1 #ifndef INCLUDED_CRYPTSETUP_LUKS_LUKS_H
2 #define INCLUDED_CRYPTSETUP_LUKS_LUKS_H
5 * LUKS partition header
8 #include "libcryptsetup.h"
10 #define LUKS_CIPHERNAME_L 32
11 #define LUKS_CIPHERMODE_L 32
12 #define LUKS_HASHSPEC_L 32
13 #define LUKS_DIGESTSIZE 20 // since SHA1
14 #define LUKS_HMACSIZE 32
15 #define LUKS_SALTSIZE 32
16 #define LUKS_NUMKEYS 8
18 // Minimal number of iterations
19 #define LUKS_MKD_ITERATIONS_MIN 1000
20 #define LUKS_SLOT_ITERATIONS_MIN 1000
22 #define LUKS_KEY_DISABLED_OLD 0
23 #define LUKS_KEY_ENABLED_OLD 0xCAFE
25 #define LUKS_KEY_DISABLED 0x0000DEAD
26 #define LUKS_KEY_ENABLED 0x00AC71F3
28 #define LUKS_STRIPES 4000
30 // partition header starts with magic
31 #define LUKS_MAGIC {'L','U','K','S', 0xba, 0xbe};
32 #define LUKS_MAGIC_L 6
34 #define LUKS_PHDR_SIZE (sizeof(struct luks_phdr)/SECTOR_SIZE+1)
36 /* Actually we need only 37, but we don't want struct autoaligning to kick in */
37 #define UUID_STRING_L 40
39 /* Offset to align kesylot area */
40 #define LUKS_ALIGN_KEYSLOTS 4096
42 /* Any integer values are stored in network byte order on disk and must be
46 char magic
[LUKS_MAGIC_L
];
48 char cipherName
[LUKS_CIPHERNAME_L
];
49 char cipherMode
[LUKS_CIPHERMODE_L
];
50 char hashSpec
[LUKS_HASHSPEC_L
];
51 uint32_t payloadOffset
;
53 char mkDigest
[LUKS_DIGESTSIZE
];
54 char mkDigestSalt
[LUKS_SALTSIZE
];
55 uint32_t mkDigestIterations
;
56 char uuid
[UUID_STRING_L
];
61 /* parameters used for password processing */
62 uint32_t passwordIterations
;
63 char passwordSalt
[LUKS_SALTSIZE
];
65 /* parameters used for AF store/load */
66 uint32_t keyMaterialOffset
;
68 } keyblock
[LUKS_NUMKEYS
];
70 /* Align it to 512 sector size */
74 struct luks_masterkey
{
79 struct luks_masterkey
*LUKS_alloc_masterkey(int keylength
, const char *key
);
80 void LUKS_dealloc_masterkey(struct luks_masterkey
*mk
);
81 struct luks_masterkey
*LUKS_generate_masterkey(int keylength
);
82 int LUKS_verify_master_key(const struct luks_phdr
*hdr
,
83 const struct luks_masterkey
*mk
);
85 int LUKS_generate_phdr(
86 struct luks_phdr
*header
,
87 const struct luks_masterkey
*mk
,
88 const char *cipherName
,
89 const char *cipherMode
,
93 unsigned int alignPayload
,
94 unsigned int alignOffset
,
95 uint32_t iteration_time_ms
,
96 uint64_t *PBKDF2_per_sec
,
97 struct crypt_device
*ctx
);
101 struct luks_phdr
*hdr
,
102 int require_luks_device
,
103 struct crypt_device
*ctx
);
105 int LUKS_read_phdr_backup(
106 const char *backup_file
,
108 struct luks_phdr
*hdr
,
109 int require_luks_device
,
110 struct crypt_device
*ctx
);
113 const char *backup_file
,
115 struct luks_phdr
*hdr
,
116 struct crypt_device
*ctx
);
118 int LUKS_hdr_restore(
119 const char *backup_file
,
121 struct luks_phdr
*hdr
,
122 struct crypt_device
*ctx
);
126 struct luks_phdr
*hdr
,
127 struct crypt_device
*ctx
);
131 unsigned int keyIndex
,
132 const char *password
,
134 struct luks_phdr
*hdr
,
135 struct luks_masterkey
*mk
,
136 uint32_t iteration_time_ms
,
137 uint64_t *PBKDF2_per_sec
,
138 struct crypt_device
*ctx
);
140 int LUKS_open_key_with_hdr(
143 const char *password
,
145 struct luks_phdr
*hdr
,
146 struct luks_masterkey
**mk
,
147 struct crypt_device
*ctx
);
151 unsigned int keyIndex
,
152 struct luks_phdr
*hdr
,
153 struct crypt_device
*ctx
);
155 crypt_keyslot_info
LUKS_keyslot_info(struct luks_phdr
*hdr
, int keyslot
);
156 int LUKS_keyslot_find_empty(struct luks_phdr
*hdr
);
157 int LUKS_keyslot_active_count(struct luks_phdr
*hdr
);
158 int LUKS_keyslot_set(struct luks_phdr
*hdr
, int keyslot
, int enable
);
160 int LUKS_encrypt_to_storage(
161 char *src
, size_t srcLength
,
162 struct luks_phdr
*hdr
,
163 char *key
, size_t keyLength
,
166 struct crypt_device
*ctx
);
168 int LUKS_decrypt_from_storage(
169 char *dst
, size_t dstLength
,
170 struct luks_phdr
*hdr
,
171 char *key
, size_t keyLength
,
174 struct crypt_device
*ctx
);