2 * cryptsetup LUKS2 custom mutator
4 * Copyright (C) 2022-2023 Daniel Zatovic <daniel.zatovic@gmail.com>
5 * Copyright (C) 2022-2023 Red Hat, Inc. All rights reserved.
7 * This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License
9 * as published by the Free Software Foundation; either version 2
10 * of the License, or (at your option) any later version.
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
26 // ---------------------------------------------------------------------------
27 // ----------------------------- GENERIC OBJECTS -----------------------------
28 // ---------------------------------------------------------------------------
32 // int_id will be mapped to range -16 to 16 (mod 33)
33 // this way iy should be easier to generate valid
34 // object cross-references
40 message string_uint64 {
41 required bool negative = 1;
44 string string_num = 3;
54 // ---------------------------------------------------------------------------
55 // ----------------------------- BINARY HEADER -------------------------------
56 // ---------------------------------------------------------------------------
70 // we limit the size to 64KiB to make the fuzzing faster
71 // because the checksum needs to be calculated for the whole image
76 // size_128_KB = 131072;
77 // size_256_KB = 262144;
78 // size_512_KB = 524288;
79 // size_1_MB = 1048576;
80 // size_2_MB = 2097152;
81 // size_4_MB = 4194304;
84 enum seqid_description {
86 SECONDARY_GREATER = 1;
90 // message luks2_hdr_disk {
91 // char magic[LUKS2_MAGIC_L];
92 // //uint16_t version; /* Version 2 */
93 // uint64_t hdr_size; /* in bytes, including JSON area */
94 // uint64_t seqid; /* increased on every update */
95 // char label[LUKS2_LABEL_L];
96 // char checksum_alg[LUKS2_CHECKSUM_ALG_L];
97 // uint8_t salt[LUKS2_SALT_L]; /* unique for every header/offset */
98 // char uuid[LUKS2_UUID_L];
99 // char subsystem[LUKS2_LABEL_L]; /* owner subsystem label */
100 // uint64_t hdr_offset; /* offset from device start in bytes */
101 // char _padding[184];
102 // uint8_t csum[LUKS2_CHECKSUM_L];
104 message LUKS2_header {
105 required luks_version version = 1;
106 required luks2_magic magic = 2;
107 required hdr_size hdr_size = 3;
108 required bool use_correct_checksum = 4;
110 optional uint64 selected_offset = 5;
113 message LUKS2_both_headers {
114 required LUKS2_header primary_header = 1;
115 required LUKS2_header secondary_header = 2;
117 required seqid_description seqid = 3;
118 required json_area_description json_area = 4;
121 message json_area_description {
122 optional config_description config = 1;
123 repeated keyslot_description keyslots = 2;
124 repeated digest_description digests = 3;
125 repeated segment_description segments = 4;
126 repeated token_description tokens = 5;
129 // ---------------------------------------------------------------------------
130 // ----------------------------- KEYSLOT OBJECT ------------------------------
131 // ---------------------------------------------------------------------------
134 KEYSLOT_TYPE_LUKS2 = 1;
135 KEYSLOT_TYPE_REENCRYPT = 2;
136 KEYSLOT_TYPE_PLACEHOLDER = 3;
139 enum reencrypt_keyslot_mode {
145 enum reencrypt_keyslot_direction {
146 DIRECTION_FORWARD = 1;
147 DIRECTION_BACKWARD = 2;
150 // The area object contains these mandatory fields:
151 // - type [string] the area type.
152 // - offset [string-uint64] the offset from the device start to the beginning of the binary area (in bytes).
153 // - size [string-uint64] the area size (in bytes).
155 // Area type raw contains these additional fields:
156 // - encryption [string] the area encryption algorithm, in dm-crypt notation (for example aes-xts-plain64).
157 // - key_size [integer] the area encryption key size.
159 // Area type none and journal (used only for reencryption optional extension) contain only mandatory fields.
161 // Area type checksum (used only for reencryption optional extension) contains these additional fields:
162 // - hash [string] The hash algorithm for the checksum resilience mode.
163 // - sector_size [integer] The data unit size for digest checksum calculated with the hash algorithm.
165 // Area type datashift (used only for reencryption optional extension) contains this additional field:
166 // - shift_size [string-uint64] The data shift (in bytes) performed during reencryption (shift direction is according to direction field).
168 enum keyslot_area_type {
169 KEYSLOT_AREA_TYPE_RAW = 1;
170 KEYSLOT_AREA_TYPE_NONE = 2;
171 KEYSLOT_AREA_TYPE_JOURNAL = 3;
172 KEYSLOT_AREA_TYPE_CHECKSUM = 4;
173 KEYSLOT_AREA_TYPE_DATASHIFT = 5;
176 message keyslot_area_description {
178 optional keyslot_area_type type = 1;
179 optional string_uint64 offset = 2;
180 optional string_uint64 size = 3;
183 optional string encryption = 4;
184 optional int32 key_size = 5;
186 // checksum type field
187 optional hash_algorithm hash = 6;
188 optional int32 sector_size = 7;
190 // datashift type fields
191 optional string_uint64 shift_size = 8;
194 // The object describes PBKDF attributes used for the keyslot.
195 // The kdf object mandatory fields are:
196 // - type [string] the PBKDF type.
197 // - salt [base64] the salt for PBKDF (binary data).
199 // The pbkdf2 type (compatible with LUKS1) contains these additional fields:
200 // - hash [string] the hash algorithm for the PBKDF2 (SHA-256).
201 // - iterations [integer] the PBKDF2 iterations count.
203 // The argon2i and argon2id type contains these additional fields:
204 // - time [integer] the time cost (in fact the iterations count for Argon2).
205 // - memory [integer] the memory cost, in kilobytes. If not available, the keyslot cannot be unlocked.
206 // - cpus [integer] the required number of threads (CPU cores number cost). If not available, unlocking will be slower.
208 enum keyslot_kdf_type {
209 KEYSLOT_KDF_TYPE_PBKDF2 = 1;
210 KEYSLOT_KDF_TYPE_ARGON2I = 2;
211 KEYSLOT_KDF_TYPE_ARGON2ID = 3;
214 message keyslot_kdf_description {
215 optional keyslot_kdf_type type = 1;
216 optional string salt = 2;
219 optional hash_algorithm hash = 3;
220 optional int32 iterations = 4;
222 // argon2i and argon2id types
223 optional int32 time = 5;
224 optional int32 memory = 6;
225 optional int32 cpus = 7;
228 enum keyslot_af_type {
229 KEYSLOT_AF_TYPE_LUKS1 = 1;
232 // The af (anti-forensic splitter) object contains this madatory field:
233 // - type [string] the anti-forensic function type.
234 // AF type luks1 (compatible with LUKS1 [1]) contains these additional fields:
235 // - stripes [integer] the number of stripes, for historical reasons only the 4000 value is supported.
236 // - hash [string] the hash algorithm used.
238 message keyslot_af_description {
239 optional keyslot_af_type type = 1;
240 optional int32 stripes = 2;
241 optional hash_algorithm hash = 3;
244 // - type [string] the keyslot type.
245 // - key_size [integer] the key size (in bytes) stored in keyslot.
246 // - priority [integer,optional] the keyslot priority. Here 0 means ignore (the slot should be used only if explicitly stated), 1 means normal priority and 2 means high priority (tried before normal priority).
249 // The key size field must be set to 1. The area type must be none, checksum,
250 // journal or datashift.
251 // The reencrypt object must contain these additional fields:
252 // - mode [string] the reencryption mode. reencrypt, encrypt and decrypt
253 // - direction [string] the reencryption direction. forward backward
255 // - area [object] the allocated area in the binary keyslots area.
256 // LUKS2 object must contain these additional fields:
257 // - kdf [object] the PBKDF type and parameters used.
258 // - af [object] the anti-forensic splitter [1] (only the luks1 type is currently
261 message keyslot_description {
263 required object_id oid = 1;
265 optional keyslot_type type = 2;
266 optional int32 key_size = 3;
267 optional int32 priority = 4;
269 // reencrypt extension
270 optional reencrypt_keyslot_mode mode = 5;
271 optional reencrypt_keyslot_direction direction = 6;
274 optional keyslot_area_description area = 7;
275 optional keyslot_kdf_description kdf = 8;
276 optional keyslot_af_description af = 9;
279 // ---------------------------------------------------------------------------
280 // ------------------------------ DIGEST OBJECT ------------------------------
281 // ---------------------------------------------------------------------------
283 message digest_description {
284 required object_id oid = 1;
286 optional keyslot_kdf_type type = 2;
287 repeated object_id keyslots = 3;
288 repeated object_id segments = 4;
289 optional string salt = 5;
290 optional string digest = 6;
292 // pbkdf2 digest fields
293 optional hash_algorithm hash = 7;
294 optional int32 iterations = 8;
297 // ---------------------------------------------------------------------------
298 // ----------------------------- SEGMENT OBJECT ------------------------------
299 // ---------------------------------------------------------------------------
302 SEGMENT_TYPE_LINEAR = 1;
303 SEGMENT_TYPE_CRYPT = 2;
310 BACKUP_MOVED_SEGMENT = 4;
313 message segment_integrity_description {
314 optional string type = 1;
315 optional string journal_encryption = 2;
316 optional string journal_integrity = 3;
319 message segment_description {
320 required object_id oid = 1;
321 optional segment_type type = 2;
322 optional string_uint64 offset = 3;
323 optional string_uint64 size = 4;
324 repeated segment_flag flags = 5;
326 // segment type crypt
327 optional string_uint64 iv_tweak = 6;
328 optional string encryption = 7;
329 optional int32 sector_size = 8;
330 optional segment_integrity_description integrity = 9;
333 // ---------------------------------------------------------------------------
334 // ------------------------------ TOKEN OBJECT -------------------------------
335 // ---------------------------------------------------------------------------
337 message token_description {
338 required object_id oid = 1;
340 optional string type = 2;
341 repeated object_id keyslots = 3;
342 optional string key_description = 4;
345 // ---------------------------------------------------------------------------
346 // ------------------------------ CONFIG OBJECT ------------------------------
347 // ---------------------------------------------------------------------------
349 // - allow-discards allows TRIM (discards) on the active device.
350 // - same-cpu-crypt compatibility performance flag for dm-crypt [3] to per- form encryption using the same CPU that originated the request.
351 // - submit-from-crypt-cpus compatibility performance flag for dm-crypt [3] to disable offloading write requests to a separate thread after encryption.
352 // - no-journal disable data journalling for dm-integrity [10].
353 // - no-read-workqueue compatibility performance flag for dm-crypt [3] to bypass dm-crypt read workqueue and process read requests synchronously.
354 // - no-write-workqueue compatibility performance flag for dm-crypt [3] to bypass dm-crypt write workqueue and process write requests synchronously.
356 CONFIG_FLAG_ALLOW_DISCARDS = 1;
357 CONFIG_FLAG_SAME_CPU_CRYPT = 2;
358 CONFIG_FLAG_SUBMIT_FROM_CRYPT_CPUS = 3;
359 CONFIG_FLAG_NO_JOURNAL = 4;
360 CONFIG_FLAG_NO_READ_WORKQUEUE = 5;
361 CONFIG_FLAG_NO_WRITE_WORKQUEUE = 6;
364 enum config_requirement {
365 CONFIG_REQUIREMENT_OFFLINE_REENCRYPT = 1;
366 CONFIG_REQUIREMENT_ONLINE_REENCRYPT_V2 = 2;
369 // - json_size [string-uint64] the JSON area size (in bytes). Must match the binary header.
370 // - keyslots_size [string-uint64] the binary keyslot area size (in bytes). Must be aligned to 4096 bytes.
371 // - flags [array, optional] the array of string objects with persistent flags for the device.
372 // - requirements [array, optional] the array of string objects with additional required features for the LUKS device.
374 message config_description {
375 required bool use_primary_hdr_size = 2;
377 repeated config_flag config_flags = 3;
378 repeated config_requirement requirements = 4;