Add support for querying journal active devices for integrity and encryption keys.

2025-12-05 16:00:05 +01:00 · 2022-02-16 11:58:46 +01:00
parent f5724a30f9
commit f6c1445c6b
2 changed files with 56 additions and 0 deletions
--- a/lib/libdevmapper.c
+++ b/lib/libdevmapper.c
@@ -2391,6 +2391,8 @@ static int _dm_target_query_integrity(struct crypt_device *cd,
 	struct device *data_device = NULL, *meta_device = NULL;
 	char *integrity = NULL, *journal_crypt = NULL, *journal_integrity = NULL;
 	struct volume_key *vk = NULL;
+	struct volume_key *journal_integrity_key = NULL;
+	struct volume_key *journal_crypt_key = NULL;

 	tgt->type = DM_INTEGRITY;
 	tgt->direction = TARGET_QUERY;
@@ -2520,6 +2522,28 @@ static int _dm_target_query_integrity(struct crypt_device *cd,
 						goto err;
 					}
 				}
+
+				if (str) {
+					len = crypt_hex_to_bytes(str, &str2, 1);
+					if (len < 0) {
+						r = len;
+						goto err;
+					}
+
+					r = 0;
+					if (get_flags & DM_ACTIVE_JOURNAL_CRYPT_KEY) {
+						journal_crypt_key = crypt_alloc_volume_key(len, str2);
+						if (!journal_crypt_key)
+							r = -ENOMEM;
+					} else if (get_flags & DM_ACTIVE_JOURNAL_CRYPT_KEYSIZE) {
+						journal_crypt_key = crypt_alloc_volume_key(len, NULL);
+						if (!journal_crypt_key)
+							r = -ENOMEM;
+					}
+					crypt_safe_free(str2);
+					if (r < 0)
+						goto err;
+				}
 			} else if (!strncmp(arg, "journal_mac:", 12) && !journal_integrity) {
 				str = &arg[12];
 				arg = strsep(&str, ":");
@@ -2530,6 +2554,28 @@ static int _dm_target_query_integrity(struct crypt_device *cd,
 						goto err;
 					}
 				}
+
+				if (str) {
+					len = crypt_hex_to_bytes(str, &str2, 1);
+					if (len < 0) {
+						r = len;
+						goto err;
+					}
+
+					r = 0;
+					if (get_flags & DM_ACTIVE_JOURNAL_MAC_KEY) {
+						journal_integrity_key = crypt_alloc_volume_key(len, str2);
+						if (!journal_integrity_key)
+							r = -ENOMEM;
+					} else if (get_flags & DM_ACTIVE_JOURNAL_MAC_KEYSIZE) {
+						journal_integrity_key = crypt_alloc_volume_key(len, NULL);
+						if (!journal_integrity_key)
+							r = -ENOMEM;
+					}
+					crypt_safe_free(str2);
+					if (r < 0)
+						goto err;
+				}
 			} else if (!strcmp(arg, "recalculate")) {
 				*act_flags |= CRYPT_ACTIVATE_RECALCULATE;
 			} else if (!strcmp(arg, "reset_recalculate")) {
@@ -2565,6 +2611,10 @@ static int _dm_target_query_integrity(struct crypt_device *cd,
 		tgt->u.integrity.journal_integrity = journal_integrity;
 	if (vk)
 		tgt->u.integrity.vk = vk;
+	if (journal_integrity_key)
+		tgt->u.integrity.journal_integrity_key = journal_integrity_key;
+	if (journal_crypt_key)
+		tgt->u.integrity.journal_crypt_key = journal_crypt_key;
 	return 0;
 err:
 	device_free(cd, data_device);
--- a/lib/utils_dm.h
+++ b/lib/utils_dm.h
@@ -94,6 +94,12 @@ int dm_flags(struct crypt_device *cd, dm_target_type target, uint32_t *flags);

 #define DM_ACTIVE_INTEGRITY_PARAMS	(1 << 9)

+#define DM_ACTIVE_JOURNAL_CRYPT_KEY	(1 << 10)
+#define DM_ACTIVE_JOURNAL_CRYPT_KEYSIZE	(1 << 11)
+
+#define DM_ACTIVE_JOURNAL_MAC_KEY	(1 << 12)
+#define DM_ACTIVE_JOURNAL_MAC_KEYSIZE	(1 << 13)
+
 struct dm_target {
 	dm_target_type type;
 	enum tdirection direction;