Lines Matching refs:crypt_ftr
341 static void set_ftr_sha(struct crypt_mnt_ftr *crypt_ftr) in set_ftr_sha() argument
345 memset(crypt_ftr->sha256, 0, sizeof(crypt_ftr->sha256)); in set_ftr_sha()
346 SHA256_Update(&c, crypt_ftr, sizeof(*crypt_ftr)); in set_ftr_sha()
347 SHA256_Final(crypt_ftr->sha256, &c); in set_ftr_sha()
353 static int put_crypt_ftr_and_key(struct crypt_mnt_ftr *crypt_ftr) in put_crypt_ftr_and_key() argument
365 set_ftr_sha(crypt_ftr); in put_crypt_ftr_and_key()
386 if ((cnt = write(fd, crypt_ftr, sizeof(struct crypt_mnt_ftr))) != sizeof(struct crypt_mnt_ftr)) { in put_crypt_ftr_and_key()
409 static bool check_ftr_sha(const struct crypt_mnt_ftr *crypt_ftr) in check_ftr_sha() argument
412 memcpy(©, crypt_ftr, sizeof(copy)); in check_ftr_sha()
414 return memcmp(copy.sha256, crypt_ftr->sha256, sizeof(copy.sha256)) == 0; in check_ftr_sha()
439 static void upgrade_crypt_ftr(int fd, struct crypt_mnt_ftr *crypt_ftr, off64_t offset) in upgrade_crypt_ftr() argument
441 int orig_major = crypt_ftr->major_version; in upgrade_crypt_ftr()
442 int orig_minor = crypt_ftr->minor_version; in upgrade_crypt_ftr()
444 if ((crypt_ftr->major_version == 1) && (crypt_ftr->minor_version == 0)) { in upgrade_crypt_ftr()
471 crypt_ftr->persist_data_size = CRYPT_PERSIST_DATA_SIZE; in upgrade_crypt_ftr()
472 crypt_ftr->persist_data_offset[0] = pdata_offset; in upgrade_crypt_ftr()
473 crypt_ftr->persist_data_offset[1] = pdata_offset + CRYPT_PERSIST_DATA_SIZE; in upgrade_crypt_ftr()
474 crypt_ftr->minor_version = 1; in upgrade_crypt_ftr()
478 if ((crypt_ftr->major_version == 1) && (crypt_ftr->minor_version == 1)) { in upgrade_crypt_ftr()
483 crypt_ftr->kdf_type = KDF_PBKDF2; in upgrade_crypt_ftr()
484 get_device_scrypt_params(crypt_ftr); in upgrade_crypt_ftr()
485 crypt_ftr->minor_version = 2; in upgrade_crypt_ftr()
488 if ((crypt_ftr->major_version == 1) && (crypt_ftr->minor_version == 2)) { in upgrade_crypt_ftr()
490 crypt_ftr->crypt_type = CRYPT_TYPE_PASSWORD; in upgrade_crypt_ftr()
491 crypt_ftr->minor_version = 3; in upgrade_crypt_ftr()
494 if ((orig_major != crypt_ftr->major_version) || (orig_minor != crypt_ftr->minor_version)) { in upgrade_crypt_ftr()
499 unix_write(fd, crypt_ftr, sizeof(struct crypt_mnt_ftr)); in upgrade_crypt_ftr()
504 static int get_crypt_ftr_and_key(struct crypt_mnt_ftr *crypt_ftr) in get_crypt_ftr_and_key() argument
539 if ( (cnt = read(fd, crypt_ftr, sizeof(struct crypt_mnt_ftr))) != sizeof(struct crypt_mnt_ftr)) { in get_crypt_ftr_and_key()
544 if (crypt_ftr->magic != CRYPT_MNT_MAGIC) { in get_crypt_ftr_and_key()
549 if (crypt_ftr->major_version != CURRENT_MAJOR_VERSION) { in get_crypt_ftr_and_key()
551 crypt_ftr->major_version, CURRENT_MAJOR_VERSION); in get_crypt_ftr_and_key()
555 if (crypt_ftr->minor_version > CURRENT_MINOR_VERSION) { in get_crypt_ftr_and_key()
557 crypt_ftr->minor_version, CURRENT_MINOR_VERSION); in get_crypt_ftr_and_key()
563 if (crypt_ftr->minor_version < CURRENT_MINOR_VERSION) { in get_crypt_ftr_and_key()
564 upgrade_crypt_ftr(fd, crypt_ftr, starting_off); in get_crypt_ftr_and_key()
575 static int validate_persistent_data_storage(struct crypt_mnt_ftr *crypt_ftr) in validate_persistent_data_storage() argument
577 if (crypt_ftr->persist_data_offset[0] + crypt_ftr->persist_data_size > in validate_persistent_data_storage()
578 crypt_ftr->persist_data_offset[1]) { in validate_persistent_data_storage()
583 if (crypt_ftr->persist_data_offset[0] >= crypt_ftr->persist_data_offset[1]) { in validate_persistent_data_storage()
588 if (((crypt_ftr->persist_data_offset[1] + crypt_ftr->persist_data_size) - in validate_persistent_data_storage()
589 (crypt_ftr->persist_data_offset[0] - CRYPT_FOOTER_TO_PERSIST_OFFSET)) > in validate_persistent_data_storage()
600 struct crypt_mnt_ftr crypt_ftr; in load_persistent_data() local
627 if(get_crypt_ftr_and_key(&crypt_ftr)) { in load_persistent_data()
631 if ((crypt_ftr.major_version < 1) in load_persistent_data()
632 || (crypt_ftr.major_version == 1 && crypt_ftr.minor_version < 1)) { in load_persistent_data()
641 ret = validate_persistent_data_storage(&crypt_ftr); in load_persistent_data()
652 pdata = (crypt_persist_data*)malloc(crypt_ftr.persist_data_size); in load_persistent_data()
659 if (lseek64(fd, crypt_ftr.persist_data_offset[i], SEEK_SET) < 0) { in load_persistent_data()
663 if (unix_read(fd, pdata, crypt_ftr.persist_data_size) < 0){ in load_persistent_data()
675 init_empty_persist_data(pdata, crypt_ftr.persist_data_size); in load_persistent_data()
693 struct crypt_mnt_ftr crypt_ftr; in save_persistent_data() local
706 if(get_crypt_ftr_and_key(&crypt_ftr)) { in save_persistent_data()
710 if ((crypt_ftr.major_version < 1) in save_persistent_data()
711 || (crypt_ftr.major_version == 1 && crypt_ftr.minor_version < 1)) { in save_persistent_data()
716 ret = validate_persistent_data_storage(&crypt_ftr); in save_persistent_data()
731 pdata = (crypt_persist_data*)malloc(crypt_ftr.persist_data_size); in save_persistent_data()
737 if (lseek64(fd, crypt_ftr.persist_data_offset[0], SEEK_SET) < 0) { in save_persistent_data()
742 if (unix_read(fd, pdata, crypt_ftr.persist_data_size) < 0) { in save_persistent_data()
750 write_offset = crypt_ftr.persist_data_offset[1]; in save_persistent_data()
751 erase_offset = crypt_ftr.persist_data_offset[0]; in save_persistent_data()
755 write_offset = crypt_ftr.persist_data_offset[0]; in save_persistent_data()
756 erase_offset = crypt_ftr.persist_data_offset[1]; in save_persistent_data()
764 if (unix_write(fd, persist_data, crypt_ftr.persist_data_size) == in save_persistent_data()
765 (int) crypt_ftr.persist_data_size) { in save_persistent_data()
771 memset(pdata, 0, crypt_ftr.persist_data_size); in save_persistent_data()
772 if (unix_write(fd, pdata, crypt_ftr.persist_data_size) != in save_persistent_data()
773 (int) crypt_ftr.persist_data_size) { in save_persistent_data()
817 static int load_crypto_mapping_table(struct crypt_mnt_ftr *crypt_ftr, in load_crypto_mapping_table() argument
837 tgt->length = crypt_ftr->fs_size; in load_crypto_mapping_table()
841 convert_key_to_hex_ascii(master_key, crypt_ftr->keysize, master_key_ascii); in load_crypto_mapping_table()
845 crypt_ftr->crypto_type_name, master_key_ascii, real_blk_name, in load_crypto_mapping_table()
899 static int create_crypto_blk_dev(struct crypt_mnt_ftr *crypt_ftr, in create_crypto_blk_dev() argument
945 load_count = load_crypto_mapping_table(crypt_ftr, master_key, real_blk_name, name, in create_crypto_blk_dev()
1076 struct crypt_mnt_ftr *crypt_ftr) in encrypt_master_key() argument
1084 get_device_scrypt_params(crypt_ftr); in encrypt_master_key()
1086 switch (crypt_ftr->kdf_type) { in encrypt_master_key()
1088 if (keymaster_create_key(crypt_ftr)) { in encrypt_master_key()
1093 if (scrypt_keymaster(passwd, salt, ikey, crypt_ftr)) { in encrypt_master_key()
1100 if (scrypt(passwd, salt, ikey, crypt_ftr)) { in encrypt_master_key()
1140 int N = 1 << crypt_ftr->N_factor; in encrypt_master_key()
1141 int r = 1 << crypt_ftr->r_factor; in encrypt_master_key()
1142 int p = 1 << crypt_ftr->p_factor; in encrypt_master_key()
1145 crypt_ftr->salt, sizeof(crypt_ftr->salt), N, r, p, in encrypt_master_key()
1146 crypt_ftr->scrypted_intermediate_key, in encrypt_master_key()
1147 sizeof(crypt_ftr->scrypted_intermediate_key)); in encrypt_master_key()
1224 struct crypt_mnt_ftr *crypt_ftr, in decrypt_master_key() argument
1232 get_kdf_func(crypt_ftr, &kdf, &kdf_params); in decrypt_master_key()
1233 ret = decrypt_master_key_aux(passwd, crypt_ftr->salt, crypt_ftr->master_key, in decrypt_master_key()
1244 struct crypt_mnt_ftr *crypt_ftr) { in create_encrypted_random_key() argument
1255 return encrypt_master_key(passwd, salt, key_buf, master_key, crypt_ftr); in create_encrypted_random_key()
1332 struct crypt_mnt_ftr crypt_ftr; in cryptfs_set_corrupt() local
1333 if (get_crypt_ftr_and_key(&crypt_ftr)) { in cryptfs_set_corrupt()
1338 crypt_ftr.flags |= CRYPT_DATA_CORRUPT; in cryptfs_set_corrupt()
1339 if (put_crypt_ftr_and_key(&crypt_ftr)) { in cryptfs_set_corrupt()
1511 struct crypt_mnt_ftr crypt_ftr; in do_crypto_complete() local
1526 if (get_crypt_ftr_and_key(&crypt_ftr)) { in do_crypto_complete()
1546 if (crypt_ftr.flags & CRYPT_ENCRYPTION_IN_PROGRESS){ in do_crypto_complete()
1551 if (crypt_ftr.flags & CRYPT_INCONSISTENT_STATE){ in do_crypto_complete()
1556 if (crypt_ftr.flags & CRYPT_DATA_CORRUPT){ in do_crypto_complete()
1565 static int test_mount_encrypted_fs(struct crypt_mnt_ftr* crypt_ftr, in test_mount_encrypted_fs() argument
1579 int N = 1 << crypt_ftr->N_factor; in test_mount_encrypted_fs()
1580 int r = 1 << crypt_ftr->r_factor; in test_mount_encrypted_fs()
1581 int p = 1 << crypt_ftr->p_factor; in test_mount_encrypted_fs()
1583 SLOGD("crypt_ftr->fs_size = %lld\n", crypt_ftr->fs_size); in test_mount_encrypted_fs()
1584 orig_failed_decrypt_count = crypt_ftr->failed_decrypt_count; in test_mount_encrypted_fs()
1586 if (! (crypt_ftr->flags & CRYPT_MNT_KEY_UNENCRYPTED) ) { in test_mount_encrypted_fs()
1587 if (decrypt_master_key(passwd, decrypted_master_key, crypt_ftr, in test_mount_encrypted_fs()
1599 if (create_crypto_blk_dev(crypt_ftr, decrypted_master_key, in test_mount_encrypted_fs()
1607 unsigned char scrypted_intermediate_key[sizeof(crypt_ftr-> in test_mount_encrypted_fs()
1611 crypt_ftr->salt, sizeof(crypt_ftr->salt), in test_mount_encrypted_fs()
1617 crypt_ftr->scrypted_intermediate_key, in test_mount_encrypted_fs()
1631 rc = ++crypt_ftr->failed_decrypt_count; in test_mount_encrypted_fs()
1632 put_crypt_ftr_and_key(crypt_ftr); in test_mount_encrypted_fs()
1642 crypt_ftr->failed_decrypt_count = 0; in test_mount_encrypted_fs()
1644 put_crypt_ftr_and_key(crypt_ftr); in test_mount_encrypted_fs()
1661 if (crypt_ftr->kdf_type == KDF_SCRYPT_KEYMASTER) { in test_mount_encrypted_fs()
1663 } else if (use_keymaster == 1 && crypt_ftr->kdf_type != KDF_SCRYPT_KEYMASTER) { in test_mount_encrypted_fs()
1664 crypt_ftr->kdf_type = KDF_SCRYPT_KEYMASTER; in test_mount_encrypted_fs()
1666 } else if (use_keymaster == 0 && crypt_ftr->kdf_type != KDF_SCRYPT) { in test_mount_encrypted_fs()
1667 crypt_ftr->kdf_type = KDF_SCRYPT; in test_mount_encrypted_fs()
1672 rc = encrypt_master_key(passwd, crypt_ftr->salt, saved_master_key, in test_mount_encrypted_fs()
1673 crypt_ftr->master_key, crypt_ftr); in test_mount_encrypted_fs()
1675 rc = put_crypt_ftr_and_key(crypt_ftr); in test_mount_encrypted_fs()
1747 int check_unmounted_and_get_ftr(struct crypt_mnt_ftr* crypt_ftr) in check_unmounted_and_get_ftr() argument
1757 if (get_crypt_ftr_and_key(crypt_ftr)) { in check_unmounted_and_get_ftr()
1773 struct crypt_mnt_ftr crypt_ftr; in cryptfs_check_passwd() local
1776 rc = check_unmounted_and_get_ftr(&crypt_ftr); in cryptfs_check_passwd()
1782 rc = test_mount_encrypted_fs(&crypt_ftr, passwd, in cryptfs_check_passwd()
1789 if (crypt_ftr.flags & CRYPT_FORCE_COMPLETE) { in cryptfs_check_passwd()
1795 rc = test_mount_encrypted_fs(&crypt_ftr, DEFAULT_PASSWORD, in cryptfs_check_passwd()
1802 crypt_ftr.flags &= ~CRYPT_FORCE_COMPLETE; in cryptfs_check_passwd()
1803 put_crypt_ftr_and_key(&crypt_ftr); in cryptfs_check_passwd()
1804 rc = cryptfs_changepw(crypt_ftr.crypt_type, passwd); in cryptfs_check_passwd()
1811 if (crypt_ftr.crypt_type != CRYPT_TYPE_DEFAULT) { in cryptfs_check_passwd()
1824 struct crypt_mnt_ftr crypt_ftr; in cryptfs_verify_passwd() local
1846 if (get_crypt_ftr_and_key(&crypt_ftr)) { in cryptfs_verify_passwd()
1851 if (crypt_ftr.flags & CRYPT_MNT_KEY_UNENCRYPTED) { in cryptfs_verify_passwd()
1855 decrypt_master_key(passwd, decrypted_master_key, &crypt_ftr, 0, 0); in cryptfs_verify_passwd()
1856 if (!memcmp(decrypted_master_key, saved_master_key, crypt_ftr.keysize)) { in cryptfs_verify_passwd()
2627 static int cryptfs_enable_all_volumes(struct crypt_mnt_ftr *crypt_ftr, int how, in cryptfs_enable_all_volumes() argument
2640 tot_encryption_size = crypt_ftr->fs_size; in cryptfs_enable_all_volumes()
2649 rc = cryptfs_enable_wipe(crypto_blkdev, crypt_ftr->fs_size, fs_type); in cryptfs_enable_all_volumes()
2652 crypt_ftr->fs_size, &cur_encryption_done, in cryptfs_enable_all_volumes()
2663 crypt_ftr->encrypted_upto = cur_encryption_done; in cryptfs_enable_all_volumes()
2666 if (!rc && crypt_ftr->encrypted_upto == crypt_ftr->fs_size) { in cryptfs_enable_all_volumes()
2687 struct crypt_mnt_ftr crypt_ftr; in cryptfs_enable_internal() local
2708 && get_crypt_ftr_and_key(&crypt_ftr) == 0) { in cryptfs_enable_internal()
2709 if (crypt_ftr.flags & CRYPT_ENCRYPTION_IN_PROGRESS) { in cryptfs_enable_internal()
2711 previously_encrypted_upto = crypt_ftr.encrypted_upto; in cryptfs_enable_internal()
2712 crypt_ftr.encrypted_upto = 0; in cryptfs_enable_internal()
2713 crypt_ftr.flags &= ~CRYPT_ENCRYPTION_IN_PROGRESS; in cryptfs_enable_internal()
2719 crypt_ftr.flags |= CRYPT_INCONSISTENT_STATE; in cryptfs_enable_internal()
2721 put_crypt_ftr_and_key(&crypt_ftr); in cryptfs_enable_internal()
2722 } else if (crypt_ftr.flags & CRYPT_FORCE_ENCRYPTION) { in cryptfs_enable_internal()
2723 if (!check_ftr_sha(&crypt_ftr)) { in cryptfs_enable_internal()
2724 memset(&crypt_ftr, 0, sizeof(crypt_ftr)); in cryptfs_enable_internal()
2725 put_crypt_ftr_and_key(&crypt_ftr); in cryptfs_enable_internal()
2730 crypt_ftr.flags &= ~CRYPT_FORCE_ENCRYPTION; in cryptfs_enable_internal()
2731 crypt_ftr.flags |= CRYPT_FORCE_COMPLETE; in cryptfs_enable_internal()
2836 if (cryptfs_init_crypt_mnt_ftr(&crypt_ftr)) { in cryptfs_enable_internal()
2841 crypt_ftr.fs_size = nr_sec in cryptfs_enable_internal()
2844 crypt_ftr.fs_size = nr_sec; in cryptfs_enable_internal()
2851 crypt_ftr.flags |= CRYPT_FORCE_ENCRYPTION; in cryptfs_enable_internal()
2853 crypt_ftr.flags |= CRYPT_INCONSISTENT_STATE; in cryptfs_enable_internal()
2855 crypt_ftr.crypt_type = crypt_type; in cryptfs_enable_internal()
2856 … strlcpy((char *)crypt_ftr.crypto_type_name, "aes-cbc-essiv:sha256", MAX_CRYPTO_TYPE_NAME_LEN); in cryptfs_enable_internal()
2860 crypt_ftr.master_key, crypt_ftr.salt, &crypt_ftr)) { in cryptfs_enable_internal()
2870 encrypt_master_key(passwd, crypt_ftr.salt, fake_master_key, in cryptfs_enable_internal()
2871 encrypted_fake_master_key, &crypt_ftr); in cryptfs_enable_internal()
2875 put_crypt_ftr_and_key(&crypt_ftr); in cryptfs_enable_internal()
2909 decrypt_master_key(passwd, decrypted_master_key, &crypt_ftr, 0, 0); in cryptfs_enable_internal()
2910 create_crypto_blk_dev(&crypt_ftr, decrypted_master_key, real_blkdev, crypto_blkdev, in cryptfs_enable_internal()
2919 if (!rc && memcmp(hash_first_block, crypt_ftr.hash_first_block, in cryptfs_enable_internal()
2927 rc = cryptfs_enable_all_volumes(&crypt_ftr, how, in cryptfs_enable_internal()
2934 && crypt_ftr.encrypted_upto != crypt_ftr.fs_size) { in cryptfs_enable_internal()
2936 crypt_ftr.hash_first_block); in cryptfs_enable_internal()
2948 crypt_ftr.flags &= ~CRYPT_INCONSISTENT_STATE; in cryptfs_enable_internal()
2951 && crypt_ftr.encrypted_upto != crypt_ftr.fs_size) { in cryptfs_enable_internal()
2953 crypt_ftr.encrypted_upto); in cryptfs_enable_internal()
2954 crypt_ftr.flags |= CRYPT_ENCRYPTION_IN_PROGRESS; in cryptfs_enable_internal()
2957 put_crypt_ftr_and_key(&crypt_ftr); in cryptfs_enable_internal()
2960 || crypt_ftr.encrypted_upto == crypt_ftr.fs_size) { in cryptfs_enable_internal()
2968 if (rebootEncryption && crypt_ftr.crypt_type != CRYPT_TYPE_DEFAULT) { in cryptfs_enable_internal()
3059 struct crypt_mnt_ftr crypt_ftr; in cryptfs_changepw() local
3074 if (get_crypt_ftr_and_key(&crypt_ftr)) { in cryptfs_changepw()
3079 crypt_ftr.crypt_type = crypt_type; in cryptfs_changepw()
3083 crypt_ftr.salt, in cryptfs_changepw()
3085 crypt_ftr.master_key, in cryptfs_changepw()
3086 &crypt_ftr); in cryptfs_changepw()
3092 put_crypt_ftr_and_key(&crypt_ftr); in cryptfs_changepw()
3098 struct crypt_mnt_ftr crypt_ftr; in persist_get_max_entries() local
3106 if (get_crypt_ftr_and_key(&crypt_ftr)) { in persist_get_max_entries()
3109 dsize = crypt_ftr.persist_data_size; in persist_get_max_entries()
3457 struct crypt_mnt_ftr crypt_ftr; in cryptfs_get_password_type() local
3459 if (get_crypt_ftr_and_key(&crypt_ftr)) { in cryptfs_get_password_type()
3464 if (crypt_ftr.flags & CRYPT_INCONSISTENT_STATE) { in cryptfs_get_password_type()
3468 return crypt_ftr.crypt_type; in cryptfs_get_password_type()
3510 int cryptfs_create_default_ftr(struct crypt_mnt_ftr* crypt_ftr, __attribute__((unused))int key_leng… in cryptfs_create_default_ftr() argument
3512 if (cryptfs_init_crypt_mnt_ftr(crypt_ftr)) { in cryptfs_create_default_ftr()
3517 if (create_encrypted_random_key(DEFAULT_PASSWORD, crypt_ftr->master_key, in cryptfs_create_default_ftr()
3518 crypt_ftr->salt, crypt_ftr)) { in cryptfs_create_default_ftr()