diff options
Diffstat (limited to '')
-rw-r--r-- | tests/fuzz/LUKS2.proto | 379 |
1 files changed, 379 insertions, 0 deletions
diff --git a/tests/fuzz/LUKS2.proto b/tests/fuzz/LUKS2.proto new file mode 100644 index 0000000..3a0f287 --- /dev/null +++ b/tests/fuzz/LUKS2.proto @@ -0,0 +1,379 @@ +/* + * cryptsetup LUKS2 custom mutator + * + * Copyright (C) 2022-2023 Daniel Zatovic <daniel.zatovic@gmail.com> + * Copyright (C) 2022-2023 Red Hat, Inc. All rights reserved. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +syntax = "proto2"; + +package LUKS2_proto; + +// --------------------------------------------------------------------------- +// ----------------------------- GENERIC OBJECTS ----------------------------- +// --------------------------------------------------------------------------- + +message object_id { + oneof id { + // int_id will be mapped to range -16 to 16 (mod 33) + // this way iy should be easier to generate valid + // object cross-references + uint32 int_id = 1; + string string_id = 2; + } +} + +message string_uint64 { + required bool negative = 1; + oneof number { + uint32 uint_num = 2; + string string_num = 3; + } +} + +enum hash_algorithm { + HASH_ALG_SHA1 = 1; + HASH_ALG_SHA256 = 2; +} + + +// --------------------------------------------------------------------------- +// ----------------------------- BINARY HEADER ------------------------------- +// --------------------------------------------------------------------------- + +enum luks2_magic { + INVALID = 0; + FIRST = 1; + SECOND = 2; +} + +enum luks_version { + ONE = 1; + TWO = 2; + THREE = 3; +} + +// we limit the size to 64KiB to make the fuzzing faster +// because the checksum needs to be calculated for the whole image +enum hdr_size { + size_16_KB = 16384; + size_32_KB = 32768; + size_64_KB = 65536; +// size_128_KB = 131072; +// size_256_KB = 262144; +// size_512_KB = 524288; +// size_1_MB = 1048576; +// size_2_MB = 2097152; +// size_4_MB = 4194304; +} + +enum seqid_description { + PRIMARY_GREATER = 0; + SECONDARY_GREATER = 1; + EQUAL = 2; +} + +// message luks2_hdr_disk { +// char magic[LUKS2_MAGIC_L]; +// //uint16_t version; /* Version 2 */ +// uint64_t hdr_size; /* in bytes, including JSON area */ +// uint64_t seqid; /* increased on every update */ +// char label[LUKS2_LABEL_L]; +// char checksum_alg[LUKS2_CHECKSUM_ALG_L]; +// uint8_t salt[LUKS2_SALT_L]; /* unique for every header/offset */ +// char uuid[LUKS2_UUID_L]; +// char subsystem[LUKS2_LABEL_L]; /* owner subsystem label */ +// uint64_t hdr_offset; /* offset from device start in bytes */ +// char _padding[184]; +// uint8_t csum[LUKS2_CHECKSUM_L]; +// } +message LUKS2_header { + required luks_version version = 1; + required luks2_magic magic = 2; + required hdr_size hdr_size = 3; + required bool use_correct_checksum = 4; + + optional uint64 selected_offset = 5; +} + +message LUKS2_both_headers { + required LUKS2_header primary_header = 1; + required LUKS2_header secondary_header = 2; + + required seqid_description seqid = 3; + required json_area_description json_area = 4; +} + +message json_area_description { + optional config_description config = 1; + repeated keyslot_description keyslots = 2; + repeated digest_description digests = 3; + repeated segment_description segments = 4; + repeated token_description tokens = 5; +} + +// --------------------------------------------------------------------------- +// ----------------------------- KEYSLOT OBJECT ------------------------------ +// --------------------------------------------------------------------------- + +enum keyslot_type { + KEYSLOT_TYPE_LUKS2 = 1; + KEYSLOT_TYPE_REENCRYPT = 2; + KEYSLOT_TYPE_PLACEHOLDER = 3; +} + +enum reencrypt_keyslot_mode { + MODE_REENCRYPT = 1; + MODE_ENCRYPT = 2; + MODE_DECRYPT = 3; +} + +enum reencrypt_keyslot_direction { + DIRECTION_FORWARD = 1; + DIRECTION_BACKWARD = 2; +} + +// The area object contains these mandatory fields: +// - type [string] the area type. +// - offset [string-uint64] the offset from the device start to the beginning of the binary area (in bytes). +// - size [string-uint64] the area size (in bytes). +// +// Area type raw contains these additional fields: +// - encryption [string] the area encryption algorithm, in dm-crypt notation (for example aes-xts-plain64). +// - key_size [integer] the area encryption key size. +// +// Area type none and journal (used only for reencryption optional extension) contain only mandatory fields. +// +// Area type checksum (used only for reencryption optional extension) contains these additional fields: +// - hash [string] The hash algorithm for the checksum resilience mode. +// - sector_size [integer] The data unit size for digest checksum calculated with the hash algorithm. +// +// Area type datashift (used only for reencryption optional extension) contains this additional field: +// - shift_size [string-uint64] The data shift (in bytes) performed during reencryption (shift direction is according to direction field). + +enum keyslot_area_type { + KEYSLOT_AREA_TYPE_RAW = 1; + KEYSLOT_AREA_TYPE_NONE = 2; + KEYSLOT_AREA_TYPE_JOURNAL = 3; + KEYSLOT_AREA_TYPE_CHECKSUM = 4; + KEYSLOT_AREA_TYPE_DATASHIFT = 5; +} + +message keyslot_area_description { + // mandatory fields + optional keyslot_area_type type = 1; + optional string_uint64 offset = 2; + optional string_uint64 size = 3; + + // raw type fields + optional string encryption = 4; + optional int32 key_size = 5; + + // checksum type field + optional hash_algorithm hash = 6; + optional int32 sector_size = 7; + + // datashift type fields + optional string_uint64 shift_size = 8; +} + +// The object describes PBKDF attributes used for the keyslot. +// The kdf object mandatory fields are: +// - type [string] the PBKDF type. +// - salt [base64] the salt for PBKDF (binary data). +// +// The pbkdf2 type (compatible with LUKS1) contains these additional fields: +// - hash [string] the hash algorithm for the PBKDF2 (SHA-256). +// - iterations [integer] the PBKDF2 iterations count. +// +// The argon2i and argon2id type contains these additional fields: +// - time [integer] the time cost (in fact the iterations count for Argon2). +// - memory [integer] the memory cost, in kilobytes. If not available, the keyslot cannot be unlocked. +// - cpus [integer] the required number of threads (CPU cores number cost). If not available, unlocking will be slower. + +enum keyslot_kdf_type { + KEYSLOT_KDF_TYPE_PBKDF2 = 1; + KEYSLOT_KDF_TYPE_ARGON2I = 2; + KEYSLOT_KDF_TYPE_ARGON2ID = 3; +} + +message keyslot_kdf_description { + optional keyslot_kdf_type type = 1; + optional string salt = 2; + + // pbkdf2 type + optional hash_algorithm hash = 3; + optional int32 iterations = 4; + + // argon2i and argon2id types + optional int32 time = 5; + optional int32 memory = 6; + optional int32 cpus = 7; +} + +enum keyslot_af_type { + KEYSLOT_AF_TYPE_LUKS1 = 1; +} + +// The af (anti-forensic splitter) object contains this madatory field: +// - type [string] the anti-forensic function type. +// AF type luks1 (compatible with LUKS1 [1]) contains these additional fields: +// - stripes [integer] the number of stripes, for historical reasons only the 4000 value is supported. +// - hash [string] the hash algorithm used. + +message keyslot_af_description { + optional keyslot_af_type type = 1; + optional int32 stripes = 2; + optional hash_algorithm hash = 3; +} + +// - type [string] the keyslot type. +// - key_size [integer] the key size (in bytes) stored in keyslot. +// - priority [integer,optional] the keyslot priority. Here 0 means ignore (the slot should be used only if explicitly stated), 1 means normal priority and 2 means high priority (tried before normal priority). + +// REENCRYPT +// The key size field must be set to 1. The area type must be none, checksum, +// journal or datashift. +// The reencrypt object must contain these additional fields: +// - mode [string] the reencryption mode. reencrypt, encrypt and decrypt +// - direction [string] the reencryption direction. forward backward + +// - area [object] the allocated area in the binary keyslots area. +// LUKS2 object must contain these additional fields: +// - kdf [object] the PBKDF type and parameters used. +// - af [object] the anti-forensic splitter [1] (only the luks1 type is currently +// used). + +message keyslot_description { + // type + required object_id oid = 1; + + optional keyslot_type type = 2; + optional int32 key_size = 3; + optional int32 priority = 4; + + // reencrypt extension + optional reencrypt_keyslot_mode mode = 5; + optional reencrypt_keyslot_direction direction = 6; + + // objects + optional keyslot_area_description area = 7; + optional keyslot_kdf_description kdf = 8; + optional keyslot_af_description af = 9; +} + +// --------------------------------------------------------------------------- +// ------------------------------ DIGEST OBJECT ------------------------------ +// --------------------------------------------------------------------------- + +message digest_description { + required object_id oid = 1; + + optional keyslot_kdf_type type = 2; + repeated object_id keyslots = 3; + repeated object_id segments = 4; + optional string salt = 5; + optional string digest = 6; + + // pbkdf2 digest fields + optional hash_algorithm hash = 7; + optional int32 iterations = 8; +} + +// --------------------------------------------------------------------------- +// ----------------------------- SEGMENT OBJECT ------------------------------ +// --------------------------------------------------------------------------- + +enum segment_type { + SEGMENT_TYPE_LINEAR = 1; + SEGMENT_TYPE_CRYPT = 2; +} + +enum segment_flag { + IN_REENCRYPTION = 1; + BACKUP_FINAL = 2; + BACKUP_PREVIOUS = 3; + BACKUP_MOVED_SEGMENT = 4; +} + +message segment_integrity_description { + optional string type = 1; + optional string journal_encryption = 2; + optional string journal_integrity = 3; +} + +message segment_description { + required object_id oid = 1; + optional segment_type type = 2; + optional string_uint64 offset = 3; + optional string_uint64 size = 4; + repeated segment_flag flags = 5; + + // segment type crypt + optional string_uint64 iv_tweak = 6; + optional string encryption = 7; + optional int32 sector_size = 8; + optional segment_integrity_description integrity = 9; +} + +// --------------------------------------------------------------------------- +// ------------------------------ TOKEN OBJECT ------------------------------- +// --------------------------------------------------------------------------- + +message token_description { + required object_id oid = 1; + + optional string type = 2; + repeated object_id keyslots = 3; + optional string key_description = 4; +} + +// --------------------------------------------------------------------------- +// ------------------------------ CONFIG OBJECT ------------------------------ +// --------------------------------------------------------------------------- + +// - allow-discards allows TRIM (discards) on the active device. +// - same-cpu-crypt compatibility performance flag for dm-crypt [3] to per- form encryption using the same CPU that originated the request. +// - submit-from-crypt-cpus compatibility performance flag for dm-crypt [3] to disable offloading write requests to a separate thread after encryption. +// - no-journal disable data journalling for dm-integrity [10]. +// - no-read-workqueue compatibility performance flag for dm-crypt [3] to bypass dm-crypt read workqueue and process read requests synchronously. +// - no-write-workqueue compatibility performance flag for dm-crypt [3] to bypass dm-crypt write workqueue and process write requests synchronously. +enum config_flag { + CONFIG_FLAG_ALLOW_DISCARDS = 1; + CONFIG_FLAG_SAME_CPU_CRYPT = 2; + CONFIG_FLAG_SUBMIT_FROM_CRYPT_CPUS = 3; + CONFIG_FLAG_NO_JOURNAL = 4; + CONFIG_FLAG_NO_READ_WORKQUEUE = 5; + CONFIG_FLAG_NO_WRITE_WORKQUEUE = 6; +} + +enum config_requirement { + CONFIG_REQUIREMENT_OFFLINE_REENCRYPT = 1; + CONFIG_REQUIREMENT_ONLINE_REENCRYPT_V2 = 2; +} + +// - json_size [string-uint64] the JSON area size (in bytes). Must match the binary header. +// - keyslots_size [string-uint64] the binary keyslot area size (in bytes). Must be aligned to 4096 bytes. +// - flags [array, optional] the array of string objects with persistent flags for the device. +// - requirements [array, optional] the array of string objects with additional required features for the LUKS device. + +message config_description { + required bool use_primary_hdr_size = 2; + + repeated config_flag config_flags = 3; + repeated config_requirement requirements = 4; +} |