10 #include <sys/types.h>
12 #include <sys/ioctl.h>
16 #include <sys/resource.h>
18 #include "libcryptsetup.h"
21 struct safe_allocation {
26 static char *error=NULL;
28 void set_error_va(const char *fmt, va_list va)
39 r = vasprintf(&error, fmt, va);
46 if (r && error[r - 1] == '\n')
50 void set_error(const char *fmt, ...)
55 set_error_va(fmt, va);
59 const char *get_error(void)
64 void *safe_alloc(size_t size)
66 struct safe_allocation *alloc;
71 alloc = malloc(size + offsetof(struct safe_allocation, data));
80 void safe_free(void *data)
82 struct safe_allocation *alloc;
87 alloc = data - offsetof(struct safe_allocation, data);
89 memset(data, 0, alloc->size);
91 alloc->size = 0x55aa55aa;
95 void *safe_realloc(void *data, size_t size)
99 new_data = safe_alloc(size);
101 if (new_data && data) {
102 struct safe_allocation *alloc;
104 alloc = data - offsetof(struct safe_allocation, data);
106 if (size > alloc->size)
109 memcpy(new_data, data, size);
116 char *safe_strdup(const char *s)
118 char *s2 = safe_alloc(strlen(s) + 1);
123 return strcpy(s2, s);
126 static int get_alignment(int fd)
128 int alignment = DEFAULT_ALIGNMENT;
130 #ifdef _PC_REC_XFER_ALIGN
131 alignment = fpathconf(fd, _PC_REC_XFER_ALIGN);
133 alignment = DEFAULT_ALIGNMENT;
138 static void *aligned_malloc(void **base, int size, int alignment)
140 #ifdef HAVE_POSIX_MEMALIGN
141 return posix_memalign(base, alignment, size) ? NULL : *base;
143 /* Credits go to Michal's padlock patches for this alignment code */
146 ptr = malloc(size + alignment);
147 if(ptr == NULL) return NULL;
150 if(alignment > 1 && ((long)ptr & (alignment - 1))) {
151 ptr += alignment - ((long)(ptr) & (alignment - 1));
156 static int sector_size(int fd)
159 if (ioctl(fd,BLKSSZGET, &bsize) < 0)
165 int sector_size_for_device(const char *device)
167 int fd = open(device, O_RDONLY);
176 ssize_t write_blockwise(int fd, const void *orig_buf, size_t count)
178 void *hangover_buf, *hangover_buf_base = NULL;
179 void *buf, *buf_base = NULL;
180 int r, hangover, solid, bsize, alignment;
183 if ((bsize = sector_size(fd)) < 0)
186 hangover = count % bsize;
187 solid = count - hangover;
188 alignment = get_alignment(fd);
190 if ((long)orig_buf & (alignment - 1)) {
191 buf = aligned_malloc(&buf_base, count, alignment);
194 memcpy(buf, orig_buf, count);
196 buf = (void *)orig_buf;
198 r = write(fd, buf, solid);
199 if (r < 0 || r != solid)
203 hangover_buf = aligned_malloc(&hangover_buf_base, bsize, alignment);
207 r = read(fd, hangover_buf, bsize);
208 if(r < 0 || r != bsize) goto out;
210 r = lseek(fd, -bsize, SEEK_CUR);
213 memcpy(hangover_buf, buf + solid, hangover);
215 r = write(fd, hangover_buf, bsize);
216 if(r < 0 || r != bsize) goto out;
217 free(hangover_buf_base);
226 ssize_t read_blockwise(int fd, void *orig_buf, size_t count) {
227 void *hangover_buf, *hangover_buf_base;
228 void *buf, *buf_base = NULL;
229 int r, hangover, solid, bsize, alignment;
232 if ((bsize = sector_size(fd)) < 0)
235 hangover = count % bsize;
236 solid = count - hangover;
237 alignment = get_alignment(fd);
239 if ((long)orig_buf & (alignment - 1)) {
240 buf = aligned_malloc(&buf_base, count, alignment);
246 r = read(fd, buf, solid);
247 if(r < 0 || r != solid)
251 hangover_buf = aligned_malloc(&hangover_buf_base, bsize, alignment);
254 r = read(fd, hangover_buf, bsize);
255 if (r < 0 || r != bsize)
258 memcpy(buf + solid, hangover_buf, hangover);
259 free(hangover_buf_base);
263 if (buf != orig_buf) {
264 memcpy(orig_buf, buf, count);
271 * Combines llseek with blockwise write. write_blockwise can already deal with short writes
272 * but we also need a function to deal with short writes at the start. But this information
273 * is implicitly included in the read/write offset, which can not be set to non-aligned
274 * boundaries. Hence, we combine llseek with write.
277 ssize_t write_lseek_blockwise(int fd, const char *buf, size_t count, off_t offset) {
278 int bsize = sector_size(fd);
279 const char *orig_buf = buf;
280 char frontPadBuf[bsize];
281 int frontHang = offset % bsize;
283 int innerCount = count < bsize ? count : bsize;
288 lseek(fd, offset - frontHang, SEEK_SET);
290 r = read(fd,frontPadBuf,bsize);
293 memcpy(frontPadBuf+frontHang, buf, innerCount);
295 lseek(fd, offset - frontHang, SEEK_SET);
296 r = write(fd,frontPadBuf,bsize);
302 if(count <= 0) return buf - orig_buf;
304 return write_blockwise(fd, buf, count) + innerCount;
307 /* Password reading helpers */
309 static int untimed_read(int fd, char *pass, size_t maxlen)
313 i = read(fd, pass, maxlen);
317 } else if (i == 0) { /* EOF */
324 static int timed_read(int fd, char *pass, size_t maxlen, long timeout)
335 if (select(fd+1, &fds, NULL, NULL, &t) > 0)
336 failed = untimed_read(fd, pass, maxlen);
341 static int interactive_pass(const char *prompt, char *pass, size_t maxlen,
344 struct termios orig, tmp;
346 int infd = STDIN_FILENO, outfd;
351 /* Read and write to /dev/tty if available */
352 if ((infd = outfd = open("/dev/tty", O_RDWR)) == -1) {
354 outfd = STDERR_FILENO;
357 if (tcgetattr(infd, &orig))
360 memcpy(&tmp, &orig, sizeof(tmp));
361 tmp.c_lflag &= ~ECHO;
363 if (write(outfd, prompt, strlen(prompt)) < 0)
366 tcsetattr(infd, TCSAFLUSH, &tmp);
368 failed = timed_read(infd, pass, maxlen, timeout);
370 failed = untimed_read(infd, pass, maxlen);
371 tcsetattr(infd, TCSAFLUSH, &orig);
375 (void)write(outfd, "\n", 1);
376 if (infd != STDIN_FILENO)
382 * Password reading behaviour matrix of get_key
385 * -----------------+---+---+---+---
386 * interactive | Y | Y | Y | Inf
387 * from fd | N | N | Y | Inf
388 * from binary file | N | N | N | Inf or options->key_size
390 * Legend: p..prompt, v..can verify, n..newline-stop, h..read horizon
392 * Note: --key-file=- is interpreted as a read from a binary file (stdin)
395 void get_key(char *prompt, char **key, unsigned int *passLen, int key_size,
396 const char *key_file, int timeout, int how2verify,
397 struct crypt_device *cd)
400 const int verify = how2verify & CRYPT_FLAG_VERIFY;
401 const int verify_if_possible = how2verify & CRYPT_FLAG_VERIFY_IF_POSSIBLE;
405 int regular_file = 0;
407 if(key_file && !strcmp(key_file, "-")) {
408 /* Allow binary reading from stdin */
412 } else if (key_file) {
413 fd = open(key_file, O_RDONLY);
415 log_err(cd, "Failed to open key file %s.\n", key_file);
420 /* This can either be 0 (LUKS) or the actually number
421 * of key bytes (default or passed by -s) */
422 read_horizon = key_size;
426 read_horizon = 0; /* Infinite, if read from terminal or fd */
429 /* Interactive case */
433 pass = safe_alloc(MAX_TTY_PASSWORD_LEN);
434 if (!pass || (i = interactive_pass(prompt, pass, MAX_TTY_PASSWORD_LEN, timeout))) {
435 log_err(cd, "Error reading passphrase from terminal.\n");
438 if (verify || verify_if_possible) {
439 char pass_verify[MAX_TTY_PASSWORD_LEN];
440 i = interactive_pass("Verify passphrase: ", pass_verify, sizeof(pass_verify), timeout);
441 if (i || strcmp(pass, pass_verify) != 0) {
442 log_err(cd, "Passphrases do not match.\n");
445 memset(pass_verify, 0, sizeof(pass_verify));
447 *passLen = strlen(pass);
451 * This is either a fd-input or a file, in neither case we can verify the input,
452 * however we don't stop on new lines if it's a binary file.
457 log_err(cd, "Can't do passphrase verification on non-tty inputs.\n");
460 /* The following for control loop does an exhausting
461 * read on the key material file, if requested with
462 * key_size == 0, as it's done by LUKS. However, we
463 * should warn the user, if it's a non-regular file,
464 * such as /dev/random, because in this case, the loop
467 if(key_file && strcmp(key_file, "-") && read_horizon == 0) {
469 if(stat(key_file, &st) < 0) {
470 log_err(cd, "Failed to stat key file %s.\n", key_file);
473 if(!S_ISREG(st.st_mode))
474 log_err(cd, "Warning: exhausting read requested, but key file %s"
475 " is not a regular file, function might never return.\n",
481 for(i = 0; read_horizon == 0 || i < read_horizon; i++) {
482 if(i >= buflen - 1) {
484 pass = safe_realloc(pass, buflen);
486 log_err(cd, "Out of memory while reading passphrase.\n");
490 if(read(fd, pass + i, 1) != 1 || (newline_stop && pass[i] == '\n'))
495 /* Fail if piped input dies reading nothing */
496 if(!i && !regular_file) {
497 log_err(cd, "Error reading passphrase.\n");
513 int device_ready(struct crypt_device *cd, const char *device, int mode)
520 if(stat(device, &st) < 0) {
521 log_err(cd, _("Device %s doesn't exist or access denied.\n"), device);
525 log_dbg("Trying to open and read device %s.", device);
526 devfd = open(device, mode | O_DIRECT | O_SYNC);
528 log_err(cd, _("Cannot open device %s for %s%s access.\n"), device,
529 (mode & O_EXCL) ? _("exclusive ") : "",
530 (mode & O_RDWR) ? _("writable") : _("read-only"));
534 /* Try to read first sector */
535 s = read_blockwise(devfd, buf, sizeof(buf));
536 if (s < 0 || s != sizeof(buf)) {
537 log_err(cd, _("Cannot read device %s.\n"), device);
541 memset(buf, 0, sizeof(buf));
547 int get_device_infos(const char *device, struct device_infos *infos, struct crypt_device *cd)
550 unsigned long size_small;
555 /* Try to open read-write to check whether it is a read-only device */
556 fd = open(device, O_RDWR);
558 if (errno == EROFS) {
560 fd = open(device, O_RDONLY);
564 fd = open(device, O_RDONLY);
567 log_err(cd, _("Cannot open device: %s\n"), device);
572 /* If the device can be opened read-write, i.e. readonly is still 0, then
573 * check whether BKROGET says that it is read-only. E.g. read-only loop
574 * devices may be openend read-write but are read-only according to BLKROGET
576 if (readonly == 0 && ioctl(fd, BLKROGET, &readonly) < 0) {
577 log_err(cd, _("BLKROGET failed on device %s.\n"), device);
581 #error BLKROGET not available
585 if (ioctl(fd, BLKGETSIZE64, &size) >= 0) {
586 size >>= SECTOR_SHIFT;
593 if (ioctl(fd, BLKGETSIZE, &size_small) >= 0) {
594 size = (uint64_t)size_small;
599 # error Need at least the BLKGETSIZE ioctl!
602 log_err(cd, _("BLKGETSIZE failed on device %s.\n"), device);
606 infos->readonly = readonly;
612 int wipe_device_header(const char *device, int sectors)
615 int size = sectors * SECTOR_SIZE;
619 devfd = open(device, O_RDWR | O_DIRECT | O_SYNC);
623 buffer = malloc(size);
628 memset(buffer, 0, size);
630 r = write_blockwise(devfd, buffer, size) < size ? -EIO : 0;
639 #define DEFAULT_PROCESS_PRIORITY -18
641 static int _priority;
642 static int _memlock_count = 0;
644 // return 1 if memory is locked
645 int memlock_inc(struct crypt_device *ctx)
647 if (!_memlock_count++) {
648 log_dbg("Locking memory.");
649 if (mlockall(MCL_CURRENT | MCL_FUTURE)) {
650 log_err(ctx, _("WARNING!!! Possibly insecure memory. Are you root?\n"));
655 if (((_priority = getpriority(PRIO_PROCESS, 0)) == -1) && errno)
656 log_err(ctx, _("Cannot get process priority.\n"));
658 if (setpriority(PRIO_PROCESS, 0, DEFAULT_PROCESS_PRIORITY))
659 log_err(ctx, _("setpriority %u failed: %s"),
660 DEFAULT_PROCESS_PRIORITY, strerror(errno));
662 return _memlock_count ? 1 : 0;
665 int memlock_dec(struct crypt_device *ctx)
667 if (_memlock_count && (!--_memlock_count)) {
668 log_dbg("Unlocking memory.");
670 log_err(ctx, _("Cannot unlock memory."));
671 if (setpriority(PRIO_PROCESS, 0, _priority))
672 log_err(ctx, _("setpriority %u failed: %s"), _priority, strerror(errno));
674 return _memlock_count ? 1 : 0;
projects / platform / upstream / cryptsetup.git / blob