filters/luks/luks-encryption.h

   1 /* nbdkit
   2  * Copyright Red Hat
   3  *
   4  * Redistribution and use in source and binary forms, with or without
   5  * modification, are permitted provided that the following conditions are
   6  * met:
   7  *
   8  * * Redistributions of source code must retain the above copyright
   9  * notice, this list of conditions and the following disclaimer.
  10  *
  11  * * Redistributions in binary form must reproduce the above copyright
  12  * notice, this list of conditions and the following disclaimer in the
  13  * documentation and/or other materials provided with the distribution.
  14  *
  15  * * Neither the name of Red Hat nor the names of its contributors may be
  16  * used to endorse or promote products derived from this software without
  17  * specific prior written permission.
  18  *
  19  * THIS SOFTWARE IS PROVIDED BY RED HAT AND CONTRIBUTORS ''AS IS'' AND
  20  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
  21  * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
  22  * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL RED HAT OR
  23  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  24  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
  25  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
  26  * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
  27  * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
  28  * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
  29  * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  30  * SUCH DAMAGE.
  31  */
  32
  33 /* This header file defines the file format used by LUKSv1.  See also:
  34  * https://gitlab.com/cryptsetup/cryptsetup/-/wikis/LUKS-standard/on-disk-format.pdf
  35  * Note we do not yet support LUKSv2.
  36  */
  37
  38 #ifndef NBDKIT_LUKS_ENCRYPTION_H
  39 #define NBDKIT_LUKS_ENCRYPTION_H
  40
  41 #include <stdint.h>
  42 #include <gnutls/crypto.h>
  43
  44 #define LUKS_SECTOR_SIZE 512
  45
  46 /* Per-connection data. */
  47 struct luks_data;
  48
  49 /* Load the LUKS header, parse the algorithms, unlock the masterkey
  50  * using the passphrase, initialize all the fields in the handle.
  51  *
  52  * This function may call next->pread (many times).
  53  */
  54 extern struct luks_data *load_header (nbdkit_next *next,
  55                                       const char *passphrase);
  56
  57 /* Free the handle and all fields inside it. */
  58 extern void free_luks_data (struct luks_data *h);
  59
  60 /* Get the offset where the encrypted data starts (in sectors). */
  61 extern uint64_t get_payload_offset (struct luks_data *h);
  62
  63 /* Create an GnuTLS cipher, initialized with the master key.  Must be
  64  * freed by the caller using gnutls_cipher_deinit.
  65  */
  66 extern gnutls_cipher_hd_t create_cipher (struct luks_data *h);
  67
  68 /* Perform decryption/encryption of a block of memory in-place.
  69  *
  70  * 'sector' is the sector number on disk, used to calculate IVs.  (The
  71  * keyslots also use these functions, but sector must be 0).
  72  */
  73 extern int do_decrypt (struct luks_data *h, gnutls_cipher_hd_t cipher,
  74                        uint64_t sector, uint8_t *buf, size_t nr_sectors);
  75 extern int do_encrypt (struct luks_data *h, gnutls_cipher_hd_t cipher,
  76                        uint64_t sector, uint8_t *buf, size_t nr_sectors);
  77
  78 #endif /* NBDKIT_LUKS_ENCRYPTION_H */