186d7f5d3SJohn Marino #ifndef INCLUDED_CRYPTSETUP_LUKS_LUKS_H 286d7f5d3SJohn Marino #define INCLUDED_CRYPTSETUP_LUKS_LUKS_H 386d7f5d3SJohn Marino 486d7f5d3SJohn Marino /* 586d7f5d3SJohn Marino * LUKS partition header 686d7f5d3SJohn Marino */ 786d7f5d3SJohn Marino 886d7f5d3SJohn Marino #include "libcryptsetup.h" 986d7f5d3SJohn Marino 1086d7f5d3SJohn Marino #define LUKS_CIPHERNAME_L 32 1186d7f5d3SJohn Marino #define LUKS_CIPHERMODE_L 32 1286d7f5d3SJohn Marino #define LUKS_HASHSPEC_L 32 1386d7f5d3SJohn Marino #define LUKS_DIGESTSIZE 20 // since SHA1 1486d7f5d3SJohn Marino #define LUKS_HMACSIZE 32 1586d7f5d3SJohn Marino #define LUKS_SALTSIZE 32 1686d7f5d3SJohn Marino #define LUKS_NUMKEYS 8 1786d7f5d3SJohn Marino 1886d7f5d3SJohn Marino // Minimal number of iterations 1986d7f5d3SJohn Marino #define LUKS_MKD_ITERATIONS_MIN 1000 2086d7f5d3SJohn Marino #define LUKS_SLOT_ITERATIONS_MIN 1000 2186d7f5d3SJohn Marino 2286d7f5d3SJohn Marino #define LUKS_KEY_DISABLED_OLD 0 2386d7f5d3SJohn Marino #define LUKS_KEY_ENABLED_OLD 0xCAFE 2486d7f5d3SJohn Marino 2586d7f5d3SJohn Marino #define LUKS_KEY_DISABLED 0x0000DEAD 2686d7f5d3SJohn Marino #define LUKS_KEY_ENABLED 0x00AC71F3 2786d7f5d3SJohn Marino 2886d7f5d3SJohn Marino #define LUKS_STRIPES 4000 2986d7f5d3SJohn Marino 3086d7f5d3SJohn Marino // partition header starts with magic 3186d7f5d3SJohn Marino #define LUKS_MAGIC {'L','U','K','S', 0xba, 0xbe}; 3286d7f5d3SJohn Marino #define LUKS_MAGIC_L 6 3386d7f5d3SJohn Marino 3486d7f5d3SJohn Marino #define LUKS_PHDR_SIZE (sizeof(struct luks_phdr)/SECTOR_SIZE+1) 3586d7f5d3SJohn Marino 3686d7f5d3SJohn Marino /* Actually we need only 37, but we don't want struct autoaligning to kick in */ 3786d7f5d3SJohn Marino #define UUID_STRING_L 40 3886d7f5d3SJohn Marino 3986d7f5d3SJohn Marino /* Offset to align kesylot area */ 4086d7f5d3SJohn Marino #define LUKS_ALIGN_KEYSLOTS 4096 4186d7f5d3SJohn Marino 4286d7f5d3SJohn Marino /* Any integer values are stored in network byte order on disk and must be 4386d7f5d3SJohn Marino converted */ 4486d7f5d3SJohn Marino 4586d7f5d3SJohn Marino struct luks_phdr { 4686d7f5d3SJohn Marino char magic[LUKS_MAGIC_L]; 4786d7f5d3SJohn Marino uint16_t version; 4886d7f5d3SJohn Marino char cipherName[LUKS_CIPHERNAME_L]; 4986d7f5d3SJohn Marino char cipherMode[LUKS_CIPHERMODE_L]; 5086d7f5d3SJohn Marino char hashSpec[LUKS_HASHSPEC_L]; 5186d7f5d3SJohn Marino uint32_t payloadOffset; 5286d7f5d3SJohn Marino uint32_t keyBytes; 5386d7f5d3SJohn Marino char mkDigest[LUKS_DIGESTSIZE]; 5486d7f5d3SJohn Marino char mkDigestSalt[LUKS_SALTSIZE]; 5586d7f5d3SJohn Marino uint32_t mkDigestIterations; 5686d7f5d3SJohn Marino char uuid[UUID_STRING_L]; 5786d7f5d3SJohn Marino 5886d7f5d3SJohn Marino struct { 5986d7f5d3SJohn Marino uint32_t active; 6086d7f5d3SJohn Marino 6186d7f5d3SJohn Marino /* parameters used for password processing */ 6286d7f5d3SJohn Marino uint32_t passwordIterations; 6386d7f5d3SJohn Marino char passwordSalt[LUKS_SALTSIZE]; 6486d7f5d3SJohn Marino 6586d7f5d3SJohn Marino /* parameters used for AF store/load */ 6686d7f5d3SJohn Marino uint32_t keyMaterialOffset; 6786d7f5d3SJohn Marino uint32_t stripes; 6886d7f5d3SJohn Marino } keyblock[LUKS_NUMKEYS]; 6986d7f5d3SJohn Marino 7086d7f5d3SJohn Marino /* Align it to 512 sector size */ 7186d7f5d3SJohn Marino char _padding[432]; 7286d7f5d3SJohn Marino }; 7386d7f5d3SJohn Marino 7486d7f5d3SJohn Marino struct luks_masterkey { 7586d7f5d3SJohn Marino size_t keyLength; 7686d7f5d3SJohn Marino char key[]; 7786d7f5d3SJohn Marino }; 7886d7f5d3SJohn Marino 7986d7f5d3SJohn Marino struct luks_masterkey *LUKS_alloc_masterkey(int keylength, const char *key); 8086d7f5d3SJohn Marino void LUKS_dealloc_masterkey(struct luks_masterkey *mk); 8186d7f5d3SJohn Marino struct luks_masterkey *LUKS_generate_masterkey(int keylength); 8286d7f5d3SJohn Marino int LUKS_verify_master_key(const struct luks_phdr *hdr, 8386d7f5d3SJohn Marino const struct luks_masterkey *mk); 8486d7f5d3SJohn Marino 8586d7f5d3SJohn Marino int LUKS_generate_phdr( 8686d7f5d3SJohn Marino struct luks_phdr *header, 8786d7f5d3SJohn Marino const struct luks_masterkey *mk, 8886d7f5d3SJohn Marino const char *cipherName, 8986d7f5d3SJohn Marino const char *cipherMode, 9086d7f5d3SJohn Marino const char *hashSpec, 9186d7f5d3SJohn Marino const char *uuid, 9286d7f5d3SJohn Marino unsigned int stripes, 9386d7f5d3SJohn Marino unsigned int alignPayload, 9486d7f5d3SJohn Marino unsigned int alignOffset, 9586d7f5d3SJohn Marino uint32_t iteration_time_ms, 9686d7f5d3SJohn Marino uint64_t *PBKDF2_per_sec, 9786d7f5d3SJohn Marino struct crypt_device *ctx); 9886d7f5d3SJohn Marino 9986d7f5d3SJohn Marino int LUKS_read_phdr( 10086d7f5d3SJohn Marino const char *device, 10186d7f5d3SJohn Marino struct luks_phdr *hdr, 10286d7f5d3SJohn Marino int require_luks_device, 10386d7f5d3SJohn Marino struct crypt_device *ctx); 10486d7f5d3SJohn Marino 10586d7f5d3SJohn Marino int LUKS_read_phdr_backup( 10686d7f5d3SJohn Marino const char *backup_file, 10786d7f5d3SJohn Marino const char *device, 10886d7f5d3SJohn Marino struct luks_phdr *hdr, 10986d7f5d3SJohn Marino int require_luks_device, 11086d7f5d3SJohn Marino struct crypt_device *ctx); 11186d7f5d3SJohn Marino 11286d7f5d3SJohn Marino int LUKS_hdr_backup( 11386d7f5d3SJohn Marino const char *backup_file, 11486d7f5d3SJohn Marino const char *device, 11586d7f5d3SJohn Marino struct luks_phdr *hdr, 11686d7f5d3SJohn Marino struct crypt_device *ctx); 11786d7f5d3SJohn Marino 11886d7f5d3SJohn Marino int LUKS_hdr_restore( 11986d7f5d3SJohn Marino const char *backup_file, 12086d7f5d3SJohn Marino const char *device, 12186d7f5d3SJohn Marino struct luks_phdr *hdr, 12286d7f5d3SJohn Marino struct crypt_device *ctx); 12386d7f5d3SJohn Marino 12486d7f5d3SJohn Marino int LUKS_write_phdr( 12586d7f5d3SJohn Marino const char *device, 12686d7f5d3SJohn Marino struct luks_phdr *hdr, 12786d7f5d3SJohn Marino struct crypt_device *ctx); 12886d7f5d3SJohn Marino 12986d7f5d3SJohn Marino int LUKS_set_key( 13086d7f5d3SJohn Marino const char *device, 13186d7f5d3SJohn Marino unsigned int keyIndex, 13286d7f5d3SJohn Marino const char *password, 13386d7f5d3SJohn Marino size_t passwordLen, 13486d7f5d3SJohn Marino struct luks_phdr *hdr, 13586d7f5d3SJohn Marino struct luks_masterkey *mk, 13686d7f5d3SJohn Marino uint32_t iteration_time_ms, 13786d7f5d3SJohn Marino uint64_t *PBKDF2_per_sec, 13886d7f5d3SJohn Marino struct crypt_device *ctx); 13986d7f5d3SJohn Marino 14086d7f5d3SJohn Marino int LUKS_open_key_with_hdr( 14186d7f5d3SJohn Marino const char *device, 14286d7f5d3SJohn Marino int keyIndex, 14386d7f5d3SJohn Marino const char *password, 14486d7f5d3SJohn Marino size_t passwordLen, 14586d7f5d3SJohn Marino struct luks_phdr *hdr, 14686d7f5d3SJohn Marino struct luks_masterkey **mk, 14786d7f5d3SJohn Marino struct crypt_device *ctx); 14886d7f5d3SJohn Marino 14986d7f5d3SJohn Marino int LUKS_del_key( 15086d7f5d3SJohn Marino const char *device, 15186d7f5d3SJohn Marino unsigned int keyIndex, 15286d7f5d3SJohn Marino struct luks_phdr *hdr, 15386d7f5d3SJohn Marino struct crypt_device *ctx); 15486d7f5d3SJohn Marino 15586d7f5d3SJohn Marino crypt_keyslot_info LUKS_keyslot_info(struct luks_phdr *hdr, int keyslot); 15686d7f5d3SJohn Marino int LUKS_keyslot_find_empty(struct luks_phdr *hdr); 15786d7f5d3SJohn Marino int LUKS_keyslot_active_count(struct luks_phdr *hdr); 15886d7f5d3SJohn Marino int LUKS_keyslot_set(struct luks_phdr *hdr, int keyslot, int enable); 15986d7f5d3SJohn Marino 16086d7f5d3SJohn Marino int LUKS_encrypt_to_storage( 16186d7f5d3SJohn Marino char *src, size_t srcLength, 16286d7f5d3SJohn Marino struct luks_phdr *hdr, 16386d7f5d3SJohn Marino char *key, size_t keyLength, 16486d7f5d3SJohn Marino const char *device, 16586d7f5d3SJohn Marino unsigned int sector, 16686d7f5d3SJohn Marino struct crypt_device *ctx); 16786d7f5d3SJohn Marino 16886d7f5d3SJohn Marino int LUKS_decrypt_from_storage( 16986d7f5d3SJohn Marino char *dst, size_t dstLength, 17086d7f5d3SJohn Marino struct luks_phdr *hdr, 17186d7f5d3SJohn Marino char *key, size_t keyLength, 17286d7f5d3SJohn Marino const char *device, 17386d7f5d3SJohn Marino unsigned int sector, 17486d7f5d3SJohn Marino struct crypt_device *ctx); 17586d7f5d3SJohn Marino 17686d7f5d3SJohn Marino #endif 177