diff options
-rw-r--r-- | Android.mk | 39 | ||||
-rw-r--r-- | NOTICE | 31 | ||||
-rw-r--r-- | cryptfs_hw.c | 381 | ||||
-rw-r--r-- | cryptfs_hw.h | 46 |
4 files changed, 497 insertions, 0 deletions
diff --git a/Android.mk b/Android.mk new file mode 100644 index 0000000..84e3c38 --- /dev/null +++ b/Android.mk @@ -0,0 +1,39 @@ +ifeq ($(TARGET_USES_QSSI),true) +ifeq ($(TARGET_HW_DISK_ENCRYPTION),true) +LOCAL_PATH:= $(call my-dir) +include $(CLEAR_VARS) + +sourceFiles := \ + cryptfs_hw.c + +commonSharedLibraries := \ + libcutils \ + libutils \ + libdl \ + libhardware \ + liblog + +commonIncludes := \ + hardware/libhardware/include/hardware/ \ + $(TARGET_OUT_INTERMEDIATES)/KERNEL_OBJ/usr/include \ + +LOCAL_ADDITIONAL_DEPENDENCIES := $(TARGET_OUT_INTERMEDIATES)/KERNEL_OBJ/usr + +LOCAL_C_INCLUDES := $(commonIncludes) +LOCAL_SRC_FILES := $(sourceFiles) + +LOCAL_MODULE_TAGS := optional +LOCAL_MODULE:= libcryptfs_hw +LOCAL_SHARED_LIBRARIES := $(commonSharedLibraries) + +LOCAL_MODULE_OWNER := qti + +# USE_ICE_FOR_STORAGE_ENCRYPTION would be true in future if +# TARGET_USE_EMMC_USE_ICE is set +ifeq ($(TARGET_USE_UFS_ICE),true) +LOCAL_CFLAGS += -DUSE_ICE_FOR_STORAGE_ENCRYPTION +endif + +include $(BUILD_SHARED_LIBRARY) +endif +endif @@ -0,0 +1,31 @@ +Copyright (c) 2014, 2017, The Linux Foundation. All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted (subject to the limitations in the +disclaimer below) provided that the following conditions are met: + + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + + * Redistributions in binary form must reproduce the above + copyright notice, this list of conditions and the following + disclaimer in the documentation and/or other materials provided + with the distribution. + + * Neither the name of The Linux Foundation nor the names of its + contributors may be used to endorse or promote products derived + from this software without specific prior written permission. + +NO EXPRESS OR IMPLIED LICENSES TO ANY PARTY'S PATENT RIGHTS ARE +GRANTED BY THIS LICENSE. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT +HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED +WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR +ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE +GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER +IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/cryptfs_hw.c b/cryptfs_hw.c new file mode 100644 index 0000000..139c0be --- /dev/null +++ b/cryptfs_hw.c @@ -0,0 +1,381 @@ +/* Copyright (c) 2014, 2017, The Linux Foundation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are + * met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * * Neither the name of The Linux Foundation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR + * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE + * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN + * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include <stdlib.h> +#include <string.h> +#include <sys/limits.h> +#include <sys/types.h> +#include <sys/stat.h> +#include <fcntl.h> +#include <dirent.h> +#include <dlfcn.h> +#include <linux/qseecom.h> +#include "cutils/log.h" +#include "cutils/properties.h" +#include "cutils/android_reboot.h" +#include "keymaster_common.h" +#include "hardware.h" +#include "cryptfs_hw.h" + +/* + * When device comes up or when user tries to change the password, user can + * try wrong password upto a certain number of times. If user enters wrong + * password further, HW would wipe all disk encryption related crypto data + * and would return an error ERR_MAX_PASSWORD_ATTEMPTS to VOLD. VOLD would + * wipe userdata partition once this error is received. + */ +#define ERR_MAX_PASSWORD_ATTEMPTS -10 +#define MAX_PASSWORD_LEN 32 +#define QTI_ICE_STORAGE_UFS 1 +#define QTI_ICE_STORAGE_SDCC 2 +#define SET_HW_DISK_ENC_KEY 1 +#define UPDATE_HW_DISK_ENC_KEY 2 + +#define CRYPTFS_HW_KMS_CLEAR_KEY 0 +#define CRYPTFS_HW_KMS_WIPE_KEY 1 +#define CRYPTFS_HW_UP_CHECK_COUNT 10 +#define CRYPTFS_HW_CLEAR_KEY_FAILED -11 +#define CRYPTFS_HW_KMS_MAX_FAILURE -10 +#define CRYPTFS_HW_UPDATE_KEY_FAILED -9 +#define CRYPTFS_HW_WIPE_KEY_FAILED -8 +#define CRYPTFS_HW_CREATE_KEY_FAILED -7 + +enum cryptfs_hw_key_management_usage_type { + CRYPTFS_HW_KM_USAGE_DISK_ENCRYPTION = 0x01, + CRYPTFS_HW_KM_USAGE_FILE_ENCRYPTION = 0x02, + CRYPTFS_HW_KM_USAGE_UFS_ICE_DISK_ENCRYPTION = 0x03, + CRYPTFS_HW_KM_USAGE_SDCC_ICE_DISK_ENCRYPTION = 0x04, + CRYPTFS_HW_KM_USAGE_MAX +}; + +static inline void* secure_memset(void* v, int c , size_t n) +{ + volatile unsigned char* p = (volatile unsigned char* )v; + while (n--) *p++ = c; + return v; +} + +static size_t memscpy(void *dst, size_t dst_size, const void *src, size_t src_size) +{ + size_t min_size = (dst_size < src_size) ? dst_size : src_size; + memcpy(dst, src, min_size); + return min_size; +} + +static int cryptfs_hw_create_key(enum cryptfs_hw_key_management_usage_type usage, + unsigned char *hash32) +{ + struct qseecom_create_key_req req; + int qseecom_fd; + int32_t ret; + + if (usage < CRYPTFS_HW_KM_USAGE_DISK_ENCRYPTION || + usage >= CRYPTFS_HW_KM_USAGE_MAX) { + SLOGE("Error:: unsupported usage %d\n", usage); + return CRYPTFS_HW_CREATE_KEY_FAILED; + } + + qseecom_fd = open("/dev/qseecom", O_RDWR); + if (qseecom_fd < 0) { + SLOGE("Error::Failed to open /dev/qseecom device\n"); + return CRYPTFS_HW_CREATE_KEY_FAILED;; + } + + if (!hash32) { + secure_memset((void *)req.hash32, 0, QSEECOM_HASH_SIZE); + } else { + memscpy((void *)req.hash32, QSEECOM_HASH_SIZE, (void *)hash32, + QSEECOM_HASH_SIZE); + } + + req.usage = (enum qseecom_key_management_usage_type)usage; + ret = ioctl(qseecom_fd, QSEECOM_IOCTL_CREATE_KEY_REQ, &req); + if (ret) { + SLOGE("Error::ioctl call to create encryption key for usage %d failed with ret = %d, errno = %d\n", + usage, ret, errno); + if (errno == ERANGE) + ret = CRYPTFS_HW_KMS_MAX_FAILURE; + else + ret = CRYPTFS_HW_CREATE_KEY_FAILED; + } else { + SLOGE("SUCESS::ioctl call to create encryption key for usage %d success with ret = %d\n", + usage, ret); + } + close(qseecom_fd); + return ret; +} + +static int __cryptfs_hw_wipe_clear_key(enum cryptfs_hw_key_management_usage_type usage, int wipe_key_flag) +{ + struct qseecom_wipe_key_req req; + int32_t ret; + int qseecom_fd; + + if (usage < CRYPTFS_HW_KM_USAGE_DISK_ENCRYPTION || + usage >= CRYPTFS_HW_KM_USAGE_MAX) { + SLOGE("Error:: unsupported usage %d\n", usage); + return -1; + } + qseecom_fd = open("/dev/qseecom", O_RDWR); + if (qseecom_fd < 0) { + SLOGE("Error::Failed to open /dev/qseecom device\n"); + return -1; + } + + req.usage = (enum qseecom_key_management_usage_type)usage; + req.wipe_key_flag = wipe_key_flag; + ret = ioctl(qseecom_fd, QSEECOM_IOCTL_WIPE_KEY_REQ, &req); + close(qseecom_fd); + return ret; +} + +static int cryptfs_hw_wipe_key(enum cryptfs_hw_key_management_usage_type usage) +{ + int32_t ret; + + ret = __cryptfs_hw_wipe_clear_key(usage, CRYPTFS_HW_KMS_WIPE_KEY); + if (ret) { + SLOGE("Error::ioctl call to wipe the encryption key for usage %d failed with ret = %d, errno = %d\n", + usage, ret, errno); + ret = CRYPTFS_HW_WIPE_KEY_FAILED; + } else { + SLOGE("SUCCESS::ioctl call to wipe the encryption key for usage %d success with ret = %d\n", + usage, ret); + } + return ret; +} + +static int cryptfs_hw_clear_key(enum cryptfs_hw_key_management_usage_type usage) +{ + int32_t ret; + + ret = __cryptfs_hw_wipe_clear_key(usage, CRYPTFS_HW_KMS_CLEAR_KEY); + if (ret) { + SLOGE("Error::ioctl call to wipe the encryption key for usage %d failed with ret = %d, errno = %d\n", + usage, ret, errno); + ret = CRYPTFS_HW_CLEAR_KEY_FAILED; + } else { + SLOGE("SUCCESS::ioctl call to wipe the encryption key for usage %d success with ret = %d\n", + usage, ret); + } + return ret; +} + +static int cryptfs_hw_update_key(enum cryptfs_hw_key_management_usage_type usage, + unsigned char *current_hash32, unsigned char *new_hash32) +{ + struct qseecom_update_key_userinfo_req req; + int qseecom_fd; + int32_t ret; + + if (usage < CRYPTFS_HW_KM_USAGE_DISK_ENCRYPTION || + usage >= CRYPTFS_HW_KM_USAGE_MAX) { + SLOGE("Error:: unsupported usage %d\n", usage); + return CRYPTFS_HW_UPDATE_KEY_FAILED; + } + qseecom_fd = open("/dev/qseecom", O_RDWR); + if (qseecom_fd < 0) { + SLOGE("Error::Failed to open /dev/qseecom device\n"); + return CRYPTFS_HW_UPDATE_KEY_FAILED; + } + + req.usage = (enum qseecom_key_management_usage_type)usage; + if (!current_hash32) { + secure_memset((void *)req.current_hash32, 0, QSEECOM_HASH_SIZE); + } else { + memscpy((void *)req.current_hash32, QSEECOM_HASH_SIZE, (void *)current_hash32, + QSEECOM_HASH_SIZE); + } + if (!new_hash32) { + secure_memset((void *)req.new_hash32, 0, QSEECOM_HASH_SIZE); + } else { + memscpy((void *)req.new_hash32, QSEECOM_HASH_SIZE, (void *)new_hash32, + QSEECOM_HASH_SIZE); + } + + ret = ioctl(qseecom_fd, QSEECOM_IOCTL_UPDATE_KEY_USER_INFO_REQ, &req); + if (ret) { + SLOGE("Error::ioctl call to update the encryption key for usage %d failed with ret = %d, errno = %d\n", + usage, ret, errno); + if (errno == ERANGE) + ret = CRYPTFS_HW_KMS_MAX_FAILURE; + else + ret = CRYPTFS_HW_UPDATE_KEY_FAILED; + } else { + SLOGE("SUCCESS::ioctl call to update the encryption key for usage %d success with ret = %d\n", + usage, ret); + } + close(qseecom_fd); + return ret; +} + +static int map_usage(int usage) +{ + int storage_type = is_ice_enabled(); + if (usage == CRYPTFS_HW_KM_USAGE_DISK_ENCRYPTION) { + if (storage_type == QTI_ICE_STORAGE_UFS) { + return CRYPTFS_HW_KM_USAGE_UFS_ICE_DISK_ENCRYPTION; + } + else if (storage_type == QTI_ICE_STORAGE_SDCC) { + return CRYPTFS_HW_KM_USAGE_SDCC_ICE_DISK_ENCRYPTION; + } + } + return usage; +} + +static unsigned char* get_tmp_passwd(const char* passwd) +{ + int passwd_len = 0; + unsigned char * tmp_passwd = NULL; + if(passwd) { + tmp_passwd = (unsigned char*)malloc(MAX_PASSWORD_LEN); + if(tmp_passwd) { + secure_memset(tmp_passwd, 0, MAX_PASSWORD_LEN); + passwd_len = strnlen(passwd, MAX_PASSWORD_LEN); + memcpy(tmp_passwd, passwd, passwd_len); + } else { + SLOGE("%s: Failed to allocate memory for tmp passwd \n", __func__); + } + } else { + SLOGE("%s: Passed argument is NULL \n", __func__); + } + return tmp_passwd; +} + +static int is_qseecom_up() +{ + int i = 0; + char value[PROPERTY_VALUE_MAX] = {0}; + + for (; i<CRYPTFS_HW_UP_CHECK_COUNT; i++) { + property_get("sys.keymaster.loaded", value, ""); + if (!strncmp(value, "true", PROPERTY_VALUE_MAX)) + return 1; + usleep(100000); + } + return 0; +} + +/* + * For NON-ICE targets, it would return 0 on success. On ICE based targets, + * it would return key index in the ICE Key LUT + */ +static int set_key(const char* currentpasswd, const char* passwd, const char* enc_mode, int operation) +{ + int err = -1; + if (is_hw_disk_encryption(enc_mode)) { + unsigned char* tmp_passwd = get_tmp_passwd(passwd); + unsigned char* tmp_currentpasswd = get_tmp_passwd(currentpasswd); + if (tmp_passwd) { + if (operation == UPDATE_HW_DISK_ENC_KEY) { + if (tmp_currentpasswd) { + err = cryptfs_hw_update_key(map_usage(CRYPTFS_HW_KM_USAGE_DISK_ENCRYPTION), tmp_currentpasswd, tmp_passwd); + secure_memset(tmp_currentpasswd, 0, MAX_PASSWORD_LEN); + } + } else if (operation == SET_HW_DISK_ENC_KEY) { + err = cryptfs_hw_create_key(map_usage(CRYPTFS_HW_KM_USAGE_DISK_ENCRYPTION), tmp_passwd); + } + if(err < 0) { + if(ERR_MAX_PASSWORD_ATTEMPTS == err) + SLOGI("Maximum wrong password attempts reached, will erase userdata\n"); + } + secure_memset(tmp_passwd, 0, MAX_PASSWORD_LEN); + free(tmp_passwd); + free(tmp_currentpasswd); + } + } + return err; +} + +int set_hw_device_encryption_key(const char* passwd, const char* enc_mode) +{ + return set_key(NULL, passwd, enc_mode, SET_HW_DISK_ENC_KEY); +} + +int update_hw_device_encryption_key(const char* oldpw, const char* newpw, const char* enc_mode) +{ + return set_key(oldpw, newpw, enc_mode, UPDATE_HW_DISK_ENC_KEY); +} + +unsigned int is_hw_disk_encryption(const char* encryption_mode) +{ + int ret = 0; + if(encryption_mode) { + if (!strcmp(encryption_mode, "aes-xts")) { + SLOGD("HW based disk encryption is enabled \n"); + ret = 1; + } + } + return ret; +} + +int is_ice_enabled(void) +{ + char prop_storage[PATH_MAX]; + int storage_type = 0; + int fd; + + if (property_get("ro.boot.bootdevice", prop_storage, "")) { + if (strstr(prop_storage, "ufs")) { + /* All UFS based devices has ICE in it. So we dont need + * to check if corresponding device exists or not + */ + storage_type = QTI_ICE_STORAGE_UFS; + } else if (strstr(prop_storage, "sdhc")) { + if (access("/dev/icesdcc", F_OK) != -1) + storage_type = QTI_ICE_STORAGE_SDCC; + } + } + return storage_type; +} + +int clear_hw_device_encryption_key() +{ + return cryptfs_hw_wipe_key(map_usage(CRYPTFS_HW_KM_USAGE_DISK_ENCRYPTION)); +} + +static int get_keymaster_version() +{ + int rc = -1; + const hw_module_t* mod; + rc = hw_get_module_by_class(KEYSTORE_HARDWARE_MODULE_ID, NULL, &mod); + if (rc) { + SLOGE("could not find any keystore module"); + return rc; + } + + return mod->module_api_version; +} + +int should_use_keymaster() +{ + /* + * HW FDE key should be tied to keymaster + */ + return 1; +} diff --git a/cryptfs_hw.h b/cryptfs_hw.h new file mode 100644 index 0000000..e857c47 --- /dev/null +++ b/cryptfs_hw.h @@ -0,0 +1,46 @@ +/* Copyright (c) 2014, The Linux Foundation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are + * met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * * Neither the name of The Linux Foundation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR + * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE + * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN + * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef __CRYPTFS_HW_H_ +#define __CRYPTFS_HW_H_ + +#ifdef __cplusplus +extern "C" { +#endif + +int set_hw_device_encryption_key(const char*, const char*); +int update_hw_device_encryption_key(const char*, const char*, const char*); +int clear_hw_device_encryption_key(); +unsigned int is_hw_disk_encryption(const char*); +int is_ice_enabled(void); +int should_use_keymaster(); + +#ifdef __cplusplus +} +#endif +#endif |