[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[CRYPTO-LUKS v1 11/19] cryptodisk: Properly handle non-512 byte sized se
|
From: |
Glenn Washburn |
|
Subject: |
[CRYPTO-LUKS v1 11/19] cryptodisk: Properly handle non-512 byte sized sectors. |
|
Date: |
Fri, 31 Jul 2020 07:01:52 -0500 |
By default, dm-crypt internally uses an IV that corresponds to 512-byte
sectors, even when a larger sector size is specified. What this means is
that when using a larger sector size, the IV is incremented every sector.
However, the amount the IV is incremented is the number of 512 byte blocks
in a sector (ie 8 for 4K sectors). Confusingly the IV does not corespond to
the number of, for example, 4K sectors. So each cipher block in the fifth
4K sector will be encrypted with an IV equal to 32, as opposed to 32-39 for
each sequential 512 byte block or an IV of 4 for each cipher block in the
sector.
There are some encryption utilities which do it the intuitive way and have
the IV equal to the sector number regardless of sector size (ie. the fifth
sector would have an IV of 4 for each cipher block). And this is supported
by dm-crypt with the iv_large_sectors option and also cryptsetup as of 2.3.3
with the --iv-large-sectors, though not with LUKS headers (only with --type
plain). However, support for this has not been included as grub does not
support plain devices right now.
One gotcha here is that the encrypted split keys are encrypted with a hard-
coded 512-byte sector size. So even if your data is encrypted with 4K sector
sizes, the split key encrypted area must be decrypted with a block size of
512 (ie the IV increments every 512 bytes). This made these changes less
aestetically pleasing than desired.
Signed-off-by: Glenn Washburn <development@efficientek.com>
---
grub-core/disk/cryptodisk.c | 46 +++++++++++++++++++++----------------
grub-core/disk/luks.c | 5 ++--
grub-core/disk/luks2.c | 6 ++++-
include/grub/cryptodisk.h | 2 +-
4 files changed, 35 insertions(+), 24 deletions(-)
diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c
index 263ca2e1a..014a8a95b 100644
--- a/grub-core/disk/cryptodisk.c
+++ b/grub-core/disk/cryptodisk.c
@@ -33,6 +33,9 @@
GRUB_MOD_LICENSE ("GPLv3+");
+/* Internally encrypted sectors are 512 bytes regardless of what the
cryptodisk is */
+#define CRYPT_LOG_SECTOR_SIZE 9
+
grub_cryptodisk_dev_t grub_cryptodisk_list;
static const struct grub_arg_option options[] =
@@ -224,7 +227,8 @@ lrw_xor (const struct lrw_sector *sec,
static gcry_err_code_t
grub_cryptodisk_endecrypt (struct grub_cryptodisk *dev,
grub_uint8_t * data, grub_size_t len,
- grub_disk_addr_t sector, int do_encrypt)
+ grub_disk_addr_t sector, grub_size_t sector_size,
+ int do_encrypt)
{
grub_size_t i;
gcry_err_code_t err;
@@ -237,12 +241,13 @@ grub_cryptodisk_endecrypt (struct grub_cryptodisk *dev,
return (do_encrypt ? grub_crypto_ecb_encrypt (dev->cipher, data, data, len)
: grub_crypto_ecb_decrypt (dev->cipher, data, data, len));
- for (i = 0; i < len; i += (1U << dev->log_sector_size))
+ for (i = 0; i < len; i += (1U << sector_size))
{
grub_size_t sz = ((dev->cipher->cipher->blocksize
+ sizeof (grub_uint32_t) - 1)
/ sizeof (grub_uint32_t));
grub_uint32_t iv[(GRUB_CRYPTO_MAX_CIPHER_BLOCKSIZE + 3) / 4];
+ grub_uint64_t iv_calc;
if (dev->rekey)
{
@@ -270,7 +275,7 @@ grub_cryptodisk_endecrypt (struct grub_cryptodisk *dev,
if (!ctx)
return GPG_ERR_OUT_OF_MEMORY;
- tmp = grub_cpu_to_le64 (sector << dev->log_sector_size);
+ tmp = grub_cpu_to_le64 (sector << sector_size);
dev->iv_hash->init (ctx);
dev->iv_hash->write (ctx, dev->iv_prefix, dev->iv_prefix_len);
dev->iv_hash->write (ctx, &tmp, sizeof (tmp));
@@ -281,14 +286,15 @@ grub_cryptodisk_endecrypt (struct grub_cryptodisk *dev,
}
break;
case GRUB_CRYPTODISK_MODE_IV_PLAIN64:
- iv[1] = grub_cpu_to_le32 (sector >> 32);
+ iv_calc = sector << (sector_size - CRYPT_LOG_SECTOR_SIZE);
+ iv[1] = grub_cpu_to_le32 (iv_calc >> 32);
/* FALLTHROUGH */
case GRUB_CRYPTODISK_MODE_IV_PLAIN:
- iv[0] = grub_cpu_to_le32 (sector & 0xFFFFFFFF);
+ iv[0] = grub_cpu_to_le32 (iv_calc & 0xFFFFFFFF);
break;
case GRUB_CRYPTODISK_MODE_IV_BYTECOUNT64:
- iv[1] = grub_cpu_to_le32 (sector >> (32 - dev->log_sector_size));
- iv[0] = grub_cpu_to_le32 ((sector << dev->log_sector_size)
+ iv[1] = grub_cpu_to_le32 (sector >> (32 - sector_size));
+ iv[0] = grub_cpu_to_le32 ((sector << sector_size)
& 0xFFFFFFFF);
break;
case GRUB_CRYPTODISK_MODE_IV_BENBI:
@@ -311,10 +317,10 @@ grub_cryptodisk_endecrypt (struct grub_cryptodisk *dev,
case GRUB_CRYPTODISK_MODE_CBC:
if (do_encrypt)
err = grub_crypto_cbc_encrypt (dev->cipher, data + i, data + i,
- (1U << dev->log_sector_size), iv);
+ (1U << sector_size), iv);
else
err = grub_crypto_cbc_decrypt (dev->cipher, data + i, data + i,
- (1U << dev->log_sector_size), iv);
+ (1U << sector_size), iv);
if (err)
return err;
break;
@@ -322,10 +328,10 @@ grub_cryptodisk_endecrypt (struct grub_cryptodisk *dev,
case GRUB_CRYPTODISK_MODE_PCBC:
if (do_encrypt)
err = grub_crypto_pcbc_encrypt (dev->cipher, data + i, data + i,
- (1U << dev->log_sector_size), iv);
+ (1U << sector_size), iv);
else
err = grub_crypto_pcbc_decrypt (dev->cipher, data + i, data + i,
- (1U << dev->log_sector_size), iv);
+ (1U << sector_size), iv);
if (err)
return err;
break;
@@ -337,7 +343,7 @@ grub_cryptodisk_endecrypt (struct grub_cryptodisk *dev,
if (err)
return err;
- for (j = 0; j < (1U << dev->log_sector_size);
+ for (j = 0; j < (1U << sector_size);
j += dev->cipher->cipher->blocksize)
{
grub_crypto_xor (data + i + j, data + i + j, iv,
@@ -368,11 +374,11 @@ grub_cryptodisk_endecrypt (struct grub_cryptodisk *dev,
if (do_encrypt)
err = grub_crypto_ecb_encrypt (dev->cipher, data + i,
data + i,
- (1U << dev->log_sector_size));
+ (1U << sector_size));
else
err = grub_crypto_ecb_decrypt (dev->cipher, data + i,
data + i,
- (1U << dev->log_sector_size));
+ (1U << sector_size));
if (err)
return err;
lrw_xor (&sec, dev, data + i);
@@ -381,10 +387,10 @@ grub_cryptodisk_endecrypt (struct grub_cryptodisk *dev,
case GRUB_CRYPTODISK_MODE_ECB:
if (do_encrypt)
err = grub_crypto_ecb_encrypt (dev->cipher, data + i, data + i,
- (1U << dev->log_sector_size));
+ (1U << sector_size));
else
err = grub_crypto_ecb_decrypt (dev->cipher, data + i, data + i,
- (1U << dev->log_sector_size));
+ (1U << sector_size));
if (err)
return err;
break;
@@ -399,9 +405,9 @@ grub_cryptodisk_endecrypt (struct grub_cryptodisk *dev,
gcry_err_code_t
grub_cryptodisk_decrypt (struct grub_cryptodisk *dev,
grub_uint8_t * data, grub_size_t len,
- grub_disk_addr_t sector)
+ grub_disk_addr_t sector, grub_size_t sector_size)
{
- return grub_cryptodisk_endecrypt (dev, data, len, sector, 0);
+ return grub_cryptodisk_endecrypt (dev, data, len, sector, sector_size, 0);
}
grub_err_t
@@ -769,7 +775,7 @@ grub_cryptodisk_read (grub_disk_t disk, grub_disk_addr_t
sector,
}
gcry_err = grub_cryptodisk_endecrypt (dev, (grub_uint8_t *) buf,
size << disk->log_sector_size,
- sector, 0);
+ sector, dev->log_sector_size, 0);
return grub_crypto_gcry_error (gcry_err);
}
@@ -812,7 +818,7 @@ grub_cryptodisk_write (grub_disk_t disk, grub_disk_addr_t
sector,
gcry_err = grub_cryptodisk_endecrypt (dev, (grub_uint8_t *) tmp,
size << disk->log_sector_size,
- sector, 1);
+ sector, disk->log_sector_size, 1);
if (gcry_err)
{
grub_free (tmp);
diff --git a/grub-core/disk/luks.c b/grub-core/disk/luks.c
index ea54a9d10..a1ac078d1 100644
--- a/grub-core/disk/luks.c
+++ b/grub-core/disk/luks.c
@@ -30,6 +30,7 @@
GRUB_MOD_LICENSE ("GPLv3+");
#define MAX_PASSPHRASE 256
+#define LOG_SECTOR_SIZE 9
#define LUKS_KEY_ENABLED 0x00AC71F3
@@ -111,7 +112,7 @@ configure_ciphers (grub_disk_t disk, const char *check_uuid,
return NULL;
newdev->offset = grub_be_to_cpu32 (header.payloadOffset);
newdev->source_disk = NULL;
- newdev->log_sector_size = 9;
+ newdev->log_sector_size = LOG_SECTOR_SIZE;
newdev->total_length = grub_disk_get_size (disk) - newdev->offset;
grub_memcpy (newdev->uuid, header.uuid, sizeof (newdev->uuid));
newdev->modname = "luks";
@@ -234,7 +235,7 @@ luks_recover_key (grub_disk_t source,
return err;
}
- gcry_err = grub_cryptodisk_decrypt (dev, split_key, length, 0);
+ gcry_err = grub_cryptodisk_decrypt (dev, split_key, length, 0,
LOG_SECTOR_SIZE);
if (gcry_err)
{
grub_free (split_key);
diff --git a/grub-core/disk/luks2.c b/grub-core/disk/luks2.c
index 7f5deb469..5e4ce858e 100644
--- a/grub-core/disk/luks2.c
+++ b/grub-core/disk/luks2.c
@@ -491,7 +491,11 @@ luks2_decrypt_key (grub_uint8_t *out_key,
goto err;
}
- gcry_ret = grub_cryptodisk_decrypt (crypt, split_key, k->area.size, 0);
+ /*
+ * The encrypted key slots area always uses 512-byte sectors,
+ * regardless of encrypted data sector size.
+ */
+ gcry_ret = grub_cryptodisk_decrypt (crypt, split_key, k->area.size, 0, 9);
if (gcry_ret)
{
ret = grub_crypto_gcry_error (gcry_ret);
diff --git a/include/grub/cryptodisk.h b/include/grub/cryptodisk.h
index e1b21e785..06653a622 100644
--- a/include/grub/cryptodisk.h
+++ b/include/grub/cryptodisk.h
@@ -139,7 +139,7 @@ grub_cryptodisk_setkey (grub_cryptodisk_t dev,
gcry_err_code_t
grub_cryptodisk_decrypt (struct grub_cryptodisk *dev,
grub_uint8_t * data, grub_size_t len,
- grub_disk_addr_t sector);
+ grub_disk_addr_t sector, grub_size_t sector_size);
grub_err_t
grub_cryptodisk_insert (grub_cryptodisk_t newdev, const char *name,
grub_disk_t source);
--
2.25.1
- [CRYPTO-LUKS v1 02/19] cryptodisk: Fix cipher IV mode 'plain64' always being set as 'plain'., (continued)
- [CRYPTO-LUKS v1 02/19] cryptodisk: Fix cipher IV mode 'plain64' always being set as 'plain'., Glenn Washburn, 2020/07/31
- [CRYPTO-LUKS v1 03/19] cryptodisk: Incorrect calculation of start sector for grub_disk_read in grub_cryptodisk_read., Glenn Washburn, 2020/07/31
- [CRYPTO-LUKS v1 04/19] cryptodisk: Add more verbosity when reading/writing cryptodisks., Glenn Washburn, 2020/07/31
- [CRYPTO-LUKS v1 05/19] luks2: Add support for LUKS2 in (proc)/luks_script, Glenn Washburn, 2020/07/31
- [CRYPTO-LUKS v1 06/19] luks2: Rename source disk variabled named 'disk' to 'source' as in luks.c., Glenn Washburn, 2020/07/31
- [CRYPTO-LUKS v1 07/19] luks2: grub_cryptodisk_t->total_length is the max number of device native sectors., Glenn Washburn, 2020/07/31
- [CRYPTO-LUKS v1 08/19] cryptodisk, luks: Allow special processing for comparing UUIDs., Glenn Washburn, 2020/07/31
- [CRYPTO-LUKS v1 09/19] cryptodisk: Unregister cryptomount command when removing module., Glenn Washburn, 2020/07/31
- [CRYPTO-LUKS v1 10/19] fs: Fix block lists not being able to address to end of disk sometimes., Glenn Washburn, 2020/07/31
- [CRYPTO-LUKS v1 11/19] cryptodisk: Properly handle non-512 byte sized sectors.,
Glenn Washburn <=
- [CRYPTO-LUKS v1 12/19] cryptodisk: Rename total_length field in grub_cryptodisk_t to total_sectors., Glenn Washburn, 2020/07/31
- [CRYPTO-LUKS v1 13/19] fs: Allow number of blocks in block list to be optional, where length will be defaulted to the length of the device., Glenn Washburn, 2020/07/31
- [CRYPTO-LUKS v1 14/19] loopback: Add procfs entry 'loopbacks' to output configured loopback devices., Glenn Washburn, 2020/07/31
- [CRYPTO-LUKS v1 15/19] cryptodisk, luks2: Add header line to procfs entry and crypto and source device names., Glenn Washburn, 2020/07/31
- [CRYPTO-LUKS v1 16/19] cryptodisk: Add a couple comments noting the usage of a couple fields in grub_cryptodisk_t as is done for grub_disk_t., Glenn Washburn, 2020/07/31
- [CRYPTO-LUKS v1 17/19] luks2: Ensure that bit fields of grub_luks2_digest_t in luks2_parse_digest are initialized before returning., Glenn Washburn, 2020/07/31
- [CRYPTO-LUKS v1 18/19] luks2: Fix use of incorrect index and some error messages., Glenn Washburn, 2020/07/31
- [CRYPTO-LUKS v1 19/19] cryptodisk: Rename offset in grub_cryptodisk_t to offset_sectors to improve readability., Glenn Washburn, 2020/07/31