From 3435f9cb2ce3b05a5be8ceee6a73f1fd3ac27476 Mon Sep 17 00:00:00 2001 From: Milan Broz Date: Sun, 6 Aug 2017 13:16:25 +0200 Subject: [PATCH] Use only crypt_get_integrity_info in API. Some other functions remain internal only. Signed-off-by: Milan Broz --- lib/integrity/integrity.c | 10 +++++-- lib/integrity/integrity.h | 4 +-- lib/internal.h | 5 ++++ lib/libcryptsetup.h | 41 +------------------------ lib/libcryptsetup.sym | 4 --- lib/setup.c | 63 ++++++++++++++++++++------------------- src/integritysetup.c | 1 + 7 files changed, 48 insertions(+), 80 deletions(-) diff --git a/lib/integrity/integrity.c b/lib/integrity/integrity.c index 3d68037a..88f24588 100644 --- a/lib/integrity/integrity.c +++ b/lib/integrity/integrity.c @@ -169,7 +169,7 @@ int INTEGRITY_tag_size(struct crypt_device *cd, int INTEGRITY_activate(struct crypt_device *cd, const char *name, - struct crypt_params_integrity *params, + const struct crypt_params_integrity *params, struct volume_key *vk, struct volume_key *journal_crypt_key, struct volume_key *journal_mac_key, @@ -179,7 +179,6 @@ int INTEGRITY_activate(struct crypt_device *cd, struct crypt_dm_active_device dmdi = { .target = DM_INTEGRITY, .data_device = crypt_data_device(cd), - .size = crypt_get_integrity_sectors(cd), .flags = flags, .u.integrity = { .offset = crypt_get_data_offset(cd), @@ -192,6 +191,11 @@ int INTEGRITY_activate(struct crypt_device *cd, }; int r; + r = INTEGRITY_data_sectors(cd, dmdi.data_device, + dmdi.u.integrity.offset * SECTOR_SIZE, &dmdi.size); + if (r < 0) + return r; + if (params) { dmdi.u.integrity.journal_size = params->journal_size; dmdi.u.integrity.journal_watermark = params->journal_watermark; @@ -221,7 +225,7 @@ int INTEGRITY_activate(struct crypt_device *cd, } int INTEGRITY_format(struct crypt_device *cd, - struct crypt_params_integrity *params, + const struct crypt_params_integrity *params, struct volume_key *journal_crypt_key, struct volume_key *journal_mac_key) { diff --git a/lib/integrity/integrity.h b/lib/integrity/integrity.h index 6199ffb4..b22a54eb 100644 --- a/lib/integrity/integrity.h +++ b/lib/integrity/integrity.h @@ -56,13 +56,13 @@ int INTEGRITY_tag_size(struct crypt_device *cd, const char *cipher_mode); int INTEGRITY_format(struct crypt_device *cd, - struct crypt_params_integrity *params, + const struct crypt_params_integrity *params, struct volume_key *journal_crypt_key, struct volume_key *journal_mac_key); int INTEGRITY_activate(struct crypt_device *cd, const char *name, - struct crypt_params_integrity *params, + const struct crypt_params_integrity *params, struct volume_key *vk, struct volume_key *journal_crypt_key, struct volume_key *journal_mac_key, diff --git a/lib/internal.h b/lib/internal.h index d6df7946..a6dd654c 100644 --- a/lib/internal.h +++ b/lib/internal.h @@ -159,4 +159,9 @@ int crypt_wipe_device(struct crypt_device *cd, int (*progress)(uint64_t size, uint64_t offset, void *usrptr), void *usrptr); +/* Internal integrity helpers */ +const char *crypt_get_integrity(struct crypt_device *cd); +int crypt_get_integrity_key_size(struct crypt_device *cd); +int crypt_get_integrity_tag_size(struct crypt_device *cd); + #endif /* INTERNAL_H */ diff --git a/lib/libcryptsetup.h b/lib/libcryptsetup.h index 2df5773a..d98095f8 100644 --- a/lib/libcryptsetup.h +++ b/lib/libcryptsetup.h @@ -419,6 +419,7 @@ struct crypt_params_integrity { uint32_t sector_size; /**< sector size in bytes */ uint32_t buffer_sectors; /**< number of sectors in one buffer */ const char *integrity; /**< integrity algorithm */ + uint32_t integrity_key_size; /**< integrity key size, info only */ const char *journal_integrity; /**< journal integrity algorithm */ const char *journal_integrity_key; /**< journal integrity key, only for crypt_load */ @@ -973,46 +974,6 @@ const char *crypt_get_cipher(struct crypt_device *cd); */ const char *crypt_get_cipher_mode(struct crypt_device *cd); -/** - * Get cipher integrity mode used in device. - * - * @param cd crypt device handle - * - * @return used cipher mode e.g. "hmac(sha256)" or @e otherwise - * - */ -const char *crypt_get_integrity(struct crypt_device *cd); - -/** - * Get size (in bytes) of integrity key (if present) for crypt device. - * - * @param cd crypt device handle - * - * @return integrity key size - * - */ -int crypt_get_integrity_key_size(struct crypt_device *cd); - -/** - * Get size (in bytes) of integrity tag (if present) for crypt device. - * - * @param cd crypt device handle - * - * @return integrity tag size - * - */ -int crypt_get_integrity_tag_size(struct crypt_device *cd); - -/** - * Get size (in bytes) of provided data sectors for integrity device. - * - * @param cd crypt device handle - * - * @return provided device size in 512-bytes sectors - * - */ -uint64_t crypt_get_integrity_sectors(struct crypt_device *cd); - /** * Get device UUID. * diff --git a/lib/libcryptsetup.sym b/lib/libcryptsetup.sym index 698b0ab3..66a5b54c 100644 --- a/lib/libcryptsetup.sym +++ b/lib/libcryptsetup.sym @@ -41,10 +41,6 @@ CRYPTSETUP_2.0 { crypt_benchmark_pbkdf; crypt_get_cipher; crypt_get_cipher_mode; - crypt_get_integrity; - crypt_get_integrity_key_size; - crypt_get_integrity_tag_size; - crypt_get_integrity_sectors; crypt_get_integrity_info; crypt_get_uuid; crypt_get_data_offset; diff --git a/lib/setup.c b/lib/setup.c index 54d873fd..1854f419 100644 --- a/lib/setup.c +++ b/lib/setup.c @@ -776,6 +776,7 @@ static int _crypt_load_integrity(struct crypt_device *cd, // FIXME: check ENOMEM if (params->integrity) cd->u.integrity.params.integrity = strdup(params->integrity); + cd->u.integrity.params.integrity_key_size = params->integrity_key_size; if (params->journal_integrity) cd->u.integrity.params.journal_integrity = strdup(params->journal_integrity); if (params->journal_crypt) @@ -951,10 +952,17 @@ static int _init_by_name_integrity(struct crypt_device *cd, const char *name) cd->u.integrity.params.journal_integrity = dmd.u.integrity.journal_integrity; cd->u.integrity.params.journal_crypt = dmd.u.integrity.journal_crypt; - //FIXME init keys? + if (dmd.u.integrity.vk) + cd->u.integrity.params.integrity_key_size = dmd.u.integrity.vk->keylength; + if (dmd.u.integrity.journal_integrity_key) + cd->u.integrity.params.journal_integrity_key_size = dmd.u.integrity.journal_integrity_key->keylength; + if (dmd.u.integrity.journal_crypt_key) + cd->u.integrity.params.integrity_key_size = dmd.u.integrity.journal_crypt_key->keylength; } out: crypt_free_volume_key(dmd.u.integrity.vk); + crypt_free_volume_key(dmd.u.integrity.journal_integrity_key); + crypt_free_volume_key(dmd.u.integrity.journal_crypt_key); device_free(dmd.data_device); return r; } @@ -2783,6 +2791,7 @@ const char *crypt_get_cipher_mode(struct crypt_device *cd) return NULL; } +/* INTERNAL only */ const char *crypt_get_integrity(struct crypt_device *cd) { if (isINTEGRITY(cd->type)) @@ -2791,6 +2800,7 @@ const char *crypt_get_integrity(struct crypt_device *cd) return NULL; } +/* INTERNAL only */ int crypt_get_integrity_key_size(struct crypt_device *cd) { if (isINTEGRITY(cd->type)) @@ -2799,6 +2809,7 @@ int crypt_get_integrity_key_size(struct crypt_device *cd) return 0; } +/* INTERNAL only */ int crypt_get_integrity_tag_size(struct crypt_device *cd) { if (isINTEGRITY(cd->type)) @@ -2807,20 +2818,6 @@ int crypt_get_integrity_tag_size(struct crypt_device *cd) return 0; } -uint64_t crypt_get_integrity_sectors(struct crypt_device *cd) -{ - uint64_t sectors; - - if (!isINTEGRITY(cd->type)) - return 0; - - if (INTEGRITY_data_sectors(cd, crypt_data_device(cd), - crypt_get_data_offset(cd) * SECTOR_SIZE, §ors) < 0) - return 0; - - return sectors; -} - int crypt_get_sector_size(struct crypt_device *cd) { if (isINTEGRITY(cd->type)) @@ -2969,28 +2966,32 @@ int crypt_get_verity_info(struct crypt_device *cd, int crypt_get_integrity_info(struct crypt_device *cd, struct crypt_params_integrity *ip) { - if (!isINTEGRITY(cd->type) || !ip) + if (!cd || !ip) return -EINVAL; - ip->journal_size = cd->u.integrity.params.journal_size; - ip->journal_watermark = cd->u.integrity.params.journal_watermark; - ip->journal_commit_time = cd->u.integrity.params.journal_commit_time; - ip->interleave_sectors = cd->u.integrity.params.interleave_sectors; - ip->tag_size = cd->u.integrity.params.tag_size; - ip->sector_size = cd->u.integrity.params.sector_size; - ip->buffer_sectors = cd->u.integrity.params.buffer_sectors; + if (isINTEGRITY(cd->type)) { + ip->journal_size = cd->u.integrity.params.journal_size; + ip->journal_watermark = cd->u.integrity.params.journal_watermark; + ip->journal_commit_time = cd->u.integrity.params.journal_commit_time; + ip->interleave_sectors = cd->u.integrity.params.interleave_sectors; + ip->tag_size = cd->u.integrity.params.tag_size; + ip->sector_size = cd->u.integrity.params.sector_size; + ip->buffer_sectors = cd->u.integrity.params.buffer_sectors; - ip->integrity = cd->u.integrity.params.integrity; + ip->integrity = cd->u.integrity.params.integrity; + ip->integrity_key_size = crypt_get_integrity_key_size(cd); - ip->journal_integrity = cd->u.integrity.params.journal_integrity; - ip->journal_integrity_key_size = cd->u.integrity.params.journal_integrity_key_size; - ip->journal_integrity_key = NULL; + ip->journal_integrity = cd->u.integrity.params.journal_integrity; + ip->journal_integrity_key_size = cd->u.integrity.params.journal_integrity_key_size; + ip->journal_integrity_key = NULL; - ip->journal_crypt = cd->u.integrity.params.journal_crypt; - ip->journal_crypt_key_size = cd->u.integrity.params.journal_crypt_key_size; - ip->journal_crypt_key = NULL; + ip->journal_crypt = cd->u.integrity.params.journal_crypt; + ip->journal_crypt_key_size = cd->u.integrity.params.journal_crypt_key_size; + ip->journal_crypt_key = NULL; + return 0; + } - return 0; + return -ENOTSUP; } int crypt_get_active_device(struct crypt_device *cd, const char *name, diff --git a/src/integritysetup.c b/src/integritysetup.c index a14a4877..9d6be4c2 100644 --- a/src/integritysetup.c +++ b/src/integritysetup.c @@ -101,6 +101,7 @@ static int _read_keys(char **integrity_key, struct crypt_params_integrity *param r = _read_mk(opt_integrity_key_file, &int_key, opt_integrity_key_size); if (r < 0) return r; + params->integrity_key_size = opt_integrity_key_size; } if (opt_journal_integrity_key_file) {