2 * dm-verity volume handling
4 * Copyright (C) 2012-2020 Red Hat, Inc. All rights reserved.
6 * This file is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
11 * This file is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this file; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
30 #define VERITY_MAX_LEVELS 63
32 static unsigned get_bits_up(size_t u)
40 static unsigned get_bits_down(size_t u)
48 static int verify_zero(struct crypt_device *cd, FILE *wr, size_t bytes)
53 if (fread(block, bytes, 1, wr) != 1) {
54 log_dbg(cd, "EIO while reading spare area.");
57 for (i = 0; i < bytes; i++)
59 log_err(cd, _("Spare area is not zeroed at position %" PRIu64 "."),
66 static int verify_hash_block(const char *hash_name, int version,
67 char *hash, size_t hash_size,
68 const char *data, size_t data_size,
69 const char *salt, size_t salt_size)
71 struct crypt_hash *ctx = NULL;
74 if (crypt_hash_init(&ctx, hash_name))
77 if (version == 1 && (r = crypt_hash_write(ctx, salt, salt_size)))
80 if ((r = crypt_hash_write(ctx, data, data_size)))
83 if (version == 0 && (r = crypt_hash_write(ctx, salt, salt_size)))
86 r = crypt_hash_final(ctx, hash, hash_size);
88 crypt_hash_destroy(ctx);
92 static int mult_overflow(off_t *u, off_t b, size_t size)
94 *u = (uint64_t)b * size;
95 if ((off_t)(*u / size) != b || (off_t)*u < 0)
100 static int hash_levels(size_t hash_block_size, size_t digest_size,
101 off_t data_file_blocks, off_t *hash_position, int *levels,
102 off_t *hash_level_block, off_t *hash_level_size)
104 size_t hash_per_block_bits;
111 hash_per_block_bits = get_bits_down(hash_block_size / digest_size);
112 if (!hash_per_block_bits)
116 while (hash_per_block_bits * *levels < 64 &&
117 (data_file_blocks - 1) >> (hash_per_block_bits * *levels))
120 if (*levels > VERITY_MAX_LEVELS)
123 for (i = *levels - 1; i >= 0; i--) {
124 if (hash_level_block)
125 hash_level_block[i] = *hash_position;
126 // verity position of block data_file_blocks at level i
127 s_shift = (i + 1) * hash_per_block_bits;
130 s = (data_file_blocks + ((off_t)1 << s_shift) - 1) >> ((i + 1) * hash_per_block_bits);
132 hash_level_size[i] = s;
133 if ((*hash_position + s) < *hash_position ||
134 (*hash_position + s) < 0)
142 static int create_or_verify(struct crypt_device *cd, FILE *rd, FILE *wr,
143 off_t data_block, size_t data_block_size,
144 off_t hash_block, size_t hash_block_size,
145 off_t blocks, int version,
146 const char *hash_name, int verify,
147 char *calculated_digest, size_t digest_size,
148 const char *salt, size_t salt_size)
150 char left_block[hash_block_size];
151 char data_buffer[data_block_size];
152 char read_digest[digest_size];
153 size_t hash_per_block = 1 << get_bits_down(hash_block_size / digest_size);
154 size_t digest_size_full = 1 << get_bits_up(digest_size);
155 off_t blocks_to_write = (blocks + hash_per_block - 1) / hash_per_block;
156 off_t seek_rd, seek_wr;
161 if (mult_overflow(&seek_rd, data_block, data_block_size) ||
162 mult_overflow(&seek_wr, hash_block, hash_block_size)) {
163 log_err(cd, _("Device offset overflow."));
167 if (fseeko(rd, seek_rd, SEEK_SET)) {
168 log_dbg(cd, "Cannot seek to requested position in data device.");
172 if (wr && fseeko(wr, seek_wr, SEEK_SET)) {
173 log_dbg(cd, "Cannot seek to requested position in hash device.");
177 memset(left_block, 0, hash_block_size);
178 while (blocks_to_write--) {
179 left_bytes = hash_block_size;
180 for (i = 0; i < hash_per_block; i++) {
184 if (fread(data_buffer, data_block_size, 1, rd) != 1) {
185 log_dbg(cd, "Cannot read data device block.");
189 if (verify_hash_block(hash_name, version,
190 calculated_digest, digest_size,
191 data_buffer, data_block_size,
198 if (fread(read_digest, digest_size, 1, wr) != 1) {
199 log_dbg(cd, "Cannot read digest form hash device.");
202 if (memcmp(read_digest, calculated_digest, digest_size)) {
203 log_err(cd, _("Verification failed at position %" PRIu64 "."),
204 ftello(rd) - data_block_size);
208 if (fwrite(calculated_digest, digest_size, 1, wr) != 1) {
209 log_dbg(cd, "Cannot write digest to hash device.");
214 left_bytes -= digest_size;
216 if (digest_size_full - digest_size) {
218 r = verify_zero(cd, wr, digest_size_full - digest_size);
221 } else if (fwrite(left_block, digest_size_full - digest_size, 1, wr) != 1) {
222 log_dbg(cd, "Cannot write spare area to hash device.");
226 left_bytes -= digest_size_full;
229 if (wr && left_bytes) {
231 r = verify_zero(cd , wr, left_bytes);
234 } else if (fwrite(left_block, left_bytes, 1, wr) != 1) {
235 log_dbg(cd, "Cannot write remaining spare area to hash device.");
244 static int VERITY_create_or_verify_hash(struct crypt_device *cd,
247 const char *hash_name,
248 struct device *hash_device,
249 struct device *data_device,
250 size_t hash_block_size,
251 size_t data_block_size,
259 char calculated_digest[digest_size];
260 FILE *data_file = NULL;
261 FILE *hash_file = NULL, *hash_file_2;
262 off_t hash_level_block[VERITY_MAX_LEVELS];
263 off_t hash_level_size[VERITY_MAX_LEVELS];
264 off_t data_file_blocks;
265 off_t data_device_size = 0, hash_device_size = 0;
269 log_dbg(cd, "Hash %s %s, data device %s, data blocks %" PRIu64
270 ", hash_device %s, offset %" PRIu64 ".",
271 verify ? "verification" : "creation", hash_name,
272 device_path(data_device), data_blocks,
273 device_path(hash_device), hash_position);
275 if (data_blocks < 0 || hash_position < 0) {
276 log_err(cd, _("Invalid size parameters for verity device."));
281 r = device_size(data_device, &dev_size);
285 data_file_blocks = dev_size / data_block_size;
287 data_file_blocks = data_blocks;
289 if (mult_overflow(&data_device_size, data_blocks, data_block_size)) {
290 log_err(cd, _("Device offset overflow."));
294 if (hash_levels(hash_block_size, digest_size, data_file_blocks, &hash_position,
295 &levels, &hash_level_block[0], &hash_level_size[0])) {
296 log_err(cd, _("Hash area overflow."));
300 log_dbg(cd, "Using %d hash levels.", levels);
302 if (mult_overflow(&hash_device_size, hash_position, hash_block_size)) {
303 log_err(cd, _("Device offset overflow."));
307 log_dbg(cd, "Data device size required: %" PRIu64 " bytes.",
309 data_file = fopen(device_path(data_device), "r");
311 log_err(cd, _("Cannot open device %s."),
312 device_path(data_device)
318 log_dbg(cd, "Hash device size required: %" PRIu64 " bytes.",
320 hash_file = fopen(device_path(hash_device), verify ? "r" : "r+");
322 log_err(cd, _("Cannot open device %s."),
323 device_path(hash_device));
328 memset(calculated_digest, 0, digest_size);
330 for (i = 0; i < levels; i++) {
332 r = create_or_verify(cd, data_file, hash_file,
334 hash_level_block[i], hash_block_size,
335 data_file_blocks, version, hash_name, verify,
336 calculated_digest, digest_size, salt, salt_size);
340 hash_file_2 = fopen(device_path(hash_device), "r");
342 log_err(cd, _("Cannot open device %s."),
343 device_path(hash_device));
347 r = create_or_verify(cd, hash_file_2, hash_file,
348 hash_level_block[i - 1], hash_block_size,
349 hash_level_block[i], hash_block_size,
350 hash_level_size[i - 1], version, hash_name, verify,
351 calculated_digest, digest_size, salt, salt_size);
359 r = create_or_verify(cd, hash_file, NULL,
360 hash_level_block[levels - 1], hash_block_size,
362 1, version, hash_name, verify,
363 calculated_digest, digest_size, salt, salt_size);
365 r = create_or_verify(cd, data_file, NULL,
368 data_file_blocks, version, hash_name, verify,
369 calculated_digest, digest_size, salt, salt_size);
373 log_err(cd, _("Verification of data area failed."));
375 log_dbg(cd, "Verification of data area succeeded.");
376 r = memcmp(root_hash, calculated_digest, digest_size) ? -EPERM : 0;
378 log_err(cd, _("Verification of root hash failed."));
380 log_dbg(cd, "Verification of root hash succeeded.");
384 log_err(cd, _("Input/output error while creating hash area."));
386 log_err(cd, _("Creation of hash area failed."));
388 fsync(fileno(hash_file));
389 memcpy(root_hash, calculated_digest, digest_size);
400 /* Verify verity device using userspace crypto backend */
401 int VERITY_verify(struct crypt_device *cd,
402 struct crypt_params_verity *verity_hdr,
403 const char *root_hash,
404 size_t root_hash_size)
406 return VERITY_create_or_verify_hash(cd, 1,
407 verity_hdr->hash_type,
408 verity_hdr->hash_name,
409 crypt_metadata_device(cd),
410 crypt_data_device(cd),
411 verity_hdr->hash_block_size,
412 verity_hdr->data_block_size,
413 verity_hdr->data_size,
414 VERITY_hash_offset_block(verity_hdr),
415 CONST_CAST(char*)root_hash,
418 verity_hdr->salt_size);
421 /* Create verity hash */
422 int VERITY_create(struct crypt_device *cd,
423 struct crypt_params_verity *verity_hdr,
424 const char *root_hash,
425 size_t root_hash_size)
427 unsigned pgsize = (unsigned)crypt_getpagesize();
429 if (verity_hdr->salt_size > 256)
432 if (verity_hdr->data_block_size > pgsize)
433 log_err(cd, _("WARNING: Kernel cannot activate device if data "
434 "block size exceeds page size (%u)."), pgsize);
436 return VERITY_create_or_verify_hash(cd, 0,
437 verity_hdr->hash_type,
438 verity_hdr->hash_name,
439 crypt_metadata_device(cd),
440 crypt_data_device(cd),
441 verity_hdr->hash_block_size,
442 verity_hdr->data_block_size,
443 verity_hdr->data_size,
444 VERITY_hash_offset_block(verity_hdr),
445 CONST_CAST(char*)root_hash,
448 verity_hdr->salt_size);
451 uint64_t VERITY_hash_blocks(struct crypt_device *cd, struct crypt_params_verity *params)
453 off_t hash_position = 0;
456 if (hash_levels(params->hash_block_size, crypt_get_volume_key_size(cd),
457 params->data_size, &hash_position, &levels, NULL, NULL))
460 return (uint64_t)hash_position;