Refactor ecryptfs structures to C++ style

[platform/core/security/krate.git] / volume / ecryptfs.h

diff --git a/volume/ecryptfs.h b/volume/ecryptfs.h
index 9962e34..3bfbb29 100755 (executable)
--- a/volume/ecryptfs.h
+++ b/volume/ecryptfs.h
@@ -25,83 +25,80 @@
 #define ECRYPTFS_MINOR_VERSION 0x04
 #define ECRYPTFS_VERSION ((ECRYPTFS_MAJOR_VERSION << 8) | ECRYPTFS_MINOR_VERSION)
 
-#define ECRYPTFS_MAX_PKI_NAME_BYTES             16
-#define ECRYPTFS_SESSION_KEY_ENCRYPTION_KEY_SET 0x02
-
-#define PGP_DIGEST_ALGO_SHA512  10
-
-#define ECRYPTFS_FEK_CIPHER     "aes"
-#define ECRYPTFS_MOUNT_DEVICE   "ecryptfs"
-
-#define ECRYPTFS_MAX_OPTIONS    1024
-
-#define ECRYPTFS_MAX_SIG_SIZE   8
-#define ECRYPTFS_MAX_SIG_HEX (ECRYPTFS_MAX_SIG_SIZE*2)
-#define ECRYPTFS_PASSWORD_SIG_SIZE ECRYPTFS_MAX_SIG_HEX
-
-#define ECRYPTFS_MAX_KEY_SIZE               32
-#define ECRYPTFS_MAX_KEY_HEX                (ECRYPTFS_MAX_KEY_SIZE * 2)
-
-#define ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES     512
-#define ECRYPTFS_MAX_PKI_NAME_BYTES          16
-
-#define ECRYPTFS_MAX_SALT_SIZE               4
-#define ECRYPTFS_MAX_SALT_HEX                8
-
-#define ECRYPTFS_PWD_PAYLOAD_TYPE            0 // password
-
-struct ecryptfs_session_key {
-#define ECRYPTFS_USERSPACE_SHOULD_TRY_TO_DECRYPT    0x00000001
-#define ECRYPTFS_USERSPACE_SHOULD_TRY_TO_ENCRYPT    0x00000002
-#define ECRYPTFS_CONTAINS_DECRYPTED_KEY             0x00000004
-#define ECRYPTFS_CONTAINS_ENCRYPTED_KEY             0x00000008
-       int32_t flags;
-       int32_t encrypted_key_size;
-       int32_t decrypted_key_size;
-       u_int8_t encrypted_key[ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES];
-       u_int8_t decrypted_key[ECRYPTFS_MAX_KEY_HEX];
+#define ECRYPTFS_SALT_SIZE 8
+#define ECRYPTFS_SIGNATURE_SIZE 16
+#define ECRYPTFS_MAX_KEY_SIZE 64
+#define ECRYPTFS_MAX_KEY_MOD_NAME_SIZE 16
+#define ECRYPTFS_MAX_ENCRYPTED_KEY_SIZE 512
+
+struct EcryptfsPassword {
+       enum Flag {
+               PersistentPassword                      = 0x01,
+               SessionKeyEncryptionKeySet      = 0x02
+       };
+
+       int32_t passwordSize;
+       int32_t hashAlgorithm;
+       int32_t hashIterations;
+       int32_t sessionKeyEncryptionKeySize;
+       uint32_t flags;
+       uint8_t sessionKeyEncryptionKey[ECRYPTFS_MAX_KEY_SIZE];
+       uint8_t signature[ECRYPTFS_SIGNATURE_SIZE + 1];
+       uint8_t salt[ECRYPTFS_SALT_SIZE];
 };
 
-struct ecryptfs_password {
-       int32_t password_bytes;
-       int32_t hash_algo;
-       int32_t hash_iterations;
-       int32_t session_key_encryption_key_bytes;
-#define ECRYPTFS_PERSISTENT_PASSWORD                0x01
-#define ECRYPTFS_SESSION_KEY_ENCRYPTION_KEY_SET     0x02
-       u_int32_t flags;
-       /* Iterated-hash concatenation of salt and passphrase */
-       u_int8_t session_key_encryption_key[ECRYPTFS_MAX_KEY_HEX];
-       u_int8_t signature[ECRYPTFS_PASSWORD_SIG_SIZE + 1];
-       /* Always in expanded hex */
-       u_int8_t salt[ECRYPTFS_MAX_SALT_SIZE];
+struct EcryptfsPrivateKey {
+       uint32_t keySize;
+       uint32_t dataSize;
+       uint8_t signature[ECRYPTFS_SIGNATURE_SIZE + 1];
+       char keyModAlias[ECRYPTFS_MAX_KEY_MOD_NAME_SIZE + 1];
+       uint8_t data[];
 };
 
-enum ecryptfs_token_types {
-       ECRYPTFS_PASSWORD,
-       ECRYPTFS_PRIVATE_KEY
-};
+struct EcryptfsSessionKey {
+       enum Flag {
+               UserspaceShouldTryToDecrypt =   0x00000001,
+               UserspaceShouldTryToEncrypt =   0x00000002,
+               ContainsDecryptedKey =                  0x00000004,
+               ContainsEncryptedKey =                  0x00000008
+       };
 
-struct ecryptfs_private_key {
-       u_int32_t key_size;
-       u_int32_t data_len;
-       u_int8_t signature[ECRYPTFS_PASSWORD_SIG_SIZE + 1];
-       char pki_type[ECRYPTFS_MAX_PKI_NAME_BYTES + 1];
-       u_int8_t data[];
-};
-
-struct ecryptfs_auth_tok {
-       u_int16_t version; /* 8-bit major and 8-bit minor */
-       u_int16_t token_type;
-#define ECRYPTFS_ENCRYPT_ONLY                       0x00000001
-       u_int32_t flags;
-       struct ecryptfs_session_key session_key;
-       u_int8_t reserved[32];
+       int32_t flags;
+       int32_t encryptedKeySize;
+       int32_t decryptedKeySize;
+       uint8_t encryptedKey[ECRYPTFS_MAX_ENCRYPTED_KEY_SIZE];
+       uint8_t decryptedKey[ECRYPTFS_MAX_KEY_SIZE];
+
+       EcryptfsSessionKey()
+               : flags(0), encryptedKeySize(0), decryptedKeySize(0),
+                       encryptedKey{0, }, decryptedKey{0, }
+       {};
+} __attribute__((packed));
+
+struct EcryptfsPayload {
+       enum Type {
+               PasswordToken,
+               PrivateKeyToken
+       };
+       enum Flag {
+               EncryptOnly
+       };
+
+       uint16_t version;
+       uint16_t type;
+       uint32_t flags;
+       EcryptfsSessionKey sessionKey;
+       uint8_t reserved[32];
        union {
-               struct ecryptfs_password password;
-               struct ecryptfs_private_key private_key;
+               EcryptfsPassword password;
+               EcryptfsPrivateKey privateKey;
        } token;
-}  __attribute__((packed));
 
-typedef struct ecryptfs_auth_tok ecryptfs_payload;
+       EcryptfsPayload(Type type)
+               : version(ECRYPTFS_VERSION), type(type), flags(0), reserved{0, }
+       {
+               ::memset(&token, 0, sizeof(token));
+       };
+} __attribute__((packed));
+
 #endif