eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-14 04:10:06 +01:00
Code Issues Packages Projects Releases Wiki Activity

Implement active device suspend info.

Browse Source 
Add CRYPT_ACTIVATE_SUSPENDED bit to crypt_get_active_device() flags
that informs the caller that device is suspended (luksSuspend).

Fixes: #501.
This commit is contained in:
Milan Broz
2019-11-24 16:19:45 +01:00
parent 684f43d84d
commit 2746fd708f
7 changed files with 23 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/libcryptsetup.h
View File

@@ -1061,6 +1061,8 @@ int crypt_keyslot_destroy(struct crypt_device *cd, int keyslot);
#define CRYPT_ACTIVATE_SERIALIZE_MEMORY_HARD_PBKDF (1 << 19) #define CRYPT_ACTIVATE_SERIALIZE_MEMORY_HARD_PBKDF (1 << 19)
/** dm-integrity: direct writes, use bitmap to track dirty sectors */ /** dm-integrity: direct writes, use bitmap to track dirty sectors */
#define CRYPT_ACTIVATE_NO_JOURNAL_BITMAP (1 << 20) #define CRYPT_ACTIVATE_NO_JOURNAL_BITMAP (1 << 20)
/** device is suspended (key should be wiped from memory), output only */
#define CRYPT_ACTIVATE_SUSPENDED (1 << 21)
/** /**
* Active device runtime attributes * Active device runtime attributes

3
lib/libdevmapper.c
View File

@@ -2519,6 +2519,9 @@ static int _dm_query_device(struct crypt_device *cd, const char *name,
if (dmi.read_only) if (dmi.read_only)
dmd->flags |= CRYPT_ACTIVATE_READONLY; dmd->flags |= CRYPT_ACTIVATE_READONLY;
if (dmi.suspended)
dmd->flags |= CRYPT_ACTIVATE_SUSPENDED;
tmp_uuid = dm_task_get_uuid(dmt); tmp_uuid = dm_task_get_uuid(dmt);
if (!tmp_uuid) if (!tmp_uuid)
dmd->flags |= CRYPT_ACTIVATE_NO_UUID; dmd->flags |= CRYPT_ACTIVATE_NO_UUID;

5
src/cryptsetup.c
View File

@@ -744,8 +744,9 @@ static int action_status(void)
log_std(" size: %" PRIu64 " sectors\n", cad.size); log_std(" size: %" PRIu64 " sectors\n", cad.size);
if (cad.iv_offset) if (cad.iv_offset)
log_std(" skipped: %" PRIu64 " sectors\n", cad.iv_offset); log_std(" skipped: %" PRIu64 " sectors\n", cad.iv_offset);
log_std(" mode: %s\n", cad.flags & CRYPT_ACTIVATE_READONLY ? log_std(" mode: %s%s\n", cad.flags & CRYPT_ACTIVATE_READONLY ?
"readonly" : "read/write"); "readonly" : "read/write",
(cad.flags & CRYPT_ACTIVATE_SUSPENDED) ? " (suspended)" : "");
if (cad.flags & (CRYPT_ACTIVATE_ALLOW_DISCARDS| if (cad.flags & (CRYPT_ACTIVATE_ALLOW_DISCARDS|
CRYPT_ACTIVATE_SAME_CPU_CRYPT| CRYPT_ACTIVATE_SAME_CPU_CRYPT|
CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS)) CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS))

6
tests/api-test-2.c
View File

@@ -537,6 +537,7 @@ static void UseLuks2Device(void)
static void SuspendDevice(void) static void SuspendDevice(void)
{ {
struct crypt_active_device cad;
int suspend_status; int suspend_status;
OK_(crypt_init(&cd, DEVICE_1)); OK_(crypt_init(&cd, DEVICE_1));
@@ -552,6 +553,8 @@ static void SuspendDevice(void)
} }
OK_(suspend_status); OK_(suspend_status);
OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
EQ_(CRYPT_ACTIVATE_SUSPENDED, cad.flags & CRYPT_ACTIVATE_SUSPENDED);
#ifdef KERNEL_KEYRING #ifdef KERNEL_KEYRING
FAIL_(_volume_key_in_keyring(cd, 0), ""); FAIL_(_volume_key_in_keyring(cd, 0), "");
#endif #endif
@@ -561,6 +564,9 @@ static void SuspendDevice(void)
OK_(crypt_resume_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1))); OK_(crypt_resume_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1)));
FAIL_(crypt_resume_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1)), "not suspended"); FAIL_(crypt_resume_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1)), "not suspended");
OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
EQ_(0, cad.flags & CRYPT_ACTIVATE_SUSPENDED);
OK_(prepare_keyfile(KEYFILE1, KEY1, strlen(KEY1))); OK_(prepare_keyfile(KEYFILE1, KEY1, strlen(KEY1)));
OK_(crypt_suspend(cd, CDEVICE_1)); OK_(crypt_suspend(cd, CDEVICE_1));
FAIL_(crypt_resume_by_keyfile(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEYFILE1 "blah", 0), "wrong keyfile"); FAIL_(crypt_resume_by_keyfile(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEYFILE1 "blah", 0), "wrong keyfile");

7
tests/api-test.c
View File

@@ -678,6 +678,7 @@ static void UseLuksDevice(void)
static void SuspendDevice(void) static void SuspendDevice(void)
{ {
struct crypt_active_device cad;
int suspend_status; int suspend_status;
OK_(crypt_init(&cd, DEVICE_1)); OK_(crypt_init(&cd, DEVICE_1));
@@ -693,12 +694,18 @@ static void SuspendDevice(void)
} }
OK_(suspend_status); OK_(suspend_status);
OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
EQ_(CRYPT_ACTIVATE_SUSPENDED, cad.flags & CRYPT_ACTIVATE_SUSPENDED);
FAIL_(crypt_suspend(cd, CDEVICE_1), "already suspended"); FAIL_(crypt_suspend(cd, CDEVICE_1), "already suspended");
FAIL_(crypt_resume_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1)-1), "wrong key"); FAIL_(crypt_resume_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1)-1), "wrong key");
OK_(crypt_resume_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1))); OK_(crypt_resume_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1)));
FAIL_(crypt_resume_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1)), "not suspended"); FAIL_(crypt_resume_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1)), "not suspended");
OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
EQ_(0, cad.flags & CRYPT_ACTIVATE_SUSPENDED);
OK_(prepare_keyfile(KEYFILE1, KEY1, strlen(KEY1))); OK_(prepare_keyfile(KEYFILE1, KEY1, strlen(KEY1)));
OK_(crypt_suspend(cd, CDEVICE_1)); OK_(crypt_suspend(cd, CDEVICE_1));
FAIL_(crypt_resume_by_keyfile(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEYFILE1 "blah", 0), "wrong keyfile"); FAIL_(crypt_resume_by_keyfile(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEYFILE1 "blah", 0), "wrong keyfile");

1
tests/compat-test
View File

@@ -696,6 +696,7 @@ $CRYPTSETUP luksSuspend $DEV_NAME 2>/dev/null && fail
echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV || fail echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV || fail
echo $PWD1 | $CRYPTSETUP -q luksOpen $LOOPDEV $DEV_NAME || fail echo $PWD1 | $CRYPTSETUP -q luksOpen $LOOPDEV $DEV_NAME || fail
$CRYPTSETUP luksSuspend $DEV_NAME || fail $CRYPTSETUP luksSuspend $DEV_NAME || fail
$CRYPTSETUP -q status $DEV_NAME | grep -q "(suspended)" || fail
$CRYPTSETUP -q resize $DEV_NAME 2>/dev/null && fail $CRYPTSETUP -q resize $DEV_NAME 2>/dev/null && fail
echo $PWDW | $CRYPTSETUP luksResume $DEV_NAME 2>/dev/null && fail echo $PWDW | $CRYPTSETUP luksResume $DEV_NAME 2>/dev/null && fail
[ $? -ne 2 ] && fail "luksResume should return EPERM exit code" [ $? -ne 2 ] && fail "luksResume should return EPERM exit code"

1
tests/compat-test2
View File

@@ -641,6 +641,7 @@ prepare "[26] Suspend/Resume" wipe
echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV || fail echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV || fail
echo $PWD1 | $CRYPTSETUP -q luksOpen $LOOPDEV $DEV_NAME || fail echo $PWD1 | $CRYPTSETUP -q luksOpen $LOOPDEV $DEV_NAME || fail
$CRYPTSETUP luksSuspend $DEV_NAME || fail $CRYPTSETUP luksSuspend $DEV_NAME || fail
$CRYPTSETUP -q status $DEV_NAME | grep -q "(suspended)" || fail
$CRYPTSETUP -q resize $DEV_NAME 2>/dev/null && fail $CRYPTSETUP -q resize $DEV_NAME 2>/dev/null && fail
echo $PWDW | $CRYPTSETUP luksResume $DEV_NAME 2>/dev/null && fail echo $PWDW | $CRYPTSETUP luksResume $DEV_NAME 2>/dev/null && fail
[ $? -ne 2 ] && fail "luksResume should return EPERM exit code" [ $? -ne 2 ] && fail "luksResume should return EPERM exit code"