Use new crypt_generate_volume_key to generate weaker keys.

There were two different use cases for weaker keys: 1) empty keys (zero filled buffer) 2) weak 'random' keys not sucking entropy while being generated Those key types must not be used to encrypt real data. It's used either to check cipher can be configured sucessfully on the system or as a fake envelope during metadata repair.
mbroz · Feb 6, 2025 · 88b3da6 · 88b3da6
1 parent 1326dfb
commit 88b3da6
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 11 deletions.
diff --git a/lib/luks1/keymanage.c b/lib/luks1/keymanage.c
@@ -378,7 +378,7 @@ static int _keyslot_repair(struct luks_phdr *phdr, struct crypt_device *ctx)
 {
 	struct luks_phdr temp_phdr;
 	const unsigned char *sector = (const unsigned char*)phdr;
-	struct volume_key *vk;
+	struct volume_key *fake_vk;
 	int i, bad, r, need_write = 0;
 
 	if (phdr->keyBytes != 16 && phdr->keyBytes != 32 && phdr->keyBytes != 64) {
@@ -424,16 +424,16 @@ static int _keyslot_repair(struct luks_phdr *phdr, struct crypt_device *ctx)
 	if (r < 0)
 		return -EINVAL;
 
-	vk = crypt_alloc_volume_key(phdr->keyBytes, NULL);
-	if (!vk)
+	fake_vk = crypt_generate_volume_key(ctx, phdr->keyBytes, KEY_QUALITY_EMPTY);
+	if (!fake_vk)
 		return -ENOMEM;
 
 	log_verbose(ctx, _("Repairing keyslots."));
 
 	log_dbg(ctx, "Generating second header with the same parameters for check.");
 	/* cipherName, cipherMode, hashSpec, uuid are already null terminated */
 	/* payloadOffset - cannot check */
-	r = LUKS_generate_phdr(&temp_phdr, vk, phdr->cipherName, phdr->cipherMode,
+	r = LUKS_generate_phdr(&temp_phdr, fake_vk, phdr->cipherName, phdr->cipherMode,
 			       phdr->hashSpec, phdr->uuid,
 			       phdr->payloadOffset * SECTOR_SIZE, 0, 0, ctx);
 	if (r < 0)
@@ -492,7 +492,7 @@ static int _keyslot_repair(struct luks_phdr *phdr, struct crypt_device *ctx)
 out:
 	if (r)
 		log_err(ctx, _("Repair failed."));
-	crypt_free_volume_key(vk);
+	crypt_free_volume_key(fake_vk);
 	crypt_safe_memzero(&temp_phdr, sizeof(temp_phdr));
 	return r;
 }
@@ -710,14 +710,12 @@ int LUKS_check_cipher(struct crypt_device *ctx, size_t keylength, const char *ci
 
 	log_dbg(ctx, "Checking if cipher %s-%s is usable.", cipher, cipher_mode);
 
-	empty_key = crypt_alloc_volume_key(keylength, NULL);
+	/* No need to get KEY quality random but it must avoid known weak keys. */
+	empty_key = crypt_generate_volume_key(ctx, keylength, KEY_QUALITY_NORMAL);
 	if (!empty_key)
 		return -ENOMEM;
 
-	/* No need to get KEY quality random but it must avoid known weak keys. */
-	r = crypt_random_get(ctx, empty_key->key, empty_key->keylength, CRYPT_RND_NORMAL);
-	if (!r)
-		r = LUKS_decrypt_from_storage(buf, sizeof(buf), cipher, cipher_mode, empty_key, 0, ctx);
+	r = LUKS_decrypt_from_storage(buf, sizeof(buf), cipher, cipher_mode, empty_key, 0, ctx);
 
 	crypt_free_volume_key(empty_key);
 	crypt_safe_memzero(buf, sizeof(buf));

diff --git a/lib/setup.c b/lib/setup.c
@@ -3016,7 +3016,10 @@ static int _crypt_format_integrity(struct crypt_device *cd,
 	cd->u.integrity.params.journal_crypt = journal_crypt;
 
 	if (params->integrity_key_size) {
-		ik = crypt_alloc_volume_key(params->integrity_key_size, integrity_key);
+		if (!integrity_key)
+			ik = crypt_generate_volume_key(cd, params->integrity_key_size, KEY_QUALITY_EMPTY);
+		else
+			ik = crypt_alloc_volume_key(params->integrity_key_size, integrity_key);
 		if (!ik) {
 			r = -ENOMEM;
 			goto out;