"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "lib/luks1/keymanage.c" between
cryptsetup-2.3.6.tar.xz and cryptsetup-2.4.0.tar.xz

About: cryptsetup is a utility used to conveniently setup disk encryption based on the dm-crypt kernel module. These include plain dm-crypt volumes, LUKS volumes, loop-AES and TrueCrypt compatible format.

keymanage.c  (cryptsetup-2.3.6.tar.xz):keymanage.c  (cryptsetup-2.4.0.tar.xz)
skipping to change at line 25 skipping to change at line 25
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details. * GNU General Public License for more details.
* *
* You should have received a copy of the GNU General Public License * You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software * along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/ */
#include <sys/types.h> #include <sys/types.h>
#include <sys/stat.h> #include <sys/stat.h>
#include <netinet/in.h>
#include <errno.h> #include <errno.h>
#include <unistd.h> #include <unistd.h>
#include <stdio.h> #include <stdio.h>
#include <stdlib.h> #include <stdlib.h>
#include <string.h> #include <string.h>
#include <ctype.h> #include <ctype.h>
#include <assert.h> #include <assert.h>
#include <uuid/uuid.h> #include <uuid/uuid.h>
#include "luks.h" #include "luks.h"
skipping to change at line 476 skipping to change at line 475
static int _check_and_convert_hdr(const char *device, static int _check_and_convert_hdr(const char *device,
struct luks_phdr *hdr, struct luks_phdr *hdr,
int require_luks_device, int require_luks_device,
int repair, int repair,
struct crypt_device *ctx) struct crypt_device *ctx)
{ {
int r = 0; int r = 0;
unsigned int i; unsigned int i;
char luksMagic[] = LUKS_MAGIC; char luksMagic[] = LUKS_MAGIC;
if(memcmp(hdr->magic, luksMagic, LUKS_MAGIC_L)) { /* Check magic */ hdr->version = be16_to_cpu(hdr->version);
if (memcmp(hdr->magic, luksMagic, LUKS_MAGIC_L)) { /* Check magic */
log_dbg(ctx, "LUKS header not detected."); log_dbg(ctx, "LUKS header not detected.");
if (require_luks_device) if (require_luks_device)
log_err(ctx, _("Device %s is not a valid LUKS device."), device); log_err(ctx, _("Device %s is not a valid LUKS device."), device);
return -EINVAL; return -EINVAL;
} else if((hdr->version = ntohs(hdr->version)) != 1) { /* Convert every uint16/32_t item from network byte order */ } else if (hdr->version != 1) {
log_err(ctx, _("Unsupported LUKS version %d."), hdr->version); log_err(ctx, _("Unsupported LUKS version %d."), hdr->version);
return -EINVAL; return -EINVAL;
} }
hdr->hashSpec[LUKS_HASHSPEC_L - 1] = '\0'; hdr->hashSpec[LUKS_HASHSPEC_L - 1] = '\0';
if (crypt_hmac_size(hdr->hashSpec) < LUKS_DIGESTSIZE) { if (crypt_hmac_size(hdr->hashSpec) < LUKS_DIGESTSIZE) {
log_err(ctx, _("Requested LUKS hash %s is not supported."), hdr-> hashSpec); log_err(ctx, _("Requested LUKS hash %s is not supported."), hdr-> hashSpec);
return -EINVAL; return -EINVAL;
} }
/* Header detected */ /* Header detected */
hdr->payloadOffset = ntohl(hdr->payloadOffset); hdr->payloadOffset = be32_to_cpu(hdr->payloadOffset);
hdr->keyBytes = ntohl(hdr->keyBytes); hdr->keyBytes = be32_to_cpu(hdr->keyBytes);
hdr->mkDigestIterations = ntohl(hdr->mkDigestIterations); hdr->mkDigestIterations = be32_to_cpu(hdr->mkDigestIterations);
for(i = 0; i < LUKS_NUMKEYS; ++i) { for (i = 0; i < LUKS_NUMKEYS; ++i) {
hdr->keyblock[i].active = ntohl(hdr->keyblock[i].acti hdr->keyblock[i].active = be32_to_cpu(hdr->keyblock[i
ve); ].active);
hdr->keyblock[i].passwordIterations = ntohl(hdr->keyblock[i].pass hdr->keyblock[i].passwordIterations = be32_to_cpu(hdr->keyblock[i
wordIterations); ].passwordIterations);
hdr->keyblock[i].keyMaterialOffset = ntohl(hdr->keyblock[i].keyM hdr->keyblock[i].keyMaterialOffset = be32_to_cpu(hdr->keyblock[i
aterialOffset); ].keyMaterialOffset);
hdr->keyblock[i].stripes = ntohl(hdr->keyblock[i].stri hdr->keyblock[i].stripes = be32_to_cpu(hdr->keyblock[i
pes); ].stripes);
} }
if (LUKS_check_keyslots(ctx, hdr)) if (LUKS_check_keyslots(ctx, hdr))
r = -EINVAL; r = -EINVAL;
/* Avoid unterminated strings */ /* Avoid unterminated strings */
hdr->cipherName[LUKS_CIPHERNAME_L - 1] = '\0'; hdr->cipherName[LUKS_CIPHERNAME_L - 1] = '\0';
hdr->cipherMode[LUKS_CIPHERMODE_L - 1] = '\0'; hdr->cipherMode[LUKS_CIPHERMODE_L - 1] = '\0';
hdr->uuid[UUID_STRING_L - 1] = '\0'; hdr->uuid[UUID_STRING_L - 1] = '\0';
skipping to change at line 653 skipping to change at line 653
device_path(device)); device_path(device));
else else
log_err(ctx, _("Cannot open device %s."), device_path(dev ice)); log_err(ctx, _("Cannot open device %s."), device_path(dev ice));
return -EINVAL; return -EINVAL;
} }
memcpy(&convHdr, hdr, hdr_size); memcpy(&convHdr, hdr, hdr_size);
memset(&convHdr._padding, 0, sizeof(convHdr._padding)); memset(&convHdr._padding, 0, sizeof(convHdr._padding));
/* Convert every uint16/32_t item to network byte order */ /* Convert every uint16/32_t item to network byte order */
convHdr.version = htons(hdr->version); convHdr.version = cpu_to_be16(hdr->version);
convHdr.payloadOffset = htonl(hdr->payloadOffset); convHdr.payloadOffset = cpu_to_be32(hdr->payloadOffset);
convHdr.keyBytes = htonl(hdr->keyBytes); convHdr.keyBytes = cpu_to_be32(hdr->keyBytes);
convHdr.mkDigestIterations = htonl(hdr->mkDigestIterations); convHdr.mkDigestIterations = cpu_to_be32(hdr->mkDigestIterations);
for(i = 0; i < LUKS_NUMKEYS; ++i) { for(i = 0; i < LUKS_NUMKEYS; ++i) {
convHdr.keyblock[i].active = htonl(hdr->keyblock[i].a convHdr.keyblock[i].active = cpu_to_be32(hdr->keybloc
ctive); k[i].active);
convHdr.keyblock[i].passwordIterations = htonl(hdr->keyblock[i].p convHdr.keyblock[i].passwordIterations = cpu_to_be32(hdr->keybloc
asswordIterations); k[i].passwordIterations);
convHdr.keyblock[i].keyMaterialOffset = htonl(hdr->keyblock[i].k convHdr.keyblock[i].keyMaterialOffset = cpu_to_be32(hdr->keybloc
eyMaterialOffset); k[i].keyMaterialOffset);
convHdr.keyblock[i].stripes = htonl(hdr->keyblock[i].s convHdr.keyblock[i].stripes = cpu_to_be32(hdr->keybloc
tripes); k[i].stripes);
} }
r = write_lseek_blockwise(devfd, device_block_size(ctx, device), device_a lignment(device), r = write_lseek_blockwise(devfd, device_block_size(ctx, device), device_a lignment(device),
&convHdr, hdr_size, 0) < hdr_size ? -EIO : 0; &convHdr, hdr_size, 0) < hdr_size ? -EIO : 0;
if (r) if (r)
log_err(ctx, _("Error during update of LUKS header on device %s." ), device_path(device)); log_err(ctx, _("Error during update of LUKS header on device %s." ), device_path(device));
device_sync(ctx, device); device_sync(ctx, device);
/* Re-read header from disk to be sure that in-memory and on-disk data ar e the same. */ /* Re-read header from disk to be sure that in-memory and on-disk data ar e the same. */
skipping to change at line 803 skipping to change at line 803
return r; return r;
assert(pbkdf->iterations); assert(pbkdf->iterations);
if (pbkdf->flags & CRYPT_PBKDF_NO_BENCHMARK && pbkdf->time_ms == 0) if (pbkdf->flags & CRYPT_PBKDF_NO_BENCHMARK && pbkdf->time_ms == 0)
PBKDF2_temp = LUKS_MKD_ITERATIONS_MIN; PBKDF2_temp = LUKS_MKD_ITERATIONS_MIN;
else /* iterations per ms * LUKS_MKD_ITERATIONS_MS */ else /* iterations per ms * LUKS_MKD_ITERATIONS_MS */
PBKDF2_temp = (double)pbkdf->iterations * LUKS_MKD_ITERATIONS_MS / pbkdf->time_ms; PBKDF2_temp = (double)pbkdf->iterations * LUKS_MKD_ITERATIONS_MS / pbkdf->time_ms;
if (PBKDF2_temp > (double)UINT32_MAX) if (PBKDF2_temp > (double)UINT32_MAX)
return -EINVAL; return -EINVAL;
header->mkDigestIterations = at_least((uint32_t)PBKDF2_temp, LUKS_MKD_ITE RATIONS_MIN); header->mkDigestIterations = AT_LEAST((uint32_t)PBKDF2_temp, LUKS_MKD_ITE RATIONS_MIN);
assert(header->mkDigestIterations); assert(header->mkDigestIterations);
r = crypt_pbkdf(CRYPT_KDF_PBKDF2, header->hashSpec, vk->key,vk->keylength , r = crypt_pbkdf(CRYPT_KDF_PBKDF2, header->hashSpec, vk->key,vk->keylength ,
header->mkDigestSalt, LUKS_SALTSIZE, header->mkDigestSalt, LUKS_SALTSIZE,
header->mkDigest,LUKS_DIGESTSIZE, header->mkDigest,LUKS_DIGESTSIZE,
header->mkDigestIterations, 0, 0); header->mkDigestIterations, 0, 0);
if (r < 0) { if (r < 0) {
log_err(ctx, _("Cannot create LUKS header: header digest failed ( using hash %s)."), log_err(ctx, _("Cannot create LUKS header: header digest failed ( using hash %s)."),
header->hashSpec); header->hashSpec);
return r; return r;
skipping to change at line 877 skipping to change at line 877
pbkdf = crypt_get_pbkdf(ctx); pbkdf = crypt_get_pbkdf(ctx);
r = crypt_benchmark_pbkdf_internal(ctx, pbkdf, vk->keylength); r = crypt_benchmark_pbkdf_internal(ctx, pbkdf, vk->keylength);
if (r < 0) if (r < 0)
return r; return r;
assert(pbkdf->iterations); assert(pbkdf->iterations);
/* /*
* Final iteration count is at least LUKS_SLOT_ITERATIONS_MIN * Final iteration count is at least LUKS_SLOT_ITERATIONS_MIN
*/ */
hdr->keyblock[keyIndex].passwordIterations = hdr->keyblock[keyIndex].passwordIterations =
at_least(pbkdf->iterations, LUKS_SLOT_ITERATIONS_MIN); AT_LEAST(pbkdf->iterations, LUKS_SLOT_ITERATIONS_MIN);
log_dbg(ctx, "Key slot %d use %" PRIu32 " password iterations.", keyIndex , log_dbg(ctx, "Key slot %d use %" PRIu32 " password iterations.", keyIndex ,
hdr->keyblock[keyIndex].passwordIterations); hdr->keyblock[keyIndex].passwordIterations);
derived_key = crypt_alloc_volume_key(hdr->keyBytes, NULL); derived_key = crypt_alloc_volume_key(hdr->keyBytes, NULL);
if (!derived_key) if (!derived_key)
return -ENOMEM; return -ENOMEM;
r = crypt_random_get(ctx, hdr->keyblock[keyIndex].passwordSalt, r = crypt_random_get(ctx, hdr->keyblock[keyIndex].passwordSalt,
LUKS_SALTSIZE, CRYPT_RND_SALT); LUKS_SALTSIZE, CRYPT_RND_SALT);
if (r < 0) if (r < 0)
 End of changes. 8 change blocks. 
30 lines changed or deleted 30 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)