commit bb7d9afea9479eabbc98133d3d968225a1e1019e
author Iliyan Malchev <malchev@google.com> Thu Nov 20 18:42:23 2014 -0800
committer Iliyan Malchev <malchev@google.com> Fri Nov 21 08:19:33 2014 +0000
tree 6ae2df145de6786fba0a29bc0a1656eb5a411e87
parent 87701e2755f039d6ea8c1510dcddf468ee947a62

fall back to dm-crypt if device already encrypted

Devices already encrypted with aes-cbc-essiv:sha256 will continue to be
decrypted in software, until a factory data reset.  New devices that
implement CONFIG_HW_DISK_ENCRYPTION will switch to aes-xts.

b/17475056 Enable hardware crypto for userdata encryption

Change-Id: I62d1583bdaf7ff06b87e386e758fa3b18c719bca
Signed-off-by: Iliyan Malchev <malchev@google.com>

cryptfs.c

diff --git a/cryptfs.c b/cryptfs.c
index a8211cc..e9d6afb 100644
--- a/cryptfs.c
+++ b/cryptfs.c
@@ -997,7 +997,12 @@
   tgt->sector_start = 0;
   tgt->length = crypt_ftr->fs_size;
 #ifdef CONFIG_HW_DISK_ENCRYPTION
-  strlcpy(tgt->target_type, "req-crypt", DM_MAX_TYPE_NAME);
+  if (!strcmp((char *)crypt_ftr->crypto_type_name, "aes-xts")) {
+    strlcpy(tgt->target_type, "req-crypt", DM_MAX_TYPE_NAME);
+  }
+  else {
+    strlcpy(tgt->target_type, "crypt", DM_MAX_TYPE_NAME);
+  }
 #else
   strlcpy(tgt->target_type, "crypt", DM_MAX_TYPE_NAME);
 #endif
@@ -1047,7 +1052,7 @@
     v = (struct dm_target_versions *) &buffer[sizeof(struct dm_ioctl)];
     while (v->next) {
 #ifdef CONFIG_HW_DISK_ENCRYPTION
-        if(!strcmp(v->name, "crypt") || !strcmp(v->name, "req-crypt")) {
+        if (! strcmp(v->name, "crypt") || ! strcmp(v->name, "req-crypt")) {
 #else
         if (! strcmp(v->name, "crypt")) {
 #endif
@@ -1764,8 +1769,10 @@
   fs_mgr_get_crypt_info(fstab, 0, real_blkdev, sizeof(real_blkdev));
 
 #ifdef CONFIG_HW_DISK_ENCRYPTION
-  if(!set_hw_device_encryption_key(passwd, (char*) crypt_ftr->crypto_type_name)) {
-    SLOGE("Hardware encryption key does not match");
+  if (!strcmp((char *)crypt_ftr->crypto_type_name, "aes-xts")) {
+    if(!set_hw_device_encryption_key(passwd, (char*) crypt_ftr->crypto_type_name)) {
+      SLOGE("Hardware encryption key does not match");
+    }
   }
 #endif
 
@@ -3106,7 +3113,7 @@
 #else
         strlcpy((char *)crypt_ftr.crypto_type_name, "aes-xts", MAX_CRYPTO_TYPE_NAME_LEN);
 
-	rc = clear_hw_device_encryption_key();
+        rc = clear_hw_device_encryption_key();
         if (!rc) {
           SLOGE("Error clearing device encryption hardware key. rc = %d", rc);
         }
@@ -3342,16 +3349,18 @@
     free(adjusted_passwd);
 
 #ifdef CONFIG_HW_DISK_ENCRYPTION
-    if (crypt_type == CRYPT_TYPE_DEFAULT) {
-        int rc = update_hw_device_encryption_key(DEFAULT_PASSWORD, (char*) crypt_ftr.crypto_type_name);
-        SLOGD("Update hardware encryption key to default for crypt_type: %d. rc = %d", crypt_type, rc);
-        if (!rc)
-            return -1;
-    } else {
-        int rc = update_hw_device_encryption_key(newpw, (char*) crypt_ftr.crypto_type_name);
-        SLOGD("Update hardware encryption key for crypt_type: %d. rc = %d", crypt_type, rc);
-        if (!rc)
-            return -1;
+    if (!strcmp((char *)crypt_ftr.crypto_type_name, "aes-xts")) {
+        if (crypt_type == CRYPT_TYPE_DEFAULT) {
+            int rc = update_hw_device_encryption_key(DEFAULT_PASSWORD, (char*) crypt_ftr.crypto_type_name);
+            SLOGD("Update hardware encryption key to default for crypt_type: %d. rc = %d", crypt_type, rc);
+            if (!rc)
+                return -1;
+        } else {
+            int rc = update_hw_device_encryption_key(newpw, (char*) crypt_ftr.crypto_type_name);
+            SLOGD("Update hardware encryption key for crypt_type: %d. rc = %d", crypt_type, rc);
+            if (!rc)
+                return -1;
+        }
     }
 #endif
     return 0;