2 * LUKS - Linux Unified Key Setup
4 * Copyright (C) 2004-2006, Clemens Fruhwirth <clemens@endorphin.org>
5 * Copyright (C) 2009-2012, Red Hat, Inc. All rights reserved.
7 * This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License
9 * version 2 as published by the Free Software Foundation.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
21 #ifndef INCLUDED_CRYPTSETUP_LUKS_LUKS_H
22 #define INCLUDED_CRYPTSETUP_LUKS_LUKS_H
25 * LUKS partition header
28 #include "libcryptsetup.h"
30 #define LUKS_CIPHERNAME_L 32
31 #define LUKS_CIPHERMODE_L 32
32 #define LUKS_HASHSPEC_L 32
33 #define LUKS_DIGESTSIZE 20 // since SHA1
34 #define LUKS_HMACSIZE 32
35 #define LUKS_SALTSIZE 32
36 #define LUKS_NUMKEYS 8
38 // Minimal number of iterations
39 #define LUKS_MKD_ITERATIONS_MIN 1000
40 #define LUKS_SLOT_ITERATIONS_MIN 1000
42 #define LUKS_KEY_DISABLED_OLD 0
43 #define LUKS_KEY_ENABLED_OLD 0xCAFE
45 #define LUKS_KEY_DISABLED 0x0000DEAD
46 #define LUKS_KEY_ENABLED 0x00AC71F3
48 #define LUKS_STRIPES 4000
50 // partition header starts with magic
51 #define LUKS_MAGIC {'L','U','K','S', 0xba, 0xbe};
52 #define LUKS_MAGIC_L 6
54 #define LUKS_PHDR_SIZE (sizeof(struct luks_phdr)/SECTOR_SIZE+1)
56 /* Actually we need only 37, but we don't want struct autoaligning to kick in */
57 #define UUID_STRING_L 40
59 /* Offset to keyslot area [in bytes] */
60 #define LUKS_ALIGN_KEYSLOTS 4096
62 /* Any integer values are stored in network byte order on disk and must be
66 struct device_backend;
69 char magic[LUKS_MAGIC_L];
71 char cipherName[LUKS_CIPHERNAME_L];
72 char cipherMode[LUKS_CIPHERMODE_L];
73 char hashSpec[LUKS_HASHSPEC_L];
74 uint32_t payloadOffset;
76 char mkDigest[LUKS_DIGESTSIZE];
77 char mkDigestSalt[LUKS_SALTSIZE];
78 uint32_t mkDigestIterations;
79 char uuid[UUID_STRING_L];
84 /* parameters used for password processing */
85 uint32_t passwordIterations;
86 char passwordSalt[LUKS_SALTSIZE];
88 /* parameters used for AF store/load */
89 uint32_t keyMaterialOffset;
91 } keyblock[LUKS_NUMKEYS];
93 /* Align it to 512 sector size */
97 int LUKS_verify_volume_key(const struct luks_phdr *hdr,
98 const struct volume_key *vk);
100 int LUKS_generate_phdr(
101 struct luks_phdr *header,
102 const struct volume_key *vk,
103 const char *cipherName,
104 const char *cipherMode,
105 const char *hashSpec,
107 unsigned int stripes,
108 unsigned int alignPayload,
109 unsigned int alignOffset,
110 uint32_t iteration_time_ms,
111 uint64_t *PBKDF2_per_sec,
112 int detached_metadata_device,
113 struct crypt_device *ctx);
116 struct luks_phdr *hdr,
117 int require_luks_device,
119 struct crypt_device *ctx);
121 int LUKS_read_phdr_backup(
122 const char *backup_file,
123 struct luks_phdr *hdr,
124 int require_luks_device,
125 struct crypt_device *ctx);
127 int LUKS_hdr_uuid_set(
128 struct luks_phdr *hdr,
130 struct crypt_device *ctx);
133 const char *backup_file,
134 struct luks_phdr *hdr,
135 struct crypt_device *ctx);
137 int LUKS_hdr_restore(
138 const char *backup_file,
139 struct luks_phdr *hdr,
140 struct crypt_device *ctx);
143 struct luks_phdr *hdr,
144 struct crypt_device *ctx);
147 unsigned int keyIndex,
148 const char *password,
150 struct luks_phdr *hdr,
151 struct volume_key *vk,
152 uint32_t iteration_time_ms,
153 uint64_t *PBKDF2_per_sec,
154 struct crypt_device *ctx);
156 int LUKS_open_key_with_hdr(
158 const char *password,
160 struct luks_phdr *hdr,
161 struct volume_key **vk,
162 struct crypt_device *ctx);
165 unsigned int keyIndex,
166 struct luks_phdr *hdr,
167 struct crypt_device *ctx);
169 crypt_keyslot_info LUKS_keyslot_info(struct luks_phdr *hdr, int keyslot);
170 int LUKS_keyslot_find_empty(struct luks_phdr *hdr);
171 int LUKS_keyslot_active_count(struct luks_phdr *hdr);
172 int LUKS_keyslot_set(struct luks_phdr *hdr, int keyslot, int enable);
174 int LUKS_encrypt_to_storage(
175 char *src, size_t srcLength,
176 struct luks_phdr *hdr,
177 struct volume_key *vk,
179 struct crypt_device *ctx);
181 int LUKS_decrypt_from_storage(
182 char *dst, size_t dstLength,
183 struct luks_phdr *hdr,
184 struct volume_key *vk,
186 struct crypt_device *ctx);
188 int LUKS1_activate(struct crypt_device *cd,
190 struct volume_key *vk,