summaryrefslogtreecommitdiffstats
path: root/lib/verity/verity_hash.c
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-17 08:06:26 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-17 08:06:26 +0000
commit1660d4b7a65d9ad2ce0deaa19d35579ca4084ac5 (patch)
tree6cf8220b628ebd2ccfc1375dd6516c6996e9abcc /lib/verity/verity_hash.c
parentInitial commit. (diff)
downloadcryptsetup-1660d4b7a65d9ad2ce0deaa19d35579ca4084ac5.tar.xz
cryptsetup-1660d4b7a65d9ad2ce0deaa19d35579ca4084ac5.zip
Adding upstream version 2:2.6.1.upstream/2%2.6.1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'lib/verity/verity_hash.c')
-rw-r--r--lib/verity/verity_hash.c444
1 files changed, 444 insertions, 0 deletions
diff --git a/lib/verity/verity_hash.c b/lib/verity/verity_hash.c
new file mode 100644
index 0000000..f33b737
--- /dev/null
+++ b/lib/verity/verity_hash.c
@@ -0,0 +1,444 @@
+/*
+ * dm-verity volume handling
+ *
+ * Copyright (C) 2012-2023 Red Hat, Inc. All rights reserved.
+ *
+ * This file is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This file is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this file; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include "verity.h"
+#include "internal.h"
+
+#define VERITY_MAX_LEVELS 63
+#define VERITY_MAX_DIGEST_SIZE 1024
+
+static unsigned get_bits_up(size_t u)
+{
+ unsigned i = 0;
+ while ((1U << i) < u)
+ i++;
+ return i;
+}
+
+static unsigned get_bits_down(size_t u)
+{
+ unsigned i = 0;
+ while ((u >> i) > 1U)
+ i++;
+ return i;
+}
+
+static int verify_zero(struct crypt_device *cd, FILE *wr, size_t bytes)
+{
+ char *block = NULL;
+ size_t i;
+ int r;
+
+ block = malloc(bytes);
+ if (!block)
+ return -ENOMEM;
+
+ if (fread(block, bytes, 1, wr) != 1) {
+ log_dbg(cd, "EIO while reading spare area.");
+ r = -EIO;
+ goto out;
+ }
+ for (i = 0; i < bytes; i++)
+ if (block[i]) {
+ log_err(cd, _("Spare area is not zeroed at position %" PRIu64 "."),
+ ftello(wr) - bytes);
+ r = -EPERM;
+ goto out;
+ }
+ r = 0;
+out:
+ free(block);
+ return r;
+}
+
+static int verify_hash_block(const char *hash_name, int version,
+ char *hash, size_t hash_size,
+ const char *data, size_t data_size,
+ const char *salt, size_t salt_size)
+{
+ struct crypt_hash *ctx = NULL;
+ int r;
+
+ if (crypt_hash_init(&ctx, hash_name))
+ return -EINVAL;
+
+ if (version == 1 && (r = crypt_hash_write(ctx, salt, salt_size)))
+ goto out;
+
+ if ((r = crypt_hash_write(ctx, data, data_size)))
+ goto out;
+
+ if (version == 0 && (r = crypt_hash_write(ctx, salt, salt_size)))
+ goto out;
+
+ r = crypt_hash_final(ctx, hash, hash_size);
+out:
+ crypt_hash_destroy(ctx);
+ return r;
+}
+
+static int hash_levels(size_t hash_block_size, size_t digest_size,
+ uint64_t data_file_blocks, uint64_t *hash_position, int *levels,
+ uint64_t *hash_level_block, uint64_t *hash_level_size)
+{
+ size_t hash_per_block_bits;
+ uint64_t s, s_shift;
+ int i;
+
+ if (!digest_size)
+ return -EINVAL;
+
+ hash_per_block_bits = get_bits_down(hash_block_size / digest_size);
+ if (!hash_per_block_bits)
+ return -EINVAL;
+
+ *levels = 0;
+ while (hash_per_block_bits * *levels < 64 &&
+ (data_file_blocks - 1) >> (hash_per_block_bits * *levels))
+ (*levels)++;
+
+ if (*levels > VERITY_MAX_LEVELS)
+ return -EINVAL;
+
+ for (i = *levels - 1; i >= 0; i--) {
+ if (hash_level_block)
+ hash_level_block[i] = *hash_position;
+ // verity position of block data_file_blocks at level i
+ s_shift = (i + 1) * hash_per_block_bits;
+ if (s_shift > 63)
+ return -EINVAL;
+ s = (data_file_blocks + ((uint64_t)1 << s_shift) - 1) >> ((i + 1) * hash_per_block_bits);
+ if (hash_level_size)
+ hash_level_size[i] = s;
+ if ((*hash_position + s) < *hash_position)
+ return -EINVAL;
+ *hash_position += s;
+ }
+
+ return 0;
+}
+
+static int create_or_verify(struct crypt_device *cd, FILE *rd, FILE *wr,
+ uint64_t data_block, size_t data_block_size,
+ uint64_t hash_block, size_t hash_block_size,
+ uint64_t blocks, int version,
+ const char *hash_name, int verify,
+ char *calculated_digest, size_t digest_size,
+ const char *salt, size_t salt_size)
+{
+ char *left_block, *data_buffer;
+ char read_digest[VERITY_MAX_DIGEST_SIZE];
+ size_t hash_per_block = 1 << get_bits_down(hash_block_size / digest_size);
+ size_t digest_size_full = 1 << get_bits_up(digest_size);
+ uint64_t blocks_to_write = (blocks + hash_per_block - 1) / hash_per_block;
+ uint64_t seek_rd, seek_wr;
+ size_t left_bytes;
+ unsigned i;
+ int r;
+
+ if (digest_size > sizeof(read_digest))
+ return -EINVAL;
+
+ if (uint64_mult_overflow(&seek_rd, data_block, data_block_size) ||
+ uint64_mult_overflow(&seek_wr, hash_block, hash_block_size)) {
+ log_err(cd, _("Device offset overflow."));
+ return -EINVAL;
+ }
+
+ if (fseeko(rd, seek_rd, SEEK_SET)) {
+ log_dbg(cd, "Cannot seek to requested position in data device.");
+ return -EIO;
+ }
+
+ if (wr && fseeko(wr, seek_wr, SEEK_SET)) {
+ log_dbg(cd, "Cannot seek to requested position in hash device.");
+ return -EIO;
+ }
+
+ left_block = malloc(hash_block_size);
+ data_buffer = malloc(data_block_size);
+ if (!left_block || !data_buffer) {
+ r = -ENOMEM;
+ goto out;
+ }
+
+ memset(left_block, 0, hash_block_size);
+ while (blocks_to_write--) {
+ left_bytes = hash_block_size;
+ for (i = 0; i < hash_per_block; i++) {
+ if (!blocks)
+ break;
+ blocks--;
+ if (fread(data_buffer, data_block_size, 1, rd) != 1) {
+ log_dbg(cd, "Cannot read data device block.");
+ r = -EIO;
+ goto out;
+ }
+
+ if (verify_hash_block(hash_name, version,
+ calculated_digest, digest_size,
+ data_buffer, data_block_size,
+ salt, salt_size)) {
+ r = -EINVAL;
+ goto out;
+ }
+
+ if (!wr)
+ break;
+ if (verify) {
+ if (fread(read_digest, digest_size, 1, wr) != 1) {
+ log_dbg(cd, "Cannot read digest form hash device.");
+ r = -EIO;
+ goto out;
+ }
+ if (crypt_backend_memeq(read_digest, calculated_digest, digest_size)) {
+ log_err(cd, _("Verification failed at position %" PRIu64 "."),
+ ftello(rd) - data_block_size);
+ r = -EPERM;
+ goto out;
+ }
+ } else {
+ if (fwrite(calculated_digest, digest_size, 1, wr) != 1) {
+ log_dbg(cd, "Cannot write digest to hash device.");
+ r = -EIO;
+ goto out;
+ }
+ }
+ if (version == 0) {
+ left_bytes -= digest_size;
+ } else {
+ if (digest_size_full - digest_size) {
+ if (verify) {
+ r = verify_zero(cd, wr, digest_size_full - digest_size);
+ if (r)
+ goto out;
+ } else if (fwrite(left_block, digest_size_full - digest_size, 1, wr) != 1) {
+ log_dbg(cd, "Cannot write spare area to hash device.");
+ r = -EIO;
+ goto out;
+ }
+ }
+ left_bytes -= digest_size_full;
+ }
+ }
+ if (wr && left_bytes) {
+ if (verify) {
+ r = verify_zero(cd , wr, left_bytes);
+ if (r)
+ goto out;
+ } else if (fwrite(left_block, left_bytes, 1, wr) != 1) {
+ log_dbg(cd, "Cannot write remaining spare area to hash device.");
+ r = -EIO;
+ goto out;
+ }
+ }
+ }
+ r = 0;
+out:
+ free(left_block);
+ free(data_buffer);
+ return r;
+}
+
+static int VERITY_create_or_verify_hash(struct crypt_device *cd, bool verify,
+ struct crypt_params_verity *params,
+ char *root_hash, size_t digest_size)
+{
+ char calculated_digest[VERITY_MAX_DIGEST_SIZE];
+ FILE *data_file = NULL;
+ FILE *hash_file = NULL, *hash_file_2;
+ uint64_t hash_level_block[VERITY_MAX_LEVELS];
+ uint64_t hash_level_size[VERITY_MAX_LEVELS];
+ uint64_t data_file_blocks;
+ uint64_t data_device_offset_max = 0, hash_device_offset_max = 0;
+ uint64_t hash_position = VERITY_hash_offset_block(params);
+ uint64_t dev_size;
+ int levels, i, r;
+
+ log_dbg(cd, "Hash %s %s, data device %s, data blocks %" PRIu64
+ ", hash_device %s, offset %" PRIu64 ".",
+ verify ? "verification" : "creation", params->hash_name,
+ device_path(crypt_data_device(cd)), params->data_size,
+ device_path(crypt_metadata_device(cd)), hash_position);
+
+ if (digest_size > sizeof(calculated_digest))
+ return -EINVAL;
+
+ if (!params->data_size) {
+ r = device_size(crypt_data_device(cd), &dev_size);
+ if (r < 0)
+ return r;
+
+ data_file_blocks = dev_size / params->data_block_size;
+ } else
+ data_file_blocks = params->data_size;
+
+ if (uint64_mult_overflow(&data_device_offset_max, params->data_size, params->data_block_size)) {
+ log_err(cd, _("Device offset overflow."));
+ return -EINVAL;
+ }
+ log_dbg(cd, "Data device size required: %" PRIu64 " bytes.", data_device_offset_max);
+
+ if (hash_levels(params->hash_block_size, digest_size, data_file_blocks, &hash_position,
+ &levels, &hash_level_block[0], &hash_level_size[0])) {
+ log_err(cd, _("Hash area overflow."));
+ return -EINVAL;
+ }
+ if (uint64_mult_overflow(&hash_device_offset_max, hash_position, params->hash_block_size)) {
+ log_err(cd, _("Device offset overflow."));
+ return -EINVAL;
+ }
+ log_dbg(cd, "Hash device size required: %" PRIu64 " bytes.",
+ hash_device_offset_max - params->hash_area_offset);
+ log_dbg(cd, "Using %d hash levels.", levels);
+
+ data_file = fopen(device_path(crypt_data_device(cd)), "r");
+ if (!data_file) {
+ log_err(cd, _("Cannot open device %s."),
+ device_path(crypt_data_device(cd))
+ );
+ r = -EIO;
+ goto out;
+ }
+
+ hash_file = fopen(device_path(crypt_metadata_device(cd)), verify ? "r" : "r+");
+ if (!hash_file) {
+ log_err(cd, _("Cannot open device %s."),
+ device_path(crypt_metadata_device(cd)));
+ r = -EIO;
+ goto out;
+ }
+
+ memset(calculated_digest, 0, digest_size);
+
+ for (i = 0; i < levels; i++) {
+ if (!i) {
+ r = create_or_verify(cd, data_file, hash_file,
+ 0, params->data_block_size,
+ hash_level_block[i], params->hash_block_size,
+ data_file_blocks, params->hash_type, params->hash_name, verify,
+ calculated_digest, digest_size, params->salt, params->salt_size);
+ if (r)
+ goto out;
+ } else {
+ hash_file_2 = fopen(device_path(crypt_metadata_device(cd)), "r");
+ if (!hash_file_2) {
+ log_err(cd, _("Cannot open device %s."),
+ device_path(crypt_metadata_device(cd)));
+ r = -EIO;
+ goto out;
+ }
+ r = create_or_verify(cd, hash_file_2, hash_file,
+ hash_level_block[i - 1], params->hash_block_size,
+ hash_level_block[i], params->hash_block_size,
+ hash_level_size[i - 1], params->hash_type, params->hash_name, verify,
+ calculated_digest, digest_size, params->salt, params->salt_size);
+ fclose(hash_file_2);
+ if (r)
+ goto out;
+ }
+ }
+
+ if (levels)
+ r = create_or_verify(cd, hash_file, NULL,
+ hash_level_block[levels - 1], params->hash_block_size,
+ 0, params->hash_block_size,
+ 1, params->hash_type, params->hash_name, verify,
+ calculated_digest, digest_size, params->salt, params->salt_size);
+ else
+ r = create_or_verify(cd, data_file, NULL,
+ 0, params->data_block_size,
+ 0, params->hash_block_size,
+ data_file_blocks, params->hash_type, params->hash_name, verify,
+ calculated_digest, digest_size, params->salt, params->salt_size);
+out:
+ if (verify) {
+ if (r)
+ log_err(cd, _("Verification of data area failed."));
+ else {
+ log_dbg(cd, "Verification of data area succeeded.");
+ r = crypt_backend_memeq(root_hash, calculated_digest, digest_size) ? -EFAULT : 0;
+ if (r)
+ log_err(cd, _("Verification of root hash failed."));
+ else
+ log_dbg(cd, "Verification of root hash succeeded.");
+ }
+ } else {
+ if (r == -EIO)
+ log_err(cd, _("Input/output error while creating hash area."));
+ else if (r)
+ log_err(cd, _("Creation of hash area failed."));
+ else {
+ fsync(fileno(hash_file));
+ memcpy(root_hash, calculated_digest, digest_size);
+ }
+ }
+
+ if (data_file)
+ fclose(data_file);
+ if (hash_file)
+ fclose(hash_file);
+ return r;
+}
+
+/* Verify verity device using userspace crypto backend */
+int VERITY_verify(struct crypt_device *cd,
+ struct crypt_params_verity *verity_hdr,
+ const char *root_hash,
+ size_t root_hash_size)
+{
+ return VERITY_create_or_verify_hash(cd, 1, verity_hdr, CONST_CAST(char*)root_hash, root_hash_size);
+}
+
+/* Create verity hash */
+int VERITY_create(struct crypt_device *cd,
+ struct crypt_params_verity *verity_hdr,
+ const char *root_hash,
+ size_t root_hash_size)
+{
+ unsigned pgsize = (unsigned)crypt_getpagesize();
+
+ if (verity_hdr->salt_size > 256)
+ return -EINVAL;
+
+ if (verity_hdr->data_block_size > pgsize)
+ log_err(cd, _("WARNING: Kernel cannot activate device if data "
+ "block size exceeds page size (%u)."), pgsize);
+
+ return VERITY_create_or_verify_hash(cd, 0, verity_hdr, CONST_CAST(char*)root_hash, root_hash_size);
+}
+
+uint64_t VERITY_hash_blocks(struct crypt_device *cd, struct crypt_params_verity *params)
+{
+ uint64_t hash_position = 0;
+ int levels = 0;
+
+ if (hash_levels(params->hash_block_size, crypt_get_volume_key_size(cd),
+ params->data_size, &hash_position, &levels, NULL, NULL))
+ return 0;
+
+ return (uint64_t)hash_position;
+}