"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "lib/luks2/luks2_keyslot_luks2.c" between
cryptsetup-2.3.6.tar.xz and cryptsetup-2.4.0.tar.xz

About: cryptsetup is a utility used to conveniently setup disk encryption based on the dm-crypt kernel module. These include plain dm-crypt volumes, LUKS volumes, loop-AES and TrueCrypt compatible format.

luks2_keyslot_luks2.c  (cryptsetup-2.3.6.tar.xz):luks2_keyslot_luks2.c  (cryptsetup-2.4.0.tar.xz)
skipping to change at line 329 skipping to change at line 329
return -EINVAL; return -EINVAL;
r = crypt_parse_name_and_mode(json_object_get_string(jobj2), cipher, NULL , cipher_mode); r = crypt_parse_name_and_mode(json_object_get_string(jobj2), cipher, NULL , cipher_mode);
if (r < 0) if (r < 0)
return r; return r;
if (!json_object_object_get_ex(jobj_area, "key_size", &jobj2)) if (!json_object_object_get_ex(jobj_area, "key_size", &jobj2))
return -EINVAL; return -EINVAL;
keyslot_key_len = json_object_get_int(jobj2); keyslot_key_len = json_object_get_int(jobj2);
/* /*
* If requested, serialize unlocking for memory-hard KDF. Usually NOOP.
*/
if (pbkdf.max_memory_kb > MIN_MEMORY_FOR_SERIALIZE_LOCK_KB)
try_serialize_lock = true;
if (try_serialize_lock && crypt_serialize_lock(cd))
return -EINVAL;
/*
* Allocate derived key storage space. * Allocate derived key storage space.
*/ */
derived_key = crypt_alloc_volume_key(keyslot_key_len, NULL); derived_key = crypt_alloc_volume_key(keyslot_key_len, NULL);
if (!derived_key) if (!derived_key)
return -ENOMEM; return -ENOMEM;
AFEKSize = AF_split_sectors(volume_key_len, LUKS_STRIPES) * SECTOR_SIZE; AFEKSize = AF_split_sectors(volume_key_len, LUKS_STRIPES) * SECTOR_SIZE;
AfKey = crypt_safe_alloc(AFEKSize); AfKey = crypt_safe_alloc(AFEKSize);
if (!AfKey) { if (!AfKey) {
crypt_free_volume_key(derived_key); r = -ENOMEM;
return -ENOMEM; goto out;
} }
/*
* If requested, serialize unlocking for memory-hard KDF. Usually NOOP.
*/
if (pbkdf.max_memory_kb > MIN_MEMORY_FOR_SERIALIZE_LOCK_KB)
try_serialize_lock = true;
if (try_serialize_lock && (r = crypt_serialize_lock(cd)))
goto out;
/* /*
* Calculate derived key, decrypt keyslot content and merge it. * Calculate derived key, decrypt keyslot content and merge it.
*/ */
r = crypt_pbkdf(pbkdf.type, pbkdf.hash, password, passwordLen, r = crypt_pbkdf(pbkdf.type, pbkdf.hash, password, passwordLen,
salt, LUKS_SALTSIZE, salt, LUKS_SALTSIZE,
derived_key->key, derived_key->keylength, derived_key->key, derived_key->keylength,
pbkdf.iterations, pbkdf.max_memory_kb, pbkdf.iterations, pbkdf.max_memory_kb,
pbkdf.parallel_threads); pbkdf.parallel_threads);
if (try_serialize_lock) if (try_serialize_lock)
skipping to change at line 370 skipping to change at line 372
if (r == 0) { if (r == 0) {
log_dbg(cd, "Reading keyslot area [0x%04x].", (unsigned)area_offs et); log_dbg(cd, "Reading keyslot area [0x%04x].", (unsigned)area_offs et);
/* FIXME: sector_offset should be size_t, fix LUKS_decrypt... acc ordingly */ /* FIXME: sector_offset should be size_t, fix LUKS_decrypt... acc ordingly */
r = luks2_decrypt_from_storage(AfKey, AFEKSize, cipher, cipher_mo de, r = luks2_decrypt_from_storage(AfKey, AFEKSize, cipher, cipher_mo de,
derived_key, (unsigned)(area_offset / SECTO R_SIZE), cd); derived_key, (unsigned)(area_offset / SECTO R_SIZE), cd);
} }
if (r == 0) if (r == 0)
r = AF_merge(cd, AfKey, volume_key, volume_key_len, LUKS_STRIPES, af_hash); r = AF_merge(cd, AfKey, volume_key, volume_key_len, LUKS_STRIPES, af_hash);
out:
crypt_free_volume_key(derived_key); crypt_free_volume_key(derived_key);
crypt_safe_free(AfKey); crypt_safe_free(AfKey);
return r; return r;
} }
/* /*
* currently we support update of only: * currently we support update of only:
* *
* - af hash function * - af hash function
skipping to change at line 465 skipping to change at line 468
if (!params || params->area_type != LUKS2_KEYSLOT_AREA_RAW || if (!params || params->area_type != LUKS2_KEYSLOT_AREA_RAW ||
params->af_type != LUKS2_KEYSLOT_AF_LUKS1) { params->af_type != LUKS2_KEYSLOT_AF_LUKS1) {
log_dbg(cd, "Invalid LUKS2 keyslot parameters."); log_dbg(cd, "Invalid LUKS2 keyslot parameters.");
return -EINVAL; return -EINVAL;
} }
if (!(hdr = crypt_get_hdr(cd, CRYPT_LUKS2))) if (!(hdr = crypt_get_hdr(cd, CRYPT_LUKS2)))
return -EINVAL; return -EINVAL;
if (keyslot == CRYPT_ANY_SLOT) if (keyslot == CRYPT_ANY_SLOT)
keyslot = LUKS2_keyslot_find_empty(hdr); keyslot = LUKS2_keyslot_find_empty(cd, hdr, 0);
if (keyslot < 0 || keyslot >= LUKS2_KEYSLOTS_MAX) if (keyslot < 0 || keyslot >= LUKS2_KEYSLOTS_MAX)
return -ENOMEM; return -ENOMEM;
if (LUKS2_get_keyslot_jobj(hdr, keyslot)) { if (LUKS2_get_keyslot_jobj(hdr, keyslot)) {
log_dbg(cd, "Cannot modify already active keyslot %d.", keyslot); log_dbg(cd, "Cannot modify already active keyslot %d.", keyslot);
return -EINVAL; return -EINVAL;
} }
if (!json_object_object_get_ex(hdr->jobj, "keyslots", &jobj_keyslots)) if (!json_object_object_get_ex(hdr->jobj, "keyslots", &jobj_keyslots))
skipping to change at line 737 skipping to change at line 740
r = luks2_keyslot_update_json(cd, jobj_keyslot, params); r = luks2_keyslot_update_json(cd, jobj_keyslot, params);
if (!r && LUKS2_check_json_size(cd, hdr)) { if (!r && LUKS2_check_json_size(cd, hdr)) {
log_dbg(cd, "Not enough space in header json area for updated key slot %d.", keyslot); log_dbg(cd, "Not enough space in header json area for updated key slot %d.", keyslot);
r = -ENOSPC; r = -ENOSPC;
} }
return r; return r;
} }
static void luks2_keyslot_repair(struct crypt_device *cd, json_object *jobj_keys lot) static void luks2_keyslot_repair(struct crypt_device *cd __attribute__((unused)) , json_object *jobj_keyslot)
{ {
const char *type; const char *type;
json_object *jobj_kdf, *jobj_type; json_object *jobj_kdf, *jobj_type;
if (!json_object_object_get_ex(jobj_keyslot, "kdf", &jobj_kdf) || if (!json_object_object_get_ex(jobj_keyslot, "kdf", &jobj_kdf) ||
!json_object_is_type(jobj_kdf, json_type_object)) !json_object_is_type(jobj_kdf, json_type_object))
return; return;
if (!json_object_object_get_ex(jobj_kdf, "type", &jobj_type) || if (!json_object_object_get_ex(jobj_kdf, "type", &jobj_type) ||
!json_object_is_type(jobj_type, json_type_string)) !json_object_is_type(jobj_type, json_type_string))
 End of changes. 6 change blocks. 
11 lines changed or deleted 14 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)