Home | History | Annotate | Download | only in vold 
      1 /*
      2  * Copyright (C) 2010 The Android Open Source Project
      3  *
      4  * Licensed under the Apache License, Version 2.0 (the "License");
      5  * you may not use this file except in compliance with the License.
      6  * You may obtain a copy of the License at
      7  *
      8  *      http://www.apache.org/licenses/LICENSE-2.0
      9  *
     10  * Unless required by applicable law or agreed to in writing, software
     11  * distributed under the License is distributed on an "AS IS" BASIS,
     12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     13  * See the License for the specific language governing permissions and
     14  * limitations under the License.
     15  */
     16 
     17 #ifndef ANDROID_VOLD_CRYPTFS_H
     18 #define ANDROID_VOLD_CRYPTFS_H
     19 
     20 /* This structure starts 16,384 bytes before the end of a hardware
     21  * partition that is encrypted, or in a separate partition.  It's location
     22  * is specified by a property set in init.<device>.rc.
     23  * The structure allocates 48 bytes for a key, but the real key size is
     24  * specified in the struct.  Currently, the code is hardcoded to use 128
     25  * bit keys.
     26  * The fields after salt are only valid in rev 1.1 and later stuctures.
     27  * Obviously, the filesystem does not include the last 16 kbytes
     28  * of the partition if the crypt_mnt_ftr lives at the end of the
     29  * partition.
     30  */
     31 
     32 #include <stdbool.h>
     33 #include <stdint.h>
     34 #include <cutils/properties.h>
     35 
     36 /* The current cryptfs version */
     37 #define CURRENT_MAJOR_VERSION 1
     38 #define CURRENT_MINOR_VERSION 3
     39 
     40 #define CRYPT_FOOTER_OFFSET 0x4000
     41 #define CRYPT_FOOTER_TO_PERSIST_OFFSET 0x1000
     42 #define CRYPT_PERSIST_DATA_SIZE 0x1000
     43 
     44 #define MAX_CRYPTO_TYPE_NAME_LEN 64
     45 
     46 #define MAX_KEY_LEN 48
     47 #define SALT_LEN 16
     48 #define SCRYPT_LEN 32
     49 
     50 /* definitions of flags in the structure below */
     51 #define CRYPT_MNT_KEY_UNENCRYPTED 0x1 /* The key for the partition is not encrypted. */
     52 #define CRYPT_ENCRYPTION_IN_PROGRESS 0x2 /* Encryption partially completed,
     53                                             encrypted_upto valid*/
     54 #define CRYPT_INCONSISTENT_STATE 0x4 /* Set when starting encryption, clear when
     55                                         exit cleanly, either through success or
     56                                         correctly marked partial encryption */
     57 #define CRYPT_DATA_CORRUPT 0x8 /* Set when encryption is fine, but the
     58                                   underlying volume is corrupt */
     59 #define CRYPT_FORCE_ENCRYPTION 0x10 /* Set when it is time to encrypt this
     60                                        volume on boot. Everything in this
     61                                        structure is set up correctly as
     62                                        though device is encrypted except
     63                                        that the master key is encrypted with the
     64                                        default password. */
     65 #define CRYPT_FORCE_COMPLETE 0x20 /* Set when the above encryption cycle is
     66                                      complete. On next cryptkeeper entry, match
     67                                      the password. If it matches fix the master
     68                                      key and remove this flag. */
     69 
     70 /* Allowed values for type in the structure below */
     71 #define CRYPT_TYPE_PASSWORD 0 /* master_key is encrypted with a password
     72                                * Must be zero to be compatible with pre-L
     73                                * devices where type is always password.*/
     74 #define CRYPT_TYPE_DEFAULT  1 /* master_key is encrypted with default
     75                                * password */
     76 #define CRYPT_TYPE_PATTERN  2 /* master_key is encrypted with a pattern */
     77 #define CRYPT_TYPE_PIN      3 /* master_key is encrypted with a pin */
     78 #define CRYPT_TYPE_MAX_TYPE 3 /* type cannot be larger than this value */
     79 
     80 #define CRYPT_MNT_MAGIC 0xD0B5B1C4
     81 #define PERSIST_DATA_MAGIC 0xE950CD44
     82 
     83 /* Key Derivation Function algorithms */
     84 #define KDF_PBKDF2 1
     85 #define KDF_SCRYPT 2
     86 /* Algorithms 3 & 4 deprecated before shipping outside of google, so removed */
     87 #define KDF_SCRYPT_KEYMASTER 5
     88 
     89 /* Maximum allowed keymaster blob size. */
     90 #define KEYMASTER_BLOB_SIZE 2048
     91 
     92 /* __le32 and __le16 defined in system/extras/ext4_utils/ext4_utils.h */
     93 #define __le8  unsigned char
     94 
     95 #if !defined(SHA256_DIGEST_LENGTH)
     96 #define SHA256_DIGEST_LENGTH 32
     97 #endif
     98 
     99 struct crypt_mnt_ftr {
    100   __le32 magic;         /* See above */
    101   __le16 major_version;
    102   __le16 minor_version;
    103   __le32 ftr_size;      /* in bytes, not including key following */
    104   __le32 flags;         /* See above */
    105   __le32 keysize;       /* in bytes */
    106   __le32 crypt_type;    /* how master_key is encrypted. Must be a
    107                          * CRYPT_TYPE_XXX value */
    108   __le64 fs_size;       /* Size of the encrypted fs, in 512 byte sectors */
    109   __le32 failed_decrypt_count; /* count of # of failed attempts to decrypt and
    110                                   mount, set to 0 on successful mount */
    111   unsigned char crypto_type_name[MAX_CRYPTO_TYPE_NAME_LEN]; /* The type of encryption
    112                                                                needed to decrypt this
    113                                                                partition, null terminated */
    114   __le32 spare2;        /* ignored */
    115   unsigned char master_key[MAX_KEY_LEN]; /* The encrypted key for decrypting the filesystem */
    116   unsigned char salt[SALT_LEN];   /* The salt used for this encryption */
    117   __le64 persist_data_offset[2];  /* Absolute offset to both copies of crypt_persist_data
    118                                    * on device with that info, either the footer of the
    119                                    * real_blkdevice or the metadata partition. */
    120 
    121   __le32 persist_data_size;       /* The number of bytes allocated to each copy of the
    122                                    * persistent data table*/
    123 
    124   __le8  kdf_type; /* The key derivation function used. */
    125 
    126   /* scrypt parameters. See www.tarsnap.com/scrypt/scrypt.pdf */
    127   __le8  N_factor; /* (1 << N) */
    128   __le8  r_factor; /* (1 << r) */
    129   __le8  p_factor; /* (1 << p) */
    130   __le64 encrypted_upto; /* If we are in state CRYPT_ENCRYPTION_IN_PROGRESS and
    131                             we have to stop (e.g. power low) this is the last
    132                             encrypted 512 byte sector.*/
    133   __le8  hash_first_block[SHA256_DIGEST_LENGTH]; /* When CRYPT_ENCRYPTION_IN_PROGRESS
    134                                                     set, hash of first block, used
    135                                                     to validate before continuing*/
    136 
    137   /* key_master key, used to sign the derived key which is then used to generate
    138    * the intermediate key
    139    * This key should be used for no other purposes! We use this key to sign unpadded
    140    * data, which is acceptable but only if the key is not reused elsewhere. */
    141   __le8 keymaster_blob[KEYMASTER_BLOB_SIZE];
    142   __le32 keymaster_blob_size;
    143 
    144   /* Store scrypt of salted intermediate key. When decryption fails, we can
    145      check if this matches, and if it does, we know that the problem is with the
    146      drive, and there is no point in asking the user for more passwords.
    147 
    148      Note that if any part of this structure is corrupt, this will not match and
    149      we will continue to believe the user entered the wrong password. In that
    150      case the only solution is for the user to enter a password enough times to
    151      force a wipe.
    152 
    153      Note also that there is no need to worry about migration. If this data is
    154      wrong, we simply won't recognise a right password, and will continue to
    155      prompt. On the first password change, this value will be populated and
    156      then we will be OK.
    157    */
    158   unsigned char scrypted_intermediate_key[SCRYPT_LEN];
    159 
    160   /* sha of this structure with this element set to zero
    161      Used when encrypting on reboot to validate structure before doing something
    162      fatal
    163    */
    164   unsigned char sha256[SHA256_DIGEST_LENGTH];
    165 };
    166 
    167 /* Persistant data that should be available before decryption.
    168  * Things like airplane mode, locale and timezone are kept
    169  * here and can be retrieved by the CryptKeeper UI to properly
    170  * configure the phone before asking for the password
    171  * This is only valid if the major and minor version above
    172  * is set to 1.1 or higher.
    173  *
    174  * This is a 4K structure.  There are 2 copies, and the code alternates
    175  * writing one and then clearing the previous one.  The reading
    176  * code reads the first valid copy it finds, based on the magic number.
    177  * The absolute offset to the first of the two copies is kept in rev 1.1
    178  * and higher crypt_mnt_ftr structures.
    179  */
    180 struct crypt_persist_entry {
    181   char key[PROPERTY_KEY_MAX];
    182   char val[PROPERTY_VALUE_MAX];
    183 };
    184 
    185 /* Should be exactly 4K in size */
    186 struct crypt_persist_data {
    187   __le32 persist_magic;
    188   __le32 persist_valid_entries;
    189   __le32 persist_spare[30];
    190   struct crypt_persist_entry persist_entry[0];
    191 };
    192 
    193 #define DATA_MNT_POINT "/data"
    194 
    195 /* Return values for cryptfs_crypto_complete */
    196 #define CRYPTO_COMPLETE_NOT_ENCRYPTED  1
    197 #define CRYPTO_COMPLETE_ENCRYPTED      0
    198 #define CRYPTO_COMPLETE_BAD_METADATA  (-1)
    199 #define CRYPTO_COMPLETE_PARTIAL       (-2)
    200 #define CRYPTO_COMPLETE_INCONSISTENT  (-3)
    201 #define CRYPTO_COMPLETE_CORRUPT       (-4)
    202 
    203 /* Return values for cryptfs_enable_inplace*() */
    204 #define ENABLE_INPLACE_OK 0
    205 #define ENABLE_INPLACE_ERR_OTHER (-1)
    206 #define ENABLE_INPLACE_ERR_DEV (-2)  /* crypto_blkdev issue */
    207 
    208 /* Return values for cryptfs_getfield */
    209 #define CRYPTO_GETFIELD_OK                   0
    210 #define CRYPTO_GETFIELD_ERROR_NO_FIELD      (-1)
    211 #define CRYPTO_GETFIELD_ERROR_OTHER         (-2)
    212 #define CRYPTO_GETFIELD_ERROR_BUF_TOO_SMALL (-3)
    213 
    214 /* Return values for cryptfs_setfield */
    215 #define CRYPTO_SETFIELD_OK                    0
    216 #define CRYPTO_SETFIELD_ERROR_OTHER          (-1)
    217 #define CRYPTO_SETFIELD_ERROR_FIELD_TOO_LONG (-2)
    218 #define CRYPTO_SETFIELD_ERROR_VALUE_TOO_LONG (-3)
    219 
    220 /* Return values for persist_del_key */
    221 #define PERSIST_DEL_KEY_OK                 0
    222 #define PERSIST_DEL_KEY_ERROR_OTHER       (-1)
    223 #define PERSIST_DEL_KEY_ERROR_NO_FIELD    (-2)
    224 
    225 int match_multi_entry(const char* key, const char* field, unsigned index);
    226 int wait_and_unmount(const char* mountpoint, bool kill);
    227 
    228 typedef int (*kdf_func)(const char* passwd, const unsigned char* salt, unsigned char* ikey,
    229                         void* params);
    230 
    231 int cryptfs_crypto_complete(void);
    232 int cryptfs_check_passwd(const char* pw);
    233 int cryptfs_verify_passwd(const char* pw);
    234 int cryptfs_restart(void);
    235 int cryptfs_enable(int type, const char* passwd, int no_ui);
    236 int cryptfs_changepw(int type, const char* newpw);
    237 int cryptfs_enable_default(int no_ui);
    238 int cryptfs_setup_ext_volume(const char* label, const char* real_blkdev, const unsigned char* key,
    239                              char* out_crypto_blkdev);
    240 int cryptfs_revert_ext_volume(const char* label);
    241 int cryptfs_getfield(const char* fieldname, char* value, int len);
    242 int cryptfs_setfield(const char* fieldname, const char* value);
    243 int cryptfs_mount_default_encrypted(void);
    244 int cryptfs_get_password_type(void);
    245 const char* cryptfs_get_password(void);
    246 void cryptfs_clear_password(void);
    247 int cryptfs_isConvertibleToFBE(void);
    248 
    249 uint32_t cryptfs_get_keysize();
    250 const char* cryptfs_get_crypto_name();
    251 
    252 #endif /* ANDROID_VOLD_CRYPTFS_H */
    253