diff --git a/src/cryptsetup.c b/src/cryptsetup.c index 4592897a..1c8cad97 100644 --- a/src/cryptsetup.c +++ b/src/cryptsetup.c @@ -126,6 +126,7 @@ static int action_open_plain(void) NULL, NULL, key_size, ¶ms); + check_signal(&r); if (r < 0) goto out; @@ -145,7 +146,7 @@ static int action_open_plain(void) params.hash ? 0 : key_size, 0, activate_flags); else { - r = crypt_get_key(_("Enter passphrase: "), + r = tools_get_key(_("Enter passphrase: "), &password, &passwordLen, opt_keyfile_offset, opt_keyfile_size, NULL, opt_timeout, @@ -192,6 +193,7 @@ static int action_open_loopaes(void) r = crypt_format(cd, CRYPT_LOOPAES, opt_cipher ?: DEFAULT_LOOPAES_CIPHER, NULL, NULL, NULL, key_size, ¶ms); + check_signal(&r); if (r < 0) goto out; @@ -222,7 +224,7 @@ static int action_open_tcrypt(void) goto out; /* TCRYPT header is encrypted, get passphrase now */ - r = crypt_get_key(_("Enter passphrase: "), + r = tools_get_key(_("Enter passphrase: "), CONST_CAST(char**)¶ms.passphrase, ¶ms.passphrase_size, 0, 0, NULL, opt_timeout, _verify_passphrase(0), cd); @@ -233,6 +235,7 @@ static int action_open_tcrypt(void) params.flags |= CRYPT_TCRYPT_HIDDEN_HEADER; r = crypt_load(cd, CRYPT_TCRYPT, ¶ms); + check_signal(&r); if (r < 0) goto out; @@ -303,7 +306,7 @@ static int action_tcryptDump(void) goto out; /* TCRYPT header is encrypted, get passphrase now */ - r = crypt_get_key(_("Enter passphrase: "), + r = tools_get_key(_("Enter passphrase: "), CONST_CAST(char**)¶ms.passphrase, ¶ms.passphrase_size, 0, 0, NULL, opt_timeout, _verify_passphrase(0), cd); @@ -314,6 +317,7 @@ static int action_tcryptDump(void) params.flags |= CRYPT_TCRYPT_HIDDEN_HEADER; r = crypt_load(cd, CRYPT_TCRYPT, ¶ms); + check_signal(&r); if (r < 0) goto out; @@ -460,6 +464,9 @@ static int action_benchmark(void) { "twofish", "xts", 64, 16 }, { NULL, NULL, 0, 0 } }; + static char *bkdfs[] = { + "sha1", "sha256", "sha512", "ripemd160", "whirlpool", NULL + }; char cipher[MAX_CIPHER_LEN], cipher_mode[MAX_CIPHER_LEN]; double enc_mbr = 0, dec_mbr = 0; int key_size = (opt_key_size ?: DEFAULT_PLAIN_KEYBITS); @@ -496,16 +503,18 @@ static int action_benchmark(void) } else if (r == -ENOENT) log_err(_("Cipher %s is not available.\n"), opt_cipher); } else { - action_benchmark_kdf("sha1"); - action_benchmark_kdf("sha256"); - action_benchmark_kdf("sha512"); - action_benchmark_kdf("ripemd160"); - action_benchmark_kdf("whirlpool"); + for (i = 0; bkdfs[i]; i++) { + r = action_benchmark_kdf(bkdfs[i]); + check_signal(&r); + if (r == -EINTR) + break; + } for (i = 0; bciphers[i].cipher; i++) { r = crypt_benchmark(NULL, bciphers[i].cipher, bciphers[i].mode, bciphers[i].key_size, bciphers[i].iv_size, buffer_size, &enc_mbr, &dec_mbr); - if (r == -ENOTSUP) + check_signal(&r); + if (r == -ENOTSUP || r == -EINTR) break; if (r == -ENOENT) skipped++; @@ -634,7 +643,7 @@ static int action_luksFormat(void) else if (opt_urandom) crypt_set_rng_type(cd, CRYPT_RNG_URANDOM); - r = crypt_get_key(_("Enter LUKS passphrase: "), &password, &passwordLen, + r = tools_get_key(_("Enter LUKS passphrase: "), &password, &passwordLen, opt_keyfile_offset, opt_keyfile_size, opt_key_file, opt_timeout, _verify_passphrase(1), cd); if (r < 0) @@ -648,6 +657,7 @@ static int action_luksFormat(void) r = crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, opt_uuid, key, keysize, ¶ms); + check_signal(&r); if (r < 0) goto out; @@ -744,7 +754,7 @@ static int verify_keyslot(struct crypt_device *cd, int key_slot, if (ki == CRYPT_SLOT_ACTIVE_LAST && msg_last && !yesDialog(msg_last, NULL)) return -EPERM; - r = crypt_get_key(msg_pass, &password, &passwordLen, + r = tools_get_key(msg_pass, &password, &passwordLen, keyfile_offset, keyfile_size, key_file, opt_timeout, _verify_passphrase(0), cd); if(r < 0) @@ -832,7 +842,7 @@ static int action_luksRemoveKey(void) if ((r = crypt_load(cd, CRYPT_LUKS1, NULL))) goto out; - r = crypt_get_key(_("Enter LUKS passphrase to be deleted: "), + r = tools_get_key(_("Enter LUKS passphrase to be deleted: "), &password, &passwordLen, opt_keyfile_offset, opt_keyfile_size, opt_key_file, opt_timeout, @@ -843,6 +853,7 @@ static int action_luksRemoveKey(void) r = crypt_activate_by_passphrase(cd, NULL, CRYPT_ANY_SLOT, password, passwordLen, 0); + check_signal(&r); if (r < 0) goto out; @@ -924,7 +935,7 @@ static int action_luksChangeKey(void) if (opt_iteration_time) crypt_set_iteration_time(cd, opt_iteration_time); - r = crypt_get_key(_("Enter LUKS passphrase to be changed: "), + r = tools_get_key(_("Enter LUKS passphrase to be changed: "), &password, &password_size, opt_keyfile_offset, opt_keyfile_size, opt_key_file, opt_timeout, _verify_passphrase(0), cd); @@ -934,10 +945,11 @@ static int action_luksChangeKey(void) /* Check password before asking for new one */ r = crypt_activate_by_passphrase(cd, NULL, opt_key_slot, password, password_size, 0); + check_signal(&r); if (r < 0) goto out; - r = crypt_get_key(_("Enter new LUKS passphrase: "), + r = tools_get_key(_("Enter new LUKS passphrase: "), &password_new, &password_new_size, opt_new_keyfile_offset, opt_new_keyfile_size, opt_new_key_file, @@ -1016,7 +1028,7 @@ static int luksDump_with_volume_key(struct crypt_device *cd) if (!vk) return -ENOMEM; - r = crypt_get_key(_("Enter LUKS passphrase: "), &password, &passwordLen, + r = tools_get_key(_("Enter LUKS passphrase: "), &password, &passwordLen, opt_keyfile_offset, opt_keyfile_size, opt_key_file, opt_timeout, 0, cd); if (r < 0) @@ -1024,6 +1036,7 @@ static int luksDump_with_volume_key(struct crypt_device *cd) r = crypt_volume_key_get(cd, CRYPT_ANY_SLOT, vk, &vk_size, password, passwordLen); + check_signal(&r); if (r < 0) goto out; @@ -1272,6 +1285,7 @@ static int run_action(struct action_type *action) if (action->required_memlock) crypt_memory_lock(NULL, 1); + set_int_handler(0); r = action->handler(); if (action->required_memlock) @@ -1280,6 +1294,7 @@ static int run_action(struct action_type *action) /* Some functions returns keyslot # */ if (r > 0) r = 0; + check_signal(&r); show_status(r); return translate_errno(r); diff --git a/src/cryptsetup.h b/src/cryptsetup.h index 3bc288ed..246f4073 100644 --- a/src/cryptsetup.h +++ b/src/cryptsetup.h @@ -72,7 +72,15 @@ int translate_errno(int r); extern volatile int quit; void set_int_block(int block); -void set_int_handler(void); +void set_int_handler(int block); +void check_signal(int *r); + +int tools_get_key(const char *prompt, + char **key, size_t *key_size, + size_t keyfile_offset, size_t keyfile_size_max, + const char *key_file, + int timeout, int verify, + struct crypt_device *cd); /* Log */ #define log_dbg(x...) clogger(NULL, CRYPT_LOG_DEBUG, __FILE__, __LINE__, x) diff --git a/src/cryptsetup_reencrypt.c b/src/cryptsetup_reencrypt.c index 0e0e91f2..16ab1003 100644 --- a/src/cryptsetup_reencrypt.c +++ b/src/cryptsetup_reencrypt.c @@ -795,7 +795,7 @@ static int copy_data(struct reenc_ctx *rc) goto out; } - set_int_handler(); + set_int_handler(0); gettimeofday(&rc->start_time, NULL); if (rc->reencrypt_direction == FORWARD) @@ -857,7 +857,7 @@ static int init_passphrase1(struct reenc_ctx *rc, struct crypt_device *cd, retry_count = opt_tries ?: 1; while (retry_count--) { - set_int_handler(); + set_int_handler(0); r = crypt_get_key(msg, &rc->p[slot].password, &rc->p[slot].passwordLen, 0, 0, NULL /*opt_key_file*/, diff --git a/src/utils_tools.c b/src/utils_tools.c index 035e3fc9..86836caf 100644 --- a/src/utils_tools.c +++ b/src/utils_tools.c @@ -28,6 +28,7 @@ int opt_batch_mode = 0; /* interrupt handling */ volatile int quit = 0; +static int signals_blocked = 0; static void int_handler(int sig __attribute__((__unused__))) { @@ -38,21 +39,54 @@ void set_int_block(int block) { sigset_t signals_open; + log_dbg("%slocking interruption on signal.", block ? "B" : "Unb"); + sigemptyset(&signals_open); sigaddset(&signals_open, SIGINT); sigaddset(&signals_open, SIGTERM); sigprocmask(block ? SIG_SETMASK : SIG_UNBLOCK, &signals_open, NULL); + signals_blocked = block; + quit = 0; } -void set_int_handler(void) +void set_int_handler(int block) { struct sigaction sigaction_open; + log_dbg("Installing SIGINT/SIGTERM handler."); memset(&sigaction_open, 0, sizeof(struct sigaction)); sigaction_open.sa_handler = int_handler; sigaction(SIGINT, &sigaction_open, 0); sigaction(SIGTERM, &sigaction_open, 0); - set_int_block(0); + set_int_block(block); +} + +void check_signal(int *r) +{ + if (quit && !*r) + *r = -EINTR; +} + +/* crypt_get_key() with signal handler */ +int tools_get_key(const char *prompt, + char **key, size_t *key_size, + size_t keyfile_offset, size_t keyfile_size_max, + const char *key_file, + int timeout, int verify, + struct crypt_device *cd) +{ + int r, block; + + block = signals_blocked; + if (block) + set_int_block(0); + + r = crypt_get_key(prompt, key, key_size, keyfile_offset, + keyfile_size_max, key_file, timeout, verify, cd); + if (block && !quit) + set_int_block(1); + + return r; } __attribute__((format(printf, 5, 6))) @@ -115,21 +149,30 @@ int yesDialog(const char *msg, void *usrptr __attribute__((unused))) { char *answer = NULL; size_t size = 0; - int r = 1; + int r = 1, block; + + block = signals_blocked; + if (block) + set_int_block(0); if(isatty(STDIN_FILENO) && !opt_batch_mode) { log_std("\nWARNING!\n========\n"); log_std("%s\n\nAre you sure? (Type uppercase yes): ", msg); if(getline(&answer, &size, stdin) == -1) { - perror("getline"); - free(answer); - return 0; - } - if(strcmp(answer, "YES\n")) r = 0; - free(answer); + /* Aborted by signal */ + if (!quit) + log_err(_("Error reading response from terminal.\n")); + else + log_dbg("Query interrupted on signal."); + } else if(strcmp(answer, "YES\n")) + r = 0; } + if (block && !quit) + set_int_block(1); + + free(answer); return r; }