int e4crypt_enable(const char* path)
{
// Already enabled?
if (s_key_store.find(path) != s_key_store.end()) {
return 0;
}
// Not an encryptable device?
UnencryptedProperties key_props = GetProps(path).GetChild(properties::key);
if (!key_props.OK()) {
return 0;
}
if (key_props.Get<std::string>(tag::master_key).empty()) {
crypt_mnt_ftr ftr;
if (cryptfs_create_default_ftr(&ftr, key_length)) {
SLOGE("Failed to create crypto footer");
return -1;
}
// Scrub fields not used by ext4enc
ftr.persist_data_offset[0] = 0;
ftr.persist_data_offset[1] = 0;
ftr.persist_data_size = 0;
if (put_crypt_ftr_and_key(ftr, key_props)) {
SLOGE("Failed to write crypto footer");
return -1;
}
crypt_mnt_ftr ftr2;
if (get_crypt_ftr_and_key(ftr2, key_props)) {
SLOGE("Failed to read crypto footer back");
return -1;
}
if (memcmp(&ftr, &ftr2, sizeof(ftr)) != 0) {
SLOGE("Crypto footer not correctly written");
return -1;
}
}
if (!UnencryptedProperties(path).Remove(properties::ref)) {
SLOGE("Failed to remove key ref");
return -1;
}
return e4crypt_check_passwd(path, "");
}
int e4crypt_check_passwd(const char* path, const char* password)
{
SLOGI("e4crypt_check_password");
auto props = GetPropsOrAltProps(path);
auto key_props = props.GetChild(properties::key);
crypt_mnt_ftr ftr;
if (get_crypt_ftr_and_key(ftr, key_props)) {
SLOGE("Failed to read crypto footer back");
return -1;
}
unsigned char master_key_bytes[key_length / 8];
if (cryptfs_get_master_key (&ftr, password, master_key_bytes)){
SLOGI("Incorrect password");
ftr.failed_decrypt_count++;
if (put_crypt_ftr_and_key(ftr, key_props)) {
SLOGW("Failed to update failed_decrypt_count");
}
return ftr.failed_decrypt_count;
}
if (ftr.failed_decrypt_count) {
ftr.failed_decrypt_count = 0;
if (put_crypt_ftr_and_key(ftr, key_props)) {
SLOGW("Failed to reset failed_decrypt_count");
}
}
std::string master_key(reinterpret_cast<char*>(master_key_bytes),
sizeof(master_key_bytes));
struct timespec now;
clock_gettime(CLOCK_BOOTTIME, &now);
s_key_store[path] = keys{master_key, password,
now.tv_sec + password_max_age_seconds};
auto raw_ref = e4crypt_install_key(master_key);
if (raw_ref.empty()) {
return -1;
}
// Save reference to key so we can set policy later
if (!props.Set(properties::ref, raw_ref)) {
SLOGE("Cannot save key reference");
return -1;
}
return 0;
}
int e4crypt_change_password(const char* path, int crypt_type,
const char* password)
{
SLOGI("e4crypt_change_password");
auto key_props = GetProps(path).GetChild(properties::key);
crypt_mnt_ftr ftr;
if (get_crypt_ftr_and_key(ftr, key_props)) {
SLOGE("Failed to read crypto footer back");
return -1;
}
auto mki = s_key_store.find(path);
if (mki == s_key_store.end()) {
SLOGE("No stored master key - can't change password");
return -1;
}
const unsigned char* master_key_bytes
= reinterpret_cast<const unsigned char*>(&mki->second.master_key[0]);
if (cryptfs_set_password(&ftr, password, master_key_bytes)) {
SLOGE("Failed to set password");
return -1;
}
ftr.crypt_type = crypt_type;
if (put_crypt_ftr_and_key(ftr, key_props)) {
SLOGE("Failed to write crypto footer");
return -1;
}
if (!UnencryptedProperties(path).Set(properties::is_default,
crypt_type == CRYPT_TYPE_DEFAULT)) {
SLOGE("Failed to update default flag");
return -1;
}
return 0;
}
int main(void)
{
char key_loc[PROPERTY_VALUE_MAX];
char blk_dev[PROPERTY_VALUE_MAX];
char fstab_filename[PROPERTY_VALUE_MAX + sizeof(FSTAB_PREFIX)];
struct stat st;
struct crypt_mnt_ftr crypt_ftr;
int fdout;
printf("This tool comes with no warranties whatsoever.\n");
printf("http://teamw.in\n\n");
strcpy(fstab_filename, FSTAB_PREFIX);
property_get("ro.hardware", fstab_filename + sizeof(FSTAB_PREFIX) - 1, "");
if (stat(fstab_filename, &st) != 0) {
printf("Cannot locate fstab file '%s'\n", fstab_filename);
return -1;
}
fstab = fs_mgr_read_fstab(fstab_filename);
if (!fstab) {
printf("failed to open %s\n", fstab_filename);
return -1;
}
fs_mgr_get_crypt_info(fstab, key_loc, blk_dev, sizeof(blk_dev));
if (get_crypt_ftr_and_key(&crypt_ftr)) {
printf("Error getting crypt footer and key\n");
return -1;
}
if ( (fdout = open("/footerfile", O_WRONLY | O_CREAT, 0644)) < 0) {
printf("Cannot open output file /footerfile\n");
return -1;
}
if (write(fdout, (void*) &crypt_ftr, sizeof(struct crypt_mnt_ftr)) != sizeof(struct crypt_mnt_ftr)) {
printf("Failed to write footer.\n");
}
close(fdout);
if (!strcmp(key_loc, KEY_IN_FOOTER)) {
unsigned int nr_sec, cnt;
off64_t off = 0;
char buffer[CRYPT_FOOTER_OFFSET];
int fd;
printf("\n\nDumping footer from '%s'...\n", blk_dev);
if ( (fd = open(blk_dev, O_RDONLY)) < 0) {
printf("Cannot open real block device %s\n", blk_dev);
return -1;
}
if ((nr_sec = get_blkdev_size(fd))) {
off = ((off64_t)nr_sec * 512) - CRYPT_FOOTER_OFFSET;
} else {
printf("Cannot get size of block device %s\n", blk_dev);
close(fd);
return -1;
}
printf("Size is %llu, offset is %llu\n", ((off64_t)nr_sec * 512), off);
if (lseek64(fd, off, SEEK_SET) == -1) {
printf("Cannot seek to real block device footer\n");
close(fd);
return -1;
}
if ( (cnt = read(fd, buffer, sizeof(buffer))) != sizeof(buffer)) {
printf("Cannot read real block device footer\n");
close(fd);
return -1;
}
close(fd);
if ( (fdout = open("/footerdump", O_WRONLY | O_CREAT, 0644)) < 0) {
printf("Cannot open output file /footerdump\n");
return -1;
}
if (write(fdout, buffer, sizeof(buffer)) != sizeof(buffer)) {
printf("Failed to write footer.\n");
}
close(fdout);
}
return 0;
}
