am 7f7dbaa2: Improve detection of incomplete encryption
* commit '7f7dbaa2784c10fd2989fb303e5edfb8136d53dc': Improve detection of incomplete encryption
This commit is contained in:
Ken Sumrall
Android Git Automerger
commit
06c6baf3af
3 changed files with 55 additions and 6 deletions
|
|
@ -535,6 +535,13 @@ int CommandListener::CryptfsCmd::runCommand(SocketClient *cli,
|
|||
}
|
||||
dumpArgs(argc, argv, -1);
|
||||
rc = cryptfs_restart();
|
||||
} else if (!strcmp(argv[1], "cryptocomplete")) {
|
||||
if (argc != 2) {
|
||||
cli->sendMsg(ResponseCode::CommandSyntaxError, "Usage: cryptfs cryptocomplete", false);
|
||||
return 0;
|
||||
}
|
||||
dumpArgs(argc, argv, -1);
|
||||
rc = cryptfs_crypto_complete();
|
||||
} else if (!strcmp(argv[1], "enablecrypto")) {
|
||||
if ( (argc != 4) || (strcmp(argv[2], "wipe") && strcmp(argv[2], "inplace")) ) {
|
||||
cli->sendMsg(ResponseCode::CommandSyntaxError, "Usage: cryptfs enablecrypto <wipe|inplace> <passwd>", false);
|
||||
|
|
|
|||
53
cryptfs.c
53
cryptfs.c
|
|
@ -655,6 +655,43 @@ int cryptfs_restart(void)
|
|||
return rc;
|
||||
}
|
||||
|
||||
static int do_crypto_complete(char *mount_point)
|
||||
{
|
||||
struct crypt_mnt_ftr crypt_ftr;
|
||||
unsigned char encrypted_master_key[32];
|
||||
unsigned char salt[SALT_LEN];
|
||||
char real_blkdev[MAXPATHLEN];
|
||||
char fs_type[32];
|
||||
char fs_options[256];
|
||||
unsigned long mnt_flags;
|
||||
char encrypted_state[32];
|
||||
|
||||
property_get("ro.crypto.state", encrypted_state, "");
|
||||
if (strcmp(encrypted_state, "encrypted") ) {
|
||||
SLOGE("not running with encryption, aborting");
|
||||
return 1;
|
||||
}
|
||||
|
||||
if (get_orig_mount_parms(mount_point, fs_type, real_blkdev, &mnt_flags, fs_options)) {
|
||||
SLOGE("Error reading original mount parms for mount point %s\n", mount_point);
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (get_crypt_ftr_and_key(real_blkdev, &crypt_ftr, encrypted_master_key, salt)) {
|
||||
SLOGE("Error getting crypt footer and key\n");
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (crypt_ftr.flags & CRYPT_ENCRYPTION_IN_PROGRESS) {
|
||||
SLOGE("Encryption process didn't finish successfully\n");
|
||||
return -2; /* -2 is the clue to the UI that there is no usable data on the disk,
|
||||
* and give the user an option to wipe the disk */
|
||||
}
|
||||
|
||||
/* We passed the test! We shall diminish, and return to the west */
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int test_mount_encrypted_fs(char *passwd, char *mount_point)
|
||||
{
|
||||
struct crypt_mnt_ftr crypt_ftr;
|
||||
|
|
@ -687,12 +724,6 @@ static int test_mount_encrypted_fs(char *passwd, char *mount_point)
|
|||
return -1;
|
||||
}
|
||||
|
||||
if (crypt_ftr.flags & CRYPT_ENCRYPTION_IN_PROGRESS) {
|
||||
SLOGE("Encryption process didn't finish successfully\n");
|
||||
return -2; /* -2 is the clue to the UI that there is no usable data on the disk,
|
||||
* and give the user an option to wipe the disk */
|
||||
}
|
||||
|
||||
SLOGD("crypt_ftr->fs_size = %lld\n", crypt_ftr.fs_size);
|
||||
orig_failed_decrypt_count = crypt_ftr.failed_decrypt_count;
|
||||
|
||||
|
|
@ -752,6 +783,11 @@ static int test_mount_encrypted_fs(char *passwd, char *mount_point)
|
|||
return rc;
|
||||
}
|
||||
|
||||
int cryptfs_crypto_complete(void)
|
||||
{
|
||||
return do_crypto_complete("/data");
|
||||
}
|
||||
|
||||
int cryptfs_check_passwd(char *passwd)
|
||||
{
|
||||
int rc = -1;
|
||||
|
|
@ -1002,7 +1038,9 @@ int cryptfs_enable(char *howarg, char *passwd)
|
|||
/* Initialize a crypt_mnt_ftr for the partition */
|
||||
cryptfs_init_crypt_mnt_ftr(&crypt_ftr);
|
||||
crypt_ftr.fs_size = nr_sec - (CRYPT_FOOTER_OFFSET / 512);
|
||||
#if 0 /* Disable till MR1, needs more testing */
|
||||
crypt_ftr.flags |= CRYPT_ENCRYPTION_IN_PROGRESS;
|
||||
#endif
|
||||
strcpy((char *)crypt_ftr.crypto_type_name, "aes-cbc-essiv:sha256");
|
||||
|
||||
/* Make an encrypted master key */
|
||||
|
|
@ -1032,9 +1070,12 @@ int cryptfs_enable(char *howarg, char *passwd)
|
|||
|
||||
if (! rc) {
|
||||
/* Success */
|
||||
|
||||
#if 0 /* Disable till MR1, needs more testing */
|
||||
/* Clear the encryption in progres flag in the footer */
|
||||
crypt_ftr.flags &= ~CRYPT_ENCRYPTION_IN_PROGRESS;
|
||||
put_crypt_ftr_and_key(real_blkdev, &crypt_ftr, 0, 0);
|
||||
#endif
|
||||
|
||||
sleep(2); /* Give the UI a change to show 100% progress */
|
||||
sync();
|
||||
|
|
|
|||
|
|
@ -61,6 +61,7 @@ struct crypt_mnt_ftr {
|
|||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
int cryptfs_crypto_complete(void);
|
||||
int cryptfs_check_passwd(char *pw);
|
||||
int cryptfs_restart(void);
|
||||
int cryptfs_enable(char *flag, char *passwd);
|
||||
|
|
|
|||
Loading…
Reference in a new issue