X-Git-Url: http://review.tizen.org/git/?a=blobdiff_plain;f=lib%2Ftcrypt%2Ftcrypt.c;h=859f0ed740218086364d953eb5b7b6a057096a2d;hb=refs%2Ftags%2Fupstream%2F2.3.3;hp=69a70b49a5bbf8de50dd28757237109c65863a89;hpb=eac953c6e42ae7652b822ac906a7ee6bfc711cb4;p=platform%2Fupstream%2Fcryptsetup.git diff --git a/lib/tcrypt/tcrypt.c b/lib/tcrypt/tcrypt.c index 69a70b4..859f0ed 100644 --- a/lib/tcrypt/tcrypt.c +++ b/lib/tcrypt/tcrypt.c @@ -1,20 +1,21 @@ /* - * TCRYPT compatible volume handling + * TCRYPT (TrueCrypt-compatible) and VeraCrypt volume handling * - * Copyright (C) 2012, Red Hat, Inc. All rights reserved. - * Copyright (C) 2012, Milan Broz + * Copyright (C) 2012-2020 Red Hat, Inc. All rights reserved. + * Copyright (C) 2012-2020 Milan Broz * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License - * version 2 as published by the Free Software Foundation. + * This file is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. * - * This program is distributed in the hope that it will be useful, + * This file is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software + * You should have received a copy of the GNU Lesser General Public + * License along with this file; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ @@ -22,7 +23,6 @@ #include #include #include -#include #include #include "libcryptsetup.h" @@ -30,18 +30,29 @@ #include "internal.h" /* TCRYPT PBKDF variants */ -static struct { +static const struct { unsigned int legacy:1; - char *name; - char *hash; + unsigned int veracrypt:1; + const char *name; + const char *hash; unsigned int iterations; + uint32_t veracrypt_pim_const; + uint32_t veracrypt_pim_mult; } tcrypt_kdf[] = { - { 0, "pbkdf2", "ripemd160", 2000 }, - { 0, "pbkdf2", "ripemd160", 1000 }, - { 0, "pbkdf2", "sha512", 1000 }, - { 0, "pbkdf2", "whirlpool", 1000 }, - { 1, "pbkdf2", "sha1", 2000 }, - { 0, NULL, NULL, 0 } + { 0, 0, "pbkdf2", "ripemd160", 2000, 0, 0 }, + { 0, 0, "pbkdf2", "ripemd160", 1000, 0, 0 }, + { 0, 0, "pbkdf2", "sha512", 1000, 0, 0 }, + { 0, 0, "pbkdf2", "whirlpool", 1000, 0, 0 }, + { 1, 0, "pbkdf2", "sha1", 2000, 0, 0 }, + { 0, 1, "pbkdf2", "sha512", 500000, 15000, 1000 }, + { 0, 1, "pbkdf2", "whirlpool", 500000, 15000, 1000 }, + { 0, 1, "pbkdf2", "sha256", 500000, 15000, 1000 }, // VeraCrypt 1.0f + { 0, 1, "pbkdf2", "sha256", 200000, 0, 2048 }, // boot only + { 0, 1, "pbkdf2", "ripemd160", 655331, 15000, 1000 }, + { 0, 1, "pbkdf2", "ripemd160", 327661, 0, 2048 }, // boot only + { 0, 1, "pbkdf2", "stribog512",500000, 15000, 1000 }, +// { 0, 1, "pbkdf2", "stribog512",200000, 0, 2048 }, // boot only + { 0, 0, NULL, NULL, 0, 0, 0 } }; struct tcrypt_alg { @@ -50,6 +61,7 @@ struct tcrypt_alg { unsigned int iv_size; unsigned int key_offset; unsigned int iv_offset; /* or tweak key offset */ + unsigned int key_extra_size; }; struct tcrypt_algs { @@ -65,107 +77,134 @@ struct tcrypt_algs { static struct tcrypt_algs tcrypt_cipher[] = { /* XTS mode */ {0,1,64,"aes","xts-plain64", - {{"aes", 64,16,0,32}}}, + {{"aes", 64,16,0,32,0}}}, {0,1,64,"serpent","xts-plain64", - {{"serpent",64,16,0,32}}}, + {{"serpent",64,16,0,32,0}}}, {0,1,64,"twofish","xts-plain64", - {{"twofish",64,16,0,32}}}, + {{"twofish",64,16,0,32,0}}}, {0,2,128,"twofish-aes","xts-plain64", - {{"twofish",64,16, 0,64}, - {"aes", 64,16,32,96}}}, + {{"twofish",64,16, 0,64,0}, + {"aes", 64,16,32,96,0}}}, {0,3,192,"serpent-twofish-aes","xts-plain64", - {{"serpent",64,16, 0, 96}, - {"twofish",64,16,32,128}, - {"aes", 64,16,64,160}}}, + {{"serpent",64,16, 0, 96,0}, + {"twofish",64,16,32,128,0}, + {"aes", 64,16,64,160,0}}}, {0,2,128,"aes-serpent","xts-plain64", - {{"aes", 64,16, 0,64}, - {"serpent",64,16,32,96}}}, + {{"aes", 64,16, 0,64,0}, + {"serpent",64,16,32,96,0}}}, {0,3,192,"aes-twofish-serpent","xts-plain64", - {{"aes", 64,16, 0, 96}, - {"twofish",64,16,32,128}, - {"serpent",64,16,64,160}}}, + {{"aes", 64,16, 0, 96,0}, + {"twofish",64,16,32,128,0}, + {"serpent",64,16,64,160,0}}}, {0,2,128,"serpent-twofish","xts-plain64", - {{"serpent",64,16, 0,64}, - {"twofish",64,16,32,96}}}, + {{"serpent",64,16, 0,64,0}, + {"twofish",64,16,32,96,0}}}, +{0,1,64,"camellia","xts-plain64", + {{"camellia", 64,16,0,32,0}}}, +{0,1,64,"kuznyechik","xts-plain64", + {{"kuznyechik", 64,16,0,32,0}}}, +{0,2,128,"kuznyechik-camellia","xts-plain64", + {{"kuznyechik",64,16, 0,64,0}, + {"camellia", 64,16,32,96,0}}}, +{0,2,128,"twofish-kuznyechik","xts-plain64", + {{"twofish", 64,16, 0,64,0}, + {"kuznyechik",64,16,32,96,0}}}, +{0,2,128,"serpent-camellia","xts-plain64", + {{"serpent", 64,16, 0,64,0}, + {"camellia", 64,16,32,96,0}}}, +{0,2,128,"aes-kuznyechik","xts-plain64", + {{"aes", 64,16, 0,64,0}, + {"kuznyechik",64,16,32,96,0}}}, +{0,3,192,"camellia-serpent-kuznyechik","xts-plain64", + {{"camellia", 64,16, 0, 96,0}, + {"serpent", 64,16,32,128,0}, + {"kuznyechik",64,16,64,160,0}}}, + /* LRW mode */ {0,1,48,"aes","lrw-benbi", - {{"aes", 48,16,32,0}}}, + {{"aes", 48,16,32,0,0}}}, {0,1,48,"serpent","lrw-benbi", - {{"serpent",48,16,32,0}}}, + {{"serpent",48,16,32,0,0}}}, {0,1,48,"twofish","lrw-benbi", - {{"twofish",48,16,32,0}}}, + {{"twofish",48,16,32,0,0}}}, {0,2,96,"twofish-aes","lrw-benbi", - {{"twofish",48,16,32,0}, - {"aes", 48,16,64,0}}}, + {{"twofish",48,16,32,0,0}, + {"aes", 48,16,64,0,0}}}, {0,3,144,"serpent-twofish-aes","lrw-benbi", - {{"serpent",48,16,32,0}, - {"twofish",48,16,64,0}, - {"aes", 48,16,96,0}}}, + {{"serpent",48,16,32,0,0}, + {"twofish",48,16,64,0,0}, + {"aes", 48,16,96,0,0}}}, {0,2,96,"aes-serpent","lrw-benbi", - {{"aes", 48,16,32,0}, - {"serpent",48,16,64,0}}}, + {{"aes", 48,16,32,0,0}, + {"serpent",48,16,64,0,0}}}, {0,3,144,"aes-twofish-serpent","lrw-benbi", - {{"aes", 48,16,32,0}, - {"twofish",48,16,64,0}, - {"serpent",48,16,96,0}}}, + {{"aes", 48,16,32,0,0}, + {"twofish",48,16,64,0,0}, + {"serpent",48,16,96,0,0}}}, {0,2,96,"serpent-twofish", "lrw-benbi", - {{"serpent",48,16,32,0}, - {"twofish",48,16,64,0}}}, + {{"serpent",48,16,32,0,0}, + {"twofish",48,16,64,0,0}}}, + /* Kernel LRW block size is fixed to 16 bytes for GF(2^128) * thus cannot be used with blowfish where block is 8 bytes. * There also no GF(2^64) support. {1,1,64,"blowfish_le","lrw-benbi", - {{"blowfish_le",64,8,32,0}}}, + {{"blowfish_le",64,8,32,0,0}}}, {1,2,112,"blowfish_le-aes","lrw-benbi", - {{"blowfish_le",64, 8,32,0}, - {"aes", 48,16,88,0}}}, + {{"blowfish_le",64, 8,32,0,0}, + {"aes", 48,16,88,0,0}}}, {1,3,160,"serpent-blowfish_le-aes","lrw-benbi", - {{"serpent", 48,16, 32,0}, - {"blowfish_le",64, 8, 64,0}, - {"aes", 48,16,120,0}}},*/ -/* CBC + "outer" CBC (both with whitening) */ -{1,1,32,"aes","cbc-tcrypt", - {{"aes", 32,16,32,0}}}, -{1,1,32,"serpent","cbc-tcrypt", - {{"serpent",32,16,32,0}}}, -{1,1,32,"twofish","cbc-tcrypt", - {{"twofish",32,16,32,0}}}, -{1,2,64,"twofish-aes","cbci-tcrypt", - {{"twofish",32,16,32,0}, - {"aes", 32,16,64,0}}}, -{1,3,96,"serpent-twofish-aes","cbci-tcrypt", - {{"serpent",32,16,32,0}, - {"twofish",32,16,64,0}, - {"aes", 32,16,96,0}}}, -{1,2,64,"aes-serpent","cbci-tcrypt", - {{"aes", 32,16,32,0}, - {"serpent",32,16,64,0}}}, -{1,3,96,"aes-twofish-serpent", "cbci-tcrypt", - {{"aes", 32,16,32,0}, - {"twofish",32,16,64,0}, - {"serpent",32,16,96,0}}}, -{1,2,64,"serpent-twofish", "cbci-tcrypt", - {{"serpent",32,16,32,0}, - {"twofish",32,16,64,0}}}, -{1,1,16,"cast5","cbc-tcrypt", - {{"cast5", 16,8,32,0}}}, -{1,1,24,"des3_ede","cbc-tcrypt", - {{"des3_ede",24,8,32,0}}}, -{1,1,56,"blowfish_le","cbc-tcrypt", - {{"blowfish_le",56,8,32,0}}}, -{1,2,88,"blowfish_le-aes","cbc-tcrypt", - {{"blowfish_le",56, 8,32,0}, - {"aes", 32,16,88,0}}}, -{1,3,120,"serpent-blowfish_le-aes","cbc-tcrypt", - {{"serpent", 32,16, 32,0}, - {"blowfish_le",56, 8, 64,0}, - {"aes", 32,16,120,0}}}, + {{"serpent", 48,16, 32,0,0}, + {"blowfish_le",64, 8, 64,0,0}, + {"aes", 48,16,120,0,0}}},*/ + +/* + * CBC + "outer" CBC (both with whitening) + * chain_key_size: alg_keys_bytes + IV_seed_bytes + whitening_bytes + */ +{1,1,32+16+16,"aes","cbc-tcw", + {{"aes", 32,16,32,0,32}}}, +{1,1,32+16+16,"serpent","cbc-tcw", + {{"serpent",32,16,32,0,32}}}, +{1,1,32+16+16,"twofish","cbc-tcw", + {{"twofish",32,16,32,0,32}}}, +{1,2,64+16+16,"twofish-aes","cbci-tcrypt", + {{"twofish",32,16,32,0,0}, + {"aes", 32,16,64,0,32}}}, +{1,3,96+16+16,"serpent-twofish-aes","cbci-tcrypt", + {{"serpent",32,16,32,0,0}, + {"twofish",32,16,64,0,0}, + {"aes", 32,16,96,0,32}}}, +{1,2,64+16+16,"aes-serpent","cbci-tcrypt", + {{"aes", 32,16,32,0,0}, + {"serpent",32,16,64,0,32}}}, +{1,3,96+16+16,"aes-twofish-serpent", "cbci-tcrypt", + {{"aes", 32,16,32,0,0}, + {"twofish",32,16,64,0,0}, + {"serpent",32,16,96,0,32}}}, +{1,2,64+16+16,"serpent-twofish", "cbci-tcrypt", + {{"serpent",32,16,32,0,0}, + {"twofish",32,16,64,0,32}}}, +{1,1,16+8+16,"cast5","cbc-tcw", + {{"cast5", 16,8,32,0,24}}}, +{1,1,24+8+16,"des3_ede","cbc-tcw", + {{"des3_ede",24,8,32,0,24}}}, +{1,1,56+8+16,"blowfish_le","cbc-tcrypt", + {{"blowfish_le",56,8,32,0,24}}}, +{1,2,88+16+16,"blowfish_le-aes","cbc-tcrypt", + {{"blowfish_le",56, 8,32,0,0}, + {"aes", 32,16,88,0,32}}}, +{1,3,120+16+16,"serpent-blowfish_le-aes","cbc-tcrypt", + {{"serpent", 32,16, 32,0,0}, + {"blowfish_le",56, 8, 64,0,0}, + {"aes", 32,16,120,0,32}}}, {} }; -static int hdr_from_disk(struct tcrypt_phdr *hdr, - struct crypt_params_tcrypt *params, - int kdf_index, int cipher_index) +static int TCRYPT_hdr_from_disk(struct crypt_device *cd, + struct tcrypt_phdr *hdr, + struct crypt_params_tcrypt *params, + int kdf_index, int cipher_index) { uint32_t crc32; size_t size; @@ -175,20 +214,20 @@ static int hdr_from_disk(struct tcrypt_phdr *hdr, crc32 = crypt_crc32(~0, (unsigned char*)&hdr->d, size) ^ ~0; if (be16_to_cpu(hdr->d.version) > 3 && crc32 != be32_to_cpu(hdr->d.header_crc32)) { - log_dbg("TCRYPT header CRC32 mismatch."); + log_dbg(cd, "TCRYPT header CRC32 mismatch."); return -EINVAL; } /* Check CRC32 of keys */ crc32 = crypt_crc32(~0, (unsigned char*)hdr->d.keys, sizeof(hdr->d.keys)) ^ ~0; if (crc32 != be32_to_cpu(hdr->d.keys_crc32)) { - log_dbg("TCRYPT keys CRC32 mismatch."); + log_dbg(cd, "TCRYPT keys CRC32 mismatch."); return -EINVAL; } /* Convert header to cpu format */ hdr->d.version = be16_to_cpu(hdr->d.version); - hdr->d.version_tc = le16_to_cpu(hdr->d.version_tc); + hdr->d.version_tc = be16_to_cpu(hdr->d.version_tc); hdr->d.keys_crc32 = be32_to_cpu(hdr->d.keys_crc32); @@ -223,7 +262,7 @@ static int hdr_from_disk(struct tcrypt_phdr *hdr, /* * Kernel implements just big-endian version of blowfish, hack it here */ -static void blowfish_le(char *buf) +static void TCRYPT_swab_le(char *buf) { uint32_t *l = (uint32_t*)&buf[0]; uint32_t *r = (uint32_t*)&buf[4]; @@ -234,9 +273,9 @@ static void blowfish_le(char *buf) static int decrypt_blowfish_le_cbc(struct tcrypt_alg *alg, const char *key, char *buf) { - char iv[alg->iv_size], iv_old[alg->iv_size]; - struct crypt_cipher *cipher = NULL; int bs = alg->iv_size; + char iv[bs], iv_old[bs]; + struct crypt_cipher *cipher = NULL; int i, j, r; assert(bs == 2*sizeof(uint32_t)); @@ -249,10 +288,10 @@ static int decrypt_blowfish_le_cbc(struct tcrypt_alg *alg, memcpy(iv, &key[alg->iv_offset], alg->iv_size); for (i = 0; i < TCRYPT_HDR_LEN; i += bs) { memcpy(iv_old, &buf[i], bs); - blowfish_le(&buf[i]); + TCRYPT_swab_le(&buf[i]); r = crypt_cipher_decrypt(cipher, &buf[i], &buf[i], bs, NULL, 0); - blowfish_le(&buf[i]); + TCRYPT_swab_le(&buf[i]); if (r < 0) break; for (j = 0; j < bs; j++) @@ -261,10 +300,12 @@ static int decrypt_blowfish_le_cbc(struct tcrypt_alg *alg, } crypt_cipher_destroy(cipher); + crypt_safe_memzero(iv, bs); + crypt_safe_memzero(iv_old, bs); return r; } -static void remove_whitening(char *buf, const char *key) +static void TCRYPT_remove_whitening(char *buf, const char *key) { int j; @@ -272,8 +313,8 @@ static void remove_whitening(char *buf, const char *key) buf[j] ^= key[j % 8]; } -static void copy_key(struct tcrypt_alg *alg, const char *mode, - char *out_key, const char *key) +static void TCRYPT_copy_key(struct tcrypt_alg *alg, const char *mode, + char *out_key, const char *key) { int ks2; if (!strncmp(mode, "xts", 3)) { @@ -286,20 +327,24 @@ static void copy_key(struct tcrypt_alg *alg, const char *mode, memcpy(&out_key[ks2], key, TCRYPT_LRW_IKEY_LEN); } else if (!strncmp(mode, "cbc", 3)) { memcpy(out_key, &key[alg->key_offset], alg->key_size); + /* IV + whitening */ + memcpy(&out_key[alg->key_size], &key[alg->iv_offset], + alg->key_extra_size); } } -static int decrypt_hdr_one(struct tcrypt_alg *alg, const char *mode, - const char *key,struct tcrypt_phdr *hdr) +static int TCRYPT_decrypt_hdr_one(struct tcrypt_alg *alg, const char *mode, + const char *key,struct tcrypt_phdr *hdr) { char backend_key[TCRYPT_HDR_KEY_LEN]; char iv[TCRYPT_HDR_IV_LEN] = {}; - char mode_name[MAX_CIPHER_LEN]; + char mode_name[MAX_CIPHER_LEN + 1]; struct crypt_cipher *cipher; char *c, *buf = (char*)&hdr->e; int r; /* Remove IV if present */ + mode_name[MAX_CIPHER_LEN] = '\0'; strncpy(mode_name, mode, MAX_CIPHER_LEN); c = strchr(mode_name, '-'); if (c) @@ -308,42 +353,46 @@ static int decrypt_hdr_one(struct tcrypt_alg *alg, const char *mode, if (!strncmp(mode, "lrw", 3)) iv[alg->iv_size - 1] = 1; else if (!strncmp(mode, "cbc", 3)) { - remove_whitening(buf, &key[8]); + TCRYPT_remove_whitening(buf, &key[8]); if (!strcmp(alg->name, "blowfish_le")) return decrypt_blowfish_le_cbc(alg, key, buf); memcpy(iv, &key[alg->iv_offset], alg->iv_size); } - copy_key(alg, mode, backend_key, key); + TCRYPT_copy_key(alg, mode, backend_key, key); r = crypt_cipher_init(&cipher, alg->name, mode_name, backend_key, alg->key_size); - memset(backend_key, 0, sizeof(backend_key)); - if (r < 0) - return r; - - r = crypt_cipher_decrypt(cipher, buf, buf, TCRYPT_HDR_LEN, iv, alg->iv_size); - crypt_cipher_destroy(cipher); + if (!r) { + r = crypt_cipher_decrypt(cipher, buf, buf, TCRYPT_HDR_LEN, + iv, alg->iv_size); + crypt_cipher_destroy(cipher); + } + crypt_safe_memzero(backend_key, sizeof(backend_key)); + crypt_safe_memzero(iv, TCRYPT_HDR_IV_LEN); return r; } /* - * For chanined ciphers and CBC mode we need "outer" decryption. + * For chained ciphers and CBC mode we need "outer" decryption. * Backend doesn't provide this, so implement it here directly using ECB. */ -static int decrypt_hdr_cbci(struct tcrypt_algs *ciphers, - const char *key, struct tcrypt_phdr *hdr) +static int TCRYPT_decrypt_cbci(struct tcrypt_algs *ciphers, + const char *key, struct tcrypt_phdr *hdr) { struct crypt_cipher *cipher[ciphers->chain_count]; - int bs = ciphers->cipher[0].iv_size; + unsigned int bs = ciphers->cipher[0].iv_size; char *buf = (char*)&hdr->e, iv[bs], iv_old[bs]; - int i, j, r = -EINVAL; + unsigned int i, j; + int r = -EINVAL; - remove_whitening(buf, &key[8]); + TCRYPT_remove_whitening(buf, &key[8]); memcpy(iv, &key[ciphers->cipher[0].iv_offset], bs); /* Initialize all ciphers in chain in ECB mode */ + for (j = 0; j < ciphers->chain_count; j++) + cipher[j] = NULL; for (j = 0; j < ciphers->chain_count; j++) { r = crypt_cipher_init(&cipher[j], ciphers->cipher[j].name, "ecb", &key[ciphers->cipher[j].key_offset], @@ -355,8 +404,8 @@ static int decrypt_hdr_cbci(struct tcrypt_algs *ciphers, /* Implements CBC with chained ciphers in loop inside */ for (i = 0; i < TCRYPT_HDR_LEN; i += bs) { memcpy(iv_old, &buf[i], bs); - for (j = ciphers->chain_count - 1; j >= 0; j--) { - r = crypt_cipher_decrypt(cipher[j], &buf[i], &buf[i], + for (j = ciphers->chain_count; j > 0; j--) { + r = crypt_cipher_decrypt(cipher[j - 1], &buf[i], &buf[i], bs, NULL, 0); if (r < 0) goto out; @@ -370,36 +419,38 @@ out: if (cipher[j]) crypt_cipher_destroy(cipher[j]); + crypt_safe_memzero(iv, bs); + crypt_safe_memzero(iv_old, bs); return r; } -static int decrypt_hdr(struct crypt_device *cd, struct tcrypt_phdr *hdr, - const char *key, int legacy_modes) +static int TCRYPT_decrypt_hdr(struct crypt_device *cd, struct tcrypt_phdr *hdr, + const char *key, uint32_t flags) { struct tcrypt_phdr hdr2; - int i, j, r; + int i, j, r = -EINVAL; for (i = 0; tcrypt_cipher[i].chain_count; i++) { - if (!legacy_modes && tcrypt_cipher[i].legacy) + if (!(flags & CRYPT_TCRYPT_LEGACY_MODES) && tcrypt_cipher[i].legacy) continue; - log_dbg("TCRYPT: trying cipher %s-%s", + log_dbg(cd, "TCRYPT: trying cipher %s-%s", tcrypt_cipher[i].long_name, tcrypt_cipher[i].mode); memcpy(&hdr2.e, &hdr->e, TCRYPT_HDR_LEN); if (!strncmp(tcrypt_cipher[i].mode, "cbci", 4)) - r = decrypt_hdr_cbci(&tcrypt_cipher[i], key, &hdr2); + r = TCRYPT_decrypt_cbci(&tcrypt_cipher[i], key, &hdr2); else for (j = tcrypt_cipher[i].chain_count - 1; j >= 0 ; j--) { if (!tcrypt_cipher[i].cipher[j].name) continue; - r = decrypt_hdr_one(&tcrypt_cipher[i].cipher[j], + r = TCRYPT_decrypt_hdr_one(&tcrypt_cipher[i].cipher[j], tcrypt_cipher[i].mode, key, &hdr2); if (r < 0) break; } if (r < 0) { - log_dbg("TCRYPT: returned error %d, skipped.", r); + log_dbg(cd, "TCRYPT: returned error %d, skipped.", r); if (r == -ENOTSUP) break; r = -ENOENT; @@ -407,78 +458,107 @@ static int decrypt_hdr(struct crypt_device *cd, struct tcrypt_phdr *hdr, } if (!strncmp(hdr2.d.magic, TCRYPT_HDR_MAGIC, TCRYPT_HDR_MAGIC_LEN)) { - log_dbg("TCRYPT: Signature magic detected."); + log_dbg(cd, "TCRYPT: Signature magic detected."); + memcpy(&hdr->e, &hdr2.e, TCRYPT_HDR_LEN); + r = i; + break; + } + if ((flags & CRYPT_TCRYPT_VERA_MODES) && + !strncmp(hdr2.d.magic, VCRYPT_HDR_MAGIC, TCRYPT_HDR_MAGIC_LEN)) { + log_dbg(cd, "TCRYPT: Signature magic detected (Veracrypt)."); memcpy(&hdr->e, &hdr2.e, TCRYPT_HDR_LEN); - memset(&hdr2.e, 0, TCRYPT_HDR_LEN); r = i; break; } r = -EPERM; } + crypt_safe_memzero(&hdr2, sizeof(hdr2)); return r; } -static int pool_keyfile(struct crypt_device *cd, - unsigned char pool[TCRYPT_KEY_POOL_LEN], - const char *keyfile) +static int TCRYPT_pool_keyfile(struct crypt_device *cd, + unsigned char pool[VCRYPT_KEY_POOL_LEN], + const char *keyfile, int keyfiles_pool_length) { - unsigned char data[TCRYPT_KEYFILE_LEN]; - int i, j, fd, data_size; + unsigned char *data; + int i, j, fd, data_size, r = -EIO; uint32_t crc; - unsigned char *crc_c = (unsigned char*)&crc; - log_dbg("TCRYPT: using keyfile %s.", keyfile); + log_dbg(cd, "TCRYPT: using keyfile %s.", keyfile); + + data = malloc(TCRYPT_KEYFILE_LEN); + if (!data) + return -ENOMEM; + memset(data, 0, TCRYPT_KEYFILE_LEN); fd = open(keyfile, O_RDONLY); if (fd < 0) { - log_err(cd, _("Failed to open key file.\n")); - return -EIO; + log_err(cd, _("Failed to open key file.")); + goto out; } - /* FIXME: add while */ - data_size = read(fd, data, TCRYPT_KEYFILE_LEN); + data_size = read_buffer(fd, data, TCRYPT_KEYFILE_LEN); close(fd); if (data_size < 0) { - log_err(cd, _("Error reading keyfile %s.\n"), keyfile); - return -EIO; + log_err(cd, _("Error reading keyfile %s."), keyfile); + goto out; } for (i = 0, j = 0, crc = ~0U; i < data_size; i++) { crc = crypt_crc32(crc, &data[i], 1); - pool[j++] += crc_c[3]; - pool[j++] += crc_c[2]; - pool[j++] += crc_c[1]; - pool[j++] += crc_c[0]; - j %= TCRYPT_KEY_POOL_LEN; + pool[j++] += (unsigned char)(crc >> 24); + pool[j++] += (unsigned char)(crc >> 16); + pool[j++] += (unsigned char)(crc >> 8); + pool[j++] += (unsigned char)(crc); + j %= keyfiles_pool_length; } + r = 0; +out: + crypt_safe_memzero(&crc, sizeof(crc)); + crypt_safe_memzero(data, TCRYPT_KEYFILE_LEN); + free(data); - crc = 0; - memset(data, 0, TCRYPT_KEYFILE_LEN); - - return 0; + return r; } static int TCRYPT_init_hdr(struct crypt_device *cd, struct tcrypt_phdr *hdr, struct crypt_params_tcrypt *params) { - unsigned char pwd[TCRYPT_KEY_POOL_LEN] = {}; - size_t passphrase_size; + unsigned char pwd[VCRYPT_KEY_POOL_LEN] = {}; + size_t passphrase_size, max_passphrase_size; char *key; - int r = -EINVAL, i, legacy_modes, skipped = 0; + unsigned int i, skipped = 0, iterations; + int r = -EPERM, keyfiles_pool_length; if (posix_memalign((void*)&key, crypt_getpagesize(), TCRYPT_HDR_KEY_LEN)) return -ENOMEM; + if (params->flags & CRYPT_TCRYPT_VERA_MODES && + params->passphrase_size > TCRYPT_KEY_POOL_LEN) { + /* Really. Keyfile pool length depends on passphrase size in Veracrypt. */ + max_passphrase_size = VCRYPT_KEY_POOL_LEN; + keyfiles_pool_length = VCRYPT_KEY_POOL_LEN; + } else { + max_passphrase_size = TCRYPT_KEY_POOL_LEN; + keyfiles_pool_length = TCRYPT_KEY_POOL_LEN; + } + if (params->keyfiles_count) - passphrase_size = TCRYPT_KEY_POOL_LEN; + passphrase_size = max_passphrase_size; else passphrase_size = params->passphrase_size; + if (params->passphrase_size > max_passphrase_size) { + log_err(cd, _("Maximum TCRYPT passphrase length (%zu) exceeded."), + max_passphrase_size); + goto out; + } + /* Calculate pool content from keyfiles */ for (i = 0; i < params->keyfiles_count; i++) { - r = pool_keyfile(cd, pwd, params->keyfiles[i]); + r = TCRYPT_pool_keyfile(cd, pwd, params->keyfiles[i], keyfiles_pool_length); if (r < 0) goto out; } @@ -487,51 +567,70 @@ static int TCRYPT_init_hdr(struct crypt_device *cd, for (i = 0; i < params->passphrase_size; i++) pwd[i] += params->passphrase[i]; - legacy_modes = params->flags & CRYPT_TCRYPT_LEGACY_MODES ? 1 : 0; for (i = 0; tcrypt_kdf[i].name; i++) { - if (!legacy_modes && tcrypt_kdf[i].legacy) + if (!(params->flags & CRYPT_TCRYPT_LEGACY_MODES) && tcrypt_kdf[i].legacy) + continue; + if (!(params->flags & CRYPT_TCRYPT_VERA_MODES) && tcrypt_kdf[i].veracrypt) continue; + if ((params->flags & CRYPT_TCRYPT_VERA_MODES) && params->veracrypt_pim) { + /* Do not try TrueCrypt modes if we have PIM value */ + if (!tcrypt_kdf[i].veracrypt) + continue; + /* adjust iterations to given PIM cmdline parameter */ + iterations = tcrypt_kdf[i].veracrypt_pim_const + + (tcrypt_kdf[i].veracrypt_pim_mult * params->veracrypt_pim); + } else + iterations = tcrypt_kdf[i].iterations; + /* Derive header key */ - log_dbg("TCRYPT: trying KDF: %s-%s-%d.", - tcrypt_kdf[i].name, tcrypt_kdf[i].hash, tcrypt_kdf[i].iterations); + log_dbg(cd, "TCRYPT: trying KDF: %s-%s-%d%s.", + tcrypt_kdf[i].name, tcrypt_kdf[i].hash, tcrypt_kdf[i].iterations, + params->veracrypt_pim && tcrypt_kdf[i].veracrypt ? "-PIM" : ""); r = crypt_pbkdf(tcrypt_kdf[i].name, tcrypt_kdf[i].hash, (char*)pwd, passphrase_size, hdr->salt, TCRYPT_HDR_SALT_LEN, key, TCRYPT_HDR_KEY_LEN, - tcrypt_kdf[i].iterations); - if (r < 0) - break; + iterations, 0, 0); + if (r < 0) { + log_verbose(cd, _("PBKDF2 hash algorithm %s not available, skipping."), + tcrypt_kdf[i].hash); + continue; + } /* Decrypt header */ - r = decrypt_hdr(cd, hdr, key, legacy_modes); + r = TCRYPT_decrypt_hdr(cd, hdr, key, params->flags); if (r == -ENOENT) { skipped++; - continue; + r = -EPERM; } if (r != -EPERM) break; } - if (skipped == i || r == -ENOTSUP) - log_err(cd, _("Required kernel crypto interface not available.\n" - "Ensure you have algif_skcipher kernel module loaded.\n")); + if ((r < 0 && r != -EPERM && skipped && skipped == i) || r == -ENOTSUP) { + log_err(cd, _("Required kernel crypto interface not available.")); +#ifdef ENABLE_AF_ALG + log_err(cd, _("Ensure you have algif_skcipher kernel module loaded.")); +#endif + } if (r < 0) goto out; - r = hdr_from_disk(hdr, params, i, r); + r = TCRYPT_hdr_from_disk(cd, hdr, params, i, r); if (!r) { - log_dbg("TCRYPT: Header version: %d, req. %d, sector %d" + log_dbg(cd, "TCRYPT: Magic: %s, Header version: %d, req. %d, sector %d" ", mk_offset %" PRIu64 ", hidden_size %" PRIu64 - ", volume size %" PRIu64, (int)hdr->d.version, - (int)hdr->d.version_tc, (int)hdr->d.sector_size, + ", volume size %" PRIu64, tcrypt_kdf[i].veracrypt ? + VCRYPT_HDR_MAGIC : TCRYPT_HDR_MAGIC, + (int)hdr->d.version, (int)hdr->d.version_tc, (int)hdr->d.sector_size, hdr->d.mk_offset, hdr->d.hidden_volume_size, hdr->d.volume_size); - log_dbg("TCRYPT: Header cipher %s-%s, key size %d", + log_dbg(cd, "TCRYPT: Header cipher %s-%s, key size %zu", params->cipher, params->mode, params->key_size); } out: - memset(pwd, 0, TCRYPT_KEY_POOL_LEN); + crypt_safe_memzero(pwd, TCRYPT_KEY_POOL_LEN); if (key) - memset(key, 0, TCRYPT_HDR_KEY_LEN); + crypt_safe_memzero(key, TCRYPT_HDR_KEY_LEN); free(key); return r; } @@ -540,61 +639,86 @@ int TCRYPT_read_phdr(struct crypt_device *cd, struct tcrypt_phdr *hdr, struct crypt_params_tcrypt *params) { - struct device *device = crypt_metadata_device(cd); + struct device *base_device = NULL, *device = crypt_metadata_device(cd); ssize_t hdr_size = sizeof(struct tcrypt_phdr); - int devfd = 0, r, bs; + char *base_device_path; + int devfd, r; assert(sizeof(struct tcrypt_phdr) == 512); - log_dbg("Reading TCRYPT header of size %d bytes from device %s.", + log_dbg(cd, "Reading TCRYPT header of size %zu bytes from device %s.", hdr_size, device_path(device)); - bs = device_block_size(device); - if (bs < 0) - return bs; + if (params->flags & CRYPT_TCRYPT_SYSTEM_HEADER && + crypt_dev_is_partition(device_path(device))) { + base_device_path = crypt_get_base_device(device_path(device)); + + log_dbg(cd, "Reading TCRYPT system header from device %s.", base_device_path ?: "?"); + if (!base_device_path) + return -EINVAL; - devfd = open(device_path(device), O_RDONLY | O_DIRECT); - if (devfd == -1) { - log_err(cd, _("Cannot open device %s.\n"), device_path(device)); + r = device_alloc(cd, &base_device, base_device_path); + free(base_device_path); + if (r < 0) + return r; + devfd = device_open(cd, base_device, O_RDONLY); + } else + devfd = device_open(cd, device, O_RDONLY); + + if (devfd < 0) { + device_free(cd, base_device); + log_err(cd, _("Cannot open device %s."), device_path(device)); return -EINVAL; } r = -EIO; - if (params->flags & CRYPT_TCRYPT_HIDDEN_HEADER) { + if (params->flags & CRYPT_TCRYPT_SYSTEM_HEADER) { + if (read_lseek_blockwise(devfd, device_block_size(cd, device), + device_alignment(device), hdr, hdr_size, + TCRYPT_HDR_SYSTEM_OFFSET) == hdr_size) { + r = TCRYPT_init_hdr(cd, hdr, params); + } + } else if (params->flags & CRYPT_TCRYPT_HIDDEN_HEADER) { if (params->flags & CRYPT_TCRYPT_BACKUP_HEADER) { - if (lseek(devfd, TCRYPT_HDR_HIDDEN_OFFSET_BCK, SEEK_END) >= 0 && - read_blockwise(devfd, bs, hdr, hdr_size) == hdr_size) + if (read_lseek_blockwise(devfd, device_block_size(cd, device), + device_alignment(device), hdr, hdr_size, + TCRYPT_HDR_HIDDEN_OFFSET_BCK) == hdr_size) r = TCRYPT_init_hdr(cd, hdr, params); } else { - if (lseek(devfd, TCRYPT_HDR_HIDDEN_OFFSET, SEEK_SET) >= 0 && - read_blockwise(devfd, bs, hdr, hdr_size) == hdr_size) + if (read_lseek_blockwise(devfd, device_block_size(cd, device), + device_alignment(device), hdr, hdr_size, + TCRYPT_HDR_HIDDEN_OFFSET) == hdr_size) r = TCRYPT_init_hdr(cd, hdr, params); - if (r && - lseek(devfd, TCRYPT_HDR_HIDDEN_OFFSET_OLD, SEEK_END) >= 0 && - read_blockwise(devfd, bs, hdr, hdr_size) == hdr_size) + if (r && read_lseek_blockwise(devfd, device_block_size(cd, device), + device_alignment(device), hdr, hdr_size, + TCRYPT_HDR_HIDDEN_OFFSET_OLD) == hdr_size) r = TCRYPT_init_hdr(cd, hdr, params); } } else if (params->flags & CRYPT_TCRYPT_BACKUP_HEADER) { - if (lseek(devfd, TCRYPT_HDR_OFFSET_BCK, SEEK_END) >= 0 && - read_blockwise(devfd, bs, hdr, hdr_size) == hdr_size) + if (read_lseek_blockwise(devfd, device_block_size(cd, device), + device_alignment(device), hdr, hdr_size, + TCRYPT_HDR_OFFSET_BCK) == hdr_size) r = TCRYPT_init_hdr(cd, hdr, params); - } else if (read_blockwise(devfd, bs, hdr, hdr_size) == hdr_size) + } else if (read_lseek_blockwise(devfd, device_block_size(cd, device), + device_alignment(device), hdr, hdr_size, 0) == hdr_size) r = TCRYPT_init_hdr(cd, hdr, params); - close(devfd); + device_free(cd, base_device); + if (r < 0) + memset(hdr, 0, sizeof (*hdr)); return r; } -static struct tcrypt_algs *get_algs(struct crypt_params_tcrypt *params) +static struct tcrypt_algs *TCRYPT_get_algs(const char *cipher, const char *mode) { int i; - if (!params->cipher || !params->mode) + if (!cipher || !mode) return NULL; for (i = 0; tcrypt_cipher[i].chain_count; i++) - if (!strcmp(tcrypt_cipher[i].long_name, params->cipher) && - !strcmp(tcrypt_cipher[i].mode, params->mode)) + if (!strcmp(tcrypt_cipher[i].long_name, cipher) && + !strcmp(tcrypt_cipher[i].mode, mode)) return &tcrypt_cipher[i]; return NULL; @@ -606,104 +730,159 @@ int TCRYPT_activate(struct crypt_device *cd, struct crypt_params_tcrypt *params, uint32_t flags) { - char cipher[MAX_CIPHER_LEN], dm_name[PATH_MAX], dm_dev_name[PATH_MAX]; - struct device *device = NULL; - int i, r; + char dm_name[PATH_MAX], dm_dev_name[PATH_MAX], cipher_spec[MAX_CIPHER_LEN*2+1]; + char *part_path; + unsigned int i; + int r; + uint32_t req_flags, dmc_flags; struct tcrypt_algs *algs; + enum devcheck device_check; + uint64_t offset = crypt_get_data_offset(cd); + struct volume_key *vk = NULL; + struct device *ptr_dev = crypt_data_device(cd), *device = NULL, *part_device = NULL; struct crypt_dm_active_device dmd = { - .target = DM_CRYPT, - .size = 0, - .data_device = crypt_data_device(cd), - .u.crypt = { - .cipher = cipher, - .offset = crypt_get_data_offset(cd), - .iv_offset = crypt_get_iv_offset(cd), - } + .flags = flags }; if (!hdr->d.version) { - log_dbg("TCRYPT: this function is not supported without encrypted header load."); + log_dbg(cd, "TCRYPT: this function is not supported without encrypted header load."); return -ENOTSUP; } if (hdr->d.sector_size && hdr->d.sector_size != SECTOR_SIZE) { - log_err(cd, _("Activation is not supported for %d sector size.\n"), + log_err(cd, _("Activation is not supported for %d sector size."), hdr->d.sector_size); return -ENOTSUP; } if (strstr(params->mode, "-tcrypt")) { - log_err(cd, _("Kernel doesn't support activation for this TCRYPT legacy mode.\n")); + log_err(cd, _("Kernel does not support activation for this TCRYPT legacy mode.")); return -ENOTSUP; } - algs = get_algs(params); + if (strstr(params->mode, "-tcw")) + req_flags = DM_TCW_SUPPORTED; + else + req_flags = DM_PLAIN64_SUPPORTED; + + algs = TCRYPT_get_algs(params->cipher, params->mode); if (!algs) return -EINVAL; - if (params->flags & CRYPT_TCRYPT_HIDDEN_HEADER) + if (hdr->d.sector_size == 0) + return -EINVAL; + + if (params->flags & CRYPT_TCRYPT_SYSTEM_HEADER) + dmd.size = 0; + else if (params->flags & CRYPT_TCRYPT_HIDDEN_HEADER) dmd.size = hdr->d.hidden_volume_size / hdr->d.sector_size; else dmd.size = hdr->d.volume_size / hdr->d.sector_size; - r = device_block_adjust(cd, dmd.data_device, DEV_EXCL, - dmd.u.crypt.offset, &dmd.size, &dmd.flags); + if (dmd.flags & CRYPT_ACTIVATE_SHARED) + device_check = DEV_OK; + else + device_check = DEV_EXCL; + + if ((params->flags & CRYPT_TCRYPT_SYSTEM_HEADER) && + !crypt_dev_is_partition(device_path(crypt_data_device(cd)))) { + part_path = crypt_get_partition_device(device_path(crypt_data_device(cd)), + crypt_get_data_offset(cd), dmd.size); + if (part_path) { + if (!device_alloc(cd, &part_device, part_path)) { + log_verbose(cd, _("Activating TCRYPT system encryption for partition %s."), + part_path); + ptr_dev = part_device; + offset = 0; + } + free(part_path); + } else + /* + * System encryption use the whole device mapping, there can + * be active partitions. + */ + device_check = DEV_OK; + } + + r = device_block_adjust(cd, ptr_dev, device_check, + offset, &dmd.size, &dmd.flags); if (r) - return r; + goto out; - /* Frome here, key size for every cipher must be the same */ - dmd.u.crypt.vk = crypt_alloc_volume_key(algs->cipher[0].key_size, NULL); - if (!dmd.u.crypt.vk) - return -ENOMEM; + /* From here, key size for every cipher must be the same */ + vk = crypt_alloc_volume_key(algs->cipher[0].key_size + + algs->cipher[0].key_extra_size, NULL); + if (!vk) { + r = -ENOMEM; + goto out; + } - for (i = algs->chain_count - 1; i >= 0; i--) { - if (i == 0) { - strncpy(dm_name, name, sizeof(dm_name)); + for (i = algs->chain_count; i > 0; i--) { + if (i == 1) { + dm_name[sizeof(dm_name)-1] = '\0'; + strncpy(dm_name, name, sizeof(dm_name)-1); dmd.flags = flags; } else { - snprintf(dm_name, sizeof(dm_name), "%s_%d", name, i); + snprintf(dm_name, sizeof(dm_name), "%s_%d", name, i-1); dmd.flags = flags | CRYPT_ACTIVATE_PRIVATE; } - snprintf(cipher, sizeof(cipher), "%s-%s", - algs->cipher[i].name, algs->mode); + TCRYPT_copy_key(&algs->cipher[i-1], algs->mode, + vk->key, hdr->d.keys); - copy_key(&algs->cipher[i], algs->mode, dmd.u.crypt.vk->key, hdr->d.keys); - - if ((algs->chain_count - 1) != i) { + if (algs->chain_count != i) { snprintf(dm_dev_name, sizeof(dm_dev_name), "%s/%s_%d", - dm_get_dir(), name, i + 1); - r = device_alloc(&device, dm_dev_name); + dm_get_dir(), name, i); + r = device_alloc(cd, &device, dm_dev_name); if (r) break; - dmd.data_device = device; - dmd.u.crypt.offset = 0; + ptr_dev = device; + offset = 0; } - log_dbg("Trying to activate TCRYPT device %s using cipher %s.", - dm_name, dmd.u.crypt.cipher); - r = dm_create_device(cd, dm_name, CRYPT_TCRYPT, &dmd, 0); + r = snprintf(cipher_spec, sizeof(cipher_spec), "%s-%s", algs->cipher[i-1].name, algs->mode); + if (r < 0 || (size_t)r >= sizeof(cipher_spec)) { + r = -ENOMEM; + break; + } - device_free(device); + r = dm_crypt_target_set(&dmd.segment, 0, dmd.size, ptr_dev, vk, + cipher_spec, crypt_get_iv_offset(cd), offset, + crypt_get_integrity(cd), + crypt_get_integrity_tag_size(cd), + crypt_get_sector_size(cd)); + if (r) + break; + + log_dbg(cd, "Trying to activate TCRYPT device %s using cipher %s.", + dm_name, dmd.segment.u.crypt.cipher); + r = dm_create_device(cd, dm_name, CRYPT_TCRYPT, &dmd); + + dm_targets_free(cd, &dmd); + device_free(cd, device); device = NULL; if (r) break; } - if (!r && !(dm_flags() & DM_PLAIN64_SUPPORTED)) { - log_err(cd, _("Kernel doesn't support plain64 IV.\n")); + if (r < 0 && + (dm_flags(cd, DM_CRYPT, &dmc_flags) || ((dmc_flags & req_flags) != req_flags))) { + log_err(cd, _("Kernel does not support TCRYPT compatible mapping.")); r = -ENOTSUP; } - crypt_free_volume_key(dmd.u.crypt.vk); +out: + crypt_free_volume_key(vk); + device_free(cd, device); + device_free(cd, part_device); return r; } -static int remove_one(struct crypt_device *cd, const char *name, - const char *base_uuid, int index) +static int TCRYPT_remove_one(struct crypt_device *cd, const char *name, + const char *base_uuid, int index, uint32_t flags) { - struct crypt_dm_active_device dmd = {}; + struct crypt_dm_active_device dmd; char dm_name[PATH_MAX]; int r; @@ -716,15 +895,15 @@ static int remove_one(struct crypt_device *cd, const char *name, r = dm_query_device(cd, dm_name, DM_ACTIVE_UUID, &dmd); if (!r && !strncmp(dmd.uuid, base_uuid, strlen(base_uuid))) - r = dm_remove_device(cd, dm_name, 0, 0); + r = dm_remove_device(cd, dm_name, flags); free(CONST_CAST(void*)dmd.uuid); return r; } -int TCRYPT_deactivate(struct crypt_device *cd, const char *name) +int TCRYPT_deactivate(struct crypt_device *cd, const char *name, uint32_t flags) { - struct crypt_dm_active_device dmd = {}; + struct crypt_dm_active_device dmd; int r; r = dm_query_device(cd, name, DM_ACTIVE_UUID, &dmd); @@ -733,28 +912,28 @@ int TCRYPT_deactivate(struct crypt_device *cd, const char *name) if (!dmd.uuid) return -EINVAL; - r = dm_remove_device(cd, name, 0, 0); + r = dm_remove_device(cd, name, flags); if (r < 0) goto out; - r = remove_one(cd, name, dmd.uuid, 1); + r = TCRYPT_remove_one(cd, name, dmd.uuid, 1, flags); if (r < 0) goto out; - r = remove_one(cd, name, dmd.uuid, 2); - if (r < 0) - goto out; + r = TCRYPT_remove_one(cd, name, dmd.uuid, 2, flags); out: free(CONST_CAST(void*)dmd.uuid); return (r == -ENODEV) ? 0 : r; } -static int status_one(struct crypt_device *cd, const char *name, - const char *base_uuid, int index, - size_t *key_size, char *cipher, uint64_t *data_offset, - struct device **device) +static int TCRYPT_status_one(struct crypt_device *cd, const char *name, + const char *base_uuid, int index, + size_t *key_size, char *cipher, + struct tcrypt_phdr *tcrypt_hdr, + struct device **device) { - struct crypt_dm_active_device dmd = {}; + struct crypt_dm_active_device dmd; + struct dm_target *tgt = &dmd.segment; char dm_name[PATH_MAX], *c; int r; @@ -769,55 +948,74 @@ static int status_one(struct crypt_device *cd, const char *name, DM_ACTIVE_UUID | DM_ACTIVE_CRYPT_CIPHER | DM_ACTIVE_CRYPT_KEYSIZE, &dmd); - if (r > 0) - r = 0; - if (!r && !strncmp(dmd.uuid, base_uuid, strlen(base_uuid))) { - if ((c = strchr(dmd.u.crypt.cipher, '-'))) + if (r < 0) + return r; + if (!single_segment(&dmd) || tgt->type != DM_CRYPT) { + r = -ENOTSUP; + goto out; + } + + r = 0; + + if (!strncmp(dmd.uuid, base_uuid, strlen(base_uuid))) { + if ((c = strchr(tgt->u.crypt.cipher, '-'))) *c = '\0'; strcat(cipher, "-"); - strncat(cipher, dmd.u.crypt.cipher, MAX_CIPHER_LEN); - *key_size += dmd.u.crypt.vk->keylength; - *data_offset = dmd.u.crypt.offset * SECTOR_SIZE; - device_free(*device); - *device = dmd.data_device; - } else { - device_free(dmd.data_device); + strncat(cipher, tgt->u.crypt.cipher, MAX_CIPHER_LEN); + *key_size += tgt->u.crypt.vk->keylength; + tcrypt_hdr->d.mk_offset = tgt->u.crypt.offset * SECTOR_SIZE; + device_free(cd, *device); + MOVE_REF(*device, tgt->data_device); + } else r = -ENODEV; - } - +out: + dm_targets_free(cd, &dmd); free(CONST_CAST(void*)dmd.uuid); - free(CONST_CAST(void*)dmd.u.crypt.cipher); - crypt_free_volume_key(dmd.u.crypt.vk); return r; } int TCRYPT_init_by_name(struct crypt_device *cd, const char *name, - const struct crypt_dm_active_device *dmd, + const char *uuid, + const struct dm_target *tgt, struct device **device, struct crypt_params_tcrypt *tcrypt_params, struct tcrypt_phdr *tcrypt_hdr) { - char cipher[MAX_CIPHER_LEN * 4], *mode; + struct tcrypt_algs *algs; + char cipher[MAX_CIPHER_LEN * 4], mode[MAX_CIPHER_LEN+1], *tmp; + size_t key_size; + int r; memset(tcrypt_params, 0, sizeof(*tcrypt_params)); memset(tcrypt_hdr, 0, sizeof(*tcrypt_hdr)); tcrypt_hdr->d.sector_size = SECTOR_SIZE; - tcrypt_hdr->d.mk_offset = dmd->u.crypt.offset * SECTOR_SIZE; - - strncpy(cipher, dmd->u.crypt.cipher, MAX_CIPHER_LEN); + tcrypt_hdr->d.mk_offset = tgt->u.crypt.offset * SECTOR_SIZE; - if ((mode = strchr(cipher, '-'))) { - *mode = '\0'; - tcrypt_params->mode = strdup(++mode); - } - tcrypt_params->key_size = dmd->u.crypt.vk->keylength; + strncpy(cipher, tgt->u.crypt.cipher, MAX_CIPHER_LEN); + tmp = strchr(cipher, '-'); + if (!tmp) + return -EINVAL; + *tmp = '\0'; + mode[MAX_CIPHER_LEN] = '\0'; + strncpy(mode, ++tmp, MAX_CIPHER_LEN); + + key_size = tgt->u.crypt.vk->keylength; + r = TCRYPT_status_one(cd, name, uuid, 1, &key_size, + cipher, tcrypt_hdr, device); + if (!r) + r = TCRYPT_status_one(cd, name, uuid, 2, &key_size, + cipher, tcrypt_hdr, device); + + if (r < 0 && r != -ENODEV) + return r; - if (!status_one(cd, name, dmd->uuid, 1, &tcrypt_params->key_size, - cipher, &tcrypt_hdr->d.mk_offset, device)) - status_one(cd, name, dmd->uuid, 2, &tcrypt_params->key_size, - cipher, &tcrypt_hdr->d.mk_offset, device); + algs = TCRYPT_get_algs(cipher, mode); + if (!algs || key_size != algs->chain_key_size) + return -EINVAL; - tcrypt_params->cipher = strdup(cipher); + tcrypt_params->key_size = algs->chain_key_size; + tcrypt_params->cipher = algs->long_name; + tcrypt_params->mode = algs->mode; return 0; } @@ -827,6 +1025,17 @@ uint64_t TCRYPT_get_data_offset(struct crypt_device *cd, { uint64_t size; + /* No real header loaded, initialized by active device */ + if (!hdr->d.version) + goto hdr_offset; + + /* Mapping through whole device, not partition! */ + if (params->flags & CRYPT_TCRYPT_SYSTEM_HEADER) { + if (crypt_dev_is_partition(device_path(crypt_metadata_device(cd)))) + return 0; + goto hdr_offset; + } + if (params->mode && !strncmp(params->mode, "xts", 3)) { if (hdr->d.version < 3) return 1; @@ -839,7 +1048,7 @@ uint64_t TCRYPT_get_data_offset(struct crypt_device *cd, return (size - hdr->d.hidden_volume_size + (TCRYPT_HDR_HIDDEN_OFFSET_OLD)) / hdr->d.sector_size; } - return (hdr->d.mk_offset / hdr->d.sector_size); + goto hdr_offset; } if (params->flags & CRYPT_TCRYPT_HIDDEN_HEADER) { @@ -849,21 +1058,27 @@ uint64_t TCRYPT_get_data_offset(struct crypt_device *cd, (TCRYPT_HDR_HIDDEN_OFFSET_OLD)) / hdr->d.sector_size; } - // FIXME: system vol. +hdr_offset: return hdr->d.mk_offset / hdr->d.sector_size; } uint64_t TCRYPT_get_iv_offset(struct crypt_device *cd, struct tcrypt_phdr *hdr, - struct crypt_params_tcrypt *params -) + struct crypt_params_tcrypt *params) { + uint64_t iv_offset; + if (params->mode && !strncmp(params->mode, "xts", 3)) - return TCRYPT_get_data_offset(cd, hdr, params); + iv_offset = TCRYPT_get_data_offset(cd, hdr, params); else if (params->mode && !strncmp(params->mode, "lrw", 3)) - return 0; + iv_offset = 0; + else + iv_offset = hdr->d.mk_offset / hdr->d.sector_size; - return hdr->d.mk_offset / hdr->d.sector_size; + if (params->flags & CRYPT_TCRYPT_SYSTEM_HEADER) + iv_offset += crypt_dev_partition_offset(device_path(crypt_metadata_device(cd))); + + return iv_offset; } int TCRYPT_get_volume_key(struct crypt_device *cd, @@ -872,14 +1087,14 @@ int TCRYPT_get_volume_key(struct crypt_device *cd, struct volume_key **vk) { struct tcrypt_algs *algs; - int i, key_index; + unsigned int i, key_index; if (!hdr->d.version) { - log_dbg("TCRYPT: this function is not supported without encrypted header load."); + log_err(cd, _("This function is not supported without TCRYPT header load.")); return -ENOTSUP; } - algs = get_algs(params); + algs = TCRYPT_get_algs(params->cipher, params->mode); if (!algs) return -EINVAL; @@ -888,8 +1103,8 @@ int TCRYPT_get_volume_key(struct crypt_device *cd, return -ENOMEM; for (i = 0, key_index = 0; i < algs->chain_count; i++) { - copy_key(&algs->cipher[i], algs->mode, - &(*vk)->key[key_index], hdr->d.keys); + TCRYPT_copy_key(&algs->cipher[i], algs->mode, + &(*vk)->key[key_index], hdr->d.keys); key_index += algs->cipher[i].key_size; } @@ -900,11 +1115,13 @@ int TCRYPT_dump(struct crypt_device *cd, struct tcrypt_phdr *hdr, struct crypt_params_tcrypt *params) { - log_std(cd, "TCRYPT header information for %s\n", + log_std(cd, "%s header information for %s\n", + hdr->d.magic[0] == 'T' ? "TCRYPT" : "VERACRYPT", device_path(crypt_metadata_device(cd))); if (hdr->d.version) { log_std(cd, "Version: \t%d\n", hdr->d.version); - log_std(cd, "Driver req.:\t%d\n", hdr->d.version_tc); + log_std(cd, "Driver req.:\t%x.%x\n", hdr->d.version_tc >> 8, + hdr->d.version_tc & 0xFF); log_std(cd, "Sector size:\t%" PRIu32 "\n", hdr->d.sector_size); log_std(cd, "MK offset:\t%" PRIu64 "\n", hdr->d.mk_offset); @@ -912,6 +1129,6 @@ int TCRYPT_dump(struct crypt_device *cd, } log_std(cd, "Cipher chain:\t%s\n", params->cipher); log_std(cd, "Cipher mode:\t%s\n", params->mode); - log_std(cd, "MK bits: \t%d\n", params->key_size * 8); + log_std(cd, "MK bits: \t%zu\n", params->key_size * 8); return 0; }