eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-12 03:10:08 +01:00
Code Issues Packages Projects Releases Wiki Activity

Split crypt_drop_keyring_key in two different routines.

Browse Source 
crypt_drop_keyring_key function allow to drop all keys in keyring
assocatiated with passed volume key list.

crypt_drop_keyring_key_by_description is used to drop independent key.
This commit is contained in:
Ondrej Kozina
2019-03-01 11:44:49 +01:00
committed by Milan Broz
parent 6c6f4bcd45
commit 03e810ec72
3 changed files with 33 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
lib/internal.h
View File

@@ -226,7 +226,8 @@ int crypt_key_in_keyring(struct crypt_device *cd);
void crypt_set_key_in_keyring(struct crypt_device *cd, unsigned key_in_keyring);
int crypt_volume_key_load_in_keyring(struct crypt_device *cd, struct volume_key *vk);
int crypt_use_keyring_for_vk(struct crypt_device *cd);
void crypt_drop_keyring_key(struct crypt_device *cd, const char *key_description);
void crypt_drop_keyring_key_by_description(struct crypt_device *cd, const char *key_description, key_type_t ktype);
void crypt_drop_keyring_key(struct crypt_device *cd, struct volume_key *vks);
static inline uint64_t version(uint16_t major, uint16_t minor, uint16_t patch, uint16_t release)
{

8
lib/luks2/luks2_token.c
View File

@@ -410,8 +410,8 @@ int LUKS2_token_open_and_activate(struct crypt_device *cd,
if (r >= 0 && name)
r = LUKS2_activate(cd, name, vk, flags);
if (r < 0 && vk)
crypt_drop_keyring_key(cd, vk->key_description);
if (r < 0)
crypt_drop_keyring_key(cd, vk);
crypt_free_volume_key(vk);
return r < 0 ? r : keyslot;
@@ -455,8 +455,8 @@ int LUKS2_token_open_and_activate_any(struct crypt_device *cd,
if (r >= 0 && name)
r = LUKS2_activate(cd, name, vk, flags);
if (r < 0 && vk)
crypt_drop_keyring_key(cd, vk->key_description);
if (r < 0)
crypt_drop_keyring_key(cd, vk);
crypt_free_volume_key(vk);
return r < 0 ? r : keyslot;

42
lib/setup.c
View File

@@ -2928,7 +2928,7 @@ int crypt_suspend(struct crypt_device *cd,
else if (r)
log_err(cd, _("Error during suspending device %s."), name);
else
crypt_drop_keyring_key(cd, key_desc);
crypt_drop_keyring_key_by_description(cd, key_desc, LOGON_KEY);
free(key_desc);
out:
dm_backend_exit(cd);
@@ -2992,8 +2992,8 @@ int crypt_resume_by_passphrase(struct crypt_device *cd,
else if (r)
log_err(cd, _("Error during resuming device %s."), name);
out:
if (r < 0 && vk)
crypt_drop_keyring_key(cd, vk->key_description);
if (r < 0)
crypt_drop_keyring_key(cd, vk);
crypt_free_volume_key(vk);
return r < 0 ? r : keyslot;
@@ -3061,8 +3061,8 @@ int crypt_resume_by_keyfile_device_offset(struct crypt_device *cd,
log_err(cd, _("Error during resuming device %s."), name);
out:
crypt_safe_free(passphrase_read);
if (r < 0 && vk)
crypt_drop_keyring_key(cd, vk->key_description);
if (r < 0)
crypt_drop_keyring_key(cd, vk);
crypt_free_volume_key(vk);
return r < 0 ? r : keyslot;
}
@@ -3687,8 +3687,8 @@ static int _activate_by_passphrase(struct crypt_device *cd,
r = -EINVAL;
}
out:
if (r < 0 && vk)
crypt_drop_keyring_key(cd, vk->key_description);
if (r < 0)
crypt_drop_keyring_key(cd, vk);
crypt_free_volume_key(vk);
return r < 0 ? r : keyslot;
@@ -3955,8 +3955,8 @@ int crypt_activate_by_volume_key(struct crypt_device *cd,
r = -EINVAL;
}
if (r < 0 && vk)
crypt_drop_keyring_key(cd, vk->key_description);
if (r < 0)
crypt_drop_keyring_key(cd, vk);
crypt_free_volume_key(vk);
return r;
@@ -4016,7 +4016,7 @@ int crypt_deactivate_by_name(struct crypt_device *cd, const char *name, uint32_t
r = dm_remove_device(cd, namei, 0);
}
if (!r)
crypt_drop_keyring_key(cd, key_desc);
crypt_drop_keyring_key_by_description(cd, key_desc, LOGON_KEY);
free(key_desc);
break;
case CRYPT_INACTIVE:
@@ -5413,21 +5413,33 @@ void crypt_set_key_in_keyring(struct crypt_device *cd, unsigned key_in_keyring)
}
/* internal only */
void crypt_drop_keyring_key(struct crypt_device *cd, const char *key_description)
void crypt_drop_keyring_key_by_description(struct crypt_device *cd, const char *key_description, key_type_t ktype)
{
int r;
const char *type_name = key_type_name(ktype);
if (!key_description)
if (!key_description || !type_name)
return;
log_dbg(cd, "Requesting keyring logon key for revoke and unlink.");
log_dbg(cd, "Requesting keyring %s key for revoke and unlink.", type_name);
r = keyring_revoke_and_unlink_key(LOGON_KEY, key_description);
r = keyring_revoke_and_unlink_key(ktype, key_description);
if (r)
log_dbg(cd, "keyring_revoke_and_unlink_logon_key failed (error %d)", r);
log_dbg(cd, "keyring_revoke_and_unlink_key failed (error %d)", r);
crypt_set_key_in_keyring(cd, 0);
}
/* internal only */
void crypt_drop_keyring_key(struct crypt_device *cd, struct volume_key *vks)
{
struct volume_key *vk = vks;
while (vk) {
crypt_drop_keyring_key_by_description(cd, vk->key_description, LOGON_KEY);
vk = crypt_volume_key_next(vk);
}
}
int crypt_activate_by_keyring(struct crypt_device *cd,
const char *name,
const char *key_description,