"Fossies" - the Fresh Open Source Software Archive

Member "cryptsetup-2.4.3/lib/luks2/luks2_token_keyring.c" (13 Jan 2022, 3992 Bytes) of package /linux/misc/cryptsetup-2.4.3.tar.xz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "luks2_token_keyring.c" see the Fossies "Dox" file reference documentation and the last Fossies "Diffs" side-by-side code changes report: 2.3.6_vs_2.4.0.

    1 /*
    2  * LUKS - Linux Unified Key Setup v2, kernel keyring token
    3  *
    4  * Copyright (C) 2016-2021 Red Hat, Inc. All rights reserved.
    5  * Copyright (C) 2016-2021 Ondrej Kozina
    6  *
    7  * This program is free software; you can redistribute it and/or
    8  * modify it under the terms of the GNU General Public License
    9  * as published by the Free Software Foundation; either version 2
   10  * of the License, or (at your option) any later version.
   11  *
   12  * This program is distributed in the hope that it will be useful,
   13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
   14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   15  * GNU General Public License for more details.
   16  *
   17  * You should have received a copy of the GNU General Public License
   18  * along with this program; if not, write to the Free Software
   19  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
   20  */
   21 
   22 #include <assert.h>
   23 
   24 #include "luks2_internal.h"
   25 
   26 int keyring_open(struct crypt_device *cd,
   27                 int token,
   28                 char **buffer,
   29                 size_t *buffer_len,
   30                 void *usrptr __attribute__((unused)))
   31 {
   32     json_object *jobj_token, *jobj_key;
   33     struct luks2_hdr *hdr;
   34     int r;
   35 
   36     if (!(hdr = crypt_get_hdr(cd, CRYPT_LUKS2)))
   37         return -EINVAL;
   38 
   39     jobj_token = LUKS2_get_token_jobj(hdr, token);
   40     if (!jobj_token)
   41         return -EINVAL;
   42 
   43     json_object_object_get_ex(jobj_token, "key_description", &jobj_key);
   44 
   45     r = keyring_get_passphrase(json_object_get_string(jobj_key), buffer, buffer_len);
   46     if (r == -ENOTSUP) {
   47         log_dbg(cd, "Kernel keyring features disabled.");
   48         return -ENOENT;
   49     } else if (r < 0) {
   50         log_dbg(cd, "keyring_get_passphrase failed (error %d)", r);
   51         return -EPERM;
   52     }
   53 
   54     return 0;
   55 }
   56 
   57 int keyring_validate(struct crypt_device *cd __attribute__((unused)),
   58                     const char *json)
   59 {
   60     enum json_tokener_error jerr;
   61     json_object *jobj_token, *jobj_key;
   62     int r = 1;
   63 
   64     log_dbg(cd, "Validating keyring token json");
   65 
   66     jobj_token = json_tokener_parse_verbose(json, &jerr);
   67     if (!jobj_token) {
   68         log_dbg(cd, "Keyring token JSON parse failed.");
   69         return r;
   70     }
   71 
   72     if (json_object_object_length(jobj_token) != 3) {
   73         log_dbg(cd, "Keyring token is expected to have exactly 3 fields.");
   74         goto out;
   75     }
   76 
   77     if (!json_object_object_get_ex(jobj_token, "key_description", &jobj_key)) {
   78         log_dbg(cd, "missing key_description field.");
   79         goto out;
   80     }
   81 
   82     if (!json_object_is_type(jobj_key, json_type_string)) {
   83         log_dbg(cd, "key_description is not a string.");
   84         goto out;
   85     }
   86 
   87     /* TODO: perhaps check that key description is in '%s:%s'
   88      * format where both strings are not empty */
   89     r = !strlen(json_object_get_string(jobj_key));
   90 out:
   91     json_object_put(jobj_token);
   92     return r;
   93 }
   94 
   95 void keyring_dump(struct crypt_device *cd, const char *json)
   96 {
   97     enum json_tokener_error jerr;
   98     json_object *jobj_token, *jobj_key;
   99 
  100     jobj_token = json_tokener_parse_verbose(json, &jerr);
  101     if (!jobj_token)
  102         return;
  103 
  104     if (!json_object_object_get_ex(jobj_token, "key_description", &jobj_key)) {
  105         json_object_put(jobj_token);
  106         return;
  107     }
  108 
  109     log_std(cd, "\tKey description: %s\n", json_object_get_string(jobj_key));
  110 
  111     json_object_put(jobj_token);
  112 }
  113 
  114 int LUKS2_token_keyring_json(char *buffer, size_t buffer_size,
  115     const struct crypt_token_params_luks2_keyring *keyring_params)
  116 {
  117     int r;
  118 
  119     r = snprintf(buffer, buffer_size, "{ \"type\": \"%s\", \"keyslots\":[],\"key_description\":\"%s\"}",
  120          LUKS2_TOKEN_KEYRING, keyring_params->key_description);
  121     if (r < 0 || (size_t)r >= buffer_size)
  122         return -EINVAL;
  123 
  124     return 0;
  125 }
  126 
  127 int LUKS2_token_keyring_get(struct crypt_device *cd __attribute__((unused)), struct luks2_hdr *hdr,
  128     int token, struct crypt_token_params_luks2_keyring *keyring_params)
  129 {
  130     json_object *jobj_token, *jobj;
  131 
  132     jobj_token = LUKS2_get_token_jobj(hdr, token);
  133     json_object_object_get_ex(jobj_token, "type", &jobj);
  134     assert(!strcmp(json_object_get_string(jobj), LUKS2_TOKEN_KEYRING));
  135 
  136     json_object_object_get_ex(jobj_token, "key_description", &jobj);
  137 
  138     keyring_params->key_description = json_object_get_string(jobj);
  139 
  140     return token;
  141 }