1*86d7f5d3SJohn Marino #ifndef INCLUDED_CRYPTSETUP_LUKS_LUKS_H 2*86d7f5d3SJohn Marino #define INCLUDED_CRYPTSETUP_LUKS_LUKS_H 3*86d7f5d3SJohn Marino 4*86d7f5d3SJohn Marino /* 5*86d7f5d3SJohn Marino * LUKS partition header 6*86d7f5d3SJohn Marino */ 7*86d7f5d3SJohn Marino 8*86d7f5d3SJohn Marino #include "libcryptsetup.h" 9*86d7f5d3SJohn Marino 10*86d7f5d3SJohn Marino #define LUKS_CIPHERNAME_L 32 11*86d7f5d3SJohn Marino #define LUKS_CIPHERMODE_L 32 12*86d7f5d3SJohn Marino #define LUKS_HASHSPEC_L 32 13*86d7f5d3SJohn Marino #define LUKS_DIGESTSIZE 20 // since SHA1 14*86d7f5d3SJohn Marino #define LUKS_HMACSIZE 32 15*86d7f5d3SJohn Marino #define LUKS_SALTSIZE 32 16*86d7f5d3SJohn Marino #define LUKS_NUMKEYS 8 17*86d7f5d3SJohn Marino 18*86d7f5d3SJohn Marino // Minimal number of iterations 19*86d7f5d3SJohn Marino #define LUKS_MKD_ITERATIONS_MIN 1000 20*86d7f5d3SJohn Marino #define LUKS_SLOT_ITERATIONS_MIN 1000 21*86d7f5d3SJohn Marino 22*86d7f5d3SJohn Marino #define LUKS_KEY_DISABLED_OLD 0 23*86d7f5d3SJohn Marino #define LUKS_KEY_ENABLED_OLD 0xCAFE 24*86d7f5d3SJohn Marino 25*86d7f5d3SJohn Marino #define LUKS_KEY_DISABLED 0x0000DEAD 26*86d7f5d3SJohn Marino #define LUKS_KEY_ENABLED 0x00AC71F3 27*86d7f5d3SJohn Marino 28*86d7f5d3SJohn Marino #define LUKS_STRIPES 4000 29*86d7f5d3SJohn Marino 30*86d7f5d3SJohn Marino // partition header starts with magic 31*86d7f5d3SJohn Marino #define LUKS_MAGIC {'L','U','K','S', 0xba, 0xbe}; 32*86d7f5d3SJohn Marino #define LUKS_MAGIC_L 6 33*86d7f5d3SJohn Marino 34*86d7f5d3SJohn Marino #define LUKS_PHDR_SIZE (sizeof(struct luks_phdr)/SECTOR_SIZE+1) 35*86d7f5d3SJohn Marino 36*86d7f5d3SJohn Marino /* Actually we need only 37, but we don't want struct autoaligning to kick in */ 37*86d7f5d3SJohn Marino #define UUID_STRING_L 40 38*86d7f5d3SJohn Marino 39*86d7f5d3SJohn Marino /* Offset to align kesylot area */ 40*86d7f5d3SJohn Marino #define LUKS_ALIGN_KEYSLOTS 4096 41*86d7f5d3SJohn Marino 42*86d7f5d3SJohn Marino /* Any integer values are stored in network byte order on disk and must be 43*86d7f5d3SJohn Marino converted */ 44*86d7f5d3SJohn Marino 45*86d7f5d3SJohn Marino struct luks_phdr { 46*86d7f5d3SJohn Marino char magic[LUKS_MAGIC_L]; 47*86d7f5d3SJohn Marino uint16_t version; 48*86d7f5d3SJohn Marino char cipherName[LUKS_CIPHERNAME_L]; 49*86d7f5d3SJohn Marino char cipherMode[LUKS_CIPHERMODE_L]; 50*86d7f5d3SJohn Marino char hashSpec[LUKS_HASHSPEC_L]; 51*86d7f5d3SJohn Marino uint32_t payloadOffset; 52*86d7f5d3SJohn Marino uint32_t keyBytes; 53*86d7f5d3SJohn Marino char mkDigest[LUKS_DIGESTSIZE]; 54*86d7f5d3SJohn Marino char mkDigestSalt[LUKS_SALTSIZE]; 55*86d7f5d3SJohn Marino uint32_t mkDigestIterations; 56*86d7f5d3SJohn Marino char uuid[UUID_STRING_L]; 57*86d7f5d3SJohn Marino 58*86d7f5d3SJohn Marino struct { 59*86d7f5d3SJohn Marino uint32_t active; 60*86d7f5d3SJohn Marino 61*86d7f5d3SJohn Marino /* parameters used for password processing */ 62*86d7f5d3SJohn Marino uint32_t passwordIterations; 63*86d7f5d3SJohn Marino char passwordSalt[LUKS_SALTSIZE]; 64*86d7f5d3SJohn Marino 65*86d7f5d3SJohn Marino /* parameters used for AF store/load */ 66*86d7f5d3SJohn Marino uint32_t keyMaterialOffset; 67*86d7f5d3SJohn Marino uint32_t stripes; 68*86d7f5d3SJohn Marino } keyblock[LUKS_NUMKEYS]; 69*86d7f5d3SJohn Marino 70*86d7f5d3SJohn Marino /* Align it to 512 sector size */ 71*86d7f5d3SJohn Marino char _padding[432]; 72*86d7f5d3SJohn Marino }; 73*86d7f5d3SJohn Marino 74*86d7f5d3SJohn Marino struct luks_masterkey { 75*86d7f5d3SJohn Marino size_t keyLength; 76*86d7f5d3SJohn Marino char key[]; 77*86d7f5d3SJohn Marino }; 78*86d7f5d3SJohn Marino 79*86d7f5d3SJohn Marino struct luks_masterkey *LUKS_alloc_masterkey(int keylength, const char *key); 80*86d7f5d3SJohn Marino void LUKS_dealloc_masterkey(struct luks_masterkey *mk); 81*86d7f5d3SJohn Marino struct luks_masterkey *LUKS_generate_masterkey(int keylength); 82*86d7f5d3SJohn Marino int LUKS_verify_master_key(const struct luks_phdr *hdr, 83*86d7f5d3SJohn Marino const struct luks_masterkey *mk); 84*86d7f5d3SJohn Marino 85*86d7f5d3SJohn Marino int LUKS_generate_phdr( 86*86d7f5d3SJohn Marino struct luks_phdr *header, 87*86d7f5d3SJohn Marino const struct luks_masterkey *mk, 88*86d7f5d3SJohn Marino const char *cipherName, 89*86d7f5d3SJohn Marino const char *cipherMode, 90*86d7f5d3SJohn Marino const char *hashSpec, 91*86d7f5d3SJohn Marino const char *uuid, 92*86d7f5d3SJohn Marino unsigned int stripes, 93*86d7f5d3SJohn Marino unsigned int alignPayload, 94*86d7f5d3SJohn Marino unsigned int alignOffset, 95*86d7f5d3SJohn Marino uint32_t iteration_time_ms, 96*86d7f5d3SJohn Marino uint64_t *PBKDF2_per_sec, 97*86d7f5d3SJohn Marino struct crypt_device *ctx); 98*86d7f5d3SJohn Marino 99*86d7f5d3SJohn Marino int LUKS_read_phdr( 100*86d7f5d3SJohn Marino const char *device, 101*86d7f5d3SJohn Marino struct luks_phdr *hdr, 102*86d7f5d3SJohn Marino int require_luks_device, 103*86d7f5d3SJohn Marino struct crypt_device *ctx); 104*86d7f5d3SJohn Marino 105*86d7f5d3SJohn Marino int LUKS_read_phdr_backup( 106*86d7f5d3SJohn Marino const char *backup_file, 107*86d7f5d3SJohn Marino const char *device, 108*86d7f5d3SJohn Marino struct luks_phdr *hdr, 109*86d7f5d3SJohn Marino int require_luks_device, 110*86d7f5d3SJohn Marino struct crypt_device *ctx); 111*86d7f5d3SJohn Marino 112*86d7f5d3SJohn Marino int LUKS_hdr_backup( 113*86d7f5d3SJohn Marino const char *backup_file, 114*86d7f5d3SJohn Marino const char *device, 115*86d7f5d3SJohn Marino struct luks_phdr *hdr, 116*86d7f5d3SJohn Marino struct crypt_device *ctx); 117*86d7f5d3SJohn Marino 118*86d7f5d3SJohn Marino int LUKS_hdr_restore( 119*86d7f5d3SJohn Marino const char *backup_file, 120*86d7f5d3SJohn Marino const char *device, 121*86d7f5d3SJohn Marino struct luks_phdr *hdr, 122*86d7f5d3SJohn Marino struct crypt_device *ctx); 123*86d7f5d3SJohn Marino 124*86d7f5d3SJohn Marino int LUKS_write_phdr( 125*86d7f5d3SJohn Marino const char *device, 126*86d7f5d3SJohn Marino struct luks_phdr *hdr, 127*86d7f5d3SJohn Marino struct crypt_device *ctx); 128*86d7f5d3SJohn Marino 129*86d7f5d3SJohn Marino int LUKS_set_key( 130*86d7f5d3SJohn Marino const char *device, 131*86d7f5d3SJohn Marino unsigned int keyIndex, 132*86d7f5d3SJohn Marino const char *password, 133*86d7f5d3SJohn Marino size_t passwordLen, 134*86d7f5d3SJohn Marino struct luks_phdr *hdr, 135*86d7f5d3SJohn Marino struct luks_masterkey *mk, 136*86d7f5d3SJohn Marino uint32_t iteration_time_ms, 137*86d7f5d3SJohn Marino uint64_t *PBKDF2_per_sec, 138*86d7f5d3SJohn Marino struct crypt_device *ctx); 139*86d7f5d3SJohn Marino 140*86d7f5d3SJohn Marino int LUKS_open_key_with_hdr( 141*86d7f5d3SJohn Marino const char *device, 142*86d7f5d3SJohn Marino int keyIndex, 143*86d7f5d3SJohn Marino const char *password, 144*86d7f5d3SJohn Marino size_t passwordLen, 145*86d7f5d3SJohn Marino struct luks_phdr *hdr, 146*86d7f5d3SJohn Marino struct luks_masterkey **mk, 147*86d7f5d3SJohn Marino struct crypt_device *ctx); 148*86d7f5d3SJohn Marino 149*86d7f5d3SJohn Marino int LUKS_del_key( 150*86d7f5d3SJohn Marino const char *device, 151*86d7f5d3SJohn Marino unsigned int keyIndex, 152*86d7f5d3SJohn Marino struct luks_phdr *hdr, 153*86d7f5d3SJohn Marino struct crypt_device *ctx); 154*86d7f5d3SJohn Marino 155*86d7f5d3SJohn Marino crypt_keyslot_info LUKS_keyslot_info(struct luks_phdr *hdr, int keyslot); 156*86d7f5d3SJohn Marino int LUKS_keyslot_find_empty(struct luks_phdr *hdr); 157*86d7f5d3SJohn Marino int LUKS_keyslot_active_count(struct luks_phdr *hdr); 158*86d7f5d3SJohn Marino int LUKS_keyslot_set(struct luks_phdr *hdr, int keyslot, int enable); 159*86d7f5d3SJohn Marino 160*86d7f5d3SJohn Marino int LUKS_encrypt_to_storage( 161*86d7f5d3SJohn Marino char *src, size_t srcLength, 162*86d7f5d3SJohn Marino struct luks_phdr *hdr, 163*86d7f5d3SJohn Marino char *key, size_t keyLength, 164*86d7f5d3SJohn Marino const char *device, 165*86d7f5d3SJohn Marino unsigned int sector, 166*86d7f5d3SJohn Marino struct crypt_device *ctx); 167*86d7f5d3SJohn Marino 168*86d7f5d3SJohn Marino int LUKS_decrypt_from_storage( 169*86d7f5d3SJohn Marino char *dst, size_t dstLength, 170*86d7f5d3SJohn Marino struct luks_phdr *hdr, 171*86d7f5d3SJohn Marino char *key, size_t keyLength, 172*86d7f5d3SJohn Marino const char *device, 173*86d7f5d3SJohn Marino unsigned int sector, 174*86d7f5d3SJohn Marino struct crypt_device *ctx); 175*86d7f5d3SJohn Marino 176*86d7f5d3SJohn Marino #endif 177