"Fossies" - the Fresh Open Source Software Archive

Member "cryptsetup-2.4.3/lib/luks1/keymanage.c" (13 Jan 2022, 37099 Bytes) of package /linux/misc/cryptsetup-2.4.3.tar.xz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "keymanage.c" see the Fossies "Dox" file reference documentation and the last Fossies "Diffs" side-by-side code changes report: 2.4.0_vs_2.4.1.

    1 /*
    2  * LUKS - Linux Unified Key Setup
    3  *
    4  * Copyright (C) 2004-2006 Clemens Fruhwirth <clemens@endorphin.org>
    5  * Copyright (C) 2009-2021 Red Hat, Inc. All rights reserved.
    6  * Copyright (C) 2013-2021 Milan Broz
    7  *
    8  * This program is free software; you can redistribute it and/or
    9  * modify it under the terms of the GNU General Public License
   10  * as published by the Free Software Foundation; either version 2
   11  * of the License, or (at your option) any later version.
   12  *
   13  * This program is distributed in the hope that it will be useful,
   14  * but WITHOUT ANY WARRANTY; without even the implied warranty of
   15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   16  * GNU General Public License for more details.
   17  *
   18  * You should have received a copy of the GNU General Public License
   19  * along with this program; if not, write to the Free Software
   20  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
   21  */
   22 
   23 #include <sys/types.h>
   24 #include <sys/stat.h>
   25 #include <errno.h>
   26 #include <unistd.h>
   27 #include <stdio.h>
   28 #include <stdlib.h>
   29 #include <string.h>
   30 #include <ctype.h>
   31 #include <assert.h>
   32 #include <uuid/uuid.h>
   33 
   34 #include "luks.h"
   35 #include "af.h"
   36 #include "internal.h"
   37 
   38 int LUKS_keyslot_area(const struct luks_phdr *hdr,
   39     int keyslot,
   40     uint64_t *offset,
   41     uint64_t *length)
   42 {
   43     if(keyslot >= LUKS_NUMKEYS || keyslot < 0)
   44         return -EINVAL;
   45 
   46     *offset = (uint64_t)hdr->keyblock[keyslot].keyMaterialOffset * SECTOR_SIZE;
   47     *length = AF_split_sectors(hdr->keyBytes, LUKS_STRIPES) * SECTOR_SIZE;
   48 
   49     return 0;
   50 }
   51 
   52 /* insertsort: because the array has 8 elements and it's mostly sorted. that's why */
   53 static void LUKS_sort_keyslots(const struct luks_phdr *hdr, int *array)
   54 {
   55     int i, j, x;
   56 
   57     for (i = 1; i < LUKS_NUMKEYS; i++) {
   58         j = i;
   59         while (j > 0 && hdr->keyblock[array[j-1]].keyMaterialOffset > hdr->keyblock[array[j]].keyMaterialOffset) {
   60             x = array[j];
   61             array[j] = array[j-1];
   62             array[j-1] = x;
   63             j--;
   64         }
   65     }
   66 }
   67 
   68 static int _is_not_lower(char *str, unsigned max_len)
   69 {
   70     for(; *str && max_len; str++, max_len--)
   71         if (isupper(*str))
   72             return 1;
   73     return 0;
   74 }
   75 
   76 static int _to_lower(char *str, unsigned max_len)
   77 {
   78     int r = 0;
   79 
   80     for(; *str && max_len; str++, max_len--)
   81         if (isupper(*str)) {
   82             *str = tolower(*str);
   83             r = 1;
   84         }
   85 
   86     return r;
   87 }
   88 
   89 size_t LUKS_device_sectors(const struct luks_phdr *hdr)
   90 {
   91     int sorted_areas[LUKS_NUMKEYS] = { 0, 1, 2, 3, 4, 5, 6, 7 };
   92 
   93     LUKS_sort_keyslots(hdr, sorted_areas);
   94 
   95     return hdr->keyblock[sorted_areas[LUKS_NUMKEYS-1]].keyMaterialOffset + AF_split_sectors(hdr->keyBytes, LUKS_STRIPES);
   96 }
   97 
   98 size_t LUKS_keyslots_offset(const struct luks_phdr *hdr)
   99 {
  100     int sorted_areas[LUKS_NUMKEYS] = { 0, 1, 2, 3, 4, 5, 6, 7 };
  101 
  102     LUKS_sort_keyslots(hdr, sorted_areas);
  103 
  104     return hdr->keyblock[sorted_areas[0]].keyMaterialOffset;
  105 }
  106 
  107 static int LUKS_check_device_size(struct crypt_device *ctx, const struct luks_phdr *hdr, int falloc)
  108 {
  109     struct device *device = crypt_metadata_device(ctx);
  110     uint64_t dev_sectors, hdr_sectors;
  111 
  112     if (!hdr->keyBytes)
  113         return -EINVAL;
  114 
  115     if (device_size(device, &dev_sectors)) {
  116         log_dbg(ctx, "Cannot get device size for device %s.", device_path(device));
  117         return -EIO;
  118     }
  119 
  120     dev_sectors >>= SECTOR_SHIFT;
  121     hdr_sectors = LUKS_device_sectors(hdr);
  122     log_dbg(ctx, "Key length %u, device size %" PRIu64 " sectors, header size %"
  123         PRIu64 " sectors.", hdr->keyBytes, dev_sectors, hdr_sectors);
  124 
  125     if (hdr_sectors > dev_sectors) {
  126         /* If it is header file, increase its size */
  127         if (falloc && !device_fallocate(device, hdr_sectors << SECTOR_SHIFT))
  128             return 0;
  129 
  130         log_err(ctx, _("Device %s is too small. (LUKS1 requires at least %" PRIu64 " bytes.)"),
  131             device_path(device), hdr_sectors * SECTOR_SIZE);
  132         return -EINVAL;
  133     }
  134 
  135     return 0;
  136 }
  137 
  138 static int LUKS_check_keyslots(struct crypt_device *ctx, const struct luks_phdr *phdr)
  139 {
  140     int i, prev, next, sorted_areas[LUKS_NUMKEYS] = { 0, 1, 2, 3, 4, 5, 6, 7 };
  141     uint32_t secs_per_stripes = AF_split_sectors(phdr->keyBytes, LUKS_STRIPES);
  142 
  143     LUKS_sort_keyslots(phdr, sorted_areas);
  144 
  145     /* Check keyslot to prevent access outside of header and keyslot area */
  146     for (i = 0; i < LUKS_NUMKEYS; i++) {
  147         /* enforce stripes == 4000 */
  148         if (phdr->keyblock[i].stripes != LUKS_STRIPES) {
  149             log_dbg(ctx, "Invalid stripes count %u in keyslot %u.",
  150                 phdr->keyblock[i].stripes, i);
  151             log_err(ctx, _("LUKS keyslot %u is invalid."), i);
  152             return -1;
  153         }
  154 
  155         /* First sectors is the header itself */
  156         if (phdr->keyblock[i].keyMaterialOffset * SECTOR_SIZE < sizeof(*phdr)) {
  157             log_dbg(ctx, "Invalid offset %u in keyslot %u.",
  158                 phdr->keyblock[i].keyMaterialOffset, i);
  159             log_err(ctx, _("LUKS keyslot %u is invalid."), i);
  160             return -1;
  161         }
  162 
  163         /* Ignore following check for detached header where offset can be zero. */
  164         if (phdr->payloadOffset == 0)
  165             continue;
  166 
  167         if (phdr->payloadOffset <= phdr->keyblock[i].keyMaterialOffset) {
  168             log_dbg(ctx, "Invalid offset %u in keyslot %u (beyond data area offset %u).",
  169                 phdr->keyblock[i].keyMaterialOffset, i,
  170                 phdr->payloadOffset);
  171             log_err(ctx, _("LUKS keyslot %u is invalid."), i);
  172             return -1;
  173         }
  174 
  175         if (phdr->payloadOffset < (phdr->keyblock[i].keyMaterialOffset + secs_per_stripes)) {
  176             log_dbg(ctx, "Invalid keyslot size %u (offset %u, stripes %u) in "
  177                 "keyslot %u (beyond data area offset %u).",
  178                 secs_per_stripes,
  179                 phdr->keyblock[i].keyMaterialOffset,
  180                 phdr->keyblock[i].stripes,
  181                 i, phdr->payloadOffset);
  182             log_err(ctx, _("LUKS keyslot %u is invalid."), i);
  183             return -1;
  184         }
  185     }
  186 
  187     /* check no keyslot overlaps with each other */
  188     for (i = 1; i < LUKS_NUMKEYS; i++) {
  189         prev = sorted_areas[i-1];
  190         next = sorted_areas[i];
  191         if (phdr->keyblock[next].keyMaterialOffset <
  192             (phdr->keyblock[prev].keyMaterialOffset + secs_per_stripes)) {
  193             log_dbg(ctx, "Not enough space in LUKS keyslot %d.", prev);
  194             log_err(ctx, _("LUKS keyslot %u is invalid."), prev);
  195             return -1;
  196         }
  197     }
  198     /* do not check last keyslot on purpose, it must be tested in device size check */
  199 
  200     return 0;
  201 }
  202 
  203 static const char *dbg_slot_state(crypt_keyslot_info ki)
  204 {
  205     switch(ki) {
  206     case CRYPT_SLOT_INACTIVE:
  207         return "INACTIVE";
  208     case CRYPT_SLOT_ACTIVE:
  209         return "ACTIVE";
  210     case CRYPT_SLOT_ACTIVE_LAST:
  211         return "ACTIVE_LAST";
  212     case CRYPT_SLOT_INVALID:
  213     default:
  214         return "INVALID";
  215     }
  216 }
  217 
  218 int LUKS_hdr_backup(const char *backup_file, struct crypt_device *ctx)
  219 {
  220     struct device *device = crypt_metadata_device(ctx);
  221     struct luks_phdr hdr;
  222     int fd, devfd, r = 0;
  223     size_t hdr_size;
  224     size_t buffer_size;
  225     ssize_t ret;
  226     char *buffer = NULL;
  227 
  228     r = LUKS_read_phdr(&hdr, 1, 0, ctx);
  229     if (r)
  230         return r;
  231 
  232     hdr_size = LUKS_device_sectors(&hdr) << SECTOR_SHIFT;
  233     buffer_size = size_round_up(hdr_size, crypt_getpagesize());
  234 
  235     buffer = crypt_safe_alloc(buffer_size);
  236     if (!buffer || hdr_size < LUKS_ALIGN_KEYSLOTS || hdr_size > buffer_size) {
  237         r = -ENOMEM;
  238         goto out;
  239     }
  240 
  241     log_dbg(ctx, "Storing backup of header (%zu bytes) and keyslot area (%zu bytes).",
  242         sizeof(hdr), hdr_size - LUKS_ALIGN_KEYSLOTS);
  243 
  244     log_dbg(ctx, "Output backup file size: %zu bytes.", buffer_size);
  245 
  246     devfd = device_open(ctx, device, O_RDONLY);
  247     if (devfd < 0) {
  248         log_err(ctx, _("Device %s is not a valid LUKS device."), device_path(device));
  249         r = -EINVAL;
  250         goto out;
  251     }
  252 
  253     if (read_lseek_blockwise(devfd, device_block_size(ctx, device), device_alignment(device),
  254                buffer, hdr_size, 0) < (ssize_t)hdr_size) {
  255         r = -EIO;
  256         goto out;
  257     }
  258 
  259     /* Wipe unused area, so backup cannot contain old signatures */
  260     if (hdr.keyblock[0].keyMaterialOffset * SECTOR_SIZE == LUKS_ALIGN_KEYSLOTS)
  261         memset(buffer + sizeof(hdr), 0, LUKS_ALIGN_KEYSLOTS - sizeof(hdr));
  262 
  263     fd = open(backup_file, O_CREAT|O_EXCL|O_WRONLY, S_IRUSR);
  264     if (fd == -1) {
  265         if (errno == EEXIST)
  266             log_err(ctx, _("Requested header backup file %s already exists."), backup_file);
  267         else
  268             log_err(ctx, _("Cannot create header backup file %s."), backup_file);
  269         r = -EINVAL;
  270         goto out;
  271     }
  272     ret = write_buffer(fd, buffer, buffer_size);
  273     close(fd);
  274     if (ret < (ssize_t)buffer_size) {
  275         log_err(ctx, _("Cannot write header backup file %s."), backup_file);
  276         r = -EIO;
  277         goto out;
  278     }
  279 
  280     r = 0;
  281 out:
  282     crypt_safe_memzero(&hdr, sizeof(hdr));
  283     crypt_safe_free(buffer);
  284     return r;
  285 }
  286 
  287 int LUKS_hdr_restore(
  288     const char *backup_file,
  289     struct luks_phdr *hdr,
  290     struct crypt_device *ctx)
  291 {
  292     struct device *device = crypt_metadata_device(ctx);
  293     int fd, r = 0, devfd = -1, diff_uuid = 0;
  294     ssize_t ret, buffer_size = 0;
  295     char *buffer = NULL, msg[200];
  296     struct luks_phdr hdr_file;
  297 
  298     r = LUKS_read_phdr_backup(backup_file, &hdr_file, 0, ctx);
  299     if (r == -ENOENT)
  300         return r;
  301 
  302     if (!r)
  303         buffer_size = LUKS_device_sectors(&hdr_file) << SECTOR_SHIFT;
  304 
  305     if (r || buffer_size < LUKS_ALIGN_KEYSLOTS) {
  306         log_err(ctx, _("Backup file does not contain valid LUKS header."));
  307         r = -EINVAL;
  308         goto out;
  309     }
  310 
  311     buffer = crypt_safe_alloc(buffer_size);
  312     if (!buffer) {
  313         r = -ENOMEM;
  314         goto out;
  315     }
  316 
  317     fd = open(backup_file, O_RDONLY);
  318     if (fd == -1) {
  319         log_err(ctx, _("Cannot open header backup file %s."), backup_file);
  320         r = -EINVAL;
  321         goto out;
  322     }
  323 
  324     ret = read_buffer(fd, buffer, buffer_size);
  325     close(fd);
  326     if (ret < buffer_size) {
  327         log_err(ctx, _("Cannot read header backup file %s."), backup_file);
  328         r = -EIO;
  329         goto out;
  330     }
  331 
  332     r = LUKS_read_phdr(hdr, 0, 0, ctx);
  333     if (r == 0) {
  334         log_dbg(ctx, "Device %s already contains LUKS header, checking UUID and offset.", device_path(device));
  335         if(hdr->payloadOffset != hdr_file.payloadOffset ||
  336            hdr->keyBytes != hdr_file.keyBytes) {
  337             log_err(ctx, _("Data offset or key size differs on device and backup, restore failed."));
  338             r = -EINVAL;
  339             goto out;
  340         }
  341         if (memcmp(hdr->uuid, hdr_file.uuid, UUID_STRING_L))
  342             diff_uuid = 1;
  343     }
  344 
  345     if (snprintf(msg, sizeof(msg), _("Device %s %s%s"), device_path(device),
  346          r ? _("does not contain LUKS header. Replacing header can destroy data on that device.") :
  347              _("already contains LUKS header. Replacing header will destroy existing keyslots."),
  348              diff_uuid ? _("\nWARNING: real device header has different UUID than backup!") : "") < 0) {
  349         r = -ENOMEM;
  350         goto out;
  351     }
  352 
  353     if (!crypt_confirm(ctx, msg)) {
  354         r = -EINVAL;
  355         goto out;
  356     }
  357 
  358     log_dbg(ctx, "Storing backup of header (%zu bytes) and keyslot area (%zu bytes) to device %s.",
  359         sizeof(*hdr), buffer_size - LUKS_ALIGN_KEYSLOTS, device_path(device));
  360 
  361     devfd = device_open(ctx, device, O_RDWR);
  362     if (devfd < 0) {
  363         if (errno == EACCES)
  364             log_err(ctx, _("Cannot write to device %s, permission denied."),
  365                 device_path(device));
  366         else
  367             log_err(ctx, _("Cannot open device %s."), device_path(device));
  368         r = -EINVAL;
  369         goto out;
  370     }
  371 
  372     if (write_lseek_blockwise(devfd, device_block_size(ctx, device), device_alignment(device),
  373                 buffer, buffer_size, 0) < buffer_size) {
  374         r = -EIO;
  375         goto out;
  376     }
  377 
  378     /* Be sure to reload new data */
  379     r = LUKS_read_phdr(hdr, 1, 0, ctx);
  380 out:
  381     device_sync(ctx, device);
  382     crypt_safe_free(buffer);
  383     return r;
  384 }
  385 
  386 /* This routine should do some just basic recovery for known problems. */
  387 static int _keyslot_repair(struct luks_phdr *phdr, struct crypt_device *ctx)
  388 {
  389     struct luks_phdr temp_phdr;
  390     const unsigned char *sector = (const unsigned char*)phdr;
  391     struct volume_key *vk;
  392     int i, bad, r, need_write = 0;
  393 
  394     if (phdr->keyBytes != 16 && phdr->keyBytes != 32 && phdr->keyBytes != 64) {
  395         log_err(ctx, _("Non standard key size, manual repair required."));
  396         return -EINVAL;
  397     }
  398 
  399     /*
  400      * cryptsetup 1.0 did not align keyslots to 4k, cannot repair this one
  401      * Also we cannot trust possibly broken keyslots metadata here through LUKS_keyslots_offset().
  402      * Expect first keyslot is aligned, if not, then manual repair is neccessary.
  403      */
  404     if (phdr->keyblock[0].keyMaterialOffset < (LUKS_ALIGN_KEYSLOTS / SECTOR_SIZE)) {
  405         log_err(ctx, _("Non standard keyslots alignment, manual repair required."));
  406         return -EINVAL;
  407     }
  408 
  409     /*
  410      * ECB mode does not use IV but legacy dmcrypt silently allows it.
  411      * Today device cannot be activated anyway, so we need to fix it here.
  412      */
  413     if (!strncmp(phdr->cipherMode, "ecb-", 4)) {
  414         log_err(ctx, _("Cipher mode repaired (%s -> %s)."), phdr->cipherMode, "ecb");
  415         memset(phdr->cipherMode, 0, LUKS_CIPHERMODE_L);
  416         strcpy(phdr->cipherMode, "ecb");
  417         need_write = 1;
  418     }
  419 
  420     /*
  421      * Old cryptsetup expects "sha1", gcrypt allows case insensitive names,
  422      * so always convert hash to lower case in header
  423      */
  424     if (_to_lower(phdr->hashSpec, LUKS_HASHSPEC_L)) {
  425         log_err(ctx, _("Cipher hash repaired to lowercase (%s)."), phdr->hashSpec);
  426         if (crypt_hmac_size(phdr->hashSpec) < LUKS_DIGESTSIZE) {
  427             log_err(ctx, _("Requested LUKS hash %s is not supported."), phdr->hashSpec);
  428             return -EINVAL;
  429         }
  430         need_write = 1;
  431     }
  432 
  433     r = LUKS_check_cipher(ctx, phdr->keyBytes, phdr->cipherName, phdr->cipherMode);
  434     if (r < 0)
  435         return -EINVAL;
  436 
  437     vk = crypt_alloc_volume_key(phdr->keyBytes, NULL);
  438     if (!vk)
  439         return -ENOMEM;
  440 
  441     log_verbose(ctx, _("Repairing keyslots."));
  442 
  443     log_dbg(ctx, "Generating second header with the same parameters for check.");
  444     /* cipherName, cipherMode, hashSpec, uuid are already null terminated */
  445     /* payloadOffset - cannot check */
  446     r = LUKS_generate_phdr(&temp_phdr, vk, phdr->cipherName, phdr->cipherMode,
  447                    phdr->hashSpec, phdr->uuid,
  448                    phdr->payloadOffset * SECTOR_SIZE, 0, 0, ctx);
  449     if (r < 0)
  450         goto out;
  451 
  452     for(i = 0; i < LUKS_NUMKEYS; ++i) {
  453         if (phdr->keyblock[i].active == LUKS_KEY_ENABLED)  {
  454             log_dbg(ctx, "Skipping repair for active keyslot %i.", i);
  455             continue;
  456         }
  457 
  458         bad = 0;
  459         if (phdr->keyblock[i].keyMaterialOffset != temp_phdr.keyblock[i].keyMaterialOffset) {
  460             log_err(ctx, _("Keyslot %i: offset repaired (%u -> %u)."), i,
  461                 (unsigned)phdr->keyblock[i].keyMaterialOffset,
  462                 (unsigned)temp_phdr.keyblock[i].keyMaterialOffset);
  463             phdr->keyblock[i].keyMaterialOffset = temp_phdr.keyblock[i].keyMaterialOffset;
  464             bad = 1;
  465         }
  466 
  467         if (phdr->keyblock[i].stripes != temp_phdr.keyblock[i].stripes) {
  468             log_err(ctx, _("Keyslot %i: stripes repaired (%u -> %u)."), i,
  469                 (unsigned)phdr->keyblock[i].stripes,
  470                 (unsigned)temp_phdr.keyblock[i].stripes);
  471             phdr->keyblock[i].stripes = temp_phdr.keyblock[i].stripes;
  472             bad = 1;
  473         }
  474 
  475         /* Known case - MSDOS partition table signature */
  476         if (i == 6 && sector[0x1fe] == 0x55 && sector[0x1ff] == 0xaa) {
  477             log_err(ctx, _("Keyslot %i: bogus partition signature."), i);
  478             bad = 1;
  479         }
  480 
  481         if(bad) {
  482             log_err(ctx, _("Keyslot %i: salt wiped."), i);
  483             phdr->keyblock[i].active = LUKS_KEY_DISABLED;
  484             memset(&phdr->keyblock[i].passwordSalt, 0x00, LUKS_SALTSIZE);
  485             phdr->keyblock[i].passwordIterations = 0;
  486         }
  487 
  488         if (bad)
  489             need_write = 1;
  490     }
  491 
  492     /*
  493      * check repair result before writing because repair can't fix out of order
  494      * keyslot offsets and would corrupt header again
  495      */
  496     if (LUKS_check_keyslots(ctx, phdr))
  497         r = -EINVAL;
  498     else if (need_write) {
  499         log_verbose(ctx, _("Writing LUKS header to disk."));
  500         r = LUKS_write_phdr(phdr, ctx);
  501     }
  502 out:
  503     if (r)
  504         log_err(ctx, _("Repair failed."));
  505     crypt_free_volume_key(vk);
  506     crypt_safe_memzero(&temp_phdr, sizeof(temp_phdr));
  507     return r;
  508 }
  509 
  510 static int _check_and_convert_hdr(const char *device,
  511                   struct luks_phdr *hdr,
  512                   int require_luks_device,
  513                   int repair,
  514                   struct crypt_device *ctx)
  515 {
  516     int r = 0;
  517     unsigned int i;
  518     char luksMagic[] = LUKS_MAGIC;
  519 
  520     hdr->version = be16_to_cpu(hdr->version);
  521     if (memcmp(hdr->magic, luksMagic, LUKS_MAGIC_L)) { /* Check magic */
  522         log_dbg(ctx, "LUKS header not detected.");
  523         if (require_luks_device)
  524             log_err(ctx, _("Device %s is not a valid LUKS device."), device);
  525         return -EINVAL;
  526     } else if (hdr->version != 1) {
  527         log_err(ctx, _("Unsupported LUKS version %d."), hdr->version);
  528         return -EINVAL;
  529     }
  530 
  531     hdr->hashSpec[LUKS_HASHSPEC_L - 1] = '\0';
  532     if (crypt_hmac_size(hdr->hashSpec) < LUKS_DIGESTSIZE) {
  533         log_err(ctx, _("Requested LUKS hash %s is not supported."), hdr->hashSpec);
  534         r = -EINVAL;
  535     }
  536 
  537     /* Header detected */
  538     hdr->payloadOffset      = be32_to_cpu(hdr->payloadOffset);
  539     hdr->keyBytes           = be32_to_cpu(hdr->keyBytes);
  540     hdr->mkDigestIterations = be32_to_cpu(hdr->mkDigestIterations);
  541 
  542     for (i = 0; i < LUKS_NUMKEYS; ++i) {
  543         hdr->keyblock[i].active             = be32_to_cpu(hdr->keyblock[i].active);
  544         hdr->keyblock[i].passwordIterations = be32_to_cpu(hdr->keyblock[i].passwordIterations);
  545         hdr->keyblock[i].keyMaterialOffset  = be32_to_cpu(hdr->keyblock[i].keyMaterialOffset);
  546         hdr->keyblock[i].stripes            = be32_to_cpu(hdr->keyblock[i].stripes);
  547     }
  548 
  549     if (LUKS_check_keyslots(ctx, hdr))
  550         r = -EINVAL;
  551 
  552     /* Avoid unterminated strings */
  553     hdr->cipherName[LUKS_CIPHERNAME_L - 1] = '\0';
  554     hdr->cipherMode[LUKS_CIPHERMODE_L - 1] = '\0';
  555     hdr->uuid[UUID_STRING_L - 1] = '\0';
  556 
  557     if (repair) {
  558         if (!strncmp(hdr->cipherMode, "ecb-", 4)) {
  559             log_err(ctx, _("LUKS cipher mode %s is invalid."), hdr->cipherMode);
  560             r = -EINVAL;
  561         }
  562 
  563         if (_is_not_lower(hdr->hashSpec, LUKS_HASHSPEC_L)) {
  564             log_err(ctx, _("LUKS hash %s is invalid."), hdr->hashSpec);
  565             r = -EINVAL;
  566         }
  567 
  568         if (r == -EINVAL)
  569             r = _keyslot_repair(hdr, ctx);
  570         else
  571             log_verbose(ctx, _("No known problems detected for LUKS header."));
  572     }
  573 
  574     return r;
  575 }
  576 
  577 int LUKS_read_phdr_backup(const char *backup_file,
  578               struct luks_phdr *hdr,
  579               int require_luks_device,
  580               struct crypt_device *ctx)
  581 {
  582     ssize_t hdr_size = sizeof(struct luks_phdr);
  583     int devfd = 0, r = 0;
  584 
  585     log_dbg(ctx, "Reading LUKS header of size %d from backup file %s",
  586         (int)hdr_size, backup_file);
  587 
  588     devfd = open(backup_file, O_RDONLY);
  589     if (devfd == -1) {
  590         log_err(ctx, _("Cannot open header backup file %s."), backup_file);
  591         return -ENOENT;
  592     }
  593 
  594     if (read_buffer(devfd, hdr, hdr_size) < hdr_size)
  595         r = -EIO;
  596     else
  597         r = _check_and_convert_hdr(backup_file, hdr,
  598                        require_luks_device, 0, ctx);
  599 
  600     close(devfd);
  601     return r;
  602 }
  603 
  604 int LUKS_read_phdr(struct luks_phdr *hdr,
  605            int require_luks_device,
  606            int repair,
  607            struct crypt_device *ctx)
  608 {
  609     int devfd, r = 0;
  610     struct device *device = crypt_metadata_device(ctx);
  611     ssize_t hdr_size = sizeof(struct luks_phdr);
  612 
  613     /* LUKS header starts at offset 0, first keyslot on LUKS_ALIGN_KEYSLOTS */
  614     assert(sizeof(struct luks_phdr) <= LUKS_ALIGN_KEYSLOTS);
  615 
  616     /* Stripes count cannot be changed without additional code fixes yet */
  617     assert(LUKS_STRIPES == 4000);
  618 
  619     if (repair && !require_luks_device)
  620         return -EINVAL;
  621 
  622     log_dbg(ctx, "Reading LUKS header of size %zu from device %s",
  623         hdr_size, device_path(device));
  624 
  625     devfd = device_open(ctx, device, O_RDONLY);
  626     if (devfd < 0) {
  627         log_err(ctx, _("Cannot open device %s."), device_path(device));
  628         return -EINVAL;
  629     }
  630 
  631     if (read_lseek_blockwise(devfd, device_block_size(ctx, device), device_alignment(device),
  632                hdr, hdr_size, 0) < hdr_size)
  633         r = -EIO;
  634     else
  635         r = _check_and_convert_hdr(device_path(device), hdr, require_luks_device,
  636                        repair, ctx);
  637 
  638     if (!r)
  639         r = LUKS_check_device_size(ctx, hdr, 0);
  640 
  641     /*
  642      * Cryptsetup 1.0.0 did not align keyslots to 4k (very rare version).
  643      * Disable direct-io to avoid possible IO errors if underlying device
  644      * has bigger sector size.
  645      */
  646     if (!r && hdr->keyblock[0].keyMaterialOffset * SECTOR_SIZE < LUKS_ALIGN_KEYSLOTS) {
  647         log_dbg(ctx, "Old unaligned LUKS keyslot detected, disabling direct-io.");
  648         device_disable_direct_io(device);
  649     }
  650 
  651     return r;
  652 }
  653 
  654 int LUKS_write_phdr(struct luks_phdr *hdr,
  655             struct crypt_device *ctx)
  656 {
  657     struct device *device = crypt_metadata_device(ctx);
  658     ssize_t hdr_size = sizeof(struct luks_phdr);
  659     int devfd = 0;
  660     unsigned int i;
  661     struct luks_phdr convHdr;
  662     int r;
  663 
  664     log_dbg(ctx, "Updating LUKS header of size %zu on device %s",
  665         sizeof(struct luks_phdr), device_path(device));
  666 
  667     r = LUKS_check_device_size(ctx, hdr, 1);
  668     if (r)
  669         return r;
  670 
  671     devfd = device_open(ctx, device, O_RDWR);
  672     if (devfd < 0) {
  673         if (errno == EACCES)
  674             log_err(ctx, _("Cannot write to device %s, permission denied."),
  675                 device_path(device));
  676         else
  677             log_err(ctx, _("Cannot open device %s."), device_path(device));
  678         return -EINVAL;
  679     }
  680 
  681     memcpy(&convHdr, hdr, hdr_size);
  682     memset(&convHdr._padding, 0, sizeof(convHdr._padding));
  683 
  684     /* Convert every uint16/32_t item to network byte order */
  685     convHdr.version            = cpu_to_be16(hdr->version);
  686     convHdr.payloadOffset      = cpu_to_be32(hdr->payloadOffset);
  687     convHdr.keyBytes           = cpu_to_be32(hdr->keyBytes);
  688     convHdr.mkDigestIterations = cpu_to_be32(hdr->mkDigestIterations);
  689     for(i = 0; i < LUKS_NUMKEYS; ++i) {
  690         convHdr.keyblock[i].active             = cpu_to_be32(hdr->keyblock[i].active);
  691         convHdr.keyblock[i].passwordIterations = cpu_to_be32(hdr->keyblock[i].passwordIterations);
  692         convHdr.keyblock[i].keyMaterialOffset  = cpu_to_be32(hdr->keyblock[i].keyMaterialOffset);
  693         convHdr.keyblock[i].stripes            = cpu_to_be32(hdr->keyblock[i].stripes);
  694     }
  695 
  696     r = write_lseek_blockwise(devfd, device_block_size(ctx, device), device_alignment(device),
  697                 &convHdr, hdr_size, 0) < hdr_size ? -EIO : 0;
  698     if (r)
  699         log_err(ctx, _("Error during update of LUKS header on device %s."), device_path(device));
  700 
  701     device_sync(ctx, device);
  702 
  703     /* Re-read header from disk to be sure that in-memory and on-disk data are the same. */
  704     if (!r) {
  705         r = LUKS_read_phdr(hdr, 1, 0, ctx);
  706         if (r)
  707             log_err(ctx, _("Error re-reading LUKS header after update on device %s."),
  708                 device_path(device));
  709     }
  710 
  711     return r;
  712 }
  713 
  714 /* Check that kernel supports requested cipher by decryption of one sector */
  715 int LUKS_check_cipher(struct crypt_device *ctx, size_t keylength, const char *cipher, const char *cipher_mode)
  716 {
  717     int r;
  718     struct volume_key *empty_key;
  719     char buf[SECTOR_SIZE];
  720 
  721     log_dbg(ctx, "Checking if cipher %s-%s is usable.", cipher, cipher_mode);
  722 
  723     empty_key = crypt_alloc_volume_key(keylength, NULL);
  724     if (!empty_key)
  725         return -ENOMEM;
  726 
  727     /* No need to get KEY quality random but it must avoid known weak keys. */
  728     r = crypt_random_get(ctx, empty_key->key, empty_key->keylength, CRYPT_RND_NORMAL);
  729     if (!r)
  730         r = LUKS_decrypt_from_storage(buf, sizeof(buf), cipher, cipher_mode, empty_key, 0, ctx);
  731 
  732     crypt_free_volume_key(empty_key);
  733     crypt_safe_memzero(buf, sizeof(buf));
  734     return r;
  735 }
  736 
  737 int LUKS_generate_phdr(struct luks_phdr *header,
  738     const struct volume_key *vk,
  739     const char *cipherName,
  740     const char *cipherMode,
  741     const char *hashSpec,
  742     const char *uuid,
  743     uint64_t data_offset,        /* in bytes */
  744     uint64_t align_offset,       /* in bytes */
  745     uint64_t required_alignment, /* in bytes */
  746     struct crypt_device *ctx)
  747 {
  748     int i, r;
  749     size_t keyslot_sectors, header_sectors;
  750     uuid_t partitionUuid;
  751     struct crypt_pbkdf_type *pbkdf;
  752     double PBKDF2_temp;
  753     char luksMagic[] = LUKS_MAGIC;
  754 
  755     if (data_offset % SECTOR_SIZE || align_offset % SECTOR_SIZE ||
  756         required_alignment % SECTOR_SIZE)
  757         return -EINVAL;
  758 
  759     memset(header, 0, sizeof(struct luks_phdr));
  760 
  761     keyslot_sectors = AF_split_sectors(vk->keylength, LUKS_STRIPES);
  762     header_sectors = LUKS_ALIGN_KEYSLOTS / SECTOR_SIZE;
  763 
  764     for (i = 0; i < LUKS_NUMKEYS; i++) {
  765         header->keyblock[i].active = LUKS_KEY_DISABLED;
  766         header->keyblock[i].keyMaterialOffset = header_sectors;
  767         header->keyblock[i].stripes = LUKS_STRIPES;
  768         header_sectors = size_round_up(header_sectors + keyslot_sectors,
  769                            LUKS_ALIGN_KEYSLOTS / SECTOR_SIZE);
  770     }
  771     /* In sector is now size of all keyslot material space */
  772 
  773     /* Data offset has priority */
  774     if (data_offset)
  775         header->payloadOffset = data_offset / SECTOR_SIZE;
  776     else if (required_alignment) {
  777         header->payloadOffset = size_round_up(header_sectors, (required_alignment / SECTOR_SIZE));
  778         header->payloadOffset += (align_offset / SECTOR_SIZE);
  779     } else
  780         header->payloadOffset = 0;
  781 
  782     if (header->payloadOffset && header->payloadOffset < header_sectors) {
  783         log_err(ctx, _("Data offset for LUKS header must be "
  784                    "either 0 or higher than header size."));
  785         return -EINVAL;
  786     }
  787 
  788     if (crypt_hmac_size(hashSpec) < LUKS_DIGESTSIZE) {
  789         log_err(ctx, _("Requested LUKS hash %s is not supported."), hashSpec);
  790         return -EINVAL;
  791     }
  792 
  793     if (uuid && uuid_parse(uuid, partitionUuid) == -1) {
  794         log_err(ctx, _("Wrong LUKS UUID format provided."));
  795         return -EINVAL;
  796     }
  797     if (!uuid)
  798         uuid_generate(partitionUuid);
  799 
  800     /* Set Magic */
  801     memcpy(header->magic,luksMagic,LUKS_MAGIC_L);
  802     header->version=1;
  803     strncpy(header->cipherName,cipherName,LUKS_CIPHERNAME_L-1);
  804     strncpy(header->cipherMode,cipherMode,LUKS_CIPHERMODE_L-1);
  805     strncpy(header->hashSpec,hashSpec,LUKS_HASHSPEC_L-1);
  806     _to_lower(header->hashSpec, LUKS_HASHSPEC_L);
  807 
  808     header->keyBytes=vk->keylength;
  809 
  810     log_dbg(ctx, "Generating LUKS header version %d using hash %s, %s, %s, MK %d bytes",
  811         header->version, header->hashSpec ,header->cipherName, header->cipherMode,
  812         header->keyBytes);
  813 
  814     r = crypt_random_get(ctx, header->mkDigestSalt, LUKS_SALTSIZE, CRYPT_RND_SALT);
  815     if(r < 0) {
  816         log_err(ctx, _("Cannot create LUKS header: reading random salt failed."));
  817         return r;
  818     }
  819 
  820     /* Compute master key digest */
  821     pbkdf = crypt_get_pbkdf(ctx);
  822     r = crypt_benchmark_pbkdf_internal(ctx, pbkdf, vk->keylength);
  823     if (r < 0)
  824         return r;
  825     assert(pbkdf->iterations);
  826 
  827     if (pbkdf->flags & CRYPT_PBKDF_NO_BENCHMARK && pbkdf->time_ms == 0)
  828         PBKDF2_temp = LUKS_MKD_ITERATIONS_MIN;
  829     else    /* iterations per ms * LUKS_MKD_ITERATIONS_MS */
  830         PBKDF2_temp = (double)pbkdf->iterations * LUKS_MKD_ITERATIONS_MS / pbkdf->time_ms;
  831 
  832     if (PBKDF2_temp > (double)UINT32_MAX)
  833         return -EINVAL;
  834     header->mkDigestIterations = AT_LEAST((uint32_t)PBKDF2_temp, LUKS_MKD_ITERATIONS_MIN);
  835     assert(header->mkDigestIterations);
  836 
  837     r = crypt_pbkdf(CRYPT_KDF_PBKDF2, header->hashSpec, vk->key,vk->keylength,
  838             header->mkDigestSalt, LUKS_SALTSIZE,
  839             header->mkDigest,LUKS_DIGESTSIZE,
  840             header->mkDigestIterations, 0, 0);
  841     if (r < 0) {
  842         log_err(ctx, _("Cannot create LUKS header: header digest failed (using hash %s)."),
  843             header->hashSpec);
  844         return r;
  845     }
  846 
  847         uuid_unparse(partitionUuid, header->uuid);
  848 
  849     log_dbg(ctx, "Data offset %d, UUID %s, digest iterations %" PRIu32,
  850         header->payloadOffset, header->uuid, header->mkDigestIterations);
  851 
  852     return 0;
  853 }
  854 
  855 int LUKS_hdr_uuid_set(
  856     struct luks_phdr *hdr,
  857     const char *uuid,
  858     struct crypt_device *ctx)
  859 {
  860     uuid_t partitionUuid;
  861 
  862     if (uuid && uuid_parse(uuid, partitionUuid) == -1) {
  863         log_err(ctx, _("Wrong LUKS UUID format provided."));
  864         return -EINVAL;
  865     }
  866     if (!uuid)
  867         uuid_generate(partitionUuid);
  868 
  869     uuid_unparse(partitionUuid, hdr->uuid);
  870 
  871     return LUKS_write_phdr(hdr, ctx);
  872 }
  873 
  874 int LUKS_set_key(unsigned int keyIndex,
  875          const char *password, size_t passwordLen,
  876          struct luks_phdr *hdr, struct volume_key *vk,
  877          struct crypt_device *ctx)
  878 {
  879     struct volume_key *derived_key;
  880     char *AfKey = NULL;
  881     size_t AFEKSize;
  882     struct crypt_pbkdf_type *pbkdf;
  883     int r;
  884 
  885     if(hdr->keyblock[keyIndex].active != LUKS_KEY_DISABLED) {
  886         log_err(ctx, _("Key slot %d active, purge first."), keyIndex);
  887         return -EINVAL;
  888     }
  889 
  890     /* LUKS keyslot has always at least 4000 stripes according to specification */
  891     if(hdr->keyblock[keyIndex].stripes < 4000) {
  892             log_err(ctx, _("Key slot %d material includes too few stripes. Header manipulation?"),
  893             keyIndex);
  894              return -EINVAL;
  895     }
  896 
  897     log_dbg(ctx, "Calculating data for key slot %d", keyIndex);
  898     pbkdf = crypt_get_pbkdf(ctx);
  899     r = crypt_benchmark_pbkdf_internal(ctx, pbkdf, vk->keylength);
  900     if (r < 0)
  901         return r;
  902     assert(pbkdf->iterations);
  903 
  904     /*
  905      * Final iteration count is at least LUKS_SLOT_ITERATIONS_MIN
  906      */
  907     hdr->keyblock[keyIndex].passwordIterations =
  908         AT_LEAST(pbkdf->iterations, LUKS_SLOT_ITERATIONS_MIN);
  909     log_dbg(ctx, "Key slot %d use %" PRIu32 " password iterations.", keyIndex,
  910         hdr->keyblock[keyIndex].passwordIterations);
  911 
  912     derived_key = crypt_alloc_volume_key(hdr->keyBytes, NULL);
  913     if (!derived_key)
  914         return -ENOMEM;
  915 
  916     r = crypt_random_get(ctx, hdr->keyblock[keyIndex].passwordSalt,
  917                LUKS_SALTSIZE, CRYPT_RND_SALT);
  918     if (r < 0)
  919         goto out;
  920 
  921     r = crypt_pbkdf(CRYPT_KDF_PBKDF2, hdr->hashSpec, password, passwordLen,
  922             hdr->keyblock[keyIndex].passwordSalt, LUKS_SALTSIZE,
  923             derived_key->key, hdr->keyBytes,
  924             hdr->keyblock[keyIndex].passwordIterations, 0, 0);
  925     if (r < 0)
  926         goto out;
  927 
  928     /*
  929      * AF splitting, the masterkey stored in vk->key is split to AfKey
  930      */
  931     assert(vk->keylength == hdr->keyBytes);
  932     AFEKSize = AF_split_sectors(vk->keylength, hdr->keyblock[keyIndex].stripes) * SECTOR_SIZE;
  933     AfKey = crypt_safe_alloc(AFEKSize);
  934     if (!AfKey) {
  935         r = -ENOMEM;
  936         goto out;
  937     }
  938 
  939     log_dbg(ctx, "Using hash %s for AF in key slot %d, %d stripes",
  940         hdr->hashSpec, keyIndex, hdr->keyblock[keyIndex].stripes);
  941     r = AF_split(ctx, vk->key, AfKey, vk->keylength, hdr->keyblock[keyIndex].stripes, hdr->hashSpec);
  942     if (r < 0)
  943         goto out;
  944 
  945     log_dbg(ctx, "Updating key slot %d [0x%04x] area.", keyIndex,
  946         hdr->keyblock[keyIndex].keyMaterialOffset << 9);
  947     /* Encryption via dm */
  948     r = LUKS_encrypt_to_storage(AfKey,
  949                     AFEKSize,
  950                     hdr->cipherName, hdr->cipherMode,
  951                     derived_key,
  952                     hdr->keyblock[keyIndex].keyMaterialOffset,
  953                     ctx);
  954     if (r < 0)
  955         goto out;
  956 
  957     /* Mark the key as active in phdr */
  958     r = LUKS_keyslot_set(hdr, (int)keyIndex, 1, ctx);
  959     if (r < 0)
  960         goto out;
  961 
  962     r = LUKS_write_phdr(hdr, ctx);
  963     if (r < 0)
  964         goto out;
  965 
  966     r = 0;
  967 out:
  968     crypt_safe_free(AfKey);
  969     crypt_free_volume_key(derived_key);
  970     return r;
  971 }
  972 
  973 /* Check whether a volume key is invalid. */
  974 int LUKS_verify_volume_key(const struct luks_phdr *hdr,
  975                const struct volume_key *vk)
  976 {
  977     char checkHashBuf[LUKS_DIGESTSIZE];
  978 
  979     if (crypt_pbkdf(CRYPT_KDF_PBKDF2, hdr->hashSpec, vk->key, vk->keylength,
  980             hdr->mkDigestSalt, LUKS_SALTSIZE,
  981             checkHashBuf, LUKS_DIGESTSIZE,
  982             hdr->mkDigestIterations, 0, 0) < 0)
  983         return -EINVAL;
  984 
  985     if (memcmp(checkHashBuf, hdr->mkDigest, LUKS_DIGESTSIZE))
  986         return -EPERM;
  987 
  988     return 0;
  989 }
  990 
  991 /* Try to open a particular key slot */
  992 static int LUKS_open_key(unsigned int keyIndex,
  993           const char *password,
  994           size_t passwordLen,
  995           struct luks_phdr *hdr,
  996           struct volume_key **vk,
  997           struct crypt_device *ctx)
  998 {
  999     crypt_keyslot_info ki = LUKS_keyslot_info(hdr, keyIndex);
 1000     struct volume_key *derived_key;
 1001     char *AfKey = NULL;
 1002     size_t AFEKSize;
 1003     int r;
 1004 
 1005     log_dbg(ctx, "Trying to open key slot %d [%s].", keyIndex,
 1006         dbg_slot_state(ki));
 1007 
 1008     if (ki < CRYPT_SLOT_ACTIVE)
 1009         return -ENOENT;
 1010 
 1011     derived_key = crypt_alloc_volume_key(hdr->keyBytes, NULL);
 1012     if (!derived_key)
 1013         return -ENOMEM;
 1014 
 1015     *vk = crypt_alloc_volume_key(hdr->keyBytes, NULL);
 1016     if (!*vk) {
 1017         r = -ENOMEM;
 1018         goto out;
 1019     }
 1020 
 1021     AFEKSize = AF_split_sectors(hdr->keyBytes, hdr->keyblock[keyIndex].stripes) * SECTOR_SIZE;
 1022     AfKey = crypt_safe_alloc(AFEKSize);
 1023     if (!AfKey) {
 1024         r = -ENOMEM;
 1025         goto out;
 1026     }
 1027 
 1028     r = crypt_pbkdf(CRYPT_KDF_PBKDF2, hdr->hashSpec, password, passwordLen,
 1029             hdr->keyblock[keyIndex].passwordSalt, LUKS_SALTSIZE,
 1030             derived_key->key, hdr->keyBytes,
 1031             hdr->keyblock[keyIndex].passwordIterations, 0, 0);
 1032     if (r < 0) {
 1033         log_err(ctx, _("Cannot open keyslot (using hash %s)."), hdr->hashSpec);
 1034         goto out;
 1035     }
 1036 
 1037     log_dbg(ctx, "Reading key slot %d area.", keyIndex);
 1038     r = LUKS_decrypt_from_storage(AfKey,
 1039                       AFEKSize,
 1040                       hdr->cipherName, hdr->cipherMode,
 1041                       derived_key,
 1042                       hdr->keyblock[keyIndex].keyMaterialOffset,
 1043                       ctx);
 1044     if (r < 0)
 1045         goto out;
 1046 
 1047     r = AF_merge(ctx, AfKey, (*vk)->key, (*vk)->keylength, hdr->keyblock[keyIndex].stripes, hdr->hashSpec);
 1048     if (r < 0)
 1049         goto out;
 1050 
 1051     r = LUKS_verify_volume_key(hdr, *vk);
 1052 
 1053     /* Allow only empty passphrase with null cipher */
 1054     if (!r && crypt_is_cipher_null(hdr->cipherName) && passwordLen)
 1055         r = -EPERM;
 1056 out:
 1057     if (r < 0) {
 1058         crypt_free_volume_key(*vk);
 1059         *vk = NULL;
 1060     }
 1061     crypt_safe_free(AfKey);
 1062     crypt_free_volume_key(derived_key);
 1063     return r;
 1064 }
 1065 
 1066 int LUKS_open_key_with_hdr(int keyIndex,
 1067                const char *password,
 1068                size_t passwordLen,
 1069                struct luks_phdr *hdr,
 1070                struct volume_key **vk,
 1071                struct crypt_device *ctx)
 1072 {
 1073     unsigned int i, tried = 0;
 1074     int r;
 1075 
 1076     if (keyIndex >= 0) {
 1077         r = LUKS_open_key(keyIndex, password, passwordLen, hdr, vk, ctx);
 1078         return (r < 0) ? r : keyIndex;
 1079     }
 1080 
 1081     for (i = 0; i < LUKS_NUMKEYS; i++) {
 1082         r = LUKS_open_key(i, password, passwordLen, hdr, vk, ctx);
 1083         if (r == 0)
 1084             return i;
 1085 
 1086         /* Do not retry for errors that are no -EPERM or -ENOENT,
 1087            former meaning password wrong, latter key slot inactive */
 1088         if ((r != -EPERM) && (r != -ENOENT))
 1089             return r;
 1090         if (r == -EPERM)
 1091             tried++;
 1092     }
 1093     /* Warning, early returns above */
 1094     return tried ? -EPERM : -ENOENT;
 1095 }
 1096 
 1097 int LUKS_del_key(unsigned int keyIndex,
 1098          struct luks_phdr *hdr,
 1099          struct crypt_device *ctx)
 1100 {
 1101     struct device *device = crypt_metadata_device(ctx);
 1102     unsigned int startOffset, endOffset;
 1103     int r;
 1104 
 1105     r = LUKS_read_phdr(hdr, 1, 0, ctx);
 1106     if (r)
 1107         return r;
 1108 
 1109     r = LUKS_keyslot_set(hdr, keyIndex, 0, ctx);
 1110     if (r) {
 1111         log_err(ctx, _("Key slot %d is invalid, please select keyslot between 0 and %d."),
 1112             keyIndex, LUKS_NUMKEYS - 1);
 1113         return r;
 1114     }
 1115 
 1116     /* secure deletion of key material */
 1117     startOffset = hdr->keyblock[keyIndex].keyMaterialOffset;
 1118     endOffset = startOffset + AF_split_sectors(hdr->keyBytes, hdr->keyblock[keyIndex].stripes);
 1119 
 1120     r = crypt_wipe_device(ctx, device, CRYPT_WIPE_SPECIAL, startOffset * SECTOR_SIZE,
 1121                   (endOffset - startOffset) * SECTOR_SIZE,
 1122                   (endOffset - startOffset) * SECTOR_SIZE, NULL, NULL);
 1123     if (r) {
 1124         if (r == -EACCES) {
 1125             log_err(ctx, _("Cannot write to device %s, permission denied."),
 1126                 device_path(device));
 1127             r = -EINVAL;
 1128         } else
 1129             log_err(ctx, _("Cannot wipe device %s."),
 1130                 device_path(device));
 1131         return r;
 1132     }
 1133 
 1134     /* Wipe keyslot info */
 1135     memset(&hdr->keyblock[keyIndex].passwordSalt, 0, LUKS_SALTSIZE);
 1136     hdr->keyblock[keyIndex].passwordIterations = 0;
 1137 
 1138     r = LUKS_write_phdr(hdr, ctx);
 1139 
 1140     return r;
 1141 }
 1142 
 1143 crypt_keyslot_info LUKS_keyslot_info(struct luks_phdr *hdr, int keyslot)
 1144 {
 1145     int i;
 1146 
 1147     if(keyslot >= LUKS_NUMKEYS || keyslot < 0)
 1148         return CRYPT_SLOT_INVALID;
 1149 
 1150     if (hdr->keyblock[keyslot].active == LUKS_KEY_DISABLED)
 1151         return CRYPT_SLOT_INACTIVE;
 1152 
 1153     if (hdr->keyblock[keyslot].active != LUKS_KEY_ENABLED)
 1154         return CRYPT_SLOT_INVALID;
 1155 
 1156     for(i = 0; i < LUKS_NUMKEYS; i++)
 1157         if(i != keyslot && hdr->keyblock[i].active == LUKS_KEY_ENABLED)
 1158             return CRYPT_SLOT_ACTIVE;
 1159 
 1160     return CRYPT_SLOT_ACTIVE_LAST;
 1161 }
 1162 
 1163 int LUKS_keyslot_find_empty(struct luks_phdr *hdr)
 1164 {
 1165     int i;
 1166 
 1167     for (i = 0; i < LUKS_NUMKEYS; i++)
 1168         if(hdr->keyblock[i].active == LUKS_KEY_DISABLED)
 1169             break;
 1170 
 1171     if (i == LUKS_NUMKEYS)
 1172         return -EINVAL;
 1173 
 1174     return i;
 1175 }
 1176 
 1177 int LUKS_keyslot_active_count(struct luks_phdr *hdr)
 1178 {
 1179     int i, num = 0;
 1180 
 1181     for (i = 0; i < LUKS_NUMKEYS; i++)
 1182         if(hdr->keyblock[i].active == LUKS_KEY_ENABLED)
 1183             num++;
 1184 
 1185     return num;
 1186 }
 1187 
 1188 int LUKS_keyslot_set(struct luks_phdr *hdr, int keyslot, int enable, struct crypt_device *ctx)
 1189 {
 1190     crypt_keyslot_info ki = LUKS_keyslot_info(hdr, keyslot);
 1191 
 1192     if (ki == CRYPT_SLOT_INVALID)
 1193         return -EINVAL;
 1194 
 1195     hdr->keyblock[keyslot].active = enable ? LUKS_KEY_ENABLED : LUKS_KEY_DISABLED;
 1196     log_dbg(ctx, "Key slot %d was %s in LUKS header.", keyslot, enable ? "enabled" : "disabled");
 1197     return 0;
 1198 }
 1199 
 1200 int LUKS1_activate(struct crypt_device *cd,
 1201            const char *name,
 1202            struct volume_key *vk,
 1203            uint32_t flags)
 1204 {
 1205     int r;
 1206     struct crypt_dm_active_device dmd = {
 1207         .flags = flags,
 1208         .uuid = crypt_get_uuid(cd),
 1209     };
 1210 
 1211     r = dm_crypt_target_set(&dmd.segment, 0, dmd.size, crypt_data_device(cd),
 1212             vk, crypt_get_cipher_spec(cd), crypt_get_iv_offset(cd),
 1213             crypt_get_data_offset(cd), crypt_get_integrity(cd),
 1214             crypt_get_integrity_tag_size(cd), crypt_get_sector_size(cd));
 1215     if (!r)
 1216         r = create_or_reload_device(cd, name, CRYPT_LUKS1, &dmd);
 1217 
 1218     dm_targets_free(cd, &dmd);
 1219 
 1220     return r;
 1221 }
 1222 
 1223 int LUKS_wipe_header_areas(struct luks_phdr *hdr,
 1224     struct crypt_device *ctx)
 1225 {
 1226     int i, r;
 1227     uint64_t offset, length;
 1228     size_t wipe_block;
 1229 
 1230     /* Wipe complete header, keyslots and padding areas with zeroes. */
 1231     offset = 0;
 1232     length = (uint64_t)hdr->payloadOffset * SECTOR_SIZE;
 1233     wipe_block = 1024 * 1024;
 1234 
 1235     /* On detached header or bogus header, wipe at least the first 4k */
 1236     if (length == 0 || length > (LUKS_MAX_KEYSLOT_SIZE * LUKS_NUMKEYS)) {
 1237         length = 4096;
 1238         wipe_block = 4096;
 1239     }
 1240 
 1241     log_dbg(ctx, "Wiping LUKS areas (0x%06" PRIx64 " - 0x%06" PRIx64") with zeroes.",
 1242         offset, length + offset);
 1243 
 1244     r = crypt_wipe_device(ctx, crypt_metadata_device(ctx), CRYPT_WIPE_ZERO,
 1245                   offset, length, wipe_block, NULL, NULL);
 1246     if (r < 0)
 1247         return r;
 1248 
 1249     /* Wipe keyslots areas */
 1250     wipe_block = 1024 * 1024;
 1251     for (i = 0; i < LUKS_NUMKEYS; i++) {
 1252         r = LUKS_keyslot_area(hdr, i, &offset, &length);
 1253         if (r < 0)
 1254             return r;
 1255 
 1256         /* Ignore too big LUKS1 keyslots here */
 1257         if (length > LUKS_MAX_KEYSLOT_SIZE ||
 1258             offset > (LUKS_MAX_KEYSLOT_SIZE - length))
 1259             continue;
 1260 
 1261         if (length == 0 || offset < 4096)
 1262             return -EINVAL;
 1263 
 1264         log_dbg(ctx, "Wiping keyslot %i area (0x%06" PRIx64 " - 0x%06" PRIx64") with random data.",
 1265             i, offset, length + offset);
 1266 
 1267         r = crypt_wipe_device(ctx, crypt_metadata_device(ctx), CRYPT_WIPE_RANDOM,
 1268                 offset, length, wipe_block, NULL, NULL);
 1269         if (r < 0)
 1270             return r;
 1271     }
 1272 
 1273     return r;
 1274 }
 1275 
 1276 int LUKS_keyslot_pbkdf(struct luks_phdr *hdr, int keyslot, struct crypt_pbkdf_type *pbkdf)
 1277 {
 1278     if (LUKS_keyslot_info(hdr, keyslot) < CRYPT_SLOT_ACTIVE)
 1279         return -EINVAL;
 1280 
 1281     pbkdf->type = CRYPT_KDF_PBKDF2;
 1282     pbkdf->hash = hdr->hashSpec;
 1283     pbkdf->iterations = hdr->keyblock[keyslot].passwordIterations;
 1284     pbkdf->max_memory_kb = 0;
 1285     pbkdf->parallel_threads = 0;
 1286     pbkdf->time_ms = 0;
 1287     pbkdf->flags = 0;
 1288     return 0;
 1289 }