/*

 * LUKS - Linux Unified Key Setup v2

 *

 * Copyright (C) 2015-2020 Red Hat, Inc. All rights reserved.

 * Copyright (C) 2015-2020 Milan Broz

 * Copyright (C) 2015-2020 Ondrej Kozina

 *

 * This program is free software; you can redistribute it and/or

 * modify it under the terms of the GNU General Public License

 * as published by the Free Software Foundation; either version 2

 * of the License, or (at your option) any later version.

 *

 * This program is distributed in the hope that it will be useful,

 * but WITHOUT ANY WARRANTY; without even the implied warranty of

 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

 * GNU General Public License for more details.

 *

 * You should have received a copy of the GNU General Public License

 * along with this program; if not, write to the Free Software

 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.

 */

#include "luks2_internal.h"

#include "../integrity/integrity.h"

#include <assert.h>

#include <ctype.h>

#include <uuid/uuid.h>

#define LUKS_STRIPES 4000

struct interval {

	uint64_t offset;

	uint64_t length;

};

void hexprint_base64(struct crypt_device *cd, json_object *jobj,

		     const char *sep, const char *line_sep)

{

	char *buf = NULL;

	size_t buf_len;

	unsigned int i;

	if (!base64_decode_alloc(json_object_get_string(jobj),

				 json_object_get_string_len(jobj),

				 &buf, &buf_len))

		return;

	for (i = 0; i < buf_len; i++) {

		if (i && !(i % 16))

			log_std(cd, "\n\t%s", line_sep);

		log_std(cd, "%02hhx%s", buf[i], sep);

	}

	log_std(cd, "\n");

	free(buf);

}

void JSON_DBG(struct crypt_device *cd, json_object *jobj, const char *desc)

{

	if (desc)

		crypt_log(cd, CRYPT_LOG_DEBUG_JSON, desc);

	crypt_log(cd, CRYPT_LOG_DEBUG_JSON, json_object_to_json_string_ext(jobj,

		JSON_C_TO_STRING_PRETTY | JSON_C_TO_STRING_NOSLASHESCAPE));

}

/*

 * JSON array helpers

 */

struct json_object *LUKS2_array_jobj(struct json_object *array, const char *num)

{

	struct json_object *jobj1;

	int i;

	for (i = 0; i < (int) json_object_array_length(array); i++) {

		jobj1 = json_object_array_get_idx(array, i);

		if (!strcmp(num, json_object_get_string(jobj1)))

			return jobj1;

	}

	return NULL;

}

struct json_object *LUKS2_array_remove(struct json_object *array, const char *num)

{

	struct json_object *jobj1, *jobj_removing = NULL, *array_new;

	int i;

	jobj_removing = LUKS2_array_jobj(array, num);

	if (!jobj_removing)

		return NULL;

	/* Create new array without jobj_removing. */

	array_new = json_object_new_array();

	for (i = 0; i < (int) json_object_array_length(array); i++) {

		jobj1 = json_object_array_get_idx(array, i);

		if (jobj1 != jobj_removing)

			json_object_array_add(array_new, json_object_get(jobj1));

	}

	return array_new;

}

/*

 * JSON struct access helpers

 */

json_object *LUKS2_get_keyslot_jobj(struct luks2_hdr *hdr, int keyslot)

{

	json_object *jobj1, *jobj2;

	char keyslot_name[16];

	if (!hdr || keyslot < 0)

		return NULL;

	if (snprintf(keyslot_name, sizeof(keyslot_name), "%u", keyslot) < 1)

		return NULL;

	if (!json_object_object_get_ex(hdr->jobj, "keyslots", &jobj1))

		return NULL;

	if (!json_object_object_get_ex(jobj1, keyslot_name, &jobj2))

		return NULL;

	return jobj2;

}

json_object *LUKS2_get_tokens_jobj(struct luks2_hdr *hdr)

{

	json_object *jobj_tokens;

	if (!hdr || !json_object_object_get_ex(hdr->jobj, "tokens", &jobj_tokens))

		return NULL;

	return jobj_tokens;

}

json_object *LUKS2_get_token_jobj(struct luks2_hdr *hdr, int token)

{

	json_object *jobj1, *jobj2;

	char token_name[16];

	if (!hdr || token < 0)

		return NULL;

	jobj1 = LUKS2_get_tokens_jobj(hdr);

	if (!jobj1)

		return NULL;

	if (snprintf(token_name, sizeof(token_name), "%u", token) < 1)

		return NULL;

	json_object_object_get_ex(jobj1, token_name, &jobj2);

	return jobj2;

}

json_object *LUKS2_get_digest_jobj(struct luks2_hdr *hdr, int digest)

{

	json_object *jobj1, *jobj2;

	char digest_name[16];

	if (!hdr || digest < 0)

		return NULL;

	if (snprintf(digest_name, sizeof(digest_name), "%u", digest) < 1)

		return NULL;

	if (!json_object_object_get_ex(hdr->jobj, "digests", &jobj1))

		return NULL;

	json_object_object_get_ex(jobj1, digest_name, &jobj2);

	return jobj2;

}

static json_object *json_get_segments_jobj(json_object *hdr_jobj)

{

	json_object *jobj_segments;

	if (!hdr_jobj || !json_object_object_get_ex(hdr_jobj, "segments", &jobj_segments))

		return NULL;

	return jobj_segments;

}

json_object *LUKS2_get_segment_jobj(struct luks2_hdr *hdr, int segment)

{

	if (!hdr)

		return NULL;

	if (segment == CRYPT_DEFAULT_SEGMENT)

		segment = LUKS2_get_default_segment(hdr);

	return json_segments_get_segment(json_get_segments_jobj(hdr->jobj), segment);

}

json_object *LUKS2_get_segments_jobj(struct luks2_hdr *hdr)

{

	return hdr ? json_get_segments_jobj(hdr->jobj) : NULL;

}

int LUKS2_segments_count(struct luks2_hdr *hdr)

{

	if (!hdr)

		return -EINVAL;

	return json_segments_count(LUKS2_get_segments_jobj(hdr));

}

int LUKS2_get_default_segment(struct luks2_hdr *hdr)

{

	int s = LUKS2_get_segment_id_by_flag(hdr, "backup-final");

	if (s >= 0)

		return s;

	if (LUKS2_segments_count(hdr) == 1)

		return 0;

	return -EINVAL;

}

/*

 * json_type_int needs to be validated first.

 * See validate_json_uint32()

 */

uint32_t crypt_jobj_get_uint32(json_object *jobj)

{

	return json_object_get_int64(jobj);

}

/* jobj has to be json_type_string and numbered */

static json_bool json_str_to_uint64(json_object *jobj, uint64_t *value)

{

	char *endptr;

	unsigned long long tmp;

	errno = 0;

	tmp = strtoull(json_object_get_string(jobj), &endptr, 10);

	if (*endptr || errno) {

		*value = 0;

		return 0;

	}

	*value = tmp;

	return 1;

}

uint64_t crypt_jobj_get_uint64(json_object *jobj)

{

	uint64_t r;

	json_str_to_uint64(jobj, &r);

	return r;

}

json_object *crypt_jobj_new_uint64(uint64_t value)

{

	/* 18446744073709551615 */

	char num[21];

	int r;

	json_object *jobj;

	r = snprintf(num, sizeof(num), "%" PRIu64, value);

	if (r < 0 || (size_t)r >= sizeof(num))

		return NULL;

	jobj = json_object_new_string(num);

	return jobj;

}

/*

 * Validate helpers

 */

static json_bool numbered(struct crypt_device *cd, const char *name, const char *key)

{

	int i;

	for (i = 0; key[i]; i++)

		if (!isdigit(key[i])) {

			log_dbg(cd, "%s \"%s\" is not in numbered form.", name, key);

			return 0;

		}

	return 1;

}

json_object *json_contains(struct crypt_device *cd, json_object *jobj, const char *name,

			   const char *section, const char *key, json_type type)

{

	json_object *sobj;

	if (!json_object_object_get_ex(jobj, key, &sobj) ||

	    !json_object_is_type(sobj, type)) {

		log_dbg(cd, "%s \"%s\" is missing \"%s\" (%s) specification.",

			section, name, key, json_type_to_name(type));

		return NULL;

	}

	return sobj;

}

json_bool validate_json_uint32(json_object *jobj)

{

	int64_t tmp;

	errno = 0;

	tmp = json_object_get_int64(jobj);

	return (errno || tmp < 0 || tmp > UINT32_MAX) ? 0 : 1;

}

static json_bool validate_keyslots_array(struct crypt_device *cd,

					 json_object *jarr, json_object *jobj_keys)

{

	json_object *jobj;

	int i = 0, length = (int) json_object_array_length(jarr);

	while (i < length) {

		jobj = json_object_array_get_idx(jarr, i);

		if (!json_object_is_type(jobj, json_type_string)) {

			log_dbg(cd, "Illegal value type in keyslots array at index %d.", i);

			return 0;

		}

		if (!json_contains(cd, jobj_keys, "", "Keyslots section",

				   json_object_get_string(jobj), json_type_object))

			return 0;

		i++;

	}

	return 1;

}

static json_bool validate_segments_array(struct crypt_device *cd,

					 json_object *jarr, json_object *jobj_segments)

{

	json_object *jobj;

	int i = 0, length = (int) json_object_array_length(jarr);

	while (i < length) {

		jobj = json_object_array_get_idx(jarr, i);

		if (!json_object_is_type(jobj, json_type_string)) {

			log_dbg(cd, "Illegal value type in segments array at index %d.", i);

			return 0;

		}

		if (!json_contains(cd, jobj_segments, "", "Segments section",

				   json_object_get_string(jobj), json_type_object))

			return 0;

		i++;

	}

	return 1;

}

static json_bool segment_has_digest(const char *segment_name, json_object *jobj_digests)

{

	json_object *jobj_segments;

	json_object_object_foreach(jobj_digests, key, val) {

		UNUSED(key);

		json_object_object_get_ex(val, "segments", &jobj_segments);

		if (LUKS2_array_jobj(jobj_segments, segment_name))

			return 1;

	}

	return 0;

}

static json_bool validate_intervals(struct crypt_device *cd,

				    int length, const struct interval *ix,

				    uint64_t metadata_size, uint64_t keyslots_area_end)

{

	int j, i = 0;

	while (i < length) {

		if (ix[i].offset < 2 * metadata_size) {

			log_dbg(cd, "Illegal area offset: %" PRIu64 ".", ix[i].offset);

			return 0;

		}

		if (!ix[i].length) {

			log_dbg(cd, "Area length must be greater than zero.");

			return 0;

		}

		if ((ix[i].offset + ix[i].length) > keyslots_area_end) {

			log_dbg(cd, "Area [%" PRIu64 ", %" PRIu64 "] overflows binary keyslots area (ends at offset: %" PRIu64 ").",

				ix[i].offset, ix[i].offset + ix[i].length, keyslots_area_end);

			return 0;

		}

		for (j = 0; j < length; j++) {

			if (i == j)

				continue;

			if ((ix[i].offset >= ix[j].offset) && (ix[i].offset < (ix[j].offset + ix[j].length))) {

				log_dbg(cd, "Overlapping areas [%" PRIu64 ",%" PRIu64 "] and [%" PRIu64 ",%" PRIu64 "].",

					ix[i].offset, ix[i].offset + ix[i].length,

					ix[j].offset, ix[j].offset + ix[j].length);

				return 0;

			}

		}

		i++;

	}

	return 1;

}

static int LUKS2_keyslot_validate(struct crypt_device *cd, json_object *hdr_jobj, json_object *hdr_keyslot, const char *key)

{

	json_object *jobj_key_size;

	if (!json_contains(cd, hdr_keyslot, key, "Keyslot", "type", json_type_string))

		return 1;

	if (!(jobj_key_size = json_contains(cd, hdr_keyslot, key, "Keyslot", "key_size", json_type_int)))

		return 1;

	/* enforce uint32_t type */

	if (!validate_json_uint32(jobj_key_size)) {

		log_dbg(cd, "Illegal field \"key_size\":%s.",

			json_object_get_string(jobj_key_size));

		return 1;

	}

	return 0;

}

int LUKS2_token_validate(struct crypt_device *cd,

			 json_object *hdr_jobj, json_object *jobj_token, const char *key)

{

	json_object *jarr, *jobj_keyslots;

	/* keyslots are not yet validated, but we need to know token doesn't reference missing keyslot */

	if (!json_object_object_get_ex(hdr_jobj, "keyslots", &jobj_keyslots))

		return 1;

	if (!json_contains(cd, jobj_token, key, "Token", "type", json_type_string))

		return 1;

	jarr = json_contains(cd, jobj_token, key, "Token", "keyslots", json_type_array);

	if (!jarr)

		return 1;

	if (!validate_keyslots_array(cd, jarr, jobj_keyslots))

		return 1;

	return 0;

}

static int hdr_validate_json_size(struct crypt_device *cd, json_object *hdr_jobj, uint64_t hdr_json_size)

{

	json_object *jobj, *jobj1;

	const char *json;

	uint64_t json_area_size, json_size;

	json_object_object_get_ex(hdr_jobj, "config", &jobj);

	json_object_object_get_ex(jobj, "json_size", &jobj1);

	json = json_object_to_json_string_ext(hdr_jobj,

		JSON_C_TO_STRING_PLAIN | JSON_C_TO_STRING_NOSLASHESCAPE);

	json_area_size = crypt_jobj_get_uint64(jobj1);

	json_size = (uint64_t)strlen(json);

	if (hdr_json_size != json_area_size) {

		log_dbg(cd, "JSON area size does not match value in binary header.");

		return 1;

	}

	if (json_size > json_area_size) {

		log_dbg(cd, "JSON does not fit in the designated area.");

		return 1;

	}

	return 0;

}

int LUKS2_check_json_size(struct crypt_device *cd, const struct luks2_hdr *hdr)

{

	return hdr_validate_json_size(cd, hdr->jobj, hdr->hdr_size - LUKS2_HDR_BIN_LEN);

}

static int hdr_validate_keyslots(struct crypt_device *cd, json_object *hdr_jobj)

{

	json_object *jobj;

	if (!json_object_object_get_ex(hdr_jobj, "keyslots", &jobj)) {

		log_dbg(cd, "Missing keyslots section.");

		return 1;

	}

	json_object_object_foreach(jobj, key, val) {

		if (!numbered(cd, "Keyslot", key))

			return 1;

		if (LUKS2_keyslot_validate(cd, hdr_jobj, val, key))

			return 1;

	}

	return 0;

}

static int hdr_validate_tokens(struct crypt_device *cd, json_object *hdr_jobj)

{

	json_object *jobj;

	if (!json_object_object_get_ex(hdr_jobj, "tokens", &jobj)) {

		log_dbg(cd, "Missing tokens section.");

		return 1;

	}

	json_object_object_foreach(jobj, key, val) {

		if (!numbered(cd, "Token", key))

			return 1;

		if (LUKS2_token_validate(cd, hdr_jobj, val, key))

			return 1;

	}

	return 0;

}

static int hdr_validate_crypt_segment(struct crypt_device *cd,

				      json_object *jobj, const char *key, json_object *jobj_digests,

	uint64_t offset, uint64_t size)

{

	json_object *jobj_ivoffset, *jobj_sector_size, *jobj_integrity;

	uint32_t sector_size;

	uint64_t ivoffset;

	if (!(jobj_ivoffset = json_contains(cd, jobj, key, "Segment", "iv_tweak", json_type_string)) ||

	    !json_contains(cd, jobj, key, "Segment", "encryption", json_type_string) ||

	    !(jobj_sector_size = json_contains(cd, jobj, key, "Segment", "sector_size", json_type_int)))

		return 1;

	/* integrity */

	if (json_object_object_get_ex(jobj, "integrity", &jobj_integrity)) {

		if (!json_contains(cd, jobj, key, "Segment", "integrity", json_type_object) ||

		    !json_contains(cd, jobj_integrity, key, "Segment integrity", "type", json_type_string) ||

		    !json_contains(cd, jobj_integrity, key, "Segment integrity", "journal_encryption", json_type_string) ||

		    !json_contains(cd, jobj_integrity, key, "Segment integrity", "journal_integrity", json_type_string))

			return 1;

	}

	/* enforce uint32_t type */

	if (!validate_json_uint32(jobj_sector_size)) {

		log_dbg(cd, "Illegal field \"sector_size\":%s.",

			json_object_get_string(jobj_sector_size));

		return 1;

	}

	sector_size = crypt_jobj_get_uint32(jobj_sector_size);

	if (!sector_size || MISALIGNED_512(sector_size)) {

		log_dbg(cd, "Illegal sector size: %" PRIu32, sector_size);

		return 1;

	}

	if (!numbered(cd, "iv_tweak", json_object_get_string(jobj_ivoffset)) ||

	    !json_str_to_uint64(jobj_ivoffset, &ivoffset)) {

		log_dbg(cd, "Illegal iv_tweak value.");

		return 1;

	}

	if (size % sector_size) {

		log_dbg(cd, "Size field has to be aligned to sector size: %" PRIu32, sector_size);

		return 1;

	}

	return !segment_has_digest(key, jobj_digests);

}

static bool validate_segment_intervals(struct crypt_device *cd,

				    int length, const struct interval *ix)

{

	int j, i = 0;

	while (i < length) {

		if (ix[i].length == UINT64_MAX && (i != (length - 1))) {

			log_dbg(cd, "Only last regular segment is allowed to have 'dynamic' size.");

			return false;

		}

		for (j = 0; j < length; j++) {

			if (i == j)

				continue;

			if ((ix[i].offset >= ix[j].offset) && (ix[j].length == UINT64_MAX || (ix[i].offset < (ix[j].offset + ix[j].length)))) {

				log_dbg(cd, "Overlapping segments [%" PRIu64 ",%" PRIu64 "]%s and [%" PRIu64 ",%" PRIu64 "]%s.",

					ix[i].offset, ix[i].offset + ix[i].length, ix[i].length == UINT64_MAX ? "(dynamic)" : "",

					ix[j].offset, ix[j].offset + ix[j].length, ix[j].length == UINT64_MAX ? "(dynamic)" : "");

				return false;

			}

		}

		i++;

	}

	return true;

}

static int hdr_validate_segments(struct crypt_device *cd, json_object *hdr_jobj)

{

	json_object *jobj_segments, *jobj_digests, *jobj_offset, *jobj_size, *jobj_type, *jobj_flags, *jobj;

	uint64_t offset, size;

	int i, r, count, first_backup = -1;

	struct interval *intervals = NULL;

	if (!json_object_object_get_ex(hdr_jobj, "segments", &jobj_segments)) {

		log_dbg(cd, "Missing segments section.");

		return 1;

	}

	count = json_object_object_length(jobj_segments);

	if (count < 1) {

		log_dbg(cd, "Empty segments section.");

		return 1;

	}

	/* digests should already be validated */

	if (!json_object_object_get_ex(hdr_jobj, "digests", &jobj_digests))

		return 1;

	json_object_object_foreach(jobj_segments, key, val) {

		if (!numbered(cd, "Segment", key))

			return 1;

		/* those fields are mandatory for all segment types */

		if (!(jobj_type =   json_contains(cd, val, key, "Segment", "type",   json_type_string)) ||

		    !(jobj_offset = json_contains(cd, val, key, "Segment", "offset", json_type_string)) ||

		    !(jobj_size =   json_contains(cd, val, key, "Segment", "size",   json_type_string)))

			return 1;

		if (!numbered(cd, "offset", json_object_get_string(jobj_offset)) ||

		    !json_str_to_uint64(jobj_offset, &offset))

			return 1;

		/* size "dynamic" means whole device starting at 'offset' */

		if (strcmp(json_object_get_string(jobj_size), "dynamic")) {

			if (!numbered(cd, "size", json_object_get_string(jobj_size)) ||

			    !json_str_to_uint64(jobj_size, &size) || !size)

				return 1;

		} else

			size = 0;

		/* all device-mapper devices are aligned to 512 sector size */

		if (MISALIGNED_512(offset)) {

			log_dbg(cd, "Offset field has to be aligned to sector size: %" PRIu32, SECTOR_SIZE);

			return 1;

		}

		if (MISALIGNED_512(size)) {

			log_dbg(cd, "Size field has to be aligned to sector size: %" PRIu32, SECTOR_SIZE);

			return 1;

		}

		/* flags array is optional and must contain strings */

		if (json_object_object_get_ex(val, "flags", NULL)) {

			if (!(jobj_flags = json_contains(cd, val, key, "Segment", "flags", json_type_array)))

				return 1;

			for (i = 0; i < (int) json_object_array_length(jobj_flags); i++)

				if (!json_object_is_type(json_object_array_get_idx(jobj_flags, i), json_type_string))

					return 1;

		}

		i = atoi(key);

		if (json_segment_is_backup(val)) {

			if (first_backup < 0 || i < first_backup)

				first_backup = i;

		} else {

			if ((first_backup >= 0) && i >= first_backup) {

				log_dbg(cd, "Regular segment at %d is behind backup segment at %d", i, first_backup);

				return 1;

			}

		}

		/* crypt */

		if (!strcmp(json_object_get_string(jobj_type), "crypt") &&

		    hdr_validate_crypt_segment(cd, val, key, jobj_digests, offset, size))

			return 1;

	}

	if (first_backup == 0) {

		log_dbg(cd, "No regular segment.");

		return 1;

	}

	/* avoid needlessly large allocation when first backup segment is invalid */

	if (first_backup >= count) {

		log_dbg(cd, "Gap between last regular segment and backup segment at key %d.", first_backup);

		return 1;

	}

	if (first_backup < 0)

		first_backup = count;

	if ((size_t)first_backup < SIZE_MAX / sizeof(*intervals))

		intervals = malloc(first_backup * sizeof(*intervals));

	if (!intervals) {

		log_dbg(cd, "Not enough memory.");

		return 1;

	}

	for (i = 0; i < first_backup; i++) {

		jobj = json_segments_get_segment(jobj_segments, i);

		if (!jobj) {

			log_dbg(cd, "Gap at key %d in segments object.", i);

			free(intervals);

			return 1;

		}

		intervals[i].offset = json_segment_get_offset(jobj, 0);

		intervals[i].length = json_segment_get_size(jobj, 0) ?: UINT64_MAX;

	}

	r = !validate_segment_intervals(cd, first_backup, intervals);

	free(intervals);

	if (r)

		return 1;

	for (; i < count; i++) {

		if (!json_segments_get_segment(jobj_segments, i)) {

			log_dbg(cd, "Gap at key %d in segments object.", i);

			return 1;

		}

	}

	return 0;

}

uint64_t LUKS2_metadata_size(json_object *jobj)

{

	json_object *jobj1, *jobj2;

	uint64_t json_size;

	json_object_object_get_ex(jobj, "config", &jobj1);

	json_object_object_get_ex(jobj1, "json_size", &jobj2);

	json_str_to_uint64(jobj2, &json_size);

	return json_size + LUKS2_HDR_BIN_LEN;

}

static int hdr_validate_areas(struct crypt_device *cd, json_object *hdr_jobj)

{

	struct interval *intervals;

	json_object *jobj_keyslots, *jobj_offset, *jobj_length, *jobj_segments, *jobj_area;

	int length, ret, i = 0;

	uint64_t metadata_size;

	if (!json_object_object_get_ex(hdr_jobj, "keyslots", &jobj_keyslots))

		return 1;

	/* segments are already validated */

	if (!json_object_object_get_ex(hdr_jobj, "segments", &jobj_segments))

		return 1;

	/* config is already validated */

	metadata_size = LUKS2_metadata_size(hdr_jobj);

	length = json_object_object_length(jobj_keyslots);

	/* Empty section */

	if (length == 0)

		return 0;

	if (length < 0) {

		log_dbg(cd, "Invalid keyslot areas specification.");

		return 1;

	}

	intervals = malloc(length * sizeof(*intervals));

	if (!intervals) {

		log_dbg(cd, "Not enough memory.");

		return -ENOMEM;

	}

	json_object_object_foreach(jobj_keyslots, key, val) {

		if (!(jobj_area = json_contains(cd, val, key, "Keyslot", "area", json_type_object)) ||

		    !json_contains(cd, jobj_area, key, "Keyslot area", "type", json_type_string) ||

		    !(jobj_offset = json_contains(cd, jobj_area, key, "Keyslot", "offset", json_type_string)) ||

		    !(jobj_length = json_contains(cd, jobj_area, key, "Keyslot", "size", json_type_string)) ||

		    !numbered(cd, "offset", json_object_get_string(jobj_offset)) ||

		    !numbered(cd, "size", json_object_get_string(jobj_length))) {

			free(intervals);

			return 1;

		}

		/* rule out values > UINT64_MAX */

		if (!json_str_to_uint64(jobj_offset, &intervals[i].offset) ||

		    !json_str_to_uint64(jobj_length, &intervals[i].length)) {

			free(intervals);

			return 1;

		}

		i++;

	}

	if (length != i) {

		free(intervals);

		return 1;

	}

	ret = validate_intervals(cd, length, intervals, metadata_size, LUKS2_hdr_and_areas_size(hdr_jobj)) ? 0 : 1;

	free(intervals);

	return ret;

}

static int hdr_validate_digests(struct crypt_device *cd, json_object *hdr_jobj)

{

	json_object *jarr_keys, *jarr_segs, *jobj, *jobj_keyslots, *jobj_segments;

	if (!json_object_object_get_ex(hdr_jobj, "digests", &jobj)) {

		log_dbg(cd, "Missing digests section.");

		return 1;

	}

	/* keyslots are not yet validated, but we need to know digest doesn't reference missing keyslot */

	if (!json_object_object_get_ex(hdr_jobj, "keyslots", &jobj_keyslots))

		return 1;

	/* segments are not yet validated, but we need to know digest doesn't reference missing segment */

	if (!json_object_object_get_ex(hdr_jobj, "segments", &jobj_segments))

		return 1;

	json_object_object_foreach(jobj, key, val) {

		if (!numbered(cd, "Digest", key))

			return 1;

		if (!json_contains(cd, val, key, "Digest", "type", json_type_string) ||

		    !(jarr_keys = json_contains(cd, val, key, "Digest", "keyslots", json_type_array)) ||

		    !(jarr_segs = json_contains(cd, val, key, "Digest", "segments", json_type_array)))

			return 1;

		if (!validate_keyslots_array(cd, jarr_keys, jobj_keyslots))

			return 1;

		if (!validate_segments_array(cd, jarr_segs, jobj_segments))

			return 1;

	}

	return 0;

}

static int hdr_validate_config(struct crypt_device *cd, json_object *hdr_jobj)

{

	json_object *jobj_config, *jobj, *jobj1;

	int i;

	uint64_t keyslots_size, metadata_size, segment_offset;

	if (!json_object_object_get_ex(hdr_jobj, "config", &jobj_config)) {

		log_dbg(cd, "Missing config section.");

		return 1;

	}

	if (!(jobj = json_contains(cd, jobj_config, "section", "Config", "json_size", json_type_string)) ||

	    !json_str_to_uint64(jobj, &metadata_size))

		return 1;

	/* single metadata instance is assembled from json area size plus

	 * binary header size */

	metadata_size += LUKS2_HDR_BIN_LEN;

	if (!(jobj = json_contains(cd, jobj_config, "section", "Config", "keyslots_size", json_type_string)) ||

	    !json_str_to_uint64(jobj, &keyslots_size))

		return 1;

	if (LUKS2_check_metadata_area_size(metadata_size)) {

		log_dbg(cd, "Unsupported LUKS2 header size (%" PRIu64 ").", metadata_size);

		return 1;

	}

	if (LUKS2_check_keyslots_area_size(keyslots_size)) {

		log_dbg(cd, "Unsupported LUKS2 keyslots size (%" PRIu64 ").", keyslots_size);

		return 1;

	}

	/*

	 * validate keyslots_size fits in between (2 * metadata_size) and first

	 * segment_offset (except detached header)

	 */

	segment_offset = json_segments_get_minimal_offset(json_get_segments_jobj(hdr_jobj), 0);

	if (segment_offset &&

	    (segment_offset < keyslots_size ||

	     (segment_offset - keyslots_size) < (2 * metadata_size))) {

		log_dbg(cd, "keyslots_size is too large %" PRIu64 " (bytes). Data offset: %" PRIu64

			", keyslots offset: %" PRIu64, keyslots_size, segment_offset, 2 * metadata_size);