Reduce libs needed for decrypt and clean up old decypt files

Trim cryptfs.c to remove functions that TWRP does not use for
decrypt and remove the need for libfs_mgr from cryptfs.c by
passing some items to cryptfs.c from the partition manager.

Add support for new fstab flags:
encryptable and forceencrypt=/path/to/cryptokey
For example:
flags=forceencrypt=/dev/block/platform/sdhci-tegra.3/by-name/MD1
Note that "footer" is the default, so you do not need to set this
flag on devices that use the footer for the crypto key.
Also add mounttodecrypt if you need to mount a partition during
the decrypt cycle for firmware of proprietary libs.

Clean up decrypt and only support one version

Android 5.0 lollipop decrypt should be backwards compatible with
older versions so we will only support one version, 1.3 that came
with 5.0 lollipop.

Remove support for Samsung TouchWiz decrypt. It does not work with
the latest versions of Samsung encryption anyway and it has not
been updated to work with any AOSP decryption higher than 1.1

Change-Id: I2d9c6e31df50268c91ee642c2fa090f901d9d5c9

Android.mk

@@ -252,38 +252,14 @@ endif
 ifeq ($(TW_NO_EXFAT_FUSE), true)
     LOCAL_CFLAGS += -DTW_NO_EXFAT_FUSE
 endif
-ifeq ($(TW_INCLUDE_CRYPTO), true)
-    LOCAL_CFLAGS += -DTW_INCLUDE_CRYPTO
-    LOCAL_CFLAGS += -DCRYPTO_FS_TYPE=\"$(TW_CRYPTO_FS_TYPE)\"
-    LOCAL_CFLAGS += -DCRYPTO_REAL_BLKDEV=\"$(TW_CRYPTO_REAL_BLKDEV)\"
-    LOCAL_CFLAGS += -DCRYPTO_MNT_POINT=\"$(TW_CRYPTO_MNT_POINT)\"
-    LOCAL_CFLAGS += -DCRYPTO_FS_OPTIONS=\"$(TW_CRYPTO_FS_OPTIONS)\"
-    LOCAL_CFLAGS += -DCRYPTO_FS_FLAGS=\"$(TW_CRYPTO_FS_FLAGS)\"
-    LOCAL_CFLAGS += -DCRYPTO_KEY_LOC=\"$(TW_CRYPTO_KEY_LOC)\"
-ifeq ($(TW_INCLUDE_CRYPTO_SAMSUNG), true)
-    LOCAL_CFLAGS += -DTW_INCLUDE_CRYPTO_SAMSUNG=\"$(TW_INCLUDE_CRYPTO_SAMSUNG)\"
-    ifdef TW_CRYPTO_SD_REAL_BLKDEV
-        LOCAL_CFLAGS += -DCRYPTO_SD_REAL_BLKDEV=\"$(TW_CRYPTO_SD_REAL_BLKDEV)\"
-        LOCAL_CFLAGS += -DCRYPTO_SD_FS_TYPE=\"$(TW_CRYPTO_SD_FS_TYPE)\"
-    endif
-    #LOCAL_LDFLAGS += -L$(TARGET_OUT_SHARED_LIBRARIES) -lsec_km
-    LOCAL_LDFLAGS += -ldl
-    LOCAL_STATIC_LIBRARIES += libcrypt_samsung
-endif
-    LOCAL_SHARED_LIBRARIES += libcryptfsics
-    #LOCAL_SRC_FILES += crypto/ics/cryptfs.c
-    #LOCAL_C_INCLUDES += system/extras/ext4_utils external/openssl/include
-endif
 ifeq ($(TW_INCLUDE_JB_CRYPTO), true)
-    LOCAL_CFLAGS += -DTW_INCLUDE_CRYPTO
-    LOCAL_CFLAGS += -DTW_INCLUDE_JB_CRYPTO
-    LOCAL_SHARED_LIBRARIES += libcryptfsjb
-    #LOCAL_SRC_FILES += crypto/jb/cryptfs.c
-    #LOCAL_C_INCLUDES += system/extras/ext4_utils external/openssl/include
+    TW_INCLUDE_CRYPTO := true
 endif
 ifeq ($(TW_INCLUDE_L_CRYPTO), true)
+    TW_INCLUDE_CRYPTO := true
+endif
+ifeq ($(TW_INCLUDE_CRYPTO), true)
     LOCAL_CFLAGS += -DTW_INCLUDE_CRYPTO
-    LOCAL_CFLAGS += -DTW_INCLUDE_L_CRYPTO
     LOCAL_SHARED_LIBRARIES += libcryptfslollipop
 endif
 ifeq ($(TW_USE_MODEL_HARDWARE_ID_FOR_DEVICE_ID), true)
@@ -374,12 +350,6 @@ endif
 ifneq ($(TW_NO_EXFAT_FUSE), true)
     LOCAL_ADDITIONAL_DEPENDENCIES += exfat-fuse
 endif
-ifeq ($(TW_INCLUDE_CRYPTO), true)
-    LOCAL_ADDITIONAL_DEPENDENCIES += cryptfs cryptsettings
-endif
-ifeq ($(TW_INCLUDE_JB_CRYPTO), true)
-    LOCAL_ADDITIONAL_DEPENDENCIES += getfooter
-endif
 ifeq ($(TW_INCLUDE_FB2PNG), true)
     LOCAL_ADDITIONAL_DEPENDENCIES += fb2png
 endif
@@ -513,8 +483,6 @@ include $(commands_recovery_local_path)/injecttwrp/Android.mk \
     $(commands_recovery_local_path)/flashutils/Android.mk \
     $(commands_recovery_local_path)/pigz/Android.mk \
     $(commands_recovery_local_path)/libtar/Android.mk \
-    $(commands_recovery_local_path)/crypto/cryptsettings/Android.mk \
-    $(commands_recovery_local_path)/crypto/cryptfs/Android.mk \
     $(commands_recovery_local_path)/libcrecovery/Android.mk \
     $(commands_recovery_local_path)/libblkid/Android.mk \
     $(commands_recovery_local_path)/minuitwrp/Android.mk \
@@ -528,19 +496,9 @@ ifneq ($(TARGET_ARCH), arm64)
     include $(commands_recovery_local_path)/dosfstools/Android.mk
 endif
 
-ifeq ($(TW_INCLUDE_CRYPTO_SAMSUNG), true)
-    include $(commands_recovery_local_path)/crypto/libcrypt_samsung/Android.mk
-endif
-
-ifeq ($(TW_INCLUDE_JB_CRYPTO), true)
-    include $(commands_recovery_local_path)/crypto/jb/Android.mk
-    include $(commands_recovery_local_path)/crypto/fs_mgr/Android.mk
-    include $(commands_recovery_local_path)/crypto/logwrapper/Android.mk
-    include $(commands_recovery_local_path)/crypto/scrypt/Android.mk
-    include $(commands_recovery_local_path)/crypto/crypttools/Android.mk
-endif
-ifeq ($(TW_INCLUDE_L_CRYPTO), true)
+ifeq ($(TW_INCLUDE_CRYPTO), true)
     include $(commands_recovery_local_path)/crypto/lollipop/Android.mk
+    include $(commands_recovery_local_path)/crypto/scrypt/Android.mk
 endif
 ifeq ($(PLATFORM_VERSION), 5.0.1)
     include $(commands_recovery_local_path)/minzip/Android.mk
@@ -558,9 +516,6 @@ endif
 ifneq ($(TW_NO_EXFAT_FUSE), true)
     include $(commands_recovery_local_path)/exfat/exfat-fuse/Android.mk
 endif
-ifeq ($(TW_INCLUDE_CRYPTO), true)
-    include $(commands_recovery_local_path)/crypto/ics/Android.mk
-endif
 ifneq ($(TW_OEM_BUILD),true)
     include $(commands_recovery_local_path)/orscmd/Android.mk
 endif

crypto/cryptfs/Android.mk

-LOCAL_PATH:= $(call my-dir)
-include $(CLEAR_VARS)
-ifeq ($(TW_INCLUDE_CRYPTO), true)
-LOCAL_SRC_FILES:= \
-	cryptfs.c
-
-LOCAL_CFLAGS:= -g -c -W -I../fs_mgr/include
-LOCAL_CFLAGS += -DTW_INCLUDE_CRYPTO
-LOCAL_CFLAGS += -DCRYPTO_FS_TYPE=\"$(TW_CRYPTO_FS_TYPE)\"
-LOCAL_CFLAGS += -DCRYPTO_REAL_BLKDEV=\"$(TW_CRYPTO_REAL_BLKDEV)\"
-LOCAL_CFLAGS += -DCRYPTO_MNT_POINT=\"$(TW_CRYPTO_MNT_POINT)\"
-LOCAL_CFLAGS += -DCRYPTO_FS_OPTIONS=\"$(TW_CRYPTO_FS_OPTIONS)\"
-LOCAL_CFLAGS += -DCRYPTO_FS_FLAGS=\"$(TW_CRYPTO_FS_FLAGS)\"
-LOCAL_CFLAGS += -DCRYPTO_KEY_LOC=\"$(TW_CRYPTO_KEY_LOC)\"
-ifdef TW_CRYPTO_SD_REAL_BLKDEV
-    LOCAL_CFLAGS += -DCRYPTO_SD_REAL_BLKDEV=\"$(TW_CRYPTO_SD_REAL_BLKDEV)\"
-    LOCAL_CFLAGS += -DCRYPTO_SD_FS_TYPE=\"$(TW_CRYPTO_SD_FS_TYPE)\"
-endif
-ifneq ($(TW_INTERNAL_STORAGE_PATH),)
-	LOCAL_CFLAGS += -DTW_INTERNAL_STORAGE_PATH=$(TW_INTERNAL_STORAGE_PATH)
-endif
-ifneq ($(TW_INTERNAL_STORAGE_MOUNT_POINT),)
-	LOCAL_CFLAGS += -DTW_INTERNAL_STORAGE_MOUNT_POINT=$(TW_INTERNAL_STORAGE_MOUNT_POINT)
-endif
-ifneq ($(TW_EXTERNAL_STORAGE_PATH),)
-	LOCAL_CFLAGS += -DTW_EXTERNAL_STORAGE_PATH=$(TW_EXTERNAL_STORAGE_PATH)
-endif
-ifneq ($(TW_EXTERNAL_STORAGE_MOUNT_POINT),)
-	LOCAL_CFLAGS += -DTW_EXTERNAL_STORAGE_MOUNT_POINT=$(TW_EXTERNAL_STORAGE_MOUNT_POINT)
-endif
-
-LOCAL_C_INCLUDES += system/extras/ext4_utils external/openssl/include
-LOCAL_MODULE:=cryptfs
-LOCAL_MODULE_TAGS:= eng
-LOCAL_SHARED_LIBRARIES += libc libcutils
-LOCAL_SHARED_LIBRARIES += libcrypto
-
-
-#LOCAL_LDFLAGS += -L$(TARGET_OUT_SHARED_LIBRARIES) -lsec_km -lsec_ecryptfs -ldl
-LOCAL_LDFLAGS += -ldl
-
-LOCAL_STATIC_LIBRARIES += libmtdutils
-LOCAL_STATIC_LIBRARIES += libminzip libunz
-LOCAL_STATIC_LIBRARIES += libpixelflinger_static libpng libmincrypttwrp
-LOCAL_SHARED_LIBRARIES += libz libc libstlport libcutils libstdc++ libext4_utils
-LOCAL_STATIC_LIBRARIES += libcrypt_samsung
-
-
-LOCAL_STATIC_LIBRARIES += $(TARGET_RECOVERY_UI_LIB)
-#LOCAL_STATIC_LIBRARIES += libfs_mgrtwrp
-LOCAL_MODULE_CLASS := UTILITY_EXECUTABLES
-LOCAL_MODULE_PATH := $(PRODUCT_OUT)/utilities
-include $(BUILD_EXECUTABLE)
-endif

crypto/cryptfs/cryptfs.c

-/*
- * Copyright (c) 2013 a3955269 all rights reversed, no rights reserved.
- */
-
-#define TW_INCLUDE_CRYPTO_SAMSUNG
-#include "../ics/cryptfs.c"
-
-int dm_remove_device(const char *name)
-{
-    int r;
-    r = delete_crypto_blk_dev(name);
-    if(!r)
-        printf("crypto block device '%s' deleted.\n", name);
-    else
-        printf("deleting crypto block device '%s' failed. [%d - %s]\n", name, r, strerror(errno));
-    return r;
-}
-
-int ecryptfs_test(const char *pw)
-{
-   char pwbuf[256];
-   int r;
-
-   strcpy(pwbuf, pw);
-   // 0: building options without file encryption filtering.
-   // 1: building options with media files filtering.
-   // 2: building options with all new files filtering.
-   r = mount_ecryptfs_drive(pwbuf, "/emmc", "/emmc", 0);
-   printf("mount_ecryptfs_drive: %d\n", r);
-   r = mount("/dev/block/mmcblk1", "/emmc", "vfat", MS_RDONLY, "");
-   printf("mount: %d\n", r);
-
-   r = umount("/emmc");///dev/block/mmcblk1");
-   printf("umount: %d\n", r);
-
-   //r = unmount_ecryptfs_drive("/emmc");
-   //printf("unmount_ecryptfs_drive: %d\n", r);
-
-   return r;
-}
-
-int main(int argc, char* argv[])
-{
-    if(argc < 2)
-    {
-        printf("no args!\n");
-        return 1;
-    }
-
-    property_set("ro.crypto.state", "encrypted");
-
-    property_set("ro.crypto.fs_type", CRYPTO_FS_TYPE);
-    property_set("ro.crypto.fs_real_blkdev", CRYPTO_REAL_BLKDEV);
-    property_set("ro.crypto.fs_mnt_point", CRYPTO_MNT_POINT);
-    property_set("ro.crypto.fs_options", CRYPTO_FS_OPTIONS);
-    property_set("ro.crypto.fs_flags", CRYPTO_FS_FLAGS);
-    property_set("ro.crypto.keyfile.userdata", CRYPTO_KEY_LOC);
-
-#ifdef CRYPTO_SD_FS_TYPE
-    property_set("ro.crypto.sd_fs_type", CRYPTO_SD_FS_TYPE);
-    property_set("ro.crypto.sd_fs_real_blkdev", CRYPTO_SD_REAL_BLKDEV);
-    property_set("ro.crypto.sd_fs_mnt_point", EXPAND(TW_INTERNAL_STORAGE_PATH));
-#endif
-
-    property_set("rw.km_fips_status", "ready");
-
-    delete_crypto_blk_dev("userdata");
-    delete_crypto_blk_dev("sdcard");
-    delete_crypto_blk_dev("emmc");
-
-    cryptfs_check_passwd(argv[1]);
-
-    return 0;
-};

crypto/cryptsettings/Android.mk

-LOCAL_PATH:= $(call my-dir)
-include $(CLEAR_VARS)
-ifeq ($(TW_INCLUDE_CRYPTO), true)
-LOCAL_SRC_FILES:= \
-	cryptsettings.c
-LOCAL_CFLAGS:= -g -c -W
-LOCAL_MODULE:=cryptsettings
-LOCAL_MODULE_TAGS:= eng
-LOCAL_SHARED_LIBRARIES += libc libcutils
-ifeq ($(TW_INCLUDE_JB_CRYPTO), true)
-LOCAL_CFLAGS += -DTW_INCLUDE_JB_CRYPTO
-LOCAL_STATIC_LIBRARIES += libfs_mgrtwrp
-endif
-LOCAL_MODULE_CLASS := UTILITY_EXECUTABLES
-LOCAL_MODULE_PATH := $(PRODUCT_OUT)/utilities
-include $(BUILD_EXECUTABLE)
-endif

crypto/cryptsettings/cryptsettings.c

-#include <sys/types.h>
-#include <unistd.h>
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <sys/stat.h>
-#include <fcntl.h>
-#ifdef TW_INCLUDE_JB_CRYPTO
-#include "../crypto/fs_mgr/include/fs_mgr.h"
-#endif
-
-#include "cutils/properties.h"
-
-#ifndef PROPERTY_VALUE_MAX
-#define PROPERTY_VALUE_MAX 255
-#endif
-#ifndef FSTAB_PREFIX
-#define FSTAB_PREFIX "/fstab."
-#endif
-
-int main(void)
-{
-	char prop[PROPERTY_VALUE_MAX];
-	char key_loc[PROPERTY_VALUE_MAX];
-	char blk_dev[PROPERTY_VALUE_MAX];
-	char fstab_filename[PROPERTY_VALUE_MAX + sizeof(FSTAB_PREFIX)];
-
-	printf("This tool will gather the build flags needed for decryption support for TWRP.\n");
-	printf("This tool comes with no warranties whatsoever.\n");
-	printf("http://teamw.in\n\n");
-	property_get("ro.crypto.state", prop, "encrypted");
-	if (strcmp(prop, "encrypted") != 0)
-		printf("Your device is not encrypted, continuing anyway.\n\nTW_INCLUDE_CRYPTO := true\n");
-	property_get("ro.crypto.fs_type", prop, "ERROR");
-	printf("TW_CRYPTO_FS_TYPE := \"%s\"\n", prop);
-	property_get("ro.crypto.fs_real_blkdev", prop, "ERROR");
-	printf("TW_CRYPTO_REAL_BLKDEV := \"%s\"\n", prop);
-	property_get("ro.crypto.fs_mnt_point", prop, "ERROR");
-	printf("TW_CRYPTO_MNT_POINT := \"%s\"\n", prop);
-	property_get("ro.crypto.fs_options", prop, "ERROR");
-	printf("TW_CRYPTO_FS_OPTIONS := \"%s\"\n", prop);
-	property_get("ro.crypto.fs_flags", prop, "ERROR");
-	printf("TW_CRYPTO_FS_FLAGS := \"%s\"\n", prop);
-	property_get("ro.crypto.keyfile.userdata", prop, "footer");
-	printf("TW_CRYPTO_KEY_LOC := \"%s\"\n", prop);
-#ifdef TW_INCLUDE_JB_CRYPTO
-	printf("\n*** NEW FOR JELLY BEAN:\n");
-	strcpy(fstab_filename, FSTAB_PREFIX);
-	property_get("ro.hardware", fstab_filename + sizeof(FSTAB_PREFIX) - 1, "");
-	fs_mgr_get_crypt_info(fstab_filename, key_loc, blk_dev, sizeof(key_loc));
-	printf("fstab file location: '%s'\n\nTW_INCLUDE_JB_CRYPTO := true\n", fstab_filename);
-#endif
-
-	return 0;
-}

crypto/crypttools/Android.mk

-LOCAL_PATH:= $(call my-dir)
-include $(CLEAR_VARS)
-ifeq ($(TW_INCLUDE_JB_CRYPTO), true)
-LOCAL_SRC_FILES:= \
-	getfooter.c
-LOCAL_CFLAGS:= -g -c -W
-LOCAL_MODULE:=getfooter
-LOCAL_MODULE_TAGS:= eng
-LOCAL_STATIC_LIBRARIES += libfs_mgrtwrp libc libcutils
-LOCAL_MODULE_CLASS := UTILITY_EXECUTABLES
-LOCAL_MODULE_PATH := $(PRODUCT_OUT)/utilities
-LOCAL_FORCE_STATIC_EXECUTABLE := true
-LOCAL_C_INCLUDES := $(commands_recovery_local_path)/crypto/jb/
-include $(BUILD_EXECUTABLE)
-endif
\ No newline at end of file

crypto/crypttools/getfooter.c

-#include <sys/types.h>
-#include <unistd.h>
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <sys/stat.h>
-#include <fcntl.h>
-#include <sys/ioctl.h>
-#include <linux/dm-ioctl.h>
-#include <sys/mount.h>
-#include "../fs_mgr/include/fs_mgr.h"
-#include "cryptfs.h"
-
-#include "cutils/properties.h"
-
-#ifndef PROPERTY_VALUE_MAX
-#define PROPERTY_VALUE_MAX 255
-#endif
-#ifndef FSTAB_PREFIX
-#define FSTAB_PREFIX "/fstab."
-#endif
-#ifndef KEY_IN_FOOTER
-#define KEY_IN_FOOTER "footer"
-#endif
-
-struct fstab *fstab;
-
-static unsigned int get_blkdev_size(int fd)
-{
-  unsigned int nr_sec;
-
-  if ( (ioctl(fd, BLKGETSIZE, &nr_sec)) == -1) {
-    nr_sec = 0;
-  }
-
-  return nr_sec;
-}
-
-int get_crypt_ftr_info(char **metadata_fname, off64_t *off)
-{
-  static int cached_data = 0;
-  static off64_t cached_off = 0;
-  static char cached_metadata_fname[PROPERTY_VALUE_MAX] = "";
-  int fd;
-  char key_loc[PROPERTY_VALUE_MAX];
-  char real_blkdev[PROPERTY_VALUE_MAX];
-  unsigned int nr_sec;
-  int rc = -1;
-
-    fs_mgr_get_crypt_info(fstab, key_loc, real_blkdev, sizeof(key_loc));
-
-    if (!strcmp(key_loc, KEY_IN_FOOTER)) {
-      if ( (fd = open(real_blkdev, O_RDWR)) < 0) {
-        printf("Cannot open real block device %s\n", real_blkdev);
-        return -1;
-      }
-
-      if ((nr_sec = get_blkdev_size(fd))) {
-        /* If it's an encrypted Android partition, the last 16 Kbytes contain the
-         * encryption info footer and key, and plenty of bytes to spare for future
-         * growth.
-         */
-        strlcpy(cached_metadata_fname, real_blkdev, sizeof(cached_metadata_fname));
-        cached_off = ((off64_t)nr_sec * 512) - CRYPT_FOOTER_OFFSET;
-        cached_data = 1;
-      } else {
-        printf("Cannot get size of block device %s\n", real_blkdev);
-      }
-      close(fd);
-    } else {
-      strlcpy(cached_metadata_fname, key_loc, sizeof(cached_metadata_fname));
-      cached_off = 0;
-      cached_data = 1;
-    }
-
-  if (cached_data) {
-    if (metadata_fname) {
-        *metadata_fname = cached_metadata_fname;
-    }
-    if (off) {
-        *off = cached_off;
-    }
-    rc = 0;
-  }
-
-  return rc;
-}
-
-int get_crypt_ftr_and_key(struct crypt_mnt_ftr *crypt_ftr)
-{
-  int fd;
-  unsigned int nr_sec, cnt;
-  off64_t starting_off;
-  int rc = -1;
-  char *fname = NULL;
-  struct stat statbuf;
-
-  if (get_crypt_ftr_info(&fname, &starting_off)) {
-    printf("Unable to get crypt_ftr_info\n");
-    return -1;
-  }
-  if (fname[0] != '/') {
-    printf("Unexpected value for crypto key location '%s'\n", fname);
-    //return -1;
-  }
-  if ( (fd = open(fname, O_RDWR)) < 0) {
-    printf("Cannot open footer file %s for get\n", fname);
-    return -1;
-  }
-
-  /* Make sure it's 16 Kbytes in length */
-  fstat(fd, &statbuf);
-  if (S_ISREG(statbuf.st_mode) && (statbuf.st_size != 0x4000)) {
-    printf("footer file %s is not the expected size!\n", fname);
-	close(fd);
-    return -1;
-  }
-
-  /* Seek to the start of the crypt footer */
-  if (lseek64(fd, starting_off, SEEK_SET) == -1) {
-    printf("Cannot seek to real block device footer\n");
-	close(fd);
-    return -1;
-  }
-
-  if ( (cnt = read(fd, crypt_ftr, sizeof(struct crypt_mnt_ftr))) != sizeof(struct crypt_mnt_ftr)) {
-    printf("Cannot read real block device footer\n");
-	close(fd);
-    return -1;
-  }
-  close(fd);
-  return 0;
-}
-
-int main(void)
-{
-	char key_loc[PROPERTY_VALUE_MAX];
-	char blk_dev[PROPERTY_VALUE_MAX];
-	char fstab_filename[PROPERTY_VALUE_MAX + sizeof(FSTAB_PREFIX)];
-	struct stat st;
-	struct crypt_mnt_ftr crypt_ftr;
-	int fdout;
-
-	printf("This tool comes with no warranties whatsoever.\n");
-	printf("http://teamw.in\n\n");
-	strcpy(fstab_filename, FSTAB_PREFIX);
-	property_get("ro.hardware", fstab_filename + sizeof(FSTAB_PREFIX) - 1, "");
-
-	if (stat(fstab_filename, &st) != 0) {
-		printf("Cannot locate fstab file '%s'\n", fstab_filename);
-		return -1;
-	}
-
-	fstab = fs_mgr_read_fstab(fstab_filename);
-	if (!fstab) {
-		printf("failed to open %s\n", fstab_filename);
-		return -1;
-	}
-
-	fs_mgr_get_crypt_info(fstab, key_loc, blk_dev, sizeof(blk_dev));
-
-	if (get_crypt_ftr_and_key(&crypt_ftr)) {
-		printf("Error getting crypt footer and key\n");
-		return -1;
-	}
-
-	if ( (fdout = open("/footerfile", O_WRONLY | O_CREAT, 0644)) < 0) {
-		printf("Cannot open output file /footerfile\n");
-		return -1;
-	}
-	if (write(fdout, (void*) &crypt_ftr, sizeof(struct crypt_mnt_ftr)) != sizeof(struct crypt_mnt_ftr)) {
-		printf("Failed to write footer.\n");
-	}
-	close(fdout);
-
-	if (!strcmp(key_loc, KEY_IN_FOOTER)) {
-		unsigned int nr_sec, cnt;
-		off64_t off = 0;
-		char buffer[CRYPT_FOOTER_OFFSET];
-		int fd;
-
-		printf("\n\nDumping footer from '%s'...\n", blk_dev);
-		if ( (fd = open(blk_dev, O_RDONLY)) < 0) {
-			printf("Cannot open real block device %s\n", blk_dev);
-			return -1;
-		}
-
-		if ((nr_sec = get_blkdev_size(fd))) {
-			off = ((off64_t)nr_sec * 512) - CRYPT_FOOTER_OFFSET;
-		} else {
-			printf("Cannot get size of block device %s\n", blk_dev);
-			close(fd);
-			return -1;
-		}
-		printf("Size is %llu, offset is %llu\n", ((off64_t)nr_sec * 512), off);
-		if (lseek64(fd, off, SEEK_SET) == -1) {
-			printf("Cannot seek to real block device footer\n");
-			close(fd);
-			return -1;
-		}
-
-		if ( (cnt = read(fd, buffer, sizeof(buffer))) != sizeof(buffer)) {
-			printf("Cannot read real block device footer\n");
-			close(fd);
-			return -1;
-		}
-		close(fd);
-		if ( (fdout = open("/footerdump", O_WRONLY | O_CREAT, 0644)) < 0) {
-			printf("Cannot open output file /footerdump\n");
-			return -1;
-		}
-		if (write(fdout, buffer, sizeof(buffer)) != sizeof(buffer)) {
-			printf("Failed to write footer.\n");
-		}
-		close(fdout);
-	}
-
-	return 0;
-}

crypto/fs_mgr/Android.mk

-# Copyright 2011 The Android Open Source Project
-ifeq ($(TW_INCLUDE_JB_CRYPTO), true)
-LOCAL_PATH:= $(call my-dir)
-include $(CLEAR_VARS)
-
-LOCAL_SRC_FILES:= fs_mgr.c fs_mgr_verity.c
-
-LOCAL_C_INCLUDES := $(LOCAL_PATH)/include
-
-LOCAL_MODULE:= libfs_mgrtwrp
-LOCAL_SHARED_LIBRARIES := libext4_utils
-LOCAL_STATIC_LIBRARIES := liblogwraptwrp libmincrypttwrp
-LOCAL_C_INCLUDES += \
-    system/extras/ext4_utils \
-    $(commands_recovery_local_path)/libmincrypt/includes
-LOCAL_EXPORT_C_INCLUDE_DIRS := $(LOCAL_PATH)/include
-
-include $(BUILD_STATIC_LIBRARY)
-
-
-include $(CLEAR_VARS)
-
-LOCAL_SRC_FILES:= fs_mgr_main.c
-
-LOCAL_C_INCLUDES := $(LOCAL_PATH)/include
-
-LOCAL_MODULE:= fs_mgrtwrp
-
-LOCAL_MODULE_TAGS := optional
-LOCAL_FORCE_STATIC_EXECUTABLE := true
-LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT)/sbin
-LOCAL_UNSTRIPPED_PATH := $(TARGET_ROOT_OUT_UNSTRIPPED)
-
-LOCAL_STATIC_LIBRARIES := libfs_mgrtwrp liblogwraptwrp libcutils liblog libc libmincrypttwrp libext4_utils_static
-
-include $(BUILD_EXECUTABLE)
-
-endif

crypto/fs_mgr/fs_mgr_main.c

-/*
- * Copyright (C) 2012 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <libgen.h>
-#include "fs_mgr_priv.h"
-
-char *me = "";
-
-static void usage(void)
-{
-    ERROR("%s: usage: %s <-a | -n mnt_point blk_dev | -u> <fstab_file>\n", me, me);
-    exit(1);
-}
-
-/* Parse the command line.  If an error is encountered, print an error message
- * and exit the program, do not return to the caller.
- * Return the number of argv[] entries consumed.
- */
-static void parse_options(int argc, char *argv[], int *a_flag, int *u_flag, int *n_flag,
-                     char **n_name, char **n_blk_dev)
-{
-    me = basename(strdup(argv[0]));
-
-    if (argc <= 1) {
-        usage();
-    }
-
-    if (!strcmp(argv[1], "-a")) {
-        if (argc != 3) {
-            usage();
-        }
-        *a_flag = 1;
-    }
-    if (!strcmp(argv[1], "-n")) {
-        if (argc != 5) {
-            usage();
-        }
-        *n_flag = 1;
-        *n_name = argv[2];
-        *n_blk_dev = argv[3];
-    }
-    if (!strcmp(argv[1], "-u")) {
-        if (argc != 3) {
-            usage();
-        }
-        *u_flag = 1;
-    }
-
-    /* If no flag is specified, it's an error */
-    if (!(*a_flag | *n_flag | *u_flag)) {
-        usage();
-    }
-
-    /* If more than one flag is specified, it's an error */
-    if ((*a_flag + *n_flag + *u_flag) > 1) {
-        usage();
-    }
-
-    return;
-}
-
-int main(int argc, char *argv[])
-{
-    int a_flag=0;
-    int u_flag=0;
-    int n_flag=0;
-    char *n_name;
-    char *n_blk_dev;
-    char *fstab_file;
-    struct fstab *fstab;
-
-    klog_init();
-    klog_set_level(6);
-
-    parse_options(argc, argv, &a_flag, &u_flag, &n_flag, &n_name, &n_blk_dev);
-
-    /* The name of the fstab file is last, after the option */
-    fstab_file = argv[argc - 1];
-
-    fstab = fs_mgr_read_fstab(fstab_file);
-
-    if (a_flag) {
-        return fs_mgr_mount_all(fstab);
-    } else if (n_flag) {
-        return fs_mgr_do_mount(fstab, n_name, n_blk_dev, 0);
-    } else if (u_flag) {
-        return fs_mgr_unmount_all(fstab);
-    } else {
-        ERROR("%s: Internal error, unknown option\n", me);
-        exit(1);
-    }
-
-    fs_mgr_free_fstab(fstab);
-
-    /* Should not get here */
-    exit(1);
-}
-

crypto/fs_mgr/fs_mgr_priv.h

-/*
- * Copyright (C) 2012 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef __CORE_FS_MGR_PRIV_H
-#define __CORE_FS_MGR_PRIV_H
-
-#include <cutils/klog.h>
-#include <fs_mgr.h>
-
-#define INFO(x...)    KLOG_INFO("fs_mgr", x)
-#define ERROR(x...)   KLOG_ERROR("fs_mgr", x)
-
-#define CRYPTO_TMPFS_OPTIONS "size=128m,mode=0771,uid=1000,gid=1000"
-
-#define WAIT_TIMEOUT 20
-
-/* fstab has the following format:
- *
- * Any line starting with a # is a comment and ignored
- *
- * Any blank line is ignored
- *
- * All other lines must be in this format:
- *   <source>  <mount_point> <fs_type> <mount_flags> <fs_options> <fs_mgr_options>
- *
- *   <mount_flags> is a comma separated list of flags that can be passed to the
- *                 mount command.  The list includes noatime, nosuid, nodev, nodiratime,
- *                 ro, rw, remount, defaults.
- *
- *   <fs_options> is a comma separated list of options accepted by the filesystem being
- *                mounted.  It is passed directly to mount without being parsed
- *
- *   <fs_mgr_options> is a comma separated list of flags that control the operation of
- *                     the fs_mgr program.  The list includes "wait", which will wait till
- *                     the <source> file exists, and "check", which requests that the fs_mgr 
- *                     run an fscheck program on the <source> before mounting the filesystem.
- *                     If check is specifed on a read-only filesystem, it is ignored.
- *                     Also, "encryptable" means that filesystem can be encrypted.
- *                     The "encryptable" flag _MUST_ be followed by a = and a string which
- *                     is the location of the encryption keys.  It can either be a path
- *                     to a file or partition which contains the keys, or the word "footer"
- *                     which means the keys are in the last 16 Kbytes of the partition
- *                     containing the filesystem.
- *
- * When the fs_mgr is requested to mount all filesystems, it will first mount all the
- * filesystems that do _NOT_ specify check (including filesystems that are read-only and
- * specify check, because check is ignored in that case) and then it will check and mount
- * filesystem marked with check.
- *
- */
-
-#define MF_WAIT         0x1
-#define MF_CHECK        0x2
-#define MF_CRYPT        0x4
-#define MF_NONREMOVABLE 0x8
-#define MF_VOLDMANAGED  0x10
-#define MF_LENGTH       0x20
-#define MF_RECOVERYONLY 0x40
-#define MF_SWAPPRIO     0x80
-#define MF_ZRAMSIZE     0x100
-#define MF_VERIFY       0x200
-/*
- * There is no emulated sdcard daemon running on /data/media on this device,
- * so treat the physical SD card as the only external storage device,
- * a la the Nexus One.
- */
-#define MF_NOEMULATEDSD 0x400
-
-#define DM_BUF_SIZE 4096
-
-#endif /* __CORE_FS_MGR_PRIV_H */
-

crypto/fs_mgr/fs_mgr_priv_verity.h

-/*
- * Copyright (C) 2013 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-int fs_mgr_setup_verity(struct fstab_rec *fstab);
\ No newline at end of file

crypto/fs_mgr/fs_mgr_verity.c

-/*
- * Copyright (C) 2013 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-#include <fcntl.h>
-#include <ctype.h>
-#include <sys/mount.h>
-#include <sys/stat.h>
-#include <errno.h>
-#include <sys/types.h>
-#include <sys/wait.h>
-#include <libgen.h>
-#include <time.h>
-
-#include <private/android_filesystem_config.h>
-#include <logwrap/logwrap.h>
-
-#include "mincrypt/rsa.h"
-#include "mincrypt/sha.h"
-#include "mincrypt/sha256.h"
-
-#include "ext4_utils.h"
-#include "ext4.h"
-
-#include "fs_mgr_priv.h"
-#include "fs_mgr_priv_verity.h"
-
-#define VERITY_METADATA_SIZE 32768
-#define VERITY_METADATA_MAGIC_NUMBER 0xb001b001
-#define VERITY_TABLE_RSA_KEY "/verity_key"
-
-extern struct fs_info info;
-
-static RSAPublicKey *load_key(char *path)
-{
-    FILE *f;
-    RSAPublicKey *key;
-
-    key = malloc(sizeof(RSAPublicKey));
-    if (!key) {
-        ERROR("Can't malloc key\n");
-        return NULL;
-    }
-
-    f = fopen(path, "r");
-    if (!f) {
-        ERROR("Can't open '%s'\n", path);
-        free(key);
-        return NULL;
-    }
-
-    if (!fread(key, sizeof(*key), 1, f)) {
-        ERROR("Could not read key!");
-        fclose(f);
-        free(key);
-        return NULL;
-    }
-
-    if (key->len != RSANUMWORDS) {
-        ERROR("Invalid key length %d\n", key->len);
-        fclose(f);
-        free(key);
-        return NULL;
-    }
-
-    fclose(f);
-    return key;
-}
-
-static int verify_table(char *signature, char *table, int table_length)
-{
-    int fd;
-    RSAPublicKey *key;
-    uint8_t hash_buf[SHA_DIGEST_SIZE];
-    int retval = -1;
-
-    // Hash the table
-    SHA_hash((uint8_t*)table, table_length, hash_buf);
-
-    // Now get the public key from the keyfile
-    key = load_key(VERITY_TABLE_RSA_KEY);
-    if (!key) {
-        ERROR("Couldn't load verity keys");
-        goto out;
-    }
-
-    // verify the result
-    if (!RSA_verify(key,
-                    (uint8_t*) signature,
-                    RSANUMBYTES,
-                    (uint8_t*) hash_buf,
-                    SHA_DIGEST_SIZE)) {
-        ERROR("Couldn't verify table.");
-        goto out;
-    }
-
-    retval = 0;
-
-out:
-    free(key);
-    return retval;
-}
-
-static int get_target_device_size(char *blk_device, uint64_t *device_size)
-{
-    int data_device;
-    struct ext4_super_block sb;
-
-    data_device = open(blk_device, O_RDONLY);
-    if (data_device < 0) {
-        ERROR("Error opening block device (%s)", strerror(errno));
-        return -1;
-    }
-
-    if (lseek64(data_device, 1024, SEEK_SET) < 0) {
-        ERROR("Error seeking to superblock");
-        close(data_device);
-        return -1;
-    }
-
-    if (read(data_device, &sb, sizeof(sb)) != sizeof(sb)) {
-        ERROR("Error reading superblock");
-        close(data_device);
-        return -1;
-    }
-
-    ext4_parse_sb(&sb);
-    *device_size = info.len;
-
-    close(data_device);
-    return 0;
-}
-
-static int read_verity_metadata(char *block_device, char **signature, char **table)
-{
-    unsigned magic_number;
-    unsigned table_length;
-    uint64_t device_length;
-    int protocol_version;
-    FILE *device;
-    int retval = -1;
-
-    device = fopen(block_device, "r");
-    if (!device) {
-        ERROR("Could not open block device %s (%s).\n", block_device, strerror(errno));
-        goto out;
-    }
-
-    // find the start of the verity metadata
-    if (get_target_device_size(block_device, &device_length) < 0) {
-        ERROR("Could not get target device size.\n");
-        goto out;
-    }
-    if (fseek(device, device_length, SEEK_SET) < 0) {
-        ERROR("Could not seek to start of verity metadata block.\n");
-        goto out;
-    }
-
-    // check the magic number
-    if (!fread(&magic_number, sizeof(int), 1, device)) {
-        ERROR("Couldn't read magic number!\n");
-        goto out;
-    }
-    if (magic_number != VERITY_METADATA_MAGIC_NUMBER) {
-        ERROR("Couldn't find verity metadata at offset %llu!\n", device_length);
-        goto out;
-    }
-
-    // check the protocol version
-    if (!fread(&protocol_version, sizeof(int), 1, device)) {
-        ERROR("Couldn't read verity metadata protocol version!\n");
-        goto out;
-    }
-    if (protocol_version != 0) {
-        ERROR("Got unknown verity metadata protocol version %d!\n", protocol_version);
-        goto out;
-    }
-
-    // get the signature
-    *signature = (char*) malloc(RSANUMBYTES * sizeof(char));
-    if (!*signature) {
-        ERROR("Couldn't allocate memory for signature!\n");
-        goto out;
-    }
-    if (!fread(*signature, RSANUMBYTES, 1, device)) {
-        ERROR("Couldn't read signature from verity metadata!\n");
-        free(*signature);
-        goto out;
-    }
-
-    // get the size of the table
-    if (!fread(&table_length, sizeof(int), 1, device)) {
-        ERROR("Couldn't get the size of the verity table from metadata!\n");
-        free(*signature);
-        goto out;
-    }
-
-    // get the table + null terminator
-    table_length += 1;
-    *table = malloc(table_length);
-    if(!*table) {
-        ERROR("Couldn't allocate memory for verity table!\n");
-        goto out;
-    }
-    if (!fgets(*table, table_length, device)) {
-        ERROR("Couldn't read the verity table from metadata!\n");
-        free(*table);
-        free(*signature);
-        goto out;
-    }
-
-    retval = 0;
-
-out:
-    if (device)
-        fclose(device);
-    return retval;
-}
-
-static void verity_ioctl_init(struct dm_ioctl *io, char *name, unsigned flags)
-{
-    memset(io, 0, DM_BUF_SIZE);
-    io->data_size = DM_BUF_SIZE;
-    io->data_start = sizeof(struct dm_ioctl);
-    io->version[0] = 4;
-    io->version[1] = 0;
-    io->version[2] = 0;
-    io->flags = flags | DM_READONLY_FLAG;
-    if (name) {
-        strlcpy(io->name, name, sizeof(io->name));
-    }
-}
-
-static int create_verity_device(struct dm_ioctl *io, char *name, int fd)
-{
-    verity_ioctl_init(io, name, 1);
-    if (ioctl(fd, DM_DEV_CREATE, io)) {
-        ERROR("Error creating device mapping (%s)", strerror(errno));
-        return -1;
-    }
-    return 0;
-}
-
-static int get_verity_device_name(struct dm_ioctl *io, char *name, int fd, char **dev_name)
-{
-    verity_ioctl_init(io, name, 0);
-    if (ioctl(fd, DM_DEV_STATUS, io)) {
-        ERROR("Error fetching verity device number (%s)", strerror(errno));
-        return -1;
-    }
-    int dev_num = (io->dev & 0xff) | ((io->dev >> 12) & 0xfff00);
-    if (asprintf(dev_name, "/dev/block/dm-%u", dev_num) < 0) {
-        ERROR("Error getting verity block device name (%s)", strerror(errno));
-        return -1;
-    }
-    return 0;
-}
-
-static int load_verity_table(struct dm_ioctl *io, char *name, char *blockdev, int fd, char *table)
-{
-    char *verity_params;
-    char *buffer = (char*) io;
-    uint64_t device_size = 0;
-
-    if (get_target_device_size(blockdev, &device_size) < 0) {
-        return -1;
-    }
-
-    verity_ioctl_init(io, name, DM_STATUS_TABLE_FLAG);
-
-    struct dm_target_spec *tgt = (struct dm_target_spec *) &buffer[sizeof(struct dm_ioctl)];
-
-    // set tgt arguments here
-    io->target_count = 1;
-    tgt->status=0;
-    tgt->sector_start=0;
-    tgt->length=device_size/512;
-    strcpy(tgt->target_type, "verity");
-
-    // build the verity params here
-    verity_params = buffer + sizeof(struct dm_ioctl) + sizeof(struct dm_target_spec);
-    if (sprintf(verity_params, "%s", table) < 0) {
-        return -1;
-    }
-
-    // set next target boundary
-    verity_params += strlen(verity_params) + 1;
-    verity_params = (char*) (((unsigned long)verity_params + 7) & ~8);
-    tgt->next = verity_params - buffer;
-
-    // send the ioctl to load the verity table
-    if (ioctl(fd, DM_TABLE_LOAD, io)) {
-        ERROR("Error loading verity table (%s)", strerror(errno));
-        return -1;
-    }
-
-    return 0;
-}
-
-static int resume_verity_table(struct dm_ioctl *io, char *name, int fd)
-{
-    verity_ioctl_init(io, name, 0);
-    if (ioctl(fd, DM_DEV_SUSPEND, io)) {
-        ERROR("Error activating verity device (%s)", strerror(errno));
-        return -1;
-    }
-    return 0;
-}
-
-static int test_access(char *device) {
-    int tries = 25;
-    while (tries--) {
-        if (!access(device, F_OK) || errno != ENOENT) {
-            return 0;
-        }
-        usleep(40 * 1000);
-    }
-    return -1;
-}
-
-int fs_mgr_setup_verity(struct fstab_rec *fstab) {
-
-    int retval = -1;
-
-    char *verity_blk_name;
-    char *verity_table;
-    char *verity_table_signature;
-
-    char buffer[DM_BUF_SIZE];
-    struct dm_ioctl *io = (struct dm_ioctl *) buffer;
-    char *mount_point = basename(fstab->mount_point);
-
-    // set the dm_ioctl flags
-    io->flags |= 1;
-    io->target_count = 1;
-
-    // get the device mapper fd
-    int fd;
-    if ((fd = open("/dev/device-mapper", O_RDWR)) < 0) {
-        ERROR("Error opening device mapper (%s)", strerror(errno));
-        return retval;
-    }
-
-    // create the device
-    if (create_verity_device(io, mount_point, fd) < 0) {
-        ERROR("Couldn't create verity device!");
-        goto out;
-    }
-
-    // get the name of the device file
-    if (get_verity_device_name(io, mount_point, fd, &verity_blk_name) < 0) {
-        ERROR("Couldn't get verity device number!");
-        goto out;
-    }
-
-    // read the verity block at the end of the block device
-    if (read_verity_metadata(fstab->blk_device,
-                                    &verity_table_signature,
-                                    &verity_table) < 0) {
-        goto out;
-    }
-
-    // verify the signature on the table
-    if (verify_table(verity_table_signature,
-                            verity_table,
-                            strlen(verity_table)) < 0) {
-        goto out;
-    }
-
-    // load the verity mapping table
-    if (load_verity_table(io, mount_point, fstab->blk_device, fd, verity_table) < 0) {
-        goto out;
-    }
-
-    // activate the device
-    if (resume_verity_table(io, mount_point, fd) < 0) {
-        goto out;
-    }
-
-    // assign the new verity block device as the block device
-    free(fstab->blk_device);
-    fstab->blk_device = verity_blk_name;
-
-    // make sure we've set everything up properly
-    if (test_access(fstab->blk_device) < 0) {
-        goto out;
-    }
-
-    retval = 0;
-
-out:
-    close(fd);
-    return retval;
-}

crypto/fs_mgr/include/fs_mgr.h

-/*
- * Copyright (C) 2012 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef __CORE_FS_MGR_H
-#define __CORE_FS_MGR_H
-
-#include <stdint.h>
-#include <linux/dm-ioctl.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-struct fstab {
-    int num_entries;
-    struct fstab_rec *recs;
-    char *fstab_filename;
-};
-
-struct fstab_rec {
-    char *blk_device;
-    char *mount_point;
-    char *fs_type;
-    unsigned long flags;
-    char *fs_options;
-    int fs_mgr_flags;
-    char *key_loc;
-    char *verity_loc;
-    long long length;
-    char *label;
-    int partnum;
-    int swap_prio;
-    unsigned int zram_size;
-};
-
-struct fstab *fs_mgr_read_fstab(const char *fstab_path);
-void fs_mgr_free_fstab(struct fstab *fstab);
-int fs_mgr_mount_all(struct fstab *fstab);
-int fs_mgr_do_mount(struct fstab *fstab, char *n_name, char *n_blk_device,
-                    char *tmp_mount_point);
-int fs_mgr_do_tmpfs_mount(char *n_name);
-int fs_mgr_unmount_all(struct fstab *fstab);
-int fs_mgr_get_crypt_info(struct fstab *fstab, char *key_loc,
-                          char *real_blk_device, int size);
-int fs_mgr_add_entry(struct fstab *fstab,
-                     const char *mount_point, const char *fs_type,
-                     const char *blk_device, long long length);
-struct fstab_rec *fs_mgr_get_entry_for_mount_point(struct fstab *fstab, const char *path);
-int fs_mgr_is_voldmanaged(struct fstab_rec *fstab);
-int fs_mgr_is_nonremovable(struct fstab_rec *fstab);
-int fs_mgr_is_encryptable(struct fstab_rec *fstab);
-int fs_mgr_is_noemulatedsd(struct fstab_rec *fstab);
-int fs_mgr_swapon_all(struct fstab *fstab);
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* __CORE_FS_MGR_H */
-

crypto/ics/Android.mk

-LOCAL_PATH := $(call my-dir)
-ifeq ($(TW_INCLUDE_CRYPTO), true)
-include $(CLEAR_VARS)
-
-LOCAL_MODULE := libcryptfsics
-LOCAL_MODULE_TAGS := eng optional
-LOCAL_CFLAGS :=
-LOCAL_CFLAGS += -DCRYPTO_FS_TYPE=\"$(TW_CRYPTO_FS_TYPE)\"
-ifeq ($(TW_INCLUDE_CRYPTO_SAMSUNG), true)
-    LOCAL_CFLAGS += -DTW_INCLUDE_CRYPTO_SAMSUNG=\"$(TW_INCLUDE_CRYPTO_SAMSUNG)\"
-    LOCAL_LDFLAGS += -ldl
-    LOCAL_STATIC_LIBRARIES += libcrypt_samsung
-endif
-ifneq ($(TW_INTERNAL_STORAGE_PATH),)
-	LOCAL_CFLAGS += -DTW_INTERNAL_STORAGE_PATH=$(TW_INTERNAL_STORAGE_PATH)
-endif
-ifneq ($(TW_EXTERNAL_STORAGE_PATH),)
-	LOCAL_CFLAGS += -DTW_EXTERNAL_STORAGE_PATH=$(TW_EXTERNAL_STORAGE_PATH)
-endif
-LOCAL_SRC_FILES = cryptfs.c
-LOCAL_C_INCLUDES += system/extras/ext4_utils external/openssl/include
-LOCAL_SHARED_LIBRARIES += libc liblog libcutils libcrypto
-
-include $(BUILD_SHARED_LIBRARY)
-endif

crypto/ics/cryptfs.h

-/*
- * Copyright (C) 2010 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-/* This structure starts 16,384 bytes before the end of a hardware
- * partition that is encrypted.
- * Immediately following this structure is the encrypted key.
- * The keysize field tells how long the key is, in bytes.
- * Then there is 32 bytes of padding,
- * Finally there is the salt used with the user password.
- * The salt is fixed at 16 bytes long.
- * Obviously, the filesystem does not include the last 16 kbytes
- * of the partition.
- */
-
-#ifndef __CRYPTFS_H__
-#define __CRYPTFS_H__
-
-#ifdef TW_INCLUDE_CRYPTO_SAMSUNG
-#include "../libcrypt_samsung/include/libcrypt_samsung.h"
-#endif
-
-#define CRYPT_FOOTER_OFFSET 0x4000
-
-#define MAX_CRYPTO_TYPE_NAME_LEN 64
-
-#define SALT_LEN 16
-#define KEY_TO_SALT_PADDING 32
-
-/* definitions of flags in the structure below */
-#define CRYPT_MNT_KEY_UNENCRYPTED 0x1 /* The key for the partition is not encrypted. */
-#define CRYPT_ENCRYPTION_IN_PROGRESS 0x2 /* Set when starting encryption,
-                                          * clear when done before rebooting */
-
-#ifdef TW_INCLUDE_CRYPTO_SAMSUNG
-#define CRYPT_MNT_MAGIC_SAMSUNG 0xD0B5B1C5
-#endif
-#define CRYPT_MNT_MAGIC 0xD0B5B1C4
-
-#define __le32 unsigned int
-#define __le16 unsigned short int 
-
-#pragma pack(1)
-
-struct crypt_mnt_ftr {
-  __le32 magic;		/* See above */
-  __le16 major_version;
-  __le16 minor_version;
-  __le32 ftr_size; 	/* in bytes, not including key following */
-  __le32 flags;		/* See above */
-  __le32 keysize;	/* in bytes */
-  __le32 spare1;	/* ignored */
-  __le64 fs_size;	/* Size of the encrypted fs, in 512 byte sectors */
-  __le32 failed_decrypt_count; /* count of # of failed attempts to decrypt and
-				  mount, set to 0 on successful mount */
-  char crypto_type_name[MAX_CRYPTO_TYPE_NAME_LEN]; /* The type of encryption
-							       needed to decrypt this
-							       partition, null terminated */
-};
-
-#pragma pack()
-
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-  int cryptfs_check_footer(void);
-  int cryptfs_check_passwd(const char *pw);
-#ifdef __cplusplus
-}
-#endif
-
-#endif // __CRYPTFS_H__
-

crypto/jb/Android.mk

-LOCAL_PATH := $(call my-dir)
-ifeq ($(TW_INCLUDE_JB_CRYPTO), true)
-include $(CLEAR_VARS)
-
-LOCAL_MODULE := libcryptfsjb
-LOCAL_MODULE_TAGS := eng optional
-LOCAL_CFLAGS :=
-LOCAL_SRC_FILES = cryptfs.c
-LOCAL_C_INCLUDES += \
-    system/extras/ext4_utils \
-    external/openssl/include \
-    $(commands_recovery_local_path)/crypto/scrypt/lib/crypto
-LOCAL_SHARED_LIBRARIES += libc liblog libcutils libcrypto libext4_utils
-LOCAL_STATIC_LIBRARIES += libfs_mgrtwrp libscrypttwrp_static liblogwraptwrp libmincrypttwrp
-
-include $(BUILD_SHARED_LIBRARY)
-endif

crypto/jb/cryptfs.h

-/*
- * Copyright (C) 2010 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-/* This structure starts 16,384 bytes before the end of a hardware
- * partition that is encrypted, or in a separate partition.  It's location
- * is specified by a property set in init.<device>.rc.
- * The structure allocates 48 bytes for a key, but the real key size is
- * specified in the struct.  Currently, the code is hardcoded to use 128
- * bit keys.
- * The fields after salt are only valid in rev 1.1 and later stuctures.
- * Obviously, the filesystem does not include the last 16 kbytes
- * of the partition if the crypt_mnt_ftr lives at the end of the
- * partition.
- */
-
-#include <cutils/properties.h>
-
-/* The current cryptfs version */
-#define CURRENT_MAJOR_VERSION 1
-#define CURRENT_MINOR_VERSION 2
-
-#define CRYPT_FOOTER_OFFSET 0x4000
-#define CRYPT_FOOTER_TO_PERSIST_OFFSET 0x1000
-#define CRYPT_PERSIST_DATA_SIZE 0x1000
-
-#define MAX_CRYPTO_TYPE_NAME_LEN 64
-
-#define MAX_KEY_LEN 48
-#define SALT_LEN 16
-
-/* definitions of flags in the structure below */
-#define CRYPT_MNT_KEY_UNENCRYPTED 0x1 /* The key for the partition is not encrypted. */
-#define CRYPT_ENCRYPTION_IN_PROGRESS 0x2 /* Set when starting encryption,
-                                          * clear when done before rebooting */
-
-#define CRYPT_MNT_MAGIC 0xD0B5B1C4
-#define PERSIST_DATA_MAGIC 0xE950CD44
-
-#define SCRYPT_PROP "ro.crypto.scrypt_params"
-#define SCRYPT_DEFAULTS { 15, 3, 1 }
-
-/* Key Derivation Function algorithms */
-#define KDF_PBKDF2 1
-#define KDF_SCRYPT 2
-
-#define __le32 unsigned int
-#define __le16 unsigned short int
-#define __le8  unsigned char
-
-struct crypt_mnt_ftr {
-  __le32 magic;		/* See above */
-  __le16 major_version;
-  __le16 minor_version;
-  __le32 ftr_size; 	/* in bytes, not including key following */
-  __le32 flags;		/* See above */
-  __le32 keysize;	/* in bytes */
-  __le32 spare1;	/* ignored */
-  __le64 fs_size;	/* Size of the encrypted fs, in 512 byte sectors */
-  __le32 failed_decrypt_count; /* count of # of failed attempts to decrypt and
-				  mount, set to 0 on successful mount */
-  unsigned char crypto_type_name[MAX_CRYPTO_TYPE_NAME_LEN]; /* The type of encryption
-							       needed to decrypt this
-							       partition, null terminated */
-  __le32 spare2;        /* ignored */
-  unsigned char master_key[MAX_KEY_LEN]; /* The encrypted key for decrypting the filesystem */
-  unsigned char salt[SALT_LEN];   /* The salt used for this encryption */
-  __le64 persist_data_offset[2];  /* Absolute offset to both copies of crypt_persist_data
-                                   * on device with that info, either the footer of the
-                                   * real_blkdevice or the metadata partition. */
-
-  __le32 persist_data_size;       /* The number of bytes allocated to each copy of the
-                                   * persistent data table*/
-
-  __le8  kdf_type; /* The key derivation function used. */
-
-  /* scrypt parameters. See www.tarsnap.com/scrypt/scrypt.pdf */
-  __le8  N_factor; /* (1 << N) */
-  __le8  r_factor; /* (1 << r) */
-  __le8  p_factor; /* (1 << p) */
-};
-
-/* Persistant data that should be available before decryption.
- * Things like airplane mode, locale and timezone are kept
- * here and can be retrieved by the CryptKeeper UI to properly
- * configure the phone before asking for the password
- * This is only valid if the major and minor version above
- * is set to 1.1 or higher.
- *
- * This is a 4K structure.  There are 2 copies, and the code alternates
- * writing one and then clearing the previous one.  The reading
- * code reads the first valid copy it finds, based on the magic number.
- * The absolute offset to the first of the two copies is kept in rev 1.1
- * and higher crypt_mnt_ftr structures.
- */
-struct crypt_persist_entry {
-  char key[PROPERTY_KEY_MAX];
-  char val[PROPERTY_VALUE_MAX];
-};
-
-/* Should be exactly 4K in size */
-struct crypt_persist_data {
-  __le32 persist_magic;
-  __le32 persist_valid_entries;
-  __le32 persist_spare[30];
-  struct crypt_persist_entry persist_entry[0];
-};
-
-struct volume_info {
-   unsigned int size;
-   unsigned int flags;
-   struct crypt_mnt_ftr crypt_ftr;
-   char mnt_point[256];
-   char blk_dev[256];
-   char crypto_blkdev[256];
-   char label[256];
-};
-#define VOL_NONREMOVABLE   0x1
-#define VOL_ENCRYPTABLE    0x2
-#define VOL_PRIMARY        0x4
-#define VOL_PROVIDES_ASEC  0x8
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-  typedef void (*kdf_func)(char *passwd, unsigned char *salt, unsigned char *ikey, void *params);
-
-  int cryptfs_crypto_complete(void);
-  int cryptfs_check_footer(void);
-  int cryptfs_check_passwd(char *pw);
-  int cryptfs_verify_passwd(char *newpw);
-  int cryptfs_restart(void);
-  int cryptfs_enable(char *flag, char *passwd);
-  int cryptfs_changepw(char *newpw);
-  int cryptfs_setup_volume(const char *label, int major, int minor,
-                           char *crypto_dev_path, unsigned int max_pathlen,
-                           int *new_major, int *new_minor);
-  int cryptfs_revert_volume(const char *label);
-  int cryptfs_getfield(char *fieldname, char *value, int len);
-  int cryptfs_setfield(char *fieldname, char *value);
-#ifdef __cplusplus
-}
-#endif
-