#include "verity.h"
#include "internal.h"
+#define VERITY_MAX_LEVELS 63
+
static unsigned get_bits_up(size_t u)
{
unsigned i = 0;
- while ((1 << i) < u)
+ while ((1U << i) < u)
i++;
return i;
}
static unsigned get_bits_down(size_t u)
{
unsigned i = 0;
- while ((u >> i) > 1)
+ while ((u >> i) > 1U)
i++;
return i;
}
char block[bytes];
size_t i;
- if (fread(block, bytes, 1, wr) != 1)
+ if (fread(block, bytes, 1, wr) != 1) {
+ log_dbg("EIO while reading spare area.");
return -EIO;
+ }
for (i = 0; i < bytes; i++)
if (block[i]) {
- log_err(cd, "spare area is not zeroed at position %" PRIu64 "\n",
+ log_err(cd, _("Spare area is not zeroed at position %" PRIu64 ".\n"),
ftello(wr) - bytes);
return -EPERM;
}
return r;
}
+static int mult_overflow(off_t *u, off_t b, size_t size)
+{
+ *u = (uint64_t)b * size;
+ if ((off_t)(*u / size) != b || (off_t)*u < 0 || (off_t)*u != *u)
+ return 1;
+ return 0;
+}
+
static int create_or_verify(struct crypt_device *cd, FILE *rd, FILE *wr,
off_t data_block, size_t data_block_size,
off_t hash_block, size_t hash_block_size,
size_t hash_per_block = 1 << get_bits_down(hash_block_size / digest_size);
size_t digest_size_full = 1 << get_bits_up(digest_size);
off_t blocks_to_write = (blocks + hash_per_block - 1) / hash_per_block;
+ off_t seek_rd, seek_wr;
size_t left_bytes;
- int i, r;
+ unsigned i;
+ int r;
- if (fseeko(rd, data_block * data_block_size, SEEK_SET))
+ if (mult_overflow(&seek_rd, data_block, data_block_size) ||
+ mult_overflow(&seek_wr, hash_block, hash_block_size)) {
+ log_err(cd, _("Device offset overflow.\n"));
+ return -EINVAL;
+ }
+
+ if (fseeko(rd, seek_rd, SEEK_SET)) {
+ log_dbg("Cannot seek to requested position in data device.");
return -EIO;
+ }
- if (wr && fseeko(wr, hash_block * hash_block_size, SEEK_SET))
+ if (wr && fseeko(wr, seek_wr, SEEK_SET)) {
+ log_dbg("Cannot seek to requested position in hash device.");
return -EIO;
+ }
memset(left_block, 0, hash_block_size);
while (blocks_to_write--) {
if (!blocks)
break;
blocks--;
- if (fread(data_buffer, data_block_size, 1, rd) != 1)
+ if (fread(data_buffer, data_block_size, 1, rd) != 1) {
+ log_dbg("Cannot read data device block.");
return -EIO;
+ }
if (verify_hash_block(hash_name, version,
calculated_digest, digest_size,
if (!wr)
break;
if (verify) {
- if (fread(read_digest, digest_size, 1, wr) != 1)
+ if (fread(read_digest, digest_size, 1, wr) != 1) {
+ log_dbg("Cannot read digest form hash device.");
return -EIO;
+ }
if (memcmp(read_digest, calculated_digest, digest_size)) {
- log_err(cd, "verification failed at position %" PRIu64 "\n",
+ log_err(cd, _("Verification failed at position %" PRIu64 ".\n"),
ftello(rd) - data_block_size);
return -EPERM;
}
} else {
- if (fwrite(calculated_digest, digest_size, 1, wr) != 1)
+ if (fwrite(calculated_digest, digest_size, 1, wr) != 1) {
+ log_dbg("Cannot write digest to hash device.");
return -EIO;
+ }
}
if (version == 0) {
left_bytes -= digest_size;
r = verify_zero(cd, wr, digest_size_full - digest_size);
if (r)
return r;
- } else if (fwrite(left_block, digest_size_full - digest_size, 1, wr) != 1)
+ } else if (fwrite(left_block, digest_size_full - digest_size, 1, wr) != 1) {
+ log_dbg("Cannot write spare area to hash device.");
return -EIO;
+ }
}
left_bytes -= digest_size_full;
}
r = verify_zero(cd , wr, left_bytes);
if (r)
return r;
- } else if (fwrite(left_block, left_bytes, 1, wr) != 1)
+ } else if (fwrite(left_block, left_bytes, 1, wr) != 1) {
+ log_dbg("Cannot write remaining spare area to hash device.");
return -EIO;
+ }
}
}
off_t hash_level_size[VERITY_MAX_LEVELS];
off_t data_file_blocks, s;
size_t hash_per_block, hash_per_block_bits;
- uint64_t data_device_size;
+ off_t data_device_size = 0, hash_device_size = 0;
+ uint64_t dev_size;
int levels, i, r;
- log_dbg("Userspace hash %s %s, data device %s, data blocks %" PRIu64
+ log_dbg("Hash %s %s, data device %s, data blocks %" PRIu64
", hash_device %s, offset %" PRIu64 ".",
verify ? "verification" : "creation", hash_name,
data_device, data_blocks, hash_device, hash_position);
+ if (data_blocks < 0 || hash_position < 0) {
+ log_err(cd, _("Invalid size parameters for verity device.\n"));
+ return -EINVAL;
+ }
+
if (!data_blocks) {
- r = device_size(data_device, &data_device_size);
+ r = device_size(data_device, &dev_size);
if (r < 0)
return r;
- data_file_blocks = data_device_size / data_block_size;
+ data_file_blocks = dev_size / data_block_size;
} else
data_file_blocks = data_blocks;
+ if (mult_overflow(&data_device_size, data_blocks, data_block_size)) {
+ log_err(cd, _("Device offset overflow.\n"));
+ return -EINVAL;
+ }
+
hash_per_block_bits = get_bits_down(hash_block_size / digest_size);
hash_per_block = 1 << hash_per_block_bits;
- if (!hash_per_block_bits) {
- log_err(cd, "at least two hashes must fit in a hash file block\n");
+ if (!hash_per_block_bits)
return -EINVAL;
- }
levels = 0;
if (data_file_blocks) {
(data_file_blocks - 1) >> (hash_per_block_bits * levels))
levels++;
}
+ log_dbg("Using %d hash levels.", levels);
if (levels > VERITY_MAX_LEVELS) {
- log_err(cd, "too many tree levels\n");
+ log_err(cd, _("Too many tree levels for verity volume.\n"));
return -EINVAL;
}
if (hash_position + s < hash_position ||
(hash_position + s) < 0 ||
(hash_position + s) != hash_position + s) {
- log_err(cd, "hash device offset overflow\n");
+ log_err(cd, _("Device offset overflow.\n"));
return -EINVAL;
}
hash_position += s;
}
+ if (mult_overflow(&hash_device_size, hash_position, hash_block_size)) {
+ log_err(cd, _("Device offset overflow.\n"));
+ return -EINVAL;
+ }
+
+ log_dbg("Data device size required: %" PRIu64 " bytes.",
+ data_device_size);
data_file = fopen(data_device, "r");
if (!data_file) {
- log_err(cd, "Cannot open %s.\n", data_device);
+ log_err(cd, _("Cannot open device %s.\n"), data_device);
r = -EIO;
goto out;
}
+ log_dbg("Hash device size required: %" PRIu64 " bytes.",
+ hash_device_size);
hash_file = fopen(hash_device, verify ? "r" : "r+");
if (!hash_file) {
- log_err(cd, "Cannot open %s.\n", hash_device);
+ log_err(cd, _("Cannot open device %s.\n"), hash_device);
r = -EIO;
goto out;
}
} else {
hash_file_2 = fopen(hash_device, "r");
if (!hash_file_2) {
+ log_err(cd, _("Cannot open device %s.\n"), hash_device);
r = -EIO;
goto out;
}
if (levels)
r = create_or_verify(cd, hash_file, NULL,
hash_level_block[levels - 1], hash_block_size,
- 0, 0,
+ 0, hash_block_size,
1, version, hash_name, verify,
calculated_digest, digest_size, salt, salt_size);
else
r = create_or_verify(cd, data_file, NULL,
0, data_block_size,
- 0, 0,
+ 0, hash_block_size,
data_file_blocks, version, hash_name, verify,
calculated_digest, digest_size, salt, salt_size);
-
- if (r) {
- log_err(cd, "Hash of data area verification failed.\n");
- goto out;
- } else
- log_dbg("Hash of data area successfully verified.");
-
- /* root hash verification */
+out:
if (verify) {
- r = memcmp(root_hash, calculated_digest, digest_size) ? -EPERM : 0;
if (r)
- log_err(cd, "Root hash verification failed.\n");
- else
- log_dbg("Root hash successfully verified.");
+ log_err(cd, _("Verification of data area failed.\n"));
+ else {
+ log_dbg("Verification of data area succeeded.");
+ r = memcmp(root_hash, calculated_digest, digest_size) ? -EPERM : 0;
+ if (r)
+ log_err(cd, _("Verification of root hash failed.\n"));
+ else
+ log_dbg("Verification of root hash succeeded.");
+ }
} else {
- fsync(fileno(hash_file));
- memcpy(root_hash, calculated_digest, digest_size);
+ if (r == -EIO)
+ log_err(cd, _("Input/output error while creating hash area.\n"));
+ else if (r)
+ log_err(cd, _("Creation of hash area failed.\n"));
+ else {
+ fsync(fileno(hash_file));
+ memcpy(root_hash, calculated_digest, digest_size);
+ }
}
-out:
+
if (data_file)
fclose(data_file);
if (hash_file)
const char *root_hash,
size_t root_hash_size)
{
- int r = VERITY_create_or_verify_hash(cd, 1,
- verity_hdr->version,
+ return VERITY_create_or_verify_hash(cd, 1,
+ verity_hdr->hash_type,
verity_hdr->hash_name,
hash_device,
data_device,
root_hash_size,
verity_hdr->salt,
verity_hdr->salt_size);
-
- if (r == -EPERM)
- log_err(cd, "Userspace hash verification failed.\n");
-
- return r;
}
+/* Create verity hash */
int VERITY_create(struct crypt_device *cd,
struct crypt_params_verity *verity_hdr,
const char *data_device,
char *root_hash,
size_t root_hash_size)
{
- if (verity_hdr->salt_size > VERITY_MAX_SALT_SIZE)
+ unsigned pgsize = crypt_getpagesize();
+
+ if (verity_hdr->salt_size > 256)
return -EINVAL;
+ if (verity_hdr->data_block_size > pgsize)
+ log_err(cd, _("WARNING: Kernel cannot activate device if data "
+ "block size exceeds page size (%u).\n"), pgsize);
+
return VERITY_create_or_verify_hash(cd, 0,
- verity_hdr->version,
+ verity_hdr->hash_type,
verity_hdr->hash_name,
hash_device,
data_device,