eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-08 17:30:03 +01:00
Code Issues Packages Projects Releases Wiki Activity

Print better metadata dump and status info for OPAL segment.

Browse Source
This commit is contained in:
Milan Broz
2023-07-15 14:11:05 +02:00
committed by Luca Boccassi
parent 4d487d5dcf
commit 928061f1f0
7 changed files with 65 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
lib/libcryptsetup.h
View File

@@ -464,13 +464,20 @@ const char *crypt_get_default_type(void);
/** @} */ /** @} */
/** /**
* Get OPAL HW encryption type * Get HW encryption type
* *
* @return HW encryption type (see @link crypt-hw-encryption-types @endlink) * @return HW encryption type (see @link crypt-hw-encryption-types @endlink)
* or negative errno otherwise. * or negative errno otherwise.
*/ */
int crypt_get_hw_encryption_type(struct crypt_device *cd); int crypt_get_hw_encryption_type(struct crypt_device *cd);
/**
* Get HW encryption (like OPAL) key size (in bytes)
*
* @return key size or 0 if no HW encryption is used.
*/
int crypt_get_hw_encryption_key_size(struct crypt_device *cd);
/** /**
* *
* Structure used as parameter for PLAIN device type. * Structure used as parameter for PLAIN device type.

1
lib/libcryptsetup.sym
View File

@@ -170,5 +170,6 @@ CRYPTSETUP_2.7 {
global: global:
crypt_format_luks2_opal; crypt_format_luks2_opal;
crypt_get_hw_encryption_type; crypt_get_hw_encryption_type;
crypt_get_hw_encryption_key_size;
crypt_wipe_hw_opal; crypt_wipe_hw_opal;
} CRYPTSETUP_2.6; } CRYPTSETUP_2.6;

1
lib/luks2/luks2_internal.h
View File

@@ -366,6 +366,7 @@ bool LUKS2_segment_is_hw_opal(struct luks2_hdr *hdr, int segment);
int LUKS2_get_opal_segment_number(struct luks2_hdr *hdr, int segment, int LUKS2_get_opal_segment_number(struct luks2_hdr *hdr, int segment,
uint32_t *ret_opal_segment_number); uint32_t *ret_opal_segment_number);
int LUKS2_get_opal_key_size(struct luks2_hdr *hdr, int segment);
int LUKS2_segment_by_type(struct luks2_hdr *hdr, int LUKS2_segment_by_type(struct luks2_hdr *hdr,
const char *type); const char *type);

24
lib/luks2/luks2_json_metadata.c
View File

@@ -2111,16 +2111,6 @@ static void hdr_dump_segments(struct crypt_device *cd, json_object *hdr_jobj)
json_object_object_get_ex(jobj_segment, "type", &jobj1); json_object_object_get_ex(jobj_segment, "type", &jobj1);
log_std(cd, " %s: %s\n", segment, json_object_get_string(jobj1)); log_std(cd, " %s: %s\n", segment, json_object_get_string(jobj1));
if (!strncmp(json_object_get_string(jobj1), "hw-opal", 7)) {
json_object_object_get_ex(jobj_segment, "opal_segment_number", &jobj1);
log_std(cd, "\tsegment number: %" PRIu32 "\n", crypt_jobj_get_uint32(jobj1));
json_object_object_get_ex(jobj_segment, "opal_key_size", &jobj1);
log_std(cd, "\topal key size: %" PRIu32 "\n", crypt_jobj_get_uint32(jobj1));
json_object_object_get_ex(jobj_segment, "opal_segment_size", &jobj1);
json_str_to_uint64(jobj1, &value);
log_std(cd, "\topal length: %" PRIu64 " [bytes]\n", value);
}
json_object_object_get_ex(jobj_segment, "offset", &jobj1); json_object_object_get_ex(jobj_segment, "offset", &jobj1);
json_str_to_uint64(jobj1, &value); json_str_to_uint64(jobj1, &value);
log_std(cd, "\toffset: %" PRIu64 " [bytes]\n", value); log_std(cd, "\toffset: %" PRIu64 " [bytes]\n", value);
@@ -2135,6 +2125,8 @@ static void hdr_dump_segments(struct crypt_device *cd, json_object *hdr_jobj)
if (json_object_object_get_ex(jobj_segment, "encryption", &jobj1)) if (json_object_object_get_ex(jobj_segment, "encryption", &jobj1))
log_std(cd, "\tcipher: %s\n", json_object_get_string(jobj1)); log_std(cd, "\tcipher: %s\n", json_object_get_string(jobj1));
else
log_std(cd, "\tcipher: (no SW encryption)\n");
if (json_object_object_get_ex(jobj_segment, "sector_size", &jobj1)) if (json_object_object_get_ex(jobj_segment, "sector_size", &jobj1))
log_std(cd, "\tsector: %" PRIu32 " [bytes]\n", crypt_jobj_get_uint32(jobj1)); log_std(cd, "\tsector: %" PRIu32 " [bytes]\n", crypt_jobj_get_uint32(jobj1));
@@ -2154,6 +2146,18 @@ static void hdr_dump_segments(struct crypt_device *cd, json_object *hdr_jobj)
log_std(cd, "\n"); log_std(cd, "\n");
} }
json_object_object_get_ex(jobj_segment, "type", &jobj1);
if (!strncmp(json_object_get_string(jobj1), "hw-opal", 7)) {
log_std(cd, "\tHW OPAL encryption:\n");
json_object_object_get_ex(jobj_segment, "opal_segment_number", &jobj1);
log_std(cd, "\t\tOPAL segment number: %" PRIu32 "\n", crypt_jobj_get_uint32(jobj1));
json_object_object_get_ex(jobj_segment, "opal_key_size", &jobj1);
log_std(cd, "\t\tOPAL key size: %" PRIu32 " [bytes]\n", crypt_jobj_get_uint32(jobj1));
json_object_object_get_ex(jobj_segment, "opal_segment_size", &jobj1);
json_str_to_uint64(jobj1, &value);
log_std(cd, "\t\tOPAL segment length: %" PRIu64 " [bytes]\n", value);
}
log_std(cd, "\n"); log_std(cd, "\n");
} }
} }

11
lib/luks2/luks2_segment.c
View File

@@ -459,6 +459,17 @@ int LUKS2_get_opal_segment_number(struct luks2_hdr *hdr, int segment, uint32_t *
return json_segment_get_opal_segment_id(jobj_segment, ret_opal_segment_number); return json_segment_get_opal_segment_id(jobj_segment, ret_opal_segment_number);
} }
int LUKS2_get_opal_key_size(struct luks2_hdr *hdr, int segment)
{
size_t key_size = 0;
json_object *jobj_segment = LUKS2_get_segment_jobj(hdr, segment);
if (json_segment_get_opal_key_size(jobj_segment, &key_size) < 0)
return 0;
return key_size;
}
int LUKS2_last_segment_by_type(struct luks2_hdr *hdr, const char *type) int LUKS2_last_segment_by_type(struct luks2_hdr *hdr, const char *type)
{ {
json_object *jobj_segments; json_object *jobj_segments;

8
lib/setup.c
View File

@@ -5997,6 +5997,14 @@ int crypt_get_volume_key_size(struct crypt_device *cd)
return 0; return 0;
} }
int crypt_get_hw_encryption_key_size(struct crypt_device *cd)
{
if (!cd || !isLUKS2(cd->type))
return 0;
return LUKS2_get_opal_key_size(&cd->u.luks2.hdr, CRYPT_DEFAULT_SEGMENT);
}
int crypt_keyslot_get_key_size(struct crypt_device *cd, int keyslot) int crypt_keyslot_get_key_size(struct crypt_device *cd, int keyslot)
{ {
if (!cd || !isLUKS(cd->type)) if (!cd || !isLUKS(cd->type))

26
src/cryptsetup.c
View File

@@ -883,7 +883,7 @@ static int action_status(void)
struct crypt_device *cd = NULL; struct crypt_device *cd = NULL;
char *backing_file; char *backing_file;
const char *device; const char *device;
int path = 0, r = 0; int path = 0, r = 0, hw_enc;
/* perhaps a path, not a dm device name */ /* perhaps a path, not a dm device name */
if (strchr(action_argv[0], '/')) if (strchr(action_argv[0], '/'))
@@ -932,9 +932,27 @@ static int action_status(void)
if (r < 0 && r != -ENOTSUP) if (r < 0 && r != -ENOTSUP)
goto out; goto out;
log_std(" cipher: %s-%s\n", crypt_get_cipher(cd), crypt_get_cipher_mode(cd)); hw_enc = crypt_get_hw_encryption_type(cd);
log_std(" keysize: %d bits\n", crypt_get_volume_key_size(cd) * 8); if (hw_enc < 0) {
log_std(" key location: %s\n", (cad.flags & CRYPT_ACTIVATE_KEYRING_KEY) ? "keyring" : "dm-crypt"); r = hw_enc;
goto out;
}
if (hw_enc == CRYPT_SW_ONLY) {
log_std(" cipher: %s-%s\n", crypt_get_cipher(cd), crypt_get_cipher_mode(cd));
log_std(" keysize: %d bits\n", crypt_get_volume_key_size(cd) * 8);
log_std(" key location: %s\n", (cad.flags & CRYPT_ACTIVATE_KEYRING_KEY) ? "keyring" : "dm-crypt");
} else if (hw_enc == CRYPT_OPAL_HW_ONLY) {
log_std(" encryption: HW OPAL only\n");
log_std(" OPAL keysize: %d bits\n", crypt_get_hw_encryption_key_size(cd) * 8);
} else if (hw_enc == CRYPT_SW_AND_OPAL_HW) {
log_std(" encryption: dm-crypt over HW OPAL\n");
log_std(" OPAL keysize: %d bits\n", crypt_get_hw_encryption_key_size(cd) * 8);
log_std(" cipher: %s-%s\n", crypt_get_cipher(cd), crypt_get_cipher_mode(cd));
log_std(" keysize: %d bits\n", (crypt_get_volume_key_size(cd) - crypt_get_hw_encryption_key_size(cd)) * 8);
log_std(" key location: %s\n", (cad.flags & CRYPT_ACTIVATE_KEYRING_KEY) ? "keyring" : "dm-crypt");
}
if (ip.integrity) if (ip.integrity)
log_std(" integrity: %s\n", ip.integrity); log_std(" integrity: %s\n", ip.integrity);
if (ip.integrity_key_size) if (ip.integrity_key_size)