eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-05 16:00:05 +01:00
Code Issues Packages Projects Releases Wiki Activity

Replace code for missing key error in API.

Browse Source 
While trying to activate device in LUKS2 reencryption
we originally used -ENOKEY error code for case
where one or more volume keys could not be unlocked or
were not provided direclty by (CRYPT_KC_TYPE_KEY or
CRYPT_KC_TYPE_VK_KEYRING) keyslot contexts.

We missed the fact the error code was already previously
used for signaling case when dm subsystem could not load
device table due to key in kernel keyring could not be
read from kernel. It's propagated by libdevmapper.

For it we replace -ENOKEY with -ESRCH for signaling the missing
keyslot context or volume key for devices in LUKS2 reencryption.
This commit is contained in:
Ondrej Kozina
2024-01-23 11:55:08 +01:00
parent 8dd3266599
commit 7eca077490
3 changed files with 7 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
lib/libcryptsetup.h
View File

@@ -1628,11 +1628,12 @@ int crypt_persistent_flags_get(struct crypt_device *cd,
* reencryption), more than one keyslot context is required (e.g. one for the old
* volume key and one for the new volume key). The order of the keyslot
* contexts does not matter. When less keyslot contexts are supplied than
* required to unlock the device an -ENOKEY error code is returned and you
* required to unlock the device an -ESRCH error code is returned and you
* should call the function again with an additional keyslot context specified.
*
* NOTE: the API at the moment works for one keyslot context only, the second
* keyslot context is just an API placeholder
* NOTE: the API at the moment fully works for single keyslot context only,
* the additional keyslot context currently works only with
* @e CRYPT_KC_TYPE_VK_KEYRING or @e CRYPT_KC_TYPE_KEY contexts.
*
* @param cd crypt device handle
* @param name name of device to create, if @e NULL only check passphrase

2
lib/setup.c
View File

@@ -5699,7 +5699,7 @@ const char *name,
}
if (unlocked_keys < required_keys)
r = -ENOKEY;
r = -ESRCH;
}
} else if (isTCRYPT(cd->type)) {
r = 0;

4
tests/api-test-2.c
View File

@@ -5598,8 +5598,8 @@ static void KeyslotContextAndKeyringLink(void)
OK_(crypt_keyslot_context_init_by_vk_in_keyring(cd, TEST_KEY_VK_USER_NAME , &kc));
OK_(crypt_keyslot_context_init_by_vk_in_keyring(cd, TEST_KEY_VK_USER2_NAME, &kc2));
EQ_(crypt_activate_by_keyslot_context(cd, NULL, CRYPT_ANY_SLOT, kc, CRYPT_ANY_SLOT, NULL, 0), -ENOKEY);
EQ_(crypt_activate_by_keyslot_context(cd, NULL, CRYPT_ANY_SLOT, kc2, CRYPT_ANY_SLOT, NULL, 0), -ENOKEY);
EQ_(crypt_activate_by_keyslot_context(cd, NULL, CRYPT_ANY_SLOT, kc, CRYPT_ANY_SLOT, NULL, 0), -ESRCH);
EQ_(crypt_activate_by_keyslot_context(cd, NULL, CRYPT_ANY_SLOT, kc2, CRYPT_ANY_SLOT, NULL, 0), -ESRCH);
EQ_(crypt_activate_by_keyslot_context(cd, NULL, CRYPT_ANY_SLOT, NULL, CRYPT_ANY_SLOT, kc, 0), -EINVAL);
EQ_(crypt_activate_by_keyslot_context(cd, NULL, CRYPT_ANY_SLOT, NULL, CRYPT_ANY_SLOT, kc2, 0), -EINVAL);