|
Packit |
94f725 |
/*
|
|
Packit |
94f725 |
* libdevmapper - device-mapper backend for cryptsetup
|
|
Packit |
94f725 |
*
|
|
Packit |
94f725 |
* Copyright (C) 2004 Jana Saout <jana@saout.de>
|
|
Packit |
94f725 |
* Copyright (C) 2004-2007 Clemens Fruhwirth <clemens@endorphin.org>
|
|
Packit |
94f725 |
* Copyright (C) 2009-2020 Red Hat, Inc. All rights reserved.
|
|
Packit |
94f725 |
* Copyright (C) 2009-2020 Milan Broz
|
|
Packit |
94f725 |
*
|
|
Packit |
94f725 |
* This program is free software; you can redistribute it and/or
|
|
Packit |
94f725 |
* modify it under the terms of the GNU General Public License
|
|
Packit |
94f725 |
* as published by the Free Software Foundation; either version 2
|
|
Packit |
94f725 |
* of the License, or (at your option) any later version.
|
|
Packit |
94f725 |
*
|
|
Packit |
94f725 |
* This program is distributed in the hope that it will be useful,
|
|
Packit |
94f725 |
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
Packit |
94f725 |
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
Packit |
94f725 |
* GNU General Public License for more details.
|
|
Packit |
94f725 |
*
|
|
Packit |
94f725 |
* You should have received a copy of the GNU General Public License
|
|
Packit |
94f725 |
* along with this program; if not, write to the Free Software
|
|
Packit |
94f725 |
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
Packit |
94f725 |
*/
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
#ifndef _UTILS_DM_H
|
|
Packit |
94f725 |
#define _UTILS_DM_H
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
/* device-mapper library helpers */
|
|
Packit |
94f725 |
#include <inttypes.h>
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
struct crypt_device;
|
|
Packit |
94f725 |
struct volume_key;
|
|
Packit |
94f725 |
struct crypt_params_verity;
|
|
Packit |
94f725 |
struct device;
|
|
Packit |
94f725 |
struct crypt_params_integrity;
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
/* Device mapper internal flags */
|
|
Packit |
94f725 |
#define DM_RESUME_PRIVATE (1 << 4) /* CRYPT_ACTIVATE_PRIVATE */
|
|
Packit |
94f725 |
#define DM_SUSPEND_SKIP_LOCKFS (1 << 5)
|
|
Packit |
94f725 |
#define DM_SUSPEND_WIPE_KEY (1 << 6)
|
|
Packit |
94f725 |
#define DM_SUSPEND_NOFLUSH (1 << 7)
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
static inline uint32_t act2dmflags(uint32_t act_flags)
|
|
Packit |
94f725 |
{
|
|
Packit |
94f725 |
return (act_flags & DM_RESUME_PRIVATE);
|
|
Packit |
94f725 |
}
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
/* Device mapper backend - kernel support flags */
|
|
Packit |
94f725 |
#define DM_KEY_WIPE_SUPPORTED (1 << 0) /* key wipe message */
|
|
Packit |
94f725 |
#define DM_LMK_SUPPORTED (1 << 1) /* lmk mode */
|
|
Packit |
94f725 |
#define DM_SECURE_SUPPORTED (1 << 2) /* wipe (secure) buffer flag */
|
|
Packit |
94f725 |
#define DM_PLAIN64_SUPPORTED (1 << 3) /* plain64 IV */
|
|
Packit |
94f725 |
#define DM_DISCARDS_SUPPORTED (1 << 4) /* discards/TRIM option is supported */
|
|
Packit |
94f725 |
#define DM_VERITY_SUPPORTED (1 << 5) /* dm-verity target supported */
|
|
Packit |
94f725 |
#define DM_TCW_SUPPORTED (1 << 6) /* tcw (TCRYPT CBC with whitening) */
|
|
Packit |
94f725 |
#define DM_SAME_CPU_CRYPT_SUPPORTED (1 << 7) /* same_cpu_crypt */
|
|
Packit |
94f725 |
#define DM_SUBMIT_FROM_CRYPT_CPUS_SUPPORTED (1 << 8) /* submit_from_crypt_cpus */
|
|
Packit |
94f725 |
#define DM_VERITY_ON_CORRUPTION_SUPPORTED (1 << 9) /* ignore/restart_on_corruption, ignore_zero_block */
|
|
Packit |
94f725 |
#define DM_VERITY_FEC_SUPPORTED (1 << 10) /* Forward Error Correction (FEC) */
|
|
Packit |
94f725 |
#define DM_KERNEL_KEYRING_SUPPORTED (1 << 11) /* dm-crypt allows loading kernel keyring keys */
|
|
Packit |
94f725 |
#define DM_INTEGRITY_SUPPORTED (1 << 12) /* dm-integrity target supported */
|
|
Packit |
94f725 |
#define DM_SECTOR_SIZE_SUPPORTED (1 << 13) /* support for sector size setting in dm-crypt/dm-integrity */
|
|
Packit |
94f725 |
#define DM_CAPI_STRING_SUPPORTED (1 << 14) /* support for cryptoapi format cipher definition */
|
|
Packit |
94f725 |
#define DM_DEFERRED_SUPPORTED (1 << 15) /* deferred removal of device */
|
|
Packit |
94f725 |
#define DM_INTEGRITY_RECALC_SUPPORTED (1 << 16) /* dm-integrity automatic recalculation supported */
|
|
Packit |
94f725 |
#define DM_INTEGRITY_BITMAP_SUPPORTED (1 << 17) /* dm-integrity bitmap mode supported */
|
|
Packit |
94f725 |
#define DM_GET_TARGET_VERSION_SUPPORTED (1 << 18) /* dm DM_GET_TARGET version ioctl supported */
|
|
Packit |
94f725 |
#define DM_INTEGRITY_FIX_PADDING_SUPPORTED (1 << 19) /* supports the parameter fix_padding that fixes a bug that caused excessive padding */
|
|
Packit |
94f725 |
#define DM_BITLK_EBOIV_SUPPORTED (1 << 20) /* EBOIV for BITLK supported */
|
|
Packit |
94f725 |
#define DM_BITLK_ELEPHANT_SUPPORTED (1 << 21) /* Elephant diffuser for BITLK supported */
|
|
Packit |
94f725 |
#define DM_VERITY_SIGNATURE_SUPPORTED (1 << 22) /* Verity option root_hash_sig_key_desc supported */
|
|
Packit |
94f725 |
#define DM_INTEGRITY_DISCARDS_SUPPORTED (1 << 23) /* dm-integrity discards/TRIM option is supported */
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
typedef enum { DM_CRYPT = 0, DM_VERITY, DM_INTEGRITY, DM_LINEAR, DM_ERROR, DM_ZERO, DM_UNKNOWN } dm_target_type;
|
|
Packit |
94f725 |
enum tdirection { TARGET_SET = 1, TARGET_QUERY };
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
int dm_flags(struct crypt_device *cd, dm_target_type target, uint32_t *flags);
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
#define DM_ACTIVE_DEVICE (1 << 0)
|
|
Packit |
94f725 |
#define DM_ACTIVE_UUID (1 << 1)
|
|
Packit |
94f725 |
#define DM_ACTIVE_HOLDERS (1 << 2)
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
#define DM_ACTIVE_CRYPT_CIPHER (1 << 3)
|
|
Packit |
94f725 |
#define DM_ACTIVE_CRYPT_KEYSIZE (1 << 4)
|
|
Packit |
94f725 |
#define DM_ACTIVE_CRYPT_KEY (1 << 5)
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
#define DM_ACTIVE_VERITY_ROOT_HASH (1 << 6)
|
|
Packit |
94f725 |
#define DM_ACTIVE_VERITY_HASH_DEVICE (1 << 7)
|
|
Packit |
94f725 |
#define DM_ACTIVE_VERITY_PARAMS (1 << 8)
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
#define DM_ACTIVE_INTEGRITY_PARAMS (1 << 9)
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
struct dm_target {
|
|
Packit |
94f725 |
dm_target_type type;
|
|
Packit |
94f725 |
enum tdirection direction;
|
|
Packit |
94f725 |
uint64_t offset;
|
|
Packit |
94f725 |
uint64_t size;
|
|
Packit |
94f725 |
struct device *data_device;
|
|
Packit |
94f725 |
union {
|
|
Packit |
94f725 |
struct {
|
|
Packit |
94f725 |
const char *cipher;
|
|
Packit |
94f725 |
const char *integrity;
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
/* Active key for device */
|
|
Packit |
94f725 |
struct volume_key *vk;
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
/* struct crypt_active_device */
|
|
Packit |
94f725 |
uint64_t offset; /* offset in sectors */
|
|
Packit |
94f725 |
uint64_t iv_offset; /* IV initialisation sector */
|
|
Packit |
94f725 |
uint32_t tag_size; /* additional on-disk tag size */
|
|
Packit |
94f725 |
uint32_t sector_size; /* encryption sector size */
|
|
Packit |
94f725 |
} crypt;
|
|
Packit |
94f725 |
struct {
|
|
Packit |
94f725 |
struct device *hash_device;
|
|
Packit |
94f725 |
struct device *fec_device;
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
const char *root_hash;
|
|
Packit |
94f725 |
uint32_t root_hash_size;
|
|
Packit |
94f725 |
const char *root_hash_sig_key_desc;
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
uint64_t hash_offset; /* hash offset in blocks (not header) */
|
|
Packit |
94f725 |
uint64_t hash_blocks; /* size of hash device (in hash blocks) */
|
|
Packit |
94f725 |
uint64_t fec_offset; /* FEC offset in blocks (not header) */
|
|
Packit |
94f725 |
uint64_t fec_blocks; /* size of FEC device (in hash blocks) */
|
|
Packit |
94f725 |
struct crypt_params_verity *vp;
|
|
Packit |
94f725 |
} verity;
|
|
Packit |
94f725 |
struct {
|
|
Packit |
94f725 |
uint64_t journal_size;
|
|
Packit |
94f725 |
uint32_t journal_watermark;
|
|
Packit |
94f725 |
uint32_t journal_commit_time;
|
|
Packit |
94f725 |
uint32_t interleave_sectors;
|
|
Packit |
94f725 |
uint32_t tag_size;
|
|
Packit |
94f725 |
uint64_t offset; /* offset in sectors */
|
|
Packit |
94f725 |
uint32_t sector_size; /* integrity sector size */
|
|
Packit |
94f725 |
uint32_t buffer_sectors;
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
const char *integrity;
|
|
Packit |
94f725 |
/* Active key for device */
|
|
Packit |
94f725 |
struct volume_key *vk;
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
const char *journal_integrity;
|
|
Packit |
94f725 |
struct volume_key *journal_integrity_key;
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
const char *journal_crypt;
|
|
Packit |
94f725 |
struct volume_key *journal_crypt_key;
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
struct device *meta_device;
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
bool fix_padding;
|
|
Packit |
94f725 |
} integrity;
|
|
Packit |
94f725 |
struct {
|
|
Packit |
94f725 |
uint64_t offset;
|
|
Packit |
94f725 |
} linear;
|
|
Packit |
94f725 |
struct {
|
|
Packit |
94f725 |
} zero;
|
|
Packit |
94f725 |
} u;
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
char *params;
|
|
Packit |
94f725 |
struct dm_target *next;
|
|
Packit |
94f725 |
};
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
struct crypt_dm_active_device {
|
|
Packit |
94f725 |
uint64_t size; /* active device size */
|
|
Packit |
94f725 |
uint32_t flags; /* activation flags */
|
|
Packit |
94f725 |
const char *uuid;
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
unsigned holders:1; /* device holders detected (on query only) */
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
struct dm_target segment;
|
|
Packit |
94f725 |
};
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
static inline bool single_segment(const struct crypt_dm_active_device *dmd)
|
|
Packit |
94f725 |
{
|
|
Packit |
94f725 |
return dmd && !dmd->segment.next;
|
|
Packit |
94f725 |
}
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
void dm_backend_init(struct crypt_device *cd);
|
|
Packit |
94f725 |
void dm_backend_exit(struct crypt_device *cd);
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
int dm_targets_allocate(struct dm_target *first, unsigned count);
|
|
Packit |
94f725 |
void dm_targets_free(struct crypt_device *cd, struct crypt_dm_active_device *dmd);
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
int dm_crypt_target_set(struct dm_target *tgt, uint64_t seg_offset, uint64_t seg_size,
|
|
Packit |
94f725 |
struct device *data_device, struct volume_key *vk, const char *cipher,
|
|
Packit |
94f725 |
uint64_t iv_offset, uint64_t data_offset, const char *integrity,
|
|
Packit |
94f725 |
uint32_t tag_size, uint32_t sector_size);
|
|
Packit |
94f725 |
int dm_verity_target_set(struct dm_target *tgt, uint64_t seg_offset, uint64_t seg_size,
|
|
Packit |
94f725 |
struct device *data_device, struct device *hash_device, struct device *fec_device,
|
|
Packit |
94f725 |
const char *root_hash, uint32_t root_hash_size, const char *root_hash_sig_key_desc,
|
|
Packit |
94f725 |
uint64_t hash_offset_block, uint64_t hash_blocks, struct crypt_params_verity *vp);
|
|
Packit |
94f725 |
int dm_integrity_target_set(struct crypt_device *cd,
|
|
Packit |
94f725 |
struct dm_target *tgt, uint64_t seg_offset, uint64_t seg_size,
|
|
Packit |
94f725 |
struct device *meta_device,
|
|
Packit |
94f725 |
struct device *data_device, uint64_t tag_size, uint64_t offset, uint32_t sector_size,
|
|
Packit |
94f725 |
struct volume_key *vk,
|
|
Packit |
94f725 |
struct volume_key *journal_crypt_key, struct volume_key *journal_mac_key,
|
|
Packit |
94f725 |
const struct crypt_params_integrity *ip);
|
|
Packit |
94f725 |
int dm_linear_target_set(struct dm_target *tgt, uint64_t seg_offset, uint64_t seg_size,
|
|
Packit |
94f725 |
struct device *data_device, uint64_t data_offset);
|
|
Packit |
94f725 |
int dm_zero_target_set(struct dm_target *tgt, uint64_t seg_offset, uint64_t seg_size);
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
int dm_remove_device(struct crypt_device *cd, const char *name, uint32_t flags);
|
|
Packit |
94f725 |
int dm_status_device(struct crypt_device *cd, const char *name);
|
|
Packit |
94f725 |
int dm_status_suspended(struct crypt_device *cd, const char *name);
|
|
Packit |
94f725 |
int dm_status_verity_ok(struct crypt_device *cd, const char *name);
|
|
Packit |
94f725 |
int dm_status_integrity_failures(struct crypt_device *cd, const char *name, uint64_t *count);
|
|
Packit |
94f725 |
int dm_query_device(struct crypt_device *cd, const char *name,
|
|
Packit |
94f725 |
uint32_t get_flags, struct crypt_dm_active_device *dmd);
|
|
Packit |
94f725 |
int dm_device_deps(struct crypt_device *cd, const char *name, const char *prefix,
|
|
Packit |
94f725 |
char **names, size_t names_length);
|
|
Packit |
94f725 |
int dm_create_device(struct crypt_device *cd, const char *name,
|
|
Packit |
94f725 |
const char *type, struct crypt_dm_active_device *dmd);
|
|
Packit |
94f725 |
int dm_reload_device(struct crypt_device *cd, const char *name,
|
|
Packit |
94f725 |
struct crypt_dm_active_device *dmd, uint32_t dmflags, unsigned resume);
|
|
Packit |
94f725 |
int dm_suspend_device(struct crypt_device *cd, const char *name, uint32_t dmflags);
|
|
Packit |
94f725 |
int dm_resume_device(struct crypt_device *cd, const char *name, uint32_t dmflags);
|
|
Packit |
94f725 |
int dm_resume_and_reinstate_key(struct crypt_device *cd, const char *name,
|
|
Packit |
94f725 |
const struct volume_key *vk);
|
|
Packit |
94f725 |
int dm_error_device(struct crypt_device *cd, const char *name);
|
|
Packit |
94f725 |
int dm_clear_device(struct crypt_device *cd, const char *name);
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
const char *dm_get_dir(void);
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
int lookup_dm_dev_by_uuid(struct crypt_device *cd, const char *uuid, const char *type);
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
/* These are DM helpers used only by utils_devpath file */
|
|
Packit |
94f725 |
int dm_is_dm_device(int major);
|
|
Packit |
94f725 |
int dm_is_dm_kernel_name(const char *name);
|
|
Packit |
94f725 |
char *dm_device_path(const char *prefix, int major, int minor);
|
|
Packit |
94f725 |
char *dm_device_name(const char *path);
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
#endif /* _UTILS_DM_H */
|