diff --git a/lib/libcryptsetup.h b/lib/libcryptsetup.h index 38001cbf..11340e14 100644 --- a/lib/libcryptsetup.h +++ b/lib/libcryptsetup.h @@ -155,61 +155,6 @@ void crypt_set_confirm_callback(struct crypt_device *cd, int (*confirm)(const char *msg, void *usrptr), void *usrptr); -/** - * Set password query callback. DEPRECATED - * - * If code need @e _interactive_ query for password, this callback is called. - * If not defined, compiled-in default is called (uses terminal input). - * - * Callback should return length of password in buffer - * or negative errno value in case of error. - * - * @param cd crypt device handle - * @param password user defined password callback reference - * @param usrptr provided identification in callback - * @param msg Message for user - * @param buf buffer for password - * @param length size of buffer - * - * @note Note that if this function is defined, verify option is ignored - * (caller which provided callback is responsible for password verification) - * @note Only zero terminated passwords can be entered this way, for complex - * use API functions directly. - * @note Maximal length of password is limited to @e length @e - @e 1 (minimal 511 chars) - * @note This function is DEPRECATED and will be removed in future versions. - * - * @see Callback function is used in these call provided, that certain conditions are met: - * @li crypt_keyslot_add_by_passphrase - * @li crypt_activate_by_passphrase - * @li crypt_resume_by_passphrase - * @li crypt_resume_by_keyfile - * @li crypt_keyslot_add_by_keyfile - * @li crypt_keyslot_add_by_volume_key - * - */ -void crypt_set_password_callback(struct crypt_device *cd, - int (*password)(const char *msg, char *buf, size_t length, void *usrptr), - void *usrptr); - -/** - * Set timeout for interactive password entry using default - * password callback. DEPRECATED - * - * @param cd crypt device handle - * @param timeout_sec timeout in seconds - */ -void crypt_set_timeout(struct crypt_device *cd, uint64_t timeout_sec); - -/** - * Set number of retries in case password input has been incorrect. DEPRECATED. - * - * @param cd crypt device handle - * @param tries the number - * - * @note This function is DEPRECATED and will be removed in future versions. - */ -void crypt_set_password_retry(struct crypt_device *cd, int tries); - /** * Set how long should cryptsetup iterate in PBKDF2 function. * Default value heads towards the iterations which takes around 1 second. @@ -218,19 +163,6 @@ void crypt_set_password_retry(struct crypt_device *cd, int tries); * @param iteration_time_ms the time in ms */ void crypt_set_iteration_time(struct crypt_device *cd, uint64_t iteration_time_ms); -/* Don't ask :-) */ -void crypt_set_iterarion_time(struct crypt_device *cd, uint64_t iteration_time_ms); - -/** - * Set whether passphrase will be verified on input - * (user has to input same passphrase twice). DEPRECATED - * - * @param cd crypt device handle - * @param password_verify @e 0 = false, @e !0 true - * - * @note This function is DEPRECATED and will be removed in future versions. - */ -void crypt_set_password_verify(struct crypt_device *cd, int password_verify); /** * Set data device @@ -540,8 +472,6 @@ int crypt_suspend(struct crypt_device *cd, * @return unlocked key slot number or negative errno otherwise. * * @note Only LUKS device type is supported - * @note If passphrase is @e NULL always use crypt_set_password_callback. - * Internal terminal password query is DEPRECATED and will be removed in next version. */ int crypt_resume_by_passphrase(struct crypt_device *cd, const char *name, @@ -560,9 +490,6 @@ int crypt_resume_by_passphrase(struct crypt_device *cd, * @param keyfile_offset number of bytes to skip at start of keyfile * * @return unlocked key slot number or negative errno otherwise. - * - * @note If passphrase is @e NULL always use crypt_set_password_callback. - * Internal terminal password query is DEPRECATED and will be removed in next version. */ int crypt_resume_by_keyfile_offset(struct crypt_device *cd, const char *name, @@ -609,9 +536,6 @@ void crypt_free(struct crypt_device *cd); * @param new_passphrase_size size of @e new_passphrase (binary data) * * @return allocated key slot number or negative errno otherwise. - * - * @note If passphrase is @e NULL always use crypt_set_password_callback. - * Internal terminal password query is DEPRECATED and will be removed in next version. */ int crypt_keyslot_add_by_passphrase(struct crypt_device *cd, int keyslot, @@ -638,9 +562,6 @@ int crypt_keyslot_add_by_passphrase(struct crypt_device *cd, * @note This function is just internal implementation of luksChange * command to avoid reading of volume key outside libcryptsetup boundary * in FIPS mode. - * - * @note If passphrase is @e NULL always use crypt_set_password_callback. - * Internal terminal password query is DEPRECATED and will be removed in next version. */ int crypt_keyslot_change_by_passphrase(struct crypt_device *cd, int keyslot_old, @@ -665,9 +586,6 @@ int crypt_keyslot_change_by_passphrase(struct crypt_device *cd, * @param new_keyfile_offset number of bytes to skip at start of new_keyfile * * @return allocated key slot number or negative errno otherwise. - * - * @note Note that @e keyfile can be "-" for STDIN. This special handling is DEPRECATED - * and will be removed in next version. */ int crypt_keyslot_add_by_keyfile_offset(struct crypt_device *cd, int keyslot, @@ -700,9 +618,6 @@ int crypt_keyslot_add_by_keyfile(struct crypt_device *cd, * @param passphrase_size size of passphrase * * @return allocated key slot number or negative errno otherwise. - * - * @note If passphrase is @e NULL always use crypt_set_password_callback. - * Internal terminal password query is DEPRECATED and will be removed in next version. */ int crypt_keyslot_add_by_volume_key(struct crypt_device *cd, int keyslot, @@ -791,9 +706,6 @@ int crypt_get_active_device(struct crypt_device *cd, * @param flags activation flags * * @return unlocked key slot number or negative errno otherwise. - * - * @note If passphrase is @e NULL always use crypt_set_password_callback. - * Internal terminal password query is DEPRECATED and will be removed in next version. */ int crypt_activate_by_passphrase(struct crypt_device *cd, const char *name, diff --git a/lib/libcryptsetup.sym b/lib/libcryptsetup.sym index 615bc6bc..ca9a5017 100644 --- a/lib/libcryptsetup.sym +++ b/lib/libcryptsetup.sym @@ -5,12 +5,7 @@ CRYPTSETUP_1.0 { crypt_init_by_name_and_header; crypt_set_log_callback; crypt_set_confirm_callback; - crypt_set_password_callback; - crypt_set_timeout; - crypt_set_password_retry; - crypt_set_iterarion_time; crypt_set_iteration_time; - crypt_set_password_verify; crypt_set_uuid; crypt_set_data_device; diff --git a/lib/setup.c b/lib/setup.c index 8246a4d5..fa0a04bc 100644 --- a/lib/setup.c +++ b/lib/setup.c @@ -43,10 +43,7 @@ struct crypt_device { struct device *metadata_device; struct volume_key *volume_key; - uint64_t timeout; uint64_t iteration_time; - int tries; - int password_verify; int rng_type; // FIXME: private binary headers and access it properly @@ -93,8 +90,6 @@ struct crypt_device { void *log_usrptr; int (*confirm)(const char *msg, void *usrptr); void *confirm_usrptr; - int (*password)(const char *msg, char *buf, size_t length, void *usrptr); - void *password_usrptr; /* last error message */ char error[MAX_ERROR_LENGTH]; @@ -476,14 +471,6 @@ void crypt_set_confirm_callback(struct crypt_device *cd, cd->confirm_usrptr = usrptr; } -void crypt_set_password_callback(struct crypt_device *cd, - int (*password)(const char *msg, char *buf, size_t length, void *usrptr), - void *usrptr) -{ - cd->password = password; - cd->password_usrptr = usrptr; -} - static void _get_error(char *error, char *buf, size_t size) { if (!buf || size < 1) @@ -535,8 +522,6 @@ int crypt_init(struct crypt_device **cd, const char *device) dm_backend_init(); h->iteration_time = 1000; - h->password_verify = 0; - h->tries = 3; h->rng_type = crypt_random_default_key_rng(); *cd = h; return 0; @@ -2212,33 +2197,11 @@ int crypt_volume_key_verify(struct crypt_device *cd, return r; } -void crypt_set_timeout(struct crypt_device *cd, uint64_t timeout_sec) -{ - log_dbg("Timeout set to %" PRIu64 " miliseconds.", timeout_sec); - cd->timeout = timeout_sec; -} - -void crypt_set_password_retry(struct crypt_device *cd, int tries) -{ - log_dbg("Password retry count set to %d.", tries); - cd->tries = tries; -} - void crypt_set_iteration_time(struct crypt_device *cd, uint64_t iteration_time_ms) { log_dbg("Iteration time set to %" PRIu64 " miliseconds.", iteration_time_ms); cd->iteration_time = iteration_time_ms; } -void crypt_set_iterarion_time(struct crypt_device *cd, uint64_t iteration_time_ms) -{ - crypt_set_iteration_time(cd, iteration_time_ms); -} - -void crypt_set_password_verify(struct crypt_device *cd, int password_verify) -{ - log_dbg("Password verification %s.", password_verify ? "enabled" : "disabled"); - cd->password_verify = password_verify ? 1 : 0; -} void crypt_set_rng_type(struct crypt_device *cd, int rng_type) { diff --git a/python/pycryptsetup-test.py b/python/pycryptsetup-test.py index c57348b1..ccc9342e 100755 --- a/python/pycryptsetup-test.py +++ b/python/pycryptsetup-test.py @@ -40,9 +40,6 @@ def askyes(txt): print("Question:", txt) return 1 -def askpassword(txt): - return PASSWORD - def print_status(c): r = c.status() print("status :",end="") @@ -64,8 +61,7 @@ c = pycryptsetup.CryptSetup( device = IMG, name = DEVICE, yesDialog = askyes, - logFunc = log, - passwordDialog = askpassword) + logFunc = log) #c.debugLevel(pycryptsetup.CRYPT_DEBUG_ALL); c.debugLevel(pycryptsetup.CRYPT_DEBUG_NONE); @@ -108,16 +104,14 @@ c = pycryptsetup.CryptSetup( device = IMG, name = DEVICE, yesDialog = askyes, - logFunc = log, - passwordDialog = askpassword) + logFunc = log) print("activate:", c.activate(name = DEVICE, passphrase = PASSWORD)) c2 = pycryptsetup.CryptSetup( name = DEVICE, yesDialog = askyes, - logFunc = log, - passwordDialog = askpassword) + logFunc = log) info = c2.info() print("cipher :", info["cipher"]) diff --git a/python/pycryptsetup.c b/python/pycryptsetup.c index 6dcda094..6f193c2d 100644 --- a/python/pycryptsetup.c +++ b/python/pycryptsetup.c @@ -58,7 +58,6 @@ typedef struct { /* Callbacks */ PyObject *yesDialogCB; PyObject *cmdLineLogCB; - PyObject *passwordDialogCB; } CryptSetupObject; static int yesDialog(const char *msg, void *this) @@ -88,41 +87,6 @@ static int yesDialog(const char *msg, void *this) return 1; } -static int passwordDialog(const char *msg, char *buf, size_t length, void *this) -{ - CryptSetupObject *self = this; - PyObject *result, *arglist; - size_t len; - char *res = NULL; - - if(self->passwordDialogCB){ - arglist = Py_BuildValue("(s)", msg); - if (!arglist) - return -ENOMEM; - - result = PyEval_CallObject(self->passwordDialogCB, arglist); - Py_DECREF(arglist); - - if (!result) - return -EINVAL; - - if (!PyArg_Parse(result, "z", &res)) { - Py_DECREF(result); - return -EINVAL; - } - - strncpy(buf, res, length - 1); - len = strlen(res); - - memset(res, 0, len); - Py_DECREF(result); - - return (int)len; - } - - return -EINVAL; -} - static void cmdLineLog(int cls, const char *msg, void *this) { CryptSetupObject *self = this; @@ -144,7 +108,6 @@ static void CryptSetup_dealloc(CryptSetupObject* self) /* free the callbacks */ Py_XDECREF(self->yesDialogCB); Py_XDECREF(self->cmdLineLogCB); - Py_XDECREF(self->passwordDialogCB); free(self->activated_as); @@ -160,7 +123,6 @@ static PyObject *CryptSetup_new(PyTypeObject *type, PyObject *args, PyObject *kw if (self) { self->yesDialogCB = NULL; - self->passwordDialogCB = NULL; self->cmdLineLogCB = NULL; self->activated_as = NULL; } @@ -181,8 +143,8 @@ static PyObject *PyObjectResult(int is) static char CryptSetup_HELP[] = "CryptSetup object\n\n\ -constructor takes one to five arguments:\n\ - __init__(device, name, yesDialog, passwordDialog, logFunc)\n\n\ +constructor takes one to four arguments:\n\ + __init__(device, name, yesDialog, logFunc)\n\n\ yesDialog - python function with func(text) signature, \n\ which asks the user question text and returns 1\n\ of the answer was positive or 0 if not\n\ @@ -190,16 +152,15 @@ constructor takes one to five arguments:\n\ static int CryptSetup_init(CryptSetupObject* self, PyObject *args, PyObject *kwds) { - static const char *kwlist[] = {"device", "name", "yesDialog", "passwordDialog", "logFunc", NULL}; + static const char *kwlist[] = {"device", "name", "yesDialog", "logFunc", NULL}; PyObject *yesDialogCB = NULL, - *passwordDialogCB = NULL, *cmdLineLogCB = NULL, *tmp = NULL; char *device = NULL, *deviceName = NULL; int r; - if (!PyArg_ParseTupleAndKeywords(args, kwds, "|zzOOO", CONST_CAST(char**)kwlist, &device, &deviceName, - &yesDialogCB, &passwordDialogCB, &cmdLineLogCB)) + if (!PyArg_ParseTupleAndKeywords(args, kwds, "|zzOO", CONST_CAST(char**)kwlist, &device, &deviceName, + &yesDialogCB, &cmdLineLogCB)) return -1; if (device) { @@ -235,14 +196,6 @@ static int CryptSetup_init(CryptSetupObject* self, PyObject *args, PyObject *kwd crypt_set_confirm_callback(self->device, yesDialog, self); } - if (passwordDialogCB) { - tmp = self->passwordDialogCB; - Py_INCREF(passwordDialogCB); - self->passwordDialogCB = passwordDialogCB; - Py_XDECREF(tmp); - crypt_set_password_callback(self->device, passwordDialog, self); - } - if (cmdLineLogCB) { tmp = self->cmdLineLogCB; Py_INCREF(cmdLineLogCB); @@ -658,7 +611,6 @@ static PyObject *CryptSetup_iterationTime(CryptSetupObject* self, PyObject *args static PyMemberDef CryptSetup_members[] = { {CONST_CAST(char*)"yesDialogCB", T_OBJECT_EX, offsetof(CryptSetupObject, yesDialogCB), 0, CONST_CAST(char*)"confirmation dialog callback"}, {CONST_CAST(char*)"cmdLineLogCB", T_OBJECT_EX, offsetof(CryptSetupObject, cmdLineLogCB), 0, CONST_CAST(char*)"logging callback"}, - {CONST_CAST(char*)"passwordDialogCB", T_OBJECT_EX, offsetof(CryptSetupObject, passwordDialogCB), 0, CONST_CAST(char*)"password dialog callback"}, {NULL} }; diff --git a/src/cryptsetup.c b/src/cryptsetup.c index b59b68b9..db51036b 100644 --- a/src/cryptsetup.c +++ b/src/cryptsetup.c @@ -151,9 +151,6 @@ static int action_open_plain(void) if ((r = crypt_init(&cd, action_argv[0]))) goto out; - crypt_set_timeout(cd, opt_timeout); - crypt_set_password_retry(cd, opt_tries); - r = crypt_format(cd, CRYPT_PLAIN, cipher, cipher_mode, NULL, NULL, @@ -720,7 +717,6 @@ static int action_luksFormat(void) keysize = (opt_key_size ?: DEFAULT_LUKS1_KEYBITS) / 8; - crypt_set_timeout(cd, opt_timeout); if (opt_iteration_time) crypt_set_iteration_time(cd, opt_iteration_time); @@ -786,10 +782,6 @@ static int action_open_luks(void) goto out; } - crypt_set_timeout(cd, opt_timeout); - crypt_set_password_retry(cd, opt_tries); - crypt_set_password_verify(cd, _verify_passphrase(0)); - if (opt_iteration_time) crypt_set_iteration_time(cd, opt_iteration_time); @@ -803,7 +795,6 @@ static int action_open_luks(void) r = crypt_activate_by_volume_key(cd, activated_name, key, keysize, activate_flags); } else if (opt_key_file) { - crypt_set_password_retry(cd, 1); r = crypt_activate_by_keyfile_offset(cd, activated_name, opt_key_slot, opt_key_file, opt_keyfile_size, opt_keyfile_offset, activate_flags); @@ -870,7 +861,6 @@ static int action_luksKillSlot(void) goto out; crypt_set_confirm_callback(cd, yesDialog, NULL); - crypt_set_timeout(cd, opt_timeout); if ((r = crypt_load(cd, CRYPT_LUKS1, NULL))) goto out; @@ -913,7 +903,6 @@ static int action_luksRemoveKey(void) goto out; crypt_set_confirm_callback(cd, yesDialog, NULL); - crypt_set_timeout(cd, opt_timeout); if ((r = crypt_load(cd, CRYPT_LUKS1, NULL))) goto out; @@ -973,9 +962,6 @@ static int action_luksAddKey(void) opt_force_password = 1; keysize = crypt_get_volume_key_size(cd); - /* FIXME: lib cannot properly set verification for new/old passphrase */ - crypt_set_password_verify(cd, _verify_passphrase(0)); - crypt_set_timeout(cd, opt_timeout); if (opt_iteration_time) crypt_set_iteration_time(cd, opt_iteration_time); @@ -1233,10 +1219,6 @@ static int action_luksResume(void) if ((r = crypt_init_by_name_and_header(&cd, action_argv[0], uuid_or_device(opt_header_device)))) goto out; - crypt_set_timeout(cd, opt_timeout); - crypt_set_password_retry(cd, opt_tries); - crypt_set_password_verify(cd, _verify_passphrase(0)); - if (opt_key_file) r = crypt_resume_by_keyfile_offset(cd, action_argv[0], CRYPT_ANY_SLOT, opt_key_file, opt_keyfile_size, opt_keyfile_offset); diff --git a/src/cryptsetup_reencrypt.c b/src/cryptsetup_reencrypt.c index 7b206978..95091cf6 100644 --- a/src/cryptsetup_reencrypt.c +++ b/src/cryptsetup_reencrypt.c @@ -499,7 +499,6 @@ static int backup_luks_headers(struct reenc_ctx *rc) (r = crypt_load(cd, CRYPT_LUKS1, NULL))) goto out; - crypt_set_confirm_callback(cd, NULL, NULL); if ((r = crypt_header_backup(cd, CRYPT_LUKS1, rc->header_file_org))) goto out; log_verbose(_("LUKS header backup of device %s created.\n"), rc->device); @@ -646,7 +645,6 @@ static int restore_luks_header(struct reenc_ctx *rc) r = crypt_init(&cd, rc->device); if (r == 0) { - crypt_set_confirm_callback(cd, NULL, NULL); r = crypt_header_restore(cd, CRYPT_LUKS1, rc->header_file_new); } diff --git a/tests/api-test.c b/tests/api-test.c index 7fd85c2f..07b35e03 100644 --- a/tests/api-test.c +++ b/tests/api-test.c @@ -850,27 +850,6 @@ static void AddDevicePlain(void) crypt_free(cd); } -#define CALLBACK_ERROR "calback_error xyz" -static int pass_callback_err(const char *msg, char *buf, size_t length, void *usrptr) -{ - struct crypt_device *cd = usrptr; - - assert(cd); - assert(length); - assert(msg); - - crypt_log(cd, CRYPT_LOG_ERROR, CALLBACK_ERROR); - return -EINVAL; -} - -static int pass_callback_ok(const char *msg, char *buf, size_t length, void *usrptr) -{ - assert(length); - assert(msg); - strcpy(buf, PASSPHRASE); - return strlen(buf); -} - static void CallbacksTest(void) { struct crypt_device *cd; @@ -897,25 +876,13 @@ static void CallbacksTest(void) OK_(crypt_deactivate(cd, CDEVICE_1)); reset_log(); - crypt_set_password_callback(cd, pass_callback_err, cd); - FAIL_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, NULL, 0, 0), "callback fails"); - EQ_(strncmp(global_log, CALLBACK_ERROR, strlen(CALLBACK_ERROR)), 0); - - crypt_set_password_callback(cd, pass_callback_ok, NULL); - OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, NULL, 0, 0)); - EQ_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE); - OK_(crypt_deactivate(cd, CDEVICE_1)); - - // Check error reporting. - // This must fail and create error message - crypt_deactivate(cd, CDEVICE_1); - // Here context must be the same - crypt_get_error(buf1, sizeof(buf1)); - crypt_last_error(cd, buf2, sizeof(buf2)); - OK_(!*buf1); - OK_(!*buf2); - OK_(strcmp(buf1, buf2)); + //FIXME: password callback test was here + //crypt_get_error(buf1, sizeof(buf1)); + //crypt_last_error(cd, buf2, sizeof(buf2)); + //OK_(!*buf1); + //OK_(!*buf2); + //OK_(strcmp(buf1, buf2)); crypt_get_error(buf1, sizeof(buf1)); crypt_last_error(cd, buf2, sizeof(buf2));