From 01598028c4804e84f0f86122dae863e93a22318c Mon Sep 17 00:00:00 2001 From: Milan Broz Date: Mon, 31 Jul 2017 16:48:29 +0200 Subject: [PATCH] Aff info function for integrity device and print info ion status. --- lib/libcryptsetup.h | 12 ++++++++++++ lib/libcryptsetup.sym | 1 + lib/libdevmapper.c | 14 +++++++++----- lib/setup.c | 30 ++++++++++++++++++++++++++++++ src/integritysetup.c | 26 ++++++++++++++++++++++---- 5 files changed, 74 insertions(+), 9 deletions(-) diff --git a/lib/libcryptsetup.h b/lib/libcryptsetup.h index 38e67697..555e1e80 100644 --- a/lib/libcryptsetup.h +++ b/lib/libcryptsetup.h @@ -1041,6 +1041,18 @@ int crypt_get_sector_size(struct crypt_device *cd); */ int crypt_get_verity_info(struct crypt_device *cd, struct crypt_params_verity *vp); + +/** + * Get device parameters for INTEGRITY device. + * + * @param cd crypt device handle + * @param vp verity device info + * + * @e 0 on success or negative errno value otherwise. + * + */ +int crypt_get_integrity_info(struct crypt_device *cd, + struct crypt_params_integrity *ip); /** @} */ /** diff --git a/lib/libcryptsetup.sym b/lib/libcryptsetup.sym index 47b259a5..b44a72c8 100644 --- a/lib/libcryptsetup.sym +++ b/lib/libcryptsetup.sym @@ -44,6 +44,7 @@ CRYPTSETUP_2.0 { crypt_get_integrity_key_size; crypt_get_integrity_tag_size; crypt_get_integrity_sectors; + crypt_get_integrity_info; crypt_get_uuid; crypt_get_data_offset; crypt_get_iv_offset; diff --git a/lib/libdevmapper.c b/lib/libdevmapper.c index 94a66343..4f6551e6 100644 --- a/lib/libdevmapper.c +++ b/lib/libdevmapper.c @@ -1529,11 +1529,15 @@ static int _dm_query_integrity(uint32_t get_flags, if (r) return r; } - } else if (!strncmp(arg, "journal_crypt:", 14)) - ;/* ignore it for now */ - else if (!strncmp(arg, "journal_mac:", 12)) - ;/* ignore it for now */ - else /* unknown option */ + } else if (!strncmp(arg, "journal_crypt:", 14)) { + str = &arg[14]; + arg = strsep(&str, ":"); + dmd->u.integrity.journal_crypt = strdup(arg); + } else if (!strncmp(arg, "journal_mac:", 12)) { + str = &arg[12]; + arg = strsep(&str, ":"); + dmd->u.integrity.journal_integrity = strdup(arg); + } else /* unknown option */ return -EINVAL; } diff --git a/lib/setup.c b/lib/setup.c index b3cff2e5..b313e454 100644 --- a/lib/setup.c +++ b/lib/setup.c @@ -838,6 +838,9 @@ static int _init_by_name_integrity(struct crypt_device *cd, const char *name) cd->u.integrity.params.interleave_sectors = dmd.u.integrity.interleave_sectors; cd->u.integrity.params.buffer_sectors = dmd.u.integrity.buffer_sectors; cd->u.integrity.params.integrity = dmd.u.integrity.integrity; + cd->u.integrity.params.journal_integrity = dmd.u.integrity.journal_integrity; + cd->u.integrity.params.journal_crypt = dmd.u.integrity.journal_crypt; + //FIXME init keys? } out: @@ -2798,6 +2801,33 @@ int crypt_get_verity_info(struct crypt_device *cd, return 0; } +int crypt_get_integrity_info(struct crypt_device *cd, + struct crypt_params_integrity *ip) +{ + if (!isINTEGRITY(cd->type) || !ip) + return -EINVAL; + + ip->journal_size = cd->u.integrity.params.journal_size; + ip->journal_watermark = cd->u.integrity.params.journal_watermark; + ip->journal_commit_time = cd->u.integrity.params.journal_commit_time; + ip->interleave_sectors = cd->u.integrity.params.interleave_sectors; + ip->tag_size = cd->u.integrity.params.tag_size; + ip->sector_size = cd->u.integrity.params.sector_size; + ip->buffer_sectors = cd->u.integrity.params.buffer_sectors; + + ip->integrity = cd->u.integrity.params.integrity; + + ip->journal_integrity = cd->u.integrity.params.journal_integrity; + ip->journal_integrity_key_size = cd->u.integrity.params.journal_integrity_key_size; + ip->journal_integrity_key = NULL; + + ip->journal_crypt = cd->u.integrity.params.journal_crypt; + ip->journal_crypt_key_size = cd->u.integrity.params.journal_crypt_key_size; + ip->journal_crypt_key = NULL; + + return 0; +} + int crypt_get_active_device(struct crypt_device *cd, const char *name, struct crypt_active_device *cad) { diff --git a/src/integritysetup.c b/src/integritysetup.c index 36a39b86..a14a4877 100644 --- a/src/integritysetup.c +++ b/src/integritysetup.c @@ -334,6 +334,7 @@ static int action_status(int arg) { crypt_status_info ci; struct crypt_active_device cad; + struct crypt_params_integrity ip = {}; struct crypt_device *cd = NULL; char *backing_file; const char *device; @@ -374,8 +375,12 @@ static int action_status(int arg) if (r < 0) goto out; - log_std(" tag size: %u\n", crypt_get_integrity_tag_size(cd)); - log_std(" integrity: %s\n", crypt_get_integrity(cd) ?: "(none)"); + r = crypt_get_integrity_info(cd, &ip); + if (r < 0) + goto out; + + log_std(" tag size: %u\n", ip.tag_size); + log_std(" integrity: %s\n", ip.integrity ?: "(none)"); device = crypt_get_device_name(cd); log_std(" device: %s\n", device); if (crypt_loop_device(device)) { @@ -384,9 +389,22 @@ static int action_status(int arg) free(backing_file); } log_std(" sector size: %u sectors\n", crypt_get_sector_size(cd)); + log_std(" interleave sectors: %u\n", ip.interleave_sectors); log_std(" size: %" PRIu64 " sectors\n", cad.size); - log_std(" mode: %s\n", cad.flags & CRYPT_ACTIVATE_READONLY ? - "readonly" : "read/write"); + log_std(" mode: %s%s\n", + cad.flags & CRYPT_ACTIVATE_READONLY ? "readonly" : "read/write", + cad.flags & CRYPT_ACTIVATE_RECOVERY ? " recovery" : ""); + if (cad.flags & CRYPT_ACTIVATE_NO_JOURNAL) { + log_std(" journal: not active\n"); + } else { + log_std(" journal size: %" PRIu64 " bytes\n", ip.journal_size); + log_std(" journal watermark: %u%%\n", ip.journal_watermark); + log_std(" journal commit time: %u ms\n", ip.journal_commit_time); + if (ip.journal_integrity) + log_std(" journal integrity MAC: %s\n", ip.journal_integrity); + if (ip.journal_crypt) + log_std(" journal encryption: %s\n", ip.journal_crypt); + } } out: crypt_free(cd);