#include "f2fs_sparseblock.h"
#include "CheckBattery.h"
#include "Process.h"
+#include "Keymaster.h"
-#include <bootloader_message_writer.h>
-#include <hardware/keymaster0.h>
-#include <hardware/keymaster1.h>
+#include <bootloader_message/bootloader_message.h>
#define UNUSED __attribute__((unused))
-#define UNUSED __attribute__((unused))
-
-#ifdef CONFIG_HW_DISK_ENCRYPTION
-#include "cryptfs_hw.h"
-#endif
-
#define DM_CRYPT_BUF_SIZE 4096
#define HASH_COUNT 2000
static int master_key_saved = 0;
static struct crypt_persist_data *persist_data = NULL;
-static int keymaster_init(keymaster0_device_t **keymaster0_dev,
- keymaster1_device_t **keymaster1_dev)
-{
- int rc;
-
- const hw_module_t* mod;
- rc = hw_get_module_by_class(KEYSTORE_HARDWARE_MODULE_ID, NULL, &mod);
- if (rc) {
- ALOGE("could not find any keystore module");
- goto err;
- }
-
- SLOGI("keymaster module name is %s", mod->name);
- SLOGI("keymaster version is %d", mod->module_api_version);
-
- *keymaster0_dev = NULL;
- *keymaster1_dev = NULL;
- if (mod->module_api_version == KEYMASTER_MODULE_API_VERSION_1_0) {
- SLOGI("Found keymaster1 module, using keymaster1 API.");
- rc = keymaster1_open(mod, keymaster1_dev);
- } else {
- SLOGI("Found keymaster0 module, using keymaster0 API.");
- rc = keymaster0_open(mod, keymaster0_dev);
- }
-
- if (rc) {
- ALOGE("could not open keymaster device in %s (%s)",
- KEYSTORE_HARDWARE_MODULE_ID, strerror(-rc));
- goto err;
- }
-
- return 0;
-
-err:
- *keymaster0_dev = NULL;
- *keymaster1_dev = NULL;
- return rc;
-}
-
/* Should we use keymaster? */
static int keymaster_check_compatibility()
{
- keymaster0_device_t *keymaster0_dev = 0;
- keymaster1_device_t *keymaster1_dev = 0;
- int rc = 0;
-
- if (keymaster_init(&keymaster0_dev, &keymaster1_dev)) {
- SLOGE("Failed to init keymaster");
- rc = -1;
- goto out;
- }
-
- if (keymaster1_dev) {
- rc = 1;
- goto out;
- }
-
- if (!keymaster0_dev || !keymaster0_dev->common.module) {
- rc = -1;
- goto out;
- }
-
- // TODO(swillden): Check to see if there's any reason to require v0.3. I think v0.1 and v0.2
- // should work.
- if (keymaster0_dev->common.module->module_api_version
- < KEYMASTER_MODULE_API_VERSION_0_3) {
- rc = 0;
- goto out;
- }
-
- if (!(keymaster0_dev->flags & KEYMASTER_SOFTWARE_ONLY) &&
- (keymaster0_dev->flags & KEYMASTER_BLOBS_ARE_STANDALONE)) {
- rc = 1;
- }
-
-out:
- if (keymaster1_dev) {
- keymaster1_close(keymaster1_dev);
- }
- if (keymaster0_dev) {
- keymaster0_close(keymaster0_dev);
- }
- return rc;
+ return keymaster_compatibility_cryptfs_scrypt();
}
/* Create a new keymaster key and store it in this footer */
static int keymaster_create_key(struct crypt_mnt_ftr *ftr)
{
- uint8_t* key = 0;
- keymaster0_device_t *keymaster0_dev = 0;
- keymaster1_device_t *keymaster1_dev = 0;
-
if (ftr->keymaster_blob_size) {
SLOGI("Already have key");
return 0;
}
- if (keymaster_init(&keymaster0_dev, &keymaster1_dev)) {
- SLOGE("Failed to init keymaster");
- return -1;
- }
-
- int rc = 0;
- size_t key_size = 0;
- if (keymaster1_dev) {
- keymaster_key_param_t params[] = {
- /* Algorithm & size specifications. Stick with RSA for now. Switch to AES later. */
- keymaster_param_enum(KM_TAG_ALGORITHM, KM_ALGORITHM_RSA),
- keymaster_param_int(KM_TAG_KEY_SIZE, RSA_KEY_SIZE),
- keymaster_param_long(KM_TAG_RSA_PUBLIC_EXPONENT, RSA_EXPONENT),
-
- /* The only allowed purpose for this key is signing. */
- keymaster_param_enum(KM_TAG_PURPOSE, KM_PURPOSE_SIGN),
-
- /* Padding & digest specifications. */
- keymaster_param_enum(KM_TAG_PADDING, KM_PAD_NONE),
- keymaster_param_enum(KM_TAG_DIGEST, KM_DIGEST_NONE),
-
- /* Require that the key be usable in standalone mode. File system isn't available. */
- keymaster_param_enum(KM_TAG_BLOB_USAGE_REQUIREMENTS, KM_BLOB_STANDALONE),
-
- /* No auth requirements, because cryptfs is not yet integrated with gatekeeper. */
- keymaster_param_bool(KM_TAG_NO_AUTH_REQUIRED),
-
- /* Rate-limit key usage attempts, to rate-limit brute force */
- keymaster_param_int(KM_TAG_MIN_SECONDS_BETWEEN_OPS, KEYMASTER_CRYPTFS_RATE_LIMIT),
- };
- keymaster_key_param_set_t param_set = { params, sizeof(params)/sizeof(*params) };
- keymaster_key_blob_t key_blob;
- keymaster_error_t error = keymaster1_dev->generate_key(keymaster1_dev, ¶m_set,
- &key_blob,
- NULL /* characteristics */);
- if (error != KM_ERROR_OK) {
- SLOGE("Failed to generate keymaster1 key, error %d", error);
- rc = -1;
- goto out;
- }
-
- key = (uint8_t*)key_blob.key_material;
- key_size = key_blob.key_material_size;
- }
- else if (keymaster0_dev) {
- keymaster_rsa_keygen_params_t params;
- memset(¶ms, '\0', sizeof(params));
- params.public_exponent = RSA_EXPONENT;
- params.modulus_size = RSA_KEY_SIZE;
-
- if (keymaster0_dev->generate_keypair(keymaster0_dev, TYPE_RSA, ¶ms,
- &key, &key_size)) {
- SLOGE("Failed to generate keypair");
- rc = -1;
- goto out;
+ int rc = keymaster_create_key_for_cryptfs_scrypt(RSA_KEY_SIZE, RSA_EXPONENT,
+ KEYMASTER_CRYPTFS_RATE_LIMIT, ftr->keymaster_blob, KEYMASTER_BLOB_SIZE,
+ &ftr->keymaster_blob_size);
+ if (rc) {
+ if (ftr->keymaster_blob_size > KEYMASTER_BLOB_SIZE) {
+ SLOGE("Keymaster key blob to large)");
+ ftr->keymaster_blob_size = 0;
}
- } else {
- SLOGE("Cryptfs bug: keymaster_init succeeded but didn't initialize a device");
- rc = -1;
- goto out;
- }
-
- if (key_size > KEYMASTER_BLOB_SIZE) {
- SLOGE("Keymaster key too large for crypto footer");
- rc = -1;
- goto out;
+ SLOGE("Failed to generate keypair");
+ return -1;
}
-
- memcpy(ftr->keymaster_blob, key, key_size);
- ftr->keymaster_blob_size = key_size;
-
-out:
- if (keymaster0_dev)
- keymaster0_close(keymaster0_dev);
- if (keymaster1_dev)
- keymaster1_close(keymaster1_dev);
- free(key);
- return rc;
+ return 0;
}
/* This signs the given object using the keymaster key. */
unsigned char **signature,
size_t *signature_size)
{
- int rc = 0;
- keymaster0_device_t *keymaster0_dev = 0;
- keymaster1_device_t *keymaster1_dev = 0;
- if (keymaster_init(&keymaster0_dev, &keymaster1_dev)) {
- SLOGE("Failed to init keymaster");
- rc = -1;
- goto out;
- }
-
unsigned char to_sign[RSA_KEY_SIZE_BYTES];
size_t to_sign_size = sizeof(to_sign);
memset(to_sign, 0, RSA_KEY_SIZE_BYTES);
break;
default:
SLOGE("Unknown KDF type %d", ftr->kdf_type);
- rc = -1;
- goto out;
- }
-
- if (keymaster0_dev) {
- keymaster_rsa_sign_params_t params;
- params.digest_type = DIGEST_NONE;
- params.padding_type = PADDING_NONE;
-
- rc = keymaster0_dev->sign_data(keymaster0_dev,
- ¶ms,
- ftr->keymaster_blob,
- ftr->keymaster_blob_size,
- to_sign,
- to_sign_size,
- signature,
- signature_size);
- goto out;
- } else if (keymaster1_dev) {
- keymaster_key_blob_t key = { ftr->keymaster_blob, ftr->keymaster_blob_size };
- keymaster_key_param_t params[] = {
- keymaster_param_enum(KM_TAG_PADDING, KM_PAD_NONE),
- keymaster_param_enum(KM_TAG_DIGEST, KM_DIGEST_NONE),
- };
- keymaster_key_param_set_t param_set = { params, sizeof(params)/sizeof(*params) };
- keymaster_operation_handle_t op_handle;
- keymaster_error_t error = keymaster1_dev->begin(keymaster1_dev, KM_PURPOSE_SIGN, &key,
- ¶m_set, NULL /* out_params */,
- &op_handle);
- if (error == KM_ERROR_KEY_RATE_LIMIT_EXCEEDED) {
- // Key usage has been rate-limited. Wait a bit and try again.
- sleep(KEYMASTER_CRYPTFS_RATE_LIMIT);
- error = keymaster1_dev->begin(keymaster1_dev, KM_PURPOSE_SIGN, &key,
- ¶m_set, NULL /* out_params */,
- &op_handle);
- }
- if (error != KM_ERROR_OK) {
- SLOGE("Error starting keymaster signature transaction: %d", error);
- rc = -1;
- goto out;
- }
-
- keymaster_blob_t input = { to_sign, to_sign_size };
- size_t input_consumed;
- error = keymaster1_dev->update(keymaster1_dev, op_handle, NULL /* in_params */,
- &input, &input_consumed, NULL /* out_params */,
- NULL /* output */);
- if (error != KM_ERROR_OK) {
- SLOGE("Error sending data to keymaster signature transaction: %d", error);
- rc = -1;
- goto out;
- }
- if (input_consumed != to_sign_size) {
- // This should never happen. If it does, it's a bug in the keymaster implementation.
- SLOGE("Keymaster update() did not consume all data.");
- keymaster1_dev->abort(keymaster1_dev, op_handle);
- rc = -1;
- goto out;
- }
-
- keymaster_blob_t tmp_sig;
- error = keymaster1_dev->finish(keymaster1_dev, op_handle, NULL /* in_params */,
- NULL /* verify signature */, NULL /* out_params */,
- &tmp_sig);
- if (error != KM_ERROR_OK) {
- SLOGE("Error finishing keymaster signature transaction: %d", error);
- rc = -1;
- goto out;
- }
-
- *signature = (uint8_t*)tmp_sig.data;
- *signature_size = tmp_sig.data_length;
- } else {
- SLOGE("Cryptfs bug: keymaster_init succeded but didn't initialize a device.");
- rc = -1;
- goto out;
+ return -1;
}
-
- out:
- if (keymaster1_dev)
- keymaster1_close(keymaster1_dev);
- if (keymaster0_dev)
- keymaster0_close(keymaster0_dev);
-
- return rc;
+ return keymaster_sign_object_for_cryptfs_scrypt(ftr->keymaster_blob, ftr->keymaster_blob_size,
+ KEYMASTER_CRYPTFS_RATE_LIMIT, to_sign, to_sign_size, signature, signature_size);
}
/* Store password when userdata is successfully decrypted and mounted.
struct dm_target_spec *tgt;
char *crypt_params;
char master_key_ascii[129]; /* Large enough to hold 512 bit key and null */
+ size_t buff_offset;
int i;
io = (struct dm_ioctl *) buffer;
tgt->status = 0;
tgt->sector_start = 0;
tgt->length = crypt_ftr->fs_size;
-#ifdef CONFIG_HW_DISK_ENCRYPTION
- if (!strcmp((char *)crypt_ftr->crypto_type_name, "aes-xts")) {
- strlcpy(tgt->target_type, "req-crypt", DM_MAX_TYPE_NAME);
- }
- else {
- strlcpy(tgt->target_type, "crypt", DM_MAX_TYPE_NAME);
- }
-#else
strlcpy(tgt->target_type, "crypt", DM_MAX_TYPE_NAME);
-#endif
crypt_params = buffer + sizeof(struct dm_ioctl) + sizeof(struct dm_target_spec);
convert_key_to_hex_ascii(master_key, crypt_ftr->keysize, master_key_ascii);
- sprintf(crypt_params, "%s %s 0 %s 0 %s", crypt_ftr->crypto_type_name,
- master_key_ascii, real_blk_name, extra_params);
+
+ buff_offset = crypt_params - buffer;
+ snprintf(crypt_params, sizeof(buffer) - buff_offset, "%s %s 0 %s 0 %s",
+ crypt_ftr->crypto_type_name, master_key_ascii, real_blk_name,
+ extra_params);
crypt_params += strlen(crypt_params) + 1;
crypt_params = (char *) (((unsigned long)crypt_params + 7) & ~8); /* Align to an 8 byte boundary */
tgt->next = crypt_params - buffer;
*/
v = (struct dm_target_versions *) &buffer[sizeof(struct dm_ioctl)];
while (v->next) {
-#ifdef CONFIG_HW_DISK_ENCRYPTION
- if (! strcmp(v->name, "crypt") || ! strcmp(v->name, "req-crypt")) {
-#else
if (! strcmp(v->name, "crypt")) {
-#endif
/* We found the crypt driver, return the version, and get out */
version[0] = v->version[0];
version[1] = v->version[1];
SLOGE("encrypt_master_key: crypto_scrypt failed");
}
+ EVP_CIPHER_CTX_cleanup(&e_ctx);
+
return 0;
}
/* Copy intermediate key if needed by params */
if (intermediate_key && intermediate_key_size) {
*intermediate_key = (unsigned char*) malloc(KEY_LEN_BYTES);
- if (intermediate_key) {
+ if (*intermediate_key) {
memcpy(*intermediate_key, ikey, KEY_LEN_BYTES);
*intermediate_key_size = KEY_LEN_BYTES;
}
}
+ EVP_CIPHER_CTX_cleanup(&d_ctx);
+
return 0;
}
return -1;
}
- property_set("vold.decrypt", "trigger_load_persist_props");
/* Create necessary paths on /data */
if (prep_data_fs()) {
return -1;
}
+ property_set("vold.decrypt", "trigger_load_persist_props");
/* startup service classes main and late_start */
property_set("vold.decrypt", "trigger_restart_framework");
fs_mgr_get_crypt_info(fstab, 0, real_blkdev, sizeof(real_blkdev));
-#ifdef CONFIG_HW_DISK_ENCRYPTION
- if (!strcmp((char *)crypt_ftr->crypto_type_name, "aes-xts")) {
- if(!set_hw_device_encryption_key(passwd, (char*) crypt_ftr->crypto_type_name)) {
- SLOGE("Hardware encryption key does not match");
- }
- }
-#endif
-
// Create crypto block device - all (non fatal) code paths
// need it
if (create_crypto_blk_dev(crypt_ftr, decrypted_master_key,
} else {
/* Try mounting the file system anyway, just in case the problem's with
* the footer, not the key. */
- sprintf(tmp_mount_point, "%s/tmp_mnt", mount_point);
+ snprintf(tmp_mount_point, sizeof(tmp_mount_point), "%s/tmp_mnt",
+ mount_point);
mkdir(tmp_mount_point, 0755);
if (fs_mgr_do_mount(fstab, DATA_MNT_POINT, crypto_blkdev, tmp_mount_point)) {
SLOGE("Error temp mounting decrypted block device\n");
int rc = -1;
if (type == EXT4_FS) {
+#ifdef TARGET_USES_MKE2FS
+ args[0] = "/system/bin/mke2fs";
+ args[1] = "-M";
+ args[2] = "/data";
+ args[3] = "-b";
+ args[4] = "4096";
+ args[5] = "-t";
+ args[6] = "ext4";
+ args[7] = crypto_blkdev;
+ snprintf(size_str, sizeof(size_str), "%" PRId64, size / (4096 / 512));
+ args[8] = size_str;
+ num_args = 9;
+#else
args[0] = "/system/bin/make_ext4fs";
args[1] = "-a";
args[2] = "/data";
args[4] = size_str;
args[5] = crypto_blkdev;
num_args = 6;
+#endif
SLOGI("Making empty filesystem with command %s %s %s %s %s %s\n",
args[0], args[1], args[2], args[3], args[4], args[5]);
} else if (type == F2FS_FS) {
/* aligned 32K writes tends to make flash happy.
* SD card association recommends it.
*/
-#ifndef CONFIG_HW_DISK_ENCRYPTION
#define BLOCKS_AT_A_TIME 8
-#else
-#define BLOCKS_AT_A_TIME 1024
-#endif
struct encryptGroupsData
{
crypt_ftr.flags |= CRYPT_INCONSISTENT_STATE;
}
crypt_ftr.crypt_type = crypt_type;
-#ifndef CONFIG_HW_DISK_ENCRYPTION
strlcpy((char *)crypt_ftr.crypto_type_name, "aes-cbc-essiv:sha256", MAX_CRYPTO_TYPE_NAME_LEN);
-#else
- strlcpy((char *)crypt_ftr.crypto_type_name, "aes-xts", MAX_CRYPTO_TYPE_NAME_LEN);
-
- rc = clear_hw_device_encryption_key();
- if (!rc) {
- SLOGE("Error clearing device encryption hardware key. rc = %d", rc);
- }
-
- rc = set_hw_device_encryption_key(passwd,
- (char*) crypt_ftr.crypto_type_name);
- if (!rc) {
- SLOGE("Error initializing device encryption hardware key. rc = %d", rc);
- goto error_shutting_down;
- }
-#endif
/* Make an encrypted master key */
if (create_encrypted_random_key(onlyCreateHeader ? DEFAULT_PASSWORD : passwd,
/* save the key */
put_crypt_ftr_and_key(&crypt_ftr);
-#ifdef CONFIG_HW_DISK_ENCRYPTION
- if (!strcmp((char *)crypt_ftr.crypto_type_name, "aes-xts")) {
- if (crypt_type == CRYPT_TYPE_DEFAULT) {
- int rc = update_hw_device_encryption_key(DEFAULT_PASSWORD, (char*) crypt_ftr.crypto_type_name);
- SLOGD("Update hardware encryption key to default for crypt_type: %d. rc = %d", crypt_type, rc);
- if (!rc)
- return -1;
- } else {
- int rc = update_hw_device_encryption_key(newpw, (char*) crypt_ftr.crypto_type_name);
- SLOGD("Update hardware encryption key for crypt_type: %d. rc = %d", crypt_type, rc);
- if (!rc)
- return -1;
- }
- }
-#endif
return 0;
}
return encrypt_master_key(password, ftr->salt, master_key, ftr->master_key,
ftr);
}
+
+void cryptfs_get_file_encryption_modes(const char **contents_mode_ret,
+ const char **filenames_mode_ret)
+{
+ struct fstab_rec* rec = fs_mgr_get_entry_for_mount_point(fstab, DATA_MNT_POINT);
+ fs_mgr_get_file_encryption_modes(rec, contents_mode_ret, filenames_mode_ret);
+}