mirror of
https://gitlab.com/cryptsetup/cryptsetup.git
synced 2025-12-06 00:10:04 +01:00
Use #if for KERNEL_KEYRING.
This commit is contained in:
Milan Broz
@@ -21,7 +21,7 @@
|
|||||||
#include "libcryptsetup_macros.h"
|
#include "libcryptsetup_macros.h"
|
||||||
#include "utils_keyring.h"
|
#include "utils_keyring.h"
|
||||||
|
|
||||||
#ifdef KERNEL_KEYRING
|
#if KERNEL_KEYRING
|
||||||
|
|
||||||
static const struct {
|
static const struct {
|
||||||
key_type_t type;
|
key_type_t type;
|
||||||
|
|||||||
@@ -431,7 +431,7 @@ void tools_package_version(const char *name, bool use_pwlibs)
|
|||||||
#ifdef HAVE_BLKID
|
#ifdef HAVE_BLKID
|
||||||
blkid = true;
|
blkid = true;
|
||||||
#endif
|
#endif
|
||||||
#ifdef KERNEL_KEYRING
|
#if KERNEL_KEYRING
|
||||||
keyring = true;
|
keyring = true;
|
||||||
#endif
|
#endif
|
||||||
#ifdef ENABLE_FIPS
|
#ifdef ENABLE_FIPS
|
||||||
|
|||||||
@@ -17,7 +17,7 @@
|
|||||||
#include <sys/stat.h>
|
#include <sys/stat.h>
|
||||||
#include <inttypes.h>
|
#include <inttypes.h>
|
||||||
#include <sys/types.h>
|
#include <sys/types.h>
|
||||||
#ifdef KERNEL_KEYRING
|
#if KERNEL_KEYRING
|
||||||
#include <linux/keyctl.h>
|
#include <linux/keyctl.h>
|
||||||
#include <sys/syscall.h>
|
#include <sys/syscall.h>
|
||||||
#ifndef HAVE_KEY_SERIAL_T
|
#ifndef HAVE_KEY_SERIAL_T
|
||||||
@@ -143,7 +143,7 @@ static uint32_t default_luks2_iter_time = 0;
|
|||||||
static uint32_t default_luks2_memory_kb = 0;
|
static uint32_t default_luks2_memory_kb = 0;
|
||||||
static uint32_t default_luks2_parallel_threads = 0;
|
static uint32_t default_luks2_parallel_threads = 0;
|
||||||
|
|
||||||
#ifdef KERNEL_KEYRING
|
#if KERNEL_KEYRING
|
||||||
static char keyring_in_user_str_id[32] = {0};
|
static char keyring_in_user_str_id[32] = {0};
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@@ -415,7 +415,7 @@ static int set_fast_pbkdf(struct crypt_device *_cd)
|
|||||||
return crypt_set_pbkdf_type(_cd, pbkdf);
|
return crypt_set_pbkdf_type(_cd, pbkdf);
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef KERNEL_KEYRING
|
#if KERNEL_KEYRING
|
||||||
static key_serial_t add_key(const char *type, const char *description, const void *payload, size_t plen, key_serial_t keyring)
|
static key_serial_t add_key(const char *type, const char *description, const void *payload, size_t plen, key_serial_t keyring)
|
||||||
{
|
{
|
||||||
return syscall(__NR_add_key, type, description, payload, plen, keyring);
|
return syscall(__NR_add_key, type, description, payload, plen, keyring);
|
||||||
@@ -594,7 +594,7 @@ static void _cleanup(void)
|
|||||||
free(DEVICE_5);
|
free(DEVICE_5);
|
||||||
free(DEVICE_6);
|
free(DEVICE_6);
|
||||||
|
|
||||||
#ifdef KERNEL_KEYRING
|
#if KERNEL_KEYRING
|
||||||
char *end;
|
char *end;
|
||||||
key_serial_t krid;
|
key_serial_t krid;
|
||||||
|
|
||||||
@@ -761,7 +761,7 @@ static void SuspendDevice(void)
|
|||||||
OK_(suspend_status);
|
OK_(suspend_status);
|
||||||
OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
|
OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
|
||||||
EQ_(CRYPT_ACTIVATE_SUSPENDED, cad.flags & CRYPT_ACTIVATE_SUSPENDED);
|
EQ_(CRYPT_ACTIVATE_SUSPENDED, cad.flags & CRYPT_ACTIVATE_SUSPENDED);
|
||||||
#ifdef KERNEL_KEYRING
|
#if KERNEL_KEYRING
|
||||||
FAIL_(_volume_key_in_keyring(cd, 0), "");
|
FAIL_(_volume_key_in_keyring(cd, 0), "");
|
||||||
#endif
|
#endif
|
||||||
FAIL_(crypt_suspend(cd, CDEVICE_1), "already suspended");
|
FAIL_(crypt_suspend(cd, CDEVICE_1), "already suspended");
|
||||||
@@ -1788,7 +1788,7 @@ static void ResizeDeviceLuks2(void)
|
|||||||
OK_(crypt_deactivate(cd, CDEVICE_1));
|
OK_(crypt_deactivate(cd, CDEVICE_1));
|
||||||
CRYPT_FREE(cd);
|
CRYPT_FREE(cd);
|
||||||
|
|
||||||
#ifdef KERNEL_KEYRING
|
#if KERNEL_KEYRING
|
||||||
OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
|
OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
|
||||||
OK_(crypt_load(cd, CRYPT_LUKS, NULL));
|
OK_(crypt_load(cd, CRYPT_LUKS, NULL));
|
||||||
// enable loading VKs in kernel keyring (default mode)
|
// enable loading VKs in kernel keyring (default mode)
|
||||||
@@ -1885,7 +1885,7 @@ static void ResizeDeviceLuks2(void)
|
|||||||
|
|
||||||
static void TokenActivationByKeyring(void)
|
static void TokenActivationByKeyring(void)
|
||||||
{
|
{
|
||||||
#ifdef KERNEL_KEYRING
|
#if KERNEL_KEYRING
|
||||||
key_serial_t kid, kid1;
|
key_serial_t kid, kid1;
|
||||||
struct crypt_active_device cad;
|
struct crypt_active_device cad;
|
||||||
|
|
||||||
@@ -2186,7 +2186,7 @@ static void Tokens(void)
|
|||||||
EQ_(crypt_activate_by_token(cd, CDEVICE_1, 2, passptr, 0), 0);
|
EQ_(crypt_activate_by_token(cd, CDEVICE_1, 2, passptr, 0), 0);
|
||||||
OK_(crypt_deactivate(cd, CDEVICE_1));
|
OK_(crypt_deactivate(cd, CDEVICE_1));
|
||||||
|
|
||||||
#ifdef KERNEL_KEYRING
|
#if KERNEL_KEYRING
|
||||||
if (t_dm_crypt_keyring_support()) {
|
if (t_dm_crypt_keyring_support()) {
|
||||||
EQ_(crypt_activate_by_token(cd, NULL, 2, passptr, CRYPT_ACTIVATE_KEYRING_KEY), 0);
|
EQ_(crypt_activate_by_token(cd, NULL, 2, passptr, CRYPT_ACTIVATE_KEYRING_KEY), 0);
|
||||||
OK_(_volume_key_in_keyring(cd, 0));
|
OK_(_volume_key_in_keyring(cd, 0));
|
||||||
@@ -3443,7 +3443,7 @@ static void Luks2KeyslotParams(void)
|
|||||||
|
|
||||||
static void Luks2ActivateByKeyring(void)
|
static void Luks2ActivateByKeyring(void)
|
||||||
{
|
{
|
||||||
#ifdef KERNEL_KEYRING
|
#if KERNEL_KEYRING
|
||||||
|
|
||||||
key_serial_t kid, kid1;
|
key_serial_t kid, kid1;
|
||||||
uint64_t r_payload_offset;
|
uint64_t r_payload_offset;
|
||||||
@@ -3517,7 +3517,7 @@ static void Luks2Requirements(void)
|
|||||||
char key[128];
|
char key[128];
|
||||||
size_t key_size = 128;
|
size_t key_size = 128;
|
||||||
const struct crypt_pbkdf_type *pbkdf;
|
const struct crypt_pbkdf_type *pbkdf;
|
||||||
#ifdef KERNEL_KEYRING
|
#if KERNEL_KEYRING
|
||||||
key_serial_t kid;
|
key_serial_t kid;
|
||||||
#endif
|
#endif
|
||||||
uint32_t flags;
|
uint32_t flags;
|
||||||
@@ -3652,7 +3652,7 @@ static void Luks2Requirements(void)
|
|||||||
OK_(crypt_activate_by_volume_key(cd, NULL, key, key_size, 0));
|
OK_(crypt_activate_by_volume_key(cd, NULL, key, key_size, 0));
|
||||||
OK_(crypt_activate_by_volume_key(cd, NULL, key, key_size, t_dm_crypt_keyring_support() ? CRYPT_ACTIVATE_KEYRING_KEY : 0));
|
OK_(crypt_activate_by_volume_key(cd, NULL, key, key_size, t_dm_crypt_keyring_support() ? CRYPT_ACTIVATE_KEYRING_KEY : 0));
|
||||||
|
|
||||||
#ifdef KERNEL_KEYRING
|
#if KERNEL_KEYRING
|
||||||
if (t_dm_crypt_keyring_support()) {
|
if (t_dm_crypt_keyring_support()) {
|
||||||
kid = add_key("user", KEY_DESC_TEST0, PASSPHRASE, strlen(PASSPHRASE), KEY_SPEC_THREAD_KEYRING);
|
kid = add_key("user", KEY_DESC_TEST0, PASSPHRASE, strlen(PASSPHRASE), KEY_SPEC_THREAD_KEYRING);
|
||||||
NOTFAIL_(kid, "Test or kernel keyring are broken.");
|
NOTFAIL_(kid, "Test or kernel keyring are broken.");
|
||||||
@@ -3747,7 +3747,7 @@ static void Luks2Requirements(void)
|
|||||||
EQ_(r, -ETXTBSY);
|
EQ_(r, -ETXTBSY);
|
||||||
|
|
||||||
/* crypt_activate_by_token (restricted for activation only) */
|
/* crypt_activate_by_token (restricted for activation only) */
|
||||||
#ifdef KERNEL_KEYRING
|
#if KERNEL_KEYRING
|
||||||
if (t_dm_crypt_keyring_support()) {
|
if (t_dm_crypt_keyring_support()) {
|
||||||
kid = add_key("user", KEY_DESC_TEST0, PASSPHRASE, strlen(PASSPHRASE), KEY_SPEC_THREAD_KEYRING);
|
kid = add_key("user", KEY_DESC_TEST0, PASSPHRASE, strlen(PASSPHRASE), KEY_SPEC_THREAD_KEYRING);
|
||||||
NOTFAIL_(kid, "Test or kernel keyring are broken.");
|
NOTFAIL_(kid, "Test or kernel keyring are broken.");
|
||||||
@@ -3835,7 +3835,7 @@ static void Luks2Requirements(void)
|
|||||||
|
|
||||||
/* crypt_get_active_device (unrestricted) */
|
/* crypt_get_active_device (unrestricted) */
|
||||||
OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
|
OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
|
||||||
#ifdef KERNEL_KEYRING
|
#if KERNEL_KEYRING
|
||||||
if (t_dm_crypt_keyring_support())
|
if (t_dm_crypt_keyring_support())
|
||||||
EQ_(cad.flags & CRYPT_ACTIVATE_KEYRING_KEY, CRYPT_ACTIVATE_KEYRING_KEY);
|
EQ_(cad.flags & CRYPT_ACTIVATE_KEYRING_KEY, CRYPT_ACTIVATE_KEYRING_KEY);
|
||||||
#endif
|
#endif
|
||||||
@@ -3963,7 +3963,7 @@ static void Luks2Refresh(void)
|
|||||||
FAIL_(check_flag(cad.flags, CRYPT_ACTIVATE_KEYRING_KEY), "Unexpected flag raised.");
|
FAIL_(check_flag(cad.flags, CRYPT_ACTIVATE_KEYRING_KEY), "Unexpected flag raised.");
|
||||||
cad.flags = 0;
|
cad.flags = 0;
|
||||||
|
|
||||||
#ifdef KERNEL_KEYRING
|
#if KERNEL_KEYRING
|
||||||
if (t_dm_crypt_keyring_support()) {
|
if (t_dm_crypt_keyring_support()) {
|
||||||
OK_(crypt_volume_key_keyring(cd, 1));
|
OK_(crypt_volume_key_keyring(cd, 1));
|
||||||
OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, PASSPHRASE, strlen(PASSPHRASE), CRYPT_ACTIVATE_REFRESH));
|
OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, PASSPHRASE, strlen(PASSPHRASE), CRYPT_ACTIVATE_REFRESH));
|
||||||
@@ -5174,7 +5174,7 @@ static void LuksKeyslotAdd(void)
|
|||||||
.sector_size = 512
|
.sector_size = 512
|
||||||
};
|
};
|
||||||
char key[128], key3[128];
|
char key[128], key3[128];
|
||||||
#ifdef KERNEL_KEYRING
|
#if KERNEL_KEYRING
|
||||||
int ks;
|
int ks;
|
||||||
key_serial_t kid;
|
key_serial_t kid;
|
||||||
#endif
|
#endif
|
||||||
@@ -5273,7 +5273,7 @@ static void LuksKeyslotAdd(void)
|
|||||||
OK_(crypt_keyslot_context_init_by_keyfile(cd, KEYFILE1, 0, 0, &um2));
|
OK_(crypt_keyslot_context_init_by_keyfile(cd, KEYFILE1, 0, 0, &um2));
|
||||||
// passphrase not in keyring
|
// passphrase not in keyring
|
||||||
FAIL_(crypt_keyslot_add_by_keyslot_context(cd, CRYPT_ANY_SLOT, um1, 13, um2, 0), "No token available.");
|
FAIL_(crypt_keyslot_add_by_keyslot_context(cd, CRYPT_ANY_SLOT, um1, 13, um2, 0), "No token available.");
|
||||||
#ifdef KERNEL_KEYRING
|
#if KERNEL_KEYRING
|
||||||
// wrong passphrase in keyring
|
// wrong passphrase in keyring
|
||||||
kid = add_key("user", KEY_DESC_TEST0, PASSPHRASE1, strlen(PASSPHRASE1), KEY_SPEC_THREAD_KEYRING);
|
kid = add_key("user", KEY_DESC_TEST0, PASSPHRASE1, strlen(PASSPHRASE1), KEY_SPEC_THREAD_KEYRING);
|
||||||
NOTFAIL_(kid, "Test or kernel keyring are broken.");
|
NOTFAIL_(kid, "Test or kernel keyring are broken.");
|
||||||
@@ -5317,7 +5317,7 @@ static void VolumeKeyGet(void)
|
|||||||
.sector_size = 512
|
.sector_size = 512
|
||||||
};
|
};
|
||||||
char key[256], key2[256], key3[256];
|
char key[256], key2[256], key3[256];
|
||||||
#ifdef KERNEL_KEYRING
|
#if KERNEL_KEYRING
|
||||||
key_serial_t kid;
|
key_serial_t kid;
|
||||||
const struct crypt_token_params_luks2_keyring tparams = {
|
const struct crypt_token_params_luks2_keyring tparams = {
|
||||||
.key_description = KEY_DESC_TEST0
|
.key_description = KEY_DESC_TEST0
|
||||||
@@ -5339,7 +5339,7 @@ static void VolumeKeyGet(void)
|
|||||||
|
|
||||||
OK_(prepare_keyfile(KEYFILE1, PASSPHRASE1, strlen(PASSPHRASE1)));
|
OK_(prepare_keyfile(KEYFILE1, PASSPHRASE1, strlen(PASSPHRASE1)));
|
||||||
|
|
||||||
#ifdef KERNEL_KEYRING
|
#if KERNEL_KEYRING
|
||||||
kid = add_key("user", KEY_DESC_TEST0, PASSPHRASE1, strlen(PASSPHRASE1), KEY_SPEC_THREAD_KEYRING);
|
kid = add_key("user", KEY_DESC_TEST0, PASSPHRASE1, strlen(PASSPHRASE1), KEY_SPEC_THREAD_KEYRING);
|
||||||
NOTFAIL_(kid, "Test or kernel keyring are broken.");
|
NOTFAIL_(kid, "Test or kernel keyring are broken.");
|
||||||
#endif
|
#endif
|
||||||
@@ -5386,7 +5386,7 @@ static void VolumeKeyGet(void)
|
|||||||
OK_(crypt_keyslot_context_init_by_keyfile(cd, KEYFILE1, 0, 0, &um2));
|
OK_(crypt_keyslot_context_init_by_keyfile(cd, KEYFILE1, 0, 0, &um2));
|
||||||
EQ_(crypt_keyslot_add_by_keyslot_context(cd, CRYPT_ANY_SLOT, um1, 1, um2, 0), 1);
|
EQ_(crypt_keyslot_add_by_keyslot_context(cd, CRYPT_ANY_SLOT, um1, 1, um2, 0), 1);
|
||||||
crypt_keyslot_context_free(um2);
|
crypt_keyslot_context_free(um2);
|
||||||
#ifdef KERNEL_KEYRING
|
#if KERNEL_KEYRING
|
||||||
EQ_(crypt_token_luks2_keyring_set(cd, 0, &tparams), 0);
|
EQ_(crypt_token_luks2_keyring_set(cd, 0, &tparams), 0);
|
||||||
EQ_(crypt_token_assign_keyslot(cd, 0, 1), 0);
|
EQ_(crypt_token_assign_keyslot(cd, 0, 1), 0);
|
||||||
#endif
|
#endif
|
||||||
@@ -5424,7 +5424,7 @@ static void VolumeKeyGet(void)
|
|||||||
EQ_(crypt_volume_key_get_by_keyslot_context(cd, 1, key2, &key_size, um1), 1);
|
EQ_(crypt_volume_key_get_by_keyslot_context(cd, 1, key2, &key_size, um1), 1);
|
||||||
crypt_keyslot_context_free(um1);
|
crypt_keyslot_context_free(um1);
|
||||||
|
|
||||||
#ifdef KERNEL_KEYRING
|
#if KERNEL_KEYRING
|
||||||
// by token
|
// by token
|
||||||
OK_(crypt_keyslot_context_init_by_token(cd, CRYPT_ANY_TOKEN, NULL, NULL, 0, NULL, &um1));
|
OK_(crypt_keyslot_context_init_by_token(cd, CRYPT_ANY_TOKEN, NULL, NULL, 0, NULL, &um1));
|
||||||
memset(key2, 0, key_size);
|
memset(key2, 0, key_size);
|
||||||
@@ -5454,7 +5454,7 @@ static void VolumeKeyGet(void)
|
|||||||
|
|
||||||
static void KeyslotContextAndKeyringLink(void)
|
static void KeyslotContextAndKeyringLink(void)
|
||||||
{
|
{
|
||||||
#ifdef KERNEL_KEYRING
|
#if KERNEL_KEYRING
|
||||||
const char *cipher = "aes";
|
const char *cipher = "aes";
|
||||||
const char *cipher_mode = "xts-plain64";
|
const char *cipher_mode = "xts-plain64";
|
||||||
struct crypt_keyslot_context *kc, *kc2;
|
struct crypt_keyslot_context *kc, *kc2;
|
||||||
|
|||||||
@@ -17,7 +17,7 @@
|
|||||||
#include <sys/stat.h>
|
#include <sys/stat.h>
|
||||||
#include <sys/types.h>
|
#include <sys/types.h>
|
||||||
#include <unistd.h>
|
#include <unistd.h>
|
||||||
#ifdef KERNEL_KEYRING
|
#if KERNEL_KEYRING
|
||||||
# include <linux/keyctl.h>
|
# include <linux/keyctl.h>
|
||||||
# include <sys/syscall.h>
|
# include <sys/syscall.h>
|
||||||
#endif
|
#endif
|
||||||
@@ -486,7 +486,7 @@ int _system(const char *command, int warn)
|
|||||||
|
|
||||||
static int _keyring_check(void)
|
static int _keyring_check(void)
|
||||||
{
|
{
|
||||||
#ifdef KERNEL_KEYRING
|
#if KERNEL_KEYRING
|
||||||
return syscall(__NR_request_key, "logon", "dummy", NULL, 0) == -1l && errno != ENOSYS;
|
return syscall(__NR_request_key, "logon", "dummy", NULL, 0) == -1l && errno != ENOSYS;
|
||||||
#else
|
#else
|
||||||
return 0;
|
return 0;
|
||||||
|
|||||||
Reference in New Issue
Block a user