|
|
|
@ -80,12 +80,10 @@ extern "C" {
|
|
|
|
|
|
|
|
|
|
constexpr size_t INTERMEDIATE_KEY_LEN_BYTES = 16;
|
|
|
|
|
constexpr size_t INTERMEDIATE_IV_LEN_BYTES = 16;
|
|
|
|
|
constexpr size_t INTERMEDIATE_BUF_SIZE =
|
|
|
|
|
(INTERMEDIATE_KEY_LEN_BYTES + INTERMEDIATE_IV_LEN_BYTES);
|
|
|
|
|
constexpr size_t INTERMEDIATE_BUF_SIZE = (INTERMEDIATE_KEY_LEN_BYTES + INTERMEDIATE_IV_LEN_BYTES);
|
|
|
|
|
|
|
|
|
|
// SCRYPT_LEN is used by struct crypt_mnt_ftr for its intermediate key.
|
|
|
|
|
static_assert(INTERMEDIATE_BUF_SIZE == SCRYPT_LEN,
|
|
|
|
|
"Mismatch of intermediate key sizes");
|
|
|
|
|
static_assert(INTERMEDIATE_BUF_SIZE == SCRYPT_LEN, "Mismatch of intermediate key sizes");
|
|
|
|
|
|
|
|
|
|
#define KEY_IN_FOOTER "footer"
|
|
|
|
|
|
|
|
|
@ -118,22 +116,20 @@ static int master_key_saved = 0;
|
|
|
|
|
static struct crypt_persist_data* persist_data = NULL;
|
|
|
|
|
|
|
|
|
|
/* Should we use keymaster? */
|
|
|
|
|
static int keymaster_check_compatibility()
|
|
|
|
|
{
|
|
|
|
|
static int keymaster_check_compatibility() {
|
|
|
|
|
return keymaster_compatibility_cryptfs_scrypt();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Create a new keymaster key and store it in this footer */
|
|
|
|
|
static int keymaster_create_key(struct crypt_mnt_ftr *ftr)
|
|
|
|
|
{
|
|
|
|
|
static int keymaster_create_key(struct crypt_mnt_ftr* ftr) {
|
|
|
|
|
if (ftr->keymaster_blob_size) {
|
|
|
|
|
SLOGI("Already have key");
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int rc = keymaster_create_key_for_cryptfs_scrypt(RSA_KEY_SIZE, RSA_EXPONENT,
|
|
|
|
|
KEYMASTER_CRYPTFS_RATE_LIMIT, ftr->keymaster_blob, KEYMASTER_BLOB_SIZE,
|
|
|
|
|
&ftr->keymaster_blob_size);
|
|
|
|
|
int rc = keymaster_create_key_for_cryptfs_scrypt(
|
|
|
|
|
RSA_KEY_SIZE, RSA_EXPONENT, KEYMASTER_CRYPTFS_RATE_LIMIT, ftr->keymaster_blob,
|
|
|
|
|
KEYMASTER_BLOB_SIZE, &ftr->keymaster_blob_size);
|
|
|
|
|
if (rc) {
|
|
|
|
|
if (ftr->keymaster_blob_size > KEYMASTER_BLOB_SIZE) {
|
|
|
|
|
SLOGE("Keymaster key blob too large");
|
|
|
|
@ -146,12 +142,9 @@ static int keymaster_create_key(struct crypt_mnt_ftr *ftr)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* This signs the given object using the keymaster key. */
|
|
|
|
|
static int keymaster_sign_object(struct crypt_mnt_ftr *ftr,
|
|
|
|
|
const unsigned char *object,
|
|
|
|
|
const size_t object_size,
|
|
|
|
|
unsigned char **signature,
|
|
|
|
|
size_t *signature_size)
|
|
|
|
|
{
|
|
|
|
|
static int keymaster_sign_object(struct crypt_mnt_ftr* ftr, const unsigned char* object,
|
|
|
|
|
const size_t object_size, unsigned char** signature,
|
|
|
|
|
size_t* signature_size) {
|
|
|
|
|
unsigned char to_sign[RSA_KEY_SIZE_BYTES];
|
|
|
|
|
size_t to_sign_size = sizeof(to_sign);
|
|
|
|
|
memset(to_sign, 0, RSA_KEY_SIZE_BYTES);
|
|
|
|
@ -231,8 +224,7 @@ static int password_expiry_time = 0;
|
|
|
|
|
static const int password_max_age_seconds = 60;
|
|
|
|
|
|
|
|
|
|
enum class RebootType { reboot, recovery, shutdown };
|
|
|
|
|
static void cryptfs_reboot(RebootType rt)
|
|
|
|
|
{
|
|
|
|
|
static void cryptfs_reboot(RebootType rt) {
|
|
|
|
|
switch (rt) {
|
|
|
|
|
case RebootType::reboot:
|
|
|
|
|
property_set(ANDROID_RB_PROPERTY, "reboot");
|
|
|
|
@ -253,8 +245,7 @@ static void cryptfs_reboot(RebootType rt)
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void ioctl_init(struct dm_ioctl *io, size_t dataSize, const char *name, unsigned flags)
|
|
|
|
|
{
|
|
|
|
|
static void ioctl_init(struct dm_ioctl* io, size_t dataSize, const char* name, unsigned flags) {
|
|
|
|
|
memset(io, 0, dataSize);
|
|
|
|
|
io->data_size = dataSize;
|
|
|
|
|
io->data_start = sizeof(struct dm_ioctl);
|
|
|
|
@ -300,8 +291,7 @@ struct CryptoType {
|
|
|
|
|
const char* crypto_name;
|
|
|
|
|
uint32_t keysize;
|
|
|
|
|
|
|
|
|
|
constexpr CryptoType(const char *property, const char *crypto,
|
|
|
|
|
uint32_t ksize)
|
|
|
|
|
constexpr CryptoType(const char* property, const char* crypto, uint32_t ksize)
|
|
|
|
|
: property_name(property), crypto_name(crypto), keysize(ksize) {}
|
|
|
|
|
friend const CryptoType& get_crypto_type();
|
|
|
|
|
static const CryptoType& get_device_crypto_algorithm();
|
|
|
|
@ -325,13 +315,14 @@ constexpr CryptoType supported_crypto_types[] = {
|
|
|
|
|
// Add new CryptoTypes here. Order is not important.
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// ---------- START COMPILE-TIME SANITY CHECK BLOCK -------------------------
|
|
|
|
|
// We confirm all supported_crypto_types have a small enough keysize and
|
|
|
|
|
// had both set_property_name() and set_crypto_name() called.
|
|
|
|
|
|
|
|
|
|
template <typename T, size_t N>
|
|
|
|
|
constexpr size_t array_length(T (&)[N]) { return N; }
|
|
|
|
|
constexpr size_t array_length(T (&)[N]) {
|
|
|
|
|
return N;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
constexpr bool indexOutOfBoundsForCryptoTypes(size_t index) {
|
|
|
|
|
return (index >= array_length(supported_crypto_types));
|
|
|
|
@ -357,28 +348,24 @@ static_assert(validateSupportedCryptoTypes(0),
|
|
|
|
|
"incompletely constructed.");
|
|
|
|
|
// ---------- END COMPILE-TIME SANITY CHECK BLOCK -------------------------
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// Don't call this directly, use get_crypto_type(), which caches this result.
|
|
|
|
|
const CryptoType& CryptoType::get_device_crypto_algorithm() {
|
|
|
|
|
constexpr char CRYPT_ALGO_PROP[] = "ro.crypto.fde_algorithm";
|
|
|
|
|
char paramstr[PROPERTY_VALUE_MAX];
|
|
|
|
|
|
|
|
|
|
property_get(CRYPT_ALGO_PROP, paramstr,
|
|
|
|
|
default_crypto_type.get_property_name());
|
|
|
|
|
property_get(CRYPT_ALGO_PROP, paramstr, default_crypto_type.get_property_name());
|
|
|
|
|
for (auto const& ctype : supported_crypto_types) {
|
|
|
|
|
if (strcmp(paramstr, ctype.get_property_name()) == 0) {
|
|
|
|
|
return ctype;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
ALOGE("Invalid name (%s) for %s. Defaulting to %s\n", paramstr,
|
|
|
|
|
CRYPT_ALGO_PROP, default_crypto_type.get_property_name());
|
|
|
|
|
ALOGE("Invalid name (%s) for %s. Defaulting to %s\n", paramstr, CRYPT_ALGO_PROP,
|
|
|
|
|
default_crypto_type.get_property_name());
|
|
|
|
|
return default_crypto_type;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
} // namespace
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Gets the default device scrypt parameters for key derivation time tuning.
|
|
|
|
|
* The parameters should lead to about one second derivation time for the
|
|
|
|
@ -406,8 +393,7 @@ const char *cryptfs_get_crypto_name() {
|
|
|
|
|
return get_crypto_type().get_crypto_name();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static unsigned int get_fs_size(char *dev)
|
|
|
|
|
{
|
|
|
|
|
static unsigned int get_fs_size(char* dev) {
|
|
|
|
|
int fd, block_size;
|
|
|
|
|
struct ext4_super_block sb;
|
|
|
|
|
off64_t len;
|
|
|
|
@ -441,8 +427,7 @@ static unsigned int get_fs_size(char *dev)
|
|
|
|
|
return (unsigned int)(len / 512);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int get_crypt_ftr_info(char **metadata_fname, off64_t *off)
|
|
|
|
|
{
|
|
|
|
|
static int get_crypt_ftr_info(char** metadata_fname, off64_t* off) {
|
|
|
|
|
static int cached_data = 0;
|
|
|
|
|
static off64_t cached_off = 0;
|
|
|
|
|
static char cached_metadata_fname[PROPERTY_VALUE_MAX] = "";
|
|
|
|
@ -495,8 +480,7 @@ static int get_crypt_ftr_info(char **metadata_fname, off64_t *off)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Set sha256 checksum in structure */
|
|
|
|
|
static void set_ftr_sha(struct crypt_mnt_ftr *crypt_ftr)
|
|
|
|
|
{
|
|
|
|
|
static void set_ftr_sha(struct crypt_mnt_ftr* crypt_ftr) {
|
|
|
|
|
SHA256_CTX c;
|
|
|
|
|
SHA256_Init(&c);
|
|
|
|
|
memset(crypt_ftr->sha256, 0, sizeof(crypt_ftr->sha256));
|
|
|
|
@ -507,8 +491,7 @@ static void set_ftr_sha(struct crypt_mnt_ftr *crypt_ftr)
|
|
|
|
|
/* key or salt can be NULL, in which case just skip writing that value. Useful to
|
|
|
|
|
* update the failed mount count but not change the key.
|
|
|
|
|
*/
|
|
|
|
|
static int put_crypt_ftr_and_key(struct crypt_mnt_ftr *crypt_ftr)
|
|
|
|
|
{
|
|
|
|
|
static int put_crypt_ftr_and_key(struct crypt_mnt_ftr* crypt_ftr) {
|
|
|
|
|
int fd;
|
|
|
|
|
unsigned int cnt;
|
|
|
|
|
/* starting_off is set to the SEEK_SET offset
|
|
|
|
@ -560,29 +543,24 @@ static int put_crypt_ftr_and_key(struct crypt_mnt_ftr *crypt_ftr)
|
|
|
|
|
errout:
|
|
|
|
|
close(fd);
|
|
|
|
|
return rc;
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static bool check_ftr_sha(const struct crypt_mnt_ftr *crypt_ftr)
|
|
|
|
|
{
|
|
|
|
|
static bool check_ftr_sha(const struct crypt_mnt_ftr* crypt_ftr) {
|
|
|
|
|
struct crypt_mnt_ftr copy;
|
|
|
|
|
memcpy(©, crypt_ftr, sizeof(copy));
|
|
|
|
|
set_ftr_sha(©);
|
|
|
|
|
return memcmp(copy.sha256, crypt_ftr->sha256, sizeof(copy.sha256)) == 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static inline int unix_read(int fd, void* buff, int len)
|
|
|
|
|
{
|
|
|
|
|
static inline int unix_read(int fd, void* buff, int len) {
|
|
|
|
|
return TEMP_FAILURE_RETRY(read(fd, buff, len));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static inline int unix_write(int fd, const void* buff, int len)
|
|
|
|
|
{
|
|
|
|
|
static inline int unix_write(int fd, const void* buff, int len) {
|
|
|
|
|
return TEMP_FAILURE_RETRY(write(fd, buff, len));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void init_empty_persist_data(struct crypt_persist_data *pdata, int len)
|
|
|
|
|
{
|
|
|
|
|
static void init_empty_persist_data(struct crypt_persist_data* pdata, int len) {
|
|
|
|
|
memset(pdata, 0, len);
|
|
|
|
|
pdata->persist_magic = PERSIST_DATA_MAGIC;
|
|
|
|
|
pdata->persist_valid_entries = 0;
|
|
|
|
@ -593,8 +571,7 @@ static void init_empty_persist_data(struct crypt_persist_data *pdata, int len)
|
|
|
|
|
* data, crypt_ftr is a pointer to the struct to be updated, and offset is the
|
|
|
|
|
* absolute offset to the start of the crypt_mnt_ftr on the passed in fd.
|
|
|
|
|
*/
|
|
|
|
|
static void upgrade_crypt_ftr(int fd, struct crypt_mnt_ftr *crypt_ftr, off64_t offset)
|
|
|
|
|
{
|
|
|
|
|
static void upgrade_crypt_ftr(int fd, struct crypt_mnt_ftr* crypt_ftr, off64_t offset) {
|
|
|
|
|
int orig_major = crypt_ftr->major_version;
|
|
|
|
|
int orig_minor = crypt_ftr->minor_version;
|
|
|
|
|
|
|
|
|
@ -657,9 +634,7 @@ static void upgrade_crypt_ftr(int fd, struct crypt_mnt_ftr *crypt_ftr, off64_t o
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static int get_crypt_ftr_and_key(struct crypt_mnt_ftr *crypt_ftr)
|
|
|
|
|
{
|
|
|
|
|
static int get_crypt_ftr_and_key(struct crypt_mnt_ftr* crypt_ftr) {
|
|
|
|
|
int fd;
|
|
|
|
|
unsigned int cnt;
|
|
|
|
|
off64_t starting_off;
|
|
|
|
@ -714,9 +689,10 @@ static int get_crypt_ftr_and_key(struct crypt_mnt_ftr *crypt_ftr)
|
|
|
|
|
// AES-CBC key wrapping only works for multiples of 16 bytes.
|
|
|
|
|
if ((crypt_ftr->keysize == 0) || ((crypt_ftr->keysize % 16) != 0) ||
|
|
|
|
|
(crypt_ftr->keysize > MAX_KEY_LEN)) {
|
|
|
|
|
SLOGE("Invalid keysize (%u) for block device %s; Must be non-zero, "
|
|
|
|
|
"divisible by 16, and <= %d\n", crypt_ftr->keysize, fname,
|
|
|
|
|
MAX_KEY_LEN);
|
|
|
|
|
SLOGE(
|
|
|
|
|
"Invalid keysize (%u) for block device %s; Must be non-zero, "
|
|
|
|
|
"divisible by 16, and <= %d\n",
|
|
|
|
|
crypt_ftr->keysize, fname, MAX_KEY_LEN);
|
|
|
|
|
goto errout;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
@ -740,8 +716,7 @@ errout:
|
|
|
|
|
return rc;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int validate_persistent_data_storage(struct crypt_mnt_ftr *crypt_ftr)
|
|
|
|
|
{
|
|
|
|
|
static int validate_persistent_data_storage(struct crypt_mnt_ftr* crypt_ftr) {
|
|
|
|
|
if (crypt_ftr->persist_data_offset[0] + crypt_ftr->persist_data_size >
|
|
|
|
|
crypt_ftr->persist_data_offset[1]) {
|
|
|
|
|
SLOGE("Crypt_ftr persist data regions overlap");
|
|
|
|
@ -763,8 +738,7 @@ static int validate_persistent_data_storage(struct crypt_mnt_ftr *crypt_ftr)
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int load_persistent_data(void)
|
|
|
|
|
{
|
|
|
|
|
static int load_persistent_data(void) {
|
|
|
|
|
struct crypt_mnt_ftr crypt_ftr;
|
|
|
|
|
struct crypt_persist_data* pdata = NULL;
|
|
|
|
|
char encrypted_state[PROPERTY_VALUE_MAX];
|
|
|
|
@ -779,7 +753,6 @@ static int load_persistent_data(void)
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/* If not encrypted, just allocate an empty table and initialize it */
|
|
|
|
|
property_get("ro.crypto.state", encrypted_state, "");
|
|
|
|
|
if (strcmp(encrypted_state, "encrypted")) {
|
|
|
|
@ -796,8 +769,8 @@ static int load_persistent_data(void)
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ((crypt_ftr.major_version < 1)
|
|
|
|
|
|| (crypt_ftr.major_version == 1 && crypt_ftr.minor_version < 1)) {
|
|
|
|
|
if ((crypt_ftr.major_version < 1) ||
|
|
|
|
|
(crypt_ftr.major_version == 1 && crypt_ftr.minor_version < 1)) {
|
|
|
|
|
SLOGE("Crypt_ftr version doesn't support persistent data");
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
@ -856,8 +829,7 @@ err:
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int save_persistent_data(void)
|
|
|
|
|
{
|
|
|
|
|
static int save_persistent_data(void) {
|
|
|
|
|
struct crypt_mnt_ftr crypt_ftr;
|
|
|
|
|
struct crypt_persist_data* pdata;
|
|
|
|
|
char* fname;
|
|
|
|
@ -875,8 +847,8 @@ static int save_persistent_data(void)
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ((crypt_ftr.major_version < 1)
|
|
|
|
|
|| (crypt_ftr.major_version == 1 && crypt_ftr.minor_version < 1)) {
|
|
|
|
|
if ((crypt_ftr.major_version < 1) ||
|
|
|
|
|
(crypt_ftr.major_version == 1 && crypt_ftr.minor_version < 1)) {
|
|
|
|
|
SLOGE("Crypt_ftr version doesn't support persistent data");
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
@ -937,8 +909,7 @@ static int save_persistent_data(void)
|
|
|
|
|
}
|
|
|
|
|
fsync(fd);
|
|
|
|
|
memset(pdata, 0, crypt_ftr.persist_data_size);
|
|
|
|
|
if (unix_write(fd, pdata, crypt_ftr.persist_data_size) !=
|
|
|
|
|
(int) crypt_ftr.persist_data_size) {
|
|
|
|
|
if (unix_write(fd, pdata, crypt_ftr.persist_data_size) != (int)crypt_ftr.persist_data_size) {
|
|
|
|
|
SLOGE("Cannot write to erase previous persistent data");
|
|
|
|
|
goto err2;
|
|
|
|
|
}
|
|
|
|
@ -963,8 +934,8 @@ err:
|
|
|
|
|
/* Convert a binary key of specified length into an ascii hex string equivalent,
|
|
|
|
|
* without the leading 0x and with null termination
|
|
|
|
|
*/
|
|
|
|
|
static void convert_key_to_hex_ascii(const unsigned char *master_key,
|
|
|
|
|
unsigned int keysize, char *master_key_ascii) {
|
|
|
|
|
static void convert_key_to_hex_ascii(const unsigned char* master_key, unsigned int keysize,
|
|
|
|
|
char* master_key_ascii) {
|
|
|
|
|
unsigned int i, a;
|
|
|
|
|
unsigned char nibble;
|
|
|
|
|
|
|
|
|
@ -979,7 +950,6 @@ static void convert_key_to_hex_ascii(const unsigned char *master_key,
|
|
|
|
|
|
|
|
|
|
/* Add the null termination */
|
|
|
|
|
master_key_ascii[a] = '\0';
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int load_crypto_mapping_table(struct crypt_mnt_ftr* crypt_ftr,
|
|
|
|
@ -1013,10 +983,10 @@ static int load_crypto_mapping_table(struct crypt_mnt_ftr *crypt_ftr,
|
|
|
|
|
buff_offset = crypt_params - buffer;
|
|
|
|
|
SLOGI("Extra parameters for dm_crypt: %s\n", extra_params);
|
|
|
|
|
snprintf(crypt_params, sizeof(buffer) - buff_offset, "%s %s 0 %s 0 %s",
|
|
|
|
|
crypt_ftr->crypto_type_name, master_key_ascii, real_blk_name,
|
|
|
|
|
extra_params);
|
|
|
|
|
crypt_ftr->crypto_type_name, master_key_ascii, real_blk_name, extra_params);
|
|
|
|
|
crypt_params += strlen(crypt_params) + 1;
|
|
|
|
|
crypt_params = (char *) (((unsigned long)crypt_params + 7) & ~8); /* Align to an 8 byte boundary */
|
|
|
|
|
crypt_params =
|
|
|
|
|
(char*)(((unsigned long)crypt_params + 7) & ~8); /* Align to an 8 byte boundary */
|
|
|
|
|
tgt->next = crypt_params - buffer;
|
|
|
|
|
|
|
|
|
|
for (i = 0; i < TABLE_LOAD_RETRIES; i++) {
|
|
|
|
@ -1034,9 +1004,7 @@ static int load_crypto_mapping_table(struct crypt_mnt_ftr *crypt_ftr,
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static int get_dm_crypt_version(int fd, const char *name, int *version)
|
|
|
|
|
{
|
|
|
|
|
static int get_dm_crypt_version(int fd, const char* name, int* version) {
|
|
|
|
|
char buffer[DM_CRYPT_BUF_SIZE];
|
|
|
|
|
struct dm_ioctl* io;
|
|
|
|
|
struct dm_target_versions* v;
|
|
|
|
@ -1148,8 +1116,7 @@ errout:
|
|
|
|
|
return retval;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int delete_crypto_blk_dev(const char *name)
|
|
|
|
|
{
|
|
|
|
|
static int delete_crypto_blk_dev(const char* name) {
|
|
|
|
|
int fd;
|
|
|
|
|
char buffer[DM_CRYPT_BUF_SIZE];
|
|
|
|
|
struct dm_ioctl* io;
|
|
|
|
@ -1175,23 +1142,18 @@ errout:
|
|
|
|
|
close(fd); /* If fd is <0 from a failed open call, it's safe to just ignore the close error */
|
|
|
|
|
|
|
|
|
|
return retval;
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int pbkdf2(const char *passwd, const unsigned char *salt,
|
|
|
|
|
unsigned char *ikey, void *params UNUSED)
|
|
|
|
|
{
|
|
|
|
|
static int pbkdf2(const char* passwd, const unsigned char* salt, unsigned char* ikey,
|
|
|
|
|
void* params UNUSED) {
|
|
|
|
|
SLOGI("Using pbkdf2 for cryptfs KDF");
|
|
|
|
|
|
|
|
|
|
/* Turn the password into a key and IV that can decrypt the master key */
|
|
|
|
|
return PKCS5_PBKDF2_HMAC_SHA1(passwd, strlen(passwd), salt, SALT_LEN,
|
|
|
|
|
HASH_COUNT, INTERMEDIATE_BUF_SIZE,
|
|
|
|
|
ikey) != 1;
|
|
|
|
|
return PKCS5_PBKDF2_HMAC_SHA1(passwd, strlen(passwd), salt, SALT_LEN, HASH_COUNT,
|
|
|
|
|
INTERMEDIATE_BUF_SIZE, ikey) != 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int scrypt(const char *passwd, const unsigned char *salt,
|
|
|
|
|
unsigned char *ikey, void *params)
|
|
|
|
|
{
|
|
|
|
|
static int scrypt(const char* passwd, const unsigned char* salt, unsigned char* ikey, void* params) {
|
|
|
|
|
SLOGI("Using scrypt for cryptfs KDF");
|
|
|
|
|
|
|
|
|
|
struct crypt_mnt_ftr* ftr = (struct crypt_mnt_ftr*)params;
|
|
|
|
@ -1201,16 +1163,14 @@ static int scrypt(const char *passwd, const unsigned char *salt,
|
|
|
|
|
int p = 1 << ftr->p_factor;
|
|
|
|
|
|
|
|
|
|
/* Turn the password into a key and IV that can decrypt the master key */
|
|
|
|
|
crypto_scrypt((const uint8_t*)passwd, strlen(passwd),
|
|
|
|
|
salt, SALT_LEN, N, r, p, ikey,
|
|
|
|
|
crypto_scrypt((const uint8_t*)passwd, strlen(passwd), salt, SALT_LEN, N, r, p, ikey,
|
|
|
|
|
INTERMEDIATE_BUF_SIZE);
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int scrypt_keymaster(const char *passwd, const unsigned char *salt,
|
|
|
|
|
unsigned char *ikey, void *params)
|
|
|
|
|
{
|
|
|
|
|
static int scrypt_keymaster(const char* passwd, const unsigned char* salt, unsigned char* ikey,
|
|
|
|
|
void* params) {
|
|
|
|
|
SLOGI("Using scrypt with keymaster for cryptfs KDF");
|
|
|
|
|
|
|
|
|
|
int rc;
|
|
|
|
@ -1222,8 +1182,7 @@ static int scrypt_keymaster(const char *passwd, const unsigned char *salt,
|
|
|
|
|
int r = 1 << ftr->r_factor;
|
|
|
|
|
int p = 1 << ftr->p_factor;
|
|
|
|
|
|
|
|
|
|
rc = crypto_scrypt((const uint8_t*)passwd, strlen(passwd),
|
|
|
|
|
salt, SALT_LEN, N, r, p, ikey,
|
|
|
|
|
rc = crypto_scrypt((const uint8_t*)passwd, strlen(passwd), salt, SALT_LEN, N, r, p, ikey,
|
|
|
|
|
INTERMEDIATE_BUF_SIZE);
|
|
|
|
|
|
|
|
|
|
if (rc) {
|
|
|
|
@ -1231,14 +1190,13 @@ static int scrypt_keymaster(const char *passwd, const unsigned char *salt,
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (keymaster_sign_object(ftr, ikey, INTERMEDIATE_BUF_SIZE,
|
|
|
|
|
&signature, &signature_size)) {
|
|
|
|
|
if (keymaster_sign_object(ftr, ikey, INTERMEDIATE_BUF_SIZE, &signature, &signature_size)) {
|
|
|
|
|
SLOGE("Signing failed");
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
rc = crypto_scrypt(signature, signature_size, salt, SALT_LEN,
|
|
|
|
|
N, r, p, ikey, INTERMEDIATE_BUF_SIZE);
|
|
|
|
|
rc = crypto_scrypt(signature, signature_size, salt, SALT_LEN, N, r, p, ikey,
|
|
|
|
|
INTERMEDIATE_BUF_SIZE);
|
|
|
|
|
free(signature);
|
|
|
|
|
|
|
|
|
|
if (rc) {
|
|
|
|
@ -1251,9 +1209,7 @@ static int scrypt_keymaster(const char *passwd, const unsigned char *salt,
|
|
|
|
|
|
|
|
|
|
static int encrypt_master_key(const char* passwd, const unsigned char* salt,
|
|
|
|
|
const unsigned char* decrypted_master_key,
|
|
|
|
|
unsigned char *encrypted_master_key,
|
|
|
|
|
struct crypt_mnt_ftr *crypt_ftr)
|
|
|
|
|
{
|
|
|
|
|
unsigned char* encrypted_master_key, struct crypt_mnt_ftr* crypt_ftr) {
|
|
|
|
|
unsigned char ikey[INTERMEDIATE_BUF_SIZE] = {0};
|
|
|
|
|
EVP_CIPHER_CTX e_ctx;
|
|
|
|
|
int encrypted_len, final_len;
|
|
|
|
@ -1297,8 +1253,8 @@ static int encrypt_master_key(const char *passwd, const unsigned char *salt,
|
|
|
|
|
EVP_CIPHER_CTX_set_padding(&e_ctx, 0); /* Turn off padding as our data is block aligned */
|
|
|
|
|
|
|
|
|
|
/* Encrypt the master key */
|
|
|
|
|
if (! EVP_EncryptUpdate(&e_ctx, encrypted_master_key, &encrypted_len,
|
|
|
|
|
decrypted_master_key, crypt_ftr->keysize)) {
|
|
|
|
|
if (!EVP_EncryptUpdate(&e_ctx, encrypted_master_key, &encrypted_len, decrypted_master_key,
|
|
|
|
|
crypt_ftr->keysize)) {
|
|
|
|
|
SLOGE("EVP_EncryptUpdate failed\n");
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
@ -1321,9 +1277,8 @@ static int encrypt_master_key(const char *passwd, const unsigned char *salt,
|
|
|
|
|
int r = 1 << crypt_ftr->r_factor;
|
|
|
|
|
int p = 1 << crypt_ftr->p_factor;
|
|
|
|
|
|
|
|
|
|
rc = crypto_scrypt(ikey, INTERMEDIATE_KEY_LEN_BYTES,
|
|
|
|
|
crypt_ftr->salt, sizeof(crypt_ftr->salt), N, r, p,
|
|
|
|
|
crypt_ftr->scrypted_intermediate_key,
|
|
|
|
|
rc = crypto_scrypt(ikey, INTERMEDIATE_KEY_LEN_BYTES, crypt_ftr->salt, sizeof(crypt_ftr->salt),
|
|
|
|
|
N, r, p, crypt_ftr->scrypted_intermediate_key,
|
|
|
|
|
sizeof(crypt_ftr->scrypted_intermediate_key));
|
|
|
|
|
|
|
|
|
|
if (rc) {
|
|
|
|
@ -1336,13 +1291,10 @@ static int encrypt_master_key(const char *passwd, const unsigned char *salt,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int decrypt_master_key_aux(const char* passwd, unsigned char* salt,
|
|
|
|
|
const unsigned char *encrypted_master_key,
|
|
|
|
|
size_t keysize,
|
|
|
|
|
unsigned char *decrypted_master_key,
|
|
|
|
|
kdf_func kdf, void *kdf_params,
|
|
|
|
|
unsigned char** intermediate_key,
|
|
|
|
|
size_t* intermediate_key_size)
|
|
|
|
|
{
|
|
|
|
|
const unsigned char* encrypted_master_key, size_t keysize,
|
|
|
|
|
unsigned char* decrypted_master_key, kdf_func kdf,
|
|
|
|
|
void* kdf_params, unsigned char** intermediate_key,
|
|
|
|
|
size_t* intermediate_key_size) {
|
|
|
|
|
unsigned char ikey[INTERMEDIATE_BUF_SIZE] = {0};
|
|
|
|
|
EVP_CIPHER_CTX d_ctx;
|
|
|
|
|
int decrypted_len, final_len;
|
|
|
|
@ -1356,13 +1308,14 @@ static int decrypt_master_key_aux(const char *passwd, unsigned char *salt,
|
|
|
|
|
|
|
|
|
|
/* Initialize the decryption engine */
|
|
|
|
|
EVP_CIPHER_CTX_init(&d_ctx);
|
|
|
|
|
if (! EVP_DecryptInit_ex(&d_ctx, EVP_aes_128_cbc(), NULL, ikey, ikey+INTERMEDIATE_KEY_LEN_BYTES)) {
|
|
|
|
|
if (!EVP_DecryptInit_ex(&d_ctx, EVP_aes_128_cbc(), NULL, ikey,
|
|
|
|
|
ikey + INTERMEDIATE_KEY_LEN_BYTES)) {
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
EVP_CIPHER_CTX_set_padding(&d_ctx, 0); /* Turn off padding as our data is block aligned */
|
|
|
|
|
/* Decrypt the master key */
|
|
|
|
|
if (! EVP_DecryptUpdate(&d_ctx, decrypted_master_key, &decrypted_len,
|
|
|
|
|
encrypted_master_key, keysize)) {
|
|
|
|
|
if (!EVP_DecryptUpdate(&d_ctx, decrypted_master_key, &decrypted_len, encrypted_master_key,
|
|
|
|
|
keysize)) {
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
if (!EVP_DecryptFinal_ex(&d_ctx, decrypted_master_key + decrypted_len, &final_len)) {
|
|
|
|
@ -1387,8 +1340,7 @@ static int decrypt_master_key_aux(const char *passwd, unsigned char *salt,
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void get_kdf_func(struct crypt_mnt_ftr *ftr, kdf_func *kdf, void** kdf_params)
|
|
|
|
|
{
|
|
|
|
|
static void get_kdf_func(struct crypt_mnt_ftr* ftr, kdf_func* kdf, void** kdf_params) {
|
|
|
|
|
if (ftr->kdf_type == KDF_SCRYPT_KEYMASTER) {
|
|
|
|
|
*kdf = scrypt_keymaster;
|
|
|
|
|
*kdf_params = ftr;
|
|
|
|
@ -1402,19 +1354,16 @@ static void get_kdf_func(struct crypt_mnt_ftr *ftr, kdf_func *kdf, void** kdf_pa
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int decrypt_master_key(const char* passwd, unsigned char* decrypted_master_key,
|
|
|
|
|
struct crypt_mnt_ftr *crypt_ftr,
|
|
|
|
|
unsigned char** intermediate_key,
|
|
|
|
|
size_t* intermediate_key_size)
|
|
|
|
|
{
|
|
|
|
|
struct crypt_mnt_ftr* crypt_ftr, unsigned char** intermediate_key,
|
|
|
|
|
size_t* intermediate_key_size) {
|
|
|
|
|
kdf_func kdf;
|
|
|
|
|
void* kdf_params;
|
|
|
|
|
int ret;
|
|
|
|
|
|
|
|
|
|
get_kdf_func(crypt_ftr, &kdf, &kdf_params);
|
|
|
|
|
ret = decrypt_master_key_aux(passwd, crypt_ftr->salt, crypt_ftr->master_key,
|
|
|
|
|
crypt_ftr->keysize,
|
|
|
|
|
decrypted_master_key, kdf, kdf_params,
|
|
|
|
|
intermediate_key, intermediate_key_size);
|
|
|
|
|
ret = decrypt_master_key_aux(passwd, crypt_ftr->salt, crypt_ftr->master_key, crypt_ftr->keysize,
|
|
|
|
|
decrypted_master_key, kdf, kdf_params, intermediate_key,
|
|
|
|
|
intermediate_key_size);
|
|
|
|
|
if (ret != 0) {
|
|
|
|
|
SLOGW("failure decrypting master key");
|
|
|
|
|
}
|
|
|
|
@ -1422,8 +1371,8 @@ static int decrypt_master_key(const char *passwd, unsigned char *decrypted_maste
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int create_encrypted_random_key(const char *passwd, unsigned char *master_key, unsigned char *salt,
|
|
|
|
|
struct crypt_mnt_ftr *crypt_ftr) {
|
|
|
|
|
static int create_encrypted_random_key(const char* passwd, unsigned char* master_key,
|
|
|
|
|
unsigned char* salt, struct crypt_mnt_ftr* crypt_ftr) {
|
|
|
|
|
int fd;
|
|
|
|
|
unsigned char key_buf[MAX_KEY_LEN];
|
|
|
|
|
|
|
|
|
@ -1437,8 +1386,7 @@ static int create_encrypted_random_key(const char *passwd, unsigned char *master
|
|
|
|
|
return encrypt_master_key(passwd, salt, key_buf, master_key, crypt_ftr);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int wait_and_unmount(const char *mountpoint, bool kill)
|
|
|
|
|
{
|
|
|
|
|
int wait_and_unmount(const char* mountpoint, bool kill) {
|
|
|
|
|
int i, err, rc;
|
|
|
|
|
#define WAIT_UNMOUNT_COUNT 20
|
|
|
|
|
|
|
|
|
@ -1483,8 +1431,7 @@ int wait_and_unmount(const char *mountpoint, bool kill)
|
|
|
|
|
return rc;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void prep_data_fs(void)
|
|
|
|
|
{
|
|
|
|
|
static void prep_data_fs(void) {
|
|
|
|
|
// NOTE: post_fs_data results in init calling back around to vold, so all
|
|
|
|
|
// callers to this method must be async
|
|
|
|
|
|
|
|
|
@ -1494,17 +1441,14 @@ static void prep_data_fs(void)
|
|
|
|
|
SLOGD("Just triggered post_fs_data");
|
|
|
|
|
|
|
|
|
|
/* Wait a max of 50 seconds, hopefully it takes much less */
|
|
|
|
|
while (!android::base::WaitForProperty("vold.post_fs_data_done",
|
|
|
|
|
"1",
|
|
|
|
|
std::chrono::seconds(15))) {
|
|
|
|
|
while (!android::base::WaitForProperty("vold.post_fs_data_done", "1", std::chrono::seconds(15))) {
|
|
|
|
|
/* We timed out to prep /data in time. Continue wait. */
|
|
|
|
|
SLOGE("waited 15s for vold.post_fs_data_done, still waiting...");
|
|
|
|
|
}
|
|
|
|
|
SLOGD("post_fs_data done");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void cryptfs_set_corrupt()
|
|
|
|
|
{
|
|
|
|
|
static void cryptfs_set_corrupt() {
|
|
|
|
|
// Mark the footer as bad
|
|
|
|
|
struct crypt_mnt_ftr crypt_ftr;
|
|
|
|
|
if (get_crypt_ftr_and_key(&crypt_ftr)) {
|
|
|
|
@ -1519,8 +1463,7 @@ static void cryptfs_set_corrupt()
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void cryptfs_trigger_restart_min_framework()
|
|
|
|
|
{
|
|
|
|
|
static void cryptfs_trigger_restart_min_framework() {
|
|
|
|
|
if (fs_mgr_do_tmpfs_mount(DATA_MNT_POINT)) {
|
|
|
|
|
SLOGE("Failed to mount tmpfs on data - panic");
|
|
|
|
|
return;
|
|
|
|
@ -1538,8 +1481,7 @@ static void cryptfs_trigger_restart_min_framework()
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* returns < 0 on failure */
|
|
|
|
|
static int cryptfs_restart_internal(int restart_main)
|
|
|
|
|
{
|
|
|
|
|
static int cryptfs_restart_internal(int restart_main) {
|
|
|
|
|
char crypto_blkdev[MAXPATHLEN];
|
|
|
|
|
int rc = -1;
|
|
|
|
|
static int restart_successful = 0;
|
|
|
|
@ -1620,15 +1562,12 @@ static int cryptfs_restart_internal(int restart_main)
|
|
|
|
|
SLOGE("Failed to setexeccon");
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
while ((mount_rc = fs_mgr_do_mount(fstab_default, DATA_MNT_POINT,
|
|
|
|
|
crypto_blkdev, 0))
|
|
|
|
|
!= 0) {
|
|
|
|
|
while ((mount_rc = fs_mgr_do_mount(fstab_default, DATA_MNT_POINT, crypto_blkdev, 0)) != 0) {
|
|
|
|
|
if (mount_rc == FS_MGR_DOMNT_BUSY) {
|
|
|
|
|
/* TODO: invoke something similar to
|
|
|
|
|
Process::killProcessWithOpenFiles(DATA_MNT_POINT,
|
|
|
|
|
retries > RETRY_MOUNT_ATTEMPT/2 ? 1 : 2 ) */
|
|
|
|
|
SLOGI("Failed to mount %s because it is busy - waiting",
|
|
|
|
|
crypto_blkdev);
|
|
|
|
|
SLOGI("Failed to mount %s because it is busy - waiting", crypto_blkdev);
|
|
|
|
|
if (--retries) {
|
|
|
|
|
sleep(RETRY_MOUNT_DELAY_SECONDS);
|
|
|
|
|
} else {
|
|
|
|
@ -1671,8 +1610,7 @@ static int cryptfs_restart_internal(int restart_main)
|
|
|
|
|
return rc;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int cryptfs_restart(void)
|
|
|
|
|
{
|
|
|
|
|
int cryptfs_restart(void) {
|
|
|
|
|
SLOGI("cryptfs_restart");
|
|
|
|
|
if (e4crypt_is_native()) {
|
|
|
|
|
SLOGE("cryptfs_restart not valid for file encryption:");
|
|
|
|
@ -1683,8 +1621,7 @@ int cryptfs_restart(void)
|
|
|
|
|
return cryptfs_restart_internal(1);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int do_crypto_complete(const char *mount_point)
|
|
|
|
|
{
|
|
|
|
|
static int do_crypto_complete(const char* mount_point) {
|
|
|
|
|
struct crypt_mnt_ftr crypt_ftr;
|
|
|
|
|
char encrypted_state[PROPERTY_VALUE_MAX];
|
|
|
|
|
char key_loc[PROPERTY_VALUE_MAX];
|
|
|
|
@ -1739,9 +1676,8 @@ static int do_crypto_complete(const char *mount_point)
|
|
|
|
|
return CRYPTO_COMPLETE_ENCRYPTED;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int test_mount_encrypted_fs(struct crypt_mnt_ftr* crypt_ftr,
|
|
|
|
|
const char *passwd, const char *mount_point, const char *label)
|
|
|
|
|
{
|
|
|
|
|
static int test_mount_encrypted_fs(struct crypt_mnt_ftr* crypt_ftr, const char* passwd,
|
|
|
|
|
const char* mount_point, const char* label) {
|
|
|
|
|
unsigned char decrypted_master_key[MAX_KEY_LEN];
|
|
|
|
|
char crypto_blkdev[MAXPATHLEN];
|
|
|
|
|
char real_blkdev[MAXPATHLEN];
|
|
|
|
@ -1760,8 +1696,8 @@ static int test_mount_encrypted_fs(struct crypt_mnt_ftr* crypt_ftr,
|
|
|
|
|
orig_failed_decrypt_count = crypt_ftr->failed_decrypt_count;
|
|
|
|
|
|
|
|
|
|
if (!(crypt_ftr->flags & CRYPT_MNT_KEY_UNENCRYPTED)) {
|
|
|
|
|
if (decrypt_master_key(passwd, decrypted_master_key, crypt_ftr,
|
|
|
|
|
&intermediate_key, &intermediate_key_size)) {
|
|
|
|
|
if (decrypt_master_key(passwd, decrypted_master_key, crypt_ftr, &intermediate_key,
|
|
|
|
|
&intermediate_key_size)) {
|
|
|
|
|
SLOGE("Failed to decrypt master key\n");
|
|
|
|
|
rc = -1;
|
|
|
|
|
goto errout;
|
|
|
|
@ -1772,32 +1708,29 @@ static int test_mount_encrypted_fs(struct crypt_mnt_ftr* crypt_ftr,
|
|
|
|
|
|
|
|
|
|
// Create crypto block device - all (non fatal) code paths
|
|
|
|
|
// need it
|
|
|
|
|
if (create_crypto_blk_dev(crypt_ftr, decrypted_master_key, real_blkdev, crypto_blkdev, label, 0)) {
|
|
|
|
|
if (create_crypto_blk_dev(crypt_ftr, decrypted_master_key, real_blkdev, crypto_blkdev, label,
|
|
|
|
|
0)) {
|
|
|
|
|
SLOGE("Error creating decrypted block device\n");
|
|
|
|
|
rc = -1;
|
|
|
|
|
goto errout;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Work out if the problem is the password or the data */
|
|
|
|
|
unsigned char scrypted_intermediate_key[sizeof(crypt_ftr->
|
|
|
|
|
scrypted_intermediate_key)];
|
|
|
|
|
unsigned char scrypted_intermediate_key[sizeof(crypt_ftr->scrypted_intermediate_key)];
|
|
|
|
|
|
|
|
|
|
rc = crypto_scrypt(intermediate_key, intermediate_key_size,
|
|
|
|
|
crypt_ftr->salt, sizeof(crypt_ftr->salt),
|
|
|
|
|
N, r, p, scrypted_intermediate_key,
|
|
|
|
|
rc = crypto_scrypt(intermediate_key, intermediate_key_size, crypt_ftr->salt,
|
|
|
|
|
sizeof(crypt_ftr->salt), N, r, p, scrypted_intermediate_key,
|
|
|
|
|
sizeof(scrypted_intermediate_key));
|
|
|
|
|
|
|
|
|
|
// Does the key match the crypto footer?
|
|
|
|
|
if (rc == 0 && memcmp(scrypted_intermediate_key,
|
|
|
|
|
crypt_ftr->scrypted_intermediate_key,
|
|
|
|
|
if (rc == 0 && memcmp(scrypted_intermediate_key, crypt_ftr->scrypted_intermediate_key,
|
|
|
|
|
sizeof(scrypted_intermediate_key)) == 0) {
|
|
|
|
|
SLOGI("Password matches");
|
|
|
|
|
rc = 0;
|
|
|
|
|
} else {
|
|
|
|
|
/* Try mounting the file system anyway, just in case the problem's with
|
|
|
|
|
* the footer, not the key. */
|
|
|
|
|
snprintf(tmp_mount_point, sizeof(tmp_mount_point), "%s/tmp_mnt",
|
|
|
|
|
mount_point);
|
|
|
|
|
snprintf(tmp_mount_point, sizeof(tmp_mount_point), "%s/tmp_mnt", mount_point);
|
|
|
|
|
mkdir(tmp_mount_point, 0755);
|
|
|
|
|
if (fs_mgr_do_mount(fstab_default, DATA_MNT_POINT, crypto_blkdev, tmp_mount_point)) {
|
|
|
|
|
SLOGE("Error temp mounting decrypted block device\n");
|
|
|
|
@ -1856,7 +1789,8 @@ static int test_mount_encrypted_fs(struct crypt_mnt_ftr* crypt_ftr,
|
|
|
|
|
// since KDFs should never fail. You *must* fix the kdf before
|
|
|
|
|
// proceeding!
|
|
|
|
|
if (rc) {
|
|
|
|
|
SLOGW("Upgrade failed with error %d,"
|
|
|
|
|
SLOGW(
|
|
|
|
|
"Upgrade failed with error %d,"
|
|
|
|
|
" but continuing with previous state",
|
|
|
|
|
rc);
|
|
|
|
|
rc = 0;
|
|
|
|
@ -1880,8 +1814,8 @@ static int test_mount_encrypted_fs(struct crypt_mnt_ftr* crypt_ftr,
|
|
|
|
|
*
|
|
|
|
|
* out_crypto_blkdev must be MAXPATHLEN.
|
|
|
|
|
*/
|
|
|
|
|
int cryptfs_setup_ext_volume(const char* label, const char* real_blkdev,
|
|
|
|
|
const unsigned char* key, char* out_crypto_blkdev) {
|
|
|
|
|
int cryptfs_setup_ext_volume(const char* label, const char* real_blkdev, const unsigned char* key,
|
|
|
|
|
char* out_crypto_blkdev) {
|
|
|
|
|
int fd = open(real_blkdev, O_RDONLY | O_CLOEXEC);
|
|
|
|
|
if (fd == -1) {
|
|
|
|
|
SLOGE("Failed to open %s: %s", real_blkdev, strerror(errno));
|
|
|
|
@ -1919,17 +1853,16 @@ int cryptfs_revert_ext_volume(const char* label) {
|
|
|
|
|
return delete_crypto_blk_dev((char*)label);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int cryptfs_crypto_complete(void)
|
|
|
|
|
{
|
|
|
|
|
int cryptfs_crypto_complete(void) {
|
|
|
|
|
return do_crypto_complete("/data");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int check_unmounted_and_get_ftr(struct crypt_mnt_ftr* crypt_ftr)
|
|
|
|
|
{
|
|
|
|
|
int check_unmounted_and_get_ftr(struct crypt_mnt_ftr* crypt_ftr) {
|
|
|
|
|
char encrypted_state[PROPERTY_VALUE_MAX];
|
|
|
|
|
property_get("ro.crypto.state", encrypted_state, "");
|
|
|
|
|
if (master_key_saved || strcmp(encrypted_state, "encrypted")) {
|
|
|
|
|
SLOGE("encrypted fs already validated or not running with encryption,"
|
|
|
|
|
SLOGE(
|
|
|
|
|
"encrypted fs already validated or not running with encryption,"
|
|
|
|
|
" aborting");
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
@ -1942,8 +1875,7 @@ int check_unmounted_and_get_ftr(struct crypt_mnt_ftr* crypt_ftr)
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int cryptfs_check_passwd(const char *passwd)
|
|
|
|
|
{
|
|
|
|
|
int cryptfs_check_passwd(const char* passwd) {
|
|
|
|
|
SLOGI("cryptfs_check_passwd");
|
|
|
|
|
if (e4crypt_is_native()) {
|
|
|
|
|
SLOGE("cryptfs_check_passwd not valid for file encryption");
|
|
|
|
@ -1959,8 +1891,7 @@ int cryptfs_check_passwd(const char *passwd)
|
|
|
|
|
return rc;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
rc = test_mount_encrypted_fs(&crypt_ftr, passwd,
|
|
|
|
|
DATA_MNT_POINT, CRYPTO_BLOCK_DEVICE);
|
|
|
|
|
rc = test_mount_encrypted_fs(&crypt_ftr, passwd, DATA_MNT_POINT, CRYPTO_BLOCK_DEVICE);
|
|
|
|
|
if (rc) {
|
|
|
|
|
SLOGE("Password did not match");
|
|
|
|
|
return rc;
|
|
|
|
@ -1972,8 +1903,8 @@ int cryptfs_check_passwd(const char *passwd)
|
|
|
|
|
// First, we must delete the crypto block device that
|
|
|
|
|
// test_mount_encrypted_fs leaves behind as a side effect
|
|
|
|
|
delete_crypto_blk_dev(CRYPTO_BLOCK_DEVICE);
|
|
|
|
|
rc = test_mount_encrypted_fs(&crypt_ftr, DEFAULT_PASSWORD,
|
|
|
|
|
DATA_MNT_POINT, CRYPTO_BLOCK_DEVICE);
|
|
|
|
|
rc = test_mount_encrypted_fs(&crypt_ftr, DEFAULT_PASSWORD, DATA_MNT_POINT,
|
|
|
|
|
CRYPTO_BLOCK_DEVICE);
|
|
|
|
|
if (rc) {
|
|
|
|
|
SLOGE("Default password did not match on reboot encryption");
|
|
|
|
|
return rc;
|
|
|
|
@ -1999,8 +1930,7 @@ int cryptfs_check_passwd(const char *passwd)
|
|
|
|
|
return rc;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int cryptfs_verify_passwd(const char *passwd)
|
|
|
|
|
{
|
|
|
|
|
int cryptfs_verify_passwd(const char* passwd) {
|
|
|
|
|
struct crypt_mnt_ftr crypt_ftr;
|
|
|
|
|
unsigned char decrypted_master_key[MAX_KEY_LEN];
|
|
|
|
|
char encrypted_state[PROPERTY_VALUE_MAX];
|
|
|
|
@ -2050,8 +1980,7 @@ int cryptfs_verify_passwd(const char *passwd)
|
|
|
|
|
* Presumably, at a minimum, the caller will update the
|
|
|
|
|
* filesystem size and crypto_type_name after calling this function.
|
|
|
|
|
*/
|
|
|
|
|
static int cryptfs_init_crypt_mnt_ftr(struct crypt_mnt_ftr *ftr)
|
|
|
|
|
{
|
|
|
|
|
static int cryptfs_init_crypt_mnt_ftr(struct crypt_mnt_ftr* ftr) {
|
|
|
|
|
off64_t off;
|
|
|
|
|
|
|
|
|
|
memset(ftr, 0, sizeof(struct crypt_mnt_ftr));
|
|
|
|
@ -2080,8 +2009,7 @@ static int cryptfs_init_crypt_mnt_ftr(struct crypt_mnt_ftr *ftr)
|
|
|
|
|
ftr->persist_data_size = CRYPT_PERSIST_DATA_SIZE;
|
|
|
|
|
if (get_crypt_ftr_info(NULL, &off) == 0) {
|
|
|
|
|
ftr->persist_data_offset[0] = off + CRYPT_FOOTER_TO_PERSIST_OFFSET;
|
|
|
|
|
ftr->persist_data_offset[1] = off + CRYPT_FOOTER_TO_PERSIST_OFFSET +
|
|
|
|
|
ftr->persist_data_size;
|
|
|
|
|
ftr->persist_data_offset[1] = off + CRYPT_FOOTER_TO_PERSIST_OFFSET + ftr->persist_data_size;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
@ -2089,8 +2017,7 @@ static int cryptfs_init_crypt_mnt_ftr(struct crypt_mnt_ftr *ftr)
|
|
|
|
|
|
|
|
|
|
#define FRAMEWORK_BOOT_WAIT 60
|
|
|
|
|
|
|
|
|
|
static int cryptfs_SHA256_fileblock(const char* filename, __le8* buf)
|
|
|
|
|
{
|
|
|
|
|
static int cryptfs_SHA256_fileblock(const char* filename, __le8* buf) {
|
|
|
|
|
int fd = open(filename, O_RDONLY | O_CLOEXEC);
|
|
|
|
|
if (fd == -1) {
|
|
|
|
|
SLOGE("Error opening file %s", filename);
|
|
|
|
@ -2224,8 +2151,7 @@ int cryptfs_enable_internal(int crypt_type, const char* passwd, int no_ui) {
|
|
|
|
|
if (!strcmp(key_loc, KEY_IN_FOOTER)) {
|
|
|
|
|
unsigned int fs_size_sec, max_fs_size_sec;
|
|
|
|
|
fs_size_sec = get_fs_size(real_blkdev);
|
|
|
|
|
if (fs_size_sec == 0)
|
|
|
|
|
fs_size_sec = get_f2fs_filesystem_size_sec(real_blkdev);
|
|
|
|
|
if (fs_size_sec == 0) fs_size_sec = get_f2fs_filesystem_size_sec(real_blkdev);
|
|
|
|
|
|
|
|
|
|
max_fs_size_sec = nr_sec - (CRYPT_FOOTER_OFFSET / CRYPT_SECTOR_SIZE);
|
|
|
|
|
|
|
|
|
@ -2299,8 +2225,7 @@ int cryptfs_enable_internal(int crypt_type, const char* passwd, int no_ui) {
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!strcmp(key_loc, KEY_IN_FOOTER)) {
|
|
|
|
|
crypt_ftr.fs_size = nr_sec
|
|
|
|
|
- (CRYPT_FOOTER_OFFSET / CRYPT_SECTOR_SIZE);
|
|
|
|
|
crypt_ftr.fs_size = nr_sec - (CRYPT_FOOTER_OFFSET / CRYPT_SECTOR_SIZE);
|
|
|
|
|
} else {
|
|
|
|
|
crypt_ftr.fs_size = nr_sec;
|
|
|
|
|
}
|
|
|
|
@ -2314,7 +2239,8 @@ int cryptfs_enable_internal(int crypt_type, const char* passwd, int no_ui) {
|
|
|
|
|
crypt_ftr.flags |= CRYPT_INCONSISTENT_STATE;
|
|
|
|
|
}
|
|
|
|
|
crypt_ftr.crypt_type = crypt_type;
|
|
|
|
|
strlcpy((char *)crypt_ftr.crypto_type_name, cryptfs_get_crypto_name(), MAX_CRYPTO_TYPE_NAME_LEN);
|
|
|
|
|
strlcpy((char*)crypt_ftr.crypto_type_name, cryptfs_get_crypto_name(),
|
|
|
|
|
MAX_CRYPTO_TYPE_NAME_LEN);
|
|
|
|
|
|
|
|
|
|
/* Make an encrypted master key */
|
|
|
|
|
if (create_encrypted_random_key(onlyCreateHeader ? DEFAULT_PASSWORD : passwd,
|
|
|
|
@ -2328,8 +2254,8 @@ int cryptfs_enable_internal(int crypt_type, const char* passwd, int no_ui) {
|
|
|
|
|
unsigned char fake_master_key[MAX_KEY_LEN];
|
|
|
|
|
unsigned char encrypted_fake_master_key[MAX_KEY_LEN];
|
|
|
|
|
memset(fake_master_key, 0, sizeof(fake_master_key));
|
|
|
|
|
encrypt_master_key(passwd, crypt_ftr.salt, fake_master_key,
|
|
|
|
|
encrypted_fake_master_key, &crypt_ftr);
|
|
|
|
|
encrypt_master_key(passwd, crypt_ftr.salt, fake_master_key, encrypted_fake_master_key,
|
|
|
|
|
&crypt_ftr);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Write the key to the end of the partition */
|
|
|
|
@ -2377,8 +2303,8 @@ int cryptfs_enable_internal(int crypt_type, const char* passwd, int no_ui) {
|
|
|
|
|
__le8 hash_first_block[SHA256_DIGEST_LENGTH];
|
|
|
|
|
rc = cryptfs_SHA256_fileblock(crypto_blkdev, hash_first_block);
|
|
|
|
|
|
|
|
|
|
if (!rc && memcmp(hash_first_block, crypt_ftr.hash_first_block,
|
|
|
|
|
sizeof(hash_first_block)) != 0) {
|
|
|
|
|
if (!rc &&
|
|
|
|
|
memcmp(hash_first_block, crypt_ftr.hash_first_block, sizeof(hash_first_block)) != 0) {
|
|
|
|
|
SLOGE("Checksums do not match - trigger wipe");
|
|
|
|
|
rc = -1;
|
|
|
|
|
}
|
|
|
|
@ -2391,8 +2317,7 @@ int cryptfs_enable_internal(int crypt_type, const char* passwd, int no_ui) {
|
|
|
|
|
|
|
|
|
|
/* Calculate checksum if we are not finished */
|
|
|
|
|
if (!rc && crypt_ftr.encrypted_upto != crypt_ftr.fs_size) {
|
|
|
|
|
rc = cryptfs_SHA256_fileblock(crypto_blkdev,
|
|
|
|
|
crypt_ftr.hash_first_block);
|
|
|
|
|
rc = cryptfs_SHA256_fileblock(crypto_blkdev, crypt_ftr.hash_first_block);
|
|
|
|
|
if (rc) {
|
|
|
|
|
SLOGE("Error calculating checksum for continuing encryption");
|
|
|
|
|
rc = -1;
|
|
|
|
@ -2450,8 +2375,7 @@ int cryptfs_enable_internal(int crypt_type, const char* passwd, int no_ui) {
|
|
|
|
|
SLOGE("encryption failed - rebooting into recovery to wipe data\n");
|
|
|
|
|
std::string err;
|
|
|
|
|
const std::vector<std::string> options = {
|
|
|
|
|
"--wipe_data\n--reason=cryptfs_enable_internal\n"
|
|
|
|
|
};
|
|
|
|
|
"--wipe_data\n--reason=cryptfs_enable_internal\n"};
|
|
|
|
|
if (!write_bootloader_message(options, &err)) {
|
|
|
|
|
SLOGE("could not write bootloader message: %s", err.c_str());
|
|
|
|
|
}
|
|
|
|
@ -2484,7 +2408,9 @@ error_shutting_down:
|
|
|
|
|
* but the framework is stopped and not restarted to show the error, so it's up to
|
|
|
|
|
* vold to restart the system.
|
|
|
|
|
*/
|
|
|
|
|
SLOGE("Error enabling encryption after framework is shutdown, no data changed, restarting system");
|
|
|
|
|
SLOGE(
|
|
|
|
|
"Error enabling encryption after framework is shutdown, no data changed, restarting "
|
|
|
|
|
"system");
|
|
|
|
|
cryptfs_reboot(RebootType::reboot);
|
|
|
|
|
|
|
|
|
|
/* shouldn't get here */
|
|
|
|
@ -2503,8 +2429,7 @@ int cryptfs_enable_default(int no_ui) {
|
|
|
|
|
return cryptfs_enable_internal(CRYPT_TYPE_DEFAULT, DEFAULT_PASSWORD, no_ui);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int cryptfs_changepw(int crypt_type, const char *newpw)
|
|
|
|
|
{
|
|
|
|
|
int cryptfs_changepw(int crypt_type, const char* newpw) {
|
|
|
|
|
if (e4crypt_is_native()) {
|
|
|
|
|
SLOGE("cryptfs_changepw not valid for file encryption");
|
|
|
|
|
return -1;
|
|
|
|
@ -2532,12 +2457,8 @@ int cryptfs_changepw(int crypt_type, const char *newpw)
|
|
|
|
|
|
|
|
|
|
crypt_ftr.crypt_type = crypt_type;
|
|
|
|
|
|
|
|
|
|
rc = encrypt_master_key(crypt_type == CRYPT_TYPE_DEFAULT ? DEFAULT_PASSWORD
|
|
|
|
|
: newpw,
|
|
|
|
|
crypt_ftr.salt,
|
|
|
|
|
saved_master_key,
|
|
|
|
|
crypt_ftr.master_key,
|
|
|
|
|
&crypt_ftr);
|
|
|
|
|
rc = encrypt_master_key(crypt_type == CRYPT_TYPE_DEFAULT ? DEFAULT_PASSWORD : newpw,
|
|
|
|
|
crypt_ftr.salt, saved_master_key, crypt_ftr.master_key, &crypt_ftr);
|
|
|
|
|
if (rc) {
|
|
|
|
|
SLOGE("Encrypt master key failed: %d", rc);
|
|
|
|
|
return -1;
|
|
|
|
@ -2565,14 +2486,13 @@ static unsigned int persist_get_max_entries(int encrypted) {
|
|
|
|
|
dsize = CRYPT_PERSIST_DATA_SIZE;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
max_persistent_entries = (dsize - sizeof(struct crypt_persist_data)) /
|
|
|
|
|
sizeof(struct crypt_persist_entry);
|
|
|
|
|
max_persistent_entries =
|
|
|
|
|
(dsize - sizeof(struct crypt_persist_data)) / sizeof(struct crypt_persist_entry);
|
|
|
|
|
|
|
|
|
|
return max_persistent_entries;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int persist_get_key(const char *fieldname, char *value)
|
|
|
|
|
{
|
|
|
|
|
static int persist_get_key(const char* fieldname, char* value) {
|
|
|
|
|
unsigned int i;
|
|
|
|
|
|
|
|
|
|
if (persist_data == NULL) {
|
|
|
|
@ -2589,8 +2509,7 @@ static int persist_get_key(const char *fieldname, char *value)
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int persist_set_key(const char *fieldname, const char *value, int encrypted)
|
|
|
|
|
{
|
|
|
|
|
static int persist_set_key(const char* fieldname, const char* value, int encrypted) {
|
|
|
|
|
unsigned int i;
|
|
|
|
|
unsigned int num;
|
|
|
|
|
unsigned int max_persistent_entries;
|
|
|
|
@ -2655,8 +2574,7 @@ int match_multi_entry(const char *key, const char *field, unsigned index) {
|
|
|
|
|
* and PERSIST_DEL_KEY_ERROR_OTHER if error occurs.
|
|
|
|
|
*
|
|
|
|
|
*/
|
|
|
|
|
static int persist_del_keys(const char *fieldname, unsigned index)
|
|
|
|
|
{
|
|
|
|
|
static int persist_del_keys(const char* fieldname, unsigned index) {
|
|
|
|
|
unsigned int i;
|
|
|
|
|
unsigned int j;
|
|
|
|
|
unsigned int num;
|
|
|
|
@ -2687,8 +2605,7 @@ static int persist_del_keys(const char *fieldname, unsigned index)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int persist_count_keys(const char *fieldname)
|
|
|
|
|
{
|
|
|
|
|
static int persist_count_keys(const char* fieldname) {
|
|
|
|
|
unsigned int i;
|
|
|
|
|
unsigned int count;
|
|
|
|
|
|
|
|
|
@ -2707,8 +2624,7 @@ static int persist_count_keys(const char *fieldname)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Return the value of the specified field. */
|
|
|
|
|
int cryptfs_getfield(const char *fieldname, char *value, int len)
|
|
|
|
|
{
|
|
|
|
|
int cryptfs_getfield(const char* fieldname, char* value, int len) {
|
|
|
|
|
if (e4crypt_is_native()) {
|
|
|
|
|
SLOGE("Cannot get field when file encrypted");
|
|
|
|
|
return -1;
|
|
|
|
@ -2773,8 +2689,7 @@ out:
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Set the value of the specified field. */
|
|
|
|
|
int cryptfs_setfield(const char *fieldname, const char *value)
|
|
|
|
|
{
|
|
|
|
|
int cryptfs_setfield(const char* fieldname, const char* value) {
|
|
|
|
|
if (e4crypt_is_native()) {
|
|
|
|
|
SLOGE("Cannot set field when file encrypted");
|
|
|
|
|
return -1;
|
|
|
|
@ -2867,13 +2782,13 @@ out:
|
|
|
|
|
* On success trigger next init phase and return 0.
|
|
|
|
|
* Currently do not handle failure - see TODO below.
|
|
|
|
|
*/
|
|
|
|
|
int cryptfs_mount_default_encrypted(void)
|
|
|
|
|
{
|
|
|
|
|
int cryptfs_mount_default_encrypted(void) {
|
|
|
|
|
int crypt_type = cryptfs_get_password_type();
|
|
|
|
|
if (crypt_type < 0 || crypt_type > CRYPT_TYPE_MAX_TYPE) {
|
|
|
|
|
SLOGE("Bad crypt type - error");
|
|
|
|
|
} else if (crypt_type != CRYPT_TYPE_DEFAULT) {
|
|
|
|
|
SLOGD("Password is not default - "
|
|
|
|
|
SLOGD(
|
|
|
|
|
"Password is not default - "
|
|
|
|
|
"starting min framework to prompt");
|
|
|
|
|
property_set("vold.decrypt", "trigger_restart_min_framework");
|
|
|
|
|
return 0;
|
|
|
|
@ -2894,8 +2809,7 @@ int cryptfs_mount_default_encrypted(void)
|
|
|
|
|
|
|
|
|
|
/* Returns type of the password, default, pattern, pin or password.
|
|
|
|
|
*/
|
|
|
|
|
int cryptfs_get_password_type(void)
|
|
|
|
|
{
|
|
|
|
|
int cryptfs_get_password_type(void) {
|
|
|
|
|
if (e4crypt_is_native()) {
|
|
|
|
|
SLOGE("cryptfs_get_password_type not valid for file encryption");
|
|
|
|
|
return -1;
|
|
|
|
@ -2915,8 +2829,7 @@ int cryptfs_get_password_type(void)
|
|
|
|
|
return crypt_ftr.crypt_type;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const char* cryptfs_get_password()
|
|
|
|
|
{
|
|
|
|
|
const char* cryptfs_get_password() {
|
|
|
|
|
if (e4crypt_is_native()) {
|
|
|
|
|
SLOGE("cryptfs_get_password not valid for file encryption");
|
|
|
|
|
return 0;
|
|
|
|
@ -2932,8 +2845,7 @@ const char* cryptfs_get_password()
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void cryptfs_clear_password()
|
|
|
|
|
{
|
|
|
|
|
void cryptfs_clear_password() {
|
|
|
|
|
if (password) {
|
|
|
|
|
size_t len = strlen(password);
|
|
|
|
|
memset(password, 0, len);
|
|
|
|
@ -2943,8 +2855,7 @@ void cryptfs_clear_password()
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int cryptfs_isConvertibleToFBE()
|
|
|
|
|
{
|
|
|
|
|
int cryptfs_isConvertibleToFBE() {
|
|
|
|
|
struct fstab_rec* rec = fs_mgr_get_entry_for_mount_point(fstab_default, DATA_MNT_POINT);
|
|
|
|
|
return (rec && fs_mgr_is_convertible_to_fbe(rec)) ? 1 : 0;
|
|
|
|
|
}
|
|
|
|
|