diff --git a/lib/cli/Makemodule.am b/lib/cli/Makemodule.am index 749ca21f..7676a7d0 100644 --- a/lib/cli/Makemodule.am +++ b/lib/cli/Makemodule.am @@ -25,4 +25,5 @@ libcryptsetup_cli_la_LIBADD = \ libcryptsetup_cli_la_SOURCES = \ lib/utils_loop.c \ + lib/utils_io.c \ lib/cli/cli.c diff --git a/lib/cli/cli.c b/lib/cli/cli.c index e50772ef..39d60fbb 100644 --- a/lib/cli/cli.c +++ b/lib/cli/cli.c @@ -34,6 +34,7 @@ #include "nls.h" #include "utils_loop.h" +#include "utils_io.h" #include "libcryptsetup.h" #include "libcryptsetup_cli.h" #include "cli_internal.h" @@ -303,6 +304,38 @@ int crypt_cli_get_key(const char *prompt, return r; } +int crypt_cli_read_mk(const char *file, char **key, size_t keysize) +{ + int fd; + ssize_t ret; + + if (!keysize || !key) + return -EINVAL; + + *key = crypt_safe_alloc(keysize); + if (!*key) + return -ENOMEM; + + fd = open(file, O_RDONLY); + if (fd == -1) { + log_err(_("Cannot read keyfile %s."), file); + goto fail; + } + + ret = read_buffer(fd, *key, keysize); + if (ret < 0 || (size_t)ret != keysize) { + log_err(_("Cannot read %d bytes from keyfile %s."), keysize, file); + close(fd); + goto fail; + } + close(fd); + return 0; +fail: + crypt_safe_free(*key); + *key = NULL; + return -EINVAL; +} + static const struct tools_arg *find_arg_in_args(const char *name, const struct tools_arg *args, size_t args_len) { size_t i; diff --git a/lib/cli/libcryptsetup_cli.h b/lib/cli/libcryptsetup_cli.h index 6edd6875..96e1ec41 100644 --- a/lib/cli/libcryptsetup_cli.h +++ b/lib/cli/libcryptsetup_cli.h @@ -48,6 +48,8 @@ int crypt_cli_get_key(const char *prompt, int timeout, int verify, int pwquality, struct crypt_device *cd, struct crypt_cli *ctx); +int crypt_cli_read_mk(const char *file, char **key, size_t keysize); + bool crypt_cli_arg_set(struct crypt_cli *ctx, const char *name); int crypt_cli_arg_value(struct crypt_cli *ctx, const char *name, void *value); diff --git a/lib/cli/libcryptsetup_cli.sym b/lib/cli/libcryptsetup_cli.sym index f976932e..d3992017 100644 --- a/lib/cli/libcryptsetup_cli.sym +++ b/lib/cli/libcryptsetup_cli.sym @@ -1,6 +1,7 @@ CRYPTSETUP_CLI_1.0 { global: crypt_cli_get_key; + crypt_cli_read_mk; crypt_cli_arg_set; crypt_cli_arg_type; crypt_cli_arg_value; diff --git a/src/cryptsetup.c b/src/cryptsetup.c index 2ce6d047..6515dde6 100644 --- a/src/cryptsetup.c +++ b/src/cryptsetup.c @@ -1276,7 +1276,7 @@ static int _luksFormat(struct crypt_device **r_cd, char **r_password, size_t *r_ goto out; if (ARG_SET(OPT_MASTER_KEY_FILE_ID)) { - r = tools_read_mk(ARG_STR(OPT_MASTER_KEY_FILE_ID), &key, keysize); + r = crypt_cli_read_mk(ARG_STR(OPT_MASTER_KEY_FILE_ID), &key, keysize); if (r < 0) goto out; } @@ -1385,7 +1385,7 @@ static int action_open_luks(void) } else if (!keysize) keysize = ARG_UINT32(OPT_KEY_SIZE_ID) / 8; - r = tools_read_mk(ARG_STR(OPT_MASTER_KEY_FILE_ID), &key, keysize); + r = crypt_cli_read_mk(ARG_STR(OPT_MASTER_KEY_FILE_ID), &key, keysize); if (r < 0) goto out; r = crypt_activate_by_volume_key(cd, activated_name, @@ -1634,7 +1634,7 @@ static int luksAddUnboundKey(void) } if (ARG_SET(OPT_MASTER_KEY_FILE_ID)) { - r = tools_read_mk(ARG_STR(OPT_MASTER_KEY_FILE_ID), &key, keysize); + r = crypt_cli_read_mk(ARG_STR(OPT_MASTER_KEY_FILE_ID), &key, keysize); if (r < 0) goto out; @@ -1708,7 +1708,7 @@ static int action_luksAddKey(void) } else if (!keysize) keysize = ARG_UINT32(OPT_KEY_SIZE_ID) / 8; - r = tools_read_mk(ARG_STR(OPT_MASTER_KEY_FILE_ID), &key, keysize); + r = crypt_cli_read_mk(ARG_STR(OPT_MASTER_KEY_FILE_ID), &key, keysize); if (r < 0) goto out; diff --git a/src/cryptsetup.h b/src/cryptsetup.h index a7a7db2a..586e5729 100644 --- a/src/cryptsetup.h +++ b/src/cryptsetup.h @@ -109,7 +109,6 @@ int tools_is_cipher_null(const char *cipher); int tools_wipe_progress(uint64_t size, uint64_t offset, void *usrptr); int tools_reencrypt_progress(uint64_t size, uint64_t offset, void *usrptr); -int tools_read_mk(const char *file, char **key, int keysize); int tools_write_mk(const char *file, const char *key, int keysize); int tools_read_json_file(struct crypt_device *cd, const char *file, char **json, size_t *json_size); diff --git a/src/cryptsetup_reencrypt.c b/src/cryptsetup_reencrypt.c index 7c4488c3..3988900f 100644 --- a/src/cryptsetup_reencrypt.c +++ b/src/cryptsetup_reencrypt.c @@ -715,7 +715,7 @@ static int backup_luks_headers(struct reenc_ctx *rc) rc->p[rc->keyslot].password, rc->p[rc->keyslot].passwordLen); } else if (ARG_SET(OPT_MASTER_KEY_FILE_ID)) { log_dbg("Loading new key from file."); - r = tools_read_mk(ARG_STR(OPT_MASTER_KEY_FILE_ID), &key, key_size); + r = crypt_cli_read_mk(ARG_STR(OPT_MASTER_KEY_FILE_ID), &key, key_size); } if (r < 0) diff --git a/src/utils_password.c b/src/utils_password.c index b05ec7b9..d10ac912 100644 --- a/src/utils_password.c +++ b/src/utils_password.c @@ -20,7 +20,6 @@ */ #include "cryptsetup.h" -#include void tools_passphrase_msg(int r) { @@ -30,36 +29,6 @@ void tools_passphrase_msg(int r) log_err(_("No usable keyslot is available.")); } -int tools_read_mk(const char *file, char **key, int keysize) -{ - int fd; - - if (!keysize || !key) - return -EINVAL; - - *key = crypt_safe_alloc(keysize); - if (!*key) - return -ENOMEM; - - fd = open(file, O_RDONLY); - if (fd == -1) { - log_err(_("Cannot read keyfile %s."), file); - goto fail; - } - - if (read_buffer(fd, *key, keysize) != keysize) { - log_err(_("Cannot read %d bytes from keyfile %s."), keysize, file); - close(fd); - goto fail; - } - close(fd); - return 0; -fail: - crypt_safe_free(*key); - *key = NULL; - return -EINVAL; -} - int tools_write_mk(const char *file, const char *key, int keysize) { int fd, r = -EINVAL; diff --git a/src/veritysetup.c b/src/veritysetup.c index 9288a7a1..0d1d5d93 100644 --- a/src/veritysetup.c +++ b/src/veritysetup.c @@ -176,7 +176,7 @@ static int _activate(const char *dm_device, goto out; } signature_size = st.st_size; - r = tools_read_mk(ARG_STR(OPT_ROOT_HASH_SIGNATURE_ID), &signature, signature_size); + r = crypt_cli_read_mk(ARG_STR(OPT_ROOT_HASH_SIGNATURE_ID), &signature, signature_size); if (r < 0) { log_err(_("Cannot read signature file %s."), ARG_STR(OPT_ROOT_HASH_SIGNATURE_ID)); goto out;