1 files changed, 141 insertions, 0 deletions

diff --git a/crypto/libcrypt_samsung/include/libcrypt_samsung.h b/crypto/libcrypt_samsung/include/libcrypt_samsung.h
new file mode 100644
index 000000000..48c7b3e6d
--- /dev/null
+++ b/crypto/libcrypt_samsung/include/libcrypt_samsung.h
@@ -0,0 +1,141 @@
+/*
+ * Copyright (c) 2013 a3955269 all rights reversed, no rights reserved.
+ */
+
+#ifndef __LIBCRYPT_SAMSUNG_H__
+#define __LIBCRYPT_SAMSUNG_H__
+
+//////////////////////////////////////////////////////////////////////////////
+// Name                           Address  Ordinal
+// ----                           -------  -------
+// SECKM_AES_set_encrypt_key      000010D8
+// SECKM_AES_set_decrypt_key      00001464
+// SECKM_AES_encrypt              00001600
+// SECKM_AES_decrypt              00001A10
+// SECKM_aes_selftest             00001D94
+// verify_EDK                     00001F7C
+// encrypt_dek                    00001FC8
+// decrypt_EDK                    000020D4
+// change_EDK                     0000218C
+// generate_dek_salt              000022A4
+// create_EDK                     000023A0
+// free_DEK                       000024DC
+// alloc_DEK                      000024F4
+// SECKM_HMAC_SHA256              00002500
+// SECKM_HMAC_SHA256_selftest     00002690
+// pbkdf                          000026FC
+// pbkdf_selftest                 00002898
+// _SECKM_PRNG_get16              00002958
+// SECKM_PRNG_get16               00002C48
+// _SECKM_PRNG_init               00002C54
+// SECKM_PRNG_selftest            00002F38
+// SECKM_PRNG_set_seed            00002FF0
+// SECKM_PRNG_init                00002FF8
+// SECKM_SHA256_Transform         00003004
+// SECKM_SHA256_Final             000031D8
+// SECKM_SHA256_Update            00003330
+// SECKM_SHA256_Init              000033FC
+// SECKM_SHA2_selftest            00003430
+// integrity_check                00003488
+// update_system_property         00003580
+// setsec_km_fips_status          00003630
+// _all_checks                    00003684
+// get_fips_status                000036D4
+
+
+// EDK Payload is defined as:
+//    Encrypted DEK – EDK itself
+//    HMAC of EDK (32 bytes ???)
+//    Salt         16 bytes
+
+#define EDK_MAGIC   0x1001e4b1
+
+#pragma pack(1)
+
+typedef struct {
+    unsigned int magic;     // EDK_MAGIC
+    unsigned int flags;     // 2
+    unsigned int zeros[6];
+} dek_t;
+
+typedef struct {
+    unsigned char data[32];
+} edk_t;
+
+
+// size 0x70 -> 112
+typedef struct {
+    dek_t dek;
+    edk_t edk;
+    unsigned char hmac[32];
+    unsigned char salt[16];
+} edk_payload_t;
+
+#pragma pack()
+
+//////////////////////////////////////////////////////////////////////////////
+
+int decrypt_EDK(
+        dek_t *dek, const edk_payload_t *edk, /*const*/ char *passwd);
+
+typedef int (*decrypt_EDK_t)(
+        dek_t *dek, const edk_payload_t *edk, /*const*/ char *passwd);
+
+
+int verify_EDK(const edk_payload_t *edk, const char *passwd);
+//change_EDK()
+//create_EDK()
+
+// internally just mallocs 32 bytes
+dek_t *alloc_DEK();
+void free_DEK(dek_t *dek);
+//encrypt_dek()
+//generate_dek_salt()
+
+//pbkdf(_buf_, "passwordPASSWORDpassword", 0x18, "saltSALTsaltSALTsaltSALTsaltSALTsalt", 0x24, 0x1000, 0x140);
+int pbkdf(
+        void *buf, void *pw, int pwlen, void *salt, int saltlen, int hashcnt,
+        int keylen);
+
+// getprop("rw.km_fips_status")
+// "ready, undefined, error_selftest, error_integrity"
+int get_fips_status();
+
+//////////////////////////////////////////////////////////////////////////////
+//
+// libsec_ecryptfs.so (internally uses libkeyutils.so)
+//
+// Name                   Address  Ordinal
+// ----                   -------  -------
+// unmount_ecryptfs_drive 00000A78
+// mount_ecryptfs_drive   00000B48
+// fips_read_edk          00000E44
+// fips_save_edk          00000EA4
+// fips_create_edk        00000F20
+// fips_change_password   00001018
+// fips_delete_edk        00001124
+//
+
+// might depend on /data beeing mounted for reading /data/system/edk_p_sd
+//
+// filter
+// 0: building options without file encryption filtering.
+// 1: building options with media files filtering.
+// 2: building options with all new files filtering.
+
+int mount_ecryptfs_drive(
+        const char *passwd, const char *source, const char *target, int filter);
+
+typedef int (*mount_ecryptfs_drive_t)(
+        const char *passwd, const char *source, const char *target, int filter);
+
+// calls 2 times umount2(source, MNT_EXPIRE)
+int unmount_ecryptfs_drive(
+        const char *source);
+
+//////////////////////////////////////////////////////////////////////////////
+
+#endif // #ifndef __LIBCRYPT_SAMSUNG_H__
+
+//////////////////////////////////////////////////////////////////////////////
+