From 6df34886540699e165dc367a7f44bcc2332a38fd Mon Sep 17 00:00:00 2001 From: Ondrej Kozina Date: Tue, 26 Jan 2021 12:37:31 +0100 Subject: [PATCH] Add token handler version function prototype. Dynamicaly loaded token handlers should provide version string for debug purposes. --- lib/libcryptsetup.h | 11 +++++++++++ lib/luks2/luks2_internal.h | 1 + lib/luks2/luks2_token.c | 27 ++++++++++++++++++++++++++- 3 files changed, 38 insertions(+), 1 deletion(-) diff --git a/lib/libcryptsetup.h b/lib/libcryptsetup.h index d2e12cd3..08f70b0d 100644 --- a/lib/libcryptsetup.h +++ b/lib/libcryptsetup.h @@ -2205,6 +2205,16 @@ typedef int (*crypt_token_validate_func) (struct crypt_device *cd, const char *j */ typedef void (*crypt_token_dump_func) (struct crypt_device *cd, const char *json); +/** + * Token handler version function prototype. + * This function is supposed to return pointer to version string information. + * + * @note The returned string is advised to contain only version. + * For example '1.0.0' or 'v1.2.3.4'. + * + */ +typedef const char * (*crypt_token_version_func) (void); + /** * Token handler */ @@ -2234,6 +2244,7 @@ int crypt_token_register(const crypt_token_handler *handler); #define CRYPT_TOKEN_ABI_BUFFER_FREE "cryptsetup_token_buffer_free" #define CRYPT_TOKEN_ABI_VALIDATE "cryptsetup_token_validate" #define CRYPT_TOKEN_ABI_DUMP "cryptsetup_token_dump" +#define CRYPT_TOKEN_ABI_VERSION "cryptsetup_token_version" /** * Activate device or check key using a token. diff --git a/lib/luks2/luks2_internal.h b/lib/luks2/luks2_internal.h index 6a84a475..0095e1c2 100644 --- a/lib/luks2/luks2_internal.h +++ b/lib/luks2/luks2_internal.h @@ -184,6 +184,7 @@ struct crypt_token_handler_v2 { /* here ends v1. Do not touch anything above */ crypt_token_open_pin_func open_pin; + crypt_token_version_func version; void *dlhandle; }; diff --git a/lib/luks2/luks2_token.c b/lib/luks2/luks2_token.c index 191444f2..5d6a10ca 100644 --- a/lib/luks2/luks2_token.c +++ b/lib/luks2/luks2_token.c @@ -77,6 +77,24 @@ static bool token_validate_v1(struct crypt_device *cd, const crypt_token_handler return true; } +#if USE_EXTERNAL_TOKENS +static bool token_validate_v2(struct crypt_device *cd, const struct crypt_token_handler_internal *h) +{ + if (!h) + return false; + + if (!token_validate_v1(cd, &h->u.v1)) + return false; + + if (!h->u.v2.version) { + log_dbg(cd, "Token handler does not provide " CRYPT_TOKEN_ABI_VERSION " function."); + return false; + } + + return true; +} +#endif + static int crypt_token_load_external(struct crypt_device *cd, const char *name, struct crypt_token_handler_internal *ret) { @@ -114,12 +132,19 @@ crypt_token_load_external(struct crypt_device *cd, const char *name, struct cryp token->validate = token_dlvsym(cd, h, CRYPT_TOKEN_ABI_VALIDATE, CRYPT_TOKEN_ABI_VERSION1); token->dump = token_dlvsym(cd, h, CRYPT_TOKEN_ABI_DUMP, CRYPT_TOKEN_ABI_VERSION1); token->open_pin = token_dlvsym(cd, h, CRYPT_TOKEN_ABI_OPEN_PIN, CRYPT_TOKEN_ABI_VERSION1); + token->version = token_dlvsym(cd, h, CRYPT_TOKEN_ABI_VERSION, CRYPT_TOKEN_ABI_VERSION1); - if (!token_validate_v1(cd, &ret->u.v1)) { + if (!token_validate_v2(cd, ret)) { r = -EINVAL; goto err; } + r = snprintf(buf, sizeof(buf), "%s", token->version() ?: ""); + if (r < 0 || (size_t)r >= sizeof(buf)) + *buf = '\0'; + + log_dbg(cd, "Token handler %s-%s loaded sucessfuly.", token->name, buf); + token->dlhandle = h; ret->version = 2;