Commit Graph

251 Commits

Author SHA1 Message Date
Zbigniew Jędrzejewski-Szmek
bb44fd0734 various: use _NEG_ macros to reduce indentation
No functional change intended.
2023-08-16 12:52:56 +02:00
Dan Streetman
07c0406117 tpm2: change tpm2_parse_pcr_argument() parameters to parse to Tpm2PCRValue array
In order to allow users to specify expected PCR values, change the
tpm2_parse_pcr_argument() to parse the text argument into an array of
Tpm2PCRValue objects, which provide not only the selected PCR indexes, but also
(optionally) the hash algorithm and hash value for each PCR index.
2023-08-04 10:57:07 -04:00
Dan Streetman
323eb4803a tpm2: add Tpm2PCRValue struct and associated functions
Add a new struct that can represent a PCR index, hash, and value all
together. This replaces code (e.g. the tpm2_pcr_read() parameters) that
required using both a TPML_PCR_SELECTION as well as array of TPM2B_DIGEST
entries, which was difficult to correlate the selection hash/index to each
digest.
2023-08-04 10:57:05 -04:00
Dmitry V. Levin
fbce715195 cryptsetup: cleanup use of ERRNO_IS_NOT_SUPPORTED()
Given that ERRNO_IS_NOT_SUPPORTED() also matches positive values,
make sure this macro is not called with arguments that do not have
errno semantics.

In this case the argument passed to ERRNO_IS_NOT_SUPPORTED() is the
value returned by find_tpm2_auto_data() which is not expected to return
any positive values, but let's be consistent anyway and move the
ERRNO_IS_NOT_SUPPORTED() invocation to the branch where
the return value is known to be negative.
2023-07-28 12:28:35 +00:00
Dan Streetman
1dc8f51841 tpm2: replace _cleanup_tpm2_* macros with _cleanup_()
Remove _cleanup_tpm2_context_ and _cleanup_tpm2_handle_ macros, replacing their
use with _cleanup_(tpm2_context_unrefp) and _cleanup_(tpm2_handle_freep),
respectively.
2023-06-08 01:09:08 +02:00
Frantisek Sumsal
cdece7e30a cryptsetup: avoid calling strv_find() on a NULL pointer
When the header= option comes before any other type= defining one, we
trip over an assertion:

Jun 04 15:45:33 H testsuite-24.sh[752]: + systemctl start systemd-cryptsetup@detached.service
Jun 04 15:45:33 H systemd[1]: Starting systemd-cryptsetup@detached.service...
Jun 04 15:45:33 H systemd-cryptsetup[4641]: Assertion 'name' failed at src/basic/strv.c:21, function strv_find(). Aborting.
...
Jun 04 15:45:33 H systemd-coredump[4643]: Process 4641 (systemd-cryptse) of user 0 dumped core.
...
                                          Stack trace of thread 4641:
                                          #0  0x00007ff9256afe5c __pthread_kill_implementation (libc.so.6 + 0x8ce5c)
                                          #1  0x00007ff92565fa76 raise (libc.so.6 + 0x3ca76)
                                          #2  0x00007ff9256497fc abort (libc.so.6 + 0x267fc)
                                          #3  0x00007ff926076047 log_assert_failed (libsystemd-shared-253.so + 0x276047)
                                          #4  0x00007ff9260ab317 strv_find (libsystemd-shared-253.so + 0x2ab317)
                                          #5  0x0000000000405927 parse_one_option (systemd-cryptsetup + 0x5927)
                                          #6  0x0000000000407793 parse_options (systemd-cryptsetup + 0x7793)
                                          #7  0x000000000040fa0c run (systemd-cryptsetup + 0xfa0c)
                                          #8  0x000000000041137f main (systemd-cryptsetup + 0x1137f)
                                          #9  0x00007ff92564a510 __libc_start_call_main (libc.so.6 + 0x27510)
                                          #10 0x00007ff92564a5c9 __libc_start_main@@GLIBC_2.34 (libc.so.6 + 0x275c9)
                                          #11 0x0000000000403915 _start (systemd-cryptsetup + 0x3915)
                                          ELF object binary architecture: AMD x86-64
2023-06-05 16:50:13 +02:00
Lennart Poettering
ffe0da297d {crypt|verity}setup: mention volume name in some error messages 2023-06-01 18:49:43 +02:00
Lennart Poettering
6747d9a13f cryptsetup: fix whitespace issue 2023-06-01 18:49:16 +02:00
Dan Streetman
9944909e68 tpm: remove external calls to dlopen_tpm2()
The calls outside tpm2-util.c are redundant, as tpm2_context_new()
is always called immediately after, which then calls dlopen_tpm2().
2023-05-31 09:23:21 -04:00
Klaus Zipfel
703902400d crypttab: Support for VeraCrypt PIM and detached headers for TrueCrypt/VeraCrypt (#27548)
* Added veracrypt-pim=<PIM> LUKS option for crypttab
2023-05-06 21:55:05 +01:00
Lennart Poettering
b96cc40a95 cryptsetup: downgrade a bunch of log messages that to LOG_WARNING
In all these cases we ignore the failure, hence per our rule the log
level should be below LOG_ERR. Fix that.
2023-05-04 05:03:16 +09:00
William Roberts
acbb504eaf tpm2: add support for a trusted SRK
Prevent attackers from spoofing the tpmKey portion of the AuthSession by
adding a trusted key to the LUKS header metadata. Also, use a persistent
object rather than a transient object.

This provides the following benifits:
1. No way to MITM the tpmKey portion of the session, see [1] for
details.

2. Strengthens the encrypted sessions, note that the bindKey could be
   dropped now.

3. Speed, once it's created we just use it.

4. Owner Auth is needed to call create primary, so using the SRK
   creates a scratch space for normal users.

This is a "first to set" model, in where the first person to set the key
in the LUKS header wins. Thus, setup should be done in a known good
state. If an SRK, which is a primary key at a special persistent
address, is found, it will use whatever is there. If not, it creates an
SRK. The SRK follows the convetions used through the tpm2-software
organization code on GitHub [2], however, a split has occured between
Windows and Linux with respect to SRK templates. The Linux SRK is
generated with the unique field size set to 0, in Windows, it properly
sets the size to key size in bytes and the unique data to all 0's of that
size. Note the proper templates for SRKs is covered in spec [3].
However, the most important thing, is that both SRKs are passwordless,
and thus they should be interchangable. If Windows is the first to make
the SRK, systemd will gladly accept it and vice-versa.

1. Without the bindKey being utilized, an attacker was able to intercept
this and fake a key, thus being able to decrypt and encrypt traffic as
needed. Introduction of the bindKey strengthened this, but allows for
the attacker to brute force AES128CFB using pin guesses. Introduction of
the salt increases the difficulty of this attack as well as DA attacks
on the TPM objects itself.

2. https://github.com/tpm2-software

3. https://trustedcomputinggroup.org/wp-content/uploads/TCG-TPM-v2.0-Provisioning-Guidance-Published-v1r1.pdf

Fixes: #20668
Fixes: #22637

Signed-off-by: William Roberts <william.c.roberts@intel.com>
2023-04-03 13:10:49 +02:00
Dan Streetman
aa07a4fa35 tpm2: add TPM2_PCR_VALID() 2023-03-09 10:46:19 -05:00
Dan Streetman
23e9ccc24a tpm2: use Tpm2Context* instead of ESYS_CONTEXT*
This is needed for later patches that use Tpm2Handle, which requires access
to the Tpm2Context.
2023-02-01 12:51:17 -05:00
Dan Streetman
68d084cee5 tpm2: use ref counter for Tpm2Context
This will be used by Tpm2Handle instances, which is added in later patches.

The refcounting allows the context to be retained until all Tpm2Handles have
been cleaned up, and the initial ref is released, before cleaning the context.
2023-02-01 12:51:17 -05:00
Dan Streetman
bd860983a6 tpm2: rename struct tpm2_context to Tpm2Context
This aligns with systemd coding guidelines for struct naming
2023-02-01 12:51:17 -05:00
Zbigniew Jędrzejewski-Szmek
2f6c52b919 shared/efi-loader: fix compilation with !ENABLE_EFI, improve messages
When compiled without ENABLE_EFI, efi_stub_measured() was not defined, so
compilation would fail. But it's not enough to add a stub that returns
-EOPNOTSUPP. We call this function in various places and usually print the error
at warning or error level, so we'd print a confusing message. We also can't add
a stub that always returns 0, because then we'd print a message like "Kernel
stub did not measure", which would be confusing too. Adding special handling for
-EOPNOTSUPP in every caller is also unattractive. So instead efi_stub_measured()
is reworked to log the warning or error internally, and such logging is removed
from the callers, and a stub is added that logs a custom message.
2023-01-24 23:07:21 +00:00
Yu Watanabe
d09df6b94e tree-wide: fix typo 2023-01-20 15:32:16 +09:00
William Roberts
aae6eb9611 tpm2: add salt to pin
Add a salt to the pin and store it in the TPM2 LUKS header for future
this. This adds entropy to user supplied pins and helps brute forcing
the passphrase on the key residing in the TPM or brute forcing bind key
encrypted sessions with low entropy passphrases.

Signed-off-by: malikabhi05 <abhishek.malik@intel.com>
Signed-off-by: William Roberts <william.c.roberts@intel.com>
2023-01-18 21:58:33 +00:00
Lennart Poettering
6c51b49ce0 tpm2: add common helper for checking if we are running on UKI with TPM measurements
Let's introduce a common implementation of a function that checks
whether we are booted on a kernel with systemd-stub that has TPM PCR
measurements enabled. Do our own userspace measurements only if we
detect that.

PCRs are scarce and most likely there are projects which already make
use of them in other ways. Hence, instead of blindly stepping into their
territory let's conditionalize things so that people have to explicitly
buy into our PCR assignments before we start measuring things into them.
Specifically bind everything to an UKI that reported measurements.

This was previously already implemented in systemd-pcrphase, but with
this change we expand this to all tools that process PCR measurement
settings.

The env var to override the check is renamed to SYSTEMD_FORCE_MEASURE,
to make it more generic (since we'll use it at multiple places now).
This is not a compat break, since the original env var for that was not
included in any stable release yet.
2023-01-17 09:42:16 +01:00
Lennart Poettering
94c0c85e30 cryptsetup: add tpm2-measure-pcr= and tpm2-measure-bank= crypttab options
These options allow measuring the volume key used for unlocking the
volume to a TPM2 PCR. This is ideally used for the volume key of the
root file system and can then be used to bind other resources to the
root file system volume in a secure way.

See: #24503
2023-01-17 09:42:16 +01:00
Lennart Poettering
5e476b8512 tree-wide: fix return value handling of base64mem()
This returns an ssize_t, not an int. On populare archs that's the
difference between 64bit and 32bit. hence, let's be more careful here,
and not silently drop half the bits on the ground by assigning the
return value to "int".

As noticed by @malikabhi05:

https://github.com/systemd/systemd/pull/24754#discussion_r1062903159
2023-01-11 10:46:08 +01:00
Peter Cai
52105bb487 cryptsetup-fido2: Remove plain mode parameters from acquire_fido2_key_auto()
`acquire_fido2_key_auto()` will not be used in PLAIN mode, and
parameters such as the salt will be acquired from the LUKS header.
Parameters intended for PLAIN mode are useless in
`acquire_fido2_key_auto()`.
2022-12-22 11:20:56 -05:00
Peter Cai
e6319a102e cryptsetup-fido2: Try all FIDO2 key slots when opening LUKS volume
After #25268, it is now possible to check whether a credential
is present on a FIDO2 token without actually attempting to retrieve said
credential. However, when cryptsetup plugins are not enabled, the
fallback unlock routines are not able to make multiple attempts with
multiple different FIDO2 key slots.

Instead of looking for one FIDO2 key slot when trying to unlock, we now
attempt to use all key slots applicable.

Fixes #19208.
2022-12-12 21:48:39 +01:00
Daan De Meyer
12e2b70f9b nulstr-util: Declare NULSTR_FOREACH() iterator inline 2022-11-11 16:31:32 +01:00
Yu Watanabe
17bf3c550d tree-wide: set description for device manager 2022-10-19 04:46:24 +09:00
Lennart Poettering
714c586943 cryptsetup: drop redundant parens/drop ternary op
A ternary op is a bit weird to use if we end up assigning a variable to
itself in one of the branches. Hence use a plain if check.
2022-10-17 13:52:54 +02:00
William Roberts
3fab44b2ff cryptsetup: use TPM flags over bool
This works becuase TPM2_FLAGS_USE_PIN is 1 and bool is a 1 so the bits
line up as expected, however if for some reason flags change values and
for clarity check if the boolean indicates this flag and pass the flag
value.

Signed-off-by: William Roberts <william.c.roberts@intel.com>
2022-09-20 08:05:33 +09:00
Lennart Poettering
75a9681ec0 cryptsetup: hook up TPM2 token code with policies based on PCR signatures, too 2022-09-08 16:34:27 +02:00
Lennart Poettering
fdf6c27cba tpm2-util: add common parser for the LUKS2 TPM2 JSON structure
This splits out the JSON parser used by the systemd-cryptsetup code.

This is preparation for later work to reuse it in the tpm2 cryptsetup
token module, which currently uses a separate but very similar parser
for the same data.

No change in behaviour.
2022-09-08 16:34:27 +02:00
Lennart Poettering
dc63b2c909 cryptsetup: hook up signed PCR policies 2022-09-08 16:34:27 +02:00
Jan Janssen
63b9838639 tree-wide: Mark some constants as unsigned
All these are really unsigned and used as such. This silences some
-Wformat-signedness warnings with gcc.
2022-08-30 12:03:33 +02:00
Lennart Poettering
222a951fa4 tpm2-util: introduce tpm2_parse_pcr_argument() helper
Add a new tpm2_parse_pcr_argument() helper that unifies how we merge PCR
masks in a single function, we can use all over the place. Previously we
had basically the same code for this at 4 places.
2022-08-19 21:26:26 +02:00
Lennart Poettering
7484c60ec6 Merge pull request #23653 from aafeijoo-suse/ask-for-recovery-key
cryptsetup: improve password prompt text
2022-08-19 14:55:54 +02:00
Lennart Poettering
a0789e5fb8 cryptsetup: make sure all token-based codepaths are effected by SYSTEMD_CRYPTSETUP_USE_TOKEN_MODULE env var
Previously the env var was only checked when conditionalizing use of our
own libcryptsetup loadable token modules.  But let's also use it for any
other kind of token module, including possible internal ones by
libcryptsetup.
2022-08-19 14:53:54 +02:00
Lennart Poettering
d1b2e04328 cryptsetup: use right internal helper when checking whether to use tokens
The other codepaths get this right, the TPM2 one currently does not. Fix
that.
2022-08-19 14:53:11 +02:00
Antonio Alvarez Feijoo
b6c0bd11fc cryptsetup: improve password prompt text
Instead of always asking for passphrase, if the device has LUKS2 header check:
- If only regular passphrases are registered, ask for passphrase.
- If only recovery keys are registered, ask for recovery key.
- If both regular passphrases and recovery keys are registered, ask for
passphrase or recovery key.
2022-08-19 09:01:56 +02:00
Jonas Witschel
ee6c66acc5 cryptsetup: ask for PIN when trying to activate using a LUKS2 token plugin
crypt_activate_by_token() fails with ENOANO if the token is protected with a
PIN, in this case we need to call crypt_activate_by_token_pin() with a PIN.
This logic is already implemented in
crypt_activate_by_token_pin_ask_password().

This code path is relevant when using systemd-gpt-auto-generator because there
is no a priory information about the type of the used security device, so
systemd-cryptsetup tries to unlock the volume using the corresponding
cryptsetup plugin.
2022-08-05 12:22:27 +02:00
Jonas Witschel
35ba2b4f01 cryptsetup: implement cryptsetup_token_open_pin for systemd-tpm2 LUKS2 token
This finishes the implementation started in commit
1f895adac2 ("cryptsetup: add libcryptsetup TPM2
PIN support").

Note that the previous implementation took a shortcut by returning EOPNOTSUPP
instead of the correct ENOANO as per the cryptsetup documentation. This meant
that systemd-cryptsetup fell back to the non-plugin implementation in order to
ask for the PIN. Since this does not happen any more when returning ENOANO, we
need to ask for the PIN in attach_luks2_by_tpm2_via_plugin() instead like
attach_luks2_by_fido2_via_plugin() does.
2022-08-05 12:19:57 +02:00
Jonas Witschel
d141149957 cryptsetup: refactor asking for a PIN into a more generic function
This functionality will be useful for other LUKS2 token types as well in the
future.
2022-08-05 11:28:44 +02:00
Lennart Poettering
d6d450074f Merge pull request #22919 from poettering/cryptsetup-tweaks
various minor tweaks to cryptsetup/veritysetup/integritysetup
2022-03-31 16:50:37 +02:00
Antonio Alvarez Feijoo
49be03838d cryptsetup: fall back to traditional unlocking if any TPM2 operation fails
If any TPM2 operation fails, the boot process should continue and
prompt for a text password (if configured to do so).

Fixes #22870
2022-03-31 14:58:21 +01:00
Lennart Poettering
542bb9be7c tree-wide: unify some code that looks for --help in the command line 2022-03-31 11:44:46 +02:00
Lennart Poettering
2e4aae981e cryptsetup: adjust some log levels
Let's upgrade log levels of some noteworthy messages from LOG_DEBUG to
LOG_NOTICE. These messages contain information that previous log
messages in the error path didn't say, namely that we'll now fall back
to traditional unlocking.

Note that this leaves similar log messages for cases where
TPM2/PKCS#11/FIDO2 support is disabled at build at LOG_DEBUG, since in
that case nothing really failed, we just systematically can't do
TPM2/PKCS#11/FIDO2 and hence it is pointless and not actionable for
users to do anything about it...
2022-03-31 11:24:07 +02:00
Lennart Poettering
2fabbad898 cryptsetup: add helper for mangling "none" option strings
let's unify some code here, and let's do so in cryptsetup-util.h so that
we can later reuse this in integritysetup/veritysetup
2022-03-31 11:24:01 +02:00
Lennart Poettering
dcbc38c916 cryptsetup: rename functions that try to do FIDO2/TPM2/PKCS#11 via cryptsetup plugins to say so
The are so many different flavours of functions that attach volumes,
hence say explicitly that these are about libcryptsetup plugins, and
nothing else.

Just some renaming, no code changes beyond that.
2022-03-31 11:23:16 +02:00
Zbigniew Jędrzejewski-Szmek
88a65c936e cryptsetup: shorten message a bit
If it is reported as missing, we don't need to say that we assume
it is missing.
2022-03-29 18:14:51 +02:00
Lennart Poettering
7be4b23649 efi-loader: split efi-api.[ch] from efi-loader.[ch]
Some refactoring: split efi-loader.[ch] in two: isolate the calls that
implement out boot loader interface spec, and those which implement
access to upstream UEFI firmware features.

They are quite different in nature and behaviour, and even semantically
it makes to keep these two separate. At the very least because the
previous name "efi-loader.[ch]" suggests all was about loader-specific
APIs, but much of it is generic uefi stuff...

While we are at it, I renamed a bunch of return parameters to follow our
usual ret_xyz naming. But besides renaming no real code changes.
2022-03-24 15:21:09 +01:00
Antonio Alvarez Feijoo
7500c6cbef cryptsetup: fix typo 2022-03-24 12:08:54 +00:00
Yu Watanabe
de010b0b2e strv: make iterator in STRV_FOREACH() declaread in the loop
This also avoids multiple evaluations in STRV_FOREACH_BACKWARDS()
2022-03-19 08:33:33 +09:00