Coverage Report

Created: 2026-06-09 06:33

next uncovered line (L), next uncovered region (R), next uncovered branch (B)
/src/cryptsetup/lib/luks2/luks2_luks1_convert.c
Line
Count
Source
1
// SPDX-License-Identifier: GPL-2.0-or-later
2
/*
3
 * LUKS - Linux Unified Key Setup v2, LUKS1 conversion code
4
 *
5
 * Copyright (C) 2015-2025 Red Hat, Inc. All rights reserved.
6
 * Copyright (C) 2015-2025 Ondrej Kozina
7
 * Copyright (C) 2015-2025 Milan Broz
8
 */
9
10
#include "luks2_internal.h"
11
#include "../luks1/luks.h"
12
#include "../luks1/af.h"
13
14
/* This differs from LUKS_check_cipher() that it does not check dm-crypt fallback. */
15
int LUKS2_check_cipher(struct crypt_device *cd,
16
          size_t keylength,
17
          const char *cipher,
18
          const char *cipher_mode)
19
0
{
20
0
  int r;
21
0
  struct crypt_storage *s;
22
0
  char buf[SECTOR_SIZE], *empty_key;
23
24
0
  log_dbg(cd, "Checking if cipher %s-%s is usable (storage wrapper).", cipher, cipher_mode);
25
26
0
  empty_key = malloc(keylength);
27
0
  if (!empty_key)
28
0
    return -ENOMEM;
29
30
  /* No need to get KEY quality random but it must avoid known weak keys. */
31
0
  r = crypt_random_get(cd, empty_key, keylength, CRYPT_RND_NORMAL);
32
0
  if (r < 0)
33
0
    goto out;
34
35
0
  r = crypt_storage_init(&s, SECTOR_SIZE, cipher, cipher_mode, empty_key, keylength, false);
36
0
  if (r < 0)
37
0
    goto out;
38
39
0
  memset(buf, 0, sizeof(buf));
40
0
  r = crypt_storage_decrypt(s, 0, sizeof(buf), buf);
41
0
  crypt_storage_destroy(s);
42
0
out:
43
0
  free(empty_key);
44
0
  return r;
45
0
}
46
47
static int json_luks1_keyslot(const struct luks_phdr *hdr_v1, int keyslot, json_object **keyslot_object)
48
0
{
49
0
  char *base64_str, cipher[LUKS_CIPHERNAME_L+LUKS_CIPHERMODE_L];
50
0
  size_t base64_len;
51
0
  json_object *keyslot_obj, *field, *jobj_kdf, *jobj_af, *jobj_area;
52
0
  uint64_t offset, area_size, length;
53
0
  int r;
54
55
0
  keyslot_obj = json_object_new_object();
56
0
  if (!keyslot_obj) {
57
0
    r = -ENOMEM;
58
0
    goto err;
59
0
  }
60
61
0
  json_object_object_add(keyslot_obj, "type", json_object_new_string("luks2"));
62
0
  json_object_object_add(keyslot_obj, "key_size", json_object_new_int64(hdr_v1->keyBytes));
63
64
  /* KDF */
65
0
  jobj_kdf = json_object_new_object();
66
0
  if (!jobj_kdf) {
67
0
    r = -ENOMEM;
68
0
    goto err;
69
0
  }
70
71
0
  json_object_object_add(jobj_kdf, "type", json_object_new_string(CRYPT_KDF_PBKDF2));
72
0
  json_object_object_add(jobj_kdf, "hash", json_object_new_string(hdr_v1->hashSpec));
73
0
  json_object_object_add(jobj_kdf, "iterations", json_object_new_int64(hdr_v1->keyblock[keyslot].passwordIterations));
74
  /* salt field */
75
0
  r = crypt_base64_encode(&base64_str, &base64_len, hdr_v1->keyblock[keyslot].passwordSalt, LUKS_SALTSIZE);
76
0
  if (r < 0) {
77
0
    json_object_put(keyslot_obj);
78
0
    json_object_put(jobj_kdf);
79
0
    return r;
80
0
  }
81
0
  field = json_object_new_string_len(base64_str, base64_len);
82
0
  free(base64_str);
83
0
  json_object_object_add(jobj_kdf, "salt", field);
84
0
  json_object_object_add(keyslot_obj, "kdf", jobj_kdf);
85
86
  /* AF */
87
0
  jobj_af = json_object_new_object();
88
0
  if (!jobj_af) {
89
0
    r = -ENOMEM;
90
0
    goto err;
91
0
  }
92
93
0
  json_object_object_add(jobj_af, "type", json_object_new_string("luks1"));
94
0
  json_object_object_add(jobj_af, "hash", json_object_new_string(hdr_v1->hashSpec));
95
  /* stripes field ignored, fixed to LUKS_STRIPES (4000) */
96
0
  json_object_object_add(jobj_af, "stripes", json_object_new_int(LUKS_STRIPES));
97
0
  json_object_object_add(keyslot_obj, "af", jobj_af);
98
99
  /* Area */
100
0
  jobj_area = json_object_new_object();
101
0
  if (!jobj_area) {
102
0
    r = -ENOMEM;
103
0
    goto err;
104
0
  }
105
106
0
  json_object_object_add(jobj_area, "type", json_object_new_string("raw"));
107
108
  /* encryption algorithm field */
109
0
  if (*hdr_v1->cipherMode != '\0') {
110
0
    if (snprintf(cipher, sizeof(cipher), "%s-%s", hdr_v1->cipherName, hdr_v1->cipherMode) < 0) {
111
0
      json_object_put(keyslot_obj);
112
0
      json_object_put(jobj_area);
113
0
      return -EINVAL;
114
0
    }
115
0
    json_object_object_add(jobj_area, "encryption", json_object_new_string(cipher));
116
0
  } else
117
0
    json_object_object_add(jobj_area, "encryption", json_object_new_string(hdr_v1->cipherName));
118
119
  /* area */
120
0
  if (LUKS_keyslot_area(hdr_v1, keyslot, &offset, &length)) {
121
0
    json_object_put(keyslot_obj);
122
0
    json_object_put(jobj_area);
123
0
    return -EINVAL;
124
0
  }
125
0
  area_size = size_round_up(length, 4096);
126
0
  json_object_object_add(jobj_area, "key_size", json_object_new_int(hdr_v1->keyBytes));
127
0
  json_object_object_add(jobj_area, "offset", crypt_jobj_new_uint64(offset));
128
0
  json_object_object_add(jobj_area, "size", crypt_jobj_new_uint64(area_size));
129
0
  json_object_object_add(keyslot_obj, "area", jobj_area);
130
131
0
  *keyslot_object = keyslot_obj;
132
0
  return 0;
133
0
err:
134
0
  json_object_put(keyslot_obj);
135
0
  return r;
136
0
}
137
138
static int json_luks1_keyslots(const struct luks_phdr *hdr_v1, json_object **keyslots_object)
139
0
{
140
0
  int keyslot, r;
141
0
  json_object *keyslot_obj, *field;
142
143
0
  keyslot_obj = json_object_new_object();
144
0
  if (!keyslot_obj)
145
0
    return -ENOMEM;
146
147
0
  for (keyslot = 0; keyslot < LUKS_NUMKEYS; keyslot++) {
148
0
    if (hdr_v1->keyblock[keyslot].active != LUKS_KEY_ENABLED)
149
0
      continue;
150
0
    r = json_luks1_keyslot(hdr_v1, keyslot, &field);
151
0
    if (r) {
152
0
      json_object_put(keyslot_obj);
153
0
      return r;
154
0
    }
155
0
    r = json_object_object_add_by_uint(keyslot_obj, keyslot, field);
156
0
    if (r) {
157
0
      json_object_put(field);
158
0
      json_object_put(keyslot_obj);
159
0
      return r;
160
0
    }
161
0
  }
162
163
0
  *keyslots_object = keyslot_obj;
164
0
  return 0;
165
0
}
166
167
static int json_luks1_segment(const struct luks_phdr *hdr_v1, json_object **segment_object)
168
0
{
169
0
  const char *c;
170
0
  char cipher[LUKS_CIPHERNAME_L+LUKS_CIPHERMODE_L];
171
0
  json_object *segment_obj, *field;
172
0
  uint64_t number;
173
174
0
  segment_obj = json_object_new_object();
175
0
  if (!segment_obj)
176
0
    return -ENOMEM;
177
178
  /* type field */
179
0
  field = json_object_new_string("crypt");
180
0
  if (!field) {
181
0
    json_object_put(segment_obj);
182
0
    return -ENOMEM;
183
0
  }
184
0
  json_object_object_add(segment_obj, "type", field);
185
186
  /* offset field */
187
0
  number = (uint64_t)hdr_v1->payloadOffset * SECTOR_SIZE;
188
189
0
  field = crypt_jobj_new_uint64(number);
190
0
  if (!field) {
191
0
    json_object_put(segment_obj);
192
0
    return -ENOMEM;
193
0
  }
194
0
  json_object_object_add(segment_obj, "offset", field);
195
196
  /* iv_tweak field */
197
0
  field = json_object_new_string("0");
198
0
  if (!field) {
199
0
    json_object_put(segment_obj);
200
0
    return -ENOMEM;
201
0
  }
202
0
  json_object_object_add(segment_obj, "iv_tweak", field);
203
204
  /* length field */
205
0
  field = json_object_new_string("dynamic");
206
0
  if (!field) {
207
0
    json_object_put(segment_obj);
208
0
    return -ENOMEM;
209
0
  }
210
0
  json_object_object_add(segment_obj, "size", field);
211
212
  /* cipher field */
213
0
  if (*hdr_v1->cipherMode != '\0') {
214
0
    if (snprintf(cipher, sizeof(cipher), "%s-%s", hdr_v1->cipherName, hdr_v1->cipherMode) < 0) {
215
0
      json_object_put(segment_obj);
216
0
      return -EINVAL;
217
0
    }
218
0
    c = cipher;
219
0
  } else
220
0
    c = hdr_v1->cipherName;
221
222
0
  field = json_object_new_string(c);
223
0
  if (!field) {
224
0
    json_object_put(segment_obj);
225
0
    return -ENOMEM;
226
0
  }
227
0
  json_object_object_add(segment_obj, "encryption", field);
228
229
  /* block field */
230
0
  field = json_object_new_int(SECTOR_SIZE);
231
0
  if (!field) {
232
0
    json_object_put(segment_obj);
233
0
    return -ENOMEM;
234
0
  }
235
0
  json_object_object_add(segment_obj, "sector_size", field);
236
237
0
  *segment_object = segment_obj;
238
0
  return 0;
239
0
}
240
241
static int json_luks1_segments(const struct luks_phdr *hdr_v1, json_object **segments_object)
242
0
{
243
0
  int r;
244
0
  json_object *segments_obj, *field;
245
246
0
  segments_obj = json_object_new_object();
247
0
  if (!segments_obj)
248
0
    return -ENOMEM;
249
250
0
  r = json_luks1_segment(hdr_v1, &field);
251
0
  if (r) {
252
0
    json_object_put(segments_obj);
253
0
    return r;
254
0
  }
255
0
  r = json_object_object_add_by_uint(segments_obj, 0, field);
256
0
  if (r) {
257
0
    json_object_put(field);
258
0
    json_object_put(segments_obj);
259
0
    return r;
260
0
  }
261
262
0
  *segments_object = segments_obj;
263
0
  return 0;
264
0
}
265
266
static int json_luks1_digest(const struct luks_phdr *hdr_v1, json_object **digest_object)
267
0
{
268
0
  char keyslot_str[16], *base64_str;
269
0
  int r, ks;
270
0
  size_t base64_len;
271
0
  json_object *digest_obj, *array, *field;
272
273
0
  digest_obj = json_object_new_object();
274
0
  if (!digest_obj)
275
0
    return -ENOMEM;
276
277
  /* type field */
278
0
  field = json_object_new_string("pbkdf2");
279
0
  if (!field) {
280
0
    json_object_put(digest_obj);
281
0
    return -ENOMEM;
282
0
  }
283
0
  json_object_object_add(digest_obj, "type", field);
284
285
  /* keyslots array */
286
0
  array = json_object_new_array();
287
0
  if (!array) {
288
0
    json_object_put(digest_obj);
289
0
    return -ENOMEM;
290
0
  }
291
0
  json_object_object_add(digest_obj, "keyslots", json_object_get(array));
292
293
0
  for (ks = 0; ks < LUKS_NUMKEYS; ks++) {
294
0
    if (hdr_v1->keyblock[ks].active != LUKS_KEY_ENABLED)
295
0
      continue;
296
0
    if (snprintf(keyslot_str, sizeof(keyslot_str), "%d", ks) < 0) {
297
0
      json_object_put(field);
298
0
      json_object_put(array);
299
0
      json_object_put(digest_obj);
300
0
      return -EINVAL;
301
0
    }
302
303
0
    field = json_object_new_string(keyslot_str);
304
0
    if (!field || json_object_array_add(array, field) < 0) {
305
0
      json_object_put(field);
306
0
      json_object_put(array);
307
0
      json_object_put(digest_obj);
308
0
      return -ENOMEM;
309
0
    }
310
0
  }
311
312
0
  json_object_put(array);
313
314
  /* segments array */
315
0
  array = json_object_new_array();
316
0
  if (!array) {
317
0
    json_object_put(digest_obj);
318
0
    return -ENOMEM;
319
0
  }
320
0
  json_object_object_add(digest_obj, "segments", json_object_get(array));
321
322
0
  field = json_object_new_string("0");
323
0
  if (!field || json_object_array_add(array, field) < 0) {
324
0
    json_object_put(field);
325
0
    json_object_put(array);
326
0
    json_object_put(digest_obj);
327
0
    return -ENOMEM;
328
0
  }
329
330
0
  json_object_put(array);
331
332
  /* hash field */
333
0
  field = json_object_new_string(hdr_v1->hashSpec);
334
0
  if (!field) {
335
0
    json_object_put(digest_obj);
336
0
    return -ENOMEM;
337
0
  }
338
0
  json_object_object_add(digest_obj, "hash", field);
339
340
  /* salt field */
341
0
  r = crypt_base64_encode(&base64_str, &base64_len, hdr_v1->mkDigestSalt, LUKS_SALTSIZE);
342
0
  if (r < 0) {
343
0
    json_object_put(digest_obj);
344
0
    return r;
345
0
  }
346
347
0
  field = json_object_new_string_len(base64_str, base64_len);
348
0
  free(base64_str);
349
0
  if (!field) {
350
0
    json_object_put(digest_obj);
351
0
    return -ENOMEM;
352
0
  }
353
0
  json_object_object_add(digest_obj, "salt", field);
354
355
  /* digest field */
356
0
  r = crypt_base64_encode(&base64_str, &base64_len, hdr_v1->mkDigest, LUKS_DIGESTSIZE);
357
0
  if (r < 0) {
358
0
    json_object_put(digest_obj);
359
0
    return r;
360
0
  }
361
362
0
  field = json_object_new_string_len(base64_str, base64_len);
363
0
  free(base64_str);
364
0
  if (!field) {
365
0
    json_object_put(digest_obj);
366
0
    return -ENOMEM;
367
0
  }
368
0
  json_object_object_add(digest_obj, "digest", field);
369
370
  /* iterations field */
371
0
  field = json_object_new_int64(hdr_v1->mkDigestIterations);
372
0
  if (!field) {
373
0
    json_object_put(digest_obj);
374
0
    return -ENOMEM;
375
0
  }
376
0
  json_object_object_add(digest_obj, "iterations", field);
377
378
0
  *digest_object = digest_obj;
379
0
  return 0;
380
0
}
381
382
static int json_luks1_digests(const struct luks_phdr *hdr_v1, json_object **digests_object)
383
0
{
384
0
  int r;
385
0
  json_object *digests_obj, *field;
386
387
0
  digests_obj = json_object_new_object();
388
0
  if (!digests_obj)
389
0
    return -ENOMEM;
390
391
0
  r = json_luks1_digest(hdr_v1, &field);
392
0
  if (r) {
393
0
    json_object_put(digests_obj);
394
0
    return r;
395
0
  }
396
0
  json_object_object_add(digests_obj, "0", field);
397
398
0
  *digests_object = digests_obj;
399
0
  return 0;
400
0
}
401
402
static int json_luks1_object(struct luks_phdr *hdr_v1, json_object **luks1_object, uint64_t keyslots_size)
403
0
{
404
0
  int r;
405
0
  json_object *luks1_obj, *field;
406
0
  uint64_t json_size;
407
408
0
  luks1_obj = json_object_new_object();
409
0
  if (!luks1_obj)
410
0
    return -ENOMEM;
411
412
  /* keyslots field */
413
0
  r = json_luks1_keyslots(hdr_v1, &field);
414
0
  if (r) {
415
0
    json_object_put(luks1_obj);
416
0
    return r;
417
0
  }
418
0
  json_object_object_add(luks1_obj, "keyslots", field);
419
420
  /* tokens field */
421
0
  field = json_object_new_object();
422
0
  if (!field) {
423
0
    json_object_put(luks1_obj);
424
0
    return -ENOMEM;
425
0
  }
426
0
  json_object_object_add(luks1_obj, "tokens", field);
427
428
  /* segments field */
429
0
  r = json_luks1_segments(hdr_v1, &field);
430
0
  if (r) {
431
0
    json_object_put(luks1_obj);
432
0
    return r;
433
0
  }
434
0
  json_object_object_add(luks1_obj, "segments", field);
435
436
  /* digests field */
437
0
  r = json_luks1_digests(hdr_v1, &field);
438
0
  if (r) {
439
0
    json_object_put(luks1_obj);
440
0
    return r;
441
0
  }
442
0
  json_object_object_add(luks1_obj, "digests", field);
443
444
  /* config field */
445
  /* anything else? */
446
0
  field = json_object_new_object();
447
0
  if (!field) {
448
0
    json_object_put(luks1_obj);
449
0
    return -ENOMEM;
450
0
  }
451
0
  json_object_object_add(luks1_obj, "config", field);
452
453
0
  json_size = LUKS2_HDR_16K_LEN - LUKS2_HDR_BIN_LEN;
454
0
  json_object_object_add(field, "json_size", crypt_jobj_new_uint64(json_size));
455
0
  keyslots_size -= (keyslots_size % 4096);
456
0
  json_object_object_add(field, "keyslots_size", crypt_jobj_new_uint64(keyslots_size));
457
458
0
  *luks1_object = luks1_obj;
459
0
  return 0;
460
0
}
461
462
static void move_keyslot_offset(json_object *jobj, int offset_add)
463
0
{
464
0
  json_object *jobj1, *jobj2, *jobj_area;
465
0
  uint64_t offset = 0;
466
467
0
  json_object_object_get_ex(jobj, "keyslots", &jobj1);
468
0
  json_object_object_foreach(jobj1, key, val) {
469
0
    UNUSED(key);
470
0
    json_object_object_get_ex(val, "area", &jobj_area);
471
0
    json_object_object_get_ex(jobj_area, "offset", &jobj2);
472
0
    offset = crypt_jobj_get_uint64(jobj2) + offset_add;
473
0
    json_object_object_add(jobj_area, "offset", crypt_jobj_new_uint64(offset));
474
0
  }
475
0
}
476
477
static int move_keyslot_areas(struct crypt_device *cd, off_t offset_from,
478
            off_t offset_to, size_t buf_size)
479
0
{
480
0
  int devfd, r = -EIO;
481
0
  struct device *device = crypt_metadata_device(cd);
482
0
  void *buf = NULL;
483
484
0
  log_dbg(cd, "Moving keyslot areas of size %zu from %jd to %jd.",
485
0
    buf_size, (intmax_t)offset_from, (intmax_t)offset_to);
486
487
0
  if (posix_memalign(&buf, crypt_getpagesize(), buf_size))
488
0
    return -ENOMEM;
489
490
0
  devfd = device_open(cd, device, O_RDWR);
491
0
  if (devfd < 0) {
492
0
    free(buf);
493
0
    return -EIO;
494
0
  }
495
496
  /* This can safely fail (for block devices). It only allocates space if it is possible. */
497
0
  if (posix_fallocate(devfd, offset_to, buf_size))
498
0
    log_dbg(cd, "Preallocation (fallocate) of new keyslot area not available.");
499
500
  /* Try to read *new* area to check that area is there (trimmed backup). */
501
0
  if (read_lseek_blockwise(devfd, device_block_size(cd, device),
502
0
         device_alignment(device), buf, buf_size,
503
0
         offset_to)!= (ssize_t)buf_size)
504
0
    goto out;
505
506
0
  if (read_lseek_blockwise(devfd, device_block_size(cd, device),
507
0
         device_alignment(device), buf, buf_size,
508
0
         offset_from)!= (ssize_t)buf_size)
509
0
    goto out;
510
511
0
  if (write_lseek_blockwise(devfd, device_block_size(cd, device),
512
0
          device_alignment(device), buf, buf_size,
513
0
          offset_to) != (ssize_t)buf_size)
514
0
    goto out;
515
516
0
  r = 0;
517
0
out:
518
0
  device_sync(cd, device);
519
0
  crypt_safe_memzero(buf, buf_size);
520
0
  free(buf);
521
522
0
  return r;
523
0
}
524
525
static int luks_header_in_use(struct crypt_device *cd)
526
0
{
527
0
  int r;
528
529
0
  r = lookup_dm_dev_by_uuid(cd, crypt_get_uuid(cd), crypt_get_type(cd));
530
0
  if (r < 0)
531
0
    log_err(cd, _("Cannot check status of device with uuid: %s."), crypt_get_uuid(cd));
532
533
0
  return r;
534
0
}
535
536
/* Check if there is a luksmeta area (foreign metadata created by the luksmeta package) */
537
static int luksmeta_header_present(struct crypt_device *cd, off_t luks1_size)
538
0
{
539
0
  int devfd, r = 0;
540
0
  static const uint8_t LM_MAGIC[] = { 'L', 'U', 'K', 'S', 'M', 'E', 'T', 'A' };
541
0
  struct device *device = crypt_metadata_device(cd);
542
0
  void *buf = NULL;
543
544
0
  if (posix_memalign(&buf, crypt_getpagesize(), sizeof(LM_MAGIC)))
545
0
    return -ENOMEM;
546
547
0
  devfd = device_open(cd, device, O_RDONLY);
548
0
  if (devfd < 0) {
549
0
    free(buf);
550
0
    return -EIO;
551
0
  }
552
553
  /* Note: we must not detect failure as problem here, header can be trimmed. */
554
0
  if (read_lseek_blockwise(devfd, device_block_size(cd, device), device_alignment(device),
555
0
    buf, sizeof(LM_MAGIC), luks1_size) == (ssize_t)sizeof(LM_MAGIC) &&
556
0
    !memcmp(LM_MAGIC, buf, sizeof(LM_MAGIC))) {
557
0
      log_err(cd, _("Unable to convert header with LUKSMETA additional metadata."));
558
0
      r = -EBUSY;
559
0
  }
560
561
0
  free(buf);
562
0
  return r;
563
0
}
564
565
/* Convert LUKS1 -> LUKS2 */
566
int LUKS2_luks1_to_luks2(struct crypt_device *cd, struct luks_phdr *hdr1, struct luks2_hdr *hdr2)
567
0
{
568
0
  int r;
569
0
  json_object *jobj = NULL;
570
0
  size_t buf_size, buf_offset, luks1_size, luks1_shift = 2 * LUKS2_HDR_16K_LEN - LUKS_ALIGN_KEYSLOTS;
571
0
  uint64_t required_size, max_size = crypt_get_data_offset(cd) * SECTOR_SIZE;
572
0
  char cipher_spec[MAX_CAPI_LEN];
573
574
  /* for detached headers max size == device size */
575
0
  if (!max_size && (r = device_size(crypt_metadata_device(cd), &max_size)))
576
0
    return r;
577
578
0
  luks1_size = LUKS_device_sectors(hdr1) << SECTOR_SHIFT;
579
0
  luks1_size = size_round_up(luks1_size, LUKS_ALIGN_KEYSLOTS);
580
0
  if (!luks1_size)
581
0
    return -EINVAL;
582
583
0
  if (LUKS_keyslots_offset(hdr1) != (LUKS_ALIGN_KEYSLOTS / SECTOR_SIZE)) {
584
0
    log_dbg(cd, "Unsupported keyslots material offset: %zu.", LUKS_keyslots_offset(hdr1));
585
0
    return -EINVAL;
586
0
  }
587
588
0
  if (LUKS2_check_cipher(cd, hdr1->keyBytes, hdr1->cipherName, hdr1->cipherMode)) {
589
0
    log_err(cd, _("Unable to use cipher specification %s-%s for LUKS2."),
590
0
      hdr1->cipherName, hdr1->cipherMode);
591
0
    return -EINVAL;
592
0
  }
593
594
0
  r = snprintf(cipher_spec, sizeof(cipher_spec), "%s-%s", hdr1->cipherName, hdr1->cipherMode);
595
0
  if (r < 0 || (size_t)r >= sizeof(cipher_spec))
596
0
    return -EINVAL;
597
0
  if (LUKS2_keyslot_cipher_incompatible(cd, cipher_spec)) {
598
0
    log_err(cd, _("Unable to use cipher specification %s-%s for LUKS2 keyslot."),
599
0
      hdr1->cipherName, hdr1->cipherMode);
600
0
    return -EINVAL;
601
0
  }
602
603
0
  if (luksmeta_header_present(cd, luks1_size))
604
0
    return -EINVAL;
605
606
0
  log_dbg(cd, "Max size: %" PRIu64 ", LUKS1 (full) header size %zu , required shift: %zu",
607
0
    max_size, luks1_size, luks1_shift);
608
609
0
  required_size = luks1_size + luks1_shift;
610
611
0
  if ((max_size < required_size) &&
612
0
      device_fallocate(crypt_metadata_device(cd), required_size)) {
613
0
    log_err(cd, _("Unable to move keyslot area. Not enough space."));
614
0
    return -EINVAL;
615
0
  }
616
617
0
  if (max_size < required_size)
618
0
    max_size = required_size;
619
620
  /* fix coverity false positive integer underflow */
621
0
  if (max_size < 2 * LUKS2_HDR_16K_LEN)
622
0
    return -EINVAL;
623
624
0
  r = json_luks1_object(hdr1, &jobj, max_size - 2 * LUKS2_HDR_16K_LEN);
625
0
  if (r < 0)
626
0
    return r;
627
628
0
  move_keyslot_offset(jobj, luks1_shift);
629
630
  /* Create and fill LUKS2 hdr */
631
0
  memset(hdr2, 0, sizeof(*hdr2));
632
0
  hdr2->hdr_size = LUKS2_HDR_16K_LEN;
633
0
  hdr2->seqid = 1;
634
0
  hdr2->version = 2;
635
0
  strncpy(hdr2->checksum_alg, "sha256", LUKS2_CHECKSUM_ALG_L);
636
0
  crypt_random_get(cd, (char*)hdr2->salt1, sizeof(hdr2->salt1), CRYPT_RND_SALT);
637
0
  crypt_random_get(cd, (char*)hdr2->salt2, sizeof(hdr2->salt2), CRYPT_RND_SALT);
638
0
  strncpy(hdr2->uuid, crypt_get_uuid(cd), LUKS2_UUID_L-1); /* UUID should be max 36 chars */
639
0
  hdr2->jobj = jobj;
640
641
  /*
642
   * It duplicates check in LUKS2_hdr_write() but we don't want to move
643
   * keyslot areas in case it would fail later
644
   */
645
0
  if (max_size < LUKS2_hdr_and_areas_size(hdr2)) {
646
0
    r = -EINVAL;
647
0
    goto out;
648
0
  }
649
650
  /* check future LUKS2 metadata before moving keyslots area */
651
0
  if (LUKS2_hdr_validate(cd, hdr2->jobj, hdr2->hdr_size - LUKS2_HDR_BIN_LEN)) {
652
0
    log_err(cd, _("Cannot convert to LUKS2 format - invalid metadata."));
653
0
    r = -EINVAL;
654
0
    goto out;
655
0
  }
656
657
0
  if ((r = luks_header_in_use(cd))) {
658
0
    if (r > 0)
659
0
      r = -EBUSY;
660
0
    goto out;
661
0
  }
662
663
  /* move keyslots 4k -> 32k offset */
664
0
  buf_offset = 2 * LUKS2_HDR_16K_LEN;
665
0
  buf_size   = luks1_size - LUKS_ALIGN_KEYSLOTS;
666
667
  /* check future LUKS2 keyslots area is at least as large as LUKS1 keyslots area */
668
0
  if (buf_size > LUKS2_keyslots_size(hdr2)) {
669
0
    log_err(cd, _("Unable to move keyslot area. LUKS2 keyslots area too small."));
670
0
    r = -EINVAL;
671
0
    goto out;
672
0
  }
673
674
0
  if ((r = move_keyslot_areas(cd, 8 * SECTOR_SIZE, buf_offset, buf_size)) < 0) {
675
0
    log_err(cd, _("Unable to move keyslot area."));
676
0
    goto out;
677
0
  }
678
679
  /* Write new LUKS2 JSON */
680
0
  r = LUKS2_hdr_write(cd, hdr2);
681
0
out:
682
0
  LUKS2_hdr_free(cd, hdr2);
683
684
0
  return r;
685
0
}
686
687
static int keyslot_LUKS1_compatible(struct crypt_device *cd, struct luks2_hdr *hdr,
688
            int keyslot, uint32_t key_size, const char *hash)
689
0
{
690
0
  json_object *jobj_keyslot, *jobj, *jobj_kdf, *jobj_af;
691
0
  uint64_t l2_offset, l2_length;
692
0
  size_t ks_key_size;
693
0
  const char *ks_cipher, *data_cipher;
694
695
0
  jobj_keyslot = LUKS2_get_keyslot_jobj(hdr, keyslot);
696
0
  if (!jobj_keyslot)
697
0
    return 1;
698
699
  /* Keyslot type */
700
0
  if (!json_object_object_get_ex(jobj_keyslot, "type", &jobj))
701
0
    return 0;
702
0
  if (strcmp(json_object_get_string(jobj), "luks2")) {
703
0
    log_dbg(cd, "Keyslot %d type %s is not compatible.",
704
0
      keyslot, json_object_get_string(jobj));
705
0
    return 0;
706
0
  }
707
708
  /* Keyslot uses PBKDF2, this implies memory and parallel is not used. */
709
0
  jobj = NULL;
710
0
  if (!json_object_object_get_ex(jobj_keyslot, "kdf", &jobj_kdf) ||
711
0
      !json_object_object_get_ex(jobj_kdf, "type", &jobj))
712
0
    return 0;
713
0
  if (strcmp(json_object_get_string(jobj), CRYPT_KDF_PBKDF2)) {
714
0
    log_dbg(cd, "Keyslot %d does not use PBKDF2.", keyslot);
715
0
    return 0;
716
0
  }
717
718
  /* Keyslot KDF hash is the same as the digest hash. */
719
0
  jobj = NULL;
720
0
  if (!json_object_object_get_ex(jobj_kdf, "hash", &jobj))
721
0
    return 0;
722
0
  if (strcmp(json_object_get_string(jobj), hash)) {
723
0
    log_dbg(cd, "Keyslot %d PBKDF uses different hash %s than digest hash %s.",
724
0
      keyslot, json_object_get_string(jobj), hash);
725
0
    return 0;
726
0
  }
727
728
  /* Keyslot AF use compatible striptes. */
729
0
  jobj = NULL;
730
0
  if (!json_object_object_get_ex(jobj_keyslot, "af", &jobj_af) ||
731
0
      !json_object_object_get_ex(jobj_af, "stripes", &jobj))
732
0
    return 0;
733
0
  if (json_object_get_int(jobj) != LUKS_STRIPES) {
734
0
    log_dbg(cd, "Keyslot %d AF uses incompatible stripes count.", keyslot);
735
0
    return 0;
736
0
  }
737
738
  /* Keyslot AF hash is the same as the digest hash. */
739
0
  jobj = NULL;
740
0
  if (!json_object_object_get_ex(jobj_af, "hash", &jobj))
741
0
    return 0;
742
0
  if (strcmp(json_object_get_string(jobj), hash)) {
743
0
    log_dbg(cd, "Keyslot %d AF uses different hash %s than digest hash %s.",
744
0
      keyslot, json_object_get_string(jobj), hash);
745
0
    return 0;
746
0
  }
747
748
0
  ks_cipher = LUKS2_get_keyslot_cipher(hdr, keyslot, &ks_key_size);
749
0
  data_cipher = LUKS2_get_cipher(hdr, CRYPT_DEFAULT_SEGMENT);
750
0
  if (!ks_cipher || !data_cipher || key_size != ks_key_size || strcmp(ks_cipher, data_cipher)) {
751
0
    log_dbg(cd, "Cipher in keyslot %d is different from volume key encryption.", keyslot);
752
0
    return 0;
753
0
  }
754
755
0
  if (LUKS2_keyslot_area(hdr, keyslot, &l2_offset, &l2_length))
756
0
    return 0;
757
758
0
  if (l2_length != (size_round_up(AF_split_sectors(key_size, LUKS_STRIPES) * SECTOR_SIZE, 4096))) {
759
0
    log_dbg(cd, "Area length in LUKS2 keyslot (%d) is not compatible with LUKS1", keyslot);
760
0
    return 0;
761
0
  }
762
763
0
  return 1;
764
0
}
765
766
/* Convert LUKS2 -> LUKS1 */
767
int LUKS2_luks2_to_luks1(struct crypt_device *cd, struct luks2_hdr *hdr2, struct luks_phdr *hdr1)
768
0
{
769
0
  size_t buf_size, buf_offset;
770
0
  char cipher[LUKS_CIPHERNAME_L], cipher_mode[LUKS_CIPHERMODE_L];
771
0
  char *digest, *digest_salt;
772
0
  const char *hash;
773
0
  size_t len;
774
0
  json_object *jobj_keyslot, *jobj_digest, *jobj_segment, *jobj_kdf, *jobj_area, *jobj1, *jobj2;
775
0
  uint32_t key_size;
776
0
  int i, r, last_active = 0;
777
0
  uint64_t offset, area_length;
778
0
  char *buf, luksMagic[] = LUKS_MAGIC;
779
0
  crypt_keyslot_info ki;
780
781
0
  jobj_digest  = LUKS2_get_digest_jobj(hdr2, 0);
782
0
  if (!jobj_digest)
783
0
    return -EINVAL;
784
785
0
  jobj_segment = LUKS2_get_segment_jobj(hdr2, CRYPT_DEFAULT_SEGMENT);
786
0
  if (!jobj_segment)
787
0
    return -EINVAL;
788
789
0
  if (json_segment_get_sector_size(jobj_segment) != SECTOR_SIZE) {
790
0
    log_err(cd, _("Cannot convert to LUKS1 format - default segment encryption sector size is not 512 bytes."));
791
0
    return -EINVAL;
792
0
  }
793
794
0
  json_object_object_get_ex(hdr2->jobj, "digests", &jobj1);
795
0
  if (!json_object_object_get_ex(jobj_digest, "type", &jobj2) ||
796
0
      strcmp(json_object_get_string(jobj2), "pbkdf2") ||
797
0
      json_object_object_length(jobj1) != 1) {
798
0
    log_err(cd, _("Cannot convert to LUKS1 format - key slot digests are not LUKS1 compatible."));
799
0
    return -EINVAL;
800
0
  }
801
0
  if (!json_object_object_get_ex(jobj_digest, "hash", &jobj2))
802
0
    return -EINVAL;
803
0
  hash = json_object_get_string(jobj2);
804
0
  if (crypt_hash_size(hash) < 0)
805
0
    return -EINVAL;
806
807
0
  r = crypt_parse_name_and_mode(LUKS2_get_cipher(hdr2, CRYPT_DEFAULT_SEGMENT), cipher, NULL, cipher_mode);
808
0
  if (r < 0)
809
0
    return r;
810
811
0
  if (crypt_cipher_wrapped_key(cipher, cipher_mode)) {
812
0
    log_err(cd, _("Cannot convert to LUKS1 format - device uses wrapped key cipher %s."), cipher);
813
0
    return -EINVAL;
814
0
  }
815
816
0
  if (json_segments_count(LUKS2_get_segments_jobj(hdr2)) != 1) {
817
0
    log_err(cd, _("Cannot convert to LUKS1 format - device uses more segments."));
818
0
    return -EINVAL;
819
0
  }
820
821
0
  r = LUKS2_tokens_count(hdr2);
822
0
  if (r < 0)
823
0
    return r;
824
0
  if (r > 0) {
825
0
    log_err(cd, _("Cannot convert to LUKS1 format - LUKS2 header contains %u token(s)."), r);
826
0
    return -EINVAL;
827
0
  }
828
829
0
  r = LUKS2_get_volume_key_size(hdr2, 0);
830
0
  if (r < 0) {
831
0
    log_err(cd, _("Cannot convert to LUKS1 format - there are no active keyslots."), r);
832
0
    return -EINVAL;
833
0
  }
834
0
  key_size = r;
835
836
0
  for (i = 0; i < LUKS2_KEYSLOTS_MAX; i++) {
837
0
    ki = LUKS2_keyslot_info(hdr2, i);
838
839
0
    if (ki == CRYPT_SLOT_INACTIVE)
840
0
      continue;
841
842
0
    if (ki == CRYPT_SLOT_INVALID) {
843
0
      log_err(cd, _("Cannot convert to LUKS1 format - keyslot %u is in invalid state."), i);
844
0
      return -EINVAL;
845
0
    }
846
847
0
    if (ki == CRYPT_SLOT_UNBOUND) {
848
0
      log_err(cd, _("Cannot convert to LUKS1 format - keyslot %u is unbound."), i);
849
0
      return -EINVAL;
850
0
    }
851
852
0
    if (i >= LUKS_NUMKEYS) {
853
0
      log_err(cd, _("Cannot convert to LUKS1 format - slot %u (over maximum slots) is still active."), i);
854
0
      return -EINVAL;
855
0
    }
856
857
0
    if (!keyslot_LUKS1_compatible(cd, hdr2, i, key_size, hash)) {
858
0
      log_err(cd, _("Cannot convert to LUKS1 format - keyslot %u is not LUKS1 compatible."), i);
859
0
      return -EINVAL;
860
0
    }
861
0
  }
862
863
0
  memset(hdr1, 0, sizeof(*hdr1));
864
865
0
  for (i = 0; i < LUKS_NUMKEYS; i++) {
866
0
    hdr1->keyblock[i].active = LUKS_KEY_DISABLED;
867
0
    hdr1->keyblock[i].stripes = LUKS_STRIPES;
868
869
0
    jobj_keyslot = LUKS2_get_keyslot_jobj(hdr2, i);
870
871
0
    if (jobj_keyslot) {
872
0
      if (!json_object_object_get_ex(jobj_keyslot, "area", &jobj_area))
873
0
        return -EINVAL;
874
0
      if (!json_object_object_get_ex(jobj_area, "offset", &jobj1))
875
0
        return -EINVAL;
876
0
      offset = crypt_jobj_get_uint64(jobj1);
877
0
    } else {
878
0
      if (LUKS2_find_area_gap(cd, hdr2, key_size, &offset, &area_length))
879
0
        return -EINVAL;
880
      /*
881
       * We have to create placeholder luks2 keyslots in place of all
882
       * inactive keyslots. Otherwise we would allocate all
883
       * inactive luks1 keyslots over same binary keyslot area.
884
       */
885
0
      if (placeholder_keyslot_alloc(cd, i, offset, area_length))
886
0
        return -EINVAL;
887
0
    }
888
889
0
    offset /= SECTOR_SIZE;
890
0
    if (offset > UINT32_MAX)
891
0
      return -EINVAL;
892
893
0
    hdr1->keyblock[i].keyMaterialOffset = offset;
894
0
    hdr1->keyblock[i].keyMaterialOffset -=
895
0
        ((2 * LUKS2_HDR_16K_LEN - LUKS_ALIGN_KEYSLOTS) / SECTOR_SIZE);
896
897
0
    if (!jobj_keyslot)
898
0
      continue;
899
900
0
    hdr1->keyblock[i].active = LUKS_KEY_ENABLED;
901
0
    last_active = i;
902
903
0
    if (!json_object_object_get_ex(jobj_keyslot, "kdf", &jobj_kdf))
904
0
      continue;
905
906
0
    if (!json_object_object_get_ex(jobj_kdf, "iterations", &jobj1))
907
0
      continue;
908
0
    hdr1->keyblock[i].passwordIterations = crypt_jobj_get_uint32(jobj1);
909
910
0
    if (!json_object_object_get_ex(jobj_kdf, "salt", &jobj1))
911
0
      continue;
912
913
0
    if (crypt_base64_decode(&buf, &len, json_object_get_string(jobj1),
914
0
          json_object_get_string_len(jobj1)))
915
0
      continue;
916
0
    if (len > 0 && len != LUKS_SALTSIZE) {
917
0
      free(buf);
918
0
      continue;
919
0
    }
920
0
    memcpy(hdr1->keyblock[i].passwordSalt, buf, LUKS_SALTSIZE);
921
0
    free(buf);
922
0
  }
923
924
0
  if (!jobj_keyslot) {
925
0
    jobj_keyslot = LUKS2_get_keyslot_jobj(hdr2, last_active);
926
0
    if (!jobj_keyslot)
927
0
      return -EINVAL;
928
0
  }
929
930
0
  if (!json_object_object_get_ex(jobj_keyslot, "area", &jobj_area))
931
0
    return -EINVAL;
932
0
  if (!json_object_object_get_ex(jobj_area, "encryption", &jobj1))
933
0
    return -EINVAL;
934
0
  r = crypt_parse_name_and_mode(json_object_get_string(jobj1), cipher, NULL, cipher_mode);
935
0
  if (r < 0)
936
0
    return r;
937
938
0
  strncpy(hdr1->cipherName, cipher, LUKS_CIPHERNAME_L - 1);
939
0
  hdr1->cipherName[LUKS_CIPHERNAME_L-1] = '\0';
940
0
  strncpy(hdr1->cipherMode, cipher_mode, LUKS_CIPHERMODE_L - 1);
941
0
  hdr1->cipherMode[LUKS_CIPHERMODE_L-1] = '\0';
942
943
0
  if (!json_object_object_get_ex(jobj_keyslot, "kdf", &jobj_kdf))
944
0
    return -EINVAL;
945
0
  if (!json_object_object_get_ex(jobj_kdf, "hash", &jobj1))
946
0
    return -EINVAL;
947
0
  strncpy(hdr1->hashSpec, json_object_get_string(jobj1), sizeof(hdr1->hashSpec) - 1);
948
949
0
  hdr1->keyBytes = key_size;
950
951
0
  if (!json_object_object_get_ex(jobj_digest, "iterations", &jobj1))
952
0
    return -EINVAL;
953
0
  hdr1->mkDigestIterations = crypt_jobj_get_uint32(jobj1);
954
955
0
  if (!json_object_object_get_ex(jobj_digest, "digest", &jobj1))
956
0
    return -EINVAL;
957
0
  r = crypt_base64_decode(&digest, &len, json_object_get_string(jobj1),
958
0
        json_object_get_string_len(jobj1));
959
0
  if (r < 0)
960
0
    return r;
961
  /* We can store full digest here, not only sha1 length */
962
0
  if (len < LUKS_DIGESTSIZE) {
963
0
    free(digest);
964
0
    return -EINVAL;
965
0
  }
966
0
  memcpy(hdr1->mkDigest, digest, LUKS_DIGESTSIZE);
967
0
  free(digest);
968
969
0
  if (!json_object_object_get_ex(jobj_digest, "salt", &jobj1))
970
0
    return -EINVAL;
971
0
  r = crypt_base64_decode(&digest_salt, &len, json_object_get_string(jobj1),
972
0
        json_object_get_string_len(jobj1));
973
0
  if (r < 0)
974
0
    return r;
975
0
  if (len != LUKS_SALTSIZE) {
976
0
    free(digest_salt);
977
0
    return -EINVAL;
978
0
  }
979
0
  memcpy(hdr1->mkDigestSalt, digest_salt, LUKS_SALTSIZE);
980
0
  free(digest_salt);
981
982
0
  if (!json_object_object_get_ex(jobj_segment, "offset", &jobj1))
983
0
    return -EINVAL;
984
0
  offset = crypt_jobj_get_uint64(jobj1) / SECTOR_SIZE;
985
0
  if (offset > UINT32_MAX)
986
0
    return -EINVAL;
987
0
  hdr1->payloadOffset = offset;
988
989
0
  strncpy(hdr1->uuid, hdr2->uuid, UUID_STRING_L); /* max 36 chars */
990
0
  hdr1->uuid[UUID_STRING_L-1] = '\0';
991
992
0
  memcpy(hdr1->magic, luksMagic, LUKS_MAGIC_L);
993
994
0
  hdr1->version = 1;
995
996
0
  r = luks_header_in_use(cd);
997
0
  if (r)
998
0
    return r > 0 ? -EBUSY : r;
999
1000
  /* move keyslots 32k -> 4k offset */
1001
0
  buf_offset = 2 * LUKS2_HDR_16K_LEN;
1002
0
  buf_size   = LUKS2_keyslots_size(hdr2);
1003
0
  r = move_keyslot_areas(cd, buf_offset, 8 * SECTOR_SIZE, buf_size);
1004
0
  if (r < 0) {
1005
0
    log_err(cd, _("Unable to move keyslot area."));
1006
0
    return r;
1007
0
  }
1008
1009
0
  crypt_wipe_device(cd, crypt_metadata_device(cd), CRYPT_WIPE_ZERO, 0,
1010
0
        8 * SECTOR_SIZE, 8 * SECTOR_SIZE, NULL, NULL);
1011
1012
  /* Write new LUKS1 hdr */
1013
0
  return LUKS_write_phdr(hdr1, cd);
1014
0
}