eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-06 00:10:04 +01:00
Code Issues Packages Projects Releases Wiki Activity

Set skcipher key before accept() call in kernel crypto backend.

Browse Source 
Also relax input errno checking to catch all errors.
This commit is contained in:
Milan Broz
2016-01-02 20:02:28 +01:00
parent e34938f21d
commit 93ed401b7c
2 changed files with 48 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
lib/crypto_backend/crypto_cipher_kernel.c
View File

@@ -2,7 +2,7 @@
* Linux kernel userspace API crypto backend implementation (skcipher) * Linux kernel userspace API crypto backend implementation (skcipher)
* *
* Copyright (C) 2012, Red Hat, Inc. All rights reserved. * Copyright (C) 2012, Red Hat, Inc. All rights reserved.
* Copyright (C) 2012-2014, Milan Broz * Copyright (C) 2012-2016, Milan Broz
* *
* This file is free software; you can redistribute it and/or * This file is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public * modify it under the terms of the GNU Lesser General Public
@@ -88,33 +88,8 @@ int crypt_cipher_blocksize(const char *name)
return ca ? ca->blocksize : -EINVAL; return ca ? ca->blocksize : -EINVAL;
} }
/* Shared with hash kernel backend */
int crypt_kernel_socket_init(struct sockaddr_alg *sa, int *tfmfd, int *opfd);
int crypt_kernel_socket_init(struct sockaddr_alg *sa, int *tfmfd, int *opfd)
{
*tfmfd = socket(AF_ALG, SOCK_SEQPACKET, 0);
if (*tfmfd == -1)
return -ENOTSUP;
if (bind(*tfmfd, (struct sockaddr *)sa, sizeof(*sa)) == -1) {
close(*tfmfd);
*tfmfd = -1;
return -ENOENT;
}
*opfd = accept(*tfmfd, NULL, 0);
if (*opfd == -1) {
close(*tfmfd);
*tfmfd = -1;
return -EINVAL;
}
return 0;
}
/* /*
*ciphers * ciphers
* *
* ENOENT - algorithm not available * ENOENT - algorithm not available
* ENOTSUP - AF_ALG family not available * ENOTSUP - AF_ALG family not available
@@ -128,7 +103,6 @@ int crypt_cipher_init(struct crypt_cipher **ctx, const char *name,
.salg_family = AF_ALG, .salg_family = AF_ALG,
.salg_type = "skcipher", .salg_type = "skcipher",
}; };
int r;
h = malloc(sizeof(*h)); h = malloc(sizeof(*h));
if (!h) if (!h)
@@ -137,14 +111,26 @@ int crypt_cipher_init(struct crypt_cipher **ctx, const char *name,
snprintf((char *)sa.salg_name, sizeof(sa.salg_name), snprintf((char *)sa.salg_name, sizeof(sa.salg_name),
"%s(%s)", mode, name); "%s(%s)", mode, name);
r = crypt_kernel_socket_init(&sa, &h->tfmfd, &h->opfd); h->opfd = -1;
if (r < 0) { h->tfmfd = socket(AF_ALG, SOCK_SEQPACKET, 0);
free(h); if (h->tfmfd < 0) {
return r; crypt_cipher_destroy(h);
return -ENOTSUP;
}
if (bind(h->tfmfd, (struct sockaddr *)&sa, sizeof(sa)) < 0) {
crypt_cipher_destroy(h);
return -ENOENT;
} }
if (length && strcmp(name, "cipher_null") && if (length && strcmp(name, "cipher_null") &&
setsockopt(h->tfmfd, SOL_ALG, ALG_SET_KEY, buffer, length) == -1) { setsockopt(h->tfmfd, SOL_ALG, ALG_SET_KEY, buffer, length) < 0) {
crypt_cipher_destroy(h);
return -EINVAL;
}
h->opfd = accept(h->tfmfd, NULL, 0);
if (h->opfd < 0) {
crypt_cipher_destroy(h); crypt_cipher_destroy(h);
return -EINVAL; return -EINVAL;
} }
@@ -239,9 +225,9 @@ int crypt_cipher_decrypt(struct crypt_cipher *ctx,
int crypt_cipher_destroy(struct crypt_cipher *ctx) int crypt_cipher_destroy(struct crypt_cipher *ctx)
{ {
if (ctx->tfmfd != -1) if (ctx->tfmfd >= 0)
close(ctx->tfmfd); close(ctx->tfmfd);
if (ctx->opfd != -1) if (ctx->opfd >= 0)
close(ctx->opfd); close(ctx->opfd);
memset(ctx, 0, sizeof(*ctx)); memset(ctx, 0, sizeof(*ctx));
free(ctx); free(ctx);

35
lib/crypto_backend/crypto_kernel.c
View File

@@ -2,7 +2,7 @@
* Linux kernel userspace API crypto backend implementation * Linux kernel userspace API crypto backend implementation
* *
* Copyright (C) 2010-2012, Red Hat, Inc. All rights reserved. * Copyright (C) 2010-2012, Red Hat, Inc. All rights reserved.
* Copyright (C) 2010-2014, Milan Broz * Copyright (C) 2010-2016, Milan Broz
* *
* This file is free software; you can redistribute it and/or * This file is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public * modify it under the terms of the GNU Lesser General Public
@@ -68,8 +68,27 @@ struct crypt_hmac {
int hash_len; int hash_len;
}; };
/* Defined in crypt_kernel_ciphers.c */ static int crypt_kernel_socket_init(struct sockaddr_alg *sa, int *tfmfd, int *opfd)
extern int crypt_kernel_socket_init(struct sockaddr_alg *sa, int *tfmfd, int *opfd); {
*tfmfd = socket(AF_ALG, SOCK_SEQPACKET, 0);
if (*tfmfd < 0)
return -ENOTSUP;
if (bind(*tfmfd, (struct sockaddr *)sa, sizeof(*sa)) < 0) {
close(*tfmfd);
*tfmfd = -1;
return -ENOENT;
}
*opfd = accept(*tfmfd, NULL, 0);
if (*opfd < 0) {
close(*tfmfd);
*tfmfd = -1;
return -EINVAL;
}
return 0;
}
int crypt_backend_init(struct crypt_device *ctx) int crypt_backend_init(struct crypt_device *ctx)
{ {
@@ -188,9 +207,9 @@ int crypt_hash_final(struct crypt_hash *ctx, char *buffer, size_t length)
int crypt_hash_destroy(struct crypt_hash *ctx) int crypt_hash_destroy(struct crypt_hash *ctx)
{ {
if (ctx->tfmfd != -1) if (ctx->tfmfd >= 0)
close(ctx->tfmfd); close(ctx->tfmfd);
if (ctx->opfd != -1) if (ctx->opfd >= 0)
close(ctx->opfd); close(ctx->opfd);
memset(ctx, 0, sizeof(*ctx)); memset(ctx, 0, sizeof(*ctx));
free(ctx); free(ctx);
@@ -232,7 +251,7 @@ int crypt_hmac_init(struct crypt_hmac **ctx, const char *name,
return -EINVAL; return -EINVAL;
} }
if (setsockopt(h->tfmfd, SOL_ALG, ALG_SET_KEY, buffer, length) == -1) { if (setsockopt(h->tfmfd, SOL_ALG, ALG_SET_KEY, buffer, length) < 0) {
crypt_hmac_destroy(h); crypt_hmac_destroy(h);
return -EINVAL; return -EINVAL;
} }
@@ -268,9 +287,9 @@ int crypt_hmac_final(struct crypt_hmac *ctx, char *buffer, size_t length)
int crypt_hmac_destroy(struct crypt_hmac *ctx) int crypt_hmac_destroy(struct crypt_hmac *ctx)
{ {
if (ctx->tfmfd != -1) if (ctx->tfmfd >= 0)
close(ctx->tfmfd); close(ctx->tfmfd);
if (ctx->opfd != -1) if (ctx->opfd >= 0)
close(ctx->opfd); close(ctx->opfd);
memset(ctx, 0, sizeof(*ctx)); memset(ctx, 0, sizeof(*ctx));
free(ctx); free(ctx);