7f7dbaa278
Bug 3384231 is punted to MR1, but the code to set the flag is already
in the tree, so this CL does 3 things:
1. Comments out the lines that set the flag
2. Removes the change to the checkpw that was added in the last change.
3. Implements a new command to check the flag (which no one is calling
yet and the flag won't be set anyhow).
When MR1 comes, it will be a simple matter to enable the flag setting
code and start testing it.
The fear is a false positive detection of incomplete encryption could
cause people to be prompted to wipe their data when MR1 comes out and
the flag is checked. Not setting this for first release, and testing
this more before MR1, will give us confidence that the code will not
detect false positives of encryption failure.
Change-Id: I6dfba11646e291fe5867e8375b71a53c815f3968
72 lines
2.4 KiB
C
72 lines
2.4 KiB
C
/*
|
|
* Copyright (C) 2010 The Android Open Source Project
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* you may not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*/
|
|
|
|
/* This structure starts 16,384 bytes before the end of a hardware
|
|
* partition that is encrypted.
|
|
* Immediately following this structure is the encrypted key.
|
|
* The keysize field tells how long the key is, in bytes.
|
|
* Then there is 32 bytes of padding,
|
|
* Finally there is the salt used with the user password.
|
|
* The salt is fixed at 16 bytes long.
|
|
* Obviously, the filesystem does not include the last 16 kbytes
|
|
* of the partition.
|
|
*/
|
|
|
|
#define CRYPT_FOOTER_OFFSET 0x4000
|
|
|
|
#define MAX_CRYPTO_TYPE_NAME_LEN 64
|
|
|
|
#define SALT_LEN 16
|
|
#define KEY_TO_SALT_PADDING 32
|
|
|
|
/* definitions of flags in the structure below */
|
|
#define CRYPT_MNT_KEY_UNENCRYPTED 0x1 /* The key for the partition is not encrypted. */
|
|
#define CRYPT_ENCRYPTION_IN_PROGRESS 0x2 /* Set when starting encryption,
|
|
* clear when done before rebooting */
|
|
|
|
#define CRYPT_MNT_MAGIC 0xD0B5B1C4
|
|
|
|
#define __le32 unsigned int
|
|
#define __le16 unsigned short int
|
|
|
|
struct crypt_mnt_ftr {
|
|
__le32 magic; /* See above */
|
|
__le16 major_version;
|
|
__le16 minor_version;
|
|
__le32 ftr_size; /* in bytes, not including key following */
|
|
__le32 flags; /* See above */
|
|
__le32 keysize; /* in bytes */
|
|
__le32 spare1; /* ignored */
|
|
__le64 fs_size; /* Size of the encrypted fs, in 512 byte sectors */
|
|
__le32 failed_decrypt_count; /* count of # of failed attempts to decrypt and
|
|
mount, set to 0 on successful mount */
|
|
unsigned char crypto_type_name[MAX_CRYPTO_TYPE_NAME_LEN]; /* The type of encryption
|
|
needed to decrypt this
|
|
partition, null terminated */
|
|
};
|
|
|
|
#ifdef __cplusplus
|
|
extern "C" {
|
|
#endif
|
|
int cryptfs_crypto_complete(void);
|
|
int cryptfs_check_passwd(char *pw);
|
|
int cryptfs_restart(void);
|
|
int cryptfs_enable(char *flag, char *passwd);
|
|
int cryptfs_changepw(char *newpw);
|
|
#ifdef __cplusplus
|
|
}
|
|
#endif
|
|
|