"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "lib/luks2/luks2_keyslot.c" between
cryptsetup-2.3.6.tar.xz and cryptsetup-2.4.0.tar.xz

About: cryptsetup is a utility used to conveniently setup disk encryption based on the dm-crypt kernel module. These include plain dm-crypt volumes, LUKS volumes, loop-AES and TrueCrypt compatible format.

luks2_keyslot.c  (cryptsetup-2.3.6.tar.xz):luks2_keyslot.c  (cryptsetup-2.4.0.tar.xz)
skipping to change at line 35 skipping to change at line 35
extern const keyslot_handler luks2_keyslot; extern const keyslot_handler luks2_keyslot;
extern const keyslot_handler reenc_keyslot; extern const keyslot_handler reenc_keyslot;
static const keyslot_handler *keyslot_handlers[LUKS2_KEYSLOTS_MAX] = { static const keyslot_handler *keyslot_handlers[LUKS2_KEYSLOTS_MAX] = {
&luks2_keyslot, &luks2_keyslot,
&reenc_keyslot, &reenc_keyslot,
NULL NULL
}; };
static const keyslot_handler static const keyslot_handler
*LUKS2_keyslot_handler_type(struct crypt_device *cd, const char *type) *LUKS2_keyslot_handler_type(struct crypt_device *cd __attribute__((unused)), con st char *type)
{ {
int i; int i;
for (i = 0; i < LUKS2_KEYSLOTS_MAX && keyslot_handlers[i]; i++) { for (i = 0; i < LUKS2_KEYSLOTS_MAX && keyslot_handlers[i]; i++) {
if (!strcmp(keyslot_handlers[i]->name, type)) if (!strcmp(keyslot_handlers[i]->name, type))
return keyslot_handlers[i]; return keyslot_handlers[i];
} }
return NULL; return NULL;
} }
skipping to change at line 68 skipping to change at line 68
if (!(jobj1 = LUKS2_get_keyslot_jobj(hdr, keyslot))) if (!(jobj1 = LUKS2_get_keyslot_jobj(hdr, keyslot)))
return NULL; return NULL;
if (!json_object_object_get_ex(jobj1, "type", &jobj2)) if (!json_object_object_get_ex(jobj1, "type", &jobj2))
return NULL; return NULL;
return LUKS2_keyslot_handler_type(cd, json_object_get_string(jobj2)); return LUKS2_keyslot_handler_type(cd, json_object_get_string(jobj2));
} }
int LUKS2_keyslot_find_empty(struct luks2_hdr *hdr) int LUKS2_keyslot_find_empty(struct crypt_device *cd, struct luks2_hdr *hdr, siz e_t keylength)
{ {
int i; int i;
for (i = 0; i < LUKS2_KEYSLOTS_MAX; i++) for (i = 0; i < LUKS2_KEYSLOTS_MAX; i++)
if (!LUKS2_get_keyslot_jobj(hdr, i)) if (!LUKS2_get_keyslot_jobj(hdr, i))
return i; break;
if (i == LUKS2_KEYSLOTS_MAX)
return -EINVAL;
return -EINVAL; /* Check also there is a space for the key in keyslots area */
if (keylength && LUKS2_find_area_gap(cd, hdr, keylength, NULL, NULL) < 0)
return -ENOSPC;
return i;
} }
/* Check if a keyslot is assigned to specific segment */ /* Check if a keyslot is assigned to specific segment */
static int _keyslot_for_segment(struct luks2_hdr *hdr, int keyslot, int segment) static int _keyslot_for_segment(struct luks2_hdr *hdr, int keyslot, int segment)
{ {
int keyslot_digest, count = 0; int keyslot_digest, count = 0;
unsigned s; unsigned s;
keyslot_digest = LUKS2_digest_by_keyslot(hdr, keyslot); keyslot_digest = LUKS2_digest_by_keyslot(hdr, keyslot);
if (keyslot_digest < 0) if (keyslot_digest < 0)
skipping to change at line 548 skipping to change at line 555
goto out; goto out;
crypt_volume_key_add_next(vks, vk); crypt_volume_key_add_next(vks, vk);
} }
out: out:
if (r < 0) { if (r < 0) {
crypt_free_volume_key(*vks); crypt_free_volume_key(*vks);
*vks = NULL; *vks = NULL;
if (r == -ENOMEM) if (r == -ENOMEM)
log_err(cd, _("Not enough available memory to open a keys lot.")); log_err(cd, _("Not enough available memory to open a keys lot."));
else if (r != -EPERM) else if (r != -EPERM && r != -ENOENT)
log_err(cd, _("Keyslot open failed.")); log_err(cd, _("Keyslot open failed."));
} }
return r; return r;
} }
int LUKS2_keyslot_open(struct crypt_device *cd, int LUKS2_keyslot_open(struct crypt_device *cd,
int keyslot, int keyslot,
int segment, int segment,
const char *password, const char *password,
size_t password_len, size_t password_len,
skipping to change at line 585 skipping to change at line 592
password, password_len, segment, vk); password, password_len, segment, vk);
/* Prefer password wrong to no entry from priority slot */ /* Prefer password wrong to no entry from priority slot */
if (r_prio == -EPERM && r == -ENOENT) if (r_prio == -EPERM && r == -ENOENT)
r = r_prio; r = r_prio;
} else } else
r = LUKS2_open_and_verify(cd, hdr, keyslot, segment, password, pa ssword_len, vk); r = LUKS2_open_and_verify(cd, hdr, keyslot, segment, password, pa ssword_len, vk);
if (r < 0) { if (r < 0) {
if (r == -ENOMEM) if (r == -ENOMEM)
log_err(cd, _("Not enough available memory to open a keys lot.")); log_err(cd, _("Not enough available memory to open a keys lot."));
else if (r != -EPERM) else if (r != -EPERM && r != -ENOENT)
log_err(cd, _("Keyslot open failed.")); log_err(cd, _("Keyslot open failed."));
} }
return r; return r;
} }
int LUKS2_keyslot_reencrypt_create(struct crypt_device *cd, int LUKS2_keyslot_reencrypt_create(struct crypt_device *cd,
struct luks2_hdr *hdr, struct luks2_hdr *hdr,
int keyslot, int keyslot,
const struct crypt_params_reencrypt *params) const struct crypt_params_reencrypt *params)
{ {
const keyslot_handler *h; const keyslot_handler *h;
int r; int r;
if (keyslot == CRYPT_ANY_SLOT) if (keyslot == CRYPT_ANY_SLOT)
return -EINVAL; return -EINVAL;
/* FIXME: find keyslot by type */
h = LUKS2_keyslot_handler_type(cd, "reencrypt"); h = LUKS2_keyslot_handler_type(cd, "reencrypt");
if (!h) if (!h)
return -EINVAL; return -EINVAL;
r = reenc_keyslot_alloc(cd, hdr, keyslot, params); r = reenc_keyslot_alloc(cd, hdr, keyslot, params);
if (r < 0) if (r < 0)
return r; return r;
r = LUKS2_keyslot_priority_set(cd, hdr, keyslot, CRYPT_SLOT_PRIORITY_IGNO RE, 0); r = LUKS2_keyslot_priority_set(cd, hdr, keyslot, CRYPT_SLOT_PRIORITY_IGNO RE, 0);
if (r < 0) if (r < 0)
skipping to change at line 772 skipping to change at line 778
int LUKS2_keyslot_dump(struct crypt_device *cd, int keyslot) int LUKS2_keyslot_dump(struct crypt_device *cd, int keyslot)
{ {
const keyslot_handler *h; const keyslot_handler *h;
if (!(h = LUKS2_keyslot_handler(cd, keyslot))) if (!(h = LUKS2_keyslot_handler(cd, keyslot)))
return -EINVAL; return -EINVAL;
return h->dump(cd, keyslot); return h->dump(cd, keyslot);
} }
crypt_keyslot_priority LUKS2_keyslot_priority_get(struct crypt_device *cd, crypt_keyslot_priority LUKS2_keyslot_priority_get(struct crypt_device *cd __attr ibute__((unused)),
struct luks2_hdr *hdr, int keyslot) struct luks2_hdr *hdr, int keyslot)
{ {
json_object *jobj_keyslot, *jobj_priority; json_object *jobj_keyslot, *jobj_priority;
jobj_keyslot = LUKS2_get_keyslot_jobj(hdr, keyslot); jobj_keyslot = LUKS2_get_keyslot_jobj(hdr, keyslot);
if (!jobj_keyslot) if (!jobj_keyslot)
return CRYPT_SLOT_PRIORITY_INVALID; return CRYPT_SLOT_PRIORITY_INVALID;
if (!json_object_object_get_ex(jobj_keyslot, "priority", &jobj_priority)) if (!json_object_object_get_ex(jobj_keyslot, "priority", &jobj_priority))
return CRYPT_SLOT_PRIORITY_NORMAL; return CRYPT_SLOT_PRIORITY_NORMAL;
skipping to change at line 808 skipping to change at line 814
else else
json_object_object_add(jobj_keyslot, "priority", json_object_new_ int(priority)); json_object_object_add(jobj_keyslot, "priority", json_object_new_ int(priority));
return commit ? LUKS2_hdr_write(cd, hdr) : 0; return commit ? LUKS2_hdr_write(cd, hdr) : 0;
} }
int placeholder_keyslot_alloc(struct crypt_device *cd, int placeholder_keyslot_alloc(struct crypt_device *cd,
int keyslot, int keyslot,
uint64_t area_offset, uint64_t area_offset,
uint64_t area_length, uint64_t area_length,
size_t volume_key_len) size_t volume_key_len __attribute__((unused)))
{ {
struct luks2_hdr *hdr; struct luks2_hdr *hdr;
json_object *jobj_keyslots, *jobj_keyslot, *jobj_area; json_object *jobj_keyslots, *jobj_keyslot, *jobj_area;
log_dbg(cd, "Allocating placeholder keyslot %d for LUKS1 down conversion. ", keyslot); log_dbg(cd, "Allocating placeholder keyslot %d for LUKS1 down conversion. ", keyslot);
if (!(hdr = crypt_get_hdr(cd, CRYPT_LUKS2))) if (!(hdr = crypt_get_hdr(cd, CRYPT_LUKS2)))
return -EINVAL; return -EINVAL;
if (keyslot < 0 || keyslot >= LUKS2_KEYSLOTS_MAX) if (keyslot < 0 || keyslot >= LUKS2_KEYSLOTS_MAX)
skipping to change at line 938 skipping to change at line 944
if (!jobj_keyslot) if (!jobj_keyslot)
continue; continue;
json_object_object_get_ex(jobj_keyslot, "type", &jobj_type); json_object_object_get_ex(jobj_keyslot, "type", &jobj_type);
if (!strcmp(json_object_get_string(jobj_type), type)) if (!strcmp(json_object_get_string(jobj_type), type))
return i; return i;
} }
return -ENOENT; return -ENOENT;
} }
/* assumes valid header, it does not move references in tokens/digests etc! */
int LUKS2_keyslot_swap(struct crypt_device *cd, struct luks2_hdr *hdr,
int keyslot, int keyslot2)
{
json_object *jobj_keyslots, *jobj_keyslot, *jobj_keyslot2;
int r;
if (!json_object_object_get_ex(hdr->jobj, "keyslots", &jobj_keyslots))
return -EINVAL;
jobj_keyslot = LUKS2_get_keyslot_jobj(hdr, keyslot);
if (!jobj_keyslot)
return -EINVAL;
jobj_keyslot2 = LUKS2_get_keyslot_jobj(hdr, keyslot2);
if (!jobj_keyslot2)
return -EINVAL;
/* This transfer owner of object, no need for json_object_put */
json_object_get(jobj_keyslot);
json_object_get(jobj_keyslot2);
json_object_object_del_by_uint(jobj_keyslots, keyslot);
r = json_object_object_add_by_uint(jobj_keyslots, keyslot, jobj_keyslot2)
;
if (r < 0) {
log_dbg(cd, "Failed to swap keyslot %d.", keyslot);
return r;
}
json_object_object_del_by_uint(jobj_keyslots, keyslot2);
r = json_object_object_add_by_uint(jobj_keyslots, keyslot2, jobj_keyslot)
;
if (r < 0)
log_dbg(cd, "Failed to swap keyslot2 %d.", keyslot2);
return r;
}
 End of changes. 10 change blocks. 
9 lines changed or deleted 15 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)