summaryrefslogtreecommitdiffstats
path: root/lib/luks1/luks.h
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-27 17:44:12 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-27 17:44:12 +0000
commit1be69c2c660b70ac2f4de2a5326e27e3e60eb82d (patch)
treebb299ab6f411f4fccd735907035de710e4ec6abc /lib/luks1/luks.h
parentInitial commit. (diff)
downloadcryptsetup-1be69c2c660b70ac2f4de2a5326e27e3e60eb82d.tar.xz
cryptsetup-1be69c2c660b70ac2f4de2a5326e27e3e60eb82d.zip
Adding upstream version 2:2.3.7.upstream/2%2.3.7upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'lib/luks1/luks.h')
-rw-r--r--lib/luks1/luks.h194
1 files changed, 194 insertions, 0 deletions
diff --git a/lib/luks1/luks.h b/lib/luks1/luks.h
new file mode 100644
index 0000000..2b5132a
--- /dev/null
+++ b/lib/luks1/luks.h
@@ -0,0 +1,194 @@
+/*
+ * LUKS - Linux Unified Key Setup
+ *
+ * Copyright (C) 2004-2006 Clemens Fruhwirth <clemens@endorphin.org>
+ * Copyright (C) 2009-2021 Red Hat, Inc. All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#ifndef INCLUDED_CRYPTSETUP_LUKS_LUKS_H
+#define INCLUDED_CRYPTSETUP_LUKS_LUKS_H
+
+/*
+ * LUKS partition header
+ */
+
+#include "libcryptsetup.h"
+
+#define LUKS_CIPHERNAME_L 32
+#define LUKS_CIPHERMODE_L 32
+#define LUKS_HASHSPEC_L 32
+#define LUKS_DIGESTSIZE 20 // since SHA1
+#define LUKS_HMACSIZE 32
+#define LUKS_SALTSIZE 32
+#define LUKS_NUMKEYS 8
+
+// Minimal number of iterations
+#define LUKS_MKD_ITERATIONS_MIN 1000
+#define LUKS_SLOT_ITERATIONS_MIN 1000
+
+// Iteration time for digest in ms
+#define LUKS_MKD_ITERATIONS_MS 125
+
+#define LUKS_KEY_DISABLED_OLD 0
+#define LUKS_KEY_ENABLED_OLD 0xCAFE
+
+#define LUKS_KEY_DISABLED 0x0000DEAD
+#define LUKS_KEY_ENABLED 0x00AC71F3
+
+#define LUKS_STRIPES 4000
+
+// partition header starts with magic
+#define LUKS_MAGIC {'L','U','K','S', 0xba, 0xbe};
+#define LUKS_MAGIC_L 6
+
+/* Actually we need only 37, but we don't want struct autoaligning to kick in */
+#define UUID_STRING_L 40
+
+/* Offset to keyslot area [in bytes] */
+#define LUKS_ALIGN_KEYSLOTS 4096
+
+/* Maximal LUKS header size, for wipe [in bytes] */
+#define LUKS_MAX_KEYSLOT_SIZE 0x1000000 /* 16 MB, up to 32768 bits key */
+
+/* Any integer values are stored in network byte order on disk and must be
+converted */
+
+struct volume_key;
+struct device_backend;
+
+struct luks_phdr {
+ char magic[LUKS_MAGIC_L];
+ uint16_t version;
+ char cipherName[LUKS_CIPHERNAME_L];
+ char cipherMode[LUKS_CIPHERMODE_L];
+ char hashSpec[LUKS_HASHSPEC_L];
+ uint32_t payloadOffset;
+ uint32_t keyBytes;
+ char mkDigest[LUKS_DIGESTSIZE];
+ char mkDigestSalt[LUKS_SALTSIZE];
+ uint32_t mkDigestIterations;
+ char uuid[UUID_STRING_L];
+
+ struct {
+ uint32_t active;
+
+ /* parameters used for password processing */
+ uint32_t passwordIterations;
+ char passwordSalt[LUKS_SALTSIZE];
+
+ /* parameters used for AF store/load */
+ uint32_t keyMaterialOffset;
+ uint32_t stripes;
+ } keyblock[LUKS_NUMKEYS];
+
+ /* Align it to 512 sector size */
+ char _padding[432];
+};
+
+int LUKS_verify_volume_key(const struct luks_phdr *hdr,
+ const struct volume_key *vk);
+
+int LUKS_check_cipher(struct crypt_device *ctx,
+ size_t keylength,
+ const char *cipher,
+ const char *cipher_mode);
+
+int LUKS_generate_phdr(struct luks_phdr *header,
+ const struct volume_key *vk,
+ const char *cipherName,
+ const char *cipherMode,
+ const char *hashSpec,
+ const char *uuid,
+ uint64_t data_offset,
+ uint64_t align_offset,
+ uint64_t required_alignment,
+ struct crypt_device *ctx);
+
+int LUKS_read_phdr(
+ struct luks_phdr *hdr,
+ int require_luks_device,
+ int repair,
+ struct crypt_device *ctx);
+
+int LUKS_read_phdr_backup(
+ const char *backup_file,
+ struct luks_phdr *hdr,
+ int require_luks_device,
+ struct crypt_device *ctx);
+
+int LUKS_hdr_uuid_set(
+ struct luks_phdr *hdr,
+ const char *uuid,
+ struct crypt_device *ctx);
+
+int LUKS_hdr_backup(
+ const char *backup_file,
+ struct crypt_device *ctx);
+
+int LUKS_hdr_restore(
+ const char *backup_file,
+ struct luks_phdr *hdr,
+ struct crypt_device *ctx);
+
+int LUKS_write_phdr(
+ struct luks_phdr *hdr,
+ struct crypt_device *ctx);
+
+int LUKS_set_key(
+ unsigned int keyIndex,
+ const char *password,
+ size_t passwordLen,
+ struct luks_phdr *hdr,
+ struct volume_key *vk,
+ struct crypt_device *ctx);
+
+int LUKS_open_key_with_hdr(
+ int keyIndex,
+ const char *password,
+ size_t passwordLen,
+ struct luks_phdr *hdr,
+ struct volume_key **vk,
+ struct crypt_device *ctx);
+
+int LUKS_del_key(
+ unsigned int keyIndex,
+ struct luks_phdr *hdr,
+ struct crypt_device *ctx);
+
+int LUKS_wipe_header_areas(struct luks_phdr *hdr,
+ struct crypt_device *ctx);
+
+crypt_keyslot_info LUKS_keyslot_info(struct luks_phdr *hdr, int keyslot);
+int LUKS_keyslot_find_empty(struct luks_phdr *hdr);
+int LUKS_keyslot_active_count(struct luks_phdr *hdr);
+int LUKS_keyslot_set(struct luks_phdr *hdr, int keyslot, int enable,
+ struct crypt_device *ctx);
+int LUKS_keyslot_area(const struct luks_phdr *hdr,
+ int keyslot,
+ uint64_t *offset,
+ uint64_t *length);
+size_t LUKS_device_sectors(const struct luks_phdr *hdr);
+size_t LUKS_keyslots_offset(const struct luks_phdr *hdr);
+int LUKS_keyslot_pbkdf(struct luks_phdr *hdr, int keyslot,
+ struct crypt_pbkdf_type *pbkdf);
+
+int LUKS1_activate(struct crypt_device *cd,
+ const char *name,
+ struct volume_key *vk,
+ uint32_t flags);
+
+#endif