From 8eeb02833800973c3e41872b0777240871333901 Mon Sep 17 00:00:00 2001 From: Hongyu Jin Date: Sat, 24 Sep 2022 12:00:02 +0800 Subject: [PATCH] cryptfs: Update the size of dm-crypt device according to sector size The legacy method for metadata encryption on adoptable storage failed when the size of the block device isn't a multiple of the crypto sector size. Update the size of dm-crypt device according to sector size before construct dm_target. Bug: 248582018 Change-Id: I5c78889bdfedca7f7b0704500fc313d7a48d5a3b Signed-off-by: Hongyu Jin --- cryptfs.cpp | 60 ++++++++++++++++++++++------------------------------- 1 file changed, 25 insertions(+), 35 deletions(-) diff --git a/cryptfs.cpp b/cryptfs.cpp index 5213c18..be8ba3c 100644 --- a/cryptfs.cpp +++ b/cryptfs.cpp @@ -94,37 +94,6 @@ static void convert_key_to_hex_ascii(const KeyBuffer& key, char* key_ascii) { key_ascii[a] = '\0'; } -/* - * If the ro.crypto.fde_sector_size system property is set, append the - * parameters to make dm-crypt use the specified crypto sector size and round - * the crypto device size down to a crypto sector boundary. - */ -static int add_sector_size_param(DmTargetCrypt* target, uint64_t* nr_sec) { - constexpr char DM_CRYPT_SECTOR_SIZE[] = "ro.crypto.fde_sector_size"; - char value[PROPERTY_VALUE_MAX]; - - if (property_get(DM_CRYPT_SECTOR_SIZE, value, "") > 0) { - unsigned int sector_size; - - if (!ParseUint(value, §or_size) || sector_size < 512 || sector_size > 4096 || - (sector_size & (sector_size - 1)) != 0) { - SLOGE("Invalid value for %s: %s. Must be >= 512, <= 4096, and a power of 2\n", - DM_CRYPT_SECTOR_SIZE, value); - return -1; - } - - target->SetSectorSize(sector_size); - - // With this option, IVs will match the sector numbering, instead - // of being hard-coded to being based on 512-byte sectors. - target->SetIvLargeSectors(); - - // Round the crypto device size down to a crypto sector boundary. - *nr_sec &= ~((sector_size / 512) - 1); - } - return 0; -} - /* * Called by vold when it's asked to mount an encrypted external * storage volume. The incoming partition has no crypto header/footer, @@ -145,8 +114,25 @@ int cryptfs_setup_ext_volume(const char* label, const char* real_blkdev, const K return -1; } - auto& dm = DeviceMapper::Instance(); + constexpr char DM_CRYPT_SECTOR_SIZE[] = "ro.crypto.fde_sector_size"; + char value[PROPERTY_VALUE_MAX]; + unsigned int sector_size = 0; + if (property_get(DM_CRYPT_SECTOR_SIZE, value, "") > 0) { + if (!ParseUint(value, §or_size) || sector_size < 512 || sector_size > 4096 || + (sector_size & (sector_size - 1)) != 0) { + SLOGE("Invalid value for %s: %s. Must be >= 512, <= 4096, and a power of 2\n", + DM_CRYPT_SECTOR_SIZE, value); + return -1; + } + } + + // Round the crypto device size down to a crypto sector boundary. + if (sector_size > 0) { + nr_sec &= ~((sector_size / 512) - 1); + } + + auto& dm = DeviceMapper::Instance(); // We need two ASCII characters to represent each byte, and need space for // the '\0' terminator. char key_ascii[MAX_KEY_LEN * 2 + 1]; @@ -160,9 +146,13 @@ int cryptfs_setup_ext_volume(const char* label, const char* real_blkdev, const K android::base::GetBoolProperty("ro.crypto.allow_encrypt_override", false)) { target->AllowEncryptOverride(); } - if (add_sector_size_param(target.get(), &nr_sec)) { - SLOGE("Error processing dm-crypt sector size param\n"); - return -1; + + // Append the parameters to make dm-crypt use the specified crypto sector size. + if (sector_size > 0) { + target->SetSectorSize(sector_size); + // With this option, IVs will match the sector numbering, instead + // of being hard-coded to being based on 512-byte sectors. + target->SetIvLargeSectors(); } DmTable table;