pa-fazil
/
android_device_qcom_common
mirror of https://github.com/fazilsheik96/android_device_qcom_common.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge "vold: HW based device encryption"

This commit is contained in:
Linux Build Service Account 2014-02-26 10:06:55 -08:00 committed by Gerrit - the friendly Code Review server
parent b60dfe1927 211bcef117
commit b05da6e95e
3 changed files with 234 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
cryptfs_hw/Android.mk Normal file
View File

@ -0,0 +1,24 @@
ifeq ($(TARGET_HW_DISK_ENCRYPTION),true)
LOCAL_PATH:= $(call my-dir)
include $(CLEAR_VARS)
sourceFiles := \
cryptfs_hw.c
commonSharedLibraries := \
libcutils \
libutils \
libdl
LOCAL_C_INCLUDES := $(commonIncludes)
LOCAL_SRC_FILES := $(sourceFiles)
LOCAL_MODULE_TAGS := optional
LOCAL_MODULE:= libcryptfs_hw
LOCAL_SHARED_LIBRARIES := $(commonSharedLibraries)
LOCAL_MODULE_OWNER := qcom
LOCAL_PROPRIETARY_MODULE := true
include $(BUILD_SHARED_LIBRARY)
endif

167
cryptfs_hw/cryptfs_hw.c Normal file
View File

@ -0,0 +1,167 @@
/* Copyright (c) 2014, The Linux Foundation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are
* met:
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
* * Neither the name of The Linux Foundation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
* BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
* BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
* OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
* IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include <cryptfs_hw.h>
#include <stdlib.h>
#include <sys/limits.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <dirent.h>
#include <dlfcn.h>
#include "cutils/log.h"
#include "cutils/android_reboot.h"
// MAX_PASSWORD_ATTEMPTS must not be changed as it is enforced by HW
#define MAX_PASSWORD_ATTEMPTS 50
#define QSEECOM_DISK_ENCRYPTION 1
#define MAX_PASSWORD_LEN 32
/* Operations that be performed on HW based device encryption key */
#define SET_HW_DISK_ENC_KEY 1
#define UPDATE_HW_DISK_ENC_KEY 2
static int password_attempts = 0;
static int loaded_library = 0;
static unsigned char current_passwd[MAX_PASSWORD_LEN];
static int (*qseecom_create_key)(int, void*);
static int (*qseecom_update_key)(int, void*, void*);
static unsigned char* get_tmp_passwd(const char* passwd)
{
int passwd_len = 0;
unsigned char * tmp_passwd = NULL;
if(passwd) {
tmp_passwd = (unsigned char*)malloc(MAX_PASSWORD_LEN);
if(tmp_passwd) {
memset(tmp_passwd, 0, MAX_PASSWORD_LEN);
passwd_len = (strlen(passwd) > MAX_PASSWORD_LEN) ? MAX_PASSWORD_LEN : strlen(passwd);
memcpy(tmp_passwd, passwd, passwd_len);
} else {
SLOGE("%s: Failed to allocate memory for tmp passwd \n", __func__);
}
} else {
SLOGE("%s: Passed argument is NULL \n", __func__);
}
return tmp_passwd;
}
static void wipe_userdata()
{
mkdir("/cache/recovery", 0700);
int fd = open("/cache/recovery/command", O_RDWR|O_CREAT|O_TRUNC, 0600);
if (fd >= 0) {
write(fd, "--wipe_data", strlen("--wipe_data") + 1);
close(fd);
} else {
SLOGE("could not open /cache/recovery/command\n");
}
android_reboot(ANDROID_RB_RESTART2, 0, "recovery");
}
static int load_qseecom_library()
{
const char *error = NULL;
if (loaded_library)
return loaded_library;
void * handle = dlopen("/vendor/lib/libQSEEComAPI.so", RTLD_NOW);
if(handle) {
dlerror(); /* Clear any existing error */
*(void **) (&qseecom_create_key) = dlsym(handle,"QSEECom_create_key");
if((error = dlerror()) == NULL) {
SLOGD("Success loading QSEECom_create_key \n");
*(void **) (&qseecom_update_key) = dlsym(handle,"QSEECom_update_key_user_info");
if ((error = dlerror()) == NULL)
loaded_library = 1;
else
SLOGE("Error %s loading symbols for QSEECom APIs \n", error);
}
} else {
SLOGE("Could not load libQSEEComAPI.so \n");
}
if(error)
dlclose(handle);
return loaded_library;
}
static int set_key(const char* passwd, const char* enc_mode, int operation)
{
int ret = 0;
int err = -1;
if (is_hw_disk_encryption(enc_mode) && load_qseecom_library()) {
unsigned char* tmp_passwd = get_tmp_passwd(passwd);
if(tmp_passwd) {
if (operation == UPDATE_HW_DISK_ENC_KEY)
err = qseecom_update_key(QSEECOM_DISK_ENCRYPTION, current_passwd, tmp_passwd);
else if (operation == SET_HW_DISK_ENC_KEY)
err = (*qseecom_create_key)(QSEECOM_DISK_ENCRYPTION, tmp_passwd);
if(!err) {
memset(current_passwd, 0, MAX_PASSWORD_LEN);
memcpy(current_passwd, tmp_passwd, MAX_PASSWORD_LEN);
password_attempts = 0;
ret = 1;
} else {
if(++password_attempts >= MAX_PASSWORD_ATTEMPTS)
wipe_userdata();
}
SLOGD("Password attempt = %d", password_attempts);
free(tmp_passwd);
}
}
return ret;
}
int set_hw_device_encryption_key(const char* passwd, const char* enc_mode)
{
return set_key(passwd, enc_mode, SET_HW_DISK_ENC_KEY);
}
int update_hw_device_encryption_key(const char* newpw, const char* enc_mode)
{
return set_key(newpw, enc_mode, UPDATE_HW_DISK_ENC_KEY);
}
int is_hw_disk_encryption(const char* encryption_mode)
{
int ret = 0;
if(encryption_mode) {
if (!strcmp(encryption_mode, "aes-xts")) {
SLOGD("HW based disk encryption is enabled \n");
ret = 1;
}
}
return ret;
}

43
cryptfs_hw/cryptfs_hw.h Normal file
View File

@ -0,0 +1,43 @@
/* Copyright (c) 2014, The Linux Foundation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are
* met:
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
* * Neither the name of The Linux Foundation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
* BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
* BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
* OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
* IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#ifndef __CRYPTFS_HW_H_
#define __CRYPTFS_HW_H_
#ifdef __cplusplus
extern "C" {
#endif
int set_hw_device_encryption_key(const char*, const char*);
int update_hw_device_encryption_key(const char*, const char*);
int is_hw_disk_encryption(const char*);
#ifdef __cplusplus
}
#endif
#endif