eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-05 16:00:05 +01:00
Code Issues Packages Projects Releases Wiki Activity

Use context in debug log messages.

Browse Source 
To use per-context logging even for debug messages
we need to use the same macro as for error logging.
This commit is contained in:
Milan Broz
2018-11-27 13:37:20 +01:00
parent 544ea7ccfc
commit a5a8467993
32 changed files with 568 additions and 550 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
lib/crypt_plain.c
View File

@@ -64,7 +64,7 @@ static int hash(const char *hash_name, size_t key_size, char *key,
#define PLAIN_HASH_LEN_MAX 256
int crypt_plain_hash(struct crypt_device *ctx __attribute__((unused)),
int crypt_plain_hash(struct crypt_device *cd,
const char *hash_name,
char *key, size_t key_size,
const char *passphrase, size_t passphrase_size)
@@ -73,7 +73,7 @@ int crypt_plain_hash(struct crypt_device *ctx __attribute__((unused)),
size_t hash_size, pad_size;
int r;
log_dbg("Plain: hashing passphrase using %s.", hash_name);
log_dbg(cd, "Plain: hashing passphrase using %s.", hash_name);
if (strlen(hash_name) >= PLAIN_HASH_LEN_MAX)
return -EINVAL;
@@ -85,11 +85,11 @@ int crypt_plain_hash(struct crypt_device *ctx __attribute__((unused)),
*s = '\0';
s++;
if (!*s || sscanf(s, "%zd", &hash_size) != 1) {
log_dbg("Hash length is not a number");
log_dbg(cd, "Hash length is not a number");
return -EINVAL;
}
if (hash_size > key_size) {
log_dbg("Hash length %zd > key length %zd",
log_dbg(cd, "Hash length %zd > key length %zd",
hash_size, key_size);
return -EINVAL;
}
@@ -102,7 +102,7 @@ int crypt_plain_hash(struct crypt_device *ctx __attribute__((unused)),
/* No hash, copy passphrase directly */
if (!strcmp(hash_name_buf, "plain")) {
if (passphrase_size < hash_size) {
log_dbg("Too short plain passphrase.");
log_dbg(cd, "Too short plain passphrase.");
return -EINVAL;
}
memcpy(key, passphrase, hash_size);

4
lib/integrity/integrity.c
View File

@@ -220,7 +220,7 @@ int INTEGRITY_activate(struct crypt_device *cd,
dmdi.u.integrity.journal_crypt = params->journal_crypt;
}
log_dbg("Trying to activate INTEGRITY device on top of %s, using name %s, tag size %d, provided sectors %" PRIu64".",
log_dbg(cd, "Trying to activate INTEGRITY device on top of %s, using name %s, tag size %d, provided sectors %" PRIu64".",
device_path(dmdi.data_device), name, dmdi.u.integrity.tag_size, dmdi.size);
r = device_block_adjust(cd, dmdi.data_device, DEV_EXCL,
@@ -276,7 +276,7 @@ int INTEGRITY_format(struct crypt_device *cd,
snprintf(tmp_name, sizeof(tmp_name), "temporary-cryptsetup-%s", tmp_uuid);
log_dbg("Trying to format INTEGRITY device on top of %s, tmp name %s, tag size %d.",
log_dbg(cd, "Trying to format INTEGRITY device on top of %s, tmp name %s, tag size %d.",
device_path(dmdi.data_device), tmp_name, dmdi.u.integrity.tag_size);
r = device_block_adjust(cd, dmdi.data_device, DEV_EXCL, dmdi.u.integrity.offset, NULL, NULL);

4
lib/internal.h
View File

@@ -152,7 +152,7 @@ uint64_t crypt_getphysmemory_kb(void);
int init_crypto(struct crypt_device *ctx);
void logger(struct crypt_device *cd, int level, const char *file, int line, const char *format, ...) __attribute__ ((format (printf, 5, 6)));
#define log_dbg(x...) logger(NULL, CRYPT_LOG_DEBUG, __FILE__, __LINE__, x)
#define log_dbg(c, x...) logger(c, CRYPT_LOG_DEBUG, __FILE__, __LINE__, x)
#define log_std(c, x...) logger(c, CRYPT_LOG_NORMAL, __FILE__, __LINE__, x)
#define log_verbose(c, x...) logger(c, CRYPT_LOG_VERBOSE, __FILE__, __LINE__, x)
#define log_err(c, x...) logger(c, CRYPT_LOG_ERROR, __FILE__, __LINE__, x)
@@ -169,7 +169,7 @@ int crypt_random_get(struct crypt_device *ctx, char *buf, size_t len, int qualit
void crypt_random_exit(void);
int crypt_random_default_key_rng(void);
int crypt_plain_hash(struct crypt_device *ctx,
int crypt_plain_hash(struct crypt_device *cd,
const char *hash_name,
char *key, size_t key_size,
const char *passphrase, size_t passphrase_size);

38
lib/libdevmapper.c
View File

@@ -99,7 +99,7 @@ static void set_dm_error(int level,
} else {
/* We do not use DM visual stack backtrace here */
if (strncmp(msg, "<backtrace>", 11))
log_dbg("%s", msg);
log_dbg(_context, "%s", msg);
}
}
free(msg);
@@ -130,13 +130,13 @@ static void _dm_set_crypt_compat(unsigned crypt_maj,
if (_dm_crypt_checked || crypt_maj == 0)
return;
log_dbg("Detected dm-crypt version %i.%i.%i.",
log_dbg(NULL, "Detected dm-crypt version %i.%i.%i.",
crypt_maj, crypt_min, crypt_patch);
if (_dm_satisfies_version(1, 2, 0, crypt_maj, crypt_min, crypt_patch))
_dm_flags |= DM_KEY_WIPE_SUPPORTED;
else
log_dbg("Suspend and resume disabled, no wipe key support.");
log_dbg(NULL, "Suspend and resume disabled, no wipe key support.");
if (_dm_satisfies_version(1, 10, 0, crypt_maj, crypt_min, crypt_patch))
_dm_flags |= DM_LMK_SUPPORTED;
@@ -174,7 +174,7 @@ static void _dm_set_verity_compat(unsigned verity_maj,
if (_dm_verity_checked || verity_maj == 0)
return;
log_dbg("Detected dm-verity version %i.%i.%i.",
log_dbg(NULL, "Detected dm-verity version %i.%i.%i.",
verity_maj, verity_min, verity_patch);
_dm_flags |= DM_VERITY_SUPPORTED;
@@ -201,7 +201,7 @@ static void _dm_set_integrity_compat(unsigned integrity_maj,
if (_dm_integrity_checked || integrity_maj == 0)
return;
log_dbg("Detected dm-integrity version %i.%i.%i.",
log_dbg(NULL, "Detected dm-integrity version %i.%i.%i.",
integrity_maj, integrity_min, integrity_patch);
_dm_flags |= DM_INTEGRITY_SUPPORTED;
@@ -239,7 +239,7 @@ static int _dm_check_versions(dm_target_type target_type)
if (!_dm_ioctl_checked) {
if (sscanf(dm_version, "%u.%u.%u", &dm_maj, &dm_min, &dm_patch) != 3)
goto out;
log_dbg("Detected dm-ioctl version %u.%u.%u.", dm_maj, dm_min, dm_patch);
log_dbg(NULL, "Detected dm-ioctl version %u.%u.%u.", dm_maj, dm_min, dm_patch);
if (_dm_satisfies_version(4, 20, 0, dm_maj, dm_min, dm_patch))
_dm_flags |= DM_SECURE_SUPPORTED;
@@ -270,7 +270,7 @@ static int _dm_check_versions(dm_target_type target_type)
r = 1;
if (!_dm_ioctl_checked)
log_dbg("Device-mapper backend running with UDEV support %sabled.",
log_dbg(NULL, "Device-mapper backend running with UDEV support %sabled.",
_dm_use_udev() ? "en" : "dis");
_dm_ioctl_checked = true;
@@ -303,7 +303,7 @@ int dm_flags(dm_target_type target, uint32_t *flags)
void dm_backend_init(void)
{
if (!_dm_use_count++) {
log_dbg("Initialising device-mapper backend library.");
log_dbg(NULL, "Initialising device-mapper backend library.");
dm_log_init(set_dm_error);
dm_log_init_verbose(10);
}
@@ -312,7 +312,7 @@ void dm_backend_init(void)
void dm_backend_exit(void)
{
if (_dm_use_count && (!--_dm_use_count)) {
log_dbg("Releasing device-mapper backend.");
log_dbg(NULL, "Releasing device-mapper backend.");
dm_log_init_verbose(0);
dm_log_init(NULL);
dm_lib_release();
@@ -939,7 +939,7 @@ int dm_remove_device(struct crypt_device *cd, const char *name, uint32_t flags)
do {
r = _dm_remove(name, 1, deferred) ? 0 : -EINVAL;
if (--retries && r) {
log_dbg("WARNING: other process locked internal device %s, %s.",
log_dbg(NULL, "WARNING: other process locked internal device %s, %s.",
name, retries ? "retrying remove" : "giving up");
sleep(1);
if ((flags & CRYPT_DEACTIVATE_FORCE) && !error_target) {
@@ -979,7 +979,7 @@ static int dm_prepare_uuid(const char *name, const char *type, const char *uuid,
/* Remove '-' chars */
if (uuid) {
if (uuid_parse(uuid, uu) < 0) {
log_dbg("Requested UUID %s has invalid format.", uuid);
log_dbg(NULL, "Requested UUID %s has invalid format.", uuid);
return 0;
}
@@ -995,7 +995,7 @@ static int dm_prepare_uuid(const char *name, const char *type, const char *uuid,
uuid2[0] ? uuid2 : "", uuid2[0] ? "-" : "",
name);
log_dbg("DM-UUID is %s", buf);
log_dbg(NULL, "DM-UUID is %s", buf);
if (i >= buflen)
log_err(NULL, _("DM-UUID for device %s was truncated."), name);
@@ -1020,7 +1020,7 @@ int lookup_dm_dev_by_uuid(const char *uuid, const char *type)
r = lookup_by_disk_id(dev_uuid);
if (r == -ENOENT) {
log_dbg("Search by disk id not available. Using sysfs instead.");
log_dbg(NULL, "Search by disk id not available. Using sysfs instead.");
r = lookup_by_sysfs_uuid_field(dev_uuid + DM_BY_ID_PREFIX_LEN, DM_UUID_LEN);
}
@@ -1150,7 +1150,7 @@ static int check_retry(uint32_t *dmd_flags, uint32_t dmt_flags)
/* If discard not supported try to load without discard */
if ((*dmd_flags & CRYPT_ACTIVATE_ALLOW_DISCARDS) &&
!(dmt_flags & DM_DISCARDS_SUPPORTED)) {
log_dbg("Discard/TRIM is not supported");
log_dbg(NULL, "Discard/TRIM is not supported");
*dmd_flags = *dmd_flags & ~CRYPT_ACTIVATE_ALLOW_DISCARDS;
ret = 1;
}
@@ -1158,7 +1158,7 @@ static int check_retry(uint32_t *dmd_flags, uint32_t dmt_flags)
/* If kernel keyring is not supported load key directly in dm-crypt */
if ((*dmd_flags & CRYPT_ACTIVATE_KEYRING_KEY) &&
!(dmt_flags & DM_KERNEL_KEYRING_SUPPORTED)) {
log_dbg("dm-crypt doesn't support kernel keyring");
log_dbg(NULL, "dm-crypt doesn't support kernel keyring");
*dmd_flags = *dmd_flags & ~CRYPT_ACTIVATE_KEYRING_KEY;
ret = 1;
}
@@ -1166,7 +1166,7 @@ static int check_retry(uint32_t *dmd_flags, uint32_t dmt_flags)
/* Drop performance options if not supported */
if ((*dmd_flags & (CRYPT_ACTIVATE_SAME_CPU_CRYPT | CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS)) &&
!(dmt_flags & (DM_SAME_CPU_CRYPT_SUPPORTED | DM_SUBMIT_FROM_CRYPT_CPUS_SUPPORTED))) {
log_dbg("dm-crypt doesn't support performance options");
log_dbg(NULL, "dm-crypt doesn't support performance options");
*dmd_flags = *dmd_flags & ~(CRYPT_ACTIVATE_SAME_CPU_CRYPT | CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS);
ret = 1;
}
@@ -1343,7 +1343,7 @@ static int _dm_status_verity_ok(const char *name)
return r;
}
log_dbg("Verity volume %s status is %s.", name, status_line ?: "");
log_dbg(NULL, "Verity volume %s status is %s.", name, status_line ?: "");
r = status_line[0] == 'V' ? 1 : 0;
free(status_line);
@@ -1376,7 +1376,7 @@ int dm_status_integrity_failures(struct crypt_device *cd, const char *name, uint
return r;
}
log_dbg("Integrity volume %s failure status is %s.", name, status_line ?: "");
log_dbg(NULL, "Integrity volume %s failure status is %s.", name, status_line ?: "");
*count = strtoull(status_line, NULL, 10);
free(status_line);
dm_exit_context();
@@ -1491,7 +1491,7 @@ static int _dm_query_crypt(uint32_t get_flags,
/* Never allow to return empty key */
if ((get_flags & DM_ACTIVE_CRYPT_KEY) && dmi->suspended) {
log_dbg("Cannot read volume key while suspended.");
log_dbg(NULL, "Cannot read volume key while suspended.");
goto err;
}

10
lib/loopaes/loopaes.c
View File

@@ -137,7 +137,7 @@ int LOOPAES_parse_keyfile(struct crypt_device *cd,
unsigned int key_lengths[LOOPAES_KEYS_MAX];
unsigned int i, key_index, key_len, offset;
log_dbg("Parsing loop-AES keyfile of size %zu.", buffer_len);
log_dbg(cd, "Parsing loop-AES keyfile of size %zu.", buffer_len);
if (!buffer_len)
return -EINVAL;
@@ -164,7 +164,7 @@ int LOOPAES_parse_keyfile(struct crypt_device *cd,
key_lengths[key_index]++;
}
if (offset == buffer_len) {
log_dbg("Unterminated key #%d in keyfile.", key_index);
log_dbg(cd, "Unterminated key #%d in keyfile.", key_index);
log_err(cd, _("Incompatible loop-AES keyfile detected."));
return -EINVAL;
}
@@ -177,7 +177,7 @@ int LOOPAES_parse_keyfile(struct crypt_device *cd,
key_len = key_lengths[0];
for (i = 0; i < key_index; i++)
if (!key_lengths[i] || (key_lengths[i] != key_len)) {
log_dbg("Unexpected length %d of key #%d (should be %d).",
log_dbg(cd, "Unexpected length %d of key #%d (should be %d).",
key_lengths[i], i, key_len);
key_len = 0;
break;
@@ -189,7 +189,7 @@ int LOOPAES_parse_keyfile(struct crypt_device *cd,
return -EINVAL;
}
log_dbg("Keyfile: %d keys of length %d.", key_index, key_len);
log_dbg(cd, "Keyfile: %d keys of length %d.", key_index, key_len);
*keys_count = key_index;
return hash_keys(cd, vk, hash, keys, key_index,
@@ -236,7 +236,7 @@ int LOOPAES_activate(struct crypt_device *cd,
return -ENOMEM;
dmd.u.crypt.cipher = cipher;
log_dbg("Trying to activate loop-AES device %s using cipher %s.",
log_dbg(cd, "Trying to activate loop-AES device %s using cipher %s.",
name, dmd.u.crypt.cipher);
r = dm_create_device(cd, name, CRYPT_LOOPAES, &dmd, 0);

10
lib/luks1/keyencryption.c
View File

@@ -73,7 +73,7 @@ static int LUKS_endec_template(char *src, size_t srcLength,
int r, devfd = -1;
size_t bsize, keyslot_alignment, alignment;
log_dbg("Using dmcrypt to access keyslot area.");
log_dbg(ctx, "Using dmcrypt to access keyslot area.");
bsize = device_block_size(dmd.data_device);
alignment = device_alignment(dmd.data_device);
@@ -158,7 +158,7 @@ int LUKS_encrypt_to_storage(char *src, size_t srcLength,
r = crypt_storage_init(&s, 0, cipher, cipher_mode, vk->key, vk->keylength);
if (r)
log_dbg("Userspace crypto wrapper cannot use %s-%s (%d).",
log_dbg(ctx, "Userspace crypto wrapper cannot use %s-%s (%d).",
cipher, cipher_mode, r);
/* Fallback to old temporary dmcrypt device */
@@ -172,7 +172,7 @@ int LUKS_encrypt_to_storage(char *src, size_t srcLength,
return r;
}
log_dbg("Using userspace crypto wrapper to access keyslot area.");
log_dbg(ctx, "Using userspace crypto wrapper to access keyslot area.");
r = crypt_storage_encrypt(s, 0, srcLength / SECTOR_SIZE, src);
crypt_storage_destroy(s);
@@ -223,7 +223,7 @@ int LUKS_decrypt_from_storage(char *dst, size_t dstLength,
r = crypt_storage_init(&s, 0, cipher, cipher_mode, vk->key, vk->keylength);
if (r)
log_dbg("Userspace crypto wrapper cannot use %s-%s (%d).",
log_dbg(ctx, "Userspace crypto wrapper cannot use %s-%s (%d).",
cipher, cipher_mode, r);
/* Fallback to old temporary dmcrypt device */
@@ -237,7 +237,7 @@ int LUKS_decrypt_from_storage(char *dst, size_t dstLength,
return r;
}
log_dbg("Using userspace crypto wrapper to access keyslot area.");
log_dbg(ctx, "Using userspace crypto wrapper to access keyslot area.");
/* Read buffer from device */
devfd = device_open(device, O_RDONLY);

66
lib/luks1/keymanage.c
View File

@@ -111,13 +111,13 @@ static int LUKS_check_device_size(struct crypt_device *ctx, const struct luks_ph
return -EINVAL;
if (device_size(device, &dev_sectors)) {
log_dbg("Cannot get device size for device %s.", device_path(device));
log_dbg(ctx, "Cannot get device size for device %s.", device_path(device));
return -EIO;
}
dev_sectors >>= SECTOR_SHIFT;
hdr_sectors = LUKS_device_sectors(hdr);
log_dbg("Key length %u, device size %" PRIu64 " sectors, header size %"
log_dbg(ctx, "Key length %u, device size %" PRIu64 " sectors, header size %"
PRIu64 " sectors.", hdr->keyBytes, dev_sectors, hdr_sectors);
if (hdr_sectors > dev_sectors) {
@@ -144,7 +144,7 @@ static int LUKS_check_keyslots(struct crypt_device *ctx, const struct luks_phdr
for (i = 0; i < LUKS_NUMKEYS; i++) {
/* enforce stripes == 4000 */
if (phdr->keyblock[i].stripes != LUKS_STRIPES) {
log_dbg("Invalid stripes count %u in keyslot %u.",
log_dbg(ctx, "Invalid stripes count %u in keyslot %u.",
phdr->keyblock[i].stripes, i);
log_err(ctx, _("LUKS keyslot %u is invalid."), i);
return -1;
@@ -152,7 +152,7 @@ static int LUKS_check_keyslots(struct crypt_device *ctx, const struct luks_phdr
/* First sectors is the header itself */
if (phdr->keyblock[i].keyMaterialOffset * SECTOR_SIZE < sizeof(*phdr)) {
log_dbg("Invalid offset %u in keyslot %u.",
log_dbg(ctx, "Invalid offset %u in keyslot %u.",
phdr->keyblock[i].keyMaterialOffset, i);
log_err(ctx, _("LUKS keyslot %u is invalid."), i);
return -1;
@@ -163,7 +163,7 @@ static int LUKS_check_keyslots(struct crypt_device *ctx, const struct luks_phdr
continue;
if (phdr->payloadOffset <= phdr->keyblock[i].keyMaterialOffset) {
log_dbg("Invalid offset %u in keyslot %u (beyond data area offset %u).",
log_dbg(ctx, "Invalid offset %u in keyslot %u (beyond data area offset %u).",
phdr->keyblock[i].keyMaterialOffset, i,
phdr->payloadOffset);
log_err(ctx, _("LUKS keyslot %u is invalid."), i);
@@ -171,7 +171,7 @@ static int LUKS_check_keyslots(struct crypt_device *ctx, const struct luks_phdr
}
if (phdr->payloadOffset < (phdr->keyblock[i].keyMaterialOffset + secs_per_stripes)) {
log_dbg("Invalid keyslot size %u (offset %u, stripes %u) in "
log_dbg(ctx, "Invalid keyslot size %u (offset %u, stripes %u) in "
"keyslot %u (beyond data area offset %u).",
secs_per_stripes,
phdr->keyblock[i].keyMaterialOffset,
@@ -188,7 +188,7 @@ static int LUKS_check_keyslots(struct crypt_device *ctx, const struct luks_phdr
next = sorted_areas[i];
if (phdr->keyblock[next].keyMaterialOffset <
(phdr->keyblock[prev].keyMaterialOffset + secs_per_stripes)) {
log_dbg("Not enough space in LUKS keyslot %d.", prev);
log_dbg(ctx, "Not enough space in LUKS keyslot %d.", prev);
log_err(ctx, _("LUKS keyslot %u is invalid."), prev);
return -1;
}
@@ -235,10 +235,10 @@ int LUKS_hdr_backup(const char *backup_file, struct crypt_device *ctx)
goto out;
}
log_dbg("Storing backup of header (%zu bytes) and keyslot area (%zu bytes).",
log_dbg(ctx, "Storing backup of header (%zu bytes) and keyslot area (%zu bytes).",
sizeof(hdr), hdr_size - LUKS_ALIGN_KEYSLOTS);
log_dbg("Output backup file size: %zu bytes.", buffer_size);
log_dbg(ctx, "Output backup file size: %zu bytes.", buffer_size);
devfd = device_open(device, O_RDONLY);
if (devfd < 0) {
@@ -329,7 +329,7 @@ int LUKS_hdr_restore(
r = LUKS_read_phdr(hdr, 0, 0, ctx);
if (r == 0) {
log_dbg("Device %s already contains LUKS header, checking UUID and offset.", device_path(device));
log_dbg(ctx, "Device %s already contains LUKS header, checking UUID and offset.", device_path(device));
if(hdr->payloadOffset != hdr_file.payloadOffset ||
hdr->keyBytes != hdr_file.keyBytes) {
log_err(ctx, _("Data offset or key size differs on device and backup, restore failed."));
@@ -353,7 +353,7 @@ int LUKS_hdr_restore(
goto out;
}
log_dbg("Storing backup of header (%zu bytes) and keyslot area (%zu bytes) to device %s.",
log_dbg(ctx, "Storing backup of header (%zu bytes) and keyslot area (%zu bytes) to device %s.",
sizeof(*hdr), buffer_size - LUKS_ALIGN_KEYSLOTS, device_path(device));
devfd = device_open(device, O_RDWR);
@@ -412,7 +412,7 @@ static int _keyslot_repair(struct luks_phdr *phdr, struct crypt_device *ctx)
log_verbose(ctx, _("Repairing keyslots."));
log_dbg("Generating second header with the same parameters for check.");
log_dbg(ctx, "Generating second header with the same parameters for check.");
/* cipherName, cipherMode, hashSpec, uuid are already null terminated */
/* payloadOffset - cannot check */
r = LUKS_generate_phdr(&temp_phdr, vk, phdr->cipherName, phdr->cipherMode,
@@ -424,7 +424,7 @@ static int _keyslot_repair(struct luks_phdr *phdr, struct crypt_device *ctx)
for(i = 0; i < LUKS_NUMKEYS; ++i) {
if (phdr->keyblock[i].active == LUKS_KEY_ENABLED) {
log_dbg("Skipping repair for active keyslot %i.", i);
log_dbg(ctx, "Skipping repair for active keyslot %i.", i);
continue;
}
@@ -491,7 +491,7 @@ static int _check_and_convert_hdr(const char *device,
char luksMagic[] = LUKS_MAGIC;
if(memcmp(hdr->magic, luksMagic, LUKS_MAGIC_L)) { /* Check magic */
log_dbg("LUKS header not detected.");
log_dbg(ctx, "LUKS header not detected.");
if (require_luks_device)
log_err(ctx, _("Device %s is not a valid LUKS device."), device);
return -EINVAL;
@@ -565,7 +565,7 @@ int LUKS_read_phdr_backup(const char *backup_file,
ssize_t hdr_size = sizeof(struct luks_phdr);
int devfd = 0, r = 0;
log_dbg("Reading LUKS header of size %d from backup file %s",
log_dbg(ctx, "Reading LUKS header of size %d from backup file %s",
(int)hdr_size, backup_file);
devfd = open(backup_file, O_RDONLY);
@@ -604,7 +604,7 @@ int LUKS_read_phdr(struct luks_phdr *hdr,
if (repair && !require_luks_device)
return -EINVAL;
log_dbg("Reading LUKS header of size %zu from device %s",
log_dbg(ctx, "Reading LUKS header of size %zu from device %s",
hdr_size, device_path(device));
devfd = device_open(device, O_RDONLY);
@@ -629,7 +629,7 @@ int LUKS_read_phdr(struct luks_phdr *hdr,
* has bigger sector size.
*/
if (!r && hdr->keyblock[0].keyMaterialOffset * SECTOR_SIZE < LUKS_ALIGN_KEYSLOTS) {
log_dbg("Old unaligned LUKS keyslot detected, disabling direct-io.");
log_dbg(ctx, "Old unaligned LUKS keyslot detected, disabling direct-io.");
device_disable_direct_io(device);
}
@@ -647,7 +647,7 @@ int LUKS_write_phdr(struct luks_phdr *hdr,
struct luks_phdr convHdr;
int r;
log_dbg("Updating LUKS header of size %zu on device %s",
log_dbg(ctx, "Updating LUKS header of size %zu on device %s",
sizeof(struct luks_phdr), device_path(device));
r = LUKS_check_device_size(ctx, hdr, 1);
@@ -705,7 +705,7 @@ int LUKS_check_cipher(struct crypt_device *ctx, size_t keylength, const char *ci
struct volume_key *empty_key;
char buf[SECTOR_SIZE];
log_dbg("Checking if cipher %s-%s is usable.", cipher, cipher_mode);
log_dbg(ctx, "Checking if cipher %s-%s is usable.", cipher, cipher_mode);
empty_key = crypt_alloc_volume_key(keylength, NULL);
if (!empty_key)
@@ -774,7 +774,7 @@ int LUKS_generate_phdr(struct luks_phdr *header,
LUKS_fix_header_compatible(header);
log_dbg("Generating LUKS header version %d using hash %s, %s, %s, MK %d bytes",
log_dbg(ctx, "Generating LUKS header version %d using hash %s, %s, %s, MK %d bytes",
header->version, header->hashSpec ,header->cipherName, header->cipherMode,
header->keyBytes);
@@ -827,7 +827,7 @@ int LUKS_generate_phdr(struct luks_phdr *header,
uuid_unparse(partitionUuid, header->uuid);
log_dbg("Data offset %d, UUID %s, digest iterations %" PRIu32,
log_dbg(ctx, "Data offset %d, UUID %s, digest iterations %" PRIu32,
header->payloadOffset, header->uuid, header->mkDigestIterations);
return 0;
@@ -875,7 +875,7 @@ int LUKS_set_key(unsigned int keyIndex,
return -EINVAL;
}
log_dbg("Calculating data for key slot %d", keyIndex);
log_dbg(ctx, "Calculating data for key slot %d", keyIndex);
pbkdf = crypt_get_pbkdf(ctx);
r = crypt_benchmark_pbkdf_internal(ctx, pbkdf, vk->keylength);
if (r < 0)
@@ -887,7 +887,7 @@ int LUKS_set_key(unsigned int keyIndex,
*/
hdr->keyblock[keyIndex].passwordIterations =
at_least(pbkdf->iterations, LUKS_SLOT_ITERATIONS_MIN);
log_dbg("Key slot %d use %" PRIu32 " password iterations.", keyIndex,
log_dbg(ctx, "Key slot %d use %" PRIu32 " password iterations.", keyIndex,
hdr->keyblock[keyIndex].passwordIterations);
derived_key = crypt_alloc_volume_key(hdr->keyBytes, NULL);
@@ -917,13 +917,13 @@ int LUKS_set_key(unsigned int keyIndex,
goto out;
}
log_dbg("Using hash %s for AF in key slot %d, %d stripes",
log_dbg(ctx, "Using hash %s for AF in key slot %d, %d stripes",
hdr->hashSpec, keyIndex, hdr->keyblock[keyIndex].stripes);
r = AF_split(vk->key,AfKey,vk->keylength,hdr->keyblock[keyIndex].stripes,hdr->hashSpec);
if (r < 0)
goto out;
log_dbg("Updating key slot %d [0x%04x] area.", keyIndex,
log_dbg(ctx, "Updating key slot %d [0x%04x] area.", keyIndex,
hdr->keyblock[keyIndex].keyMaterialOffset << 9);
/* Encryption via dm */
r = LUKS_encrypt_to_storage(AfKey,
@@ -936,7 +936,7 @@ int LUKS_set_key(unsigned int keyIndex,
goto out;
/* Mark the key as active in phdr */
r = LUKS_keyslot_set(hdr, (int)keyIndex, 1);
r = LUKS_keyslot_set(hdr, (int)keyIndex, 1, ctx);
if (r < 0)
goto out;
@@ -983,7 +983,7 @@ static int LUKS_open_key(unsigned int keyIndex,
size_t AFEKSize;
int r;
log_dbg("Trying to open key slot %d [%s].", keyIndex,
log_dbg(ctx, "Trying to open key slot %d [%s].", keyIndex,
dbg_slot_state(ki));
if (ki < CRYPT_SLOT_ACTIVE)
@@ -1008,7 +1008,7 @@ static int LUKS_open_key(unsigned int keyIndex,
if (r < 0)
goto out;
log_dbg("Reading key slot %d area.", keyIndex);
log_dbg(ctx, "Reading key slot %d area.", keyIndex);
r = LUKS_decrypt_from_storage(AfKey,
AFEKSize,
hdr->cipherName, hdr->cipherMode,
@@ -1076,7 +1076,7 @@ int LUKS_del_key(unsigned int keyIndex,
if (r)
return r;
r = LUKS_keyslot_set(hdr, keyIndex, 0);
r = LUKS_keyslot_set(hdr, keyIndex, 0, ctx);
if (r) {
log_err(ctx, _("Key slot %d is invalid, please select keyslot between 0 and %d."),
keyIndex, LUKS_NUMKEYS - 1);
@@ -1155,7 +1155,7 @@ int LUKS_keyslot_active_count(struct luks_phdr *hdr)
return num;
}
int LUKS_keyslot_set(struct luks_phdr *hdr, int keyslot, int enable)
int LUKS_keyslot_set(struct luks_phdr *hdr, int keyslot, int enable, struct crypt_device *ctx)
{
crypt_keyslot_info ki = LUKS_keyslot_info(hdr, keyslot);
@@ -1163,7 +1163,7 @@ int LUKS_keyslot_set(struct luks_phdr *hdr, int keyslot, int enable)
return -EINVAL;
hdr->keyblock[keyslot].active = enable ? LUKS_KEY_ENABLED : LUKS_KEY_DISABLED;
log_dbg("Key slot %d was %s in LUKS header.", keyslot, enable ? "enabled" : "disabled");
log_dbg(ctx, "Key slot %d was %s in LUKS header.", keyslot, enable ? "enabled" : "disabled");
return 0;
}
@@ -1229,7 +1229,7 @@ int LUKS_wipe_header_areas(struct luks_phdr *hdr,
wipe_block = 4096;
}
log_dbg("Wiping LUKS areas (0x%06" PRIx64 " - 0x%06" PRIx64") with zeroes.",
log_dbg(ctx, "Wiping LUKS areas (0x%06" PRIx64 " - 0x%06" PRIx64") with zeroes.",
offset, length + offset);
r = crypt_wipe_device(ctx, crypt_metadata_device(ctx), CRYPT_WIPE_ZERO,
@@ -1252,7 +1252,7 @@ int LUKS_wipe_header_areas(struct luks_phdr *hdr,
if (length == 0 || offset < 4096)
return -EINVAL;
log_dbg("Wiping keyslot %i area (0x%06" PRIx64 " - 0x%06" PRIx64") with random data.",
log_dbg(ctx, "Wiping keyslot %i area (0x%06" PRIx64 " - 0x%06" PRIx64") with random data.",
i, offset, length + offset);
r = crypt_wipe_device(ctx, crypt_metadata_device(ctx), CRYPT_WIPE_RANDOM,

3
lib/luks1/luks.h
View File

@@ -177,7 +177,8 @@ int LUKS_wipe_header_areas(struct luks_phdr *hdr,
crypt_keyslot_info LUKS_keyslot_info(struct luks_phdr *hdr, int keyslot);
int LUKS_keyslot_find_empty(struct luks_phdr *hdr);
int LUKS_keyslot_active_count(struct luks_phdr *hdr);
int LUKS_keyslot_set(struct luks_phdr *hdr, int keyslot, int enable);
int LUKS_keyslot_set(struct luks_phdr *hdr, int keyslot, int enable,
struct crypt_device *ctx);
int LUKS_keyslot_area(const struct luks_phdr *hdr,
int keyslot,
uint64_t *offset,

2
lib/luks2/luks2.h
View File

@@ -150,7 +150,7 @@ int LUKS2_hdr_labels(struct crypt_device *cd,
const char *subsystem,
int commit);
void LUKS2_hdr_free(struct luks2_hdr *hdr);
void LUKS2_hdr_free(struct crypt_device *cd, struct luks2_hdr *hdr);
int LUKS2_hdr_backup(struct crypt_device *cd,
struct luks2_hdr *hdr,

16
lib/luks2/luks2_digest.c
View File

@@ -86,7 +86,7 @@ int LUKS2_digest_create(struct crypt_device *cd,
if (digest < 0)
return -EINVAL;
log_dbg("Creating new digest %d (%s).", digest, type);
log_dbg(cd, "Creating new digest %d (%s).", digest, type);
return dh->store(cd, digest, vk->key, vk->keylength) ?: digest;
}
@@ -124,14 +124,14 @@ int LUKS2_digest_verify(struct crypt_device *cd,
if (digest < 0)
return digest;
log_dbg("Verifying key from keyslot %d, digest %d.", keyslot, digest);
log_dbg(cd, "Verifying key from keyslot %d, digest %d.", keyslot, digest);
h = LUKS2_digest_handler(cd, digest);
if (!h)
return -EINVAL;
r = h->verify(cd, digest, vk->key, vk->keylength);
if (r < 0) {
log_dbg("Digest %d (%s) verify failed with %d.", digest, h->name, r);
log_dbg(cd, "Digest %d (%s) verify failed with %d.", digest, h->name, r);
return r;
}
@@ -160,7 +160,7 @@ int LUKS2_digest_verify_by_segment(struct crypt_device *cd,
if (digest < 0)
return digest;
log_dbg("Verifying key digest %d.", digest);
log_dbg(cd, "Verifying key digest %d.", digest);
h = LUKS2_digest_handler(cd, digest);
if (!h)
@@ -168,7 +168,7 @@ int LUKS2_digest_verify_by_segment(struct crypt_device *cd,
r = h->verify(cd, digest, vk->key, vk->keylength);
if (r < 0) {
log_dbg("Digest %d (%s) verify failed with %d.", digest, h->name, r);
log_dbg(cd, "Digest %d (%s) verify failed with %d.", digest, h->name, r);
return r;
}
@@ -205,7 +205,7 @@ static int assign_one_digest(struct crypt_device *cd, struct luks2_hdr *hdr,
json_object *jobj1, *jobj_digest, *jobj_digest_keyslots;
char num[16];
log_dbg("Keyslot %i %s digest %i.", keyslot, assign ? "assigned to" : "unassigned from", digest);
log_dbg(cd, "Keyslot %i %s digest %i.", keyslot, assign ? "assigned to" : "unassigned from", digest);
jobj_digest = LUKS2_get_digest_jobj(hdr, digest);
if (!jobj_digest)
@@ -260,7 +260,7 @@ static int assign_one_segment(struct crypt_device *cd, struct luks2_hdr *hdr,
json_object *jobj1, *jobj_digest, *jobj_digest_segments;
char num[16];
log_dbg("Segment %i %s digest %i.", segment, assign ? "assigned to" : "unassigned from", digest);
log_dbg(cd, "Segment %i %s digest %i.", segment, assign ? "assigned to" : "unassigned from", digest);
jobj_digest = LUKS2_get_digest_jobj(hdr, digest);
if (!jobj_digest)
@@ -335,7 +335,7 @@ void LUKS2_digests_erase_unused(struct crypt_device *cd,
json_object_object_foreach(jobj_digests, key, val) {
if (digest_unused(val)) {
log_dbg("Erasing unused digest %d.", atoi(key));
log_dbg(cd, "Erasing unused digest %d.", atoi(key));
json_object_object_del(jobj_digests, key);
}
}

4
lib/luks2/luks2_digest_pbkdf2.c
View File

@@ -105,7 +105,7 @@ static int PBKDF2_digest_store(struct crypt_device *cd,
.time_ms = LUKS_MKD_ITERATIONS_MS,
};
log_dbg("Setting PBKDF2 type key digest %d.", digest);
log_dbg(cd, "Setting PBKDF2 type key digest %d.", digest);
r = crypt_random_get(cd, salt, LUKS_SALTSIZE, CRYPT_RND_SALT);
if (r < 0)
@@ -168,7 +168,7 @@ static int PBKDF2_digest_store(struct crypt_device *cd,
json_object_object_add(jobj_digests, num, jobj_digest);
}
JSON_DBG(jobj_digest, "Digest JSON");
JSON_DBG(cd, jobj_digest, "Digest JSON");
return 0;
}

150
lib/luks2/luks2_disk_metadata.c
View File

@@ -26,7 +26,8 @@
/*
* Helper functions
*/
json_object *parse_json_len(const char *json_area, uint64_t max_length, int *json_len)
json_object *parse_json_len(struct crypt_device *cd, const char *json_area,
uint64_t max_length, int *json_len)
{
json_object *jobj;
struct json_tokener *jtok;
@@ -37,13 +38,13 @@ json_object *parse_json_len(const char *json_area, uint64_t max_length, int *jso
jtok = json_tokener_new();
if (!jtok) {
log_dbg("ERROR: Failed to init json tokener");
log_dbg(cd, "ERROR: Failed to init json tokener");
return NULL;
}
jobj = json_tokener_parse_ex(jtok, json_area, max_length);
if (!jobj)
log_dbg("ERROR: Failed to parse json data (%d): %s",
log_dbg(cd, "ERROR: Failed to parse json data (%d): %s",
json_tokener_get_error(jtok),
json_tokener_error_desc(json_tokener_get_error(jtok)));
else
@@ -54,7 +55,8 @@ json_object *parse_json_len(const char *json_area, uint64_t max_length, int *jso
return jobj;
}
static void log_dbg_checksum(const uint8_t *csum, const char *csum_alg, const char *info)
static void log_dbg_checksum(struct crypt_device *cd,
const uint8_t *csum, const char *csum_alg, const char *info)
{
char csum_txt[2*LUKS2_CHECKSUM_L+1];
int i;
@@ -63,7 +65,7 @@ static void log_dbg_checksum(const uint8_t *csum, const char *csum_alg, const ch
snprintf(&csum_txt[i*2], 3, "%02hhx", (const char)csum[i]);
csum_txt[i*2+1] = '\0'; /* Just to be safe, sprintf should write \0 there. */
log_dbg("Checksum:%s (%s)", &csum_txt[0], info);
log_dbg(cd, "Checksum:%s (%s)", &csum_txt[0], info);
}
/*
@@ -98,7 +100,8 @@ static int hdr_checksum_calculate(const char *alg, struct luks2_hdr_disk *hdr_di
/*
* Compare hash (checksum) of on-disk and in-memory header.
*/
static int hdr_checksum_check(const char *alg, struct luks2_hdr_disk *hdr_disk,
static int hdr_checksum_check(struct crypt_device *cd,
const char *alg, struct luks2_hdr_disk *hdr_disk,
const char *json_area, size_t json_len)
{
struct luks2_hdr_disk hdr_tmp;
@@ -116,8 +119,8 @@ static int hdr_checksum_check(const char *alg, struct luks2_hdr_disk *hdr_disk,
if (r < 0)
return r;
log_dbg_checksum(hdr_disk->csum, alg, "on-disk");
log_dbg_checksum(hdr_tmp.csum, alg, "in-memory");
log_dbg_checksum(cd, hdr_disk->csum, alg, "on-disk");
log_dbg_checksum(cd, hdr_tmp.csum, alg, "in-memory");
if (memcmp(hdr_tmp.csum, hdr_disk->csum, (size_t)hash_size))
return -EINVAL;
@@ -187,7 +190,8 @@ static void hdr_to_disk(struct luks2_hdr *hdr,
/*
* Sanity checks before checksum is validated
*/
static int hdr_disk_sanity_check_pre(struct luks2_hdr_disk *hdr,
static int hdr_disk_sanity_check_pre(struct crypt_device *cd,
struct luks2_hdr_disk *hdr,
size_t *hdr_json_size, int secondary,
uint64_t offset)
{
@@ -195,25 +199,25 @@ static int hdr_disk_sanity_check_pre(struct luks2_hdr_disk *hdr,
return -EINVAL;
if (be16_to_cpu(hdr->version) != 2) {
log_dbg("Unsupported LUKS2 header version %u.", be16_to_cpu(hdr->version));
log_dbg(cd, "Unsupported LUKS2 header version %u.", be16_to_cpu(hdr->version));
return -EINVAL;
}
if (offset != be64_to_cpu(hdr->hdr_offset)) {
log_dbg("LUKS2 offset 0x%04x on device differs to expected offset 0x%04x.",
log_dbg(cd, "LUKS2 offset 0x%04x on device differs to expected offset 0x%04x.",
(unsigned)be64_to_cpu(hdr->hdr_offset), (unsigned)offset);
return -EINVAL;
}
if (secondary && (offset != be64_to_cpu(hdr->hdr_size))) {
log_dbg("LUKS2 offset 0x%04x in secondary header doesn't match size 0x%04x.",
log_dbg(cd, "LUKS2 offset 0x%04x in secondary header doesn't match size 0x%04x.",
(unsigned)offset, (unsigned)be64_to_cpu(hdr->hdr_size));
return -EINVAL;
}
/* FIXME: sanity check checksum alg. */
log_dbg("LUKS2 header version %u of size %u bytes, checksum %s.",
log_dbg(cd, "LUKS2 header version %u of size %u bytes, checksum %s.",
(unsigned)be16_to_cpu(hdr->version), (unsigned)be64_to_cpu(hdr->hdr_size),
hdr->checksum_alg);
@@ -224,13 +228,14 @@ static int hdr_disk_sanity_check_pre(struct luks2_hdr_disk *hdr,
/*
* Read LUKS2 header from disk at specific offset.
*/
static int hdr_read_disk(struct device *device, struct luks2_hdr_disk *hdr_disk,
static int hdr_read_disk(struct crypt_device *cd,
struct device *device, struct luks2_hdr_disk *hdr_disk,
char **json_area, uint64_t offset, int secondary)
{
size_t hdr_json_size = 0;
int devfd = -1, r;
log_dbg("Trying to read %s LUKS2 header at offset 0x%" PRIx64 ".",
log_dbg(cd, "Trying to read %s LUKS2 header at offset 0x%" PRIx64 ".",
secondary ? "secondary" : "primary", offset);
devfd = device_open_locked(device, O_RDONLY);
@@ -248,7 +253,7 @@ static int hdr_read_disk(struct device *device, struct luks2_hdr_disk *hdr_disk,
return -EIO;
}
r = hdr_disk_sanity_check_pre(hdr_disk, &hdr_json_size, secondary, offset);
r = hdr_disk_sanity_check_pre(cd, hdr_disk, &hdr_json_size, secondary, offset);
if (r < 0) {
close(devfd);
return r;
@@ -277,9 +282,9 @@ static int hdr_read_disk(struct device *device, struct luks2_hdr_disk *hdr_disk,
/*
* Calculate and validate checksum and zero it afterwards.
*/
if (hdr_checksum_check(hdr_disk->checksum_alg, hdr_disk,
if (hdr_checksum_check(cd, hdr_disk->checksum_alg, hdr_disk,
*json_area, hdr_json_size)) {
log_dbg("LUKS2 header checksum error (offset %" PRIu64 ").", offset);
log_dbg(cd, "LUKS2 header checksum error (offset %" PRIu64 ").", offset);
r = -EINVAL;
}
memset(hdr_disk->csum, 0, LUKS2_CHECKSUM_L);
@@ -290,15 +295,16 @@ static int hdr_read_disk(struct device *device, struct luks2_hdr_disk *hdr_disk,
/*
* Write LUKS2 header to disk at specific offset.
*/
static int hdr_write_disk(struct device *device, struct luks2_hdr *hdr,
const char *json_area, int secondary)
static int hdr_write_disk(struct crypt_device *cd,
struct device *device, struct luks2_hdr *hdr,
const char *json_area, int secondary)
{
struct luks2_hdr_disk hdr_disk;
uint64_t offset = secondary ? hdr->hdr_size : 0;
size_t hdr_json_len;
int devfd = -1, r;
log_dbg("Trying to write LUKS2 header (%zu bytes) at offset %" PRIu64 ".",
log_dbg(cd, "Trying to write LUKS2 header (%zu bytes) at offset %" PRIu64 ".",
hdr->hdr_size, offset);
/* FIXME: read-only device silent fail? */
@@ -341,7 +347,7 @@ static int hdr_write_disk(struct device *device, struct luks2_hdr *hdr,
close(devfd);
return r;
}
log_dbg_checksum(hdr_disk.csum, hdr_disk.checksum_alg, "in-memory");
log_dbg_checksum(cd, hdr_disk.csum, hdr_disk.checksum_alg, "in-memory");
if (write_lseek_blockwise(devfd, device_block_size(device),
device_alignment(device), (char *)&hdr_disk,
@@ -359,12 +365,11 @@ static int LUKS2_check_device_size(struct crypt_device *cd, struct device *devic
uint64_t dev_size;
if (device_size(device, &dev_size)) {
log_dbg("Cannot get device size for device %s.", device_path(device));
log_dbg(cd, "Cannot get device size for device %s.", device_path(device));
return -EIO;
}
log_dbg("Device size %" PRIu64 ", header size %"
PRIu64 ".", dev_size, hdr_size);
log_dbg(cd, "Device size %" PRIu64 ", header size %" PRIu64 ".", dev_size, hdr_size);
if (hdr_size > dev_size) {
/* If it is header file, increase its size */
@@ -391,7 +396,7 @@ int LUKS2_disk_hdr_write(struct crypt_device *cd, struct luks2_hdr *hdr, struct
int r;
if (hdr->version != 2) {
log_dbg("Unsupported LUKS2 header version (%u).", hdr->version);
log_dbg(cd, "Unsupported LUKS2 header version (%u).", hdr->version);
return -EINVAL;
}
@@ -414,12 +419,12 @@ int LUKS2_disk_hdr_write(struct crypt_device *cd, struct luks2_hdr *hdr, struct
json_text = json_object_to_json_string_ext(hdr->jobj,
JSON_C_TO_STRING_PLAIN | JSON_C_TO_STRING_NOSLASHESCAPE);
if (!json_text || !*json_text) {
log_dbg("Cannot parse JSON object to text representation.");
log_dbg(cd, "Cannot parse JSON object to text representation.");
free(json_area);
return -ENOMEM;
}
if (strlen(json_text) > (json_area_len - 1)) {
log_dbg("JSON is too large (%zu > %zu).", strlen(json_text), json_area_len);
log_dbg(cd, "JSON is too large (%zu > %zu).", strlen(json_text), json_area_len);
free(json_area);
return -EINVAL;
}
@@ -436,12 +441,12 @@ int LUKS2_disk_hdr_write(struct crypt_device *cd, struct luks2_hdr *hdr, struct
}
/* Write primary and secondary header */
r = hdr_write_disk(device, hdr, json_area, 0);
r = hdr_write_disk(cd, device, hdr, json_area, 0);
if (!r)
r = hdr_write_disk(device, hdr, json_area, 1);
r = hdr_write_disk(cd, device, hdr, json_area, 1);
if (r)
log_dbg("LUKS2 header write failed (%d).", r);
log_dbg(cd, "LUKS2 header write failed (%d).", r);
device_write_unlock(device);
@@ -450,19 +455,19 @@ int LUKS2_disk_hdr_write(struct crypt_device *cd, struct luks2_hdr *hdr, struct
free(json_area);
return r;
}
static int validate_json_area(const char *json_area, uint64_t json_len, uint64_t max_length)
static int validate_json_area(struct crypt_device *cd, const char *json_area,
uint64_t json_len, uint64_t max_length)
{
char c;
/* Enforce there are no needless opening bytes */
if (*json_area != '{') {
log_dbg("ERROR: Opening character must be left curly bracket: '{'.");
log_dbg(cd, "ERROR: Opening character must be left curly bracket: '{'.");
return -EINVAL;
}
if (json_len >= max_length) {
log_dbg("ERROR: Missing trailing null byte beyond parsed json data string.");
log_dbg(cd, "ERROR: Missing trailing null byte beyond parsed json data string.");
return -EINVAL;
}
@@ -475,7 +480,7 @@ static int validate_json_area(const char *json_area, uint64_t json_len, uint64_t
do {
c = *(json_area + json_len);
if (c != '\0') {
log_dbg("ERROR: Forbidden ascii code 0x%02hhx found beyond json data string at offset %" PRIu64,
log_dbg(cd, "ERROR: Forbidden ascii code 0x%02hhx found beyond json data string at offset %" PRIu64,
c, json_len);
return -EINVAL;
}
@@ -484,37 +489,38 @@ static int validate_json_area(const char *json_area, uint64_t json_len, uint64_t
return 0;
}
static int validate_luks2_json_object(json_object *jobj_hdr, uint64_t length)
static int validate_luks2_json_object(struct crypt_device *cd, json_object *jobj_hdr, uint64_t length)
{
int r;
/* we require top level object to be of json_type_object */
r = !json_object_is_type(jobj_hdr, json_type_object);
if (r) {
log_dbg("ERROR: Resulting object is not a json object type");
log_dbg(cd, "ERROR: Resulting object is not a json object type");
return r;
}
r = LUKS2_hdr_validate(jobj_hdr, length);
r = LUKS2_hdr_validate(cd, jobj_hdr, length);
if (r) {
log_dbg("Repairing JSON metadata.");
log_dbg(cd, "Repairing JSON metadata.");
/* try to correct known glitches */
LUKS2_hdr_repair(jobj_hdr);
/* run validation again */
r = LUKS2_hdr_validate(jobj_hdr, length);
r = LUKS2_hdr_validate(cd, jobj_hdr, length);
}
if (r)
log_dbg("ERROR: LUKS2 validation failed");
log_dbg(cd, "ERROR: LUKS2 validation failed");
return r;
}
static json_object *parse_and_validate_json(const char *json_area, uint64_t max_length)
static json_object *parse_and_validate_json(struct crypt_device *cd,
const char *json_area, uint64_t max_length)
{
int json_len, r;
json_object *jobj = parse_json_len(json_area, max_length, &json_len);
json_object *jobj = parse_json_len(cd, json_area, max_length, &json_len);
if (!jobj)
return NULL;
@@ -522,9 +528,9 @@ static json_object *parse_and_validate_json(const char *json_area, uint64_t max_
/* successful parse_json_len must not return offset <= 0 */
assert(json_len > 0);
r = validate_json_area(json_area, json_len, max_length);
r = validate_json_area(cd, json_area, json_len, max_length);
if (!r)
r = validate_luks2_json_object(jobj, max_length);
r = validate_luks2_json_object(cd, jobj, max_length);
if (r) {
json_object_put(jobj);
@@ -534,19 +540,19 @@ static json_object *parse_and_validate_json(const char *json_area, uint64_t max_
return jobj;
}
static int detect_device_signatures(const char *path)
static int detect_device_signatures(struct crypt_device *cd, const char *path)
{
blk_probe_status prb_state;
int r;
struct blkid_handle *h;
if (!blk_supported()) {
log_dbg("Blkid probing of device signatures disabled.");
log_dbg(cd, "Blkid probing of device signatures disabled.");
return 0;
}
if ((r = blk_init_by_path(&h, path))) {
log_dbg("Failed to initialize blkid_handle by path.");
log_dbg(cd, "Failed to initialize blkid_handle by path.");
return -EINVAL;
}
@@ -560,22 +566,22 @@ static int detect_device_signatures(const char *path)
switch (prb_state) {
case PRB_AMBIGUOUS:
log_dbg("Blkid probe couldn't decide device type unambiguously.");
log_dbg(cd, "Blkid probe couldn't decide device type unambiguously.");
/* fall through */
case PRB_FAIL:
log_dbg("Blkid probe failed.");
log_dbg(cd, "Blkid probe failed.");
r = -EINVAL;
break;
case PRB_OK: /* crypto_LUKS type is filtered out */
r = -EINVAL;
if (blk_is_partition(h))
log_dbg("Blkid probe detected partition type '%s'", blk_get_partition_type(h));
log_dbg(cd, "Blkid probe detected partition type '%s'", blk_get_partition_type(h));
else if (blk_is_superblock(h))
log_dbg("blkid probe detected superblock type '%s'", blk_get_superblock_type(h));
log_dbg(cd, "blkid probe detected superblock type '%s'", blk_get_superblock_type(h));
break;
case PRB_EMPTY:
log_dbg("Blkid probe detected no foreign device signature.");
log_dbg(cd, "Blkid probe detected no foreign device signature.");
}
blk_free(h);
return r;
@@ -600,16 +606,16 @@ int LUKS2_disk_hdr_read(struct crypt_device *cd, struct luks2_hdr *hdr,
/* Skip auto-recovery if locks are disabled and we're not doing LUKS2 explicit repair */
if (do_recovery && do_blkprobe && !crypt_metadata_locking_enabled()) {
do_recovery = 0;
log_dbg("Disabling header auto-recovery due to locking being disabled.");
log_dbg(cd, "Disabling header auto-recovery due to locking being disabled.");
}
/*
* Read primary LUKS2 header (offset 0).
*/
state_hdr1 = HDR_FAIL;
r = hdr_read_disk(device, &hdr_disk1, &json_area1, 0, 0);
r = hdr_read_disk(cd, device, &hdr_disk1, &json_area1, 0, 0);
if (r == 0) {
jobj_hdr1 = parse_and_validate_json(json_area1, be64_to_cpu(hdr_disk1.hdr_size) - LUKS2_HDR_BIN_LEN);
jobj_hdr1 = parse_and_validate_json(cd, json_area1, be64_to_cpu(hdr_disk1.hdr_size) - LUKS2_HDR_BIN_LEN);
state_hdr1 = jobj_hdr1 ? HDR_OK : HDR_OBSOLETE;
} else if (r == -EIO)
state_hdr1 = HDR_FAIL_IO;
@@ -619,9 +625,9 @@ int LUKS2_disk_hdr_read(struct crypt_device *cd, struct luks2_hdr *hdr,
*/
state_hdr2 = HDR_FAIL;
if (state_hdr1 != HDR_FAIL && state_hdr1 != HDR_FAIL_IO) {
r = hdr_read_disk(device, &hdr_disk2, &json_area2, be64_to_cpu(hdr_disk1.hdr_size), 1);
r = hdr_read_disk(cd, device, &hdr_disk2, &json_area2, be64_to_cpu(hdr_disk1.hdr_size), 1);
if (r == 0) {
jobj_hdr2 = parse_and_validate_json(json_area2, be64_to_cpu(hdr_disk2.hdr_size) - LUKS2_HDR_BIN_LEN);
jobj_hdr2 = parse_and_validate_json(cd, json_area2, be64_to_cpu(hdr_disk2.hdr_size) - LUKS2_HDR_BIN_LEN);
state_hdr2 = jobj_hdr2 ? HDR_OK : HDR_OBSOLETE;
} else if (r == -EIO)
state_hdr2 = HDR_FAIL_IO;
@@ -630,10 +636,10 @@ int LUKS2_disk_hdr_read(struct crypt_device *cd, struct luks2_hdr *hdr,
* No header size, check all known offsets.
*/
for (r = -EINVAL,i = 0; r < 0 && i < ARRAY_SIZE(hdr2_offsets); i++)
r = hdr_read_disk(device, &hdr_disk2, &json_area2, hdr2_offsets[i], 1);
r = hdr_read_disk(cd, device, &hdr_disk2, &json_area2, hdr2_offsets[i], 1);
if (r == 0) {
jobj_hdr2 = parse_and_validate_json(json_area2, be64_to_cpu(hdr_disk2.hdr_size) - LUKS2_HDR_BIN_LEN);
jobj_hdr2 = parse_and_validate_json(cd, json_area2, be64_to_cpu(hdr_disk2.hdr_size) - LUKS2_HDR_BIN_LEN);
state_hdr2 = jobj_hdr2 ? HDR_OK : HDR_OBSOLETE;
} else if (r == -EIO)
state_hdr2 = HDR_FAIL_IO;
@@ -667,9 +673,9 @@ int LUKS2_disk_hdr_read(struct crypt_device *cd, struct luks2_hdr *hdr,
* Try to rewrite (recover) bad header. Always regenerate salt for bad header.
*/
if (state_hdr1 == HDR_OK && state_hdr2 != HDR_OK) {
log_dbg("Secondary LUKS2 header requires recovery.");
log_dbg(cd, "Secondary LUKS2 header requires recovery.");
if (do_blkprobe && (r = detect_device_signatures(device_path(device)))) {
if (do_blkprobe && (r = detect_device_signatures(cd, device_path(device)))) {
log_err(cd, _("Device contains ambiguous signatures, cannot auto-recover LUKS2.\n"
"Please run \"cryptsetup repair\" for recovery."));
goto err;
@@ -679,18 +685,18 @@ int LUKS2_disk_hdr_read(struct crypt_device *cd, struct luks2_hdr *hdr,
memcpy(&hdr_disk2, &hdr_disk1, LUKS2_HDR_BIN_LEN);
r = crypt_random_get(NULL, (char*)hdr_disk2.salt, sizeof(hdr_disk2.salt), CRYPT_RND_SALT);
if (r)
log_dbg("Cannot generate master salt.");
log_dbg(cd, "Cannot generate master salt.");
else {
hdr_from_disk(&hdr_disk1, &hdr_disk2, hdr, 0);
r = hdr_write_disk(device, hdr, json_area1, 1);
r = hdr_write_disk(cd, device, hdr, json_area1, 1);
}
if (r)
log_dbg("Secondary LUKS2 header recovery failed.");
log_dbg(cd, "Secondary LUKS2 header recovery failed.");
}
} else if (state_hdr1 != HDR_OK && state_hdr2 == HDR_OK) {
log_dbg("Primary LUKS2 header requires recovery.");
log_dbg(cd, "Primary LUKS2 header requires recovery.");
if (do_blkprobe && (r = detect_device_signatures(device_path(device)))) {
if (do_blkprobe && (r = detect_device_signatures(cd, device_path(device)))) {
log_err(cd, _("Device contains ambiguous signatures, cannot auto-recover LUKS2.\n"
"Please run \"cryptsetup repair\" for recovery."));
goto err;
@@ -700,13 +706,13 @@ int LUKS2_disk_hdr_read(struct crypt_device *cd, struct luks2_hdr *hdr,
memcpy(&hdr_disk1, &hdr_disk2, LUKS2_HDR_BIN_LEN);
r = crypt_random_get(NULL, (char*)hdr_disk1.salt, sizeof(hdr_disk1.salt), CRYPT_RND_SALT);
if (r)
log_dbg("Cannot generate master salt.");
log_dbg(cd, "Cannot generate master salt.");
else {
hdr_from_disk(&hdr_disk2, &hdr_disk1, hdr, 1);
r = hdr_write_disk(device, hdr, json_area2, 0);
r = hdr_write_disk(cd, device, hdr, json_area2, 0);
}
if (r)
log_dbg("Primary LUKS2 header recovery failed.");
log_dbg(cd, "Primary LUKS2 header recovery failed.");
}
}
@@ -738,7 +744,7 @@ int LUKS2_disk_hdr_read(struct crypt_device *cd, struct luks2_hdr *hdr,
*/
return 0;
err:
log_dbg("LUKS2 header read failed (%d).", r);
log_dbg(cd, "LUKS2 header read failed (%d).", r);
free(json_area1);
free(json_area2);

21
lib/luks2/luks2_internal.h
View File

@@ -58,25 +58,28 @@ json_object *LUKS2_get_tokens_jobj(struct luks2_hdr *hdr);
void hexprint_base64(struct crypt_device *cd, json_object *jobj,
const char *sep, const char *line_sep);
json_object *parse_json_len(const char *json_area, uint64_t max_length, int *json_len);
json_object *parse_json_len(struct crypt_device *cd, const char *json_area,
uint64_t max_length, int *json_len);
uint64_t json_object_get_uint64(json_object *jobj);
uint32_t json_object_get_uint32(json_object *jobj);
json_object *json_object_new_uint64(uint64_t value);
void JSON_DBG(json_object *jobj, const char *desc);
void JSON_DBG(struct crypt_device *cd, json_object *jobj, const char *desc);
/*
* LUKS2 JSON validation
*/
/* validation helper */
json_object *json_contains(json_object *jobj, const char *name, const char *section,
const char *key, json_type type);
json_object *json_contains(struct crypt_device *cd, json_object *jobj, const char *name,
const char *section, const char *key, json_type type);
int LUKS2_hdr_validate(json_object *hdr_jobj, uint64_t json_size);
int LUKS2_keyslot_validate(json_object *hdr_jobj, json_object *hdr_keyslot, const char *key);
int LUKS2_check_json_size(const struct luks2_hdr *hdr);
int LUKS2_token_validate(json_object *hdr_jobj, json_object *jobj_token, const char *key);
int LUKS2_hdr_validate(struct crypt_device *cd, json_object *hdr_jobj, uint64_t json_size);
int LUKS2_keyslot_validate(struct crypt_device *cd, json_object *hdr_jobj,
json_object *hdr_keyslot, const char *key);
int LUKS2_check_json_size(struct crypt_device *cd, const struct luks2_hdr *hdr);
int LUKS2_token_validate(struct crypt_device *cd, json_object *hdr_jobj,
json_object *jobj_token, const char *key);
void LUKS2_token_dump(struct crypt_device *cd, int token);
/*
@@ -122,7 +125,7 @@ int placeholder_keyslot_alloc(struct crypt_device *cd,
size_t volume_key_len);
/* validate all keyslot implementations in hdr json */
int LUKS2_keyslots_validate(json_object *hdr_jobj);
int LUKS2_keyslots_validate(struct crypt_device *cd, json_object *hdr_jobj);
typedef struct {
const char *name;

10
lib/luks2/luks2_json_format.c
View File

@@ -100,7 +100,7 @@ int LUKS2_find_area_gap(struct crypt_device *cd, struct luks2_hdr *hdr,
return -EINVAL;
}
log_dbg("Found area %zu -> %zu", offset, length + offset);
log_dbg(cd, "Found area %zu -> %zu", offset, length + offset);
/*
log_dbg("Area offset min: %zu, max %zu, slots max %u",
get_min_offset(hdr), get_max_offset(cd), LUKS2_KEYSLOTS_MAX);
@@ -242,7 +242,7 @@ int LUKS2_generate_hdr(
json_object_object_add(jobj_config, "keyslots_size", json_object_new_uint64(keyslots_size));
JSON_DBG(hdr->jobj, "Header JSON");
JSON_DBG(cd, hdr->jobj, "Header JSON");
return 0;
}
@@ -258,7 +258,7 @@ int LUKS2_wipe_header_areas(struct crypt_device *cd,
length = LUKS2_get_data_offset(hdr) * SECTOR_SIZE;
wipe_block = 1024 * 1024;
if (LUKS2_hdr_validate(hdr->jobj, hdr->hdr_size - LUKS2_HDR_BIN_LEN))
if (LUKS2_hdr_validate(cd, hdr->jobj, hdr->hdr_size - LUKS2_HDR_BIN_LEN))
return -EINVAL;
/* On detached header wipe at least the first 4k */
@@ -267,7 +267,7 @@ int LUKS2_wipe_header_areas(struct crypt_device *cd,
wipe_block = 4096;
}
log_dbg("Wiping LUKS areas (0x%06" PRIx64 " - 0x%06" PRIx64") with zeroes.",
log_dbg(cd, "Wiping LUKS areas (0x%06" PRIx64 " - 0x%06" PRIx64") with zeroes.",
offset, length + offset);
r = crypt_wipe_device(cd, crypt_metadata_device(cd), CRYPT_WIPE_ZERO,
@@ -280,7 +280,7 @@ int LUKS2_wipe_header_areas(struct crypt_device *cd,
offset = get_min_offset(hdr);
length = LUKS2_keyslots_size(hdr->jobj);
log_dbg("Wiping keyslots area (0x%06" PRIx64 " - 0x%06" PRIx64") with random data.",
log_dbg(cd, "Wiping keyslots area (0x%06" PRIx64 " - 0x%06" PRIx64") with random data.",
offset, length + offset);
return crypt_wipe_device(cd, crypt_metadata_device(cd), CRYPT_WIPE_RANDOM,

246
lib/luks2/luks2_json_metadata.c
View File

@@ -54,12 +54,12 @@ void hexprint_base64(struct crypt_device *cd, json_object *jobj,
free(buf);
}
void JSON_DBG(json_object *jobj, const char *desc)
void JSON_DBG(struct crypt_device *cd, json_object *jobj, const char *desc)
{
/* FIXME: make this conditional and disable for stable release. */
if (desc)
log_dbg("%s:", desc);
log_dbg("%s", json_object_to_json_string_ext(jobj,
log_dbg(cd, "%s:", desc);
log_dbg(cd, "%s", json_object_to_json_string_ext(jobj,
JSON_C_TO_STRING_PRETTY | JSON_C_TO_STRING_NOSLASHESCAPE));
}
@@ -206,8 +206,6 @@ static json_bool json_str_to_uint64(json_object *jobj, uint64_t *value)
errno = 0;
tmp = strtoull(json_object_get_string(jobj), &endptr, 10);
if (*endptr || errno) {
log_dbg("Failed to parse uint64_t type from string %s.",
json_object_get_string(jobj));
*value = 0;
return FALSE;
}
@@ -240,26 +238,26 @@ json_object *json_object_new_uint64(uint64_t value)
/*
* Validate helpers
*/
static json_bool numbered(const char *name, const char *key)
static json_bool numbered(struct crypt_device *cd, const char *name, const char *key)
{
int i;
for (i = 0; key[i]; i++)
if (!isdigit(key[i])) {
log_dbg("%s \"%s\" is not in numbered form.", name, key);
log_dbg(cd, "%s \"%s\" is not in numbered form.", name, key);
return FALSE;
}
return TRUE;
}
json_object *json_contains(json_object *jobj, const char *name,
json_object *json_contains(struct crypt_device *cd, json_object *jobj, const char *name,
const char *section, const char *key, json_type type)
{
json_object *sobj;
if (!json_object_object_get_ex(jobj, key, &sobj) ||
!json_object_is_type(sobj, type)) {
log_dbg("%s \"%s\" is missing \"%s\" (%s) specification.",
log_dbg(cd, "%s \"%s\" is missing \"%s\" (%s) specification.",
section, name, key, json_type_to_name(type));
return NULL;
}
@@ -305,7 +303,8 @@ static json_bool validate_json_uint32(json_object *jobj)
return (errno || tmp < 0 || tmp > UINT32_MAX) ? FALSE : TRUE;
}
static json_bool validate_keyslots_array(json_object *jarr, json_object *jobj_keys)
static json_bool validate_keyslots_array(struct crypt_device *cd,
json_object *jarr, json_object *jobj_keys)
{
json_object *jobj;
int i = 0, length = (int) json_object_array_length(jarr);
@@ -313,11 +312,11 @@ static json_bool validate_keyslots_array(json_object *jarr, json_object *jobj_ke
while (i < length) {
jobj = json_object_array_get_idx(jarr, i);
if (!json_object_is_type(jobj, json_type_string)) {
log_dbg("Illegal value type in keyslots array at index %d.", i);
log_dbg(cd, "Illegal value type in keyslots array at index %d.", i);
return FALSE;
}
if (!json_contains(jobj_keys, "", "Keyslots section",
if (!json_contains(cd, jobj_keys, "", "Keyslots section",
json_object_get_string(jobj), json_type_object))
return FALSE;
@@ -327,7 +326,8 @@ static json_bool validate_keyslots_array(json_object *jarr, json_object *jobj_ke
return TRUE;
}
static json_bool validate_segments_array(json_object *jarr, json_object *jobj_segments)
static json_bool validate_segments_array(struct crypt_device *cd,
json_object *jarr, json_object *jobj_segments)
{
json_object *jobj;
int i = 0, length = (int) json_object_array_length(jarr);
@@ -335,11 +335,11 @@ static json_bool validate_segments_array(json_object *jarr, json_object *jobj_se
while (i < length) {
jobj = json_object_array_get_idx(jarr, i);
if (!json_object_is_type(jobj, json_type_string)) {
log_dbg("Illegal value type in segments array at index %d.", i);
log_dbg(cd, "Illegal value type in segments array at index %d.", i);
return FALSE;
}
if (!json_contains(jobj_segments, "", "Segments section",
if (!json_contains(cd, jobj_segments, "", "Segments section",
json_object_get_string(jobj), json_type_object))
return FALSE;
@@ -363,24 +363,25 @@ static json_bool segment_has_digest(const char *segment_name, json_object *jobj_
return FALSE;
}
static json_bool validate_intervals(int length, const struct interval *ix, uint64_t *data_offset)
static json_bool validate_intervals(struct crypt_device *cd,
int length, const struct interval *ix, uint64_t *data_offset)
{
int j, i = 0;
while (i < length) {
if (ix[i].offset < 2 * LUKS2_HDR_16K_LEN) {
log_dbg("Illegal area offset: %" PRIu64 ".", ix[i].offset);
log_dbg(cd, "Illegal area offset: %" PRIu64 ".", ix[i].offset);
return FALSE;
}
if (!ix[i].length) {
log_dbg("Area length must be greater than zero.");
log_dbg(cd, "Area length must be greater than zero.");
return FALSE;
}
/* first segment at offset 0 means we have detached header. Do not check then. */
if (*data_offset && (ix[i].offset + ix[i].length) > *data_offset) {
log_dbg("Area [%" PRIu64 ", %" PRIu64 "] intersects with segment starting at offset: %" PRIu64,
log_dbg(cd, "Area [%" PRIu64 ", %" PRIu64 "] intersects with segment starting at offset: %" PRIu64,
ix[i].offset, ix[i].offset + ix[i].length, *data_offset);
return FALSE;
}
@@ -389,7 +390,7 @@ static json_bool validate_intervals(int length, const struct interval *ix, uint6
if (i == j)
continue;
if ((ix[i].offset >= ix[j].offset) && (ix[i].offset < (ix[j].offset + ix[j].length))) {
log_dbg("Overlapping areas [%" PRIu64 ",%" PRIu64 "] and [%" PRIu64 ",%" PRIu64 "].",
log_dbg(cd, "Overlapping areas [%" PRIu64 ",%" PRIu64 "] and [%" PRIu64 ",%" PRIu64 "].",
ix[i].offset, ix[i].offset + ix[i].length,
ix[j].offset, ix[j].offset + ix[j].length);
return FALSE;
@@ -402,30 +403,31 @@ static json_bool validate_intervals(int length, const struct interval *ix, uint6
return TRUE;
}
static int hdr_validate_areas(json_object *hdr_jobj);
int LUKS2_keyslot_validate(json_object *hdr_jobj, json_object *hdr_keyslot, const char *key)
static int hdr_validate_areas(struct crypt_device *, json_object *hdr_jobj);
int LUKS2_keyslot_validate(struct crypt_device *cd, json_object *hdr_jobj, json_object *hdr_keyslot, const char *key)
{
json_object *jobj_key_size;
if (!json_contains(hdr_keyslot, key, "Keyslot", "type", json_type_string))
if (!json_contains(cd, hdr_keyslot, key, "Keyslot", "type", json_type_string))
return 1;
if (!(jobj_key_size = json_contains(hdr_keyslot, key, "Keyslot", "key_size", json_type_int)))
if (!(jobj_key_size = json_contains(cd, hdr_keyslot, key, "Keyslot", "key_size", json_type_int)))
return 1;
/* enforce uint32_t type */
if (!validate_json_uint32(jobj_key_size)) {
log_dbg("Illegal field \"key_size\":%s.",
log_dbg(cd, "Illegal field \"key_size\":%s.",
json_object_get_string(jobj_key_size));
return 1;
}
if (hdr_validate_areas(hdr_jobj))
if (hdr_validate_areas(cd, hdr_jobj))
return 1;
return 0;
}
int LUKS2_token_validate(json_object *hdr_jobj, json_object *jobj_token, const char *key)
int LUKS2_token_validate(struct crypt_device *cd,
json_object *hdr_jobj, json_object *jobj_token, const char *key)
{
json_object *jarr, *jobj_keyslots;
@@ -433,20 +435,20 @@ int LUKS2_token_validate(json_object *hdr_jobj, json_object *jobj_token, const c
if (!json_object_object_get_ex(hdr_jobj, "keyslots", &jobj_keyslots))
return 1;
if (!json_contains(jobj_token, key, "Token", "type", json_type_string))
if (!json_contains(cd, jobj_token, key, "Token", "type", json_type_string))
return 1;
jarr = json_contains(jobj_token, key, "Token", "keyslots", json_type_array);
jarr = json_contains(cd, jobj_token, key, "Token", "keyslots", json_type_array);
if (!jarr)
return 1;
if (!validate_keyslots_array(jarr, jobj_keyslots))
if (!validate_keyslots_array(cd, jarr, jobj_keyslots))
return 1;
return 0;
}
static int hdr_validate_json_size(json_object *hdr_jobj, uint64_t hdr_json_size)
static int hdr_validate_json_size(struct crypt_device *cd, json_object *hdr_jobj, uint64_t hdr_json_size)
{
json_object *jobj, *jobj1;
const char *json;
@@ -461,122 +463,123 @@ static int hdr_validate_json_size(json_object *hdr_jobj, uint64_t hdr_json_size)
json_size = (uint64_t)strlen(json);
if (hdr_json_size != json_area_size) {
log_dbg("JSON area size doesn't match value in binary header.");
log_dbg(cd, "JSON area size doesn't match value in binary header.");
return 1;
}
if (json_size > json_area_size) {
log_dbg("JSON doesn't fit in the designated area.");
log_dbg(cd, "JSON doesn't fit in the designated area.");
return 1;
}
return 0;
}
int LUKS2_check_json_size(const struct luks2_hdr *hdr)
int LUKS2_check_json_size(struct crypt_device *cd, const struct luks2_hdr *hdr)
{
return hdr_validate_json_size(hdr->jobj, hdr->hdr_size - LUKS2_HDR_BIN_LEN);
return hdr_validate_json_size(cd, hdr->jobj, hdr->hdr_size - LUKS2_HDR_BIN_LEN);
}
static int hdr_validate_keyslots(json_object *hdr_jobj)
static int hdr_validate_keyslots(struct crypt_device *cd, json_object *hdr_jobj)
{
json_object *jobj;
if (!json_object_object_get_ex(hdr_jobj, "keyslots", &jobj)) {
log_dbg("Missing keyslots section.");
log_dbg(cd, "Missing keyslots section.");
return 1;
}
json_object_object_foreach(jobj, key, val) {
if (!numbered("Keyslot", key))
if (!numbered(cd, "Keyslot", key))
return 1;
if (LUKS2_keyslot_validate(hdr_jobj, val, key))
if (LUKS2_keyslot_validate(cd, hdr_jobj, val, key))
return 1;
}
return 0;
}
static int hdr_validate_tokens(json_object *hdr_jobj)
static int hdr_validate_tokens(struct crypt_device *cd, json_object *hdr_jobj)
{
json_object *jobj;
if (!json_object_object_get_ex(hdr_jobj, "tokens", &jobj)) {
log_dbg("Missing tokens section.");
log_dbg(cd, "Missing tokens section.");
return 1;
}
json_object_object_foreach(jobj, key, val) {
if (!numbered("Token", key))
if (!numbered(cd, "Token", key))
return 1;
if (LUKS2_token_validate(hdr_jobj, val, key))
if (LUKS2_token_validate(cd, hdr_jobj, val, key))
return 1;
}
return 0;
}
static int hdr_validate_crypt_segment(json_object *jobj, const char *key, json_object *jobj_digests,
static int hdr_validate_crypt_segment(struct crypt_device *cd,
json_object *jobj, const char *key, json_object *jobj_digests,
uint64_t offset, uint64_t size)
{
json_object *jobj_ivoffset, *jobj_sector_size, *jobj_integrity;
uint32_t sector_size;
uint64_t ivoffset;
if (!(jobj_ivoffset = json_contains(jobj, key, "Segment", "iv_tweak", json_type_string)) ||
!json_contains(jobj, key, "Segment", "encryption", json_type_string) ||
!(jobj_sector_size = json_contains(jobj, key, "Segment", "sector_size", json_type_int)))
if (!(jobj_ivoffset = json_contains(cd, jobj, key, "Segment", "iv_tweak", json_type_string)) ||
!json_contains(cd, jobj, key, "Segment", "encryption", json_type_string) ||
!(jobj_sector_size = json_contains(cd, jobj, key, "Segment", "sector_size", json_type_int)))
return 1;
/* integrity */
if (json_object_object_get_ex(jobj, "integrity", &jobj_integrity)) {
if (!json_contains(jobj, key, "Segment", "integrity", json_type_object) ||
!json_contains(jobj_integrity, key, "Segment integrity", "type", json_type_string) ||
!json_contains(jobj_integrity, key, "Segment integrity", "journal_encryption", json_type_string) ||
!json_contains(jobj_integrity, key, "Segment integrity", "journal_integrity", json_type_string))
if (!json_contains(cd, jobj, key, "Segment", "integrity", json_type_object) ||
!json_contains(cd, jobj_integrity, key, "Segment integrity", "type", json_type_string) ||
!json_contains(cd, jobj_integrity, key, "Segment integrity", "journal_encryption", json_type_string) ||
!json_contains(cd, jobj_integrity, key, "Segment integrity", "journal_integrity", json_type_string))
return 1;
}
/* enforce uint32_t type */
if (!validate_json_uint32(jobj_sector_size)) {
log_dbg("Illegal field \"sector_size\":%s.",
log_dbg(cd, "Illegal field \"sector_size\":%s.",
json_object_get_string(jobj_sector_size));
return 1;
}
sector_size = json_object_get_uint32(jobj_sector_size);
if (!sector_size || MISALIGNED_512(sector_size)) {
log_dbg("Illegal sector size: %" PRIu32, sector_size);
log_dbg(cd, "Illegal sector size: %" PRIu32, sector_size);
return 1;
}
if (!numbered("iv_tweak", json_object_get_string(jobj_ivoffset)) ||
if (!numbered(cd, "iv_tweak", json_object_get_string(jobj_ivoffset)) ||
!json_str_to_uint64(jobj_ivoffset, &ivoffset)) {
log_dbg("Illegal iv_tweak value.");
log_dbg(cd, "Illegal iv_tweak value.");
return 1;
}
if (size % sector_size) {
log_dbg("Size field has to be aligned to sector size: %" PRIu32, sector_size);
log_dbg(cd, "Size field has to be aligned to sector size: %" PRIu32, sector_size);
return 1;
}
return !segment_has_digest(key, jobj_digests);
}
static int hdr_validate_segments(json_object *hdr_jobj)
static int hdr_validate_segments(struct crypt_device *cd, json_object *hdr_jobj)
{
json_object *jobj, *jobj_digests, *jobj_offset, *jobj_size, *jobj_type, *jobj_flags;
int i;
uint64_t offset, size;
if (!json_object_object_get_ex(hdr_jobj, "segments", &jobj)) {
log_dbg("Missing segments section.");
log_dbg(cd, "Missing segments section.");
return 1;
}
if (json_object_object_length(jobj) < 1) {
log_dbg("Empty segments section.");
log_dbg(cd, "Empty segments section.");
return 1;
}
@@ -585,22 +588,22 @@ static int hdr_validate_segments(json_object *hdr_jobj)
return 1;
json_object_object_foreach(jobj, key, val) {
if (!numbered("Segment", key))
if (!numbered(cd, "Segment", key))
return 1;
/* those fields are mandatory for all segment types */
if (!(jobj_type = json_contains(val, key, "Segment", "type", json_type_string)) ||
!(jobj_offset = json_contains(val, key, "Segment", "offset", json_type_string)) ||
!(jobj_size = json_contains(val, key, "Segment", "size", json_type_string)))
if (!(jobj_type = json_contains(cd, val, key, "Segment", "type", json_type_string)) ||
!(jobj_offset = json_contains(cd, val, key, "Segment", "offset", json_type_string)) ||
!(jobj_size = json_contains(cd, val, key, "Segment", "size", json_type_string)))
return 1;
if (!numbered("offset", json_object_get_string(jobj_offset)) ||
if (!numbered(cd, "offset", json_object_get_string(jobj_offset)) ||
!json_str_to_uint64(jobj_offset, &offset))
return 1;
/* size "dynamic" means whole device starting at 'offset' */
if (strcmp(json_object_get_string(jobj_size), "dynamic")) {
if (!numbered("size", json_object_get_string(jobj_size)) ||
if (!numbered(cd, "size", json_object_get_string(jobj_size)) ||
!json_str_to_uint64(jobj_size, &size) || !size)
return 1;
} else
@@ -608,17 +611,17 @@ static int hdr_validate_segments(json_object *hdr_jobj)
/* all device-mapper devices are aligned to 512 sector size */
if (MISALIGNED_512(offset)) {
log_dbg("Offset field has to be aligned to sector size: %" PRIu32, SECTOR_SIZE);
log_dbg(cd, "Offset field has to be aligned to sector size: %" PRIu32, SECTOR_SIZE);
return 1;
}
if (MISALIGNED_512(size)) {
log_dbg("Size field has to be aligned to sector size: %" PRIu32, SECTOR_SIZE);
log_dbg(cd, "Size field has to be aligned to sector size: %" PRIu32, SECTOR_SIZE);
return 1;
}
/* flags array is optional and must contain strings */
if (json_object_object_get_ex(val, "flags", NULL)) {
if (!(jobj_flags = json_contains(val, key, "Segment", "flags", json_type_array)))
if (!(jobj_flags = json_contains(cd, val, key, "Segment", "flags", json_type_array)))
return 1;
for (i = 0; i < (int) json_object_array_length(jobj_flags); i++)
if (!json_object_is_type(json_object_array_get_idx(jobj_flags, i), json_type_string))
@@ -627,14 +630,14 @@ static int hdr_validate_segments(json_object *hdr_jobj)
/* crypt */
if (!strcmp(json_object_get_string(jobj_type), "crypt") &&
hdr_validate_crypt_segment(val, key, jobj_digests, offset, size))
hdr_validate_crypt_segment(cd, val, key, jobj_digests, offset, size))
return 1;
}
return 0;
}
static int hdr_validate_areas(json_object *hdr_jobj)
static int hdr_validate_areas(struct crypt_device *cd, json_object *hdr_jobj)
{
struct interval *intervals;
json_object *jobj_keyslots, *jobj_offset, *jobj_length, *jobj_segments, *jobj_area;
@@ -655,23 +658,23 @@ static int hdr_validate_areas(json_object *hdr_jobj)
return 0;
if (length < 0) {
log_dbg("Invalid keyslot areas specification.");
log_dbg(cd, "Invalid keyslot areas specification.");
return 1;
}
intervals = malloc(length * sizeof(*intervals));
if (!intervals) {
log_dbg("Not enough memory.");
log_dbg(cd, "Not enough memory.");
return -ENOMEM;
}
json_object_object_foreach(jobj_keyslots, key, val) {
if (!(jobj_area = json_contains(val, key, "Keyslot", "area", json_type_object)) ||
!(jobj_offset = json_contains(jobj_area, key, "Keyslot", "offset", json_type_string)) ||
!(jobj_length = json_contains(jobj_area, key, "Keyslot", "size", json_type_string)) ||
!numbered("offset", json_object_get_string(jobj_offset)) ||
!numbered("size", json_object_get_string(jobj_length))) {
if (!(jobj_area = json_contains(cd, val, key, "Keyslot", "area", json_type_object)) ||
!(jobj_offset = json_contains(cd, jobj_area, key, "Keyslot", "offset", json_type_string)) ||
!(jobj_length = json_contains(cd, jobj_area, key, "Keyslot", "size", json_type_string)) ||
!numbered(cd, "offset", json_object_get_string(jobj_offset)) ||
!numbered(cd, "size", json_object_get_string(jobj_length))) {
free(intervals);
return 1;
}
@@ -693,19 +696,19 @@ static int hdr_validate_areas(json_object *hdr_jobj)
first_offset = get_first_data_offset(jobj_segments, NULL);
ret = validate_intervals(length, intervals, &first_offset) ? 0 : 1;
ret = validate_intervals(cd, length, intervals, &first_offset) ? 0 : 1;
free(intervals);
return ret;
}
static int hdr_validate_digests(json_object *hdr_jobj)
static int hdr_validate_digests(struct crypt_device *cd, json_object *hdr_jobj)
{
json_object *jarr_keys, *jarr_segs, *jobj, *jobj_keyslots, *jobj_segments;
if (!json_object_object_get_ex(hdr_jobj, "digests", &jobj)) {
log_dbg("Missing digests section.");
log_dbg(cd, "Missing digests section.");
return 1;
}
@@ -718,17 +721,17 @@ static int hdr_validate_digests(json_object *hdr_jobj)
return 1;
json_object_object_foreach(jobj, key, val) {
if (!numbered("Digest", key))
if (!numbered(cd, "Digest", key))
return 1;
if (!json_contains(val, key, "Digest", "type", json_type_string) ||
!(jarr_keys = json_contains(val, key, "Digest", "keyslots", json_type_array)) ||
!(jarr_segs = json_contains(val, key, "Digest", "segments", json_type_array)))
if (!json_contains(cd, val, key, "Digest", "type", json_type_string) ||
!(jarr_keys = json_contains(cd, val, key, "Digest", "keyslots", json_type_array)) ||
!(jarr_segs = json_contains(cd, val, key, "Digest", "segments", json_type_array)))
return 1;
if (!validate_keyslots_array(jarr_keys, jobj_keyslots))
if (!validate_keyslots_array(cd, jarr_keys, jobj_keyslots))
return 1;
if (!validate_segments_array(jarr_segs, jobj_segments))
if (!validate_segments_array(cd, jarr_segs, jobj_segments))
return 1;
}
@@ -736,7 +739,8 @@ static int hdr_validate_digests(json_object *hdr_jobj)
}
/* requires keyslots and segments sections being already validated */
static int validate_keyslots_size(json_object *hdr_jobj, uint64_t metadata_size, uint64_t keyslots_size)
static int validate_keyslots_size(struct crypt_device *cd, json_object *hdr_jobj,
uint64_t metadata_size, uint64_t keyslots_size)
{
json_object *jobj_keyslots, *jobj, *jobj1;
uint64_t segment_offset, keyslots_area_sum = 0;
@@ -746,7 +750,7 @@ static int validate_keyslots_size(json_object *hdr_jobj, uint64_t metadata_size,
if (segment_offset &&
(segment_offset < keyslots_size ||
(segment_offset - keyslots_size) < (2 * metadata_size))) {
log_dbg("keyslots_size is too large %" PRIu64 " (bytes). Data offset: %" PRIu64
log_dbg(cd, "keyslots_size is too large %" PRIu64 " (bytes). Data offset: %" PRIu64
", keyslots offset: %" PRIu64, keyslots_size, segment_offset, 2 * metadata_size);
return 1;
}
@@ -761,7 +765,7 @@ static int validate_keyslots_size(json_object *hdr_jobj, uint64_t metadata_size,
}
if (keyslots_area_sum > keyslots_size) {
log_dbg("Sum of all keyslot area sizes (%" PRIu64 ") is greater than value in config section %"
log_dbg(cd, "Sum of all keyslot area sizes (%" PRIu64 ") is greater than value in config section %"
PRIu64, keyslots_area_sum, keyslots_size);
return 1;
}
@@ -769,41 +773,41 @@ static int validate_keyslots_size(json_object *hdr_jobj, uint64_t metadata_size,
return 0;
}
static int hdr_validate_config(json_object *hdr_jobj)
static int hdr_validate_config(struct crypt_device *cd, json_object *hdr_jobj)
{
json_object *jobj_config, *jobj, *jobj1;
int i;
uint64_t json_size, keyslots_size;
if (!json_object_object_get_ex(hdr_jobj, "config", &jobj_config)) {
log_dbg("Missing config section.");
log_dbg(cd, "Missing config section.");
return 1;
}
if (!(jobj = json_contains(jobj_config, "section", "Config", "json_size", json_type_string)) ||
if (!(jobj = json_contains(cd, jobj_config, "section", "Config", "json_size", json_type_string)) ||
!json_str_to_uint64(jobj, &json_size))
return 1;
if (!(jobj = json_contains(jobj_config, "section", "Config", "keyslots_size", json_type_string)) ||
if (!(jobj = json_contains(cd, jobj_config, "section", "Config", "keyslots_size", json_type_string)) ||
!json_str_to_uint64(jobj, &keyslots_size))
return 1;
if (LUKS2_check_metadata_area_size(json_size + LUKS2_HDR_BIN_LEN)) {
log_dbg("Unsupported LUKS2 header size (%" PRIu64 ").", json_size + LUKS2_HDR_BIN_LEN);
log_dbg(cd, "Unsupported LUKS2 header size (%" PRIu64 ").", json_size + LUKS2_HDR_BIN_LEN);
return 1;
}
if (LUKS2_check_keyslots_area_size(keyslots_size)) {
log_dbg("Unsupported LUKS2 keyslots size (%" PRIu64 ").", keyslots_size);
log_dbg(cd, "Unsupported LUKS2 keyslots size (%" PRIu64 ").", keyslots_size);
return 1;
}
if (validate_keyslots_size(hdr_jobj, json_size + LUKS2_HDR_BIN_LEN, keyslots_size))
if (validate_keyslots_size(cd, hdr_jobj, json_size + LUKS2_HDR_BIN_LEN, keyslots_size))
return 1;
/* Flags array is optional */
if (json_object_object_get_ex(jobj_config, "flags", &jobj)) {
if (!json_contains(jobj_config, "section", "Config", "flags", json_type_array))
if (!json_contains(cd, jobj_config, "section", "Config", "flags", json_type_array))
return 1;
/* All array members must be strings */
@@ -814,12 +818,12 @@ static int hdr_validate_config(json_object *hdr_jobj)
/* Requirements object is optional */
if (json_object_object_get_ex(jobj_config, "requirements", &jobj)) {
if (!json_contains(jobj_config, "section", "Config", "requirements", json_type_object))
if (!json_contains(cd, jobj_config, "section", "Config", "requirements", json_type_object))
return 1;
/* Mandatory array is optional */
if (json_object_object_get_ex(jobj, "mandatory", &jobj1)) {
if (!json_contains(jobj, "section", "Requirements", "mandatory", json_type_array))
if (!json_contains(cd, jobj, "section", "Requirements", "mandatory", json_type_array))
return 1;
/* All array members must be strings */
@@ -832,10 +836,10 @@ static int hdr_validate_config(json_object *hdr_jobj)
return 0;
}
int LUKS2_hdr_validate(json_object *hdr_jobj, uint64_t json_size)
int LUKS2_hdr_validate(struct crypt_device *cd, json_object *hdr_jobj, uint64_t json_size)
{
struct {
int (*validate)(json_object *);
int (*validate)(struct crypt_device *, json_object *);
} checks[] = {
{ hdr_validate_tokens },
{ hdr_validate_digests },
@@ -851,14 +855,14 @@ int LUKS2_hdr_validate(json_object *hdr_jobj, uint64_t json_size)
return 1;
for (i = 0; checks[i].validate; i++)
if (checks[i].validate && checks[i].validate(hdr_jobj))
if (checks[i].validate && checks[i].validate(cd, hdr_jobj))
return 1;
if (hdr_validate_json_size(hdr_jobj, json_size))
if (hdr_validate_json_size(cd, hdr_jobj, json_size))
return 1;
/* validate keyslot implementations */
if (LUKS2_keyslots_validate(hdr_jobj))
if (LUKS2_keyslots_validate(cd, hdr_jobj))
return 1;
return 0;
@@ -903,7 +907,7 @@ int LUKS2_hdr_write(struct crypt_device *cd, struct luks2_hdr *hdr)
/* erase unused digests (no assigned keyslot or segment) */
LUKS2_digests_erase_unused(cd, hdr);
if (LUKS2_hdr_validate(hdr->jobj, hdr->hdr_size - LUKS2_HDR_BIN_LEN))
if (LUKS2_hdr_validate(cd, hdr->jobj, hdr->hdr_size - LUKS2_HDR_BIN_LEN))
return -EINVAL;
return LUKS2_disk_hdr_write(cd, hdr, crypt_metadata_device(cd));
@@ -941,12 +945,12 @@ int LUKS2_hdr_labels(struct crypt_device *cd, struct luks2_hdr *hdr,
return commit ? LUKS2_hdr_write(cd, hdr) : 0;
}
void LUKS2_hdr_free(struct luks2_hdr *hdr)
void LUKS2_hdr_free(struct crypt_device *cd, struct luks2_hdr *hdr)
{
if (json_object_put(hdr->jobj))
hdr->jobj = NULL;
else if (hdr->jobj)
log_dbg("LUKS2 header still in use");
log_dbg(cd, "LUKS2 header still in use");
}
uint64_t LUKS2_keyslots_size(json_object *jobj)
@@ -989,8 +993,8 @@ int LUKS2_hdr_backup(struct crypt_device *cd, struct luks2_hdr *hdr,
if (!buffer)
return -ENOMEM;
log_dbg("Storing backup of header (%zu bytes).", hdr_size);
log_dbg("Output backup file size: %zu bytes.", buffer_size);
log_dbg(cd, "Storing backup of header (%zu bytes).", hdr_size);
log_dbg(cd, "Output backup file size: %zu bytes.", buffer_size);
r = device_read_lock(cd, device);
if (r) {
@@ -1114,7 +1118,7 @@ int LUKS2_hdr_restore(struct crypt_device *cd, struct luks2_hdr *hdr,
r = LUKS2_hdr_read(cd, &tmp_hdr, 0);
if (r == 0) {
log_dbg("Device %s already contains LUKS2 header, checking UUID and requirements.", device_path(device));
log_dbg(cd, "Device %s already contains LUKS2 header, checking UUID and requirements.", device_path(device));
r = LUKS2_config_get_requirements(cd, &tmp_hdr, &reqs);
if (r)
goto out;
@@ -1123,7 +1127,7 @@ int LUKS2_hdr_restore(struct crypt_device *cd, struct luks2_hdr *hdr,
diff_uuid = 1;
if (!reqs_reencrypt(reqs)) {
log_dbg("Checking LUKS2 header size and offsets.");
log_dbg(cd, "Checking LUKS2 header size and offsets.");
if (LUKS2_get_data_offset(&tmp_hdr) != LUKS2_get_data_offset(&hdr_file)) {
log_err(cd, _("Data offset differ on device and backup, restore failed."));
r = -EINVAL;
@@ -1156,7 +1160,7 @@ int LUKS2_hdr_restore(struct crypt_device *cd, struct luks2_hdr *hdr,
goto out;
}
log_dbg("Storing backup of header (%zu bytes) to device %s.", buffer_size, device_path(device));
log_dbg(cd, "Storing backup of header (%zu bytes) to device %s.", buffer_size, device_path(device));
/* TODO: perform header restore on bdev in stand-alone routine? */
r = device_write_lock(cd, device);
@@ -1188,9 +1192,9 @@ int LUKS2_hdr_restore(struct crypt_device *cd, struct luks2_hdr *hdr,
/* end of TODO */
out:
LUKS2_hdr_free(hdr);
LUKS2_hdr_free(&hdr_file);
LUKS2_hdr_free(&tmp_hdr);
LUKS2_hdr_free(cd, hdr);
LUKS2_hdr_free(cd, &hdr_file);
LUKS2_hdr_free(cd, &tmp_hdr);
crypt_memzero(&hdr_file, sizeof(hdr_file));
crypt_memzero(&tmp_hdr, sizeof(tmp_hdr));
crypt_safe_free(buffer);
@@ -1240,7 +1244,7 @@ int LUKS2_config_get_flags(struct crypt_device *cd, struct luks2_hdr *hdr, uint3
if (!strcmp(persistent_flags[j].description,
json_object_get_string(jobj1))) {
*flags |= persistent_flags[j].flag;
log_dbg("Using persistent flag %s.",
log_dbg(cd, "Using persistent flag %s.",
json_object_get_string(jobj1));
found = 1;
}
@@ -1264,7 +1268,7 @@ int LUKS2_config_set_flags(struct crypt_device *cd, struct luks2_hdr *hdr, uint3
for (i = 0; persistent_flags[i].description; i++) {
if (flags & persistent_flags[i].flag) {
log_dbg("Setting persistent flag: %s.", persistent_flags[i].description);
log_dbg(cd, "Setting persistent flag: %s.", persistent_flags[i].description);
json_object_array_add(jobj_flags,
json_object_new_string(persistent_flags[i].description));
}
@@ -1335,12 +1339,12 @@ int LUKS2_config_get_requirements(struct crypt_device *cd, struct luks2_hdr *hdr
if (len <= 0)
return 0;
log_dbg("LUKS2 requirements detected:");
log_dbg(cd, "LUKS2 requirements detected:");
for (i = 0; i < len; i++) {
jobj = json_object_array_get_idx(jobj_mandatory, i);
req = get_requirement_by_name(json_object_get_string(jobj));
log_dbg("%s - %sknown", json_object_get_string(jobj),
log_dbg(cd, "%s - %sknown", json_object_get_string(jobj),
reqs_unknown(req) ? "un" : "");
*reqs |= req;
}
@@ -1375,7 +1379,7 @@ int LUKS2_config_set_requirements(struct crypt_device *cd, struct luks2_hdr *hdr
/* any remaining bit in requirements is unknown therefore illegal */
if (reqs) {
log_dbg("Illegal requirement flag(s) requested");
log_dbg(cd, "Illegal requirement flag(s) requested");
goto err;
}
@@ -1623,7 +1627,7 @@ int LUKS2_hdr_dump(struct crypt_device *cd, struct luks2_hdr *hdr)
if (!hdr->jobj)
return -EINVAL;
JSON_DBG(hdr->jobj, NULL);
JSON_DBG(cd, hdr->jobj, NULL);
log_std(cd, "LUKS header information\n");
log_std(cd, "Version: \t%u\n", hdr->version);

24
lib/luks2/luks2_keyslot.c
View File

@@ -256,14 +256,14 @@ static int LUKS2_open_and_verify(struct crypt_device *cd,
r = h->validate(cd, LUKS2_get_keyslot_jobj(hdr, keyslot));
if (r) {
log_dbg("Keyslot %d validation failed.", keyslot);
log_dbg(cd, "Keyslot %d validation failed.", keyslot);
return r;
}
r = LUKS2_keyslot_for_segment(hdr, keyslot, segment);
if (r) {
if (r == -ENOENT)
log_dbg("Keyslot %d unusable for segment %d.", keyslot, segment);
log_dbg(cd, "Keyslot %d unusable for segment %d.", keyslot, segment);
return r;
}
@@ -279,7 +279,7 @@ static int LUKS2_open_and_verify(struct crypt_device *cd,
r = h->open(cd, keyslot, password, password_len, (*vk)->key, (*vk)->keylength);
if (r < 0)
log_dbg("Keyslot %d (%s) open failed with %d.", keyslot, h->name, r);
log_dbg(cd, "Keyslot %d (%s) open failed with %d.", keyslot, h->name, r);
else
r = LUKS2_digest_verify(cd, hdr, *vk, keyslot);
@@ -313,7 +313,7 @@ static int LUKS2_keyslot_open_priority(struct crypt_device *cd,
keyslot = atoi(slot);
if (slot_priority != priority) {
log_dbg("Keyslot %d priority %d != %d (required), skipped.",
log_dbg(cd, "Keyslot %d priority %d != %d (required), skipped.",
keyslot, slot_priority, priority);
continue;
}
@@ -389,14 +389,14 @@ int LUKS2_keyslot_store(struct crypt_device *cd,
r = h->update(cd, keyslot, params);
if (r) {
log_dbg("Failed to update keyslot %d json.", keyslot);
log_dbg(cd, "Failed to update keyslot %d json.", keyslot);
return r;
}
}
r = h->validate(cd, LUKS2_get_keyslot_jobj(hdr, keyslot));
if (r) {
log_dbg("Keyslot validation failed.");
log_dbg(cd, "Keyslot validation failed.");
return r;
}
@@ -426,7 +426,7 @@ int LUKS2_keyslot_wipe(struct crypt_device *cd,
return -ENOENT;
if (wipe_area_only)
log_dbg("Wiping keyslot %d area only.", keyslot);
log_dbg(cd, "Wiping keyslot %d area only.", keyslot);
/* Just check that nobody uses the metadata now */
r = device_write_lock(cd, device);
@@ -466,7 +466,7 @@ int LUKS2_keyslot_wipe(struct crypt_device *cd,
if (r < 0)
return r;
} else
log_dbg("Wiping keyslot %d without specific-slot handler loaded.", keyslot);
log_dbg(cd, "Wiping keyslot %d without specific-slot handler loaded.", keyslot);
snprintf(num, sizeof(num), "%d", keyslot);
json_object_object_del(jobj_keyslots, num);
@@ -526,7 +526,7 @@ int placeholder_keyslot_alloc(struct crypt_device *cd,
char num[16];
json_object *jobj_keyslots, *jobj_keyslot, *jobj_area;
log_dbg("Allocating placeholder keyslot %d for LUKS1 down conversion.", keyslot);
log_dbg(cd, "Allocating placeholder keyslot %d for LUKS1 down conversion.", keyslot);
if (!(hdr = crypt_get_hdr(cd, CRYPT_LUKS2)))
return -EINVAL;
@@ -585,7 +585,7 @@ static unsigned LUKS2_get_keyslot_digests_count(json_object *hdr_jobj, int keysl
}
/* run only on header that passed basic format validation */
int LUKS2_keyslots_validate(json_object *hdr_jobj)
int LUKS2_keyslots_validate(struct crypt_device *cd, json_object *hdr_jobj)
{
const keyslot_handler *h;
int keyslot;
@@ -601,12 +601,12 @@ int LUKS2_keyslots_validate(json_object *hdr_jobj)
if (!h)
continue;
if (h->validate && h->validate(NULL, val)) {
log_dbg("Keyslot type %s validation failed on keyslot %d.", h->name, keyslot);
log_dbg(cd, "Keyslot type %s validation failed on keyslot %d.", h->name, keyslot);
return -EINVAL;
}
if (!strcmp(h->name, "luks2") && LUKS2_get_keyslot_digests_count(hdr_jobj, keyslot) != 1) {
log_dbg("Keyslot %d is not assigned to exactly 1 digest.", keyslot);
log_dbg(cd, "Keyslot %d is not assigned to exactly 1 digest.", keyslot);
return -EINVAL;
}
}

58
lib/luks2/luks2_keyslot_luks2.c
View File

@@ -54,7 +54,7 @@ static int luks2_encrypt_to_storage(char *src, size_t srcLength,
/* Encrypt buffer */
r = crypt_storage_init(&s, 0, cipher, cipher_mode, vk->key, vk->keylength);
if (r) {
log_dbg("Userspace crypto wrapper cannot use %s-%s (%d).",
log_dbg(cd, "Userspace crypto wrapper cannot use %s-%s (%d).",
cipher, cipher_mode, r);
return r;
}
@@ -118,7 +118,7 @@ static int luks2_decrypt_from_storage(char *dst, size_t dstLength,
r = crypt_storage_init(&s, 0, cipher, cipher_mode, vk->key, vk->keylength);
if (r) {
log_dbg("Userspace crypto wrapper cannot use %s-%s (%d).",
log_dbg(cd, "Userspace crypto wrapper cannot use %s-%s (%d).",
cipher, cipher_mode, r);
return r;
}
@@ -284,7 +284,7 @@ static int luks2_keyslot_set_key(struct crypt_device *cd,
r = AF_split(volume_key, AfKey, volume_key_len, LUKS_STRIPES, af_hash);
if (r == 0) {
log_dbg("Updating keyslot area [0x%04x].", (unsigned)area_offset);
log_dbg(cd, "Updating keyslot area [0x%04x].", (unsigned)area_offset);
/* FIXME: sector_offset should be size_t, fix LUKS_encrypt... accordingly */
r = luks2_encrypt_to_storage(AfKey, AFEKSize, cipher, cipher_mode,
derived_key, (unsigned)(area_offset / SECTOR_SIZE), cd);
@@ -362,7 +362,7 @@ static int luks2_keyslot_get_key(struct crypt_device *cd,
pbkdf.parallel_threads);
if (r == 0) {
log_dbg("Reading keyslot area [0x%04x].", (unsigned)area_offset);
log_dbg(cd, "Reading keyslot area [0x%04x].", (unsigned)area_offset);
/* FIXME: sector_offset should be size_t, fix LUKS_decrypt... accordingly */
r = luks2_decrypt_from_storage(AfKey, AFEKSize, cipher, cipher_mode,
derived_key, (unsigned)(area_offset / SECTOR_SIZE), cd);
@@ -442,7 +442,7 @@ static int luks2_keyslot_update_json(struct crypt_device *cd,
/* update 'af' hash */
json_object_object_add(jobj_af, "hash", json_object_new_string(params->af.luks1.hash));
JSON_DBG(jobj_keyslot, "Keyslot JSON");
JSON_DBG(cd, jobj_keyslot, "Keyslot JSON");
return 0;
}
@@ -457,11 +457,11 @@ static int luks2_keyslot_alloc(struct crypt_device *cd,
json_object *jobj_keyslots, *jobj_keyslot, *jobj_af, *jobj_area;
int r;
log_dbg("Trying to allocate LUKS2 keyslot %d.", keyslot);
log_dbg(cd, "Trying to allocate LUKS2 keyslot %d.", keyslot);
if (!params || params->area_type != LUKS2_KEYSLOT_AREA_RAW ||
params->af_type != LUKS2_KEYSLOT_AF_LUKS1) {
log_dbg("Invalid LUKS2 keyslot parameters.");
log_dbg(cd, "Invalid LUKS2 keyslot parameters.");
return -EINVAL;
}
@@ -475,7 +475,7 @@ static int luks2_keyslot_alloc(struct crypt_device *cd,
return -ENOMEM;
if (LUKS2_get_keyslot_jobj(hdr, keyslot)) {
log_dbg("Cannot modify already active keyslot %d.", keyslot);
log_dbg(cd, "Cannot modify already active keyslot %d.", keyslot);
return -EINVAL;
}
@@ -511,8 +511,8 @@ static int luks2_keyslot_alloc(struct crypt_device *cd,
r = luks2_keyslot_update_json(cd, jobj_keyslot, params);
if (!r && LUKS2_check_json_size(hdr)) {
log_dbg("Not enough space in header json area for new keyslot.");
if (!r && LUKS2_check_json_size(cd, hdr)) {
log_dbg(cd, "Not enough space in header json area for new keyslot.");
r = -ENOSPC;
}
@@ -532,7 +532,7 @@ static int luks2_keyslot_open(struct crypt_device *cd,
struct luks2_hdr *hdr;
json_object *jobj_keyslot;
log_dbg("Trying to open LUKS2 keyslot %d.", keyslot);
log_dbg(cd, "Trying to open LUKS2 keyslot %d.", keyslot);
if (!(hdr = crypt_get_hdr(cd, CRYPT_LUKS2)))
return -EINVAL;
@@ -561,7 +561,7 @@ static int luks2_keyslot_store(struct crypt_device *cd,
json_object *jobj_keyslot;
int r;
log_dbg("Calculating attributes for LUKS2 keyslot %d.", keyslot);
log_dbg(cd, "Calculating attributes for LUKS2 keyslot %d.", keyslot);
if (!(hdr = crypt_get_hdr(cd, CRYPT_LUKS2)))
return -EINVAL;
@@ -665,31 +665,31 @@ static int luks2_keyslot_validate(struct crypt_device *cd, json_object *jobj_key
count = json_object_object_length(jobj_kdf);
jobj1 = json_contains(jobj_kdf, "", "kdf section", "type", json_type_string);
jobj1 = json_contains(cd, jobj_kdf, "", "kdf section", "type", json_type_string);
if (!jobj1)
return -EINVAL;
type = json_object_get_string(jobj1);
if (!strcmp(type, CRYPT_KDF_PBKDF2)) {
if (count != 4 || /* type, salt, hash, iterations only */
!json_contains(jobj_kdf, "kdf type", type, "hash", json_type_string) ||
!json_contains(jobj_kdf, "kdf type", type, "iterations", json_type_int) ||
!json_contains(jobj_kdf, "kdf type", type, "salt", json_type_string))
!json_contains(cd, jobj_kdf, "kdf type", type, "hash", json_type_string) ||
!json_contains(cd, jobj_kdf, "kdf type", type, "iterations", json_type_int) ||
!json_contains(cd, jobj_kdf, "kdf type", type, "salt", json_type_string))
return -EINVAL;
} else if (!strcmp(type, CRYPT_KDF_ARGON2I) || !strcmp(type, CRYPT_KDF_ARGON2ID)) {
if (count != 5 || /* type, salt, time, memory, cpus only */
!json_contains(jobj_kdf, "kdf type", type, "time", json_type_int) ||
!json_contains(jobj_kdf, "kdf type", type, "memory", json_type_int) ||
!json_contains(jobj_kdf, "kdf type", type, "cpus", json_type_int) ||
!json_contains(jobj_kdf, "kdf type", type, "salt", json_type_string))
!json_contains(cd, jobj_kdf, "kdf type", type, "time", json_type_int) ||
!json_contains(cd, jobj_kdf, "kdf type", type, "memory", json_type_int) ||
!json_contains(cd, jobj_kdf, "kdf type", type, "cpus", json_type_int) ||
!json_contains(cd, jobj_kdf, "kdf type", type, "salt", json_type_string))
return -EINVAL;
}
if (!json_object_object_get_ex(jobj_af, "type", &jobj1))
return -EINVAL;
if (!strcmp(json_object_get_string(jobj1), "luks1")) {
if (!json_contains(jobj_af, "", "luks1 af", "hash", json_type_string) ||
!json_contains(jobj_af, "", "luks1 af", "stripes", json_type_int))
if (!json_contains(cd, jobj_af, "", "luks1 af", "hash", json_type_string) ||
!json_contains(cd, jobj_af, "", "luks1 af", "stripes", json_type_int))
return -EINVAL;
} else
return -EINVAL;
@@ -698,10 +698,10 @@ static int luks2_keyslot_validate(struct crypt_device *cd, json_object *jobj_key
if (!json_object_object_get_ex(jobj_area, "type", &jobj1))
return -EINVAL;
if (!strcmp(json_object_get_string(jobj1), "raw")) {
if (!json_contains(jobj_area, "area", "raw type", "encryption", json_type_string) ||
!json_contains(jobj_area, "area", "raw type", "key_size", json_type_int) ||
!json_contains(jobj_area, "area", "raw type", "offset", json_type_string) ||
!json_contains(jobj_area, "area", "raw type", "size", json_type_string))
if (!json_contains(cd, jobj_area, "area", "raw type", "encryption", json_type_string) ||
!json_contains(cd, jobj_area, "area", "raw type", "key_size", json_type_int) ||
!json_contains(cd, jobj_area, "area", "raw type", "offset", json_type_string) ||
!json_contains(cd, jobj_area, "area", "raw type", "size", json_type_string))
return -EINVAL;
} else
return -EINVAL;
@@ -717,7 +717,7 @@ static int luks2_keyslot_update(struct crypt_device *cd,
json_object *jobj_keyslot;
int r;
log_dbg("Updating LUKS2 keyslot %d.", keyslot);
log_dbg(cd, "Updating LUKS2 keyslot %d.", keyslot);
if (!(hdr = crypt_get_hdr(cd, CRYPT_LUKS2)))
return -EINVAL;
@@ -728,8 +728,8 @@ static int luks2_keyslot_update(struct crypt_device *cd,
r = luks2_keyslot_update_json(cd, jobj_keyslot, params);
if (!r && LUKS2_check_json_size(hdr)) {
log_dbg("Not enough space in header json area for updated keyslot %d.", keyslot);
if (!r && LUKS2_check_json_size(cd, hdr)) {
log_dbg(cd, "Not enough space in header json area for updated keyslot %d.", keyslot);
r = -ENOSPC;
}

19
lib/luks2/luks2_luks1_convert.c
View File

@@ -427,7 +427,7 @@ static int move_keyslot_areas(struct crypt_device *cd, off_t offset_from,
void *buf = NULL;
int r = -EIO, devfd = -1;
log_dbg("Moving keyslot areas of size %zu from %jd to %jd.",
log_dbg(cd, "Moving keyslot areas of size %zu from %jd to %jd.",
buf_size, (intmax_t)offset_from, (intmax_t)offset_to);
if (posix_memalign(&buf, crypt_getpagesize(), buf_size))
@@ -441,7 +441,7 @@ static int move_keyslot_areas(struct crypt_device *cd, off_t offset_from,
/* This can safely fail (for block devices). It only allocates space if it is possible. */
if (posix_fallocate(devfd, offset_to, buf_size))
log_dbg("Preallocation (fallocate) of new keyslot area not available.");
log_dbg(cd, "Preallocation (fallocate) of new keyslot area not available.");
/* Try to read *new* area to check that area is there (trimmed backup). */
if (read_lseek_blockwise(devfd, device_block_size(device),
@@ -528,14 +528,14 @@ int LUKS2_luks1_to_luks2(struct crypt_device *cd, struct luks_phdr *hdr1, struct
return -EINVAL;
if (LUKS_keyslots_offset(hdr1) != (LUKS_ALIGN_KEYSLOTS / SECTOR_SIZE)) {
log_dbg("Unsupported keyslots material offset: %zu.", LUKS_keyslots_offset(hdr1));
log_dbg(cd, "Unsupported keyslots material offset: %zu.", LUKS_keyslots_offset(hdr1));
return -EINVAL;
}
if (luksmeta_header_present(cd, luks1_size))
return -EINVAL;
log_dbg("Max size: %" PRIu64 ", LUKS1 (full) header size %zu , required shift: %zu",
log_dbg(cd, "Max size: %" PRIu64 ", LUKS1 (full) header size %zu , required shift: %zu",
max_size, luks1_size, luks1_shift);
if ((max_size - luks1_size) < luks1_shift) {
log_err(cd, _("Unable to move keyslot area. Not enough space."));
@@ -585,12 +585,13 @@ int LUKS2_luks1_to_luks2(struct crypt_device *cd, struct luks_phdr *hdr1, struct
// Write JSON hdr2
r = LUKS2_hdr_write(cd, hdr2);
out:
LUKS2_hdr_free(hdr2);
LUKS2_hdr_free(cd, hdr2);
return r;
}
static int keyslot_LUKS1_compatible(struct luks2_hdr *hdr, int keyslot, uint32_t key_size)
static int keyslot_LUKS1_compatible(struct crypt_device *cd,
struct luks2_hdr *hdr, int keyslot, uint32_t key_size)
{
json_object *jobj_keyslot, *jobj, *jobj_kdf, *jobj_af;
uint64_t l2_offset, l2_length;
@@ -626,7 +627,7 @@ static int keyslot_LUKS1_compatible(struct luks2_hdr *hdr, int keyslot, uint32_t
/* FIXME: check all keyslots are assigned to segment id 0, and segments count == 1 */
ks_key_size = LUKS2_get_keyslot_key_size(hdr, keyslot);
if (ks_key_size < 0 || (int)key_size != LUKS2_get_keyslot_key_size(hdr, keyslot)) {
log_dbg("Key length in keyslot %d is different from volume key length", keyslot);
log_dbg(cd, "Key length in keyslot %d is different from volume key length", keyslot);
return 0;
}
@@ -634,7 +635,7 @@ static int keyslot_LUKS1_compatible(struct luks2_hdr *hdr, int keyslot, uint32_t
return 0;
if (l2_length != (size_round_up(AF_split_sectors(key_size, LUKS_STRIPES) * SECTOR_SIZE, 4096))) {
log_dbg("Area length in LUKS2 keyslot (%d) is not compatible with LUKS1", keyslot);
log_dbg(cd, "Area length in LUKS2 keyslot (%d) is not compatible with LUKS1", keyslot);
return 0;
}
@@ -706,7 +707,7 @@ int LUKS2_luks2_to_luks1(struct crypt_device *cd, struct luks2_hdr *hdr2, struct
return -EINVAL;
}
if (!keyslot_LUKS1_compatible(hdr2, i, key_size)) {
if (!keyslot_LUKS1_compatible(cd, hdr2, i, key_size)) {
log_err(cd, _("Cannot convert to LUKS1 format - keyslot %u is not LUKS1 compatible."), i);
return -EINVAL;
}

32
lib/luks2/luks2_token.c
View File

@@ -45,19 +45,19 @@ int crypt_token_register(const crypt_token_handler *handler)
int i;
if (is_builtin_candidate(handler->name)) {
log_dbg("'" LUKS2_BUILTIN_TOKEN_PREFIX "' is reserved prefix for builtin tokens.");
log_dbg(NULL, "'" LUKS2_BUILTIN_TOKEN_PREFIX "' is reserved prefix for builtin tokens.");
return -EINVAL;
}
for (i = 0; i < LUKS2_TOKENS_MAX && token_handlers[i].h; i++) {
if (!strcmp(token_handlers[i].h->name, handler->name)) {
log_dbg("Keyslot handler %s is already registered.", handler->name);
log_dbg(NULL, "Keyslot handler %s is already registered.", handler->name);
return -EINVAL;
}
}
if (i == LUKS2_TOKENS_MAX) {
log_dbg("No more space for another token handler.");
log_dbg(NULL, "No more space for another token handler.");
return -EINVAL;
}
@@ -157,13 +157,13 @@ int LUKS2_token_create(struct crypt_device *cd,
jobj = json_tokener_parse_verbose(json, &jerr);
if (!jobj) {
log_dbg("Token JSON parse failed.");
log_dbg(cd, "Token JSON parse failed.");
return -EINVAL;
}
snprintf(num, sizeof(num), "%d", token);
if (LUKS2_token_validate(hdr->jobj, jobj, num)) {
if (LUKS2_token_validate(cd, hdr->jobj, jobj, num)) {
json_object_put(jobj);
return -EINVAL;
}
@@ -172,7 +172,7 @@ int LUKS2_token_create(struct crypt_device *cd,
if (is_builtin_candidate(json_object_get_string(jobj_type))) {
th = LUKS2_token_handler_type_internal(cd, json_object_get_string(jobj_type));
if (!th || !th->set) {
log_dbg("%s is builtin token candidate with missing handler", json_object_get_string(jobj_type));
log_dbg(cd, "%s is builtin token candidate with missing handler", json_object_get_string(jobj_type));
json_object_put(jobj);
return -EINVAL;
}
@@ -182,13 +182,13 @@ int LUKS2_token_create(struct crypt_device *cd,
if (h && h->validate && h->validate(cd, json)) {
json_object_put(jobj);
log_dbg("Token type %s validation failed.", h->name);
log_dbg(cd, "Token type %s validation failed.", h->name);
return -EINVAL;
}
json_object_object_add(jobj_tokens, num, jobj);
if (LUKS2_check_json_size(hdr)) {
log_dbg("Not enough space in header json area for new token.");
if (LUKS2_check_json_size(cd, hdr)) {
log_dbg(cd, "Not enough space in header json area for new token.");
json_object_object_del(jobj_tokens, num);
return -ENOSPC;
}
@@ -276,7 +276,7 @@ int LUKS2_builtin_token_create(struct crypt_device *cd,
}
// builtin tokens must produce valid json
r = LUKS2_token_validate(hdr->jobj, jobj_token, "new");
r = LUKS2_token_validate(cd, hdr->jobj, jobj_token, "new");
assert(!r);
r = th->h->validate(cd, json_object_to_json_string_ext(jobj_token,
JSON_C_TO_STRING_PLAIN | JSON_C_TO_STRING_NOSLASHESCAPE));
@@ -284,8 +284,8 @@ int LUKS2_builtin_token_create(struct crypt_device *cd,
json_object_object_get_ex(hdr->jobj, "tokens", &jobj_tokens);
json_object_object_add(jobj_tokens, num, jobj_token);
if (LUKS2_check_json_size(hdr)) {
log_dbg("Not enough space in header json area for new %s token.", type);
if (LUKS2_check_json_size(cd, hdr)) {
log_dbg(cd, "Not enough space in header json area for new %s token.", type);
json_object_object_del(jobj_tokens, num);
return -ENOSPC;
}
@@ -315,14 +315,14 @@ static int LUKS2_token_open(struct crypt_device *cd,
return -EINVAL;
if (h->validate(cd, json)) {
log_dbg("Token %d (%s) validation failed.", token, h->name);
log_dbg(cd, "Token %d (%s) validation failed.", token, h->name);
return -EINVAL;
}
}
r = h->open(cd, token, buffer, buffer_len, usrptr);
if (r < 0)
log_dbg("Token %d (%s) open failed with %d.", token, h->name, r);
log_dbg(cd, "Token %d (%s) open failed with %d.", token, h->name, r);
return r;
}
@@ -371,7 +371,7 @@ static int LUKS2_keyslot_open_by_token(struct crypt_device *cd,
for (i = 0; i < (int) json_object_array_length(jobj_token_keyslots) && r < 0; i++) {
jobj = json_object_array_get_idx(jobj_token_keyslots, i);
num = json_object_get_string(jobj);
log_dbg("Trying to open keyslot %s with token %d (type %s).", num, token, h->name);
log_dbg(cd, "Trying to open keyslot %s with token %d (type %s).", num, token, h->name);
r = LUKS2_keyslot_open(cd, atoi(num), segment, buffer, buffer_len, vk);
}
@@ -501,7 +501,7 @@ static int assign_one_keyslot(struct crypt_device *cd, struct luks2_hdr *hdr,
json_object *jobj1, *jobj_token, *jobj_token_keyslots;
char num[16];
log_dbg("Keyslot %i %s token %i.", keyslot, assign ? "assigned to" : "unassigned from", token);
log_dbg(cd, "Keyslot %i %s token %i.", keyslot, assign ? "assigned to" : "unassigned from", token);
jobj_token = LUKS2_get_token_jobj(hdr, token);
if (!jobj_token)

14
lib/luks2/luks2_token_keyring.c
View File

@@ -44,10 +44,10 @@ static int keyring_open(struct crypt_device *cd,
r = keyring_get_passphrase(json_object_get_string(jobj_key), buffer, buffer_len);
if (r == -ENOTSUP) {
log_dbg("Kernel keyring features disabled.");
log_dbg(cd, "Kernel keyring features disabled.");
return -EINVAL;
} else if (r < 0) {
log_dbg("keyring_get_passphrase failed (error %d)", r);
log_dbg(cd, "keyring_get_passphrase failed (error %d)", r);
return -EINVAL;
}
@@ -61,26 +61,26 @@ static int keyring_validate(struct crypt_device *cd __attribute__((unused)),
json_object *jobj_token, *jobj_key;
int r = 1;
log_dbg("Validating keyring token json");
log_dbg(cd, "Validating keyring token json");
jobj_token = json_tokener_parse_verbose(json, &jerr);
if (!jobj_token) {
log_dbg("Keyring token JSON parse failed.");
log_dbg(cd, "Keyring token JSON parse failed.");
return r;
}
if (json_object_object_length(jobj_token) != 3) {
log_dbg("Keyring token is expected to have exactly 3 fields.");
log_dbg(cd, "Keyring token is expected to have exactly 3 fields.");
goto out;
}
if (!json_object_object_get_ex(jobj_token, "key_description", &jobj_key)) {
log_dbg("missing key_description field.");
log_dbg(cd, "missing key_description field.");
goto out;
}
if (!json_object_is_type(jobj_key, json_type_string)) {
log_dbg("key_description is not a string.");
log_dbg(cd, "key_description is not a string.");
goto out;
}

150
lib/setup.c
View File

@@ -211,10 +211,10 @@ int init_crypto(struct crypt_device *ctx)
log_err(ctx, _("Cannot initialize crypto backend."));
if (!r && !_crypto_logged) {
log_dbg("Crypto backend (%s) initialized in cryptsetup library version %s.",
log_dbg(ctx, "Crypto backend (%s) initialized in cryptsetup library version %s.",
crypt_backend_version(), PACKAGE_VERSION);
if (!uname(&uts))
log_dbg("Detected kernel %s %s %s.",
log_dbg(ctx, "Detected kernel %s %s %s.",
uts.sysname, uts.release, uts.machine);
_crypto_logged = 1;
}
@@ -403,7 +403,7 @@ static int keyslot_verify_or_find_empty(struct crypt_device *cd, int *keyslot)
return -EINVAL;
}
log_dbg("Selected keyslot %d.", *keyslot);
log_dbg(cd, "Selected keyslot %d.", *keyslot);
return 0;
}
@@ -450,7 +450,7 @@ static int crypt_uuid_type_cmp(struct crypt_device *cd, const char *type)
if (cd->type || !cd->u.none.active_name)
return -EINVAL;
log_dbg("Checking if active device %s without header has UUID type %s.",
log_dbg(cd, "Checking if active device %s without header has UUID type %s.",
cd->u.none.active_name, type);
r = dm_query_device(cd, cd->u.none.active_name, DM_ACTIVE_UUID, &dmd);
@@ -508,7 +508,7 @@ int PLAIN_activate(struct crypt_device *cd,
return -ENOMEM;
dmd.u.crypt.cipher = dm_cipher;
log_dbg("Trying to activate PLAIN device %s using cipher %s.",
log_dbg(cd, "Trying to activate PLAIN device %s using cipher %s.",
name, dmd.u.crypt.cipher);
r = dm_create_device(cd, name, CRYPT_PLAIN, &dmd, 0);
@@ -560,7 +560,7 @@ int crypt_init(struct crypt_device **cd, const char *device)
if (!cd)
return -EINVAL;
log_dbg("Allocating context for crypt device %s.", device ?: "(none)");
log_dbg(NULL, "Allocating context for crypt device %s.", device ?: "(none)");
if (!(h = malloc(sizeof(struct crypt_device))))
return -ENOMEM;
@@ -612,7 +612,7 @@ int crypt_set_data_device(struct crypt_device *cd, const char *device)
if (!cd)
return -EINVAL;
log_dbg("Setting ciphertext data device to %s.", device ?: "(none)");
log_dbg(cd, "Setting ciphertext data device to %s.", device ?: "(none)");
if (!isLUKS1(cd->type) && !isLUKS2(cd->type) && !isVERITY(cd->type)) {
log_err(cd, _("This operation is not supported for this device type."));
@@ -652,7 +652,7 @@ static int _crypt_load_luks2(struct crypt_device *cd, int reload, int repair)
char *type = NULL;
struct luks2_hdr hdr2 = {};
log_dbg("%soading LUKS2 header (repair %sabled).", reload ? "Rel" : "L", repair ? "en" : "dis");
log_dbg(cd, "%soading LUKS2 header (repair %sabled).", reload ? "Rel" : "L", repair ? "en" : "dis");
r = LUKS2_hdr_read(cd, &hdr2, repair);
if (r)
@@ -670,7 +670,7 @@ static int _crypt_load_luks2(struct crypt_device *cd, int reload, int repair)
}
if (reload)
LUKS2_hdr_free(&cd->u.luks2.hdr);
LUKS2_hdr_free(cd, &cd->u.luks2.hdr);
else
cd->type = type;
@@ -680,7 +680,7 @@ static int _crypt_load_luks2(struct crypt_device *cd, int reload, int repair)
out:
if (r) {
free(type);
LUKS2_hdr_free(&hdr2);
LUKS2_hdr_free(cd, &hdr2);
}
/* FIXME: why? */
crypt_memzero(&hdr2, sizeof(hdr2));
@@ -712,7 +712,7 @@ static int _crypt_load_luks(struct crypt_device *cd, const char *requested_type,
if (isLUKS1(requested_type) || version == 1) {
if (cd->type && isLUKS2(cd->type)) {
log_dbg("Context is already initialised to type %s", cd->type);
log_dbg(cd, "Context is already initialised to type %s", cd->type);
return -EINVAL;
}
@@ -744,7 +744,7 @@ static int _crypt_load_luks(struct crypt_device *cd, const char *requested_type,
memcpy(&cd->u.luks1.hdr, &hdr, sizeof(hdr));
} else if (isLUKS2(requested_type) || version == 2 || version == 0) {
if (cd->type && isLUKS1(cd->type)) {
log_dbg("Context is already initialised to type %s", cd->type);
log_dbg(cd, "Context is already initialised to type %s", cd->type);
return -EINVAL;
}
@@ -910,7 +910,7 @@ int crypt_load(struct crypt_device *cd,
if (!cd)
return -EINVAL;
log_dbg("Trying to load %s crypt type from device %s.",
log_dbg(cd, "Trying to load %s crypt type from device %s.",
requested_type ?: "any", mdata_device_path(cd) ?: "(none)");
if (!crypt_metadata_device(cd))
@@ -920,26 +920,26 @@ int crypt_load(struct crypt_device *cd,
if (!requested_type || isLUKS1(requested_type) || isLUKS2(requested_type)) {
if (cd->type && !isLUKS1(cd->type) && !isLUKS2(cd->type)) {
log_dbg("Context is already initialised to type %s", cd->type);
log_dbg(cd, "Context is already initialised to type %s", cd->type);
return -EINVAL;
}
r = _crypt_load_luks(cd, requested_type, 1, 0);
} else if (isVERITY(requested_type)) {
if (cd->type && !isVERITY(cd->type)) {
log_dbg("Context is already initialised to type %s", cd->type);
log_dbg(cd, "Context is already initialised to type %s", cd->type);
return -EINVAL;
}
r = _crypt_load_verity(cd, params);
} else if (isTCRYPT(requested_type)) {
if (cd->type && !isTCRYPT(cd->type)) {
log_dbg("Context is already initialised to type %s", cd->type);
log_dbg(cd, "Context is already initialised to type %s", cd->type);
return -EINVAL;
}
r = _crypt_load_tcrypt(cd, params);
} else if (isINTEGRITY(requested_type)) {
if (cd->type && !isINTEGRITY(cd->type)) {
log_dbg("Context is already initialised to type %s", cd->type);
log_dbg(cd, "Context is already initialised to type %s", cd->type);
return -EINVAL;
}
r = _crypt_load_integrity(cd, params);
@@ -996,7 +996,7 @@ static void crypt_free_type(struct crypt_device *cd)
free(cd->u.plain.cipher);
free(cd->u.plain.cipher_mode);
} else if (isLUKS2(cd->type)) {
LUKS2_hdr_free(&cd->u.luks2.hdr);
LUKS2_hdr_free(cd, &cd->u.luks2.hdr);
} else if (isLOOPAES(cd->type)) {
free(CONST_CAST(void*)cd->u.loopaes.hdr.hash);
free(cd->u.loopaes.cipher);
@@ -1041,7 +1041,7 @@ static int _init_by_name_crypt(struct crypt_device *cd, const char *name)
r = crypt_parse_name_and_mode(dmd.u.crypt.cipher, cipher,
&key_nums, cipher_mode);
if (r < 0) {
log_dbg("Cannot parse cipher and mode from active device.");
log_dbg(cd, "Cannot parse cipher and mode from active device.");
goto out;
}
@@ -1076,7 +1076,7 @@ static int _init_by_name_crypt(struct crypt_device *cd, const char *name)
if (crypt_metadata_device(cd)) {
r = _crypt_load_luks(cd, cd->type, 0, 0);
if (r < 0) {
log_dbg("LUKS device header does not match active device.");
log_dbg(cd, "LUKS device header does not match active device.");
crypt_set_null_type(cd);
r = 0;
goto out;
@@ -1084,14 +1084,14 @@ static int _init_by_name_crypt(struct crypt_device *cd, const char *name)
/* check whether UUIDs match each other */
r = crypt_uuid_cmp(dmd.uuid, LUKS_UUID(cd));
if (r < 0) {
log_dbg("LUKS device header uuid: %s mismatches DM returned uuid %s",
log_dbg(cd, "LUKS device header uuid: %s mismatches DM returned uuid %s",
LUKS_UUID(cd), dmd.uuid);
crypt_free_type(cd);
r = 0;
goto out;
}
} else {
log_dbg("LUKS device header not available.");
log_dbg(cd, "LUKS device header not available.");
crypt_set_null_type(cd);
r = 0;
}
@@ -1219,7 +1219,7 @@ int crypt_init_by_name_and_header(struct crypt_device **cd,
if (!cd || !name)
return -EINVAL;
log_dbg("Allocating crypt device context by device %s.", name);
log_dbg(NULL, "Allocating crypt device context by device %s.", name);
ci = crypt_status(NULL, name);
if (ci == CRYPT_INVALID)
@@ -1273,9 +1273,9 @@ int crypt_init_by_name_and_header(struct crypt_device **cd,
else if (!strncmp(CRYPT_INTEGRITY, dmd.uuid, sizeof(CRYPT_INTEGRITY)-1))
(*cd)->type = strdup(CRYPT_INTEGRITY);
else
log_dbg("Unknown UUID set, some parameters are not set.");
log_dbg(NULL, "Unknown UUID set, some parameters are not set.");
} else
log_dbg("Active device has no UUID set, some parameters are not set.");
log_dbg(NULL, "Active device has no UUID set, some parameters are not set.");
if (header_device) {
r = crypt_set_data_device(*cd, device_path(dmd.data_device));
@@ -1657,7 +1657,7 @@ static int _crypt_format_luks2(struct crypt_device *cd,
out:
if (r)
LUKS2_hdr_free(&cd->u.luks2.hdr);
LUKS2_hdr_free(cd, &cd->u.luks2.hdr);
return r;
}
@@ -1963,11 +1963,11 @@ int crypt_format(struct crypt_device *cd,
return -EINVAL;
if (cd->type) {
log_dbg("Context already formatted as %s.", cd->type);
log_dbg(cd, "Context already formatted as %s.", cd->type);
return -EINVAL;
}
log_dbg("Formatting device %s as type %s.", mdata_device_path(cd) ?: "(none)", type);
log_dbg(cd, "Formatting device %s as type %s.", mdata_device_path(cd) ?: "(none)", type);
crypt_reset_null_type(cd);
@@ -2013,7 +2013,7 @@ int crypt_repair(struct crypt_device *cd,
if (!cd)
return -EINVAL;
log_dbg("Trying to repair %s crypt type from device %s.",
log_dbg(cd, "Trying to repair %s crypt type from device %s.",
requested_type ?: "any", mdata_device_path(cd) ?: "(none)");
if (!crypt_metadata_device(cd))
@@ -2053,7 +2053,7 @@ int crypt_resize(struct crypt_device *cd, const char *name, uint64_t new_size)
if (!cd || !cd->type || !name)
return -EINVAL;
log_dbg("Resizing device %s to %" PRIu64 " sectors.", name, new_size);
log_dbg(cd, "Resizing device %s to %" PRIu64 " sectors.", name, new_size);
r = dm_query_device(cd, name, DM_ACTIVE_DEVICE | DM_ACTIVE_CRYPT_CIPHER |
DM_ACTIVE_UUID | DM_ACTIVE_CRYPT_KEYSIZE |
@@ -2087,7 +2087,7 @@ int crypt_resize(struct crypt_device *cd, const char *name, uint64_t new_size)
}
if (crypt_loop_device(crypt_get_device_name(cd))) {
log_dbg("Trying to resize underlying loop device %s.",
log_dbg(cd, "Trying to resize underlying loop device %s.",
crypt_get_device_name(cd));
/* Here we always use default size not new_size */
if (crypt_loop_resize(crypt_get_device_name(cd)))
@@ -2107,7 +2107,7 @@ int crypt_resize(struct crypt_device *cd, const char *name, uint64_t new_size)
}
if (new_size == dmd.size) {
log_dbg("Device has already requested size %" PRIu64
log_dbg(cd, "Device has already requested size %" PRIu64
" sectors.", dmd.size);
r = 0;
} else {
@@ -2136,7 +2136,7 @@ int crypt_set_uuid(struct crypt_device *cd, const char *uuid)
const char *active_uuid;
int r;
log_dbg("%s device uuid.", uuid ? "Setting new" : "Refreshing");
log_dbg(cd, "%s device uuid.", uuid ? "Setting new" : "Refreshing");
if ((r = onlyLUKS(cd)))
return r;
@@ -2144,15 +2144,15 @@ int crypt_set_uuid(struct crypt_device *cd, const char *uuid)
active_uuid = crypt_get_uuid(cd);
if (uuid && active_uuid && !strncmp(uuid, active_uuid, UUID_STRING_L)) {
log_dbg("UUID is the same as requested (%s) for device %s.",
log_dbg(cd, "UUID is the same as requested (%s) for device %s.",
uuid, mdata_device_path(cd));
return 0;
}
if (uuid)
log_dbg("Requested new UUID change to %s for %s.", uuid, mdata_device_path(cd));
log_dbg(cd, "Requested new UUID change to %s for %s.", uuid, mdata_device_path(cd));
else
log_dbg("Requested new UUID refresh for %s.", mdata_device_path(cd));
log_dbg(cd, "Requested new UUID refresh for %s.", mdata_device_path(cd));
if (!crypt_confirm(cd, _("Do you really want to change UUID of device?")))
return -EPERM;
@@ -2167,7 +2167,7 @@ int crypt_set_label(struct crypt_device *cd, const char *label, const char *subs
{
int r;
log_dbg("Setting new labels.");
log_dbg(cd, "Setting new labels.");
if ((r = onlyLUKS2(cd)))
return r;
@@ -2192,7 +2192,7 @@ int crypt_header_backup(struct crypt_device *cd,
if (r < 0)
return r;
log_dbg("Requested header backup of device %s (%s) to "
log_dbg(cd, "Requested header backup of device %s (%s) to "
"file %s.", mdata_device_path(cd), requested_type ?: "any type", backup_file);
if (isLUKS1(cd->type) && (!requested_type || isLUKS1(requested_type)))
@@ -2223,7 +2223,7 @@ int crypt_header_restore(struct crypt_device *cd,
if (r < 0)
return r;
log_dbg("Requested header restore to device %s (%s) from "
log_dbg(cd, "Requested header restore to device %s (%s) from "
"file %s.", mdata_device_path(cd), requested_type ?: "any type", backup_file);
version = LUKS2_hdr_version_unlocked(cd, backup_file);
@@ -2264,7 +2264,7 @@ void crypt_free(struct crypt_device *cd)
if (!cd)
return;
log_dbg("Releasing crypt device %s context.", mdata_device_path(cd));
log_dbg(cd, "Releasing crypt device %s context.", mdata_device_path(cd));
dm_backend_exit();
crypt_free_volume_key(cd->volume_key);
@@ -2313,7 +2313,7 @@ int crypt_suspend(struct crypt_device *cd,
if (!cd || !name)
return -EINVAL;
log_dbg("Suspending volume %s.", name);
log_dbg(cd, "Suspending volume %s.", name);
if (cd->type)
r = onlyLUKS(cd);
@@ -2380,7 +2380,7 @@ int crypt_resume_by_passphrase(struct crypt_device *cd,
if (!passphrase || !name)
return -EINVAL;
log_dbg("Resuming volume %s.", name);
log_dbg(cd, "Resuming volume %s.", name);
if ((r = onlyLUKS(cd)))
return r;
@@ -2447,7 +2447,7 @@ int crypt_resume_by_keyfile_device_offset(struct crypt_device *cd,
if (!name || !keyfile)
return -EINVAL;
log_dbg("Resuming volume %s.", name);
log_dbg(cd, "Resuming volume %s.", name);
if ((r = onlyLUKS(cd)))
return r;
@@ -2533,7 +2533,7 @@ int crypt_keyslot_add_by_passphrase(struct crypt_device *cd,
struct luks2_keyslot_params params;
struct volume_key *vk = NULL;
log_dbg("Adding new keyslot, existing passphrase %sprovided,"
log_dbg(cd, "Adding new keyslot, existing passphrase %sprovided,"
"new passphrase %sprovided.",
passphrase ? "" : "not ", new_passphrase ? "" : "not ");
@@ -2622,7 +2622,7 @@ int crypt_keyslot_change_by_passphrase(struct crypt_device *cd,
if (!passphrase || !new_passphrase)
return -EINVAL;
log_dbg("Changing passphrase from old keyslot %d to new %d.",
log_dbg(cd, "Changing passphrase from old keyslot %d to new %d.",
keyslot_old, keyslot_new);
if ((r = onlyLUKS(cd)))
@@ -2645,7 +2645,7 @@ int crypt_keyslot_change_by_passphrase(struct crypt_device *cd,
goto out;
if (keyslot_old != CRYPT_ANY_SLOT && keyslot_old != r) {
log_dbg("Keyslot mismatch.");
log_dbg(cd, "Keyslot mismatch.");
goto out;
}
keyslot_old = r;
@@ -2658,11 +2658,11 @@ int crypt_keyslot_change_by_passphrase(struct crypt_device *cd,
if (keyslot_new < 0)
keyslot_new = keyslot_old;
}
log_dbg("Key change, old slot %d, new slot %d.", keyslot_old, keyslot_new);
log_dbg(cd, "Key change, old slot %d, new slot %d.", keyslot_old, keyslot_new);
if (isLUKS1(cd->type)) {
if (keyslot_old == keyslot_new) {
log_dbg("Key slot %d is going to be overwritten.", keyslot_old);
log_dbg(cd, "Key slot %d is going to be overwritten.", keyslot_old);
(void)crypt_keyslot_destroy(cd, keyslot_old);
}
r = LUKS_set_key(keyslot_new, new_passphrase, new_passphrase_size,
@@ -2676,7 +2676,7 @@ int crypt_keyslot_change_by_passphrase(struct crypt_device *cd,
if (r < 0)
goto out;
} else {
log_dbg("Key slot %d is going to be overwritten.", keyslot_old);
log_dbg(cd, "Key slot %d is going to be overwritten.", keyslot_old);
/* FIXME: improve return code so that we can detect area is damaged */
r = LUKS2_keyslot_wipe(cd, &cd->u.luks2.hdr, keyslot_old, 1);
if (r) {
@@ -2724,7 +2724,7 @@ int crypt_keyslot_add_by_keyfile_device_offset(struct crypt_device *cd,
if (!keyfile || !new_keyfile)
return -EINVAL;
log_dbg("Adding new keyslot, existing keyfile %s, new keyfile %s.",
log_dbg(cd, "Adding new keyslot, existing keyfile %s, new keyfile %s.",
keyfile, new_keyfile);
if ((r = onlyLUKS(cd)))
@@ -2837,7 +2837,7 @@ int crypt_keyslot_add_by_volume_key(struct crypt_device *cd,
if (!passphrase)
return -EINVAL;
log_dbg("Adding new keyslot %d using volume key.", keyslot);
log_dbg(cd, "Adding new keyslot %d using volume key.", keyslot);
if ((r = onlyLUKS(cd)))
return r;
@@ -2875,7 +2875,7 @@ int crypt_keyslot_destroy(struct crypt_device *cd, int keyslot)
crypt_keyslot_info ki;
int r;
log_dbg("Destroying keyslot %d.", keyslot);
log_dbg(cd, "Destroying keyslot %d.", keyslot);
if ((r = _onlyLUKS(cd, CRYPT_CD_UNRESTRICTED)))
return r;
@@ -3044,7 +3044,7 @@ int crypt_activate_by_passphrase(struct crypt_device *cd,
if (!cd || !passphrase)
return -EINVAL;
log_dbg("%s volume %s [keyslot %d] using passphrase.",
log_dbg(cd, "%s volume %s [keyslot %d] using passphrase.",
name ? "Activating" : "Checking", name ?: "passphrase",
keyslot);
@@ -3071,7 +3071,7 @@ int crypt_activate_by_keyfile_device_offset(struct crypt_device *cd,
((flags & CRYPT_ACTIVATE_KEYRING_KEY) && !crypt_use_keyring_for_vk(cd)))
return -EINVAL;
log_dbg("%s volume %s [keyslot %d] using keyfile %s.",
log_dbg(cd, "%s volume %s [keyslot %d] using keyfile %s.",
name ? "Activating" : "Checking", name ?: "passphrase", keyslot, keyfile);
r = _activate_check_status(cd, name);
@@ -3130,7 +3130,7 @@ int crypt_activate_by_volume_key(struct crypt_device *cd,
((flags & CRYPT_ACTIVATE_KEYRING_KEY) && !crypt_use_keyring_for_vk(cd)))
return -EINVAL;
log_dbg("%s volume %s by volume key.", name ? "Activating" : "Checking",
log_dbg(cd, "%s volume %s by volume key.", name ? "Activating" : "Checking",
name ?: "");
r = _activate_check_status(cd, name);
@@ -3270,7 +3270,7 @@ int crypt_deactivate_by_name(struct crypt_device *cd, const char *name, uint32_t
if (!name)
return -EINVAL;
log_dbg("Deactivating volume %s.", name);
log_dbg(cd, "Deactivating volume %s.", name);
if (!cd) {
r = crypt_init_by_name(&fake_cd, name);
@@ -3307,7 +3307,7 @@ int crypt_deactivate_by_name(struct crypt_device *cd, const char *name, uint32_t
log_err(cd, _("Device %s is still in use."), name);
r = -EBUSY;
} else if (namei) {
log_dbg("Deactivating integrity device %s.", namei);
log_dbg(cd, "Deactivating integrity device %s.", namei);
r = dm_remove_device(cd, namei, 0);
}
if (!r)
@@ -3496,7 +3496,7 @@ void crypt_set_rng_type(struct crypt_device *cd, int rng_type)
switch (rng_type) {
case CRYPT_RNG_URANDOM:
case CRYPT_RNG_RANDOM:
log_dbg("RNG set to %d (%s).", rng_type, rng_type ? "random" : "urandom");
log_dbg(cd, "RNG set to %d (%s).", rng_type, rng_type ? "random" : "urandom");
cd->rng_type = rng_type;
}
}
@@ -3931,7 +3931,7 @@ int crypt_keyslot_set_priority(struct crypt_device *cd, int keyslot, crypt_keysl
{
int r;
log_dbg("Setting keyslot %d to priority %d.", keyslot, priority);
log_dbg(cd, "Setting keyslot %d to priority %d.", keyslot, priority);
if (priority == CRYPT_SLOT_PRIORITY_INVALID)
return -EINVAL;
@@ -4035,7 +4035,7 @@ int crypt_convert(struct crypt_device *cd,
if (!type)
return -EINVAL;
log_dbg("Converting LUKS device to type %s", type);
log_dbg(cd, "Converting LUKS device to type %s", type);
if ((r = onlyLUKS(cd)))
return r;
@@ -4096,7 +4096,7 @@ int crypt_activate_by_token(struct crypt_device *cd,
{
int r;
log_dbg("%s volume %s using token %d.",
log_dbg(cd, "%s volume %s using token %d.",
name ? "Activating" : "Checking", name ?: "passphrase", token);
if ((r = _onlyLUKS2(cd, CRYPT_CD_QUIET | CRYPT_CD_UNRESTRICTED)))
@@ -4121,7 +4121,7 @@ int crypt_token_json_get(struct crypt_device *cd, int token, const char **json)
if (!json)
return -EINVAL;
log_dbg("Requesting JSON for token %d.", token);
log_dbg(cd, "Requesting JSON for token %d.", token);
if ((r = _onlyLUKS2(cd, CRYPT_CD_UNRESTRICTED)))
return r;
@@ -4133,7 +4133,7 @@ int crypt_token_json_set(struct crypt_device *cd, int token, const char *json)
{
int r;
log_dbg("Updating JSON for token %d.", token);
log_dbg(cd, "Updating JSON for token %d.", token);
if ((r = onlyLUKS2(cd)))
return r;
@@ -4160,7 +4160,7 @@ int crypt_token_luks2_keyring_get(struct crypt_device *cd,
if (!params)
return -EINVAL;
log_dbg("Requesting LUKS2 keyring token %d.", token);
log_dbg(cd, "Requesting LUKS2 keyring token %d.", token);
if ((r = _onlyLUKS2(cd, CRYPT_CD_UNRESTRICTED)))
return r;
@@ -4168,10 +4168,10 @@ int crypt_token_luks2_keyring_get(struct crypt_device *cd,
token_info = LUKS2_token_status(cd, &cd->u.luks2.hdr, token, &type);
switch (token_info) {
case CRYPT_TOKEN_INVALID:
log_dbg("Token %d is invalid.", token);
log_dbg(cd, "Token %d is invalid.", token);
return -EINVAL;
case CRYPT_TOKEN_INACTIVE:
log_dbg("Token %d is inactive.", token);
log_dbg(cd, "Token %d is inactive.", token);
return -EINVAL;
case CRYPT_TOKEN_INTERNAL:
if (!strcmp(type, LUKS2_TOKEN_KEYRING))
@@ -4180,7 +4180,7 @@ int crypt_token_luks2_keyring_get(struct crypt_device *cd,
case CRYPT_TOKEN_INTERNAL_UNKNOWN:
case CRYPT_TOKEN_EXTERNAL:
case CRYPT_TOKEN_EXTERNAL_UNKNOWN:
log_dbg("Token %d has unexpected type %s.", token, type);
log_dbg(cd, "Token %d has unexpected type %s.", token, type);
return -EINVAL;
}
@@ -4196,7 +4196,7 @@ int crypt_token_luks2_keyring_set(struct crypt_device *cd,
if (!params)
return -EINVAL;
log_dbg("Creating new LUKS2 keyring token (%d).", token);
log_dbg(cd, "Creating new LUKS2 keyring token (%d).", token);
if ((r = onlyLUKS2(cd)))
return r;
@@ -4357,7 +4357,7 @@ int crypt_keyslot_add_by_key(struct crypt_device *cd,
(flags & CRYPT_VOLUME_KEY_SET)))
return -EINVAL;
log_dbg("Adding new keyslot %d with volume key %sassigned to a crypt segment.",
log_dbg(cd, "Adding new keyslot %d with volume key %sassigned to a crypt segment.",
keyslot, flags & CRYPT_VOLUME_KEY_NO_SEGMENT ? "un" : "");
if ((r = onlyLUKS2(cd)))
@@ -4484,15 +4484,15 @@ int crypt_volume_key_load_in_keyring(struct crypt_device *cd, struct volume_key
return -EINVAL;
if (!vk->key_description) {
log_dbg("Invalid key description");
log_dbg(cd, "Invalid key description");
return -EINVAL;
}
log_dbg("Loading key (%zu bytes) in thread keyring.", vk->keylength);
log_dbg(cd, "Loading key (%zu bytes) in thread keyring.", vk->keylength);
r = keyring_add_key_in_thread_keyring(vk->key_description, vk->key, vk->keylength);
if (r) {
log_dbg("keyring_add_key_in_thread_keyring failed (error %d)", r);
log_dbg(cd, "keyring_add_key_in_thread_keyring failed (error %d)", r);
log_err(cd, _("Failed to load key in kernel keyring."));
} else
crypt_set_key_in_keyring(cd, 1);
@@ -4523,11 +4523,11 @@ void crypt_drop_keyring_key(struct crypt_device *cd, const char *key_description
if (!key_description)
return;
log_dbg("Requesting keyring key for revoke and unlink.");
log_dbg(cd, "Requesting keyring key for revoke and unlink.");
r = keyring_revoke_and_unlink_key(key_description);
if (r)
log_dbg("keyring_revoke_and_unlink failed (error %d)", r);
log_dbg(cd, "keyring_revoke_and_unlink failed (error %d)", r);
crypt_set_key_in_keyring(cd, 0);
}
@@ -4544,7 +4544,7 @@ int crypt_activate_by_keyring(struct crypt_device *cd,
if (!cd || !key_description)
return -EINVAL;
log_dbg("%s volume %s [keyslot %d] using passphrase in keyring.",
log_dbg(cd, "%s volume %s [keyslot %d] using passphrase in keyring.",
name ? "Activating" : "Checking", name ?: "passphrase", keyslot);
if (!kernel_keyring_support()) {

33
lib/tcrypt/tcrypt.c
View File

@@ -202,7 +202,8 @@ static struct tcrypt_algs tcrypt_cipher[] = {
{}
};
static int TCRYPT_hdr_from_disk(struct tcrypt_phdr *hdr,
static int TCRYPT_hdr_from_disk(struct crypt_device *cd,
struct tcrypt_phdr *hdr,
struct crypt_params_tcrypt *params,
int kdf_index, int cipher_index)
{
@@ -214,14 +215,14 @@ static int TCRYPT_hdr_from_disk(struct tcrypt_phdr *hdr,
crc32 = crypt_crc32(~0, (unsigned char*)&hdr->d, size) ^ ~0;
if (be16_to_cpu(hdr->d.version) > 3 &&
crc32 != be32_to_cpu(hdr->d.header_crc32)) {
log_dbg("TCRYPT header CRC32 mismatch.");
log_dbg(cd, "TCRYPT header CRC32 mismatch.");
return -EINVAL;
}
/* Check CRC32 of keys */
crc32 = crypt_crc32(~0, (unsigned char*)hdr->d.keys, sizeof(hdr->d.keys)) ^ ~0;
if (crc32 != be32_to_cpu(hdr->d.keys_crc32)) {
log_dbg("TCRYPT keys CRC32 mismatch.");
log_dbg(cd, "TCRYPT keys CRC32 mismatch.");
return -EINVAL;
}
@@ -433,7 +434,7 @@ static int TCRYPT_decrypt_hdr(struct crypt_device *cd, struct tcrypt_phdr *hdr,
for (i = 0; tcrypt_cipher[i].chain_count; i++) {
if (!(flags & CRYPT_TCRYPT_LEGACY_MODES) && tcrypt_cipher[i].legacy)
continue;
log_dbg("TCRYPT: trying cipher %s-%s",
log_dbg(cd, "TCRYPT: trying cipher %s-%s",
tcrypt_cipher[i].long_name, tcrypt_cipher[i].mode);
memcpy(&hdr2.e, &hdr->e, TCRYPT_HDR_LEN);
@@ -450,7 +451,7 @@ static int TCRYPT_decrypt_hdr(struct crypt_device *cd, struct tcrypt_phdr *hdr,
}
if (r < 0) {
log_dbg("TCRYPT: returned error %d, skipped.", r);
log_dbg(cd, "TCRYPT: returned error %d, skipped.", r);
if (r == -ENOTSUP)
break;
r = -ENOENT;
@@ -458,14 +459,14 @@ static int TCRYPT_decrypt_hdr(struct crypt_device *cd, struct tcrypt_phdr *hdr,
}
if (!strncmp(hdr2.d.magic, TCRYPT_HDR_MAGIC, TCRYPT_HDR_MAGIC_LEN)) {
log_dbg("TCRYPT: Signature magic detected.");
log_dbg(cd, "TCRYPT: Signature magic detected.");
memcpy(&hdr->e, &hdr2.e, TCRYPT_HDR_LEN);
r = i;
break;
}
if ((flags & CRYPT_TCRYPT_VERA_MODES) &&
!strncmp(hdr2.d.magic, VCRYPT_HDR_MAGIC, TCRYPT_HDR_MAGIC_LEN)) {
log_dbg("TCRYPT: Signature magic detected (Veracrypt).");
log_dbg(cd, "TCRYPT: Signature magic detected (Veracrypt).");
memcpy(&hdr->e, &hdr2.e, TCRYPT_HDR_LEN);
r = i;
break;
@@ -485,7 +486,7 @@ static int TCRYPT_pool_keyfile(struct crypt_device *cd,
int i, j, fd, data_size, r = -EIO;
uint32_t crc;
log_dbg("TCRYPT: using keyfile %s.", keyfile);
log_dbg(cd, "TCRYPT: using keyfile %s.", keyfile);
data = malloc(TCRYPT_KEYFILE_LEN);
if (!data)
@@ -573,7 +574,7 @@ static int TCRYPT_init_hdr(struct crypt_device *cd,
iterations = tcrypt_kdf[i].iterations;
/* Derive header key */
log_dbg("TCRYPT: trying KDF: %s-%s-%d%s.",
log_dbg(cd, "TCRYPT: trying KDF: %s-%s-%d%s.",
tcrypt_kdf[i].name, tcrypt_kdf[i].hash, tcrypt_kdf[i].iterations,
params->veracrypt_pim && tcrypt_kdf[i].veracrypt ? "-PIM" : "");
r = crypt_pbkdf(tcrypt_kdf[i].name, tcrypt_kdf[i].hash,
@@ -608,15 +609,15 @@ static int TCRYPT_init_hdr(struct crypt_device *cd,
if (r < 0)
goto out;
r = TCRYPT_hdr_from_disk(hdr, params, i, r);
r = TCRYPT_hdr_from_disk(cd, hdr, params, i, r);
if (!r) {
log_dbg("TCRYPT: Magic: %s, Header version: %d, req. %d, sector %d"
log_dbg(cd, "TCRYPT: Magic: %s, Header version: %d, req. %d, sector %d"
", mk_offset %" PRIu64 ", hidden_size %" PRIu64
", volume size %" PRIu64, tcrypt_kdf[i].veracrypt ?
VCRYPT_HDR_MAGIC : TCRYPT_HDR_MAGIC,
(int)hdr->d.version, (int)hdr->d.version_tc, (int)hdr->d.sector_size,
hdr->d.mk_offset, hdr->d.hidden_volume_size, hdr->d.volume_size);
log_dbg("TCRYPT: Header cipher %s-%s, key size %zu",
log_dbg(cd, "TCRYPT: Header cipher %s-%s, key size %zu",
params->cipher, params->mode, params->key_size);
}
out:
@@ -638,14 +639,14 @@ int TCRYPT_read_phdr(struct crypt_device *cd,
assert(sizeof(struct tcrypt_phdr) == 512);
log_dbg("Reading TCRYPT header of size %zu bytes from device %s.",
log_dbg(cd, "Reading TCRYPT header of size %zu bytes from device %s.",
hdr_size, device_path(device));
if (params->flags & CRYPT_TCRYPT_SYSTEM_HEADER &&
crypt_dev_is_partition(device_path(device))) {
base_device_path = crypt_get_base_device(device_path(device));
log_dbg("Reading TCRYPT system header from device %s.", base_device_path ?: "?");
log_dbg(cd, "Reading TCRYPT system header from device %s.", base_device_path ?: "?");
if (!base_device_path)
return -EINVAL;
@@ -743,7 +744,7 @@ int TCRYPT_activate(struct crypt_device *cd,
};
if (!hdr->d.version) {
log_dbg("TCRYPT: this function is not supported without encrypted header load.");
log_dbg(cd, "TCRYPT: this function is not supported without encrypted header load.");
return -ENOTSUP;
}
@@ -843,7 +844,7 @@ int TCRYPT_activate(struct crypt_device *cd,
dmd.u.crypt.offset = 0;
}
log_dbg("Trying to activate TCRYPT device %s using cipher %s.",
log_dbg(cd, "Trying to activate TCRYPT device %s using cipher %s.",
dm_name, dmd.u.crypt.cipher);
r = dm_create_device(cd, dm_name, CRYPT_TCRYPT, &dmd, 0);

10
lib/utils.c
View File

@@ -70,9 +70,9 @@ static int _memlock_count = 0;
int crypt_memlock_inc(struct crypt_device *ctx)
{
if (!_memlock_count++) {
log_dbg("Locking memory.");
log_dbg(ctx, "Locking memory.");
if (mlockall(MCL_CURRENT | MCL_FUTURE) == -1) {
log_dbg("Cannot lock memory with mlockall.");
log_dbg(ctx, "Cannot lock memory with mlockall.");
_memlock_count--;
return 0;
}
@@ -81,7 +81,7 @@ int crypt_memlock_inc(struct crypt_device *ctx)
log_err(ctx, _("Cannot get process priority."));
else
if (setpriority(PRIO_PROCESS, 0, DEFAULT_PROCESS_PRIORITY))
log_dbg("setpriority %d failed: %s",
log_dbg(ctx, "setpriority %d failed: %s",
DEFAULT_PROCESS_PRIORITY, strerror(errno));
}
return _memlock_count ? 1 : 0;
@@ -90,11 +90,11 @@ int crypt_memlock_inc(struct crypt_device *ctx)
int crypt_memlock_dec(struct crypt_device *ctx)
{
if (_memlock_count && (!--_memlock_count)) {
log_dbg("Unlocking memory.");
log_dbg(ctx, "Unlocking memory.");
if (munlockall() == -1)
log_err(ctx, _("Cannot unlock memory."));
if (setpriority(PRIO_PROCESS, 0, _priority))
log_dbg("setpriority %d failed: %s", _priority, strerror(errno));
log_dbg(ctx, "setpriority %d failed: %s", _priority, strerror(errno));
}
return _memlock_count ? 1 : 0;
}

30
lib/utils_benchmark.c
View File

@@ -63,7 +63,8 @@ static int time_ms(struct timespec *start, struct timespec *end, double *ms)
return 0;
}
static int cipher_perf_one(struct cipher_perf *cp, char *buf,
static int cipher_perf_one(struct crypt_device *cd,
struct cipher_perf *cp, char *buf,
size_t buf_size, int enc)
{
struct crypt_cipher *cipher = NULL;
@@ -75,7 +76,7 @@ static int cipher_perf_one(struct cipher_perf *cp, char *buf,
r = crypt_cipher_init(&cipher, cp->name, cp->mode, cp->key, cp->key_length);
if (r < 0) {
log_dbg("Cannot initialise cipher %s, mode %s.", cp->name, cp->mode);
log_dbg(cd, "Cannot initialise cipher %s, mode %s.", cp->name, cp->mode);
return r;
}
@@ -99,7 +100,8 @@ static int cipher_perf_one(struct cipher_perf *cp, char *buf,
return r;
}
static int cipher_measure(struct cipher_perf *cp, char *buf,
static int cipher_measure(struct crypt_device *cd,
struct cipher_perf *cp, char *buf,
size_t buf_size, int encrypt, double *ms)
{
struct timespec start, end;
@@ -112,7 +114,7 @@ static int cipher_measure(struct cipher_perf *cp, char *buf,
if (clock_gettime(CLOCK_MONOTONIC, &start) < 0)
return -EINVAL;
r = cipher_perf_one(cp, buf, buf_size, encrypt);
r = cipher_perf_one(cd, cp, buf, buf_size, encrypt);
if (r < 0)
return r;
@@ -124,7 +126,7 @@ static int cipher_measure(struct cipher_perf *cp, char *buf,
return r;
if (*ms < CIPHER_TIME_MIN_MS) {
log_dbg("Measured cipher runtime (%1.6f) is too low.", *ms);
log_dbg(cd, "Measured cipher runtime (%1.6f) is too low.", *ms);
return -ERANGE;
}
@@ -138,7 +140,7 @@ static double speed_mbs(unsigned long bytes, double ms)
return speed / (1024 * 1024) / s;
}
static int cipher_perf(struct cipher_perf *cp,
static int cipher_perf(struct crypt_device *cd, struct cipher_perf *cp,
double *encryption_mbs, double *decryption_mbs)
{
double ms_enc, ms_dec, ms;
@@ -151,7 +153,7 @@ static int cipher_perf(struct cipher_perf *cp,
ms_enc = 0.0;
repeat_enc = 1;
while (ms_enc < 1000.0) {
r = cipher_measure(cp, buf, cp->buffer_size, 1, &ms);
r = cipher_measure(cd, cp, buf, cp->buffer_size, 1, &ms);
if (r < 0) {
free(buf);
return r;
@@ -163,7 +165,7 @@ static int cipher_perf(struct cipher_perf *cp,
ms_dec = 0.0;
repeat_dec = 1;
while (ms_dec < 1000.0) {
r = cipher_measure(cp, buf, cp->buffer_size, 0, &ms);
r = cipher_measure(cd, cp, buf, cp->buffer_size, 0, &ms);
if (r < 0) {
free(buf);
return r;
@@ -224,7 +226,7 @@ int crypt_benchmark(struct crypt_device *cd,
if ((c = strchr(cp.mode, '-')))
*c = '\0';
r = cipher_perf(&cp, encryption_mbs, decryption_mbs);
r = cipher_perf(cd, &cp, encryption_mbs, decryption_mbs);
out:
free(cp.key);
free(cp.iv);
@@ -253,7 +255,7 @@ int crypt_benchmark_pbkdf(struct crypt_device *cd,
kdf_opt = !strcmp(pbkdf->type, CRYPT_KDF_PBKDF2) ? pbkdf->hash : "";
log_dbg("Running %s(%s) benchmark.", pbkdf->type, kdf_opt);
log_dbg(cd, "Running %s(%s) benchmark.", pbkdf->type, kdf_opt);
r = crypt_pbkdf_perf(pbkdf->type, pbkdf->hash, password, password_size,
salt, salt_size, volume_key_size, pbkdf->time_ms,
@@ -261,7 +263,7 @@ int crypt_benchmark_pbkdf(struct crypt_device *cd,
&pbkdf->iterations, &pbkdf->max_memory_kb, progress, usrptr);
if (!r)
log_dbg("Benchmark returns %s(%s) %u iterations, %u memory, %u threads (for %zu-bits key).",
log_dbg(cd, "Benchmark returns %s(%s) %u iterations, %u memory, %u threads (for %zu-bits key).",
pbkdf->type, kdf_opt, pbkdf->iterations, pbkdf->max_memory_kb,
pbkdf->parallel_threads, volume_key_size * 8);
return r;
@@ -271,7 +273,7 @@ static int benchmark_callback(uint32_t time_ms, void *usrptr)
{
struct crypt_pbkdf_type *pbkdf = usrptr;
log_dbg("PBKDF benchmark: memory cost = %u, iterations = %u, "
log_dbg(NULL, "PBKDF benchmark: memory cost = %u, iterations = %u, "
"threads = %u (took %u ms)", pbkdf->max_memory_kb,
pbkdf->iterations, pbkdf->parallel_threads, time_ms);
@@ -300,7 +302,7 @@ int crypt_benchmark_pbkdf_internal(struct crypt_device *cd,
if (pbkdf->flags & CRYPT_PBKDF_NO_BENCHMARK) {
if (pbkdf->iterations) {
log_dbg("Reusing PBKDF values (no benchmark flag is set).");
log_dbg(cd, "Reusing PBKDF values (no benchmark flag is set).");
return 0;
}
log_err(cd, _("PBKDF benchmark disabled but iterations not set."));
@@ -334,7 +336,7 @@ int crypt_benchmark_pbkdf_internal(struct crypt_device *cd,
} else {
/* Already benchmarked */
if (pbkdf->iterations) {
log_dbg("Reusing PBKDF values.");
log_dbg(cd, "Reusing PBKDF values.");
return 0;
}

42
lib/utils_device.c
View File

@@ -160,7 +160,7 @@ static int device_ready(struct device *device)
size_t tmp_size;
if (device->o_direct) {
log_dbg("Trying to open and read device %s with direct-io.",
log_dbg(NULL, "Trying to open and read device %s with direct-io.",
device_path(device));
device->o_direct = 0;
devfd = open(device_path(device), O_RDONLY | O_DIRECT);
@@ -175,7 +175,7 @@ static int device_ready(struct device *device)
}
if (devfd < 0) {
log_dbg("Trying to open device %s without direct-io.",
log_dbg(NULL, "Trying to open device %s without direct-io.",
device_path(device));
devfd = open(device_path(device), O_RDONLY);
}
@@ -214,10 +214,10 @@ static int _open_locked(struct device *device, int flags)
{
int fd;
log_dbg("Opening locked device %s", device_path(device));
log_dbg(NULL, "Opening locked device %s", device_path(device));
if ((flags & O_ACCMODE) != O_RDONLY && device_locked_readonly(device->lh)) {
log_dbg("Can not open locked device %s in write mode. Read lock held.", device_path(device));
log_dbg(NULL, "Can not open locked device %s in write mode. Read lock held.", device_path(device));
return -EAGAIN;
}
@@ -225,10 +225,10 @@ static int _open_locked(struct device *device, int flags)
if (fd < 0)
return -errno;
if (device_locked_verify(fd, device->lh)) {
if (device_locked_verify(NULL, fd, device->lh)) {
/* fd doesn't correspond to a locked resource */
close(fd);
log_dbg("Failed to verify lock resource for device %s.", device_path(device));
log_dbg(NULL, "Failed to verify lock resource for device %s.", device_path(device));
return -EINVAL;
}
@@ -242,7 +242,7 @@ static int _open_locked(struct device *device, int flags)
void device_sync(struct device *device, int devfd)
{
if (fsync(devfd) == -1)
log_dbg("Cannot sync device %s.", device_path(device));
log_dbg(NULL, "Cannot sync device %s.", device_path(device));
}
/*
@@ -267,7 +267,7 @@ static int device_open_internal(struct device *device, int flags)
devfd = open(device_path(device), flags);
if (devfd < 0)
log_dbg("Cannot open device %s%s.",
log_dbg(NULL, "Cannot open device %s%s.",
device_path(device),
(flags & O_ACCMODE) != O_RDONLY ? " for write" : "");
@@ -345,7 +345,7 @@ void device_free(struct device *device)
return;
if (device->loop_fd != -1) {
log_dbg("Closed loop %s (%s).", device->path, device->file_path);
log_dbg(NULL, "Closed loop %s (%s).", device->path, device->file_path);
close(device->loop_fd);
}
@@ -421,7 +421,7 @@ void device_topology_alignment(struct device *device,
/* minimum io size */
if (ioctl(fd, BLKIOMIN, &min_io_size) == -1) {
log_dbg("Topology info for %s not supported, using default offset %lu bytes.",
log_dbg(NULL, "Topology info for %s not supported, using default offset %lu bytes.",
device->path, default_alignment);
goto out;
}
@@ -446,7 +446,7 @@ void device_topology_alignment(struct device *device,
if (temp_alignment && (default_alignment % temp_alignment))
*required_alignment = temp_alignment;
log_dbg("Topology: IO (%u/%u), offset = %lu; Required alignment is %lu bytes.",
log_dbg(NULL, "Topology: IO (%u/%u), offset = %lu; Required alignment is %lu bytes.",
min_io_size, opt_io_size, *alignment_offset, *required_alignment);
out:
(void)close(fd);
@@ -469,7 +469,7 @@ size_t device_block_size(struct device *device)
}
if (!device->block_size)
log_dbg("Cannot get block size for device %s.", device_path(device));
log_dbg(NULL, "Cannot get block size for device %s.", device_path(device));
return device->block_size;
}
@@ -646,7 +646,7 @@ static int device_internal_prepare(struct crypt_device *cd, struct device *devic
return -ENOTSUP;
}
log_dbg("Allocating a free loop device.");
log_dbg(cd, "Allocating a free loop device.");
/* Keep the loop open, dettached on last close. */
loop_fd = crypt_loop_attach(&loop_device, device->path, 0, 1, &readonly);
@@ -713,7 +713,7 @@ int device_block_adjust(struct crypt_device *cd,
/* in case of size is set by parameter */
if (size && ((real_size - device_offset) < *size)) {
log_dbg("Device %s: offset = %" PRIu64 " requested size = %" PRIu64
log_dbg(cd, "Device %s: offset = %" PRIu64 " requested size = %" PRIu64
", backing device size = %" PRIu64,
device->path, device_offset, *size, real_size);
log_err(cd, _("Device %s is too small."), device_path(device));
@@ -724,7 +724,7 @@ int device_block_adjust(struct crypt_device *cd,
*flags |= CRYPT_ACTIVATE_READONLY;
if (size)
log_dbg("Calculated device size is %" PRIu64" sectors (%s), offset %" PRIu64 ".",
log_dbg(cd, "Calculated device size is %" PRIu64" sectors (%s), offset %" PRIu64 ".",
*size, real_readonly ? "RO" : "RW", device_offset);
return 0;
}
@@ -798,7 +798,7 @@ int device_read_lock(struct crypt_device *cd, struct device *device)
device->lh = device_read_lock_handle(cd, device_path(device));
if (device_locked(device->lh)) {
log_dbg("Device %s READ lock taken.", device_path(device));
log_dbg(cd, "Device %s READ lock taken.", device_path(device));
return 0;
}
@@ -815,7 +815,7 @@ int device_write_lock(struct crypt_device *cd, struct device *device)
device->lh = device_write_lock_handle(cd, device_path(device));
if (device_locked(device->lh)) {
log_dbg("Device %s WRITE lock taken.", device_path(device));
log_dbg(cd, "Device %s WRITE lock taken.", device_path(device));
return 0;
}
@@ -829,9 +829,9 @@ void device_read_unlock(struct device *device)
assert(device_locked(device->lh) && device_locked_readonly(device->lh));
device_unlock_handle(device->lh);
device_unlock_handle(NULL, device->lh);
log_dbg("Device %s READ lock released.", device_path(device));
log_dbg(NULL, "Device %s READ lock released.", device_path(device));
device->lh = NULL;
}
@@ -843,9 +843,9 @@ void device_write_unlock(struct device *device)
assert(device_locked(device->lh) && !device_locked_readonly(device->lh));
device_unlock_handle(device->lh);
device_unlock_handle(NULL, device->lh);
log_dbg("Device %s WRITE lock released.", device_path(device));
log_dbg(NULL, "Device %s WRITE lock released.", device_path(device));
device->lh = NULL;
}

50
lib/utils_device_locking.c
View File

@@ -75,7 +75,7 @@ static int open_lock_dir(struct crypt_device *cd, const char *dir, const char *b
dirfd = open(dir, O_RDONLY | O_DIRECTORY | O_CLOEXEC);
if (dirfd < 0) {
log_dbg("Failed to open directory %s: (%d: %s).", dir, errno, strerror(errno));
log_dbg(cd, "Failed to open directory %s: (%d: %s).", dir, errno, strerror(errno));
if (errno == ENOTDIR || errno == ENOENT)
log_err(cd, _("Locking aborted. The locking path %s/%s is unusable (not a directory or missing)."), dir, base);
return -EINVAL;
@@ -88,11 +88,11 @@ static int open_lock_dir(struct crypt_device *cd, const char *dir, const char *b
/* success or failure w/ errno == EEXIST either way just try to open the 'base' directory again */
if (mkdirat(dirfd, base, DEFAULT_LUKS2_LOCK_DIR_PERMS) && errno != EEXIST)
log_dbg("Failed to create directory %s in %s (%d: %s).", base, dir, errno, strerror(errno));
log_dbg(cd, "Failed to create directory %s in %s (%d: %s).", base, dir, errno, strerror(errno));
else
lockdfd = openat(dirfd, base, O_RDONLY | O_NOFOLLOW | O_DIRECTORY | O_CLOEXEC);
} else {
log_dbg("Failed to open directory %s/%s: (%d: %s)", dir, base, errno, strerror(errno));
log_dbg(cd, "Failed to open directory %s/%s: (%d: %s)", dir, base, errno, strerror(errno));
if (errno == ENOTDIR || errno == ELOOP)
log_err(cd, _("Locking aborted. The locking path %s/%s is unusable (%s is not a directory)."), dir, base, base);
}
@@ -112,7 +112,7 @@ static int open_resource(struct crypt_device *cd, const char *res)
if (lockdir_fd < 0)
return -EINVAL;
log_dbg("Opening lock resource file %s/%s", DEFAULT_LUKS2_LOCK_PATH, res);
log_dbg(cd, "Opening lock resource file %s/%s", DEFAULT_LUKS2_LOCK_PATH, res);
r = openat(lockdir_fd, res, O_CREAT | O_NOFOLLOW | O_RDWR | O_CLOEXEC, 0777);
err = errno;
@@ -169,7 +169,7 @@ static int acquire_lock_handle(struct crypt_device *cd, const char *device_path,
return 0;
}
static void release_lock_handle(struct crypt_lock_handle *h)
static void release_lock_handle(struct crypt_device *cd, struct crypt_lock_handle *h)
{
char res[PATH_MAX];
struct stat buf_a, buf_b;
@@ -182,11 +182,11 @@ static void release_lock_handle(struct crypt_lock_handle *h)
same_inode(buf_a, buf_b)) { /* is it same id as the one referenced by fd? */
/* coverity[toctou] */
if (unlink(res)) /* yes? unlink the file */
log_dbg("Failed to unlink resource file: %s", res);
log_dbg(cd, "Failed to unlink resource file: %s", res);
}
if (close(h->flock_fd))
log_dbg("Failed to close resource fd (%d).", h->flock_fd);
log_dbg(cd, "Failed to close resource fd (%d).", h->flock_fd);
}
int device_locked(struct crypt_lock_handle *h)
@@ -230,16 +230,16 @@ struct crypt_lock_handle *device_read_lock_handle(struct crypt_device *cd, const
if (r)
break;
log_dbg("Acquiring read lock for device %s.", device_path);
log_dbg(cd, "Acquiring read lock for device %s.", device_path);
if (flock(h->flock_fd, LOCK_SH)) {
log_dbg("Shared flock failed with errno %d.", errno);
log_dbg(cd, "Shared flock failed with errno %d.", errno);
r = -EINVAL;
release_lock_handle(h);
release_lock_handle(cd, h);
break;
}
log_dbg("Verifying read lock handle for device %s.", device_path);
log_dbg(cd, "Verifying read lock handle for device %s.", device_path);
/*
* check whether another libcryptsetup process removed resource file before this
@@ -248,8 +248,8 @@ struct crypt_lock_handle *device_read_lock_handle(struct crypt_device *cd, const
r = verify_lock_handle(device_path, h);
if (r) {
flock(h->flock_fd, LOCK_UN);
release_lock_handle(h);
log_dbg("Read lock handle verification failed.");
release_lock_handle(cd, h);
log_dbg(cd, "Read lock handle verification failed.");
}
} while (r == -EAGAIN);
@@ -276,16 +276,16 @@ struct crypt_lock_handle *device_write_lock_handle(struct crypt_device *cd, cons
if (r)
break;
log_dbg("Acquiring write lock for device %s.", device_path);
log_dbg(cd, "Acquiring write lock for device %s.", device_path);
if (flock(h->flock_fd, LOCK_EX)) {
log_dbg("Exclusive flock failed with errno %d.", errno);
log_dbg(cd, "Exclusive flock failed with errno %d.", errno);
r = -EINVAL;
release_lock_handle(h);
release_lock_handle(cd, h);
break;
}
log_dbg("Verifying write lock handle for device %s.", device_path);
log_dbg(cd, "Verifying write lock handle for device %s.", device_path);
/*
* check whether another libcryptsetup process removed resource file before this
@@ -294,8 +294,8 @@ struct crypt_lock_handle *device_write_lock_handle(struct crypt_device *cd, cons
r = verify_lock_handle(device_path, h);
if (r) {
flock(h->flock_fd, LOCK_UN);
release_lock_handle(h);
log_dbg("Write lock handle verification failed.");
release_lock_handle(cd, h);
log_dbg(cd, "Write lock handle verification failed.");
}
} while (r == -EAGAIN);
@@ -309,17 +309,17 @@ struct crypt_lock_handle *device_write_lock_handle(struct crypt_device *cd, cons
return h;
}
void device_unlock_handle(struct crypt_lock_handle *h)
void device_unlock_handle(struct crypt_device *cd, struct crypt_lock_handle *h)
{
if (flock(h->flock_fd, LOCK_UN))
log_dbg("flock on fd %d failed.", h->flock_fd);
log_dbg(cd, "flock on fd %d failed.", h->flock_fd);
release_lock_handle(h);
release_lock_handle(cd, h);
free(h);
}
int device_locked_verify(int dev_fd, struct crypt_lock_handle *h)
int device_locked_verify(struct crypt_device *cd, int dev_fd, struct crypt_lock_handle *h)
{
char res[PATH_MAX];
struct stat dev_st, lck_st, st;
@@ -329,11 +329,11 @@ int device_locked_verify(int dev_fd, struct crypt_lock_handle *h)
/* if device handle is regular file the handle must match the lock handle */
if (S_ISREG(dev_st.st_mode)) {
log_dbg("Veryfing locked device handle (regular file)");
log_dbg(cd, "Veryfing locked device handle (regular file)");
if (!same_inode(dev_st, lck_st))
return 1;
} else if (S_ISBLK(dev_st.st_mode)) {
log_dbg("Veryfing locked device handle (bdev)");
log_dbg(cd, "Veryfing locked device handle (bdev)");
if (resource_by_devno(res, sizeof(res), dev_st.st_rdev, 1) ||
stat(res, &st) ||
!same_inode(lck_st, st))

4
lib/utils_device_locking.h
View File

@@ -30,8 +30,8 @@ int device_locked(struct crypt_lock_handle *h);
struct crypt_lock_handle *device_read_lock_handle(struct crypt_device *cd, const char *device_path);
struct crypt_lock_handle *device_write_lock_handle(struct crypt_device *cd, const char *device_path);
void device_unlock_handle(struct crypt_lock_handle *h);
void device_unlock_handle(struct crypt_device *cd, struct crypt_lock_handle *h);
int device_locked_verify(int fd, struct crypt_lock_handle *h);
int device_locked_verify(struct crypt_device *cd, int fd, struct crypt_lock_handle *h);
#endif

14
lib/utils_pbkdf.c
View File

@@ -201,7 +201,7 @@ int init_pbkdf_type(struct crypt_device *cd,
cd_pbkdf->parallel_threads = pbkdf->parallel_threads;
if (cd_pbkdf->parallel_threads > pbkdf_limits.max_parallel) {
log_dbg("Maximum PBKDF threads is %d (requested %d).",
log_dbg(cd, "Maximum PBKDF threads is %d (requested %d).",
pbkdf_limits.max_parallel, cd_pbkdf->parallel_threads);
cd_pbkdf->parallel_threads = pbkdf_limits.max_parallel;
}
@@ -209,7 +209,7 @@ int init_pbkdf_type(struct crypt_device *cd,
if (cd_pbkdf->parallel_threads) {
cpus = crypt_cpusonline();
if (cd_pbkdf->parallel_threads > cpus) {
log_dbg("Only %u active CPUs detected, "
log_dbg(cd, "Only %u active CPUs detected, "
"PBKDF threads decreased from %d to %d.",
cpus, cd_pbkdf->parallel_threads, cpus);
cd_pbkdf->parallel_threads = cpus;
@@ -219,14 +219,14 @@ int init_pbkdf_type(struct crypt_device *cd,
if (cd_pbkdf->max_memory_kb) {
memory_kb = adjusted_phys_memory();
if (cd_pbkdf->max_memory_kb > memory_kb) {
log_dbg("Not enough physical memory detected, "
log_dbg(cd, "Not enough physical memory detected, "
"PBKDF max memory decreased from %dkB to %dkB.",
cd_pbkdf->max_memory_kb, memory_kb);
cd_pbkdf->max_memory_kb = memory_kb;
}
}
log_dbg("PBKDF %s, hash %s, time_ms %u (iterations %u), max_memory_kb %u, parallel_threads %u.",
log_dbg(cd, "PBKDF %s, hash %s, time_ms %u (iterations %u), max_memory_kb %u, parallel_threads %u.",
cd_pbkdf->type ?: "(none)", cd_pbkdf->hash ?: "(none)", cd_pbkdf->time_ms,
cd_pbkdf->iterations, cd_pbkdf->max_memory_kb, cd_pbkdf->parallel_threads);
@@ -241,7 +241,7 @@ int crypt_set_pbkdf_type(struct crypt_device *cd, const struct crypt_pbkdf_type
return -EINVAL;
if (!pbkdf)
log_dbg("Resetting pbkdf type to default");
log_dbg(cd, "Resetting pbkdf type to default");
crypt_get_pbkdf(cd)->flags = 0;
@@ -283,7 +283,7 @@ void crypt_set_iteration_time(struct crypt_device *cd, uint64_t iteration_time_m
if (pbkdf->type && verify_pbkdf_params(cd, pbkdf)) {
pbkdf->time_ms = old_time_ms;
log_dbg("Invalid iteration time.");
log_dbg(cd, "Invalid iteration time.");
return;
}
@@ -293,5 +293,5 @@ void crypt_set_iteration_time(struct crypt_device *cd, uint64_t iteration_time_m
pbkdf->flags &= ~(CRYPT_PBKDF_NO_BENCHMARK);
pbkdf->iterations = 0;
log_dbg("Iteration time set to %" PRIu64 " milliseconds.", iteration_time_ms);
log_dbg(cd, "Iteration time set to %" PRIu64 " milliseconds.", iteration_time_ms);
}

4
lib/utils_wipe.c
View File

@@ -191,7 +191,7 @@ int crypt_wipe_device(struct crypt_device *cd,
}
if (pattern == CRYPT_WIPE_SPECIAL && !device_is_rotational(device)) {
log_dbg("Non-rotational device, using random data wipe mode.");
log_dbg(cd, "Non-rotational device, using random data wipe mode.");
pattern = CRYPT_WIPE_RANDOM;
}
@@ -253,7 +253,7 @@ int crypt_wipe(struct crypt_device *cd,
if (!wipe_block_size)
wipe_block_size = 1024*1024;
log_dbg("Wipe [%u] device %s, offset %" PRIu64 ", length %" PRIu64 ", block %zu.",
log_dbg(cd, "Wipe [%u] device %s, offset %" PRIu64 ", length %" PRIu64 ", block %zu.",
(unsigned)pattern, device_path(device), offset, length, wipe_block_size);
r = crypt_wipe_device(cd, device, pattern, offset, length,

10
lib/verity/verity.c
View File

@@ -62,7 +62,7 @@ int VERITY_read_sb(struct crypt_device *cd,
ssize_t hdr_size = sizeof(struct verity_sb);
int devfd = 0, sb_version;
log_dbg("Reading VERITY header of size %zu on device %s, offset %" PRIu64 ".",
log_dbg(cd, "Reading VERITY header of size %zu on device %s, offset %" PRIu64 ".",
sizeof(struct verity_sb), device_path(device), sb_offset);
if (params->flags & CRYPT_VERITY_NO_HEADER) {
@@ -162,7 +162,7 @@ int VERITY_write_sb(struct crypt_device *cd,
uuid_t uuid;
int r, devfd = 0;
log_dbg("Updating VERITY header of size %zu on device %s, offset %" PRIu64 ".",
log_dbg(cd, "Updating VERITY header of size %zu on device %s, offset %" PRIu64 ".",
sizeof(struct verity_sb), device_path(device), sb_offset);
if (!uuid_string || uuid_parse(uuid_string, uuid) == -1) {
@@ -247,15 +247,15 @@ int VERITY_activate(struct crypt_device *cd,
unsigned int fec_errors = 0;
int r;
log_dbg("Trying to activate VERITY device %s using hash %s.",
log_dbg(cd, "Trying to activate VERITY device %s using hash %s.",
name ?: "[none]", verity_hdr->hash_name);
if (verity_hdr->flags & CRYPT_VERITY_CHECK_HASH) {
log_dbg("Verification of data in userspace required.");
log_dbg(cd, "Verification of data in userspace required.");
r = VERITY_verify(cd, verity_hdr, root_hash, root_hash_size);
if (r == -EPERM && fec_device) {
log_dbg("Verification failed, trying to repair with FEC device.");
log_dbg(cd, "Verification failed, trying to repair with FEC device.");
r = VERITY_FEC_process(cd, verity_hdr, fec_device, 1, &fec_errors);
if (r < 0)
log_err(cd, _("Errors cannot be repaired with FEC device."));

2
lib/verity/verity_fec.c
View File

@@ -244,7 +244,7 @@ int VERITY_FEC_process(struct crypt_device *cd,
}
if (lseek(fd, params->fec_area_offset, SEEK_SET) < 0) {
log_dbg("Cannot seek to requested position in FEC device.");
log_dbg(cd, "Cannot seek to requested position in FEC device.");
goto out;
}

28
lib/verity/verity_hash.c
View File

@@ -51,7 +51,7 @@ static int verify_zero(struct crypt_device *cd, FILE *wr, size_t bytes)
size_t i;
if (fread(block, bytes, 1, wr) != 1) {
log_dbg("EIO while reading spare area.");
log_dbg(cd, "EIO while reading spare area.");
return -EIO;
}
for (i = 0; i < bytes; i++)
@@ -162,12 +162,12 @@ static int create_or_verify(struct crypt_device *cd, FILE *rd, FILE *wr,
}
if (fseeko(rd, seek_rd, SEEK_SET)) {
log_dbg("Cannot seek to requested position in data device.");
log_dbg(cd, "Cannot seek to requested position in data device.");
return -EIO;
}
if (wr && fseeko(wr, seek_wr, SEEK_SET)) {
log_dbg("Cannot seek to requested position in hash device.");
log_dbg(cd, "Cannot seek to requested position in hash device.");
return -EIO;
}
@@ -179,7 +179,7 @@ static int create_or_verify(struct crypt_device *cd, FILE *rd, FILE *wr,
break;
blocks--;
if (fread(data_buffer, data_block_size, 1, rd) != 1) {
log_dbg("Cannot read data device block.");
log_dbg(cd, "Cannot read data device block.");
return -EIO;
}
@@ -193,7 +193,7 @@ static int create_or_verify(struct crypt_device *cd, FILE *rd, FILE *wr,
break;
if (verify) {
if (fread(read_digest, digest_size, 1, wr) != 1) {
log_dbg("Cannot read digest form hash device.");
log_dbg(cd, "Cannot read digest form hash device.");
return -EIO;
}
if (memcmp(read_digest, calculated_digest, digest_size)) {
@@ -203,7 +203,7 @@ static int create_or_verify(struct crypt_device *cd, FILE *rd, FILE *wr,
}
} else {
if (fwrite(calculated_digest, digest_size, 1, wr) != 1) {
log_dbg("Cannot write digest to hash device.");
log_dbg(cd, "Cannot write digest to hash device.");
return -EIO;
}
}
@@ -216,7 +216,7 @@ static int create_or_verify(struct crypt_device *cd, FILE *rd, FILE *wr,
if (r)
return r;
} else if (fwrite(left_block, digest_size_full - digest_size, 1, wr) != 1) {
log_dbg("Cannot write spare area to hash device.");
log_dbg(cd, "Cannot write spare area to hash device.");
return -EIO;
}
}
@@ -229,7 +229,7 @@ static int create_or_verify(struct crypt_device *cd, FILE *rd, FILE *wr,
if (r)
return r;
} else if (fwrite(left_block, left_bytes, 1, wr) != 1) {
log_dbg("Cannot write remaining spare area to hash device.");
log_dbg(cd, "Cannot write remaining spare area to hash device.");
return -EIO;
}
}
@@ -263,7 +263,7 @@ static int VERITY_create_or_verify_hash(struct crypt_device *cd,
uint64_t dev_size;
int levels, i, r;
log_dbg("Hash %s %s, data device %s, data blocks %" PRIu64
log_dbg(cd, "Hash %s %s, data device %s, data blocks %" PRIu64
", hash_device %s, offset %" PRIu64 ".",
verify ? "verification" : "creation", hash_name,
device_path(data_device), data_blocks,
@@ -294,14 +294,14 @@ static int VERITY_create_or_verify_hash(struct crypt_device *cd,
return -EINVAL;
}
log_dbg("Using %d hash levels.", levels);
log_dbg(cd, "Using %d hash levels.", levels);
if (mult_overflow(&hash_device_size, hash_position, hash_block_size)) {
log_err(cd, _("Device offset overflow."));
return -EINVAL;
}
log_dbg("Data device size required: %" PRIu64 " bytes.",
log_dbg(cd, "Data device size required: %" PRIu64 " bytes.",
data_device_size);
data_file = fopen(device_path(data_device), "r");
if (!data_file) {
@@ -312,7 +312,7 @@ static int VERITY_create_or_verify_hash(struct crypt_device *cd,
goto out;
}
log_dbg("Hash device size required: %" PRIu64 " bytes.",
log_dbg(cd, "Hash device size required: %" PRIu64 " bytes.",
hash_device_size);
hash_file = fopen(device_path(hash_device), verify ? "r" : "r+");
if (!hash_file) {
@@ -369,12 +369,12 @@ out:
if (r)
log_err(cd, _("Verification of data area failed."));
else {
log_dbg("Verification of data area succeeded.");
log_dbg(cd, "Verification of data area succeeded.");
r = memcmp(root_hash, calculated_digest, digest_size) ? -EPERM : 0;
if (r)
log_err(cd, _("Verification of root hash failed."));
else
log_dbg("Verification of root hash succeeded.");
log_dbg(cd, "Verification of root hash succeeded.");
}
} else {
if (r == -EIO)