Lines Matching refs:crypt_ftr
119 static int put_crypt_ftr_and_key(struct crypt_mnt_ftr* crypt_ftr);
504 static void set_ftr_sha(struct crypt_mnt_ftr* crypt_ftr) { in set_ftr_sha() argument
507 memset(crypt_ftr->sha256, 0, sizeof(crypt_ftr->sha256)); in set_ftr_sha()
508 SHA256_Update(&c, crypt_ftr, sizeof(*crypt_ftr)); in set_ftr_sha()
509 SHA256_Final(crypt_ftr->sha256, &c); in set_ftr_sha()
515 static int put_crypt_ftr_and_key(struct crypt_mnt_ftr* crypt_ftr) { in put_crypt_ftr_and_key() argument
526 set_ftr_sha(crypt_ftr); in put_crypt_ftr_and_key()
547 … if ((cnt = write(fd, crypt_ftr, sizeof(struct crypt_mnt_ftr))) != sizeof(struct crypt_mnt_ftr)) { in put_crypt_ftr_and_key()
569 static bool check_ftr_sha(const struct crypt_mnt_ftr* crypt_ftr) { in check_ftr_sha() argument
571 memcpy(©, crypt_ftr, sizeof(copy)); in check_ftr_sha()
573 return memcmp(copy.sha256, crypt_ftr->sha256, sizeof(copy.sha256)) == 0; in check_ftr_sha()
595 static void upgrade_crypt_ftr(int fd, struct crypt_mnt_ftr* crypt_ftr, off64_t offset) { in upgrade_crypt_ftr() argument
596 int orig_major = crypt_ftr->major_version; in upgrade_crypt_ftr()
597 int orig_minor = crypt_ftr->minor_version; in upgrade_crypt_ftr()
599 if ((crypt_ftr->major_version == 1) && (crypt_ftr->minor_version == 0)) { in upgrade_crypt_ftr()
626 crypt_ftr->persist_data_size = CRYPT_PERSIST_DATA_SIZE; in upgrade_crypt_ftr()
627 crypt_ftr->persist_data_offset[0] = pdata_offset; in upgrade_crypt_ftr()
628 crypt_ftr->persist_data_offset[1] = pdata_offset + CRYPT_PERSIST_DATA_SIZE; in upgrade_crypt_ftr()
629 crypt_ftr->minor_version = 1; in upgrade_crypt_ftr()
633 if ((crypt_ftr->major_version == 1) && (crypt_ftr->minor_version == 1)) { in upgrade_crypt_ftr()
638 crypt_ftr->kdf_type = KDF_PBKDF2; in upgrade_crypt_ftr()
639 get_device_scrypt_params(crypt_ftr); in upgrade_crypt_ftr()
640 crypt_ftr->minor_version = 2; in upgrade_crypt_ftr()
643 if ((crypt_ftr->major_version == 1) && (crypt_ftr->minor_version == 2)) { in upgrade_crypt_ftr()
645 crypt_ftr->crypt_type = CRYPT_TYPE_PASSWORD; in upgrade_crypt_ftr()
646 crypt_ftr->minor_version = 3; in upgrade_crypt_ftr()
649 if ((orig_major != crypt_ftr->major_version) || (orig_minor != crypt_ftr->minor_version)) { in upgrade_crypt_ftr()
654 unix_write(fd, crypt_ftr, sizeof(struct crypt_mnt_ftr)); in upgrade_crypt_ftr()
658 static int get_crypt_ftr_and_key(struct crypt_mnt_ftr* crypt_ftr) { in get_crypt_ftr_and_key() argument
692 if ((cnt = read(fd, crypt_ftr, sizeof(struct crypt_mnt_ftr))) != sizeof(struct crypt_mnt_ftr)) { in get_crypt_ftr_and_key()
697 if (crypt_ftr->magic != CRYPT_MNT_MAGIC) { in get_crypt_ftr_and_key()
702 if (crypt_ftr->major_version != CURRENT_MAJOR_VERSION) { in get_crypt_ftr_and_key()
704 crypt_ftr->major_version, CURRENT_MAJOR_VERSION); in get_crypt_ftr_and_key()
711 if ((crypt_ftr->keysize == 0) || ((crypt_ftr->keysize % 16) != 0) || in get_crypt_ftr_and_key()
712 (crypt_ftr->keysize > MAX_KEY_LEN)) { in get_crypt_ftr_and_key()
716 crypt_ftr->keysize, fname, MAX_KEY_LEN); in get_crypt_ftr_and_key()
720 if (crypt_ftr->minor_version > CURRENT_MINOR_VERSION) { in get_crypt_ftr_and_key()
722 crypt_ftr->minor_version, CURRENT_MINOR_VERSION); in get_crypt_ftr_and_key()
728 if (crypt_ftr->minor_version < CURRENT_MINOR_VERSION) { in get_crypt_ftr_and_key()
729 upgrade_crypt_ftr(fd, crypt_ftr, starting_off); in get_crypt_ftr_and_key()
740 static int validate_persistent_data_storage(struct crypt_mnt_ftr* crypt_ftr) { in validate_persistent_data_storage() argument
741 if (crypt_ftr->persist_data_offset[0] + crypt_ftr->persist_data_size > in validate_persistent_data_storage()
742 crypt_ftr->persist_data_offset[1]) { in validate_persistent_data_storage()
747 if (crypt_ftr->persist_data_offset[0] >= crypt_ftr->persist_data_offset[1]) { in validate_persistent_data_storage()
752 if (((crypt_ftr->persist_data_offset[1] + crypt_ftr->persist_data_size) - in validate_persistent_data_storage()
753 (crypt_ftr->persist_data_offset[0] - CRYPT_FOOTER_TO_PERSIST_OFFSET)) > in validate_persistent_data_storage()
763 struct crypt_mnt_ftr crypt_ftr; in load_persistent_data() local
789 if (get_crypt_ftr_and_key(&crypt_ftr)) { in load_persistent_data()
793 if ((crypt_ftr.major_version < 1) || in load_persistent_data()
794 (crypt_ftr.major_version == 1 && crypt_ftr.minor_version < 1)) { in load_persistent_data()
803 ret = validate_persistent_data_storage(&crypt_ftr); in load_persistent_data()
814 pdata = (crypt_persist_data*)malloc(crypt_ftr.persist_data_size); in load_persistent_data()
821 if (lseek64(fd, crypt_ftr.persist_data_offset[i], SEEK_SET) < 0) { in load_persistent_data()
825 if (unix_read(fd, pdata, crypt_ftr.persist_data_size) < 0) { in load_persistent_data()
837 init_empty_persist_data(pdata, crypt_ftr.persist_data_size); in load_persistent_data()
854 struct crypt_mnt_ftr crypt_ftr; in save_persistent_data() local
867 if (get_crypt_ftr_and_key(&crypt_ftr)) { in save_persistent_data()
871 if ((crypt_ftr.major_version < 1) || in save_persistent_data()
872 (crypt_ftr.major_version == 1 && crypt_ftr.minor_version < 1)) { in save_persistent_data()
877 ret = validate_persistent_data_storage(&crypt_ftr); in save_persistent_data()
892 pdata = (crypt_persist_data*)malloc(crypt_ftr.persist_data_size); in save_persistent_data()
898 if (lseek64(fd, crypt_ftr.persist_data_offset[0], SEEK_SET) < 0) { in save_persistent_data()
903 if (unix_read(fd, pdata, crypt_ftr.persist_data_size) < 0) { in save_persistent_data()
911 write_offset = crypt_ftr.persist_data_offset[1]; in save_persistent_data()
912 erase_offset = crypt_ftr.persist_data_offset[0]; in save_persistent_data()
916 write_offset = crypt_ftr.persist_data_offset[0]; in save_persistent_data()
917 erase_offset = crypt_ftr.persist_data_offset[1]; in save_persistent_data()
925 if (unix_write(fd, persist_data, crypt_ftr.persist_data_size) == in save_persistent_data()
926 (int)crypt_ftr.persist_data_size) { in save_persistent_data()
932 memset(pdata, 0, crypt_ftr.persist_data_size); in save_persistent_data()
933 … if (unix_write(fd, pdata, crypt_ftr.persist_data_size) != (int)crypt_ftr.persist_data_size) { in save_persistent_data()
976 static int load_crypto_mapping_table(struct crypt_mnt_ftr* crypt_ftr, in load_crypto_mapping_table() argument
998 tgt->length = crypt_ftr->fs_size; in load_crypto_mapping_table()
1002 convert_key_to_hex_ascii(master_key, crypt_ftr->keysize, master_key_ascii); in load_crypto_mapping_table()
1007 name, crypt_ftr->crypto_type_name, crypt_ftr->keysize, real_blk_name, tgt->length * 512, in load_crypto_mapping_table()
1010 crypt_ftr->crypto_type_name, master_key_ascii, real_blk_name, extra_params); in load_crypto_mapping_table()
1105 static int create_crypto_blk_dev(struct crypt_mnt_ftr* crypt_ftr, const unsigned char* master_key, in create_crypto_blk_dev() argument
1150 if (add_sector_size_param(&extra_params_vec, crypt_ftr)) { in create_crypto_blk_dev()
1154 load_count = load_crypto_mapping_table(crypt_ftr, master_key, real_blk_name, name, fd, in create_crypto_blk_dev()
1281 … unsigned char* encrypted_master_key, struct crypt_mnt_ftr* crypt_ftr) { in encrypt_master_key() argument
1288 get_device_scrypt_params(crypt_ftr); in encrypt_master_key()
1290 switch (crypt_ftr->kdf_type) { in encrypt_master_key()
1292 if (keymaster_create_key(crypt_ftr)) { in encrypt_master_key()
1297 if (scrypt_keymaster(passwd, salt, ikey, crypt_ftr)) { in encrypt_master_key()
1304 if (scrypt(passwd, salt, ikey, crypt_ftr)) { in encrypt_master_key()
1326 crypt_ftr->keysize)) { in encrypt_master_key()
1335 if (encrypted_len + final_len != static_cast<int>(crypt_ftr->keysize)) { in encrypt_master_key()
1345 int N = 1 << crypt_ftr->N_factor; in encrypt_master_key()
1346 int r = 1 << crypt_ftr->r_factor; in encrypt_master_key()
1347 int p = 1 << crypt_ftr->p_factor; in encrypt_master_key()
1349 rc = crypto_scrypt(ikey, INTERMEDIATE_KEY_LEN_BYTES, crypt_ftr->salt, sizeof(crypt_ftr->salt), in encrypt_master_key()
1350 N, r, p, crypt_ftr->scrypted_intermediate_key, in encrypt_master_key()
1351 sizeof(crypt_ftr->scrypted_intermediate_key)); in encrypt_master_key()
1426 struct crypt_mnt_ftr* crypt_ftr, unsigned char** intermediate_key, in decrypt_master_key() argument
1432 get_kdf_func(crypt_ftr, &kdf, &kdf_params); in decrypt_master_key()
1433 ret = decrypt_master_key_aux(passwd, crypt_ftr->salt, crypt_ftr->master_key, crypt_ftr->keysize, in decrypt_master_key()
1444 unsigned char* salt, struct crypt_mnt_ftr* crypt_ftr) { in create_encrypted_random_key() argument
1456 return encrypt_master_key(passwd, salt, key_buf, master_key, crypt_ftr); in create_encrypted_random_key()
1523 struct crypt_mnt_ftr crypt_ftr; in cryptfs_set_corrupt() local
1524 if (get_crypt_ftr_and_key(&crypt_ftr)) { in cryptfs_set_corrupt()
1529 crypt_ftr.flags |= CRYPT_DATA_CORRUPT; in cryptfs_set_corrupt()
1530 if (put_crypt_ftr_and_key(&crypt_ftr)) { in cryptfs_set_corrupt()
1708 struct crypt_mnt_ftr crypt_ftr; in do_crypto_complete() local
1722 if (get_crypt_ftr_and_key(&crypt_ftr)) { in do_crypto_complete()
1743 if (crypt_ftr.flags & CRYPT_ENCRYPTION_IN_PROGRESS) { in do_crypto_complete()
1748 if (crypt_ftr.flags & CRYPT_INCONSISTENT_STATE) { in do_crypto_complete()
1753 if (crypt_ftr.flags & CRYPT_DATA_CORRUPT) { in do_crypto_complete()
1762 static int test_mount_encrypted_fs(struct crypt_mnt_ftr* crypt_ftr, const char* passwd, in test_mount_encrypted_fs() argument
1774 int N = 1 << crypt_ftr->N_factor; in test_mount_encrypted_fs()
1775 int r = 1 << crypt_ftr->r_factor; in test_mount_encrypted_fs()
1776 int p = 1 << crypt_ftr->p_factor; in test_mount_encrypted_fs()
1778 SLOGD("crypt_ftr->fs_size = %lld\n", crypt_ftr->fs_size); in test_mount_encrypted_fs()
1779 orig_failed_decrypt_count = crypt_ftr->failed_decrypt_count; in test_mount_encrypted_fs()
1781 if (!(crypt_ftr->flags & CRYPT_MNT_KEY_UNENCRYPTED)) { in test_mount_encrypted_fs()
1782 if (decrypt_master_key(passwd, decrypted_master_key, crypt_ftr, &intermediate_key, in test_mount_encrypted_fs()
1794 if (create_crypto_blk_dev(crypt_ftr, decrypted_master_key, real_blkdev.c_str(), crypto_blkdev, in test_mount_encrypted_fs()
1802 unsigned char scrypted_intermediate_key[sizeof(crypt_ftr->scrypted_intermediate_key)]; in test_mount_encrypted_fs()
1804 rc = crypto_scrypt(intermediate_key, intermediate_key_size, crypt_ftr->salt, in test_mount_encrypted_fs()
1805 sizeof(crypt_ftr->salt), N, r, p, scrypted_intermediate_key, in test_mount_encrypted_fs()
1809 if (rc == 0 && memcmp(scrypted_intermediate_key, crypt_ftr->scrypted_intermediate_key, in test_mount_encrypted_fs()
1822 rc = ++crypt_ftr->failed_decrypt_count; in test_mount_encrypted_fs()
1823 put_crypt_ftr_and_key(crypt_ftr); in test_mount_encrypted_fs()
1833 crypt_ftr->failed_decrypt_count = 0; in test_mount_encrypted_fs()
1835 put_crypt_ftr_and_key(crypt_ftr); in test_mount_encrypted_fs()
1844 memcpy(saved_master_key, decrypted_master_key, crypt_ftr->keysize); in test_mount_encrypted_fs()
1852 if (crypt_ftr->kdf_type == KDF_SCRYPT_KEYMASTER) { in test_mount_encrypted_fs()
1854 } else if (use_keymaster == 1 && crypt_ftr->kdf_type != KDF_SCRYPT_KEYMASTER) { in test_mount_encrypted_fs()
1855 crypt_ftr->kdf_type = KDF_SCRYPT_KEYMASTER; in test_mount_encrypted_fs()
1857 } else if (use_keymaster == 0 && crypt_ftr->kdf_type != KDF_SCRYPT) { in test_mount_encrypted_fs()
1858 crypt_ftr->kdf_type = KDF_SCRYPT; in test_mount_encrypted_fs()
1863 rc = encrypt_master_key(passwd, crypt_ftr->salt, saved_master_key, in test_mount_encrypted_fs()
1864 crypt_ftr->master_key, crypt_ftr); in test_mount_encrypted_fs()
1866 rc = put_crypt_ftr_and_key(crypt_ftr); in test_mount_encrypted_fs()
1934 int check_unmounted_and_get_ftr(struct crypt_mnt_ftr* crypt_ftr) { in check_unmounted_and_get_ftr() argument
1944 if (get_crypt_ftr_and_key(crypt_ftr)) { in check_unmounted_and_get_ftr()
1959 struct crypt_mnt_ftr crypt_ftr; in cryptfs_check_passwd() local
1962 rc = check_unmounted_and_get_ftr(&crypt_ftr); in cryptfs_check_passwd()
1968 rc = test_mount_encrypted_fs(&crypt_ftr, passwd, DATA_MNT_POINT, CRYPTO_BLOCK_DEVICE); in cryptfs_check_passwd()
1974 if (crypt_ftr.flags & CRYPT_FORCE_COMPLETE) { in cryptfs_check_passwd()
1980 rc = test_mount_encrypted_fs(&crypt_ftr, DEFAULT_PASSWORD, DATA_MNT_POINT, in cryptfs_check_passwd()
1987 crypt_ftr.flags &= ~CRYPT_FORCE_COMPLETE; in cryptfs_check_passwd()
1988 put_crypt_ftr_and_key(&crypt_ftr); in cryptfs_check_passwd()
1989 rc = cryptfs_changepw(crypt_ftr.crypt_type, passwd); in cryptfs_check_passwd()
1996 if (crypt_ftr.crypt_type != CRYPT_TYPE_DEFAULT) { in cryptfs_check_passwd()
2008 struct crypt_mnt_ftr crypt_ftr; in cryptfs_verify_passwd() local
2029 if (get_crypt_ftr_and_key(&crypt_ftr)) { in cryptfs_verify_passwd()
2034 if (crypt_ftr.flags & CRYPT_MNT_KEY_UNENCRYPTED) { in cryptfs_verify_passwd()
2038 decrypt_master_key(passwd, decrypted_master_key, &crypt_ftr, 0, 0); in cryptfs_verify_passwd()
2039 if (!memcmp(decrypted_master_key, saved_master_key, crypt_ftr.keysize)) { in cryptfs_verify_passwd()
2119 static int cryptfs_enable_all_volumes(struct crypt_mnt_ftr* crypt_ftr, char* crypto_blkdev, in cryptfs_enable_all_volumes() argument
2125 tot_encryption_size = crypt_ftr->fs_size; in cryptfs_enable_all_volumes()
2127 … rc = cryptfs_enable_inplace(crypto_blkdev, real_blkdev, crypt_ftr->fs_size, &cur_encryption_done, in cryptfs_enable_all_volumes()
2137 crypt_ftr->encrypted_upto = cur_encryption_done; in cryptfs_enable_all_volumes()
2140 if (!rc && crypt_ftr->encrypted_upto == crypt_ftr->fs_size) { in cryptfs_enable_all_volumes()
2159 struct crypt_mnt_ftr crypt_ftr; in cryptfs_enable_internal() local
2169 if (get_crypt_ftr_and_key(&crypt_ftr) == 0) { in cryptfs_enable_internal()
2170 if (crypt_ftr.flags & CRYPT_ENCRYPTION_IN_PROGRESS) { in cryptfs_enable_internal()
2172 previously_encrypted_upto = crypt_ftr.encrypted_upto; in cryptfs_enable_internal()
2173 crypt_ftr.encrypted_upto = 0; in cryptfs_enable_internal()
2174 crypt_ftr.flags &= ~CRYPT_ENCRYPTION_IN_PROGRESS; in cryptfs_enable_internal()
2180 crypt_ftr.flags |= CRYPT_INCONSISTENT_STATE; in cryptfs_enable_internal()
2182 put_crypt_ftr_and_key(&crypt_ftr); in cryptfs_enable_internal()
2183 } else if (crypt_ftr.flags & CRYPT_FORCE_ENCRYPTION) { in cryptfs_enable_internal()
2184 if (!check_ftr_sha(&crypt_ftr)) { in cryptfs_enable_internal()
2185 memset(&crypt_ftr, 0, sizeof(crypt_ftr)); in cryptfs_enable_internal()
2186 put_crypt_ftr_and_key(&crypt_ftr); in cryptfs_enable_internal()
2191 crypt_ftr.flags &= ~CRYPT_FORCE_ENCRYPTION; in cryptfs_enable_internal()
2192 crypt_ftr.flags |= CRYPT_FORCE_COMPLETE; in cryptfs_enable_internal()
2197 memset(&crypt_ftr, 0, sizeof(crypt_ftr)); in cryptfs_enable_internal()
2288 if (cryptfs_init_crypt_mnt_ftr(&crypt_ftr)) { in cryptfs_enable_internal()
2293 crypt_ftr.fs_size = nr_sec - (CRYPT_FOOTER_OFFSET / CRYPT_SECTOR_SIZE); in cryptfs_enable_internal()
2295 crypt_ftr.fs_size = nr_sec; in cryptfs_enable_internal()
2302 crypt_ftr.flags |= CRYPT_FORCE_ENCRYPTION; in cryptfs_enable_internal()
2304 crypt_ftr.flags |= CRYPT_INCONSISTENT_STATE; in cryptfs_enable_internal()
2306 crypt_ftr.crypt_type = crypt_type; in cryptfs_enable_internal()
2307 strlcpy((char*)crypt_ftr.crypto_type_name, cryptfs_get_crypto_name(), in cryptfs_enable_internal()
2312 crypt_ftr.master_key, crypt_ftr.salt, &crypt_ftr)) { in cryptfs_enable_internal()
2322 encrypt_master_key(passwd, crypt_ftr.salt, fake_master_key, encrypted_fake_master_key, in cryptfs_enable_internal()
2323 &crypt_ftr); in cryptfs_enable_internal()
2327 put_crypt_ftr_and_key(&crypt_ftr); in cryptfs_enable_internal()
2361 decrypt_master_key(passwd, decrypted_master_key, &crypt_ftr, 0, 0); in cryptfs_enable_internal()
2362 create_crypto_blk_dev(&crypt_ftr, decrypted_master_key, real_blkdev.c_str(), crypto_blkdev, in cryptfs_enable_internal()
2372 memcmp(hash_first_block, crypt_ftr.hash_first_block, sizeof(hash_first_block)) != 0) { in cryptfs_enable_internal()
2379 rc = cryptfs_enable_all_volumes(&crypt_ftr, crypto_blkdev, real_blkdev.data(), in cryptfs_enable_internal()
2384 if (!rc && crypt_ftr.encrypted_upto != crypt_ftr.fs_size) { in cryptfs_enable_internal()
2385 rc = cryptfs_SHA256_fileblock(crypto_blkdev, crypt_ftr.hash_first_block); in cryptfs_enable_internal()
2397 crypt_ftr.flags &= ~CRYPT_INCONSISTENT_STATE; in cryptfs_enable_internal()
2399 if (crypt_ftr.encrypted_upto != crypt_ftr.fs_size) { in cryptfs_enable_internal()
2401 crypt_ftr.encrypted_upto); in cryptfs_enable_internal()
2402 crypt_ftr.flags |= CRYPT_ENCRYPTION_IN_PROGRESS; in cryptfs_enable_internal()
2405 put_crypt_ftr_and_key(&crypt_ftr); in cryptfs_enable_internal()
2407 if (crypt_ftr.encrypted_upto == crypt_ftr.fs_size) { in cryptfs_enable_internal()
2415 if (rebootEncryption && crypt_ftr.crypt_type != CRYPT_TYPE_DEFAULT) { in cryptfs_enable_internal()
2503 struct crypt_mnt_ftr crypt_ftr; in cryptfs_changepw() local
2518 if (get_crypt_ftr_and_key(&crypt_ftr)) { in cryptfs_changepw()
2523 crypt_ftr.crypt_type = crypt_type; in cryptfs_changepw()
2526 crypt_ftr.salt, saved_master_key, crypt_ftr.master_key, &crypt_ftr); in cryptfs_changepw()
2532 put_crypt_ftr_and_key(&crypt_ftr); in cryptfs_changepw()
2538 struct crypt_mnt_ftr crypt_ftr; in persist_get_max_entries() local
2545 if (get_crypt_ftr_and_key(&crypt_ftr)) { in persist_get_max_entries()
2549 dsize = crypt_ftr.persist_data_size; in persist_get_max_entries()
2884 struct crypt_mnt_ftr crypt_ftr; in cryptfs_get_password_type() local
2886 if (get_crypt_ftr_and_key(&crypt_ftr)) { in cryptfs_get_password_type()
2891 if (crypt_ftr.flags & CRYPT_INCONSISTENT_STATE) { in cryptfs_get_password_type()
2895 return crypt_ftr.crypt_type; in cryptfs_get_password_type()