am 7f7dbaa2: Improve detection of incomplete encryption
* commit '7f7dbaa2784c10fd2989fb303e5edfb8136d53dc':
Improve detection of incomplete encryption
diff --git a/CommandListener.cpp b/CommandListener.cpp
index daee95d..8bfd0bc 100644
--- a/CommandListener.cpp
+++ b/CommandListener.cpp
@@ -535,6 +535,13 @@
}
dumpArgs(argc, argv, -1);
rc = cryptfs_restart();
+ } else if (!strcmp(argv[1], "cryptocomplete")) {
+ if (argc != 2) {
+ cli->sendMsg(ResponseCode::CommandSyntaxError, "Usage: cryptfs cryptocomplete", false);
+ return 0;
+ }
+ dumpArgs(argc, argv, -1);
+ rc = cryptfs_crypto_complete();
} else if (!strcmp(argv[1], "enablecrypto")) {
if ( (argc != 4) || (strcmp(argv[2], "wipe") && strcmp(argv[2], "inplace")) ) {
cli->sendMsg(ResponseCode::CommandSyntaxError, "Usage: cryptfs enablecrypto <wipe|inplace> <passwd>", false);
diff --git a/cryptfs.c b/cryptfs.c
index 79420ae..f25fba7 100644
--- a/cryptfs.c
+++ b/cryptfs.c
@@ -655,6 +655,43 @@
return rc;
}
+static int do_crypto_complete(char *mount_point)
+{
+ struct crypt_mnt_ftr crypt_ftr;
+ unsigned char encrypted_master_key[32];
+ unsigned char salt[SALT_LEN];
+ char real_blkdev[MAXPATHLEN];
+ char fs_type[32];
+ char fs_options[256];
+ unsigned long mnt_flags;
+ char encrypted_state[32];
+
+ property_get("ro.crypto.state", encrypted_state, "");
+ if (strcmp(encrypted_state, "encrypted") ) {
+ SLOGE("not running with encryption, aborting");
+ return 1;
+ }
+
+ if (get_orig_mount_parms(mount_point, fs_type, real_blkdev, &mnt_flags, fs_options)) {
+ SLOGE("Error reading original mount parms for mount point %s\n", mount_point);
+ return -1;
+ }
+
+ if (get_crypt_ftr_and_key(real_blkdev, &crypt_ftr, encrypted_master_key, salt)) {
+ SLOGE("Error getting crypt footer and key\n");
+ return -1;
+ }
+
+ if (crypt_ftr.flags & CRYPT_ENCRYPTION_IN_PROGRESS) {
+ SLOGE("Encryption process didn't finish successfully\n");
+ return -2; /* -2 is the clue to the UI that there is no usable data on the disk,
+ * and give the user an option to wipe the disk */
+ }
+
+ /* We passed the test! We shall diminish, and return to the west */
+ return 0;
+}
+
static int test_mount_encrypted_fs(char *passwd, char *mount_point)
{
struct crypt_mnt_ftr crypt_ftr;
@@ -687,12 +724,6 @@
return -1;
}
- if (crypt_ftr.flags & CRYPT_ENCRYPTION_IN_PROGRESS) {
- SLOGE("Encryption process didn't finish successfully\n");
- return -2; /* -2 is the clue to the UI that there is no usable data on the disk,
- * and give the user an option to wipe the disk */
- }
-
SLOGD("crypt_ftr->fs_size = %lld\n", crypt_ftr.fs_size);
orig_failed_decrypt_count = crypt_ftr.failed_decrypt_count;
@@ -752,6 +783,11 @@
return rc;
}
+int cryptfs_crypto_complete(void)
+{
+ return do_crypto_complete("/data");
+}
+
int cryptfs_check_passwd(char *passwd)
{
int rc = -1;
@@ -1002,7 +1038,9 @@
/* Initialize a crypt_mnt_ftr for the partition */
cryptfs_init_crypt_mnt_ftr(&crypt_ftr);
crypt_ftr.fs_size = nr_sec - (CRYPT_FOOTER_OFFSET / 512);
+#if 0 /* Disable till MR1, needs more testing */
crypt_ftr.flags |= CRYPT_ENCRYPTION_IN_PROGRESS;
+#endif
strcpy((char *)crypt_ftr.crypto_type_name, "aes-cbc-essiv:sha256");
/* Make an encrypted master key */
@@ -1032,9 +1070,12 @@
if (! rc) {
/* Success */
+
+#if 0 /* Disable till MR1, needs more testing */
/* Clear the encryption in progres flag in the footer */
crypt_ftr.flags &= ~CRYPT_ENCRYPTION_IN_PROGRESS;
put_crypt_ftr_and_key(real_blkdev, &crypt_ftr, 0, 0);
+#endif
sleep(2); /* Give the UI a change to show 100% progress */
sync();
diff --git a/cryptfs.h b/cryptfs.h
index caf99a4..bb461ac 100644
--- a/cryptfs.h
+++ b/cryptfs.h
@@ -61,6 +61,7 @@
#ifdef __cplusplus
extern "C" {
#endif
+ int cryptfs_crypto_complete(void);
int cryptfs_check_passwd(char *pw);
int cryptfs_restart(void);
int cryptfs_enable(char *flag, char *passwd);