Lines Matching +full:post +full:- +full:fs +full:- +full:data
8 * http://www.apache.org/licenses/LICENSE-2.0
32 #include <android-base/parseint.h>
33 #include <android-base/properties.h>
34 #include <android-base/stringprintf.h>
35 #include <android-base/strings.h>
124 * Must be zero to be compatible with pre-L \
173 __le64 fs_size; /* Size of the encrypted fs, in 512 byte sectors */
187 * persistent data table*/
205 * data, which is acceptable but only if the key is not reused elsewhere. */
218 Note also that there is no need to worry about migration. If this data is
232 /* Persistant data that should be available before decryption.
280 #define BREADCRUMB_FILE "/data/misc/vold/convert_fde"
305 .set_config_name("AES-128-CBC")
306 .set_kernel_name("aes-cbc-essiv:sha256")
317 // We only want to parse this read-only property once. But we need to wait in get_crypto_type()
337 if (ftr->keymaster_blob_size) { in keymaster_create_key()
343 RSA_KEY_SIZE, RSA_EXPONENT, KEYMASTER_CRYPTFS_RATE_LIMIT, ftr->keymaster_blob, in keymaster_create_key()
344 KEYMASTER_BLOB_SIZE, &ftr->keymaster_blob_size); in keymaster_create_key()
346 if (ftr->keymaster_blob_size > KEYMASTER_BLOB_SIZE) { in keymaster_create_key()
348 ftr->keymaster_blob_size = 0; in keymaster_create_key()
351 return -1; in keymaster_create_key()
367 // 1. The message, when interpreted as a big-endian numeric value, must in keymaster_sign_object()
370 // guaranteed to be 1 (else it's an (n-1)-bit key, not an n-bit in keymaster_sign_object()
371 // key), an n-bit message with most significant bit 0 always in keymaster_sign_object()
378 switch (ftr->kdf_type) { in keymaster_sign_object()
381 // is zero. We could have zero-padded to the left instead, but in keymaster_sign_object()
386 memcpy(to_sign + 1, object, std::min((size_t)RSA_KEY_SIZE_BYTES - 1, object_size)); in keymaster_sign_object()
387 SLOGI("Signing safely-padded object"); in keymaster_sign_object()
390 SLOGE("Unknown KDF type %d", ftr->kdf_type); in keymaster_sign_object()
391 return -1; in keymaster_sign_object()
395 ftr->keymaster_blob, ftr->keymaster_blob_size, KEYMASTER_CRYPTFS_RATE_LIMIT, to_sign, in keymaster_sign_object()
403 return -1; in keymaster_sign_object()
407 RSA_KEY_SIZE, RSA_EXPONENT, KEYMASTER_CRYPTFS_RATE_LIMIT, ftr->keymaster_blob, in keymaster_sign_object()
408 ftr->keymaster_blob_size, ftr->keymaster_blob, KEYMASTER_BLOB_SIZE, in keymaster_sign_object()
409 &ftr->keymaster_blob_size) != 0) { in keymaster_sign_object()
411 return -1; in keymaster_sign_object()
474 ftr->N_factor = Nf; in get_device_scrypt_params()
475 ftr->r_factor = rf; in get_device_scrypt_params()
476 ftr->p_factor = pf; in get_device_scrypt_params()
535 int rc = -1; in get_crypt_ftr_info()
549 cached_off -= CRYPT_FOOTER_OFFSET; in get_crypt_ftr_info()
578 memset(crypt_ftr->sha256, 0, sizeof(crypt_ftr->sha256)); in set_ftr_sha()
580 SHA256_Final(crypt_ftr->sha256, &c); in set_ftr_sha()
593 int rc = -1; in put_crypt_ftr_and_key()
601 return -1; in put_crypt_ftr_and_key()
605 return -1; in put_crypt_ftr_and_key()
609 return -1; in put_crypt_ftr_and_key()
613 if (lseek64(fd, starting_off, SEEK_SET) == -1) { in put_crypt_ftr_and_key()
644 return memcmp(copy.sha256, crypt_ftr->sha256, sizeof(copy.sha256)) == 0; in check_ftr_sha()
657 pdata->persist_magic = PERSIST_DATA_MAGIC; in init_empty_persist_data()
658 pdata->persist_valid_entries = 0; in init_empty_persist_data()
663 * data, crypt_ftr is a pointer to the struct to be updated, and offset is the
667 int orig_major = crypt_ftr->major_version; in upgrade_crypt_ftr()
668 int orig_minor = crypt_ftr->minor_version; in upgrade_crypt_ftr()
670 if ((crypt_ftr->major_version == 1) && (crypt_ftr->minor_version == 0)) { in upgrade_crypt_ftr()
678 SLOGE("Cannot allocate persisent data\n"); in upgrade_crypt_ftr()
683 /* Need to initialize the persistent data area */ in upgrade_crypt_ftr()
684 if (lseek64(fd, pdata_offset, SEEK_SET) == -1) { in upgrade_crypt_ftr()
685 SLOGE("Cannot seek to persisent data offset\n"); in upgrade_crypt_ftr()
697 crypt_ftr->persist_data_size = CRYPT_PERSIST_DATA_SIZE; in upgrade_crypt_ftr()
698 crypt_ftr->persist_data_offset[0] = pdata_offset; in upgrade_crypt_ftr()
699 crypt_ftr->persist_data_offset[1] = pdata_offset + CRYPT_PERSIST_DATA_SIZE; in upgrade_crypt_ftr()
700 crypt_ftr->minor_version = 1; in upgrade_crypt_ftr()
704 if ((crypt_ftr->major_version == 1) && (crypt_ftr->minor_version == 1)) { in upgrade_crypt_ftr()
709 crypt_ftr->kdf_type = KDF_PBKDF2; in upgrade_crypt_ftr()
711 crypt_ftr->minor_version = 2; in upgrade_crypt_ftr()
714 if ((crypt_ftr->major_version == 1) && (crypt_ftr->minor_version == 2)) { in upgrade_crypt_ftr()
716 crypt_ftr->crypt_type = CRYPT_TYPE_PASSWORD; in upgrade_crypt_ftr()
717 crypt_ftr->minor_version = 3; in upgrade_crypt_ftr()
720 if ((orig_major != crypt_ftr->major_version) || (orig_minor != crypt_ftr->minor_version)) { in upgrade_crypt_ftr()
721 if (lseek64(fd, offset, SEEK_SET) == -1) { in upgrade_crypt_ftr()
733 int rc = -1; in get_crypt_ftr_and_key()
739 return -1; in get_crypt_ftr_and_key()
743 return -1; in get_crypt_ftr_and_key()
747 return -1; in get_crypt_ftr_and_key()
758 if (lseek64(fd, starting_off, SEEK_SET) == -1) { in get_crypt_ftr_and_key()
768 if (crypt_ftr->magic != CRYPT_MNT_MAGIC) { in get_crypt_ftr_and_key()
773 if (crypt_ftr->major_version != CURRENT_MAJOR_VERSION) { in get_crypt_ftr_and_key()
775 crypt_ftr->major_version, CURRENT_MAJOR_VERSION); in get_crypt_ftr_and_key()
780 // 0-sized keys are problematic (essentially by-passing encryption), and in get_crypt_ftr_and_key()
781 // AES-CBC key wrapping only works for multiples of 16 bytes. in get_crypt_ftr_and_key()
782 if ((crypt_ftr->keysize == 0) || ((crypt_ftr->keysize % 16) != 0) || in get_crypt_ftr_and_key()
783 (crypt_ftr->keysize > MAX_KEY_LEN)) { in get_crypt_ftr_and_key()
785 "Invalid keysize (%u) for block device %s; Must be non-zero, " in get_crypt_ftr_and_key()
787 crypt_ftr->keysize, fname, MAX_KEY_LEN); in get_crypt_ftr_and_key()
791 if (crypt_ftr->minor_version > CURRENT_MINOR_VERSION) { in get_crypt_ftr_and_key()
793 crypt_ftr->minor_version, CURRENT_MINOR_VERSION); in get_crypt_ftr_and_key()
799 if (crypt_ftr->minor_version < CURRENT_MINOR_VERSION) { in get_crypt_ftr_and_key()
812 if (crypt_ftr->persist_data_offset[0] + crypt_ftr->persist_data_size > in validate_persistent_data_storage()
813 crypt_ftr->persist_data_offset[1]) { in validate_persistent_data_storage()
814 SLOGE("Crypt_ftr persist data regions overlap"); in validate_persistent_data_storage()
815 return -1; in validate_persistent_data_storage()
818 if (crypt_ftr->persist_data_offset[0] >= crypt_ftr->persist_data_offset[1]) { in validate_persistent_data_storage()
819 SLOGE("Crypt_ftr persist data region 0 starts after region 1"); in validate_persistent_data_storage()
820 return -1; in validate_persistent_data_storage()
823 if (((crypt_ftr->persist_data_offset[1] + crypt_ftr->persist_data_size) - in validate_persistent_data_storage()
824 (crypt_ftr->persist_data_offset[0] - CRYPT_FOOTER_TO_PERSIST_OFFSET)) > in validate_persistent_data_storage()
826 SLOGE("Persistent data extends past crypto footer"); in validate_persistent_data_storage()
827 return -1; in validate_persistent_data_storage()
857 return -1; in load_persistent_data()
861 return -1; in load_persistent_data()
866 SLOGE("Crypt_ftr version doesn't support persistent data"); in load_persistent_data()
867 return -1; in load_persistent_data()
871 return -1; in load_persistent_data()
876 return -1; in load_persistent_data()
882 return -1; in load_persistent_data()
887 SLOGE("Cannot allocate memory for persistent data"); in load_persistent_data()
893 SLOGE("Cannot seek to read persistent data on %s", fname); in load_persistent_data()
897 SLOGE("Error reading persistent data on iteration %d", i); in load_persistent_data()
900 if (pdata->persist_magic == PERSIST_DATA_MAGIC) { in load_persistent_data()
907 SLOGI("Could not find valid persistent data, creating"); in load_persistent_data()
921 return -1; in load_persistent_data()
934 SLOGE("No persistent data to save"); in save_persistent_data()
935 return -1; in save_persistent_data()
939 return -1; in save_persistent_data()
944 SLOGE("Crypt_ftr version doesn't support persistent data"); in save_persistent_data()
945 return -1; in save_persistent_data()
950 return -1; in save_persistent_data()
954 return -1; in save_persistent_data()
960 return -1; in save_persistent_data()
965 SLOGE("Cannot allocate persistant data"); in save_persistent_data()
970 SLOGE("Cannot seek to read persistent data on %s", fname); in save_persistent_data()
975 SLOGE("Error reading persistent data before save"); in save_persistent_data()
979 if (pdata->persist_magic == PERSIST_DATA_MAGIC) { in save_persistent_data()
993 SLOGE("Cannot seek to write persistent data"); in save_persistent_data()
999 SLOGE("Cannot seek to erase previous persistent data"); in save_persistent_data()
1005 SLOGE("Cannot write to erase previous persistent data"); in save_persistent_data()
1010 SLOGE("Cannot write to save persistent data"); in save_persistent_data()
1023 return -1; in save_persistent_data()
1049 * parameters to make dm-crypt use the specified crypto sector size and round
1060 (sector_size & (sector_size - 1)) != 0) { in add_sector_size_param()
1063 return -1; in add_sector_size_param()
1066 target->SetSectorSize(sector_size); in add_sector_size_param()
1069 // of being hard-coded to being based on 512-byte sectors. in add_sector_size_param()
1070 target->SetIvLargeSectors(); in add_sector_size_param()
1073 ftr->fs_size &= ~((sector_size / 512) - 1); in add_sector_size_param()
1086 convert_key_to_hex_ascii(master_key, crypt_ftr->keysize, master_key_ascii); in create_crypto_blk_dev()
1088 auto target = std::make_unique<DmTargetCrypt>(0, crypt_ftr->fs_size, in create_crypto_blk_dev()
1089 (const char*)crypt_ftr->crypto_type_name, in create_crypto_blk_dev()
1091 target->AllowDiscards(); in create_crypto_blk_dev()
1094 target->AllowEncryptOverride(); in create_crypto_blk_dev()
1097 SLOGE("Error processing dm-crypt sector size param\n"); in create_crypto_blk_dev()
1098 return -1; in create_crypto_blk_dev()
1113 SLOGE("Cannot load dm-crypt mapping table.\n"); in create_crypto_blk_dev()
1114 return -1; in create_crypto_blk_dev()
1121 SLOGE("Cannot determine dm-crypt path for %s.\n", name); in create_crypto_blk_dev()
1122 return -1; in create_crypto_blk_dev()
1126 if (android::vold::WaitForFile(crypto_blk_name->c_str(), 1s) < 0) { in create_crypto_blk_dev()
1128 return -1; in create_crypto_blk_dev()
1136 SLOGE("Cannot remove dm-crypt device %s: %s\n", name.c_str(), strerror(errno)); in delete_crypto_blk_dev()
1137 return -1; in delete_crypto_blk_dev()
1156 int N = 1 << ftr->N_factor; in scrypt()
1157 int r = 1 << ftr->r_factor; in scrypt()
1158 int p = 1 << ftr->p_factor; in scrypt()
1176 int N = 1 << ftr->N_factor; in scrypt_keymaster()
1177 int r = 1 << ftr->r_factor; in scrypt_keymaster()
1178 int p = 1 << ftr->p_factor; in scrypt_keymaster()
1185 return -1; in scrypt_keymaster()
1190 return -1; in scrypt_keymaster()
1199 return -1; in scrypt_keymaster()
1216 switch (crypt_ftr->kdf_type) { in encrypt_master_key()
1220 return -1; in encrypt_master_key()
1225 return -1; in encrypt_master_key()
1232 return -1; in encrypt_master_key()
1238 return -1; in encrypt_master_key()
1246 return -1; in encrypt_master_key()
1248 EVP_CIPHER_CTX_set_padding(&e_ctx, 0); /* Turn off padding as our data is block aligned */ in encrypt_master_key()
1252 crypt_ftr->keysize)) { in encrypt_master_key()
1254 return -1; in encrypt_master_key()
1258 return -1; in encrypt_master_key()
1261 if (encrypted_len + final_len != static_cast<int>(crypt_ftr->keysize)) { in encrypt_master_key()
1263 return -1; in encrypt_master_key()
1271 int N = 1 << crypt_ftr->N_factor; in encrypt_master_key()
1272 int r = 1 << crypt_ftr->r_factor; in encrypt_master_key()
1273 int p = 1 << crypt_ftr->p_factor; in encrypt_master_key()
1275 rc = crypto_scrypt(ikey, INTERMEDIATE_KEY_LEN_BYTES, crypt_ftr->salt, sizeof(crypt_ftr->salt), in encrypt_master_key()
1276 N, r, p, crypt_ftr->scrypted_intermediate_key, in encrypt_master_key()
1277 sizeof(crypt_ftr->scrypted_intermediate_key)); in encrypt_master_key()
1301 return -1; in decrypt_master_key_aux()
1308 return -1; in decrypt_master_key_aux()
1310 EVP_CIPHER_CTX_set_padding(&d_ctx, 0); /* Turn off padding as our data is block aligned */ in decrypt_master_key_aux()
1314 return -1; in decrypt_master_key_aux()
1317 return -1; in decrypt_master_key_aux()
1321 return -1; in decrypt_master_key_aux()
1339 if (ftr->kdf_type == KDF_SCRYPT_KEYMASTER) { in get_kdf_func()
1342 } else if (ftr->kdf_type == KDF_SCRYPT) { in get_kdf_func()
1359 ret = decrypt_master_key_aux(passwd, crypt_ftr->salt, crypt_ftr->master_key, crypt_ftr->keysize, in decrypt_master_key()
1375 return -1; in create_encrypted_random_key()
1378 return -1; in create_encrypted_random_key()
1400 if (strcmp(mentry->mnt_dir, top_directory.c_str()) == 0) { in ensure_subdirectory_unmounted()
1404 if (android::base::StartsWith(mentry->mnt_dir, top_directory)) { in ensure_subdirectory_unmounted()
1405 SLOGW("found sub-directory mount %s - %s\n", prefix, mentry->mnt_dir); in ensure_subdirectory_unmounted()
1406 umount_points.push_back(mentry->mnt_dir); in ensure_subdirectory_unmounted()
1416 SLOGW("umount sub-directory mount %s\n", mount_point.c_str()); in ensure_subdirectory_unmounted()
1444 if (i == (WAIT_UNMOUNT_COUNT - 3)) { in wait_and_unmount()
1447 } else if (i == (WAIT_UNMOUNT_COUNT - 2)) { in wait_and_unmount()
1462 rc = -1; in wait_and_unmount()
1472 /* Do the prep of the /data filesystem */ in prep_data_fs()
1479 /* We timed out to prep /data in time. Continue wait. */ in prep_data_fs()
1489 SLOGE("Failed to get crypto footer - panic"); in cryptfs_set_corrupt()
1495 SLOGE("Failed to set crypto footer - panic"); in cryptfs_set_corrupt()
1502 SLOGE("Failed to mount tmpfs on data - panic"); in cryptfs_trigger_restart_min_framework()
1507 SLOGE("Failed to trigger post fs data - panic"); in cryptfs_trigger_restart_min_framework()
1512 SLOGE("Failed to trigger restart min framework - panic"); in cryptfs_trigger_restart_min_framework()
1520 int rc = -1; in cryptfs_restart_internal()
1526 return -1; in cryptfs_restart_internal()
1531 return -1; in cryptfs_restart_internal()
1541 * /data was mounted. This excludes critical services like vold and in cryptfs_restart_internal()
1544 * libraries from the real /data, restarting is better, as it makes in cryptfs_restart_internal()
1549 * to umount the tmpfs /data, then mount the encrypted /data. in cryptfs_restart_internal()
1555 * with unmounting the tmpfs /data, but I hope to add add more services in cryptfs_restart_internal()
1581 return -1; in cryptfs_restart_internal()
1586 * filesystem readonly. This is used when /data is mounted by in cryptfs_restart_internal()
1594 entry->flags |= MS_RDONLY; in cryptfs_restart_internal()
1608 return -1; in cryptfs_restart_internal()
1617 SLOGI("Failed to mount %s because it is busy - waiting", crypto_blkdev); in cryptfs_restart_internal()
1618 if (--retries) { in cryptfs_restart_internal()
1626 SLOGE("Failed to mount decrypted data"); in cryptfs_restart_internal()
1633 return -1; in cryptfs_restart_internal()
1638 return -1; in cryptfs_restart_internal()
1641 /* Create necessary paths on /data */ in cryptfs_restart_internal()
1664 return -1; in cryptfs_restart()
1692 * If the device was never encrypted, and /data is not mountable for in do_crypto_complete()
1697 if (!key_loc.empty() && key_loc[0] == '/' && (access("key_loc", F_OK) == -1)) { in do_crypto_complete()
1718 SLOGE("Encryption is successful but data is corrupt\n"); in do_crypto_complete()
1738 int N = 1 << crypt_ftr->N_factor; in test_mount_encrypted_fs()
1739 int r = 1 << crypt_ftr->r_factor; in test_mount_encrypted_fs()
1740 int p = 1 << crypt_ftr->p_factor; in test_mount_encrypted_fs()
1742 SLOGD("crypt_ftr->fs_size = %lld\n", crypt_ftr->fs_size); in test_mount_encrypted_fs()
1743 orig_failed_decrypt_count = crypt_ftr->failed_decrypt_count; in test_mount_encrypted_fs()
1745 if (!(crypt_ftr->flags & CRYPT_MNT_KEY_UNENCRYPTED)) { in test_mount_encrypted_fs()
1749 rc = -1; in test_mount_encrypted_fs()
1756 // Create crypto block device - all (non fatal) code paths in test_mount_encrypted_fs()
1761 rc = -1; in test_mount_encrypted_fs()
1765 /* Work out if the problem is the password or the data */ in test_mount_encrypted_fs()
1766 unsigned char scrypted_intermediate_key[sizeof(crypt_ftr->scrypted_intermediate_key)]; in test_mount_encrypted_fs()
1768 rc = crypto_scrypt(intermediate_key, intermediate_key_size, crypt_ftr->salt, in test_mount_encrypted_fs()
1769 sizeof(crypt_ftr->salt), N, r, p, scrypted_intermediate_key, in test_mount_encrypted_fs()
1773 if (rc == 0 && memcmp(scrypted_intermediate_key, crypt_ftr->scrypted_intermediate_key, in test_mount_encrypted_fs()
1787 rc = ++crypt_ftr->failed_decrypt_count; in test_mount_encrypted_fs()
1791 SLOGI("Password did not match but decrypted drive mounted - continue"); in test_mount_encrypted_fs()
1798 crypt_ftr->failed_decrypt_count = 0; in test_mount_encrypted_fs()
1809 memcpy(saved_master_key, decrypted_master_key, crypt_ftr->keysize); in test_mount_encrypted_fs()
1817 if (crypt_ftr->kdf_type == KDF_SCRYPT_KEYMASTER) { in test_mount_encrypted_fs()
1819 } else if (use_keymaster == 1 && crypt_ftr->kdf_type != KDF_SCRYPT_KEYMASTER) { in test_mount_encrypted_fs()
1820 crypt_ftr->kdf_type = KDF_SCRYPT_KEYMASTER; in test_mount_encrypted_fs()
1822 } else if (use_keymaster == 0 && crypt_ftr->kdf_type != KDF_SCRYPT) { in test_mount_encrypted_fs()
1823 crypt_ftr->kdf_type = KDF_SCRYPT; in test_mount_encrypted_fs()
1828 rc = encrypt_master_key(passwd, crypt_ftr->salt, saved_master_key, in test_mount_encrypted_fs()
1829 crypt_ftr->master_key, crypt_ftr); in test_mount_encrypted_fs()
1835 // Do not fail even if upgrade failed - machine is bootable in test_mount_encrypted_fs()
1869 return -1; in cryptfs_setup_ext_volume()
1874 return -1; in cryptfs_setup_ext_volume()
1888 return create_crypto_blk_dev(&ext_crypt_ftr, reinterpret_cast<const unsigned char*>(key.data()), in cryptfs_setup_ext_volume()
1893 return do_crypto_complete("/data"); in cryptfs_crypto_complete()
1901 "encrypted fs already validated or not running with encryption," in check_unmounted_and_get_ftr()
1903 return -1; in check_unmounted_and_get_ftr()
1908 return -1; in check_unmounted_and_get_ftr()
1918 return -1; in cryptfs_check_passwd()
1978 return -2; in cryptfs_verify_passwd()
1982 SLOGE("encrypted fs not yet mounted, aborting"); in cryptfs_verify_passwd()
1983 return -1; in cryptfs_verify_passwd()
1987 SLOGE("encrypted fs failed to save mount point, aborting"); in cryptfs_verify_passwd()
1988 return -1; in cryptfs_verify_passwd()
1993 return -1; in cryptfs_verify_passwd()
2023 ftr->magic = CRYPT_MNT_MAGIC; in cryptfs_init_crypt_mnt_ftr()
2024 ftr->major_version = CURRENT_MAJOR_VERSION; in cryptfs_init_crypt_mnt_ftr()
2025 ftr->minor_version = CURRENT_MINOR_VERSION; in cryptfs_init_crypt_mnt_ftr()
2026 ftr->ftr_size = sizeof(struct crypt_mnt_ftr); in cryptfs_init_crypt_mnt_ftr()
2027 ftr->keysize = get_crypto_type().get_keysize(); in cryptfs_init_crypt_mnt_ftr()
2031 ftr->kdf_type = KDF_SCRYPT_KEYMASTER; in cryptfs_init_crypt_mnt_ftr()
2035 ftr->kdf_type = KDF_SCRYPT; in cryptfs_init_crypt_mnt_ftr()
2040 return -1; in cryptfs_init_crypt_mnt_ftr()
2045 ftr->persist_data_size = CRYPT_PERSIST_DATA_SIZE; in cryptfs_init_crypt_mnt_ftr()
2047 ftr->persist_data_offset[0] = off + CRYPT_FOOTER_TO_PERSIST_OFFSET; in cryptfs_init_crypt_mnt_ftr()
2048 ftr->persist_data_offset[1] = off + CRYPT_FOOTER_TO_PERSIST_OFFSET + ftr->persist_data_size; in cryptfs_init_crypt_mnt_ftr()
2058 if (fd == -1) { in cryptfs_SHA256_fileblock()
2060 return -1; in cryptfs_SHA256_fileblock()
2068 return -1; in cryptfs_SHA256_fileblock()
2084 int rc = -1; in cryptfs_enable_all_volumes()
2087 tot_encryption_size = crypt_ftr->fs_size; in cryptfs_enable_all_volumes()
2089 … rc = cryptfs_enable_inplace(crypto_blkdev, real_blkdev, crypt_ftr->fs_size, &cur_encryption_done, in cryptfs_enable_all_volumes()
2099 crypt_ftr->encrypted_upto = cur_encryption_done; in cryptfs_enable_all_volumes()
2102 if (!rc && crypt_ftr->encrypted_upto == crypt_ftr->fs_size) { in cryptfs_enable_all_volumes()
2113 return vm->unmountAll(); in vold_unmountAll()
2120 int rc = -1, i; in cryptfs_enable_internal()
2153 /* Doing a reboot-encryption*/ in cryptfs_enable_internal()
2159 // We don't want to accidentally reference invalid data. in cryptfs_enable_internal()
2178 /* If doing inplace encryption, make sure the orig fs doesn't include the crypto footer */ in cryptfs_enable_internal()
2182 if (fs_size_sec == 0) fs_size_sec = get_f2fs_filesystem_size_sec(real_blkdev.data()); in cryptfs_enable_internal()
2184 max_fs_size_sec = nr_sec - (CRYPT_FOOTER_OFFSET / CRYPT_SECTOR_SIZE); in cryptfs_enable_internal()
2226 /* Now that /data is unmounted, we need to mount a tmpfs in cryptfs_enable_internal()
2227 * /data, set a property saying we're doing inplace encryption, in cryptfs_enable_internal()
2238 /* Create necessary paths on /data */ in cryptfs_enable_internal()
2257 crypt_ftr.fs_size = nr_sec - (CRYPT_FOOTER_OFFSET / CRYPT_SECTOR_SIZE); in cryptfs_enable_internal()
2293 /* If any persistent data has been remembered, save it. in cryptfs_enable_internal()
2337 SLOGE("Checksums do not match - trigger wipe"); in cryptfs_enable_internal()
2338 rc = -1; in cryptfs_enable_internal()
2343 rc = cryptfs_enable_all_volumes(&crypt_ftr, crypto_blkdev.c_str(), real_blkdev.data(), in cryptfs_enable_internal()
2352 rc = -1; in cryptfs_enable_internal()
2356 /* Undo the dm-crypt mapping whether we succeed or not */ in cryptfs_enable_internal()
2364 SLOGD("Encrypted up to sector %lld - will continue after reboot", in cryptfs_enable_internal()
2375 /* default encryption - continue first boot sequence */ in cryptfs_enable_internal()
2403 /* wipe data if encryption failed */ in cryptfs_enable_internal()
2404 SLOGE("encryption failed - rebooting into recovery to wipe data\n"); in cryptfs_enable_internal()
2407 "--wipe_data\n--reason=cryptfs_enable_internal\n"}; in cryptfs_enable_internal()
2416 return -1; in cryptfs_enable_internal()
2428 return -1; in cryptfs_enable_internal()
2431 /* we failed, and have not encrypted anthing, so the users's data is still intact, in cryptfs_enable_internal()
2436 "Error enabling encryption after framework is shutdown, no data changed, restarting " in cryptfs_enable_internal()
2442 return -1; in cryptfs_enable_internal()
2456 return -1; in cryptfs_changepw()
2465 return -1; in cryptfs_changepw()
2470 return -1; in cryptfs_changepw()
2476 return -1; in cryptfs_changepw()
2485 return -1; in cryptfs_changepw()
2511 return (dsize - sizeof(struct crypt_persist_data)) / sizeof(struct crypt_persist_entry); in persist_get_max_entries()
2521 return -1; in persist_get_key()
2523 for (i = 0; i < persist_data->persist_valid_entries; i++) { in persist_get_key()
2524 if (!strncmp(persist_data->persist_entry[i].key, fieldname, PROPERTY_KEY_MAX)) { in persist_get_key()
2526 strlcpy(value, persist_data->persist_entry[i].val, PROPERTY_VALUE_MAX); in persist_get_key()
2531 return -1; in persist_get_key()
2540 return -1; in persist_set_key()
2545 num = persist_data->persist_valid_entries; in persist_set_key()
2548 if (!strncmp(persist_data->persist_entry[i].key, fieldname, PROPERTY_KEY_MAX)) { in persist_set_key()
2550 memset(persist_data->persist_entry[i].val, 0, PROPERTY_VALUE_MAX); in persist_set_key()
2551 strlcpy(persist_data->persist_entry[i].val, value, PROPERTY_VALUE_MAX); in persist_set_key()
2557 if (persist_data->persist_valid_entries < max_persistent_entries) { in persist_set_key()
2558 memset(&persist_data->persist_entry[num], 0, sizeof(struct crypt_persist_entry)); in persist_set_key()
2559 strlcpy(persist_data->persist_entry[num].key, fieldname, PROPERTY_KEY_MAX); in persist_set_key()
2560 strlcpy(persist_data->persist_entry[num].val, value, PROPERTY_VALUE_MAX); in persist_set_key()
2561 persist_data->persist_valid_entries++; in persist_set_key()
2565 return -1; in persist_set_key()
2569 * Test if key is part of the multi-entry (field, index) sequence. Return non-zero if key is in the
2592 * Delete entry/entries from persist_data. If the entries are part of a multi-segment field, all
2608 num = persist_data->persist_valid_entries; in persist_del_keys()
2610 j = 0; // points to the end of non-deleted entries. in persist_del_keys()
2611 // Filter out to-be-deleted entries in place. in persist_del_keys()
2613 if (!match_multi_entry(persist_data->persist_entry[i].key, fieldname, index)) { in persist_del_keys()
2614 persist_data->persist_entry[j] = persist_data->persist_entry[i]; in persist_del_keys()
2620 persist_data->persist_valid_entries = j; in persist_del_keys()
2622 memset(&persist_data->persist_entry[j], 0, (num - j) * sizeof(struct crypt_persist_entry)); in persist_del_keys()
2635 return -1; in persist_count_keys()
2639 for (i = 0; i < persist_data->persist_valid_entries; i++) { in persist_count_keys()
2640 if (match_multi_entry(persist_data->persist_entry[i].key, fieldname, 0)) { in persist_count_keys()
2652 return -1; in cryptfs_getfield()
2668 SLOGE("Getfield error, cannot load persistent data"); in cryptfs_getfield()
2717 return -1; in cryptfs_setfield()
2732 SLOGE("Setfield error, cannot load persistent data"); in cryptfs_setfield()
2743 // (PROPERTY_VALUE_MAX - 1) chars in cryptfs_setfield()
2748 num_entries = (strlen(value) + (PROPERTY_VALUE_MAX - 1) - 1) / (PROPERTY_VALUE_MAX - 1); in cryptfs_setfield()
2756 if (max_keylen > PROPERTY_KEY_MAX - 1) { in cryptfs_setfield()
2762 if (persist_data->persist_valid_entries + num_entries - persist_count_keys(fieldname) > in cryptfs_setfield()
2781 if (persist_set_key(temp_field, value + field_id * (PROPERTY_VALUE_MAX - 1), encrypted)) { in cryptfs_setfield()
2788 /* If we are running encrypted, save the persistent data now */ in cryptfs_setfield()
2791 SLOGE("Setfield error, cannot save persistent data"); in cryptfs_setfield()
2802 /* Checks userdata. Attempt to mount the volume if default-
2805 * Currently do not handle failure - see TODO below.
2810 SLOGE("Bad crypt type - error"); in cryptfs_mount_default_encrypted()
2813 "Password is not default - " in cryptfs_mount_default_encrypted()
2818 SLOGD("Password is default - restarting filesystem"); in cryptfs_mount_default_encrypted()
2837 return -1; in cryptfs_get_password_type()
2844 return -1; in cryptfs_get_password_type()
2848 return -1; in cryptfs_get_password_type()
2882 return entry && entry->fs_mgr_flags.force_fde_or_fbe; in cryptfs_isConvertibleToFBE()