bitlk: Do not allow to activate devices in an unknown state

According to Dislocker, two unknown numbers in the FVE metadata
indicate "state" of the BITLK device. We were able to identify
only one of the states and we shouldn't allow activating devices
in other states for now.

lib/bitlk/bitlk.c

@@ -118,7 +118,8 @@ struct bitlk_fve_metadata {
 	uint8_t signature[8];
 	uint16_t fve_size;
 	uint16_t fve_version;
-	uint32_t unknown;
+	uint16_t curr_state;
+	uint16_t next_state;
 	uint64_t volume_size;
 	uint32_t unknown2;
 	uint32_t volume_header_size;
@@ -508,6 +509,14 @@ int BITLK_read_sb(struct crypt_device *cd, struct bitlk_metadata *params)
 		goto out;
 	}
 
+	/* check encryption state for the device */
+	params->state = true;
+	if (le16_to_cpu(fve.curr_state) != BITLK_STATE_NORMAL || le16_to_cpu(fve.next_state) != BITLK_STATE_NORMAL) {
+		params->state = false;
+		log_dbg(cd, "Unknown/unsupported state detected. Current state: %"PRIu16", next state: %"PRIu16".",
+			le16_to_cpu(fve.curr_state), le16_to_cpu(fve.next_state));
+	}
+
 	params->metadata_version = le16_to_cpu(fve.fve_version);
 	fve_metadata_size = le32_to_cpu(fve.metadata_size);
 
@@ -925,6 +934,12 @@ int BITLK_activate(struct crypt_device *cd,
 	uint64_t last_segment = 0;
 	uint32_t dmt_flags;
 
+	if (!params->state) {
+		log_err(cd, _("This BITLK device is in an unsupported state and can't be activated."));
+		r = -ENOTSUP;
+		goto out;
+	}
+
 	next_vmk = params->vmks;
 	while (next_vmk) {
 		if (next_vmk->protection == BITLK_PROTECTION_PASSPHRASE) {

lib/bitlk/bitlk.h

@@ -36,6 +36,8 @@ struct device;
 
 #define BITLK_VMK_OPEN_KEY "openkey"
 
+#define BITLK_STATE_NORMAL 0x0004
+
 typedef enum {
 	BITLK_PROTECTION_CLEAR_KEY = 0,
 	BITLK_PROTECTION_TPM,
@@ -90,6 +92,7 @@ struct bitlk_fvek {
 
 struct bitlk_metadata {
 	bool togo;
+	bool state;
 	const char *cipher;
 	const char *cipher_mode;
 	uint16_t key_size;