Home | History | Annotate | Download | only in vold
      1 /*
      2  * Copyright (C) 2010 The Android Open Source Project
      3  *
      4  * Licensed under the Apache License, Version 2.0 (the "License");
      5  * you may not use this file except in compliance with the License.
      6  * You may obtain a copy of the License at
      7  *
      8  *      http://www.apache.org/licenses/LICENSE-2.0
      9  *
     10  * Unless required by applicable law or agreed to in writing, software
     11  * distributed under the License is distributed on an "AS IS" BASIS,
     12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     13  * See the License for the specific language governing permissions and
     14  * limitations under the License.
     15  */
     16 
     17 /* TO DO:
     18  *   1.  Perhaps keep several copies of the encrypted key, in case something
     19  *       goes horribly wrong?
     20  *
     21  */
     22 
     23 #include <sys/types.h>
     24 #include <sys/wait.h>
     25 #include <sys/stat.h>
     26 #include <ctype.h>
     27 #include <fcntl.h>
     28 #include <inttypes.h>
     29 #include <unistd.h>
     30 #include <stdio.h>
     31 #include <sys/ioctl.h>
     32 #include <linux/dm-ioctl.h>
     33 #include <libgen.h>
     34 #include <stdlib.h>
     35 #include <sys/param.h>
     36 #include <string.h>
     37 #include <sys/mount.h>
     38 #include <openssl/evp.h>
     39 #include <openssl/sha.h>
     40 #include <errno.h>
     41 #include <ext4.h>
     42 #include <linux/kdev_t.h>
     43 #include <fs_mgr.h>
     44 #include <time.h>
     45 #include <math.h>
     46 #include <selinux/selinux.h>
     47 #include "cryptfs.h"
     48 #include "secontext.h"
     49 #define LOG_TAG "Cryptfs"
     50 #include "cutils/log.h"
     51 #include "cutils/properties.h"
     52 #include "cutils/android_reboot.h"
     53 #include "hardware_legacy/power.h"
     54 #include <logwrap/logwrap.h>
     55 #include "ScryptParameters.h"
     56 #include "VolumeManager.h"
     57 #include "VoldUtil.h"
     58 #include "crypto_scrypt.h"
     59 #include "Ext4Crypt.h"
     60 #include "ext4_utils.h"
     61 #include "f2fs_sparseblock.h"
     62 #include "CheckBattery.h"
     63 #include "Process.h"
     64 
     65 #include <bootloader_message/bootloader_message.h>
     66 #include <hardware/keymaster0.h>
     67 #include <hardware/keymaster1.h>
     68 
     69 #define UNUSED __attribute__((unused))
     70 
     71 #define UNUSED __attribute__((unused))
     72 
     73 #ifdef CONFIG_HW_DISK_ENCRYPTION
     74 #include "cryptfs_hw.h"
     75 #endif
     76 
     77 #define DM_CRYPT_BUF_SIZE 4096
     78 
     79 #define HASH_COUNT 2000
     80 #define KEY_LEN_BYTES 16
     81 #define IV_LEN_BYTES 16
     82 
     83 #define KEY_IN_FOOTER  "footer"
     84 
     85 #define DEFAULT_PASSWORD "default_password"
     86 
     87 #define CRYPTO_BLOCK_DEVICE "userdata"
     88 
     89 #define BREADCRUMB_FILE "/data/misc/vold/convert_fde"
     90 
     91 #define EXT4_FS 1
     92 #define F2FS_FS 2
     93 
     94 #define TABLE_LOAD_RETRIES 10
     95 
     96 #define RSA_KEY_SIZE 2048
     97 #define RSA_KEY_SIZE_BYTES (RSA_KEY_SIZE / 8)
     98 #define RSA_EXPONENT 0x10001
     99 #define KEYMASTER_CRYPTFS_RATE_LIMIT 1  // Maximum one try per second
    100 
    101 #define RETRY_MOUNT_ATTEMPTS 10
    102 #define RETRY_MOUNT_DELAY_SECONDS 1
    103 
    104 char *me = "cryptfs";
    105 
    106 static unsigned char saved_master_key[KEY_LEN_BYTES];
    107 static char *saved_mount_point;
    108 static int  master_key_saved = 0;
    109 static struct crypt_persist_data *persist_data = NULL;
    110 
    111 static int keymaster_init(keymaster0_device_t **keymaster0_dev,
    112                           keymaster1_device_t **keymaster1_dev)
    113 {
    114     int rc;
    115 
    116     const hw_module_t* mod;
    117     rc = hw_get_module_by_class(KEYSTORE_HARDWARE_MODULE_ID, NULL, &mod);
    118     if (rc) {
    119         ALOGE("could not find any keystore module");
    120         goto err;
    121     }
    122 
    123     SLOGI("keymaster module name is %s", mod->name);
    124     SLOGI("keymaster version is %d", mod->module_api_version);
    125 
    126     *keymaster0_dev = NULL;
    127     *keymaster1_dev = NULL;
    128     if (mod->module_api_version == KEYMASTER_MODULE_API_VERSION_1_0) {
    129         SLOGI("Found keymaster1 module, using keymaster1 API.");
    130         rc = keymaster1_open(mod, keymaster1_dev);
    131     } else {
    132         SLOGI("Found keymaster0 module, using keymaster0 API.");
    133         rc = keymaster0_open(mod, keymaster0_dev);
    134     }
    135 
    136     if (rc) {
    137         ALOGE("could not open keymaster device in %s (%s)",
    138               KEYSTORE_HARDWARE_MODULE_ID, strerror(-rc));
    139         goto err;
    140     }
    141 
    142     return 0;
    143 
    144 err:
    145     *keymaster0_dev = NULL;
    146     *keymaster1_dev = NULL;
    147     return rc;
    148 }
    149 
    150 /* Should we use keymaster? */
    151 static int keymaster_check_compatibility()
    152 {
    153     keymaster0_device_t *keymaster0_dev = 0;
    154     keymaster1_device_t *keymaster1_dev = 0;
    155     int rc = 0;
    156 
    157     if (keymaster_init(&keymaster0_dev, &keymaster1_dev)) {
    158         SLOGE("Failed to init keymaster");
    159         rc = -1;
    160         goto out;
    161     }
    162 
    163     if (keymaster1_dev) {
    164         rc = 1;
    165         goto out;
    166     }
    167 
    168     if (!keymaster0_dev || !keymaster0_dev->common.module) {
    169         rc = -1;
    170         goto out;
    171     }
    172 
    173     // TODO(swillden): Check to see if there's any reason to require v0.3.  I think v0.1 and v0.2
    174     // should work.
    175     if (keymaster0_dev->common.module->module_api_version
    176             < KEYMASTER_MODULE_API_VERSION_0_3) {
    177         rc = 0;
    178         goto out;
    179     }
    180 
    181     if (!(keymaster0_dev->flags & KEYMASTER_SOFTWARE_ONLY) &&
    182         (keymaster0_dev->flags & KEYMASTER_BLOBS_ARE_STANDALONE)) {
    183         rc = 1;
    184     }
    185 
    186 out:
    187     if (keymaster1_dev) {
    188         keymaster1_close(keymaster1_dev);
    189     }
    190     if (keymaster0_dev) {
    191         keymaster0_close(keymaster0_dev);
    192     }
    193     return rc;
    194 }
    195 
    196 /* Create a new keymaster key and store it in this footer */
    197 static int keymaster_create_key(struct crypt_mnt_ftr *ftr)
    198 {
    199     uint8_t* key = 0;
    200     keymaster0_device_t *keymaster0_dev = 0;
    201     keymaster1_device_t *keymaster1_dev = 0;
    202 
    203     if (ftr->keymaster_blob_size) {
    204         SLOGI("Already have key");
    205         return 0;
    206     }
    207 
    208     if (keymaster_init(&keymaster0_dev, &keymaster1_dev)) {
    209         SLOGE("Failed to init keymaster");
    210         return -1;
    211     }
    212 
    213     int rc = 0;
    214     size_t key_size = 0;
    215     if (keymaster1_dev) {
    216         keymaster_key_param_t params[] = {
    217             /* Algorithm & size specifications.  Stick with RSA for now.  Switch to AES later. */
    218             keymaster_param_enum(KM_TAG_ALGORITHM, KM_ALGORITHM_RSA),
    219             keymaster_param_int(KM_TAG_KEY_SIZE, RSA_KEY_SIZE),
    220             keymaster_param_long(KM_TAG_RSA_PUBLIC_EXPONENT, RSA_EXPONENT),
    221 
    222 	    /* The only allowed purpose for this key is signing. */
    223 	    keymaster_param_enum(KM_TAG_PURPOSE, KM_PURPOSE_SIGN),
    224 
    225             /* Padding & digest specifications. */
    226             keymaster_param_enum(KM_TAG_PADDING, KM_PAD_NONE),
    227             keymaster_param_enum(KM_TAG_DIGEST, KM_DIGEST_NONE),
    228 
    229             /* Require that the key be usable in standalone mode.  File system isn't available. */
    230             keymaster_param_enum(KM_TAG_BLOB_USAGE_REQUIREMENTS, KM_BLOB_STANDALONE),
    231 
    232             /* No auth requirements, because cryptfs is not yet integrated with gatekeeper. */
    233             keymaster_param_bool(KM_TAG_NO_AUTH_REQUIRED),
    234 
    235             /* Rate-limit key usage attempts, to rate-limit brute force */
    236             keymaster_param_int(KM_TAG_MIN_SECONDS_BETWEEN_OPS, KEYMASTER_CRYPTFS_RATE_LIMIT),
    237         };
    238         keymaster_key_param_set_t param_set = { params, sizeof(params)/sizeof(*params) };
    239         keymaster_key_blob_t key_blob;
    240         keymaster_error_t error = keymaster1_dev->generate_key(keymaster1_dev, &param_set,
    241                                                                &key_blob,
    242                                                                NULL /* characteristics */);
    243         if (error != KM_ERROR_OK) {
    244             SLOGE("Failed to generate keymaster1 key, error %d", error);
    245             rc = -1;
    246             goto out;
    247         }
    248 
    249         key = (uint8_t*)key_blob.key_material;
    250         key_size = key_blob.key_material_size;
    251     }
    252     else if (keymaster0_dev) {
    253         keymaster_rsa_keygen_params_t params;
    254         memset(&params, '\0', sizeof(params));
    255         params.public_exponent = RSA_EXPONENT;
    256         params.modulus_size = RSA_KEY_SIZE;
    257 
    258         if (keymaster0_dev->generate_keypair(keymaster0_dev, TYPE_RSA, &params,
    259                                              &key, &key_size)) {
    260             SLOGE("Failed to generate keypair");
    261             rc = -1;
    262             goto out;
    263         }
    264     } else {
    265         SLOGE("Cryptfs bug: keymaster_init succeeded but didn't initialize a device");
    266         rc = -1;
    267         goto out;
    268     }
    269 
    270     if (key_size > KEYMASTER_BLOB_SIZE) {
    271         SLOGE("Keymaster key too large for crypto footer");
    272         rc = -1;
    273         goto out;
    274     }
    275 
    276     memcpy(ftr->keymaster_blob, key, key_size);
    277     ftr->keymaster_blob_size = key_size;
    278 
    279 out:
    280     if (keymaster0_dev)
    281         keymaster0_close(keymaster0_dev);
    282     if (keymaster1_dev)
    283         keymaster1_close(keymaster1_dev);
    284     free(key);
    285     return rc;
    286 }
    287 
    288 /* This signs the given object using the keymaster key. */
    289 static int keymaster_sign_object(struct crypt_mnt_ftr *ftr,
    290                                  const unsigned char *object,
    291                                  const size_t object_size,
    292                                  unsigned char **signature,
    293                                  size_t *signature_size)
    294 {
    295     int rc = 0;
    296     keymaster0_device_t *keymaster0_dev = 0;
    297     keymaster1_device_t *keymaster1_dev = 0;
    298     if (keymaster_init(&keymaster0_dev, &keymaster1_dev)) {
    299         SLOGE("Failed to init keymaster");
    300         rc = -1;
    301         goto out;
    302     }
    303 
    304     unsigned char to_sign[RSA_KEY_SIZE_BYTES];
    305     size_t to_sign_size = sizeof(to_sign);
    306     memset(to_sign, 0, RSA_KEY_SIZE_BYTES);
    307 
    308     // To sign a message with RSA, the message must satisfy two
    309     // constraints:
    310     //
    311     // 1. The message, when interpreted as a big-endian numeric value, must
    312     //    be strictly less than the public modulus of the RSA key.  Note
    313     //    that because the most significant bit of the public modulus is
    314     //    guaranteed to be 1 (else it's an (n-1)-bit key, not an n-bit
    315     //    key), an n-bit message with most significant bit 0 always
    316     //    satisfies this requirement.
    317     //
    318     // 2. The message must have the same length in bits as the public
    319     //    modulus of the RSA key.  This requirement isn't mathematically
    320     //    necessary, but is necessary to ensure consistency in
    321     //    implementations.
    322     switch (ftr->kdf_type) {
    323         case KDF_SCRYPT_KEYMASTER:
    324             // This ensures the most significant byte of the signed message
    325             // is zero.  We could have zero-padded to the left instead, but
    326             // this approach is slightly more robust against changes in
    327             // object size.  However, it's still broken (but not unusably
    328             // so) because we really should be using a proper deterministic
    329             // RSA padding function, such as PKCS1.
    330             memcpy(to_sign + 1, object, min(RSA_KEY_SIZE_BYTES - 1, object_size));
    331             SLOGI("Signing safely-padded object");
    332             break;
    333         default:
    334             SLOGE("Unknown KDF type %d", ftr->kdf_type);
    335             rc = -1;
    336             goto out;
    337     }
    338 
    339     if (keymaster0_dev) {
    340         keymaster_rsa_sign_params_t params;
    341         params.digest_type = DIGEST_NONE;
    342         params.padding_type = PADDING_NONE;
    343 
    344         rc = keymaster0_dev->sign_data(keymaster0_dev,
    345                                       &params,
    346                                       ftr->keymaster_blob,
    347                                       ftr->keymaster_blob_size,
    348                                       to_sign,
    349                                       to_sign_size,
    350                                       signature,
    351                                       signature_size);
    352         goto out;
    353     } else if (keymaster1_dev) {
    354         keymaster_key_blob_t key = { ftr->keymaster_blob, ftr->keymaster_blob_size };
    355         keymaster_key_param_t params[] = {
    356             keymaster_param_enum(KM_TAG_PADDING, KM_PAD_NONE),
    357             keymaster_param_enum(KM_TAG_DIGEST, KM_DIGEST_NONE),
    358         };
    359         keymaster_key_param_set_t param_set = { params, sizeof(params)/sizeof(*params) };
    360         keymaster_operation_handle_t op_handle;
    361         keymaster_error_t error = keymaster1_dev->begin(keymaster1_dev, KM_PURPOSE_SIGN, &key,
    362                                                         &param_set, NULL /* out_params */,
    363                                                         &op_handle);
    364         if (error == KM_ERROR_KEY_RATE_LIMIT_EXCEEDED) {
    365             // Key usage has been rate-limited.  Wait a bit and try again.
    366             sleep(KEYMASTER_CRYPTFS_RATE_LIMIT);
    367             error = keymaster1_dev->begin(keymaster1_dev, KM_PURPOSE_SIGN, &key,
    368                                           &param_set, NULL /* out_params */,
    369                                           &op_handle);
    370         }
    371         if (error != KM_ERROR_OK) {
    372             SLOGE("Error starting keymaster signature transaction: %d", error);
    373             rc = -1;
    374             goto out;
    375         }
    376 
    377         keymaster_blob_t input = { to_sign, to_sign_size };
    378         size_t input_consumed;
    379         error = keymaster1_dev->update(keymaster1_dev, op_handle, NULL /* in_params */,
    380                                        &input, &input_consumed, NULL /* out_params */,
    381                                        NULL /* output */);
    382         if (error != KM_ERROR_OK) {
    383             SLOGE("Error sending data to keymaster signature transaction: %d", error);
    384             rc = -1;
    385             goto out;
    386         }
    387         if (input_consumed != to_sign_size) {
    388             // This should never happen.  If it does, it's a bug in the keymaster implementation.
    389             SLOGE("Keymaster update() did not consume all data.");
    390             keymaster1_dev->abort(keymaster1_dev, op_handle);
    391             rc = -1;
    392             goto out;
    393         }
    394 
    395         keymaster_blob_t tmp_sig;
    396         error = keymaster1_dev->finish(keymaster1_dev, op_handle, NULL /* in_params */,
    397                                        NULL /* verify signature */, NULL /* out_params */,
    398                                        &tmp_sig);
    399         if (error != KM_ERROR_OK) {
    400             SLOGE("Error finishing keymaster signature transaction: %d", error);
    401             rc = -1;
    402             goto out;
    403         }
    404 
    405         *signature = (uint8_t*)tmp_sig.data;
    406         *signature_size = tmp_sig.data_length;
    407     } else {
    408         SLOGE("Cryptfs bug: keymaster_init succeded but didn't initialize a device.");
    409         rc = -1;
    410         goto out;
    411     }
    412 
    413     out:
    414         if (keymaster1_dev)
    415             keymaster1_close(keymaster1_dev);
    416         if (keymaster0_dev)
    417             keymaster0_close(keymaster0_dev);
    418 
    419         return rc;
    420 }
    421 
    422 /* Store password when userdata is successfully decrypted and mounted.
    423  * Cleared by cryptfs_clear_password
    424  *
    425  * To avoid a double prompt at boot, we need to store the CryptKeeper
    426  * password and pass it to KeyGuard, which uses it to unlock KeyStore.
    427  * Since the entire framework is torn down and rebuilt after encryption,
    428  * we have to use a daemon or similar to store the password. Since vold
    429  * is secured against IPC except from system processes, it seems a reasonable
    430  * place to store this.
    431  *
    432  * password should be cleared once it has been used.
    433  *
    434  * password is aged out after password_max_age_seconds seconds.
    435  */
    436 static char* password = 0;
    437 static int password_expiry_time = 0;
    438 static const int password_max_age_seconds = 60;
    439 
    440 extern struct fstab *fstab;
    441 
    442 enum RebootType {reboot, recovery, shutdown};
    443 static void cryptfs_reboot(enum RebootType rt)
    444 {
    445   switch(rt) {
    446       case reboot:
    447           property_set(ANDROID_RB_PROPERTY, "reboot");
    448           break;
    449 
    450       case recovery:
    451           property_set(ANDROID_RB_PROPERTY, "reboot,recovery");
    452           break;
    453 
    454       case shutdown:
    455           property_set(ANDROID_RB_PROPERTY, "shutdown");
    456           break;
    457     }
    458 
    459     sleep(20);
    460 
    461     /* Shouldn't get here, reboot should happen before sleep times out */
    462     return;
    463 }
    464 
    465 static void ioctl_init(struct dm_ioctl *io, size_t dataSize, const char *name, unsigned flags)
    466 {
    467     memset(io, 0, dataSize);
    468     io->data_size = dataSize;
    469     io->data_start = sizeof(struct dm_ioctl);
    470     io->version[0] = 4;
    471     io->version[1] = 0;
    472     io->version[2] = 0;
    473     io->flags = flags;
    474     if (name) {
    475         strlcpy(io->name, name, sizeof(io->name));
    476     }
    477 }
    478 
    479 /**
    480  * Gets the default device scrypt parameters for key derivation time tuning.
    481  * The parameters should lead to about one second derivation time for the
    482  * given device.
    483  */
    484 static void get_device_scrypt_params(struct crypt_mnt_ftr *ftr) {
    485     char paramstr[PROPERTY_VALUE_MAX];
    486     int Nf, rf, pf;
    487 
    488     property_get(SCRYPT_PROP, paramstr, SCRYPT_DEFAULTS);
    489     if (!parse_scrypt_parameters(paramstr, &Nf, &rf, &pf)) {
    490         SLOGW("bad scrypt parameters '%s' should be like '12:8:1'; using defaults", paramstr);
    491         parse_scrypt_parameters(SCRYPT_DEFAULTS, &Nf, &rf, &pf);
    492     }
    493     ftr->N_factor = Nf;
    494     ftr->r_factor = rf;
    495     ftr->p_factor = pf;
    496 }
    497 
    498 static unsigned int get_fs_size(char *dev)
    499 {
    500     int fd, block_size;
    501     struct ext4_super_block sb;
    502     off64_t len;
    503 
    504     if ((fd = open(dev, O_RDONLY|O_CLOEXEC)) < 0) {
    505         SLOGE("Cannot open device to get filesystem size ");
    506         return 0;
    507     }
    508 
    509     if (lseek64(fd, 1024, SEEK_SET) < 0) {
    510         SLOGE("Cannot seek to superblock");
    511         return 0;
    512     }
    513 
    514     if (read(fd, &sb, sizeof(sb)) != sizeof(sb)) {
    515         SLOGE("Cannot read superblock");
    516         return 0;
    517     }
    518 
    519     close(fd);
    520 
    521     if (le32_to_cpu(sb.s_magic) != EXT4_SUPER_MAGIC) {
    522         SLOGE("Not a valid ext4 superblock");
    523         return 0;
    524     }
    525     block_size = 1024 << sb.s_log_block_size;
    526     /* compute length in bytes */
    527     len = ( ((off64_t)sb.s_blocks_count_hi << 32) + sb.s_blocks_count_lo) * block_size;
    528 
    529     /* return length in sectors */
    530     return (unsigned int) (len / 512);
    531 }
    532 
    533 static int get_crypt_ftr_info(char **metadata_fname, off64_t *off)
    534 {
    535   static int cached_data = 0;
    536   static off64_t cached_off = 0;
    537   static char cached_metadata_fname[PROPERTY_VALUE_MAX] = "";
    538   int fd;
    539   char key_loc[PROPERTY_VALUE_MAX];
    540   char real_blkdev[PROPERTY_VALUE_MAX];
    541   int rc = -1;
    542 
    543   if (!cached_data) {
    544     fs_mgr_get_crypt_info(fstab, key_loc, real_blkdev, sizeof(key_loc));
    545 
    546     if (!strcmp(key_loc, KEY_IN_FOOTER)) {
    547       if ( (fd = open(real_blkdev, O_RDWR|O_CLOEXEC)) < 0) {
    548         SLOGE("Cannot open real block device %s\n", real_blkdev);
    549         return -1;
    550       }
    551 
    552       unsigned long nr_sec = 0;
    553       get_blkdev_size(fd, &nr_sec);
    554       if (nr_sec != 0) {
    555         /* If it's an encrypted Android partition, the last 16 Kbytes contain the
    556          * encryption info footer and key, and plenty of bytes to spare for future
    557          * growth.
    558          */
    559         strlcpy(cached_metadata_fname, real_blkdev, sizeof(cached_metadata_fname));
    560         cached_off = ((off64_t)nr_sec * 512) - CRYPT_FOOTER_OFFSET;
    561         cached_data = 1;
    562       } else {
    563         SLOGE("Cannot get size of block device %s\n", real_blkdev);
    564       }
    565       close(fd);
    566     } else {
    567       strlcpy(cached_metadata_fname, key_loc, sizeof(cached_metadata_fname));
    568       cached_off = 0;
    569       cached_data = 1;
    570     }
    571   }
    572 
    573   if (cached_data) {
    574     if (metadata_fname) {
    575         *metadata_fname = cached_metadata_fname;
    576     }
    577     if (off) {
    578         *off = cached_off;
    579     }
    580     rc = 0;
    581   }
    582 
    583   return rc;
    584 }
    585 
    586 /* Set sha256 checksum in structure */
    587 static void set_ftr_sha(struct crypt_mnt_ftr *crypt_ftr)
    588 {
    589     SHA256_CTX c;
    590     SHA256_Init(&c);
    591     memset(crypt_ftr->sha256, 0, sizeof(crypt_ftr->sha256));
    592     SHA256_Update(&c, crypt_ftr, sizeof(*crypt_ftr));
    593     SHA256_Final(crypt_ftr->sha256, &c);
    594 }
    595 
    596 /* key or salt can be NULL, in which case just skip writing that value.  Useful to
    597  * update the failed mount count but not change the key.
    598  */
    599 static int put_crypt_ftr_and_key(struct crypt_mnt_ftr *crypt_ftr)
    600 {
    601   int fd;
    602   unsigned int cnt;
    603   /* starting_off is set to the SEEK_SET offset
    604    * where the crypto structure starts
    605    */
    606   off64_t starting_off;
    607   int rc = -1;
    608   char *fname = NULL;
    609   struct stat statbuf;
    610 
    611   set_ftr_sha(crypt_ftr);
    612 
    613   if (get_crypt_ftr_info(&fname, &starting_off)) {
    614     SLOGE("Unable to get crypt_ftr_info\n");
    615     return -1;
    616   }
    617   if (fname[0] != '/') {
    618     SLOGE("Unexpected value for crypto key location\n");
    619     return -1;
    620   }
    621   if ( (fd = open(fname, O_RDWR | O_CREAT|O_CLOEXEC, 0600)) < 0) {
    622     SLOGE("Cannot open footer file %s for put\n", fname);
    623     return -1;
    624   }
    625 
    626   /* Seek to the start of the crypt footer */
    627   if (lseek64(fd, starting_off, SEEK_SET) == -1) {
    628     SLOGE("Cannot seek to real block device footer\n");
    629     goto errout;
    630   }
    631 
    632   if ((cnt = write(fd, crypt_ftr, sizeof(struct crypt_mnt_ftr))) != sizeof(struct crypt_mnt_ftr)) {
    633     SLOGE("Cannot write real block device footer\n");
    634     goto errout;
    635   }
    636 
    637   fstat(fd, &statbuf);
    638   /* If the keys are kept on a raw block device, do not try to truncate it. */
    639   if (S_ISREG(statbuf.st_mode)) {
    640     if (ftruncate(fd, 0x4000)) {
    641       SLOGE("Cannot set footer file size\n");
    642       goto errout;
    643     }
    644   }
    645 
    646   /* Success! */
    647   rc = 0;
    648 
    649 errout:
    650   close(fd);
    651   return rc;
    652 
    653 }
    654 
    655 static bool check_ftr_sha(const struct crypt_mnt_ftr *crypt_ftr)
    656 {
    657     struct crypt_mnt_ftr copy;
    658     memcpy(&copy, crypt_ftr, sizeof(copy));
    659     set_ftr_sha(&copy);
    660     return memcmp(copy.sha256, crypt_ftr->sha256, sizeof(copy.sha256)) == 0;
    661 }
    662 
    663 static inline int unix_read(int  fd, void*  buff, int  len)
    664 {
    665     return TEMP_FAILURE_RETRY(read(fd, buff, len));
    666 }
    667 
    668 static inline int unix_write(int  fd, const void*  buff, int  len)
    669 {
    670     return TEMP_FAILURE_RETRY(write(fd, buff, len));
    671 }
    672 
    673 static void init_empty_persist_data(struct crypt_persist_data *pdata, int len)
    674 {
    675     memset(pdata, 0, len);
    676     pdata->persist_magic = PERSIST_DATA_MAGIC;
    677     pdata->persist_valid_entries = 0;
    678 }
    679 
    680 /* A routine to update the passed in crypt_ftr to the lastest version.
    681  * fd is open read/write on the device that holds the crypto footer and persistent
    682  * data, crypt_ftr is a pointer to the struct to be updated, and offset is the
    683  * absolute offset to the start of the crypt_mnt_ftr on the passed in fd.
    684  */
    685 static void upgrade_crypt_ftr(int fd, struct crypt_mnt_ftr *crypt_ftr, off64_t offset)
    686 {
    687     int orig_major = crypt_ftr->major_version;
    688     int orig_minor = crypt_ftr->minor_version;
    689 
    690     if ((crypt_ftr->major_version == 1) && (crypt_ftr->minor_version == 0)) {
    691         struct crypt_persist_data *pdata;
    692         off64_t pdata_offset = offset + CRYPT_FOOTER_TO_PERSIST_OFFSET;
    693 
    694         SLOGW("upgrading crypto footer to 1.1");
    695 
    696         pdata = malloc(CRYPT_PERSIST_DATA_SIZE);
    697         if (pdata == NULL) {
    698             SLOGE("Cannot allocate persisent data\n");
    699             return;
    700         }
    701         memset(pdata, 0, CRYPT_PERSIST_DATA_SIZE);
    702 
    703         /* Need to initialize the persistent data area */
    704         if (lseek64(fd, pdata_offset, SEEK_SET) == -1) {
    705             SLOGE("Cannot seek to persisent data offset\n");
    706             free(pdata);
    707             return;
    708         }
    709         /* Write all zeros to the first copy, making it invalid */
    710         unix_write(fd, pdata, CRYPT_PERSIST_DATA_SIZE);
    711 
    712         /* Write a valid but empty structure to the second copy */
    713         init_empty_persist_data(pdata, CRYPT_PERSIST_DATA_SIZE);
    714         unix_write(fd, pdata, CRYPT_PERSIST_DATA_SIZE);
    715 
    716         /* Update the footer */
    717         crypt_ftr->persist_data_size = CRYPT_PERSIST_DATA_SIZE;
    718         crypt_ftr->persist_data_offset[0] = pdata_offset;
    719         crypt_ftr->persist_data_offset[1] = pdata_offset + CRYPT_PERSIST_DATA_SIZE;
    720         crypt_ftr->minor_version = 1;
    721         free(pdata);
    722     }
    723 
    724     if ((crypt_ftr->major_version == 1) && (crypt_ftr->minor_version == 1)) {
    725         SLOGW("upgrading crypto footer to 1.2");
    726         /* But keep the old kdf_type.
    727          * It will get updated later to KDF_SCRYPT after the password has been verified.
    728          */
    729         crypt_ftr->kdf_type = KDF_PBKDF2;
    730         get_device_scrypt_params(crypt_ftr);
    731         crypt_ftr->minor_version = 2;
    732     }
    733 
    734     if ((crypt_ftr->major_version == 1) && (crypt_ftr->minor_version == 2)) {
    735         SLOGW("upgrading crypto footer to 1.3");
    736         crypt_ftr->crypt_type = CRYPT_TYPE_PASSWORD;
    737         crypt_ftr->minor_version = 3;
    738     }
    739 
    740     if ((orig_major != crypt_ftr->major_version) || (orig_minor != crypt_ftr->minor_version)) {
    741         if (lseek64(fd, offset, SEEK_SET) == -1) {
    742             SLOGE("Cannot seek to crypt footer\n");
    743             return;
    744         }
    745         unix_write(fd, crypt_ftr, sizeof(struct crypt_mnt_ftr));
    746     }
    747 }
    748 
    749 
    750 static int get_crypt_ftr_and_key(struct crypt_mnt_ftr *crypt_ftr)
    751 {
    752   int fd;
    753   unsigned int cnt;
    754   off64_t starting_off;
    755   int rc = -1;
    756   char *fname = NULL;
    757   struct stat statbuf;
    758 
    759   if (get_crypt_ftr_info(&fname, &starting_off)) {
    760     SLOGE("Unable to get crypt_ftr_info\n");
    761     return -1;
    762   }
    763   if (fname[0] != '/') {
    764     SLOGE("Unexpected value for crypto key location\n");
    765     return -1;
    766   }
    767   if ( (fd = open(fname, O_RDWR|O_CLOEXEC)) < 0) {
    768     SLOGE("Cannot open footer file %s for get\n", fname);
    769     return -1;
    770   }
    771 
    772   /* Make sure it's 16 Kbytes in length */
    773   fstat(fd, &statbuf);
    774   if (S_ISREG(statbuf.st_mode) && (statbuf.st_size != 0x4000)) {
    775     SLOGE("footer file %s is not the expected size!\n", fname);
    776     goto errout;
    777   }
    778 
    779   /* Seek to the start of the crypt footer */
    780   if (lseek64(fd, starting_off, SEEK_SET) == -1) {
    781     SLOGE("Cannot seek to real block device footer\n");
    782     goto errout;
    783   }
    784 
    785   if ( (cnt = read(fd, crypt_ftr, sizeof(struct crypt_mnt_ftr))) != sizeof(struct crypt_mnt_ftr)) {
    786     SLOGE("Cannot read real block device footer\n");
    787     goto errout;
    788   }
    789 
    790   if (crypt_ftr->magic != CRYPT_MNT_MAGIC) {
    791     SLOGE("Bad magic for real block device %s\n", fname);
    792     goto errout;
    793   }
    794 
    795   if (crypt_ftr->major_version != CURRENT_MAJOR_VERSION) {
    796     SLOGE("Cannot understand major version %d real block device footer; expected %d\n",
    797           crypt_ftr->major_version, CURRENT_MAJOR_VERSION);
    798     goto errout;
    799   }
    800 
    801   if (crypt_ftr->minor_version > CURRENT_MINOR_VERSION) {
    802     SLOGW("Warning: crypto footer minor version %d, expected <= %d, continuing...\n",
    803           crypt_ftr->minor_version, CURRENT_MINOR_VERSION);
    804   }
    805 
    806   /* If this is a verion 1.0 crypt_ftr, make it a 1.1 crypt footer, and update the
    807    * copy on disk before returning.
    808    */
    809   if (crypt_ftr->minor_version < CURRENT_MINOR_VERSION) {
    810     upgrade_crypt_ftr(fd, crypt_ftr, starting_off);
    811   }
    812 
    813   /* Success! */
    814   rc = 0;
    815 
    816 errout:
    817   close(fd);
    818   return rc;
    819 }
    820 
    821 static int validate_persistent_data_storage(struct crypt_mnt_ftr *crypt_ftr)
    822 {
    823     if (crypt_ftr->persist_data_offset[0] + crypt_ftr->persist_data_size >
    824         crypt_ftr->persist_data_offset[1]) {
    825         SLOGE("Crypt_ftr persist data regions overlap");
    826         return -1;
    827     }
    828 
    829     if (crypt_ftr->persist_data_offset[0] >= crypt_ftr->persist_data_offset[1]) {
    830         SLOGE("Crypt_ftr persist data region 0 starts after region 1");
    831         return -1;
    832     }
    833 
    834     if (((crypt_ftr->persist_data_offset[1] + crypt_ftr->persist_data_size) -
    835         (crypt_ftr->persist_data_offset[0] - CRYPT_FOOTER_TO_PERSIST_OFFSET)) >
    836         CRYPT_FOOTER_OFFSET) {
    837         SLOGE("Persistent data extends past crypto footer");
    838         return -1;
    839     }
    840 
    841     return 0;
    842 }
    843 
    844 static int load_persistent_data(void)
    845 {
    846     struct crypt_mnt_ftr crypt_ftr;
    847     struct crypt_persist_data *pdata = NULL;
    848     char encrypted_state[PROPERTY_VALUE_MAX];
    849     char *fname;
    850     int found = 0;
    851     int fd;
    852     int ret;
    853     int i;
    854 
    855     if (persist_data) {
    856         /* Nothing to do, we've already loaded or initialized it */
    857         return 0;
    858     }
    859 
    860 
    861     /* If not encrypted, just allocate an empty table and initialize it */
    862     property_get("ro.crypto.state", encrypted_state, "");
    863     if (strcmp(encrypted_state, "encrypted") ) {
    864         pdata = malloc(CRYPT_PERSIST_DATA_SIZE);
    865         if (pdata) {
    866             init_empty_persist_data(pdata, CRYPT_PERSIST_DATA_SIZE);
    867             persist_data = pdata;
    868             return 0;
    869         }
    870         return -1;
    871     }
    872 
    873     if(get_crypt_ftr_and_key(&crypt_ftr)) {
    874         return -1;
    875     }
    876 
    877     if ((crypt_ftr.major_version < 1)
    878         || (crypt_ftr.major_version == 1 && crypt_ftr.minor_version < 1)) {
    879         SLOGE("Crypt_ftr version doesn't support persistent data");
    880         return -1;
    881     }
    882 
    883     if (get_crypt_ftr_info(&fname, NULL)) {
    884         return -1;
    885     }
    886 
    887     ret = validate_persistent_data_storage(&crypt_ftr);
    888     if (ret) {
    889         return -1;
    890     }
    891 
    892     fd = open(fname, O_RDONLY|O_CLOEXEC);
    893     if (fd < 0) {
    894         SLOGE("Cannot open %s metadata file", fname);
    895         return -1;
    896     }
    897 
    898     pdata = malloc(crypt_ftr.persist_data_size);
    899     if (pdata == NULL) {
    900         SLOGE("Cannot allocate memory for persistent data");
    901         goto err;
    902     }
    903 
    904     for (i = 0; i < 2; i++) {
    905         if (lseek64(fd, crypt_ftr.persist_data_offset[i], SEEK_SET) < 0) {
    906             SLOGE("Cannot seek to read persistent data on %s", fname);
    907             goto err2;
    908         }
    909         if (unix_read(fd, pdata, crypt_ftr.persist_data_size) < 0){
    910             SLOGE("Error reading persistent data on iteration %d", i);
    911             goto err2;
    912         }
    913         if (pdata->persist_magic == PERSIST_DATA_MAGIC) {
    914             found = 1;
    915             break;
    916         }
    917     }
    918 
    919     if (!found) {
    920         SLOGI("Could not find valid persistent data, creating");
    921         init_empty_persist_data(pdata, crypt_ftr.persist_data_size);
    922     }
    923 
    924     /* Success */
    925     persist_data = pdata;
    926     close(fd);
    927     return 0;
    928 
    929 err2:
    930     free(pdata);
    931 
    932 err:
    933     close(fd);
    934     return -1;
    935 }
    936 
    937 static int save_persistent_data(void)
    938 {
    939     struct crypt_mnt_ftr crypt_ftr;
    940     struct crypt_persist_data *pdata;
    941     char *fname;
    942     off64_t write_offset;
    943     off64_t erase_offset;
    944     int fd;
    945     int ret;
    946 
    947     if (persist_data == NULL) {
    948         SLOGE("No persistent data to save");
    949         return -1;
    950     }
    951 
    952     if(get_crypt_ftr_and_key(&crypt_ftr)) {
    953         return -1;
    954     }
    955 
    956     if ((crypt_ftr.major_version < 1)
    957         || (crypt_ftr.major_version == 1 && crypt_ftr.minor_version < 1)) {
    958         SLOGE("Crypt_ftr version doesn't support persistent data");
    959         return -1;
    960     }
    961 
    962     ret = validate_persistent_data_storage(&crypt_ftr);
    963     if (ret) {
    964         return -1;
    965     }
    966 
    967     if (get_crypt_ftr_info(&fname, NULL)) {
    968         return -1;
    969     }
    970 
    971     fd = open(fname, O_RDWR|O_CLOEXEC);
    972     if (fd < 0) {
    973         SLOGE("Cannot open %s metadata file", fname);
    974         return -1;
    975     }
    976 
    977     pdata = malloc(crypt_ftr.persist_data_size);
    978     if (pdata == NULL) {
    979         SLOGE("Cannot allocate persistant data");
    980         goto err;
    981     }
    982 
    983     if (lseek64(fd, crypt_ftr.persist_data_offset[0], SEEK_SET) < 0) {
    984         SLOGE("Cannot seek to read persistent data on %s", fname);
    985         goto err2;
    986     }
    987 
    988     if (unix_read(fd, pdata, crypt_ftr.persist_data_size) < 0) {
    989             SLOGE("Error reading persistent data before save");
    990             goto err2;
    991     }
    992 
    993     if (pdata->persist_magic == PERSIST_DATA_MAGIC) {
    994         /* The first copy is the curent valid copy, so write to
    995          * the second copy and erase this one */
    996        write_offset = crypt_ftr.persist_data_offset[1];
    997        erase_offset = crypt_ftr.persist_data_offset[0];
    998     } else {
    999         /* The second copy must be the valid copy, so write to
   1000          * the first copy, and erase the second */
   1001        write_offset = crypt_ftr.persist_data_offset[0];
   1002        erase_offset = crypt_ftr.persist_data_offset[1];
   1003     }
   1004 
   1005     /* Write the new copy first, if successful, then erase the old copy */
   1006     if (lseek64(fd, write_offset, SEEK_SET) < 0) {
   1007         SLOGE("Cannot seek to write persistent data");
   1008         goto err2;
   1009     }
   1010     if (unix_write(fd, persist_data, crypt_ftr.persist_data_size) ==
   1011         (int) crypt_ftr.persist_data_size) {
   1012         if (lseek64(fd, erase_offset, SEEK_SET) < 0) {
   1013             SLOGE("Cannot seek to erase previous persistent data");
   1014             goto err2;
   1015         }
   1016         fsync(fd);
   1017         memset(pdata, 0, crypt_ftr.persist_data_size);
   1018         if (unix_write(fd, pdata, crypt_ftr.persist_data_size) !=
   1019             (int) crypt_ftr.persist_data_size) {
   1020             SLOGE("Cannot write to erase previous persistent data");
   1021             goto err2;
   1022         }
   1023         fsync(fd);
   1024     } else {
   1025         SLOGE("Cannot write to save persistent data");
   1026         goto err2;
   1027     }
   1028 
   1029     /* Success */
   1030     free(pdata);
   1031     close(fd);
   1032     return 0;
   1033 
   1034 err2:
   1035     free(pdata);
   1036 err:
   1037     close(fd);
   1038     return -1;
   1039 }
   1040 
   1041 /* Convert a binary key of specified length into an ascii hex string equivalent,
   1042  * without the leading 0x and with null termination
   1043  */
   1044 static void convert_key_to_hex_ascii(const unsigned char *master_key,
   1045                                      unsigned int keysize, char *master_key_ascii) {
   1046     unsigned int i, a;
   1047     unsigned char nibble;
   1048 
   1049     for (i=0, a=0; i<keysize; i++, a+=2) {
   1050         /* For each byte, write out two ascii hex digits */
   1051         nibble = (master_key[i] >> 4) & 0xf;
   1052         master_key_ascii[a] = nibble + (nibble > 9 ? 0x37 : 0x30);
   1053 
   1054         nibble = master_key[i] & 0xf;
   1055         master_key_ascii[a+1] = nibble + (nibble > 9 ? 0x37 : 0x30);
   1056     }
   1057 
   1058     /* Add the null termination */
   1059     master_key_ascii[a] = '\0';
   1060 
   1061 }
   1062 
   1063 static int load_crypto_mapping_table(struct crypt_mnt_ftr *crypt_ftr,
   1064         const unsigned char *master_key, const char *real_blk_name,
   1065         const char *name, int fd, const char *extra_params) {
   1066   _Alignas(struct dm_ioctl) char buffer[DM_CRYPT_BUF_SIZE];
   1067   struct dm_ioctl *io;
   1068   struct dm_target_spec *tgt;
   1069   char *crypt_params;
   1070   char master_key_ascii[129]; /* Large enough to hold 512 bit key and null */
   1071   int i;
   1072 
   1073   io = (struct dm_ioctl *) buffer;
   1074 
   1075   /* Load the mapping table for this device */
   1076   tgt = (struct dm_target_spec *) &buffer[sizeof(struct dm_ioctl)];
   1077 
   1078   ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
   1079   io->target_count = 1;
   1080   tgt->status = 0;
   1081   tgt->sector_start = 0;
   1082   tgt->length = crypt_ftr->fs_size;
   1083 #ifdef CONFIG_HW_DISK_ENCRYPTION
   1084   if (!strcmp((char *)crypt_ftr->crypto_type_name, "aes-xts")) {
   1085     strlcpy(tgt->target_type, "req-crypt", DM_MAX_TYPE_NAME);
   1086   }
   1087   else {
   1088     strlcpy(tgt->target_type, "crypt", DM_MAX_TYPE_NAME);
   1089   }
   1090 #else
   1091   strlcpy(tgt->target_type, "crypt", DM_MAX_TYPE_NAME);
   1092 #endif
   1093 
   1094   crypt_params = buffer + sizeof(struct dm_ioctl) + sizeof(struct dm_target_spec);
   1095   convert_key_to_hex_ascii(master_key, crypt_ftr->keysize, master_key_ascii);
   1096   sprintf(crypt_params, "%s %s 0 %s 0 %s", crypt_ftr->crypto_type_name,
   1097           master_key_ascii, real_blk_name, extra_params);
   1098   crypt_params += strlen(crypt_params) + 1;
   1099   crypt_params = (char *) (((unsigned long)crypt_params + 7) & ~8); /* Align to an 8 byte boundary */
   1100   tgt->next = crypt_params - buffer;
   1101 
   1102   for (i = 0; i < TABLE_LOAD_RETRIES; i++) {
   1103     if (! ioctl(fd, DM_TABLE_LOAD, io)) {
   1104       break;
   1105     }
   1106     usleep(500000);
   1107   }
   1108 
   1109   if (i == TABLE_LOAD_RETRIES) {
   1110     /* We failed to load the table, return an error */
   1111     return -1;
   1112   } else {
   1113     return i + 1;
   1114   }
   1115 }
   1116 
   1117 
   1118 static int get_dm_crypt_version(int fd, const char *name,  int *version)
   1119 {
   1120     char buffer[DM_CRYPT_BUF_SIZE];
   1121     struct dm_ioctl *io;
   1122     struct dm_target_versions *v;
   1123 
   1124     io = (struct dm_ioctl *) buffer;
   1125 
   1126     ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
   1127 
   1128     if (ioctl(fd, DM_LIST_VERSIONS, io)) {
   1129         return -1;
   1130     }
   1131 
   1132     /* Iterate over the returned versions, looking for name of "crypt".
   1133      * When found, get and return the version.
   1134      */
   1135     v = (struct dm_target_versions *) &buffer[sizeof(struct dm_ioctl)];
   1136     while (v->next) {
   1137 #ifdef CONFIG_HW_DISK_ENCRYPTION
   1138         if (! strcmp(v->name, "crypt") || ! strcmp(v->name, "req-crypt")) {
   1139 #else
   1140         if (! strcmp(v->name, "crypt")) {
   1141 #endif
   1142             /* We found the crypt driver, return the version, and get out */
   1143             version[0] = v->version[0];
   1144             version[1] = v->version[1];
   1145             version[2] = v->version[2];
   1146             return 0;
   1147         }
   1148         v = (struct dm_target_versions *)(((char *)v) + v->next);
   1149     }
   1150 
   1151     return -1;
   1152 }
   1153 
   1154 static int create_crypto_blk_dev(struct crypt_mnt_ftr *crypt_ftr,
   1155         const unsigned char *master_key, const char *real_blk_name,
   1156         char *crypto_blk_name, const char *name) {
   1157   char buffer[DM_CRYPT_BUF_SIZE];
   1158   struct dm_ioctl *io;
   1159   unsigned int minor;
   1160   int fd=0;
   1161   int err;
   1162   int retval = -1;
   1163   int version[3];
   1164   char *extra_params;
   1165   int load_count;
   1166 
   1167   if ((fd = open("/dev/device-mapper", O_RDWR|O_CLOEXEC)) < 0 ) {
   1168     SLOGE("Cannot open device-mapper\n");
   1169     goto errout;
   1170   }
   1171 
   1172   io = (struct dm_ioctl *) buffer;
   1173 
   1174   ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
   1175   err = ioctl(fd, DM_DEV_CREATE, io);
   1176   if (err) {
   1177     SLOGE("Cannot create dm-crypt device %s: %s\n", name, strerror(errno));
   1178     goto errout;
   1179   }
   1180 
   1181   /* Get the device status, in particular, the name of it's device file */
   1182   ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
   1183   if (ioctl(fd, DM_DEV_STATUS, io)) {
   1184     SLOGE("Cannot retrieve dm-crypt device status\n");
   1185     goto errout;
   1186   }
   1187   minor = (io->dev & 0xff) | ((io->dev >> 12) & 0xfff00);
   1188   snprintf(crypto_blk_name, MAXPATHLEN, "/dev/block/dm-%u", minor);
   1189 
   1190   extra_params = "";
   1191   if (! get_dm_crypt_version(fd, name, version)) {
   1192       /* Support for allow_discards was added in version 1.11.0 */
   1193       if ((version[0] >= 2) ||
   1194           ((version[0] == 1) && (version[1] >= 11))) {
   1195           extra_params = "1 allow_discards";
   1196           SLOGI("Enabling support for allow_discards in dmcrypt.\n");
   1197       }
   1198   }
   1199 
   1200   load_count = load_crypto_mapping_table(crypt_ftr, master_key, real_blk_name, name,
   1201                                          fd, extra_params);
   1202   if (load_count < 0) {
   1203       SLOGE("Cannot load dm-crypt mapping table.\n");
   1204       goto errout;
   1205   } else if (load_count > 1) {
   1206       SLOGI("Took %d tries to load dmcrypt table.\n", load_count);
   1207   }
   1208 
   1209   /* Resume this device to activate it */
   1210   ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
   1211 
   1212   if (ioctl(fd, DM_DEV_SUSPEND, io)) {
   1213     SLOGE("Cannot resume the dm-crypt device\n");
   1214     goto errout;
   1215   }
   1216 
   1217   /* We made it here with no errors.  Woot! */
   1218   retval = 0;
   1219 
   1220 errout:
   1221   close(fd);   /* If fd is <0 from a failed open call, it's safe to just ignore the close error */
   1222 
   1223   return retval;
   1224 }
   1225 
   1226 static int delete_crypto_blk_dev(char *name)
   1227 {
   1228   int fd;
   1229   char buffer[DM_CRYPT_BUF_SIZE];
   1230   struct dm_ioctl *io;
   1231   int retval = -1;
   1232 
   1233   if ((fd = open("/dev/device-mapper", O_RDWR|O_CLOEXEC)) < 0 ) {
   1234     SLOGE("Cannot open device-mapper\n");
   1235     goto errout;
   1236   }
   1237 
   1238   io = (struct dm_ioctl *) buffer;
   1239 
   1240   ioctl_init(io, DM_CRYPT_BUF_SIZE, name, 0);
   1241   if (ioctl(fd, DM_DEV_REMOVE, io)) {
   1242     SLOGE("Cannot remove dm-crypt device\n");
   1243     goto errout;
   1244   }
   1245 
   1246   /* We made it here with no errors.  Woot! */
   1247   retval = 0;
   1248 
   1249 errout:
   1250   close(fd);    /* If fd is <0 from a failed open call, it's safe to just ignore the close error */
   1251 
   1252   return retval;
   1253 
   1254 }
   1255 
   1256 static int pbkdf2(const char *passwd, const unsigned char *salt,
   1257                   unsigned char *ikey, void *params UNUSED)
   1258 {
   1259     SLOGI("Using pbkdf2 for cryptfs KDF");
   1260 
   1261     /* Turn the password into a key and IV that can decrypt the master key */
   1262     return PKCS5_PBKDF2_HMAC_SHA1(passwd, strlen(passwd), salt, SALT_LEN,
   1263                                   HASH_COUNT, KEY_LEN_BYTES + IV_LEN_BYTES,
   1264                                   ikey) != 1;
   1265 }
   1266 
   1267 static int scrypt(const char *passwd, const unsigned char *salt,
   1268                   unsigned char *ikey, void *params)
   1269 {
   1270     SLOGI("Using scrypt for cryptfs KDF");
   1271 
   1272     struct crypt_mnt_ftr *ftr = (struct crypt_mnt_ftr *) params;
   1273 
   1274     int N = 1 << ftr->N_factor;
   1275     int r = 1 << ftr->r_factor;
   1276     int p = 1 << ftr->p_factor;
   1277 
   1278     /* Turn the password into a key and IV that can decrypt the master key */
   1279     unsigned int keysize;
   1280     crypto_scrypt((const uint8_t*)passwd, strlen(passwd),
   1281                   salt, SALT_LEN, N, r, p, ikey,
   1282                   KEY_LEN_BYTES + IV_LEN_BYTES);
   1283 
   1284    return 0;
   1285 }
   1286 
   1287 static int scrypt_keymaster(const char *passwd, const unsigned char *salt,
   1288                             unsigned char *ikey, void *params)
   1289 {
   1290     SLOGI("Using scrypt with keymaster for cryptfs KDF");
   1291 
   1292     int rc;
   1293     size_t signature_size;
   1294     unsigned char* signature;
   1295     struct crypt_mnt_ftr *ftr = (struct crypt_mnt_ftr *) params;
   1296 
   1297     int N = 1 << ftr->N_factor;
   1298     int r = 1 << ftr->r_factor;
   1299     int p = 1 << ftr->p_factor;
   1300 
   1301     rc = crypto_scrypt((const uint8_t*)passwd, strlen(passwd),
   1302                        salt, SALT_LEN, N, r, p, ikey,
   1303                        KEY_LEN_BYTES + IV_LEN_BYTES);
   1304 
   1305     if (rc) {
   1306         SLOGE("scrypt failed");
   1307         return -1;
   1308     }
   1309 
   1310     if (keymaster_sign_object(ftr, ikey, KEY_LEN_BYTES + IV_LEN_BYTES,
   1311                               &signature, &signature_size)) {
   1312         SLOGE("Signing failed");
   1313         return -1;
   1314     }
   1315 
   1316     rc = crypto_scrypt(signature, signature_size, salt, SALT_LEN,
   1317                        N, r, p, ikey, KEY_LEN_BYTES + IV_LEN_BYTES);
   1318     free(signature);
   1319 
   1320     if (rc) {
   1321         SLOGE("scrypt failed");
   1322         return -1;
   1323     }
   1324 
   1325     return 0;
   1326 }
   1327 
   1328 static int encrypt_master_key(const char *passwd, const unsigned char *salt,
   1329                               const unsigned char *decrypted_master_key,
   1330                               unsigned char *encrypted_master_key,
   1331                               struct crypt_mnt_ftr *crypt_ftr)
   1332 {
   1333     unsigned char ikey[32+32] = { 0 }; /* Big enough to hold a 256 bit key and 256 bit IV */
   1334     EVP_CIPHER_CTX e_ctx;
   1335     int encrypted_len, final_len;
   1336     int rc = 0;
   1337 
   1338     /* Turn the password into an intermediate key and IV that can decrypt the master key */
   1339     get_device_scrypt_params(crypt_ftr);
   1340 
   1341     switch (crypt_ftr->kdf_type) {
   1342     case KDF_SCRYPT_KEYMASTER:
   1343         if (keymaster_create_key(crypt_ftr)) {
   1344             SLOGE("keymaster_create_key failed");
   1345             return -1;
   1346         }
   1347 
   1348         if (scrypt_keymaster(passwd, salt, ikey, crypt_ftr)) {
   1349             SLOGE("scrypt failed");
   1350             return -1;
   1351         }
   1352         break;
   1353 
   1354     case KDF_SCRYPT:
   1355         if (scrypt(passwd, salt, ikey, crypt_ftr)) {
   1356             SLOGE("scrypt failed");
   1357             return -1;
   1358         }
   1359         break;
   1360 
   1361     default:
   1362         SLOGE("Invalid kdf_type");
   1363         return -1;
   1364     }
   1365 
   1366     /* Initialize the decryption engine */
   1367     EVP_CIPHER_CTX_init(&e_ctx);
   1368     if (! EVP_EncryptInit_ex(&e_ctx, EVP_aes_128_cbc(), NULL, ikey, ikey+KEY_LEN_BYTES)) {
   1369         SLOGE("EVP_EncryptInit failed\n");
   1370         return -1;
   1371     }
   1372     EVP_CIPHER_CTX_set_padding(&e_ctx, 0); /* Turn off padding as our data is block aligned */
   1373 
   1374     /* Encrypt the master key */
   1375     if (! EVP_EncryptUpdate(&e_ctx, encrypted_master_key, &encrypted_len,
   1376                             decrypted_master_key, KEY_LEN_BYTES)) {
   1377         SLOGE("EVP_EncryptUpdate failed\n");
   1378         return -1;
   1379     }
   1380     if (! EVP_EncryptFinal_ex(&e_ctx, encrypted_master_key + encrypted_len, &final_len)) {
   1381         SLOGE("EVP_EncryptFinal failed\n");
   1382         return -1;
   1383     }
   1384 
   1385     if (encrypted_len + final_len != KEY_LEN_BYTES) {
   1386         SLOGE("EVP_Encryption length check failed with %d, %d bytes\n", encrypted_len, final_len);
   1387         return -1;
   1388     }
   1389 
   1390     /* Store the scrypt of the intermediate key, so we can validate if it's a
   1391        password error or mount error when things go wrong.
   1392        Note there's no need to check for errors, since if this is incorrect, we
   1393        simply won't wipe userdata, which is the correct default behavior
   1394     */
   1395     int N = 1 << crypt_ftr->N_factor;
   1396     int r = 1 << crypt_ftr->r_factor;
   1397     int p = 1 << crypt_ftr->p_factor;
   1398 
   1399     rc = crypto_scrypt(ikey, KEY_LEN_BYTES,
   1400                        crypt_ftr->salt, sizeof(crypt_ftr->salt), N, r, p,
   1401                        crypt_ftr->scrypted_intermediate_key,
   1402                        sizeof(crypt_ftr->scrypted_intermediate_key));
   1403 
   1404     if (rc) {
   1405       SLOGE("encrypt_master_key: crypto_scrypt failed");
   1406     }
   1407 
   1408     return 0;
   1409 }
   1410 
   1411 static int decrypt_master_key_aux(const char *passwd, unsigned char *salt,
   1412                                   unsigned char *encrypted_master_key,
   1413                                   unsigned char *decrypted_master_key,
   1414                                   kdf_func kdf, void *kdf_params,
   1415                                   unsigned char** intermediate_key,
   1416                                   size_t* intermediate_key_size)
   1417 {
   1418   unsigned char ikey[32+32] = { 0 }; /* Big enough to hold a 256 bit key and 256 bit IV */
   1419   EVP_CIPHER_CTX d_ctx;
   1420   int decrypted_len, final_len;
   1421 
   1422   /* Turn the password into an intermediate key and IV that can decrypt the
   1423      master key */
   1424   if (kdf(passwd, salt, ikey, kdf_params)) {
   1425     SLOGE("kdf failed");
   1426     return -1;
   1427   }
   1428 
   1429   /* Initialize the decryption engine */
   1430   EVP_CIPHER_CTX_init(&d_ctx);
   1431   if (! EVP_DecryptInit_ex(&d_ctx, EVP_aes_128_cbc(), NULL, ikey, ikey+KEY_LEN_BYTES)) {
   1432     return -1;
   1433   }
   1434   EVP_CIPHER_CTX_set_padding(&d_ctx, 0); /* Turn off padding as our data is block aligned */
   1435   /* Decrypt the master key */
   1436   if (! EVP_DecryptUpdate(&d_ctx, decrypted_master_key, &decrypted_len,
   1437                             encrypted_master_key, KEY_LEN_BYTES)) {
   1438     return -1;
   1439   }
   1440   if (! EVP_DecryptFinal_ex(&d_ctx, decrypted_master_key + decrypted_len, &final_len)) {
   1441     return -1;
   1442   }
   1443 
   1444   if (decrypted_len + final_len != KEY_LEN_BYTES) {
   1445     return -1;
   1446   }
   1447 
   1448   /* Copy intermediate key if needed by params */
   1449   if (intermediate_key && intermediate_key_size) {
   1450     *intermediate_key = (unsigned char*) malloc(KEY_LEN_BYTES);
   1451     if (intermediate_key) {
   1452       memcpy(*intermediate_key, ikey, KEY_LEN_BYTES);
   1453       *intermediate_key_size = KEY_LEN_BYTES;
   1454     }
   1455   }
   1456 
   1457   return 0;
   1458 }
   1459 
   1460 static void get_kdf_func(struct crypt_mnt_ftr *ftr, kdf_func *kdf, void** kdf_params)
   1461 {
   1462     if (ftr->kdf_type == KDF_SCRYPT_KEYMASTER) {
   1463         *kdf = scrypt_keymaster;
   1464         *kdf_params = ftr;
   1465     } else if (ftr->kdf_type == KDF_SCRYPT) {
   1466         *kdf = scrypt;
   1467         *kdf_params = ftr;
   1468     } else {
   1469         *kdf = pbkdf2;
   1470         *kdf_params = NULL;
   1471     }
   1472 }
   1473 
   1474 static int decrypt_master_key(const char *passwd, unsigned char *decrypted_master_key,
   1475                               struct crypt_mnt_ftr *crypt_ftr,
   1476                               unsigned char** intermediate_key,
   1477                               size_t* intermediate_key_size)
   1478 {
   1479     kdf_func kdf;
   1480     void *kdf_params;
   1481     int ret;
   1482 
   1483     get_kdf_func(crypt_ftr, &kdf, &kdf_params);
   1484     ret = decrypt_master_key_aux(passwd, crypt_ftr->salt, crypt_ftr->master_key,
   1485                                  decrypted_master_key, kdf, kdf_params,
   1486                                  intermediate_key, intermediate_key_size);
   1487     if (ret != 0) {
   1488         SLOGW("failure decrypting master key");
   1489     }
   1490 
   1491     return ret;
   1492 }
   1493 
   1494 static int create_encrypted_random_key(char *passwd, unsigned char *master_key, unsigned char *salt,
   1495         struct crypt_mnt_ftr *crypt_ftr) {
   1496     int fd;
   1497     unsigned char key_buf[KEY_LEN_BYTES];
   1498 
   1499     /* Get some random bits for a key */
   1500     fd = open("/dev/urandom", O_RDONLY|O_CLOEXEC);
   1501     read(fd, key_buf, sizeof(key_buf));
   1502     read(fd, salt, SALT_LEN);
   1503     close(fd);
   1504 
   1505     /* Now encrypt it with the password */
   1506     return encrypt_master_key(passwd, salt, key_buf, master_key, crypt_ftr);
   1507 }
   1508 
   1509 int wait_and_unmount(const char *mountpoint, bool kill)
   1510 {
   1511     int i, err, rc;
   1512 #define WAIT_UNMOUNT_COUNT 20
   1513 
   1514     /*  Now umount the tmpfs filesystem */
   1515     for (i=0; i<WAIT_UNMOUNT_COUNT; i++) {
   1516         if (umount(mountpoint) == 0) {
   1517             break;
   1518         }
   1519 
   1520         if (errno == EINVAL) {
   1521             /* EINVAL is returned if the directory is not a mountpoint,
   1522              * i.e. there is no filesystem mounted there.  So just get out.
   1523              */
   1524             break;
   1525         }
   1526 
   1527         err = errno;
   1528 
   1529         /* If allowed, be increasingly aggressive before the last two retries */
   1530         if (kill) {
   1531             if (i == (WAIT_UNMOUNT_COUNT - 3)) {
   1532                 SLOGW("sending SIGHUP to processes with open files\n");
   1533                 vold_killProcessesWithOpenFiles(mountpoint, SIGTERM);
   1534             } else if (i == (WAIT_UNMOUNT_COUNT - 2)) {
   1535                 SLOGW("sending SIGKILL to processes with open files\n");
   1536                 vold_killProcessesWithOpenFiles(mountpoint, SIGKILL);
   1537             }
   1538         }
   1539 
   1540         sleep(1);
   1541     }
   1542 
   1543     if (i < WAIT_UNMOUNT_COUNT) {
   1544       SLOGD("unmounting %s succeeded\n", mountpoint);
   1545       rc = 0;
   1546     } else {
   1547       vold_killProcessesWithOpenFiles(mountpoint, 0);
   1548       SLOGE("unmounting %s failed: %s\n", mountpoint, strerror(err));
   1549       rc = -1;
   1550     }
   1551 
   1552     return rc;
   1553 }
   1554 
   1555 #define DATA_PREP_TIMEOUT 1000
   1556 static int prep_data_fs(void)
   1557 {
   1558     int i;
   1559 
   1560     // NOTE: post_fs_data results in init calling back around to vold, so all
   1561     // callers to this method must be async
   1562 
   1563     /* Do the prep of the /data filesystem */
   1564     property_set("vold.post_fs_data_done", "0");
   1565     property_set("vold.decrypt", "trigger_post_fs_data");
   1566     SLOGD("Just triggered post_fs_data\n");
   1567 
   1568     /* Wait a max of 50 seconds, hopefully it takes much less */
   1569     for (i=0; i<DATA_PREP_TIMEOUT; i++) {
   1570         char p[PROPERTY_VALUE_MAX];
   1571 
   1572         property_get("vold.post_fs_data_done", p, "0");
   1573         if (*p == '1') {
   1574             break;
   1575         } else {
   1576             usleep(50000);
   1577         }
   1578     }
   1579     if (i == DATA_PREP_TIMEOUT) {
   1580         /* Ugh, we failed to prep /data in time.  Bail. */
   1581         SLOGE("post_fs_data timed out!\n");
   1582         return -1;
   1583     } else {
   1584         SLOGD("post_fs_data done\n");
   1585         return 0;
   1586     }
   1587 }
   1588 
   1589 static void cryptfs_set_corrupt()
   1590 {
   1591     // Mark the footer as bad
   1592     struct crypt_mnt_ftr crypt_ftr;
   1593     if (get_crypt_ftr_and_key(&crypt_ftr)) {
   1594         SLOGE("Failed to get crypto footer - panic");
   1595         return;
   1596     }
   1597 
   1598     crypt_ftr.flags |= CRYPT_DATA_CORRUPT;
   1599     if (put_crypt_ftr_and_key(&crypt_ftr)) {
   1600         SLOGE("Failed to set crypto footer - panic");
   1601         return;
   1602     }
   1603 }
   1604 
   1605 static void cryptfs_trigger_restart_min_framework()
   1606 {
   1607     if (fs_mgr_do_tmpfs_mount(DATA_MNT_POINT)) {
   1608       SLOGE("Failed to mount tmpfs on data - panic");
   1609       return;
   1610     }
   1611 
   1612     if (property_set("vold.decrypt", "trigger_post_fs_data")) {
   1613         SLOGE("Failed to trigger post fs data - panic");
   1614         return;
   1615     }
   1616 
   1617     if (property_set("vold.decrypt", "trigger_restart_min_framework")) {
   1618         SLOGE("Failed to trigger restart min framework - panic");
   1619         return;
   1620     }
   1621 }
   1622 
   1623 /* returns < 0 on failure */
   1624 static int cryptfs_restart_internal(int restart_main)
   1625 {
   1626     char crypto_blkdev[MAXPATHLEN];
   1627     int rc = -1;
   1628     static int restart_successful = 0;
   1629 
   1630     /* Validate that it's OK to call this routine */
   1631     if (! master_key_saved) {
   1632         SLOGE("Encrypted filesystem not validated, aborting");
   1633         return -1;
   1634     }
   1635 
   1636     if (restart_successful) {
   1637         SLOGE("System already restarted with encrypted disk, aborting");
   1638         return -1;
   1639     }
   1640 
   1641     if (restart_main) {
   1642         /* Here is where we shut down the framework.  The init scripts
   1643          * start all services in one of three classes: core, main or late_start.
   1644          * On boot, we start core and main.  Now, we stop main, but not core,
   1645          * as core includes vold and a few other really important things that
   1646          * we need to keep running.  Once main has stopped, we should be able
   1647          * to umount the tmpfs /data, then mount the encrypted /data.
   1648          * We then restart the class main, and also the class late_start.
   1649          * At the moment, I've only put a few things in late_start that I know
   1650          * are not needed to bring up the framework, and that also cause problems
   1651          * with unmounting the tmpfs /data, but I hope to add add more services
   1652          * to the late_start class as we optimize this to decrease the delay
   1653          * till the user is asked for the password to the filesystem.
   1654          */
   1655 
   1656         /* The init files are setup to stop the class main when vold.decrypt is
   1657          * set to trigger_reset_main.
   1658          */
   1659         property_set("vold.decrypt", "trigger_reset_main");
   1660         SLOGD("Just asked init to shut down class main\n");
   1661 
   1662         /* Ugh, shutting down the framework is not synchronous, so until it
   1663          * can be fixed, this horrible hack will wait a moment for it all to
   1664          * shut down before proceeding.  Without it, some devices cannot
   1665          * restart the graphics services.
   1666          */
   1667         sleep(2);
   1668     }
   1669 
   1670     /* Now that the framework is shutdown, we should be able to umount()
   1671      * the tmpfs filesystem, and mount the real one.
   1672      */
   1673 
   1674     property_get("ro.crypto.fs_crypto_blkdev", crypto_blkdev, "");
   1675     if (strlen(crypto_blkdev) == 0) {
   1676         SLOGE("fs_crypto_blkdev not set\n");
   1677         return -1;
   1678     }
   1679 
   1680     if (! (rc = wait_and_unmount(DATA_MNT_POINT, true)) ) {
   1681         /* If ro.crypto.readonly is set to 1, mount the decrypted
   1682          * filesystem readonly.  This is used when /data is mounted by
   1683          * recovery mode.
   1684          */
   1685         char ro_prop[PROPERTY_VALUE_MAX];
   1686         property_get("ro.crypto.readonly", ro_prop, "");
   1687         if (strlen(ro_prop) > 0 && atoi(ro_prop)) {
   1688             struct fstab_rec* rec = fs_mgr_get_entry_for_mount_point(fstab, DATA_MNT_POINT);
   1689             rec->flags |= MS_RDONLY;
   1690         }
   1691 
   1692         /* If that succeeded, then mount the decrypted filesystem */
   1693         int retries = RETRY_MOUNT_ATTEMPTS;
   1694         int mount_rc;
   1695 
   1696         /*
   1697          * fs_mgr_do_mount runs fsck. Use setexeccon to run trusted
   1698          * partitions in the fsck domain.
   1699          */
   1700         if (setexeccon(secontextFsck())){
   1701             SLOGE("Failed to setexeccon");
   1702             return -1;
   1703         }
   1704         while ((mount_rc = fs_mgr_do_mount(fstab, DATA_MNT_POINT,
   1705                                            crypto_blkdev, 0))
   1706                != 0) {
   1707             if (mount_rc == FS_MGR_DOMNT_BUSY) {
   1708                 /* TODO: invoke something similar to
   1709                    Process::killProcessWithOpenFiles(DATA_MNT_POINT,
   1710                                    retries > RETRY_MOUNT_ATTEMPT/2 ? 1 : 2 ) */
   1711                 SLOGI("Failed to mount %s because it is busy - waiting",
   1712                       crypto_blkdev);
   1713                 if (--retries) {
   1714                     sleep(RETRY_MOUNT_DELAY_SECONDS);
   1715                 } else {
   1716                     /* Let's hope that a reboot clears away whatever is keeping
   1717                        the mount busy */
   1718                     cryptfs_reboot(reboot);
   1719                 }
   1720             } else {
   1721                 SLOGE("Failed to mount decrypted data");
   1722                 cryptfs_set_corrupt();
   1723                 cryptfs_trigger_restart_min_framework();
   1724                 SLOGI("Started framework to offer wipe");
   1725                 if (setexeccon(NULL)) {
   1726                     SLOGE("Failed to setexeccon");
   1727                 }
   1728                 return -1;
   1729             }
   1730         }
   1731         if (setexeccon(NULL)) {
   1732             SLOGE("Failed to setexeccon");
   1733             return -1;
   1734         }
   1735 
   1736         property_set("vold.decrypt", "trigger_load_persist_props");
   1737         /* Create necessary paths on /data */
   1738         if (prep_data_fs()) {
   1739             return -1;
   1740         }
   1741 
   1742         /* startup service classes main and late_start */
   1743         property_set("vold.decrypt", "trigger_restart_framework");
   1744         SLOGD("Just triggered restart_framework\n");
   1745 
   1746         /* Give it a few moments to get started */
   1747         sleep(1);
   1748     }
   1749 
   1750     if (rc == 0) {
   1751         restart_successful = 1;
   1752     }
   1753 
   1754     return rc;
   1755 }
   1756 
   1757 int cryptfs_restart(void)
   1758 {
   1759     SLOGI("cryptfs_restart");
   1760     if (e4crypt_is_native()) {
   1761         SLOGE("cryptfs_restart not valid for file encryption:");
   1762         return -1;
   1763     }
   1764 
   1765     /* Call internal implementation forcing a restart of main service group */
   1766     return cryptfs_restart_internal(1);
   1767 }
   1768 
   1769 static int do_crypto_complete(char *mount_point)
   1770 {
   1771   struct crypt_mnt_ftr crypt_ftr;
   1772   char encrypted_state[PROPERTY_VALUE_MAX];
   1773   char key_loc[PROPERTY_VALUE_MAX];
   1774 
   1775   property_get("ro.crypto.state", encrypted_state, "");
   1776   if (strcmp(encrypted_state, "encrypted") ) {
   1777     SLOGE("not running with encryption, aborting");
   1778     return CRYPTO_COMPLETE_NOT_ENCRYPTED;
   1779   }
   1780 
   1781   // crypto_complete is full disk encrypted status
   1782   if (e4crypt_is_native()) {
   1783     return CRYPTO_COMPLETE_NOT_ENCRYPTED;
   1784   }
   1785 
   1786   if (get_crypt_ftr_and_key(&crypt_ftr)) {
   1787     fs_mgr_get_crypt_info(fstab, key_loc, 0, sizeof(key_loc));
   1788 
   1789     /*
   1790      * Only report this error if key_loc is a file and it exists.
   1791      * If the device was never encrypted, and /data is not mountable for
   1792      * some reason, returning 1 should prevent the UI from presenting the
   1793      * a "enter password" screen, or worse, a "press button to wipe the
   1794      * device" screen.
   1795      */
   1796     if ((key_loc[0] == '/') && (access("key_loc", F_OK) == -1)) {
   1797       SLOGE("master key file does not exist, aborting");
   1798       return CRYPTO_COMPLETE_NOT_ENCRYPTED;
   1799     } else {
   1800       SLOGE("Error getting crypt footer and key\n");
   1801       return CRYPTO_COMPLETE_BAD_METADATA;
   1802     }
   1803   }
   1804 
   1805   // Test for possible error flags
   1806   if (crypt_ftr.flags & CRYPT_ENCRYPTION_IN_PROGRESS){
   1807     SLOGE("Encryption process is partway completed\n");
   1808     return CRYPTO_COMPLETE_PARTIAL;
   1809   }
   1810 
   1811   if (crypt_ftr.flags & CRYPT_INCONSISTENT_STATE){
   1812     SLOGE("Encryption process was interrupted but cannot continue\n");
   1813     return CRYPTO_COMPLETE_INCONSISTENT;
   1814   }
   1815 
   1816   if (crypt_ftr.flags & CRYPT_DATA_CORRUPT){
   1817     SLOGE("Encryption is successful but data is corrupt\n");
   1818     return CRYPTO_COMPLETE_CORRUPT;
   1819   }
   1820 
   1821   /* We passed the test! We shall diminish, and return to the west */
   1822   return CRYPTO_COMPLETE_ENCRYPTED;
   1823 }
   1824 
   1825 static int test_mount_encrypted_fs(struct crypt_mnt_ftr* crypt_ftr,
   1826                                    char *passwd, char *mount_point, char *label)
   1827 {
   1828   /* Allocate enough space for a 256 bit key, but we may use less */
   1829   unsigned char decrypted_master_key[32];
   1830   char crypto_blkdev[MAXPATHLEN];
   1831   char real_blkdev[MAXPATHLEN];
   1832   char tmp_mount_point[64];
   1833   unsigned int orig_failed_decrypt_count;
   1834   int rc;
   1835   int use_keymaster = 0;
   1836   int upgrade = 0;
   1837   unsigned char* intermediate_key = 0;
   1838   size_t intermediate_key_size = 0;
   1839 
   1840   SLOGD("crypt_ftr->fs_size = %lld\n", crypt_ftr->fs_size);
   1841   orig_failed_decrypt_count = crypt_ftr->failed_decrypt_count;
   1842 
   1843   if (! (crypt_ftr->flags & CRYPT_MNT_KEY_UNENCRYPTED) ) {
   1844     if (decrypt_master_key(passwd, decrypted_master_key, crypt_ftr,
   1845                            &intermediate_key, &intermediate_key_size)) {
   1846       SLOGE("Failed to decrypt master key\n");
   1847       rc = -1;
   1848       goto errout;
   1849     }
   1850   }
   1851 
   1852   fs_mgr_get_crypt_info(fstab, 0, real_blkdev, sizeof(real_blkdev));
   1853 
   1854 #ifdef CONFIG_HW_DISK_ENCRYPTION
   1855   if (!strcmp((char *)crypt_ftr->crypto_type_name, "aes-xts")) {
   1856     if(!set_hw_device_encryption_key(passwd, (char*) crypt_ftr->crypto_type_name)) {
   1857       SLOGE("Hardware encryption key does not match");
   1858     }
   1859   }
   1860 #endif
   1861 
   1862   // Create crypto block device - all (non fatal) code paths
   1863   // need it
   1864   if (create_crypto_blk_dev(crypt_ftr, decrypted_master_key,
   1865                             real_blkdev, crypto_blkdev, label)) {
   1866      SLOGE("Error creating decrypted block device\n");
   1867      rc = -1;
   1868      goto errout;
   1869   }
   1870 
   1871   /* Work out if the problem is the password or the data */
   1872   unsigned char scrypted_intermediate_key[sizeof(crypt_ftr->
   1873                                                  scrypted_intermediate_key)];
   1874   int N = 1 << crypt_ftr->N_factor;
   1875   int r = 1 << crypt_ftr->r_factor;
   1876   int p = 1 << crypt_ftr->p_factor;
   1877 
   1878   rc = crypto_scrypt(intermediate_key, intermediate_key_size,
   1879                      crypt_ftr->salt, sizeof(crypt_ftr->salt),
   1880                      N, r, p, scrypted_intermediate_key,
   1881                      sizeof(scrypted_intermediate_key));
   1882 
   1883   // Does the key match the crypto footer?
   1884   if (rc == 0 && memcmp(scrypted_intermediate_key,
   1885                         crypt_ftr->scrypted_intermediate_key,
   1886                         sizeof(scrypted_intermediate_key)) == 0) {
   1887     SLOGI("Password matches");
   1888     rc = 0;
   1889   } else {
   1890     /* Try mounting the file system anyway, just in case the problem's with
   1891      * the footer, not the key. */
   1892     sprintf(tmp_mount_point, "%s/tmp_mnt", mount_point);
   1893     mkdir(tmp_mount_point, 0755);
   1894     if (fs_mgr_do_mount(fstab, DATA_MNT_POINT, crypto_blkdev, tmp_mount_point)) {
   1895       SLOGE("Error temp mounting decrypted block device\n");
   1896       delete_crypto_blk_dev(label);
   1897 
   1898       rc = ++crypt_ftr->failed_decrypt_count;
   1899       put_crypt_ftr_and_key(crypt_ftr);
   1900     } else {
   1901       /* Success! */
   1902       SLOGI("Password did not match but decrypted drive mounted - continue");
   1903       umount(tmp_mount_point);
   1904       rc = 0;
   1905     }
   1906   }
   1907 
   1908   if (rc == 0) {
   1909     crypt_ftr->failed_decrypt_count = 0;
   1910     if (orig_failed_decrypt_count != 0) {
   1911       put_crypt_ftr_and_key(crypt_ftr);
   1912     }
   1913 
   1914     /* Save the name of the crypto block device
   1915      * so we can mount it when restarting the framework. */
   1916     property_set("ro.crypto.fs_crypto_blkdev", crypto_blkdev);
   1917 
   1918     /* Also save a the master key so we can reencrypted the key
   1919      * the key when we want to change the password on it. */
   1920     memcpy(saved_master_key, decrypted_master_key, KEY_LEN_BYTES);
   1921     saved_mount_point = strdup(mount_point);
   1922     master_key_saved = 1;
   1923     SLOGD("%s(): Master key saved\n", __FUNCTION__);
   1924     rc = 0;
   1925 
   1926     // Upgrade if we're not using the latest KDF.
   1927     use_keymaster = keymaster_check_compatibility();
   1928     if (crypt_ftr->kdf_type == KDF_SCRYPT_KEYMASTER) {
   1929         // Don't allow downgrade
   1930     } else if (use_keymaster == 1 && crypt_ftr->kdf_type != KDF_SCRYPT_KEYMASTER) {
   1931         crypt_ftr->kdf_type = KDF_SCRYPT_KEYMASTER;
   1932         upgrade = 1;
   1933     } else if (use_keymaster == 0 && crypt_ftr->kdf_type != KDF_SCRYPT) {
   1934         crypt_ftr->kdf_type = KDF_SCRYPT;
   1935         upgrade = 1;
   1936     }
   1937 
   1938     if (upgrade) {
   1939         rc = encrypt_master_key(passwd, crypt_ftr->salt, saved_master_key,
   1940                                 crypt_ftr->master_key, crypt_ftr);
   1941         if (!rc) {
   1942             rc = put_crypt_ftr_and_key(crypt_ftr);
   1943         }
   1944         SLOGD("Key Derivation Function upgrade: rc=%d\n", rc);
   1945 
   1946         // Do not fail even if upgrade failed - machine is bootable
   1947         // Note that if this code is ever hit, there is a *serious* problem
   1948         // since KDFs should never fail. You *must* fix the kdf before
   1949         // proceeding!
   1950         if (rc) {
   1951           SLOGW("Upgrade failed with error %d,"
   1952                 " but continuing with previous state",
   1953                 rc);
   1954           rc = 0;
   1955         }
   1956     }
   1957   }
   1958 
   1959  errout:
   1960   if (intermediate_key) {
   1961     memset(intermediate_key, 0, intermediate_key_size);
   1962     free(intermediate_key);
   1963   }
   1964   return rc;
   1965 }
   1966 
   1967 /*
   1968  * Called by vold when it's asked to mount an encrypted external
   1969  * storage volume. The incoming partition has no crypto header/footer,
   1970  * as any metadata is been stored in a separate, small partition.
   1971  *
   1972  * out_crypto_blkdev must be MAXPATHLEN.
   1973  */
   1974 int cryptfs_setup_ext_volume(const char* label, const char* real_blkdev,
   1975         const unsigned char* key, int keysize, char* out_crypto_blkdev) {
   1976     int fd = open(real_blkdev, O_RDONLY|O_CLOEXEC);
   1977     if (fd == -1) {
   1978         SLOGE("Failed to open %s: %s", real_blkdev, strerror(errno));
   1979         return -1;
   1980     }
   1981 
   1982     unsigned long nr_sec = 0;
   1983     get_blkdev_size(fd, &nr_sec);
   1984     close(fd);
   1985 
   1986     if (nr_sec == 0) {
   1987         SLOGE("Failed to get size of %s: %s", real_blkdev, strerror(errno));
   1988         return -1;
   1989     }
   1990 
   1991     struct crypt_mnt_ftr ext_crypt_ftr;
   1992     memset(&ext_crypt_ftr, 0, sizeof(ext_crypt_ftr));
   1993     ext_crypt_ftr.fs_size = nr_sec;
   1994     ext_crypt_ftr.keysize = keysize;
   1995     strcpy((char*) ext_crypt_ftr.crypto_type_name, "aes-cbc-essiv:sha256");
   1996 
   1997     return create_crypto_blk_dev(&ext_crypt_ftr, key, real_blkdev,
   1998             out_crypto_blkdev, label);
   1999 }
   2000 
   2001 /*
   2002  * Called by vold when it's asked to unmount an encrypted external
   2003  * storage volume.
   2004  */
   2005 int cryptfs_revert_ext_volume(const char* label) {
   2006     return delete_crypto_blk_dev((char*) label);
   2007 }
   2008 
   2009 int cryptfs_crypto_complete(void)
   2010 {
   2011   return do_crypto_complete("/data");
   2012 }
   2013 
   2014 int check_unmounted_and_get_ftr(struct crypt_mnt_ftr* crypt_ftr)
   2015 {
   2016     char encrypted_state[PROPERTY_VALUE_MAX];
   2017     property_get("ro.crypto.state", encrypted_state, "");
   2018     if ( master_key_saved || strcmp(encrypted_state, "encrypted") ) {
   2019         SLOGE("encrypted fs already validated or not running with encryption,"
   2020               " aborting");
   2021         return -1;
   2022     }
   2023 
   2024     if (get_crypt_ftr_and_key(crypt_ftr)) {
   2025         SLOGE("Error getting crypt footer and key");
   2026         return -1;
   2027     }
   2028 
   2029     return 0;
   2030 }
   2031 
   2032 int cryptfs_check_passwd(char *passwd)
   2033 {
   2034     SLOGI("cryptfs_check_passwd");
   2035     if (e4crypt_is_native()) {
   2036         SLOGE("cryptfs_check_passwd not valid for file encryption");
   2037         return -1;
   2038     }
   2039 
   2040     struct crypt_mnt_ftr crypt_ftr;
   2041     int rc;
   2042 
   2043     rc = check_unmounted_and_get_ftr(&crypt_ftr);
   2044     if (rc) {
   2045         SLOGE("Could not get footer");
   2046         return rc;
   2047     }
   2048 
   2049     rc = test_mount_encrypted_fs(&crypt_ftr, passwd,
   2050                                  DATA_MNT_POINT, CRYPTO_BLOCK_DEVICE);
   2051     if (rc) {
   2052         SLOGE("Password did not match");
   2053         return rc;
   2054     }
   2055 
   2056     if (crypt_ftr.flags & CRYPT_FORCE_COMPLETE) {
   2057         // Here we have a default actual password but a real password
   2058         // we must test against the scrypted value
   2059         // First, we must delete the crypto block device that
   2060         // test_mount_encrypted_fs leaves behind as a side effect
   2061         delete_crypto_blk_dev(CRYPTO_BLOCK_DEVICE);
   2062         rc = test_mount_encrypted_fs(&crypt_ftr, DEFAULT_PASSWORD,
   2063                                      DATA_MNT_POINT, CRYPTO_BLOCK_DEVICE);
   2064         if (rc) {
   2065             SLOGE("Default password did not match on reboot encryption");
   2066             return rc;
   2067         }
   2068 
   2069         crypt_ftr.flags &= ~CRYPT_FORCE_COMPLETE;
   2070         put_crypt_ftr_and_key(&crypt_ftr);
   2071         rc = cryptfs_changepw(crypt_ftr.crypt_type, passwd);
   2072         if (rc) {
   2073             SLOGE("Could not change password on reboot encryption");
   2074             return rc;
   2075         }
   2076     }
   2077 
   2078     if (crypt_ftr.crypt_type != CRYPT_TYPE_DEFAULT) {
   2079         cryptfs_clear_password();
   2080         password = strdup(passwd);
   2081         struct timespec now;
   2082         clock_gettime(CLOCK_BOOTTIME, &now);
   2083         password_expiry_time = now.tv_sec + password_max_age_seconds;
   2084     }
   2085 
   2086     return rc;
   2087 }
   2088 
   2089 int cryptfs_verify_passwd(char *passwd)
   2090 {
   2091     struct crypt_mnt_ftr crypt_ftr;
   2092     /* Allocate enough space for a 256 bit key, but we may use less */
   2093     unsigned char decrypted_master_key[32];
   2094     char encrypted_state[PROPERTY_VALUE_MAX];
   2095     int rc;
   2096 
   2097     property_get("ro.crypto.state", encrypted_state, "");
   2098     if (strcmp(encrypted_state, "encrypted") ) {
   2099         SLOGE("device not encrypted, aborting");
   2100         return -2;
   2101     }
   2102 
   2103     if (!master_key_saved) {
   2104         SLOGE("encrypted fs not yet mounted, aborting");
   2105         return -1;
   2106     }
   2107 
   2108     if (!saved_mount_point) {
   2109         SLOGE("encrypted fs failed to save mount point, aborting");
   2110         return -1;
   2111     }
   2112 
   2113     if (get_crypt_ftr_and_key(&crypt_ftr)) {
   2114         SLOGE("Error getting crypt footer and key\n");
   2115         return -1;
   2116     }
   2117 
   2118     if (crypt_ftr.flags & CRYPT_MNT_KEY_UNENCRYPTED) {
   2119         /* If the device has no password, then just say the password is valid */
   2120         rc = 0;
   2121     } else {
   2122         decrypt_master_key(passwd, decrypted_master_key, &crypt_ftr, 0, 0);
   2123         if (!memcmp(decrypted_master_key, saved_master_key, crypt_ftr.keysize)) {
   2124             /* They match, the password is correct */
   2125             rc = 0;
   2126         } else {
   2127             /* If incorrect, sleep for a bit to prevent dictionary attacks */
   2128             sleep(1);
   2129             rc = 1;
   2130         }
   2131     }
   2132 
   2133     return rc;
   2134 }
   2135 
   2136 /* Initialize a crypt_mnt_ftr structure.  The keysize is
   2137  * defaulted to 16 bytes, and the filesystem size to 0.
   2138  * Presumably, at a minimum, the caller will update the
   2139  * filesystem size and crypto_type_name after calling this function.
   2140  */
   2141 static int cryptfs_init_crypt_mnt_ftr(struct crypt_mnt_ftr *ftr)
   2142 {
   2143     off64_t off;
   2144 
   2145     memset(ftr, 0, sizeof(struct crypt_mnt_ftr));
   2146     ftr->magic = CRYPT_MNT_MAGIC;
   2147     ftr->major_version = CURRENT_MAJOR_VERSION;
   2148     ftr->minor_version = CURRENT_MINOR_VERSION;
   2149     ftr->ftr_size = sizeof(struct crypt_mnt_ftr);
   2150     ftr->keysize = KEY_LEN_BYTES;
   2151 
   2152     switch (keymaster_check_compatibility()) {
   2153     case 1:
   2154         ftr->kdf_type = KDF_SCRYPT_KEYMASTER;
   2155         break;
   2156 
   2157     case 0:
   2158         ftr->kdf_type = KDF_SCRYPT;
   2159         break;
   2160 
   2161     default:
   2162         SLOGE("keymaster_check_compatibility failed");
   2163         return -1;
   2164     }
   2165 
   2166     get_device_scrypt_params(ftr);
   2167 
   2168     ftr->persist_data_size = CRYPT_PERSIST_DATA_SIZE;
   2169     if (get_crypt_ftr_info(NULL, &off) == 0) {
   2170         ftr->persist_data_offset[0] = off + CRYPT_FOOTER_TO_PERSIST_OFFSET;
   2171         ftr->persist_data_offset[1] = off + CRYPT_FOOTER_TO_PERSIST_OFFSET +
   2172                                     ftr->persist_data_size;
   2173     }
   2174 
   2175     return 0;
   2176 }
   2177 
   2178 static int cryptfs_enable_wipe(char *crypto_blkdev, off64_t size, int type)
   2179 {
   2180     const char *args[10];
   2181     char size_str[32]; /* Must be large enough to hold a %lld and null byte */
   2182     int num_args;
   2183     int status;
   2184     int tmp;
   2185     int rc = -1;
   2186 
   2187     if (type == EXT4_FS) {
   2188         args[0] = "/system/bin/make_ext4fs";
   2189         args[1] = "-a";
   2190         args[2] = "/data";
   2191         args[3] = "-l";
   2192         snprintf(size_str, sizeof(size_str), "%" PRId64, size * 512);
   2193         args[4] = size_str;
   2194         args[5] = crypto_blkdev;
   2195         num_args = 6;
   2196         SLOGI("Making empty filesystem with command %s %s %s %s %s %s\n",
   2197               args[0], args[1], args[2], args[3], args[4], args[5]);
   2198     } else if (type == F2FS_FS) {
   2199         args[0] = "/system/bin/mkfs.f2fs";
   2200         args[1] = "-t";
   2201         args[2] = "-d1";
   2202         args[3] = crypto_blkdev;
   2203         snprintf(size_str, sizeof(size_str), "%" PRId64, size);
   2204         args[4] = size_str;
   2205         num_args = 5;
   2206         SLOGI("Making empty filesystem with command %s %s %s %s %s\n",
   2207               args[0], args[1], args[2], args[3], args[4]);
   2208     } else {
   2209         SLOGE("cryptfs_enable_wipe(): unknown filesystem type %d\n", type);
   2210         return -1;
   2211     }
   2212 
   2213     tmp = android_fork_execvp(num_args, (char **)args, &status, false, true);
   2214 
   2215     if (tmp != 0) {
   2216       SLOGE("Error creating empty filesystem on %s due to logwrap error\n", crypto_blkdev);
   2217     } else {
   2218         if (WIFEXITED(status)) {
   2219             if (WEXITSTATUS(status)) {
   2220                 SLOGE("Error creating filesystem on %s, exit status %d ",
   2221                       crypto_blkdev, WEXITSTATUS(status));
   2222             } else {
   2223                 SLOGD("Successfully created filesystem on %s\n", crypto_blkdev);
   2224                 rc = 0;
   2225             }
   2226         } else {
   2227             SLOGE("Error creating filesystem on %s, did not exit normally\n", crypto_blkdev);
   2228        }
   2229     }
   2230 
   2231     return rc;
   2232 }
   2233 
   2234 #define CRYPT_INPLACE_BUFSIZE 4096
   2235 #define CRYPT_SECTORS_PER_BUFSIZE (CRYPT_INPLACE_BUFSIZE / CRYPT_SECTOR_SIZE)
   2236 #define CRYPT_SECTOR_SIZE 512
   2237 
   2238 /* aligned 32K writes tends to make flash happy.
   2239  * SD card association recommends it.
   2240  */
   2241 #ifndef CONFIG_HW_DISK_ENCRYPTION
   2242 #define BLOCKS_AT_A_TIME 8
   2243 #else
   2244 #define BLOCKS_AT_A_TIME 1024
   2245 #endif
   2246 
   2247 struct encryptGroupsData
   2248 {
   2249     int realfd;
   2250     int cryptofd;
   2251     off64_t numblocks;
   2252     off64_t one_pct, cur_pct, new_pct;
   2253     off64_t blocks_already_done, tot_numblocks;
   2254     off64_t used_blocks_already_done, tot_used_blocks;
   2255     char* real_blkdev, * crypto_blkdev;
   2256     int count;
   2257     off64_t offset;
   2258     char* buffer;
   2259     off64_t last_written_sector;
   2260     int completed;
   2261     time_t time_started;
   2262     int remaining_time;
   2263 };
   2264 
   2265 static void update_progress(struct encryptGroupsData* data, int is_used)
   2266 {
   2267     data->blocks_already_done++;
   2268 
   2269     if (is_used) {
   2270         data->used_blocks_already_done++;
   2271     }
   2272     if (data->tot_used_blocks) {
   2273         data->new_pct = data->used_blocks_already_done / data->one_pct;
   2274     } else {
   2275         data->new_pct = data->blocks_already_done / data->one_pct;
   2276     }
   2277 
   2278     if (data->new_pct > data->cur_pct) {
   2279         char buf[8];
   2280         data->cur_pct = data->new_pct;
   2281         snprintf(buf, sizeof(buf), "%" PRId64, data->cur_pct);
   2282         property_set("vold.encrypt_progress", buf);
   2283     }
   2284 
   2285     if (data->cur_pct >= 5) {
   2286         struct timespec time_now;
   2287         if (clock_gettime(CLOCK_MONOTONIC, &time_now)) {
   2288             SLOGW("Error getting time");
   2289         } else {
   2290             double elapsed_time = difftime(time_now.tv_sec, data->time_started);
   2291             off64_t remaining_blocks = data->tot_used_blocks
   2292                                        - data->used_blocks_already_done;
   2293             int remaining_time = (int)(elapsed_time * remaining_blocks
   2294                                        / data->used_blocks_already_done);
   2295 
   2296             // Change time only if not yet set, lower, or a lot higher for
   2297             // best user experience
   2298             if (data->remaining_time == -1
   2299                 || remaining_time < data->remaining_time
   2300                 || remaining_time > data->remaining_time + 60) {
   2301                 char buf[8];
   2302                 snprintf(buf, sizeof(buf), "%d", remaining_time);
   2303                 property_set("vold.encrypt_time_remaining", buf);
   2304                 data->remaining_time = remaining_time;
   2305             }
   2306         }
   2307     }
   2308 }
   2309 
   2310 static void log_progress(struct encryptGroupsData const* data, bool completed)
   2311 {
   2312     // Precondition - if completed data = 0 else data != 0
   2313 
   2314     // Track progress so we can skip logging blocks
   2315     static off64_t offset = -1;
   2316 
   2317     // Need to close existing 'Encrypting from' log?
   2318     if (completed || (offset != -1 && data->offset != offset)) {
   2319         SLOGI("Encrypted to sector %" PRId64,
   2320               offset / info.block_size * CRYPT_SECTOR_SIZE);
   2321         offset = -1;
   2322     }
   2323 
   2324     // Need to start new 'Encrypting from' log?
   2325     if (!completed && offset != data->offset) {
   2326         SLOGI("Encrypting from sector %" PRId64,
   2327               data->offset / info.block_size * CRYPT_SECTOR_SIZE);
   2328     }
   2329 
   2330     // Update offset
   2331     if (!completed) {
   2332         offset = data->offset + (off64_t)data->count * info.block_size;
   2333     }
   2334 }
   2335 
   2336 static int flush_outstanding_data(struct encryptGroupsData* data)
   2337 {
   2338     if (data->count == 0) {
   2339         return 0;
   2340     }
   2341 
   2342     SLOGV("Copying %d blocks at offset %" PRIx64, data->count, data->offset);
   2343 
   2344     if (pread64(data->realfd, data->buffer,
   2345                 info.block_size * data->count, data->offset)
   2346         <= 0) {
   2347         SLOGE("Error reading real_blkdev %s for inplace encrypt",
   2348               data->real_blkdev);
   2349         return -1;
   2350     }
   2351 
   2352     if (pwrite64(data->cryptofd, data->buffer,
   2353                  info.block_size * data->count, data->offset)
   2354         <= 0) {
   2355         SLOGE("Error writing crypto_blkdev %s for inplace encrypt",
   2356               data->crypto_blkdev);
   2357         return -1;
   2358     } else {
   2359       log_progress(data, false);
   2360     }
   2361 
   2362     data->count = 0;
   2363     data->last_written_sector = (data->offset + data->count)
   2364                                 / info.block_size * CRYPT_SECTOR_SIZE - 1;
   2365     return 0;
   2366 }
   2367 
   2368 static int encrypt_groups(struct encryptGroupsData* data)
   2369 {
   2370     unsigned int i;
   2371     u8 *block_bitmap = 0;
   2372     unsigned int block;
   2373     off64_t ret;
   2374     int rc = -1;
   2375 
   2376     data->buffer = malloc(info.block_size * BLOCKS_AT_A_TIME);
   2377     if (!data->buffer) {
   2378         SLOGE("Failed to allocate crypto buffer");
   2379         goto errout;
   2380     }
   2381 
   2382     block_bitmap = malloc(info.block_size);
   2383     if (!block_bitmap) {
   2384         SLOGE("failed to allocate block bitmap");
   2385         goto errout;
   2386     }
   2387 
   2388     for (i = 0; i < aux_info.groups; ++i) {
   2389         SLOGI("Encrypting group %d", i);
   2390 
   2391         u32 first_block = aux_info.first_data_block + i * info.blocks_per_group;
   2392         u32 block_count = min(info.blocks_per_group,
   2393                              aux_info.len_blocks - first_block);
   2394 
   2395         off64_t offset = (u64)info.block_size
   2396                          * aux_info.bg_desc[i].bg_block_bitmap;
   2397 
   2398         ret = pread64(data->realfd, block_bitmap, info.block_size, offset);
   2399         if (ret != (int)info.block_size) {
   2400             SLOGE("failed to read all of block group bitmap %d", i);
   2401             goto errout;
   2402         }
   2403 
   2404         offset = (u64)info.block_size * first_block;
   2405 
   2406         data->count = 0;
   2407 
   2408         for (block = 0; block < block_count; block++) {
   2409             int used = (aux_info.bg_desc[i].bg_flags & EXT4_BG_BLOCK_UNINIT) ?
   2410                     0 : bitmap_get_bit(block_bitmap, block);
   2411             update_progress(data, used);
   2412             if (used) {
   2413                 if (data->count == 0) {
   2414                     data->offset = offset;
   2415                 }
   2416                 data->count++;
   2417             } else {
   2418                 if (flush_outstanding_data(data)) {
   2419                     goto errout;
   2420                 }
   2421             }
   2422 
   2423             offset += info.block_size;
   2424 
   2425             /* Write data if we are aligned or buffer size reached */
   2426             if (offset % (info.block_size * BLOCKS_AT_A_TIME) == 0
   2427                 || data->count == BLOCKS_AT_A_TIME) {
   2428                 if (flush_outstanding_data(data)) {
   2429                     goto errout;
   2430                 }
   2431             }
   2432 
   2433             if (!is_battery_ok_to_continue()) {
   2434                 SLOGE("Stopping encryption due to low battery");
   2435                 rc = 0;
   2436                 goto errout;
   2437             }
   2438 
   2439         }
   2440         if (flush_outstanding_data(data)) {
   2441             goto errout;
   2442         }
   2443     }
   2444 
   2445     data->completed = 1;
   2446     rc = 0;
   2447 
   2448 errout:
   2449     log_progress(0, true);
   2450     free(data->buffer);
   2451     free(block_bitmap);
   2452     return rc;
   2453 }
   2454 
   2455 static int cryptfs_enable_inplace_ext4(char *crypto_blkdev,
   2456                                        char *real_blkdev,
   2457                                        off64_t size,
   2458                                        off64_t *size_already_done,
   2459                                        off64_t tot_size,
   2460                                        off64_t previously_encrypted_upto)
   2461 {
   2462     u32 i;
   2463     struct encryptGroupsData data;
   2464     int rc; // Can't initialize without causing warning -Wclobbered
   2465 
   2466     if (previously_encrypted_upto > *size_already_done) {
   2467         SLOGD("Not fast encrypting since resuming part way through");
   2468         return -1;
   2469     }
   2470 
   2471     memset(&data, 0, sizeof(data));
   2472     data.real_blkdev = real_blkdev;
   2473     data.crypto_blkdev = crypto_blkdev;
   2474 
   2475     if ( (data.realfd = open(real_blkdev, O_RDWR|O_CLOEXEC)) < 0) {
   2476         SLOGE("Error opening real_blkdev %s for inplace encrypt. err=%d(%s)\n",
   2477               real_blkdev, errno, strerror(errno));
   2478         rc = -1;
   2479         goto errout;
   2480     }
   2481 
   2482     // Wait until the block device appears.  Re-use the mount retry values since it is reasonable.
   2483     int retries = RETRY_MOUNT_ATTEMPTS;
   2484     while ((data.cryptofd = open(crypto_blkdev, O_WRONLY|O_CLOEXEC)) < 0) {
   2485         if (--retries) {
   2486             SLOGE("Error opening crypto_blkdev %s for ext4 inplace encrypt. err=%d(%s), retrying\n",
   2487                   crypto_blkdev, errno, strerror(errno));
   2488             sleep(RETRY_MOUNT_DELAY_SECONDS);
   2489         } else {
   2490             SLOGE("Error opening crypto_blkdev %s for ext4 inplace encrypt. err=%d(%s)\n",
   2491                   crypto_blkdev, errno, strerror(errno));
   2492             rc = ENABLE_INPLACE_ERR_DEV;
   2493             goto errout;
   2494         }
   2495     }
   2496 
   2497     if (setjmp(setjmp_env)) {
   2498         SLOGE("Reading ext4 extent caused an exception\n");
   2499         rc = -1;
   2500         goto errout;
   2501     }
   2502 
   2503     if (read_ext(data.realfd, 0) != 0) {
   2504         SLOGE("Failed to read ext4 extent\n");
   2505         rc = -1;
   2506         goto errout;
   2507     }
   2508 
   2509     data.numblocks = size / CRYPT_SECTORS_PER_BUFSIZE;
   2510     data.tot_numblocks = tot_size / CRYPT_SECTORS_PER_BUFSIZE;
   2511     data.blocks_already_done = *size_already_done / CRYPT_SECTORS_PER_BUFSIZE;
   2512 
   2513     SLOGI("Encrypting ext4 filesystem in place...");
   2514 
   2515     data.tot_used_blocks = data.numblocks;
   2516     for (i = 0; i < aux_info.groups; ++i) {
   2517       data.tot_used_blocks -= aux_info.bg_desc[i].bg_free_blocks_count;
   2518     }
   2519 
   2520     data.one_pct = data.tot_used_blocks / 100;
   2521     data.cur_pct = 0;
   2522 
   2523     struct timespec time_started = {0};
   2524     if (clock_gettime(CLOCK_MONOTONIC, &time_started)) {
   2525         SLOGW("Error getting time at start");
   2526         // Note - continue anyway - we'll run with 0
   2527     }
   2528     data.time_started = time_started.tv_sec;
   2529     data.remaining_time = -1;
   2530 
   2531     rc = encrypt_groups(&data);
   2532     if (rc) {
   2533         SLOGE("Error encrypting groups");
   2534         goto errout;
   2535     }
   2536 
   2537     *size_already_done += data.completed ? size : data.last_written_sector;
   2538     rc = 0;
   2539 
   2540 errout:
   2541     close(data.realfd);
   2542     close(data.cryptofd);
   2543 
   2544     return rc;
   2545 }
   2546 
   2547 static void log_progress_f2fs(u64 block, bool completed)
   2548 {
   2549     // Precondition - if completed data = 0 else data != 0
   2550 
   2551     // Track progress so we can skip logging blocks
   2552     static u64 last_block = (u64)-1;
   2553 
   2554     // Need to close existing 'Encrypting from' log?
   2555     if (completed || (last_block != (u64)-1 && block != last_block + 1)) {
   2556         SLOGI("Encrypted to block %" PRId64, last_block);
   2557         last_block = -1;
   2558     }
   2559 
   2560     // Need to start new 'Encrypting from' log?
   2561     if (!completed && (last_block == (u64)-1 || block != last_block + 1)) {
   2562         SLOGI("Encrypting from block %" PRId64, block);
   2563     }
   2564 
   2565     // Update offset
   2566     if (!completed) {
   2567         last_block = block;
   2568     }
   2569 }
   2570 
   2571 static int encrypt_one_block_f2fs(u64 pos, void *data)
   2572 {
   2573     struct encryptGroupsData *priv_dat = (struct encryptGroupsData *)data;
   2574 
   2575     priv_dat->blocks_already_done = pos - 1;
   2576     update_progress(priv_dat, 1);
   2577 
   2578     off64_t offset = pos * CRYPT_INPLACE_BUFSIZE;
   2579 
   2580     if (pread64(priv_dat->realfd, priv_dat->buffer, CRYPT_INPLACE_BUFSIZE, offset) <= 0) {
   2581         SLOGE("Error reading real_blkdev %s for f2fs inplace encrypt", priv_dat->crypto_blkdev);
   2582         return -1;
   2583     }
   2584 
   2585     if (pwrite64(priv_dat->cryptofd, priv_dat->buffer, CRYPT_INPLACE_BUFSIZE, offset) <= 0) {
   2586         SLOGE("Error writing crypto_blkdev %s for f2fs inplace encrypt", priv_dat->crypto_blkdev);
   2587         return -1;
   2588     } else {
   2589         log_progress_f2fs(pos, false);
   2590     }
   2591 
   2592     return 0;
   2593 }
   2594 
   2595 static int cryptfs_enable_inplace_f2fs(char *crypto_blkdev,
   2596                                        char *real_blkdev,
   2597                                        off64_t size,
   2598                                        off64_t *size_already_done,
   2599                                        off64_t tot_size,
   2600                                        off64_t previously_encrypted_upto)
   2601 {
   2602     struct encryptGroupsData data;
   2603     struct f2fs_info *f2fs_info = NULL;
   2604     int rc = ENABLE_INPLACE_ERR_OTHER;
   2605     if (previously_encrypted_upto > *size_already_done) {
   2606         SLOGD("Not fast encrypting since resuming part way through");
   2607         return ENABLE_INPLACE_ERR_OTHER;
   2608     }
   2609     memset(&data, 0, sizeof(data));
   2610     data.real_blkdev = real_blkdev;
   2611     data.crypto_blkdev = crypto_blkdev;
   2612     data.realfd = -1;
   2613     data.cryptofd = -1;
   2614     if ( (data.realfd = open64(real_blkdev, O_RDWR|O_CLOEXEC)) < 0) {
   2615         SLOGE("Error opening real_blkdev %s for f2fs inplace encrypt\n",
   2616               real_blkdev);
   2617         goto errout;
   2618     }
   2619     if ( (data.cryptofd = open64(crypto_blkdev, O_WRONLY|O_CLOEXEC)) < 0) {
   2620         SLOGE("Error opening crypto_blkdev %s for f2fs inplace encrypt. err=%d(%s)\n",
   2621               crypto_blkdev, errno, strerror(errno));
   2622         rc = ENABLE_INPLACE_ERR_DEV;
   2623         goto errout;
   2624     }
   2625 
   2626     f2fs_info = generate_f2fs_info(data.realfd);
   2627     if (!f2fs_info)
   2628       goto errout;
   2629 
   2630     data.numblocks = size / CRYPT_SECTORS_PER_BUFSIZE;
   2631     data.tot_numblocks = tot_size / CRYPT_SECTORS_PER_BUFSIZE;
   2632     data.blocks_already_done = *size_already_done / CRYPT_SECTORS_PER_BUFSIZE;
   2633 
   2634     data.tot_used_blocks = get_num_blocks_used(f2fs_info);
   2635 
   2636     data.one_pct = data.tot_used_blocks / 100;
   2637     data.cur_pct = 0;
   2638     data.time_started = time(NULL);
   2639     data.remaining_time = -1;
   2640 
   2641     data.buffer = malloc(f2fs_info->block_size);
   2642     if (!data.buffer) {
   2643         SLOGE("Failed to allocate crypto buffer");
   2644         goto errout;
   2645     }
   2646 
   2647     data.count = 0;
   2648 
   2649     /* Currently, this either runs to completion, or hits a nonrecoverable error */
   2650     rc = run_on_used_blocks(data.blocks_already_done, f2fs_info, &encrypt_one_block_f2fs, &data);
   2651 
   2652     if (rc) {
   2653         SLOGE("Error in running over f2fs blocks");
   2654         rc = ENABLE_INPLACE_ERR_OTHER;
   2655         goto errout;
   2656     }
   2657 
   2658     *size_already_done += size;
   2659     rc = 0;
   2660 
   2661 errout:
   2662     if (rc)
   2663         SLOGE("Failed to encrypt f2fs filesystem on %s", real_blkdev);
   2664 
   2665     log_progress_f2fs(0, true);
   2666     free(f2fs_info);
   2667     free(data.buffer);
   2668     close(data.realfd);
   2669     close(data.cryptofd);
   2670 
   2671     return rc;
   2672 }
   2673 
   2674 static int cryptfs_enable_inplace_full(char *crypto_blkdev, char *real_blkdev,
   2675                                        off64_t size, off64_t *size_already_done,
   2676                                        off64_t tot_size,
   2677                                        off64_t previously_encrypted_upto)
   2678 {
   2679     int realfd, cryptofd;
   2680     char *buf[CRYPT_INPLACE_BUFSIZE];
   2681     int rc = ENABLE_INPLACE_ERR_OTHER;
   2682     off64_t numblocks, i, remainder;
   2683     off64_t one_pct, cur_pct, new_pct;
   2684     off64_t blocks_already_done, tot_numblocks;
   2685 
   2686     if ( (realfd = open(real_blkdev, O_RDONLY|O_CLOEXEC)) < 0) {
   2687         SLOGE("Error opening real_blkdev %s for inplace encrypt\n", real_blkdev);
   2688         return ENABLE_INPLACE_ERR_OTHER;
   2689     }
   2690 
   2691     if ( (cryptofd = open(crypto_blkdev, O_WRONLY|O_CLOEXEC)) < 0) {
   2692         SLOGE("Error opening crypto_blkdev %s for inplace encrypt. err=%d(%s)\n",
   2693               crypto_blkdev, errno, strerror(errno));
   2694         close(realfd);
   2695         return ENABLE_INPLACE_ERR_DEV;
   2696     }
   2697 
   2698     /* This is pretty much a simple loop of reading 4K, and writing 4K.
   2699      * The size passed in is the number of 512 byte sectors in the filesystem.
   2700      * So compute the number of whole 4K blocks we should read/write,
   2701      * and the remainder.
   2702      */
   2703     numblocks = size / CRYPT_SECTORS_PER_BUFSIZE;
   2704     remainder = size % CRYPT_SECTORS_PER_BUFSIZE;
   2705     tot_numblocks = tot_size / CRYPT_SECTORS_PER_BUFSIZE;
   2706     blocks_already_done = *size_already_done / CRYPT_SECTORS_PER_BUFSIZE;
   2707 
   2708     SLOGE("Encrypting filesystem in place...");
   2709 
   2710     i = previously_encrypted_upto + 1 - *size_already_done;
   2711 
   2712     if (lseek64(realfd, i * CRYPT_SECTOR_SIZE, SEEK_SET) < 0) {
   2713         SLOGE("Cannot seek to previously encrypted point on %s", real_blkdev);
   2714         goto errout;
   2715     }
   2716 
   2717     if (lseek64(cryptofd, i * CRYPT_SECTOR_SIZE, SEEK_SET) < 0) {
   2718         SLOGE("Cannot seek to previously encrypted point on %s", crypto_blkdev);
   2719         goto errout;
   2720     }
   2721 
   2722     for (;i < size && i % CRYPT_SECTORS_PER_BUFSIZE != 0; ++i) {
   2723         if (unix_read(realfd, buf, CRYPT_SECTOR_SIZE) <= 0) {
   2724             SLOGE("Error reading initial sectors from real_blkdev %s for "
   2725                   "inplace encrypt\n", crypto_blkdev);
   2726             goto errout;
   2727         }
   2728         if (unix_write(cryptofd, buf, CRYPT_SECTOR_SIZE) <= 0) {
   2729             SLOGE("Error writing initial sectors to crypto_blkdev %s for "
   2730                   "inplace encrypt\n", crypto_blkdev);
   2731             goto errout;
   2732         } else {
   2733             SLOGI("Encrypted 1 block at %" PRId64, i);
   2734         }
   2735     }
   2736 
   2737     one_pct = tot_numblocks / 100;
   2738     cur_pct = 0;
   2739     /* process the majority of the filesystem in blocks */
   2740     for (i/=CRYPT_SECTORS_PER_BUFSIZE; i<numblocks; i++) {
   2741         new_pct = (i + blocks_already_done) / one_pct;
   2742         if (new_pct > cur_pct) {
   2743             char buf[8];
   2744 
   2745             cur_pct = new_pct;
   2746             snprintf(buf, sizeof(buf), "%" PRId64, cur_pct);
   2747             property_set("vold.encrypt_progress", buf);
   2748         }
   2749         if (unix_read(realfd, buf, CRYPT_INPLACE_BUFSIZE) <= 0) {
   2750             SLOGE("Error reading real_blkdev %s for inplace encrypt", crypto_blkdev);
   2751             goto errout;
   2752         }
   2753         if (unix_write(cryptofd, buf, CRYPT_INPLACE_BUFSIZE) <= 0) {
   2754             SLOGE("Error writing crypto_blkdev %s for inplace encrypt", crypto_blkdev);
   2755             goto errout;
   2756         } else {
   2757             SLOGD("Encrypted %d block at %" PRId64,
   2758                   CRYPT_SECTORS_PER_BUFSIZE,
   2759                   i * CRYPT_SECTORS_PER_BUFSIZE);
   2760         }
   2761 
   2762        if (!is_battery_ok_to_continue()) {
   2763             SLOGE("Stopping encryption due to low battery");
   2764             *size_already_done += (i + 1) * CRYPT_SECTORS_PER_BUFSIZE - 1;
   2765             rc = 0;
   2766             goto errout;
   2767         }
   2768     }
   2769 
   2770     /* Do any remaining sectors */
   2771     for (i=0; i<remainder; i++) {
   2772         if (unix_read(realfd, buf, CRYPT_SECTOR_SIZE) <= 0) {
   2773             SLOGE("Error reading final sectors from real_blkdev %s for inplace encrypt", crypto_blkdev);
   2774             goto errout;
   2775         }
   2776         if (unix_write(cryptofd, buf, CRYPT_SECTOR_SIZE) <= 0) {
   2777             SLOGE("Error writing final sectors to crypto_blkdev %s for inplace encrypt", crypto_blkdev);
   2778             goto errout;
   2779         } else {
   2780             SLOGI("Encrypted 1 block at next location");
   2781         }
   2782     }
   2783 
   2784     *size_already_done += size;
   2785     rc = 0;
   2786 
   2787 errout:
   2788     close(realfd);
   2789     close(cryptofd);
   2790 
   2791     return rc;
   2792 }
   2793 
   2794 /* returns on of the ENABLE_INPLACE_* return codes */
   2795 static int cryptfs_enable_inplace(char *crypto_blkdev, char *real_blkdev,
   2796                                   off64_t size, off64_t *size_already_done,
   2797                                   off64_t tot_size,
   2798                                   off64_t previously_encrypted_upto)
   2799 {
   2800     int rc_ext4, rc_f2fs, rc_full;
   2801     if (previously_encrypted_upto) {
   2802         SLOGD("Continuing encryption from %" PRId64, previously_encrypted_upto);
   2803     }
   2804 
   2805     if (*size_already_done + size < previously_encrypted_upto) {
   2806         *size_already_done += size;
   2807         return 0;
   2808     }
   2809 
   2810     /* TODO: identify filesystem type.
   2811      * As is, cryptfs_enable_inplace_ext4 will fail on an f2fs partition, and
   2812      * then we will drop down to cryptfs_enable_inplace_f2fs.
   2813      * */
   2814     if ((rc_ext4 = cryptfs_enable_inplace_ext4(crypto_blkdev, real_blkdev,
   2815                                 size, size_already_done,
   2816                                 tot_size, previously_encrypted_upto)) == 0) {
   2817       return 0;
   2818     }
   2819     SLOGD("cryptfs_enable_inplace_ext4()=%d\n", rc_ext4);
   2820 
   2821     if ((rc_f2fs = cryptfs_enable_inplace_f2fs(crypto_blkdev, real_blkdev,
   2822                                 size, size_already_done,
   2823                                 tot_size, previously_encrypted_upto)) == 0) {
   2824       return 0;
   2825     }
   2826     SLOGD("cryptfs_enable_inplace_f2fs()=%d\n", rc_f2fs);
   2827 
   2828     rc_full = cryptfs_enable_inplace_full(crypto_blkdev, real_blkdev,
   2829                                        size, size_already_done, tot_size,
   2830                                        previously_encrypted_upto);
   2831     SLOGD("cryptfs_enable_inplace_full()=%d\n", rc_full);
   2832 
   2833     /* Hack for b/17898962, the following is the symptom... */
   2834     if (rc_ext4 == ENABLE_INPLACE_ERR_DEV
   2835         && rc_f2fs == ENABLE_INPLACE_ERR_DEV
   2836         && rc_full == ENABLE_INPLACE_ERR_DEV) {
   2837             return ENABLE_INPLACE_ERR_DEV;
   2838     }
   2839     return rc_full;
   2840 }
   2841 
   2842 #define CRYPTO_ENABLE_WIPE 1
   2843 #define CRYPTO_ENABLE_INPLACE 2
   2844 
   2845 #define FRAMEWORK_BOOT_WAIT 60
   2846 
   2847 static int cryptfs_SHA256_fileblock(const char* filename, __le8* buf)
   2848 {
   2849     int fd = open(filename, O_RDONLY|O_CLOEXEC);
   2850     if (fd == -1) {
   2851         SLOGE("Error opening file %s", filename);
   2852         return -1;
   2853     }
   2854 
   2855     char block[CRYPT_INPLACE_BUFSIZE];
   2856     memset(block, 0, sizeof(block));
   2857     if (unix_read(fd, block, sizeof(block)) < 0) {
   2858         SLOGE("Error reading file %s", filename);
   2859         close(fd);
   2860         return -1;
   2861     }
   2862 
   2863     close(fd);
   2864 
   2865     SHA256_CTX c;
   2866     SHA256_Init(&c);
   2867     SHA256_Update(&c, block, sizeof(block));
   2868     SHA256_Final(buf, &c);
   2869 
   2870     return 0;
   2871 }
   2872 
   2873 static int get_fs_type(struct fstab_rec *rec)
   2874 {
   2875     if (!strcmp(rec->fs_type, "ext4")) {
   2876         return EXT4_FS;
   2877     } else if (!strcmp(rec->fs_type, "f2fs")) {
   2878         return F2FS_FS;
   2879     } else {
   2880         return -1;
   2881     }
   2882 }
   2883 
   2884 static int cryptfs_enable_all_volumes(struct crypt_mnt_ftr *crypt_ftr, int how,
   2885                                       char *crypto_blkdev, char *real_blkdev,
   2886                                       int previously_encrypted_upto)
   2887 {
   2888     off64_t cur_encryption_done=0, tot_encryption_size=0;
   2889     int rc = -1;
   2890 
   2891     if (!is_battery_ok_to_start()) {
   2892         SLOGW("Not starting encryption due to low battery");
   2893         return 0;
   2894     }
   2895 
   2896     /* The size of the userdata partition, and add in the vold volumes below */
   2897     tot_encryption_size = crypt_ftr->fs_size;
   2898 
   2899     if (how == CRYPTO_ENABLE_WIPE) {
   2900         struct fstab_rec* rec = fs_mgr_get_entry_for_mount_point(fstab, DATA_MNT_POINT);
   2901         int fs_type = get_fs_type(rec);
   2902         if (fs_type < 0) {
   2903             SLOGE("cryptfs_enable: unsupported fs type %s\n", rec->fs_type);
   2904             return -1;
   2905         }
   2906         rc = cryptfs_enable_wipe(crypto_blkdev, crypt_ftr->fs_size, fs_type);
   2907     } else if (how == CRYPTO_ENABLE_INPLACE) {
   2908         rc = cryptfs_enable_inplace(crypto_blkdev, real_blkdev,
   2909                                     crypt_ftr->fs_size, &cur_encryption_done,
   2910                                     tot_encryption_size,
   2911                                     previously_encrypted_upto);
   2912 
   2913         if (rc == ENABLE_INPLACE_ERR_DEV) {
   2914             /* Hack for b/17898962 */
   2915             SLOGE("cryptfs_enable: crypto block dev failure. Must reboot...\n");
   2916             cryptfs_reboot(reboot);
   2917         }
   2918 
   2919         if (!rc) {
   2920             crypt_ftr->encrypted_upto = cur_encryption_done;
   2921         }
   2922 
   2923         if (!rc && crypt_ftr->encrypted_upto == crypt_ftr->fs_size) {
   2924             /* The inplace routine never actually sets the progress to 100% due
   2925              * to the round down nature of integer division, so set it here */
   2926             property_set("vold.encrypt_progress", "100");
   2927         }
   2928     } else {
   2929         /* Shouldn't happen */
   2930         SLOGE("cryptfs_enable: internal error, unknown option\n");
   2931         rc = -1;
   2932     }
   2933 
   2934     return rc;
   2935 }
   2936 
   2937 int cryptfs_enable_internal(char *howarg, int crypt_type, char *passwd,
   2938                             int no_ui)
   2939 {
   2940     int how = 0;
   2941     char crypto_blkdev[MAXPATHLEN], real_blkdev[MAXPATHLEN];
   2942     unsigned char decrypted_master_key[KEY_LEN_BYTES];
   2943     int rc=-1, i;
   2944     struct crypt_mnt_ftr crypt_ftr;
   2945     struct crypt_persist_data *pdata;
   2946     char encrypted_state[PROPERTY_VALUE_MAX];
   2947     char lockid[32] = { 0 };
   2948     char key_loc[PROPERTY_VALUE_MAX];
   2949     int num_vols;
   2950     off64_t previously_encrypted_upto = 0;
   2951     bool rebootEncryption = false;
   2952 
   2953     if (!strcmp(howarg, "wipe")) {
   2954       how = CRYPTO_ENABLE_WIPE;
   2955     } else if (! strcmp(howarg, "inplace")) {
   2956       how = CRYPTO_ENABLE_INPLACE;
   2957     } else {
   2958       /* Shouldn't happen, as CommandListener vets the args */
   2959       goto error_unencrypted;
   2960     }
   2961 
   2962     if (how == CRYPTO_ENABLE_INPLACE
   2963           && get_crypt_ftr_and_key(&crypt_ftr) == 0) {
   2964         if (crypt_ftr.flags & CRYPT_ENCRYPTION_IN_PROGRESS) {
   2965             /* An encryption was underway and was interrupted */
   2966             previously_encrypted_upto = crypt_ftr.encrypted_upto;
   2967             crypt_ftr.encrypted_upto = 0;
   2968             crypt_ftr.flags &= ~CRYPT_ENCRYPTION_IN_PROGRESS;
   2969 
   2970             /* At this point, we are in an inconsistent state. Until we successfully
   2971                complete encryption, a reboot will leave us broken. So mark the
   2972                encryption failed in case that happens.
   2973                On successfully completing encryption, remove this flag */
   2974             crypt_ftr.flags |= CRYPT_INCONSISTENT_STATE;
   2975 
   2976             put_crypt_ftr_and_key(&crypt_ftr);
   2977         } else if (crypt_ftr.flags & CRYPT_FORCE_ENCRYPTION) {
   2978             if (!check_ftr_sha(&crypt_ftr)) {
   2979                 memset(&crypt_ftr, 0, sizeof(crypt_ftr));
   2980                 put_crypt_ftr_and_key(&crypt_ftr);
   2981                 goto error_unencrypted;
   2982             }
   2983 
   2984             /* Doing a reboot-encryption*/
   2985             crypt_ftr.flags &= ~CRYPT_FORCE_ENCRYPTION;
   2986             crypt_ftr.flags |= CRYPT_FORCE_COMPLETE;
   2987             rebootEncryption = true;
   2988         }
   2989     }
   2990 
   2991     property_get("ro.crypto.state", encrypted_state, "");
   2992     if (!strcmp(encrypted_state, "encrypted") && !previously_encrypted_upto) {
   2993         SLOGE("Device is already running encrypted, aborting");
   2994         goto error_unencrypted;
   2995     }
   2996 
   2997     // TODO refactor fs_mgr_get_crypt_info to get both in one call
   2998     fs_mgr_get_crypt_info(fstab, key_loc, 0, sizeof(key_loc));
   2999     fs_mgr_get_crypt_info(fstab, 0, real_blkdev, sizeof(real_blkdev));
   3000 
   3001     /* Get the size of the real block device */
   3002     int fd = open(real_blkdev, O_RDONLY|O_CLOEXEC);
   3003     if (fd == -1) {
   3004         SLOGE("Cannot open block device %s\n", real_blkdev);
   3005         goto error_unencrypted;
   3006     }
   3007     unsigned long nr_sec;
   3008     get_blkdev_size(fd, &nr_sec);
   3009     if (nr_sec == 0) {
   3010         SLOGE("Cannot get size of block device %s\n", real_blkdev);
   3011         goto error_unencrypted;
   3012     }
   3013     close(fd);
   3014 
   3015     /* If doing inplace encryption, make sure the orig fs doesn't include the crypto footer */
   3016     if ((how == CRYPTO_ENABLE_INPLACE) && (!strcmp(key_loc, KEY_IN_FOOTER))) {
   3017         unsigned int fs_size_sec, max_fs_size_sec;
   3018         fs_size_sec = get_fs_size(real_blkdev);
   3019         if (fs_size_sec == 0)
   3020             fs_size_sec = get_f2fs_filesystem_size_sec(real_blkdev);
   3021 
   3022         max_fs_size_sec = nr_sec - (CRYPT_FOOTER_OFFSET / CRYPT_SECTOR_SIZE);
   3023 
   3024         if (fs_size_sec > max_fs_size_sec) {
   3025             SLOGE("Orig filesystem overlaps crypto footer region.  Cannot encrypt in place.");
   3026             goto error_unencrypted;
   3027         }
   3028     }
   3029 
   3030     /* Get a wakelock as this may take a while, and we don't want the
   3031      * device to sleep on us.  We'll grab a partial wakelock, and if the UI
   3032      * wants to keep the screen on, it can grab a full wakelock.
   3033      */
   3034     snprintf(lockid, sizeof(lockid), "enablecrypto%d", (int) getpid());
   3035     acquire_wake_lock(PARTIAL_WAKE_LOCK, lockid);
   3036 
   3037     /* The init files are setup to stop the class main and late start when
   3038      * vold sets trigger_shutdown_framework.
   3039      */
   3040     property_set("vold.decrypt", "trigger_shutdown_framework");
   3041     SLOGD("Just asked init to shut down class main\n");
   3042 
   3043     /* Ask vold to unmount all devices that it manages */
   3044     if (vold_unmountAll()) {
   3045         SLOGE("Failed to unmount all vold managed devices");
   3046     }
   3047 
   3048     /* no_ui means we are being called from init, not settings.
   3049        Now we always reboot from settings, so !no_ui means reboot
   3050      */
   3051     bool onlyCreateHeader = false;
   3052     if (!no_ui) {
   3053         /* Try fallback, which is to reboot and try there */
   3054         onlyCreateHeader = true;
   3055         FILE* breadcrumb = fopen(BREADCRUMB_FILE, "we");
   3056         if (breadcrumb == 0) {
   3057             SLOGE("Failed to create breadcrumb file");
   3058             goto error_shutting_down;
   3059         }
   3060         fclose(breadcrumb);
   3061     }
   3062 
   3063     /* Do extra work for a better UX when doing the long inplace encryption */
   3064     if (how == CRYPTO_ENABLE_INPLACE && !onlyCreateHeader) {
   3065         /* Now that /data is unmounted, we need to mount a tmpfs
   3066          * /data, set a property saying we're doing inplace encryption,
   3067          * and restart the framework.
   3068          */
   3069         if (fs_mgr_do_tmpfs_mount(DATA_MNT_POINT)) {
   3070             goto error_shutting_down;
   3071         }
   3072         /* Tells the framework that inplace encryption is starting */
   3073         property_set("vold.encrypt_progress", "0");
   3074 
   3075         /* restart the framework. */
   3076         /* Create necessary paths on /data */
   3077         if (prep_data_fs()) {
   3078             goto error_shutting_down;
   3079         }
   3080 
   3081         /* Ugh, shutting down the framework is not synchronous, so until it
   3082          * can be fixed, this horrible hack will wait a moment for it all to
   3083          * shut down before proceeding.  Without it, some devices cannot
   3084          * restart the graphics services.
   3085          */
   3086         sleep(2);
   3087     }
   3088 
   3089     /* Start the actual work of making an encrypted filesystem */
   3090     /* Initialize a crypt_mnt_ftr for the partition */
   3091     if (previously_encrypted_upto == 0 && !rebootEncryption) {
   3092         if (cryptfs_init_crypt_mnt_ftr(&crypt_ftr)) {
   3093             goto error_shutting_down;
   3094         }
   3095 
   3096         if (!strcmp(key_loc, KEY_IN_FOOTER)) {
   3097             crypt_ftr.fs_size = nr_sec
   3098               - (CRYPT_FOOTER_OFFSET / CRYPT_SECTOR_SIZE);
   3099         } else {
   3100             crypt_ftr.fs_size = nr_sec;
   3101         }
   3102         /* At this point, we are in an inconsistent state. Until we successfully
   3103            complete encryption, a reboot will leave us broken. So mark the
   3104            encryption failed in case that happens.
   3105            On successfully completing encryption, remove this flag */
   3106         if (onlyCreateHeader) {
   3107             crypt_ftr.flags |= CRYPT_FORCE_ENCRYPTION;
   3108         } else {
   3109             crypt_ftr.flags |= CRYPT_INCONSISTENT_STATE;
   3110         }
   3111         crypt_ftr.crypt_type = crypt_type;
   3112 #ifndef CONFIG_HW_DISK_ENCRYPTION
   3113         strlcpy((char *)crypt_ftr.crypto_type_name, "aes-cbc-essiv:sha256", MAX_CRYPTO_TYPE_NAME_LEN);
   3114 #else
   3115         strlcpy((char *)crypt_ftr.crypto_type_name, "aes-xts", MAX_CRYPTO_TYPE_NAME_LEN);
   3116 
   3117         rc = clear_hw_device_encryption_key();
   3118         if (!rc) {
   3119           SLOGE("Error clearing device encryption hardware key. rc = %d", rc);
   3120         }
   3121 
   3122         rc = set_hw_device_encryption_key(passwd,
   3123                                           (char*) crypt_ftr.crypto_type_name);
   3124         if (!rc) {
   3125           SLOGE("Error initializing device encryption hardware key. rc = %d", rc);
   3126           goto error_shutting_down;
   3127         }
   3128 #endif
   3129 
   3130         /* Make an encrypted master key */
   3131         if (create_encrypted_random_key(onlyCreateHeader ? DEFAULT_PASSWORD : passwd,
   3132                                         crypt_ftr.master_key, crypt_ftr.salt, &crypt_ftr)) {
   3133             SLOGE("Cannot create encrypted master key\n");
   3134             goto error_shutting_down;
   3135         }
   3136 
   3137         /* Replace scrypted intermediate key if we are preparing for a reboot */
   3138         if (onlyCreateHeader) {
   3139             unsigned char fake_master_key[KEY_LEN_BYTES];
   3140             unsigned char encrypted_fake_master_key[KEY_LEN_BYTES];
   3141             memset(fake_master_key, 0, sizeof(fake_master_key));
   3142             encrypt_master_key(passwd, crypt_ftr.salt, fake_master_key,
   3143                                encrypted_fake_master_key, &crypt_ftr);
   3144         }
   3145 
   3146         /* Write the key to the end of the partition */
   3147         put_crypt_ftr_and_key(&crypt_ftr);
   3148 
   3149         /* If any persistent data has been remembered, save it.
   3150          * If none, create a valid empty table and save that.
   3151          */
   3152         if (!persist_data) {
   3153            pdata = malloc(CRYPT_PERSIST_DATA_SIZE);
   3154            if (pdata) {
   3155                init_empty_persist_data(pdata, CRYPT_PERSIST_DATA_SIZE);
   3156                persist_data = pdata;
   3157            }
   3158         }
   3159         if (persist_data) {
   3160             save_persistent_data();
   3161         }
   3162     }
   3163 
   3164     if (onlyCreateHeader) {
   3165         sleep(2);
   3166         cryptfs_reboot(reboot);
   3167     }
   3168 
   3169     if (how == CRYPTO_ENABLE_INPLACE && (!no_ui || rebootEncryption)) {
   3170         /* startup service classes main and late_start */
   3171         property_set("vold.decrypt", "trigger_restart_min_framework");
   3172         SLOGD("Just triggered restart_min_framework\n");
   3173 
   3174         /* OK, the framework is restarted and will soon be showing a
   3175          * progress bar.  Time to setup an encrypted mapping, and
   3176          * either write a new filesystem, or encrypt in place updating
   3177          * the progress bar as we work.
   3178          */
   3179     }
   3180 
   3181     decrypt_master_key(passwd, decrypted_master_key, &crypt_ftr, 0, 0);
   3182     create_crypto_blk_dev(&crypt_ftr, decrypted_master_key, real_blkdev, crypto_blkdev,
   3183                           CRYPTO_BLOCK_DEVICE);
   3184 
   3185     /* If we are continuing, check checksums match */
   3186     rc = 0;
   3187     if (previously_encrypted_upto) {
   3188         __le8 hash_first_block[SHA256_DIGEST_LENGTH];
   3189         rc = cryptfs_SHA256_fileblock(crypto_blkdev, hash_first_block);
   3190 
   3191         if (!rc && memcmp(hash_first_block, crypt_ftr.hash_first_block,
   3192                           sizeof(hash_first_block)) != 0) {
   3193             SLOGE("Checksums do not match - trigger wipe");
   3194             rc = -1;
   3195         }
   3196     }
   3197 
   3198     if (!rc) {
   3199         rc = cryptfs_enable_all_volumes(&crypt_ftr, how,
   3200                                         crypto_blkdev, real_blkdev,
   3201                                         previously_encrypted_upto);
   3202     }
   3203 
   3204     /* Calculate checksum if we are not finished */
   3205     if (!rc && how == CRYPTO_ENABLE_INPLACE
   3206             && crypt_ftr.encrypted_upto != crypt_ftr.fs_size) {
   3207         rc = cryptfs_SHA256_fileblock(crypto_blkdev,
   3208                                       crypt_ftr.hash_first_block);
   3209         if (rc) {
   3210             SLOGE("Error calculating checksum for continuing encryption");
   3211             rc = -1;
   3212         }
   3213     }
   3214 
   3215     /* Undo the dm-crypt mapping whether we succeed or not */
   3216     delete_crypto_blk_dev(CRYPTO_BLOCK_DEVICE);
   3217 
   3218     if (! rc) {
   3219         /* Success */
   3220         crypt_ftr.flags &= ~CRYPT_INCONSISTENT_STATE;
   3221 
   3222         if (how == CRYPTO_ENABLE_INPLACE
   3223               && crypt_ftr.encrypted_upto != crypt_ftr.fs_size) {
   3224             SLOGD("Encrypted up to sector %lld - will continue after reboot",
   3225                   crypt_ftr.encrypted_upto);
   3226             crypt_ftr.flags |= CRYPT_ENCRYPTION_IN_PROGRESS;
   3227         }
   3228 
   3229         put_crypt_ftr_and_key(&crypt_ftr);
   3230 
   3231         if (how == CRYPTO_ENABLE_WIPE
   3232               || crypt_ftr.encrypted_upto == crypt_ftr.fs_size) {
   3233           char value[PROPERTY_VALUE_MAX];
   3234           property_get("ro.crypto.state", value, "");
   3235           if (!strcmp(value, "")) {
   3236             /* default encryption - continue first boot sequence */
   3237             property_set("ro.crypto.state", "encrypted");
   3238             property_set("ro.crypto.type", "block");
   3239             release_wake_lock(lockid);
   3240             if (rebootEncryption && crypt_ftr.crypt_type != CRYPT_TYPE_DEFAULT) {
   3241                 // Bring up cryptkeeper that will check the password and set it
   3242                 property_set("vold.decrypt", "trigger_shutdown_framework");
   3243                 sleep(2);
   3244                 property_set("vold.encrypt_progress", "");
   3245                 cryptfs_trigger_restart_min_framework();
   3246             } else {
   3247                 cryptfs_check_passwd(DEFAULT_PASSWORD);
   3248                 cryptfs_restart_internal(1);
   3249             }
   3250             return 0;
   3251           } else {
   3252             sleep(2); /* Give the UI a chance to show 100% progress */
   3253             cryptfs_reboot(reboot);
   3254           }
   3255         } else {
   3256             sleep(2); /* Partially encrypted, ensure writes flushed to ssd */
   3257             cryptfs_reboot(shutdown);
   3258         }
   3259     } else {
   3260         char value[PROPERTY_VALUE_MAX];
   3261 
   3262         property_get("ro.vold.wipe_on_crypt_fail", value, "0");
   3263         if (!strcmp(value, "1")) {
   3264             /* wipe data if encryption failed */
   3265             SLOGE("encryption failed - rebooting into recovery to wipe data\n");
   3266             if (!write_bootloader_message("--wipe_data\n--reason=cryptfs_enable_internal\n")) {
   3267                 SLOGE("could not write bootloader message\n");
   3268             }
   3269             cryptfs_reboot(recovery);
   3270         } else {
   3271             /* set property to trigger dialog */
   3272             property_set("vold.encrypt_progress", "error_partially_encrypted");
   3273             release_wake_lock(lockid);
   3274         }
   3275         return -1;
   3276     }
   3277 
   3278     /* hrm, the encrypt step claims success, but the reboot failed.
   3279      * This should not happen.
   3280      * Set the property and return.  Hope the framework can deal with it.
   3281      */
   3282     property_set("vold.encrypt_progress", "error_reboot_failed");
   3283     release_wake_lock(lockid);
   3284     return rc;
   3285 
   3286 error_unencrypted:
   3287     property_set("vold.encrypt_progress", "error_not_encrypted");
   3288     if (lockid[0]) {
   3289         release_wake_lock(lockid);
   3290     }
   3291     return -1;
   3292 
   3293 error_shutting_down:
   3294     /* we failed, and have not encrypted anthing, so the users's data is still intact,
   3295      * but the framework is stopped and not restarted to show the error, so it's up to
   3296      * vold to restart the system.
   3297      */
   3298     SLOGE("Error enabling encryption after framework is shutdown, no data changed, restarting system");
   3299     cryptfs_reboot(reboot);
   3300 
   3301     /* shouldn't get here */
   3302     property_set("vold.encrypt_progress", "error_shutting_down");
   3303     if (lockid[0]) {
   3304         release_wake_lock(lockid);
   3305     }
   3306     return -1;
   3307 }
   3308 
   3309 int cryptfs_enable(char *howarg, int type, char *passwd, int no_ui)
   3310 {
   3311     return cryptfs_enable_internal(howarg, type, passwd, no_ui);
   3312 }
   3313 
   3314 int cryptfs_enable_default(char *howarg, int no_ui)
   3315 {
   3316     return cryptfs_enable_internal(howarg, CRYPT_TYPE_DEFAULT,
   3317                           DEFAULT_PASSWORD, no_ui);
   3318 }
   3319 
   3320 int cryptfs_changepw(int crypt_type, const char *newpw)
   3321 {
   3322     if (e4crypt_is_native()) {
   3323         SLOGE("cryptfs_changepw not valid for file encryption");
   3324         return -1;
   3325     }
   3326 
   3327     struct crypt_mnt_ftr crypt_ftr;
   3328     int rc;
   3329 
   3330     /* This is only allowed after we've successfully decrypted the master key */
   3331     if (!master_key_saved) {
   3332         SLOGE("Key not saved, aborting");
   3333         return -1;
   3334     }
   3335 
   3336     if (crypt_type < 0 || crypt_type > CRYPT_TYPE_MAX_TYPE) {
   3337         SLOGE("Invalid crypt_type %d", crypt_type);
   3338         return -1;
   3339     }
   3340 
   3341     /* get key */
   3342     if (get_crypt_ftr_and_key(&crypt_ftr)) {
   3343         SLOGE("Error getting crypt footer and key");
   3344         return -1;
   3345     }
   3346 
   3347     crypt_ftr.crypt_type = crypt_type;
   3348 
   3349     rc = encrypt_master_key(crypt_type == CRYPT_TYPE_DEFAULT ? DEFAULT_PASSWORD
   3350                                                         : newpw,
   3351                        crypt_ftr.salt,
   3352                        saved_master_key,
   3353                        crypt_ftr.master_key,
   3354                        &crypt_ftr);
   3355     if (rc) {
   3356         SLOGE("Encrypt master key failed: %d", rc);
   3357         return -1;
   3358     }
   3359     /* save the key */
   3360     put_crypt_ftr_and_key(&crypt_ftr);
   3361 
   3362 #ifdef CONFIG_HW_DISK_ENCRYPTION
   3363     if (!strcmp((char *)crypt_ftr.crypto_type_name, "aes-xts")) {
   3364         if (crypt_type == CRYPT_TYPE_DEFAULT) {
   3365             int rc = update_hw_device_encryption_key(DEFAULT_PASSWORD, (char*) crypt_ftr.crypto_type_name);
   3366             SLOGD("Update hardware encryption key to default for crypt_type: %d. rc = %d", crypt_type, rc);
   3367             if (!rc)
   3368                 return -1;
   3369         } else {
   3370             int rc = update_hw_device_encryption_key(newpw, (char*) crypt_ftr.crypto_type_name);
   3371             SLOGD("Update hardware encryption key for crypt_type: %d. rc = %d", crypt_type, rc);
   3372             if (!rc)
   3373                 return -1;
   3374         }
   3375     }
   3376 #endif
   3377     return 0;
   3378 }
   3379 
   3380 static unsigned int persist_get_max_entries(int encrypted) {
   3381     struct crypt_mnt_ftr crypt_ftr;
   3382     unsigned int dsize;
   3383     unsigned int max_persistent_entries;
   3384 
   3385     /* If encrypted, use the values from the crypt_ftr, otherwise
   3386      * use the values for the current spec.
   3387      */
   3388     if (encrypted) {
   3389         if (get_crypt_ftr_and_key(&crypt_ftr)) {
   3390             return -1;
   3391         }
   3392         dsize = crypt_ftr.persist_data_size;
   3393     } else {
   3394         dsize = CRYPT_PERSIST_DATA_SIZE;
   3395     }
   3396 
   3397     max_persistent_entries = (dsize - sizeof(struct crypt_persist_data)) /
   3398         sizeof(struct crypt_persist_entry);
   3399 
   3400     return max_persistent_entries;
   3401 }
   3402 
   3403 static int persist_get_key(const char *fieldname, char *value)
   3404 {
   3405     unsigned int i;
   3406 
   3407     if (persist_data == NULL) {
   3408         return -1;
   3409     }
   3410     for (i = 0; i < persist_data->persist_valid_entries; i++) {
   3411         if (!strncmp(persist_data->persist_entry[i].key, fieldname, PROPERTY_KEY_MAX)) {
   3412             /* We found it! */
   3413             strlcpy(value, persist_data->persist_entry[i].val, PROPERTY_VALUE_MAX);
   3414             return 0;
   3415         }
   3416     }
   3417 
   3418     return -1;
   3419 }
   3420 
   3421 static int persist_set_key(const char *fieldname, const char *value, int encrypted)
   3422 {
   3423     unsigned int i;
   3424     unsigned int num;
   3425     unsigned int max_persistent_entries;
   3426 
   3427     if (persist_data == NULL) {
   3428         return -1;
   3429     }
   3430 
   3431     max_persistent_entries = persist_get_max_entries(encrypted);
   3432 
   3433     num = persist_data->persist_valid_entries;
   3434 
   3435     for (i = 0; i < num; i++) {
   3436         if (!strncmp(persist_data->persist_entry[i].key, fieldname, PROPERTY_KEY_MAX)) {
   3437             /* We found an existing entry, update it! */
   3438             memset(persist_data->persist_entry[i].val, 0, PROPERTY_VALUE_MAX);
   3439             strlcpy(persist_data->persist_entry[i].val, value, PROPERTY_VALUE_MAX);
   3440             return 0;
   3441         }
   3442     }
   3443 
   3444     /* We didn't find it, add it to the end, if there is room */
   3445     if (persist_data->persist_valid_entries < max_persistent_entries) {
   3446         memset(&persist_data->persist_entry[num], 0, sizeof(struct crypt_persist_entry));
   3447         strlcpy(persist_data->persist_entry[num].key, fieldname, PROPERTY_KEY_MAX);
   3448         strlcpy(persist_data->persist_entry[num].val, value, PROPERTY_VALUE_MAX);
   3449         persist_data->persist_valid_entries++;
   3450         return 0;
   3451     }
   3452 
   3453     return -1;
   3454 }
   3455 
   3456 /**
   3457  * Test if key is part of the multi-entry (field, index) sequence. Return non-zero if key is in the
   3458  * sequence and its index is greater than or equal to index. Return 0 otherwise.
   3459  */
   3460 static int match_multi_entry(const char *key, const char *field, unsigned index) {
   3461     unsigned int field_len;
   3462     unsigned int key_index;
   3463     field_len = strlen(field);
   3464 
   3465     if (index == 0) {
   3466         // The first key in a multi-entry field is just the filedname itself.
   3467         if (!strcmp(key, field)) {
   3468             return 1;
   3469         }
   3470     }
   3471     // Match key against "%s_%d" % (field, index)
   3472     if (strlen(key) < field_len + 1 + 1) {
   3473         // Need at least a '_' and a digit.
   3474         return 0;
   3475     }
   3476     if (strncmp(key, field, field_len)) {
   3477         // If the key does not begin with field, it's not a match.
   3478         return 0;
   3479     }
   3480     if (1 != sscanf(&key[field_len],"_%d", &key_index)) {
   3481         return 0;
   3482     }
   3483     return key_index >= index;
   3484 }
   3485 
   3486 /*
   3487  * Delete entry/entries from persist_data. If the entries are part of a multi-segment field, all
   3488  * remaining entries starting from index will be deleted.
   3489  * returns PERSIST_DEL_KEY_OK if deletion succeeds,
   3490  * PERSIST_DEL_KEY_ERROR_NO_FIELD if the field does not exist,
   3491  * and PERSIST_DEL_KEY_ERROR_OTHER if error occurs.
   3492  *
   3493  */
   3494 static int persist_del_keys(const char *fieldname, unsigned index)
   3495 {
   3496     unsigned int i;
   3497     unsigned int j;
   3498     unsigned int num;
   3499 
   3500     if (persist_data == NULL) {
   3501         return PERSIST_DEL_KEY_ERROR_OTHER;
   3502     }
   3503 
   3504     num = persist_data->persist_valid_entries;
   3505 
   3506     j = 0; // points to the end of non-deleted entries.
   3507     // Filter out to-be-deleted entries in place.
   3508     for (i = 0; i < num; i++) {
   3509         if (!match_multi_entry(persist_data->persist_entry[i].key, fieldname, index)) {
   3510             persist_data->persist_entry[j] = persist_data->persist_entry[i];
   3511             j++;
   3512         }
   3513     }
   3514 
   3515     if (j < num) {
   3516         persist_data->persist_valid_entries = j;
   3517         // Zeroise the remaining entries
   3518         memset(&persist_data->persist_entry[j], 0, (num - j) * sizeof(struct crypt_persist_entry));
   3519         return PERSIST_DEL_KEY_OK;
   3520     } else {
   3521         // Did not find an entry matching the given fieldname
   3522         return PERSIST_DEL_KEY_ERROR_NO_FIELD;
   3523     }
   3524 }
   3525 
   3526 static int persist_count_keys(const char *fieldname)
   3527 {
   3528     unsigned int i;
   3529     unsigned int count;
   3530 
   3531     if (persist_data == NULL) {
   3532         return -1;
   3533     }
   3534 
   3535     count = 0;
   3536     for (i = 0; i < persist_data->persist_valid_entries; i++) {
   3537         if (match_multi_entry(persist_data->persist_entry[i].key, fieldname, 0)) {
   3538             count++;
   3539         }
   3540     }
   3541 
   3542     return count;
   3543 }
   3544 
   3545 /* Return the value of the specified field. */
   3546 int cryptfs_getfield(const char *fieldname, char *value, int len)
   3547 {
   3548     if (e4crypt_is_native()) {
   3549         SLOGE("Cannot get field when file encrypted");
   3550         return -1;
   3551     }
   3552 
   3553     char temp_value[PROPERTY_VALUE_MAX];
   3554     /* CRYPTO_GETFIELD_OK is success,
   3555      * CRYPTO_GETFIELD_ERROR_NO_FIELD is value not set,
   3556      * CRYPTO_GETFIELD_ERROR_BUF_TOO_SMALL is buffer (as given by len) too small,
   3557      * CRYPTO_GETFIELD_ERROR_OTHER is any other error
   3558      */
   3559     int rc = CRYPTO_GETFIELD_ERROR_OTHER;
   3560     int i;
   3561     char temp_field[PROPERTY_KEY_MAX];
   3562 
   3563     if (persist_data == NULL) {
   3564         load_persistent_data();
   3565         if (persist_data == NULL) {
   3566             SLOGE("Getfield error, cannot load persistent data");
   3567             goto out;
   3568         }
   3569     }
   3570 
   3571     // Read value from persistent entries. If the original value is split into multiple entries,
   3572     // stitch them back together.
   3573     if (!persist_get_key(fieldname, temp_value)) {
   3574         // We found it, copy it to the caller's buffer and keep going until all entries are read.
   3575         if (strlcpy(value, temp_value, len) >= (unsigned) len) {
   3576             // value too small
   3577             rc = CRYPTO_GETFIELD_ERROR_BUF_TOO_SMALL;
   3578             goto out;
   3579         }
   3580         rc = CRYPTO_GETFIELD_OK;
   3581 
   3582         for (i = 1; /* break explicitly */; i++) {
   3583             if (snprintf(temp_field, sizeof(temp_field), "%s_%d", fieldname, i) >=
   3584                     (int) sizeof(temp_field)) {
   3585                 // If the fieldname is very long, we stop as soon as it begins to overflow the
   3586                 // maximum field length. At this point we have in fact fully read out the original
   3587                 // value because cryptfs_setfield would not allow fields with longer names to be
   3588                 // written in the first place.
   3589                 break;
   3590             }
   3591             if (!persist_get_key(temp_field, temp_value)) {
   3592                   if (strlcat(value, temp_value, len) >= (unsigned)len) {
   3593                       // value too small.
   3594                       rc = CRYPTO_GETFIELD_ERROR_BUF_TOO_SMALL;
   3595                       goto out;
   3596                   }
   3597             } else {
   3598                 // Exhaust all entries.
   3599                 break;
   3600             }
   3601         }
   3602     } else {
   3603         /* Sadness, it's not there.  Return the error */
   3604         rc = CRYPTO_GETFIELD_ERROR_NO_FIELD;
   3605     }
   3606 
   3607 out:
   3608     return rc;
   3609 }
   3610 
   3611 /* Set the value of the specified field. */
   3612 int cryptfs_setfield(const char *fieldname, const char *value)
   3613 {
   3614     if (e4crypt_is_native()) {
   3615         SLOGE("Cannot set field when file encrypted");
   3616         return -1;
   3617     }
   3618 
   3619     char encrypted_state[PROPERTY_VALUE_MAX];
   3620     /* 0 is success, negative values are error */
   3621     int rc = CRYPTO_SETFIELD_ERROR_OTHER;
   3622     int encrypted = 0;
   3623     unsigned int field_id;
   3624     char temp_field[PROPERTY_KEY_MAX];
   3625     unsigned int num_entries;
   3626     unsigned int max_keylen;
   3627 
   3628     if (persist_data == NULL) {
   3629         load_persistent_data();
   3630         if (persist_data == NULL) {
   3631             SLOGE("Setfield error, cannot load persistent data");
   3632             goto out;
   3633         }
   3634     }
   3635 
   3636     property_get("ro.crypto.state", encrypted_state, "");
   3637     if (!strcmp(encrypted_state, "encrypted") ) {
   3638         encrypted = 1;
   3639     }
   3640 
   3641     // Compute the number of entries required to store value, each entry can store up to
   3642     // (PROPERTY_VALUE_MAX - 1) chars
   3643     if (strlen(value) == 0) {
   3644         // Empty value also needs one entry to store.
   3645         num_entries = 1;
   3646     } else {
   3647         num_entries = (strlen(value) + (PROPERTY_VALUE_MAX - 1) - 1) / (PROPERTY_VALUE_MAX - 1);
   3648     }
   3649 
   3650     max_keylen = strlen(fieldname);
   3651     if (num_entries > 1) {
   3652         // Need an extra "_%d" suffix.
   3653         max_keylen += 1 + log10(num_entries);
   3654     }
   3655     if (max_keylen > PROPERTY_KEY_MAX - 1) {
   3656         rc = CRYPTO_SETFIELD_ERROR_FIELD_TOO_LONG;
   3657         goto out;
   3658     }
   3659 
   3660     // Make sure we have enough space to write the new value
   3661     if (persist_data->persist_valid_entries + num_entries - persist_count_keys(fieldname) >
   3662         persist_get_max_entries(encrypted)) {
   3663         rc = CRYPTO_SETFIELD_ERROR_VALUE_TOO_LONG;
   3664         goto out;
   3665     }
   3666 
   3667     // Now that we know persist_data has enough space for value, let's delete the old field first
   3668     // to make up space.
   3669     persist_del_keys(fieldname, 0);
   3670 
   3671     if (persist_set_key(fieldname, value, encrypted)) {
   3672         // fail to set key, should not happen as we have already checked the available space
   3673         SLOGE("persist_set_key() error during setfield()");
   3674         goto out;
   3675     }
   3676 
   3677     for (field_id = 1; field_id < num_entries; field_id++) {
   3678         snprintf(temp_field, sizeof(temp_field), "%s_%d", fieldname, field_id);
   3679 
   3680         if (persist_set_key(temp_field, value + field_id * (PROPERTY_VALUE_MAX - 1), encrypted)) {
   3681             // fail to set key, should not happen as we have already checked the available space.
   3682             SLOGE("persist_set_key() error during setfield()");
   3683             goto out;
   3684         }
   3685     }
   3686 
   3687     /* If we are running encrypted, save the persistent data now */
   3688     if (encrypted) {
   3689         if (save_persistent_data()) {
   3690             SLOGE("Setfield error, cannot save persistent data");
   3691             goto out;
   3692         }
   3693     }
   3694 
   3695     rc = CRYPTO_SETFIELD_OK;
   3696 
   3697 out:
   3698     return rc;
   3699 }
   3700 
   3701 /* Checks userdata. Attempt to mount the volume if default-
   3702  * encrypted.
   3703  * On success trigger next init phase and return 0.
   3704  * Currently do not handle failure - see TODO below.
   3705  */
   3706 int cryptfs_mount_default_encrypted(void)
   3707 {
   3708     int crypt_type = cryptfs_get_password_type();
   3709     if (crypt_type < 0 || crypt_type > CRYPT_TYPE_MAX_TYPE) {
   3710         SLOGE("Bad crypt type - error");
   3711     } else if (crypt_type != CRYPT_TYPE_DEFAULT) {
   3712         SLOGD("Password is not default - "
   3713               "starting min framework to prompt");
   3714         property_set("vold.decrypt", "trigger_restart_min_framework");
   3715         return 0;
   3716     } else if (cryptfs_check_passwd(DEFAULT_PASSWORD) == 0) {
   3717         SLOGD("Password is default - restarting filesystem");
   3718         cryptfs_restart_internal(0);
   3719         return 0;
   3720     } else {
   3721         SLOGE("Encrypted, default crypt type but can't decrypt");
   3722     }
   3723 
   3724     /** Corrupt. Allow us to boot into framework, which will detect bad
   3725         crypto when it calls do_crypto_complete, then do a factory reset
   3726      */
   3727     property_set("vold.decrypt", "trigger_restart_min_framework");
   3728     return 0;
   3729 }
   3730 
   3731 /* Returns type of the password, default, pattern, pin or password.
   3732  */
   3733 int cryptfs_get_password_type(void)
   3734 {
   3735     if (e4crypt_is_native()) {
   3736         SLOGE("cryptfs_get_password_type not valid for file encryption");
   3737         return -1;
   3738     }
   3739 
   3740     struct crypt_mnt_ftr crypt_ftr;
   3741 
   3742     if (get_crypt_ftr_and_key(&crypt_ftr)) {
   3743         SLOGE("Error getting crypt footer and key\n");
   3744         return -1;
   3745     }
   3746 
   3747     if (crypt_ftr.flags & CRYPT_INCONSISTENT_STATE) {
   3748         return -1;
   3749     }
   3750 
   3751     return crypt_ftr.crypt_type;
   3752 }
   3753 
   3754 const char* cryptfs_get_password()
   3755 {
   3756     if (e4crypt_is_native()) {
   3757         SLOGE("cryptfs_get_password not valid for file encryption");
   3758         return 0;
   3759     }
   3760 
   3761     struct timespec now;
   3762     clock_gettime(CLOCK_BOOTTIME, &now);
   3763     if (now.tv_sec < password_expiry_time) {
   3764         return password;
   3765     } else {
   3766         cryptfs_clear_password();
   3767         return 0;
   3768     }
   3769 }
   3770 
   3771 void cryptfs_clear_password()
   3772 {
   3773     if (password) {
   3774         size_t len = strlen(password);
   3775         memset(password, 0, len);
   3776         free(password);
   3777         password = 0;
   3778         password_expiry_time = 0;
   3779     }
   3780 }
   3781 
   3782 int cryptfs_enable_file()
   3783 {
   3784     return e4crypt_initialize_global_de();
   3785 }
   3786 
   3787 int cryptfs_isConvertibleToFBE()
   3788 {
   3789     struct fstab_rec* rec = fs_mgr_get_entry_for_mount_point(fstab, DATA_MNT_POINT);
   3790     return fs_mgr_is_convertible_to_fbe(rec) ? 1 : 0;
   3791 }
   3792 
   3793 int cryptfs_create_default_ftr(struct crypt_mnt_ftr* crypt_ftr, __attribute__((unused))int key_length)
   3794 {
   3795     if (cryptfs_init_crypt_mnt_ftr(crypt_ftr)) {
   3796         SLOGE("Failed to initialize crypt_ftr");
   3797         return -1;
   3798     }
   3799 
   3800     if (create_encrypted_random_key(DEFAULT_PASSWORD, crypt_ftr->master_key,
   3801                                     crypt_ftr->salt, crypt_ftr)) {
   3802         SLOGE("Cannot create encrypted master key\n");
   3803         return -1;
   3804     }
   3805 
   3806     //crypt_ftr->keysize = key_length / 8;
   3807     return 0;
   3808 }
   3809 
   3810 int cryptfs_get_master_key(struct crypt_mnt_ftr* ftr, const char* password,
   3811                            unsigned char* master_key)
   3812 {
   3813     int rc;
   3814 
   3815     unsigned char* intermediate_key = 0;
   3816     size_t intermediate_key_size = 0;
   3817 
   3818     if (password == 0 || *password == 0) {
   3819         password = DEFAULT_PASSWORD;
   3820     }
   3821 
   3822     rc = decrypt_master_key(password, master_key, ftr, &intermediate_key,
   3823                             &intermediate_key_size);
   3824 
   3825     if (rc) {
   3826         SLOGE("Can't calculate intermediate key");
   3827         return rc;
   3828     }
   3829 
   3830     int N = 1 << ftr->N_factor;
   3831     int r = 1 << ftr->r_factor;
   3832     int p = 1 << ftr->p_factor;
   3833 
   3834     unsigned char scrypted_intermediate_key[sizeof(ftr->scrypted_intermediate_key)];
   3835 
   3836     rc = crypto_scrypt(intermediate_key, intermediate_key_size,
   3837                        ftr->salt, sizeof(ftr->salt), N, r, p,
   3838                        scrypted_intermediate_key,
   3839                        sizeof(scrypted_intermediate_key));
   3840 
   3841     free(intermediate_key);
   3842 
   3843     if (rc) {
   3844         SLOGE("Can't scrypt intermediate key");
   3845         return rc;
   3846     }
   3847 
   3848     return memcmp(scrypted_intermediate_key, ftr->scrypted_intermediate_key,
   3849                   intermediate_key_size);
   3850 }
   3851 
   3852 int cryptfs_set_password(struct crypt_mnt_ftr* ftr, const char* password,
   3853                          const unsigned char* master_key)
   3854 {
   3855     return encrypt_master_key(password, ftr->salt, master_key, ftr->master_key,
   3856                               ftr);
   3857 }
   3858 
   3859 const char* cryptfs_get_file_encryption_mode()
   3860 {
   3861     struct fstab_rec* rec = fs_mgr_get_entry_for_mount_point(fstab, DATA_MNT_POINT);
   3862     return fs_mgr_get_file_encryption_mode(rec);
   3863 }
   3864