18f869aa1bc685b505c58e97b4e11a9c7491a16f9Ken Sumrall/* 28f869aa1bc685b505c58e97b4e11a9c7491a16f9Ken Sumrall * Copyright (C) 2010 The Android Open Source Project 38f869aa1bc685b505c58e97b4e11a9c7491a16f9Ken Sumrall * 48f869aa1bc685b505c58e97b4e11a9c7491a16f9Ken Sumrall * Licensed under the Apache License, Version 2.0 (the "License"); 58f869aa1bc685b505c58e97b4e11a9c7491a16f9Ken Sumrall * you may not use this file except in compliance with the License. 68f869aa1bc685b505c58e97b4e11a9c7491a16f9Ken Sumrall * You may obtain a copy of the License at 78f869aa1bc685b505c58e97b4e11a9c7491a16f9Ken Sumrall * 88f869aa1bc685b505c58e97b4e11a9c7491a16f9Ken Sumrall * http://www.apache.org/licenses/LICENSE-2.0 98f869aa1bc685b505c58e97b4e11a9c7491a16f9Ken Sumrall * 108f869aa1bc685b505c58e97b4e11a9c7491a16f9Ken Sumrall * Unless required by applicable law or agreed to in writing, software 118f869aa1bc685b505c58e97b4e11a9c7491a16f9Ken Sumrall * distributed under the License is distributed on an "AS IS" BASIS, 128f869aa1bc685b505c58e97b4e11a9c7491a16f9Ken Sumrall * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 138f869aa1bc685b505c58e97b4e11a9c7491a16f9Ken Sumrall * See the License for the specific language governing permissions and 148f869aa1bc685b505c58e97b4e11a9c7491a16f9Ken Sumrall * limitations under the License. 158f869aa1bc685b505c58e97b4e11a9c7491a16f9Ken Sumrall */ 168f869aa1bc685b505c58e97b4e11a9c7491a16f9Ken Sumrall 178f869aa1bc685b505c58e97b4e11a9c7491a16f9Ken Sumrall/* This structure starts 16,384 bytes before the end of a hardware 18160b4d68ece15947057e31edde4e5608a010c695Ken Sumrall * partition that is encrypted, or in a separate partition. It's location 19160b4d68ece15947057e31edde4e5608a010c695Ken Sumrall * is specified by a property set in init.<device>.rc. 20160b4d68ece15947057e31edde4e5608a010c695Ken Sumrall * The structure allocates 48 bytes for a key, but the real key size is 21160b4d68ece15947057e31edde4e5608a010c695Ken Sumrall * specified in the struct. Currently, the code is hardcoded to use 128 22160b4d68ece15947057e31edde4e5608a010c695Ken Sumrall * bit keys. 23160b4d68ece15947057e31edde4e5608a010c695Ken Sumrall * The fields after salt are only valid in rev 1.1 and later stuctures. 248f869aa1bc685b505c58e97b4e11a9c7491a16f9Ken Sumrall * Obviously, the filesystem does not include the last 16 kbytes 25160b4d68ece15947057e31edde4e5608a010c695Ken Sumrall * of the partition if the crypt_mnt_ftr lives at the end of the 26160b4d68ece15947057e31edde4e5608a010c695Ken Sumrall * partition. 278f869aa1bc685b505c58e97b4e11a9c7491a16f9Ken Sumrall */ 288f869aa1bc685b505c58e97b4e11a9c7491a16f9Ken Sumrall 29160b4d68ece15947057e31edde4e5608a010c695Ken Sumrall#include <cutils/properties.h> 3087999173dd79dbcbd8cb97f5476007e867aaeebaPaul Lawrence#include <openssl/sha.h> 31160b4d68ece15947057e31edde4e5608a010c695Ken Sumrall 32c96a5f8edf65a8abe441d0cfd3ce227bdf1bf55fKenny Root/* The current cryptfs version */ 33c96a5f8edf65a8abe441d0cfd3ce227bdf1bf55fKenny Root#define CURRENT_MAJOR_VERSION 1 34f4faa575c9fc20a8a8e133d6098865b5ce3a7ed2Paul Lawrence#define CURRENT_MINOR_VERSION 3 35c96a5f8edf65a8abe441d0cfd3ce227bdf1bf55fKenny Root 368f869aa1bc685b505c58e97b4e11a9c7491a16f9Ken Sumrall#define CRYPT_FOOTER_OFFSET 0x4000 37160b4d68ece15947057e31edde4e5608a010c695Ken Sumrall#define CRYPT_FOOTER_TO_PERSIST_OFFSET 0x1000 38160b4d68ece15947057e31edde4e5608a010c695Ken Sumrall#define CRYPT_PERSIST_DATA_SIZE 0x1000 398f869aa1bc685b505c58e97b4e11a9c7491a16f9Ken Sumrall 408f869aa1bc685b505c58e97b4e11a9c7491a16f9Ken Sumrall#define MAX_CRYPTO_TYPE_NAME_LEN 64 418f869aa1bc685b505c58e97b4e11a9c7491a16f9Ken Sumrall 42160b4d68ece15947057e31edde4e5608a010c695Ken Sumrall#define MAX_KEY_LEN 48 43e87440703663f5ee326326f6438f3b00ea315623Ken Sumrall#define SALT_LEN 16 44d0c7b17070d4321fef096873b4890794024a5f63Paul Lawrence#define SCRYPT_LEN 32 45e87440703663f5ee326326f6438f3b00ea315623Ken Sumrall 468f869aa1bc685b505c58e97b4e11a9c7491a16f9Ken Sumrall/* definitions of flags in the structure below */ 478f869aa1bc685b505c58e97b4e11a9c7491a16f9Ken Sumrall#define CRYPT_MNT_KEY_UNENCRYPTED 0x1 /* The key for the partition is not encrypted. */ 486bfed20c77184d00d948130d88d86db7ddd8a3f1Paul Lawrence#define CRYPT_ENCRYPTION_IN_PROGRESS 0x2 /* Encryption partially completed, 496bfed20c77184d00d948130d88d86db7ddd8a3f1Paul Lawrence encrypted_upto valid*/ 506bfed20c77184d00d948130d88d86db7ddd8a3f1Paul Lawrence#define CRYPT_INCONSISTENT_STATE 0x4 /* Set when starting encryption, clear when 516bfed20c77184d00d948130d88d86db7ddd8a3f1Paul Lawrence exit cleanly, either through success or 526bfed20c77184d00d948130d88d86db7ddd8a3f1Paul Lawrence correctly marked partial encryption */ 5374f29f1df7d12c0cc06e9d6685adf15e757d8edaPaul Lawrence#define CRYPT_DATA_CORRUPT 0x8 /* Set when encryption is fine, but the 5474f29f1df7d12c0cc06e9d6685adf15e757d8edaPaul Lawrence underlying volume is corrupt */ 558f869aa1bc685b505c58e97b4e11a9c7491a16f9Ken Sumrall 56f4faa575c9fc20a8a8e133d6098865b5ce3a7ed2Paul Lawrence/* Allowed values for type in the structure below */ 57f4faa575c9fc20a8a8e133d6098865b5ce3a7ed2Paul Lawrence#define CRYPT_TYPE_PASSWORD 0 /* master_key is encrypted with a password 58f4faa575c9fc20a8a8e133d6098865b5ce3a7ed2Paul Lawrence * Must be zero to be compatible with pre-L 59f4faa575c9fc20a8a8e133d6098865b5ce3a7ed2Paul Lawrence * devices where type is always password.*/ 60f4faa575c9fc20a8a8e133d6098865b5ce3a7ed2Paul Lawrence#define CRYPT_TYPE_DEFAULT 1 /* master_key is encrypted with default 61f4faa575c9fc20a8a8e133d6098865b5ce3a7ed2Paul Lawrence * password */ 62f4faa575c9fc20a8a8e133d6098865b5ce3a7ed2Paul Lawrence#define CRYPT_TYPE_PATTERN 2 /* master_key is encrypted with a pattern */ 63f4faa575c9fc20a8a8e133d6098865b5ce3a7ed2Paul Lawrence#define CRYPT_TYPE_PIN 3 /* master_key is encrypted with a pin */ 64f4faa575c9fc20a8a8e133d6098865b5ce3a7ed2Paul Lawrence#define CRYPT_TYPE_MAX_TYPE 3 /* type cannot be larger than this value */ 65f4faa575c9fc20a8a8e133d6098865b5ce3a7ed2Paul Lawrence 668f869aa1bc685b505c58e97b4e11a9c7491a16f9Ken Sumrall#define CRYPT_MNT_MAGIC 0xD0B5B1C4 67160b4d68ece15947057e31edde4e5608a010c695Ken Sumrall#define PERSIST_DATA_MAGIC 0xE950CD44 688f869aa1bc685b505c58e97b4e11a9c7491a16f9Ken Sumrall 69c4c70f15bb8845b02f9ec1d624794757badd6933Kenny Root#define SCRYPT_PROP "ro.crypto.scrypt_params" 70c4c70f15bb8845b02f9ec1d624794757badd6933Kenny Root#define SCRYPT_DEFAULTS { 15, 3, 1 } 71c4c70f15bb8845b02f9ec1d624794757badd6933Kenny Root 72c4c70f15bb8845b02f9ec1d624794757badd6933Kenny Root/* Key Derivation Function algorithms */ 73c4c70f15bb8845b02f9ec1d624794757badd6933Kenny Root#define KDF_PBKDF2 1 74c4c70f15bb8845b02f9ec1d624794757badd6933Kenny Root#define KDF_SCRYPT 2 75e17a9c4ad3ebb4051853a4860b18973e1a01ce11Shawn Willden/* TODO(paullawrence): Remove KDF_SCRYPT_KEYMASTER_UNPADDED and KDF_SCRYPT_KEYMASTER_BADLY_PADDED 76e17a9c4ad3ebb4051853a4860b18973e1a01ce11Shawn Willden * when it is safe to do so. */ 77e17a9c4ad3ebb4051853a4860b18973e1a01ce11Shawn Willden#define KDF_SCRYPT_KEYMASTER_UNPADDED 3 78e17a9c4ad3ebb4051853a4860b18973e1a01ce11Shawn Willden#define KDF_SCRYPT_KEYMASTER_BADLY_PADDED 4 79e17a9c4ad3ebb4051853a4860b18973e1a01ce11Shawn Willden#define KDF_SCRYPT_KEYMASTER 5 8069f4ebd81e22f91a4571763842b5960d95d2758dPaul Lawrence 8169f4ebd81e22f91a4571763842b5960d95d2758dPaul Lawrence/* Maximum allowed keymaster blob size. */ 8269f4ebd81e22f91a4571763842b5960d95d2758dPaul Lawrence#define KEYMASTER_BLOB_SIZE 2048 83c4c70f15bb8845b02f9ec1d624794757badd6933Kenny Root 843e971277db0d87652af5622c989233e7159ab909Mark Salyzyn/* __le32 and __le16 defined in system/extras/ext4_utils/ext4_utils.h */ 85c4c70f15bb8845b02f9ec1d624794757badd6933Kenny Root#define __le8 unsigned char 868f869aa1bc685b505c58e97b4e11a9c7491a16f9Ken Sumrall 878f869aa1bc685b505c58e97b4e11a9c7491a16f9Ken Sumrallstruct crypt_mnt_ftr { 88f4faa575c9fc20a8a8e133d6098865b5ce3a7ed2Paul Lawrence __le32 magic; /* See above */ 898f869aa1bc685b505c58e97b4e11a9c7491a16f9Ken Sumrall __le16 major_version; 908f869aa1bc685b505c58e97b4e11a9c7491a16f9Ken Sumrall __le16 minor_version; 91f4faa575c9fc20a8a8e133d6098865b5ce3a7ed2Paul Lawrence __le32 ftr_size; /* in bytes, not including key following */ 92f4faa575c9fc20a8a8e133d6098865b5ce3a7ed2Paul Lawrence __le32 flags; /* See above */ 93f4faa575c9fc20a8a8e133d6098865b5ce3a7ed2Paul Lawrence __le32 keysize; /* in bytes */ 94f4faa575c9fc20a8a8e133d6098865b5ce3a7ed2Paul Lawrence __le32 crypt_type; /* how master_key is encrypted. Must be a 95f4faa575c9fc20a8a8e133d6098865b5ce3a7ed2Paul Lawrence * CRYPT_TYPE_XXX value */ 968f869aa1bc685b505c58e97b4e11a9c7491a16f9Ken Sumrall __le64 fs_size; /* Size of the encrypted fs, in 512 byte sectors */ 978f869aa1bc685b505c58e97b4e11a9c7491a16f9Ken Sumrall __le32 failed_decrypt_count; /* count of # of failed attempts to decrypt and 9887999173dd79dbcbd8cb97f5476007e867aaeebaPaul Lawrence mount, set to 0 on successful mount */ 998f869aa1bc685b505c58e97b4e11a9c7491a16f9Ken Sumrall unsigned char crypto_type_name[MAX_CRYPTO_TYPE_NAME_LEN]; /* The type of encryption 10087999173dd79dbcbd8cb97f5476007e867aaeebaPaul Lawrence needed to decrypt this 10187999173dd79dbcbd8cb97f5476007e867aaeebaPaul Lawrence partition, null terminated */ 102160b4d68ece15947057e31edde4e5608a010c695Ken Sumrall __le32 spare2; /* ignored */ 103160b4d68ece15947057e31edde4e5608a010c695Ken Sumrall unsigned char master_key[MAX_KEY_LEN]; /* The encrypted key for decrypting the filesystem */ 104160b4d68ece15947057e31edde4e5608a010c695Ken Sumrall unsigned char salt[SALT_LEN]; /* The salt used for this encryption */ 105160b4d68ece15947057e31edde4e5608a010c695Ken Sumrall __le64 persist_data_offset[2]; /* Absolute offset to both copies of crypt_persist_data 106160b4d68ece15947057e31edde4e5608a010c695Ken Sumrall * on device with that info, either the footer of the 107160b4d68ece15947057e31edde4e5608a010c695Ken Sumrall * real_blkdevice or the metadata partition. */ 108160b4d68ece15947057e31edde4e5608a010c695Ken Sumrall 109160b4d68ece15947057e31edde4e5608a010c695Ken Sumrall __le32 persist_data_size; /* The number of bytes allocated to each copy of the 110160b4d68ece15947057e31edde4e5608a010c695Ken Sumrall * persistent data table*/ 111c4c70f15bb8845b02f9ec1d624794757badd6933Kenny Root 112c4c70f15bb8845b02f9ec1d624794757badd6933Kenny Root __le8 kdf_type; /* The key derivation function used. */ 113c4c70f15bb8845b02f9ec1d624794757badd6933Kenny Root 114c4c70f15bb8845b02f9ec1d624794757badd6933Kenny Root /* scrypt parameters. See www.tarsnap.com/scrypt/scrypt.pdf */ 115c4c70f15bb8845b02f9ec1d624794757badd6933Kenny Root __le8 N_factor; /* (1 << N) */ 116c4c70f15bb8845b02f9ec1d624794757badd6933Kenny Root __le8 r_factor; /* (1 << r) */ 117c4c70f15bb8845b02f9ec1d624794757badd6933Kenny Root __le8 p_factor; /* (1 << p) */ 11887999173dd79dbcbd8cb97f5476007e867aaeebaPaul Lawrence __le64 encrypted_upto; /* If we are in state CRYPT_ENCRYPTION_IN_PROGRESS and 11987999173dd79dbcbd8cb97f5476007e867aaeebaPaul Lawrence we have to stop (e.g. power low) this is the last 12087999173dd79dbcbd8cb97f5476007e867aaeebaPaul Lawrence encrypted 512 byte sector.*/ 12187999173dd79dbcbd8cb97f5476007e867aaeebaPaul Lawrence __le8 hash_first_block[SHA256_DIGEST_LENGTH]; /* When CRYPT_ENCRYPTION_IN_PROGRESS 12287999173dd79dbcbd8cb97f5476007e867aaeebaPaul Lawrence set, hash of first block, used 12387999173dd79dbcbd8cb97f5476007e867aaeebaPaul Lawrence to validate before continuing*/ 12469f4ebd81e22f91a4571763842b5960d95d2758dPaul Lawrence 125d0c7b17070d4321fef096873b4890794024a5f63Paul Lawrence /* key_master key, used to sign the derived key which is then used to generate 126d0c7b17070d4321fef096873b4890794024a5f63Paul Lawrence * the intermediate key 12769f4ebd81e22f91a4571763842b5960d95d2758dPaul Lawrence * This key should be used for no other purposes! We use this key to sign unpadded 12869f4ebd81e22f91a4571763842b5960d95d2758dPaul Lawrence * data, which is acceptable but only if the key is not reused elsewhere. */ 12969f4ebd81e22f91a4571763842b5960d95d2758dPaul Lawrence __le8 keymaster_blob[KEYMASTER_BLOB_SIZE]; 13069f4ebd81e22f91a4571763842b5960d95d2758dPaul Lawrence __le32 keymaster_blob_size; 131d0c7b17070d4321fef096873b4890794024a5f63Paul Lawrence 132d0c7b17070d4321fef096873b4890794024a5f63Paul Lawrence /* Store scrypt of salted intermediate key. When decryption fails, we can 133d0c7b17070d4321fef096873b4890794024a5f63Paul Lawrence check if this matches, and if it does, we know that the problem is with the 134d0c7b17070d4321fef096873b4890794024a5f63Paul Lawrence drive, and there is no point in asking the user for more passwords. 135d0c7b17070d4321fef096873b4890794024a5f63Paul Lawrence 136d0c7b17070d4321fef096873b4890794024a5f63Paul Lawrence Note that if any part of this structure is corrupt, this will not match and 137d0c7b17070d4321fef096873b4890794024a5f63Paul Lawrence we will continue to believe the user entered the wrong password. In that 138d0c7b17070d4321fef096873b4890794024a5f63Paul Lawrence case the only solution is for the user to enter a password enough times to 139d0c7b17070d4321fef096873b4890794024a5f63Paul Lawrence force a wipe. 140d0c7b17070d4321fef096873b4890794024a5f63Paul Lawrence 141d0c7b17070d4321fef096873b4890794024a5f63Paul Lawrence Note also that there is no need to worry about migration. If this data is 142d0c7b17070d4321fef096873b4890794024a5f63Paul Lawrence wrong, we simply won't recognise a right password, and will continue to 143d0c7b17070d4321fef096873b4890794024a5f63Paul Lawrence prompt. On the first password change, this value will be populated and 144d0c7b17070d4321fef096873b4890794024a5f63Paul Lawrence then we will be OK. 145d0c7b17070d4321fef096873b4890794024a5f63Paul Lawrence */ 146d0c7b17070d4321fef096873b4890794024a5f63Paul Lawrence unsigned char scrypted_intermediate_key[SCRYPT_LEN]; 147160b4d68ece15947057e31edde4e5608a010c695Ken Sumrall}; 148160b4d68ece15947057e31edde4e5608a010c695Ken Sumrall 149160b4d68ece15947057e31edde4e5608a010c695Ken Sumrall/* Persistant data that should be available before decryption. 150160b4d68ece15947057e31edde4e5608a010c695Ken Sumrall * Things like airplane mode, locale and timezone are kept 151160b4d68ece15947057e31edde4e5608a010c695Ken Sumrall * here and can be retrieved by the CryptKeeper UI to properly 152160b4d68ece15947057e31edde4e5608a010c695Ken Sumrall * configure the phone before asking for the password 153160b4d68ece15947057e31edde4e5608a010c695Ken Sumrall * This is only valid if the major and minor version above 154160b4d68ece15947057e31edde4e5608a010c695Ken Sumrall * is set to 1.1 or higher. 155160b4d68ece15947057e31edde4e5608a010c695Ken Sumrall * 156160b4d68ece15947057e31edde4e5608a010c695Ken Sumrall * This is a 4K structure. There are 2 copies, and the code alternates 157160b4d68ece15947057e31edde4e5608a010c695Ken Sumrall * writing one and then clearing the previous one. The reading 158160b4d68ece15947057e31edde4e5608a010c695Ken Sumrall * code reads the first valid copy it finds, based on the magic number. 159160b4d68ece15947057e31edde4e5608a010c695Ken Sumrall * The absolute offset to the first of the two copies is kept in rev 1.1 160160b4d68ece15947057e31edde4e5608a010c695Ken Sumrall * and higher crypt_mnt_ftr structures. 161160b4d68ece15947057e31edde4e5608a010c695Ken Sumrall */ 162160b4d68ece15947057e31edde4e5608a010c695Ken Sumrallstruct crypt_persist_entry { 163160b4d68ece15947057e31edde4e5608a010c695Ken Sumrall char key[PROPERTY_KEY_MAX]; 164160b4d68ece15947057e31edde4e5608a010c695Ken Sumrall char val[PROPERTY_VALUE_MAX]; 165160b4d68ece15947057e31edde4e5608a010c695Ken Sumrall}; 166160b4d68ece15947057e31edde4e5608a010c695Ken Sumrall 167160b4d68ece15947057e31edde4e5608a010c695Ken Sumrall/* Should be exactly 4K in size */ 168160b4d68ece15947057e31edde4e5608a010c695Ken Sumrallstruct crypt_persist_data { 169160b4d68ece15947057e31edde4e5608a010c695Ken Sumrall __le32 persist_magic; 170160b4d68ece15947057e31edde4e5608a010c695Ken Sumrall __le32 persist_valid_entries; 171160b4d68ece15947057e31edde4e5608a010c695Ken Sumrall __le32 persist_spare[30]; 172160b4d68ece15947057e31edde4e5608a010c695Ken Sumrall struct crypt_persist_entry persist_entry[0]; 1738f869aa1bc685b505c58e97b4e11a9c7491a16f9Ken Sumrall}; 1748f869aa1bc685b505c58e97b4e11a9c7491a16f9Ken Sumrall 17529d8da8cefa99e436c13295d4c9bad060ca18a6dKen Sumrallstruct volume_info { 17629d8da8cefa99e436c13295d4c9bad060ca18a6dKen Sumrall unsigned int size; 17729d8da8cefa99e436c13295d4c9bad060ca18a6dKen Sumrall unsigned int flags; 17829d8da8cefa99e436c13295d4c9bad060ca18a6dKen Sumrall struct crypt_mnt_ftr crypt_ftr; 17929d8da8cefa99e436c13295d4c9bad060ca18a6dKen Sumrall char mnt_point[256]; 18029d8da8cefa99e436c13295d4c9bad060ca18a6dKen Sumrall char blk_dev[256]; 18129d8da8cefa99e436c13295d4c9bad060ca18a6dKen Sumrall char crypto_blkdev[256]; 18229d8da8cefa99e436c13295d4c9bad060ca18a6dKen Sumrall char label[256]; 18329d8da8cefa99e436c13295d4c9bad060ca18a6dKen Sumrall}; 184ba6ae8db137d012c9b8e11f9f8321c7771698e92Jeff Sharkey#define VOL_NONREMOVABLE 0x1 185ba6ae8db137d012c9b8e11f9f8321c7771698e92Jeff Sharkey#define VOL_ENCRYPTABLE 0x2 186ba6ae8db137d012c9b8e11f9f8321c7771698e92Jeff Sharkey#define VOL_PRIMARY 0x4 187ba6ae8db137d012c9b8e11f9f8321c7771698e92Jeff Sharkey#define VOL_PROVIDES_ASEC 0x8 18829d8da8cefa99e436c13295d4c9bad060ca18a6dKen Sumrall 189502dc74153397e56d5410f8a8250b5581643b9efJP Abgrall#define DATA_MNT_POINT "/data" 190502dc74153397e56d5410f8a8250b5581643b9efJP Abgrall 19174f29f1df7d12c0cc06e9d6685adf15e757d8edaPaul Lawrence/* Return values for cryptfs_crypto_complete */ 19274f29f1df7d12c0cc06e9d6685adf15e757d8edaPaul Lawrence#define CRYPTO_COMPLETE_NOT_ENCRYPTED 1 19374f29f1df7d12c0cc06e9d6685adf15e757d8edaPaul Lawrence#define CRYPTO_COMPLETE_ENCRYPTED 0 19474f29f1df7d12c0cc06e9d6685adf15e757d8edaPaul Lawrence#define CRYPTO_COMPLETE_BAD_METADATA -1 19574f29f1df7d12c0cc06e9d6685adf15e757d8edaPaul Lawrence#define CRYPTO_COMPLETE_PARTIAL -2 19674f29f1df7d12c0cc06e9d6685adf15e757d8edaPaul Lawrence#define CRYPTO_COMPLETE_INCONSISTENT -3 19774f29f1df7d12c0cc06e9d6685adf15e757d8edaPaul Lawrence#define CRYPTO_COMPLETE_CORRUPT -4 19874f29f1df7d12c0cc06e9d6685adf15e757d8edaPaul Lawrence 1997fc1de8a44307d6c51826ab90f804702e08d1e6dJP Abgrall/* Return values for cryptfs_enable_inplace*() */ 2007fc1de8a44307d6c51826ab90f804702e08d1e6dJP Abgrall#define ENABLE_INPLACE_OK 0 2017fc1de8a44307d6c51826ab90f804702e08d1e6dJP Abgrall#define ENABLE_INPLACE_ERR_OTHER -1 2027fc1de8a44307d6c51826ab90f804702e08d1e6dJP Abgrall#define ENABLE_INPLACE_ERR_DEV -2 /* crypto_blkdev issue */ 2037fc1de8a44307d6c51826ab90f804702e08d1e6dJP Abgrall 20485c01f95c7a3c009e79867fe36181cc0793a0440Rubin Xu/* Return values for cryptfs_getfield */ 20585c01f95c7a3c009e79867fe36181cc0793a0440Rubin Xu#define CRYPTO_GETFIELD_OK 0 20685c01f95c7a3c009e79867fe36181cc0793a0440Rubin Xu#define CRYPTO_GETFIELD_ERROR_NO_FIELD -1 20785c01f95c7a3c009e79867fe36181cc0793a0440Rubin Xu#define CRYPTO_GETFIELD_ERROR_OTHER -2 20885c01f95c7a3c009e79867fe36181cc0793a0440Rubin Xu#define CRYPTO_GETFIELD_ERROR_BUF_TOO_SMALL -3 20985c01f95c7a3c009e79867fe36181cc0793a0440Rubin Xu 21085c01f95c7a3c009e79867fe36181cc0793a0440Rubin Xu/* Return values for cryptfs_setfield */ 21185c01f95c7a3c009e79867fe36181cc0793a0440Rubin Xu#define CRYPTO_SETFIELD_OK 0 21285c01f95c7a3c009e79867fe36181cc0793a0440Rubin Xu#define CRYPTO_SETFIELD_ERROR_OTHER -1 21385c01f95c7a3c009e79867fe36181cc0793a0440Rubin Xu#define CRYPTO_SETFIELD_ERROR_FIELD_TOO_LONG -2 21485c01f95c7a3c009e79867fe36181cc0793a0440Rubin Xu#define CRYPTO_SETFIELD_ERROR_VALUE_TOO_LONG -3 21585c01f95c7a3c009e79867fe36181cc0793a0440Rubin Xu 21685c01f95c7a3c009e79867fe36181cc0793a0440Rubin Xu/* Return values for persist_del_key */ 21785c01f95c7a3c009e79867fe36181cc0793a0440Rubin Xu#define PERSIST_DEL_KEY_OK 0 21885c01f95c7a3c009e79867fe36181cc0793a0440Rubin Xu#define PERSIST_DEL_KEY_ERROR_OTHER -1 21985c01f95c7a3c009e79867fe36181cc0793a0440Rubin Xu#define PERSIST_DEL_KEY_ERROR_NO_FIELD -2 22085c01f95c7a3c009e79867fe36181cc0793a0440Rubin Xu 2218f869aa1bc685b505c58e97b4e11a9c7491a16f9Ken Sumrall#ifdef __cplusplus 2228f869aa1bc685b505c58e97b4e11a9c7491a16f9Ken Sumrallextern "C" { 2238f869aa1bc685b505c58e97b4e11a9c7491a16f9Ken Sumrall#endif 224c4c70f15bb8845b02f9ec1d624794757badd6933Kenny Root 22569f4ebd81e22f91a4571763842b5960d95d2758dPaul Lawrence typedef int (*kdf_func)(const char *passwd, const unsigned char *salt, 22613486033575e6e4affccbb3dd201515d79f6f44bPaul Lawrence unsigned char *ikey, void *params); 227c4c70f15bb8845b02f9ec1d624794757badd6933Kenny Root 2287f7dbaa2784c10fd2989fb303e5edfb8136d53dcKen Sumrall int cryptfs_crypto_complete(void); 2298f869aa1bc685b505c58e97b4e11a9c7491a16f9Ken Sumrall int cryptfs_check_passwd(char *pw); 2303ad9072a5d6f6bda32123b367545649364e3c11dKen Sumrall int cryptfs_verify_passwd(char *newpw); 2316864b7ec94a57b73c300457955d86dc604aeddf5Ken Sumrall int cryptfs_restart(void); 23245f10533f8cb2e2ec8dc9803739870cbfafffebdPaul Lawrence int cryptfs_enable(char *flag, int type, char *passwd, int allow_reboot); 23313486033575e6e4affccbb3dd201515d79f6f44bPaul Lawrence int cryptfs_changepw(int type, const char *newpw); 23413486033575e6e4affccbb3dd201515d79f6f44bPaul Lawrence int cryptfs_enable_default(char *flag, int allow_reboot); 23529d8da8cefa99e436c13295d4c9bad060ca18a6dKen Sumrall int cryptfs_setup_volume(const char *label, int major, int minor, 23629d8da8cefa99e436c13295d4c9bad060ca18a6dKen Sumrall char *crypto_dev_path, unsigned int max_pathlen, 23729d8da8cefa99e436c13295d4c9bad060ca18a6dKen Sumrall int *new_major, int *new_minor); 2380b8b59719357fb80c330442787f7d5b1e332263bKen Sumrall int cryptfs_revert_volume(const char *label); 23985c01f95c7a3c009e79867fe36181cc0793a0440Rubin Xu int cryptfs_getfield(const char *fieldname, char *value, int len); 24085c01f95c7a3c009e79867fe36181cc0793a0440Rubin Xu int cryptfs_setfield(const char *fieldname, const char *value); 241f4faa575c9fc20a8a8e133d6098865b5ce3a7ed2Paul Lawrence int cryptfs_mount_default_encrypted(void); 242f4faa575c9fc20a8a8e133d6098865b5ce3a7ed2Paul Lawrence int cryptfs_get_password_type(void); 243399317ede45340eebc035ba204b6201b6d62dd66Paul Lawrence char* cryptfs_get_password(void); 244399317ede45340eebc035ba204b6201b6d62dd66Paul Lawrence void cryptfs_clear_password(void); 2458f869aa1bc685b505c58e97b4e11a9c7491a16f9Ken Sumrall#ifdef __cplusplus 2468f869aa1bc685b505c58e97b4e11a9c7491a16f9Ken Sumrall} 2478f869aa1bc685b505c58e97b4e11a9c7491a16f9Ken Sumrall#endif 248