eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-06 08:20:07 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add API for activating device by specific token type.

Browse Source
This commit is contained in:
Ondrej Kozina
2021-03-18 16:33:02 +01:00
parent 36805b3cfe
commit 96d83455ca
6 changed files with 68 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
lib/libcryptsetup.h
View File

@@ -2283,11 +2283,34 @@ int crypt_activate_by_token(struct crypt_device *cd,
void *usrptr, void *usrptr,
uint32_t flags); uint32_t flags);
/**
* Activate device or check key using specific token type.
*
* @param cd crypt device handle
* @param name name of device to create, if @e NULL only check token
* @param type restrict type of token, if @e NULL all types eligible
* @param token requested token to check or CRYPT_ANY_TOKEN to check all
* @param usrptr provided identification in callback
* @param flags activation flags
*
* @return unlocked key slot number or negative errno otherwise.
*
* @note EAGAIN errno means that token is PIN protected and you should call
* @link crypt_activate_by_pin_token @endlink with PIN
*/
int crypt_activate_by_token_type(struct crypt_device *cd,
const char *name,
const char *type,
int token,
void *usrptr,
uint32_t flags);
/** /**
* Activate device or check key using a token with PIN. * Activate device or check key using a token with PIN.
* *
* @param cd crypt device handle * @param cd crypt device handle
* @param name name of device to create, if @e NULL only check token * @param name name of device to create, if @e NULL only check token
* @param type restrict type of token, if @e NULL all types eligible
* @param token requested token to check or CRYPT_ANY_TOKEN to check all * @param token requested token to check or CRYPT_ANY_TOKEN to check all
* @param pin passphrase (or PIN) to unlock token (may be binary data) * @param pin passphrase (or PIN) to unlock token (may be binary data)
* @param pin_size size of @e pin * @param pin_size size of @e pin
@@ -2298,6 +2321,7 @@ int crypt_activate_by_token(struct crypt_device *cd,
*/ */
int crypt_activate_by_pin_token(struct crypt_device *cd, int crypt_activate_by_pin_token(struct crypt_device *cd,
const char *name, const char *name,
const char *type,
int token, int token,
const char *pin, const char *pin,
size_t pin_size, size_t pin_size,

1
lib/libcryptsetup.sym
View File

@@ -4,6 +4,7 @@ CRYPTSETUP_2.4 {
crypt_token_max; crypt_token_max;
crypt_header_is_detached; crypt_header_is_detached;
crypt_logf; crypt_logf;
crypt_activate_by_token_type;
crypt_activate_by_pin_token; crypt_activate_by_pin_token;
crypt_dump_json; crypt_dump_json;
}; };

5
lib/luks2/luks2.h
View File

@@ -273,6 +273,7 @@ int LUKS2_token_open_and_activate(struct crypt_device *cd,
struct luks2_hdr *hdr, struct luks2_hdr *hdr,
int token, int token,
const char *name, const char *name,
const char *type,
const char *pin, const char *pin,
size_t pin_size, size_t pin_size,
uint32_t flags, uint32_t flags,
@@ -281,9 +282,11 @@ int LUKS2_token_open_and_activate(struct crypt_device *cd,
int LUKS2_token_open_and_activate_any(struct crypt_device *cd, int LUKS2_token_open_and_activate_any(struct crypt_device *cd,
struct luks2_hdr *hdr, struct luks2_hdr *hdr,
const char *name, const char *name,
const char *type,
const char *pin, const char *pin,
size_t pin_size, size_t pin_size,
uint32_t flags); uint32_t flags,
void *usrptr);
int LUKS2_token_keyring_get(struct crypt_device *cd, int LUKS2_token_keyring_get(struct crypt_device *cd,
struct luks2_hdr *hdr, struct luks2_hdr *hdr,

26
lib/luks2/luks2_token.c
View File

@@ -485,6 +485,7 @@ int LUKS2_token_open_and_activate(struct crypt_device *cd,
struct luks2_hdr *hdr, struct luks2_hdr *hdr,
int token, int token,
const char *name, const char *name,
const char *type,
const char *pin, const char *pin,
size_t pin_size, size_t pin_size,
uint32_t flags, uint32_t flags,
@@ -494,8 +495,18 @@ int LUKS2_token_open_and_activate(struct crypt_device *cd,
int keyslot, r; int keyslot, r;
char *buffer; char *buffer;
size_t buffer_len; size_t buffer_len;
json_object *jobj_token, *jobj_type;
struct volume_key *vk = NULL; struct volume_key *vk = NULL;
if (type) {
if (!(jobj_token = LUKS2_get_token_jobj(hdr, token)))
return -ENOENT;
if (!json_object_object_get_ex(jobj_token, "type", &jobj_type))
return -EINVAL;
if (strcmp(type, json_object_get_string(jobj_type)))
return -ENOENT;
}
r = LUKS2_token_open(cd, hdr, token, pin, pin_size, &buffer, &buffer_len, usrptr); r = LUKS2_token_open(cd, hdr, token, pin, pin_size, &buffer, &buffer_len, usrptr);
if (r < 0) if (r < 0)
return r; return r;
@@ -536,12 +547,14 @@ int LUKS2_token_open_and_activate(struct crypt_device *cd,
int LUKS2_token_open_and_activate_any(struct crypt_device *cd, int LUKS2_token_open_and_activate_any(struct crypt_device *cd,
struct luks2_hdr *hdr, struct luks2_hdr *hdr,
const char *name, const char *name,
const char *type,
const char *pin, const char *pin,
size_t pin_size, size_t pin_size,
uint32_t flags) uint32_t flags,
void *usrptr)
{ {
char *buffer; char *buffer;
json_object *tokens_jobj; json_object *tokens_jobj, *type_jobj;
size_t buffer_len; size_t buffer_len;
int keyslot, token, r = -EINVAL; int keyslot, token, r = -EINVAL;
struct volume_key *vk = NULL; struct volume_key *vk = NULL;
@@ -549,10 +562,15 @@ int LUKS2_token_open_and_activate_any(struct crypt_device *cd,
json_object_object_get_ex(hdr->jobj, "tokens", &tokens_jobj); json_object_object_get_ex(hdr->jobj, "tokens", &tokens_jobj);
json_object_object_foreach(tokens_jobj, slot, val) { json_object_object_foreach(tokens_jobj, slot, val) {
UNUSED(val); if (type) {
if (!json_object_object_get_ex(val, "type", &type_jobj))
return -EINVAL;
if (strcmp(type, json_object_get_string(type_jobj)))
continue;
}
token = atoi(slot); token = atoi(slot);
r = LUKS2_token_open(cd, hdr, token, pin, pin_size, &buffer, &buffer_len, NULL); r = LUKS2_token_open(cd, hdr, token, pin, pin_size, &buffer, &buffer_len, usrptr);
if (r < 0) if (r < 0)
continue; continue;

23
lib/setup.c
View File

@@ -5595,13 +5595,15 @@ void crypt_set_luks2_reencrypt(struct crypt_device *cd, struct luks2_reencrypt *
/* /*
* Token handling * Token handling
*/ */
int crypt_activate_by_pin_token(struct crypt_device *cd, const char *name, int token, int crypt_activate_by_pin_token(struct crypt_device *cd, const char *name,
const char *pin, size_t pin_size, void *usrptr, uint32_t flags) const char *type, int token, const char *pin, size_t pin_size,
void *usrptr, uint32_t flags)
{ {
int r; int r;
log_dbg(cd, "%s volume %s using token %d.", log_dbg(cd, "%s volume %s using token (%s type) %d.",
name ? "Activating" : "Checking", name ?: "passphrase", token); name ? "Activating" : "Checking", name ?: "passphrase",
type ?: "any", token);
if ((r = _onlyLUKS2(cd, CRYPT_CD_QUIET | CRYPT_CD_UNRESTRICTED, 0))) if ((r = _onlyLUKS2(cd, CRYPT_CD_QUIET | CRYPT_CD_UNRESTRICTED, 0)))
return r; return r;
@@ -5613,15 +5615,22 @@ int crypt_activate_by_pin_token(struct crypt_device *cd, const char *name, int t
return -EINVAL; return -EINVAL;
if (token == CRYPT_ANY_TOKEN) if (token == CRYPT_ANY_TOKEN)
return LUKS2_token_open_and_activate_any(cd, &cd->u.luks2.hdr, name, pin, pin_size, flags); return LUKS2_token_open_and_activate_any(cd, &cd->u.luks2.hdr, name, type, pin, pin_size, flags, type ? usrptr : NULL);
return LUKS2_token_open_and_activate(cd, &cd->u.luks2.hdr, token, name, pin, pin_size, flags, usrptr); return LUKS2_token_open_and_activate(cd, &cd->u.luks2.hdr, token, name, type, pin, pin_size, flags, usrptr);
} }
int crypt_activate_by_token(struct crypt_device *cd, int crypt_activate_by_token(struct crypt_device *cd,
const char *name, int token, void *usrptr, uint32_t flags) const char *name, int token, void *usrptr, uint32_t flags)
{ {
return crypt_activate_by_pin_token(cd, name, token, NULL, 0, usrptr, flags); return crypt_activate_by_pin_token(cd, name, NULL, token, NULL, 0, usrptr, flags);
}
int crypt_activate_by_token_type(struct crypt_device *cd,
const char *name, const char *type, int token,
void *usrptr, uint32_t flags)
{
return crypt_activate_by_pin_token(cd, name, type, token, NULL, 0, usrptr, flags);
} }
int crypt_token_json_get(struct crypt_device *cd, int token, const char **json) int crypt_token_json_get(struct crypt_device *cd, int token, const char **json)

2
src/cryptsetup.c
View File

@@ -1541,7 +1541,7 @@ static int action_open_luks(void)
ARG_UINT32(OPT_TIMEOUT_ID), _verify_passphrase(0), 0, cd); ARG_UINT32(OPT_TIMEOUT_ID), _verify_passphrase(0), 0, cd);
if (r < 0) if (r < 0)
goto out; goto out;
r = crypt_activate_by_pin_token(cd, activated_name, ARG_INT32(OPT_TOKEN_ID_ID), r = crypt_activate_by_pin_token(cd, activated_name, NULL, ARG_INT32(OPT_TOKEN_ID_ID),
password, passwordLen, NULL, activate_flags); password, passwordLen, NULL, activate_flags);
tools_keyslot_msg(r, UNLOCKED); tools_keyslot_msg(r, UNLOCKED);
} }