Use only crypt_get_integrity_info in API.

Some other functions remain internal only.

Signed-off-by: Milan Broz <gmazyland@gmail.com>

lib/integrity/integrity.c

@@ -169,7 +169,7 @@ int INTEGRITY_tag_size(struct crypt_device *cd,
 
 int INTEGRITY_activate(struct crypt_device *cd,
 		       const char *name,
-		       struct crypt_params_integrity *params,
+		       const struct crypt_params_integrity *params,
 		       struct volume_key *vk,
 		       struct volume_key *journal_crypt_key,
 		       struct volume_key *journal_mac_key,
@@ -179,7 +179,6 @@ int INTEGRITY_activate(struct crypt_device *cd,
 	struct crypt_dm_active_device dmdi = {
 		.target      = DM_INTEGRITY,
 		.data_device = crypt_data_device(cd),
-		.size = crypt_get_integrity_sectors(cd),
 		.flags = flags,
 		.u.integrity = {
 			.offset = crypt_get_data_offset(cd),
@@ -192,6 +191,11 @@ int INTEGRITY_activate(struct crypt_device *cd,
 	};
 	int r;
 
+	r = INTEGRITY_data_sectors(cd, dmdi.data_device,
+				   dmdi.u.integrity.offset * SECTOR_SIZE, &dmdi.size);
+	if (r < 0)
+		return r;
+
 	if (params) {
 		dmdi.u.integrity.journal_size = params->journal_size;
 		dmdi.u.integrity.journal_watermark = params->journal_watermark;
@@ -221,7 +225,7 @@ int INTEGRITY_activate(struct crypt_device *cd,
 }
 
 int INTEGRITY_format(struct crypt_device *cd,
-		     struct crypt_params_integrity *params,
+		     const struct crypt_params_integrity *params,
 		     struct volume_key *journal_crypt_key,
 		     struct volume_key *journal_mac_key)
 {

lib/integrity/integrity.h

@@ -56,13 +56,13 @@ int INTEGRITY_tag_size(struct crypt_device *cd,
 		       const char *cipher_mode);
 
 int INTEGRITY_format(struct crypt_device *cd,
-		     struct crypt_params_integrity *params,
+		     const struct crypt_params_integrity *params,
 		     struct volume_key *journal_crypt_key,
 		     struct volume_key *journal_mac_key);
 
 int INTEGRITY_activate(struct crypt_device *cd,
 		       const char *name,
-		       struct crypt_params_integrity *params,
+		       const struct crypt_params_integrity *params,
 		       struct volume_key *vk,
 		       struct volume_key *journal_crypt_key,
 		       struct volume_key *journal_mac_key,

lib/internal.h

@@ -159,4 +159,9 @@ int crypt_wipe_device(struct crypt_device *cd,
 	int (*progress)(uint64_t size, uint64_t offset, void *usrptr),
 	void *usrptr);
 
+/* Internal integrity helpers */
+const char *crypt_get_integrity(struct crypt_device *cd);
+int crypt_get_integrity_key_size(struct crypt_device *cd);
+int crypt_get_integrity_tag_size(struct crypt_device *cd);
+
 #endif /* INTERNAL_H */

lib/libcryptsetup.h

@@ -419,6 +419,7 @@ struct crypt_params_integrity {
 	uint32_t sector_size;                /**< sector size in bytes */
 	uint32_t buffer_sectors;             /**< number of sectors in one buffer */
 	const char *integrity;               /**< integrity algorithm */
+	uint32_t integrity_key_size;         /**< integrity key size, info only */
 
 	const char *journal_integrity;       /**< journal integrity algorithm */
 	const char *journal_integrity_key;   /**< journal integrity key, only for crypt_load */
@@ -973,46 +974,6 @@ const char *crypt_get_cipher(struct crypt_device *cd);
  */
 const char *crypt_get_cipher_mode(struct crypt_device *cd);
 
-/**
- * Get cipher integrity mode used in device.
- *
- * @param cd crypt device handle
- *
- * @return used cipher mode e.g. "hmac(sha256)" or @e otherwise
- *
- */
-const char *crypt_get_integrity(struct crypt_device *cd);
-
-/**
- * Get size (in bytes) of integrity key (if present) for crypt device.
- *
- * @param cd crypt device handle
- *
- * @return integrity key size
- *
- */
-int crypt_get_integrity_key_size(struct crypt_device *cd);
-
-/**
- * Get size (in bytes) of integrity tag (if present) for crypt device.
- *
- * @param cd crypt device handle
- *
- * @return integrity tag size
- *
- */
-int crypt_get_integrity_tag_size(struct crypt_device *cd);
-
-/**
- * Get size (in bytes) of provided data sectors for integrity device.
- *
- * @param cd crypt device handle
- *
- * @return provided device size in 512-bytes sectors
- *
- */
-uint64_t crypt_get_integrity_sectors(struct crypt_device *cd);
-
 /**
  * Get device UUID.
  *

lib/libcryptsetup.sym

@@ -41,10 +41,6 @@ CRYPTSETUP_2.0 {
 		crypt_benchmark_pbkdf;
 		crypt_get_cipher;
 		crypt_get_cipher_mode;
-		crypt_get_integrity;
-		crypt_get_integrity_key_size;
-		crypt_get_integrity_tag_size;
-		crypt_get_integrity_sectors;
 		crypt_get_integrity_info;
 		crypt_get_uuid;
 		crypt_get_data_offset;

lib/setup.c

@@ -776,6 +776,7 @@ static int _crypt_load_integrity(struct crypt_device *cd,
 		// FIXME: check ENOMEM
 		if (params->integrity)
 			cd->u.integrity.params.integrity = strdup(params->integrity);
+		cd->u.integrity.params.integrity_key_size = params->integrity_key_size;
 		if (params->journal_integrity)
 			cd->u.integrity.params.journal_integrity = strdup(params->journal_integrity);
 		if (params->journal_crypt)
@@ -951,10 +952,17 @@ static int _init_by_name_integrity(struct crypt_device *cd, const char *name)
 		cd->u.integrity.params.journal_integrity = dmd.u.integrity.journal_integrity;
 		cd->u.integrity.params.journal_crypt = dmd.u.integrity.journal_crypt;
 
-		//FIXME init keys?
+		if (dmd.u.integrity.vk)
+			cd->u.integrity.params.integrity_key_size = dmd.u.integrity.vk->keylength;
+		if (dmd.u.integrity.journal_integrity_key)
+			cd->u.integrity.params.journal_integrity_key_size = dmd.u.integrity.journal_integrity_key->keylength;
+		if (dmd.u.integrity.journal_crypt_key)
+			cd->u.integrity.params.integrity_key_size = dmd.u.integrity.journal_crypt_key->keylength;
 	}
 out:
 	crypt_free_volume_key(dmd.u.integrity.vk);
+	crypt_free_volume_key(dmd.u.integrity.journal_integrity_key);
+	crypt_free_volume_key(dmd.u.integrity.journal_crypt_key);
 	device_free(dmd.data_device);
 	return r;
 }
@@ -2783,6 +2791,7 @@ const char *crypt_get_cipher_mode(struct crypt_device *cd)
 	return NULL;
 }
 
+/* INTERNAL only */
 const char *crypt_get_integrity(struct crypt_device *cd)
 {
 	if (isINTEGRITY(cd->type))
@@ -2791,6 +2800,7 @@ const char *crypt_get_integrity(struct crypt_device *cd)
 	return NULL;
 }
 
+/* INTERNAL only */
 int crypt_get_integrity_key_size(struct crypt_device *cd)
 {
 	if (isINTEGRITY(cd->type))
@@ -2799,6 +2809,7 @@ int crypt_get_integrity_key_size(struct crypt_device *cd)
 	return 0;
 }
 
+/* INTERNAL only */
 int crypt_get_integrity_tag_size(struct crypt_device *cd)
 {
 	if (isINTEGRITY(cd->type))
@@ -2807,20 +2818,6 @@ int crypt_get_integrity_tag_size(struct crypt_device *cd)
 	return 0;
 }
 
-uint64_t crypt_get_integrity_sectors(struct crypt_device *cd)
-{
-	uint64_t sectors;
-
-	if (!isINTEGRITY(cd->type))
-		return 0;
-
-	if (INTEGRITY_data_sectors(cd, crypt_data_device(cd),
-		crypt_get_data_offset(cd) * SECTOR_SIZE, &sectors) < 0)
-		return 0;
-
-	return sectors;
-}
-
 int crypt_get_sector_size(struct crypt_device *cd)
 {
 	if (isINTEGRITY(cd->type))
@@ -2969,28 +2966,32 @@ int crypt_get_verity_info(struct crypt_device *cd,
 int crypt_get_integrity_info(struct crypt_device *cd,
 	struct crypt_params_integrity *ip)
 {
-	if (!isINTEGRITY(cd->type) || !ip)
+	if (!cd || !ip)
 		return -EINVAL;
 
-	ip->journal_size = cd->u.integrity.params.journal_size;
-	ip->journal_watermark = cd->u.integrity.params.journal_watermark;
-	ip->journal_commit_time = cd->u.integrity.params.journal_commit_time;
-	ip->interleave_sectors = cd->u.integrity.params.interleave_sectors;
-	ip->tag_size = cd->u.integrity.params.tag_size;
-	ip->sector_size = cd->u.integrity.params.sector_size;
-	ip->buffer_sectors = cd->u.integrity.params.buffer_sectors;
+	if (isINTEGRITY(cd->type)) {
+		ip->journal_size = cd->u.integrity.params.journal_size;
+		ip->journal_watermark = cd->u.integrity.params.journal_watermark;
+		ip->journal_commit_time = cd->u.integrity.params.journal_commit_time;
+		ip->interleave_sectors = cd->u.integrity.params.interleave_sectors;
+		ip->tag_size = cd->u.integrity.params.tag_size;
+		ip->sector_size = cd->u.integrity.params.sector_size;
+		ip->buffer_sectors = cd->u.integrity.params.buffer_sectors;
 
-	ip->integrity = cd->u.integrity.params.integrity;
+		ip->integrity = cd->u.integrity.params.integrity;
+		ip->integrity_key_size = crypt_get_integrity_key_size(cd);
 
-	ip->journal_integrity = cd->u.integrity.params.journal_integrity;
-	ip->journal_integrity_key_size = cd->u.integrity.params.journal_integrity_key_size;
-	ip->journal_integrity_key = NULL;
+		ip->journal_integrity = cd->u.integrity.params.journal_integrity;
+		ip->journal_integrity_key_size = cd->u.integrity.params.journal_integrity_key_size;
+		ip->journal_integrity_key = NULL;
 
-	ip->journal_crypt = cd->u.integrity.params.journal_crypt;
-	ip->journal_crypt_key_size = cd->u.integrity.params.journal_crypt_key_size;
-	ip->journal_crypt_key = NULL;
+		ip->journal_crypt = cd->u.integrity.params.journal_crypt;
+		ip->journal_crypt_key_size = cd->u.integrity.params.journal_crypt_key_size;
+		ip->journal_crypt_key = NULL;
+		return 0;
+	}
 
-	return 0;
+	return -ENOTSUP;
 }
 
 int crypt_get_active_device(struct crypt_device *cd, const char *name,

src/integritysetup.c

@@ -101,6 +101,7 @@ static int _read_keys(char **integrity_key, struct crypt_params_integrity *param
 		r = _read_mk(opt_integrity_key_file, &int_key, opt_integrity_key_size);
 		if (r < 0)
 			return r;
+		params->integrity_key_size = opt_integrity_key_size;
 	}
 
 	if (opt_journal_integrity_key_file) {