| a3955269 | 6ff55ce | 2013-01-08 16:14:56 +0000 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (c) 2013 a3955269 all rights reversed, no rights reserved. |
| 3 | */ |
| 4 | |
| 5 | #ifndef __LIBCRYPT_SAMSUNG_H__ |
| 6 | #define __LIBCRYPT_SAMSUNG_H__ |
| 7 | |
| 8 | ////////////////////////////////////////////////////////////////////////////// |
| 9 | // Name Address Ordinal |
| 10 | // ---- ------- ------- |
| 11 | // SECKM_AES_set_encrypt_key 000010D8 |
| 12 | // SECKM_AES_set_decrypt_key 00001464 |
| 13 | // SECKM_AES_encrypt 00001600 |
| 14 | // SECKM_AES_decrypt 00001A10 |
| 15 | // SECKM_aes_selftest 00001D94 |
| 16 | // verify_EDK 00001F7C |
| 17 | // encrypt_dek 00001FC8 |
| 18 | // decrypt_EDK 000020D4 |
| 19 | // change_EDK 0000218C |
| 20 | // generate_dek_salt 000022A4 |
| 21 | // create_EDK 000023A0 |
| 22 | // free_DEK 000024DC |
| 23 | // alloc_DEK 000024F4 |
| 24 | // SECKM_HMAC_SHA256 00002500 |
| 25 | // SECKM_HMAC_SHA256_selftest 00002690 |
| 26 | // pbkdf 000026FC |
| 27 | // pbkdf_selftest 00002898 |
| 28 | // _SECKM_PRNG_get16 00002958 |
| 29 | // SECKM_PRNG_get16 00002C48 |
| 30 | // _SECKM_PRNG_init 00002C54 |
| 31 | // SECKM_PRNG_selftest 00002F38 |
| 32 | // SECKM_PRNG_set_seed 00002FF0 |
| 33 | // SECKM_PRNG_init 00002FF8 |
| 34 | // SECKM_SHA256_Transform 00003004 |
| 35 | // SECKM_SHA256_Final 000031D8 |
| 36 | // SECKM_SHA256_Update 00003330 |
| 37 | // SECKM_SHA256_Init 000033FC |
| 38 | // SECKM_SHA2_selftest 00003430 |
| 39 | // integrity_check 00003488 |
| 40 | // update_system_property 00003580 |
| 41 | // setsec_km_fips_status 00003630 |
| 42 | // _all_checks 00003684 |
| 43 | // get_fips_status 000036D4 |
| 44 | |
| 45 | |
| 46 | // EDK Payload is defined as: |
| 47 | // Encrypted DEK – EDK itself |
| 48 | // HMAC of EDK (32 bytes ???) |
| 49 | // Salt 16 bytes |
| 50 | |
| 51 | #define EDK_MAGIC 0x1001e4b1 |
| 52 | |
| 53 | #pragma pack(1) |
| 54 | |
| 55 | typedef struct { |
| 56 | unsigned int magic; // EDK_MAGIC |
| 57 | unsigned int flags; // 2 |
| 58 | unsigned int zeros[6]; |
| 59 | } dek_t; |
| 60 | |
| 61 | typedef struct { |
| 62 | unsigned char data[32]; |
| 63 | } edk_t; |
| 64 | |
| 65 | |
| 66 | // size 0x70 -> 112 |
| 67 | typedef struct { |
| 68 | dek_t dek; |
| 69 | edk_t edk; |
| 70 | unsigned char hmac[32]; |
| 71 | unsigned char salt[16]; |
| 72 | } edk_payload_t; |
| 73 | |
| 74 | #pragma pack() |
| 75 | |
| 76 | ////////////////////////////////////////////////////////////////////////////// |
| 77 | |
| 78 | int decrypt_EDK( |
| 79 | dek_t *dek, const edk_payload_t *edk, /*const*/ char *passwd); |
| 80 | |
| 81 | typedef int (*decrypt_EDK_t)( |
| 82 | dek_t *dek, const edk_payload_t *edk, /*const*/ char *passwd); |
| 83 | |
| 84 | |
| 85 | int verify_EDK(const edk_payload_t *edk, const char *passwd); |
| 86 | //change_EDK() |
| 87 | //create_EDK() |
| 88 | |
| 89 | // internally just mallocs 32 bytes |
| 90 | dek_t *alloc_DEK(); |
| 91 | void free_DEK(dek_t *dek); |
| 92 | //encrypt_dek() |
| 93 | //generate_dek_salt() |
| 94 | |
| 95 | //pbkdf(_buf_, "passwordPASSWORDpassword", 0x18, "saltSALTsaltSALTsaltSALTsaltSALTsalt", 0x24, 0x1000, 0x140); |
| 96 | int pbkdf( |
| 97 | void *buf, void *pw, int pwlen, void *salt, int saltlen, int hashcnt, |
| 98 | int keylen); |
| 99 | |
| 100 | // getprop("rw.km_fips_status") |
| 101 | // "ready, undefined, error_selftest, error_integrity" |
| 102 | int get_fips_status(); |
| 103 | |
| 104 | ////////////////////////////////////////////////////////////////////////////// |
| 105 | // |
| 106 | // libsec_ecryptfs.so (internally uses libkeyutils.so) |
| 107 | // |
| 108 | // Name Address Ordinal |
| 109 | // ---- ------- ------- |
| 110 | // unmount_ecryptfs_drive 00000A78 |
| 111 | // mount_ecryptfs_drive 00000B48 |
| 112 | // fips_read_edk 00000E44 |
| 113 | // fips_save_edk 00000EA4 |
| 114 | // fips_create_edk 00000F20 |
| 115 | // fips_change_password 00001018 |
| 116 | // fips_delete_edk 00001124 |
| 117 | // |
| 118 | |
| 119 | // might depend on /data beeing mounted for reading /data/system/edk_p_sd |
| 120 | // |
| 121 | // filter |
| 122 | // 0: building options without file encryption filtering. |
| 123 | // 1: building options with media files filtering. |
| 124 | // 2: building options with all new files filtering. |
| 125 | |
| 126 | int mount_ecryptfs_drive( |
| 127 | const char *passwd, const char *source, const char *target, int filter); |
| 128 | |
| 129 | typedef int (*mount_ecryptfs_drive_t)( |
| 130 | const char *passwd, const char *source, const char *target, int filter); |
| 131 | |
| 132 | // calls 2 times umount2(source, MNT_EXPIRE) |
| 133 | int unmount_ecryptfs_drive( |
| 134 | const char *source); |
| 135 | |
| 136 | ////////////////////////////////////////////////////////////////////////////// |
| 137 | |
| 138 | #endif // #ifndef __LIBCRYPT_SAMSUNG_H__ |
| 139 | |
| 140 | ////////////////////////////////////////////////////////////////////////////// |
| 141 | |