From 1326dfbac1774b80664e4f4bc0ca4f479f1f2dcc Mon Sep 17 00:00:00 2001 From: Ondrej Kozina Date: Wed, 29 Jan 2025 14:40:43 +0100 Subject: [PATCH] Add generic crypt_generate_volume_key function. So that we can generate keys with different 'quality' attribute at one place. --- lib/internal.h | 9 ++++++++- lib/setup.c | 8 ++++---- lib/volumekey.c | 25 ++++++++++++++++++++----- 3 files changed, 32 insertions(+), 10 deletions(-) diff --git a/lib/internal.h b/lib/internal.h index eed2278b..51180559 100644 --- a/lib/internal.h +++ b/lib/internal.h @@ -59,8 +59,15 @@ struct volume_key { char key[]; }; +typedef enum { + KEY_QUALITY_KEY = 0, + KEY_QUALITY_NORMAL, + KEY_QUALITY_EMPTY +} key_quality_info; + struct volume_key *crypt_alloc_volume_key(size_t keylength, const char *key); -struct volume_key *crypt_generate_volume_key(struct crypt_device *cd, size_t keylength); +struct volume_key *crypt_generate_volume_key(struct crypt_device *cd, size_t keylength, + key_quality_info quality); void crypt_free_volume_key(struct volume_key *vk); int crypt_volume_key_set_description(struct volume_key *key, const char *key_description, key_type_t keyring_key_type); diff --git a/lib/setup.c b/lib/setup.c index 7459140e..074e0c36 100644 --- a/lib/setup.c +++ b/lib/setup.c @@ -1796,7 +1796,7 @@ static int _crypt_format_luks1(struct crypt_device *cd, cd->volume_key = crypt_alloc_volume_key(volume_key_size, volume_key); else - cd->volume_key = crypt_generate_volume_key(cd, volume_key_size); + cd->volume_key = crypt_generate_volume_key(cd, volume_key_size, KEY_QUALITY_KEY); if (!cd->volume_key) return -ENOMEM; @@ -2075,7 +2075,7 @@ static int _crypt_format_luks2(struct crypt_device *cd, cd->volume_key = crypt_alloc_volume_key(volume_key_size, volume_key); else - cd->volume_key = crypt_generate_volume_key(cd, volume_key_size); + cd->volume_key = crypt_generate_volume_key(cd, volume_key_size, KEY_QUALITY_KEY); if (!cd->volume_key) return -ENOMEM; @@ -2439,7 +2439,7 @@ int crypt_format_luks2_opal(struct crypt_device *cd, if (volume_keys) cd->volume_key = crypt_alloc_volume_key(volume_keys_size, volume_keys); else - cd->volume_key = crypt_generate_volume_key(cd, volume_keys_size); + cd->volume_key = crypt_generate_volume_key(cd, volume_keys_size, KEY_QUALITY_KEY); if (!cd->volume_key) { r = -ENOMEM; @@ -7328,7 +7328,7 @@ int crypt_keyslot_add_by_keyslot_context(struct crypt_device *cd, if (r == -ENOENT) { if ((flags & CRYPT_VOLUME_KEY_NO_SEGMENT) && kc->type == CRYPT_KC_TYPE_KEY) { - if (!(vk = crypt_generate_volume_key(cd, kc->u.k.volume_key_size))) + if (!(vk = crypt_generate_volume_key(cd, kc->u.k.volume_key_size, KEY_QUALITY_KEY))) return -ENOMEM; r = 0; } else if (cd->volume_key) { diff --git a/lib/volumekey.c b/lib/volumekey.c index b8f085ae..6df128d2 100644 --- a/lib/volumekey.c +++ b/lib/volumekey.c @@ -126,7 +126,8 @@ void crypt_free_volume_key(struct volume_key *vk) } } -struct volume_key *crypt_generate_volume_key(struct crypt_device *cd, size_t keylength) +struct volume_key *crypt_generate_volume_key(struct crypt_device *cd, size_t keylength, + key_quality_info quality) { int r; struct volume_key *vk; @@ -135,10 +136,24 @@ struct volume_key *crypt_generate_volume_key(struct crypt_device *cd, size_t key if (!vk) return NULL; - r = crypt_random_get(cd, vk->key, keylength, CRYPT_RND_KEY); - if(r < 0) { - crypt_free_volume_key(vk); - return NULL; + switch (quality) { + case KEY_QUALITY_KEY: + r = crypt_random_get(cd, vk->key, keylength, CRYPT_RND_KEY); + break; + case KEY_QUALITY_NORMAL: + r = crypt_random_get(cd, vk->key, keylength, CRYPT_RND_NORMAL); + break; + case KEY_QUALITY_EMPTY: + r = 0; + break; + default: + abort(); } + + if (r) { + crypt_free_volume_key(vk); + vk = NULL; + } + return vk; }