"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "lib/luks2/luks2_token_keyring.c" between
cryptsetup-2.0.6.tar.xz and cryptsetup-2.1.0.tar.xz

About: cryptsetup is a utility used to conveniently setup disk encryption based on the dm-crypt kernel module. These include plain dm-crypt volumes, LUKS volumes, loop-AES and TrueCrypt compatible format.

luks2_token_keyring.c  (cryptsetup-2.0.6.tar.xz):luks2_token_keyring.c  (cryptsetup-2.1.0.tar.xz)
/* /*
* LUKS - Linux Unified Key Setup v2, kernel keyring token * LUKS - Linux Unified Key Setup v2, kernel keyring token
* *
* Copyright (C) 2016-2018, Red Hat, Inc. All rights reserved. * Copyright (C) 2016-2019 Red Hat, Inc. All rights reserved.
* Copyright (C) 2016-2018, Ondrej Kozina. All rights reserved. * Copyright (C) 2016-2019 Ondrej Kozina
* *
* This program is free software; you can redistribute it and/or * This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License * modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2 * as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version. * of the License, or (at your option) any later version.
* *
* This program is distributed in the hope that it will be useful, * This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of * but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details. * GNU General Public License for more details.
skipping to change at line 47 skipping to change at line 47
return -EINVAL; return -EINVAL;
jobj_token = LUKS2_get_token_jobj(hdr, token); jobj_token = LUKS2_get_token_jobj(hdr, token);
if (!jobj_token) if (!jobj_token)
return -EINVAL; return -EINVAL;
json_object_object_get_ex(jobj_token, "key_description", &jobj_key); json_object_object_get_ex(jobj_token, "key_description", &jobj_key);
r = keyring_get_passphrase(json_object_get_string(jobj_key), buffer, buff er_len); r = keyring_get_passphrase(json_object_get_string(jobj_key), buffer, buff er_len);
if (r == -ENOTSUP) { if (r == -ENOTSUP) {
log_dbg("Kernel keyring features disabled."); log_dbg(cd, "Kernel keyring features disabled.");
return -EINVAL; return -EINVAL;
} else if (r < 0) { } else if (r < 0) {
log_dbg("keyring_get_passphrase failed (error %d)", r); log_dbg(cd, "keyring_get_passphrase failed (error %d)", r);
return -EINVAL; return -EINVAL;
} }
return 0; return 0;
} }
static int keyring_validate(struct crypt_device *cd __attribute__((unused)), static int keyring_validate(struct crypt_device *cd __attribute__((unused)),
const char *json) const char *json)
{ {
enum json_tokener_error jerr; enum json_tokener_error jerr;
json_object *jobj_token, *jobj_key; json_object *jobj_token, *jobj_key;
int r = 1; int r = 1;
log_dbg("Validating keyring token json"); log_dbg(cd, "Validating keyring token json");
jobj_token = json_tokener_parse_verbose(json, &jerr); jobj_token = json_tokener_parse_verbose(json, &jerr);
if (!jobj_token) { if (!jobj_token) {
log_dbg("Keyring token JSON parse failed."); log_dbg(cd, "Keyring token JSON parse failed.");
return r; return r;
} }
if (json_object_object_length(jobj_token) != 3) { if (json_object_object_length(jobj_token) != 3) {
log_dbg("Keyring token is expected to have exactly 3 fields."); log_dbg(cd, "Keyring token is expected to have exactly 3 fields." );
goto out; goto out;
} }
if (!json_object_object_get_ex(jobj_token, "key_description", &jobj_key)) { if (!json_object_object_get_ex(jobj_token, "key_description", &jobj_key)) {
log_dbg("missing key_description field."); log_dbg(cd, "missing key_description field.");
goto out; goto out;
} }
if (!json_object_is_type(jobj_key, json_type_string)) { if (!json_object_is_type(jobj_key, json_type_string)) {
log_dbg("key_description is not a string."); log_dbg(cd, "key_description is not a string.");
goto out; goto out;
} }
/* TODO: perhaps check that key description is in '%s:%s' /* TODO: perhaps check that key description is in '%s:%s'
* format where both strings are not empty */ * format where both strings are not empty */
r = !strlen(json_object_get_string(jobj_key)); r = !strlen(json_object_get_string(jobj_key));
out: out:
json_object_put(jobj_token); json_object_put(jobj_token);
return r; return r;
} }
 End of changes. 8 change blocks. 
9 lines changed or deleted 9 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)