1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
|
/*
* cryptsetup LUKS2 custom mutator
*
* Copyright (C) 2022-2023 Daniel Zatovic <daniel.zatovic@gmail.com>
* Copyright (C) 2022-2023 Red Hat, Inc. All rights reserved.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
syntax = "proto2";
package LUKS2_proto;
// ---------------------------------------------------------------------------
// ----------------------------- GENERIC OBJECTS -----------------------------
// ---------------------------------------------------------------------------
message object_id {
oneof id {
// int_id will be mapped to range -16 to 16 (mod 33)
// this way iy should be easier to generate valid
// object cross-references
uint32 int_id = 1;
string string_id = 2;
}
}
message string_uint64 {
required bool negative = 1;
oneof number {
uint32 uint_num = 2;
string string_num = 3;
}
}
enum hash_algorithm {
HASH_ALG_SHA1 = 1;
HASH_ALG_SHA256 = 2;
}
// ---------------------------------------------------------------------------
// ----------------------------- BINARY HEADER -------------------------------
// ---------------------------------------------------------------------------
enum luks2_magic {
INVALID = 0;
FIRST = 1;
SECOND = 2;
}
enum luks_version {
ONE = 1;
TWO = 2;
THREE = 3;
}
// we limit the size to 64KiB to make the fuzzing faster
// because the checksum needs to be calculated for the whole image
enum hdr_size {
size_16_KB = 16384;
size_32_KB = 32768;
size_64_KB = 65536;
// size_128_KB = 131072;
// size_256_KB = 262144;
// size_512_KB = 524288;
// size_1_MB = 1048576;
// size_2_MB = 2097152;
// size_4_MB = 4194304;
}
enum seqid_description {
PRIMARY_GREATER = 0;
SECONDARY_GREATER = 1;
EQUAL = 2;
}
// message luks2_hdr_disk {
// char magic[LUKS2_MAGIC_L];
// //uint16_t version; /* Version 2 */
// uint64_t hdr_size; /* in bytes, including JSON area */
// uint64_t seqid; /* increased on every update */
// char label[LUKS2_LABEL_L];
// char checksum_alg[LUKS2_CHECKSUM_ALG_L];
// uint8_t salt[LUKS2_SALT_L]; /* unique for every header/offset */
// char uuid[LUKS2_UUID_L];
// char subsystem[LUKS2_LABEL_L]; /* owner subsystem label */
// uint64_t hdr_offset; /* offset from device start in bytes */
// char _padding[184];
// uint8_t csum[LUKS2_CHECKSUM_L];
// }
message LUKS2_header {
required luks_version version = 1;
required luks2_magic magic = 2;
required hdr_size hdr_size = 3;
required bool use_correct_checksum = 4;
optional uint64 selected_offset = 5;
}
message LUKS2_both_headers {
required LUKS2_header primary_header = 1;
required LUKS2_header secondary_header = 2;
required seqid_description seqid = 3;
required json_area_description json_area = 4;
}
message json_area_description {
optional config_description config = 1;
repeated keyslot_description keyslots = 2;
repeated digest_description digests = 3;
repeated segment_description segments = 4;
repeated token_description tokens = 5;
}
// ---------------------------------------------------------------------------
// ----------------------------- KEYSLOT OBJECT ------------------------------
// ---------------------------------------------------------------------------
enum keyslot_type {
KEYSLOT_TYPE_LUKS2 = 1;
KEYSLOT_TYPE_REENCRYPT = 2;
KEYSLOT_TYPE_PLACEHOLDER = 3;
}
enum reencrypt_keyslot_mode {
MODE_REENCRYPT = 1;
MODE_ENCRYPT = 2;
MODE_DECRYPT = 3;
}
enum reencrypt_keyslot_direction {
DIRECTION_FORWARD = 1;
DIRECTION_BACKWARD = 2;
}
// The area object contains these mandatory fields:
// - type [string] the area type.
// - offset [string-uint64] the offset from the device start to the beginning of the binary area (in bytes).
// - size [string-uint64] the area size (in bytes).
//
// Area type raw contains these additional fields:
// - encryption [string] the area encryption algorithm, in dm-crypt notation (for example aes-xts-plain64).
// - key_size [integer] the area encryption key size.
//
// Area type none and journal (used only for reencryption optional extension) contain only mandatory fields.
//
// Area type checksum (used only for reencryption optional extension) contains these additional fields:
// - hash [string] The hash algorithm for the checksum resilience mode.
// - sector_size [integer] The data unit size for digest checksum calculated with the hash algorithm.
//
// Area type datashift (used only for reencryption optional extension) contains this additional field:
// - shift_size [string-uint64] The data shift (in bytes) performed during reencryption (shift direction is according to direction field).
enum keyslot_area_type {
KEYSLOT_AREA_TYPE_RAW = 1;
KEYSLOT_AREA_TYPE_NONE = 2;
KEYSLOT_AREA_TYPE_JOURNAL = 3;
KEYSLOT_AREA_TYPE_CHECKSUM = 4;
KEYSLOT_AREA_TYPE_DATASHIFT = 5;
}
message keyslot_area_description {
// mandatory fields
optional keyslot_area_type type = 1;
optional string_uint64 offset = 2;
optional string_uint64 size = 3;
// raw type fields
optional string encryption = 4;
optional int32 key_size = 5;
// checksum type field
optional hash_algorithm hash = 6;
optional int32 sector_size = 7;
// datashift type fields
optional string_uint64 shift_size = 8;
}
// The object describes PBKDF attributes used for the keyslot.
// The kdf object mandatory fields are:
// - type [string] the PBKDF type.
// - salt [base64] the salt for PBKDF (binary data).
//
// The pbkdf2 type (compatible with LUKS1) contains these additional fields:
// - hash [string] the hash algorithm for the PBKDF2 (SHA-256).
// - iterations [integer] the PBKDF2 iterations count.
//
// The argon2i and argon2id type contains these additional fields:
// - time [integer] the time cost (in fact the iterations count for Argon2).
// - memory [integer] the memory cost, in kilobytes. If not available, the keyslot cannot be unlocked.
// - cpus [integer] the required number of threads (CPU cores number cost). If not available, unlocking will be slower.
enum keyslot_kdf_type {
KEYSLOT_KDF_TYPE_PBKDF2 = 1;
KEYSLOT_KDF_TYPE_ARGON2I = 2;
KEYSLOT_KDF_TYPE_ARGON2ID = 3;
}
message keyslot_kdf_description {
optional keyslot_kdf_type type = 1;
optional string salt = 2;
// pbkdf2 type
optional hash_algorithm hash = 3;
optional int32 iterations = 4;
// argon2i and argon2id types
optional int32 time = 5;
optional int32 memory = 6;
optional int32 cpus = 7;
}
enum keyslot_af_type {
KEYSLOT_AF_TYPE_LUKS1 = 1;
}
// The af (anti-forensic splitter) object contains this madatory field:
// - type [string] the anti-forensic function type.
// AF type luks1 (compatible with LUKS1 [1]) contains these additional fields:
// - stripes [integer] the number of stripes, for historical reasons only the 4000 value is supported.
// - hash [string] the hash algorithm used.
message keyslot_af_description {
optional keyslot_af_type type = 1;
optional int32 stripes = 2;
optional hash_algorithm hash = 3;
}
// - type [string] the keyslot type.
// - key_size [integer] the key size (in bytes) stored in keyslot.
// - priority [integer,optional] the keyslot priority. Here 0 means ignore (the slot should be used only if explicitly stated), 1 means normal priority and 2 means high priority (tried before normal priority).
// REENCRYPT
// The key size field must be set to 1. The area type must be none, checksum,
// journal or datashift.
// The reencrypt object must contain these additional fields:
// - mode [string] the reencryption mode. reencrypt, encrypt and decrypt
// - direction [string] the reencryption direction. forward backward
// - area [object] the allocated area in the binary keyslots area.
// LUKS2 object must contain these additional fields:
// - kdf [object] the PBKDF type and parameters used.
// - af [object] the anti-forensic splitter [1] (only the luks1 type is currently
// used).
message keyslot_description {
// type
required object_id oid = 1;
optional keyslot_type type = 2;
optional int32 key_size = 3;
optional int32 priority = 4;
// reencrypt extension
optional reencrypt_keyslot_mode mode = 5;
optional reencrypt_keyslot_direction direction = 6;
// objects
optional keyslot_area_description area = 7;
optional keyslot_kdf_description kdf = 8;
optional keyslot_af_description af = 9;
}
// ---------------------------------------------------------------------------
// ------------------------------ DIGEST OBJECT ------------------------------
// ---------------------------------------------------------------------------
message digest_description {
required object_id oid = 1;
optional keyslot_kdf_type type = 2;
repeated object_id keyslots = 3;
repeated object_id segments = 4;
optional string salt = 5;
optional string digest = 6;
// pbkdf2 digest fields
optional hash_algorithm hash = 7;
optional int32 iterations = 8;
}
// ---------------------------------------------------------------------------
// ----------------------------- SEGMENT OBJECT ------------------------------
// ---------------------------------------------------------------------------
enum segment_type {
SEGMENT_TYPE_LINEAR = 1;
SEGMENT_TYPE_CRYPT = 2;
}
enum segment_flag {
IN_REENCRYPTION = 1;
BACKUP_FINAL = 2;
BACKUP_PREVIOUS = 3;
BACKUP_MOVED_SEGMENT = 4;
}
message segment_integrity_description {
optional string type = 1;
optional string journal_encryption = 2;
optional string journal_integrity = 3;
}
message segment_description {
required object_id oid = 1;
optional segment_type type = 2;
optional string_uint64 offset = 3;
optional string_uint64 size = 4;
repeated segment_flag flags = 5;
// segment type crypt
optional string_uint64 iv_tweak = 6;
optional string encryption = 7;
optional int32 sector_size = 8;
optional segment_integrity_description integrity = 9;
}
// ---------------------------------------------------------------------------
// ------------------------------ TOKEN OBJECT -------------------------------
// ---------------------------------------------------------------------------
message token_description {
required object_id oid = 1;
optional string type = 2;
repeated object_id keyslots = 3;
optional string key_description = 4;
}
// ---------------------------------------------------------------------------
// ------------------------------ CONFIG OBJECT ------------------------------
// ---------------------------------------------------------------------------
// - allow-discards allows TRIM (discards) on the active device.
// - same-cpu-crypt compatibility performance flag for dm-crypt [3] to per- form encryption using the same CPU that originated the request.
// - submit-from-crypt-cpus compatibility performance flag for dm-crypt [3] to disable offloading write requests to a separate thread after encryption.
// - no-journal disable data journalling for dm-integrity [10].
// - no-read-workqueue compatibility performance flag for dm-crypt [3] to bypass dm-crypt read workqueue and process read requests synchronously.
// - no-write-workqueue compatibility performance flag for dm-crypt [3] to bypass dm-crypt write workqueue and process write requests synchronously.
enum config_flag {
CONFIG_FLAG_ALLOW_DISCARDS = 1;
CONFIG_FLAG_SAME_CPU_CRYPT = 2;
CONFIG_FLAG_SUBMIT_FROM_CRYPT_CPUS = 3;
CONFIG_FLAG_NO_JOURNAL = 4;
CONFIG_FLAG_NO_READ_WORKQUEUE = 5;
CONFIG_FLAG_NO_WRITE_WORKQUEUE = 6;
}
enum config_requirement {
CONFIG_REQUIREMENT_OFFLINE_REENCRYPT = 1;
CONFIG_REQUIREMENT_ONLINE_REENCRYPT_V2 = 2;
}
// - json_size [string-uint64] the JSON area size (in bytes). Must match the binary header.
// - keyslots_size [string-uint64] the binary keyslot area size (in bytes). Must be aligned to 4096 bytes.
// - flags [array, optional] the array of string objects with persistent flags for the device.
// - requirements [array, optional] the array of string objects with additional required features for the LUKS device.
message config_description {
required bool use_primary_hdr_size = 2;
repeated config_flag config_flags = 3;
repeated config_requirement requirements = 4;
}
|