diff options
Diffstat (limited to 'cryptfshw/1.0/CryptfsHw.cpp')
| -rw-r--r-- | cryptfshw/1.0/CryptfsHw.cpp | 93 |
1 files changed, 77 insertions, 16 deletions
diff --git a/cryptfshw/1.0/CryptfsHw.cpp b/cryptfshw/1.0/CryptfsHw.cpp index ab43760..ded06b2 100644 --- a/cryptfshw/1.0/CryptfsHw.cpp +++ b/cryptfshw/1.0/CryptfsHw.cpp @@ -14,8 +14,18 @@ * limitations under the License. */ +#define LOG_TAG "vendor.qti.hardware.cryptfshw@1.0-impl-qti" + #include "CryptfsHw.h" +#include <android-base/logging.h> +#include <android-base/properties.h> +#include <android-base/unique_fd.h> +#include <dlfcn.h> +#include <linux/qseecom.h> + +#include "Types.h" + namespace vendor { namespace qti { namespace hardware { @@ -23,34 +33,85 @@ namespace cryptfshw { namespace V1_0 { namespace implementation { +using ::android::base::GetProperty; +using ::android::base::unique_fd; + +namespace { +bool IsHwDiskEncryption(const hidl_string& encryption_mode) { + if (encryption_mode == "aes-xts") { + LOG_TO(SYSTEM, DEBUG) << "HW based disk encryption is enabled"; + return true; + } + return false; +} +}; // anonymous namespace + +CryptfsHw::CryptfsHw(std::unique_ptr<ICryptfsHwController> controller) + : controller_(std::move(controller)) { + std::string bootdevice = GetProperty("ro.boot.bootdevice", ""); + + if (bootdevice.find("ufs") != std::string::npos) { + /* + * All UFS based devices has ICE in it. So we dont need + * to check if corresponding device exists or not + */ + usage_ = CRYPTFS_HW_KM_USAGE_UFS_ICE_DISK_ENCRYPTION; + } else if (bootdevice.find("sdhc") != std::string::npos && access("/dev/icesdcc", F_OK) != -1) { + usage_ = CRYPTFS_HW_KM_USAGE_SDCC_ICE_DISK_ENCRYPTION; + } else { + usage_ = CRYPTFS_HW_KM_USAGE_DISK_ENCRYPTION; + } +} + // Methods from ::vendor::qti::hardware::cryptfshw::V1_0::ICryptfsHw follow. Return<int32_t> CryptfsHw::setIceParam(uint32_t flag) { - // TODO implement - return int32_t {}; +#ifdef QSEECOM_IOCTL_SET_ICE_INFO + int32_t ret = -1; + qseecom_ice_data_t ice_data; + unique_fd qseecom_fd(open("/dev/qseecom", O_RDWR)); + if (qseecom_fd < 0) return ret; + ice_data.flag = static_cast<int>(flag); + ret = ioctl(qseecom_fd, QSEECOM_IOCTL_SET_ICE_INFO, &ice_data); + return ret; +#else + (void)flag; + return -1; +#endif } Return<int32_t> CryptfsHw::setKey(const hidl_string& passwd, const hidl_string& enc_mode) { - // TODO implement - return int32_t {}; + int err = -1; + + if (!IsHwDiskEncryption(enc_mode)) return err; + + err = controller_->createKey(usage_, passwd.c_str()); + if (err < 0) { + if (ERR_MAX_PASSWORD_ATTEMPTS == err) + LOG_TO(SYSTEM, INFO) << "Maximum wrong password attempts reached, will erase userdata"; + } + + return err; } -Return<int32_t> CryptfsHw::updateKey(const hidl_string& oldpw, const hidl_string& newpw, const hidl_string& enc_mode) { - // TODO implement - return int32_t {}; +Return<int32_t> CryptfsHw::updateKey(const hidl_string& oldpw, const hidl_string& newpw, + const hidl_string& enc_mode) { + int err = -1; + + if (!IsHwDiskEncryption(enc_mode)) return err; + + err = controller_->updateKey(usage_, oldpw.c_str(), newpw.c_str()); + if (err < 0) { + if (ERR_MAX_PASSWORD_ATTEMPTS == err) + LOG_TO(SYSTEM, INFO) << "Maximum wrong password attempts reached, will erase userdata"; + } + + return err; } Return<int32_t> CryptfsHw::clearKey() { - // TODO implement - return int32_t {}; + return controller_->wipeKey(usage_); } - -// Methods from ::android::hidl::base::V1_0::IBase follow. - -//ICryptfsHw* HIDL_FETCH_ICryptfsHw(const char* /* name */) { - //return new CryptfsHw(); -//} -// } // namespace implementation } // namespace V1_0 } // namespace cryptfshw |