lib/tcrypt/tcrypt.c

   1 /*
   2  * TCRYPT compatible volume handling
   3  *
   4  * Copyright (C) 2012, Red Hat, Inc. All rights reserved.
   5  * Copyright (C) 2012, Milan Broz
   6  *
   7  * This program is free software; you can redistribute it and/or
   8  * modify it under the terms of the GNU General Public License
   9  * version 2 as published by the Free Software Foundation.
  10  *
  11  * This program is distributed in the hope that it will be useful,
  12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14  * GNU General Public License for more details.
  15  *
  16  * You should have received a copy of the GNU General Public License
  17  * along with this program; if not, write to the Free Software
  18  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  19  */
  20
  21 #include <errno.h>
  22 #include <stdio.h>
  23 #include <stdlib.h>
  24 #include <string.h>
  25 #include <fcntl.h>
  26 #include <assert.h>
  27
  28 #include "libcryptsetup.h"
  29 #include "tcrypt.h"
  30 #include "internal.h"
  31
  32 /* TCRYPT PBKDF variants */
  33 static struct {
  34         unsigned int legacy:1;
  35         char *name;
  36         char *hash;
  37         unsigned int iterations;
  38 } tcrypt_kdf[] = {
  39         { 0, "pbkdf2", "ripemd160", 2000 },
  40         { 0, "pbkdf2", "ripemd160", 1000 },
  41         { 0, "pbkdf2", "sha512",    1000 },
  42         { 0, "pbkdf2", "whirlpool", 1000 },
  43         { 1, "pbkdf2", "sha1",      2000 },
  44         { 0, NULL,     NULL,           0 }
  45 };
  46
  47 struct tcrypt_alg {
  48                 const char *name;
  49                 unsigned int key_size;
  50                 unsigned int iv_size;
  51 };
  52
  53 /* TCRYPT cipher variants */
  54 static struct {
  55         unsigned int legacy:1;
  56         const char *mode;
  57         struct tcrypt_alg cipher[3];
  58 } tcrypt_cipher[] = {
  59         { 0, "xts-plain64",{{"aes",    64,16}}},
  60         { 0, "xts-plain64",{{"serpent",64,16}}},
  61         { 0, "xts-plain64",{{"twofish",64,16}}},
  62         { 0, "xts-plain64",{{"twofish",64,16},{"aes",    64,16}}},
  63         { 0, "xts-plain64",{{"serpent",64,16},{"twofish",64,16},{"aes",    64,16}}},
  64         { 0, "xts-plain64",{{"aes",    64,16},{"serpent",64,16}}},
  65         { 0, "xts-plain64",{{"aes",    64,16},{"twofish",64,16},{"serpent",64,16}}},
  66         { 0, "xts-plain64",{{"serpent",64,16},{"twofish",64,16}}},
  67
  68         { 0, "lrw-benbi",  {{"aes",    48,16}}},
  69         { 0, "lrw-benbi",  {{"serpent",48,16}}},
  70         { 0, "lrw-benbi",  {{"twofish",48,16}}},
  71         { 0, "lrw-benbi",  {{"twofish",48,16},{"aes",    48,16}}},
  72         { 0, "lrw-benbi",  {{"serpent",48,16},{"twofish",48,16},{"aes",    48,16}}},
  73         { 0, "lrw-benbi",  {{"aes",    48,16},{"serpent",48,16}}},
  74         { 0, "lrw-benbi",  {{"aes",    48,16},{"twofish",48,16},{"serpent",48,16}}},
  75         { 0, "lrw-benbi",  {{"serpent",48,16},{"twofish",48,16}}},
  76
  77         { 1, "cbc-tcrypt", {{"aes",    32,16}}},
  78         { 1, "cbc-tcrypt", {{"serpent",32,16}}},
  79         { 1, "cbc-tcrypt", {{"twofish",32,16}}},
  80         { 1, "cbci-tcrypt",{{"twofish",32,16},{"aes",    32,16}}},
  81         { 1, "cbci-tcrypt",{{"serpent",32,16},{"twofish",32,16},{"aes",    32,16}}},
  82         { 1, "cbci-tcrypt",{{"aes",    32,16},{"serpent",32,16}}},
  83         { 1, "cbci-tcrypt",{{"aes",    32,16},{"twofish",32,16},{"serpent",32,16}}},
  84         { 1, "cbci-tcrypt",{{"serpent",32,16},{"twofish",32,16}}},
  85
  86         { 1, "cbc-tcrypt", {{"cast5",   16,8}}},
  87         { 1, "cbc-tcrypt", {{"des3_ede",24,8}}},
  88
  89         // kernel LRW block size is fixed to 16 bytes
  90         // thus cannot be used with blowfish where block is 8 bytes
  91         //{ 1,"lrw-benbi",{{"blowfish",64,8}}},
  92         //{ 1,"lrw-benbi",{{"blowfish",64,8},{"aes",48,16}}},
  93         //{ 1,"lrw-benbi",{{"serpent",48,16},{"blowfish",64,8},{"aes",48,16}}},
  94
  95         // FIXME: why this doesn't work (blowfish key wrong)?
  96         //{ 1,"cbc-tcrypt",{{"blowfish",56,8}}},
  97         //{ 1,"cbc-tcrypt",{{"blowfish",56,8},{"aes",32,16}}},
  98         //{ 1,"cbc-tcrypt",{{"serpent",32,16},{"blowfish",56,8},{"aes",32,16}}},
  99         {}
 100 };
 101
 102 static void hdr_info(struct crypt_device *cd, struct tcrypt_phdr *hdr,
 103                      struct crypt_params_tcrypt *params)
 104 {
 105         log_dbg("Version: %d, required %d", (int)hdr->d.version, (int)hdr->d.version_tc);
 106
 107         log_dbg("Hidden size: %" PRIu64, hdr->d.hidden_volume_size);
 108         log_dbg("Volume size: %" PRIu64, hdr->d.volume_size);
 109
 110         log_dbg("Sector size: %" PRIu64, hdr->d.sector_size);
 111         log_dbg("Flags: %d", (int)hdr->d.flags);
 112         log_dbg("MK: offset %d, size %d", (int)hdr->d.mk_offset, (int)hdr->d.mk_size);
 113         log_dbg("KDF: PBKDF2, hash %s", params->hash_name);
 114         log_dbg("Cipher: %s%s%s%s%s-%s",
 115                 params->cipher[0],
 116                 params->cipher[1] ? "-" : "", params->cipher[1] ?: "",
 117                 params->cipher[2] ? "-" : "", params->cipher[2] ?: "",
 118                 params->mode);
 119 }
 120
 121 static int hdr_from_disk(struct tcrypt_phdr *hdr,
 122                          struct crypt_params_tcrypt *params,
 123                          int kdf_index, int cipher_index)
 124 {
 125         uint32_t crc32;
 126         size_t size;
 127
 128         /* Check CRC32 of header */
 129         size = TCRYPT_HDR_LEN - sizeof(hdr->d.keys) - sizeof(hdr->d.header_crc32);
 130         crc32 = crypt_crc32(~0, (unsigned char*)&hdr->d, size) ^ ~0;
 131         if (be16_to_cpu(hdr->d.version) > 3 &&
 132             crc32 != be32_to_cpu(hdr->d.header_crc32)) {
 133                 log_dbg("TCRYPT header CRC32 mismatch.");
 134                 return -EINVAL;
 135         }
 136
 137         /* Check CRC32 of keys */
 138         crc32 = crypt_crc32(~0, (unsigned char*)hdr->d.keys, sizeof(hdr->d.keys)) ^ ~0;
 139         if (crc32 != be32_to_cpu(hdr->d.keys_crc32)) {
 140                 log_dbg("TCRYPT keys CRC32 mismatch.");
 141                 return -EINVAL;
 142         }
 143
 144         /* Convert header to cpu format */
 145         hdr->d.version  =  be16_to_cpu(hdr->d.version);
 146         hdr->d.version_tc = le16_to_cpu(hdr->d.version_tc); // ???
 147
 148         hdr->d.keys_crc32 = be32_to_cpu(hdr->d.keys_crc32);
 149
 150         hdr->d.hidden_volume_size = be64_to_cpu(hdr->d.hidden_volume_size);
 151         hdr->d.volume_size        = be64_to_cpu(hdr->d.volume_size);
 152
 153         hdr->d.mk_offset = be64_to_cpu(hdr->d.mk_offset);
 154         if (!hdr->d.mk_offset)
 155                 hdr->d.mk_offset = 512;
 156
 157         hdr->d.mk_size = be64_to_cpu(hdr->d.mk_size);
 158
 159         hdr->d.flags = be32_to_cpu(hdr->d.flags);
 160
 161         hdr->d.sector_size = be32_to_cpu(hdr->d.sector_size);
 162         if (!hdr->d.sector_size)
 163                 hdr->d.sector_size = 512;
 164
 165         hdr->d.header_crc32 = be32_to_cpu(hdr->d.header_crc32);
 166
 167         /* Set params */
 168         params->passphrase = NULL;
 169         params->passphrase_size = 0;
 170
 171         params->hash_name  = tcrypt_kdf[kdf_index].hash;
 172
 173         params->cipher[0]  = tcrypt_cipher[cipher_index].cipher[0].name;
 174         params->cipher[1]  = tcrypt_cipher[cipher_index].cipher[1].name;
 175         params->cipher[2]  = tcrypt_cipher[cipher_index].cipher[2].name;
 176         params->mode     = tcrypt_cipher[cipher_index].mode;
 177         params->key_size = tcrypt_cipher[cipher_index].cipher[0].key_size; //fixme
 178
 179         return 0;
 180 }
 181
 182 static int decrypt_hdr_one(const char *name, const char *mode,
 183                            const char *key, size_t key_size,
 184                            size_t iv_size, struct tcrypt_phdr *hdr)
 185 {
 186         char iv[TCRYPT_HDR_IV_LEN] = {};
 187         char mode_name[MAX_CIPHER_LEN];
 188         struct crypt_cipher *cipher;
 189         char *c, *buf = (char*)&hdr->e;
 190         int r;
 191
 192         /* Remove IV if present */
 193         strncpy(mode_name, mode, MAX_CIPHER_LEN);
 194         c = strchr(mode_name, '-');
 195         if (c)
 196                 *c = '\0';
 197
 198         if (!strncmp(mode, "lrw", 3))
 199                 iv[iv_size - 1] = 1;
 200         else if (!strncmp(mode, "cbc", 3))
 201                 memcpy(iv, &key[key_size], iv_size);
 202
 203         r = crypt_cipher_init(&cipher, name, mode_name, key, key_size);
 204         if (r < 0)
 205                 return r;
 206
 207         r = crypt_cipher_decrypt(cipher, buf, buf, TCRYPT_HDR_LEN, iv, iv_size);
 208         crypt_cipher_destroy(cipher);
 209
 210         return r;
 211 }
 212
 213 static void copy_key(char *out_key, const char *key, int key_num,
 214                      int ks, int ki, const char *mode)
 215 {
 216         if (!strncmp(mode, "xts", 3)) {
 217                 int ks2 = ks / 2;
 218                 memcpy(out_key, &key[ks2 * ki], ks2);
 219                 memcpy(&out_key[ks2], &key[ks2 * (++key_num + ki)], ks2);
 220         } else if (!strncmp(mode, "lrw", 3)) {
 221                 /* First is LRW index key */
 222                 ki++;
 223                 ks -= TCRYPT_LRW_IKEY_LEN;
 224                 memcpy(out_key, &key[ks * ki], ks);
 225                 memcpy(&out_key[ks * ki], key, TCRYPT_LRW_IKEY_LEN);
 226         } else if (!strncmp(mode, "cbc", 3)) {
 227                 ki++;
 228                 memcpy(out_key, &key[ki * 32], ks);
 229                 memcpy(&out_key[ks], key, 32);
 230         }
 231 }
 232
 233 /*
 234  * For chanined ciphers and CBC mode we need "inner" decryption.
 235  * Backend doesn't provide this, so implement it here directly using ECB.
 236  */
 237 static int decrypt_hdr_cbci(struct tcrypt_alg ciphers[3],
 238                              const char *key, struct tcrypt_phdr *hdr)
 239 {
 240         struct crypt_cipher *cipher[3] = {};
 241         int bs = ciphers[0].iv_size;
 242         char *buf = (char*)&hdr->e, iv[bs], iv_old[bs];
 243         int i, j, r;
 244
 245         memcpy(iv, key, bs);
 246
 247         /* Initialize all ciphers in chain in ECB mode */
 248         for (j = 0; j < 3; j++) {
 249                 if (!ciphers[j].name)
 250                         continue;
 251                 r = crypt_cipher_init(&cipher[j], ciphers[j].name, "ecb",
 252                                       &key[(j+1)*32], ciphers[j].key_size);
 253                 if (r < 0)
 254                         goto out;
 255         }
 256
 257         /* Implements CBC with chained ciphers in inner loop */
 258         for (i = 0; i < TCRYPT_HDR_LEN; i += bs) {
 259                 memcpy(iv_old, &buf[i], bs);
 260                 for (j = 2; j >= 0; j--) {
 261                         if (!cipher[j])
 262                                 continue;
 263                         r = crypt_cipher_decrypt(cipher[j], &buf[i], &buf[i],
 264                                                   bs, NULL, 0);
 265                         if (r < 0)
 266                                 goto out;
 267                 }
 268                 for (j = 0; j < bs; j++)
 269                         buf[i + j] ^= iv[j];
 270                 memcpy(iv, iv_old, bs);
 271         }
 272 out:
 273         for (j = 0; j < 3; j++)
 274                 if (cipher[j])
 275                         crypt_cipher_destroy(cipher[j]);
 276
 277         return r;
 278 }
 279
 280 static int top_cipher(struct tcrypt_alg cipher[3])
 281 {
 282         if (cipher[2].name)
 283                 return 2;
 284
 285         if (cipher[1].name)
 286                 return 1;
 287
 288         return 0;
 289 }
 290
 291 static int decrypt_hdr(struct crypt_device *cd, struct tcrypt_phdr *hdr,
 292                         const char *key, int legacy_modes)
 293 {
 294         char one_key[TCRYPT_HDR_KEY_LEN];
 295         struct tcrypt_phdr hdr2;
 296         int i, j, r;
 297
 298         for (i = 0; tcrypt_cipher[i].cipher[0].name; i++) {
 299                 if (!legacy_modes && tcrypt_cipher[i].legacy)
 300                         continue;
 301                 log_dbg("TCRYPT:  trying cipher: %s%s%s%s%s-%s.",
 302                         tcrypt_cipher[i].cipher[0].name,
 303                         tcrypt_cipher[i].cipher[1].name ? "-" : "", tcrypt_cipher[i].cipher[1].name ?: "",
 304                         tcrypt_cipher[i].cipher[2].name ? "-" : "", tcrypt_cipher[i].cipher[2].name ?: "",
 305                         tcrypt_cipher[i].mode);
 306
 307                 memcpy(&hdr2.e, &hdr->e, TCRYPT_HDR_LEN);
 308
 309                 /* Remove CBC whitening */
 310                 if (!strncmp(tcrypt_cipher[i].mode, "cbc", 3)) {
 311                         char *buf = (char*)&hdr2.e;
 312                         for (j = 0; j < TCRYPT_HDR_LEN; j++)
 313                                 buf[j] ^= key[8 + j % 8];
 314                 }
 315
 316                 /* For chained (inner) CBC we do not have API support */
 317                 if (!strncmp(tcrypt_cipher[i].mode, "cbci", 4))
 318                         r = decrypt_hdr_cbci(tcrypt_cipher[i].cipher, key, &hdr2);
 319                 else for (j = 2; j >= 0 ; j--) {
 320                         if (!tcrypt_cipher[i].cipher[j].name)
 321                                 continue;
 322                         copy_key(one_key, key, top_cipher(tcrypt_cipher[i].cipher),
 323                                  tcrypt_cipher[i].cipher[j].key_size,
 324                                  j, tcrypt_cipher[i].mode);
 325                         r = decrypt_hdr_one(tcrypt_cipher[i].cipher[j].name,
 326                                             tcrypt_cipher[i].mode, one_key,
 327                                             tcrypt_cipher[i].cipher[j].key_size,
 328                                             tcrypt_cipher[i].cipher[j].iv_size, &hdr2);
 329                         if (r < 0) {
 330                                 log_dbg("Error %s.", tcrypt_cipher[i].cipher[j].name);
 331                                 break;
 332                         }
 333                 }
 334
 335                 if (!strncmp(hdr2.d.magic, TCRYPT_HDR_MAGIC, TCRYPT_HDR_MAGIC_LEN)) {
 336                         log_dbg("TCRYPT: Signature magic detected.");
 337                         memcpy(&hdr->e, &hdr2.e, TCRYPT_HDR_LEN);
 338                         memset(&hdr2.e, 0, TCRYPT_HDR_LEN);
 339                         r = i;
 340                         break;
 341                 }
 342                 r = -EPERM;
 343         }
 344
 345         memset(one_key, 0, sizeof(*one_key));
 346         return r;
 347 }
 348
 349 static int pool_keyfile(struct crypt_device *cd,
 350                         unsigned char pool[TCRYPT_KEY_POOL_LEN],
 351                         const char *keyfile)
 352 {
 353         unsigned char data[TCRYPT_KEYFILE_LEN];
 354         int i, j, fd, data_size;
 355         uint32_t crc;
 356         unsigned char *crc_c = (unsigned char*)&crc;
 357
 358         log_dbg("TCRYPT: using keyfile %s.", keyfile);
 359
 360         fd = open(keyfile, O_RDONLY);
 361         if (fd < 0) {
 362                 log_err(cd, _("Failed to open key file.\n"));
 363                 return -EIO;
 364         }
 365
 366         /* FIXME: add while */
 367         data_size = read(fd, data, TCRYPT_KEYFILE_LEN);
 368         close(fd);
 369         if (data_size < 0) {
 370                 log_err(cd, _("Error reading keyfile %s.\n"), keyfile);
 371                 return -EIO;
 372         }
 373
 374         for (i = 0, j = 0, crc = ~0U; i < data_size; i++) {
 375                 crc = crypt_crc32(crc, &data[i], 1);
 376                 pool[j++] += crc_c[3];
 377                 pool[j++] += crc_c[2];
 378                 pool[j++] += crc_c[1];
 379                 pool[j++] += crc_c[0];
 380                 j %= TCRYPT_KEY_POOL_LEN;
 381         }
 382
 383         crc = 0;
 384         memset(data, 0, TCRYPT_KEYFILE_LEN);
 385
 386         return 0;
 387 }
 388
 389 static int TCRYPT_init_hdr(struct crypt_device *cd,
 390                            struct tcrypt_phdr *hdr,
 391                            struct crypt_params_tcrypt *params)
 392 {
 393         unsigned char pwd[TCRYPT_KEY_POOL_LEN] = {};
 394         size_t passphrase_size;
 395         char *key;
 396         int r, i, legacy_modes;
 397
 398         if (posix_memalign((void*)&key, crypt_getpagesize(), TCRYPT_HDR_KEY_LEN))
 399                 return -ENOMEM;
 400
 401         if (params->keyfiles_count)
 402                 passphrase_size = TCRYPT_KEY_POOL_LEN;
 403         else
 404                 passphrase_size = params->passphrase_size;
 405
 406         /* Calculate pool content from keyfiles */
 407         for (i = 0; i < params->keyfiles_count; i++) {
 408                 r = pool_keyfile(cd, pwd, params->keyfiles[i]);
 409                 if (r < 0)
 410                         goto out;
 411         }
 412
 413         /* If provided password, combine it with pool */
 414         for (i = 0; i < params->passphrase_size; i++)
 415                 pwd[i] += params->passphrase[i];
 416
 417         legacy_modes = params->flags & CRYPT_TCRYPT_LEGACY_MODES ? 1 : 0;
 418         for (i = 0; tcrypt_kdf[i].name; i++) {
 419                 if (!legacy_modes && tcrypt_kdf[i].legacy)
 420                         continue;
 421                 /* Derive header key */
 422                 log_dbg("TCRYPT: trying KDF: %s-%s-%d.",
 423                         tcrypt_kdf[i].name, tcrypt_kdf[i].hash, tcrypt_kdf[i].iterations);
 424                 r = crypt_pbkdf(tcrypt_kdf[i].name, tcrypt_kdf[i].hash,
 425                                 (char*)pwd, passphrase_size,
 426                                 hdr->salt, TCRYPT_HDR_SALT_LEN,
 427                                 key, TCRYPT_HDR_KEY_LEN,
 428                                 tcrypt_kdf[i].iterations);
 429                 if (r < 0)
 430                         break;
 431
 432                 /* Decrypt header */
 433                 r = decrypt_hdr(cd, hdr, key, legacy_modes);
 434                 if (r != -EPERM)
 435                         break;
 436         }
 437
 438         if (r < 0)
 439                 goto out;
 440
 441         r = hdr_from_disk(hdr, params, i, r);
 442         if (r < 0)
 443                 goto out;
 444
 445         hdr_info(cd, hdr, params);
 446 out:
 447         memset(pwd, 0, TCRYPT_KEY_POOL_LEN);
 448         if (key)
 449                 memset(key, 0, TCRYPT_HDR_KEY_LEN);
 450         free(key);
 451         return r;
 452 }
 453
 454 int TCRYPT_read_phdr(struct crypt_device *cd,
 455                      struct tcrypt_phdr *hdr,
 456                      struct crypt_params_tcrypt *params)
 457 {
 458         struct device *device = crypt_metadata_device(cd);
 459         ssize_t hdr_size = sizeof(struct tcrypt_phdr);
 460         int devfd = 0, r;
 461
 462         assert(sizeof(struct tcrypt_phdr) == 512);
 463
 464         log_dbg("Reading TCRYPT header of size %d bytes from device %s.",
 465                 hdr_size, device_path(device));
 466
 467         devfd = open(device_path(device), O_RDONLY | O_DIRECT);
 468         if (devfd == -1) {
 469                 log_err(cd, _("Cannot open device %s.\n"), device_path(device));
 470                 return -EINVAL;
 471         }
 472
 473         if ((params->flags & CRYPT_TCRYPT_HIDDEN_HEADER) &&
 474             lseek(devfd, TCRYPT_HDR_HIDDEN_OFFSET, SEEK_SET) < 0) {
 475                 log_err(cd, _("Cannot seek to hidden header for %s.\n"), device_path(device));
 476                 close(devfd);
 477                 return -EIO;
 478         }
 479
 480         if (read_blockwise(devfd, device_block_size(device), hdr, hdr_size) == hdr_size)
 481                 r = TCRYPT_init_hdr(cd, hdr, params);
 482         else
 483                 r = -EIO;
 484
 485         close(devfd);
 486         return r;
 487 }
 488
 489 int TCRYPT_activate(struct crypt_device *cd,
 490                      const char *name,
 491                      struct tcrypt_phdr *hdr,
 492                      struct crypt_params_tcrypt *params,
 493                      uint32_t flags)
 494 {
 495         char cipher[MAX_CIPHER_LEN], dm_name[PATH_MAX], dm_dev_name[PATH_MAX];
 496         struct device *device = NULL;
 497         int i, r;
 498         struct tcrypt_alg tcipher[3] = {
 499                 { params->cipher[0], params->key_size, 0 },
 500                 { params->cipher[1], params->key_size, 0 },
 501                 { params->cipher[2], params->key_size, 0 }
 502         };
 503         struct crypt_dm_active_device dmd = {
 504                 .target = DM_CRYPT,
 505                 .size   = 0,
 506                 .data_device = crypt_data_device(cd),
 507                 .u.crypt  = {
 508                         .cipher = cipher,
 509                         .offset = crypt_get_data_offset(cd),
 510                         .iv_offset = crypt_get_iv_offset(cd),
 511                 }
 512         };
 513
 514         if (strstr(params->mode, "-tcrypt")) {
 515                 log_err(cd, _("Kernel doesn't support activation for this TCRYPT legacy mode.\n"));
 516                 return -ENOTSUP;
 517         }
 518
 519         r = device_block_adjust(cd, dmd.data_device, DEV_EXCL,
 520                                 dmd.u.crypt.offset, &dmd.size, &dmd.flags);
 521         if (r)
 522                 return r;
 523
 524         dmd.u.crypt.vk = crypt_alloc_volume_key(params->key_size, NULL);
 525         if (!dmd.u.crypt.vk)
 526                 return -ENOMEM;
 527
 528         for (i = 2; i >= 0; i--) {
 529
 530                 if (!params->cipher[i])
 531                         continue;
 532
 533                 if (i == 0) {
 534                         strncpy(dm_name, name, sizeof(dm_name));
 535                         dmd.flags = flags;
 536                 } else {
 537                         snprintf(dm_name, sizeof(dm_name), "%s_%d", name, i);
 538                         dmd.flags = flags | CRYPT_ACTIVATE_PRIVATE;
 539                 }
 540
 541                 snprintf(cipher, sizeof(cipher), "%s-%s",
 542                          params->cipher[i], params->mode);
 543                 copy_key(dmd.u.crypt.vk->key, hdr->d.keys,
 544                          top_cipher(tcipher),
 545                          params->key_size, i, params->mode);
 546
 547                 if (top_cipher(tcipher) != i) {
 548                         snprintf(dm_dev_name, sizeof(dm_dev_name), "%s/%s_%d",
 549                                  dm_get_dir(), name, i + 1);
 550                         r = device_alloc(&device, dm_dev_name);
 551                         if (r)
 552                                 break;
 553                         dmd.data_device = device;
 554                         dmd.u.crypt.offset = 0;
 555                 }
 556
 557                 log_dbg("Trying to activate TCRYPT device %s using cipher %s.",
 558                         dm_name, dmd.u.crypt.cipher);
 559                 r = dm_create_device(cd, dm_name, CRYPT_TCRYPT, &dmd, 0);
 560
 561                 device_free(device);
 562                 device = NULL;
 563
 564                 if (r)
 565                         break;
 566         }
 567
 568         if (!r && !(dm_flags() & DM_PLAIN64_SUPPORTED)) {
 569                 log_err(cd, _("Kernel doesn't support plain64 IV.\n"));
 570                 r = -ENOTSUP;
 571         }
 572
 573         crypt_free_volume_key(dmd.u.crypt.vk);
 574         return r;
 575 }