diff options
Diffstat (limited to '')
-rw-r--r-- | crypto/jb/Android.mk | 6 | ||||
-rw-r--r-- | crypto/jb/cryptfs.c | 1204 | ||||
-rw-r--r-- | crypto/jb/cryptfs.h | 89 |
3 files changed, 965 insertions, 334 deletions
diff --git a/crypto/jb/Android.mk b/crypto/jb/Android.mk index eebfcf0bd..dc458fd14 100644 --- a/crypto/jb/Android.mk +++ b/crypto/jb/Android.mk @@ -7,9 +7,9 @@ LOCAL_MODULE_TAGS := eng LOCAL_MODULES_TAGS = optional LOCAL_CFLAGS = LOCAL_SRC_FILES = cryptfs.c -LOCAL_C_INCLUDES += system/extras/ext4_utils external/openssl/include -LOCAL_SHARED_LIBRARIES += libc liblog libcutils libcrypto -LOCAL_STATIC_LIBRARIES += libfs_mgrtwrp +LOCAL_C_INCLUDES += system/extras/ext4_utils external/openssl/include bootable/recovery/crypto/scrypt/lib/crypto +LOCAL_SHARED_LIBRARIES += libc liblog libcutils libcrypto libext4_utils +LOCAL_STATIC_LIBRARIES += libfs_mgrtwrp libscrypttwrp_static liblogwraptwrp libmincrypttwrp include $(BUILD_SHARED_LIBRARY) endif
\ No newline at end of file diff --git a/crypto/jb/cryptfs.c b/crypto/jb/cryptfs.c index be6c476b8..4e5706b64 100644 --- a/crypto/jb/cryptfs.c +++ b/crypto/jb/cryptfs.c @@ -21,6 +21,7 @@ */ #include <sys/types.h> +#include <sys/wait.h> #include <sys/stat.h> #include <fcntl.h> #include <unistd.h> @@ -35,17 +36,19 @@ #include <openssl/evp.h> #include <openssl/sha.h> #include <errno.h> -#include <cutils/android_reboot.h> #include <ext4.h> #include <linux/kdev_t.h> -#include "../fs_mgr/include/fs_mgr.h" +#include <fs_mgr.h> #include "cryptfs.h" #define LOG_TAG "Cryptfs" -#include "cutils/android_reboot.h" #include "cutils/log.h" #include "cutils/properties.h" +#include "cutils/android_reboot.h" #include "hardware_legacy/power.h" -//#include "VolumeManager.h" +/*#include <logwrap/logwrap.h> +#include "VolumeManager.h" +#include "VoldUtil.h"*/ +#include "crypto_scrypt.h" #define DM_CRYPT_BUF_SIZE 4096 #define DATA_MNT_POINT "/data" @@ -59,14 +62,29 @@ #define EXT4_FS 1 #define FAT_FS 2 +#define TABLE_LOAD_RETRIES 10 + char *me = "cryptfs"; static unsigned char saved_master_key[KEY_LEN_BYTES]; -static char *saved_data_blkdev; static char *saved_mount_point; static int master_key_saved = 0; -#define FSTAB_PREFIX "/fstab." -static char fstab_filename[PROPERTY_VALUE_MAX + sizeof(FSTAB_PREFIX)]; +static struct crypt_persist_data *persist_data = NULL; + +struct fstab *fstab; + +static void cryptfs_reboot(int recovery) +{ + /*if (recovery) { + property_set(ANDROID_RB_PROPERTY, "reboot,recovery"); + } else { + property_set(ANDROID_RB_PROPERTY, "reboot"); + } + sleep(20);*/ + + /* Shouldn't get here, reboot should happen before sleep times out */ + return; +} static void ioctl_init(struct dm_ioctl *io, size_t dataSize, const char *name, unsigned flags) { @@ -82,6 +100,56 @@ static void ioctl_init(struct dm_ioctl *io, size_t dataSize, const char *name, u } } +/** + * Gets the default device scrypt parameters for key derivation time tuning. + * The parameters should lead to about one second derivation time for the + * given device. + */ +static void get_device_scrypt_params(struct crypt_mnt_ftr *ftr) { + const int default_params[] = SCRYPT_DEFAULTS; + int params[] = SCRYPT_DEFAULTS; + char paramstr[PROPERTY_VALUE_MAX]; + char *token; + char *saveptr; + int i; + + property_get(SCRYPT_PROP, paramstr, ""); + if (paramstr[0] != '\0') { + /* + * The token we're looking for should be three integers separated by + * colons (e.g., "12:8:1"). Scan the property to make sure it matches. + */ + for (i = 0, token = strtok_r(paramstr, ":", &saveptr); + token != NULL && i < 3; + i++, token = strtok_r(NULL, ":", &saveptr)) { + char *endptr; + params[i] = strtol(token, &endptr, 10); + + /* + * Check that there was a valid number and it's 8-bit. If not, + * break out and the end check will take the default values. + */ + if ((*token == '\0') || (*endptr != '\0') || params[i] < 0 || params[i] > 255) { + break; + } + } + + /* + * If there were not enough tokens or a token was malformed (not an + * integer), it will end up here and the default parameters can be + * taken. + */ + if ((i != 3) || (token != NULL)) { + printf("bad scrypt parameters '%s' should be like '12:8:1'; using defaults", paramstr); + memcpy(params, default_params, sizeof(params)); + } + } + + ftr->N_factor = params[0]; + ftr->r_factor = params[1]; + ftr->p_factor = params[2]; +} + static unsigned int get_fs_size(char *dev) { int fd, block_size; @@ -89,17 +157,17 @@ static unsigned int get_fs_size(char *dev) off64_t len; if ((fd = open(dev, O_RDONLY)) < 0) { - SLOGE("Cannot open device to get filesystem size "); + printf("Cannot open device to get filesystem size "); return 0; } if (lseek64(fd, 1024, SEEK_SET) < 0) { - SLOGE("Cannot seek to superblock"); + printf("Cannot seek to superblock"); return 0; } if (read(fd, &sb, sizeof(sb)) != sizeof(sb)) { - SLOGE("Cannot read superblock"); + printf("Cannot read superblock"); return 0; } @@ -124,108 +192,102 @@ static unsigned int get_blkdev_size(int fd) return nr_sec; } -/* Get and cache the name of the fstab file so we don't - * keep talking over the socket to the property service. - */ -static char *get_fstab_filename(void) +static int get_crypt_ftr_info(char **metadata_fname, off64_t *off) { - if (fstab_filename[0] == 0) { - strcpy(fstab_filename, FSTAB_PREFIX); - property_get("ro.hardware", fstab_filename + sizeof(FSTAB_PREFIX) - 1, ""); + static int cached_data = 0; + static off64_t cached_off = 0; + static char cached_metadata_fname[PROPERTY_VALUE_MAX] = ""; + int fd; + char key_loc[PROPERTY_VALUE_MAX]; + char real_blkdev[PROPERTY_VALUE_MAX]; + unsigned int nr_sec; + int rc = -1; + + if (!cached_data) { + fs_mgr_get_crypt_info(fstab, key_loc, real_blkdev, sizeof(key_loc)); + + if (!strcmp(key_loc, KEY_IN_FOOTER)) { + if ( (fd = open(real_blkdev, O_RDWR)) < 0) { + printf("Cannot open real block device %s\n", real_blkdev); + return -1; + } + + if ((nr_sec = get_blkdev_size(fd))) { + /* If it's an encrypted Android partition, the last 16 Kbytes contain the + * encryption info footer and key, and plenty of bytes to spare for future + * growth. + */ + strlcpy(cached_metadata_fname, real_blkdev, sizeof(cached_metadata_fname)); + cached_off = ((off64_t)nr_sec * 512) - CRYPT_FOOTER_OFFSET; + cached_data = 1; + } else { + printf("Cannot get size of block device %s\n", real_blkdev); + } + close(fd); + } else { + strlcpy(cached_metadata_fname, key_loc, sizeof(cached_metadata_fname)); + cached_off = 0; + cached_data = 1; + } + } + + if (cached_data) { + if (metadata_fname) { + *metadata_fname = cached_metadata_fname; } + if (off) { + *off = cached_off; + } + rc = 0; + } - return fstab_filename; + return rc; } /* key or salt can be NULL, in which case just skip writing that value. Useful to * update the failed mount count but not change the key. */ -static int put_crypt_ftr_and_key(char *real_blk_name, struct crypt_mnt_ftr *crypt_ftr, - unsigned char *key, unsigned char *salt) +static int put_crypt_ftr_and_key(struct crypt_mnt_ftr *crypt_ftr) { int fd; unsigned int nr_sec, cnt; - off64_t off; + /* starting_off is set to the SEEK_SET offset + * where the crypto structure starts + */ + off64_t starting_off; int rc = -1; - char *fname; - char key_loc[PROPERTY_VALUE_MAX]; + char *fname = NULL; struct stat statbuf; - fs_mgr_get_crypt_info(get_fstab_filename(), key_loc, 0, sizeof(key_loc)); - - if (!strcmp(key_loc, KEY_IN_FOOTER)) { - fname = real_blk_name; - if ( (fd = open(fname, O_RDWR)) < 0) { - SLOGE("Cannot open real block device %s\n", fname); - return -1; - } - - if ( (nr_sec = get_blkdev_size(fd)) == 0) { - SLOGE("Cannot get size of block device %s\n", fname); - goto errout; - } - - /* If it's an encrypted Android partition, the last 16 Kbytes contain the - * encryption info footer and key, and plenty of bytes to spare for future - * growth. - */ - off = ((off64_t)nr_sec * 512) - CRYPT_FOOTER_OFFSET; - - if (lseek64(fd, off, SEEK_SET) == -1) { - SLOGE("Cannot seek to real block device footer\n"); - goto errout; - } - } else if (key_loc[0] == '/') { - fname = key_loc; - if ( (fd = open(fname, O_RDWR | O_CREAT, 0600)) < 0) { - SLOGE("Cannot open footer file %s\n", fname); - return -1; - } - } else { - SLOGE("Unexpected value for crypto key location\n"); - return -1;; + if (get_crypt_ftr_info(&fname, &starting_off)) { + printf("Unable to get crypt_ftr_info\n"); + return -1; } - - if ((cnt = write(fd, crypt_ftr, sizeof(struct crypt_mnt_ftr))) != sizeof(struct crypt_mnt_ftr)) { - SLOGE("Cannot write real block device footer\n"); - goto errout; + if (fname[0] != '/') { + printf("Unexpected value for crypto key location\n"); + return -1; } - - if (key) { - if (crypt_ftr->keysize != KEY_LEN_BYTES) { - SLOGE("Keysize of %d bits not supported for real block device %s\n", - crypt_ftr->keysize*8, fname); - goto errout; - } - - if ( (cnt = write(fd, key, crypt_ftr->keysize)) != crypt_ftr->keysize) { - SLOGE("Cannot write key for real block device %s\n", fname); - goto errout; - } + if ( (fd = open(fname, O_RDWR | O_CREAT, 0600)) < 0) { + printf("Cannot open footer file %s for put\n", fname); + return -1; } - if (salt) { - /* Compute the offset from the last write to the salt */ - off = KEY_TO_SALT_PADDING; - if (! key) - off += crypt_ftr->keysize; - - if (lseek64(fd, off, SEEK_CUR) == -1) { - SLOGE("Cannot seek to real block device salt \n"); - goto errout; - } + /* Seek to the start of the crypt footer */ + if (lseek64(fd, starting_off, SEEK_SET) == -1) { + printf("Cannot seek to real block device footer\n"); + goto errout; + } - if ( (cnt = write(fd, salt, SALT_LEN)) != SALT_LEN) { - SLOGE("Cannot write salt for real block device %s\n", fname); - goto errout; - } + if ((cnt = write(fd, crypt_ftr, sizeof(struct crypt_mnt_ftr))) != sizeof(struct crypt_mnt_ftr)) { + printf("Cannot write real block device footer\n"); + goto errout; } fstat(fd, &statbuf); /* If the keys are kept on a raw block device, do not try to truncate it. */ - if (S_ISREG(statbuf.st_mode) && (key_loc[0] == '/')) { + if (S_ISREG(statbuf.st_mode)) { if (ftruncate(fd, 0x4000)) { - SLOGE("Cannot set footer file size\n", fname); + printf("Cannot set footer file size\n", fname); goto errout; } } @@ -239,111 +301,145 @@ errout: } -static int get_crypt_ftr_and_key(char *real_blk_name, struct crypt_mnt_ftr *crypt_ftr, - unsigned char *key, unsigned char *salt) +static inline int unix_read(int fd, void* buff, int len) { - int fd; - unsigned int nr_sec, cnt; - off64_t off; - int rc = -1; - char key_loc[PROPERTY_VALUE_MAX]; - char *fname; - struct stat statbuf; - - fs_mgr_get_crypt_info(get_fstab_filename(), key_loc, 0, sizeof(key_loc)); + return TEMP_FAILURE_RETRY(read(fd, buff, len)); +} - if (!strcmp(key_loc, KEY_IN_FOOTER)) { - fname = real_blk_name; - if ( (fd = open(fname, O_RDONLY)) < 0) { - SLOGE("Cannot open real block device %s\n", fname); - return -1; - } +static inline int unix_write(int fd, const void* buff, int len) +{ + return TEMP_FAILURE_RETRY(write(fd, buff, len)); +} - if ( (nr_sec = get_blkdev_size(fd)) == 0) { - SLOGE("Cannot get size of block device %s\n", fname); - goto errout; - } +static void init_empty_persist_data(struct crypt_persist_data *pdata, int len) +{ + memset(pdata, 0, len); + pdata->persist_magic = PERSIST_DATA_MAGIC; + pdata->persist_valid_entries = 0; +} - /* If it's an encrypted Android partition, the last 16 Kbytes contain the - * encryption info footer and key, and plenty of bytes to spare for future - * growth. - */ - off = ((off64_t)nr_sec * 512) - CRYPT_FOOTER_OFFSET; +/* A routine to update the passed in crypt_ftr to the lastest version. + * fd is open read/write on the device that holds the crypto footer and persistent + * data, crypt_ftr is a pointer to the struct to be updated, and offset is the + * absolute offset to the start of the crypt_mnt_ftr on the passed in fd. + */ +static void upgrade_crypt_ftr(int fd, struct crypt_mnt_ftr *crypt_ftr, off64_t offset) +{ + int orig_major = crypt_ftr->major_version; + int orig_minor = crypt_ftr->minor_version; + return; // in recovery we don't want to upgrade + if ((crypt_ftr->major_version == 1) && (crypt_ftr->minor_version == 0)) { + struct crypt_persist_data *pdata; + off64_t pdata_offset = offset + CRYPT_FOOTER_TO_PERSIST_OFFSET; + + printf("upgrading crypto footer to 1.1"); + + pdata = malloc(CRYPT_PERSIST_DATA_SIZE); + if (pdata == NULL) { + printf("Cannot allocate persisent data\n"); + return; + } + memset(pdata, 0, CRYPT_PERSIST_DATA_SIZE); - if (lseek64(fd, off, SEEK_SET) == -1) { - SLOGE("Cannot seek to real block device footer\n"); - goto errout; + /* Need to initialize the persistent data area */ + if (lseek64(fd, pdata_offset, SEEK_SET) == -1) { + printf("Cannot seek to persisent data offset\n"); + return; + } + /* Write all zeros to the first copy, making it invalid */ + unix_write(fd, pdata, CRYPT_PERSIST_DATA_SIZE); + + /* Write a valid but empty structure to the second copy */ + init_empty_persist_data(pdata, CRYPT_PERSIST_DATA_SIZE); + unix_write(fd, pdata, CRYPT_PERSIST_DATA_SIZE); + + /* Update the footer */ + crypt_ftr->persist_data_size = CRYPT_PERSIST_DATA_SIZE; + crypt_ftr->persist_data_offset[0] = pdata_offset; + crypt_ftr->persist_data_offset[1] = pdata_offset + CRYPT_PERSIST_DATA_SIZE; + crypt_ftr->minor_version = 1; } - } else if (key_loc[0] == '/') { - fname = key_loc; - if ( (fd = open(fname, O_RDONLY)) < 0) { - SLOGE("Cannot open footer file %s\n", fname); - return -1; + + if ((crypt_ftr->major_version == 1) && (crypt_ftr->minor_version)) { + printf("upgrading crypto footer to 1.2"); + crypt_ftr->kdf_type = KDF_PBKDF2; + get_device_scrypt_params(crypt_ftr); + crypt_ftr->minor_version = 2; } - /* Make sure it's 16 Kbytes in length */ - fstat(fd, &statbuf); - if (S_ISREG(statbuf.st_mode) && (statbuf.st_size != 0x4000)) { - SLOGE("footer file %s is not the expected size!\n", fname); - goto errout; + if ((orig_major != crypt_ftr->major_version) || (orig_minor != crypt_ftr->minor_version)) { + if (lseek64(fd, offset, SEEK_SET) == -1) { + printf("Cannot seek to crypt footer\n"); + return; + } + unix_write(fd, crypt_ftr, sizeof(struct crypt_mnt_ftr)); } - } else { - SLOGE("Unexpected value for crypto key location\n"); - return -1;; - } +} - if ( (cnt = read(fd, crypt_ftr, sizeof(struct crypt_mnt_ftr))) != sizeof(struct crypt_mnt_ftr)) { - SLOGE("Cannot read real block device footer\n"); - goto errout; - } - if (crypt_ftr->magic != CRYPT_MNT_MAGIC) { - SLOGE("Bad magic for real block device %s\n", fname); - goto errout; - } +static int get_crypt_ftr_and_key(struct crypt_mnt_ftr *crypt_ftr) +{ + int fd; + unsigned int nr_sec, cnt; + off64_t starting_off; + int rc = -1; + char *fname = NULL; + struct stat statbuf; - if (crypt_ftr->major_version != 1) { - SLOGE("Cannot understand major version %d real block device footer\n", - crypt_ftr->major_version); - goto errout; + if (get_crypt_ftr_info(&fname, &starting_off)) { + printf("Unable to get crypt_ftr_info\n"); + return -1; } - - if (crypt_ftr->minor_version != 0) { - SLOGW("Warning: crypto footer minor version %d, expected 0, continuing...\n", - crypt_ftr->minor_version); + if (fname[0] != '/') { + printf("Unexpected value for crypto key location\n"); + return -1; + } + if ( (fd = open(fname, O_RDWR)) < 0) { + printf("Cannot open footer file %s for get\n", fname); + return -1; } - if (crypt_ftr->ftr_size > sizeof(struct crypt_mnt_ftr)) { - /* the footer size is bigger than we expected. - * Skip to it's stated end so we can read the key. - */ - if (lseek64(fd, crypt_ftr->ftr_size - sizeof(struct crypt_mnt_ftr), SEEK_CUR) == -1) { - SLOGE("Cannot seek to start of key\n"); - goto errout; - } + /* Make sure it's 16 Kbytes in length */ + fstat(fd, &statbuf); + if (S_ISREG(statbuf.st_mode) && (statbuf.st_size != 0x4000)) { + printf("footer file %s is not the expected size!\n", fname); + goto errout; } - if (crypt_ftr->keysize != KEY_LEN_BYTES) { - SLOGE("Keysize of %d bits not supported for real block device %s\n", - crypt_ftr->keysize * 8, fname); + /* Seek to the start of the crypt footer */ + if (lseek64(fd, starting_off, SEEK_SET) == -1) { + printf("Cannot seek to real block device footer\n"); goto errout; } - if ( (cnt = read(fd, key, crypt_ftr->keysize)) != crypt_ftr->keysize) { - SLOGE("Cannot read key for real block device %s\n", fname); + if ( (cnt = read(fd, crypt_ftr, sizeof(struct crypt_mnt_ftr))) != sizeof(struct crypt_mnt_ftr)) { + printf("Cannot read real block device footer\n"); goto errout; } - if (lseek64(fd, KEY_TO_SALT_PADDING, SEEK_CUR) == -1) { - SLOGE("Cannot seek to real block device salt\n"); + if (crypt_ftr->magic != CRYPT_MNT_MAGIC) { + printf("Bad magic for real block device %s\n", fname); goto errout; } - if ( (cnt = read(fd, salt, SALT_LEN)) != SALT_LEN) { - SLOGE("Cannot read salt for real block device %s\n", fname); + if (crypt_ftr->major_version != CURRENT_MAJOR_VERSION) { + printf("Cannot understand major version %d real block device footer; expected %d\n", + crypt_ftr->major_version, CURRENT_MAJOR_VERSION); goto errout; } + if (crypt_ftr->minor_version > CURRENT_MINOR_VERSION) { + printf("Warning: crypto footer minor version %d, expected <= %d, continuing...\n", + crypt_ftr->minor_version, CURRENT_MINOR_VERSION); + } + + /* If this is a verion 1.0 crypt_ftr, make it a 1.1 crypt footer, and update the + * copy on disk before returning. + */ + /*if (crypt_ftr->minor_version < CURRENT_MINOR_VERSION) { + upgrade_crypt_ftr(fd, crypt_ftr, starting_off); + }*/ + /* Success! */ rc = 0; @@ -352,6 +448,227 @@ errout: return rc; } +static int validate_persistent_data_storage(struct crypt_mnt_ftr *crypt_ftr) +{ + if (crypt_ftr->persist_data_offset[0] + crypt_ftr->persist_data_size > + crypt_ftr->persist_data_offset[1]) { + printf("Crypt_ftr persist data regions overlap"); + return -1; + } + + if (crypt_ftr->persist_data_offset[0] >= crypt_ftr->persist_data_offset[1]) { + printf("Crypt_ftr persist data region 0 starts after region 1"); + return -1; + } + + if (((crypt_ftr->persist_data_offset[1] + crypt_ftr->persist_data_size) - + (crypt_ftr->persist_data_offset[0] - CRYPT_FOOTER_TO_PERSIST_OFFSET)) > + CRYPT_FOOTER_OFFSET) { + printf("Persistent data extends past crypto footer"); + return -1; + } + + return 0; +} + +static int load_persistent_data(void) +{ + struct crypt_mnt_ftr crypt_ftr; + struct crypt_persist_data *pdata = NULL; + char encrypted_state[PROPERTY_VALUE_MAX]; + char *fname; + int found = 0; + int fd; + int ret; + int i; + + if (persist_data) { + /* Nothing to do, we've already loaded or initialized it */ + return 0; + } + + + /* If not encrypted, just allocate an empty table and initialize it */ + property_get("ro.crypto.state", encrypted_state, ""); + if (strcmp(encrypted_state, "encrypted") ) { + pdata = malloc(CRYPT_PERSIST_DATA_SIZE); + if (pdata) { + init_empty_persist_data(pdata, CRYPT_PERSIST_DATA_SIZE); + persist_data = pdata; + return 0; + } + return -1; + } + + if(get_crypt_ftr_and_key(&crypt_ftr)) { + return -1; + } + + if ((crypt_ftr.major_version != 1) || (crypt_ftr.minor_version != 1)) { + printf("Crypt_ftr version doesn't support persistent data"); + return -1; + } + + if (get_crypt_ftr_info(&fname, NULL)) { + return -1; + } + + ret = validate_persistent_data_storage(&crypt_ftr); + if (ret) { + return -1; + } + + fd = open(fname, O_RDONLY); + if (fd < 0) { + printf("Cannot open %s metadata file", fname); + return -1; + } + + if (persist_data == NULL) { + pdata = malloc(crypt_ftr.persist_data_size); + if (pdata == NULL) { + printf("Cannot allocate memory for persistent data"); + goto err; + } + } + + for (i = 0; i < 2; i++) { + if (lseek64(fd, crypt_ftr.persist_data_offset[i], SEEK_SET) < 0) { + printf("Cannot seek to read persistent data on %s", fname); + goto err2; + } + if (unix_read(fd, pdata, crypt_ftr.persist_data_size) < 0){ + printf("Error reading persistent data on iteration %d", i); + goto err2; + } + if (pdata->persist_magic == PERSIST_DATA_MAGIC) { + found = 1; + break; + } + } + + if (!found) { + printf("Could not find valid persistent data, creating"); + init_empty_persist_data(pdata, crypt_ftr.persist_data_size); + } + + /* Success */ + persist_data = pdata; + close(fd); + return 0; + +err2: + free(pdata); + +err: + close(fd); + return -1; +} + +static int save_persistent_data(void) +{ + struct crypt_mnt_ftr crypt_ftr; + struct crypt_persist_data *pdata; + char *fname; + off64_t write_offset; + off64_t erase_offset; + int found = 0; + int fd; + int ret; + + if (persist_data == NULL) { + printf("No persistent data to save"); + return -1; + } + + if(get_crypt_ftr_and_key(&crypt_ftr)) { + return -1; + } + + if ((crypt_ftr.major_version != 1) || (crypt_ftr.minor_version != 1)) { + printf("Crypt_ftr version doesn't support persistent data"); + return -1; + } + + ret = validate_persistent_data_storage(&crypt_ftr); + if (ret) { + return -1; + } + + if (get_crypt_ftr_info(&fname, NULL)) { + return -1; + } + + fd = open(fname, O_RDWR); + if (fd < 0) { + printf("Cannot open %s metadata file", fname); + return -1; + } + + pdata = malloc(crypt_ftr.persist_data_size); + if (pdata == NULL) { + printf("Cannot allocate persistant data"); + goto err; + } + + if (lseek64(fd, crypt_ftr.persist_data_offset[0], SEEK_SET) < 0) { + printf("Cannot seek to read persistent data on %s", fname); + goto err2; + } + + if (unix_read(fd, pdata, crypt_ftr.persist_data_size) < 0) { + printf("Error reading persistent data before save"); + goto err2; + } + + if (pdata->persist_magic == PERSIST_DATA_MAGIC) { + /* The first copy is the curent valid copy, so write to + * the second copy and erase this one */ + write_offset = crypt_ftr.persist_data_offset[1]; + erase_offset = crypt_ftr.persist_data_offset[0]; + } else { + /* The second copy must be the valid copy, so write to + * the first copy, and erase the second */ + write_offset = crypt_ftr.persist_data_offset[0]; + erase_offset = crypt_ftr.persist_data_offset[1]; + } + + /* Write the new copy first, if successful, then erase the old copy */ + if (lseek(fd, write_offset, SEEK_SET) < 0) { + printf("Cannot seek to write persistent data"); + goto err2; + } + if (unix_write(fd, persist_data, crypt_ftr.persist_data_size) == + (int) crypt_ftr.persist_data_size) { + if (lseek(fd, erase_offset, SEEK_SET) < 0) { + printf("Cannot seek to erase previous persistent data"); + goto err2; + } + fsync(fd); + memset(pdata, 0, crypt_ftr.persist_data_size); + if (unix_write(fd, pdata, crypt_ftr.persist_data_size) != + (int) crypt_ftr.persist_data_size) { + printf("Cannot write to erase previous persistent data"); + goto err2; + } + fsync(fd); + } else { + printf("Cannot write to save persistent data"); + goto err2; + } + + /* Success */ + free(pdata); + close(fd); + return 0; + +err2: + free(pdata); +err: + close(fd); + return -1; +} + /* Convert a binary key of specified length into an ascii hex string equivalent, * without the leading 0x and with null termination */ @@ -375,6 +692,86 @@ void convert_key_to_hex_ascii(unsigned char *master_key, unsigned int keysize, } +static int load_crypto_mapping_table(struct crypt_mnt_ftr *crypt_ftr, unsigned char *master_key, + char *real_blk_name, const char *name, int fd, + char *extra_params) +{ + char buffer[DM_CRYPT_BUF_SIZE]; + struct dm_ioctl *io; + struct dm_target_spec *tgt; + char *crypt_params; + char master_key_ascii[129]; /* Large enough to hold 512 bit key and null */ + int i; + + io = (struct dm_ioctl *) buffer; + + /* Load the mapping table for this device */ + tgt = (struct dm_target_spec *) &buffer[sizeof(struct dm_ioctl)]; + + ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0); + io->target_count = 1; + tgt->status = 0; + tgt->sector_start = 0; + tgt->length = crypt_ftr->fs_size; + strcpy(tgt->target_type, "crypt"); + + crypt_params = buffer + sizeof(struct dm_ioctl) + sizeof(struct dm_target_spec); + convert_key_to_hex_ascii(master_key, crypt_ftr->keysize, master_key_ascii); + sprintf(crypt_params, "%s %s 0 %s 0 %s", crypt_ftr->crypto_type_name, + master_key_ascii, real_blk_name, extra_params); + crypt_params += strlen(crypt_params) + 1; + crypt_params = (char *) (((unsigned long)crypt_params + 7) & ~8); /* Align to an 8 byte boundary */ + tgt->next = crypt_params - buffer; + + for (i = 0; i < TABLE_LOAD_RETRIES; i++) { + if (! ioctl(fd, DM_TABLE_LOAD, io)) { + break; + } + usleep(500000); + } + + if (i == TABLE_LOAD_RETRIES) { + /* We failed to load the table, return an error */ + return -1; + } else { + return i + 1; + } +} + + +static int get_dm_crypt_version(int fd, const char *name, int *version) +{ + char buffer[DM_CRYPT_BUF_SIZE]; + struct dm_ioctl *io; + struct dm_target_versions *v; + int i; + + io = (struct dm_ioctl *) buffer; + + ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0); + + if (ioctl(fd, DM_LIST_VERSIONS, io)) { + return -1; + } + + /* Iterate over the returned versions, looking for name of "crypt". + * When found, get and return the version. + */ + v = (struct dm_target_versions *) &buffer[sizeof(struct dm_ioctl)]; + while (v->next) { + if (! strcmp(v->name, "crypt")) { + /* We found the crypt driver, return the version, and get out */ + version[0] = v->version[0]; + version[1] = v->version[1]; + version[2] = v->version[2]; + return 0; + } + v = (struct dm_target_versions *)(((char *)v) + v->next); + } + + return -1; +} + static int create_crypto_blk_dev(struct crypt_mnt_ftr *crypt_ftr, unsigned char *master_key, char *real_blk_name, char *crypto_blk_name, const char *name) { @@ -385,10 +782,14 @@ static int create_crypto_blk_dev(struct crypt_mnt_ftr *crypt_ftr, unsigned char struct dm_target_spec *tgt; unsigned int minor; int fd; + int i; int retval = -1; + int version[3]; + char *extra_params; + int load_count; if ((fd = open("/dev/device-mapper", O_RDWR)) < 0 ) { - SLOGE("Cannot open device-mapper\n"); + printf("Cannot open device-mapper\n"); goto errout; } @@ -396,47 +797,43 @@ static int create_crypto_blk_dev(struct crypt_mnt_ftr *crypt_ftr, unsigned char ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0); if (ioctl(fd, DM_DEV_CREATE, io)) { - SLOGE("Cannot create dm-crypt device\n"); + printf("Cannot create dm-crypt device\n"); goto errout; } /* Get the device status, in particular, the name of it's device file */ ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0); if (ioctl(fd, DM_DEV_STATUS, io)) { - SLOGE("Cannot retrieve dm-crypt device status\n"); + printf("Cannot retrieve dm-crypt device status\n"); goto errout; } minor = (io->dev & 0xff) | ((io->dev >> 12) & 0xfff00); snprintf(crypto_blk_name, MAXPATHLEN, "/dev/block/dm-%u", minor); - /* Load the mapping table for this device */ - tgt = (struct dm_target_spec *) &buffer[sizeof(struct dm_ioctl)]; - - ioctl_init(io, 4096, name, 0); - io->target_count = 1; - tgt->status = 0; - tgt->sector_start = 0; - tgt->length = crypt_ftr->fs_size; - strcpy(tgt->target_type, "crypt"); - - crypt_params = buffer + sizeof(struct dm_ioctl) + sizeof(struct dm_target_spec); - convert_key_to_hex_ascii(master_key, crypt_ftr->keysize, master_key_ascii); - sprintf(crypt_params, "%s %s 0 %s 0", crypt_ftr->crypto_type_name, - master_key_ascii, real_blk_name); - crypt_params += strlen(crypt_params) + 1; - crypt_params = (char *) (((unsigned long)crypt_params + 7) & ~8); /* Align to an 8 byte boundary */ - tgt->next = crypt_params - buffer; + extra_params = ""; + if (! get_dm_crypt_version(fd, name, version)) { + /* Support for allow_discards was added in version 1.11.0 */ + if ((version[0] >= 2) || + ((version[0] == 1) && (version[1] >= 11))) { + extra_params = "1 allow_discards"; + printf("Enabling support for allow_discards in dmcrypt.\n"); + } + } - if (ioctl(fd, DM_TABLE_LOAD, io)) { - SLOGE("Cannot load dm-crypt mapping table.\n"); + load_count = load_crypto_mapping_table(crypt_ftr, master_key, real_blk_name, name, + fd, extra_params); + if (load_count < 0) { + printf("Cannot load dm-crypt mapping table.\n"); goto errout; + } else if (load_count > 1) { + printf("Took %d tries to load dmcrypt table.\n", load_count); } /* Resume this device to activate it */ - ioctl_init(io, 4096, name, 0); + ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0); if (ioctl(fd, DM_DEV_SUSPEND, io)) { - SLOGE("Cannot resume the dm-crypt device\n"); + printf("Cannot resume the dm-crypt device\n"); goto errout; } @@ -457,7 +854,7 @@ static int delete_crypto_blk_dev(char *name) int retval = -1; if ((fd = open("/dev/device-mapper", O_RDWR)) < 0 ) { - SLOGE("Cannot open device-mapper\n"); + printf("Cannot open device-mapper\n"); goto errout; } @@ -465,7 +862,7 @@ static int delete_crypto_blk_dev(char *name) ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0); if (ioctl(fd, DM_DEV_REMOVE, io)) { - SLOGE("Cannot remove dm-crypt device\n"); + printf("Cannot remove dm-crypt device\n"); goto errout; } @@ -479,27 +876,40 @@ errout: } -static void pbkdf2(char *passwd, unsigned char *salt, unsigned char *ikey) -{ +static void pbkdf2(char *passwd, unsigned char *salt, unsigned char *ikey, void *params) { /* Turn the password into a key and IV that can decrypt the master key */ PKCS5_PBKDF2_HMAC_SHA1(passwd, strlen(passwd), salt, SALT_LEN, HASH_COUNT, KEY_LEN_BYTES+IV_LEN_BYTES, ikey); } +static void scrypt(char *passwd, unsigned char *salt, unsigned char *ikey, void *params) { + struct crypt_mnt_ftr *ftr = (struct crypt_mnt_ftr *) params; + + int N = 1 << ftr->N_factor; + int r = 1 << ftr->r_factor; + int p = 1 << ftr->p_factor; + + /* Turn the password into a key and IV that can decrypt the master key */ + crypto_scrypt((unsigned char *) passwd, strlen(passwd), salt, SALT_LEN, N, r, p, ikey, + KEY_LEN_BYTES + IV_LEN_BYTES); +} + static int encrypt_master_key(char *passwd, unsigned char *salt, unsigned char *decrypted_master_key, - unsigned char *encrypted_master_key) + unsigned char *encrypted_master_key, + struct crypt_mnt_ftr *crypt_ftr) { unsigned char ikey[32+32] = { 0 }; /* Big enough to hold a 256 bit key and 256 bit IV */ EVP_CIPHER_CTX e_ctx; int encrypted_len, final_len; /* Turn the password into a key and IV that can decrypt the master key */ - pbkdf2(passwd, salt, ikey); - + get_device_scrypt_params(crypt_ftr); + scrypt(passwd, salt, ikey, crypt_ftr); + /* Initialize the decryption engine */ if (! EVP_EncryptInit(&e_ctx, EVP_aes_128_cbc(), ikey, ikey+KEY_LEN_BYTES)) { - SLOGE("EVP_EncryptInit failed\n"); + printf("EVP_EncryptInit failed\n"); return -1; } EVP_CIPHER_CTX_set_padding(&e_ctx, 0); /* Turn off padding as our data is block aligned */ @@ -507,16 +917,16 @@ static int encrypt_master_key(char *passwd, unsigned char *salt, /* Encrypt the master key */ if (! EVP_EncryptUpdate(&e_ctx, encrypted_master_key, &encrypted_len, decrypted_master_key, KEY_LEN_BYTES)) { - SLOGE("EVP_EncryptUpdate failed\n"); + printf("EVP_EncryptUpdate failed\n"); return -1; } if (! EVP_EncryptFinal(&e_ctx, encrypted_master_key + encrypted_len, &final_len)) { - SLOGE("EVP_EncryptFinal failed\n"); + printf("EVP_EncryptFinal failed\n"); return -1; } if (encrypted_len + final_len != KEY_LEN_BYTES) { - SLOGE("EVP_Encryption length check failed with %d, %d bytes\n", encrypted_len, final_len); + printf("EVP_Encryption length check failed with %d, %d bytes\n", encrypted_len, final_len); return -1; } else { return 0; @@ -525,14 +935,15 @@ static int encrypt_master_key(char *passwd, unsigned char *salt, static int decrypt_master_key(char *passwd, unsigned char *salt, unsigned char *encrypted_master_key, - unsigned char *decrypted_master_key) + unsigned char *decrypted_master_key, + kdf_func kdf, void *kdf_params) { unsigned char ikey[32+32] = { 0 }; /* Big enough to hold a 256 bit key and 256 bit IV */ EVP_CIPHER_CTX d_ctx; int decrypted_len, final_len; /* Turn the password into a key and IV that can decrypt the master key */ - pbkdf2(passwd, salt, ikey); + kdf(passwd, salt, ikey, kdf_params); /* Initialize the decryption engine */ if (! EVP_DecryptInit(&d_ctx, EVP_aes_128_cbc(), ikey, ikey+KEY_LEN_BYTES)) { @@ -555,8 +966,47 @@ static int decrypt_master_key(char *passwd, unsigned char *salt, } } -static int create_encrypted_random_key(char *passwd, unsigned char *master_key, unsigned char *salt) +static void get_kdf_func(struct crypt_mnt_ftr *ftr, kdf_func *kdf, void** kdf_params) +{ + if (ftr->kdf_type == KDF_SCRYPT) { + *kdf = scrypt; + *kdf_params = ftr; + } else { + *kdf = pbkdf2; + *kdf_params = NULL; + } +} + +static int decrypt_master_key_and_upgrade(char *passwd, unsigned char *decrypted_master_key, + struct crypt_mnt_ftr *crypt_ftr) { + kdf_func kdf; + void *kdf_params; + int ret; + + get_kdf_func(crypt_ftr, &kdf, &kdf_params); + ret = decrypt_master_key(passwd, crypt_ftr->salt, crypt_ftr->master_key, decrypted_master_key, kdf, + kdf_params); + if (ret != 0) { + printf("failure decrypting master key"); + return ret; + } + + /* + * Upgrade if we're not using the latest KDF. + */ + /*if (crypt_ftr->kdf_type != KDF_SCRYPT) { + crypt_ftr->kdf_type = KDF_SCRYPT; + encrypt_master_key(passwd, crypt_ftr->salt, decrypted_master_key, crypt_ftr->master_key, + crypt_ftr); + put_crypt_ftr_and_key(crypt_ftr); + }*/ + + return ret; +} + +static int create_encrypted_random_key(char *passwd, unsigned char *master_key, unsigned char *salt, + struct crypt_mnt_ftr *crypt_ftr) { int fd; unsigned char key_buf[KEY_LEN_BYTES]; EVP_CIPHER_CTX e_ctx; @@ -569,7 +1019,7 @@ static int create_encrypted_random_key(char *passwd, unsigned char *master_key, close(fd); /* Now encrypt it with the password */ - return encrypt_master_key(passwd, salt, key_buf, master_key); + return encrypt_master_key(passwd, salt, key_buf, master_key, crypt_ftr); } static int wait_and_unmount(char *mountpoint) @@ -594,17 +1044,17 @@ static int wait_and_unmount(char *mountpoint) } if (i < WAIT_UNMOUNT_COUNT) { - SLOGD("unmounting %s succeeded\n", mountpoint); + printf("unmounting %s succeeded\n", mountpoint); rc = 0; } else { - SLOGE("unmounting %s failed\n", mountpoint); + printf("unmounting %s failed\n", mountpoint); rc = -1; } return rc; } -#define DATA_PREP_TIMEOUT 100 +#define DATA_PREP_TIMEOUT 200 static int prep_data_fs(void) { int i; @@ -612,9 +1062,9 @@ static int prep_data_fs(void) /* Do the prep of the /data filesystem */ property_set("vold.post_fs_data_done", "0"); property_set("vold.decrypt", "trigger_post_fs_data"); - SLOGD("Just triggered post_fs_data\n"); + printf("Just triggered post_fs_data\n"); - /* Wait a max of 25 seconds, hopefully it takes much less */ + /* Wait a max of 50 seconds, hopefully it takes much less */ for (i=0; i<DATA_PREP_TIMEOUT; i++) { char p[PROPERTY_VALUE_MAX]; @@ -627,9 +1077,10 @@ static int prep_data_fs(void) } if (i == DATA_PREP_TIMEOUT) { /* Ugh, we failed to prep /data in time. Bail. */ + printf("post_fs_data timed out!\n"); return -1; } else { - SLOGD("post_fs_data done\n"); + printf("post_fs_data done\n"); return 0; } } @@ -647,12 +1098,12 @@ int cryptfs_restart(void) /* Validate that it's OK to call this routine */ if (! master_key_saved) { - SLOGE("Encrypted filesystem not validated, aborting"); + printf("Encrypted filesystem not validated, aborting"); return -1; } if (restart_successful) { - SLOGE("System already restarted with encrypted disk, aborting"); + printf("System already restarted with encrypted disk, aborting"); return -1; } @@ -674,7 +1125,14 @@ int cryptfs_restart(void) * set to trigger_reset_main. */ property_set("vold.decrypt", "trigger_reset_main"); - SLOGD("Just asked init to shut down class main\n"); + printf("Just asked init to shut down class main\n"); + + /* Ugh, shutting down the framework is not synchronous, so until it + * can be fixed, this horrible hack will wait a moment for it all to + * shut down before proceeding. Without it, some devices cannot + * restart the graphics services. + */ + sleep(2); /* Now that the framework is shutdown, we should be able to umount() * the tmpfs filesystem, and mount the real one. @@ -682,13 +1140,13 @@ int cryptfs_restart(void) property_get("ro.crypto.fs_crypto_blkdev", crypto_blkdev, ""); if (strlen(crypto_blkdev) == 0) { - SLOGE("fs_crypto_blkdev not set\n"); + printf("fs_crypto_blkdev not set\n"); return -1; } if (! (rc = wait_and_unmount(DATA_MNT_POINT)) ) { /* If that succeeded, then mount the decrypted filesystem */ - fs_mgr_do_mount(get_fstab_filename(), DATA_MNT_POINT, crypto_blkdev, 0); + fs_mgr_do_mount(fstab, DATA_MNT_POINT, crypto_blkdev, 0); property_set("vold.decrypt", "trigger_load_persist_props"); /* Create necessary paths on /data */ @@ -698,7 +1156,7 @@ int cryptfs_restart(void) /* startup service classes main and late_start */ property_set("vold.decrypt", "trigger_restart_framework"); - SLOGD("Just triggered restart_framework\n"); + printf("Just triggered restart_framework\n"); /* Give it a few moments to get started */ sleep(1); @@ -714,22 +1172,17 @@ int cryptfs_restart(void) static int do_crypto_complete(char *mount_point) { struct crypt_mnt_ftr crypt_ftr; - unsigned char encrypted_master_key[32]; - unsigned char salt[SALT_LEN]; - char real_blkdev[MAXPATHLEN]; char encrypted_state[PROPERTY_VALUE_MAX]; char key_loc[PROPERTY_VALUE_MAX]; property_get("ro.crypto.state", encrypted_state, ""); if (strcmp(encrypted_state, "encrypted") ) { - SLOGE("not running with encryption, aborting"); + printf("not running with encryption, aborting"); return 1; } - fs_mgr_get_crypt_info(get_fstab_filename(), 0, real_blkdev, sizeof(real_blkdev)); - - if (get_crypt_ftr_and_key(real_blkdev, &crypt_ftr, encrypted_master_key, salt)) { - fs_mgr_get_crypt_info(get_fstab_filename(), key_loc, 0, sizeof(key_loc)); + if (get_crypt_ftr_and_key(&crypt_ftr)) { + fs_mgr_get_crypt_info(fstab, key_loc, 0, sizeof(key_loc)); /* * Only report this error if key_loc is a file and it exists. @@ -739,16 +1192,16 @@ static int do_crypto_complete(char *mount_point) * device" screen. */ if ((key_loc[0] == '/') && (access("key_loc", F_OK) == -1)) { - SLOGE("master key file does not exist, aborting"); + printf("master key file does not exist, aborting"); return 1; } else { - SLOGE("Error getting crypt footer and key\n"); + printf("Error getting crypt footer and key\n"); return -1; } } if (crypt_ftr.flags & CRYPT_ENCRYPTION_IN_PROGRESS) { - SLOGE("Encryption process didn't finish successfully\n"); + printf("Encryption process didn't finish successfully\n"); return -2; /* -2 is the clue to the UI that there is no usable data on the disk, * and give the user an option to wipe the disk */ } @@ -761,42 +1214,43 @@ static int test_mount_encrypted_fs(char *passwd, char *mount_point, char *label) { struct crypt_mnt_ftr crypt_ftr; /* Allocate enough space for a 256 bit key, but we may use less */ - unsigned char encrypted_master_key[32], decrypted_master_key[32]; - unsigned char salt[SALT_LEN]; + unsigned char decrypted_master_key[32]; char crypto_blkdev[MAXPATHLEN]; char real_blkdev[MAXPATHLEN]; char tmp_mount_point[64]; unsigned int orig_failed_decrypt_count; char encrypted_state[PROPERTY_VALUE_MAX]; int rc; + kdf_func kdf; + void *kdf_params; property_get("ro.crypto.state", encrypted_state, ""); if ( master_key_saved || strcmp(encrypted_state, "encrypted") ) { - SLOGE("encrypted fs already validated or not running with encryption, aborting"); + printf("encrypted fs already validated or not running with encryption, aborting"); return -1; } - fs_mgr_get_crypt_info(get_fstab_filename(), 0, real_blkdev, sizeof(real_blkdev)); + fs_mgr_get_crypt_info(fstab, 0, real_blkdev, sizeof(real_blkdev)); - if (get_crypt_ftr_and_key(real_blkdev, &crypt_ftr, encrypted_master_key, salt)) { - SLOGE("Error getting crypt footer and key\n"); + if (get_crypt_ftr_and_key(&crypt_ftr)) { + printf("Error getting crypt footer and key\n"); return -1; } - SLOGD("crypt_ftr->fs_size = %lld\n", crypt_ftr.fs_size); + printf("crypt_ftr->fs_size = %lld\n", crypt_ftr.fs_size); orig_failed_decrypt_count = crypt_ftr.failed_decrypt_count; if (! (crypt_ftr.flags & CRYPT_MNT_KEY_UNENCRYPTED) ) { - decrypt_master_key(passwd, salt, encrypted_master_key, decrypted_master_key); + decrypt_master_key_and_upgrade(passwd, decrypted_master_key, &crypt_ftr); } if (create_crypto_blk_dev(&crypt_ftr, decrypted_master_key, real_blkdev, crypto_blkdev, label)) { - SLOGE("Error creating decrypted block device\n"); + printf("Error creating decrypted block device\n"); return -1; } - /* If init detects an encrypted filesystme, it writes a file for each such + /* If init detects an encrypted filesystem, it writes a file for each such * encrypted fs into the tmpfs /data filesystem, and then the framework finds those * files and passes that data to me */ /* Create a tmp mount point to try mounting the decryptd fs @@ -805,8 +1259,8 @@ static int test_mount_encrypted_fs(char *passwd, char *mount_point, char *label) */ sprintf(tmp_mount_point, "%s/tmp_mnt", mount_point); mkdir(tmp_mount_point, 0755); - if (fs_mgr_do_mount(get_fstab_filename(), DATA_MNT_POINT, crypto_blkdev, tmp_mount_point)) { - SLOGE("Error temp mounting decrypted block device\n"); + if (fs_mgr_do_mount(fstab, DATA_MNT_POINT, crypto_blkdev, tmp_mount_point)) { + printf("Error temp mounting decrypted block device\n"); delete_crypto_blk_dev(label); crypt_ftr.failed_decrypt_count++; } else { @@ -818,7 +1272,7 @@ static int test_mount_encrypted_fs(char *passwd, char *mount_point, char *label) } if (orig_failed_decrypt_count != crypt_ftr.failed_decrypt_count) { - put_crypt_ftr_and_key(real_blkdev, &crypt_ftr, 0, 0); + put_crypt_ftr_and_key(&crypt_ftr); } if (crypt_ftr.failed_decrypt_count) { @@ -835,7 +1289,6 @@ static int test_mount_encrypted_fs(char *passwd, char *mount_point, char *label) * the key when we want to change the password on it. */ memcpy(saved_master_key, decrypted_master_key, KEY_LEN_BYTES); - saved_data_blkdev = strdup(real_blkdev); saved_mount_point = strdup(mount_point); master_key_saved = 1; rc = 0; @@ -864,21 +1317,19 @@ int cryptfs_setup_volume(const char *label, int major, int minor, { char real_blkdev[MAXPATHLEN], crypto_blkdev[MAXPATHLEN]; struct crypt_mnt_ftr sd_crypt_ftr; - unsigned char key[32], salt[32]; struct stat statbuf; int nr_sec, fd; sprintf(real_blkdev, "/dev/block/vold/%d:%d", major, minor); - /* Just want the footer, but gotta get it all */ - get_crypt_ftr_and_key(saved_data_blkdev, &sd_crypt_ftr, key, salt); + get_crypt_ftr_and_key(&sd_crypt_ftr); /* Update the fs_size field to be the size of the volume */ fd = open(real_blkdev, O_RDONLY); nr_sec = get_blkdev_size(fd); close(fd); if (nr_sec == 0) { - SLOGE("Cannot get size of volume %s\n", real_blkdev); + printf("Cannot get size of volume %s\n", real_blkdev); return -1; } @@ -901,9 +1352,24 @@ int cryptfs_crypto_complete(void) return do_crypto_complete("/data"); } +#define FSTAB_PREFIX "/fstab." + int cryptfs_check_passwd(char *passwd) { int rc = -1; + char fstab_filename[PROPERTY_VALUE_MAX + sizeof(FSTAB_PREFIX)]; + char propbuf[PROPERTY_VALUE_MAX]; + int i; + int flags; + + property_get("ro.hardware", propbuf, ""); + snprintf(fstab_filename, sizeof(fstab_filename), FSTAB_PREFIX"%s", propbuf); + + fstab = fs_mgr_read_fstab(fstab_filename); + if (!fstab) { + printf("failed to open %s\n", fstab_filename); + return -1; + } rc = test_mount_encrypted_fs(passwd, DATA_MNT_POINT, "userdata"); @@ -914,32 +1380,28 @@ int cryptfs_verify_passwd(char *passwd) { struct crypt_mnt_ftr crypt_ftr; /* Allocate enough space for a 256 bit key, but we may use less */ - unsigned char encrypted_master_key[32], decrypted_master_key[32]; - unsigned char salt[SALT_LEN]; - char real_blkdev[MAXPATHLEN]; + unsigned char decrypted_master_key[32]; char encrypted_state[PROPERTY_VALUE_MAX]; int rc; property_get("ro.crypto.state", encrypted_state, ""); if (strcmp(encrypted_state, "encrypted") ) { - SLOGE("device not encrypted, aborting"); + printf("device not encrypted, aborting"); return -2; } if (!master_key_saved) { - SLOGE("encrypted fs not yet mounted, aborting"); + printf("encrypted fs not yet mounted, aborting"); return -1; } if (!saved_mount_point) { - SLOGE("encrypted fs failed to save mount point, aborting"); + printf("encrypted fs failed to save mount point, aborting"); return -1; } - fs_mgr_get_crypt_info(get_fstab_filename(), 0, real_blkdev, sizeof(real_blkdev)); - - if (get_crypt_ftr_and_key(real_blkdev, &crypt_ftr, encrypted_master_key, salt)) { - SLOGE("Error getting crypt footer and key\n"); + if (get_crypt_ftr_and_key(&crypt_ftr)) { + printf("Error getting crypt footer and key\n"); return -1; } @@ -947,7 +1409,7 @@ int cryptfs_verify_passwd(char *passwd) /* If the device has no password, then just say the password is valid */ rc = 0; } else { - decrypt_master_key(passwd, salt, encrypted_master_key, decrypted_master_key); + decrypt_master_key_and_upgrade(passwd, decrypted_master_key, &crypt_ftr); if (!memcmp(decrypted_master_key, saved_master_key, crypt_ftr.keysize)) { /* They match, the password is correct */ rc = 0; @@ -968,58 +1430,29 @@ int cryptfs_verify_passwd(char *passwd) */ static void cryptfs_init_crypt_mnt_ftr(struct crypt_mnt_ftr *ftr) { + off64_t off; + + memset(ftr, 0, sizeof(struct crypt_mnt_ftr)); ftr->magic = CRYPT_MNT_MAGIC; - ftr->major_version = 1; - ftr->minor_version = 0; + ftr->major_version = CURRENT_MAJOR_VERSION; + ftr->minor_version = CURRENT_MINOR_VERSION; ftr->ftr_size = sizeof(struct crypt_mnt_ftr); - ftr->flags = 0; ftr->keysize = KEY_LEN_BYTES; - ftr->spare1 = 0; - ftr->fs_size = 0; - ftr->failed_decrypt_count = 0; - ftr->crypto_type_name[0] = '\0'; -} -static int cryptfs_enable_wipe(char *crypto_blkdev, off64_t size, int type) -{ - char cmdline[256]; - int rc = -1; + ftr->kdf_type = KDF_SCRYPT; + get_device_scrypt_params(ftr); - if (type == EXT4_FS) { - snprintf(cmdline, sizeof(cmdline), "/system/bin/make_ext4fs -a /data -l %lld %s", - size * 512, crypto_blkdev); - SLOGI("Making empty filesystem with command %s\n", cmdline); - } else if (type== FAT_FS) { - snprintf(cmdline, sizeof(cmdline), "/system/bin/newfs_msdos -F 32 -O android -c 8 -s %lld %s", - size, crypto_blkdev); - SLOGI("Making empty filesystem with command %s\n", cmdline); - } else { - SLOGE("cryptfs_enable_wipe(): unknown filesystem type %d\n", type); - return -1; - } - - if (system(cmdline)) { - SLOGE("Error creating empty filesystem on %s\n", crypto_blkdev); - } else { - SLOGD("Successfully created empty filesystem on %s\n", crypto_blkdev); - rc = 0; + ftr->persist_data_size = CRYPT_PERSIST_DATA_SIZE; + if (get_crypt_ftr_info(NULL, &off) == 0) { + ftr->persist_data_offset[0] = off + CRYPT_FOOTER_TO_PERSIST_OFFSET; + ftr->persist_data_offset[1] = off + CRYPT_FOOTER_TO_PERSIST_OFFSET + + ftr->persist_data_size; } - - return rc; } -static inline int unix_read(int fd, void* buff, int len) -{ - int ret; - do { ret = read(fd, buff, len); } while (ret < 0 && errno == EINTR); - return ret; -} - -static inline int unix_write(int fd, const void* buff, int len) +static int cryptfs_enable_wipe(char *crypto_blkdev, off64_t size, int type) { - int ret; - do { ret = write(fd, buff, len); } while (ret < 0 && errno == EINTR); - return ret; + return -1; } #define CRYPT_INPLACE_BUFSIZE 4096 @@ -1035,12 +1468,12 @@ static int cryptfs_enable_inplace(char *crypto_blkdev, char *real_blkdev, off64_ off64_t blocks_already_done, tot_numblocks; if ( (realfd = open(real_blkdev, O_RDONLY)) < 0) { - SLOGE("Error opening real_blkdev %s for inplace encrypt\n", real_blkdev); + printf("Error opening real_blkdev %s for inplace encrypt\n", real_blkdev); return -1; } if ( (cryptofd = open(crypto_blkdev, O_WRONLY)) < 0) { - SLOGE("Error opening crypto_blkdev %s for inplace encrypt\n", crypto_blkdev); + printf("Error opening crypto_blkdev %s for inplace encrypt\n", crypto_blkdev); close(realfd); return -1; } @@ -1055,7 +1488,7 @@ static int cryptfs_enable_inplace(char *crypto_blkdev, char *real_blkdev, off64_ tot_numblocks = tot_size / CRYPT_SECTORS_PER_BUFSIZE; blocks_already_done = *size_already_done / CRYPT_SECTORS_PER_BUFSIZE; - SLOGE("Encrypting filesystem in place..."); + printf("Encrypting filesystem in place..."); one_pct = tot_numblocks / 100; cur_pct = 0; @@ -1070,11 +1503,11 @@ static int cryptfs_enable_inplace(char *crypto_blkdev, char *real_blkdev, off64_ property_set("vold.encrypt_progress", buf); } if (unix_read(realfd, buf, CRYPT_INPLACE_BUFSIZE) <= 0) { - SLOGE("Error reading real_blkdev %s for inplace encrypt\n", crypto_blkdev); + printf("Error reading real_blkdev %s for inplace encrypt\n", crypto_blkdev); goto errout; } if (unix_write(cryptofd, buf, CRYPT_INPLACE_BUFSIZE) <= 0) { - SLOGE("Error writing crypto_blkdev %s for inplace encrypt\n", crypto_blkdev); + printf("Error writing crypto_blkdev %s for inplace encrypt\n", crypto_blkdev); goto errout; } } @@ -1082,11 +1515,11 @@ static int cryptfs_enable_inplace(char *crypto_blkdev, char *real_blkdev, off64_ /* Do any remaining sectors */ for (i=0; i<remainder; i++) { if (unix_read(realfd, buf, 512) <= 0) { - SLOGE("Error reading rival sectors from real_blkdev %s for inplace encrypt\n", crypto_blkdev); + printf("Error reading rival sectors from real_blkdev %s for inplace encrypt\n", crypto_blkdev); goto errout; } if (unix_write(cryptofd, buf, 512) <= 0) { - SLOGE("Error writing final sectors to crypto_blkdev %s for inplace encrypt\n", crypto_blkdev); + printf("Error writing final sectors to crypto_blkdev %s for inplace encrypt\n", crypto_blkdev); goto errout; } } @@ -1114,39 +1547,170 @@ static inline int should_encrypt(struct volume_info *volume) int cryptfs_enable(char *howarg, char *passwd) { - // Code removed because it needs other parts of vold that aren't needed for decryption return -1; } int cryptfs_changepw(char *newpw) { struct crypt_mnt_ftr crypt_ftr; - unsigned char encrypted_master_key[KEY_LEN_BYTES], decrypted_master_key[KEY_LEN_BYTES]; - unsigned char salt[SALT_LEN]; - char real_blkdev[MAXPATHLEN]; + unsigned char decrypted_master_key[KEY_LEN_BYTES]; /* This is only allowed after we've successfully decrypted the master key */ if (! master_key_saved) { - SLOGE("Key not saved, aborting"); - return -1; - } - - fs_mgr_get_crypt_info(get_fstab_filename(), 0, real_blkdev, sizeof(real_blkdev)); - if (strlen(real_blkdev) == 0) { - SLOGE("Can't find real blkdev"); + printf("Key not saved, aborting"); return -1; } /* get key */ - if (get_crypt_ftr_and_key(real_blkdev, &crypt_ftr, encrypted_master_key, salt)) { - SLOGE("Error getting crypt footer and key"); + if (get_crypt_ftr_and_key(&crypt_ftr)) { + printf("Error getting crypt footer and key"); return -1; } - encrypt_master_key(newpw, salt, saved_master_key, encrypted_master_key); + encrypt_master_key(newpw, crypt_ftr.salt, saved_master_key, crypt_ftr.master_key, &crypt_ftr); /* save the key */ - put_crypt_ftr_and_key(real_blkdev, &crypt_ftr, encrypted_master_key, salt); + put_crypt_ftr_and_key(&crypt_ftr); return 0; } + +static int persist_get_key(char *fieldname, char *value) +{ + unsigned int i; + + if (persist_data == NULL) { + return -1; + } + for (i = 0; i < persist_data->persist_valid_entries; i++) { + if (!strncmp(persist_data->persist_entry[i].key, fieldname, PROPERTY_KEY_MAX)) { + /* We found it! */ + strlcpy(value, persist_data->persist_entry[i].val, PROPERTY_VALUE_MAX); + return 0; + } + } + + return -1; +} + +static int persist_set_key(char *fieldname, char *value, int encrypted) +{ + unsigned int i; + unsigned int num; + struct crypt_mnt_ftr crypt_ftr; + unsigned int max_persistent_entries; + unsigned int dsize; + + if (persist_data == NULL) { + return -1; + } + + /* If encrypted, use the values from the crypt_ftr, otherwise + * use the values for the current spec. + */ + if (encrypted) { + if(get_crypt_ftr_and_key(&crypt_ftr)) { + return -1; + } + dsize = crypt_ftr.persist_data_size; + } else { + dsize = CRYPT_PERSIST_DATA_SIZE; + } + max_persistent_entries = (dsize - sizeof(struct crypt_persist_data)) / + sizeof(struct crypt_persist_entry); + + num = persist_data->persist_valid_entries; + + for (i = 0; i < num; i++) { + if (!strncmp(persist_data->persist_entry[i].key, fieldname, PROPERTY_KEY_MAX)) { + /* We found an existing entry, update it! */ + memset(persist_data->persist_entry[i].val, 0, PROPERTY_VALUE_MAX); + strlcpy(persist_data->persist_entry[i].val, value, PROPERTY_VALUE_MAX); + return 0; + } + } + + /* We didn't find it, add it to the end, if there is room */ + if (persist_data->persist_valid_entries < max_persistent_entries) { + memset(&persist_data->persist_entry[num], 0, sizeof(struct crypt_persist_entry)); + strlcpy(persist_data->persist_entry[num].key, fieldname, PROPERTY_KEY_MAX); + strlcpy(persist_data->persist_entry[num].val, value, PROPERTY_VALUE_MAX); + persist_data->persist_valid_entries++; + return 0; + } + + return -1; +} + +/* Return the value of the specified field. */ +int cryptfs_getfield(char *fieldname, char *value, int len) +{ + char temp_value[PROPERTY_VALUE_MAX]; + char real_blkdev[MAXPATHLEN]; + /* 0 is success, 1 is not encrypted, + * -1 is value not set, -2 is any other error + */ + int rc = -2; + + if (persist_data == NULL) { + load_persistent_data(); + if (persist_data == NULL) { + printf("Getfield error, cannot load persistent data"); + goto out; + } + } + + if (!persist_get_key(fieldname, temp_value)) { + /* We found it, copy it to the caller's buffer and return */ + strlcpy(value, temp_value, len); + rc = 0; + } else { + /* Sadness, it's not there. Return the error */ + rc = -1; + } + +out: + return rc; +} + +/* Set the value of the specified field. */ +int cryptfs_setfield(char *fieldname, char *value) +{ + struct crypt_persist_data stored_pdata; + struct crypt_persist_data *pdata_p; + struct crypt_mnt_ftr crypt_ftr; + char encrypted_state[PROPERTY_VALUE_MAX]; + /* 0 is success, -1 is an error */ + int rc = -1; + int encrypted = 0; + + if (persist_data == NULL) { + load_persistent_data(); + if (persist_data == NULL) { + printf("Setfield error, cannot load persistent data"); + goto out; + } + } + + property_get("ro.crypto.state", encrypted_state, ""); + if (!strcmp(encrypted_state, "encrypted") ) { + encrypted = 1; + } + + if (persist_set_key(fieldname, value, encrypted)) { + goto out; + } + + /* If we are running encrypted, save the persistent data now */ + if (encrypted) { + if (save_persistent_data()) { + printf("Setfield error, cannot save persistent data"); + goto out; + } + } + + rc = 0; + +out: + return rc; +} diff --git a/crypto/jb/cryptfs.h b/crypto/jb/cryptfs.h index 1c1bc1aea..162159eb0 100644 --- a/crypto/jb/cryptfs.h +++ b/crypto/jb/cryptfs.h @@ -15,22 +15,31 @@ */ /* This structure starts 16,384 bytes before the end of a hardware - * partition that is encrypted. - * Immediately following this structure is the encrypted key. - * The keysize field tells how long the key is, in bytes. - * Then there is 32 bytes of padding, - * Finally there is the salt used with the user password. - * The salt is fixed at 16 bytes long. + * partition that is encrypted, or in a separate partition. It's location + * is specified by a property set in init.<device>.rc. + * The structure allocates 48 bytes for a key, but the real key size is + * specified in the struct. Currently, the code is hardcoded to use 128 + * bit keys. + * The fields after salt are only valid in rev 1.1 and later stuctures. * Obviously, the filesystem does not include the last 16 kbytes - * of the partition. + * of the partition if the crypt_mnt_ftr lives at the end of the + * partition. */ +#include <cutils/properties.h> + +/* The current cryptfs version */ +#define CURRENT_MAJOR_VERSION 1 +#define CURRENT_MINOR_VERSION 2 + #define CRYPT_FOOTER_OFFSET 0x4000 +#define CRYPT_FOOTER_TO_PERSIST_OFFSET 0x1000 +#define CRYPT_PERSIST_DATA_SIZE 0x1000 #define MAX_CRYPTO_TYPE_NAME_LEN 64 +#define MAX_KEY_LEN 48 #define SALT_LEN 16 -#define KEY_TO_SALT_PADDING 32 /* definitions of flags in the structure below */ #define CRYPT_MNT_KEY_UNENCRYPTED 0x1 /* The key for the partition is not encrypted. */ @@ -38,9 +47,18 @@ * clear when done before rebooting */ #define CRYPT_MNT_MAGIC 0xD0B5B1C4 +#define PERSIST_DATA_MAGIC 0xE950CD44 + +#define SCRYPT_PROP "ro.crypto.scrypt_params" +#define SCRYPT_DEFAULTS { 15, 3, 1 } + +/* Key Derivation Function algorithms */ +#define KDF_PBKDF2 1 +#define KDF_SCRYPT 2 #define __le32 unsigned int -#define __le16 unsigned short int +#define __le16 unsigned short int +#define __le8 unsigned char struct crypt_mnt_ftr { __le32 magic; /* See above */ @@ -56,6 +74,48 @@ struct crypt_mnt_ftr { unsigned char crypto_type_name[MAX_CRYPTO_TYPE_NAME_LEN]; /* The type of encryption needed to decrypt this partition, null terminated */ + __le32 spare2; /* ignored */ + unsigned char master_key[MAX_KEY_LEN]; /* The encrypted key for decrypting the filesystem */ + unsigned char salt[SALT_LEN]; /* The salt used for this encryption */ + __le64 persist_data_offset[2]; /* Absolute offset to both copies of crypt_persist_data + * on device with that info, either the footer of the + * real_blkdevice or the metadata partition. */ + + __le32 persist_data_size; /* The number of bytes allocated to each copy of the + * persistent data table*/ + + __le8 kdf_type; /* The key derivation function used. */ + + /* scrypt parameters. See www.tarsnap.com/scrypt/scrypt.pdf */ + __le8 N_factor; /* (1 << N) */ + __le8 r_factor; /* (1 << r) */ + __le8 p_factor; /* (1 << p) */ +}; + +/* Persistant data that should be available before decryption. + * Things like airplane mode, locale and timezone are kept + * here and can be retrieved by the CryptKeeper UI to properly + * configure the phone before asking for the password + * This is only valid if the major and minor version above + * is set to 1.1 or higher. + * + * This is a 4K structure. There are 2 copies, and the code alternates + * writing one and then clearing the previous one. The reading + * code reads the first valid copy it finds, based on the magic number. + * The absolute offset to the first of the two copies is kept in rev 1.1 + * and higher crypt_mnt_ftr structures. + */ +struct crypt_persist_entry { + char key[PROPERTY_KEY_MAX]; + char val[PROPERTY_VALUE_MAX]; +}; + +/* Should be exactly 4K in size */ +struct crypt_persist_data { + __le32 persist_magic; + __le32 persist_valid_entries; + __le32 persist_spare[30]; + struct crypt_persist_entry persist_entry[0]; }; struct volume_info { @@ -67,12 +127,17 @@ struct volume_info { char crypto_blkdev[256]; char label[256]; }; -#define VOL_NONREMOVABLE 0x1 -#define VOL_ENCRYPTABLE 0x2 +#define VOL_NONREMOVABLE 0x1 +#define VOL_ENCRYPTABLE 0x2 +#define VOL_PRIMARY 0x4 +#define VOL_PROVIDES_ASEC 0x8 #ifdef __cplusplus extern "C" { #endif + + typedef void (*kdf_func)(char *passwd, unsigned char *salt, unsigned char *ikey, void *params); + int cryptfs_crypto_complete(void); int cryptfs_check_passwd(char *pw); int cryptfs_verify_passwd(char *newpw); @@ -83,6 +148,8 @@ extern "C" { char *crypto_dev_path, unsigned int max_pathlen, int *new_major, int *new_minor); int cryptfs_revert_volume(const char *label); + int cryptfs_getfield(char *fieldname, char *value, int len); + int cryptfs_setfield(char *fieldname, char *value); #ifdef __cplusplus } #endif |