crypt_activate_by_keyslot_context never respected pbkdf serialation
flag (CRYPT_ACTIVATE_SERIALIZE_MEMORY_HARD_PBKDF).
In fact it worked only when device was activated via passphrase or via
passphrase file. It was never respected when device was activated
by a token for example.
When the internal code was fully switched to activation via keyslot
context the legacy code for passphrase based activation was dropped
and we lost track of serialization flag completely.
This fixes all of the issues so now the serialization flag will be
respected also with tokens (and all other activation methods unlocking
LUKS2 keyslot with memory hard pbkdf).
Fixes: 58385d68d8 (Allow activation via keyslot context)
Fixes: #968.
While allocating internal data structure for a device
overlaying reencryption hotzone we accidentally read
tested the device in each reencryption step. This
was suboptimal so now the device is read only once
while initializing the reencryption device-mapper stack.
Make the PHMAC integrity algorithm know to libcryptsetup.
The size of a key for PHMAC is not known, because PHMAC gets an opaque
blob as key, who's physical size has nothing to do with the cryptographic
size. Thus, let INTEGRITY_key_size() and crypt_parse_integrity_mode()
return the required_key_size as key size for PHMAC, or -EINVAL if
required_key_size is zero, to indicate that the size is unknown.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
Do not print sed-opal spefic debug messages with confusing
error codes if ioctl() call failed with -1. Usually that means
the kernel does not support sed-opal interface or the requested
ioctl number is not implemented.
ioctl syscall always returns -1 on error (see ioctl(2)).
On error the actual reason is reported via errno varible.
Let's store the original errno code in the variable
so that it can be printed out in debug mode.
Before this fix the debug message always reported "Operation not
permited" (the translation of errno EPERM (1)).
The lr member in opal_lr_act kernel structure is
ingnored unless the device is being activated in SUM
mode.
See kernel implementation of IOC_OPAL_ACTIVATE_LSP
in block/sed-opal.c
When formating device with --integrity-inline option
there's a check if underlying device properly advertise
integrity profile support. The check did not work
properly for partition device nodes. We have to read
integrity profile info from top level block device.
Fixes: #964.
The PSID reset erases the block device it's submitted to
succesfully.
By submitting the command to read-only fd previously
there were partition device nodes still visible in
the /dev directory because kernel does not trigger rescan
after OPAL2 PSID reset. Even though all the partition were
actually erased (including the partition table).
We workaround the issue by submitting the PSID reset
to R/W fd so that it triggers rescan event on close.
These LUKS2 labels are stored in the binary header area that has limited size.
While we have been silently truncating strings here, it is something that
is not expected, as the final label is then different than expected.
Let's fix the code to explicitly print and return error here.
Also remove the comment about duplicate check. It is incorrect optimization,
as some users will expect a real write on disk, we should no skip it.
Fixes: #958
The compiler may advertise function attribute support
with __has_attribute operator even though it does
not implement the feature on some architecture.
This fixes the issue with GCC 11 on ppc64le with
__attribute__((zero_call_used_regs("used"))).
Fixes: #959.
This commit implements FVE metadata block validation based on:
* CRC-32 (to detect random corruption);
* AES-CCM-encrypted SHA-256 (to detect malicious manipulations).
The hash-based validation requires us to decrypt the VMK first, so
it's only performed when obtaining the volume key.
This allows us to detect corrupted/altered FVE metadata blocks and
pick the valid one (before this commit: the first FVE metadata block
is always selected).
Fixes: #953
tests: add BitLocker image with corrupted headers
The image contains 2 manually corrupted metadata blocks (out of 3),
the library should use the third one to correctly load the volume.
Signed-off-by: Maxim Suhanov <dfirblog@gmail.com>
LUKS2 keyslot cannot be created with cipher_null using standard
tools, but activation of such a keyslot is allowed.
As this can be confusing and create a false sense of security,
let's apply the same restriction as in LUKS1 - such a keyslot
is used only with an empty passphrase.
This will reject activation with a real password, avoiding
possible activation of insecure LUKS containers.
Fixes: #954
This prevents gcc warnings:
warning: initializer-string for array of 'unsigned char' truncates
NUL terminator but destination lacks 'nonstring' attribute
While there is "nonstring" attribute, clang does not support it,
so this is the simplest solution.
The maximum parallel cost is set since the introduction of Argon2 to 4.
Do not silently decrease the value (if explicitly set by the option)
but fail instead.
When TCRYPT subdevices was moved to use SUBDEV dm uuid prefix
we did not correctly modified the TCRYPT_status_one routine
to correctly expect the SUBDEV uuid prefix.
Fixes: cf630f578dFixes: #952.
