323db6d08d
When we're modifying the binary format, we can introduce host-dependent timeouts as well.
122 lines
4.8 KiB
C
122 lines
4.8 KiB
C
/*
|
|
luksrku - Tool to remotely unlock LUKS volumes using TLS.
|
|
Copyright (C) 2016-2019 Johannes Bauer
|
|
|
|
This file is part of luksrku.
|
|
|
|
luksrku is free software; you can redistribute it and/or modify
|
|
it under the terms of the GNU General Public License as published by
|
|
the Free Software Foundation; this program is ONLY licensed under
|
|
version 3 of the License, later versions are explicitly excluded.
|
|
|
|
luksrku is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
GNU General Public License for more details.
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
along with luksrku; if not, write to the Free Software
|
|
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
|
|
|
Johannes Bauer <JohannesBauer@gmx.de>
|
|
*/
|
|
|
|
#ifndef __KEYDB_H__
|
|
#define __KEYDB_H__
|
|
|
|
#include <stdint.h>
|
|
#include <stdbool.h>
|
|
|
|
#include "file_encryption.h"
|
|
#include "global.h"
|
|
|
|
#define ALIGNED __attribute__ ((aligned(4)))
|
|
|
|
enum volume_flag_t {
|
|
VOLUME_FLAG_ALLOW_DISCARDS = (1 << 0),
|
|
};
|
|
|
|
/* Unused so far */
|
|
enum host_flag_t {
|
|
HOST_FLAG_UNUSED = 0,
|
|
};
|
|
|
|
struct keydb_common_header_t {
|
|
unsigned int keydb_version;
|
|
} ALIGNED;
|
|
|
|
struct volume_entry_v2_t {
|
|
uint8_t volume_uuid[16]; /* UUID of crypt_LUKS volume */
|
|
char devmapper_name[MAX_DEVMAPPER_NAME_LENGTH]; /* dmsetup name when unlocked. Zero-terminated string. */
|
|
uint8_t luks_passphrase_raw[LUKS_PASSPHRASE_RAW_SIZE_BYTES]; /* LUKS passphrase used to unlock volume; raw byte data */
|
|
} ALIGNED;
|
|
|
|
struct host_entry_v2_t {
|
|
uint8_t host_uuid[16]; /* Host UUID */
|
|
char host_name[MAX_HOST_NAME_LENGTH]; /* Descriptive name of host */
|
|
uint8_t tls_psk[PSK_SIZE_BYTES]; /* Raw byte data of TLS-PSK that is used */
|
|
unsigned int volume_count; /* Number of volumes of this host */
|
|
struct volume_entry_v2_t volumes[MAX_VOLUMES_PER_HOST]; /* Volumes of this host */
|
|
} ALIGNED;
|
|
|
|
struct keydb_v2_t {
|
|
struct keydb_common_header_t common;
|
|
bool server_database;
|
|
unsigned int host_count;
|
|
struct host_entry_v2_t hosts[];
|
|
} ALIGNED;
|
|
|
|
struct volume_entry_v3_t {
|
|
uint8_t volume_uuid[16]; /* UUID of crypt_LUKS volume */
|
|
char devmapper_name[MAX_DEVMAPPER_NAME_LENGTH]; /* dmsetup name when unlocked. Zero-terminated string. */
|
|
uint8_t luks_passphrase_raw[LUKS_PASSPHRASE_RAW_SIZE_BYTES]; /* LUKS passphrase used to unlock volume; raw byte data */
|
|
unsigned int volume_flags; /* Bitset of enum volume_flag_t */
|
|
} ALIGNED;
|
|
|
|
struct host_entry_v3_t {
|
|
uint8_t host_uuid[16]; /* Host UUID */
|
|
char host_name[MAX_HOST_NAME_LENGTH]; /* Descriptive name of host */
|
|
uint8_t tls_psk[PSK_SIZE_BYTES]; /* Raw byte data of TLS-PSK that is used */
|
|
unsigned int volume_count; /* Number of volumes of this host */
|
|
unsigned int client_default_timeout_secs; /* Client gives up by default if not everything unlocked after this time */
|
|
unsigned int host_flags; /* Bitset of enum host_flag_t */
|
|
struct volume_entry_v3_t volumes[MAX_VOLUMES_PER_HOST]; /* Volumes of this host */
|
|
} ALIGNED;
|
|
|
|
struct keydb_v3_t {
|
|
struct keydb_common_header_t common;
|
|
bool server_database;
|
|
unsigned int host_count;
|
|
struct host_entry_v3_t hosts[];
|
|
} ALIGNED;
|
|
|
|
|
|
#define KEYDB_CURRENT_VERSION 3
|
|
typedef struct volume_entry_v3_t volume_entry_t;
|
|
typedef struct host_entry_v3_t host_entry_t;
|
|
typedef struct keydb_v3_t keydb_t;
|
|
|
|
|
|
/*************** AUTO GENERATED SECTION FOLLOWS ***************/
|
|
keydb_t* keydb_new(void);
|
|
keydb_t* keydb_export_public(host_entry_t *host);
|
|
void keydb_free(keydb_t *keydb);
|
|
volume_entry_t* keydb_get_volume_by_name(host_entry_t *host, const char *devmapper_name);
|
|
host_entry_t* keydb_get_host_by_name(keydb_t *keydb, const char *host_name);
|
|
const volume_entry_t* keydb_get_volume_by_uuid(const host_entry_t *host, const uint8_t uuid[static 16]);
|
|
int keydb_get_host_index(const keydb_t *keydb, const host_entry_t *host);
|
|
int keydb_get_volume_index(const host_entry_t *host, const volume_entry_t *volume);
|
|
const host_entry_t* keydb_get_host_by_uuid(const keydb_t *keydb, const uint8_t uuid[static 16]);
|
|
bool keydb_add_host(keydb_t **keydb, const char *host_name);
|
|
bool keydb_del_host_by_name(keydb_t **keydb, const char *host_name);
|
|
bool keydb_rekey_host(host_entry_t *host);
|
|
volume_entry_t* keydb_add_volume(host_entry_t *host, const char *devmapper_name, const uint8_t volume_uuid[static 16]);
|
|
bool keydb_del_volume(host_entry_t *host, const char *devmapper_name);
|
|
bool keydb_rekey_volume(volume_entry_t *volume);
|
|
bool keydb_get_volume_luks_passphrase(const volume_entry_t *volume, char *dest, unsigned int dest_buffer_size);
|
|
bool keydb_write(const keydb_t *keydb, const char *filename, const char *passphrase);
|
|
keydb_t* keydb_read(const char *filename);
|
|
/*************** AUTO GENERATED SECTION ENDS ***************/
|
|
|
|
#endif
|