From f6c1445c6be0e79efb302ecefac75e667d7c6b41 Mon Sep 17 00:00:00 2001 From: "daniel.zatovic" Date: Wed, 16 Feb 2022 11:58:46 +0100 Subject: [PATCH] Add support for querying journal active devices for integrity and encryption keys. --- lib/libdevmapper.c | 50 ++++++++++++++++++++++++++++++++++++++++++++++ lib/utils_dm.h | 6 ++++++ 2 files changed, 56 insertions(+) diff --git a/lib/libdevmapper.c b/lib/libdevmapper.c index c472c434..893c9772 100644 --- a/lib/libdevmapper.c +++ b/lib/libdevmapper.c @@ -2391,6 +2391,8 @@ static int _dm_target_query_integrity(struct crypt_device *cd, struct device *data_device = NULL, *meta_device = NULL; char *integrity = NULL, *journal_crypt = NULL, *journal_integrity = NULL; struct volume_key *vk = NULL; + struct volume_key *journal_integrity_key = NULL; + struct volume_key *journal_crypt_key = NULL; tgt->type = DM_INTEGRITY; tgt->direction = TARGET_QUERY; @@ -2520,6 +2522,28 @@ static int _dm_target_query_integrity(struct crypt_device *cd, goto err; } } + + if (str) { + len = crypt_hex_to_bytes(str, &str2, 1); + if (len < 0) { + r = len; + goto err; + } + + r = 0; + if (get_flags & DM_ACTIVE_JOURNAL_CRYPT_KEY) { + journal_crypt_key = crypt_alloc_volume_key(len, str2); + if (!journal_crypt_key) + r = -ENOMEM; + } else if (get_flags & DM_ACTIVE_JOURNAL_CRYPT_KEYSIZE) { + journal_crypt_key = crypt_alloc_volume_key(len, NULL); + if (!journal_crypt_key) + r = -ENOMEM; + } + crypt_safe_free(str2); + if (r < 0) + goto err; + } } else if (!strncmp(arg, "journal_mac:", 12) && !journal_integrity) { str = &arg[12]; arg = strsep(&str, ":"); @@ -2530,6 +2554,28 @@ static int _dm_target_query_integrity(struct crypt_device *cd, goto err; } } + + if (str) { + len = crypt_hex_to_bytes(str, &str2, 1); + if (len < 0) { + r = len; + goto err; + } + + r = 0; + if (get_flags & DM_ACTIVE_JOURNAL_MAC_KEY) { + journal_integrity_key = crypt_alloc_volume_key(len, str2); + if (!journal_integrity_key) + r = -ENOMEM; + } else if (get_flags & DM_ACTIVE_JOURNAL_MAC_KEYSIZE) { + journal_integrity_key = crypt_alloc_volume_key(len, NULL); + if (!journal_integrity_key) + r = -ENOMEM; + } + crypt_safe_free(str2); + if (r < 0) + goto err; + } } else if (!strcmp(arg, "recalculate")) { *act_flags |= CRYPT_ACTIVATE_RECALCULATE; } else if (!strcmp(arg, "reset_recalculate")) { @@ -2565,6 +2611,10 @@ static int _dm_target_query_integrity(struct crypt_device *cd, tgt->u.integrity.journal_integrity = journal_integrity; if (vk) tgt->u.integrity.vk = vk; + if (journal_integrity_key) + tgt->u.integrity.journal_integrity_key = journal_integrity_key; + if (journal_crypt_key) + tgt->u.integrity.journal_crypt_key = journal_crypt_key; return 0; err: device_free(cd, data_device); diff --git a/lib/utils_dm.h b/lib/utils_dm.h index eedc4ad0..825d2299 100644 --- a/lib/utils_dm.h +++ b/lib/utils_dm.h @@ -94,6 +94,12 @@ int dm_flags(struct crypt_device *cd, dm_target_type target, uint32_t *flags); #define DM_ACTIVE_INTEGRITY_PARAMS (1 << 9) +#define DM_ACTIVE_JOURNAL_CRYPT_KEY (1 << 10) +#define DM_ACTIVE_JOURNAL_CRYPT_KEYSIZE (1 << 11) + +#define DM_ACTIVE_JOURNAL_MAC_KEY (1 << 12) +#define DM_ACTIVE_JOURNAL_MAC_KEYSIZE (1 << 13) + struct dm_target { dm_target_type type; enum tdirection direction;