From a5a846799309931fde82047a26c129691ef5cab5 Mon Sep 17 00:00:00 2001 From: Milan Broz Date: Tue, 27 Nov 2018 13:37:20 +0100 Subject: [PATCH] Use context in debug log messages. To use per-context logging even for debug messages we need to use the same macro as for error logging. --- lib/crypt_plain.c | 10 +- lib/integrity/integrity.c | 4 +- lib/internal.h | 4 +- lib/libdevmapper.c | 38 ++--- lib/loopaes/loopaes.c | 10 +- lib/luks1/keyencryption.c | 10 +- lib/luks1/keymanage.c | 66 ++++----- lib/luks1/luks.h | 3 +- lib/luks2/luks2.h | 2 +- lib/luks2/luks2_digest.c | 16 +-- lib/luks2/luks2_digest_pbkdf2.c | 4 +- lib/luks2/luks2_disk_metadata.c | 150 +++++++++---------- lib/luks2/luks2_internal.h | 21 +-- lib/luks2/luks2_json_format.c | 10 +- lib/luks2/luks2_json_metadata.c | 246 ++++++++++++++++---------------- lib/luks2/luks2_keyslot.c | 24 ++-- lib/luks2/luks2_keyslot_luks2.c | 58 ++++---- lib/luks2/luks2_luks1_convert.c | 19 +-- lib/luks2/luks2_token.c | 32 ++--- lib/luks2/luks2_token_keyring.c | 14 +- lib/setup.c | 150 +++++++++---------- lib/tcrypt/tcrypt.c | 33 ++--- lib/utils.c | 10 +- lib/utils_benchmark.c | 30 ++-- lib/utils_device.c | 42 +++--- lib/utils_device_locking.c | 50 +++---- lib/utils_device_locking.h | 4 +- lib/utils_pbkdf.c | 14 +- lib/utils_wipe.c | 4 +- lib/verity/verity.c | 10 +- lib/verity/verity_fec.c | 2 +- lib/verity/verity_hash.c | 28 ++-- 32 files changed, 568 insertions(+), 550 deletions(-) diff --git a/lib/crypt_plain.c b/lib/crypt_plain.c index f093f7c5..f89c7747 100644 --- a/lib/crypt_plain.c +++ b/lib/crypt_plain.c @@ -64,7 +64,7 @@ static int hash(const char *hash_name, size_t key_size, char *key, #define PLAIN_HASH_LEN_MAX 256 -int crypt_plain_hash(struct crypt_device *ctx __attribute__((unused)), +int crypt_plain_hash(struct crypt_device *cd, const char *hash_name, char *key, size_t key_size, const char *passphrase, size_t passphrase_size) @@ -73,7 +73,7 @@ int crypt_plain_hash(struct crypt_device *ctx __attribute__((unused)), size_t hash_size, pad_size; int r; - log_dbg("Plain: hashing passphrase using %s.", hash_name); + log_dbg(cd, "Plain: hashing passphrase using %s.", hash_name); if (strlen(hash_name) >= PLAIN_HASH_LEN_MAX) return -EINVAL; @@ -85,11 +85,11 @@ int crypt_plain_hash(struct crypt_device *ctx __attribute__((unused)), *s = '\0'; s++; if (!*s || sscanf(s, "%zd", &hash_size) != 1) { - log_dbg("Hash length is not a number"); + log_dbg(cd, "Hash length is not a number"); return -EINVAL; } if (hash_size > key_size) { - log_dbg("Hash length %zd > key length %zd", + log_dbg(cd, "Hash length %zd > key length %zd", hash_size, key_size); return -EINVAL; } @@ -102,7 +102,7 @@ int crypt_plain_hash(struct crypt_device *ctx __attribute__((unused)), /* No hash, copy passphrase directly */ if (!strcmp(hash_name_buf, "plain")) { if (passphrase_size < hash_size) { - log_dbg("Too short plain passphrase."); + log_dbg(cd, "Too short plain passphrase."); return -EINVAL; } memcpy(key, passphrase, hash_size); diff --git a/lib/integrity/integrity.c b/lib/integrity/integrity.c index cb868df0..04000219 100644 --- a/lib/integrity/integrity.c +++ b/lib/integrity/integrity.c @@ -220,7 +220,7 @@ int INTEGRITY_activate(struct crypt_device *cd, dmdi.u.integrity.journal_crypt = params->journal_crypt; } - log_dbg("Trying to activate INTEGRITY device on top of %s, using name %s, tag size %d, provided sectors %" PRIu64".", + log_dbg(cd, "Trying to activate INTEGRITY device on top of %s, using name %s, tag size %d, provided sectors %" PRIu64".", device_path(dmdi.data_device), name, dmdi.u.integrity.tag_size, dmdi.size); r = device_block_adjust(cd, dmdi.data_device, DEV_EXCL, @@ -276,7 +276,7 @@ int INTEGRITY_format(struct crypt_device *cd, snprintf(tmp_name, sizeof(tmp_name), "temporary-cryptsetup-%s", tmp_uuid); - log_dbg("Trying to format INTEGRITY device on top of %s, tmp name %s, tag size %d.", + log_dbg(cd, "Trying to format INTEGRITY device on top of %s, tmp name %s, tag size %d.", device_path(dmdi.data_device), tmp_name, dmdi.u.integrity.tag_size); r = device_block_adjust(cd, dmdi.data_device, DEV_EXCL, dmdi.u.integrity.offset, NULL, NULL); diff --git a/lib/internal.h b/lib/internal.h index 9560c2d7..d13ae04e 100644 --- a/lib/internal.h +++ b/lib/internal.h @@ -152,7 +152,7 @@ uint64_t crypt_getphysmemory_kb(void); int init_crypto(struct crypt_device *ctx); void logger(struct crypt_device *cd, int level, const char *file, int line, const char *format, ...) __attribute__ ((format (printf, 5, 6))); -#define log_dbg(x...) logger(NULL, CRYPT_LOG_DEBUG, __FILE__, __LINE__, x) +#define log_dbg(c, x...) logger(c, CRYPT_LOG_DEBUG, __FILE__, __LINE__, x) #define log_std(c, x...) logger(c, CRYPT_LOG_NORMAL, __FILE__, __LINE__, x) #define log_verbose(c, x...) logger(c, CRYPT_LOG_VERBOSE, __FILE__, __LINE__, x) #define log_err(c, x...) logger(c, CRYPT_LOG_ERROR, __FILE__, __LINE__, x) @@ -169,7 +169,7 @@ int crypt_random_get(struct crypt_device *ctx, char *buf, size_t len, int qualit void crypt_random_exit(void); int crypt_random_default_key_rng(void); -int crypt_plain_hash(struct crypt_device *ctx, +int crypt_plain_hash(struct crypt_device *cd, const char *hash_name, char *key, size_t key_size, const char *passphrase, size_t passphrase_size); diff --git a/lib/libdevmapper.c b/lib/libdevmapper.c index 4b431de0..c4cad57c 100644 --- a/lib/libdevmapper.c +++ b/lib/libdevmapper.c @@ -99,7 +99,7 @@ static void set_dm_error(int level, } else { /* We do not use DM visual stack backtrace here */ if (strncmp(msg, "", 11)) - log_dbg("%s", msg); + log_dbg(_context, "%s", msg); } } free(msg); @@ -130,13 +130,13 @@ static void _dm_set_crypt_compat(unsigned crypt_maj, if (_dm_crypt_checked || crypt_maj == 0) return; - log_dbg("Detected dm-crypt version %i.%i.%i.", + log_dbg(NULL, "Detected dm-crypt version %i.%i.%i.", crypt_maj, crypt_min, crypt_patch); if (_dm_satisfies_version(1, 2, 0, crypt_maj, crypt_min, crypt_patch)) _dm_flags |= DM_KEY_WIPE_SUPPORTED; else - log_dbg("Suspend and resume disabled, no wipe key support."); + log_dbg(NULL, "Suspend and resume disabled, no wipe key support."); if (_dm_satisfies_version(1, 10, 0, crypt_maj, crypt_min, crypt_patch)) _dm_flags |= DM_LMK_SUPPORTED; @@ -174,7 +174,7 @@ static void _dm_set_verity_compat(unsigned verity_maj, if (_dm_verity_checked || verity_maj == 0) return; - log_dbg("Detected dm-verity version %i.%i.%i.", + log_dbg(NULL, "Detected dm-verity version %i.%i.%i.", verity_maj, verity_min, verity_patch); _dm_flags |= DM_VERITY_SUPPORTED; @@ -201,7 +201,7 @@ static void _dm_set_integrity_compat(unsigned integrity_maj, if (_dm_integrity_checked || integrity_maj == 0) return; - log_dbg("Detected dm-integrity version %i.%i.%i.", + log_dbg(NULL, "Detected dm-integrity version %i.%i.%i.", integrity_maj, integrity_min, integrity_patch); _dm_flags |= DM_INTEGRITY_SUPPORTED; @@ -239,7 +239,7 @@ static int _dm_check_versions(dm_target_type target_type) if (!_dm_ioctl_checked) { if (sscanf(dm_version, "%u.%u.%u", &dm_maj, &dm_min, &dm_patch) != 3) goto out; - log_dbg("Detected dm-ioctl version %u.%u.%u.", dm_maj, dm_min, dm_patch); + log_dbg(NULL, "Detected dm-ioctl version %u.%u.%u.", dm_maj, dm_min, dm_patch); if (_dm_satisfies_version(4, 20, 0, dm_maj, dm_min, dm_patch)) _dm_flags |= DM_SECURE_SUPPORTED; @@ -270,7 +270,7 @@ static int _dm_check_versions(dm_target_type target_type) r = 1; if (!_dm_ioctl_checked) - log_dbg("Device-mapper backend running with UDEV support %sabled.", + log_dbg(NULL, "Device-mapper backend running with UDEV support %sabled.", _dm_use_udev() ? "en" : "dis"); _dm_ioctl_checked = true; @@ -303,7 +303,7 @@ int dm_flags(dm_target_type target, uint32_t *flags) void dm_backend_init(void) { if (!_dm_use_count++) { - log_dbg("Initialising device-mapper backend library."); + log_dbg(NULL, "Initialising device-mapper backend library."); dm_log_init(set_dm_error); dm_log_init_verbose(10); } @@ -312,7 +312,7 @@ void dm_backend_init(void) void dm_backend_exit(void) { if (_dm_use_count && (!--_dm_use_count)) { - log_dbg("Releasing device-mapper backend."); + log_dbg(NULL, "Releasing device-mapper backend."); dm_log_init_verbose(0); dm_log_init(NULL); dm_lib_release(); @@ -939,7 +939,7 @@ int dm_remove_device(struct crypt_device *cd, const char *name, uint32_t flags) do { r = _dm_remove(name, 1, deferred) ? 0 : -EINVAL; if (--retries && r) { - log_dbg("WARNING: other process locked internal device %s, %s.", + log_dbg(NULL, "WARNING: other process locked internal device %s, %s.", name, retries ? "retrying remove" : "giving up"); sleep(1); if ((flags & CRYPT_DEACTIVATE_FORCE) && !error_target) { @@ -979,7 +979,7 @@ static int dm_prepare_uuid(const char *name, const char *type, const char *uuid, /* Remove '-' chars */ if (uuid) { if (uuid_parse(uuid, uu) < 0) { - log_dbg("Requested UUID %s has invalid format.", uuid); + log_dbg(NULL, "Requested UUID %s has invalid format.", uuid); return 0; } @@ -995,7 +995,7 @@ static int dm_prepare_uuid(const char *name, const char *type, const char *uuid, uuid2[0] ? uuid2 : "", uuid2[0] ? "-" : "", name); - log_dbg("DM-UUID is %s", buf); + log_dbg(NULL, "DM-UUID is %s", buf); if (i >= buflen) log_err(NULL, _("DM-UUID for device %s was truncated."), name); @@ -1020,7 +1020,7 @@ int lookup_dm_dev_by_uuid(const char *uuid, const char *type) r = lookup_by_disk_id(dev_uuid); if (r == -ENOENT) { - log_dbg("Search by disk id not available. Using sysfs instead."); + log_dbg(NULL, "Search by disk id not available. Using sysfs instead."); r = lookup_by_sysfs_uuid_field(dev_uuid + DM_BY_ID_PREFIX_LEN, DM_UUID_LEN); } @@ -1150,7 +1150,7 @@ static int check_retry(uint32_t *dmd_flags, uint32_t dmt_flags) /* If discard not supported try to load without discard */ if ((*dmd_flags & CRYPT_ACTIVATE_ALLOW_DISCARDS) && !(dmt_flags & DM_DISCARDS_SUPPORTED)) { - log_dbg("Discard/TRIM is not supported"); + log_dbg(NULL, "Discard/TRIM is not supported"); *dmd_flags = *dmd_flags & ~CRYPT_ACTIVATE_ALLOW_DISCARDS; ret = 1; } @@ -1158,7 +1158,7 @@ static int check_retry(uint32_t *dmd_flags, uint32_t dmt_flags) /* If kernel keyring is not supported load key directly in dm-crypt */ if ((*dmd_flags & CRYPT_ACTIVATE_KEYRING_KEY) && !(dmt_flags & DM_KERNEL_KEYRING_SUPPORTED)) { - log_dbg("dm-crypt doesn't support kernel keyring"); + log_dbg(NULL, "dm-crypt doesn't support kernel keyring"); *dmd_flags = *dmd_flags & ~CRYPT_ACTIVATE_KEYRING_KEY; ret = 1; } @@ -1166,7 +1166,7 @@ static int check_retry(uint32_t *dmd_flags, uint32_t dmt_flags) /* Drop performance options if not supported */ if ((*dmd_flags & (CRYPT_ACTIVATE_SAME_CPU_CRYPT | CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS)) && !(dmt_flags & (DM_SAME_CPU_CRYPT_SUPPORTED | DM_SUBMIT_FROM_CRYPT_CPUS_SUPPORTED))) { - log_dbg("dm-crypt doesn't support performance options"); + log_dbg(NULL, "dm-crypt doesn't support performance options"); *dmd_flags = *dmd_flags & ~(CRYPT_ACTIVATE_SAME_CPU_CRYPT | CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS); ret = 1; } @@ -1343,7 +1343,7 @@ static int _dm_status_verity_ok(const char *name) return r; } - log_dbg("Verity volume %s status is %s.", name, status_line ?: ""); + log_dbg(NULL, "Verity volume %s status is %s.", name, status_line ?: ""); r = status_line[0] == 'V' ? 1 : 0; free(status_line); @@ -1376,7 +1376,7 @@ int dm_status_integrity_failures(struct crypt_device *cd, const char *name, uint return r; } - log_dbg("Integrity volume %s failure status is %s.", name, status_line ?: ""); + log_dbg(NULL, "Integrity volume %s failure status is %s.", name, status_line ?: ""); *count = strtoull(status_line, NULL, 10); free(status_line); dm_exit_context(); @@ -1491,7 +1491,7 @@ static int _dm_query_crypt(uint32_t get_flags, /* Never allow to return empty key */ if ((get_flags & DM_ACTIVE_CRYPT_KEY) && dmi->suspended) { - log_dbg("Cannot read volume key while suspended."); + log_dbg(NULL, "Cannot read volume key while suspended."); goto err; } diff --git a/lib/loopaes/loopaes.c b/lib/loopaes/loopaes.c index 776aeb6a..76b14f0f 100644 --- a/lib/loopaes/loopaes.c +++ b/lib/loopaes/loopaes.c @@ -137,7 +137,7 @@ int LOOPAES_parse_keyfile(struct crypt_device *cd, unsigned int key_lengths[LOOPAES_KEYS_MAX]; unsigned int i, key_index, key_len, offset; - log_dbg("Parsing loop-AES keyfile of size %zu.", buffer_len); + log_dbg(cd, "Parsing loop-AES keyfile of size %zu.", buffer_len); if (!buffer_len) return -EINVAL; @@ -164,7 +164,7 @@ int LOOPAES_parse_keyfile(struct crypt_device *cd, key_lengths[key_index]++; } if (offset == buffer_len) { - log_dbg("Unterminated key #%d in keyfile.", key_index); + log_dbg(cd, "Unterminated key #%d in keyfile.", key_index); log_err(cd, _("Incompatible loop-AES keyfile detected.")); return -EINVAL; } @@ -177,7 +177,7 @@ int LOOPAES_parse_keyfile(struct crypt_device *cd, key_len = key_lengths[0]; for (i = 0; i < key_index; i++) if (!key_lengths[i] || (key_lengths[i] != key_len)) { - log_dbg("Unexpected length %d of key #%d (should be %d).", + log_dbg(cd, "Unexpected length %d of key #%d (should be %d).", key_lengths[i], i, key_len); key_len = 0; break; @@ -189,7 +189,7 @@ int LOOPAES_parse_keyfile(struct crypt_device *cd, return -EINVAL; } - log_dbg("Keyfile: %d keys of length %d.", key_index, key_len); + log_dbg(cd, "Keyfile: %d keys of length %d.", key_index, key_len); *keys_count = key_index; return hash_keys(cd, vk, hash, keys, key_index, @@ -236,7 +236,7 @@ int LOOPAES_activate(struct crypt_device *cd, return -ENOMEM; dmd.u.crypt.cipher = cipher; - log_dbg("Trying to activate loop-AES device %s using cipher %s.", + log_dbg(cd, "Trying to activate loop-AES device %s using cipher %s.", name, dmd.u.crypt.cipher); r = dm_create_device(cd, name, CRYPT_LOOPAES, &dmd, 0); diff --git a/lib/luks1/keyencryption.c b/lib/luks1/keyencryption.c index 9c948f74..10134cac 100644 --- a/lib/luks1/keyencryption.c +++ b/lib/luks1/keyencryption.c @@ -73,7 +73,7 @@ static int LUKS_endec_template(char *src, size_t srcLength, int r, devfd = -1; size_t bsize, keyslot_alignment, alignment; - log_dbg("Using dmcrypt to access keyslot area."); + log_dbg(ctx, "Using dmcrypt to access keyslot area."); bsize = device_block_size(dmd.data_device); alignment = device_alignment(dmd.data_device); @@ -158,7 +158,7 @@ int LUKS_encrypt_to_storage(char *src, size_t srcLength, r = crypt_storage_init(&s, 0, cipher, cipher_mode, vk->key, vk->keylength); if (r) - log_dbg("Userspace crypto wrapper cannot use %s-%s (%d).", + log_dbg(ctx, "Userspace crypto wrapper cannot use %s-%s (%d).", cipher, cipher_mode, r); /* Fallback to old temporary dmcrypt device */ @@ -172,7 +172,7 @@ int LUKS_encrypt_to_storage(char *src, size_t srcLength, return r; } - log_dbg("Using userspace crypto wrapper to access keyslot area."); + log_dbg(ctx, "Using userspace crypto wrapper to access keyslot area."); r = crypt_storage_encrypt(s, 0, srcLength / SECTOR_SIZE, src); crypt_storage_destroy(s); @@ -223,7 +223,7 @@ int LUKS_decrypt_from_storage(char *dst, size_t dstLength, r = crypt_storage_init(&s, 0, cipher, cipher_mode, vk->key, vk->keylength); if (r) - log_dbg("Userspace crypto wrapper cannot use %s-%s (%d).", + log_dbg(ctx, "Userspace crypto wrapper cannot use %s-%s (%d).", cipher, cipher_mode, r); /* Fallback to old temporary dmcrypt device */ @@ -237,7 +237,7 @@ int LUKS_decrypt_from_storage(char *dst, size_t dstLength, return r; } - log_dbg("Using userspace crypto wrapper to access keyslot area."); + log_dbg(ctx, "Using userspace crypto wrapper to access keyslot area."); /* Read buffer from device */ devfd = device_open(device, O_RDONLY); diff --git a/lib/luks1/keymanage.c b/lib/luks1/keymanage.c index f71ca985..2c4d0854 100644 --- a/lib/luks1/keymanage.c +++ b/lib/luks1/keymanage.c @@ -111,13 +111,13 @@ static int LUKS_check_device_size(struct crypt_device *ctx, const struct luks_ph return -EINVAL; if (device_size(device, &dev_sectors)) { - log_dbg("Cannot get device size for device %s.", device_path(device)); + log_dbg(ctx, "Cannot get device size for device %s.", device_path(device)); return -EIO; } dev_sectors >>= SECTOR_SHIFT; hdr_sectors = LUKS_device_sectors(hdr); - log_dbg("Key length %u, device size %" PRIu64 " sectors, header size %" + log_dbg(ctx, "Key length %u, device size %" PRIu64 " sectors, header size %" PRIu64 " sectors.", hdr->keyBytes, dev_sectors, hdr_sectors); if (hdr_sectors > dev_sectors) { @@ -144,7 +144,7 @@ static int LUKS_check_keyslots(struct crypt_device *ctx, const struct luks_phdr for (i = 0; i < LUKS_NUMKEYS; i++) { /* enforce stripes == 4000 */ if (phdr->keyblock[i].stripes != LUKS_STRIPES) { - log_dbg("Invalid stripes count %u in keyslot %u.", + log_dbg(ctx, "Invalid stripes count %u in keyslot %u.", phdr->keyblock[i].stripes, i); log_err(ctx, _("LUKS keyslot %u is invalid."), i); return -1; @@ -152,7 +152,7 @@ static int LUKS_check_keyslots(struct crypt_device *ctx, const struct luks_phdr /* First sectors is the header itself */ if (phdr->keyblock[i].keyMaterialOffset * SECTOR_SIZE < sizeof(*phdr)) { - log_dbg("Invalid offset %u in keyslot %u.", + log_dbg(ctx, "Invalid offset %u in keyslot %u.", phdr->keyblock[i].keyMaterialOffset, i); log_err(ctx, _("LUKS keyslot %u is invalid."), i); return -1; @@ -163,7 +163,7 @@ static int LUKS_check_keyslots(struct crypt_device *ctx, const struct luks_phdr continue; if (phdr->payloadOffset <= phdr->keyblock[i].keyMaterialOffset) { - log_dbg("Invalid offset %u in keyslot %u (beyond data area offset %u).", + log_dbg(ctx, "Invalid offset %u in keyslot %u (beyond data area offset %u).", phdr->keyblock[i].keyMaterialOffset, i, phdr->payloadOffset); log_err(ctx, _("LUKS keyslot %u is invalid."), i); @@ -171,7 +171,7 @@ static int LUKS_check_keyslots(struct crypt_device *ctx, const struct luks_phdr } if (phdr->payloadOffset < (phdr->keyblock[i].keyMaterialOffset + secs_per_stripes)) { - log_dbg("Invalid keyslot size %u (offset %u, stripes %u) in " + log_dbg(ctx, "Invalid keyslot size %u (offset %u, stripes %u) in " "keyslot %u (beyond data area offset %u).", secs_per_stripes, phdr->keyblock[i].keyMaterialOffset, @@ -188,7 +188,7 @@ static int LUKS_check_keyslots(struct crypt_device *ctx, const struct luks_phdr next = sorted_areas[i]; if (phdr->keyblock[next].keyMaterialOffset < (phdr->keyblock[prev].keyMaterialOffset + secs_per_stripes)) { - log_dbg("Not enough space in LUKS keyslot %d.", prev); + log_dbg(ctx, "Not enough space in LUKS keyslot %d.", prev); log_err(ctx, _("LUKS keyslot %u is invalid."), prev); return -1; } @@ -235,10 +235,10 @@ int LUKS_hdr_backup(const char *backup_file, struct crypt_device *ctx) goto out; } - log_dbg("Storing backup of header (%zu bytes) and keyslot area (%zu bytes).", + log_dbg(ctx, "Storing backup of header (%zu bytes) and keyslot area (%zu bytes).", sizeof(hdr), hdr_size - LUKS_ALIGN_KEYSLOTS); - log_dbg("Output backup file size: %zu bytes.", buffer_size); + log_dbg(ctx, "Output backup file size: %zu bytes.", buffer_size); devfd = device_open(device, O_RDONLY); if (devfd < 0) { @@ -329,7 +329,7 @@ int LUKS_hdr_restore( r = LUKS_read_phdr(hdr, 0, 0, ctx); if (r == 0) { - log_dbg("Device %s already contains LUKS header, checking UUID and offset.", device_path(device)); + log_dbg(ctx, "Device %s already contains LUKS header, checking UUID and offset.", device_path(device)); if(hdr->payloadOffset != hdr_file.payloadOffset || hdr->keyBytes != hdr_file.keyBytes) { log_err(ctx, _("Data offset or key size differs on device and backup, restore failed.")); @@ -353,7 +353,7 @@ int LUKS_hdr_restore( goto out; } - log_dbg("Storing backup of header (%zu bytes) and keyslot area (%zu bytes) to device %s.", + log_dbg(ctx, "Storing backup of header (%zu bytes) and keyslot area (%zu bytes) to device %s.", sizeof(*hdr), buffer_size - LUKS_ALIGN_KEYSLOTS, device_path(device)); devfd = device_open(device, O_RDWR); @@ -412,7 +412,7 @@ static int _keyslot_repair(struct luks_phdr *phdr, struct crypt_device *ctx) log_verbose(ctx, _("Repairing keyslots.")); - log_dbg("Generating second header with the same parameters for check."); + log_dbg(ctx, "Generating second header with the same parameters for check."); /* cipherName, cipherMode, hashSpec, uuid are already null terminated */ /* payloadOffset - cannot check */ r = LUKS_generate_phdr(&temp_phdr, vk, phdr->cipherName, phdr->cipherMode, @@ -424,7 +424,7 @@ static int _keyslot_repair(struct luks_phdr *phdr, struct crypt_device *ctx) for(i = 0; i < LUKS_NUMKEYS; ++i) { if (phdr->keyblock[i].active == LUKS_KEY_ENABLED) { - log_dbg("Skipping repair for active keyslot %i.", i); + log_dbg(ctx, "Skipping repair for active keyslot %i.", i); continue; } @@ -491,7 +491,7 @@ static int _check_and_convert_hdr(const char *device, char luksMagic[] = LUKS_MAGIC; if(memcmp(hdr->magic, luksMagic, LUKS_MAGIC_L)) { /* Check magic */ - log_dbg("LUKS header not detected."); + log_dbg(ctx, "LUKS header not detected."); if (require_luks_device) log_err(ctx, _("Device %s is not a valid LUKS device."), device); return -EINVAL; @@ -565,7 +565,7 @@ int LUKS_read_phdr_backup(const char *backup_file, ssize_t hdr_size = sizeof(struct luks_phdr); int devfd = 0, r = 0; - log_dbg("Reading LUKS header of size %d from backup file %s", + log_dbg(ctx, "Reading LUKS header of size %d from backup file %s", (int)hdr_size, backup_file); devfd = open(backup_file, O_RDONLY); @@ -604,7 +604,7 @@ int LUKS_read_phdr(struct luks_phdr *hdr, if (repair && !require_luks_device) return -EINVAL; - log_dbg("Reading LUKS header of size %zu from device %s", + log_dbg(ctx, "Reading LUKS header of size %zu from device %s", hdr_size, device_path(device)); devfd = device_open(device, O_RDONLY); @@ -629,7 +629,7 @@ int LUKS_read_phdr(struct luks_phdr *hdr, * has bigger sector size. */ if (!r && hdr->keyblock[0].keyMaterialOffset * SECTOR_SIZE < LUKS_ALIGN_KEYSLOTS) { - log_dbg("Old unaligned LUKS keyslot detected, disabling direct-io."); + log_dbg(ctx, "Old unaligned LUKS keyslot detected, disabling direct-io."); device_disable_direct_io(device); } @@ -647,7 +647,7 @@ int LUKS_write_phdr(struct luks_phdr *hdr, struct luks_phdr convHdr; int r; - log_dbg("Updating LUKS header of size %zu on device %s", + log_dbg(ctx, "Updating LUKS header of size %zu on device %s", sizeof(struct luks_phdr), device_path(device)); r = LUKS_check_device_size(ctx, hdr, 1); @@ -705,7 +705,7 @@ int LUKS_check_cipher(struct crypt_device *ctx, size_t keylength, const char *ci struct volume_key *empty_key; char buf[SECTOR_SIZE]; - log_dbg("Checking if cipher %s-%s is usable.", cipher, cipher_mode); + log_dbg(ctx, "Checking if cipher %s-%s is usable.", cipher, cipher_mode); empty_key = crypt_alloc_volume_key(keylength, NULL); if (!empty_key) @@ -774,7 +774,7 @@ int LUKS_generate_phdr(struct luks_phdr *header, LUKS_fix_header_compatible(header); - log_dbg("Generating LUKS header version %d using hash %s, %s, %s, MK %d bytes", + log_dbg(ctx, "Generating LUKS header version %d using hash %s, %s, %s, MK %d bytes", header->version, header->hashSpec ,header->cipherName, header->cipherMode, header->keyBytes); @@ -827,7 +827,7 @@ int LUKS_generate_phdr(struct luks_phdr *header, uuid_unparse(partitionUuid, header->uuid); - log_dbg("Data offset %d, UUID %s, digest iterations %" PRIu32, + log_dbg(ctx, "Data offset %d, UUID %s, digest iterations %" PRIu32, header->payloadOffset, header->uuid, header->mkDigestIterations); return 0; @@ -875,7 +875,7 @@ int LUKS_set_key(unsigned int keyIndex, return -EINVAL; } - log_dbg("Calculating data for key slot %d", keyIndex); + log_dbg(ctx, "Calculating data for key slot %d", keyIndex); pbkdf = crypt_get_pbkdf(ctx); r = crypt_benchmark_pbkdf_internal(ctx, pbkdf, vk->keylength); if (r < 0) @@ -887,7 +887,7 @@ int LUKS_set_key(unsigned int keyIndex, */ hdr->keyblock[keyIndex].passwordIterations = at_least(pbkdf->iterations, LUKS_SLOT_ITERATIONS_MIN); - log_dbg("Key slot %d use %" PRIu32 " password iterations.", keyIndex, + log_dbg(ctx, "Key slot %d use %" PRIu32 " password iterations.", keyIndex, hdr->keyblock[keyIndex].passwordIterations); derived_key = crypt_alloc_volume_key(hdr->keyBytes, NULL); @@ -917,13 +917,13 @@ int LUKS_set_key(unsigned int keyIndex, goto out; } - log_dbg("Using hash %s for AF in key slot %d, %d stripes", + log_dbg(ctx, "Using hash %s for AF in key slot %d, %d stripes", hdr->hashSpec, keyIndex, hdr->keyblock[keyIndex].stripes); r = AF_split(vk->key,AfKey,vk->keylength,hdr->keyblock[keyIndex].stripes,hdr->hashSpec); if (r < 0) goto out; - log_dbg("Updating key slot %d [0x%04x] area.", keyIndex, + log_dbg(ctx, "Updating key slot %d [0x%04x] area.", keyIndex, hdr->keyblock[keyIndex].keyMaterialOffset << 9); /* Encryption via dm */ r = LUKS_encrypt_to_storage(AfKey, @@ -936,7 +936,7 @@ int LUKS_set_key(unsigned int keyIndex, goto out; /* Mark the key as active in phdr */ - r = LUKS_keyslot_set(hdr, (int)keyIndex, 1); + r = LUKS_keyslot_set(hdr, (int)keyIndex, 1, ctx); if (r < 0) goto out; @@ -983,7 +983,7 @@ static int LUKS_open_key(unsigned int keyIndex, size_t AFEKSize; int r; - log_dbg("Trying to open key slot %d [%s].", keyIndex, + log_dbg(ctx, "Trying to open key slot %d [%s].", keyIndex, dbg_slot_state(ki)); if (ki < CRYPT_SLOT_ACTIVE) @@ -1008,7 +1008,7 @@ static int LUKS_open_key(unsigned int keyIndex, if (r < 0) goto out; - log_dbg("Reading key slot %d area.", keyIndex); + log_dbg(ctx, "Reading key slot %d area.", keyIndex); r = LUKS_decrypt_from_storage(AfKey, AFEKSize, hdr->cipherName, hdr->cipherMode, @@ -1076,7 +1076,7 @@ int LUKS_del_key(unsigned int keyIndex, if (r) return r; - r = LUKS_keyslot_set(hdr, keyIndex, 0); + r = LUKS_keyslot_set(hdr, keyIndex, 0, ctx); if (r) { log_err(ctx, _("Key slot %d is invalid, please select keyslot between 0 and %d."), keyIndex, LUKS_NUMKEYS - 1); @@ -1155,7 +1155,7 @@ int LUKS_keyslot_active_count(struct luks_phdr *hdr) return num; } -int LUKS_keyslot_set(struct luks_phdr *hdr, int keyslot, int enable) +int LUKS_keyslot_set(struct luks_phdr *hdr, int keyslot, int enable, struct crypt_device *ctx) { crypt_keyslot_info ki = LUKS_keyslot_info(hdr, keyslot); @@ -1163,7 +1163,7 @@ int LUKS_keyslot_set(struct luks_phdr *hdr, int keyslot, int enable) return -EINVAL; hdr->keyblock[keyslot].active = enable ? LUKS_KEY_ENABLED : LUKS_KEY_DISABLED; - log_dbg("Key slot %d was %s in LUKS header.", keyslot, enable ? "enabled" : "disabled"); + log_dbg(ctx, "Key slot %d was %s in LUKS header.", keyslot, enable ? "enabled" : "disabled"); return 0; } @@ -1229,7 +1229,7 @@ int LUKS_wipe_header_areas(struct luks_phdr *hdr, wipe_block = 4096; } - log_dbg("Wiping LUKS areas (0x%06" PRIx64 " - 0x%06" PRIx64") with zeroes.", + log_dbg(ctx, "Wiping LUKS areas (0x%06" PRIx64 " - 0x%06" PRIx64") with zeroes.", offset, length + offset); r = crypt_wipe_device(ctx, crypt_metadata_device(ctx), CRYPT_WIPE_ZERO, @@ -1252,7 +1252,7 @@ int LUKS_wipe_header_areas(struct luks_phdr *hdr, if (length == 0 || offset < 4096) return -EINVAL; - log_dbg("Wiping keyslot %i area (0x%06" PRIx64 " - 0x%06" PRIx64") with random data.", + log_dbg(ctx, "Wiping keyslot %i area (0x%06" PRIx64 " - 0x%06" PRIx64") with random data.", i, offset, length + offset); r = crypt_wipe_device(ctx, crypt_metadata_device(ctx), CRYPT_WIPE_RANDOM, diff --git a/lib/luks1/luks.h b/lib/luks1/luks.h index 23800d4f..18d8545f 100644 --- a/lib/luks1/luks.h +++ b/lib/luks1/luks.h @@ -177,7 +177,8 @@ int LUKS_wipe_header_areas(struct luks_phdr *hdr, crypt_keyslot_info LUKS_keyslot_info(struct luks_phdr *hdr, int keyslot); int LUKS_keyslot_find_empty(struct luks_phdr *hdr); int LUKS_keyslot_active_count(struct luks_phdr *hdr); -int LUKS_keyslot_set(struct luks_phdr *hdr, int keyslot, int enable); +int LUKS_keyslot_set(struct luks_phdr *hdr, int keyslot, int enable, + struct crypt_device *ctx); int LUKS_keyslot_area(const struct luks_phdr *hdr, int keyslot, uint64_t *offset, diff --git a/lib/luks2/luks2.h b/lib/luks2/luks2.h index 5d073d8e..13480d6d 100644 --- a/lib/luks2/luks2.h +++ b/lib/luks2/luks2.h @@ -150,7 +150,7 @@ int LUKS2_hdr_labels(struct crypt_device *cd, const char *subsystem, int commit); -void LUKS2_hdr_free(struct luks2_hdr *hdr); +void LUKS2_hdr_free(struct crypt_device *cd, struct luks2_hdr *hdr); int LUKS2_hdr_backup(struct crypt_device *cd, struct luks2_hdr *hdr, diff --git a/lib/luks2/luks2_digest.c b/lib/luks2/luks2_digest.c index fe054b12..99e9ec2d 100644 --- a/lib/luks2/luks2_digest.c +++ b/lib/luks2/luks2_digest.c @@ -86,7 +86,7 @@ int LUKS2_digest_create(struct crypt_device *cd, if (digest < 0) return -EINVAL; - log_dbg("Creating new digest %d (%s).", digest, type); + log_dbg(cd, "Creating new digest %d (%s).", digest, type); return dh->store(cd, digest, vk->key, vk->keylength) ?: digest; } @@ -124,14 +124,14 @@ int LUKS2_digest_verify(struct crypt_device *cd, if (digest < 0) return digest; - log_dbg("Verifying key from keyslot %d, digest %d.", keyslot, digest); + log_dbg(cd, "Verifying key from keyslot %d, digest %d.", keyslot, digest); h = LUKS2_digest_handler(cd, digest); if (!h) return -EINVAL; r = h->verify(cd, digest, vk->key, vk->keylength); if (r < 0) { - log_dbg("Digest %d (%s) verify failed with %d.", digest, h->name, r); + log_dbg(cd, "Digest %d (%s) verify failed with %d.", digest, h->name, r); return r; } @@ -160,7 +160,7 @@ int LUKS2_digest_verify_by_segment(struct crypt_device *cd, if (digest < 0) return digest; - log_dbg("Verifying key digest %d.", digest); + log_dbg(cd, "Verifying key digest %d.", digest); h = LUKS2_digest_handler(cd, digest); if (!h) @@ -168,7 +168,7 @@ int LUKS2_digest_verify_by_segment(struct crypt_device *cd, r = h->verify(cd, digest, vk->key, vk->keylength); if (r < 0) { - log_dbg("Digest %d (%s) verify failed with %d.", digest, h->name, r); + log_dbg(cd, "Digest %d (%s) verify failed with %d.", digest, h->name, r); return r; } @@ -205,7 +205,7 @@ static int assign_one_digest(struct crypt_device *cd, struct luks2_hdr *hdr, json_object *jobj1, *jobj_digest, *jobj_digest_keyslots; char num[16]; - log_dbg("Keyslot %i %s digest %i.", keyslot, assign ? "assigned to" : "unassigned from", digest); + log_dbg(cd, "Keyslot %i %s digest %i.", keyslot, assign ? "assigned to" : "unassigned from", digest); jobj_digest = LUKS2_get_digest_jobj(hdr, digest); if (!jobj_digest) @@ -260,7 +260,7 @@ static int assign_one_segment(struct crypt_device *cd, struct luks2_hdr *hdr, json_object *jobj1, *jobj_digest, *jobj_digest_segments; char num[16]; - log_dbg("Segment %i %s digest %i.", segment, assign ? "assigned to" : "unassigned from", digest); + log_dbg(cd, "Segment %i %s digest %i.", segment, assign ? "assigned to" : "unassigned from", digest); jobj_digest = LUKS2_get_digest_jobj(hdr, digest); if (!jobj_digest) @@ -335,7 +335,7 @@ void LUKS2_digests_erase_unused(struct crypt_device *cd, json_object_object_foreach(jobj_digests, key, val) { if (digest_unused(val)) { - log_dbg("Erasing unused digest %d.", atoi(key)); + log_dbg(cd, "Erasing unused digest %d.", atoi(key)); json_object_object_del(jobj_digests, key); } } diff --git a/lib/luks2/luks2_digest_pbkdf2.c b/lib/luks2/luks2_digest_pbkdf2.c index ee65781b..21b6afd4 100644 --- a/lib/luks2/luks2_digest_pbkdf2.c +++ b/lib/luks2/luks2_digest_pbkdf2.c @@ -105,7 +105,7 @@ static int PBKDF2_digest_store(struct crypt_device *cd, .time_ms = LUKS_MKD_ITERATIONS_MS, }; - log_dbg("Setting PBKDF2 type key digest %d.", digest); + log_dbg(cd, "Setting PBKDF2 type key digest %d.", digest); r = crypt_random_get(cd, salt, LUKS_SALTSIZE, CRYPT_RND_SALT); if (r < 0) @@ -168,7 +168,7 @@ static int PBKDF2_digest_store(struct crypt_device *cd, json_object_object_add(jobj_digests, num, jobj_digest); } - JSON_DBG(jobj_digest, "Digest JSON"); + JSON_DBG(cd, jobj_digest, "Digest JSON"); return 0; } diff --git a/lib/luks2/luks2_disk_metadata.c b/lib/luks2/luks2_disk_metadata.c index 686eab39..46fe5770 100644 --- a/lib/luks2/luks2_disk_metadata.c +++ b/lib/luks2/luks2_disk_metadata.c @@ -26,7 +26,8 @@ /* * Helper functions */ -json_object *parse_json_len(const char *json_area, uint64_t max_length, int *json_len) +json_object *parse_json_len(struct crypt_device *cd, const char *json_area, + uint64_t max_length, int *json_len) { json_object *jobj; struct json_tokener *jtok; @@ -37,13 +38,13 @@ json_object *parse_json_len(const char *json_area, uint64_t max_length, int *jso jtok = json_tokener_new(); if (!jtok) { - log_dbg("ERROR: Failed to init json tokener"); + log_dbg(cd, "ERROR: Failed to init json tokener"); return NULL; } jobj = json_tokener_parse_ex(jtok, json_area, max_length); if (!jobj) - log_dbg("ERROR: Failed to parse json data (%d): %s", + log_dbg(cd, "ERROR: Failed to parse json data (%d): %s", json_tokener_get_error(jtok), json_tokener_error_desc(json_tokener_get_error(jtok))); else @@ -54,7 +55,8 @@ json_object *parse_json_len(const char *json_area, uint64_t max_length, int *jso return jobj; } -static void log_dbg_checksum(const uint8_t *csum, const char *csum_alg, const char *info) +static void log_dbg_checksum(struct crypt_device *cd, + const uint8_t *csum, const char *csum_alg, const char *info) { char csum_txt[2*LUKS2_CHECKSUM_L+1]; int i; @@ -63,7 +65,7 @@ static void log_dbg_checksum(const uint8_t *csum, const char *csum_alg, const ch snprintf(&csum_txt[i*2], 3, "%02hhx", (const char)csum[i]); csum_txt[i*2+1] = '\0'; /* Just to be safe, sprintf should write \0 there. */ - log_dbg("Checksum:%s (%s)", &csum_txt[0], info); + log_dbg(cd, "Checksum:%s (%s)", &csum_txt[0], info); } /* @@ -98,7 +100,8 @@ static int hdr_checksum_calculate(const char *alg, struct luks2_hdr_disk *hdr_di /* * Compare hash (checksum) of on-disk and in-memory header. */ -static int hdr_checksum_check(const char *alg, struct luks2_hdr_disk *hdr_disk, +static int hdr_checksum_check(struct crypt_device *cd, + const char *alg, struct luks2_hdr_disk *hdr_disk, const char *json_area, size_t json_len) { struct luks2_hdr_disk hdr_tmp; @@ -116,8 +119,8 @@ static int hdr_checksum_check(const char *alg, struct luks2_hdr_disk *hdr_disk, if (r < 0) return r; - log_dbg_checksum(hdr_disk->csum, alg, "on-disk"); - log_dbg_checksum(hdr_tmp.csum, alg, "in-memory"); + log_dbg_checksum(cd, hdr_disk->csum, alg, "on-disk"); + log_dbg_checksum(cd, hdr_tmp.csum, alg, "in-memory"); if (memcmp(hdr_tmp.csum, hdr_disk->csum, (size_t)hash_size)) return -EINVAL; @@ -187,7 +190,8 @@ static void hdr_to_disk(struct luks2_hdr *hdr, /* * Sanity checks before checksum is validated */ -static int hdr_disk_sanity_check_pre(struct luks2_hdr_disk *hdr, +static int hdr_disk_sanity_check_pre(struct crypt_device *cd, + struct luks2_hdr_disk *hdr, size_t *hdr_json_size, int secondary, uint64_t offset) { @@ -195,25 +199,25 @@ static int hdr_disk_sanity_check_pre(struct luks2_hdr_disk *hdr, return -EINVAL; if (be16_to_cpu(hdr->version) != 2) { - log_dbg("Unsupported LUKS2 header version %u.", be16_to_cpu(hdr->version)); + log_dbg(cd, "Unsupported LUKS2 header version %u.", be16_to_cpu(hdr->version)); return -EINVAL; } if (offset != be64_to_cpu(hdr->hdr_offset)) { - log_dbg("LUKS2 offset 0x%04x on device differs to expected offset 0x%04x.", + log_dbg(cd, "LUKS2 offset 0x%04x on device differs to expected offset 0x%04x.", (unsigned)be64_to_cpu(hdr->hdr_offset), (unsigned)offset); return -EINVAL; } if (secondary && (offset != be64_to_cpu(hdr->hdr_size))) { - log_dbg("LUKS2 offset 0x%04x in secondary header doesn't match size 0x%04x.", + log_dbg(cd, "LUKS2 offset 0x%04x in secondary header doesn't match size 0x%04x.", (unsigned)offset, (unsigned)be64_to_cpu(hdr->hdr_size)); return -EINVAL; } /* FIXME: sanity check checksum alg. */ - log_dbg("LUKS2 header version %u of size %u bytes, checksum %s.", + log_dbg(cd, "LUKS2 header version %u of size %u bytes, checksum %s.", (unsigned)be16_to_cpu(hdr->version), (unsigned)be64_to_cpu(hdr->hdr_size), hdr->checksum_alg); @@ -224,13 +228,14 @@ static int hdr_disk_sanity_check_pre(struct luks2_hdr_disk *hdr, /* * Read LUKS2 header from disk at specific offset. */ -static int hdr_read_disk(struct device *device, struct luks2_hdr_disk *hdr_disk, +static int hdr_read_disk(struct crypt_device *cd, + struct device *device, struct luks2_hdr_disk *hdr_disk, char **json_area, uint64_t offset, int secondary) { size_t hdr_json_size = 0; int devfd = -1, r; - log_dbg("Trying to read %s LUKS2 header at offset 0x%" PRIx64 ".", + log_dbg(cd, "Trying to read %s LUKS2 header at offset 0x%" PRIx64 ".", secondary ? "secondary" : "primary", offset); devfd = device_open_locked(device, O_RDONLY); @@ -248,7 +253,7 @@ static int hdr_read_disk(struct device *device, struct luks2_hdr_disk *hdr_disk, return -EIO; } - r = hdr_disk_sanity_check_pre(hdr_disk, &hdr_json_size, secondary, offset); + r = hdr_disk_sanity_check_pre(cd, hdr_disk, &hdr_json_size, secondary, offset); if (r < 0) { close(devfd); return r; @@ -277,9 +282,9 @@ static int hdr_read_disk(struct device *device, struct luks2_hdr_disk *hdr_disk, /* * Calculate and validate checksum and zero it afterwards. */ - if (hdr_checksum_check(hdr_disk->checksum_alg, hdr_disk, + if (hdr_checksum_check(cd, hdr_disk->checksum_alg, hdr_disk, *json_area, hdr_json_size)) { - log_dbg("LUKS2 header checksum error (offset %" PRIu64 ").", offset); + log_dbg(cd, "LUKS2 header checksum error (offset %" PRIu64 ").", offset); r = -EINVAL; } memset(hdr_disk->csum, 0, LUKS2_CHECKSUM_L); @@ -290,15 +295,16 @@ static int hdr_read_disk(struct device *device, struct luks2_hdr_disk *hdr_disk, /* * Write LUKS2 header to disk at specific offset. */ -static int hdr_write_disk(struct device *device, struct luks2_hdr *hdr, - const char *json_area, int secondary) +static int hdr_write_disk(struct crypt_device *cd, + struct device *device, struct luks2_hdr *hdr, + const char *json_area, int secondary) { struct luks2_hdr_disk hdr_disk; uint64_t offset = secondary ? hdr->hdr_size : 0; size_t hdr_json_len; int devfd = -1, r; - log_dbg("Trying to write LUKS2 header (%zu bytes) at offset %" PRIu64 ".", + log_dbg(cd, "Trying to write LUKS2 header (%zu bytes) at offset %" PRIu64 ".", hdr->hdr_size, offset); /* FIXME: read-only device silent fail? */ @@ -341,7 +347,7 @@ static int hdr_write_disk(struct device *device, struct luks2_hdr *hdr, close(devfd); return r; } - log_dbg_checksum(hdr_disk.csum, hdr_disk.checksum_alg, "in-memory"); + log_dbg_checksum(cd, hdr_disk.csum, hdr_disk.checksum_alg, "in-memory"); if (write_lseek_blockwise(devfd, device_block_size(device), device_alignment(device), (char *)&hdr_disk, @@ -359,12 +365,11 @@ static int LUKS2_check_device_size(struct crypt_device *cd, struct device *devic uint64_t dev_size; if (device_size(device, &dev_size)) { - log_dbg("Cannot get device size for device %s.", device_path(device)); + log_dbg(cd, "Cannot get device size for device %s.", device_path(device)); return -EIO; } - log_dbg("Device size %" PRIu64 ", header size %" - PRIu64 ".", dev_size, hdr_size); + log_dbg(cd, "Device size %" PRIu64 ", header size %" PRIu64 ".", dev_size, hdr_size); if (hdr_size > dev_size) { /* If it is header file, increase its size */ @@ -391,7 +396,7 @@ int LUKS2_disk_hdr_write(struct crypt_device *cd, struct luks2_hdr *hdr, struct int r; if (hdr->version != 2) { - log_dbg("Unsupported LUKS2 header version (%u).", hdr->version); + log_dbg(cd, "Unsupported LUKS2 header version (%u).", hdr->version); return -EINVAL; } @@ -414,12 +419,12 @@ int LUKS2_disk_hdr_write(struct crypt_device *cd, struct luks2_hdr *hdr, struct json_text = json_object_to_json_string_ext(hdr->jobj, JSON_C_TO_STRING_PLAIN | JSON_C_TO_STRING_NOSLASHESCAPE); if (!json_text || !*json_text) { - log_dbg("Cannot parse JSON object to text representation."); + log_dbg(cd, "Cannot parse JSON object to text representation."); free(json_area); return -ENOMEM; } if (strlen(json_text) > (json_area_len - 1)) { - log_dbg("JSON is too large (%zu > %zu).", strlen(json_text), json_area_len); + log_dbg(cd, "JSON is too large (%zu > %zu).", strlen(json_text), json_area_len); free(json_area); return -EINVAL; } @@ -436,12 +441,12 @@ int LUKS2_disk_hdr_write(struct crypt_device *cd, struct luks2_hdr *hdr, struct } /* Write primary and secondary header */ - r = hdr_write_disk(device, hdr, json_area, 0); + r = hdr_write_disk(cd, device, hdr, json_area, 0); if (!r) - r = hdr_write_disk(device, hdr, json_area, 1); + r = hdr_write_disk(cd, device, hdr, json_area, 1); if (r) - log_dbg("LUKS2 header write failed (%d).", r); + log_dbg(cd, "LUKS2 header write failed (%d).", r); device_write_unlock(device); @@ -450,19 +455,19 @@ int LUKS2_disk_hdr_write(struct crypt_device *cd, struct luks2_hdr *hdr, struct free(json_area); return r; } - -static int validate_json_area(const char *json_area, uint64_t json_len, uint64_t max_length) +static int validate_json_area(struct crypt_device *cd, const char *json_area, + uint64_t json_len, uint64_t max_length) { char c; /* Enforce there are no needless opening bytes */ if (*json_area != '{') { - log_dbg("ERROR: Opening character must be left curly bracket: '{'."); + log_dbg(cd, "ERROR: Opening character must be left curly bracket: '{'."); return -EINVAL; } if (json_len >= max_length) { - log_dbg("ERROR: Missing trailing null byte beyond parsed json data string."); + log_dbg(cd, "ERROR: Missing trailing null byte beyond parsed json data string."); return -EINVAL; } @@ -475,7 +480,7 @@ static int validate_json_area(const char *json_area, uint64_t json_len, uint64_t do { c = *(json_area + json_len); if (c != '\0') { - log_dbg("ERROR: Forbidden ascii code 0x%02hhx found beyond json data string at offset %" PRIu64, + log_dbg(cd, "ERROR: Forbidden ascii code 0x%02hhx found beyond json data string at offset %" PRIu64, c, json_len); return -EINVAL; } @@ -484,37 +489,38 @@ static int validate_json_area(const char *json_area, uint64_t json_len, uint64_t return 0; } -static int validate_luks2_json_object(json_object *jobj_hdr, uint64_t length) +static int validate_luks2_json_object(struct crypt_device *cd, json_object *jobj_hdr, uint64_t length) { int r; /* we require top level object to be of json_type_object */ r = !json_object_is_type(jobj_hdr, json_type_object); if (r) { - log_dbg("ERROR: Resulting object is not a json object type"); + log_dbg(cd, "ERROR: Resulting object is not a json object type"); return r; } - r = LUKS2_hdr_validate(jobj_hdr, length); + r = LUKS2_hdr_validate(cd, jobj_hdr, length); if (r) { - log_dbg("Repairing JSON metadata."); + log_dbg(cd, "Repairing JSON metadata."); /* try to correct known glitches */ LUKS2_hdr_repair(jobj_hdr); /* run validation again */ - r = LUKS2_hdr_validate(jobj_hdr, length); + r = LUKS2_hdr_validate(cd, jobj_hdr, length); } if (r) - log_dbg("ERROR: LUKS2 validation failed"); + log_dbg(cd, "ERROR: LUKS2 validation failed"); return r; } -static json_object *parse_and_validate_json(const char *json_area, uint64_t max_length) +static json_object *parse_and_validate_json(struct crypt_device *cd, + const char *json_area, uint64_t max_length) { int json_len, r; - json_object *jobj = parse_json_len(json_area, max_length, &json_len); + json_object *jobj = parse_json_len(cd, json_area, max_length, &json_len); if (!jobj) return NULL; @@ -522,9 +528,9 @@ static json_object *parse_and_validate_json(const char *json_area, uint64_t max_ /* successful parse_json_len must not return offset <= 0 */ assert(json_len > 0); - r = validate_json_area(json_area, json_len, max_length); + r = validate_json_area(cd, json_area, json_len, max_length); if (!r) - r = validate_luks2_json_object(jobj, max_length); + r = validate_luks2_json_object(cd, jobj, max_length); if (r) { json_object_put(jobj); @@ -534,19 +540,19 @@ static json_object *parse_and_validate_json(const char *json_area, uint64_t max_ return jobj; } -static int detect_device_signatures(const char *path) +static int detect_device_signatures(struct crypt_device *cd, const char *path) { blk_probe_status prb_state; int r; struct blkid_handle *h; if (!blk_supported()) { - log_dbg("Blkid probing of device signatures disabled."); + log_dbg(cd, "Blkid probing of device signatures disabled."); return 0; } if ((r = blk_init_by_path(&h, path))) { - log_dbg("Failed to initialize blkid_handle by path."); + log_dbg(cd, "Failed to initialize blkid_handle by path."); return -EINVAL; } @@ -560,22 +566,22 @@ static int detect_device_signatures(const char *path) switch (prb_state) { case PRB_AMBIGUOUS: - log_dbg("Blkid probe couldn't decide device type unambiguously."); + log_dbg(cd, "Blkid probe couldn't decide device type unambiguously."); /* fall through */ case PRB_FAIL: - log_dbg("Blkid probe failed."); + log_dbg(cd, "Blkid probe failed."); r = -EINVAL; break; case PRB_OK: /* crypto_LUKS type is filtered out */ r = -EINVAL; if (blk_is_partition(h)) - log_dbg("Blkid probe detected partition type '%s'", blk_get_partition_type(h)); + log_dbg(cd, "Blkid probe detected partition type '%s'", blk_get_partition_type(h)); else if (blk_is_superblock(h)) - log_dbg("blkid probe detected superblock type '%s'", blk_get_superblock_type(h)); + log_dbg(cd, "blkid probe detected superblock type '%s'", blk_get_superblock_type(h)); break; case PRB_EMPTY: - log_dbg("Blkid probe detected no foreign device signature."); + log_dbg(cd, "Blkid probe detected no foreign device signature."); } blk_free(h); return r; @@ -600,16 +606,16 @@ int LUKS2_disk_hdr_read(struct crypt_device *cd, struct luks2_hdr *hdr, /* Skip auto-recovery if locks are disabled and we're not doing LUKS2 explicit repair */ if (do_recovery && do_blkprobe && !crypt_metadata_locking_enabled()) { do_recovery = 0; - log_dbg("Disabling header auto-recovery due to locking being disabled."); + log_dbg(cd, "Disabling header auto-recovery due to locking being disabled."); } /* * Read primary LUKS2 header (offset 0). */ state_hdr1 = HDR_FAIL; - r = hdr_read_disk(device, &hdr_disk1, &json_area1, 0, 0); + r = hdr_read_disk(cd, device, &hdr_disk1, &json_area1, 0, 0); if (r == 0) { - jobj_hdr1 = parse_and_validate_json(json_area1, be64_to_cpu(hdr_disk1.hdr_size) - LUKS2_HDR_BIN_LEN); + jobj_hdr1 = parse_and_validate_json(cd, json_area1, be64_to_cpu(hdr_disk1.hdr_size) - LUKS2_HDR_BIN_LEN); state_hdr1 = jobj_hdr1 ? HDR_OK : HDR_OBSOLETE; } else if (r == -EIO) state_hdr1 = HDR_FAIL_IO; @@ -619,9 +625,9 @@ int LUKS2_disk_hdr_read(struct crypt_device *cd, struct luks2_hdr *hdr, */ state_hdr2 = HDR_FAIL; if (state_hdr1 != HDR_FAIL && state_hdr1 != HDR_FAIL_IO) { - r = hdr_read_disk(device, &hdr_disk2, &json_area2, be64_to_cpu(hdr_disk1.hdr_size), 1); + r = hdr_read_disk(cd, device, &hdr_disk2, &json_area2, be64_to_cpu(hdr_disk1.hdr_size), 1); if (r == 0) { - jobj_hdr2 = parse_and_validate_json(json_area2, be64_to_cpu(hdr_disk2.hdr_size) - LUKS2_HDR_BIN_LEN); + jobj_hdr2 = parse_and_validate_json(cd, json_area2, be64_to_cpu(hdr_disk2.hdr_size) - LUKS2_HDR_BIN_LEN); state_hdr2 = jobj_hdr2 ? HDR_OK : HDR_OBSOLETE; } else if (r == -EIO) state_hdr2 = HDR_FAIL_IO; @@ -630,10 +636,10 @@ int LUKS2_disk_hdr_read(struct crypt_device *cd, struct luks2_hdr *hdr, * No header size, check all known offsets. */ for (r = -EINVAL,i = 0; r < 0 && i < ARRAY_SIZE(hdr2_offsets); i++) - r = hdr_read_disk(device, &hdr_disk2, &json_area2, hdr2_offsets[i], 1); + r = hdr_read_disk(cd, device, &hdr_disk2, &json_area2, hdr2_offsets[i], 1); if (r == 0) { - jobj_hdr2 = parse_and_validate_json(json_area2, be64_to_cpu(hdr_disk2.hdr_size) - LUKS2_HDR_BIN_LEN); + jobj_hdr2 = parse_and_validate_json(cd, json_area2, be64_to_cpu(hdr_disk2.hdr_size) - LUKS2_HDR_BIN_LEN); state_hdr2 = jobj_hdr2 ? HDR_OK : HDR_OBSOLETE; } else if (r == -EIO) state_hdr2 = HDR_FAIL_IO; @@ -667,9 +673,9 @@ int LUKS2_disk_hdr_read(struct crypt_device *cd, struct luks2_hdr *hdr, * Try to rewrite (recover) bad header. Always regenerate salt for bad header. */ if (state_hdr1 == HDR_OK && state_hdr2 != HDR_OK) { - log_dbg("Secondary LUKS2 header requires recovery."); + log_dbg(cd, "Secondary LUKS2 header requires recovery."); - if (do_blkprobe && (r = detect_device_signatures(device_path(device)))) { + if (do_blkprobe && (r = detect_device_signatures(cd, device_path(device)))) { log_err(cd, _("Device contains ambiguous signatures, cannot auto-recover LUKS2.\n" "Please run \"cryptsetup repair\" for recovery.")); goto err; @@ -679,18 +685,18 @@ int LUKS2_disk_hdr_read(struct crypt_device *cd, struct luks2_hdr *hdr, memcpy(&hdr_disk2, &hdr_disk1, LUKS2_HDR_BIN_LEN); r = crypt_random_get(NULL, (char*)hdr_disk2.salt, sizeof(hdr_disk2.salt), CRYPT_RND_SALT); if (r) - log_dbg("Cannot generate master salt."); + log_dbg(cd, "Cannot generate master salt."); else { hdr_from_disk(&hdr_disk1, &hdr_disk2, hdr, 0); - r = hdr_write_disk(device, hdr, json_area1, 1); + r = hdr_write_disk(cd, device, hdr, json_area1, 1); } if (r) - log_dbg("Secondary LUKS2 header recovery failed."); + log_dbg(cd, "Secondary LUKS2 header recovery failed."); } } else if (state_hdr1 != HDR_OK && state_hdr2 == HDR_OK) { - log_dbg("Primary LUKS2 header requires recovery."); + log_dbg(cd, "Primary LUKS2 header requires recovery."); - if (do_blkprobe && (r = detect_device_signatures(device_path(device)))) { + if (do_blkprobe && (r = detect_device_signatures(cd, device_path(device)))) { log_err(cd, _("Device contains ambiguous signatures, cannot auto-recover LUKS2.\n" "Please run \"cryptsetup repair\" for recovery.")); goto err; @@ -700,13 +706,13 @@ int LUKS2_disk_hdr_read(struct crypt_device *cd, struct luks2_hdr *hdr, memcpy(&hdr_disk1, &hdr_disk2, LUKS2_HDR_BIN_LEN); r = crypt_random_get(NULL, (char*)hdr_disk1.salt, sizeof(hdr_disk1.salt), CRYPT_RND_SALT); if (r) - log_dbg("Cannot generate master salt."); + log_dbg(cd, "Cannot generate master salt."); else { hdr_from_disk(&hdr_disk2, &hdr_disk1, hdr, 1); - r = hdr_write_disk(device, hdr, json_area2, 0); + r = hdr_write_disk(cd, device, hdr, json_area2, 0); } if (r) - log_dbg("Primary LUKS2 header recovery failed."); + log_dbg(cd, "Primary LUKS2 header recovery failed."); } } @@ -738,7 +744,7 @@ int LUKS2_disk_hdr_read(struct crypt_device *cd, struct luks2_hdr *hdr, */ return 0; err: - log_dbg("LUKS2 header read failed (%d).", r); + log_dbg(cd, "LUKS2 header read failed (%d).", r); free(json_area1); free(json_area2); diff --git a/lib/luks2/luks2_internal.h b/lib/luks2/luks2_internal.h index 38c8beb7..16ccbe81 100644 --- a/lib/luks2/luks2_internal.h +++ b/lib/luks2/luks2_internal.h @@ -58,25 +58,28 @@ json_object *LUKS2_get_tokens_jobj(struct luks2_hdr *hdr); void hexprint_base64(struct crypt_device *cd, json_object *jobj, const char *sep, const char *line_sep); -json_object *parse_json_len(const char *json_area, uint64_t max_length, int *json_len); +json_object *parse_json_len(struct crypt_device *cd, const char *json_area, + uint64_t max_length, int *json_len); uint64_t json_object_get_uint64(json_object *jobj); uint32_t json_object_get_uint32(json_object *jobj); json_object *json_object_new_uint64(uint64_t value); -void JSON_DBG(json_object *jobj, const char *desc); +void JSON_DBG(struct crypt_device *cd, json_object *jobj, const char *desc); /* * LUKS2 JSON validation */ /* validation helper */ -json_object *json_contains(json_object *jobj, const char *name, const char *section, - const char *key, json_type type); +json_object *json_contains(struct crypt_device *cd, json_object *jobj, const char *name, + const char *section, const char *key, json_type type); -int LUKS2_hdr_validate(json_object *hdr_jobj, uint64_t json_size); -int LUKS2_keyslot_validate(json_object *hdr_jobj, json_object *hdr_keyslot, const char *key); -int LUKS2_check_json_size(const struct luks2_hdr *hdr); -int LUKS2_token_validate(json_object *hdr_jobj, json_object *jobj_token, const char *key); +int LUKS2_hdr_validate(struct crypt_device *cd, json_object *hdr_jobj, uint64_t json_size); +int LUKS2_keyslot_validate(struct crypt_device *cd, json_object *hdr_jobj, + json_object *hdr_keyslot, const char *key); +int LUKS2_check_json_size(struct crypt_device *cd, const struct luks2_hdr *hdr); +int LUKS2_token_validate(struct crypt_device *cd, json_object *hdr_jobj, + json_object *jobj_token, const char *key); void LUKS2_token_dump(struct crypt_device *cd, int token); /* @@ -122,7 +125,7 @@ int placeholder_keyslot_alloc(struct crypt_device *cd, size_t volume_key_len); /* validate all keyslot implementations in hdr json */ -int LUKS2_keyslots_validate(json_object *hdr_jobj); +int LUKS2_keyslots_validate(struct crypt_device *cd, json_object *hdr_jobj); typedef struct { const char *name; diff --git a/lib/luks2/luks2_json_format.c b/lib/luks2/luks2_json_format.c index f352dee9..00fe4c71 100644 --- a/lib/luks2/luks2_json_format.c +++ b/lib/luks2/luks2_json_format.c @@ -100,7 +100,7 @@ int LUKS2_find_area_gap(struct crypt_device *cd, struct luks2_hdr *hdr, return -EINVAL; } - log_dbg("Found area %zu -> %zu", offset, length + offset); + log_dbg(cd, "Found area %zu -> %zu", offset, length + offset); /* log_dbg("Area offset min: %zu, max %zu, slots max %u", get_min_offset(hdr), get_max_offset(cd), LUKS2_KEYSLOTS_MAX); @@ -242,7 +242,7 @@ int LUKS2_generate_hdr( json_object_object_add(jobj_config, "keyslots_size", json_object_new_uint64(keyslots_size)); - JSON_DBG(hdr->jobj, "Header JSON"); + JSON_DBG(cd, hdr->jobj, "Header JSON"); return 0; } @@ -258,7 +258,7 @@ int LUKS2_wipe_header_areas(struct crypt_device *cd, length = LUKS2_get_data_offset(hdr) * SECTOR_SIZE; wipe_block = 1024 * 1024; - if (LUKS2_hdr_validate(hdr->jobj, hdr->hdr_size - LUKS2_HDR_BIN_LEN)) + if (LUKS2_hdr_validate(cd, hdr->jobj, hdr->hdr_size - LUKS2_HDR_BIN_LEN)) return -EINVAL; /* On detached header wipe at least the first 4k */ @@ -267,7 +267,7 @@ int LUKS2_wipe_header_areas(struct crypt_device *cd, wipe_block = 4096; } - log_dbg("Wiping LUKS areas (0x%06" PRIx64 " - 0x%06" PRIx64") with zeroes.", + log_dbg(cd, "Wiping LUKS areas (0x%06" PRIx64 " - 0x%06" PRIx64") with zeroes.", offset, length + offset); r = crypt_wipe_device(cd, crypt_metadata_device(cd), CRYPT_WIPE_ZERO, @@ -280,7 +280,7 @@ int LUKS2_wipe_header_areas(struct crypt_device *cd, offset = get_min_offset(hdr); length = LUKS2_keyslots_size(hdr->jobj); - log_dbg("Wiping keyslots area (0x%06" PRIx64 " - 0x%06" PRIx64") with random data.", + log_dbg(cd, "Wiping keyslots area (0x%06" PRIx64 " - 0x%06" PRIx64") with random data.", offset, length + offset); return crypt_wipe_device(cd, crypt_metadata_device(cd), CRYPT_WIPE_RANDOM, diff --git a/lib/luks2/luks2_json_metadata.c b/lib/luks2/luks2_json_metadata.c index 38bfefca..85944bf0 100644 --- a/lib/luks2/luks2_json_metadata.c +++ b/lib/luks2/luks2_json_metadata.c @@ -54,12 +54,12 @@ void hexprint_base64(struct crypt_device *cd, json_object *jobj, free(buf); } -void JSON_DBG(json_object *jobj, const char *desc) +void JSON_DBG(struct crypt_device *cd, json_object *jobj, const char *desc) { /* FIXME: make this conditional and disable for stable release. */ if (desc) - log_dbg("%s:", desc); - log_dbg("%s", json_object_to_json_string_ext(jobj, + log_dbg(cd, "%s:", desc); + log_dbg(cd, "%s", json_object_to_json_string_ext(jobj, JSON_C_TO_STRING_PRETTY | JSON_C_TO_STRING_NOSLASHESCAPE)); } @@ -206,8 +206,6 @@ static json_bool json_str_to_uint64(json_object *jobj, uint64_t *value) errno = 0; tmp = strtoull(json_object_get_string(jobj), &endptr, 10); if (*endptr || errno) { - log_dbg("Failed to parse uint64_t type from string %s.", - json_object_get_string(jobj)); *value = 0; return FALSE; } @@ -240,26 +238,26 @@ json_object *json_object_new_uint64(uint64_t value) /* * Validate helpers */ -static json_bool numbered(const char *name, const char *key) +static json_bool numbered(struct crypt_device *cd, const char *name, const char *key) { int i; for (i = 0; key[i]; i++) if (!isdigit(key[i])) { - log_dbg("%s \"%s\" is not in numbered form.", name, key); + log_dbg(cd, "%s \"%s\" is not in numbered form.", name, key); return FALSE; } return TRUE; } -json_object *json_contains(json_object *jobj, const char *name, +json_object *json_contains(struct crypt_device *cd, json_object *jobj, const char *name, const char *section, const char *key, json_type type) { json_object *sobj; if (!json_object_object_get_ex(jobj, key, &sobj) || !json_object_is_type(sobj, type)) { - log_dbg("%s \"%s\" is missing \"%s\" (%s) specification.", + log_dbg(cd, "%s \"%s\" is missing \"%s\" (%s) specification.", section, name, key, json_type_to_name(type)); return NULL; } @@ -305,7 +303,8 @@ static json_bool validate_json_uint32(json_object *jobj) return (errno || tmp < 0 || tmp > UINT32_MAX) ? FALSE : TRUE; } -static json_bool validate_keyslots_array(json_object *jarr, json_object *jobj_keys) +static json_bool validate_keyslots_array(struct crypt_device *cd, + json_object *jarr, json_object *jobj_keys) { json_object *jobj; int i = 0, length = (int) json_object_array_length(jarr); @@ -313,11 +312,11 @@ static json_bool validate_keyslots_array(json_object *jarr, json_object *jobj_ke while (i < length) { jobj = json_object_array_get_idx(jarr, i); if (!json_object_is_type(jobj, json_type_string)) { - log_dbg("Illegal value type in keyslots array at index %d.", i); + log_dbg(cd, "Illegal value type in keyslots array at index %d.", i); return FALSE; } - if (!json_contains(jobj_keys, "", "Keyslots section", + if (!json_contains(cd, jobj_keys, "", "Keyslots section", json_object_get_string(jobj), json_type_object)) return FALSE; @@ -327,7 +326,8 @@ static json_bool validate_keyslots_array(json_object *jarr, json_object *jobj_ke return TRUE; } -static json_bool validate_segments_array(json_object *jarr, json_object *jobj_segments) +static json_bool validate_segments_array(struct crypt_device *cd, + json_object *jarr, json_object *jobj_segments) { json_object *jobj; int i = 0, length = (int) json_object_array_length(jarr); @@ -335,11 +335,11 @@ static json_bool validate_segments_array(json_object *jarr, json_object *jobj_se while (i < length) { jobj = json_object_array_get_idx(jarr, i); if (!json_object_is_type(jobj, json_type_string)) { - log_dbg("Illegal value type in segments array at index %d.", i); + log_dbg(cd, "Illegal value type in segments array at index %d.", i); return FALSE; } - if (!json_contains(jobj_segments, "", "Segments section", + if (!json_contains(cd, jobj_segments, "", "Segments section", json_object_get_string(jobj), json_type_object)) return FALSE; @@ -363,24 +363,25 @@ static json_bool segment_has_digest(const char *segment_name, json_object *jobj_ return FALSE; } -static json_bool validate_intervals(int length, const struct interval *ix, uint64_t *data_offset) +static json_bool validate_intervals(struct crypt_device *cd, + int length, const struct interval *ix, uint64_t *data_offset) { int j, i = 0; while (i < length) { if (ix[i].offset < 2 * LUKS2_HDR_16K_LEN) { - log_dbg("Illegal area offset: %" PRIu64 ".", ix[i].offset); + log_dbg(cd, "Illegal area offset: %" PRIu64 ".", ix[i].offset); return FALSE; } if (!ix[i].length) { - log_dbg("Area length must be greater than zero."); + log_dbg(cd, "Area length must be greater than zero."); return FALSE; } /* first segment at offset 0 means we have detached header. Do not check then. */ if (*data_offset && (ix[i].offset + ix[i].length) > *data_offset) { - log_dbg("Area [%" PRIu64 ", %" PRIu64 "] intersects with segment starting at offset: %" PRIu64, + log_dbg(cd, "Area [%" PRIu64 ", %" PRIu64 "] intersects with segment starting at offset: %" PRIu64, ix[i].offset, ix[i].offset + ix[i].length, *data_offset); return FALSE; } @@ -389,7 +390,7 @@ static json_bool validate_intervals(int length, const struct interval *ix, uint6 if (i == j) continue; if ((ix[i].offset >= ix[j].offset) && (ix[i].offset < (ix[j].offset + ix[j].length))) { - log_dbg("Overlapping areas [%" PRIu64 ",%" PRIu64 "] and [%" PRIu64 ",%" PRIu64 "].", + log_dbg(cd, "Overlapping areas [%" PRIu64 ",%" PRIu64 "] and [%" PRIu64 ",%" PRIu64 "].", ix[i].offset, ix[i].offset + ix[i].length, ix[j].offset, ix[j].offset + ix[j].length); return FALSE; @@ -402,30 +403,31 @@ static json_bool validate_intervals(int length, const struct interval *ix, uint6 return TRUE; } -static int hdr_validate_areas(json_object *hdr_jobj); -int LUKS2_keyslot_validate(json_object *hdr_jobj, json_object *hdr_keyslot, const char *key) +static int hdr_validate_areas(struct crypt_device *, json_object *hdr_jobj); +int LUKS2_keyslot_validate(struct crypt_device *cd, json_object *hdr_jobj, json_object *hdr_keyslot, const char *key) { json_object *jobj_key_size; - if (!json_contains(hdr_keyslot, key, "Keyslot", "type", json_type_string)) + if (!json_contains(cd, hdr_keyslot, key, "Keyslot", "type", json_type_string)) return 1; - if (!(jobj_key_size = json_contains(hdr_keyslot, key, "Keyslot", "key_size", json_type_int))) + if (!(jobj_key_size = json_contains(cd, hdr_keyslot, key, "Keyslot", "key_size", json_type_int))) return 1; /* enforce uint32_t type */ if (!validate_json_uint32(jobj_key_size)) { - log_dbg("Illegal field \"key_size\":%s.", + log_dbg(cd, "Illegal field \"key_size\":%s.", json_object_get_string(jobj_key_size)); return 1; } - if (hdr_validate_areas(hdr_jobj)) + if (hdr_validate_areas(cd, hdr_jobj)) return 1; return 0; } -int LUKS2_token_validate(json_object *hdr_jobj, json_object *jobj_token, const char *key) +int LUKS2_token_validate(struct crypt_device *cd, + json_object *hdr_jobj, json_object *jobj_token, const char *key) { json_object *jarr, *jobj_keyslots; @@ -433,20 +435,20 @@ int LUKS2_token_validate(json_object *hdr_jobj, json_object *jobj_token, const c if (!json_object_object_get_ex(hdr_jobj, "keyslots", &jobj_keyslots)) return 1; - if (!json_contains(jobj_token, key, "Token", "type", json_type_string)) + if (!json_contains(cd, jobj_token, key, "Token", "type", json_type_string)) return 1; - jarr = json_contains(jobj_token, key, "Token", "keyslots", json_type_array); + jarr = json_contains(cd, jobj_token, key, "Token", "keyslots", json_type_array); if (!jarr) return 1; - if (!validate_keyslots_array(jarr, jobj_keyslots)) + if (!validate_keyslots_array(cd, jarr, jobj_keyslots)) return 1; return 0; } -static int hdr_validate_json_size(json_object *hdr_jobj, uint64_t hdr_json_size) +static int hdr_validate_json_size(struct crypt_device *cd, json_object *hdr_jobj, uint64_t hdr_json_size) { json_object *jobj, *jobj1; const char *json; @@ -461,122 +463,123 @@ static int hdr_validate_json_size(json_object *hdr_jobj, uint64_t hdr_json_size) json_size = (uint64_t)strlen(json); if (hdr_json_size != json_area_size) { - log_dbg("JSON area size doesn't match value in binary header."); + log_dbg(cd, "JSON area size doesn't match value in binary header."); return 1; } if (json_size > json_area_size) { - log_dbg("JSON doesn't fit in the designated area."); + log_dbg(cd, "JSON doesn't fit in the designated area."); return 1; } return 0; } -int LUKS2_check_json_size(const struct luks2_hdr *hdr) +int LUKS2_check_json_size(struct crypt_device *cd, const struct luks2_hdr *hdr) { - return hdr_validate_json_size(hdr->jobj, hdr->hdr_size - LUKS2_HDR_BIN_LEN); + return hdr_validate_json_size(cd, hdr->jobj, hdr->hdr_size - LUKS2_HDR_BIN_LEN); } -static int hdr_validate_keyslots(json_object *hdr_jobj) +static int hdr_validate_keyslots(struct crypt_device *cd, json_object *hdr_jobj) { json_object *jobj; if (!json_object_object_get_ex(hdr_jobj, "keyslots", &jobj)) { - log_dbg("Missing keyslots section."); + log_dbg(cd, "Missing keyslots section."); return 1; } json_object_object_foreach(jobj, key, val) { - if (!numbered("Keyslot", key)) + if (!numbered(cd, "Keyslot", key)) return 1; - if (LUKS2_keyslot_validate(hdr_jobj, val, key)) + if (LUKS2_keyslot_validate(cd, hdr_jobj, val, key)) return 1; } return 0; } -static int hdr_validate_tokens(json_object *hdr_jobj) +static int hdr_validate_tokens(struct crypt_device *cd, json_object *hdr_jobj) { json_object *jobj; if (!json_object_object_get_ex(hdr_jobj, "tokens", &jobj)) { - log_dbg("Missing tokens section."); + log_dbg(cd, "Missing tokens section."); return 1; } json_object_object_foreach(jobj, key, val) { - if (!numbered("Token", key)) + if (!numbered(cd, "Token", key)) return 1; - if (LUKS2_token_validate(hdr_jobj, val, key)) + if (LUKS2_token_validate(cd, hdr_jobj, val, key)) return 1; } return 0; } -static int hdr_validate_crypt_segment(json_object *jobj, const char *key, json_object *jobj_digests, +static int hdr_validate_crypt_segment(struct crypt_device *cd, + json_object *jobj, const char *key, json_object *jobj_digests, uint64_t offset, uint64_t size) { json_object *jobj_ivoffset, *jobj_sector_size, *jobj_integrity; uint32_t sector_size; uint64_t ivoffset; - if (!(jobj_ivoffset = json_contains(jobj, key, "Segment", "iv_tweak", json_type_string)) || - !json_contains(jobj, key, "Segment", "encryption", json_type_string) || - !(jobj_sector_size = json_contains(jobj, key, "Segment", "sector_size", json_type_int))) + if (!(jobj_ivoffset = json_contains(cd, jobj, key, "Segment", "iv_tweak", json_type_string)) || + !json_contains(cd, jobj, key, "Segment", "encryption", json_type_string) || + !(jobj_sector_size = json_contains(cd, jobj, key, "Segment", "sector_size", json_type_int))) return 1; /* integrity */ if (json_object_object_get_ex(jobj, "integrity", &jobj_integrity)) { - if (!json_contains(jobj, key, "Segment", "integrity", json_type_object) || - !json_contains(jobj_integrity, key, "Segment integrity", "type", json_type_string) || - !json_contains(jobj_integrity, key, "Segment integrity", "journal_encryption", json_type_string) || - !json_contains(jobj_integrity, key, "Segment integrity", "journal_integrity", json_type_string)) + if (!json_contains(cd, jobj, key, "Segment", "integrity", json_type_object) || + !json_contains(cd, jobj_integrity, key, "Segment integrity", "type", json_type_string) || + !json_contains(cd, jobj_integrity, key, "Segment integrity", "journal_encryption", json_type_string) || + !json_contains(cd, jobj_integrity, key, "Segment integrity", "journal_integrity", json_type_string)) return 1; } /* enforce uint32_t type */ if (!validate_json_uint32(jobj_sector_size)) { - log_dbg("Illegal field \"sector_size\":%s.", + log_dbg(cd, "Illegal field \"sector_size\":%s.", json_object_get_string(jobj_sector_size)); return 1; } sector_size = json_object_get_uint32(jobj_sector_size); if (!sector_size || MISALIGNED_512(sector_size)) { - log_dbg("Illegal sector size: %" PRIu32, sector_size); + log_dbg(cd, "Illegal sector size: %" PRIu32, sector_size); return 1; } - if (!numbered("iv_tweak", json_object_get_string(jobj_ivoffset)) || + if (!numbered(cd, "iv_tweak", json_object_get_string(jobj_ivoffset)) || !json_str_to_uint64(jobj_ivoffset, &ivoffset)) { - log_dbg("Illegal iv_tweak value."); + log_dbg(cd, "Illegal iv_tweak value."); return 1; } if (size % sector_size) { - log_dbg("Size field has to be aligned to sector size: %" PRIu32, sector_size); + log_dbg(cd, "Size field has to be aligned to sector size: %" PRIu32, sector_size); return 1; } return !segment_has_digest(key, jobj_digests); } -static int hdr_validate_segments(json_object *hdr_jobj) +static int hdr_validate_segments(struct crypt_device *cd, json_object *hdr_jobj) { json_object *jobj, *jobj_digests, *jobj_offset, *jobj_size, *jobj_type, *jobj_flags; int i; uint64_t offset, size; if (!json_object_object_get_ex(hdr_jobj, "segments", &jobj)) { - log_dbg("Missing segments section."); + log_dbg(cd, "Missing segments section."); return 1; } if (json_object_object_length(jobj) < 1) { - log_dbg("Empty segments section."); + log_dbg(cd, "Empty segments section."); return 1; } @@ -585,22 +588,22 @@ static int hdr_validate_segments(json_object *hdr_jobj) return 1; json_object_object_foreach(jobj, key, val) { - if (!numbered("Segment", key)) + if (!numbered(cd, "Segment", key)) return 1; /* those fields are mandatory for all segment types */ - if (!(jobj_type = json_contains(val, key, "Segment", "type", json_type_string)) || - !(jobj_offset = json_contains(val, key, "Segment", "offset", json_type_string)) || - !(jobj_size = json_contains(val, key, "Segment", "size", json_type_string))) + if (!(jobj_type = json_contains(cd, val, key, "Segment", "type", json_type_string)) || + !(jobj_offset = json_contains(cd, val, key, "Segment", "offset", json_type_string)) || + !(jobj_size = json_contains(cd, val, key, "Segment", "size", json_type_string))) return 1; - if (!numbered("offset", json_object_get_string(jobj_offset)) || + if (!numbered(cd, "offset", json_object_get_string(jobj_offset)) || !json_str_to_uint64(jobj_offset, &offset)) return 1; /* size "dynamic" means whole device starting at 'offset' */ if (strcmp(json_object_get_string(jobj_size), "dynamic")) { - if (!numbered("size", json_object_get_string(jobj_size)) || + if (!numbered(cd, "size", json_object_get_string(jobj_size)) || !json_str_to_uint64(jobj_size, &size) || !size) return 1; } else @@ -608,17 +611,17 @@ static int hdr_validate_segments(json_object *hdr_jobj) /* all device-mapper devices are aligned to 512 sector size */ if (MISALIGNED_512(offset)) { - log_dbg("Offset field has to be aligned to sector size: %" PRIu32, SECTOR_SIZE); + log_dbg(cd, "Offset field has to be aligned to sector size: %" PRIu32, SECTOR_SIZE); return 1; } if (MISALIGNED_512(size)) { - log_dbg("Size field has to be aligned to sector size: %" PRIu32, SECTOR_SIZE); + log_dbg(cd, "Size field has to be aligned to sector size: %" PRIu32, SECTOR_SIZE); return 1; } /* flags array is optional and must contain strings */ if (json_object_object_get_ex(val, "flags", NULL)) { - if (!(jobj_flags = json_contains(val, key, "Segment", "flags", json_type_array))) + if (!(jobj_flags = json_contains(cd, val, key, "Segment", "flags", json_type_array))) return 1; for (i = 0; i < (int) json_object_array_length(jobj_flags); i++) if (!json_object_is_type(json_object_array_get_idx(jobj_flags, i), json_type_string)) @@ -627,14 +630,14 @@ static int hdr_validate_segments(json_object *hdr_jobj) /* crypt */ if (!strcmp(json_object_get_string(jobj_type), "crypt") && - hdr_validate_crypt_segment(val, key, jobj_digests, offset, size)) + hdr_validate_crypt_segment(cd, val, key, jobj_digests, offset, size)) return 1; } return 0; } -static int hdr_validate_areas(json_object *hdr_jobj) +static int hdr_validate_areas(struct crypt_device *cd, json_object *hdr_jobj) { struct interval *intervals; json_object *jobj_keyslots, *jobj_offset, *jobj_length, *jobj_segments, *jobj_area; @@ -655,23 +658,23 @@ static int hdr_validate_areas(json_object *hdr_jobj) return 0; if (length < 0) { - log_dbg("Invalid keyslot areas specification."); + log_dbg(cd, "Invalid keyslot areas specification."); return 1; } intervals = malloc(length * sizeof(*intervals)); if (!intervals) { - log_dbg("Not enough memory."); + log_dbg(cd, "Not enough memory."); return -ENOMEM; } json_object_object_foreach(jobj_keyslots, key, val) { - if (!(jobj_area = json_contains(val, key, "Keyslot", "area", json_type_object)) || - !(jobj_offset = json_contains(jobj_area, key, "Keyslot", "offset", json_type_string)) || - !(jobj_length = json_contains(jobj_area, key, "Keyslot", "size", json_type_string)) || - !numbered("offset", json_object_get_string(jobj_offset)) || - !numbered("size", json_object_get_string(jobj_length))) { + if (!(jobj_area = json_contains(cd, val, key, "Keyslot", "area", json_type_object)) || + !(jobj_offset = json_contains(cd, jobj_area, key, "Keyslot", "offset", json_type_string)) || + !(jobj_length = json_contains(cd, jobj_area, key, "Keyslot", "size", json_type_string)) || + !numbered(cd, "offset", json_object_get_string(jobj_offset)) || + !numbered(cd, "size", json_object_get_string(jobj_length))) { free(intervals); return 1; } @@ -693,19 +696,19 @@ static int hdr_validate_areas(json_object *hdr_jobj) first_offset = get_first_data_offset(jobj_segments, NULL); - ret = validate_intervals(length, intervals, &first_offset) ? 0 : 1; + ret = validate_intervals(cd, length, intervals, &first_offset) ? 0 : 1; free(intervals); return ret; } -static int hdr_validate_digests(json_object *hdr_jobj) +static int hdr_validate_digests(struct crypt_device *cd, json_object *hdr_jobj) { json_object *jarr_keys, *jarr_segs, *jobj, *jobj_keyslots, *jobj_segments; if (!json_object_object_get_ex(hdr_jobj, "digests", &jobj)) { - log_dbg("Missing digests section."); + log_dbg(cd, "Missing digests section."); return 1; } @@ -718,17 +721,17 @@ static int hdr_validate_digests(json_object *hdr_jobj) return 1; json_object_object_foreach(jobj, key, val) { - if (!numbered("Digest", key)) + if (!numbered(cd, "Digest", key)) return 1; - if (!json_contains(val, key, "Digest", "type", json_type_string) || - !(jarr_keys = json_contains(val, key, "Digest", "keyslots", json_type_array)) || - !(jarr_segs = json_contains(val, key, "Digest", "segments", json_type_array))) + if (!json_contains(cd, val, key, "Digest", "type", json_type_string) || + !(jarr_keys = json_contains(cd, val, key, "Digest", "keyslots", json_type_array)) || + !(jarr_segs = json_contains(cd, val, key, "Digest", "segments", json_type_array))) return 1; - if (!validate_keyslots_array(jarr_keys, jobj_keyslots)) + if (!validate_keyslots_array(cd, jarr_keys, jobj_keyslots)) return 1; - if (!validate_segments_array(jarr_segs, jobj_segments)) + if (!validate_segments_array(cd, jarr_segs, jobj_segments)) return 1; } @@ -736,7 +739,8 @@ static int hdr_validate_digests(json_object *hdr_jobj) } /* requires keyslots and segments sections being already validated */ -static int validate_keyslots_size(json_object *hdr_jobj, uint64_t metadata_size, uint64_t keyslots_size) +static int validate_keyslots_size(struct crypt_device *cd, json_object *hdr_jobj, + uint64_t metadata_size, uint64_t keyslots_size) { json_object *jobj_keyslots, *jobj, *jobj1; uint64_t segment_offset, keyslots_area_sum = 0; @@ -746,7 +750,7 @@ static int validate_keyslots_size(json_object *hdr_jobj, uint64_t metadata_size, if (segment_offset && (segment_offset < keyslots_size || (segment_offset - keyslots_size) < (2 * metadata_size))) { - log_dbg("keyslots_size is too large %" PRIu64 " (bytes). Data offset: %" PRIu64 + log_dbg(cd, "keyslots_size is too large %" PRIu64 " (bytes). Data offset: %" PRIu64 ", keyslots offset: %" PRIu64, keyslots_size, segment_offset, 2 * metadata_size); return 1; } @@ -761,7 +765,7 @@ static int validate_keyslots_size(json_object *hdr_jobj, uint64_t metadata_size, } if (keyslots_area_sum > keyslots_size) { - log_dbg("Sum of all keyslot area sizes (%" PRIu64 ") is greater than value in config section %" + log_dbg(cd, "Sum of all keyslot area sizes (%" PRIu64 ") is greater than value in config section %" PRIu64, keyslots_area_sum, keyslots_size); return 1; } @@ -769,41 +773,41 @@ static int validate_keyslots_size(json_object *hdr_jobj, uint64_t metadata_size, return 0; } -static int hdr_validate_config(json_object *hdr_jobj) +static int hdr_validate_config(struct crypt_device *cd, json_object *hdr_jobj) { json_object *jobj_config, *jobj, *jobj1; int i; uint64_t json_size, keyslots_size; if (!json_object_object_get_ex(hdr_jobj, "config", &jobj_config)) { - log_dbg("Missing config section."); + log_dbg(cd, "Missing config section."); return 1; } - if (!(jobj = json_contains(jobj_config, "section", "Config", "json_size", json_type_string)) || + if (!(jobj = json_contains(cd, jobj_config, "section", "Config", "json_size", json_type_string)) || !json_str_to_uint64(jobj, &json_size)) return 1; - if (!(jobj = json_contains(jobj_config, "section", "Config", "keyslots_size", json_type_string)) || + if (!(jobj = json_contains(cd, jobj_config, "section", "Config", "keyslots_size", json_type_string)) || !json_str_to_uint64(jobj, &keyslots_size)) return 1; if (LUKS2_check_metadata_area_size(json_size + LUKS2_HDR_BIN_LEN)) { - log_dbg("Unsupported LUKS2 header size (%" PRIu64 ").", json_size + LUKS2_HDR_BIN_LEN); + log_dbg(cd, "Unsupported LUKS2 header size (%" PRIu64 ").", json_size + LUKS2_HDR_BIN_LEN); return 1; } if (LUKS2_check_keyslots_area_size(keyslots_size)) { - log_dbg("Unsupported LUKS2 keyslots size (%" PRIu64 ").", keyslots_size); + log_dbg(cd, "Unsupported LUKS2 keyslots size (%" PRIu64 ").", keyslots_size); return 1; } - if (validate_keyslots_size(hdr_jobj, json_size + LUKS2_HDR_BIN_LEN, keyslots_size)) + if (validate_keyslots_size(cd, hdr_jobj, json_size + LUKS2_HDR_BIN_LEN, keyslots_size)) return 1; /* Flags array is optional */ if (json_object_object_get_ex(jobj_config, "flags", &jobj)) { - if (!json_contains(jobj_config, "section", "Config", "flags", json_type_array)) + if (!json_contains(cd, jobj_config, "section", "Config", "flags", json_type_array)) return 1; /* All array members must be strings */ @@ -814,12 +818,12 @@ static int hdr_validate_config(json_object *hdr_jobj) /* Requirements object is optional */ if (json_object_object_get_ex(jobj_config, "requirements", &jobj)) { - if (!json_contains(jobj_config, "section", "Config", "requirements", json_type_object)) + if (!json_contains(cd, jobj_config, "section", "Config", "requirements", json_type_object)) return 1; /* Mandatory array is optional */ if (json_object_object_get_ex(jobj, "mandatory", &jobj1)) { - if (!json_contains(jobj, "section", "Requirements", "mandatory", json_type_array)) + if (!json_contains(cd, jobj, "section", "Requirements", "mandatory", json_type_array)) return 1; /* All array members must be strings */ @@ -832,10 +836,10 @@ static int hdr_validate_config(json_object *hdr_jobj) return 0; } -int LUKS2_hdr_validate(json_object *hdr_jobj, uint64_t json_size) +int LUKS2_hdr_validate(struct crypt_device *cd, json_object *hdr_jobj, uint64_t json_size) { struct { - int (*validate)(json_object *); + int (*validate)(struct crypt_device *, json_object *); } checks[] = { { hdr_validate_tokens }, { hdr_validate_digests }, @@ -851,14 +855,14 @@ int LUKS2_hdr_validate(json_object *hdr_jobj, uint64_t json_size) return 1; for (i = 0; checks[i].validate; i++) - if (checks[i].validate && checks[i].validate(hdr_jobj)) + if (checks[i].validate && checks[i].validate(cd, hdr_jobj)) return 1; - if (hdr_validate_json_size(hdr_jobj, json_size)) + if (hdr_validate_json_size(cd, hdr_jobj, json_size)) return 1; /* validate keyslot implementations */ - if (LUKS2_keyslots_validate(hdr_jobj)) + if (LUKS2_keyslots_validate(cd, hdr_jobj)) return 1; return 0; @@ -903,7 +907,7 @@ int LUKS2_hdr_write(struct crypt_device *cd, struct luks2_hdr *hdr) /* erase unused digests (no assigned keyslot or segment) */ LUKS2_digests_erase_unused(cd, hdr); - if (LUKS2_hdr_validate(hdr->jobj, hdr->hdr_size - LUKS2_HDR_BIN_LEN)) + if (LUKS2_hdr_validate(cd, hdr->jobj, hdr->hdr_size - LUKS2_HDR_BIN_LEN)) return -EINVAL; return LUKS2_disk_hdr_write(cd, hdr, crypt_metadata_device(cd)); @@ -941,12 +945,12 @@ int LUKS2_hdr_labels(struct crypt_device *cd, struct luks2_hdr *hdr, return commit ? LUKS2_hdr_write(cd, hdr) : 0; } -void LUKS2_hdr_free(struct luks2_hdr *hdr) +void LUKS2_hdr_free(struct crypt_device *cd, struct luks2_hdr *hdr) { if (json_object_put(hdr->jobj)) hdr->jobj = NULL; else if (hdr->jobj) - log_dbg("LUKS2 header still in use"); + log_dbg(cd, "LUKS2 header still in use"); } uint64_t LUKS2_keyslots_size(json_object *jobj) @@ -989,8 +993,8 @@ int LUKS2_hdr_backup(struct crypt_device *cd, struct luks2_hdr *hdr, if (!buffer) return -ENOMEM; - log_dbg("Storing backup of header (%zu bytes).", hdr_size); - log_dbg("Output backup file size: %zu bytes.", buffer_size); + log_dbg(cd, "Storing backup of header (%zu bytes).", hdr_size); + log_dbg(cd, "Output backup file size: %zu bytes.", buffer_size); r = device_read_lock(cd, device); if (r) { @@ -1114,7 +1118,7 @@ int LUKS2_hdr_restore(struct crypt_device *cd, struct luks2_hdr *hdr, r = LUKS2_hdr_read(cd, &tmp_hdr, 0); if (r == 0) { - log_dbg("Device %s already contains LUKS2 header, checking UUID and requirements.", device_path(device)); + log_dbg(cd, "Device %s already contains LUKS2 header, checking UUID and requirements.", device_path(device)); r = LUKS2_config_get_requirements(cd, &tmp_hdr, &reqs); if (r) goto out; @@ -1123,7 +1127,7 @@ int LUKS2_hdr_restore(struct crypt_device *cd, struct luks2_hdr *hdr, diff_uuid = 1; if (!reqs_reencrypt(reqs)) { - log_dbg("Checking LUKS2 header size and offsets."); + log_dbg(cd, "Checking LUKS2 header size and offsets."); if (LUKS2_get_data_offset(&tmp_hdr) != LUKS2_get_data_offset(&hdr_file)) { log_err(cd, _("Data offset differ on device and backup, restore failed.")); r = -EINVAL; @@ -1156,7 +1160,7 @@ int LUKS2_hdr_restore(struct crypt_device *cd, struct luks2_hdr *hdr, goto out; } - log_dbg("Storing backup of header (%zu bytes) to device %s.", buffer_size, device_path(device)); + log_dbg(cd, "Storing backup of header (%zu bytes) to device %s.", buffer_size, device_path(device)); /* TODO: perform header restore on bdev in stand-alone routine? */ r = device_write_lock(cd, device); @@ -1188,9 +1192,9 @@ int LUKS2_hdr_restore(struct crypt_device *cd, struct luks2_hdr *hdr, /* end of TODO */ out: - LUKS2_hdr_free(hdr); - LUKS2_hdr_free(&hdr_file); - LUKS2_hdr_free(&tmp_hdr); + LUKS2_hdr_free(cd, hdr); + LUKS2_hdr_free(cd, &hdr_file); + LUKS2_hdr_free(cd, &tmp_hdr); crypt_memzero(&hdr_file, sizeof(hdr_file)); crypt_memzero(&tmp_hdr, sizeof(tmp_hdr)); crypt_safe_free(buffer); @@ -1240,7 +1244,7 @@ int LUKS2_config_get_flags(struct crypt_device *cd, struct luks2_hdr *hdr, uint3 if (!strcmp(persistent_flags[j].description, json_object_get_string(jobj1))) { *flags |= persistent_flags[j].flag; - log_dbg("Using persistent flag %s.", + log_dbg(cd, "Using persistent flag %s.", json_object_get_string(jobj1)); found = 1; } @@ -1264,7 +1268,7 @@ int LUKS2_config_set_flags(struct crypt_device *cd, struct luks2_hdr *hdr, uint3 for (i = 0; persistent_flags[i].description; i++) { if (flags & persistent_flags[i].flag) { - log_dbg("Setting persistent flag: %s.", persistent_flags[i].description); + log_dbg(cd, "Setting persistent flag: %s.", persistent_flags[i].description); json_object_array_add(jobj_flags, json_object_new_string(persistent_flags[i].description)); } @@ -1335,12 +1339,12 @@ int LUKS2_config_get_requirements(struct crypt_device *cd, struct luks2_hdr *hdr if (len <= 0) return 0; - log_dbg("LUKS2 requirements detected:"); + log_dbg(cd, "LUKS2 requirements detected:"); for (i = 0; i < len; i++) { jobj = json_object_array_get_idx(jobj_mandatory, i); req = get_requirement_by_name(json_object_get_string(jobj)); - log_dbg("%s - %sknown", json_object_get_string(jobj), + log_dbg(cd, "%s - %sknown", json_object_get_string(jobj), reqs_unknown(req) ? "un" : ""); *reqs |= req; } @@ -1375,7 +1379,7 @@ int LUKS2_config_set_requirements(struct crypt_device *cd, struct luks2_hdr *hdr /* any remaining bit in requirements is unknown therefore illegal */ if (reqs) { - log_dbg("Illegal requirement flag(s) requested"); + log_dbg(cd, "Illegal requirement flag(s) requested"); goto err; } @@ -1623,7 +1627,7 @@ int LUKS2_hdr_dump(struct crypt_device *cd, struct luks2_hdr *hdr) if (!hdr->jobj) return -EINVAL; - JSON_DBG(hdr->jobj, NULL); + JSON_DBG(cd, hdr->jobj, NULL); log_std(cd, "LUKS header information\n"); log_std(cd, "Version: \t%u\n", hdr->version); diff --git a/lib/luks2/luks2_keyslot.c b/lib/luks2/luks2_keyslot.c index 77cc3e51..24070aa9 100644 --- a/lib/luks2/luks2_keyslot.c +++ b/lib/luks2/luks2_keyslot.c @@ -256,14 +256,14 @@ static int LUKS2_open_and_verify(struct crypt_device *cd, r = h->validate(cd, LUKS2_get_keyslot_jobj(hdr, keyslot)); if (r) { - log_dbg("Keyslot %d validation failed.", keyslot); + log_dbg(cd, "Keyslot %d validation failed.", keyslot); return r; } r = LUKS2_keyslot_for_segment(hdr, keyslot, segment); if (r) { if (r == -ENOENT) - log_dbg("Keyslot %d unusable for segment %d.", keyslot, segment); + log_dbg(cd, "Keyslot %d unusable for segment %d.", keyslot, segment); return r; } @@ -279,7 +279,7 @@ static int LUKS2_open_and_verify(struct crypt_device *cd, r = h->open(cd, keyslot, password, password_len, (*vk)->key, (*vk)->keylength); if (r < 0) - log_dbg("Keyslot %d (%s) open failed with %d.", keyslot, h->name, r); + log_dbg(cd, "Keyslot %d (%s) open failed with %d.", keyslot, h->name, r); else r = LUKS2_digest_verify(cd, hdr, *vk, keyslot); @@ -313,7 +313,7 @@ static int LUKS2_keyslot_open_priority(struct crypt_device *cd, keyslot = atoi(slot); if (slot_priority != priority) { - log_dbg("Keyslot %d priority %d != %d (required), skipped.", + log_dbg(cd, "Keyslot %d priority %d != %d (required), skipped.", keyslot, slot_priority, priority); continue; } @@ -389,14 +389,14 @@ int LUKS2_keyslot_store(struct crypt_device *cd, r = h->update(cd, keyslot, params); if (r) { - log_dbg("Failed to update keyslot %d json.", keyslot); + log_dbg(cd, "Failed to update keyslot %d json.", keyslot); return r; } } r = h->validate(cd, LUKS2_get_keyslot_jobj(hdr, keyslot)); if (r) { - log_dbg("Keyslot validation failed."); + log_dbg(cd, "Keyslot validation failed."); return r; } @@ -426,7 +426,7 @@ int LUKS2_keyslot_wipe(struct crypt_device *cd, return -ENOENT; if (wipe_area_only) - log_dbg("Wiping keyslot %d area only.", keyslot); + log_dbg(cd, "Wiping keyslot %d area only.", keyslot); /* Just check that nobody uses the metadata now */ r = device_write_lock(cd, device); @@ -466,7 +466,7 @@ int LUKS2_keyslot_wipe(struct crypt_device *cd, if (r < 0) return r; } else - log_dbg("Wiping keyslot %d without specific-slot handler loaded.", keyslot); + log_dbg(cd, "Wiping keyslot %d without specific-slot handler loaded.", keyslot); snprintf(num, sizeof(num), "%d", keyslot); json_object_object_del(jobj_keyslots, num); @@ -526,7 +526,7 @@ int placeholder_keyslot_alloc(struct crypt_device *cd, char num[16]; json_object *jobj_keyslots, *jobj_keyslot, *jobj_area; - log_dbg("Allocating placeholder keyslot %d for LUKS1 down conversion.", keyslot); + log_dbg(cd, "Allocating placeholder keyslot %d for LUKS1 down conversion.", keyslot); if (!(hdr = crypt_get_hdr(cd, CRYPT_LUKS2))) return -EINVAL; @@ -585,7 +585,7 @@ static unsigned LUKS2_get_keyslot_digests_count(json_object *hdr_jobj, int keysl } /* run only on header that passed basic format validation */ -int LUKS2_keyslots_validate(json_object *hdr_jobj) +int LUKS2_keyslots_validate(struct crypt_device *cd, json_object *hdr_jobj) { const keyslot_handler *h; int keyslot; @@ -601,12 +601,12 @@ int LUKS2_keyslots_validate(json_object *hdr_jobj) if (!h) continue; if (h->validate && h->validate(NULL, val)) { - log_dbg("Keyslot type %s validation failed on keyslot %d.", h->name, keyslot); + log_dbg(cd, "Keyslot type %s validation failed on keyslot %d.", h->name, keyslot); return -EINVAL; } if (!strcmp(h->name, "luks2") && LUKS2_get_keyslot_digests_count(hdr_jobj, keyslot) != 1) { - log_dbg("Keyslot %d is not assigned to exactly 1 digest.", keyslot); + log_dbg(cd, "Keyslot %d is not assigned to exactly 1 digest.", keyslot); return -EINVAL; } } diff --git a/lib/luks2/luks2_keyslot_luks2.c b/lib/luks2/luks2_keyslot_luks2.c index 2aa46b14..0773cd12 100644 --- a/lib/luks2/luks2_keyslot_luks2.c +++ b/lib/luks2/luks2_keyslot_luks2.c @@ -54,7 +54,7 @@ static int luks2_encrypt_to_storage(char *src, size_t srcLength, /* Encrypt buffer */ r = crypt_storage_init(&s, 0, cipher, cipher_mode, vk->key, vk->keylength); if (r) { - log_dbg("Userspace crypto wrapper cannot use %s-%s (%d).", + log_dbg(cd, "Userspace crypto wrapper cannot use %s-%s (%d).", cipher, cipher_mode, r); return r; } @@ -118,7 +118,7 @@ static int luks2_decrypt_from_storage(char *dst, size_t dstLength, r = crypt_storage_init(&s, 0, cipher, cipher_mode, vk->key, vk->keylength); if (r) { - log_dbg("Userspace crypto wrapper cannot use %s-%s (%d).", + log_dbg(cd, "Userspace crypto wrapper cannot use %s-%s (%d).", cipher, cipher_mode, r); return r; } @@ -284,7 +284,7 @@ static int luks2_keyslot_set_key(struct crypt_device *cd, r = AF_split(volume_key, AfKey, volume_key_len, LUKS_STRIPES, af_hash); if (r == 0) { - log_dbg("Updating keyslot area [0x%04x].", (unsigned)area_offset); + log_dbg(cd, "Updating keyslot area [0x%04x].", (unsigned)area_offset); /* FIXME: sector_offset should be size_t, fix LUKS_encrypt... accordingly */ r = luks2_encrypt_to_storage(AfKey, AFEKSize, cipher, cipher_mode, derived_key, (unsigned)(area_offset / SECTOR_SIZE), cd); @@ -362,7 +362,7 @@ static int luks2_keyslot_get_key(struct crypt_device *cd, pbkdf.parallel_threads); if (r == 0) { - log_dbg("Reading keyslot area [0x%04x].", (unsigned)area_offset); + log_dbg(cd, "Reading keyslot area [0x%04x].", (unsigned)area_offset); /* FIXME: sector_offset should be size_t, fix LUKS_decrypt... accordingly */ r = luks2_decrypt_from_storage(AfKey, AFEKSize, cipher, cipher_mode, derived_key, (unsigned)(area_offset / SECTOR_SIZE), cd); @@ -442,7 +442,7 @@ static int luks2_keyslot_update_json(struct crypt_device *cd, /* update 'af' hash */ json_object_object_add(jobj_af, "hash", json_object_new_string(params->af.luks1.hash)); - JSON_DBG(jobj_keyslot, "Keyslot JSON"); + JSON_DBG(cd, jobj_keyslot, "Keyslot JSON"); return 0; } @@ -457,11 +457,11 @@ static int luks2_keyslot_alloc(struct crypt_device *cd, json_object *jobj_keyslots, *jobj_keyslot, *jobj_af, *jobj_area; int r; - log_dbg("Trying to allocate LUKS2 keyslot %d.", keyslot); + log_dbg(cd, "Trying to allocate LUKS2 keyslot %d.", keyslot); if (!params || params->area_type != LUKS2_KEYSLOT_AREA_RAW || params->af_type != LUKS2_KEYSLOT_AF_LUKS1) { - log_dbg("Invalid LUKS2 keyslot parameters."); + log_dbg(cd, "Invalid LUKS2 keyslot parameters."); return -EINVAL; } @@ -475,7 +475,7 @@ static int luks2_keyslot_alloc(struct crypt_device *cd, return -ENOMEM; if (LUKS2_get_keyslot_jobj(hdr, keyslot)) { - log_dbg("Cannot modify already active keyslot %d.", keyslot); + log_dbg(cd, "Cannot modify already active keyslot %d.", keyslot); return -EINVAL; } @@ -511,8 +511,8 @@ static int luks2_keyslot_alloc(struct crypt_device *cd, r = luks2_keyslot_update_json(cd, jobj_keyslot, params); - if (!r && LUKS2_check_json_size(hdr)) { - log_dbg("Not enough space in header json area for new keyslot."); + if (!r && LUKS2_check_json_size(cd, hdr)) { + log_dbg(cd, "Not enough space in header json area for new keyslot."); r = -ENOSPC; } @@ -532,7 +532,7 @@ static int luks2_keyslot_open(struct crypt_device *cd, struct luks2_hdr *hdr; json_object *jobj_keyslot; - log_dbg("Trying to open LUKS2 keyslot %d.", keyslot); + log_dbg(cd, "Trying to open LUKS2 keyslot %d.", keyslot); if (!(hdr = crypt_get_hdr(cd, CRYPT_LUKS2))) return -EINVAL; @@ -561,7 +561,7 @@ static int luks2_keyslot_store(struct crypt_device *cd, json_object *jobj_keyslot; int r; - log_dbg("Calculating attributes for LUKS2 keyslot %d.", keyslot); + log_dbg(cd, "Calculating attributes for LUKS2 keyslot %d.", keyslot); if (!(hdr = crypt_get_hdr(cd, CRYPT_LUKS2))) return -EINVAL; @@ -665,31 +665,31 @@ static int luks2_keyslot_validate(struct crypt_device *cd, json_object *jobj_key count = json_object_object_length(jobj_kdf); - jobj1 = json_contains(jobj_kdf, "", "kdf section", "type", json_type_string); + jobj1 = json_contains(cd, jobj_kdf, "", "kdf section", "type", json_type_string); if (!jobj1) return -EINVAL; type = json_object_get_string(jobj1); if (!strcmp(type, CRYPT_KDF_PBKDF2)) { if (count != 4 || /* type, salt, hash, iterations only */ - !json_contains(jobj_kdf, "kdf type", type, "hash", json_type_string) || - !json_contains(jobj_kdf, "kdf type", type, "iterations", json_type_int) || - !json_contains(jobj_kdf, "kdf type", type, "salt", json_type_string)) + !json_contains(cd, jobj_kdf, "kdf type", type, "hash", json_type_string) || + !json_contains(cd, jobj_kdf, "kdf type", type, "iterations", json_type_int) || + !json_contains(cd, jobj_kdf, "kdf type", type, "salt", json_type_string)) return -EINVAL; } else if (!strcmp(type, CRYPT_KDF_ARGON2I) || !strcmp(type, CRYPT_KDF_ARGON2ID)) { if (count != 5 || /* type, salt, time, memory, cpus only */ - !json_contains(jobj_kdf, "kdf type", type, "time", json_type_int) || - !json_contains(jobj_kdf, "kdf type", type, "memory", json_type_int) || - !json_contains(jobj_kdf, "kdf type", type, "cpus", json_type_int) || - !json_contains(jobj_kdf, "kdf type", type, "salt", json_type_string)) + !json_contains(cd, jobj_kdf, "kdf type", type, "time", json_type_int) || + !json_contains(cd, jobj_kdf, "kdf type", type, "memory", json_type_int) || + !json_contains(cd, jobj_kdf, "kdf type", type, "cpus", json_type_int) || + !json_contains(cd, jobj_kdf, "kdf type", type, "salt", json_type_string)) return -EINVAL; } if (!json_object_object_get_ex(jobj_af, "type", &jobj1)) return -EINVAL; if (!strcmp(json_object_get_string(jobj1), "luks1")) { - if (!json_contains(jobj_af, "", "luks1 af", "hash", json_type_string) || - !json_contains(jobj_af, "", "luks1 af", "stripes", json_type_int)) + if (!json_contains(cd, jobj_af, "", "luks1 af", "hash", json_type_string) || + !json_contains(cd, jobj_af, "", "luks1 af", "stripes", json_type_int)) return -EINVAL; } else return -EINVAL; @@ -698,10 +698,10 @@ static int luks2_keyslot_validate(struct crypt_device *cd, json_object *jobj_key if (!json_object_object_get_ex(jobj_area, "type", &jobj1)) return -EINVAL; if (!strcmp(json_object_get_string(jobj1), "raw")) { - if (!json_contains(jobj_area, "area", "raw type", "encryption", json_type_string) || - !json_contains(jobj_area, "area", "raw type", "key_size", json_type_int) || - !json_contains(jobj_area, "area", "raw type", "offset", json_type_string) || - !json_contains(jobj_area, "area", "raw type", "size", json_type_string)) + if (!json_contains(cd, jobj_area, "area", "raw type", "encryption", json_type_string) || + !json_contains(cd, jobj_area, "area", "raw type", "key_size", json_type_int) || + !json_contains(cd, jobj_area, "area", "raw type", "offset", json_type_string) || + !json_contains(cd, jobj_area, "area", "raw type", "size", json_type_string)) return -EINVAL; } else return -EINVAL; @@ -717,7 +717,7 @@ static int luks2_keyslot_update(struct crypt_device *cd, json_object *jobj_keyslot; int r; - log_dbg("Updating LUKS2 keyslot %d.", keyslot); + log_dbg(cd, "Updating LUKS2 keyslot %d.", keyslot); if (!(hdr = crypt_get_hdr(cd, CRYPT_LUKS2))) return -EINVAL; @@ -728,8 +728,8 @@ static int luks2_keyslot_update(struct crypt_device *cd, r = luks2_keyslot_update_json(cd, jobj_keyslot, params); - if (!r && LUKS2_check_json_size(hdr)) { - log_dbg("Not enough space in header json area for updated keyslot %d.", keyslot); + if (!r && LUKS2_check_json_size(cd, hdr)) { + log_dbg(cd, "Not enough space in header json area for updated keyslot %d.", keyslot); r = -ENOSPC; } diff --git a/lib/luks2/luks2_luks1_convert.c b/lib/luks2/luks2_luks1_convert.c index 7a5ae150..ead16949 100644 --- a/lib/luks2/luks2_luks1_convert.c +++ b/lib/luks2/luks2_luks1_convert.c @@ -427,7 +427,7 @@ static int move_keyslot_areas(struct crypt_device *cd, off_t offset_from, void *buf = NULL; int r = -EIO, devfd = -1; - log_dbg("Moving keyslot areas of size %zu from %jd to %jd.", + log_dbg(cd, "Moving keyslot areas of size %zu from %jd to %jd.", buf_size, (intmax_t)offset_from, (intmax_t)offset_to); if (posix_memalign(&buf, crypt_getpagesize(), buf_size)) @@ -441,7 +441,7 @@ static int move_keyslot_areas(struct crypt_device *cd, off_t offset_from, /* This can safely fail (for block devices). It only allocates space if it is possible. */ if (posix_fallocate(devfd, offset_to, buf_size)) - log_dbg("Preallocation (fallocate) of new keyslot area not available."); + log_dbg(cd, "Preallocation (fallocate) of new keyslot area not available."); /* Try to read *new* area to check that area is there (trimmed backup). */ if (read_lseek_blockwise(devfd, device_block_size(device), @@ -528,14 +528,14 @@ int LUKS2_luks1_to_luks2(struct crypt_device *cd, struct luks_phdr *hdr1, struct return -EINVAL; if (LUKS_keyslots_offset(hdr1) != (LUKS_ALIGN_KEYSLOTS / SECTOR_SIZE)) { - log_dbg("Unsupported keyslots material offset: %zu.", LUKS_keyslots_offset(hdr1)); + log_dbg(cd, "Unsupported keyslots material offset: %zu.", LUKS_keyslots_offset(hdr1)); return -EINVAL; } if (luksmeta_header_present(cd, luks1_size)) return -EINVAL; - log_dbg("Max size: %" PRIu64 ", LUKS1 (full) header size %zu , required shift: %zu", + log_dbg(cd, "Max size: %" PRIu64 ", LUKS1 (full) header size %zu , required shift: %zu", max_size, luks1_size, luks1_shift); if ((max_size - luks1_size) < luks1_shift) { log_err(cd, _("Unable to move keyslot area. Not enough space.")); @@ -585,12 +585,13 @@ int LUKS2_luks1_to_luks2(struct crypt_device *cd, struct luks_phdr *hdr1, struct // Write JSON hdr2 r = LUKS2_hdr_write(cd, hdr2); out: - LUKS2_hdr_free(hdr2); + LUKS2_hdr_free(cd, hdr2); return r; } -static int keyslot_LUKS1_compatible(struct luks2_hdr *hdr, int keyslot, uint32_t key_size) +static int keyslot_LUKS1_compatible(struct crypt_device *cd, + struct luks2_hdr *hdr, int keyslot, uint32_t key_size) { json_object *jobj_keyslot, *jobj, *jobj_kdf, *jobj_af; uint64_t l2_offset, l2_length; @@ -626,7 +627,7 @@ static int keyslot_LUKS1_compatible(struct luks2_hdr *hdr, int keyslot, uint32_t /* FIXME: check all keyslots are assigned to segment id 0, and segments count == 1 */ ks_key_size = LUKS2_get_keyslot_key_size(hdr, keyslot); if (ks_key_size < 0 || (int)key_size != LUKS2_get_keyslot_key_size(hdr, keyslot)) { - log_dbg("Key length in keyslot %d is different from volume key length", keyslot); + log_dbg(cd, "Key length in keyslot %d is different from volume key length", keyslot); return 0; } @@ -634,7 +635,7 @@ static int keyslot_LUKS1_compatible(struct luks2_hdr *hdr, int keyslot, uint32_t return 0; if (l2_length != (size_round_up(AF_split_sectors(key_size, LUKS_STRIPES) * SECTOR_SIZE, 4096))) { - log_dbg("Area length in LUKS2 keyslot (%d) is not compatible with LUKS1", keyslot); + log_dbg(cd, "Area length in LUKS2 keyslot (%d) is not compatible with LUKS1", keyslot); return 0; } @@ -706,7 +707,7 @@ int LUKS2_luks2_to_luks1(struct crypt_device *cd, struct luks2_hdr *hdr2, struct return -EINVAL; } - if (!keyslot_LUKS1_compatible(hdr2, i, key_size)) { + if (!keyslot_LUKS1_compatible(cd, hdr2, i, key_size)) { log_err(cd, _("Cannot convert to LUKS1 format - keyslot %u is not LUKS1 compatible."), i); return -EINVAL; } diff --git a/lib/luks2/luks2_token.c b/lib/luks2/luks2_token.c index a9ce0f93..ce93093a 100644 --- a/lib/luks2/luks2_token.c +++ b/lib/luks2/luks2_token.c @@ -45,19 +45,19 @@ int crypt_token_register(const crypt_token_handler *handler) int i; if (is_builtin_candidate(handler->name)) { - log_dbg("'" LUKS2_BUILTIN_TOKEN_PREFIX "' is reserved prefix for builtin tokens."); + log_dbg(NULL, "'" LUKS2_BUILTIN_TOKEN_PREFIX "' is reserved prefix for builtin tokens."); return -EINVAL; } for (i = 0; i < LUKS2_TOKENS_MAX && token_handlers[i].h; i++) { if (!strcmp(token_handlers[i].h->name, handler->name)) { - log_dbg("Keyslot handler %s is already registered.", handler->name); + log_dbg(NULL, "Keyslot handler %s is already registered.", handler->name); return -EINVAL; } } if (i == LUKS2_TOKENS_MAX) { - log_dbg("No more space for another token handler."); + log_dbg(NULL, "No more space for another token handler."); return -EINVAL; } @@ -157,13 +157,13 @@ int LUKS2_token_create(struct crypt_device *cd, jobj = json_tokener_parse_verbose(json, &jerr); if (!jobj) { - log_dbg("Token JSON parse failed."); + log_dbg(cd, "Token JSON parse failed."); return -EINVAL; } snprintf(num, sizeof(num), "%d", token); - if (LUKS2_token_validate(hdr->jobj, jobj, num)) { + if (LUKS2_token_validate(cd, hdr->jobj, jobj, num)) { json_object_put(jobj); return -EINVAL; } @@ -172,7 +172,7 @@ int LUKS2_token_create(struct crypt_device *cd, if (is_builtin_candidate(json_object_get_string(jobj_type))) { th = LUKS2_token_handler_type_internal(cd, json_object_get_string(jobj_type)); if (!th || !th->set) { - log_dbg("%s is builtin token candidate with missing handler", json_object_get_string(jobj_type)); + log_dbg(cd, "%s is builtin token candidate with missing handler", json_object_get_string(jobj_type)); json_object_put(jobj); return -EINVAL; } @@ -182,13 +182,13 @@ int LUKS2_token_create(struct crypt_device *cd, if (h && h->validate && h->validate(cd, json)) { json_object_put(jobj); - log_dbg("Token type %s validation failed.", h->name); + log_dbg(cd, "Token type %s validation failed.", h->name); return -EINVAL; } json_object_object_add(jobj_tokens, num, jobj); - if (LUKS2_check_json_size(hdr)) { - log_dbg("Not enough space in header json area for new token."); + if (LUKS2_check_json_size(cd, hdr)) { + log_dbg(cd, "Not enough space in header json area for new token."); json_object_object_del(jobj_tokens, num); return -ENOSPC; } @@ -276,7 +276,7 @@ int LUKS2_builtin_token_create(struct crypt_device *cd, } // builtin tokens must produce valid json - r = LUKS2_token_validate(hdr->jobj, jobj_token, "new"); + r = LUKS2_token_validate(cd, hdr->jobj, jobj_token, "new"); assert(!r); r = th->h->validate(cd, json_object_to_json_string_ext(jobj_token, JSON_C_TO_STRING_PLAIN | JSON_C_TO_STRING_NOSLASHESCAPE)); @@ -284,8 +284,8 @@ int LUKS2_builtin_token_create(struct crypt_device *cd, json_object_object_get_ex(hdr->jobj, "tokens", &jobj_tokens); json_object_object_add(jobj_tokens, num, jobj_token); - if (LUKS2_check_json_size(hdr)) { - log_dbg("Not enough space in header json area for new %s token.", type); + if (LUKS2_check_json_size(cd, hdr)) { + log_dbg(cd, "Not enough space in header json area for new %s token.", type); json_object_object_del(jobj_tokens, num); return -ENOSPC; } @@ -315,14 +315,14 @@ static int LUKS2_token_open(struct crypt_device *cd, return -EINVAL; if (h->validate(cd, json)) { - log_dbg("Token %d (%s) validation failed.", token, h->name); + log_dbg(cd, "Token %d (%s) validation failed.", token, h->name); return -EINVAL; } } r = h->open(cd, token, buffer, buffer_len, usrptr); if (r < 0) - log_dbg("Token %d (%s) open failed with %d.", token, h->name, r); + log_dbg(cd, "Token %d (%s) open failed with %d.", token, h->name, r); return r; } @@ -371,7 +371,7 @@ static int LUKS2_keyslot_open_by_token(struct crypt_device *cd, for (i = 0; i < (int) json_object_array_length(jobj_token_keyslots) && r < 0; i++) { jobj = json_object_array_get_idx(jobj_token_keyslots, i); num = json_object_get_string(jobj); - log_dbg("Trying to open keyslot %s with token %d (type %s).", num, token, h->name); + log_dbg(cd, "Trying to open keyslot %s with token %d (type %s).", num, token, h->name); r = LUKS2_keyslot_open(cd, atoi(num), segment, buffer, buffer_len, vk); } @@ -501,7 +501,7 @@ static int assign_one_keyslot(struct crypt_device *cd, struct luks2_hdr *hdr, json_object *jobj1, *jobj_token, *jobj_token_keyslots; char num[16]; - log_dbg("Keyslot %i %s token %i.", keyslot, assign ? "assigned to" : "unassigned from", token); + log_dbg(cd, "Keyslot %i %s token %i.", keyslot, assign ? "assigned to" : "unassigned from", token); jobj_token = LUKS2_get_token_jobj(hdr, token); if (!jobj_token) diff --git a/lib/luks2/luks2_token_keyring.c b/lib/luks2/luks2_token_keyring.c index 9572d3da..9ff5b3b2 100644 --- a/lib/luks2/luks2_token_keyring.c +++ b/lib/luks2/luks2_token_keyring.c @@ -44,10 +44,10 @@ static int keyring_open(struct crypt_device *cd, r = keyring_get_passphrase(json_object_get_string(jobj_key), buffer, buffer_len); if (r == -ENOTSUP) { - log_dbg("Kernel keyring features disabled."); + log_dbg(cd, "Kernel keyring features disabled."); return -EINVAL; } else if (r < 0) { - log_dbg("keyring_get_passphrase failed (error %d)", r); + log_dbg(cd, "keyring_get_passphrase failed (error %d)", r); return -EINVAL; } @@ -61,26 +61,26 @@ static int keyring_validate(struct crypt_device *cd __attribute__((unused)), json_object *jobj_token, *jobj_key; int r = 1; - log_dbg("Validating keyring token json"); + log_dbg(cd, "Validating keyring token json"); jobj_token = json_tokener_parse_verbose(json, &jerr); if (!jobj_token) { - log_dbg("Keyring token JSON parse failed."); + log_dbg(cd, "Keyring token JSON parse failed."); return r; } if (json_object_object_length(jobj_token) != 3) { - log_dbg("Keyring token is expected to have exactly 3 fields."); + log_dbg(cd, "Keyring token is expected to have exactly 3 fields."); goto out; } if (!json_object_object_get_ex(jobj_token, "key_description", &jobj_key)) { - log_dbg("missing key_description field."); + log_dbg(cd, "missing key_description field."); goto out; } if (!json_object_is_type(jobj_key, json_type_string)) { - log_dbg("key_description is not a string."); + log_dbg(cd, "key_description is not a string."); goto out; } diff --git a/lib/setup.c b/lib/setup.c index 5321a30d..f504cf94 100644 --- a/lib/setup.c +++ b/lib/setup.c @@ -211,10 +211,10 @@ int init_crypto(struct crypt_device *ctx) log_err(ctx, _("Cannot initialize crypto backend.")); if (!r && !_crypto_logged) { - log_dbg("Crypto backend (%s) initialized in cryptsetup library version %s.", + log_dbg(ctx, "Crypto backend (%s) initialized in cryptsetup library version %s.", crypt_backend_version(), PACKAGE_VERSION); if (!uname(&uts)) - log_dbg("Detected kernel %s %s %s.", + log_dbg(ctx, "Detected kernel %s %s %s.", uts.sysname, uts.release, uts.machine); _crypto_logged = 1; } @@ -403,7 +403,7 @@ static int keyslot_verify_or_find_empty(struct crypt_device *cd, int *keyslot) return -EINVAL; } - log_dbg("Selected keyslot %d.", *keyslot); + log_dbg(cd, "Selected keyslot %d.", *keyslot); return 0; } @@ -450,7 +450,7 @@ static int crypt_uuid_type_cmp(struct crypt_device *cd, const char *type) if (cd->type || !cd->u.none.active_name) return -EINVAL; - log_dbg("Checking if active device %s without header has UUID type %s.", + log_dbg(cd, "Checking if active device %s without header has UUID type %s.", cd->u.none.active_name, type); r = dm_query_device(cd, cd->u.none.active_name, DM_ACTIVE_UUID, &dmd); @@ -508,7 +508,7 @@ int PLAIN_activate(struct crypt_device *cd, return -ENOMEM; dmd.u.crypt.cipher = dm_cipher; - log_dbg("Trying to activate PLAIN device %s using cipher %s.", + log_dbg(cd, "Trying to activate PLAIN device %s using cipher %s.", name, dmd.u.crypt.cipher); r = dm_create_device(cd, name, CRYPT_PLAIN, &dmd, 0); @@ -560,7 +560,7 @@ int crypt_init(struct crypt_device **cd, const char *device) if (!cd) return -EINVAL; - log_dbg("Allocating context for crypt device %s.", device ?: "(none)"); + log_dbg(NULL, "Allocating context for crypt device %s.", device ?: "(none)"); if (!(h = malloc(sizeof(struct crypt_device)))) return -ENOMEM; @@ -612,7 +612,7 @@ int crypt_set_data_device(struct crypt_device *cd, const char *device) if (!cd) return -EINVAL; - log_dbg("Setting ciphertext data device to %s.", device ?: "(none)"); + log_dbg(cd, "Setting ciphertext data device to %s.", device ?: "(none)"); if (!isLUKS1(cd->type) && !isLUKS2(cd->type) && !isVERITY(cd->type)) { log_err(cd, _("This operation is not supported for this device type.")); @@ -652,7 +652,7 @@ static int _crypt_load_luks2(struct crypt_device *cd, int reload, int repair) char *type = NULL; struct luks2_hdr hdr2 = {}; - log_dbg("%soading LUKS2 header (repair %sabled).", reload ? "Rel" : "L", repair ? "en" : "dis"); + log_dbg(cd, "%soading LUKS2 header (repair %sabled).", reload ? "Rel" : "L", repair ? "en" : "dis"); r = LUKS2_hdr_read(cd, &hdr2, repair); if (r) @@ -670,7 +670,7 @@ static int _crypt_load_luks2(struct crypt_device *cd, int reload, int repair) } if (reload) - LUKS2_hdr_free(&cd->u.luks2.hdr); + LUKS2_hdr_free(cd, &cd->u.luks2.hdr); else cd->type = type; @@ -680,7 +680,7 @@ static int _crypt_load_luks2(struct crypt_device *cd, int reload, int repair) out: if (r) { free(type); - LUKS2_hdr_free(&hdr2); + LUKS2_hdr_free(cd, &hdr2); } /* FIXME: why? */ crypt_memzero(&hdr2, sizeof(hdr2)); @@ -712,7 +712,7 @@ static int _crypt_load_luks(struct crypt_device *cd, const char *requested_type, if (isLUKS1(requested_type) || version == 1) { if (cd->type && isLUKS2(cd->type)) { - log_dbg("Context is already initialised to type %s", cd->type); + log_dbg(cd, "Context is already initialised to type %s", cd->type); return -EINVAL; } @@ -744,7 +744,7 @@ static int _crypt_load_luks(struct crypt_device *cd, const char *requested_type, memcpy(&cd->u.luks1.hdr, &hdr, sizeof(hdr)); } else if (isLUKS2(requested_type) || version == 2 || version == 0) { if (cd->type && isLUKS1(cd->type)) { - log_dbg("Context is already initialised to type %s", cd->type); + log_dbg(cd, "Context is already initialised to type %s", cd->type); return -EINVAL; } @@ -910,7 +910,7 @@ int crypt_load(struct crypt_device *cd, if (!cd) return -EINVAL; - log_dbg("Trying to load %s crypt type from device %s.", + log_dbg(cd, "Trying to load %s crypt type from device %s.", requested_type ?: "any", mdata_device_path(cd) ?: "(none)"); if (!crypt_metadata_device(cd)) @@ -920,26 +920,26 @@ int crypt_load(struct crypt_device *cd, if (!requested_type || isLUKS1(requested_type) || isLUKS2(requested_type)) { if (cd->type && !isLUKS1(cd->type) && !isLUKS2(cd->type)) { - log_dbg("Context is already initialised to type %s", cd->type); + log_dbg(cd, "Context is already initialised to type %s", cd->type); return -EINVAL; } r = _crypt_load_luks(cd, requested_type, 1, 0); } else if (isVERITY(requested_type)) { if (cd->type && !isVERITY(cd->type)) { - log_dbg("Context is already initialised to type %s", cd->type); + log_dbg(cd, "Context is already initialised to type %s", cd->type); return -EINVAL; } r = _crypt_load_verity(cd, params); } else if (isTCRYPT(requested_type)) { if (cd->type && !isTCRYPT(cd->type)) { - log_dbg("Context is already initialised to type %s", cd->type); + log_dbg(cd, "Context is already initialised to type %s", cd->type); return -EINVAL; } r = _crypt_load_tcrypt(cd, params); } else if (isINTEGRITY(requested_type)) { if (cd->type && !isINTEGRITY(cd->type)) { - log_dbg("Context is already initialised to type %s", cd->type); + log_dbg(cd, "Context is already initialised to type %s", cd->type); return -EINVAL; } r = _crypt_load_integrity(cd, params); @@ -996,7 +996,7 @@ static void crypt_free_type(struct crypt_device *cd) free(cd->u.plain.cipher); free(cd->u.plain.cipher_mode); } else if (isLUKS2(cd->type)) { - LUKS2_hdr_free(&cd->u.luks2.hdr); + LUKS2_hdr_free(cd, &cd->u.luks2.hdr); } else if (isLOOPAES(cd->type)) { free(CONST_CAST(void*)cd->u.loopaes.hdr.hash); free(cd->u.loopaes.cipher); @@ -1041,7 +1041,7 @@ static int _init_by_name_crypt(struct crypt_device *cd, const char *name) r = crypt_parse_name_and_mode(dmd.u.crypt.cipher, cipher, &key_nums, cipher_mode); if (r < 0) { - log_dbg("Cannot parse cipher and mode from active device."); + log_dbg(cd, "Cannot parse cipher and mode from active device."); goto out; } @@ -1076,7 +1076,7 @@ static int _init_by_name_crypt(struct crypt_device *cd, const char *name) if (crypt_metadata_device(cd)) { r = _crypt_load_luks(cd, cd->type, 0, 0); if (r < 0) { - log_dbg("LUKS device header does not match active device."); + log_dbg(cd, "LUKS device header does not match active device."); crypt_set_null_type(cd); r = 0; goto out; @@ -1084,14 +1084,14 @@ static int _init_by_name_crypt(struct crypt_device *cd, const char *name) /* check whether UUIDs match each other */ r = crypt_uuid_cmp(dmd.uuid, LUKS_UUID(cd)); if (r < 0) { - log_dbg("LUKS device header uuid: %s mismatches DM returned uuid %s", + log_dbg(cd, "LUKS device header uuid: %s mismatches DM returned uuid %s", LUKS_UUID(cd), dmd.uuid); crypt_free_type(cd); r = 0; goto out; } } else { - log_dbg("LUKS device header not available."); + log_dbg(cd, "LUKS device header not available."); crypt_set_null_type(cd); r = 0; } @@ -1219,7 +1219,7 @@ int crypt_init_by_name_and_header(struct crypt_device **cd, if (!cd || !name) return -EINVAL; - log_dbg("Allocating crypt device context by device %s.", name); + log_dbg(NULL, "Allocating crypt device context by device %s.", name); ci = crypt_status(NULL, name); if (ci == CRYPT_INVALID) @@ -1273,9 +1273,9 @@ int crypt_init_by_name_and_header(struct crypt_device **cd, else if (!strncmp(CRYPT_INTEGRITY, dmd.uuid, sizeof(CRYPT_INTEGRITY)-1)) (*cd)->type = strdup(CRYPT_INTEGRITY); else - log_dbg("Unknown UUID set, some parameters are not set."); + log_dbg(NULL, "Unknown UUID set, some parameters are not set."); } else - log_dbg("Active device has no UUID set, some parameters are not set."); + log_dbg(NULL, "Active device has no UUID set, some parameters are not set."); if (header_device) { r = crypt_set_data_device(*cd, device_path(dmd.data_device)); @@ -1657,7 +1657,7 @@ static int _crypt_format_luks2(struct crypt_device *cd, out: if (r) - LUKS2_hdr_free(&cd->u.luks2.hdr); + LUKS2_hdr_free(cd, &cd->u.luks2.hdr); return r; } @@ -1963,11 +1963,11 @@ int crypt_format(struct crypt_device *cd, return -EINVAL; if (cd->type) { - log_dbg("Context already formatted as %s.", cd->type); + log_dbg(cd, "Context already formatted as %s.", cd->type); return -EINVAL; } - log_dbg("Formatting device %s as type %s.", mdata_device_path(cd) ?: "(none)", type); + log_dbg(cd, "Formatting device %s as type %s.", mdata_device_path(cd) ?: "(none)", type); crypt_reset_null_type(cd); @@ -2013,7 +2013,7 @@ int crypt_repair(struct crypt_device *cd, if (!cd) return -EINVAL; - log_dbg("Trying to repair %s crypt type from device %s.", + log_dbg(cd, "Trying to repair %s crypt type from device %s.", requested_type ?: "any", mdata_device_path(cd) ?: "(none)"); if (!crypt_metadata_device(cd)) @@ -2053,7 +2053,7 @@ int crypt_resize(struct crypt_device *cd, const char *name, uint64_t new_size) if (!cd || !cd->type || !name) return -EINVAL; - log_dbg("Resizing device %s to %" PRIu64 " sectors.", name, new_size); + log_dbg(cd, "Resizing device %s to %" PRIu64 " sectors.", name, new_size); r = dm_query_device(cd, name, DM_ACTIVE_DEVICE | DM_ACTIVE_CRYPT_CIPHER | DM_ACTIVE_UUID | DM_ACTIVE_CRYPT_KEYSIZE | @@ -2087,7 +2087,7 @@ int crypt_resize(struct crypt_device *cd, const char *name, uint64_t new_size) } if (crypt_loop_device(crypt_get_device_name(cd))) { - log_dbg("Trying to resize underlying loop device %s.", + log_dbg(cd, "Trying to resize underlying loop device %s.", crypt_get_device_name(cd)); /* Here we always use default size not new_size */ if (crypt_loop_resize(crypt_get_device_name(cd))) @@ -2107,7 +2107,7 @@ int crypt_resize(struct crypt_device *cd, const char *name, uint64_t new_size) } if (new_size == dmd.size) { - log_dbg("Device has already requested size %" PRIu64 + log_dbg(cd, "Device has already requested size %" PRIu64 " sectors.", dmd.size); r = 0; } else { @@ -2136,7 +2136,7 @@ int crypt_set_uuid(struct crypt_device *cd, const char *uuid) const char *active_uuid; int r; - log_dbg("%s device uuid.", uuid ? "Setting new" : "Refreshing"); + log_dbg(cd, "%s device uuid.", uuid ? "Setting new" : "Refreshing"); if ((r = onlyLUKS(cd))) return r; @@ -2144,15 +2144,15 @@ int crypt_set_uuid(struct crypt_device *cd, const char *uuid) active_uuid = crypt_get_uuid(cd); if (uuid && active_uuid && !strncmp(uuid, active_uuid, UUID_STRING_L)) { - log_dbg("UUID is the same as requested (%s) for device %s.", + log_dbg(cd, "UUID is the same as requested (%s) for device %s.", uuid, mdata_device_path(cd)); return 0; } if (uuid) - log_dbg("Requested new UUID change to %s for %s.", uuid, mdata_device_path(cd)); + log_dbg(cd, "Requested new UUID change to %s for %s.", uuid, mdata_device_path(cd)); else - log_dbg("Requested new UUID refresh for %s.", mdata_device_path(cd)); + log_dbg(cd, "Requested new UUID refresh for %s.", mdata_device_path(cd)); if (!crypt_confirm(cd, _("Do you really want to change UUID of device?"))) return -EPERM; @@ -2167,7 +2167,7 @@ int crypt_set_label(struct crypt_device *cd, const char *label, const char *subs { int r; - log_dbg("Setting new labels."); + log_dbg(cd, "Setting new labels."); if ((r = onlyLUKS2(cd))) return r; @@ -2192,7 +2192,7 @@ int crypt_header_backup(struct crypt_device *cd, if (r < 0) return r; - log_dbg("Requested header backup of device %s (%s) to " + log_dbg(cd, "Requested header backup of device %s (%s) to " "file %s.", mdata_device_path(cd), requested_type ?: "any type", backup_file); if (isLUKS1(cd->type) && (!requested_type || isLUKS1(requested_type))) @@ -2223,7 +2223,7 @@ int crypt_header_restore(struct crypt_device *cd, if (r < 0) return r; - log_dbg("Requested header restore to device %s (%s) from " + log_dbg(cd, "Requested header restore to device %s (%s) from " "file %s.", mdata_device_path(cd), requested_type ?: "any type", backup_file); version = LUKS2_hdr_version_unlocked(cd, backup_file); @@ -2264,7 +2264,7 @@ void crypt_free(struct crypt_device *cd) if (!cd) return; - log_dbg("Releasing crypt device %s context.", mdata_device_path(cd)); + log_dbg(cd, "Releasing crypt device %s context.", mdata_device_path(cd)); dm_backend_exit(); crypt_free_volume_key(cd->volume_key); @@ -2313,7 +2313,7 @@ int crypt_suspend(struct crypt_device *cd, if (!cd || !name) return -EINVAL; - log_dbg("Suspending volume %s.", name); + log_dbg(cd, "Suspending volume %s.", name); if (cd->type) r = onlyLUKS(cd); @@ -2380,7 +2380,7 @@ int crypt_resume_by_passphrase(struct crypt_device *cd, if (!passphrase || !name) return -EINVAL; - log_dbg("Resuming volume %s.", name); + log_dbg(cd, "Resuming volume %s.", name); if ((r = onlyLUKS(cd))) return r; @@ -2447,7 +2447,7 @@ int crypt_resume_by_keyfile_device_offset(struct crypt_device *cd, if (!name || !keyfile) return -EINVAL; - log_dbg("Resuming volume %s.", name); + log_dbg(cd, "Resuming volume %s.", name); if ((r = onlyLUKS(cd))) return r; @@ -2533,7 +2533,7 @@ int crypt_keyslot_add_by_passphrase(struct crypt_device *cd, struct luks2_keyslot_params params; struct volume_key *vk = NULL; - log_dbg("Adding new keyslot, existing passphrase %sprovided," + log_dbg(cd, "Adding new keyslot, existing passphrase %sprovided," "new passphrase %sprovided.", passphrase ? "" : "not ", new_passphrase ? "" : "not "); @@ -2622,7 +2622,7 @@ int crypt_keyslot_change_by_passphrase(struct crypt_device *cd, if (!passphrase || !new_passphrase) return -EINVAL; - log_dbg("Changing passphrase from old keyslot %d to new %d.", + log_dbg(cd, "Changing passphrase from old keyslot %d to new %d.", keyslot_old, keyslot_new); if ((r = onlyLUKS(cd))) @@ -2645,7 +2645,7 @@ int crypt_keyslot_change_by_passphrase(struct crypt_device *cd, goto out; if (keyslot_old != CRYPT_ANY_SLOT && keyslot_old != r) { - log_dbg("Keyslot mismatch."); + log_dbg(cd, "Keyslot mismatch."); goto out; } keyslot_old = r; @@ -2658,11 +2658,11 @@ int crypt_keyslot_change_by_passphrase(struct crypt_device *cd, if (keyslot_new < 0) keyslot_new = keyslot_old; } - log_dbg("Key change, old slot %d, new slot %d.", keyslot_old, keyslot_new); + log_dbg(cd, "Key change, old slot %d, new slot %d.", keyslot_old, keyslot_new); if (isLUKS1(cd->type)) { if (keyslot_old == keyslot_new) { - log_dbg("Key slot %d is going to be overwritten.", keyslot_old); + log_dbg(cd, "Key slot %d is going to be overwritten.", keyslot_old); (void)crypt_keyslot_destroy(cd, keyslot_old); } r = LUKS_set_key(keyslot_new, new_passphrase, new_passphrase_size, @@ -2676,7 +2676,7 @@ int crypt_keyslot_change_by_passphrase(struct crypt_device *cd, if (r < 0) goto out; } else { - log_dbg("Key slot %d is going to be overwritten.", keyslot_old); + log_dbg(cd, "Key slot %d is going to be overwritten.", keyslot_old); /* FIXME: improve return code so that we can detect area is damaged */ r = LUKS2_keyslot_wipe(cd, &cd->u.luks2.hdr, keyslot_old, 1); if (r) { @@ -2724,7 +2724,7 @@ int crypt_keyslot_add_by_keyfile_device_offset(struct crypt_device *cd, if (!keyfile || !new_keyfile) return -EINVAL; - log_dbg("Adding new keyslot, existing keyfile %s, new keyfile %s.", + log_dbg(cd, "Adding new keyslot, existing keyfile %s, new keyfile %s.", keyfile, new_keyfile); if ((r = onlyLUKS(cd))) @@ -2837,7 +2837,7 @@ int crypt_keyslot_add_by_volume_key(struct crypt_device *cd, if (!passphrase) return -EINVAL; - log_dbg("Adding new keyslot %d using volume key.", keyslot); + log_dbg(cd, "Adding new keyslot %d using volume key.", keyslot); if ((r = onlyLUKS(cd))) return r; @@ -2875,7 +2875,7 @@ int crypt_keyslot_destroy(struct crypt_device *cd, int keyslot) crypt_keyslot_info ki; int r; - log_dbg("Destroying keyslot %d.", keyslot); + log_dbg(cd, "Destroying keyslot %d.", keyslot); if ((r = _onlyLUKS(cd, CRYPT_CD_UNRESTRICTED))) return r; @@ -3044,7 +3044,7 @@ int crypt_activate_by_passphrase(struct crypt_device *cd, if (!cd || !passphrase) return -EINVAL; - log_dbg("%s volume %s [keyslot %d] using passphrase.", + log_dbg(cd, "%s volume %s [keyslot %d] using passphrase.", name ? "Activating" : "Checking", name ?: "passphrase", keyslot); @@ -3071,7 +3071,7 @@ int crypt_activate_by_keyfile_device_offset(struct crypt_device *cd, ((flags & CRYPT_ACTIVATE_KEYRING_KEY) && !crypt_use_keyring_for_vk(cd))) return -EINVAL; - log_dbg("%s volume %s [keyslot %d] using keyfile %s.", + log_dbg(cd, "%s volume %s [keyslot %d] using keyfile %s.", name ? "Activating" : "Checking", name ?: "passphrase", keyslot, keyfile); r = _activate_check_status(cd, name); @@ -3130,7 +3130,7 @@ int crypt_activate_by_volume_key(struct crypt_device *cd, ((flags & CRYPT_ACTIVATE_KEYRING_KEY) && !crypt_use_keyring_for_vk(cd))) return -EINVAL; - log_dbg("%s volume %s by volume key.", name ? "Activating" : "Checking", + log_dbg(cd, "%s volume %s by volume key.", name ? "Activating" : "Checking", name ?: ""); r = _activate_check_status(cd, name); @@ -3270,7 +3270,7 @@ int crypt_deactivate_by_name(struct crypt_device *cd, const char *name, uint32_t if (!name) return -EINVAL; - log_dbg("Deactivating volume %s.", name); + log_dbg(cd, "Deactivating volume %s.", name); if (!cd) { r = crypt_init_by_name(&fake_cd, name); @@ -3307,7 +3307,7 @@ int crypt_deactivate_by_name(struct crypt_device *cd, const char *name, uint32_t log_err(cd, _("Device %s is still in use."), name); r = -EBUSY; } else if (namei) { - log_dbg("Deactivating integrity device %s.", namei); + log_dbg(cd, "Deactivating integrity device %s.", namei); r = dm_remove_device(cd, namei, 0); } if (!r) @@ -3496,7 +3496,7 @@ void crypt_set_rng_type(struct crypt_device *cd, int rng_type) switch (rng_type) { case CRYPT_RNG_URANDOM: case CRYPT_RNG_RANDOM: - log_dbg("RNG set to %d (%s).", rng_type, rng_type ? "random" : "urandom"); + log_dbg(cd, "RNG set to %d (%s).", rng_type, rng_type ? "random" : "urandom"); cd->rng_type = rng_type; } } @@ -3931,7 +3931,7 @@ int crypt_keyslot_set_priority(struct crypt_device *cd, int keyslot, crypt_keysl { int r; - log_dbg("Setting keyslot %d to priority %d.", keyslot, priority); + log_dbg(cd, "Setting keyslot %d to priority %d.", keyslot, priority); if (priority == CRYPT_SLOT_PRIORITY_INVALID) return -EINVAL; @@ -4035,7 +4035,7 @@ int crypt_convert(struct crypt_device *cd, if (!type) return -EINVAL; - log_dbg("Converting LUKS device to type %s", type); + log_dbg(cd, "Converting LUKS device to type %s", type); if ((r = onlyLUKS(cd))) return r; @@ -4096,7 +4096,7 @@ int crypt_activate_by_token(struct crypt_device *cd, { int r; - log_dbg("%s volume %s using token %d.", + log_dbg(cd, "%s volume %s using token %d.", name ? "Activating" : "Checking", name ?: "passphrase", token); if ((r = _onlyLUKS2(cd, CRYPT_CD_QUIET | CRYPT_CD_UNRESTRICTED))) @@ -4121,7 +4121,7 @@ int crypt_token_json_get(struct crypt_device *cd, int token, const char **json) if (!json) return -EINVAL; - log_dbg("Requesting JSON for token %d.", token); + log_dbg(cd, "Requesting JSON for token %d.", token); if ((r = _onlyLUKS2(cd, CRYPT_CD_UNRESTRICTED))) return r; @@ -4133,7 +4133,7 @@ int crypt_token_json_set(struct crypt_device *cd, int token, const char *json) { int r; - log_dbg("Updating JSON for token %d.", token); + log_dbg(cd, "Updating JSON for token %d.", token); if ((r = onlyLUKS2(cd))) return r; @@ -4160,7 +4160,7 @@ int crypt_token_luks2_keyring_get(struct crypt_device *cd, if (!params) return -EINVAL; - log_dbg("Requesting LUKS2 keyring token %d.", token); + log_dbg(cd, "Requesting LUKS2 keyring token %d.", token); if ((r = _onlyLUKS2(cd, CRYPT_CD_UNRESTRICTED))) return r; @@ -4168,10 +4168,10 @@ int crypt_token_luks2_keyring_get(struct crypt_device *cd, token_info = LUKS2_token_status(cd, &cd->u.luks2.hdr, token, &type); switch (token_info) { case CRYPT_TOKEN_INVALID: - log_dbg("Token %d is invalid.", token); + log_dbg(cd, "Token %d is invalid.", token); return -EINVAL; case CRYPT_TOKEN_INACTIVE: - log_dbg("Token %d is inactive.", token); + log_dbg(cd, "Token %d is inactive.", token); return -EINVAL; case CRYPT_TOKEN_INTERNAL: if (!strcmp(type, LUKS2_TOKEN_KEYRING)) @@ -4180,7 +4180,7 @@ int crypt_token_luks2_keyring_get(struct crypt_device *cd, case CRYPT_TOKEN_INTERNAL_UNKNOWN: case CRYPT_TOKEN_EXTERNAL: case CRYPT_TOKEN_EXTERNAL_UNKNOWN: - log_dbg("Token %d has unexpected type %s.", token, type); + log_dbg(cd, "Token %d has unexpected type %s.", token, type); return -EINVAL; } @@ -4196,7 +4196,7 @@ int crypt_token_luks2_keyring_set(struct crypt_device *cd, if (!params) return -EINVAL; - log_dbg("Creating new LUKS2 keyring token (%d).", token); + log_dbg(cd, "Creating new LUKS2 keyring token (%d).", token); if ((r = onlyLUKS2(cd))) return r; @@ -4357,7 +4357,7 @@ int crypt_keyslot_add_by_key(struct crypt_device *cd, (flags & CRYPT_VOLUME_KEY_SET))) return -EINVAL; - log_dbg("Adding new keyslot %d with volume key %sassigned to a crypt segment.", + log_dbg(cd, "Adding new keyslot %d with volume key %sassigned to a crypt segment.", keyslot, flags & CRYPT_VOLUME_KEY_NO_SEGMENT ? "un" : ""); if ((r = onlyLUKS2(cd))) @@ -4484,15 +4484,15 @@ int crypt_volume_key_load_in_keyring(struct crypt_device *cd, struct volume_key return -EINVAL; if (!vk->key_description) { - log_dbg("Invalid key description"); + log_dbg(cd, "Invalid key description"); return -EINVAL; } - log_dbg("Loading key (%zu bytes) in thread keyring.", vk->keylength); + log_dbg(cd, "Loading key (%zu bytes) in thread keyring.", vk->keylength); r = keyring_add_key_in_thread_keyring(vk->key_description, vk->key, vk->keylength); if (r) { - log_dbg("keyring_add_key_in_thread_keyring failed (error %d)", r); + log_dbg(cd, "keyring_add_key_in_thread_keyring failed (error %d)", r); log_err(cd, _("Failed to load key in kernel keyring.")); } else crypt_set_key_in_keyring(cd, 1); @@ -4523,11 +4523,11 @@ void crypt_drop_keyring_key(struct crypt_device *cd, const char *key_description if (!key_description) return; - log_dbg("Requesting keyring key for revoke and unlink."); + log_dbg(cd, "Requesting keyring key for revoke and unlink."); r = keyring_revoke_and_unlink_key(key_description); if (r) - log_dbg("keyring_revoke_and_unlink failed (error %d)", r); + log_dbg(cd, "keyring_revoke_and_unlink failed (error %d)", r); crypt_set_key_in_keyring(cd, 0); } @@ -4544,7 +4544,7 @@ int crypt_activate_by_keyring(struct crypt_device *cd, if (!cd || !key_description) return -EINVAL; - log_dbg("%s volume %s [keyslot %d] using passphrase in keyring.", + log_dbg(cd, "%s volume %s [keyslot %d] using passphrase in keyring.", name ? "Activating" : "Checking", name ?: "passphrase", keyslot); if (!kernel_keyring_support()) { diff --git a/lib/tcrypt/tcrypt.c b/lib/tcrypt/tcrypt.c index bd6ae950..7c254b2b 100644 --- a/lib/tcrypt/tcrypt.c +++ b/lib/tcrypt/tcrypt.c @@ -202,7 +202,8 @@ static struct tcrypt_algs tcrypt_cipher[] = { {} }; -static int TCRYPT_hdr_from_disk(struct tcrypt_phdr *hdr, +static int TCRYPT_hdr_from_disk(struct crypt_device *cd, + struct tcrypt_phdr *hdr, struct crypt_params_tcrypt *params, int kdf_index, int cipher_index) { @@ -214,14 +215,14 @@ static int TCRYPT_hdr_from_disk(struct tcrypt_phdr *hdr, crc32 = crypt_crc32(~0, (unsigned char*)&hdr->d, size) ^ ~0; if (be16_to_cpu(hdr->d.version) > 3 && crc32 != be32_to_cpu(hdr->d.header_crc32)) { - log_dbg("TCRYPT header CRC32 mismatch."); + log_dbg(cd, "TCRYPT header CRC32 mismatch."); return -EINVAL; } /* Check CRC32 of keys */ crc32 = crypt_crc32(~0, (unsigned char*)hdr->d.keys, sizeof(hdr->d.keys)) ^ ~0; if (crc32 != be32_to_cpu(hdr->d.keys_crc32)) { - log_dbg("TCRYPT keys CRC32 mismatch."); + log_dbg(cd, "TCRYPT keys CRC32 mismatch."); return -EINVAL; } @@ -433,7 +434,7 @@ static int TCRYPT_decrypt_hdr(struct crypt_device *cd, struct tcrypt_phdr *hdr, for (i = 0; tcrypt_cipher[i].chain_count; i++) { if (!(flags & CRYPT_TCRYPT_LEGACY_MODES) && tcrypt_cipher[i].legacy) continue; - log_dbg("TCRYPT: trying cipher %s-%s", + log_dbg(cd, "TCRYPT: trying cipher %s-%s", tcrypt_cipher[i].long_name, tcrypt_cipher[i].mode); memcpy(&hdr2.e, &hdr->e, TCRYPT_HDR_LEN); @@ -450,7 +451,7 @@ static int TCRYPT_decrypt_hdr(struct crypt_device *cd, struct tcrypt_phdr *hdr, } if (r < 0) { - log_dbg("TCRYPT: returned error %d, skipped.", r); + log_dbg(cd, "TCRYPT: returned error %d, skipped.", r); if (r == -ENOTSUP) break; r = -ENOENT; @@ -458,14 +459,14 @@ static int TCRYPT_decrypt_hdr(struct crypt_device *cd, struct tcrypt_phdr *hdr, } if (!strncmp(hdr2.d.magic, TCRYPT_HDR_MAGIC, TCRYPT_HDR_MAGIC_LEN)) { - log_dbg("TCRYPT: Signature magic detected."); + log_dbg(cd, "TCRYPT: Signature magic detected."); memcpy(&hdr->e, &hdr2.e, TCRYPT_HDR_LEN); r = i; break; } if ((flags & CRYPT_TCRYPT_VERA_MODES) && !strncmp(hdr2.d.magic, VCRYPT_HDR_MAGIC, TCRYPT_HDR_MAGIC_LEN)) { - log_dbg("TCRYPT: Signature magic detected (Veracrypt)."); + log_dbg(cd, "TCRYPT: Signature magic detected (Veracrypt)."); memcpy(&hdr->e, &hdr2.e, TCRYPT_HDR_LEN); r = i; break; @@ -485,7 +486,7 @@ static int TCRYPT_pool_keyfile(struct crypt_device *cd, int i, j, fd, data_size, r = -EIO; uint32_t crc; - log_dbg("TCRYPT: using keyfile %s.", keyfile); + log_dbg(cd, "TCRYPT: using keyfile %s.", keyfile); data = malloc(TCRYPT_KEYFILE_LEN); if (!data) @@ -573,7 +574,7 @@ static int TCRYPT_init_hdr(struct crypt_device *cd, iterations = tcrypt_kdf[i].iterations; /* Derive header key */ - log_dbg("TCRYPT: trying KDF: %s-%s-%d%s.", + log_dbg(cd, "TCRYPT: trying KDF: %s-%s-%d%s.", tcrypt_kdf[i].name, tcrypt_kdf[i].hash, tcrypt_kdf[i].iterations, params->veracrypt_pim && tcrypt_kdf[i].veracrypt ? "-PIM" : ""); r = crypt_pbkdf(tcrypt_kdf[i].name, tcrypt_kdf[i].hash, @@ -608,15 +609,15 @@ static int TCRYPT_init_hdr(struct crypt_device *cd, if (r < 0) goto out; - r = TCRYPT_hdr_from_disk(hdr, params, i, r); + r = TCRYPT_hdr_from_disk(cd, hdr, params, i, r); if (!r) { - log_dbg("TCRYPT: Magic: %s, Header version: %d, req. %d, sector %d" + log_dbg(cd, "TCRYPT: Magic: %s, Header version: %d, req. %d, sector %d" ", mk_offset %" PRIu64 ", hidden_size %" PRIu64 ", volume size %" PRIu64, tcrypt_kdf[i].veracrypt ? VCRYPT_HDR_MAGIC : TCRYPT_HDR_MAGIC, (int)hdr->d.version, (int)hdr->d.version_tc, (int)hdr->d.sector_size, hdr->d.mk_offset, hdr->d.hidden_volume_size, hdr->d.volume_size); - log_dbg("TCRYPT: Header cipher %s-%s, key size %zu", + log_dbg(cd, "TCRYPT: Header cipher %s-%s, key size %zu", params->cipher, params->mode, params->key_size); } out: @@ -638,14 +639,14 @@ int TCRYPT_read_phdr(struct crypt_device *cd, assert(sizeof(struct tcrypt_phdr) == 512); - log_dbg("Reading TCRYPT header of size %zu bytes from device %s.", + log_dbg(cd, "Reading TCRYPT header of size %zu bytes from device %s.", hdr_size, device_path(device)); if (params->flags & CRYPT_TCRYPT_SYSTEM_HEADER && crypt_dev_is_partition(device_path(device))) { base_device_path = crypt_get_base_device(device_path(device)); - log_dbg("Reading TCRYPT system header from device %s.", base_device_path ?: "?"); + log_dbg(cd, "Reading TCRYPT system header from device %s.", base_device_path ?: "?"); if (!base_device_path) return -EINVAL; @@ -743,7 +744,7 @@ int TCRYPT_activate(struct crypt_device *cd, }; if (!hdr->d.version) { - log_dbg("TCRYPT: this function is not supported without encrypted header load."); + log_dbg(cd, "TCRYPT: this function is not supported without encrypted header load."); return -ENOTSUP; } @@ -843,7 +844,7 @@ int TCRYPT_activate(struct crypt_device *cd, dmd.u.crypt.offset = 0; } - log_dbg("Trying to activate TCRYPT device %s using cipher %s.", + log_dbg(cd, "Trying to activate TCRYPT device %s using cipher %s.", dm_name, dmd.u.crypt.cipher); r = dm_create_device(cd, dm_name, CRYPT_TCRYPT, &dmd, 0); diff --git a/lib/utils.c b/lib/utils.c index 45976b14..0191c7b7 100644 --- a/lib/utils.c +++ b/lib/utils.c @@ -70,9 +70,9 @@ static int _memlock_count = 0; int crypt_memlock_inc(struct crypt_device *ctx) { if (!_memlock_count++) { - log_dbg("Locking memory."); + log_dbg(ctx, "Locking memory."); if (mlockall(MCL_CURRENT | MCL_FUTURE) == -1) { - log_dbg("Cannot lock memory with mlockall."); + log_dbg(ctx, "Cannot lock memory with mlockall."); _memlock_count--; return 0; } @@ -81,7 +81,7 @@ int crypt_memlock_inc(struct crypt_device *ctx) log_err(ctx, _("Cannot get process priority.")); else if (setpriority(PRIO_PROCESS, 0, DEFAULT_PROCESS_PRIORITY)) - log_dbg("setpriority %d failed: %s", + log_dbg(ctx, "setpriority %d failed: %s", DEFAULT_PROCESS_PRIORITY, strerror(errno)); } return _memlock_count ? 1 : 0; @@ -90,11 +90,11 @@ int crypt_memlock_inc(struct crypt_device *ctx) int crypt_memlock_dec(struct crypt_device *ctx) { if (_memlock_count && (!--_memlock_count)) { - log_dbg("Unlocking memory."); + log_dbg(ctx, "Unlocking memory."); if (munlockall() == -1) log_err(ctx, _("Cannot unlock memory.")); if (setpriority(PRIO_PROCESS, 0, _priority)) - log_dbg("setpriority %d failed: %s", _priority, strerror(errno)); + log_dbg(ctx, "setpriority %d failed: %s", _priority, strerror(errno)); } return _memlock_count ? 1 : 0; } diff --git a/lib/utils_benchmark.c b/lib/utils_benchmark.c index 9ce790c2..20acd226 100644 --- a/lib/utils_benchmark.c +++ b/lib/utils_benchmark.c @@ -63,7 +63,8 @@ static int time_ms(struct timespec *start, struct timespec *end, double *ms) return 0; } -static int cipher_perf_one(struct cipher_perf *cp, char *buf, +static int cipher_perf_one(struct crypt_device *cd, + struct cipher_perf *cp, char *buf, size_t buf_size, int enc) { struct crypt_cipher *cipher = NULL; @@ -75,7 +76,7 @@ static int cipher_perf_one(struct cipher_perf *cp, char *buf, r = crypt_cipher_init(&cipher, cp->name, cp->mode, cp->key, cp->key_length); if (r < 0) { - log_dbg("Cannot initialise cipher %s, mode %s.", cp->name, cp->mode); + log_dbg(cd, "Cannot initialise cipher %s, mode %s.", cp->name, cp->mode); return r; } @@ -99,7 +100,8 @@ static int cipher_perf_one(struct cipher_perf *cp, char *buf, return r; } -static int cipher_measure(struct cipher_perf *cp, char *buf, +static int cipher_measure(struct crypt_device *cd, + struct cipher_perf *cp, char *buf, size_t buf_size, int encrypt, double *ms) { struct timespec start, end; @@ -112,7 +114,7 @@ static int cipher_measure(struct cipher_perf *cp, char *buf, if (clock_gettime(CLOCK_MONOTONIC, &start) < 0) return -EINVAL; - r = cipher_perf_one(cp, buf, buf_size, encrypt); + r = cipher_perf_one(cd, cp, buf, buf_size, encrypt); if (r < 0) return r; @@ -124,7 +126,7 @@ static int cipher_measure(struct cipher_perf *cp, char *buf, return r; if (*ms < CIPHER_TIME_MIN_MS) { - log_dbg("Measured cipher runtime (%1.6f) is too low.", *ms); + log_dbg(cd, "Measured cipher runtime (%1.6f) is too low.", *ms); return -ERANGE; } @@ -138,7 +140,7 @@ static double speed_mbs(unsigned long bytes, double ms) return speed / (1024 * 1024) / s; } -static int cipher_perf(struct cipher_perf *cp, +static int cipher_perf(struct crypt_device *cd, struct cipher_perf *cp, double *encryption_mbs, double *decryption_mbs) { double ms_enc, ms_dec, ms; @@ -151,7 +153,7 @@ static int cipher_perf(struct cipher_perf *cp, ms_enc = 0.0; repeat_enc = 1; while (ms_enc < 1000.0) { - r = cipher_measure(cp, buf, cp->buffer_size, 1, &ms); + r = cipher_measure(cd, cp, buf, cp->buffer_size, 1, &ms); if (r < 0) { free(buf); return r; @@ -163,7 +165,7 @@ static int cipher_perf(struct cipher_perf *cp, ms_dec = 0.0; repeat_dec = 1; while (ms_dec < 1000.0) { - r = cipher_measure(cp, buf, cp->buffer_size, 0, &ms); + r = cipher_measure(cd, cp, buf, cp->buffer_size, 0, &ms); if (r < 0) { free(buf); return r; @@ -224,7 +226,7 @@ int crypt_benchmark(struct crypt_device *cd, if ((c = strchr(cp.mode, '-'))) *c = '\0'; - r = cipher_perf(&cp, encryption_mbs, decryption_mbs); + r = cipher_perf(cd, &cp, encryption_mbs, decryption_mbs); out: free(cp.key); free(cp.iv); @@ -253,7 +255,7 @@ int crypt_benchmark_pbkdf(struct crypt_device *cd, kdf_opt = !strcmp(pbkdf->type, CRYPT_KDF_PBKDF2) ? pbkdf->hash : ""; - log_dbg("Running %s(%s) benchmark.", pbkdf->type, kdf_opt); + log_dbg(cd, "Running %s(%s) benchmark.", pbkdf->type, kdf_opt); r = crypt_pbkdf_perf(pbkdf->type, pbkdf->hash, password, password_size, salt, salt_size, volume_key_size, pbkdf->time_ms, @@ -261,7 +263,7 @@ int crypt_benchmark_pbkdf(struct crypt_device *cd, &pbkdf->iterations, &pbkdf->max_memory_kb, progress, usrptr); if (!r) - log_dbg("Benchmark returns %s(%s) %u iterations, %u memory, %u threads (for %zu-bits key).", + log_dbg(cd, "Benchmark returns %s(%s) %u iterations, %u memory, %u threads (for %zu-bits key).", pbkdf->type, kdf_opt, pbkdf->iterations, pbkdf->max_memory_kb, pbkdf->parallel_threads, volume_key_size * 8); return r; @@ -271,7 +273,7 @@ static int benchmark_callback(uint32_t time_ms, void *usrptr) { struct crypt_pbkdf_type *pbkdf = usrptr; - log_dbg("PBKDF benchmark: memory cost = %u, iterations = %u, " + log_dbg(NULL, "PBKDF benchmark: memory cost = %u, iterations = %u, " "threads = %u (took %u ms)", pbkdf->max_memory_kb, pbkdf->iterations, pbkdf->parallel_threads, time_ms); @@ -300,7 +302,7 @@ int crypt_benchmark_pbkdf_internal(struct crypt_device *cd, if (pbkdf->flags & CRYPT_PBKDF_NO_BENCHMARK) { if (pbkdf->iterations) { - log_dbg("Reusing PBKDF values (no benchmark flag is set)."); + log_dbg(cd, "Reusing PBKDF values (no benchmark flag is set)."); return 0; } log_err(cd, _("PBKDF benchmark disabled but iterations not set.")); @@ -334,7 +336,7 @@ int crypt_benchmark_pbkdf_internal(struct crypt_device *cd, } else { /* Already benchmarked */ if (pbkdf->iterations) { - log_dbg("Reusing PBKDF values."); + log_dbg(cd, "Reusing PBKDF values."); return 0; } diff --git a/lib/utils_device.c b/lib/utils_device.c index b442c07b..16039a6f 100644 --- a/lib/utils_device.c +++ b/lib/utils_device.c @@ -160,7 +160,7 @@ static int device_ready(struct device *device) size_t tmp_size; if (device->o_direct) { - log_dbg("Trying to open and read device %s with direct-io.", + log_dbg(NULL, "Trying to open and read device %s with direct-io.", device_path(device)); device->o_direct = 0; devfd = open(device_path(device), O_RDONLY | O_DIRECT); @@ -175,7 +175,7 @@ static int device_ready(struct device *device) } if (devfd < 0) { - log_dbg("Trying to open device %s without direct-io.", + log_dbg(NULL, "Trying to open device %s without direct-io.", device_path(device)); devfd = open(device_path(device), O_RDONLY); } @@ -214,10 +214,10 @@ static int _open_locked(struct device *device, int flags) { int fd; - log_dbg("Opening locked device %s", device_path(device)); + log_dbg(NULL, "Opening locked device %s", device_path(device)); if ((flags & O_ACCMODE) != O_RDONLY && device_locked_readonly(device->lh)) { - log_dbg("Can not open locked device %s in write mode. Read lock held.", device_path(device)); + log_dbg(NULL, "Can not open locked device %s in write mode. Read lock held.", device_path(device)); return -EAGAIN; } @@ -225,10 +225,10 @@ static int _open_locked(struct device *device, int flags) if (fd < 0) return -errno; - if (device_locked_verify(fd, device->lh)) { + if (device_locked_verify(NULL, fd, device->lh)) { /* fd doesn't correspond to a locked resource */ close(fd); - log_dbg("Failed to verify lock resource for device %s.", device_path(device)); + log_dbg(NULL, "Failed to verify lock resource for device %s.", device_path(device)); return -EINVAL; } @@ -242,7 +242,7 @@ static int _open_locked(struct device *device, int flags) void device_sync(struct device *device, int devfd) { if (fsync(devfd) == -1) - log_dbg("Cannot sync device %s.", device_path(device)); + log_dbg(NULL, "Cannot sync device %s.", device_path(device)); } /* @@ -267,7 +267,7 @@ static int device_open_internal(struct device *device, int flags) devfd = open(device_path(device), flags); if (devfd < 0) - log_dbg("Cannot open device %s%s.", + log_dbg(NULL, "Cannot open device %s%s.", device_path(device), (flags & O_ACCMODE) != O_RDONLY ? " for write" : ""); @@ -345,7 +345,7 @@ void device_free(struct device *device) return; if (device->loop_fd != -1) { - log_dbg("Closed loop %s (%s).", device->path, device->file_path); + log_dbg(NULL, "Closed loop %s (%s).", device->path, device->file_path); close(device->loop_fd); } @@ -421,7 +421,7 @@ void device_topology_alignment(struct device *device, /* minimum io size */ if (ioctl(fd, BLKIOMIN, &min_io_size) == -1) { - log_dbg("Topology info for %s not supported, using default offset %lu bytes.", + log_dbg(NULL, "Topology info for %s not supported, using default offset %lu bytes.", device->path, default_alignment); goto out; } @@ -446,7 +446,7 @@ void device_topology_alignment(struct device *device, if (temp_alignment && (default_alignment % temp_alignment)) *required_alignment = temp_alignment; - log_dbg("Topology: IO (%u/%u), offset = %lu; Required alignment is %lu bytes.", + log_dbg(NULL, "Topology: IO (%u/%u), offset = %lu; Required alignment is %lu bytes.", min_io_size, opt_io_size, *alignment_offset, *required_alignment); out: (void)close(fd); @@ -469,7 +469,7 @@ size_t device_block_size(struct device *device) } if (!device->block_size) - log_dbg("Cannot get block size for device %s.", device_path(device)); + log_dbg(NULL, "Cannot get block size for device %s.", device_path(device)); return device->block_size; } @@ -646,7 +646,7 @@ static int device_internal_prepare(struct crypt_device *cd, struct device *devic return -ENOTSUP; } - log_dbg("Allocating a free loop device."); + log_dbg(cd, "Allocating a free loop device."); /* Keep the loop open, dettached on last close. */ loop_fd = crypt_loop_attach(&loop_device, device->path, 0, 1, &readonly); @@ -713,7 +713,7 @@ int device_block_adjust(struct crypt_device *cd, /* in case of size is set by parameter */ if (size && ((real_size - device_offset) < *size)) { - log_dbg("Device %s: offset = %" PRIu64 " requested size = %" PRIu64 + log_dbg(cd, "Device %s: offset = %" PRIu64 " requested size = %" PRIu64 ", backing device size = %" PRIu64, device->path, device_offset, *size, real_size); log_err(cd, _("Device %s is too small."), device_path(device)); @@ -724,7 +724,7 @@ int device_block_adjust(struct crypt_device *cd, *flags |= CRYPT_ACTIVATE_READONLY; if (size) - log_dbg("Calculated device size is %" PRIu64" sectors (%s), offset %" PRIu64 ".", + log_dbg(cd, "Calculated device size is %" PRIu64" sectors (%s), offset %" PRIu64 ".", *size, real_readonly ? "RO" : "RW", device_offset); return 0; } @@ -798,7 +798,7 @@ int device_read_lock(struct crypt_device *cd, struct device *device) device->lh = device_read_lock_handle(cd, device_path(device)); if (device_locked(device->lh)) { - log_dbg("Device %s READ lock taken.", device_path(device)); + log_dbg(cd, "Device %s READ lock taken.", device_path(device)); return 0; } @@ -815,7 +815,7 @@ int device_write_lock(struct crypt_device *cd, struct device *device) device->lh = device_write_lock_handle(cd, device_path(device)); if (device_locked(device->lh)) { - log_dbg("Device %s WRITE lock taken.", device_path(device)); + log_dbg(cd, "Device %s WRITE lock taken.", device_path(device)); return 0; } @@ -829,9 +829,9 @@ void device_read_unlock(struct device *device) assert(device_locked(device->lh) && device_locked_readonly(device->lh)); - device_unlock_handle(device->lh); + device_unlock_handle(NULL, device->lh); - log_dbg("Device %s READ lock released.", device_path(device)); + log_dbg(NULL, "Device %s READ lock released.", device_path(device)); device->lh = NULL; } @@ -843,9 +843,9 @@ void device_write_unlock(struct device *device) assert(device_locked(device->lh) && !device_locked_readonly(device->lh)); - device_unlock_handle(device->lh); + device_unlock_handle(NULL, device->lh); - log_dbg("Device %s WRITE lock released.", device_path(device)); + log_dbg(NULL, "Device %s WRITE lock released.", device_path(device)); device->lh = NULL; } diff --git a/lib/utils_device_locking.c b/lib/utils_device_locking.c index f51cc810..7357b8fc 100644 --- a/lib/utils_device_locking.c +++ b/lib/utils_device_locking.c @@ -75,7 +75,7 @@ static int open_lock_dir(struct crypt_device *cd, const char *dir, const char *b dirfd = open(dir, O_RDONLY | O_DIRECTORY | O_CLOEXEC); if (dirfd < 0) { - log_dbg("Failed to open directory %s: (%d: %s).", dir, errno, strerror(errno)); + log_dbg(cd, "Failed to open directory %s: (%d: %s).", dir, errno, strerror(errno)); if (errno == ENOTDIR || errno == ENOENT) log_err(cd, _("Locking aborted. The locking path %s/%s is unusable (not a directory or missing)."), dir, base); return -EINVAL; @@ -88,11 +88,11 @@ static int open_lock_dir(struct crypt_device *cd, const char *dir, const char *b /* success or failure w/ errno == EEXIST either way just try to open the 'base' directory again */ if (mkdirat(dirfd, base, DEFAULT_LUKS2_LOCK_DIR_PERMS) && errno != EEXIST) - log_dbg("Failed to create directory %s in %s (%d: %s).", base, dir, errno, strerror(errno)); + log_dbg(cd, "Failed to create directory %s in %s (%d: %s).", base, dir, errno, strerror(errno)); else lockdfd = openat(dirfd, base, O_RDONLY | O_NOFOLLOW | O_DIRECTORY | O_CLOEXEC); } else { - log_dbg("Failed to open directory %s/%s: (%d: %s)", dir, base, errno, strerror(errno)); + log_dbg(cd, "Failed to open directory %s/%s: (%d: %s)", dir, base, errno, strerror(errno)); if (errno == ENOTDIR || errno == ELOOP) log_err(cd, _("Locking aborted. The locking path %s/%s is unusable (%s is not a directory)."), dir, base, base); } @@ -112,7 +112,7 @@ static int open_resource(struct crypt_device *cd, const char *res) if (lockdir_fd < 0) return -EINVAL; - log_dbg("Opening lock resource file %s/%s", DEFAULT_LUKS2_LOCK_PATH, res); + log_dbg(cd, "Opening lock resource file %s/%s", DEFAULT_LUKS2_LOCK_PATH, res); r = openat(lockdir_fd, res, O_CREAT | O_NOFOLLOW | O_RDWR | O_CLOEXEC, 0777); err = errno; @@ -169,7 +169,7 @@ static int acquire_lock_handle(struct crypt_device *cd, const char *device_path, return 0; } -static void release_lock_handle(struct crypt_lock_handle *h) +static void release_lock_handle(struct crypt_device *cd, struct crypt_lock_handle *h) { char res[PATH_MAX]; struct stat buf_a, buf_b; @@ -182,11 +182,11 @@ static void release_lock_handle(struct crypt_lock_handle *h) same_inode(buf_a, buf_b)) { /* is it same id as the one referenced by fd? */ /* coverity[toctou] */ if (unlink(res)) /* yes? unlink the file */ - log_dbg("Failed to unlink resource file: %s", res); + log_dbg(cd, "Failed to unlink resource file: %s", res); } if (close(h->flock_fd)) - log_dbg("Failed to close resource fd (%d).", h->flock_fd); + log_dbg(cd, "Failed to close resource fd (%d).", h->flock_fd); } int device_locked(struct crypt_lock_handle *h) @@ -230,16 +230,16 @@ struct crypt_lock_handle *device_read_lock_handle(struct crypt_device *cd, const if (r) break; - log_dbg("Acquiring read lock for device %s.", device_path); + log_dbg(cd, "Acquiring read lock for device %s.", device_path); if (flock(h->flock_fd, LOCK_SH)) { - log_dbg("Shared flock failed with errno %d.", errno); + log_dbg(cd, "Shared flock failed with errno %d.", errno); r = -EINVAL; - release_lock_handle(h); + release_lock_handle(cd, h); break; } - log_dbg("Verifying read lock handle for device %s.", device_path); + log_dbg(cd, "Verifying read lock handle for device %s.", device_path); /* * check whether another libcryptsetup process removed resource file before this @@ -248,8 +248,8 @@ struct crypt_lock_handle *device_read_lock_handle(struct crypt_device *cd, const r = verify_lock_handle(device_path, h); if (r) { flock(h->flock_fd, LOCK_UN); - release_lock_handle(h); - log_dbg("Read lock handle verification failed."); + release_lock_handle(cd, h); + log_dbg(cd, "Read lock handle verification failed."); } } while (r == -EAGAIN); @@ -276,16 +276,16 @@ struct crypt_lock_handle *device_write_lock_handle(struct crypt_device *cd, cons if (r) break; - log_dbg("Acquiring write lock for device %s.", device_path); + log_dbg(cd, "Acquiring write lock for device %s.", device_path); if (flock(h->flock_fd, LOCK_EX)) { - log_dbg("Exclusive flock failed with errno %d.", errno); + log_dbg(cd, "Exclusive flock failed with errno %d.", errno); r = -EINVAL; - release_lock_handle(h); + release_lock_handle(cd, h); break; } - log_dbg("Verifying write lock handle for device %s.", device_path); + log_dbg(cd, "Verifying write lock handle for device %s.", device_path); /* * check whether another libcryptsetup process removed resource file before this @@ -294,8 +294,8 @@ struct crypt_lock_handle *device_write_lock_handle(struct crypt_device *cd, cons r = verify_lock_handle(device_path, h); if (r) { flock(h->flock_fd, LOCK_UN); - release_lock_handle(h); - log_dbg("Write lock handle verification failed."); + release_lock_handle(cd, h); + log_dbg(cd, "Write lock handle verification failed."); } } while (r == -EAGAIN); @@ -309,17 +309,17 @@ struct crypt_lock_handle *device_write_lock_handle(struct crypt_device *cd, cons return h; } -void device_unlock_handle(struct crypt_lock_handle *h) +void device_unlock_handle(struct crypt_device *cd, struct crypt_lock_handle *h) { if (flock(h->flock_fd, LOCK_UN)) - log_dbg("flock on fd %d failed.", h->flock_fd); + log_dbg(cd, "flock on fd %d failed.", h->flock_fd); - release_lock_handle(h); + release_lock_handle(cd, h); free(h); } -int device_locked_verify(int dev_fd, struct crypt_lock_handle *h) +int device_locked_verify(struct crypt_device *cd, int dev_fd, struct crypt_lock_handle *h) { char res[PATH_MAX]; struct stat dev_st, lck_st, st; @@ -329,11 +329,11 @@ int device_locked_verify(int dev_fd, struct crypt_lock_handle *h) /* if device handle is regular file the handle must match the lock handle */ if (S_ISREG(dev_st.st_mode)) { - log_dbg("Veryfing locked device handle (regular file)"); + log_dbg(cd, "Veryfing locked device handle (regular file)"); if (!same_inode(dev_st, lck_st)) return 1; } else if (S_ISBLK(dev_st.st_mode)) { - log_dbg("Veryfing locked device handle (bdev)"); + log_dbg(cd, "Veryfing locked device handle (bdev)"); if (resource_by_devno(res, sizeof(res), dev_st.st_rdev, 1) || stat(res, &st) || !same_inode(lck_st, st)) diff --git a/lib/utils_device_locking.h b/lib/utils_device_locking.h index 07c2d662..a6468b54 100644 --- a/lib/utils_device_locking.h +++ b/lib/utils_device_locking.h @@ -30,8 +30,8 @@ int device_locked(struct crypt_lock_handle *h); struct crypt_lock_handle *device_read_lock_handle(struct crypt_device *cd, const char *device_path); struct crypt_lock_handle *device_write_lock_handle(struct crypt_device *cd, const char *device_path); -void device_unlock_handle(struct crypt_lock_handle *h); +void device_unlock_handle(struct crypt_device *cd, struct crypt_lock_handle *h); -int device_locked_verify(int fd, struct crypt_lock_handle *h); +int device_locked_verify(struct crypt_device *cd, int fd, struct crypt_lock_handle *h); #endif diff --git a/lib/utils_pbkdf.c b/lib/utils_pbkdf.c index 142430c8..fd403533 100644 --- a/lib/utils_pbkdf.c +++ b/lib/utils_pbkdf.c @@ -201,7 +201,7 @@ int init_pbkdf_type(struct crypt_device *cd, cd_pbkdf->parallel_threads = pbkdf->parallel_threads; if (cd_pbkdf->parallel_threads > pbkdf_limits.max_parallel) { - log_dbg("Maximum PBKDF threads is %d (requested %d).", + log_dbg(cd, "Maximum PBKDF threads is %d (requested %d).", pbkdf_limits.max_parallel, cd_pbkdf->parallel_threads); cd_pbkdf->parallel_threads = pbkdf_limits.max_parallel; } @@ -209,7 +209,7 @@ int init_pbkdf_type(struct crypt_device *cd, if (cd_pbkdf->parallel_threads) { cpus = crypt_cpusonline(); if (cd_pbkdf->parallel_threads > cpus) { - log_dbg("Only %u active CPUs detected, " + log_dbg(cd, "Only %u active CPUs detected, " "PBKDF threads decreased from %d to %d.", cpus, cd_pbkdf->parallel_threads, cpus); cd_pbkdf->parallel_threads = cpus; @@ -219,14 +219,14 @@ int init_pbkdf_type(struct crypt_device *cd, if (cd_pbkdf->max_memory_kb) { memory_kb = adjusted_phys_memory(); if (cd_pbkdf->max_memory_kb > memory_kb) { - log_dbg("Not enough physical memory detected, " + log_dbg(cd, "Not enough physical memory detected, " "PBKDF max memory decreased from %dkB to %dkB.", cd_pbkdf->max_memory_kb, memory_kb); cd_pbkdf->max_memory_kb = memory_kb; } } - log_dbg("PBKDF %s, hash %s, time_ms %u (iterations %u), max_memory_kb %u, parallel_threads %u.", + log_dbg(cd, "PBKDF %s, hash %s, time_ms %u (iterations %u), max_memory_kb %u, parallel_threads %u.", cd_pbkdf->type ?: "(none)", cd_pbkdf->hash ?: "(none)", cd_pbkdf->time_ms, cd_pbkdf->iterations, cd_pbkdf->max_memory_kb, cd_pbkdf->parallel_threads); @@ -241,7 +241,7 @@ int crypt_set_pbkdf_type(struct crypt_device *cd, const struct crypt_pbkdf_type return -EINVAL; if (!pbkdf) - log_dbg("Resetting pbkdf type to default"); + log_dbg(cd, "Resetting pbkdf type to default"); crypt_get_pbkdf(cd)->flags = 0; @@ -283,7 +283,7 @@ void crypt_set_iteration_time(struct crypt_device *cd, uint64_t iteration_time_m if (pbkdf->type && verify_pbkdf_params(cd, pbkdf)) { pbkdf->time_ms = old_time_ms; - log_dbg("Invalid iteration time."); + log_dbg(cd, "Invalid iteration time."); return; } @@ -293,5 +293,5 @@ void crypt_set_iteration_time(struct crypt_device *cd, uint64_t iteration_time_m pbkdf->flags &= ~(CRYPT_PBKDF_NO_BENCHMARK); pbkdf->iterations = 0; - log_dbg("Iteration time set to %" PRIu64 " milliseconds.", iteration_time_ms); + log_dbg(cd, "Iteration time set to %" PRIu64 " milliseconds.", iteration_time_ms); } diff --git a/lib/utils_wipe.c b/lib/utils_wipe.c index b1afc0f6..e0e31e6c 100644 --- a/lib/utils_wipe.c +++ b/lib/utils_wipe.c @@ -191,7 +191,7 @@ int crypt_wipe_device(struct crypt_device *cd, } if (pattern == CRYPT_WIPE_SPECIAL && !device_is_rotational(device)) { - log_dbg("Non-rotational device, using random data wipe mode."); + log_dbg(cd, "Non-rotational device, using random data wipe mode."); pattern = CRYPT_WIPE_RANDOM; } @@ -253,7 +253,7 @@ int crypt_wipe(struct crypt_device *cd, if (!wipe_block_size) wipe_block_size = 1024*1024; - log_dbg("Wipe [%u] device %s, offset %" PRIu64 ", length %" PRIu64 ", block %zu.", + log_dbg(cd, "Wipe [%u] device %s, offset %" PRIu64 ", length %" PRIu64 ", block %zu.", (unsigned)pattern, device_path(device), offset, length, wipe_block_size); r = crypt_wipe_device(cd, device, pattern, offset, length, diff --git a/lib/verity/verity.c b/lib/verity/verity.c index a8e62974..ae718984 100644 --- a/lib/verity/verity.c +++ b/lib/verity/verity.c @@ -62,7 +62,7 @@ int VERITY_read_sb(struct crypt_device *cd, ssize_t hdr_size = sizeof(struct verity_sb); int devfd = 0, sb_version; - log_dbg("Reading VERITY header of size %zu on device %s, offset %" PRIu64 ".", + log_dbg(cd, "Reading VERITY header of size %zu on device %s, offset %" PRIu64 ".", sizeof(struct verity_sb), device_path(device), sb_offset); if (params->flags & CRYPT_VERITY_NO_HEADER) { @@ -162,7 +162,7 @@ int VERITY_write_sb(struct crypt_device *cd, uuid_t uuid; int r, devfd = 0; - log_dbg("Updating VERITY header of size %zu on device %s, offset %" PRIu64 ".", + log_dbg(cd, "Updating VERITY header of size %zu on device %s, offset %" PRIu64 ".", sizeof(struct verity_sb), device_path(device), sb_offset); if (!uuid_string || uuid_parse(uuid_string, uuid) == -1) { @@ -247,15 +247,15 @@ int VERITY_activate(struct crypt_device *cd, unsigned int fec_errors = 0; int r; - log_dbg("Trying to activate VERITY device %s using hash %s.", + log_dbg(cd, "Trying to activate VERITY device %s using hash %s.", name ?: "[none]", verity_hdr->hash_name); if (verity_hdr->flags & CRYPT_VERITY_CHECK_HASH) { - log_dbg("Verification of data in userspace required."); + log_dbg(cd, "Verification of data in userspace required."); r = VERITY_verify(cd, verity_hdr, root_hash, root_hash_size); if (r == -EPERM && fec_device) { - log_dbg("Verification failed, trying to repair with FEC device."); + log_dbg(cd, "Verification failed, trying to repair with FEC device."); r = VERITY_FEC_process(cd, verity_hdr, fec_device, 1, &fec_errors); if (r < 0) log_err(cd, _("Errors cannot be repaired with FEC device.")); diff --git a/lib/verity/verity_fec.c b/lib/verity/verity_fec.c index b7161e9d..f7910e3c 100644 --- a/lib/verity/verity_fec.c +++ b/lib/verity/verity_fec.c @@ -244,7 +244,7 @@ int VERITY_FEC_process(struct crypt_device *cd, } if (lseek(fd, params->fec_area_offset, SEEK_SET) < 0) { - log_dbg("Cannot seek to requested position in FEC device."); + log_dbg(cd, "Cannot seek to requested position in FEC device."); goto out; } diff --git a/lib/verity/verity_hash.c b/lib/verity/verity_hash.c index d8b8a776..4edf2b8a 100644 --- a/lib/verity/verity_hash.c +++ b/lib/verity/verity_hash.c @@ -51,7 +51,7 @@ static int verify_zero(struct crypt_device *cd, FILE *wr, size_t bytes) size_t i; if (fread(block, bytes, 1, wr) != 1) { - log_dbg("EIO while reading spare area."); + log_dbg(cd, "EIO while reading spare area."); return -EIO; } for (i = 0; i < bytes; i++) @@ -162,12 +162,12 @@ static int create_or_verify(struct crypt_device *cd, FILE *rd, FILE *wr, } if (fseeko(rd, seek_rd, SEEK_SET)) { - log_dbg("Cannot seek to requested position in data device."); + log_dbg(cd, "Cannot seek to requested position in data device."); return -EIO; } if (wr && fseeko(wr, seek_wr, SEEK_SET)) { - log_dbg("Cannot seek to requested position in hash device."); + log_dbg(cd, "Cannot seek to requested position in hash device."); return -EIO; } @@ -179,7 +179,7 @@ static int create_or_verify(struct crypt_device *cd, FILE *rd, FILE *wr, break; blocks--; if (fread(data_buffer, data_block_size, 1, rd) != 1) { - log_dbg("Cannot read data device block."); + log_dbg(cd, "Cannot read data device block."); return -EIO; } @@ -193,7 +193,7 @@ static int create_or_verify(struct crypt_device *cd, FILE *rd, FILE *wr, break; if (verify) { if (fread(read_digest, digest_size, 1, wr) != 1) { - log_dbg("Cannot read digest form hash device."); + log_dbg(cd, "Cannot read digest form hash device."); return -EIO; } if (memcmp(read_digest, calculated_digest, digest_size)) { @@ -203,7 +203,7 @@ static int create_or_verify(struct crypt_device *cd, FILE *rd, FILE *wr, } } else { if (fwrite(calculated_digest, digest_size, 1, wr) != 1) { - log_dbg("Cannot write digest to hash device."); + log_dbg(cd, "Cannot write digest to hash device."); return -EIO; } } @@ -216,7 +216,7 @@ static int create_or_verify(struct crypt_device *cd, FILE *rd, FILE *wr, if (r) return r; } else if (fwrite(left_block, digest_size_full - digest_size, 1, wr) != 1) { - log_dbg("Cannot write spare area to hash device."); + log_dbg(cd, "Cannot write spare area to hash device."); return -EIO; } } @@ -229,7 +229,7 @@ static int create_or_verify(struct crypt_device *cd, FILE *rd, FILE *wr, if (r) return r; } else if (fwrite(left_block, left_bytes, 1, wr) != 1) { - log_dbg("Cannot write remaining spare area to hash device."); + log_dbg(cd, "Cannot write remaining spare area to hash device."); return -EIO; } } @@ -263,7 +263,7 @@ static int VERITY_create_or_verify_hash(struct crypt_device *cd, uint64_t dev_size; int levels, i, r; - log_dbg("Hash %s %s, data device %s, data blocks %" PRIu64 + log_dbg(cd, "Hash %s %s, data device %s, data blocks %" PRIu64 ", hash_device %s, offset %" PRIu64 ".", verify ? "verification" : "creation", hash_name, device_path(data_device), data_blocks, @@ -294,14 +294,14 @@ static int VERITY_create_or_verify_hash(struct crypt_device *cd, return -EINVAL; } - log_dbg("Using %d hash levels.", levels); + log_dbg(cd, "Using %d hash levels.", levels); if (mult_overflow(&hash_device_size, hash_position, hash_block_size)) { log_err(cd, _("Device offset overflow.")); return -EINVAL; } - log_dbg("Data device size required: %" PRIu64 " bytes.", + log_dbg(cd, "Data device size required: %" PRIu64 " bytes.", data_device_size); data_file = fopen(device_path(data_device), "r"); if (!data_file) { @@ -312,7 +312,7 @@ static int VERITY_create_or_verify_hash(struct crypt_device *cd, goto out; } - log_dbg("Hash device size required: %" PRIu64 " bytes.", + log_dbg(cd, "Hash device size required: %" PRIu64 " bytes.", hash_device_size); hash_file = fopen(device_path(hash_device), verify ? "r" : "r+"); if (!hash_file) { @@ -369,12 +369,12 @@ out: if (r) log_err(cd, _("Verification of data area failed.")); else { - log_dbg("Verification of data area succeeded."); + log_dbg(cd, "Verification of data area succeeded."); r = memcmp(root_hash, calculated_digest, digest_size) ? -EPERM : 0; if (r) log_err(cd, _("Verification of root hash failed.")); else - log_dbg("Verification of root hash succeeded."); + log_dbg(cd, "Verification of root hash succeeded."); } } else { if (r == -EIO)