#include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "libcryptsetup.h" #include "internal.h" struct safe_allocation { size_t size; char data[1]; }; static char *error=NULL; void set_error_va(const char *fmt, va_list va) { if(error) { free(error); error=NULL; } if(!fmt) return; if (vasprintf(&error, fmt, va) < 0) { free(error); error = NULL; } } void set_error(const char *fmt, ...) { va_list va; va_start(va, fmt); set_error_va(fmt, va); va_end(va); } const char *get_error(void) { return error; } void *safe_alloc(size_t size) { struct safe_allocation *alloc; if (!size) return NULL; alloc = malloc(size + offsetof(struct safe_allocation, data)); if (!alloc) return NULL; alloc->size = size; return &alloc->data; } void safe_free(void *data) { struct safe_allocation *alloc; if (!data) return; alloc = data - offsetof(struct safe_allocation, data); memset(data, 0, alloc->size); alloc->size = 0x55aa55aa; free(alloc); } void *safe_realloc(void *data, size_t size) { void *new_data; new_data = safe_alloc(size); if (new_data && data) { struct safe_allocation *alloc; alloc = data - offsetof(struct safe_allocation, data); if (size > alloc->size) size = alloc->size; memcpy(new_data, data, size); } safe_free(data); return new_data; } char *safe_strdup(const char *s) { char *s2 = safe_alloc(strlen(s) + 1); if (!s2) return NULL; return strcpy(s2, s); } static int get_alignment(int fd) { int alignment = DEFAULT_ALIGNMENT; #ifdef _PC_REC_XFER_ALIGN alignment = fpathconf(fd, _PC_REC_XFER_ALIGN); if (alignment < 0) alignment = DEFAULT_ALIGNMENT; #endif return alignment; } static void *aligned_malloc(void **base, int size, int alignment) { #ifdef HAVE_POSIX_MEMALIGN return posix_memalign(base, alignment, size) ? NULL : *base; #else /* Credits go to Michal's padlock patches for this alignment code */ char *ptr; ptr = malloc(size + alignment); if(ptr == NULL) return NULL; *base = ptr; if(alignment > 1 && ((long)ptr & (alignment - 1))) { ptr += alignment - ((long)(ptr) & (alignment - 1)); } return ptr; #endif } static int sector_size(int fd) { int bsize; if (ioctl(fd,BLKSSZGET, &bsize) < 0) return -EINVAL; else return bsize; } int sector_size_for_device(const char *device) { int fd = open(device, O_RDONLY); int r; if(fd < 0) return -EINVAL; r = sector_size(fd); close(fd); return r; } ssize_t write_blockwise(int fd, const void *orig_buf, size_t count) { void *hangover_buf, *hangover_buf_base = NULL; void *buf, *buf_base = NULL; int r, hangover, solid, bsize, alignment; ssize_t ret = -1; if ((bsize = sector_size(fd)) < 0) return bsize; hangover = count % bsize; solid = count - hangover; alignment = get_alignment(fd); if ((long)orig_buf & (alignment - 1)) { buf = aligned_malloc(&buf_base, count, alignment); if (!buf) goto out; memcpy(buf, orig_buf, count); } else buf = (void *)orig_buf; r = write(fd, buf, solid); if (r < 0 || r != solid) goto out; if (hangover) { hangover_buf = aligned_malloc(&hangover_buf_base, bsize, alignment); if (!hangover_buf) goto out; r = read(fd, hangover_buf, bsize); if(r < 0 || r != bsize) goto out; r = lseek(fd, -bsize, SEEK_CUR); if (r < 0) goto out; memcpy(hangover_buf, buf + solid, hangover); r = write(fd, hangover_buf, bsize); if(r < 0 || r != bsize) goto out; free(hangover_buf_base); } ret = count; out: if (buf != orig_buf) free(buf_base); return ret; } ssize_t read_blockwise(int fd, void *orig_buf, size_t count) { void *hangover_buf, *hangover_buf_base; void *buf, *buf_base = NULL; int r, hangover, solid, bsize, alignment; ssize_t ret = -1; if ((bsize = sector_size(fd)) < 0) return bsize; hangover = count % bsize; solid = count - hangover; alignment = get_alignment(fd); if ((long)orig_buf & (alignment - 1)) { buf = aligned_malloc(&buf_base, count, alignment); if (!buf) goto out; } else buf = orig_buf; r = read(fd, buf, solid); if(r < 0 || r != solid) { set_error("read failed in read_blockwise.\n"); goto out; } if (hangover) { hangover_buf = aligned_malloc(&hangover_buf_base, bsize, alignment); if (!hangover_buf) goto out; r = read(fd, hangover_buf, bsize); if (r < 0 || r != bsize) goto out; memcpy(buf + solid, hangover_buf, hangover); free(hangover_buf_base); } ret = count; out: if (buf != orig_buf) { memcpy(orig_buf, buf, count); free(buf_base); } return ret; } /* * Combines llseek with blockwise write. write_blockwise can already deal with short writes * but we also need a function to deal with short writes at the start. But this information * is implicitly included in the read/write offset, which can not be set to non-aligned * boundaries. Hence, we combine llseek with write. */ ssize_t write_lseek_blockwise(int fd, const char *buf, size_t count, off_t offset) { int bsize = sector_size(fd); const char *orig_buf = buf; char frontPadBuf[bsize]; int frontHang = offset % bsize; int r; int innerCount = count < bsize ? count : bsize; if (bsize < 0) return bsize; lseek(fd, offset - frontHang, SEEK_SET); if(offset % bsize) { r = read(fd,frontPadBuf,bsize); if(r < 0) return -1; memcpy(frontPadBuf+frontHang, buf, innerCount); lseek(fd, offset - frontHang, SEEK_SET); r = write(fd,frontPadBuf,bsize); if(r < 0) return -1; buf += innerCount; count -= innerCount; } if(count <= 0) return buf - orig_buf; return write_blockwise(fd, buf, count) + innerCount; } /* Password reading helpers */ static int untimed_read(int fd, char *pass, size_t maxlen) { ssize_t i; i = read(fd, pass, maxlen); if (i > 0) { pass[i-1] = '\0'; i = 0; } else if (i == 0) { /* EOF */ *pass = 0; i = -1; } return i; } static int timed_read(int fd, char *pass, size_t maxlen, long timeout) { struct timeval t; fd_set fds; int failed = -1; FD_ZERO(&fds); FD_SET(fd, &fds); t.tv_sec = timeout; t.tv_usec = 0; if (select(fd+1, &fds, NULL, NULL, &t) > 0) failed = untimed_read(fd, pass, maxlen); else set_error("Operation timed out"); return failed; } static int interactive_pass(const char *prompt, char *pass, size_t maxlen, long timeout) { struct termios orig, tmp; int failed = -1; int infd = STDIN_FILENO, outfd; if (maxlen < 1) goto out_err; /* Read and write to /dev/tty if available */ if ((infd = outfd = open("/dev/tty", O_RDWR)) == -1) { infd = STDIN_FILENO; outfd = STDERR_FILENO; } if (tcgetattr(infd, &orig)) { set_error("Unable to get terminal"); goto out_err; } memcpy(&tmp, &orig, sizeof(tmp)); tmp.c_lflag &= ~ECHO; if (write(outfd, prompt, strlen(prompt)) < 0) goto out_err; tcsetattr(infd, TCSAFLUSH, &tmp); if (timeout) failed = timed_read(infd, pass, maxlen, timeout); else failed = untimed_read(infd, pass, maxlen); tcsetattr(infd, TCSAFLUSH, &orig); out_err: if (!failed) (void)write(outfd, "\n", 1); if (infd != STDIN_FILENO) close(infd); return failed; } /* * Password reading behaviour matrix of get_key * * p v n h * -----------------+---+---+---+--- * interactive | Y | Y | Y | Inf * from fd | N | N | Y | Inf * from binary file | N | N | N | Inf or options->key_size * * Legend: p..prompt, v..can verify, n..newline-stop, h..read horizon * * Note: --key-file=- is interpreted as a read from a binary file (stdin) * * Returns true when more keys are available (that is when password * reading can be retried as for interactive terminals). */ int get_key(char *prompt, char **key, unsigned int *passLen, int key_size, const char *key_file, int passphrase_fd, int timeout, int how2verify) { int fd; const int verify = how2verify & CRYPT_FLAG_VERIFY; const int verify_if_possible = how2verify & CRYPT_FLAG_VERIFY_IF_POSSIBLE; char *pass = NULL; int newline_stop; int read_horizon; if(key_file && !strcmp(key_file, "-")) { /* Allow binary reading from stdin */ fd = passphrase_fd; newline_stop = 0; read_horizon = 0; } else if (key_file) { fd = open(key_file, O_RDONLY); if (fd < 0) { char buf[128]; set_error("Error opening key file: %s", strerror_r(errno, buf, 128)); goto out_err; } newline_stop = 0; /* This can either be 0 (LUKS) or the actually number * of key bytes (default or passed by -s) */ read_horizon = key_size; } else { fd = passphrase_fd; newline_stop = 1; read_horizon = 0; /* Infinite, if read from terminal or fd */ } /* Interactive case */ if(isatty(fd)) { int i; pass = safe_alloc(512); if (!pass || (i = interactive_pass(prompt, pass, 512, timeout))) { set_error("Error reading passphrase"); goto out_err; } if (verify || verify_if_possible) { char pass_verify[512]; i = interactive_pass("Verify passphrase: ", pass_verify, sizeof(pass_verify), timeout); if (i || strcmp(pass, pass_verify) != 0) { set_error("Passphrases do not match"); goto out_err; } memset(pass_verify, 0, sizeof(pass_verify)); } *passLen = strlen(pass); *key = pass; } else { /* * This is either a fd-input or a file, in neither case we can verify the input, * however we don't stop on new lines if it's a binary file. */ int buflen, i; if(verify) { set_error("Can't do passphrase verification on non-tty inputs"); goto out_err; } /* The following for control loop does an exhausting * read on the key material file, if requested with * key_size == 0, as it's done by LUKS. However, we * should warn the user, if it's a non-regular file, * such as /dev/random, because in this case, the loop * will read forever. */ if(key_file && strcmp(key_file, "-") && read_horizon == 0) { struct stat st; if(stat(key_file, &st) < 0) { set_error("Can't stat key file"); goto out_err; } if(!S_ISREG(st.st_mode)) { // set_error("Can't do exhausting read on non regular files"); // goto out_err; fprintf(stderr,"Warning: exhausting read requested, but key file is not a regular file, function might never return.\n"); } } buflen = 0; for(i = 0; read_horizon == 0 || i < read_horizon; i++) { if(i >= buflen - 1) { buflen += 128; pass = safe_realloc(pass, buflen); if (!pass) { set_error("Not enough memory while " "reading passphrase"); goto out_err; } } if(read(fd, pass + i, 1) != 1 || (newline_stop && pass[i] == '\n')) break; } if(key_file) close(fd); pass[i] = 0; *key = pass; *passLen = i; } return isatty(fd); /* Return true, when password reading can be tried on interactive fds */ out_err: if(pass) safe_free(pass); *key = NULL; *passLen = 0; return 0; }