vfdecrypt.h

#ifndef _FVDECRYPT_H

#define _FVDECRYPT_H		1

/* length of message digest output in bytes (160 bits) */
#define MD_LENGTH		20
/* length of cipher key in bytes (128 bits) */
#define CIPHER_KEY_LENGTH	16
/* block size of cipher in bytes (128 bits) */
#define CIPHER_BLOCKSIZE	16
/* chunk size (FileVault specific) */
#define CHUNK_SIZE		4096
/* number of iterations for PBKDF2 key derivation */
#define PBKDF2_ITERATION_COUNT	1000

typedef struct {
  /* 0x000: */ uint8_t  filler1[48];
  /* 0x034: */ uint32_t kdf_iteration_count;
  /* 0x034: */ uint32_t kdf_salt_len;
  /* 0x038: */ uint8_t  kdf_salt[48]; /* salt value for key derivation */
  /* 0x068: */ uint8_t  unwrap_iv[32]; /* IV for encryption-key unwrapping */
  /* 0x088: */ uint32_t len_wrapped_aes_key;
  /* 0x08c: */ uint8_t  wrapped_aes_key[296];
  /* 0x1b4: */ uint32_t len_hmac_sha1_key;
  /* 0x1b8: */ uint8_t  wrapped_hmac_sha1_key[300];
  /* 0x1b4: */ uint32_t len_integrity_key;
  /* 0x2e8: */ uint8_t  wrapped_integrity_key[48];
  /* 0x318: */ uint8_t  filler6[484];
} cencrypted_v1_header;

/* this structure is valid only if there's a recovery key defined */
typedef struct {
  unsigned char sig[8];
  uint32_t version;
  uint32_t enc_iv_size;
  uint32_t unk1;
  uint32_t unk2;
  uint32_t unk3;
  uint32_t unk4;
  uint32_t unk5;
  unsigned char uuid[16];
  uint32_t blocksize;
  uint64_t datasize;
  uint64_t dataoffset;
  uint8_t filler1[0x260];
  uint32_t kdf_algorithm;
  uint32_t kdf_prng_algorithm;
  uint32_t kdf_iteration_count;
  uint32_t kdf_salt_len; /* in bytes */
  uint8_t  kdf_salt[32];
  uint32_t blob_enc_iv_size;
  uint8_t  blob_enc_iv[32];
  uint32_t blob_enc_key_bits;
  uint32_t blob_enc_algorithm;
  uint32_t blob_enc_padding;
  uint32_t blob_enc_mode;
  uint32_t encrypted_keyblob_size;
  uint8_t  encrypted_keyblob[0x30];
} cencrypted_v2_pwheader;

/* PasswordHeader:
0x2a8:
   aHeader.keyDerivationAlgorithm      %ld
   aHeader.keyDerivationPRNGAlgorithm  %ld
0x70:
   aHeader.keyDerivationIterationCount %ld
0x74:
   aHeader.keyDerivationSaltSize       %ld
0x78:
   aHeader.keyDerivationSalt

   aHeader.blobEncryptionIVSize        %ld
   aHeader.blobEncryptionIV            %ld
   aHeader.blobEncryptionKeySizeInBits %ld
   aHeader.blobEncryptionAlgorithm     %ld
   aHeader.blobEncryptionPadding       %ld
   aHeader.blobEncryptionMode          %ld
   aHeader.encryptedBlobSize           %ld
   aHeader.encryptedBlob
*/


/*
aHeader.uuid
aHeader.dataBlockSize               %u
aHeader.keyWrappingAlgorithm        %ld
aHeader.keyWrappingPadding    
aHeader.keyWrappingMode             %ld
aHeader.keyWrappingKeySizeInBits    %ld
aHeader.keyWrappingIVSize           %ld
aHeader.keyDerivationAlgorithm      %ld
aHeader.keyDerivationPRNGAlgorithm  %ld
aHeader.keyDerivationIterationCount %ld
aHeader.keyDerivationSaltSize       %ld
aHeader.keyDerivationSalt
aHeader.encryptionIVSize            %ld
aHeader.encryptionMode              %ld
aHeader.encryptionAlgorithm         %ld
aHeader.encryptionKeySizeInBits     %ld
aHeader.encryptionKeyWrappingIV
aHeader.wrappedEncryptionKeySize    %ld
aHeader.wrappedEncryptionKey
aHeader.prngAlgorithm               %ld
aHeader.prngKeySizeInBits           %ld
aHeader.prngKeyWrappingIV
aHeader.wrappedPrngKeySize          %ld
aHeader.wrappedPrngKey
aHeader.signingAlgorithm            %ld
aHeader.signingKeySizeInBits        %ld
aHeader.signingKeyWrappingIV
aHeader.wrappedSigningKeySize       %ld
aHeader.wrappedSigningKey
aHeader.signatureSize               %ld
aHeader.signature
aHeader.dataForkSize                %qd
aHeader.version                     %ld
aHeader.signature2                  %4.4s
aHeader.signature1                  %4.4s
aHeader.version                     %u
aHeader.dataForkStartOffset
    %qd
aHeader.blobEncryptionIVSize        %ld
aHeader.blobEncryptionIV
aHeader.blobEncryptionKeySizeInBits %ld
aHeader.blobEncryptionAlgorithm     %ld
aHeader.blobEncryptionPadding       %ld
aHeader.blobEncryptionMode          %ld
aHeader.encryptedBlobSize           %ld
aHeader.encryptedBlob
aHeader.publicKeyHashSize           %ld
aHeader.publicKeyHash
*/
#endif