Fvault2: prepare module in libcryptsetup

lib/Makemodule.am

@@ -106,4 +106,6 @@ libcryptsetup_la_SOURCES = \
 	lib/utils_blkid.c		\
 	lib/utils_blkid.h		\
 	lib/bitlk/bitlk.h		\
-	lib/bitlk/bitlk.c
+	lib/bitlk/bitlk.c		\
+	lib/fvault2/fvault2.h		\
+	lib/fvault2/fvault2.c

lib/fvault2/fvault2.c

@@ -0,0 +1,70 @@
+/*
+ * FVAULT2 (FileVault2-compatible) volume handling
+ *
+ * Copyright (C) 2021-2022 Pavel Tobias
+ *
+ * This file is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This file is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this file; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include <errno.h>
+#include "internal.h"
+#include "fvault2.h"
+
+int FVAULT2_read_metadata(
+	struct crypt_device *cd,
+	struct fvault2_params *params)
+{
+	return -ENOTSUP;
+}
+
+int FVAULT2_get_volume_key(
+	struct crypt_device *cd,
+	const char *passphr,
+	size_t passphr_len,
+	const struct fvault2_params *params,
+	struct volume_key **vol_key)
+{
+	return -ENOTSUP;
+}
+
+int FVAULT2_dump(
+	struct crypt_device *cd,
+	struct device *device,
+	const struct fvault2_params *params)
+{
+	return -ENOTSUP;
+}
+
+int FVAULT2_activate_by_passphrase(
+	struct crypt_device *cd,
+	const char *name,
+	const char *passphr,
+	size_t passphr_len,
+	const struct fvault2_params *params,
+	uint32_t flags)
+{
+	return -ENOTSUP;
+}
+
+int FVAULT2_activate_by_volume_key(
+	struct crypt_device *cd,
+	const char *name,
+	const char *key,
+	size_t key_size,
+	const struct fvault2_params *params,
+	uint32_t flags)
+{
+	return -ENOTSUP;
+}

lib/fvault2/fvault2.h

@@ -0,0 +1,80 @@
+/*
+ * FVAULT2 (FileVault2-compatible) volume handling
+ *
+ * Copyright (C) 2021-2022 Pavel Tobias
+ *
+ * This file is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This file is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this file; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#ifndef _CRYPTSETUP_FVAULT2_H
+#define _CRYPTSETUP_FVAULT2_H
+
+#include <stddef.h>
+#include <stdint.h>
+
+#define FVAULT2_WRAPPED_KEY_SIZE 24
+#define FVAULT2_PBKDF2_SALT_SIZE 16
+#define FVAULT2_UUID_SIZE 16
+
+struct crypt_device;
+struct volume_key;
+
+struct fvault2_params {
+	const char *cipher;
+	const char *cipher_mode;
+	uint16_t key_size;
+	uint32_t pbkdf2_iters;
+	char pbkdf2_salt[FVAULT2_PBKDF2_SALT_SIZE];
+	char wrapped_kek[FVAULT2_WRAPPED_KEY_SIZE];
+	char wrapped_vk[FVAULT2_WRAPPED_KEY_SIZE];
+	char family_uuid[FVAULT2_UUID_SIZE];
+	char ph_vol_uuid[FVAULT2_UUID_SIZE];
+	uint64_t log_vol_off;
+	uint64_t log_vol_size;
+};
+
+int FVAULT2_read_metadata(
+	struct crypt_device *cd,
+	struct fvault2_params *params);
+
+int FVAULT2_get_volume_key(
+	struct crypt_device *cd,
+	const char *passphr,
+	size_t passphr_len,
+	const struct fvault2_params *params,
+	struct volume_key **vol_key);
+
+int FVAULT2_dump(
+	struct crypt_device *cd,
+	struct device *device,
+	const struct fvault2_params *params);
+
+int FVAULT2_activate_by_passphrase(
+	struct crypt_device *cd,
+	const char *name,
+	const char *passphr,
+	size_t passphr_len,
+	const struct fvault2_params *params,
+	uint32_t flags);
+
+int FVAULT2_activate_by_volume_key(
+	struct crypt_device *cd,
+	const char *name,
+	const char *key,
+	size_t key_size,
+	const struct fvault2_params *params,
+	uint32_t flags);
+
+#endif

lib/libcryptsetup.h

@@ -429,6 +429,8 @@ int crypt_get_metadata_size(struct crypt_device *cd,
 #define CRYPT_INTEGRITY "INTEGRITY"
 /** BITLK (BitLocker-compatible mode) */
 #define CRYPT_BITLK "BITLK"
+/** FVAULT2 (FileVault2-compatible mode) */
+#define CRYPT_FVAULT2 "FVAULT2"
 
 /** LUKS any version */
 #define CRYPT_LUKS NULL

lib/setup.c

@@ -37,6 +37,7 @@
 #include "tcrypt/tcrypt.h"
 #include "integrity/integrity.h"
 #include "bitlk/bitlk.h"
+#include "fvault2/fvault2.h"
 #include "utils_device_locking.h"
 #include "internal.h"
 #include "keyslot_context.h"
@@ -114,6 +115,9 @@ struct crypt_device {
 		struct bitlk_metadata params;
 		char *cipher_spec;
 	} bitlk;
+	struct { /* used in CRYPT_FVAULT2 */
+		struct fvault2_params params;
+	} fvault2;
 	struct { /* used if initialized without header by name */
 		char *active_name;
 		/* buffers, must refresh from kernel on every query */
@@ -325,6 +329,11 @@ static int isBITLK(const char *type)
 	return (type && !strcmp(CRYPT_BITLK, type));
 }
 
+static int isFVAULT2(const char *type)
+{
+	return (type && !strcmp(CRYPT_FVAULT2, type));
+}
+
 static int _onlyLUKS(struct crypt_device *cd, uint32_t cdflags)
 {
 	int r = 0;
@@ -1008,6 +1017,24 @@ static int _crypt_load_bitlk(struct crypt_device *cd)
 	return 0;
 }
 
+static int _crypt_load_fvault2(struct crypt_device *cd)
+{
+	int r;
+
+	r = init_crypto(cd);
+	if (r < 0)
+		return r;
+
+	r = FVAULT2_read_metadata(cd, &cd->u.fvault2.params);
+	if (r < 0)
+		return r;
+
+	if (!cd->type && !(cd->type = strdup(CRYPT_FVAULT2)))
+		return -ENOMEM;
+
+	return 0;
+}
+
 int crypt_load(struct crypt_device *cd,
 	       const char *requested_type,
 	       void *params)
@@ -1059,6 +1086,12 @@ int crypt_load(struct crypt_device *cd,
 			return -EINVAL;
 		}
 		r = _crypt_load_bitlk(cd);
+	} else if (isFVAULT2(requested_type)) {
+		if (cd->type && !isFVAULT2(cd->type)) {
+			log_dbg(cd, "Context is already initialized to type %s", cd->type);
+			return -EINVAL;
+		}
+		r = _crypt_load_fvault2(cd);
 	} else
 		return -EINVAL;
 
@@ -1312,6 +1345,13 @@ static int _init_by_name_crypt(struct crypt_device *cd, const char *name)
 			crypt_set_null_type(cd);
 			r = 0;
 		}
+	} else if (isFVAULT2(cd->type)) {
+		r = _crypt_load_fvault2(cd);
+		if (r < 0) {
+			log_dbg(cd, "FVAULT2 device header not available.");
+			crypt_set_null_type(cd);
+			r = 0;
+		}
 	}
 out:
 	dm_targets_free(cd, &dmd);
@@ -1482,6 +1522,8 @@ int crypt_init_by_name_and_header(struct crypt_device **cd,
 			(*cd)->type = strdup(CRYPT_INTEGRITY);
 		else if (!strncmp(CRYPT_BITLK, dmd.uuid, sizeof(CRYPT_BITLK)-1))
 			(*cd)->type = strdup(CRYPT_BITLK);
+		else if (!strncmp(CRYPT_FVAULT2, dmd.uuid, sizeof(CRYPT_FVAULT2)-1))
+			(*cd)->type = strdup(CRYPT_FVAULT2);
 		else
 			log_dbg(NULL, "Unknown UUID set, some parameters are not set.");
 	} else
@@ -4891,6 +4933,11 @@ int crypt_volume_key_get_by_keyslot_context(struct crypt_device *cd,
 			r = BITLK_get_volume_key(cd, passphrase, passphrase_size, &cd->u.bitlk.params, &vk);
 		if (r < 0)
 			log_err(cd, _("Cannot retrieve volume key for BITLK device."));
+	} else if (isFVAULT2(cd->type)) {
+		if (passphrase)
+			r = FVAULT2_get_volume_key(cd, passphrase, passphrase_size, &cd->u.fvault2.params, &vk);
+		if (r < 0)
+			log_err(cd, _("Cannot retrieve volume key for FVAULT2 device."));
 	} else
 		log_err(cd, _("This operation is not supported for %s crypt device."), cd->type ?: "(none)");