2 * LUKS - Linux Unified Key Setup v2, reencryption helpers
4 * Copyright (C) 2015-2021, Red Hat, Inc. All rights reserved.
5 * Copyright (C) 2015-2021, Ondrej Kozina
7 * This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License
9 * as published by the Free Software Foundation; either version 2
10 * of the License, or (at your option) any later version.
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
22 #include "luks2_internal.h"
23 #include "utils_device_locking.h"
25 struct reenc_protection {
26 enum { REENC_PROTECTION_NONE = 0, /* none should be 0 always */
27 REENC_PROTECTION_CHECKSUM,
28 REENC_PROTECTION_JOURNAL,
29 REENC_PROTECTION_DATASHIFT } type;
35 char hash[LUKS2_CHECKSUM_ALG_L]; // or include luks.h
36 struct crypt_hash *ch;
38 /* buffer for checksums */
47 struct luks2_reencrypt {
48 /* reencryption window attributes */
57 crypt_reencrypt_direction_info direction;
58 crypt_reencrypt_mode_info mode;
65 /* reencryption window persistence attributes */
66 struct reenc_protection rp;
70 /* already running reencryption */
71 json_object *jobj_segs_hot;
72 struct json_object *jobj_segs_post;
75 json_object *jobj_segment_new;
77 json_object *jobj_segment_old;
79 json_object *jobj_segment_moved;
81 struct volume_key *vks;
86 struct crypt_storage_wrapper *cw1;
87 struct crypt_storage_wrapper *cw2;
92 struct crypt_lock_handle *reenc_lock;
94 #if USE_LUKS2_REENCRYPTION
95 static int reencrypt_keyslot_update(struct crypt_device *cd,
96 const struct luks2_reencrypt *rh)
99 json_object *jobj_keyslot, *jobj_area, *jobj_area_type;
100 struct luks2_hdr *hdr;
102 if (!(hdr = crypt_get_hdr(cd, CRYPT_LUKS2)))
105 jobj_keyslot = LUKS2_get_keyslot_jobj(hdr, rh->reenc_keyslot);
109 json_object_object_get_ex(jobj_keyslot, "area", &jobj_area);
110 json_object_object_get_ex(jobj_area, "type", &jobj_area_type);
112 if (rh->rp.type == REENC_PROTECTION_CHECKSUM) {
113 log_dbg(cd, "Updating reencrypt keyslot for checksum protection.");
114 json_object_object_add(jobj_area, "type", json_object_new_string("checksum"));
115 json_object_object_add(jobj_area, "hash", json_object_new_string(rh->rp.p.csum.hash));
116 json_object_object_add(jobj_area, "sector_size", json_object_new_int64(rh->alignment));
117 } else if (rh->rp.type == REENC_PROTECTION_NONE) {
118 log_dbg(cd, "Updating reencrypt keyslot for none protection.");
119 json_object_object_add(jobj_area, "type", json_object_new_string("none"));
120 json_object_object_del(jobj_area, "hash");
121 } else if (rh->rp.type == REENC_PROTECTION_JOURNAL) {
122 log_dbg(cd, "Updating reencrypt keyslot for journal protection.");
123 json_object_object_add(jobj_area, "type", json_object_new_string("journal"));
124 json_object_object_del(jobj_area, "hash");
126 log_dbg(cd, "No update of reencrypt keyslot needed.");
128 r = LUKS2_keyslot_reencrypt_digest_create(cd, hdr, rh->vks);
130 log_err(cd, "Failed to refresh reencryption verification digest.");
135 static json_object *reencrypt_segment(struct luks2_hdr *hdr, unsigned new)
137 return LUKS2_get_segment_by_flag(hdr, new ? "backup-final" : "backup-previous");
140 static json_object *reencrypt_segment_new(struct luks2_hdr *hdr)
142 return reencrypt_segment(hdr, 1);
145 static json_object *reencrypt_segment_old(struct luks2_hdr *hdr)
147 return reencrypt_segment(hdr, 0);
150 static const char *reencrypt_segment_cipher_new(struct luks2_hdr *hdr)
152 return json_segment_get_cipher(reencrypt_segment(hdr, 1));
155 static const char *reencrypt_segment_cipher_old(struct luks2_hdr *hdr)
157 return json_segment_get_cipher(reencrypt_segment(hdr, 0));
160 static int reencrypt_get_sector_size_new(struct luks2_hdr *hdr)
162 return json_segment_get_sector_size(reencrypt_segment(hdr, 1));
165 static int reencrypt_get_sector_size_old(struct luks2_hdr *hdr)
167 return json_segment_get_sector_size(reencrypt_segment(hdr, 0));
170 static uint64_t reencrypt_data_offset(struct luks2_hdr *hdr, unsigned new)
172 json_object *jobj = reencrypt_segment(hdr, new);
174 return json_segment_get_offset(jobj, 0);
176 return LUKS2_get_data_offset(hdr) << SECTOR_SHIFT;
179 static uint64_t LUKS2_reencrypt_get_data_offset_moved(struct luks2_hdr *hdr)
181 json_object *jobj_segment = LUKS2_get_segment_by_flag(hdr, "backup-moved-segment");
186 return json_segment_get_offset(jobj_segment, 0);
189 static uint64_t reencrypt_get_data_offset_new(struct luks2_hdr *hdr)
191 return reencrypt_data_offset(hdr, 1);
194 static uint64_t reencrypt_get_data_offset_old(struct luks2_hdr *hdr)
196 return reencrypt_data_offset(hdr, 0);
199 static int reencrypt_digest(struct luks2_hdr *hdr, unsigned new)
201 int segment = LUKS2_get_segment_id_by_flag(hdr, new ? "backup-final" : "backup-previous");
206 return LUKS2_digest_by_segment(hdr, segment);
209 int LUKS2_reencrypt_digest_new(struct luks2_hdr *hdr)
211 return reencrypt_digest(hdr, 1);
214 int LUKS2_reencrypt_digest_old(struct luks2_hdr *hdr)
216 return reencrypt_digest(hdr, 0);
219 /* none, checksums, journal or shift */
220 static const char *reencrypt_resilience_type(struct luks2_hdr *hdr)
222 json_object *jobj_keyslot, *jobj_area, *jobj_type;
223 int ks = LUKS2_find_keyslot(hdr, "reencrypt");
228 jobj_keyslot = LUKS2_get_keyslot_jobj(hdr, ks);
230 json_object_object_get_ex(jobj_keyslot, "area", &jobj_area);
231 if (!json_object_object_get_ex(jobj_area, "type", &jobj_type))
234 return json_object_get_string(jobj_type);
237 static const char *reencrypt_resilience_hash(struct luks2_hdr *hdr)
239 json_object *jobj_keyslot, *jobj_area, *jobj_type, *jobj_hash;
240 int ks = LUKS2_find_keyslot(hdr, "reencrypt");
245 jobj_keyslot = LUKS2_get_keyslot_jobj(hdr, ks);
247 json_object_object_get_ex(jobj_keyslot, "area", &jobj_area);
248 if (!json_object_object_get_ex(jobj_area, "type", &jobj_type))
250 if (strcmp(json_object_get_string(jobj_type), "checksum"))
252 if (!json_object_object_get_ex(jobj_area, "hash", &jobj_hash))
255 return json_object_get_string(jobj_hash);
257 #if USE_LUKS2_REENCRYPTION
258 static uint32_t reencrypt_alignment(struct luks2_hdr *hdr)
260 json_object *jobj_keyslot, *jobj_area, *jobj_type, *jobj_hash, *jobj_sector_size;
261 int ks = LUKS2_find_keyslot(hdr, "reencrypt");
266 jobj_keyslot = LUKS2_get_keyslot_jobj(hdr, ks);
268 json_object_object_get_ex(jobj_keyslot, "area", &jobj_area);
269 if (!json_object_object_get_ex(jobj_area, "type", &jobj_type))
271 if (strcmp(json_object_get_string(jobj_type), "checksum"))
273 if (!json_object_object_get_ex(jobj_area, "hash", &jobj_hash))
275 if (!json_object_object_get_ex(jobj_area, "sector_size", &jobj_sector_size))
278 return crypt_jobj_get_uint32(jobj_sector_size);
281 static json_object *_enc_create_segments_shift_after(struct crypt_device *cd,
282 struct luks2_hdr *hdr,
283 struct luks2_reencrypt *rh,
284 uint64_t data_offset)
286 int reenc_seg, i = 0;
287 json_object *jobj_copy, *jobj_seg_new = NULL, *jobj_segs_post = json_object_new_object();
290 if (!rh->jobj_segs_hot || !jobj_segs_post)
293 if (json_segments_count(rh->jobj_segs_hot) == 0)
294 return jobj_segs_post;
296 reenc_seg = json_segments_segment_in_reencrypt(rh->jobj_segs_hot);
300 while (i < reenc_seg) {
301 jobj_copy = json_segments_get_segment(rh->jobj_segs_hot, i);
304 json_object_object_add_by_uint(jobj_segs_post, i++, json_object_get(jobj_copy));
307 if (json_object_copy(json_segments_get_segment(rh->jobj_segs_hot, reenc_seg + 1), &jobj_seg_new)) {
308 if (json_object_copy(json_segments_get_segment(rh->jobj_segs_hot, reenc_seg), &jobj_seg_new))
310 json_segment_remove_flag(jobj_seg_new, "in-reencryption");
313 json_object_object_add(jobj_seg_new, "offset", crypt_jobj_new_uint64(rh->offset + data_offset));
314 json_object_object_add(jobj_seg_new, "iv_tweak", crypt_jobj_new_uint64(rh->offset >> SECTOR_SHIFT));
315 tmp = json_segment_get_size(jobj_seg_new, 0) + rh->length;
318 /* alter size of new segment, reenc_seg == 0 we're finished */
319 json_object_object_add(jobj_seg_new, "size", reenc_seg > 0 ? crypt_jobj_new_uint64(tmp) : json_object_new_string("dynamic"));
320 json_object_object_add_by_uint(jobj_segs_post, reenc_seg, jobj_seg_new);
322 return jobj_segs_post;
324 json_object_put(jobj_segs_post);
328 static json_object *reencrypt_make_hot_segments_encrypt_shift(struct crypt_device *cd,
329 struct luks2_hdr *hdr,
330 struct luks2_reencrypt *rh,
331 uint64_t data_offset)
333 int sg, crypt_seg, i = 0;
334 uint64_t segment_size;
335 json_object *jobj_seg_shrunk, *jobj_seg_new, *jobj_copy, *jobj_enc_seg = NULL,
336 *jobj_segs_hot = json_object_new_object();
341 crypt_seg = LUKS2_segment_by_type(hdr, "crypt");
343 /* FIXME: This is hack. Find proper way to fix it. */
344 sg = LUKS2_last_segment_by_type(hdr, "linear");
345 if (rh->offset && sg < 0)
348 return jobj_segs_hot;
350 jobj_enc_seg = json_segment_create_crypt(data_offset + rh->offset,
351 rh->offset >> SECTOR_SHIFT,
353 reencrypt_segment_cipher_new(hdr),
354 reencrypt_get_sector_size_new(hdr),
358 jobj_copy = LUKS2_get_segment_jobj(hdr, i);
361 json_object_object_add_by_uint(jobj_segs_hot, i++, json_object_get(jobj_copy));
364 segment_size = LUKS2_segment_size(hdr, sg, 0);
365 if (segment_size > rh->length) {
366 jobj_seg_shrunk = NULL;
367 if (json_object_copy(LUKS2_get_segment_jobj(hdr, sg), &jobj_seg_shrunk))
369 json_object_object_add(jobj_seg_shrunk, "size", crypt_jobj_new_uint64(segment_size - rh->length));
370 json_object_object_add_by_uint(jobj_segs_hot, sg++, jobj_seg_shrunk);
373 json_object_object_add_by_uint(jobj_segs_hot, sg++, jobj_enc_seg);
374 jobj_enc_seg = NULL; /* see err: label */
376 /* first crypt segment after encryption ? */
377 if (crypt_seg >= 0) {
378 jobj_seg_new = LUKS2_get_segment_jobj(hdr, crypt_seg);
381 json_object_object_add_by_uint(jobj_segs_hot, sg, json_object_get(jobj_seg_new));
384 return jobj_segs_hot;
386 json_object_put(jobj_enc_seg);
387 json_object_put(jobj_segs_hot);
392 static json_object *reencrypt_make_segment_new(struct crypt_device *cd,
393 struct luks2_hdr *hdr,
394 const struct luks2_reencrypt *rh,
395 uint64_t data_offset,
396 uint64_t segment_offset,
398 const uint64_t *segment_length)
401 case CRYPT_REENCRYPT_REENCRYPT:
402 case CRYPT_REENCRYPT_ENCRYPT:
403 return json_segment_create_crypt(data_offset + segment_offset,
404 crypt_get_iv_offset(cd) + (iv_offset >> SECTOR_SHIFT),
406 reencrypt_segment_cipher_new(hdr),
407 reencrypt_get_sector_size_new(hdr), 0);
408 case CRYPT_REENCRYPT_DECRYPT:
409 return json_segment_create_linear(data_offset + segment_offset, segment_length, 0);
415 static json_object *reencrypt_make_post_segments_forward(struct crypt_device *cd,
416 struct luks2_hdr *hdr,
417 struct luks2_reencrypt *rh,
418 uint64_t data_offset)
421 json_object *jobj_new_seg_after, *jobj_old_seg, *jobj_old_seg_copy = NULL,
422 *jobj_segs_post = json_object_new_object();
423 uint64_t fixed_length = rh->offset + rh->length;
425 if (!rh->jobj_segs_hot || !jobj_segs_post)
428 reenc_seg = json_segments_segment_in_reencrypt(rh->jobj_segs_hot);
432 jobj_old_seg = json_segments_get_segment(rh->jobj_segs_hot, reenc_seg + 1);
435 * if there's no old segment after reencryption, we're done.
436 * Set size to 'dynamic' again.
438 jobj_new_seg_after = reencrypt_make_segment_new(cd, hdr, rh, data_offset, 0, 0, jobj_old_seg ? &fixed_length : NULL);
439 if (!jobj_new_seg_after)
441 json_object_object_add_by_uint(jobj_segs_post, 0, jobj_new_seg_after);
444 if (rh->fixed_length) {
445 if (json_object_copy(jobj_old_seg, &jobj_old_seg_copy))
447 jobj_old_seg = jobj_old_seg_copy;
448 fixed_length = rh->device_size - fixed_length;
449 json_object_object_add(jobj_old_seg, "size", crypt_jobj_new_uint64(fixed_length));
451 json_object_get(jobj_old_seg);
452 json_object_object_add_by_uint(jobj_segs_post, 1, jobj_old_seg);
455 return jobj_segs_post;
457 json_object_put(jobj_segs_post);
461 static json_object *reencrypt_make_post_segments_backward(struct crypt_device *cd,
462 struct luks2_hdr *hdr,
463 struct luks2_reencrypt *rh,
464 uint64_t data_offset)
467 uint64_t fixed_length;
469 json_object *jobj_new_seg_after, *jobj_old_seg,
470 *jobj_segs_post = json_object_new_object();
472 if (!rh->jobj_segs_hot || !jobj_segs_post)
475 reenc_seg = json_segments_segment_in_reencrypt(rh->jobj_segs_hot);
479 jobj_old_seg = json_segments_get_segment(rh->jobj_segs_hot, reenc_seg - 1);
481 json_object_object_add_by_uint(jobj_segs_post, reenc_seg - 1, json_object_get(jobj_old_seg));
482 if (rh->fixed_length && rh->offset) {
483 fixed_length = rh->device_size - rh->offset;
484 jobj_new_seg_after = reencrypt_make_segment_new(cd, hdr, rh, data_offset, rh->offset, rh->offset, &fixed_length);
486 jobj_new_seg_after = reencrypt_make_segment_new(cd, hdr, rh, data_offset, rh->offset, rh->offset, NULL);
487 if (!jobj_new_seg_after)
489 json_object_object_add_by_uint(jobj_segs_post, reenc_seg, jobj_new_seg_after);
491 return jobj_segs_post;
493 json_object_put(jobj_segs_post);
497 static json_object *reencrypt_make_segment_reencrypt(struct crypt_device *cd,
498 struct luks2_hdr *hdr,
499 const struct luks2_reencrypt *rh,
500 uint64_t data_offset,
501 uint64_t segment_offset,
503 const uint64_t *segment_length)
506 case CRYPT_REENCRYPT_REENCRYPT:
507 case CRYPT_REENCRYPT_ENCRYPT:
508 return json_segment_create_crypt(data_offset + segment_offset,
509 crypt_get_iv_offset(cd) + (iv_offset >> SECTOR_SHIFT),
511 reencrypt_segment_cipher_new(hdr),
512 reencrypt_get_sector_size_new(hdr), 1);
513 case CRYPT_REENCRYPT_DECRYPT:
514 return json_segment_create_linear(data_offset + segment_offset, segment_length, 1);
520 static json_object *reencrypt_make_segment_old(struct crypt_device *cd,
521 struct luks2_hdr *hdr,
522 const struct luks2_reencrypt *rh,
523 uint64_t data_offset,
524 uint64_t segment_offset,
525 const uint64_t *segment_length)
527 json_object *jobj_old_seg = NULL;
530 case CRYPT_REENCRYPT_REENCRYPT:
531 case CRYPT_REENCRYPT_DECRYPT:
532 jobj_old_seg = json_segment_create_crypt(data_offset + segment_offset,
533 crypt_get_iv_offset(cd) + (segment_offset >> SECTOR_SHIFT),
535 reencrypt_segment_cipher_old(hdr),
536 reencrypt_get_sector_size_old(hdr),
539 case CRYPT_REENCRYPT_ENCRYPT:
540 jobj_old_seg = json_segment_create_linear(data_offset + segment_offset, segment_length, 0);
546 static json_object *reencrypt_make_hot_segments_forward(struct crypt_device *cd,
547 struct luks2_hdr *hdr,
548 struct luks2_reencrypt *rh,
549 uint64_t device_size,
550 uint64_t data_offset)
552 json_object *jobj_segs_hot, *jobj_reenc_seg, *jobj_old_seg, *jobj_new_seg;
553 uint64_t fixed_length, tmp = rh->offset + rh->length;
556 jobj_segs_hot = json_object_new_object();
561 jobj_new_seg = reencrypt_make_segment_new(cd, hdr, rh, data_offset, 0, 0, &rh->offset);
564 json_object_object_add_by_uint(jobj_segs_hot, sg++, jobj_new_seg);
567 jobj_reenc_seg = reencrypt_make_segment_reencrypt(cd, hdr, rh, data_offset, rh->offset, rh->offset, &rh->length);
571 json_object_object_add_by_uint(jobj_segs_hot, sg++, jobj_reenc_seg);
573 if (tmp < device_size) {
574 fixed_length = device_size - tmp;
575 jobj_old_seg = reencrypt_make_segment_old(cd, hdr, rh, data_offset + rh->data_shift, rh->offset + rh->length, rh->fixed_length ? &fixed_length : NULL);
578 json_object_object_add_by_uint(jobj_segs_hot, sg, jobj_old_seg);
581 return jobj_segs_hot;
583 json_object_put(jobj_segs_hot);
587 static json_object *reencrypt_make_hot_segments_backward(struct crypt_device *cd,
588 struct luks2_hdr *hdr,
589 struct luks2_reencrypt *rh,
590 uint64_t device_size,
591 uint64_t data_offset)
593 json_object *jobj_reenc_seg, *jobj_new_seg, *jobj_old_seg = NULL,
594 *jobj_segs_hot = json_object_new_object();
596 uint64_t fixed_length, tmp = rh->offset + rh->length;
602 if (json_object_copy(LUKS2_get_segment_jobj(hdr, 0), &jobj_old_seg))
604 json_object_object_add(jobj_old_seg, "size", crypt_jobj_new_uint64(rh->offset));
606 json_object_object_add_by_uint(jobj_segs_hot, sg++, jobj_old_seg);
609 jobj_reenc_seg = reencrypt_make_segment_reencrypt(cd, hdr, rh, data_offset, rh->offset, rh->offset, &rh->length);
613 json_object_object_add_by_uint(jobj_segs_hot, sg++, jobj_reenc_seg);
615 if (tmp < device_size) {
616 fixed_length = device_size - tmp;
617 jobj_new_seg = reencrypt_make_segment_new(cd, hdr, rh, data_offset, rh->offset + rh->length, rh->offset + rh->length, rh->fixed_length ? &fixed_length : NULL);
620 json_object_object_add_by_uint(jobj_segs_hot, sg, jobj_new_seg);
623 return jobj_segs_hot;
625 json_object_put(jobj_segs_hot);
629 static int reencrypt_make_hot_segments(struct crypt_device *cd,
630 struct luks2_hdr *hdr,
631 struct luks2_reencrypt *rh,
632 uint64_t device_size,
633 uint64_t data_offset)
635 rh->jobj_segs_hot = NULL;
637 if (rh->mode == CRYPT_REENCRYPT_ENCRYPT && rh->direction == CRYPT_REENCRYPT_BACKWARD &&
638 rh->data_shift && rh->jobj_segment_moved) {
639 log_dbg(cd, "Calculating hot segments for encryption with data move.");
640 rh->jobj_segs_hot = reencrypt_make_hot_segments_encrypt_shift(cd, hdr, rh, data_offset);
641 } else if (rh->direction == CRYPT_REENCRYPT_FORWARD) {
642 log_dbg(cd, "Calculating hot segments (forward direction).");
643 rh->jobj_segs_hot = reencrypt_make_hot_segments_forward(cd, hdr, rh, device_size, data_offset);
644 } else if (rh->direction == CRYPT_REENCRYPT_BACKWARD) {
645 log_dbg(cd, "Calculating hot segments (backward direction).");
646 rh->jobj_segs_hot = reencrypt_make_hot_segments_backward(cd, hdr, rh, device_size, data_offset);
649 return rh->jobj_segs_hot ? 0 : -EINVAL;
652 static int reencrypt_make_post_segments(struct crypt_device *cd,
653 struct luks2_hdr *hdr,
654 struct luks2_reencrypt *rh,
655 uint64_t data_offset)
657 rh->jobj_segs_post = NULL;
659 if (rh->mode == CRYPT_REENCRYPT_ENCRYPT && rh->direction == CRYPT_REENCRYPT_BACKWARD &&
660 rh->data_shift && rh->jobj_segment_moved) {
661 log_dbg(cd, "Calculating post segments for encryption with data move.");
662 rh->jobj_segs_post = _enc_create_segments_shift_after(cd, hdr, rh, data_offset);
663 } else if (rh->direction == CRYPT_REENCRYPT_FORWARD) {
664 log_dbg(cd, "Calculating post segments (forward direction).");
665 rh->jobj_segs_post = reencrypt_make_post_segments_forward(cd, hdr, rh, data_offset);
666 } else if (rh->direction == CRYPT_REENCRYPT_BACKWARD) {
667 log_dbg(cd, "Calculating segments (backward direction).");
668 rh->jobj_segs_post = reencrypt_make_post_segments_backward(cd, hdr, rh, data_offset);
671 return rh->jobj_segs_post ? 0 : -EINVAL;
674 static uint64_t reencrypt_data_shift(struct luks2_hdr *hdr)
676 json_object *jobj_keyslot, *jobj_area, *jobj_data_shift;
677 int ks = LUKS2_find_keyslot(hdr, "reencrypt");
682 jobj_keyslot = LUKS2_get_keyslot_jobj(hdr, ks);
684 json_object_object_get_ex(jobj_keyslot, "area", &jobj_area);
685 if (!json_object_object_get_ex(jobj_area, "shift_size", &jobj_data_shift))
688 return crypt_jobj_get_uint64(jobj_data_shift);
691 static crypt_reencrypt_mode_info reencrypt_mode(struct luks2_hdr *hdr)
694 crypt_reencrypt_mode_info mi = CRYPT_REENCRYPT_REENCRYPT;
695 json_object *jobj_keyslot, *jobj_mode;
697 jobj_keyslot = LUKS2_get_keyslot_jobj(hdr, LUKS2_find_keyslot(hdr, "reencrypt"));
701 json_object_object_get_ex(jobj_keyslot, "mode", &jobj_mode);
702 mode = json_object_get_string(jobj_mode);
704 /* validation enforces allowed values */
705 if (!strcmp(mode, "encrypt"))
706 mi = CRYPT_REENCRYPT_ENCRYPT;
707 else if (!strcmp(mode, "decrypt"))
708 mi = CRYPT_REENCRYPT_DECRYPT;
713 static crypt_reencrypt_direction_info reencrypt_direction(struct luks2_hdr *hdr)
716 json_object *jobj_keyslot, *jobj_mode;
717 crypt_reencrypt_direction_info di = CRYPT_REENCRYPT_FORWARD;
719 jobj_keyslot = LUKS2_get_keyslot_jobj(hdr, LUKS2_find_keyslot(hdr, "reencrypt"));
723 json_object_object_get_ex(jobj_keyslot, "direction", &jobj_mode);
724 value = json_object_get_string(jobj_mode);
726 /* validation enforces allowed values */
727 if (strcmp(value, "forward"))
728 di = CRYPT_REENCRYPT_BACKWARD;
733 typedef enum { REENC_OK = 0, REENC_ERR, REENC_ROLLBACK, REENC_FATAL } reenc_status_t;
735 void LUKS2_reencrypt_free(struct crypt_device *cd, struct luks2_reencrypt *rh)
740 if (rh->rp.type == REENC_PROTECTION_CHECKSUM) {
741 if (rh->rp.p.csum.ch) {
742 crypt_hash_destroy(rh->rp.p.csum.ch);
743 rh->rp.p.csum.ch = NULL;
745 if (rh->rp.p.csum.checksums) {
746 memset(rh->rp.p.csum.checksums, 0, rh->rp.p.csum.checksums_len);
747 free(rh->rp.p.csum.checksums);
748 rh->rp.p.csum.checksums = NULL;
752 json_object_put(rh->jobj_segs_hot);
753 rh->jobj_segs_hot = NULL;
754 json_object_put(rh->jobj_segs_post);
755 rh->jobj_segs_post = NULL;
756 json_object_put(rh->jobj_segment_old);
757 rh->jobj_segment_old = NULL;
758 json_object_put(rh->jobj_segment_new);
759 rh->jobj_segment_new = NULL;
760 json_object_put(rh->jobj_segment_moved);
761 rh->jobj_segment_moved = NULL;
763 free(rh->reenc_buffer);
764 rh->reenc_buffer = NULL;
765 crypt_storage_wrapper_destroy(rh->cw1);
767 crypt_storage_wrapper_destroy(rh->cw2);
770 free(rh->device_name);
771 free(rh->overlay_name);
772 free(rh->hotzone_name);
773 crypt_drop_keyring_key(cd, rh->vks);
774 crypt_free_volume_key(rh->vks);
775 device_release_excl(cd, crypt_data_device(cd));
776 crypt_unlock_internal(cd, rh->reenc_lock);
779 #if USE_LUKS2_REENCRYPTION
780 static size_t reencrypt_get_alignment(struct crypt_device *cd,
781 struct luks2_hdr *hdr)
784 size_t alignment = device_block_size(cd, crypt_data_device(cd));
786 ss = reencrypt_get_sector_size_old(hdr);
787 if (ss > 0 && (size_t)ss > alignment)
789 ss = reencrypt_get_sector_size_new(hdr);
790 if (ss > 0 && (size_t)ss > alignment)
791 alignment = (size_t)ss;
796 /* returns void because it must not fail on valid LUKS2 header */
797 static void _load_backup_segments(struct luks2_hdr *hdr,
798 struct luks2_reencrypt *rh)
800 int segment = LUKS2_get_segment_id_by_flag(hdr, "backup-final");
803 rh->jobj_segment_new = json_object_get(LUKS2_get_segment_jobj(hdr, segment));
804 rh->digest_new = LUKS2_digest_by_segment(hdr, segment);
806 rh->jobj_segment_new = NULL;
807 rh->digest_new = -ENOENT;
810 segment = LUKS2_get_segment_id_by_flag(hdr, "backup-previous");
812 rh->jobj_segment_old = json_object_get(LUKS2_get_segment_jobj(hdr, segment));
813 rh->digest_old = LUKS2_digest_by_segment(hdr, segment);
815 rh->jobj_segment_old = NULL;
816 rh->digest_old = -ENOENT;
819 segment = LUKS2_get_segment_id_by_flag(hdr, "backup-moved-segment");
821 rh->jobj_segment_moved = json_object_get(LUKS2_get_segment_jobj(hdr, segment));
823 rh->jobj_segment_moved = NULL;
826 static int reencrypt_offset_backward_moved(struct luks2_hdr *hdr, json_object *jobj_segments, uint64_t *reencrypt_length, uint64_t data_shift, uint64_t *offset)
828 uint64_t tmp, linear_length = 0;
829 int sg, segs = json_segments_count(jobj_segments);
831 /* find reencrypt offset with data shift */
832 for (sg = 0; sg < segs; sg++)
833 if (LUKS2_segment_is_type(hdr, sg, "linear"))
834 linear_length += LUKS2_segment_size(hdr, sg, 0);
836 /* all active linear segments length */
838 if (linear_length < data_shift)
840 tmp = linear_length - data_shift;
841 if (tmp && tmp < data_shift) {
842 *offset = data_shift;
843 *reencrypt_length = tmp;
854 /* should be unreachable */
859 static int _offset_forward(struct luks2_hdr *hdr, json_object *jobj_segments, uint64_t *offset)
861 int segs = json_segments_count(jobj_segments);
865 else if (segs == 2) {
866 *offset = json_segment_get_size(json_segments_get_segment(jobj_segments, 0), 0);
875 static int _offset_backward(struct luks2_hdr *hdr, json_object *jobj_segments, uint64_t device_size, uint64_t *length, uint64_t *offset)
877 int segs = json_segments_count(jobj_segments);
881 if (device_size < *length)
882 *length = device_size;
883 *offset = device_size - *length;
884 } else if (segs == 2) {
885 tmp = json_segment_get_size(json_segments_get_segment(jobj_segments, 0), 0);
888 *offset = tmp - *length;
895 /* must be always relative to data offset */
896 /* the LUKS2 header MUST be valid */
897 static int reencrypt_offset(struct luks2_hdr *hdr,
898 crypt_reencrypt_direction_info di,
899 uint64_t device_size,
900 uint64_t *reencrypt_length,
904 json_object *jobj_segments;
905 uint64_t data_shift = reencrypt_data_shift(hdr);
910 /* if there's segment in reencryption return directly offset of it */
911 json_object_object_get_ex(hdr->jobj, "segments", &jobj_segments);
912 sg = json_segments_segment_in_reencrypt(jobj_segments);
914 *offset = LUKS2_segment_offset(hdr, sg, 0) - (reencrypt_get_data_offset_new(hdr));
918 if (di == CRYPT_REENCRYPT_FORWARD)
919 return _offset_forward(hdr, jobj_segments, offset);
920 else if (di == CRYPT_REENCRYPT_BACKWARD) {
921 if (reencrypt_mode(hdr) == CRYPT_REENCRYPT_ENCRYPT &&
922 LUKS2_get_segment_id_by_flag(hdr, "backup-moved-segment") >= 0)
923 return reencrypt_offset_backward_moved(hdr, jobj_segments, reencrypt_length, data_shift, offset);
924 return _offset_backward(hdr, jobj_segments, device_size, reencrypt_length, offset);
930 static uint64_t reencrypt_length(struct crypt_device *cd,
931 struct luks2_hdr *hdr,
932 struct luks2_reencrypt *rh,
933 uint64_t keyslot_area_length,
936 unsigned long dummy, optimal_alignment;
937 uint64_t length, soft_mem_limit;
939 if (rh->rp.type == REENC_PROTECTION_NONE)
940 length = length_max ?: LUKS2_DEFAULT_NONE_REENCRYPTION_LENGTH;
941 else if (rh->rp.type == REENC_PROTECTION_CHECKSUM)
942 length = (keyslot_area_length / rh->rp.p.csum.hash_size) * rh->alignment;
943 else if (rh->rp.type == REENC_PROTECTION_DATASHIFT)
944 return reencrypt_data_shift(hdr);
946 length = keyslot_area_length;
949 if (length > LUKS2_REENCRYPT_MAX_HOTZONE_LENGTH)
950 length = LUKS2_REENCRYPT_MAX_HOTZONE_LENGTH;
952 /* soft limit is 1/4 of system memory */
953 soft_mem_limit = crypt_getphysmemory_kb() << 8; /* multiply by (1024/4) */
955 if (soft_mem_limit && length > soft_mem_limit)
956 length = soft_mem_limit;
958 if (length_max && length > length_max)
961 length -= (length % rh->alignment);
963 /* Emits error later */
967 device_topology_alignment(cd, crypt_data_device(cd), &optimal_alignment, &dummy, length);
969 /* we have to stick with encryption sector size alignment */
970 if (optimal_alignment % rh->alignment)
973 /* align to opt-io size only if remaining size allows it */
974 if (length > optimal_alignment)
975 length -= (length % optimal_alignment);
980 static int reencrypt_context_init(struct crypt_device *cd, struct luks2_hdr *hdr, struct luks2_reencrypt *rh, uint64_t device_size, const struct crypt_params_reencrypt *params)
983 uint64_t dummy, area_length;
985 rh->reenc_keyslot = LUKS2_find_keyslot(hdr, "reencrypt");
986 if (rh->reenc_keyslot < 0)
988 if (LUKS2_keyslot_area(hdr, rh->reenc_keyslot, &dummy, &area_length) < 0)
991 rh->mode = reencrypt_mode(hdr);
993 rh->alignment = reencrypt_get_alignment(cd, hdr);
997 log_dbg(cd, "Hotzone size: %" PRIu64 ", device size: %" PRIu64 ", alignment: %zu.",
998 params->max_hotzone_size << SECTOR_SHIFT,
999 params->device_size << SECTOR_SHIFT, rh->alignment);
1001 if ((params->max_hotzone_size << SECTOR_SHIFT) % rh->alignment) {
1002 log_err(cd, _("Hotzone size must be multiple of calculated zone alignment (%zu bytes)."), rh->alignment);
1006 if ((params->device_size << SECTOR_SHIFT) % rh->alignment) {
1007 log_err(cd, _("Device size must be multiple of calculated zone alignment (%zu bytes)."), rh->alignment);
1011 rh->direction = reencrypt_direction(hdr);
1013 if (!strcmp(params->resilience, "datashift")) {
1014 log_dbg(cd, "Initializing reencryption context with data_shift resilience.");
1015 rh->rp.type = REENC_PROTECTION_DATASHIFT;
1016 rh->data_shift = reencrypt_data_shift(hdr);
1017 } else if (!strcmp(params->resilience, "journal")) {
1018 log_dbg(cd, "Initializing reencryption context with journal resilience.");
1019 rh->rp.type = REENC_PROTECTION_JOURNAL;
1020 } else if (!strcmp(params->resilience, "checksum")) {
1021 log_dbg(cd, "Initializing reencryption context with checksum resilience.");
1022 rh->rp.type = REENC_PROTECTION_CHECKSUM;
1024 r = snprintf(rh->rp.p.csum.hash,
1025 sizeof(rh->rp.p.csum.hash), "%s", params->hash);
1026 if (r < 0 || (size_t)r >= sizeof(rh->rp.p.csum.hash)) {
1027 log_dbg(cd, "Invalid hash parameter");
1031 if (crypt_hash_init(&rh->rp.p.csum.ch, params->hash)) {
1032 log_dbg(cd, "Failed to initialize checksum resilience hash %s", params->hash);
1036 r = crypt_hash_size(params->hash);
1038 log_dbg(cd, "Invalid hash size");
1041 rh->rp.p.csum.hash_size = r;
1043 rh->rp.p.csum.checksums_len = area_length;
1044 if (posix_memalign(&rh->rp.p.csum.checksums, device_alignment(crypt_metadata_device(cd)),
1045 rh->rp.p.csum.checksums_len))
1047 } else if (!strcmp(params->resilience, "none")) {
1048 log_dbg(cd, "Initializing reencryption context with none resilience.");
1049 rh->rp.type = REENC_PROTECTION_NONE;
1051 log_err(cd, _("Unsupported resilience mode %s"), params->resilience);
1055 if (params->device_size) {
1056 log_dbg(cd, "Switching reencryption to fixed size mode.");
1057 device_size = params->device_size << SECTOR_SHIFT;
1058 rh->fixed_length = true;
1060 rh->fixed_length = false;
1062 rh->length = reencrypt_length(cd, hdr, rh, area_length, params->max_hotzone_size << SECTOR_SHIFT);
1064 log_dbg(cd, "Invalid reencryption length.");
1068 if (reencrypt_offset(hdr, rh->direction, device_size, &rh->length, &rh->offset)) {
1069 log_dbg(cd, "Failed to get reencryption offset.");
1073 if (rh->offset > device_size)
1075 if (rh->length > device_size - rh->offset)
1076 rh->length = device_size - rh->offset;
1078 log_dbg(cd, "reencrypt-direction: %s", rh->direction == CRYPT_REENCRYPT_FORWARD ? "forward" : "backward");
1080 _load_backup_segments(hdr, rh);
1082 if (rh->direction == CRYPT_REENCRYPT_BACKWARD)
1083 rh->progress = device_size - rh->offset - rh->length;
1085 rh->progress = rh->offset;
1087 log_dbg(cd, "backup-previous digest id: %d", rh->digest_old);
1088 log_dbg(cd, "backup-final digest id: %d", rh->digest_new);
1089 log_dbg(cd, "reencrypt length: %" PRIu64, rh->length);
1090 log_dbg(cd, "reencrypt offset: %" PRIu64, rh->offset);
1091 log_dbg(cd, "reencrypt shift: %s%" PRIu64, (rh->data_shift && rh->direction == CRYPT_REENCRYPT_BACKWARD ? "-" : ""), rh->data_shift);
1092 log_dbg(cd, "reencrypt alignment: %zu", rh->alignment);
1093 log_dbg(cd, "reencrypt progress: %" PRIu64, rh->progress);
1095 rh->device_size = device_size;
1097 return rh->length < 512 ? -EINVAL : 0;
1100 static size_t reencrypt_buffer_length(struct luks2_reencrypt *rh)
1103 return rh->data_shift;
1107 static int reencrypt_load_clean(struct crypt_device *cd,
1108 struct luks2_hdr *hdr,
1109 uint64_t device_size,
1110 struct luks2_reencrypt **rh,
1111 const struct crypt_params_reencrypt *params)
1114 const struct crypt_params_reencrypt hdr_reenc_params = {
1115 .resilience = reencrypt_resilience_type(hdr),
1116 .hash = reencrypt_resilience_hash(hdr),
1117 .device_size = params ? params->device_size : 0
1119 struct luks2_reencrypt *tmp = crypt_zalloc(sizeof (*tmp));
1125 if (!hdr_reenc_params.resilience)
1128 /* skip context update if data shift is detected in header */
1129 if (!strcmp(hdr_reenc_params.resilience, "datashift"))
1132 log_dbg(cd, "Initializing reencryption context (%s).", params ? "update" : "load");
1134 if (!params || !params->resilience)
1135 params = &hdr_reenc_params;
1137 r = reencrypt_context_init(cd, hdr, tmp, device_size, params);
1141 if (posix_memalign(&tmp->reenc_buffer, device_alignment(crypt_data_device(cd)),
1142 reencrypt_buffer_length(tmp))) {
1151 LUKS2_reencrypt_free(cd, tmp);
1156 static int reencrypt_make_segments(struct crypt_device *cd,
1157 struct luks2_hdr *hdr,
1158 struct luks2_reencrypt *rh,
1159 uint64_t device_size)
1162 uint64_t data_offset = reencrypt_get_data_offset_new(hdr);
1164 log_dbg(cd, "Calculating segments.");
1166 r = reencrypt_make_hot_segments(cd, hdr, rh, device_size, data_offset);
1168 r = reencrypt_make_post_segments(cd, hdr, rh, data_offset);
1170 json_object_put(rh->jobj_segs_hot);
1174 log_dbg(cd, "Failed to make reencryption segments.");
1179 static int reencrypt_make_segments_crashed(struct crypt_device *cd,
1180 struct luks2_hdr *hdr,
1181 struct luks2_reencrypt *rh)
1184 uint64_t data_offset = crypt_get_data_offset(cd) << SECTOR_SHIFT;
1189 rh->jobj_segs_hot = json_object_new_object();
1190 if (!rh->jobj_segs_hot)
1193 json_object_object_foreach(LUKS2_get_segments_jobj(hdr), key, val) {
1194 if (json_segment_is_backup(val))
1196 json_object_object_add(rh->jobj_segs_hot, key, json_object_get(val));
1199 r = reencrypt_make_post_segments(cd, hdr, rh, data_offset);
1201 json_object_put(rh->jobj_segs_hot);
1202 rh->jobj_segs_hot = NULL;
1208 static int reencrypt_load_crashed(struct crypt_device *cd,
1209 struct luks2_hdr *hdr, uint64_t device_size, struct luks2_reencrypt **rh)
1212 uint64_t minimal_size;
1214 struct crypt_params_reencrypt params = {};
1216 if (LUKS2_get_data_size(hdr, &minimal_size, &dynamic))
1220 params.device_size = minimal_size >> SECTOR_SHIFT;
1222 r = reencrypt_load_clean(cd, hdr, device_size, rh, ¶ms);
1225 reenc_seg = json_segments_segment_in_reencrypt(LUKS2_get_segments_jobj(hdr));
1229 (*rh)->length = LUKS2_segment_size(hdr, reenc_seg, 0);
1232 if (!r && ((*rh)->rp.type == REENC_PROTECTION_CHECKSUM)) {
1233 /* we have to override calculated alignment with value stored in mda */
1234 (*rh)->alignment = reencrypt_alignment(hdr);
1235 if (!(*rh)->alignment) {
1236 log_dbg(cd, "Failed to get read resilience sector_size from metadata.");
1242 r = reencrypt_make_segments_crashed(cd, hdr, *rh);
1245 LUKS2_reencrypt_free(cd, *rh);
1251 static int reencrypt_init_storage_wrappers(struct crypt_device *cd,
1252 struct luks2_hdr *hdr,
1253 struct luks2_reencrypt *rh,
1254 struct volume_key *vks)
1257 struct volume_key *vk;
1258 uint32_t wrapper_flags = (getuid() || geteuid()) ? 0 : DISABLE_KCAPI;
1260 vk = crypt_volume_key_by_id(vks, rh->digest_old);
1261 r = crypt_storage_wrapper_init(cd, &rh->cw1, crypt_data_device(cd),
1262 reencrypt_get_data_offset_old(hdr),
1263 crypt_get_iv_offset(cd),
1264 reencrypt_get_sector_size_old(hdr),
1265 reencrypt_segment_cipher_old(hdr),
1266 vk, wrapper_flags | OPEN_READONLY);
1268 log_err(cd, _("Failed to initialize old segment storage wrapper."));
1271 rh->wflags1 = wrapper_flags | OPEN_READONLY;
1272 log_dbg(cd, "Old cipher storage wrapper type: %d.", crypt_storage_wrapper_get_type(rh->cw1));
1274 vk = crypt_volume_key_by_id(vks, rh->digest_new);
1275 r = crypt_storage_wrapper_init(cd, &rh->cw2, crypt_data_device(cd),
1276 reencrypt_get_data_offset_new(hdr),
1277 crypt_get_iv_offset(cd),
1278 reencrypt_get_sector_size_new(hdr),
1279 reencrypt_segment_cipher_new(hdr),
1282 log_err(cd, _("Failed to initialize new segment storage wrapper."));
1285 rh->wflags2 = wrapper_flags;
1286 log_dbg(cd, "New cipher storage wrapper type: %d", crypt_storage_wrapper_get_type(rh->cw2));
1291 static int reencrypt_context_set_names(struct luks2_reencrypt *rh, const char *name)
1297 if (!(rh->device_name = dm_device_name(name)))
1299 } else if (!(rh->device_name = strdup(name)))
1302 if (asprintf(&rh->hotzone_name, "%s-hotzone-%s", rh->device_name,
1303 rh->direction == CRYPT_REENCRYPT_FORWARD ? "forward" : "backward") < 0) {
1304 rh->hotzone_name = NULL;
1307 if (asprintf(&rh->overlay_name, "%s-overlay", rh->device_name) < 0) {
1308 rh->overlay_name = NULL;
1316 static int modify_offset(uint64_t *offset, uint64_t data_shift, crypt_reencrypt_direction_info di)
1323 if (di == CRYPT_REENCRYPT_FORWARD) {
1324 if (*offset >= data_shift) {
1325 *offset -= data_shift;
1328 } else if (di == CRYPT_REENCRYPT_BACKWARD) {
1329 *offset += data_shift;
1336 static int reencrypt_update_flag(struct crypt_device *cd, int enable, bool commit)
1339 struct luks2_hdr *hdr = crypt_get_hdr(cd, CRYPT_LUKS2);
1341 if (LUKS2_config_get_requirements(cd, hdr, &reqs))
1345 if (enable && (reqs & CRYPT_REQUIREMENT_ONLINE_REENCRYPT))
1349 if (!enable && !(reqs & CRYPT_REQUIREMENT_ONLINE_REENCRYPT))
1353 reqs |= CRYPT_REQUIREMENT_ONLINE_REENCRYPT;
1355 reqs &= ~CRYPT_REQUIREMENT_ONLINE_REENCRYPT;
1357 log_dbg(cd, "Going to %s reencryption requirement flag.", enable ? "store" : "wipe");
1359 return LUKS2_config_set_requirements(cd, hdr, reqs, commit);
1362 static int reencrypt_recover_segment(struct crypt_device *cd,
1363 struct luks2_hdr *hdr,
1364 struct luks2_reencrypt *rh,
1365 struct volume_key *vks)
1367 struct volume_key *vk_old, *vk_new;
1370 unsigned resilience;
1371 uint64_t area_offset, area_length, area_length_read, crash_iv_offset,
1372 data_offset = crypt_get_data_offset(cd) << SECTOR_SHIFT;
1373 int devfd, r, new_sector_size, old_sector_size, rseg = json_segments_segment_in_reencrypt(rh->jobj_segs_hot);
1374 char *checksum_tmp = NULL, *data_buffer = NULL;
1375 struct crypt_storage_wrapper *cw1 = NULL, *cw2 = NULL;
1377 resilience = rh->rp.type;
1379 if (rseg < 0 || rh->length < 512)
1382 vk_new = crypt_volume_key_by_id(vks, rh->digest_new);
1383 if (!vk_new && rh->mode != CRYPT_REENCRYPT_DECRYPT)
1385 vk_old = crypt_volume_key_by_id(vks, rh->digest_old);
1386 if (!vk_old && rh->mode != CRYPT_REENCRYPT_ENCRYPT)
1388 old_sector_size = json_segment_get_sector_size(reencrypt_segment_old(hdr));
1389 new_sector_size = json_segment_get_sector_size(reencrypt_segment_new(hdr));
1390 if (rh->mode == CRYPT_REENCRYPT_DECRYPT)
1391 crash_iv_offset = rh->offset >> SECTOR_SHIFT; /* TODO: + old iv_tweak */
1393 crash_iv_offset = json_segment_get_iv_offset(json_segments_get_segment(rh->jobj_segs_hot, rseg));
1395 log_dbg(cd, "crash_offset: %" PRIu64 ", crash_length: %" PRIu64 ", crash_iv_offset: %" PRIu64, data_offset + rh->offset, rh->length, crash_iv_offset);
1397 r = crypt_storage_wrapper_init(cd, &cw2, crypt_data_device(cd),
1398 data_offset + rh->offset, crash_iv_offset, new_sector_size,
1399 reencrypt_segment_cipher_new(hdr), vk_new, 0);
1401 log_err(cd, _("Failed to initialize new segment storage wrapper."));
1405 if (LUKS2_keyslot_area(hdr, rh->reenc_keyslot, &area_offset, &area_length)) {
1410 if (posix_memalign((void**)&data_buffer, device_alignment(crypt_data_device(cd)), rh->length)) {
1415 switch (resilience) {
1416 case REENC_PROTECTION_CHECKSUM:
1417 log_dbg(cd, "Checksums based recovery.");
1419 r = crypt_storage_wrapper_init(cd, &cw1, crypt_data_device(cd),
1420 data_offset + rh->offset, crash_iv_offset, old_sector_size,
1421 reencrypt_segment_cipher_old(hdr), vk_old, 0);
1423 log_err(cd, _("Failed to initialize old segment storage wrapper."));
1427 count = rh->length / rh->alignment;
1428 area_length_read = count * rh->rp.p.csum.hash_size;
1429 if (area_length_read > area_length) {
1430 log_dbg(cd, "Internal error in calculated area_length.");
1435 checksum_tmp = malloc(rh->rp.p.csum.hash_size);
1436 if (!checksum_tmp) {
1441 /* TODO: lock for read */
1442 devfd = device_open(cd, crypt_metadata_device(cd), O_RDONLY);
1446 /* read old data checksums */
1447 read = read_lseek_blockwise(devfd, device_block_size(cd, crypt_metadata_device(cd)),
1448 device_alignment(crypt_metadata_device(cd)), rh->rp.p.csum.checksums, area_length_read, area_offset);
1449 if (read < 0 || (size_t)read != area_length_read) {
1450 log_err(cd, _("Failed to read checksums for current hotzone."));
1455 read = crypt_storage_wrapper_read(cw2, 0, data_buffer, rh->length);
1456 if (read < 0 || (size_t)read != rh->length) {
1457 log_err(cd, _("Failed to read hotzone area starting at %" PRIu64 "."), rh->offset + data_offset);
1462 for (s = 0; s < count; s++) {
1463 if (crypt_hash_write(rh->rp.p.csum.ch, data_buffer + (s * rh->alignment), rh->alignment)) {
1464 log_dbg(cd, "Failed to write hash.");
1468 if (crypt_hash_final(rh->rp.p.csum.ch, checksum_tmp, rh->rp.p.csum.hash_size)) {
1469 log_dbg(cd, "Failed to finalize hash.");
1473 if (!memcmp(checksum_tmp, (char *)rh->rp.p.csum.checksums + (s * rh->rp.p.csum.hash_size), rh->rp.p.csum.hash_size)) {
1474 log_dbg(cd, "Sector %zu (size %zu, offset %zu) needs recovery", s, rh->alignment, s * rh->alignment);
1475 if (crypt_storage_wrapper_decrypt(cw1, s * rh->alignment, data_buffer + (s * rh->alignment), rh->alignment)) {
1476 log_err(cd, _("Failed to decrypt sector %zu."), s);
1480 w = crypt_storage_wrapper_encrypt_write(cw2, s * rh->alignment, data_buffer + (s * rh->alignment), rh->alignment);
1481 if (w < 0 || (size_t)w != rh->alignment) {
1482 log_err(cd, _("Failed to recover sector %zu."), s);
1491 case REENC_PROTECTION_JOURNAL:
1492 log_dbg(cd, "Journal based recovery.");
1494 /* FIXME: validation candidate */
1495 if (rh->length > area_length) {
1497 log_dbg(cd, "Invalid journal size.");
1502 r = crypt_storage_wrapper_init(cd, &cw1, crypt_metadata_device(cd),
1503 area_offset, crash_iv_offset, old_sector_size,
1504 reencrypt_segment_cipher_old(hdr), vk_old, 0);
1506 log_err(cd, _("Failed to initialize old segment storage wrapper."));
1509 read = crypt_storage_wrapper_read_decrypt(cw1, 0, data_buffer, rh->length);
1510 if (read < 0 || (size_t)read != rh->length) {
1511 log_dbg(cd, "Failed to read journaled data.");
1513 /* may content plaintext */
1514 crypt_safe_memzero(data_buffer, rh->length);
1517 read = crypt_storage_wrapper_encrypt_write(cw2, 0, data_buffer, rh->length);
1518 /* may content plaintext */
1519 crypt_safe_memzero(data_buffer, rh->length);
1520 if (read < 0 || (size_t)read != rh->length) {
1521 log_dbg(cd, "recovery write failed.");
1528 case REENC_PROTECTION_DATASHIFT:
1529 log_dbg(cd, "Data shift based recovery.");
1532 r = crypt_storage_wrapper_init(cd, &cw1, crypt_data_device(cd),
1533 json_segment_get_offset(rh->jobj_segment_moved, 0), 0, 0,
1534 reencrypt_segment_cipher_old(hdr), NULL, 0);
1536 r = crypt_storage_wrapper_init(cd, &cw1, crypt_data_device(cd),
1537 data_offset + rh->offset - rh->data_shift, 0, 0,
1538 reencrypt_segment_cipher_old(hdr), NULL, 0);
1540 log_err(cd, _("Failed to initialize old segment storage wrapper."));
1544 read = crypt_storage_wrapper_read_decrypt(cw1, 0, data_buffer, rh->length);
1545 if (read < 0 || (size_t)read != rh->length) {
1546 log_dbg(cd, "Failed to read data.");
1548 /* may content plaintext */
1549 crypt_safe_memzero(data_buffer, rh->length);
1553 read = crypt_storage_wrapper_encrypt_write(cw2, 0, data_buffer, rh->length);
1554 /* may content plaintext */
1555 crypt_safe_memzero(data_buffer, rh->length);
1556 if (read < 0 || (size_t)read != rh->length) {
1557 log_dbg(cd, "recovery write failed.");
1568 rh->read = rh->length;
1572 crypt_storage_wrapper_destroy(cw1);
1573 crypt_storage_wrapper_destroy(cw2);
1578 static int reencrypt_add_moved_segment(struct crypt_device *cd,
1579 struct luks2_hdr *hdr,
1580 struct luks2_reencrypt *rh)
1582 int s = LUKS2_segment_first_unused_id(hdr);
1584 if (!rh->jobj_segment_moved)
1590 if (json_object_object_add_by_uint(LUKS2_get_segments_jobj(hdr), s, json_object_get(rh->jobj_segment_moved))) {
1591 json_object_put(rh->jobj_segment_moved);
1598 static int reencrypt_add_backup_segment(struct crypt_device *cd,
1599 struct luks2_hdr *hdr,
1600 struct luks2_reencrypt *rh,
1603 int digest, s = LUKS2_segment_first_unused_id(hdr);
1609 digest = final ? rh->digest_new : rh->digest_old;
1610 jobj = final ? rh->jobj_segment_new : rh->jobj_segment_old;
1612 if (json_object_object_add_by_uint(LUKS2_get_segments_jobj(hdr), s, json_object_get(jobj))) {
1613 json_object_put(jobj);
1617 if (strcmp(json_segment_type(jobj), "crypt"))
1620 return LUKS2_digest_segment_assign(cd, hdr, s, digest, 1, 0);
1623 static int reencrypt_assign_segments_simple(struct crypt_device *cd,
1624 struct luks2_hdr *hdr,
1625 struct luks2_reencrypt *rh,
1631 if (hot && json_segments_count(rh->jobj_segs_hot) > 0) {
1632 log_dbg(cd, "Setting 'hot' segments.");
1634 r = LUKS2_segments_set(cd, hdr, rh->jobj_segs_hot, 0);
1636 rh->jobj_segs_hot = NULL;
1637 } else if (!hot && json_segments_count(rh->jobj_segs_post) > 0) {
1638 log_dbg(cd, "Setting 'post' segments.");
1639 r = LUKS2_segments_set(cd, hdr, rh->jobj_segs_post, 0);
1641 rh->jobj_segs_post = NULL;
1643 log_dbg(cd, "No segments to set.");
1648 log_dbg(cd, "Failed to assign new enc segments.");
1652 r = reencrypt_add_backup_segment(cd, hdr, rh, 0);
1654 log_dbg(cd, "Failed to assign reencryption previous backup segment.");
1658 r = reencrypt_add_backup_segment(cd, hdr, rh, 1);
1660 log_dbg(cd, "Failed to assign reencryption final backup segment.");
1664 r = reencrypt_add_moved_segment(cd, hdr, rh);
1666 log_dbg(cd, "Failed to assign reencryption moved backup segment.");
1670 for (sg = 0; sg < LUKS2_segments_count(hdr); sg++) {
1671 if (LUKS2_segment_is_type(hdr, sg, "crypt") &&
1672 LUKS2_digest_segment_assign(cd, hdr, sg, rh->mode == CRYPT_REENCRYPT_ENCRYPT ? rh->digest_new : rh->digest_old, 1, 0)) {
1673 log_dbg(cd, "Failed to assign digest %u to segment %u.", rh->digest_new, sg);
1678 return commit ? LUKS2_hdr_write(cd, hdr) : 0;
1681 static int reencrypt_assign_segments(struct crypt_device *cd,
1682 struct luks2_hdr *hdr,
1683 struct luks2_reencrypt *rh,
1688 int rseg, scount, r = -EINVAL;
1690 /* FIXME: validate in reencrypt context load */
1691 if (rh->digest_new < 0 && rh->mode != CRYPT_REENCRYPT_DECRYPT)
1694 if (LUKS2_digest_segment_assign(cd, hdr, CRYPT_ANY_SEGMENT, CRYPT_ANY_DIGEST, 0, 0))
1697 if (rh->mode == CRYPT_REENCRYPT_ENCRYPT || rh->mode == CRYPT_REENCRYPT_DECRYPT)
1698 return reencrypt_assign_segments_simple(cd, hdr, rh, hot, commit);
1700 if (hot && rh->jobj_segs_hot) {
1701 log_dbg(cd, "Setting 'hot' segments.");
1703 r = LUKS2_segments_set(cd, hdr, rh->jobj_segs_hot, 0);
1705 rh->jobj_segs_hot = NULL;
1706 } else if (!hot && rh->jobj_segs_post) {
1707 log_dbg(cd, "Setting 'post' segments.");
1708 r = LUKS2_segments_set(cd, hdr, rh->jobj_segs_post, 0);
1710 rh->jobj_segs_post = NULL;
1716 scount = LUKS2_segments_count(hdr);
1718 /* segment in reencryption has to hold reference on both digests */
1719 rseg = json_segments_segment_in_reencrypt(LUKS2_get_segments_jobj(hdr));
1720 if (rseg < 0 && hot)
1724 LUKS2_digest_segment_assign(cd, hdr, rseg, rh->digest_new, 1, 0);
1725 LUKS2_digest_segment_assign(cd, hdr, rseg, rh->digest_old, 1, 0);
1728 forward = (rh->direction == CRYPT_REENCRYPT_FORWARD);
1731 LUKS2_digest_segment_assign(cd, hdr, 0, forward ? rh->digest_new : rh->digest_old, 1, 0);
1732 if (scount > rseg + 1)
1733 LUKS2_digest_segment_assign(cd, hdr, rseg + 1, forward ? rh->digest_old : rh->digest_new, 1, 0);
1735 LUKS2_digest_segment_assign(cd, hdr, 0, forward || scount == 1 ? rh->digest_new : rh->digest_old, 1, 0);
1737 LUKS2_digest_segment_assign(cd, hdr, 1, forward ? rh->digest_old : rh->digest_new, 1, 0);
1740 r = reencrypt_add_backup_segment(cd, hdr, rh, 0);
1742 log_dbg(cd, "Failed to assign hot reencryption backup segment.");
1745 r = reencrypt_add_backup_segment(cd, hdr, rh, 1);
1747 log_dbg(cd, "Failed to assign post reencryption backup segment.");
1751 return commit ? LUKS2_hdr_write(cd, hdr) : 0;
1754 static int reencrypt_set_encrypt_segments(struct crypt_device *cd, struct luks2_hdr *hdr, uint64_t dev_size, uint64_t data_shift, bool move_first_segment, crypt_reencrypt_direction_info di)
1757 uint64_t first_segment_offset, first_segment_length,
1758 second_segment_offset, second_segment_length,
1759 data_offset = LUKS2_get_data_offset(hdr) << SECTOR_SHIFT;
1760 json_object *jobj_segment_first = NULL, *jobj_segment_second = NULL, *jobj_segments;
1762 if (dev_size < data_shift)
1765 if (data_shift && (di == CRYPT_REENCRYPT_FORWARD))
1768 if (move_first_segment) {
1770 * future data_device layout:
1771 * [future LUKS2 header (data shift size)][second data segment][gap (data shift size)][first data segment (data shift size)]
1773 first_segment_offset = dev_size;
1774 first_segment_length = data_shift;
1775 second_segment_offset = data_shift;
1776 second_segment_length = dev_size - 2 * data_shift;
1777 } else if (data_shift) {
1778 first_segment_offset = data_offset;
1779 first_segment_length = dev_size;
1781 /* future data_device layout with detached header: [first data segment] */
1782 first_segment_offset = data_offset;
1783 first_segment_length = 0; /* dynamic */
1786 jobj_segments = json_object_new_object();
1791 if (move_first_segment) {
1792 jobj_segment_first = json_segment_create_linear(first_segment_offset, &first_segment_length, 0);
1793 if (second_segment_length &&
1794 !(jobj_segment_second = json_segment_create_linear(second_segment_offset, &second_segment_length, 0))) {
1795 log_dbg(cd, "Failed generate 2nd segment.");
1799 jobj_segment_first = json_segment_create_linear(first_segment_offset, first_segment_length ? &first_segment_length : NULL, 0);
1801 if (!jobj_segment_first) {
1802 log_dbg(cd, "Failed generate 1st segment.");
1806 json_object_object_add(jobj_segments, "0", jobj_segment_first);
1807 if (jobj_segment_second)
1808 json_object_object_add(jobj_segments, "1", jobj_segment_second);
1810 r = LUKS2_digest_segment_assign(cd, hdr, CRYPT_ANY_SEGMENT, CRYPT_ANY_DIGEST, 0, 0);
1813 r = LUKS2_segments_set(cd, hdr, jobj_segments, 0);
1818 static int reencrypt_make_targets(struct crypt_device *cd,
1819 struct luks2_hdr *hdr,
1820 struct device *hz_device,
1821 struct volume_key *vks,
1822 struct dm_target *result,
1826 struct volume_key *vk;
1827 uint64_t segment_size, segment_offset, segment_start = 0;
1830 json_object *jobj, *jobj_segments = LUKS2_get_segments_jobj(hdr);
1833 jobj = json_segments_get_segment(jobj_segments, s);
1835 log_dbg(cd, "Internal error. Segment %u is null.", s);
1840 reenc_seg = (s == json_segments_segment_in_reencrypt(jobj_segments));
1842 segment_offset = json_segment_get_offset(jobj, 1);
1843 segment_size = json_segment_get_size(jobj, 1);
1844 /* 'dynamic' length allowed in last segment only */
1845 if (!segment_size && !result->next)
1846 segment_size = (size >> SECTOR_SHIFT) - segment_start;
1847 if (!segment_size) {
1848 log_dbg(cd, "Internal error. Wrong segment size %u", s);
1853 if (!strcmp(json_segment_type(jobj), "crypt")) {
1854 vk = crypt_volume_key_by_id(vks, reenc_seg ? LUKS2_reencrypt_digest_new(hdr) : LUKS2_digest_by_segment(hdr, s));
1856 log_err(cd, _("Missing key for dm-crypt segment %u"), s);
1862 segment_offset -= crypt_get_data_offset(cd);
1864 r = dm_crypt_target_set(result, segment_start, segment_size,
1865 reenc_seg ? hz_device : crypt_data_device(cd),
1867 json_segment_get_cipher(jobj),
1868 json_segment_get_iv_offset(jobj),
1872 json_segment_get_sector_size(jobj));
1874 log_err(cd, _("Failed to set dm-crypt segment."));
1877 } else if (!strcmp(json_segment_type(jobj), "linear")) {
1878 r = dm_linear_target_set(result, segment_start, segment_size, reenc_seg ? hz_device : crypt_data_device(cd), segment_offset);
1880 log_err(cd, _("Failed to set dm-linear segment."));
1888 segment_start += segment_size;
1890 result = result->next;
1898 /* GLOBAL FIXME: audit function names and parameters names */
1901 * 1) audit log routines
1902 * 2) can't we derive hotzone device name from crypt context? (unlocked name, device uuid, etc?)
1904 static int reencrypt_load_overlay_device(struct crypt_device *cd, struct luks2_hdr *hdr,
1905 const char *overlay, const char *hotzone, struct volume_key *vks, uint64_t size,
1908 char hz_path[PATH_MAX];
1911 struct device *hz_dev = NULL;
1912 struct crypt_dm_active_device dmd = {
1916 log_dbg(cd, "Loading new table for overlay device %s.", overlay);
1918 r = snprintf(hz_path, PATH_MAX, "%s/%s", dm_get_dir(), hotzone);
1919 if (r < 0 || r >= PATH_MAX) {
1924 r = device_alloc(cd, &hz_dev, hz_path);
1928 r = dm_targets_allocate(&dmd.segment, LUKS2_segments_count(hdr));
1932 r = reencrypt_make_targets(cd, hdr, hz_dev, vks, &dmd.segment, size);
1936 r = dm_reload_device(cd, overlay, &dmd, 0, 0);
1938 /* what else on error here ? */
1940 dm_targets_free(cd, &dmd);
1941 device_free(cd, hz_dev);
1946 static int reencrypt_replace_device(struct crypt_device *cd, const char *target, const char *source, uint32_t flags)
1949 struct crypt_dm_active_device dmd_source, dmd_target = {};
1950 uint32_t dmflags = DM_SUSPEND_SKIP_LOCKFS | DM_SUSPEND_NOFLUSH;
1952 log_dbg(cd, "Replacing table in device %s with table from device %s.", target, source);
1954 /* check only whether target device exists */
1955 r = dm_status_device(cd, target);
1963 r = dm_query_device(cd, source, DM_ACTIVE_DEVICE | DM_ACTIVE_CRYPT_CIPHER |
1964 DM_ACTIVE_CRYPT_KEYSIZE | DM_ACTIVE_CRYPT_KEY, &dmd_source);
1969 if (exists && ((r = dm_query_device(cd, target, 0, &dmd_target)) < 0))
1972 dmd_source.flags |= flags;
1973 dmd_source.uuid = crypt_get_uuid(cd);
1976 if (dmd_target.size != dmd_source.size) {
1977 log_err(cd, _("Source and target device sizes don't match. Source %" PRIu64 ", target: %" PRIu64 "."),
1978 dmd_source.size, dmd_target.size);
1982 r = dm_reload_device(cd, target, &dmd_source, 0, 0);
1984 log_dbg(cd, "Resuming device %s", target);
1985 r = dm_resume_device(cd, target, dmflags | act2dmflags(dmd_source.flags));
1988 r = dm_create_device(cd, target, CRYPT_SUBDEV, &dmd_source);
1990 dm_targets_free(cd, &dmd_source);
1991 dm_targets_free(cd, &dmd_target);
1996 static int reencrypt_swap_backing_device(struct crypt_device *cd, const char *name,
1997 const char *new_backend_name)
2000 struct device *overlay_dev = NULL;
2001 char overlay_path[PATH_MAX] = { 0 };
2002 struct crypt_dm_active_device dmd = {};
2004 log_dbg(cd, "Redirecting %s mapping to new backing device: %s.", name, new_backend_name);
2006 r = snprintf(overlay_path, PATH_MAX, "%s/%s", dm_get_dir(), new_backend_name);
2007 if (r < 0 || r >= PATH_MAX) {
2012 r = device_alloc(cd, &overlay_dev, overlay_path);
2016 r = device_block_adjust(cd, overlay_dev, DEV_OK,
2017 0, &dmd.size, &dmd.flags);
2021 r = dm_linear_target_set(&dmd.segment, 0, dmd.size, overlay_dev, 0);
2025 r = dm_reload_device(cd, name, &dmd, 0, 0);
2027 log_dbg(cd, "Resuming device %s", name);
2028 r = dm_resume_device(cd, name, DM_SUSPEND_SKIP_LOCKFS | DM_SUSPEND_NOFLUSH);
2032 dm_targets_free(cd, &dmd);
2033 device_free(cd, overlay_dev);
2038 static int reencrypt_activate_hotzone_device(struct crypt_device *cd, const char *name, uint64_t device_size, uint32_t flags)
2041 uint64_t new_offset = reencrypt_get_data_offset_new(crypt_get_hdr(cd, CRYPT_LUKS2)) >> SECTOR_SHIFT;
2043 struct crypt_dm_active_device dmd = {
2045 .uuid = crypt_get_uuid(cd),
2046 .size = device_size >> SECTOR_SHIFT
2049 log_dbg(cd, "Activating hotzone device %s.", name);
2051 r = device_block_adjust(cd, crypt_data_device(cd), DEV_OK,
2052 new_offset, &dmd.size, &dmd.flags);
2056 r = dm_linear_target_set(&dmd.segment, 0, dmd.size, crypt_data_device(cd), new_offset);
2060 r = dm_create_device(cd, name, CRYPT_SUBDEV, &dmd);
2062 dm_targets_free(cd, &dmd);
2067 static int reencrypt_init_device_stack(struct crypt_device *cd,
2068 const struct luks2_reencrypt *rh)
2072 /* Activate hotzone device 1:1 linear mapping to data_device */
2073 r = reencrypt_activate_hotzone_device(cd, rh->hotzone_name, rh->device_size, CRYPT_ACTIVATE_PRIVATE);
2075 log_err(cd, _("Failed to activate hotzone device %s."), rh->hotzone_name);
2080 * Activate overlay device with exactly same table as original 'name' mapping.
2081 * Note that within this step the 'name' device may already include a table
2082 * constructed from more than single dm-crypt segment. Therefore transfer
2085 * If we're about to resume reencryption orig mapping has to be already validated for
2086 * abrupt shutdown and rchunk_offset has to point on next chunk to reencrypt!
2088 * TODO: in crypt_activate_by*
2090 r = reencrypt_replace_device(cd, rh->overlay_name, rh->device_name, CRYPT_ACTIVATE_PRIVATE);
2092 log_err(cd, _("Failed to activate overlay device %s with actual origin table."), rh->overlay_name);
2096 /* swap origin mapping to overlay device */
2097 r = reencrypt_swap_backing_device(cd, rh->device_name, rh->overlay_name);
2099 log_err(cd, _("Failed to load new mapping for device %s."), rh->device_name);
2104 * Now the 'name' (unlocked luks) device is mapped via dm-linear to an overlay dev.
2105 * The overlay device has a original live table of 'name' device in-before the swap.
2110 /* TODO: force error helper devices on error path */
2111 dm_remove_device(cd, rh->overlay_name, 0);
2112 dm_remove_device(cd, rh->hotzone_name, 0);
2118 * 1) audit error path. any error in this routine is fatal and should be unlikely.
2119 * usually it would hint some collision with another userspace process touching
2120 * dm devices directly.
2122 static int reenc_refresh_helper_devices(struct crypt_device *cd, const char *overlay, const char *hotzone)
2127 * we have to explicitly suspend the overlay device before suspending
2128 * the hotzone one. Resuming overlay device (aka switching tables) only
2129 * after suspending the hotzone may lead to deadlock.
2131 * In other words: always suspend the stack from top to bottom!
2133 r = dm_suspend_device(cd, overlay, DM_SUSPEND_SKIP_LOCKFS | DM_SUSPEND_NOFLUSH);
2135 log_err(cd, _("Failed to suspend device %s."), overlay);
2139 /* suspend HZ device */
2140 r = dm_suspend_device(cd, hotzone, DM_SUSPEND_SKIP_LOCKFS | DM_SUSPEND_NOFLUSH);
2142 log_err(cd, _("Failed to suspend device %s."), hotzone);
2146 /* resume overlay device: inactive table (with hotozne) -> live */
2147 r = dm_resume_device(cd, overlay, DM_RESUME_PRIVATE);
2149 log_err(cd, _("Failed to resume device %s."), overlay);
2154 static int reencrypt_refresh_overlay_devices(struct crypt_device *cd,
2155 struct luks2_hdr *hdr,
2156 const char *overlay,
2157 const char *hotzone,
2158 struct volume_key *vks,
2159 uint64_t device_size,
2162 int r = reencrypt_load_overlay_device(cd, hdr, overlay, hotzone, vks, device_size, flags);
2164 log_err(cd, _("Failed to reload device %s."), overlay);
2168 r = reenc_refresh_helper_devices(cd, overlay, hotzone);
2170 log_err(cd, _("Failed to refresh reencryption devices stack."));
2171 return REENC_ROLLBACK;
2177 static int reencrypt_move_data(struct crypt_device *cd, int devfd, uint64_t data_shift)
2182 uint64_t buffer_len, offset;
2183 struct luks2_hdr *hdr = crypt_get_hdr(cd, CRYPT_LUKS2);
2185 log_dbg(cd, "Going to move data from head of data device.");
2187 buffer_len = data_shift;
2191 offset = json_segment_get_offset(LUKS2_get_segment_jobj(hdr, 0), 0);
2193 /* this is nonsense anyway */
2194 if (buffer_len != json_segment_get_size(LUKS2_get_segment_jobj(hdr, 0), 0)) {
2195 log_dbg(cd, "buffer_len %" PRIu64", segment size %" PRIu64, buffer_len, json_segment_get_size(LUKS2_get_segment_jobj(hdr, 0), 0));
2199 if (posix_memalign(&buffer, device_alignment(crypt_data_device(cd)), buffer_len))
2202 ret = read_lseek_blockwise(devfd,
2203 device_block_size(cd, crypt_data_device(cd)),
2204 device_alignment(crypt_data_device(cd)),
2205 buffer, buffer_len, 0);
2206 if (ret < 0 || (uint64_t)ret != buffer_len) {
2211 log_dbg(cd, "Going to write %" PRIu64 " bytes at offset %" PRIu64, buffer_len, offset);
2212 ret = write_lseek_blockwise(devfd,
2213 device_block_size(cd, crypt_data_device(cd)),
2214 device_alignment(crypt_data_device(cd)),
2215 buffer, buffer_len, offset);
2216 if (ret < 0 || (uint64_t)ret != buffer_len) {
2223 memset(buffer, 0, buffer_len);
2228 static int reencrypt_make_backup_segments(struct crypt_device *cd,
2229 struct luks2_hdr *hdr,
2232 uint64_t data_offset,
2233 const struct crypt_params_reencrypt *params)
2235 int r, segment, moved_segment = -1, digest_old = -1, digest_new = -1;
2236 json_object *jobj_segment_new = NULL, *jobj_segment_old = NULL, *jobj_segment_bcp = NULL;
2237 uint32_t sector_size = params->luks2 ? params->luks2->sector_size : SECTOR_SIZE;
2238 uint64_t segment_offset, tmp, data_shift = params->data_shift << SECTOR_SHIFT;
2240 if (params->mode != CRYPT_REENCRYPT_DECRYPT) {
2241 digest_new = LUKS2_digest_by_keyslot(hdr, keyslot_new);
2246 if (params->mode != CRYPT_REENCRYPT_ENCRYPT) {
2247 digest_old = LUKS2_digest_by_segment(hdr, CRYPT_DEFAULT_SEGMENT);
2252 segment = LUKS2_segment_first_unused_id(hdr);
2256 if (params->mode == CRYPT_REENCRYPT_ENCRYPT &&
2257 (params->flags & CRYPT_REENCRYPT_MOVE_FIRST_SEGMENT)) {
2258 json_object_copy(LUKS2_get_segment_jobj(hdr, 0), &jobj_segment_bcp);
2259 r = LUKS2_segment_set_flag(jobj_segment_bcp, "backup-moved-segment");
2262 moved_segment = segment++;
2263 json_object_object_add_by_uint(LUKS2_get_segments_jobj(hdr), moved_segment, jobj_segment_bcp);
2266 /* FIXME: Add detection for case (digest old == digest new && old segment == new segment) */
2267 if (digest_old >= 0)
2268 json_object_copy(LUKS2_get_segment_jobj(hdr, CRYPT_DEFAULT_SEGMENT), &jobj_segment_old);
2269 else if (params->mode == CRYPT_REENCRYPT_ENCRYPT) {
2270 r = LUKS2_get_data_size(hdr, &tmp, NULL);
2273 jobj_segment_old = json_segment_create_linear(0, tmp ? &tmp : NULL, 0);
2276 if (!jobj_segment_old) {
2281 r = LUKS2_segment_set_flag(jobj_segment_old, "backup-previous");
2284 json_object_object_add_by_uint(LUKS2_get_segments_jobj(hdr), segment, jobj_segment_old);
2285 jobj_segment_old = NULL;
2286 if (digest_old >= 0)
2287 LUKS2_digest_segment_assign(cd, hdr, segment, digest_old, 1, 0);
2290 if (digest_new >= 0) {
2291 segment_offset = data_offset;
2292 if (params->mode != CRYPT_REENCRYPT_ENCRYPT &&
2293 modify_offset(&segment_offset, data_shift, params->direction)) {
2297 jobj_segment_new = json_segment_create_crypt(segment_offset,
2298 crypt_get_iv_offset(cd),
2299 NULL, cipher, sector_size, 0);
2300 } else if (params->mode == CRYPT_REENCRYPT_DECRYPT) {
2301 segment_offset = data_offset;
2302 if (modify_offset(&segment_offset, data_shift, params->direction)) {
2306 jobj_segment_new = json_segment_create_linear(segment_offset, NULL, 0);
2309 if (!jobj_segment_new) {
2314 r = LUKS2_segment_set_flag(jobj_segment_new, "backup-final");
2317 json_object_object_add_by_uint(LUKS2_get_segments_jobj(hdr), segment, jobj_segment_new);
2318 jobj_segment_new = NULL;
2319 if (digest_new >= 0)
2320 LUKS2_digest_segment_assign(cd, hdr, segment, digest_new, 1, 0);
2322 /* FIXME: also check occupied space by keyslot in shrunk area */
2323 if (params->direction == CRYPT_REENCRYPT_FORWARD && data_shift &&
2324 crypt_metadata_device(cd) == crypt_data_device(cd) &&
2325 LUKS2_set_keyslots_size(cd, hdr, json_segment_get_offset(reencrypt_segment_new(hdr), 0))) {
2326 log_err(cd, _("Failed to set new keyslots area size."));
2333 json_object_put(jobj_segment_new);
2334 json_object_put(jobj_segment_old);
2338 static int reencrypt_verify_and_upload_keys(struct crypt_device *cd, struct luks2_hdr *hdr, int digest_old, int digest_new, struct volume_key *vks)
2341 struct volume_key *vk;
2343 if (digest_new >= 0) {
2344 vk = crypt_volume_key_by_id(vks, digest_new);
2348 if (LUKS2_digest_verify_by_digest(cd, hdr, digest_new, vk) != digest_new)
2351 if (crypt_use_keyring_for_vk(cd) && !crypt_is_cipher_null(reencrypt_segment_cipher_new(hdr)) &&
2352 (r = LUKS2_volume_key_load_in_keyring_by_digest(cd, hdr, vk, crypt_volume_key_get_id(vk))))
2357 if (digest_old >= 0 && digest_old != digest_new) {
2358 vk = crypt_volume_key_by_id(vks, digest_old);
2363 if (LUKS2_digest_verify_by_digest(cd, hdr, digest_old, vk) != digest_old) {
2367 if (crypt_use_keyring_for_vk(cd) && !crypt_is_cipher_null(reencrypt_segment_cipher_old(hdr)) &&
2368 (r = LUKS2_volume_key_load_in_keyring_by_digest(cd, hdr, vk, crypt_volume_key_get_id(vk))))
2375 crypt_drop_keyring_key(cd, vks);
2379 /* This function must be called with metadata lock held */
2380 static int reencrypt_init(struct crypt_device *cd,
2382 struct luks2_hdr *hdr,
2383 const char *passphrase,
2384 size_t passphrase_size,
2388 const char *cipher_mode,
2389 const struct crypt_params_reencrypt *params,
2390 struct volume_key **vks)
2392 bool move_first_segment;
2394 uint32_t sector_size;
2395 int r, reencrypt_keyslot, devfd = -1;
2396 uint64_t data_offset, dev_size = 0;
2397 struct crypt_dm_active_device dmd_target, dmd_source = {
2398 .uuid = crypt_get_uuid(cd),
2399 .flags = CRYPT_ACTIVATE_SHARED /* turn off exclusive open checks */
2402 if (!params || params->mode > CRYPT_REENCRYPT_DECRYPT)
2405 if (params->mode != CRYPT_REENCRYPT_DECRYPT &&
2406 (!params->luks2 || !(cipher && cipher_mode) || keyslot_new < 0))
2409 log_dbg(cd, "Initializing reencryption (mode: %s) in LUKS2 metadata.",
2410 crypt_reencrypt_mode_to_str(params->mode));
2412 move_first_segment = (params->flags & CRYPT_REENCRYPT_MOVE_FIRST_SEGMENT);
2414 /* implicit sector size 512 for decryption */
2415 sector_size = params->luks2 ? params->luks2->sector_size : SECTOR_SIZE;
2416 if (sector_size < SECTOR_SIZE || sector_size > MAX_SECTOR_SIZE ||
2417 NOTPOW2(sector_size)) {
2418 log_err(cd, _("Unsupported encryption sector size."));
2422 if (!cipher_mode || *cipher_mode == '\0')
2423 r = snprintf(_cipher, sizeof(_cipher), "%s", cipher);
2425 r = snprintf(_cipher, sizeof(_cipher), "%s-%s", cipher, cipher_mode);
2426 if (r < 0 || (size_t)r >= sizeof(_cipher))
2429 if (MISALIGNED(params->data_shift, sector_size >> SECTOR_SHIFT)) {
2430 log_err(cd, _("Data shift is not aligned to requested encryption sector size (%" PRIu32 " bytes)."), sector_size);
2434 data_offset = LUKS2_get_data_offset(hdr) << SECTOR_SHIFT;
2436 r = device_check_access(cd, crypt_data_device(cd), DEV_OK);
2440 r = device_check_size(cd, crypt_data_device(cd), data_offset, 1);
2444 r = device_size(crypt_data_device(cd), &dev_size);
2448 dev_size -= data_offset;
2450 if (MISALIGNED(dev_size, sector_size)) {
2451 log_err(cd, _("Data device is not aligned to requested encryption sector size (%" PRIu32 " bytes)."), sector_size);
2455 reencrypt_keyslot = LUKS2_keyslot_find_empty(hdr);
2456 if (reencrypt_keyslot < 0) {
2457 log_err(cd, _("All key slots full."));
2462 * We must perform data move with exclusive open data device
2463 * to exclude another cryptsetup process to colide with
2464 * encryption initialization (or mount)
2466 if (move_first_segment) {
2467 if (dev_size < 2 * (params->data_shift << SECTOR_SHIFT)) {
2468 log_err(cd, _("Device %s is too small."), device_path(crypt_data_device(cd)));
2471 if (params->data_shift < LUKS2_get_data_offset(hdr)) {
2472 log_err(cd, _("Data shift (%" PRIu64 " sectors) is less than future data offset (%" PRIu64 " sectors)."), params->data_shift, LUKS2_get_data_offset(hdr));
2475 devfd = device_open_excl(cd, crypt_data_device(cd), O_RDWR);
2477 if (devfd == -EBUSY)
2478 log_err(cd,_("Failed to open %s in exclusive mode (already mapped or mounted)."), device_path(crypt_data_device(cd)));
2483 if (params->mode == CRYPT_REENCRYPT_ENCRYPT) {
2484 /* in-memory only */
2485 r = reencrypt_set_encrypt_segments(cd, hdr, dev_size, params->data_shift << SECTOR_SHIFT, move_first_segment, params->direction);
2490 r = LUKS2_keyslot_reencrypt_allocate(cd, hdr, reencrypt_keyslot,
2495 r = reencrypt_make_backup_segments(cd, hdr, keyslot_new, _cipher, data_offset, params);
2497 log_dbg(cd, "Failed to create reencryption backup device segments.");
2501 r = LUKS2_keyslot_open_all_segments(cd, keyslot_old, keyslot_new, passphrase, passphrase_size, vks);
2505 r = LUKS2_keyslot_reencrypt_digest_create(cd, hdr, *vks);
2509 if (name && params->mode != CRYPT_REENCRYPT_ENCRYPT) {
2510 r = reencrypt_verify_and_upload_keys(cd, hdr, LUKS2_reencrypt_digest_old(hdr), LUKS2_reencrypt_digest_new(hdr), *vks);
2514 r = dm_query_device(cd, name, DM_ACTIVE_UUID | DM_ACTIVE_DEVICE |
2515 DM_ACTIVE_CRYPT_KEYSIZE | DM_ACTIVE_CRYPT_KEY |
2516 DM_ACTIVE_CRYPT_CIPHER, &dmd_target);
2520 r = LUKS2_assembly_multisegment_dmd(cd, hdr, *vks, LUKS2_get_segments_jobj(hdr), &dmd_source);
2522 r = crypt_compare_dm_devices(cd, &dmd_source, &dmd_target);
2524 log_err(cd, _("Mismatching parameters on device %s."), name);
2527 dm_targets_free(cd, &dmd_source);
2528 dm_targets_free(cd, &dmd_target);
2529 free(CONST_CAST(void*)dmd_target.uuid);
2535 if (move_first_segment && reencrypt_move_data(cd, devfd, params->data_shift << SECTOR_SHIFT)) {
2540 /* This must be first and only write in LUKS2 metadata during _reencrypt_init */
2541 r = reencrypt_update_flag(cd, 1, true);
2543 log_dbg(cd, "Failed to set online-reencryption requirement.");
2546 r = reencrypt_keyslot;
2548 device_release_excl(cd, crypt_data_device(cd));
2550 crypt_load(cd, CRYPT_LUKS2, NULL);
2555 static int reencrypt_hotzone_protect_final(struct crypt_device *cd,
2556 struct luks2_hdr *hdr, struct luks2_reencrypt *rh,
2557 const void *buffer, size_t buffer_len)
2559 const void *pbuffer;
2560 size_t data_offset, len;
2563 if (rh->rp.type == REENC_PROTECTION_NONE)
2566 if (rh->rp.type == REENC_PROTECTION_CHECKSUM) {
2567 log_dbg(cd, "Checksums hotzone resilience.");
2569 for (data_offset = 0, len = 0; data_offset < buffer_len; data_offset += rh->alignment, len += rh->rp.p.csum.hash_size) {
2570 if (crypt_hash_write(rh->rp.p.csum.ch, (const char *)buffer + data_offset, rh->alignment)) {
2571 log_dbg(cd, "Failed to hash sector at offset %zu.", data_offset);
2574 if (crypt_hash_final(rh->rp.p.csum.ch, (char *)rh->rp.p.csum.checksums + len, rh->rp.p.csum.hash_size)) {
2575 log_dbg(cd, "Failed to finalize hash.");
2579 pbuffer = rh->rp.p.csum.checksums;
2580 } else if (rh->rp.type == REENC_PROTECTION_JOURNAL) {
2581 log_dbg(cd, "Journal hotzone resilience.");
2584 } else if (rh->rp.type == REENC_PROTECTION_DATASHIFT) {
2585 log_dbg(cd, "Data shift hotzone resilience.");
2586 return LUKS2_hdr_write(cd, hdr);
2590 log_dbg(cd, "Going to store %zu bytes in reencrypt keyslot.", len);
2592 r = LUKS2_keyslot_reencrypt_store(cd, hdr, rh->reenc_keyslot, pbuffer, len);
2594 return r > 0 ? 0 : r;
2597 static int reencrypt_context_update(struct crypt_device *cd,
2598 struct luks2_reencrypt *rh)
2603 if (rh->direction == CRYPT_REENCRYPT_BACKWARD) {
2604 if (rh->data_shift && rh->mode == CRYPT_REENCRYPT_ENCRYPT) {
2606 rh->offset -= rh->data_shift;
2607 if (rh->offset && (rh->offset < rh->data_shift)) {
2608 rh->length = rh->offset;
2609 rh->offset = rh->data_shift;
2612 rh->length = rh->data_shift;
2614 if (rh->offset < rh->length)
2615 rh->length = rh->offset;
2616 rh->offset -= rh->length;
2618 } else if (rh->direction == CRYPT_REENCRYPT_FORWARD) {
2619 rh->offset += (uint64_t)rh->read;
2620 /* it fails in-case of device_size < rh->offset later */
2621 if (rh->device_size - rh->offset < rh->length)
2622 rh->length = rh->device_size - rh->offset;
2626 if (rh->device_size < rh->offset) {
2627 log_dbg(cd, "Calculated reencryption offset %" PRIu64 " is beyond device size %" PRIu64 ".", rh->offset, rh->device_size);
2631 rh->progress += (uint64_t)rh->read;
2636 static int reencrypt_load(struct crypt_device *cd, struct luks2_hdr *hdr,
2637 uint64_t device_size,
2638 const struct crypt_params_reencrypt *params,
2639 struct volume_key *vks,
2640 struct luks2_reencrypt **rh)
2643 struct luks2_reencrypt *tmp = NULL;
2644 crypt_reencrypt_info ri = LUKS2_reencrypt_status(hdr);
2646 if (ri == CRYPT_REENCRYPT_NONE) {
2647 log_err(cd, _("Device not marked for LUKS2 reencryption."));
2649 } else if (ri == CRYPT_REENCRYPT_INVALID)
2652 r = LUKS2_reencrypt_digest_verify(cd, hdr, vks);
2656 if (ri == CRYPT_REENCRYPT_CLEAN)
2657 r = reencrypt_load_clean(cd, hdr, device_size, &tmp, params);
2658 else if (ri == CRYPT_REENCRYPT_CRASH)
2659 r = reencrypt_load_crashed(cd, hdr, device_size, &tmp);
2663 if (r < 0 || !tmp) {
2664 log_err(cd, _("Failed to load LUKS2 reencryption context."));
2673 static int reencrypt_lock_internal(struct crypt_device *cd, const char *uuid, struct crypt_lock_handle **reencrypt_lock)
2676 char *lock_resource;
2678 if (!crypt_metadata_locking_enabled()) {
2679 *reencrypt_lock = NULL;
2683 r = asprintf(&lock_resource, "LUKS2-reencryption-%s", uuid);
2691 r = crypt_write_lock(cd, lock_resource, false, reencrypt_lock);
2693 free(lock_resource);
2699 int LUKS2_reencrypt_lock_by_dm_uuid(struct crypt_device *cd, const char *dm_uuid,
2700 struct crypt_lock_handle **reencrypt_lock)
2704 const char *uuid = crypt_get_uuid(cd);
2710 r = snprintf(hdr_uuid, sizeof(hdr_uuid), "%.8s-%.4s-%.4s-%.4s-%.12s",
2711 dm_uuid + 6, dm_uuid + 14, dm_uuid + 18, dm_uuid + 22, dm_uuid + 26);
2712 if (r < 0 || (size_t)r != (sizeof(hdr_uuid) - 1))
2714 } else if (crypt_uuid_cmp(dm_uuid, uuid))
2717 return reencrypt_lock_internal(cd, uuid, reencrypt_lock);
2721 int LUKS2_reencrypt_lock(struct crypt_device *cd, struct crypt_lock_handle **reencrypt_lock)
2723 if (!cd || !crypt_get_type(cd) || strcmp(crypt_get_type(cd), CRYPT_LUKS2))
2726 return reencrypt_lock_internal(cd, crypt_get_uuid(cd), reencrypt_lock);
2730 void LUKS2_reencrypt_unlock(struct crypt_device *cd, struct crypt_lock_handle *reencrypt_lock)
2732 crypt_unlock_internal(cd, reencrypt_lock);
2734 #if USE_LUKS2_REENCRYPTION
2735 static int reencrypt_lock_and_verify(struct crypt_device *cd, struct luks2_hdr *hdr,
2736 struct crypt_lock_handle **reencrypt_lock)
2739 crypt_reencrypt_info ri;
2740 struct crypt_lock_handle *h;
2742 ri = LUKS2_reencrypt_status(hdr);
2743 if (ri == CRYPT_REENCRYPT_INVALID) {
2744 log_err(cd, _("Failed to get reencryption state."));
2747 if (ri < CRYPT_REENCRYPT_CLEAN) {
2748 log_err(cd, _("Device is not in reencryption."));
2752 r = LUKS2_reencrypt_lock(cd, &h);
2755 log_err(cd, _("Reencryption process is already running."));
2757 log_err(cd, _("Failed to acquire reencryption lock."));
2761 /* With reencryption lock held, reload device context and verify metadata state */
2762 r = crypt_load(cd, CRYPT_LUKS2, NULL);
2764 LUKS2_reencrypt_unlock(cd, h);
2768 ri = LUKS2_reencrypt_status(hdr);
2769 if (ri == CRYPT_REENCRYPT_CLEAN) {
2770 *reencrypt_lock = h;
2774 LUKS2_reencrypt_unlock(cd, h);
2775 log_err(cd, _("Cannot proceed with reencryption. Run reencryption recovery first."));
2779 static int reencrypt_load_by_passphrase(struct crypt_device *cd,
2781 const char *passphrase,
2782 size_t passphrase_size,
2785 struct volume_key **vks,
2786 const struct crypt_params_reencrypt *params)
2788 int r, old_ss, new_ss;
2789 struct luks2_hdr *hdr;
2790 struct crypt_lock_handle *reencrypt_lock;
2791 struct luks2_reencrypt *rh;
2792 const struct volume_key *vk;
2793 struct crypt_dm_active_device dmd_target, dmd_source = {
2794 .uuid = crypt_get_uuid(cd),
2795 .flags = CRYPT_ACTIVATE_SHARED /* turn off exclusive open checks */
2797 uint64_t minimal_size, device_size, mapping_size = 0, required_size = 0;
2799 struct crypt_params_reencrypt rparams = {};
2804 required_size = params->device_size;
2807 log_dbg(cd, "Loading LUKS2 reencryption context.");
2809 rh = crypt_get_luks2_reencrypt(cd);
2811 LUKS2_reencrypt_free(cd, rh);
2812 crypt_set_luks2_reencrypt(cd, NULL);
2816 hdr = crypt_get_hdr(cd, CRYPT_LUKS2);
2818 r = reencrypt_lock_and_verify(cd, hdr, &reencrypt_lock);
2822 /* From now on we hold reencryption lock */
2824 if (LUKS2_get_data_size(hdr, &minimal_size, &dynamic))
2827 /* some configurations provides fixed device size */
2828 r = LUKS2_reencrypt_check_device_size(cd, hdr, minimal_size, &device_size, false, dynamic);
2834 minimal_size >>= SECTOR_SHIFT;
2836 old_ss = reencrypt_get_sector_size_old(hdr);
2837 new_ss = reencrypt_get_sector_size_new(hdr);
2839 r = reencrypt_verify_and_upload_keys(cd, hdr, LUKS2_reencrypt_digest_old(hdr), LUKS2_reencrypt_digest_new(hdr), *vks);
2841 log_dbg(cd, "Keys are not ready. Unlocking all volume keys.");
2842 r = LUKS2_keyslot_open_all_segments(cd, keyslot_old, keyslot_new, passphrase, passphrase_size, vks);
2845 r = reencrypt_verify_and_upload_keys(cd, hdr, LUKS2_reencrypt_digest_old(hdr), LUKS2_reencrypt_digest_new(hdr), *vks);
2852 r = dm_query_device(cd, name, DM_ACTIVE_UUID | DM_ACTIVE_DEVICE |
2853 DM_ACTIVE_CRYPT_KEYSIZE | DM_ACTIVE_CRYPT_KEY |
2854 DM_ACTIVE_CRYPT_CIPHER, &dmd_target);
2857 flags = dmd_target.flags;
2860 * By default reencryption code aims to retain flags from existing dm device.
2861 * The keyring activation flag can not be inherited if original cipher is null.
2863 * In this case override the flag based on decision made in reencrypt_verify_and_upload_keys
2864 * above. The code checks if new VK is eligible for keyring.
2866 vk = crypt_volume_key_by_id(*vks, LUKS2_reencrypt_digest_new(hdr));
2867 if (vk && vk->key_description && crypt_is_cipher_null(reencrypt_segment_cipher_old(hdr))) {
2868 flags |= CRYPT_ACTIVATE_KEYRING_KEY;
2869 dmd_source.flags |= CRYPT_ACTIVATE_KEYRING_KEY;
2872 r = LUKS2_assembly_multisegment_dmd(cd, hdr, *vks, LUKS2_get_segments_jobj(hdr), &dmd_source);
2874 r = crypt_compare_dm_devices(cd, &dmd_source, &dmd_target);
2876 log_err(cd, _("Mismatching parameters on device %s."), name);
2879 dm_targets_free(cd, &dmd_source);
2880 dm_targets_free(cd, &dmd_target);
2881 free(CONST_CAST(void*)dmd_target.uuid);
2884 mapping_size = dmd_target.size;
2888 if (required_size && mapping_size && (required_size != mapping_size)) {
2889 log_err(cd, _("Active device size and requested reencryption size don't match."));
2894 required_size = mapping_size;
2896 if (required_size) {
2897 /* TODO: Add support for changing fixed minimal size in reencryption mda where possible */
2898 if ((minimal_size && (required_size < minimal_size)) ||
2899 (required_size > (device_size >> SECTOR_SHIFT)) ||
2900 (!dynamic && (required_size != minimal_size)) ||
2901 (old_ss > 0 && MISALIGNED(required_size, old_ss >> SECTOR_SHIFT)) ||
2902 (new_ss > 0 && MISALIGNED(required_size, new_ss >> SECTOR_SHIFT))) {
2903 log_err(cd, _("Illegal device size requested in reencryption parameters."));
2906 rparams.device_size = required_size;
2909 r = reencrypt_load(cd, hdr, device_size, &rparams, *vks, &rh);
2913 if (name && (r = reencrypt_context_set_names(rh, name)))
2916 /* Reassure device is not mounted and there's no dm mapping active */
2917 if (!name && (device_open_excl(cd, crypt_data_device(cd), O_RDONLY) < 0)) {
2918 log_err(cd,_("Failed to open %s in exclusive mode (already mapped or mounted)."), device_path(crypt_data_device(cd)));
2922 device_release_excl(cd, crypt_data_device(cd));
2924 /* FIXME: There's a race for dm device activation not managed by cryptsetup.
2927 * 2) rogue dm device activation
2928 * 3) one or more dm-crypt based wrapper activation
2929 * 4) next excl open get's skipped due to 3) device from 2) remains undetected.
2931 r = reencrypt_init_storage_wrappers(cd, hdr, rh, *vks);
2935 /* If one of wrappers is based on dmcrypt fallback it already blocked mount */
2936 if (!name && crypt_storage_wrapper_get_type(rh->cw1) != DMCRYPT &&
2937 crypt_storage_wrapper_get_type(rh->cw2) != DMCRYPT) {
2938 if (device_open_excl(cd, crypt_data_device(cd), O_RDONLY) < 0) {
2939 log_err(cd,_("Failed to open %s in exclusive mode (already mapped or mounted)."), device_path(crypt_data_device(cd)));
2947 MOVE_REF(rh->vks, *vks);
2948 MOVE_REF(rh->reenc_lock, reencrypt_lock);
2950 crypt_set_luks2_reencrypt(cd, rh);
2954 LUKS2_reencrypt_unlock(cd, reencrypt_lock);
2955 LUKS2_reencrypt_free(cd, rh);
2959 static int reencrypt_recovery_by_passphrase(struct crypt_device *cd,
2960 struct luks2_hdr *hdr,
2963 const char *passphrase,
2964 size_t passphrase_size)
2967 crypt_reencrypt_info ri;
2968 struct crypt_lock_handle *reencrypt_lock;
2970 r = LUKS2_reencrypt_lock(cd, &reencrypt_lock);
2973 log_err(cd, _("Reencryption in-progress. Cannot perform recovery."));
2975 log_err(cd, _("Failed to get reencryption lock."));
2979 if ((r = crypt_load(cd, CRYPT_LUKS2, NULL))) {
2980 LUKS2_reencrypt_unlock(cd, reencrypt_lock);
2984 ri = LUKS2_reencrypt_status(hdr);
2985 if (ri == CRYPT_REENCRYPT_INVALID) {
2986 LUKS2_reencrypt_unlock(cd, reencrypt_lock);
2990 if (ri == CRYPT_REENCRYPT_CRASH) {
2991 r = LUKS2_reencrypt_locked_recovery_by_passphrase(cd, keyslot_old, keyslot_new,
2992 passphrase, passphrase_size, 0, NULL);
2994 log_err(cd, _("LUKS2 reencryption recovery failed."));
2996 log_dbg(cd, "No LUKS2 reencryption recovery needed.");
3000 LUKS2_reencrypt_unlock(cd, reencrypt_lock);
3004 static int reencrypt_repair_by_passphrase(
3005 struct crypt_device *cd,
3006 struct luks2_hdr *hdr,
3009 const char *passphrase,
3010 size_t passphrase_size)
3013 struct crypt_lock_handle *reencrypt_lock;
3014 struct luks2_reencrypt *rh;
3015 crypt_reencrypt_info ri;
3016 struct volume_key *vks = NULL;
3018 log_dbg(cd, "Loading LUKS2 reencryption context for metadata repair.");
3020 rh = crypt_get_luks2_reencrypt(cd);
3022 LUKS2_reencrypt_free(cd, rh);
3023 crypt_set_luks2_reencrypt(cd, NULL);
3027 ri = LUKS2_reencrypt_status(hdr);
3028 if (ri == CRYPT_REENCRYPT_INVALID)
3031 if (ri < CRYPT_REENCRYPT_CLEAN) {
3032 log_err(cd, _("Device is not in reencryption."));
3036 r = LUKS2_reencrypt_lock(cd, &reencrypt_lock);
3039 log_err(cd, _("Reencryption process is already running."));
3041 log_err(cd, _("Failed to acquire reencryption lock."));
3045 /* With reencryption lock held, reload device context and verify metadata state */
3046 r = crypt_load(cd, CRYPT_LUKS2, NULL);
3050 ri = LUKS2_reencrypt_status(hdr);
3051 if (ri == CRYPT_REENCRYPT_INVALID) {
3055 if (ri == CRYPT_REENCRYPT_NONE) {
3060 r = LUKS2_keyslot_open_all_segments(cd, keyslot_old, keyslot_new, passphrase, passphrase_size, &vks);
3064 r = LUKS2_keyslot_reencrypt_digest_create(cd, hdr, vks);
3065 crypt_free_volume_key(vks);
3070 /* removes online-reencrypt flag v1 */
3071 if ((r = reencrypt_update_flag(cd, 0, false)))
3074 /* adds online-reencrypt flag v2 and commits metadata */
3075 r = reencrypt_update_flag(cd, 1, true);
3077 LUKS2_reencrypt_unlock(cd, reencrypt_lock);
3078 crypt_free_volume_key(vks);
3083 static int reencrypt_init_by_passphrase(struct crypt_device *cd,
3085 const char *passphrase,
3086 size_t passphrase_size,
3090 const char *cipher_mode,
3091 const struct crypt_params_reencrypt *params)
3093 #if USE_LUKS2_REENCRYPTION
3095 crypt_reencrypt_info ri;
3096 struct volume_key *vks = NULL;
3097 uint32_t flags = params ? params->flags : 0;
3098 struct luks2_hdr *hdr = crypt_get_hdr(cd, CRYPT_LUKS2);
3100 /* short-circuit in reencryption metadata update and finish immediately. */
3101 if (flags & CRYPT_REENCRYPT_REPAIR_NEEDED)
3102 return reencrypt_repair_by_passphrase(cd, hdr, keyslot_old, keyslot_new, passphrase, passphrase_size);
3104 /* short-circuit in recovery and finish immediately. */
3105 if (flags & CRYPT_REENCRYPT_RECOVERY)
3106 return reencrypt_recovery_by_passphrase(cd, hdr, keyslot_old, keyslot_new, passphrase, passphrase_size);
3108 if (cipher && !crypt_cipher_wrapped_key(cipher, cipher_mode)) {
3109 r = crypt_keyslot_get_key_size(cd, keyslot_new);
3112 r = LUKS2_check_cipher(cd, r, cipher, cipher_mode);
3117 r = LUKS2_device_write_lock(cd, hdr, crypt_metadata_device(cd));
3121 ri = LUKS2_reencrypt_status(hdr);
3122 if (ri == CRYPT_REENCRYPT_INVALID) {
3123 device_write_unlock(cd, crypt_metadata_device(cd));
3127 if ((ri > CRYPT_REENCRYPT_NONE) && (flags & CRYPT_REENCRYPT_INITIALIZE_ONLY)) {
3128 device_write_unlock(cd, crypt_metadata_device(cd));
3129 log_err(cd, _("LUKS2 reencryption already initialized in metadata."));
3133 if (ri == CRYPT_REENCRYPT_NONE && !(flags & CRYPT_REENCRYPT_RESUME_ONLY)) {
3134 r = reencrypt_init(cd, name, hdr, passphrase, passphrase_size, keyslot_old, keyslot_new, cipher, cipher_mode, params, &vks);
3136 log_err(cd, _("Failed to initialize LUKS2 reencryption in metadata."));
3137 } else if (ri > CRYPT_REENCRYPT_NONE) {
3138 log_dbg(cd, "LUKS2 reencryption already initialized.");
3142 device_write_unlock(cd, crypt_metadata_device(cd));
3144 if (r < 0 || (flags & CRYPT_REENCRYPT_INITIALIZE_ONLY))
3147 r = reencrypt_load_by_passphrase(cd, name, passphrase, passphrase_size, keyslot_old, keyslot_new, &vks, params);
3150 crypt_drop_keyring_key(cd, vks);
3151 crypt_free_volume_key(vks);
3152 return r < 0 ? r : LUKS2_find_keyslot(hdr, "reencrypt");
3154 log_err(cd, _("This operation is not supported for this device type."));
3159 int crypt_reencrypt_init_by_keyring(struct crypt_device *cd,
3161 const char *passphrase_description,
3165 const char *cipher_mode,
3166 const struct crypt_params_reencrypt *params)
3170 size_t passphrase_size;
3172 if (onlyLUKS2mask(cd, CRYPT_REQUIREMENT_ONLINE_REENCRYPT) || !passphrase_description)
3174 if (params && (params->flags & CRYPT_REENCRYPT_INITIALIZE_ONLY) && (params->flags & CRYPT_REENCRYPT_RESUME_ONLY))
3177 r = keyring_get_passphrase(passphrase_description, &passphrase, &passphrase_size);
3179 log_err(cd, _("Failed to read passphrase from keyring (error %d)."), r);
3183 r = reencrypt_init_by_passphrase(cd, name, passphrase, passphrase_size, keyslot_old, keyslot_new, cipher, cipher_mode, params);
3185 crypt_safe_memzero(passphrase, passphrase_size);
3191 int crypt_reencrypt_init_by_passphrase(struct crypt_device *cd,
3193 const char *passphrase,
3194 size_t passphrase_size,
3198 const char *cipher_mode,
3199 const struct crypt_params_reencrypt *params)
3201 if (onlyLUKS2mask(cd, CRYPT_REQUIREMENT_ONLINE_REENCRYPT) || !passphrase)
3203 if (params && (params->flags & CRYPT_REENCRYPT_INITIALIZE_ONLY) && (params->flags & CRYPT_REENCRYPT_RESUME_ONLY))
3206 return reencrypt_init_by_passphrase(cd, name, passphrase, passphrase_size, keyslot_old, keyslot_new, cipher, cipher_mode, params);
3209 #if USE_LUKS2_REENCRYPTION
3210 static reenc_status_t reencrypt_step(struct crypt_device *cd,
3211 struct luks2_hdr *hdr,
3212 struct luks2_reencrypt *rh,
3213 uint64_t device_size,
3218 /* in memory only */
3219 r = reencrypt_make_segments(cd, hdr, rh, device_size);
3223 r = reencrypt_assign_segments(cd, hdr, rh, 1, 0);
3225 log_err(cd, _("Failed to set device segments for next reencryption hotzone."));
3230 r = reencrypt_refresh_overlay_devices(cd, hdr, rh->overlay_name, rh->hotzone_name, rh->vks, rh->device_size, rh->flags);
3231 /* Teardown overlay devices with dm-error. None bio shall pass! */
3236 log_dbg(cd, "Reencrypting chunk starting at offset: %" PRIu64 ", size :%" PRIu64 ".", rh->offset, rh->length);
3237 log_dbg(cd, "data_offset: %" PRIu64, crypt_get_data_offset(cd) << SECTOR_SHIFT);
3239 if (!rh->offset && rh->mode == CRYPT_REENCRYPT_ENCRYPT && rh->data_shift &&
3240 rh->jobj_segment_moved) {
3241 crypt_storage_wrapper_destroy(rh->cw1);
3242 log_dbg(cd, "Reinitializing old segment storage wrapper for moved segment.");
3243 r = crypt_storage_wrapper_init(cd, &rh->cw1, crypt_data_device(cd),
3244 LUKS2_reencrypt_get_data_offset_moved(hdr),
3245 crypt_get_iv_offset(cd),
3246 reencrypt_get_sector_size_old(hdr),
3247 reencrypt_segment_cipher_old(hdr),
3248 crypt_volume_key_by_id(rh->vks, rh->digest_old),
3251 log_err(cd, _("Failed to initialize old segment storage wrapper."));
3252 return REENC_ROLLBACK;
3256 rh->read = crypt_storage_wrapper_read(rh->cw1, rh->offset, rh->reenc_buffer, rh->length);
3258 /* severity normal */
3259 log_err(cd, _("Failed to read hotzone area starting at %" PRIu64 "."), rh->offset);
3260 return REENC_ROLLBACK;
3263 /* metadata commit point */
3264 r = reencrypt_hotzone_protect_final(cd, hdr, rh, rh->reenc_buffer, rh->read);
3266 /* severity normal */
3267 log_err(cd, _("Failed to write reencryption resilience metadata."));
3268 return REENC_ROLLBACK;
3271 r = crypt_storage_wrapper_decrypt(rh->cw1, rh->offset, rh->reenc_buffer, rh->read);
3273 /* severity normal */
3274 log_err(cd, _("Decryption failed."));
3275 return REENC_ROLLBACK;
3277 if (rh->read != crypt_storage_wrapper_encrypt_write(rh->cw2, rh->offset, rh->reenc_buffer, rh->read)) {
3278 /* severity fatal */
3279 log_err(cd, _("Failed to write hotzone area starting at %" PRIu64 "."), rh->offset);
3283 if (rh->rp.type != REENC_PROTECTION_NONE && crypt_storage_wrapper_datasync(rh->cw2)) {
3284 log_err(cd, _("Failed to sync data."));
3288 /* metadata commit safe point */
3289 r = reencrypt_assign_segments(cd, hdr, rh, 0, rh->rp.type != REENC_PROTECTION_NONE);
3291 /* severity fatal */
3292 log_err(cd, _("Failed to update metadata after current reencryption hotzone completed."));
3297 /* severity normal */
3298 log_dbg(cd, "Resuming device %s", rh->hotzone_name);
3299 r = dm_resume_device(cd, rh->hotzone_name, DM_RESUME_PRIVATE);
3301 log_err(cd, _("Failed to resume device %s."), rh->hotzone_name);
3309 static int reencrypt_erase_backup_segments(struct crypt_device *cd,
3310 struct luks2_hdr *hdr)
3312 int segment = LUKS2_get_segment_id_by_flag(hdr, "backup-previous");
3314 if (LUKS2_digest_segment_assign(cd, hdr, segment, CRYPT_ANY_DIGEST, 0, 0))
3316 json_object_object_del_by_uint(LUKS2_get_segments_jobj(hdr), segment);
3318 segment = LUKS2_get_segment_id_by_flag(hdr, "backup-final");
3320 if (LUKS2_digest_segment_assign(cd, hdr, segment, CRYPT_ANY_DIGEST, 0, 0))
3322 json_object_object_del_by_uint(LUKS2_get_segments_jobj(hdr), segment);
3324 segment = LUKS2_get_segment_id_by_flag(hdr, "backup-moved-segment");
3326 if (LUKS2_digest_segment_assign(cd, hdr, segment, CRYPT_ANY_DIGEST, 0, 0))
3328 json_object_object_del_by_uint(LUKS2_get_segments_jobj(hdr), segment);
3334 static int reencrypt_wipe_moved_segment(struct crypt_device *cd, struct luks2_hdr *hdr, struct luks2_reencrypt *rh)
3337 uint64_t offset, length;
3339 if (rh->jobj_segment_moved) {
3340 offset = json_segment_get_offset(rh->jobj_segment_moved, 0);
3341 length = json_segment_get_size(rh->jobj_segment_moved, 0);
3342 log_dbg(cd, "Wiping %" PRIu64 " bytes of backup segment data at offset %" PRIu64,
3344 r = crypt_wipe_device(cd, crypt_data_device(cd), CRYPT_WIPE_RANDOM,
3345 offset, length, 1024 * 1024, NULL, NULL);
3351 static int reencrypt_teardown_ok(struct crypt_device *cd, struct luks2_hdr *hdr, struct luks2_reencrypt *rh)
3355 bool finished = !(rh->device_size > rh->progress);
3357 if (rh->rp.type == REENC_PROTECTION_NONE &&
3358 LUKS2_hdr_write(cd, hdr)) {
3359 log_err(cd, _("Failed to write LUKS2 metadata."));
3364 r = LUKS2_reload(cd, rh->device_name, rh->vks, rh->device_size, rh->flags);
3366 log_err(cd, _("Failed to reload device %s."), rh->device_name);
3368 r = dm_resume_device(cd, rh->device_name, DM_SUSPEND_SKIP_LOCKFS | DM_SUSPEND_NOFLUSH);
3370 log_err(cd, _("Failed to resume device %s."), rh->device_name);
3372 dm_remove_device(cd, rh->overlay_name, 0);
3373 dm_remove_device(cd, rh->hotzone_name, 0);
3375 if (!r && finished && rh->mode == CRYPT_REENCRYPT_DECRYPT &&
3376 !dm_flags(cd, DM_LINEAR, &dmt_flags) && (dmt_flags & DM_DEFERRED_SUPPORTED))
3377 dm_remove_device(cd, rh->device_name, CRYPT_DEACTIVATE_DEFERRED);
3381 if (reencrypt_wipe_moved_segment(cd, hdr, rh))
3382 log_err(cd, _("Failed to wipe backup segment data."));
3383 if (reencrypt_get_data_offset_new(hdr) && LUKS2_set_keyslots_size(cd, hdr, reencrypt_get_data_offset_new(hdr)))
3384 log_dbg(cd, "Failed to set new keyslots area size.");
3385 if (rh->digest_old >= 0 && rh->digest_new != rh->digest_old)
3386 for (i = 0; i < LUKS2_KEYSLOTS_MAX; i++)
3387 if (LUKS2_digest_by_keyslot(hdr, i) == rh->digest_old && crypt_keyslot_destroy(cd, i))
3388 log_err(cd, _("Failed to remove unused (unbound) keyslot %d."), i);
3390 if (reencrypt_erase_backup_segments(cd, hdr))
3391 log_dbg(cd, "Failed to erase backup segments");
3393 if (reencrypt_update_flag(cd, 0, false))
3394 log_dbg(cd, "Failed to disable reencryption requirement flag.");
3396 /* metadata commit point also removing reencryption flag on-disk */
3397 if (crypt_keyslot_destroy(cd, rh->reenc_keyslot)) {
3398 log_err(cd, _("Failed to remove reencryption keyslot."));
3406 static void reencrypt_teardown_fatal(struct crypt_device *cd, struct luks2_hdr *hdr, struct luks2_reencrypt *rh)
3408 log_err(cd, _("Fatal error while reencrypting chunk starting at %" PRIu64 ", %" PRIu64 " sectors long."),
3409 (rh->offset >> SECTOR_SHIFT) + crypt_get_data_offset(cd), rh->length >> SECTOR_SHIFT);
3412 log_err(cd, "Reencryption was run in online mode.");
3413 if (dm_status_suspended(cd, rh->hotzone_name) > 0) {
3414 log_dbg(cd, "Hotzone device %s suspended, replacing with dm-error.", rh->hotzone_name);
3415 if (dm_error_device(cd, rh->hotzone_name)) {
3416 log_err(cd, _("Failed to replace suspended device %s with dm-error target."), rh->hotzone_name);
3417 log_err(cd, _("Do not resume the device unless replaced with error target manually."));
3423 static int reencrypt_teardown(struct crypt_device *cd, struct luks2_hdr *hdr,
3424 struct luks2_reencrypt *rh, reenc_status_t rs, bool interrupted,
3425 int (*progress)(uint64_t size, uint64_t offset, void *usrptr))
3431 if (progress && !interrupted)
3432 progress(rh->device_size, rh->progress, NULL);
3433 r = reencrypt_teardown_ok(cd, hdr, rh);
3436 reencrypt_teardown_fatal(cd, hdr, rh);
3442 /* this frees reencryption lock */
3443 LUKS2_reencrypt_free(cd, rh);
3444 crypt_set_luks2_reencrypt(cd, NULL);
3449 int crypt_reencrypt(struct crypt_device *cd,
3450 int (*progress)(uint64_t size, uint64_t offset, void *usrptr))
3452 #if USE_LUKS2_REENCRYPTION
3454 crypt_reencrypt_info ri;
3455 struct luks2_hdr *hdr;
3456 struct luks2_reencrypt *rh;
3460 if (onlyLUKS2mask(cd, CRYPT_REQUIREMENT_ONLINE_REENCRYPT))
3463 hdr = crypt_get_hdr(cd, CRYPT_LUKS2);
3465 ri = LUKS2_reencrypt_status(hdr);
3466 if (ri > CRYPT_REENCRYPT_CLEAN) {
3467 log_err(cd, _("Cannot proceed with reencryption. Unexpected reencryption status."));
3471 rh = crypt_get_luks2_reencrypt(cd);
3472 if (!rh || (!rh->reenc_lock && crypt_metadata_locking_enabled())) {
3473 log_err(cd, _("Missing or invalid reencrypt context."));
3477 log_dbg(cd, "Resuming LUKS2 reencryption.");
3479 if (rh->online && reencrypt_init_device_stack(cd, rh)) {
3480 log_err(cd, _("Failed to initialize reencryption device stack."));
3484 log_dbg(cd, "Progress %" PRIu64 ", device_size %" PRIu64, rh->progress, rh->device_size);
3488 /* update reencrypt keyslot protection parameters in memory only */
3489 if (!quit && (rh->device_size > rh->progress)) {
3490 r = reencrypt_keyslot_update(cd, rh);
3492 log_dbg(cd, "Keyslot update failed.");
3493 return reencrypt_teardown(cd, hdr, rh, REENC_ERR, quit, progress);
3497 while (!quit && (rh->device_size > rh->progress)) {
3498 rs = reencrypt_step(cd, hdr, rh, rh->device_size, rh->online);
3502 log_dbg(cd, "Progress %" PRIu64 ", device_size %" PRIu64, rh->progress, rh->device_size);
3503 if (progress && progress(rh->device_size, rh->progress, NULL))
3506 r = reencrypt_context_update(cd, rh);
3508 log_err(cd, _("Failed to update reencryption context."));
3513 log_dbg(cd, "Next reencryption offset will be %" PRIu64 " sectors.", rh->offset);
3514 log_dbg(cd, "Next reencryption chunk size will be %" PRIu64 " sectors).", rh->length);
3517 r = reencrypt_teardown(cd, hdr, rh, rs, quit, progress);
3520 log_err(cd, _("This operation is not supported for this device type."));
3525 #if USE_LUKS2_REENCRYPTION
3526 static int reencrypt_recovery(struct crypt_device *cd,
3527 struct luks2_hdr *hdr,
3528 uint64_t device_size,
3529 struct volume_key *vks)
3532 struct luks2_reencrypt *rh = NULL;
3534 r = reencrypt_load(cd, hdr, device_size, NULL, vks, &rh);
3536 log_err(cd, _("Failed to load LUKS2 reencryption context."));
3540 r = reencrypt_recover_segment(cd, hdr, rh, vks);
3544 if ((r = reencrypt_assign_segments(cd, hdr, rh, 0, 0)))
3547 r = reencrypt_context_update(cd, rh);
3549 log_err(cd, _("Failed to update reencryption context."));
3553 r = reencrypt_teardown_ok(cd, hdr, rh);
3555 r = LUKS2_hdr_write(cd, hdr);
3557 LUKS2_reencrypt_free(cd, rh);
3563 * use only for calculation of minimal data device size.
3564 * The real data offset is taken directly from segments!
3566 int LUKS2_reencrypt_data_offset(struct luks2_hdr *hdr, bool blockwise)
3568 crypt_reencrypt_info ri = LUKS2_reencrypt_status(hdr);
3569 uint64_t data_offset = LUKS2_get_data_offset(hdr);
3571 if (ri == CRYPT_REENCRYPT_CLEAN && reencrypt_direction(hdr) == CRYPT_REENCRYPT_FORWARD)
3572 data_offset += reencrypt_data_shift(hdr) >> SECTOR_SHIFT;
3574 return blockwise ? data_offset : data_offset << SECTOR_SHIFT;
3578 int LUKS2_reencrypt_check_device_size(struct crypt_device *cd, struct luks2_hdr *hdr,
3579 uint64_t check_size, uint64_t *dev_size, bool activation, bool dynamic)
3582 uint64_t data_offset, real_size = 0;
3584 if (reencrypt_direction(hdr) == CRYPT_REENCRYPT_BACKWARD &&
3585 (LUKS2_get_segment_by_flag(hdr, "backup-moved-segment") || dynamic))
3586 check_size += reencrypt_data_shift(hdr);
3588 r = device_check_access(cd, crypt_data_device(cd), activation ? DEV_EXCL : DEV_OK);
3592 data_offset = LUKS2_reencrypt_data_offset(hdr, false);
3594 r = device_check_size(cd, crypt_data_device(cd), data_offset, 1);
3598 r = device_size(crypt_data_device(cd), &real_size);
3602 log_dbg(cd, "Required minimal device size: %" PRIu64 " (%" PRIu64 " sectors)"
3603 ", real device size: %" PRIu64 " (%" PRIu64 " sectors)\n"
3604 "calculated device size: %" PRIu64 " (%" PRIu64 " sectors)",
3605 check_size, check_size >> SECTOR_SHIFT, real_size, real_size >> SECTOR_SHIFT,
3606 real_size - data_offset, (real_size - data_offset) >> SECTOR_SHIFT);
3608 if (real_size < data_offset || (check_size && (real_size - data_offset) < check_size)) {
3609 log_err(cd, _("Device %s is too small."), device_path(crypt_data_device(cd)));
3613 *dev_size = real_size - data_offset;
3617 #if USE_LUKS2_REENCRYPTION
3618 /* returns keyslot number on success (>= 0) or negative errnor otherwise */
3619 int LUKS2_reencrypt_locked_recovery_by_passphrase(struct crypt_device *cd,
3622 const char *passphrase,
3623 size_t passphrase_size,
3625 struct volume_key **vks)
3627 uint64_t minimal_size, device_size;
3628 int keyslot, r = -EINVAL;
3629 struct luks2_hdr *hdr = crypt_get_hdr(cd, CRYPT_LUKS2);
3630 struct volume_key *vk = NULL, *_vks = NULL;
3632 log_dbg(cd, "Entering reencryption crash recovery.");
3634 if (LUKS2_get_data_size(hdr, &minimal_size, NULL))
3637 r = LUKS2_keyslot_open_all_segments(cd, keyslot_old, keyslot_new,
3638 passphrase, passphrase_size, &_vks);
3643 if (crypt_use_keyring_for_vk(cd))
3647 r = LUKS2_volume_key_load_in_keyring_by_digest(cd, hdr, vk, crypt_volume_key_get_id(vk));
3650 vk = crypt_volume_key_next(vk);
3653 if (LUKS2_reencrypt_check_device_size(cd, hdr, minimal_size, &device_size, true, false))
3656 r = reencrypt_recovery(cd, hdr, device_size, _vks);
3659 MOVE_REF(*vks, _vks);
3662 crypt_drop_keyring_key(cd, _vks);
3663 crypt_free_volume_key(_vks);
3665 return r < 0 ? r : keyslot;
3668 crypt_reencrypt_info LUKS2_reencrypt_get_params(struct luks2_hdr *hdr,
3669 struct crypt_params_reencrypt *params)
3671 crypt_reencrypt_info ri;
3675 ri = LUKS2_reencrypt_status(hdr);
3676 if (ri == CRYPT_REENCRYPT_NONE || ri == CRYPT_REENCRYPT_INVALID || !params)
3679 digest = LUKS2_digest_by_keyslot(hdr, LUKS2_find_keyslot(hdr, "reencrypt"));
3680 if (digest < 0 && digest != -ENOENT)
3681 return CRYPT_REENCRYPT_INVALID;
3684 * In case there's an old "online-reencrypt" requirement or reencryption
3685 * keyslot digest is missing inform caller reencryption metadata requires repair.
3687 if (!LUKS2_config_get_reencrypt_version(hdr, &version) &&
3688 (version < 2 || digest == -ENOENT)) {
3689 params->flags |= CRYPT_REENCRYPT_REPAIR_NEEDED;
3693 params->mode = reencrypt_mode(hdr);
3694 params->direction = reencrypt_direction(hdr);
3695 params->resilience = reencrypt_resilience_type(hdr);
3696 params->hash = reencrypt_resilience_hash(hdr);
3697 params->data_shift = reencrypt_data_shift(hdr) >> SECTOR_SHIFT;
3698 params->max_hotzone_size = 0;
3699 if (LUKS2_get_segment_id_by_flag(hdr, "backup-moved-segment") >= 0)
3700 params->flags |= CRYPT_REENCRYPT_MOVE_FIRST_SEGMENT;