eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-06 00:10:04 +01:00
Code Issues Packages Projects Releases Wiki Activity

Port integritysetup to new arguments parsing code.

Browse Source
This commit is contained in:
Ondrej Kozina
2020-07-14 15:53:58 +02:00
committed by Milan Broz
parent ef3beeb390
commit b30b17d1eb
5 changed files with 261 additions and 175 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/Makemodule.am
View File

@@ -82,9 +82,14 @@ integritysetup_SOURCES = \
lib/utils_loop.c \
lib/utils_io.c \
lib/utils_blkid.c \
src/utils_args.c \
src/utils_arg_names.h \
src/utils_arg_macros.h \
src/utils_tools.c \
src/utils_blockdev.c \
src/integritysetup.c \
src/integritysetup_arg_list.h \
src/integritysetup_args.h \
src/cryptsetup.h
integritysetup_LDADD = $(LDADD) \

273
src/integritysetup.c
View File

@@ -19,60 +19,24 @@
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#include "cryptsetup.h"
#include <assert.h>
#include <uuid/uuid.h>
#define DEFAULT_ALG_NAME "crc32c"
#include "cryptsetup.h"
#include "integritysetup_args.h"
#define PACKAGE_INTEGRITY "integritysetup"
#define DEFAULT_ALG_NAME "crc32c"
#define MAX_KEY_SIZE 4096
static char *opt_data_device = NULL;
static char *opt_integrity = NULL; /* DEFAULT_ALG_NAME */
static char *opt_integrity_key_file = NULL;
static char *opt_journal_integrity = NULL; /* none */
static char *opt_journal_integrity_key_file = NULL;
static char *opt_journal_crypt = NULL; /* none */
static char *opt_journal_crypt_key_file = NULL;
/* helper strings converted to uint64_t later */
static char *opt_journal_size_str = NULL;
static uint64_t opt_journal_size = 0;
static int opt_interleave_sectors = 0;
static int opt_journal_watermark = 0;
static int opt_bitmap_sectors_per_bit = 0;
static int opt_journal_commit_time = 0;
static int opt_bitmap_flush_time = 0;
static int opt_tag_size = 0;
static int opt_sector_size = 0;
static int opt_buffer_sectors = 0;
static int opt_no_wipe = 0;
static int opt_integrity_key_size = 0;
static int opt_journal_integrity_key_size = 0;
static int opt_journal_crypt_key_size = 0;
static int opt_integrity_nojournal = 0;
static int opt_integrity_recovery = 0;
static int opt_integrity_bitmap = 0;
static int opt_integrity_legacy_padding = 0;
static int opt_integrity_recalculate = 0;
static int opt_allow_discards = 0;
static const char *integrity_alg = DEFAULT_ALG_NAME;
static const char **action_argv;
static int action_argc;
void tools_cleanup(void)
{
FREE_AND_NULL(opt_data_device);
FREE_AND_NULL(opt_integrity);
FREE_AND_NULL(opt_integrity_key_file);
FREE_AND_NULL(opt_journal_integrity);
FREE_AND_NULL(opt_journal_integrity_key_file);
FREE_AND_NULL(opt_journal_crypt);
FREE_AND_NULL(opt_journal_crypt_key_file);
FREE_AND_NULL(opt_journal_size_str);
tools_args_free(tool_core_args, ARRAY_SIZE(tool_core_args));
}
// FIXME: move this to tools and handle EINTR
@@ -112,32 +76,32 @@ static int _read_keys(char **integrity_key, struct crypt_params_integrity *param
char *int_key = NULL, *journal_integrity_key = NULL, *journal_crypt_key = NULL;
int r;
if (integrity_key && opt_integrity_key_file) {
r = _read_mk(opt_integrity_key_file, &int_key, opt_integrity_key_size);
if (integrity_key && ARG_SET(OPT_INTEGRITY_KEY_FILE_ID)) {
r = _read_mk(ARG_STR(OPT_INTEGRITY_KEY_FILE_ID), &int_key, ARG_UINT32(OPT_INTEGRITY_KEY_SIZE_ID));
if (r < 0)
return r;
params->integrity_key_size = opt_integrity_key_size;
params->integrity_key_size = ARG_UINT32(OPT_INTEGRITY_KEY_SIZE_ID);
}
if (opt_journal_integrity_key_file) {
r = _read_mk(opt_journal_integrity_key_file, &journal_integrity_key, opt_journal_integrity_key_size);
if (ARG_SET(OPT_JOURNAL_INTEGRITY_KEY_FILE_ID)) {
r = _read_mk(ARG_STR(OPT_JOURNAL_INTEGRITY_KEY_FILE_ID), &journal_integrity_key, ARG_UINT32(OPT_JOURNAL_INTEGRITY_KEY_SIZE_ID));
if (r < 0) {
crypt_safe_free(int_key);
return r;
}
params->journal_integrity_key = journal_integrity_key;
params->journal_integrity_key_size = opt_journal_integrity_key_size;
params->journal_integrity_key_size = ARG_UINT32(OPT_JOURNAL_INTEGRITY_KEY_SIZE_ID);
}
if (opt_journal_crypt_key_file) {
r = _read_mk(opt_journal_crypt_key_file, &journal_crypt_key, opt_journal_crypt_key_size);
if (ARG_SET(OPT_JOURNAL_CRYPT_KEY_FILE_ID)) {
r = _read_mk(ARG_STR(OPT_JOURNAL_CRYPT_KEY_FILE_ID), &journal_crypt_key, ARG_UINT32(OPT_JOURNAL_CRYPT_KEY_SIZE_ID));
if (r < 0) {
crypt_safe_free(int_key);
crypt_safe_free(journal_integrity_key);
return r;
}
params->journal_crypt_key = journal_crypt_key;
params->journal_crypt_key_size = opt_journal_crypt_key_size;
params->journal_crypt_key_size = ARG_UINT32(OPT_JOURNAL_CRYPT_KEY_SIZE_ID);
}
if (integrity_key)
@@ -152,7 +116,7 @@ static int _wipe_data_device(struct crypt_device *cd, const char *integrity_key)
uuid_t tmp_uuid_bin;
int r;
if (!opt_batch_mode)
if (!ARG_SET(OPT_BATCH_MODE_ID))
log_std(_("Wiping device to initialize integrity checksum.\n"
"You can interrupt this by pressing CTRL+c "
"(rest of not wiped device will contain invalid checksum).\n"));
@@ -166,7 +130,7 @@ static int _wipe_data_device(struct crypt_device *cd, const char *integrity_key)
return -EINVAL;
r = crypt_activate_by_volume_key(cd, tmp_name, integrity_key,
opt_integrity_key_size, CRYPT_ACTIVATE_PRIVATE | CRYPT_ACTIVATE_NO_JOURNAL);
ARG_UINT32(OPT_INTEGRITY_KEY_SIZE_ID), CRYPT_ACTIVATE_PRIVATE | CRYPT_ACTIVATE_NO_JOURNAL);
if (r < 0)
return r;
@@ -185,29 +149,29 @@ static int action_format(int arg)
{
struct crypt_device *cd = NULL;
struct crypt_params_integrity params = {
.journal_size = opt_journal_size,
.interleave_sectors = opt_interleave_sectors,
.journal_size = ARG_UINT64(OPT_JOURNAL_SIZE_ID),
.interleave_sectors = ARG_UINT32(OPT_INTERLEAVE_SECTORS_ID),
/* in bitmap mode we have to overload these values... */
.journal_watermark = opt_integrity_bitmap ? opt_bitmap_sectors_per_bit : opt_journal_watermark,
.journal_commit_time = opt_integrity_bitmap ? opt_bitmap_flush_time : opt_journal_commit_time,
.buffer_sectors = opt_buffer_sectors,
.tag_size = opt_tag_size,
.sector_size = opt_sector_size ?: SECTOR_SIZE,
.journal_watermark = ARG_SET(OPT_INTEGRITY_BITMAP_MODE_ID) ? ARG_UINT32(OPT_BITMAP_SECTORS_PER_BIT_ID) : ARG_UINT32(OPT_JOURNAL_WATERMARK_ID),
.journal_commit_time = ARG_SET(OPT_INTEGRITY_BITMAP_MODE_ID) ? ARG_UINT32(OPT_BITMAP_FLUSH_TIME_ID) : ARG_UINT32(OPT_JOURNAL_COMMIT_TIME_ID),
.buffer_sectors = ARG_UINT32(OPT_BUFFER_SECTORS_ID),
.tag_size = ARG_UINT32(OPT_TAG_SIZE_ID),
.sector_size = ARG_UINT32(OPT_SECTOR_SIZE_ID),
}, params2;
char integrity[MAX_CIPHER_LEN], journal_integrity[MAX_CIPHER_LEN], journal_crypt[MAX_CIPHER_LEN];
char *integrity_key = NULL, *msg = NULL;
int r;
size_t signatures;
r = crypt_parse_hash_integrity_mode(integrity_alg, integrity);
r = crypt_parse_hash_integrity_mode(ARG_STR(OPT_INTEGRITY_ID), integrity);
if (r < 0) {
log_err(_("No known integrity specification pattern detected."));
return r;
}
params.integrity = integrity;
if (opt_journal_integrity) {
r = crypt_parse_hash_integrity_mode(opt_journal_integrity, journal_integrity);
if (ARG_SET(OPT_JOURNAL_INTEGRITY_ID)) {
r = crypt_parse_hash_integrity_mode(ARG_STR(OPT_JOURNAL_INTEGRITY_ID), journal_integrity);
if (r < 0) {
log_err(_("No known integrity specification pattern detected."));
return r;
@@ -215,8 +179,8 @@ static int action_format(int arg)
params.journal_integrity = journal_integrity;
}
if (opt_journal_crypt) {
r = crypt_parse_hash_integrity_mode(opt_journal_crypt, journal_crypt);
if (ARG_SET(OPT_JOURNAL_CRYPT_ID)) {
r = crypt_parse_hash_integrity_mode(ARG_STR(OPT_JOURNAL_CRYPT_ID), journal_crypt);
if (r < 0) {
log_err(_("No known integrity specification pattern detected."));
return r;
@@ -228,7 +192,7 @@ static int action_format(int arg)
if (r)
goto out;
r = crypt_init_data_device(&cd, action_argv[0], opt_data_device);
r = crypt_init_data_device(&cd, action_argv[0], ARG_STR(OPT_DATA_DEVICE_ID));
if (r < 0)
goto out;
@@ -251,18 +215,18 @@ static int action_format(int arg)
if (signatures && ((r = tools_wipe_all_signatures(action_argv[0])) < 0))
goto out;
if (opt_integrity_legacy_padding)
if (ARG_SET(OPT_INTEGRITY_LEGACY_PADDING_ID))
crypt_set_compatibility(cd, CRYPT_COMPAT_LEGACY_INTEGRITY_PADDING);
r = crypt_format(cd, CRYPT_INTEGRITY, NULL, NULL, NULL, NULL, 0, &params);
if (r < 0) /* FIXME: call wipe signatures again */
goto out;
if (!opt_batch_mode && !crypt_get_integrity_info(cd, &params2))
if (!ARG_SET(OPT_BATCH_MODE_ID) && !crypt_get_integrity_info(cd, &params2))
log_std(_("Formatted with tag size %u, internal integrity %s.\n"),
params2.tag_size, params2.integrity);
if (!opt_no_wipe)
if (!ARG_SET(OPT_NO_WIPE_ID))
r = _wipe_data_device(cd, integrity_key);
out:
crypt_safe_free(integrity_key);
@@ -277,24 +241,24 @@ static int action_open(int arg)
struct crypt_device *cd = NULL;
struct crypt_params_integrity params = {
/* in bitmap mode we have to overload these values... */
.journal_watermark = opt_integrity_bitmap ? opt_bitmap_sectors_per_bit : opt_journal_watermark,
.journal_commit_time = opt_integrity_bitmap ? opt_bitmap_flush_time : opt_journal_commit_time,
.buffer_sectors = opt_buffer_sectors,
.journal_watermark = ARG_SET(OPT_INTEGRITY_BITMAP_MODE_ID) ? ARG_UINT32(OPT_BITMAP_SECTORS_PER_BIT_ID) : ARG_UINT32(OPT_JOURNAL_WATERMARK_ID),
.journal_commit_time = ARG_SET(OPT_INTEGRITY_BITMAP_MODE_ID) ? ARG_UINT32(OPT_BITMAP_FLUSH_TIME_ID) : ARG_UINT32(OPT_JOURNAL_COMMIT_TIME_ID),
.buffer_sectors = ARG_UINT32(OPT_BUFFER_SECTORS_ID),
};
uint32_t activate_flags = 0;
char integrity[MAX_CIPHER_LEN], journal_integrity[MAX_CIPHER_LEN], journal_crypt[MAX_CIPHER_LEN];
char *integrity_key = NULL;
int r;
r = crypt_parse_hash_integrity_mode(integrity_alg, integrity);
r = crypt_parse_hash_integrity_mode(ARG_STR(OPT_INTEGRITY_ID), integrity);
if (r < 0) {
log_err(_("No known integrity specification pattern detected."));
return r;
}
params.integrity = integrity;
if (opt_journal_integrity) {
r = crypt_parse_hash_integrity_mode(opt_journal_integrity, journal_integrity);
if (ARG_SET(OPT_JOURNAL_INTEGRITY_ID)) {
r = crypt_parse_hash_integrity_mode(ARG_STR(OPT_JOURNAL_INTEGRITY_ID), journal_integrity);
if (r < 0) {
log_err(_("No known integrity specification pattern detected."));
return r;
@@ -303,8 +267,8 @@ static int action_open(int arg)
params.journal_integrity = journal_integrity;
}
if (opt_journal_crypt) {
r = crypt_parse_hash_integrity_mode(opt_journal_crypt, journal_crypt);
if (ARG_SET(OPT_JOURNAL_CRYPT_ID)) {
r = crypt_parse_hash_integrity_mode(ARG_STR(OPT_JOURNAL_CRYPT_ID), journal_crypt);
if (r < 0) {
log_err(_("No known integrity specification pattern detected."));
return r;
@@ -312,23 +276,23 @@ static int action_open(int arg)
params.journal_crypt = journal_crypt;
}
if (opt_integrity_nojournal || opt_integrity_bitmap)
if (ARG_SET(OPT_INTEGRITY_NO_JOURNAL_ID) || ARG_SET(OPT_INTEGRITY_BITMAP_MODE_ID))
activate_flags |= CRYPT_ACTIVATE_NO_JOURNAL;
if (opt_integrity_recovery)
if (ARG_SET(OPT_INTEGRITY_RECOVERY_MODE_ID))
activate_flags |= CRYPT_ACTIVATE_RECOVERY;
if (opt_integrity_bitmap)
if (ARG_SET(OPT_INTEGRITY_BITMAP_MODE_ID))
activate_flags |= CRYPT_ACTIVATE_NO_JOURNAL_BITMAP;
if (opt_integrity_recalculate)
if (ARG_SET(OPT_INTEGRITY_RECALCULATE_ID))
activate_flags |= CRYPT_ACTIVATE_RECALCULATE;
if (opt_allow_discards)
if (ARG_SET(OPT_ALLOW_DISCARDS_ID))
activate_flags |= CRYPT_ACTIVATE_ALLOW_DISCARDS;
r = _read_keys(&integrity_key, &params);
if (r)
goto out;
if ((r = crypt_init_data_device(&cd, action_argv[0], opt_data_device)))
if ((r = crypt_init_data_device(&cd, action_argv[0], ARG_STR(OPT_DATA_DEVICE_ID))))
goto out;
r = crypt_load(cd, CRYPT_INTEGRITY, &params);
@@ -336,7 +300,7 @@ static int action_open(int arg)
goto out;
r = crypt_activate_by_volume_key(cd, action_argv[1], integrity_key,
opt_integrity_key_size, activate_flags);
ARG_UINT32(OPT_INTEGRITY_KEY_SIZE_ID), activate_flags);
out:
crypt_safe_free(integrity_key);
crypt_safe_free(CONST_CAST(void*)params.journal_integrity_key);
@@ -482,12 +446,12 @@ static struct action_type {
const char *arg_desc;
const char *desc;
} action_types[] = {
{ "format", action_format, 1, N_("<integrity_device>"),N_("format device") },
{ "open", action_open, 2, N_("<integrity_device> <name>"),N_("open device as <name>") },
{ "close", action_close, 1, N_("<name>"),N_("close device (remove mapping)") },
{ "status", action_status, 1, N_("<name>"),N_("show active device status") },
{ "dump", action_dump, 1, N_("<integrity_device>"),N_("show on-disk information") },
{ NULL, NULL, 0, NULL, NULL }
{ FORMAT_ACTION,action_format, 1, N_("<integrity_device>"),N_("format device") },
{ OPEN_ACTION, action_open, 2, N_("<integrity_device> <name>"),N_("open device as <name>") },
{ CLOSE_ACTION, action_close, 1, N_("<name>"),N_("close device (remove mapping)") },
{ STATUS_ACTION,action_status, 1, N_("<name>"),N_("show active device status") },
{ DUMP_ACTION, action_dump, 1, N_("<integrity_device>"),N_("show on-disk information") },
{}
};
static void help(poptContext popt_context,
@@ -536,6 +500,20 @@ static int run_action(struct action_type *action)
return translate_errno(r);
}
static bool needs_size_conversion(unsigned int arg_id)
{
return arg_id == OPT_JOURNAL_SIZE_ID;
}
static void basic_options_cb(poptContext popt_context,
enum poptCallbackReason reason __attribute__((unused)),
struct poptOption *key,
const char *arg,
void *data __attribute__((unused)))
{
tools_parse_arg_value(popt_context, tool_core_args[key->val].type, tool_core_args + key->val, arg, key->val, needs_size_conversion);
}
int main(int argc, const char **argv)
{
static const char *null_action_argv[] = {NULL};
@@ -546,45 +524,16 @@ int main(int argc, const char **argv)
{ "version",'V', POPT_ARG_NONE, NULL, 0, N_("Print package version"), NULL },
POPT_TABLEEND
};
static struct poptOption popt_basic_options[] = {
{ NULL, '\0', POPT_ARG_CALLBACK, basic_options_cb, 0, NULL, NULL },
#define ARG(A, B, C, D, E, F, G, H) { A, B, C, NULL, A ## _ID, D, E },
#include "integritysetup_arg_list.h"
#undef arg
POPT_TABLEEND
};
static struct poptOption popt_options[] = {
{ NULL, '\0', POPT_ARG_INCLUDE_TABLE, popt_help_options, 0, N_("Help options:"), NULL },
{ "verbose", 'v', POPT_ARG_NONE, &opt_verbose, 0, N_("Shows more detailed error messages"), NULL },
{ "debug", '\0', POPT_ARG_NONE, &opt_debug, 0, N_("Show debug messages"), NULL },
{ "batch-mode", 'q', POPT_ARG_NONE, &opt_batch_mode, 0, N_("Do not ask for confirmation"), NULL },
{ "progress-frequency", '\0', POPT_ARG_INT, &opt_progress_frequency, 0, N_("Progress line update (in seconds)"), N_("secs") },
{ "no-wipe", '\0', POPT_ARG_NONE, &opt_no_wipe, 0, N_("Do not wipe device after format"), NULL },
{ "data-device", '\0', POPT_ARG_STRING, &opt_data_device, 0, N_("Path to data device (if separated)"), N_("path") },
{ "journal-size", 'j', POPT_ARG_STRING,&opt_journal_size_str, 0, N_("Journal size"), N_("bytes") },
{ "interleave-sectors", '\0', POPT_ARG_INT, &opt_interleave_sectors, 0, N_("Interleave sectors"), N_("SECTORS") },
{ "journal-watermark", '\0', POPT_ARG_INT, &opt_journal_watermark, 0, N_("Journal watermark"),N_("percent") },
{ "journal-commit-time",'\0', POPT_ARG_INT, &opt_journal_commit_time,0, N_("Journal commit time"), N_("ms") },
{ "bitmap-sectors-per-bit",'\0', POPT_ARG_INT,&opt_bitmap_sectors_per_bit, 0, N_("Number of 512-byte sectors per bit (bitmap mode)."), NULL },
{ "bitmap-flush-time", '\0', POPT_ARG_INT, &opt_bitmap_flush_time, 0, N_("Bitmap mode flush time"), N_("ms") },
{ "tag-size", 't', POPT_ARG_INT, &opt_tag_size, 0, N_("Tag size (per-sector)"), N_("bytes") },
{ "sector-size", 's', POPT_ARG_INT, &opt_sector_size, 0, N_("Sector size"), N_("bytes") },
{ "buffer-sectors", '\0', POPT_ARG_INT, &opt_buffer_sectors, 0, N_("Buffers size"), N_("SECTORS") },
{ "integrity", 'I', POPT_ARG_STRING, &opt_integrity, 0, N_("Data integrity algorithm"), NULL },
{ "integrity-key-size", '\0', POPT_ARG_INT, &opt_integrity_key_size, 0, N_("The size of the data integrity key"), N_("BITS") },
{ "integrity-key-file", '\0', POPT_ARG_STRING, &opt_integrity_key_file, 0, N_("Read the integrity key from a file"), NULL },
{ "journal-integrity", '\0', POPT_ARG_STRING, &opt_journal_integrity, 0, N_("Journal integrity algorithm"), NULL },
{ "journal-integrity-key-size",'\0', POPT_ARG_INT, &opt_journal_integrity_key_size,0, N_("The size of the journal integrity key"), N_("BITS") },
{ "journal-integrity-key-file",'\0', POPT_ARG_STRING, &opt_journal_integrity_key_file,0, N_("Read the journal integrity key from a file"), NULL },
{ "journal-crypt", '\0', POPT_ARG_STRING, &opt_journal_crypt, 0, N_("Journal encryption algorithm"), NULL },
{ "journal-crypt-key-size", '\0', POPT_ARG_INT, &opt_journal_crypt_key_size, 0, N_("The size of the journal encryption key"), N_("BITS") },
{ "journal-crypt-key-file", '\0', POPT_ARG_STRING, &opt_journal_crypt_key_file, 0, N_("Read the journal encryption key from a file"), NULL },
{ "integrity-no-journal", 'D', POPT_ARG_NONE, &opt_integrity_nojournal, 0, N_("Disable journal for integrity device"), NULL },
{ "integrity-recovery-mode", 'R', POPT_ARG_NONE, &opt_integrity_recovery, 0, N_("Recovery mode (no journal, no tag checking)"), NULL },
{ "integrity-bitmap-mode", 'B', POPT_ARG_NONE, &opt_integrity_bitmap, 0, N_("Use bitmap to track changes and disable journal for integrity device"), NULL },
{ "integrity-recalculate", '\0', POPT_ARG_NONE, &opt_integrity_recalculate, 0, N_("Recalculate initial tags automatically."), NULL },
{ "integrity-legacy-padding", '\0', POPT_ARG_NONE, &opt_integrity_legacy_padding, 0, N_("Use inefficient legacy padding (old kernels)"), NULL },
{ "allow-discards", '\0', POPT_ARG_NONE, &opt_allow_discards, 0, N_("Allow discards (aka TRIM) requests for device"), NULL },
{ NULL, '\0', POPT_ARG_INCLUDE_TABLE, popt_help_options, 0, N_("Help options:"), NULL },
{ NULL, '\0', POPT_ARG_INCLUDE_TABLE, popt_basic_options, 0, NULL, NULL },
POPT_TABLEEND
};
poptContext popt_context;
@@ -637,9 +586,6 @@ int main(int argc, const char **argv)
aname = "close";
}
if (opt_integrity)
integrity_alg = opt_integrity;
for (action = action_types; action->type; action++)
if (strcmp(action->type, aname) == 0)
break;
@@ -655,76 +601,53 @@ int main(int argc, const char **argv)
poptGetInvocationName(popt_context));
}
if (opt_integrity_recalculate && strcmp(aname, "open"))
usage(popt_context, EXIT_FAILURE,
_("Option --integrity-recalculate can be used only for open action."),
poptGetInvocationName(popt_context));
tools_check_args(action->type, tool_core_args, ARRAY_SIZE(tool_core_args), popt_context);
if (opt_allow_discards && strcmp(aname, "open"))
usage(popt_context, EXIT_FAILURE,
_("Option --allow-discards is allowed only for open operation."),
poptGetInvocationName(popt_context));
if (opt_interleave_sectors < 0 || opt_journal_watermark < 0 ||
opt_journal_commit_time < 0 || opt_tag_size < 0 ||
opt_sector_size < 0 || opt_buffer_sectors < 0 ||
opt_integrity_key_size < 0 || opt_journal_integrity_key_size < 0 ||
opt_journal_crypt_key_size < 0 || opt_bitmap_flush_time < 0 || opt_bitmap_sectors_per_bit < 0)
usage(popt_context, EXIT_FAILURE,
_("Negative number for option not permitted."),
poptGetInvocationName(popt_context));
if (strcmp(aname, "format") && (opt_journal_size_str || opt_interleave_sectors ||
opt_sector_size || opt_tag_size || opt_no_wipe ))
usage(popt_context, EXIT_FAILURE,
_("Options --journal-size, --interleave-sectors, --sector-size, --tag-size"
" and --no-wipe can be used only for format action."),
poptGetInvocationName(popt_context));
if (opt_journal_size_str &&
tools_string_to_size(NULL, opt_journal_size_str, &opt_journal_size))
usage(popt_context, EXIT_FAILURE, _("Invalid journal size specification."),
poptGetInvocationName(popt_context));
if ((opt_integrity_key_file && !opt_integrity_key_size) ||
(!opt_integrity_key_file && opt_integrity_key_size))
if (ARG_SET(OPT_INTEGRITY_KEY_FILE_ID) != ARG_SET(OPT_INTEGRITY_KEY_SIZE_ID))
usage(popt_context, EXIT_FAILURE, _("Both key file and key size options must be specified."),
poptGetInvocationName(popt_context));
if ((opt_journal_integrity_key_file && !opt_journal_integrity_key_size) ||
(!opt_journal_integrity_key_file && opt_journal_integrity_key_size))
if (ARG_SET(OPT_JOURNAL_INTEGRITY_KEY_FILE_ID) != ARG_SET(OPT_JOURNAL_INTEGRITY_KEY_SIZE_ID))
usage(popt_context, EXIT_FAILURE, _("Both journal integrity key file and key size options must be specified."),
poptGetInvocationName(popt_context));
if (!opt_journal_integrity && opt_journal_integrity_key_file)
if (!ARG_SET(OPT_JOURNAL_INTEGRITY_ID) && ARG_SET(OPT_JOURNAL_INTEGRITY_KEY_FILE_ID))
usage(popt_context, EXIT_FAILURE, _("Journal integrity algorithm must be specified if journal integrity key is used."),
poptGetInvocationName(popt_context));
if ((opt_journal_crypt_key_file && !opt_journal_crypt_key_size) ||
(!opt_journal_crypt_key_file && opt_journal_crypt_key_size))
if (ARG_SET(OPT_JOURNAL_CRYPT_KEY_FILE_ID) != ARG_SET(OPT_JOURNAL_CRYPT_KEY_SIZE_ID))
usage(popt_context, EXIT_FAILURE, _("Both journal encryption key file and key size options must be specified."),
poptGetInvocationName(popt_context));
if (!opt_journal_crypt && opt_journal_crypt_key_file)
if (!ARG_SET(OPT_JOURNAL_CRYPT_ID) && ARG_SET(OPT_JOURNAL_CRYPT_KEY_FILE_ID))
usage(popt_context, EXIT_FAILURE, _("Journal encryption algorithm must be specified if journal encryption key is used."),
poptGetInvocationName(popt_context));
if (opt_integrity_recovery && opt_integrity_bitmap)
if (ARG_SET(OPT_INTEGRITY_RECOVERY_MODE_ID) && ARG_SET(OPT_INTEGRITY_BITMAP_MODE_ID))
usage(popt_context, EXIT_FAILURE, _("Recovery and bitmap mode options are mutually exclusive."),
poptGetInvocationName(popt_context));
if (opt_integrity_bitmap && (opt_journal_integrity_key_file || opt_journal_crypt || opt_journal_watermark || opt_journal_commit_time))
if (ARG_SET(OPT_INTEGRITY_BITMAP_MODE_ID) &&
(ARG_SET(OPT_JOURNAL_INTEGRITY_KEY_FILE_ID) ||
ARG_SET(OPT_JOURNAL_CRYPT_ID) || ARG_SET(OPT_JOURNAL_WATERMARK_ID) ||
ARG_SET(OPT_JOURNAL_COMMIT_TIME_ID)))
usage(popt_context, EXIT_FAILURE, _("Journal options cannot be used in bitmap mode."),
poptGetInvocationName(popt_context));
if (!opt_integrity_bitmap && (opt_bitmap_flush_time || opt_bitmap_sectors_per_bit))
if (!ARG_SET(OPT_INTEGRITY_BITMAP_MODE_ID) &&
(ARG_SET(OPT_BITMAP_FLUSH_TIME_ID) || ARG_SET(OPT_BITMAP_SECTORS_PER_BIT_ID)))
usage(popt_context, EXIT_FAILURE, _("Bitmap options can be used only in bitmap mode."),
poptGetInvocationName(popt_context));
if (opt_debug) {
opt_verbose = 1;
if (ARG_SET(OPT_DEBUG_ID)) {
ARG_SET(OPT_VERBOSE_ID) = true;
crypt_set_debug_level(CRYPT_DEBUG_ALL);
dbg_version_and_cmd(argc, argv);
}
opt_verbose = ARG_SET(OPT_VERBOSE_ID) ? 1 : 0;
opt_debug = ARG_SET(OPT_DEBUG_ID) ? 1 : 0;
opt_batch_mode = ARG_SET(OPT_BATCH_MODE_ID) ? 1 : 0;
opt_progress_frequency = ARG_UINT32(OPT_PROGRESS_FREQUENCY_ID);
r = run_action(action);
tools_cleanup();
poptFreeContext(popt_context);

82
src/integritysetup_arg_list.h Normal file
View File

@@ -0,0 +1,82 @@
/*
* Integritysetup command line arguments list
*
* Copyright (C) 2020 Red Hat, Inc. All rights reserved.
* Copyright (C) 2020 Ondrej Kozina
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
/* long name, short name, popt type, help description, units, internal argument type, default value */
ARG(OPT_ALLOW_DISCARDS, '\0', POPT_ARG_NONE, N_("Allow discards (aka TRIM) requests for device"), NULL, CRYPT_ARG_BOOL, {}, OPT_ALLOW_DISCARDS_ACTIONS)
ARG(OPT_BATCH_MODE, 'q', POPT_ARG_NONE, N_("Do not ask for confirmation"), NULL, CRYPT_ARG_BOOL, {}, {})
ARG(OPT_BUFFER_SECTORS, '\0', POPT_ARG_STRING, N_("Buffers size"), N_("SECTORS"), CRYPT_ARG_UINT32, {}, {})
ARG(OPT_BITMAP_FLUSH_TIME, '\0', POPT_ARG_STRING, N_("Bitmap mode flush time"), N_("ms"), CRYPT_ARG_UINT32, {}, {})
ARG(OPT_BITMAP_SECTORS_PER_BIT, '\0', POPT_ARG_STRING, N_("Number of 512-byte sectors per bit (bitmap mode)."), NULL, CRYPT_ARG_UINT32, {}, {})
ARG(OPT_DATA_DEVICE, '\0', POPT_ARG_STRING, N_("Path to data device (if separated)"), N_("path"), CRYPT_ARG_STRING, {}, {})
ARG(OPT_DEBUG, '\0', POPT_ARG_NONE, N_("Show debug messages"), NULL, CRYPT_ARG_BOOL, {}, {})
ARG(OPT_INTEGRITY, 'I', POPT_ARG_STRING, N_("Data integrity algorithm"), NULL, CRYPT_ARG_STRING, { .str_value = CONST_CAST(void *)DEFAULT_ALG_NAME }, {})
ARG(OPT_INTEGRITY_KEY_FILE, '\0', POPT_ARG_STRING, N_("Read the integrity key from a file"), NULL, CRYPT_ARG_STRING, {}, {})
ARG(OPT_INTEGRITY_KEY_SIZE, '\0', POPT_ARG_STRING, N_("The size of the data integrity key"), N_("BITS"), CRYPT_ARG_UINT32, {}, {})
ARG(OPT_INTEGRITY_LEGACY_PADDING, '\0', POPT_ARG_NONE, N_("Use inefficient legacy padding (old kernels)"), NULL, CRYPT_ARG_BOOL, {}, {})
ARG(OPT_INTEGRITY_NO_JOURNAL, 'D', POPT_ARG_NONE, N_("Disable journal for integrity device"), NULL, CRYPT_ARG_BOOL, {}, {})
ARG(OPT_INTERLEAVE_SECTORS, '\0', POPT_ARG_STRING, N_("Interleave sectors"), N_("SECTORS"), CRYPT_ARG_UINT32, {}, OPT_INTERLEAVE_SECTORS_ACTIONS)
ARG(OPT_JOURNAL_COMMIT_TIME, '\0', POPT_ARG_STRING, N_("Journal commit time"), N_("ms"), CRYPT_ARG_UINT32, {}, {})
ARG(OPT_JOURNAL_INTEGRITY, '\0', POPT_ARG_STRING, N_("Journal integrity algorithm"), NULL, CRYPT_ARG_STRING, {}, {})
ARG(OPT_JOURNAL_INTEGRITY_KEY_SIZE, '\0', POPT_ARG_STRING, N_("The size of the journal integrity key"), N_("BITS"), CRYPT_ARG_UINT32, {}, {})
ARG(OPT_JOURNAL_INTEGRITY_KEY_FILE, '\0', POPT_ARG_STRING, N_("Read the journal integrity key from a file"), NULL, CRYPT_ARG_STRING, {}, {})
ARG(OPT_JOURNAL_CRYPT, '\0', POPT_ARG_STRING, N_("Journal encryption algorithm"), NULL, CRYPT_ARG_STRING, {}, {})
ARG(OPT_JOURNAL_CRYPT_KEY_FILE, '\0', POPT_ARG_STRING, N_("Read the journal encryption key from a file"), NULL, CRYPT_ARG_STRING,{}, {})
ARG(OPT_JOURNAL_CRYPT_KEY_SIZE, '\0', POPT_ARG_STRING, N_("The size of the journal encryption key"), N_("BITS"), CRYPT_ARG_UINT32, {}, {})
ARG(OPT_JOURNAL_SIZE, 'j', POPT_ARG_STRING, N_("Journal size"), N_("bytes"), CRYPT_ARG_UINT64, {}, OPT_JOURNAL_SIZE_ACTIONS)
ARG(OPT_JOURNAL_WATERMARK, '\0', POPT_ARG_STRING, N_("Journal watermark"), N_("percent"), CRYPT_ARG_UINT32, {}, {})
ARG(OPT_NO_WIPE, '\0', POPT_ARG_NONE, N_("Do not wipe device after format"), NULL, CRYPT_ARG_BOOL, {}, OPT_NO_WIPE_ACTIONS)
ARG(OPT_PROGRESS_FREQUENCY, '\0', POPT_ARG_STRING, N_("Progress line update (in seconds)"), N_("secs"), CRYPT_ARG_UINT32, {}, {})
ARG(OPT_INTEGRITY_BITMAP_MODE, 'B', POPT_ARG_NONE, N_("Use bitmap to track changes and disable journal for integrity device"), NULL, CRYPT_ARG_BOOL, {}, {})
ARG(OPT_INTEGRITY_RECALCULATE, '\0', POPT_ARG_NONE, N_("Recalculate initial tags automatically."), NULL, CRYPT_ARG_BOOL, {}, OPT_INTEGRITY_RECALCULATE_ACTIONS)
ARG(OPT_INTEGRITY_RECOVERY_MODE, 'R', POPT_ARG_NONE, N_("Recovery mode (no journal, no tag checking)"), NULL, CRYPT_ARG_BOOL, {}, {})
ARG(OPT_SECTOR_SIZE, 's', POPT_ARG_STRING, N_("Sector size"), N_("bytes"), CRYPT_ARG_UINT32, { .u32_value = 512 }, OPT_SECTOR_SIZE_ACTIONS)
ARG(OPT_TAG_SIZE, 't', POPT_ARG_STRING, N_("Tag size (per-sector)"), N_("bytes"), CRYPT_ARG_UINT32, {}, OPT_TAG_SIZE_ACTIONS)
ARG(OPT_VERBOSE, 'v', POPT_ARG_NONE, N_("Shows more detailed error messages"), NULL, CRYPT_ARG_BOOL, {}, {})

55
src/integritysetup_args.h Normal file
View File

@@ -0,0 +1,55 @@
/*
* Command line arguments helpers
*
* Copyright (C) 2020 Red Hat, Inc. All rights reserved.
* Copyright (C) 2020 Ondrej Kozina
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#ifndef INTEGRITYSETUP_ARGS_H
#define INTEGRITYSETUP_ARGS_H
#include "utils_arg_names.h"
#include "utils_arg_macros.h"
#define FORMAT_ACTION "format"
#define OPEN_ACTION "open"
#define CLOSE_ACTION "close"
#define STATUS_ACTION "status"
#define DUMP_ACTION "dump"
#define OPT_ALLOW_DISCARDS_ACTIONS { OPEN_ACTION }
#define OPT_INTEGRITY_RECALCULATE_ACTIONS { OPEN_ACTION }
#define OPT_JOURNAL_SIZE_ACTIONS { FORMAT_ACTION }
#define OPT_NO_WIPE_ACTIONS { FORMAT_ACTION }
#define OPT_INTERLEAVE_SECTORS_ACTIONS { FORMAT_ACTION }
#define OPT_SECTOR_SIZE_ACTIONS { FORMAT_ACTION }
#define OPT_TAG_SIZE_ACTIONS { FORMAT_ACTION }
enum {
OPT_UNUSED_ID = 0,
#define ARG(A, B, C, D, E, F, G, H) A ## _ID,
#include "integritysetup_arg_list.h"
#undef ARG
};
static struct tools_arg tool_core_args[] = { { NULL, false, CRYPT_ARG_BOOL }, // UNUSED
#define ARG(A, B, C, D, E, F, G, H) { A, false, F, G, H },
#include "integritysetup_arg_list.h"
#undef ARG
};
#endif

21
src/utils_arg_names.h
View File

@@ -26,7 +26,11 @@
#define OPT_ALIGN_PAYLOAD "align-payload"
#define OPT_ALLOW_DISCARDS "allow-discards"
#define OPT_BATCH_MODE "batch-mode"
#define OPT_BITMAP_FLUSH_TIME "bitmap-flush-time"
#define OPT_BITMAP_SECTORS_PER_BIT "bitmap-sectors-per-bit"
#define OPT_BUFFER_SECTORS "buffer-sectors"
#define OPT_CIPHER "cipher"
#define OPT_DATA_DEVICE "data-device"
#define OPT_DEBUG "debug"
#define OPT_DEBUG_JSON "debug-json"
#define OPT_DEFERRED "deferred"
@@ -43,12 +47,27 @@
#define OPT_HOTZONE_SIZE "hotzone-size"
#define OPT_INIT_ONLY "init-only"
#define OPT_INTEGRITY "integrity"
#define OPT_INTEGRITY_BITMAP_MODE "integrity-bitmap-mode"
#define OPT_INTEGRITY_KEY_FILE "integrity-key-file"
#define OPT_INTEGRITY_KEY_SIZE "integrity-key-size"
#define OPT_INTEGRITY_LEGACY_PADDING "integrity-legacy-padding"
#define OPT_INTEGRITY_NO_JOURNAL "integrity-no-journal"
#define OPT_INTEGRITY_NO_WIPE "integrity-no-wipe"
#define OPT_INTEGRITY_RECALCULATE "integrity-recalculate"
#define OPT_INTEGRITY_RECOVERY_MODE "integrity-recovery-mode"
#define OPT_INTERLEAVE_SECTORS "interleave-sectors"
#define OPT_ITER_TIME "iter-time"
#define OPT_IV_LARGE_SECTORS "iv-large-sectors"
#define OPT_JSON_FILE "json-file"
#define OPT_JOURNAL_COMMIT_TIME "journal-commit-time"
#define OPT_JOURNAL_CRYPT "journal-crypt"
#define OPT_JOURNAL_CRYPT_KEY_FILE "journal-crypt-key-file"
#define OPT_JOURNAL_CRYPT_KEY_SIZE "journal-crypt-key-size"
#define OPT_JOURNAL_INTEGRITY "journal-integrity"
#define OPT_JOURNAL_INTEGRITY_KEY_FILE "journal-integrity-key-file"
#define OPT_JOURNAL_INTEGRITY_KEY_SIZE "journal-integrity-key-size"
#define OPT_JOURNAL_SIZE "journal-size"
#define OPT_JOURNAL_WATERMARK "journal-watermark"
#define OPT_KEY_DESCRIPTION "key-description"
#define OPT_KEY_FILE "key-file"
#define OPT_KEY_SIZE "key-size"
@@ -57,6 +76,7 @@
#define OPT_KEYFILE_SIZE "keyfile-size"
#define OPT_KEYSLOT_CIPHER "keyslot-cipher"
#define OPT_KEYSLOT_KEY_SIZE "keyslot-key-size"
#define OPT_NO_WIPE "no-wipe"
#define OPT_LABEL "label"
#define OPT_LUKS2_KEYSLOTS_SIZE "luks2-keyslots-size"
#define OPT_LUKS2_METADATA_SIZE "luks2-metadata-size"
@@ -86,6 +106,7 @@
#define OPT_SIZE "size"
#define OPT_SKIP "skip"
#define OPT_SUBSYSTEM "subsystem"
#define OPT_TAG_SIZE "tag-size"
#define OPT_TCRYPT_BACKUP "tcrypt-backup"
#define OPT_TCRYPT_HIDDEN "tcrypt-hidden"
#define OPT_TCRYPT_SYSTEM "tcrypt-system"