int e4crypt_enable(const char* path) { // Already enabled? if (s_key_store.find(path) != s_key_store.end()) { return 0; } // Not an encryptable device? UnencryptedProperties key_props = GetProps(path).GetChild(properties::key); if (!key_props.OK()) { return 0; } if (key_props.Get<std::string>(tag::master_key).empty()) { crypt_mnt_ftr ftr; if (cryptfs_create_default_ftr(&ftr, key_length)) { SLOGE("Failed to create crypto footer"); return -1; } // Scrub fields not used by ext4enc ftr.persist_data_offset[0] = 0; ftr.persist_data_offset[1] = 0; ftr.persist_data_size = 0; if (put_crypt_ftr_and_key(ftr, key_props)) { SLOGE("Failed to write crypto footer"); return -1; } crypt_mnt_ftr ftr2; if (get_crypt_ftr_and_key(ftr2, key_props)) { SLOGE("Failed to read crypto footer back"); return -1; } if (memcmp(&ftr, &ftr2, sizeof(ftr)) != 0) { SLOGE("Crypto footer not correctly written"); return -1; } } if (!UnencryptedProperties(path).Remove(properties::ref)) { SLOGE("Failed to remove key ref"); return -1; } return e4crypt_check_passwd(path, ""); }
int e4crypt_check_passwd(const char* path, const char* password) { SLOGI("e4crypt_check_password"); auto props = GetPropsOrAltProps(path); auto key_props = props.GetChild(properties::key); crypt_mnt_ftr ftr; if (get_crypt_ftr_and_key(ftr, key_props)) { SLOGE("Failed to read crypto footer back"); return -1; } unsigned char master_key_bytes[key_length / 8]; if (cryptfs_get_master_key (&ftr, password, master_key_bytes)){ SLOGI("Incorrect password"); ftr.failed_decrypt_count++; if (put_crypt_ftr_and_key(ftr, key_props)) { SLOGW("Failed to update failed_decrypt_count"); } return ftr.failed_decrypt_count; } if (ftr.failed_decrypt_count) { ftr.failed_decrypt_count = 0; if (put_crypt_ftr_and_key(ftr, key_props)) { SLOGW("Failed to reset failed_decrypt_count"); } } std::string master_key(reinterpret_cast<char*>(master_key_bytes), sizeof(master_key_bytes)); struct timespec now; clock_gettime(CLOCK_BOOTTIME, &now); s_key_store[path] = keys{master_key, password, now.tv_sec + password_max_age_seconds}; auto raw_ref = e4crypt_install_key(master_key); if (raw_ref.empty()) { return -1; } // Save reference to key so we can set policy later if (!props.Set(properties::ref, raw_ref)) { SLOGE("Cannot save key reference"); return -1; } return 0; }
int e4crypt_change_password(const char* path, int crypt_type, const char* password) { SLOGI("e4crypt_change_password"); auto key_props = GetProps(path).GetChild(properties::key); crypt_mnt_ftr ftr; if (get_crypt_ftr_and_key(ftr, key_props)) { SLOGE("Failed to read crypto footer back"); return -1; } auto mki = s_key_store.find(path); if (mki == s_key_store.end()) { SLOGE("No stored master key - can't change password"); return -1; } const unsigned char* master_key_bytes = reinterpret_cast<const unsigned char*>(&mki->second.master_key[0]); if (cryptfs_set_password(&ftr, password, master_key_bytes)) { SLOGE("Failed to set password"); return -1; } ftr.crypt_type = crypt_type; if (put_crypt_ftr_and_key(ftr, key_props)) { SLOGE("Failed to write crypto footer"); return -1; } if (!UnencryptedProperties(path).Set(properties::is_default, crypt_type == CRYPT_TYPE_DEFAULT)) { SLOGE("Failed to update default flag"); return -1; } return 0; }
int main(void) { char key_loc[PROPERTY_VALUE_MAX]; char blk_dev[PROPERTY_VALUE_MAX]; char fstab_filename[PROPERTY_VALUE_MAX + sizeof(FSTAB_PREFIX)]; struct stat st; struct crypt_mnt_ftr crypt_ftr; int fdout; printf("This tool comes with no warranties whatsoever.\n"); printf("http://teamw.in\n\n"); strcpy(fstab_filename, FSTAB_PREFIX); property_get("ro.hardware", fstab_filename + sizeof(FSTAB_PREFIX) - 1, ""); if (stat(fstab_filename, &st) != 0) { printf("Cannot locate fstab file '%s'\n", fstab_filename); return -1; } fstab = fs_mgr_read_fstab(fstab_filename); if (!fstab) { printf("failed to open %s\n", fstab_filename); return -1; } fs_mgr_get_crypt_info(fstab, key_loc, blk_dev, sizeof(blk_dev)); if (get_crypt_ftr_and_key(&crypt_ftr)) { printf("Error getting crypt footer and key\n"); return -1; } if ( (fdout = open("/footerfile", O_WRONLY | O_CREAT, 0644)) < 0) { printf("Cannot open output file /footerfile\n"); return -1; } if (write(fdout, (void*) &crypt_ftr, sizeof(struct crypt_mnt_ftr)) != sizeof(struct crypt_mnt_ftr)) { printf("Failed to write footer.\n"); } close(fdout); if (!strcmp(key_loc, KEY_IN_FOOTER)) { unsigned int nr_sec, cnt; off64_t off = 0; char buffer[CRYPT_FOOTER_OFFSET]; int fd; printf("\n\nDumping footer from '%s'...\n", blk_dev); if ( (fd = open(blk_dev, O_RDONLY)) < 0) { printf("Cannot open real block device %s\n", blk_dev); return -1; } if ((nr_sec = get_blkdev_size(fd))) { off = ((off64_t)nr_sec * 512) - CRYPT_FOOTER_OFFSET; } else { printf("Cannot get size of block device %s\n", blk_dev); close(fd); return -1; } printf("Size is %llu, offset is %llu\n", ((off64_t)nr_sec * 512), off); if (lseek64(fd, off, SEEK_SET) == -1) { printf("Cannot seek to real block device footer\n"); close(fd); return -1; } if ( (cnt = read(fd, buffer, sizeof(buffer))) != sizeof(buffer)) { printf("Cannot read real block device footer\n"); close(fd); return -1; } close(fd); if ( (fdout = open("/footerdump", O_WRONLY | O_CREAT, 0644)) < 0) { printf("Cannot open output file /footerdump\n"); return -1; } if (write(fdout, buffer, sizeof(buffer)) != sizeof(buffer)) { printf("Failed to write footer.\n"); } close(fdout); } return 0; }