Lines Matching refs:crypt_ftr
297 static int put_crypt_ftr_and_key(struct crypt_mnt_ftr* crypt_ftr);
575 static void set_ftr_sha(struct crypt_mnt_ftr* crypt_ftr) { in set_ftr_sha() argument
578 memset(crypt_ftr->sha256, 0, sizeof(crypt_ftr->sha256)); in set_ftr_sha()
579 SHA256_Update(&c, crypt_ftr, sizeof(*crypt_ftr)); in set_ftr_sha()
580 SHA256_Final(crypt_ftr->sha256, &c); in set_ftr_sha()
586 static int put_crypt_ftr_and_key(struct crypt_mnt_ftr* crypt_ftr) { in put_crypt_ftr_and_key() argument
597 set_ftr_sha(crypt_ftr); in put_crypt_ftr_and_key()
618 … if ((cnt = write(fd, crypt_ftr, sizeof(struct crypt_mnt_ftr))) != sizeof(struct crypt_mnt_ftr)) { in put_crypt_ftr_and_key()
640 static bool check_ftr_sha(const struct crypt_mnt_ftr* crypt_ftr) { in check_ftr_sha() argument
642 memcpy(©, crypt_ftr, sizeof(copy)); in check_ftr_sha()
644 return memcmp(copy.sha256, crypt_ftr->sha256, sizeof(copy.sha256)) == 0; in check_ftr_sha()
666 static void upgrade_crypt_ftr(int fd, struct crypt_mnt_ftr* crypt_ftr, off64_t offset) { in upgrade_crypt_ftr() argument
667 int orig_major = crypt_ftr->major_version; in upgrade_crypt_ftr()
668 int orig_minor = crypt_ftr->minor_version; in upgrade_crypt_ftr()
670 if ((crypt_ftr->major_version == 1) && (crypt_ftr->minor_version == 0)) { in upgrade_crypt_ftr()
697 crypt_ftr->persist_data_size = CRYPT_PERSIST_DATA_SIZE; in upgrade_crypt_ftr()
698 crypt_ftr->persist_data_offset[0] = pdata_offset; in upgrade_crypt_ftr()
699 crypt_ftr->persist_data_offset[1] = pdata_offset + CRYPT_PERSIST_DATA_SIZE; in upgrade_crypt_ftr()
700 crypt_ftr->minor_version = 1; in upgrade_crypt_ftr()
704 if ((crypt_ftr->major_version == 1) && (crypt_ftr->minor_version == 1)) { in upgrade_crypt_ftr()
709 crypt_ftr->kdf_type = KDF_PBKDF2; in upgrade_crypt_ftr()
710 get_device_scrypt_params(crypt_ftr); in upgrade_crypt_ftr()
711 crypt_ftr->minor_version = 2; in upgrade_crypt_ftr()
714 if ((crypt_ftr->major_version == 1) && (crypt_ftr->minor_version == 2)) { in upgrade_crypt_ftr()
716 crypt_ftr->crypt_type = CRYPT_TYPE_PASSWORD; in upgrade_crypt_ftr()
717 crypt_ftr->minor_version = 3; in upgrade_crypt_ftr()
720 if ((orig_major != crypt_ftr->major_version) || (orig_minor != crypt_ftr->minor_version)) { in upgrade_crypt_ftr()
725 unix_write(fd, crypt_ftr, sizeof(struct crypt_mnt_ftr)); in upgrade_crypt_ftr()
729 static int get_crypt_ftr_and_key(struct crypt_mnt_ftr* crypt_ftr) { in get_crypt_ftr_and_key() argument
763 if ((cnt = read(fd, crypt_ftr, sizeof(struct crypt_mnt_ftr))) != sizeof(struct crypt_mnt_ftr)) { in get_crypt_ftr_and_key()
768 if (crypt_ftr->magic != CRYPT_MNT_MAGIC) { in get_crypt_ftr_and_key()
773 if (crypt_ftr->major_version != CURRENT_MAJOR_VERSION) { in get_crypt_ftr_and_key()
775 crypt_ftr->major_version, CURRENT_MAJOR_VERSION); in get_crypt_ftr_and_key()
782 if ((crypt_ftr->keysize == 0) || ((crypt_ftr->keysize % 16) != 0) || in get_crypt_ftr_and_key()
783 (crypt_ftr->keysize > MAX_KEY_LEN)) { in get_crypt_ftr_and_key()
787 crypt_ftr->keysize, fname, MAX_KEY_LEN); in get_crypt_ftr_and_key()
791 if (crypt_ftr->minor_version > CURRENT_MINOR_VERSION) { in get_crypt_ftr_and_key()
793 crypt_ftr->minor_version, CURRENT_MINOR_VERSION); in get_crypt_ftr_and_key()
799 if (crypt_ftr->minor_version < CURRENT_MINOR_VERSION) { in get_crypt_ftr_and_key()
800 upgrade_crypt_ftr(fd, crypt_ftr, starting_off); in get_crypt_ftr_and_key()
811 static int validate_persistent_data_storage(struct crypt_mnt_ftr* crypt_ftr) { in validate_persistent_data_storage() argument
812 if (crypt_ftr->persist_data_offset[0] + crypt_ftr->persist_data_size > in validate_persistent_data_storage()
813 crypt_ftr->persist_data_offset[1]) { in validate_persistent_data_storage()
818 if (crypt_ftr->persist_data_offset[0] >= crypt_ftr->persist_data_offset[1]) { in validate_persistent_data_storage()
823 if (((crypt_ftr->persist_data_offset[1] + crypt_ftr->persist_data_size) - in validate_persistent_data_storage()
824 (crypt_ftr->persist_data_offset[0] - CRYPT_FOOTER_TO_PERSIST_OFFSET)) > in validate_persistent_data_storage()
834 struct crypt_mnt_ftr crypt_ftr; in load_persistent_data() local
860 if (get_crypt_ftr_and_key(&crypt_ftr)) { in load_persistent_data()
864 if ((crypt_ftr.major_version < 1) || in load_persistent_data()
865 (crypt_ftr.major_version == 1 && crypt_ftr.minor_version < 1)) { in load_persistent_data()
874 ret = validate_persistent_data_storage(&crypt_ftr); in load_persistent_data()
885 pdata = (crypt_persist_data*)malloc(crypt_ftr.persist_data_size); in load_persistent_data()
892 if (lseek64(fd, crypt_ftr.persist_data_offset[i], SEEK_SET) < 0) { in load_persistent_data()
896 if (unix_read(fd, pdata, crypt_ftr.persist_data_size) < 0) { in load_persistent_data()
908 init_empty_persist_data(pdata, crypt_ftr.persist_data_size); in load_persistent_data()
925 struct crypt_mnt_ftr crypt_ftr; in save_persistent_data() local
938 if (get_crypt_ftr_and_key(&crypt_ftr)) { in save_persistent_data()
942 if ((crypt_ftr.major_version < 1) || in save_persistent_data()
943 (crypt_ftr.major_version == 1 && crypt_ftr.minor_version < 1)) { in save_persistent_data()
948 ret = validate_persistent_data_storage(&crypt_ftr); in save_persistent_data()
963 pdata = (crypt_persist_data*)malloc(crypt_ftr.persist_data_size); in save_persistent_data()
969 if (lseek64(fd, crypt_ftr.persist_data_offset[0], SEEK_SET) < 0) { in save_persistent_data()
974 if (unix_read(fd, pdata, crypt_ftr.persist_data_size) < 0) { in save_persistent_data()
982 write_offset = crypt_ftr.persist_data_offset[1]; in save_persistent_data()
983 erase_offset = crypt_ftr.persist_data_offset[0]; in save_persistent_data()
987 write_offset = crypt_ftr.persist_data_offset[0]; in save_persistent_data()
988 erase_offset = crypt_ftr.persist_data_offset[1]; in save_persistent_data()
996 if (unix_write(fd, persist_data, crypt_ftr.persist_data_size) == in save_persistent_data()
997 (int)crypt_ftr.persist_data_size) { in save_persistent_data()
1003 memset(pdata, 0, crypt_ftr.persist_data_size); in save_persistent_data()
1004 … if (unix_write(fd, pdata, crypt_ftr.persist_data_size) != (int)crypt_ftr.persist_data_size) { in save_persistent_data()
1078 static int create_crypto_blk_dev(struct crypt_mnt_ftr* crypt_ftr, const unsigned char* master_key, in create_crypto_blk_dev() argument
1086 convert_key_to_hex_ascii(master_key, crypt_ftr->keysize, master_key_ascii); in create_crypto_blk_dev()
1088 auto target = std::make_unique<DmTargetCrypt>(0, crypt_ftr->fs_size, in create_crypto_blk_dev()
1089 (const char*)crypt_ftr->crypto_type_name, in create_crypto_blk_dev()
1096 if (add_sector_size_param(target.get(), crypt_ftr)) { in create_crypto_blk_dev()
1207 … unsigned char* encrypted_master_key, struct crypt_mnt_ftr* crypt_ftr) { in encrypt_master_key() argument
1214 get_device_scrypt_params(crypt_ftr); in encrypt_master_key()
1216 switch (crypt_ftr->kdf_type) { in encrypt_master_key()
1218 if (keymaster_create_key(crypt_ftr)) { in encrypt_master_key()
1223 if (scrypt_keymaster(passwd, salt, ikey, crypt_ftr)) { in encrypt_master_key()
1230 if (scrypt(passwd, salt, ikey, crypt_ftr)) { in encrypt_master_key()
1252 crypt_ftr->keysize)) { in encrypt_master_key()
1261 if (encrypted_len + final_len != static_cast<int>(crypt_ftr->keysize)) { in encrypt_master_key()
1271 int N = 1 << crypt_ftr->N_factor; in encrypt_master_key()
1272 int r = 1 << crypt_ftr->r_factor; in encrypt_master_key()
1273 int p = 1 << crypt_ftr->p_factor; in encrypt_master_key()
1275 rc = crypto_scrypt(ikey, INTERMEDIATE_KEY_LEN_BYTES, crypt_ftr->salt, sizeof(crypt_ftr->salt), in encrypt_master_key()
1276 N, r, p, crypt_ftr->scrypted_intermediate_key, in encrypt_master_key()
1277 sizeof(crypt_ftr->scrypted_intermediate_key)); in encrypt_master_key()
1352 struct crypt_mnt_ftr* crypt_ftr, unsigned char** intermediate_key, in decrypt_master_key() argument
1358 get_kdf_func(crypt_ftr, &kdf, &kdf_params); in decrypt_master_key()
1359 ret = decrypt_master_key_aux(passwd, crypt_ftr->salt, crypt_ftr->master_key, crypt_ftr->keysize, in decrypt_master_key()
1370 unsigned char* salt, struct crypt_mnt_ftr* crypt_ftr) { in create_encrypted_random_key() argument
1382 return encrypt_master_key(passwd, salt, key_buf, master_key, crypt_ftr); in create_encrypted_random_key()
1487 struct crypt_mnt_ftr crypt_ftr; in cryptfs_set_corrupt() local
1488 if (get_crypt_ftr_and_key(&crypt_ftr)) { in cryptfs_set_corrupt()
1493 crypt_ftr.flags |= CRYPT_DATA_CORRUPT; in cryptfs_set_corrupt()
1494 if (put_crypt_ftr_and_key(&crypt_ftr)) { in cryptfs_set_corrupt()
1672 struct crypt_mnt_ftr crypt_ftr; in do_crypto_complete() local
1686 if (get_crypt_ftr_and_key(&crypt_ftr)) { in do_crypto_complete()
1707 if (crypt_ftr.flags & CRYPT_ENCRYPTION_IN_PROGRESS) { in do_crypto_complete()
1712 if (crypt_ftr.flags & CRYPT_INCONSISTENT_STATE) { in do_crypto_complete()
1717 if (crypt_ftr.flags & CRYPT_DATA_CORRUPT) { in do_crypto_complete()
1726 static int test_mount_encrypted_fs(struct crypt_mnt_ftr* crypt_ftr, const char* passwd, in test_mount_encrypted_fs() argument
1738 int N = 1 << crypt_ftr->N_factor; in test_mount_encrypted_fs()
1739 int r = 1 << crypt_ftr->r_factor; in test_mount_encrypted_fs()
1740 int p = 1 << crypt_ftr->p_factor; in test_mount_encrypted_fs()
1742 SLOGD("crypt_ftr->fs_size = %lld\n", crypt_ftr->fs_size); in test_mount_encrypted_fs()
1743 orig_failed_decrypt_count = crypt_ftr->failed_decrypt_count; in test_mount_encrypted_fs()
1745 if (!(crypt_ftr->flags & CRYPT_MNT_KEY_UNENCRYPTED)) { in test_mount_encrypted_fs()
1746 if (decrypt_master_key(passwd, decrypted_master_key, crypt_ftr, &intermediate_key, in test_mount_encrypted_fs()
1758 if (create_crypto_blk_dev(crypt_ftr, decrypted_master_key, real_blkdev.c_str(), &crypto_blkdev, in test_mount_encrypted_fs()
1766 unsigned char scrypted_intermediate_key[sizeof(crypt_ftr->scrypted_intermediate_key)]; in test_mount_encrypted_fs()
1768 rc = crypto_scrypt(intermediate_key, intermediate_key_size, crypt_ftr->salt, in test_mount_encrypted_fs()
1769 sizeof(crypt_ftr->salt), N, r, p, scrypted_intermediate_key, in test_mount_encrypted_fs()
1773 if (rc == 0 && memcmp(scrypted_intermediate_key, crypt_ftr->scrypted_intermediate_key, in test_mount_encrypted_fs()
1787 rc = ++crypt_ftr->failed_decrypt_count; in test_mount_encrypted_fs()
1788 put_crypt_ftr_and_key(crypt_ftr); in test_mount_encrypted_fs()
1798 crypt_ftr->failed_decrypt_count = 0; in test_mount_encrypted_fs()
1800 put_crypt_ftr_and_key(crypt_ftr); in test_mount_encrypted_fs()
1809 memcpy(saved_master_key, decrypted_master_key, crypt_ftr->keysize); in test_mount_encrypted_fs()
1817 if (crypt_ftr->kdf_type == KDF_SCRYPT_KEYMASTER) { in test_mount_encrypted_fs()
1819 } else if (use_keymaster == 1 && crypt_ftr->kdf_type != KDF_SCRYPT_KEYMASTER) { in test_mount_encrypted_fs()
1820 crypt_ftr->kdf_type = KDF_SCRYPT_KEYMASTER; in test_mount_encrypted_fs()
1822 } else if (use_keymaster == 0 && crypt_ftr->kdf_type != KDF_SCRYPT) { in test_mount_encrypted_fs()
1823 crypt_ftr->kdf_type = KDF_SCRYPT; in test_mount_encrypted_fs()
1828 rc = encrypt_master_key(passwd, crypt_ftr->salt, saved_master_key, in test_mount_encrypted_fs()
1829 crypt_ftr->master_key, crypt_ftr); in test_mount_encrypted_fs()
1831 rc = put_crypt_ftr_and_key(crypt_ftr); in test_mount_encrypted_fs()
1896 int check_unmounted_and_get_ftr(struct crypt_mnt_ftr* crypt_ftr) { in check_unmounted_and_get_ftr() argument
1906 if (get_crypt_ftr_and_key(crypt_ftr)) { in check_unmounted_and_get_ftr()
1921 struct crypt_mnt_ftr crypt_ftr; in cryptfs_check_passwd() local
1924 rc = check_unmounted_and_get_ftr(&crypt_ftr); in cryptfs_check_passwd()
1930 rc = test_mount_encrypted_fs(&crypt_ftr, passwd, DATA_MNT_POINT, CRYPTO_BLOCK_DEVICE); in cryptfs_check_passwd()
1936 if (crypt_ftr.flags & CRYPT_FORCE_COMPLETE) { in cryptfs_check_passwd()
1942 rc = test_mount_encrypted_fs(&crypt_ftr, DEFAULT_PASSWORD, DATA_MNT_POINT, in cryptfs_check_passwd()
1949 crypt_ftr.flags &= ~CRYPT_FORCE_COMPLETE; in cryptfs_check_passwd()
1950 put_crypt_ftr_and_key(&crypt_ftr); in cryptfs_check_passwd()
1951 rc = cryptfs_changepw(crypt_ftr.crypt_type, passwd); in cryptfs_check_passwd()
1958 if (crypt_ftr.crypt_type != CRYPT_TYPE_DEFAULT) { in cryptfs_check_passwd()
1970 struct crypt_mnt_ftr crypt_ftr; in cryptfs_verify_passwd() local
1991 if (get_crypt_ftr_and_key(&crypt_ftr)) { in cryptfs_verify_passwd()
1996 if (crypt_ftr.flags & CRYPT_MNT_KEY_UNENCRYPTED) { in cryptfs_verify_passwd()
2000 decrypt_master_key(passwd, decrypted_master_key, &crypt_ftr, 0, 0); in cryptfs_verify_passwd()
2001 if (!memcmp(decrypted_master_key, saved_master_key, crypt_ftr.keysize)) { in cryptfs_verify_passwd()
2081 static int cryptfs_enable_all_volumes(struct crypt_mnt_ftr* crypt_ftr, const char* crypto_blkdev, in cryptfs_enable_all_volumes() argument
2087 tot_encryption_size = crypt_ftr->fs_size; in cryptfs_enable_all_volumes()
2089 … rc = cryptfs_enable_inplace(crypto_blkdev, real_blkdev, crypt_ftr->fs_size, &cur_encryption_done, in cryptfs_enable_all_volumes()
2099 crypt_ftr->encrypted_upto = cur_encryption_done; in cryptfs_enable_all_volumes()
2102 if (!rc && crypt_ftr->encrypted_upto == crypt_ftr->fs_size) { in cryptfs_enable_all_volumes()
2121 struct crypt_mnt_ftr crypt_ftr; in cryptfs_enable_internal() local
2132 if (get_crypt_ftr_and_key(&crypt_ftr) == 0) { in cryptfs_enable_internal()
2133 if (crypt_ftr.flags & CRYPT_ENCRYPTION_IN_PROGRESS) { in cryptfs_enable_internal()
2135 previously_encrypted_upto = crypt_ftr.encrypted_upto; in cryptfs_enable_internal()
2136 crypt_ftr.encrypted_upto = 0; in cryptfs_enable_internal()
2137 crypt_ftr.flags &= ~CRYPT_ENCRYPTION_IN_PROGRESS; in cryptfs_enable_internal()
2143 crypt_ftr.flags |= CRYPT_INCONSISTENT_STATE; in cryptfs_enable_internal()
2145 put_crypt_ftr_and_key(&crypt_ftr); in cryptfs_enable_internal()
2146 } else if (crypt_ftr.flags & CRYPT_FORCE_ENCRYPTION) { in cryptfs_enable_internal()
2147 if (!check_ftr_sha(&crypt_ftr)) { in cryptfs_enable_internal()
2148 memset(&crypt_ftr, 0, sizeof(crypt_ftr)); in cryptfs_enable_internal()
2149 put_crypt_ftr_and_key(&crypt_ftr); in cryptfs_enable_internal()
2154 crypt_ftr.flags &= ~CRYPT_FORCE_ENCRYPTION; in cryptfs_enable_internal()
2155 crypt_ftr.flags |= CRYPT_FORCE_COMPLETE; in cryptfs_enable_internal()
2160 memset(&crypt_ftr, 0, sizeof(crypt_ftr)); in cryptfs_enable_internal()
2252 if (cryptfs_init_crypt_mnt_ftr(&crypt_ftr)) { in cryptfs_enable_internal()
2257 crypt_ftr.fs_size = nr_sec - (CRYPT_FOOTER_OFFSET / CRYPT_SECTOR_SIZE); in cryptfs_enable_internal()
2259 crypt_ftr.fs_size = nr_sec; in cryptfs_enable_internal()
2266 crypt_ftr.flags |= CRYPT_FORCE_ENCRYPTION; in cryptfs_enable_internal()
2268 crypt_ftr.flags |= CRYPT_INCONSISTENT_STATE; in cryptfs_enable_internal()
2270 crypt_ftr.crypt_type = crypt_type; in cryptfs_enable_internal()
2271 strlcpy((char*)crypt_ftr.crypto_type_name, get_crypto_type().get_kernel_name(), in cryptfs_enable_internal()
2276 crypt_ftr.master_key, crypt_ftr.salt, &crypt_ftr)) { in cryptfs_enable_internal()
2286 encrypt_master_key(passwd, crypt_ftr.salt, fake_master_key, encrypted_fake_master_key, in cryptfs_enable_internal()
2287 &crypt_ftr); in cryptfs_enable_internal()
2291 put_crypt_ftr_and_key(&crypt_ftr); in cryptfs_enable_internal()
2325 decrypt_master_key(passwd, decrypted_master_key, &crypt_ftr, 0, 0); in cryptfs_enable_internal()
2326 create_crypto_blk_dev(&crypt_ftr, decrypted_master_key, real_blkdev.c_str(), &crypto_blkdev, in cryptfs_enable_internal()
2336 memcmp(hash_first_block, crypt_ftr.hash_first_block, sizeof(hash_first_block)) != 0) { in cryptfs_enable_internal()
2343 rc = cryptfs_enable_all_volumes(&crypt_ftr, crypto_blkdev.c_str(), real_blkdev.data(), in cryptfs_enable_internal()
2348 if (!rc && crypt_ftr.encrypted_upto != crypt_ftr.fs_size) { in cryptfs_enable_internal()
2349 rc = cryptfs_SHA256_fileblock(crypto_blkdev.c_str(), crypt_ftr.hash_first_block); in cryptfs_enable_internal()
2361 crypt_ftr.flags &= ~CRYPT_INCONSISTENT_STATE; in cryptfs_enable_internal()
2363 if (crypt_ftr.encrypted_upto != crypt_ftr.fs_size) { in cryptfs_enable_internal()
2365 crypt_ftr.encrypted_upto); in cryptfs_enable_internal()
2366 crypt_ftr.flags |= CRYPT_ENCRYPTION_IN_PROGRESS; in cryptfs_enable_internal()
2369 put_crypt_ftr_and_key(&crypt_ftr); in cryptfs_enable_internal()
2371 if (crypt_ftr.encrypted_upto == crypt_ftr.fs_size) { in cryptfs_enable_internal()
2379 if (rebootEncryption && crypt_ftr.crypt_type != CRYPT_TYPE_DEFAULT) { in cryptfs_enable_internal()
2459 struct crypt_mnt_ftr crypt_ftr; in cryptfs_changepw() local
2474 if (get_crypt_ftr_and_key(&crypt_ftr)) { in cryptfs_changepw()
2479 crypt_ftr.crypt_type = crypt_type; in cryptfs_changepw()
2482 crypt_ftr.salt, saved_master_key, crypt_ftr.master_key, &crypt_ftr); in cryptfs_changepw()
2488 put_crypt_ftr_and_key(&crypt_ftr); in cryptfs_changepw()
2494 struct crypt_mnt_ftr crypt_ftr; in persist_get_max_entries() local
2501 if (get_crypt_ftr_and_key(&crypt_ftr)) { in persist_get_max_entries()
2505 dsize = crypt_ftr.persist_data_size; in persist_get_max_entries()
2840 struct crypt_mnt_ftr crypt_ftr; in cryptfs_get_password_type() local
2842 if (get_crypt_ftr_and_key(&crypt_ftr)) { in cryptfs_get_password_type()
2847 if (crypt_ftr.flags & CRYPT_INCONSISTENT_STATE) { in cryptfs_get_password_type()
2851 return crypt_ftr.crypt_type; in cryptfs_get_password_type()