/* * Copyright (C) 2016 The Team Win Recovery Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #include "Decrypt.h" #include "Ext4Crypt.h" #include #include #include #include #include #include #include #include "ext4_crypt.h" #include "key_control.h" #include #include "HashPassword.h" #include // Store main DE raw ref / policy extern std::string de_raw_ref; extern std::map s_de_key_raw_refs; extern std::map s_ce_key_raw_refs; static bool lookup_ref_key_internal(std::map& key_map, const char* policy, userid_t* user_id) { for (std::map::iterator it=key_map.begin(); it!=key_map.end(); ++it) { if (strncmp(it->second.c_str(), policy, it->second.size()) == 0) { *user_id = it->first; return true; } } return false; } extern "C" bool lookup_ref_key(const char* policy, char* policy_type) { userid_t user_id = 0; if (strncmp(de_raw_ref.c_str(), policy, de_raw_ref.size()) == 0) { strcpy(policy_type, "1DK"); return true; } if (!lookup_ref_key_internal(s_de_key_raw_refs, policy, &user_id)) { if (!lookup_ref_key_internal(s_ce_key_raw_refs, policy, &user_id)) { return false; } else sprintf(policy_type, "1CE%d", user_id); } else sprintf(policy_type, "1DE%d", user_id); return true; } extern "C" bool lookup_ref_tar(const char* policy_type, char* policy) { if (strncmp(policy_type, "1", 1) != 0) { printf("Unexpected version %c\n", policy_type); return false; } const char* ptr = policy_type + 1; // skip past the version number if (strncmp(ptr, "DK", 2) == 0) { strncpy(policy, de_raw_ref.data(), de_raw_ref.size()); return true; } userid_t user_id = atoi(ptr + 2); std::string raw_ref; if (*ptr == 'D') { if (lookup_key_ref(s_de_key_raw_refs, user_id, &raw_ref)) { strncpy(policy, raw_ref.data(), raw_ref.size()); } else return false; } else if (*ptr == 'C') { if (lookup_key_ref(s_ce_key_raw_refs, user_id, &raw_ref)) { strncpy(policy, raw_ref.data(), raw_ref.size()); } else return false; } else { printf("unknown policy type '%s'\n", policy_type); return false; } return true; } int gatekeeper_device_initialize(gatekeeper_device_t **dev) { int ret; const hw_module_t *mod; ret = hw_get_module_by_class(GATEKEEPER_HARDWARE_MODULE_ID, NULL, &mod); if (ret!=0) { printf("failed to get hw module\n"); return ret; } ret = gatekeeper_open(mod, dev); if (ret!=0) printf("failed to open gatekeeper\n"); return ret; } int Get_Password_Type(const userid_t user_id, std::string& filename) { std::string path; if (user_id == 0) { path = "/data/system/"; } else { char user_id_str[5]; sprintf(user_id_str, "%i", user_id); path = "/data/system/users/"; path += user_id_str; path += "/"; } filename = path + "gatekeeper.password.key"; struct stat st; if (stat(filename.c_str(), &st) == 0 && st.st_size > 0) return 1; filename = path + "gatekeeper.pattern.key"; if (stat(filename.c_str(), &st) == 0 && st.st_size > 0) return 2; printf("Unable to locate gatekeeper password file '%s'\n", filename.c_str()); filename = ""; return 0; } bool Decrypt_DE() { if (!e4crypt_initialize_global_de()) { // this deals with the overarching device encryption printf("e4crypt_initialize_global_de returned fail\n"); return false; } if (!e4crypt_init_user0()) { printf("e4crypt_init_user0 returned fail\n"); return false; } return true; } bool Decrypt_User(const userid_t user_id, const std::string& Password) { uint8_t *auth_token; uint32_t auth_token_len; int ret; struct stat st; if (user_id > 9999) { printf("user_id is too big\n"); return false; } std::string filename; bool Default_Password = (Password == "!"); if (Get_Password_Type(user_id, filename) == 0 && !Default_Password) { printf("Unknown password type\n"); return false; } int flags = FLAG_STORAGE_DE; if (user_id == 0) flags = FLAG_STORAGE_DE; else flags = FLAG_STORAGE_CE; gatekeeper_device_t *device; ret = gatekeeper_device_initialize(&device); if (Default_Password) { if (!e4crypt_unlock_user_key(user_id, 0, "!", "!")) { printf("e4crypt_unlock_user_key returned fail\n"); return false; } if (!e4crypt_prepare_user_storage(nullptr, user_id, 0, flags)) { printf("failed to e4crypt_prepare_user_storage\n"); return false; } printf("Decrypted Successfully!\n"); return true; } if (ret!=0) return false; printf("password filename is '%s'\n", filename.c_str()); if (stat(filename.c_str(), &st) != 0) { printf("error stat'ing key file: %s\n", strerror(errno)); return false; } std::string handle; if (!android::base::ReadFileToString(filename, &handle)) { printf("Failed to read '%s'\n", filename.c_str()); return false; } bool should_reenroll; ret = device->verify(device, user_id, 0, (const uint8_t *)handle.c_str(), st.st_size, (const uint8_t *)Password.c_str(), (uint32_t)Password.size(), &auth_token, &auth_token_len, &should_reenroll); if (ret !=0) { printf("failed to verify\n"); return false; } char token_hex[(auth_token_len*2)+1]; token_hex[(auth_token_len*2)] = 0; uint32_t i; for (i=0;i