eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-19 06:40:08 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add PIN try loop for actions supporting tokens.

Browse Source
This commit is contained in:
Ondrej Kozina
2021-07-23 16:05:19 +02:00
parent 796b901912
commit 1a156458f2
1 changed files with 45 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
src/cryptsetup.c
View File

@@ -180,6 +180,44 @@ static int _set_tries_tty(void)
return (tools_is_stdin(ARG_STR(OPT_KEY_FILE_ID)) && isatty(STDIN_FILENO)) ? ARG_UINT32(OPT_TRIES_ID) : 1; return (tools_is_stdin(ARG_STR(OPT_KEY_FILE_ID)) && isatty(STDIN_FILENO)) ? ARG_UINT32(OPT_TRIES_ID) : 1;
} }
static int _try_token_pin_unlock(struct crypt_device *cd,
int token_id,
const char *activated_name,
const char *token_type,
uint32_t activate_flags,
int tries)
{
size_t pin_len;
char msg[64], *pin = NULL;
int r;
assert(tries >= 1);
assert(token_id >= 0 || token_id == CRYPT_ANY_TOKEN);
if (token_id == CRYPT_ANY_TOKEN)
r = snprintf(msg, sizeof(msg), _("Enter token PIN:"));
else
r = snprintf(msg, sizeof(msg), _("Enter token %d PIN:"), token_id);
if (r < 0 || (size_t)r >= sizeof(msg))
return -EINVAL;
do {
r = tools_get_key(msg, &pin, &pin_len, 0, 0, NULL,
ARG_UINT32(OPT_TIMEOUT_ID), _verify_passphrase(0), 0, cd);
if (r < 0)
break;
r = crypt_activate_by_token_pin(cd, activated_name, token_type, ARG_INT32(OPT_TOKEN_ID_ID),
pin, pin_len, NULL, activate_flags);
crypt_safe_free(pin);
pin = NULL;
tools_keyslot_msg(r, UNLOCKED);
check_signal(&r);
} while (r == -ENOANO && (--tries > 0));
return r;
}
static int action_open_plain(void) static int action_open_plain(void)
{ {
struct crypt_device *cd = NULL, *cd1 = NULL; struct crypt_device *cd = NULL, *cd1 = NULL;
@@ -758,6 +796,10 @@ static int action_resize(void)
CRYPT_ACTIVATE_KEYRING_KEY); CRYPT_ACTIVATE_KEYRING_KEY);
tools_keyslot_msg(r, UNLOCKED); tools_keyslot_msg(r, UNLOCKED);
/* Token requires PIN, but ask only if there is no password query later */
if (ARG_SET(OPT_TOKEN_ONLY_ID) && r == -ENOANO)
r = _try_token_pin_unlock(cd, ARG_INT32(OPT_TOKEN_ID_ID), NULL, NULL, CRYPT_ACTIVATE_KEYRING_KEY, 1);
if (r >= 0 || ARG_SET(OPT_TOKEN_ONLY_ID)) if (r >= 0 || ARG_SET(OPT_TOKEN_ONLY_ID))
goto out; goto out;
@@ -1537,16 +1579,9 @@ static int action_open_luks(void)
r = crypt_activate_by_token(cd, activated_name, ARG_INT32(OPT_TOKEN_ID_ID), NULL, activate_flags); r = crypt_activate_by_token(cd, activated_name, ARG_INT32(OPT_TOKEN_ID_ID), NULL, activate_flags);
tools_keyslot_msg(r, UNLOCKED); tools_keyslot_msg(r, UNLOCKED);
/* Token requires PIN, but ask only there will be no password query later */ /* Token requires PIN, but ask only if there is no password query later */
if (ARG_SET(OPT_TOKEN_ONLY_ID) && r == -ENOANO) { if (ARG_SET(OPT_TOKEN_ONLY_ID) && r == -ENOANO)
r = tools_get_key(_("Enter token PIN:"), &password, &passwordLen, 0, 0, NULL, r = _try_token_pin_unlock(cd, ARG_INT32(OPT_TOKEN_ID_ID), activated_name, NULL, activate_flags, _set_tries_tty());
ARG_UINT32(OPT_TIMEOUT_ID), _verify_passphrase(0), 0, cd);
if (r < 0)
goto out;
r = crypt_activate_by_token_pin(cd, activated_name, NULL, ARG_INT32(OPT_TOKEN_ID_ID),
password, passwordLen, NULL, activate_flags);
tools_keyslot_msg(r, UNLOCKED);
}
if (r >= 0 || ARG_SET(OPT_TOKEN_ONLY_ID)) if (r >= 0 || ARG_SET(OPT_TOKEN_ONLY_ID))
goto out; goto out;