/**
* Opens the device with the specified flags.
*
* The length parameter is set to the amount of space in the gap between the
* end of the last slot and the start of the encrypted data.
*
* The function returns either the file descriptor positioned to the start of
* the hole or a negative errno.
*/
static int
open_hole(struct crypt_device *cd, int flags, uint32_t *length)
{
const char *name = NULL;
const char *type = NULL;
uint64_t hole = 0;
uint64_t data = 0;
int fd = 0;
int r = 0;
type = crypt_get_type(cd);
if (!type || strcmp(CRYPT_LUKS1, type) != 0)
return -ENOTSUP;
data = crypt_get_data_offset(cd) * 512;
if (data < 4096)
return -ENOSPC;
for (int slot = 0; slot < LUKS_NSLOTS; slot++) {
uint64_t off = 0;
uint64_t len = 0;
r = crypt_keyslot_area(cd, slot, &off, &len);
if (r < 0)
return r;
if (hole < off + len)
hole = ALIGN(off + len, true);
}
if (hole == 0)
return -ENOTSUP;
if (hole >= data)
return -ENOSPC;
name = crypt_get_device_name(cd);
if (!name)
return -ENOTSUP;
fd = open(name, flags);
if (fd < 0)
return -errno;
if (lseek(fd, hole, SEEK_SET) == -1) {
close(fd);
return -errno;
}
*length = ALIGN(data - hole, false);
return fd;
}
static char * _empty_slots( const char * device,const resolve_path_t * opts )
{
struct crypt_device * cd;
int j ;
int k ;
const char * type ;
string_t p ;
if( opts ){;}
if( crypt_init( &cd,device ) != 0 ){
return zuluExit( NULL,NULL ) ;
}
if( crypt_load( cd,NULL,NULL ) != 0 ){
return zuluExit( NULL,cd ) ;
}
type = crypt_get_type( cd ) ;
if( type == NULL ){
return zuluExit( NULL,cd ) ;
}
k = crypt_keyslot_max( type ) ;
if( k < 0 ){
return zuluExit( NULL,cd ) ;
}
p = StringEmpty() ;
for( j = 0 ; j < k ; j++ ){
switch( crypt_keyslot_status( cd,j ) ){
case CRYPT_SLOT_INACTIVE : StringAppend( p,"0" ) ; break ;
case CRYPT_SLOT_ACTIVE : StringAppend( p,"1" ) ; break ;
case CRYPT_SLOT_INVALID : StringAppend( p,"2" ) ; break ;
case CRYPT_SLOT_ACTIVE_LAST: StringAppend( p,"3" ) ; break ;
default : ;
}
}
return zuluExit( StringDeleteHandle( &p ),cd ) ;
}
char * zuluCryptGetVolumeTypeFromMapperPath( const char * mapper )
{
struct crypt_device * cd ;
const char * type ;
char * r ;
string_t st ;
if( StringPrefixNotEqual( mapper,crypt_get_dir() ) ){
return StringCopy_2( "Nil" ) ;
}
if( crypt_init_by_name( &cd,mapper ) < 0 ){
return StringCopy_2( "Nil" ) ;
}
type = crypt_get_type( cd ) ;
if( type == NULL ){
if( StringHasComponent( mapper,"veracrypt" ) ){
r = StringCopy_2( "crypto_VCRYPT" ) ;
}else if( StringHasComponent( mapper,"truecrypt" ) ){
r = StringCopy_2( "crypto_TCRYPT" ) ;
}else{
r = _get_type_from_udev( mapper ) ;
}
}else{
st = String_1( "crypto_",type,NULL ) ;
r = StringDeleteHandle( &st ) ;
}
crypt_free( cd ) ;
return r ;
}
static string_t _get_crypto_info_from_cryptsetup( const char * mapper )
{
char buff[ SIZE ] ;
char * buffer = buff ;
const char * z ;
const char * type ;
uint64_t e ;
string_t q ;
string_t p ;
int k ;
int i = 0 ;
int j ;
crypt_status_info info ;
struct crypt_device * cd ;
struct crypt_active_device cad ;
if( crypt_init_by_name( &cd,mapper ) != 0 ){
return StringVoid ;
}
p = String( mapper ) ;
info = crypt_status( cd,mapper ) ;
switch( info ){
case CRYPT_INACTIVE :
StringAppend( p," is inactive.\n" ) ;
break ;
case CRYPT_INVALID :
StringAppend( p," is invalid.\n" ) ;
break ;
case CRYPT_ACTIVE :
StringAppend( p," is active.\n" ) ;
break ;
case CRYPT_BUSY :
StringAppend( p," is active and is in use.\n" ) ;
break ;
default :
StringAppend( p," is invalid.\n" ) ;
}
if( info == CRYPT_ACTIVE || info == CRYPT_BUSY ){
StringAppend( p," type: \t" ) ;
type = crypt_get_type( cd ) ;
if( type != NULL ){
q = String( type ) ;
StringAppend( p,StringToLowerCase( q ) ) ;
StringDelete( &q ) ;
}else{
q = _get_type_from_udev_1( mapper ) ;
StringAppendString( p,q ) ;
StringDelete( &q ) ;
}
z = crypt_get_cipher( cd ) ;
if( z != NULL ){
StringMultipleAppend( p,"\n cipher:\t",z,"-",NULL ) ;
}else{
StringAppend( p,"\n cipher:\tNil-" ) ;
}
z = crypt_get_cipher_mode( cd ) ;
if( z != NULL ){
StringAppend( p,z ) ;
}else{
StringAppend( p,"Nil" ) ;
}
z = StringIntToString_1( buffer,SIZE,8 * crypt_get_volume_key_size( cd ) ) ;
StringMultipleAppend( p,"\n keysize:\t",z," bits",NULL ) ;
e = crypt_get_data_offset( cd ) ;
z = StringIntToString_1( buffer,SIZE,e ) ;
StringMultipleAppend( p,"\n offset:\t",z," sectors",NULL ) ;
zuluCryptFormatSize( e * 512,buffer,SIZE ) ;
StringMultipleAppend( p," / ",buffer,NULL ) ;
_device_info( p,crypt_get_device_name( cd ) ) ;
crypt_get_active_device( NULL,mapper,&cad ) ;
if( cad.flags == 1 ){
StringAppend( p,"\n mode: \tread only" ) ;
}else{
StringAppend( p,"\n mode: \tread and write" ) ;
}
k = crypt_keyslot_max( crypt_get_type( cd ) ) ;
if( k > 0 ){
i = 0 ;
for( j = 0 ; j < k ; j++ ){
switch( crypt_keyslot_status( cd,j ) ){
case CRYPT_SLOT_ACTIVE_LAST : i++ ; break ;
case CRYPT_SLOT_ACTIVE : i++ ; break ;
default : ;
}
}
StringMultipleAppend( p,"\n active slots:\t",StringIntToString_1( buffer,SIZE,i ),NULL ) ;
StringMultipleAppend( p," / ",StringIntToString_1( buffer,SIZE,k ),NULL ) ;
}else{
StringAppend( p,"\n active slots:\tNil" ) ;
}
}
crypt_free( cd ) ;
return p ;
}
int
main(int argc, char *argv[])
{
struct crypt_device *cd = NULL;
struct options opts = {};
const char *type = NULL;
int nerr = 0;
if (argp_parse(&argp, argc, argv, 0, NULL, &opts) != 0)
return EX_OSERR;
if (strlen(opts.params.hostname) == 0) {
for (int slot = 0; slot < LUKS_NUMKEYS; slot++) {
TANG_LUKS *tl = NULL;
sbuf_t *buf = NULL;
buf = meta_read(opts.device, slot);
if (!buf)
continue;
tl = TANG_LUKS_from_sbuf(buf);
sbuf_free(buf);
if (!tl)
continue;
fwrite(tl->hostname->data, tl->hostname->length, 1, stderr);
fwrite(":", 1, 1, stderr);
fwrite(tl->service->data, tl->service->length, 1, stderr);
fwrite("\n", 1, 1, stderr);
TANG_LUKS_free(tl);
}
return 0;
}
nerr = crypt_init(&cd, opts.device);
if (nerr != 0) {
fprintf(stderr, "Unable to open device (%s): %s\n",
opts.device, strerror(-nerr));
goto error;
}
nerr = crypt_load(cd, NULL, NULL);
if (nerr != 0) {
fprintf(stderr, "Unable to load device (%s): %s\n",
opts.device, strerror(-nerr));
goto error;
}
type = crypt_get_type(cd);
if (type == NULL) {
fprintf(stderr, "Unable to determine device type\n");
goto error;
}
if (strcmp(type, CRYPT_LUKS1) != 0) {
fprintf(stderr, "%s (%s) is not a LUKS device\n", opts.device, type);
goto error;
}
for (int slot = 0; slot < crypt_keyslot_max(CRYPT_LUKS1); slot++) {
TANG_LUKS *tl = NULL;
sbuf_t *buf = NULL;
switch (crypt_keyslot_status(cd, slot)) {
case CRYPT_SLOT_ACTIVE:
case CRYPT_SLOT_ACTIVE_LAST:
buf = meta_read(opts.device, slot);
if (!buf)
continue;
tl = TANG_LUKS_from_sbuf(buf);
sbuf_free(buf);
if (!tl)
continue;
if (strncmp((char *) tl->hostname->data, opts.params.hostname,
tl->hostname->length) != 0) {
TANG_LUKS_free(tl);
continue;
}
if (strncmp((char *) tl->service->data, opts.params.service,
tl->service->length) != 0) {
TANG_LUKS_free(tl);
continue;
}
TANG_LUKS_free(tl);
if (crypt_keyslot_destroy(cd, slot) == 0)
meta_erase(opts.device, slot);
break;
default:
break;
}
}
crypt_free(cd);
return 0;
error:
crypt_free(cd);
return EX_IOERR;
}
void genFDEStatusForBlockDevice(const std::string& name,
const std::string& uuid,
const std::string& parent_name,
std::map<std::string, Row>& encrypted_rows,
QueryData& results) {
Row r;
r["name"] = name;
r["uuid"] = uuid;
struct crypt_device* cd = nullptr;
auto ci = crypt_status(cd, name.c_str());
switch (ci) {
case CRYPT_ACTIVE:
case CRYPT_BUSY: {
r["encrypted"] = "1";
auto crypt_init = crypt_init_by_name_and_header(&cd, name.c_str(), nullptr);
if (crypt_init < 0) {
VLOG(1) << "Unable to initialize crypt device for " << name;
break;
}
struct crypt_active_device cad;
if (crypt_get_active_device(cd, name.c_str(), &cad) < 0) {
VLOG(1) << "Unable to get active device for " << name;
break;
}
// Construct the "type" with the cipher and mode too.
std::vector<std::string> items;
auto ctype = crypt_get_type(cd);
if (ctype != nullptr) {
items.push_back(ctype);
}
auto ccipher = crypt_get_cipher(cd);
if (ccipher != nullptr) {
items.push_back(ccipher);
}
auto ccipher_mode = crypt_get_cipher_mode(cd);
if (ccipher_mode != nullptr) {
items.push_back(ccipher_mode);
}
r["type"] = osquery::join(items, "-");
encrypted_rows[name] = r;
break;
}
default:
if (encrypted_rows.count(parent_name)) {
auto parent_row = encrypted_rows[parent_name];
r["encrypted"] = "1";
r["type"] = parent_row["type"];
} else {
r["encrypted"] = "0";
}
}
if (cd != nullptr) {
crypt_free(cd);
}
results.push_back(r);
}
