From 97a22c27dd6b5ee40e187526eed01692e7172651 Mon Sep 17 00:00:00 2001
From: Milan Broz <gmazyland@gmail.com>
Date: Tue, 17 May 2022 12:22:16 +0200
Subject: [PATCH] Make crypt_load quiet if metadata is not detected.

Ths will allow automatic scan of known formats.

Errors are printed only if something is wrong with already detected metadata.

This change means that it is responsibility of the caller to print an error
message if needed.

Also fix some places without a message.

Fixes: #642
---
 lib/bitlk/bitlk.c           |  6 +++---
 lib/integrity/integrity.c   |  2 +-
 lib/libcryptsetup.h         |  3 ++-
 lib/setup.c                 | 16 +++++++++-------
 lib/verity/verity.c         |  3 +--
 src/cryptsetup.c            |  4 +++-
 src/integritysetup.c        |  6 +++++-
 src/veritysetup.c           |  6 ++++++
 tokens/ssh/cryptsetup-ssh.c |  4 +++-
 9 files changed, 33 insertions(+), 17 deletions(-)

diff --git a/lib/bitlk/bitlk.c b/lib/bitlk/bitlk.c
index 441b8ce3..3548d107 100644
--- a/lib/bitlk/bitlk.c
+++ b/lib/bitlk/bitlk.c
@@ -430,8 +430,8 @@ int BITLK_read_sb(struct crypt_device *cd, struct bitlk_metadata *params)
 	/* read and check the signature */
 	if (read_lseek_blockwise(devfd, device_block_size(cd, device),
 		device_alignment(device), &sig, sizeof(sig), 0) != sizeof(sig)) {
-		log_err(cd, _("Failed to read BITLK signature from %s."), device_path(device));
-		r = -EINVAL;
+		log_dbg(cd, "Failed to read BITLK signature from %s.", device_path(device));
+		r = -EIO;
 		goto out;
 	}
 
@@ -442,7 +442,7 @@ int BITLK_read_sb(struct crypt_device *cd, struct bitlk_metadata *params)
 		params->togo = true;
 		fve_offset = BITLK_HEADER_METADATA_OFFSET_TOGO;
 	} else {
-		log_err(cd, _("Invalid or unknown signature for BITLK device."));
+		log_dbg(cd, "Invalid or unknown signature for BITLK device.");
 		r = -EINVAL;
 		goto out;
 	}
diff --git a/lib/integrity/integrity.c b/lib/integrity/integrity.c
index bdc28f6d..83ee89d3 100644
--- a/lib/integrity/integrity.c
+++ b/lib/integrity/integrity.c
@@ -51,7 +51,7 @@ static int INTEGRITY_read_superblock(struct crypt_device *cd,
 	if (read_lseek_blockwise(devfd, device_block_size(cd, device),
 	    device_alignment(device), sb, sizeof(*sb), offset) != sizeof(*sb) ||
 	    memcmp(sb->magic, SB_MAGIC, sizeof(sb->magic))) {
-		log_err(cd, _("No kernel dm-integrity metadata detected on %s."), device_path(device));
+		log_dbg(cd, "No kernel dm-integrity metadata detected on %s.", device_path(device));
 		r = -EINVAL;
 	} else if (sb->version < SB_VERSION_1 || sb->version > SB_VERSION_5) {
 		log_err(cd, _("Incompatible kernel dm-integrity metadata (version %u) detected on %s."),
diff --git a/lib/libcryptsetup.h b/lib/libcryptsetup.h
index dd144adc..e4ffc2b1 100644
--- a/lib/libcryptsetup.h
+++ b/lib/libcryptsetup.h
@@ -767,7 +767,8 @@ int crypt_volume_key_keyring(struct crypt_device *cd, int enable);
  * @post In case LUKS header is read successfully but payload device is too small
  * error is returned and device type in context is set to @e NULL
  *
- * @note Note that in current version load works only for LUKS and VERITY device type.
+ * @note Note that load works only for device types with on-disk metadata.
+ * @note Function does not print visible error message if metadata is not present.
  *
  */
 int crypt_load(struct crypt_device *cd,
diff --git a/lib/setup.c b/lib/setup.c
index 022e1ea8..923f1f1c 100644
--- a/lib/setup.c
+++ b/lib/setup.c
@@ -752,7 +752,7 @@ static void _luks2_reload(struct crypt_device *cd)
 }
 
 static int _crypt_load_luks(struct crypt_device *cd, const char *requested_type,
-			    int require_header, int repair)
+			    bool quiet, bool repair)
 {
 	char *cipher_spec;
 	struct luks_phdr hdr = {};
@@ -784,7 +784,7 @@ static int _crypt_load_luks(struct crypt_device *cd, const char *requested_type,
 				return r;
 		}
 
-		r = LUKS_read_phdr(&hdr, require_header, repair, cd);
+		r = LUKS_read_phdr(&hdr, !quiet, repair, cd);
 		if (r)
 			goto out;
 
@@ -829,6 +829,8 @@ static int _crypt_load_luks(struct crypt_device *cd, const char *requested_type,
 		r =  _crypt_load_luks2(cd, cd->type != NULL, repair);
 		if (!r)
 			device_set_block_size(crypt_data_device(cd), LUKS2_get_sector_size(&cd->u.luks2.hdr));
+		else if (!quiet)
+			log_err(cd, _("Device %s is not a valid LUKS device."), mdata_device_path(cd));
 	} else {
 		if (version > 2)
 			log_err(cd, _("Unsupported LUKS version %d."), version);
@@ -1024,7 +1026,7 @@ int crypt_load(struct crypt_device *cd,
 			return -EINVAL;
 		}
 
-		r = _crypt_load_luks(cd, requested_type, 1, 0);
+		r = _crypt_load_luks(cd, requested_type, true, false);
 	} else if (isVERITY(requested_type)) {
 		if (cd->type && !isVERITY(cd->type)) {
 			log_dbg(cd, "Context is already initialized to type %s", cd->type);
@@ -1268,7 +1270,7 @@ static int _init_by_name_crypt(struct crypt_device *cd, const char *name)
 		cd->u.loopaes.key_size = tgt->u.crypt.vk->keylength / key_nums;
 	} else if (isLUKS1(cd->type) || isLUKS2(cd->type)) {
 		if (crypt_metadata_device(cd)) {
-			r = _crypt_load_luks(cd, cd->type, 0, 0);
+			r = _crypt_load_luks(cd, cd->type, true, false);
 			if (r < 0) {
 				log_dbg(cd, "LUKS device header does not match active device.");
 				crypt_set_null_type(cd);
@@ -2377,7 +2379,7 @@ int crypt_repair(struct crypt_device *cd,
 		return -EINVAL;
 
 	/* Load with repair */
-	r = _crypt_load_luks(cd, requested_type, 1, 1);
+	r = _crypt_load_luks(cd, requested_type, false, true);
 	if (r < 0)
 		return r;
 
@@ -3066,7 +3068,7 @@ int crypt_header_backup(struct crypt_device *cd,
 		return -EINVAL;
 
 	/* Load with repair */
-	r = _crypt_load_luks(cd, requested_type, 1, 0);
+	r = _crypt_load_luks(cd, requested_type, false, false);
 	if (r < 0)
 		return r;
 
@@ -3132,7 +3134,7 @@ int crypt_header_restore(struct crypt_device *cd,
 		r = -EINVAL;
 
 	if (!r)
-		r = _crypt_load_luks(cd, version == 1 ? CRYPT_LUKS1 : CRYPT_LUKS2, 1, 1);
+		r = _crypt_load_luks(cd, version == 1 ? CRYPT_LUKS1 : CRYPT_LUKS2, false, true);
 
 	return r;
 }
diff --git a/lib/verity/verity.c b/lib/verity/verity.c
index 7570dde9..a5bc015d 100644
--- a/lib/verity/verity.c
+++ b/lib/verity/verity.c
@@ -87,8 +87,7 @@ int VERITY_read_sb(struct crypt_device *cd,
 		return -EIO;
 
 	if (memcmp(sb.signature, VERITY_SIGNATURE, sizeof(sb.signature))) {
-		log_err(cd, _("Device %s is not a valid VERITY device."),
-			device_path(device));
+		log_dbg(cd, "No VERITY signature detected.");
 		return -EINVAL;
 	}
 
diff --git a/src/cryptsetup.c b/src/cryptsetup.c
index 634d244d..d040d212 100644
--- a/src/cryptsetup.c
+++ b/src/cryptsetup.c
@@ -628,8 +628,10 @@ static int action_bitlkDump(void)
 		goto out;
 
 	r = crypt_load(cd, CRYPT_BITLK, NULL);
-	if (r < 0)
+	if (r < 0) {
+		log_err(_("Device %s is not a valid BITLK device."), action_argv[0]);
 		goto out;
+	}
 
 	if (ARG_SET(OPT_DUMP_VOLUME_KEY_ID))
 		r = bitlkDump_with_volume_key(cd);
diff --git a/src/integritysetup.c b/src/integritysetup.c
index 2039759f..44a03f99 100644
--- a/src/integritysetup.c
+++ b/src/integritysetup.c
@@ -360,8 +360,10 @@ static int action_open(void)
 		goto out;
 
 	r = crypt_load(cd, CRYPT_INTEGRITY, &params);
-	if (r)
+	if (r) {
+		log_err(_("Device %s is not a valid INTEGRITY device."), action_argv[0]);
 		goto out;
+	}
 
 	if (ARG_SET(OPT_INTEGRITY_LEGACY_RECALC_ID))
 		crypt_set_compatibility(cd, CRYPT_COMPAT_LEGACY_INTEGRITY_RECALC);
@@ -515,6 +517,8 @@ static int action_dump(void)
 	r = crypt_load(cd, CRYPT_INTEGRITY, &params);
 	if (!r)
 		crypt_dump(cd);
+	else
+		log_err(_("Device %s is not a valid INTEGRITY device."), action_argv[0]);
 
 	crypt_free(cd);
 	return r;
diff --git a/src/veritysetup.c b/src/veritysetup.c
index d80b4a09..2d96bd65 100644
--- a/src/veritysetup.c
+++ b/src/veritysetup.c
@@ -192,6 +192,9 @@ static int _activate(const char *dm_device,
 		params.fec_device = ARG_STR(OPT_FEC_DEVICE_ID);
 		params.fec_roots = ARG_UINT32(OPT_FEC_ROOTS_ID);
 		r = crypt_load(cd, CRYPT_VERITY, &params);
+		if (r)
+			log_err(_("Device %s is not a valid VERITY device."), hash_device);
+
 	} else {
 		r = _prepare_format(&params, data_device, flags | CRYPT_VERITY_NO_HEADER);
 		if (r < 0)
@@ -465,6 +468,9 @@ static int action_dump(void)
 	r = crypt_load(cd, CRYPT_VERITY, &params);
 	if (!r)
 		crypt_dump(cd);
+	else
+		log_err(_("Device %s is not a valid VERITY device."), action_argv[0]);
+
 	crypt_free(cd);
 	return r;
 }
diff --git a/tokens/ssh/cryptsetup-ssh.c b/tokens/ssh/cryptsetup-ssh.c
index d120c1c1..7d1f46b7 100644
--- a/tokens/ssh/cryptsetup-ssh.c
+++ b/tokens/ssh/cryptsetup-ssh.c
@@ -73,8 +73,10 @@ static int token_add(
 		return r;
 
 	r = crypt_load(cd, CRYPT_LUKS2, NULL);
-	if (r)
+	if (r) {
+		l_err(cd, _("Device %s is not a valid LUKS device."), device);
 		goto out;
+	}
 
 	r = -EINVAL;
 	jobj = json_object_new_object();