2 * LUKS - Linux Unified Key Setup
4 * Copyright (C) 2004-2006 Clemens Fruhwirth <clemens@endorphin.org>
5 * Copyright (C) 2009-2021 Red Hat, Inc. All rights reserved.
7 * This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License
9 * as published by the Free Software Foundation; either version 2
10 * of the License, or (at your option) any later version.
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
22 #ifndef INCLUDED_CRYPTSETUP_LUKS_LUKS_H
23 #define INCLUDED_CRYPTSETUP_LUKS_LUKS_H
26 * LUKS partition header
29 #include "libcryptsetup.h"
31 #define LUKS_CIPHERNAME_L 32
32 #define LUKS_CIPHERMODE_L 32
33 #define LUKS_HASHSPEC_L 32
34 #define LUKS_DIGESTSIZE 20 // since SHA1
35 #define LUKS_HMACSIZE 32
36 #define LUKS_SALTSIZE 32
37 #define LUKS_NUMKEYS 8
39 // Minimal number of iterations
40 #define LUKS_MKD_ITERATIONS_MIN 1000
41 #define LUKS_SLOT_ITERATIONS_MIN 1000
43 // Iteration time for digest in ms
44 #define LUKS_MKD_ITERATIONS_MS 125
46 #define LUKS_KEY_DISABLED_OLD 0
47 #define LUKS_KEY_ENABLED_OLD 0xCAFE
49 #define LUKS_KEY_DISABLED 0x0000DEAD
50 #define LUKS_KEY_ENABLED 0x00AC71F3
52 #define LUKS_STRIPES 4000
54 // partition header starts with magic
55 #define LUKS_MAGIC {'L','U','K','S', 0xba, 0xbe};
56 #define LUKS_MAGIC_L 6
58 /* Actually we need only 37, but we don't want struct autoaligning to kick in */
59 #define UUID_STRING_L 40
61 /* Offset to keyslot area [in bytes] */
62 #define LUKS_ALIGN_KEYSLOTS 4096
64 /* Maximal LUKS header size, for wipe [in bytes] */
65 #define LUKS_MAX_KEYSLOT_SIZE 0x1000000 /* 16 MB, up to 32768 bits key */
67 /* Any integer values are stored in network byte order on disk and must be
71 struct device_backend;
74 char magic[LUKS_MAGIC_L];
76 char cipherName[LUKS_CIPHERNAME_L];
77 char cipherMode[LUKS_CIPHERMODE_L];
78 char hashSpec[LUKS_HASHSPEC_L];
79 uint32_t payloadOffset;
81 char mkDigest[LUKS_DIGESTSIZE];
82 char mkDigestSalt[LUKS_SALTSIZE];
83 uint32_t mkDigestIterations;
84 char uuid[UUID_STRING_L];
89 /* parameters used for password processing */
90 uint32_t passwordIterations;
91 char passwordSalt[LUKS_SALTSIZE];
93 /* parameters used for AF store/load */
94 uint32_t keyMaterialOffset;
96 } keyblock[LUKS_NUMKEYS];
98 /* Align it to 512 sector size */
102 int LUKS_verify_volume_key(const struct luks_phdr *hdr,
103 const struct volume_key *vk);
105 int LUKS_check_cipher(struct crypt_device *ctx,
108 const char *cipher_mode);
110 int LUKS_generate_phdr(struct luks_phdr *header,
111 const struct volume_key *vk,
112 const char *cipherName,
113 const char *cipherMode,
114 const char *hashSpec,
116 uint64_t data_offset,
117 uint64_t align_offset,
118 uint64_t required_alignment,
119 struct crypt_device *ctx);
122 struct luks_phdr *hdr,
123 int require_luks_device,
125 struct crypt_device *ctx);
127 int LUKS_read_phdr_backup(
128 const char *backup_file,
129 struct luks_phdr *hdr,
130 int require_luks_device,
131 struct crypt_device *ctx);
133 int LUKS_hdr_uuid_set(
134 struct luks_phdr *hdr,
136 struct crypt_device *ctx);
139 const char *backup_file,
140 struct crypt_device *ctx);
142 int LUKS_hdr_restore(
143 const char *backup_file,
144 struct luks_phdr *hdr,
145 struct crypt_device *ctx);
148 struct luks_phdr *hdr,
149 struct crypt_device *ctx);
152 unsigned int keyIndex,
153 const char *password,
155 struct luks_phdr *hdr,
156 struct volume_key *vk,
157 struct crypt_device *ctx);
159 int LUKS_open_key_with_hdr(
161 const char *password,
163 struct luks_phdr *hdr,
164 struct volume_key **vk,
165 struct crypt_device *ctx);
168 unsigned int keyIndex,
169 struct luks_phdr *hdr,
170 struct crypt_device *ctx);
172 int LUKS_wipe_header_areas(struct luks_phdr *hdr,
173 struct crypt_device *ctx);
175 crypt_keyslot_info LUKS_keyslot_info(struct luks_phdr *hdr, int keyslot);
176 int LUKS_keyslot_find_empty(struct luks_phdr *hdr);
177 int LUKS_keyslot_active_count(struct luks_phdr *hdr);
178 int LUKS_keyslot_set(struct luks_phdr *hdr, int keyslot, int enable,
179 struct crypt_device *ctx);
180 int LUKS_keyslot_area(const struct luks_phdr *hdr,
184 size_t LUKS_device_sectors(const struct luks_phdr *hdr);
185 size_t LUKS_keyslots_offset(const struct luks_phdr *hdr);
186 int LUKS_keyslot_pbkdf(struct luks_phdr *hdr, int keyslot,
187 struct crypt_pbkdf_type *pbkdf);
189 int LUKS1_activate(struct crypt_device *cd,
191 struct volume_key *vk,