X-Git-Url: http://review.tizen.org/git/?a=blobdiff_plain;f=lib%2Ftcrypt%2Ftcrypt.c;h=69a70b49a5bbf8de50dd28757237109c65863a89;hb=eac953c6e42ae7652b822ac906a7ee6bfc711cb4;hp=23052e85c3fc09fd138efe87b15cb4a267701bd5;hpb=0996a43dbb7ad2a52a6e9db29f145e7e38dd55b6;p=platform%2Fupstream%2Fcryptsetup.git diff --git a/lib/tcrypt/tcrypt.c b/lib/tcrypt/tcrypt.c index 23052e8..69a70b4 100644 --- a/lib/tcrypt/tcrypt.c +++ b/lib/tcrypt/tcrypt.c @@ -48,77 +48,125 @@ struct tcrypt_alg { const char *name; unsigned int key_size; unsigned int iv_size; + unsigned int key_offset; + unsigned int iv_offset; /* or tweak key offset */ }; -/* TCRYPT cipher variants */ -static struct { +struct tcrypt_algs { unsigned int legacy:1; + unsigned int chain_count; + unsigned int chain_key_size; + const char *long_name; const char *mode; struct tcrypt_alg cipher[3]; -} tcrypt_cipher[] = { - { 0, "xts-plain64",{{"aes", 64,16}}}, - { 0, "xts-plain64",{{"serpent",64,16}}}, - { 0, "xts-plain64",{{"twofish",64,16}}}, - { 0, "xts-plain64",{{"twofish",64,16},{"aes", 64,16}}}, - { 0, "xts-plain64",{{"serpent",64,16},{"twofish",64,16},{"aes", 64,16}}}, - { 0, "xts-plain64",{{"aes", 64,16},{"serpent",64,16}}}, - { 0, "xts-plain64",{{"aes", 64,16},{"twofish",64,16},{"serpent",64,16}}}, - { 0, "xts-plain64",{{"serpent",64,16},{"twofish",64,16}}}, - - { 0, "lrw-benbi", {{"aes", 48,16}}}, - { 0, "lrw-benbi", {{"serpent",48,16}}}, - { 0, "lrw-benbi", {{"twofish",48,16}}}, - { 0, "lrw-benbi", {{"twofish",48,16},{"aes", 48,16}}}, - { 0, "lrw-benbi", {{"serpent",48,16},{"twofish",48,16},{"aes", 48,16}}}, - { 0, "lrw-benbi", {{"aes", 48,16},{"serpent",48,16}}}, - { 0, "lrw-benbi", {{"aes", 48,16},{"twofish",48,16},{"serpent",48,16}}}, - { 0, "lrw-benbi", {{"serpent",48,16},{"twofish",48,16}}}, - - { 1, "cbc-tcrypt", {{"aes", 32,16}}}, - { 1, "cbc-tcrypt", {{"serpent",32,16}}}, - { 1, "cbc-tcrypt", {{"twofish",32,16}}}, - { 1, "cbci-tcrypt",{{"twofish",32,16},{"aes", 32,16}}}, - { 1, "cbci-tcrypt",{{"serpent",32,16},{"twofish",32,16},{"aes", 32,16}}}, - { 1, "cbci-tcrypt",{{"aes", 32,16},{"serpent",32,16}}}, - { 1, "cbci-tcrypt",{{"aes", 32,16},{"twofish",32,16},{"serpent",32,16}}}, - { 1, "cbci-tcrypt",{{"serpent",32,16},{"twofish",32,16}}}, - - { 1, "cbc-tcrypt", {{"cast5", 16,8}}}, - { 1, "cbc-tcrypt", {{"des3_ede",24,8}}}, - - // kernel LRW block size is fixed to 16 bytes - // thus cannot be used with blowfish where block is 8 bytes - //{ 1,"lrw-benbi",{{"blowfish",64,8}}}, - //{ 1,"lrw-benbi",{{"blowfish",64,8},{"aes",48,16}}}, - //{ 1,"lrw-benbi",{{"serpent",48,16},{"blowfish",64,8},{"aes",48,16}}}, - - // FIXME: why this doesn't work (blowfish key wrong)? - //{ 1,"cbc-tcrypt",{{"blowfish",56,8}}}, - //{ 1,"cbc-tcrypt",{{"blowfish",56,8},{"aes",32,16}}}, - //{ 1,"cbc-tcrypt",{{"serpent",32,16},{"blowfish",56,8},{"aes",32,16}}}, - {} }; -static void hdr_info(struct crypt_device *cd, struct tcrypt_phdr *hdr, - struct crypt_params_tcrypt *params) -{ - log_dbg("Version: %d, required %d", (int)hdr->d.version, (int)hdr->d.version_tc); - - log_dbg("Hidden size: %" PRIu64, hdr->d.hidden_volume_size); - log_dbg("Volume size: %" PRIu64, hdr->d.volume_size); - - log_dbg("Sector size: %" PRIu64, hdr->d.sector_size); - log_dbg("Flags: %d", (int)hdr->d.flags); - log_dbg("MK: offset %d, size %d", (int)hdr->d.mk_offset, (int)hdr->d.mk_size); - log_dbg("KDF: PBKDF2, hash %s", params->hash_name); - log_dbg("Cipher: %s-%s", params->cipher, params->mode); -} +/* TCRYPT cipher variants */ +static struct tcrypt_algs tcrypt_cipher[] = { +/* XTS mode */ +{0,1,64,"aes","xts-plain64", + {{"aes", 64,16,0,32}}}, +{0,1,64,"serpent","xts-plain64", + {{"serpent",64,16,0,32}}}, +{0,1,64,"twofish","xts-plain64", + {{"twofish",64,16,0,32}}}, +{0,2,128,"twofish-aes","xts-plain64", + {{"twofish",64,16, 0,64}, + {"aes", 64,16,32,96}}}, +{0,3,192,"serpent-twofish-aes","xts-plain64", + {{"serpent",64,16, 0, 96}, + {"twofish",64,16,32,128}, + {"aes", 64,16,64,160}}}, +{0,2,128,"aes-serpent","xts-plain64", + {{"aes", 64,16, 0,64}, + {"serpent",64,16,32,96}}}, +{0,3,192,"aes-twofish-serpent","xts-plain64", + {{"aes", 64,16, 0, 96}, + {"twofish",64,16,32,128}, + {"serpent",64,16,64,160}}}, +{0,2,128,"serpent-twofish","xts-plain64", + {{"serpent",64,16, 0,64}, + {"twofish",64,16,32,96}}}, +/* LRW mode */ +{0,1,48,"aes","lrw-benbi", + {{"aes", 48,16,32,0}}}, +{0,1,48,"serpent","lrw-benbi", + {{"serpent",48,16,32,0}}}, +{0,1,48,"twofish","lrw-benbi", + {{"twofish",48,16,32,0}}}, +{0,2,96,"twofish-aes","lrw-benbi", + {{"twofish",48,16,32,0}, + {"aes", 48,16,64,0}}}, +{0,3,144,"serpent-twofish-aes","lrw-benbi", + {{"serpent",48,16,32,0}, + {"twofish",48,16,64,0}, + {"aes", 48,16,96,0}}}, +{0,2,96,"aes-serpent","lrw-benbi", + {{"aes", 48,16,32,0}, + {"serpent",48,16,64,0}}}, +{0,3,144,"aes-twofish-serpent","lrw-benbi", + {{"aes", 48,16,32,0}, + {"twofish",48,16,64,0}, + {"serpent",48,16,96,0}}}, +{0,2,96,"serpent-twofish", "lrw-benbi", + {{"serpent",48,16,32,0}, + {"twofish",48,16,64,0}}}, +/* Kernel LRW block size is fixed to 16 bytes for GF(2^128) + * thus cannot be used with blowfish where block is 8 bytes. + * There also no GF(2^64) support. +{1,1,64,"blowfish_le","lrw-benbi", + {{"blowfish_le",64,8,32,0}}}, +{1,2,112,"blowfish_le-aes","lrw-benbi", + {{"blowfish_le",64, 8,32,0}, + {"aes", 48,16,88,0}}}, +{1,3,160,"serpent-blowfish_le-aes","lrw-benbi", + {{"serpent", 48,16, 32,0}, + {"blowfish_le",64, 8, 64,0}, + {"aes", 48,16,120,0}}},*/ +/* CBC + "outer" CBC (both with whitening) */ +{1,1,32,"aes","cbc-tcrypt", + {{"aes", 32,16,32,0}}}, +{1,1,32,"serpent","cbc-tcrypt", + {{"serpent",32,16,32,0}}}, +{1,1,32,"twofish","cbc-tcrypt", + {{"twofish",32,16,32,0}}}, +{1,2,64,"twofish-aes","cbci-tcrypt", + {{"twofish",32,16,32,0}, + {"aes", 32,16,64,0}}}, +{1,3,96,"serpent-twofish-aes","cbci-tcrypt", + {{"serpent",32,16,32,0}, + {"twofish",32,16,64,0}, + {"aes", 32,16,96,0}}}, +{1,2,64,"aes-serpent","cbci-tcrypt", + {{"aes", 32,16,32,0}, + {"serpent",32,16,64,0}}}, +{1,3,96,"aes-twofish-serpent", "cbci-tcrypt", + {{"aes", 32,16,32,0}, + {"twofish",32,16,64,0}, + {"serpent",32,16,96,0}}}, +{1,2,64,"serpent-twofish", "cbci-tcrypt", + {{"serpent",32,16,32,0}, + {"twofish",32,16,64,0}}}, +{1,1,16,"cast5","cbc-tcrypt", + {{"cast5", 16,8,32,0}}}, +{1,1,24,"des3_ede","cbc-tcrypt", + {{"des3_ede",24,8,32,0}}}, +{1,1,56,"blowfish_le","cbc-tcrypt", + {{"blowfish_le",56,8,32,0}}}, +{1,2,88,"blowfish_le-aes","cbc-tcrypt", + {{"blowfish_le",56, 8,32,0}, + {"aes", 32,16,88,0}}}, +{1,3,120,"serpent-blowfish_le-aes","cbc-tcrypt", + {{"serpent", 32,16, 32,0}, + {"blowfish_le",56, 8, 64,0}, + {"aes", 32,16,120,0}}}, +{} +}; static int hdr_from_disk(struct tcrypt_phdr *hdr, struct crypt_params_tcrypt *params, int kdf_index, int cipher_index) { - char cipher_name[MAX_CIPHER_LEN * 4]; uint32_t crc32; size_t size; @@ -140,7 +188,7 @@ static int hdr_from_disk(struct tcrypt_phdr *hdr, /* Convert header to cpu format */ hdr->d.version = be16_to_cpu(hdr->d.version); - hdr->d.version_tc = le16_to_cpu(hdr->d.version_tc); // ??? + hdr->d.version_tc = le16_to_cpu(hdr->d.version_tc); hdr->d.keys_crc32 = be32_to_cpu(hdr->d.keys_crc32); @@ -164,37 +212,87 @@ static int hdr_from_disk(struct tcrypt_phdr *hdr, /* Set params */ params->passphrase = NULL; params->passphrase_size = 0; - params->hash_name = tcrypt_kdf[kdf_index].hash; + params->key_size = tcrypt_cipher[cipher_index].chain_key_size; + params->cipher = tcrypt_cipher[cipher_index].long_name; + params->mode = tcrypt_cipher[cipher_index].mode; - params->key_size = tcrypt_cipher[cipher_index].cipher[0].key_size; - strncpy(cipher_name, tcrypt_cipher[cipher_index].cipher[0].name, - sizeof(cipher_name)); + return 0; +} - if (tcrypt_cipher[cipher_index].cipher[1].name) { - strcat(cipher_name, "-"); - strncat(cipher_name, tcrypt_cipher[cipher_index].cipher[1].name, - MAX_CIPHER_LEN); - params->key_size += tcrypt_cipher[cipher_index].cipher[1].key_size; - } +/* + * Kernel implements just big-endian version of blowfish, hack it here + */ +static void blowfish_le(char *buf) +{ + uint32_t *l = (uint32_t*)&buf[0]; + uint32_t *r = (uint32_t*)&buf[4]; + *l = swab32(*l); + *r = swab32(*r); +} - if (tcrypt_cipher[cipher_index].cipher[2].name) { - strcat(cipher_name, "-"); - strncat(cipher_name, tcrypt_cipher[cipher_index].cipher[2].name, - MAX_CIPHER_LEN); - params->key_size += tcrypt_cipher[cipher_index].cipher[2].key_size; +static int decrypt_blowfish_le_cbc(struct tcrypt_alg *alg, + const char *key, char *buf) +{ + char iv[alg->iv_size], iv_old[alg->iv_size]; + struct crypt_cipher *cipher = NULL; + int bs = alg->iv_size; + int i, j, r; + + assert(bs == 2*sizeof(uint32_t)); + + r = crypt_cipher_init(&cipher, "blowfish", "ecb", + &key[alg->key_offset], alg->key_size); + if (r < 0) + return r; + + memcpy(iv, &key[alg->iv_offset], alg->iv_size); + for (i = 0; i < TCRYPT_HDR_LEN; i += bs) { + memcpy(iv_old, &buf[i], bs); + blowfish_le(&buf[i]); + r = crypt_cipher_decrypt(cipher, &buf[i], &buf[i], + bs, NULL, 0); + blowfish_le(&buf[i]); + if (r < 0) + break; + for (j = 0; j < bs; j++) + buf[i + j] ^= iv[j]; + memcpy(iv, iv_old, bs); } - params->cipher = strdup(cipher_name); - params->mode = strdup(tcrypt_cipher[cipher_index].mode); + crypt_cipher_destroy(cipher); + return r; +} - return 0; +static void remove_whitening(char *buf, const char *key) +{ + int j; + + for (j = 0; j < TCRYPT_HDR_LEN; j++) + buf[j] ^= key[j % 8]; +} + +static void copy_key(struct tcrypt_alg *alg, const char *mode, + char *out_key, const char *key) +{ + int ks2; + if (!strncmp(mode, "xts", 3)) { + ks2 = alg->key_size / 2; + memcpy(out_key, &key[alg->key_offset], ks2); + memcpy(&out_key[ks2], &key[alg->iv_offset], ks2); + } else if (!strncmp(mode, "lrw", 3)) { + ks2 = alg->key_size - TCRYPT_LRW_IKEY_LEN; + memcpy(out_key, &key[alg->key_offset], ks2); + memcpy(&out_key[ks2], key, TCRYPT_LRW_IKEY_LEN); + } else if (!strncmp(mode, "cbc", 3)) { + memcpy(out_key, &key[alg->key_offset], alg->key_size); + } } -static int decrypt_hdr_one(const char *name, const char *mode, - const char *key, size_t key_size, - size_t iv_size, struct tcrypt_phdr *hdr) +static int decrypt_hdr_one(struct tcrypt_alg *alg, const char *mode, + const char *key,struct tcrypt_phdr *hdr) { + char backend_key[TCRYPT_HDR_KEY_LEN]; char iv[TCRYPT_HDR_IV_LEN] = {}; char mode_name[MAX_CIPHER_LEN]; struct crypt_cipher *cipher; @@ -208,70 +306,56 @@ static int decrypt_hdr_one(const char *name, const char *mode, *c = '\0'; if (!strncmp(mode, "lrw", 3)) - iv[iv_size - 1] = 1; - else if (!strncmp(mode, "cbc", 3)) - memcpy(iv, &key[key_size], iv_size); + iv[alg->iv_size - 1] = 1; + else if (!strncmp(mode, "cbc", 3)) { + remove_whitening(buf, &key[8]); + if (!strcmp(alg->name, "blowfish_le")) + return decrypt_blowfish_le_cbc(alg, key, buf); + memcpy(iv, &key[alg->iv_offset], alg->iv_size); + } - r = crypt_cipher_init(&cipher, name, mode_name, key, key_size); + copy_key(alg, mode, backend_key, key); + r = crypt_cipher_init(&cipher, alg->name, mode_name, + backend_key, alg->key_size); + memset(backend_key, 0, sizeof(backend_key)); if (r < 0) return r; - r = crypt_cipher_decrypt(cipher, buf, buf, TCRYPT_HDR_LEN, iv, iv_size); + r = crypt_cipher_decrypt(cipher, buf, buf, TCRYPT_HDR_LEN, iv, alg->iv_size); crypt_cipher_destroy(cipher); return r; } -static void copy_key(char *out_key, const char *key, int key_num, - int ks, int ki, const char *mode) -{ - if (!strncmp(mode, "xts", 3)) { - int ks2 = ks / 2; - memcpy(out_key, &key[ks2 * ki], ks2); - memcpy(&out_key[ks2], &key[ks2 * (++key_num + ki)], ks2); - } else if (!strncmp(mode, "lrw", 3)) { - /* First is LRW index key */ - ki++; - ks -= TCRYPT_LRW_IKEY_LEN; - memcpy(out_key, &key[ks * ki], ks); - memcpy(&out_key[ks * ki], key, TCRYPT_LRW_IKEY_LEN); - } else if (!strncmp(mode, "cbc", 3)) { - ki++; - memcpy(out_key, &key[ki * 32], ks); - memcpy(&out_key[ks], key, 32); - } -} - /* - * For chanined ciphers and CBC mode we need "inner" decryption. + * For chanined ciphers and CBC mode we need "outer" decryption. * Backend doesn't provide this, so implement it here directly using ECB. */ -static int decrypt_hdr_cbci(struct tcrypt_alg ciphers[3], +static int decrypt_hdr_cbci(struct tcrypt_algs *ciphers, const char *key, struct tcrypt_phdr *hdr) { - struct crypt_cipher *cipher[3] = {}; - int bs = ciphers[0].iv_size; + struct crypt_cipher *cipher[ciphers->chain_count]; + int bs = ciphers->cipher[0].iv_size; char *buf = (char*)&hdr->e, iv[bs], iv_old[bs]; - int i, j, r; + int i, j, r = -EINVAL; + + remove_whitening(buf, &key[8]); - memcpy(iv, key, bs); + memcpy(iv, &key[ciphers->cipher[0].iv_offset], bs); /* Initialize all ciphers in chain in ECB mode */ - for (j = 0; j < 3; j++) { - if (!ciphers[j].name) - continue; - r = crypt_cipher_init(&cipher[j], ciphers[j].name, "ecb", - &key[(j+1)*32], ciphers[j].key_size); + for (j = 0; j < ciphers->chain_count; j++) { + r = crypt_cipher_init(&cipher[j], ciphers->cipher[j].name, "ecb", + &key[ciphers->cipher[j].key_offset], + ciphers->cipher[j].key_size); if (r < 0) goto out; } - /* Implements CBC with chained ciphers in inner loop */ + /* Implements CBC with chained ciphers in loop inside */ for (i = 0; i < TCRYPT_HDR_LEN; i += bs) { memcpy(iv_old, &buf[i], bs); - for (j = 2; j >= 0; j--) { - if (!cipher[j]) - continue; + for (j = ciphers->chain_count - 1; j >= 0; j--) { r = crypt_cipher_decrypt(cipher[j], &buf[i], &buf[i], bs, NULL, 0); if (r < 0) @@ -282,66 +366,44 @@ static int decrypt_hdr_cbci(struct tcrypt_alg ciphers[3], memcpy(iv, iv_old, bs); } out: - for (j = 0; j < 3; j++) + for (j = 0; j < ciphers->chain_count; j++) if (cipher[j]) crypt_cipher_destroy(cipher[j]); return r; } -static int top_cipher(struct tcrypt_alg cipher[3]) -{ - if (cipher[2].name) - return 2; - - if (cipher[1].name) - return 1; - - return 0; -} - static int decrypt_hdr(struct crypt_device *cd, struct tcrypt_phdr *hdr, const char *key, int legacy_modes) { - char one_key[TCRYPT_HDR_KEY_LEN]; struct tcrypt_phdr hdr2; int i, j, r; - for (i = 0; tcrypt_cipher[i].cipher[0].name; i++) { + for (i = 0; tcrypt_cipher[i].chain_count; i++) { if (!legacy_modes && tcrypt_cipher[i].legacy) continue; - log_dbg("TCRYPT: trying cipher: %s%s%s%s%s-%s.", - tcrypt_cipher[i].cipher[0].name, - tcrypt_cipher[i].cipher[1].name ? "-" : "", tcrypt_cipher[i].cipher[1].name ?: "", - tcrypt_cipher[i].cipher[2].name ? "-" : "", tcrypt_cipher[i].cipher[2].name ?: "", - tcrypt_cipher[i].mode); + log_dbg("TCRYPT: trying cipher %s-%s", + tcrypt_cipher[i].long_name, tcrypt_cipher[i].mode); memcpy(&hdr2.e, &hdr->e, TCRYPT_HDR_LEN); - /* Remove CBC whitening */ - if (!strncmp(tcrypt_cipher[i].mode, "cbc", 3)) { - char *buf = (char*)&hdr2.e; - for (j = 0; j < TCRYPT_HDR_LEN; j++) - buf[j] ^= key[8 + j % 8]; - } - - /* For chained (inner) CBC we do not have API support */ if (!strncmp(tcrypt_cipher[i].mode, "cbci", 4)) - r = decrypt_hdr_cbci(tcrypt_cipher[i].cipher, key, &hdr2); - else for (j = 2; j >= 0 ; j--) { + r = decrypt_hdr_cbci(&tcrypt_cipher[i], key, &hdr2); + else for (j = tcrypt_cipher[i].chain_count - 1; j >= 0 ; j--) { if (!tcrypt_cipher[i].cipher[j].name) continue; - copy_key(one_key, key, top_cipher(tcrypt_cipher[i].cipher), - tcrypt_cipher[i].cipher[j].key_size, - j, tcrypt_cipher[i].mode); - r = decrypt_hdr_one(tcrypt_cipher[i].cipher[j].name, - tcrypt_cipher[i].mode, one_key, - tcrypt_cipher[i].cipher[j].key_size, - tcrypt_cipher[i].cipher[j].iv_size, &hdr2); - if (r < 0) { - log_dbg("Error %s.", tcrypt_cipher[i].cipher[j].name); + r = decrypt_hdr_one(&tcrypt_cipher[i].cipher[j], + tcrypt_cipher[i].mode, key, &hdr2); + if (r < 0) break; - } + } + + if (r < 0) { + log_dbg("TCRYPT: returned error %d, skipped.", r); + if (r == -ENOTSUP) + break; + r = -ENOENT; + continue; } if (!strncmp(hdr2.d.magic, TCRYPT_HDR_MAGIC, TCRYPT_HDR_MAGIC_LEN)) { @@ -354,7 +416,6 @@ static int decrypt_hdr(struct crypt_device *cd, struct tcrypt_phdr *hdr, r = -EPERM; } - memset(one_key, 0, sizeof(*one_key)); return r; } @@ -405,7 +466,7 @@ static int TCRYPT_init_hdr(struct crypt_device *cd, unsigned char pwd[TCRYPT_KEY_POOL_LEN] = {}; size_t passphrase_size; char *key; - int r, i, legacy_modes; + int r = -EINVAL, i, legacy_modes, skipped = 0; if (posix_memalign((void*)&key, crypt_getpagesize(), TCRYPT_HDR_KEY_LEN)) return -ENOMEM; @@ -443,18 +504,30 @@ static int TCRYPT_init_hdr(struct crypt_device *cd, /* Decrypt header */ r = decrypt_hdr(cd, hdr, key, legacy_modes); + if (r == -ENOENT) { + skipped++; + continue; + } if (r != -EPERM) break; } + if (skipped == i || r == -ENOTSUP) + log_err(cd, _("Required kernel crypto interface not available.\n" + "Ensure you have algif_skcipher kernel module loaded.\n")); if (r < 0) goto out; r = hdr_from_disk(hdr, params, i, r); - if (r < 0) - goto out; - - hdr_info(cd, hdr, params); + if (!r) { + log_dbg("TCRYPT: Header version: %d, req. %d, sector %d" + ", mk_offset %" PRIu64 ", hidden_size %" PRIu64 + ", volume size %" PRIu64, (int)hdr->d.version, + (int)hdr->d.version_tc, (int)hdr->d.sector_size, + hdr->d.mk_offset, hdr->d.hidden_volume_size, hdr->d.volume_size); + log_dbg("TCRYPT: Header cipher %s-%s, key size %d", + params->cipher, params->mode, params->key_size); + } out: memset(pwd, 0, TCRYPT_KEY_POOL_LEN); if (key) @@ -469,35 +542,64 @@ int TCRYPT_read_phdr(struct crypt_device *cd, { struct device *device = crypt_metadata_device(cd); ssize_t hdr_size = sizeof(struct tcrypt_phdr); - int devfd = 0, r; + int devfd = 0, r, bs; assert(sizeof(struct tcrypt_phdr) == 512); log_dbg("Reading TCRYPT header of size %d bytes from device %s.", hdr_size, device_path(device)); + bs = device_block_size(device); + if (bs < 0) + return bs; + devfd = open(device_path(device), O_RDONLY | O_DIRECT); if (devfd == -1) { log_err(cd, _("Cannot open device %s.\n"), device_path(device)); return -EINVAL; } - if ((params->flags & CRYPT_TCRYPT_HIDDEN_HEADER) && - lseek(devfd, TCRYPT_HDR_HIDDEN_OFFSET, SEEK_SET) < 0) { - log_err(cd, _("Cannot seek to hidden header for %s.\n"), device_path(device)); - close(devfd); - return -EIO; - } - - if (read_blockwise(devfd, device_block_size(device), hdr, hdr_size) == hdr_size) + r = -EIO; + if (params->flags & CRYPT_TCRYPT_HIDDEN_HEADER) { + if (params->flags & CRYPT_TCRYPT_BACKUP_HEADER) { + if (lseek(devfd, TCRYPT_HDR_HIDDEN_OFFSET_BCK, SEEK_END) >= 0 && + read_blockwise(devfd, bs, hdr, hdr_size) == hdr_size) + r = TCRYPT_init_hdr(cd, hdr, params); + } else { + if (lseek(devfd, TCRYPT_HDR_HIDDEN_OFFSET, SEEK_SET) >= 0 && + read_blockwise(devfd, bs, hdr, hdr_size) == hdr_size) + r = TCRYPT_init_hdr(cd, hdr, params); + if (r && + lseek(devfd, TCRYPT_HDR_HIDDEN_OFFSET_OLD, SEEK_END) >= 0 && + read_blockwise(devfd, bs, hdr, hdr_size) == hdr_size) + r = TCRYPT_init_hdr(cd, hdr, params); + } + } else if (params->flags & CRYPT_TCRYPT_BACKUP_HEADER) { + if (lseek(devfd, TCRYPT_HDR_OFFSET_BCK, SEEK_END) >= 0 && + read_blockwise(devfd, bs, hdr, hdr_size) == hdr_size) + r = TCRYPT_init_hdr(cd, hdr, params); + } else if (read_blockwise(devfd, bs, hdr, hdr_size) == hdr_size) r = TCRYPT_init_hdr(cd, hdr, params); - else - r = -EIO; close(devfd); return r; } +static struct tcrypt_algs *get_algs(struct crypt_params_tcrypt *params) +{ + int i; + + if (!params->cipher || !params->mode) + return NULL; + + for (i = 0; tcrypt_cipher[i].chain_count; i++) + if (!strcmp(tcrypt_cipher[i].long_name, params->cipher) && + !strcmp(tcrypt_cipher[i].mode, params->mode)) + return &tcrypt_cipher[i]; + + return NULL; +} + int TCRYPT_activate(struct crypt_device *cd, const char *name, struct tcrypt_phdr *hdr, @@ -506,8 +608,8 @@ int TCRYPT_activate(struct crypt_device *cd, { char cipher[MAX_CIPHER_LEN], dm_name[PATH_MAX], dm_dev_name[PATH_MAX]; struct device *device = NULL; - int i, r, num_ciphers; - char cname[3][MAX_CIPHER_LEN]; + int i, r; + struct tcrypt_algs *algs; struct crypt_dm_active_device dmd = { .target = DM_CRYPT, .size = 0, @@ -519,35 +621,42 @@ int TCRYPT_activate(struct crypt_device *cd, } }; + if (!hdr->d.version) { + log_dbg("TCRYPT: this function is not supported without encrypted header load."); + return -ENOTSUP; + } + + if (hdr->d.sector_size && hdr->d.sector_size != SECTOR_SIZE) { + log_err(cd, _("Activation is not supported for %d sector size.\n"), + hdr->d.sector_size); + return -ENOTSUP; + } + if (strstr(params->mode, "-tcrypt")) { log_err(cd, _("Kernel doesn't support activation for this TCRYPT legacy mode.\n")); return -ENOTSUP; } + algs = get_algs(params); + if (!algs) + return -EINVAL; + + if (params->flags & CRYPT_TCRYPT_HIDDEN_HEADER) + dmd.size = hdr->d.hidden_volume_size / hdr->d.sector_size; + else + dmd.size = hdr->d.volume_size / hdr->d.sector_size; + r = device_block_adjust(cd, dmd.data_device, DEV_EXCL, dmd.u.crypt.offset, &dmd.size, &dmd.flags); if (r) return r; - /* Parse cipher chain from c1[-c2[-c3]] */ - cname[0][0] = cname[1][0] = cname[2][0] = '\0'; - num_ciphers = sscanf(params->cipher, "%" MAX_CIPHER_LEN_STR "[^-]-%" - MAX_CIPHER_LEN_STR "[^-]-%" - MAX_CIPHER_LEN_STR "s", - cname[0], cname[1], cname[2]); - if (num_ciphers < 1) - return -EINVAL; - /* Frome here, key size for every cipher must be the same */ - dmd.u.crypt.vk = crypt_alloc_volume_key(params->key_size / num_ciphers, NULL); + dmd.u.crypt.vk = crypt_alloc_volume_key(algs->cipher[0].key_size, NULL); if (!dmd.u.crypt.vk) return -ENOMEM; - for (i = 2; i >= 0; i--) { - - if (!cname[i][0]) - continue; - + for (i = algs->chain_count - 1; i >= 0; i--) { if (i == 0) { strncpy(dm_name, name, sizeof(dm_name)); dmd.flags = flags; @@ -557,11 +666,11 @@ int TCRYPT_activate(struct crypt_device *cd, } snprintf(cipher, sizeof(cipher), "%s-%s", - cname[i], params->mode); - copy_key(dmd.u.crypt.vk->key, hdr->d.keys, num_ciphers - 1, - params->key_size / num_ciphers, i, params->mode); + algs->cipher[i].name, algs->mode); - if ((num_ciphers -1) != i) { + copy_key(&algs->cipher[i], algs->mode, dmd.u.crypt.vk->key, hdr->d.keys); + + if ((algs->chain_count - 1) != i) { snprintf(dm_dev_name, sizeof(dm_dev_name), "%s/%s_%d", dm_get_dir(), name, i + 1); r = device_alloc(&device, dm_dev_name); @@ -642,7 +751,8 @@ out: static int status_one(struct crypt_device *cd, const char *name, const char *base_uuid, int index, - size_t *key_size, char *cipher) + size_t *key_size, char *cipher, uint64_t *data_offset, + struct device **device) { struct crypt_dm_active_device dmd = {}; char dm_name[PATH_MAX], *c; @@ -655,7 +765,8 @@ static int status_one(struct crypt_device *cd, const char *name, if (r < 0) return r; - r = dm_query_device(cd, dm_name, DM_ACTIVE_UUID | + r = dm_query_device(cd, dm_name, DM_ACTIVE_DEVICE | + DM_ACTIVE_UUID | DM_ACTIVE_CRYPT_CIPHER | DM_ACTIVE_CRYPT_KEYSIZE, &dmd); if (r > 0) @@ -666,8 +777,13 @@ static int status_one(struct crypt_device *cd, const char *name, strcat(cipher, "-"); strncat(cipher, dmd.u.crypt.cipher, MAX_CIPHER_LEN); *key_size += dmd.u.crypt.vk->keylength; - } else + *data_offset = dmd.u.crypt.offset * SECTOR_SIZE; + device_free(*device); + *device = dmd.data_device; + } else { + device_free(dmd.data_device); r = -ENODEV; + } free(CONST_CAST(void*)dmd.uuid); free(CONST_CAST(void*)dmd.u.crypt.cipher); @@ -677,6 +793,7 @@ static int status_one(struct crypt_device *cd, const char *name, int TCRYPT_init_by_name(struct crypt_device *cd, const char *name, const struct crypt_dm_active_device *dmd, + struct device **device, struct crypt_params_tcrypt *tcrypt_params, struct tcrypt_phdr *tcrypt_hdr) { @@ -684,6 +801,9 @@ int TCRYPT_init_by_name(struct crypt_device *cd, const char *name, memset(tcrypt_params, 0, sizeof(*tcrypt_params)); memset(tcrypt_hdr, 0, sizeof(*tcrypt_hdr)); + tcrypt_hdr->d.sector_size = SECTOR_SIZE; + tcrypt_hdr->d.mk_offset = dmd->u.crypt.offset * SECTOR_SIZE; + strncpy(cipher, dmd->u.crypt.cipher, MAX_CIPHER_LEN); if ((mode = strchr(cipher, '-'))) { @@ -692,9 +812,106 @@ int TCRYPT_init_by_name(struct crypt_device *cd, const char *name, } tcrypt_params->key_size = dmd->u.crypt.vk->keylength; - if (!status_one(cd, name, dmd->uuid, 1, &tcrypt_params->key_size, cipher)) - status_one(cd, name, dmd->uuid, 2, &tcrypt_params->key_size, cipher); + if (!status_one(cd, name, dmd->uuid, 1, &tcrypt_params->key_size, + cipher, &tcrypt_hdr->d.mk_offset, device)) + status_one(cd, name, dmd->uuid, 2, &tcrypt_params->key_size, + cipher, &tcrypt_hdr->d.mk_offset, device); tcrypt_params->cipher = strdup(cipher); return 0; } + +uint64_t TCRYPT_get_data_offset(struct crypt_device *cd, + struct tcrypt_phdr *hdr, + struct crypt_params_tcrypt *params) +{ + uint64_t size; + + if (params->mode && !strncmp(params->mode, "xts", 3)) { + if (hdr->d.version < 3) + return 1; + + if (params->flags & CRYPT_TCRYPT_HIDDEN_HEADER) { + if (hdr->d.version > 3) + return (hdr->d.mk_offset / hdr->d.sector_size); + if (device_size(crypt_metadata_device(cd), &size) < 0) + return 0; + return (size - hdr->d.hidden_volume_size + + (TCRYPT_HDR_HIDDEN_OFFSET_OLD)) / hdr->d.sector_size; + } + return (hdr->d.mk_offset / hdr->d.sector_size); + } + + if (params->flags & CRYPT_TCRYPT_HIDDEN_HEADER) { + if (device_size(crypt_metadata_device(cd), &size) < 0) + return 0; + return (size - hdr->d.hidden_volume_size + + (TCRYPT_HDR_HIDDEN_OFFSET_OLD)) / hdr->d.sector_size; + } + + // FIXME: system vol. + return hdr->d.mk_offset / hdr->d.sector_size; +} + +uint64_t TCRYPT_get_iv_offset(struct crypt_device *cd, + struct tcrypt_phdr *hdr, + struct crypt_params_tcrypt *params +) +{ + if (params->mode && !strncmp(params->mode, "xts", 3)) + return TCRYPT_get_data_offset(cd, hdr, params); + else if (params->mode && !strncmp(params->mode, "lrw", 3)) + return 0; + + return hdr->d.mk_offset / hdr->d.sector_size; +} + +int TCRYPT_get_volume_key(struct crypt_device *cd, + struct tcrypt_phdr *hdr, + struct crypt_params_tcrypt *params, + struct volume_key **vk) +{ + struct tcrypt_algs *algs; + int i, key_index; + + if (!hdr->d.version) { + log_dbg("TCRYPT: this function is not supported without encrypted header load."); + return -ENOTSUP; + } + + algs = get_algs(params); + if (!algs) + return -EINVAL; + + *vk = crypt_alloc_volume_key(params->key_size, NULL); + if (!*vk) + return -ENOMEM; + + for (i = 0, key_index = 0; i < algs->chain_count; i++) { + copy_key(&algs->cipher[i], algs->mode, + &(*vk)->key[key_index], hdr->d.keys); + key_index += algs->cipher[i].key_size; + } + + return 0; +} + +int TCRYPT_dump(struct crypt_device *cd, + struct tcrypt_phdr *hdr, + struct crypt_params_tcrypt *params) +{ + log_std(cd, "TCRYPT header information for %s\n", + device_path(crypt_metadata_device(cd))); + if (hdr->d.version) { + log_std(cd, "Version: \t%d\n", hdr->d.version); + log_std(cd, "Driver req.:\t%d\n", hdr->d.version_tc); + + log_std(cd, "Sector size:\t%" PRIu32 "\n", hdr->d.sector_size); + log_std(cd, "MK offset:\t%" PRIu64 "\n", hdr->d.mk_offset); + log_std(cd, "PBKDF2 hash:\t%s\n", params->hash_name); + } + log_std(cd, "Cipher chain:\t%s\n", params->cipher); + log_std(cd, "Cipher mode:\t%s\n", params->mode); + log_std(cd, "MK bits: \t%d\n", params->key_size * 8); + return 0; +}