10 #include <sys/types.h>
12 #include <sys/ioctl.h>
16 #include "libcryptsetup.h"
20 struct safe_allocation {
25 static char *error=NULL;
27 void set_error_va(const char *fmt, va_list va)
37 if (vasprintf(&error, fmt, va) < 0) {
43 void set_error(const char *fmt, ...)
48 set_error_va(fmt, va);
52 const char *get_error(void)
57 void *safe_alloc(size_t size)
59 struct safe_allocation *alloc;
64 alloc = malloc(size + offsetof(struct safe_allocation, data));
73 void safe_free(void *data)
75 struct safe_allocation *alloc;
80 alloc = data - offsetof(struct safe_allocation, data);
82 memset(data, 0, alloc->size);
84 alloc->size = 0x55aa55aa;
88 void *safe_realloc(void *data, size_t size)
92 new_data = safe_alloc(size);
94 if (new_data && data) {
95 struct safe_allocation *alloc;
97 alloc = data - offsetof(struct safe_allocation, data);
99 if (size > alloc->size)
102 memcpy(new_data, data, size);
109 char *safe_strdup(const char *s)
111 char *s2 = safe_alloc(strlen(s) + 1);
116 return strcpy(s2, s);
119 static int get_alignment(int fd)
121 int alignment = DEFAULT_ALIGNMENT;
123 #ifdef _PC_REC_XFER_ALIGN
124 alignment = fpathconf(fd, _PC_REC_XFER_ALIGN);
126 alignment = DEFAULT_ALIGNMENT;
131 static void *aligned_malloc(void **base, int size, int alignment)
133 #ifdef HAVE_POSIX_MEMALIGN
134 return posix_memalign(base, alignment, size) ? NULL : *base;
136 /* Credits go to Michal's padlock patches for this alignment code */
139 ptr = malloc(size + alignment);
140 if(ptr == NULL) return NULL;
143 if(alignment > 1 && ((long)ptr & (alignment - 1))) {
144 ptr += alignment - ((long)(ptr) & (alignment - 1));
149 static int sector_size(int fd)
152 if (ioctl(fd,BLKSSZGET, &bsize) < 0)
158 int sector_size_for_device(const char *device)
160 int fd = open(device, O_RDONLY);
169 ssize_t write_blockwise(int fd, const void *orig_buf, size_t count)
171 void *hangover_buf, *hangover_buf_base = NULL;
172 void *buf, *buf_base = NULL;
173 int r, hangover, solid, bsize, alignment;
176 if ((bsize = sector_size(fd)) < 0)
179 hangover = count % bsize;
180 solid = count - hangover;
181 alignment = get_alignment(fd);
183 if ((long)orig_buf & (alignment - 1)) {
184 buf = aligned_malloc(&buf_base, count, alignment);
187 memcpy(buf, orig_buf, count);
189 buf = (void *)orig_buf;
191 r = write(fd, buf, solid);
192 if (r < 0 || r != solid)
196 hangover_buf = aligned_malloc(&hangover_buf_base, bsize, alignment);
200 r = read(fd, hangover_buf, bsize);
201 if(r < 0 || r != bsize) goto out;
203 r = lseek(fd, -bsize, SEEK_CUR);
206 memcpy(hangover_buf, buf + solid, hangover);
208 r = write(fd, hangover_buf, bsize);
209 if(r < 0 || r != bsize) goto out;
210 free(hangover_buf_base);
219 ssize_t read_blockwise(int fd, void *orig_buf, size_t count) {
220 void *hangover_buf, *hangover_buf_base;
221 void *buf, *buf_base = NULL;
222 int r, hangover, solid, bsize, alignment;
225 if ((bsize = sector_size(fd)) < 0)
228 hangover = count % bsize;
229 solid = count - hangover;
230 alignment = get_alignment(fd);
232 if ((long)orig_buf & (alignment - 1)) {
233 buf = aligned_malloc(&buf_base, count, alignment);
239 r = read(fd, buf, solid);
240 if(r < 0 || r != solid) {
241 set_error("read failed in read_blockwise.\n");
246 hangover_buf = aligned_malloc(&hangover_buf_base, bsize, alignment);
249 r = read(fd, hangover_buf, bsize);
250 if (r < 0 || r != bsize)
253 memcpy(buf + solid, hangover_buf, hangover);
254 free(hangover_buf_base);
258 if (buf != orig_buf) {
259 memcpy(orig_buf, buf, count);
266 * Combines llseek with blockwise write. write_blockwise can already deal with short writes
267 * but we also need a function to deal with short writes at the start. But this information
268 * is implicitly included in the read/write offset, which can not be set to non-aligned
269 * boundaries. Hence, we combine llseek with write.
272 ssize_t write_lseek_blockwise(int fd, const char *buf, size_t count, off_t offset) {
273 int bsize = sector_size(fd);
274 const char *orig_buf = buf;
275 char frontPadBuf[bsize];
276 int frontHang = offset % bsize;
278 int innerCount = count < bsize ? count : bsize;
283 lseek(fd, offset - frontHang, SEEK_SET);
285 r = read(fd,frontPadBuf,bsize);
288 memcpy(frontPadBuf+frontHang, buf, innerCount);
290 lseek(fd, offset - frontHang, SEEK_SET);
291 r = write(fd,frontPadBuf,bsize);
297 if(count <= 0) return buf - orig_buf;
299 return write_blockwise(fd, buf, count) + innerCount;
302 /* Password reading helpers */
304 static int untimed_read(int fd, char *pass, size_t maxlen)
308 i = read(fd, pass, maxlen);
312 } else if (i == 0) { /* EOF */
319 static int timed_read(int fd, char *pass, size_t maxlen, long timeout)
330 if (select(fd+1, &fds, NULL, NULL, &t) > 0)
331 failed = untimed_read(fd, pass, maxlen);
333 set_error("Operation timed out");
337 static int interactive_pass(const char *prompt, char *pass, size_t maxlen,
340 struct termios orig, tmp;
342 int infd = STDIN_FILENO, outfd;
347 /* Read and write to /dev/tty if available */
348 if ((infd = outfd = open("/dev/tty", O_RDWR)) == -1) {
350 outfd = STDERR_FILENO;
353 if (tcgetattr(infd, &orig)) {
354 set_error("Unable to get terminal");
357 memcpy(&tmp, &orig, sizeof(tmp));
358 tmp.c_lflag &= ~ECHO;
360 if (write(outfd, prompt, strlen(prompt)) < 0)
363 tcsetattr(infd, TCSAFLUSH, &tmp);
365 failed = timed_read(infd, pass, maxlen, timeout);
367 failed = untimed_read(infd, pass, maxlen);
368 tcsetattr(infd, TCSAFLUSH, &orig);
372 (void)write(outfd, "\n", 1);
373 if (infd != STDIN_FILENO)
379 * Password reading behaviour matrix of get_key
382 * -----------------+---+---+---+---
383 * interactive | Y | Y | Y | Inf
384 * from fd | N | N | Y | Inf
385 * from binary file | N | N | N | Inf or options->key_size
387 * Legend: p..prompt, v..can verify, n..newline-stop, h..read horizon
389 * Note: --key-file=- is interpreted as a read from a binary file (stdin)
391 * Returns true when more keys are available (that is when password
392 * reading can be retried as for interactive terminals).
395 int get_key(char *prompt, char **key, unsigned int *passLen, int key_size,
396 const char *key_file, int passphrase_fd, int timeout, int how2verify)
399 const int verify = how2verify & CRYPT_FLAG_VERIFY;
400 const int verify_if_possible = how2verify & CRYPT_FLAG_VERIFY_IF_POSSIBLE;
405 if(key_file && !strcmp(key_file, "-")) {
406 /* Allow binary reading from stdin */
410 } else if (key_file) {
411 fd = open(key_file, O_RDONLY);
414 set_error("Error opening key file: %s",
415 strerror_r(errno, buf, 128));
420 /* This can either be 0 (LUKS) or the actually number
421 * of key bytes (default or passed by -s) */
422 read_horizon = key_size;
426 read_horizon = 0; /* Infinite, if read from terminal or fd */
429 /* Interactive case */
433 pass = safe_alloc(512);
434 if (!pass || (i = interactive_pass(prompt, pass, 512, timeout))) {
435 set_error("Error reading passphrase");
438 if (verify || verify_if_possible) {
439 char pass_verify[512];
440 i = interactive_pass("Verify passphrase: ", pass_verify, sizeof(pass_verify), timeout);
441 if (i || strcmp(pass, pass_verify) != 0) {
442 set_error("Passphrases do not match");
445 memset(pass_verify, 0, sizeof(pass_verify));
447 *passLen = strlen(pass);
451 * This is either a fd-input or a file, in neither case we can verify the input,
452 * however we don't stop on new lines if it's a binary file.
457 set_error("Can't do passphrase verification on non-tty inputs");
460 /* The following for control loop does an exhausting
461 * read on the key material file, if requested with
462 * key_size == 0, as it's done by LUKS. However, we
463 * should warn the user, if it's a non-regular file,
464 * such as /dev/random, because in this case, the loop
467 if(key_file && strcmp(key_file, "-") && read_horizon == 0) {
469 if(stat(key_file, &st) < 0) {
470 set_error("Can't stat key file");
473 if(!S_ISREG(st.st_mode)) {
474 // set_error("Can't do exhausting read on non regular files");
476 fprintf(stderr,"Warning: exhausting read requested, but key file is not a regular file, function might never return.\n");
480 for(i = 0; read_horizon == 0 || i < read_horizon; i++) {
481 if(i >= buflen - 1) {
483 pass = safe_realloc(pass, buflen);
485 set_error("Not enough memory while "
486 "reading passphrase");
490 if(read(fd, pass + i, 1) != 1 || (newline_stop && pass[i] == '\n'))
500 return isatty(fd); /* Return true, when password reading can be tried on interactive fds */