summaryrefslogtreecommitdiffstats
path: root/crypto/libcrypt_samsung/include/libcrypt_samsung.h
blob: 2fb6f2c4ffd7b35dbc58715f1910a7e9d5395fa5 (plain) (blame) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144

/*
 * Copyright (c) 2013 a3955269 all rights reversed, no rights reserved.
 */

#ifndef __LIBCRYPT_SAMSUNG_H__
#define __LIBCRYPT_SAMSUNG_H__

//////////////////////////////////////////////////////////////////////////////
// Name                           Address  Ordinal
// ----                           -------  -------
// SECKM_AES_set_encrypt_key      000010D8
// SECKM_AES_set_decrypt_key      00001464
// SECKM_AES_encrypt              00001600
// SECKM_AES_decrypt              00001A10
// SECKM_aes_selftest             00001D94
// verify_EDK                     00001F7C
// encrypt_dek                    00001FC8
// decrypt_EDK                    000020D4
// change_EDK                     0000218C
// generate_dek_salt              000022A4
// create_EDK                     000023A0
// free_DEK                       000024DC
// alloc_DEK                      000024F4
// SECKM_HMAC_SHA256              00002500
// SECKM_HMAC_SHA256_selftest     00002690
// pbkdf                          000026FC
// pbkdf_selftest                 00002898
// _SECKM_PRNG_get16              00002958
// SECKM_PRNG_get16               00002C48
// _SECKM_PRNG_init               00002C54
// SECKM_PRNG_selftest            00002F38
// SECKM_PRNG_set_seed            00002FF0
// SECKM_PRNG_init                00002FF8
// SECKM_SHA256_Transform         00003004
// SECKM_SHA256_Final             000031D8
// SECKM_SHA256_Update            00003330
// SECKM_SHA256_Init              000033FC
// SECKM_SHA2_selftest            00003430
// integrity_check                00003488
// update_system_property         00003580
// setsec_km_fips_status          00003630
// _all_checks                    00003684
// get_fips_status                000036D4


// EDK Payload is defined as:
//    Encrypted DEK – EDK itself
//    HMAC of EDK (32 bytes ???)
//    Salt         16 bytes

#define EDK_MAGIC   0x1001e4b1

#pragma pack(1)

typedef struct {
    unsigned int magic;     // EDK_MAGIC
    unsigned int flags;     // 2
    unsigned int zeros[6];
} dek_t;

typedef struct {
    unsigned char data[32];
} edk_t;


// size 0x70 -> 112
typedef struct {
    dek_t dek;
    edk_t edk;
    unsigned char hmac[32];
    unsigned char salt[16];
} edk_payload_t;

#pragma pack()

//////////////////////////////////////////////////////////////////////////////

int decrypt_EDK(
        dek_t *dek, const edk_payload_t *edk, /*const*/ char *passwd);

typedef int (*decrypt_EDK_t)(
        dek_t *dek, const edk_payload_t *edk, /*const*/ char *passwd);


int verify_EDK(const edk_payload_t *edk, const char *passwd);
//change_EDK()
//create_EDK()

// internally just mallocs 32 bytes
dek_t *alloc_DEK();
void free_DEK(dek_t *dek);
//encrypt_dek()
//generate_dek_salt()

//pbkdf(_buf_, "passwordPASSWORDpassword", 0x18, "saltSALTsaltSALTsaltSALTsaltSALTsalt", 0x24, 0x1000, 0x140);
int pbkdf(
        void *buf, void *pw, int pwlen, void *salt, int saltlen, int hashcnt,
        int keylen);

// getprop("rw.km_fips_status")
// "ready, undefined, error_selftest, error_integrity"
int get_fips_status();

//////////////////////////////////////////////////////////////////////////////
//
// libsec_ecryptfs.so (internally uses libkeyutils.so)
//
// Name                   Address  Ordinal
// ----                   -------  -------
// unmount_ecryptfs_drive 00000A78
// mount_ecryptfs_drive   00000B48
// fips_read_edk          00000E44
// fips_save_edk          00000EA4
// fips_create_edk        00000F20
// fips_change_password   00001018
// fips_delete_edk        00001124
//

// might depend on /data beeing mounted for reading /data/system/edk_p_sd
//
// filter
// 0: building options without file encryption filtering.
// 1: building options with media files filtering.
// 2: building options with all new files filtering.

int mount_ecryptfs_drive(
        const char *passwd, const char *source, const char *target, int filter);

typedef int (*mount_ecryptfs_drive_t)(
        const char *passwd, const char *source, const char *target, int filter);

// calls 2 times umount2(source, MNT_EXPIRE)
int unmount_ecryptfs_drive(
        const char *source);

typedef int (*unmount_ecryptfs_drive_t)(
        const char *source);

//////////////////////////////////////////////////////////////////////////////

#endif // #ifndef __LIBCRYPT_SAMSUNG_H__

//////////////////////////////////////////////////////////////////////////////
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-05 00:06:59 +0100