2 * TCRYPT compatible volume handling
4 * Copyright (C) 2012, Red Hat, Inc. All rights reserved.
5 * Copyright (C) 2012, Milan Broz
7 * This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License
9 * version 2 as published by the Free Software Foundation.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
28 #include "libcryptsetup.h"
32 /* TCRYPT PBKDF variants */
36 unsigned int iterations;
38 { "pbkdf2", "ripemd160", 2000 },
39 { "pbkdf2", "ripemd160", 1000 },
40 { "pbkdf2", "sha512", 1000 },
41 { "pbkdf2", "whirlpool", 1000 },
45 /* TCRYPT cipher variants */
47 const char *cipher[3];
51 { { "aes", NULL, NULL }, "xts-plain64", 64 },
52 { { "twofish", NULL, NULL }, "xts-plain64", 64 },
53 { { "serpent", NULL, NULL }, "xts-plain64", 64 },
54 { { "aes", "twofish", "serpent" }, "xts-plain64", 64 },
55 { { "serpent", "twofish", "aes" }, "xts-plain64", 64 },
56 { { "twofish", "aes", NULL }, "xts-plain64", 64 },
57 { { "aes", "serpent", NULL }, "xts-plain64", 64 },
58 { { "serpent", "twofish", NULL }, "xts-plain64", 64 },
59 { { "aes", NULL, NULL }, "lrw-benbi", 48 },
60 { { "twofish", NULL, NULL }, "lrw-benbi", 48 },
61 { { "serpent", NULL, NULL }, "lrw-benbi", 48 },
62 { { "aes", "twofish", "serpent" }, "lrw-benbi", 48 },
63 { { "serpent", "twofish", "aes" }, "lrw-benbi", 48 },
64 { { "twofish", "aes", NULL }, "lrw-benbi", 48 },
65 { { "aes", "serpent", NULL }, "lrw-benbi", 48 },
66 { { "serpent", "twofish", NULL }, "lrw-benbi", 48 },
67 { { NULL, NULL, NULL }, NULL, 0 }
70 static void hdr_info(struct crypt_device *cd, struct tcrypt_phdr *hdr,
71 struct crypt_params_tcrypt *params)
73 log_dbg("Version: %d, required %d", (int)hdr->d.version, (int)hdr->d.version_tc);
75 log_dbg("Hidden size: %" PRIu64, hdr->d.hidden_volume_size);
76 log_dbg("Volume size: %" PRIu64, hdr->d.volume_size);
78 log_dbg("Sector size: %" PRIu64, hdr->d.sector_size);
79 log_dbg("Flags: %d", (int)hdr->d.flags);
80 log_dbg("MK: offset %d, size %d", (int)hdr->d.mk_offset, (int)hdr->d.mk_size);
81 log_dbg("KDF: PBKDF2, hash %s", params->hash_name);
82 log_dbg("Cipher: %s%s%s%s%s-%s",
84 params->cipher[1] ? "-" : "", params->cipher[1] ?: "",
85 params->cipher[2] ? "-" : "", params->cipher[2] ?: "",
89 static int hdr_from_disk(struct tcrypt_phdr *hdr,
90 struct crypt_params_tcrypt *params,
91 int kdf_index, int cipher_index)
96 /* Check CRC32 of header */
97 size = TCRYPT_HDR_LEN - sizeof(hdr->d.keys) - sizeof(hdr->d.header_crc32);
98 crc32 = crypt_crc32(~0, (unsigned char*)&hdr->d, size) ^ ~0;
99 if (be16_to_cpu(hdr->d.version) > 3 &&
100 crc32 != be32_to_cpu(hdr->d.header_crc32)) {
101 log_dbg("TCRYPT header CRC32 mismatch.");
105 /* Check CRC32 of keys */
106 crc32 = crypt_crc32(~0, (unsigned char*)hdr->d.keys, sizeof(hdr->d.keys)) ^ ~0;
107 if (crc32 != be32_to_cpu(hdr->d.keys_crc32)) {
108 log_dbg("TCRYPT keys CRC32 mismatch.");
112 /* Convert header to cpu format */
113 hdr->d.version = be16_to_cpu(hdr->d.version);
114 hdr->d.version_tc = le16_to_cpu(hdr->d.version_tc); // ???
116 hdr->d.keys_crc32 = be32_to_cpu(hdr->d.keys_crc32);
118 hdr->d.hidden_volume_size = be64_to_cpu(hdr->d.hidden_volume_size);
119 hdr->d.volume_size = be64_to_cpu(hdr->d.volume_size);
121 hdr->d.mk_offset = be64_to_cpu(hdr->d.mk_offset);
122 if (!hdr->d.mk_offset)
123 hdr->d.mk_offset = 512;
125 hdr->d.mk_size = be64_to_cpu(hdr->d.mk_size);
127 hdr->d.flags = be32_to_cpu(hdr->d.flags);
129 hdr->d.sector_size = be32_to_cpu(hdr->d.sector_size);
130 if (!hdr->d.sector_size)
131 hdr->d.sector_size = 512;
133 hdr->d.header_crc32 = be32_to_cpu(hdr->d.header_crc32);
136 params->passphrase = NULL;
137 params->passphrase_size = 0;
139 params->hash_name = tcrypt_kdf[kdf_index].hash;
141 params->cipher[0] = tcrypt_cipher[cipher_index].cipher[0];
142 params->cipher[1] = tcrypt_cipher[cipher_index].cipher[1];
143 params->cipher[2] = tcrypt_cipher[cipher_index].cipher[2];
144 params->mode = tcrypt_cipher[cipher_index].mode;
145 params->key_size = tcrypt_cipher[cipher_index].key_size;
150 static int decrypt_hdr_one(const char *name, const char *mode,
151 const char *key, size_t key_size,
152 struct tcrypt_phdr *hdr)
154 char iv[TCRYPT_HDR_IV_LEN] = {};
155 char mode_name[MAX_CIPHER_LEN];
156 struct crypt_cipher *cipher;
161 /* Remove IV if present */
162 strncpy(mode_name, mode, MAX_CIPHER_LEN);
163 c = strchr(mode_name, '-');
167 if (!strncmp(mode, "lrw", 3))
170 r = crypt_cipher_init(&cipher, name, mode_name, key, key_size);
174 r = crypt_cipher_decrypt(cipher, buf, buf, TCRYPT_HDR_LEN,
175 iv, TCRYPT_HDR_IV_LEN);
176 crypt_cipher_destroy(cipher);
181 static void copy_key(char *out_key, const char *key, int key_num,
182 int ks, int ki, const char *mode)
184 if (!strncmp(mode, "xts", 3)) {
186 memcpy(out_key, &key[ks2 * ki], ks2);
187 memcpy(&out_key[ks2], &key[ks2 * (++key_num + ki)], ks2);
188 } else if (!strncmp(mode, "lrw", 3)) {
189 /* First is LRW index key */
191 ks -= TCRYPT_LRW_IKEY_LEN;
192 memcpy(out_key, &key[ks * ki], ks);
193 memcpy(&out_key[ks * ki], key, TCRYPT_LRW_IKEY_LEN);
197 static int top_cipher(const char *cipher[3])
208 static int decrypt_hdr(struct crypt_device *cd, struct tcrypt_phdr *hdr,
211 char one_key[TCRYPT_HDR_KEY_LEN];
212 struct tcrypt_phdr hdr2;
215 for (i = 0; tcrypt_cipher[i].cipher[0]; i++) {
216 log_dbg("TCRYPT: trying cipher: %s%s%s%s%s-%s.",
217 tcrypt_cipher[i].cipher[0],
218 tcrypt_cipher[i].cipher[1] ? "-" : "", tcrypt_cipher[i].cipher[1] ?: "",
219 tcrypt_cipher[i].cipher[2] ? "-" : "", tcrypt_cipher[i].cipher[2] ?: "",
220 tcrypt_cipher[i].mode);
222 memcpy(&hdr2.e, &hdr->e, TCRYPT_HDR_LEN);
224 for (j = 2; j >= 0 ; j--) {
225 if (!tcrypt_cipher[i].cipher[j])
227 copy_key(one_key, key, top_cipher(tcrypt_cipher[i].cipher),
228 tcrypt_cipher[i].key_size,
229 j, tcrypt_cipher[i].mode);
230 r = decrypt_hdr_one(tcrypt_cipher[i].cipher[j],
231 tcrypt_cipher[i].mode, one_key,
232 tcrypt_cipher[i].key_size, &hdr2);
237 if (!strncmp(hdr2.d.magic, TCRYPT_HDR_MAGIC, TCRYPT_HDR_MAGIC_LEN)) {
238 log_dbg("TCRYPT: Signature magic detected.");
239 memcpy(&hdr->e, &hdr2.e, TCRYPT_HDR_LEN);
240 memset(&hdr2.e, 0, TCRYPT_HDR_LEN);
247 memset(one_key, 0, sizeof(*one_key));
251 static int TCRYPT_init_hdr(struct crypt_device *cd,
252 struct tcrypt_phdr *hdr,
253 struct crypt_params_tcrypt *params,
254 const char *passphrase,
255 size_t passphrase_size)
260 if (posix_memalign((void*)&key, crypt_getpagesize(), TCRYPT_HDR_KEY_LEN))
263 for (i = 0; tcrypt_kdf[i].name; i++) {
264 /* Derive header key */
265 log_dbg("TCRYPT: trying KDF: %s-%s-%d.",
266 tcrypt_kdf[i].name, tcrypt_kdf[i].hash, tcrypt_kdf[i].iterations);
267 r = crypt_pbkdf(tcrypt_kdf[i].name, tcrypt_kdf[i].hash,
268 passphrase, passphrase_size,
269 hdr->salt, TCRYPT_HDR_SALT_LEN,
270 key, TCRYPT_HDR_KEY_LEN,
271 tcrypt_kdf[i].iterations);
276 r = decrypt_hdr(cd, hdr, key);
285 r = hdr_from_disk(hdr, params, i, r);
289 hdr_info(cd, hdr, params);
293 int TCRYPT_read_phdr(struct crypt_device *cd,
294 struct tcrypt_phdr *hdr,
295 struct crypt_params_tcrypt *params,
296 const char *passphrase,
297 size_t passphrase_size,
300 struct device *device = crypt_metadata_device(cd);
301 ssize_t hdr_size = sizeof(struct tcrypt_phdr);
304 assert(sizeof(struct tcrypt_phdr) == 512);
306 log_dbg("Reading TCRYPT header of size %d bytes from device %s.",
307 hdr_size, device_path(device));
309 devfd = open(device_path(device), O_RDONLY | O_DIRECT);
311 log_err(cd, _("Cannot open device %s.\n"), device_path(device));
315 if ((flags & CRYPT_TCRYPT_HIDDEN_HEADER) &&
316 lseek(devfd, TCRYPT_HDR_HIDDEN_OFFSET, SEEK_SET) < 0) {
317 log_err(cd, _("Cannot seek to hidden header for %s.\n"), device_path(device));
322 if (read_blockwise(devfd, device_block_size(device), hdr, hdr_size) == hdr_size) {
323 params->flags = flags;
324 r = TCRYPT_init_hdr(cd, hdr, params, passphrase, passphrase_size);
332 int TCRYPT_activate(struct crypt_device *cd,
334 struct tcrypt_phdr *hdr,
335 struct crypt_params_tcrypt *params,
338 char cipher[MAX_CIPHER_LEN], dm_name[PATH_MAX], dm_dev_name[PATH_MAX];
339 struct device *device = NULL;
341 struct crypt_dm_active_device dmd = {
344 .data_device = crypt_data_device(cd),
347 .offset = crypt_get_data_offset(cd),
348 .iv_offset = crypt_get_iv_offset(cd),
352 r = device_block_adjust(cd, dmd.data_device, DEV_EXCL,
353 dmd.u.crypt.offset, &dmd.size, &dmd.flags);
357 dmd.u.crypt.vk = crypt_alloc_volume_key(params->key_size, NULL);
361 for (i = 2; i >= 0; i--) {
363 if (!params->cipher[i])
367 strncpy(dm_name, name, sizeof(dm_name));
370 snprintf(dm_name, sizeof(dm_name), "%s_%d", name, i);
371 dmd.flags = flags | CRYPT_ACTIVATE_PRIVATE;
374 snprintf(cipher, sizeof(cipher), "%s-%s",
375 params->cipher[i], params->mode);
376 copy_key(dmd.u.crypt.vk->key, hdr->d.keys,
377 top_cipher(params->cipher),
378 params->key_size, i, params->mode);
380 if (top_cipher(params->cipher) != i) {
381 snprintf(dm_dev_name, sizeof(dm_dev_name), "%s/%s_%d",
382 dm_get_dir(), name, i + 1);
383 r = device_alloc(&device, dm_dev_name);
386 dmd.data_device = device;
387 dmd.u.crypt.offset = 0;
390 log_dbg("Trying to activate TCRYPT device %s using cipher %s.",
391 dm_name, dmd.u.crypt.cipher);
392 r = dm_create_device(cd, dm_name, CRYPT_TCRYPT, &dmd, 0);
401 if (!r && !(dm_flags() & DM_PLAIN64_SUPPORTED)) {
402 log_err(cd, _("Kernel doesn't support plain64 IV.\n"));
406 crypt_free_volume_key(dmd.u.crypt.vk);
projects / platform / upstream / cryptsetup.git / blob