summaryrefslogtreecommitdiffstats
path: root/crypto/libcrypt_samsung
diff options
context:
space:
mode:
authora3955269 <a3955269>2013-01-08 17:14:56 +0100
committerDees_Troy <dees_troy@teamw.in>2013-01-08 21:09:56 +0100
commit6ff55cefd060b4c8f6c0fa97d5521516f9ee43f1 (patch)
tree2617e02d06b317d4f40779131a9e494b163f6651 /crypto/libcrypt_samsung
parentMerge "Fix up libmincrypt rules for Android 4.2" into jb-wip (diff)
downloadandroid_bootable_recovery-6ff55cefd060b4c8f6c0fa97d5521516f9ee43f1.tar
android_bootable_recovery-6ff55cefd060b4c8f6c0fa97d5521516f9ee43f1.tar.gz
android_bootable_recovery-6ff55cefd060b4c8f6c0fa97d5521516f9ee43f1.tar.bz2
android_bootable_recovery-6ff55cefd060b4c8f6c0fa97d5521516f9ee43f1.tar.lz
android_bootable_recovery-6ff55cefd060b4c8f6c0fa97d5521516f9ee43f1.tar.xz
android_bootable_recovery-6ff55cefd060b4c8f6c0fa97d5521516f9ee43f1.tar.zst
android_bootable_recovery-6ff55cefd060b4c8f6c0fa97d5521516f9ee43f1.zip
Diffstat (limited to 'crypto/libcrypt_samsung')
-rw-r--r--crypto/libcrypt_samsung/Android.mk11
-rw-r--r--crypto/libcrypt_samsung/include/libcrypt_samsung.h141
-rw-r--r--crypto/libcrypt_samsung/libcrypt_samsung.c68
3 files changed, 220 insertions, 0 deletions
diff --git a/crypto/libcrypt_samsung/Android.mk b/crypto/libcrypt_samsung/Android.mk
new file mode 100644
index 000000000..6e0e86903
--- /dev/null
+++ b/crypto/libcrypt_samsung/Android.mk
@@ -0,0 +1,11 @@
+LOCAL_PATH := $(call my-dir)
+
+ifneq ($(TARGET_SIMULATOR),true)
+
+include $(CLEAR_VARS)
+LOCAL_MODULE := libcrypt_samsung
+LOCAL_SRC_FILES := $(LOCAL_MODULE).c
+LOCAL_MODULE_TAGS := eng
+include $(BUILD_STATIC_LIBRARY)
+
+endif
diff --git a/crypto/libcrypt_samsung/include/libcrypt_samsung.h b/crypto/libcrypt_samsung/include/libcrypt_samsung.h
new file mode 100644
index 000000000..48c7b3e6d
--- /dev/null
+++ b/crypto/libcrypt_samsung/include/libcrypt_samsung.h
@@ -0,0 +1,141 @@
+/*
+ * Copyright (c) 2013 a3955269 all rights reversed, no rights reserved.
+ */
+
+#ifndef __LIBCRYPT_SAMSUNG_H__
+#define __LIBCRYPT_SAMSUNG_H__
+
+//////////////////////////////////////////////////////////////////////////////
+// Name Address Ordinal
+// ---- ------- -------
+// SECKM_AES_set_encrypt_key 000010D8
+// SECKM_AES_set_decrypt_key 00001464
+// SECKM_AES_encrypt 00001600
+// SECKM_AES_decrypt 00001A10
+// SECKM_aes_selftest 00001D94
+// verify_EDK 00001F7C
+// encrypt_dek 00001FC8
+// decrypt_EDK 000020D4
+// change_EDK 0000218C
+// generate_dek_salt 000022A4
+// create_EDK 000023A0
+// free_DEK 000024DC
+// alloc_DEK 000024F4
+// SECKM_HMAC_SHA256 00002500
+// SECKM_HMAC_SHA256_selftest 00002690
+// pbkdf 000026FC
+// pbkdf_selftest 00002898
+// _SECKM_PRNG_get16 00002958
+// SECKM_PRNG_get16 00002C48
+// _SECKM_PRNG_init 00002C54
+// SECKM_PRNG_selftest 00002F38
+// SECKM_PRNG_set_seed 00002FF0
+// SECKM_PRNG_init 00002FF8
+// SECKM_SHA256_Transform 00003004
+// SECKM_SHA256_Final 000031D8
+// SECKM_SHA256_Update 00003330
+// SECKM_SHA256_Init 000033FC
+// SECKM_SHA2_selftest 00003430
+// integrity_check 00003488
+// update_system_property 00003580
+// setsec_km_fips_status 00003630
+// _all_checks 00003684
+// get_fips_status 000036D4
+
+
+// EDK Payload is defined as:
+// Encrypted DEK – EDK itself
+// HMAC of EDK (32 bytes ???)
+// Salt 16 bytes
+
+#define EDK_MAGIC 0x1001e4b1
+
+#pragma pack(1)
+
+typedef struct {
+ unsigned int magic; // EDK_MAGIC
+ unsigned int flags; // 2
+ unsigned int zeros[6];
+} dek_t;
+
+typedef struct {
+ unsigned char data[32];
+} edk_t;
+
+
+// size 0x70 -> 112
+typedef struct {
+ dek_t dek;
+ edk_t edk;
+ unsigned char hmac[32];
+ unsigned char salt[16];
+} edk_payload_t;
+
+#pragma pack()
+
+//////////////////////////////////////////////////////////////////////////////
+
+int decrypt_EDK(
+ dek_t *dek, const edk_payload_t *edk, /*const*/ char *passwd);
+
+typedef int (*decrypt_EDK_t)(
+ dek_t *dek, const edk_payload_t *edk, /*const*/ char *passwd);
+
+
+int verify_EDK(const edk_payload_t *edk, const char *passwd);
+//change_EDK()
+//create_EDK()
+
+// internally just mallocs 32 bytes
+dek_t *alloc_DEK();
+void free_DEK(dek_t *dek);
+//encrypt_dek()
+//generate_dek_salt()
+
+//pbkdf(_buf_, "passwordPASSWORDpassword", 0x18, "saltSALTsaltSALTsaltSALTsaltSALTsalt", 0x24, 0x1000, 0x140);
+int pbkdf(
+ void *buf, void *pw, int pwlen, void *salt, int saltlen, int hashcnt,
+ int keylen);
+
+// getprop("rw.km_fips_status")
+// "ready, undefined, error_selftest, error_integrity"
+int get_fips_status();
+
+//////////////////////////////////////////////////////////////////////////////
+//
+// libsec_ecryptfs.so (internally uses libkeyutils.so)
+//
+// Name Address Ordinal
+// ---- ------- -------
+// unmount_ecryptfs_drive 00000A78
+// mount_ecryptfs_drive 00000B48
+// fips_read_edk 00000E44
+// fips_save_edk 00000EA4
+// fips_create_edk 00000F20
+// fips_change_password 00001018
+// fips_delete_edk 00001124
+//
+
+// might depend on /data beeing mounted for reading /data/system/edk_p_sd
+//
+// filter
+// 0: building options without file encryption filtering.
+// 1: building options with media files filtering.
+// 2: building options with all new files filtering.
+
+int mount_ecryptfs_drive(
+ const char *passwd, const char *source, const char *target, int filter);
+
+typedef int (*mount_ecryptfs_drive_t)(
+ const char *passwd, const char *source, const char *target, int filter);
+
+// calls 2 times umount2(source, MNT_EXPIRE)
+int unmount_ecryptfs_drive(
+ const char *source);
+
+//////////////////////////////////////////////////////////////////////////////
+
+#endif // #ifndef __LIBCRYPT_SAMSUNG_H__
+
+//////////////////////////////////////////////////////////////////////////////
+
diff --git a/crypto/libcrypt_samsung/libcrypt_samsung.c b/crypto/libcrypt_samsung/libcrypt_samsung.c
new file mode 100644
index 000000000..4b9b9c5d5
--- /dev/null
+++ b/crypto/libcrypt_samsung/libcrypt_samsung.c
@@ -0,0 +1,68 @@
+/*
+ * Copyright (c) 2013 a3955269 all rights reversed, no rights reserved.
+ */
+
+//////////////////////////////////////////////////////////////////////////////
+
+#include <string.h>
+#include <stdio.h>
+#include <dlfcn.h>
+
+#include "include/libcrypt_samsung.h"
+
+//////////////////////////////////////////////////////////////////////////////
+void xconvert_key_to_hex_ascii(unsigned char *master_key, unsigned int keysize,
+ char *master_key_ascii)
+{
+ unsigned int i, a;
+ unsigned char nibble;
+
+ for (i=0, a=0; i<keysize; i++, a+=2) {
+ /* For each byte, write out two ascii hex digits */
+ nibble = (master_key[i] >> 4) & 0xf;
+ master_key_ascii[a] = nibble + (nibble > 9 ? 0x37 : 0x30);
+
+ nibble = master_key[i] & 0xf;
+ master_key_ascii[a+1] = nibble + (nibble > 9 ? 0x37 : 0x30);
+ }
+
+ /* Add the null termination */
+ master_key_ascii[a] = '\0';
+
+}
+
+int decrypt_EDK(
+ dek_t *dek, const edk_payload_t *edk, /*const*/ char *passwd)
+{
+ void *lib = dlopen("libsec_km.so", RTLD_LAZY);
+
+ if(!lib)
+ return -100;
+
+ int r = -101;
+ decrypt_EDK_t sym = (decrypt_EDK_t)dlsym(lib, "decrypt_EDK");
+ if(sym)
+ r = sym(dek, edk, passwd);
+
+ dlclose(lib);
+
+ return r;
+}
+
+int mount_ecryptfs_drive(
+ const char *passwd, const char *source, const char *target, int filter)
+{
+ void *lib = dlopen("libsec_ecryptfs.so", RTLD_LAZY);
+ if(!lib)
+ return -100;
+
+ int r = -101;
+ mount_ecryptfs_drive_t sym = (mount_ecryptfs_drive_t)dlsym(lib, "mount_ecryptfs_drive");
+ if(sym)
+ r = sym(passwd, source, target, filter);
+
+ dlclose(lib);
+
+ return r;
+}
+