mirror of
https://gitlab.com/cryptsetup/cryptsetup.git
synced 2025-12-05 16:00:05 +01:00
65f975655c
Allocate loop device late (only when real block device needed). Rework underlying device/file access functions. Move all device (and ioctl) access to utils_device.c. Allows using file where appropriate without allocation loop device.
194 lines
4.8 KiB
C
194 lines
4.8 KiB
C
/*
|
|
* LUKS - Linux Unified Key Setup
|
|
*
|
|
* Copyright (C) 2004-2006, Clemens Fruhwirth <clemens@endorphin.org>
|
|
* Copyright (C) 2009-2012, Red Hat, Inc. All rights reserved.
|
|
*
|
|
* This program is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU General Public License
|
|
* version 2 as published by the Free Software Foundation.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program; if not, write to the Free Software
|
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
*/
|
|
|
|
#ifndef INCLUDED_CRYPTSETUP_LUKS_LUKS_H
|
|
#define INCLUDED_CRYPTSETUP_LUKS_LUKS_H
|
|
|
|
/*
|
|
* LUKS partition header
|
|
*/
|
|
|
|
#include "libcryptsetup.h"
|
|
|
|
#define LUKS_CIPHERNAME_L 32
|
|
#define LUKS_CIPHERMODE_L 32
|
|
#define LUKS_HASHSPEC_L 32
|
|
#define LUKS_DIGESTSIZE 20 // since SHA1
|
|
#define LUKS_HMACSIZE 32
|
|
#define LUKS_SALTSIZE 32
|
|
#define LUKS_NUMKEYS 8
|
|
|
|
// Minimal number of iterations
|
|
#define LUKS_MKD_ITERATIONS_MIN 1000
|
|
#define LUKS_SLOT_ITERATIONS_MIN 1000
|
|
|
|
#define LUKS_KEY_DISABLED_OLD 0
|
|
#define LUKS_KEY_ENABLED_OLD 0xCAFE
|
|
|
|
#define LUKS_KEY_DISABLED 0x0000DEAD
|
|
#define LUKS_KEY_ENABLED 0x00AC71F3
|
|
|
|
#define LUKS_STRIPES 4000
|
|
|
|
// partition header starts with magic
|
|
#define LUKS_MAGIC {'L','U','K','S', 0xba, 0xbe};
|
|
#define LUKS_MAGIC_L 6
|
|
|
|
#define LUKS_PHDR_SIZE (sizeof(struct luks_phdr)/SECTOR_SIZE+1)
|
|
|
|
/* Actually we need only 37, but we don't want struct autoaligning to kick in */
|
|
#define UUID_STRING_L 40
|
|
|
|
/* Offset to keyslot area [in bytes] */
|
|
#define LUKS_ALIGN_KEYSLOTS 4096
|
|
|
|
/* Any integer values are stored in network byte order on disk and must be
|
|
converted */
|
|
|
|
struct volume_key;
|
|
struct device_backend;
|
|
|
|
struct luks_phdr {
|
|
char magic[LUKS_MAGIC_L];
|
|
uint16_t version;
|
|
char cipherName[LUKS_CIPHERNAME_L];
|
|
char cipherMode[LUKS_CIPHERMODE_L];
|
|
char hashSpec[LUKS_HASHSPEC_L];
|
|
uint32_t payloadOffset;
|
|
uint32_t keyBytes;
|
|
char mkDigest[LUKS_DIGESTSIZE];
|
|
char mkDigestSalt[LUKS_SALTSIZE];
|
|
uint32_t mkDigestIterations;
|
|
char uuid[UUID_STRING_L];
|
|
|
|
struct {
|
|
uint32_t active;
|
|
|
|
/* parameters used for password processing */
|
|
uint32_t passwordIterations;
|
|
char passwordSalt[LUKS_SALTSIZE];
|
|
|
|
/* parameters used for AF store/load */
|
|
uint32_t keyMaterialOffset;
|
|
uint32_t stripes;
|
|
} keyblock[LUKS_NUMKEYS];
|
|
|
|
/* Align it to 512 sector size */
|
|
char _padding[432];
|
|
};
|
|
|
|
int LUKS_verify_volume_key(const struct luks_phdr *hdr,
|
|
const struct volume_key *vk);
|
|
|
|
int LUKS_generate_phdr(
|
|
struct luks_phdr *header,
|
|
const struct volume_key *vk,
|
|
const char *cipherName,
|
|
const char *cipherMode,
|
|
const char *hashSpec,
|
|
const char *uuid,
|
|
unsigned int stripes,
|
|
unsigned int alignPayload,
|
|
unsigned int alignOffset,
|
|
uint32_t iteration_time_ms,
|
|
uint64_t *PBKDF2_per_sec,
|
|
int detached_metadata_device,
|
|
struct crypt_device *ctx);
|
|
|
|
int LUKS_read_phdr(
|
|
struct luks_phdr *hdr,
|
|
int require_luks_device,
|
|
int repair,
|
|
struct crypt_device *ctx);
|
|
|
|
int LUKS_read_phdr_backup(
|
|
const char *backup_file,
|
|
struct luks_phdr *hdr,
|
|
int require_luks_device,
|
|
struct crypt_device *ctx);
|
|
|
|
int LUKS_hdr_uuid_set(
|
|
struct luks_phdr *hdr,
|
|
const char *uuid,
|
|
struct crypt_device *ctx);
|
|
|
|
int LUKS_hdr_backup(
|
|
const char *backup_file,
|
|
struct luks_phdr *hdr,
|
|
struct crypt_device *ctx);
|
|
|
|
int LUKS_hdr_restore(
|
|
const char *backup_file,
|
|
struct luks_phdr *hdr,
|
|
struct crypt_device *ctx);
|
|
|
|
int LUKS_write_phdr(
|
|
struct luks_phdr *hdr,
|
|
struct crypt_device *ctx);
|
|
|
|
int LUKS_set_key(
|
|
unsigned int keyIndex,
|
|
const char *password,
|
|
size_t passwordLen,
|
|
struct luks_phdr *hdr,
|
|
struct volume_key *vk,
|
|
uint32_t iteration_time_ms,
|
|
uint64_t *PBKDF2_per_sec,
|
|
struct crypt_device *ctx);
|
|
|
|
int LUKS_open_key_with_hdr(
|
|
int keyIndex,
|
|
const char *password,
|
|
size_t passwordLen,
|
|
struct luks_phdr *hdr,
|
|
struct volume_key **vk,
|
|
struct crypt_device *ctx);
|
|
|
|
int LUKS_del_key(
|
|
unsigned int keyIndex,
|
|
struct luks_phdr *hdr,
|
|
struct crypt_device *ctx);
|
|
|
|
crypt_keyslot_info LUKS_keyslot_info(struct luks_phdr *hdr, int keyslot);
|
|
int LUKS_keyslot_find_empty(struct luks_phdr *hdr);
|
|
int LUKS_keyslot_active_count(struct luks_phdr *hdr);
|
|
int LUKS_keyslot_set(struct luks_phdr *hdr, int keyslot, int enable);
|
|
|
|
int LUKS_encrypt_to_storage(
|
|
char *src, size_t srcLength,
|
|
struct luks_phdr *hdr,
|
|
struct volume_key *vk,
|
|
unsigned int sector,
|
|
struct crypt_device *ctx);
|
|
|
|
int LUKS_decrypt_from_storage(
|
|
char *dst, size_t dstLength,
|
|
struct luks_phdr *hdr,
|
|
struct volume_key *vk,
|
|
unsigned int sector,
|
|
struct crypt_device *ctx);
|
|
|
|
int LUKS1_activate(struct crypt_device *cd,
|
|
const char *name,
|
|
struct volume_key *vk,
|
|
uint32_t flags);
|
|
|
|
#endif
|