"Fossies" - the Fresh Open Source Software Archive

Member "cryptsetup-2.4.3/lib/luks2/luks2_internal.h" (13 Jan 2022, 11674 Bytes) of package /linux/misc/cryptsetup-2.4.3.tar.xz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "luks2_internal.h" see the Fossies "Dox" file reference documentation and the latest Fossies "Diffs" side-by-side code changes report: 2.4.2_vs_2.4.3.

    1 /*
    2  * LUKS - Linux Unified Key Setup v2
    3  *
    4  * Copyright (C) 2015-2021 Red Hat, Inc. All rights reserved.
    5  * Copyright (C) 2015-2021 Milan Broz
    6  *
    7  * This program is free software; you can redistribute it and/or
    8  * modify it under the terms of the GNU General Public License
    9  * as published by the Free Software Foundation; either version 2
   10  * of the License, or (at your option) any later version.
   11  *
   12  * This program is distributed in the hope that it will be useful,
   13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
   14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   15  * GNU General Public License for more details.
   16  *
   17  * You should have received a copy of the GNU General Public License
   18  * along with this program; if not, write to the Free Software
   19  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
   20  */
   21 
   22 #ifndef _CRYPTSETUP_LUKS2_INTERNAL_H
   23 #define _CRYPTSETUP_LUKS2_INTERNAL_H
   24 
   25 #include <stdio.h>
   26 #include <errno.h>
   27 #include <json-c/json.h>
   28 
   29 #include "internal.h"
   30 #include "base64.h"
   31 #include "luks2.h"
   32 
   33 /* override useless forward slash escape when supported by json-c */
   34 #ifndef JSON_C_TO_STRING_NOSLASHESCAPE
   35 #define JSON_C_TO_STRING_NOSLASHESCAPE 0
   36 #endif
   37 
   38 /*
   39  * On-disk access function prototypes
   40  */
   41 int LUKS2_disk_hdr_read(struct crypt_device *cd, struct luks2_hdr *hdr,
   42             struct device *device, int do_recovery, int do_blkprobe);
   43 int LUKS2_disk_hdr_write(struct crypt_device *cd, struct luks2_hdr *hdr,
   44              struct device *device, bool seqid_check);
   45 int LUKS2_device_write_lock(struct crypt_device *cd,
   46     struct luks2_hdr *hdr, struct device *device);
   47 
   48 /*
   49  * JSON struct access helpers
   50  */
   51 json_object *LUKS2_get_keyslot_jobj(struct luks2_hdr *hdr, int keyslot);
   52 json_object *LUKS2_get_token_jobj(struct luks2_hdr *hdr, int token);
   53 json_object *LUKS2_get_digest_jobj(struct luks2_hdr *hdr, int digest);
   54 json_object *LUKS2_get_segment_jobj(struct luks2_hdr *hdr, int segment);
   55 json_object *LUKS2_get_tokens_jobj(struct luks2_hdr *hdr);
   56 json_object *LUKS2_get_segments_jobj(struct luks2_hdr *hdr);
   57 
   58 void hexprint_base64(struct crypt_device *cd, json_object *jobj,
   59              const char *sep, const char *line_sep);
   60 
   61 uint64_t crypt_jobj_get_uint64(json_object *jobj);
   62 uint32_t crypt_jobj_get_uint32(json_object *jobj);
   63 json_object *crypt_jobj_new_uint64(uint64_t value);
   64 
   65 int json_object_object_add_by_uint(json_object *jobj, unsigned key, json_object *jobj_val);
   66 void json_object_object_del_by_uint(json_object *jobj, unsigned key);
   67 int json_object_copy(json_object *jobj_src, json_object **jobj_dst);
   68 
   69 void JSON_DBG(struct crypt_device *cd, json_object *jobj, const char *desc);
   70 
   71 /*
   72  * LUKS2 JSON validation
   73  */
   74 
   75 /* validation helper */
   76 json_bool validate_json_uint32(json_object *jobj);
   77 json_object *json_contains(struct crypt_device *cd, json_object *jobj, const char *name,
   78                const char *section, const char *key, json_type type);
   79 
   80 int LUKS2_hdr_validate(struct crypt_device *cd, json_object *hdr_jobj, uint64_t json_size);
   81 int LUKS2_check_json_size(struct crypt_device *cd, const struct luks2_hdr *hdr);
   82 int LUKS2_token_validate(struct crypt_device *cd, json_object *hdr_jobj,
   83              json_object *jobj_token, const char *key);
   84 void LUKS2_token_dump(struct crypt_device *cd, int token);
   85 
   86 /*
   87  * LUKS2 JSON repair for known glitches
   88  */
   89 void LUKS2_hdr_repair(struct crypt_device *cd, json_object *jobj_hdr);
   90 void LUKS2_keyslots_repair(struct crypt_device *cd, json_object *jobj_hdr);
   91 
   92 /*
   93  * JSON array helpers
   94  */
   95 json_object *LUKS2_array_jobj(json_object *array, const char *num);
   96 json_object *LUKS2_array_remove(json_object *array, const char *num);
   97 
   98 /*
   99  * Plugins API
  100  */
  101 
  102 /**
  103  * LUKS2 keyslots handlers (EXPERIMENTAL)
  104  */
  105 typedef int (*keyslot_alloc_func)(struct crypt_device *cd, int keyslot,
  106                   size_t volume_key_len,
  107                   const struct luks2_keyslot_params *params);
  108 typedef int (*keyslot_update_func)(struct crypt_device *cd, int keyslot,
  109                    const struct luks2_keyslot_params *params);
  110 typedef int (*keyslot_open_func) (struct crypt_device *cd, int keyslot,
  111                   const char *password, size_t password_len,
  112                   char *volume_key, size_t volume_key_len);
  113 typedef int (*keyslot_store_func)(struct crypt_device *cd, int keyslot,
  114                   const char *password, size_t password_len,
  115                   const char *volume_key, size_t volume_key_len);
  116 typedef int (*keyslot_wipe_func) (struct crypt_device *cd, int keyslot);
  117 typedef int (*keyslot_dump_func) (struct crypt_device *cd, int keyslot);
  118 typedef int (*keyslot_validate_func) (struct crypt_device *cd, json_object *jobj_keyslot);
  119 typedef void(*keyslot_repair_func) (struct crypt_device *cd, json_object *jobj_keyslot);
  120 
  121 /* see LUKS2_luks2_to_luks1 */
  122 int placeholder_keyslot_alloc(struct crypt_device *cd,
  123     int keyslot,
  124     uint64_t area_offset,
  125     uint64_t area_length,
  126     size_t volume_key_len);
  127 
  128 /* validate all keyslot implementations in hdr json */
  129 int LUKS2_keyslots_validate(struct crypt_device *cd, json_object *hdr_jobj);
  130 
  131 typedef struct  {
  132     const char *name;
  133     keyslot_alloc_func alloc;
  134     keyslot_update_func update;
  135     keyslot_open_func  open;
  136     keyslot_store_func store;
  137     keyslot_wipe_func  wipe;
  138     keyslot_dump_func  dump;
  139     keyslot_validate_func validate;
  140     keyslot_repair_func repair;
  141 } keyslot_handler;
  142 
  143 /* can not fit prototype alloc function */
  144 int reenc_keyslot_alloc(struct crypt_device *cd,
  145     struct luks2_hdr *hdr,
  146     int keyslot,
  147     const struct crypt_params_reencrypt *params);
  148 
  149 /**
  150  * LUKS2 digest handlers (EXPERIMENTAL)
  151  */
  152 typedef int (*digest_verify_func)(struct crypt_device *cd, int digest,
  153                   const char *volume_key, size_t volume_key_len);
  154 typedef int (*digest_store_func) (struct crypt_device *cd, int digest,
  155                   const char *volume_key, size_t volume_key_len);
  156 typedef int (*digest_dump_func)  (struct crypt_device *cd, int digest);
  157 
  158 typedef struct  {
  159     const char *name;
  160     digest_verify_func verify;
  161     digest_store_func  store;
  162     digest_dump_func   dump;
  163 } digest_handler;
  164 
  165 int keyring_open(struct crypt_device *cd,
  166     int token,
  167     char **buffer,
  168     size_t *buffer_len,
  169     void *usrptr);
  170 
  171 void keyring_dump(struct crypt_device *cd, const char *json);
  172 
  173 int keyring_validate(struct crypt_device *cd, const char *json);
  174 
  175 struct crypt_token_handler_v2 {
  176     const char *name;
  177     crypt_token_open_func open;
  178     crypt_token_buffer_free_func buffer_free;
  179     crypt_token_validate_func validate;
  180     crypt_token_dump_func dump;
  181 
  182     /* here ends v1. Do not touch anything above */
  183 
  184     crypt_token_open_pin_func open_pin;
  185     crypt_token_version_func version;
  186 
  187     void *dlhandle;
  188 };
  189 
  190 /*
  191  * Initial sequence of structure members in union 'u' must be always
  192  * identical. Version 4 must fully contain version 3 which must
  193  * subsequently fully contain version 2, etc.
  194  *
  195  * See C standard, section 6.5.2.3, item 5.
  196  */
  197 struct crypt_token_handler_internal {
  198     uint32_t version;
  199     union {
  200         crypt_token_handler v1; /* deprecated public structure */
  201         struct crypt_token_handler_v2 v2; /* internal helper v2 structure */
  202     } u;
  203 };
  204 
  205 int LUKS2_find_area_gap(struct crypt_device *cd, struct luks2_hdr *hdr,
  206             size_t keylength, uint64_t *area_offset, uint64_t *area_length);
  207 int LUKS2_find_area_max_gap(struct crypt_device *cd, struct luks2_hdr *hdr,
  208                 uint64_t *area_offset, uint64_t *area_length);
  209 
  210 uint64_t LUKS2_hdr_and_areas_size_jobj(json_object *jobj);
  211 
  212 int LUKS2_check_cipher(struct crypt_device *cd,
  213               size_t keylength,
  214               const char *cipher,
  215               const char *cipher_mode);
  216 
  217 static inline const char *crypt_reencrypt_mode_to_str(crypt_reencrypt_mode_info mi)
  218 {
  219     if (mi == CRYPT_REENCRYPT_REENCRYPT)
  220         return "reencrypt";
  221     if (mi == CRYPT_REENCRYPT_ENCRYPT)
  222         return "encrypt";
  223     if (mi == CRYPT_REENCRYPT_DECRYPT)
  224         return "decrypt";
  225     return "<unknown>";
  226 }
  227 
  228 /*
  229  * Generic LUKS2 keyslot
  230  */
  231 int LUKS2_keyslot_reencrypt_store(struct crypt_device *cd,
  232     struct luks2_hdr *hdr,
  233     int keyslot,
  234     const void *buffer,
  235     size_t buffer_length);
  236 
  237 int LUKS2_keyslot_reencrypt_allocate(struct crypt_device *cd,
  238     struct luks2_hdr *hdr,
  239     int keyslot,
  240     const struct crypt_params_reencrypt *params);
  241 
  242 int LUKS2_keyslot_reencrypt_digest_create(struct crypt_device *cd,
  243     struct luks2_hdr *hdr,
  244     struct volume_key *vks);
  245 
  246 int LUKS2_keyslot_dump(struct crypt_device *cd,
  247     int keyslot);
  248 
  249 int LUKS2_keyslot_jobj_area(json_object *jobj_keyslot, uint64_t *offset, uint64_t *length);
  250 
  251 /* JSON helpers */
  252 uint64_t json_segment_get_offset(json_object *jobj_segment, unsigned blockwise);
  253 const char *json_segment_type(json_object *jobj_segment);
  254 uint64_t json_segment_get_iv_offset(json_object *jobj_segment);
  255 uint64_t json_segment_get_size(json_object *jobj_segment, unsigned blockwise);
  256 const char *json_segment_get_cipher(json_object *jobj_segment);
  257 int json_segment_get_sector_size(json_object *jobj_segment);
  258 bool json_segment_is_backup(json_object *jobj_segment);
  259 json_object *json_segments_get_segment(json_object *jobj_segments, int segment);
  260 unsigned json_segments_count(json_object *jobj_segments);
  261 void json_segment_remove_flag(json_object *jobj_segment, const char *flag);
  262 uint64_t json_segments_get_minimal_offset(json_object *jobj_segments, unsigned blockwise);
  263 json_object *json_segment_create_linear(uint64_t offset, const uint64_t *length, unsigned reencryption);
  264 json_object *json_segment_create_crypt(uint64_t offset, uint64_t iv_offset, const uint64_t *length, const char *cipher, uint32_t sector_size, unsigned reencryption);
  265 int json_segments_segment_in_reencrypt(json_object *jobj_segments);
  266 bool json_segment_cmp(json_object *jobj_segment_1, json_object *jobj_segment_2);
  267 bool json_segment_contains_flag(json_object *jobj_segment, const char *flag_str, size_t len);
  268 
  269 int LUKS2_assembly_multisegment_dmd(struct crypt_device *cd,
  270     struct luks2_hdr *hdr,
  271     struct volume_key *vks,
  272     json_object *jobj_segments,
  273     struct crypt_dm_active_device *dmd);
  274 
  275 /*
  276  * Generic LUKS2 segment
  277  */
  278 int LUKS2_segments_count(struct luks2_hdr *hdr);
  279 
  280 int LUKS2_segment_first_unused_id(struct luks2_hdr *hdr);
  281 
  282 int LUKS2_segment_set_flag(json_object *jobj_segment, const char *flag);
  283 
  284 json_object *LUKS2_get_segment_by_flag(struct luks2_hdr *hdr, const char *flag);
  285 
  286 int LUKS2_get_segment_id_by_flag(struct luks2_hdr *hdr, const char *flag);
  287 
  288 int LUKS2_segments_set(struct crypt_device *cd,
  289     struct luks2_hdr *hdr,
  290     json_object *jobj_segments,
  291     int commit);
  292 
  293 uint64_t LUKS2_segment_offset(struct luks2_hdr *hdr,
  294     int segment,
  295     unsigned blockwise);
  296 
  297 uint64_t LUKS2_segment_size(struct luks2_hdr *hdr,
  298     int segment,
  299     unsigned blockwise);
  300 
  301 int LUKS2_segment_is_type(struct luks2_hdr *hdr,
  302     int segment,
  303     const char *type);
  304 
  305 int LUKS2_segment_by_type(struct luks2_hdr *hdr,
  306     const char *type);
  307 
  308 int LUKS2_last_segment_by_type(struct luks2_hdr *hdr,
  309     const char *type);
  310 
  311 int LUKS2_get_default_segment(struct luks2_hdr *hdr);
  312 
  313 int LUKS2_reencrypt_digest_new(struct luks2_hdr *hdr);
  314 int LUKS2_reencrypt_digest_old(struct luks2_hdr *hdr);
  315 int LUKS2_reencrypt_data_offset(struct luks2_hdr *hdr, bool blockwise);
  316 
  317 /*
  318  * Generic LUKS2 digest
  319  */
  320 int LUKS2_digest_verify_by_digest(struct crypt_device *cd,
  321     struct luks2_hdr *hdr,
  322     int digest,
  323     const struct volume_key *vk);
  324 
  325 void LUKS2_digests_erase_unused(struct crypt_device *cd,
  326     struct luks2_hdr *hdr);
  327 
  328 int LUKS2_digest_dump(struct crypt_device *cd,
  329     int digest);
  330 
  331 /*
  332  * Generic LUKS2 token
  333  */
  334 int LUKS2_tokens_count(struct luks2_hdr *hdr);
  335 
  336 /*
  337  * LUKS2 generic
  338  */
  339 int LUKS2_reload(struct crypt_device *cd,
  340     const char *name,
  341     struct volume_key *vks,
  342     uint64_t device_size,
  343     uint32_t flags);
  344 
  345 int LUKS2_keyslot_for_segment(struct luks2_hdr *hdr, int keyslot, int segment);
  346 int LUKS2_find_keyslot(struct luks2_hdr *hdr, const char *type);
  347 int LUKS2_set_keyslots_size(struct crypt_device *cd,
  348     struct luks2_hdr *hdr,
  349     uint64_t data_offset);
  350 
  351 #endif