From 2fc15a02e5d1c7ea4f8cc55818e49858e5ca8fc4 Mon Sep 17 00:00:00 2001
From: Dinesh K Garg <dineshg@codeaurora.org>
Date: Wed, 8 Oct 2014 17:43:05 -0700
Subject: Adding support of Inline Crypto Engine (ICE)

ICE requires keys to be set in key LUT. Changing APIs so that it
return the key index in key LUT. It also needs to take care if
ICE is available on the chip.

Change-Id:  I22be18738ba33e5b5c61639c24b320484d0ad7f2
---
 Android.mk   |  6 ++++++
 cryptfs_hw.c | 64 ++++++++++++++++++++++++++++++++++++++++++++++++++----------
 cryptfs_hw.h |  5 +++--
 3 files changed, 63 insertions(+), 12 deletions(-)
 mode change 100644 => 100755 cryptfs_hw.c
 mode change 100644 => 100755 cryptfs_hw.h

diff --git a/Android.mk b/Android.mk
index 996947b..8e59637 100644
--- a/Android.mk
+++ b/Android.mk
@@ -19,5 +19,11 @@ LOCAL_SHARED_LIBRARIES := $(commonSharedLibraries)
 
 LOCAL_MODULE_OWNER := qcom
 
+# USE_ICE_FOR_STORAGE_ENCRYPTION would be true in future if
+# TARGET_USE_EMMC_USE_ICE is set
+ifeq ($(TARGET_USE_UFS_ICE),true)
+LOCAL_CFLAGS += -DUSE_ICE_FOR_STORAGE_ENCRYPTION
+endif
+
 include $(BUILD_SHARED_LIBRARY)
 endif
diff --git a/cryptfs_hw.c b/cryptfs_hw.c
old mode 100644
new mode 100755
index 18486c2..ff603cf
--- a/cryptfs_hw.c
+++ b/cryptfs_hw.c
@@ -35,6 +35,7 @@
 #include <dirent.h>
 #include <dlfcn.h>
 #include "cutils/log.h"
+#include "cutils/properties.h"
 #include "cutils/android_reboot.h"
 
 #if defined(__LP64__)
@@ -51,6 +52,7 @@
 // wipe userdata partition once this error is received.
 #define ERR_MAX_PASSWORD_ATTEMPTS -10
 #define QSEECOM_DISK_ENCRYPTION 1
+#define QSEECOM_ICE_DISK_ENCRYPTION 3
 #define MAX_PASSWORD_LEN 32
 
 /* Operations that be performed on HW based device encryption key */
@@ -62,6 +64,13 @@ static unsigned char current_passwd[MAX_PASSWORD_LEN];
 static int (*qseecom_create_key)(int, void*);
 static int (*qseecom_update_key)(int, void*, void*);
 
+static int map_usage(int usage)
+{
+    return (is_ice_enabled() && (usage == QSEECOM_DISK_ENCRYPTION)) ?
+                                          QSEECOM_ICE_DISK_ENCRYPTION : usage;
+}
+
+
 static unsigned char* get_tmp_passwd(const char* passwd)
 {
     int passwd_len = 0;
@@ -123,23 +132,24 @@ static int load_qseecom_library()
     return loaded_library;
 }
 
-static unsigned int set_key(const char* passwd, const char* enc_mode, int operation)
+/*
+ * For NON-ICE targets, it would return 0 on success. On ICE based targets,
+ * it would return key index in the ICE Key LUT
+ */
+static int set_key(const char* passwd, const char* enc_mode, int operation)
 {
-    int ret = 0;
     int err = -1;
     if (is_hw_disk_encryption(enc_mode) && load_qseecom_library()) {
         unsigned char* tmp_passwd = get_tmp_passwd(passwd);
         if(tmp_passwd) {
-
             if (operation == UPDATE_HW_DISK_ENC_KEY)
-                err = qseecom_update_key(QSEECOM_DISK_ENCRYPTION, current_passwd, tmp_passwd);
+                err = qseecom_update_key(map_usage(QSEECOM_DISK_ENCRYPTION), current_passwd, tmp_passwd);
             else if (operation == SET_HW_DISK_ENC_KEY)
-                err = qseecom_create_key(QSEECOM_DISK_ENCRYPTION, tmp_passwd);
+                err = qseecom_create_key(map_usage(QSEECOM_DISK_ENCRYPTION), tmp_passwd);
 
-            if(!err) {
+            if(err >= 0) {
                 memset(current_passwd, 0, MAX_PASSWORD_LEN);
                 memcpy(current_passwd, tmp_passwd, MAX_PASSWORD_LEN);
-                ret = 1;
             } else {
                 if(ERR_MAX_PASSWORD_ATTEMPTS == err)
                     wipe_userdata();
@@ -147,15 +157,15 @@ static unsigned int set_key(const char* passwd, const char* enc_mode, int operat
             free(tmp_passwd);
         }
     }
-    return ret;
+    return err;
 }
 
-unsigned int set_hw_device_encryption_key(const char* passwd, const char* enc_mode)
+int set_hw_device_encryption_key(const char* passwd, const char* enc_mode)
 {
     return set_key(passwd, enc_mode, SET_HW_DISK_ENC_KEY);
 }
 
-unsigned int update_hw_device_encryption_key(const char* newpw, const char* enc_mode)
+int update_hw_device_encryption_key(const char* newpw, const char* enc_mode)
 {
 
     return set_key(newpw, enc_mode, UPDATE_HW_DISK_ENC_KEY);
@@ -172,3 +182,37 @@ unsigned int is_hw_disk_encryption(const char* encryption_mode)
     }
     return ret;
 }
+
+int is_ice_enabled(void)
+{
+    /* If (USE_ICE_FLAG) => return 1
+     * if (property set to use gpce) return 0
+     * we are using property to test UFS + GPCE, even though not required
+     * if (storage is ufs) return 1
+     * else return 0 so that emmc based device can work properly
+     */
+#ifdef USE_ICE_FOR_STORAGE_ENCRYPTION
+    SLOGD("Ice enabled = true");
+    return 1;
+#else
+    char enc_hw_type[PATH_MAX];
+    char prop_storage[PATH_MAX];
+    int ice = 0;
+    int i;
+    if (property_get("crypto.fde_enc_hw_type", enc_hw_type, "")) {
+        if(!strncmp(enc_hw_type, "gpce", PROPERTY_VALUE_MAX)) {
+            SLOGD("GPCE would be used for HW FDE");
+            return 0;
+        }
+    }
+
+    if (property_get("ro.boot.bootdevice", prop_storage, "")) {
+        if(strstr(prop_storage, "ufs")) {
+            SLOGD("ICE would be used for HW FDE");
+            return 1;
+        }
+    }
+    SLOGD("GPCE would be used for HW FDE");
+    return 0;
+#endif
+}
diff --git a/cryptfs_hw.h b/cryptfs_hw.h
old mode 100644
new mode 100755
index 9d3573b..2fccd5d
--- a/cryptfs_hw.h
+++ b/cryptfs_hw.h
@@ -33,9 +33,10 @@
 extern "C" {
 #endif
 
-unsigned int set_hw_device_encryption_key(const char*, const char*);
-unsigned int update_hw_device_encryption_key(const char*, const char*);
+int set_hw_device_encryption_key(const char*, const char*);
+int update_hw_device_encryption_key(const char*, const char*);
 unsigned int is_hw_disk_encryption(const char*);
+int is_ice_enabled(void);
 
 #ifdef __cplusplus
 }
-- 
cgit v1.2.3