mirror of
https://gitlab.com/cryptsetup/cryptsetup.git
synced 2025-12-05 16:00:05 +01:00
Add API for activating device by specific token type.
This commit is contained in:
Ondrej Kozina
@@ -2283,11 +2283,34 @@ int crypt_activate_by_token(struct crypt_device *cd,
|
||||
void *usrptr,
|
||||
uint32_t flags);
|
||||
|
||||
/**
|
||||
* Activate device or check key using specific token type.
|
||||
*
|
||||
* @param cd crypt device handle
|
||||
* @param name name of device to create, if @e NULL only check token
|
||||
* @param type restrict type of token, if @e NULL all types eligible
|
||||
* @param token requested token to check or CRYPT_ANY_TOKEN to check all
|
||||
* @param usrptr provided identification in callback
|
||||
* @param flags activation flags
|
||||
*
|
||||
* @return unlocked key slot number or negative errno otherwise.
|
||||
*
|
||||
* @note EAGAIN errno means that token is PIN protected and you should call
|
||||
* @link crypt_activate_by_pin_token @endlink with PIN
|
||||
*/
|
||||
int crypt_activate_by_token_type(struct crypt_device *cd,
|
||||
const char *name,
|
||||
const char *type,
|
||||
int token,
|
||||
void *usrptr,
|
||||
uint32_t flags);
|
||||
|
||||
/**
|
||||
* Activate device or check key using a token with PIN.
|
||||
*
|
||||
* @param cd crypt device handle
|
||||
* @param name name of device to create, if @e NULL only check token
|
||||
* @param type restrict type of token, if @e NULL all types eligible
|
||||
* @param token requested token to check or CRYPT_ANY_TOKEN to check all
|
||||
* @param pin passphrase (or PIN) to unlock token (may be binary data)
|
||||
* @param pin_size size of @e pin
|
||||
@@ -2298,6 +2321,7 @@ int crypt_activate_by_token(struct crypt_device *cd,
|
||||
*/
|
||||
int crypt_activate_by_pin_token(struct crypt_device *cd,
|
||||
const char *name,
|
||||
const char *type,
|
||||
int token,
|
||||
const char *pin,
|
||||
size_t pin_size,
|
||||
|
||||
@@ -4,6 +4,7 @@ CRYPTSETUP_2.4 {
|
||||
crypt_token_max;
|
||||
crypt_header_is_detached;
|
||||
crypt_logf;
|
||||
crypt_activate_by_token_type;
|
||||
crypt_activate_by_pin_token;
|
||||
crypt_dump_json;
|
||||
};
|
||||
|
||||
@@ -273,6 +273,7 @@ int LUKS2_token_open_and_activate(struct crypt_device *cd,
|
||||
struct luks2_hdr *hdr,
|
||||
int token,
|
||||
const char *name,
|
||||
const char *type,
|
||||
const char *pin,
|
||||
size_t pin_size,
|
||||
uint32_t flags,
|
||||
@@ -281,9 +282,11 @@ int LUKS2_token_open_and_activate(struct crypt_device *cd,
|
||||
int LUKS2_token_open_and_activate_any(struct crypt_device *cd,
|
||||
struct luks2_hdr *hdr,
|
||||
const char *name,
|
||||
const char *type,
|
||||
const char *pin,
|
||||
size_t pin_size,
|
||||
uint32_t flags);
|
||||
uint32_t flags,
|
||||
void *usrptr);
|
||||
|
||||
int LUKS2_token_keyring_get(struct crypt_device *cd,
|
||||
struct luks2_hdr *hdr,
|
||||
|
||||
@@ -485,6 +485,7 @@ int LUKS2_token_open_and_activate(struct crypt_device *cd,
|
||||
struct luks2_hdr *hdr,
|
||||
int token,
|
||||
const char *name,
|
||||
const char *type,
|
||||
const char *pin,
|
||||
size_t pin_size,
|
||||
uint32_t flags,
|
||||
@@ -494,8 +495,18 @@ int LUKS2_token_open_and_activate(struct crypt_device *cd,
|
||||
int keyslot, r;
|
||||
char *buffer;
|
||||
size_t buffer_len;
|
||||
json_object *jobj_token, *jobj_type;
|
||||
struct volume_key *vk = NULL;
|
||||
|
||||
if (type) {
|
||||
if (!(jobj_token = LUKS2_get_token_jobj(hdr, token)))
|
||||
return -ENOENT;
|
||||
if (!json_object_object_get_ex(jobj_token, "type", &jobj_type))
|
||||
return -EINVAL;
|
||||
if (strcmp(type, json_object_get_string(jobj_type)))
|
||||
return -ENOENT;
|
||||
}
|
||||
|
||||
r = LUKS2_token_open(cd, hdr, token, pin, pin_size, &buffer, &buffer_len, usrptr);
|
||||
if (r < 0)
|
||||
return r;
|
||||
@@ -536,12 +547,14 @@ int LUKS2_token_open_and_activate(struct crypt_device *cd,
|
||||
int LUKS2_token_open_and_activate_any(struct crypt_device *cd,
|
||||
struct luks2_hdr *hdr,
|
||||
const char *name,
|
||||
const char *type,
|
||||
const char *pin,
|
||||
size_t pin_size,
|
||||
uint32_t flags)
|
||||
uint32_t flags,
|
||||
void *usrptr)
|
||||
{
|
||||
char *buffer;
|
||||
json_object *tokens_jobj;
|
||||
json_object *tokens_jobj, *type_jobj;
|
||||
size_t buffer_len;
|
||||
int keyslot, token, r = -EINVAL;
|
||||
struct volume_key *vk = NULL;
|
||||
@@ -549,10 +562,15 @@ int LUKS2_token_open_and_activate_any(struct crypt_device *cd,
|
||||
json_object_object_get_ex(hdr->jobj, "tokens", &tokens_jobj);
|
||||
|
||||
json_object_object_foreach(tokens_jobj, slot, val) {
|
||||
UNUSED(val);
|
||||
if (type) {
|
||||
if (!json_object_object_get_ex(val, "type", &type_jobj))
|
||||
return -EINVAL;
|
||||
if (strcmp(type, json_object_get_string(type_jobj)))
|
||||
continue;
|
||||
}
|
||||
token = atoi(slot);
|
||||
|
||||
r = LUKS2_token_open(cd, hdr, token, pin, pin_size, &buffer, &buffer_len, NULL);
|
||||
r = LUKS2_token_open(cd, hdr, token, pin, pin_size, &buffer, &buffer_len, usrptr);
|
||||
if (r < 0)
|
||||
continue;
|
||||
|
||||
|
||||
23
lib/setup.c
23
lib/setup.c
@@ -5595,13 +5595,15 @@ void crypt_set_luks2_reencrypt(struct crypt_device *cd, struct luks2_reencrypt *
|
||||
/*
|
||||
* Token handling
|
||||
*/
|
||||
int crypt_activate_by_pin_token(struct crypt_device *cd, const char *name, int token,
|
||||
const char *pin, size_t pin_size, void *usrptr, uint32_t flags)
|
||||
int crypt_activate_by_pin_token(struct crypt_device *cd, const char *name,
|
||||
const char *type, int token, const char *pin, size_t pin_size,
|
||||
void *usrptr, uint32_t flags)
|
||||
{
|
||||
int r;
|
||||
|
||||
log_dbg(cd, "%s volume %s using token %d.",
|
||||
name ? "Activating" : "Checking", name ?: "passphrase", token);
|
||||
log_dbg(cd, "%s volume %s using token (%s type) %d.",
|
||||
name ? "Activating" : "Checking", name ?: "passphrase",
|
||||
type ?: "any", token);
|
||||
|
||||
if ((r = _onlyLUKS2(cd, CRYPT_CD_QUIET | CRYPT_CD_UNRESTRICTED, 0)))
|
||||
return r;
|
||||
@@ -5613,15 +5615,22 @@ int crypt_activate_by_pin_token(struct crypt_device *cd, const char *name, int t
|
||||
return -EINVAL;
|
||||
|
||||
if (token == CRYPT_ANY_TOKEN)
|
||||
return LUKS2_token_open_and_activate_any(cd, &cd->u.luks2.hdr, name, pin, pin_size, flags);
|
||||
return LUKS2_token_open_and_activate_any(cd, &cd->u.luks2.hdr, name, type, pin, pin_size, flags, type ? usrptr : NULL);
|
||||
|
||||
return LUKS2_token_open_and_activate(cd, &cd->u.luks2.hdr, token, name, pin, pin_size, flags, usrptr);
|
||||
return LUKS2_token_open_and_activate(cd, &cd->u.luks2.hdr, token, name, type, pin, pin_size, flags, usrptr);
|
||||
}
|
||||
|
||||
int crypt_activate_by_token(struct crypt_device *cd,
|
||||
const char *name, int token, void *usrptr, uint32_t flags)
|
||||
{
|
||||
return crypt_activate_by_pin_token(cd, name, token, NULL, 0, usrptr, flags);
|
||||
return crypt_activate_by_pin_token(cd, name, NULL, token, NULL, 0, usrptr, flags);
|
||||
}
|
||||
|
||||
int crypt_activate_by_token_type(struct crypt_device *cd,
|
||||
const char *name, const char *type, int token,
|
||||
void *usrptr, uint32_t flags)
|
||||
{
|
||||
return crypt_activate_by_pin_token(cd, name, type, token, NULL, 0, usrptr, flags);
|
||||
}
|
||||
|
||||
int crypt_token_json_get(struct crypt_device *cd, int token, const char **json)
|
||||
|
||||
@@ -1541,7 +1541,7 @@ static int action_open_luks(void)
|
||||
ARG_UINT32(OPT_TIMEOUT_ID), _verify_passphrase(0), 0, cd);
|
||||
if (r < 0)
|
||||
goto out;
|
||||
r = crypt_activate_by_pin_token(cd, activated_name, ARG_INT32(OPT_TOKEN_ID_ID),
|
||||
r = crypt_activate_by_pin_token(cd, activated_name, NULL, ARG_INT32(OPT_TOKEN_ID_ID),
|
||||
password, passwordLen, NULL, activate_flags);
|
||||
tools_keyslot_msg(r, UNLOCKED);
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user