/* Read verity superblock from disk */
int VERITY_read_sb(struct crypt_device *cd,
const char *device,
- size_t sb_offset,
+ uint64_t sb_offset,
struct crypt_params_verity *params)
{
struct verity_sb sb = {};
ssize_t hdr_size = sizeof(struct verity_sb);
int devfd = 0;
- long long sb_data_blocks;
+ uint64_t sb_data_blocks;
- log_dbg("Reading VERITY header of size %d on device %s, offset %u.",
- sizeof(struct verity_sb), device, (unsigned)sb_offset);
+ log_dbg("Reading VERITY header of size %u on device %s, offset %" PRIu64 ".",
+ sizeof(struct verity_sb), device, sb_offset);
devfd = open(device ,O_RDONLY | O_DIRECT);
if(devfd == -1) {
return -EINVAL;
}
- sb_data_blocks = ((unsigned long long)ntohl(sb.data_blocks_hi) << 31 << 1) |
+ sb_data_blocks = ((uint64_t)ntohl(sb.data_blocks_hi) << 31 << 1) |
ntohl(sb.data_blocks_lo);
- if (sb_data_blocks < 0 ||
- (off_t)sb_data_blocks < 0 ||
- (off_t)sb_data_blocks != sb_data_blocks) {
- log_err(cd, _("VERITY header data block size mismatch.\n"));
- return -EINVAL;
- }
- // FIXME alloc error
params->hash_name = strdup((const char*)sb.algorithm);
+ if (!params->hash_name)
+ return -ENOMEM;
params->data_block_size = 1 << sb.data_block_bits;
params->hash_block_size = 1 << sb.hash_block_bits;
params->data_size = sb_data_blocks;
params->salt_size = ntohs(sb.salt_size);
params->salt = malloc(params->salt_size);
+ if (!params->salt)
+ return -ENOMEM;
memcpy(CONST_CAST(char*)params->salt, sb.salt, params->salt_size);
params->hash_area_offset = sb_offset;
params->version = sb.version;
/* Write verity superblock to disk */
int VERITY_write_sb(struct crypt_device *cd,
const char *device,
- size_t sb_offset,
+ uint64_t sb_offset,
struct crypt_params_verity *params)
{
struct verity_sb sb = {};
ssize_t hdr_size = sizeof(struct verity_sb);
int r, devfd = 0;
- log_dbg("Updating VERITY header of size %d on device %s, offset %u.",
- sizeof(struct verity_sb), device, (unsigned)sb_offset);
+ log_dbg("Updating VERITY header of size %u on device %s, offset %" PRIu64 ".",
+ sizeof(struct verity_sb), device, sb_offset);
devfd = open(device, O_RDWR | O_DIRECT);
if(devfd == -1) {
return -EIO;
for (i = 0; i < bytes; i++)
if (block[i]) {
- log_err(cd, "spare area is not zeroed at position %" PRIu64 "\n",
+ log_err(cd, _("Spare area is not zeroed at position %" PRIu64 ".\n"),
ftello(wr) - bytes);
return -EPERM;
}
if (fread(read_digest, digest_size, 1, wr) != 1)
return -EIO;
if (memcmp(read_digest, calculated_digest, digest_size)) {
- log_err(cd, "verification failed at position %" PRIu64 "\n",
+ log_err(cd, _("Verification failed at position %" PRIu64 ".\n"),
ftello(rd) - data_block_size);
return -EPERM;
}
hash_per_block_bits = get_bits_down(hash_block_size / digest_size);
hash_per_block = 1 << hash_per_block_bits;
- if (!hash_per_block_bits) {
- log_err(cd, "at least two hashes must fit in a hash file block\n");
+ if (!hash_per_block_bits)
return -EINVAL;
- }
levels = 0;
if (data_file_blocks) {
}
if (levels > VERITY_MAX_LEVELS) {
- log_err(cd, "too many tree levels\n");
+ log_err(cd, _("Too many tree levels for verity volume.\n"));
return -EINVAL;
}
if (hash_position + s < hash_position ||
(hash_position + s) < 0 ||
(hash_position + s) != hash_position + s) {
- log_err(cd, "hash device offset overflow\n");
+ log_dbg("Hash device offset overflow.");
return -EINVAL;
}
hash_position += s;
data_file = fopen(data_device, "r");
if (!data_file) {
- log_err(cd, "Cannot open %s.\n", data_device);
+ log_err(cd, _("Cannot open device %s.\n"), data_device);
r = -EIO;
goto out;
}
hash_file = fopen(hash_device, verify ? "r" : "r+");
if (!hash_file) {
- log_err(cd, "Cannot open %s.\n", hash_device);
+ log_err(cd, _("Cannot open device %s.\n"), hash_device);
r = -EIO;
goto out;
}
data_file_blocks, version, hash_name, verify,
calculated_digest, digest_size, salt, salt_size);
- if (r) {
- log_err(cd, "Hash of data area verification failed.\n");
+ if (r == -EPERM) {
+ log_err(cd, _("Verification of data area failed.\n"));
goto out;
- } else
- log_dbg("Hash of data area successfully verified.");
+ } else if (!r)
+ log_dbg("Verification of data area succeeded.");
/* root hash verification */
if (verify) {
r = memcmp(root_hash, calculated_digest, digest_size) ? -EPERM : 0;
if (r)
- log_err(cd, "Root hash verification failed.\n");
+ log_err(cd, _("Verification of root hash failed.\n"));
else
- log_dbg("Root hash successfully verified.");
+ log_dbg("Verification of root hash succeeded.");
} else {
fsync(fileno(hash_file));
memcpy(root_hash, calculated_digest, digest_size);
const char *root_hash,
size_t root_hash_size)
{
- int r = VERITY_create_or_verify_hash(cd, 1,
+ return VERITY_create_or_verify_hash(cd, 1,
verity_hdr->version,
verity_hdr->hash_name,
hash_device,
root_hash_size,
verity_hdr->salt,
verity_hdr->salt_size);
-
- if (r == -EPERM)
- log_err(cd, "Userspace hash verification failed.\n");
-
- return r;
}
+/* Create verity hash */
int VERITY_create(struct crypt_device *cd,
struct crypt_params_verity *verity_hdr,
const char *data_device,