eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-05 16:00:05 +01:00
Code Issues Packages Projects Releases Wiki Activity

Refactor and unify naming conventions for internal keyring helpers.

Browse Source 
Functions related to uploading/unlinking volume keys in user
requested kernel keyrings are named as follows:

crypt_single_volume_key_load_in_custom_keyring
crypt_volume_key_load_in_custom_keyring
crypt_unlink_key_from_custom_keyring

helpers for unlinking LUKS2 volume keys from thread keyring:

crypt_unlink_key_from_thread_keyring
crypt_unlink_key_by_description_from_thread_keyring
This commit is contained in:
Ondrej Kozina
2025-02-17 17:05:49 +01:00
committed by Milan Broz
parent c9edd942e8
commit 5615488196
4 changed files with 35 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
lib/internal.h
View File

@@ -245,7 +245,11 @@ int crypt_keyring_get_key_by_name(struct crypt_device *cd,
char **key, char **key,
size_t *key_size); size_t *key_size);
int crypt_use_keyring_for_vk(struct crypt_device *cd); int crypt_use_keyring_for_vk(struct crypt_device *cd);
void crypt_drop_keyring_key_by_description(struct crypt_device *cd, const char *key_description, key_type_t ktype); void crypt_unlink_key_from_thread_keyring(struct crypt_device *cd,
key_serial_t key_id);
void crypt_unlink_key_by_description_from_thread_keyring(struct crypt_device *cd,
const char *key_description,
key_type_t ktype);
void crypt_drop_uploaded_keyring_key(struct crypt_device *cd, struct volume_key *vks); void crypt_drop_uploaded_keyring_key(struct crypt_device *cd, struct volume_key *vks);
static inline uint64_t compact_version(uint16_t major, uint16_t minor, uint16_t patch, uint16_t release) static inline uint64_t compact_version(uint16_t major, uint16_t minor, uint16_t patch, uint16_t release)

4
lib/luks2/luks2_json_metadata.c
View File

@@ -2894,7 +2894,7 @@ int LUKS2_deactivate(struct crypt_device *cd, const char *name, struct luks2_hdr
tgt = &dmdc.segment; tgt = &dmdc.segment;
while (tgt) { while (tgt) {
if (tgt->type == DM_CRYPT) if (tgt->type == DM_CRYPT)
crypt_drop_keyring_key_by_description(cd, crypt_volume_key_description(tgt->u.crypt.vk), crypt_unlink_key_by_description_from_thread_keyring(cd, crypt_volume_key_description(tgt->u.crypt.vk),
LOGON_KEY); LOGON_KEY);
tgt = tgt->next; tgt = tgt->next;
} }
@@ -2930,7 +2930,7 @@ int LUKS2_deactivate(struct crypt_device *cd, const char *name, struct luks2_hdr
tgt = &dmdc.segment; tgt = &dmdc.segment;
while (tgt) { while (tgt) {
if (tgt->type == DM_CRYPT) if (tgt->type == DM_CRYPT)
crypt_drop_keyring_key_by_description(cd, crypt_volume_key_description(tgt->u.crypt.vk), crypt_unlink_key_by_description_from_thread_keyring(cd, crypt_volume_key_description(tgt->u.crypt.vk),
LOGON_KEY); LOGON_KEY);
tgt = tgt->next; tgt = tgt->next;
} }

45
lib/setup.c
View File

@@ -4203,7 +4203,7 @@ int crypt_suspend(struct crypt_device *cd,
log_err(cd, _("Error during suspending device %s."), iname); log_err(cd, _("Error during suspending device %s."), iname);
} }
crypt_drop_keyring_key_by_description(cd, key_desc, cd->keyring_key_type); crypt_unlink_key_by_description_from_thread_keyring(cd, key_desc, cd->keyring_key_type);
if (dm_opal_uuid && crypt_data_device(cd)) { if (dm_opal_uuid && crypt_data_device(cd)) {
r = opal_exclusive_lock(cd, crypt_data_device(cd), &opal_lh); r = opal_exclusive_lock(cd, crypt_data_device(cd), &opal_lh);
@@ -4270,7 +4270,9 @@ static void crypt_unlink_key_from_custom_keyring(struct crypt_device *cd, key_se
log_err(cd, _("Failed to unlink volume key from user specified keyring.")); log_err(cd, _("Failed to unlink volume key from user specified keyring."));
} }
static key_serial_t crypt_single_volume_key_load_in_user_keyring(struct crypt_device *cd, struct volume_key *vk, const char *user_key_name) static key_serial_t crypt_single_volume_key_load_in_custom_keyring(struct crypt_device *cd,
struct volume_key *vk,
const char *user_key_name)
{ {
key_serial_t kid; key_serial_t kid;
const char *type_name; const char *type_name;
@@ -4294,7 +4296,10 @@ static key_serial_t crypt_single_volume_key_load_in_user_keyring(struct crypt_de
return kid; return kid;
} }
static int crypt_volume_key_load_in_user_keyring(struct crypt_device *cd, struct volume_key *vk, key_serial_t *kid1_out, key_serial_t *kid2_out) static int crypt_volume_key_load_in_custom_keyring(struct crypt_device *cd,
struct volume_key *vk,
key_serial_t *kid1_out,
key_serial_t *kid2_out)
{ {
key_serial_t kid1, kid2 = 0; key_serial_t kid1, kid2 = 0;
@@ -4305,14 +4310,14 @@ static int crypt_volume_key_load_in_user_keyring(struct crypt_device *cd, struct
if (!vk || !key_type_name(cd->keyring_key_type)) if (!vk || !key_type_name(cd->keyring_key_type))
return -EINVAL; return -EINVAL;
kid1 = crypt_single_volume_key_load_in_user_keyring(cd, vk, cd->user_key_name1); kid1 = crypt_single_volume_key_load_in_custom_keyring(cd, vk, cd->user_key_name1);
if (kid1 <= 0) if (kid1 <= 0)
return -EINVAL; return -EINVAL;
vk = crypt_volume_key_next(vk); vk = crypt_volume_key_next(vk);
if (vk) { if (vk) {
assert(cd->user_key_name2); assert(cd->user_key_name2);
kid2 = crypt_single_volume_key_load_in_user_keyring(cd, vk, cd->user_key_name2); kid2 = crypt_single_volume_key_load_in_custom_keyring(cd, vk, cd->user_key_name2);
if (kid2 <= 0) { if (kid2 <= 0) {
crypt_unlink_key_from_custom_keyring(cd, kid1); crypt_unlink_key_from_custom_keyring(cd, kid1);
return -EINVAL; return -EINVAL;
@@ -4382,7 +4387,7 @@ static int resume_luks2_by_volume_key(struct crypt_device *cd,
/* upload volume key in custom keyring if requested */ /* upload volume key in custom keyring if requested */
if (cd->link_vk_to_keyring) { if (cd->link_vk_to_keyring) {
r = crypt_volume_key_load_in_user_keyring(cd, vk, &kid1, &kid2); r = crypt_volume_key_load_in_custom_keyring(cd, vk, &kid1, &kid2);
if (r < 0) { if (r < 0) {
log_err(cd, _("Failed to link volume key in user defined keyring.")); log_err(cd, _("Failed to link volume key in user defined keyring."));
goto out; goto out;
@@ -5558,7 +5563,7 @@ int crypt_activate_by_keyslot_context(struct crypt_device *cd,
/* upload the volume key in custom user keyring if requested */ /* upload the volume key in custom user keyring if requested */
if (cd->link_vk_to_keyring) { if (cd->link_vk_to_keyring) {
r = crypt_volume_key_load_in_user_keyring(cd, vk, &kid1, &kid2); r = crypt_volume_key_load_in_custom_keyring(cd, vk, &kid1, &kid2);
if (r < 0) { if (r < 0) {
log_err(cd, _("Failed to link volume key in user defined keyring.")); log_err(cd, _("Failed to link volume key in user defined keyring."));
goto out; goto out;
@@ -7574,7 +7579,18 @@ void crypt_set_key_in_keyring(struct crypt_device *cd, unsigned key_in_keyring)
} }
/* internal only */ /* internal only */
void crypt_drop_keyring_key_by_description(struct crypt_device *cd, const char *key_description, key_type_t ktype) void crypt_unlink_key_from_thread_keyring(struct crypt_device *cd,
key_serial_t key_id)
{
log_dbg(cd, "Unlinking volume key (id: %" PRIi32 ") from thread keyring.", key_id);
if (keyring_unlink_key_from_thread_keyring(key_id))
log_dbg(cd, "keyring_unlink_key_from_thread_keyring failed with errno %d.", errno);
}
void crypt_unlink_key_by_description_from_thread_keyring(struct crypt_device *cd,
const char *key_description,
key_type_t ktype)
{ {
key_serial_t kid; key_serial_t kid;
const char *type_name = key_type_name(ktype); const char *type_name = key_type_name(ktype);
@@ -7582,7 +7598,7 @@ void crypt_drop_keyring_key_by_description(struct crypt_device *cd, const char *
if (!key_description || !type_name) if (!key_description || !type_name)
return; return;
log_dbg(cd, "Requesting kernel key %s (type %s) for unlink from thread keyring.", key_description, type_name); log_dbg(cd, "Requesting kernel key %s (type %s).", key_description, type_name);
crypt_set_key_in_keyring(cd, 0); crypt_set_key_in_keyring(cd, 0);
@@ -7595,14 +7611,7 @@ void crypt_drop_keyring_key_by_description(struct crypt_device *cd, const char *
return; return;
} }
log_dbg(cd, "Unlinking volume key (id: %" PRIi32 ") from thread keyring.", kid); crypt_unlink_key_from_thread_keyring(cd, kid);
if (!keyring_unlink_key_from_thread_keyring(kid))
return;
log_dbg(cd, "keyring_unlink_key_from_thread_keyring failed with errno %d.", errno);
log_err(cd, _("Failed to unlink volume key from thread keyring."));
} }
int crypt_set_keyring_to_link(struct crypt_device *cd, const char *key_description, int crypt_set_keyring_to_link(struct crypt_device *cd, const char *key_description,
@@ -7675,7 +7684,7 @@ void crypt_drop_uploaded_keyring_key(struct crypt_device *cd, struct volume_key
while (vk) { while (vk) {
if (crypt_volume_key_is_uploaded(vk)) if (crypt_volume_key_is_uploaded(vk))
crypt_drop_keyring_key_by_description(cd, crypt_volume_key_description(vk), LOGON_KEY); crypt_unlink_key_by_description_from_thread_keyring(cd, crypt_volume_key_description(vk), LOGON_KEY);
vk = crypt_volume_key_next(vk); vk = crypt_volume_key_next(vk);
} }
} }

2
lib/verity/verity.c
View File

@@ -384,7 +384,7 @@ int VERITY_activate(struct crypt_device *cd,
r = 0; r = 0;
out: out:
crypt_drop_keyring_key_by_description(cd, description, USER_KEY); crypt_unlink_key_by_description_from_thread_keyring(cd, description, USER_KEY);
free(description); free(description);
dm_targets_free(cd, &dmd); dm_targets_free(cd, &dmd);
return r; return r;