"Fossies" - the Fresh Open Source Software Archive

Member "cryptsetup-2.4.3/lib/luks2/luks2.h" (13 Jan 2022, 13352 Bytes) of package /linux/misc/cryptsetup-2.4.3.tar.xz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "luks2.h" see the Fossies "Dox" file reference documentation and the latest Fossies "Diffs" side-by-side code changes report: 2.4.2_vs_2.4.3.

    1 /*
    2  * LUKS - Linux Unified Key Setup v2
    3  *
    4  * Copyright (C) 2015-2021 Red Hat, Inc. All rights reserved.
    5  * Copyright (C) 2015-2021 Milan Broz
    6  *
    7  * This program is free software; you can redistribute it and/or
    8  * modify it under the terms of the GNU General Public License
    9  * as published by the Free Software Foundation; either version 2
   10  * of the License, or (at your option) any later version.
   11  *
   12  * This program is distributed in the hope that it will be useful,
   13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
   14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   15  * GNU General Public License for more details.
   16  *
   17  * You should have received a copy of the GNU General Public License
   18  * along with this program; if not, write to the Free Software
   19  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
   20  */
   21 
   22 #ifndef _CRYPTSETUP_LUKS2_ONDISK_H
   23 #define _CRYPTSETUP_LUKS2_ONDISK_H
   24 
   25 #include <stdbool.h>
   26 #include <stdint.h>
   27 #include <sys/types.h>
   28 
   29 #include "libcryptsetup.h"
   30 
   31 #define LUKS2_MAGIC_1ST "LUKS\xba\xbe"
   32 #define LUKS2_MAGIC_2ND "SKUL\xba\xbe"
   33 #define LUKS2_MAGIC_L 6
   34 #define LUKS2_UUID_L 40
   35 #define LUKS2_LABEL_L 48
   36 #define LUKS2_SALT_L 64
   37 #define LUKS2_CHECKSUM_ALG_L 32
   38 #define LUKS2_CHECKSUM_L 64
   39 
   40 #define LUKS2_KEYSLOTS_MAX       32
   41 #define LUKS2_TOKENS_MAX         32
   42 #define LUKS2_SEGMENT_MAX        32
   43 
   44 #define LUKS2_BUILTIN_TOKEN_PREFIX "luks2-"
   45 #define LUKS2_BUILTIN_TOKEN_PREFIX_LEN 6
   46 
   47 #define LUKS2_TOKEN_NAME_MAX 64
   48 
   49 #define LUKS2_TOKEN_KEYRING LUKS2_BUILTIN_TOKEN_PREFIX "keyring"
   50 
   51 #define LUKS2_DIGEST_MAX 8
   52 
   53 #define CRYPT_ANY_SEGMENT -1
   54 #define CRYPT_DEFAULT_SEGMENT -2
   55 #define CRYPT_ONE_SEGMENT -3
   56 
   57 #define CRYPT_ANY_DIGEST -1
   58 
   59 /* 20 MiBs */
   60 #define LUKS2_DEFAULT_NONE_REENCRYPTION_LENGTH 0x1400000
   61 
   62 /* 1 GiB */
   63 #define LUKS2_REENCRYPT_MAX_HOTZONE_LENGTH 0x40000000
   64 
   65 struct device;
   66 struct luks2_reencrypt;
   67 struct crypt_lock_handle;
   68 struct crypt_dm_active_device;
   69 struct luks_phdr; /* LUKS1 for conversion */
   70 
   71 /*
   72  * LUKS2 header on-disk.
   73  *
   74  * Binary header is followed by JSON area.
   75  * JSON area is followed by keyslot area and data area,
   76  * these are described in JSON metadata.
   77  *
   78  * Note: uuid, csum_alg are intentionally on the same offset as LUKS1
   79  * (checksum alg replaces hash in LUKS1)
   80  *
   81  * String (char) should be zero terminated.
   82  * Padding should be wiped.
   83  * Checksum is calculated with csum zeroed (+ full JSON area).
   84  */
   85 struct luks2_hdr_disk {
   86     char        magic[LUKS2_MAGIC_L];
   87     uint16_t    version;    /* Version 2 */
   88     uint64_t    hdr_size;   /* in bytes, including JSON area */
   89     uint64_t    seqid;      /* increased on every update */
   90     char        label[LUKS2_LABEL_L];
   91     char        checksum_alg[LUKS2_CHECKSUM_ALG_L];
   92     uint8_t     salt[LUKS2_SALT_L]; /* unique for every header/offset */
   93     char        uuid[LUKS2_UUID_L];
   94     char        subsystem[LUKS2_LABEL_L]; /* owner subsystem label */
   95     uint64_t    hdr_offset; /* offset from device start in bytes */
   96     char        _padding[184];
   97     uint8_t     csum[LUKS2_CHECKSUM_L];
   98     char        _padding4096[7*512];
   99     /* JSON area starts here */
  100 } __attribute__ ((packed));
  101 
  102 /*
  103  * LUKS2 header in-memory.
  104  */
  105 struct luks2_hdr {
  106     size_t      hdr_size;
  107     uint64_t    seqid;
  108     unsigned int    version;
  109     char        label[LUKS2_LABEL_L];
  110     char        subsystem[LUKS2_LABEL_L];
  111     char        checksum_alg[LUKS2_CHECKSUM_ALG_L];
  112     uint8_t     salt1[LUKS2_SALT_L];
  113     uint8_t     salt2[LUKS2_SALT_L];
  114     char        uuid[LUKS2_UUID_L];
  115     void        *jobj;
  116 };
  117 
  118 struct luks2_keyslot_params {
  119     enum { LUKS2_KEYSLOT_AF_LUKS1 = 0 } af_type;
  120     enum { LUKS2_KEYSLOT_AREA_RAW = 0 } area_type;
  121 
  122     union {
  123     struct {
  124         char hash[LUKS2_CHECKSUM_ALG_L]; // or include luks.h
  125         unsigned int stripes;
  126     } luks1;
  127     } af;
  128 
  129     union {
  130     struct {
  131         char encryption[65]; // or include utils_crypt.h
  132         size_t key_size;
  133     } raw;
  134     } area;
  135 };
  136 
  137 /*
  138  * Supportable header sizes (hdr_disk + JSON area)
  139  * Also used as offset for the 2nd header.
  140  */
  141 #define LUKS2_HDR_16K_LEN 0x4000
  142 
  143 #define LUKS2_HDR_BIN_LEN sizeof(struct luks2_hdr_disk)
  144 
  145 //#define LUKS2_DEFAULT_HDR_SIZE 0x400000  /* 4 MiB */
  146 #define LUKS2_DEFAULT_HDR_SIZE 0x1000000 /* 16 MiB */
  147 
  148 #define LUKS2_MAX_KEYSLOTS_SIZE 0x8000000 /* 128 MiB */
  149 
  150 #define LUKS2_HDR_OFFSET_MAX 0x400000 /* 4 MiB */
  151 
  152 /* Offsets for secondary header (for scan if primary header is corrupted). */
  153 #define LUKS2_HDR2_OFFSETS { 0x04000, 0x008000, 0x010000, 0x020000, \
  154                              0x40000, 0x080000, 0x100000, 0x200000, LUKS2_HDR_OFFSET_MAX }
  155 
  156 int LUKS2_hdr_version_unlocked(struct crypt_device *cd,
  157     const char *backup_file);
  158 
  159 int LUKS2_hdr_read(struct crypt_device *cd, struct luks2_hdr *hdr, int repair);
  160 int LUKS2_hdr_write(struct crypt_device *cd, struct luks2_hdr *hdr);
  161 int LUKS2_hdr_write_force(struct crypt_device *cd, struct luks2_hdr *hdr);
  162 int LUKS2_hdr_dump(struct crypt_device *cd, struct luks2_hdr *hdr);
  163 int LUKS2_hdr_dump_json(struct crypt_device *cd, struct luks2_hdr *hdr, const char **json);
  164 
  165 int LUKS2_hdr_uuid(struct crypt_device *cd,
  166     struct luks2_hdr *hdr,
  167     const char *uuid);
  168 
  169 int LUKS2_hdr_labels(struct crypt_device *cd,
  170     struct luks2_hdr *hdr,
  171     const char *label,
  172     const char *subsystem,
  173     int commit);
  174 
  175 void LUKS2_hdr_free(struct crypt_device *cd, struct luks2_hdr *hdr);
  176 
  177 int LUKS2_hdr_backup(struct crypt_device *cd,
  178              struct luks2_hdr *hdr,
  179              const char *backup_file);
  180 int LUKS2_hdr_restore(struct crypt_device *cd,
  181               struct luks2_hdr *hdr,
  182               const char *backup_file);
  183 
  184 uint64_t LUKS2_hdr_and_areas_size(struct luks2_hdr *hdr);
  185 uint64_t LUKS2_keyslots_size(struct luks2_hdr *hdr);
  186 uint64_t LUKS2_metadata_size(struct luks2_hdr *hdr);
  187 
  188 int LUKS2_keyslot_cipher_incompatible(struct crypt_device *cd, const char *cipher_spec);
  189 
  190 /*
  191  * Generic LUKS2 keyslot
  192  */
  193 int LUKS2_keyslot_open(struct crypt_device *cd,
  194     int keyslot,
  195     int segment,
  196     const char *password,
  197     size_t password_len,
  198     struct volume_key **vk);
  199 
  200 int LUKS2_keyslot_open_all_segments(struct crypt_device *cd,
  201     int keyslot_old,
  202     int keyslot_new,
  203     const char *password,
  204     size_t password_len,
  205     struct volume_key **vks);
  206 
  207 int LUKS2_keyslot_store(struct crypt_device *cd,
  208     struct luks2_hdr *hdr,
  209     int keyslot,
  210     const char *password,
  211     size_t password_len,
  212     const struct volume_key *vk,
  213     const struct luks2_keyslot_params *params);
  214 
  215 int LUKS2_keyslot_wipe(struct crypt_device *cd,
  216     struct luks2_hdr *hdr,
  217     int keyslot,
  218     int wipe_area_only);
  219 
  220 crypt_keyslot_priority LUKS2_keyslot_priority_get(struct crypt_device *cd,
  221     struct luks2_hdr *hdr,
  222     int keyslot);
  223 
  224 int LUKS2_keyslot_priority_set(struct crypt_device *cd,
  225     struct luks2_hdr *hdr,
  226     int keyslot,
  227     crypt_keyslot_priority priority,
  228     int commit);
  229 
  230 int LUKS2_keyslot_swap(struct crypt_device *cd,
  231     struct luks2_hdr *hdr,
  232     int keyslot,
  233     int keyslot2);
  234 
  235 /*
  236  * Generic LUKS2 token
  237  */
  238 int LUKS2_token_json_get(struct crypt_device *cd,
  239     struct luks2_hdr *hdr,
  240     int token,
  241     const char **json);
  242 
  243 int LUKS2_token_assign(struct crypt_device *cd,
  244     struct luks2_hdr *hdr,
  245     int keyslot,
  246     int token,
  247     int assign,
  248     int commit);
  249 
  250 int LUKS2_token_is_assigned(struct crypt_device *cd,
  251     struct luks2_hdr *hdr,
  252     int keyslot,
  253     int token);
  254 
  255 int LUKS2_token_assignment_copy(struct crypt_device *cd,
  256             struct luks2_hdr *hdr,
  257             int keyslot_from,
  258             int keyslot_to,
  259             int commit);
  260 
  261 int LUKS2_token_create(struct crypt_device *cd,
  262     struct luks2_hdr *hdr,
  263     int token,
  264     const char *json,
  265     int commit);
  266 
  267 crypt_token_info LUKS2_token_status(struct crypt_device *cd,
  268     struct luks2_hdr *hdr,
  269     int token,
  270     const char **type);
  271 
  272 int LUKS2_token_open_and_activate(struct crypt_device *cd,
  273     struct luks2_hdr *hdr,
  274     int token,
  275     const char *name,
  276     const char *type,
  277     const char *pin,
  278     size_t pin_size,
  279     uint32_t flags,
  280     void *usrptr);
  281 
  282 int LUKS2_token_keyring_get(struct crypt_device *cd,
  283     struct luks2_hdr *hdr,
  284     int token,
  285     struct crypt_token_params_luks2_keyring *keyring_params);
  286 
  287 int LUKS2_token_keyring_json(char *buffer, size_t buffer_size,
  288     const struct crypt_token_params_luks2_keyring *keyring_params);
  289 
  290 void crypt_token_unload_external_all(struct crypt_device *cd);
  291 
  292 /*
  293  * Generic LUKS2 digest
  294  */
  295 int LUKS2_digest_any_matching(struct crypt_device *cd,
  296         struct luks2_hdr *hdr,
  297         const struct volume_key *vk);
  298 
  299 int LUKS2_digest_verify_by_segment(struct crypt_device *cd,
  300     struct luks2_hdr *hdr,
  301     int segment,
  302     const struct volume_key *vk);
  303 
  304 int LUKS2_digest_verify(struct crypt_device *cd,
  305     struct luks2_hdr *hdr,
  306     const struct volume_key *vk,
  307     int keyslot);
  308 
  309 int LUKS2_digest_assign(struct crypt_device *cd,
  310     struct luks2_hdr *hdr,
  311     int keyslot,
  312     int digest,
  313     int assign,
  314     int commit);
  315 
  316 int LUKS2_digest_segment_assign(struct crypt_device *cd,
  317     struct luks2_hdr *hdr,
  318     int segment,
  319     int digest,
  320     int assign,
  321     int commit);
  322 
  323 int LUKS2_digest_by_keyslot(struct luks2_hdr *hdr, int keyslot);
  324 
  325 int LUKS2_digest_by_segment(struct luks2_hdr *hdr, int segment);
  326 
  327 int LUKS2_digest_create(struct crypt_device *cd,
  328     const char *type,
  329     struct luks2_hdr *hdr,
  330     const struct volume_key *vk);
  331 
  332 /*
  333  * LUKS2 generic
  334  */
  335 int LUKS2_activate(struct crypt_device *cd,
  336     const char *name,
  337     struct volume_key *vk,
  338     uint32_t flags);
  339 
  340 int LUKS2_activate_multi(struct crypt_device *cd,
  341     const char *name,
  342     struct volume_key *vks,
  343     uint64_t device_size,
  344     uint32_t flags);
  345 
  346 int LUKS2_deactivate(struct crypt_device *cd,
  347     const char *name,
  348     struct luks2_hdr *hdr,
  349     struct crypt_dm_active_device *dmd,
  350     uint32_t flags);
  351 
  352 int LUKS2_generate_hdr(
  353     struct crypt_device *cd,
  354     struct luks2_hdr *hdr,
  355     const struct volume_key *vk,
  356     const char *cipherName,
  357     const char *cipherMode,
  358     const char *integrity,
  359     const char *uuid,
  360     unsigned int sector_size,
  361     uint64_t data_offset,
  362     uint64_t align_offset,
  363     uint64_t required_alignment,
  364     uint64_t metadata_size,
  365     uint64_t keyslots_size);
  366 
  367 int LUKS2_check_metadata_area_size(uint64_t metadata_size);
  368 int LUKS2_check_keyslots_area_size(uint64_t keyslots_size);
  369 
  370 int LUKS2_wipe_header_areas(struct crypt_device *cd,
  371     struct luks2_hdr *hdr, bool detached_header);
  372 
  373 uint64_t LUKS2_get_data_offset(struct luks2_hdr *hdr);
  374 int LUKS2_get_data_size(struct luks2_hdr *hdr, uint64_t *size, bool *dynamic);
  375 int LUKS2_get_sector_size(struct luks2_hdr *hdr);
  376 const char *LUKS2_get_cipher(struct luks2_hdr *hdr, int segment);
  377 const char *LUKS2_get_integrity(struct luks2_hdr *hdr, int segment);
  378 int LUKS2_keyslot_params_default(struct crypt_device *cd, struct luks2_hdr *hdr,
  379      struct luks2_keyslot_params *params);
  380 int LUKS2_get_volume_key_size(struct luks2_hdr *hdr, int segment);
  381 int LUKS2_get_keyslot_stored_key_size(struct luks2_hdr *hdr, int keyslot);
  382 const char *LUKS2_get_keyslot_cipher(struct luks2_hdr *hdr, int keyslot, size_t *key_size);
  383 int LUKS2_keyslot_find_empty(struct crypt_device *cd, struct luks2_hdr *hdr, size_t keylength);
  384 int LUKS2_keyslot_active_count(struct luks2_hdr *hdr, int segment);
  385 crypt_keyslot_info LUKS2_keyslot_info(struct luks2_hdr *hdr, int keyslot);
  386 int LUKS2_keyslot_area(struct luks2_hdr *hdr,
  387     int keyslot,
  388     uint64_t *offset,
  389     uint64_t *length);
  390 int LUKS2_keyslot_pbkdf(struct luks2_hdr *hdr, int keyslot, struct crypt_pbkdf_type *pbkdf);
  391 
  392 /*
  393  * Permanent activation flags stored in header
  394  */
  395 int LUKS2_config_get_flags(struct crypt_device *cd, struct luks2_hdr *hdr, uint32_t *flags);
  396 int LUKS2_config_set_flags(struct crypt_device *cd, struct luks2_hdr *hdr, uint32_t flags);
  397 
  398 /*
  399  * Requirements for device activation or header modification
  400  */
  401 int LUKS2_config_get_requirements(struct crypt_device *cd, struct luks2_hdr *hdr, uint32_t *reqs);
  402 int LUKS2_config_set_requirements(struct crypt_device *cd, struct luks2_hdr *hdr, uint32_t reqs, bool commit);
  403 
  404 int LUKS2_config_get_reencrypt_version(struct luks2_hdr *hdr, uint32_t *version);
  405 
  406 int LUKS2_unmet_requirements(struct crypt_device *cd, struct luks2_hdr *hdr, uint32_t reqs_mask, int quiet);
  407 
  408 int LUKS2_key_description_by_segment(struct crypt_device *cd,
  409         struct luks2_hdr *hdr, struct volume_key *vk, int segment);
  410 int LUKS2_volume_key_load_in_keyring_by_keyslot(struct crypt_device *cd,
  411         struct luks2_hdr *hdr, struct volume_key *vk, int keyslot);
  412 int LUKS2_volume_key_load_in_keyring_by_digest(struct crypt_device *cd,
  413         struct luks2_hdr *hdr, struct volume_key *vk, int digest);
  414 
  415 int LUKS2_luks1_to_luks2(struct crypt_device *cd,
  416              struct luks_phdr *hdr1,
  417              struct luks2_hdr *hdr2);
  418 int LUKS2_luks2_to_luks1(struct crypt_device *cd,
  419              struct luks2_hdr *hdr2,
  420              struct luks_phdr *hdr1);
  421 
  422 /*
  423  * LUKS2 reencryption
  424  */
  425 int LUKS2_reencrypt_locked_recovery_by_passphrase(struct crypt_device *cd,
  426     int keyslot_old,
  427     int keyslot_new,
  428     const char *passphrase,
  429     size_t passphrase_size,
  430     uint32_t flags,
  431     struct volume_key **vks);
  432 
  433 void LUKS2_reencrypt_free(struct crypt_device *cd,
  434     struct luks2_reencrypt *rh);
  435 
  436 crypt_reencrypt_info LUKS2_reencrypt_status(struct luks2_hdr *hdr);
  437 
  438 crypt_reencrypt_info LUKS2_reencrypt_get_params(struct luks2_hdr *hdr,
  439     struct crypt_params_reencrypt *params);
  440 
  441 int LUKS2_reencrypt_lock(struct crypt_device *cd,
  442     struct crypt_lock_handle **reencrypt_lock);
  443 
  444 int LUKS2_reencrypt_lock_by_dm_uuid(struct crypt_device *cd,
  445     const char *dm_uuid,
  446     struct crypt_lock_handle **reencrypt_lock);
  447 
  448 void LUKS2_reencrypt_unlock(struct crypt_device *cd,
  449     struct crypt_lock_handle *reencrypt_lock);
  450 
  451 int LUKS2_reencrypt_check_device_size(struct crypt_device *cd,
  452     struct luks2_hdr *hdr,
  453     uint64_t check_size,
  454     uint64_t *dev_size,
  455     bool activation,
  456     bool dynamic);
  457 
  458 int LUKS2_reencrypt_digest_verify(struct crypt_device *cd,
  459     struct luks2_hdr *hdr,
  460     struct volume_key *vks);
  461 
  462 #endif