2 * TCRYPT compatible volume handling
4 * Copyright (C) 2012, Red Hat, Inc. All rights reserved.
5 * Copyright (C) 2012, Milan Broz
7 * This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License
9 * version 2 as published by the Free Software Foundation.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
28 #include "libcryptsetup.h"
32 /* TCRYPT PBKDF variants */
34 unsigned int legacy:1;
37 unsigned int iterations;
39 { 0, "pbkdf2", "ripemd160", 2000 },
40 { 0, "pbkdf2", "ripemd160", 1000 },
41 { 0, "pbkdf2", "sha512", 1000 },
42 { 0, "pbkdf2", "whirlpool", 1000 },
43 { 1, "pbkdf2", "sha1", 2000 },
49 unsigned int key_size;
51 unsigned int key_offset;
52 unsigned int iv_offset; /* or tweak key offset */
56 unsigned int legacy:1;
57 unsigned int chain_count;
58 unsigned int chain_key_size;
59 const char *long_name;
61 struct tcrypt_alg cipher[3];
64 /* TCRYPT cipher variants */
65 static struct tcrypt_algs tcrypt_cipher[] = {
67 {0,1,64,"aes","xts-plain64",
68 {{"aes", 64,16,0,32}}},
69 {0,1,64,"serpent","xts-plain64",
70 {{"serpent",64,16,0,32}}},
71 {0,1,64,"twofish","xts-plain64",
72 {{"twofish",64,16,0,32}}},
73 {0,2,128,"twofish-aes","xts-plain64",
74 {{"twofish",64,16, 0,64},
75 {"aes", 64,16,32,96}}},
76 {0,3,192,"serpent-twofish-aes","xts-plain64",
77 {{"serpent",64,16, 0, 96},
78 {"twofish",64,16,32,128},
79 {"aes", 64,16,64,160}}},
80 {0,2,128,"aes-serpent","xts-plain64",
81 {{"aes", 64,16, 0,64},
82 {"serpent",64,16,32,96}}},
83 {0,3,192,"aes-twofish-serpent","xts-plain64",
84 {{"aes", 64,16, 0, 96},
85 {"twofish",64,16,32,128},
86 {"serpent",64,16,64,160}}},
87 {0,2,128,"serpent-twofish","xts-plain64",
88 {{"serpent",64,16, 0,64},
89 {"twofish",64,16,32,96}}},
91 {0,1,48,"aes","lrw-benbi",
92 {{"aes", 48,16,32,0}}},
93 {0,1,48,"serpent","lrw-benbi",
94 {{"serpent",48,16,32,0}}},
95 {0,1,48,"twofish","lrw-benbi",
96 {{"twofish",48,16,32,0}}},
97 {0,2,96,"twofish-aes","lrw-benbi",
98 {{"twofish",48,16,32,0},
99 {"aes", 48,16,64,0}}},
100 {0,3,144,"serpent-twofish-aes","lrw-benbi",
101 {{"serpent",48,16,32,0},
102 {"twofish",48,16,64,0},
103 {"aes", 48,16,96,0}}},
104 {0,2,96,"aes-serpent","lrw-benbi",
105 {{"aes", 48,16,32,0},
106 {"serpent",48,16,64,0}}},
107 {0,3,144,"aes-twofish-serpent","lrw-benbi",
108 {{"aes", 48,16,32,0},
109 {"twofish",48,16,64,0},
110 {"serpent",48,16,96,0}}},
111 {0,2,96,"serpent-twofish", "lrw-benbi",
112 {{"serpent",48,16,32,0},
113 {"twofish",48,16,64,0}}},
114 /* Kernel LRW block size is fixed to 16 bytes for GF(2^128)
115 * thus cannot be used with blowfish where block is 8 bytes.
116 * There also no GF(2^64) support.
117 {1,1,64,"blowfish_le","lrw-benbi",
118 {{"blowfish_le",64,8,32,0}}},
119 {1,2,112,"blowfish_le-aes","lrw-benbi",
120 {{"blowfish_le",64, 8,32,0},
121 {"aes", 48,16,88,0}}},
122 {1,3,160,"serpent-blowfish_le-aes","lrw-benbi",
123 {{"serpent", 48,16, 32,0},
124 {"blowfish_le",64, 8, 64,0},
125 {"aes", 48,16,120,0}}},*/
126 /* CBC + "outer" CBC (both with whitening) */
127 {1,1,32,"aes","cbc-tcrypt",
128 {{"aes", 32,16,32,0}}},
129 {1,1,32,"serpent","cbc-tcrypt",
130 {{"serpent",32,16,32,0}}},
131 {1,1,32,"twofish","cbc-tcrypt",
132 {{"twofish",32,16,32,0}}},
133 {1,2,64,"twofish-aes","cbci-tcrypt",
134 {{"twofish",32,16,32,0},
135 {"aes", 32,16,64,0}}},
136 {1,3,96,"serpent-twofish-aes","cbci-tcrypt",
137 {{"serpent",32,16,32,0},
138 {"twofish",32,16,64,0},
139 {"aes", 32,16,96,0}}},
140 {1,2,64,"aes-serpent","cbci-tcrypt",
141 {{"aes", 32,16,32,0},
142 {"serpent",32,16,64,0}}},
143 {1,3,96,"aes-twofish-serpent", "cbci-tcrypt",
144 {{"aes", 32,16,32,0},
145 {"twofish",32,16,64,0},
146 {"serpent",32,16,96,0}}},
147 {1,2,64,"serpent-twofish", "cbci-tcrypt",
148 {{"serpent",32,16,32,0},
149 {"twofish",32,16,64,0}}},
150 {1,1,16,"cast5","cbc-tcrypt",
151 {{"cast5", 16,8,32,0}}},
152 {1,1,24,"des3_ede","cbc-tcrypt",
153 {{"des3_ede",24,8,32,0}}},
154 {1,1,56,"blowfish_le","cbc-tcrypt",
155 {{"blowfish_le",56,8,32,0}}},
156 {1,2,88,"blowfish_le-aes","cbc-tcrypt",
157 {{"blowfish_le",56, 8,32,0},
158 {"aes", 32,16,88,0}}},
159 {1,3,120,"serpent-blowfish_le-aes","cbc-tcrypt",
160 {{"serpent", 32,16, 32,0},
161 {"blowfish_le",56, 8, 64,0},
162 {"aes", 32,16,120,0}}},
166 static int hdr_from_disk(struct tcrypt_phdr *hdr,
167 struct crypt_params_tcrypt *params,
168 int kdf_index, int cipher_index)
173 /* Check CRC32 of header */
174 size = TCRYPT_HDR_LEN - sizeof(hdr->d.keys) - sizeof(hdr->d.header_crc32);
175 crc32 = crypt_crc32(~0, (unsigned char*)&hdr->d, size) ^ ~0;
176 if (be16_to_cpu(hdr->d.version) > 3 &&
177 crc32 != be32_to_cpu(hdr->d.header_crc32)) {
178 log_dbg("TCRYPT header CRC32 mismatch.");
182 /* Check CRC32 of keys */
183 crc32 = crypt_crc32(~0, (unsigned char*)hdr->d.keys, sizeof(hdr->d.keys)) ^ ~0;
184 if (crc32 != be32_to_cpu(hdr->d.keys_crc32)) {
185 log_dbg("TCRYPT keys CRC32 mismatch.");
189 /* Convert header to cpu format */
190 hdr->d.version = be16_to_cpu(hdr->d.version);
191 hdr->d.version_tc = le16_to_cpu(hdr->d.version_tc);
193 hdr->d.keys_crc32 = be32_to_cpu(hdr->d.keys_crc32);
195 hdr->d.hidden_volume_size = be64_to_cpu(hdr->d.hidden_volume_size);
196 hdr->d.volume_size = be64_to_cpu(hdr->d.volume_size);
198 hdr->d.mk_offset = be64_to_cpu(hdr->d.mk_offset);
199 if (!hdr->d.mk_offset)
200 hdr->d.mk_offset = 512;
202 hdr->d.mk_size = be64_to_cpu(hdr->d.mk_size);
204 hdr->d.flags = be32_to_cpu(hdr->d.flags);
206 hdr->d.sector_size = be32_to_cpu(hdr->d.sector_size);
207 if (!hdr->d.sector_size)
208 hdr->d.sector_size = 512;
210 hdr->d.header_crc32 = be32_to_cpu(hdr->d.header_crc32);
213 params->passphrase = NULL;
214 params->passphrase_size = 0;
215 params->hash_name = tcrypt_kdf[kdf_index].hash;
216 params->key_size = tcrypt_cipher[cipher_index].chain_key_size;
217 params->cipher = tcrypt_cipher[cipher_index].long_name;
218 params->mode = tcrypt_cipher[cipher_index].mode;
224 * Kernel implements just big-endian version of blowfish, hack it here
226 static void blowfish_le(char *buf)
228 uint32_t *l = (uint32_t*)&buf[0];
229 uint32_t *r = (uint32_t*)&buf[4];
234 static int decrypt_blowfish_le_cbc(struct tcrypt_alg *alg,
235 const char *key, char *buf)
237 char iv[alg->iv_size], iv_old[alg->iv_size];
238 struct crypt_cipher *cipher = NULL;
239 int bs = alg->iv_size;
242 assert(bs == 2*sizeof(uint32_t));
244 r = crypt_cipher_init(&cipher, "blowfish", "ecb",
245 &key[alg->key_offset], alg->key_size);
249 memcpy(iv, &key[alg->iv_offset], alg->iv_size);
250 for (i = 0; i < TCRYPT_HDR_LEN; i += bs) {
251 memcpy(iv_old, &buf[i], bs);
252 blowfish_le(&buf[i]);
253 r = crypt_cipher_decrypt(cipher, &buf[i], &buf[i],
255 blowfish_le(&buf[i]);
258 for (j = 0; j < bs; j++)
260 memcpy(iv, iv_old, bs);
263 crypt_cipher_destroy(cipher);
267 static void remove_whitening(char *buf, const char *key)
271 for (j = 0; j < TCRYPT_HDR_LEN; j++)
272 buf[j] ^= key[j % 8];
275 static void copy_key(struct tcrypt_alg *alg, const char *mode,
276 char *out_key, const char *key)
279 if (!strncmp(mode, "xts", 3)) {
280 ks2 = alg->key_size / 2;
281 memcpy(out_key, &key[alg->key_offset], ks2);
282 memcpy(&out_key[ks2], &key[alg->iv_offset], ks2);
283 } else if (!strncmp(mode, "lrw", 3)) {
284 ks2 = alg->key_size - TCRYPT_LRW_IKEY_LEN;
285 memcpy(out_key, &key[alg->key_offset], ks2);
286 memcpy(&out_key[ks2], key, TCRYPT_LRW_IKEY_LEN);
287 } else if (!strncmp(mode, "cbc", 3)) {
288 memcpy(out_key, &key[alg->key_offset], alg->key_size);
292 static int decrypt_hdr_one(struct tcrypt_alg *alg, const char *mode,
293 const char *key,struct tcrypt_phdr *hdr)
295 char backend_key[TCRYPT_HDR_KEY_LEN];
296 char iv[TCRYPT_HDR_IV_LEN] = {};
297 char mode_name[MAX_CIPHER_LEN];
298 struct crypt_cipher *cipher;
299 char *c, *buf = (char*)&hdr->e;
302 /* Remove IV if present */
303 strncpy(mode_name, mode, MAX_CIPHER_LEN);
304 c = strchr(mode_name, '-');
308 if (!strncmp(mode, "lrw", 3))
309 iv[alg->iv_size - 1] = 1;
310 else if (!strncmp(mode, "cbc", 3)) {
311 remove_whitening(buf, &key[8]);
312 if (!strcmp(alg->name, "blowfish_le"))
313 return decrypt_blowfish_le_cbc(alg, key, buf);
314 memcpy(iv, &key[alg->iv_offset], alg->iv_size);
317 copy_key(alg, mode, backend_key, key);
318 r = crypt_cipher_init(&cipher, alg->name, mode_name,
319 backend_key, alg->key_size);
320 memset(backend_key, 0, sizeof(backend_key));
324 r = crypt_cipher_decrypt(cipher, buf, buf, TCRYPT_HDR_LEN, iv, alg->iv_size);
325 crypt_cipher_destroy(cipher);
331 * For chanined ciphers and CBC mode we need "outer" decryption.
332 * Backend doesn't provide this, so implement it here directly using ECB.
334 static int decrypt_hdr_cbci(struct tcrypt_algs *ciphers,
335 const char *key, struct tcrypt_phdr *hdr)
337 struct crypt_cipher *cipher[ciphers->chain_count];
338 int bs = ciphers->cipher[0].iv_size;
339 char *buf = (char*)&hdr->e, iv[bs], iv_old[bs];
340 int i, j, r = -EINVAL;
342 remove_whitening(buf, &key[8]);
344 memcpy(iv, &key[ciphers->cipher[0].iv_offset], bs);
346 /* Initialize all ciphers in chain in ECB mode */
347 for (j = 0; j < ciphers->chain_count; j++)
349 for (j = 0; j < ciphers->chain_count; j++) {
350 r = crypt_cipher_init(&cipher[j], ciphers->cipher[j].name, "ecb",
351 &key[ciphers->cipher[j].key_offset],
352 ciphers->cipher[j].key_size);
357 /* Implements CBC with chained ciphers in loop inside */
358 for (i = 0; i < TCRYPT_HDR_LEN; i += bs) {
359 memcpy(iv_old, &buf[i], bs);
360 for (j = ciphers->chain_count - 1; j >= 0; j--) {
361 r = crypt_cipher_decrypt(cipher[j], &buf[i], &buf[i],
366 for (j = 0; j < bs; j++)
368 memcpy(iv, iv_old, bs);
371 for (j = 0; j < ciphers->chain_count; j++)
373 crypt_cipher_destroy(cipher[j]);
378 static int decrypt_hdr(struct crypt_device *cd, struct tcrypt_phdr *hdr,
379 const char *key, int legacy_modes)
381 struct tcrypt_phdr hdr2;
382 int i, j, r = -EINVAL;
384 for (i = 0; tcrypt_cipher[i].chain_count; i++) {
385 if (!legacy_modes && tcrypt_cipher[i].legacy)
387 log_dbg("TCRYPT: trying cipher %s-%s",
388 tcrypt_cipher[i].long_name, tcrypt_cipher[i].mode);
390 memcpy(&hdr2.e, &hdr->e, TCRYPT_HDR_LEN);
392 if (!strncmp(tcrypt_cipher[i].mode, "cbci", 4))
393 r = decrypt_hdr_cbci(&tcrypt_cipher[i], key, &hdr2);
394 else for (j = tcrypt_cipher[i].chain_count - 1; j >= 0 ; j--) {
395 if (!tcrypt_cipher[i].cipher[j].name)
397 r = decrypt_hdr_one(&tcrypt_cipher[i].cipher[j],
398 tcrypt_cipher[i].mode, key, &hdr2);
404 log_dbg("TCRYPT: returned error %d, skipped.", r);
411 if (!strncmp(hdr2.d.magic, TCRYPT_HDR_MAGIC, TCRYPT_HDR_MAGIC_LEN)) {
412 log_dbg("TCRYPT: Signature magic detected.");
413 memcpy(&hdr->e, &hdr2.e, TCRYPT_HDR_LEN);
414 memset(&hdr2.e, 0, TCRYPT_HDR_LEN);
424 static int pool_keyfile(struct crypt_device *cd,
425 unsigned char pool[TCRYPT_KEY_POOL_LEN],
428 unsigned char data[TCRYPT_KEYFILE_LEN];
429 int i, j, fd, data_size;
431 unsigned char *crc_c = (unsigned char*)&crc;
433 log_dbg("TCRYPT: using keyfile %s.", keyfile);
435 fd = open(keyfile, O_RDONLY);
437 log_err(cd, _("Failed to open key file.\n"));
441 /* FIXME: add while */
442 data_size = read(fd, data, TCRYPT_KEYFILE_LEN);
445 log_err(cd, _("Error reading keyfile %s.\n"), keyfile);
449 for (i = 0, j = 0, crc = ~0U; i < data_size; i++) {
450 crc = crypt_crc32(crc, &data[i], 1);
451 pool[j++] += crc_c[3];
452 pool[j++] += crc_c[2];
453 pool[j++] += crc_c[1];
454 pool[j++] += crc_c[0];
455 j %= TCRYPT_KEY_POOL_LEN;
459 memset(data, 0, TCRYPT_KEYFILE_LEN);
464 static int TCRYPT_init_hdr(struct crypt_device *cd,
465 struct tcrypt_phdr *hdr,
466 struct crypt_params_tcrypt *params)
468 unsigned char pwd[TCRYPT_KEY_POOL_LEN] = {};
469 size_t passphrase_size;
471 int r = -EINVAL, i, legacy_modes, skipped = 0;
473 if (posix_memalign((void*)&key, crypt_getpagesize(), TCRYPT_HDR_KEY_LEN))
476 if (params->keyfiles_count)
477 passphrase_size = TCRYPT_KEY_POOL_LEN;
479 passphrase_size = params->passphrase_size;
481 /* Calculate pool content from keyfiles */
482 for (i = 0; i < params->keyfiles_count; i++) {
483 r = pool_keyfile(cd, pwd, params->keyfiles[i]);
488 /* If provided password, combine it with pool */
489 for (i = 0; i < params->passphrase_size; i++)
490 pwd[i] += params->passphrase[i];
492 legacy_modes = params->flags & CRYPT_TCRYPT_LEGACY_MODES ? 1 : 0;
493 for (i = 0; tcrypt_kdf[i].name; i++) {
494 if (!legacy_modes && tcrypt_kdf[i].legacy)
496 /* Derive header key */
497 log_dbg("TCRYPT: trying KDF: %s-%s-%d.",
498 tcrypt_kdf[i].name, tcrypt_kdf[i].hash, tcrypt_kdf[i].iterations);
499 r = crypt_pbkdf(tcrypt_kdf[i].name, tcrypt_kdf[i].hash,
500 (char*)pwd, passphrase_size,
501 hdr->salt, TCRYPT_HDR_SALT_LEN,
502 key, TCRYPT_HDR_KEY_LEN,
503 tcrypt_kdf[i].iterations);
508 r = decrypt_hdr(cd, hdr, key, legacy_modes);
517 if ((skipped && skipped == i) || r == -ENOTSUP)
518 log_err(cd, _("Required kernel crypto interface not available.\n"
519 "Ensure you have algif_skcipher kernel module loaded.\n"));
523 r = hdr_from_disk(hdr, params, i, r);
525 log_dbg("TCRYPT: Header version: %d, req. %d, sector %d"
526 ", mk_offset %" PRIu64 ", hidden_size %" PRIu64
527 ", volume size %" PRIu64, (int)hdr->d.version,
528 (int)hdr->d.version_tc, (int)hdr->d.sector_size,
529 hdr->d.mk_offset, hdr->d.hidden_volume_size, hdr->d.volume_size);
530 log_dbg("TCRYPT: Header cipher %s-%s, key size %d",
531 params->cipher, params->mode, params->key_size);
534 memset(pwd, 0, TCRYPT_KEY_POOL_LEN);
536 memset(key, 0, TCRYPT_HDR_KEY_LEN);
541 int TCRYPT_read_phdr(struct crypt_device *cd,
542 struct tcrypt_phdr *hdr,
543 struct crypt_params_tcrypt *params)
545 struct device *device = crypt_metadata_device(cd);
546 ssize_t hdr_size = sizeof(struct tcrypt_phdr);
547 int devfd = 0, r, bs;
549 assert(sizeof(struct tcrypt_phdr) == 512);
551 log_dbg("Reading TCRYPT header of size %d bytes from device %s.",
552 hdr_size, device_path(device));
554 bs = device_block_size(device);
558 devfd = open(device_path(device), O_RDONLY | O_DIRECT);
560 log_err(cd, _("Cannot open device %s.\n"), device_path(device));
565 if (params->flags & CRYPT_TCRYPT_HIDDEN_HEADER) {
566 if (params->flags & CRYPT_TCRYPT_BACKUP_HEADER) {
567 if (lseek(devfd, TCRYPT_HDR_HIDDEN_OFFSET_BCK, SEEK_END) >= 0 &&
568 read_blockwise(devfd, bs, hdr, hdr_size) == hdr_size)
569 r = TCRYPT_init_hdr(cd, hdr, params);
571 if (lseek(devfd, TCRYPT_HDR_HIDDEN_OFFSET, SEEK_SET) >= 0 &&
572 read_blockwise(devfd, bs, hdr, hdr_size) == hdr_size)
573 r = TCRYPT_init_hdr(cd, hdr, params);
575 lseek(devfd, TCRYPT_HDR_HIDDEN_OFFSET_OLD, SEEK_END) >= 0 &&
576 read_blockwise(devfd, bs, hdr, hdr_size) == hdr_size)
577 r = TCRYPT_init_hdr(cd, hdr, params);
579 } else if (params->flags & CRYPT_TCRYPT_BACKUP_HEADER) {
580 if (lseek(devfd, TCRYPT_HDR_OFFSET_BCK, SEEK_END) >= 0 &&
581 read_blockwise(devfd, bs, hdr, hdr_size) == hdr_size)
582 r = TCRYPT_init_hdr(cd, hdr, params);
583 } else if (read_blockwise(devfd, bs, hdr, hdr_size) == hdr_size)
584 r = TCRYPT_init_hdr(cd, hdr, params);
590 static struct tcrypt_algs *get_algs(struct crypt_params_tcrypt *params)
594 if (!params->cipher || !params->mode)
597 for (i = 0; tcrypt_cipher[i].chain_count; i++)
598 if (!strcmp(tcrypt_cipher[i].long_name, params->cipher) &&
599 !strcmp(tcrypt_cipher[i].mode, params->mode))
600 return &tcrypt_cipher[i];
605 int TCRYPT_activate(struct crypt_device *cd,
607 struct tcrypt_phdr *hdr,
608 struct crypt_params_tcrypt *params,
611 char cipher[MAX_CIPHER_LEN], dm_name[PATH_MAX], dm_dev_name[PATH_MAX];
612 struct device *device = NULL;
614 struct tcrypt_algs *algs;
615 struct crypt_dm_active_device dmd = {
618 .data_device = crypt_data_device(cd),
621 .offset = crypt_get_data_offset(cd),
622 .iv_offset = crypt_get_iv_offset(cd),
626 if (!hdr->d.version) {
627 log_dbg("TCRYPT: this function is not supported without encrypted header load.");
631 if (hdr->d.sector_size && hdr->d.sector_size != SECTOR_SIZE) {
632 log_err(cd, _("Activation is not supported for %d sector size.\n"),
637 if (strstr(params->mode, "-tcrypt")) {
638 log_err(cd, _("Kernel doesn't support activation for this TCRYPT legacy mode.\n"));
642 algs = get_algs(params);
646 if (params->flags & CRYPT_TCRYPT_HIDDEN_HEADER)
647 dmd.size = hdr->d.hidden_volume_size / hdr->d.sector_size;
649 dmd.size = hdr->d.volume_size / hdr->d.sector_size;
651 r = device_block_adjust(cd, dmd.data_device, DEV_EXCL,
652 dmd.u.crypt.offset, &dmd.size, &dmd.flags);
656 /* Frome here, key size for every cipher must be the same */
657 dmd.u.crypt.vk = crypt_alloc_volume_key(algs->cipher[0].key_size, NULL);
661 for (i = algs->chain_count - 1; i >= 0; i--) {
663 strncpy(dm_name, name, sizeof(dm_name));
666 snprintf(dm_name, sizeof(dm_name), "%s_%d", name, i);
667 dmd.flags = flags | CRYPT_ACTIVATE_PRIVATE;
670 snprintf(cipher, sizeof(cipher), "%s-%s",
671 algs->cipher[i].name, algs->mode);
673 copy_key(&algs->cipher[i], algs->mode, dmd.u.crypt.vk->key, hdr->d.keys);
675 if ((algs->chain_count - 1) != i) {
676 snprintf(dm_dev_name, sizeof(dm_dev_name), "%s/%s_%d",
677 dm_get_dir(), name, i + 1);
678 r = device_alloc(&device, dm_dev_name);
681 dmd.data_device = device;
682 dmd.u.crypt.offset = 0;
685 log_dbg("Trying to activate TCRYPT device %s using cipher %s.",
686 dm_name, dmd.u.crypt.cipher);
687 r = dm_create_device(cd, dm_name, CRYPT_TCRYPT, &dmd, 0);
696 if (!r && !(dm_flags() & DM_PLAIN64_SUPPORTED)) {
697 log_err(cd, _("Kernel doesn't support plain64 IV.\n"));
701 crypt_free_volume_key(dmd.u.crypt.vk);
705 static int remove_one(struct crypt_device *cd, const char *name,
706 const char *base_uuid, int index)
708 struct crypt_dm_active_device dmd = {};
709 char dm_name[PATH_MAX];
712 if (snprintf(dm_name, sizeof(dm_name), "%s_%d", name, index) < 0)
715 r = dm_status_device(cd, dm_name);
719 r = dm_query_device(cd, dm_name, DM_ACTIVE_UUID, &dmd);
720 if (!r && !strncmp(dmd.uuid, base_uuid, strlen(base_uuid)))
721 r = dm_remove_device(cd, dm_name, 0, 0);
723 free(CONST_CAST(void*)dmd.uuid);
727 int TCRYPT_deactivate(struct crypt_device *cd, const char *name)
729 struct crypt_dm_active_device dmd = {};
732 r = dm_query_device(cd, name, DM_ACTIVE_UUID, &dmd);
738 r = dm_remove_device(cd, name, 0, 0);
742 r = remove_one(cd, name, dmd.uuid, 1);
746 r = remove_one(cd, name, dmd.uuid, 2);
750 free(CONST_CAST(void*)dmd.uuid);
751 return (r == -ENODEV) ? 0 : r;
754 static int status_one(struct crypt_device *cd, const char *name,
755 const char *base_uuid, int index,
756 size_t *key_size, char *cipher, uint64_t *data_offset,
757 struct device **device)
759 struct crypt_dm_active_device dmd = {};
760 char dm_name[PATH_MAX], *c;
763 if (snprintf(dm_name, sizeof(dm_name), "%s_%d", name, index) < 0)
766 r = dm_status_device(cd, dm_name);
770 r = dm_query_device(cd, dm_name, DM_ACTIVE_DEVICE |
772 DM_ACTIVE_CRYPT_CIPHER |
773 DM_ACTIVE_CRYPT_KEYSIZE, &dmd);
776 if (!r && !strncmp(dmd.uuid, base_uuid, strlen(base_uuid))) {
777 if ((c = strchr(dmd.u.crypt.cipher, '-')))
780 strncat(cipher, dmd.u.crypt.cipher, MAX_CIPHER_LEN);
781 *key_size += dmd.u.crypt.vk->keylength;
782 *data_offset = dmd.u.crypt.offset * SECTOR_SIZE;
783 device_free(*device);
784 *device = dmd.data_device;
786 device_free(dmd.data_device);
790 free(CONST_CAST(void*)dmd.uuid);
791 free(CONST_CAST(void*)dmd.u.crypt.cipher);
792 crypt_free_volume_key(dmd.u.crypt.vk);
796 int TCRYPT_init_by_name(struct crypt_device *cd, const char *name,
797 const struct crypt_dm_active_device *dmd,
798 struct device **device,
799 struct crypt_params_tcrypt *tcrypt_params,
800 struct tcrypt_phdr *tcrypt_hdr)
802 char cipher[MAX_CIPHER_LEN * 4], *mode;
804 memset(tcrypt_params, 0, sizeof(*tcrypt_params));
805 memset(tcrypt_hdr, 0, sizeof(*tcrypt_hdr));
806 tcrypt_hdr->d.sector_size = SECTOR_SIZE;
807 tcrypt_hdr->d.mk_offset = dmd->u.crypt.offset * SECTOR_SIZE;
809 strncpy(cipher, dmd->u.crypt.cipher, MAX_CIPHER_LEN);
811 if ((mode = strchr(cipher, '-'))) {
813 tcrypt_params->mode = strdup(++mode);
815 tcrypt_params->key_size = dmd->u.crypt.vk->keylength;
817 if (!status_one(cd, name, dmd->uuid, 1, &tcrypt_params->key_size,
818 cipher, &tcrypt_hdr->d.mk_offset, device))
819 status_one(cd, name, dmd->uuid, 2, &tcrypt_params->key_size,
820 cipher, &tcrypt_hdr->d.mk_offset, device);
822 tcrypt_params->cipher = strdup(cipher);
826 uint64_t TCRYPT_get_data_offset(struct crypt_device *cd,
827 struct tcrypt_phdr *hdr,
828 struct crypt_params_tcrypt *params)
832 if (params->mode && !strncmp(params->mode, "xts", 3)) {
833 if (hdr->d.version < 3)
836 if (params->flags & CRYPT_TCRYPT_HIDDEN_HEADER) {
837 if (hdr->d.version > 3)
838 return (hdr->d.mk_offset / hdr->d.sector_size);
839 if (device_size(crypt_metadata_device(cd), &size) < 0)
841 return (size - hdr->d.hidden_volume_size +
842 (TCRYPT_HDR_HIDDEN_OFFSET_OLD)) / hdr->d.sector_size;
844 return (hdr->d.mk_offset / hdr->d.sector_size);
847 if (params->flags & CRYPT_TCRYPT_HIDDEN_HEADER) {
848 if (device_size(crypt_metadata_device(cd), &size) < 0)
850 return (size - hdr->d.hidden_volume_size +
851 (TCRYPT_HDR_HIDDEN_OFFSET_OLD)) / hdr->d.sector_size;
854 // FIXME: system vol.
855 return hdr->d.mk_offset / hdr->d.sector_size;
858 uint64_t TCRYPT_get_iv_offset(struct crypt_device *cd,
859 struct tcrypt_phdr *hdr,
860 struct crypt_params_tcrypt *params
863 if (params->mode && !strncmp(params->mode, "xts", 3))
864 return TCRYPT_get_data_offset(cd, hdr, params);
865 else if (params->mode && !strncmp(params->mode, "lrw", 3))
868 return hdr->d.mk_offset / hdr->d.sector_size;
871 int TCRYPT_get_volume_key(struct crypt_device *cd,
872 struct tcrypt_phdr *hdr,
873 struct crypt_params_tcrypt *params,
874 struct volume_key **vk)
876 struct tcrypt_algs *algs;
879 if (!hdr->d.version) {
880 log_dbg("TCRYPT: this function is not supported without encrypted header load.");
884 algs = get_algs(params);
888 *vk = crypt_alloc_volume_key(params->key_size, NULL);
892 for (i = 0, key_index = 0; i < algs->chain_count; i++) {
893 copy_key(&algs->cipher[i], algs->mode,
894 &(*vk)->key[key_index], hdr->d.keys);
895 key_index += algs->cipher[i].key_size;
901 int TCRYPT_dump(struct crypt_device *cd,
902 struct tcrypt_phdr *hdr,
903 struct crypt_params_tcrypt *params)
905 log_std(cd, "TCRYPT header information for %s\n",
906 device_path(crypt_metadata_device(cd)));
907 if (hdr->d.version) {
908 log_std(cd, "Version: \t%d\n", hdr->d.version);
909 log_std(cd, "Driver req.:\t%d\n", hdr->d.version_tc);
911 log_std(cd, "Sector size:\t%" PRIu32 "\n", hdr->d.sector_size);
912 log_std(cd, "MK offset:\t%" PRIu64 "\n", hdr->d.mk_offset);
913 log_std(cd, "PBKDF2 hash:\t%s\n", params->hash_name);
915 log_std(cd, "Cipher chain:\t%s\n", params->cipher);
916 log_std(cd, "Cipher mode:\t%s\n", params->mode);
917 log_std(cd, "MK bits: \t%d\n", params->key_size * 8);