Check crypto footer before offering to decrypt
Verify that we have a valid footer with proper magic before
setting things up for decryption to help prevent user confusion
when dealing with data partitions that fail to mount. Also check
to make sure that the block device for /data is present.
Change-Id: Ie87818fe4505a8bf71df7d3934c114e7328ef3ca
diff --git a/crypto/ics/cryptfs.c b/crypto/ics/cryptfs.c
index 193339e..4f3d5d0 100644
--- a/crypto/ics/cryptfs.c
+++ b/crypto/ics/cryptfs.c
@@ -653,6 +653,28 @@
return -1;
}
+int cryptfs_check_footer(void)
+{
+ int rc = -1;
+ char fs_type[PROPERTY_VALUE_MAX];
+ char real_blkdev[MAXPATHLEN];
+ char fs_options[PROPERTY_VALUE_MAX];
+ unsigned long mnt_flags;
+ struct crypt_mnt_ftr crypt_ftr;
+ /* Allocate enough space for a 256 bit key, but we may use less */
+ unsigned char encrypted_master_key[256];
+ unsigned char salt[SALT_LEN];
+
+ if (get_orig_mount_parms(DATA_MNT_POINT, fs_type, real_blkdev, &mnt_flags, fs_options)) {
+ printf("Error reading original mount parms for mount point %s\n", DATA_MNT_POINT);
+ return rc;
+ }
+
+ rc = get_crypt_ftr_and_key(real_blkdev, &crypt_ftr, encrypted_master_key, salt);
+
+ return rc;
+}
+
int cryptfs_check_passwd(const char *passwd)
{
char pwbuf[256];
diff --git a/crypto/ics/cryptfs.h b/crypto/ics/cryptfs.h
index eee43b3..8c80376 100644
--- a/crypto/ics/cryptfs.h
+++ b/crypto/ics/cryptfs.h
@@ -76,6 +76,7 @@
#ifdef __cplusplus
extern "C" {
#endif
+ int cryptfs_check_footer(void);
int cryptfs_check_passwd(const char *pw);
#ifdef __cplusplus
}
diff --git a/crypto/jb/cryptfs.c b/crypto/jb/cryptfs.c
index 4e5706b..f9c0d74 100644
--- a/crypto/jb/cryptfs.c
+++ b/crypto/jb/cryptfs.c
@@ -1354,13 +1354,32 @@
#define FSTAB_PREFIX "/fstab."
+int cryptfs_check_footer(void)
+{
+ int rc = -1;
+ char fstab_filename[PROPERTY_VALUE_MAX + sizeof(FSTAB_PREFIX)];
+ char propbuf[PROPERTY_VALUE_MAX];
+ struct crypt_mnt_ftr crypt_ftr;
+
+ property_get("ro.hardware", propbuf, "");
+ snprintf(fstab_filename, sizeof(fstab_filename), FSTAB_PREFIX"%s", propbuf);
+
+ fstab = fs_mgr_read_fstab(fstab_filename);
+ if (!fstab) {
+ printf("failed to open %s\n", fstab_filename);
+ return -1;
+ }
+
+ rc = get_crypt_ftr_and_key(&crypt_ftr);
+
+ return rc;
+}
+
int cryptfs_check_passwd(char *passwd)
{
int rc = -1;
char fstab_filename[PROPERTY_VALUE_MAX + sizeof(FSTAB_PREFIX)];
char propbuf[PROPERTY_VALUE_MAX];
- int i;
- int flags;
property_get("ro.hardware", propbuf, "");
snprintf(fstab_filename, sizeof(fstab_filename), FSTAB_PREFIX"%s", propbuf);
diff --git a/crypto/jb/cryptfs.h b/crypto/jb/cryptfs.h
index 162159e..d815814 100644
--- a/crypto/jb/cryptfs.h
+++ b/crypto/jb/cryptfs.h
@@ -139,6 +139,7 @@
typedef void (*kdf_func)(char *passwd, unsigned char *salt, unsigned char *ikey, void *params);
int cryptfs_crypto_complete(void);
+ int cryptfs_check_footer(void);
int cryptfs_check_passwd(char *pw);
int cryptfs_verify_passwd(char *newpw);
int cryptfs_restart(void);