1 #ifndef INCLUDED_CRYPTSETUP_LUKS_LUKS_H
2 #define INCLUDED_CRYPTSETUP_LUKS_LUKS_H
5 * LUKS partition header
9 #include <netinet/in.h>
10 #include "libcryptsetup.h"
13 #define LUKS_CIPHERNAME_L 32
14 #define LUKS_CIPHERMODE_L 32
15 #define LUKS_HASHSPEC_L 32
16 #define LUKS_DIGESTSIZE 20 // since SHA1
17 #define LUKS_HMACSIZE 32
18 #define LUKS_SALTSIZE 32
19 #define LUKS_NUMKEYS 8
21 // Numbers of iterations for the master key digest
22 #define LUKS_MKD_ITER 10
24 // LUKS_KT defines Key types
26 #define LUKS_KEY_DISABLED_OLD 0
27 #define LUKS_KEY_ENABLED_OLD 0xCAFE
29 #define LUKS_KEY_DISABLED 0x0000DEAD
30 #define LUKS_KEY_ENABLED 0x00AC71F3
32 #define LUKS_STRIPES 4000
34 // partition header starts with magic
36 #define LUKS_MAGIC {'L','U','K','S', 0xba, 0xbe};
37 #define LUKS_MAGIC_L 6
39 #define LUKS_PHDR_SIZE (sizeof(struct luks_phdr)/SECTOR_SIZE+1)
41 /* Actually we need only 37, but we don't want struct autoaligning to kick in */
42 #define UUID_STRING_L 40
44 /* We don't have gettext support in LUKS */
48 /* Any integer values are stored in network byte order on disk and must be
52 char magic[LUKS_MAGIC_L];
54 char cipherName[LUKS_CIPHERNAME_L];
55 char cipherMode[LUKS_CIPHERMODE_L];
56 char hashSpec[LUKS_HASHSPEC_L];
57 uint32_t payloadOffset;
59 char mkDigest[LUKS_DIGESTSIZE];
60 char mkDigestSalt[LUKS_SALTSIZE];
61 uint32_t mkDigestIterations;
62 char uuid[UUID_STRING_L];
67 /* parameters used for password processing */
68 uint32_t passwordIterations;
69 char passwordSalt[LUKS_SALTSIZE];
71 /* parameters used for AF store/load */
72 uint32_t keyMaterialOffset;
74 } keyblock[LUKS_NUMKEYS];
77 struct luks_masterkey {
82 struct luks_masterkey *LUKS_alloc_masterkey(int keylength);
84 void LUKS_dealloc_masterkey(struct luks_masterkey *mk);
86 struct luks_masterkey *LUKS_generate_masterkey(int keylength);
88 int LUKS_generate_phdr(struct luks_phdr *header,
89 const struct luks_masterkey *mk, const char *cipherName,
90 const char *cipherMode, unsigned int stripes,
91 unsigned int alignPayload);
93 int LUKS_read_phdr(const char *device, struct luks_phdr *hdr);
95 int LUKS_write_phdr(const char *device, struct luks_phdr *hdr);
97 int LUKS_set_key(const char *device,
98 unsigned int keyIndex,
101 struct luks_phdr *hdr,
102 struct luks_masterkey *mk,
103 struct setup_backend *backend);
105 int LUKS_open_key(const char *device,
106 unsigned int keyIndex,
107 const char *password,
109 struct luks_phdr *hdr,
110 struct luks_masterkey *mk,
111 struct setup_backend *backend);
113 int LUKS_open_any_key(const char *device,
114 const char *password,
116 struct luks_phdr *hdr,
117 struct luks_masterkey **mk,
118 struct setup_backend *backend);
120 int LUKS_del_key(const char *device, unsigned int keyIndex);
121 int LUKS_is_last_keyslot(const char *device, unsigned int keyIndex);
122 int LUKS_benchmarkt_iterations();
124 int LUKS_encrypt_to_storage(char *src, size_t srcLength,
125 struct luks_phdr *hdr,
126 char *key, size_t keyLength,
128 unsigned int sector, struct setup_backend *backend);
130 int LUKS_decrypt_from_storage(char *dst, size_t dstLength,
131 struct luks_phdr *hdr,
132 char *key, size_t keyLength,
134 unsigned int sector, struct setup_backend *backend);
135 int LUKS_device_ready(const char *device, int mode);