luks.h (revision 86d7f5d305c6adaa56ff4582ece9859d73106103) - OpenGrok cross reference for /dragonfly/contrib/cryptsetup/luks/luks.h

#ifndef INCLUDED_CRYPTSETUP_LUKS_LUKS_H
#define INCLUDED_CRYPTSETUP_LUKS_LUKS_H

/*
 * LUKS partition header
 */

#include "libcryptsetup.h"

#define LUKS_CIPHERNAME_L 32
#define LUKS_CIPHERMODE_L 32
#define LUKS_HASHSPEC_L 32
#define LUKS_DIGESTSIZE 20 // since SHA1
#define LUKS_HMACSIZE 32
#define LUKS_SALTSIZE 32
#define LUKS_NUMKEYS 8

// Minimal number of iterations
#define LUKS_MKD_ITERATIONS_MIN  1000
#define LUKS_SLOT_ITERATIONS_MIN 1000

#define LUKS_KEY_DISABLED_OLD 0
#define LUKS_KEY_ENABLED_OLD 0xCAFE

#define LUKS_KEY_DISABLED 0x0000DEAD
#define LUKS_KEY_ENABLED  0x00AC71F3

#define LUKS_STRIPES 4000

// partition header starts with magic
#define LUKS_MAGIC {'L','U','K','S', 0xba, 0xbe};
#define LUKS_MAGIC_L 6

#define LUKS_PHDR_SIZE (sizeof(struct luks_phdr)/SECTOR_SIZE+1)

/* Actually we need only 37, but we don't want struct autoaligning to kick in */
#define UUID_STRING_L 40

/* Offset to align kesylot area */
#define LUKS_ALIGN_KEYSLOTS 4096

/* Any integer values are stored in network byte order on disk and must be
converted */

struct luks_phdr {
          char                magic[LUKS_MAGIC_L];
          uint16_t  version;
          char                cipherName[LUKS_CIPHERNAME_L];
          char                cipherMode[LUKS_CIPHERMODE_L];
          char            hashSpec[LUKS_HASHSPEC_L];
          uint32_t  payloadOffset;
          uint32_t  keyBytes;
          char                mkDigest[LUKS_DIGESTSIZE];
          char                mkDigestSalt[LUKS_SALTSIZE];
          uint32_t  mkDigestIterations;
          char            uuid[UUID_STRING_L];

          struct {
                    uint32_t active;

                    /* parameters used for password processing */
                    uint32_t passwordIterations;
                    char     passwordSalt[LUKS_SALTSIZE];

                    /* parameters used for AF store/load */
                    uint32_t keyMaterialOffset;
                    uint32_t stripes;
          } keyblock[LUKS_NUMKEYS];

          /* Align it to 512 sector size */
          char                _padding[432];
};

struct luks_masterkey {
          size_t keyLength;
          char key[];
};

struct luks_masterkey *LUKS_alloc_masterkey(int keylength, const char *key);
void LUKS_dealloc_masterkey(struct luks_masterkey *mk);
struct luks_masterkey *LUKS_generate_masterkey(int keylength);
int LUKS_verify_master_key(const struct luks_phdr *hdr,
                                 const struct luks_masterkey *mk);

int LUKS_generate_phdr(
          struct luks_phdr *header,
          const struct luks_masterkey *mk,
          const char *cipherName,
          const char *cipherMode,
          const char *hashSpec,
          const char *uuid,
          unsigned int stripes,
          unsigned int alignPayload,
          unsigned int alignOffset,
          uint32_t iteration_time_ms,
          uint64_t *PBKDF2_per_sec,
          struct crypt_device *ctx);

int LUKS_read_phdr(
          const char *device,
          struct luks_phdr *hdr,
          int require_luks_device,
          struct crypt_device *ctx);

int LUKS_read_phdr_backup(
          const char *backup_file,
          const char *device,
          struct luks_phdr *hdr,
          int require_luks_device,
          struct crypt_device *ctx);

int LUKS_hdr_backup(
          const char *backup_file,
          const char *device,
          struct luks_phdr *hdr,
          struct crypt_device *ctx);

int LUKS_hdr_restore(
          const char *backup_file,
          const char *device,
          struct luks_phdr *hdr,
          struct crypt_device *ctx);

int LUKS_write_phdr(
          const char *device,
          struct luks_phdr *hdr,
          struct crypt_device *ctx);

int LUKS_set_key(
          const char *device,
          unsigned int keyIndex,
          const char *password,
          size_t passwordLen,
          struct luks_phdr *hdr,
          struct luks_masterkey *mk,
          uint32_t iteration_time_ms,
          uint64_t *PBKDF2_per_sec,
          struct crypt_device *ctx);

int LUKS_open_key_with_hdr(
          const char *device,
          int keyIndex,
          const char *password,
          size_t passwordLen,
          struct luks_phdr *hdr,
          struct luks_masterkey **mk,
          struct crypt_device *ctx);

int LUKS_del_key(
          const char *device,
          unsigned int keyIndex,
          struct luks_phdr *hdr,
          struct crypt_device *ctx);

crypt_keyslot_info LUKS_keyslot_info(struct luks_phdr *hdr, int keyslot);
int LUKS_keyslot_find_empty(struct luks_phdr *hdr);
int LUKS_keyslot_active_count(struct luks_phdr *hdr);
int LUKS_keyslot_set(struct luks_phdr *hdr, int keyslot, int enable);

int LUKS_encrypt_to_storage(
          char *src, size_t srcLength,
          struct luks_phdr *hdr,
          char *key, size_t keyLength,
          const char *device,
          unsigned int sector,
          struct crypt_device *ctx);

int LUKS_decrypt_from_storage(
          char *dst, size_t dstLength,
          struct luks_phdr *hdr,
          char *key, size_t keyLength,
          const char *device,
          unsigned int sector,
          struct crypt_device *ctx);

#endif