2 * dm-verity volume handling
4 * Copyright (C) 2012-2023 Red Hat, Inc. All rights reserved.
6 * This file is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
11 * This file is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this file; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
30 #define VERITY_MAX_LEVELS 63
31 #define VERITY_MAX_DIGEST_SIZE 1024
33 static unsigned get_bits_up(size_t u)
41 static unsigned get_bits_down(size_t u)
49 static int verify_zero(struct crypt_device *cd, FILE *wr, size_t bytes)
55 block = malloc(bytes);
59 if (fread(block, bytes, 1, wr) != 1) {
60 log_dbg(cd, "EIO while reading spare area.");
64 for (i = 0; i < bytes; i++)
66 log_err(cd, _("Spare area is not zeroed at position %" PRIu64 "."),
77 static int verify_hash_block(const char *hash_name, int version,
78 char *hash, size_t hash_size,
79 const char *data, size_t data_size,
80 const char *salt, size_t salt_size)
82 struct crypt_hash *ctx = NULL;
85 if (crypt_hash_init(&ctx, hash_name))
88 if (version == 1 && (r = crypt_hash_write(ctx, salt, salt_size)))
91 if ((r = crypt_hash_write(ctx, data, data_size)))
94 if (version == 0 && (r = crypt_hash_write(ctx, salt, salt_size)))
97 r = crypt_hash_final(ctx, hash, hash_size);
99 crypt_hash_destroy(ctx);
103 static int hash_levels(size_t hash_block_size, size_t digest_size,
104 uint64_t data_file_blocks, uint64_t *hash_position, int *levels,
105 uint64_t *hash_level_block, uint64_t *hash_level_size)
107 size_t hash_per_block_bits;
114 hash_per_block_bits = get_bits_down(hash_block_size / digest_size);
115 if (!hash_per_block_bits)
119 while (hash_per_block_bits * *levels < 64 &&
120 (data_file_blocks - 1) >> (hash_per_block_bits * *levels))
123 if (*levels > VERITY_MAX_LEVELS)
126 for (i = *levels - 1; i >= 0; i--) {
127 if (hash_level_block)
128 hash_level_block[i] = *hash_position;
129 // verity position of block data_file_blocks at level i
130 s_shift = (i + 1) * hash_per_block_bits;
133 s = (data_file_blocks + ((uint64_t)1 << s_shift) - 1) >> ((i + 1) * hash_per_block_bits);
135 hash_level_size[i] = s;
136 if ((*hash_position + s) < *hash_position)
144 static int create_or_verify(struct crypt_device *cd, FILE *rd, FILE *wr,
145 uint64_t data_block, size_t data_block_size,
146 uint64_t hash_block, size_t hash_block_size,
147 uint64_t blocks, int version,
148 const char *hash_name, int verify,
149 char *calculated_digest, size_t digest_size,
150 const char *salt, size_t salt_size)
152 char *left_block, *data_buffer;
153 char read_digest[VERITY_MAX_DIGEST_SIZE];
154 size_t hash_per_block = 1 << get_bits_down(hash_block_size / digest_size);
155 size_t digest_size_full = 1 << get_bits_up(digest_size);
156 uint64_t blocks_to_write = (blocks + hash_per_block - 1) / hash_per_block;
157 uint64_t seek_rd, seek_wr;
162 if (digest_size > sizeof(read_digest))
165 if (uint64_mult_overflow(&seek_rd, data_block, data_block_size) ||
166 uint64_mult_overflow(&seek_wr, hash_block, hash_block_size)) {
167 log_err(cd, _("Device offset overflow."));
171 if (fseeko(rd, seek_rd, SEEK_SET)) {
172 log_dbg(cd, "Cannot seek to requested position in data device.");
176 if (wr && fseeko(wr, seek_wr, SEEK_SET)) {
177 log_dbg(cd, "Cannot seek to requested position in hash device.");
181 left_block = malloc(hash_block_size);
182 data_buffer = malloc(data_block_size);
183 if (!left_block || !data_buffer) {
188 memset(left_block, 0, hash_block_size);
189 while (blocks_to_write--) {
190 left_bytes = hash_block_size;
191 for (i = 0; i < hash_per_block; i++) {
195 if (fread(data_buffer, data_block_size, 1, rd) != 1) {
196 log_dbg(cd, "Cannot read data device block.");
201 if (verify_hash_block(hash_name, version,
202 calculated_digest, digest_size,
203 data_buffer, data_block_size,
212 if (fread(read_digest, digest_size, 1, wr) != 1) {
213 log_dbg(cd, "Cannot read digest form hash device.");
217 if (crypt_backend_memeq(read_digest, calculated_digest, digest_size)) {
218 log_err(cd, _("Verification failed at position %" PRIu64 "."),
219 ftello(rd) - data_block_size);
224 if (fwrite(calculated_digest, digest_size, 1, wr) != 1) {
225 log_dbg(cd, "Cannot write digest to hash device.");
231 left_bytes -= digest_size;
233 if (digest_size_full - digest_size) {
235 r = verify_zero(cd, wr, digest_size_full - digest_size);
238 } else if (fwrite(left_block, digest_size_full - digest_size, 1, wr) != 1) {
239 log_dbg(cd, "Cannot write spare area to hash device.");
244 left_bytes -= digest_size_full;
247 if (wr && left_bytes) {
249 r = verify_zero(cd , wr, left_bytes);
252 } else if (fwrite(left_block, left_bytes, 1, wr) != 1) {
253 log_dbg(cd, "Cannot write remaining spare area to hash device.");
266 static int VERITY_create_or_verify_hash(struct crypt_device *cd, bool verify,
267 struct crypt_params_verity *params,
268 char *root_hash, size_t digest_size)
270 char calculated_digest[VERITY_MAX_DIGEST_SIZE];
271 FILE *data_file = NULL;
272 FILE *hash_file = NULL, *hash_file_2;
273 uint64_t hash_level_block[VERITY_MAX_LEVELS];
274 uint64_t hash_level_size[VERITY_MAX_LEVELS];
275 uint64_t data_file_blocks;
276 uint64_t data_device_offset_max = 0, hash_device_offset_max = 0;
277 uint64_t hash_position = VERITY_hash_offset_block(params);
281 log_dbg(cd, "Hash %s %s, data device %s, data blocks %" PRIu64
282 ", hash_device %s, offset %" PRIu64 ".",
283 verify ? "verification" : "creation", params->hash_name,
284 device_path(crypt_data_device(cd)), params->data_size,
285 device_path(crypt_metadata_device(cd)), hash_position);
287 if (digest_size > sizeof(calculated_digest))
290 if (!params->data_size) {
291 r = device_size(crypt_data_device(cd), &dev_size);
295 data_file_blocks = dev_size / params->data_block_size;
297 data_file_blocks = params->data_size;
299 if (uint64_mult_overflow(&data_device_offset_max, params->data_size, params->data_block_size)) {
300 log_err(cd, _("Device offset overflow."));
303 log_dbg(cd, "Data device size required: %" PRIu64 " bytes.", data_device_offset_max);
305 if (hash_levels(params->hash_block_size, digest_size, data_file_blocks, &hash_position,
306 &levels, &hash_level_block[0], &hash_level_size[0])) {
307 log_err(cd, _("Hash area overflow."));
310 if (uint64_mult_overflow(&hash_device_offset_max, hash_position, params->hash_block_size)) {
311 log_err(cd, _("Device offset overflow."));
314 log_dbg(cd, "Hash device size required: %" PRIu64 " bytes.",
315 hash_device_offset_max - params->hash_area_offset);
316 log_dbg(cd, "Using %d hash levels.", levels);
318 data_file = fopen(device_path(crypt_data_device(cd)), "r");
320 log_err(cd, _("Cannot open device %s."),
321 device_path(crypt_data_device(cd))
327 hash_file = fopen(device_path(crypt_metadata_device(cd)), verify ? "r" : "r+");
329 log_err(cd, _("Cannot open device %s."),
330 device_path(crypt_metadata_device(cd)));
335 memset(calculated_digest, 0, digest_size);
337 for (i = 0; i < levels; i++) {
339 r = create_or_verify(cd, data_file, hash_file,
340 0, params->data_block_size,
341 hash_level_block[i], params->hash_block_size,
342 data_file_blocks, params->hash_type, params->hash_name, verify,
343 calculated_digest, digest_size, params->salt, params->salt_size);
347 hash_file_2 = fopen(device_path(crypt_metadata_device(cd)), "r");
349 log_err(cd, _("Cannot open device %s."),
350 device_path(crypt_metadata_device(cd)));
354 r = create_or_verify(cd, hash_file_2, hash_file,
355 hash_level_block[i - 1], params->hash_block_size,
356 hash_level_block[i], params->hash_block_size,
357 hash_level_size[i - 1], params->hash_type, params->hash_name, verify,
358 calculated_digest, digest_size, params->salt, params->salt_size);
366 r = create_or_verify(cd, hash_file, NULL,
367 hash_level_block[levels - 1], params->hash_block_size,
368 0, params->hash_block_size,
369 1, params->hash_type, params->hash_name, verify,
370 calculated_digest, digest_size, params->salt, params->salt_size);
372 r = create_or_verify(cd, data_file, NULL,
373 0, params->data_block_size,
374 0, params->hash_block_size,
375 data_file_blocks, params->hash_type, params->hash_name, verify,
376 calculated_digest, digest_size, params->salt, params->salt_size);
380 log_err(cd, _("Verification of data area failed."));
382 log_dbg(cd, "Verification of data area succeeded.");
383 r = crypt_backend_memeq(root_hash, calculated_digest, digest_size) ? -EFAULT : 0;
385 log_err(cd, _("Verification of root hash failed."));
387 log_dbg(cd, "Verification of root hash succeeded.");
391 log_err(cd, _("Input/output error while creating hash area."));
393 log_err(cd, _("Creation of hash area failed."));
395 fsync(fileno(hash_file));
396 memcpy(root_hash, calculated_digest, digest_size);
407 /* Verify verity device using userspace crypto backend */
408 int VERITY_verify(struct crypt_device *cd,
409 struct crypt_params_verity *verity_hdr,
410 const char *root_hash,
411 size_t root_hash_size)
413 return VERITY_create_or_verify_hash(cd, 1, verity_hdr, CONST_CAST(char*)root_hash, root_hash_size);
416 /* Create verity hash */
417 int VERITY_create(struct crypt_device *cd,
418 struct crypt_params_verity *verity_hdr,
419 const char *root_hash,
420 size_t root_hash_size)
422 unsigned pgsize = (unsigned)crypt_getpagesize();
424 if (verity_hdr->salt_size > 256)
427 if (verity_hdr->data_block_size > pgsize)
428 log_err(cd, _("WARNING: Kernel cannot activate device if data "
429 "block size exceeds page size (%u)."), pgsize);
431 return VERITY_create_or_verify_hash(cd, 0, verity_hdr, CONST_CAST(char*)root_hash, root_hash_size);
434 uint64_t VERITY_hash_blocks(struct crypt_device *cd, struct crypt_params_verity *params)
436 uint64_t hash_position = 0;
439 if (hash_levels(params->hash_block_size, crypt_get_volume_key_size(cd),
440 params->data_size, &hash_position, &levels, NULL, NULL))
443 return (uint64_t)hash_position;