From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from list by lists.gnu.org with archive (Exim 4.90_1) id 1k9nq1-0003kF-0h for mharc-grub-devel@gnu.org; Sun, 23 Aug 2020 07:07:01 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:43016) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1k9npy-0003iF-Ql for grub-devel@gnu.org; Sun, 23 Aug 2020 07:06:58 -0400 Received: from new2-smtp.messagingengine.com ([66.111.4.224]:46461) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1k9no2-0000Id-Bh for grub-devel@gnu.org; Sun, 23 Aug 2020 07:06:58 -0400 Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailnew.nyi.internal (Postfix) with ESMTP id E47EF580344; Sun, 23 Aug 2020 07:04:57 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute3.internal (MEProxy); Sun, 23 Aug 2020 07:04:57 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pks.im; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=fm1; bh=orjWe0PlntYukMpt4is1xdhQPAD 7tTZOaliK9swfFd0=; b=m6v8RdtQY4d83p0OZw+ngdgvCja3bhX7kcg1bHUikfe 0bm9tYLOkredpucTOWsVoDFsbvW3EMFg+VJ0N263G7GjTx1q0OOZKoNntOditLfx 4vN4xAphYWHOc8EBEQOx0/yUSAmc2wV7g8H9pjLmjDSaV7hSUBInHYzfIXnUSXzz gMl7PCOHmYDZJQmanseHsSQFl5hH7QdnTfP5LHQucaIu+hq0r1XFUhwZQsIdrr2b dPFJ1JgKAGEWt+QCcfCpJLJdh/9B5sVT1E4QHeSaux0xxZARQrhGqVpSizM1WUqp I2o29eIqgQMFCsK1BIQ3rLc8rJeerpyvYnzJrVyU69Q== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=orjWe0 PlntYukMpt4is1xdhQPAD7tTZOaliK9swfFd0=; b=WVMLkaALEpX2pShn5idENM 9PTpuSIijEaqB1P3WXQeF4Qx4uzY4xYfB7fBnOhC93vx0uefvnySrflCQn2ZOTbF iEGMFoC9gOh86hBEhAL5d4nDMHPNbwohAuarQrMiLOe/vJnGHH9tvrvUaGNxm8bs wQXDzmB3vpGrLcEd484VZsHQw1GgqjCy1E5xtyybgAZMWsVHwhEajCn/lSw2S/gj GZ9bTh7LFbfLjsYVJwWNkfUoMSO7ESfub172Lf3ykE0s99JbSA9uVY0hnsAhiNf2 +CM8x2TtFg5uaMFsIbZ6hvjqYvizwxFLK4lO7OSoSbjjSrT9YhANw7pVmUjrU32w == X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduiedrudduiedgfeejucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepfffhvffukfhfgggtuggjsehgtderredttddvnecuhfhrohhmpefrrghtrhhi tghkucfuthgvihhnhhgrrhguthcuoehpshesphhkshdrihhmqeenucggtffrrghtthgvrh hnpeehgefhtdefueffheekgfffudelffejtdfhvdejkedthfehvdelgfetgfdvtedthfen ucfkphepjeejrddukeefrdehkedrudelheenucevlhhushhtvghrufhiiigvpedtnecurf grrhgrmhepmhgrihhlfhhrohhmpehpshesphhkshdrihhm X-ME-Proxy: Received: from vm-mail.pks.im (x4db73ac3.dyn.telefonica.de [77.183.58.195]) by mail.messagingengine.com (Postfix) with ESMTPA id 1A2123280059; Sun, 23 Aug 2020 07:04:47 -0400 (EDT) Received: from localhost (ncase [10.192.0.11]) by vm-mail.pks.im (OpenSMTPD) with ESMTPSA id 925ffad6 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Sun, 23 Aug 2020 11:04:45 +0000 (UTC) Date: Sun, 23 Aug 2020 13:04:47 +0200 From: Patrick Steinhardt To: grub-devel@gnu.org Cc: Denis 'GNUtoo' Carikli , Glenn Washburn , Daniel Kiper Subject: [PATCH 9/9] cryptodisk: Properly handle non-512 byte sized sectors Message-ID: <32b463e00577d1e3608727f9c7d8f4502b49457d.1598179677.git.ps@pks.im> References: MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="envbJBWh7q8WU6mo" Content-Disposition: inline In-Reply-To: Received-SPF: pass client-ip=66.111.4.224; envelope-from=ps@pks.im; helo=new2-smtp.messagingengine.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/08/23 06:59:58 X-ACL-Warn: Detected OS = Linux 2.2.x-3.x [generic] [fuzzy] X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 23 Aug 2020 11:06:59 -0000 --envbJBWh7q8WU6mo Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable =46rom: Glenn Washburn By default, dm-crypt internally uses an IV that corresponds to 512-byte sectors, even when a larger sector size is specified. What this means is that when using a larger sector size, the IV is incremented every sector. However, the amount the IV is incremented is the number of 512 byte blocks in a sector (ie 8 for 4K sectors). Confusingly the IV does not corespond to the number of, for example, 4K sectors. So each cipher block in the fifth 4K sector will be encrypted with an IV equal to 32, as opposed to 32-39 for each sequential 512 byte block or an IV of 4 for each cipher block in the sector. There are some encryption utilities which do it the intuitive way and have the IV equal to the sector number regardless of sector size (ie. the fifth sector would have an IV of 4 for each cipher block). And this is supported by dm-crypt with the iv_large_sectors option and also cryptsetup as of 2.3.3 with the --iv-large-sectors, though not with LUKS headers (only with --type plain). However, support for this has not been included as grub does not support plain devices right now. One gotcha here is that the encrypted split keys are encrypted with a hard- coded 512-byte sector size. So even if your data is encrypted with 4K sector sizes, the split key encrypted area must be decrypted with a block size of 512 (ie the IV increments every 512 bytes). This made these changes less aestetically pleasing than desired. Signed-off-by: Glenn Washburn --- grub-core/disk/cryptodisk.c | 47 +++++++++++++++++++++---------------- grub-core/disk/luks.c | 5 ++-- grub-core/disk/luks2.c | 6 ++++- include/grub/cryptodisk.h | 2 +- 4 files changed, 36 insertions(+), 24 deletions(-) diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c index 74ab54eaa..e96d123de 100644 --- a/grub-core/disk/cryptodisk.c +++ b/grub-core/disk/cryptodisk.c @@ -33,6 +33,9 @@ =20 GRUB_MOD_LICENSE ("GPLv3+"); =20 +/* Internally encrypted sectors are 512 bytes regardless of what the crypt= odisk is */ +#define CRYPT_LOG_SECTOR_SIZE 9 + grub_cryptodisk_dev_t grub_cryptodisk_list; =20 static const struct grub_arg_option options[] =3D @@ -224,7 +227,8 @@ lrw_xor (const struct lrw_sector *sec, static gcry_err_code_t grub_cryptodisk_endecrypt (struct grub_cryptodisk *dev, grub_uint8_t * data, grub_size_t len, - grub_disk_addr_t sector, int do_encrypt) + grub_disk_addr_t sector, grub_size_t sector_size, + int do_encrypt) { grub_size_t i; gcry_err_code_t err; @@ -237,12 +241,13 @@ grub_cryptodisk_endecrypt (struct grub_cryptodisk *de= v, return (do_encrypt ? grub_crypto_ecb_encrypt (dev->cipher, data, data,= len) : grub_crypto_ecb_decrypt (dev->cipher, data, data, len)); =20 - for (i =3D 0; i < len; i +=3D (1U << dev->log_sector_size)) + for (i =3D 0; i < len; i +=3D (1U << sector_size)) { grub_size_t sz =3D ((dev->cipher->cipher->blocksize + sizeof (grub_uint32_t) - 1) / sizeof (grub_uint32_t)); grub_uint32_t iv[(GRUB_CRYPTO_MAX_CIPHER_BLOCKSIZE + 3) / 4]; + grub_uint64_t iv_calc; =20 if (dev->rekey) { @@ -270,7 +275,7 @@ grub_cryptodisk_endecrypt (struct grub_cryptodisk *dev, if (!ctx) return GPG_ERR_OUT_OF_MEMORY; =20 - tmp =3D grub_cpu_to_le64 (sector << dev->log_sector_size); + tmp =3D grub_cpu_to_le64 (sector << sector_size); dev->iv_hash->init (ctx); dev->iv_hash->write (ctx, dev->iv_prefix, dev->iv_prefix_len); dev->iv_hash->write (ctx, &tmp, sizeof (tmp)); @@ -281,14 +286,16 @@ grub_cryptodisk_endecrypt (struct grub_cryptodisk *de= v, } break; case GRUB_CRYPTODISK_MODE_IV_PLAIN64: - iv[1] =3D grub_cpu_to_le32 (sector >> 32); + iv_calc =3D sector << (sector_size - CRYPT_LOG_SECTOR_SIZE); + iv[1] =3D grub_cpu_to_le32 (iv_calc >> 32); /* FALLTHROUGH */ case GRUB_CRYPTODISK_MODE_IV_PLAIN: - iv[0] =3D grub_cpu_to_le32 (sector & 0xFFFFFFFF); + iv_calc =3D sector << (sector_size - CRYPT_LOG_SECTOR_SIZE); + iv[0] =3D grub_cpu_to_le32 (iv_calc & 0xFFFFFFFF); break; case GRUB_CRYPTODISK_MODE_IV_BYTECOUNT64: - iv[1] =3D grub_cpu_to_le32 (sector >> (32 - dev->log_sector_size)); - iv[0] =3D grub_cpu_to_le32 ((sector << dev->log_sector_size) + iv[1] =3D grub_cpu_to_le32 (sector >> (32 - sector_size)); + iv[0] =3D grub_cpu_to_le32 ((sector << sector_size) & 0xFFFFFFFF); break; case GRUB_CRYPTODISK_MODE_IV_BENBI: @@ -311,10 +318,10 @@ grub_cryptodisk_endecrypt (struct grub_cryptodisk *de= v, case GRUB_CRYPTODISK_MODE_CBC: if (do_encrypt) err =3D grub_crypto_cbc_encrypt (dev->cipher, data + i, data + i, - (1U << dev->log_sector_size), iv); + (1U << sector_size), iv); else err =3D grub_crypto_cbc_decrypt (dev->cipher, data + i, data + i, - (1U << dev->log_sector_size), iv); + (1U << sector_size), iv); if (err) return err; break; @@ -322,10 +329,10 @@ grub_cryptodisk_endecrypt (struct grub_cryptodisk *de= v, case GRUB_CRYPTODISK_MODE_PCBC: if (do_encrypt) err =3D grub_crypto_pcbc_encrypt (dev->cipher, data + i, data + i, - (1U << dev->log_sector_size), iv); + (1U << sector_size), iv); else err =3D grub_crypto_pcbc_decrypt (dev->cipher, data + i, data + i, - (1U << dev->log_sector_size), iv); + (1U << sector_size), iv); if (err) return err; break; @@ -337,7 +344,7 @@ grub_cryptodisk_endecrypt (struct grub_cryptodisk *dev, if (err) return err; =20 - for (j =3D 0; j < (1U << dev->log_sector_size); + for (j =3D 0; j < (1U << sector_size); j +=3D dev->cipher->cipher->blocksize) { grub_crypto_xor (data + i + j, data + i + j, iv, @@ -368,11 +375,11 @@ grub_cryptodisk_endecrypt (struct grub_cryptodisk *de= v, if (do_encrypt) err =3D grub_crypto_ecb_encrypt (dev->cipher, data + i,=20 data + i, - (1U << dev->log_sector_size)); + (1U << sector_size)); else err =3D grub_crypto_ecb_decrypt (dev->cipher, data + i,=20 data + i, - (1U << dev->log_sector_size)); + (1U << sector_size)); if (err) return err; lrw_xor (&sec, dev, data + i); @@ -381,10 +388,10 @@ grub_cryptodisk_endecrypt (struct grub_cryptodisk *de= v, case GRUB_CRYPTODISK_MODE_ECB: if (do_encrypt) err =3D grub_crypto_ecb_encrypt (dev->cipher, data + i, data + i, - (1U << dev->log_sector_size)); + (1U << sector_size)); else err =3D grub_crypto_ecb_decrypt (dev->cipher, data + i, data + i, - (1U << dev->log_sector_size)); + (1U << sector_size)); if (err) return err; break; @@ -399,9 +406,9 @@ grub_cryptodisk_endecrypt (struct grub_cryptodisk *dev, gcry_err_code_t grub_cryptodisk_decrypt (struct grub_cryptodisk *dev, grub_uint8_t * data, grub_size_t len, - grub_disk_addr_t sector) + grub_disk_addr_t sector, grub_size_t sector_size) { - return grub_cryptodisk_endecrypt (dev, data, len, sector, 0); + return grub_cryptodisk_endecrypt (dev, data, len, sector, sector_size, 0= ); } =20 grub_err_t @@ -767,7 +774,7 @@ grub_cryptodisk_read (grub_disk_t disk, grub_disk_addr_= t sector, } gcry_err =3D grub_cryptodisk_endecrypt (dev, (grub_uint8_t *) buf, size << disk->log_sector_size, - sector, 0); + sector, dev->log_sector_size, 0); return grub_crypto_gcry_error (gcry_err); } =20 @@ -808,7 +815,7 @@ grub_cryptodisk_write (grub_disk_t disk, grub_disk_addr= _t sector, =20 gcry_err =3D grub_cryptodisk_endecrypt (dev, (grub_uint8_t *) tmp, size << disk->log_sector_size, - sector, 1); + sector, disk->log_sector_size, 1); if (gcry_err) { grub_free (tmp); diff --git a/grub-core/disk/luks.c b/grub-core/disk/luks.c index 76f89dd29..913fb7a9f 100644 --- a/grub-core/disk/luks.c +++ b/grub-core/disk/luks.c @@ -30,6 +30,7 @@ GRUB_MOD_LICENSE ("GPLv3+"); =20 #define MAX_PASSPHRASE 256 +#define LOG_SECTOR_SIZE 9 =20 #define LUKS_KEY_ENABLED 0x00AC71F3 =20 @@ -123,7 +124,7 @@ configure_ciphers (grub_disk_t disk, const char *check_= uuid, return NULL; newdev->offset =3D grub_be_to_cpu32 (header.payloadOffset); newdev->source_disk =3D NULL; - newdev->log_sector_size =3D 9; + newdev->log_sector_size =3D LOG_SECTOR_SIZE; newdev->total_length =3D grub_disk_get_size (disk) - newdev->offset; grub_memcpy (newdev->uuid, uuid, sizeof (uuid)); newdev->modname =3D "luks"; @@ -246,7 +247,7 @@ luks_recover_key (grub_disk_t source, return err; } =20 - gcry_err =3D grub_cryptodisk_decrypt (dev, split_key, length, 0); + gcry_err =3D grub_cryptodisk_decrypt (dev, split_key, length, 0, LOG= _SECTOR_SIZE); if (gcry_err) { grub_free (split_key); diff --git a/grub-core/disk/luks2.c b/grub-core/disk/luks2.c index 7c530dd1a..b6c0e384d 100644 --- a/grub-core/disk/luks2.c +++ b/grub-core/disk/luks2.c @@ -491,7 +491,11 @@ luks2_decrypt_key (grub_uint8_t *out_key, goto err; } =20 - gcry_ret =3D grub_cryptodisk_decrypt (crypt, split_key, k->area.size, 0); + /* + * The encrypted key slots are always with 512byte sectors, + * regardless of encrypted data sector size + */ + gcry_ret =3D grub_cryptodisk_decrypt (crypt, split_key, k->area.size, 0,= 9); if (gcry_ret) { ret =3D grub_crypto_gcry_error (gcry_ret); diff --git a/include/grub/cryptodisk.h b/include/grub/cryptodisk.h index e1b21e785..06653a622 100644 --- a/include/grub/cryptodisk.h +++ b/include/grub/cryptodisk.h @@ -139,7 +139,7 @@ grub_cryptodisk_setkey (grub_cryptodisk_t dev, gcry_err_code_t grub_cryptodisk_decrypt (struct grub_cryptodisk *dev, grub_uint8_t * data, grub_size_t len, - grub_disk_addr_t sector); + grub_disk_addr_t sector, grub_size_t sector_size); grub_err_t grub_cryptodisk_insert (grub_cryptodisk_t newdev, const char *name, grub_disk_t source); --=20 2.28.0 --envbJBWh7q8WU6mo Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEF9hrgiFbCdvenl/rVbJhu7ckPpQFAl9CTU4ACgkQVbJhu7ck PpT2Ng//V7V4pi7kZtgzaJedeN68HNe4bNtevMY++Ik4BTleQjn7dNQyCp2Mt9xc p6pMD59w90zjtTm3klmQMUzFSGQTOWVCwso6uqqqBYU6D2IITnbWcVFY/CmB2Div AqQ589jgEpxCgz5EY+fZ25I298hsUIkfJOBNb/NLgx2xCEFp6kKCL5d2pz/7qdTx 0X6BcdyqLaIF1rbjeT7Ew052XoEKfVgCueB8HWHqslCUgBfbjJiBxhXoMsxQzRVz S4htVSb2li3c/QcXBRtBNUS1XxdcsNUd1TGGg7fCi8gRCKx8J14md9W9RLuN1QD8 G6gsIiHHHYjdQwmPMWspXbiOQ/D5XxbAw/pHU7zXRkcEzLCy+qU5LCPY1kCgDIt+ wmQ2aGdc6r+YnQ8Zg7tsHv/5WgHazqwtS6vylKtqIp/9ukbObt/qzfaHyH5WmZkM ZTF2OuSCYJspXS6HW5wGJpyvswDU10s6jphCyIoJ+qA9x8sWkbY2j95GMbykpDRu zsHlaTh3RHRKtMKbPrPB2oErG38J434u/gkiMB/sTl5UUvwJZtOMRyF4YUPsXjQX tpPyintjPrJgyzmjOseGt9TG7kzQCiLNE968+KVA1MO3HRRAihQ8pqkvfqHPVOCD zolscSr9r5M0oyclSRc+FWz/bgU9DETPVPKVc7HSy39CV6HAL0M= =QLXZ -----END PGP SIGNATURE----- --envbJBWh7q8WU6mo--