contrib/cryptsetup/luks/luks.h

   1 #ifndef INCLUDED_CRYPTSETUP_LUKS_LUKS_H
   2 #define INCLUDED_CRYPTSETUP_LUKS_LUKS_H
   3
   4 /*
   5  * LUKS partition header
   6  */
   7
   8 #include "libcryptsetup.h"
   9
  10 #define LUKS_CIPHERNAME_L 32
  11 #define LUKS_CIPHERMODE_L 32
  12 #define LUKS_HASHSPEC_L 32
  13 #define LUKS_DIGESTSIZE 20 // since SHA1
  14 #define LUKS_HMACSIZE 32
  15 #define LUKS_SALTSIZE 32
  16 #define LUKS_NUMKEYS 8
  17
  18 // Minimal number of iterations
  19 #define LUKS_MKD_ITERATIONS_MIN  1000
  20 #define LUKS_SLOT_ITERATIONS_MIN 1000
  21
  22 #define LUKS_KEY_DISABLED_OLD 0
  23 #define LUKS_KEY_ENABLED_OLD 0xCAFE
  24
  25 #define LUKS_KEY_DISABLED 0x0000DEAD
  26 #define LUKS_KEY_ENABLED  0x00AC71F3
  27
  28 #define LUKS_STRIPES 4000
  29
  30 // partition header starts with magic
  31 #define LUKS_MAGIC {'L','U','K','S', 0xba, 0xbe};
  32 #define LUKS_MAGIC_L 6
  33
  34 #define LUKS_PHDR_SIZE (sizeof(struct luks_phdr)/SECTOR_SIZE+1)
  35
  36 /* Actually we need only 37, but we don't want struct autoaligning to kick in */
  37 #define UUID_STRING_L 40
  38
  39 /* Offset to align kesylot area */
  40 #define LUKS_ALIGN_KEYSLOTS 4096
  41
  42 /* Any integer values are stored in network byte order on disk and must be
  43 converted */
  44
  45 struct luks_phdr {
  46         char            magic[LUKS_MAGIC_L];
  47         uint16_t        version;
  48         char            cipherName[LUKS_CIPHERNAME_L];
  49         char            cipherMode[LUKS_CIPHERMODE_L];
  50         char            hashSpec[LUKS_HASHSPEC_L];
  51         uint32_t        payloadOffset;
  52         uint32_t        keyBytes;
  53         char            mkDigest[LUKS_DIGESTSIZE];
  54         char            mkDigestSalt[LUKS_SALTSIZE];
  55         uint32_t        mkDigestIterations;
  56         char            uuid[UUID_STRING_L];
  57
  58         struct {
  59                 uint32_t active;
  60
  61                 /* parameters used for password processing */
  62                 uint32_t passwordIterations;
  63                 char     passwordSalt[LUKS_SALTSIZE];
  64
  65                 /* parameters used for AF store/load */
  66                 uint32_t keyMaterialOffset;
  67                 uint32_t stripes;
  68         } keyblock[LUKS_NUMKEYS];
  69
  70         /* Align it to 512 sector size */
  71         char            _padding[432];
  72 };
  73
  74 struct luks_masterkey {
  75         size_t keyLength;
  76         char key[];
  77 };
  78
  79 struct luks_masterkey *LUKS_alloc_masterkey(int keylength, const char *key);
  80 void LUKS_dealloc_masterkey(struct luks_masterkey *mk);
  81 struct luks_masterkey *LUKS_generate_masterkey(int keylength);
  82 int LUKS_verify_master_key(const struct luks_phdr *hdr,
  83                            const struct luks_masterkey *mk);
  84
  85 int LUKS_generate_phdr(
  86         struct luks_phdr *header,
  87         const struct luks_masterkey *mk,
  88         const char *cipherName,
  89         const char *cipherMode,
  90         const char *hashSpec,
  91         const char *uuid,
  92         unsigned int stripes,
  93         unsigned int alignPayload,
  94         unsigned int alignOffset,
  95         uint32_t iteration_time_ms,
  96         uint64_t *PBKDF2_per_sec,
  97         struct crypt_device *ctx);
  98
  99 int LUKS_read_phdr(
 100         const char *device,
 101         struct luks_phdr *hdr,
 102         int require_luks_device,
 103         struct crypt_device *ctx);
 104
 105 int LUKS_read_phdr_backup(
 106         const char *backup_file,
 107         const char *device,
 108         struct luks_phdr *hdr,
 109         int require_luks_device,
 110         struct crypt_device *ctx);
 111
 112 int LUKS_hdr_backup(
 113         const char *backup_file,
 114         const char *device,
 115         struct luks_phdr *hdr,
 116         struct crypt_device *ctx);
 117
 118 int LUKS_hdr_restore(
 119         const char *backup_file,
 120         const char *device,
 121         struct luks_phdr *hdr,
 122         struct crypt_device *ctx);
 123
 124 int LUKS_write_phdr(
 125         const char *device,
 126         struct luks_phdr *hdr,
 127         struct crypt_device *ctx);
 128
 129 int LUKS_set_key(
 130         const char *device,
 131         unsigned int keyIndex,
 132         const char *password,
 133         size_t passwordLen,
 134         struct luks_phdr *hdr,
 135         struct luks_masterkey *mk,
 136         uint32_t iteration_time_ms,
 137         uint64_t *PBKDF2_per_sec,
 138         struct crypt_device *ctx);
 139
 140 int LUKS_open_key_with_hdr(
 141         const char *device,
 142         int keyIndex,
 143         const char *password,
 144         size_t passwordLen,
 145         struct luks_phdr *hdr,
 146         struct luks_masterkey **mk,
 147         struct crypt_device *ctx);
 148
 149 int LUKS_del_key(
 150         const char *device,
 151         unsigned int keyIndex,
 152         struct luks_phdr *hdr,
 153         struct crypt_device *ctx);
 154
 155 crypt_keyslot_info LUKS_keyslot_info(struct luks_phdr *hdr, int keyslot);
 156 int LUKS_keyslot_find_empty(struct luks_phdr *hdr);
 157 int LUKS_keyslot_active_count(struct luks_phdr *hdr);
 158 int LUKS_keyslot_set(struct luks_phdr *hdr, int keyslot, int enable);
 159
 160 int LUKS_encrypt_to_storage(
 161         char *src, size_t srcLength,
 162         struct luks_phdr *hdr,
 163         char *key, size_t keyLength,
 164         const char *device,
 165         unsigned int sector,
 166         struct crypt_device *ctx);
 167
 168 int LUKS_decrypt_from_storage(
 169         char *dst, size_t dstLength,
 170         struct luks_phdr *hdr,
 171         char *key, size_t keyLength,
 172         const char *device,
 173         unsigned int sector,
 174         struct crypt_device *ctx);
 175
 176 #endif