2 * dm-verity volume handling
4 * Copyright (C) 2012, Red Hat, Inc. All rights reserved.
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * version 2 as published by the Free Software Foundation.
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, write to the Free Software
17 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
29 static unsigned get_bits_up(size_t u)
37 static unsigned get_bits_down(size_t u)
45 static int verify_zero(struct crypt_device *cd, FILE *wr, size_t bytes)
50 if (fread(block, bytes, 1, wr) != 1)
52 for (i = 0; i < bytes; i++)
54 log_err(cd, "spare area is not zeroed at position %" PRIu64 "\n",
61 static int verify_hash_block(const char *hash_name, int version,
62 char *hash, size_t hash_size,
63 const char *data, size_t data_size,
64 const char *salt, size_t salt_size)
66 struct crypt_hash *ctx = NULL;
69 if (crypt_hash_init(&ctx, hash_name))
72 if (version == 1 && (r = crypt_hash_write(ctx, salt, salt_size)))
75 if ((r = crypt_hash_write(ctx, data, data_size)))
78 if (version == 0 && (r = crypt_hash_write(ctx, salt, salt_size)))
81 r = crypt_hash_final(ctx, hash, hash_size);
83 crypt_hash_destroy(ctx);
87 static int create_or_verify(struct crypt_device *cd, FILE *rd, FILE *wr,
88 off_t data_block, size_t data_block_size,
89 off_t hash_block, size_t hash_block_size,
90 off_t blocks, int version,
91 const char *hash_name, int verify,
92 char *calculated_digest, size_t digest_size,
93 const char *salt, size_t salt_size)
95 char left_block[hash_block_size];
96 char data_buffer[data_block_size];
97 char read_digest[digest_size];
98 size_t hash_per_block = 1 << get_bits_down(hash_block_size / digest_size);
99 size_t digest_size_full = 1 << get_bits_up(digest_size);
100 off_t blocks_to_write = (blocks + hash_per_block - 1) / hash_per_block;
104 if (fseeko(rd, data_block * data_block_size, SEEK_SET))
107 if (wr && fseeko(wr, hash_block * hash_block_size, SEEK_SET))
110 memset(left_block, 0, hash_block_size);
111 while (blocks_to_write--) {
112 left_bytes = hash_block_size;
113 for (i = 0; i < hash_per_block; i++) {
117 if (fread(data_buffer, data_block_size, 1, rd) != 1)
120 if (verify_hash_block(hash_name, version,
121 calculated_digest, digest_size,
122 data_buffer, data_block_size,
129 if (fread(read_digest, digest_size, 1, wr) != 1)
131 if (memcmp(read_digest, calculated_digest, digest_size)) {
132 log_err(cd, "verification failed at position %" PRIu64 "\n",
133 ftello(rd) - data_block_size);
137 if (fwrite(calculated_digest, digest_size, 1, wr) != 1)
141 left_bytes -= digest_size;
143 if (digest_size_full - digest_size) {
145 r = verify_zero(cd, wr, digest_size_full - digest_size);
148 } else if (fwrite(left_block, digest_size_full - digest_size, 1, wr) != 1)
151 left_bytes -= digest_size_full;
154 if (wr && left_bytes) {
156 r = verify_zero(cd , wr, left_bytes);
159 } else if (fwrite(left_block, left_bytes, 1, wr) != 1)
167 static int VERITY_create_or_verify_hash(struct crypt_device *cd,
170 const char *hash_name,
171 const char *hash_device,
172 const char *data_device,
173 size_t hash_block_size,
174 size_t data_block_size,
182 char calculated_digest[digest_size];
183 FILE *data_file = NULL;
184 FILE *hash_file = NULL, *hash_file_2;
185 off_t hash_level_block[VERITY_MAX_LEVELS];
186 off_t hash_level_size[VERITY_MAX_LEVELS];
187 off_t data_file_blocks, s;
188 size_t hash_per_block, hash_per_block_bits;
189 uint64_t data_device_size;
192 log_dbg("Userspace hash %s %s, data device %s, data blocks %" PRIu64
193 ", hash_device %s, offset %" PRIu64 ".",
194 verify ? "verification" : "creation", hash_name,
195 data_device, data_blocks, hash_device, hash_position);
198 r = device_size(data_device, &data_device_size);
202 data_file_blocks = data_device_size / data_block_size;
204 data_file_blocks = data_blocks;
206 hash_per_block_bits = get_bits_down(hash_block_size / digest_size);
207 hash_per_block = 1 << hash_per_block_bits;
208 if (!hash_per_block_bits) {
209 log_err(cd, "at least two hashes must fit in a hash file block\n");
214 if (data_file_blocks) {
215 while (hash_per_block_bits * levels < 64 &&
216 (data_file_blocks - 1) >> (hash_per_block_bits * levels))
220 if (levels > VERITY_MAX_LEVELS) {
221 log_err(cd, "too many tree levels\n");
225 for (i = levels - 1; i >= 0; i--) {
226 hash_level_block[i] = hash_position;
227 // verity position of block data_file_blocks at level i
228 s = data_file_blocks >> (i * hash_per_block_bits);
229 s = (s + hash_per_block - 1) / hash_per_block;
230 hash_level_size[i] = s;
231 if (hash_position + s < hash_position ||
232 (hash_position + s) < 0 ||
233 (hash_position + s) != hash_position + s) {
234 log_err(cd, "hash device offset overflow\n");
240 data_file = fopen(data_device, "r");
242 log_err(cd, "Cannot open %s.\n", data_device);
247 hash_file = fopen(hash_device, verify ? "r" : "r+");
249 log_err(cd, "Cannot open %s.\n", hash_device);
254 memset(calculated_digest, 0, digest_size);
256 for (i = 0; i < levels; i++) {
258 r = create_or_verify(cd, data_file, hash_file,
260 hash_level_block[i], hash_block_size,
261 data_file_blocks, version, hash_name, verify,
262 calculated_digest, digest_size, salt, salt_size);
266 hash_file_2 = fopen(hash_device, "r");
271 r = create_or_verify(cd, hash_file_2, hash_file,
272 hash_level_block[i - 1], hash_block_size,
273 hash_level_block[i], hash_block_size,
274 hash_level_size[i - 1], version, hash_name, verify,
275 calculated_digest, digest_size, salt, salt_size);
283 r = create_or_verify(cd, hash_file, NULL,
284 hash_level_block[levels - 1], hash_block_size,
286 1, version, hash_name, verify,
287 calculated_digest, digest_size, salt, salt_size);
289 r = create_or_verify(cd, data_file, NULL,
292 data_file_blocks, version, hash_name, verify,
293 calculated_digest, digest_size, salt, salt_size);
296 log_err(cd, "Hash of data area verification failed.\n");
299 log_dbg("Hash of data area successfully verified.");
301 /* root hash verification */
303 r = memcmp(root_hash, calculated_digest, digest_size) ? -EPERM : 0;
305 log_err(cd, "Root hash verification failed.\n");
307 log_dbg("Root hash successfully verified.");
309 fsync(fileno(hash_file));
310 memcpy(root_hash, calculated_digest, digest_size);
320 /* Verify verity device using userspace crypto backend */
321 int VERITY_verify(struct crypt_device *cd,
322 struct crypt_params_verity *verity_hdr,
323 const char *data_device,
324 const char *hash_device,
325 const char *root_hash,
326 size_t root_hash_size)
328 int r = VERITY_create_or_verify_hash(cd, 1,
330 verity_hdr->hash_name,
333 verity_hdr->hash_block_size,
334 verity_hdr->data_block_size,
335 verity_hdr->data_size,
336 VERITY_hash_offset_block(verity_hdr),
337 CONST_CAST(char*)root_hash,
340 verity_hdr->salt_size);
343 log_err(cd, "Userspace hash verification failed.\n");
348 int VERITY_create(struct crypt_device *cd,
349 struct crypt_params_verity *verity_hdr,
350 const char *data_device,
351 const char *hash_device,
353 size_t root_hash_size)
355 if (verity_hdr->salt_size > VERITY_MAX_SALT_SIZE)
358 return VERITY_create_or_verify_hash(cd, 0,
360 verity_hdr->hash_name,
363 verity_hdr->hash_block_size,
364 verity_hdr->data_block_size,
365 verity_hdr->data_size,
366 VERITY_hash_offset_block(verity_hdr),
370 verity_hdr->salt_size);