summaryrefslogtreecommitdiff
path: root/src/cryptsetup
Commit message (Collapse)AuthorAgeFilesLines
* crypttab: Support for VeraCrypt PIM and detached headers for ↵Klaus Zipfel2023-05-061-3/+20
| | | | | TrueCrypt/VeraCrypt (#27548) * Added veracrypt-pim=<PIM> LUKS option for crypttab
* cryptsetup: downgrade a bunch of log messages that to LOG_WARNINGLennart Poettering2023-05-041-38/+24
| | | | | In all these cases we ignore the failure, hence per our rule the log level should be below LOG_ERR. Fix that.
* cryptsetup: fix build without TPM2Luca Boccassi2023-04-041-0/+4
| | | | Follow-up for acbb504eaf1be51572b1c0d0d490ac478bc41c64
* tpm2: add support for a trusted SRKWilliam Roberts2023-04-036-8/+38
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Prevent attackers from spoofing the tpmKey portion of the AuthSession by adding a trusted key to the LUKS header metadata. Also, use a persistent object rather than a transient object. This provides the following benifits: 1. No way to MITM the tpmKey portion of the session, see [1] for details. 2. Strengthens the encrypted sessions, note that the bindKey could be dropped now. 3. Speed, once it's created we just use it. 4. Owner Auth is needed to call create primary, so using the SRK creates a scratch space for normal users. This is a "first to set" model, in where the first person to set the key in the LUKS header wins. Thus, setup should be done in a known good state. If an SRK, which is a primary key at a special persistent address, is found, it will use whatever is there. If not, it creates an SRK. The SRK follows the convetions used through the tpm2-software organization code on GitHub [2], however, a split has occured between Windows and Linux with respect to SRK templates. The Linux SRK is generated with the unique field size set to 0, in Windows, it properly sets the size to key size in bytes and the unique data to all 0's of that size. Note the proper templates for SRKs is covered in spec [3]. However, the most important thing, is that both SRKs are passwordless, and thus they should be interchangable. If Windows is the first to make the SRK, systemd will gladly accept it and vice-versa. 1. Without the bindKey being utilized, an attacker was able to intercept this and fake a key, thus being able to decrypt and encrypt traffic as needed. Introduction of the bindKey strengthened this, but allows for the attacker to brute force AES128CFB using pin guesses. Introduction of the salt increases the difficulty of this attack as well as DA attacks on the TPM objects itself. 2. https://github.com/tpm2-software 3. https://trustedcomputinggroup.org/wp-content/uploads/TCG-TPM-v2.0-Provisioning-Guidance-Published-v1r1.pdf Fixes: #20668 Fixes: #22637 Signed-off-by: William Roberts <william.c.roberts@intel.com>
* meson: Introduce userspace depJan Janssen2023-03-101-0/+1
| | | | This will help in a later commit to separate userspace from EFI builds.
* tpm2: add/rename functions to manage pcr selectionsDan Streetman2023-03-091-6/+6
| | | | | | This renames some functions to match other to/from_string() naming, and allows better management of TPML_PCR_SELECTION and TPMS_PCR_SELECTION structs.
* tpm2: add TPM2_PCR_VALID()Dan Streetman2023-03-092-2/+2
|
* cryptsetup: check the existence of salt by salt_size > 0Yu Watanabe2023-02-171-1/+1
| | | | | | Follow-up for 504d0acf61c8472bc93c2a927e858074873b2eaf. The function may be called with non-NULL salt and salt_size == 0.
* cryptsetup: do not assert when unsealing token without saltLuca Boccassi2023-02-152-2/+5
| | | | | | | | Salt was added in v253. We are not checking whether it was actually found (non-zero size), so when an old tpm+pin enrollment is opened things go boom. For good measure, check both the buffer and the size in both places. Assertion 'saltlen > 0' failed at src/shared/tpm2-util.c:2490, function tpm2_util_pbkdf2_hmac_sha256(). Aborting.
* tpm2: use Tpm2Context* instead of ESYS_CONTEXT*Dan Streetman2023-02-011-2/+2
| | | | | This is needed for later patches that use Tpm2Handle, which requires access to the Tpm2Context.
* tpm2: use ref counter for Tpm2ContextDan Streetman2023-02-011-4/+4
| | | | | | | This will be used by Tpm2Handle instances, which is added in later patches. The refcounting allows the context to be retained until all Tpm2Handles have been cleaned up, and the initial ref is released, before cleaning the context.
* tpm2: rename struct tpm2_context to Tpm2ContextDan Streetman2023-02-011-1/+1
| | | | This aligns with systemd coding guidelines for struct naming
* tpm2: rename tpm2 alg id<->string functionsDan Streetman2023-02-011-4/+4
| | | | | | The 'pcr_bank' functions operate on hash algs, and are not specific to the PCR banks, while the 'primary_alg' functions operate on asymmetric algs, and are not specific to primary keys.
* shared/efi-loader: fix compilation with !ENABLE_EFI, improve messagesZbigniew Jędrzejewski-Szmek2023-01-241-2/+2
| | | | | | | | | | | | When compiled without ENABLE_EFI, efi_stub_measured() was not defined, so compilation would fail. But it's not enough to add a stub that returns -EOPNOTSUPP. We call this function in various places and usually print the error at warning or error level, so we'd print a confusing message. We also can't add a stub that always returns 0, because then we'd print a message like "Kernel stub did not measure", which would be confusing too. Adding special handling for -EOPNOTSUPP in every caller is also unattractive. So instead efi_stub_measured() is reworked to log the warning or error internally, and such logging is removed from the callers, and a stub is added that logs a custom message.
* meson: Do not include headers in source listsJan Janssen2023-01-242-9/+5
| | | | | | Meson+ninja+compiler do this for us and are better at it. https://mesonbuild.com/FAQ.html#do-i-need-to-add-my-headers-to-the-sources-list-like-in-autotools
* string-util: add common implementation of function that converts sized ↵Lennart Poettering2023-01-211-17/+3
| | | | character buffers to NUL terminated C strings
* tree-wide: fix typoYu Watanabe2023-01-201-1/+1
|
* tpm2: add salt to pinWilliam Roberts2023-01-186-10/+74
| | | | | | | | | | Add a salt to the pin and store it in the TPM2 LUKS header for future this. This adds entropy to user supplied pins and helps brute forcing the passphrase on the key residing in the TPM or brute forcing bind key encrypted sessions with low entropy passphrases. Signed-off-by: malikabhi05 <abhishek.malik@intel.com> Signed-off-by: William Roberts <william.c.roberts@intel.com>
* tpm2: add common helper for checking if we are running on UKI with TPM ↵Lennart Poettering2023-01-171-0/+9
| | | | | | | | | | | | | | | | | | | | | | | | measurements Let's introduce a common implementation of a function that checks whether we are booted on a kernel with systemd-stub that has TPM PCR measurements enabled. Do our own userspace measurements only if we detect that. PCRs are scarce and most likely there are projects which already make use of them in other ways. Hence, instead of blindly stepping into their territory let's conditionalize things so that people have to explicitly buy into our PCR assignments before we start measuring things into them. Specifically bind everything to an UKI that reported measurements. This was previously already implemented in systemd-pcrphase, but with this change we expand this to all tools that process PCR measurement settings. The env var to override the check is renamed to SYSTEMD_FORCE_MEASURE, to make it more generic (since we'll use it at multiple places now). This is not a compat break, since the original env var for that was not included in any stable release yet.
* cryptsetup: add tpm2-measure-pcr= and tpm2-measure-bank= crypttab optionsLennart Poettering2023-01-171-14/+212
| | | | | | | | | These options allow measuring the volume key used for unlocking the volume to a TPM2 PCR. This is ideally used for the volume key of the root file system and can then be used to bind other resources to the root file system volume in a secure way. See: #24503
* tree-wide: fix return value handling of base64mem()Lennart Poettering2023-01-114-21/+27
| | | | | | | | | | | This returns an ssize_t, not an int. On populare archs that's the difference between 64bit and 32bit. hence, let's be more careful here, and not silently drop half the bits on the ground by assigning the return value to "int". As noticed by @malikabhi05: https://github.com/systemd/systemd/pull/24754#discussion_r1062903159
* cryptsetup-fido2: Remove plain mode parameters from `acquire_fido2_key_auto()`Peter Cai2022-12-221-1/+0
| | | | | | | `acquire_fido2_key_auto()` will not be used in PLAIN mode, and parameters such as the salt will be acquired from the LUKS header. Parameters intended for PLAIN mode are useless in `acquire_fido2_key_auto()`.
* cryptsetup-fido2: Relocate to libsystemd-sharedPeter Cai2022-12-223-370/+0
|
* cryptsetup-fido2: Try all FIDO2 key slots when opening LUKS volumePeter Cai2022-12-123-115/+123
| | | | | | | | | | | | | After #25268, it is now possible to check whether a credential is present on a FIDO2 token without actually attempting to retrieve said credential. However, when cryptsetup plugins are not enabled, the fallback unlock routines are not able to make multiple attempts with multiple different FIDO2 key slots. Instead of looking for one FIDO2 key slot when trying to unlock, we now attempt to use all key slots applicable. Fixes #19208.
* nulstr-util: Declare NULSTR_FOREACH() iterator inlineDaan De Meyer2022-11-111-1/+1
|
* basic: rename util.h to logarithm.hZbigniew Jędrzejewski-Szmek2022-11-081-1/+0
| | | | | util.h is now about logarithms only, so we can rename it. Many files included util.h for no apparent reason… Those includes are dropped.
* tree-wide: set description for device managerYu Watanabe2022-10-191-0/+4
|
* cryptsetup: drop redundant parens/drop ternary opLennart Poettering2022-10-171-1/+2
| | | | | A ternary op is a bit weird to use if we end up assigning a variable to itself in one of the branches. Hence use a plain if check.
* cryptsetup: use errno-flavoured logging where we have an errnoLennart Poettering2022-10-171-7/+4
|
* cryptsetup: use TPM flags over boolWilliam Roberts2022-09-201-1/+1
| | | | | | | | | This works becuase TPM2_FLAGS_USE_PIN is 1 and bool is a 1 so the bits line up as expected, however if for some reason flags change values and for clarity check if the boolean indicates this flag and pass the flag value. Signed-off-by: William Roberts <william.c.roberts@intel.com>
* tree-wide: use ASSERT_PTR moreDavid Tardon2022-09-131-2/+1
|
* cryptsetup: hook up TPM2 token code with policies based on PCR signatures, tooLennart Poettering2022-09-084-179/+114
|
* tpm2-util: add common parser for the LUKS2 TPM2 JSON structureLennart Poettering2022-09-083-144/+51
| | | | | | | | | | This splits out the JSON parser used by the systemd-cryptsetup code. This is preparation for later work to reuse it in the tpm2 cryptsetup token module, which currently uses a separate but very similar parser for the same data. No change in behaviour.
* cryptsetup: hook up signed PCR policiesLennart Poettering2022-09-083-25/+93
|
* tpm2-util: extend TPM2 policies to optionally check PCR values against ↵Lennart Poettering2022-09-082-9/+19
| | | | | | | | | | | | | | | | | | | | | | | | signed values Traditionally, TPM2 PCR policies are bound against literal PCR values, which makes them hard to work with when updating software that is measured into PCRs: each update will change the PCR values, and thus break TPM2 policies of existing objects. Let's improve the situation: let's allow signed PCR policies. Secrets and other TPM2 objects can be associated with a public key that signs a PCR policy. Thus, if the signed policy and the public key is presented, access to the TPM2 object can be granted. This allows a less brittle handling of updates: for example, whenever a kernel image is updated a new signed PCR policy can be shipped along with it, signed by a private key owned by the kernel vendor (ideally: same private key that is used to sign the kernel image itself). TPM2 objects can then be bound to the associated public key, thus allowing objects that can only be unlocked by kernels of the same vendor. This makes it very easy to update kernels without affecting locked secrets. This does not hook up any of the consuming code (just passes NULL/0 everywhere). This is for later commits.
* tree-wide: Mark some constants as unsignedJan Janssen2022-08-301-2/+2
| | | | | All these are really unsigned and used as such. This silences some -Wformat-signedness warnings with gcc.
* Merge pull request #24368 from poettering/tpm2-json-pcr-array-reworkLennart Poettering2022-08-192-32/+11
|\ | | | | tpm2: add helpers for building/parsing JSON arrays of PCR indexes
| * tpm2-util: also add helper for parsing PCR arraysLennart Poettering2022-08-192-32/+11
| |
* | tpm2-util: introduce tpm2_parse_pcr_argument() helperLennart Poettering2022-08-191-14/+3
|/ | | | | | Add a new tpm2_parse_pcr_argument() helper that unifies how we merge PCR masks in a single function, we can use all over the place. Previously we had basically the same code for this at 4 places.
* Merge pull request #23653 from aafeijoo-suse/ask-for-recovery-keyLennart Poettering2022-08-191-5/+124
|\ | | | | cryptsetup: improve password prompt text
| * cryptsetup: improve password prompt textAntonio Alvarez Feijoo2022-08-191-5/+124
| | | | | | | | | | | | | | | | Instead of always asking for passphrase, if the device has LUKS2 header check: - If only regular passphrases are registered, ask for passphrase. - If only recovery keys are registered, ask for recovery key. - If both regular passphrases and recovery keys are registered, ask for passphrase or recovery key.
* | cryptsetup: make sure all token-based codepaths are effected by ↵Lennart Poettering2022-08-191-1/+1
| | | | | | | | | | | | | | | | | | SYSTEMD_CRYPTSETUP_USE_TOKEN_MODULE env var Previously the env var was only checked when conditionalizing use of our own libcryptsetup loadable token modules. But let's also use it for any other kind of token module, including possible internal ones by libcryptsetup.
* | cryptsetup: use right internal helper when checking whether to use tokensLennart Poettering2022-08-191-1/+1
| | | | | | | | | | The other codepaths get this right, the TPM2 one currently does not. Fix that.
* | cryptsetup: support keyfile-timeout for using a device as the key fileChih-Hsuan Yen2022-08-081-6/+19
| | | | | | | | Closes https://github.com/systemd/systemd/issues/21993
* | cryptsetup: ask for PIN when trying to activate using a LUKS2 token pluginJonas Witschel2022-08-051-1/+11
| | | | | | | | | | | | | | | | | | | | | | | | crypt_activate_by_token() fails with ENOANO if the token is protected with a PIN, in this case we need to call crypt_activate_by_token_pin() with a PIN. This logic is already implemented in crypt_activate_by_token_pin_ask_password(). This code path is relevant when using systemd-gpt-auto-generator because there is no a priory information about the type of the used security device, so systemd-cryptsetup tries to unlock the volume using the corresponding cryptsetup plugin.
* | cryptsetup-token-systemd-fido2: use crypt_normalize_pinJonas Witschel2022-08-051-11/+4
| | | | | | | | | | | | Use the helper function introduced in the previous commit ("cryptsetup: implement cryptsetup_token_open_pin for systemd-tpm2 LUKS2 token") for cryptsetup-token-systemd-tpm2.
* | cryptsetup: implement cryptsetup_token_open_pin for systemd-tpm2 LUKS2 tokenJonas Witschel2022-08-056-34/+82
| | | | | | | | | | | | | | | | | | | | | | | | | | This finishes the implementation started in commit 1f895adac287b5f1b6b854caa586093616ccc172 ("cryptsetup: add libcryptsetup TPM2 PIN support"). Note that the previous implementation took a shortcut by returning EOPNOTSUPP instead of the correct ENOANO as per the cryptsetup documentation. This meant that systemd-cryptsetup fell back to the non-plugin implementation in order to ask for the PIN. Since this does not happen any more when returning ENOANO, we need to ask for the PIN in attach_luks2_by_tpm2_via_plugin() instead like attach_luks2_by_fido2_via_plugin() does.
* | cryptsetup: refactor asking for a PIN into a more generic functionJonas Witschel2022-08-051-6/+31
|/ | | | | This functionality will be useful for other LUKS2 token types as well in the future.
* cryptsetup: fix build with -Db_ndebug=trueFrantisek Sumsal2022-05-212-2/+4
| | | | | | | | | | | | | | | | | ``` ... ../src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-fido2.c:33:13: error: variable 'r' set but not used [-Werror,-Wunused-but-set-variable] int r; ^ 1 error generated. ... ../src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-pkcs11.c:34:13: error: variable 'r' set but not used [-Werror,-Wunused-but-set-variable] int r; ^ 1 error generated. ninja: build stopped: subcommand failed. + fatal ''\''meson compile'\'' failed with -Db_ndebug=true' ```
* Merge pull request #22919 from poettering/cryptsetup-tweaksLennart Poettering2022-03-311-17/+19
|\ | | | | various minor tweaks to cryptsetup/veritysetup/integritysetup
View Lorry Controller Status