/** * Opens the device with the specified flags. * * The length parameter is set to the amount of space in the gap between the * end of the last slot and the start of the encrypted data. * * The function returns either the file descriptor positioned to the start of * the hole or a negative errno. */ static int open_hole(struct crypt_device *cd, int flags, uint32_t *length) { const char *name = NULL; const char *type = NULL; uint64_t hole = 0; uint64_t data = 0; int fd = 0; int r = 0; type = crypt_get_type(cd); if (!type || strcmp(CRYPT_LUKS1, type) != 0) return -ENOTSUP; data = crypt_get_data_offset(cd) * 512; if (data < 4096) return -ENOSPC; for (int slot = 0; slot < LUKS_NSLOTS; slot++) { uint64_t off = 0; uint64_t len = 0; r = crypt_keyslot_area(cd, slot, &off, &len); if (r < 0) return r; if (hole < off + len) hole = ALIGN(off + len, true); } if (hole == 0) return -ENOTSUP; if (hole >= data) return -ENOSPC; name = crypt_get_device_name(cd); if (!name) return -ENOTSUP; fd = open(name, flags); if (fd < 0) return -errno; if (lseek(fd, hole, SEEK_SET) == -1) { close(fd); return -errno; } *length = ALIGN(data - hole, false); return fd; }
int LUKS1_activate(struct crypt_device *cd, const char *name, struct volume_key *vk, uint32_t flags) { int r; struct crypt_dm_active_device dmd = { .flags = flags, .uuid = crypt_get_uuid(cd), }; r = dm_crypt_target_set(&dmd.segment, 0, dmd.size, crypt_data_device(cd), vk, crypt_get_cipher_spec(cd), crypt_get_iv_offset(cd), crypt_get_data_offset(cd), crypt_get_integrity(cd), crypt_get_integrity_tag_size(cd), crypt_get_sector_size(cd)); if (!r) r = create_or_reload_device(cd, name, CRYPT_LUKS1, &dmd); dm_targets_free(cd, &dmd); return r; }
static string_t _get_crypto_info_from_cryptsetup( const char * mapper ) { char buff[ SIZE ] ; char * buffer = buff ; const char * z ; const char * type ; uint64_t e ; string_t q ; string_t p ; int k ; int i = 0 ; int j ; crypt_status_info info ; struct crypt_device * cd ; struct crypt_active_device cad ; if( crypt_init_by_name( &cd,mapper ) != 0 ){ return StringVoid ; } p = String( mapper ) ; info = crypt_status( cd,mapper ) ; switch( info ){ case CRYPT_INACTIVE : StringAppend( p," is inactive.\n" ) ; break ; case CRYPT_INVALID : StringAppend( p," is invalid.\n" ) ; break ; case CRYPT_ACTIVE : StringAppend( p," is active.\n" ) ; break ; case CRYPT_BUSY : StringAppend( p," is active and is in use.\n" ) ; break ; default : StringAppend( p," is invalid.\n" ) ; } if( info == CRYPT_ACTIVE || info == CRYPT_BUSY ){ StringAppend( p," type: \t" ) ; type = crypt_get_type( cd ) ; if( type != NULL ){ q = String( type ) ; StringAppend( p,StringToLowerCase( q ) ) ; StringDelete( &q ) ; }else{ q = _get_type_from_udev_1( mapper ) ; StringAppendString( p,q ) ; StringDelete( &q ) ; } z = crypt_get_cipher( cd ) ; if( z != NULL ){ StringMultipleAppend( p,"\n cipher:\t",z,"-",NULL ) ; }else{ StringAppend( p,"\n cipher:\tNil-" ) ; } z = crypt_get_cipher_mode( cd ) ; if( z != NULL ){ StringAppend( p,z ) ; }else{ StringAppend( p,"Nil" ) ; } z = StringIntToString_1( buffer,SIZE,8 * crypt_get_volume_key_size( cd ) ) ; StringMultipleAppend( p,"\n keysize:\t",z," bits",NULL ) ; e = crypt_get_data_offset( cd ) ; z = StringIntToString_1( buffer,SIZE,e ) ; StringMultipleAppend( p,"\n offset:\t",z," sectors",NULL ) ; zuluCryptFormatSize( e * 512,buffer,SIZE ) ; StringMultipleAppend( p," / ",buffer,NULL ) ; _device_info( p,crypt_get_device_name( cd ) ) ; crypt_get_active_device( NULL,mapper,&cad ) ; if( cad.flags == 1 ){ StringAppend( p,"\n mode: \tread only" ) ; }else{ StringAppend( p,"\n mode: \tread and write" ) ; } k = crypt_keyslot_max( crypt_get_type( cd ) ) ; if( k > 0 ){ i = 0 ; for( j = 0 ; j < k ; j++ ){ switch( crypt_keyslot_status( cd,j ) ){ case CRYPT_SLOT_ACTIVE_LAST : i++ ; break ; case CRYPT_SLOT_ACTIVE : i++ ; break ; default : ; } } StringMultipleAppend( p,"\n active slots:\t",StringIntToString_1( buffer,SIZE,i ),NULL ) ; StringMultipleAppend( p," / ",StringIntToString_1( buffer,SIZE,k ),NULL ) ; }else{ StringAppend( p,"\n active slots:\tNil" ) ; } } crypt_free( cd ) ; return p ; }
static int backup_luks_headers(struct reenc_ctx *rc) { struct crypt_device *cd = NULL; struct crypt_params_luks1 params = {0}; char cipher [MAX_CIPHER_LEN], cipher_mode[MAX_CIPHER_LEN]; char *old_key = NULL; size_t old_key_size; int r; log_dbg("Creating LUKS header backup for device %s.", rc->device); if ((r = crypt_init(&cd, rc->device)) || (r = crypt_load(cd, CRYPT_LUKS1, NULL))) goto out; crypt_set_confirm_callback(cd, NULL, NULL); if ((r = crypt_header_backup(cd, CRYPT_LUKS1, rc->header_file_org))) goto out; log_verbose(_("LUKS header backup of device %s created.\n"), rc->device); /* For decrypt, new header will be fake one, so we are done here. */ if (rc->reencrypt_mode == DECRYPT) goto out; if ((r = create_empty_header(rc->header_file_new, rc->header_file_org, crypt_get_data_offset(cd)))) goto out; params.hash = opt_hash ?: DEFAULT_LUKS1_HASH; params.data_alignment = crypt_get_data_offset(cd); params.data_alignment += ROUND_SECTOR(opt_reduce_size); params.data_device = rc->device; if (opt_cipher) { r = crypt_parse_name_and_mode(opt_cipher, cipher, NULL, cipher_mode); if (r < 0) { log_err(_("No known cipher specification pattern detected.\n")); goto out; } } if (opt_keep_key) { log_dbg("Keeping key from old header."); old_key_size = crypt_get_volume_key_size(cd); old_key = crypt_safe_alloc(old_key_size); if (!old_key) { r = -ENOMEM; goto out; } r = crypt_volume_key_get(cd, CRYPT_ANY_SLOT, old_key, &old_key_size, rc->p[rc->keyslot].password, rc->p[rc->keyslot].passwordLen); if (r < 0) goto out; } r = create_new_header(rc, opt_cipher ? cipher : crypt_get_cipher(cd), opt_cipher ? cipher_mode : crypt_get_cipher_mode(cd), crypt_get_uuid(cd), old_key, opt_key_size ? opt_key_size / 8 : crypt_get_volume_key_size(cd), ¶ms); out: crypt_free(cd); crypt_safe_free(old_key); if (r) log_err(_("Creation of LUKS backup headers failed.\n")); return r; }