cryptfs.c revision 9c58a871f9fb356409d3b90734bf706d1463f041
1/* 2 * Copyright (C) 2010 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17/* TO DO: 18 * 1. Perhaps keep several copies of the encrypted key, in case something 19 * goes horribly wrong? 20 * 21 */ 22 23#include <sys/types.h> 24#include <sys/wait.h> 25#include <sys/stat.h> 26#include <ctype.h> 27#include <fcntl.h> 28#include <inttypes.h> 29#include <unistd.h> 30#include <stdio.h> 31#include <sys/ioctl.h> 32#include <linux/dm-ioctl.h> 33#include <libgen.h> 34#include <stdlib.h> 35#include <sys/param.h> 36#include <string.h> 37#include <sys/mount.h> 38#include <openssl/evp.h> 39#include <errno.h> 40#include <ext4.h> 41#include <linux/kdev_t.h> 42#include <fs_mgr.h> 43#include <time.h> 44#include "cryptfs.h" 45#define LOG_TAG "Cryptfs" 46#include "cutils/log.h" 47#include "cutils/properties.h" 48#include "cutils/android_reboot.h" 49#include "hardware_legacy/power.h" 50#include <logwrap/logwrap.h> 51#include "VolumeManager.h" 52#include "VoldUtil.h" 53#include "crypto_scrypt.h" 54#include "ext4_utils.h" 55#include "f2fs_sparseblock.h" 56#include "CheckBattery.h" 57#include "Process.h" 58 59#include <hardware/keymaster.h> 60 61#define UNUSED __attribute__((unused)) 62 63#define UNUSED __attribute__((unused)) 64 65#define DM_CRYPT_BUF_SIZE 4096 66 67#define HASH_COUNT 2000 68#define KEY_LEN_BYTES 16 69#define IV_LEN_BYTES 16 70 71#define KEY_IN_FOOTER "footer" 72 73// "default_password" encoded into hex (d=0x64 etc) 74#define DEFAULT_PASSWORD "64656661756c745f70617373776f7264" 75 76#define EXT4_FS 1 77#define F2FS_FS 2 78 79#define TABLE_LOAD_RETRIES 10 80 81#define RSA_KEY_SIZE 2048 82#define RSA_KEY_SIZE_BYTES (RSA_KEY_SIZE / 8) 83#define RSA_EXPONENT 0x10001 84 85#define RETRY_MOUNT_ATTEMPTS 10 86#define RETRY_MOUNT_DELAY_SECONDS 1 87 88char *me = "cryptfs"; 89 90static unsigned char saved_master_key[KEY_LEN_BYTES]; 91static char *saved_mount_point; 92static int master_key_saved = 0; 93static struct crypt_persist_data *persist_data = NULL; 94 95static int keymaster_init(keymaster_device_t **keymaster_dev) 96{ 97 int rc; 98 99 const hw_module_t* mod; 100 rc = hw_get_module_by_class(KEYSTORE_HARDWARE_MODULE_ID, NULL, &mod); 101 if (rc) { 102 ALOGE("could not find any keystore module"); 103 goto out; 104 } 105 106 rc = keymaster_open(mod, keymaster_dev); 107 if (rc) { 108 ALOGE("could not open keymaster device in %s (%s)", 109 KEYSTORE_HARDWARE_MODULE_ID, strerror(-rc)); 110 goto out; 111 } 112 113 return 0; 114 115out: 116 *keymaster_dev = NULL; 117 return rc; 118} 119 120/* Should we use keymaster? */ 121static int keymaster_check_compatibility() 122{ 123 keymaster_device_t *keymaster_dev = 0; 124 int rc = 0; 125 126 if (keymaster_init(&keymaster_dev)) { 127 SLOGE("Failed to init keymaster"); 128 rc = -1; 129 goto out; 130 } 131 132 SLOGI("keymaster version is %d", keymaster_dev->common.module->module_api_version); 133 134 if (keymaster_dev->common.module->module_api_version 135 < KEYMASTER_MODULE_API_VERSION_0_3) { 136 rc = 0; 137 goto out; 138 } 139 140 if (keymaster_dev->flags & KEYMASTER_BLOBS_ARE_STANDALONE) { 141 rc = 1; 142 } 143 144out: 145 keymaster_close(keymaster_dev); 146 return rc; 147} 148 149/* Create a new keymaster key and store it in this footer */ 150static int keymaster_create_key(struct crypt_mnt_ftr *ftr) 151{ 152 uint8_t* key = 0; 153 keymaster_device_t *keymaster_dev = 0; 154 155 if (keymaster_init(&keymaster_dev)) { 156 SLOGE("Failed to init keymaster"); 157 return -1; 158 } 159 160 int rc = 0; 161 162 keymaster_rsa_keygen_params_t params; 163 memset(¶ms, '\0', sizeof(params)); 164 params.public_exponent = RSA_EXPONENT; 165 params.modulus_size = RSA_KEY_SIZE; 166 167 size_t key_size; 168 if (keymaster_dev->generate_keypair(keymaster_dev, TYPE_RSA, ¶ms, 169 &key, &key_size)) { 170 SLOGE("Failed to generate keypair"); 171 rc = -1; 172 goto out; 173 } 174 175 if (key_size > KEYMASTER_BLOB_SIZE) { 176 SLOGE("Keymaster key too large for crypto footer"); 177 rc = -1; 178 goto out; 179 } 180 181 memcpy(ftr->keymaster_blob, key, key_size); 182 ftr->keymaster_blob_size = key_size; 183 184out: 185 keymaster_close(keymaster_dev); 186 free(key); 187 return rc; 188} 189 190/* This signs the given object using the keymaster key. */ 191static int keymaster_sign_object(struct crypt_mnt_ftr *ftr, 192 const unsigned char *object, 193 const size_t object_size, 194 unsigned char **signature, 195 size_t *signature_size) 196{ 197 int rc = 0; 198 keymaster_device_t *keymaster_dev = 0; 199 if (keymaster_init(&keymaster_dev)) { 200 SLOGE("Failed to init keymaster"); 201 return -1; 202 } 203 204 /* We currently set the digest type to DIGEST_NONE because it's the 205 * only supported value for keymaster. A similar issue exists with 206 * PADDING_NONE. Long term both of these should likely change. 207 */ 208 keymaster_rsa_sign_params_t params; 209 params.digest_type = DIGEST_NONE; 210 params.padding_type = PADDING_NONE; 211 212 unsigned char to_sign[RSA_KEY_SIZE_BYTES]; 213 size_t to_sign_size = sizeof(to_sign); 214 memset(to_sign, 0, RSA_KEY_SIZE_BYTES); 215 216 // To sign a message with RSA, the message must satisfy two 217 // constraints: 218 // 219 // 1. The message, when interpreted as a big-endian numeric value, must 220 // be strictly less than the public modulus of the RSA key. Note 221 // that because the most significant bit of the public modulus is 222 // guaranteed to be 1 (else it's an (n-1)-bit key, not an n-bit 223 // key), an n-bit message with most significant bit 0 always 224 // satisfies this requirement. 225 // 226 // 2. The message must have the same length in bits as the public 227 // modulus of the RSA key. This requirement isn't mathematically 228 // necessary, but is necessary to ensure consistency in 229 // implementations. 230 switch (ftr->kdf_type) { 231 case KDF_SCRYPT_KEYMASTER_UNPADDED: 232 // This is broken: It produces a message which is shorter than 233 // the public modulus, failing criterion 2. 234 memcpy(to_sign, object, object_size); 235 to_sign_size = object_size; 236 SLOGI("Signing unpadded object"); 237 break; 238 case KDF_SCRYPT_KEYMASTER_BADLY_PADDED: 239 // This is broken: Since the value of object is uniformly 240 // distributed, it produces a message that is larger than the 241 // public modulus with probability 0.25. 242 memcpy(to_sign, object, min(RSA_KEY_SIZE_BYTES, object_size)); 243 SLOGI("Signing end-padded object"); 244 break; 245 case KDF_SCRYPT_KEYMASTER: 246 // This ensures the most significant byte of the signed message 247 // is zero. We could have zero-padded to the left instead, but 248 // this approach is slightly more robust against changes in 249 // object size. However, it's still broken (but not unusably 250 // so) because we really should be using a proper RSA padding 251 // function, such as OAEP. 252 // 253 // TODO(paullawrence): When keymaster 0.4 is available, change 254 // this to use the padding options it provides. 255 memcpy(to_sign + 1, object, min(RSA_KEY_SIZE_BYTES - 1, object_size)); 256 SLOGI("Signing safely-padded object"); 257 break; 258 default: 259 SLOGE("Unknown KDF type %d", ftr->kdf_type); 260 return -1; 261 } 262 263 rc = keymaster_dev->sign_data(keymaster_dev, 264 ¶ms, 265 ftr->keymaster_blob, 266 ftr->keymaster_blob_size, 267 to_sign, 268 to_sign_size, 269 signature, 270 signature_size); 271 272 keymaster_close(keymaster_dev); 273 return rc; 274} 275 276/* Store password when userdata is successfully decrypted and mounted. 277 * Cleared by cryptfs_clear_password 278 * 279 * To avoid a double prompt at boot, we need to store the CryptKeeper 280 * password and pass it to KeyGuard, which uses it to unlock KeyStore. 281 * Since the entire framework is torn down and rebuilt after encryption, 282 * we have to use a daemon or similar to store the password. Since vold 283 * is secured against IPC except from system processes, it seems a reasonable 284 * place to store this. 285 * 286 * password should be cleared once it has been used. 287 * 288 * password is aged out after password_max_age_seconds seconds. 289 */ 290static char* password = 0; 291static int password_expiry_time = 0; 292static const int password_max_age_seconds = 60; 293 294extern struct fstab *fstab; 295 296enum RebootType {reboot, recovery, shutdown}; 297static void cryptfs_reboot(enum RebootType rt) 298{ 299 switch(rt) { 300 case reboot: 301 property_set(ANDROID_RB_PROPERTY, "reboot"); 302 break; 303 304 case recovery: 305 property_set(ANDROID_RB_PROPERTY, "reboot,recovery"); 306 break; 307 308 case shutdown: 309 property_set(ANDROID_RB_PROPERTY, "shutdown"); 310 break; 311 } 312 313 sleep(20); 314 315 /* Shouldn't get here, reboot should happen before sleep times out */ 316 return; 317} 318 319static void ioctl_init(struct dm_ioctl *io, size_t dataSize, const char *name, unsigned flags) 320{ 321 memset(io, 0, dataSize); 322 io->data_size = dataSize; 323 io->data_start = sizeof(struct dm_ioctl); 324 io->version[0] = 4; 325 io->version[1] = 0; 326 io->version[2] = 0; 327 io->flags = flags; 328 if (name) { 329 strncpy(io->name, name, sizeof(io->name)); 330 } 331} 332 333/** 334 * Gets the default device scrypt parameters for key derivation time tuning. 335 * The parameters should lead to about one second derivation time for the 336 * given device. 337 */ 338static void get_device_scrypt_params(struct crypt_mnt_ftr *ftr) { 339 const int default_params[] = SCRYPT_DEFAULTS; 340 int params[] = SCRYPT_DEFAULTS; 341 char paramstr[PROPERTY_VALUE_MAX]; 342 char *token; 343 char *saveptr; 344 int i; 345 346 property_get(SCRYPT_PROP, paramstr, ""); 347 if (paramstr[0] != '\0') { 348 /* 349 * The token we're looking for should be three integers separated by 350 * colons (e.g., "12:8:1"). Scan the property to make sure it matches. 351 */ 352 for (i = 0, token = strtok_r(paramstr, ":", &saveptr); 353 token != NULL && i < 3; 354 i++, token = strtok_r(NULL, ":", &saveptr)) { 355 char *endptr; 356 params[i] = strtol(token, &endptr, 10); 357 358 /* 359 * Check that there was a valid number and it's 8-bit. If not, 360 * break out and the end check will take the default values. 361 */ 362 if ((*token == '\0') || (*endptr != '\0') || params[i] < 0 || params[i] > 255) { 363 break; 364 } 365 } 366 367 /* 368 * If there were not enough tokens or a token was malformed (not an 369 * integer), it will end up here and the default parameters can be 370 * taken. 371 */ 372 if ((i != 3) || (token != NULL)) { 373 SLOGW("bad scrypt parameters '%s' should be like '12:8:1'; using defaults", paramstr); 374 memcpy(params, default_params, sizeof(params)); 375 } 376 } 377 378 ftr->N_factor = params[0]; 379 ftr->r_factor = params[1]; 380 ftr->p_factor = params[2]; 381} 382 383static unsigned int get_fs_size(char *dev) 384{ 385 int fd, block_size; 386 struct ext4_super_block sb; 387 off64_t len; 388 389 if ((fd = open(dev, O_RDONLY)) < 0) { 390 SLOGE("Cannot open device to get filesystem size "); 391 return 0; 392 } 393 394 if (lseek64(fd, 1024, SEEK_SET) < 0) { 395 SLOGE("Cannot seek to superblock"); 396 return 0; 397 } 398 399 if (read(fd, &sb, sizeof(sb)) != sizeof(sb)) { 400 SLOGE("Cannot read superblock"); 401 return 0; 402 } 403 404 close(fd); 405 406 if (le32_to_cpu(sb.s_magic) != EXT4_SUPER_MAGIC) { 407 SLOGE("Not a valid ext4 superblock"); 408 return 0; 409 } 410 block_size = 1024 << sb.s_log_block_size; 411 /* compute length in bytes */ 412 len = ( ((off64_t)sb.s_blocks_count_hi << 32) + sb.s_blocks_count_lo) * block_size; 413 414 /* return length in sectors */ 415 return (unsigned int) (len / 512); 416} 417 418static int get_crypt_ftr_info(char **metadata_fname, off64_t *off) 419{ 420 static int cached_data = 0; 421 static off64_t cached_off = 0; 422 static char cached_metadata_fname[PROPERTY_VALUE_MAX] = ""; 423 int fd; 424 char key_loc[PROPERTY_VALUE_MAX]; 425 char real_blkdev[PROPERTY_VALUE_MAX]; 426 unsigned int nr_sec; 427 int rc = -1; 428 429 if (!cached_data) { 430 fs_mgr_get_crypt_info(fstab, key_loc, real_blkdev, sizeof(key_loc)); 431 432 if (!strcmp(key_loc, KEY_IN_FOOTER)) { 433 if ( (fd = open(real_blkdev, O_RDWR)) < 0) { 434 SLOGE("Cannot open real block device %s\n", real_blkdev); 435 return -1; 436 } 437 438 if ((nr_sec = get_blkdev_size(fd))) { 439 /* If it's an encrypted Android partition, the last 16 Kbytes contain the 440 * encryption info footer and key, and plenty of bytes to spare for future 441 * growth. 442 */ 443 strlcpy(cached_metadata_fname, real_blkdev, sizeof(cached_metadata_fname)); 444 cached_off = ((off64_t)nr_sec * 512) - CRYPT_FOOTER_OFFSET; 445 cached_data = 1; 446 } else { 447 SLOGE("Cannot get size of block device %s\n", real_blkdev); 448 } 449 close(fd); 450 } else { 451 strlcpy(cached_metadata_fname, key_loc, sizeof(cached_metadata_fname)); 452 cached_off = 0; 453 cached_data = 1; 454 } 455 } 456 457 if (cached_data) { 458 if (metadata_fname) { 459 *metadata_fname = cached_metadata_fname; 460 } 461 if (off) { 462 *off = cached_off; 463 } 464 rc = 0; 465 } 466 467 return rc; 468} 469 470/* key or salt can be NULL, in which case just skip writing that value. Useful to 471 * update the failed mount count but not change the key. 472 */ 473static int put_crypt_ftr_and_key(struct crypt_mnt_ftr *crypt_ftr) 474{ 475 int fd; 476 unsigned int nr_sec, cnt; 477 /* starting_off is set to the SEEK_SET offset 478 * where the crypto structure starts 479 */ 480 off64_t starting_off; 481 int rc = -1; 482 char *fname = NULL; 483 struct stat statbuf; 484 485 if (get_crypt_ftr_info(&fname, &starting_off)) { 486 SLOGE("Unable to get crypt_ftr_info\n"); 487 return -1; 488 } 489 if (fname[0] != '/') { 490 SLOGE("Unexpected value for crypto key location\n"); 491 return -1; 492 } 493 if ( (fd = open(fname, O_RDWR | O_CREAT, 0600)) < 0) { 494 SLOGE("Cannot open footer file %s for put\n", fname); 495 return -1; 496 } 497 498 /* Seek to the start of the crypt footer */ 499 if (lseek64(fd, starting_off, SEEK_SET) == -1) { 500 SLOGE("Cannot seek to real block device footer\n"); 501 goto errout; 502 } 503 504 if ((cnt = write(fd, crypt_ftr, sizeof(struct crypt_mnt_ftr))) != sizeof(struct crypt_mnt_ftr)) { 505 SLOGE("Cannot write real block device footer\n"); 506 goto errout; 507 } 508 509 fstat(fd, &statbuf); 510 /* If the keys are kept on a raw block device, do not try to truncate it. */ 511 if (S_ISREG(statbuf.st_mode)) { 512 if (ftruncate(fd, 0x4000)) { 513 SLOGE("Cannot set footer file size\n"); 514 goto errout; 515 } 516 } 517 518 /* Success! */ 519 rc = 0; 520 521errout: 522 close(fd); 523 return rc; 524 525} 526 527static inline int unix_read(int fd, void* buff, int len) 528{ 529 return TEMP_FAILURE_RETRY(read(fd, buff, len)); 530} 531 532static inline int unix_write(int fd, const void* buff, int len) 533{ 534 return TEMP_FAILURE_RETRY(write(fd, buff, len)); 535} 536 537static void init_empty_persist_data(struct crypt_persist_data *pdata, int len) 538{ 539 memset(pdata, 0, len); 540 pdata->persist_magic = PERSIST_DATA_MAGIC; 541 pdata->persist_valid_entries = 0; 542} 543 544/* A routine to update the passed in crypt_ftr to the lastest version. 545 * fd is open read/write on the device that holds the crypto footer and persistent 546 * data, crypt_ftr is a pointer to the struct to be updated, and offset is the 547 * absolute offset to the start of the crypt_mnt_ftr on the passed in fd. 548 */ 549static void upgrade_crypt_ftr(int fd, struct crypt_mnt_ftr *crypt_ftr, off64_t offset) 550{ 551 int orig_major = crypt_ftr->major_version; 552 int orig_minor = crypt_ftr->minor_version; 553 554 if ((crypt_ftr->major_version == 1) && (crypt_ftr->minor_version == 0)) { 555 struct crypt_persist_data *pdata; 556 off64_t pdata_offset = offset + CRYPT_FOOTER_TO_PERSIST_OFFSET; 557 558 SLOGW("upgrading crypto footer to 1.1"); 559 560 pdata = malloc(CRYPT_PERSIST_DATA_SIZE); 561 if (pdata == NULL) { 562 SLOGE("Cannot allocate persisent data\n"); 563 return; 564 } 565 memset(pdata, 0, CRYPT_PERSIST_DATA_SIZE); 566 567 /* Need to initialize the persistent data area */ 568 if (lseek64(fd, pdata_offset, SEEK_SET) == -1) { 569 SLOGE("Cannot seek to persisent data offset\n"); 570 return; 571 } 572 /* Write all zeros to the first copy, making it invalid */ 573 unix_write(fd, pdata, CRYPT_PERSIST_DATA_SIZE); 574 575 /* Write a valid but empty structure to the second copy */ 576 init_empty_persist_data(pdata, CRYPT_PERSIST_DATA_SIZE); 577 unix_write(fd, pdata, CRYPT_PERSIST_DATA_SIZE); 578 579 /* Update the footer */ 580 crypt_ftr->persist_data_size = CRYPT_PERSIST_DATA_SIZE; 581 crypt_ftr->persist_data_offset[0] = pdata_offset; 582 crypt_ftr->persist_data_offset[1] = pdata_offset + CRYPT_PERSIST_DATA_SIZE; 583 crypt_ftr->minor_version = 1; 584 } 585 586 if ((crypt_ftr->major_version == 1) && (crypt_ftr->minor_version == 1)) { 587 SLOGW("upgrading crypto footer to 1.2"); 588 /* But keep the old kdf_type. 589 * It will get updated later to KDF_SCRYPT after the password has been verified. 590 */ 591 crypt_ftr->kdf_type = KDF_PBKDF2; 592 get_device_scrypt_params(crypt_ftr); 593 crypt_ftr->minor_version = 2; 594 } 595 596 if ((crypt_ftr->major_version == 1) && (crypt_ftr->minor_version == 2)) { 597 SLOGW("upgrading crypto footer to 1.3"); 598 crypt_ftr->crypt_type = CRYPT_TYPE_PASSWORD; 599 crypt_ftr->minor_version = 3; 600 } 601 602 if ((orig_major != crypt_ftr->major_version) || (orig_minor != crypt_ftr->minor_version)) { 603 if (lseek64(fd, offset, SEEK_SET) == -1) { 604 SLOGE("Cannot seek to crypt footer\n"); 605 return; 606 } 607 unix_write(fd, crypt_ftr, sizeof(struct crypt_mnt_ftr)); 608 } 609} 610 611 612static int get_crypt_ftr_and_key(struct crypt_mnt_ftr *crypt_ftr) 613{ 614 int fd; 615 unsigned int nr_sec, cnt; 616 off64_t starting_off; 617 int rc = -1; 618 char *fname = NULL; 619 struct stat statbuf; 620 621 if (get_crypt_ftr_info(&fname, &starting_off)) { 622 SLOGE("Unable to get crypt_ftr_info\n"); 623 return -1; 624 } 625 if (fname[0] != '/') { 626 SLOGE("Unexpected value for crypto key location\n"); 627 return -1; 628 } 629 if ( (fd = open(fname, O_RDWR)) < 0) { 630 SLOGE("Cannot open footer file %s for get\n", fname); 631 return -1; 632 } 633 634 /* Make sure it's 16 Kbytes in length */ 635 fstat(fd, &statbuf); 636 if (S_ISREG(statbuf.st_mode) && (statbuf.st_size != 0x4000)) { 637 SLOGE("footer file %s is not the expected size!\n", fname); 638 goto errout; 639 } 640 641 /* Seek to the start of the crypt footer */ 642 if (lseek64(fd, starting_off, SEEK_SET) == -1) { 643 SLOGE("Cannot seek to real block device footer\n"); 644 goto errout; 645 } 646 647 if ( (cnt = read(fd, crypt_ftr, sizeof(struct crypt_mnt_ftr))) != sizeof(struct crypt_mnt_ftr)) { 648 SLOGE("Cannot read real block device footer\n"); 649 goto errout; 650 } 651 652 if (crypt_ftr->magic != CRYPT_MNT_MAGIC) { 653 SLOGE("Bad magic for real block device %s\n", fname); 654 goto errout; 655 } 656 657 if (crypt_ftr->major_version != CURRENT_MAJOR_VERSION) { 658 SLOGE("Cannot understand major version %d real block device footer; expected %d\n", 659 crypt_ftr->major_version, CURRENT_MAJOR_VERSION); 660 goto errout; 661 } 662 663 if (crypt_ftr->minor_version > CURRENT_MINOR_VERSION) { 664 SLOGW("Warning: crypto footer minor version %d, expected <= %d, continuing...\n", 665 crypt_ftr->minor_version, CURRENT_MINOR_VERSION); 666 } 667 668 /* If this is a verion 1.0 crypt_ftr, make it a 1.1 crypt footer, and update the 669 * copy on disk before returning. 670 */ 671 if (crypt_ftr->minor_version < CURRENT_MINOR_VERSION) { 672 upgrade_crypt_ftr(fd, crypt_ftr, starting_off); 673 } 674 675 /* Success! */ 676 rc = 0; 677 678errout: 679 close(fd); 680 return rc; 681} 682 683static int validate_persistent_data_storage(struct crypt_mnt_ftr *crypt_ftr) 684{ 685 if (crypt_ftr->persist_data_offset[0] + crypt_ftr->persist_data_size > 686 crypt_ftr->persist_data_offset[1]) { 687 SLOGE("Crypt_ftr persist data regions overlap"); 688 return -1; 689 } 690 691 if (crypt_ftr->persist_data_offset[0] >= crypt_ftr->persist_data_offset[1]) { 692 SLOGE("Crypt_ftr persist data region 0 starts after region 1"); 693 return -1; 694 } 695 696 if (((crypt_ftr->persist_data_offset[1] + crypt_ftr->persist_data_size) - 697 (crypt_ftr->persist_data_offset[0] - CRYPT_FOOTER_TO_PERSIST_OFFSET)) > 698 CRYPT_FOOTER_OFFSET) { 699 SLOGE("Persistent data extends past crypto footer"); 700 return -1; 701 } 702 703 return 0; 704} 705 706static int load_persistent_data(void) 707{ 708 struct crypt_mnt_ftr crypt_ftr; 709 struct crypt_persist_data *pdata = NULL; 710 char encrypted_state[PROPERTY_VALUE_MAX]; 711 char *fname; 712 int found = 0; 713 int fd; 714 int ret; 715 int i; 716 717 if (persist_data) { 718 /* Nothing to do, we've already loaded or initialized it */ 719 return 0; 720 } 721 722 723 /* If not encrypted, just allocate an empty table and initialize it */ 724 property_get("ro.crypto.state", encrypted_state, ""); 725 if (strcmp(encrypted_state, "encrypted") ) { 726 pdata = malloc(CRYPT_PERSIST_DATA_SIZE); 727 if (pdata) { 728 init_empty_persist_data(pdata, CRYPT_PERSIST_DATA_SIZE); 729 persist_data = pdata; 730 return 0; 731 } 732 return -1; 733 } 734 735 if(get_crypt_ftr_and_key(&crypt_ftr)) { 736 return -1; 737 } 738 739 if ((crypt_ftr.major_version < 1) 740 || (crypt_ftr.major_version == 1 && crypt_ftr.minor_version < 1)) { 741 SLOGE("Crypt_ftr version doesn't support persistent data"); 742 return -1; 743 } 744 745 if (get_crypt_ftr_info(&fname, NULL)) { 746 return -1; 747 } 748 749 ret = validate_persistent_data_storage(&crypt_ftr); 750 if (ret) { 751 return -1; 752 } 753 754 fd = open(fname, O_RDONLY); 755 if (fd < 0) { 756 SLOGE("Cannot open %s metadata file", fname); 757 return -1; 758 } 759 760 if (persist_data == NULL) { 761 pdata = malloc(crypt_ftr.persist_data_size); 762 if (pdata == NULL) { 763 SLOGE("Cannot allocate memory for persistent data"); 764 goto err; 765 } 766 } 767 768 for (i = 0; i < 2; i++) { 769 if (lseek64(fd, crypt_ftr.persist_data_offset[i], SEEK_SET) < 0) { 770 SLOGE("Cannot seek to read persistent data on %s", fname); 771 goto err2; 772 } 773 if (unix_read(fd, pdata, crypt_ftr.persist_data_size) < 0){ 774 SLOGE("Error reading persistent data on iteration %d", i); 775 goto err2; 776 } 777 if (pdata->persist_magic == PERSIST_DATA_MAGIC) { 778 found = 1; 779 break; 780 } 781 } 782 783 if (!found) { 784 SLOGI("Could not find valid persistent data, creating"); 785 init_empty_persist_data(pdata, crypt_ftr.persist_data_size); 786 } 787 788 /* Success */ 789 persist_data = pdata; 790 close(fd); 791 return 0; 792 793err2: 794 free(pdata); 795 796err: 797 close(fd); 798 return -1; 799} 800 801static int save_persistent_data(void) 802{ 803 struct crypt_mnt_ftr crypt_ftr; 804 struct crypt_persist_data *pdata; 805 char *fname; 806 off64_t write_offset; 807 off64_t erase_offset; 808 int found = 0; 809 int fd; 810 int ret; 811 812 if (persist_data == NULL) { 813 SLOGE("No persistent data to save"); 814 return -1; 815 } 816 817 if(get_crypt_ftr_and_key(&crypt_ftr)) { 818 return -1; 819 } 820 821 if ((crypt_ftr.major_version < 1) 822 || (crypt_ftr.major_version == 1 && crypt_ftr.minor_version < 1)) { 823 SLOGE("Crypt_ftr version doesn't support persistent data"); 824 return -1; 825 } 826 827 ret = validate_persistent_data_storage(&crypt_ftr); 828 if (ret) { 829 return -1; 830 } 831 832 if (get_crypt_ftr_info(&fname, NULL)) { 833 return -1; 834 } 835 836 fd = open(fname, O_RDWR); 837 if (fd < 0) { 838 SLOGE("Cannot open %s metadata file", fname); 839 return -1; 840 } 841 842 pdata = malloc(crypt_ftr.persist_data_size); 843 if (pdata == NULL) { 844 SLOGE("Cannot allocate persistant data"); 845 goto err; 846 } 847 848 if (lseek64(fd, crypt_ftr.persist_data_offset[0], SEEK_SET) < 0) { 849 SLOGE("Cannot seek to read persistent data on %s", fname); 850 goto err2; 851 } 852 853 if (unix_read(fd, pdata, crypt_ftr.persist_data_size) < 0) { 854 SLOGE("Error reading persistent data before save"); 855 goto err2; 856 } 857 858 if (pdata->persist_magic == PERSIST_DATA_MAGIC) { 859 /* The first copy is the curent valid copy, so write to 860 * the second copy and erase this one */ 861 write_offset = crypt_ftr.persist_data_offset[1]; 862 erase_offset = crypt_ftr.persist_data_offset[0]; 863 } else { 864 /* The second copy must be the valid copy, so write to 865 * the first copy, and erase the second */ 866 write_offset = crypt_ftr.persist_data_offset[0]; 867 erase_offset = crypt_ftr.persist_data_offset[1]; 868 } 869 870 /* Write the new copy first, if successful, then erase the old copy */ 871 if (lseek(fd, write_offset, SEEK_SET) < 0) { 872 SLOGE("Cannot seek to write persistent data"); 873 goto err2; 874 } 875 if (unix_write(fd, persist_data, crypt_ftr.persist_data_size) == 876 (int) crypt_ftr.persist_data_size) { 877 if (lseek(fd, erase_offset, SEEK_SET) < 0) { 878 SLOGE("Cannot seek to erase previous persistent data"); 879 goto err2; 880 } 881 fsync(fd); 882 memset(pdata, 0, crypt_ftr.persist_data_size); 883 if (unix_write(fd, pdata, crypt_ftr.persist_data_size) != 884 (int) crypt_ftr.persist_data_size) { 885 SLOGE("Cannot write to erase previous persistent data"); 886 goto err2; 887 } 888 fsync(fd); 889 } else { 890 SLOGE("Cannot write to save persistent data"); 891 goto err2; 892 } 893 894 /* Success */ 895 free(pdata); 896 close(fd); 897 return 0; 898 899err2: 900 free(pdata); 901err: 902 close(fd); 903 return -1; 904} 905 906static int hexdigit (char c) 907{ 908 if (c >= '0' && c <= '9') return c - '0'; 909 c = tolower(c); 910 if (c >= 'a' && c <= 'f') return c - 'a' + 10; 911 return -1; 912} 913 914static unsigned char* convert_hex_ascii_to_key(const char* master_key_ascii, 915 unsigned int* out_keysize) 916{ 917 unsigned int i; 918 *out_keysize = 0; 919 920 size_t size = strlen (master_key_ascii); 921 if (size % 2) { 922 SLOGE("Trying to convert ascii string of odd length"); 923 return NULL; 924 } 925 926 unsigned char* master_key = (unsigned char*) malloc(size / 2); 927 if (master_key == 0) { 928 SLOGE("Cannot allocate"); 929 return NULL; 930 } 931 932 for (i = 0; i < size; i += 2) { 933 int high_nibble = hexdigit (master_key_ascii[i]); 934 int low_nibble = hexdigit (master_key_ascii[i + 1]); 935 936 if(high_nibble < 0 || low_nibble < 0) { 937 SLOGE("Invalid hex string"); 938 free (master_key); 939 return NULL; 940 } 941 942 master_key[*out_keysize] = high_nibble * 16 + low_nibble; 943 (*out_keysize)++; 944 } 945 946 return master_key; 947} 948 949/* Convert a binary key of specified length into an ascii hex string equivalent, 950 * without the leading 0x and with null termination 951 */ 952static void convert_key_to_hex_ascii(unsigned char *master_key, unsigned int keysize, 953 char *master_key_ascii) 954{ 955 unsigned int i, a; 956 unsigned char nibble; 957 958 for (i=0, a=0; i<keysize; i++, a+=2) { 959 /* For each byte, write out two ascii hex digits */ 960 nibble = (master_key[i] >> 4) & 0xf; 961 master_key_ascii[a] = nibble + (nibble > 9 ? 0x37 : 0x30); 962 963 nibble = master_key[i] & 0xf; 964 master_key_ascii[a+1] = nibble + (nibble > 9 ? 0x37 : 0x30); 965 } 966 967 /* Add the null termination */ 968 master_key_ascii[a] = '\0'; 969 970} 971 972static int load_crypto_mapping_table(struct crypt_mnt_ftr *crypt_ftr, unsigned char *master_key, 973 char *real_blk_name, const char *name, int fd, 974 char *extra_params) 975{ 976 char buffer[DM_CRYPT_BUF_SIZE]; 977 struct dm_ioctl *io; 978 struct dm_target_spec *tgt; 979 char *crypt_params; 980 char master_key_ascii[129]; /* Large enough to hold 512 bit key and null */ 981 int i; 982 983 io = (struct dm_ioctl *) buffer; 984 985 /* Load the mapping table for this device */ 986 tgt = (struct dm_target_spec *) &buffer[sizeof(struct dm_ioctl)]; 987 988 ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0); 989 io->target_count = 1; 990 tgt->status = 0; 991 tgt->sector_start = 0; 992 tgt->length = crypt_ftr->fs_size; 993 strcpy(tgt->target_type, "crypt"); 994 995 crypt_params = buffer + sizeof(struct dm_ioctl) + sizeof(struct dm_target_spec); 996 convert_key_to_hex_ascii(master_key, crypt_ftr->keysize, master_key_ascii); 997 sprintf(crypt_params, "%s %s 0 %s 0 %s", crypt_ftr->crypto_type_name, 998 master_key_ascii, real_blk_name, extra_params); 999 crypt_params += strlen(crypt_params) + 1; 1000 crypt_params = (char *) (((unsigned long)crypt_params + 7) & ~8); /* Align to an 8 byte boundary */ 1001 tgt->next = crypt_params - buffer; 1002 1003 for (i = 0; i < TABLE_LOAD_RETRIES; i++) { 1004 if (! ioctl(fd, DM_TABLE_LOAD, io)) { 1005 break; 1006 } 1007 usleep(500000); 1008 } 1009 1010 if (i == TABLE_LOAD_RETRIES) { 1011 /* We failed to load the table, return an error */ 1012 return -1; 1013 } else { 1014 return i + 1; 1015 } 1016} 1017 1018 1019static int get_dm_crypt_version(int fd, const char *name, int *version) 1020{ 1021 char buffer[DM_CRYPT_BUF_SIZE]; 1022 struct dm_ioctl *io; 1023 struct dm_target_versions *v; 1024 int i; 1025 1026 io = (struct dm_ioctl *) buffer; 1027 1028 ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0); 1029 1030 if (ioctl(fd, DM_LIST_VERSIONS, io)) { 1031 return -1; 1032 } 1033 1034 /* Iterate over the returned versions, looking for name of "crypt". 1035 * When found, get and return the version. 1036 */ 1037 v = (struct dm_target_versions *) &buffer[sizeof(struct dm_ioctl)]; 1038 while (v->next) { 1039 if (! strcmp(v->name, "crypt")) { 1040 /* We found the crypt driver, return the version, and get out */ 1041 version[0] = v->version[0]; 1042 version[1] = v->version[1]; 1043 version[2] = v->version[2]; 1044 return 0; 1045 } 1046 v = (struct dm_target_versions *)(((char *)v) + v->next); 1047 } 1048 1049 return -1; 1050} 1051 1052static int create_crypto_blk_dev(struct crypt_mnt_ftr *crypt_ftr, unsigned char *master_key, 1053 char *real_blk_name, char *crypto_blk_name, const char *name) 1054{ 1055 char buffer[DM_CRYPT_BUF_SIZE]; 1056 char master_key_ascii[129]; /* Large enough to hold 512 bit key and null */ 1057 char *crypt_params; 1058 struct dm_ioctl *io; 1059 struct dm_target_spec *tgt; 1060 unsigned int minor; 1061 int fd; 1062 int i; 1063 int retval = -1; 1064 int version[3]; 1065 char *extra_params; 1066 int load_count; 1067 1068 if ((fd = open("/dev/device-mapper", O_RDWR)) < 0 ) { 1069 SLOGE("Cannot open device-mapper\n"); 1070 goto errout; 1071 } 1072 1073 io = (struct dm_ioctl *) buffer; 1074 1075 ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0); 1076 if (ioctl(fd, DM_DEV_CREATE, io)) { 1077 SLOGE("Cannot create dm-crypt device\n"); 1078 goto errout; 1079 } 1080 1081 /* Get the device status, in particular, the name of it's device file */ 1082 ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0); 1083 if (ioctl(fd, DM_DEV_STATUS, io)) { 1084 SLOGE("Cannot retrieve dm-crypt device status\n"); 1085 goto errout; 1086 } 1087 minor = (io->dev & 0xff) | ((io->dev >> 12) & 0xfff00); 1088 snprintf(crypto_blk_name, MAXPATHLEN, "/dev/block/dm-%u", minor); 1089 1090 extra_params = ""; 1091 if (! get_dm_crypt_version(fd, name, version)) { 1092 /* Support for allow_discards was added in version 1.11.0 */ 1093 if ((version[0] >= 2) || 1094 ((version[0] == 1) && (version[1] >= 11))) { 1095 extra_params = "1 allow_discards"; 1096 SLOGI("Enabling support for allow_discards in dmcrypt.\n"); 1097 } 1098 } 1099 1100 load_count = load_crypto_mapping_table(crypt_ftr, master_key, real_blk_name, name, 1101 fd, extra_params); 1102 if (load_count < 0) { 1103 SLOGE("Cannot load dm-crypt mapping table.\n"); 1104 goto errout; 1105 } else if (load_count > 1) { 1106 SLOGI("Took %d tries to load dmcrypt table.\n", load_count); 1107 } 1108 1109 /* Resume this device to activate it */ 1110 ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0); 1111 1112 if (ioctl(fd, DM_DEV_SUSPEND, io)) { 1113 SLOGE("Cannot resume the dm-crypt device\n"); 1114 goto errout; 1115 } 1116 1117 /* We made it here with no errors. Woot! */ 1118 retval = 0; 1119 1120errout: 1121 close(fd); /* If fd is <0 from a failed open call, it's safe to just ignore the close error */ 1122 1123 return retval; 1124} 1125 1126static int delete_crypto_blk_dev(char *name) 1127{ 1128 int fd; 1129 char buffer[DM_CRYPT_BUF_SIZE]; 1130 struct dm_ioctl *io; 1131 int retval = -1; 1132 1133 if ((fd = open("/dev/device-mapper", O_RDWR)) < 0 ) { 1134 SLOGE("Cannot open device-mapper\n"); 1135 goto errout; 1136 } 1137 1138 io = (struct dm_ioctl *) buffer; 1139 1140 ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0); 1141 if (ioctl(fd, DM_DEV_REMOVE, io)) { 1142 SLOGE("Cannot remove dm-crypt device\n"); 1143 goto errout; 1144 } 1145 1146 /* We made it here with no errors. Woot! */ 1147 retval = 0; 1148 1149errout: 1150 close(fd); /* If fd is <0 from a failed open call, it's safe to just ignore the close error */ 1151 1152 return retval; 1153 1154} 1155 1156static int pbkdf2(const char *passwd, const unsigned char *salt, 1157 unsigned char *ikey, void *params UNUSED) 1158{ 1159 SLOGI("Using pbkdf2 for cryptfs KDF"); 1160 1161 /* Turn the password into a key and IV that can decrypt the master key */ 1162 unsigned int keysize; 1163 char* master_key = (char*)convert_hex_ascii_to_key(passwd, &keysize); 1164 if (!master_key) return -1; 1165 PKCS5_PBKDF2_HMAC_SHA1(master_key, keysize, salt, SALT_LEN, 1166 HASH_COUNT, KEY_LEN_BYTES+IV_LEN_BYTES, ikey); 1167 1168 memset(master_key, 0, keysize); 1169 free (master_key); 1170 return 0; 1171} 1172 1173static int scrypt(const char *passwd, const unsigned char *salt, 1174 unsigned char *ikey, void *params) 1175{ 1176 SLOGI("Using scrypt for cryptfs KDF"); 1177 1178 struct crypt_mnt_ftr *ftr = (struct crypt_mnt_ftr *) params; 1179 1180 int N = 1 << ftr->N_factor; 1181 int r = 1 << ftr->r_factor; 1182 int p = 1 << ftr->p_factor; 1183 1184 /* Turn the password into a key and IV that can decrypt the master key */ 1185 unsigned int keysize; 1186 unsigned char* master_key = convert_hex_ascii_to_key(passwd, &keysize); 1187 if (!master_key) return -1; 1188 crypto_scrypt(master_key, keysize, salt, SALT_LEN, N, r, p, ikey, 1189 KEY_LEN_BYTES + IV_LEN_BYTES); 1190 1191 memset(master_key, 0, keysize); 1192 free (master_key); 1193 return 0; 1194} 1195 1196static int scrypt_keymaster(const char *passwd, const unsigned char *salt, 1197 unsigned char *ikey, void *params) 1198{ 1199 SLOGI("Using scrypt with keymaster for cryptfs KDF"); 1200 1201 int rc; 1202 unsigned int key_size; 1203 size_t signature_size; 1204 unsigned char* signature; 1205 struct crypt_mnt_ftr *ftr = (struct crypt_mnt_ftr *) params; 1206 1207 int N = 1 << ftr->N_factor; 1208 int r = 1 << ftr->r_factor; 1209 int p = 1 << ftr->p_factor; 1210 1211 unsigned char* master_key = convert_hex_ascii_to_key(passwd, &key_size); 1212 if (!master_key) { 1213 SLOGE("Failed to convert passwd from hex"); 1214 return -1; 1215 } 1216 1217 rc = crypto_scrypt(master_key, key_size, salt, SALT_LEN, 1218 N, r, p, ikey, KEY_LEN_BYTES + IV_LEN_BYTES); 1219 memset(master_key, 0, key_size); 1220 free(master_key); 1221 1222 if (rc) { 1223 SLOGE("scrypt failed"); 1224 return -1; 1225 } 1226 1227 if (keymaster_sign_object(ftr, ikey, KEY_LEN_BYTES + IV_LEN_BYTES, 1228 &signature, &signature_size)) { 1229 SLOGE("Signing failed"); 1230 return -1; 1231 } 1232 1233 rc = crypto_scrypt(signature, signature_size, salt, SALT_LEN, 1234 N, r, p, ikey, KEY_LEN_BYTES + IV_LEN_BYTES); 1235 free(signature); 1236 1237 if (rc) { 1238 SLOGE("scrypt failed"); 1239 return -1; 1240 } 1241 1242 return 0; 1243} 1244 1245static int encrypt_master_key(const char *passwd, const unsigned char *salt, 1246 const unsigned char *decrypted_master_key, 1247 unsigned char *encrypted_master_key, 1248 struct crypt_mnt_ftr *crypt_ftr) 1249{ 1250 unsigned char ikey[32+32] = { 0 }; /* Big enough to hold a 256 bit key and 256 bit IV */ 1251 EVP_CIPHER_CTX e_ctx; 1252 int encrypted_len, final_len; 1253 int rc = 0; 1254 1255 /* Turn the password into an intermediate key and IV that can decrypt the master key */ 1256 get_device_scrypt_params(crypt_ftr); 1257 1258 switch (crypt_ftr->kdf_type) { 1259 case KDF_SCRYPT_KEYMASTER_UNPADDED: 1260 case KDF_SCRYPT_KEYMASTER_BADLY_PADDED: 1261 case KDF_SCRYPT_KEYMASTER: 1262 if (keymaster_create_key(crypt_ftr)) { 1263 SLOGE("keymaster_create_key failed"); 1264 return -1; 1265 } 1266 1267 if (scrypt_keymaster(passwd, salt, ikey, crypt_ftr)) { 1268 SLOGE("scrypt failed"); 1269 return -1; 1270 } 1271 break; 1272 1273 case KDF_SCRYPT: 1274 if (scrypt(passwd, salt, ikey, crypt_ftr)) { 1275 SLOGE("scrypt failed"); 1276 return -1; 1277 } 1278 break; 1279 1280 default: 1281 SLOGE("Invalid kdf_type"); 1282 return -1; 1283 } 1284 1285 /* Initialize the decryption engine */ 1286 if (! EVP_EncryptInit(&e_ctx, EVP_aes_128_cbc(), ikey, ikey+KEY_LEN_BYTES)) { 1287 SLOGE("EVP_EncryptInit failed\n"); 1288 return -1; 1289 } 1290 EVP_CIPHER_CTX_set_padding(&e_ctx, 0); /* Turn off padding as our data is block aligned */ 1291 1292 /* Encrypt the master key */ 1293 if (! EVP_EncryptUpdate(&e_ctx, encrypted_master_key, &encrypted_len, 1294 decrypted_master_key, KEY_LEN_BYTES)) { 1295 SLOGE("EVP_EncryptUpdate failed\n"); 1296 return -1; 1297 } 1298 if (! EVP_EncryptFinal(&e_ctx, encrypted_master_key + encrypted_len, &final_len)) { 1299 SLOGE("EVP_EncryptFinal failed\n"); 1300 return -1; 1301 } 1302 1303 if (encrypted_len + final_len != KEY_LEN_BYTES) { 1304 SLOGE("EVP_Encryption length check failed with %d, %d bytes\n", encrypted_len, final_len); 1305 return -1; 1306 } 1307 1308 /* Store the scrypt of the intermediate key, so we can validate if it's a 1309 password error or mount error when things go wrong. 1310 Note there's no need to check for errors, since if this is incorrect, we 1311 simply won't wipe userdata, which is the correct default behavior 1312 */ 1313 int N = 1 << crypt_ftr->N_factor; 1314 int r = 1 << crypt_ftr->r_factor; 1315 int p = 1 << crypt_ftr->p_factor; 1316 1317 rc = crypto_scrypt(ikey, KEY_LEN_BYTES, 1318 crypt_ftr->salt, sizeof(crypt_ftr->salt), N, r, p, 1319 crypt_ftr->scrypted_intermediate_key, 1320 sizeof(crypt_ftr->scrypted_intermediate_key)); 1321 1322 if (rc) { 1323 SLOGE("encrypt_master_key: crypto_scrypt failed"); 1324 } 1325 1326 return 0; 1327} 1328 1329static int decrypt_master_key_aux(char *passwd, unsigned char *salt, 1330 unsigned char *encrypted_master_key, 1331 unsigned char *decrypted_master_key, 1332 kdf_func kdf, void *kdf_params, 1333 unsigned char** intermediate_key, 1334 size_t* intermediate_key_size) 1335{ 1336 unsigned char ikey[32+32] = { 0 }; /* Big enough to hold a 256 bit key and 256 bit IV */ 1337 EVP_CIPHER_CTX d_ctx; 1338 int decrypted_len, final_len; 1339 1340 /* Turn the password into an intermediate key and IV that can decrypt the 1341 master key */ 1342 if (kdf(passwd, salt, ikey, kdf_params)) { 1343 SLOGE("kdf failed"); 1344 return -1; 1345 } 1346 1347 /* Initialize the decryption engine */ 1348 if (! EVP_DecryptInit(&d_ctx, EVP_aes_128_cbc(), ikey, ikey+KEY_LEN_BYTES)) { 1349 return -1; 1350 } 1351 EVP_CIPHER_CTX_set_padding(&d_ctx, 0); /* Turn off padding as our data is block aligned */ 1352 /* Decrypt the master key */ 1353 if (! EVP_DecryptUpdate(&d_ctx, decrypted_master_key, &decrypted_len, 1354 encrypted_master_key, KEY_LEN_BYTES)) { 1355 return -1; 1356 } 1357 if (! EVP_DecryptFinal(&d_ctx, decrypted_master_key + decrypted_len, &final_len)) { 1358 return -1; 1359 } 1360 1361 if (decrypted_len + final_len != KEY_LEN_BYTES) { 1362 return -1; 1363 } 1364 1365 /* Copy intermediate key if needed by params */ 1366 if (intermediate_key && intermediate_key_size) { 1367 *intermediate_key = (unsigned char*) malloc(KEY_LEN_BYTES); 1368 if (intermediate_key) { 1369 memcpy(*intermediate_key, ikey, KEY_LEN_BYTES); 1370 *intermediate_key_size = KEY_LEN_BYTES; 1371 } 1372 } 1373 1374 return 0; 1375} 1376 1377static void get_kdf_func(struct crypt_mnt_ftr *ftr, kdf_func *kdf, void** kdf_params) 1378{ 1379 if (ftr->kdf_type == KDF_SCRYPT_KEYMASTER_UNPADDED || 1380 ftr->kdf_type == KDF_SCRYPT_KEYMASTER_BADLY_PADDED || 1381 ftr->kdf_type == KDF_SCRYPT_KEYMASTER) { 1382 *kdf = scrypt_keymaster; 1383 *kdf_params = ftr; 1384 } else if (ftr->kdf_type == KDF_SCRYPT) { 1385 *kdf = scrypt; 1386 *kdf_params = ftr; 1387 } else { 1388 *kdf = pbkdf2; 1389 *kdf_params = NULL; 1390 } 1391} 1392 1393static int decrypt_master_key(char *passwd, unsigned char *decrypted_master_key, 1394 struct crypt_mnt_ftr *crypt_ftr, 1395 unsigned char** intermediate_key, 1396 size_t* intermediate_key_size) 1397{ 1398 kdf_func kdf; 1399 void *kdf_params; 1400 int ret; 1401 1402 get_kdf_func(crypt_ftr, &kdf, &kdf_params); 1403 ret = decrypt_master_key_aux(passwd, crypt_ftr->salt, crypt_ftr->master_key, 1404 decrypted_master_key, kdf, kdf_params, 1405 intermediate_key, intermediate_key_size); 1406 if (ret != 0) { 1407 SLOGW("failure decrypting master key"); 1408 } 1409 1410 return ret; 1411} 1412 1413static int create_encrypted_random_key(char *passwd, unsigned char *master_key, unsigned char *salt, 1414 struct crypt_mnt_ftr *crypt_ftr) { 1415 int fd; 1416 unsigned char key_buf[KEY_LEN_BYTES]; 1417 EVP_CIPHER_CTX e_ctx; 1418 int encrypted_len, final_len; 1419 1420 /* Get some random bits for a key */ 1421 fd = open("/dev/urandom", O_RDONLY); 1422 read(fd, key_buf, sizeof(key_buf)); 1423 read(fd, salt, SALT_LEN); 1424 close(fd); 1425 1426 /* Now encrypt it with the password */ 1427 return encrypt_master_key(passwd, salt, key_buf, master_key, crypt_ftr); 1428} 1429 1430static int wait_and_unmount(char *mountpoint) 1431{ 1432 int i, err, rc; 1433#define WAIT_UNMOUNT_COUNT 20 1434 1435 /* Now umount the tmpfs filesystem */ 1436 for (i=0; i<WAIT_UNMOUNT_COUNT; i++) { 1437 if (umount(mountpoint)) { 1438 if (errno == EINVAL) { 1439 /* EINVAL is returned if the directory is not a mountpoint, 1440 * i.e. there is no filesystem mounted there. So just get out. 1441 */ 1442 break; 1443 } 1444 err = errno; 1445 sleep(1); 1446 i++; 1447 } else { 1448 break; 1449 } 1450 } 1451 1452 if (i < WAIT_UNMOUNT_COUNT) { 1453 SLOGD("unmounting %s succeeded\n", mountpoint); 1454 rc = 0; 1455 } else { 1456 vold_killProcessesWithOpenFiles(mountpoint, 0); 1457 SLOGE("unmounting %s failed: %s\n", mountpoint, strerror(err)); 1458 rc = -1; 1459 } 1460 1461 return rc; 1462} 1463 1464#define DATA_PREP_TIMEOUT 200 1465static int prep_data_fs(void) 1466{ 1467 int i; 1468 1469 /* Do the prep of the /data filesystem */ 1470 property_set("vold.post_fs_data_done", "0"); 1471 property_set("vold.decrypt", "trigger_post_fs_data"); 1472 SLOGD("Just triggered post_fs_data\n"); 1473 1474 /* Wait a max of 50 seconds, hopefully it takes much less */ 1475 for (i=0; i<DATA_PREP_TIMEOUT; i++) { 1476 char p[PROPERTY_VALUE_MAX]; 1477 1478 property_get("vold.post_fs_data_done", p, "0"); 1479 if (*p == '1') { 1480 break; 1481 } else { 1482 usleep(250000); 1483 } 1484 } 1485 if (i == DATA_PREP_TIMEOUT) { 1486 /* Ugh, we failed to prep /data in time. Bail. */ 1487 SLOGE("post_fs_data timed out!\n"); 1488 return -1; 1489 } else { 1490 SLOGD("post_fs_data done\n"); 1491 return 0; 1492 } 1493} 1494 1495static void cryptfs_set_corrupt() 1496{ 1497 // Mark the footer as bad 1498 struct crypt_mnt_ftr crypt_ftr; 1499 if (get_crypt_ftr_and_key(&crypt_ftr)) { 1500 SLOGE("Failed to get crypto footer - panic"); 1501 return; 1502 } 1503 1504 crypt_ftr.flags |= CRYPT_DATA_CORRUPT; 1505 if (put_crypt_ftr_and_key(&crypt_ftr)) { 1506 SLOGE("Failed to set crypto footer - panic"); 1507 return; 1508 } 1509} 1510 1511static void cryptfs_trigger_restart_min_framework() 1512{ 1513 if (fs_mgr_do_tmpfs_mount(DATA_MNT_POINT)) { 1514 SLOGE("Failed to mount tmpfs on data - panic"); 1515 return; 1516 } 1517 1518 if (property_set("vold.decrypt", "trigger_post_fs_data")) { 1519 SLOGE("Failed to trigger post fs data - panic"); 1520 return; 1521 } 1522 1523 if (property_set("vold.decrypt", "trigger_restart_min_framework")) { 1524 SLOGE("Failed to trigger restart min framework - panic"); 1525 return; 1526 } 1527} 1528 1529/* returns < 0 on failure */ 1530static int cryptfs_restart_internal(int restart_main) 1531{ 1532 char fs_type[32]; 1533 char real_blkdev[MAXPATHLEN]; 1534 char crypto_blkdev[MAXPATHLEN]; 1535 char fs_options[256]; 1536 unsigned long mnt_flags; 1537 struct stat statbuf; 1538 int rc = -1, i; 1539 static int restart_successful = 0; 1540 1541 /* Validate that it's OK to call this routine */ 1542 if (! master_key_saved) { 1543 SLOGE("Encrypted filesystem not validated, aborting"); 1544 return -1; 1545 } 1546 1547 if (restart_successful) { 1548 SLOGE("System already restarted with encrypted disk, aborting"); 1549 return -1; 1550 } 1551 1552 if (restart_main) { 1553 /* Here is where we shut down the framework. The init scripts 1554 * start all services in one of three classes: core, main or late_start. 1555 * On boot, we start core and main. Now, we stop main, but not core, 1556 * as core includes vold and a few other really important things that 1557 * we need to keep running. Once main has stopped, we should be able 1558 * to umount the tmpfs /data, then mount the encrypted /data. 1559 * We then restart the class main, and also the class late_start. 1560 * At the moment, I've only put a few things in late_start that I know 1561 * are not needed to bring up the framework, and that also cause problems 1562 * with unmounting the tmpfs /data, but I hope to add add more services 1563 * to the late_start class as we optimize this to decrease the delay 1564 * till the user is asked for the password to the filesystem. 1565 */ 1566 1567 /* The init files are setup to stop the class main when vold.decrypt is 1568 * set to trigger_reset_main. 1569 */ 1570 property_set("vold.decrypt", "trigger_reset_main"); 1571 SLOGD("Just asked init to shut down class main\n"); 1572 1573 /* Ugh, shutting down the framework is not synchronous, so until it 1574 * can be fixed, this horrible hack will wait a moment for it all to 1575 * shut down before proceeding. Without it, some devices cannot 1576 * restart the graphics services. 1577 */ 1578 sleep(2); 1579 } 1580 1581 /* Now that the framework is shutdown, we should be able to umount() 1582 * the tmpfs filesystem, and mount the real one. 1583 */ 1584 1585 property_get("ro.crypto.fs_crypto_blkdev", crypto_blkdev, ""); 1586 if (strlen(crypto_blkdev) == 0) { 1587 SLOGE("fs_crypto_blkdev not set\n"); 1588 return -1; 1589 } 1590 1591 if (! (rc = wait_and_unmount(DATA_MNT_POINT)) ) { 1592 /* If ro.crypto.readonly is set to 1, mount the decrypted 1593 * filesystem readonly. This is used when /data is mounted by 1594 * recovery mode. 1595 */ 1596 char ro_prop[PROPERTY_VALUE_MAX]; 1597 property_get("ro.crypto.readonly", ro_prop, ""); 1598 if (strlen(ro_prop) > 0 && atoi(ro_prop)) { 1599 struct fstab_rec* rec = fs_mgr_get_entry_for_mount_point(fstab, DATA_MNT_POINT); 1600 rec->flags |= MS_RDONLY; 1601 } 1602 1603 /* If that succeeded, then mount the decrypted filesystem */ 1604 int retries = RETRY_MOUNT_ATTEMPTS; 1605 int mount_rc; 1606 while ((mount_rc = fs_mgr_do_mount(fstab, DATA_MNT_POINT, 1607 crypto_blkdev, 0)) 1608 != 0) { 1609 if (mount_rc == FS_MGR_DOMNT_BUSY) { 1610 /* TODO: invoke something similar to 1611 Process::killProcessWithOpenFiles(DATA_MNT_POINT, 1612 retries > RETRY_MOUNT_ATTEMPT/2 ? 1 : 2 ) */ 1613 SLOGI("Failed to mount %s because it is busy - waiting", 1614 crypto_blkdev); 1615 if (--retries) { 1616 sleep(RETRY_MOUNT_DELAY_SECONDS); 1617 } else { 1618 /* Let's hope that a reboot clears away whatever is keeping 1619 the mount busy */ 1620 cryptfs_reboot(reboot); 1621 } 1622 } else { 1623 SLOGE("Failed to mount decrypted data"); 1624 cryptfs_set_corrupt(); 1625 cryptfs_trigger_restart_min_framework(); 1626 SLOGI("Started framework to offer wipe"); 1627 return -1; 1628 } 1629 } 1630 1631 property_set("vold.decrypt", "trigger_load_persist_props"); 1632 /* Create necessary paths on /data */ 1633 if (prep_data_fs()) { 1634 return -1; 1635 } 1636 1637 /* startup service classes main and late_start */ 1638 property_set("vold.decrypt", "trigger_restart_framework"); 1639 SLOGD("Just triggered restart_framework\n"); 1640 1641 /* Give it a few moments to get started */ 1642 sleep(1); 1643 } 1644 1645 if (rc == 0) { 1646 restart_successful = 1; 1647 } 1648 1649 return rc; 1650} 1651 1652int cryptfs_restart(void) 1653{ 1654 /* Call internal implementation forcing a restart of main service group */ 1655 return cryptfs_restart_internal(1); 1656} 1657 1658static int do_crypto_complete(char *mount_point UNUSED) 1659{ 1660 struct crypt_mnt_ftr crypt_ftr; 1661 char encrypted_state[PROPERTY_VALUE_MAX]; 1662 char key_loc[PROPERTY_VALUE_MAX]; 1663 1664 property_get("ro.crypto.state", encrypted_state, ""); 1665 if (strcmp(encrypted_state, "encrypted") ) { 1666 SLOGE("not running with encryption, aborting"); 1667 return CRYPTO_COMPLETE_NOT_ENCRYPTED; 1668 } 1669 1670 if (get_crypt_ftr_and_key(&crypt_ftr)) { 1671 fs_mgr_get_crypt_info(fstab, key_loc, 0, sizeof(key_loc)); 1672 1673 /* 1674 * Only report this error if key_loc is a file and it exists. 1675 * If the device was never encrypted, and /data is not mountable for 1676 * some reason, returning 1 should prevent the UI from presenting the 1677 * a "enter password" screen, or worse, a "press button to wipe the 1678 * device" screen. 1679 */ 1680 if ((key_loc[0] == '/') && (access("key_loc", F_OK) == -1)) { 1681 SLOGE("master key file does not exist, aborting"); 1682 return CRYPTO_COMPLETE_NOT_ENCRYPTED; 1683 } else { 1684 SLOGE("Error getting crypt footer and key\n"); 1685 return CRYPTO_COMPLETE_BAD_METADATA; 1686 } 1687 } 1688 1689 // Test for possible error flags 1690 if (crypt_ftr.flags & CRYPT_ENCRYPTION_IN_PROGRESS){ 1691 SLOGE("Encryption process is partway completed\n"); 1692 return CRYPTO_COMPLETE_PARTIAL; 1693 } 1694 1695 if (crypt_ftr.flags & CRYPT_INCONSISTENT_STATE){ 1696 SLOGE("Encryption process was interrupted but cannot continue\n"); 1697 return CRYPTO_COMPLETE_INCONSISTENT; 1698 } 1699 1700 if (crypt_ftr.flags & CRYPT_DATA_CORRUPT){ 1701 SLOGE("Encryption is successful but data is corrupt\n"); 1702 return CRYPTO_COMPLETE_CORRUPT; 1703 } 1704 1705 /* We passed the test! We shall diminish, and return to the west */ 1706 return CRYPTO_COMPLETE_ENCRYPTED; 1707} 1708 1709static int test_mount_encrypted_fs(struct crypt_mnt_ftr* crypt_ftr, 1710 char *passwd, char *mount_point, char *label) 1711{ 1712 /* Allocate enough space for a 256 bit key, but we may use less */ 1713 unsigned char decrypted_master_key[32]; 1714 char crypto_blkdev[MAXPATHLEN]; 1715 char real_blkdev[MAXPATHLEN]; 1716 char tmp_mount_point[64]; 1717 unsigned int orig_failed_decrypt_count; 1718 int rc; 1719 kdf_func kdf; 1720 void *kdf_params; 1721 int use_keymaster = 0; 1722 int upgrade = 0; 1723 unsigned char* intermediate_key = 0; 1724 size_t intermediate_key_size = 0; 1725 1726 SLOGD("crypt_ftr->fs_size = %lld\n", crypt_ftr->fs_size); 1727 orig_failed_decrypt_count = crypt_ftr->failed_decrypt_count; 1728 1729 if (! (crypt_ftr->flags & CRYPT_MNT_KEY_UNENCRYPTED) ) { 1730 if (decrypt_master_key(passwd, decrypted_master_key, crypt_ftr, 1731 &intermediate_key, &intermediate_key_size)) { 1732 SLOGE("Failed to decrypt master key\n"); 1733 rc = -1; 1734 goto errout; 1735 } 1736 } 1737 1738 fs_mgr_get_crypt_info(fstab, 0, real_blkdev, sizeof(real_blkdev)); 1739 1740 // Create crypto block device - all (non fatal) code paths 1741 // need it 1742 if (create_crypto_blk_dev(crypt_ftr, decrypted_master_key, 1743 real_blkdev, crypto_blkdev, label)) { 1744 SLOGE("Error creating decrypted block device\n"); 1745 rc = -1; 1746 goto errout; 1747 } 1748 1749 /* Work out if the problem is the password or the data */ 1750 unsigned char scrypted_intermediate_key[sizeof(crypt_ftr-> 1751 scrypted_intermediate_key)]; 1752 int N = 1 << crypt_ftr->N_factor; 1753 int r = 1 << crypt_ftr->r_factor; 1754 int p = 1 << crypt_ftr->p_factor; 1755 1756 rc = crypto_scrypt(intermediate_key, intermediate_key_size, 1757 crypt_ftr->salt, sizeof(crypt_ftr->salt), 1758 N, r, p, scrypted_intermediate_key, 1759 sizeof(scrypted_intermediate_key)); 1760 1761 // Does the key match the crypto footer? 1762 if (rc == 0 && memcmp(scrypted_intermediate_key, 1763 crypt_ftr->scrypted_intermediate_key, 1764 sizeof(scrypted_intermediate_key)) == 0) { 1765 SLOGI("Password matches"); 1766 rc = 0; 1767 } else { 1768 /* Try mounting the file system anyway, just in case the problem's with 1769 * the footer, not the key. */ 1770 sprintf(tmp_mount_point, "%s/tmp_mnt", mount_point); 1771 mkdir(tmp_mount_point, 0755); 1772 if (fs_mgr_do_mount(fstab, DATA_MNT_POINT, crypto_blkdev, tmp_mount_point)) { 1773 SLOGE("Error temp mounting decrypted block device\n"); 1774 delete_crypto_blk_dev(label); 1775 1776 rc = ++crypt_ftr->failed_decrypt_count; 1777 put_crypt_ftr_and_key(crypt_ftr); 1778 } else { 1779 /* Success! */ 1780 SLOGI("Password did not match but decrypted drive mounted - continue"); 1781 umount(tmp_mount_point); 1782 rc = 0; 1783 } 1784 } 1785 1786 if (rc == 0) { 1787 crypt_ftr->failed_decrypt_count = 0; 1788 1789 /* Save the name of the crypto block device 1790 * so we can mount it when restarting the framework. */ 1791 property_set("ro.crypto.fs_crypto_blkdev", crypto_blkdev); 1792 1793 /* Also save a the master key so we can reencrypted the key 1794 * the key when we want to change the password on it. */ 1795 memcpy(saved_master_key, decrypted_master_key, KEY_LEN_BYTES); 1796 saved_mount_point = strdup(mount_point); 1797 master_key_saved = 1; 1798 SLOGD("%s(): Master key saved\n", __FUNCTION__); 1799 rc = 0; 1800 1801 // Upgrade if we're not using the latest KDF. 1802 use_keymaster = keymaster_check_compatibility(); 1803 if (crypt_ftr->kdf_type == KDF_SCRYPT_KEYMASTER) { 1804 // Don't allow downgrade 1805 } else if (use_keymaster == 1 && crypt_ftr->kdf_type != KDF_SCRYPT_KEYMASTER) { 1806 crypt_ftr->kdf_type = KDF_SCRYPT_KEYMASTER; 1807 upgrade = 1; 1808 } else if (use_keymaster == 0 && crypt_ftr->kdf_type != KDF_SCRYPT) { 1809 crypt_ftr->kdf_type = KDF_SCRYPT; 1810 upgrade = 1; 1811 } 1812 1813 if (upgrade) { 1814 rc = encrypt_master_key(passwd, crypt_ftr->salt, saved_master_key, 1815 crypt_ftr->master_key, crypt_ftr); 1816 if (!rc) { 1817 rc = put_crypt_ftr_and_key(crypt_ftr); 1818 } 1819 SLOGD("Key Derivation Function upgrade: rc=%d\n", rc); 1820 1821 // Do not fail even if upgrade failed - machine is bootable 1822 // Note that if this code is ever hit, there is a *serious* problem 1823 // since KDFs should never fail. You *must* fix the kdf before 1824 // proceeding! 1825 if (rc) { 1826 SLOGW("Upgrade failed with error %d," 1827 " but continuing with previous state", 1828 rc); 1829 rc = 0; 1830 } 1831 } 1832 } 1833 1834 errout: 1835 if (intermediate_key) { 1836 memset(intermediate_key, 0, intermediate_key_size); 1837 free(intermediate_key); 1838 } 1839 return rc; 1840} 1841 1842/* Called by vold when it wants to undo the crypto mapping of a volume it 1843 * manages. This is usually in response to a factory reset, when we want 1844 * to undo the crypto mapping so the volume is formatted in the clear. 1845 */ 1846int cryptfs_revert_volume(const char *label) 1847{ 1848 return delete_crypto_blk_dev((char *)label); 1849} 1850 1851/* 1852 * Called by vold when it's asked to mount an encrypted, nonremovable volume. 1853 * Setup a dm-crypt mapping, use the saved master key from 1854 * setting up the /data mapping, and return the new device path. 1855 */ 1856int cryptfs_setup_volume(const char *label, int major, int minor, 1857 char *crypto_sys_path, unsigned int max_path, 1858 int *new_major, int *new_minor) 1859{ 1860 char real_blkdev[MAXPATHLEN], crypto_blkdev[MAXPATHLEN]; 1861 struct crypt_mnt_ftr sd_crypt_ftr; 1862 struct stat statbuf; 1863 int nr_sec, fd; 1864 1865 sprintf(real_blkdev, "/dev/block/vold/%d:%d", major, minor); 1866 1867 get_crypt_ftr_and_key(&sd_crypt_ftr); 1868 1869 /* Update the fs_size field to be the size of the volume */ 1870 fd = open(real_blkdev, O_RDONLY); 1871 nr_sec = get_blkdev_size(fd); 1872 close(fd); 1873 if (nr_sec == 0) { 1874 SLOGE("Cannot get size of volume %s\n", real_blkdev); 1875 return -1; 1876 } 1877 1878 sd_crypt_ftr.fs_size = nr_sec; 1879 create_crypto_blk_dev(&sd_crypt_ftr, saved_master_key, real_blkdev, 1880 crypto_blkdev, label); 1881 1882 stat(crypto_blkdev, &statbuf); 1883 *new_major = MAJOR(statbuf.st_rdev); 1884 *new_minor = MINOR(statbuf.st_rdev); 1885 1886 /* Create path to sys entry for this block device */ 1887 snprintf(crypto_sys_path, max_path, "/devices/virtual/block/%s", strrchr(crypto_blkdev, '/')+1); 1888 1889 return 0; 1890} 1891 1892int cryptfs_crypto_complete(void) 1893{ 1894 return do_crypto_complete("/data"); 1895} 1896 1897int check_unmounted_and_get_ftr(struct crypt_mnt_ftr* crypt_ftr) 1898{ 1899 char encrypted_state[PROPERTY_VALUE_MAX]; 1900 property_get("ro.crypto.state", encrypted_state, ""); 1901 if ( master_key_saved || strcmp(encrypted_state, "encrypted") ) { 1902 SLOGE("encrypted fs already validated or not running with encryption," 1903 " aborting"); 1904 return -1; 1905 } 1906 1907 if (get_crypt_ftr_and_key(crypt_ftr)) { 1908 SLOGE("Error getting crypt footer and key"); 1909 return -1; 1910 } 1911 1912 return 0; 1913} 1914 1915int cryptfs_check_passwd(char *passwd) 1916{ 1917 struct crypt_mnt_ftr crypt_ftr; 1918 int rc; 1919 1920 rc = check_unmounted_and_get_ftr(&crypt_ftr); 1921 if (rc) 1922 return rc; 1923 1924 rc = test_mount_encrypted_fs(&crypt_ftr, passwd, 1925 DATA_MNT_POINT, "userdata"); 1926 1927 if (rc == 0 && crypt_ftr.crypt_type != CRYPT_TYPE_DEFAULT) { 1928 cryptfs_clear_password(); 1929 password = strdup(passwd); 1930 struct timespec now; 1931 clock_gettime(CLOCK_BOOTTIME, &now); 1932 password_expiry_time = now.tv_sec + password_max_age_seconds; 1933 } 1934 1935 return rc; 1936} 1937 1938int cryptfs_verify_passwd(char *passwd) 1939{ 1940 struct crypt_mnt_ftr crypt_ftr; 1941 /* Allocate enough space for a 256 bit key, but we may use less */ 1942 unsigned char decrypted_master_key[32]; 1943 char encrypted_state[PROPERTY_VALUE_MAX]; 1944 int rc; 1945 1946 property_get("ro.crypto.state", encrypted_state, ""); 1947 if (strcmp(encrypted_state, "encrypted") ) { 1948 SLOGE("device not encrypted, aborting"); 1949 return -2; 1950 } 1951 1952 if (!master_key_saved) { 1953 SLOGE("encrypted fs not yet mounted, aborting"); 1954 return -1; 1955 } 1956 1957 if (!saved_mount_point) { 1958 SLOGE("encrypted fs failed to save mount point, aborting"); 1959 return -1; 1960 } 1961 1962 if (get_crypt_ftr_and_key(&crypt_ftr)) { 1963 SLOGE("Error getting crypt footer and key\n"); 1964 return -1; 1965 } 1966 1967 if (crypt_ftr.flags & CRYPT_MNT_KEY_UNENCRYPTED) { 1968 /* If the device has no password, then just say the password is valid */ 1969 rc = 0; 1970 } else { 1971 decrypt_master_key(passwd, decrypted_master_key, &crypt_ftr, 0, 0); 1972 if (!memcmp(decrypted_master_key, saved_master_key, crypt_ftr.keysize)) { 1973 /* They match, the password is correct */ 1974 rc = 0; 1975 } else { 1976 /* If incorrect, sleep for a bit to prevent dictionary attacks */ 1977 sleep(1); 1978 rc = 1; 1979 } 1980 } 1981 1982 return rc; 1983} 1984 1985/* Initialize a crypt_mnt_ftr structure. The keysize is 1986 * defaulted to 16 bytes, and the filesystem size to 0. 1987 * Presumably, at a minimum, the caller will update the 1988 * filesystem size and crypto_type_name after calling this function. 1989 */ 1990static int cryptfs_init_crypt_mnt_ftr(struct crypt_mnt_ftr *ftr) 1991{ 1992 off64_t off; 1993 1994 memset(ftr, 0, sizeof(struct crypt_mnt_ftr)); 1995 ftr->magic = CRYPT_MNT_MAGIC; 1996 ftr->major_version = CURRENT_MAJOR_VERSION; 1997 ftr->minor_version = CURRENT_MINOR_VERSION; 1998 ftr->ftr_size = sizeof(struct crypt_mnt_ftr); 1999 ftr->keysize = KEY_LEN_BYTES; 2000 2001 switch (keymaster_check_compatibility()) { 2002 case 1: 2003 ftr->kdf_type = KDF_SCRYPT_KEYMASTER; 2004 break; 2005 2006 case 0: 2007 ftr->kdf_type = KDF_SCRYPT; 2008 break; 2009 2010 default: 2011 SLOGE("keymaster_check_compatibility failed"); 2012 return -1; 2013 } 2014 2015 get_device_scrypt_params(ftr); 2016 2017 ftr->persist_data_size = CRYPT_PERSIST_DATA_SIZE; 2018 if (get_crypt_ftr_info(NULL, &off) == 0) { 2019 ftr->persist_data_offset[0] = off + CRYPT_FOOTER_TO_PERSIST_OFFSET; 2020 ftr->persist_data_offset[1] = off + CRYPT_FOOTER_TO_PERSIST_OFFSET + 2021 ftr->persist_data_size; 2022 } 2023 2024 return 0; 2025} 2026 2027static int cryptfs_enable_wipe(char *crypto_blkdev, off64_t size, int type) 2028{ 2029 const char *args[10]; 2030 char size_str[32]; /* Must be large enough to hold a %lld and null byte */ 2031 int num_args; 2032 int status; 2033 int tmp; 2034 int rc = -1; 2035 2036 if (type == EXT4_FS) { 2037 args[0] = "/system/bin/make_ext4fs"; 2038 args[1] = "-a"; 2039 args[2] = "/data"; 2040 args[3] = "-l"; 2041 snprintf(size_str, sizeof(size_str), "%" PRId64, size * 512); 2042 args[4] = size_str; 2043 args[5] = crypto_blkdev; 2044 num_args = 6; 2045 SLOGI("Making empty filesystem with command %s %s %s %s %s %s\n", 2046 args[0], args[1], args[2], args[3], args[4], args[5]); 2047 } else if (type == F2FS_FS) { 2048 args[0] = "/system/bin/mkfs.f2fs"; 2049 args[1] = "-t"; 2050 args[2] = "-d1"; 2051 args[3] = crypto_blkdev; 2052 snprintf(size_str, sizeof(size_str), "%" PRId64, size); 2053 args[4] = size_str; 2054 num_args = 5; 2055 SLOGI("Making empty filesystem with command %s %s %s %s %s\n", 2056 args[0], args[1], args[2], args[3], args[4]); 2057 } else { 2058 SLOGE("cryptfs_enable_wipe(): unknown filesystem type %d\n", type); 2059 return -1; 2060 } 2061 2062 tmp = android_fork_execvp(num_args, (char **)args, &status, false, true); 2063 2064 if (tmp != 0) { 2065 SLOGE("Error creating empty filesystem on %s due to logwrap error\n", crypto_blkdev); 2066 } else { 2067 if (WIFEXITED(status)) { 2068 if (WEXITSTATUS(status)) { 2069 SLOGE("Error creating filesystem on %s, exit status %d ", 2070 crypto_blkdev, WEXITSTATUS(status)); 2071 } else { 2072 SLOGD("Successfully created filesystem on %s\n", crypto_blkdev); 2073 rc = 0; 2074 } 2075 } else { 2076 SLOGE("Error creating filesystem on %s, did not exit normally\n", crypto_blkdev); 2077 } 2078 } 2079 2080 return rc; 2081} 2082 2083#define CRYPT_INPLACE_BUFSIZE 4096 2084#define CRYPT_SECTORS_PER_BUFSIZE (CRYPT_INPLACE_BUFSIZE / CRYPT_SECTOR_SIZE) 2085#define CRYPT_SECTOR_SIZE 512 2086 2087/* aligned 32K writes tends to make flash happy. 2088 * SD card association recommends it. 2089 */ 2090#define BLOCKS_AT_A_TIME 8 2091 2092struct encryptGroupsData 2093{ 2094 int realfd; 2095 int cryptofd; 2096 off64_t numblocks; 2097 off64_t one_pct, cur_pct, new_pct; 2098 off64_t blocks_already_done, tot_numblocks; 2099 off64_t used_blocks_already_done, tot_used_blocks; 2100 char* real_blkdev, * crypto_blkdev; 2101 int count; 2102 off64_t offset; 2103 char* buffer; 2104 off64_t last_written_sector; 2105 int completed; 2106 time_t time_started; 2107 int remaining_time; 2108}; 2109 2110static void update_progress(struct encryptGroupsData* data, int is_used) 2111{ 2112 data->blocks_already_done++; 2113 2114 if (is_used) { 2115 data->used_blocks_already_done++; 2116 } 2117 if (data->tot_used_blocks) { 2118 data->new_pct = data->used_blocks_already_done / data->one_pct; 2119 } else { 2120 data->new_pct = data->blocks_already_done / data->one_pct; 2121 } 2122 2123 if (data->new_pct > data->cur_pct) { 2124 char buf[8]; 2125 data->cur_pct = data->new_pct; 2126 snprintf(buf, sizeof(buf), "%" PRId64, data->cur_pct); 2127 property_set("vold.encrypt_progress", buf); 2128 } 2129 2130 if (data->cur_pct >= 5) { 2131 struct timespec time_now; 2132 if (clock_gettime(CLOCK_MONOTONIC, &time_now)) { 2133 SLOGW("Error getting time"); 2134 } else { 2135 double elapsed_time = difftime(time_now.tv_sec, data->time_started); 2136 off64_t remaining_blocks = data->tot_used_blocks 2137 - data->used_blocks_already_done; 2138 int remaining_time = (int)(elapsed_time * remaining_blocks 2139 / data->used_blocks_already_done); 2140 2141 // Change time only if not yet set, lower, or a lot higher for 2142 // best user experience 2143 if (data->remaining_time == -1 2144 || remaining_time < data->remaining_time 2145 || remaining_time > data->remaining_time + 60) { 2146 char buf[8]; 2147 snprintf(buf, sizeof(buf), "%d", remaining_time); 2148 property_set("vold.encrypt_time_remaining", buf); 2149 data->remaining_time = remaining_time; 2150 } 2151 } 2152 } 2153} 2154 2155static void log_progress(struct encryptGroupsData const* data, bool completed) 2156{ 2157 // Precondition - if completed data = 0 else data != 0 2158 2159 // Track progress so we can skip logging blocks 2160 static off64_t offset = -1; 2161 2162 // Need to close existing 'Encrypting from' log? 2163 if (completed || (offset != -1 && data->offset != offset)) { 2164 SLOGI("Encrypted to sector %" PRId64, 2165 offset / info.block_size * CRYPT_SECTOR_SIZE); 2166 offset = -1; 2167 } 2168 2169 // Need to start new 'Encrypting from' log? 2170 if (!completed && offset != data->offset) { 2171 SLOGI("Encrypting from sector %" PRId64, 2172 data->offset / info.block_size * CRYPT_SECTOR_SIZE); 2173 } 2174 2175 // Update offset 2176 if (!completed) { 2177 offset = data->offset + (off64_t)data->count * info.block_size; 2178 } 2179} 2180 2181static int flush_outstanding_data(struct encryptGroupsData* data) 2182{ 2183 if (data->count == 0) { 2184 return 0; 2185 } 2186 2187 SLOGV("Copying %d blocks at offset %" PRIx64, data->count, data->offset); 2188 2189 if (pread64(data->realfd, data->buffer, 2190 info.block_size * data->count, data->offset) 2191 <= 0) { 2192 SLOGE("Error reading real_blkdev %s for inplace encrypt", 2193 data->real_blkdev); 2194 return -1; 2195 } 2196 2197 if (pwrite64(data->cryptofd, data->buffer, 2198 info.block_size * data->count, data->offset) 2199 <= 0) { 2200 SLOGE("Error writing crypto_blkdev %s for inplace encrypt", 2201 data->crypto_blkdev); 2202 return -1; 2203 } else { 2204 log_progress(data, false); 2205 } 2206 2207 data->count = 0; 2208 data->last_written_sector = (data->offset + data->count) 2209 / info.block_size * CRYPT_SECTOR_SIZE - 1; 2210 return 0; 2211} 2212 2213static int encrypt_groups(struct encryptGroupsData* data) 2214{ 2215 unsigned int i; 2216 u8 *block_bitmap = 0; 2217 unsigned int block; 2218 off64_t ret; 2219 int rc = -1; 2220 2221 data->buffer = malloc(info.block_size * BLOCKS_AT_A_TIME); 2222 if (!data->buffer) { 2223 SLOGE("Failed to allocate crypto buffer"); 2224 goto errout; 2225 } 2226 2227 block_bitmap = malloc(info.block_size); 2228 if (!block_bitmap) { 2229 SLOGE("failed to allocate block bitmap"); 2230 goto errout; 2231 } 2232 2233 for (i = 0; i < aux_info.groups; ++i) { 2234 SLOGI("Encrypting group %d", i); 2235 2236 u32 first_block = aux_info.first_data_block + i * info.blocks_per_group; 2237 u32 block_count = min(info.blocks_per_group, 2238 aux_info.len_blocks - first_block); 2239 2240 off64_t offset = (u64)info.block_size 2241 * aux_info.bg_desc[i].bg_block_bitmap; 2242 2243 ret = pread64(data->realfd, block_bitmap, info.block_size, offset); 2244 if (ret != (int)info.block_size) { 2245 SLOGE("failed to read all of block group bitmap %d", i); 2246 goto errout; 2247 } 2248 2249 offset = (u64)info.block_size * first_block; 2250 2251 data->count = 0; 2252 2253 for (block = 0; block < block_count; block++) { 2254 int used = bitmap_get_bit(block_bitmap, block); 2255 update_progress(data, used); 2256 if (used) { 2257 if (data->count == 0) { 2258 data->offset = offset; 2259 } 2260 data->count++; 2261 } else { 2262 if (flush_outstanding_data(data)) { 2263 goto errout; 2264 } 2265 } 2266 2267 offset += info.block_size; 2268 2269 /* Write data if we are aligned or buffer size reached */ 2270 if (offset % (info.block_size * BLOCKS_AT_A_TIME) == 0 2271 || data->count == BLOCKS_AT_A_TIME) { 2272 if (flush_outstanding_data(data)) { 2273 goto errout; 2274 } 2275 } 2276 2277 if (!is_battery_ok_to_continue()) { 2278 SLOGE("Stopping encryption due to low battery"); 2279 rc = 0; 2280 goto errout; 2281 } 2282 2283 } 2284 if (flush_outstanding_data(data)) { 2285 goto errout; 2286 } 2287 } 2288 2289 data->completed = 1; 2290 rc = 0; 2291 2292errout: 2293 log_progress(0, true); 2294 free(data->buffer); 2295 free(block_bitmap); 2296 return rc; 2297} 2298 2299static int cryptfs_enable_inplace_ext4(char *crypto_blkdev, 2300 char *real_blkdev, 2301 off64_t size, 2302 off64_t *size_already_done, 2303 off64_t tot_size, 2304 off64_t previously_encrypted_upto) 2305{ 2306 u32 i; 2307 struct encryptGroupsData data; 2308 int rc; // Can't initialize without causing warning -Wclobbered 2309 2310 if (previously_encrypted_upto > *size_already_done) { 2311 SLOGD("Not fast encrypting since resuming part way through"); 2312 return -1; 2313 } 2314 2315 memset(&data, 0, sizeof(data)); 2316 data.real_blkdev = real_blkdev; 2317 data.crypto_blkdev = crypto_blkdev; 2318 2319 if ( (data.realfd = open(real_blkdev, O_RDWR)) < 0) { 2320 SLOGE("Error opening real_blkdev %s for inplace encrypt\n", 2321 real_blkdev); 2322 rc = -1; 2323 goto errout; 2324 } 2325 2326 if ( (data.cryptofd = open(crypto_blkdev, O_WRONLY)) < 0) { 2327 SLOGE("Error opening crypto_blkdev %s for inplace encrypt\n", 2328 crypto_blkdev); 2329 rc = -1; 2330 goto errout; 2331 } 2332 2333 if (setjmp(setjmp_env)) { 2334 SLOGE("Reading extent caused an exception"); 2335 rc = -1; 2336 goto errout; 2337 } 2338 2339 if (read_ext(data.realfd, 0) != 0) { 2340 SLOGE("Failed to read extent"); 2341 rc = -1; 2342 goto errout; 2343 } 2344 2345 data.numblocks = size / CRYPT_SECTORS_PER_BUFSIZE; 2346 data.tot_numblocks = tot_size / CRYPT_SECTORS_PER_BUFSIZE; 2347 data.blocks_already_done = *size_already_done / CRYPT_SECTORS_PER_BUFSIZE; 2348 2349 SLOGI("Encrypting filesystem in place..."); 2350 2351 data.tot_used_blocks = data.numblocks; 2352 for (i = 0; i < aux_info.groups; ++i) { 2353 data.tot_used_blocks -= aux_info.bg_desc[i].bg_free_blocks_count; 2354 } 2355 2356 data.one_pct = data.tot_used_blocks / 100; 2357 data.cur_pct = 0; 2358 2359 struct timespec time_started = {0}; 2360 if (clock_gettime(CLOCK_MONOTONIC, &time_started)) { 2361 SLOGW("Error getting time at start"); 2362 // Note - continue anyway - we'll run with 0 2363 } 2364 data.time_started = time_started.tv_sec; 2365 data.remaining_time = -1; 2366 2367 rc = encrypt_groups(&data); 2368 if (rc) { 2369 SLOGE("Error encrypting groups"); 2370 goto errout; 2371 } 2372 2373 *size_already_done += data.completed ? size : data.last_written_sector; 2374 rc = 0; 2375 2376errout: 2377 close(data.realfd); 2378 close(data.cryptofd); 2379 2380 return rc; 2381} 2382 2383static void log_progress_f2fs(u64 block, bool completed) 2384{ 2385 // Precondition - if completed data = 0 else data != 0 2386 2387 // Track progress so we can skip logging blocks 2388 static u64 last_block = (u64)-1; 2389 2390 // Need to close existing 'Encrypting from' log? 2391 if (completed || (last_block != (u64)-1 && block != last_block + 1)) { 2392 SLOGI("Encrypted to block %" PRId64, last_block); 2393 last_block = -1; 2394 } 2395 2396 // Need to start new 'Encrypting from' log? 2397 if (!completed && (last_block == (u64)-1 || block != last_block + 1)) { 2398 SLOGI("Encrypting from block %" PRId64, block); 2399 } 2400 2401 // Update offset 2402 if (!completed) { 2403 last_block = block; 2404 } 2405} 2406 2407static int encrypt_one_block_f2fs(u64 pos, void *data) 2408{ 2409 struct encryptGroupsData *priv_dat = (struct encryptGroupsData *)data; 2410 2411 priv_dat->blocks_already_done = pos - 1; 2412 update_progress(priv_dat, 1); 2413 2414 off64_t offset = pos * CRYPT_INPLACE_BUFSIZE; 2415 2416 if (pread64(priv_dat->realfd, priv_dat->buffer, CRYPT_INPLACE_BUFSIZE, offset) <= 0) { 2417 SLOGE("Error reading real_blkdev %s for inplace encrypt", priv_dat->crypto_blkdev); 2418 return -1; 2419 } 2420 2421 if (pwrite64(priv_dat->cryptofd, priv_dat->buffer, CRYPT_INPLACE_BUFSIZE, offset) <= 0) { 2422 SLOGE("Error writing crypto_blkdev %s for inplace encrypt", priv_dat->crypto_blkdev); 2423 return -1; 2424 } else { 2425 log_progress_f2fs(pos, false); 2426 } 2427 2428 return 0; 2429} 2430 2431static int cryptfs_enable_inplace_f2fs(char *crypto_blkdev, 2432 char *real_blkdev, 2433 off64_t size, 2434 off64_t *size_already_done, 2435 off64_t tot_size, 2436 off64_t previously_encrypted_upto) 2437{ 2438 u32 i; 2439 struct encryptGroupsData data; 2440 struct f2fs_info *f2fs_info = NULL; 2441 int rc = -1; 2442 if (previously_encrypted_upto > *size_already_done) { 2443 SLOGD("Not fast encrypting since resuming part way through"); 2444 return -1; 2445 } 2446 memset(&data, 0, sizeof(data)); 2447 data.real_blkdev = real_blkdev; 2448 data.crypto_blkdev = crypto_blkdev; 2449 data.realfd = -1; 2450 data.cryptofd = -1; 2451 if ( (data.realfd = open64(real_blkdev, O_RDWR)) < 0) { 2452 SLOGE("Error opening real_blkdev %s for inplace encrypt\n", 2453 real_blkdev); 2454 goto errout; 2455 } 2456 if ( (data.cryptofd = open64(crypto_blkdev, O_WRONLY)) < 0) { 2457 SLOGE("Error opening crypto_blkdev %s for inplace encrypt\n", 2458 crypto_blkdev); 2459 goto errout; 2460 } 2461 2462 f2fs_info = generate_f2fs_info(data.realfd); 2463 if (!f2fs_info) 2464 goto errout; 2465 2466 data.numblocks = size / CRYPT_SECTORS_PER_BUFSIZE; 2467 data.tot_numblocks = tot_size / CRYPT_SECTORS_PER_BUFSIZE; 2468 data.blocks_already_done = *size_already_done / CRYPT_SECTORS_PER_BUFSIZE; 2469 2470 data.tot_used_blocks = get_num_blocks_used(f2fs_info); 2471 2472 data.one_pct = data.tot_used_blocks / 100; 2473 data.cur_pct = 0; 2474 data.time_started = time(NULL); 2475 data.remaining_time = -1; 2476 2477 data.buffer = malloc(f2fs_info->block_size); 2478 if (!data.buffer) { 2479 SLOGE("Failed to allocate crypto buffer"); 2480 goto errout; 2481 } 2482 2483 data.count = 0; 2484 2485 /* Currently, this either runs to completion, or hits a nonrecoverable error */ 2486 rc = run_on_used_blocks(data.blocks_already_done, f2fs_info, &encrypt_one_block_f2fs, &data); 2487 2488 if (rc) { 2489 SLOGE("Error in running over blocks"); 2490 goto errout; 2491 } 2492 2493 *size_already_done += size; 2494 rc = 0; 2495 2496errout: 2497 if (rc) 2498 SLOGE("Failed to encrypt f2fs filesystem on %s", real_blkdev); 2499 2500 log_progress_f2fs(0, true); 2501 free(f2fs_info); 2502 free(data.buffer); 2503 close(data.realfd); 2504 close(data.cryptofd); 2505 2506 return rc; 2507} 2508 2509static int cryptfs_enable_inplace_full(char *crypto_blkdev, char *real_blkdev, 2510 off64_t size, off64_t *size_already_done, 2511 off64_t tot_size, 2512 off64_t previously_encrypted_upto) 2513{ 2514 int realfd, cryptofd; 2515 char *buf[CRYPT_INPLACE_BUFSIZE]; 2516 int rc = -1; 2517 off64_t numblocks, i, remainder; 2518 off64_t one_pct, cur_pct, new_pct; 2519 off64_t blocks_already_done, tot_numblocks; 2520 2521 if ( (realfd = open(real_blkdev, O_RDONLY)) < 0) { 2522 SLOGE("Error opening real_blkdev %s for inplace encrypt\n", real_blkdev); 2523 return -1; 2524 } 2525 2526 if ( (cryptofd = open(crypto_blkdev, O_WRONLY)) < 0) { 2527 SLOGE("Error opening crypto_blkdev %s for inplace encrypt\n", crypto_blkdev); 2528 close(realfd); 2529 return -1; 2530 } 2531 2532 /* This is pretty much a simple loop of reading 4K, and writing 4K. 2533 * The size passed in is the number of 512 byte sectors in the filesystem. 2534 * So compute the number of whole 4K blocks we should read/write, 2535 * and the remainder. 2536 */ 2537 numblocks = size / CRYPT_SECTORS_PER_BUFSIZE; 2538 remainder = size % CRYPT_SECTORS_PER_BUFSIZE; 2539 tot_numblocks = tot_size / CRYPT_SECTORS_PER_BUFSIZE; 2540 blocks_already_done = *size_already_done / CRYPT_SECTORS_PER_BUFSIZE; 2541 2542 SLOGE("Encrypting filesystem in place..."); 2543 2544 i = previously_encrypted_upto + 1 - *size_already_done; 2545 2546 if (lseek64(realfd, i * CRYPT_SECTOR_SIZE, SEEK_SET) < 0) { 2547 SLOGE("Cannot seek to previously encrypted point on %s", real_blkdev); 2548 goto errout; 2549 } 2550 2551 if (lseek64(cryptofd, i * CRYPT_SECTOR_SIZE, SEEK_SET) < 0) { 2552 SLOGE("Cannot seek to previously encrypted point on %s", crypto_blkdev); 2553 goto errout; 2554 } 2555 2556 for (;i < size && i % CRYPT_SECTORS_PER_BUFSIZE != 0; ++i) { 2557 if (unix_read(realfd, buf, CRYPT_SECTOR_SIZE) <= 0) { 2558 SLOGE("Error reading initial sectors from real_blkdev %s for " 2559 "inplace encrypt\n", crypto_blkdev); 2560 goto errout; 2561 } 2562 if (unix_write(cryptofd, buf, CRYPT_SECTOR_SIZE) <= 0) { 2563 SLOGE("Error writing initial sectors to crypto_blkdev %s for " 2564 "inplace encrypt\n", crypto_blkdev); 2565 goto errout; 2566 } else { 2567 SLOGI("Encrypted 1 block at %" PRId64, i); 2568 } 2569 } 2570 2571 one_pct = tot_numblocks / 100; 2572 cur_pct = 0; 2573 /* process the majority of the filesystem in blocks */ 2574 for (i/=CRYPT_SECTORS_PER_BUFSIZE; i<numblocks; i++) { 2575 new_pct = (i + blocks_already_done) / one_pct; 2576 if (new_pct > cur_pct) { 2577 char buf[8]; 2578 2579 cur_pct = new_pct; 2580 snprintf(buf, sizeof(buf), "%" PRId64, cur_pct); 2581 property_set("vold.encrypt_progress", buf); 2582 } 2583 if (unix_read(realfd, buf, CRYPT_INPLACE_BUFSIZE) <= 0) { 2584 SLOGE("Error reading real_blkdev %s for inplace encrypt", crypto_blkdev); 2585 goto errout; 2586 } 2587 if (unix_write(cryptofd, buf, CRYPT_INPLACE_BUFSIZE) <= 0) { 2588 SLOGE("Error writing crypto_blkdev %s for inplace encrypt", crypto_blkdev); 2589 goto errout; 2590 } else { 2591 SLOGD("Encrypted %d block at %" PRId64, 2592 CRYPT_SECTORS_PER_BUFSIZE, 2593 i * CRYPT_SECTORS_PER_BUFSIZE); 2594 } 2595 2596 if (!is_battery_ok_to_continue()) { 2597 SLOGE("Stopping encryption due to low battery"); 2598 *size_already_done += (i + 1) * CRYPT_SECTORS_PER_BUFSIZE - 1; 2599 rc = 0; 2600 goto errout; 2601 } 2602 } 2603 2604 /* Do any remaining sectors */ 2605 for (i=0; i<remainder; i++) { 2606 if (unix_read(realfd, buf, CRYPT_SECTOR_SIZE) <= 0) { 2607 SLOGE("Error reading final sectors from real_blkdev %s for inplace encrypt", crypto_blkdev); 2608 goto errout; 2609 } 2610 if (unix_write(cryptofd, buf, CRYPT_SECTOR_SIZE) <= 0) { 2611 SLOGE("Error writing final sectors to crypto_blkdev %s for inplace encrypt", crypto_blkdev); 2612 goto errout; 2613 } else { 2614 SLOGI("Encrypted 1 block at next location"); 2615 } 2616 } 2617 2618 *size_already_done += size; 2619 rc = 0; 2620 2621errout: 2622 close(realfd); 2623 close(cryptofd); 2624 2625 return rc; 2626} 2627 2628static int cryptfs_enable_inplace(char *crypto_blkdev, char *real_blkdev, 2629 off64_t size, off64_t *size_already_done, 2630 off64_t tot_size, 2631 off64_t previously_encrypted_upto) 2632{ 2633 if (previously_encrypted_upto) { 2634 SLOGD("Continuing encryption from %" PRId64, previously_encrypted_upto); 2635 } 2636 2637 if (*size_already_done + size < previously_encrypted_upto) { 2638 *size_already_done += size; 2639 return 0; 2640 } 2641 2642 /* TODO: identify filesystem type. 2643 * As is, cryptfs_enable_inplace_ext4 will fail on an f2fs partition, and 2644 * then we will drop down to cryptfs_enable_inplace_f2fs. 2645 * */ 2646 if (cryptfs_enable_inplace_ext4(crypto_blkdev, real_blkdev, 2647 size, size_already_done, 2648 tot_size, previously_encrypted_upto) == 0) { 2649 return 0; 2650 } 2651 2652 if (cryptfs_enable_inplace_f2fs(crypto_blkdev, real_blkdev, 2653 size, size_already_done, 2654 tot_size, previously_encrypted_upto) == 0) { 2655 return 0; 2656 } 2657 2658 return cryptfs_enable_inplace_full(crypto_blkdev, real_blkdev, 2659 size, size_already_done, tot_size, 2660 previously_encrypted_upto); 2661} 2662 2663#define CRYPTO_ENABLE_WIPE 1 2664#define CRYPTO_ENABLE_INPLACE 2 2665 2666#define FRAMEWORK_BOOT_WAIT 60 2667 2668static inline int should_encrypt(struct volume_info *volume) 2669{ 2670 return (volume->flags & (VOL_ENCRYPTABLE | VOL_NONREMOVABLE)) == 2671 (VOL_ENCRYPTABLE | VOL_NONREMOVABLE); 2672} 2673 2674static int cryptfs_SHA256_fileblock(const char* filename, __le8* buf) 2675{ 2676 int fd = open(filename, O_RDONLY); 2677 if (fd == -1) { 2678 SLOGE("Error opening file %s", filename); 2679 return -1; 2680 } 2681 2682 char block[CRYPT_INPLACE_BUFSIZE]; 2683 memset(block, 0, sizeof(block)); 2684 if (unix_read(fd, block, sizeof(block)) < 0) { 2685 SLOGE("Error reading file %s", filename); 2686 close(fd); 2687 return -1; 2688 } 2689 2690 close(fd); 2691 2692 SHA256_CTX c; 2693 SHA256_Init(&c); 2694 SHA256_Update(&c, block, sizeof(block)); 2695 SHA256_Final(buf, &c); 2696 2697 return 0; 2698} 2699 2700static int get_fs_type(struct fstab_rec *rec) 2701{ 2702 if (!strcmp(rec->fs_type, "ext4")) { 2703 return EXT4_FS; 2704 } else if (!strcmp(rec->fs_type, "f2fs")) { 2705 return F2FS_FS; 2706 } else { 2707 return -1; 2708 } 2709} 2710 2711static int cryptfs_enable_all_volumes(struct crypt_mnt_ftr *crypt_ftr, int how, 2712 char *crypto_blkdev, char *real_blkdev, 2713 int previously_encrypted_upto) 2714{ 2715 off64_t cur_encryption_done=0, tot_encryption_size=0; 2716 int i, rc = -1; 2717 2718 if (!is_battery_ok_to_start()) { 2719 SLOGW("Not starting encryption due to low battery"); 2720 return 0; 2721 } 2722 2723 /* The size of the userdata partition, and add in the vold volumes below */ 2724 tot_encryption_size = crypt_ftr->fs_size; 2725 2726 if (how == CRYPTO_ENABLE_WIPE) { 2727 struct fstab_rec* rec = fs_mgr_get_entry_for_mount_point(fstab, DATA_MNT_POINT); 2728 int fs_type = get_fs_type(rec); 2729 if (fs_type < 0) { 2730 SLOGE("cryptfs_enable: unsupported fs type %s\n", rec->fs_type); 2731 return -1; 2732 } 2733 rc = cryptfs_enable_wipe(crypto_blkdev, crypt_ftr->fs_size, fs_type); 2734 } else if (how == CRYPTO_ENABLE_INPLACE) { 2735 rc = cryptfs_enable_inplace(crypto_blkdev, real_blkdev, 2736 crypt_ftr->fs_size, &cur_encryption_done, 2737 tot_encryption_size, 2738 previously_encrypted_upto); 2739 2740 if (!rc) { 2741 crypt_ftr->encrypted_upto = cur_encryption_done; 2742 } 2743 2744 if (!rc && crypt_ftr->encrypted_upto == crypt_ftr->fs_size) { 2745 /* The inplace routine never actually sets the progress to 100% due 2746 * to the round down nature of integer division, so set it here */ 2747 property_set("vold.encrypt_progress", "100"); 2748 } 2749 } else { 2750 /* Shouldn't happen */ 2751 SLOGE("cryptfs_enable: internal error, unknown option\n"); 2752 rc = -1; 2753 } 2754 2755 return rc; 2756} 2757 2758int cryptfs_enable_internal(char *howarg, int crypt_type, char *passwd, 2759 int allow_reboot) 2760{ 2761 int how = 0; 2762 char crypto_blkdev[MAXPATHLEN], real_blkdev[MAXPATHLEN]; 2763 unsigned long nr_sec; 2764 unsigned char decrypted_master_key[KEY_LEN_BYTES]; 2765 int rc=-1, fd, i, ret; 2766 struct crypt_mnt_ftr crypt_ftr; 2767 struct crypt_persist_data *pdata; 2768 char encrypted_state[PROPERTY_VALUE_MAX]; 2769 char lockid[32] = { 0 }; 2770 char key_loc[PROPERTY_VALUE_MAX]; 2771 char fuse_sdcard[PROPERTY_VALUE_MAX]; 2772 char *sd_mnt_point; 2773 int num_vols; 2774 struct volume_info *vol_list = 0; 2775 off64_t previously_encrypted_upto = 0; 2776 2777 if (!strcmp(howarg, "wipe")) { 2778 how = CRYPTO_ENABLE_WIPE; 2779 } else if (! strcmp(howarg, "inplace")) { 2780 how = CRYPTO_ENABLE_INPLACE; 2781 } else { 2782 /* Shouldn't happen, as CommandListener vets the args */ 2783 goto error_unencrypted; 2784 } 2785 2786 /* See if an encryption was underway and interrupted */ 2787 if (how == CRYPTO_ENABLE_INPLACE 2788 && get_crypt_ftr_and_key(&crypt_ftr) == 0 2789 && (crypt_ftr.flags & CRYPT_ENCRYPTION_IN_PROGRESS)) { 2790 previously_encrypted_upto = crypt_ftr.encrypted_upto; 2791 crypt_ftr.encrypted_upto = 0; 2792 crypt_ftr.flags &= ~CRYPT_ENCRYPTION_IN_PROGRESS; 2793 2794 /* At this point, we are in an inconsistent state. Until we successfully 2795 complete encryption, a reboot will leave us broken. So mark the 2796 encryption failed in case that happens. 2797 On successfully completing encryption, remove this flag */ 2798 crypt_ftr.flags |= CRYPT_INCONSISTENT_STATE; 2799 2800 put_crypt_ftr_and_key(&crypt_ftr); 2801 } 2802 2803 property_get("ro.crypto.state", encrypted_state, ""); 2804 if (!strcmp(encrypted_state, "encrypted") && !previously_encrypted_upto) { 2805 SLOGE("Device is already running encrypted, aborting"); 2806 goto error_unencrypted; 2807 } 2808 2809 // TODO refactor fs_mgr_get_crypt_info to get both in one call 2810 fs_mgr_get_crypt_info(fstab, key_loc, 0, sizeof(key_loc)); 2811 fs_mgr_get_crypt_info(fstab, 0, real_blkdev, sizeof(real_blkdev)); 2812 2813 /* Get the size of the real block device */ 2814 fd = open(real_blkdev, O_RDONLY); 2815 if ( (nr_sec = get_blkdev_size(fd)) == 0) { 2816 SLOGE("Cannot get size of block device %s\n", real_blkdev); 2817 goto error_unencrypted; 2818 } 2819 close(fd); 2820 2821 /* If doing inplace encryption, make sure the orig fs doesn't include the crypto footer */ 2822 if ((how == CRYPTO_ENABLE_INPLACE) && (!strcmp(key_loc, KEY_IN_FOOTER))) { 2823 unsigned int fs_size_sec, max_fs_size_sec; 2824 fs_size_sec = get_fs_size(real_blkdev); 2825 if (fs_size_sec == 0) 2826 fs_size_sec = get_f2fs_filesystem_size_sec(real_blkdev); 2827 2828 max_fs_size_sec = nr_sec - (CRYPT_FOOTER_OFFSET / CRYPT_SECTOR_SIZE); 2829 2830 if (fs_size_sec > max_fs_size_sec) { 2831 SLOGE("Orig filesystem overlaps crypto footer region. Cannot encrypt in place."); 2832 goto error_unencrypted; 2833 } 2834 } 2835 2836 /* Get a wakelock as this may take a while, and we don't want the 2837 * device to sleep on us. We'll grab a partial wakelock, and if the UI 2838 * wants to keep the screen on, it can grab a full wakelock. 2839 */ 2840 snprintf(lockid, sizeof(lockid), "enablecrypto%d", (int) getpid()); 2841 acquire_wake_lock(PARTIAL_WAKE_LOCK, lockid); 2842 2843 /* Get the sdcard mount point */ 2844 sd_mnt_point = getenv("EMULATED_STORAGE_SOURCE"); 2845 if (!sd_mnt_point) { 2846 sd_mnt_point = getenv("EXTERNAL_STORAGE"); 2847 } 2848 if (!sd_mnt_point) { 2849 sd_mnt_point = "/mnt/sdcard"; 2850 } 2851 2852 /* TODO 2853 * Currently do not have test devices with multiple encryptable volumes. 2854 * When we acquire some, re-add support. 2855 */ 2856 num_vols=vold_getNumDirectVolumes(); 2857 vol_list = malloc(sizeof(struct volume_info) * num_vols); 2858 vold_getDirectVolumeList(vol_list); 2859 2860 for (i=0; i<num_vols; i++) { 2861 if (should_encrypt(&vol_list[i])) { 2862 SLOGE("Cannot encrypt if there are multiple encryptable volumes" 2863 "%s\n", vol_list[i].label); 2864 goto error_unencrypted; 2865 } 2866 } 2867 2868 /* The init files are setup to stop the class main and late start when 2869 * vold sets trigger_shutdown_framework. 2870 */ 2871 property_set("vold.decrypt", "trigger_shutdown_framework"); 2872 SLOGD("Just asked init to shut down class main\n"); 2873 2874 if (vold_unmountAllAsecs()) { 2875 /* Just report the error. If any are left mounted, 2876 * umounting /data below will fail and handle the error. 2877 */ 2878 SLOGE("Error unmounting internal asecs"); 2879 } 2880 2881 property_get("ro.crypto.fuse_sdcard", fuse_sdcard, ""); 2882 if (!strcmp(fuse_sdcard, "true")) { 2883 /* This is a device using the fuse layer to emulate the sdcard semantics 2884 * on top of the userdata partition. vold does not manage it, it is managed 2885 * by the sdcard service. The sdcard service was killed by the property trigger 2886 * above, so just unmount it now. We must do this _AFTER_ killing the framework, 2887 * unlike the case for vold managed devices above. 2888 */ 2889 if (wait_and_unmount(sd_mnt_point)) { 2890 goto error_shutting_down; 2891 } 2892 } 2893 2894 /* Now unmount the /data partition. */ 2895 if (wait_and_unmount(DATA_MNT_POINT)) { 2896 if (allow_reboot) { 2897 goto error_shutting_down; 2898 } else { 2899 goto error_unencrypted; 2900 } 2901 } 2902 2903 /* Do extra work for a better UX when doing the long inplace encryption */ 2904 if (how == CRYPTO_ENABLE_INPLACE) { 2905 /* Now that /data is unmounted, we need to mount a tmpfs 2906 * /data, set a property saying we're doing inplace encryption, 2907 * and restart the framework. 2908 */ 2909 if (fs_mgr_do_tmpfs_mount(DATA_MNT_POINT)) { 2910 goto error_shutting_down; 2911 } 2912 /* Tells the framework that inplace encryption is starting */ 2913 property_set("vold.encrypt_progress", "0"); 2914 2915 /* restart the framework. */ 2916 /* Create necessary paths on /data */ 2917 if (prep_data_fs()) { 2918 goto error_shutting_down; 2919 } 2920 2921 /* Ugh, shutting down the framework is not synchronous, so until it 2922 * can be fixed, this horrible hack will wait a moment for it all to 2923 * shut down before proceeding. Without it, some devices cannot 2924 * restart the graphics services. 2925 */ 2926 sleep(2); 2927 2928 /* startup service classes main and late_start */ 2929 property_set("vold.decrypt", "trigger_restart_min_framework"); 2930 SLOGD("Just triggered restart_min_framework\n"); 2931 2932 /* OK, the framework is restarted and will soon be showing a 2933 * progress bar. Time to setup an encrypted mapping, and 2934 * either write a new filesystem, or encrypt in place updating 2935 * the progress bar as we work. 2936 */ 2937 } 2938 2939 /* Start the actual work of making an encrypted filesystem */ 2940 /* Initialize a crypt_mnt_ftr for the partition */ 2941 if (previously_encrypted_upto == 0) { 2942 if (cryptfs_init_crypt_mnt_ftr(&crypt_ftr)) { 2943 goto error_shutting_down; 2944 } 2945 2946 if (!strcmp(key_loc, KEY_IN_FOOTER)) { 2947 crypt_ftr.fs_size = nr_sec 2948 - (CRYPT_FOOTER_OFFSET / CRYPT_SECTOR_SIZE); 2949 } else { 2950 crypt_ftr.fs_size = nr_sec; 2951 } 2952 /* At this point, we are in an inconsistent state. Until we successfully 2953 complete encryption, a reboot will leave us broken. So mark the 2954 encryption failed in case that happens. 2955 On successfully completing encryption, remove this flag */ 2956 crypt_ftr.flags |= CRYPT_INCONSISTENT_STATE; 2957 crypt_ftr.crypt_type = crypt_type; 2958 strcpy((char *)crypt_ftr.crypto_type_name, "aes-cbc-essiv:sha256"); 2959 2960 /* Make an encrypted master key */ 2961 if (create_encrypted_random_key(passwd, crypt_ftr.master_key, crypt_ftr.salt, &crypt_ftr)) { 2962 SLOGE("Cannot create encrypted master key\n"); 2963 goto error_shutting_down; 2964 } 2965 2966 /* Write the key to the end of the partition */ 2967 put_crypt_ftr_and_key(&crypt_ftr); 2968 2969 /* If any persistent data has been remembered, save it. 2970 * If none, create a valid empty table and save that. 2971 */ 2972 if (!persist_data) { 2973 pdata = malloc(CRYPT_PERSIST_DATA_SIZE); 2974 if (pdata) { 2975 init_empty_persist_data(pdata, CRYPT_PERSIST_DATA_SIZE); 2976 persist_data = pdata; 2977 } 2978 } 2979 if (persist_data) { 2980 save_persistent_data(); 2981 } 2982 } 2983 2984 decrypt_master_key(passwd, decrypted_master_key, &crypt_ftr, 0, 0); 2985 create_crypto_blk_dev(&crypt_ftr, decrypted_master_key, real_blkdev, crypto_blkdev, 2986 "userdata"); 2987 2988 /* If we are continuing, check checksums match */ 2989 rc = 0; 2990 if (previously_encrypted_upto) { 2991 __le8 hash_first_block[SHA256_DIGEST_LENGTH]; 2992 rc = cryptfs_SHA256_fileblock(crypto_blkdev, hash_first_block); 2993 2994 if (!rc && memcmp(hash_first_block, crypt_ftr.hash_first_block, 2995 sizeof(hash_first_block)) != 0) { 2996 SLOGE("Checksums do not match - trigger wipe"); 2997 rc = -1; 2998 } 2999 } 3000 3001 if (!rc) { 3002 rc = cryptfs_enable_all_volumes(&crypt_ftr, how, 3003 crypto_blkdev, real_blkdev, 3004 previously_encrypted_upto); 3005 } 3006 3007 /* Calculate checksum if we are not finished */ 3008 if (!rc && crypt_ftr.encrypted_upto != crypt_ftr.fs_size) { 3009 rc = cryptfs_SHA256_fileblock(crypto_blkdev, 3010 crypt_ftr.hash_first_block); 3011 if (rc) { 3012 SLOGE("Error calculating checksum for continuing encryption"); 3013 rc = -1; 3014 } 3015 } 3016 3017 /* Undo the dm-crypt mapping whether we succeed or not */ 3018 delete_crypto_blk_dev("userdata"); 3019 3020 free(vol_list); 3021 3022 if (! rc) { 3023 /* Success */ 3024 crypt_ftr.flags &= ~CRYPT_INCONSISTENT_STATE; 3025 3026 if (crypt_ftr.encrypted_upto != crypt_ftr.fs_size) { 3027 SLOGD("Encrypted up to sector %lld - will continue after reboot", 3028 crypt_ftr.encrypted_upto); 3029 crypt_ftr.flags |= CRYPT_ENCRYPTION_IN_PROGRESS; 3030 } 3031 3032 put_crypt_ftr_and_key(&crypt_ftr); 3033 3034 if (crypt_ftr.encrypted_upto == crypt_ftr.fs_size) { 3035 char value[PROPERTY_VALUE_MAX]; 3036 property_get("ro.crypto.state", value, ""); 3037 if (!strcmp(value, "")) { 3038 /* default encryption - continue first boot sequence */ 3039 property_set("ro.crypto.state", "encrypted"); 3040 release_wake_lock(lockid); 3041 cryptfs_check_passwd(DEFAULT_PASSWORD); 3042 cryptfs_restart_internal(1); 3043 return 0; 3044 } else { 3045 sleep(2); /* Give the UI a chance to show 100% progress */ 3046 cryptfs_reboot(reboot); 3047 } 3048 } else { 3049 sleep(2); /* Partially encrypted, ensure writes flushed to ssd */ 3050 cryptfs_reboot(shutdown); 3051 } 3052 } else { 3053 char value[PROPERTY_VALUE_MAX]; 3054 3055 property_get("ro.vold.wipe_on_crypt_fail", value, "0"); 3056 if (!strcmp(value, "1")) { 3057 /* wipe data if encryption failed */ 3058 SLOGE("encryption failed - rebooting into recovery to wipe data\n"); 3059 mkdir("/cache/recovery", 0700); 3060 int fd = open("/cache/recovery/command", O_RDWR|O_CREAT|O_TRUNC, 0600); 3061 if (fd >= 0) { 3062 write(fd, "--wipe_data\n", strlen("--wipe_data\n") + 1); 3063 write(fd, "--reason=cryptfs_enable_internal\n", strlen("--reason=cryptfs_enable_internal\n") + 1); 3064 close(fd); 3065 } else { 3066 SLOGE("could not open /cache/recovery/command\n"); 3067 } 3068 cryptfs_reboot(recovery); 3069 } else { 3070 /* set property to trigger dialog */ 3071 property_set("vold.encrypt_progress", "error_partially_encrypted"); 3072 release_wake_lock(lockid); 3073 } 3074 return -1; 3075 } 3076 3077 /* hrm, the encrypt step claims success, but the reboot failed. 3078 * This should not happen. 3079 * Set the property and return. Hope the framework can deal with it. 3080 */ 3081 property_set("vold.encrypt_progress", "error_reboot_failed"); 3082 release_wake_lock(lockid); 3083 return rc; 3084 3085error_unencrypted: 3086 free(vol_list); 3087 property_set("vold.encrypt_progress", "error_not_encrypted"); 3088 if (lockid[0]) { 3089 release_wake_lock(lockid); 3090 } 3091 return -1; 3092 3093error_shutting_down: 3094 /* we failed, and have not encrypted anthing, so the users's data is still intact, 3095 * but the framework is stopped and not restarted to show the error, so it's up to 3096 * vold to restart the system. 3097 */ 3098 SLOGE("Error enabling encryption after framework is shutdown, no data changed, restarting system"); 3099 cryptfs_reboot(reboot); 3100 3101 /* shouldn't get here */ 3102 property_set("vold.encrypt_progress", "error_shutting_down"); 3103 free(vol_list); 3104 if (lockid[0]) { 3105 release_wake_lock(lockid); 3106 } 3107 return -1; 3108} 3109 3110int cryptfs_enable(char *howarg, int type, char *passwd, int allow_reboot) 3111{ 3112 return cryptfs_enable_internal(howarg, type, passwd, allow_reboot); 3113} 3114 3115int cryptfs_enable_default(char *howarg, int allow_reboot) 3116{ 3117 return cryptfs_enable_internal(howarg, CRYPT_TYPE_DEFAULT, 3118 DEFAULT_PASSWORD, allow_reboot); 3119} 3120 3121int cryptfs_changepw(int crypt_type, const char *newpw) 3122{ 3123 struct crypt_mnt_ftr crypt_ftr; 3124 unsigned char decrypted_master_key[KEY_LEN_BYTES]; 3125 3126 /* This is only allowed after we've successfully decrypted the master key */ 3127 if (!master_key_saved) { 3128 SLOGE("Key not saved, aborting"); 3129 return -1; 3130 } 3131 3132 if (crypt_type < 0 || crypt_type > CRYPT_TYPE_MAX_TYPE) { 3133 SLOGE("Invalid crypt_type %d", crypt_type); 3134 return -1; 3135 } 3136 3137 /* get key */ 3138 if (get_crypt_ftr_and_key(&crypt_ftr)) { 3139 SLOGE("Error getting crypt footer and key"); 3140 return -1; 3141 } 3142 3143 crypt_ftr.crypt_type = crypt_type; 3144 3145 encrypt_master_key(crypt_type == CRYPT_TYPE_DEFAULT ? DEFAULT_PASSWORD 3146 : newpw, 3147 crypt_ftr.salt, 3148 saved_master_key, 3149 crypt_ftr.master_key, 3150 &crypt_ftr); 3151 3152 /* save the key */ 3153 put_crypt_ftr_and_key(&crypt_ftr); 3154 3155 return 0; 3156} 3157 3158static int persist_get_key(char *fieldname, char *value) 3159{ 3160 unsigned int i; 3161 3162 if (persist_data == NULL) { 3163 return -1; 3164 } 3165 for (i = 0; i < persist_data->persist_valid_entries; i++) { 3166 if (!strncmp(persist_data->persist_entry[i].key, fieldname, PROPERTY_KEY_MAX)) { 3167 /* We found it! */ 3168 strlcpy(value, persist_data->persist_entry[i].val, PROPERTY_VALUE_MAX); 3169 return 0; 3170 } 3171 } 3172 3173 return -1; 3174} 3175 3176static int persist_set_key(char *fieldname, char *value, int encrypted) 3177{ 3178 unsigned int i; 3179 unsigned int num; 3180 struct crypt_mnt_ftr crypt_ftr; 3181 unsigned int max_persistent_entries; 3182 unsigned int dsize; 3183 3184 if (persist_data == NULL) { 3185 return -1; 3186 } 3187 3188 /* If encrypted, use the values from the crypt_ftr, otherwise 3189 * use the values for the current spec. 3190 */ 3191 if (encrypted) { 3192 if(get_crypt_ftr_and_key(&crypt_ftr)) { 3193 return -1; 3194 } 3195 dsize = crypt_ftr.persist_data_size; 3196 } else { 3197 dsize = CRYPT_PERSIST_DATA_SIZE; 3198 } 3199 max_persistent_entries = (dsize - sizeof(struct crypt_persist_data)) / 3200 sizeof(struct crypt_persist_entry); 3201 3202 num = persist_data->persist_valid_entries; 3203 3204 for (i = 0; i < num; i++) { 3205 if (!strncmp(persist_data->persist_entry[i].key, fieldname, PROPERTY_KEY_MAX)) { 3206 /* We found an existing entry, update it! */ 3207 memset(persist_data->persist_entry[i].val, 0, PROPERTY_VALUE_MAX); 3208 strlcpy(persist_data->persist_entry[i].val, value, PROPERTY_VALUE_MAX); 3209 return 0; 3210 } 3211 } 3212 3213 /* We didn't find it, add it to the end, if there is room */ 3214 if (persist_data->persist_valid_entries < max_persistent_entries) { 3215 memset(&persist_data->persist_entry[num], 0, sizeof(struct crypt_persist_entry)); 3216 strlcpy(persist_data->persist_entry[num].key, fieldname, PROPERTY_KEY_MAX); 3217 strlcpy(persist_data->persist_entry[num].val, value, PROPERTY_VALUE_MAX); 3218 persist_data->persist_valid_entries++; 3219 return 0; 3220 } 3221 3222 return -1; 3223} 3224 3225/* Return the value of the specified field. */ 3226int cryptfs_getfield(char *fieldname, char *value, int len) 3227{ 3228 char temp_value[PROPERTY_VALUE_MAX]; 3229 char real_blkdev[MAXPATHLEN]; 3230 /* 0 is success, 1 is not encrypted, 3231 * -1 is value not set, -2 is any other error 3232 */ 3233 int rc = -2; 3234 3235 if (persist_data == NULL) { 3236 load_persistent_data(); 3237 if (persist_data == NULL) { 3238 SLOGE("Getfield error, cannot load persistent data"); 3239 goto out; 3240 } 3241 } 3242 3243 if (!persist_get_key(fieldname, temp_value)) { 3244 /* We found it, copy it to the caller's buffer and return */ 3245 strlcpy(value, temp_value, len); 3246 rc = 0; 3247 } else { 3248 /* Sadness, it's not there. Return the error */ 3249 rc = -1; 3250 } 3251 3252out: 3253 return rc; 3254} 3255 3256/* Set the value of the specified field. */ 3257int cryptfs_setfield(char *fieldname, char *value) 3258{ 3259 struct crypt_persist_data stored_pdata; 3260 struct crypt_persist_data *pdata_p; 3261 struct crypt_mnt_ftr crypt_ftr; 3262 char encrypted_state[PROPERTY_VALUE_MAX]; 3263 /* 0 is success, -1 is an error */ 3264 int rc = -1; 3265 int encrypted = 0; 3266 3267 if (persist_data == NULL) { 3268 load_persistent_data(); 3269 if (persist_data == NULL) { 3270 SLOGE("Setfield error, cannot load persistent data"); 3271 goto out; 3272 } 3273 } 3274 3275 property_get("ro.crypto.state", encrypted_state, ""); 3276 if (!strcmp(encrypted_state, "encrypted") ) { 3277 encrypted = 1; 3278 } 3279 3280 if (persist_set_key(fieldname, value, encrypted)) { 3281 goto out; 3282 } 3283 3284 /* If we are running encrypted, save the persistent data now */ 3285 if (encrypted) { 3286 if (save_persistent_data()) { 3287 SLOGE("Setfield error, cannot save persistent data"); 3288 goto out; 3289 } 3290 } 3291 3292 rc = 0; 3293 3294out: 3295 return rc; 3296} 3297 3298/* Checks userdata. Attempt to mount the volume if default- 3299 * encrypted. 3300 * On success trigger next init phase and return 0. 3301 * Currently do not handle failure - see TODO below. 3302 */ 3303int cryptfs_mount_default_encrypted(void) 3304{ 3305 char decrypt_state[PROPERTY_VALUE_MAX]; 3306 property_get("vold.decrypt", decrypt_state, "0"); 3307 if (!strcmp(decrypt_state, "0")) { 3308 SLOGE("Not encrypted - should not call here"); 3309 } else { 3310 int crypt_type = cryptfs_get_password_type(); 3311 if (crypt_type < 0 || crypt_type > CRYPT_TYPE_MAX_TYPE) { 3312 SLOGE("Bad crypt type - error"); 3313 } else if (crypt_type != CRYPT_TYPE_DEFAULT) { 3314 SLOGD("Password is not default - " 3315 "starting min framework to prompt"); 3316 property_set("vold.decrypt", "trigger_restart_min_framework"); 3317 return 0; 3318 } else if (cryptfs_check_passwd(DEFAULT_PASSWORD) == 0) { 3319 SLOGD("Password is default - restarting filesystem"); 3320 cryptfs_restart_internal(0); 3321 return 0; 3322 } else { 3323 SLOGE("Encrypted, default crypt type but can't decrypt"); 3324 } 3325 } 3326 3327 /** Corrupt. Allow us to boot into framework, which will detect bad 3328 crypto when it calls do_crypto_complete, then do a factory reset 3329 */ 3330 property_set("vold.decrypt", "trigger_restart_min_framework"); 3331 return 0; 3332} 3333 3334/* Returns type of the password, default, pattern, pin or password. 3335 */ 3336int cryptfs_get_password_type(void) 3337{ 3338 struct crypt_mnt_ftr crypt_ftr; 3339 3340 if (get_crypt_ftr_and_key(&crypt_ftr)) { 3341 SLOGE("Error getting crypt footer and key\n"); 3342 return -1; 3343 } 3344 3345 if (crypt_ftr.flags & CRYPT_INCONSISTENT_STATE) { 3346 return -1; 3347 } 3348 3349 return crypt_ftr.crypt_type; 3350} 3351 3352char* cryptfs_get_password() 3353{ 3354 struct timespec now; 3355 clock_gettime(CLOCK_MONOTONIC, &now); 3356 if (now.tv_sec < password_expiry_time) { 3357 return password; 3358 } else { 3359 cryptfs_clear_password(); 3360 return 0; 3361 } 3362} 3363 3364void cryptfs_clear_password() 3365{ 3366 if (password) { 3367 size_t len = strlen(password); 3368 memset(password, 0, len); 3369 free(password); 3370 password = 0; 3371 password_expiry_time = 0; 3372 } 3373} 3374