Commit graph

227 commits

Author SHA1 Message Date
JP Abgrall
7776871d82 cryptfs: extra debugging around crypto blockdev dm-... errors.
Some times the /dev/block/dm-0 fails to open after it has been setup.
Log why.

Bug: 17576594
Bug: 17942270
Change-Id: If0bbfe22d84137f2029bacb10873832038f0d36c
2014-10-10 15:52:11 -07:00
Paul Lawrence
2e83bfa43d am fc615041: Remove possibility of zero chars from passwords
* commit 'fc61504166d4377a1f83211c236ca11260da1261':
  Remove possibility of zero chars from passwords
2014-10-07 00:34:56 +00:00
Paul Lawrence
fd2180a972 am fc615041: Remove possibility of zero chars from passwords
* commit 'fc61504166d4377a1f83211c236ca11260da1261':
  Remove possibility of zero chars from passwords
2014-10-06 22:49:36 +00:00
Paul Lawrence
fc61504166 Remove possibility of zero chars from passwords
scrypt pads the password with zeros. Our patterns use 0 to represent
the top left dot. So patterns that end there are equivalent to ones
that end one short.

After much thought, the best solution is to change the way we
represent patterns in keyguard. This, however, is a big change.

The short term solution is to change the pattern representation in vold
so that we are storing the correct thing. Later we will change keyguard
to handle patterns correctly and remove quite a few hacks from vold
(use of hex, this code). b/17840293 created to track this.

Bug: 17751714
Change-Id: I30cdffb0f0db406d2e2b6c54d4153d120d975318
2014-10-06 14:39:31 -07:00
Paul Lawrence
4465744614 am 7639a6ab: Merge "Reset failed decryption count on successful decryptions" into lmp-dev
* commit '7639a6ab60426bbfa57c750c1ff0b4016cad0294':
  Reset failed decryption count on successful decryptions
2014-10-05 23:38:39 +00:00
Paul Lawrence
6bcac81e6a am 7639a6ab: Merge "Reset failed decryption count on successful decryptions" into lmp-dev
* commit '7639a6ab60426bbfa57c750c1ff0b4016cad0294':
  Reset failed decryption count on successful decryptions
2014-10-05 23:27:41 +00:00
Paul Lawrence
7639a6ab60 Merge "Reset failed decryption count on successful decryptions" into lmp-dev 2014-10-05 23:24:46 +00:00
Paul Lawrence
72b8b82780 Reset failed decryption count on successful decryptions
Bug: 17866359
Change-Id: I1af2ff1ac4f5243afba0cfa2f2d3a1d0b029091b
2014-10-05 22:38:04 +00:00
Greg Hackmann
72498ed5c2 am 6e8440fd: cryptfs: kill processes with open files on tmpfs /data
* commit '6e8440fd5072a673dd861ffb531fc17b4673ad90':
  cryptfs: kill processes with open files on tmpfs /data
2014-10-03 06:16:58 +00:00
Paul Lawrence
17fb62cebb am 9c58a871: Use monotonic clock for cryptfs progress
* commit '9c58a871f9fb356409d3b90734bf706d1463f041':
  Use monotonic clock for cryptfs progress
2014-10-03 06:16:57 +00:00
Greg Hackmann
b69a5e44db am 6e8440fd: cryptfs: kill processes with open files on tmpfs /data
* commit '6e8440fd5072a673dd861ffb531fc17b4673ad90':
  cryptfs: kill processes with open files on tmpfs /data
2014-10-03 03:54:44 +00:00
Greg Hackmann
6e8440fd50 cryptfs: kill processes with open files on tmpfs /data
cryptfs will fail to remount /data at boot if any processes (e.g.
dex2oat) have files open on the tmpfs /data partition.  Since these
files are about to be destroyed anyway, just kill the offending
processes: first with SIGHUP and finally with SIGKILL.

Also remove a stray i++ that effectively cut the number of retries in
half.

Bug: 17576594

Change-Id: I76fb90ce2e52846ffb9de706e52b7bde98b4186a
Signed-off-by: Greg Hackmann <ghackmann@google.com>
2014-10-02 18:05:40 -07:00
Paul Lawrence
f2eabef83f am 9c58a871: Use monotonic clock for cryptfs progress
* commit '9c58a871f9fb356409d3b90734bf706d1463f041':
  Use monotonic clock for cryptfs progress
2014-09-30 18:19:43 +00:00
Paul Lawrence
9c58a871f9 Use monotonic clock for cryptfs progress
Otherwise we get strange results when the time changes. Worst
effect is that the encryption takes a lot longer since we are
calling the logging code far more frequently.

Bug: 17625981
Change-Id: Ice29f28b3720e9e4a1ea28e45eeab574d1959ec1
2014-09-30 09:12:51 -07:00
Greg Hackmann
fd8d08c22a am 3574b085: Merge "cryptfs: log umount() failure reason" into lmp-dev
* commit '3574b085f46a5b22ee660a9fd3ef727a20c106ee':
  cryptfs: log umount() failure reason
2014-09-26 00:21:50 +00:00
Greg Hackmann
7103f41a17 am 46a3a79a: Merge "print information about opened files when failed unmount" into lmp-dev
* commit '46a3a79a8f6b8b8eb66b1194a1a56b0ddcd4943b':
  print information about opened files when failed unmount
2014-09-26 00:21:49 +00:00
Jeff Sharkey
714526434c am dd1a8040: Include reason when wiping data.
* commit 'dd1a8040e8449cc0e8b861a23e0339a43d80593c':
  Include reason when wiping data.
2014-09-26 00:21:49 +00:00
Greg Hackmann
e46f7122e0 am 3574b085: Merge "cryptfs: log umount() failure reason" into lmp-dev
* commit '3574b085f46a5b22ee660a9fd3ef727a20c106ee':
  cryptfs: log umount() failure reason
2014-09-24 23:35:42 +00:00
Greg Hackmann
e2a470f398 am 46a3a79a: Merge "print information about opened files when failed unmount" into lmp-dev
* commit '46a3a79a8f6b8b8eb66b1194a1a56b0ddcd4943b':
  print information about opened files when failed unmount
2014-09-24 23:35:42 +00:00
Jeff Sharkey
640aa86222 am dd1a8040: Include reason when wiping data.
* commit 'dd1a8040e8449cc0e8b861a23e0339a43d80593c':
  Include reason when wiping data.
2014-09-24 23:35:41 +00:00
Greg Hackmann
3574b085f4 Merge "cryptfs: log umount() failure reason" into lmp-dev 2014-09-24 23:32:00 +00:00
Greg Hackmann
46a3a79a8f Merge "print information about opened files when failed unmount" into lmp-dev 2014-09-24 23:31:51 +00:00
Greg Hackmann
955653ebff cryptfs: log umount() failure reason
Bug: 17576594

Change-Id: I7320aa597210896b4db6e663e1b2cb0c24d96557
Signed-off-by: Greg Hackmann <ghackmann@google.com>
2014-09-24 15:47:25 -07:00
jessica_yu
3f14fe45a3 print information about opened files when failed unmount
Change-Id: I88ae719cdae490433390d624f75612a9f4f96677

Cryptfs : Enabling support for allow_discards in dmcrypt.
Cryptfs : Password matches
Cryptfs : test_mount_encrypted_fs(): Master key saved
TrustyKeymaster: Creating device
TrustyKeymaster: Device address: 0x7f8f416100
Cryptfs : keymaster version is 3
Cryptfs : Just asked init to shut down class main
ServiceManager: service 'drm.drmManager' died
ServiceManager: service 'media.audio_flinger' died
ServiceManager: service 'media.player' died
ServiceManager: service 'media.camera' died
ServiceManager: service 'android.security.keystore' died
Cryptfs : unmounting /data failed

Bug: 17576594
2014-09-24 15:46:45 -07:00
Jeff Sharkey
dd1a8040e8 Include reason when wiping data.
This will help us track down who requested a data wipe.

Bug: 17412160
Change-Id: I5ab39a4de03c973ed151d703d6462a172ee043fd
2014-09-24 11:46:51 -07:00
Paul Lawrence
c48387ca4c am 3846be17: Reduce cryptfs logspam
* commit '3846be17feba13150a5db22204622db6a762a0d8':
  Reduce cryptfs logspam
2014-09-23 17:05:56 +00:00
Paul Lawrence
7df812dfaa am 3846be17: Reduce cryptfs logspam
* commit '3846be17feba13150a5db22204622db6a762a0d8':
  Reduce cryptfs logspam
2014-09-23 16:23:06 +00:00
Paul Lawrence
3846be17fe Reduce cryptfs logspam
Bug: 17572886
Change-Id: I91302ccc284e0f908299852650db5bf645f2ff71
2014-09-22 14:13:24 -07:00
Alex Klyubin
2f61b41e5d am 6efa9351: Merge "Don\'t use deprecated OpenSSL functions."
* commit '6efa9351a257edc53ce07eb8c544ccf08efb64ae':
  Don't use deprecated OpenSSL functions.
2014-09-19 23:17:02 +00:00
Alex Klyubin
b707d72a33 am 6efa9351: Merge "Don\'t use deprecated OpenSSL functions."
* commit '6efa9351a257edc53ce07eb8c544ccf08efb64ae':
  Don't use deprecated OpenSSL functions.
2014-09-19 23:02:26 +00:00
Paul Lawrence
8e3f4510a8 HACK: Retry/reboot when mount reports busy.
This is a hack because we don't know why mount() reports busy.

Requires dependent change in syste/core:
  https://googleplex-android-review.git.corp.google.com/#/c/543125/

Bug: 17358530

Change-Id: I8d3078bc68f8c450adce2c3a4101b6a958f1c4a0
2014-09-12 11:06:03 -07:00
Shawn Willden
e17a9c4ad3 Change cryptfs keymaster padding to ensure the high bit is never 1,
to ensure the padded message is never larger than the RSA public
modulus.

Bug: 17358530

Change-Id: I4dc488399c4ecfa2d24cacb839a9087e65475947
2014-09-09 16:11:35 +00:00
Paul Lawrence
b2f682bda8 Fix Shamus bricked by encryption upgrade
Bug: 17358530
Change-Id: I95207b62131224a2ed7ae3b75621a09acd69ea79
2014-09-08 12:52:26 -07:00
Adam Langley
889c4f1e36 Don't use deprecated OpenSSL functions.
This change simply switches from the deprecated
EVP_{En|De}crypt{Init|Final} to the newer, _ex versions of the same.

There is no difference in behaviour, save for calling
EVP_CIPHER_CTX_init, as the deprecated versions are just wrappers around
the _ex functions. See
https://git.openssl.org/gitweb/?p=openssl.git;a=blob;f=crypto/evp/evp_enc.c;h=f705967a40ab92cdf3c2ba8dd6bc19680d6157d6;hb=HEAD#l274

This change is required for the transition to BoringSSL, which removes
the deprecated functions.

Bug: 17409664
Change-Id: I35c6cc2d86d0c876a9edaff1e5571170fe393d87
Signed-off-by: Adam Langley <agl@google.com>
2014-09-05 15:54:51 -07:00
Shawn Willden
47ba10d6d5 Pad object to proper size before signing.
Correct implementations of keymaster should reject using an n-bit
RSA key to sign less than n bits of data, because we specify that
keymaster should not perform padding.

Change-Id: Ibdff1bbfbee84fd5bdbfb3149a124dbbaa7827fc
2014-09-05 10:43:02 -06:00
Paul Lawrence
74f29f1df7 Don't test mount when we can use the crypto footer to test the password
Note that this also changes the boot sequence, and moves the test for corrupted
data to cryptfs_restart_internal.

Bug: 17213613
Change-Id: I0f86e8fe3d482e2d1373bd0f4d0d861e63ad8904
2014-08-29 08:31:10 -07:00
Paul Lawrence
00786076cd Merge "Don't reboot after default encrypting" into lmp-dev 2014-08-25 20:28:46 +00:00
Paul Lawrence
715775046c Show correct remaining time
In field reports, sometimes the remaining time gets stuck for many
minutes. This has to be caused by a spurious low reading early on which
cannot be overridded because of old logic.

Solution: allow time to increase but only by large amounts (avoid time
jittering up and down).

Bug: 16973374
Change-Id: I49d23ae8c54ded416cbedf383a3c03b33dc02e1c
2014-08-25 18:36:07 +00:00
Paul Lawrence
b6672e135a Don't reboot after default encrypting
Instead trigger normal default encryption mount

Requires matching change to system/core: https://googleplex-android-review.git.corp.google.com/#/c/527286/

Bug: 17041092

Change-Id: Ifcf023386e08325db7dce61395fbb056f7d9815b
2014-08-18 20:07:01 +00:00
Daniel Rosenberg
e82df164e8 Revert "Revert "cryptfs: Added support for f2fs fast encryption""
This reverts commit a70abc6009.

Change-Id: Ic41d1924638586cf9b2297f91ed5417f3b0303c6
2014-08-15 22:19:23 +00:00
Jim Miller
a70abc6009 Revert "cryptfs: Added support for f2fs fast encryption"
This reverts commit 74c01201de.

Change-Id: Ib397a2b5812179ee2e2b68de5d718077563adc1c
2014-08-15 02:00:45 +00:00
Daniel Rosenberg
74c01201de cryptfs: Added support for f2fs fast encryption
Bug: 15749466
Change-Id: I25452a05e1cbe90ac6603a89db9b720c7ab17e55
Signed-off-by: Daniel Rosenberg <drosen@google.com>
2014-08-15 00:12:06 +00:00
Paul Lawrence
d0c7b17070 Wipe userdata when password is good but it won't mount
Store salted scrypt of intermediate key in crypto header

When mount fails, check if matches, and if it does return error
code prompting a wipe

Bug: 11477689
Change-Id: I3dcf9e0c64f2a01c8ba8eaf58df82cbe717d421b
2014-08-13 19:41:30 +00:00
Paul Lawrence
6bfed20c77 When encryption fails, reboot into recovery
Set flag on starting encryption to say it failed, and only clear
when we get into a recoverable state (partially or fully encrypted.)

Go to recovery on seeing this flag on boot

Bug: 16552363
Change-Id: I7e452b653edf3a087ecfaba8f81f41765a1c8daf
2014-08-07 13:14:35 -07:00
Elliott Hughes
231bdba012 Fix an accidental PRId64 to PRIx64.
Change-Id: Ic5313289d826bac74c3466b33f1f167a8f0955ad
2014-06-25 18:36:19 -07:00
Elliott Hughes
cb33f5741c resolved conflicts for merge of afa60cee to master
Change-Id: I1568def8839bed4d4d2dadbd97194d5603edc627
2014-06-25 18:31:47 -07:00
Elliott Hughes
7373716c6d Fix vold %lld to PRId64.
Change-Id: I6eb9f21fff124b8b22f4fae2ac74c2b41d93b384
2014-06-25 17:27:42 -07:00
JP Abgrall
62c7af38f2 cryptfs: makefs F2FS if the partition type is F2FS.
When a crypto is enabled with a wipe flag (obsolete?),
it will correctly handle the fstab's choice for the fs type.

Remove the dead code for FAT_FS which was un-invocable.

Change-Id: I8d141a0d4d14df9fe84d3b131484e9696fcd8870
Signed-off-by: JP Abgrall <jpa@google.com>
2014-06-16 13:01:23 -07:00
Paul Lawrence
73d7a02dc6 On low power turn off rather than rebooting to allow device to charge
The code was using encrypted_upto == 0 as an indicator that encryption
has succeeded. This meant that if no encryption happened, we would reboot
continually.

We now set encrypted_upto to fs_size when encryption is complete.

Also don't start to encrypt unless we are at 10% power. Stop when we
get to 5% power. This should lead to partial encryptions only very
rarely.

Bug: 15513202
Change-Id: I6214d78579d1fbbe2f63ee8862473d86a89d29b3
2014-06-09 15:15:32 -07:00
Paul Lawrence
a96d9c9b38 Calculate time to go while encrypting
@bug 15159008

Change-Id: I6a96eeab180dceb0613202ba5d252036a0d5376f
2014-06-05 19:44:57 +00:00
Paul Lawrence
58c58cf7ef Show correct percentage when encrypting used blocks only
Bug: 12975202
Change-Id: I7e4adfa2c4951055bbb2c11986a7784f465f586f
2014-06-05 19:44:07 +00:00
Paul Lawrence
8c00839714 Fix encryption on Nakasi
We need to make sure we don't try to read the flags on keymaster
version 2 or below, or we get random junk.

Requires
  https://googleplex-android-review.git.corp.google.com/#/c/460689/

Bug: 14384714
Change-Id: I5a4ede1bec0347b8319cedaae6535201c122cf48
2014-05-06 22:16:16 +00:00
Paul Lawrence
69f4ebd81e Add keymaster support to cryptfs
Use keymaster to wrap the cryptfs keys.

Requires selinux change
  https://googleplex-android-review.git.corp.google.com/#/c/449411

Bug: 9467042
Change-Id: If25a01cb85ed193a271d61382de0560d85553b7e
2014-04-18 11:40:13 -07:00
Paul Lawrence
45f10533f8 Revert "Revert "Encrypt phone even if pattern or no keyguard""
Don't block based on keyguard type, and pass type to encryption function.

Requires:
  https://googleplex-android-review.git.corp.google.com/#/c/444201/
or encryption will no longer work.

This reverts commit efec3f2927.

Change-Id: I431589a56eb11118027e0a5a84f55e973b1084aa
2014-04-10 14:30:31 +00:00
Paul Lawrence
efec3f2927 Revert "Encrypt phone even if pattern or no keyguard"
This reverts commit 5cc86c5741.

Without two more commits, this will break encryption. I'll re-commit when the other two pass code review.

Change-Id: I71720d065c16cf0f7f534e74ffe883f1e113c477
2014-04-03 20:55:47 +00:00
Paul Lawrence
5cc86c5741 Encrypt phone even if pattern or no keyguard
Add option to enablecrypto to take type, allowing us to set type
when encrypting.

Bug: 13749169
Change-Id: If22fcfa93f1ebd1a5bd3b0077bb3bd8ae71fe819
2014-04-03 19:20:28 +00:00
Paul Lawrence
0798707334 Merge "Fix setfield/getfield" 2014-03-24 17:51:59 +00:00
Paul Lawrence
cc215381dd Merge "Store password in vold" 2014-03-21 20:40:36 +00:00
Paul Lawrence
87999173dd Don't corrupt ssd when encrypting and power fails
Stop encryption when battery is low, mark position, and continue on reboot.

Note - support for multiple encrypted volumes removed as no devices seem
to exist with an fstab that uses this feature. If you want support for such
a device, contact me and we will re-add it with appropriate testing.

Bug: 13284213
Change-Id: I1f7178e4f7dd8ea816cbc03ab5c4f6543e98acaa
2014-03-21 18:30:26 +00:00
Paul Lawrence
399317ede4 Store password in vold
If we are not to double prompt, we need to pass the password from
CryptKeeper to KeyStore. Since the entire framework is taken down
and restarted, we must store the password in a secure system daemon.
There seems no better way than holding it in vold.

Change-Id: Ia60f2f051fc3f87c4b6468465f17b655f43f97de
2014-03-21 11:15:39 -07:00
Paul Lawrence
8561b5c9f5 Fix setfield/getfield
Check for versions >= feature version, not equal

Bug: 13526708
Change-Id: Ie07f6334e6b7c5ca0d7f83ba00827a508e2c2963
2014-03-18 10:52:14 -07:00
Paul Lawrence
684dbdf316 Infrastructure to securely allow only one prompt at boot when encrypted
Add a call to vold that says if we decrypted the data partition. Reset the
flag so that it only returns true the first time.

Bug: 12990752
Change-Id: Ib00be87137c00fb8ad29205c85a3ea187764b702
2014-02-14 17:41:18 +00:00
Paul Lawrence
1348603357 Enable auto-encrypt drive at startup
Modify enablecrypto command to make the password optional. When it is
not there, default encrypt the device.

Remove a warning by making at least some parts of this file const-correct.

Bug: 11985952
Change-Id: Ie27da4c4072386d9d6519d97ff46c6dc4ed188dc
2014-02-14 09:34:44 -08:00
Paul Lawrence
931f15d050 Merge "Support default, pattern, pin and password encryption types" 2014-02-14 15:24:13 +00:00
Mark Salyzyn
2c1bbe0c44 am 49dd24c2: am 1dc1fb4a: Merge "vold: suppress unused argument warning messages"
* commit '49dd24c238e86c57e97f919af7fbf8ee3d79b737':
  vold: suppress unused argument warning messages
2014-02-13 00:19:54 +00:00
Paul Lawrence
f4faa575c9 Support default, pattern, pin and password encryption types
Store encryption type in crypto footer, and provide functions to
manipulate it. Add mount_default_encrypted command to vdc to allow
mounting of default encrypted volumes at boot time.

Bug: 8769627
Change-Id: Ie41848f258e128b48b579e09789abfa24c95e2b2
2014-02-12 14:54:40 -08:00
Mark Salyzyn
5eecc449cc vold: suppress unused argument warning messages
(cherry picked from commit 3e971277db)

Change-Id: Ic1ab533f756fbd44b1f2e5ae12e2f5736ace7740
2014-02-12 14:27:51 -08:00
Mark Salyzyn
3e971277db vold: suppress unused argument warning messages
Change-Id: Ic1ab533f756fbd44b1f2e5ae12e2f5736ace7740
2014-02-12 20:18:28 +00:00
Colin Cross
88948cd60c am e985c9ab: am 1d8e3ce8: Merge "vold: fix errors inside ALOGV"
* commit 'e985c9ab10fed452b97138170b4d69288d076b06':
  vold: fix errors inside ALOGV
2014-02-10 12:51:31 +00:00
Colin Cross
59846b654e vold: fix errors inside ALOGV
Fix errors exposed by adding compile-time checking to disabled ALOGVs.

Change-Id: I29bd6e9a7648ccca02e0e9a96b79ee0ea7b5cfc6
2014-02-06 20:34:29 -08:00
Paul Lawrence
ae59fe6c19 Fast ext4 encryption
For ext4 filesystems, only encrypt blocks in use.

Needs matching ext4 utils changes from
 https://googleplex-android-review.git.corp.google.com/#/c/409575

Bug: 11985952
Change-Id: I89df051c25105daf3f469cc980195202f8be6786
2014-01-29 22:29:10 +00:00
Doug Zongker
6fd5771337 allow encrypted filesystems to be mounted readonly
By setting ro.crypto.readonly to 1, cryptfs will mount an encrypted
filesystem that is normally mounted read-write as read-only instead.
To be used when recovery mounts /data.

Bug: 12188746
Change-Id: If3f3f9a3024f29ebc4ad721a48546a332cb92b6b
2013-12-17 09:43:23 -08:00
JP Abgrall
dbf5b6652c am 46f8c2b9: am 7bdfa52d: vold: cryptfs: Don\'t update KDF without validating pwd/key.
* commit '46f8c2b954e11c2266871b8110b74bd6a11f3661':
  vold: cryptfs: Don't update KDF without validating pwd/key.
2013-11-15 14:25:37 -08:00
JP Abgrall
7bdfa52d93 vold: cryptfs: Don't update KDF without validating pwd/key.
Prior to this, the Key derivation function would get
 blindly updated even if the user entered the wrong password.
Now, we only attempt to upgrade the KDF if the pwd/key have
been verified (i.e. after a successful mount).

Bug: 11460197
Change-Id: I0469228cc9b87c47754e8ca3c7146651da177da5
2013-11-15 13:42:56 -08:00
JP Abgrall
502dc74153 vold: cryptfs: Retry encryption after killing processes using /data
Currently, if a non-framework process or service is using /data,
unmounting will fail as nothing will kill it.
Instead of rebooting on unmount failure, we now kill all processes
using /data, then try one more time.

Bug: 11291208
Change-Id: I6c5276c78aa55965914ace96e1db74dc80fca3c1
2013-11-01 13:08:46 -07:00
Ken Sumrall
e550f78a3f Use android_fork_execvp() instead of system(3) to format filesystems
With the recent selinux changes imposed on vold, it no longer has
permission to run a shell, so invoking the filesystem formatting
commands with system(3) gives an error.  So change to using
android_fork_execvp().

Bug: 10279958

Change-Id: Ifa18b28867618858ec7c5cfcc67935e377de38fb
2013-08-21 11:30:16 -07:00
Kenny Root
2947e34e41 Initialize iterator
Iterator wasn't initialized in scrypt parameter scanning.

Bug: 10330227
Change-Id: If41fc25d9f827106fa8329bdb5966b7d786fddcb
2013-08-14 23:26:19 +00:00
Ken Sumrall
558830c38a Merge "vold: Use the new method of rebooting by asking init to do it" 2013-06-28 02:47:46 +00:00
Ken Sumrall
adfba3626e vold: Use the new method of rebooting by asking init to do it
Change-Id: I7fd5f1048c3cf43fa14597f079c929690cac367c
2013-06-26 17:51:44 -07:00
Kenny Root
c4c70f15bb Change key derivation to scrypt
scrypt is a sequential memory-hard key derivation algorithm that makes
it more difficult for adversaries to brute force passwords using
specialized equipment. See http://www.tarsnap.com/scrypt/scrypt.pdf for
more details of the algorithm.

This adds support for initializing disk encryption using scrypt and
upgrading from the previous PBKDF2 algorithm.

Change-Id: I1d26db4eb9d27fea7310be3e49c8e6219e6d2c3b
2013-06-24 09:40:54 -07:00
Kenny Root
c96a5f8edf Extract some version constants to header
In order to make it easier to upgrade the crypto footer, extract some
constants to a header file instead. Then the header can control what the
current version is and the upgrade_crypto_ftr code should be the only
thing that needs to be updated.

Change-Id: I3ed5a7d3b640419cd8af91388d94a00de8cc09db
2013-06-14 12:50:02 -07:00
Kenny Root
7434b3111b Change upgrade code to allow multiple versions
In the future, we'd like to have the ability to upgrade from any
supported version to any future version. Change the upgrade function
slightly to support this.

Change-Id: I3b20ccfff51c4c86f1e5e08690c263dc95ff5ce4
2013-06-14 11:32:18 -07:00
Ken Sumrall
9caab76c6b vold: Add an optional wipe paramter to the volume format command
The new wipe option to the vold format command will invoke BLKDISCARD
on the partition before invoking newfs_msdos.  This will be used whenever
a full wipe of the device is wanted, as this is more secure than just
doing newfs_msdos.

Bug: 9392982
Change-Id: Ie106f1b9cc70abc61206006d1821641c27c7ccae
2013-06-12 18:42:02 -07:00
Ken Sumrall
e88e1eb745 am c587269c: vold: Increase timeout due to selinux changes
* commit 'c587269c5a34d4e7412ff42e53ed6312359a8505':
  vold: Increase timeout due to selinux changes
2013-05-14 19:19:22 -07:00
Ken Sumrall
c587269c5a vold: Increase timeout due to selinux changes
The new selinux_reload_policy command can take a while to complete on
some systems.  The reason is being investigated, and hopefully a fix can
be found to improve performance, but for now, increase the timeout that
vold waits for the post_fs_data section to complete when decrypting a
device on boot.

Also, emit a decent error message if the device times out.

Bug: 8967715
Change-Id: Ifb01c983dffe095a9de752c17c467a1751e9ce99
2013-05-14 15:26:31 -07:00
Alex Klyubin
707795ad39 Fix a typo in a comment
Change-Id: Ibb9667d762189849ebcbefef4ba70ffd34cf885e
2013-05-10 15:17:07 -07:00
Ken Sumrall
160b4d68ec vold: Add support for unencrypted persistent info
In order to display the correct language, timezone, airplane
mode and other settings on the decrypt screen, a copy of those
settings needs to be stored unencrypted so the framework can
query them.  This adds support to vold to store up to 32
property like key/value pairs that are not encrypted.

Change-Id: Id5c936d2c57d46ed5cff9325d92ba1e8d2ec8972
2013-04-26 15:44:59 -07:00
Ken Sumrall
56ad03cae1 vold: use unified fstab format
Change vold to use the unified fstab.  This includes both
support for sdcards, and changes to the crypto code to work
with some changes to the fs_mgr library api.

Change-Id: Id5a8aa5b699afe151db6e31aa0d76105f9c95a80
2013-02-15 18:21:56 -08:00
Ken Sumrall
db5e026058 Enable allow_discards if dm-crypt supports it
dm-crypt version 1.11.0 and later supports the allow_discards option
when setting up a crypto device.  This passes discard requests from
the filesytem to the underlying block device.  This helps make flash
based storage faster.  So query the dm-crypt version, and pass the
option if the version is 1.11.0 or greater.

Change-Id: If30e9db5a2dbd6ea0281d91344e5b2c35e75131e
2013-02-07 15:05:54 -08:00
Ken Sumrall
92736efab0 Another fix for encryption
The previous problem of the framework not properly restarting after accepting
the password to decrypt the storage is also a problem when restarting the
framework to display the encryption progress screen.  So like the previous
hacky fix, add a sleep to wait a few moments before proceeding.  Also,
increase the sleep of the previous fix from 1 second to 2, as the problem
was seen once more in testing.  A proper fix has been designed and hopefully
will work and be checked-in RSN.

Change-Id: Icc2c072ce7f7ebcdea22cd7ff8cb2b87a627c578
2012-10-17 20:57:14 -07:00
Ken Sumrall
9dedfd473d Fix encryption on certain devices
There is a race in the encryption code that after it accepts the
decryption password, it tells init to kill all the processes in
class "main", then it mounts the decrypted filesystem, preps it,
and restarts the framework.  For an unknown reason on some devices,
the new framework sometimes starts up before init has killed and
reaped all the old processes.  The proper fix is to make the killing
of the old framework synchronous, so vold waits till all the
processes have died.  But with factory rom a few days away, the
much more pragmatic solution of adding a sleep of 1 second after
telling init to kill the old framework will suffice.

Bug: 7271212
Change-Id: Ie971cd04abbc6f3f6500b4acd79d3b3b26d9561c
2012-10-09 14:30:00 -07:00
Jeff Sharkey
b77bc4696b Update environment variable for multi-user.
Bug: 7260040
Change-Id: I96d821e11a3f0be32bfe92a4151f00f2b15d100e
2012-10-01 14:36:26 -07:00
Ken Sumrall
e919efea94 Workaround a kernel race when loading dmcrypt table
The kernel seems to return from umount(2) sometimes before it has
released the underlying block device.  So until the kernel is fixed,
try up to 10 times to load the crypto mapping table, waiting 500 ms
between tries.

bug: 7220345

Change-Id: Iad3bbef37cbe2e01613bb8a8c4886babdecb8328
2012-09-29 17:24:46 -07:00
Jeff Sharkey
7382f81fba Unmount external storage on multi-user devices.
Bug: 7044670
Change-Id: If1f99968b0392cae9420d067c75bfc18d1067b2c
2012-08-23 14:09:14 -07:00
Ken Sumrall
912d0b0755 Merge "Fix a typo in cryptfs.c" 2012-06-28 17:58:50 -07:00
Ken Sumrall
319369ac11 Fix a typo in cryptfs.c
Change-Id: If629fa996b135e432bc89da7518b0c1f02750b45
2012-06-27 16:30:18 -07:00
Nick Kralevich
4684e58a8d Add mode when open(O_CREAT) is used.
When creating a new file using open(..., O_CREAT), it is an error
to fail to specify a creation mode. If a mode is not specified, a
random stack provided value is used as the "mode".

This will become a compile error in a future Android change.

Change-Id: I761708c001247d7a2faac2e286288b45bfecc6f7
2012-06-26 15:07:03 -07:00
Ken Sumrall
425524dba1 Unmount all asec apps before encrypting
Now that forward locked apps are stored on /data as asec image files
that are mounted, they need to be unmounted before /data can be unmounted
so it can be encrypted.

Change-Id: I7c87deb52aaed21c8ad8ce8aceb7c15c2338620a
2012-06-15 14:46:53 -07:00
Ken Sumrall
e5032c42da Changes to encryption to work with the new filesystem manager
The new filesystem manager is in charge of mounting the block devices now,
removing much of the knowledge from init.<device>.rc.  This also let us
clean up some init code dealing with encryption, so this change updates
vold to work with that.  More cleanup is possible, but the main goal of the
filesystem manager was to enable e2fsck, not a full cleanup of encryption.

Change-Id: I00ea80a923d14770ed8fdd190e8840be195f8514
2012-05-01 13:14:55 -07:00
Ken Sumrall
f0679f0da4 Changes to encryption to work with the new filesystem manager
The new filesystem manager is in charge of mounting the block devices now,
removing much of the knowledge from init.<device>.rc.  This also let us
clean up some init code dealing with encryption, so this change updates
vold to work with that.  More cleanup is possible, but the main goal of the
filesystem manager was to enable e2fsck, not a full cleanup of encryption.

Change-Id: I00ea80a923d14770ed8fdd190e8840be195f8514
2012-04-27 16:44:22 -07:00
Ken Sumrall
d02a47239c Merge "Fix to not return a bogus decryption error when a device is not encrypted." 2012-03-09 17:02:44 -08:00
Mike Lockwood
ee6d8c42f3 Add support for wiping data immediately if crypt fails
Needed for headless devices that need to recover with no user intervention

Bug: 5556856

Change-Id: I0f85591df513a6893324fb057bde114ac1df044b
Signed-off-by: Mike Lockwood <lockwood@google.com>
2012-02-16 09:39:27 -08:00
Ken Sumrall
e1a4585784 Fix to not return a bogus decryption error when a device is not encrypted.
If there is filesystem damage on a non-encrypted device, and /data is not
mountable, and if the device stores the keys in a file on a different
partition (like on Crespo) then, vold would return an error which caused
the crypto UI to present an option to the user to wipe the device because
it assumed encryption had failed.  This fixes it to not do that.

Change-Id: Ibff6299787b45768416dbc4052de7db3b140b808
2011-12-14 22:33:45 -08:00
Ken Sumrall
3ad9072a5d Add the new verifypw command to vold/cryptfs
This vold command returns 0 if the given password matches the password
used to decrypt the device on boot.  It returns 1 if they don't match,
and it returns -1 on an internal error, and -2 if the device is not encrypted.

Also check the uid of the sender of the command and only allow the root and
system users to issue cryptfs commands.

Change-Id: I5e5ae3b72a2d7814ae68c2d49aa9deb90fb1dac5
2011-10-12 19:10:38 -07:00
Ken Sumrall
3be890f59c Fix cryptfs to work with a raw block device for key storage
If a raw block is specified for key storage, do not try to force the size
of the file to 16 Kbytes when writing the keys, and do not complain if
the size is not 16 Kbytes when reading the keys.  Only do them if the
keyfile is a regular file.

Change-Id: I4de1cb7c3614479d93289d4f2767ca6ce1bbbc73
2011-09-14 16:53:46 -07:00
Ken Sumrall
0b8b597193 Add the ability to revert a crypto mapping when unmounting a volume
Add the force_and_revert option to the unmount command which will force
the unmount, and revert a crypto mapping.  This is used during factory
reset so that when the internal sdcard volume is formatted, it formats
the raw device, not the encrypted mapping.

Change-Id: I36b6ff9bb54863b121de635472a303bf4a2334a9
2011-08-31 18:09:35 -07:00
Ken Sumrall
3b17005083 Prevent sharing or formatting of a vold managed volumes during encryption.
Mounting was already not allowed, but also unshare before starting
encryption, and don't allow sharing or formatting to be initiated
during encrytion.

Change-Id: Ida188d81f025739ba4dd90492b3e66088735991e
2011-07-11 15:38:57 -07:00
Ken Sumrall
128626fc5a Fix to display the proper percentage complete during encryption.
Forgot to include the size of the userdata partition when computing
the total size of vold managed volumes to encrypt.

Change-Id: I237548439d4380b4225ffbc603fa972c3b1c5bae
2011-07-11 15:33:05 -07:00
Ken Sumrall
319b1043bb Don't abort the encryption process if an internal volume is present but unmounted.
It is not a failure if the SD card is not mounted.

Change-Id: If954f77c55ac124b9b7b39c89ffbafb4e5ea9e98
2011-06-14 14:01:55 -07:00
Ken Sumrall
29d8da8cef vold: allow to store key in a file on another partition
Add support for keeping the keys in a separate file on another partition,
for devices with no space reserved for a footer after the userdata filesystem.

Add support for encrypting the volumes managed by vold, if they meet certain
criteria, namely being marked as nonremovable and encryptable in vold.fstab.
A bit of trickiness is required to keep vold happy.

Change-Id: Idf0611f74b56c1026c45742ca82e0c26e58828fe
2011-06-02 16:30:14 -07:00
Ken Sumrall
ad2ac33460 Load persistent properties after mounting an encrypted /data partition.
Fix for bug 3415286.  Trigger an action in init.rc to load the persistent
properties after /data has been decrypted and mounted.

Change-Id: I5fe3b481bcc6963113e830728c204b22ffc3b722
2011-03-09 17:34:55 -08:00
Ken Sumrall
c290eaf685 Teach vold to use the new android_reboot() function.
The new android_reboot() function is a nicer way to reboot.
It can optionally sync(2) and remount as read-only writable
filesystems.  This fixes bug 3350709.

Change-Id: I4618bd5e8cccdce08494a7ca3f40ef72b2875e68
2011-03-09 17:34:44 -08:00
Ken Sumrall
cd235da6fb Enable detection of failed encryption process, for bug 3384231.
Need to detect if the encryption process didn't finish successfully, and if
so, provide a way for the UI to detect that and give the user an option to
wipe the system clean.  Otherwise, the user is stuck in a reboot loop, and
they will need to do magic button presses to enter recovery and wipe the
device to get out of it.

Change-Id: I58253e1e523ee42bdd1a59aa7d8a9d20071bd18b
2011-02-15 14:53:36 -08:00
Ken Sumrall
7f7dbaa278 Improve detection of incomplete encryption
Bug 3384231 is punted to MR1, but the code to set the flag is already
in the tree, so this CL does 3 things:

1.  Comments out the lines that set the flag
2.  Removes the change to the checkpw that was added in the last change.
3.  Implements a new command to check the flag (which no one is calling
    yet and the flag won't be set anyhow).

When MR1 comes, it will be a simple matter to enable the flag setting
code and start testing it.

The fear is a false positive detection of incomplete encryption could
cause people to be prompted to wipe their data when MR1 comes out and
the flag is checked.  Not setting this for first release, and testing
this more before MR1, will give us confidence that the code will not
detect false positives of encryption failure.

Change-Id: I6dfba11646e291fe5867e8375b71a53c815f3968
2011-02-01 15:46:41 -08:00
Ken Sumrall
d33d417e3a Detect when encryption failed to complete
For the case there encryption failes to complete because of a kernel
crash or the user power cycling the device, define a flag in the
crypto footer that says encryption is in progress.  Set it when starting
the actual encryption, and clear it when it successfully completes.

When the user is asked for the disk password, if the flag is set,
return a special error to the caller so the UI can know to tell the
user there is no valid data on the disk, and present a button to
wipe and reset the device.

Change-Id: I3723ec77f33437d94b3ac9ad5db0a5c950d11648
2011-02-01 00:49:13 -08:00
Ken Sumrall
5d4c68e407 Have vold grab a partial wakelock when encrypting
The Progress bar UI grabs a full wakelock when encrypting, but we've seen
a case where it looks like the progress bar UI crashes, and the wakelock is
lost, and then all hell breaks loose.  The enablecrypto command has a lot of
work to do, and it will take some time, so it should grab a wakelock to
ensure it can finish without being interrupted and put to sleep.

It grabs a partial wake lock, as it doesn't need the screen to be on to do
its work.  If the UI wants to keep it on, it should also grab a full wakelock,
which it does.  If the UI crashes, the screen may turn off, but the encryption
will keep going, and vold will reboot the device when it's done.

Change-Id: I51d3a72b8c77383044a3facb1604c1ee510733ae
2011-01-30 19:10:07 -08:00
Ken Sumrall
3f476690ea Merge "Don't try to encrypt in place a filesystem that is too large and return proper errors" into honeycomb 2011-01-29 20:45:31 -08:00
Ken Sumrall
3ed8236de1 Don't try to encrypt in place a filesystem that is too large and return proper errors
If the already existing filesystem encompasses the entire /data partition
and does not leave the last 16 Kbytes for the crypto footer, refuse to
do encrypt in place and return an error.  This is only an issue for folks
with early development systems trying to encrypt an old /data.  This should
not be seen in released devices.

Also, if there is an error, try to report back to the UI what the error was
so it can deal with it.

Change-Id: If66781a4fe03034c96c3dd12075240deb8663db0
2011-01-29 00:48:30 -08:00
Jason parks
70a4b3fd7a Change cryptfs changepw to only require a new password.
The master key is now stored unhashed in memory. This
is needed because certain operation like remote reseting
of passwords the old password is not avaliable.
The changepw interface has been changed to only take
the new password as the only argument. When this is
called we reencrypt the master key with the new password
and old salt.

Bug: 3382129
Change-Id: I9a596b89013194605d6d7790067691aa0dc75e72
2011-01-28 10:17:44 -06:00
Ken Sumrall
e874407036 Create and use a salt when calling pbkdf2 to encrypt/decrypt the master key.
In order to prevent rainbow table attacks on decrypting the master key,
create a 16 byte "salt" by reading /dev/urandom.  This is done right after
reading urandom to get the master key for the filesystem.  The salt is
stored 32 bytes after the end of the key (a padding added to help prevent
accidental overwriting of the salt) and the salt is fixed at 16 bytes long.

This change will make existing encrypted filesystems unusable.

Change-Id: I420549d064c61d38aea78eef4d86c88acb265ca3
2011-01-18 22:01:55 -08:00
Ken Sumrall
0cc166385a Verify that it's OK to run the various cryptfs commands
Maintain and query some internal state to know if it's OK to run
the various cryptfs commands.  Do not allow enablecrypto to run if
the device is already encrypted.  Do no allow restart to run if
we have already run it before or if the password has not been
validated.  Do not allow checkpw to run if not encrypted, or it
has already validated the password.

This is an extra layer of safety on top of the checks up in the
UI code agains possible DoS attacks on the device.

Change-Id: I9afc8d42773020e82a512e6b637feede101d1362
2011-01-18 20:32:26 -08:00
Ken Sumrall
7df84120b2 Don't wait for the framework to come up before starting to encrypt in place.
Also, change the value that triggers the progress bar framework from
"startup" to "0" in the property vold.encrypt_progress.

Change-Id: I3890e66a95283ce2ceeca82f516859b083919b9e
2011-01-18 14:04:08 -08:00
Ken Sumrall
57b63e61cb Minor tweaks to logging for the cryptfs changepw command.
Change-Id: I87ff9788a56de6d461002407bf6c3cd4c6f900ee
2011-01-17 18:29:19 -08:00
Ken Sumrall
8ddbe40a8a Updates to cryptfs framework.
Update the enable inplace API to allow the UI to show a progress bar.
Add new command changepw (whichis currently not working)
Internal restructuring of code to support these two features.
Some minor cleanup of the code as well.

Change-Id: I11461fc9ce66965bea6cd0b6bb2ff48bcf607b97
2011-01-17 15:26:29 -08:00
Ken Sumrall
6864b7ec94 Change the cryptfs command to separate out checking the password and restarting
In order to make the animations and the UI look right, we need to change
the cryptfs checkpw command to return a status if the password was
correct or not, and not have it automatically restart if it's correct.

There is a new command restart that will restart the framework with the
encrypted filesystem.

Change-Id: Ia8ae00d7ed8667699aa58d05ad8ba953cca9316e
2011-01-14 15:20:02 -08:00
Ken Sumrall
2eaf713852 Cleanup a few issues with the cryptfs code.
Now that the framework shuts down quickly, remove the 30
second sleep when enabling crypto.  Also, stop spewing
the secret master key to the disk in the system log!

Change-Id: Icb3f9456ababe3dff8de52cbbae92da0e9e5dd2f
2011-01-14 14:23:26 -08:00
Ken Sumrall
8f869aa1bc Support for encrypting /data on Stingray.
There are still a few hacks and performance issues related
to shutting down the framework in this code, but it is
functional and tested.  Without the UI changes, it requires
cryptic adb shell commands to enable, which I shall not
utter here.

Change-Id: I0b8f90afd707e17fbdb0373d156236946633cf8b
2010-12-18 18:35:56 -08:00