eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2026-01-10 09:25:32 +01:00
Code Issues Packages Projects Releases Wiki Activity

Abort conversion when LUKS2 header contains tokens.

Browse Source 
Tokens may contain import 3rd party data. Prompt users
to remove such tokens explicitly.
This commit is contained in:
Ondrej Kozina
2018-04-11 14:04:25 +02:00
committed by Milan Broz
parent eed682c529
commit 70077db07d
5 changed files with 33 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/luks2/luks2.h
View File

@@ -251,6 +251,8 @@ int LUKS2_token_open_and_activate_any(struct crypt_device *cd,
const char *name,
uint32_t flags);
int LUKS2_tokens_count(struct luks2_hdr *hdr);
/*
* Generic LUKS2 digest
*/

1
lib/luks2/luks2_internal.h
View File

@@ -48,6 +48,7 @@ json_object *LUKS2_get_keyslot_jobj(struct luks2_hdr *hdr, int keyslot);
json_object *LUKS2_get_token_jobj(struct luks2_hdr *hdr, int token);
json_object *LUKS2_get_digest_jobj(struct luks2_hdr *hdr, int digest);
json_object *LUKS2_get_segment_jobj(struct luks2_hdr *hdr, int segment);
json_object *LUKS2_get_tokens_jobj(struct luks2_hdr *hdr);
void hexprint_base64(struct crypt_device *cd, json_object *jobj,
const char *sep, const char *line_sep);

15
lib/luks2/luks2_json_metadata.c
View File

@@ -120,6 +120,16 @@ json_object *LUKS2_get_keyslot_jobj(struct luks2_hdr *hdr, int keyslot)
return jobj2;
}
json_object *LUKS2_get_tokens_jobj(struct luks2_hdr *hdr)
{
json_object *jobj_tokens;
if (!hdr || !json_object_object_get_ex(hdr->jobj, "tokens", &jobj_tokens))
return NULL;
return jobj_tokens;
}
json_object *LUKS2_get_token_jobj(struct luks2_hdr *hdr, int token)
{
json_object *jobj1, *jobj2;
@@ -128,10 +138,11 @@ json_object *LUKS2_get_token_jobj(struct luks2_hdr *hdr, int token)
if (!hdr || token < 0)
return NULL;
if (snprintf(token_name, sizeof(token_name), "%u", token) < 1)
jobj1 = LUKS2_get_tokens_jobj(hdr);
if (!jobj1)
return NULL;
if (!json_object_object_get_ex(hdr->jobj, "tokens", &jobj1))
if (snprintf(token_name, sizeof(token_name), "%u", token) < 1)
return NULL;
json_object_object_get_ex(jobj1, token_name, &jobj2);

8
lib/luks2/luks2_luks1_convert.c
View File

@@ -664,6 +664,14 @@ int LUKS2_luks2_to_luks1(struct crypt_device *cd, struct luks2_hdr *hdr2, struct
return -EINVAL;
}
r = LUKS2_tokens_count(hdr2);
if (r < 0)
return r;
if (r > 0) {
log_err(cd, _("Cannot convert to LUKS1 format - LUKS2 header contains %u token(s).\n"), r);
return -EINVAL;
}
r = LUKS2_get_volume_key_size(hdr2, 0);
if (r < 0)
return -EINVAL;

9
lib/luks2/luks2_token.c
View File

@@ -594,3 +594,12 @@ int LUKS2_token_is_assigned(struct crypt_device *cd, struct luks2_hdr *hdr,
return -ENOENT;
}
int LUKS2_tokens_count(struct luks2_hdr *hdr)
{
json_object *jobj_tokens = LUKS2_get_tokens_jobj(hdr);
if (!jobj_tokens)
return -EINVAL;
return json_object_object_length(jobj_tokens);
}