2 * e4crypt.c - ext4 encryption management utility
4 * Copyright (c) 2014 Google, Inc.
5 * SHA512 implementation from libtomcrypt.
7 * Authors: Michael Halcrow <mhalcrow@google.com>,
8 * Ildar Muslukhov <ildarm@google.com>
11 #ifndef _LARGEFILE_SOURCE
12 #define _LARGEFILE_SOURCE
15 #ifndef _LARGEFILE64_SOURCE
16 #define _LARGEFILE64_SOURCE
34 #include <sys/ioctl.h>
36 #include <sys/types.h>
41 #include <asm/unistd.h>
43 #include "ext2fs/ext2_fs.h"
44 #include "uuid/uuid.h"
46 /* special process keyring shortcut IDs */
47 #define KEY_SPEC_THREAD_KEYRING -1
48 #define KEY_SPEC_PROCESS_KEYRING -2
49 #define KEY_SPEC_SESSION_KEYRING -3
50 #define KEY_SPEC_USER_KEYRING -4
51 #define KEY_SPEC_USER_SESSION_KEYRING -5
52 #define KEY_SPEC_GROUP_KEYRING -6
54 #define KEYCTL_GET_KEYRING_ID 0
55 #define KEYCTL_JOIN_SESSION_KEYRING 1
56 #define KEYCTL_DESCRIBE 6
57 #define KEYCTL_SEARCH 10
58 #define KEYCTL_SESSION_TO_PARENT 18
60 typedef __s32 key_serial_t;
62 #define EXT4_KEY_REF_STR_BUF_SIZE ((EXT4_KEY_DESCRIPTOR_SIZE * 2) + 1)
64 #ifndef EXT4_IOC_GET_ENCRYPTION_PWSALT
65 #define EXT4_IOC_GET_ENCRYPTION_PWSALT _IOW('f', 20, __u8[16])
68 #define OPT_VERBOSE 0x0001
69 #define OPT_QUIET 0x0002
73 static long keyctl(int cmd, ...)
76 unsigned long arg2, arg3, arg4, arg5;
79 arg2 = va_arg(va, unsigned long);
80 arg3 = va_arg(va, unsigned long);
81 arg4 = va_arg(va, unsigned long);
82 arg5 = va_arg(va, unsigned long);
84 return syscall(__NR_keyctl, cmd, arg2, arg3, arg4, arg5);
87 static const char *hexchars = "0123456789abcdef";
88 static const size_t hexchars_size = 16;
90 #define SHA512_LENGTH 64
91 #define EXT2FS_KEY_TYPE_LOGON "logon"
92 #define EXT2FS_KEY_DESC_PREFIX "ext4:"
93 #define EXT2FS_KEY_DESC_PREFIX_SIZE 5
95 #define EXT4_IOC_SET_ENCRYPTION_POLICY _IOR('f', 19, struct ext4_encryption_policy)
97 static void validate_paths(int argc, char *argv[], int path_start_index)
103 for (x = path_start_index; x < argc; x++) {
104 int ret = access(argv[x], W_OK);
111 ret = stat(argv[x], &st);
114 if (!S_ISDIR(st.st_mode)) {
115 fprintf(stderr, "%s is not a directory\n", argv[x]);
123 static int hex2byte(const char *hex, size_t hex_size, char *bytes,
131 for (x = 0; x < hex_size; x += 2) {
132 h = memchr(hexchars, hex[x], hexchars_size);
135 l = memchr(hexchars, hex[x + 1], hexchars_size);
138 if ((x >> 1) >= bytes_size)
140 bytes[x >> 1] = (((unsigned char)(h - hexchars) << 4) +
141 (unsigned char)(l - hexchars));
151 char key_ref_str[EXT4_KEY_REF_STR_BUF_SIZE];
152 unsigned char key_desc[EXT4_KEY_DESCRIPTOR_SIZE];
153 unsigned char key[EXT4_MAX_KEY_SIZE];
156 struct salt *salt_list;
159 char passphrase[EXT4_MAX_PASSPHRASE_SIZE];
161 static struct salt *find_by_salt(unsigned char *salt, size_t salt_len)
166 for (i = 0, p = salt_list; i < num_salt; i++, p++)
167 if ((p->salt_len == salt_len) &&
168 !memcmp(p->salt, salt, salt_len))
173 static void add_salt(unsigned char *salt, size_t salt_len)
175 if (find_by_salt(salt, salt_len))
177 if (num_salt >= max_salt) {
178 max_salt = num_salt + 10;
179 salt_list = realloc(salt_list, max_salt * sizeof(struct salt));
181 fprintf(stderr, "Couldn't allocate salt list\n");
185 salt_list[num_salt].salt = salt;
186 salt_list[num_salt].salt_len = salt_len;
190 static void clear_secrets(void)
193 memset(salt_list, 0, sizeof(struct salt) * max_salt);
197 memset(passphrase, 0, sizeof(passphrase));
200 static void die_signal_handler(int signum, siginfo_t *siginfo,
207 void sigcatcher_setup(void)
211 memset(&sa, 0, sizeof(struct sigaction));
212 sa.sa_sigaction = die_signal_handler;
213 sa.sa_flags = SA_SIGINFO;
215 sigaction(SIGHUP, &sa, 0);
216 sigaction(SIGINT, &sa, 0);
217 sigaction(SIGQUIT, &sa, 0);
218 sigaction(SIGFPE, &sa, 0);
219 sigaction(SIGILL, &sa, 0);
220 sigaction(SIGBUS, &sa, 0);
221 sigaction(SIGSEGV, &sa, 0);
222 sigaction(SIGABRT, &sa, 0);
223 sigaction(SIGPIPE, &sa, 0);
224 sigaction(SIGALRM, &sa, 0);
225 sigaction(SIGTERM, &sa, 0);
226 sigaction(SIGUSR1, &sa, 0);
227 sigaction(SIGUSR2, &sa, 0);
228 sigaction(SIGPOLL, &sa, 0);
229 sigaction(SIGPROF, &sa, 0);
230 sigaction(SIGSYS, &sa, 0);
231 sigaction(SIGTRAP, &sa, 0);
232 sigaction(SIGVTALRM, &sa, 0);
233 sigaction(SIGXCPU, &sa, 0);
234 sigaction(SIGXFSZ, &sa, 0);
238 #define PARSE_FLAGS_NOTSUPP_OK 0x0001
239 #define PARSE_FLAGS_FORCE_FN 0x0002
241 static void parse_salt(char *salt_str, int flags)
243 unsigned char buf[EXT4_MAX_SALT_SIZE];
244 unsigned char *salt_buf, *cp = salt_str;
246 int i, fd, ret, salt_len = 0;
248 if (flags & PARSE_FLAGS_FORCE_FN)
249 goto salt_from_filename;
250 if (strncmp(cp, "s:", 2) == 0) {
252 salt_len = strlen(cp);
253 if (salt_len >= EXT4_MAX_SALT_SIZE)
255 strncpy(buf, cp, sizeof(buf));
256 } else if (cp[0] == '/') {
258 fd = open(cp, O_RDONLY | O_DIRECTORY);
259 if (fd == -1 && errno == ENOTDIR)
260 fd = open(cp, O_RDONLY);
265 ret = ioctl(fd, EXT4_IOC_GET_ENCRYPTION_PWSALT, &buf);
268 if (flags & PARSE_FLAGS_NOTSUPP_OK)
270 perror("EXT4_IOC_GET_ENCRYPTION_PWSALT");
273 if (options & OPT_VERBOSE) {
275 uuid_unparse(buf, tmp);
276 printf("%s has pw salt %s\n", cp, tmp);
279 } else if (strncmp(cp, "f:", 2) == 0) {
281 goto salt_from_filename;
282 } else if (strncmp(cp, "0x", 2) == 0) {
289 if (salt_len >= EXT4_MAX_SALT_SIZE)
291 h = memchr(hexchars, *cp++, sizeof(hexchars));
292 l = memchr(hexchars, *cp++, hexchars_size);
296 (((unsigned char)(h - hexchars) << 4) +
297 (unsigned char)(l - hexchars));
299 } else if (uuid_parse(cp, buf) == 0) {
303 fprintf(stderr, "Invalid salt: %s\n", salt_str);
306 salt_buf = malloc(salt_len);
308 fprintf(stderr, "Couldn't allocate salt\n");
311 memcpy(salt_buf, buf, salt_len);
312 add_salt(salt_buf, salt_len);
315 static void set_policy(struct salt *set_salt,
316 int argc, char *argv[], int path_start_index)
319 struct ext4_encryption_policy policy;
325 for (x = path_start_index; x < argc; x++) {
326 fd = open(argv[x], O_DIRECTORY);
334 if (ioctl(fd, EXT4_IOC_GET_ENCRYPTION_PWSALT,
336 perror("EXT4_IOC_GET_ENCRYPTION_PWSALT");
339 salt = find_by_salt(uu, sizeof(uu));
341 fprintf(stderr, "Couldn't find salt!?!\n");
346 policy.contents_encryption_mode =
347 EXT4_ENCRYPTION_MODE_AES_256_XTS;
348 policy.filenames_encryption_mode =
349 EXT4_ENCRYPTION_MODE_AES_256_CTS;
350 memcpy(policy.master_key_descriptor, salt->key_desc,
351 EXT4_KEY_DESCRIPTOR_SIZE);
352 rc = ioctl(fd, EXT4_IOC_SET_ENCRYPTION_POLICY, &policy);
355 printf("Error [%s] setting policy.\nThe key descriptor "
356 "[%s] may not match the existing encryption "
357 "context for directory [%s].\n",
358 strerror(errno), salt->key_ref_str, argv[x]);
361 printf("Key with descriptor [%s] applied to %s.\n",
362 salt->key_ref_str, argv[x]);
366 static void pbkdf2_sha512(const char *passphrase, struct salt *salt, int count,
367 char derived_key[EXT4_MAX_KEY_SIZE])
369 size_t passphrase_size = strlen(passphrase);
370 char buf[SHA512_LENGTH + EXT4_MAX_PASSPHRASE_SIZE] = {0};
371 char tempbuf[SHA512_LENGTH] = {0};
372 char final[SHA512_LENGTH] = {0};
373 char saltbuf[EXT4_MAX_SALT_SIZE + EXT4_MAX_PASSPHRASE_SIZE] = {0};
374 int actual_buf_len = SHA512_LENGTH + passphrase_size;
375 int actual_saltbuf_len = EXT4_MAX_SALT_SIZE + passphrase_size;
377 __u32 *final_u32 = (__u32 *)final;
378 __u32 *temp_u32 = (__u32 *)tempbuf;
380 if (passphrase_size > EXT4_MAX_PASSPHRASE_SIZE) {
381 printf("Passphrase size is %d; max is %d.\n", passphrase_size,
382 EXT4_MAX_PASSPHRASE_SIZE);
385 if (salt->salt_len > EXT4_MAX_SALT_SIZE) {
386 printf("Salt size is %d; max is %d.\n", salt->salt_len,
390 assert(EXT4_MAX_KEY_SIZE <= SHA512_LENGTH);
392 memcpy(saltbuf, salt->salt, salt->salt_len);
393 memcpy(&saltbuf[EXT4_MAX_SALT_SIZE], passphrase, passphrase_size);
395 memcpy(&buf[SHA512_LENGTH], passphrase, passphrase_size);
397 for (x = 0; x < count; ++x) {
399 ext2fs_sha512(saltbuf, actual_saltbuf_len, tempbuf);
402 * buf: [previous hash || passphrase]
404 memcpy(buf, tempbuf, SHA512_LENGTH);
405 ext2fs_sha512(buf, actual_buf_len, tempbuf);
407 for (y = 0; y < (sizeof(final) / sizeof(*final_u32)); ++y)
408 final_u32[y] = final_u32[y] ^ temp_u32[y];
410 memcpy(derived_key, final, EXT4_MAX_KEY_SIZE);
413 static int disable_echo(struct termios *saved_settings)
415 struct termios current_settings;
418 rc = tcgetattr(0, ¤t_settings);
421 *saved_settings = current_settings;
422 current_settings.c_lflag &= ~ECHO;
423 rc = tcsetattr(0, TCSANOW, ¤t_settings);
428 void get_passphrase(char *passphrase, int len)
431 struct termios current_settings;
434 disable_echo(¤t_settings);
435 p = fgets(passphrase, len, stdin);
436 tcsetattr(0, TCSANOW, ¤t_settings);
439 printf("Aborting.\n");
442 p = strrchr(passphrase, '\n');
444 p = passphrase + len - 1;
454 static const struct keyring_map keyrings[] = {
455 {"@us", 3, KEY_SPEC_USER_SESSION_KEYRING},
456 {"@u", 2, KEY_SPEC_USER_KEYRING},
457 {"@s", 2, KEY_SPEC_SESSION_KEYRING},
458 {"@g", 2, KEY_SPEC_GROUP_KEYRING},
459 {"@p", 2, KEY_SPEC_PROCESS_KEYRING},
460 {"@t", 2, KEY_SPEC_THREAD_KEYRING},
463 static int get_keyring_id(const char *keyring)
469 * If no keyring is specified, by default use either the user
470 * session key ring or the session keyring. Fetching the
471 * session keyring will return the user session keyring if no
472 * session keyring has been set.
474 * We need to do this instead of simply adding the key to
475 * KEY_SPEC_SESSION_KEYRING since trying to add a key to a
476 * session keyring that does not yet exist will cause the
477 * kernel to create a session keyring --- which wil then get
478 * garbage collected as soon as e4crypt exits.
480 * The fact that the keyctl system call and the add_key system
481 * call treats KEY_SPEC_SESSION_KEYRING differently when a
482 * session keyring does not exist is very unfortunate and
483 * confusing, but so it goes...
486 return keyctl(KEYCTL_GET_KEYRING_ID,
487 KEY_SPEC_SESSION_KEYRING, 0);
488 for (x = 0; x < (sizeof(keyrings) / sizeof(keyrings[0])); ++x) {
489 if (strcmp(keyring, keyrings[x].name) == 0) {
490 return keyrings[x].code;
493 x = strtol(keyring, &end, 10);
495 if (keyctl(KEYCTL_DESCRIBE, x, NULL, 0) < 0)
502 static void generate_key_ref_str(struct salt *salt)
504 char key_ref1[SHA512_LENGTH];
505 char key_ref2[SHA512_LENGTH];
508 ext2fs_sha512(salt->key, EXT4_MAX_KEY_SIZE, key_ref1);
509 ext2fs_sha512(key_ref1, SHA512_LENGTH, key_ref2);
510 memcpy(salt->key_desc, key_ref2, EXT4_KEY_DESCRIPTOR_SIZE);
511 for (x = 0; x < EXT4_KEY_DESCRIPTOR_SIZE; ++x) {
512 sprintf(&salt->key_ref_str[x * 2], "%02x",
515 salt->key_ref_str[EXT4_KEY_REF_STR_BUF_SIZE - 1] = '\0';
518 static void insert_key_into_keyring(const char *keyring, struct salt *salt)
520 int keyring_id = get_keyring_id(keyring);
521 struct ext4_encryption_key key;
522 char key_ref_full[EXT2FS_KEY_DESC_PREFIX_SIZE +
523 EXT4_KEY_REF_STR_BUF_SIZE];
526 if (keyring_id == 0) {
527 printf("Invalid keyring [%s].\n", keyring);
530 sprintf(key_ref_full, "%s%s", EXT2FS_KEY_DESC_PREFIX,
532 rc = keyctl(KEYCTL_SEARCH, keyring_id, EXT2FS_KEY_TYPE_LOGON,
535 if ((options & OPT_QUIET) == 0)
536 printf("Key with descriptor [%s] already exists\n",
539 } else if ((rc == -1) && (errno != ENOKEY)) {
540 printf("keyctl_search failed: %s\n", strerror(errno));
541 if (errno == -EINVAL)
542 printf("Keyring [%s] is not available.\n", keyring);
545 key.mode = EXT4_ENCRYPTION_MODE_AES_256_XTS;
546 memcpy(key.raw, salt->key, EXT4_MAX_KEY_SIZE);
547 key.size = EXT4_MAX_KEY_SIZE;
548 rc = syscall(__NR_add_key, EXT2FS_KEY_TYPE_LOGON, key_ref_full,
549 (void *)&key, sizeof(key), keyring_id);
551 if (errno == EDQUOT) {
552 printf("Error adding key to keyring; quota exceeded\n");
554 printf("Error adding key with key descriptor [%s]: "
555 "%s\n", salt->key_ref_str, strerror(errno));
559 if ((options & OPT_QUIET) == 0)
560 printf("Added key with descriptor [%s]\n",
565 static int is_keyring_valid(const char *keyring)
567 return (get_keyring_id(keyring) != 0);
570 void get_default_salts(void)
572 FILE *f = setmntent("/etc/mtab", "r");
575 while (f && ((mnt = getmntent(f)) != NULL)) {
576 if (strcmp(mnt->mnt_type, "ext4") ||
577 access(mnt->mnt_dir, R_OK))
579 parse_salt(mnt->mnt_dir, PARSE_FLAGS_NOTSUPP_OK);
584 /* Functions which implement user commands */
587 const char *cmd_name;
588 void (*cmd_func)(int, char **, const struct cmd_desc *);
589 const char *cmd_desc;
590 const char *cmd_help;
594 #define CMD_HIDDEN 0x0001
596 void do_help(int argc, char **argv, const struct cmd_desc *cmd);
598 #define add_key_desc "adds a key to the user's keyring"
599 #define add_key_help \
600 "e4crypt add_key -S salt [ -k keyring ] [-v] [-q] [ path ... ]\n\n" \
601 "Prompts the user for a passphrase and inserts it into the specified\n" \
602 "keyring. If no keyring is specified, e4crypt will use the session\n" \
603 "keyring if it exists or the user session keyring if it does not.\n\n" \
604 "If one or more directory paths are specified, e4crypt will try to\n" \
605 "set the policy of those directories to use the key just entered by\n" \
608 void do_add_key(int argc, char **argv, const struct cmd_desc *cmd)
611 char *keyring = NULL;
614 while ((opt = getopt(argc, argv, "k:S:vq")) != -1) {
617 /* Specify a keyring. */
621 /* Salt value for passphrase. */
622 parse_salt(optarg, 0);
625 options |= OPT_VERBOSE;
628 options |= OPT_QUIET;
631 fprintf(stderr, "Unrecognized option: %c\n", opt);
633 fputs("USAGE:\n ", stderr);
634 fputs(cmd->cmd_help, stderr);
641 fprintf(stderr, "No salt values available\n");
644 validate_paths(argc, argv, optind);
645 for (i = optind; i < argc; i++)
646 parse_salt(argv[i], PARSE_FLAGS_FORCE_FN);
647 printf("Enter passphrase (echo disabled): ");
648 get_passphrase(passphrase, sizeof(passphrase));
649 for (i = 0, salt = salt_list; i < num_salt; i++, salt++) {
650 pbkdf2_sha512(passphrase, salt,
651 EXT4_PBKDF2_ITERATIONS, salt->key);
652 generate_key_ref_str(salt);
653 insert_key_into_keyring(keyring, salt);
656 set_policy(NULL, argc, argv, optind);
661 #define set_policy_desc "sets a policy for directories"
662 #define set_policy_help \
663 "e4crypt set_policy policy path ... \n\n" \
664 "Sets the policy for the directories specified on the command line.\n" \
665 "All directories must be empty to set the policy; if the directory\n" \
666 "already has a policy established, e4crypt will validate that it the\n" \
667 "policy matches what was specified. A policy is an encryption key\n" \
668 "identifier consisting of 16 hexadecimal characters.\n"
670 void do_set_policy(int argc, char **argv, const struct cmd_desc *cmd)
672 struct salt *salt, saltbuf;
673 char *key_ref_str = NULL;
674 char *keyring = NULL;
675 int add_passphrase = 0;
679 fprintf(stderr, "Missing required argument(s).\n\n");
680 fputs("USAGE:\n ", stderr);
681 fputs(cmd->cmd_help, stderr);
685 strcpy(saltbuf.key_ref_str, argv[1]);
686 if ((strlen(argv[1]) != (EXT4_KEY_DESCRIPTOR_SIZE * 2)) ||
687 hex2byte(argv[1], (EXT4_KEY_DESCRIPTOR_SIZE * 2),
688 saltbuf.key_desc, EXT4_KEY_DESCRIPTOR_SIZE)) {
689 printf("Invalid key descriptor [%s]. Valid characters "
690 "are 0-9 and a-f, lower case. "
691 "Length must be %d.\n",
692 argv[1], (EXT4_KEY_DESCRIPTOR_SIZE * 2));
695 validate_paths(argc, argv, 2);
696 set_policy(&saltbuf, argc, argv, 2);
700 #define new_session_desc "given the invoking process a new session keyring"
701 #define new_session_help \
702 "e4crypt new_sessoin\n\n" \
703 "Give the invoking process (typically a shell) a new session keyring,\n" \
704 "discarding its old session keyring.\n"
706 void do_new_session(int argc, char **argv, const struct cmd_desc *cmd)
711 fputs("Excess arguments\n\n", stderr);
712 fputs(cmd->cmd_help, stderr);
715 keyid = keyctl(KEYCTL_JOIN_SESSION_KEYRING, NULL);
717 perror("KEYCTL_JOIN_SESSION_KEYRING");
720 ret = keyctl(KEYCTL_SESSION_TO_PARENT, NULL);
722 perror("KEYCTL_SESSION_TO_PARENT");
725 printf("Switched invoking process to new session keyring %ld\n", keyid);
729 #define CMD(name) { #name, do_##name, name##_desc, name##_help, 0 }
730 #define _CMD(name) { #name, do_##name, NULL, NULL, CMD_HIDDEN }
732 const struct cmd_desc cmd_list[] = {
737 { NULL, NULL, NULL, NULL }
740 void do_help(int argc, char **argv, const struct cmd_desc *cmd)
742 const struct cmd_desc *p;
745 for (p = cmd_list; p->cmd_name; p++) {
746 if (p->cmd_flags & CMD_HIDDEN)
748 if (strcmp(p->cmd_name, argv[1]) == 0) {
750 fputs("USAGE:\n ", stdout);
751 fputs(p->cmd_help, stdout);
755 printf("Unknown command: %s\n\n", argv[1]);
758 fputs("Available commands:\n", stdout);
759 for (p = cmd_list; p->cmd_name; p++) {
760 if (p->cmd_flags & CMD_HIDDEN)
762 printf(" %-20s %s\n", p->cmd_name, p->cmd_desc);
764 printf("\nTo get more information on a commnd, "
765 "type 'e4crypt help cmd'\n");
769 int main(int argc, char *argv[])
771 const struct cmd_desc *cmd;
774 do_help(argc, argv, cmd_list);
776 for (cmd = cmd_list; cmd->cmd_name; cmd++) {
777 if (strcmp(cmd->cmd_name, argv[1]) == 0) {
778 cmd->cmd_func(argc-1, argv+1, cmd);
782 printf("Unknown command: %s\n\n", argv[1]);
783 do_help(1, argv, cmd_list);