summaryrefslogtreecommitdiffstats
path: root/cryptfs_hw.c
diff options
context:
space:
mode:
Diffstat (limited to 'cryptfs_hw.c')
-rw-r--r--cryptfs_hw.c167
1 files changed, 167 insertions, 0 deletions
diff --git a/cryptfs_hw.c b/cryptfs_hw.c
new file mode 100644
index 0000000..16b614c
--- /dev/null
+++ b/cryptfs_hw.c
@@ -0,0 +1,167 @@
+/* Copyright (c) 2014, The Linux Foundation. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials provided
+ * with the distribution.
+ * * Neither the name of The Linux Foundation nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+ * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+ * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <cryptfs_hw.h>
+#include <stdlib.h>
+#include <sys/limits.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <dirent.h>
+#include <dlfcn.h>
+#include "cutils/log.h"
+#include "cutils/android_reboot.h"
+
+
+// MAX_PASSWORD_ATTEMPTS must not be changed as it is enforced by HW
+#define MAX_PASSWORD_ATTEMPTS 50
+#define QSEECOM_DISK_ENCRYPTION 1
+#define MAX_PASSWORD_LEN 32
+
+/* Operations that be performed on HW based device encryption key */
+#define SET_HW_DISK_ENC_KEY 1
+#define UPDATE_HW_DISK_ENC_KEY 2
+
+static int password_attempts = 0;
+static int loaded_library = 0;
+static unsigned char current_passwd[MAX_PASSWORD_LEN];
+static int (*qseecom_create_key)(int, void*);
+static int (*qseecom_update_key)(int, void*, void*);
+
+static unsigned char* get_tmp_passwd(const char* passwd)
+{
+ int passwd_len = 0;
+ unsigned char * tmp_passwd = NULL;
+ if(passwd) {
+ tmp_passwd = (unsigned char*)malloc(MAX_PASSWORD_LEN);
+ if(tmp_passwd) {
+ memset(tmp_passwd, 0, MAX_PASSWORD_LEN);
+ passwd_len = (strlen(passwd) > MAX_PASSWORD_LEN) ? MAX_PASSWORD_LEN : strlen(passwd);
+ memcpy(tmp_passwd, passwd, passwd_len);
+ } else {
+ SLOGE("%s: Failed to allocate memory for tmp passwd \n", __func__);
+ }
+ } else {
+ SLOGE("%s: Passed argument is NULL \n", __func__);
+ }
+ return tmp_passwd;
+}
+
+static void wipe_userdata()
+{
+ mkdir("/cache/recovery", 0700);
+ int fd = open("/cache/recovery/command", O_RDWR|O_CREAT|O_TRUNC, 0600);
+ if (fd >= 0) {
+ write(fd, "--wipe_data", strlen("--wipe_data") + 1);
+ close(fd);
+ } else {
+ SLOGE("could not open /cache/recovery/command\n");
+ }
+ android_reboot(ANDROID_RB_RESTART2, 0, "recovery");
+}
+
+static int load_qseecom_library()
+{
+ const char *error = NULL;
+ if (loaded_library)
+ return loaded_library;
+
+ void * handle = dlopen("/vendor/lib/libQSEEComAPI.so", RTLD_NOW);
+ if(handle) {
+ dlerror(); /* Clear any existing error */
+ *(void **) (&qseecom_create_key) = dlsym(handle,"QSEECom_create_key");
+
+ if((error = dlerror()) == NULL) {
+ SLOGD("Success loading QSEECom_create_key \n");
+ *(void **) (&qseecom_update_key) = dlsym(handle,"QSEECom_update_key_user_info");
+ if ((error = dlerror()) == NULL)
+ loaded_library = 1;
+ else
+ SLOGE("Error %s loading symbols for QSEECom APIs \n", error);
+ }
+ } else {
+ SLOGE("Could not load libQSEEComAPI.so \n");
+ }
+
+ if(error)
+ dlclose(handle);
+
+ return loaded_library;
+}
+
+static int set_key(const char* passwd, const char* enc_mode, int operation)
+{
+ int ret = 0;
+ int err = -1;
+ if (is_hw_disk_encryption(enc_mode) && load_qseecom_library()) {
+ unsigned char* tmp_passwd = get_tmp_passwd(passwd);
+ if(tmp_passwd) {
+
+ if (operation == UPDATE_HW_DISK_ENC_KEY)
+ err = qseecom_update_key(QSEECOM_DISK_ENCRYPTION, current_passwd, tmp_passwd);
+ else if (operation == SET_HW_DISK_ENC_KEY)
+ err = (*qseecom_create_key)(QSEECOM_DISK_ENCRYPTION, tmp_passwd);
+
+ if(!err) {
+ memset(current_passwd, 0, MAX_PASSWORD_LEN);
+ memcpy(current_passwd, tmp_passwd, MAX_PASSWORD_LEN);
+ password_attempts = 0;
+ ret = 1;
+ } else {
+ if(++password_attempts >= MAX_PASSWORD_ATTEMPTS)
+ wipe_userdata();
+ }
+ SLOGD("Password attempt = %d", password_attempts);
+ free(tmp_passwd);
+ }
+ }
+ return ret;
+}
+
+int set_hw_device_encryption_key(const char* passwd, const char* enc_mode)
+{
+ return set_key(passwd, enc_mode, SET_HW_DISK_ENC_KEY);
+}
+
+int update_hw_device_encryption_key(const char* newpw, const char* enc_mode)
+{
+
+ return set_key(newpw, enc_mode, UPDATE_HW_DISK_ENC_KEY);
+}
+
+int is_hw_disk_encryption(const char* encryption_mode)
+{
+ int ret = 0;
+ if(encryption_mode) {
+ if (!strcmp(encryption_mode, "aes-xts")) {
+ SLOGD("HW based disk encryption is enabled \n");
+ ret = 1;
+ }
+ }
+ return ret;
+}