diff options
| author | Dinesh K Garg <dineshg@codeaurora.org> | 2014-10-08 17:43:05 -0700 |
|---|---|---|
| committer | Zhao Wei Liew <zhaoweiliew@gmail.com> | 2017-02-12 20:43:13 +0800 |
| commit | 2fc15a02e5d1c7ea4f8cc55818e49858e5ca8fc4 (patch) | |
| tree | f7301bbd116ce1ace527fafb945103bd3171ca4b | |
| parent | d48e2a056cfaf5e8d7e891a682cec8f562732aad (diff) | |
| download | android_vendor_qcom_opensource_cryptfs_hw-2fc15a02e5d1c7ea4f8cc55818e49858e5ca8fc4.tar.gz android_vendor_qcom_opensource_cryptfs_hw-2fc15a02e5d1c7ea4f8cc55818e49858e5ca8fc4.tar.bz2 android_vendor_qcom_opensource_cryptfs_hw-2fc15a02e5d1c7ea4f8cc55818e49858e5ca8fc4.zip | |
Adding support of Inline Crypto Engine (ICE)
ICE requires keys to be set in key LUT. Changing APIs so that it
return the key index in key LUT. It also needs to take care if
ICE is available on the chip.
Change-Id: I22be18738ba33e5b5c61639c24b320484d0ad7f2
| -rw-r--r-- | Android.mk | 6 | ||||
| -rwxr-xr-x[-rw-r--r--] | cryptfs_hw.c | 64 | ||||
| -rwxr-xr-x[-rw-r--r--] | cryptfs_hw.h | 5 |
3 files changed, 63 insertions, 12 deletions
@@ -19,5 +19,11 @@ LOCAL_SHARED_LIBRARIES := $(commonSharedLibraries) LOCAL_MODULE_OWNER := qcom +# USE_ICE_FOR_STORAGE_ENCRYPTION would be true in future if +# TARGET_USE_EMMC_USE_ICE is set +ifeq ($(TARGET_USE_UFS_ICE),true) +LOCAL_CFLAGS += -DUSE_ICE_FOR_STORAGE_ENCRYPTION +endif + include $(BUILD_SHARED_LIBRARY) endif diff --git a/cryptfs_hw.c b/cryptfs_hw.c index 18486c2..ff603cf 100644..100755 --- a/cryptfs_hw.c +++ b/cryptfs_hw.c @@ -35,6 +35,7 @@ #include <dirent.h> #include <dlfcn.h> #include "cutils/log.h" +#include "cutils/properties.h" #include "cutils/android_reboot.h" #if defined(__LP64__) @@ -51,6 +52,7 @@ // wipe userdata partition once this error is received. #define ERR_MAX_PASSWORD_ATTEMPTS -10 #define QSEECOM_DISK_ENCRYPTION 1 +#define QSEECOM_ICE_DISK_ENCRYPTION 3 #define MAX_PASSWORD_LEN 32 /* Operations that be performed on HW based device encryption key */ @@ -62,6 +64,13 @@ static unsigned char current_passwd[MAX_PASSWORD_LEN]; static int (*qseecom_create_key)(int, void*); static int (*qseecom_update_key)(int, void*, void*); +static int map_usage(int usage) +{ + return (is_ice_enabled() && (usage == QSEECOM_DISK_ENCRYPTION)) ? + QSEECOM_ICE_DISK_ENCRYPTION : usage; +} + + static unsigned char* get_tmp_passwd(const char* passwd) { int passwd_len = 0; @@ -123,23 +132,24 @@ static int load_qseecom_library() return loaded_library; } -static unsigned int set_key(const char* passwd, const char* enc_mode, int operation) +/* + * For NON-ICE targets, it would return 0 on success. On ICE based targets, + * it would return key index in the ICE Key LUT + */ +static int set_key(const char* passwd, const char* enc_mode, int operation) { - int ret = 0; int err = -1; if (is_hw_disk_encryption(enc_mode) && load_qseecom_library()) { unsigned char* tmp_passwd = get_tmp_passwd(passwd); if(tmp_passwd) { - if (operation == UPDATE_HW_DISK_ENC_KEY) - err = qseecom_update_key(QSEECOM_DISK_ENCRYPTION, current_passwd, tmp_passwd); + err = qseecom_update_key(map_usage(QSEECOM_DISK_ENCRYPTION), current_passwd, tmp_passwd); else if (operation == SET_HW_DISK_ENC_KEY) - err = qseecom_create_key(QSEECOM_DISK_ENCRYPTION, tmp_passwd); + err = qseecom_create_key(map_usage(QSEECOM_DISK_ENCRYPTION), tmp_passwd); - if(!err) { + if(err >= 0) { memset(current_passwd, 0, MAX_PASSWORD_LEN); memcpy(current_passwd, tmp_passwd, MAX_PASSWORD_LEN); - ret = 1; } else { if(ERR_MAX_PASSWORD_ATTEMPTS == err) wipe_userdata(); @@ -147,15 +157,15 @@ static unsigned int set_key(const char* passwd, const char* enc_mode, int operat free(tmp_passwd); } } - return ret; + return err; } -unsigned int set_hw_device_encryption_key(const char* passwd, const char* enc_mode) +int set_hw_device_encryption_key(const char* passwd, const char* enc_mode) { return set_key(passwd, enc_mode, SET_HW_DISK_ENC_KEY); } -unsigned int update_hw_device_encryption_key(const char* newpw, const char* enc_mode) +int update_hw_device_encryption_key(const char* newpw, const char* enc_mode) { return set_key(newpw, enc_mode, UPDATE_HW_DISK_ENC_KEY); @@ -172,3 +182,37 @@ unsigned int is_hw_disk_encryption(const char* encryption_mode) } return ret; } + +int is_ice_enabled(void) +{ + /* If (USE_ICE_FLAG) => return 1 + * if (property set to use gpce) return 0 + * we are using property to test UFS + GPCE, even though not required + * if (storage is ufs) return 1 + * else return 0 so that emmc based device can work properly + */ +#ifdef USE_ICE_FOR_STORAGE_ENCRYPTION + SLOGD("Ice enabled = true"); + return 1; +#else + char enc_hw_type[PATH_MAX]; + char prop_storage[PATH_MAX]; + int ice = 0; + int i; + if (property_get("crypto.fde_enc_hw_type", enc_hw_type, "")) { + if(!strncmp(enc_hw_type, "gpce", PROPERTY_VALUE_MAX)) { + SLOGD("GPCE would be used for HW FDE"); + return 0; + } + } + + if (property_get("ro.boot.bootdevice", prop_storage, "")) { + if(strstr(prop_storage, "ufs")) { + SLOGD("ICE would be used for HW FDE"); + return 1; + } + } + SLOGD("GPCE would be used for HW FDE"); + return 0; +#endif +} diff --git a/cryptfs_hw.h b/cryptfs_hw.h index 9d3573b..2fccd5d 100644..100755 --- a/cryptfs_hw.h +++ b/cryptfs_hw.h @@ -33,9 +33,10 @@ extern "C" { #endif -unsigned int set_hw_device_encryption_key(const char*, const char*); -unsigned int update_hw_device_encryption_key(const char*, const char*); +int set_hw_device_encryption_key(const char*, const char*); +int update_hw_device_encryption_key(const char*, const char*); unsigned int is_hw_disk_encryption(const char*); +int is_ice_enabled(void); #ifdef __cplusplus } |