1 #ifndef INCLUDED_CRYPTSETUP_LUKS_LUKS_H 2 #define INCLUDED_CRYPTSETUP_LUKS_LUKS_H 3 4 /* 5 * LUKS partition header 6 */ 7 8 #include "libcryptsetup.h" 9 10 #define LUKS_CIPHERNAME_L 32 11 #define LUKS_CIPHERMODE_L 32 12 #define LUKS_HASHSPEC_L 32 13 #define LUKS_DIGESTSIZE 20 // since SHA1 14 #define LUKS_HMACSIZE 32 15 #define LUKS_SALTSIZE 32 16 #define LUKS_NUMKEYS 8 17 18 // Minimal number of iterations 19 #define LUKS_MKD_ITERATIONS_MIN 1000 20 #define LUKS_SLOT_ITERATIONS_MIN 1000 21 22 #define LUKS_KEY_DISABLED_OLD 0 23 #define LUKS_KEY_ENABLED_OLD 0xCAFE 24 25 #define LUKS_KEY_DISABLED 0x0000DEAD 26 #define LUKS_KEY_ENABLED 0x00AC71F3 27 28 #define LUKS_STRIPES 4000 29 30 // partition header starts with magic 31 #define LUKS_MAGIC {'L','U','K','S', 0xba, 0xbe}; 32 #define LUKS_MAGIC_L 6 33 34 #define LUKS_PHDR_SIZE (sizeof(struct luks_phdr)/SECTOR_SIZE+1) 35 36 /* Actually we need only 37, but we don't want struct autoaligning to kick in */ 37 #define UUID_STRING_L 40 38 39 /* Offset to align kesylot area */ 40 #define LUKS_ALIGN_KEYSLOTS 4096 41 42 /* Any integer values are stored in network byte order on disk and must be 43 converted */ 44 45 struct luks_phdr { 46 char magic[LUKS_MAGIC_L]; 47 uint16_t version; 48 char cipherName[LUKS_CIPHERNAME_L]; 49 char cipherMode[LUKS_CIPHERMODE_L]; 50 char hashSpec[LUKS_HASHSPEC_L]; 51 uint32_t payloadOffset; 52 uint32_t keyBytes; 53 char mkDigest[LUKS_DIGESTSIZE]; 54 char mkDigestSalt[LUKS_SALTSIZE]; 55 uint32_t mkDigestIterations; 56 char uuid[UUID_STRING_L]; 57 58 struct { 59 uint32_t active; 60 61 /* parameters used for password processing */ 62 uint32_t passwordIterations; 63 char passwordSalt[LUKS_SALTSIZE]; 64 65 /* parameters used for AF store/load */ 66 uint32_t keyMaterialOffset; 67 uint32_t stripes; 68 } keyblock[LUKS_NUMKEYS]; 69 70 /* Align it to 512 sector size */ 71 char _padding[432]; 72 }; 73 74 struct luks_masterkey { 75 size_t keyLength; 76 char key[]; 77 }; 78 79 struct luks_masterkey *LUKS_alloc_masterkey(int keylength, const char *key); 80 void LUKS_dealloc_masterkey(struct luks_masterkey *mk); 81 struct luks_masterkey *LUKS_generate_masterkey(int keylength); 82 int LUKS_verify_master_key(const struct luks_phdr *hdr, 83 const struct luks_masterkey *mk); 84 85 int LUKS_generate_phdr( 86 struct luks_phdr *header, 87 const struct luks_masterkey *mk, 88 const char *cipherName, 89 const char *cipherMode, 90 const char *hashSpec, 91 const char *uuid, 92 unsigned int stripes, 93 unsigned int alignPayload, 94 unsigned int alignOffset, 95 uint32_t iteration_time_ms, 96 uint64_t *PBKDF2_per_sec, 97 struct crypt_device *ctx); 98 99 int LUKS_read_phdr( 100 const char *device, 101 struct luks_phdr *hdr, 102 int require_luks_device, 103 struct crypt_device *ctx); 104 105 int LUKS_read_phdr_backup( 106 const char *backup_file, 107 const char *device, 108 struct luks_phdr *hdr, 109 int require_luks_device, 110 struct crypt_device *ctx); 111 112 int LUKS_hdr_backup( 113 const char *backup_file, 114 const char *device, 115 struct luks_phdr *hdr, 116 struct crypt_device *ctx); 117 118 int LUKS_hdr_restore( 119 const char *backup_file, 120 const char *device, 121 struct luks_phdr *hdr, 122 struct crypt_device *ctx); 123 124 int LUKS_write_phdr( 125 const char *device, 126 struct luks_phdr *hdr, 127 struct crypt_device *ctx); 128 129 int LUKS_set_key( 130 const char *device, 131 unsigned int keyIndex, 132 const char *password, 133 size_t passwordLen, 134 struct luks_phdr *hdr, 135 struct luks_masterkey *mk, 136 uint32_t iteration_time_ms, 137 uint64_t *PBKDF2_per_sec, 138 struct crypt_device *ctx); 139 140 int LUKS_open_key_with_hdr( 141 const char *device, 142 int keyIndex, 143 const char *password, 144 size_t passwordLen, 145 struct luks_phdr *hdr, 146 struct luks_masterkey **mk, 147 struct crypt_device *ctx); 148 149 int LUKS_del_key( 150 const char *device, 151 unsigned int keyIndex, 152 struct luks_phdr *hdr, 153 struct crypt_device *ctx); 154 155 crypt_keyslot_info LUKS_keyslot_info(struct luks_phdr *hdr, int keyslot); 156 int LUKS_keyslot_find_empty(struct luks_phdr *hdr); 157 int LUKS_keyslot_active_count(struct luks_phdr *hdr); 158 int LUKS_keyslot_set(struct luks_phdr *hdr, int keyslot, int enable); 159 160 int LUKS_encrypt_to_storage( 161 char *src, size_t srcLength, 162 struct luks_phdr *hdr, 163 char *key, size_t keyLength, 164 const char *device, 165 unsigned int sector, 166 struct crypt_device *ctx); 167 168 int LUKS_decrypt_from_storage( 169 char *dst, size_t dstLength, 170 struct luks_phdr *hdr, 171 char *key, size_t keyLength, 172 const char *device, 173 unsigned int sector, 174 struct crypt_device *ctx); 175 176 #endif 177