File s390-tools-sles15sp1-0015-zkey-Add-zkey-cryptsetup-tool.patch of Package s390-tools
Subject: zkey: Add zkey-cryptsetup tool
From: Ingo Franzki <ifranzki@linux.ibm.com>
Summary: zkey: Support CCA master key change with LUKS2 volumes using paes
Description: Support the usage of protected key crypto for dm-crypt disks in
LUKS2 format by providing a tool allowing to re-encipher a
secure LUKS2 volume key when the CCA master key is changed
Upstream-ID: 4eb80d14a0554c8a404f06beeb53522e45d5df6e
Problem-ID: SEC1424.1
Upstream-Description:
zkey: Add zkey-cryptsetup tool
The zkey-cryptsetup tool is used to validate and re-encipher
secure AES volume keys of volumes encrypted with LUKS2 and
the paes cipher.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
Reviewed-by: Hendrik Brueckner <brueckner@linux.ibm.com>
Signed-off-by: Jan Höppner <hoeppner@linux.ibm.com>
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
---
zkey/Makefile | 12
zkey/pkey.c | 158 +++
zkey/pkey.h | 7
zkey/zkey-cryptsetup.c | 2270 +++++++++++++++++++++++++++++++++++++++++++++++++
4 files changed, 2444 insertions(+), 3 deletions(-)
--- a/zkey/Makefile
+++ b/zkey/Makefile
@@ -18,9 +18,8 @@ check_dep:
"HAVE_OPENSSL=0")
CPPFLAGS += -I../include
-LDLIBS += -ldl -lcrypto
-all: check_dep zkey
+all: check_dep zkey zkey-cryptsetup
libs = $(rootdir)/libutil/libutil.a
@@ -28,12 +27,19 @@ zkey.o: zkey.c pkey.h misc.h
pkey.o: pkey.c pkey.h
properties.o: properties.c properties.h
keystore.o: keystore.c keystore.h properties.h
+zkey-cryptsetup.o: zkey-cryptsetup.c pkey.h misc.h
+zkey: LDLIBS = -ldl -lcrypto
zkey: zkey.o pkey.o properties.o keystore.o $(libs)
+zkey-cryptsetup: LDLIBS = -ldl -lcryptsetup -ljson-c
+zkey-cryptsetup: zkey-cryptsetup.o pkey.o $(libs)
+
+
install: all
$(INSTALL) -d -m 755 $(DESTDIR)$(USRBINDIR)
$(INSTALL) -g $(GROUP) -o $(OWNER) -m 755 zkey $(DESTDIR)$(USRBINDIR)
+ $(INSTALL) -g $(GROUP) -o $(OWNER) -m 755 zkey-cryptsetup $(DESTDIR)$(USRBINDIR)
$(INSTALL) -d -m 755 $(DESTDIR)$(MANDIR)/man1
$(INSTALL) -m 644 -c zkey.1 $(DESTDIR)$(MANDIR)/man1
$(INSTALL) -d -m 770 $(DESTDIR)$(SYSCONFDIR)/zkey
@@ -42,6 +48,6 @@ install: all
endif
clean:
- rm -f *.o zkey
+ rm -f *.o zkey zkey-cryptsetup
.PHONY: all install clean
--- a/zkey/pkey.c
+++ b/zkey/pkey.c
@@ -11,11 +11,13 @@
#include <err.h>
#include <errno.h>
#include <fcntl.h>
+#include <linux/if_alg.h>
#include <stdbool.h>
#include <string.h>
#include <stdint.h>
#include <sys/ioctl.h>
#include <sys/stat.h>
+#include <sys/socket.h>
#include <sys/types.h>
#include <unistd.h>
@@ -25,6 +27,12 @@
#include "pkey.h"
+#ifndef AF_ALG
+#define AF_ALG 38
+#endif
+#ifndef SOL_ALG
+#define SOL_ALG 279
+#endif
#define pr_verbose(verbose, fmt...) do { \
if (verbose) \
@@ -34,6 +42,8 @@
#define DOUBLE_KEYSIZE_FOR_XTS(keysize, xts) ((xts) ? 2 * (keysize) : (keysize))
#define HALF_KEYSIZE_FOR_XTS(keysize, xts) ((xts) ? (keysize) / 2 : (keysize))
+#define MAX_CIPHER_LEN 32
+
/*
* Definitions for the CCA library
*/
@@ -367,6 +377,8 @@ int generate_secure_key_random(int pkey_
if (rc < 0) {
rc = -errno;
warnx("Failed to generate a secure key: %s", strerror(errno));
+ warnx("Make sure that all available CCA crypto adapters are "
+ "setup with the same master key");
goto out;
}
@@ -378,6 +390,8 @@ int generate_secure_key_random(int pkey_
rc = -errno;
warnx("Failed to generate a secure key: %s",
strerror(errno));
+ warnx("Make sure that all available CCA crypto "
+ "adapters are setup with the same master key");
goto out;
}
@@ -465,6 +479,8 @@ int generate_secure_key_clear(int pkey_f
rc = -errno;
warnx("Failed to generate a secure key from a "
"clear key: %s", strerror(errno));
+ warnx("Make sure that all available CCA crypto adapters are "
+ "setup with the same master key");
goto out;
}
@@ -479,6 +495,8 @@ int generate_secure_key_clear(int pkey_f
rc = -errno;
warnx("Failed to generate a secure key from "
"a clear key: %s", strerror(errno));
+ warnx("Make sure that all available CCA crypto "
+ "adapters are setup with the same master key");
goto out;
}
@@ -746,3 +764,143 @@ int validate_secure_key(int pkey_fd,
return 0;
}
+
+/**
+ * Generate a key verification pattern of a secure key by encrypting the all
+ * zero message with the secure key using the AF_ALG interface
+ *
+ * @param[in] key the secure key token
+ * @param[in] key_size the size of the secure key
+ * @param[in] vp buffer where the verification pattern is returned
+ * @param[in] vp_len the size of the buffer
+ * @param[in] verbose if true, verbose messages are printed
+ *
+ * @returns 0 on success, a negative errno in case of an error
+ */
+int generate_key_verification_pattern(const char *key, size_t key_size,
+ char *vp, size_t vp_len, bool verbose)
+{
+ int tfmfd = -1, opfd = -1, rc = 0;
+ char null_msg[ENC_ZERO_LEN];
+ char enc_zero[ENC_ZERO_LEN];
+ struct af_alg_iv *alg_iv;
+ struct cmsghdr *header;
+ uint32_t *type;
+ ssize_t len;
+ size_t i;
+
+ struct sockaddr_alg sa = {
+ .salg_family = AF_ALG,
+ .salg_type = "skcipher",
+ };
+ struct iovec iov = {
+ .iov_base = (void *)null_msg,
+ .iov_len = sizeof(null_msg),
+ };
+ int iv_msg_size = CMSG_SPACE(sizeof(*alg_iv) + PAES_BLOCK_SIZE);
+ char buffer[CMSG_SPACE(sizeof(*type)) + iv_msg_size];
+ struct msghdr msg = {
+ .msg_control = buffer,
+ .msg_controllen = sizeof(buffer),
+ .msg_iov = &iov,
+ .msg_iovlen = 1,
+ };
+
+ if (vp_len < VERIFICATION_PATTERN_LEN) {
+ rc = -EMSGSIZE;
+ goto out;
+ }
+
+ snprintf((char *)sa.salg_name, sizeof(sa.salg_name), "%s(paes)",
+ key_size > SECURE_KEY_SIZE ? "xts" : "cbc");
+
+ tfmfd = socket(AF_ALG, SOCK_SEQPACKET, 0);
+ if (tfmfd < 0) {
+ rc = -errno;
+ pr_verbose(verbose, "Failed to open an AF_ALG socket");
+ goto out;
+ }
+
+ if (bind(tfmfd, (struct sockaddr *)&sa, sizeof(sa)) < 0) {
+ rc = -errno;
+ pr_verbose(verbose, "Failed to bind the AF_ALG socket, "
+ "salg_name='%s' ", sa.salg_name);
+ goto out;
+ }
+
+ if (setsockopt(tfmfd, SOL_ALG, ALG_SET_KEY, key,
+ key_size) < 0) {
+ rc = -errno;
+ pr_verbose(verbose, "Failed to set the key");
+ goto out;
+ }
+
+ opfd = accept(tfmfd, NULL, 0);
+ if (opfd < 0) {
+ rc = -errno;
+ pr_verbose(verbose, "Failed to accept on the AF_ALG socket");
+ goto out;
+ }
+
+ memset(null_msg, 0, sizeof(null_msg));
+ memset(buffer, 0, sizeof(buffer));
+
+ header = CMSG_FIRSTHDR(&msg);
+ if (header == NULL) {
+ pr_verbose(verbose, "Failed to obtain control message header");
+ rc = -EINVAL;
+ goto out;
+ }
+
+ header->cmsg_level = SOL_ALG;
+ header->cmsg_type = ALG_SET_OP;
+ header->cmsg_len = CMSG_LEN(sizeof(*type));
+ type = (void *)CMSG_DATA(header);
+ *type = ALG_OP_ENCRYPT;
+
+ header = CMSG_NXTHDR(&msg, header);
+ if (header == NULL) {
+ pr_verbose(verbose, "Failed to obtain control message "
+ "header");
+ rc = -EINVAL;
+ goto out;
+ }
+ header->cmsg_level = SOL_ALG;
+ header->cmsg_type = ALG_SET_IV;
+ header->cmsg_len = iv_msg_size;
+ alg_iv = (void *)CMSG_DATA(header);
+ alg_iv->ivlen = PAES_BLOCK_SIZE;
+ memcpy(alg_iv->iv, null_msg, PAES_BLOCK_SIZE);
+
+ len = sendmsg(opfd, &msg, 0);
+ if (len != ENC_ZERO_LEN) {
+ pr_verbose(verbose, "Failed to send to the AF_ALG socket");
+ rc = -errno;
+ goto out;
+ }
+
+ len = read(opfd, enc_zero, sizeof(enc_zero));
+ if (len != ENC_ZERO_LEN) {
+ pr_verbose(verbose, "Failed to receive from the AF_ALG socket");
+ rc = -errno;
+ goto out;
+ }
+
+ memset(vp, 0, vp_len);
+ for (i = 0; i < sizeof(enc_zero); i++)
+ sprintf(&vp[i * 2], "%02x", enc_zero[i]);
+
+ pr_verbose(verbose, "Key verification pattern: %s", vp);
+
+out:
+ if (opfd != -1)
+ close(opfd);
+ if (tfmfd != -1)
+ close(tfmfd);
+
+ if (rc != 0)
+ pr_verbose(verbose, "Failed to generate the key verification "
+ "pattern: %s", strerror(-rc));
+
+ return rc;
+}
--- a/zkey/pkey.h
+++ b/zkey/pkey.h
@@ -93,6 +93,10 @@ typedef void (*t_CSNBKTC)(long *return_c
unsigned char *rule_array,
unsigned char *key_identifier);
+#define PAES_BLOCK_SIZE 16
+#define ENC_ZERO_LEN (2 * PAES_BLOCK_SIZE)
+#define VERIFICATION_PATTERN_LEN (2 * ENC_ZERO_LEN + 1)
+
int load_cca_library(void **lib_csulcca, t_CSNBKTC *dll_CSNBKTC, bool verbose);
int open_pkey_device(bool verbose);
@@ -122,4 +126,7 @@ int key_token_change(t_CSNBKTC dll_CSNBK
u8 *secure_key, unsigned int secure_key_size,
char *method, bool verbose);
+int generate_key_verification_pattern(const char *key, size_t key_size,
+ char *vp, size_t vp_len, bool verbose);
+
#endif
--- /dev/null
+++ b/zkey/zkey-cryptsetup.c
@@ -0,0 +1,2270 @@
+/*
+ * zkey-cryptsetup - Re-encipher or validate volume keys of volumes
+ * encrypted with LUKS2 and the paes cipher.
+ *
+ * Copyright IBM Corp. 2018
+ *
+ * s390-tools is free software; you can redistribute it and/or modify
+ * it under the terms of the MIT license. See LICENSE for details.
+ */
+
+#define _LARGEFILE64_SOURCE
+
+#include <ctype.h>
+#include <dlfcn.h>
+#include <err.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <signal.h>
+#include <stdbool.h>
+#include <stdint.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <termios.h>
+
+#include <libcryptsetup.h>
+#include <json-c/json.h>
+
+#include "lib/util_base.h"
+#include "lib/util_libc.h"
+#include "lib/util_opt.h"
+#include "lib/util_panic.h"
+#include "lib/util_prg.h"
+#include "lib/zt_common.h"
+
+#include "misc.h"
+#include "pkey.h"
+
+#define MAX_KEY_SIZE (8 * 1024 * 1024)
+#define MAX_PASSWORD_SIZE 512
+#define KEYFILE_BUFLEN 4096
+#define SEEK_BUFLEN 4096
+
+#define PAES_VP_TOKEN_NAME "paes-verification-pattern"
+#define PAES_VP_TOKEN_VP "verification-pattern"
+
+#define PAES_REENC_TOKEN_NAME "paes-reencipher"
+#define PAES_REENC_TOKEN_VP "verification-pattern"
+#define PAES_REENC_TOKEN_ORG_SLOT "original-keyslot"
+#define PAES_REENC_TOKEN_UNB_SLOT "unbound-keyslot"
+
+struct reencipher_token {
+ char verification_pattern[VERIFICATION_PATTERN_LEN];
+ unsigned int original_keyslot;
+ unsigned int unbound_keyslot;
+};
+
+struct vp_token {
+ char verification_pattern[VERIFICATION_PATTERN_LEN];
+};
+
+__attribute__ ((unused))
+static void misc_print_required_parms(const char *parm_name1,
+ const char *parm_name2);
+
+/*
+ * Program configuration
+ */
+const struct util_prg prg = {
+ .desc = "Manage secure volume keys of volumes encrypted with LUKS2 and "
+ "the 'paes' cipher",
+ .command_args = "COMMAND DEVICE",
+ .args = "",
+ .copyright_vec = {
+ {
+ .owner = "IBM Corp.",
+ .pub_first = 2018,
+ .pub_last = 2018,
+ },
+ UTIL_PRG_COPYRIGHT_END
+ }
+};
+
+/*
+ * Global variables for program options
+ */
+static struct zkey_cryptsetup_globals {
+ char *pos_arg;
+ char *keyfile;
+ long long keyfile_offset;
+ long long keyfile_size;
+ long long tries;
+ bool complete;
+ bool inplace;
+ bool staged;
+ char *master_key_file;
+ bool debug;
+ bool verbose;
+ void *lib_csulcca;
+ t_CSNBKTC dll_CSNBKTC;
+ int pkey_fd;
+ struct crypt_device *cd;
+} g = {
+ .tries = 3,
+ .pkey_fd = -1,
+};
+
+/*
+ * Available commands
+ */
+#define COMMAND_REENCIPHER "reencipher"
+#define COMMAND_VALIDATE "validate"
+#define COMMAND_SETVP "setvp"
+#define COMMAND_SETKEY "setkey"
+
+#define ZKEY_CRYPTSETUP_COMMAND_MAX_LEN 10
+
+/*
+ * These options are exactly the same as for the cryptsetup tool
+ */
+#define OPT_PASSPHRASE_ENTRY(cmd) \
+{ \
+ .option = {"key-file", required_argument, NULL, 'd'}, \
+ .argument = "FILE-NAME", \
+ .desc = "Read the passphrase from the specified file", \
+ .command = cmd, \
+}, \
+{ \
+ .option = {"keyfile-offset", required_argument, NULL, 'o'}, \
+ .argument = "BYTES", \
+ .desc = "Specifies the number of bytes to skip in the file " \
+ "specified with option '--key-file'|'-d'", \
+ .command = cmd, \
+}, \
+{ \
+ .option = {"keyfile-size", required_argument, NULL, 'l'}, \
+ .argument = "BYTES", \
+ .desc = "Specifies the number of bytes to read from the file " \
+ "specified with option '--key-file'|'-d'", \
+ .command = cmd, \
+}, \
+{ \
+ .option = {"tries", required_argument, NULL, 'T'}, \
+ .argument = "NUMBER", \
+ .desc = "Specifies how often the interactive input of the " \
+ "passphrase can be retried", \
+ .command = cmd, \
+}
+
+/*
+ * Configuration of command line options
+ */
+static struct util_opt opt_vec[] = {
+ /***********************************************************/
+ {
+ .flags = UTIL_OPT_FLAG_SECTION,
+ .desc = "OPTIONS",
+ .command = COMMAND_REENCIPHER,
+ },
+ {
+ .option = {"staged", 0, NULL, 's'},
+ .desc = "Forces that the re-enciphering of a secure volume "
+ "key in the LUKS2 header is performed in staged mode",
+ .command = COMMAND_REENCIPHER,
+ },
+ {
+ .option = {"in-place", 0, NULL, 'i'},
+ .desc = "Forces an in-place re-enciphering of a secure volume "
+ "key in the LUKS2 header",
+ .command = COMMAND_REENCIPHER,
+ },
+ {
+ .option = {"complete", 0, NULL, 'c'},
+ .desc = "Completes a staged re-enciphering. Use this option "
+ "after the new CCA master key has been set (made "
+ "active)",
+ .command = COMMAND_REENCIPHER,
+ },
+ OPT_PASSPHRASE_ENTRY(COMMAND_REENCIPHER),
+ /***********************************************************/
+ {
+ .flags = UTIL_OPT_FLAG_SECTION,
+ .desc = "OPTIONS",
+ .command = COMMAND_VALIDATE,
+ },
+ OPT_PASSPHRASE_ENTRY(COMMAND_VALIDATE),
+ /***********************************************************/
+ {
+ .flags = UTIL_OPT_FLAG_SECTION,
+ .desc = "OPTIONS",
+ .command = COMMAND_SETVP,
+ },
+ OPT_PASSPHRASE_ENTRY(COMMAND_SETVP),
+ /***********************************************************/
+ {
+ .flags = UTIL_OPT_FLAG_SECTION,
+ .desc = "OPTIONS",
+ .command = COMMAND_SETKEY,
+ },
+ {
+ .option = {"master-key-file", required_argument, NULL, 'm'},
+ .argument = "FILE-NAME",
+ .desc = "Specifies the name of a file containing the secure "
+ "AES key that is set as new volume key",
+ .command = COMMAND_SETKEY,
+ },
+ OPT_PASSPHRASE_ENTRY(COMMAND_SETKEY),
+ /***********************************************************/
+ {
+ .flags = UTIL_OPT_FLAG_SECTION,
+ .desc = "COMMON OPTIONS"
+ },
+ {
+ .option = {"debug", 0, NULL, 'D'},
+ .desc = "Print additional debugging messages during "
+ "processing",
+ },
+ {
+ .option = {"verbose", 0, NULL, 'V'},
+ .desc = "Print additional information messages during "
+ "processing",
+ },
+ UTIL_OPT_HELP,
+ UTIL_OPT_VERSION,
+ UTIL_OPT_END
+};
+
+#define ZKEY_CRYPTSETUP_COMMAND_STR_LEN 80
+
+/*
+ * Table of supported commands
+ */
+struct zkey_cryptsetup_command {
+ char *command;
+ unsigned int abbrev_len;
+ int (*function)(void);
+ int need_cca_library;
+ int need_pkey_device;
+ char *short_desc;
+ char *long_desc;
+ int has_options;
+ char *pos_arg;
+ int open_device;
+};
+
+static int command_reencipher(void);
+static int command_validate(void);
+static int command_setvp(void);
+static int command_setkey(void);
+
+static struct zkey_cryptsetup_command zkey_cryptsetup_commands[] = {
+ {
+ .command = COMMAND_REENCIPHER,
+ .abbrev_len = 2,
+ .function = command_reencipher,
+ .need_cca_library = 1,
+ .need_pkey_device = 1,
+ .short_desc = "Re-encipher a secure volume key",
+ .long_desc = "Re-encipher a secure volume key of a volume "
+ "encrypted with LUKS2 and the 'paes' cipher",
+ .has_options = 1,
+ .pos_arg = "DEVICE",
+ .open_device = 1,
+ },
+ {
+ .command = COMMAND_VALIDATE,
+ .abbrev_len = 3,
+ .function = command_validate,
+ .need_pkey_device = 1,
+ .short_desc = "Validate a secure volume key",
+ .long_desc = "Validate a secure volume key of a volume "
+ "encrypted with LUKS2 and the 'paes' cipher",
+ .has_options = 1,
+ .pos_arg = "DEVICE",
+ .open_device = 1,
+ },
+ {
+ .command = COMMAND_SETVP,
+ .abbrev_len = 4,
+ .function = command_setvp,
+ .need_pkey_device = 1,
+ .short_desc = "Set a verification pattern of the secure volume "
+ "key",
+ .long_desc = "Set a verification pattern of the secure AES "
+ "volume key of a volume encrypted with LUKS2 and "
+ "the 'paes' cipher",
+ .has_options = 1,
+ .pos_arg = "DEVICE",
+ .open_device = 1,
+ },
+ {
+ .command = COMMAND_SETKEY,
+ .abbrev_len = 4,
+ .function = command_setkey,
+ .need_pkey_device = 1,
+ .short_desc = "Set a new secure volume key",
+ .long_desc = "Set a new secure AES volume key for a volume "
+ "encrypted with LUKS2 and the 'paes' cipher",
+ .has_options = 1,
+ .pos_arg = "DEVICE",
+ .open_device = 1,
+ },
+ { .command = NULL }
+};
+
+#define pr_verbose(fmt...) do { \
+ if (g.verbose) \
+ warnx(fmt); \
+ } while (0)
+
+static volatile int quit;
+
+/*
+ * Signal handler for SIGINT and SIGTERM
+ */
+static void int_handler(int sig __attribute__((__unused__)))
+{
+ quit++;
+}
+
+/*
+ * Install signal handler for SIGINT and SIGTERM
+ */
+static void set_int_handler(void)
+{
+ struct sigaction sigaction_open;
+
+ pr_verbose("Installing SIGINT/SIGTERM handler");
+ memset(&sigaction_open, 0, sizeof(struct sigaction));
+ sigaction_open.sa_handler = int_handler;
+ sigaction(SIGINT, &sigaction_open, 0);
+ sigaction(SIGTERM, &sigaction_open, 0);
+}
+
+static void print_usage_command(const struct zkey_cryptsetup_command *command)
+{
+ char command_str[ZKEY_CRYPTSETUP_COMMAND_STR_LEN];
+ unsigned int i;
+
+ strncpy(command_str, command->command, sizeof(command_str) - 1);
+ for (i = 0; i < command->abbrev_len; i++)
+ command_str[i] = toupper(command_str[i]);
+
+ printf("Usage: %s %s",
+ program_invocation_short_name, command_str);
+ if (command->pos_arg != NULL)
+ printf(" %s", command->pos_arg);
+ if (command->has_options)
+ printf(" [OPTIONS]");
+ if (prg.args)
+ printf(" %s", prg.args);
+ printf("\n\n");
+ util_print_indented(command->long_desc, 0);
+
+ if (command->has_options)
+ printf("\n");
+}
+
+static void print_usage_command_list(void)
+{
+ struct zkey_cryptsetup_command *cmd = zkey_cryptsetup_commands;
+ char command_str[ZKEY_CRYPTSETUP_COMMAND_STR_LEN];
+ unsigned int i;
+
+ util_prg_print_help();
+
+ printf("COMMANDS\n");
+ while (cmd->command) {
+ strcpy(command_str, cmd->command);
+ for (i = 0; i < cmd->abbrev_len; i++)
+ command_str[i] = toupper(command_str[i]);
+ printf(" %-*s %s\n", ZKEY_CRYPTSETUP_COMMAND_MAX_LEN,
+ command_str, cmd->short_desc);
+ cmd++;
+ }
+ printf("\n");
+}
+
+/*
+ * --help printout
+ */
+static void print_help(const struct zkey_cryptsetup_command *command)
+{
+ /* Print usage */
+ if (!command)
+ print_usage_command_list();
+ else
+ print_usage_command(command);
+
+ /* Print parameter help */
+ util_opt_print_help();
+
+ if (!command) {
+ printf("\n");
+ printf("For more information use '%s COMMAND --help'.\n",
+ program_invocation_short_name);
+ }
+}
+
+/*
+ * Log function called from libcryptsetup routines when debugging is enabled
+ */
+static void cryptsetup_log(int level, const char *msg,
+ void *usrptr __attribute__((unused)))
+{
+ switch (level) {
+ case CRYPT_LOG_NORMAL:
+ fputs(msg, stdout);
+ break;
+ case CRYPT_LOG_VERBOSE:
+ if (g.verbose)
+ fputs(msg, stdout);
+ break;
+ case CRYPT_LOG_ERROR:
+ fprintf(stderr, "%s: %s", program_invocation_short_name, msg);
+ break;
+ case CRYPT_LOG_DEBUG:
+ fprintf(stderr, "%s: # %s", program_invocation_short_name, msg);
+ break;
+ default:
+ warnx("Internal error on logging class for msg: %s", msg);
+ break;
+ }
+}
+
+static void secure_free(void *area, size_t size)
+{
+ if (area == NULL)
+ return;
+
+ memset(area, 0, size);
+ free(area);
+}
+
+/*
+ * Seek a number of bytes in a file.
+ *
+ * A simple call to lseek(3) might not be possible for some inputs (e.g.
+ * reading from a pipe), so this function instead reads of up to 4K bytes
+ * at a time until the specified number of bytes. It returns -1 on read error
+ * or when it reaches EOF before the requested number of bytes have been
+ * discarded.
+ */
+static int keyfile_seek(int fd, size_t bytes)
+{
+ size_t next_read;
+ ssize_t bytes_r;
+ off64_t r;
+ char *tmp;
+
+ r = lseek64(fd, bytes, SEEK_CUR);
+ if (r > 0)
+ return 0;
+ if (r < 0 && errno != ESPIPE)
+ return -1;
+
+ tmp = util_malloc(SEEK_BUFLEN);
+ while (bytes > 0) {
+ next_read = bytes > SEEK_BUFLEN ? SEEK_BUFLEN : (size_t)bytes;
+
+ bytes_r = read(fd, tmp, next_read);
+ if (bytes_r < 0) {
+ if (errno == EINTR)
+ continue;
+ secure_free(tmp, SEEK_BUFLEN);
+ return -1;
+ }
+
+ if (bytes_r == 0)
+ break;
+
+ bytes -= bytes_r;
+ }
+
+ secure_free(tmp, SEEK_BUFLEN);
+ return bytes == 0 ? 0 : -1;
+}
+
+/*
+ * Read data from fd into the specified buffer
+ */
+static ssize_t keyfile_read(int fd, void *buf, size_t length)
+{
+ size_t read_size = 0;
+ ssize_t r;
+
+ if (fd < 0 || buf == NULL)
+ return -EINVAL;
+
+ do {
+ r = read(fd, buf, length - read_size);
+ if (r == -1 && errno != EINTR)
+ return r;
+ if (r == 0)
+ return (ssize_t)read_size;
+ if (r > 0) {
+ read_size += (size_t)r;
+ buf = (char *)buf + r;
+ }
+ } while (read_size != length);
+
+ return (ssize_t)length;
+}
+
+/*
+ * Prompt for the password
+ */
+static int get_password_interactive(const char *prompt, char **pwd,
+ size_t *pwd_size)
+{
+ struct termios orig, tmp;
+ int infd, outfd, rc = 0;
+ char *pass;
+ int num;
+
+ pass = calloc(MAX_PASSWORD_SIZE + 1, 1);
+ if (pass == NULL) {
+ warnx("Out of memory while reading passphrase");
+ return -ENOMEM;
+ }
+
+ infd = open("/dev/tty", O_RDWR);
+ if (infd == -1) {
+ infd = STDIN_FILENO;
+ outfd = STDERR_FILENO;
+ } else {
+ outfd = infd;
+ }
+
+ if (prompt != NULL) {
+ if (write(outfd, prompt, strlen(prompt)) < 0) {
+ rc = -errno;
+ warnx("Failed to write prompt: %s", strerror(-rc));
+ goto out_err;
+ }
+ }
+
+ rc = tcgetattr(infd, &orig);
+ if (rc != 0) {
+ rc = -errno;
+ warnx("Failed to get terminal attributes: %s", strerror(-rc));
+ goto out_err;
+ }
+
+ memcpy(&tmp, &orig, sizeof(tmp));
+ tmp.c_lflag &= ~ECHO;
+
+ rc = tcsetattr(infd, TCSAFLUSH, &tmp);
+ if (rc != 0) {
+ rc = -errno;
+ warnx("Failed to set terminal attributes: %s", strerror(-rc));
+ goto out_err;
+ }
+
+ quit = 0;
+ num = read(infd, pass, MAX_PASSWORD_SIZE);
+ if (num > 0)
+ pass[num - 1] = '\0';
+ else if (num == 0)
+ *pass = '\0';
+
+ if (quit) {
+ printf("\n");
+ num = -1;
+ pr_verbose("Password entry aborted by user");
+ }
+
+ rc = tcsetattr(infd, TCSAFLUSH, &orig);
+ if (rc != 0) {
+ rc = -errno;
+ warnx("Failed to set terminal attributes: %s", strerror(-rc));
+ goto out_err;
+ }
+
+ if (num < 0) {
+ warnx("Failed to read the password");
+ rc = -EIO;
+ goto out_err;
+ }
+
+ *pwd = pass;
+ *pwd_size = strlen(pass);
+ rc = 0;
+
+out_err:
+ if (rc != 0)
+ secure_free(pass, MAX_PASSWORD_SIZE + 1);
+ else
+ write(outfd, "\n", 1);
+
+ if (infd != STDIN_FILENO)
+ close(infd);
+
+ return rc;
+}
+
+/*
+ * Read the password from the key file
+ */
+static int get_password_file(char **pwd, size_t *pwd_size, const char *key_file,
+ size_t keyfile_offset, size_t key_size,
+ int stop_at_eol)
+{
+ int unlimited_read = 0;
+ size_t file_read_size;
+ int regular_file = 0;
+ int char_to_read = 0;
+ int fd, rc, newline;
+ char *pass = NULL;
+ int char_read = 0;
+ size_t buflen, i;
+ struct stat sb;
+
+ fd = key_file ? open(key_file, O_RDONLY) : STDIN_FILENO;
+ if (fd < 0) {
+ rc = -errno;
+ warnx("Failed to open key file '%s': %s", key_file,
+ strerror(-rc));
+ return rc;
+ }
+
+ if (isatty(fd)) {
+ warnx("Cannot read key file from a terminal");
+ rc = -EINVAL;
+ goto out_err;
+ }
+
+ if (key_size == 0) {
+ key_size = MAX_KEY_SIZE + 1;
+ unlimited_read = 1;
+ buflen = KEYFILE_BUFLEN;
+ } else
+ buflen = key_size;
+
+ if (key_file) {
+ rc = stat(key_file, &sb);
+ if (rc != 0) {
+ warnx("Failed to stat key file '%s': %s", key_file,
+ strerror(-rc));
+ goto out_err;
+ }
+ if (S_ISREG(sb.st_mode)) {
+ regular_file = 1;
+ file_read_size = sb.st_size;
+
+ if (keyfile_offset > file_read_size) {
+ warnx("Cannot seek to requested key file "
+ "offset %lu", keyfile_offset);
+ goto out_err;
+ }
+ file_read_size -= keyfile_offset;
+
+ if (file_read_size >= key_size)
+ buflen = key_size;
+ else if (file_read_size)
+ buflen = file_read_size;
+ }
+ }
+
+ pass = calloc(buflen, 1);
+ if (pass == NULL) {
+ warnx("Out of memory while reading passphrase");
+ rc = -ENOMEM;
+ goto out_err;
+ }
+
+ if (keyfile_offset && keyfile_seek(fd, keyfile_offset) < 0) {
+ warnx("Cannot seek to requested key file offset %lu",
+ keyfile_offset);
+ goto out_err;
+ }
+
+ for (i = 0, newline = 0; i < key_size; i += char_read) {
+ if (i == buflen) {
+ buflen += 4096;
+ pass = realloc(pass, buflen);
+ if (pass == NULL) {
+ warnx("Out of memory while reading passphrase");
+ rc = -ENOMEM;
+ goto out_err;
+ }
+ }
+
+ if (stop_at_eol)
+ char_to_read = 1;
+ else
+ char_to_read = key_size < buflen ?
+ key_size - i : buflen - i;
+
+ char_read = keyfile_read(fd, &pass[i], char_to_read);
+ if (char_read < 0) {
+ warnx("Error reading passphrase");
+ rc = -EPIPE;
+ goto out_err;
+ }
+
+ if (char_read == 0)
+ break;
+
+ if (stop_at_eol && pass[i] == '\n') {
+ newline = 1;
+ pass[i] = '\0';
+ break;
+ }
+ }
+
+ if (!i && !regular_file && !newline) {
+ warnx("Nothing read on input");
+ rc = -EPIPE;
+ goto out_err;
+ }
+
+ if (unlimited_read && i == key_size) {
+ warnx("Maximum key size exceeded");
+ rc = -EINVAL;
+ goto out_err;
+ }
+
+ if (!unlimited_read && i != key_size) {
+ warnx("Cannot read requested amount of data");
+ rc = -EINVAL;
+ goto out_err;
+ }
+
+ *pwd = pass;
+ *pwd_size = i;
+ rc = 0;
+
+out_err:
+ if (fd != STDIN_FILENO)
+ close(fd);
+ if (rc != 0)
+ secure_free(pass, buflen);
+
+ return rc;
+}
+
+/*
+ * Check if the specfied file name denotes stdin
+ */
+static bool is_stdin(const char *file_name)
+{
+ if (file_name == NULL)
+ return true;
+
+ return strcmp(file_name, "-") ? false : true;
+}
+
+/*
+ * Prompt for the password or read the password from the keyfile.
+ */
+static int get_password(const char *prompt, char **pwd, size_t *pwd_size,
+ const char *key_file, size_t keyfile_offset,
+ size_t keyfile_size)
+{
+ int rc;
+
+ if (is_stdin(key_file)) {
+ if (isatty(STDIN_FILENO)) {
+ if (keyfile_offset) {
+ warnx("Cannot use option --keyfile-offset with "
+ "terminal input");
+ return -EINVAL;
+ }
+ if (keyfile_size) {
+ warnx("Cannot use option --keyfile-size with "
+ "terminal input");
+ return -EINVAL;
+ }
+
+ rc = get_password_interactive(prompt, pwd, pwd_size);
+ } else {
+ rc = get_password_file(pwd, pwd_size, NULL,
+ keyfile_offset, keyfile_size,
+ key_file == NULL);
+ }
+ } else {
+ rc = get_password_file(pwd, pwd_size, key_file,
+ keyfile_offset, keyfile_size, 0);
+ }
+
+ return rc;
+}
+static int ensure_is_active_keylot(int keyslot)
+{
+ crypt_keyslot_info info;
+
+ info = crypt_keyslot_status(g.cd, keyslot);
+ if (info != CRYPT_SLOT_ACTIVE && info != CRYPT_SLOT_ACTIVE_LAST) {
+ warnx("Keyslot %d is not a valid key slot", keyslot);
+ return -EINVAL;
+ }
+
+ return 0;
+}
+
+static int ensure_is_unbound_keylot(int keyslot)
+{
+ crypt_keyslot_info info;
+
+ info = crypt_keyslot_status(g.cd, keyslot);
+ if (info != CRYPT_SLOT_UNBOUND) {
+ warnx("Key slot %d is not an unbound key slot", keyslot);
+ return -EINVAL;
+ }
+
+ return 0;
+}
+
+/*
+ * Returns the token number of the token of the specified name if found,
+ * -1 otherwise.
+ */
+static int find_token(struct crypt_device *cd, const char *name)
+{
+ crypt_token_info info;
+ const char *type;
+ int i;
+
+ for (i = 0; ; i++) {
+ info = crypt_token_status(cd, i, &type);
+ if (info == CRYPT_TOKEN_INVALID)
+ break;
+ if (info == CRYPT_TOKEN_INACTIVE)
+ continue;
+
+ if (strcmp(type, name) != 0)
+ continue;
+
+ pr_verbose("'%s' token found at slot %d", name, i);
+ return i;
+ }
+
+ pr_verbose("'%s' token not found", name);
+ return -1;
+}
+
+/*
+ * Validate the reencipher token
+ */
+static int validate_reencipher_token(struct reencipher_token *tok)
+{
+ int rc;
+
+ rc = ensure_is_unbound_keylot(tok->unbound_keyslot);
+ if (rc != 0)
+ return rc;
+
+ rc = ensure_is_active_keylot(tok->original_keyslot);
+ if (rc != 0)
+ return rc;
+
+ pr_verbose("The re-encipher token has been validated");
+
+ return 0;
+}
+
+static int get_token(struct crypt_device *cd, int token, json_object **obj)
+{
+ const char *json;
+ int rc;
+
+ if (obj == NULL)
+ return -EINVAL;
+
+ rc = crypt_token_json_get(cd, token, &json);
+ if (rc < 0) {
+ warnx("Failed to get re-encipher token %d: %s", token,
+ strerror(-rc));
+ return -rc;
+ }
+
+ *obj = json_tokener_parse(json);
+ if (*obj == NULL) {
+ warnx("Failed to parse JSON");
+ return -EINVAL;
+ }
+
+ return 0;
+}
+
+/*
+ * Reads the re-encipher token from the LUKS2 header
+ */
+static int get_reencipher_token(struct crypt_device *cd, int token,
+ struct reencipher_token *info, bool validate)
+{
+ json_object *jobj_org_keyslot = NULL;
+ json_object *jobj_unb_keyslot = NULL;
+ json_object *json_token = NULL;
+ json_object *jobj_vp = NULL;
+ const char *temp;
+ int rc;
+
+ rc = get_token(cd, token, &json_token);
+ if (rc != 0)
+ return rc;
+
+ if (!json_object_object_get_ex(json_token, PAES_REENC_TOKEN_VP,
+ &jobj_vp)) {
+ warnx("The re-encipher token is incomplete, '%s' is missing",
+ PAES_REENC_TOKEN_VP);
+ rc = -EINVAL;
+ goto out;
+ }
+ temp = json_object_get_string(jobj_vp);
+ if (temp == NULL) {
+ warnx("The re-encipher token is incomplete, '%s' is missing",
+ PAES_REENC_TOKEN_VP);
+ rc = -EINVAL;
+ goto out;
+ }
+ strncpy(info->verification_pattern, temp,
+ sizeof(info->verification_pattern));
+ info->verification_pattern[
+ sizeof(info->verification_pattern) - 1] = '\0';
+
+ if (!json_object_object_get_ex(json_token, PAES_REENC_TOKEN_ORG_SLOT,
+ &jobj_org_keyslot)) {
+ warnx("The re-encipher token is incomplete, '%s' is missing",
+ PAES_REENC_TOKEN_ORG_SLOT);
+ rc = -EINVAL;
+ goto out;
+ }
+ errno = 0;
+ info->original_keyslot = json_object_get_int64(jobj_org_keyslot);
+ if (errno != 0) {
+ warnx("The re-encipher token is incomplete, '%s' is missing",
+ PAES_REENC_TOKEN_ORG_SLOT);
+ rc = -EINVAL;
+ goto out;
+ }
+
+ if (!json_object_object_get_ex(json_token, PAES_REENC_TOKEN_UNB_SLOT,
+ &jobj_unb_keyslot)) {
+ warnx("The re-encipher token is incomplete, '%s' is missing",
+ PAES_REENC_TOKEN_UNB_SLOT);
+ rc = -EINVAL;
+ goto out;
+ }
+ errno = 0;
+ info->unbound_keyslot = json_object_get_int64(jobj_unb_keyslot);
+ if (errno != 0) {
+ warnx("The re-encipher token is incomplete, '%s' is missing",
+ PAES_REENC_TOKEN_UNB_SLOT);
+ rc = -EINVAL;
+ goto out;
+ }
+
+ pr_verbose("Re-encipher token: original-keyslot: %d, unbound-keyslot: "
+ "%d, verification-pattern: %s", info->original_keyslot,
+ info->unbound_keyslot, info->verification_pattern);
+
+ rc = 0;
+
+ if (validate)
+ rc = validate_reencipher_token(info);
+
+out:
+ if (json_token != NULL)
+ json_object_put(json_token);
+
+ return rc;
+}
+
+/*
+ * Writes the re-encipher token to the LUKS2 header
+ */
+static int put_reencipher_token(struct crypt_device *cd, int token,
+ struct reencipher_token *info)
+{
+ json_object *jobj, *jobj_keyslots;
+ char temp[20];
+ int rc;
+
+ pr_verbose("Re-encipher token: original-keyslot: %d, unbound-keyslot: "
+ "%d, verification-pattern: %s", info->original_keyslot,
+ info->unbound_keyslot, info->verification_pattern);
+
+ jobj = json_object_new_object();
+ json_object_object_add(jobj, "type",
+ json_object_new_string(PAES_REENC_TOKEN_NAME));
+
+ jobj_keyslots = json_object_new_array();
+ sprintf(temp, "%d", info->unbound_keyslot);
+ json_object_array_add(jobj_keyslots, json_object_new_string(temp));
+ json_object_object_add(jobj, "keyslots", jobj_keyslots);
+
+ json_object_object_add(jobj, PAES_REENC_TOKEN_VP,
+ json_object_new_string(
+ info->verification_pattern));
+ json_object_object_add(jobj, PAES_REENC_TOKEN_ORG_SLOT,
+ json_object_new_int64(info->original_keyslot));
+ json_object_object_add(jobj, PAES_REENC_TOKEN_UNB_SLOT,
+ json_object_new_int64(info->unbound_keyslot));
+
+ rc = crypt_token_json_set(cd, token >= 0 ? token : CRYPT_ANY_TOKEN,
+ json_object_to_json_string_ext(jobj,
+ JSON_C_TO_STRING_PLAIN));
+
+ if (rc < 0)
+ warnx("Failed to add the re-encipher token to device "
+ "'%s': %s", g.pos_arg, strerror(-rc));
+ else
+ pr_verbose("Re-encipher token put to token slot %d",
+ rc);
+
+ json_object_put(jobj);
+
+ return rc;
+}
+
+
+/*
+ * Reads the verification pattern token from the LUKS2 header
+ */
+static int get_vp_token(struct crypt_device *cd, int token,
+ struct vp_token *info)
+{
+ json_object *json_token = NULL;
+ json_object *jobj_vp = NULL;
+ const char *temp;
+ int rc;
+
+ rc = get_token(cd, token, &json_token);
+ if (rc != 0)
+ return rc;
+
+ if (!json_object_object_get_ex(json_token, PAES_VP_TOKEN_VP,
+ &jobj_vp)) {
+ warnx("The verification-pattern token is incomplete, '%s' is "
+ "missing", PAES_VP_TOKEN_VP);
+ rc = -EINVAL;
+ goto out;
+ }
+ temp = json_object_get_string(jobj_vp);
+ if (temp == NULL) {
+ warnx("The verification-pattern token is incomplete, '%s' is "
+ "missing", PAES_VP_TOKEN_VP);
+ rc = -EINVAL;
+ goto out;
+ }
+ strncpy(info->verification_pattern, temp,
+ sizeof(info->verification_pattern));
+ info->verification_pattern[
+ sizeof(info->verification_pattern) - 1] = '\0';
+
+ pr_verbose("Verification-pattern: %s", info->verification_pattern);
+
+out:
+ if (json_token != NULL)
+ json_object_put(json_token);
+
+ return rc;
+}
+
+/*
+ * Writes the verification pattern token to the LUKS2 header
+ */
+static int put_vp_token(struct crypt_device *cd, int token,
+ struct vp_token *info)
+{
+ json_object *jobj, *jobj_keyslots;
+ int rc;
+
+ pr_verbose("Verification-pattern: %s", info->verification_pattern);
+
+ jobj = json_object_new_object();
+ json_object_object_add(jobj, "type",
+ json_object_new_string(PAES_VP_TOKEN_NAME));
+
+ jobj_keyslots = json_object_new_array();
+ json_object_object_add(jobj, "keyslots", jobj_keyslots);
+
+ json_object_object_add(jobj, PAES_VP_TOKEN_VP,
+ json_object_new_string(
+ info->verification_pattern));
+
+ rc = crypt_token_json_set(cd, token >= 0 ? token : CRYPT_ANY_TOKEN,
+ json_object_to_json_string_ext(jobj,
+ JSON_C_TO_STRING_PLAIN));
+
+ if (rc < 0)
+ warnx("Failed to add the verification-pattern token to device "
+ "'%s': %s", g.pos_arg, strerror(-rc));
+ else
+ pr_verbose("Verification-pattern token put to token slot %d",
+ rc);
+
+ json_object_put(jobj);
+
+ return rc;
+}
+
+/*
+ * Open the LUKS2 device
+ */
+static int open_device(const char *device, struct crypt_device **cd)
+{
+ const struct crypt_pbkdf_type *pbkdf;
+ struct crypt_device *cdev = NULL;
+ int rc;
+
+ rc = crypt_init(&cdev, device);
+ if (rc != 0) {
+ warnx("Failed to open device '%s': %s", device, strerror(-rc));
+ goto out;
+ }
+
+ crypt_set_log_callback(cdev, cryptsetup_log, NULL);
+
+ rc = crypt_load(cdev, CRYPT_LUKS, NULL);
+ if (rc != 0) {
+ warnx("Failed to load the header from device '%s': %s", device,
+ strerror(-rc));
+ goto out;
+ }
+
+ if (strcmp(crypt_get_type(cdev), CRYPT_LUKS2) != 0) {
+ warnx("Device '%s' is not a LUKS2 device", device);
+ rc = -EINVAL;
+ goto out;
+ }
+
+ if (strcmp(crypt_get_cipher(cdev), "paes") != 0) {
+ warnx("Device '%s' is not encrypted using the 'paes' cipher",
+ device);
+ rc = -EINVAL;
+ goto out;
+ }
+
+ pbkdf = crypt_get_pbkdf_type(cdev);
+ rc = crypt_set_pbkdf_type(cdev, pbkdf);
+ if (rc != 0) {
+ warnx("Failed to set the PBKDF-type for device '%s': %s",
+ device, strerror(-rc));
+ goto out;
+ }
+
+ *cd = cdev;
+
+out:
+ if (rc != 0) {
+ if (cdev != NULL)
+ crypt_free(cdev);
+ *cd = NULL;
+ }
+
+ return rc;
+}
+
+/*
+ * Prompts for yes or no. Returns true if 'y' or 'yes' was entered.
+ */
+static bool prompt_for_yes(void)
+{
+ char str[20];
+
+ if (fgets(str, sizeof(str), stdin) == NULL)
+ return false;
+
+ if (str[strlen(str) - 1] == '\n')
+ str[strlen(str) - 1] = '\0';
+ pr_verbose("Prompt reply: '%s'", str);
+ if (strcasecmp(str, "y") == 0 || strcasecmp(str, "yes") == 0)
+ return true;
+
+ return false;
+}
+
+/*
+ * Cleans up a left over re-encipher token and associated unbound keyslot
+ */
+static int cleanup_reencipher_token(int token)
+{
+ struct reencipher_token tok;
+ int rc;
+
+ rc = get_reencipher_token(g.cd, token, &tok, false);
+ if (rc == 0) {
+ if (ensure_is_unbound_keylot(tok.unbound_keyslot) == 0) {
+ rc = crypt_keyslot_destroy(g.cd, tok.unbound_keyslot);
+ if (rc != 0)
+ pr_verbose("Failed to destroy unbound key slot "
+ "%d: %s", tok.unbound_keyslot,
+ strerror(-rc));
+ else
+ pr_verbose("Successfully destroyed unbound key "
+ "slot %d", tok.unbound_keyslot);
+ } else {
+ pr_verbose("Key slot %d is not in unbound state, it is "
+ "not destroyed", tok.unbound_keyslot);
+ }
+ } else {
+ pr_verbose("Failed to get re-encipher token (ignored): %s",
+ strerror(-rc));
+ }
+
+ rc = crypt_token_json_set(g.cd, token, NULL);
+ if (rc < 0)
+ warnx("Failed to remove the re-encipher token: %s",
+ strerror(-rc));
+ else
+ pr_verbose("Successfully removed re-encipher token %d", token);
+
+ return rc;
+}
+
+/*
+ * Activates an unbound key slot and removes the previous key slots
+ */
+static int activate_unbound_keyslot(int token, int keyslot, const char *key,
+ size_t keysize, char *password,
+ size_t password_len, char *complete_msg)
+{
+ crypt_keyslot_info info;
+ int rc, i, n;
+
+ rc = crypt_keyslot_add_by_key(g.cd, keyslot, key, keysize, password,
+ password_len, CRYPT_VOLUME_KEY_SET);
+ if (rc < 0) {
+ warnx("Failed to activate the unbound key slot %d: %s", keyslot,
+ strerror(-rc));
+ return rc;
+ }
+
+ pr_verbose("Unbound key slot %d activated, it is now key slot %d",
+ keyslot, rc);
+ keyslot = rc;
+
+ if (token >= 0) {
+ rc = crypt_token_json_set(g.cd, token, NULL);
+ if (rc < 0) {
+ warnx("Failed remove the re-encipher token %d: %s",
+ token, strerror(-rc));
+ return rc;
+ }
+ }
+
+ if (complete_msg != NULL)
+ util_print_indented(complete_msg, 0);
+ util_print_indented("All key slots containing the old volume key are "
+ "now in unbound state. Do you want to remove "
+ "these key slots?", 0);
+
+ if (!prompt_for_yes())
+ return 0;
+
+ for (i = 0, n = 0; ; i++) {
+ if (i == keyslot)
+ continue;
+
+ info = crypt_keyslot_status(g.cd, i);
+ if (info == CRYPT_SLOT_INVALID)
+ break;
+ if (info <= CRYPT_SLOT_ACTIVE_LAST)
+ continue;
+
+ pr_verbose("Removing now unbound key slot %d", i);
+ rc = crypt_keyslot_destroy(g.cd, i);
+ if (rc < 0) {
+ warnx("Failed to remove previous key slot %d: %s", i,
+ strerror(-rc));
+ }
+
+ n++;
+ }
+
+ if (n > 1) {
+ util_print_indented("\nWARNING: Before re-enciphering, the "
+ "volume's LUKS header had multiple active "
+ "key slots with the same key, but different "
+ "passwords. Use 'cryptsetup luksAddKey' if "
+ "you need more than one key slot.", 0);
+ }
+
+ return rc;
+}
+
+static int check_keysize_and_cipher_mode(size_t keysize)
+{
+ if (keysize == 0) {
+ warnx("Invalid volume key size");
+ return -EINVAL;
+ }
+
+ if (strncmp(crypt_get_cipher_mode(g.cd), "xts", 3) == 0) {
+ if (keysize != 2 * SECURE_KEY_SIZE) {
+ warnx("The volume key size %lu is not valid for the "
+ "cipher mode '%s'", keysize,
+ crypt_get_cipher_mode(g.cd));
+ return -EINVAL;
+ }
+ } else {
+ if (keysize != SECURE_KEY_SIZE) {
+ warnx("The volume key size %lu is not valid for the "
+ "cipher mode '%s'", keysize,
+ crypt_get_cipher_mode(g.cd));
+ return -EINVAL;
+ }
+ }
+
+ return 0;
+}
+
+/*
+ * Open a keyslot and get a secure key from a key slot. Optionally returns the
+ * key and password used to unlock the keyslot. You can either open a specific
+ * key slot, or let it choose based on the password (keyslot=CRYPT_ANY_SLOT).
+ */
+static int open_keyslot(int keyslot, char **key, size_t *keysize,
+ char **password, size_t *password_len,
+ const char *prompt)
+{
+ char *vkey = NULL;
+ char *pw = NULL;
+ long long tries;
+ size_t vkeysize;
+ size_t pw_len;
+ int rc;
+
+ vkeysize = crypt_get_volume_key_size(g.cd);
+ pr_verbose("Volume key size: %lu", vkeysize);
+
+ rc = check_keysize_and_cipher_mode(vkeysize);
+ if (rc != 0)
+ return rc;
+
+ vkey = malloc(vkeysize);
+ if (vkey == NULL) {
+ warnx("Out of memory while allocating a buffer for the volume "
+ "key");
+ return -ENOMEM;
+ }
+
+ tries = (is_stdin(g.keyfile) && isatty(STDIN_FILENO)) ? g.tries : 1;
+ do {
+ if (pw != NULL) {
+ secure_free(pw, pw_len);
+ pw = NULL;
+ }
+
+ rc = get_password(prompt, &pw, &pw_len, g.keyfile,
+ g.keyfile_offset, g.keyfile_size);
+ if (rc != 0)
+ goto out;
+
+ rc = crypt_volume_key_get(g.cd, keyslot, vkey, &vkeysize,
+ pw, pw_len);
+
+ if (rc == -EPERM || rc == -ENOENT)
+ warnx("No key available with this passphrase");
+
+
+ } while ((rc == -EPERM || rc == -ENOENT) && (--tries > 0));
+
+ if (rc < 0) {
+ warnx("Failed to get volume key of device '%s': "
+ "%s", g.pos_arg, strerror(-rc));
+ goto out;
+ }
+
+ keyslot = rc;
+ pr_verbose("Volume key obtained from key slot %d", keyslot);
+
+ if (key != NULL)
+ *key = vkey;
+ else
+ secure_free(vkey, vkeysize);
+ vkey = NULL;
+ if (keysize != NULL)
+ *keysize = vkeysize;
+ if (password != NULL)
+ *password = pw;
+ else
+ secure_free(pw, pw_len);
+ pw = NULL;
+ if (password_len != NULL)
+ *password_len = pw_len;
+
+ rc = keyslot;
+
+out:
+ secure_free(vkey, vkeysize);
+ secure_free(pw, pw_len);
+
+ return rc;
+}
+
+
+/*
+ * Validate and get a secure key from a key slot. Optionally returns the key
+ * and password used to unlock the keyslot. You can either validate a specific
+ * key slot, or let it choose based on the password (keyslot=CRYPT_ANY_SLOT).
+ */
+static int validate_keyslot(int keyslot, char **key, size_t *keysize,
+ char **password, size_t *password_len,
+ int *is_old_mk, size_t *clear_keysize,
+ const char *prompt, const char *invalid_msg)
+{
+ size_t vkeysize = 0;
+ char *vkey = NULL;
+ int rc, is_old;
+
+ rc = open_keyslot(keyslot, &vkey, &vkeysize, password, password_len,
+ prompt);
+ if (rc < 0)
+ return rc;
+
+ keyslot = rc;
+
+ rc = validate_secure_key(g.pkey_fd, (u8 *)vkey, vkeysize, clear_keysize,
+ &is_old, g.verbose);
+ if (rc != 0) {
+ if (invalid_msg != NULL)
+ warnx("%s", invalid_msg);
+ else
+ warnx("The secure volume key of device '%s' is not "
+ "valid", g.pos_arg);
+ rc = -EINVAL;
+ goto out;
+ }
+ pr_verbose("Volume key is currently enciphered with %s master key",
+ is_old ? "OLD" : "CURRENT");
+
+ if (key != NULL)
+ *key = vkey;
+ else
+ secure_free(vkey, vkeysize);
+ vkey = NULL;
+ if (keysize != NULL)
+ *keysize = vkeysize;
+ if (is_old_mk != NULL)
+ *is_old_mk = is_old;
+
+ rc = keyslot;
+
+out:
+ secure_free(vkey, vkeysize);
+
+ return rc;
+}
+
+/*
+ * Prepares for a re-enciphering of a secure volume key. Dependent on the
+ * options specified by the user and the state of the volume key, it starts
+ * a staged re-enciphering or performs an in-place re-enciphering.
+ */
+static int reencipher_prepare(int token)
+{
+ struct reencipher_token reenc_tok;
+ struct vp_token vp_tok;
+ char *password = NULL;
+ size_t password_len;
+ char *key = NULL;
+ size_t keysize;
+ int is_old_mk;
+ char *prompt;
+ char *msg;
+ int rc;
+
+ if (token >= 0) {
+ util_asprintf(&msg, "Staged volume key re-enciphering is "
+ "already initiated for device '%s'. Do you want to "
+ "cancel the pending re-enciphering and start a "
+ "new re-enciphering process?", g.pos_arg);
+ util_print_indented(msg, 0);
+ free(msg);
+
+ if (!prompt_for_yes()) {
+ warnx("Device '%s' is left unchanged", g.pos_arg);
+ return -ECANCELED;
+ }
+
+ rc = cleanup_reencipher_token(token);
+ if (rc < 0)
+ return rc;
+ }
+
+ util_asprintf(&prompt, "Enter passphrase for '%s': ", g.pos_arg);
+ rc = validate_keyslot(CRYPT_ANY_SLOT, &key, &keysize, &password,
+ &password_len, &is_old_mk, NULL, prompt, NULL);
+ free(prompt);
+ if (rc < 0)
+ goto out;
+
+ reenc_tok.original_keyslot = rc;
+
+ rc = ensure_is_active_keylot(reenc_tok.original_keyslot);
+ if (rc != 0)
+ goto out;
+
+ rc = generate_key_verification_pattern(key, keysize,
+ reenc_tok.verification_pattern,
+ sizeof(reenc_tok.verification_pattern),
+ g.verbose);
+ if (rc != 0) {
+ warnx("Failed to generate the verification pattern: %s",
+ strerror(-rc));
+ warnx("Make sure that kernel module 'paes_s390' is loaded and "
+ "that the 'paes' cipher is available");
+ goto out;
+ }
+
+ memcpy(vp_tok.verification_pattern, reenc_tok.verification_pattern,
+ sizeof(vp_tok.verification_pattern));
+ token = find_token(g.cd, PAES_VP_TOKEN_NAME);
+ rc = put_vp_token(g.cd, token, &vp_tok);
+ if (rc < 0)
+ goto out;
+
+ util_asprintf(&msg, "The secure volume key of device '%s' is "
+ "enciphered with the %s CCA master key and is being "
+ "re-enciphered with the %s CCA master key.",
+ g.pos_arg, is_old_mk ? "OLD" : "CURRENT",
+ is_old_mk ? "CURRENT" : "NEW");
+ util_print_indented(msg, 0);
+ free(msg);
+
+ rc = key_token_change(g.dll_CSNBKTC, (u8 *)key, keysize,
+ is_old_mk ? METHOD_OLD_TO_CURRENT :
+ METHOD_CURRENT_TO_NEW,
+ g.verbose);
+ if (rc != 0) {
+ warnx("Failed to re-encipher the secure volume key of device "
+ "'%s'", g.pos_arg);
+ rc = -EINVAL;
+ goto out;
+ }
+
+ rc = crypt_keyslot_add_by_key(g.cd, CRYPT_ANY_SLOT, key, keysize,
+ password, password_len,
+ CRYPT_VOLUME_KEY_NO_SEGMENT);
+ if (rc < 0) {
+ warnx("Failed to add an unbound key slot to device '%s': %s",
+ g.pos_arg, strerror(-rc));
+ goto out;
+ }
+
+ reenc_tok.unbound_keyslot = rc;
+ pr_verbose("Re-enciphered volume key added to unbound key slot %d",
+ reenc_tok.unbound_keyslot);
+
+ rc = ensure_is_unbound_keylot(reenc_tok.unbound_keyslot);
+ if (rc != 0)
+ goto out;
+
+ if ((!is_old_mk && g.inplace) ||
+ (is_old_mk && !g.staged)) {
+ if (!g.inplace)
+ printf("An in-place re-enciphering is performed.\n");
+
+ util_asprintf(&msg, "Re-enciphering has completed "
+ "successfully for device '%s'", g.pos_arg);
+ rc = activate_unbound_keyslot(-1, reenc_tok.unbound_keyslot,
+ key, keysize, password,
+ password_len, msg);
+ free(msg);
+ goto out;
+ }
+
+ rc = put_reencipher_token(g.cd, CRYPT_ANY_TOKEN, &reenc_tok);
+ if (rc < 0)
+ goto out;
+ rc = 0;
+
+ util_asprintf(&msg, "Staged re-enciphering is initiated for "
+ "device '%s'. After the NEW CCA master key has been set "
+ "to become the CURRENT master key, run 'zkey-cryptsetup "
+ "reencipher' with option '--complete' to complete the "
+ "re-enciphering process.", g.pos_arg,
+ program_invocation_short_name);
+ util_print_indented(msg, 0);
+ free(msg);
+
+out:
+ secure_free(password, password_len);
+ secure_free(key, keysize);
+
+ return rc;
+}
+
+/*
+ * Completes a staged re-enciphering.
+ */
+static int reencipher_complete(int token)
+{
+ char vp[VERIFICATION_PATTERN_LEN];
+ struct reencipher_token tok;
+ char *password = NULL;
+ size_t password_len;
+ char *key = NULL;
+ size_t keysize;
+ int is_old_mk;
+ char *prompt;
+ char *msg;
+ int rc;
+
+ rc = get_reencipher_token(g.cd, token, &tok, true);
+ if (rc != 0) {
+ warnx("Failed to get the re-encipher token from device '%s': "
+ "%s", g.pos_arg, strerror(-rc));
+ return rc;
+ }
+
+ util_asprintf(&msg, "The re-enciphered secure volume key for "
+ "device '%s' is not valid.\nThe new CCA master key might "
+ "yet have to be set as the CURRENT master key.",
+ g.pos_arg);
+ util_asprintf(&prompt, "Enter passphrase for key slot %d of '%s': ",
+ tok.original_keyslot, g.pos_arg);
+ rc = validate_keyslot(tok.unbound_keyslot, &key, &keysize, &password,
+ &password_len, &is_old_mk, NULL, prompt, msg);
+ free(msg);
+ free(prompt);
+ if (rc < 0)
+ goto out;
+
+ rc = ensure_is_unbound_keylot(rc);
+ if (rc != 0)
+ goto out;
+
+ if (is_old_mk) {
+ util_asprintf(&msg, "The re-enciphered secure volume key "
+ "of device '%s' is enciphered with the CCA "
+ "master key from the OLD master key register. "
+ "The CCA master key might have changed again, "
+ "before the previous volume key re-enciphering "
+ "was completed.\n"
+ "Do you want to re-encipher the secure key with "
+ "the CCA master key in the CURRENT master key "
+ "register?", g.pos_arg);
+ util_print_indented(msg, 0);
+ free(msg);
+
+ if (!prompt_for_yes()) {
+ warnx("Re-enciphering was aborted");
+ rc = -ECANCELED;
+ goto out;
+ }
+
+ rc = key_token_change(g.dll_CSNBKTC, (u8 *)key, keysize,
+ METHOD_OLD_TO_CURRENT, g.verbose);
+ if (rc != 0) {
+ warnx("Failed to re-encipher the secure volume key for "
+ "device '%s'", g.pos_arg);
+ rc = -EINVAL;
+ goto out;
+ }
+
+ rc = crypt_keyslot_destroy(g.cd, tok.unbound_keyslot);
+ if (rc < 0) {
+ warnx("Failed to remove unbound key slot %d: %s",
+ tok.unbound_keyslot, strerror(-rc));
+ }
+
+ rc = crypt_keyslot_add_by_key(g.cd, CRYPT_ANY_SLOT, key,
+ keysize, password, password_len,
+ CRYPT_VOLUME_KEY_NO_SEGMENT);
+ if (rc < 0) {
+ warnx("Failed to add an unbound key slot to device "
+ "'%s': %s", g.pos_arg, strerror(-rc));
+ goto out;
+ }
+
+ tok.unbound_keyslot = rc;
+ pr_verbose("Re-enciphered volume key added to unbound key "
+ "slot %d", tok.unbound_keyslot);
+
+ }
+
+ rc = generate_key_verification_pattern(key, keysize, vp, sizeof(vp),
+ g.verbose);
+ if (rc != 0) {
+ warnx("Failed to generate the verification pattern: %s",
+ strerror(-rc));
+ warnx("Make sure that kernel module 'paes_s390' is loaded and "
+ "that the 'paes' cipher is available");
+ goto out;
+ }
+
+ if (strcmp(tok.verification_pattern, vp) != 0) {
+ warnx("The verification patterns of the new and old volume "
+ "keys do not match");
+ rc = -EINVAL;
+ goto out;
+ }
+
+ util_asprintf(&msg, "Re-enciphering has completed successfully for "
+ "device '%s'.", g.pos_arg);
+ rc = activate_unbound_keyslot(token, tok.unbound_keyslot, key, keysize,
+ password, password_len, msg);
+ free(msg);
+
+out:
+ secure_free(password, password_len);
+ secure_free(key, keysize);
+
+ return rc;
+}
+
+
+/*
+ * Command handler for 'reencipher'.
+ *
+ * Re-encipher a volume key of a volume encrypted with LUKS2 and the
+ * 'paes' cipher
+ */
+static int command_reencipher(void)
+{
+ int token;
+ int rc;
+
+ if (g.inplace && g.staged) {
+ warnx("Options '--in-place|-i' and '--staged|-s' are "
+ "mutual exclusive");
+ util_prg_print_parse_error();
+ return EXIT_FAILURE;
+ }
+ if (g.complete) {
+ if (g.inplace) {
+ warnx("Option '--in-place|-i' is not valid together "
+ "with '--complete|-p'");
+ util_prg_print_parse_error();
+ return EXIT_FAILURE;
+ }
+ if (g.staged) {
+ warnx("Option '--staged|-s' is not valid together "
+ "with '--complete|-p'");
+ util_prg_print_parse_error();
+ return EXIT_FAILURE;
+ }
+ }
+
+ token = find_token(g.cd, PAES_REENC_TOKEN_NAME);
+
+ if (token < 0 && g.complete) {
+ warnx("Staged volume key re-enciphering is not pending for "
+ "device '%s'", g.pos_arg);
+ return EXIT_FAILURE;
+ }
+
+ if (token < 0 || g.staged || g.inplace)
+ rc = reencipher_prepare(token);
+ else
+ rc = reencipher_complete(token);
+
+ return rc < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
+}
+
+static void print_verification_pattern(const char *vp)
+{
+ printf(" Verification pattern: %.*s\n", VERIFICATION_PATTERN_LEN / 2,
+ vp);
+ printf(" %.*s\n", VERIFICATION_PATTERN_LEN / 2,
+ &vp[VERIFICATION_PATTERN_LEN / 2]);
+}
+
+/*
+ * Command handler for 'validate'.
+ *
+ * Validate a volume key of a volume encrypted with LUKS2 and the
+ * 'paes' cipher
+ */
+static int command_validate(void)
+{
+ int reenc_pending = 0, vp_tok_avail = 0, is_valid = 0, is_old_mk = 0;
+ struct reencipher_token reenc_tok;
+ struct vp_token vp_tok;
+ size_t clear_keysize;
+ size_t keysize = 0;
+ char *key = NULL;
+ char *prompt;
+ char *msg;
+ int token;
+ int rc;
+
+ util_asprintf(&prompt, "Enter passphrase for '%s': ", g.pos_arg);
+ rc = open_keyslot(CRYPT_ANY_SLOT, &key, &keysize, NULL, NULL, prompt);
+ free(prompt);
+ if (rc < 0)
+ goto out;
+
+ rc = ensure_is_active_keylot(rc);
+ if (rc != 0)
+ goto out;
+
+ rc = validate_secure_key(g.pkey_fd, (u8 *)key, keysize, &clear_keysize,
+ &is_old_mk, g.verbose);
+ is_valid = (rc == 0);
+
+ token = find_token(g.cd, PAES_REENC_TOKEN_NAME);
+ if (token >= 0) {
+ rc = get_reencipher_token(g.cd, token, &reenc_tok, true);
+ if (rc == 0)
+ reenc_pending = 1;
+ }
+
+ token = find_token(g.cd, PAES_VP_TOKEN_NAME);
+ if (token >= 0) {
+ rc = get_vp_token(g.cd, token, &vp_tok);
+ if (rc == 0)
+ vp_tok_avail = 1;
+ }
+
+ printf("Validation of secure volume key of device '%s':\n", g.pos_arg);
+ printf(" Status: %s\n", is_valid ? "Valid" : "Invalid");
+ printf(" Secure key size: %lu bytes\n", keysize);
+ printf(" XTS type key: %s\n",
+ keysize > SECURE_KEY_SIZE ? "Yes" : "No");
+ if (is_valid) {
+ printf(" Clear key size: %lu bits\n", clear_keysize);
+ printf(" Enciphered with: %s CCA master key\n",
+ is_old_mk ? "OLD" : "CURRENT");
+ } else {
+ printf(" Clear key size: (unknown)\n");
+ printf(" Enciphered with: (unknown)\n");
+ }
+ if (vp_tok_avail)
+ print_verification_pattern(vp_tok.verification_pattern);
+ else if (reenc_pending)
+ print_verification_pattern(reenc_tok.verification_pattern);
+ else
+ printf(" Verification pattern: Not available\n");
+
+
+ if (reenc_pending)
+ printf(" Volume key re-enciphering is pending\n");
+
+ if (!is_valid)
+ printf("\nATTENTION: The secure volume key is not valid.\n");
+
+ if (is_old_mk)
+ util_print_indented("\nWARNING: The secure volume key is "
+ "currently enciphered with the OLD CCA "
+ "master key. To mitigate the danger of "
+ "data loss re-encipher the volume key with "
+ "the CURRENT CCA master key.", 0);
+
+ if (is_valid && !vp_tok_avail) {
+ util_asprintf(&msg, "\nWARNING: The volume key cannot be "
+ "identified because the key verification pattern "
+ "token is not available in the LUKS2 header. Use "
+ "the '%s setvp' command to set the token.",
+ program_invocation_short_name);
+ util_print_indented(msg, 0);
+ free(msg);
+ }
+
+ rc = is_valid ? 0 : -EINVAL;
+
+out:
+ secure_free(key, keysize);
+
+ return rc < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
+}
+
+/*
+ * Command handler for 'setvp'.
+ *
+ * Set the verification pattern token to allow identification of the key
+ */
+static int command_setvp(void)
+{
+ struct vp_token vp_tok;
+ size_t keysize = 0;
+ char *key = NULL;
+ char *prompt;
+ int token;
+ int rc;
+
+ util_asprintf(&prompt, "Enter passphrase for '%s': ", g.pos_arg);
+ rc = validate_keyslot(CRYPT_ANY_SLOT, &key, &keysize, NULL, NULL,
+ NULL, NULL, prompt, NULL);
+ free(prompt);
+ if (rc < 0)
+ goto out;
+
+ rc = ensure_is_active_keylot(rc);
+ if (rc != 0)
+ goto out;
+
+ token = find_token(g.cd, PAES_VP_TOKEN_NAME);
+
+ rc = generate_key_verification_pattern(key, keysize,
+ vp_tok.verification_pattern,
+ sizeof(vp_tok.verification_pattern),
+ g.verbose);
+ if (rc != 0) {
+ warnx("Failed to generate the verification pattern: %s",
+ strerror(-rc));
+ warnx("Make sure that kernel module 'paes_s390' is loaded and "
+ "that the 'paes' cipher is available");
+ goto out;
+ }
+
+ rc = put_vp_token(g.cd, token, &vp_tok);
+ if (rc < 0)
+ goto out;
+
+ rc = 0;
+
+out:
+ secure_free(key, keysize);
+
+ return rc < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
+}
+
+/*
+ * Command handler for 'setkey'.
+ *
+ * Set a new volume key to allow to recover from an invalid volume key
+ */
+static int command_setkey(void)
+{
+ char vp[VERIFICATION_PATTERN_LEN];
+ size_t password_len = 0;
+ struct vp_token vp_tok;
+ size_t newkey_size = 0;
+ char *password = NULL;
+ size_t keysize = 0;
+ u8 *newkey = NULL;
+ char *key = NULL;
+ int is_old_mk;
+ char *prompt;
+ int keyslot;
+ char *msg;
+ int token;
+ int rc;
+
+ if (g.master_key_file == NULL) {
+ misc_print_required_parm("--master-key-file/-m");
+ return EXIT_FAILURE;
+ }
+
+ newkey = read_secure_key(g.master_key_file, &newkey_size, g.verbose);
+ if (newkey == NULL)
+ return EXIT_FAILURE;
+
+ rc = check_keysize_and_cipher_mode(newkey_size);
+ if (rc != 0)
+ goto out;
+
+ rc = validate_secure_key(g.pkey_fd, newkey, newkey_size, NULL,
+ &is_old_mk, g.verbose);
+ if (rc != 0) {
+ warnx("The secure key in file '%s' is not valid",
+ g.master_key_file);
+ goto out;
+ }
+
+ if (is_old_mk) {
+ util_asprintf(&msg, "The secure key in file '%s' is "
+ "enciphered with the CCA master key in the OLD "
+ "master key register. Do you want to set this "
+ "key as the new volume key anyway?",
+ g.master_key_file);
+ util_print_indented(msg, 0);
+ free(msg);
+
+ if (!prompt_for_yes()) {
+ rc = -EINVAL;
+ goto out;
+ }
+ }
+
+ util_asprintf(&prompt, "Enter passphrase for '%s': ", g.pos_arg);
+ rc = open_keyslot(CRYPT_ANY_SLOT, &key, &keysize, &password,
+ &password_len, prompt);
+ free(prompt);
+ if (rc < 0)
+ goto out;
+
+ if (keysize != newkey_size) {
+ warnx("The secure key in file '%s' has an invalid size",
+ g.master_key_file);
+ rc = -EINVAL;
+ goto out;
+ }
+
+ if (memcmp(newkey, key, keysize) == 0) {
+ warnx("The secure key in file '%s' is equal to the current "
+ "volume key, setkey is ignored", g.master_key_file);
+ rc = 0;
+ goto out;
+ }
+
+ rc = generate_key_verification_pattern((char *)newkey, newkey_size, vp,
+ sizeof(vp), g.verbose);
+ if (rc != 0) {
+ warnx("Failed to generate the verification pattern: %s",
+ strerror(-rc));
+ warnx("Make sure that kernel module 'paes_s390' is loaded and "
+ "that the 'paes' cipher is available");
+ goto out;
+ }
+
+ token = find_token(g.cd, PAES_VP_TOKEN_NAME);
+ if (token >= 0) {
+ rc = get_vp_token(g.cd, token, &vp_tok);
+ if (rc < 0) {
+ warnx("Failed to get the verification pattern token: "
+ "%s", strerror(-rc));
+ goto out;
+ }
+
+ if (strcmp(vp_tok.verification_pattern, vp) != 0) {
+ warnx("The verification patterns of the new and old "
+ "volume keys do not match");
+ rc = -EINVAL;
+ goto out;
+ }
+ } else {
+ util_asprintf(&msg, "ATTENTION: The key validation pattern "
+ "token is not available in the LUKS2 header. "
+ "Thus, the new volume key cannot be confirmed to "
+ "be correct. You will lose all data on the "
+ "volume if you set the wrong volume key!\n"
+ "Are you sure that the key in file '%s' is the "
+ "correct volume key for volume '%s'?",
+ g.master_key_file, g.pos_arg);
+ util_print_indented(msg, 0);
+ free(msg);
+
+ if (!prompt_for_yes()) {
+ rc = -EINVAL;
+ goto out;
+ }
+ }
+
+ rc = crypt_keyslot_add_by_key(g.cd, CRYPT_ANY_SLOT, (char *)newkey,
+ newkey_size, password, password_len,
+ CRYPT_VOLUME_KEY_NO_SEGMENT);
+ if (rc < 0) {
+ warnx("Failed to add an unbound key slot to device '%s': %s",
+ g.pos_arg, strerror(-rc));
+ goto out;
+ }
+ keyslot = rc;
+
+ rc = ensure_is_unbound_keylot(keyslot);
+ if (rc != 0)
+ goto out;
+
+ pr_verbose("New volume key added to unbound key slot %d", keyslot);
+
+ util_asprintf(&msg, "The volume key has been successfully set for "
+ "device '%s'", g.pos_arg);
+ rc = activate_unbound_keyslot(-1, keyslot, (char *)newkey, newkey_size,
+ password, password_len, msg);
+ free(msg);
+ if (rc < 0)
+ goto out;
+
+ memcpy(vp_tok.verification_pattern, vp,
+ sizeof(vp_tok.verification_pattern));
+ rc = put_vp_token(g.cd, token, &vp_tok);
+ if (rc < 0)
+ goto out;
+
+ rc = 0;
+
+out:
+ secure_free(password, password_len);
+ secure_free(newkey, newkey_size);
+ secure_free(key, keysize);
+
+ return rc < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
+}
+
+
+static bool is_command(struct zkey_cryptsetup_command *command, const char *str)
+{
+ char command_str[ZKEY_CRYPTSETUP_COMMAND_STR_LEN];
+ size_t str_len = strlen(str);
+
+ util_assert(sizeof(command_str) > strlen(command->command),
+ "Buffer 'command_str' too small for %s", command->command);
+ if (str_len < command->abbrev_len)
+ return false;
+ if (str_len > strlen(command->command))
+ return false;
+ strncpy(command_str, command->command, str_len);
+ if (strncasecmp(str, command_str, str_len) != 0)
+ return false;
+
+ return true;
+}
+
+/*
+ * Find the command in the command table
+ */
+struct zkey_cryptsetup_command *find_command(const char *command)
+{
+ struct zkey_cryptsetup_command *cmd = zkey_cryptsetup_commands;
+
+ while (cmd->command) {
+ if (is_command(cmd, command))
+ return cmd;
+ cmd++;
+ }
+ return NULL;
+}
+
+/*
+ * Entry point
+ */
+int main(int argc, char *argv[])
+{
+ struct zkey_cryptsetup_command *command = NULL;
+ int arg_count = argc;
+ char **args = argv;
+ char *endp;
+ int rc, c;
+
+ util_prg_init(&prg);
+ util_opt_init(opt_vec, NULL);
+
+ /* Get command if one is specified */
+ if (argc >= 2 && strncmp(argv[1], "-", 1) != 0) {
+ command = find_command(argv[1]);
+ if (command == NULL) {
+ misc_print_invalid_command(argv[1]);
+ return EXIT_FAILURE;
+ }
+
+ arg_count = argc - 1;
+ args = &argv[1];
+
+ if (argc >= 3 && strncmp(argv[2], "-", 1) != 0) {
+ g.pos_arg = argv[2];
+ arg_count = argc - 2;
+ args = &argv[2];
+ }
+
+ }
+
+ util_opt_set_command(command ? command->command : NULL);
+ util_prg_set_command(command ? command->command : NULL);
+
+ while (1) {
+ c = util_opt_getopt_long(arg_count, args);
+ if (c == -1)
+ break;
+ switch (c) {
+ case 'c':
+ g.complete = 1;
+ break;
+ case 'i':
+ g.inplace = 1;
+ break;
+ case 's':
+ g.staged = 1;
+ break;
+ case 'd':
+ g.keyfile = optarg;
+ break;
+ case 'o':
+ g.keyfile_offset = strtoll(optarg, &endp, 0);
+ if (*optarg == '\0' || *endp != '\0' ||
+ g.keyfile_offset < 0 ||
+ (g.keyfile_offset == LLONG_MAX &&
+ errno == ERANGE)) {
+ warnx("Invalid value for '--keyfile-offset'|"
+ "'-o': '%s'", optarg);
+ util_prg_print_parse_error();
+ return EXIT_FAILURE;
+ }
+ break;
+ case 'l':
+ g.keyfile_size = strtoll(optarg, &endp, 0);
+ if (*optarg == '\0' || *endp != '\0' ||
+ g.keyfile_size <= 0 ||
+ (g.keyfile_size == LLONG_MAX && errno == ERANGE)) {
+ warnx("Invalid value for '--keyfile-size'|"
+ "'-l': '%s'", optarg);
+ util_prg_print_parse_error();
+ return EXIT_FAILURE;
+ }
+ break;
+ case 'T':
+ g.tries = strtoll(optarg, &endp, 0);
+ if (*optarg == '\0' || *endp != '\0' ||
+ g.tries <= 0 ||
+ (g.tries == LLONG_MAX && errno == ERANGE)) {
+ warnx("Invalid value for '--tries'|'-T': '%s'",
+ optarg);
+ util_prg_print_parse_error();
+ return EXIT_FAILURE;
+ }
+ break;
+ case 'm':
+ g.master_key_file = optarg;
+ break;
+ case 'D':
+ g.debug = true;
+ g.verbose = true;
+ break;
+ case 'V':
+ g.verbose = true;
+ break;
+ case 'h':
+ print_help(command);
+ return EXIT_SUCCESS;
+ case 'v':
+ util_prg_print_version();
+ return EXIT_SUCCESS;
+ default:
+ util_opt_print_parse_error(c, args);
+ return EXIT_FAILURE;
+ }
+ }
+
+ if (optind < arg_count) {
+ util_prg_print_arg_error(args[optind]);
+ return EXIT_FAILURE;
+ }
+
+ if (command == NULL) {
+ misc_print_missing_command();
+ return EXIT_FAILURE;
+ }
+
+ if (command->need_cca_library) {
+ rc = load_cca_library(&g.lib_csulcca, &g.dll_CSNBKTC,
+ g.verbose);
+ if (rc != 0) {
+ rc = EXIT_FAILURE;
+ goto out;
+ }
+ }
+ if (command->need_pkey_device) {
+ g.pkey_fd = open_pkey_device(g.verbose);
+ if (g.pkey_fd == -1) {
+ rc = EXIT_FAILURE;
+ goto out;
+ }
+ }
+
+ crypt_set_log_callback(NULL, cryptsetup_log, NULL);
+ if (g.debug)
+ crypt_set_debug_level(-1);
+
+ if (command->open_device) {
+ if (g.pos_arg == NULL) {
+ misc_print_required_parm(command->pos_arg);
+ rc = EXIT_FAILURE;
+ goto out;
+ }
+
+ rc = open_device(g.pos_arg, &g.cd);
+ if (rc != 0) {
+ g.cd = NULL;
+ rc = EXIT_FAILURE;
+ goto out;
+ }
+ }
+
+ set_int_handler();
+
+ rc = command->function();
+
+out:
+ if (g.lib_csulcca)
+ dlclose(g.lib_csulcca);
+ if (g.pkey_fd >= 0)
+ close(g.pkey_fd);
+ if (g.cd)
+ crypt_free(g.cd);
+ return rc;
+}
