~siretart/cryptsetup/debian

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
#ifndef INCLUDED_CRYPTSETUP_LUKS_LUKS_H
#define INCLUDED_CRYPTSETUP_LUKS_LUKS_H

/*
 * LUKS partition header
 */

#include <stddef.h>
#include <netinet/in.h>
#include "libcryptsetup.h"
#include "internal.h"

#define LUKS_CIPHERNAME_L 32
#define LUKS_CIPHERMODE_L 32
#define LUKS_HASHSPEC_L 32
#define LUKS_DIGESTSIZE 20 // since SHA1
#define LUKS_HMACSIZE 32
#define LUKS_SALTSIZE 32
#define LUKS_NUMKEYS 8

// Numbers of iterations for the master key digest
#define LUKS_MKD_ITER 10

// LUKS_KT defines Key types

#define LUKS_KEY_DISABLED_OLD 0
#define LUKS_KEY_ENABLED_OLD 0xCAFE

#define LUKS_KEY_DISABLED 0x0000DEAD
#define LUKS_KEY_ENABLED  0x00AC71F3

#define LUKS_STRIPES 4000

// partition header starts with magic

#define LUKS_MAGIC {'L','U','K','S', 0xba, 0xbe};
#define LUKS_MAGIC_L 6

#define LUKS_PHDR_SIZE (sizeof(struct luks_phdr)/SECTOR_SIZE+1)

/* Actually we need only 37, but we don't want struct autoaligning to kick in */
#define UUID_STRING_L 40

/* We don't have gettext support in LUKS */

#define _(Text) Text 

/* Any integer values are stored in network byte order on disk and must be
converted */

struct luks_phdr {
	char		magic[LUKS_MAGIC_L];
	uint16_t	version;
	char		cipherName[LUKS_CIPHERNAME_L];
	char		cipherMode[LUKS_CIPHERMODE_L];
	char            hashSpec[LUKS_HASHSPEC_L];
	uint32_t	payloadOffset;
	uint32_t	keyBytes;
	char		mkDigest[LUKS_DIGESTSIZE];
	char		mkDigestSalt[LUKS_SALTSIZE];
	uint32_t	mkDigestIterations;
	char            uuid[UUID_STRING_L];

	struct {
		uint32_t active;
	
		/* parameters used for password processing */
		uint32_t passwordIterations;
		char     passwordSalt[LUKS_SALTSIZE];
		
		/* parameters used for AF store/load */		
		uint32_t keyMaterialOffset;
		uint32_t stripes;		
	} keyblock[LUKS_NUMKEYS];
};

struct luks_masterkey {
	size_t keyLength;
	char key[];
};

struct luks_masterkey *LUKS_alloc_masterkey(int keylength);

void LUKS_dealloc_masterkey(struct luks_masterkey *mk);

struct luks_masterkey *LUKS_generate_masterkey(int keylength);

int LUKS_generate_phdr(struct luks_phdr *header,
		       const struct luks_masterkey *mk, const char *cipherName,
		       const char *cipherMode, unsigned int stripes,
		       unsigned int alignPayload);

int LUKS_read_phdr(const char *device, struct luks_phdr *hdr);

int LUKS_write_phdr(const char *device, struct luks_phdr *hdr);

int LUKS_set_key(const char *device, 
					unsigned int keyIndex, 
					const char *password, 
					size_t passwordLen, 
					struct luks_phdr *hdr, 
					struct luks_masterkey *mk,
					struct setup_backend *backend);

int LUKS_open_key(const char *device, 
					unsigned int keyIndex, 
					const char *password, 
					size_t passwordLen, 
					struct luks_phdr *hdr, 
					struct luks_masterkey *mk,
					struct setup_backend *backend);

int LUKS_open_any_key(const char *device, 
					const char *password, 
					size_t passwordLen, 
					struct luks_phdr *hdr, 
					struct luks_masterkey **mk,
					struct setup_backend *backend);

int LUKS_del_key(const char *device, unsigned int keyIndex);
int LUKS_is_last_keyslot(const char *device, unsigned int keyIndex);
int LUKS_benchmarkt_iterations();

int LUKS_encrypt_to_storage(char *src, size_t srcLength,
			    struct luks_phdr *hdr,
			    char *key, size_t keyLength,
			    const char *device,
			    unsigned int sector, struct setup_backend *backend);
	
int LUKS_decrypt_from_storage(char *dst, size_t dstLength,
			      struct luks_phdr *hdr,
			      char *key, size_t keyLength,
			      const char *device,
			      unsigned int sector, struct setup_backend *backend);
int LUKS_device_ready(const char *device, int mode);
#endif