"Fossies" - the Fresh Open Source Software Archive

Member "cryptsetup-2.4.3/lib/setup.c" (13 Jan 2022, 162953 Bytes) of package /linux/misc/cryptsetup-2.4.3.tar.xz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "setup.c" see the Fossies "Dox" file reference documentation and the latest Fossies "Diffs" side-by-side code changes report: 2.4.2_vs_2.4.3.

    1 /*
    2  * libcryptsetup - cryptsetup library
    3  *
    4  * Copyright (C) 2004 Jana Saout <jana@saout.de>
    5  * Copyright (C) 2004-2007 Clemens Fruhwirth <clemens@endorphin.org>
    6  * Copyright (C) 2009-2021 Red Hat, Inc. All rights reserved.
    7  * Copyright (C) 2009-2021 Milan Broz
    8  *
    9  * This program is free software; you can redistribute it and/or
   10  * modify it under the terms of the GNU General Public License
   11  * as published by the Free Software Foundation; either version 2
   12  * of the License, or (at your option) any later version.
   13  *
   14  * This program is distributed in the hope that it will be useful,
   15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
   16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   17  * GNU General Public License for more details.
   18  *
   19  * You should have received a copy of the GNU General Public License
   20  * along with this program; if not, write to the Free Software
   21  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
   22  */
   23 
   24 #include <string.h>
   25 #include <stdio.h>
   26 #include <stdlib.h>
   27 #include <stdarg.h>
   28 #include <sys/utsname.h>
   29 #include <errno.h>
   30 
   31 #include "libcryptsetup.h"
   32 #include "luks1/luks.h"
   33 #include "luks2/luks2.h"
   34 #include "loopaes/loopaes.h"
   35 #include "verity/verity.h"
   36 #include "tcrypt/tcrypt.h"
   37 #include "integrity/integrity.h"
   38 #include "bitlk/bitlk.h"
   39 #include "utils_device_locking.h"
   40 #include "internal.h"
   41 
   42 #define CRYPT_CD_UNRESTRICTED   (1 << 0)
   43 #define CRYPT_CD_QUIET      (1 << 1)
   44 
   45 struct crypt_device {
   46     char *type;
   47 
   48     struct device *device;
   49     struct device *metadata_device;
   50 
   51     struct volume_key *volume_key;
   52     int rng_type;
   53     uint32_t compatibility;
   54     struct crypt_pbkdf_type pbkdf;
   55 
   56     /* global context scope settings */
   57     unsigned key_in_keyring:1;
   58 
   59     uint64_t data_offset;
   60     uint64_t metadata_size; /* Used in LUKS2 format */
   61     uint64_t keyslots_size; /* Used in LUKS2 format */
   62 
   63     /* Workaround for OOM during parallel activation (like in systemd) */
   64     bool memory_hard_pbkdf_lock_enabled;
   65     struct crypt_lock_handle *pbkdf_memory_hard_lock;
   66 
   67     union {
   68     struct { /* used in CRYPT_LUKS1 */
   69         struct luks_phdr hdr;
   70         char *cipher_spec;
   71     } luks1;
   72     struct { /* used in CRYPT_LUKS2 */
   73         struct luks2_hdr hdr;
   74         char cipher[MAX_CIPHER_LEN];      /* only for compatibility */
   75         char cipher_mode[MAX_CIPHER_LEN]; /* only for compatibility */
   76         char *keyslot_cipher;
   77         unsigned int keyslot_key_size;
   78         struct luks2_reencrypt *rh;
   79     } luks2;
   80     struct { /* used in CRYPT_PLAIN */
   81         struct crypt_params_plain hdr;
   82         char *cipher_spec;
   83         char *cipher;
   84         const char *cipher_mode;
   85         unsigned int key_size;
   86     } plain;
   87     struct { /* used in CRYPT_LOOPAES */
   88         struct crypt_params_loopaes hdr;
   89         char *cipher_spec;
   90         char *cipher;
   91         const char *cipher_mode;
   92         unsigned int key_size;
   93     } loopaes;
   94     struct { /* used in CRYPT_VERITY */
   95         struct crypt_params_verity hdr;
   96         const char *root_hash;
   97         unsigned int root_hash_size;
   98         char *uuid;
   99         struct device *fec_device;
  100     } verity;
  101     struct { /* used in CRYPT_TCRYPT */
  102         struct crypt_params_tcrypt params;
  103         struct tcrypt_phdr hdr;
  104     } tcrypt;
  105     struct { /* used in CRYPT_INTEGRITY */
  106         struct crypt_params_integrity params;
  107         struct volume_key *journal_mac_key;
  108         struct volume_key *journal_crypt_key;
  109         uint32_t sb_flags;
  110     } integrity;
  111     struct { /* used in CRYPT_BITLK */
  112         struct bitlk_metadata params;
  113         char *cipher_spec;
  114     } bitlk;
  115     struct { /* used if initialized without header by name */
  116         char *active_name;
  117         /* buffers, must refresh from kernel on every query */
  118         char cipher_spec[MAX_CIPHER_LEN*2+1];
  119         char cipher[MAX_CIPHER_LEN];
  120         const char *cipher_mode;
  121         unsigned int key_size;
  122     } none;
  123     } u;
  124 
  125     /* callbacks definitions */
  126     void (*log)(int level, const char *msg, void *usrptr);
  127     void *log_usrptr;
  128     int (*confirm)(const char *msg, void *usrptr);
  129     void *confirm_usrptr;
  130 };
  131 
  132 /* Just to suppress redundant messages about crypto backend */
  133 static int _crypto_logged = 0;
  134 
  135 /* Log helper */
  136 static void (*_default_log)(int level, const char *msg, void *usrptr) = NULL;
  137 static void *_default_log_usrptr = NULL;
  138 static int _debug_level = 0;
  139 
  140 /* Library can do metadata locking  */
  141 static int _metadata_locking = 1;
  142 
  143 /* Library scope detection for kernel keyring support */
  144 static int _kernel_keyring_supported;
  145 
  146 /* Library allowed to use kernel keyring for loading VK in kernel crypto layer */
  147 static int _vk_via_keyring = 1;
  148 
  149 void crypt_set_debug_level(int level)
  150 {
  151     _debug_level = level;
  152 }
  153 
  154 int crypt_get_debug_level(void)
  155 {
  156     return _debug_level;
  157 }
  158 
  159 void crypt_log(struct crypt_device *cd, int level, const char *msg)
  160 {
  161     if (!msg)
  162         return;
  163 
  164     if (level < _debug_level)
  165         return;
  166 
  167     if (cd && cd->log)
  168         cd->log(level, msg, cd->log_usrptr);
  169     else if (_default_log)
  170         _default_log(level, msg, _default_log_usrptr);
  171     /* Default to stdout/stderr if there is no callback. */
  172     else
  173         fprintf(level == CRYPT_LOG_ERROR ? stderr : stdout, "%s", msg);
  174 }
  175 
  176 __attribute__((format(printf, 3, 4)))
  177 void crypt_logf(struct crypt_device *cd, int level, const char *format, ...)
  178 {
  179     va_list argp;
  180     char target[LOG_MAX_LEN + 2];
  181     int len;
  182 
  183     va_start(argp, format);
  184 
  185     len = vsnprintf(&target[0], LOG_MAX_LEN, format, argp);
  186     if (len > 0 && len < LOG_MAX_LEN) {
  187         /* All verbose and error messages in tools end with EOL. */
  188         if (level == CRYPT_LOG_VERBOSE || level == CRYPT_LOG_ERROR ||
  189             level == CRYPT_LOG_DEBUG || level == CRYPT_LOG_DEBUG_JSON)
  190             strncat(target, "\n", LOG_MAX_LEN);
  191 
  192         crypt_log(cd, level, target);
  193     }
  194 
  195     va_end(argp);
  196 }
  197 
  198 static const char *mdata_device_path(struct crypt_device *cd)
  199 {
  200     return device_path(cd->metadata_device ?: cd->device);
  201 }
  202 
  203 static const char *data_device_path(struct crypt_device *cd)
  204 {
  205     return device_path(cd->device);
  206 }
  207 
  208 /* internal only */
  209 struct device *crypt_metadata_device(struct crypt_device *cd)
  210 {
  211     return cd->metadata_device ?: cd->device;
  212 }
  213 
  214 struct device *crypt_data_device(struct crypt_device *cd)
  215 {
  216     return cd->device;
  217 }
  218 
  219 int init_crypto(struct crypt_device *ctx)
  220 {
  221     struct utsname uts;
  222     int r;
  223 
  224     r = crypt_random_init(ctx);
  225     if (r < 0) {
  226         log_err(ctx, _("Cannot initialize crypto RNG backend."));
  227         return r;
  228     }
  229 
  230     r = crypt_backend_init(crypt_fips_mode());
  231     if (r < 0)
  232         log_err(ctx, _("Cannot initialize crypto backend."));
  233 
  234     if (!r && !_crypto_logged) {
  235         log_dbg(ctx, "Crypto backend (%s) initialized in cryptsetup library version %s.",
  236             crypt_backend_version(), PACKAGE_VERSION);
  237         if (!uname(&uts))
  238             log_dbg(ctx, "Detected kernel %s %s %s.",
  239                 uts.sysname, uts.release, uts.machine);
  240         _crypto_logged = 1;
  241     }
  242 
  243     return r;
  244 }
  245 
  246 static int process_key(struct crypt_device *cd, const char *hash_name,
  247                size_t key_size, const char *pass, size_t passLen,
  248                struct volume_key **vk)
  249 {
  250     int r;
  251 
  252     if (!key_size)
  253         return -EINVAL;
  254 
  255     *vk = crypt_alloc_volume_key(key_size, NULL);
  256     if (!*vk)
  257         return -ENOMEM;
  258 
  259     if (hash_name) {
  260         r = crypt_plain_hash(cd, hash_name, (*vk)->key, key_size, pass, passLen);
  261         if (r < 0) {
  262             if (r == -ENOENT)
  263                 log_err(cd, _("Hash algorithm %s not supported."),
  264                     hash_name);
  265             else
  266                 log_err(cd, _("Key processing error (using hash %s)."),
  267                     hash_name);
  268             crypt_free_volume_key(*vk);
  269             *vk = NULL;
  270             return -EINVAL;
  271         }
  272     } else if (passLen > key_size) {
  273         memcpy((*vk)->key, pass, key_size);
  274     } else {
  275         memcpy((*vk)->key, pass, passLen);
  276     }
  277 
  278     return 0;
  279 }
  280 
  281 static int isPLAIN(const char *type)
  282 {
  283     return (type && !strcmp(CRYPT_PLAIN, type));
  284 }
  285 
  286 static int isLUKS1(const char *type)
  287 {
  288     return (type && !strcmp(CRYPT_LUKS1, type));
  289 }
  290 
  291 static int isLUKS2(const char *type)
  292 {
  293     return (type && !strcmp(CRYPT_LUKS2, type));
  294 }
  295 
  296 static int isLUKS(const char *type)
  297 {
  298     return (isLUKS2(type) || isLUKS1(type));
  299 }
  300 
  301 static int isLOOPAES(const char *type)
  302 {
  303     return (type && !strcmp(CRYPT_LOOPAES, type));
  304 }
  305 
  306 static int isVERITY(const char *type)
  307 {
  308     return (type && !strcmp(CRYPT_VERITY, type));
  309 }
  310 
  311 static int isTCRYPT(const char *type)
  312 {
  313     return (type && !strcmp(CRYPT_TCRYPT, type));
  314 }
  315 
  316 static int isINTEGRITY(const char *type)
  317 {
  318     return (type && !strcmp(CRYPT_INTEGRITY, type));
  319 }
  320 
  321 static int isBITLK(const char *type)
  322 {
  323     return (type && !strcmp(CRYPT_BITLK, type));
  324 }
  325 
  326 static int _onlyLUKS(struct crypt_device *cd, uint32_t cdflags)
  327 {
  328     int r = 0;
  329 
  330     if (cd && !cd->type) {
  331         if (!(cdflags & CRYPT_CD_QUIET))
  332             log_err(cd, _("Cannot determine device type. Incompatible activation of device?"));
  333         r = -EINVAL;
  334     }
  335 
  336     if (!cd || !isLUKS(cd->type)) {
  337         if (!(cdflags & CRYPT_CD_QUIET))
  338             log_err(cd, _("This operation is supported only for LUKS device."));
  339         r = -EINVAL;
  340     }
  341 
  342     if (r || (cdflags & CRYPT_CD_UNRESTRICTED) || isLUKS1(cd->type))
  343         return r;
  344 
  345     return LUKS2_unmet_requirements(cd, &cd->u.luks2.hdr, 0, cdflags & CRYPT_CD_QUIET);
  346 }
  347 
  348 static int onlyLUKS(struct crypt_device *cd)
  349 {
  350     return _onlyLUKS(cd, 0);
  351 }
  352 
  353 static int _onlyLUKS2(struct crypt_device *cd, uint32_t cdflags, uint32_t mask)
  354 {
  355     int r = 0;
  356 
  357     if (cd && !cd->type) {
  358         if (!(cdflags & CRYPT_CD_QUIET))
  359             log_err(cd, _("Cannot determine device type. Incompatible activation of device?"));
  360         r = -EINVAL;
  361     }
  362 
  363     if (!cd || !isLUKS2(cd->type)) {
  364         if (!(cdflags & CRYPT_CD_QUIET))
  365             log_err(cd, _("This operation is supported only for LUKS2 device."));
  366         r = -EINVAL;
  367     }
  368 
  369     if (r || (cdflags & CRYPT_CD_UNRESTRICTED))
  370         return r;
  371 
  372     return LUKS2_unmet_requirements(cd, &cd->u.luks2.hdr, mask, cdflags & CRYPT_CD_QUIET);
  373 }
  374 
  375 /* Internal only */
  376 int onlyLUKS2(struct crypt_device *cd)
  377 {
  378     return _onlyLUKS2(cd, 0, 0);
  379 }
  380 
  381 /* Internal only */
  382 int onlyLUKS2mask(struct crypt_device *cd, uint32_t mask)
  383 {
  384     return _onlyLUKS2(cd, 0, mask);
  385 }
  386 
  387 static void crypt_set_null_type(struct crypt_device *cd)
  388 {
  389     if (!cd->type)
  390         return;
  391 
  392     free(cd->type);
  393     cd->type = NULL;
  394     cd->u.none.active_name = NULL;
  395     cd->data_offset = 0;
  396     cd->metadata_size = 0;
  397     cd->keyslots_size = 0;
  398 }
  399 
  400 static void crypt_reset_null_type(struct crypt_device *cd)
  401 {
  402     if (cd->type)
  403         return;
  404 
  405     free(cd->u.none.active_name);
  406     cd->u.none.active_name = NULL;
  407 }
  408 
  409 /* keyslot helpers */
  410 static int keyslot_verify_or_find_empty(struct crypt_device *cd, int *keyslot)
  411 {
  412     crypt_keyslot_info ki;
  413 
  414     if (*keyslot == CRYPT_ANY_SLOT) {
  415         if (isLUKS1(cd->type))
  416             *keyslot = LUKS_keyslot_find_empty(&cd->u.luks1.hdr);
  417         else
  418             *keyslot = LUKS2_keyslot_find_empty(cd, &cd->u.luks2.hdr, 0);
  419         if (*keyslot < 0) {
  420             log_err(cd, _("All key slots full."));
  421             return -EINVAL;
  422         }
  423     }
  424 
  425     if (isLUKS1(cd->type))
  426         ki = LUKS_keyslot_info(&cd->u.luks1.hdr, *keyslot);
  427     else
  428         ki = LUKS2_keyslot_info(&cd->u.luks2.hdr, *keyslot);
  429     switch (ki) {
  430         case CRYPT_SLOT_INVALID:
  431             log_err(cd, _("Key slot %d is invalid, please select between 0 and %d."),
  432                 *keyslot, crypt_keyslot_max(cd->type) - 1);
  433             return -EINVAL;
  434         case CRYPT_SLOT_INACTIVE:
  435             break;
  436         default:
  437             log_err(cd, _("Key slot %d is full, please select another one."),
  438                 *keyslot);
  439             return -EINVAL;
  440     }
  441 
  442     log_dbg(cd, "Selected keyslot %d.", *keyslot);
  443     return 0;
  444 }
  445 
  446 /*
  447  * compares UUIDs returned by device-mapper (striped by cryptsetup) and uuid in header
  448  */
  449 int crypt_uuid_cmp(const char *dm_uuid, const char *hdr_uuid)
  450 {
  451     int i, j;
  452     char *str;
  453 
  454     if (!dm_uuid || !hdr_uuid)
  455         return -EINVAL;
  456 
  457     str = strchr(dm_uuid, '-');
  458     if (!str)
  459         return -EINVAL;
  460 
  461     for (i = 0, j = 1; hdr_uuid[i]; i++) {
  462         if (hdr_uuid[i] == '-')
  463             continue;
  464 
  465         if (!str[j] || str[j] == '-')
  466             return -EINVAL;
  467 
  468         if (str[j] != hdr_uuid[i])
  469             return -EINVAL;
  470         j++;
  471     }
  472 
  473     return 0;
  474 }
  475 
  476 /*
  477  * compares type of active device to provided string (only if there is no explicit type)
  478  */
  479 static int crypt_uuid_type_cmp(struct crypt_device *cd, const char *type)
  480 {
  481     struct crypt_dm_active_device dmd;
  482     size_t len;
  483     int r;
  484 
  485     /* Must user header-on-disk if we know type here */
  486     if (cd->type || !cd->u.none.active_name)
  487         return -EINVAL;
  488 
  489     log_dbg(cd, "Checking if active device %s without header has UUID type %s.",
  490         cd->u.none.active_name, type);
  491 
  492     r = dm_query_device(cd, cd->u.none.active_name, DM_ACTIVE_UUID, &dmd);
  493     if (r < 0)
  494         return r;
  495 
  496     r = -ENODEV;
  497     len = strlen(type);
  498     if (dmd.uuid && strlen(dmd.uuid) > len &&
  499         !strncmp(dmd.uuid, type, len) && dmd.uuid[len] == '-')
  500         r = 0;
  501 
  502     free(CONST_CAST(void*)dmd.uuid);
  503     return r;
  504 }
  505 
  506 int PLAIN_activate(struct crypt_device *cd,
  507              const char *name,
  508              struct volume_key *vk,
  509              uint64_t size,
  510              uint32_t flags)
  511 {
  512     int r;
  513     struct crypt_dm_active_device dmd = {
  514         .flags = flags,
  515         .size = size,
  516     };
  517 
  518     log_dbg(cd, "Trying to activate PLAIN device %s using cipher %s.",
  519         name, crypt_get_cipher_spec(cd));
  520 
  521     if (MISALIGNED(size, device_block_size(cd, crypt_data_device(cd)) >> SECTOR_SHIFT)) {
  522         log_err(cd, _("Device size is not aligned to device logical block size."));
  523         return -EINVAL;
  524     }
  525 
  526     r = dm_crypt_target_set(&dmd.segment, 0, dmd.size, crypt_data_device(cd),
  527             vk, crypt_get_cipher_spec(cd), crypt_get_iv_offset(cd),
  528             crypt_get_data_offset(cd), crypt_get_integrity(cd),
  529             crypt_get_integrity_tag_size(cd), crypt_get_sector_size(cd));
  530     if (r < 0)
  531         return r;
  532 
  533     r = create_or_reload_device(cd, name, CRYPT_PLAIN, &dmd);
  534 
  535     dm_targets_free(cd, &dmd);
  536     return r;
  537 }
  538 
  539 int crypt_confirm(struct crypt_device *cd, const char *msg)
  540 {
  541     if (!cd || !cd->confirm)
  542         return 1;
  543     else
  544         return cd->confirm(msg, cd->confirm_usrptr);
  545 }
  546 
  547 void crypt_set_log_callback(struct crypt_device *cd,
  548     void (*log)(int level, const char *msg, void *usrptr),
  549     void *usrptr)
  550 {
  551     if (!cd) {
  552         _default_log = log;
  553         _default_log_usrptr = usrptr;
  554     } else {
  555         cd->log = log;
  556         cd->log_usrptr = usrptr;
  557     }
  558 }
  559 
  560 void crypt_set_confirm_callback(struct crypt_device *cd,
  561     int (*confirm)(const char *msg, void *usrptr),
  562     void *usrptr)
  563 {
  564     if (cd) {
  565         cd->confirm = confirm;
  566         cd->confirm_usrptr = usrptr;
  567     }
  568 }
  569 
  570 const char *crypt_get_dir(void)
  571 {
  572     return dm_get_dir();
  573 }
  574 
  575 int crypt_init(struct crypt_device **cd, const char *device)
  576 {
  577     struct crypt_device *h = NULL;
  578     int r;
  579 
  580     if (!cd)
  581         return -EINVAL;
  582 
  583     log_dbg(NULL, "Allocating context for crypt device %s.", device ?: "(none)");
  584 #if !HAVE_DECL_O_CLOEXEC
  585     log_dbg(NULL, "Running without O_CLOEXEC.");
  586 #endif
  587 
  588     if (!(h = malloc(sizeof(struct crypt_device))))
  589         return -ENOMEM;
  590 
  591     memset(h, 0, sizeof(*h));
  592 
  593     r = device_alloc(NULL, &h->device, device);
  594     if (r < 0) {
  595         free(h);
  596         return r;
  597     }
  598 
  599     dm_backend_init(NULL);
  600 
  601     h->rng_type = crypt_random_default_key_rng();
  602 
  603     *cd = h;
  604     return 0;
  605 }
  606 
  607 static int crypt_check_data_device_size(struct crypt_device *cd)
  608 {
  609     int r;
  610     uint64_t size, size_min;
  611 
  612     /* Check data device size, require at least header or one sector */
  613     size_min = crypt_get_data_offset(cd) << SECTOR_SHIFT ?: SECTOR_SIZE;
  614 
  615     r = device_size(cd->device, &size);
  616     if (r < 0)
  617         return r;
  618 
  619     if (size < size_min) {
  620         log_err(cd, _("Header detected but device %s is too small."),
  621             device_path(cd->device));
  622         return -EINVAL;
  623     }
  624 
  625     return r;
  626 }
  627 
  628 static int _crypt_set_data_device(struct crypt_device *cd, const char *device)
  629 {
  630     struct device *dev = NULL;
  631     int r;
  632 
  633     r = device_alloc(cd, &dev, device);
  634     if (r < 0)
  635         return r;
  636 
  637     if (!cd->metadata_device) {
  638         cd->metadata_device = cd->device;
  639     } else
  640         device_free(cd, cd->device);
  641 
  642     cd->device = dev;
  643 
  644     r = crypt_check_data_device_size(cd);
  645     if (!r && isLUKS2(cd->type))
  646         device_set_block_size(crypt_data_device(cd), LUKS2_get_sector_size(&cd->u.luks2.hdr));
  647 
  648     return r;
  649 }
  650 
  651 int crypt_set_data_device(struct crypt_device *cd, const char *device)
  652 {
  653     /* metadata device must be set */
  654     if (!cd || !cd->device || !device)
  655         return -EINVAL;
  656 
  657     log_dbg(cd, "Setting ciphertext data device to %s.", device ?: "(none)");
  658 
  659     if (!isLUKS1(cd->type) && !isLUKS2(cd->type) && !isVERITY(cd->type) &&
  660         !isINTEGRITY(cd->type) && !isTCRYPT(cd->type)) {
  661         log_err(cd, _("This operation is not supported for this device type."));
  662         return -EINVAL;
  663     }
  664 
  665     if (isLUKS2(cd->type) && crypt_get_luks2_reencrypt(cd)) {
  666         log_err(cd, _("Illegal operation with reencryption in-progress."));
  667         return -EINVAL;
  668     }
  669 
  670     return _crypt_set_data_device(cd, device);
  671 }
  672 
  673 int crypt_init_data_device(struct crypt_device **cd, const char *device, const char *data_device)
  674 {
  675     int r;
  676 
  677     if (!cd)
  678         return -EINVAL;
  679 
  680     r = crypt_init(cd, device);
  681     if (r || !data_device || !strcmp(device, data_device))
  682         return r;
  683 
  684     log_dbg(NULL, "Setting ciphertext data device to %s.", data_device);
  685     r = _crypt_set_data_device(*cd, data_device);
  686     if (r) {
  687         crypt_free(*cd);
  688         *cd = NULL;
  689     }
  690 
  691     return r;
  692 }
  693 
  694 
  695 /* internal only */
  696 struct crypt_pbkdf_type *crypt_get_pbkdf(struct crypt_device *cd)
  697 {
  698     return &cd->pbkdf;
  699 }
  700 
  701 /*
  702  * crypt_load() helpers
  703  */
  704 static int _crypt_load_luks2(struct crypt_device *cd, int reload, int repair)
  705 {
  706     int r;
  707     char *type = NULL;
  708     struct luks2_hdr hdr2 = {};
  709 
  710     log_dbg(cd, "%soading LUKS2 header (repair %sabled).", reload ? "Rel" : "L", repair ? "en" : "dis");
  711 
  712     r = LUKS2_hdr_read(cd, &hdr2, repair);
  713     if (r)
  714         return r;
  715 
  716     if (!reload && !(type = strdup(CRYPT_LUKS2))) {
  717         r = -ENOMEM;
  718         goto out;
  719     }
  720 
  721     if (verify_pbkdf_params(cd, &cd->pbkdf)) {
  722         r = init_pbkdf_type(cd, NULL, CRYPT_LUKS2);
  723         if (r)
  724             goto out;
  725     }
  726 
  727     if (reload) {
  728         LUKS2_hdr_free(cd, &cd->u.luks2.hdr);
  729         free(cd->u.luks2.keyslot_cipher);
  730     } else
  731         cd->type = type;
  732 
  733     r = 0;
  734     memcpy(&cd->u.luks2.hdr, &hdr2, sizeof(hdr2));
  735     cd->u.luks2.keyslot_cipher = NULL;
  736     cd->u.luks2.rh = NULL;
  737 
  738 out:
  739     if (r) {
  740         free(type);
  741         LUKS2_hdr_free(cd, &hdr2);
  742     }
  743     return r;
  744 }
  745 
  746 static void _luks2_reload(struct crypt_device *cd)
  747 {
  748     if (!cd || !isLUKS2(cd->type))
  749         return;
  750 
  751     (void) _crypt_load_luks2(cd, 1, 0);
  752 }
  753 
  754 static int _crypt_load_luks(struct crypt_device *cd, const char *requested_type,
  755                 int require_header, int repair)
  756 {
  757     char *cipher_spec;
  758     struct luks_phdr hdr = {};
  759     int r, version;
  760 
  761     r = init_crypto(cd);
  762     if (r < 0)
  763         return r;
  764 
  765     /* This will return 0 if primary LUKS2 header is damaged */
  766     version = LUKS2_hdr_version_unlocked(cd, NULL);
  767 
  768     if ((isLUKS1(requested_type) && version == 2) ||
  769         (isLUKS2(requested_type) && version == 1))
  770         return -EINVAL;
  771 
  772     if (requested_type)
  773         version = 0;
  774 
  775     if (isLUKS1(requested_type) || version == 1) {
  776         if (isLUKS2(cd->type)) {
  777             log_dbg(cd, "Context is already initialized to type %s", cd->type);
  778             return -EINVAL;
  779         }
  780 
  781         if (verify_pbkdf_params(cd, &cd->pbkdf)) {
  782             r = init_pbkdf_type(cd, NULL, CRYPT_LUKS1);
  783             if (r)
  784                 return r;
  785         }
  786 
  787         r = LUKS_read_phdr(&hdr, require_header, repair, cd);
  788         if (r)
  789             goto out;
  790 
  791         if (!cd->type && !(cd->type = strdup(CRYPT_LUKS1))) {
  792             r = -ENOMEM;
  793             goto out;
  794         }
  795 
  796         /* Set hash to the same as in the loaded header */
  797         if (!cd->pbkdf.hash || strcmp(cd->pbkdf.hash, hdr.hashSpec)) {
  798             free(CONST_CAST(void*)cd->pbkdf.hash);
  799             cd->pbkdf.hash = strdup(hdr.hashSpec);
  800             if (!cd->pbkdf.hash) {
  801                 r = -ENOMEM;
  802                 goto out;
  803             }
  804         }
  805 
  806         if (asprintf(&cipher_spec, "%s-%s", hdr.cipherName, hdr.cipherMode) < 0) {
  807             r = -ENOMEM;
  808             goto out;
  809         }
  810 
  811         free(cd->u.luks1.cipher_spec);
  812         cd->u.luks1.cipher_spec = cipher_spec;
  813 
  814         memcpy(&cd->u.luks1.hdr, &hdr, sizeof(hdr));
  815     } else if (isLUKS2(requested_type) || version == 2 || version == 0) {
  816         if (isLUKS1(cd->type)) {
  817             log_dbg(cd, "Context is already initialized to type %s", cd->type);
  818             return -EINVAL;
  819         }
  820 
  821         /*
  822          * Current LUKS2 repair just overrides blkid probes
  823          * and perform auto-recovery if possible. This is safe
  824          * unless future LUKS2 repair code do something more
  825          * sophisticated. In such case we would need to check
  826          * for LUKS2 requirements and decide if it's safe to
  827          * perform repair.
  828          */
  829         r =  _crypt_load_luks2(cd, cd->type != NULL, repair);
  830         if (!r)
  831             device_set_block_size(crypt_data_device(cd), LUKS2_get_sector_size(&cd->u.luks2.hdr));
  832     } else {
  833         if (version > 2)
  834             log_err(cd, _("Unsupported LUKS version %d."), version);
  835         r = -EINVAL;
  836     }
  837 out:
  838     crypt_safe_memzero(&hdr, sizeof(hdr));
  839 
  840     return r;
  841 }
  842 
  843 static int _crypt_load_tcrypt(struct crypt_device *cd, struct crypt_params_tcrypt *params)
  844 {
  845     int r;
  846 
  847     if (!params)
  848         return -EINVAL;
  849 
  850     r = init_crypto(cd);
  851     if (r < 0)
  852         return r;
  853 
  854     memcpy(&cd->u.tcrypt.params, params, sizeof(*params));
  855 
  856     r = TCRYPT_read_phdr(cd, &cd->u.tcrypt.hdr, &cd->u.tcrypt.params);
  857 
  858     cd->u.tcrypt.params.passphrase = NULL;
  859     cd->u.tcrypt.params.passphrase_size = 0;
  860     cd->u.tcrypt.params.keyfiles = NULL;
  861     cd->u.tcrypt.params.keyfiles_count = 0;
  862     cd->u.tcrypt.params.veracrypt_pim = 0;
  863 
  864     if (r < 0)
  865         return r;
  866 
  867     if (!cd->type && !(cd->type = strdup(CRYPT_TCRYPT)))
  868         return -ENOMEM;
  869 
  870     return r;
  871 }
  872 
  873 static int _crypt_load_verity(struct crypt_device *cd, struct crypt_params_verity *params)
  874 {
  875     int r;
  876     size_t sb_offset = 0;
  877 
  878     r = init_crypto(cd);
  879     if (r < 0)
  880         return r;
  881 
  882     if (params && params->flags & CRYPT_VERITY_NO_HEADER)
  883         return -EINVAL;
  884 
  885     if (params)
  886         sb_offset = params->hash_area_offset;
  887 
  888     r = VERITY_read_sb(cd, sb_offset, &cd->u.verity.uuid, &cd->u.verity.hdr);
  889     if (r < 0)
  890         return r;
  891 
  892     if (!cd->type && !(cd->type = strdup(CRYPT_VERITY))) {
  893         free(CONST_CAST(void*)cd->u.verity.hdr.hash_name);
  894         free(CONST_CAST(void*)cd->u.verity.hdr.salt);
  895         free(cd->u.verity.uuid);
  896         crypt_safe_memzero(&cd->u.verity.hdr, sizeof(cd->u.verity.hdr));
  897         return -ENOMEM;
  898     }
  899 
  900     if (params)
  901         cd->u.verity.hdr.flags = params->flags;
  902 
  903     /* Hash availability checked in sb load */
  904     cd->u.verity.root_hash_size = crypt_hash_size(cd->u.verity.hdr.hash_name);
  905     if (cd->u.verity.root_hash_size > 4096)
  906         return -EINVAL;
  907 
  908     if (params && params->data_device &&
  909         (r = crypt_set_data_device(cd, params->data_device)) < 0)
  910         return r;
  911 
  912     if (params && params->fec_device) {
  913         r = device_alloc(cd, &cd->u.verity.fec_device, params->fec_device);
  914         if (r < 0)
  915             return r;
  916         cd->u.verity.hdr.fec_area_offset = params->fec_area_offset;
  917         cd->u.verity.hdr.fec_roots = params->fec_roots;
  918     }
  919 
  920     return r;
  921 }
  922 
  923 static int _crypt_load_integrity(struct crypt_device *cd,
  924                  struct crypt_params_integrity *params)
  925 {
  926     int r;
  927 
  928     r = init_crypto(cd);
  929     if (r < 0)
  930         return r;
  931 
  932     r = INTEGRITY_read_sb(cd, &cd->u.integrity.params, &cd->u.integrity.sb_flags);
  933     if (r < 0)
  934         return r;
  935 
  936     // FIXME: add checks for fields in integrity sb vs params
  937 
  938     if (params) {
  939         cd->u.integrity.params.journal_watermark = params->journal_watermark;
  940         cd->u.integrity.params.journal_commit_time = params->journal_commit_time;
  941         cd->u.integrity.params.buffer_sectors = params->buffer_sectors;
  942         // FIXME: check ENOMEM
  943         if (params->integrity)
  944             cd->u.integrity.params.integrity = strdup(params->integrity);
  945         cd->u.integrity.params.integrity_key_size = params->integrity_key_size;
  946         if (params->journal_integrity)
  947             cd->u.integrity.params.journal_integrity = strdup(params->journal_integrity);
  948         if (params->journal_crypt)
  949             cd->u.integrity.params.journal_crypt = strdup(params->journal_crypt);
  950 
  951         if (params->journal_crypt_key) {
  952             cd->u.integrity.journal_crypt_key =
  953                 crypt_alloc_volume_key(params->journal_crypt_key_size,
  954                                params->journal_crypt_key);
  955             if (!cd->u.integrity.journal_crypt_key)
  956                 return -ENOMEM;
  957         }
  958         if (params->journal_integrity_key) {
  959             cd->u.integrity.journal_mac_key =
  960                 crypt_alloc_volume_key(params->journal_integrity_key_size,
  961                                params->journal_integrity_key);
  962             if (!cd->u.integrity.journal_mac_key)
  963                 return -ENOMEM;
  964         }
  965     }
  966 
  967     if (!cd->type && !(cd->type = strdup(CRYPT_INTEGRITY))) {
  968         free(CONST_CAST(void*)cd->u.integrity.params.integrity);
  969         return -ENOMEM;
  970     }
  971 
  972     return 0;
  973 }
  974 
  975 static int _crypt_load_bitlk(struct crypt_device *cd,
  976                  struct bitlk_metadata *params __attribute__((unused)))
  977 {
  978     int r;
  979 
  980     r = init_crypto(cd);
  981     if (r < 0)
  982         return r;
  983 
  984     r = BITLK_read_sb(cd, &cd->u.bitlk.params);
  985     if (r < 0)
  986         return r;
  987 
  988     if (asprintf(&cd->u.bitlk.cipher_spec, "%s-%s",
  989              cd->u.bitlk.params.cipher, cd->u.bitlk.params.cipher_mode) < 0) {
  990         cd->u.bitlk.cipher_spec = NULL;
  991         return -ENOMEM;
  992     }
  993 
  994     if (!cd->type && !(cd->type = strdup(CRYPT_BITLK)))
  995         return -ENOMEM;
  996 
  997     device_set_block_size(crypt_data_device(cd), cd->u.bitlk.params.sector_size);
  998 
  999     return 0;
 1000 }
 1001 
 1002 int crypt_load(struct crypt_device *cd,
 1003            const char *requested_type,
 1004            void *params)
 1005 {
 1006     int r;
 1007 
 1008     if (!cd)
 1009         return -EINVAL;
 1010 
 1011     log_dbg(cd, "Trying to load %s crypt type from device %s.",
 1012         requested_type ?: "any", mdata_device_path(cd) ?: "(none)");
 1013 
 1014     if (!crypt_metadata_device(cd))
 1015         return -EINVAL;
 1016 
 1017     crypt_reset_null_type(cd);
 1018     cd->data_offset = 0;
 1019     cd->metadata_size = 0;
 1020     cd->keyslots_size = 0;
 1021 
 1022     if (!requested_type || isLUKS1(requested_type) || isLUKS2(requested_type)) {
 1023         if (cd->type && !isLUKS1(cd->type) && !isLUKS2(cd->type)) {
 1024             log_dbg(cd, "Context is already initialized to type %s", cd->type);
 1025             return -EINVAL;
 1026         }
 1027 
 1028         r = _crypt_load_luks(cd, requested_type, 1, 0);
 1029     } else if (isVERITY(requested_type)) {
 1030         if (cd->type && !isVERITY(cd->type)) {
 1031             log_dbg(cd, "Context is already initialized to type %s", cd->type);
 1032             return -EINVAL;
 1033         }
 1034         r = _crypt_load_verity(cd, params);
 1035     } else if (isTCRYPT(requested_type)) {
 1036         if (cd->type && !isTCRYPT(cd->type)) {
 1037             log_dbg(cd, "Context is already initialized to type %s", cd->type);
 1038             return -EINVAL;
 1039         }
 1040         r = _crypt_load_tcrypt(cd, params);
 1041     } else if (isINTEGRITY(requested_type)) {
 1042         if (cd->type && !isINTEGRITY(cd->type)) {
 1043             log_dbg(cd, "Context is already initialized to type %s", cd->type);
 1044             return -EINVAL;
 1045         }
 1046         r = _crypt_load_integrity(cd, params);
 1047     } else if (isBITLK(requested_type)) {
 1048         if (cd->type && !isBITLK(cd->type)) {
 1049             log_dbg(cd, "Context is already initialized to type %s", cd->type);
 1050             return -EINVAL;
 1051         }
 1052         r = _crypt_load_bitlk(cd, params);
 1053     } else
 1054         return -EINVAL;
 1055 
 1056     return r;
 1057 }
 1058 
 1059 /*
 1060  * crypt_init() helpers
 1061  */
 1062 static int _init_by_name_crypt_none(struct crypt_device *cd)
 1063 {
 1064     int r;
 1065     char _mode[MAX_CIPHER_LEN];
 1066     struct crypt_dm_active_device dmd;
 1067     struct dm_target *tgt = &dmd.segment;
 1068 
 1069     if (cd->type || !cd->u.none.active_name)
 1070         return -EINVAL;
 1071 
 1072     r = dm_query_device(cd, cd->u.none.active_name,
 1073             DM_ACTIVE_CRYPT_CIPHER |
 1074             DM_ACTIVE_CRYPT_KEYSIZE, &dmd);
 1075     if (r < 0)
 1076         return r;
 1077     if (!single_segment(&dmd) || tgt->type != DM_CRYPT)
 1078         r = -EINVAL;
 1079     if (r >= 0)
 1080         r = crypt_parse_name_and_mode(tgt->u.crypt.cipher,
 1081                           cd->u.none.cipher, NULL,
 1082                           _mode);
 1083 
 1084     if (!r) {
 1085         r = snprintf(cd->u.none.cipher_spec, sizeof(cd->u.none.cipher_spec),
 1086              "%s-%s", cd->u.none.cipher, _mode);
 1087         if (r < 0 || (size_t)r >= sizeof(cd->u.none.cipher_spec))
 1088             r = -EINVAL;
 1089         else {
 1090             cd->u.none.cipher_mode = cd->u.none.cipher_spec + strlen(cd->u.none.cipher) + 1;
 1091             cd->u.none.key_size = tgt->u.crypt.vk->keylength;
 1092             r = 0;
 1093         }
 1094     }
 1095 
 1096     dm_targets_free(cd, &dmd);
 1097     return r;
 1098 }
 1099 
 1100 static const char *LUKS_UUID(struct crypt_device *cd)
 1101 {
 1102     if (!cd)
 1103         return NULL;
 1104     else if (isLUKS1(cd->type))
 1105         return cd->u.luks1.hdr.uuid;
 1106     else if (isLUKS2(cd->type))
 1107         return cd->u.luks2.hdr.uuid;
 1108 
 1109     return NULL;
 1110 }
 1111 
 1112 static void crypt_free_type(struct crypt_device *cd)
 1113 {
 1114     if (isPLAIN(cd->type)) {
 1115         free(CONST_CAST(void*)cd->u.plain.hdr.hash);
 1116         free(cd->u.plain.cipher);
 1117         free(cd->u.plain.cipher_spec);
 1118     } else if (isLUKS2(cd->type)) {
 1119         LUKS2_reencrypt_free(cd, cd->u.luks2.rh);
 1120         LUKS2_hdr_free(cd, &cd->u.luks2.hdr);
 1121         free(cd->u.luks2.keyslot_cipher);
 1122     } else if (isLUKS1(cd->type)) {
 1123         free(cd->u.luks1.cipher_spec);
 1124     } else if (isLOOPAES(cd->type)) {
 1125         free(CONST_CAST(void*)cd->u.loopaes.hdr.hash);
 1126         free(cd->u.loopaes.cipher);
 1127         free(cd->u.loopaes.cipher_spec);
 1128     } else if (isVERITY(cd->type)) {
 1129         free(CONST_CAST(void*)cd->u.verity.hdr.hash_name);
 1130         free(CONST_CAST(void*)cd->u.verity.hdr.data_device);
 1131         free(CONST_CAST(void*)cd->u.verity.hdr.hash_device);
 1132         free(CONST_CAST(void*)cd->u.verity.hdr.fec_device);
 1133         free(CONST_CAST(void*)cd->u.verity.hdr.salt);
 1134         free(CONST_CAST(void*)cd->u.verity.root_hash);
 1135         free(cd->u.verity.uuid);
 1136         device_free(cd, cd->u.verity.fec_device);
 1137     } else if (isINTEGRITY(cd->type)) {
 1138         free(CONST_CAST(void*)cd->u.integrity.params.integrity);
 1139         free(CONST_CAST(void*)cd->u.integrity.params.journal_integrity);
 1140         free(CONST_CAST(void*)cd->u.integrity.params.journal_crypt);
 1141         crypt_free_volume_key(cd->u.integrity.journal_crypt_key);
 1142         crypt_free_volume_key(cd->u.integrity.journal_mac_key);
 1143     } else if (isBITLK(cd->type)) {
 1144         free(cd->u.bitlk.cipher_spec);
 1145         BITLK_bitlk_metadata_free(&cd->u.bitlk.params);
 1146     } else if (!cd->type) {
 1147         free(cd->u.none.active_name);
 1148         cd->u.none.active_name = NULL;
 1149     }
 1150 
 1151     crypt_set_null_type(cd);
 1152 }
 1153 
 1154 static int _init_by_name_crypt(struct crypt_device *cd, const char *name)
 1155 {
 1156     bool found = false;
 1157     char **dep, *cipher_spec = NULL, cipher[MAX_CIPHER_LEN], cipher_mode[MAX_CIPHER_LEN], deps_uuid_prefix[40], *deps[MAX_DM_DEPS+1] = {};
 1158     const char *dev, *namei;
 1159     int key_nums, r;
 1160     struct crypt_dm_active_device dmd, dmdi = {}, dmdep = {};
 1161     struct dm_target *tgt = &dmd.segment, *tgti = &dmdi.segment;
 1162 
 1163     r = dm_query_device(cd, name,
 1164             DM_ACTIVE_DEVICE |
 1165             DM_ACTIVE_UUID |
 1166             DM_ACTIVE_CRYPT_CIPHER |
 1167             DM_ACTIVE_CRYPT_KEYSIZE, &dmd);
 1168     if (r < 0)
 1169         return r;
 1170 
 1171     if (tgt->type != DM_CRYPT && tgt->type != DM_LINEAR) {
 1172         log_dbg(cd, "Unsupported device table detected in %s.", name);
 1173         r = -EINVAL;
 1174         goto out;
 1175     }
 1176 
 1177     r = -EINVAL;
 1178 
 1179     if (dmd.uuid) {
 1180         r = snprintf(deps_uuid_prefix, sizeof(deps_uuid_prefix), CRYPT_SUBDEV "-%.32s", dmd.uuid + 6);
 1181         if (r < 0 || (size_t)r != (sizeof(deps_uuid_prefix) - 1))
 1182             r = -EINVAL;
 1183     }
 1184 
 1185     if (r >= 0) {
 1186         r = dm_device_deps(cd, name, deps_uuid_prefix, deps, ARRAY_SIZE(deps));
 1187         if (r)
 1188             goto out;
 1189     }
 1190 
 1191     r = crypt_parse_name_and_mode(tgt->type == DM_LINEAR ? "null" : tgt->u.crypt.cipher, cipher,
 1192                       &key_nums, cipher_mode);
 1193     if (r < 0) {
 1194         log_dbg(cd, "Cannot parse cipher and mode from active device.");
 1195         goto out;
 1196     }
 1197 
 1198     dep = deps;
 1199 
 1200     if (tgt->type == DM_CRYPT && tgt->u.crypt.integrity && (namei = device_dm_name(tgt->data_device))) {
 1201         r = dm_query_device(cd, namei, DM_ACTIVE_DEVICE, &dmdi);
 1202         if (r < 0)
 1203             goto out;
 1204         if (!single_segment(&dmdi) || tgti->type != DM_INTEGRITY) {
 1205             log_dbg(cd, "Unsupported device table detected in %s.", namei);
 1206             r = -EINVAL;
 1207             goto out;
 1208         }
 1209         if (!cd->metadata_device) {
 1210             device_free(cd, cd->device);
 1211             MOVE_REF(cd->device, tgti->data_device);
 1212         }
 1213     }
 1214 
 1215     /* do not try to lookup LUKS2 header in detached header mode */
 1216     if (dmd.uuid && !cd->metadata_device && !found) {
 1217         while (*dep && !found) {
 1218             r = dm_query_device(cd, *dep, DM_ACTIVE_DEVICE, &dmdep);
 1219             if (r < 0)
 1220                 goto out;
 1221 
 1222             tgt = &dmdep.segment;
 1223 
 1224             while (tgt && !found) {
 1225                 dev = device_path(tgt->data_device);
 1226                 if (!dev) {
 1227                     tgt = tgt->next;
 1228                     continue;
 1229                 }
 1230                 if (!strstr(dev, dm_get_dir()) ||
 1231                     !crypt_string_in(dev + strlen(dm_get_dir()) + 1, deps, ARRAY_SIZE(deps))) {
 1232                     device_free(cd, cd->device);
 1233                     MOVE_REF(cd->device, tgt->data_device);
 1234                     found = true;
 1235                 }
 1236                 tgt = tgt->next;
 1237             }
 1238             dep++;
 1239             dm_targets_free(cd, &dmdep);
 1240         }
 1241     }
 1242 
 1243     if (asprintf(&cipher_spec, "%s-%s", cipher, cipher_mode) < 0) {
 1244         cipher_spec = NULL;
 1245         r = -ENOMEM;
 1246         goto out;
 1247     }
 1248 
 1249     tgt = &dmd.segment;
 1250     r = 0;
 1251 
 1252     if (isPLAIN(cd->type) && single_segment(&dmd) && tgt->type == DM_CRYPT) {
 1253         cd->u.plain.hdr.hash = NULL; /* no way to get this */
 1254         cd->u.plain.hdr.offset = tgt->u.crypt.offset;
 1255         cd->u.plain.hdr.skip = tgt->u.crypt.iv_offset;
 1256         cd->u.plain.hdr.sector_size = tgt->u.crypt.sector_size;
 1257         cd->u.plain.key_size = tgt->u.crypt.vk->keylength;
 1258         cd->u.plain.cipher = strdup(cipher);
 1259         MOVE_REF(cd->u.plain.cipher_spec, cipher_spec);
 1260         cd->u.plain.cipher_mode = cd->u.plain.cipher_spec + strlen(cipher) + 1;
 1261     } else if (isLOOPAES(cd->type) && single_segment(&dmd) && tgt->type == DM_CRYPT) {
 1262         cd->u.loopaes.hdr.offset = tgt->u.crypt.offset;
 1263         cd->u.loopaes.cipher = strdup(cipher);
 1264         MOVE_REF(cd->u.loopaes.cipher_spec, cipher_spec);
 1265         cd->u.loopaes.cipher_mode = cd->u.loopaes.cipher_spec + strlen(cipher) + 1;
 1266         /* version 3 uses last key for IV */
 1267         if (tgt->u.crypt.vk->keylength % key_nums)
 1268             key_nums++;
 1269         cd->u.loopaes.key_size = tgt->u.crypt.vk->keylength / key_nums;
 1270     } else if (isLUKS1(cd->type) || isLUKS2(cd->type)) {
 1271         if (crypt_metadata_device(cd)) {
 1272             r = _crypt_load_luks(cd, cd->type, 0, 0);
 1273             if (r < 0) {
 1274                 log_dbg(cd, "LUKS device header does not match active device.");
 1275                 crypt_set_null_type(cd);
 1276                 device_close(cd, cd->metadata_device);
 1277                 device_close(cd, cd->device);
 1278                 r = 0;
 1279                 goto out;
 1280             }
 1281             /* check whether UUIDs match each other */
 1282             r = crypt_uuid_cmp(dmd.uuid, LUKS_UUID(cd));
 1283             if (r < 0) {
 1284                 log_dbg(cd, "LUKS device header uuid: %s mismatches DM returned uuid %s",
 1285                     LUKS_UUID(cd), dmd.uuid);
 1286                 crypt_free_type(cd);
 1287                 r = 0;
 1288                 goto out;
 1289             }
 1290         } else {
 1291             log_dbg(cd, "LUKS device header not available.");
 1292             crypt_set_null_type(cd);
 1293             r = 0;
 1294         }
 1295     } else if (isTCRYPT(cd->type) && single_segment(&dmd) && tgt->type == DM_CRYPT) {
 1296         r = TCRYPT_init_by_name(cd, name, dmd.uuid, tgt, &cd->device,
 1297                     &cd->u.tcrypt.params, &cd->u.tcrypt.hdr);
 1298     } else if (isBITLK(cd->type)) {
 1299         r = _crypt_load_bitlk(cd, NULL);
 1300         if (r < 0) {
 1301             log_dbg(cd, "BITLK device header not available.");
 1302             crypt_set_null_type(cd);
 1303             r = 0;
 1304         }
 1305     }
 1306 out:
 1307     dm_targets_free(cd, &dmd);
 1308     dm_targets_free(cd, &dmdi);
 1309     dm_targets_free(cd, &dmdep);
 1310     free(CONST_CAST(void*)dmd.uuid);
 1311     free(cipher_spec);
 1312     dep = deps;
 1313     while (*dep)
 1314         free(*dep++);
 1315     return r;
 1316 }
 1317 
 1318 static int _init_by_name_verity(struct crypt_device *cd, const char *name)
 1319 {
 1320     struct crypt_dm_active_device dmd;
 1321     struct dm_target *tgt = &dmd.segment;
 1322     int r;
 1323 
 1324     r = dm_query_device(cd, name,
 1325                 DM_ACTIVE_DEVICE |
 1326                 DM_ACTIVE_VERITY_HASH_DEVICE |
 1327                 DM_ACTIVE_VERITY_ROOT_HASH |
 1328                 DM_ACTIVE_VERITY_PARAMS, &dmd);
 1329     if (r < 0)
 1330         return r;
 1331     if (!single_segment(&dmd) || tgt->type != DM_VERITY) {
 1332         log_dbg(cd, "Unsupported device table detected in %s.", name);
 1333         r = -EINVAL;
 1334         goto out;
 1335     }
 1336     if (r > 0)
 1337         r = 0;
 1338 
 1339     if (isVERITY(cd->type)) {
 1340         cd->u.verity.uuid = NULL; // FIXME
 1341         cd->u.verity.hdr.flags = CRYPT_VERITY_NO_HEADER; //FIXME
 1342         cd->u.verity.hdr.data_size = tgt->u.verity.vp->data_size;
 1343         cd->u.verity.root_hash_size = tgt->u.verity.root_hash_size;
 1344         MOVE_REF(cd->u.verity.hdr.hash_name, tgt->u.verity.vp->hash_name);
 1345         cd->u.verity.hdr.data_device = NULL;
 1346         cd->u.verity.hdr.hash_device = NULL;
 1347         cd->u.verity.hdr.data_block_size = tgt->u.verity.vp->data_block_size;
 1348         cd->u.verity.hdr.hash_block_size = tgt->u.verity.vp->hash_block_size;
 1349         cd->u.verity.hdr.hash_area_offset = tgt->u.verity.hash_offset;
 1350         cd->u.verity.hdr.fec_area_offset = tgt->u.verity.fec_offset;
 1351         cd->u.verity.hdr.hash_type = tgt->u.verity.vp->hash_type;
 1352         cd->u.verity.hdr.flags = tgt->u.verity.vp->flags;
 1353         cd->u.verity.hdr.salt_size = tgt->u.verity.vp->salt_size;
 1354         MOVE_REF(cd->u.verity.hdr.salt, tgt->u.verity.vp->salt);
 1355         MOVE_REF(cd->u.verity.hdr.fec_device, tgt->u.verity.vp->fec_device);
 1356         cd->u.verity.hdr.fec_roots = tgt->u.verity.vp->fec_roots;
 1357         MOVE_REF(cd->u.verity.fec_device, tgt->u.verity.fec_device);
 1358         MOVE_REF(cd->metadata_device, tgt->u.verity.hash_device);
 1359         MOVE_REF(cd->u.verity.root_hash, tgt->u.verity.root_hash);
 1360     }
 1361 out:
 1362     dm_targets_free(cd, &dmd);
 1363     return r;
 1364 }
 1365 
 1366 static int _init_by_name_integrity(struct crypt_device *cd, const char *name)
 1367 {
 1368     struct crypt_dm_active_device dmd;
 1369     struct dm_target *tgt = &dmd.segment;
 1370     int r;
 1371 
 1372     r = dm_query_device(cd, name, DM_ACTIVE_DEVICE |
 1373                       DM_ACTIVE_CRYPT_KEY |
 1374                       DM_ACTIVE_CRYPT_KEYSIZE |
 1375                       DM_ACTIVE_INTEGRITY_PARAMS, &dmd);
 1376     if (r < 0)
 1377         return r;
 1378     if (!single_segment(&dmd) || tgt->type != DM_INTEGRITY) {
 1379         log_dbg(cd, "Unsupported device table detected in %s.", name);
 1380         r = -EINVAL;
 1381         goto out;
 1382     }
 1383     if (r > 0)
 1384         r = 0;
 1385 
 1386     if (isINTEGRITY(cd->type)) {
 1387         cd->u.integrity.params.tag_size = tgt->u.integrity.tag_size;
 1388         cd->u.integrity.params.sector_size = tgt->u.integrity.sector_size;
 1389         cd->u.integrity.params.journal_size = tgt->u.integrity.journal_size;
 1390         cd->u.integrity.params.journal_watermark = tgt->u.integrity.journal_watermark;
 1391         cd->u.integrity.params.journal_commit_time = tgt->u.integrity.journal_commit_time;
 1392         cd->u.integrity.params.interleave_sectors = tgt->u.integrity.interleave_sectors;
 1393         cd->u.integrity.params.buffer_sectors = tgt->u.integrity.buffer_sectors;
 1394         MOVE_REF(cd->u.integrity.params.integrity, tgt->u.integrity.integrity);
 1395         MOVE_REF(cd->u.integrity.params.journal_integrity, tgt->u.integrity.journal_integrity);
 1396         MOVE_REF(cd->u.integrity.params.journal_crypt, tgt->u.integrity.journal_crypt);
 1397 
 1398         if (tgt->u.integrity.vk)
 1399             cd->u.integrity.params.integrity_key_size = tgt->u.integrity.vk->keylength;
 1400         if (tgt->u.integrity.journal_integrity_key)
 1401             cd->u.integrity.params.journal_integrity_key_size = tgt->u.integrity.journal_integrity_key->keylength;
 1402         if (tgt->u.integrity.journal_crypt_key)
 1403             cd->u.integrity.params.integrity_key_size = tgt->u.integrity.journal_crypt_key->keylength;
 1404         MOVE_REF(cd->metadata_device, tgt->u.integrity.meta_device);
 1405     }
 1406 out:
 1407     dm_targets_free(cd, &dmd);
 1408     return r;
 1409 }
 1410 
 1411 int crypt_init_by_name_and_header(struct crypt_device **cd,
 1412                   const char *name,
 1413                   const char *header_device)
 1414 {
 1415     crypt_status_info ci;
 1416     struct crypt_dm_active_device dmd;
 1417     struct dm_target *tgt = &dmd.segment;
 1418     int r;
 1419 
 1420     if (!cd || !name)
 1421         return -EINVAL;
 1422 
 1423     log_dbg(NULL, "Allocating crypt device context by device %s.", name);
 1424 
 1425     ci = crypt_status(NULL, name);
 1426     if (ci == CRYPT_INVALID)
 1427         return -ENODEV;
 1428 
 1429     if (ci < CRYPT_ACTIVE) {
 1430         log_err(NULL, _("Device %s is not active."), name);
 1431         return -ENODEV;
 1432     }
 1433 
 1434     r = dm_query_device(NULL, name, DM_ACTIVE_DEVICE | DM_ACTIVE_UUID, &dmd);
 1435     if (r < 0)
 1436         return r;
 1437 
 1438     *cd = NULL;
 1439 
 1440     if (header_device) {
 1441         r = crypt_init(cd, header_device);
 1442     } else {
 1443         r = crypt_init(cd, device_path(tgt->data_device));
 1444 
 1445         /* Underlying device disappeared but mapping still active */
 1446         if (!tgt->data_device || r == -ENOTBLK)
 1447             log_verbose(NULL, _("Underlying device for crypt device %s disappeared."),
 1448                     name);
 1449 
 1450         /* Underlying device is not readable but crypt mapping exists */
 1451         if (r == -ENOTBLK)
 1452             r = crypt_init(cd, NULL);
 1453     }
 1454 
 1455     if (r < 0)
 1456         goto out;
 1457 
 1458     if (dmd.uuid) {
 1459         if (!strncmp(CRYPT_PLAIN, dmd.uuid, sizeof(CRYPT_PLAIN)-1))
 1460             (*cd)->type = strdup(CRYPT_PLAIN);
 1461         else if (!strncmp(CRYPT_LOOPAES, dmd.uuid, sizeof(CRYPT_LOOPAES)-1))
 1462             (*cd)->type = strdup(CRYPT_LOOPAES);
 1463         else if (!strncmp(CRYPT_LUKS1, dmd.uuid, sizeof(CRYPT_LUKS1)-1))
 1464             (*cd)->type = strdup(CRYPT_LUKS1);
 1465         else if (!strncmp(CRYPT_LUKS2, dmd.uuid, sizeof(CRYPT_LUKS2)-1))
 1466             (*cd)->type = strdup(CRYPT_LUKS2);
 1467         else if (!strncmp(CRYPT_VERITY, dmd.uuid, sizeof(CRYPT_VERITY)-1))
 1468             (*cd)->type = strdup(CRYPT_VERITY);
 1469         else if (!strncmp(CRYPT_TCRYPT, dmd.uuid, sizeof(CRYPT_TCRYPT)-1))
 1470             (*cd)->type = strdup(CRYPT_TCRYPT);
 1471         else if (!strncmp(CRYPT_INTEGRITY, dmd.uuid, sizeof(CRYPT_INTEGRITY)-1))
 1472             (*cd)->type = strdup(CRYPT_INTEGRITY);
 1473         else if (!strncmp(CRYPT_BITLK, dmd.uuid, sizeof(CRYPT_BITLK)-1))
 1474             (*cd)->type = strdup(CRYPT_BITLK);
 1475         else
 1476             log_dbg(NULL, "Unknown UUID set, some parameters are not set.");
 1477     } else
 1478         log_dbg(NULL, "Active device has no UUID set, some parameters are not set.");
 1479 
 1480     if (header_device) {
 1481         r = crypt_set_data_device(*cd, device_path(tgt->data_device));
 1482         if (r < 0)
 1483             goto out;
 1484     }
 1485 
 1486     /* Try to initialize basic parameters from active device */
 1487 
 1488     if (tgt->type == DM_CRYPT || tgt->type == DM_LINEAR)
 1489         r = _init_by_name_crypt(*cd, name);
 1490     else if (tgt->type == DM_VERITY)
 1491         r = _init_by_name_verity(*cd, name);
 1492     else if (tgt->type == DM_INTEGRITY)
 1493         r = _init_by_name_integrity(*cd, name);
 1494 out:
 1495     if (r < 0) {
 1496         crypt_free(*cd);
 1497         *cd = NULL;
 1498     } else if (!(*cd)->type) {
 1499         /* For anonymous device (no header found) remember initialized name */
 1500         (*cd)->u.none.active_name = strdup(name);
 1501     }
 1502 
 1503     free(CONST_CAST(void*)dmd.uuid);
 1504     dm_targets_free(NULL, &dmd);
 1505     return r;
 1506 }
 1507 
 1508 int crypt_init_by_name(struct crypt_device **cd, const char *name)
 1509 {
 1510     return crypt_init_by_name_and_header(cd, name, NULL);
 1511 }
 1512 
 1513 /*
 1514  * crypt_format() helpers
 1515  */
 1516 static int _crypt_format_plain(struct crypt_device *cd,
 1517                    const char *cipher,
 1518                    const char *cipher_mode,
 1519                    const char *uuid,
 1520                    size_t volume_key_size,
 1521                    struct crypt_params_plain *params)
 1522 {
 1523     unsigned int sector_size = params ? params->sector_size : SECTOR_SIZE;
 1524     uint64_t dev_size;
 1525 
 1526     if (!cipher || !cipher_mode) {
 1527         log_err(cd, _("Invalid plain crypt parameters."));
 1528         return -EINVAL;
 1529     }
 1530 
 1531     if (volume_key_size > 1024) {
 1532         log_err(cd, _("Invalid key size."));
 1533         return -EINVAL;
 1534     }
 1535 
 1536     if (uuid) {
 1537         log_err(cd, _("UUID is not supported for this crypt type."));
 1538         return -EINVAL;
 1539     }
 1540 
 1541     if (cd->metadata_device) {
 1542         log_err(cd, _("Detached metadata device is not supported for this crypt type."));
 1543         return -EINVAL;
 1544     }
 1545 
 1546     /* For compatibility with old params structure */
 1547     if (!sector_size)
 1548         sector_size = SECTOR_SIZE;
 1549 
 1550     if (sector_size < SECTOR_SIZE || sector_size > MAX_SECTOR_SIZE ||
 1551         NOTPOW2(sector_size)) {
 1552         log_err(cd, _("Unsupported encryption sector size."));
 1553         return -EINVAL;
 1554     }
 1555 
 1556     if (sector_size > SECTOR_SIZE && !device_size(cd->device, &dev_size)) {
 1557         if (params && params->offset)
 1558             dev_size -= (params->offset * SECTOR_SIZE);
 1559         if (dev_size % sector_size) {
 1560             log_err(cd, _("Device size is not aligned to requested sector size."));
 1561             return -EINVAL;
 1562         }
 1563         device_set_block_size(crypt_data_device(cd), sector_size);
 1564     }
 1565 
 1566     if (!(cd->type = strdup(CRYPT_PLAIN)))
 1567         return -ENOMEM;
 1568 
 1569     cd->u.plain.key_size = volume_key_size;
 1570     cd->volume_key = crypt_alloc_volume_key(volume_key_size, NULL);
 1571     if (!cd->volume_key)
 1572         return -ENOMEM;
 1573 
 1574     if (asprintf(&cd->u.plain.cipher_spec, "%s-%s", cipher, cipher_mode) < 0) {
 1575         cd->u.plain.cipher_spec = NULL;
 1576         return -ENOMEM;
 1577     }
 1578     cd->u.plain.cipher = strdup(cipher);
 1579     cd->u.plain.cipher_mode = cd->u.plain.cipher_spec + strlen(cipher) + 1;
 1580 
 1581     if (params && params->hash)
 1582         cd->u.plain.hdr.hash = strdup(params->hash);
 1583 
 1584     cd->u.plain.hdr.offset = params ? params->offset : 0;
 1585     cd->u.plain.hdr.skip = params ? params->skip : 0;
 1586     cd->u.plain.hdr.size = params ? params->size : 0;
 1587     cd->u.plain.hdr.sector_size = sector_size;
 1588 
 1589     if (!cd->u.plain.cipher)
 1590         return -ENOMEM;
 1591 
 1592     return 0;
 1593 }
 1594 
 1595 static int _crypt_format_luks1(struct crypt_device *cd,
 1596                    const char *cipher,
 1597                    const char *cipher_mode,
 1598                    const char *uuid,
 1599                    const char *volume_key,
 1600                    size_t volume_key_size,
 1601                    struct crypt_params_luks1 *params)
 1602 {
 1603     int r;
 1604     unsigned long required_alignment = DEFAULT_DISK_ALIGNMENT;
 1605     unsigned long alignment_offset = 0;
 1606     uint64_t dev_size;
 1607 
 1608     if (!cipher || !cipher_mode)
 1609         return -EINVAL;
 1610 
 1611     if (!crypt_metadata_device(cd)) {
 1612         log_err(cd, _("Can't format LUKS without device."));
 1613         return -EINVAL;
 1614     }
 1615 
 1616     if (params && cd->data_offset && params->data_alignment &&
 1617        (cd->data_offset % params->data_alignment)) {
 1618         log_err(cd, _("Requested data alignment is not compatible with data offset."));
 1619         return -EINVAL;
 1620     }
 1621 
 1622     if (!(cd->type = strdup(CRYPT_LUKS1)))
 1623         return -ENOMEM;
 1624 
 1625     if (volume_key)
 1626         cd->volume_key = crypt_alloc_volume_key(volume_key_size,
 1627                               volume_key);
 1628     else
 1629         cd->volume_key = crypt_generate_volume_key(cd, volume_key_size);
 1630 
 1631     if (!cd->volume_key)
 1632         return -ENOMEM;
 1633 
 1634     if (verify_pbkdf_params(cd, &cd->pbkdf)) {
 1635         r = init_pbkdf_type(cd, NULL, CRYPT_LUKS1);
 1636         if (r)
 1637             return r;
 1638     }
 1639 
 1640     if (params && params->hash && strcmp(params->hash, cd->pbkdf.hash)) {
 1641         free(CONST_CAST(void*)cd->pbkdf.hash);
 1642         cd->pbkdf.hash = strdup(params->hash);
 1643         if (!cd->pbkdf.hash)
 1644             return -ENOMEM;
 1645     }
 1646 
 1647     if (params && params->data_device) {
 1648         if (!cd->metadata_device)
 1649             cd->metadata_device = cd->device;
 1650         else
 1651             device_free(cd, cd->device);
 1652         cd->device = NULL;
 1653         if (device_alloc(cd, &cd->device, params->data_device) < 0)
 1654             return -ENOMEM;
 1655     }
 1656 
 1657     if (params && cd->metadata_device) {
 1658         /* For detached header the alignment is used directly as data offset */
 1659         if (!cd->data_offset)
 1660             cd->data_offset = params->data_alignment;
 1661         required_alignment = params->data_alignment * SECTOR_SIZE;
 1662     } else if (params && params->data_alignment) {
 1663         required_alignment = params->data_alignment * SECTOR_SIZE;
 1664     } else
 1665         device_topology_alignment(cd, cd->device,
 1666                        &required_alignment,
 1667                        &alignment_offset, DEFAULT_DISK_ALIGNMENT);
 1668 
 1669     r = LUKS_check_cipher(cd, volume_key_size, cipher, cipher_mode);
 1670     if (r < 0)
 1671         return r;
 1672 
 1673     r = LUKS_generate_phdr(&cd->u.luks1.hdr, cd->volume_key, cipher, cipher_mode,
 1674                    cd->pbkdf.hash, uuid,
 1675                    cd->data_offset * SECTOR_SIZE,
 1676                    alignment_offset, required_alignment, cd);
 1677     if (r < 0)
 1678         return r;
 1679 
 1680     r = device_check_access(cd, crypt_metadata_device(cd), DEV_EXCL);
 1681     if (r < 0)
 1682         return r;
 1683 
 1684     if (!device_size(crypt_data_device(cd), &dev_size) &&
 1685         dev_size < (crypt_get_data_offset(cd) * SECTOR_SIZE))
 1686         log_std(cd, _("WARNING: Data offset is outside of currently available data device.\n"));
 1687 
 1688     if (asprintf(&cd->u.luks1.cipher_spec, "%s-%s", cipher, cipher_mode) < 0) {
 1689         cd->u.luks1.cipher_spec = NULL;
 1690         return -ENOMEM;
 1691     }
 1692 
 1693     r = LUKS_wipe_header_areas(&cd->u.luks1.hdr, cd);
 1694     if (r < 0) {
 1695         free(cd->u.luks1.cipher_spec);
 1696         log_err(cd, _("Cannot wipe header on device %s."),
 1697             mdata_device_path(cd));
 1698         return r;
 1699     }
 1700 
 1701     r = LUKS_write_phdr(&cd->u.luks1.hdr, cd);
 1702     if (r)
 1703         free(cd->u.luks1.cipher_spec);
 1704 
 1705     return r;
 1706 }
 1707 
 1708 static int _crypt_format_luks2(struct crypt_device *cd,
 1709                    const char *cipher,
 1710                    const char *cipher_mode,
 1711                    const char *uuid,
 1712                    const char *volume_key,
 1713                    size_t volume_key_size,
 1714                    struct crypt_params_luks2 *params,
 1715                    bool sector_size_autodetect)
 1716 {
 1717     int r, integrity_key_size = 0;
 1718     unsigned long required_alignment = DEFAULT_DISK_ALIGNMENT;
 1719     unsigned long alignment_offset = 0;
 1720     unsigned int sector_size;
 1721     const char *integrity = params ? params->integrity : NULL;
 1722     uint64_t dev_size;
 1723     uint32_t dmc_flags;
 1724 
 1725     cd->u.luks2.hdr.jobj = NULL;
 1726     cd->u.luks2.keyslot_cipher = NULL;
 1727 
 1728     if (!cipher || !cipher_mode)
 1729         return -EINVAL;
 1730 
 1731     if (!crypt_metadata_device(cd)) {
 1732         log_err(cd, _("Can't format LUKS without device."));
 1733         return -EINVAL;
 1734     }
 1735 
 1736     if (params && cd->data_offset && params->data_alignment &&
 1737        (cd->data_offset % params->data_alignment)) {
 1738         log_err(cd, _("Requested data alignment is not compatible with data offset."));
 1739         return -EINVAL;
 1740     }
 1741 
 1742     if (params && params->sector_size)
 1743         sector_size_autodetect = false;
 1744 
 1745     if (sector_size_autodetect) {
 1746         sector_size = device_optimal_encryption_sector_size(cd, crypt_data_device(cd));
 1747         log_dbg(cd, "Auto-detected optimal encryption sector size for device %s is %d bytes.",
 1748             device_path(crypt_data_device(cd)), sector_size);
 1749     } else
 1750         sector_size = params ? params->sector_size : SECTOR_SIZE;
 1751 
 1752     if (sector_size < SECTOR_SIZE || sector_size > MAX_SECTOR_SIZE ||
 1753         NOTPOW2(sector_size)) {
 1754         log_err(cd, _("Unsupported encryption sector size."));
 1755         return -EINVAL;
 1756     }
 1757     if (sector_size != SECTOR_SIZE && !dm_flags(cd, DM_CRYPT, &dmc_flags) &&
 1758         !(dmc_flags & DM_SECTOR_SIZE_SUPPORTED)) {
 1759         if (sector_size_autodetect) {
 1760             log_dbg(cd, "dm-crypt does not support encryption sector size option. Reverting to 512 bytes.");
 1761             sector_size = SECTOR_SIZE;
 1762         } else
 1763             log_std(cd, _("WARNING: The device activation will fail, dm-crypt is missing "
 1764                       "support for requested encryption sector size.\n"));
 1765     }
 1766 
 1767     if (integrity) {
 1768         if (params->integrity_params) {
 1769             /* Standalone dm-integrity must not be used */
 1770             if (params->integrity_params->integrity ||
 1771                 params->integrity_params->integrity_key_size)
 1772                 return -EINVAL;
 1773             /* FIXME: journal encryption and MAC is here not yet supported */
 1774             if (params->integrity_params->journal_crypt ||
 1775             params->integrity_params->journal_integrity)
 1776                 return -ENOTSUP;
 1777         }
 1778         if (!INTEGRITY_tag_size(cd, integrity, cipher, cipher_mode)) {
 1779             if (!strcmp(integrity, "none"))
 1780                 integrity = NULL;
 1781             else
 1782                 return -EINVAL;
 1783         }
 1784         integrity_key_size = INTEGRITY_key_size(cd, integrity);
 1785         if ((integrity_key_size < 0) || (integrity_key_size >= (int)volume_key_size)) {
 1786             log_err(cd, _("Volume key is too small for encryption with integrity extensions."));
 1787             return -EINVAL;
 1788         }
 1789     }
 1790 
 1791     r = device_check_access(cd, crypt_metadata_device(cd), DEV_EXCL);
 1792     if (r < 0)
 1793         return r;
 1794 
 1795     if (!(cd->type = strdup(CRYPT_LUKS2)))
 1796         return -ENOMEM;
 1797 
 1798     if (volume_key)
 1799         cd->volume_key = crypt_alloc_volume_key(volume_key_size,
 1800                               volume_key);
 1801     else
 1802         cd->volume_key = crypt_generate_volume_key(cd, volume_key_size);
 1803 
 1804     if (!cd->volume_key)
 1805         return -ENOMEM;
 1806 
 1807     if (params && params->pbkdf)
 1808         r = crypt_set_pbkdf_type(cd, params->pbkdf);
 1809     else if (verify_pbkdf_params(cd, &cd->pbkdf))
 1810         r = init_pbkdf_type(cd, NULL, CRYPT_LUKS2);
 1811 
 1812     if (r < 0)
 1813         return r;
 1814 
 1815     if (params && params->data_device) {
 1816         if (!cd->metadata_device)
 1817             cd->metadata_device = cd->device;
 1818         else
 1819             device_free(cd, cd->device);
 1820         cd->device = NULL;
 1821         if (device_alloc(cd, &cd->device, params->data_device) < 0)
 1822             return -ENOMEM;
 1823     }
 1824 
 1825     if (params && cd->metadata_device) {
 1826         /* For detached header the alignment is used directly as data offset */
 1827         if (!cd->data_offset)
 1828             cd->data_offset = params->data_alignment;
 1829         required_alignment = params->data_alignment * SECTOR_SIZE;
 1830     } else if (params && params->data_alignment) {
 1831         required_alignment = params->data_alignment * SECTOR_SIZE;
 1832     } else
 1833         device_topology_alignment(cd, cd->device,
 1834                        &required_alignment,
 1835                        &alignment_offset, DEFAULT_DISK_ALIGNMENT);
 1836 
 1837     r = device_size(crypt_data_device(cd), &dev_size);
 1838     if (r < 0)
 1839         goto out;
 1840 
 1841     if (sector_size_autodetect) {
 1842         if (cd->data_offset && MISALIGNED(cd->data_offset, sector_size)) {
 1843             log_dbg(cd, "Data offset not aligned to sector size. Reverting to 512 bytes.");
 1844             sector_size = SECTOR_SIZE;
 1845         } else if (MISALIGNED(dev_size - (uint64_t)required_alignment - (uint64_t)alignment_offset, sector_size)) {
 1846             /* underflow does not affect misalignment checks */
 1847             log_dbg(cd, "Device size is not aligned to sector size. Reverting to 512 bytes.");
 1848             sector_size = SECTOR_SIZE;
 1849         }
 1850     }
 1851 
 1852     /* FIXME: allow this later also for normal ciphers (check AF_ALG availability. */
 1853     if (integrity && !integrity_key_size) {
 1854         r = crypt_cipher_check_kernel(cipher, cipher_mode, integrity, volume_key_size);
 1855         if (r < 0) {
 1856             log_err(cd, _("Cipher %s-%s (key size %zd bits) is not available."),
 1857                 cipher, cipher_mode, volume_key_size * 8);
 1858             goto out;
 1859         }
 1860     }
 1861 
 1862     if ((!integrity || integrity_key_size) && !crypt_cipher_wrapped_key(cipher, cipher_mode) &&
 1863         !INTEGRITY_tag_size(cd, NULL, cipher, cipher_mode)) {
 1864         r = LUKS_check_cipher(cd, volume_key_size - integrity_key_size,
 1865                       cipher, cipher_mode);
 1866         if (r < 0)
 1867             goto out;
 1868     }
 1869 
 1870     r = LUKS2_generate_hdr(cd, &cd->u.luks2.hdr, cd->volume_key,
 1871                    cipher, cipher_mode,
 1872                    integrity, uuid,
 1873                    sector_size,
 1874                    cd->data_offset * SECTOR_SIZE,
 1875                    alignment_offset,
 1876                    required_alignment,
 1877                    cd->metadata_size, cd->keyslots_size);
 1878     if (r < 0)
 1879         goto out;
 1880 
 1881     if (dev_size < (crypt_get_data_offset(cd) * SECTOR_SIZE))
 1882         log_std(cd, _("WARNING: Data offset is outside of currently available data device.\n"));
 1883 
 1884     if (cd->metadata_size && (cd->metadata_size != LUKS2_metadata_size(&cd->u.luks2.hdr)))
 1885         log_std(cd, _("WARNING: LUKS2 metadata size changed to %" PRIu64 " bytes.\n"),
 1886             LUKS2_metadata_size(&cd->u.luks2.hdr));
 1887 
 1888     if (cd->keyslots_size && (cd->keyslots_size != LUKS2_keyslots_size(&cd->u.luks2.hdr)))
 1889         log_std(cd, _("WARNING: LUKS2 keyslots area size changed to %" PRIu64 " bytes.\n"),
 1890             LUKS2_keyslots_size(&cd->u.luks2.hdr));
 1891 
 1892     if (!integrity && sector_size > SECTOR_SIZE) {
 1893         dev_size -= (crypt_get_data_offset(cd) * SECTOR_SIZE);
 1894         if (dev_size % sector_size) {
 1895             log_err(cd, _("Device size is not aligned to requested sector size."));
 1896             r = -EINVAL;
 1897             goto out;
 1898         }
 1899     }
 1900 
 1901     if (params && (params->label || params->subsystem)) {
 1902         r = LUKS2_hdr_labels(cd, &cd->u.luks2.hdr,
 1903                      params->label, params->subsystem, 0);
 1904         if (r < 0)
 1905             goto out;
 1906     }
 1907 
 1908     device_set_block_size(crypt_data_device(cd), sector_size);
 1909 
 1910     r = LUKS2_wipe_header_areas(cd, &cd->u.luks2.hdr, cd->metadata_device != NULL);
 1911     if (r < 0) {
 1912         log_err(cd, _("Cannot wipe header on device %s."),
 1913             mdata_device_path(cd));
 1914         if (dev_size < LUKS2_hdr_and_areas_size(&cd->u.luks2.hdr))
 1915             log_err(cd, _("Device %s is too small."), device_path(crypt_metadata_device(cd)));
 1916         goto out;
 1917     }
 1918 
 1919     /* Wipe integrity superblock and create integrity superblock */
 1920     if (crypt_get_integrity_tag_size(cd)) {
 1921         r = crypt_wipe_device(cd, crypt_data_device(cd), CRYPT_WIPE_ZERO,
 1922                       crypt_get_data_offset(cd) * SECTOR_SIZE,
 1923                       8 * SECTOR_SIZE, 8 * SECTOR_SIZE, NULL, NULL);
 1924         if (r < 0) {
 1925             if (r == -EBUSY)
 1926                 log_err(cd, _("Cannot format device %s in use."),
 1927                     data_device_path(cd));
 1928             else if (r == -EACCES) {
 1929                 log_err(cd, _("Cannot format device %s, permission denied."),
 1930                     data_device_path(cd));
 1931                 r = -EINVAL;
 1932             } else
 1933                 log_err(cd, _("Cannot wipe header on device %s."),
 1934                     data_device_path(cd));
 1935 
 1936             goto out;
 1937         }
 1938 
 1939         r = INTEGRITY_format(cd, params ? params->integrity_params : NULL, NULL, NULL);
 1940         if (r)
 1941             log_err(cd, _("Cannot format integrity for device %s."),
 1942                 data_device_path(cd));
 1943     }
 1944 
 1945     if (r < 0)
 1946         goto out;
 1947 
 1948     /* override sequence id check with format */
 1949     r = LUKS2_hdr_write_force(cd, &cd->u.luks2.hdr);
 1950     if (r < 0) {
 1951         if (r == -EBUSY)
 1952             log_err(cd, _("Cannot format device %s in use."),
 1953                 mdata_device_path(cd));
 1954         else if (r == -EACCES) {
 1955             log_err(cd, _("Cannot format device %s, permission denied."),
 1956                 mdata_device_path(cd));
 1957             r = -EINVAL;
 1958         } else
 1959             log_err(cd, _("Cannot format device %s."),
 1960                 mdata_device_path(cd));
 1961     }
 1962 
 1963 out:
 1964     if (r)
 1965         LUKS2_hdr_free(cd, &cd->u.luks2.hdr);
 1966 
 1967     return r;
 1968 }
 1969 
 1970 static int _crypt_format_loopaes(struct crypt_device *cd,
 1971                  const char *cipher,
 1972                  const char *uuid,
 1973                  size_t volume_key_size,
 1974                  struct crypt_params_loopaes *params)
 1975 {
 1976     if (!crypt_metadata_device(cd)) {
 1977         log_err(cd, _("Can't format LOOPAES without device."));
 1978         return -EINVAL;
 1979     }
 1980 
 1981     if (volume_key_size > 1024) {
 1982         log_err(cd, _("Invalid key size."));
 1983         return -EINVAL;
 1984     }
 1985 
 1986     if (uuid) {
 1987         log_err(cd, _("UUID is not supported for this crypt type."));
 1988         return -EINVAL;
 1989     }
 1990 
 1991     if (cd->metadata_device) {
 1992         log_err(cd, _("Detached metadata device is not supported for this crypt type."));
 1993         return -EINVAL;
 1994     }
 1995 
 1996     if (!(cd->type = strdup(CRYPT_LOOPAES)))
 1997         return -ENOMEM;
 1998 
 1999     cd->u.loopaes.key_size = volume_key_size;
 2000 
 2001     cd->u.loopaes.cipher = strdup(cipher ?: DEFAULT_LOOPAES_CIPHER);
 2002 
 2003     if (params && params->hash)
 2004         cd->u.loopaes.hdr.hash = strdup(params->hash);
 2005 
 2006     cd->u.loopaes.hdr.offset = params ? params->offset : 0;
 2007     cd->u.loopaes.hdr.skip = params ? params->skip : 0;
 2008 
 2009     return 0;
 2010 }
 2011 
 2012 static int _crypt_format_verity(struct crypt_device *cd,
 2013                  const char *uuid,
 2014                  struct crypt_params_verity *params)
 2015 {
 2016     int r = 0, hash_size;
 2017     uint64_t data_device_size, hash_blocks_size;
 2018     struct device *fec_device = NULL;
 2019     char *fec_device_path = NULL, *hash_name = NULL, *root_hash = NULL, *salt = NULL;
 2020 
 2021     if (!crypt_metadata_device(cd)) {
 2022         log_err(cd, _("Can't format VERITY without device."));
 2023         return -EINVAL;
 2024     }
 2025 
 2026     if (!params)
 2027         return -EINVAL;
 2028 
 2029     if (!params->data_device && !cd->metadata_device)
 2030         return -EINVAL;
 2031 
 2032     if (params->hash_type > VERITY_MAX_HASH_TYPE) {
 2033         log_err(cd, _("Unsupported VERITY hash type %d."), params->hash_type);
 2034         return -EINVAL;
 2035     }
 2036 
 2037     if (VERITY_BLOCK_SIZE_OK(params->data_block_size) ||
 2038         VERITY_BLOCK_SIZE_OK(params->hash_block_size)) {
 2039         log_err(cd, _("Unsupported VERITY block size."));
 2040         return -EINVAL;
 2041     }
 2042 
 2043     if (MISALIGNED_512(params->hash_area_offset)) {
 2044         log_err(cd, _("Unsupported VERITY hash offset."));
 2045         return -EINVAL;
 2046     }
 2047 
 2048     if (MISALIGNED_512(params->fec_area_offset)) {
 2049         log_err(cd, _("Unsupported VERITY FEC offset."));
 2050         return -EINVAL;
 2051     }
 2052 
 2053     if (!(cd->type = strdup(CRYPT_VERITY)))
 2054         return -ENOMEM;
 2055 
 2056     if (params->data_device) {
 2057         r = crypt_set_data_device(cd, params->data_device);
 2058         if (r)
 2059             return r;
 2060     }
 2061 
 2062     if (!params->data_size) {
 2063         r = device_size(cd->device, &data_device_size);
 2064         if (r < 0)
 2065             return r;
 2066 
 2067         cd->u.verity.hdr.data_size = data_device_size / params->data_block_size;
 2068     } else
 2069         cd->u.verity.hdr.data_size = params->data_size;
 2070 
 2071     if (device_is_identical(crypt_metadata_device(cd), crypt_data_device(cd)) > 0 &&
 2072        (cd->u.verity.hdr.data_size * params->data_block_size) > params->hash_area_offset) {
 2073         log_err(cd, _("Data area overlaps with hash area."));
 2074         return -EINVAL;
 2075     }
 2076 
 2077     hash_size = crypt_hash_size(params->hash_name);
 2078     if (hash_size <= 0) {
 2079         log_err(cd, _("Hash algorithm %s not supported."),
 2080             params->hash_name);
 2081         return -EINVAL;
 2082     }
 2083     cd->u.verity.root_hash_size = hash_size;
 2084 
 2085     if (params->fec_device) {
 2086         fec_device_path = strdup(params->fec_device);
 2087         if (!fec_device_path)
 2088             return -ENOMEM;
 2089         r = device_alloc(cd, &fec_device, params->fec_device);
 2090         if (r < 0) {
 2091             r = -ENOMEM;
 2092             goto out;
 2093         }
 2094 
 2095         hash_blocks_size = VERITY_hash_blocks(cd, params) * params->hash_block_size;
 2096         if (device_is_identical(crypt_metadata_device(cd), fec_device) > 0 &&
 2097             (params->hash_area_offset + hash_blocks_size) > params->fec_area_offset) {
 2098             log_err(cd, _("Hash area overlaps with FEC area."));
 2099             r = -EINVAL;
 2100             goto out;
 2101         }
 2102 
 2103         if (device_is_identical(crypt_data_device(cd), fec_device) > 0 &&
 2104             (cd->u.verity.hdr.data_size * params->data_block_size) > params->fec_area_offset) {
 2105             log_err(cd, _("Data area overlaps with FEC area."));
 2106             r = -EINVAL;
 2107             goto out;
 2108         }
 2109     }
 2110 
 2111     root_hash = malloc(cd->u.verity.root_hash_size);
 2112     hash_name = strdup(params->hash_name);
 2113     salt = malloc(params->salt_size);
 2114 
 2115     if (!root_hash || !hash_name || !salt) {
 2116         r = -ENOMEM;
 2117         goto out;
 2118     }
 2119 
 2120     cd->u.verity.hdr.flags = params->flags;
 2121     cd->u.verity.root_hash = root_hash;
 2122     cd->u.verity.hdr.hash_name = hash_name;
 2123     cd->u.verity.hdr.data_device = NULL;
 2124     cd->u.verity.fec_device = fec_device;
 2125     cd->u.verity.hdr.fec_device = fec_device_path;
 2126     cd->u.verity.hdr.fec_roots = params->fec_roots;
 2127     cd->u.verity.hdr.data_block_size = params->data_block_size;
 2128     cd->u.verity.hdr.hash_block_size = params->hash_block_size;
 2129     cd->u.verity.hdr.hash_area_offset = params->hash_area_offset;
 2130     cd->u.verity.hdr.fec_area_offset = params->fec_area_offset;
 2131     cd->u.verity.hdr.hash_type = params->hash_type;
 2132     cd->u.verity.hdr.flags = params->flags;
 2133     cd->u.verity.hdr.salt_size = params->salt_size;
 2134     cd->u.verity.hdr.salt = salt;
 2135 
 2136     if (params->salt)
 2137         memcpy(salt, params->salt, params->salt_size);
 2138     else
 2139         r = crypt_random_get(cd, salt, params->salt_size, CRYPT_RND_SALT);
 2140     if (r)
 2141         goto out;
 2142 
 2143     if (params->flags & CRYPT_VERITY_CREATE_HASH) {
 2144         r = VERITY_create(cd, &cd->u.verity.hdr,
 2145                   cd->u.verity.root_hash, cd->u.verity.root_hash_size);
 2146         if (!r && params->fec_device)
 2147             r = VERITY_FEC_process(cd, &cd->u.verity.hdr, cd->u.verity.fec_device, 0, NULL);
 2148         if (r)
 2149             goto out;
 2150     }
 2151 
 2152     if (!(params->flags & CRYPT_VERITY_NO_HEADER)) {
 2153         if (uuid) {
 2154             if (!(cd->u.verity.uuid = strdup(uuid)))
 2155                 r = -ENOMEM;
 2156         } else
 2157             r = VERITY_UUID_generate(cd, &cd->u.verity.uuid);
 2158 
 2159         if (!r)
 2160             r = VERITY_write_sb(cd, cd->u.verity.hdr.hash_area_offset,
 2161                         cd->u.verity.uuid,
 2162                         &cd->u.verity.hdr);
 2163     }
 2164 
 2165 out:
 2166     if (r) {
 2167         device_free(cd, fec_device);
 2168         free(root_hash);
 2169         free(hash_name);
 2170         free(fec_device_path);
 2171         free(salt);
 2172     }
 2173 
 2174     return r;
 2175 }
 2176 
 2177 static int _crypt_format_integrity(struct crypt_device *cd,
 2178                    const char *uuid,
 2179                    struct crypt_params_integrity *params)
 2180 {
 2181     int r;
 2182     uint32_t integrity_tag_size;
 2183     char *integrity = NULL, *journal_integrity = NULL, *journal_crypt = NULL;
 2184     struct volume_key *journal_crypt_key = NULL, *journal_mac_key = NULL;
 2185 
 2186     if (!params)
 2187         return -EINVAL;
 2188 
 2189     if (uuid) {
 2190         log_err(cd, _("UUID is not supported for this crypt type."));
 2191         return -EINVAL;
 2192     }
 2193 
 2194     r = device_check_access(cd, crypt_metadata_device(cd), DEV_EXCL);
 2195     if (r < 0)
 2196         return r;
 2197 
 2198     /* Wipe first 8 sectors - fs magic numbers etc. */
 2199     r = crypt_wipe_device(cd, crypt_metadata_device(cd), CRYPT_WIPE_ZERO, 0,
 2200                   8 * SECTOR_SIZE, 8 * SECTOR_SIZE, NULL, NULL);
 2201     if (r < 0) {
 2202         log_err(cd, _("Cannot wipe header on device %s."),
 2203             mdata_device_path(cd));
 2204         return r;
 2205     }
 2206 
 2207     if (!(cd->type = strdup(CRYPT_INTEGRITY)))
 2208         return -ENOMEM;
 2209 
 2210     if (params->journal_crypt_key) {
 2211         journal_crypt_key = crypt_alloc_volume_key(params->journal_crypt_key_size,
 2212                                params->journal_crypt_key);
 2213         if (!journal_crypt_key)
 2214             return -ENOMEM;
 2215     }
 2216 
 2217     if (params->journal_integrity_key) {
 2218         journal_mac_key = crypt_alloc_volume_key(params->journal_integrity_key_size,
 2219                              params->journal_integrity_key);
 2220         if (!journal_mac_key) {
 2221             r = -ENOMEM;
 2222             goto out;
 2223         }
 2224     }
 2225 
 2226     if (params->integrity && !(integrity = strdup(params->integrity))) {
 2227         r = -ENOMEM;
 2228         goto out;
 2229     }
 2230     if (params->journal_integrity && !(journal_integrity = strdup(params->journal_integrity))) {
 2231         r = -ENOMEM;
 2232         goto out;
 2233     }
 2234     if (params->journal_crypt && !(journal_crypt = strdup(params->journal_crypt))) {
 2235         r = -ENOMEM;
 2236         goto out;
 2237     }
 2238 
 2239     integrity_tag_size = INTEGRITY_hash_tag_size(integrity);
 2240     if (integrity_tag_size > 0 && params->tag_size && integrity_tag_size != params->tag_size)
 2241         log_std(cd, _("WARNING: Requested tag size %d bytes differs from %s size output (%d bytes).\n"),
 2242             params->tag_size, integrity, integrity_tag_size);
 2243 
 2244     if (params->tag_size)
 2245         integrity_tag_size = params->tag_size;
 2246 
 2247     cd->u.integrity.journal_crypt_key = journal_crypt_key;
 2248     cd->u.integrity.journal_mac_key = journal_mac_key;
 2249     cd->u.integrity.params.journal_size = params->journal_size;
 2250     cd->u.integrity.params.journal_watermark = params->journal_watermark;
 2251     cd->u.integrity.params.journal_commit_time = params->journal_commit_time;
 2252     cd->u.integrity.params.interleave_sectors = params->interleave_sectors;
 2253     cd->u.integrity.params.buffer_sectors = params->buffer_sectors;
 2254     cd->u.integrity.params.sector_size = params->sector_size;
 2255     cd->u.integrity.params.tag_size = integrity_tag_size;
 2256     cd->u.integrity.params.integrity = integrity;
 2257     cd->u.integrity.params.journal_integrity = journal_integrity;
 2258     cd->u.integrity.params.journal_crypt = journal_crypt;
 2259 
 2260     r = INTEGRITY_format(cd, params, cd->u.integrity.journal_crypt_key, cd->u.integrity.journal_mac_key);
 2261     if (r)
 2262         log_err(cd, _("Cannot format integrity for device %s."),
 2263             mdata_device_path(cd));
 2264 out:
 2265     if (r) {
 2266         crypt_free_volume_key(journal_crypt_key);
 2267         crypt_free_volume_key(journal_mac_key);
 2268         free(integrity);
 2269         free(journal_integrity);
 2270         free(journal_crypt);
 2271     }
 2272 
 2273     return r;
 2274 }
 2275 
 2276 static int _crypt_format(struct crypt_device *cd,
 2277     const char *type,
 2278     const char *cipher,
 2279     const char *cipher_mode,
 2280     const char *uuid,
 2281     const char *volume_key,
 2282     size_t volume_key_size,
 2283     void *params,
 2284     bool sector_size_autodetect)
 2285 {
 2286     int r;
 2287 
 2288     if (!cd || !type)
 2289         return -EINVAL;
 2290 
 2291     if (cd->type) {
 2292         log_dbg(cd, "Context already formatted as %s.", cd->type);
 2293         return -EINVAL;
 2294     }
 2295 
 2296     log_dbg(cd, "Formatting device %s as type %s.", mdata_device_path(cd) ?: "(none)", type);
 2297 
 2298     crypt_reset_null_type(cd);
 2299 
 2300     r = init_crypto(cd);
 2301     if (r < 0)
 2302         return r;
 2303 
 2304     if (isPLAIN(type))
 2305         r = _crypt_format_plain(cd, cipher, cipher_mode,
 2306                     uuid, volume_key_size, params);
 2307     else if (isLUKS1(type))
 2308         r = _crypt_format_luks1(cd, cipher, cipher_mode,
 2309                     uuid, volume_key, volume_key_size, params);
 2310     else if (isLUKS2(type))
 2311         r = _crypt_format_luks2(cd, cipher, cipher_mode,
 2312                     uuid, volume_key, volume_key_size, params, sector_size_autodetect);
 2313     else if (isLOOPAES(type))
 2314         r = _crypt_format_loopaes(cd, cipher, uuid, volume_key_size, params);
 2315     else if (isVERITY(type))
 2316         r = _crypt_format_verity(cd, uuid, params);
 2317     else if (isINTEGRITY(type))
 2318         r = _crypt_format_integrity(cd, uuid, params);
 2319     else {
 2320         log_err(cd, _("Unknown crypt device type %s requested."), type);
 2321         r = -EINVAL;
 2322     }
 2323 
 2324     if (r < 0) {
 2325         crypt_set_null_type(cd);
 2326         crypt_free_volume_key(cd->volume_key);
 2327         cd->volume_key = NULL;
 2328     }
 2329 
 2330     return r;
 2331 }
 2332 
 2333 CRYPT_SYMBOL_EXPORT_NEW(int, crypt_format, 2, 4,
 2334     /* crypt_format parameters follows */
 2335     struct crypt_device *cd,
 2336     const char *type,
 2337     const char *cipher,
 2338     const char *cipher_mode,
 2339     const char *uuid,
 2340     const char *volume_key,
 2341     size_t volume_key_size,
 2342     void *params)
 2343 {
 2344     return _crypt_format(cd, type, cipher, cipher_mode, uuid, volume_key, volume_key_size, params, true);
 2345 }
 2346 
 2347 
 2348 CRYPT_SYMBOL_EXPORT_OLD(int, crypt_format, 2, 0,
 2349     /* crypt_format parameters follows */
 2350     struct crypt_device *cd,
 2351     const char *type,
 2352     const char *cipher,
 2353     const char *cipher_mode,
 2354     const char *uuid,
 2355     const char *volume_key,
 2356     size_t volume_key_size,
 2357     void *params)
 2358 {
 2359     return _crypt_format(cd, type, cipher, cipher_mode, uuid, volume_key, volume_key_size, params, false);
 2360 }
 2361 
 2362 int crypt_repair(struct crypt_device *cd,
 2363          const char *requested_type,
 2364          void *params __attribute__((unused)))
 2365 {
 2366     int r;
 2367 
 2368     if (!cd)
 2369         return -EINVAL;
 2370 
 2371     log_dbg(cd, "Trying to repair %s crypt type from device %s.",
 2372         requested_type ?: "any", mdata_device_path(cd) ?: "(none)");
 2373 
 2374     if (!crypt_metadata_device(cd))
 2375         return -EINVAL;
 2376 
 2377     if (requested_type && !isLUKS(requested_type))
 2378         return -EINVAL;
 2379 
 2380     /* Load with repair */
 2381     r = _crypt_load_luks(cd, requested_type, 1, 1);
 2382     if (r < 0)
 2383         return r;
 2384 
 2385     /* cd->type and header must be set in context */
 2386     r = crypt_check_data_device_size(cd);
 2387     if (r < 0)
 2388         crypt_set_null_type(cd);
 2389 
 2390     return r;
 2391 }
 2392 
 2393 /* compare volume keys */
 2394 static int _compare_volume_keys(struct volume_key *svk, unsigned skeyring_only, struct volume_key *tvk, unsigned tkeyring_only)
 2395 {
 2396     if (!svk && !tvk)
 2397         return 0;
 2398     else if (!svk || !tvk)
 2399         return 1;
 2400 
 2401     if (svk->keylength != tvk->keylength)
 2402         return 1;
 2403 
 2404     if (!skeyring_only && !tkeyring_only)
 2405         return memcmp(svk->key, tvk->key, svk->keylength);
 2406 
 2407     if (svk->key_description && tvk->key_description)
 2408         return strcmp(svk->key_description, tvk->key_description);
 2409 
 2410     return 0;
 2411 }
 2412 
 2413 static int _compare_device_types(struct crypt_device *cd,
 2414                    const struct crypt_dm_active_device *src,
 2415                    const struct crypt_dm_active_device *tgt)
 2416 {
 2417     if (!tgt->uuid) {
 2418         log_dbg(cd, "Missing device uuid in target device.");
 2419         return -EINVAL;
 2420     }
 2421 
 2422     if (isLUKS2(cd->type) && !strncmp("INTEGRITY-", tgt->uuid, strlen("INTEGRITY-"))) {
 2423         if (crypt_uuid_cmp(tgt->uuid, src->uuid)) {
 2424             log_dbg(cd, "LUKS UUID mismatch.");
 2425             return -EINVAL;
 2426         }
 2427     } else if (isLUKS(cd->type)) {
 2428         if (!src->uuid || strncmp(cd->type, tgt->uuid, strlen(cd->type)) ||
 2429             crypt_uuid_cmp(tgt->uuid, src->uuid)) {
 2430             log_dbg(cd, "LUKS UUID mismatch.");
 2431             return -EINVAL;
 2432         }
 2433     } else if (isPLAIN(cd->type) || isLOOPAES(cd->type)) {
 2434         if (strncmp(cd->type, tgt->uuid, strlen(cd->type))) {
 2435             log_dbg(cd, "Unexpected uuid prefix %s in target device.", tgt->uuid);
 2436             return -EINVAL;
 2437         }
 2438     } else {
 2439         log_dbg(cd, "Unsupported device type %s for reload.", cd->type ?: "<empty>");
 2440         return -ENOTSUP;
 2441     }
 2442 
 2443     return 0;
 2444 }
 2445 
 2446 static int _compare_crypt_devices(struct crypt_device *cd,
 2447                    const struct dm_target *src,
 2448                    const struct dm_target *tgt)
 2449 {
 2450     /* for crypt devices keys are mandatory */
 2451     if (!src->u.crypt.vk || !tgt->u.crypt.vk)
 2452         return -EINVAL;
 2453 
 2454     /* CIPHER checks */
 2455     if (!src->u.crypt.cipher || !tgt->u.crypt.cipher)
 2456         return -EINVAL;
 2457     if (strcmp(src->u.crypt.cipher, tgt->u.crypt.cipher)) {
 2458         log_dbg(cd, "Cipher specs do not match.");
 2459         return -EINVAL;
 2460     }
 2461 
 2462     if (tgt->u.crypt.vk->keylength == 0 && crypt_is_cipher_null(tgt->u.crypt.cipher))
 2463         log_dbg(cd, "Existing device uses cipher null. Skipping key comparison.");
 2464     else if (_compare_volume_keys(src->u.crypt.vk, 0, tgt->u.crypt.vk, tgt->u.crypt.vk->key_description != NULL)) {
 2465         log_dbg(cd, "Keys in context and target device do not match.");
 2466         return -EINVAL;
 2467     }
 2468 
 2469     if (crypt_strcmp(src->u.crypt.integrity, tgt->u.crypt.integrity)) {
 2470         log_dbg(cd, "Integrity parameters do not match.");
 2471         return -EINVAL;
 2472     }
 2473 
 2474     if (src->u.crypt.offset      != tgt->u.crypt.offset ||
 2475         src->u.crypt.sector_size != tgt->u.crypt.sector_size ||
 2476         src->u.crypt.iv_offset   != tgt->u.crypt.iv_offset ||
 2477         src->u.crypt.tag_size    != tgt->u.crypt.tag_size) {
 2478         log_dbg(cd, "Integer parameters do not match.");
 2479         return -EINVAL;
 2480     }
 2481 
 2482     if (device_is_identical(src->data_device, tgt->data_device) <= 0) {
 2483         log_dbg(cd, "Data devices do not match.");
 2484         return -EINVAL;
 2485     }
 2486 
 2487     return 0;
 2488 }
 2489 
 2490 static int _compare_integrity_devices(struct crypt_device *cd,
 2491                    const struct dm_target *src,
 2492                    const struct dm_target *tgt)
 2493 {
 2494     /*
 2495      * some parameters may be implicit (and set in dm-integrity ctor)
 2496      *
 2497      *  journal_size
 2498      *  journal_watermark
 2499      *  journal_commit_time
 2500      *  buffer_sectors
 2501      *  interleave_sectors
 2502      */
 2503 
 2504     /* check remaining integer values that makes sense */
 2505     if (src->u.integrity.tag_size     != tgt->u.integrity.tag_size ||
 2506         src->u.integrity.offset   != tgt->u.integrity.offset   ||
 2507         src->u.integrity.sector_size  != tgt->u.integrity.sector_size) {
 2508         log_dbg(cd, "Integer parameters do not match.");
 2509         return -EINVAL;
 2510     }
 2511 
 2512     if (crypt_strcmp(src->u.integrity.integrity,         tgt->u.integrity.integrity) ||
 2513         crypt_strcmp(src->u.integrity.journal_integrity, tgt->u.integrity.journal_integrity) ||
 2514         crypt_strcmp(src->u.integrity.journal_crypt,     tgt->u.integrity.journal_crypt)) {
 2515         log_dbg(cd, "Journal parameters do not match.");
 2516         return -EINVAL;
 2517     }
 2518 
 2519     /* unfortunately dm-integrity doesn't support keyring */
 2520     if (_compare_volume_keys(src->u.integrity.vk, 0, tgt->u.integrity.vk, 0) ||
 2521         _compare_volume_keys(src->u.integrity.journal_integrity_key, 0, tgt->u.integrity.journal_integrity_key, 0) ||
 2522         _compare_volume_keys(src->u.integrity.journal_crypt_key, 0, tgt->u.integrity.journal_crypt_key, 0)) {
 2523         log_dbg(cd, "Journal keys do not match.");
 2524         return -EINVAL;
 2525     }
 2526 
 2527     /* unsupported underneath dm-crypt with auth. encryption */
 2528     if (src->u.integrity.meta_device || tgt->u.integrity.meta_device)
 2529         return -ENOTSUP;
 2530 
 2531     if (src->size != tgt->size) {
 2532         log_dbg(cd, "Device size parameters do not match.");
 2533         return -EINVAL;
 2534     }
 2535 
 2536     if (device_is_identical(src->data_device, tgt->data_device) <= 0) {
 2537         log_dbg(cd, "Data devices do not match.");
 2538         return -EINVAL;
 2539     }
 2540 
 2541     return 0;
 2542 }
 2543 
 2544 int crypt_compare_dm_devices(struct crypt_device *cd,
 2545                    const struct crypt_dm_active_device *src,
 2546                    const struct crypt_dm_active_device *tgt)
 2547 {
 2548     int r;
 2549     const struct dm_target *s, *t;
 2550 
 2551     if (!src || !tgt)
 2552         return -EINVAL;
 2553 
 2554     r = _compare_device_types(cd, src, tgt);
 2555     if (r)
 2556         return r;
 2557 
 2558     s = &src->segment;
 2559     t = &tgt->segment;
 2560 
 2561     while (s || t) {
 2562         if (!s || !t) {
 2563             log_dbg(cd, "segments count mismatch.");
 2564             return -EINVAL;
 2565         }
 2566         if (s->type != t->type) {
 2567             log_dbg(cd, "segment type mismatch.");
 2568             r = -EINVAL;
 2569             break;
 2570         }
 2571 
 2572         switch (s->type) {
 2573         case DM_CRYPT:
 2574             r = _compare_crypt_devices(cd, s, t);
 2575             break;
 2576         case DM_INTEGRITY:
 2577             r = _compare_integrity_devices(cd, s, t);
 2578             break;
 2579         case DM_LINEAR:
 2580             r = (s->u.linear.offset == t->u.linear.offset) ? 0 : -EINVAL;
 2581             break;
 2582         default:
 2583             r = -ENOTSUP;
 2584         }
 2585 
 2586         if (r)
 2587             break;
 2588 
 2589         s = s->next;
 2590         t = t->next;
 2591     }
 2592 
 2593     return r;
 2594 }
 2595 
 2596 static int _reload_device(struct crypt_device *cd, const char *name,
 2597               struct crypt_dm_active_device *sdmd)
 2598 {
 2599     int r;
 2600     struct crypt_dm_active_device tdmd;
 2601     struct dm_target *src, *tgt = &tdmd.segment;
 2602 
 2603     if (!cd || !cd->type || !name || !(sdmd->flags & CRYPT_ACTIVATE_REFRESH))
 2604         return -EINVAL;
 2605 
 2606     r = dm_query_device(cd, name, DM_ACTIVE_DEVICE | DM_ACTIVE_CRYPT_CIPHER |
 2607                   DM_ACTIVE_UUID | DM_ACTIVE_CRYPT_KEYSIZE |
 2608                   DM_ACTIVE_CRYPT_KEY, &tdmd);
 2609     if (r < 0) {
 2610         log_err(cd, _("Device %s is not active."), name);
 2611         return -EINVAL;
 2612     }
 2613 
 2614     if (!single_segment(&tdmd) || tgt->type != DM_CRYPT || tgt->u.crypt.tag_size) {
 2615         r = -ENOTSUP;
 2616         log_err(cd, _("Unsupported parameters on device %s."), name);
 2617         goto out;
 2618     }
 2619 
 2620     r = crypt_compare_dm_devices(cd, sdmd, &tdmd);
 2621     if (r) {
 2622         log_err(cd, _("Mismatching parameters on device %s."), name);
 2623         goto out;
 2624     }
 2625 
 2626     src = &sdmd->segment;
 2627 
 2628     /* Changing read only flag for active device makes no sense */
 2629     if (tdmd.flags & CRYPT_ACTIVATE_READONLY)
 2630         sdmd->flags |= CRYPT_ACTIVATE_READONLY;
 2631     else
 2632         sdmd->flags &= ~CRYPT_ACTIVATE_READONLY;
 2633 
 2634     if (sdmd->flags & CRYPT_ACTIVATE_KEYRING_KEY) {
 2635         r = crypt_volume_key_set_description(tgt->u.crypt.vk, src->u.crypt.vk->key_description);
 2636         if (r)
 2637             goto out;
 2638     } else {
 2639         crypt_free_volume_key(tgt->u.crypt.vk);
 2640         tgt->u.crypt.vk = crypt_alloc_volume_key(src->u.crypt.vk->keylength, src->u.crypt.vk->key);
 2641         if (!tgt->u.crypt.vk) {
 2642             r = -ENOMEM;
 2643             goto out;
 2644         }
 2645     }
 2646 
 2647     r = device_block_adjust(cd, src->data_device, DEV_OK,
 2648                 src->u.crypt.offset, &sdmd->size, NULL);
 2649     if (r)
 2650         goto out;
 2651 
 2652     tdmd.flags = sdmd->flags;
 2653     tgt->size = tdmd.size = sdmd->size;
 2654 
 2655     r = dm_reload_device(cd, name, &tdmd, 0, 1);
 2656 out:
 2657     dm_targets_free(cd, &tdmd);
 2658     free(CONST_CAST(void*)tdmd.uuid);
 2659 
 2660     return r;
 2661 }
 2662 
 2663 static int _reload_device_with_integrity(struct crypt_device *cd,
 2664     const char *name,
 2665     const char *iname,
 2666     const char *ipath,
 2667     struct crypt_dm_active_device *sdmd,
 2668     struct crypt_dm_active_device *sdmdi)
 2669 {
 2670     int r;
 2671     struct crypt_dm_active_device tdmd, tdmdi = {};
 2672     struct dm_target *src, *srci, *tgt = &tdmd.segment, *tgti = &tdmdi.segment;
 2673     struct device *data_device = NULL;
 2674     bool clear = false;
 2675 
 2676     if (!cd || !cd->type || !name || !iname || !(sdmd->flags & CRYPT_ACTIVATE_REFRESH))
 2677         return -EINVAL;
 2678 
 2679     r = dm_query_device(cd, name, DM_ACTIVE_DEVICE | DM_ACTIVE_CRYPT_CIPHER |
 2680                   DM_ACTIVE_UUID | DM_ACTIVE_CRYPT_KEYSIZE |
 2681                   DM_ACTIVE_CRYPT_KEY, &tdmd);
 2682     if (r < 0) {
 2683         log_err(cd, _("Device %s is not active."), name);
 2684         return -EINVAL;
 2685     }
 2686 
 2687     if (!single_segment(&tdmd) || tgt->type != DM_CRYPT || !tgt->u.crypt.tag_size) {
 2688         log_err(cd, _("Unsupported parameters on device %s."), name);
 2689         r = -ENOTSUP;
 2690         goto out;
 2691     }
 2692 
 2693     r = dm_query_device(cd, iname, DM_ACTIVE_DEVICE | DM_ACTIVE_UUID, &tdmdi);
 2694     if (r < 0) {
 2695         log_err(cd, _("Device %s is not active."), iname);
 2696         r = -EINVAL;
 2697         goto out;
 2698     }
 2699 
 2700     if (!single_segment(&tdmdi) || tgti->type != DM_INTEGRITY) {
 2701         log_err(cd, _("Unsupported parameters on device %s."), iname);
 2702         r = -ENOTSUP;
 2703         goto out;
 2704     }
 2705 
 2706     r = crypt_compare_dm_devices(cd, sdmdi, &tdmdi);
 2707     if (r) {
 2708         log_err(cd, _("Mismatching parameters on device %s."), iname);
 2709         goto out;
 2710     }
 2711 
 2712     src = &sdmd->segment;
 2713     srci = &sdmdi->segment;
 2714 
 2715     r = device_alloc(cd, &data_device, ipath);
 2716     if (r < 0)
 2717         goto out;
 2718 
 2719     r = device_block_adjust(cd, srci->data_device, DEV_OK,
 2720                 srci->u.integrity.offset, &sdmdi->size, NULL);
 2721     if (r)
 2722         goto out;
 2723 
 2724     src->data_device = data_device;
 2725 
 2726     r = crypt_compare_dm_devices(cd, sdmd, &tdmd);
 2727     if (r) {
 2728         log_err(cd, _("Crypt devices mismatch."));
 2729         goto out;
 2730     }
 2731 
 2732     /* Changing read only flag for active device makes no sense */
 2733     if (tdmd.flags & CRYPT_ACTIVATE_READONLY)
 2734         sdmd->flags |= CRYPT_ACTIVATE_READONLY;
 2735     else
 2736         sdmd->flags &= ~CRYPT_ACTIVATE_READONLY;
 2737 
 2738     if (tdmdi.flags & CRYPT_ACTIVATE_READONLY)
 2739         sdmdi->flags |= CRYPT_ACTIVATE_READONLY;
 2740     else
 2741         sdmdi->flags &= ~CRYPT_ACTIVATE_READONLY;
 2742 
 2743     if (sdmd->flags & CRYPT_ACTIVATE_KEYRING_KEY) {
 2744         r = crypt_volume_key_set_description(tgt->u.crypt.vk, src->u.crypt.vk->key_description);
 2745         if (r)
 2746             goto out;
 2747     } else {
 2748         crypt_free_volume_key(tgt->u.crypt.vk);
 2749         tgt->u.crypt.vk = crypt_alloc_volume_key(src->u.crypt.vk->keylength, src->u.crypt.vk->key);
 2750         if (!tgt->u.crypt.vk) {
 2751             r = -ENOMEM;
 2752             goto out;
 2753         }
 2754     }
 2755 
 2756     r = device_block_adjust(cd, src->data_device, DEV_OK,
 2757                 src->u.crypt.offset, &sdmd->size, NULL);
 2758     if (r)
 2759         goto out;
 2760 
 2761     tdmd.flags = sdmd->flags;
 2762     tdmd.size = sdmd->size;
 2763 
 2764     if ((r = dm_reload_device(cd, iname, sdmdi, 0, 0))) {
 2765         log_err(cd, _("Failed to reload device %s."), iname);
 2766         goto out;
 2767     }
 2768 
 2769     if ((r = dm_reload_device(cd, name, &tdmd, 0, 0))) {
 2770         log_err(cd, _("Failed to reload device %s."), name);
 2771         clear = true;
 2772         goto out;
 2773     }
 2774 
 2775     if ((r = dm_suspend_device(cd, name, 0))) {
 2776         log_err(cd, _("Failed to suspend device %s."), name);
 2777         clear = true;
 2778         goto out;
 2779     }
 2780 
 2781     if ((r = dm_suspend_device(cd, iname, 0))) {
 2782         log_err(cd, _("Failed to suspend device %s."), iname);
 2783         clear = true;
 2784         goto out;
 2785     }
 2786 
 2787     if ((r = dm_resume_device(cd, iname, act2dmflags(sdmdi->flags)))) {
 2788         log_err(cd, _("Failed to resume device %s."), iname);
 2789         clear = true;
 2790         goto out;
 2791     }
 2792 
 2793     r = dm_resume_device(cd, name, act2dmflags(tdmd.flags));
 2794     if (!r)
 2795         goto out;
 2796 
 2797     /*
 2798      * This is worst case scenario. We have active underlying dm-integrity device with
 2799      * new table but dm-crypt resume failed for some reason. Tear everything down and
 2800      * burn it for good.
 2801      */
 2802 
 2803     log_err(cd, _("Fatal error while reloading device %s (on top of device %s)."), name, iname);
 2804 
 2805     if (dm_error_device(cd, name))
 2806         log_err(cd, _("Failed to switch device %s to dm-error."), name);
 2807     if (dm_error_device(cd, iname))
 2808         log_err(cd, _("Failed to switch device %s to dm-error."), iname);
 2809 out:
 2810     if (clear) {
 2811         dm_clear_device(cd, name);
 2812         dm_clear_device(cd, iname);
 2813 
 2814         if (dm_status_suspended(cd, name) > 0)
 2815             dm_resume_device(cd, name, 0);
 2816         if (dm_status_suspended(cd, iname) > 0)
 2817             dm_resume_device(cd, iname, 0);
 2818     }
 2819 
 2820     dm_targets_free(cd, &tdmd);
 2821     dm_targets_free(cd, &tdmdi);
 2822     free(CONST_CAST(void*)tdmdi.uuid);
 2823     free(CONST_CAST(void*)tdmd.uuid);
 2824     device_free(cd, data_device);
 2825 
 2826     return r;
 2827 }
 2828 
 2829 int crypt_resize(struct crypt_device *cd, const char *name, uint64_t new_size)
 2830 {
 2831     struct crypt_dm_active_device dmdq, dmd = {};
 2832     struct dm_target *tgt = &dmdq.segment;
 2833     int r;
 2834 
 2835     /*
 2836      * FIXME: Also with LUKS2 we must not allow resize when there's
 2837      *    explicit size stored in metadata (length != "dynamic")
 2838      */
 2839 
 2840     /* Device context type must be initialized */
 2841     if (!cd || !cd->type || !name)
 2842         return -EINVAL;
 2843 
 2844     if (isTCRYPT(cd->type) || isBITLK(cd->type)) {
 2845         log_err(cd, _("This operation is not supported for this device type."));
 2846         return -ENOTSUP;
 2847     }
 2848 
 2849     log_dbg(cd, "Resizing device %s to %" PRIu64 " sectors.", name, new_size);
 2850 
 2851     r = dm_query_device(cd, name, DM_ACTIVE_CRYPT_KEYSIZE | DM_ACTIVE_CRYPT_KEY, &dmdq);
 2852     if (r < 0) {
 2853         log_err(cd, _("Device %s is not active."), name);
 2854         return -EINVAL;
 2855     }
 2856     if (!single_segment(&dmdq) || tgt->type != DM_CRYPT) {
 2857         log_dbg(cd, "Unsupported device table detected in %s.", name);
 2858         r = -EINVAL;
 2859         goto out;
 2860     }
 2861 
 2862     if ((dmdq.flags & CRYPT_ACTIVATE_KEYRING_KEY) && !crypt_key_in_keyring(cd)) {
 2863         r = -EPERM;
 2864         goto out;
 2865     }
 2866 
 2867     if (crypt_key_in_keyring(cd)) {
 2868         if (!isLUKS2(cd->type)) {
 2869             r = -EINVAL;
 2870             goto out;
 2871         }
 2872         r = LUKS2_key_description_by_segment(cd, &cd->u.luks2.hdr,
 2873                     tgt->u.crypt.vk, CRYPT_DEFAULT_SEGMENT);
 2874         if (r)
 2875             goto out;
 2876 
 2877         dmdq.flags |= CRYPT_ACTIVATE_KEYRING_KEY;
 2878     }
 2879 
 2880     if (crypt_loop_device(crypt_get_device_name(cd))) {
 2881         log_dbg(cd, "Trying to resize underlying loop device %s.",
 2882             crypt_get_device_name(cd));
 2883         /* Here we always use default size not new_size */
 2884         if (crypt_loop_resize(crypt_get_device_name(cd)))
 2885             log_err(cd, _("Cannot resize loop device."));
 2886     }
 2887 
 2888     r = device_block_adjust(cd, crypt_data_device(cd), DEV_OK,
 2889                 crypt_get_data_offset(cd), &new_size, &dmdq.flags);
 2890     if (r)
 2891         goto out;
 2892 
 2893     if (MISALIGNED(new_size, tgt->u.crypt.sector_size >> SECTOR_SHIFT)) {
 2894         log_err(cd, _("Device size is not aligned to requested sector size."));
 2895         r = -EINVAL;
 2896         goto out;
 2897     }
 2898 
 2899     if (MISALIGNED(new_size, device_block_size(cd, crypt_data_device(cd)) >> SECTOR_SHIFT)) {
 2900         log_err(cd, _("Device size is not aligned to device logical block size."));
 2901         r = -EINVAL;
 2902         goto out;
 2903     }
 2904 
 2905     dmd.uuid = crypt_get_uuid(cd);
 2906     dmd.size = new_size;
 2907     dmd.flags = dmdq.flags | CRYPT_ACTIVATE_REFRESH;
 2908     r = dm_crypt_target_set(&dmd.segment, 0, new_size, crypt_data_device(cd),
 2909             tgt->u.crypt.vk, crypt_get_cipher_spec(cd),
 2910             crypt_get_iv_offset(cd), crypt_get_data_offset(cd),
 2911             crypt_get_integrity(cd), crypt_get_integrity_tag_size(cd),
 2912             crypt_get_sector_size(cd));
 2913     if (r < 0)
 2914         goto out;
 2915 
 2916     if (new_size == dmdq.size) {
 2917         log_dbg(cd, "Device has already requested size %" PRIu64
 2918             " sectors.", dmdq.size);
 2919         r = 0;
 2920     } else {
 2921         if (isTCRYPT(cd->type))
 2922             r = -ENOTSUP;
 2923         else if (isLUKS2(cd->type))
 2924             r = LUKS2_unmet_requirements(cd, &cd->u.luks2.hdr, 0, 0);
 2925         if (!r)
 2926             r = _reload_device(cd, name, &dmd);
 2927     }
 2928 out:
 2929     dm_targets_free(cd, &dmd);
 2930     dm_targets_free(cd, &dmdq);
 2931 
 2932     return r;
 2933 }
 2934 
 2935 int crypt_set_uuid(struct crypt_device *cd, const char *uuid)
 2936 {
 2937     const char *active_uuid;
 2938     int r;
 2939 
 2940     log_dbg(cd, "%s device uuid.", uuid ? "Setting new" : "Refreshing");
 2941 
 2942     if ((r = onlyLUKS(cd)))
 2943         return r;
 2944 
 2945     active_uuid = crypt_get_uuid(cd);
 2946 
 2947     if (uuid && active_uuid && !strncmp(uuid, active_uuid, UUID_STRING_L)) {
 2948         log_dbg(cd, "UUID is the same as requested (%s) for device %s.",
 2949             uuid, mdata_device_path(cd));
 2950         return 0;
 2951     }
 2952 
 2953     if (uuid)
 2954         log_dbg(cd, "Requested new UUID change to %s for %s.", uuid, mdata_device_path(cd));
 2955     else
 2956         log_dbg(cd, "Requested new UUID refresh for %s.", mdata_device_path(cd));
 2957 
 2958     if (!crypt_confirm(cd, _("Do you really want to change UUID of device?")))
 2959         return -EPERM;
 2960 
 2961     if (isLUKS1(cd->type))
 2962         return LUKS_hdr_uuid_set(&cd->u.luks1.hdr, uuid, cd);
 2963     else
 2964         return LUKS2_hdr_uuid(cd, &cd->u.luks2.hdr, uuid);
 2965 }
 2966 
 2967 int crypt_set_label(struct crypt_device *cd, const char *label, const char *subsystem)
 2968 {
 2969     int r;
 2970 
 2971     log_dbg(cd, "Setting new labels.");
 2972 
 2973     if ((r = onlyLUKS2(cd)))
 2974         return r;
 2975 
 2976     return LUKS2_hdr_labels(cd, &cd->u.luks2.hdr, label, subsystem, 1);
 2977 }
 2978 
 2979 int crypt_header_backup(struct crypt_device *cd,
 2980             const char *requested_type,
 2981             const char *backup_file)
 2982 {
 2983     int r;
 2984 
 2985     if (requested_type && !isLUKS(requested_type))
 2986         return -EINVAL;
 2987 
 2988     if (!backup_file)
 2989         return -EINVAL;
 2990 
 2991     /* Load with repair */
 2992     r = _crypt_load_luks(cd, requested_type, 1, 0);
 2993     if (r < 0)
 2994         return r;
 2995 
 2996     log_dbg(cd, "Requested header backup of device %s (%s) to "
 2997         "file %s.", mdata_device_path(cd), requested_type ?: "any type", backup_file);
 2998 
 2999     if (isLUKS1(cd->type) && (!requested_type || isLUKS1(requested_type)))
 3000         r = LUKS_hdr_backup(backup_file, cd);
 3001     else if (isLUKS2(cd->type) && (!requested_type || isLUKS2(requested_type)))
 3002         r = LUKS2_hdr_backup(cd, &cd->u.luks2.hdr, backup_file);
 3003     else
 3004         r = -EINVAL;
 3005 
 3006     return r;
 3007 }
 3008 
 3009 int crypt_header_restore(struct crypt_device *cd,
 3010              const char *requested_type,
 3011              const char *backup_file)
 3012 {
 3013     struct luks_phdr hdr1;
 3014     struct luks2_hdr hdr2;
 3015     int r, version;
 3016 
 3017     if (requested_type && !isLUKS(requested_type))
 3018         return -EINVAL;
 3019 
 3020     if (!cd || (cd->type && !isLUKS(cd->type)) || !backup_file)
 3021         return -EINVAL;
 3022 
 3023     r = init_crypto(cd);
 3024     if (r < 0)
 3025         return r;
 3026 
 3027     log_dbg(cd, "Requested header restore to device %s (%s) from "
 3028         "file %s.", mdata_device_path(cd), requested_type ?: "any type", backup_file);
 3029 
 3030     version = LUKS2_hdr_version_unlocked(cd, backup_file);
 3031     if (!version ||
 3032        (requested_type && version == 1 && !isLUKS1(requested_type)) ||
 3033        (requested_type && version == 2 && !isLUKS2(requested_type))) {
 3034         log_err(cd, _("Header backup file does not contain compatible LUKS header."));
 3035         return -EINVAL;
 3036     }
 3037 
 3038     memset(&hdr2, 0, sizeof(hdr2));
 3039 
 3040     if (!cd->type) {
 3041         if (version == 1)
 3042             r = LUKS_hdr_restore(backup_file, &hdr1, cd);
 3043         else
 3044             r = LUKS2_hdr_restore(cd, &hdr2, backup_file);
 3045 
 3046         crypt_safe_memzero(&hdr1, sizeof(hdr1));
 3047         crypt_safe_memzero(&hdr2, sizeof(hdr2));
 3048     } else if (isLUKS2(cd->type) && (!requested_type || isLUKS2(requested_type))) {
 3049         r = LUKS2_hdr_restore(cd, &cd->u.luks2.hdr, backup_file);
 3050         if (r)
 3051             _luks2_reload(cd);
 3052     } else if (isLUKS1(cd->type) && (!requested_type || isLUKS1(requested_type)))
 3053         r = LUKS_hdr_restore(backup_file, &cd->u.luks1.hdr, cd);
 3054     else
 3055         r = -EINVAL;
 3056 
 3057     if (!r)
 3058         r = _crypt_load_luks(cd, version == 1 ? CRYPT_LUKS1 : CRYPT_LUKS2, 1, 1);
 3059 
 3060     return r;
 3061 }
 3062 
 3063 int crypt_header_is_detached(struct crypt_device *cd)
 3064 {
 3065     int r;
 3066 
 3067     if (!cd || !isLUKS(cd->type))
 3068         return -EINVAL;
 3069 
 3070     r = device_is_identical(crypt_data_device(cd), crypt_metadata_device(cd));
 3071     if (r < 0) {
 3072         log_dbg(cd, "Failed to compare data and metadata devices path.");
 3073         return r;
 3074     }
 3075 
 3076     return r ? 0 : 1;
 3077 }
 3078 
 3079 void crypt_free(struct crypt_device *cd)
 3080 {
 3081     if (!cd)
 3082         return;
 3083 
 3084     log_dbg(cd, "Releasing crypt device %s context.", mdata_device_path(cd));
 3085 
 3086     dm_backend_exit(cd);
 3087     crypt_free_volume_key(cd->volume_key);
 3088 
 3089     crypt_free_type(cd);
 3090 
 3091     device_free(cd, cd->device);
 3092     device_free(cd, cd->metadata_device);
 3093 
 3094     free(CONST_CAST(void*)cd->pbkdf.type);
 3095     free(CONST_CAST(void*)cd->pbkdf.hash);
 3096 
 3097     /* Some structures can contain keys (TCRYPT), wipe it */
 3098     crypt_safe_memzero(cd, sizeof(*cd));
 3099     free(cd);
 3100 }
 3101 
 3102 static char *crypt_get_device_key_description(struct crypt_device *cd, const char *name)
 3103 {
 3104     char *desc = NULL;
 3105     struct crypt_dm_active_device dmd;
 3106     struct dm_target *tgt = &dmd.segment;
 3107 
 3108     if (dm_query_device(cd, name, DM_ACTIVE_CRYPT_KEY | DM_ACTIVE_CRYPT_KEYSIZE, &dmd) < 0)
 3109         return NULL;
 3110 
 3111     if (single_segment(&dmd) && tgt->type == DM_CRYPT &&
 3112         (dmd.flags & CRYPT_ACTIVATE_KEYRING_KEY) && tgt->u.crypt.vk->key_description)
 3113         desc = strdup(tgt->u.crypt.vk->key_description);
 3114 
 3115     dm_targets_free(cd, &dmd);
 3116 
 3117     return desc;
 3118 }
 3119 
 3120 int crypt_suspend(struct crypt_device *cd,
 3121           const char *name)
 3122 {
 3123     char *key_desc;
 3124     crypt_status_info ci;
 3125     int r;
 3126     uint32_t dmflags = DM_SUSPEND_WIPE_KEY;
 3127 
 3128     /* FIXME: check context uuid matches the dm-crypt device uuid (onlyLUKS branching) */
 3129 
 3130     if (!cd || !name)
 3131         return -EINVAL;
 3132 
 3133     log_dbg(cd, "Suspending volume %s.", name);
 3134 
 3135     if (cd->type)
 3136         r = onlyLUKS(cd);
 3137     else {
 3138         r = crypt_uuid_type_cmp(cd, CRYPT_LUKS1);
 3139         if (r < 0)
 3140             r = crypt_uuid_type_cmp(cd, CRYPT_LUKS2);
 3141         if (r < 0)
 3142             log_err(cd, _("This operation is supported only for LUKS device."));
 3143     }
 3144 
 3145     if (r < 0)
 3146         return r;
 3147 
 3148     ci = crypt_status(NULL, name);
 3149     if (ci < CRYPT_ACTIVE) {
 3150         log_err(cd, _("Volume %s is not active."), name);
 3151         return -EINVAL;
 3152     }
 3153 
 3154     dm_backend_init(cd);
 3155 
 3156     r = dm_status_suspended(cd, name);
 3157     if (r < 0)
 3158         goto out;
 3159 
 3160     if (r) {
 3161         log_err(cd, _("Volume %s is already suspended."), name);
 3162         r = -EINVAL;
 3163         goto out;
 3164     }
 3165 
 3166     key_desc = crypt_get_device_key_description(cd, name);
 3167 
 3168     /* we can't simply wipe wrapped keys */
 3169     if (crypt_cipher_wrapped_key(crypt_get_cipher(cd), crypt_get_cipher_mode(cd)))
 3170         dmflags &= ~DM_SUSPEND_WIPE_KEY;
 3171 
 3172     r = dm_suspend_device(cd, name, dmflags);
 3173     if (r == -ENOTSUP)
 3174         log_err(cd, _("Suspend is not supported for device %s."), name);
 3175     else if (r)
 3176         log_err(cd, _("Error during suspending device %s."), name);
 3177     else
 3178         crypt_drop_keyring_key_by_description(cd, key_desc, LOGON_KEY);
 3179     free(key_desc);
 3180 out:
 3181     dm_backend_exit(cd);
 3182     return r;
 3183 }
 3184 
 3185 /* key must be properly verified */
 3186 static int resume_by_volume_key(struct crypt_device *cd,
 3187         struct volume_key *vk,
 3188         const char *name)
 3189 {
 3190     int digest, r;
 3191     struct volume_key *zerokey = NULL;
 3192 
 3193     if (crypt_is_cipher_null(crypt_get_cipher_spec(cd))) {
 3194         zerokey = crypt_alloc_volume_key(0, NULL);
 3195         if (!zerokey)
 3196             return -ENOMEM;
 3197         vk = zerokey;
 3198     } else if (crypt_use_keyring_for_vk(cd)) {
 3199         /* LUKS2 path only */
 3200         digest = LUKS2_digest_by_segment(&cd->u.luks2.hdr, CRYPT_DEFAULT_SEGMENT);
 3201         if (digest < 0)
 3202             return -EINVAL;
 3203         r = LUKS2_volume_key_load_in_keyring_by_digest(cd,
 3204                     &cd->u.luks2.hdr, vk, digest);
 3205         if (r < 0)
 3206             return r;
 3207     }
 3208 
 3209     r = dm_resume_and_reinstate_key(cd, name, vk);
 3210 
 3211     if (r == -ENOTSUP)
 3212         log_err(cd, _("Resume is not supported for device %s."), name);
 3213     else if (r)
 3214         log_err(cd, _("Error during resuming device %s."), name);
 3215 
 3216     if (r < 0)
 3217         crypt_drop_keyring_key(cd, vk);
 3218 
 3219     crypt_free_volume_key(zerokey);
 3220 
 3221     return r;
 3222 }
 3223 
 3224 int crypt_resume_by_passphrase(struct crypt_device *cd,
 3225                    const char *name,
 3226                    int keyslot,
 3227                    const char *passphrase,
 3228                    size_t passphrase_size)
 3229 {
 3230     struct volume_key *vk = NULL;
 3231     int r;
 3232 
 3233     /* FIXME: check context uuid matches the dm-crypt device uuid */
 3234 
 3235     if (!passphrase || !name)
 3236         return -EINVAL;
 3237 
 3238     log_dbg(cd, "Resuming volume %s.", name);
 3239 
 3240     if ((r = onlyLUKS(cd)))
 3241         return r;
 3242 
 3243     r = dm_status_suspended(cd, name);
 3244     if (r < 0)
 3245         return r;
 3246 
 3247     if (!r) {
 3248         log_err(cd, _("Volume %s is not suspended."), name);
 3249         return -EINVAL;
 3250     }
 3251 
 3252     if (isLUKS1(cd->type))
 3253         r = LUKS_open_key_with_hdr(keyslot, passphrase, passphrase_size,
 3254                        &cd->u.luks1.hdr, &vk, cd);
 3255     else
 3256         r = LUKS2_keyslot_open(cd, keyslot, CRYPT_DEFAULT_SEGMENT, passphrase, passphrase_size, &vk);
 3257 
 3258     if  (r < 0)
 3259         return r;
 3260 
 3261     keyslot = r;
 3262 
 3263     r = resume_by_volume_key(cd, vk, name);
 3264 
 3265     crypt_free_volume_key(vk);
 3266     return r < 0 ? r : keyslot;
 3267 }
 3268 
 3269 int crypt_resume_by_keyfile_device_offset(struct crypt_device *cd,
 3270                       const char *name,
 3271                       int keyslot,
 3272                       const char *keyfile,
 3273                       size_t keyfile_size,
 3274                       uint64_t keyfile_offset)
 3275 {
 3276     struct volume_key *vk = NULL;
 3277     char *passphrase_read = NULL;
 3278     size_t passphrase_size_read;
 3279     int r;
 3280 
 3281     /* FIXME: check context uuid matches the dm-crypt device uuid */
 3282 
 3283     if (!name || !keyfile)
 3284         return -EINVAL;
 3285 
 3286     log_dbg(cd, "Resuming volume %s.", name);
 3287 
 3288     if ((r = onlyLUKS(cd)))
 3289         return r;
 3290 
 3291     r = dm_status_suspended(cd, name);
 3292     if (r < 0)
 3293         return r;
 3294 
 3295     if (!r) {
 3296         log_err(cd, _("Volume %s is not suspended."), name);
 3297         return -EINVAL;
 3298     }
 3299 
 3300     r = crypt_keyfile_device_read(cd, keyfile,
 3301                       &passphrase_read, &passphrase_size_read,
 3302                       keyfile_offset, keyfile_size, 0);
 3303     if (r < 0)
 3304         return r;
 3305 
 3306     if (isLUKS1(cd->type))
 3307         r = LUKS_open_key_with_hdr(keyslot, passphrase_read, passphrase_size_read,
 3308                        &cd->u.luks1.hdr, &vk, cd);
 3309     else
 3310         r = LUKS2_keyslot_open(cd, keyslot, CRYPT_DEFAULT_SEGMENT, passphrase_read, passphrase_size_read, &vk);
 3311 
 3312     crypt_safe_free(passphrase_read);
 3313     if (r < 0)
 3314         return r;
 3315 
 3316     keyslot = r;
 3317 
 3318     r = resume_by_volume_key(cd, vk, name);
 3319 
 3320     crypt_free_volume_key(vk);
 3321     return r < 0 ? r : keyslot;
 3322 }
 3323 
 3324 int crypt_resume_by_keyfile(struct crypt_device *cd,
 3325                 const char *name,
 3326                 int keyslot,
 3327                 const char *keyfile,
 3328                 size_t keyfile_size)
 3329 {
 3330     return crypt_resume_by_keyfile_device_offset(cd, name, keyslot,
 3331                           keyfile, keyfile_size, 0);
 3332 }
 3333 
 3334 int crypt_resume_by_keyfile_offset(struct crypt_device *cd,
 3335                    const char *name,
 3336                    int keyslot,
 3337                    const char *keyfile,
 3338                    size_t keyfile_size,
 3339                    size_t keyfile_offset)
 3340 {
 3341     return crypt_resume_by_keyfile_device_offset(cd, name, keyslot,
 3342                       keyfile, keyfile_size, keyfile_offset);
 3343 }
 3344 
 3345 int crypt_resume_by_volume_key(struct crypt_device *cd,
 3346     const char *name,
 3347     const char *volume_key,
 3348     size_t volume_key_size)
 3349 {
 3350     struct volume_key *vk = NULL;
 3351     int r;
 3352 
 3353     if (!name || !volume_key)
 3354         return -EINVAL;
 3355 
 3356     log_dbg(cd, "Resuming volume %s by volume key.", name);
 3357 
 3358     if ((r = onlyLUKS(cd)))
 3359         return r;
 3360 
 3361     r = dm_status_suspended(cd, name);
 3362     if (r < 0)
 3363         return r;
 3364 
 3365     if (!r) {
 3366         log_err(cd, _("Volume %s is not suspended."), name);
 3367         return -EINVAL;
 3368     }
 3369 
 3370     vk = crypt_alloc_volume_key(volume_key_size, volume_key);
 3371     if (!vk)
 3372         return -ENOMEM;
 3373 
 3374     if (isLUKS1(cd->type))
 3375         r = LUKS_verify_volume_key(&cd->u.luks1.hdr, vk);
 3376     else if (isLUKS2(cd->type))
 3377         r = LUKS2_digest_verify_by_segment(cd, &cd->u.luks2.hdr, CRYPT_DEFAULT_SEGMENT, vk);
 3378     else
 3379         r = -EINVAL;
 3380     if (r == -EPERM || r == -ENOENT)
 3381         log_err(cd, _("Volume key does not match the volume."));
 3382 
 3383     if (r >= 0)
 3384         r = resume_by_volume_key(cd, vk, name);
 3385 
 3386     crypt_free_volume_key(vk);
 3387     return r;
 3388 }
 3389 
 3390 /*
 3391  * Keyslot manipulation
 3392  */
 3393 int crypt_keyslot_add_by_passphrase(struct crypt_device *cd,
 3394     int keyslot, // -1 any
 3395     const char *passphrase,
 3396     size_t passphrase_size,
 3397     const char *new_passphrase,
 3398     size_t new_passphrase_size)
 3399 {
 3400     int digest, r, active_slots;
 3401     struct luks2_keyslot_params params;
 3402     struct volume_key *vk = NULL;
 3403 
 3404     log_dbg(cd, "Adding new keyslot, existing passphrase %sprovided,"
 3405         "new passphrase %sprovided.",
 3406         passphrase ? "" : "not ", new_passphrase  ? "" : "not ");
 3407 
 3408     if ((r = onlyLUKS(cd)))
 3409         return r;
 3410 
 3411     if (!passphrase || !new_passphrase)
 3412         return -EINVAL;
 3413 
 3414     r = keyslot_verify_or_find_empty(cd, &keyslot);
 3415     if (r)
 3416         return r;
 3417 
 3418     if (isLUKS1(cd->type))
 3419         active_slots = LUKS_keyslot_active_count(&cd->u.luks1.hdr);
 3420     else
 3421         active_slots = LUKS2_keyslot_active_count(&cd->u.luks2.hdr, CRYPT_DEFAULT_SEGMENT);
 3422     if (active_slots == 0) {
 3423         /* No slots used, try to use pre-generated key in header */
 3424         if (cd->volume_key) {
 3425             vk = crypt_alloc_volume_key(cd->volume_key->keylength, cd->volume_key->key);
 3426             r = vk ? 0 : -ENOMEM;
 3427         } else {
 3428             log_err(cd, _("Cannot add key slot, all slots disabled and no volume key provided."));
 3429             return -EINVAL;
 3430         }
 3431     } else if (active_slots < 0)
 3432         return -EINVAL;
 3433     else {
 3434         /* Passphrase provided, use it to unlock existing keyslot */
 3435         if (isLUKS1(cd->type))
 3436             r = LUKS_open_key_with_hdr(CRYPT_ANY_SLOT, passphrase,
 3437                            passphrase_size, &cd->u.luks1.hdr, &vk, cd);
 3438         else
 3439             r = LUKS2_keyslot_open(cd, CRYPT_ANY_SLOT, CRYPT_DEFAULT_SEGMENT, passphrase,
 3440                         passphrase_size, &vk);
 3441     }
 3442 
 3443     if (r < 0)
 3444         goto out;
 3445 
 3446     if (isLUKS1(cd->type))
 3447         r = LUKS_set_key(keyslot, CONST_CAST(char*)new_passphrase,
 3448                  new_passphrase_size, &cd->u.luks1.hdr, vk, cd);
 3449     else {
 3450         r = LUKS2_digest_verify_by_segment(cd, &cd->u.luks2.hdr, CRYPT_DEFAULT_SEGMENT, vk);
 3451         digest = r;
 3452 
 3453         if (r >= 0)
 3454             r = LUKS2_keyslot_params_default(cd, &cd->u.luks2.hdr, &params);
 3455 
 3456         if (r >= 0)
 3457             r = LUKS2_digest_assign(cd, &cd->u.luks2.hdr, keyslot, digest, 1, 0);
 3458 
 3459         if (r >= 0)
 3460             r = LUKS2_keyslot_store(cd,  &cd->u.luks2.hdr, keyslot,
 3461                         CONST_CAST(char*)new_passphrase,
 3462                         new_passphrase_size, vk, &params);
 3463     }
 3464 
 3465     if (r < 0)
 3466         goto out;
 3467 
 3468     r = 0;
 3469 out:
 3470     crypt_free_volume_key(vk);
 3471     if (r < 0) {
 3472         _luks2_reload(cd);
 3473         return r;
 3474     }
 3475     return keyslot;
 3476 }
 3477 
 3478 int crypt_keyslot_change_by_passphrase(struct crypt_device *cd,
 3479     int keyslot_old,
 3480     int keyslot_new,
 3481     const char *passphrase,
 3482     size_t passphrase_size,
 3483     const char *new_passphrase,
 3484     size_t new_passphrase_size)
 3485 {
 3486     int digest = -1, r, keyslot_new_orig = keyslot_new;
 3487     struct luks2_keyslot_params params;
 3488     struct volume_key *vk = NULL;
 3489 
 3490     if (!passphrase || !new_passphrase)
 3491         return -EINVAL;
 3492 
 3493     log_dbg(cd, "Changing passphrase from old keyslot %d to new %d.",
 3494         keyslot_old, keyslot_new);
 3495 
 3496     if ((r = onlyLUKS(cd)))
 3497         return r;
 3498 
 3499     if (isLUKS1(cd->type))
 3500         r = LUKS_open_key_with_hdr(keyslot_old, passphrase, passphrase_size,
 3501                        &cd->u.luks1.hdr, &vk, cd);
 3502     else if (isLUKS2(cd->type)) {
 3503         r = LUKS2_keyslot_open(cd, keyslot_old, CRYPT_ANY_SEGMENT, passphrase, passphrase_size, &vk);
 3504         /* will fail for keyslots w/o digest. fix if supported in a future */
 3505         if (r >= 0) {
 3506             digest = LUKS2_digest_by_keyslot(&cd->u.luks2.hdr, r);
 3507             if (digest < 0)
 3508                 r = -EINVAL;
 3509         }
 3510     } else
 3511         r = -EINVAL;
 3512     if (r < 0)
 3513         goto out;
 3514 
 3515     if (keyslot_old != CRYPT_ANY_SLOT && keyslot_old != r) {
 3516         log_dbg(cd, "Keyslot mismatch.");
 3517         goto out;
 3518     }
 3519     keyslot_old = r;
 3520 
 3521     if (keyslot_new == CRYPT_ANY_SLOT) {
 3522         if (isLUKS1(cd->type))
 3523             keyslot_new = LUKS_keyslot_find_empty(&cd->u.luks1.hdr);
 3524         else if (isLUKS2(cd->type))
 3525             keyslot_new = LUKS2_keyslot_find_empty(cd, &cd->u.luks2.hdr, vk->keylength);
 3526         if (keyslot_new < 0)
 3527             keyslot_new = keyslot_old;
 3528     }
 3529     log_dbg(cd, "Key change, old slot %d, new slot %d.", keyslot_old, keyslot_new);
 3530 
 3531     if (isLUKS1(cd->type)) {
 3532         if (keyslot_old == keyslot_new) {
 3533             log_dbg(cd, "Key slot %d is going to be overwritten.", keyslot_old);
 3534             (void)crypt_keyslot_destroy(cd, keyslot_old);
 3535         }
 3536         r = LUKS_set_key(keyslot_new, new_passphrase, new_passphrase_size,
 3537                  &cd->u.luks1.hdr, vk, cd);
 3538     } else if (isLUKS2(cd->type)) {
 3539         r = LUKS2_keyslot_params_default(cd, &cd->u.luks2.hdr, &params);
 3540         if (r)
 3541             goto out;
 3542 
 3543         if (keyslot_old != keyslot_new) {
 3544             r = LUKS2_digest_assign(cd, &cd->u.luks2.hdr, keyslot_new, digest, 1, 0);
 3545             if (r < 0)
 3546                 goto out;
 3547             r = LUKS2_token_assignment_copy(cd, &cd->u.luks2.hdr, keyslot_old, keyslot_new, 0);
 3548             if (r < 0)
 3549                 goto out;
 3550         } else {
 3551             log_dbg(cd, "Key slot %d is going to be overwritten.", keyslot_old);
 3552             /* FIXME: improve return code so that we can detect area is damaged */
 3553             r = LUKS2_keyslot_wipe(cd, &cd->u.luks2.hdr, keyslot_old, 1);
 3554             if (r) {
 3555                 /* (void)crypt_keyslot_destroy(cd, keyslot_old); */
 3556                 r = -EINVAL;
 3557                 goto out;
 3558             }
 3559         }
 3560 
 3561         r = LUKS2_keyslot_store(cd,  &cd->u.luks2.hdr,
 3562                     keyslot_new, new_passphrase,
 3563                     new_passphrase_size, vk, &params);
 3564         if (r < 0)
 3565             goto out;
 3566 
 3567         /* Swap old & new so the final keyslot number remains */
 3568         if (keyslot_new_orig == CRYPT_ANY_SLOT && keyslot_old != keyslot_new) {
 3569             r = LUKS2_keyslot_swap(cd, &cd->u.luks2.hdr, keyslot_old, keyslot_new);
 3570             if (r < 0)
 3571                 goto out;
 3572 
 3573             /* Swap slot id */
 3574             r = keyslot_old;
 3575             keyslot_old = keyslot_new;
 3576             keyslot_new = r;
 3577         }
 3578     } else
 3579         r = -EINVAL;
 3580 
 3581     if (r >= 0 && keyslot_old != keyslot_new)
 3582         r = crypt_keyslot_destroy(cd, keyslot_old);
 3583 
 3584     if (r < 0)
 3585         log_err(cd, _("Failed to swap new key slot."));
 3586 out:
 3587     crypt_free_volume_key(vk);
 3588     if (r < 0) {
 3589         _luks2_reload(cd);
 3590         return r;
 3591     }
 3592     return keyslot_new;
 3593 }
 3594 
 3595 int crypt_keyslot_add_by_keyfile_device_offset(struct crypt_device *cd,
 3596     int keyslot,
 3597     const char *keyfile,
 3598     size_t keyfile_size,
 3599     uint64_t keyfile_offset,
 3600     const char *new_keyfile,
 3601     size_t new_keyfile_size,
 3602     uint64_t new_keyfile_offset)
 3603 {
 3604     int digest, r, active_slots;
 3605     size_t passwordLen, new_passwordLen;
 3606     struct luks2_keyslot_params params;
 3607     char *password = NULL, *new_password = NULL;
 3608     struct volume_key *vk = NULL;
 3609 
 3610     if (!keyfile || !new_keyfile)
 3611         return -EINVAL;
 3612 
 3613     log_dbg(cd, "Adding new keyslot, existing keyfile %s, new keyfile %s.",
 3614         keyfile, new_keyfile);
 3615 
 3616     if ((r = onlyLUKS(cd)))
 3617         return r;
 3618 
 3619     r = keyslot_verify_or_find_empty(cd, &keyslot);
 3620     if (r)
 3621         return r;
 3622 
 3623     if (isLUKS1(cd->type))
 3624         active_slots = LUKS_keyslot_active_count(&cd->u.luks1.hdr);
 3625     else
 3626         active_slots = LUKS2_keyslot_active_count(&cd->u.luks2.hdr, CRYPT_DEFAULT_SEGMENT);
 3627     if (active_slots == 0) {
 3628         /* No slots used, try to use pre-generated key in header */
 3629         if (cd->volume_key) {
 3630             vk = crypt_alloc_volume_key(cd->volume_key->keylength, cd->volume_key->key);
 3631             r = vk ? 0 : -ENOMEM;
 3632         } else {
 3633             log_err(cd, _("Cannot add key slot, all slots disabled and no volume key provided."));
 3634             return -EINVAL;
 3635         }
 3636     } else {
 3637         r = crypt_keyfile_device_read(cd, keyfile,
 3638                        &password, &passwordLen,
 3639                        keyfile_offset, keyfile_size, 0);
 3640         if (r < 0)
 3641             goto out;
 3642 
 3643         if (isLUKS1(cd->type))
 3644             r = LUKS_open_key_with_hdr(CRYPT_ANY_SLOT, password, passwordLen,
 3645                            &cd->u.luks1.hdr, &vk, cd);
 3646         else
 3647             r = LUKS2_keyslot_open(cd, CRYPT_ANY_SLOT, CRYPT_DEFAULT_SEGMENT, password, passwordLen, &vk);
 3648     }
 3649 
 3650     if (r < 0)
 3651         goto out;
 3652 
 3653     r = crypt_keyfile_device_read(cd, new_keyfile,
 3654                    &new_password, &new_passwordLen,
 3655                    new_keyfile_offset, new_keyfile_size, 0);
 3656     if (r < 0)
 3657         goto out;
 3658 
 3659     if (isLUKS1(cd->type))
 3660         r = LUKS_set_key(keyslot, new_password, new_passwordLen,
 3661                  &cd->u.luks1.hdr, vk, cd);
 3662     else {
 3663         r = LUKS2_digest_verify_by_segment(cd, &cd->u.luks2.hdr, CRYPT_DEFAULT_SEGMENT, vk);
 3664         digest = r;
 3665 
 3666         if (r >= 0)
 3667             r = LUKS2_keyslot_params_default(cd, &cd->u.luks2.hdr, &params);
 3668 
 3669         if (r >= 0)
 3670             r = LUKS2_digest_assign(cd, &cd->u.luks2.hdr, keyslot, digest, 1, 0);
 3671 
 3672         if (r >= 0)
 3673             r = LUKS2_keyslot_store(cd,  &cd->u.luks2.hdr, keyslot,
 3674                         new_password, new_passwordLen, vk, &params);
 3675     }
 3676 out:
 3677     crypt_safe_free(password);
 3678     crypt_safe_free(new_password);
 3679     crypt_free_volume_key(vk);
 3680     if (r < 0) {
 3681         _luks2_reload(cd);
 3682         return r;
 3683     }
 3684     return keyslot;
 3685 }
 3686 
 3687 int crypt_keyslot_add_by_keyfile(struct crypt_device *cd,
 3688     int keyslot,
 3689     const char *keyfile,
 3690     size_t keyfile_size,
 3691     const char *new_keyfile,
 3692     size_t new_keyfile_size)
 3693 {
 3694     return crypt_keyslot_add_by_keyfile_device_offset(cd, keyslot,
 3695                 keyfile, keyfile_size, 0,
 3696                 new_keyfile, new_keyfile_size, 0);
 3697 }
 3698 
 3699 int crypt_keyslot_add_by_keyfile_offset(struct crypt_device *cd,
 3700     int keyslot,
 3701     const char *keyfile,
 3702     size_t keyfile_size,
 3703     size_t keyfile_offset,
 3704     const char *new_keyfile,
 3705     size_t new_keyfile_size,
 3706     size_t new_keyfile_offset)
 3707 {
 3708     return crypt_keyslot_add_by_keyfile_device_offset(cd, keyslot,
 3709                 keyfile, keyfile_size, keyfile_offset,
 3710                 new_keyfile, new_keyfile_size, new_keyfile_offset);
 3711 }
 3712 
 3713 int crypt_keyslot_add_by_volume_key(struct crypt_device *cd,
 3714     int keyslot,
 3715     const char *volume_key,
 3716     size_t volume_key_size,
 3717     const char *passphrase,
 3718     size_t passphrase_size)
 3719 {
 3720     struct volume_key *vk = NULL;
 3721     int r;
 3722 
 3723     if (!passphrase)
 3724         return -EINVAL;
 3725 
 3726     log_dbg(cd, "Adding new keyslot %d using volume key.", keyslot);
 3727 
 3728     if ((r = onlyLUKS(cd)))
 3729         return r;
 3730 
 3731     if (isLUKS2(cd->type))
 3732         return crypt_keyslot_add_by_key(cd, keyslot,
 3733                 volume_key, volume_key_size, passphrase,
 3734                 passphrase_size, 0);
 3735 
 3736     r = keyslot_verify_or_find_empty(cd, &keyslot);
 3737     if (r < 0)
 3738         return r;
 3739 
 3740     if (volume_key)
 3741         vk = crypt_alloc_volume_key(volume_key_size, volume_key);
 3742     else if (cd->volume_key)
 3743         vk = crypt_alloc_volume_key(cd->volume_key->keylength, cd->volume_key->key);
 3744 
 3745     if (!vk)
 3746         return -ENOMEM;
 3747 
 3748     r = LUKS_verify_volume_key(&cd->u.luks1.hdr, vk);
 3749     if (r < 0)
 3750         log_err(cd, _("Volume key does not match the volume."));
 3751     else
 3752         r = LUKS_set_key(keyslot, passphrase, passphrase_size,
 3753             &cd->u.luks1.hdr, vk, cd);
 3754 
 3755     crypt_free_volume_key(vk);
 3756     return (r < 0) ? r : keyslot;
 3757 }
 3758 
 3759 int crypt_keyslot_destroy(struct crypt_device *cd, int keyslot)
 3760 {
 3761     crypt_keyslot_info ki;
 3762     int r;
 3763 
 3764     log_dbg(cd, "Destroying keyslot %d.", keyslot);
 3765 
 3766     if ((r = _onlyLUKS(cd, CRYPT_CD_UNRESTRICTED)))
 3767         return r;
 3768 
 3769     ki = crypt_keyslot_status(cd, keyslot);
 3770     if (ki == CRYPT_SLOT_INVALID) {
 3771         log_err(cd, _("Key slot %d is invalid."), keyslot);
 3772         return -EINVAL;
 3773     }
 3774 
 3775     if (isLUKS1(cd->type)) {
 3776         if (ki == CRYPT_SLOT_INACTIVE) {
 3777             log_err(cd, _("Keyslot %d is not active."), keyslot);
 3778             return -EINVAL;
 3779         }
 3780         return LUKS_del_key(keyslot, &cd->u.luks1.hdr, cd);
 3781     }
 3782 
 3783     return LUKS2_keyslot_wipe(cd, &cd->u.luks2.hdr, keyslot, 0);
 3784 }
 3785 
 3786 static int _check_header_data_overlap(struct crypt_device *cd, const char *name)
 3787 {
 3788     if (!name || !isLUKS(cd->type))
 3789         return 0;
 3790 
 3791     if (device_is_identical(crypt_data_device(cd), crypt_metadata_device(cd)) <= 0)
 3792         return 0;
 3793 
 3794     /* FIXME: check real header size */
 3795     if (crypt_get_data_offset(cd) == 0) {
 3796         log_err(cd, _("Device header overlaps with data area."));
 3797         return -EINVAL;
 3798     }
 3799 
 3800     return 0;
 3801 }
 3802 
 3803 static int check_devices(struct crypt_device *cd, const char *name, const char *iname, uint32_t *flags)
 3804 {
 3805     int r;
 3806 
 3807     if (!flags || !name)
 3808         return -EINVAL;
 3809 
 3810     if (iname) {
 3811         r = dm_status_device(cd, iname);
 3812         if (r >= 0 && !(*flags & CRYPT_ACTIVATE_REFRESH))
 3813             return -EBUSY;
 3814         if (r < 0 && r != -ENODEV)
 3815             return r;
 3816         if (r == -ENODEV)
 3817             *flags &= ~CRYPT_ACTIVATE_REFRESH;
 3818     }
 3819 
 3820     r = dm_status_device(cd, name);
 3821     if (r >= 0 && !(*flags & CRYPT_ACTIVATE_REFRESH))
 3822         return -EBUSY;
 3823     if (r < 0 && r != -ENODEV)
 3824         return r;
 3825     if (r == -ENODEV)
 3826         *flags &= ~CRYPT_ACTIVATE_REFRESH;
 3827 
 3828     return 0;
 3829 }
 3830 
 3831 static int _create_device_with_integrity(struct crypt_device *cd,
 3832     const char *type, const char *name, const char *iname,
 3833     const char *ipath, struct crypt_dm_active_device *dmd,
 3834     struct crypt_dm_active_device *dmdi)
 3835 {
 3836     int r;
 3837     enum devcheck device_check;
 3838     struct dm_target *tgt;
 3839     struct device *device = NULL;
 3840 
 3841     if (!single_segment(dmd))
 3842         return -EINVAL;
 3843 
 3844     tgt = &dmd->segment;
 3845     if (tgt->type != DM_CRYPT)
 3846         return -EINVAL;
 3847 
 3848     device_check = dmd->flags & CRYPT_ACTIVATE_SHARED ? DEV_OK : DEV_EXCL;
 3849 
 3850     r = INTEGRITY_activate_dmd_device(cd, iname, CRYPT_INTEGRITY, dmdi, 0);
 3851     if (r)
 3852         return r;
 3853 
 3854     r = device_alloc(cd, &device, ipath);
 3855     if (r < 0)
 3856         goto out;
 3857     tgt->data_device = device;
 3858 
 3859     r = device_block_adjust(cd, tgt->data_device, device_check,
 3860                 tgt->u.crypt.offset, &dmd->size, &dmd->flags);
 3861 
 3862     if (!r)
 3863         r = dm_create_device(cd, name, type, dmd);
 3864 out:
 3865     if (r < 0)
 3866         dm_remove_device(cd, iname, 0);
 3867 
 3868     device_free(cd, device);
 3869     return r;
 3870 }
 3871 
 3872 static int kernel_keyring_support(void)
 3873 {
 3874     static unsigned _checked = 0;
 3875 
 3876     if (!_checked) {
 3877         _kernel_keyring_supported = keyring_check();
 3878         _checked = 1;
 3879     }
 3880 
 3881     return _kernel_keyring_supported;
 3882 }
 3883 
 3884 static int dmcrypt_keyring_bug(void)
 3885 {
 3886     uint64_t kversion;
 3887 
 3888     if (kernel_version(&kversion))
 3889         return 1;
 3890     return kversion < compact_version(4,15,0,0);
 3891 }
 3892 
 3893 int create_or_reload_device(struct crypt_device *cd, const char *name,
 3894              const char *type, struct crypt_dm_active_device *dmd)
 3895 {
 3896     int r;
 3897     enum devcheck device_check;
 3898     struct dm_target *tgt;
 3899 
 3900     if (!type || !name || !single_segment(dmd))
 3901         return -EINVAL;
 3902 
 3903     tgt = &dmd->segment;
 3904     if (tgt->type != DM_CRYPT)
 3905         return -EINVAL;
 3906 
 3907     /* drop CRYPT_ACTIVATE_REFRESH flag if any device is inactive */
 3908     r = check_devices(cd, name, NULL, &dmd->flags);
 3909     if (r)
 3910         return r;
 3911 
 3912     if (dmd->flags & CRYPT_ACTIVATE_REFRESH)
 3913         r = _reload_device(cd, name, dmd);
 3914     else {
 3915         device_check = dmd->flags & CRYPT_ACTIVATE_SHARED ? DEV_OK : DEV_EXCL;
 3916 
 3917         r = device_block_adjust(cd, tgt->data_device, device_check,
 3918                     tgt->u.crypt.offset, &dmd->size, &dmd->flags);
 3919         if (!r) {
 3920             tgt->size = dmd->size;
 3921             r = dm_create_device(cd, name, type, dmd);
 3922         }
 3923     }
 3924 
 3925     return r;
 3926 }
 3927 
 3928 int create_or_reload_device_with_integrity(struct crypt_device *cd, const char *name,
 3929              const char *type, struct crypt_dm_active_device *dmd,
 3930              struct crypt_dm_active_device *dmdi)
 3931 {
 3932     int r;
 3933     const char *iname = NULL;
 3934     char *ipath = NULL;
 3935 
 3936     if (!type || !name || !dmd || !dmdi)
 3937         return -EINVAL;
 3938 
 3939     if (asprintf(&ipath, "%s/%s_dif", dm_get_dir(), name) < 0)
 3940         return -ENOMEM;
 3941     iname = ipath + strlen(dm_get_dir()) + 1;
 3942 
 3943     /* drop CRYPT_ACTIVATE_REFRESH flag if any device is inactive */
 3944     r = check_devices(cd, name, iname, &dmd->flags);
 3945     if (r)
 3946         goto out;
 3947 
 3948     if (dmd->flags & CRYPT_ACTIVATE_REFRESH)
 3949         r = _reload_device_with_integrity(cd, name, iname, ipath, dmd, dmdi);
 3950     else
 3951         r = _create_device_with_integrity(cd, type, name, iname, ipath, dmd, dmdi);
 3952 out:
 3953     free(ipath);
 3954 
 3955     return r;
 3956 }
 3957 
 3958 /* See fixmes in _open_and_activate_luks2 */
 3959 int update_reencryption_flag(struct crypt_device *cd, int enable, bool commit);
 3960 
 3961 /* TODO: This function should 1:1 with pre-reencryption code */
 3962 static int _open_and_activate(struct crypt_device *cd,
 3963     int keyslot,
 3964     const char *name,
 3965     const char *passphrase,
 3966     size_t passphrase_size,
 3967     uint32_t flags)
 3968 {
 3969     bool use_keyring;
 3970     int r;
 3971     struct volume_key *vk = NULL;
 3972 
 3973     r = LUKS2_keyslot_open(cd, keyslot,
 3974                    (flags & CRYPT_ACTIVATE_ALLOW_UNBOUND_KEY) ?
 3975                    CRYPT_ANY_SEGMENT : CRYPT_DEFAULT_SEGMENT,
 3976                    passphrase, passphrase_size, &vk);
 3977     if (r < 0)
 3978         return r;
 3979     keyslot = r;
 3980 
 3981     if (!crypt_use_keyring_for_vk(cd))
 3982         use_keyring = false;
 3983     else
 3984         use_keyring = ((name && !crypt_is_cipher_null(crypt_get_cipher(cd))) ||
 3985                    (flags & CRYPT_ACTIVATE_KEYRING_KEY));
 3986 
 3987     if (use_keyring) {
 3988         r = LUKS2_volume_key_load_in_keyring_by_keyslot(cd,
 3989                 &cd->u.luks2.hdr, vk, keyslot);
 3990         if (r < 0)
 3991             goto out;
 3992         flags |= CRYPT_ACTIVATE_KEYRING_KEY;
 3993     }
 3994 
 3995     if (name)
 3996         r = LUKS2_activate(cd, name, vk, flags);
 3997 out:
 3998     if (r < 0)
 3999         crypt_drop_keyring_key(cd, vk);
 4000     crypt_free_volume_key(vk);
 4001 
 4002     return r < 0 ? r : keyslot;
 4003 }
 4004 
 4005 #if USE_LUKS2_REENCRYPTION
 4006 static int load_all_keys(struct crypt_device *cd, struct luks2_hdr *hdr, struct volume_key *vks)
 4007 {
 4008     int r;
 4009     struct volume_key *vk = vks;
 4010 
 4011     while (vk) {
 4012         r = LUKS2_volume_key_load_in_keyring_by_digest(cd, hdr, vk, crypt_volume_key_get_id(vk));
 4013         if (r < 0)
 4014             return r;
 4015         vk = crypt_volume_key_next(vk);
 4016     }
 4017 
 4018     return 0;
 4019 }
 4020 
 4021 static int _open_all_keys(struct crypt_device *cd,
 4022     struct luks2_hdr *hdr,
 4023     int keyslot,
 4024     const char *passphrase,
 4025     size_t passphrase_size,
 4026     uint32_t flags,
 4027     struct volume_key **vks)
 4028 {
 4029     int r, segment;
 4030     struct volume_key *_vks = NULL;
 4031     crypt_reencrypt_info ri = LUKS2_reencrypt_status(hdr);
 4032 
 4033     segment = (flags & CRYPT_ACTIVATE_ALLOW_UNBOUND_KEY) ? CRYPT_ANY_SEGMENT : CRYPT_DEFAULT_SEGMENT;
 4034 
 4035     switch (ri) {
 4036     case CRYPT_REENCRYPT_NONE:
 4037         r = LUKS2_keyslot_open(cd, keyslot, segment, passphrase, passphrase_size, &_vks);
 4038         break;
 4039     case CRYPT_REENCRYPT_CLEAN:
 4040     case CRYPT_REENCRYPT_CRASH:
 4041         if (segment == CRYPT_ANY_SEGMENT)
 4042             r = LUKS2_keyslot_open(cd, keyslot, segment, passphrase,
 4043                            passphrase_size, &_vks);
 4044         else
 4045             r = LUKS2_keyslot_open_all_segments(cd, keyslot,
 4046                     keyslot, passphrase, passphrase_size,
 4047                     &_vks);
 4048         break;
 4049     default:
 4050         r = -EINVAL;
 4051     }
 4052 
 4053     if (keyslot == CRYPT_ANY_SLOT)
 4054         keyslot = r;
 4055 
 4056     if (r >= 0 && (flags & CRYPT_ACTIVATE_KEYRING_KEY))
 4057         r = load_all_keys(cd, hdr, _vks);
 4058 
 4059     if (r >= 0 && vks)
 4060         MOVE_REF(*vks, _vks);
 4061 
 4062     if (r < 0)
 4063         crypt_drop_keyring_key(cd, _vks);
 4064     crypt_free_volume_key(_vks);
 4065 
 4066     return r < 0 ? r : keyslot;
 4067 }
 4068 
 4069 static int _open_and_activate_reencrypt_device(struct crypt_device *cd,
 4070     struct luks2_hdr *hdr,
 4071     int keyslot,
 4072     const char *name,
 4073     const char *passphrase,
 4074     size_t passphrase_size,
 4075     uint32_t flags)
 4076 {
 4077     bool dynamic_size;
 4078     crypt_reencrypt_info ri;
 4079     uint64_t minimal_size, device_size;
 4080     struct volume_key *vks = NULL;
 4081     int r = 0;
 4082     struct crypt_lock_handle *reencrypt_lock = NULL;
 4083 
 4084     if (crypt_use_keyring_for_vk(cd))
 4085         flags |= CRYPT_ACTIVATE_KEYRING_KEY;
 4086 
 4087     r = LUKS2_reencrypt_lock(cd, &reencrypt_lock);
 4088     if (r) {
 4089         if (r == -EBUSY)
 4090             log_err(cd, _("Reencryption in-progress. Cannot activate device."));
 4091         else
 4092             log_err(cd, _("Failed to get reencryption lock."));
 4093         return r;
 4094     }
 4095 
 4096     if ((r = crypt_load(cd, CRYPT_LUKS2, NULL)))
 4097         goto out;
 4098 
 4099     ri = LUKS2_reencrypt_status(hdr);
 4100 
 4101     if (ri == CRYPT_REENCRYPT_CRASH) {
 4102         r = LUKS2_reencrypt_locked_recovery_by_passphrase(cd, keyslot,
 4103                 keyslot, passphrase, passphrase_size, flags, &vks);
 4104         if (r < 0) {
 4105             log_err(cd, _("LUKS2 reencryption recovery failed."));
 4106             goto out;
 4107         }
 4108         keyslot = r;
 4109 
 4110         ri = LUKS2_reencrypt_status(hdr);
 4111     }
 4112 
 4113     /* recovery finished reencryption or it's already finished */
 4114     if (ri == CRYPT_REENCRYPT_NONE) {
 4115         crypt_drop_keyring_key(cd, vks);
 4116         crypt_free_volume_key(vks);
 4117         LUKS2_reencrypt_unlock(cd, reencrypt_lock);
 4118         return _open_and_activate(cd, keyslot, name, passphrase, passphrase_size, flags);
 4119     }
 4120 
 4121     if (ri > CRYPT_REENCRYPT_CLEAN) {
 4122         r = -EINVAL;
 4123         goto out;
 4124     }
 4125 
 4126     if (LUKS2_get_data_size(hdr, &minimal_size, &dynamic_size))
 4127         goto out;
 4128 
 4129     if (!vks) {
 4130         r = _open_all_keys(cd, hdr, keyslot, passphrase, passphrase_size, flags, &vks);
 4131         if (r >= 0)
 4132             keyslot = r;
 4133     }
 4134 
 4135     if (r >= 0) {
 4136         r = LUKS2_reencrypt_digest_verify(cd, hdr, vks);
 4137         if (r < 0)
 4138             goto out;
 4139     }
 4140 
 4141     log_dbg(cd, "Entering clean reencryption state mode.");
 4142 
 4143     if (r >= 0)
 4144         r = LUKS2_reencrypt_check_device_size(cd, hdr, minimal_size, &device_size, true, dynamic_size);
 4145 
 4146     if (r >= 0)
 4147         r = LUKS2_activate_multi(cd, name, vks, device_size >> SECTOR_SHIFT, flags);
 4148 out:
 4149     LUKS2_reencrypt_unlock(cd, reencrypt_lock);
 4150     if (r < 0)
 4151         crypt_drop_keyring_key(cd, vks);
 4152     crypt_free_volume_key(vks);
 4153 
 4154     return r < 0 ? r : keyslot;
 4155 }
 4156 
 4157 /*
 4158  * Activation/deactivation of a device
 4159  */
 4160 static int _open_and_activate_luks2(struct crypt_device *cd,
 4161     int keyslot,
 4162     const char *name,
 4163     const char *passphrase,
 4164     size_t passphrase_size,
 4165     uint32_t flags)
 4166 {
 4167     crypt_reencrypt_info ri;
 4168     int r, rv;
 4169     struct luks2_hdr *hdr = &cd->u.luks2.hdr;
 4170     struct volume_key *vks = NULL;
 4171 
 4172     ri = LUKS2_reencrypt_status(hdr);
 4173     if (ri == CRYPT_REENCRYPT_INVALID)
 4174         return -EINVAL;
 4175 
 4176     if (ri > CRYPT_REENCRYPT_NONE) {
 4177         if (name)
 4178             r = _open_and_activate_reencrypt_device(cd, hdr, keyslot, name, passphrase,
 4179                     passphrase_size, flags);
 4180         else {
 4181             r = _open_all_keys(cd, hdr, keyslot, passphrase,
 4182                        passphrase_size, flags, &vks);
 4183             if (r < 0)
 4184                 return r;
 4185 
 4186             rv = LUKS2_reencrypt_digest_verify(cd, hdr, vks);
 4187             crypt_free_volume_key(vks);
 4188             if (rv < 0)
 4189                 return rv;
 4190         }
 4191     } else
 4192         r = _open_and_activate(cd, keyslot, name, passphrase,
 4193                 passphrase_size, flags);
 4194 
 4195     return r;
 4196 }
 4197 #else
 4198 static int _open_and_activate_luks2(struct crypt_device *cd,
 4199     int keyslot,
 4200     const char *name,
 4201     const char *passphrase,
 4202     size_t passphrase_size,
 4203     uint32_t flags)
 4204 {
 4205     crypt_reencrypt_info ri;
 4206 
 4207     ri = LUKS2_reencrypt_status(&cd->u.luks2.hdr);
 4208     if (ri == CRYPT_REENCRYPT_INVALID)
 4209         return -EINVAL;
 4210 
 4211     if (ri > CRYPT_REENCRYPT_NONE) {
 4212         log_err(cd, _("This operation is not supported for this device type."));
 4213         return -ENOTSUP;
 4214     }
 4215 
 4216     return _open_and_activate(cd, keyslot, name, passphrase, passphrase_size, flags);
 4217 }
 4218 #endif
 4219 
 4220 static int _activate_by_passphrase(struct crypt_device *cd,
 4221     const char *name,
 4222     int keyslot,
 4223     const char *passphrase,
 4224     size_t passphrase_size,
 4225     uint32_t flags)
 4226 {
 4227     int r;
 4228     struct volume_key *vk = NULL;
 4229 
 4230     if ((flags & CRYPT_ACTIVATE_KEYRING_KEY) && !crypt_use_keyring_for_vk(cd))
 4231         return -EINVAL;
 4232 
 4233     if ((flags & CRYPT_ACTIVATE_ALLOW_UNBOUND_KEY) && name)
 4234         return -EINVAL;
 4235 
 4236     r = _check_header_data_overlap(cd, name);
 4237     if (r < 0)
 4238         return r;
 4239 
 4240     if (flags & CRYPT_ACTIVATE_SERIALIZE_MEMORY_HARD_PBKDF)
 4241         cd->memory_hard_pbkdf_lock_enabled = true;
 4242 
 4243     /* plain, use hashed passphrase */
 4244     if (isPLAIN(cd->type)) {
 4245         r = -EINVAL;
 4246         if (!name)
 4247             goto out;
 4248 
 4249         r = process_key(cd, cd->u.plain.hdr.hash,
 4250                 cd->u.plain.key_size,
 4251                 passphrase, passphrase_size, &vk);
 4252         if (r < 0)
 4253             goto out;
 4254 
 4255         r = PLAIN_activate(cd, name, vk, cd->u.plain.hdr.size, flags);
 4256         keyslot = 0;
 4257     } else if (isLUKS1(cd->type)) {
 4258         r = LUKS_open_key_with_hdr(keyslot, passphrase,
 4259                        passphrase_size, &cd->u.luks1.hdr, &vk, cd);
 4260         if (r >= 0) {
 4261             keyslot = r;
 4262             if (name)
 4263                 r = LUKS1_activate(cd, name, vk, flags);
 4264         }
 4265     } else if (isLUKS2(cd->type)) {
 4266         r = _open_and_activate_luks2(cd, keyslot, name, passphrase, passphrase_size, flags);
 4267         keyslot = r;
 4268     } else if (isBITLK(cd->type)) {
 4269         r = BITLK_activate_by_passphrase(cd, name, passphrase, passphrase_size,
 4270                          &cd->u.bitlk.params, flags);
 4271         keyslot = 0;
 4272     } else {
 4273         log_err(cd, _("Device type is not properly initialized."));
 4274         r = -EINVAL;
 4275     }
 4276 out:
 4277     if (r < 0)
 4278         crypt_drop_keyring_key(cd, vk);
 4279     crypt_free_volume_key(vk);
 4280 
 4281     cd->memory_hard_pbkdf_lock_enabled = false;
 4282 
 4283     return r < 0 ? r : keyslot;
 4284 }
 4285 
 4286 static int _activate_loopaes(struct crypt_device *cd,
 4287     const char *name,
 4288     char *buffer,
 4289     size_t buffer_size,
 4290     uint32_t flags)
 4291 {
 4292     int r;
 4293     unsigned int key_count = 0;
 4294     struct volume_key *vk = NULL;
 4295 
 4296     r = LOOPAES_parse_keyfile(cd, &vk, cd->u.loopaes.hdr.hash, &key_count,
 4297                   buffer, buffer_size);
 4298 
 4299     if (!r && name)
 4300         r = LOOPAES_activate(cd, name, cd->u.loopaes.cipher, key_count,
 4301                      vk, flags);
 4302 
 4303     crypt_free_volume_key(vk);
 4304 
 4305     return r;
 4306 }
 4307 
 4308 static int _activate_check_status(struct crypt_device *cd, const char *name, unsigned reload)
 4309 {
 4310     int r;
 4311 
 4312     if (!name)
 4313         return 0;
 4314 
 4315     r = dm_status_device(cd, name);
 4316 
 4317     if (r >= 0 && reload)
 4318         return 0;
 4319 
 4320     if (r >= 0 || r == -EEXIST) {
 4321         log_err(cd, _("Device %s already exists."), name);
 4322         return -EEXIST;
 4323     }
 4324 
 4325     if (r == -ENODEV)
 4326         return 0;
 4327 
 4328     log_err(cd, _("Cannot use device %s, name is invalid or still in use."), name);
 4329     return r;
 4330 }
 4331 
 4332 // activation/deactivation of device mapping
 4333 int crypt_activate_by_passphrase(struct crypt_device *cd,
 4334     const char *name,
 4335     int keyslot,
 4336     const char *passphrase,
 4337     size_t passphrase_size,
 4338     uint32_t flags)
 4339 {
 4340     int r;
 4341 
 4342     if (!cd || !passphrase || (!name && (flags & CRYPT_ACTIVATE_REFRESH)))
 4343         return -EINVAL;
 4344 
 4345     log_dbg(cd, "%s volume %s [keyslot %d] using passphrase.",
 4346         name ? "Activating" : "Checking", name ?: "passphrase",
 4347         keyslot);
 4348 
 4349     r = _activate_check_status(cd, name, flags & CRYPT_ACTIVATE_REFRESH);
 4350     if (r < 0)
 4351         return r;
 4352 
 4353     return _activate_by_passphrase(cd, name, keyslot, passphrase, passphrase_size, flags);
 4354 }
 4355 
 4356 int crypt_activate_by_keyfile_device_offset(struct crypt_device *cd,
 4357     const char *name,
 4358     int keyslot,
 4359     const char *keyfile,
 4360     size_t keyfile_size,
 4361     uint64_t keyfile_offset,
 4362     uint32_t flags)
 4363 {
 4364     char *passphrase_read = NULL;
 4365     size_t passphrase_size_read;
 4366     int r;
 4367 
 4368     if (!cd || !keyfile ||
 4369         ((flags & CRYPT_ACTIVATE_KEYRING_KEY) && !crypt_use_keyring_for_vk(cd)))
 4370         return -EINVAL;
 4371 
 4372     log_dbg(cd, "%s volume %s [keyslot %d] using keyfile %s.",
 4373         name ? "Activating" : "Checking", name ?: "passphrase", keyslot, keyfile);
 4374 
 4375     r = _activate_check_status(cd, name, flags & CRYPT_ACTIVATE_REFRESH);
 4376     if (r < 0)
 4377         return r;
 4378 
 4379     r = crypt_keyfile_device_read(cd, keyfile,
 4380                 &passphrase_read, &passphrase_size_read,
 4381                 keyfile_offset, keyfile_size, 0);
 4382     if (r < 0)
 4383         goto out;
 4384 
 4385     if (isLOOPAES(cd->type))
 4386         r = _activate_loopaes(cd, name, passphrase_read, passphrase_size_read, flags);
 4387     else
 4388         r = _activate_by_passphrase(cd, name, keyslot, passphrase_read, passphrase_size_read, flags);
 4389 
 4390 out:
 4391     crypt_safe_free(passphrase_read);
 4392     return r;
 4393 }
 4394 
 4395 int crypt_activate_by_keyfile(struct crypt_device *cd,
 4396     const char *name,
 4397     int keyslot,
 4398     const char *keyfile,
 4399     size_t keyfile_size,
 4400     uint32_t flags)
 4401 {
 4402     return crypt_activate_by_keyfile_device_offset(cd, name, keyslot, keyfile,
 4403                     keyfile_size, 0, flags);
 4404 }
 4405 
 4406 int crypt_activate_by_keyfile_offset(struct crypt_device *cd,
 4407     const char *name,
 4408     int keyslot,
 4409     const char *keyfile,
 4410     size_t keyfile_size,
 4411     size_t keyfile_offset,
 4412     uint32_t flags)
 4413 {
 4414     return crypt_activate_by_keyfile_device_offset(cd, name, keyslot, keyfile,
 4415                     keyfile_size, keyfile_offset, flags);
 4416 }
 4417 int crypt_activate_by_volume_key(struct crypt_device *cd,
 4418     const char *name,
 4419     const char *volume_key,
 4420     size_t volume_key_size,
 4421     uint32_t flags)
 4422 {
 4423     bool use_keyring;
 4424     struct volume_key *vk = NULL;
 4425     int r;
 4426 
 4427     if (!cd ||
 4428         ((flags & CRYPT_ACTIVATE_KEYRING_KEY) && !crypt_use_keyring_for_vk(cd)))
 4429         return -EINVAL;
 4430 
 4431     log_dbg(cd, "%s volume %s by volume key.", name ? "Activating" : "Checking",
 4432         name ?: "");
 4433 
 4434     r = _activate_check_status(cd, name, flags & CRYPT_ACTIVATE_REFRESH);
 4435     if (r < 0)
 4436         return r;
 4437 
 4438     r = _check_header_data_overlap(cd, name);
 4439     if (r < 0)
 4440         return r;
 4441 
 4442     /* use key directly, no hash */
 4443     if (isPLAIN(cd->type)) {
 4444         if (!name)
 4445             return -EINVAL;
 4446 
 4447         if (!volume_key || !volume_key_size || volume_key_size != cd->u.plain.key_size) {
 4448             log_err(cd, _("Incorrect volume key specified for plain device."));
 4449             return -EINVAL;
 4450         }
 4451 
 4452         vk = crypt_alloc_volume_key(volume_key_size, volume_key);
 4453         if (!vk)
 4454             return -ENOMEM;
 4455 
 4456         r = PLAIN_activate(cd, name, vk, cd->u.plain.hdr.size, flags);
 4457     } else if (isLUKS1(cd->type)) {
 4458         /* If key is not provided, try to use internal key */
 4459         if (!volume_key) {
 4460             if (!cd->volume_key) {
 4461                 log_err(cd, _("Volume key does not match the volume."));
 4462                 return -EINVAL;
 4463             }
 4464             volume_key_size = cd->volume_key->keylength;
 4465             volume_key = cd->volume_key->key;
 4466         }
 4467 
 4468         vk = crypt_alloc_volume_key(volume_key_size, volume_key);
 4469         if (!vk)
 4470             return -ENOMEM;
 4471         r = LUKS_verify_volume_key(&cd->u.luks1.hdr, vk);
 4472 
 4473         if (r == -EPERM)
 4474             log_err(cd, _("Volume key does not match the volume."));
 4475 
 4476         if (!r && name)
 4477             r = LUKS1_activate(cd, name, vk, flags);
 4478     } else if (isLUKS2(cd->type)) {
 4479         /* If key is not provided, try to use internal key */
 4480         if (!volume_key) {
 4481             if (!cd->volume_key) {
 4482                 log_err(cd, _("Volume key does not match the volume."));
 4483                 return -EINVAL;
 4484             }
 4485             volume_key_size = cd->volume_key->keylength;
 4486             volume_key = cd->volume_key->key;
 4487         }
 4488 
 4489         vk = crypt_alloc_volume_key(volume_key_size, volume_key);
 4490         if (!vk)
 4491             return -ENOMEM;
 4492 
 4493         r = LUKS2_digest_verify_by_segment(cd, &cd->u.luks2.hdr, CRYPT_DEFAULT_SEGMENT, vk);
 4494         if (r == -EPERM || r == -ENOENT)
 4495             log_err(cd, _("Volume key does not match the volume."));
 4496         if (r > 0)
 4497             r = 0;
 4498 
 4499         if (!crypt_use_keyring_for_vk(cd))
 4500             use_keyring = false;
 4501         else
 4502             use_keyring = (name && !crypt_is_cipher_null(crypt_get_cipher(cd))) || (flags & CRYPT_ACTIVATE_KEYRING_KEY);
 4503 
 4504         if (!r && use_keyring) {
 4505             r = LUKS2_key_description_by_segment(cd,
 4506                 &cd->u.luks2.hdr, vk, CRYPT_DEFAULT_SEGMENT);
 4507             if (!r)
 4508                 r = crypt_volume_key_load_in_keyring(cd, vk);
 4509             if (!r)
 4510                 flags |= CRYPT_ACTIVATE_KEYRING_KEY;
 4511         }
 4512 
 4513         if (!r && name)
 4514             r = LUKS2_activate(cd, name, vk, flags);
 4515     } else if (isVERITY(cd->type)) {
 4516         r = crypt_activate_by_signed_key(cd, name, volume_key, volume_key_size, NULL, 0, flags);
 4517     } else if (isTCRYPT(cd->type)) {
 4518         if (!name)
 4519             return 0;
 4520         r = TCRYPT_activate(cd, name, &cd->u.tcrypt.hdr,
 4521                     &cd->u.tcrypt.params, flags);
 4522     } else if (isINTEGRITY(cd->type)) {
 4523         if (!name)
 4524             return 0;
 4525         if (volume_key) {
 4526             vk = crypt_alloc_volume_key(volume_key_size, volume_key);
 4527             if (!vk)
 4528                 return -ENOMEM;
 4529         }
 4530         r = INTEGRITY_activate(cd, name, &cd->u.integrity.params, vk,
 4531                        cd->u.integrity.journal_crypt_key,
 4532                        cd->u.integrity.journal_mac_key, flags,
 4533                        cd->u.integrity.sb_flags);
 4534     } else if (isBITLK(cd->type)) {
 4535         r = BITLK_activate_by_volume_key(cd, name, volume_key, volume_key_size,
 4536                          &cd->u.bitlk.params, flags);
 4537     } else {
 4538         log_err(cd, _("Device type is not properly initialized."));
 4539         r = -EINVAL;
 4540     }
 4541 
 4542     if (r < 0)
 4543         crypt_drop_keyring_key(cd, vk);
 4544     crypt_free_volume_key(vk);
 4545 
 4546     return r;
 4547 }
 4548 
 4549 int crypt_activate_by_signed_key(struct crypt_device *cd,
 4550     const char *name,
 4551     const char *volume_key,
 4552     size_t volume_key_size,
 4553     const char *signature,
 4554     size_t signature_size,
 4555     uint32_t flags)
 4556 {
 4557     char description[512];
 4558     int r;
 4559 
 4560     if (!cd || !isVERITY(cd->type))
 4561         return -EINVAL;
 4562 
 4563     if (!volume_key || !volume_key_size || (!name && signature)) {
 4564         log_err(cd, _("Incorrect root hash specified for verity device."));
 4565         return -EINVAL;
 4566     }
 4567 
 4568     log_dbg(cd, "%s volume %s by %skey.", name ? "Activating" : "Checking", name ?: "", signature ? "signed " : "");
 4569 
 4570     if (cd->u.verity.hdr.flags & CRYPT_VERITY_ROOT_HASH_SIGNATURE && !signature) {
 4571         log_err(cd, _("Root hash signature required."));
 4572         return -EINVAL;
 4573     }
 4574 
 4575     r = _activate_check_status(cd, name, flags & CRYPT_ACTIVATE_REFRESH);
 4576     if (r < 0)
 4577         return r;
 4578 
 4579     if (signature && !kernel_keyring_support()) {
 4580         log_err(cd, _("Kernel keyring missing: required for passing signature to kernel."));
 4581         return -EINVAL;
 4582     }
 4583 
 4584     /* volume_key == root hash */
 4585     free(CONST_CAST(void*)cd->u.verity.root_hash);
 4586     cd->u.verity.root_hash = NULL;
 4587 
 4588     if (signature) {
 4589         r = snprintf(description, sizeof(description)-1, "cryptsetup:%s%s%s",
 4590                  crypt_get_uuid(cd) ?: "", crypt_get_uuid(cd) ? "-" : "", name);
 4591         if (r < 0)
 4592             return -EINVAL;
 4593 
 4594         log_dbg(cd, "Adding signature into keyring %s", description);
 4595         r = keyring_add_key_in_thread_keyring(USER_KEY, description, signature, signature_size);
 4596         if (r) {
 4597             log_err(cd, _("Failed to load key in kernel keyring."));
 4598             return r;
 4599         }
 4600     }
 4601 
 4602     r = VERITY_activate(cd, name, volume_key, volume_key_size,
 4603                 signature ? description : NULL,
 4604                 cd->u.verity.fec_device,
 4605                 &cd->u.verity.hdr, flags | CRYPT_ACTIVATE_READONLY);
 4606 
 4607     if (!r) {
 4608         cd->u.verity.root_hash_size = volume_key_size;
 4609         cd->u.verity.root_hash = malloc(volume_key_size);
 4610         if (cd->u.verity.root_hash)
 4611             memcpy(CONST_CAST(void*)cd->u.verity.root_hash, volume_key, volume_key_size);
 4612     }
 4613 
 4614     if (signature)
 4615         crypt_drop_keyring_key_by_description(cd, description, USER_KEY);
 4616 
 4617     return r;
 4618 }
 4619 
 4620 int crypt_deactivate_by_name(struct crypt_device *cd, const char *name, uint32_t flags)
 4621 {
 4622     struct crypt_device *fake_cd = NULL;
 4623     struct luks2_hdr *hdr2 = NULL;
 4624     struct crypt_dm_active_device dmd = {};
 4625     int r;
 4626     uint32_t get_flags = DM_ACTIVE_DEVICE | DM_ACTIVE_UUID | DM_ACTIVE_HOLDERS;
 4627 
 4628     if (!name)
 4629         return -EINVAL;
 4630 
 4631     if ((flags & CRYPT_DEACTIVATE_DEFERRED) && (flags & CRYPT_DEACTIVATE_DEFERRED_CANCEL))
 4632         return -EINVAL;
 4633 
 4634     log_dbg(cd, "Deactivating volume %s.", name);
 4635 
 4636     if (!cd) {
 4637         r = crypt_init_by_name(&fake_cd, name);
 4638         if (r < 0)
 4639             return r;
 4640         cd = fake_cd;
 4641     }
 4642 
 4643     /* skip holders detection and early abort when some flags raised */
 4644     if (flags & (CRYPT_DEACTIVATE_FORCE | CRYPT_DEACTIVATE_DEFERRED | CRYPT_DEACTIVATE_DEFERRED_CANCEL))
 4645         get_flags &= ~DM_ACTIVE_HOLDERS;
 4646 
 4647     switch (crypt_status(cd, name)) {
 4648         case CRYPT_ACTIVE:
 4649         case CRYPT_BUSY:
 4650             if (flags & CRYPT_DEACTIVATE_DEFERRED_CANCEL) {
 4651                 r = dm_cancel_deferred_removal(name);
 4652                 if (r < 0)
 4653                     log_err(cd, _("Could not cancel deferred remove from device %s."), name);
 4654                 break;
 4655             }
 4656 
 4657             r = dm_query_device(cd, name, get_flags, &dmd);
 4658             if (r >= 0) {
 4659                 if (dmd.holders) {
 4660                     log_err(cd, _("Device %s is still in use."), name);
 4661                     r = -EBUSY;
 4662                     break;
 4663                 }
 4664             }
 4665 
 4666             if (isLUKS2(cd->type))
 4667                 hdr2 = crypt_get_hdr(cd, CRYPT_LUKS2);
 4668 
 4669             if ((dmd.uuid && !strncmp(CRYPT_LUKS2, dmd.uuid, sizeof(CRYPT_LUKS2)-1)) || hdr2)
 4670                 r = LUKS2_deactivate(cd, name, hdr2, &dmd, flags);
 4671             else if (isTCRYPT(cd->type))
 4672                 r = TCRYPT_deactivate(cd, name, flags);
 4673             else
 4674                 r = dm_remove_device(cd, name, flags);
 4675             if (r < 0 && crypt_status(cd, name) == CRYPT_BUSY) {
 4676                 log_err(cd, _("Device %s is still in use."), name);
 4677                 r = -EBUSY;
 4678             }
 4679             break;
 4680         case CRYPT_INACTIVE:
 4681             log_err(cd, _("Device %s is not active."), name);
 4682             r = -ENODEV;
 4683             break;
 4684         default:
 4685             log_err(cd, _("Invalid device %s."), name);
 4686             r = -EINVAL;
 4687     }
 4688 
 4689     dm_targets_free(cd, &dmd);
 4690     free(CONST_CAST(void*)dmd.uuid);
 4691     crypt_free(fake_cd);
 4692 
 4693     return r;
 4694 }
 4695 
 4696 int crypt_deactivate(struct crypt_device *cd, const char *name)
 4697 {
 4698     return crypt_deactivate_by_name(cd, name, 0);
 4699 }
 4700 
 4701 int crypt_get_active_device(struct crypt_device *cd, const char *name,
 4702                 struct crypt_active_device *cad)
 4703 {
 4704     int r;
 4705     struct crypt_dm_active_device dmd, dmdi = {};
 4706     const char *namei = NULL;
 4707     struct dm_target *tgt = &dmd.segment;
 4708     uint64_t min_offset = UINT64_MAX;
 4709 
 4710     if (!cd || !name || !cad)
 4711         return -EINVAL;
 4712 
 4713     r = dm_query_device(cd, name, DM_ACTIVE_DEVICE, &dmd);
 4714     if (r < 0)
 4715         return r;
 4716 
 4717     /* For LUKS2 with integrity we need flags from underlying dm-integrity */
 4718     if (isLUKS2(cd->type) && crypt_get_integrity_tag_size(cd) && single_segment(&dmd)) {
 4719         namei = device_dm_name(tgt->data_device);
 4720         if (namei && dm_query_device(cd, namei, 0, &dmdi) >= 0)
 4721             dmd.flags |= dmdi.flags;
 4722     }
 4723 
 4724     if (cd && isTCRYPT(cd->type)) {
 4725         cad->offset = TCRYPT_get_data_offset(cd, &cd->u.tcrypt.hdr, &cd->u.tcrypt.params);
 4726         cad->iv_offset  = TCRYPT_get_iv_offset(cd, &cd->u.tcrypt.hdr, &cd->u.tcrypt.params);
 4727     } else {
 4728         while (tgt) {
 4729             if (tgt->type == DM_CRYPT && (min_offset > tgt->u.crypt.offset)) {
 4730                 min_offset = tgt->u.crypt.offset;
 4731                 cad->iv_offset = tgt->u.crypt.iv_offset;
 4732             } else if (tgt->type == DM_INTEGRITY && (min_offset > tgt->u.integrity.offset)) {
 4733                 min_offset = tgt->u.integrity.offset;
 4734                 cad->iv_offset = 0;
 4735             } else if (tgt->type == DM_LINEAR && (min_offset > tgt->u.linear.offset)) {
 4736                 min_offset = tgt->u.linear.offset;
 4737                 cad->iv_offset = 0;
 4738             }
 4739             tgt = tgt->next;
 4740         }
 4741     }
 4742 
 4743     if (min_offset != UINT64_MAX)
 4744         cad->offset = min_offset;
 4745 
 4746     cad->size   = dmd.size;
 4747     cad->flags  = dmd.flags;
 4748 
 4749     r = 0;
 4750     dm_targets_free(cd, &dmd);
 4751     dm_targets_free(cd, &dmdi);
 4752 
 4753     return r;
 4754 }
 4755 
 4756 uint64_t crypt_get_active_integrity_failures(struct crypt_device *cd, const char *name)
 4757 {
 4758     struct crypt_dm_active_device dmd;
 4759     uint64_t failures = 0;
 4760 
 4761     if (!name)
 4762         return 0;
 4763 
 4764     /* LUKS2 / dm-crypt does not provide this count. */
 4765     if (dm_query_device(cd, name, 0, &dmd) < 0)
 4766         return 0;
 4767 
 4768     if (single_segment(&dmd) && dmd.segment.type == DM_INTEGRITY)
 4769         (void)dm_status_integrity_failures(cd, name, &failures);
 4770 
 4771     dm_targets_free(cd, &dmd);
 4772 
 4773     return failures;
 4774 }
 4775 
 4776 /*
 4777  * Volume key handling
 4778  */
 4779 int crypt_volume_key_get(struct crypt_device *cd,
 4780     int keyslot,
 4781     char *volume_key,
 4782     size_t *volume_key_size,
 4783     const char *passphrase,
 4784     size_t passphrase_size)
 4785 {
 4786     struct volume_key *vk = NULL;
 4787     int key_len, r = -EINVAL;
 4788 
 4789     if (!cd || !volume_key || !volume_key_size || (!isTCRYPT(cd->type) && !isVERITY(cd->type) && !passphrase))
 4790         return -EINVAL;
 4791 
 4792     if (isLUKS2(cd->type) && keyslot != CRYPT_ANY_SLOT)
 4793         key_len = LUKS2_get_keyslot_stored_key_size(&cd->u.luks2.hdr, keyslot);
 4794     else
 4795         key_len = crypt_get_volume_key_size(cd);
 4796 
 4797     if (key_len < 0)
 4798         return -EINVAL;
 4799 
 4800     if (key_len > (int)*volume_key_size) {
 4801         log_err(cd, _("Volume key buffer too small."));
 4802         return -ENOMEM;
 4803     }
 4804 
 4805     if (isPLAIN(cd->type) && cd->u.plain.hdr.hash) {
 4806         r = process_key(cd, cd->u.plain.hdr.hash, key_len,
 4807                 passphrase, passphrase_size, &vk);
 4808         if (r < 0)
 4809             log_err(cd, _("Cannot retrieve volume key for plain device."));
 4810     } else if (isLUKS1(cd->type)) {
 4811         r = LUKS_open_key_with_hdr(keyslot, passphrase,
 4812                     passphrase_size, &cd->u.luks1.hdr, &vk, cd);
 4813     } else if (isLUKS2(cd->type)) {
 4814         r = LUKS2_keyslot_open(cd, keyslot,
 4815                 keyslot == CRYPT_ANY_SLOT ? CRYPT_DEFAULT_SEGMENT : CRYPT_ANY_SEGMENT,
 4816                 passphrase, passphrase_size, &vk);
 4817     } else if (isTCRYPT(cd->type)) {
 4818         r = TCRYPT_get_volume_key(cd, &cd->u.tcrypt.hdr, &cd->u.tcrypt.params, &vk);
 4819     } else if (isVERITY(cd->type)) {
 4820         /* volume_key == root hash */
 4821         if (cd->u.verity.root_hash) {
 4822             memcpy(volume_key, cd->u.verity.root_hash, cd->u.verity.root_hash_size);
 4823             *volume_key_size = cd->u.verity.root_hash_size;
 4824             r = 0;
 4825         } else
 4826             log_err(cd, _("Cannot retrieve root hash for verity device."));
 4827     } else if (isBITLK(cd->type)) {
 4828         r = BITLK_get_volume_key(cd, passphrase, passphrase_size, &cd->u.bitlk.params, &vk);
 4829     } else
 4830         log_err(cd, _("This operation is not supported for %s crypt device."), cd->type ?: "(none)");
 4831 
 4832     if (r >= 0 && vk) {
 4833         memcpy(volume_key, vk->key, vk->keylength);
 4834         *volume_key_size = vk->keylength;
 4835     }
 4836 
 4837     crypt_free_volume_key(vk);
 4838     return r;
 4839 }
 4840 
 4841 int crypt_volume_key_verify(struct crypt_device *cd,
 4842     const char *volume_key,
 4843     size_t volume_key_size)
 4844 {
 4845     struct volume_key *vk;
 4846     int r;
 4847 
 4848     if ((r = _onlyLUKS(cd, CRYPT_CD_UNRESTRICTED)))
 4849         return r;
 4850 
 4851     vk = crypt_alloc_volume_key(volume_key_size, volume_key);
 4852     if (!vk)
 4853         return -ENOMEM;
 4854 
 4855     if (isLUKS1(cd->type))
 4856         r = LUKS_verify_volume_key(&cd->u.luks1.hdr, vk);
 4857     else if (isLUKS2(cd->type))
 4858         r = LUKS2_digest_verify_by_segment(cd, &cd->u.luks2.hdr, CRYPT_DEFAULT_SEGMENT, vk);
 4859     else
 4860         r = -EINVAL;
 4861 
 4862 
 4863     if (r == -EPERM)
 4864         log_err(cd, _("Volume key does not match the volume."));
 4865 
 4866     crypt_free_volume_key(vk);
 4867 
 4868     return r >= 0 ? 0 : r;
 4869 }
 4870 
 4871 /*
 4872  * RNG and memory locking
 4873  */
 4874 void crypt_set_rng_type(struct crypt_device *cd, int rng_type)
 4875 {
 4876     if (!cd)
 4877         return;
 4878 
 4879     switch (rng_type) {
 4880     case CRYPT_RNG_URANDOM:
 4881     case CRYPT_RNG_RANDOM:
 4882         log_dbg(cd, "RNG set to %d (%s).", rng_type, rng_type ? "random" : "urandom");
 4883         cd->rng_type = rng_type;
 4884     }
 4885 }
 4886 
 4887 int crypt_get_rng_type(struct crypt_device *cd)
 4888 {
 4889     if (!cd)
 4890         return -EINVAL;
 4891 
 4892     return cd->rng_type;
 4893 }
 4894 
 4895 int crypt_memory_lock(struct crypt_device *cd, int lock)
 4896 {
 4897     return lock ? crypt_memlock_inc(cd) : crypt_memlock_dec(cd);
 4898 }
 4899 
 4900 void crypt_set_compatibility(struct crypt_device *cd, uint32_t flags)
 4901 {
 4902     if (cd)
 4903         cd->compatibility = flags;
 4904 }
 4905 
 4906 uint32_t crypt_get_compatibility(struct crypt_device *cd)
 4907 {
 4908     if (cd)
 4909         return cd->compatibility;
 4910 
 4911     return 0;
 4912 }
 4913 
 4914 /*
 4915  * Reporting
 4916  */
 4917 crypt_status_info crypt_status(struct crypt_device *cd, const char *name)
 4918 {
 4919     int r;
 4920 
 4921     if (!name)
 4922         return CRYPT_INVALID;
 4923 
 4924     if (!cd)
 4925         dm_backend_init(cd);
 4926 
 4927     r = dm_status_device(cd, name);
 4928 
 4929     if (!cd)
 4930         dm_backend_exit(cd);
 4931 
 4932     if (r < 0 && r != -ENODEV)
 4933         return CRYPT_INVALID;
 4934 
 4935     if (r == 0)
 4936         return CRYPT_ACTIVE;
 4937 
 4938     if (r > 0)
 4939         return CRYPT_BUSY;
 4940 
 4941     return CRYPT_INACTIVE;
 4942 }
 4943 
 4944 </