tequilaOS/platform_system_vold
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

cryptfs: Update the size of dm-crypt device according to sector size

Browse source 
The legacy method for metadata encryption on adoptable storage failed
when the size of the block device isn't a multiple of the crypto sector size.

Update the size of dm-crypt device according to sector size
before construct dm_target.

Bug: 248582018
Change-Id: I5c78889bdfedca7f7b0704500fc313d7a48d5a3b
Signed-off-by: Hongyu Jin <hongyu.jin@unisoc.com>
This commit is contained in:
Hongyu Jin 2022-09-24 12:00:02 +08:00
parent 3f658163ee
commit 8eeb028338
1 changed files with 25 additions and 35 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

60
cryptfs.cpp
View file

@ -94,37 +94,6 @@ static void convert_key_to_hex_ascii(const KeyBuffer& key, char* key_ascii) {
key_ascii[a] = '\0'; key_ascii[a] = '\0';
} }
/*
* If the ro.crypto.fde_sector_size system property is set, append the
* parameters to make dm-crypt use the specified crypto sector size and round
* the crypto device size down to a crypto sector boundary.
*/
static int add_sector_size_param(DmTargetCrypt* target, uint64_t* nr_sec) {
constexpr char DM_CRYPT_SECTOR_SIZE[] = "ro.crypto.fde_sector_size";
char value[PROPERTY_VALUE_MAX];
if (property_get(DM_CRYPT_SECTOR_SIZE, value, "") > 0) {
unsigned int sector_size;
if (!ParseUint(value, &sector_size) || sector_size < 512 || sector_size > 4096 ||
(sector_size & (sector_size - 1)) != 0) {
SLOGE("Invalid value for %s: %s. Must be >= 512, <= 4096, and a power of 2\n",
DM_CRYPT_SECTOR_SIZE, value);
return -1;
}
target->SetSectorSize(sector_size);
// With this option, IVs will match the sector numbering, instead
// of being hard-coded to being based on 512-byte sectors.
target->SetIvLargeSectors();
// Round the crypto device size down to a crypto sector boundary.
*nr_sec &= ~((sector_size / 512) - 1);
}
return 0;
}
/* /*
* Called by vold when it's asked to mount an encrypted external * Called by vold when it's asked to mount an encrypted external
* storage volume. The incoming partition has no crypto header/footer, * storage volume. The incoming partition has no crypto header/footer,
@ -145,8 +114,25 @@ int cryptfs_setup_ext_volume(const char* label, const char* real_blkdev, const K
return -1; return -1;
} }
auto& dm = DeviceMapper::Instance(); constexpr char DM_CRYPT_SECTOR_SIZE[] = "ro.crypto.fde_sector_size";
char value[PROPERTY_VALUE_MAX];
unsigned int sector_size = 0;
if (property_get(DM_CRYPT_SECTOR_SIZE, value, "") > 0) {
if (!ParseUint(value, &sector_size) || sector_size < 512 || sector_size > 4096 ||
(sector_size & (sector_size - 1)) != 0) {
SLOGE("Invalid value for %s: %s. Must be >= 512, <= 4096, and a power of 2\n",
DM_CRYPT_SECTOR_SIZE, value);
return -1;
}
}
// Round the crypto device size down to a crypto sector boundary.
if (sector_size > 0) {
nr_sec &= ~((sector_size / 512) - 1);
}
auto& dm = DeviceMapper::Instance();
// We need two ASCII characters to represent each byte, and need space for // We need two ASCII characters to represent each byte, and need space for
// the '\0' terminator. // the '\0' terminator.
char key_ascii[MAX_KEY_LEN * 2 + 1]; char key_ascii[MAX_KEY_LEN * 2 + 1];
@ -160,9 +146,13 @@ int cryptfs_setup_ext_volume(const char* label, const char* real_blkdev, const K
android::base::GetBoolProperty("ro.crypto.allow_encrypt_override", false)) { android::base::GetBoolProperty("ro.crypto.allow_encrypt_override", false)) {
target->AllowEncryptOverride(); target->AllowEncryptOverride();
} }
if (add_sector_size_param(target.get(), &nr_sec)) {
SLOGE("Error processing dm-crypt sector size param\n"); // Append the parameters to make dm-crypt use the specified crypto sector size.
return -1; if (sector_size > 0) {
target->SetSectorSize(sector_size);
// With this option, IVs will match the sector numbering, instead
// of being hard-coded to being based on 512-byte sectors.
target->SetIvLargeSectors();
} }
DmTable table; DmTable table;