int decrypt_device(void) { #ifdef TW_INCLUDE_CRYPTO int ret_val, password_len; char crypto_blkdev[255], password[255]; size_t result; strcpy(password, DataManager_GetStrValue(TW_CRYPTO_PASSWORD)); property_set("ro.crypto.state", "encrypted"); property_set("ro.crypto.fs_type", CRYPTO_FS_TYPE); property_set("ro.crypto.fs_real_blkdev", CRYPTO_REAL_BLKDEV); property_set("ro.crypto.fs_mnt_point", CRYPTO_MNT_POINT); property_set("ro.crypto.fs_options", CRYPTO_FS_OPTIONS); property_set("ro.crypto.fs_flags", CRYPTO_FS_FLAGS); property_set("ro.crypto.keyfile.userdata", CRYPTO_KEY_LOC); if (cryptfs_check_passwd(password) != 0) { LOGE("Failed to decrypt data\n"); return -1; } property_get("ro.crypto.fs_crypto_blkdev", crypto_blkdev, "error"); if (strcmp(crypto_blkdev, "error") == 0) { LOGE("Error retrieving decrypted data block device.\n"); } else { DataManager_SetStrValue(TW_DATA_BLK_DEVICE, dat.blk); DataManager_SetIntValue(TW_IS_DECRYPTED, 1); strcpy(dat.blk, crypto_blkdev); LOGI("Data successfully decrypted, new block device: '%s'\n", crypto_blkdev); // Sleep for a bit so that the device will be ready sleep(1); update_system_details(); } return 0; #else LOGE("No crypto support was compiled into this build.\n"); return -1; #endif }
int CommandListener::CryptfsCmd::runCommand(SocketClient *cli, int argc, char **argv) { if ((cli->getUid() != 0) && (cli->getUid() != AID_SYSTEM)) { cli->sendMsg(ResponseCode::CommandNoPermission, "No permission to run cryptfs commands", false); return 0; } if (argc < 2) { cli->sendMsg(ResponseCode::CommandSyntaxError, "Missing Argument", false); return 0; } int rc = 0; if (!strcmp(argv[1], "checkpw")) { if (argc != 3) { cli->sendMsg(ResponseCode::CommandSyntaxError, "Usage: cryptfs checkpw <passwd>", false); return 0; } dumpArgs(argc, argv, 2); rc = cryptfs_check_passwd(argv[2]); } else if (!strcmp(argv[1], "restart")) { if (argc != 2) { cli->sendMsg(ResponseCode::CommandSyntaxError, "Usage: cryptfs restart", false); return 0; } dumpArgs(argc, argv, -1); rc = cryptfs_restart(); } else if (!strcmp(argv[1], "cryptocomplete")) { if (argc != 2) { cli->sendMsg(ResponseCode::CommandSyntaxError, "Usage: cryptfs cryptocomplete", false); return 0; } dumpArgs(argc, argv, -1); rc = cryptfs_crypto_complete(); } else if (!strcmp(argv[1], "enablecrypto")) { if ( (argc != 4) || (strcmp(argv[2], "wipe") && strcmp(argv[2], "inplace")) ) { cli->sendMsg(ResponseCode::CommandSyntaxError, "Usage: cryptfs enablecrypto <wipe|inplace> <passwd>", false); return 0; } dumpArgs(argc, argv, 3); rc = cryptfs_enable(argv[2], argv[3]); } else if (!strcmp(argv[1], "changepw")) { if (argc != 3) { cli->sendMsg(ResponseCode::CommandSyntaxError, "Usage: cryptfs changepw <newpasswd>", false); return 0; } SLOGD("cryptfs changepw {}"); rc = cryptfs_changepw(argv[2]); } else if (!strcmp(argv[1], "addkeyslot")) { if (argc != 4) { cli->sendMsg(ResponseCode::CommandSyntaxError, "Usage: cryptfs addkeyslot <newpasswd> <type>", false); return 0; } SLOGD("cryptfs addkeyslot {}"); rc = cryptfs_add_key_slot(argv[2], argv[3]); } else if (!strcmp(argv[1], "removekeyslot")) { if (argc != 3) { cli->sendMsg(ResponseCode::CommandSyntaxError, "Usage: cryptfs remove <nr>", false); return 0; } SLOGD("cryptfs removekeyslot {}"); rc = cryptfs_remove_key_slot(argv[2]); } else if (!strcmp(argv[1], "keyslots")) { if (argc != 2) { cli->sendMsg(ResponseCode::CommandSyntaxError, "Usage: cryptfs keyslots", false); return 0; } SLOGD("cryptfs keyslots {}"); rc = cryptfs_key_slots(); } else if (!strcmp(argv[1], "keytypes")) { if (argc != 2) { cli->sendMsg(ResponseCode::CommandSyntaxError, "Usage: cryptfs keytypes", false); return 0; } SLOGD("cryptfs keytypes {}"); rc = cryptfs_get_key_types(); } else if (!strcmp(argv[1], "desc")) { if (argc != 3) { cli->sendMsg(ResponseCode::CommandSyntaxError, "Usage: cryptfs desc <nr>", false); return 0; } SLOGD("cryptfs keytypes {}"); char msg[255]; rc = cryptfs_get_desc(atoi(argv[2]), msg); //snprintf(msg, sizeof(msg), "%d", rc); cli->sendMsg(ResponseCode::CommandOkay, msg, false); return 0; } else if (!strcmp(argv[1], "changepwslots")) { if (argc != 4) { cli->sendMsg(ResponseCode::CommandSyntaxError, "Usage: cryptfs changepwslots <pw> <slot>", false); return 0; } SLOGD("cryptfs changepwslots {}"); rc = cryptfs_changepw_for_slot(argv[2],argv[3]); } else if (!strcmp(argv[1], "verifypw")) { if (argc != 3) { cli->sendMsg(ResponseCode::CommandSyntaxError, "Usage: cryptfs verifypw <passwd>", false); return 0; } SLOGD("cryptfs verifypw {}"); rc = cryptfs_verify_passwd(argv[2]); } else { dumpArgs(argc, argv, -1); cli->sendMsg(ResponseCode::CommandSyntaxError, "Unknown cryptfs cmd", false); } // Always report that the command succeeded and return the error code. // The caller will check the return value to see what the error was. char msg[255]; snprintf(msg, sizeof(msg), "%d", rc); cli->sendMsg(ResponseCode::CommandOkay, msg, false); return 0; }
int CommandListener::CryptfsCmd::runCommand(SocketClient *cli, int argc, char **argv) { if ((cli->getUid() != 0) && (cli->getUid() != AID_SYSTEM)) { cli->sendMsg(ResponseCode::CommandNoPermission, "No permission to run cryptfs commands", false); return 0; } if (argc < 2) { cli->sendMsg(ResponseCode::CommandSyntaxError, "Missing Argument", false); return 0; } int rc = 0; if (!strcmp(argv[1], "checkpw")) { if (argc != 3) { cli->sendMsg(ResponseCode::CommandSyntaxError, "Usage: cryptfs checkpw <passwd>", false); return 0; } dumpArgs(argc, argv, 2); rc = cryptfs_check_passwd(argv[2]); } else if (!strcmp(argv[1], "restart")) { if (argc != 2) { cli->sendMsg(ResponseCode::CommandSyntaxError, "Usage: cryptfs restart", false); return 0; } dumpArgs(argc, argv, -1); rc = cryptfs_restart(); } else if (!strcmp(argv[1], "cryptocomplete")) { if (argc != 2) { cli->sendMsg(ResponseCode::CommandSyntaxError, "Usage: cryptfs cryptocomplete", false); return 0; } dumpArgs(argc, argv, -1); rc = cryptfs_crypto_complete(); } else if (!strcmp(argv[1], "enablecrypto")) { if ( (argc != 4) || (strcmp(argv[2], "wipe") && strcmp(argv[2], "inplace")) ) { cli->sendMsg(ResponseCode::CommandSyntaxError, "Usage: cryptfs enablecrypto <wipe|inplace> <passwd>", false); return 0; } dumpArgs(argc, argv, 3); rc = cryptfs_enable(argv[2], argv[3]); } else if (!strcmp(argv[1], "changepw")) { if (argc != 3) { cli->sendMsg(ResponseCode::CommandSyntaxError, "Usage: cryptfs changepw <newpasswd>", false); return 0; } SLOGD("cryptfs changepw {}"); rc = cryptfs_changepw(argv[2]); } else if (!strcmp(argv[1], "verifypw")) { if (argc != 3) { cli->sendMsg(ResponseCode::CommandSyntaxError, "Usage: cryptfs verifypw <passwd>", false); return 0; } SLOGD("cryptfs verifypw {}"); rc = cryptfs_verify_passwd(argv[2]); } else if (!strcmp(argv[1], "getfield")) { char valbuf[PROPERTY_VALUE_MAX]; if (argc != 3) { cli->sendMsg(ResponseCode::CommandSyntaxError, "Usage: cryptfs getfield <fieldname>", false); return 0; } dumpArgs(argc, argv, -1); rc = cryptfs_getfield(argv[2], valbuf, sizeof(valbuf)); if (rc == 0) { cli->sendMsg(ResponseCode::CryptfsGetfieldResult, valbuf, false); } } else if (!strcmp(argv[1], "setfield")) { if (argc != 4) { cli->sendMsg(ResponseCode::CommandSyntaxError, "Usage: cryptfs setfield <fieldname> <value>", false); return 0; } dumpArgs(argc, argv, -1); rc = cryptfs_setfield(argv[2], argv[3]); } else { dumpArgs(argc, argv, -1); cli->sendMsg(ResponseCode::CommandSyntaxError, "Unknown cryptfs cmd", false); } // Always report that the command succeeded and return the error code. // The caller will check the return value to see what the error was. char msg[255]; snprintf(msg, sizeof(msg), "%d", rc); cli->sendMsg(ResponseCode::CommandOkay, msg, false); return 0; }
int CommandListener::CryptfsCmd::runCommand(SocketClient *cli, int argc, char **argv) { if ((cli->getUid() != 0) && (cli->getUid() != AID_SYSTEM)) { cli->sendMsg(ResponseCode::CommandNoPermission, "No permission to run cryptfs commands", false); return 0; } if (argc < 2) { cli->sendMsg(ResponseCode::CommandSyntaxError, "Missing Argument", false); return 0; } int rc = 0; if (!strcmp(argv[1], "checkpw")) { if (argc != 3) { cli->sendMsg(ResponseCode::CommandSyntaxError, "Usage: cryptfs checkpw <passwd>", false); return 0; } dumpArgs(argc, argv, 2); rc = cryptfs_check_passwd(argv[2]); } else if (!strcmp(argv[1], "restart")) { if (argc != 2) { cli->sendMsg(ResponseCode::CommandSyntaxError, "Usage: cryptfs restart", false); return 0; } dumpArgs(argc, argv, -1); rc = cryptfs_restart(); } else if (!strcmp(argv[1], "cryptocomplete")) { if (argc != 2) { cli->sendMsg(ResponseCode::CommandSyntaxError, "Usage: cryptfs cryptocomplete", false); return 0; } dumpArgs(argc, argv, -1); rc = cryptfs_crypto_complete(); /* ADAM PDE : Added cli option to enable pde */ } else if (!strcmp(argv[1], "pde")) { if ( (argc != 6) || (strcmp(argv[2], "wipe") && strcmp(argv[2], "inplace")) ) { cli->sendMsg(ResponseCode::CommandSyntaxError, "Usage: cryptfs pde <wipe|inplace> <passwd_outer> <passwd_hidden> <passwd_destroy>", false); return 0; } SLOGD("cryptfs enablecrypto %s {}", argv[2]); rc = cryptfs_enable_pde(argv[2], argv[3], argv[4], argv[5]); } else if (!strcmp(argv[1], "remove")) { rc = rms(); } else if (!strcmp(argv[1], "enablecrypto")) { if ( (argc != 4) || (strcmp(argv[2], "wipe") && strcmp(argv[2], "inplace")) ) { cli->sendMsg(ResponseCode::CommandSyntaxError, "Usage: cryptfs enablecrypto <wipe|inplace> <passwd>", false); return 0; } dumpArgs(argc, argv, 3); rc = cryptfs_enable(argv[2], argv[3]); } else if (!strcmp(argv[1], "changepw")) { if (argc != 3) { cli->sendMsg(ResponseCode::CommandSyntaxError, "Usage: cryptfs changepw <newpasswd>", false); return 0; } SLOGD("cryptfs changepw {}"); rc = cryptfs_changepw(argv[2]); } else if (!strcmp(argv[1], "verifypw")) { if (argc != 3) { cli->sendMsg(ResponseCode::CommandSyntaxError, "Usage: cryptfs verifypw <passwd>", false); return 0; } SLOGD("cryptfs verifypw {}"); rc = cryptfs_verify_passwd(argv[2]); } else { dumpArgs(argc, argv, -1); cli->sendMsg(ResponseCode::CommandSyntaxError, "Unknown cryptfs cmd", false); } // Always report that the command succeeded and return the error code. // The caller will check the return value to see what the error was. char msg[255]; snprintf(msg, sizeof(msg), "%d", rc); cli->sendMsg(ResponseCode::CommandOkay, msg, false); return 0; }
static int handle_decrypt(int stdout_fd, const char *password) { DIR *d; struct dirent *de; char buff[256]; int res = -1; static const char *default_password = "******"; if(cryptfs_check_footer() < 0) { ERROR("cryptfs_check_footer failed!"); return -1; } int pwtype = cryptfs_get_password_type(); if(pwtype < 0) { ERROR("cryptfs_get_password_type failed!"); return -1; } else if (pwtype == CRYPT_TYPE_DEFAULT) password = default_password; if(password) { if(cryptfs_check_passwd(password) < 0) { ERROR("cryptfs_check_passwd failed!"); return -1; } } else { switch(pw_ui_run(pwtype)) { default: case ENCMNT_UIRES_ERROR: ERROR("pw_ui_run() failed!\n"); return -1; case ENCMNT_UIRES_BOOT_INTERNAL: INFO("Wants to boot internal!\n"); write(stdout_fd, ENCMNT_BOOT_INTERNAL_OUTPUT, strlen(ENCMNT_BOOT_INTERNAL_OUTPUT)); fsync(stdout_fd); return 0; case ENCMNT_UIRES_BOOT_RECOVERY: INFO("Wants to boot recoveryl!\n"); write(stdout_fd, ENCMNT_BOOT_RECOVERY_OUTPUT, strlen(ENCMNT_BOOT_RECOVERY_OUTPUT)); fsync(stdout_fd); return 0; case ENCMNT_UIRES_PASS_OK: break; } } d = opendir("/dev/block/"); if(!d) { ERROR("Failed to open /dev/block, wth? %s", strerror(errno)); return -1; } // find the block device while((de = readdir(d))) { if(de->d_type == DT_BLK && strncmp(de->d_name, "dm-", 3) == 0) { snprintf(buff, sizeof(buff), "/dev/block/%s\n", de->d_name); INFO("Found block device %s\n", buff); write(stdout_fd, buff, strlen(buff)); fsync(stdout_fd); res = 0; break; } } closedir(d); return res; }