From fefe5915b06a1121d885fba3680dd1b90027fd5d Mon Sep 17 00:00:00 2001 From: Ethan Yonker Date: Sat, 30 Sep 2017 22:22:13 -0500 Subject: FBE for Pixel 2 Includes various minor fixes for building in Android 8 trees with r23+ tag Update FBE extended header in libtar to version 2 and include the entire ext4_encryption_policy structure now after translating the policy. See this post for more details: https://plus.google.com/u/1/+DeesTroy/posts/i33ygUi7tiu Change-Id: I2af981e51f459b17fcd895fb8c2d3f6c8200e24b --- crypto/ext4crypt/ext4_crypt.cpp | 61 +++++++++++++++++++++++++++++------------ 1 file changed, 44 insertions(+), 17 deletions(-) (limited to 'crypto/ext4crypt/ext4_crypt.cpp') diff --git a/crypto/ext4crypt/ext4_crypt.cpp b/crypto/ext4crypt/ext4_crypt.cpp index 029db7567..5a3b4b20c 100644 --- a/crypto/ext4crypt/ext4_crypt.cpp +++ b/crypto/ext4crypt/ext4_crypt.cpp @@ -22,6 +22,7 @@ */ #include "ext4_crypt.h" +#include "ext4crypt_tar.h" #include #include @@ -41,29 +42,13 @@ #define XATTR_NAME_ENCRYPTION_POLICY "encryption.policy" #define EXT4_KEYREF_DELIMITER ((char)'.') -// ext4enc:TODO Include structure from somewhere sensible -// MUST be in sync with ext4_crypto.c in kernel -#define EXT4_KEY_DESCRIPTOR_SIZE 8 -#define EXT4_KEY_DESCRIPTOR_SIZE_HEX 17 - -struct ext4_encryption_policy { - char version; - char contents_encryption_mode; - char filenames_encryption_mode; - char flags; - char master_key_descriptor[EXT4_KEY_DESCRIPTOR_SIZE]; -} __attribute__((__packed__)); - #define EXT4_ENCRYPTION_MODE_AES_256_XTS 1 #define EXT4_ENCRYPTION_MODE_AES_256_CTS 4 +#define EXT4_ENCRYPTION_MODE_AES_256_HEH 126 #define EXT4_ENCRYPTION_MODE_PRIVATE 127 static int encryption_mode = EXT4_ENCRYPTION_MODE_PRIVATE; -// ext4enc:TODO Get value from somewhere sensible -#define EXT4_IOC_SET_ENCRYPTION_POLICY _IOR('f', 19, struct ext4_encryption_policy) -#define EXT4_IOC_GET_ENCRYPTION_POLICY _IOW('f', 21, struct ext4_encryption_policy) - #define HEX_LOOKUP "0123456789abcdef" extern "C" void policy_to_hex(const char* policy, char* hex) { @@ -146,6 +131,48 @@ extern "C" bool e4crypt_policy_get(const char *directory, char *policy, return true; } +extern "C" void e4crypt_policy_fill_default_struct(ext4_encryption_policy *eep) { + eep->version = 0; + eep->contents_encryption_mode = encryption_mode; + eep->filenames_encryption_mode = EXT4_ENCRYPTION_MODE_AES_256_CTS; + eep->flags = 0; + memset((void*)&eep->master_key_descriptor[0], 0, EXT4_KEY_DESCRIPTOR_SIZE); +} + +extern "C" bool e4crypt_policy_set_struct(const char *directory, const ext4_encryption_policy *eep) { + int fd = open(directory, O_DIRECTORY | O_NOFOLLOW | O_CLOEXEC); + if (fd == -1) { + printf("failed to open %s\n", directory); + PLOG(ERROR) << "Failed to open directory " << directory; + return false; + } + if (ioctl(fd, EXT4_IOC_SET_ENCRYPTION_POLICY, eep)) { + printf("failed to set policy for '%s'\n", directory); + PLOG(ERROR) << "Failed to set encryption policy for " << directory; + close(fd); + return false; + } + close(fd); + return true; +} + +extern "C" bool e4crypt_policy_get_struct(const char *directory, ext4_encryption_policy *eep) { + int fd = open(directory, O_DIRECTORY | O_NOFOLLOW | O_CLOEXEC); + if (fd == -1) { + printf("Failed to open '%s'\n", directory); + PLOG(ERROR) << "Failed to open directory " << directory; + return false; + } + memset(eep, 0, sizeof(ext4_encryption_policy)); + if (ioctl(fd, EXT4_IOC_GET_ENCRYPTION_POLICY, eep) != 0) { + PLOG(ERROR) << "Failed to get encryption policy for " << directory; + close(fd); + return false; + } + close(fd); + return true; +} + extern "C" bool e4crypt_set_mode() { const char* mode_file = "/data/unencrypted/mode"; struct stat st; -- cgit v1.2.3