"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "lib/luks2/luks2_keyslot.c" between
cryptsetup-2.4.2.tar.xz and cryptsetup-2.4.3.tar.xz

About: cryptsetup is a utility used to conveniently setup disk encryption based on the dm-crypt kernel module. These include plain dm-crypt volumes, LUKS volumes, loop-AES and TrueCrypt compatible format.

luks2_keyslot.c  (cryptsetup-2.4.2.tar.xz):luks2_keyslot.c  (cryptsetup-2.4.3.tar.xz)
skipping to change at line 30 skipping to change at line 30
*/ */
#include "luks2_internal.h" #include "luks2_internal.h"
/* Internal implementations */ /* Internal implementations */
extern const keyslot_handler luks2_keyslot; extern const keyslot_handler luks2_keyslot;
extern const keyslot_handler reenc_keyslot; extern const keyslot_handler reenc_keyslot;
static const keyslot_handler *keyslot_handlers[LUKS2_KEYSLOTS_MAX] = { static const keyslot_handler *keyslot_handlers[LUKS2_KEYSLOTS_MAX] = {
&luks2_keyslot, &luks2_keyslot,
#if USE_LUKS2_REENCRYPTION
&reenc_keyslot, &reenc_keyslot,
#endif
NULL NULL
}; };
static const keyslot_handler static const keyslot_handler
*LUKS2_keyslot_handler_type(struct crypt_device *cd __attribute__((unused)), con st char *type) *LUKS2_keyslot_handler_type(struct crypt_device *cd __attribute__((unused)), con st char *type)
{ {
int i; int i;
for (i = 0; i < LUKS2_KEYSLOTS_MAX && keyslot_handlers[i]; i++) { for (i = 0; i < LUKS2_KEYSLOTS_MAX && keyslot_handlers[i]; i++) {
if (!strcmp(keyslot_handlers[i]->name, type)) if (!strcmp(keyslot_handlers[i]->name, type))
skipping to change at line 291 skipping to change at line 293
LUKS2_keyslot_unbound(hdr, keyslot)) LUKS2_keyslot_unbound(hdr, keyslot))
return CRYPT_SLOT_UNBOUND; return CRYPT_SLOT_UNBOUND;
if (LUKS2_keyslot_active_count(hdr, CRYPT_DEFAULT_SEGMENT) == 1 && if (LUKS2_keyslot_active_count(hdr, CRYPT_DEFAULT_SEGMENT) == 1 &&
!LUKS2_keyslot_for_segment(hdr, keyslot, CRYPT_DEFAULT_SEGMENT)) !LUKS2_keyslot_for_segment(hdr, keyslot, CRYPT_DEFAULT_SEGMENT))
return CRYPT_SLOT_ACTIVE_LAST; return CRYPT_SLOT_ACTIVE_LAST;
return CRYPT_SLOT_ACTIVE; return CRYPT_SLOT_ACTIVE;
} }
int LUKS2_keyslot_area(struct luks2_hdr *hdr, int LUKS2_keyslot_jobj_area(json_object *jobj_keyslot, uint64_t *offset, uint64_
int keyslot, t *length)
uint64_t *offset,
uint64_t *length)
{ {
json_object *jobj_keyslot, *jobj_area, *jobj; json_object *jobj_area, *jobj;
if(LUKS2_keyslot_info(hdr, keyslot) == CRYPT_SLOT_INVALID)
return -EINVAL;
jobj_keyslot = LUKS2_get_keyslot_jobj(hdr, keyslot);
if (!jobj_keyslot)
return -ENOENT;
if (!json_object_object_get_ex(jobj_keyslot, "area", &jobj_area)) if (!json_object_object_get_ex(jobj_keyslot, "area", &jobj_area))
return -EINVAL; return -EINVAL;
if (!json_object_object_get_ex(jobj_area, "offset", &jobj)) if (!json_object_object_get_ex(jobj_area, "offset", &jobj))
return -EINVAL; return -EINVAL;
*offset = crypt_jobj_get_uint64(jobj); *offset = crypt_jobj_get_uint64(jobj);
if (!json_object_object_get_ex(jobj_area, "size", &jobj)) if (!json_object_object_get_ex(jobj_area, "size", &jobj))
return -EINVAL; return -EINVAL;
*length = crypt_jobj_get_uint64(jobj); *length = crypt_jobj_get_uint64(jobj);
return 0; return 0;
} }
int LUKS2_keyslot_area(struct luks2_hdr *hdr,
int keyslot,
uint64_t *offset,
uint64_t *length)
{
json_object *jobj_keyslot;
if (LUKS2_keyslot_info(hdr, keyslot) == CRYPT_SLOT_INVALID)
return -EINVAL;
jobj_keyslot = LUKS2_get_keyslot_jobj(hdr, keyslot);
if (!jobj_keyslot)
return -ENOENT;
return LUKS2_keyslot_jobj_area(jobj_keyslot, offset, length);
}
static int _open_and_verify(struct crypt_device *cd, static int _open_and_verify(struct crypt_device *cd,
struct luks2_hdr *hdr, struct luks2_hdr *hdr,
const keyslot_handler *h, const keyslot_handler *h,
int keyslot, int keyslot,
const char *password, const char *password,
size_t password_len, size_t password_len,
struct volume_key **vk) struct volume_key **vk)
{ {
int r, key_size = LUKS2_get_keyslot_stored_key_size(hdr, keyslot); int r, key_size = LUKS2_get_keyslot_stored_key_size(hdr, keyslot);
skipping to change at line 599 skipping to change at line 608
if (r < 0) { if (r < 0) {
if (r == -ENOMEM) if (r == -ENOMEM)
log_err(cd, _("Not enough available memory to open a keys lot.")); log_err(cd, _("Not enough available memory to open a keys lot."));
else if (r != -EPERM && r != -ENOENT) else if (r != -EPERM && r != -ENOENT)
log_err(cd, _("Keyslot open failed.")); log_err(cd, _("Keyslot open failed."));
} }
return r; return r;
} }
int LUKS2_keyslot_reencrypt_create(struct crypt_device *cd, int LUKS2_keyslot_reencrypt_allocate(struct crypt_device *cd,
struct luks2_hdr *hdr, struct luks2_hdr *hdr,
int keyslot, int keyslot,
const struct crypt_params_reencrypt *params) const struct crypt_params_reencrypt *params)
{ {
const keyslot_handler *h; const keyslot_handler *h;
int r; int r;
if (keyslot == CRYPT_ANY_SLOT) if (keyslot == CRYPT_ANY_SLOT)
return -EINVAL; return -EINVAL;
skipping to change at line 628 skipping to change at line 637
r = LUKS2_keyslot_priority_set(cd, hdr, keyslot, CRYPT_SLOT_PRIORITY_IGNO RE, 0); r = LUKS2_keyslot_priority_set(cd, hdr, keyslot, CRYPT_SLOT_PRIORITY_IGNO RE, 0);
if (r < 0) if (r < 0)
return r; return r;
r = h->validate(cd, LUKS2_get_keyslot_jobj(hdr, keyslot)); r = h->validate(cd, LUKS2_get_keyslot_jobj(hdr, keyslot));
if (r) { if (r) {
log_dbg(cd, "Keyslot validation failed."); log_dbg(cd, "Keyslot validation failed.");
return r; return r;
} }
if (LUKS2_hdr_validate(cd, hdr->jobj, hdr->hdr_size - LUKS2_HDR_BIN_LEN))
return -EINVAL;
return 0; return 0;
} }
int LUKS2_keyslot_reencrypt_store(struct crypt_device *cd, int LUKS2_keyslot_reencrypt_store(struct crypt_device *cd,
struct luks2_hdr *hdr, struct luks2_hdr *hdr,
int keyslot, int keyslot,
const void *buffer, const void *buffer,
size_t buffer_length) size_t buffer_length)
{ {
const keyslot_handler *h; const keyslot_handler *h;
skipping to change at line 881 skipping to change at line 887
return count; return count;
} }
/* run only on header that passed basic format validation */ /* run only on header that passed basic format validation */
int LUKS2_keyslots_validate(struct crypt_device *cd, json_object *hdr_jobj) int LUKS2_keyslots_validate(struct crypt_device *cd, json_object *hdr_jobj)
{ {
const keyslot_handler *h; const keyslot_handler *h;
int keyslot; int keyslot;
json_object *jobj_keyslots, *jobj_type; json_object *jobj_keyslots, *jobj_type;
uint32_t reqs, reencrypt_count = 0;
struct luks2_hdr dummy = {
.jobj = hdr_jobj
};
if (!json_object_object_get_ex(hdr_jobj, "keyslots", &jobj_keyslots)) if (!json_object_object_get_ex(hdr_jobj, "keyslots", &jobj_keyslots))
return -EINVAL; return -EINVAL;
if (LUKS2_config_get_requirements(cd, &dummy, &reqs))
return -EINVAL;
json_object_object_foreach(jobj_keyslots, slot, val) { json_object_object_foreach(jobj_keyslots, slot, val) {
keyslot = atoi(slot); keyslot = atoi(slot);
json_object_object_get_ex(val, "type", &jobj_type); json_object_object_get_ex(val, "type", &jobj_type);
h = LUKS2_keyslot_handler_type(cd, json_object_get_string(jobj_ty pe)); h = LUKS2_keyslot_handler_type(cd, json_object_get_string(jobj_ty pe));
if (!h) if (!h)
continue; continue;
if (h->validate && h->validate(cd, val)) { if (h->validate && h->validate(cd, val)) {
log_dbg(cd, "Keyslot type %s validation failed on keyslot %d.", h->name, keyslot); log_dbg(cd, "Keyslot type %s validation failed on keyslot %d.", h->name, keyslot);
return -EINVAL; return -EINVAL;
} }
if (!strcmp(h->name, "luks2") && LUKS2_get_keyslot_digests_count( hdr_jobj, keyslot) != 1) { if (!strcmp(h->name, "luks2") && LUKS2_get_keyslot_digests_count( hdr_jobj, keyslot) != 1) {
log_dbg(cd, "Keyslot %d is not assigned to exactly 1 dige st.", keyslot); log_dbg(cd, "Keyslot %d is not assigned to exactly 1 dige st.", keyslot);
return -EINVAL; return -EINVAL;
} }
if (!strcmp(h->name, "reencrypt"))
reencrypt_count++;
}
if ((reqs & CRYPT_REQUIREMENT_ONLINE_REENCRYPT) && reencrypt_count == 0)
{
log_dbg(cd, "Missing reencryption keyslot.");
return -EINVAL;
}
if (!(reqs & CRYPT_REQUIREMENT_ONLINE_REENCRYPT) && reencrypt_count) {
log_dbg(cd, "Missing reencryption requirement flag.");
return -EINVAL;
}
if (reencrypt_count > 1) {
log_dbg(cd, "Too many reencryption keyslots.");
return -EINVAL;
} }
return 0; return 0;
} }
void LUKS2_keyslots_repair(struct crypt_device *cd, json_object *jobj_keyslots) void LUKS2_keyslots_repair(struct crypt_device *cd, json_object *jobj_keyslots)
{ {
const keyslot_handler *h; const keyslot_handler *h;
json_object *jobj_type; json_object *jobj_type;
 End of changes. 10 change blocks. 
16 lines changed or deleted 49 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)