1 #ifndef INCLUDED_CRYPTSETUP_LUKS_LUKS_H
2 #define INCLUDED_CRYPTSETUP_LUKS_LUKS_H
5 * LUKS partition header
8 #include "libcryptsetup.h"
10 #define LUKS_CIPHERNAME_L 32
11 #define LUKS_CIPHERMODE_L 32
12 #define LUKS_HASHSPEC_L 32
13 #define LUKS_DIGESTSIZE 20 // since SHA1
14 #define LUKS_HMACSIZE 32
15 #define LUKS_SALTSIZE 32
16 #define LUKS_NUMKEYS 8
18 // Numbers of iterations for the master key digest
19 #define LUKS_MKD_ITER 10
21 // LUKS_KT defines Key types
23 #define LUKS_KEY_DISABLED_OLD 0
24 #define LUKS_KEY_ENABLED_OLD 0xCAFE
26 #define LUKS_KEY_DISABLED 0x0000DEAD
27 #define LUKS_KEY_ENABLED 0x00AC71F3
29 #define LUKS_STRIPES 4000
31 // partition header starts with magic
33 #define LUKS_MAGIC {'L','U','K','S', 0xba, 0xbe};
34 #define LUKS_MAGIC_L 6
36 #define LUKS_PHDR_SIZE (sizeof(struct luks_phdr)/SECTOR_SIZE+1)
38 /* Actually we need only 37, but we don't want struct autoaligning to kick in */
39 #define UUID_STRING_L 40
41 /* Offset to align kesylot area */
42 #define LUKS_ALIGN_KEYSLOTS 4096
44 /* Any integer values are stored in network byte order on disk and must be
48 char magic[LUKS_MAGIC_L];
50 char cipherName[LUKS_CIPHERNAME_L];
51 char cipherMode[LUKS_CIPHERMODE_L];
52 char hashSpec[LUKS_HASHSPEC_L];
53 uint32_t payloadOffset;
55 char mkDigest[LUKS_DIGESTSIZE];
56 char mkDigestSalt[LUKS_SALTSIZE];
57 uint32_t mkDigestIterations;
58 char uuid[UUID_STRING_L];
63 /* parameters used for password processing */
64 uint32_t passwordIterations;
65 char passwordSalt[LUKS_SALTSIZE];
67 /* parameters used for AF store/load */
68 uint32_t keyMaterialOffset;
70 } keyblock[LUKS_NUMKEYS];
72 /* Align it to 512 sector size */
76 struct luks_masterkey {
81 struct luks_masterkey *LUKS_alloc_masterkey(int keylength, const char *key);
82 void LUKS_dealloc_masterkey(struct luks_masterkey *mk);
83 struct luks_masterkey *LUKS_generate_masterkey(int keylength);
84 int LUKS_verify_master_key(const struct luks_phdr *hdr,
85 const struct luks_masterkey *mk);
87 int LUKS_generate_phdr(
88 struct luks_phdr *header,
89 const struct luks_masterkey *mk,
90 const char *cipherName,
91 const char *cipherMode,
95 unsigned int alignPayload,
96 struct crypt_device *ctx);
100 struct luks_phdr *hdr,
101 int require_luks_device,
102 struct crypt_device *ctx);
104 int LUKS_read_phdr_backup(
105 const char *backup_file,
107 struct luks_phdr *hdr,
108 int require_luks_device,
109 struct crypt_device *ctx);
112 const char *backup_file,
114 struct luks_phdr *hdr,
115 struct crypt_device *ctx);
117 int LUKS_hdr_restore(
118 const char *backup_file,
120 struct luks_phdr *hdr,
121 struct crypt_device *ctx);
125 struct luks_phdr *hdr,
126 struct crypt_device *ctx);
130 unsigned int keyIndex,
131 const char *password,
133 struct luks_phdr *hdr,
134 struct luks_masterkey *mk,
135 uint32_t iteration_time_ms,
136 uint64_t *PBKDF2_per_sec,
137 struct crypt_device *ctx);
141 unsigned int keyIndex,
142 const char *password,
144 struct luks_phdr *hdr,
145 struct luks_masterkey *mk,
146 struct crypt_device *ctx);
148 int LUKS_open_key_with_hdr(
151 const char *password,
153 struct luks_phdr *hdr,
154 struct luks_masterkey **mk,
155 struct crypt_device *ctx);
159 unsigned int keyIndex,
160 struct luks_phdr *hdr,
161 struct crypt_device *ctx);
163 crypt_keyslot_info LUKS_keyslot_info(struct luks_phdr *hdr, int keyslot);
164 int LUKS_keyslot_find_empty(struct luks_phdr *hdr);
165 int LUKS_keyslot_active_count(struct luks_phdr *hdr);
166 int LUKS_keyslot_set(struct luks_phdr *hdr, int keyslot, int enable);
168 int LUKS_encrypt_to_storage(
169 char *src, size_t srcLength,
170 struct luks_phdr *hdr,
171 char *key, size_t keyLength,
174 struct crypt_device *ctx);
176 int LUKS_decrypt_from_storage(
177 char *dst, size_t dstLength,
178 struct luks_phdr *hdr,
179 char *key, size_t keyLength,
182 struct crypt_device *ctx);