/* * TCRYPT compatible volume handling * * Copyright (C) 2012, Red Hat, Inc. All rights reserved. * Copyright (C) 2012, Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * version 2 as published by the Free Software Foundation. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ #include #include #include #include #include #include #include "libcryptsetup.h" #include "tcrypt.h" #include "internal.h" /* TCRYPT PBKDF variants */ static struct { unsigned int legacy:1; char *name; char *hash; unsigned int iterations; } tcrypt_kdf[] = { { 0, "pbkdf2", "ripemd160", 2000 }, { 0, "pbkdf2", "ripemd160", 1000 }, { 0, "pbkdf2", "sha512", 1000 }, { 0, "pbkdf2", "whirlpool", 1000 }, { 1, "pbkdf2", "sha1", 2000 }, { 0, NULL, NULL, 0 } }; struct tcrypt_alg { const char *name; unsigned int key_size; unsigned int iv_size; }; /* TCRYPT cipher variants */ static struct { unsigned int legacy:1; const char *mode; struct tcrypt_alg cipher[3]; } tcrypt_cipher[] = { { 0, "xts-plain64",{{"aes", 64,16}}}, { 0, "xts-plain64",{{"serpent",64,16}}}, { 0, "xts-plain64",{{"twofish",64,16}}}, { 0, "xts-plain64",{{"twofish",64,16},{"aes", 64,16}}}, { 0, "xts-plain64",{{"serpent",64,16},{"twofish",64,16},{"aes", 64,16}}}, { 0, "xts-plain64",{{"aes", 64,16},{"serpent",64,16}}}, { 0, "xts-plain64",{{"aes", 64,16},{"twofish",64,16},{"serpent",64,16}}}, { 0, "xts-plain64",{{"serpent",64,16},{"twofish",64,16}}}, { 0, "lrw-benbi", {{"aes", 48,16}}}, { 0, "lrw-benbi", {{"serpent",48,16}}}, { 0, "lrw-benbi", {{"twofish",48,16}}}, { 0, "lrw-benbi", {{"twofish",48,16},{"aes", 48,16}}}, { 0, "lrw-benbi", {{"serpent",48,16},{"twofish",48,16},{"aes", 48,16}}}, { 0, "lrw-benbi", {{"aes", 48,16},{"serpent",48,16}}}, { 0, "lrw-benbi", {{"aes", 48,16},{"twofish",48,16},{"serpent",48,16}}}, { 0, "lrw-benbi", {{"serpent",48,16},{"twofish",48,16}}}, { 1, "cbc-tcrypt", {{"aes", 32,16}}}, { 1, "cbc-tcrypt", {{"serpent",32,16}}}, { 1, "cbc-tcrypt", {{"twofish",32,16}}}, { 1, "cbci-tcrypt",{{"twofish",32,16},{"aes", 32,16}}}, { 1, "cbci-tcrypt",{{"serpent",32,16},{"twofish",32,16},{"aes", 32,16}}}, { 1, "cbci-tcrypt",{{"aes", 32,16},{"serpent",32,16}}}, { 1, "cbci-tcrypt",{{"aes", 32,16},{"twofish",32,16},{"serpent",32,16}}}, { 1, "cbci-tcrypt",{{"serpent",32,16},{"twofish",32,16}}}, { 1, "cbc-tcrypt", {{"cast5", 16,8}}}, { 1, "cbc-tcrypt", {{"des3_ede",24,8}}}, // kernel LRW block size is fixed to 16 bytes // thus cannot be used with blowfish where block is 8 bytes //{ 1,"lrw-benbi",{{"blowfish",64,8}}}, //{ 1,"lrw-benbi",{{"blowfish",64,8},{"aes",48,16}}}, //{ 1,"lrw-benbi",{{"serpent",48,16},{"blowfish",64,8},{"aes",48,16}}}, // FIXME: why this doesn't work (blowfish key wrong)? //{ 1,"cbc-tcrypt",{{"blowfish",56,8}}}, //{ 1,"cbc-tcrypt",{{"blowfish",56,8},{"aes",32,16}}}, //{ 1,"cbc-tcrypt",{{"serpent",32,16},{"blowfish",56,8},{"aes",32,16}}}, {} }; static void hdr_info(struct crypt_device *cd, struct tcrypt_phdr *hdr, struct crypt_params_tcrypt *params) { log_dbg("Version: %d, required %d", (int)hdr->d.version, (int)hdr->d.version_tc); log_dbg("Hidden size: %" PRIu64, hdr->d.hidden_volume_size); log_dbg("Volume size: %" PRIu64, hdr->d.volume_size); log_dbg("Sector size: %" PRIu64, hdr->d.sector_size); log_dbg("Flags: %d", (int)hdr->d.flags); log_dbg("MK: offset %d, size %d", (int)hdr->d.mk_offset, (int)hdr->d.mk_size); log_dbg("KDF: PBKDF2, hash %s", params->hash_name); log_dbg("Cipher: %s-%s", params->cipher, params->mode); } static int hdr_from_disk(struct tcrypt_phdr *hdr, struct crypt_params_tcrypt *params, int kdf_index, int cipher_index) { char cipher_name[MAX_CIPHER_LEN * 4]; uint32_t crc32; size_t size; /* Check CRC32 of header */ size = TCRYPT_HDR_LEN - sizeof(hdr->d.keys) - sizeof(hdr->d.header_crc32); crc32 = crypt_crc32(~0, (unsigned char*)&hdr->d, size) ^ ~0; if (be16_to_cpu(hdr->d.version) > 3 && crc32 != be32_to_cpu(hdr->d.header_crc32)) { log_dbg("TCRYPT header CRC32 mismatch."); return -EINVAL; } /* Check CRC32 of keys */ crc32 = crypt_crc32(~0, (unsigned char*)hdr->d.keys, sizeof(hdr->d.keys)) ^ ~0; if (crc32 != be32_to_cpu(hdr->d.keys_crc32)) { log_dbg("TCRYPT keys CRC32 mismatch."); return -EINVAL; } /* Convert header to cpu format */ hdr->d.version = be16_to_cpu(hdr->d.version); hdr->d.version_tc = le16_to_cpu(hdr->d.version_tc); // ??? hdr->d.keys_crc32 = be32_to_cpu(hdr->d.keys_crc32); hdr->d.hidden_volume_size = be64_to_cpu(hdr->d.hidden_volume_size); hdr->d.volume_size = be64_to_cpu(hdr->d.volume_size); hdr->d.mk_offset = be64_to_cpu(hdr->d.mk_offset); if (!hdr->d.mk_offset) hdr->d.mk_offset = 512; hdr->d.mk_size = be64_to_cpu(hdr->d.mk_size); hdr->d.flags = be32_to_cpu(hdr->d.flags); hdr->d.sector_size = be32_to_cpu(hdr->d.sector_size); if (!hdr->d.sector_size) hdr->d.sector_size = 512; hdr->d.header_crc32 = be32_to_cpu(hdr->d.header_crc32); /* Set params */ params->passphrase = NULL; params->passphrase_size = 0; params->hash_name = tcrypt_kdf[kdf_index].hash; params->key_size = tcrypt_cipher[cipher_index].cipher[0].key_size; strncpy(cipher_name, tcrypt_cipher[cipher_index].cipher[0].name, sizeof(cipher_name)); if (tcrypt_cipher[cipher_index].cipher[1].name) { strcat(cipher_name, "-"); strncat(cipher_name, tcrypt_cipher[cipher_index].cipher[1].name, MAX_CIPHER_LEN); params->key_size += tcrypt_cipher[cipher_index].cipher[1].key_size; } if (tcrypt_cipher[cipher_index].cipher[2].name) { strcat(cipher_name, "-"); strncat(cipher_name, tcrypt_cipher[cipher_index].cipher[2].name, MAX_CIPHER_LEN); params->key_size += tcrypt_cipher[cipher_index].cipher[2].key_size; } params->cipher = strdup(cipher_name); params->mode = strdup(tcrypt_cipher[cipher_index].mode); return 0; } static int decrypt_hdr_one(const char *name, const char *mode, const char *key, size_t key_size, size_t iv_size, struct tcrypt_phdr *hdr) { char iv[TCRYPT_HDR_IV_LEN] = {}; char mode_name[MAX_CIPHER_LEN]; struct crypt_cipher *cipher; char *c, *buf = (char*)&hdr->e; int r; /* Remove IV if present */ strncpy(mode_name, mode, MAX_CIPHER_LEN); c = strchr(mode_name, '-'); if (c) *c = '\0'; if (!strncmp(mode, "lrw", 3)) iv[iv_size - 1] = 1; else if (!strncmp(mode, "cbc", 3)) memcpy(iv, &key[key_size], iv_size); r = crypt_cipher_init(&cipher, name, mode_name, key, key_size); if (r < 0) return r; r = crypt_cipher_decrypt(cipher, buf, buf, TCRYPT_HDR_LEN, iv, iv_size); crypt_cipher_destroy(cipher); return r; } static void copy_key(char *out_key, const char *key, int key_num, int ks, int ki, const char *mode) { if (!strncmp(mode, "xts", 3)) { int ks2 = ks / 2; memcpy(out_key, &key[ks2 * ki], ks2); memcpy(&out_key[ks2], &key[ks2 * (++key_num + ki)], ks2); } else if (!strncmp(mode, "lrw", 3)) { /* First is LRW index key */ ki++; ks -= TCRYPT_LRW_IKEY_LEN; memcpy(out_key, &key[ks * ki], ks); memcpy(&out_key[ks * ki], key, TCRYPT_LRW_IKEY_LEN); } else if (!strncmp(mode, "cbc", 3)) { ki++; memcpy(out_key, &key[ki * 32], ks); memcpy(&out_key[ks], key, 32); } } /* * For chanined ciphers and CBC mode we need "inner" decryption. * Backend doesn't provide this, so implement it here directly using ECB. */ static int decrypt_hdr_cbci(struct tcrypt_alg ciphers[3], const char *key, struct tcrypt_phdr *hdr) { struct crypt_cipher *cipher[3] = {}; int bs = ciphers[0].iv_size; char *buf = (char*)&hdr->e, iv[bs], iv_old[bs]; int i, j, r; memcpy(iv, key, bs); /* Initialize all ciphers in chain in ECB mode */ for (j = 0; j < 3; j++) { if (!ciphers[j].name) continue; r = crypt_cipher_init(&cipher[j], ciphers[j].name, "ecb", &key[(j+1)*32], ciphers[j].key_size); if (r < 0) goto out; } /* Implements CBC with chained ciphers in inner loop */ for (i = 0; i < TCRYPT_HDR_LEN; i += bs) { memcpy(iv_old, &buf[i], bs); for (j = 2; j >= 0; j--) { if (!cipher[j]) continue; r = crypt_cipher_decrypt(cipher[j], &buf[i], &buf[i], bs, NULL, 0); if (r < 0) goto out; } for (j = 0; j < bs; j++) buf[i + j] ^= iv[j]; memcpy(iv, iv_old, bs); } out: for (j = 0; j < 3; j++) if (cipher[j]) crypt_cipher_destroy(cipher[j]); return r; } static int top_cipher(struct tcrypt_alg cipher[3]) { if (cipher[2].name) return 2; if (cipher[1].name) return 1; return 0; } static int decrypt_hdr(struct crypt_device *cd, struct tcrypt_phdr *hdr, const char *key, int legacy_modes) { char one_key[TCRYPT_HDR_KEY_LEN]; struct tcrypt_phdr hdr2; int i, j, r; for (i = 0; tcrypt_cipher[i].cipher[0].name; i++) { if (!legacy_modes && tcrypt_cipher[i].legacy) continue; log_dbg("TCRYPT: trying cipher: %s%s%s%s%s-%s.", tcrypt_cipher[i].cipher[0].name, tcrypt_cipher[i].cipher[1].name ? "-" : "", tcrypt_cipher[i].cipher[1].name ?: "", tcrypt_cipher[i].cipher[2].name ? "-" : "", tcrypt_cipher[i].cipher[2].name ?: "", tcrypt_cipher[i].mode); memcpy(&hdr2.e, &hdr->e, TCRYPT_HDR_LEN); /* Remove CBC whitening */ if (!strncmp(tcrypt_cipher[i].mode, "cbc", 3)) { char *buf = (char*)&hdr2.e; for (j = 0; j < TCRYPT_HDR_LEN; j++) buf[j] ^= key[8 + j % 8]; } /* For chained (inner) CBC we do not have API support */ if (!strncmp(tcrypt_cipher[i].mode, "cbci", 4)) r = decrypt_hdr_cbci(tcrypt_cipher[i].cipher, key, &hdr2); else for (j = 2; j >= 0 ; j--) { if (!tcrypt_cipher[i].cipher[j].name) continue; copy_key(one_key, key, top_cipher(tcrypt_cipher[i].cipher), tcrypt_cipher[i].cipher[j].key_size, j, tcrypt_cipher[i].mode); r = decrypt_hdr_one(tcrypt_cipher[i].cipher[j].name, tcrypt_cipher[i].mode, one_key, tcrypt_cipher[i].cipher[j].key_size, tcrypt_cipher[i].cipher[j].iv_size, &hdr2); if (r < 0) { log_dbg("Error %s.", tcrypt_cipher[i].cipher[j].name); break; } } if (!strncmp(hdr2.d.magic, TCRYPT_HDR_MAGIC, TCRYPT_HDR_MAGIC_LEN)) { log_dbg("TCRYPT: Signature magic detected."); memcpy(&hdr->e, &hdr2.e, TCRYPT_HDR_LEN); memset(&hdr2.e, 0, TCRYPT_HDR_LEN); r = i; break; } r = -EPERM; } memset(one_key, 0, sizeof(*one_key)); return r; } static int pool_keyfile(struct crypt_device *cd, unsigned char pool[TCRYPT_KEY_POOL_LEN], const char *keyfile) { unsigned char data[TCRYPT_KEYFILE_LEN]; int i, j, fd, data_size; uint32_t crc; unsigned char *crc_c = (unsigned char*)&crc; log_dbg("TCRYPT: using keyfile %s.", keyfile); fd = open(keyfile, O_RDONLY); if (fd < 0) { log_err(cd, _("Failed to open key file.\n")); return -EIO; } /* FIXME: add while */ data_size = read(fd, data, TCRYPT_KEYFILE_LEN); close(fd); if (data_size < 0) { log_err(cd, _("Error reading keyfile %s.\n"), keyfile); return -EIO; } for (i = 0, j = 0, crc = ~0U; i < data_size; i++) { crc = crypt_crc32(crc, &data[i], 1); pool[j++] += crc_c[3]; pool[j++] += crc_c[2]; pool[j++] += crc_c[1]; pool[j++] += crc_c[0]; j %= TCRYPT_KEY_POOL_LEN; } crc = 0; memset(data, 0, TCRYPT_KEYFILE_LEN); return 0; } static int TCRYPT_init_hdr(struct crypt_device *cd, struct tcrypt_phdr *hdr, struct crypt_params_tcrypt *params) { unsigned char pwd[TCRYPT_KEY_POOL_LEN] = {}; size_t passphrase_size; char *key; int r, i, legacy_modes; if (posix_memalign((void*)&key, crypt_getpagesize(), TCRYPT_HDR_KEY_LEN)) return -ENOMEM; if (params->keyfiles_count) passphrase_size = TCRYPT_KEY_POOL_LEN; else passphrase_size = params->passphrase_size; /* Calculate pool content from keyfiles */ for (i = 0; i < params->keyfiles_count; i++) { r = pool_keyfile(cd, pwd, params->keyfiles[i]); if (r < 0) goto out; } /* If provided password, combine it with pool */ for (i = 0; i < params->passphrase_size; i++) pwd[i] += params->passphrase[i]; legacy_modes = params->flags & CRYPT_TCRYPT_LEGACY_MODES ? 1 : 0; for (i = 0; tcrypt_kdf[i].name; i++) { if (!legacy_modes && tcrypt_kdf[i].legacy) continue; /* Derive header key */ log_dbg("TCRYPT: trying KDF: %s-%s-%d.", tcrypt_kdf[i].name, tcrypt_kdf[i].hash, tcrypt_kdf[i].iterations); r = crypt_pbkdf(tcrypt_kdf[i].name, tcrypt_kdf[i].hash, (char*)pwd, passphrase_size, hdr->salt, TCRYPT_HDR_SALT_LEN, key, TCRYPT_HDR_KEY_LEN, tcrypt_kdf[i].iterations); if (r < 0) break; /* Decrypt header */ r = decrypt_hdr(cd, hdr, key, legacy_modes); if (r != -EPERM) break; } if (r < 0) goto out; r = hdr_from_disk(hdr, params, i, r); if (r < 0) goto out; hdr_info(cd, hdr, params); out: memset(pwd, 0, TCRYPT_KEY_POOL_LEN); if (key) memset(key, 0, TCRYPT_HDR_KEY_LEN); free(key); return r; } int TCRYPT_read_phdr(struct crypt_device *cd, struct tcrypt_phdr *hdr, struct crypt_params_tcrypt *params) { struct device *device = crypt_metadata_device(cd); ssize_t hdr_size = sizeof(struct tcrypt_phdr); int devfd = 0, r; assert(sizeof(struct tcrypt_phdr) == 512); log_dbg("Reading TCRYPT header of size %d bytes from device %s.", hdr_size, device_path(device)); devfd = open(device_path(device), O_RDONLY | O_DIRECT); if (devfd == -1) { log_err(cd, _("Cannot open device %s.\n"), device_path(device)); return -EINVAL; } if ((params->flags & CRYPT_TCRYPT_HIDDEN_HEADER) && lseek(devfd, TCRYPT_HDR_HIDDEN_OFFSET, SEEK_SET) < 0) { log_err(cd, _("Cannot seek to hidden header for %s.\n"), device_path(device)); close(devfd); return -EIO; } if (read_blockwise(devfd, device_block_size(device), hdr, hdr_size) == hdr_size) r = TCRYPT_init_hdr(cd, hdr, params); else r = -EIO; close(devfd); return r; } int TCRYPT_activate(struct crypt_device *cd, const char *name, struct tcrypt_phdr *hdr, struct crypt_params_tcrypt *params, uint32_t flags) { char cipher[MAX_CIPHER_LEN], dm_name[PATH_MAX], dm_dev_name[PATH_MAX]; struct device *device = NULL; int i, r, num_ciphers; char cname[3][MAX_CIPHER_LEN]; struct crypt_dm_active_device dmd = { .target = DM_CRYPT, .size = 0, .data_device = crypt_data_device(cd), .u.crypt = { .cipher = cipher, .offset = crypt_get_data_offset(cd), .iv_offset = crypt_get_iv_offset(cd), } }; if (!hdr->d.version) { log_dbg("TCRYPT: this function is not supported without encrypted header load."); return -ENOTSUP; } if (hdr->d.sector_size && hdr->d.sector_size != SECTOR_SIZE) { log_err(cd, _("Activation is not supported for %d sector size.\n"), hdr->d.sector_size); return -ENOTSUP; } if (strstr(params->mode, "-tcrypt")) { log_err(cd, _("Kernel doesn't support activation for this TCRYPT legacy mode.\n")); return -ENOTSUP; } r = device_block_adjust(cd, dmd.data_device, DEV_EXCL, dmd.u.crypt.offset, &dmd.size, &dmd.flags); if (r) return r; /* Parse cipher chain from c1[-c2[-c3]] */ cname[0][0] = cname[1][0] = cname[2][0] = '\0'; num_ciphers = sscanf(params->cipher, "%" MAX_CIPHER_LEN_STR "[^-]-%" MAX_CIPHER_LEN_STR "[^-]-%" MAX_CIPHER_LEN_STR "s", cname[0], cname[1], cname[2]); if (num_ciphers < 1) return -EINVAL; /* Frome here, key size for every cipher must be the same */ dmd.u.crypt.vk = crypt_alloc_volume_key(params->key_size / num_ciphers, NULL); if (!dmd.u.crypt.vk) return -ENOMEM; for (i = 2; i >= 0; i--) { if (!cname[i][0]) continue; if (i == 0) { strncpy(dm_name, name, sizeof(dm_name)); dmd.flags = flags; } else { snprintf(dm_name, sizeof(dm_name), "%s_%d", name, i); dmd.flags = flags | CRYPT_ACTIVATE_PRIVATE; } snprintf(cipher, sizeof(cipher), "%s-%s", cname[i], params->mode); copy_key(dmd.u.crypt.vk->key, hdr->d.keys, num_ciphers - 1, params->key_size / num_ciphers, i, params->mode); if ((num_ciphers -1) != i) { snprintf(dm_dev_name, sizeof(dm_dev_name), "%s/%s_%d", dm_get_dir(), name, i + 1); r = device_alloc(&device, dm_dev_name); if (r) break; dmd.data_device = device; dmd.u.crypt.offset = 0; } log_dbg("Trying to activate TCRYPT device %s using cipher %s.", dm_name, dmd.u.crypt.cipher); r = dm_create_device(cd, dm_name, CRYPT_TCRYPT, &dmd, 0); device_free(device); device = NULL; if (r) break; } if (!r && !(dm_flags() & DM_PLAIN64_SUPPORTED)) { log_err(cd, _("Kernel doesn't support plain64 IV.\n")); r = -ENOTSUP; } crypt_free_volume_key(dmd.u.crypt.vk); return r; } static int remove_one(struct crypt_device *cd, const char *name, const char *base_uuid, int index) { struct crypt_dm_active_device dmd = {}; char dm_name[PATH_MAX]; int r; if (snprintf(dm_name, sizeof(dm_name), "%s_%d", name, index) < 0) return -ENOMEM; r = dm_status_device(cd, dm_name); if (r < 0) return r; r = dm_query_device(cd, dm_name, DM_ACTIVE_UUID, &dmd); if (!r && !strncmp(dmd.uuid, base_uuid, strlen(base_uuid))) r = dm_remove_device(cd, dm_name, 0, 0); free(CONST_CAST(void*)dmd.uuid); return r; } int TCRYPT_deactivate(struct crypt_device *cd, const char *name) { struct crypt_dm_active_device dmd = {}; int r; r = dm_query_device(cd, name, DM_ACTIVE_UUID, &dmd); if (r < 0) return r; if (!dmd.uuid) return -EINVAL; r = dm_remove_device(cd, name, 0, 0); if (r < 0) goto out; r = remove_one(cd, name, dmd.uuid, 1); if (r < 0) goto out; r = remove_one(cd, name, dmd.uuid, 2); if (r < 0) goto out; out: free(CONST_CAST(void*)dmd.uuid); return (r == -ENODEV) ? 0 : r; } static int status_one(struct crypt_device *cd, const char *name, const char *base_uuid, int index, size_t *key_size, char *cipher) { struct crypt_dm_active_device dmd = {}; char dm_name[PATH_MAX], *c; int r; if (snprintf(dm_name, sizeof(dm_name), "%s_%d", name, index) < 0) return -ENOMEM; r = dm_status_device(cd, dm_name); if (r < 0) return r; r = dm_query_device(cd, dm_name, DM_ACTIVE_UUID | DM_ACTIVE_CRYPT_CIPHER | DM_ACTIVE_CRYPT_KEYSIZE, &dmd); if (r > 0) r = 0; if (!r && !strncmp(dmd.uuid, base_uuid, strlen(base_uuid))) { if ((c = strchr(dmd.u.crypt.cipher, '-'))) *c = '\0'; strcat(cipher, "-"); strncat(cipher, dmd.u.crypt.cipher, MAX_CIPHER_LEN); *key_size += dmd.u.crypt.vk->keylength; } else r = -ENODEV; free(CONST_CAST(void*)dmd.uuid); free(CONST_CAST(void*)dmd.u.crypt.cipher); crypt_free_volume_key(dmd.u.crypt.vk); return r; } int TCRYPT_init_by_name(struct crypt_device *cd, const char *name, const struct crypt_dm_active_device *dmd, struct crypt_params_tcrypt *tcrypt_params, struct tcrypt_phdr *tcrypt_hdr) { char cipher[MAX_CIPHER_LEN * 4], *mode; memset(tcrypt_params, 0, sizeof(*tcrypt_params)); memset(tcrypt_hdr, 0, sizeof(*tcrypt_hdr)); strncpy(cipher, dmd->u.crypt.cipher, MAX_CIPHER_LEN); if ((mode = strchr(cipher, '-'))) { *mode = '\0'; tcrypt_params->mode = strdup(++mode); } tcrypt_params->key_size = dmd->u.crypt.vk->keylength; if (!status_one(cd, name, dmd->uuid, 1, &tcrypt_params->key_size, cipher)) status_one(cd, name, dmd->uuid, 2, &tcrypt_params->key_size, cipher); tcrypt_params->cipher = strdup(cipher); return 0; } uint64_t TCRYPT_get_data_offset(struct tcrypt_phdr *hdr) { // FIXME: system vol. if (!hdr->d.mk_offset) return 1; return (hdr->d.mk_offset / hdr->d.sector_size); } uint64_t TCRYPT_get_iv_offset(struct tcrypt_phdr *hdr) { if (!hdr->d.mk_offset) return 0; return (hdr->d.mk_offset / hdr->d.sector_size); }