Add simple API for token assignment reporting.

2025-12-13 20:00:08 +01:00 · 2018-02-13 15:27:54 +01:00
parent 7378e3be01
commit f3a9e95dd8
5 changed files with 55 additions and 0 deletions
--- a/lib/libcryptsetup.h
+++ b/lib/libcryptsetup.h
@@ -1782,6 +1782,21 @@ int crypt_token_unassign_keyslot(struct crypt_device *cd,
 	int token,
 	int keyslot);
 /**
 * Get info about token assignment to particular keyslot.
 *
 * @param cd crypt device handle
 * @param token token id
 * @param keyslot keyslot
 *
 * @return 0 on success (token exists and is assigned to the keyslot),
 *	   -ENOENT if token is not assigned to a keyslot (token, keyslot
 *	   or both may be inactive) or other negative errno otherwise.
 */
 int crypt_token_is_assigned(struct crypt_device *cd,
 	int token,
 	int keyslot);
 /**
 * Token handler open function prototype.
 * This function retrieves password from a token and return allocated buffer
--- a/lib/libcryptsetup.sym
+++ b/lib/libcryptsetup.sym
@@ -43,6 +43,7 @@ CRYPTSETUP_2.0 {
 		crypt_token_luks2_keyring_set;
 		crypt_token_assign_keyslot;
 		crypt_token_unassign_keyslot;
 		crypt_token_is_assigned;
 		crypt_token_register;
 		crypt_activate_by_token;
--- a/lib/luks2/luks2.h
+++ b/lib/luks2/luks2.h
@@ -206,6 +206,11 @@ int LUKS2_token_assign(struct crypt_device *cd,
 	int assign,
 	int commit);
 int LUKS2_token_is_assigned(struct crypt_device *cd,
 	struct luks2_hdr *hdr,
 	int keyslot,
 	int token);
 int LUKS2_token_create(struct crypt_device *cd,
 	struct luks2_hdr *hdr,
 	int token,
--- a/lib/luks2/luks2_token.c
+++ b/lib/luks2/luks2_token.c
@@ -571,3 +571,27 @@ int LUKS2_token_assign(struct crypt_device *cd, struct luks2_hdr *hdr,
 	return token;
 }
 int LUKS2_token_is_assigned(struct crypt_device *cd, struct luks2_hdr *hdr,
 			    int keyslot, int token)
 {
 	int i;
 	json_object *jobj_token, *jobj_token_keyslots, *jobj;
 	if (keyslot < 0 || keyslot >= LUKS2_KEYSLOTS_MAX || token < 0 || token >= LUKS2_TOKENS_MAX)
 		return -EINVAL;
 	jobj_token = LUKS2_get_token_jobj(hdr, token);
 	if (!jobj_token)
 		return -ENOENT;
 	json_object_object_get_ex(jobj_token, "keyslots", &jobj_token_keyslots);
 	for (i = 0; i < (int) json_object_array_length(jobj_token_keyslots); i++) {
 		jobj = json_object_array_get_idx(jobj_token_keyslots, i);
 		if (keyslot == atoi(json_object_get_string(jobj)))
 			return 0;
 	}
 	return -ENOENT;
 }
--- a/lib/setup.c
+++ b/lib/setup.c
@@ -4274,6 +4274,16 @@ int crypt_token_unassign_keyslot(struct crypt_device *cd, int token, int keyslot
 	return LUKS2_token_assign(cd, &cd->u.luks2.hdr, keyslot, token, 0, 1);
 }
 int crypt_token_is_assigned(struct crypt_device *cd, int token, int keyslot)
 {
 	int r;
 	if ((r = _onlyLUKS2(cd, CRYPT_CD_QUIET | CRYPT_CD_UNRESTRICTED)))
 		return r;
 	return LUKS2_token_is_assigned(cd, &cd->u.luks2.hdr, keyslot, token);
 }
 /* Internal only */
 int crypt_metadata_locking_enabled(void)
 {