qcrypto-luks: extract store key function (3994a7c9) · Commits · SUMMER2020 / students / proj-2021291

crypto/block-luks.c

+181 −123

Original line number	Diff line number	Diff line
		@@ -623,6 +623,176 @@ qcrypto_block_luks_parse_header(QCryptoBlockLUKS luks, Error *errp)
		return 0;
		}

		/*
		* Given a key slot, user password, and the master key,
		* will store the encrypted master key there, and update the
		* in-memory header. User must then write the in-memory header
		*
		* Returns:
		* 0 if the keyslot was written successfully
		* with the provided password
		* -1 if a fatal error occurred while storing the key
		*/
		static int
		qcrypto_block_luks_store_key(QCryptoBlock *block,
		unsigned int slot_idx,
		const char *password,
		uint8_t *masterkey,
		uint64_t iter_time,
		QCryptoBlockWriteFunc writefunc,
		void *opaque,
		Error **errp)
		{
		QCryptoBlockLUKS *luks = block->opaque;
		QCryptoBlockLUKSKeySlot *slot = &luks->header.key_slots[slot_idx];
		g_autofree uint8_t *splitkey = NULL;
		size_t splitkeylen;
		g_autofree uint8_t *slotkey = NULL;
		g_autoptr(QCryptoCipher) cipher = NULL;
		g_autoptr(QCryptoIVGen) ivgen = NULL;
		Error *local_err = NULL;
		uint64_t iters;
		int ret = -1;

		if (qcrypto_random_bytes(slot->salt,
		QCRYPTO_BLOCK_LUKS_SALT_LEN,
		errp) < 0) {
		goto cleanup;
		}

		splitkeylen = luks->header.master_key_len * slot->stripes;

		/*
		* Determine how many iterations are required to
		* hash the user password while consuming 1 second of compute
		* time
		*/
		iters = qcrypto_pbkdf2_count_iters(luks->hash_alg,
		(uint8_t *)password, strlen(password),
		slot->salt,
		QCRYPTO_BLOCK_LUKS_SALT_LEN,
		luks->header.master_key_len,
		&local_err);
		if (local_err) {
		error_propagate(errp, local_err);
		goto cleanup;
		}

		if (iters > (ULLONG_MAX / iter_time)) {
		error_setg_errno(errp, ERANGE,
		"PBKDF iterations %llu too large to scale",
		(unsigned long long)iters);
		goto cleanup;
		}

		/* iter_time was in millis, but count_iters reported for secs */
		iters = iters * iter_time / 1000;

		if (iters > UINT32_MAX) {
		error_setg_errno(errp, ERANGE,
		"PBKDF iterations %llu larger than %u",
		(unsigned long long)iters, UINT32_MAX);
		goto cleanup;
		}

		slot->iterations =
		MAX(iters, QCRYPTO_BLOCK_LUKS_MIN_SLOT_KEY_ITERS);


		/*
		* Generate a key that we'll use to encrypt the master
		* key, from the user's password
		*/
		slotkey = g_new0(uint8_t, luks->header.master_key_len);
		if (qcrypto_pbkdf2(luks->hash_alg,
		(uint8_t *)password, strlen(password),
		slot->salt,
		QCRYPTO_BLOCK_LUKS_SALT_LEN,
		slot->iterations,
		slotkey, luks->header.master_key_len,
		errp) < 0) {
		goto cleanup;
		}


		/*
		* Setup the encryption objects needed to encrypt the
		* master key material
		*/
		cipher = qcrypto_cipher_new(luks->cipher_alg,
		luks->cipher_mode,
		slotkey, luks->header.master_key_len,
		errp);
		if (!cipher) {
		goto cleanup;
		}

		ivgen = qcrypto_ivgen_new(luks->ivgen_alg,
		luks->ivgen_cipher_alg,
		luks->ivgen_hash_alg,
		slotkey, luks->header.master_key_len,
		errp);
		if (!ivgen) {
		goto cleanup;
		}

		/*
		* Before storing the master key, we need to vastly
		* increase its size, as protection against forensic
		* disk data recovery
		*/
		splitkey = g_new0(uint8_t, splitkeylen);

		if (qcrypto_afsplit_encode(luks->hash_alg,
		luks->header.master_key_len,
		slot->stripes,
		masterkey,
		splitkey,
		errp) < 0) {
		goto cleanup;
		}

		/*
		* Now we encrypt the split master key with the key generated
		* from the user's password, before storing it
		*/
		if (qcrypto_block_cipher_encrypt_helper(cipher, block->niv, ivgen,
		QCRYPTO_BLOCK_LUKS_SECTOR_SIZE,
		0,
		splitkey,
		splitkeylen,
		errp) < 0) {
		goto cleanup;
		}

		/* Write out the slot's master key material. */
		if (writefunc(block,
		slot->key_offset_sector *
		QCRYPTO_BLOCK_LUKS_SECTOR_SIZE,
		splitkey, splitkeylen,
		opaque,
		errp) != splitkeylen) {
		goto cleanup;
		}

		slot->active = QCRYPTO_BLOCK_LUKS_KEY_SLOT_ENABLED;

		if (qcrypto_block_luks_store_header(block, writefunc, opaque, errp) < 0) {
		goto cleanup;
		}

		ret = 0;

		cleanup:
		if (slotkey) {
		memset(slotkey, 0, luks->header.master_key_len);
		}
		if (splitkey) {
		memset(splitkey, 0, splitkeylen);
		}
		return ret;
		}

		/*
		* Given a key slot, and user password, this will attempt to unlock
		* the master encryption key from the key slot.
		@@ -944,12 +1114,8 @@ qcrypto_block_luks_create(QCryptoBlock *block,
		QCryptoBlockCreateOptionsLUKS luks_opts;
		Error *local_err = NULL;
		g_autofree uint8_t *masterkey = NULL;
		g_autofree uint8_t *slotkey = NULL;
		g_autofree uint8_t *splitkey = NULL;
		size_t splitkeylen = 0;
		size_t i;
		g_autoptr(QCryptoCipher) cipher = NULL;
		g_autoptr(QCryptoIVGen) ivgen = NULL;
		g_autofree char *password = NULL;
		const char *cipher_alg;
		const char *cipher_mode;
		@@ -1172,9 +1338,7 @@ qcrypto_block_luks_create(QCryptoBlock *block,
		* to use the first key slot */
		splitkeylen = luks->header.master_key_len * QCRYPTO_BLOCK_LUKS_STRIPES;
		for (i = 0; i < QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS; i++) {
		luks->header.key_slots[i].active = i == 0 ?
		QCRYPTO_BLOCK_LUKS_KEY_SLOT_ENABLED :
		QCRYPTO_BLOCK_LUKS_KEY_SLOT_DISABLED;
		luks->header.key_slots[i].active = QCRYPTO_BLOCK_LUKS_KEY_SLOT_DISABLED;
		luks->header.key_slots[i].stripes = QCRYPTO_BLOCK_LUKS_STRIPES;

		/* This calculation doesn't match that shown in the spec,
		@@ -1188,107 +1352,6 @@ qcrypto_block_luks_create(QCryptoBlock *block,
		QCRYPTO_BLOCK_LUKS_SECTOR_SIZE)) * i);
		}

		if (qcrypto_random_bytes(luks->header.key_slots[0].salt,
		QCRYPTO_BLOCK_LUKS_SALT_LEN,
		errp) < 0) {
		goto error;
		}

		/* Again we determine how many iterations are required to
		* hash the user password while consuming 1 second of compute
		* time */
		iters = qcrypto_pbkdf2_count_iters(luks_opts.hash_alg,
		(uint8_t *)password, strlen(password),
		luks->header.key_slots[0].salt,
		QCRYPTO_BLOCK_LUKS_SALT_LEN,
		luks->header.master_key_len,
		&local_err);
		if (local_err) {
		error_propagate(errp, local_err);
		goto error;
		}

		if (iters > (ULLONG_MAX / luks_opts.iter_time)) {
		error_setg_errno(errp, ERANGE,
		"PBKDF iterations %llu too large to scale",
		(unsigned long long)iters);
		goto error;
		}

		/* iter_time was in millis, but count_iters reported for secs */
		iters = iters * luks_opts.iter_time / 1000;

		if (iters > UINT32_MAX) {
		error_setg_errno(errp, ERANGE,
		"PBKDF iterations %llu larger than %u",
		(unsigned long long)iters, UINT32_MAX);
		goto error;
		}

		luks->header.key_slots[0].iterations =
		MAX(iters, QCRYPTO_BLOCK_LUKS_MIN_SLOT_KEY_ITERS);


		/* Generate a key that we'll use to encrypt the master
		* key, from the user's password
		*/
		slotkey = g_new0(uint8_t, luks->header.master_key_len);
		if (qcrypto_pbkdf2(luks_opts.hash_alg,
		(uint8_t *)password, strlen(password),
		luks->header.key_slots[0].salt,
		QCRYPTO_BLOCK_LUKS_SALT_LEN,
		luks->header.key_slots[0].iterations,
		slotkey, luks->header.master_key_len,
		errp) < 0) {
		goto error;
		}


		/* Setup the encryption objects needed to encrypt the
		* master key material
		*/
		cipher = qcrypto_cipher_new(luks_opts.cipher_alg,
		luks_opts.cipher_mode,
		slotkey, luks->header.master_key_len,
		errp);
		if (!cipher) {
		goto error;
		}

		ivgen = qcrypto_ivgen_new(luks_opts.ivgen_alg,
		luks->ivgen_cipher_alg,
		luks_opts.ivgen_hash_alg,
		slotkey, luks->header.master_key_len,
		errp);
		if (!ivgen) {
		goto error;
		}

		/* Before storing the master key, we need to vastly
		* increase its size, as protection against forensic
		* disk data recovery */
		splitkey = g_new0(uint8_t, splitkeylen);

		if (qcrypto_afsplit_encode(luks_opts.hash_alg,
		luks->header.master_key_len,
		luks->header.key_slots[0].stripes,
		masterkey,
		splitkey,
		errp) < 0) {
		goto error;
		}

		/* Now we encrypt the split master key with the key generated
		* from the user's password, before storing it */
		if (qcrypto_block_cipher_encrypt_helper(cipher, block->niv, ivgen,
		QCRYPTO_BLOCK_LUKS_SECTOR_SIZE,
		0,
		splitkey,
		splitkeylen,
		errp) < 0) {
		goto error;
		}


		/* The total size of the LUKS headers is the partition header + key
		* slot headers, rounded up to the nearest sector, combined with
		@@ -1313,23 +1376,21 @@ qcrypto_block_luks_create(QCryptoBlock *block,
		goto error;
		}

		if (qcrypto_block_luks_store_header(block, writefunc, opaque, errp) < 0) {
		goto error;
		}

		/* Write out the master key material, starting at the
		* sector immediately following the partition header. */
		if (writefunc(block,
		luks->header.key_slots[0].key_offset_sector *
		QCRYPTO_BLOCK_LUKS_SECTOR_SIZE,
		splitkey, splitkeylen,
		/* populate the slot 0 with the password encrypted master key*/
		/* This will also store the header */
		if (qcrypto_block_luks_store_key(block,
		0,
		password,
		masterkey,
		luks_opts.iter_time,
		writefunc,
		opaque,
		errp) != splitkeylen) {
		errp) < 0) {
		goto error;
		}

		memset(masterkey, 0, luks->header.master_key_len);
		memset(slotkey, 0, luks->header.master_key_len);

		return 0;

		@@ -1337,9 +1398,6 @@ qcrypto_block_luks_create(QCryptoBlock *block,
		if (masterkey) {
		memset(masterkey, 0, luks->header.master_key_len);
		}
		if (slotkey) {
		memset(slotkey, 0, luks->header.master_key_len);
		}

		qcrypto_block_free_cipher(block);
		qcrypto_ivgen_free(block->ivgen);