1/* 2 * QEMU Crypto block device encryption LUKS format 3 * 4 * Copyright (c) 2015-2016 Red Hat, Inc. 5 * 6 * This library is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU Lesser General Public 8 * License as published by the Free Software Foundation; either 9 * version 2.1 of the License, or (at your option) any later version. 10 * 11 * This library is distributed in the hope that it will be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 * Lesser General Public License for more details. 15 * 16 * You should have received a copy of the GNU Lesser General Public 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>. 18 * 19 */ 20 21#include "qemu/osdep.h" 22#include "qapi/error.h" 23#include "qemu/bswap.h" 24 25#include "block-luks.h" 26 27#include "crypto/hash.h" 28#include "crypto/afsplit.h" 29#include "crypto/pbkdf.h" 30#include "crypto/secret.h" 31#include "crypto/random.h" 32#include "qemu/uuid.h" 33 34#include "qemu/coroutine.h" 35#include "qemu/bitmap.h" 36 37/* 38 * Reference for the LUKS format implemented here is 39 * 40 * docs/on-disk-format.pdf 41 * 42 * in 'cryptsetup' package source code 43 * 44 * This file implements the 1.2.1 specification, dated 45 * Oct 16, 2011. 46 */ 47 48typedef struct QCryptoBlockLUKSHeader QCryptoBlockLUKSHeader; 49typedef struct QCryptoBlockLUKSKeySlot QCryptoBlockLUKSKeySlot; 50 51 52/* The following constants are all defined by the LUKS spec */ 53#define QCRYPTO_BLOCK_LUKS_VERSION 1 54 55#define QCRYPTO_BLOCK_LUKS_MAGIC_LEN 6 56#define QCRYPTO_BLOCK_LUKS_CIPHER_NAME_LEN 32 57#define QCRYPTO_BLOCK_LUKS_CIPHER_MODE_LEN 32 58#define QCRYPTO_BLOCK_LUKS_HASH_SPEC_LEN 32 59#define QCRYPTO_BLOCK_LUKS_DIGEST_LEN 20 60#define QCRYPTO_BLOCK_LUKS_SALT_LEN 32 61#define QCRYPTO_BLOCK_LUKS_UUID_LEN 40 62#define QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS 8 63#define QCRYPTO_BLOCK_LUKS_STRIPES 4000 64#define QCRYPTO_BLOCK_LUKS_MIN_SLOT_KEY_ITERS 1000 65#define QCRYPTO_BLOCK_LUKS_MIN_MASTER_KEY_ITERS 1000 66#define QCRYPTO_BLOCK_LUKS_KEY_SLOT_OFFSET 4096 67 68#define QCRYPTO_BLOCK_LUKS_KEY_SLOT_DISABLED 0x0000DEAD 69#define QCRYPTO_BLOCK_LUKS_KEY_SLOT_ENABLED 0x00AC71F3 70 71#define QCRYPTO_BLOCK_LUKS_SECTOR_SIZE 512LL 72 73#define QCRYPTO_BLOCK_LUKS_DEFAULT_ITER_TIME_MS 2000 74#define QCRYPTO_BLOCK_LUKS_ERASE_ITERATIONS 40 75 76static const char qcrypto_block_luks_magic[QCRYPTO_BLOCK_LUKS_MAGIC_LEN] = { 77 'L', 'U', 'K', 'S', 0xBA, 0xBE 78}; 79 80/* 81 * This struct is written to disk in big-endian format, 82 * but operated upon in native-endian format. 83 */ 84struct QCryptoBlockLUKSKeySlot { 85 /* state of keyslot, enabled/disable */ 86 uint32_t active; 87 /* iterations for PBKDF2 */ 88 uint32_t iterations; 89 /* salt for PBKDF2 */ 90 uint8_t salt[QCRYPTO_BLOCK_LUKS_SALT_LEN]; 91 /* start sector of key material */ 92 uint32_t key_offset_sector; 93 /* number of anti-forensic stripes */ 94 uint32_t stripes; 95}; 96 97/* 98 * This struct is written to disk in big-endian format, 99 * but operated upon in native-endian format. 100 */ 101struct QCryptoBlockLUKSHeader { 102 /* 'L', 'U', 'K', 'S', '0xBA', '0xBE' */ 103 char magic[QCRYPTO_BLOCK_LUKS_MAGIC_LEN]; 104 105 /* LUKS version, currently 1 */ 106 uint16_t version; 107 108 /* cipher name specification (aes, etc) */ 109 char cipher_name[QCRYPTO_BLOCK_LUKS_CIPHER_NAME_LEN]; 110 111 /* cipher mode specification (cbc-plain, xts-essiv:sha256, etc) */ 112 char cipher_mode[QCRYPTO_BLOCK_LUKS_CIPHER_MODE_LEN]; 113 114 /* hash specification (sha256, etc) */ 115 char hash_spec[QCRYPTO_BLOCK_LUKS_HASH_SPEC_LEN]; 116 117 /* start offset of the volume data (in 512 byte sectors) */ 118 uint32_t payload_offset_sector; 119 120 /* Number of key bytes */ 121 uint32_t master_key_len; 122 123 /* master key checksum after PBKDF2 */ 124 uint8_t master_key_digest[QCRYPTO_BLOCK_LUKS_DIGEST_LEN]; 125 126 /* salt for master key PBKDF2 */ 127 uint8_t master_key_salt[QCRYPTO_BLOCK_LUKS_SALT_LEN]; 128 129 /* iterations for master key PBKDF2 */ 130 uint32_t master_key_iterations; 131 132 /* UUID of the partition in standard ASCII representation */ 133 uint8_t uuid[QCRYPTO_BLOCK_LUKS_UUID_LEN]; 134 135 /* key slots */ 136 QCryptoBlockLUKSKeySlot key_slots[QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS]; 137}; 138 139 140void 141qcrypto_block_luks_to_disk_endian(QCryptoBlockLUKSHeader *hdr); 142void 143qcrypto_block_luks_from_disk_endian(QCryptoBlockLUKSHeader *hdr); 144