"Fossies" - the Fresh Open Source Software Archive

Member "cryptsetup-2.4.3/lib/luks2/luks2_luks1_convert.c" (13 Jan 2022, 26809 Bytes) of package /linux/misc/cryptsetup-2.4.3.tar.xz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "luks2_luks1_convert.c" see the Fossies "Dox" file reference documentation and the last Fossies "Diffs" side-by-side code changes report: 2.3.6_vs_2.4.0.

    1 /*
    2  * LUKS - Linux Unified Key Setup v2, LUKS1 conversion code
    3  *
    4  * Copyright (C) 2015-2021 Red Hat, Inc. All rights reserved.
    5  * Copyright (C) 2015-2021 Ondrej Kozina
    6  * Copyright (C) 2015-2021 Milan Broz
    7  *
    8  * This program is free software; you can redistribute it and/or
    9  * modify it under the terms of the GNU General Public License
   10  * as published by the Free Software Foundation; either version 2
   11  * of the License, or (at your option) any later version.
   12  *
   13  * This program is distributed in the hope that it will be useful,
   14  * but WITHOUT ANY WARRANTY; without even the implied warranty of
   15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   16  * GNU General Public License for more details.
   17  *
   18  * You should have received a copy of the GNU General Public License
   19  * along with this program; if not, write to the Free Software
   20  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
   21  */
   22 
   23 #include "luks2_internal.h"
   24 #include "../luks1/luks.h"
   25 #include "../luks1/af.h"
   26 
   27 int LUKS2_check_cipher(struct crypt_device *cd,
   28               size_t keylength,
   29               const char *cipher,
   30               const char *cipher_mode)
   31 {
   32     return LUKS_check_cipher(cd, keylength, cipher, cipher_mode);
   33 }
   34 
   35 static int json_luks1_keyslot(const struct luks_phdr *hdr_v1, int keyslot, struct json_object **keyslot_object)
   36 {
   37     char *base64_str, cipher[LUKS_CIPHERNAME_L+LUKS_CIPHERMODE_L];
   38     size_t base64_len;
   39     struct json_object *keyslot_obj, *field, *jobj_kdf, *jobj_af, *jobj_area;
   40     uint64_t offset, area_size, offs_a, offs_b, length;
   41 
   42     keyslot_obj = json_object_new_object();
   43     json_object_object_add(keyslot_obj, "type", json_object_new_string("luks2"));
   44     json_object_object_add(keyslot_obj, "key_size", json_object_new_int64(hdr_v1->keyBytes));
   45 
   46     /* KDF */
   47     jobj_kdf = json_object_new_object();
   48     json_object_object_add(jobj_kdf, "type", json_object_new_string(CRYPT_KDF_PBKDF2));
   49     json_object_object_add(jobj_kdf, "hash", json_object_new_string(hdr_v1->hashSpec));
   50     json_object_object_add(jobj_kdf, "iterations", json_object_new_int64(hdr_v1->keyblock[keyslot].passwordIterations));
   51     /* salt field */
   52     base64_len = base64_encode_alloc(hdr_v1->keyblock[keyslot].passwordSalt, LUKS_SALTSIZE, &base64_str);
   53     if (!base64_str) {
   54         json_object_put(keyslot_obj);
   55         json_object_put(jobj_kdf);
   56         if (!base64_len)
   57             return -EINVAL;
   58         return -ENOMEM;
   59     }
   60     field = json_object_new_string_len(base64_str, base64_len);
   61     free(base64_str);
   62     json_object_object_add(jobj_kdf, "salt", field);
   63     json_object_object_add(keyslot_obj, "kdf", jobj_kdf);
   64 
   65     /* AF */
   66     jobj_af = json_object_new_object();
   67     json_object_object_add(jobj_af, "type", json_object_new_string("luks1"));
   68     json_object_object_add(jobj_af, "hash", json_object_new_string(hdr_v1->hashSpec));
   69     /* stripes field ignored, fixed to LUKS_STRIPES (4000) */
   70     json_object_object_add(jobj_af, "stripes", json_object_new_int(4000));
   71     json_object_object_add(keyslot_obj, "af", jobj_af);
   72 
   73     /* Area */
   74     jobj_area = json_object_new_object();
   75     json_object_object_add(jobj_area, "type", json_object_new_string("raw"));
   76 
   77     /* encryption algorithm field */
   78     if (*hdr_v1->cipherMode != '\0') {
   79         (void) snprintf(cipher, sizeof(cipher), "%s-%s", hdr_v1->cipherName, hdr_v1->cipherMode);
   80         json_object_object_add(jobj_area, "encryption", json_object_new_string(cipher));
   81     } else
   82         json_object_object_add(jobj_area, "encryption", json_object_new_string(hdr_v1->cipherName));
   83 
   84     /* area */
   85     if (LUKS_keyslot_area(hdr_v1, 0, &offs_a, &length) ||
   86         LUKS_keyslot_area(hdr_v1, 1, &offs_b, &length) ||
   87         LUKS_keyslot_area(hdr_v1, keyslot, &offset, &length)) {
   88         json_object_put(keyslot_obj);
   89         json_object_put(jobj_area);
   90         return -EINVAL;
   91     }
   92     area_size = offs_b - offs_a;
   93     json_object_object_add(jobj_area, "key_size", json_object_new_int(hdr_v1->keyBytes));
   94     json_object_object_add(jobj_area, "offset", crypt_jobj_new_uint64(offset));
   95     json_object_object_add(jobj_area, "size", crypt_jobj_new_uint64(area_size));
   96     json_object_object_add(keyslot_obj, "area", jobj_area);
   97 
   98     *keyslot_object = keyslot_obj;
   99     return 0;
  100 }
  101 
  102 static int json_luks1_keyslots(const struct luks_phdr *hdr_v1, struct json_object **keyslots_object)
  103 {
  104     int keyslot, r;
  105     struct json_object *keyslot_obj, *field;
  106 
  107     keyslot_obj = json_object_new_object();
  108     if (!keyslot_obj)
  109         return -ENOMEM;
  110 
  111     for (keyslot = 0; keyslot < LUKS_NUMKEYS; keyslot++) {
  112         if (hdr_v1->keyblock[keyslot].active != LUKS_KEY_ENABLED)
  113             continue;
  114         r = json_luks1_keyslot(hdr_v1, keyslot, &field);
  115         if (r) {
  116             json_object_put(keyslot_obj);
  117             return r;
  118         }
  119         json_object_object_add_by_uint(keyslot_obj, keyslot, field);
  120     }
  121 
  122     *keyslots_object = keyslot_obj;
  123     return 0;
  124 }
  125 
  126 static int json_luks1_segment(const struct luks_phdr *hdr_v1, struct json_object **segment_object)
  127 {
  128     const char *c;
  129     char cipher[LUKS_CIPHERNAME_L+LUKS_CIPHERMODE_L];
  130     struct json_object *segment_obj, *field;
  131     uint64_t number;
  132 
  133     segment_obj = json_object_new_object();
  134     if (!segment_obj)
  135         return -ENOMEM;
  136 
  137     /* type field */
  138     field = json_object_new_string("crypt");
  139     if (!field) {
  140         json_object_put(segment_obj);
  141         return -ENOMEM;
  142     }
  143     json_object_object_add(segment_obj, "type", field);
  144 
  145     /* offset field */
  146     number = (uint64_t)hdr_v1->payloadOffset * SECTOR_SIZE;
  147 
  148     field = crypt_jobj_new_uint64(number);
  149     if (!field) {
  150         json_object_put(segment_obj);
  151         return -ENOMEM;
  152     }
  153     json_object_object_add(segment_obj, "offset", field);
  154 
  155     /* iv_tweak field */
  156     field = json_object_new_string("0");
  157     if (!field) {
  158         json_object_put(segment_obj);
  159         return -ENOMEM;
  160     }
  161     json_object_object_add(segment_obj, "iv_tweak", field);
  162 
  163     /* length field */
  164     field = json_object_new_string("dynamic");
  165     if (!field) {
  166         json_object_put(segment_obj);
  167         return -ENOMEM;
  168     }
  169     json_object_object_add(segment_obj, "size", field);
  170 
  171     /* cipher field */
  172     if (*hdr_v1->cipherMode != '\0') {
  173         (void) snprintf(cipher, sizeof(cipher), "%s-%s", hdr_v1->cipherName, hdr_v1->cipherMode);
  174         c = cipher;
  175     } else
  176         c = hdr_v1->cipherName;
  177 
  178     field = json_object_new_string(c);
  179     if (!field) {
  180         json_object_put(segment_obj);
  181         return -ENOMEM;
  182     }
  183     json_object_object_add(segment_obj, "encryption", field);
  184 
  185     /* block field */
  186     field = json_object_new_int(SECTOR_SIZE);
  187     if (!field) {
  188         json_object_put(segment_obj);
  189         return -ENOMEM;
  190     }
  191     json_object_object_add(segment_obj, "sector_size", field);
  192 
  193     *segment_object = segment_obj;
  194     return 0;
  195 }
  196 
  197 static int json_luks1_segments(const struct luks_phdr *hdr_v1, struct json_object **segments_object)
  198 {
  199     int r;
  200     struct json_object *segments_obj, *field;
  201 
  202     segments_obj = json_object_new_object();
  203     if (!segments_obj)
  204         return -ENOMEM;
  205 
  206     r = json_luks1_segment(hdr_v1, &field);
  207     if (r) {
  208         json_object_put(segments_obj);
  209         return r;
  210     }
  211     json_object_object_add_by_uint(segments_obj, 0, field);
  212 
  213     *segments_object = segments_obj;
  214     return 0;
  215 }
  216 
  217 static int json_luks1_digest(const struct luks_phdr *hdr_v1, struct json_object **digest_object)
  218 {
  219     char keyslot_str[2], *base64_str;
  220     int ks;
  221     size_t base64_len;
  222     struct json_object *digest_obj, *array, *field;
  223 
  224     digest_obj = json_object_new_object();
  225     if (!digest_obj)
  226         return -ENOMEM;
  227 
  228     /* type field */
  229     field = json_object_new_string("pbkdf2");
  230     if (!field) {
  231         json_object_put(digest_obj);
  232         return -ENOMEM;
  233     }
  234     json_object_object_add(digest_obj, "type", field);
  235 
  236     /* keyslots array */
  237     array = json_object_new_array();
  238     if (!array) {
  239         json_object_put(digest_obj);
  240         return -ENOMEM;
  241     }
  242     json_object_object_add(digest_obj, "keyslots", json_object_get(array));
  243 
  244     for (ks = 0; ks < LUKS_NUMKEYS; ks++) {
  245         if (hdr_v1->keyblock[ks].active != LUKS_KEY_ENABLED)
  246             continue;
  247         (void) snprintf(keyslot_str, sizeof(keyslot_str), "%d", ks);
  248 
  249         field = json_object_new_string(keyslot_str);
  250         if (!field || json_object_array_add(array, field) < 0) {
  251             json_object_put(field);
  252             json_object_put(array);
  253             json_object_put(digest_obj);
  254             return -ENOMEM;
  255         }
  256     }
  257 
  258     json_object_put(array);
  259 
  260     /* segments array */
  261     array = json_object_new_array();
  262     if (!array) {
  263         json_object_put(digest_obj);
  264         return -ENOMEM;
  265     }
  266     json_object_object_add(digest_obj, "segments", json_object_get(array));
  267 
  268     field = json_object_new_string("0");
  269     if (!field || json_object_array_add(array, field) < 0) {
  270         json_object_put(field);
  271         json_object_put(array);
  272         json_object_put(digest_obj);
  273         return -ENOMEM;
  274     }
  275 
  276     json_object_put(array);
  277 
  278     /* hash field */
  279     field = json_object_new_string(hdr_v1->hashSpec);
  280     if (!field) {
  281         json_object_put(digest_obj);
  282         return -ENOMEM;
  283     }
  284     json_object_object_add(digest_obj, "hash", field);
  285 
  286     /* salt field */
  287     base64_len = base64_encode_alloc(hdr_v1->mkDigestSalt, LUKS_SALTSIZE, &base64_str);
  288     if (!base64_str) {
  289         json_object_put(digest_obj);
  290         if (!base64_len)
  291             return -EINVAL;
  292         return -ENOMEM;
  293     }
  294 
  295     field = json_object_new_string_len(base64_str, base64_len);
  296     free(base64_str);
  297     if (!field) {
  298         json_object_put(digest_obj);
  299         return -ENOMEM;
  300     }
  301     json_object_object_add(digest_obj, "salt", field);
  302 
  303     /* digest field */
  304     base64_len = base64_encode_alloc(hdr_v1->mkDigest, LUKS_DIGESTSIZE, &base64_str);
  305     if (!base64_str) {
  306         json_object_put(digest_obj);
  307         if (!base64_len)
  308             return -EINVAL;
  309         return -ENOMEM;
  310     }
  311 
  312     field = json_object_new_string_len(base64_str, base64_len);
  313     free(base64_str);
  314     if (!field) {
  315         json_object_put(digest_obj);
  316         return -ENOMEM;
  317     }
  318     json_object_object_add(digest_obj, "digest", field);
  319 
  320     /* iterations field */
  321     field = json_object_new_int64(hdr_v1->mkDigestIterations);
  322     if (!field) {
  323         json_object_put(digest_obj);
  324         return -ENOMEM;
  325     }
  326     json_object_object_add(digest_obj, "iterations", field);
  327 
  328     *digest_object = digest_obj;
  329     return 0;
  330 }
  331 
  332 static int json_luks1_digests(const struct luks_phdr *hdr_v1, struct json_object **digests_object)
  333 {
  334     int r;
  335     struct json_object *digests_obj, *field;
  336 
  337     digests_obj = json_object_new_object();
  338     if (!digests_obj)
  339         return -ENOMEM;
  340 
  341     r = json_luks1_digest(hdr_v1, &field);
  342     if (r) {
  343         json_object_put(digests_obj);
  344         return r;
  345     }
  346     json_object_object_add(digests_obj, "0", field);
  347 
  348     *digests_object = digests_obj;
  349     return 0;
  350 }
  351 
  352 static int json_luks1_object(struct luks_phdr *hdr_v1, struct json_object **luks1_object, uint64_t keyslots_size)
  353 {
  354     int r;
  355     struct json_object *luks1_obj, *field;
  356     uint64_t json_size;
  357 
  358     luks1_obj = json_object_new_object();
  359     if (!luks1_obj)
  360         return -ENOMEM;
  361 
  362     /* keyslots field */
  363     r = json_luks1_keyslots(hdr_v1, &field);
  364     if (r) {
  365         json_object_put(luks1_obj);
  366         return r;
  367     }
  368     json_object_object_add(luks1_obj, "keyslots", field);
  369 
  370     /* tokens field */
  371     field = json_object_new_object();
  372     if (!field) {
  373         json_object_put(luks1_obj);
  374         return -ENOMEM;
  375     }
  376     json_object_object_add(luks1_obj, "tokens", field);
  377 
  378     /* segments field */
  379     r = json_luks1_segments(hdr_v1, &field);
  380     if (r) {
  381         json_object_put(luks1_obj);
  382         return r;
  383     }
  384     json_object_object_add(luks1_obj, "segments", field);
  385 
  386     /* digests field */
  387     r = json_luks1_digests(hdr_v1, &field);
  388     if (r) {
  389         json_object_put(luks1_obj);
  390         return r;
  391     }
  392     json_object_object_add(luks1_obj, "digests", field);
  393 
  394     /* config field */
  395     /* anything else? */
  396     field = json_object_new_object();
  397     if (!field) {
  398         json_object_put(luks1_obj);
  399         return -ENOMEM;
  400     }
  401     json_object_object_add(luks1_obj, "config", field);
  402 
  403     json_size = LUKS2_HDR_16K_LEN - LUKS2_HDR_BIN_LEN;
  404     json_object_object_add(field, "json_size", crypt_jobj_new_uint64(json_size));
  405     keyslots_size -= (keyslots_size % 4096);
  406     json_object_object_add(field, "keyslots_size", crypt_jobj_new_uint64(keyslots_size));
  407 
  408     *luks1_object = luks1_obj;
  409     return 0;
  410 }
  411 
  412 static void move_keyslot_offset(json_object *jobj, int offset_add)
  413 {
  414     json_object *jobj1, *jobj2, *jobj_area;
  415     uint64_t offset = 0;
  416 
  417     json_object_object_get_ex(jobj, "keyslots", &jobj1);
  418     json_object_object_foreach(jobj1, key, val) {
  419         UNUSED(key);
  420         json_object_object_get_ex(val, "area", &jobj_area);
  421         json_object_object_get_ex(jobj_area, "offset", &jobj2);
  422         offset = crypt_jobj_get_uint64(jobj2) + offset_add;
  423         json_object_object_add(jobj_area, "offset", crypt_jobj_new_uint64(offset));
  424     }
  425 }
  426 
  427 /* FIXME: return specific error code for partial write error (aka keyslots are gone) */
  428 static int move_keyslot_areas(struct crypt_device *cd, off_t offset_from,
  429                   off_t offset_to, size_t buf_size)
  430 {
  431     int devfd, r = -EIO;
  432     struct device *device = crypt_metadata_device(cd);
  433     void *buf = NULL;
  434 
  435     log_dbg(cd, "Moving keyslot areas of size %zu from %jd to %jd.",
  436         buf_size, (intmax_t)offset_from, (intmax_t)offset_to);
  437 
  438     if (posix_memalign(&buf, crypt_getpagesize(), buf_size))
  439         return -ENOMEM;
  440 
  441     devfd = device_open(cd, device, O_RDWR);
  442     if (devfd < 0) {
  443         free(buf);
  444         return -EIO;
  445     }
  446 
  447     /* This can safely fail (for block devices). It only allocates space if it is possible. */
  448     if (posix_fallocate(devfd, offset_to, buf_size))
  449         log_dbg(cd, "Preallocation (fallocate) of new keyslot area not available.");
  450 
  451     /* Try to read *new* area to check that area is there (trimmed backup). */
  452     if (read_lseek_blockwise(devfd, device_block_size(cd, device),
  453                  device_alignment(device), buf, buf_size,
  454                  offset_to)!= (ssize_t)buf_size)
  455         goto out;
  456 
  457     if (read_lseek_blockwise(devfd, device_block_size(cd, device),
  458                  device_alignment(device), buf, buf_size,
  459                  offset_from)!= (ssize_t)buf_size)
  460         goto out;
  461 
  462     if (write_lseek_blockwise(devfd, device_block_size(cd, device),
  463                   device_alignment(device), buf, buf_size,
  464                   offset_to) != (ssize_t)buf_size)
  465         goto out;
  466 
  467     r = 0;
  468 out:
  469     device_sync(cd, device);
  470     crypt_safe_memzero(buf, buf_size);
  471     free(buf);
  472 
  473     return r;
  474 }
  475 
  476 static int luks_header_in_use(struct crypt_device *cd)
  477 {
  478     int r;
  479 
  480     r = lookup_dm_dev_by_uuid(cd, crypt_get_uuid(cd), crypt_get_type(cd));
  481     if (r < 0)
  482         log_err(cd, _("Cannot check status of device with uuid: %s."), crypt_get_uuid(cd));
  483 
  484     return r;
  485 }
  486 
  487 /* Check if there is a luksmeta area (foreign metadata created by the luksmeta package) */
  488 static int luksmeta_header_present(struct crypt_device *cd, off_t luks1_size)
  489 {
  490     int devfd, r = 0;
  491     static const uint8_t LM_MAGIC[] = { 'L', 'U', 'K', 'S', 'M', 'E', 'T', 'A' };
  492     struct device *device = crypt_metadata_device(cd);
  493     void *buf = NULL;
  494 
  495     if (posix_memalign(&buf, crypt_getpagesize(), sizeof(LM_MAGIC)))
  496         return -ENOMEM;
  497 
  498     devfd = device_open(cd, device, O_RDONLY);
  499     if (devfd < 0) {
  500         free(buf);
  501         return -EIO;
  502     }
  503 
  504     /* Note: we must not detect failure as problem here, header can be trimmed. */
  505     if (read_lseek_blockwise(devfd, device_block_size(cd, device), device_alignment(device),
  506         buf, sizeof(LM_MAGIC), luks1_size) == (ssize_t)sizeof(LM_MAGIC) &&
  507         !memcmp(LM_MAGIC, buf, sizeof(LM_MAGIC))) {
  508             log_err(cd, _("Unable to convert header with LUKSMETA additional metadata."));
  509             r = -EBUSY;
  510     }
  511 
  512     free(buf);
  513     return r;
  514 }
  515 
  516 /* Convert LUKS1 -> LUKS2 */
  517 int LUKS2_luks1_to_luks2(struct crypt_device *cd, struct luks_phdr *hdr1, struct luks2_hdr *hdr2)
  518 {
  519     int r;
  520     json_object *jobj = NULL;
  521     size_t buf_size, buf_offset, luks1_size, luks1_shift = 2 * LUKS2_HDR_16K_LEN - LUKS_ALIGN_KEYSLOTS;
  522     uint64_t required_size, max_size = crypt_get_data_offset(cd) * SECTOR_SIZE;
  523 
  524     /* for detached headers max size == device size */
  525     if (!max_size && (r = device_size(crypt_metadata_device(cd), &max_size)))
  526         return r;
  527 
  528     luks1_size = LUKS_device_sectors(hdr1) << SECTOR_SHIFT;
  529     luks1_size = size_round_up(luks1_size, LUKS_ALIGN_KEYSLOTS);
  530     if (!luks1_size)
  531         return -EINVAL;
  532 
  533     if (LUKS_keyslots_offset(hdr1) != (LUKS_ALIGN_KEYSLOTS / SECTOR_SIZE)) {
  534         log_dbg(cd, "Unsupported keyslots material offset: %zu.", LUKS_keyslots_offset(hdr1));
  535         return -EINVAL;
  536     }
  537 
  538     if (luksmeta_header_present(cd, luks1_size))
  539         return -EINVAL;
  540 
  541     log_dbg(cd, "Max size: %" PRIu64 ", LUKS1 (full) header size %zu , required shift: %zu",
  542         max_size, luks1_size, luks1_shift);
  543 
  544     required_size = luks1_size + luks1_shift;
  545 
  546     if ((max_size < required_size) &&
  547         device_fallocate(crypt_metadata_device(cd), required_size)) {
  548         log_err(cd, _("Unable to move keyslot area. Not enough space."));
  549         return -EINVAL;
  550     }
  551 
  552     if (max_size < required_size)
  553         max_size = required_size;
  554 
  555     r = json_luks1_object(hdr1, &jobj, max_size - 2 * LUKS2_HDR_16K_LEN);
  556     if (r < 0)
  557         return r;
  558 
  559     move_keyslot_offset(jobj, luks1_shift);
  560 
  561     // fill hdr2
  562     memset(hdr2, 0, sizeof(*hdr2));
  563     hdr2->hdr_size = LUKS2_HDR_16K_LEN;
  564     hdr2->seqid = 1;
  565     hdr2->version = 2;
  566     strncpy(hdr2->checksum_alg, "sha256", LUKS2_CHECKSUM_ALG_L);
  567     crypt_random_get(cd, (char*)hdr2->salt1, sizeof(hdr2->salt1), CRYPT_RND_SALT);
  568     crypt_random_get(cd, (char*)hdr2->salt2, sizeof(hdr2->salt2), CRYPT_RND_SALT);
  569     strncpy(hdr2->uuid, crypt_get_uuid(cd), LUKS2_UUID_L-1); /* UUID should be max 36 chars */
  570     hdr2->jobj = jobj;
  571 
  572     /*
  573      * It duplicates check in LUKS2_hdr_write() but we don't want to move
  574      * keyslot areas in case it would fail later
  575      */
  576     if (max_size < LUKS2_hdr_and_areas_size(hdr2)) {
  577         r = -EINVAL;
  578         goto out;
  579     }
  580 
  581     /* check future LUKS2 metadata before moving keyslots area */
  582     if (LUKS2_hdr_validate(cd, hdr2->jobj, hdr2->hdr_size - LUKS2_HDR_BIN_LEN)) {
  583         r = -EINVAL;
  584         goto out;
  585     }
  586 
  587     if ((r = luks_header_in_use(cd))) {
  588         if (r > 0)
  589             r = -EBUSY;
  590         goto out;
  591     }
  592 
  593     // move keyslots 4k -> 32k offset
  594     buf_offset = 2 * LUKS2_HDR_16K_LEN;
  595     buf_size   = luks1_size - LUKS_ALIGN_KEYSLOTS;
  596 
  597     /* check future LUKS2 keyslots area is at least as large as LUKS1 keyslots area */
  598     if (buf_size > LUKS2_keyslots_size(hdr2)) {
  599         log_err(cd, _("Unable to move keyslot area. LUKS2 keyslots area too small."));
  600         r = -EINVAL;
  601         goto out;
  602     }
  603 
  604     if ((r = move_keyslot_areas(cd, 8 * SECTOR_SIZE, buf_offset, buf_size)) < 0) {
  605         log_err(cd, _("Unable to move keyslot area."));
  606         goto out;
  607     }
  608 
  609     // Write JSON hdr2
  610     r = LUKS2_hdr_write(cd, hdr2);
  611 out:
  612     LUKS2_hdr_free(cd, hdr2);
  613 
  614     return r;
  615 }
  616 
  617 static int keyslot_LUKS1_compatible(struct crypt_device *cd, struct luks2_hdr *hdr,
  618                     int keyslot, uint32_t key_size, const char *hash)
  619 {
  620     json_object *jobj_keyslot, *jobj, *jobj_kdf, *jobj_af;
  621     uint64_t l2_offset, l2_length;
  622     size_t ks_key_size;
  623     const char *ks_cipher, *data_cipher;
  624 
  625     jobj_keyslot = LUKS2_get_keyslot_jobj(hdr, keyslot);
  626     if (!jobj_keyslot)
  627         return 1;
  628 
  629     if (!json_object_object_get_ex(jobj_keyslot, "type", &jobj) ||
  630         strcmp(json_object_get_string(jobj), "luks2"))
  631         return 0;
  632 
  633     /* Using PBKDF2, this implies memory and parallel is not used. */
  634     jobj = NULL;
  635     if (!json_object_object_get_ex(jobj_keyslot, "kdf", &jobj_kdf) ||
  636         !json_object_object_get_ex(jobj_kdf, "type", &jobj) ||
  637         strcmp(json_object_get_string(jobj), CRYPT_KDF_PBKDF2) ||
  638         !json_object_object_get_ex(jobj_kdf, "hash", &jobj) ||
  639         strcmp(json_object_get_string(jobj), hash))
  640         return 0;
  641 
  642     jobj = NULL;
  643     if (!json_object_object_get_ex(jobj_keyslot, "af", &jobj_af) ||
  644         !json_object_object_get_ex(jobj_af, "stripes", &jobj) ||
  645         json_object_get_int(jobj) != LUKS_STRIPES)
  646         return 0;
  647 
  648     jobj = NULL;
  649     if (!json_object_object_get_ex(jobj_af, "hash", &jobj) ||
  650         (crypt_hash_size(json_object_get_string(jobj)) < 0) ||
  651         strcmp(json_object_get_string(jobj), hash))
  652         return 0;
  653 
  654     /* FIXME: should this go to validation code instead (aka invalid luks2 header if assigned to segment 0)? */
  655     /* FIXME: check all keyslots are assigned to segment id 0, and segments count == 1 */
  656     ks_cipher = LUKS2_get_keyslot_cipher(hdr, keyslot, &ks_key_size);
  657     data_cipher = LUKS2_get_cipher(hdr, CRYPT_DEFAULT_SEGMENT);
  658     if (!ks_cipher || !data_cipher || key_size != ks_key_size || strcmp(ks_cipher, data_cipher)) {
  659         log_dbg(cd, "Cipher in keyslot %d is different from volume key encryption.", keyslot);
  660         return 0;
  661     }
  662 
  663     if (LUKS2_keyslot_area(hdr, keyslot, &l2_offset, &l2_length))
  664         return 0;
  665 
  666     if (l2_length != (size_round_up(AF_split_sectors(key_size, LUKS_STRIPES) * SECTOR_SIZE, 4096))) {
  667         log_dbg(cd, "Area length in LUKS2 keyslot (%d) is not compatible with LUKS1", keyslot);
  668         return 0;
  669     }
  670 
  671     return 1;
  672 }
  673 
  674 /* Convert LUKS2 -> LUKS1 */
  675 int LUKS2_luks2_to_luks1(struct crypt_device *cd, struct luks2_hdr *hdr2, struct luks_phdr *hdr1)
  676 {
  677     size_t buf_size, buf_offset;
  678     char cipher[LUKS_CIPHERNAME_L], cipher_mode[LUKS_CIPHERMODE_L];
  679     char digest[LUKS_DIGESTSIZE], digest_salt[LUKS_SALTSIZE];
  680     const char *hash;
  681     size_t len;
  682     json_object *jobj_keyslot, *jobj_digest, *jobj_segment, *jobj_kdf, *jobj_area, *jobj1, *jobj2;
  683     uint32_t key_size;
  684     int i, r, last_active = 0;
  685     uint64_t offset, area_length;
  686     char buf[256], luksMagic[] = LUKS_MAGIC;
  687 
  688     jobj_digest  = LUKS2_get_digest_jobj(hdr2, 0);
  689     if (!jobj_digest)
  690         return -EINVAL;
  691 
  692     jobj_segment = LUKS2_get_segment_jobj(hdr2, CRYPT_DEFAULT_SEGMENT);
  693     if (!jobj_segment)
  694         return -EINVAL;
  695 
  696     if (json_segment_get_sector_size(jobj_segment) != SECTOR_SIZE) {
  697         log_err(cd, _("Cannot convert to LUKS1 format - default segment encryption sector size is not 512 bytes."));
  698         return -EINVAL;
  699     }
  700 
  701     json_object_object_get_ex(hdr2->jobj, "digests", &jobj1);
  702     if (!json_object_object_get_ex(jobj_digest, "type", &jobj2) ||
  703         strcmp(json_object_get_string(jobj2), "pbkdf2") ||
  704         json_object_object_length(jobj1) != 1) {
  705         log_err(cd, _("Cannot convert to LUKS1 format - key slot digests are not LUKS1 compatible."));
  706         return -EINVAL;
  707     }
  708     if (!json_object_object_get_ex(jobj_digest, "hash", &jobj2))
  709         return -EINVAL;
  710     hash = json_object_get_string(jobj2);
  711 
  712     r = crypt_parse_name_and_mode(LUKS2_get_cipher(hdr2, CRYPT_DEFAULT_SEGMENT), cipher, NULL, cipher_mode);
  713     if (r < 0)
  714         return r;
  715 
  716     if (crypt_cipher_wrapped_key(cipher, cipher_mode)) {
  717         log_err(cd, _("Cannot convert to LUKS1 format - device uses wrapped key cipher %s."), cipher);
  718         return -EINVAL;
  719     }
  720 
  721     r = LUKS2_tokens_count(hdr2);
  722     if (r < 0)
  723         return r;
  724     if (r > 0) {
  725         log_err(cd, _("Cannot convert to LUKS1 format - LUKS2 header contains %u token(s)."), r);
  726         return -EINVAL;
  727     }
  728 
  729     r = LUKS2_get_volume_key_size(hdr2, 0);
  730     if (r < 0)
  731         return -EINVAL;
  732     key_size = r;
  733 
  734     for (i = 0; i < LUKS2_KEYSLOTS_MAX; i++) {
  735         if (LUKS2_keyslot_info(hdr2, i) == CRYPT_SLOT_INACTIVE)
  736             continue;
  737 
  738         if (LUKS2_keyslot_info(hdr2, i) == CRYPT_SLOT_INVALID) {
  739             log_err(cd, _("Cannot convert to LUKS1 format - keyslot %u is in invalid state."), i);
  740             return -EINVAL;
  741         }
  742 
  743         if (i >= LUKS_NUMKEYS) {
  744             log_err(cd, _("Cannot convert to LUKS1 format - slot %u (over maximum slots) is still active."), i);
  745             return -EINVAL;
  746         }
  747 
  748         if (!keyslot_LUKS1_compatible(cd, hdr2, i, key_size, hash)) {
  749             log_err(cd, _("Cannot convert to LUKS1 format - keyslot %u is not LUKS1 compatible."), i);
  750             return -EINVAL;
  751         }
  752     }
  753 
  754     memset(hdr1, 0, sizeof(*hdr1));
  755 
  756     for (i = 0; i < LUKS_NUMKEYS; i++) {
  757         hdr1->keyblock[i].active = LUKS_KEY_DISABLED;
  758         hdr1->keyblock[i].stripes = LUKS_STRIPES;
  759 
  760         jobj_keyslot = LUKS2_get_keyslot_jobj(hdr2, i);
  761 
  762         if (jobj_keyslot) {
  763             if (!json_object_object_get_ex(jobj_keyslot, "area", &jobj_area))
  764                 return -EINVAL;
  765             if (!json_object_object_get_ex(jobj_area, "offset", &jobj1))
  766                 return -EINVAL;
  767             offset = crypt_jobj_get_uint64(jobj1);
  768         } else {
  769             if (LUKS2_find_area_gap(cd, hdr2, key_size, &offset, &area_length))
  770                 return -EINVAL;
  771             /*
  772              * We have to create placeholder luks2 keyslots in place of all
  773              * inactive keyslots. Otherwise we would allocate all
  774              * inactive luks1 keyslots over same binary keyslot area.
  775              */
  776             if (placeholder_keyslot_alloc(cd, i, offset, area_length, key_size))
  777                 return -EINVAL;
  778         }
  779 
  780         offset /= SECTOR_SIZE;
  781         if (offset > UINT32_MAX)
  782             return -EINVAL;
  783 
  784         hdr1->keyblock[i].keyMaterialOffset = offset;
  785         hdr1->keyblock[i].keyMaterialOffset -=
  786                 ((2 * LUKS2_HDR_16K_LEN - LUKS_ALIGN_KEYSLOTS) / SECTOR_SIZE);
  787 
  788         if (!jobj_keyslot)
  789             continue;
  790 
  791         hdr1->keyblock[i].active = LUKS_KEY_ENABLED;
  792         last_active = i;
  793 
  794         if (!json_object_object_get_ex(jobj_keyslot, "kdf", &jobj_kdf))
  795             continue;
  796 
  797         if (!json_object_object_get_ex(jobj_kdf, "iterations", &jobj1))
  798             continue;
  799         hdr1->keyblock[i].passwordIterations = crypt_jobj_get_uint32(jobj1);
  800 
  801         if (!json_object_object_get_ex(jobj_kdf, "salt", &jobj1))
  802             continue;
  803         len = sizeof(buf);
  804         memset(buf, 0, len);
  805         if (!base64_decode(json_object_get_string(jobj1),
  806                    json_object_get_string_len(jobj1), buf, &len))
  807             continue;
  808         if (len > 0 && len != LUKS_SALTSIZE)
  809             continue;
  810         memcpy(hdr1->keyblock[i].passwordSalt, buf, LUKS_SALTSIZE);
  811     }
  812 
  813     if (!jobj_keyslot) {
  814         jobj_keyslot = LUKS2_get_keyslot_jobj(hdr2, last_active);
  815         if (!jobj_keyslot)
  816             return -EINVAL;
  817     }
  818 
  819     if (!json_object_object_get_ex(jobj_keyslot, "area", &jobj_area))
  820         return -EINVAL;
  821     if (!json_object_object_get_ex(jobj_area, "encryption", &jobj1))
  822         return -EINVAL;
  823     r = crypt_parse_name_and_mode(json_object_get_string(jobj1), cipher, NULL, cipher_mode);
  824     if (r < 0)
  825         return r;
  826 
  827     strncpy(hdr1->cipherName, cipher, LUKS_CIPHERNAME_L - 1);
  828     hdr1->cipherName[LUKS_CIPHERNAME_L-1] = '\0';
  829     strncpy(hdr1->cipherMode, cipher_mode, LUKS_CIPHERMODE_L - 1);
  830     hdr1->cipherMode[LUKS_CIPHERMODE_L-1] = '\0';
  831 
  832     if (!json_object_object_get_ex(jobj_keyslot, "kdf", &jobj_kdf))
  833         return -EINVAL;
  834     if (!json_object_object_get_ex(jobj_kdf, "hash", &jobj1))
  835         return -EINVAL;
  836     strncpy(hdr1->hashSpec, json_object_get_string(jobj1), sizeof(hdr1->hashSpec) - 1);
  837 
  838     hdr1->keyBytes = key_size;
  839 
  840     if (!json_object_object_get_ex(jobj_digest, "iterations", &jobj1))
  841         return -EINVAL;
  842     hdr1->mkDigestIterations = crypt_jobj_get_uint32(jobj1);
  843 
  844     if (!json_object_object_get_ex(jobj_digest, "digest", &jobj1))
  845         return -EINVAL;
  846     len = sizeof(digest);
  847     if (!base64_decode(json_object_get_string(jobj1),
  848                json_object_get_string_len(jobj1), digest, &len))
  849         return -EINVAL;
  850     /* We can store full digest here, not only sha1 length */
  851     if (len < LUKS_DIGESTSIZE)
  852         return -EINVAL;
  853     memcpy(hdr1->mkDigest, digest, LUKS_DIGESTSIZE);
  854 
  855     if (!json_object_object_get_ex(jobj_digest, "salt", &jobj1))
  856         return -EINVAL;
  857     len = sizeof(digest_salt);
  858     if (!base64_decode(json_object_get_string(jobj1),
  859                json_object_get_string_len(jobj1), digest_salt, &len))
  860         return -EINVAL;
  861     if (len != LUKS_SALTSIZE)
  862         return -EINVAL;
  863     memcpy(hdr1->mkDigestSalt, digest_salt, LUKS_SALTSIZE);
  864 
  865     if (!json_object_object_get_ex(jobj_segment, "offset", &jobj1))
  866         return -EINVAL;
  867     offset = crypt_jobj_get_uint64(jobj1) / SECTOR_SIZE;
  868     if (offset > UINT32_MAX)
  869         return -EINVAL;
  870     /* FIXME: LUKS1 requires offset == 0 || offset >= luks1_hdr_size */
  871     hdr1->payloadOffset = offset;
  872 
  873     strncpy(hdr1->uuid, hdr2->uuid, UUID_STRING_L); /* max 36 chars */
  874     hdr1->uuid[UUID_STRING_L-1] = '\0';
  875 
  876     memcpy(hdr1->magic, luksMagic, LUKS_MAGIC_L);
  877 
  878     hdr1->version = 1;
  879 
  880     r = luks_header_in_use(cd);
  881     if (r)
  882         return r > 0 ? -EBUSY : r;
  883 
  884     // move keyslots 32k -> 4k offset
  885     buf_offset = 2 * LUKS2_HDR_16K_LEN;
  886     buf_size   = LUKS2_keyslots_size(hdr2);
  887     r = move_keyslot_areas(cd, buf_offset, 8 * SECTOR_SIZE, buf_size);
  888     if (r < 0) {
  889         log_err(cd, _("Unable to move keyslot area."));
  890         return r;
  891     }
  892 
  893     crypt_wipe_device(cd, crypt_metadata_device(cd), CRYPT_WIPE_ZERO, 0,
  894               8 * SECTOR_SIZE, 8 * SECTOR_SIZE, NULL, NULL);
  895 
  896     // Write LUKS1 hdr
  897     return LUKS_write_phdr(hdr1, cd);
  898 }