eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-17 13:50:06 +01:00
Code Issues Packages Projects Releases Wiki Activity

Do not use local libutils.

Browse Source
This commit is contained in:
Milan Broz
2018-09-29 10:21:57 +02:00
parent 5be31bbce6
commit 874fa5810d
4 changed files with 182 additions and 154 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
src/Makemodule.am
View File

@@ -1,30 +1,24 @@
noinst_LTLIBRARIES += libutils_tools.la
libutils_tools_la_SOURCES = \
src/utils_tools.c \
src/utils_password.c \
lib/utils_io.c \
lib/utils_blkid.c \
src/cryptsetup.h
libutils_tools_la_CFLAGS = $(AM_CFLAGS)
libutils_tools_la_LIBADD = -lm @BLKID_LIBS@ @PWQUALITY_LIBS@ @PASSWDQC_LIBS@
# cryptsetup # cryptsetup
if CRYPTSETUP if CRYPTSETUP
cryptsetup_SOURCES = \ cryptsetup_SOURCES = \
lib/utils_crypt.c \ lib/utils_crypt.c \
lib/utils_loop.c \ lib/utils_loop.c \
lib/utils_io.c \
lib/utils_blkid.c \
src/utils_tools.c \
src/utils_password.c \
src/utils_luks2.c \
src/cryptsetup.c \ src/cryptsetup.c \
src/cryptsetup.h src/cryptsetup.h
cryptsetup_LDADD = \ cryptsetup_LDADD = -lm \
libcryptsetup.la \ libcryptsetup.la \
libutils_tools.la \
@POPT_LIBS@ \ @POPT_LIBS@ \
@UUID_LIBS@ @PWQUALITY_LIBS@ \
@PASSWDQC_LIBS@ \
@UUID_LIBS@ \
@BLKID_LIBS@
sbin_PROGRAMS += cryptsetup sbin_PROGRAMS += cryptsetup
@@ -46,13 +40,16 @@ if VERITYSETUP
veritysetup_SOURCES = \ veritysetup_SOURCES = \
lib/utils_crypt.c \ lib/utils_crypt.c \
lib/utils_loop.c \ lib/utils_loop.c \
lib/utils_io.c \
lib/utils_blkid.c \
src/utils_tools.c \
src/veritysetup.c \ src/veritysetup.c \
src/cryptsetup.h src/cryptsetup.h
veritysetup_LDADD = \ veritysetup_LDADD = -lm \
libcryptsetup.la \ libcryptsetup.la \
libutils_tools.la \ @POPT_LIBS@ \
@POPT_LIBS@ @BLKID_LIBS@
sbin_PROGRAMS += veritysetup sbin_PROGRAMS += veritysetup
@@ -74,14 +71,16 @@ if INTEGRITYSETUP
integritysetup_SOURCES = \ integritysetup_SOURCES = \
lib/utils_crypt.c \ lib/utils_crypt.c \
lib/utils_loop.c \ lib/utils_loop.c \
lib/utils_blkid.c \
src/utils_tools.c \
src/integritysetup.c \ src/integritysetup.c \
src/cryptsetup.h src/cryptsetup.h
integritysetup_LDADD = \ integritysetup_LDADD = -lm \
libcryptsetup.la \ libcryptsetup.la \
libutils_tools.la \
@POPT_LIBS@ \ @POPT_LIBS@ \
@UUID_LIBS@ @UUID_LIBS@ \
@BLKID_LIBS@
sbin_PROGRAMS += integritysetup sbin_PROGRAMS += integritysetup
@@ -101,14 +100,20 @@ endif
if REENCRYPT if REENCRYPT
cryptsetup_reencrypt_SOURCES = \ cryptsetup_reencrypt_SOURCES = \
lib/utils_crypt.c \ lib/utils_crypt.c \
lib/utils_io.c \
lib/utils_blkid.c \
src/utils_tools.c \
src/utils_password.c \
src/cryptsetup_reencrypt.c \ src/cryptsetup_reencrypt.c \
src/cryptsetup.h src/cryptsetup.h
cryptsetup_reencrypt_LDADD = \ cryptsetup_reencrypt_LDADD = -lm \
libcryptsetup.la \ libcryptsetup.la \
libutils_tools.la \
@POPT_LIBS@ \ @POPT_LIBS@ \
@UUID_LIBS@ @PWQUALITY_LIBS@ \
@PASSWDQC_LIBS@ \
@UUID_LIBS@ \
@BLKID_LIBS@
sbin_PROGRAMS += cryptsetup-reencrypt sbin_PROGRAMS += cryptsetup-reencrypt

139
src/utils_luks2.c Normal file
View File

@@ -0,0 +1,139 @@
/*
* Helper utilities for LUKS2 features
*
* Copyright (C) 2018, Red Hat, Inc. All rights reserved.
* Copyright (C) 2018, Milan Broz
* Copyright (C) 2018, Ondrej Kozina
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#include "cryptsetup.h"
/*
* FIXME: 4MiBs is max LUKS2 mda length (including binary header).
* In future, read max allowed JSON size from config section.
*/
#define LUKS2_MAX_MDA_SIZE 0x400000
int tools_read_json_file(struct crypt_device *cd, const char *file, char **json, size_t *json_size)
{
ssize_t ret;
int fd, block, r;
void *buf = NULL;
block = tools_signals_blocked();
if (block)
set_int_block(0);
if (tools_is_stdin(file)) {
fd = STDIN_FILENO;
log_dbg("STDIN descriptor JSON read requested.");
} else {
log_dbg("File descriptor JSON read requested.");
fd = open(file, O_RDONLY);
if (fd < 0) {
log_err(_("Failed to open file %s in read-only mode."), file);
r = -EINVAL;
goto out;
}
}
buf = malloc(LUKS2_MAX_MDA_SIZE);
if (!buf) {
r = -ENOMEM;
goto out;
}
if (isatty(fd) && !opt_batch_mode)
log_std(_("Provide valid LUKS2 token JSON:\n"));
/* we expect JSON (string) */
r = 0;
ret = read_buffer_intr(fd, buf, LUKS2_MAX_MDA_SIZE - 1, &quit);
if (ret < 0) {
r = -EIO;
log_err(_("Failed to read JSON file."));
goto out;
}
check_signal(&r);
if (r) {
log_err(_("\nRead interrupted."));
goto out;
}
*json_size = (size_t)ret;
*json = buf;
*(*json + ret) = '\0';
out:
if (block && !quit)
set_int_block(1);
if (fd >= 0 && fd != STDIN_FILENO)
close(fd);
if (r && buf) {
memset(buf, 0, LUKS2_MAX_MDA_SIZE);
free(buf);
}
return r;
}
int tools_write_json_file(struct crypt_device *cd, const char *file, const char *json)
{
int block, fd, r;
size_t json_len;
ssize_t ret;
if (!json || !(json_len = strlen(json)) || json_len >= LUKS2_MAX_MDA_SIZE)
return -EINVAL;
block = tools_signals_blocked();
if (block)
set_int_block(0);
if (tools_is_stdin(file)) {
fd = STDOUT_FILENO;
log_dbg("STDOUT descriptor JSON write requested.");
} else {
log_dbg("File descriptor JSON write requested.");
fd = open(file, O_CREAT | O_WRONLY, S_IRUSR | S_IWUSR);
}
if (fd < 0) {
log_err(_("Failed to open file %s in write mode."), file ?: "");
r = -EINVAL;
goto out;
}
r = 0;
ret = write_buffer_intr(fd, json, json_len, &quit);
check_signal(&r);
if (r) {
log_err(_("\nWrite interrupted."));
goto out;
}
if (ret < 0 || (size_t)ret != json_len) {
log_err(_("Failed to write JSON file."));
r = -EIO;
goto out;
}
if (isatty(fd))
(void) write_buffer_intr(fd, "\n", 1, &quit);
out:
if (block && !quit)
set_int_block(1);
if (fd >=0 && fd != STDOUT_FILENO)
close(fd);
return r;
}

19
src/utils_password.c
View File

@@ -94,25 +94,6 @@ static int tools_check_pwquality(const char *password)
} }
#endif /* ENABLE_PWQUALITY || ENABLE_PASSWDQC */ #endif /* ENABLE_PWQUALITY || ENABLE_PASSWDQC */
int tools_is_cipher_null(const char *cipher)
{
if (!cipher)
return 0;
return !strcmp(cipher, "cipher_null") ? 1 : 0;
}
/*
* Keyfile - is standard input treated as a binary file (no EOL handling).
*/
int tools_is_stdin(const char *key_file)
{
if (!key_file)
return 1;
return strcmp(key_file, "-") ? 0 : 1;
}
/* Password reading helpers */ /* Password reading helpers */
static int untimed_read(int fd, char *pass, size_t maxlen) static int untimed_read(int fd, char *pass, size_t maxlen)
{ {

123
src/utils_tools.c
View File

@@ -583,118 +583,21 @@ out:
return r; return r;
} }
int tools_is_cipher_null(const char *cipher)
{
if (!cipher)
return 0;
return !strcmp(cipher, "cipher_null") ? 1 : 0;
}
/* /*
* FIXME: 4MiBs is max LUKS2 mda length (including binary header). * Keyfile - is standard input treated as a binary file (no EOL handling).
* In future, read max allowed JSON size from config section.
*/ */
#define LUKS2_MAX_MDA_SIZE 0x400000 int tools_is_stdin(const char *key_file)
int tools_read_json_file(struct crypt_device *cd, const char *file, char **json, size_t *json_size)
{ {
ssize_t ret; if (!key_file)
int fd, block, r; return 1;
void *buf = NULL;
block = tools_signals_blocked(); return strcmp(key_file, "-") ? 0 : 1;
if (block)
set_int_block(0);
if (tools_is_stdin(file)) {
fd = STDIN_FILENO;
log_dbg("STDIN descriptor JSON read requested.");
} else {
log_dbg("File descriptor JSON read requested.");
fd = open(file, O_RDONLY);
if (fd < 0) {
log_err(_("Failed to open file %s in read-only mode."), file);
r = -EINVAL;
goto out;
}
}
buf = malloc(LUKS2_MAX_MDA_SIZE);
if (!buf) {
r = -ENOMEM;
goto out;
}
if (isatty(fd) && !opt_batch_mode)
log_std(_("Provide valid LUKS2 token JSON:\n"));
/* we expect JSON (string) */
r = 0;
ret = read_buffer_intr(fd, buf, LUKS2_MAX_MDA_SIZE - 1, &quit);
if (ret < 0) {
r = -EIO;
log_err(_("Failed to read JSON file."));
goto out;
}
check_signal(&r);
if (r) {
log_err(_("\nRead interrupted."));
goto out;
}
*json_size = (size_t)ret;
*json = buf;
*(*json + ret) = '\0';
out:
if (block && !quit)
set_int_block(1);
if (fd >= 0 && fd != STDIN_FILENO)
close(fd);
if (r && buf) {
memset(buf, 0, LUKS2_MAX_MDA_SIZE);
free(buf);
}
return r;
}
int tools_write_json_file(struct crypt_device *cd, const char *file, const char *json)
{
int block, fd, r;
size_t json_len;
ssize_t ret;
if (!json || !(json_len = strlen(json)) || json_len >= LUKS2_MAX_MDA_SIZE)
return -EINVAL;
block = tools_signals_blocked();
if (block)
set_int_block(0);
if (tools_is_stdin(file)) {
fd = STDOUT_FILENO;
log_dbg("STDOUT descriptor JSON write requested.");
} else {
log_dbg("File descriptor JSON write requested.");
fd = open(file, O_CREAT | O_WRONLY, S_IRUSR | S_IWUSR);
}
if (fd < 0) {
log_err(_("Failed to open file %s in write mode."), file ?: "");
r = -EINVAL;
goto out;
}
r = 0;
ret = write_buffer_intr(fd, json, json_len, &quit);
check_signal(&r);
if (r) {
log_err(_("\nWrite interrupted."));
goto out;
}
if (ret < 0 || (size_t)ret != json_len) {
log_err(_("Failed to write JSON file."));
r = -EIO;
goto out;
}
if (isatty(fd))
(void) write_buffer_intr(fd, "\n", 1, &quit);
out:
if (block && !quit)
set_int_block(1);
if (fd >=0 && fd != STDOUT_FILENO)
close(fd);
return r;
} }