eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-13 20:00:08 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fvault2: store UUIDs in text format

Browse Source
This commit is contained in:
Pavel Tobias
2022-10-21 17:38:15 +02:00
committed by Milan Broz
parent a5c7bba6ee
commit cd5bd1c773
2 changed files with 43 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
lib/fvault2/fvault2.c
View File

@@ -55,6 +55,9 @@
/* size of an XTS tweak value */ /* size of an XTS tweak value */
#define FVAULT2_XTS_TWEAK_SIZE 16 #define FVAULT2_XTS_TWEAK_SIZE 16
/* size of a binary representation of a UUID */
#define FVAULT2_UUID_BIN_SIZE 16
struct crc32_checksum { struct crc32_checksum {
uint32_t value; uint32_t value;
uint32_t seed; uint32_t seed;
@@ -79,7 +82,7 @@ struct volume_header {
uint32_t cipher; uint32_t cipher;
uint8_t key_data[FVAULT2_AES_KEY_SIZE]; uint8_t key_data[FVAULT2_AES_KEY_SIZE];
uint8_t unknown5[112]; uint8_t unknown5[112];
uint8_t ph_vol_uuid[FVAULT2_UUID_SIZE]; uint8_t ph_vol_uuid[FVAULT2_UUID_BIN_SIZE];
} __attribute__((packed)); } __attribute__((packed));
struct volume_groups_descriptor { struct volume_groups_descriptor {
@@ -431,6 +434,26 @@ out:
return r; return r;
} }
/**
* Validate a UUID string and reformat it to match system defaults.
* @param[in] uuid_in the original UUID string
* @param[out] uuid_out the reformatted UUID string
*/
static int _reformat_uuid(
const char *uuid_in,
char *uuid_out)
{
uint8_t uuid_bin[UUID_STR_LEN];
int r;
r = uuid_parse(uuid_in, uuid_bin);
if (r < 0)
return -EINVAL;
uuid_unparse(uuid_bin, uuid_out);
return 0;
}
/** /**
* Extract relevant info from a metadata block of type 0x001A. * Extract relevant info from a metadata block of type 0x001A.
* @param[in] md_block the pre-read and decrypted metadata block * @param[in] md_block the pre-read and decrypted metadata block
@@ -440,7 +463,7 @@ out:
static int _parse_metadata_block_0x001a( static int _parse_metadata_block_0x001a(
const struct metadata_block_0x001a *md_block, const struct metadata_block_0x001a *md_block,
uint64_t *log_vol_size, uint64_t *log_vol_size,
uint8_t *family_uuid) char *family_uuid)
{ {
int r = 0; int r = 0;
char *xml = NULL; char *xml = NULL;
@@ -470,7 +493,7 @@ static int _parse_metadata_block_0x001a(
&family_uuid_str); &family_uuid_str);
if (r < 0) if (r < 0)
goto out; goto out;
r = uuid_parse(family_uuid_str, family_uuid); r = _reformat_uuid(family_uuid_str, family_uuid);
if (r < 0) if (r < 0)
goto out; goto out;
@@ -508,7 +531,7 @@ static int _read_volume_header(
struct crypt_device *cd, struct crypt_device *cd,
uint64_t *block_size, uint64_t *block_size,
uint64_t *disklbl_blkoff, uint64_t *disklbl_blkoff,
uint8_t *ph_vol_uuid, char *ph_vol_uuid,
struct volume_key **enc_md_key) struct volume_key **enc_md_key)
{ {
int r = 0; int r = 0;
@@ -555,7 +578,7 @@ static int _read_volume_header(
*block_size = le32_to_cpu(vol_header->block_size); *block_size = le32_to_cpu(vol_header->block_size);
*disklbl_blkoff = le64_to_cpu(vol_header->disklbl_blkoff); *disklbl_blkoff = le64_to_cpu(vol_header->disklbl_blkoff);
memcpy(ph_vol_uuid, vol_header->ph_vol_uuid, FVAULT2_UUID_SIZE); uuid_unparse(vol_header->ph_vol_uuid, ph_vol_uuid);
memcpy((*enc_md_key)->key, vol_header->key_data, FVAULT2_AES_KEY_SIZE); memcpy((*enc_md_key)->key, vol_header->key_data, FVAULT2_AES_KEY_SIZE);
memcpy((*enc_md_key)->key + FVAULT2_AES_KEY_SIZE, memcpy((*enc_md_key)->key + FVAULT2_AES_KEY_SIZE,
vol_header->ph_vol_uuid, FVAULT2_AES_KEY_SIZE); vol_header->ph_vol_uuid, FVAULT2_AES_KEY_SIZE);
@@ -724,7 +747,7 @@ static int _read_encrypted_metadata(
case 0x001A: case 0x001A:
r = _parse_metadata_block_0x001a(md_block, r = _parse_metadata_block_0x001a(md_block,
&params->log_vol_size, &params->log_vol_size,
(uint8_t *)params->family_uuid); params->family_uuid);
if (r < 0) if (r < 0)
goto out; goto out;
status |= FVAULT2_ENC_MD_PARSED_0x001A; status |= FVAULT2_ENC_MD_PARSED_0x001A;
@@ -822,7 +845,7 @@ int FVAULT2_read_metadata(
} }
r = _read_volume_header(devfd, cd, &block_size, &disklbl_blkoff, r = _read_volume_header(devfd, cd, &block_size, &disklbl_blkoff,
(uint8_t *)params->ph_vol_uuid, &enc_md_key); params->ph_vol_uuid, &enc_md_key);
if (r < 0) if (r < 0)
goto out; goto out;
@@ -853,12 +876,18 @@ int FVAULT2_get_volume_key(
struct volume_key **vol_key) struct volume_key **vol_key)
{ {
int r = 0; int r = 0;
uint8_t family_uuid_bin[FVAULT2_UUID_BIN_SIZE];
struct volume_key *passphr_key = NULL; struct volume_key *passphr_key = NULL;
struct volume_key *kek = NULL; struct volume_key *kek = NULL;
struct crypt_hash *hash = NULL; struct crypt_hash *hash = NULL;
*vol_key = NULL; *vol_key = NULL;
if (uuid_parse(params->family_uuid, family_uuid_bin) < 0) {
r = -EINVAL;
goto out;
}
passphr_key = crypt_alloc_volume_key(FVAULT2_AES_KEY_SIZE, NULL); passphr_key = crypt_alloc_volume_key(FVAULT2_AES_KEY_SIZE, NULL);
if (passphr_key == NULL) { if (passphr_key == NULL) {
r = -ENOMEM; r = -ENOMEM;
@@ -901,7 +930,8 @@ int FVAULT2_get_volume_key(
r = crypt_hash_write(hash, (*vol_key)->key, FVAULT2_AES_KEY_SIZE); r = crypt_hash_write(hash, (*vol_key)->key, FVAULT2_AES_KEY_SIZE);
if (r < 0) if (r < 0)
goto out; goto out;
r = crypt_hash_write(hash, params->family_uuid, FVAULT2_UUID_SIZE); r = crypt_hash_write(hash, (char *)family_uuid_bin,
FVAULT2_UUID_BIN_SIZE);
if (r < 0) if (r < 0)
goto out; goto out;
r = crypt_hash_final(hash, (*vol_key)->key + FVAULT2_AES_KEY_SIZE, r = crypt_hash_final(hash, (*vol_key)->key + FVAULT2_AES_KEY_SIZE,
@@ -929,9 +959,8 @@ int FVAULT2_dump(
log_std(cd, "Header information for FVAULT2 device %s.\n", log_std(cd, "Header information for FVAULT2 device %s.\n",
device_path(device)); device_path(device));
log_std(cd, "Physical volume UUID \t"); log_std(cd, "Physical volume UUID: \t%s\n", params->ph_vol_uuid);
crypt_log_hex(cd, params->ph_vol_uuid, FVAULT2_UUID_SIZE, " ", 0, NULL); log_std(cd, "Family UUID: \t%s\n", params->family_uuid);
log_std(cd, "\n");
log_std(cd, "Logical volume offset:\t%" PRIu64 " [bytes]\n", log_std(cd, "Logical volume offset:\t%" PRIu64 " [bytes]\n",
params->log_vol_off); params->log_vol_off);
@@ -950,10 +979,6 @@ int FVAULT2_dump(
NULL); NULL);
log_std(cd, "\n"); log_std(cd, "\n");
log_std(cd, "Family UUID: \t");
crypt_log_hex(cd, params->family_uuid, FVAULT2_UUID_SIZE, " ", 0, NULL);
log_std(cd, "\n");
return 0; return 0;
} }

6
lib/fvault2/fvault2.h
View File

@@ -26,7 +26,7 @@
#define FVAULT2_WRAPPED_KEY_SIZE 24 #define FVAULT2_WRAPPED_KEY_SIZE 24
#define FVAULT2_PBKDF2_SALT_SIZE 16 #define FVAULT2_PBKDF2_SALT_SIZE 16
#define FVAULT2_UUID_SIZE 16 #define FVAULT2_UUID_LEN 37
struct crypt_device; struct crypt_device;
struct volume_key; struct volume_key;
@@ -39,8 +39,8 @@ struct fvault2_params {
char pbkdf2_salt[FVAULT2_PBKDF2_SALT_SIZE]; char pbkdf2_salt[FVAULT2_PBKDF2_SALT_SIZE];
char wrapped_kek[FVAULT2_WRAPPED_KEY_SIZE]; char wrapped_kek[FVAULT2_WRAPPED_KEY_SIZE];
char wrapped_vk[FVAULT2_WRAPPED_KEY_SIZE]; char wrapped_vk[FVAULT2_WRAPPED_KEY_SIZE];
char family_uuid[FVAULT2_UUID_SIZE]; char family_uuid[FVAULT2_UUID_LEN];
char ph_vol_uuid[FVAULT2_UUID_SIZE]; char ph_vol_uuid[FVAULT2_UUID_LEN];
uint64_t log_vol_off; uint64_t log_vol_off;
uint64_t log_vol_size; uint64_t log_vol_size;
}; };