From 6ff55cefd060b4c8f6c0fa97d5521516f9ee43f1 Mon Sep 17 00:00:00 2001
From: a3955269 <a3955269>
Date: Tue, 8 Jan 2013 16:14:56 +0000
Subject: Add Samsung TouchWiz decryption

Change-Id: I418680e59372160dabfe3e2d5f0208229aa151ae
---
 crypto/libcrypt_samsung/Android.mk                 |  11 ++
 crypto/libcrypt_samsung/include/libcrypt_samsung.h | 141 +++++++++++++++++++++
 crypto/libcrypt_samsung/libcrypt_samsung.c         |  68 ++++++++++
 3 files changed, 220 insertions(+)
 create mode 100644 crypto/libcrypt_samsung/Android.mk
 create mode 100644 crypto/libcrypt_samsung/include/libcrypt_samsung.h
 create mode 100644 crypto/libcrypt_samsung/libcrypt_samsung.c

(limited to 'crypto/libcrypt_samsung')

diff --git a/crypto/libcrypt_samsung/Android.mk b/crypto/libcrypt_samsung/Android.mk
new file mode 100644
index 000000000..6e0e86903
--- /dev/null
+++ b/crypto/libcrypt_samsung/Android.mk
@@ -0,0 +1,11 @@
+LOCAL_PATH := $(call my-dir)
+
+ifneq ($(TARGET_SIMULATOR),true)
+
+include $(CLEAR_VARS)
+LOCAL_MODULE := libcrypt_samsung
+LOCAL_SRC_FILES := $(LOCAL_MODULE).c
+LOCAL_MODULE_TAGS := eng
+include $(BUILD_STATIC_LIBRARY)
+
+endif
diff --git a/crypto/libcrypt_samsung/include/libcrypt_samsung.h b/crypto/libcrypt_samsung/include/libcrypt_samsung.h
new file mode 100644
index 000000000..48c7b3e6d
--- /dev/null
+++ b/crypto/libcrypt_samsung/include/libcrypt_samsung.h
@@ -0,0 +1,141 @@
+/*
+ * Copyright (c) 2013 a3955269 all rights reversed, no rights reserved.
+ */
+
+#ifndef __LIBCRYPT_SAMSUNG_H__
+#define __LIBCRYPT_SAMSUNG_H__
+
+//////////////////////////////////////////////////////////////////////////////
+// Name                           Address  Ordinal
+// ----                           -------  -------
+// SECKM_AES_set_encrypt_key      000010D8
+// SECKM_AES_set_decrypt_key      00001464
+// SECKM_AES_encrypt              00001600
+// SECKM_AES_decrypt              00001A10
+// SECKM_aes_selftest             00001D94
+// verify_EDK                     00001F7C
+// encrypt_dek                    00001FC8
+// decrypt_EDK                    000020D4
+// change_EDK                     0000218C
+// generate_dek_salt              000022A4
+// create_EDK                     000023A0
+// free_DEK                       000024DC
+// alloc_DEK                      000024F4
+// SECKM_HMAC_SHA256              00002500
+// SECKM_HMAC_SHA256_selftest     00002690
+// pbkdf                          000026FC
+// pbkdf_selftest                 00002898
+// _SECKM_PRNG_get16              00002958
+// SECKM_PRNG_get16               00002C48
+// _SECKM_PRNG_init               00002C54
+// SECKM_PRNG_selftest            00002F38
+// SECKM_PRNG_set_seed            00002FF0
+// SECKM_PRNG_init                00002FF8
+// SECKM_SHA256_Transform         00003004
+// SECKM_SHA256_Final             000031D8
+// SECKM_SHA256_Update            00003330
+// SECKM_SHA256_Init              000033FC
+// SECKM_SHA2_selftest            00003430
+// integrity_check                00003488
+// update_system_property         00003580
+// setsec_km_fips_status          00003630
+// _all_checks                    00003684
+// get_fips_status                000036D4
+
+
+// EDK Payload is defined as:
+//    Encrypted DEK – EDK itself
+//    HMAC of EDK (32 bytes ???)
+//    Salt         16 bytes
+
+#define EDK_MAGIC   0x1001e4b1
+
+#pragma pack(1)
+
+typedef struct {
+    unsigned int magic;     // EDK_MAGIC
+    unsigned int flags;     // 2
+    unsigned int zeros[6];
+} dek_t;
+
+typedef struct {
+    unsigned char data[32];
+} edk_t;
+
+
+// size 0x70 -> 112
+typedef struct {
+    dek_t dek;
+    edk_t edk;
+    unsigned char hmac[32];
+    unsigned char salt[16];
+} edk_payload_t;
+
+#pragma pack()
+
+//////////////////////////////////////////////////////////////////////////////
+
+int decrypt_EDK(
+        dek_t *dek, const edk_payload_t *edk, /*const*/ char *passwd);
+
+typedef int (*decrypt_EDK_t)(
+        dek_t *dek, const edk_payload_t *edk, /*const*/ char *passwd);
+
+
+int verify_EDK(const edk_payload_t *edk, const char *passwd);
+//change_EDK()
+//create_EDK()
+
+// internally just mallocs 32 bytes
+dek_t *alloc_DEK();
+void free_DEK(dek_t *dek);
+//encrypt_dek()
+//generate_dek_salt()
+
+//pbkdf(_buf_, "passwordPASSWORDpassword", 0x18, "saltSALTsaltSALTsaltSALTsaltSALTsalt", 0x24, 0x1000, 0x140);
+int pbkdf(
+        void *buf, void *pw, int pwlen, void *salt, int saltlen, int hashcnt,
+        int keylen);
+
+// getprop("rw.km_fips_status")
+// "ready, undefined, error_selftest, error_integrity"
+int get_fips_status();
+
+//////////////////////////////////////////////////////////////////////////////
+//
+// libsec_ecryptfs.so (internally uses libkeyutils.so)
+//
+// Name                   Address  Ordinal
+// ----                   -------  -------
+// unmount_ecryptfs_drive 00000A78
+// mount_ecryptfs_drive   00000B48
+// fips_read_edk          00000E44
+// fips_save_edk          00000EA4
+// fips_create_edk        00000F20
+// fips_change_password   00001018
+// fips_delete_edk        00001124
+//
+
+// might depend on /data beeing mounted for reading /data/system/edk_p_sd
+//
+// filter
+// 0: building options without file encryption filtering.
+// 1: building options with media files filtering.
+// 2: building options with all new files filtering.
+
+int mount_ecryptfs_drive(
+        const char *passwd, const char *source, const char *target, int filter);
+
+typedef int (*mount_ecryptfs_drive_t)(
+        const char *passwd, const char *source, const char *target, int filter);
+
+// calls 2 times umount2(source, MNT_EXPIRE)
+int unmount_ecryptfs_drive(
+        const char *source);
+
+//////////////////////////////////////////////////////////////////////////////
+
+#endif // #ifndef __LIBCRYPT_SAMSUNG_H__
+
+//////////////////////////////////////////////////////////////////////////////
+
diff --git a/crypto/libcrypt_samsung/libcrypt_samsung.c b/crypto/libcrypt_samsung/libcrypt_samsung.c
new file mode 100644
index 000000000..4b9b9c5d5
--- /dev/null
+++ b/crypto/libcrypt_samsung/libcrypt_samsung.c
@@ -0,0 +1,68 @@
+/*
+ * Copyright (c) 2013 a3955269 all rights reversed, no rights reserved.
+ */
+
+//////////////////////////////////////////////////////////////////////////////
+
+#include <string.h>
+#include <stdio.h>
+#include <dlfcn.h>
+
+#include "include/libcrypt_samsung.h"
+
+//////////////////////////////////////////////////////////////////////////////
+void xconvert_key_to_hex_ascii(unsigned char *master_key, unsigned int keysize,
+                              char *master_key_ascii)
+{
+  unsigned int i, a;
+  unsigned char nibble;
+
+  for (i=0, a=0; i<keysize; i++, a+=2) {
+    /* For each byte, write out two ascii hex digits */
+    nibble = (master_key[i] >> 4) & 0xf;
+    master_key_ascii[a] = nibble + (nibble > 9 ? 0x37 : 0x30);
+
+    nibble = master_key[i] & 0xf;
+    master_key_ascii[a+1] = nibble + (nibble > 9 ? 0x37 : 0x30);
+  }
+
+  /* Add the null termination */
+  master_key_ascii[a] = '\0';
+
+}
+
+int decrypt_EDK(
+        dek_t *dek, const edk_payload_t *edk, /*const*/ char *passwd)
+{
+    void *lib = dlopen("libsec_km.so", RTLD_LAZY);
+
+    if(!lib)
+        return -100;
+
+    int r = -101;
+    decrypt_EDK_t sym = (decrypt_EDK_t)dlsym(lib, "decrypt_EDK");
+    if(sym)
+        r = sym(dek, edk, passwd);
+
+    dlclose(lib);
+
+    return r;
+}
+
+int mount_ecryptfs_drive(
+        const char *passwd, const char *source, const char *target, int filter)
+{
+    void *lib = dlopen("libsec_ecryptfs.so", RTLD_LAZY);
+    if(!lib)
+        return -100;
+
+    int r = -101;
+    mount_ecryptfs_drive_t sym = (mount_ecryptfs_drive_t)dlsym(lib, "mount_ecryptfs_drive");
+    if(sym)
+        r = sym(passwd, source, target, filter);
+
+    dlclose(lib);
+
+    return r;
+}
+
-- 
cgit v1.2.3