dissect.fve.luks.luks

Module Contents

Classes

LUKS

LUKS disk encryption.

CryptStream

Transparently decrypting stream.

Functions

derive_passphrase_key

Derive a key from a passphrase with the given keyslot KDF information.

find_luks_headers

is_luks_volume

Return whether the file-like object is a LUKS volume.

class dissect.fve.luks.luks.LUKS(fh: BinaryIO)

LUKS disk encryption.

fh
header = None
header1 = None
header2 = None
cipher_name = None
cipher_mode = None
hash_spec = None
label = None
checksum_algorithm = None
uuid
property unlocked: bool
property keyslots: dict[int, dissect.fve.luks.metadata.Keyslot]
unlock(key: bytes, keyslot: int) None

Unlock the volume with the volume encryption key.

unlock_with_key_file(path: pathlib.Path, offset: int = 0, size: int = -1, keyslot: int | None = None) None
unlock_with_key_fh(fh: BinaryIO, offset: int = 0, size: int = -1, keyslot: int | None = None) None
unlock_with_passphrase(passphrase: str, keyslot: int | None = None) None

Unlock this volume with a passphrase and optional keyslot hint.

find_digest(keyslot: int) dissect.fve.luks.metadata.Digest

Find digest metadata corresponding to the given keyslot.

find_segment(keyslot: int) dissect.fve.luks.metadata.Segment

Find segment metadata corresponding to the given keyslot.

open() CryptStream

Open this volume and return a readable (decrypted) stream.

dissect.fve.luks.luks.derive_passphrase_key(passphrase: bytes, keyslot: dissect.fve.luks.metadata.Keyslot) bytes

Derive a key from a passphrase with the given keyslot KDF information.

Parameters:
  • passphrase – The passphrase to derive a key from.

  • keyslot – The keyslot to use for the derivation.

class dissect.fve.luks.luks.CryptStream(fh: BinaryIO, cipher: str, key: bytes, key_size: int | None = None, offset: int = 0, size: int | str | None = None, iv_tweak: int = 0, sector_size: int = 512)

Bases: dissect.util.stream.AlignedStream

Transparently decrypting stream.

Technically this is dm-crypt territory, but it’s more practical to place it in the LUKS namespace.

Parameters:
  • fh – The original file-like object, usually the encrypted disk.

  • cipher – The cipher name/specification.

  • key – The encryption key.

  • key_size – Optional key size hint.

  • offset – Optional base offset to the encrypted region. Segment offset in LUKS.

  • size – Optional size hint. If None or "dynamic", determine the size by seeking to the end of fh.

  • iv_tweak – Optional IV tweak, or offset.

  • sector_size – Optional sector size. Defaults to 512.

fh
cipher
offset = 0
iv_tweak = 0
sector_size = 512
dissect.fve.luks.luks.find_luks_headers(fh: BinaryIO) tuple[int | None, int | None, int | None]
dissect.fve.luks.luks.is_luks_volume(fh: BinaryIO) bool

Return whether the file-like object is a LUKS volume.