2 * utils - miscellaneous device utilities for cryptsetup
4 * Copyright (C) 2004 Jana Saout <jana@saout.de>
5 * Copyright (C) 2004-2007 Clemens Fruhwirth <clemens@endorphin.org>
6 * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved.
7 * Copyright (C) 2009-2023 Milan Broz
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License
11 * as published by the Free Software Foundation; either version 2
12 * of the License, or (at your option) any later version.
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
27 #include <sys/resource.h>
29 #include <sys/utsname.h>
33 size_t crypt_getpagesize(void)
35 long r = sysconf(_SC_PAGESIZE);
36 return r <= 0 ? DEFAULT_MEM_ALIGNMENT : (size_t)r;
39 unsigned crypt_cpusonline(void)
41 long r = sysconf(_SC_NPROCESSORS_ONLN);
45 uint64_t crypt_getphysmemory_kb(void)
47 long pagesize, phys_pages;
48 uint64_t phys_memory_kb;
50 pagesize = sysconf(_SC_PAGESIZE);
51 phys_pages = sysconf(_SC_PHYS_PAGES);
53 if (pagesize < 0 || phys_pages < 0)
56 phys_memory_kb = pagesize / 1024;
57 phys_memory_kb *= phys_pages;
59 return phys_memory_kb;
62 void crypt_process_priority(struct crypt_device *cd, int *priority, bool raise)
64 int _priority, new_priority;
67 _priority = getpriority(PRIO_PROCESS, 0);
71 *priority = _priority;
74 * Do not bother checking CAP_SYS_NICE as device activation
75 * requires CAP_SYSADMIN later anyway.
77 if (getuid() || geteuid())
82 if (setpriority(PRIO_PROCESS, 0, new_priority))
83 log_dbg(cd, "Cannot raise process priority.");
85 _priority = priority ? *priority : 0;
86 if (setpriority(PRIO_PROCESS, 0, _priority))
87 log_dbg(cd, "Cannot reset process priority.");
91 /* Keyfile processing */
94 * A simple call to lseek(3) might not be possible for some inputs (e.g.
95 * reading from a pipe), so this function instead reads of up to BUFSIZ bytes
96 * at a time until the specified number of bytes. It returns -1 on read error
97 * or when it reaches EOF before the requested number of bytes have been
100 static int keyfile_seek(int fd, uint64_t bytes)
107 r = lseek(fd, bytes, SEEK_CUR);
110 if (r < 0 && errno != ESPIPE)
114 /* figure out how much to read */
115 next_read = bytes > sizeof(tmp) ? sizeof(tmp) : (size_t)bytes;
117 bytes_r = read(fd, tmp, next_read);
122 crypt_safe_memzero(tmp, sizeof(tmp));
134 crypt_safe_memzero(tmp, sizeof(tmp));
135 return bytes == 0 ? 0 : -1;
138 int crypt_keyfile_device_read(struct crypt_device *cd, const char *keyfile,
139 char **key, size_t *key_size_read,
140 uint64_t keyfile_offset, size_t key_size,
143 int fd, regular_file, char_to_read = 0, char_read = 0, unlimited_read = 0;
144 int r = -EINVAL, newline;
147 uint64_t file_read_size;
150 if (!key || !key_size_read)
156 fd = keyfile ? open(keyfile, O_RDONLY) : STDIN_FILENO;
158 log_err(cd, _("Failed to open key file."));
163 log_err(cd, _("Cannot read keyfile from a terminal."));
167 /* If not requested otherwise, we limit input to prevent memory exhaustion */
169 key_size = DEFAULT_KEYFILE_SIZE_MAXKB * 1024 + 1;
171 /* use 4k for buffer (page divisor but avoid huge pages) */
172 buflen = 4096 - 16; /* sizeof(struct safe_allocation); */
178 if (stat(keyfile, &st) < 0) {
179 log_err(cd, _("Failed to stat key file."));
182 if (S_ISREG(st.st_mode)) {
184 file_read_size = (uint64_t)st.st_size;
186 if (keyfile_offset > file_read_size) {
187 log_err(cd, _("Cannot seek to requested keyfile offset."));
190 file_read_size -= keyfile_offset;
192 /* known keyfile size, alloc it in one step */
193 if (file_read_size >= (uint64_t)key_size)
195 else if (file_read_size)
196 buflen = file_read_size;
200 pass = crypt_safe_alloc(buflen);
202 log_err(cd, _("Out of memory while reading passphrase."));
206 /* Discard keyfile_offset bytes on input */
207 if (keyfile_offset && keyfile_seek(fd, keyfile_offset) < 0) {
208 log_err(cd, _("Cannot seek to requested keyfile offset."));
212 for (i = 0, newline = 0; i < key_size; i += char_read) {
215 pass = crypt_safe_realloc(pass, buflen);
217 log_err(cd, _("Out of memory while reading passphrase."));
223 if (flags & CRYPT_KEYFILE_STOP_EOL) {
224 /* If we should stop on newline, we must read the input
225 * one character at the time. Otherwise we might end up
226 * having read some bytes after the newline, which we
227 * promised not to do.
231 /* char_to_read = min(key_size - i, buflen - i) */
232 char_to_read = key_size < buflen ?
233 key_size - i : buflen - i;
235 char_read = read_buffer(fd, &pass[i], char_to_read);
237 log_err(cd, _("Error reading passphrase."));
244 /* Stop on newline only if not requested read from keyfile */
245 if ((flags & CRYPT_KEYFILE_STOP_EOL) && pass[i] == '\n') {
252 /* Fail if piped input dies reading nothing */
253 if (!i && !regular_file && !newline) {
254 log_err(cd, _("Nothing to read on input."));
259 /* Fail if we exceeded internal default (no specified size) */
260 if (unlimited_read && i == key_size) {
261 log_err(cd, _("Maximum keyfile size exceeded."));
265 if (!unlimited_read && i != key_size) {
266 log_err(cd, _("Cannot read requested amount of data."));
274 if (fd != STDIN_FILENO)
278 crypt_safe_free(pass);
282 int crypt_keyfile_read(struct crypt_device *cd, const char *keyfile,
283 char **key, size_t *key_size_read,
284 size_t keyfile_offset, size_t keyfile_size_max,
287 return crypt_keyfile_device_read(cd, keyfile, key, key_size_read,
288 keyfile_offset, keyfile_size_max, flags);
291 int kernel_version(uint64_t *kversion)
294 uint16_t maj, min, patch, rel;
300 if (sscanf(uts.release, "%" SCNu16 ".%" SCNu16 ".%" SCNu16 "-%" SCNu16,
301 &maj, &min, &patch, &rel) == 4)
303 else if (sscanf(uts.release, "%" SCNu16 ".%" SCNu16 ".%" SCNu16,
304 &maj, &min, &patch) == 3) {
310 *kversion = compact_version(maj, min, patch, rel);
315 bool crypt_string_in(const char *str, char **list, size_t list_size)
319 for (i = 0; *list && i < list_size; i++, list++)
320 if (!strcmp(str, *list))
326 /* compare two strings (allows NULL values) */
327 int crypt_strcmp(const char *a, const char *b)