2 * LUKS - Linux Unified Key Setup v2
4 * Copyright (C) 2015-2021 Red Hat, Inc. All rights reserved.
5 * Copyright (C) 2015-2021 Milan Broz
7 * This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License
9 * as published by the Free Software Foundation; either version 2
10 * of the License, or (at your option) any later version.
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
22 #ifndef _CRYPTSETUP_LUKS2_INTERNAL_H
23 #define _CRYPTSETUP_LUKS2_INTERNAL_H
27 #include <json-c/json.h>
33 #define UNUSED(x) (void)(x)
35 /* override useless forward slash escape when supported by json-c */
36 #ifndef JSON_C_TO_STRING_NOSLASHESCAPE
37 #define JSON_C_TO_STRING_NOSLASHESCAPE 0
41 * On-disk access function prototypes
43 int LUKS2_disk_hdr_read(struct crypt_device *cd, struct luks2_hdr *hdr,
44 struct device *device, int do_recovery, int do_blkprobe);
45 int LUKS2_disk_hdr_write(struct crypt_device *cd, struct luks2_hdr *hdr,
46 struct device *device, bool seqid_check);
47 int LUKS2_device_write_lock(struct crypt_device *cd,
48 struct luks2_hdr *hdr, struct device *device);
51 * JSON struct access helpers
53 json_object *LUKS2_get_keyslot_jobj(struct luks2_hdr *hdr, int keyslot);
54 json_object *LUKS2_get_token_jobj(struct luks2_hdr *hdr, int token);
55 json_object *LUKS2_get_digest_jobj(struct luks2_hdr *hdr, int digest);
56 json_object *LUKS2_get_segment_jobj(struct luks2_hdr *hdr, int segment);
57 json_object *LUKS2_get_tokens_jobj(struct luks2_hdr *hdr);
58 json_object *LUKS2_get_segments_jobj(struct luks2_hdr *hdr);
60 void hexprint_base64(struct crypt_device *cd, json_object *jobj,
61 const char *sep, const char *line_sep);
63 uint64_t crypt_jobj_get_uint64(json_object *jobj);
64 uint32_t crypt_jobj_get_uint32(json_object *jobj);
65 json_object *crypt_jobj_new_uint64(uint64_t value);
67 int json_object_object_add_by_uint(json_object *jobj, unsigned key, json_object *jobj_val);
68 void json_object_object_del_by_uint(json_object *jobj, unsigned key);
69 int json_object_copy(json_object *jobj_src, json_object **jobj_dst);
71 void JSON_DBG(struct crypt_device *cd, json_object *jobj, const char *desc);
74 * LUKS2 JSON validation
77 /* validation helper */
78 json_bool validate_json_uint32(json_object *jobj);
79 json_object *json_contains(struct crypt_device *cd, json_object *jobj, const char *name,
80 const char *section, const char *key, json_type type);
82 int LUKS2_hdr_validate(struct crypt_device *cd, json_object *hdr_jobj, uint64_t json_size);
83 int LUKS2_check_json_size(struct crypt_device *cd, const struct luks2_hdr *hdr);
84 int LUKS2_token_validate(struct crypt_device *cd, json_object *hdr_jobj,
85 json_object *jobj_token, const char *key);
86 void LUKS2_token_dump(struct crypt_device *cd, int token);
89 * LUKS2 JSON repair for known glitches
91 void LUKS2_hdr_repair(struct crypt_device *cd, json_object *jobj_hdr);
92 void LUKS2_keyslots_repair(struct crypt_device *cd, json_object *jobj_hdr);
97 json_object *LUKS2_array_jobj(json_object *array, const char *num);
98 json_object *LUKS2_array_remove(json_object *array, const char *num);
105 * LUKS2 keyslots handlers (EXPERIMENTAL)
107 typedef int (*keyslot_alloc_func)(struct crypt_device *cd, int keyslot,
108 size_t volume_key_len,
109 const struct luks2_keyslot_params *params);
110 typedef int (*keyslot_update_func)(struct crypt_device *cd, int keyslot,
111 const struct luks2_keyslot_params *params);
112 typedef int (*keyslot_open_func) (struct crypt_device *cd, int keyslot,
113 const char *password, size_t password_len,
114 char *volume_key, size_t volume_key_len);
115 typedef int (*keyslot_store_func)(struct crypt_device *cd, int keyslot,
116 const char *password, size_t password_len,
117 const char *volume_key, size_t volume_key_len);
118 typedef int (*keyslot_wipe_func) (struct crypt_device *cd, int keyslot);
119 typedef int (*keyslot_dump_func) (struct crypt_device *cd, int keyslot);
120 typedef int (*keyslot_validate_func) (struct crypt_device *cd, json_object *jobj_keyslot);
121 typedef void(*keyslot_repair_func) (struct crypt_device *cd, json_object *jobj_keyslot);
123 /* see LUKS2_luks2_to_luks1 */
124 int placeholder_keyslot_alloc(struct crypt_device *cd,
126 uint64_t area_offset,
127 uint64_t area_length,
128 size_t volume_key_len);
130 /* validate all keyslot implementations in hdr json */
131 int LUKS2_keyslots_validate(struct crypt_device *cd, json_object *hdr_jobj);
135 keyslot_alloc_func alloc;
136 keyslot_update_func update;
137 keyslot_open_func open;
138 keyslot_store_func store;
139 keyslot_wipe_func wipe;
140 keyslot_dump_func dump;
141 keyslot_validate_func validate;
142 keyslot_repair_func repair;
145 /* can not fit prototype alloc function */
146 int reenc_keyslot_alloc(struct crypt_device *cd,
147 struct luks2_hdr *hdr,
149 const struct crypt_params_reencrypt *params);
152 * LUKS2 digest handlers (EXPERIMENTAL)
154 typedef int (*digest_verify_func)(struct crypt_device *cd, int digest,
155 const char *volume_key, size_t volume_key_len);
156 typedef int (*digest_store_func) (struct crypt_device *cd, int digest,
157 const char *volume_key, size_t volume_key_len);
158 typedef int (*digest_dump_func) (struct crypt_device *cd, int digest);
162 digest_verify_func verify;
163 digest_store_func store;
164 digest_dump_func dump;
168 * LUKS2 token handlers (internal use only)
170 typedef int (*builtin_token_get_func) (json_object *jobj_token, void *params);
171 typedef int (*builtin_token_set_func) (json_object **jobj_token, const void *params);
174 /* internal only section used by builtin tokens */
175 builtin_token_get_func get;
176 builtin_token_set_func set;
177 /* public token handler */
178 const crypt_token_handler *h;
181 int token_keyring_set(json_object **, const void *);
182 int token_keyring_get(json_object *, void *);
184 int LUKS2_find_area_gap(struct crypt_device *cd, struct luks2_hdr *hdr,
185 size_t keylength, uint64_t *area_offset, uint64_t *area_length);
186 int LUKS2_find_area_max_gap(struct crypt_device *cd, struct luks2_hdr *hdr,
187 uint64_t *area_offset, uint64_t *area_length);
189 uint64_t LUKS2_hdr_and_areas_size_jobj(json_object *jobj);
191 int LUKS2_check_cipher(struct crypt_device *cd,
194 const char *cipher_mode);
196 static inline const char *crypt_reencrypt_mode_to_str(crypt_reencrypt_mode_info mi)
198 if (mi == CRYPT_REENCRYPT_REENCRYPT)
200 if (mi == CRYPT_REENCRYPT_ENCRYPT)
202 if (mi == CRYPT_REENCRYPT_DECRYPT)
208 * Generic LUKS2 keyslot
210 int LUKS2_keyslot_reencrypt_store(struct crypt_device *cd,
211 struct luks2_hdr *hdr,
214 size_t buffer_length);
216 int LUKS2_keyslot_reencrypt_allocate(struct crypt_device *cd,
217 struct luks2_hdr *hdr,
219 const struct crypt_params_reencrypt *params);
221 int LUKS2_keyslot_reencrypt_digest_create(struct crypt_device *cd,
222 struct luks2_hdr *hdr,
223 struct volume_key *vks);
225 int LUKS2_keyslot_dump(struct crypt_device *cd,
228 int LUKS2_keyslot_jobj_area(json_object *jobj_keyslot, uint64_t *offset, uint64_t *length);
231 uint64_t json_segment_get_offset(json_object *jobj_segment, unsigned blockwise);
232 const char *json_segment_type(json_object *jobj_segment);
233 uint64_t json_segment_get_iv_offset(json_object *jobj_segment);
234 uint64_t json_segment_get_size(json_object *jobj_segment, unsigned blockwise);
235 const char *json_segment_get_cipher(json_object *jobj_segment);
236 int json_segment_get_sector_size(json_object *jobj_segment);
237 bool json_segment_is_backup(json_object *jobj_segment);
238 json_object *json_segments_get_segment(json_object *jobj_segments, int segment);
239 unsigned json_segments_count(json_object *jobj_segments);
240 void json_segment_remove_flag(json_object *jobj_segment, const char *flag);
241 uint64_t json_segments_get_minimal_offset(json_object *jobj_segments, unsigned blockwise);
242 json_object *json_segment_create_linear(uint64_t offset, const uint64_t *length, unsigned reencryption);
243 json_object *json_segment_create_crypt(uint64_t offset, uint64_t iv_offset, const uint64_t *length, const char *cipher, uint32_t sector_size, unsigned reencryption);
244 int json_segments_segment_in_reencrypt(json_object *jobj_segments);
245 bool json_segment_cmp(json_object *jobj_segment_1, json_object *jobj_segment_2);
246 bool json_segment_contains_flag(json_object *jobj_segment, const char *flag_str, size_t len);
248 int LUKS2_assembly_multisegment_dmd(struct crypt_device *cd,
249 struct luks2_hdr *hdr,
250 struct volume_key *vks,
251 json_object *jobj_segments,
252 struct crypt_dm_active_device *dmd);
255 * Generic LUKS2 segment
257 int LUKS2_segments_count(struct luks2_hdr *hdr);
259 int LUKS2_segment_first_unused_id(struct luks2_hdr *hdr);
261 int LUKS2_segment_set_flag(json_object *jobj_segment, const char *flag);
263 json_object *LUKS2_get_segment_by_flag(struct luks2_hdr *hdr, const char *flag);
265 int LUKS2_get_segment_id_by_flag(struct luks2_hdr *hdr, const char *flag);
267 int LUKS2_segments_set(struct crypt_device *cd,
268 struct luks2_hdr *hdr,
269 json_object *jobj_segments,
272 uint64_t LUKS2_segment_offset(struct luks2_hdr *hdr,
276 uint64_t LUKS2_segment_size(struct luks2_hdr *hdr,
280 int LUKS2_segment_is_type(struct luks2_hdr *hdr,
284 int LUKS2_segment_by_type(struct luks2_hdr *hdr,
287 int LUKS2_last_segment_by_type(struct luks2_hdr *hdr,
290 int LUKS2_get_default_segment(struct luks2_hdr *hdr);
292 int LUKS2_reencrypt_digest_new(struct luks2_hdr *hdr);
293 int LUKS2_reencrypt_digest_old(struct luks2_hdr *hdr);
294 int LUKS2_reencrypt_data_offset(struct luks2_hdr *hdr, bool blockwise);
297 * Generic LUKS2 digest
299 int LUKS2_digest_verify_by_digest(struct crypt_device *cd,
300 struct luks2_hdr *hdr,
302 const struct volume_key *vk);
304 void LUKS2_digests_erase_unused(struct crypt_device *cd,
305 struct luks2_hdr *hdr);
307 int LUKS2_digest_dump(struct crypt_device *cd,
311 * Generic LUKS2 token
313 int LUKS2_tokens_count(struct luks2_hdr *hdr);
318 int LUKS2_reload(struct crypt_device *cd,
320 struct volume_key *vks,
321 uint64_t device_size,
324 int LUKS2_keyslot_for_segment(struct luks2_hdr *hdr, int keyslot, int segment);
325 int LUKS2_find_keyslot(struct luks2_hdr *hdr, const char *type);
326 int LUKS2_set_keyslots_size(struct crypt_device *cd,
327 struct luks2_hdr *hdr,
328 uint64_t data_offset);