eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-05 16:00:05 +01:00
Code Issues Packages Projects Releases Wiki Activity

Check for multiple online reencrypt requirement flags.

Browse Source 
Having multiple online-reencrypt requirements flags
candidate in config section should invalidate LUKS2
metadata.
This commit is contained in:
Ondrej Kozina
2022-07-11 13:43:48 +02:00
parent 13f6dfa61f
commit af68e8a1da
1 changed files with 37 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
lib/luks2/luks2_json_metadata.c
View File

@@ -1013,10 +1013,36 @@ static int hdr_validate_config(struct crypt_device *cd, json_object *hdr_jobj)
return 0;
}
static bool reencrypt_candidate_flag(const char *flag)
{
const char *ptr;
assert(flag);
if (!strcmp(flag, "online-reencrypt"))
return true;
if (strncmp(flag, "online-reencrypt-v", 18))
return false;
ptr = flag + 18;
if (!*ptr)
return false;
while (*ptr) {
if (!isdigit(*ptr))
return false;
ptr++;
}
return true;
}
static int hdr_validate_requirements(struct crypt_device *cd, json_object *hdr_jobj)
{
int i;
json_object *jobj_config, *jobj, *jobj1;
unsigned online_reencrypt_flag = 0;
if (!(jobj_config = json_contains(cd, hdr_jobj, "", "JSON area", "config", json_type_object)))
return 1;
@@ -1032,12 +1058,22 @@ static int hdr_validate_requirements(struct crypt_device *cd, json_object *hdr_j
return 1;
/* All array members must be strings */
for (i = 0; i < (int) json_object_array_length(jobj1); i++)
for (i = 0; i < (int) json_object_array_length(jobj1); i++) {
if (!json_object_is_type(json_object_array_get_idx(jobj1, i), json_type_string))
return 1;
if (reencrypt_candidate_flag(json_object_get_string(json_object_array_get_idx(jobj1, i))))
online_reencrypt_flag++;
}
}
}
if (online_reencrypt_flag > 1) {
log_dbg(cd, "Multiple online reencryption requirement flags detected.");
return 1;
}
return 0;
}