|
Packit |
94f725 |
/*
|
|
Packit |
94f725 |
* LUKS - Linux Unified Key Setup v2
|
|
Packit |
94f725 |
*
|
|
Packit |
94f725 |
* Copyright (C) 2015-2020 Red Hat, Inc. All rights reserved.
|
|
Packit |
94f725 |
* Copyright (C) 2015-2020 Milan Broz
|
|
Packit |
94f725 |
*
|
|
Packit |
94f725 |
* This program is free software; you can redistribute it and/or
|
|
Packit |
94f725 |
* modify it under the terms of the GNU General Public License
|
|
Packit |
94f725 |
* as published by the Free Software Foundation; either version 2
|
|
Packit |
94f725 |
* of the License, or (at your option) any later version.
|
|
Packit |
94f725 |
*
|
|
Packit |
94f725 |
* This program is distributed in the hope that it will be useful,
|
|
Packit |
94f725 |
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
Packit |
94f725 |
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
Packit |
94f725 |
* GNU General Public License for more details.
|
|
Packit |
94f725 |
*
|
|
Packit |
94f725 |
* You should have received a copy of the GNU General Public License
|
|
Packit |
94f725 |
* along with this program; if not, write to the Free Software
|
|
Packit |
94f725 |
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
Packit |
94f725 |
*/
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
#ifndef _CRYPTSETUP_LUKS2_INTERNAL_H
|
|
Packit |
94f725 |
#define _CRYPTSETUP_LUKS2_INTERNAL_H
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
#include <stdio.h>
|
|
Packit |
94f725 |
#include <errno.h>
|
|
Packit |
94f725 |
#include <json-c/json.h>
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
#include "internal.h"
|
|
Packit |
94f725 |
#include "base64.h"
|
|
Packit |
94f725 |
#include "luks2.h"
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
#define UNUSED(x) (void)(x)
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
/* override useless forward slash escape when supported by json-c */
|
|
Packit |
94f725 |
#ifndef JSON_C_TO_STRING_NOSLASHESCAPE
|
|
Packit |
94f725 |
#define JSON_C_TO_STRING_NOSLASHESCAPE 0
|
|
Packit |
94f725 |
#endif
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
/*
|
|
Packit |
94f725 |
* On-disk access function prototypes
|
|
Packit |
94f725 |
*/
|
|
Packit |
94f725 |
int LUKS2_disk_hdr_read(struct crypt_device *cd, struct luks2_hdr *hdr,
|
|
Packit |
94f725 |
struct device *device, int do_recovery, int do_blkprobe);
|
|
Packit |
94f725 |
int LUKS2_disk_hdr_write(struct crypt_device *cd, struct luks2_hdr *hdr,
|
|
Packit |
94f725 |
struct device *device, bool seqid_check);
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
/*
|
|
Packit |
94f725 |
* JSON struct access helpers
|
|
Packit |
94f725 |
*/
|
|
Packit |
94f725 |
json_object *LUKS2_get_keyslot_jobj(struct luks2_hdr *hdr, int keyslot);
|
|
Packit |
94f725 |
json_object *LUKS2_get_token_jobj(struct luks2_hdr *hdr, int token);
|
|
Packit |
94f725 |
json_object *LUKS2_get_digest_jobj(struct luks2_hdr *hdr, int digest);
|
|
Packit |
94f725 |
json_object *LUKS2_get_segment_jobj(struct luks2_hdr *hdr, int segment);
|
|
Packit |
94f725 |
json_object *LUKS2_get_tokens_jobj(struct luks2_hdr *hdr);
|
|
Packit |
94f725 |
json_object *LUKS2_get_segments_jobj(struct luks2_hdr *hdr);
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
void hexprint_base64(struct crypt_device *cd, json_object *jobj,
|
|
Packit |
94f725 |
const char *sep, const char *line_sep);
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
uint64_t crypt_jobj_get_uint64(json_object *jobj);
|
|
Packit |
94f725 |
uint32_t crypt_jobj_get_uint32(json_object *jobj);
|
|
Packit |
94f725 |
json_object *crypt_jobj_new_uint64(uint64_t value);
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
int json_object_object_add_by_uint(json_object *jobj, unsigned key, json_object *jobj_val);
|
|
Packit |
94f725 |
void json_object_object_del_by_uint(json_object *jobj, unsigned key);
|
|
Packit |
94f725 |
int json_object_copy(json_object *jobj_src, json_object **jobj_dst);
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
void JSON_DBG(struct crypt_device *cd, json_object *jobj, const char *desc);
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
/*
|
|
Packit |
94f725 |
* LUKS2 JSON validation
|
|
Packit |
94f725 |
*/
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
/* validation helper */
|
|
Packit |
94f725 |
json_bool validate_json_uint32(json_object *jobj);
|
|
Packit |
94f725 |
json_object *json_contains(struct crypt_device *cd, json_object *jobj, const char *name,
|
|
Packit |
94f725 |
const char *section, const char *key, json_type type);
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
int LUKS2_hdr_validate(struct crypt_device *cd, json_object *hdr_jobj, uint64_t json_size);
|
|
Packit |
94f725 |
int LUKS2_check_json_size(struct crypt_device *cd, const struct luks2_hdr *hdr);
|
|
Packit |
94f725 |
int LUKS2_token_validate(struct crypt_device *cd, json_object *hdr_jobj,
|
|
Packit |
94f725 |
json_object *jobj_token, const char *key);
|
|
Packit |
94f725 |
void LUKS2_token_dump(struct crypt_device *cd, int token);
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
/*
|
|
Packit |
94f725 |
* LUKS2 JSON repair for known glitches
|
|
Packit |
94f725 |
*/
|
|
Packit |
94f725 |
void LUKS2_hdr_repair(struct crypt_device *cd, json_object *jobj_hdr);
|
|
Packit |
94f725 |
void LUKS2_keyslots_repair(struct crypt_device *cd, json_object *jobj_hdr);
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
/*
|
|
Packit |
94f725 |
* JSON array helpers
|
|
Packit |
94f725 |
*/
|
|
Packit |
94f725 |
struct json_object *LUKS2_array_jobj(struct json_object *array, const char *num);
|
|
Packit |
94f725 |
struct json_object *LUKS2_array_remove(struct json_object *array, const char *num);
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
/*
|
|
Packit |
94f725 |
* Plugins API
|
|
Packit |
94f725 |
*/
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
/**
|
|
Packit |
94f725 |
* LUKS2 keyslots handlers (EXPERIMENTAL)
|
|
Packit |
94f725 |
*/
|
|
Packit |
94f725 |
typedef int (*keyslot_alloc_func)(struct crypt_device *cd, int keyslot,
|
|
Packit |
94f725 |
size_t volume_key_len,
|
|
Packit |
94f725 |
const struct luks2_keyslot_params *params);
|
|
Packit |
94f725 |
typedef int (*keyslot_update_func)(struct crypt_device *cd, int keyslot,
|
|
Packit |
94f725 |
const struct luks2_keyslot_params *params);
|
|
Packit |
94f725 |
typedef int (*keyslot_open_func) (struct crypt_device *cd, int keyslot,
|
|
Packit |
94f725 |
const char *password, size_t password_len,
|
|
Packit |
94f725 |
char *volume_key, size_t volume_key_len);
|
|
Packit |
94f725 |
typedef int (*keyslot_store_func)(struct crypt_device *cd, int keyslot,
|
|
Packit |
94f725 |
const char *password, size_t password_len,
|
|
Packit |
94f725 |
const char *volume_key, size_t volume_key_len);
|
|
Packit |
94f725 |
typedef int (*keyslot_wipe_func) (struct crypt_device *cd, int keyslot);
|
|
Packit |
94f725 |
typedef int (*keyslot_dump_func) (struct crypt_device *cd, int keyslot);
|
|
Packit |
94f725 |
typedef int (*keyslot_validate_func) (struct crypt_device *cd, json_object *jobj_keyslot);
|
|
Packit |
94f725 |
typedef void(*keyslot_repair_func) (struct crypt_device *cd, json_object *jobj_keyslot);
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
/* see LUKS2_luks2_to_luks1 */
|
|
Packit |
94f725 |
int placeholder_keyslot_alloc(struct crypt_device *cd,
|
|
Packit |
94f725 |
int keyslot,
|
|
Packit |
94f725 |
uint64_t area_offset,
|
|
Packit |
94f725 |
uint64_t area_length,
|
|
Packit |
94f725 |
size_t volume_key_len);
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
/* validate all keyslot implementations in hdr json */
|
|
Packit |
94f725 |
int LUKS2_keyslots_validate(struct crypt_device *cd, json_object *hdr_jobj);
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
typedef struct {
|
|
Packit |
94f725 |
const char *name;
|
|
Packit |
94f725 |
keyslot_alloc_func alloc;
|
|
Packit |
94f725 |
keyslot_update_func update;
|
|
Packit |
94f725 |
keyslot_open_func open;
|
|
Packit |
94f725 |
keyslot_store_func store;
|
|
Packit |
94f725 |
keyslot_wipe_func wipe;
|
|
Packit |
94f725 |
keyslot_dump_func dump;
|
|
Packit |
94f725 |
keyslot_validate_func validate;
|
|
Packit |
94f725 |
keyslot_repair_func repair;
|
|
Packit |
94f725 |
} keyslot_handler;
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
/* can not fit prototype alloc function */
|
|
Packit |
94f725 |
int reenc_keyslot_alloc(struct crypt_device *cd,
|
|
Packit |
94f725 |
struct luks2_hdr *hdr,
|
|
Packit |
94f725 |
int keyslot,
|
|
Packit |
94f725 |
const struct crypt_params_reencrypt *params);
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
/**
|
|
Packit |
94f725 |
* LUKS2 digest handlers (EXPERIMENTAL)
|
|
Packit |
94f725 |
*/
|
|
Packit |
94f725 |
typedef int (*digest_verify_func)(struct crypt_device *cd, int digest,
|
|
Packit |
94f725 |
const char *volume_key, size_t volume_key_len);
|
|
Packit |
94f725 |
typedef int (*digest_store_func) (struct crypt_device *cd, int digest,
|
|
Packit |
94f725 |
const char *volume_key, size_t volume_key_len);
|
|
Packit |
94f725 |
typedef int (*digest_dump_func) (struct crypt_device *cd, int digest);
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
typedef struct {
|
|
Packit |
94f725 |
const char *name;
|
|
Packit |
94f725 |
digest_verify_func verify;
|
|
Packit |
94f725 |
digest_store_func store;
|
|
Packit |
94f725 |
digest_dump_func dump;
|
|
Packit |
94f725 |
} digest_handler;
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
/**
|
|
Packit |
94f725 |
* LUKS2 token handlers (internal use only)
|
|
Packit |
94f725 |
*/
|
|
Packit |
94f725 |
typedef int (*builtin_token_get_func) (json_object *jobj_token, void *params);
|
|
Packit |
94f725 |
typedef int (*builtin_token_set_func) (json_object **jobj_token, const void *params);
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
typedef struct {
|
|
Packit |
94f725 |
/* internal only section used by builtin tokens */
|
|
Packit |
94f725 |
builtin_token_get_func get;
|
|
Packit |
94f725 |
builtin_token_set_func set;
|
|
Packit |
94f725 |
/* public token handler */
|
|
Packit |
94f725 |
const crypt_token_handler *h;
|
|
Packit |
94f725 |
} token_handler;
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
int token_keyring_set(json_object **, const void *);
|
|
Packit |
94f725 |
int token_keyring_get(json_object *, void *);
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
int LUKS2_find_area_gap(struct crypt_device *cd, struct luks2_hdr *hdr,
|
|
Packit |
94f725 |
size_t keylength, uint64_t *area_offset, uint64_t *area_length);
|
|
Packit |
94f725 |
int LUKS2_find_area_max_gap(struct crypt_device *cd, struct luks2_hdr *hdr,
|
|
Packit |
94f725 |
uint64_t *area_offset, uint64_t *area_length);
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
int LUKS2_check_cipher(struct crypt_device *cd,
|
|
Packit |
94f725 |
size_t keylength,
|
|
Packit |
94f725 |
const char *cipher,
|
|
Packit |
94f725 |
const char *cipher_mode);
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
static inline const char *crypt_reencrypt_mode_to_str(crypt_reencrypt_mode_info mi)
|
|
Packit |
94f725 |
{
|
|
Packit |
94f725 |
if (mi == CRYPT_REENCRYPT_REENCRYPT)
|
|
Packit |
94f725 |
return "reencrypt";
|
|
Packit |
94f725 |
if (mi == CRYPT_REENCRYPT_ENCRYPT)
|
|
Packit |
94f725 |
return "encrypt";
|
|
Packit |
94f725 |
if (mi == CRYPT_REENCRYPT_DECRYPT)
|
|
Packit |
94f725 |
return "decrypt";
|
|
Packit |
94f725 |
return "<unknown>";
|
|
Packit |
94f725 |
}
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
#endif
|