"Fossies" - the Fresh Open Source Software Archive 
Member "cryptsetup-2.4.3/lib/luks1/keymanage.c" (13 Jan 2022, 37099 Bytes) of package /linux/misc/cryptsetup-2.4.3.tar.xz:
As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style:
standard) with prefixed line numbers and
code folding option.
Alternatively you can here
view or
download the uninterpreted source code file.
For more information about "keymanage.c" see the
Fossies "Dox" file reference documentation and the last
Fossies "Diffs" side-by-side code changes report:
2.4.0_vs_2.4.1.
1 /*
2 * LUKS - Linux Unified Key Setup
3 *
4 * Copyright (C) 2004-2006 Clemens Fruhwirth <clemens@endorphin.org>
5 * Copyright (C) 2009-2021 Red Hat, Inc. All rights reserved.
6 * Copyright (C) 2013-2021 Milan Broz
7 *
8 * This program is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU General Public License
10 * as published by the Free Software Foundation; either version 2
11 * of the License, or (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
21 */
22
23 #include <sys/types.h>
24 #include <sys/stat.h>
25 #include <errno.h>
26 #include <unistd.h>
27 #include <stdio.h>
28 #include <stdlib.h>
29 #include <string.h>
30 #include <ctype.h>
31 #include <assert.h>
32 #include <uuid/uuid.h>
33
34 #include "luks.h"
35 #include "af.h"
36 #include "internal.h"
37
38 int LUKS_keyslot_area(const struct luks_phdr *hdr,
39 int keyslot,
40 uint64_t *offset,
41 uint64_t *length)
42 {
43 if(keyslot >= LUKS_NUMKEYS || keyslot < 0)
44 return -EINVAL;
45
46 *offset = (uint64_t)hdr->keyblock[keyslot].keyMaterialOffset * SECTOR_SIZE;
47 *length = AF_split_sectors(hdr->keyBytes, LUKS_STRIPES) * SECTOR_SIZE;
48
49 return 0;
50 }
51
52 /* insertsort: because the array has 8 elements and it's mostly sorted. that's why */
53 static void LUKS_sort_keyslots(const struct luks_phdr *hdr, int *array)
54 {
55 int i, j, x;
56
57 for (i = 1; i < LUKS_NUMKEYS; i++) {
58 j = i;
59 while (j > 0 && hdr->keyblock[array[j-1]].keyMaterialOffset > hdr->keyblock[array[j]].keyMaterialOffset) {
60 x = array[j];
61 array[j] = array[j-1];
62 array[j-1] = x;
63 j--;
64 }
65 }
66 }
67
68 static int _is_not_lower(char *str, unsigned max_len)
69 {
70 for(; *str && max_len; str++, max_len--)
71 if (isupper(*str))
72 return 1;
73 return 0;
74 }
75
76 static int _to_lower(char *str, unsigned max_len)
77 {
78 int r = 0;
79
80 for(; *str && max_len; str++, max_len--)
81 if (isupper(*str)) {
82 *str = tolower(*str);
83 r = 1;
84 }
85
86 return r;
87 }
88
89 size_t LUKS_device_sectors(const struct luks_phdr *hdr)
90 {
91 int sorted_areas[LUKS_NUMKEYS] = { 0, 1, 2, 3, 4, 5, 6, 7 };
92
93 LUKS_sort_keyslots(hdr, sorted_areas);
94
95 return hdr->keyblock[sorted_areas[LUKS_NUMKEYS-1]].keyMaterialOffset + AF_split_sectors(hdr->keyBytes, LUKS_STRIPES);
96 }
97
98 size_t LUKS_keyslots_offset(const struct luks_phdr *hdr)
99 {
100 int sorted_areas[LUKS_NUMKEYS] = { 0, 1, 2, 3, 4, 5, 6, 7 };
101
102 LUKS_sort_keyslots(hdr, sorted_areas);
103
104 return hdr->keyblock[sorted_areas[0]].keyMaterialOffset;
105 }
106
107 static int LUKS_check_device_size(struct crypt_device *ctx, const struct luks_phdr *hdr, int falloc)
108 {
109 struct device *device = crypt_metadata_device(ctx);
110 uint64_t dev_sectors, hdr_sectors;
111
112 if (!hdr->keyBytes)
113 return -EINVAL;
114
115 if (device_size(device, &dev_sectors)) {
116 log_dbg(ctx, "Cannot get device size for device %s.", device_path(device));
117 return -EIO;
118 }
119
120 dev_sectors >>= SECTOR_SHIFT;
121 hdr_sectors = LUKS_device_sectors(hdr);
122 log_dbg(ctx, "Key length %u, device size %" PRIu64 " sectors, header size %"
123 PRIu64 " sectors.", hdr->keyBytes, dev_sectors, hdr_sectors);
124
125 if (hdr_sectors > dev_sectors) {
126 /* If it is header file, increase its size */
127 if (falloc && !device_fallocate(device, hdr_sectors << SECTOR_SHIFT))
128 return 0;
129
130 log_err(ctx, _("Device %s is too small. (LUKS1 requires at least %" PRIu64 " bytes.)"),
131 device_path(device), hdr_sectors * SECTOR_SIZE);
132 return -EINVAL;
133 }
134
135 return 0;
136 }
137
138 static int LUKS_check_keyslots(struct crypt_device *ctx, const struct luks_phdr *phdr)
139 {
140 int i, prev, next, sorted_areas[LUKS_NUMKEYS] = { 0, 1, 2, 3, 4, 5, 6, 7 };
141 uint32_t secs_per_stripes = AF_split_sectors(phdr->keyBytes, LUKS_STRIPES);
142
143 LUKS_sort_keyslots(phdr, sorted_areas);
144
145 /* Check keyslot to prevent access outside of header and keyslot area */
146 for (i = 0; i < LUKS_NUMKEYS; i++) {
147 /* enforce stripes == 4000 */
148 if (phdr->keyblock[i].stripes != LUKS_STRIPES) {
149 log_dbg(ctx, "Invalid stripes count %u in keyslot %u.",
150 phdr->keyblock[i].stripes, i);
151 log_err(ctx, _("LUKS keyslot %u is invalid."), i);
152 return -1;
153 }
154
155 /* First sectors is the header itself */
156 if (phdr->keyblock[i].keyMaterialOffset * SECTOR_SIZE < sizeof(*phdr)) {
157 log_dbg(ctx, "Invalid offset %u in keyslot %u.",
158 phdr->keyblock[i].keyMaterialOffset, i);
159 log_err(ctx, _("LUKS keyslot %u is invalid."), i);
160 return -1;
161 }
162
163 /* Ignore following check for detached header where offset can be zero. */
164 if (phdr->payloadOffset == 0)
165 continue;
166
167 if (phdr->payloadOffset <= phdr->keyblock[i].keyMaterialOffset) {
168 log_dbg(ctx, "Invalid offset %u in keyslot %u (beyond data area offset %u).",
169 phdr->keyblock[i].keyMaterialOffset, i,
170 phdr->payloadOffset);
171 log_err(ctx, _("LUKS keyslot %u is invalid."), i);
172 return -1;
173 }
174
175 if (phdr->payloadOffset < (phdr->keyblock[i].keyMaterialOffset + secs_per_stripes)) {
176 log_dbg(ctx, "Invalid keyslot size %u (offset %u, stripes %u) in "
177 "keyslot %u (beyond data area offset %u).",
178 secs_per_stripes,
179 phdr->keyblock[i].keyMaterialOffset,
180 phdr->keyblock[i].stripes,
181 i, phdr->payloadOffset);
182 log_err(ctx, _("LUKS keyslot %u is invalid."), i);
183 return -1;
184 }
185 }
186
187 /* check no keyslot overlaps with each other */
188 for (i = 1; i < LUKS_NUMKEYS; i++) {
189 prev = sorted_areas[i-1];
190 next = sorted_areas[i];
191 if (phdr->keyblock[next].keyMaterialOffset <
192 (phdr->keyblock[prev].keyMaterialOffset + secs_per_stripes)) {
193 log_dbg(ctx, "Not enough space in LUKS keyslot %d.", prev);
194 log_err(ctx, _("LUKS keyslot %u is invalid."), prev);
195 return -1;
196 }
197 }
198 /* do not check last keyslot on purpose, it must be tested in device size check */
199
200 return 0;
201 }
202
203 static const char *dbg_slot_state(crypt_keyslot_info ki)
204 {
205 switch(ki) {
206 case CRYPT_SLOT_INACTIVE:
207 return "INACTIVE";
208 case CRYPT_SLOT_ACTIVE:
209 return "ACTIVE";
210 case CRYPT_SLOT_ACTIVE_LAST:
211 return "ACTIVE_LAST";
212 case CRYPT_SLOT_INVALID:
213 default:
214 return "INVALID";
215 }
216 }
217
218 int LUKS_hdr_backup(const char *backup_file, struct crypt_device *ctx)
219 {
220 struct device *device = crypt_metadata_device(ctx);
221 struct luks_phdr hdr;
222 int fd, devfd, r = 0;
223 size_t hdr_size;
224 size_t buffer_size;
225 ssize_t ret;
226 char *buffer = NULL;
227
228 r = LUKS_read_phdr(&hdr, 1, 0, ctx);
229 if (r)
230 return r;
231
232 hdr_size = LUKS_device_sectors(&hdr) << SECTOR_SHIFT;
233 buffer_size = size_round_up(hdr_size, crypt_getpagesize());
234
235 buffer = crypt_safe_alloc(buffer_size);
236 if (!buffer || hdr_size < LUKS_ALIGN_KEYSLOTS || hdr_size > buffer_size) {
237 r = -ENOMEM;
238 goto out;
239 }
240
241 log_dbg(ctx, "Storing backup of header (%zu bytes) and keyslot area (%zu bytes).",
242 sizeof(hdr), hdr_size - LUKS_ALIGN_KEYSLOTS);
243
244 log_dbg(ctx, "Output backup file size: %zu bytes.", buffer_size);
245
246 devfd = device_open(ctx, device, O_RDONLY);
247 if (devfd < 0) {
248 log_err(ctx, _("Device %s is not a valid LUKS device."), device_path(device));
249 r = -EINVAL;
250 goto out;
251 }
252
253 if (read_lseek_blockwise(devfd, device_block_size(ctx, device), device_alignment(device),
254 buffer, hdr_size, 0) < (ssize_t)hdr_size) {
255 r = -EIO;
256 goto out;
257 }
258
259 /* Wipe unused area, so backup cannot contain old signatures */
260 if (hdr.keyblock[0].keyMaterialOffset * SECTOR_SIZE == LUKS_ALIGN_KEYSLOTS)
261 memset(buffer + sizeof(hdr), 0, LUKS_ALIGN_KEYSLOTS - sizeof(hdr));
262
263 fd = open(backup_file, O_CREAT|O_EXCL|O_WRONLY, S_IRUSR);
264 if (fd == -1) {
265 if (errno == EEXIST)
266 log_err(ctx, _("Requested header backup file %s already exists."), backup_file);
267 else
268 log_err(ctx, _("Cannot create header backup file %s."), backup_file);
269 r = -EINVAL;
270 goto out;
271 }
272 ret = write_buffer(fd, buffer, buffer_size);
273 close(fd);
274 if (ret < (ssize_t)buffer_size) {
275 log_err(ctx, _("Cannot write header backup file %s."), backup_file);
276 r = -EIO;
277 goto out;
278 }
279
280 r = 0;
281 out:
282 crypt_safe_memzero(&hdr, sizeof(hdr));
283 crypt_safe_free(buffer);
284 return r;
285 }
286
287 int LUKS_hdr_restore(
288 const char *backup_file,
289 struct luks_phdr *hdr,
290 struct crypt_device *ctx)
291 {
292 struct device *device = crypt_metadata_device(ctx);
293 int fd, r = 0, devfd = -1, diff_uuid = 0;
294 ssize_t ret, buffer_size = 0;
295 char *buffer = NULL, msg[200];
296 struct luks_phdr hdr_file;
297
298 r = LUKS_read_phdr_backup(backup_file, &hdr_file, 0, ctx);
299 if (r == -ENOENT)
300 return r;
301
302 if (!r)
303 buffer_size = LUKS_device_sectors(&hdr_file) << SECTOR_SHIFT;
304
305 if (r || buffer_size < LUKS_ALIGN_KEYSLOTS) {
306 log_err(ctx, _("Backup file does not contain valid LUKS header."));
307 r = -EINVAL;
308 goto out;
309 }
310
311 buffer = crypt_safe_alloc(buffer_size);
312 if (!buffer) {
313 r = -ENOMEM;
314 goto out;
315 }
316
317 fd = open(backup_file, O_RDONLY);
318 if (fd == -1) {
319 log_err(ctx, _("Cannot open header backup file %s."), backup_file);
320 r = -EINVAL;
321 goto out;
322 }
323
324 ret = read_buffer(fd, buffer, buffer_size);
325 close(fd);
326 if (ret < buffer_size) {
327 log_err(ctx, _("Cannot read header backup file %s."), backup_file);
328 r = -EIO;
329 goto out;
330 }
331
332 r = LUKS_read_phdr(hdr, 0, 0, ctx);
333 if (r == 0) {
334 log_dbg(ctx, "Device %s already contains LUKS header, checking UUID and offset.", device_path(device));
335 if(hdr->payloadOffset != hdr_file.payloadOffset ||
336 hdr->keyBytes != hdr_file.keyBytes) {
337 log_err(ctx, _("Data offset or key size differs on device and backup, restore failed."));
338 r = -EINVAL;
339 goto out;
340 }
341 if (memcmp(hdr->uuid, hdr_file.uuid, UUID_STRING_L))
342 diff_uuid = 1;
343 }
344
345 if (snprintf(msg, sizeof(msg), _("Device %s %s%s"), device_path(device),
346 r ? _("does not contain LUKS header. Replacing header can destroy data on that device.") :
347 _("already contains LUKS header. Replacing header will destroy existing keyslots."),
348 diff_uuid ? _("\nWARNING: real device header has different UUID than backup!") : "") < 0) {
349 r = -ENOMEM;
350 goto out;
351 }
352
353 if (!crypt_confirm(ctx, msg)) {
354 r = -EINVAL;
355 goto out;
356 }
357
358 log_dbg(ctx, "Storing backup of header (%zu bytes) and keyslot area (%zu bytes) to device %s.",
359 sizeof(*hdr), buffer_size - LUKS_ALIGN_KEYSLOTS, device_path(device));
360
361 devfd = device_open(ctx, device, O_RDWR);
362 if (devfd < 0) {
363 if (errno == EACCES)
364 log_err(ctx, _("Cannot write to device %s, permission denied."),
365 device_path(device));
366 else
367 log_err(ctx, _("Cannot open device %s."), device_path(device));
368 r = -EINVAL;
369 goto out;
370 }
371
372 if (write_lseek_blockwise(devfd, device_block_size(ctx, device), device_alignment(device),
373 buffer, buffer_size, 0) < buffer_size) {
374 r = -EIO;
375 goto out;
376 }
377
378 /* Be sure to reload new data */
379 r = LUKS_read_phdr(hdr, 1, 0, ctx);
380 out:
381 device_sync(ctx, device);
382 crypt_safe_free(buffer);
383 return r;
384 }
385
386 /* This routine should do some just basic recovery for known problems. */
387 static int _keyslot_repair(struct luks_phdr *phdr, struct crypt_device *ctx)
388 {
389 struct luks_phdr temp_phdr;
390 const unsigned char *sector = (const unsigned char*)phdr;
391 struct volume_key *vk;
392 int i, bad, r, need_write = 0;
393
394 if (phdr->keyBytes != 16 && phdr->keyBytes != 32 && phdr->keyBytes != 64) {
395 log_err(ctx, _("Non standard key size, manual repair required."));
396 return -EINVAL;
397 }
398
399 /*
400 * cryptsetup 1.0 did not align keyslots to 4k, cannot repair this one
401 * Also we cannot trust possibly broken keyslots metadata here through LUKS_keyslots_offset().
402 * Expect first keyslot is aligned, if not, then manual repair is neccessary.
403 */
404 if (phdr->keyblock[0].keyMaterialOffset < (LUKS_ALIGN_KEYSLOTS / SECTOR_SIZE)) {
405 log_err(ctx, _("Non standard keyslots alignment, manual repair required."));
406 return -EINVAL;
407 }
408
409 /*
410 * ECB mode does not use IV but legacy dmcrypt silently allows it.
411 * Today device cannot be activated anyway, so we need to fix it here.
412 */
413 if (!strncmp(phdr->cipherMode, "ecb-", 4)) {
414 log_err(ctx, _("Cipher mode repaired (%s -> %s)."), phdr->cipherMode, "ecb");
415 memset(phdr->cipherMode, 0, LUKS_CIPHERMODE_L);
416 strcpy(phdr->cipherMode, "ecb");
417 need_write = 1;
418 }
419
420 /*
421 * Old cryptsetup expects "sha1", gcrypt allows case insensitive names,
422 * so always convert hash to lower case in header
423 */
424 if (_to_lower(phdr->hashSpec, LUKS_HASHSPEC_L)) {
425 log_err(ctx, _("Cipher hash repaired to lowercase (%s)."), phdr->hashSpec);
426 if (crypt_hmac_size(phdr->hashSpec) < LUKS_DIGESTSIZE) {
427 log_err(ctx, _("Requested LUKS hash %s is not supported."), phdr->hashSpec);
428 return -EINVAL;
429 }
430 need_write = 1;
431 }
432
433 r = LUKS_check_cipher(ctx, phdr->keyBytes, phdr->cipherName, phdr->cipherMode);
434 if (r < 0)
435 return -EINVAL;
436
437 vk = crypt_alloc_volume_key(phdr->keyBytes, NULL);
438 if (!vk)
439 return -ENOMEM;
440
441 log_verbose(ctx, _("Repairing keyslots."));
442
443 log_dbg(ctx, "Generating second header with the same parameters for check.");
444 /* cipherName, cipherMode, hashSpec, uuid are already null terminated */
445 /* payloadOffset - cannot check */
446 r = LUKS_generate_phdr(&temp_phdr, vk, phdr->cipherName, phdr->cipherMode,
447 phdr->hashSpec, phdr->uuid,
448 phdr->payloadOffset * SECTOR_SIZE, 0, 0, ctx);
449 if (r < 0)
450 goto out;
451
452 for(i = 0; i < LUKS_NUMKEYS; ++i) {
453 if (phdr->keyblock[i].active == LUKS_KEY_ENABLED) {
454 log_dbg(ctx, "Skipping repair for active keyslot %i.", i);
455 continue;
456 }
457
458 bad = 0;
459 if (phdr->keyblock[i].keyMaterialOffset != temp_phdr.keyblock[i].keyMaterialOffset) {
460 log_err(ctx, _("Keyslot %i: offset repaired (%u -> %u)."), i,
461 (unsigned)phdr->keyblock[i].keyMaterialOffset,
462 (unsigned)temp_phdr.keyblock[i].keyMaterialOffset);
463 phdr->keyblock[i].keyMaterialOffset = temp_phdr.keyblock[i].keyMaterialOffset;
464 bad = 1;
465 }
466
467 if (phdr->keyblock[i].stripes != temp_phdr.keyblock[i].stripes) {
468 log_err(ctx, _("Keyslot %i: stripes repaired (%u -> %u)."), i,
469 (unsigned)phdr->keyblock[i].stripes,
470 (unsigned)temp_phdr.keyblock[i].stripes);
471 phdr->keyblock[i].stripes = temp_phdr.keyblock[i].stripes;
472 bad = 1;
473 }
474
475 /* Known case - MSDOS partition table signature */
476 if (i == 6 && sector[0x1fe] == 0x55 && sector[0x1ff] == 0xaa) {
477 log_err(ctx, _("Keyslot %i: bogus partition signature."), i);
478 bad = 1;
479 }
480
481 if(bad) {
482 log_err(ctx, _("Keyslot %i: salt wiped."), i);
483 phdr->keyblock[i].active = LUKS_KEY_DISABLED;
484 memset(&phdr->keyblock[i].passwordSalt, 0x00, LUKS_SALTSIZE);
485 phdr->keyblock[i].passwordIterations = 0;
486 }
487
488 if (bad)
489 need_write = 1;
490 }
491
492 /*
493 * check repair result before writing because repair can't fix out of order
494 * keyslot offsets and would corrupt header again
495 */
496 if (LUKS_check_keyslots(ctx, phdr))
497 r = -EINVAL;
498 else if (need_write) {
499 log_verbose(ctx, _("Writing LUKS header to disk."));
500 r = LUKS_write_phdr(phdr, ctx);
501 }
502 out:
503 if (r)
504 log_err(ctx, _("Repair failed."));
505 crypt_free_volume_key(vk);
506 crypt_safe_memzero(&temp_phdr, sizeof(temp_phdr));
507 return r;
508 }
509
510 static int _check_and_convert_hdr(const char *device,
511 struct luks_phdr *hdr,
512 int require_luks_device,
513 int repair,
514 struct crypt_device *ctx)
515 {
516 int r = 0;
517 unsigned int i;
518 char luksMagic[] = LUKS_MAGIC;
519
520 hdr->version = be16_to_cpu(hdr->version);
521 if (memcmp(hdr->magic, luksMagic, LUKS_MAGIC_L)) { /* Check magic */
522 log_dbg(ctx, "LUKS header not detected.");
523 if (require_luks_device)
524 log_err(ctx, _("Device %s is not a valid LUKS device."), device);
525 return -EINVAL;
526 } else if (hdr->version != 1) {
527 log_err(ctx, _("Unsupported LUKS version %d."), hdr->version);
528 return -EINVAL;
529 }
530
531 hdr->hashSpec[LUKS_HASHSPEC_L - 1] = '\0';
532 if (crypt_hmac_size(hdr->hashSpec) < LUKS_DIGESTSIZE) {
533 log_err(ctx, _("Requested LUKS hash %s is not supported."), hdr->hashSpec);
534 r = -EINVAL;
535 }
536
537 /* Header detected */
538 hdr->payloadOffset = be32_to_cpu(hdr->payloadOffset);
539 hdr->keyBytes = be32_to_cpu(hdr->keyBytes);
540 hdr->mkDigestIterations = be32_to_cpu(hdr->mkDigestIterations);
541
542 for (i = 0; i < LUKS_NUMKEYS; ++i) {
543 hdr->keyblock[i].active = be32_to_cpu(hdr->keyblock[i].active);
544 hdr->keyblock[i].passwordIterations = be32_to_cpu(hdr->keyblock[i].passwordIterations);
545 hdr->keyblock[i].keyMaterialOffset = be32_to_cpu(hdr->keyblock[i].keyMaterialOffset);
546 hdr->keyblock[i].stripes = be32_to_cpu(hdr->keyblock[i].stripes);
547 }
548
549 if (LUKS_check_keyslots(ctx, hdr))
550 r = -EINVAL;
551
552 /* Avoid unterminated strings */
553 hdr->cipherName[LUKS_CIPHERNAME_L - 1] = '\0';
554 hdr->cipherMode[LUKS_CIPHERMODE_L - 1] = '\0';
555 hdr->uuid[UUID_STRING_L - 1] = '\0';
556
557 if (repair) {
558 if (!strncmp(hdr->cipherMode, "ecb-", 4)) {
559 log_err(ctx, _("LUKS cipher mode %s is invalid."), hdr->cipherMode);
560 r = -EINVAL;
561 }
562
563 if (_is_not_lower(hdr->hashSpec, LUKS_HASHSPEC_L)) {
564 log_err(ctx, _("LUKS hash %s is invalid."), hdr->hashSpec);
565 r = -EINVAL;
566 }
567
568 if (r == -EINVAL)
569 r = _keyslot_repair(hdr, ctx);
570 else
571 log_verbose(ctx, _("No known problems detected for LUKS header."));
572 }
573
574 return r;
575 }
576
577 int LUKS_read_phdr_backup(const char *backup_file,
578 struct luks_phdr *hdr,
579 int require_luks_device,
580 struct crypt_device *ctx)
581 {
582 ssize_t hdr_size = sizeof(struct luks_phdr);
583 int devfd = 0, r = 0;
584
585 log_dbg(ctx, "Reading LUKS header of size %d from backup file %s",
586 (int)hdr_size, backup_file);
587
588 devfd = open(backup_file, O_RDONLY);
589 if (devfd == -1) {
590 log_err(ctx, _("Cannot open header backup file %s."), backup_file);
591 return -ENOENT;
592 }
593
594 if (read_buffer(devfd, hdr, hdr_size) < hdr_size)
595 r = -EIO;
596 else
597 r = _check_and_convert_hdr(backup_file, hdr,
598 require_luks_device, 0, ctx);
599
600 close(devfd);
601 return r;
602 }
603
604 int LUKS_read_phdr(struct luks_phdr *hdr,
605 int require_luks_device,
606 int repair,
607 struct crypt_device *ctx)
608 {
609 int devfd, r = 0;
610 struct device *device = crypt_metadata_device(ctx);
611 ssize_t hdr_size = sizeof(struct luks_phdr);
612
613 /* LUKS header starts at offset 0, first keyslot on LUKS_ALIGN_KEYSLOTS */
614 assert(sizeof(struct luks_phdr) <= LUKS_ALIGN_KEYSLOTS);
615
616 /* Stripes count cannot be changed without additional code fixes yet */
617 assert(LUKS_STRIPES == 4000);
618
619 if (repair && !require_luks_device)
620 return -EINVAL;
621
622 log_dbg(ctx, "Reading LUKS header of size %zu from device %s",
623 hdr_size, device_path(device));
624
625 devfd = device_open(ctx, device, O_RDONLY);
626 if (devfd < 0) {
627 log_err(ctx, _("Cannot open device %s."), device_path(device));
628 return -EINVAL;
629 }
630
631 if (read_lseek_blockwise(devfd, device_block_size(ctx, device), device_alignment(device),
632 hdr, hdr_size, 0) < hdr_size)
633 r = -EIO;
634 else
635 r = _check_and_convert_hdr(device_path(device), hdr, require_luks_device,
636 repair, ctx);
637
638 if (!r)
639 r = LUKS_check_device_size(ctx, hdr, 0);
640
641 /*
642 * Cryptsetup 1.0.0 did not align keyslots to 4k (very rare version).
643 * Disable direct-io to avoid possible IO errors if underlying device
644 * has bigger sector size.
645 */
646 if (!r && hdr->keyblock[0].keyMaterialOffset * SECTOR_SIZE < LUKS_ALIGN_KEYSLOTS) {
647 log_dbg(ctx, "Old unaligned LUKS keyslot detected, disabling direct-io.");
648 device_disable_direct_io(device);
649 }
650
651 return r;
652 }
653
654 int LUKS_write_phdr(struct luks_phdr *hdr,
655 struct crypt_device *ctx)
656 {
657 struct device *device = crypt_metadata_device(ctx);
658 ssize_t hdr_size = sizeof(struct luks_phdr);
659 int devfd = 0;
660 unsigned int i;
661 struct luks_phdr convHdr;
662 int r;
663
664 log_dbg(ctx, "Updating LUKS header of size %zu on device %s",
665 sizeof(struct luks_phdr), device_path(device));
666
667 r = LUKS_check_device_size(ctx, hdr, 1);
668 if (r)
669 return r;
670
671 devfd = device_open(ctx, device, O_RDWR);
672 if (devfd < 0) {
673 if (errno == EACCES)
674 log_err(ctx, _("Cannot write to device %s, permission denied."),
675 device_path(device));
676 else
677 log_err(ctx, _("Cannot open device %s."), device_path(device));
678 return -EINVAL;
679 }
680
681 memcpy(&convHdr, hdr, hdr_size);
682 memset(&convHdr._padding, 0, sizeof(convHdr._padding));
683
684 /* Convert every uint16/32_t item to network byte order */
685 convHdr.version = cpu_to_be16(hdr->version);
686 convHdr.payloadOffset = cpu_to_be32(hdr->payloadOffset);
687 convHdr.keyBytes = cpu_to_be32(hdr->keyBytes);
688 convHdr.mkDigestIterations = cpu_to_be32(hdr->mkDigestIterations);
689 for(i = 0; i < LUKS_NUMKEYS; ++i) {
690 convHdr.keyblock[i].active = cpu_to_be32(hdr->keyblock[i].active);
691 convHdr.keyblock[i].passwordIterations = cpu_to_be32(hdr->keyblock[i].passwordIterations);
692 convHdr.keyblock[i].keyMaterialOffset = cpu_to_be32(hdr->keyblock[i].keyMaterialOffset);
693 convHdr.keyblock[i].stripes = cpu_to_be32(hdr->keyblock[i].stripes);
694 }
695
696 r = write_lseek_blockwise(devfd, device_block_size(ctx, device), device_alignment(device),
697 &convHdr, hdr_size, 0) < hdr_size ? -EIO : 0;
698 if (r)
699 log_err(ctx, _("Error during update of LUKS header on device %s."), device_path(device));
700
701 device_sync(ctx, device);
702
703 /* Re-read header from disk to be sure that in-memory and on-disk data are the same. */
704 if (!r) {
705 r = LUKS_read_phdr(hdr, 1, 0, ctx);
706 if (r)
707 log_err(ctx, _("Error re-reading LUKS header after update on device %s."),
708 device_path(device));
709 }
710
711 return r;
712 }
713
714 /* Check that kernel supports requested cipher by decryption of one sector */
715 int LUKS_check_cipher(struct crypt_device *ctx, size_t keylength, const char *cipher, const char *cipher_mode)
716 {
717 int r;
718 struct volume_key *empty_key;
719 char buf[SECTOR_SIZE];
720
721 log_dbg(ctx, "Checking if cipher %s-%s is usable.", cipher, cipher_mode);
722
723 empty_key = crypt_alloc_volume_key(keylength, NULL);
724 if (!empty_key)
725 return -ENOMEM;
726
727 /* No need to get KEY quality random but it must avoid known weak keys. */
728 r = crypt_random_get(ctx, empty_key->key, empty_key->keylength, CRYPT_RND_NORMAL);
729 if (!r)
730 r = LUKS_decrypt_from_storage(buf, sizeof(buf), cipher, cipher_mode, empty_key, 0, ctx);
731
732 crypt_free_volume_key(empty_key);
733 crypt_safe_memzero(buf, sizeof(buf));
734 return r;
735 }
736
737 int LUKS_generate_phdr(struct luks_phdr *header,
738 const struct volume_key *vk,
739 const char *cipherName,
740 const char *cipherMode,
741 const char *hashSpec,
742 const char *uuid,
743 uint64_t data_offset, /* in bytes */
744 uint64_t align_offset, /* in bytes */
745 uint64_t required_alignment, /* in bytes */
746 struct crypt_device *ctx)
747 {
748 int i, r;
749 size_t keyslot_sectors, header_sectors;
750 uuid_t partitionUuid;
751 struct crypt_pbkdf_type *pbkdf;
752 double PBKDF2_temp;
753 char luksMagic[] = LUKS_MAGIC;
754
755 if (data_offset % SECTOR_SIZE || align_offset % SECTOR_SIZE ||
756 required_alignment % SECTOR_SIZE)
757 return -EINVAL;
758
759 memset(header, 0, sizeof(struct luks_phdr));
760
761 keyslot_sectors = AF_split_sectors(vk->keylength, LUKS_STRIPES);
762 header_sectors = LUKS_ALIGN_KEYSLOTS / SECTOR_SIZE;
763
764 for (i = 0; i < LUKS_NUMKEYS; i++) {
765 header->keyblock[i].active = LUKS_KEY_DISABLED;
766 header->keyblock[i].keyMaterialOffset = header_sectors;
767 header->keyblock[i].stripes = LUKS_STRIPES;
768 header_sectors = size_round_up(header_sectors + keyslot_sectors,
769 LUKS_ALIGN_KEYSLOTS / SECTOR_SIZE);
770 }
771 /* In sector is now size of all keyslot material space */
772
773 /* Data offset has priority */
774 if (data_offset)
775 header->payloadOffset = data_offset / SECTOR_SIZE;
776 else if (required_alignment) {
777 header->payloadOffset = size_round_up(header_sectors, (required_alignment / SECTOR_SIZE));
778 header->payloadOffset += (align_offset / SECTOR_SIZE);
779 } else
780 header->payloadOffset = 0;
781
782 if (header->payloadOffset && header->payloadOffset < header_sectors) {
783 log_err(ctx, _("Data offset for LUKS header must be "
784 "either 0 or higher than header size."));
785 return -EINVAL;
786 }
787
788 if (crypt_hmac_size(hashSpec) < LUKS_DIGESTSIZE) {
789 log_err(ctx, _("Requested LUKS hash %s is not supported."), hashSpec);
790 return -EINVAL;
791 }
792
793 if (uuid && uuid_parse(uuid, partitionUuid) == -1) {
794 log_err(ctx, _("Wrong LUKS UUID format provided."));
795 return -EINVAL;
796 }
797 if (!uuid)
798 uuid_generate(partitionUuid);
799
800 /* Set Magic */
801 memcpy(header->magic,luksMagic,LUKS_MAGIC_L);
802 header->version=1;
803 strncpy(header->cipherName,cipherName,LUKS_CIPHERNAME_L-1);
804 strncpy(header->cipherMode,cipherMode,LUKS_CIPHERMODE_L-1);
805 strncpy(header->hashSpec,hashSpec,LUKS_HASHSPEC_L-1);
806 _to_lower(header->hashSpec, LUKS_HASHSPEC_L);
807
808 header->keyBytes=vk->keylength;
809
810 log_dbg(ctx, "Generating LUKS header version %d using hash %s, %s, %s, MK %d bytes",
811 header->version, header->hashSpec ,header->cipherName, header->cipherMode,
812 header->keyBytes);
813
814 r = crypt_random_get(ctx, header->mkDigestSalt, LUKS_SALTSIZE, CRYPT_RND_SALT);
815 if(r < 0) {
816 log_err(ctx, _("Cannot create LUKS header: reading random salt failed."));
817 return r;
818 }
819
820 /* Compute master key digest */
821 pbkdf = crypt_get_pbkdf(ctx);
822 r = crypt_benchmark_pbkdf_internal(ctx, pbkdf, vk->keylength);
823 if (r < 0)
824 return r;
825 assert(pbkdf->iterations);
826
827 if (pbkdf->flags & CRYPT_PBKDF_NO_BENCHMARK && pbkdf->time_ms == 0)
828 PBKDF2_temp = LUKS_MKD_ITERATIONS_MIN;
829 else /* iterations per ms * LUKS_MKD_ITERATIONS_MS */
830 PBKDF2_temp = (double)pbkdf->iterations * LUKS_MKD_ITERATIONS_MS / pbkdf->time_ms;
831
832 if (PBKDF2_temp > (double)UINT32_MAX)
833 return -EINVAL;
834 header->mkDigestIterations = AT_LEAST((uint32_t)PBKDF2_temp, LUKS_MKD_ITERATIONS_MIN);
835 assert(header->mkDigestIterations);
836
837 r = crypt_pbkdf(CRYPT_KDF_PBKDF2, header->hashSpec, vk->key,vk->keylength,
838 header->mkDigestSalt, LUKS_SALTSIZE,
839 header->mkDigest,LUKS_DIGESTSIZE,
840 header->mkDigestIterations, 0, 0);
841 if (r < 0) {
842 log_err(ctx, _("Cannot create LUKS header: header digest failed (using hash %s)."),
843 header->hashSpec);
844 return r;
845 }
846
847 uuid_unparse(partitionUuid, header->uuid);
848
849 log_dbg(ctx, "Data offset %d, UUID %s, digest iterations %" PRIu32,
850 header->payloadOffset, header->uuid, header->mkDigestIterations);
851
852 return 0;
853 }
854
855 int LUKS_hdr_uuid_set(
856 struct luks_phdr *hdr,
857 const char *uuid,
858 struct crypt_device *ctx)
859 {
860 uuid_t partitionUuid;
861
862 if (uuid && uuid_parse(uuid, partitionUuid) == -1) {
863 log_err(ctx, _("Wrong LUKS UUID format provided."));
864 return -EINVAL;
865 }
866 if (!uuid)
867 uuid_generate(partitionUuid);
868
869 uuid_unparse(partitionUuid, hdr->uuid);
870
871 return LUKS_write_phdr(hdr, ctx);
872 }
873
874 int LUKS_set_key(unsigned int keyIndex,
875 const char *password, size_t passwordLen,
876 struct luks_phdr *hdr, struct volume_key *vk,
877 struct crypt_device *ctx)
878 {
879 struct volume_key *derived_key;
880 char *AfKey = NULL;
881 size_t AFEKSize;
882 struct crypt_pbkdf_type *pbkdf;
883 int r;
884
885 if(hdr->keyblock[keyIndex].active != LUKS_KEY_DISABLED) {
886 log_err(ctx, _("Key slot %d active, purge first."), keyIndex);
887 return -EINVAL;
888 }
889
890 /* LUKS keyslot has always at least 4000 stripes according to specification */
891 if(hdr->keyblock[keyIndex].stripes < 4000) {
892 log_err(ctx, _("Key slot %d material includes too few stripes. Header manipulation?"),
893 keyIndex);
894 return -EINVAL;
895 }
896
897 log_dbg(ctx, "Calculating data for key slot %d", keyIndex);
898 pbkdf = crypt_get_pbkdf(ctx);
899 r = crypt_benchmark_pbkdf_internal(ctx, pbkdf, vk->keylength);
900 if (r < 0)
901 return r;
902 assert(pbkdf->iterations);
903
904 /*
905 * Final iteration count is at least LUKS_SLOT_ITERATIONS_MIN
906 */
907 hdr->keyblock[keyIndex].passwordIterations =
908 AT_LEAST(pbkdf->iterations, LUKS_SLOT_ITERATIONS_MIN);
909 log_dbg(ctx, "Key slot %d use %" PRIu32 " password iterations.", keyIndex,
910 hdr->keyblock[keyIndex].passwordIterations);
911
912 derived_key = crypt_alloc_volume_key(hdr->keyBytes, NULL);
913 if (!derived_key)
914 return -ENOMEM;
915
916 r = crypt_random_get(ctx, hdr->keyblock[keyIndex].passwordSalt,
917 LUKS_SALTSIZE, CRYPT_RND_SALT);
918 if (r < 0)
919 goto out;
920
921 r = crypt_pbkdf(CRYPT_KDF_PBKDF2, hdr->hashSpec, password, passwordLen,
922 hdr->keyblock[keyIndex].passwordSalt, LUKS_SALTSIZE,
923 derived_key->key, hdr->keyBytes,
924 hdr->keyblock[keyIndex].passwordIterations, 0, 0);
925 if (r < 0)
926 goto out;
927
928 /*
929 * AF splitting, the masterkey stored in vk->key is split to AfKey
930 */
931 assert(vk->keylength == hdr->keyBytes);
932 AFEKSize = AF_split_sectors(vk->keylength, hdr->keyblock[keyIndex].stripes) * SECTOR_SIZE;
933 AfKey = crypt_safe_alloc(AFEKSize);
934 if (!AfKey) {
935 r = -ENOMEM;
936 goto out;
937 }
938
939 log_dbg(ctx, "Using hash %s for AF in key slot %d, %d stripes",
940 hdr->hashSpec, keyIndex, hdr->keyblock[keyIndex].stripes);
941 r = AF_split(ctx, vk->key, AfKey, vk->keylength, hdr->keyblock[keyIndex].stripes, hdr->hashSpec);
942 if (r < 0)
943 goto out;
944
945 log_dbg(ctx, "Updating key slot %d [0x%04x] area.", keyIndex,
946 hdr->keyblock[keyIndex].keyMaterialOffset << 9);
947 /* Encryption via dm */
948 r = LUKS_encrypt_to_storage(AfKey,
949 AFEKSize,
950 hdr->cipherName, hdr->cipherMode,
951 derived_key,
952 hdr->keyblock[keyIndex].keyMaterialOffset,
953 ctx);
954 if (r < 0)
955 goto out;
956
957 /* Mark the key as active in phdr */
958 r = LUKS_keyslot_set(hdr, (int)keyIndex, 1, ctx);
959 if (r < 0)
960 goto out;
961
962 r = LUKS_write_phdr(hdr, ctx);
963 if (r < 0)
964 goto out;
965
966 r = 0;
967 out:
968 crypt_safe_free(AfKey);
969 crypt_free_volume_key(derived_key);
970 return r;
971 }
972
973 /* Check whether a volume key is invalid. */
974 int LUKS_verify_volume_key(const struct luks_phdr *hdr,
975 const struct volume_key *vk)
976 {
977 char checkHashBuf[LUKS_DIGESTSIZE];
978
979 if (crypt_pbkdf(CRYPT_KDF_PBKDF2, hdr->hashSpec, vk->key, vk->keylength,
980 hdr->mkDigestSalt, LUKS_SALTSIZE,
981 checkHashBuf, LUKS_DIGESTSIZE,
982 hdr->mkDigestIterations, 0, 0) < 0)
983 return -EINVAL;
984
985 if (memcmp(checkHashBuf, hdr->mkDigest, LUKS_DIGESTSIZE))
986 return -EPERM;
987
988 return 0;
989 }
990
991 /* Try to open a particular key slot */
992 static int LUKS_open_key(unsigned int keyIndex,
993 const char *password,
994 size_t passwordLen,
995 struct luks_phdr *hdr,
996 struct volume_key **vk,
997 struct crypt_device *ctx)
998 {
999 crypt_keyslot_info ki = LUKS_keyslot_info(hdr, keyIndex);
1000 struct volume_key *derived_key;
1001 char *AfKey = NULL;
1002 size_t AFEKSize;
1003 int r;
1004
1005 log_dbg(ctx, "Trying to open key slot %d [%s].", keyIndex,
1006 dbg_slot_state(ki));
1007
1008 if (ki < CRYPT_SLOT_ACTIVE)
1009 return -ENOENT;
1010
1011 derived_key = crypt_alloc_volume_key(hdr->keyBytes, NULL);
1012 if (!derived_key)
1013 return -ENOMEM;
1014
1015 *vk = crypt_alloc_volume_key(hdr->keyBytes, NULL);
1016 if (!*vk) {
1017 r = -ENOMEM;
1018 goto out;
1019 }
1020
1021 AFEKSize = AF_split_sectors(hdr->keyBytes, hdr->keyblock[keyIndex].stripes) * SECTOR_SIZE;
1022 AfKey = crypt_safe_alloc(AFEKSize);
1023 if (!AfKey) {
1024 r = -ENOMEM;
1025 goto out;
1026 }
1027
1028 r = crypt_pbkdf(CRYPT_KDF_PBKDF2, hdr->hashSpec, password, passwordLen,
1029 hdr->keyblock[keyIndex].passwordSalt, LUKS_SALTSIZE,
1030 derived_key->key, hdr->keyBytes,
1031 hdr->keyblock[keyIndex].passwordIterations, 0, 0);
1032 if (r < 0) {
1033 log_err(ctx, _("Cannot open keyslot (using hash %s)."), hdr->hashSpec);
1034 goto out;
1035 }
1036
1037 log_dbg(ctx, "Reading key slot %d area.", keyIndex);
1038 r = LUKS_decrypt_from_storage(AfKey,
1039 AFEKSize,
1040 hdr->cipherName, hdr->cipherMode,
1041 derived_key,
1042 hdr->keyblock[keyIndex].keyMaterialOffset,
1043 ctx);
1044 if (r < 0)
1045 goto out;
1046
1047 r = AF_merge(ctx, AfKey, (*vk)->key, (*vk)->keylength, hdr->keyblock[keyIndex].stripes, hdr->hashSpec);
1048 if (r < 0)
1049 goto out;
1050
1051 r = LUKS_verify_volume_key(hdr, *vk);
1052
1053 /* Allow only empty passphrase with null cipher */
1054 if (!r && crypt_is_cipher_null(hdr->cipherName) && passwordLen)
1055 r = -EPERM;
1056 out:
1057 if (r < 0) {
1058 crypt_free_volume_key(*vk);
1059 *vk = NULL;
1060 }
1061 crypt_safe_free(AfKey);
1062 crypt_free_volume_key(derived_key);
1063 return r;
1064 }
1065
1066 int LUKS_open_key_with_hdr(int keyIndex,
1067 const char *password,
1068 size_t passwordLen,
1069 struct luks_phdr *hdr,
1070 struct volume_key **vk,
1071 struct crypt_device *ctx)
1072 {
1073 unsigned int i, tried = 0;
1074 int r;
1075
1076 if (keyIndex >= 0) {
1077 r = LUKS_open_key(keyIndex, password, passwordLen, hdr, vk, ctx);
1078 return (r < 0) ? r : keyIndex;
1079 }
1080
1081 for (i = 0; i < LUKS_NUMKEYS; i++) {
1082 r = LUKS_open_key(i, password, passwordLen, hdr, vk, ctx);
1083 if (r == 0)
1084 return i;
1085
1086 /* Do not retry for errors that are no -EPERM or -ENOENT,
1087 former meaning password wrong, latter key slot inactive */
1088 if ((r != -EPERM) && (r != -ENOENT))
1089 return r;
1090 if (r == -EPERM)
1091 tried++;
1092 }
1093 /* Warning, early returns above */
1094 return tried ? -EPERM : -ENOENT;
1095 }
1096
1097 int LUKS_del_key(unsigned int keyIndex,
1098 struct luks_phdr *hdr,
1099 struct crypt_device *ctx)
1100 {
1101 struct device *device = crypt_metadata_device(ctx);
1102 unsigned int startOffset, endOffset;
1103 int r;
1104
1105 r = LUKS_read_phdr(hdr, 1, 0, ctx);
1106 if (r)
1107 return r;
1108
1109 r = LUKS_keyslot_set(hdr, keyIndex, 0, ctx);
1110 if (r) {
1111 log_err(ctx, _("Key slot %d is invalid, please select keyslot between 0 and %d."),
1112 keyIndex, LUKS_NUMKEYS - 1);
1113 return r;
1114 }
1115
1116 /* secure deletion of key material */
1117 startOffset = hdr->keyblock[keyIndex].keyMaterialOffset;
1118 endOffset = startOffset + AF_split_sectors(hdr->keyBytes, hdr->keyblock[keyIndex].stripes);
1119
1120 r = crypt_wipe_device(ctx, device, CRYPT_WIPE_SPECIAL, startOffset * SECTOR_SIZE,
1121 (endOffset - startOffset) * SECTOR_SIZE,
1122 (endOffset - startOffset) * SECTOR_SIZE, NULL, NULL);
1123 if (r) {
1124 if (r == -EACCES) {
1125 log_err(ctx, _("Cannot write to device %s, permission denied."),
1126 device_path(device));
1127 r = -EINVAL;
1128 } else
1129 log_err(ctx, _("Cannot wipe device %s."),
1130 device_path(device));
1131 return r;
1132 }
1133
1134 /* Wipe keyslot info */
1135 memset(&hdr->keyblock[keyIndex].passwordSalt, 0, LUKS_SALTSIZE);
1136 hdr->keyblock[keyIndex].passwordIterations = 0;
1137
1138 r = LUKS_write_phdr(hdr, ctx);
1139
1140 return r;
1141 }
1142
1143 crypt_keyslot_info LUKS_keyslot_info(struct luks_phdr *hdr, int keyslot)
1144 {
1145 int i;
1146
1147 if(keyslot >= LUKS_NUMKEYS || keyslot < 0)
1148 return CRYPT_SLOT_INVALID;
1149
1150 if (hdr->keyblock[keyslot].active == LUKS_KEY_DISABLED)
1151 return CRYPT_SLOT_INACTIVE;
1152
1153 if (hdr->keyblock[keyslot].active != LUKS_KEY_ENABLED)
1154 return CRYPT_SLOT_INVALID;
1155
1156 for(i = 0; i < LUKS_NUMKEYS; i++)
1157 if(i != keyslot && hdr->keyblock[i].active == LUKS_KEY_ENABLED)
1158 return CRYPT_SLOT_ACTIVE;
1159
1160 return CRYPT_SLOT_ACTIVE_LAST;
1161 }
1162
1163 int LUKS_keyslot_find_empty(struct luks_phdr *hdr)
1164 {
1165 int i;
1166
1167 for (i = 0; i < LUKS_NUMKEYS; i++)
1168 if(hdr->keyblock[i].active == LUKS_KEY_DISABLED)
1169 break;
1170
1171 if (i == LUKS_NUMKEYS)
1172 return -EINVAL;
1173
1174 return i;
1175 }
1176
1177 int LUKS_keyslot_active_count(struct luks_phdr *hdr)
1178 {
1179 int i, num = 0;
1180
1181 for (i = 0; i < LUKS_NUMKEYS; i++)
1182 if(hdr->keyblock[i].active == LUKS_KEY_ENABLED)
1183 num++;
1184
1185 return num;
1186 }
1187
1188 int LUKS_keyslot_set(struct luks_phdr *hdr, int keyslot, int enable, struct crypt_device *ctx)
1189 {
1190 crypt_keyslot_info ki = LUKS_keyslot_info(hdr, keyslot);
1191
1192 if (ki == CRYPT_SLOT_INVALID)
1193 return -EINVAL;
1194
1195 hdr->keyblock[keyslot].active = enable ? LUKS_KEY_ENABLED : LUKS_KEY_DISABLED;
1196 log_dbg(ctx, "Key slot %d was %s in LUKS header.", keyslot, enable ? "enabled" : "disabled");
1197 return 0;
1198 }
1199
1200 int LUKS1_activate(struct crypt_device *cd,
1201 const char *name,
1202 struct volume_key *vk,
1203 uint32_t flags)
1204 {
1205 int r;
1206 struct crypt_dm_active_device dmd = {
1207 .flags = flags,
1208 .uuid = crypt_get_uuid(cd),
1209 };
1210
1211 r = dm_crypt_target_set(&dmd.segment, 0, dmd.size, crypt_data_device(cd),
1212 vk, crypt_get_cipher_spec(cd), crypt_get_iv_offset(cd),
1213 crypt_get_data_offset(cd), crypt_get_integrity(cd),
1214 crypt_get_integrity_tag_size(cd), crypt_get_sector_size(cd));
1215 if (!r)
1216 r = create_or_reload_device(cd, name, CRYPT_LUKS1, &dmd);
1217
1218 dm_targets_free(cd, &dmd);
1219
1220 return r;
1221 }
1222
1223 int LUKS_wipe_header_areas(struct luks_phdr *hdr,
1224 struct crypt_device *ctx)
1225 {
1226 int i, r;
1227 uint64_t offset, length;
1228 size_t wipe_block;
1229
1230 /* Wipe complete header, keyslots and padding areas with zeroes. */
1231 offset = 0;
1232 length = (uint64_t)hdr->payloadOffset * SECTOR_SIZE;
1233 wipe_block = 1024 * 1024;
1234
1235 /* On detached header or bogus header, wipe at least the first 4k */
1236 if (length == 0 || length > (LUKS_MAX_KEYSLOT_SIZE * LUKS_NUMKEYS)) {
1237 length = 4096;
1238 wipe_block = 4096;
1239 }
1240
1241 log_dbg(ctx, "Wiping LUKS areas (0x%06" PRIx64 " - 0x%06" PRIx64") with zeroes.",
1242 offset, length + offset);
1243
1244 r = crypt_wipe_device(ctx, crypt_metadata_device(ctx), CRYPT_WIPE_ZERO,
1245 offset, length, wipe_block, NULL, NULL);
1246 if (r < 0)
1247 return r;
1248
1249 /* Wipe keyslots areas */
1250 wipe_block = 1024 * 1024;
1251 for (i = 0; i < LUKS_NUMKEYS; i++) {
1252 r = LUKS_keyslot_area(hdr, i, &offset, &length);
1253 if (r < 0)
1254 return r;
1255
1256 /* Ignore too big LUKS1 keyslots here */
1257 if (length > LUKS_MAX_KEYSLOT_SIZE ||
1258 offset > (LUKS_MAX_KEYSLOT_SIZE - length))
1259 continue;
1260
1261 if (length == 0 || offset < 4096)
1262 return -EINVAL;
1263
1264 log_dbg(ctx, "Wiping keyslot %i area (0x%06" PRIx64 " - 0x%06" PRIx64") with random data.",
1265 i, offset, length + offset);
1266
1267 r = crypt_wipe_device(ctx, crypt_metadata_device(ctx), CRYPT_WIPE_RANDOM,
1268 offset, length, wipe_block, NULL, NULL);
1269 if (r < 0)
1270 return r;
1271 }
1272
1273 return r;
1274 }
1275
1276 int LUKS_keyslot_pbkdf(struct luks_phdr *hdr, int keyslot, struct crypt_pbkdf_type *pbkdf)
1277 {
1278 if (LUKS_keyslot_info(hdr, keyslot) < CRYPT_SLOT_ACTIVE)
1279 return -EINVAL;
1280
1281 pbkdf->type = CRYPT_KDF_PBKDF2;
1282 pbkdf->hash = hdr->hashSpec;
1283 pbkdf->iterations = hdr->keyblock[keyslot].passwordIterations;
1284 pbkdf->max_memory_kb = 0;
1285 pbkdf->parallel_threads = 0;
1286 pbkdf->time_ms = 0;
1287 pbkdf->flags = 0;
1288 return 0;
1289 }