From f3a9e95dd85806799591254eaba6ee24fc6e77dc Mon Sep 17 00:00:00 2001 From: Ondrej Kozina Date: Tue, 13 Feb 2018 15:27:54 +0100 Subject: [PATCH] Add simple API for token assignment reporting. --- lib/libcryptsetup.h | 15 +++++++++++++++ lib/libcryptsetup.sym | 1 + lib/luks2/luks2.h | 5 +++++ lib/luks2/luks2_token.c | 24 ++++++++++++++++++++++++ lib/setup.c | 10 ++++++++++ 5 files changed, 55 insertions(+) diff --git a/lib/libcryptsetup.h b/lib/libcryptsetup.h index 73b6c81e..dcb626d7 100644 --- a/lib/libcryptsetup.h +++ b/lib/libcryptsetup.h @@ -1782,6 +1782,21 @@ int crypt_token_unassign_keyslot(struct crypt_device *cd, int token, int keyslot); +/** + * Get info about token assignment to particular keyslot. + * + * @param cd crypt device handle + * @param token token id + * @param keyslot keyslot + * + * @return 0 on success (token exists and is assigned to the keyslot), + * -ENOENT if token is not assigned to a keyslot (token, keyslot + * or both may be inactive) or other negative errno otherwise. + */ +int crypt_token_is_assigned(struct crypt_device *cd, + int token, + int keyslot); + /** * Token handler open function prototype. * This function retrieves password from a token and return allocated buffer diff --git a/lib/libcryptsetup.sym b/lib/libcryptsetup.sym index 83e871be..68796c62 100644 --- a/lib/libcryptsetup.sym +++ b/lib/libcryptsetup.sym @@ -43,6 +43,7 @@ CRYPTSETUP_2.0 { crypt_token_luks2_keyring_set; crypt_token_assign_keyslot; crypt_token_unassign_keyslot; + crypt_token_is_assigned; crypt_token_register; crypt_activate_by_token; diff --git a/lib/luks2/luks2.h b/lib/luks2/luks2.h index d6fe9fdc..df482265 100644 --- a/lib/luks2/luks2.h +++ b/lib/luks2/luks2.h @@ -206,6 +206,11 @@ int LUKS2_token_assign(struct crypt_device *cd, int assign, int commit); +int LUKS2_token_is_assigned(struct crypt_device *cd, + struct luks2_hdr *hdr, + int keyslot, + int token); + int LUKS2_token_create(struct crypt_device *cd, struct luks2_hdr *hdr, int token, diff --git a/lib/luks2/luks2_token.c b/lib/luks2/luks2_token.c index f5417b53..09091a14 100644 --- a/lib/luks2/luks2_token.c +++ b/lib/luks2/luks2_token.c @@ -571,3 +571,27 @@ int LUKS2_token_assign(struct crypt_device *cd, struct luks2_hdr *hdr, return token; } + +int LUKS2_token_is_assigned(struct crypt_device *cd, struct luks2_hdr *hdr, + int keyslot, int token) +{ + int i; + json_object *jobj_token, *jobj_token_keyslots, *jobj; + + if (keyslot < 0 || keyslot >= LUKS2_KEYSLOTS_MAX || token < 0 || token >= LUKS2_TOKENS_MAX) + return -EINVAL; + + jobj_token = LUKS2_get_token_jobj(hdr, token); + if (!jobj_token) + return -ENOENT; + + json_object_object_get_ex(jobj_token, "keyslots", &jobj_token_keyslots); + + for (i = 0; i < (int) json_object_array_length(jobj_token_keyslots); i++) { + jobj = json_object_array_get_idx(jobj_token_keyslots, i); + if (keyslot == atoi(json_object_get_string(jobj))) + return 0; + } + + return -ENOENT; +} diff --git a/lib/setup.c b/lib/setup.c index 252fa9a8..27c79b68 100644 --- a/lib/setup.c +++ b/lib/setup.c @@ -4274,6 +4274,16 @@ int crypt_token_unassign_keyslot(struct crypt_device *cd, int token, int keyslot return LUKS2_token_assign(cd, &cd->u.luks2.hdr, keyslot, token, 0, 1); } +int crypt_token_is_assigned(struct crypt_device *cd, int token, int keyslot) +{ + int r; + + if ((r = _onlyLUKS2(cd, CRYPT_CD_QUIET | CRYPT_CD_UNRESTRICTED))) + return r; + + return LUKS2_token_is_assigned(cd, &cd->u.luks2.hdr, keyslot, token); +} + /* Internal only */ int crypt_metadata_locking_enabled(void) {