projects / platform / upstream / cryptsetup.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Imported Upstream version 2.6.1
[platform/upstream/cryptsetup.git] / lib / luks2 / luks2_keyslot_luks2.c
1 /*
2  * LUKS - Linux Unified Key Setup v2, LUKS2 type keyslot handler
3  *
4  * Copyright (C) 2015-2023 Red Hat, Inc. All rights reserved.
5  * Copyright (C) 2015-2023 Milan Broz
6  *
7  * This program is free software; you can redistribute it and/or
8  * modify it under the terms of the GNU General Public License
9  * as published by the Free Software Foundation; either version 2
10  * of the License, or (at your option) any later version.
11  *
12  * This program is distributed in the hope that it will be useful,
13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15  * GNU General Public License for more details.
16  *
17  * You should have received a copy of the GNU General Public License
18  * along with this program; if not, write to the Free Software
19  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
20  */
21
22 #include <limits.h>
23 #include "luks2_internal.h"
24
25 /* FIXME: move keyslot encryption to crypto backend */
26 #include "../luks1/af.h"
27
28 #define LUKS_SALTSIZE 32
29 #define LUKS_SLOT_ITERATIONS_MIN 1000
30 #define LUKS_STRIPES 4000
31
32 /* Serialize memory-hard keyslot access: optional workaround for parallel processing */
33 #define MIN_MEMORY_FOR_SERIALIZE_LOCK_KB 32*1024 /* 32MB */
34
35 /* coverity[ -taint_source : arg-0 ] */
36 static int luks2_encrypt_to_storage(char *src, size_t srcLength,
37         const char *cipher, const char *cipher_mode,
38         struct volume_key *vk, unsigned int sector,
39         struct crypt_device *cd)
40 {
41 #ifndef ENABLE_AF_ALG /* Support for old kernel without Crypto API */
42         return LUKS_encrypt_to_storage(src, srcLength, cipher, cipher_mode, vk, sector, cd);
43 #else
44         struct crypt_storage *s;
45         int devfd, r;
46         struct device *device = crypt_metadata_device(cd);
47
48         /* Only whole sector writes supported */
49         if (MISALIGNED_512(srcLength))
50                 return -EINVAL;
51
52         /* Encrypt buffer */
53         r = crypt_storage_init(&s, SECTOR_SIZE, cipher, cipher_mode, vk->key, vk->keylength, false);
54         if (r) {
55                 log_err(cd, _("Cannot use %s-%s cipher for keyslot encryption."), cipher, cipher_mode);
56                 return r;
57         }
58
59         r = crypt_storage_encrypt(s, 0, srcLength, src);
60         crypt_storage_destroy(s);
61         if (r) {
62                 log_err(cd, _("IO error while encrypting keyslot."));
63                 return r;
64         }
65
66         devfd = device_open_locked(cd, device, O_RDWR);
67         if (devfd >= 0) {
68                 if (write_lseek_blockwise(devfd, device_block_size(cd, device),
69                                           device_alignment(device), src,
70                                           srcLength, sector * SECTOR_SIZE) < 0)
71                         r = -EIO;
72                 else
73                         r = 0;
74
75                 device_sync(cd, device);
76         } else
77                 r = -EIO;
78
79         if (r)
80                 log_err(cd, _("IO error while encrypting keyslot."));
81
82         return r;
83 #endif
84 }
85
86 static int luks2_decrypt_from_storage(char *dst, size_t dstLength,
87         const char *cipher, const char *cipher_mode, struct volume_key *vk,
88         unsigned int sector, struct crypt_device *cd)
89 {
90         struct device *device = crypt_metadata_device(cd);
91 #ifndef ENABLE_AF_ALG /* Support for old kernel without Crypto API */
92         int r = device_read_lock(cd, device);
93         if (r) {
94                 log_err(cd, _("Failed to acquire read lock on device %s."), device_path(device));
95                 return r;
96         }
97         r = LUKS_decrypt_from_storage(dst, dstLength, cipher, cipher_mode, vk, sector, cd);
98         device_read_unlock(cd, crypt_metadata_device(cd));
99         return r;
100 #else
101         struct crypt_storage *s;
102         int devfd, r;
103
104         /* Only whole sector writes supported */
105         if (MISALIGNED_512(dstLength))
106                 return -EINVAL;
107
108         r = crypt_storage_init(&s, SECTOR_SIZE, cipher, cipher_mode, vk->key, vk->keylength, false);
109         if (r) {
110                 log_err(cd, _("Cannot use %s-%s cipher for keyslot encryption."), cipher, cipher_mode);
111                 return r;
112         }
113
114         r = device_read_lock(cd, device);
115         if (r) {
116                 log_err(cd, _("Failed to acquire read lock on device %s."),
117                         device_path(device));
118                 crypt_storage_destroy(s);
119                 return r;
120         }
121
122         devfd = device_open_locked(cd, device, O_RDONLY);
123         if (devfd >= 0) {
124                 if (read_lseek_blockwise(devfd, device_block_size(cd, device),
125                                          device_alignment(device), dst,
126                                          dstLength, sector * SECTOR_SIZE) < 0)
127                         r = -EIO;
128                 else
129                         r = 0;
130         } else
131                 r = -EIO;
132
133         device_read_unlock(cd, device);
134
135         /* Decrypt buffer */
136         if (!r)
137                 r = crypt_storage_decrypt(s, 0, dstLength, dst);
138         else
139                 log_err(cd, _("IO error while decrypting keyslot."));
140
141         crypt_storage_destroy(s);
142         return r;
143 #endif
144 }
145
146 static int luks2_keyslot_get_pbkdf_params(json_object *jobj_keyslot,
147                                 struct crypt_pbkdf_type *pbkdf, char **salt)
148 {
149         json_object *jobj_kdf, *jobj1, *jobj2;
150         size_t salt_len;
151         int r;
152
153         if (!jobj_keyslot || !pbkdf)
154                 return -EINVAL;
155
156         memset(pbkdf, 0, sizeof(*pbkdf));
157
158         if (!json_object_object_get_ex(jobj_keyslot, "kdf", &jobj_kdf))
159                 return -EINVAL;
160
161         if (!json_object_object_get_ex(jobj_kdf, "type", &jobj1))
162                 return -EINVAL;
163         pbkdf->type = json_object_get_string(jobj1);
164         if (!strcmp(pbkdf->type, CRYPT_KDF_PBKDF2)) {
165                 if (!json_object_object_get_ex(jobj_kdf, "hash", &jobj2))
166                         return -EINVAL;
167                 pbkdf->hash = json_object_get_string(jobj2);
168                 if (!json_object_object_get_ex(jobj_kdf, "iterations", &jobj2))
169                         return -EINVAL;
170                 pbkdf->iterations = json_object_get_int(jobj2);
171                 pbkdf->max_memory_kb = 0;
172                 pbkdf->parallel_threads = 0;
173         } else {
174                 if (!json_object_object_get_ex(jobj_kdf, "time", &jobj2))
175                         return -EINVAL;
176                 pbkdf->iterations = json_object_get_int(jobj2);
177                 if (!json_object_object_get_ex(jobj_kdf, "memory", &jobj2))
178                         return -EINVAL;
179                 pbkdf->max_memory_kb = json_object_get_int(jobj2);
180                 if (!json_object_object_get_ex(jobj_kdf, "cpus", &jobj2))
181                         return -EINVAL;
182                 pbkdf->parallel_threads = json_object_get_int(jobj2);
183         }
184
185         if (!json_object_object_get_ex(jobj_kdf, "salt", &jobj2))
186                 return -EINVAL;
187
188         r = crypt_base64_decode(salt, &salt_len, json_object_get_string(jobj2),
189                                 json_object_get_string_len(jobj2));
190         if (r < 0)
191                 return r;
192
193         if (salt_len != LUKS_SALTSIZE) {
194                 free(*salt);
195                 return -EINVAL;
196         }
197
198         return 0;
199 }
200
201 static int luks2_keyslot_set_key(struct crypt_device *cd,
202         json_object *jobj_keyslot,
203         const char *password, size_t passwordLen,
204         const char *volume_key, size_t volume_key_len)
205 {
206         struct volume_key *derived_key;
207         char *salt = NULL, cipher[MAX_CIPHER_LEN], cipher_mode[MAX_CIPHER_LEN];
208         char *AfKey = NULL;
209         const char *af_hash = NULL;
210         size_t AFEKSize, keyslot_key_len;
211         json_object *jobj2, *jobj_kdf, *jobj_af, *jobj_area;
212         uint64_t area_offset;
213         struct crypt_pbkdf_type pbkdf;
214         int r;
215
216         if (!json_object_object_get_ex(jobj_keyslot, "kdf", &jobj_kdf) ||
217             !json_object_object_get_ex(jobj_keyslot, "af", &jobj_af) ||
218             !json_object_object_get_ex(jobj_keyslot, "area", &jobj_area))
219                 return -EINVAL;
220
221         /* prevent accidental volume key size change after allocation */
222         if (!json_object_object_get_ex(jobj_keyslot, "key_size", &jobj2))
223                 return -EINVAL;
224         if (json_object_get_int(jobj2) != (int)volume_key_len)
225                 return -EINVAL;
226
227         if (!json_object_object_get_ex(jobj_area, "offset", &jobj2))
228                 return -EINVAL;
229         area_offset = crypt_jobj_get_uint64(jobj2);
230
231         if (!json_object_object_get_ex(jobj_area, "encryption", &jobj2))
232                 return -EINVAL;
233         r = crypt_parse_name_and_mode(json_object_get_string(jobj2), cipher, NULL, cipher_mode);
234         if (r < 0)
235                 return r;
236
237         if (!json_object_object_get_ex(jobj_area, "key_size", &jobj2))
238                 return -EINVAL;
239         keyslot_key_len = json_object_get_int(jobj2);
240
241         if (!json_object_object_get_ex(jobj_af, "hash", &jobj2))
242                 return -EINVAL;
243         af_hash = json_object_get_string(jobj2);
244
245         r = luks2_keyslot_get_pbkdf_params(jobj_keyslot, &pbkdf, &salt);
246         if (r < 0)
247                 return r;
248
249         /*
250          * Allocate derived key storage.
251          */
252         derived_key = crypt_alloc_volume_key(keyslot_key_len, NULL);
253         if (!derived_key) {
254                 free(salt);
255                 return -ENOMEM;
256         }
257         /*
258          * Calculate keyslot content, split and store it to keyslot area.
259          */
260         log_dbg(cd, "Running keyslot key derivation.");
261         r = crypt_pbkdf(pbkdf.type, pbkdf.hash, password, passwordLen,
262                         salt, LUKS_SALTSIZE,
263                         derived_key->key, derived_key->keylength,
264                         pbkdf.iterations, pbkdf.max_memory_kb,
265                         pbkdf.parallel_threads);
266         free(salt);
267         if (r < 0) {
268                 if ((crypt_backend_flags() & CRYPT_BACKEND_PBKDF2_INT) &&
269                      pbkdf.iterations > INT_MAX)
270                         log_err(cd, _("PBKDF2 iteration value overflow."));
271                 crypt_free_volume_key(derived_key);
272                 return r;
273         }
274
275         // FIXME: verity key_size to AFEKSize
276         AFEKSize = AF_split_sectors(volume_key_len, LUKS_STRIPES) * SECTOR_SIZE;
277         AfKey = crypt_safe_alloc(AFEKSize);
278         if (!AfKey) {
279                 crypt_free_volume_key(derived_key);
280                 return -ENOMEM;
281         }
282
283         r = crypt_hash_size(af_hash);
284         if (r < 0)
285                 log_err(cd, _("Hash algorithm %s is not available."), af_hash);
286         else
287                 r = AF_split(cd, volume_key, AfKey, volume_key_len, LUKS_STRIPES, af_hash);
288
289         if (r == 0) {
290                 log_dbg(cd, "Updating keyslot area [0x%04" PRIx64 "].", area_offset);
291                 /* FIXME: sector_offset should be size_t, fix LUKS_encrypt... accordingly */
292                 r = luks2_encrypt_to_storage(AfKey, AFEKSize, cipher, cipher_mode,
293                                     derived_key, (unsigned)(area_offset / SECTOR_SIZE), cd);
294         }
295
296         crypt_safe_free(AfKey);
297         crypt_free_volume_key(derived_key);
298         if (r < 0)
299                 return r;
300
301         return 0;
302 }
303
304 static int luks2_keyslot_get_key(struct crypt_device *cd,
305         json_object *jobj_keyslot,
306         const char *password, size_t passwordLen,
307         char *volume_key, size_t volume_key_len)
308 {
309         struct volume_key *derived_key = NULL;
310         struct crypt_pbkdf_type pbkdf;
311         char *AfKey = NULL;
312         size_t AFEKSize;
313         const char *af_hash = NULL;
314         char *salt = NULL, cipher[MAX_CIPHER_LEN], cipher_mode[MAX_CIPHER_LEN];
315         json_object *jobj2, *jobj_af, *jobj_area;
316         uint64_t area_offset;
317         size_t keyslot_key_len;
318         bool try_serialize_lock = false;
319         int r;
320
321         if (!json_object_object_get_ex(jobj_keyslot, "af", &jobj_af) ||
322             !json_object_object_get_ex(jobj_keyslot, "area", &jobj_area))
323                 return -EINVAL;
324
325         if (!json_object_object_get_ex(jobj_af, "hash", &jobj2))
326                 return -EINVAL;
327         af_hash = json_object_get_string(jobj2);
328
329         if (!json_object_object_get_ex(jobj_area, "offset", &jobj2))
330                 return -EINVAL;
331         area_offset = crypt_jobj_get_uint64(jobj2);
332
333         if (!json_object_object_get_ex(jobj_area, "encryption", &jobj2))
334                 return -EINVAL;
335         r = crypt_parse_name_and_mode(json_object_get_string(jobj2), cipher, NULL, cipher_mode);
336         if (r < 0)
337                 return r;
338
339         if (!json_object_object_get_ex(jobj_area, "key_size", &jobj2))
340                 return -EINVAL;
341         keyslot_key_len = json_object_get_int(jobj2);
342
343         r = luks2_keyslot_get_pbkdf_params(jobj_keyslot, &pbkdf, &salt);
344         if (r < 0)
345                 return r;
346
347         /*
348          * Allocate derived key storage space.
349          */
350         derived_key = crypt_alloc_volume_key(keyslot_key_len, NULL);
351         if (!derived_key) {
352                 r = -ENOMEM;
353                 goto out;
354         }
355
356         AFEKSize = AF_split_sectors(volume_key_len, LUKS_STRIPES) * SECTOR_SIZE;
357         AfKey = crypt_safe_alloc(AFEKSize);
358         if (!AfKey) {
359                 r = -ENOMEM;
360                 goto out;
361         }
362
363         /*
364          * If requested, serialize unlocking for memory-hard KDF. Usually NOOP.
365          */
366         if (pbkdf.max_memory_kb > MIN_MEMORY_FOR_SERIALIZE_LOCK_KB)
367                 try_serialize_lock = true;
368         if (try_serialize_lock && (r = crypt_serialize_lock(cd)))
369                 goto out;
370
371         /*
372          * Calculate derived key, decrypt keyslot content and merge it.
373          */
374         log_dbg(cd, "Running keyslot key derivation.");
375         r = crypt_pbkdf(pbkdf.type, pbkdf.hash, password, passwordLen,
376                         salt, LUKS_SALTSIZE,
377                         derived_key->key, derived_key->keylength,
378                         pbkdf.iterations, pbkdf.max_memory_kb,
379                         pbkdf.parallel_threads);
380
381         if (try_serialize_lock)
382                 crypt_serialize_unlock(cd);
383
384         if (r == 0) {
385                 log_dbg(cd, "Reading keyslot area [0x%04" PRIx64 "].", area_offset);
386                 /* FIXME: sector_offset should be size_t, fix LUKS_decrypt... accordingly */
387                 r = luks2_decrypt_from_storage(AfKey, AFEKSize, cipher, cipher_mode,
388                                       derived_key, (unsigned)(area_offset / SECTOR_SIZE), cd);
389         }
390
391         if (r == 0) {
392                 r = crypt_hash_size(af_hash);
393                 if (r < 0)
394                         log_err(cd, _("Hash algorithm %s is not available."), af_hash);
395                 else
396                         r = AF_merge(AfKey, volume_key, volume_key_len, LUKS_STRIPES, af_hash);
397         }
398 out:
399         free(salt);
400         crypt_free_volume_key(derived_key);
401         crypt_safe_free(AfKey);
402
403         return r;
404 }
405
406 /*
407  * currently we support update of only:
408  *
409  * - af hash function
410  * - kdf params
411  */
412 static int luks2_keyslot_update_json(struct crypt_device *cd,
413         json_object *jobj_keyslot,
414         const struct luks2_keyslot_params *params)
415 {
416         const struct crypt_pbkdf_type *pbkdf;
417         json_object *jobj_af, *jobj_area, *jobj_kdf;
418         char salt[LUKS_SALTSIZE], *salt_base64 = NULL;
419         int r;
420
421         /* jobj_keyslot is not yet validated */
422
423         if (!json_object_object_get_ex(jobj_keyslot, "af", &jobj_af) ||
424             !json_object_object_get_ex(jobj_keyslot, "area", &jobj_area))
425                 return -EINVAL;
426
427         /* update area encryption parameters */
428         json_object_object_add(jobj_area, "encryption", json_object_new_string(params->area.raw.encryption));
429         json_object_object_add(jobj_area, "key_size", json_object_new_int(params->area.raw.key_size));
430
431         pbkdf = crypt_get_pbkdf_type(cd);
432         if (!pbkdf)
433                 return -EINVAL;
434
435         r = crypt_benchmark_pbkdf_internal(cd, CONST_CAST(struct crypt_pbkdf_type *)pbkdf, params->area.raw.key_size);
436         if (r < 0)
437                 return r;
438
439         /* refresh whole 'kdf' object */
440         jobj_kdf = json_object_new_object();
441         if (!jobj_kdf)
442                 return -ENOMEM;
443         json_object_object_add(jobj_kdf, "type", json_object_new_string(pbkdf->type));
444         if (!strcmp(pbkdf->type, CRYPT_KDF_PBKDF2)) {
445                 json_object_object_add(jobj_kdf, "hash", json_object_new_string(pbkdf->hash));
446                 json_object_object_add(jobj_kdf, "iterations", json_object_new_int(pbkdf->iterations));
447         } else {
448                 json_object_object_add(jobj_kdf, "time", json_object_new_int(pbkdf->iterations));
449                 json_object_object_add(jobj_kdf, "memory", json_object_new_int(pbkdf->max_memory_kb));
450                 json_object_object_add(jobj_kdf, "cpus", json_object_new_int(pbkdf->parallel_threads));
451         }
452         json_object_object_add(jobj_keyslot, "kdf", jobj_kdf);
453
454         /*
455          * Regenerate salt and add it in 'kdf' object
456          */
457         r = crypt_random_get(cd, salt, LUKS_SALTSIZE, CRYPT_RND_SALT);
458         if (r < 0)
459                 return r;
460         r = crypt_base64_encode(&salt_base64, NULL, salt, LUKS_SALTSIZE);
461         if (r < 0)
462                 return r;
463         json_object_object_add(jobj_kdf, "salt", json_object_new_string(salt_base64));
464         free(salt_base64);
465
466         /* update 'af' hash */
467         json_object_object_add(jobj_af, "hash", json_object_new_string(params->af.luks1.hash));
468
469         JSON_DBG(cd, jobj_keyslot, "Keyslot JSON:");
470         return 0;
471 }
472
473 static int luks2_keyslot_alloc(struct crypt_device *cd,
474         int keyslot,
475         size_t volume_key_len,
476         const struct luks2_keyslot_params *params)
477 {
478         struct luks2_hdr *hdr;
479         uint64_t area_offset, area_length;
480         json_object *jobj_keyslots, *jobj_keyslot, *jobj_af, *jobj_area;
481         int r;
482
483         log_dbg(cd, "Trying to allocate LUKS2 keyslot %d.", keyslot);
484
485         if (!params || params->area_type != LUKS2_KEYSLOT_AREA_RAW ||
486             params->af_type != LUKS2_KEYSLOT_AF_LUKS1) {
487                 log_dbg(cd, "Invalid LUKS2 keyslot parameters.");
488                 return -EINVAL;
489         }
490
491         if (!(hdr = crypt_get_hdr(cd, CRYPT_LUKS2)))
492                 return -EINVAL;
493
494         if (keyslot == CRYPT_ANY_SLOT)
495                 keyslot = LUKS2_keyslot_find_empty(cd, hdr, 0);
496
497         if (keyslot < 0 || keyslot >= LUKS2_KEYSLOTS_MAX)
498                 return -ENOMEM;
499
500         if (LUKS2_get_keyslot_jobj(hdr, keyslot)) {
501                 log_dbg(cd, "Cannot modify already active keyslot %d.", keyslot);
502                 return -EINVAL;
503         }
504
505         if (!json_object_object_get_ex(hdr->jobj, "keyslots", &jobj_keyslots))
506                 return -EINVAL;
507
508         r = LUKS2_find_area_gap(cd, hdr, volume_key_len, &area_offset, &area_length);
509         if (r < 0) {
510                 log_err(cd, _("No space for new keyslot."));
511                 return r;
512         }
513
514         jobj_keyslot = json_object_new_object();
515         json_object_object_add(jobj_keyslot, "type", json_object_new_string("luks2"));
516         json_object_object_add(jobj_keyslot, "key_size", json_object_new_int(volume_key_len));
517
518         /* AF object */
519         jobj_af = json_object_new_object();
520         json_object_object_add(jobj_af, "type", json_object_new_string("luks1"));
521         json_object_object_add(jobj_af, "stripes", json_object_new_int(params->af.luks1.stripes));
522         json_object_object_add(jobj_keyslot, "af", jobj_af);
523
524         /* Area object */
525         jobj_area = json_object_new_object();
526         json_object_object_add(jobj_area, "type", json_object_new_string("raw"));
527         json_object_object_add(jobj_area, "offset", crypt_jobj_new_uint64(area_offset));
528         json_object_object_add(jobj_area, "size", crypt_jobj_new_uint64(area_length));
529         json_object_object_add(jobj_keyslot, "area", jobj_area);
530
531         json_object_object_add_by_uint(jobj_keyslots, keyslot, jobj_keyslot);
532
533         r = luks2_keyslot_update_json(cd, jobj_keyslot, params);
534
535         if (!r && LUKS2_check_json_size(cd, hdr)) {
536                 log_dbg(cd, "Not enough space in header json area for new keyslot.");
537                 r = -ENOSPC;
538         }
539
540         if (r)
541                 json_object_object_del_by_uint(jobj_keyslots, keyslot);
542
543         return r;
544 }
545
546 static int luks2_keyslot_open(struct crypt_device *cd,
547         int keyslot,
548         const char *password,
549         size_t password_len,
550         char *volume_key,
551         size_t volume_key_len)
552 {
553         struct luks2_hdr *hdr;
554         json_object *jobj_keyslot;
555
556         log_dbg(cd, "Trying to open LUKS2 keyslot %d.", keyslot);
557
558         if (!(hdr = crypt_get_hdr(cd, CRYPT_LUKS2)))
559                 return -EINVAL;
560
561         jobj_keyslot = LUKS2_get_keyslot_jobj(hdr, keyslot);
562         if (!jobj_keyslot)
563                 return -EINVAL;
564
565         return luks2_keyslot_get_key(cd, jobj_keyslot,
566                                      password, password_len,
567                                      volume_key, volume_key_len);
568 }
569
570 /*
571  * This function must not modify json.
572  * It's called after luks2 keyslot validation.
573  */
574 static int luks2_keyslot_store(struct crypt_device *cd,
575         int keyslot,
576         const char *password,
577         size_t password_len,
578         const char *volume_key,
579         size_t volume_key_len)
580 {
581         struct luks2_hdr *hdr;
582         json_object *jobj_keyslot;
583         int r;
584
585         log_dbg(cd, "Calculating attributes for LUKS2 keyslot %d.", keyslot);
586
587         if (!(hdr = crypt_get_hdr(cd, CRYPT_LUKS2)))
588                 return -EINVAL;
589
590         jobj_keyslot = LUKS2_get_keyslot_jobj(hdr, keyslot);
591         if (!jobj_keyslot)
592                 return -EINVAL;
593
594         r = LUKS2_device_write_lock(cd, hdr, crypt_metadata_device(cd));
595         if(r)
596                 return r;
597
598         r = luks2_keyslot_set_key(cd, jobj_keyslot,
599                                   password, password_len,
600                                   volume_key, volume_key_len);
601         if (!r)
602                 r = LUKS2_hdr_write(cd, hdr);
603
604         device_write_unlock(cd, crypt_metadata_device(cd));
605
606         return r < 0 ? r : keyslot;
607 }
608
609 static int luks2_keyslot_wipe(struct crypt_device *cd, int keyslot)
610 {
611         struct luks2_hdr *hdr;
612
613         if (!(hdr = crypt_get_hdr(cd, CRYPT_LUKS2)))
614                 return -EINVAL;
615
616         /* Remove any reference of deleted keyslot from digests and tokens */
617         LUKS2_digest_assign(cd, hdr, keyslot, CRYPT_ANY_DIGEST, 0, 0);
618         LUKS2_token_assign(cd, hdr, keyslot, CRYPT_ANY_TOKEN, 0, 0);
619
620         return 0;
621 }
622
623 static int luks2_keyslot_dump(struct crypt_device *cd, int keyslot)
624 {
625         json_object *jobj_keyslot, *jobj1, *jobj_kdf, *jobj_af, *jobj_area;
626
627         jobj_keyslot = LUKS2_get_keyslot_jobj(crypt_get_hdr(cd, CRYPT_LUKS2), keyslot);
628         if (!jobj_keyslot)
629                 return -EINVAL;
630
631         if (!json_object_object_get_ex(jobj_keyslot, "kdf", &jobj_kdf) ||
632             !json_object_object_get_ex(jobj_keyslot, "af", &jobj_af) ||
633             !json_object_object_get_ex(jobj_keyslot, "area", &jobj_area))
634                 return -EINVAL;
635
636         json_object_object_get_ex(jobj_area, "encryption", &jobj1);
637         log_std(cd, "\tCipher:     %s\n", json_object_get_string(jobj1));
638
639         json_object_object_get_ex(jobj_area, "key_size", &jobj1);
640         log_std(cd, "\tCipher key: %u bits\n", crypt_jobj_get_uint32(jobj1) * 8);
641
642         json_object_object_get_ex(jobj_kdf, "type", &jobj1);
643         log_std(cd, "\tPBKDF:      %s\n", json_object_get_string(jobj1));
644
645         if (!strcmp(json_object_get_string(jobj1), CRYPT_KDF_PBKDF2)) {
646                 json_object_object_get_ex(jobj_kdf, "hash", &jobj1);
647                 log_std(cd, "\tHash:       %s\n", json_object_get_string(jobj1));
648
649                 json_object_object_get_ex(jobj_kdf, "iterations", &jobj1);
650                 log_std(cd, "\tIterations: %" PRIu64 "\n", crypt_jobj_get_uint64(jobj1));
651         } else {
652                 json_object_object_get_ex(jobj_kdf, "time", &jobj1);
653                 log_std(cd, "\tTime cost:  %" PRIu64 "\n", json_object_get_int64(jobj1));
654
655                 json_object_object_get_ex(jobj_kdf, "memory", &jobj1);
656                 log_std(cd, "\tMemory:     %" PRIu64 "\n", json_object_get_int64(jobj1));
657
658                 json_object_object_get_ex(jobj_kdf, "cpus", &jobj1);
659                 log_std(cd, "\tThreads:    %" PRIu64 "\n", json_object_get_int64(jobj1));
660         }
661         json_object_object_get_ex(jobj_kdf, "salt", &jobj1);
662         log_std(cd, "\tSalt:       ");
663         hexprint_base64(cd, jobj1, " ", "            ");
664
665
666         json_object_object_get_ex(jobj_af, "stripes", &jobj1);
667         log_std(cd, "\tAF stripes: %u\n", json_object_get_int(jobj1));
668
669         json_object_object_get_ex(jobj_af, "hash", &jobj1);
670         log_std(cd, "\tAF hash:    %s\n", json_object_get_string(jobj1));
671
672         json_object_object_get_ex(jobj_area, "offset", &jobj1);
673         log_std(cd, "\tArea offset:%" PRIu64 " [bytes]\n", crypt_jobj_get_uint64(jobj1));
674
675         json_object_object_get_ex(jobj_area, "size", &jobj1);
676         log_std(cd, "\tArea length:%" PRIu64 " [bytes]\n", crypt_jobj_get_uint64(jobj1));
677
678         return 0;
679 }
680
681 static int luks2_keyslot_validate(struct crypt_device *cd, json_object *jobj_keyslot)
682 {
683         json_object *jobj_kdf, *jobj_af, *jobj_area, *jobj1;
684         const char *type;
685         int count;
686
687         if (!jobj_keyslot)
688                 return -EINVAL;
689
690         if (!(jobj_kdf = json_contains(cd, jobj_keyslot, "", "keyslot", "kdf", json_type_object)) ||
691             !(jobj_af = json_contains(cd, jobj_keyslot, "", "keyslot", "af", json_type_object)) ||
692             !(jobj_area = json_contains(cd, jobj_keyslot, "", "keyslot", "area", json_type_object)))
693                 return -EINVAL;
694
695         count = json_object_object_length(jobj_kdf);
696
697         jobj1 = json_contains_string(cd, jobj_kdf, "", "kdf section", "type");
698         if (!jobj1)
699                 return -EINVAL;
700         type = json_object_get_string(jobj1);
701
702         if (!strcmp(type, CRYPT_KDF_PBKDF2)) {
703                 if (count != 4 || /* type, salt, hash, iterations only */
704                     !json_contains_string(cd, jobj_kdf, "kdf type", type, "hash") ||
705                     !json_contains(cd, jobj_kdf, "kdf type", type, "iterations", json_type_int) ||
706                     !json_contains_string(cd, jobj_kdf, "kdf type", type, "salt"))
707                         return -EINVAL;
708         } else if (!strcmp(type, CRYPT_KDF_ARGON2I) || !strcmp(type, CRYPT_KDF_ARGON2ID)) {
709                 if (count != 5 || /* type, salt, time, memory, cpus only */
710                     !json_contains(cd, jobj_kdf, "kdf type", type, "time", json_type_int) ||
711                     !json_contains(cd, jobj_kdf, "kdf type", type, "memory", json_type_int) ||
712                     !json_contains(cd, jobj_kdf, "kdf type", type, "cpus", json_type_int) ||
713                     !json_contains_string(cd, jobj_kdf, "kdf type", type, "salt"))
714                         return -EINVAL;
715         }
716
717         jobj1 = json_contains_string(cd, jobj_af, "", "af section", "type");
718         if (!jobj1)
719                 return -EINVAL;
720         type = json_object_get_string(jobj1);
721
722         if (!strcmp(type, "luks1")) {
723                 if (!json_contains_string(cd, jobj_af, "", "luks1 af", "hash") ||
724                     !json_contains(cd, jobj_af, "", "luks1 af", "stripes", json_type_int))
725                         return -EINVAL;
726         } else
727                 return -EINVAL;
728
729         // FIXME check numbered
730         jobj1 = json_contains_string(cd, jobj_area, "", "area section", "type");
731         if (!jobj1)
732                 return -EINVAL;
733         type = json_object_get_string(jobj1);
734
735         if (!strcmp(type, "raw")) {
736                 if (!json_contains_string(cd, jobj_area, "area", "raw type", "encryption") ||
737                     !json_contains(cd, jobj_area, "area", "raw type", "key_size", json_type_int) ||
738                     !json_contains_string(cd, jobj_area, "area", "raw type", "offset") ||
739                     !json_contains_string(cd, jobj_area, "area", "raw type", "size"))
740                         return -EINVAL;
741         } else
742                 return -EINVAL;
743
744         return 0;
745 }
746
747 static int luks2_keyslot_update(struct crypt_device *cd,
748         int keyslot,
749         const struct luks2_keyslot_params *params)
750 {
751         struct luks2_hdr *hdr;
752         json_object *jobj_keyslot;
753         int r;
754
755         log_dbg(cd, "Updating LUKS2 keyslot %d.", keyslot);
756
757         if (!(hdr = crypt_get_hdr(cd, CRYPT_LUKS2)))
758                 return -EINVAL;
759
760         jobj_keyslot = LUKS2_get_keyslot_jobj(hdr, keyslot);
761         if (!jobj_keyslot)
762                 return -EINVAL;
763
764         r = luks2_keyslot_update_json(cd, jobj_keyslot, params);
765
766         if (!r && LUKS2_check_json_size(cd, hdr)) {
767                 log_dbg(cd, "Not enough space in header json area for updated keyslot %d.", keyslot);
768                 r = -ENOSPC;
769         }
770
771         return r;
772 }
773
774 static void luks2_keyslot_repair(json_object *jobj_keyslot)
775 {
776         const char *type;
777         json_object *jobj_kdf, *jobj_type;
778
779         if (!json_object_object_get_ex(jobj_keyslot, "kdf", &jobj_kdf) ||
780             !json_object_is_type(jobj_kdf, json_type_object))
781                 return;
782
783         if (!json_object_object_get_ex(jobj_kdf, "type", &jobj_type) ||
784             !json_object_is_type(jobj_type, json_type_string))
785                 return;
786
787         type = json_object_get_string(jobj_type);
788
789         if (!strcmp(type, CRYPT_KDF_PBKDF2)) {
790                 /* type, salt, hash, iterations only */
791                 json_object_object_foreach(jobj_kdf, key, val) {
792                         UNUSED(val);
793                         if (!strcmp(key, "type") || !strcmp(key, "salt") ||
794                             !strcmp(key, "hash") || !strcmp(key, "iterations"))
795                                         continue;
796                         json_object_object_del(jobj_kdf, key);
797                 }
798         } else if (!strcmp(type, CRYPT_KDF_ARGON2I) || !strcmp(type, CRYPT_KDF_ARGON2ID)) {
799                 /* type, salt, time, memory, cpus only */
800                 json_object_object_foreach(jobj_kdf, key, val) {
801                         UNUSED(val);
802                         if (!strcmp(key, "type") || !strcmp(key, "salt") ||
803                             !strcmp(key, "time") || !strcmp(key, "memory") ||
804                             !strcmp(key, "cpus"))
805                                         continue;
806                         json_object_object_del(jobj_kdf, key);
807                 }
808         }
809 }
810
811 const keyslot_handler luks2_keyslot = {
812         .name  = "luks2",
813         .alloc  = luks2_keyslot_alloc,
814         .update = luks2_keyslot_update,
815         .open  = luks2_keyslot_open,
816         .store = luks2_keyslot_store,
817         .wipe  = luks2_keyslot_wipe,
818         .dump  = luks2_keyslot_dump,
819         .validate = luks2_keyslot_validate,
820         .repair = luks2_keyslot_repair
821 };
Domain: System / System Framework;