Home | History | Annotate | Download | only in vold
      1 /*
      2  * Copyright (C) 2010 The Android Open Source Project
      3  *
      4  * Licensed under the Apache License, Version 2.0 (the "License");
      5  * you may not use this file except in compliance with the License.
      6  * You may obtain a copy of the License at
      7  *
      8  *      http://www.apache.org/licenses/LICENSE-2.0
      9  *
     10  * Unless required by applicable law or agreed to in writing, software
     11  * distributed under the License is distributed on an "AS IS" BASIS,
     12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     13  * See the License for the specific language governing permissions and
     14  * limitations under the License.
     15  */
     16 
     17 /* TO DO:
     18  *   1.  Perhaps keep several copies of the encrypted key, in case something
     19  *       goes horribly wrong?
     20  *
     21  */
     22 
     23 #include <sys/types.h>
     24 #include <sys/stat.h>
     25 #include <fcntl.h>
     26 #include <unistd.h>
     27 #include <stdio.h>
     28 #include <sys/ioctl.h>
     29 #include <linux/dm-ioctl.h>
     30 #include <libgen.h>
     31 #include <stdlib.h>
     32 #include <sys/param.h>
     33 #include <string.h>
     34 #include <sys/mount.h>
     35 #include <openssl/evp.h>
     36 #include <openssl/sha.h>
     37 #include <errno.h>
     38 #include <cutils/android_reboot.h>
     39 #include <ext4.h>
     40 #include <linux/kdev_t.h>
     41 #include <fs_mgr.h>
     42 #include "cryptfs.h"
     43 #define LOG_TAG "Cryptfs"
     44 #include "cutils/android_reboot.h"
     45 #include "cutils/log.h"
     46 #include "cutils/properties.h"
     47 #include "hardware_legacy/power.h"
     48 #include "VolumeManager.h"
     49 
     50 #define DM_CRYPT_BUF_SIZE 4096
     51 #define DATA_MNT_POINT "/data"
     52 
     53 #define HASH_COUNT 2000
     54 #define KEY_LEN_BYTES 16
     55 #define IV_LEN_BYTES 16
     56 
     57 #define KEY_IN_FOOTER  "footer"
     58 
     59 #define EXT4_FS 1
     60 #define FAT_FS 2
     61 
     62 #define TABLE_LOAD_RETRIES 10
     63 
     64 char *me = "cryptfs";
     65 
     66 static unsigned char saved_master_key[KEY_LEN_BYTES];
     67 static char *saved_data_blkdev;
     68 static char *saved_mount_point;
     69 static int  master_key_saved = 0;
     70 
     71 extern struct fstab *fstab;
     72 
     73 static void ioctl_init(struct dm_ioctl *io, size_t dataSize, const char *name, unsigned flags)
     74 {
     75     memset(io, 0, dataSize);
     76     io->data_size = dataSize;
     77     io->data_start = sizeof(struct dm_ioctl);
     78     io->version[0] = 4;
     79     io->version[1] = 0;
     80     io->version[2] = 0;
     81     io->flags = flags;
     82     if (name) {
     83         strncpy(io->name, name, sizeof(io->name));
     84     }
     85 }
     86 
     87 static unsigned int get_fs_size(char *dev)
     88 {
     89     int fd, block_size;
     90     struct ext4_super_block sb;
     91     off64_t len;
     92 
     93     if ((fd = open(dev, O_RDONLY)) < 0) {
     94         SLOGE("Cannot open device to get filesystem size ");
     95         return 0;
     96     }
     97 
     98     if (lseek64(fd, 1024, SEEK_SET) < 0) {
     99         SLOGE("Cannot seek to superblock");
    100         return 0;
    101     }
    102 
    103     if (read(fd, &sb, sizeof(sb)) != sizeof(sb)) {
    104         SLOGE("Cannot read superblock");
    105         return 0;
    106     }
    107 
    108     close(fd);
    109 
    110     block_size = 1024 << sb.s_log_block_size;
    111     /* compute length in bytes */
    112     len = ( ((off64_t)sb.s_blocks_count_hi << 32) + sb.s_blocks_count_lo) * block_size;
    113 
    114     /* return length in sectors */
    115     return (unsigned int) (len / 512);
    116 }
    117 
    118 static unsigned int get_blkdev_size(int fd)
    119 {
    120   unsigned int nr_sec;
    121 
    122   if ( (ioctl(fd, BLKGETSIZE, &nr_sec)) == -1) {
    123     nr_sec = 0;
    124   }
    125 
    126   return nr_sec;
    127 }
    128 
    129 /* key or salt can be NULL, in which case just skip writing that value.  Useful to
    130  * update the failed mount count but not change the key.
    131  */
    132 static int put_crypt_ftr_and_key(char *real_blk_name, struct crypt_mnt_ftr *crypt_ftr,
    133                                   unsigned char *key, unsigned char *salt)
    134 {
    135   int fd;
    136   unsigned int nr_sec, cnt;
    137   off64_t off;
    138   int rc = -1;
    139   char *fname;
    140   char key_loc[PROPERTY_VALUE_MAX];
    141   struct stat statbuf;
    142 
    143   fs_mgr_get_crypt_info(fstab, key_loc, 0, sizeof(key_loc));
    144 
    145   if (!strcmp(key_loc, KEY_IN_FOOTER)) {
    146     fname = real_blk_name;
    147     if ( (fd = open(fname, O_RDWR)) < 0) {
    148       SLOGE("Cannot open real block device %s\n", fname);
    149       return -1;
    150     }
    151 
    152     if ( (nr_sec = get_blkdev_size(fd)) == 0) {
    153       SLOGE("Cannot get size of block device %s\n", fname);
    154       goto errout;
    155     }
    156 
    157     /* If it's an encrypted Android partition, the last 16 Kbytes contain the
    158      * encryption info footer and key, and plenty of bytes to spare for future
    159      * growth.
    160      */
    161     off = ((off64_t)nr_sec * 512) - CRYPT_FOOTER_OFFSET;
    162 
    163     if (lseek64(fd, off, SEEK_SET) == -1) {
    164       SLOGE("Cannot seek to real block device footer\n");
    165       goto errout;
    166     }
    167   } else if (key_loc[0] == '/') {
    168     fname = key_loc;
    169     if ( (fd = open(fname, O_RDWR | O_CREAT, 0600)) < 0) {
    170       SLOGE("Cannot open footer file %s\n", fname);
    171       return -1;
    172     }
    173   } else {
    174     SLOGE("Unexpected value for crypto key location\n");
    175     return -1;;
    176   }
    177 
    178   if ((cnt = write(fd, crypt_ftr, sizeof(struct crypt_mnt_ftr))) != sizeof(struct crypt_mnt_ftr)) {
    179     SLOGE("Cannot write real block device footer\n");
    180     goto errout;
    181   }
    182 
    183   if (key) {
    184     if (crypt_ftr->keysize != KEY_LEN_BYTES) {
    185       SLOGE("Keysize of %d bits not supported for real block device %s\n",
    186             crypt_ftr->keysize*8, fname);
    187       goto errout;
    188     }
    189 
    190     if ( (cnt = write(fd, key, crypt_ftr->keysize)) != crypt_ftr->keysize) {
    191       SLOGE("Cannot write key for real block device %s\n", fname);
    192       goto errout;
    193     }
    194   }
    195 
    196   if (salt) {
    197     /* Compute the offset from the last write to the salt */
    198     off = KEY_TO_SALT_PADDING;
    199     if (! key)
    200       off += crypt_ftr->keysize;
    201 
    202     if (lseek64(fd, off, SEEK_CUR) == -1) {
    203       SLOGE("Cannot seek to real block device salt \n");
    204       goto errout;
    205     }
    206 
    207     if ( (cnt = write(fd, salt, SALT_LEN)) != SALT_LEN) {
    208       SLOGE("Cannot write salt for real block device %s\n", fname);
    209       goto errout;
    210     }
    211   }
    212 
    213   fstat(fd, &statbuf);
    214   /* If the keys are kept on a raw block device, do not try to truncate it. */
    215   if (S_ISREG(statbuf.st_mode) && (key_loc[0] == '/')) {
    216     if (ftruncate(fd, 0x4000)) {
    217       SLOGE("Cannot set footer file size\n", fname);
    218       goto errout;
    219     }
    220   }
    221 
    222   /* Success! */
    223   rc = 0;
    224 
    225 errout:
    226   close(fd);
    227   return rc;
    228 
    229 }
    230 
    231 static int get_crypt_ftr_and_key(char *real_blk_name, struct crypt_mnt_ftr *crypt_ftr,
    232                                   unsigned char *key, unsigned char *salt)
    233 {
    234   int fd;
    235   unsigned int nr_sec, cnt;
    236   off64_t off;
    237   int rc = -1;
    238   char key_loc[PROPERTY_VALUE_MAX];
    239   char *fname;
    240   struct stat statbuf;
    241 
    242   fs_mgr_get_crypt_info(fstab, key_loc, 0, sizeof(key_loc));
    243 
    244   if (!strcmp(key_loc, KEY_IN_FOOTER)) {
    245     fname = real_blk_name;
    246     if ( (fd = open(fname, O_RDONLY)) < 0) {
    247       SLOGE("Cannot open real block device %s\n", fname);
    248       return -1;
    249     }
    250 
    251     if ( (nr_sec = get_blkdev_size(fd)) == 0) {
    252       SLOGE("Cannot get size of block device %s\n", fname);
    253       goto errout;
    254     }
    255 
    256     /* If it's an encrypted Android partition, the last 16 Kbytes contain the
    257      * encryption info footer and key, and plenty of bytes to spare for future
    258      * growth.
    259      */
    260     off = ((off64_t)nr_sec * 512) - CRYPT_FOOTER_OFFSET;
    261 
    262     if (lseek64(fd, off, SEEK_SET) == -1) {
    263       SLOGE("Cannot seek to real block device footer\n");
    264       goto errout;
    265     }
    266   } else if (key_loc[0] == '/') {
    267     fname = key_loc;
    268     if ( (fd = open(fname, O_RDONLY)) < 0) {
    269       SLOGE("Cannot open footer file %s\n", fname);
    270       return -1;
    271     }
    272 
    273     /* Make sure it's 16 Kbytes in length */
    274     fstat(fd, &statbuf);
    275     if (S_ISREG(statbuf.st_mode) && (statbuf.st_size != 0x4000)) {
    276       SLOGE("footer file %s is not the expected size!\n", fname);
    277       goto errout;
    278     }
    279   } else {
    280     SLOGE("Unexpected value for crypto key location\n");
    281     return -1;;
    282   }
    283 
    284   if ( (cnt = read(fd, crypt_ftr, sizeof(struct crypt_mnt_ftr))) != sizeof(struct crypt_mnt_ftr)) {
    285     SLOGE("Cannot read real block device footer\n");
    286     goto errout;
    287   }
    288 
    289   if (crypt_ftr->magic != CRYPT_MNT_MAGIC) {
    290     SLOGE("Bad magic for real block device %s\n", fname);
    291     goto errout;
    292   }
    293 
    294   if (crypt_ftr->major_version != 1) {
    295     SLOGE("Cannot understand major version %d real block device footer\n",
    296           crypt_ftr->major_version);
    297     goto errout;
    298   }
    299 
    300   if (crypt_ftr->minor_version != 0) {
    301     SLOGW("Warning: crypto footer minor version %d, expected 0, continuing...\n",
    302           crypt_ftr->minor_version);
    303   }
    304 
    305   if (crypt_ftr->ftr_size > sizeof(struct crypt_mnt_ftr)) {
    306     /* the footer size is bigger than we expected.
    307      * Skip to it's stated end so we can read the key.
    308      */
    309     if (lseek(fd, crypt_ftr->ftr_size - sizeof(struct crypt_mnt_ftr),  SEEK_CUR) == -1) {
    310       SLOGE("Cannot seek to start of key\n");
    311       goto errout;
    312     }
    313   }
    314 
    315   if (crypt_ftr->keysize != KEY_LEN_BYTES) {
    316     SLOGE("Keysize of %d bits not supported for real block device %s\n",
    317           crypt_ftr->keysize * 8, fname);
    318     goto errout;
    319   }
    320 
    321   if ( (cnt = read(fd, key, crypt_ftr->keysize)) != crypt_ftr->keysize) {
    322     SLOGE("Cannot read key for real block device %s\n", fname);
    323     goto errout;
    324   }
    325 
    326   if (lseek64(fd, KEY_TO_SALT_PADDING, SEEK_CUR) == -1) {
    327     SLOGE("Cannot seek to real block device salt\n");
    328     goto errout;
    329   }
    330 
    331   if ( (cnt = read(fd, salt, SALT_LEN)) != SALT_LEN) {
    332     SLOGE("Cannot read salt for real block device %s\n", fname);
    333     goto errout;
    334   }
    335 
    336   /* Success! */
    337   rc = 0;
    338 
    339 errout:
    340   close(fd);
    341   return rc;
    342 }
    343 
    344 /* Convert a binary key of specified length into an ascii hex string equivalent,
    345  * without the leading 0x and with null termination
    346  */
    347 void convert_key_to_hex_ascii(unsigned char *master_key, unsigned int keysize,
    348                               char *master_key_ascii)
    349 {
    350   unsigned int i, a;
    351   unsigned char nibble;
    352 
    353   for (i=0, a=0; i<keysize; i++, a+=2) {
    354     /* For each byte, write out two ascii hex digits */
    355     nibble = (master_key[i] >> 4) & 0xf;
    356     master_key_ascii[a] = nibble + (nibble > 9 ? 0x37 : 0x30);
    357 
    358     nibble = master_key[i] & 0xf;
    359     master_key_ascii[a+1] = nibble + (nibble > 9 ? 0x37 : 0x30);
    360   }
    361 
    362   /* Add the null termination */
    363   master_key_ascii[a] = '\0';
    364 
    365 }
    366 
    367 static int load_crypto_mapping_table(struct crypt_mnt_ftr *crypt_ftr, unsigned char *master_key,
    368                                      char *real_blk_name, const char *name, int fd,
    369                                      char *extra_params)
    370 {
    371   char buffer[DM_CRYPT_BUF_SIZE];
    372   struct dm_ioctl *io;
    373   struct dm_target_spec *tgt;
    374   char *crypt_params;
    375   char master_key_ascii[129]; /* Large enough to hold 512 bit key and null */
    376   int i;
    377 
    378   io = (struct dm_ioctl *) buffer;
    379 
    380   /* Load the mapping table for this device */
    381   tgt = (struct dm_target_spec *) &buffer[sizeof(struct dm_ioctl)];
    382 
    383   ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
    384   io->target_count = 1;
    385   tgt->status = 0;
    386   tgt->sector_start = 0;
    387   tgt->length = crypt_ftr->fs_size;
    388   strcpy(tgt->target_type, "crypt");
    389 
    390   crypt_params = buffer + sizeof(struct dm_ioctl) + sizeof(struct dm_target_spec);
    391   convert_key_to_hex_ascii(master_key, crypt_ftr->keysize, master_key_ascii);
    392   sprintf(crypt_params, "%s %s 0 %s 0 %s", crypt_ftr->crypto_type_name,
    393           master_key_ascii, real_blk_name, extra_params);
    394   crypt_params += strlen(crypt_params) + 1;
    395   crypt_params = (char *) (((unsigned long)crypt_params + 7) & ~8); /* Align to an 8 byte boundary */
    396   tgt->next = crypt_params - buffer;
    397 
    398   for (i = 0; i < TABLE_LOAD_RETRIES; i++) {
    399     if (! ioctl(fd, DM_TABLE_LOAD, io)) {
    400       break;
    401     }
    402     usleep(500000);
    403   }
    404 
    405   if (i == TABLE_LOAD_RETRIES) {
    406     /* We failed to load the table, return an error */
    407     return -1;
    408   } else {
    409     return i + 1;
    410   }
    411 }
    412 
    413 
    414 static int get_dm_crypt_version(int fd, const char *name,  int *version)
    415 {
    416     char buffer[DM_CRYPT_BUF_SIZE];
    417     struct dm_ioctl *io;
    418     struct dm_target_versions *v;
    419     int i;
    420 
    421     io = (struct dm_ioctl *) buffer;
    422 
    423     ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
    424 
    425     if (ioctl(fd, DM_LIST_VERSIONS, io)) {
    426         return -1;
    427     }
    428 
    429     /* Iterate over the returned versions, looking for name of "crypt".
    430      * When found, get and return the version.
    431      */
    432     v = (struct dm_target_versions *) &buffer[sizeof(struct dm_ioctl)];
    433     while (v->next) {
    434         if (! strcmp(v->name, "crypt")) {
    435             /* We found the crypt driver, return the version, and get out */
    436             version[0] = v->version[0];
    437             version[1] = v->version[1];
    438             version[2] = v->version[2];
    439             return 0;
    440         }
    441         v = (struct dm_target_versions *)(((char *)v) + v->next);
    442     }
    443 
    444     return -1;
    445 }
    446 
    447 static int create_crypto_blk_dev(struct crypt_mnt_ftr *crypt_ftr, unsigned char *master_key,
    448                                     char *real_blk_name, char *crypto_blk_name, const char *name)
    449 {
    450   char buffer[DM_CRYPT_BUF_SIZE];
    451   char master_key_ascii[129]; /* Large enough to hold 512 bit key and null */
    452   char *crypt_params;
    453   struct dm_ioctl *io;
    454   struct dm_target_spec *tgt;
    455   unsigned int minor;
    456   int fd;
    457   int i;
    458   int retval = -1;
    459   int version[3];
    460   char *extra_params;
    461   int load_count;
    462 
    463   if ((fd = open("/dev/device-mapper", O_RDWR)) < 0 ) {
    464     SLOGE("Cannot open device-mapper\n");
    465     goto errout;
    466   }
    467 
    468   io = (struct dm_ioctl *) buffer;
    469 
    470   ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
    471   if (ioctl(fd, DM_DEV_CREATE, io)) {
    472     SLOGE("Cannot create dm-crypt device\n");
    473     goto errout;
    474   }
    475 
    476   /* Get the device status, in particular, the name of it's device file */
    477   ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
    478   if (ioctl(fd, DM_DEV_STATUS, io)) {
    479     SLOGE("Cannot retrieve dm-crypt device status\n");
    480     goto errout;
    481   }
    482   minor = (io->dev & 0xff) | ((io->dev >> 12) & 0xfff00);
    483   snprintf(crypto_blk_name, MAXPATHLEN, "/dev/block/dm-%u", minor);
    484 
    485   extra_params = "";
    486   if (! get_dm_crypt_version(fd, name, version)) {
    487       /* Support for allow_discards was added in version 1.11.0 */
    488       if ((version[0] >= 2) ||
    489           ((version[0] == 1) && (version[1] >= 11))) {
    490           extra_params = "1 allow_discards";
    491           SLOGI("Enabling support for allow_discards in dmcrypt.\n");
    492       }
    493   }
    494 
    495   load_count = load_crypto_mapping_table(crypt_ftr, master_key, real_blk_name, name,
    496                                          fd, extra_params);
    497   if (load_count < 0) {
    498       SLOGE("Cannot load dm-crypt mapping table.\n");
    499       goto errout;
    500   } else if (load_count > 1) {
    501       SLOGI("Took %d tries to load dmcrypt table.\n", load_count);
    502   }
    503 
    504   /* Resume this device to activate it */
    505   ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
    506 
    507   if (ioctl(fd, DM_DEV_SUSPEND, io)) {
    508     SLOGE("Cannot resume the dm-crypt device\n");
    509     goto errout;
    510   }
    511 
    512   /* We made it here with no errors.  Woot! */
    513   retval = 0;
    514 
    515 errout:
    516   close(fd);   /* If fd is <0 from a failed open call, it's safe to just ignore the close error */
    517 
    518   return retval;
    519 }
    520 
    521 static int delete_crypto_blk_dev(char *name)
    522 {
    523   int fd;
    524   char buffer[DM_CRYPT_BUF_SIZE];
    525   struct dm_ioctl *io;
    526   int retval = -1;
    527 
    528   if ((fd = open("/dev/device-mapper", O_RDWR)) < 0 ) {
    529     SLOGE("Cannot open device-mapper\n");
    530     goto errout;
    531   }
    532 
    533   io = (struct dm_ioctl *) buffer;
    534 
    535   ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
    536   if (ioctl(fd, DM_DEV_REMOVE, io)) {
    537     SLOGE("Cannot remove dm-crypt device\n");
    538     goto errout;
    539   }
    540 
    541   /* We made it here with no errors.  Woot! */
    542   retval = 0;
    543 
    544 errout:
    545   close(fd);    /* If fd is <0 from a failed open call, it's safe to just ignore the close error */
    546 
    547   return retval;
    548 
    549 }
    550 
    551 static void pbkdf2(char *passwd, unsigned char *salt, unsigned char *ikey)
    552 {
    553     /* Turn the password into a key and IV that can decrypt the master key */
    554     PKCS5_PBKDF2_HMAC_SHA1(passwd, strlen(passwd), salt, SALT_LEN,
    555                            HASH_COUNT, KEY_LEN_BYTES+IV_LEN_BYTES, ikey);
    556 }
    557 
    558 static int encrypt_master_key(char *passwd, unsigned char *salt,
    559                               unsigned char *decrypted_master_key,
    560                               unsigned char *encrypted_master_key)
    561 {
    562     unsigned char ikey[32+32] = { 0 }; /* Big enough to hold a 256 bit key and 256 bit IV */
    563     EVP_CIPHER_CTX e_ctx;
    564     int encrypted_len, final_len;
    565 
    566     /* Turn the password into a key and IV that can decrypt the master key */
    567     pbkdf2(passwd, salt, ikey);
    568 
    569     /* Initialize the decryption engine */
    570     if (! EVP_EncryptInit(&e_ctx, EVP_aes_128_cbc(), ikey, ikey+KEY_LEN_BYTES)) {
    571         SLOGE("EVP_EncryptInit failed\n");
    572         return -1;
    573     }
    574     EVP_CIPHER_CTX_set_padding(&e_ctx, 0); /* Turn off padding as our data is block aligned */
    575 
    576     /* Encrypt the master key */
    577     if (! EVP_EncryptUpdate(&e_ctx, encrypted_master_key, &encrypted_len,
    578                               decrypted_master_key, KEY_LEN_BYTES)) {
    579         SLOGE("EVP_EncryptUpdate failed\n");
    580         return -1;
    581     }
    582     if (! EVP_EncryptFinal(&e_ctx, encrypted_master_key + encrypted_len, &final_len)) {
    583         SLOGE("EVP_EncryptFinal failed\n");
    584         return -1;
    585     }
    586 
    587     if (encrypted_len + final_len != KEY_LEN_BYTES) {
    588         SLOGE("EVP_Encryption length check failed with %d, %d bytes\n", encrypted_len, final_len);
    589         return -1;
    590     } else {
    591         return 0;
    592     }
    593 }
    594 
    595 static int decrypt_master_key(char *passwd, unsigned char *salt,
    596                               unsigned char *encrypted_master_key,
    597                               unsigned char *decrypted_master_key)
    598 {
    599   unsigned char ikey[32+32] = { 0 }; /* Big enough to hold a 256 bit key and 256 bit IV */
    600   EVP_CIPHER_CTX d_ctx;
    601   int decrypted_len, final_len;
    602 
    603   /* Turn the password into a key and IV that can decrypt the master key */
    604   pbkdf2(passwd, salt, ikey);
    605 
    606   /* Initialize the decryption engine */
    607   if (! EVP_DecryptInit(&d_ctx, EVP_aes_128_cbc(), ikey, ikey+KEY_LEN_BYTES)) {
    608     return -1;
    609   }
    610   EVP_CIPHER_CTX_set_padding(&d_ctx, 0); /* Turn off padding as our data is block aligned */
    611   /* Decrypt the master key */
    612   if (! EVP_DecryptUpdate(&d_ctx, decrypted_master_key, &decrypted_len,
    613                             encrypted_master_key, KEY_LEN_BYTES)) {
    614     return -1;
    615   }
    616   if (! EVP_DecryptFinal(&d_ctx, decrypted_master_key + decrypted_len, &final_len)) {
    617     return -1;
    618   }
    619 
    620   if (decrypted_len + final_len != KEY_LEN_BYTES) {
    621     return -1;
    622   } else {
    623     return 0;
    624   }
    625 }
    626 
    627 static int create_encrypted_random_key(char *passwd, unsigned char *master_key, unsigned char *salt)
    628 {
    629     int fd;
    630     unsigned char key_buf[KEY_LEN_BYTES];
    631     EVP_CIPHER_CTX e_ctx;
    632     int encrypted_len, final_len;
    633 
    634     /* Get some random bits for a key */
    635     fd = open("/dev/urandom", O_RDONLY);
    636     read(fd, key_buf, sizeof(key_buf));
    637     read(fd, salt, SALT_LEN);
    638     close(fd);
    639 
    640     /* Now encrypt it with the password */
    641     return encrypt_master_key(passwd, salt, key_buf, master_key);
    642 }
    643 
    644 static int wait_and_unmount(char *mountpoint)
    645 {
    646     int i, rc;
    647 #define WAIT_UNMOUNT_COUNT 20
    648 
    649     /*  Now umount the tmpfs filesystem */
    650     for (i=0; i<WAIT_UNMOUNT_COUNT; i++) {
    651         if (umount(mountpoint)) {
    652             if (errno == EINVAL) {
    653                 /* EINVAL is returned if the directory is not a mountpoint,
    654                  * i.e. there is no filesystem mounted there.  So just get out.
    655                  */
    656                 break;
    657             }
    658             sleep(1);
    659             i++;
    660         } else {
    661           break;
    662         }
    663     }
    664 
    665     if (i < WAIT_UNMOUNT_COUNT) {
    666       SLOGD("unmounting %s succeeded\n", mountpoint);
    667       rc = 0;
    668     } else {
    669       SLOGE("unmounting %s failed\n", mountpoint);
    670       rc = -1;
    671     }
    672 
    673     return rc;
    674 }
    675 
    676 #define DATA_PREP_TIMEOUT 200
    677 static int prep_data_fs(void)
    678 {
    679     int i;
    680 
    681     /* Do the prep of the /data filesystem */
    682     property_set("vold.post_fs_data_done", "0");
    683     property_set("vold.decrypt", "trigger_post_fs_data");
    684     SLOGD("Just triggered post_fs_data\n");
    685 
    686     /* Wait a max of 50 seconds, hopefully it takes much less */
    687     for (i=0; i<DATA_PREP_TIMEOUT; i++) {
    688         char p[PROPERTY_VALUE_MAX];
    689 
    690         property_get("vold.post_fs_data_done", p, "0");
    691         if (*p == '1') {
    692             break;
    693         } else {
    694             usleep(250000);
    695         }
    696     }
    697     if (i == DATA_PREP_TIMEOUT) {
    698         /* Ugh, we failed to prep /data in time.  Bail. */
    699         SLOGE("post_fs_data timed out!\n");
    700         return -1;
    701     } else {
    702         SLOGD("post_fs_data done\n");
    703         return 0;
    704     }
    705 }
    706 
    707 int cryptfs_restart(void)
    708 {
    709     char fs_type[32];
    710     char real_blkdev[MAXPATHLEN];
    711     char crypto_blkdev[MAXPATHLEN];
    712     char fs_options[256];
    713     unsigned long mnt_flags;
    714     struct stat statbuf;
    715     int rc = -1, i;
    716     static int restart_successful = 0;
    717 
    718     /* Validate that it's OK to call this routine */
    719     if (! master_key_saved) {
    720         SLOGE("Encrypted filesystem not validated, aborting");
    721         return -1;
    722     }
    723 
    724     if (restart_successful) {
    725         SLOGE("System already restarted with encrypted disk, aborting");
    726         return -1;
    727     }
    728 
    729     /* Here is where we shut down the framework.  The init scripts
    730      * start all services in one of three classes: core, main or late_start.
    731      * On boot, we start core and main.  Now, we stop main, but not core,
    732      * as core includes vold and a few other really important things that
    733      * we need to keep running.  Once main has stopped, we should be able
    734      * to umount the tmpfs /data, then mount the encrypted /data.
    735      * We then restart the class main, and also the class late_start.
    736      * At the moment, I've only put a few things in late_start that I know
    737      * are not needed to bring up the framework, and that also cause problems
    738      * with unmounting the tmpfs /data, but I hope to add add more services
    739      * to the late_start class as we optimize this to decrease the delay
    740      * till the user is asked for the password to the filesystem.
    741      */
    742 
    743     /* The init files are setup to stop the class main when vold.decrypt is
    744      * set to trigger_reset_main.
    745      */
    746     property_set("vold.decrypt", "trigger_reset_main");
    747     SLOGD("Just asked init to shut down class main\n");
    748 
    749     /* Ugh, shutting down the framework is not synchronous, so until it
    750      * can be fixed, this horrible hack will wait a moment for it all to
    751      * shut down before proceeding.  Without it, some devices cannot
    752      * restart the graphics services.
    753      */
    754     sleep(2);
    755 
    756     /* Now that the framework is shutdown, we should be able to umount()
    757      * the tmpfs filesystem, and mount the real one.
    758      */
    759 
    760     property_get("ro.crypto.fs_crypto_blkdev", crypto_blkdev, "");
    761     if (strlen(crypto_blkdev) == 0) {
    762         SLOGE("fs_crypto_blkdev not set\n");
    763         return -1;
    764     }
    765 
    766     if (! (rc = wait_and_unmount(DATA_MNT_POINT)) ) {
    767         /* If that succeeded, then mount the decrypted filesystem */
    768         fs_mgr_do_mount(fstab, DATA_MNT_POINT, crypto_blkdev, 0);
    769 
    770         property_set("vold.decrypt", "trigger_load_persist_props");
    771         /* Create necessary paths on /data */
    772         if (prep_data_fs()) {
    773             return -1;
    774         }
    775 
    776         /* startup service classes main and late_start */
    777         property_set("vold.decrypt", "trigger_restart_framework");
    778         SLOGD("Just triggered restart_framework\n");
    779 
    780         /* Give it a few moments to get started */
    781         sleep(1);
    782     }
    783 
    784     if (rc == 0) {
    785         restart_successful = 1;
    786     }
    787 
    788     return rc;
    789 }
    790 
    791 static int do_crypto_complete(char *mount_point)
    792 {
    793   struct crypt_mnt_ftr crypt_ftr;
    794   unsigned char encrypted_master_key[32];
    795   unsigned char salt[SALT_LEN];
    796   char real_blkdev[MAXPATHLEN];
    797   char encrypted_state[PROPERTY_VALUE_MAX];
    798   char key_loc[PROPERTY_VALUE_MAX];
    799 
    800   property_get("ro.crypto.state", encrypted_state, "");
    801   if (strcmp(encrypted_state, "encrypted") ) {
    802     SLOGE("not running with encryption, aborting");
    803     return 1;
    804   }
    805 
    806   fs_mgr_get_crypt_info(fstab, 0, real_blkdev, sizeof(real_blkdev));
    807 
    808   if (get_crypt_ftr_and_key(real_blkdev, &crypt_ftr, encrypted_master_key, salt)) {
    809     fs_mgr_get_crypt_info(fstab, key_loc, 0, sizeof(key_loc));
    810 
    811     /*
    812      * Only report this error if key_loc is a file and it exists.
    813      * If the device was never encrypted, and /data is not mountable for
    814      * some reason, returning 1 should prevent the UI from presenting the
    815      * a "enter password" screen, or worse, a "press button to wipe the
    816      * device" screen.
    817      */
    818     if ((key_loc[0] == '/') && (access("key_loc", F_OK) == -1)) {
    819       SLOGE("master key file does not exist, aborting");
    820       return 1;
    821     } else {
    822       SLOGE("Error getting crypt footer and key\n");
    823       return -1;
    824     }
    825   }
    826 
    827   if (crypt_ftr.flags & CRYPT_ENCRYPTION_IN_PROGRESS) {
    828     SLOGE("Encryption process didn't finish successfully\n");
    829     return -2;  /* -2 is the clue to the UI that there is no usable data on the disk,
    830                  * and give the user an option to wipe the disk */
    831   }
    832 
    833   /* We passed the test! We shall diminish, and return to the west */
    834   return 0;
    835 }
    836 
    837 static int test_mount_encrypted_fs(char *passwd, char *mount_point, char *label)
    838 {
    839   struct crypt_mnt_ftr crypt_ftr;
    840   /* Allocate enough space for a 256 bit key, but we may use less */
    841   unsigned char encrypted_master_key[32], decrypted_master_key[32];
    842   unsigned char salt[SALT_LEN];
    843   char crypto_blkdev[MAXPATHLEN];
    844   char real_blkdev[MAXPATHLEN];
    845   char tmp_mount_point[64];
    846   unsigned int orig_failed_decrypt_count;
    847   char encrypted_state[PROPERTY_VALUE_MAX];
    848   int rc;
    849 
    850   property_get("ro.crypto.state", encrypted_state, "");
    851   if ( master_key_saved || strcmp(encrypted_state, "encrypted") ) {
    852     SLOGE("encrypted fs already validated or not running with encryption, aborting");
    853     return -1;
    854   }
    855 
    856   fs_mgr_get_crypt_info(fstab, 0, real_blkdev, sizeof(real_blkdev));
    857 
    858   if (get_crypt_ftr_and_key(real_blkdev, &crypt_ftr, encrypted_master_key, salt)) {
    859     SLOGE("Error getting crypt footer and key\n");
    860     return -1;
    861   }
    862 
    863   SLOGD("crypt_ftr->fs_size = %lld\n", crypt_ftr.fs_size);
    864   orig_failed_decrypt_count = crypt_ftr.failed_decrypt_count;
    865 
    866   if (! (crypt_ftr.flags & CRYPT_MNT_KEY_UNENCRYPTED) ) {
    867     decrypt_master_key(passwd, salt, encrypted_master_key, decrypted_master_key);
    868   }
    869 
    870   if (create_crypto_blk_dev(&crypt_ftr, decrypted_master_key,
    871                                real_blkdev, crypto_blkdev, label)) {
    872     SLOGE("Error creating decrypted block device\n");
    873     return -1;
    874   }
    875 
    876   /* If init detects an encrypted filesystme, it writes a file for each such
    877    * encrypted fs into the tmpfs /data filesystem, and then the framework finds those
    878    * files and passes that data to me */
    879   /* Create a tmp mount point to try mounting the decryptd fs
    880    * Since we're here, the mount_point should be a tmpfs filesystem, so make
    881    * a directory in it to test mount the decrypted filesystem.
    882    */
    883   sprintf(tmp_mount_point, "%s/tmp_mnt", mount_point);
    884   mkdir(tmp_mount_point, 0755);
    885   if (fs_mgr_do_mount(fstab, DATA_MNT_POINT, crypto_blkdev, tmp_mount_point)) {
    886     SLOGE("Error temp mounting decrypted block device\n");
    887     delete_crypto_blk_dev(label);
    888     crypt_ftr.failed_decrypt_count++;
    889   } else {
    890     /* Success, so just umount and we'll mount it properly when we restart
    891      * the framework.
    892      */
    893     umount(tmp_mount_point);
    894     crypt_ftr.failed_decrypt_count  = 0;
    895   }
    896 
    897   if (orig_failed_decrypt_count != crypt_ftr.failed_decrypt_count) {
    898     put_crypt_ftr_and_key(real_blkdev, &crypt_ftr, 0, 0);
    899   }
    900 
    901   if (crypt_ftr.failed_decrypt_count) {
    902     /* We failed to mount the device, so return an error */
    903     rc = crypt_ftr.failed_decrypt_count;
    904 
    905   } else {
    906     /* Woot!  Success!  Save the name of the crypto block device
    907      * so we can mount it when restarting the framework.
    908      */
    909     property_set("ro.crypto.fs_crypto_blkdev", crypto_blkdev);
    910 
    911     /* Also save a the master key so we can reencrypted the key
    912      * the key when we want to change the password on it.
    913      */
    914     memcpy(saved_master_key, decrypted_master_key, KEY_LEN_BYTES);
    915     saved_data_blkdev = strdup(real_blkdev);
    916     saved_mount_point = strdup(mount_point);
    917     master_key_saved = 1;
    918     rc = 0;
    919   }
    920 
    921   return rc;
    922 }
    923 
    924 /* Called by vold when it wants to undo the crypto mapping of a volume it
    925  * manages.  This is usually in response to a factory reset, when we want
    926  * to undo the crypto mapping so the volume is formatted in the clear.
    927  */
    928 int cryptfs_revert_volume(const char *label)
    929 {
    930     return delete_crypto_blk_dev((char *)label);
    931 }
    932 
    933 /*
    934  * Called by vold when it's asked to mount an encrypted, nonremovable volume.
    935  * Setup a dm-crypt mapping, use the saved master key from
    936  * setting up the /data mapping, and return the new device path.
    937  */
    938 int cryptfs_setup_volume(const char *label, int major, int minor,
    939                          char *crypto_sys_path, unsigned int max_path,
    940                          int *new_major, int *new_minor)
    941 {
    942     char real_blkdev[MAXPATHLEN], crypto_blkdev[MAXPATHLEN];
    943     struct crypt_mnt_ftr sd_crypt_ftr;
    944     unsigned char key[32], salt[32];
    945     struct stat statbuf;
    946     int nr_sec, fd;
    947 
    948     sprintf(real_blkdev, "/dev/block/vold/%d:%d", major, minor);
    949 
    950     /* Just want the footer, but gotta get it all */
    951     get_crypt_ftr_and_key(saved_data_blkdev, &sd_crypt_ftr, key, salt);
    952 
    953     /* Update the fs_size field to be the size of the volume */
    954     fd = open(real_blkdev, O_RDONLY);
    955     nr_sec = get_blkdev_size(fd);
    956     close(fd);
    957     if (nr_sec == 0) {
    958         SLOGE("Cannot get size of volume %s\n", real_blkdev);
    959         return -1;
    960     }
    961 
    962     sd_crypt_ftr.fs_size = nr_sec;
    963     create_crypto_blk_dev(&sd_crypt_ftr, saved_master_key, real_blkdev,
    964                           crypto_blkdev, label);
    965 
    966     stat(crypto_blkdev, &statbuf);
    967     *new_major = MAJOR(statbuf.st_rdev);
    968     *new_minor = MINOR(statbuf.st_rdev);
    969 
    970     /* Create path to sys entry for this block device */
    971     snprintf(crypto_sys_path, max_path, "/devices/virtual/block/%s", strrchr(crypto_blkdev, '/')+1);
    972 
    973     return 0;
    974 }
    975 
    976 int cryptfs_crypto_complete(void)
    977 {
    978   return do_crypto_complete("/data");
    979 }
    980 
    981 int cryptfs_check_passwd(char *passwd)
    982 {
    983     int rc = -1;
    984 
    985     rc = test_mount_encrypted_fs(passwd, DATA_MNT_POINT, "userdata");
    986 
    987     return rc;
    988 }
    989 
    990 int cryptfs_verify_passwd(char *passwd)
    991 {
    992     struct crypt_mnt_ftr crypt_ftr;
    993     /* Allocate enough space for a 256 bit key, but we may use less */
    994     unsigned char encrypted_master_key[32], decrypted_master_key[32];
    995     unsigned char salt[SALT_LEN];
    996     char real_blkdev[MAXPATHLEN];
    997     char encrypted_state[PROPERTY_VALUE_MAX];
    998     int rc;
    999 
   1000     property_get("ro.crypto.state", encrypted_state, "");
   1001     if (strcmp(encrypted_state, "encrypted") ) {
   1002         SLOGE("device not encrypted, aborting");
   1003         return -2;
   1004     }
   1005 
   1006     if (!master_key_saved) {
   1007         SLOGE("encrypted fs not yet mounted, aborting");
   1008         return -1;
   1009     }
   1010 
   1011     if (!saved_mount_point) {
   1012         SLOGE("encrypted fs failed to save mount point, aborting");
   1013         return -1;
   1014     }
   1015 
   1016     fs_mgr_get_crypt_info(fstab, 0, real_blkdev, sizeof(real_blkdev));
   1017 
   1018     if (get_crypt_ftr_and_key(real_blkdev, &crypt_ftr, encrypted_master_key, salt)) {
   1019         SLOGE("Error getting crypt footer and key\n");
   1020         return -1;
   1021     }
   1022 
   1023     if (crypt_ftr.flags & CRYPT_MNT_KEY_UNENCRYPTED) {
   1024         /* If the device has no password, then just say the password is valid */
   1025         rc = 0;
   1026     } else {
   1027         decrypt_master_key(passwd, salt, encrypted_master_key, decrypted_master_key);
   1028         if (!memcmp(decrypted_master_key, saved_master_key, crypt_ftr.keysize)) {
   1029             /* They match, the password is correct */
   1030             rc = 0;
   1031         } else {
   1032             /* If incorrect, sleep for a bit to prevent dictionary attacks */
   1033             sleep(1);
   1034             rc = 1;
   1035         }
   1036     }
   1037 
   1038     return rc;
   1039 }
   1040 
   1041 /* Initialize a crypt_mnt_ftr structure.  The keysize is
   1042  * defaulted to 16 bytes, and the filesystem size to 0.
   1043  * Presumably, at a minimum, the caller will update the
   1044  * filesystem size and crypto_type_name after calling this function.
   1045  */
   1046 static void cryptfs_init_crypt_mnt_ftr(struct crypt_mnt_ftr *ftr)
   1047 {
   1048     ftr->magic = CRYPT_MNT_MAGIC;
   1049     ftr->major_version = 1;
   1050     ftr->minor_version = 0;
   1051     ftr->ftr_size = sizeof(struct crypt_mnt_ftr);
   1052     ftr->flags = 0;
   1053     ftr->keysize = KEY_LEN_BYTES;
   1054     ftr->spare1 = 0;
   1055     ftr->fs_size = 0;
   1056     ftr->failed_decrypt_count = 0;
   1057     ftr->crypto_type_name[0] = '\0';
   1058 }
   1059 
   1060 static int cryptfs_enable_wipe(char *crypto_blkdev, off64_t size, int type)
   1061 {
   1062     char cmdline[256];
   1063     int rc = -1;
   1064 
   1065     if (type == EXT4_FS) {
   1066         snprintf(cmdline, sizeof(cmdline), "/system/bin/make_ext4fs -a /data -l %lld %s",
   1067                  size * 512, crypto_blkdev);
   1068         SLOGI("Making empty filesystem with command %s\n", cmdline);
   1069     } else if (type== FAT_FS) {
   1070         snprintf(cmdline, sizeof(cmdline), "/system/bin/newfs_msdos -F 32 -O android -c 8 -s %lld %s",
   1071                  size, crypto_blkdev);
   1072         SLOGI("Making empty filesystem with command %s\n", cmdline);
   1073     } else {
   1074         SLOGE("cryptfs_enable_wipe(): unknown filesystem type %d\n", type);
   1075         return -1;
   1076     }
   1077 
   1078     if (system(cmdline)) {
   1079       SLOGE("Error creating empty filesystem on %s\n", crypto_blkdev);
   1080     } else {
   1081       SLOGD("Successfully created empty filesystem on %s\n", crypto_blkdev);
   1082       rc = 0;
   1083     }
   1084 
   1085     return rc;
   1086 }
   1087 
   1088 static inline int unix_read(int  fd, void*  buff, int  len)
   1089 {
   1090     int  ret;
   1091     do { ret = read(fd, buff, len); } while (ret < 0 && errno == EINTR);
   1092     return ret;
   1093 }
   1094 
   1095 static inline int unix_write(int  fd, const void*  buff, int  len)
   1096 {
   1097     int  ret;
   1098     do { ret = write(fd, buff, len); } while (ret < 0 && errno == EINTR);
   1099     return ret;
   1100 }
   1101 
   1102 #define CRYPT_INPLACE_BUFSIZE 4096
   1103 #define CRYPT_SECTORS_PER_BUFSIZE (CRYPT_INPLACE_BUFSIZE / 512)
   1104 static int cryptfs_enable_inplace(char *crypto_blkdev, char *real_blkdev, off64_t size,
   1105                                   off64_t *size_already_done, off64_t tot_size)
   1106 {
   1107     int realfd, cryptofd;
   1108     char *buf[CRYPT_INPLACE_BUFSIZE];
   1109     int rc = -1;
   1110     off64_t numblocks, i, remainder;
   1111     off64_t one_pct, cur_pct, new_pct;
   1112     off64_t blocks_already_done, tot_numblocks;
   1113 
   1114     if ( (realfd = open(real_blkdev, O_RDONLY)) < 0) {
   1115         SLOGE("Error opening real_blkdev %s for inplace encrypt\n", real_blkdev);
   1116         return -1;
   1117     }
   1118 
   1119     if ( (cryptofd = open(crypto_blkdev, O_WRONLY)) < 0) {
   1120         SLOGE("Error opening crypto_blkdev %s for inplace encrypt\n", crypto_blkdev);
   1121         close(realfd);
   1122         return -1;
   1123     }
   1124 
   1125     /* This is pretty much a simple loop of reading 4K, and writing 4K.
   1126      * The size passed in is the number of 512 byte sectors in the filesystem.
   1127      * So compute the number of whole 4K blocks we should read/write,
   1128      * and the remainder.
   1129      */
   1130     numblocks = size / CRYPT_SECTORS_PER_BUFSIZE;
   1131     remainder = size % CRYPT_SECTORS_PER_BUFSIZE;
   1132     tot_numblocks = tot_size / CRYPT_SECTORS_PER_BUFSIZE;
   1133     blocks_already_done = *size_already_done / CRYPT_SECTORS_PER_BUFSIZE;
   1134 
   1135     SLOGE("Encrypting filesystem in place...");
   1136 
   1137     one_pct = tot_numblocks / 100;
   1138     cur_pct = 0;
   1139     /* process the majority of the filesystem in blocks */
   1140     for (i=0; i<numblocks; i++) {
   1141         new_pct = (i + blocks_already_done) / one_pct;
   1142         if (new_pct > cur_pct) {
   1143             char buf[8];
   1144 
   1145             cur_pct = new_pct;
   1146             snprintf(buf, sizeof(buf), "%lld", cur_pct);
   1147             property_set("vold.encrypt_progress", buf);
   1148         }
   1149         if (unix_read(realfd, buf, CRYPT_INPLACE_BUFSIZE) <= 0) {
   1150             SLOGE("Error reading real_blkdev %s for inplace encrypt\n", crypto_blkdev);
   1151             goto errout;
   1152         }
   1153         if (unix_write(cryptofd, buf, CRYPT_INPLACE_BUFSIZE) <= 0) {
   1154             SLOGE("Error writing crypto_blkdev %s for inplace encrypt\n", crypto_blkdev);
   1155             goto errout;
   1156         }
   1157     }
   1158 
   1159     /* Do any remaining sectors */
   1160     for (i=0; i<remainder; i++) {
   1161         if (unix_read(realfd, buf, 512) <= 0) {
   1162             SLOGE("Error reading rival sectors from real_blkdev %s for inplace encrypt\n", crypto_blkdev);
   1163             goto errout;
   1164         }
   1165         if (unix_write(cryptofd, buf, 512) <= 0) {
   1166             SLOGE("Error writing final sectors to crypto_blkdev %s for inplace encrypt\n", crypto_blkdev);
   1167             goto errout;
   1168         }
   1169     }
   1170 
   1171     *size_already_done += size;
   1172     rc = 0;
   1173 
   1174 errout:
   1175     close(realfd);
   1176     close(cryptofd);
   1177 
   1178     return rc;
   1179 }
   1180 
   1181 #define CRYPTO_ENABLE_WIPE 1
   1182 #define CRYPTO_ENABLE_INPLACE 2
   1183 
   1184 #define FRAMEWORK_BOOT_WAIT 60
   1185 
   1186 static inline int should_encrypt(struct volume_info *volume)
   1187 {
   1188     return (volume->flags & (VOL_ENCRYPTABLE | VOL_NONREMOVABLE)) ==
   1189             (VOL_ENCRYPTABLE | VOL_NONREMOVABLE);
   1190 }
   1191 
   1192 int cryptfs_enable(char *howarg, char *passwd)
   1193 {
   1194     int how = 0;
   1195     char crypto_blkdev[MAXPATHLEN], real_blkdev[MAXPATHLEN], sd_crypto_blkdev[MAXPATHLEN];
   1196     unsigned long nr_sec;
   1197     unsigned char master_key[KEY_LEN_BYTES], decrypted_master_key[KEY_LEN_BYTES];
   1198     unsigned char salt[SALT_LEN];
   1199     int rc=-1, fd, i, ret;
   1200     struct crypt_mnt_ftr crypt_ftr, sd_crypt_ftr;;
   1201     char tmpfs_options[PROPERTY_VALUE_MAX];
   1202     char encrypted_state[PROPERTY_VALUE_MAX];
   1203     char lockid[32] = { 0 };
   1204     char key_loc[PROPERTY_VALUE_MAX];
   1205     char fuse_sdcard[PROPERTY_VALUE_MAX];
   1206     char *sd_mnt_point;
   1207     char sd_blk_dev[256] = { 0 };
   1208     int num_vols;
   1209     struct volume_info *vol_list = 0;
   1210     off64_t cur_encryption_done=0, tot_encryption_size=0;
   1211 
   1212     property_get("ro.crypto.state", encrypted_state, "");
   1213     if (strcmp(encrypted_state, "unencrypted")) {
   1214         SLOGE("Device is already running encrypted, aborting");
   1215         goto error_unencrypted;
   1216     }
   1217 
   1218     fs_mgr_get_crypt_info(fstab, key_loc, 0, sizeof(key_loc));
   1219 
   1220     if (!strcmp(howarg, "wipe")) {
   1221       how = CRYPTO_ENABLE_WIPE;
   1222     } else if (! strcmp(howarg, "inplace")) {
   1223       how = CRYPTO_ENABLE_INPLACE;
   1224     } else {
   1225       /* Shouldn't happen, as CommandListener vets the args */
   1226       goto error_unencrypted;
   1227     }
   1228 
   1229     fs_mgr_get_crypt_info(fstab, 0, real_blkdev, sizeof(real_blkdev));
   1230 
   1231     /* Get the size of the real block device */
   1232     fd = open(real_blkdev, O_RDONLY);
   1233     if ( (nr_sec = get_blkdev_size(fd)) == 0) {
   1234         SLOGE("Cannot get size of block device %s\n", real_blkdev);
   1235         goto error_unencrypted;
   1236     }
   1237     close(fd);
   1238 
   1239     /* If doing inplace encryption, make sure the orig fs doesn't include the crypto footer */
   1240     if ((how == CRYPTO_ENABLE_INPLACE) && (!strcmp(key_loc, KEY_IN_FOOTER))) {
   1241         unsigned int fs_size_sec, max_fs_size_sec;
   1242 
   1243         fs_size_sec = get_fs_size(real_blkdev);
   1244         max_fs_size_sec = nr_sec - (CRYPT_FOOTER_OFFSET / 512);
   1245 
   1246         if (fs_size_sec > max_fs_size_sec) {
   1247             SLOGE("Orig filesystem overlaps crypto footer region.  Cannot encrypt in place.");
   1248             goto error_unencrypted;
   1249         }
   1250     }
   1251 
   1252     /* Get a wakelock as this may take a while, and we don't want the
   1253      * device to sleep on us.  We'll grab a partial wakelock, and if the UI
   1254      * wants to keep the screen on, it can grab a full wakelock.
   1255      */
   1256     snprintf(lockid, sizeof(lockid), "enablecrypto%d", (int) getpid());
   1257     acquire_wake_lock(PARTIAL_WAKE_LOCK, lockid);
   1258 
   1259     /* Get the sdcard mount point */
   1260     sd_mnt_point = getenv("EMULATED_STORAGE_SOURCE");
   1261     if (!sd_mnt_point) {
   1262        sd_mnt_point = getenv("EXTERNAL_STORAGE");
   1263     }
   1264     if (!sd_mnt_point) {
   1265         sd_mnt_point = "/mnt/sdcard";
   1266     }
   1267 
   1268     num_vols=vold_getNumDirectVolumes();
   1269     vol_list = malloc(sizeof(struct volume_info) * num_vols);
   1270     vold_getDirectVolumeList(vol_list);
   1271 
   1272     for (i=0; i<num_vols; i++) {
   1273         if (should_encrypt(&vol_list[i])) {
   1274             fd = open(vol_list[i].blk_dev, O_RDONLY);
   1275             if ( (vol_list[i].size = get_blkdev_size(fd)) == 0) {
   1276                 SLOGE("Cannot get size of block device %s\n", vol_list[i].blk_dev);
   1277                 goto error_unencrypted;
   1278             }
   1279             close(fd);
   1280 
   1281             ret=vold_disableVol(vol_list[i].label);
   1282             if ((ret < 0) && (ret != UNMOUNT_NOT_MOUNTED_ERR)) {
   1283                 /* -2 is returned when the device exists but is not currently mounted.
   1284                  * ignore the error and continue. */
   1285                 SLOGE("Failed to unmount volume %s\n", vol_list[i].label);
   1286                 goto error_unencrypted;
   1287             }
   1288         }
   1289     }
   1290 
   1291     /* The init files are setup to stop the class main and late start when
   1292      * vold sets trigger_shutdown_framework.
   1293      */
   1294     property_set("vold.decrypt", "trigger_shutdown_framework");
   1295     SLOGD("Just asked init to shut down class main\n");
   1296 
   1297     if (vold_unmountAllAsecs()) {
   1298         /* Just report the error.  If any are left mounted,
   1299          * umounting /data below will fail and handle the error.
   1300          */
   1301         SLOGE("Error unmounting internal asecs");
   1302     }
   1303 
   1304     property_get("ro.crypto.fuse_sdcard", fuse_sdcard, "");
   1305     if (!strcmp(fuse_sdcard, "true")) {
   1306         /* This is a device using the fuse layer to emulate the sdcard semantics
   1307          * on top of the userdata partition.  vold does not manage it, it is managed
   1308          * by the sdcard service.  The sdcard service was killed by the property trigger
   1309          * above, so just unmount it now.  We must do this _AFTER_ killing the framework,
   1310          * unlike the case for vold managed devices above.
   1311          */
   1312         if (wait_and_unmount(sd_mnt_point)) {
   1313             goto error_shutting_down;
   1314         }
   1315     }
   1316 
   1317     /* Now unmount the /data partition. */
   1318     if (wait_and_unmount(DATA_MNT_POINT)) {
   1319         goto error_shutting_down;
   1320     }
   1321 
   1322     /* Do extra work for a better UX when doing the long inplace encryption */
   1323     if (how == CRYPTO_ENABLE_INPLACE) {
   1324         /* Now that /data is unmounted, we need to mount a tmpfs
   1325          * /data, set a property saying we're doing inplace encryption,
   1326          * and restart the framework.
   1327          */
   1328         if (fs_mgr_do_tmpfs_mount(DATA_MNT_POINT)) {
   1329             goto error_shutting_down;
   1330         }
   1331         /* Tells the framework that inplace encryption is starting */
   1332         property_set("vold.encrypt_progress", "0");
   1333 
   1334         /* restart the framework. */
   1335         /* Create necessary paths on /data */
   1336         if (prep_data_fs()) {
   1337             goto error_shutting_down;
   1338         }
   1339 
   1340         /* Ugh, shutting down the framework is not synchronous, so until it
   1341          * can be fixed, this horrible hack will wait a moment for it all to
   1342          * shut down before proceeding.  Without it, some devices cannot
   1343          * restart the graphics services.
   1344          */
   1345         sleep(2);
   1346 
   1347         /* startup service classes main and late_start */
   1348         property_set("vold.decrypt", "trigger_restart_min_framework");
   1349         SLOGD("Just triggered restart_min_framework\n");
   1350 
   1351         /* OK, the framework is restarted and will soon be showing a
   1352          * progress bar.  Time to setup an encrypted mapping, and
   1353          * either write a new filesystem, or encrypt in place updating
   1354          * the progress bar as we work.
   1355          */
   1356     }
   1357 
   1358     /* Start the actual work of making an encrypted filesystem */
   1359     /* Initialize a crypt_mnt_ftr for the partition */
   1360     cryptfs_init_crypt_mnt_ftr(&crypt_ftr);
   1361     if (!strcmp(key_loc, KEY_IN_FOOTER)) {
   1362         crypt_ftr.fs_size = nr_sec - (CRYPT_FOOTER_OFFSET / 512);
   1363     } else {
   1364         crypt_ftr.fs_size = nr_sec;
   1365     }
   1366     crypt_ftr.flags |= CRYPT_ENCRYPTION_IN_PROGRESS;
   1367     strcpy((char *)crypt_ftr.crypto_type_name, "aes-cbc-essiv:sha256");
   1368 
   1369     /* Make an encrypted master key */
   1370     if (create_encrypted_random_key(passwd, master_key, salt)) {
   1371         SLOGE("Cannot create encrypted master key\n");
   1372         goto error_unencrypted;
   1373     }
   1374 
   1375     /* Write the key to the end of the partition */
   1376     put_crypt_ftr_and_key(real_blkdev, &crypt_ftr, master_key, salt);
   1377 
   1378     decrypt_master_key(passwd, salt, master_key, decrypted_master_key);
   1379     create_crypto_blk_dev(&crypt_ftr, decrypted_master_key, real_blkdev, crypto_blkdev,
   1380                           "userdata");
   1381 
   1382     /* The size of the userdata partition, and add in the vold volumes below */
   1383     tot_encryption_size = crypt_ftr.fs_size;
   1384 
   1385     /* setup crypto mapping for all encryptable volumes handled by vold */
   1386     for (i=0; i<num_vols; i++) {
   1387         if (should_encrypt(&vol_list[i])) {
   1388             vol_list[i].crypt_ftr = crypt_ftr; /* gotta love struct assign */
   1389             vol_list[i].crypt_ftr.fs_size = vol_list[i].size;
   1390             create_crypto_blk_dev(&vol_list[i].crypt_ftr, decrypted_master_key,
   1391                                   vol_list[i].blk_dev, vol_list[i].crypto_blkdev,
   1392                                   vol_list[i].label);
   1393             tot_encryption_size += vol_list[i].size;
   1394         }
   1395     }
   1396 
   1397     if (how == CRYPTO_ENABLE_WIPE) {
   1398         rc = cryptfs_enable_wipe(crypto_blkdev, crypt_ftr.fs_size, EXT4_FS);
   1399         /* Encrypt all encryptable volumes handled by vold */
   1400         if (!rc) {
   1401             for (i=0; i<num_vols; i++) {
   1402                 if (should_encrypt(&vol_list[i])) {
   1403                     rc = cryptfs_enable_wipe(vol_list[i].crypto_blkdev,
   1404                                              vol_list[i].crypt_ftr.fs_size, FAT_FS);
   1405                 }
   1406             }
   1407         }
   1408     } else if (how == CRYPTO_ENABLE_INPLACE) {
   1409         rc = cryptfs_enable_inplace(crypto_blkdev, real_blkdev, crypt_ftr.fs_size,
   1410                                     &cur_encryption_done, tot_encryption_size);
   1411         /* Encrypt all encryptable volumes handled by vold */
   1412         if (!rc) {
   1413             for (i=0; i<num_vols; i++) {
   1414                 if (should_encrypt(&vol_list[i])) {
   1415                     rc = cryptfs_enable_inplace(vol_list[i].crypto_blkdev,
   1416                                                 vol_list[i].blk_dev,
   1417                                                 vol_list[i].crypt_ftr.fs_size,
   1418                                                 &cur_encryption_done, tot_encryption_size);
   1419                 }
   1420             }
   1421         }
   1422         if (!rc) {
   1423             /* The inplace routine never actually sets the progress to 100%
   1424              * due to the round down nature of integer division, so set it here */
   1425             property_set("vold.encrypt_progress", "100");
   1426         }
   1427     } else {
   1428         /* Shouldn't happen */
   1429         SLOGE("cryptfs_enable: internal error, unknown option\n");
   1430         goto error_unencrypted;
   1431     }
   1432 
   1433     /* Undo the dm-crypt mapping whether we succeed or not */
   1434     delete_crypto_blk_dev("userdata");
   1435     for (i=0; i<num_vols; i++) {
   1436         if (should_encrypt(&vol_list[i])) {
   1437             delete_crypto_blk_dev(vol_list[i].label);
   1438         }
   1439     }
   1440 
   1441     free(vol_list);
   1442 
   1443     if (! rc) {
   1444         /* Success */
   1445 
   1446         /* Clear the encryption in progres flag in the footer */
   1447         crypt_ftr.flags &= ~CRYPT_ENCRYPTION_IN_PROGRESS;
   1448         put_crypt_ftr_and_key(real_blkdev, &crypt_ftr, 0, 0);
   1449 
   1450         sleep(2); /* Give the UI a chance to show 100% progress */
   1451         android_reboot(ANDROID_RB_RESTART, 0, 0);
   1452     } else {
   1453         char value[PROPERTY_VALUE_MAX];
   1454 
   1455         property_get("ro.vold.wipe_on_crypt_fail", value, "0");
   1456         if (!strcmp(value, "1")) {
   1457             /* wipe data if encryption failed */
   1458             SLOGE("encryption failed - rebooting into recovery to wipe data\n");
   1459             mkdir("/cache/recovery", 0700);
   1460             int fd = open("/cache/recovery/command", O_RDWR|O_CREAT|O_TRUNC, 0600);
   1461             if (fd >= 0) {
   1462                 write(fd, "--wipe_data", strlen("--wipe_data") + 1);
   1463                 close(fd);
   1464             } else {
   1465                 SLOGE("could not open /cache/recovery/command\n");
   1466             }
   1467             android_reboot(ANDROID_RB_RESTART2, 0, "recovery");
   1468         } else {
   1469             /* set property to trigger dialog */
   1470             property_set("vold.encrypt_progress", "error_partially_encrypted");
   1471             release_wake_lock(lockid);
   1472         }
   1473         return -1;
   1474     }
   1475 
   1476     /* hrm, the encrypt step claims success, but the reboot failed.
   1477      * This should not happen.
   1478      * Set the property and return.  Hope the framework can deal with it.
   1479      */
   1480     property_set("vold.encrypt_progress", "error_reboot_failed");
   1481     release_wake_lock(lockid);
   1482     return rc;
   1483 
   1484 error_unencrypted:
   1485     free(vol_list);
   1486     property_set("vold.encrypt_progress", "error_not_encrypted");
   1487     if (lockid[0]) {
   1488         release_wake_lock(lockid);
   1489     }
   1490     return -1;
   1491 
   1492 error_shutting_down:
   1493     /* we failed, and have not encrypted anthing, so the users's data is still intact,
   1494      * but the framework is stopped and not restarted to show the error, so it's up to
   1495      * vold to restart the system.
   1496      */
   1497     SLOGE("Error enabling encryption after framework is shutdown, no data changed, restarting system");
   1498     android_reboot(ANDROID_RB_RESTART, 0, 0);
   1499 
   1500     /* shouldn't get here */
   1501     property_set("vold.encrypt_progress", "error_shutting_down");
   1502     free(vol_list);
   1503     if (lockid[0]) {
   1504         release_wake_lock(lockid);
   1505     }
   1506     return -1;
   1507 }
   1508 
   1509 int cryptfs_changepw(char *newpw)
   1510 {
   1511     struct crypt_mnt_ftr crypt_ftr;
   1512     unsigned char encrypted_master_key[KEY_LEN_BYTES], decrypted_master_key[KEY_LEN_BYTES];
   1513     unsigned char salt[SALT_LEN];
   1514     char real_blkdev[MAXPATHLEN];
   1515 
   1516     /* This is only allowed after we've successfully decrypted the master key */
   1517     if (! master_key_saved) {
   1518         SLOGE("Key not saved, aborting");
   1519         return -1;
   1520     }
   1521 
   1522     fs_mgr_get_crypt_info(fstab, 0, real_blkdev, sizeof(real_blkdev));
   1523     if (strlen(real_blkdev) == 0) {
   1524         SLOGE("Can't find real blkdev");
   1525         return -1;
   1526     }
   1527 
   1528     /* get key */
   1529     if (get_crypt_ftr_and_key(real_blkdev, &crypt_ftr, encrypted_master_key, salt)) {
   1530       SLOGE("Error getting crypt footer and key");
   1531       return -1;
   1532     }
   1533 
   1534     encrypt_master_key(newpw, salt, saved_master_key, encrypted_master_key);
   1535 
   1536     /* save the key */
   1537     put_crypt_ftr_and_key(real_blkdev, &crypt_ftr, encrypted_master_key, salt);
   1538 
   1539     return 0;
   1540 }
   1541