diff --git a/lib/luks2/luks2.h b/lib/luks2/luks2.h index 1f2a1118..481f0aaf 100644 --- a/lib/luks2/luks2.h +++ b/lib/luks2/luks2.h @@ -251,6 +251,8 @@ int LUKS2_token_open_and_activate_any(struct crypt_device *cd, const char *name, uint32_t flags); +int LUKS2_tokens_count(struct luks2_hdr *hdr); + /* * Generic LUKS2 digest */ diff --git a/lib/luks2/luks2_internal.h b/lib/luks2/luks2_internal.h index 9e5e3aa3..f736a45e 100644 --- a/lib/luks2/luks2_internal.h +++ b/lib/luks2/luks2_internal.h @@ -48,6 +48,7 @@ json_object *LUKS2_get_keyslot_jobj(struct luks2_hdr *hdr, int keyslot); json_object *LUKS2_get_token_jobj(struct luks2_hdr *hdr, int token); json_object *LUKS2_get_digest_jobj(struct luks2_hdr *hdr, int digest); json_object *LUKS2_get_segment_jobj(struct luks2_hdr *hdr, int segment); +json_object *LUKS2_get_tokens_jobj(struct luks2_hdr *hdr); void hexprint_base64(struct crypt_device *cd, json_object *jobj, const char *sep, const char *line_sep); diff --git a/lib/luks2/luks2_json_metadata.c b/lib/luks2/luks2_json_metadata.c index 13816bb9..c40571b5 100644 --- a/lib/luks2/luks2_json_metadata.c +++ b/lib/luks2/luks2_json_metadata.c @@ -120,6 +120,16 @@ json_object *LUKS2_get_keyslot_jobj(struct luks2_hdr *hdr, int keyslot) return jobj2; } +json_object *LUKS2_get_tokens_jobj(struct luks2_hdr *hdr) +{ + json_object *jobj_tokens; + + if (!hdr || !json_object_object_get_ex(hdr->jobj, "tokens", &jobj_tokens)) + return NULL; + + return jobj_tokens; +} + json_object *LUKS2_get_token_jobj(struct luks2_hdr *hdr, int token) { json_object *jobj1, *jobj2; @@ -128,10 +138,11 @@ json_object *LUKS2_get_token_jobj(struct luks2_hdr *hdr, int token) if (!hdr || token < 0) return NULL; - if (snprintf(token_name, sizeof(token_name), "%u", token) < 1) + jobj1 = LUKS2_get_tokens_jobj(hdr); + if (!jobj1) return NULL; - if (!json_object_object_get_ex(hdr->jobj, "tokens", &jobj1)) + if (snprintf(token_name, sizeof(token_name), "%u", token) < 1) return NULL; json_object_object_get_ex(jobj1, token_name, &jobj2); diff --git a/lib/luks2/luks2_luks1_convert.c b/lib/luks2/luks2_luks1_convert.c index 053cde50..89f7bdd7 100644 --- a/lib/luks2/luks2_luks1_convert.c +++ b/lib/luks2/luks2_luks1_convert.c @@ -664,6 +664,14 @@ int LUKS2_luks2_to_luks1(struct crypt_device *cd, struct luks2_hdr *hdr2, struct return -EINVAL; } + r = LUKS2_tokens_count(hdr2); + if (r < 0) + return r; + if (r > 0) { + log_err(cd, _("Cannot convert to LUKS1 format - LUKS2 header contains %u token(s).\n"), r); + return -EINVAL; + } + r = LUKS2_get_volume_key_size(hdr2, 0); if (r < 0) return -EINVAL; diff --git a/lib/luks2/luks2_token.c b/lib/luks2/luks2_token.c index 376fead8..3003b937 100644 --- a/lib/luks2/luks2_token.c +++ b/lib/luks2/luks2_token.c @@ -594,3 +594,12 @@ int LUKS2_token_is_assigned(struct crypt_device *cd, struct luks2_hdr *hdr, return -ENOENT; } + +int LUKS2_tokens_count(struct luks2_hdr *hdr) +{ + json_object *jobj_tokens = LUKS2_get_tokens_jobj(hdr); + if (!jobj_tokens) + return -EINVAL; + + return json_object_object_length(jobj_tokens); +}