xref: /freebsd/contrib/file/magic/Magdir/luks (revision a2dfb7224ec9933ee804cae54d51848dce938b6b) 
1b6cee71dSXin LI
2b6cee71dSXin LI#------------------------------------------------------------------------------
3*a2dfb722SXin LI# $File: luks,v 1.5 2022/09/07 11:23:44 christos Exp $
4b6cee71dSXin LI# luks:  file(1) magic for Linux Unified Key Setup
5*a2dfb722SXin LI# URL:		https://en.wikipedia.org/wiki/Linux_Unified_Key_Setup
6*a2dfb722SXin LI#		http://fileformats.archiveteam.org/wiki/LUKS
7b6cee71dSXin LI# From:	Anthon van der Neut <anthon@mnt.org>
8*a2dfb722SXin LI# Update:	Joerg Jenderek
9*a2dfb722SXin LI# Note:		verfied by command like `cryptsetup luksDump /dev/sda3`
10b6cee71dSXin LI
11b6cee71dSXin LI0	string		LUKS\xba\xbe	LUKS encrypted file,
12*a2dfb722SXin LI# https://reposcope.com/mimetype/application/x-raw-disk-image
13*a2dfb722SXin LI!:mime	application/x-raw-disk-image
14*a2dfb722SXin LI#!:mime	application/x-luks-volume
15*a2dfb722SXin LI# img is the generic extension; no suffix for partitions; luksVolumeHeaderBackUp via zuluCrypt
16*a2dfb722SXin LI!:ext	/luks/img/luksVolumeHeaderBackUp
17*a2dfb722SXin LI# version like: 1 2
18b6cee71dSXin LI>6	beshort		x		ver %d
19*a2dfb722SXin LI# test for version 1 variant
20*a2dfb722SXin LI>6	beshort		1
21*a2dfb722SXin LI>>0			use		luks-v1
22*a2dfb722SXin LI# test for version 2 variant
23*a2dfb722SXin LI>6	beshort		>1
24*a2dfb722SXin LI>>0			use		luks-v2
25*a2dfb722SXin LI# Reference:	https://mirrors.edge.kernel.org/pub/linux/utils/cryptsetup/LUKS_docs/on-disk-format.pdf
26*a2dfb722SXin LI#		http://mark0.net/download/triddefs_xml.7z/defs/l/luks.trid.xml
27*a2dfb722SXin LI# display information about LUKS version 1
28*a2dfb722SXin LI0	name		luks-v1
29*a2dfb722SXin LI# cipher-name like: aes twofish
30b6cee71dSXin LI>8	string		x		[%s,
31*a2dfb722SXin LI# cipher-mode like: xts-plain64 cbc-essiv
32b6cee71dSXin LI>40	string		x		%s,
33*a2dfb722SXin LI# hash specification like: sha256 sha1 ripemd160
34b6cee71dSXin LI>72	string		x		%s]
35b6cee71dSXin LI>168	string		x		UUID: %s
36*a2dfb722SXin LI# NEW PART!
37*a2dfb722SXin LI# payload-offset; start offset of the bulk data
38*a2dfb722SXin LI>104	 ubelong	x		\b, at %#x data
39*a2dfb722SXin LI# key-bytes; number of key bytes; key-bytes*8=MK-bits
40*a2dfb722SXin LI>108	 ubelong	x		\b, %u key bytes
41*a2dfb722SXin LI# mk-digest[20]; master key checksum from PBKDF2
42*a2dfb722SXin LI>112	ubequad		x		\b, MK digest %#16.16llx
43*a2dfb722SXin LI>>120	ubequad		x		\b%16.16llx
44*a2dfb722SXin LI>>128	ubelong		x		\b%8.8x
45*a2dfb722SXin LI# mk-digest-salt[32]; salt parameter for master key PBKDF2
46*a2dfb722SXin LI>132	ubequad		x		\b, MK salt %#16.16llx
47*a2dfb722SXin LI>>140	ubequad		x		\b%16.16llx
48*a2dfb722SXin LI>>148	ubequad		x		\b%16.16llx
49*a2dfb722SXin LI>>156	ubequad		x		\b%16.16llx
50*a2dfb722SXin LI# mk-digest-iter; iterations parameter for master key PBKDF2
51*a2dfb722SXin LI>164	ubelong		x		\b, %u MK iterations
52*a2dfb722SXin LI# key slot 1
53*a2dfb722SXin LI>208	ubelong		=0x00AC71F3	\b; slot #0
54*a2dfb722SXin LI>>208			use		luks-slot
55*a2dfb722SXin LI# key slot 2
56*a2dfb722SXin LI>256	ubelong		=0x00AC71F3	\b; slot #1
57*a2dfb722SXin LI>>256			use		luks-slot
58*a2dfb722SXin LI# key slot 3
59*a2dfb722SXin LI>304	ubelong		=0x00AC71F3	\b; slot #2
60*a2dfb722SXin LI>>304			use		luks-slot
61*a2dfb722SXin LI# key slot 4
62*a2dfb722SXin LI>352	ubelong		=0x00AC71F3	\b; slot #3
63*a2dfb722SXin LI>>352			use		luks-slot
64*a2dfb722SXin LI# key slot 5
65*a2dfb722SXin LI>400	ubelong		=0x00AC71F3	\b; slot #4
66*a2dfb722SXin LI>>400			use		luks-slot
67*a2dfb722SXin LI# key slot 6
68*a2dfb722SXin LI>448	ubelong		=0x00AC71F3	\b; slot #5
69*a2dfb722SXin LI>>448			use		luks-slot
70*a2dfb722SXin LI# key slot 7
71*a2dfb722SXin LI>496	ubelong		=0x00AC71F3	\b; slot #6
72*a2dfb722SXin LI>>496			use		luks-slot
73*a2dfb722SXin LI# key slot 8
74*a2dfb722SXin LI>544	ubelong		=0x00AC71F3	\b; slot #7
75*a2dfb722SXin LI>>544			use		luks-slot
76*a2dfb722SXin LI# Reference:	https://gitlab.com/cryptsetup/LUKS2-docs/-/raw/master/luks2_doc_wip.pdf
77*a2dfb722SXin LI#		http://mark0.net/download/triddefs_xml.7z/defs/l/luks2.trid.xml
78*a2dfb722SXin LI# display information about LUKS version 2
79*a2dfb722SXin LI0	name		luks-v2
80*a2dfb722SXin LI# hdr_size; size including JSON area called Metadata area by cryptsetup with value like: 16384
81*a2dfb722SXin LI>8	ubequad		x		\b, header size %llu
82*a2dfb722SXin LI# possible check for MAGIC_2ND after header
83*a2dfb722SXin LI#>(8.Q) 	 string		SKUL\xba\xbe	\b, 2nd_HEADER_OK
84*a2dfb722SXin LI# seqid; sequence ID, increased on update; called Epoch by cryptsetup with value like: 3 4 8 10
85*a2dfb722SXin LI>16	ubequad		x		\b, ID %llu
86*a2dfb722SXin LI# label[48]; optional ASCII label or empty; called Label by cryptsetup with value like: "LUKS2_EXT4_ROOT"
87*a2dfb722SXin LI>24	string		>\0		\b, label %s
88*a2dfb722SXin LI# csum_alg[32]; checksum algorithm like: sha256 sha1 sha512 wirlpool ripemd160
89*a2dfb722SXin LI>72	string		x		\b, algo %s
90*a2dfb722SXin LI# salt[64]; salt , unique for every header
91*a2dfb722SXin LI>104	ubequad		x		\b, salt %#llx...
92*a2dfb722SXin LI# uuid[40]; UID of device as string like: 242256c6-396e-4a35-af5f-5b70cb7af9a7
93*a2dfb722SXin LI>168	string		x		\b, UUID: %-.40s
94*a2dfb722SXin LI# subsystem[48]; optional owner subsystem label or empty
95*a2dfb722SXin LI>208	string		>\0		\b, sub label %-.48s
96*a2dfb722SXin LI# hdr_offset; offset from device start [ bytes ] like: 0
97*a2dfb722SXin LI>256	ubequad		!0		\b, offset %llx
98*a2dfb722SXin LI# char _padding [184]; must be zeroed
99*a2dfb722SXin LI#>264	ubequad		x		\b, padding %#16.16llx
100*a2dfb722SXin LI#>440	ubequad		x		\b...%16.16llx
101*a2dfb722SXin LI# csum[64]; header checksum
102*a2dfb722SXin LI>448	ubequad		x		\b, crc %#llx...
103*a2dfb722SXin LI# char _padding4096 [7*512];  Padding , must be zeroed
104*a2dfb722SXin LI#>512	ubequad		x		\b, more padding %#16.16llx
105*a2dfb722SXin LI#>4088	ubequad		x		\b...%16.16llx
106*a2dfb722SXin LI# JSON text data terminated by the zero character; unused remainder empty and filled with zeroes like:
107*a2dfb722SXin LI# {"keyslots":{"0":{"type":"luks2","key_size":64,"af":{"type":"luks1","stripes":4000,"hash":"sha256"},"area":{"type":"raw","offse"
108*a2dfb722SXin LI>0x1000	string		x		\b, at 0x1000 %s
109*a2dfb722SXin LI#>0x1000	indirect	x
110*a2dfb722SXin LI# display information (like active) about LUKS1 slot
111*a2dfb722SXin LI0	name		luks-slot
112*a2dfb722SXin LI# state of keyslot; 0x00AC71F3~active 0x0000DEAD~inactive
113*a2dfb722SXin LI#>0	ubelong		x		\b, status %#8.8x
114*a2dfb722SXin LI>0	ubelong		=0x00AC71F3	active
115*a2dfb722SXin LI>0	ubelong		=0x0000DEAD	inactive
116*a2dfb722SXin LI# iteration parameter for PBKDF2
117*a2dfb722SXin LI#>4	ubelong		x		\b, %u iterations
118*a2dfb722SXin LI# salt parameter for PBKDF2
119*a2dfb722SXin LI#>8	ubequad		x		\b, salt %#16.16llx
120*a2dfb722SXin LI#>>16	ubequad		x		\b%16.16llx
121*a2dfb722SXin LI#>>24	ubequad		x		\b%16.16llx
122*a2dfb722SXin LI#>>32	ubequad		x		\b%16.16llx
123*a2dfb722SXin LI# start sector of key material like: 8 0x200 0x3f8 0x5f0 0xdd0
124*a2dfb722SXin LI>40	ubelong		x		\b, %#x material offset
125*a2dfb722SXin LI# number of anti-forensic stripes like: 4000
126*a2dfb722SXin LI>44	ubelong		!4000		\b, %u stripes
127