/* * loop-AES compatible volume handling * * Copyright (C) 2011-2024 Red Hat, Inc. All rights reserved. * Copyright (C) 2011-2024 Milan Broz * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This file is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this file; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ #include #include #include #include #include "libcryptsetup.h" #include "loopaes.h" #include "internal.h" static const char *get_hash(unsigned int key_size) { const char *hash; switch (key_size) { case 16: hash = "sha256"; break; case 24: hash = "sha384"; break; case 32: hash = "sha512"; break; default: hash = NULL; } return hash; } static unsigned char get_tweak(unsigned int keys_count) { switch (keys_count) { case 64: return 0x55; case 65: return 0xF4; default: break; } return 0x00; } static int hash_key(const char *src, size_t src_len, char *dst, size_t dst_len, const char *hash_name) { struct crypt_hash *hd = NULL; int r; if (crypt_hash_init(&hd, hash_name)) return -EINVAL; r = crypt_hash_write(hd, src, src_len); if (!r) r = crypt_hash_final(hd, dst, dst_len); crypt_hash_destroy(hd); return r; } static int hash_keys(struct crypt_device *cd, struct volume_key **vk, const char *hash_override, const char **input_keys, unsigned int keys_count, unsigned int key_len_output, unsigned int key_len_input) { const char *hash_name; char tweak, *key_ptr; unsigned int i; int r = 0; hash_name = hash_override ?: get_hash(key_len_output); tweak = get_tweak(keys_count); if (!keys_count || !key_len_output || !hash_name || !key_len_input) { log_err(cd, _("Key processing error (using hash %s)."), hash_name ?: "[none]"); return -EINVAL; } *vk = crypt_alloc_volume_key((size_t)key_len_output * keys_count, NULL); if (!*vk) return -ENOMEM; for (i = 0; i < keys_count; i++) { key_ptr = &(*vk)->key[i * key_len_output]; r = hash_key(input_keys[i], key_len_input, key_ptr, key_len_output, hash_name); if (r < 0) break; key_ptr[0] ^= tweak; } if (r < 0 && *vk) { crypt_free_volume_key(*vk); *vk = NULL; } return r; } static int keyfile_is_gpg(char *buffer, size_t buffer_len) { int r = 0; int index = buffer_len < 100 ? buffer_len - 1 : 100; char eos = buffer[index]; buffer[index] = '\0'; if (strstr(buffer, "BEGIN PGP MESSAGE")) r = 1; buffer[index] = eos; return r; } int LOOPAES_parse_keyfile(struct crypt_device *cd, struct volume_key **vk, const char *hash, unsigned int *keys_count, char *buffer, size_t buffer_len) { const char *keys[LOOPAES_KEYS_MAX]; unsigned int key_lengths[LOOPAES_KEYS_MAX]; unsigned int i, key_index, key_len, offset; log_dbg(cd, "Parsing loop-AES keyfile of size %zu.", buffer_len); if (!buffer_len) return -EINVAL; if (keyfile_is_gpg(buffer, buffer_len)) { log_err(cd, _("Detected not yet supported GPG encrypted keyfile.")); log_std(cd, _("Please use gpg --decrypt | cryptsetup --keyfile=- ...\n")); return -EINVAL; } /* Remove EOL in buffer */ for (i = 0; i < buffer_len; i++) if (buffer[i] == '\n' || buffer[i] == '\r') buffer[i] = '\0'; offset = 0; key_index = 0; key_lengths[0] = 0; while (offset < buffer_len && key_index < LOOPAES_KEYS_MAX) { keys[key_index] = &buffer[offset]; key_lengths[key_index] = 0;; while (offset < buffer_len && buffer[offset]) { offset++; key_lengths[key_index]++; } if (offset == buffer_len) { log_dbg(cd, "Unterminated key #%d in keyfile.", key_index); log_err(cd, _("Incompatible loop-AES keyfile detected.")); return -EINVAL; } while (offset < buffer_len && !buffer[offset]) offset++; key_index++; } /* All keys must be the same length */ key_len = key_lengths[0]; for (i = 0; i < key_index; i++) if (!key_lengths[i] || (key_lengths[i] != key_len)) { log_dbg(cd, "Unexpected length %d of key #%d (should be %d).", key_lengths[i], i, key_len); key_len = 0; break; } if (offset != buffer_len || key_len == 0 || (key_index != 1 && key_index !=64 && key_index != 65)) { log_err(cd, _("Incompatible loop-AES keyfile detected.")); return -EINVAL; } log_dbg(cd, "Keyfile: %d keys of length %d.", key_index, key_len); *keys_count = key_index; return hash_keys(cd, vk, hash, keys, key_index, crypt_get_volume_key_size(cd), key_len); } int LOOPAES_activate(struct crypt_device *cd, const char *name, const char *base_cipher, unsigned int keys_count, struct volume_key *vk, uint32_t flags) { int r; uint32_t req_flags, dmc_flags; char *cipher = NULL; struct crypt_dm_active_device dmd = { .flags = flags, }; r = device_block_adjust(cd, crypt_data_device(cd), DEV_EXCL, crypt_get_data_offset(cd), &dmd.size, &dmd.flags); if (r) return r; if (keys_count == 1) { req_flags = DM_PLAIN64_SUPPORTED; r = asprintf(&cipher, "%s-%s", base_cipher, "cbc-plain64"); } else { req_flags = DM_LMK_SUPPORTED; r = asprintf(&cipher, "%s:%d-%s", base_cipher, 64, "cbc-lmk"); } if (r < 0) return -ENOMEM; r = dm_crypt_target_set(&dmd.segment, 0, dmd.size, crypt_data_device(cd), vk, cipher, crypt_get_iv_offset(cd), crypt_get_data_offset(cd), crypt_get_integrity(cd), crypt_get_integrity_tag_size(cd), crypt_get_sector_size(cd)); if (r) { free(cipher); return r; } log_dbg(cd, "Trying to activate loop-AES device %s using cipher %s.", name, cipher); r = dm_create_device(cd, name, CRYPT_LOOPAES, &dmd); if (r < 0 && !dm_flags(cd, DM_CRYPT, &dmc_flags) && (dmc_flags & req_flags) != req_flags) { log_err(cd, _("Kernel does not support loop-AES compatible mapping.")); r = -ENOTSUP; } dm_targets_free(cd, &dmd); free(cipher); return r; }