summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDinesh K Garg <dineshg@codeaurora.org>2014-10-09 00:43:05 (GMT)
committerZhao Wei Liew <zhaoweiliew@gmail.com>2017-02-12 12:43:13 (GMT)
commit2fc15a02e5d1c7ea4f8cc55818e49858e5ca8fc4 (patch)
treef7301bbd116ce1ace527fafb945103bd3171ca4b
parentd48e2a056cfaf5e8d7e891a682cec8f562732aad (diff)
downloadandroid_vendor_qcom_opensource_cryptfs_hw-2fc15a02e5d1c7ea4f8cc55818e49858e5ca8fc4.zip
android_vendor_qcom_opensource_cryptfs_hw-2fc15a02e5d1c7ea4f8cc55818e49858e5ca8fc4.tar.gz
android_vendor_qcom_opensource_cryptfs_hw-2fc15a02e5d1c7ea4f8cc55818e49858e5ca8fc4.tar.bz2
Adding support of Inline Crypto Engine (ICE)
ICE requires keys to be set in key LUT. Changing APIs so that it return the key index in key LUT. It also needs to take care if ICE is available on the chip. Change-Id: I22be18738ba33e5b5c61639c24b320484d0ad7f2
-rw-r--r--Android.mk6
-rwxr-xr-x[-rw-r--r--]cryptfs_hw.c64
-rwxr-xr-x[-rw-r--r--]cryptfs_hw.h5
3 files changed, 63 insertions, 12 deletions
diff --git a/Android.mk b/Android.mk
index 996947b..8e59637 100644
--- a/Android.mk
+++ b/Android.mk
@@ -19,5 +19,11 @@ LOCAL_SHARED_LIBRARIES := $(commonSharedLibraries)
LOCAL_MODULE_OWNER := qcom
+# USE_ICE_FOR_STORAGE_ENCRYPTION would be true in future if
+# TARGET_USE_EMMC_USE_ICE is set
+ifeq ($(TARGET_USE_UFS_ICE),true)
+LOCAL_CFLAGS += -DUSE_ICE_FOR_STORAGE_ENCRYPTION
+endif
+
include $(BUILD_SHARED_LIBRARY)
endif
diff --git a/cryptfs_hw.c b/cryptfs_hw.c
index 18486c2..ff603cf 100644..100755
--- a/cryptfs_hw.c
+++ b/cryptfs_hw.c
@@ -35,6 +35,7 @@
#include <dirent.h>
#include <dlfcn.h>
#include "cutils/log.h"
+#include "cutils/properties.h"
#include "cutils/android_reboot.h"
#if defined(__LP64__)
@@ -51,6 +52,7 @@
// wipe userdata partition once this error is received.
#define ERR_MAX_PASSWORD_ATTEMPTS -10
#define QSEECOM_DISK_ENCRYPTION 1
+#define QSEECOM_ICE_DISK_ENCRYPTION 3
#define MAX_PASSWORD_LEN 32
/* Operations that be performed on HW based device encryption key */
@@ -62,6 +64,13 @@ static unsigned char current_passwd[MAX_PASSWORD_LEN];
static int (*qseecom_create_key)(int, void*);
static int (*qseecom_update_key)(int, void*, void*);
+static int map_usage(int usage)
+{
+ return (is_ice_enabled() && (usage == QSEECOM_DISK_ENCRYPTION)) ?
+ QSEECOM_ICE_DISK_ENCRYPTION : usage;
+}
+
+
static unsigned char* get_tmp_passwd(const char* passwd)
{
int passwd_len = 0;
@@ -123,23 +132,24 @@ static int load_qseecom_library()
return loaded_library;
}
-static unsigned int set_key(const char* passwd, const char* enc_mode, int operation)
+/*
+ * For NON-ICE targets, it would return 0 on success. On ICE based targets,
+ * it would return key index in the ICE Key LUT
+ */
+static int set_key(const char* passwd, const char* enc_mode, int operation)
{
- int ret = 0;
int err = -1;
if (is_hw_disk_encryption(enc_mode) && load_qseecom_library()) {
unsigned char* tmp_passwd = get_tmp_passwd(passwd);
if(tmp_passwd) {
-
if (operation == UPDATE_HW_DISK_ENC_KEY)
- err = qseecom_update_key(QSEECOM_DISK_ENCRYPTION, current_passwd, tmp_passwd);
+ err = qseecom_update_key(map_usage(QSEECOM_DISK_ENCRYPTION), current_passwd, tmp_passwd);
else if (operation == SET_HW_DISK_ENC_KEY)
- err = qseecom_create_key(QSEECOM_DISK_ENCRYPTION, tmp_passwd);
+ err = qseecom_create_key(map_usage(QSEECOM_DISK_ENCRYPTION), tmp_passwd);
- if(!err) {
+ if(err >= 0) {
memset(current_passwd, 0, MAX_PASSWORD_LEN);
memcpy(current_passwd, tmp_passwd, MAX_PASSWORD_LEN);
- ret = 1;
} else {
if(ERR_MAX_PASSWORD_ATTEMPTS == err)
wipe_userdata();
@@ -147,15 +157,15 @@ static unsigned int set_key(const char* passwd, const char* enc_mode, int operat
free(tmp_passwd);
}
}
- return ret;
+ return err;
}
-unsigned int set_hw_device_encryption_key(const char* passwd, const char* enc_mode)
+int set_hw_device_encryption_key(const char* passwd, const char* enc_mode)
{
return set_key(passwd, enc_mode, SET_HW_DISK_ENC_KEY);
}
-unsigned int update_hw_device_encryption_key(const char* newpw, const char* enc_mode)
+int update_hw_device_encryption_key(const char* newpw, const char* enc_mode)
{
return set_key(newpw, enc_mode, UPDATE_HW_DISK_ENC_KEY);
@@ -172,3 +182,37 @@ unsigned int is_hw_disk_encryption(const char* encryption_mode)
}
return ret;
}
+
+int is_ice_enabled(void)
+{
+ /* If (USE_ICE_FLAG) => return 1
+ * if (property set to use gpce) return 0
+ * we are using property to test UFS + GPCE, even though not required
+ * if (storage is ufs) return 1
+ * else return 0 so that emmc based device can work properly
+ */
+#ifdef USE_ICE_FOR_STORAGE_ENCRYPTION
+ SLOGD("Ice enabled = true");
+ return 1;
+#else
+ char enc_hw_type[PATH_MAX];
+ char prop_storage[PATH_MAX];
+ int ice = 0;
+ int i;
+ if (property_get("crypto.fde_enc_hw_type", enc_hw_type, "")) {
+ if(!strncmp(enc_hw_type, "gpce", PROPERTY_VALUE_MAX)) {
+ SLOGD("GPCE would be used for HW FDE");
+ return 0;
+ }
+ }
+
+ if (property_get("ro.boot.bootdevice", prop_storage, "")) {
+ if(strstr(prop_storage, "ufs")) {
+ SLOGD("ICE would be used for HW FDE");
+ return 1;
+ }
+ }
+ SLOGD("GPCE would be used for HW FDE");
+ return 0;
+#endif
+}
diff --git a/cryptfs_hw.h b/cryptfs_hw.h
index 9d3573b..2fccd5d 100644..100755
--- a/cryptfs_hw.h
+++ b/cryptfs_hw.h
@@ -33,9 +33,10 @@
extern "C" {
#endif
-unsigned int set_hw_device_encryption_key(const char*, const char*);
-unsigned int update_hw_device_encryption_key(const char*, const char*);
+int set_hw_device_encryption_key(const char*, const char*);
+int update_hw_device_encryption_key(const char*, const char*);
unsigned int is_hw_disk_encryption(const char*);
+int is_ice_enabled(void);
#ifdef __cplusplus
}