2 * LUKS - Linux Unified Key Setup v2, LUKS2 header format code
4 * Copyright (C) 2015-2023 Red Hat, Inc. All rights reserved.
5 * Copyright (C) 2015-2023 Milan Broz
7 * This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License
9 * as published by the Free Software Foundation; either version 2
10 * of the License, or (at your option) any later version.
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
22 #include "luks2_internal.h"
23 #include <uuid/uuid.h>
30 static size_t get_area_size(size_t keylength)
32 /* for now it is AF_split_sectors */
33 return size_round_up(keylength * 4000, 4096);
36 static size_t get_min_offset(struct luks2_hdr *hdr)
38 return 2 * hdr->hdr_size;
41 static size_t get_max_offset(struct luks2_hdr *hdr)
43 return LUKS2_hdr_and_areas_size(hdr);
46 int LUKS2_find_area_max_gap(struct crypt_device *cd, struct luks2_hdr *hdr,
47 uint64_t *area_offset, uint64_t *area_length)
49 struct area areas[LUKS2_KEYSLOTS_MAX], sorted_areas[LUKS2_KEYSLOTS_MAX+1] = {};
51 size_t valid_offset, offset, length;
53 /* fill area offset + length table */
54 for (i = 0; i < LUKS2_KEYSLOTS_MAX; i++) {
55 if (!LUKS2_keyslot_area(hdr, i, &areas[i].offset, &areas[i].length))
62 k = 0; /* index in sorted table */
63 for (i = 0; i < LUKS2_KEYSLOTS_MAX; i++) {
64 offset = get_max_offset(hdr) ?: UINT64_MAX;
66 /* search for the smallest offset in table */
67 for (j = 0; j < LUKS2_KEYSLOTS_MAX; j++)
68 if (areas[j].offset && areas[j].offset <= offset) {
70 offset = areas[j].offset;
74 sorted_areas[k].length = areas[area_i].length;
75 sorted_areas[k].offset = areas[area_i].offset;
76 areas[area_i].length = 0;
77 areas[area_i].offset = 0;
82 sorted_areas[LUKS2_KEYSLOTS_MAX].offset = get_max_offset(hdr);
83 sorted_areas[LUKS2_KEYSLOTS_MAX].length = 1;
85 /* search for the gap we can use */
86 length = valid_offset = 0;
87 offset = get_min_offset(hdr);
88 for (i = 0; i < LUKS2_KEYSLOTS_MAX+1; i++) {
90 if (sorted_areas[i].offset == 0 || sorted_areas[i].length == 0)
93 /* found bigger gap than the last one */
94 if ((offset < sorted_areas[i].offset) && (sorted_areas[i].offset - offset) > length) {
95 length = sorted_areas[i].offset - offset;
96 valid_offset = offset;
99 /* move beyond allocated area */
100 offset = sorted_areas[i].offset + sorted_areas[i].length;
103 /* this search 'algorithm' does not work with unaligned areas */
104 assert(length == size_round_up(length, 4096));
105 assert(valid_offset == size_round_up(valid_offset, 4096));
108 log_dbg(cd, "Not enough space in header keyslot area.");
112 log_dbg(cd, "Found largest free area %zu -> %zu", valid_offset, length + valid_offset);
114 *area_offset = valid_offset;
115 *area_length = length;
120 int LUKS2_find_area_gap(struct crypt_device *cd, struct luks2_hdr *hdr,
121 size_t keylength, uint64_t *area_offset, uint64_t *area_length)
123 struct area areas[LUKS2_KEYSLOTS_MAX], sorted_areas[LUKS2_KEYSLOTS_MAX] = {};
125 size_t offset, length;
127 /* fill area offset + length table */
128 for (i = 0; i < LUKS2_KEYSLOTS_MAX; i++) {
129 if (!LUKS2_keyslot_area(hdr, i, &areas[i].offset, &areas[i].length))
136 k = 0; /* index in sorted table */
137 for (i = 0; i < LUKS2_KEYSLOTS_MAX; i++) {
138 offset = get_max_offset(hdr) ?: UINT64_MAX;
140 /* search for the smallest offset in table */
141 for (j = 0; j < LUKS2_KEYSLOTS_MAX; j++)
142 if (areas[j].offset && areas[j].offset <= offset) {
144 offset = areas[j].offset;
148 sorted_areas[k].length = areas[area_i].length;
149 sorted_areas[k].offset = areas[area_i].offset;
150 areas[area_i].length = 0;
151 areas[area_i].offset = 0;
156 /* search for the gap we can use */
157 offset = get_min_offset(hdr);
158 length = get_area_size(keylength);
159 for (i = 0; i < LUKS2_KEYSLOTS_MAX; i++) {
161 if (sorted_areas[i].offset == 0 || sorted_areas[i].length == 0)
164 /* enough space before the used area */
165 if ((offset < sorted_areas[i].offset) && ((offset + length) <= sorted_areas[i].offset))
168 /* both offset and length are already aligned to 4096 bytes */
169 offset = sorted_areas[i].offset + sorted_areas[i].length;
172 if ((offset + length) > get_max_offset(hdr)) {
173 log_dbg(cd, "Not enough space in header keyslot area.");
177 log_dbg(cd, "Found area %zu -> %zu", offset, length + offset);
180 *area_offset = offset;
182 *area_length = length;
187 int LUKS2_check_metadata_area_size(uint64_t metadata_size)
189 /* see LUKS2_HDR2_OFFSETS */
190 return (metadata_size != 0x004000 &&
191 metadata_size != 0x008000 && metadata_size != 0x010000 &&
192 metadata_size != 0x020000 && metadata_size != 0x040000 &&
193 metadata_size != 0x080000 && metadata_size != 0x100000 &&
194 metadata_size != 0x200000 && metadata_size != 0x400000);
197 int LUKS2_check_keyslots_area_size(uint64_t keyslots_size)
199 return (MISALIGNED_4K(keyslots_size) ||
200 keyslots_size > LUKS2_MAX_KEYSLOTS_SIZE);
203 int LUKS2_generate_hdr(
204 struct crypt_device *cd,
205 struct luks2_hdr *hdr,
206 const struct volume_key *vk,
207 const char *cipherName,
208 const char *cipherMode,
209 const char *integrity,
211 unsigned int sector_size, /* in bytes */
212 uint64_t data_offset, /* in bytes */
213 uint64_t align_offset, /* in bytes */
214 uint64_t required_alignment,
215 uint64_t metadata_size,
216 uint64_t keyslots_size)
218 struct json_object *jobj_segment, *jobj_integrity, *jobj_keyslots, *jobj_segments, *jobj_config;
220 uuid_t partitionUuid;
225 metadata_size = LUKS2_HDR_16K_LEN;
226 hdr->hdr_size = metadata_size;
228 if (data_offset && data_offset < get_min_offset(hdr)) {
229 log_err(cd, _("Requested data offset is too small."));
233 /* Increase keyslot size according to data offset */
234 if (!keyslots_size && data_offset)
235 keyslots_size = data_offset - get_min_offset(hdr);
237 /* keyslots size has to be 4 KiB aligned */
238 keyslots_size -= (keyslots_size % 4096);
240 if (keyslots_size > LUKS2_MAX_KEYSLOTS_SIZE)
241 keyslots_size = LUKS2_MAX_KEYSLOTS_SIZE;
243 if (!keyslots_size) {
244 assert(LUKS2_DEFAULT_HDR_SIZE > 2 * LUKS2_HDR_OFFSET_MAX);
245 keyslots_size = LUKS2_DEFAULT_HDR_SIZE - get_min_offset(hdr);
246 /* Decrease keyslots_size due to metadata device being too small */
247 if (!device_size(crypt_metadata_device(cd), &mdev_size) &&
248 ((keyslots_size + get_min_offset(hdr)) > mdev_size) &&
249 device_fallocate(crypt_metadata_device(cd), keyslots_size + get_min_offset(hdr)) &&
250 (get_min_offset(hdr) <= mdev_size))
251 keyslots_size = mdev_size - get_min_offset(hdr);
254 /* Decrease keyslots_size if we have smaller data_offset */
255 if (data_offset && (keyslots_size + get_min_offset(hdr)) > data_offset) {
256 keyslots_size = data_offset - get_min_offset(hdr);
257 log_dbg(cd, "Decreasing keyslot area size to %" PRIu64
258 " bytes due to the requested data offset %"
259 PRIu64 " bytes.", keyslots_size, data_offset);
262 /* Data offset has priority */
263 if (!data_offset && required_alignment) {
264 data_offset = size_round_up(get_min_offset(hdr) + keyslots_size,
265 (size_t)required_alignment);
266 data_offset += align_offset;
269 log_dbg(cd, "Formatting LUKS2 with JSON metadata area %" PRIu64
270 " bytes and keyslots area %" PRIu64 " bytes.",
271 metadata_size - LUKS2_HDR_BIN_LEN, keyslots_size);
273 if (keyslots_size < (LUKS2_HDR_OFFSET_MAX - 2*LUKS2_HDR_16K_LEN))
274 log_std(cd, _("WARNING: keyslots area (%" PRIu64 " bytes) is very small,"
275 " available LUKS2 keyslot count is very limited.\n"),
280 memset(hdr->label, 0, LUKS2_LABEL_L);
281 strcpy(hdr->checksum_alg, "sha256");
282 crypt_random_get(cd, (char*)hdr->salt1, LUKS2_SALT_L, CRYPT_RND_SALT);
283 crypt_random_get(cd, (char*)hdr->salt2, LUKS2_SALT_L, CRYPT_RND_SALT);
285 if (uuid && uuid_parse(uuid, partitionUuid) == -1) {
286 log_err(cd, _("Wrong LUKS UUID format provided."));
290 uuid_generate(partitionUuid);
292 uuid_unparse(partitionUuid, hdr->uuid);
294 if (*cipherMode != '\0')
295 r = snprintf(cipher, sizeof(cipher), "%s-%s", cipherName, cipherMode);
297 r = snprintf(cipher, sizeof(cipher), "%s", cipherName);
298 if (r < 0 || (size_t)r >= sizeof(cipher))
301 hdr->jobj = json_object_new_object();
303 jobj_keyslots = json_object_new_object();
304 json_object_object_add(hdr->jobj, "keyslots", jobj_keyslots);
305 json_object_object_add(hdr->jobj, "tokens", json_object_new_object());
306 jobj_segments = json_object_new_object();
307 json_object_object_add(hdr->jobj, "segments", jobj_segments);
308 json_object_object_add(hdr->jobj, "digests", json_object_new_object());
309 jobj_config = json_object_new_object();
310 json_object_object_add(hdr->jobj, "config", jobj_config);
312 digest = LUKS2_digest_create(cd, "pbkdf2", hdr, vk);
316 if (LUKS2_digest_segment_assign(cd, hdr, 0, digest, 1, 0) < 0)
319 jobj_segment = json_segment_create_crypt(data_offset, 0, NULL, cipher, sector_size, 0);
324 jobj_integrity = json_object_new_object();
325 json_object_object_add(jobj_integrity, "type", json_object_new_string(integrity));
326 json_object_object_add(jobj_integrity, "journal_encryption", json_object_new_string("none"));
327 json_object_object_add(jobj_integrity, "journal_integrity", json_object_new_string("none"));
328 json_object_object_add(jobj_segment, "integrity", jobj_integrity);
331 json_object_object_add_by_uint(jobj_segments, 0, jobj_segment);
333 json_object_object_add(jobj_config, "json_size", crypt_jobj_new_uint64(metadata_size - LUKS2_HDR_BIN_LEN));
334 json_object_object_add(jobj_config, "keyslots_size", crypt_jobj_new_uint64(keyslots_size));
336 JSON_DBG(cd, hdr->jobj, "Header JSON:");
339 json_object_put(hdr->jobj);
344 int LUKS2_wipe_header_areas(struct crypt_device *cd,
345 struct luks2_hdr *hdr, bool detached_header)
348 uint64_t offset, length;
351 /* Wipe complete header, keyslots and padding areas with zeroes. */
353 length = LUKS2_get_data_offset(hdr) * SECTOR_SIZE;
354 wipe_block = 1024 * 1024;
356 if (LUKS2_hdr_validate(cd, hdr->jobj, hdr->hdr_size - LUKS2_HDR_BIN_LEN))
359 /* On detached header wipe at least the first 4k */
360 if (detached_header) {
365 r = device_check_size(cd, crypt_metadata_device(cd), length, 1);
369 log_dbg(cd, "Wiping LUKS areas (0x%06" PRIx64 " - 0x%06" PRIx64") with zeroes.",
370 offset, length + offset);
372 r = crypt_wipe_device(cd, crypt_metadata_device(cd), CRYPT_WIPE_ZERO,
373 offset, length, wipe_block, NULL, NULL);
377 /* Wipe keyslot area */
378 wipe_block = 1024 * 1024;
379 offset = get_min_offset(hdr);
380 length = LUKS2_keyslots_size(hdr);
382 log_dbg(cd, "Wiping keyslots area (0x%06" PRIx64 " - 0x%06" PRIx64") with random data.",
383 offset, length + offset);
385 return crypt_wipe_device(cd, crypt_metadata_device(cd), CRYPT_WIPE_RANDOM,
386 offset, length, wipe_block, NULL, NULL);
389 int LUKS2_set_keyslots_size(struct luks2_hdr *hdr, uint64_t data_offset)
391 json_object *jobj_config;
392 uint64_t keyslots_size;
394 if (data_offset < get_min_offset(hdr))
397 keyslots_size = data_offset - get_min_offset(hdr);
399 /* keep keyslots_size reasonable for custom data alignments */
400 if (keyslots_size > LUKS2_MAX_KEYSLOTS_SIZE)
401 keyslots_size = LUKS2_MAX_KEYSLOTS_SIZE;
403 /* keyslots size has to be 4 KiB aligned */
404 keyslots_size -= (keyslots_size % 4096);
406 if (!json_object_object_get_ex(hdr->jobj, "config", &jobj_config))
409 json_object_object_add(jobj_config, "keyslots_size", crypt_jobj_new_uint64(keyslots_size));