Jim Millera70abc62014-08-15 02:00:45 +00003023 fs_size_sec = get_fs_size(real_blkdev);
Daniel Rosenberge82df162014-08-15 22:19:23 +00003024 if (fs_size_sec == 0)
3025 fs_size_sec = get_f2fs_filesystem_size_sec(real_blkdev);
3026
Paul Lawrence87999172014-02-20 12:21:31 -08003027 max_fs_size_sec = nr_sec - (CRYPT_FOOTER_OFFSET / CRYPT_SECTOR_SIZE);
Ken Sumrall3ed82362011-01-28 23:31:16 -08003028
3029 if (fs_size_sec > max_fs_size_sec) {
3030 SLOGE("Orig filesystem overlaps crypto footer region. Cannot encrypt in place.");
3031 goto error_unencrypted;
3032 }
3033 }
3034
Ken Sumrall5d4c68e2011-01-30 19:06:03 -08003035 /* Get a wakelock as this may take a while, and we don't want the
3036 * device to sleep on us. We'll grab a partial wakelock, and if the UI
3037 * wants to keep the screen on, it can grab a full wakelock.
3038 */
Ken Sumrall29d8da82011-05-18 17:20:07 -07003039 snprintf(lockid, sizeof(lockid), "enablecrypto%d", (int) getpid());
Ken Sumrall5d4c68e2011-01-30 19:06:03 -08003040 acquire_wake_lock(PARTIAL_WAKE_LOCK, lockid);
3041
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003042 /* The init files are setup to stop the class main and late start when
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003043 * vold sets trigger_shutdown_framework.
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003044 */
3045 property_set("vold.decrypt", "trigger_shutdown_framework");
3046 SLOGD("Just asked init to shut down class main\n");
3047
Jeff Sharkey9c484982015-03-31 10:35:33 -07003048 /* Ask vold to unmount all devices that it manages */
3049 if (vold_unmountAll()) {
3050 SLOGE("Failed to unmount all vold managed devices");
Ken Sumrall2eaf7132011-01-14 12:45:48 -08003051 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003052
Paul Lawrence3d99eba2015-11-20 07:07:19 -08003053 /* no_ui means we are being called from init, not settings.
3054 Now we always reboot from settings, so !no_ui means reboot
3055 */
3056 bool onlyCreateHeader = false;
3057 if (!no_ui) {
3058 /* Try fallback, which is to reboot and try there */
3059 onlyCreateHeader = true;
3060 FILE* breadcrumb = fopen(BREADCRUMB_FILE, "we");
3061 if (breadcrumb == 0) {
3062 SLOGE("Failed to create breadcrumb file");
3063 goto error_shutting_down;
3064 }
3065 fclose(breadcrumb);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003066 }
3067
3068 /* Do extra work for a better UX when doing the long inplace encryption */
Paul Lawrence3d99eba2015-11-20 07:07:19 -08003069 if (how == CRYPTO_ENABLE_INPLACE && !onlyCreateHeader) {
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003070 /* Now that /data is unmounted, we need to mount a tmpfs
3071 * /data, set a property saying we're doing inplace encryption,
3072 * and restart the framework.
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003073 */
Ken Sumralle5032c42012-04-01 23:58:44 -07003074 if (fs_mgr_do_tmpfs_mount(DATA_MNT_POINT)) {
Ken Sumrall3ed82362011-01-28 23:31:16 -08003075 goto error_shutting_down;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003076 }
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003077 /* Tells the framework that inplace encryption is starting */
Ken Sumrall7df84122011-01-18 14:04:08 -08003078 property_set("vold.encrypt_progress", "0");
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003079
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003080 /* restart the framework. */
3081 /* Create necessary paths on /data */
3082 if (prep_data_fs()) {
Ken Sumrall3ed82362011-01-28 23:31:16 -08003083 goto error_shutting_down;
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003084 }
3085
Ken Sumrall92736ef2012-10-17 20:57:14 -07003086 /* Ugh, shutting down the framework is not synchronous, so until it
3087 * can be fixed, this horrible hack will wait a moment for it all to
3088 * shut down before proceeding. Without it, some devices cannot
3089 * restart the graphics services.
3090 */
3091 sleep(2);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003092 }
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003093
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003094 /* Start the actual work of making an encrypted filesystem */
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003095 /* Initialize a crypt_mnt_ftr for the partition */
Paul Lawrence3d99eba2015-11-20 07:07:19 -08003096 if (previously_encrypted_upto == 0 && !rebootEncryption) {
Paul Lawrence69f4ebd2014-04-14 12:17:14 -07003097 if (cryptfs_init_crypt_mnt_ftr(&crypt_ftr)) {
3098 goto error_shutting_down;
3099 }
Ken Sumrall160b4d62013-04-22 12:15:39 -07003100
Paul Lawrence87999172014-02-20 12:21:31 -08003101 if (!strcmp(key_loc, KEY_IN_FOOTER)) {
3102 crypt_ftr.fs_size = nr_sec
3103 - (CRYPT_FOOTER_OFFSET / CRYPT_SECTOR_SIZE);
3104 } else {
3105 crypt_ftr.fs_size = nr_sec;
3106 }
Paul Lawrence6bfed202014-07-28 12:47:22 -07003107 /* At this point, we are in an inconsistent state. Until we successfully
3108 complete encryption, a reboot will leave us broken. So mark the
3109 encryption failed in case that happens.
3110 On successfully completing encryption, remove this flag */
Paul Lawrence3d99eba2015-11-20 07:07:19 -08003111 if (onlyCreateHeader) {
3112 crypt_ftr.flags |= CRYPT_FORCE_ENCRYPTION;
3113 } else {
3114 crypt_ftr.flags |= CRYPT_INCONSISTENT_STATE;
3115 }
Paul Lawrence87999172014-02-20 12:21:31 -08003116 crypt_ftr.crypt_type = crypt_type;
Ajay Dudani87701e22014-09-17 21:02:52 -07003117#ifndef CONFIG_HW_DISK_ENCRYPTION
3118 strlcpy((char *)crypt_ftr.crypto_type_name, "aes-cbc-essiv:sha256", MAX_CRYPTO_TYPE_NAME_LEN);
3119#else
3120 strlcpy((char *)crypt_ftr.crypto_type_name, "aes-xts", MAX_CRYPTO_TYPE_NAME_LEN);
3121
Iliyan Malchevbb7d9af2014-11-20 18:42:23 -08003122 rc = clear_hw_device_encryption_key();
Ajay Dudani87701e22014-09-17 21:02:52 -07003123 if (!rc) {
3124 SLOGE("Error clearing device encryption hardware key. rc = %d", rc);
3125 }
3126
3127 rc = set_hw_device_encryption_key(passwd,
3128 (char*) crypt_ftr.crypto_type_name);
3129 if (!rc) {
3130 SLOGE("Error initializing device encryption hardware key. rc = %d", rc);
3131 goto error_shutting_down;
3132 }
3133#endif
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003134
Paul Lawrence87999172014-02-20 12:21:31 -08003135 /* Make an encrypted master key */
Paul Lawrence3d99eba2015-11-20 07:07:19 -08003136 if (create_encrypted_random_key(onlyCreateHeader ? DEFAULT_PASSWORD : passwd,
3137 crypt_ftr.master_key, crypt_ftr.salt, &crypt_ftr)) {
Paul Lawrence87999172014-02-20 12:21:31 -08003138 SLOGE("Cannot create encrypted master key\n");
3139 goto error_shutting_down;
3140 }
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003141
Paul Lawrence3d99eba2015-11-20 07:07:19 -08003142 /* Replace scrypted intermediate key if we are preparing for a reboot */
3143 if (onlyCreateHeader) {
3144 unsigned char fake_master_key[KEY_LEN_BYTES];
3145 unsigned char encrypted_fake_master_key[KEY_LEN_BYTES];
3146 memset(fake_master_key, 0, sizeof(fake_master_key));
3147 encrypt_master_key(passwd, crypt_ftr.salt, fake_master_key,
3148 encrypted_fake_master_key, &crypt_ftr);
3149 }
3150
Paul Lawrence87999172014-02-20 12:21:31 -08003151 /* Write the key to the end of the partition */
3152 put_crypt_ftr_and_key(&crypt_ftr);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003153
Paul Lawrence87999172014-02-20 12:21:31 -08003154 /* If any persistent data has been remembered, save it.
3155 * If none, create a valid empty table and save that.
3156 */
3157 if (!persist_data) {
3158 pdata = malloc(CRYPT_PERSIST_DATA_SIZE);
3159 if (pdata) {
3160 init_empty_persist_data(pdata, CRYPT_PERSIST_DATA_SIZE);
3161 persist_data = pdata;
3162 }
3163 }
3164 if (persist_data) {
3165 save_persistent_data();
3166 }
Ken Sumrall160b4d62013-04-22 12:15:39 -07003167 }
3168
Paul Lawrence3d99eba2015-11-20 07:07:19 -08003169 if (onlyCreateHeader) {
3170 sleep(2);
3171 cryptfs_reboot(reboot);
3172 }
3173
3174 if (how == CRYPTO_ENABLE_INPLACE && (!no_ui || rebootEncryption)) {
Ajay Dudani87701e22014-09-17 21:02:52 -07003175 /* startup service classes main and late_start */
3176 property_set("vold.decrypt", "trigger_restart_min_framework");
3177 SLOGD("Just triggered restart_min_framework\n");
3178
3179 /* OK, the framework is restarted and will soon be showing a
3180 * progress bar. Time to setup an encrypted mapping, and
3181 * either write a new filesystem, or encrypt in place updating
3182 * the progress bar as we work.
3183 */
3184 }
3185
Paul Lawrenced0c7b172014-08-08 14:28:10 -07003186 decrypt_master_key(passwd, decrypted_master_key, &crypt_ftr, 0, 0);
Ken Sumrall29d8da82011-05-18 17:20:07 -07003187 create_crypto_blk_dev(&crypt_ftr, decrypted_master_key, real_blkdev, crypto_blkdev,
Paul Lawrence3d99eba2015-11-20 07:07:19 -08003188 CRYPTO_BLOCK_DEVICE);
Ken Sumrall29d8da82011-05-18 17:20:07 -07003189
Paul Lawrence87999172014-02-20 12:21:31 -08003190 /* If we are continuing, check checksums match */
3191 rc = 0;
3192 if (previously_encrypted_upto) {
3193 __le8 hash_first_block[SHA256_DIGEST_LENGTH];
3194 rc = cryptfs_SHA256_fileblock(crypto_blkdev, hash_first_block);
Ken Sumrall128626f2011-06-28 18:45:14 -07003195
Paul Lawrence87999172014-02-20 12:21:31 -08003196 if (!rc && memcmp(hash_first_block, crypt_ftr.hash_first_block,
3197 sizeof(hash_first_block)) != 0) {
3198 SLOGE("Checksums do not match - trigger wipe");
3199 rc = -1;
Ken Sumrall29d8da82011-05-18 17:20:07 -07003200 }
3201 }
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003202
Paul Lawrence87999172014-02-20 12:21:31 -08003203 if (!rc) {
3204 rc = cryptfs_enable_all_volumes(&crypt_ftr, how,
3205 crypto_blkdev, real_blkdev,
3206 previously_encrypted_upto);
3207 }
3208
3209 /* Calculate checksum if we are not finished */
Paul Lawrenceb1eb7a02014-11-25 14:57:32 -08003210 if (!rc && how == CRYPTO_ENABLE_INPLACE
3211 && crypt_ftr.encrypted_upto != crypt_ftr.fs_size) {
Paul Lawrence87999172014-02-20 12:21:31 -08003212 rc = cryptfs_SHA256_fileblock(crypto_blkdev,
3213 crypt_ftr.hash_first_block);
Paul Lawrence73d7a022014-06-09 14:10:09 -07003214 if (rc) {
Paul Lawrence87999172014-02-20 12:21:31 -08003215 SLOGE("Error calculating checksum for continuing encryption");
3216 rc = -1;
Ken Sumrall29d8da82011-05-18 17:20:07 -07003217 }
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003218 }
3219
3220 /* Undo the dm-crypt mapping whether we succeed or not */
Paul Lawrence3d99eba2015-11-20 07:07:19 -08003221 delete_crypto_blk_dev(CRYPTO_BLOCK_DEVICE);
Ken Sumrall29d8da82011-05-18 17:20:07 -07003222
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003223 if (! rc) {
3224 /* Success */
Paul Lawrence6bfed202014-07-28 12:47:22 -07003225 crypt_ftr.flags &= ~CRYPT_INCONSISTENT_STATE;
Ken Sumrall7f7dbaa2011-02-01 15:46:41 -08003226
Paul Lawrenceb1eb7a02014-11-25 14:57:32 -08003227 if (how == CRYPTO_ENABLE_INPLACE
3228 && crypt_ftr.encrypted_upto != crypt_ftr.fs_size) {
Paul Lawrence87999172014-02-20 12:21:31 -08003229 SLOGD("Encrypted up to sector %lld - will continue after reboot",
3230 crypt_ftr.encrypted_upto);
Paul Lawrence6bfed202014-07-28 12:47:22 -07003231 crypt_ftr.flags |= CRYPT_ENCRYPTION_IN_PROGRESS;
Paul Lawrence87999172014-02-20 12:21:31 -08003232 }
Paul Lawrence73d7a022014-06-09 14:10:09 -07003233
Paul Lawrence6bfed202014-07-28 12:47:22 -07003234 put_crypt_ftr_and_key(&crypt_ftr);
Ken Sumralld33d4172011-02-01 00:49:13 -08003235
Paul Lawrenceb1eb7a02014-11-25 14:57:32 -08003236 if (how == CRYPTO_ENABLE_WIPE
3237 || crypt_ftr.encrypted_upto == crypt_ftr.fs_size) {
Paul Lawrenceb6672e12014-08-15 07:37:28 -07003238 char value[PROPERTY_VALUE_MAX];
3239 property_get("ro.crypto.state", value, "");
3240 if (!strcmp(value, "")) {
3241 /* default encryption - continue first boot sequence */
3242 property_set("ro.crypto.state", "encrypted");
Paul Lawrence4ed45262016-03-10 15:44:21 -08003243 property_set("ro.crypto.type", "block");
Paul Lawrenceb6672e12014-08-15 07:37:28 -07003244 release_wake_lock(lockid);
Paul Lawrence3d99eba2015-11-20 07:07:19 -08003245 if (rebootEncryption && crypt_ftr.crypt_type != CRYPT_TYPE_DEFAULT) {
3246 // Bring up cryptkeeper that will check the password and set it
3247 property_set("vold.decrypt", "trigger_shutdown_framework");
3248 sleep(2);
3249 property_set("vold.encrypt_progress", "");
3250 cryptfs_trigger_restart_min_framework();
3251 } else {
3252 cryptfs_check_passwd(DEFAULT_PASSWORD);
3253 cryptfs_restart_internal(1);
3254 }
Paul Lawrenceb6672e12014-08-15 07:37:28 -07003255 return 0;
3256 } else {
3257 sleep(2); /* Give the UI a chance to show 100% progress */
Paul Lawrence87999172014-02-20 12:21:31 -08003258 cryptfs_reboot(reboot);
Paul Lawrenceb6672e12014-08-15 07:37:28 -07003259 }
Paul Lawrence87999172014-02-20 12:21:31 -08003260 } else {
Paul Lawrenceb6672e12014-08-15 07:37:28 -07003261 sleep(2); /* Partially encrypted, ensure writes flushed to ssd */
Paul Lawrence87999172014-02-20 12:21:31 -08003262 cryptfs_reboot(shutdown);
3263 }
Ken Sumrall3ed82362011-01-28 23:31:16 -08003264 } else {
Mike Lockwoodee6d8c42012-02-15 13:43:28 -08003265 char value[PROPERTY_VALUE_MAX];
3266
Ken Sumrall319369a2012-06-27 16:30:18 -07003267 property_get("ro.vold.wipe_on_crypt_fail", value, "0");
Mike Lockwoodee6d8c42012-02-15 13:43:28 -08003268 if (!strcmp(value, "1")) {
3269 /* wipe data if encryption failed */
3270 SLOGE("encryption failed - rebooting into recovery to wipe data\n");
Yabin Cuiffa2e092016-04-06 17:21:38 -07003271 if (!write_bootloader_message("--wipe_data\n--reason=cryptfs_enable_internal\n")) {
3272 SLOGE("could not write bootloader message\n");
Mike Lockwoodee6d8c42012-02-15 13:43:28 -08003273 }
Paul Lawrence87999172014-02-20 12:21:31 -08003274 cryptfs_reboot(recovery);
Mike Lockwoodee6d8c42012-02-15 13:43:28 -08003275 } else {
3276 /* set property to trigger dialog */
3277 property_set("vold.encrypt_progress", "error_partially_encrypted");
3278 release_wake_lock(lockid);
3279 }
Ken Sumrall3ed82362011-01-28 23:31:16 -08003280 return -1;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003281 }
3282
Ken Sumrall3ed82362011-01-28 23:31:16 -08003283 /* hrm, the encrypt step claims success, but the reboot failed.
3284 * This should not happen.
3285 * Set the property and return. Hope the framework can deal with it.
3286 */
3287 property_set("vold.encrypt_progress", "error_reboot_failed");
Ken Sumrall5d4c68e2011-01-30 19:06:03 -08003288 release_wake_lock(lockid);
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003289 return rc;
Ken Sumrall3ed82362011-01-28 23:31:16 -08003290
3291error_unencrypted:
3292 property_set("vold.encrypt_progress", "error_not_encrypted");
Ken Sumrall5d4c68e2011-01-30 19:06:03 -08003293 if (lockid[0]) {
3294 release_wake_lock(lockid);
3295 }
Ken Sumrall3ed82362011-01-28 23:31:16 -08003296 return -1;
3297
3298error_shutting_down:
3299 /* we failed, and have not encrypted anthing, so the users's data is still intact,
3300 * but the framework is stopped and not restarted to show the error, so it's up to
3301 * vold to restart the system.
3302 */
3303 SLOGE("Error enabling encryption after framework is shutdown, no data changed, restarting system");
Paul Lawrence87999172014-02-20 12:21:31 -08003304 cryptfs_reboot(reboot);
Ken Sumrall3ed82362011-01-28 23:31:16 -08003305
3306 /* shouldn't get here */
3307 property_set("vold.encrypt_progress", "error_shutting_down");
Ken Sumrall5d4c68e2011-01-30 19:06:03 -08003308 if (lockid[0]) {
3309 release_wake_lock(lockid);
3310 }
Ken Sumrall3ed82362011-01-28 23:31:16 -08003311 return -1;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003312}
3313
Paul Lawrence569649f2015-09-09 12:13:00 -07003314int cryptfs_enable(char *howarg, int type, char *passwd, int no_ui)
Paul Lawrence13486032014-02-03 13:28:11 -08003315{
Paul Lawrence569649f2015-09-09 12:13:00 -07003316 return cryptfs_enable_internal(howarg, type, passwd, no_ui);
Paul Lawrence13486032014-02-03 13:28:11 -08003317}
3318
Paul Lawrence569649f2015-09-09 12:13:00 -07003319int cryptfs_enable_default(char *howarg, int no_ui)
Paul Lawrence13486032014-02-03 13:28:11 -08003320{
3321 return cryptfs_enable_internal(howarg, CRYPT_TYPE_DEFAULT,
Paul Lawrence569649f2015-09-09 12:13:00 -07003322 DEFAULT_PASSWORD, no_ui);
Paul Lawrence13486032014-02-03 13:28:11 -08003323}
3324
3325int cryptfs_changepw(int crypt_type, const char *newpw)
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003326{
Paul Crowley38132a12016-02-09 09:50:32 +00003327 if (e4crypt_is_native()) {
Paul Lawrence7b6b5652016-02-02 11:14:59 -08003328 SLOGE("cryptfs_changepw not valid for file encryption");
3329 return -1;
Paul Lawrence05335c32015-03-05 09:46:23 -08003330 }
3331
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003332 struct crypt_mnt_ftr crypt_ftr;
JP Abgrall933216c2015-02-11 13:44:32 -08003333 int rc;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003334
3335 /* This is only allowed after we've successfully decrypted the master key */
Paul Lawrencef4faa572014-01-29 13:31:03 -08003336 if (!master_key_saved) {
Ken Sumrall0cc16632011-01-18 20:32:26 -08003337 SLOGE("Key not saved, aborting");
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003338 return -1;
3339 }
3340
Paul Lawrencef4faa572014-01-29 13:31:03 -08003341 if (crypt_type < 0 || crypt_type > CRYPT_TYPE_MAX_TYPE) {
3342 SLOGE("Invalid crypt_type %d", crypt_type);
3343 return -1;
3344 }
3345
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003346 /* get key */
Ken Sumrall160b4d62013-04-22 12:15:39 -07003347 if (get_crypt_ftr_and_key(&crypt_ftr)) {
Paul Lawrencef4faa572014-01-29 13:31:03 -08003348 SLOGE("Error getting crypt footer and key");
3349 return -1;
Ken Sumrall8ddbe402011-01-17 15:26:29 -08003350 }
3351
Paul Lawrencef4faa572014-01-29 13:31:03 -08003352 crypt_ftr.crypt_type = crypt_type;
3353
JP Abgrall933216c2015-02-11 13:44:32 -08003354 rc = encrypt_master_key(crypt_type == CRYPT_TYPE_DEFAULT ? DEFAULT_PASSWORD
Paul Lawrencef4faa572014-01-29 13:31:03 -08003355 : newpw,
3356 crypt_ftr.salt,
3357 saved_master_key,
3358 crypt_ftr.master_key,
3359 &crypt_ftr);
JP Abgrall933216c2015-02-11 13:44:32 -08003360 if (rc) {
3361 SLOGE("Encrypt master key failed: %d", rc);
3362 return -1;
3363 }
Jason parks70a4b3f2011-01-28 10:10:47 -06003364 /* save the key */
Ken Sumrall160b4d62013-04-22 12:15:39 -07003365 put_crypt_ftr_and_key(&crypt_ftr);
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003366
Ajay Dudani87701e22014-09-17 21:02:52 -07003367#ifdef CONFIG_HW_DISK_ENCRYPTION
Iliyan Malchevbb7d9af2014-11-20 18:42:23 -08003368 if (!strcmp((char *)crypt_ftr.crypto_type_name, "aes-xts")) {
3369 if (crypt_type == CRYPT_TYPE_DEFAULT) {
3370 int rc = update_hw_device_encryption_key(DEFAULT_PASSWORD, (char*) crypt_ftr.crypto_type_name);
3371 SLOGD("Update hardware encryption key to default for crypt_type: %d. rc = %d", crypt_type, rc);
3372 if (!rc)
3373 return -1;
3374 } else {
3375 int rc = update_hw_device_encryption_key(newpw, (char*) crypt_ftr.crypto_type_name);
3376 SLOGD("Update hardware encryption key for crypt_type: %d. rc = %d", crypt_type, rc);
3377 if (!rc)
3378 return -1;
3379 }
Ajay Dudani87701e22014-09-17 21:02:52 -07003380 }
3381#endif
Ken Sumrall8f869aa2010-12-03 03:47:09 -08003382 return 0;
3383}
Ken Sumrall160b4d62013-04-22 12:15:39 -07003384
Rubin Xu85c01f92014-10-13 12:49:54 +01003385static unsigned int persist_get_max_entries(int encrypted) {
3386 struct crypt_mnt_ftr crypt_ftr;
3387 unsigned int dsize;
3388 unsigned int max_persistent_entries;
3389
3390 /* If encrypted, use the values from the crypt_ftr, otherwise
3391 * use the values for the current spec.
3392 */
3393 if (encrypted) {
3394 if (get_crypt_ftr_and_key(&crypt_ftr)) {
3395 return -1;
3396 }
3397 dsize = crypt_ftr.persist_data_size;
3398 } else {
3399 dsize = CRYPT_PERSIST_DATA_SIZE;
3400 }
3401
3402 max_persistent_entries = (dsize - sizeof(struct crypt_persist_data)) /
3403 sizeof(struct crypt_persist_entry);
3404
3405 return max_persistent_entries;
3406}
3407
3408static int persist_get_key(const char *fieldname, char *value)
Ken Sumrall160b4d62013-04-22 12:15:39 -07003409{
3410 unsigned int i;
3411
3412 if (persist_data == NULL) {
3413 return -1;
3414 }
3415 for (i = 0; i < persist_data->persist_valid_entries; i++) {
3416 if (!strncmp(persist_data->persist_entry[i].key, fieldname, PROPERTY_KEY_MAX)) {
3417 /* We found it! */
3418 strlcpy(value, persist_data->persist_entry[i].val, PROPERTY_VALUE_MAX);
3419 return 0;
3420 }
3421 }
3422
3423 return -1;
3424}
3425
Rubin Xu85c01f92014-10-13 12:49:54 +01003426static int persist_set_key(const char *fieldname, const char *value, int encrypted)
Ken Sumrall160b4d62013-04-22 12:15:39 -07003427{
3428 unsigned int i;
3429 unsigned int num;
Ken Sumrall160b4d62013-04-22 12:15:39 -07003430 unsigned int max_persistent_entries;
Ken Sumrall160b4d62013-04-22 12:15:39 -07003431
3432 if (persist_data == NULL) {
3433 return -1;
3434 }
3435
Rubin Xu85c01f92014-10-13 12:49:54 +01003436 max_persistent_entries = persist_get_max_entries(encrypted);
Ken Sumrall160b4d62013-04-22 12:15:39 -07003437
3438 num = persist_data->persist_valid_entries;
3439
3440 for (i = 0; i < num; i++) {
3441 if (!strncmp(persist_data->persist_entry[i].key, fieldname, PROPERTY_KEY_MAX)) {
3442 /* We found an existing entry, update it! */
3443 memset(persist_data->persist_entry[i].val, 0, PROPERTY_VALUE_MAX);
3444 strlcpy(persist_data->persist_entry[i].val, value, PROPERTY_VALUE_MAX);
3445 return 0;
3446 }
3447 }
3448
3449 /* We didn't find it, add it to the end, if there is room */
3450 if (persist_data->persist_valid_entries < max_persistent_entries) {
3451 memset(&persist_data->persist_entry[num], 0, sizeof(struct crypt_persist_entry));
3452 strlcpy(persist_data->persist_entry[num].key, fieldname, PROPERTY_KEY_MAX);
3453 strlcpy(persist_data->persist_entry[num].val, value, PROPERTY_VALUE_MAX);
3454 persist_data->persist_valid_entries++;
3455 return 0;
3456 }
3457
3458 return -1;
3459}
3460
Rubin Xu85c01f92014-10-13 12:49:54 +01003461/**
3462 * Test if key is part of the multi-entry (field, index) sequence. Return non-zero if key is in the
3463 * sequence and its index is greater than or equal to index. Return 0 otherwise.
3464 */
3465static int match_multi_entry(const char *key, const char *field, unsigned index) {
Rubin Xu85c01f92014-10-13 12:49:54 +01003466 unsigned int field_len;
3467 unsigned int key_index;
3468 field_len = strlen(field);
3469
3470 if (index == 0) {
3471 // The first key in a multi-entry field is just the filedname itself.
3472 if (!strcmp(key, field)) {
3473 return 1;
3474 }
3475 }
3476 // Match key against "%s_%d" % (field, index)
3477 if (strlen(key) < field_len + 1 + 1) {
3478 // Need at least a '_' and a digit.
3479 return 0;
3480 }
3481 if (strncmp(key, field, field_len)) {
3482 // If the key does not begin with field, it's not a match.
3483 return 0;
3484 }
3485 if (1 != sscanf(&key[field_len],"_%d", &key_index)) {
3486 return 0;
3487 }
3488 return key_index >= index;
3489}
3490
3491/*
3492 * Delete entry/entries from persist_data. If the entries are part of a multi-segment field, all
3493 * remaining entries starting from index will be deleted.
3494 * returns PERSIST_DEL_KEY_OK if deletion succeeds,
3495 * PERSIST_DEL_KEY_ERROR_NO_FIELD if the field does not exist,
3496 * and PERSIST_DEL_KEY_ERROR_OTHER if error occurs.
3497 *
3498 */
3499static int persist_del_keys(const char *fieldname, unsigned index)
3500{
3501 unsigned int i;
3502 unsigned int j;
3503 unsigned int num;
3504
3505 if (persist_data == NULL) {
3506 return PERSIST_DEL_KEY_ERROR_OTHER;
3507 }
3508
3509 num = persist_data->persist_valid_entries;
3510
3511 j = 0; // points to the end of non-deleted entries.
3512 // Filter out to-be-deleted entries in place.
3513 for (i = 0; i < num; i++) {
3514 if (!match_multi_entry(persist_data->persist_entry[i].key, fieldname, index)) {
3515 persist_data->persist_entry[j] = persist_data->persist_entry[i];
3516 j++;
3517 }
3518 }
3519
3520 if (j < num) {
3521 persist_data->persist_valid_entries = j;
3522 // Zeroise the remaining entries
3523 memset(&persist_data->persist_entry[j], 0, (num - j) * sizeof(struct crypt_persist_entry));
3524 return PERSIST_DEL_KEY_OK;
3525 } else {
3526 // Did not find an entry matching the given fieldname
3527 return PERSIST_DEL_KEY_ERROR_NO_FIELD;
3528 }
3529}
3530
3531static int persist_count_keys(const char *fieldname)
3532{
3533 unsigned int i;
3534 unsigned int count;
3535
3536 if (persist_data == NULL) {
3537 return -1;
3538 }
3539
3540 count = 0;
3541 for (i = 0; i < persist_data->persist_valid_entries; i++) {
3542 if (match_multi_entry(persist_data->persist_entry[i].key, fieldname, 0)) {
3543 count++;
3544 }
3545 }
3546
3547 return count;
3548}
3549
Ken Sumrall160b4d62013-04-22 12:15:39 -07003550/* Return the value of the specified field. */
Rubin Xu85c01f92014-10-13 12:49:54 +01003551int cryptfs_getfield(const char *fieldname, char *value, int len)
Ken Sumrall160b4d62013-04-22 12:15:39 -07003552{
Paul Crowley38132a12016-02-09 09:50:32 +00003553 if (e4crypt_is_native()) {
Paul Lawrence5a06a642016-02-03 13:39:13 -08003554 SLOGE("Cannot get field when file encrypted");
3555 return -1;
Paul Lawrence368d7942015-04-15 14:12:00 -07003556 }
3557
Ken Sumrall160b4d62013-04-22 12:15:39 -07003558 char temp_value[PROPERTY_VALUE_MAX];
Rubin Xu85c01f92014-10-13 12:49:54 +01003559 /* CRYPTO_GETFIELD_OK is success,
3560 * CRYPTO_GETFIELD_ERROR_NO_FIELD is value not set,
3561 * CRYPTO_GETFIELD_ERROR_BUF_TOO_SMALL is buffer (as given by len) too small,
3562 * CRYPTO_GETFIELD_ERROR_OTHER is any other error
Ken Sumrall160b4d62013-04-22 12:15:39 -07003563 */
Rubin Xu85c01f92014-10-13 12:49:54 +01003564 int rc = CRYPTO_GETFIELD_ERROR_OTHER;
3565 int i;
3566 char temp_field[PROPERTY_KEY_MAX];
Ken Sumrall160b4d62013-04-22 12:15:39 -07003567
3568 if (persist_data == NULL) {
3569 load_persistent_data();
3570 if (persist_data == NULL) {
3571 SLOGE("Getfield error, cannot load persistent data");
3572 goto out;
3573 }
3574 }
3575
Rubin Xu85c01f92014-10-13 12:49:54 +01003576 // Read value from persistent entries. If the original value is split into multiple entries,
3577 // stitch them back together.
Ken Sumrall160b4d62013-04-22 12:15:39 -07003578 if (!persist_get_key(fieldname, temp_value)) {
Rubin Xu85c01f92014-10-13 12:49:54 +01003579 // We found it, copy it to the caller's buffer and keep going until all entries are read.
3580 if (strlcpy(value, temp_value, len) >= (unsigned) len) {
3581 // value too small
3582 rc = CRYPTO_GETFIELD_ERROR_BUF_TOO_SMALL;
3583 goto out;
3584 }
3585 rc = CRYPTO_GETFIELD_OK;
3586
3587 for (i = 1; /* break explicitly */; i++) {
3588 if (snprintf(temp_field, sizeof(temp_field), "%s_%d", fieldname, i) >=
3589 (int) sizeof(temp_field)) {
3590 // If the fieldname is very long, we stop as soon as it begins to overflow the
3591 // maximum field length. At this point we have in fact fully read out the original
3592 // value because cryptfs_setfield would not allow fields with longer names to be
3593 // written in the first place.
3594 break;
3595 }
3596 if (!persist_get_key(temp_field, temp_value)) {
3597 if (strlcat(value, temp_value, len) >= (unsigned)len) {
3598 // value too small.
3599 rc = CRYPTO_GETFIELD_ERROR_BUF_TOO_SMALL;
3600 goto out;
3601 }
3602 } else {
3603 // Exhaust all entries.
3604 break;
3605 }
3606 }
Ken Sumrall160b4d62013-04-22 12:15:39 -07003607 } else {
3608 /* Sadness, it's not there. Return the error */
Rubin Xu85c01f92014-10-13 12:49:54 +01003609 rc = CRYPTO_GETFIELD_ERROR_NO_FIELD;
Ken Sumrall160b4d62013-04-22 12:15:39 -07003610 }
3611
3612out:
3613 return rc;
3614}
3615
3616/* Set the value of the specified field. */
Rubin Xu85c01f92014-10-13 12:49:54 +01003617int cryptfs_setfield(const char *fieldname, const char *value)
Ken Sumrall160b4d62013-04-22 12:15:39 -07003618{
Paul Crowley38132a12016-02-09 09:50:32 +00003619 if (e4crypt_is_native()) {
Paul Lawrence5a06a642016-02-03 13:39:13 -08003620 SLOGE("Cannot set field when file encrypted");
3621 return -1;
Paul Lawrence368d7942015-04-15 14:12:00 -07003622 }
3623
Ken Sumrall160b4d62013-04-22 12:15:39 -07003624 char encrypted_state[PROPERTY_VALUE_MAX];
Rubin Xu85c01f92014-10-13 12:49:54 +01003625 /* 0 is success, negative values are error */
3626 int rc = CRYPTO_SETFIELD_ERROR_OTHER;
Ken Sumrall160b4d62013-04-22 12:15:39 -07003627 int encrypted = 0;
Rubin Xu85c01f92014-10-13 12:49:54 +01003628 unsigned int field_id;
3629 char temp_field[PROPERTY_KEY_MAX];
3630 unsigned int num_entries;
3631 unsigned int max_keylen;
Ken Sumrall160b4d62013-04-22 12:15:39 -07003632
3633 if (persist_data == NULL) {
3634 load_persistent_data();
3635 if (persist_data == NULL) {
3636 SLOGE("Setfield error, cannot load persistent data");
3637 goto out;
3638 }
3639 }
3640
3641 property_get("ro.crypto.state", encrypted_state, "");
3642 if (!strcmp(encrypted_state, "encrypted") ) {
3643 encrypted = 1;
3644 }
3645
Rubin Xu85c01f92014-10-13 12:49:54 +01003646 // Compute the number of entries required to store value, each entry can store up to
3647 // (PROPERTY_VALUE_MAX - 1) chars
3648 if (strlen(value) == 0) {
3649 // Empty value also needs one entry to store.
3650 num_entries = 1;
3651 } else {
3652 num_entries = (strlen(value) + (PROPERTY_VALUE_MAX - 1) - 1) / (PROPERTY_VALUE_MAX - 1);
3653 }
3654
3655 max_keylen = strlen(fieldname);
3656 if (num_entries > 1) {
3657 // Need an extra "_%d" suffix.
3658 max_keylen += 1 + log10(num_entries);
3659 }
3660 if (max_keylen > PROPERTY_KEY_MAX - 1) {
3661 rc = CRYPTO_SETFIELD_ERROR_FIELD_TOO_LONG;
Ken Sumrall160b4d62013-04-22 12:15:39 -07003662 goto out;
3663 }
3664
Rubin Xu85c01f92014-10-13 12:49:54 +01003665 // Make sure we have enough space to write the new value
3666 if (persist_data->persist_valid_entries + num_entries - persist_count_keys(fieldname) >
3667 persist_get_max_entries(encrypted)) {
3668 rc = CRYPTO_SETFIELD_ERROR_VALUE_TOO_LONG;
3669 goto out;
3670 }
3671
3672 // Now that we know persist_data has enough space for value, let's delete the old field first
3673 // to make up space.
3674 persist_del_keys(fieldname, 0);
3675
3676 if (persist_set_key(fieldname, value, encrypted)) {
3677 // fail to set key, should not happen as we have already checked the available space
3678 SLOGE("persist_set_key() error during setfield()");
3679 goto out;
3680 }
3681
3682 for (field_id = 1; field_id < num_entries; field_id++) {
3683 snprintf(temp_field, sizeof(temp_field), "%s_%d", fieldname, field_id);
3684
3685 if (persist_set_key(temp_field, value + field_id * (PROPERTY_VALUE_MAX - 1), encrypted)) {
3686 // fail to set key, should not happen as we have already checked the available space.
3687 SLOGE("persist_set_key() error during setfield()");
3688 goto out;
3689 }
3690 }
3691
Ken Sumrall160b4d62013-04-22 12:15:39 -07003692 /* If we are running encrypted, save the persistent data now */
3693 if (encrypted) {
3694 if (save_persistent_data()) {
3695 SLOGE("Setfield error, cannot save persistent data");
3696 goto out;
3697 }
3698 }
3699
Rubin Xu85c01f92014-10-13 12:49:54 +01003700 rc = CRYPTO_SETFIELD_OK;
Ken Sumrall160b4d62013-04-22 12:15:39 -07003701
3702out:
3703 return rc;
3704}
Paul Lawrencef4faa572014-01-29 13:31:03 -08003705
3706/* Checks userdata. Attempt to mount the volume if default-
3707 * encrypted.
3708 * On success trigger next init phase and return 0.
3709 * Currently do not handle failure - see TODO below.
3710 */
3711int cryptfs_mount_default_encrypted(void)
3712{
Paul Lawrence84274cc2016-04-15 15:41:33 -07003713 int crypt_type = cryptfs_get_password_type();
3714 if (crypt_type < 0 || crypt_type > CRYPT_TYPE_MAX_TYPE) {
3715 SLOGE("Bad crypt type - error");
3716 } else if (crypt_type != CRYPT_TYPE_DEFAULT) {
3717 SLOGD("Password is not default - "
3718 "starting min framework to prompt");
3719 property_set("vold.decrypt", "trigger_restart_min_framework");
3720 return 0;
3721 } else if (cryptfs_check_passwd(DEFAULT_PASSWORD) == 0) {
3722 SLOGD("Password is default - restarting filesystem");
3723 cryptfs_restart_internal(0);
3724 return 0;
Paul Lawrencef4faa572014-01-29 13:31:03 -08003725 } else {
Paul Lawrence84274cc2016-04-15 15:41:33 -07003726 SLOGE("Encrypted, default crypt type but can't decrypt");
Paul Lawrencef4faa572014-01-29 13:31:03 -08003727 }
3728
Paul Lawrence6bfed202014-07-28 12:47:22 -07003729 /** Corrupt. Allow us to boot into framework, which will detect bad
3730 crypto when it calls do_crypto_complete, then do a factory reset
Paul Lawrencef4faa572014-01-29 13:31:03 -08003731 */
Paul Lawrence6bfed202014-07-28 12:47:22 -07003732 property_set("vold.decrypt", "trigger_restart_min_framework");
Paul Lawrencef4faa572014-01-29 13:31:03 -08003733 return 0;
3734}
3735
3736/* Returns type of the password, default, pattern, pin or password.
3737 */
3738int cryptfs_get_password_type(void)
3739{
Paul Crowley38132a12016-02-09 09:50:32 +00003740 if (e4crypt_is_native()) {
Paul Lawrence7b6b5652016-02-02 11:14:59 -08003741 SLOGE("cryptfs_get_password_type not valid for file encryption");
3742 return -1;
Paul Lawrence05335c32015-03-05 09:46:23 -08003743 }
3744
Paul Lawrencef4faa572014-01-29 13:31:03 -08003745 struct crypt_mnt_ftr crypt_ftr;
3746
3747 if (get_crypt_ftr_and_key(&crypt_ftr)) {
3748 SLOGE("Error getting crypt footer and key\n");
3749 return -1;
3750 }
3751
Paul Lawrence6bfed202014-07-28 12:47:22 -07003752 if (crypt_ftr.flags & CRYPT_INCONSISTENT_STATE) {
3753 return -1;
3754 }
3755
Paul Lawrencef4faa572014-01-29 13:31:03 -08003756 return crypt_ftr.crypt_type;
3757}
Paul Lawrence684dbdf2014-02-07 12:07:22 -08003758
Paul Lawrence05335c32015-03-05 09:46:23 -08003759const char* cryptfs_get_password()
Paul Lawrence684dbdf2014-02-07 12:07:22 -08003760{
Paul Crowley38132a12016-02-09 09:50:32 +00003761 if (e4crypt_is_native()) {
Paul Lawrence7b6b5652016-02-02 11:14:59 -08003762 SLOGE("cryptfs_get_password not valid for file encryption");
3763 return 0;
Paul Lawrence05335c32015-03-05 09:46:23 -08003764 }
3765
Paul Lawrence399317e2014-03-10 13:20:50 -07003766 struct timespec now;
Paul Lawrenceef2b5be2014-11-11 12:47:03 -08003767 clock_gettime(CLOCK_BOOTTIME, &now);
Paul Lawrence399317e2014-03-10 13:20:50 -07003768 if (now.tv_sec < password_expiry_time) {
3769 return password;
3770 } else {
3771 cryptfs_clear_password();
3772 return 0;
3773 }
3774}
3775
3776void cryptfs_clear_password()
3777{
3778 if (password) {
3779 size_t len = strlen(password);
3780 memset(password, 0, len);
3781 free(password);
3782 password = 0;
3783 password_expiry_time = 0;
3784 }
Paul Lawrence684dbdf2014-02-07 12:07:22 -08003785}
Paul Lawrence731a7a22015-04-28 22:14:15 +00003786
3787int cryptfs_enable_file()
3788{
Paul Crowley38132a12016-02-09 09:50:32 +00003789 return e4crypt_initialize_global_de();
Paul Lawrence731a7a22015-04-28 22:14:15 +00003790}
3791
Paul Lawrence0c247462015-10-29 10:30:57 -07003792int cryptfs_isConvertibleToFBE()
3793{
3794 struct fstab_rec* rec = fs_mgr_get_entry_for_mount_point(fstab, DATA_MNT_POINT);
3795 return fs_mgr_is_convertible_to_fbe(rec) ? 1 : 0;
3796}
3797
Paul Lawrence731a7a22015-04-28 22:14:15 +00003798int cryptfs_create_default_ftr(struct crypt_mnt_ftr* crypt_ftr, __attribute__((unused))int key_length)
3799{
3800 if (cryptfs_init_crypt_mnt_ftr(crypt_ftr)) {
3801 SLOGE("Failed to initialize crypt_ftr");
3802 return -1;
3803 }
3804
3805 if (create_encrypted_random_key(DEFAULT_PASSWORD, crypt_ftr->master_key,
3806 crypt_ftr->salt, crypt_ftr)) {
3807 SLOGE("Cannot create encrypted master key\n");
3808 return -1;
3809 }
3810
3811 //crypt_ftr->keysize = key_length / 8;
3812 return 0;
3813}
3814
3815int cryptfs_get_master_key(struct crypt_mnt_ftr* ftr, const char* password,
3816 unsigned char* master_key)
3817{
3818 int rc;
3819
Paul Lawrence731a7a22015-04-28 22:14:15 +00003820 unsigned char* intermediate_key = 0;
3821 size_t intermediate_key_size = 0;
Paul Lawrencec78c71b2015-04-14 15:26:29 -07003822
3823 if (password == 0 || *password == 0) {
3824 password = DEFAULT_PASSWORD;
3825 }
3826
Paul Lawrence731a7a22015-04-28 22:14:15 +00003827 rc = decrypt_master_key(password, master_key, ftr, &intermediate_key,
3828 &intermediate_key_size);
3829
Paul Lawrence300dae72016-03-11 11:02:52 -08003830 if (rc) {
3831 SLOGE("Can't calculate intermediate key");
3832 return rc;
3833 }
3834
Paul Lawrencec78c71b2015-04-14 15:26:29 -07003835 int N = 1 << ftr->N_factor;
3836 int r = 1 << ftr->r_factor;
3837 int p = 1 << ftr->p_factor;
3838
3839 unsigned char scrypted_intermediate_key[sizeof(ftr->scrypted_intermediate_key)];
3840
3841 rc = crypto_scrypt(intermediate_key, intermediate_key_size,
3842 ftr->salt, sizeof(ftr->salt), N, r, p,
3843 scrypted_intermediate_key,
3844 sizeof(scrypted_intermediate_key));
3845
3846 free(intermediate_key);
3847
3848 if (rc) {
Paul Lawrence300dae72016-03-11 11:02:52 -08003849 SLOGE("Can't scrypt intermediate key");
Paul Lawrencec78c71b2015-04-14 15:26:29 -07003850 return rc;
3851 }
3852
3853 return memcmp(scrypted_intermediate_key, ftr->scrypted_intermediate_key,
3854 intermediate_key_size);
Paul Lawrence731a7a22015-04-28 22:14:15 +00003855}
3856
3857int cryptfs_set_password(struct crypt_mnt_ftr* ftr, const char* password,
3858 const unsigned char* master_key)
3859{
3860 return encrypt_master_key(password, ftr->salt, master_key, ftr->master_key,
3861 ftr);
3862}