#define ECRYPTFS_MINOR_VERSION 0x04
#define ECRYPTFS_VERSION ((ECRYPTFS_MAJOR_VERSION << 8) | ECRYPTFS_MINOR_VERSION)
-#define ECRYPTFS_MAX_PKI_NAME_BYTES 16
-#define ECRYPTFS_SESSION_KEY_ENCRYPTION_KEY_SET 0x02
-
-#define PGP_DIGEST_ALGO_SHA512 10
-
-#define ECRYPTFS_FEK_CIPHER "aes"
-#define ECRYPTFS_MOUNT_DEVICE "ecryptfs"
-
-#define ECRYPTFS_MAX_OPTIONS 1024
-
-#define ECRYPTFS_MAX_SIG_SIZE 8
-#define ECRYPTFS_MAX_SIG_HEX (ECRYPTFS_MAX_SIG_SIZE*2)
-#define ECRYPTFS_PASSWORD_SIG_SIZE ECRYPTFS_MAX_SIG_HEX
-
-#define ECRYPTFS_MAX_KEY_SIZE 32
-#define ECRYPTFS_MAX_KEY_HEX (ECRYPTFS_MAX_KEY_SIZE * 2)
-
-#define ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES 512
-#define ECRYPTFS_MAX_PKI_NAME_BYTES 16
-
-#define ECRYPTFS_MAX_SALT_SIZE 4
-#define ECRYPTFS_MAX_SALT_HEX 8
-
-#define ECRYPTFS_PWD_PAYLOAD_TYPE 0 // password
-
-struct ecryptfs_session_key {
-#define ECRYPTFS_USERSPACE_SHOULD_TRY_TO_DECRYPT 0x00000001
-#define ECRYPTFS_USERSPACE_SHOULD_TRY_TO_ENCRYPT 0x00000002
-#define ECRYPTFS_CONTAINS_DECRYPTED_KEY 0x00000004
-#define ECRYPTFS_CONTAINS_ENCRYPTED_KEY 0x00000008
- int32_t flags;
- int32_t encrypted_key_size;
- int32_t decrypted_key_size;
- u_int8_t encrypted_key[ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES];
- u_int8_t decrypted_key[ECRYPTFS_MAX_KEY_HEX];
+#define ECRYPTFS_SALT_SIZE 8
+#define ECRYPTFS_SIGNATURE_SIZE 16
+#define ECRYPTFS_MAX_KEY_SIZE 64
+#define ECRYPTFS_MAX_KEY_MOD_NAME_SIZE 16
+#define ECRYPTFS_MAX_ENCRYPTED_KEY_SIZE 512
+
+struct EcryptfsPassword {
+ enum Flag {
+ PersistentPassword = 0x01,
+ SessionKeyEncryptionKeySet = 0x02
+ };
+
+ int32_t passwordSize;
+ int32_t hashAlgorithm;
+ int32_t hashIterations;
+ int32_t sessionKeyEncryptionKeySize;
+ uint32_t flags;
+ uint8_t sessionKeyEncryptionKey[ECRYPTFS_MAX_KEY_SIZE];
+ uint8_t signature[ECRYPTFS_SIGNATURE_SIZE + 1];
+ uint8_t salt[ECRYPTFS_SALT_SIZE];
};
-struct ecryptfs_password {
- int32_t password_bytes;
- int32_t hash_algo;
- int32_t hash_iterations;
- int32_t session_key_encryption_key_bytes;
-#define ECRYPTFS_PERSISTENT_PASSWORD 0x01
-#define ECRYPTFS_SESSION_KEY_ENCRYPTION_KEY_SET 0x02
- u_int32_t flags;
- /* Iterated-hash concatenation of salt and passphrase */
- u_int8_t session_key_encryption_key[ECRYPTFS_MAX_KEY_HEX];
- u_int8_t signature[ECRYPTFS_PASSWORD_SIG_SIZE + 1];
- /* Always in expanded hex */
- u_int8_t salt[ECRYPTFS_MAX_SALT_SIZE];
+struct EcryptfsPrivateKey {
+ uint32_t keySize;
+ uint32_t dataSize;
+ uint8_t signature[ECRYPTFS_SIGNATURE_SIZE + 1];
+ char keyModAlias[ECRYPTFS_MAX_KEY_MOD_NAME_SIZE + 1];
+ uint8_t data[];
};
-enum ecryptfs_token_types {
- ECRYPTFS_PASSWORD,
- ECRYPTFS_PRIVATE_KEY
-};
+struct EcryptfsSessionKey {
+ enum Flag {
+ UserspaceShouldTryToDecrypt = 0x00000001,
+ UserspaceShouldTryToEncrypt = 0x00000002,
+ ContainsDecryptedKey = 0x00000004,
+ ContainsEncryptedKey = 0x00000008
+ };
-struct ecryptfs_private_key {
- u_int32_t key_size;
- u_int32_t data_len;
- u_int8_t signature[ECRYPTFS_PASSWORD_SIG_SIZE + 1];
- char pki_type[ECRYPTFS_MAX_PKI_NAME_BYTES + 1];
- u_int8_t data[];
-};
-
-struct ecryptfs_auth_tok {
- u_int16_t version; /* 8-bit major and 8-bit minor */
- u_int16_t token_type;
-#define ECRYPTFS_ENCRYPT_ONLY 0x00000001
- u_int32_t flags;
- struct ecryptfs_session_key session_key;
- u_int8_t reserved[32];
+ int32_t flags;
+ int32_t encryptedKeySize;
+ int32_t decryptedKeySize;
+ uint8_t encryptedKey[ECRYPTFS_MAX_ENCRYPTED_KEY_SIZE];
+ uint8_t decryptedKey[ECRYPTFS_MAX_KEY_SIZE];
+
+ EcryptfsSessionKey()
+ : flags(0), encryptedKeySize(0), decryptedKeySize(0),
+ encryptedKey{0, }, decryptedKey{0, }
+ {};
+} __attribute__((packed));
+
+struct EcryptfsPayload {
+ enum Type {
+ PasswordToken,
+ PrivateKeyToken
+ };
+ enum Flag {
+ EncryptOnly
+ };
+
+ uint16_t version;
+ uint16_t type;
+ uint32_t flags;
+ EcryptfsSessionKey sessionKey;
+ uint8_t reserved[32];
union {
- struct ecryptfs_password password;
- struct ecryptfs_private_key private_key;
+ EcryptfsPassword password;
+ EcryptfsPrivateKey privateKey;
} token;
-} __attribute__((packed));
-typedef struct ecryptfs_auth_tok ecryptfs_payload;
+ EcryptfsPayload(Type type)
+ : version(ECRYPTFS_VERSION), type(type), flags(0), reserved{0, }
+ {
+ ::memset(&token, 0, sizeof(token));
+ };
+} __attribute__((packed));
+
#endif