1 #ifndef INCLUDED_CRYPTSETUP_LUKS_LUKS_H
2 #define INCLUDED_CRYPTSETUP_LUKS_LUKS_H
5 * LUKS partition header
8 #include "libcryptsetup.h"
10 #define LUKS_CIPHERNAME_L 32
11 #define LUKS_CIPHERMODE_L 32
12 #define LUKS_HASHSPEC_L 32
13 #define LUKS_DIGESTSIZE 20 // since SHA1
14 #define LUKS_HMACSIZE 32
15 #define LUKS_SALTSIZE 32
16 #define LUKS_NUMKEYS 8
18 // Minimal number of iterations
19 #define LUKS_MKD_ITERATIONS_MIN 1000
20 #define LUKS_SLOT_ITERATIONS_MIN 1000
22 #define LUKS_KEY_DISABLED_OLD 0
23 #define LUKS_KEY_ENABLED_OLD 0xCAFE
25 #define LUKS_KEY_DISABLED 0x0000DEAD
26 #define LUKS_KEY_ENABLED 0x00AC71F3
28 #define LUKS_STRIPES 4000
30 // partition header starts with magic
31 #define LUKS_MAGIC {'L','U','K','S', 0xba, 0xbe};
32 #define LUKS_MAGIC_L 6
34 #define LUKS_PHDR_SIZE (sizeof(struct luks_phdr)/SECTOR_SIZE+1)
36 /* Actually we need only 37, but we don't want struct autoaligning to kick in */
37 #define UUID_STRING_L 40
39 /* Offset to keyslot area [in bytes] */
40 #define LUKS_ALIGN_KEYSLOTS 4096
42 /* Any integer values are stored in network byte order on disk and must be
48 char magic[LUKS_MAGIC_L];
50 char cipherName[LUKS_CIPHERNAME_L];
51 char cipherMode[LUKS_CIPHERMODE_L];
52 char hashSpec[LUKS_HASHSPEC_L];
53 uint32_t payloadOffset;
55 char mkDigest[LUKS_DIGESTSIZE];
56 char mkDigestSalt[LUKS_SALTSIZE];
57 uint32_t mkDigestIterations;
58 char uuid[UUID_STRING_L];
63 /* parameters used for password processing */
64 uint32_t passwordIterations;
65 char passwordSalt[LUKS_SALTSIZE];
67 /* parameters used for AF store/load */
68 uint32_t keyMaterialOffset;
70 } keyblock[LUKS_NUMKEYS];
72 /* Align it to 512 sector size */
76 int LUKS_verify_volume_key(const struct luks_phdr *hdr,
77 const struct volume_key *vk);
79 int LUKS_generate_phdr(
80 struct luks_phdr *header,
81 const struct volume_key *vk,
82 const char *cipherName,
83 const char *cipherMode,
87 unsigned int alignPayload,
88 unsigned int alignOffset,
89 uint32_t iteration_time_ms,
90 uint64_t *PBKDF2_per_sec,
91 const char *metadata_device,
92 struct crypt_device *ctx);
96 struct luks_phdr *hdr,
97 int require_luks_device,
98 struct crypt_device *ctx);
100 int LUKS_read_phdr_backup(
101 const char *backup_file,
103 struct luks_phdr *hdr,
104 int require_luks_device,
105 struct crypt_device *ctx);
107 int LUKS_hdr_uuid_set(
109 struct luks_phdr *hdr,
111 struct crypt_device *ctx);
114 const char *backup_file,
116 struct luks_phdr *hdr,
117 struct crypt_device *ctx);
119 int LUKS_hdr_restore(
120 const char *backup_file,
122 struct luks_phdr *hdr,
123 struct crypt_device *ctx);
127 struct luks_phdr *hdr,
128 struct crypt_device *ctx);
132 unsigned int keyIndex,
133 const char *password,
135 struct luks_phdr *hdr,
136 struct volume_key *vk,
137 uint32_t iteration_time_ms,
138 uint64_t *PBKDF2_per_sec,
139 struct crypt_device *ctx);
141 int LUKS_open_key_with_hdr(
144 const char *password,
146 struct luks_phdr *hdr,
147 struct volume_key **vk,
148 struct crypt_device *ctx);
152 unsigned int keyIndex,
153 struct luks_phdr *hdr,
154 struct crypt_device *ctx);
156 crypt_keyslot_info LUKS_keyslot_info(struct luks_phdr *hdr, int keyslot);
157 int LUKS_keyslot_find_empty(struct luks_phdr *hdr);
158 int LUKS_keyslot_active_count(struct luks_phdr *hdr);
159 int LUKS_keyslot_set(struct luks_phdr *hdr, int keyslot, int enable);
161 int LUKS_encrypt_to_storage(
162 char *src, size_t srcLength,
163 struct luks_phdr *hdr,
164 struct volume_key *vk,
167 struct crypt_device *ctx);
169 int LUKS_decrypt_from_storage(
170 char *dst, size_t dstLength,
171 struct luks_phdr *hdr,
172 struct volume_key *vk,
175 struct crypt_device *ctx);
177 int LUKS1_activate(struct crypt_device *cd,
179 struct volume_key *vk,