From 912109ae665cecf82bc8ba80a4f28c5d7cc7ad13 Mon Sep 17 00:00:00 2001
From: Ondrej Kozina <okozina@redhat.com>
Date: Mon, 11 Jul 2022 12:51:43 +0200
Subject: [PATCH] Improve reencryption parameters verification in cli.

Try to catch as many invalid parameters as possible
before entering library call.
---
 src/utils_reencrypt.c         | 80 +++++++++++++++++++----------------
 tests/luks2-reencryption-test | 23 ++++++++++
 2 files changed, 67 insertions(+), 36 deletions(-)

diff --git a/src/utils_reencrypt.c b/src/utils_reencrypt.c
index 51c9619f..ccc3c816 100644
--- a/src/utils_reencrypt.c
+++ b/src/utils_reencrypt.c
@@ -163,11 +163,40 @@ static int reencrypt_get_active_name(struct crypt_device *cd,
 	return get_active_device_name(cd, data_device, r_active_name);
 }
 
+static int decrypt_verify_and_set_params(struct crypt_params_reencrypt *params)
+{
+	const char *resilience;
+
+	assert(params);
+
+	if (!ARG_SET(OPT_RESILIENCE_ID))
+		return 0;
+
+	resilience = ARG_STR(OPT_RESILIENCE_ID);
+
+	if (!strcmp(resilience, "datashift") ||
+	    !strcmp(resilience, "none")) {
+		log_err(_("Requested --resilience option cannot be applied "
+			  "to current reencryption operation."));
+		return -EINVAL;
+	} else if (!strcmp(resilience, "journal"))
+		params->resilience = "datashift-journal";
+	else if (!strcmp(resilience, "checksum"))
+		params->resilience = "datashift-checksum";
+	else if (!strcmp(resilience, "datashift-checksum") ||
+		 !strcmp(resilience, "datashift-journal"))
+		params->resilience = resilience;
+	else {
+		log_err(_("Unsupported resilience mode %s"), resilience);
+		return -EINVAL;
+	}
+
+	return 0;
+}
+
 static int reencrypt_verify_and_update_params(struct crypt_params_reencrypt *params,
 	char **r_hash)
 {
-	bool decrypt_datashift = false;
-
 	assert(params);
 	assert(r_hash);
 
@@ -194,29 +223,16 @@ static int reencrypt_verify_and_update_params(struct crypt_params_reencrypt *par
 				  "to current reencryption operation."));
 			return -EINVAL;
 		}
-		if (strncmp(params->resilience, "datashift-", 10) &&
-		    !strncmp(ARG_STR(OPT_RESILIENCE_ID), "datashift-", 10)) {
+
+		if (!strncmp(params->resilience, "datashift-", 10)) {
+			/* decryption with datashift in progress */
+			if (decrypt_verify_and_set_params(params))
+				return -EINVAL;
+		} else if (!strncmp(ARG_STR(OPT_RESILIENCE_ID), "datashift-", 10)) {
 			log_err(_("Requested --resilience option cannot be applied "
 				  "to current reencryption operation."));
 			return -EINVAL;
-		}
-		if (!strncmp(params->resilience, "datashift-", 10)) {
-			if (!strcmp(ARG_STR(OPT_RESILIENCE_ID), "datashift")) {
-				log_err(_("Requested --resilience option cannot be applied "
-					  "to current reencryption operation."));
-				return -EINVAL;
-			}
-			decrypt_datashift = true;
-		}
-	}
-
-	params->resilience = NULL;
-	if (ARG_SET(OPT_RESILIENCE_ID)) {
-		if (decrypt_datashift && !strcmp(ARG_STR(OPT_RESILIENCE_ID), "checksum"))
-			params->resilience = "datashift-checksum";
-		else if (decrypt_datashift && !strcmp(ARG_STR(OPT_RESILIENCE_ID), "journal"))
-			params->resilience = "datashift-journal";
-		else
+		} else
 			params->resilience = ARG_STR(OPT_RESILIENCE_ID);
 
 		/* we have to copy hash string returned by API */
@@ -229,13 +245,15 @@ static int reencrypt_verify_and_update_params(struct crypt_params_reencrypt *par
 		}
 
 		/* Add default hash when switching to checksum based resilience */
-		if (!params->hash && (!strcmp(params->resilience, "checksum") ||
+		if (!params->hash && !ARG_SET(OPT_RESILIENCE_HASH_ID) &&
+		    (!strcmp(params->resilience, "checksum") ||
 		    !strcmp(params->resilience, "datashift-checksum")))
 			params->hash = "sha256";
 
 		if (ARG_SET(OPT_RESILIENCE_HASH_ID))
 			params->hash = ARG_STR(OPT_RESILIENCE_HASH_ID);
-	}
+	} else
+		params->resilience = NULL;
 
 	params->max_hotzone_size = ARG_UINT64(OPT_HOTZONE_SIZE_ID) / SECTOR_SIZE;
 	params->device_size = ARG_UINT64(OPT_DEVICE_SIZE_ID) / SECTOR_SIZE;
@@ -676,18 +694,8 @@ static int decrypt_luks2_datashift_init(struct crypt_device **cd,
 		.flags = CRYPT_REENCRYPT_MOVE_FIRST_SEGMENT
 	};
 
-	if (ARG_SET(OPT_RESILIENCE_ID)) {
-		if (!strcmp(ARG_STR(OPT_RESILIENCE_ID), "datashift")) {
-			log_err(_("Requested --resilience option cannot be applied "
-				  "to current reencryption operation."));
-			return -EINVAL;
-		}
-
-		else if (!strcmp(ARG_STR(OPT_RESILIENCE_ID), "journal"))
-			params.resilience = "datashift-journal";
-		else
-			params.resilience = ARG_STR(OPT_RESILIENCE_ID);
-	}
+	if ((r = decrypt_verify_and_set_params(&params)))
+		return r;
 
 	r = tools_get_key(NULL, &password, &passwordLen,
 			ARG_UINT64(OPT_KEYFILE_OFFSET_ID), ARG_UINT32(OPT_KEYFILE_SIZE_ID),
diff --git a/tests/luks2-reencryption-test b/tests/luks2-reencryption-test
index 4311ded9..8e2195f3 100755
--- a/tests/luks2-reencryption-test
+++ b/tests/luks2-reencryption-test
@@ -1799,21 +1799,44 @@ echo $PWD1 | $CRYPTSETUP reencrypt $DEV -q --init-only $FAST_PBKDF_ARGON || fail
 echo $PWD1 | $CRYPTSETUP reencrypt --encrypt --reduce-device-size 4M $DEV -q $FAST_PBKDF_ARGON 2> /dev/null && fail
 echo $PWD1 | $CRYPTSETUP reencrypt --decrypt $DEV -q $FAST_PBKDF_ARGON 2> /dev/null && fail
 echo $PWD1 | $CRYPTSETUP reencrypt $DEV -q --resilience datashift 2> /dev/null && fail
+echo $PWD1 | $CRYPTSETUP reencrypt $DEV -q --resilience datashift-checksum 2> /dev/null && fail
+echo $PWD1 | $CRYPTSETUP reencrypt $DEV -q --resilience datashift-journal 2> /dev/null && fail
 wipe_dev_head $DEV 1
 echo $PWD1 | $CRYPTSETUP reencrypt --encrypt --init-only --reduce-device-size 16M $DEV -q $FAST_PBKDF_ARGON 2> /dev/null || fail
 echo $PWD1 | $CRYPTSETUP reencrypt --decrypt $DEV -q $FAST_PBKDF_ARGON 2> /dev/null && fail
 echo $PWD1 | $CRYPTSETUP reencrypt $DEV -q --resilience journal 2> /dev/null && fail
+echo $PWD1 | $CRYPTSETUP reencrypt $DEV -q --resilience datashift-checksum 2> /dev/null && fail
+echo $PWD1 | $CRYPTSETUP reencrypt $DEV -q --resilience datashift-journal 2> /dev/null && fail
 wipe_dev_head $DEV 1
 echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 --header $IMG_HDR $FAST_PBKDF2 $DEV || fail
 echo $PWD1 | $CRYPTSETUP reencrypt $DEV -q --header $IMG_HDR --init-only $FAST_PBKDF_ARGON || fail
 echo $PWD1 | $CRYPTSETUP reencrypt --encrypt --header $IMG_HDR $DEV -q $FAST_PBKDF_ARGON 2> /dev/null && fail
 echo $PWD1 | $CRYPTSETUP reencrypt --decrypt --header $IMG_HDR $DEV -q $FAST_PBKDF_ARGON 2> /dev/null && fail
+echo $PWD1 | $CRYPTSETUP reencrypt $DEV -q --header $IMG_HDR --resilience datashift-checksum 2>/dev/null && fail
+echo $PWD1 | $CRYPTSETUP reencrypt $DEV -q --header $IMG_HDR --resilience datashift-journal 2>/dev/null && fail
 rm -f $IMG_HDR
 echo $PWD1 | $CRYPTSETUP reencrypt $DEV -q --encrypt --header $IMG_HDR --init-only $FAST_PBKDF_ARGON || fail
 echo $PWD1 | $CRYPTSETUP reencrypt --decrypt --header $IMG_HDR $DEV -q $FAST_PBKDF_ARGON 2> /dev/null && fail
 echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 --header $IMG_HDR $FAST_PBKDF2 $DEV || fail
 echo $PWD1 | $CRYPTSETUP reencrypt $DEV -q --decrypt --header $IMG_HDR --init-only $FAST_PBKDF_ARGON || fail
 echo $PWD1 | $CRYPTSETUP reencrypt --encrypt --header $IMG_HDR $DEV -q $FAST_PBKDF_ARGON 2> /dev/null && fail
+rm -f $IMG_HDR
+echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 $FAST_PBKDF2 $DEV || fail
+echo $PWD1 | $CRYPTSETUP reencrypt --decrypt $DEV --header $IMG_HDR -q --init-only $FAST_PBKDF_ARGON --resilience datashift 2> /dev/null && fail
+test -f $IMG_HDR && fail
+echo $PWD1 | $CRYPTSETUP reencrypt --decrypt $DEV --header $IMG_HDR -q --init-only $FAST_PBKDF_ARGON --resilience none 2> /dev/null && fail
+test -f $IMG_HDR && fail
+$CRYPTSETUP luksDump $DEV | grep -q "online-reencrypt" && fail
+# FIXME: There's a bug in --hotzone-size parameter when initializing decryption with datashift
+#echo $PWD1 | $CRYPTSETUP reencrypt --decrypt $DEV --header $IMG_HDR -q --init-only $FAST_PBKDF_ARGON --resilience checksum --hotzone-size 4m || fail
+echo $PWD1 | $CRYPTSETUP reencrypt --decrypt $DEV --header $IMG_HDR -q --init-only $FAST_PBKDF_ARGON --resilience checksum || fail
+$CRYPTSETUP isLuks $DEV -q && fail
+# $CRYPTSETUP luksDump $IMG_HDR
+echo $PWD1 | $CRYPTSETUP reencrypt --decrypt $DEV --header $IMG_HDR -q --resilience datashift 2> /dev/null && fail
+echo $PWD1 | $CRYPTSETUP reencrypt --decrypt $DEV --header $IMG_HDR -q --resilience none 2> /dev/null && fail
+# FIXME: (see above)
+#echo $PWD1 | $CRYPTSETUP reencrypt --decrypt $DEV --header $IMG_HDR -q --resilience journal || fail
+rm -f $IMG_HDR
 
 check_blkid
 if [ "$HAVE_BLKID" -gt 0 ]; then