"Fossies" - the Fresh Open Source Software Archive 
Member "cryptsetup-2.4.3/lib/luks2/luks2.h" (13 Jan 2022, 13352 Bytes) of package /linux/misc/cryptsetup-2.4.3.tar.xz:
As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style:
standard) with prefixed line numbers and
code folding option.
Alternatively you can here
view or
download the uninterpreted source code file.
For more information about "luks2.h" see the
Fossies "Dox" file reference documentation and the latest
Fossies "Diffs" side-by-side code changes report:
2.4.2_vs_2.4.3.
1 /*
2 * LUKS - Linux Unified Key Setup v2
3 *
4 * Copyright (C) 2015-2021 Red Hat, Inc. All rights reserved.
5 * Copyright (C) 2015-2021 Milan Broz
6 *
7 * This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License
9 * as published by the Free Software Foundation; either version 2
10 * of the License, or (at your option) any later version.
11 *
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
20 */
21
22 #ifndef _CRYPTSETUP_LUKS2_ONDISK_H
23 #define _CRYPTSETUP_LUKS2_ONDISK_H
24
25 #include <stdbool.h>
26 #include <stdint.h>
27 #include <sys/types.h>
28
29 #include "libcryptsetup.h"
30
31 #define LUKS2_MAGIC_1ST "LUKS\xba\xbe"
32 #define LUKS2_MAGIC_2ND "SKUL\xba\xbe"
33 #define LUKS2_MAGIC_L 6
34 #define LUKS2_UUID_L 40
35 #define LUKS2_LABEL_L 48
36 #define LUKS2_SALT_L 64
37 #define LUKS2_CHECKSUM_ALG_L 32
38 #define LUKS2_CHECKSUM_L 64
39
40 #define LUKS2_KEYSLOTS_MAX 32
41 #define LUKS2_TOKENS_MAX 32
42 #define LUKS2_SEGMENT_MAX 32
43
44 #define LUKS2_BUILTIN_TOKEN_PREFIX "luks2-"
45 #define LUKS2_BUILTIN_TOKEN_PREFIX_LEN 6
46
47 #define LUKS2_TOKEN_NAME_MAX 64
48
49 #define LUKS2_TOKEN_KEYRING LUKS2_BUILTIN_TOKEN_PREFIX "keyring"
50
51 #define LUKS2_DIGEST_MAX 8
52
53 #define CRYPT_ANY_SEGMENT -1
54 #define CRYPT_DEFAULT_SEGMENT -2
55 #define CRYPT_ONE_SEGMENT -3
56
57 #define CRYPT_ANY_DIGEST -1
58
59 /* 20 MiBs */
60 #define LUKS2_DEFAULT_NONE_REENCRYPTION_LENGTH 0x1400000
61
62 /* 1 GiB */
63 #define LUKS2_REENCRYPT_MAX_HOTZONE_LENGTH 0x40000000
64
65 struct device;
66 struct luks2_reencrypt;
67 struct crypt_lock_handle;
68 struct crypt_dm_active_device;
69 struct luks_phdr; /* LUKS1 for conversion */
70
71 /*
72 * LUKS2 header on-disk.
73 *
74 * Binary header is followed by JSON area.
75 * JSON area is followed by keyslot area and data area,
76 * these are described in JSON metadata.
77 *
78 * Note: uuid, csum_alg are intentionally on the same offset as LUKS1
79 * (checksum alg replaces hash in LUKS1)
80 *
81 * String (char) should be zero terminated.
82 * Padding should be wiped.
83 * Checksum is calculated with csum zeroed (+ full JSON area).
84 */
85 struct luks2_hdr_disk {
86 char magic[LUKS2_MAGIC_L];
87 uint16_t version; /* Version 2 */
88 uint64_t hdr_size; /* in bytes, including JSON area */
89 uint64_t seqid; /* increased on every update */
90 char label[LUKS2_LABEL_L];
91 char checksum_alg[LUKS2_CHECKSUM_ALG_L];
92 uint8_t salt[LUKS2_SALT_L]; /* unique for every header/offset */
93 char uuid[LUKS2_UUID_L];
94 char subsystem[LUKS2_LABEL_L]; /* owner subsystem label */
95 uint64_t hdr_offset; /* offset from device start in bytes */
96 char _padding[184];
97 uint8_t csum[LUKS2_CHECKSUM_L];
98 char _padding4096[7*512];
99 /* JSON area starts here */
100 } __attribute__ ((packed));
101
102 /*
103 * LUKS2 header in-memory.
104 */
105 struct luks2_hdr {
106 size_t hdr_size;
107 uint64_t seqid;
108 unsigned int version;
109 char label[LUKS2_LABEL_L];
110 char subsystem[LUKS2_LABEL_L];
111 char checksum_alg[LUKS2_CHECKSUM_ALG_L];
112 uint8_t salt1[LUKS2_SALT_L];
113 uint8_t salt2[LUKS2_SALT_L];
114 char uuid[LUKS2_UUID_L];
115 void *jobj;
116 };
117
118 struct luks2_keyslot_params {
119 enum { LUKS2_KEYSLOT_AF_LUKS1 = 0 } af_type;
120 enum { LUKS2_KEYSLOT_AREA_RAW = 0 } area_type;
121
122 union {
123 struct {
124 char hash[LUKS2_CHECKSUM_ALG_L]; // or include luks.h
125 unsigned int stripes;
126 } luks1;
127 } af;
128
129 union {
130 struct {
131 char encryption[65]; // or include utils_crypt.h
132 size_t key_size;
133 } raw;
134 } area;
135 };
136
137 /*
138 * Supportable header sizes (hdr_disk + JSON area)
139 * Also used as offset for the 2nd header.
140 */
141 #define LUKS2_HDR_16K_LEN 0x4000
142
143 #define LUKS2_HDR_BIN_LEN sizeof(struct luks2_hdr_disk)
144
145 //#define LUKS2_DEFAULT_HDR_SIZE 0x400000 /* 4 MiB */
146 #define LUKS2_DEFAULT_HDR_SIZE 0x1000000 /* 16 MiB */
147
148 #define LUKS2_MAX_KEYSLOTS_SIZE 0x8000000 /* 128 MiB */
149
150 #define LUKS2_HDR_OFFSET_MAX 0x400000 /* 4 MiB */
151
152 /* Offsets for secondary header (for scan if primary header is corrupted). */
153 #define LUKS2_HDR2_OFFSETS { 0x04000, 0x008000, 0x010000, 0x020000, \
154 0x40000, 0x080000, 0x100000, 0x200000, LUKS2_HDR_OFFSET_MAX }
155
156 int LUKS2_hdr_version_unlocked(struct crypt_device *cd,
157 const char *backup_file);
158
159 int LUKS2_hdr_read(struct crypt_device *cd, struct luks2_hdr *hdr, int repair);
160 int LUKS2_hdr_write(struct crypt_device *cd, struct luks2_hdr *hdr);
161 int LUKS2_hdr_write_force(struct crypt_device *cd, struct luks2_hdr *hdr);
162 int LUKS2_hdr_dump(struct crypt_device *cd, struct luks2_hdr *hdr);
163 int LUKS2_hdr_dump_json(struct crypt_device *cd, struct luks2_hdr *hdr, const char **json);
164
165 int LUKS2_hdr_uuid(struct crypt_device *cd,
166 struct luks2_hdr *hdr,
167 const char *uuid);
168
169 int LUKS2_hdr_labels(struct crypt_device *cd,
170 struct luks2_hdr *hdr,
171 const char *label,
172 const char *subsystem,
173 int commit);
174
175 void LUKS2_hdr_free(struct crypt_device *cd, struct luks2_hdr *hdr);
176
177 int LUKS2_hdr_backup(struct crypt_device *cd,
178 struct luks2_hdr *hdr,
179 const char *backup_file);
180 int LUKS2_hdr_restore(struct crypt_device *cd,
181 struct luks2_hdr *hdr,
182 const char *backup_file);
183
184 uint64_t LUKS2_hdr_and_areas_size(struct luks2_hdr *hdr);
185 uint64_t LUKS2_keyslots_size(struct luks2_hdr *hdr);
186 uint64_t LUKS2_metadata_size(struct luks2_hdr *hdr);
187
188 int LUKS2_keyslot_cipher_incompatible(struct crypt_device *cd, const char *cipher_spec);
189
190 /*
191 * Generic LUKS2 keyslot
192 */
193 int LUKS2_keyslot_open(struct crypt_device *cd,
194 int keyslot,
195 int segment,
196 const char *password,
197 size_t password_len,
198 struct volume_key **vk);
199
200 int LUKS2_keyslot_open_all_segments(struct crypt_device *cd,
201 int keyslot_old,
202 int keyslot_new,
203 const char *password,
204 size_t password_len,
205 struct volume_key **vks);
206
207 int LUKS2_keyslot_store(struct crypt_device *cd,
208 struct luks2_hdr *hdr,
209 int keyslot,
210 const char *password,
211 size_t password_len,
212 const struct volume_key *vk,
213 const struct luks2_keyslot_params *params);
214
215 int LUKS2_keyslot_wipe(struct crypt_device *cd,
216 struct luks2_hdr *hdr,
217 int keyslot,
218 int wipe_area_only);
219
220 crypt_keyslot_priority LUKS2_keyslot_priority_get(struct crypt_device *cd,
221 struct luks2_hdr *hdr,
222 int keyslot);
223
224 int LUKS2_keyslot_priority_set(struct crypt_device *cd,
225 struct luks2_hdr *hdr,
226 int keyslot,
227 crypt_keyslot_priority priority,
228 int commit);
229
230 int LUKS2_keyslot_swap(struct crypt_device *cd,
231 struct luks2_hdr *hdr,
232 int keyslot,
233 int keyslot2);
234
235 /*
236 * Generic LUKS2 token
237 */
238 int LUKS2_token_json_get(struct crypt_device *cd,
239 struct luks2_hdr *hdr,
240 int token,
241 const char **json);
242
243 int LUKS2_token_assign(struct crypt_device *cd,
244 struct luks2_hdr *hdr,
245 int keyslot,
246 int token,
247 int assign,
248 int commit);
249
250 int LUKS2_token_is_assigned(struct crypt_device *cd,
251 struct luks2_hdr *hdr,
252 int keyslot,
253 int token);
254
255 int LUKS2_token_assignment_copy(struct crypt_device *cd,
256 struct luks2_hdr *hdr,
257 int keyslot_from,
258 int keyslot_to,
259 int commit);
260
261 int LUKS2_token_create(struct crypt_device *cd,
262 struct luks2_hdr *hdr,
263 int token,
264 const char *json,
265 int commit);
266
267 crypt_token_info LUKS2_token_status(struct crypt_device *cd,
268 struct luks2_hdr *hdr,
269 int token,
270 const char **type);
271
272 int LUKS2_token_open_and_activate(struct crypt_device *cd,
273 struct luks2_hdr *hdr,
274 int token,
275 const char *name,
276 const char *type,
277 const char *pin,
278 size_t pin_size,
279 uint32_t flags,
280 void *usrptr);
281
282 int LUKS2_token_keyring_get(struct crypt_device *cd,
283 struct luks2_hdr *hdr,
284 int token,
285 struct crypt_token_params_luks2_keyring *keyring_params);
286
287 int LUKS2_token_keyring_json(char *buffer, size_t buffer_size,
288 const struct crypt_token_params_luks2_keyring *keyring_params);
289
290 void crypt_token_unload_external_all(struct crypt_device *cd);
291
292 /*
293 * Generic LUKS2 digest
294 */
295 int LUKS2_digest_any_matching(struct crypt_device *cd,
296 struct luks2_hdr *hdr,
297 const struct volume_key *vk);
298
299 int LUKS2_digest_verify_by_segment(struct crypt_device *cd,
300 struct luks2_hdr *hdr,
301 int segment,
302 const struct volume_key *vk);
303
304 int LUKS2_digest_verify(struct crypt_device *cd,
305 struct luks2_hdr *hdr,
306 const struct volume_key *vk,
307 int keyslot);
308
309 int LUKS2_digest_assign(struct crypt_device *cd,
310 struct luks2_hdr *hdr,
311 int keyslot,
312 int digest,
313 int assign,
314 int commit);
315
316 int LUKS2_digest_segment_assign(struct crypt_device *cd,
317 struct luks2_hdr *hdr,
318 int segment,
319 int digest,
320 int assign,
321 int commit);
322
323 int LUKS2_digest_by_keyslot(struct luks2_hdr *hdr, int keyslot);
324
325 int LUKS2_digest_by_segment(struct luks2_hdr *hdr, int segment);
326
327 int LUKS2_digest_create(struct crypt_device *cd,
328 const char *type,
329 struct luks2_hdr *hdr,
330 const struct volume_key *vk);
331
332 /*
333 * LUKS2 generic
334 */
335 int LUKS2_activate(struct crypt_device *cd,
336 const char *name,
337 struct volume_key *vk,
338 uint32_t flags);
339
340 int LUKS2_activate_multi(struct crypt_device *cd,
341 const char *name,
342 struct volume_key *vks,
343 uint64_t device_size,
344 uint32_t flags);
345
346 int LUKS2_deactivate(struct crypt_device *cd,
347 const char *name,
348 struct luks2_hdr *hdr,
349 struct crypt_dm_active_device *dmd,
350 uint32_t flags);
351
352 int LUKS2_generate_hdr(
353 struct crypt_device *cd,
354 struct luks2_hdr *hdr,
355 const struct volume_key *vk,
356 const char *cipherName,
357 const char *cipherMode,
358 const char *integrity,
359 const char *uuid,
360 unsigned int sector_size,
361 uint64_t data_offset,
362 uint64_t align_offset,
363 uint64_t required_alignment,
364 uint64_t metadata_size,
365 uint64_t keyslots_size);
366
367 int LUKS2_check_metadata_area_size(uint64_t metadata_size);
368 int LUKS2_check_keyslots_area_size(uint64_t keyslots_size);
369
370 int LUKS2_wipe_header_areas(struct crypt_device *cd,
371 struct luks2_hdr *hdr, bool detached_header);
372
373 uint64_t LUKS2_get_data_offset(struct luks2_hdr *hdr);
374 int LUKS2_get_data_size(struct luks2_hdr *hdr, uint64_t *size, bool *dynamic);
375 int LUKS2_get_sector_size(struct luks2_hdr *hdr);
376 const char *LUKS2_get_cipher(struct luks2_hdr *hdr, int segment);
377 const char *LUKS2_get_integrity(struct luks2_hdr *hdr, int segment);
378 int LUKS2_keyslot_params_default(struct crypt_device *cd, struct luks2_hdr *hdr,
379 struct luks2_keyslot_params *params);
380 int LUKS2_get_volume_key_size(struct luks2_hdr *hdr, int segment);
381 int LUKS2_get_keyslot_stored_key_size(struct luks2_hdr *hdr, int keyslot);
382 const char *LUKS2_get_keyslot_cipher(struct luks2_hdr *hdr, int keyslot, size_t *key_size);
383 int LUKS2_keyslot_find_empty(struct crypt_device *cd, struct luks2_hdr *hdr, size_t keylength);
384 int LUKS2_keyslot_active_count(struct luks2_hdr *hdr, int segment);
385 crypt_keyslot_info LUKS2_keyslot_info(struct luks2_hdr *hdr, int keyslot);
386 int LUKS2_keyslot_area(struct luks2_hdr *hdr,
387 int keyslot,
388 uint64_t *offset,
389 uint64_t *length);
390 int LUKS2_keyslot_pbkdf(struct luks2_hdr *hdr, int keyslot, struct crypt_pbkdf_type *pbkdf);
391
392 /*
393 * Permanent activation flags stored in header
394 */
395 int LUKS2_config_get_flags(struct crypt_device *cd, struct luks2_hdr *hdr, uint32_t *flags);
396 int LUKS2_config_set_flags(struct crypt_device *cd, struct luks2_hdr *hdr, uint32_t flags);
397
398 /*
399 * Requirements for device activation or header modification
400 */
401 int LUKS2_config_get_requirements(struct crypt_device *cd, struct luks2_hdr *hdr, uint32_t *reqs);
402 int LUKS2_config_set_requirements(struct crypt_device *cd, struct luks2_hdr *hdr, uint32_t reqs, bool commit);
403
404 int LUKS2_config_get_reencrypt_version(struct luks2_hdr *hdr, uint32_t *version);
405
406 int LUKS2_unmet_requirements(struct crypt_device *cd, struct luks2_hdr *hdr, uint32_t reqs_mask, int quiet);
407
408 int LUKS2_key_description_by_segment(struct crypt_device *cd,
409 struct luks2_hdr *hdr, struct volume_key *vk, int segment);
410 int LUKS2_volume_key_load_in_keyring_by_keyslot(struct crypt_device *cd,
411 struct luks2_hdr *hdr, struct volume_key *vk, int keyslot);
412 int LUKS2_volume_key_load_in_keyring_by_digest(struct crypt_device *cd,
413 struct luks2_hdr *hdr, struct volume_key *vk, int digest);
414
415 int LUKS2_luks1_to_luks2(struct crypt_device *cd,
416 struct luks_phdr *hdr1,
417 struct luks2_hdr *hdr2);
418 int LUKS2_luks2_to_luks1(struct crypt_device *cd,
419 struct luks2_hdr *hdr2,
420 struct luks_phdr *hdr1);
421
422 /*
423 * LUKS2 reencryption
424 */
425 int LUKS2_reencrypt_locked_recovery_by_passphrase(struct crypt_device *cd,
426 int keyslot_old,
427 int keyslot_new,
428 const char *passphrase,
429 size_t passphrase_size,
430 uint32_t flags,
431 struct volume_key **vks);
432
433 void LUKS2_reencrypt_free(struct crypt_device *cd,
434 struct luks2_reencrypt *rh);
435
436 crypt_reencrypt_info LUKS2_reencrypt_status(struct luks2_hdr *hdr);
437
438 crypt_reencrypt_info LUKS2_reencrypt_get_params(struct luks2_hdr *hdr,
439 struct crypt_params_reencrypt *params);
440
441 int LUKS2_reencrypt_lock(struct crypt_device *cd,
442 struct crypt_lock_handle **reencrypt_lock);
443
444 int LUKS2_reencrypt_lock_by_dm_uuid(struct crypt_device *cd,
445 const char *dm_uuid,
446 struct crypt_lock_handle **reencrypt_lock);
447
448 void LUKS2_reencrypt_unlock(struct crypt_device *cd,
449 struct crypt_lock_handle *reencrypt_lock);
450
451 int LUKS2_reencrypt_check_device_size(struct crypt_device *cd,
452 struct luks2_hdr *hdr,
453 uint64_t check_size,
454 uint64_t *dev_size,
455 bool activation,
456 bool dynamic);
457
458 int LUKS2_reencrypt_digest_verify(struct crypt_device *cd,
459 struct luks2_hdr *hdr,
460 struct volume_key *vks);
461
462 #endif