"Fossies" - the Fresh Open Source Software Archive 
Member "cryptsetup-2.4.3/lib/luks2/luks2_luks1_convert.c" (13 Jan 2022, 26809 Bytes) of package /linux/misc/cryptsetup-2.4.3.tar.xz:
As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style:
standard) with prefixed line numbers and
code folding option.
Alternatively you can here
view or
download the uninterpreted source code file.
For more information about "luks2_luks1_convert.c" see the
Fossies "Dox" file reference documentation and the last
Fossies "Diffs" side-by-side code changes report:
2.3.6_vs_2.4.0.
1 /*
2 * LUKS - Linux Unified Key Setup v2, LUKS1 conversion code
3 *
4 * Copyright (C) 2015-2021 Red Hat, Inc. All rights reserved.
5 * Copyright (C) 2015-2021 Ondrej Kozina
6 * Copyright (C) 2015-2021 Milan Broz
7 *
8 * This program is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU General Public License
10 * as published by the Free Software Foundation; either version 2
11 * of the License, or (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
21 */
22
23 #include "luks2_internal.h"
24 #include "../luks1/luks.h"
25 #include "../luks1/af.h"
26
27 int LUKS2_check_cipher(struct crypt_device *cd,
28 size_t keylength,
29 const char *cipher,
30 const char *cipher_mode)
31 {
32 return LUKS_check_cipher(cd, keylength, cipher, cipher_mode);
33 }
34
35 static int json_luks1_keyslot(const struct luks_phdr *hdr_v1, int keyslot, struct json_object **keyslot_object)
36 {
37 char *base64_str, cipher[LUKS_CIPHERNAME_L+LUKS_CIPHERMODE_L];
38 size_t base64_len;
39 struct json_object *keyslot_obj, *field, *jobj_kdf, *jobj_af, *jobj_area;
40 uint64_t offset, area_size, offs_a, offs_b, length;
41
42 keyslot_obj = json_object_new_object();
43 json_object_object_add(keyslot_obj, "type", json_object_new_string("luks2"));
44 json_object_object_add(keyslot_obj, "key_size", json_object_new_int64(hdr_v1->keyBytes));
45
46 /* KDF */
47 jobj_kdf = json_object_new_object();
48 json_object_object_add(jobj_kdf, "type", json_object_new_string(CRYPT_KDF_PBKDF2));
49 json_object_object_add(jobj_kdf, "hash", json_object_new_string(hdr_v1->hashSpec));
50 json_object_object_add(jobj_kdf, "iterations", json_object_new_int64(hdr_v1->keyblock[keyslot].passwordIterations));
51 /* salt field */
52 base64_len = base64_encode_alloc(hdr_v1->keyblock[keyslot].passwordSalt, LUKS_SALTSIZE, &base64_str);
53 if (!base64_str) {
54 json_object_put(keyslot_obj);
55 json_object_put(jobj_kdf);
56 if (!base64_len)
57 return -EINVAL;
58 return -ENOMEM;
59 }
60 field = json_object_new_string_len(base64_str, base64_len);
61 free(base64_str);
62 json_object_object_add(jobj_kdf, "salt", field);
63 json_object_object_add(keyslot_obj, "kdf", jobj_kdf);
64
65 /* AF */
66 jobj_af = json_object_new_object();
67 json_object_object_add(jobj_af, "type", json_object_new_string("luks1"));
68 json_object_object_add(jobj_af, "hash", json_object_new_string(hdr_v1->hashSpec));
69 /* stripes field ignored, fixed to LUKS_STRIPES (4000) */
70 json_object_object_add(jobj_af, "stripes", json_object_new_int(4000));
71 json_object_object_add(keyslot_obj, "af", jobj_af);
72
73 /* Area */
74 jobj_area = json_object_new_object();
75 json_object_object_add(jobj_area, "type", json_object_new_string("raw"));
76
77 /* encryption algorithm field */
78 if (*hdr_v1->cipherMode != '\0') {
79 (void) snprintf(cipher, sizeof(cipher), "%s-%s", hdr_v1->cipherName, hdr_v1->cipherMode);
80 json_object_object_add(jobj_area, "encryption", json_object_new_string(cipher));
81 } else
82 json_object_object_add(jobj_area, "encryption", json_object_new_string(hdr_v1->cipherName));
83
84 /* area */
85 if (LUKS_keyslot_area(hdr_v1, 0, &offs_a, &length) ||
86 LUKS_keyslot_area(hdr_v1, 1, &offs_b, &length) ||
87 LUKS_keyslot_area(hdr_v1, keyslot, &offset, &length)) {
88 json_object_put(keyslot_obj);
89 json_object_put(jobj_area);
90 return -EINVAL;
91 }
92 area_size = offs_b - offs_a;
93 json_object_object_add(jobj_area, "key_size", json_object_new_int(hdr_v1->keyBytes));
94 json_object_object_add(jobj_area, "offset", crypt_jobj_new_uint64(offset));
95 json_object_object_add(jobj_area, "size", crypt_jobj_new_uint64(area_size));
96 json_object_object_add(keyslot_obj, "area", jobj_area);
97
98 *keyslot_object = keyslot_obj;
99 return 0;
100 }
101
102 static int json_luks1_keyslots(const struct luks_phdr *hdr_v1, struct json_object **keyslots_object)
103 {
104 int keyslot, r;
105 struct json_object *keyslot_obj, *field;
106
107 keyslot_obj = json_object_new_object();
108 if (!keyslot_obj)
109 return -ENOMEM;
110
111 for (keyslot = 0; keyslot < LUKS_NUMKEYS; keyslot++) {
112 if (hdr_v1->keyblock[keyslot].active != LUKS_KEY_ENABLED)
113 continue;
114 r = json_luks1_keyslot(hdr_v1, keyslot, &field);
115 if (r) {
116 json_object_put(keyslot_obj);
117 return r;
118 }
119 json_object_object_add_by_uint(keyslot_obj, keyslot, field);
120 }
121
122 *keyslots_object = keyslot_obj;
123 return 0;
124 }
125
126 static int json_luks1_segment(const struct luks_phdr *hdr_v1, struct json_object **segment_object)
127 {
128 const char *c;
129 char cipher[LUKS_CIPHERNAME_L+LUKS_CIPHERMODE_L];
130 struct json_object *segment_obj, *field;
131 uint64_t number;
132
133 segment_obj = json_object_new_object();
134 if (!segment_obj)
135 return -ENOMEM;
136
137 /* type field */
138 field = json_object_new_string("crypt");
139 if (!field) {
140 json_object_put(segment_obj);
141 return -ENOMEM;
142 }
143 json_object_object_add(segment_obj, "type", field);
144
145 /* offset field */
146 number = (uint64_t)hdr_v1->payloadOffset * SECTOR_SIZE;
147
148 field = crypt_jobj_new_uint64(number);
149 if (!field) {
150 json_object_put(segment_obj);
151 return -ENOMEM;
152 }
153 json_object_object_add(segment_obj, "offset", field);
154
155 /* iv_tweak field */
156 field = json_object_new_string("0");
157 if (!field) {
158 json_object_put(segment_obj);
159 return -ENOMEM;
160 }
161 json_object_object_add(segment_obj, "iv_tweak", field);
162
163 /* length field */
164 field = json_object_new_string("dynamic");
165 if (!field) {
166 json_object_put(segment_obj);
167 return -ENOMEM;
168 }
169 json_object_object_add(segment_obj, "size", field);
170
171 /* cipher field */
172 if (*hdr_v1->cipherMode != '\0') {
173 (void) snprintf(cipher, sizeof(cipher), "%s-%s", hdr_v1->cipherName, hdr_v1->cipherMode);
174 c = cipher;
175 } else
176 c = hdr_v1->cipherName;
177
178 field = json_object_new_string(c);
179 if (!field) {
180 json_object_put(segment_obj);
181 return -ENOMEM;
182 }
183 json_object_object_add(segment_obj, "encryption", field);
184
185 /* block field */
186 field = json_object_new_int(SECTOR_SIZE);
187 if (!field) {
188 json_object_put(segment_obj);
189 return -ENOMEM;
190 }
191 json_object_object_add(segment_obj, "sector_size", field);
192
193 *segment_object = segment_obj;
194 return 0;
195 }
196
197 static int json_luks1_segments(const struct luks_phdr *hdr_v1, struct json_object **segments_object)
198 {
199 int r;
200 struct json_object *segments_obj, *field;
201
202 segments_obj = json_object_new_object();
203 if (!segments_obj)
204 return -ENOMEM;
205
206 r = json_luks1_segment(hdr_v1, &field);
207 if (r) {
208 json_object_put(segments_obj);
209 return r;
210 }
211 json_object_object_add_by_uint(segments_obj, 0, field);
212
213 *segments_object = segments_obj;
214 return 0;
215 }
216
217 static int json_luks1_digest(const struct luks_phdr *hdr_v1, struct json_object **digest_object)
218 {
219 char keyslot_str[2], *base64_str;
220 int ks;
221 size_t base64_len;
222 struct json_object *digest_obj, *array, *field;
223
224 digest_obj = json_object_new_object();
225 if (!digest_obj)
226 return -ENOMEM;
227
228 /* type field */
229 field = json_object_new_string("pbkdf2");
230 if (!field) {
231 json_object_put(digest_obj);
232 return -ENOMEM;
233 }
234 json_object_object_add(digest_obj, "type", field);
235
236 /* keyslots array */
237 array = json_object_new_array();
238 if (!array) {
239 json_object_put(digest_obj);
240 return -ENOMEM;
241 }
242 json_object_object_add(digest_obj, "keyslots", json_object_get(array));
243
244 for (ks = 0; ks < LUKS_NUMKEYS; ks++) {
245 if (hdr_v1->keyblock[ks].active != LUKS_KEY_ENABLED)
246 continue;
247 (void) snprintf(keyslot_str, sizeof(keyslot_str), "%d", ks);
248
249 field = json_object_new_string(keyslot_str);
250 if (!field || json_object_array_add(array, field) < 0) {
251 json_object_put(field);
252 json_object_put(array);
253 json_object_put(digest_obj);
254 return -ENOMEM;
255 }
256 }
257
258 json_object_put(array);
259
260 /* segments array */
261 array = json_object_new_array();
262 if (!array) {
263 json_object_put(digest_obj);
264 return -ENOMEM;
265 }
266 json_object_object_add(digest_obj, "segments", json_object_get(array));
267
268 field = json_object_new_string("0");
269 if (!field || json_object_array_add(array, field) < 0) {
270 json_object_put(field);
271 json_object_put(array);
272 json_object_put(digest_obj);
273 return -ENOMEM;
274 }
275
276 json_object_put(array);
277
278 /* hash field */
279 field = json_object_new_string(hdr_v1->hashSpec);
280 if (!field) {
281 json_object_put(digest_obj);
282 return -ENOMEM;
283 }
284 json_object_object_add(digest_obj, "hash", field);
285
286 /* salt field */
287 base64_len = base64_encode_alloc(hdr_v1->mkDigestSalt, LUKS_SALTSIZE, &base64_str);
288 if (!base64_str) {
289 json_object_put(digest_obj);
290 if (!base64_len)
291 return -EINVAL;
292 return -ENOMEM;
293 }
294
295 field = json_object_new_string_len(base64_str, base64_len);
296 free(base64_str);
297 if (!field) {
298 json_object_put(digest_obj);
299 return -ENOMEM;
300 }
301 json_object_object_add(digest_obj, "salt", field);
302
303 /* digest field */
304 base64_len = base64_encode_alloc(hdr_v1->mkDigest, LUKS_DIGESTSIZE, &base64_str);
305 if (!base64_str) {
306 json_object_put(digest_obj);
307 if (!base64_len)
308 return -EINVAL;
309 return -ENOMEM;
310 }
311
312 field = json_object_new_string_len(base64_str, base64_len);
313 free(base64_str);
314 if (!field) {
315 json_object_put(digest_obj);
316 return -ENOMEM;
317 }
318 json_object_object_add(digest_obj, "digest", field);
319
320 /* iterations field */
321 field = json_object_new_int64(hdr_v1->mkDigestIterations);
322 if (!field) {
323 json_object_put(digest_obj);
324 return -ENOMEM;
325 }
326 json_object_object_add(digest_obj, "iterations", field);
327
328 *digest_object = digest_obj;
329 return 0;
330 }
331
332 static int json_luks1_digests(const struct luks_phdr *hdr_v1, struct json_object **digests_object)
333 {
334 int r;
335 struct json_object *digests_obj, *field;
336
337 digests_obj = json_object_new_object();
338 if (!digests_obj)
339 return -ENOMEM;
340
341 r = json_luks1_digest(hdr_v1, &field);
342 if (r) {
343 json_object_put(digests_obj);
344 return r;
345 }
346 json_object_object_add(digests_obj, "0", field);
347
348 *digests_object = digests_obj;
349 return 0;
350 }
351
352 static int json_luks1_object(struct luks_phdr *hdr_v1, struct json_object **luks1_object, uint64_t keyslots_size)
353 {
354 int r;
355 struct json_object *luks1_obj, *field;
356 uint64_t json_size;
357
358 luks1_obj = json_object_new_object();
359 if (!luks1_obj)
360 return -ENOMEM;
361
362 /* keyslots field */
363 r = json_luks1_keyslots(hdr_v1, &field);
364 if (r) {
365 json_object_put(luks1_obj);
366 return r;
367 }
368 json_object_object_add(luks1_obj, "keyslots", field);
369
370 /* tokens field */
371 field = json_object_new_object();
372 if (!field) {
373 json_object_put(luks1_obj);
374 return -ENOMEM;
375 }
376 json_object_object_add(luks1_obj, "tokens", field);
377
378 /* segments field */
379 r = json_luks1_segments(hdr_v1, &field);
380 if (r) {
381 json_object_put(luks1_obj);
382 return r;
383 }
384 json_object_object_add(luks1_obj, "segments", field);
385
386 /* digests field */
387 r = json_luks1_digests(hdr_v1, &field);
388 if (r) {
389 json_object_put(luks1_obj);
390 return r;
391 }
392 json_object_object_add(luks1_obj, "digests", field);
393
394 /* config field */
395 /* anything else? */
396 field = json_object_new_object();
397 if (!field) {
398 json_object_put(luks1_obj);
399 return -ENOMEM;
400 }
401 json_object_object_add(luks1_obj, "config", field);
402
403 json_size = LUKS2_HDR_16K_LEN - LUKS2_HDR_BIN_LEN;
404 json_object_object_add(field, "json_size", crypt_jobj_new_uint64(json_size));
405 keyslots_size -= (keyslots_size % 4096);
406 json_object_object_add(field, "keyslots_size", crypt_jobj_new_uint64(keyslots_size));
407
408 *luks1_object = luks1_obj;
409 return 0;
410 }
411
412 static void move_keyslot_offset(json_object *jobj, int offset_add)
413 {
414 json_object *jobj1, *jobj2, *jobj_area;
415 uint64_t offset = 0;
416
417 json_object_object_get_ex(jobj, "keyslots", &jobj1);
418 json_object_object_foreach(jobj1, key, val) {
419 UNUSED(key);
420 json_object_object_get_ex(val, "area", &jobj_area);
421 json_object_object_get_ex(jobj_area, "offset", &jobj2);
422 offset = crypt_jobj_get_uint64(jobj2) + offset_add;
423 json_object_object_add(jobj_area, "offset", crypt_jobj_new_uint64(offset));
424 }
425 }
426
427 /* FIXME: return specific error code for partial write error (aka keyslots are gone) */
428 static int move_keyslot_areas(struct crypt_device *cd, off_t offset_from,
429 off_t offset_to, size_t buf_size)
430 {
431 int devfd, r = -EIO;
432 struct device *device = crypt_metadata_device(cd);
433 void *buf = NULL;
434
435 log_dbg(cd, "Moving keyslot areas of size %zu from %jd to %jd.",
436 buf_size, (intmax_t)offset_from, (intmax_t)offset_to);
437
438 if (posix_memalign(&buf, crypt_getpagesize(), buf_size))
439 return -ENOMEM;
440
441 devfd = device_open(cd, device, O_RDWR);
442 if (devfd < 0) {
443 free(buf);
444 return -EIO;
445 }
446
447 /* This can safely fail (for block devices). It only allocates space if it is possible. */
448 if (posix_fallocate(devfd, offset_to, buf_size))
449 log_dbg(cd, "Preallocation (fallocate) of new keyslot area not available.");
450
451 /* Try to read *new* area to check that area is there (trimmed backup). */
452 if (read_lseek_blockwise(devfd, device_block_size(cd, device),
453 device_alignment(device), buf, buf_size,
454 offset_to)!= (ssize_t)buf_size)
455 goto out;
456
457 if (read_lseek_blockwise(devfd, device_block_size(cd, device),
458 device_alignment(device), buf, buf_size,
459 offset_from)!= (ssize_t)buf_size)
460 goto out;
461
462 if (write_lseek_blockwise(devfd, device_block_size(cd, device),
463 device_alignment(device), buf, buf_size,
464 offset_to) != (ssize_t)buf_size)
465 goto out;
466
467 r = 0;
468 out:
469 device_sync(cd, device);
470 crypt_safe_memzero(buf, buf_size);
471 free(buf);
472
473 return r;
474 }
475
476 static int luks_header_in_use(struct crypt_device *cd)
477 {
478 int r;
479
480 r = lookup_dm_dev_by_uuid(cd, crypt_get_uuid(cd), crypt_get_type(cd));
481 if (r < 0)
482 log_err(cd, _("Cannot check status of device with uuid: %s."), crypt_get_uuid(cd));
483
484 return r;
485 }
486
487 /* Check if there is a luksmeta area (foreign metadata created by the luksmeta package) */
488 static int luksmeta_header_present(struct crypt_device *cd, off_t luks1_size)
489 {
490 int devfd, r = 0;
491 static const uint8_t LM_MAGIC[] = { 'L', 'U', 'K', 'S', 'M', 'E', 'T', 'A' };
492 struct device *device = crypt_metadata_device(cd);
493 void *buf = NULL;
494
495 if (posix_memalign(&buf, crypt_getpagesize(), sizeof(LM_MAGIC)))
496 return -ENOMEM;
497
498 devfd = device_open(cd, device, O_RDONLY);
499 if (devfd < 0) {
500 free(buf);
501 return -EIO;
502 }
503
504 /* Note: we must not detect failure as problem here, header can be trimmed. */
505 if (read_lseek_blockwise(devfd, device_block_size(cd, device), device_alignment(device),
506 buf, sizeof(LM_MAGIC), luks1_size) == (ssize_t)sizeof(LM_MAGIC) &&
507 !memcmp(LM_MAGIC, buf, sizeof(LM_MAGIC))) {
508 log_err(cd, _("Unable to convert header with LUKSMETA additional metadata."));
509 r = -EBUSY;
510 }
511
512 free(buf);
513 return r;
514 }
515
516 /* Convert LUKS1 -> LUKS2 */
517 int LUKS2_luks1_to_luks2(struct crypt_device *cd, struct luks_phdr *hdr1, struct luks2_hdr *hdr2)
518 {
519 int r;
520 json_object *jobj = NULL;
521 size_t buf_size, buf_offset, luks1_size, luks1_shift = 2 * LUKS2_HDR_16K_LEN - LUKS_ALIGN_KEYSLOTS;
522 uint64_t required_size, max_size = crypt_get_data_offset(cd) * SECTOR_SIZE;
523
524 /* for detached headers max size == device size */
525 if (!max_size && (r = device_size(crypt_metadata_device(cd), &max_size)))
526 return r;
527
528 luks1_size = LUKS_device_sectors(hdr1) << SECTOR_SHIFT;
529 luks1_size = size_round_up(luks1_size, LUKS_ALIGN_KEYSLOTS);
530 if (!luks1_size)
531 return -EINVAL;
532
533 if (LUKS_keyslots_offset(hdr1) != (LUKS_ALIGN_KEYSLOTS / SECTOR_SIZE)) {
534 log_dbg(cd, "Unsupported keyslots material offset: %zu.", LUKS_keyslots_offset(hdr1));
535 return -EINVAL;
536 }
537
538 if (luksmeta_header_present(cd, luks1_size))
539 return -EINVAL;
540
541 log_dbg(cd, "Max size: %" PRIu64 ", LUKS1 (full) header size %zu , required shift: %zu",
542 max_size, luks1_size, luks1_shift);
543
544 required_size = luks1_size + luks1_shift;
545
546 if ((max_size < required_size) &&
547 device_fallocate(crypt_metadata_device(cd), required_size)) {
548 log_err(cd, _("Unable to move keyslot area. Not enough space."));
549 return -EINVAL;
550 }
551
552 if (max_size < required_size)
553 max_size = required_size;
554
555 r = json_luks1_object(hdr1, &jobj, max_size - 2 * LUKS2_HDR_16K_LEN);
556 if (r < 0)
557 return r;
558
559 move_keyslot_offset(jobj, luks1_shift);
560
561 // fill hdr2
562 memset(hdr2, 0, sizeof(*hdr2));
563 hdr2->hdr_size = LUKS2_HDR_16K_LEN;
564 hdr2->seqid = 1;
565 hdr2->version = 2;
566 strncpy(hdr2->checksum_alg, "sha256", LUKS2_CHECKSUM_ALG_L);
567 crypt_random_get(cd, (char*)hdr2->salt1, sizeof(hdr2->salt1), CRYPT_RND_SALT);
568 crypt_random_get(cd, (char*)hdr2->salt2, sizeof(hdr2->salt2), CRYPT_RND_SALT);
569 strncpy(hdr2->uuid, crypt_get_uuid(cd), LUKS2_UUID_L-1); /* UUID should be max 36 chars */
570 hdr2->jobj = jobj;
571
572 /*
573 * It duplicates check in LUKS2_hdr_write() but we don't want to move
574 * keyslot areas in case it would fail later
575 */
576 if (max_size < LUKS2_hdr_and_areas_size(hdr2)) {
577 r = -EINVAL;
578 goto out;
579 }
580
581 /* check future LUKS2 metadata before moving keyslots area */
582 if (LUKS2_hdr_validate(cd, hdr2->jobj, hdr2->hdr_size - LUKS2_HDR_BIN_LEN)) {
583 r = -EINVAL;
584 goto out;
585 }
586
587 if ((r = luks_header_in_use(cd))) {
588 if (r > 0)
589 r = -EBUSY;
590 goto out;
591 }
592
593 // move keyslots 4k -> 32k offset
594 buf_offset = 2 * LUKS2_HDR_16K_LEN;
595 buf_size = luks1_size - LUKS_ALIGN_KEYSLOTS;
596
597 /* check future LUKS2 keyslots area is at least as large as LUKS1 keyslots area */
598 if (buf_size > LUKS2_keyslots_size(hdr2)) {
599 log_err(cd, _("Unable to move keyslot area. LUKS2 keyslots area too small."));
600 r = -EINVAL;
601 goto out;
602 }
603
604 if ((r = move_keyslot_areas(cd, 8 * SECTOR_SIZE, buf_offset, buf_size)) < 0) {
605 log_err(cd, _("Unable to move keyslot area."));
606 goto out;
607 }
608
609 // Write JSON hdr2
610 r = LUKS2_hdr_write(cd, hdr2);
611 out:
612 LUKS2_hdr_free(cd, hdr2);
613
614 return r;
615 }
616
617 static int keyslot_LUKS1_compatible(struct crypt_device *cd, struct luks2_hdr *hdr,
618 int keyslot, uint32_t key_size, const char *hash)
619 {
620 json_object *jobj_keyslot, *jobj, *jobj_kdf, *jobj_af;
621 uint64_t l2_offset, l2_length;
622 size_t ks_key_size;
623 const char *ks_cipher, *data_cipher;
624
625 jobj_keyslot = LUKS2_get_keyslot_jobj(hdr, keyslot);
626 if (!jobj_keyslot)
627 return 1;
628
629 if (!json_object_object_get_ex(jobj_keyslot, "type", &jobj) ||
630 strcmp(json_object_get_string(jobj), "luks2"))
631 return 0;
632
633 /* Using PBKDF2, this implies memory and parallel is not used. */
634 jobj = NULL;
635 if (!json_object_object_get_ex(jobj_keyslot, "kdf", &jobj_kdf) ||
636 !json_object_object_get_ex(jobj_kdf, "type", &jobj) ||
637 strcmp(json_object_get_string(jobj), CRYPT_KDF_PBKDF2) ||
638 !json_object_object_get_ex(jobj_kdf, "hash", &jobj) ||
639 strcmp(json_object_get_string(jobj), hash))
640 return 0;
641
642 jobj = NULL;
643 if (!json_object_object_get_ex(jobj_keyslot, "af", &jobj_af) ||
644 !json_object_object_get_ex(jobj_af, "stripes", &jobj) ||
645 json_object_get_int(jobj) != LUKS_STRIPES)
646 return 0;
647
648 jobj = NULL;
649 if (!json_object_object_get_ex(jobj_af, "hash", &jobj) ||
650 (crypt_hash_size(json_object_get_string(jobj)) < 0) ||
651 strcmp(json_object_get_string(jobj), hash))
652 return 0;
653
654 /* FIXME: should this go to validation code instead (aka invalid luks2 header if assigned to segment 0)? */
655 /* FIXME: check all keyslots are assigned to segment id 0, and segments count == 1 */
656 ks_cipher = LUKS2_get_keyslot_cipher(hdr, keyslot, &ks_key_size);
657 data_cipher = LUKS2_get_cipher(hdr, CRYPT_DEFAULT_SEGMENT);
658 if (!ks_cipher || !data_cipher || key_size != ks_key_size || strcmp(ks_cipher, data_cipher)) {
659 log_dbg(cd, "Cipher in keyslot %d is different from volume key encryption.", keyslot);
660 return 0;
661 }
662
663 if (LUKS2_keyslot_area(hdr, keyslot, &l2_offset, &l2_length))
664 return 0;
665
666 if (l2_length != (size_round_up(AF_split_sectors(key_size, LUKS_STRIPES) * SECTOR_SIZE, 4096))) {
667 log_dbg(cd, "Area length in LUKS2 keyslot (%d) is not compatible with LUKS1", keyslot);
668 return 0;
669 }
670
671 return 1;
672 }
673
674 /* Convert LUKS2 -> LUKS1 */
675 int LUKS2_luks2_to_luks1(struct crypt_device *cd, struct luks2_hdr *hdr2, struct luks_phdr *hdr1)
676 {
677 size_t buf_size, buf_offset;
678 char cipher[LUKS_CIPHERNAME_L], cipher_mode[LUKS_CIPHERMODE_L];
679 char digest[LUKS_DIGESTSIZE], digest_salt[LUKS_SALTSIZE];
680 const char *hash;
681 size_t len;
682 json_object *jobj_keyslot, *jobj_digest, *jobj_segment, *jobj_kdf, *jobj_area, *jobj1, *jobj2;
683 uint32_t key_size;
684 int i, r, last_active = 0;
685 uint64_t offset, area_length;
686 char buf[256], luksMagic[] = LUKS_MAGIC;
687
688 jobj_digest = LUKS2_get_digest_jobj(hdr2, 0);
689 if (!jobj_digest)
690 return -EINVAL;
691
692 jobj_segment = LUKS2_get_segment_jobj(hdr2, CRYPT_DEFAULT_SEGMENT);
693 if (!jobj_segment)
694 return -EINVAL;
695
696 if (json_segment_get_sector_size(jobj_segment) != SECTOR_SIZE) {
697 log_err(cd, _("Cannot convert to LUKS1 format - default segment encryption sector size is not 512 bytes."));
698 return -EINVAL;
699 }
700
701 json_object_object_get_ex(hdr2->jobj, "digests", &jobj1);
702 if (!json_object_object_get_ex(jobj_digest, "type", &jobj2) ||
703 strcmp(json_object_get_string(jobj2), "pbkdf2") ||
704 json_object_object_length(jobj1) != 1) {
705 log_err(cd, _("Cannot convert to LUKS1 format - key slot digests are not LUKS1 compatible."));
706 return -EINVAL;
707 }
708 if (!json_object_object_get_ex(jobj_digest, "hash", &jobj2))
709 return -EINVAL;
710 hash = json_object_get_string(jobj2);
711
712 r = crypt_parse_name_and_mode(LUKS2_get_cipher(hdr2, CRYPT_DEFAULT_SEGMENT), cipher, NULL, cipher_mode);
713 if (r < 0)
714 return r;
715
716 if (crypt_cipher_wrapped_key(cipher, cipher_mode)) {
717 log_err(cd, _("Cannot convert to LUKS1 format - device uses wrapped key cipher %s."), cipher);
718 return -EINVAL;
719 }
720
721 r = LUKS2_tokens_count(hdr2);
722 if (r < 0)
723 return r;
724 if (r > 0) {
725 log_err(cd, _("Cannot convert to LUKS1 format - LUKS2 header contains %u token(s)."), r);
726 return -EINVAL;
727 }
728
729 r = LUKS2_get_volume_key_size(hdr2, 0);
730 if (r < 0)
731 return -EINVAL;
732 key_size = r;
733
734 for (i = 0; i < LUKS2_KEYSLOTS_MAX; i++) {
735 if (LUKS2_keyslot_info(hdr2, i) == CRYPT_SLOT_INACTIVE)
736 continue;
737
738 if (LUKS2_keyslot_info(hdr2, i) == CRYPT_SLOT_INVALID) {
739 log_err(cd, _("Cannot convert to LUKS1 format - keyslot %u is in invalid state."), i);
740 return -EINVAL;
741 }
742
743 if (i >= LUKS_NUMKEYS) {
744 log_err(cd, _("Cannot convert to LUKS1 format - slot %u (over maximum slots) is still active."), i);
745 return -EINVAL;
746 }
747
748 if (!keyslot_LUKS1_compatible(cd, hdr2, i, key_size, hash)) {
749 log_err(cd, _("Cannot convert to LUKS1 format - keyslot %u is not LUKS1 compatible."), i);
750 return -EINVAL;
751 }
752 }
753
754 memset(hdr1, 0, sizeof(*hdr1));
755
756 for (i = 0; i < LUKS_NUMKEYS; i++) {
757 hdr1->keyblock[i].active = LUKS_KEY_DISABLED;
758 hdr1->keyblock[i].stripes = LUKS_STRIPES;
759
760 jobj_keyslot = LUKS2_get_keyslot_jobj(hdr2, i);
761
762 if (jobj_keyslot) {
763 if (!json_object_object_get_ex(jobj_keyslot, "area", &jobj_area))
764 return -EINVAL;
765 if (!json_object_object_get_ex(jobj_area, "offset", &jobj1))
766 return -EINVAL;
767 offset = crypt_jobj_get_uint64(jobj1);
768 } else {
769 if (LUKS2_find_area_gap(cd, hdr2, key_size, &offset, &area_length))
770 return -EINVAL;
771 /*
772 * We have to create placeholder luks2 keyslots in place of all
773 * inactive keyslots. Otherwise we would allocate all
774 * inactive luks1 keyslots over same binary keyslot area.
775 */
776 if (placeholder_keyslot_alloc(cd, i, offset, area_length, key_size))
777 return -EINVAL;
778 }
779
780 offset /= SECTOR_SIZE;
781 if (offset > UINT32_MAX)
782 return -EINVAL;
783
784 hdr1->keyblock[i].keyMaterialOffset = offset;
785 hdr1->keyblock[i].keyMaterialOffset -=
786 ((2 * LUKS2_HDR_16K_LEN - LUKS_ALIGN_KEYSLOTS) / SECTOR_SIZE);
787
788 if (!jobj_keyslot)
789 continue;
790
791 hdr1->keyblock[i].active = LUKS_KEY_ENABLED;
792 last_active = i;
793
794 if (!json_object_object_get_ex(jobj_keyslot, "kdf", &jobj_kdf))
795 continue;
796
797 if (!json_object_object_get_ex(jobj_kdf, "iterations", &jobj1))
798 continue;
799 hdr1->keyblock[i].passwordIterations = crypt_jobj_get_uint32(jobj1);
800
801 if (!json_object_object_get_ex(jobj_kdf, "salt", &jobj1))
802 continue;
803 len = sizeof(buf);
804 memset(buf, 0, len);
805 if (!base64_decode(json_object_get_string(jobj1),
806 json_object_get_string_len(jobj1), buf, &len))
807 continue;
808 if (len > 0 && len != LUKS_SALTSIZE)
809 continue;
810 memcpy(hdr1->keyblock[i].passwordSalt, buf, LUKS_SALTSIZE);
811 }
812
813 if (!jobj_keyslot) {
814 jobj_keyslot = LUKS2_get_keyslot_jobj(hdr2, last_active);
815 if (!jobj_keyslot)
816 return -EINVAL;
817 }
818
819 if (!json_object_object_get_ex(jobj_keyslot, "area", &jobj_area))
820 return -EINVAL;
821 if (!json_object_object_get_ex(jobj_area, "encryption", &jobj1))
822 return -EINVAL;
823 r = crypt_parse_name_and_mode(json_object_get_string(jobj1), cipher, NULL, cipher_mode);
824 if (r < 0)
825 return r;
826
827 strncpy(hdr1->cipherName, cipher, LUKS_CIPHERNAME_L - 1);
828 hdr1->cipherName[LUKS_CIPHERNAME_L-1] = '\0';
829 strncpy(hdr1->cipherMode, cipher_mode, LUKS_CIPHERMODE_L - 1);
830 hdr1->cipherMode[LUKS_CIPHERMODE_L-1] = '\0';
831
832 if (!json_object_object_get_ex(jobj_keyslot, "kdf", &jobj_kdf))
833 return -EINVAL;
834 if (!json_object_object_get_ex(jobj_kdf, "hash", &jobj1))
835 return -EINVAL;
836 strncpy(hdr1->hashSpec, json_object_get_string(jobj1), sizeof(hdr1->hashSpec) - 1);
837
838 hdr1->keyBytes = key_size;
839
840 if (!json_object_object_get_ex(jobj_digest, "iterations", &jobj1))
841 return -EINVAL;
842 hdr1->mkDigestIterations = crypt_jobj_get_uint32(jobj1);
843
844 if (!json_object_object_get_ex(jobj_digest, "digest", &jobj1))
845 return -EINVAL;
846 len = sizeof(digest);
847 if (!base64_decode(json_object_get_string(jobj1),
848 json_object_get_string_len(jobj1), digest, &len))
849 return -EINVAL;
850 /* We can store full digest here, not only sha1 length */
851 if (len < LUKS_DIGESTSIZE)
852 return -EINVAL;
853 memcpy(hdr1->mkDigest, digest, LUKS_DIGESTSIZE);
854
855 if (!json_object_object_get_ex(jobj_digest, "salt", &jobj1))
856 return -EINVAL;
857 len = sizeof(digest_salt);
858 if (!base64_decode(json_object_get_string(jobj1),
859 json_object_get_string_len(jobj1), digest_salt, &len))
860 return -EINVAL;
861 if (len != LUKS_SALTSIZE)
862 return -EINVAL;
863 memcpy(hdr1->mkDigestSalt, digest_salt, LUKS_SALTSIZE);
864
865 if (!json_object_object_get_ex(jobj_segment, "offset", &jobj1))
866 return -EINVAL;
867 offset = crypt_jobj_get_uint64(jobj1) / SECTOR_SIZE;
868 if (offset > UINT32_MAX)
869 return -EINVAL;
870 /* FIXME: LUKS1 requires offset == 0 || offset >= luks1_hdr_size */
871 hdr1->payloadOffset = offset;
872
873 strncpy(hdr1->uuid, hdr2->uuid, UUID_STRING_L); /* max 36 chars */
874 hdr1->uuid[UUID_STRING_L-1] = '\0';
875
876 memcpy(hdr1->magic, luksMagic, LUKS_MAGIC_L);
877
878 hdr1->version = 1;
879
880 r = luks_header_in_use(cd);
881 if (r)
882 return r > 0 ? -EBUSY : r;
883
884 // move keyslots 32k -> 4k offset
885 buf_offset = 2 * LUKS2_HDR_16K_LEN;
886 buf_size = LUKS2_keyslots_size(hdr2);
887 r = move_keyslot_areas(cd, buf_offset, 8 * SECTOR_SIZE, buf_size);
888 if (r < 0) {
889 log_err(cd, _("Unable to move keyslot area."));
890 return r;
891 }
892
893 crypt_wipe_device(cd, crypt_metadata_device(cd), CRYPT_WIPE_ZERO, 0,
894 8 * SECTOR_SIZE, 8 * SECTOR_SIZE, NULL, NULL);
895
896 // Write LUKS1 hdr
897 return LUKS_write_phdr(hdr1, cd);
898 }