From f90edb61330c08a118ce18feef9e5a19301fdae0 Mon Sep 17 00:00:00 2001 From: Milan Broz Date: Sat, 13 Nov 2010 16:41:29 +0000 Subject: [PATCH] Simplify return codes from get key functions. git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@363 36d66b0a-2a48-0410-832c-cd162a569da5 --- lib/setup.c | 223 ++++++++++++++++++++++------------------------ lib/utils_crypt.c | 9 +- lib/utils_crypt.h | 6 +- src/cryptsetup.c | 45 ++++------ 4 files changed, 131 insertions(+), 152 deletions(-) diff --git a/lib/setup.c b/lib/setup.c index ef9b08fe..cd8957b4 100644 --- a/lib/setup.c +++ b/lib/setup.c @@ -173,16 +173,17 @@ static int verify_other_keyslot(struct crypt_device *cd, const char *key_file, int keyIndex) { - struct volume_key *vk; + struct volume_key *vk = NULL; crypt_keyslot_info ki; - int openedIndex; + int openedIndex, r; char *password = NULL; unsigned int passwordLen; - crypt_get_key(_("Enter any remaining LUKS passphrase: "), &password, - &passwordLen, 0, key_file, cd->timeout, cd->password_verify, cd); - if(!password) - return -EINVAL; + r = crypt_get_key(_("Enter any remaining LUKS passphrase: "), + &password, &passwordLen, 0, key_file, cd->timeout, + cd->password_verify, cd); + if(r < 0) + goto out; ki = crypt_keyslot_status(cd, keyIndex); if (ki == CRYPT_SLOT_ACTIVE) /* Not last slot */ @@ -194,36 +195,37 @@ static int verify_other_keyslot(struct crypt_device *cd, if (ki == CRYPT_SLOT_ACTIVE) LUKS_keyslot_set(&cd->hdr, keyIndex, 1); - crypt_free_volume_key(vk); - crypt_safe_free(password); if (openedIndex < 0) - return -EPERM; - - log_verbose(cd, _("Key slot %d verified.\n"), openedIndex); - return 0; + r = -EPERM; + else + log_verbose(cd, _("Key slot %d verified.\n"), openedIndex); +out: + crypt_free_volume_key(vk); + crypt_safe_free(password); + return r; } static int find_keyslot_by_passphrase(struct crypt_device *cd, const char *key_file, char *message) { - struct volume_key *vk; + struct volume_key *vk = NULL; char *password = NULL; unsigned int passwordLen; - int keyIndex; + int r; - crypt_get_key(message,&password,&passwordLen, 0, key_file, - cd->timeout, cd->password_verify, cd); - if(!password) - return -EINVAL; + r = crypt_get_key(message,&password,&passwordLen, 0, key_file, + cd->timeout, cd->password_verify, cd); + if (r < 0) + goto out; - keyIndex = LUKS_open_key_with_hdr(cd->device, CRYPT_ANY_SLOT, password, - passwordLen, &cd->hdr, &vk, cd); + r = LUKS_open_key_with_hdr(cd->device, CRYPT_ANY_SLOT, password, + passwordLen, &cd->hdr, &vk, cd); +out: crypt_free_volume_key(vk); crypt_safe_free(password); - - return keyIndex; + return r; } static int device_check_and_adjust(struct crypt_device *cd, @@ -437,7 +439,7 @@ int crypt_confirm(struct crypt_device *cd, const char *msg) return cd->confirm(msg, cd->confirm_usrptr); } -static void key_from_terminal(struct crypt_device *cd, char *msg, char **key, +static int key_from_terminal(struct crypt_device *cd, char *msg, char **key, unsigned int *key_len, int force_verify) { char *prompt = NULL; @@ -446,7 +448,7 @@ static void key_from_terminal(struct crypt_device *cd, char *msg, char **key, *key = NULL; if(!msg && asprintf(&prompt, _("Enter passphrase for %s: "), cd->device) < 0) - return; + return -ENOMEM; if (!msg) msg = prompt; @@ -454,8 +456,8 @@ static void key_from_terminal(struct crypt_device *cd, char *msg, char **key, if (cd->password) { *key = crypt_safe_alloc(MAX_TTY_PASSWORD_LEN); if (!*key) { - free(prompt); - return; + r = -ENOMEM; + goto out; } r = cd->password(msg, *key, MAX_TTY_PASSWORD_LEN, cd->password_usrptr); if (r < 0) { @@ -464,10 +466,11 @@ static void key_from_terminal(struct crypt_device *cd, char *msg, char **key, } else *key_len = r; } else - crypt_get_key(msg, key, key_len, 0, NULL, cd->timeout, - (force_verify || cd->password_verify), cd); - + r = crypt_get_key(msg, key, key_len, 0, NULL, cd->timeout, + (force_verify || cd->password_verify), cd); +out: free(prompt); + return (r < 0) ? r: 0; } static int volume_key_by_terminal_passphrase(struct crypt_device *cd, int keyslot, @@ -483,32 +486,32 @@ static int volume_key_by_terminal_passphrase(struct crypt_device *cd, int keyslo crypt_free_volume_key(*vk); *vk = NULL; - key_from_terminal(cd, NULL, &passphrase_read, - &passphrase_size_read, 0); - if(!passphrase_read) { - r = -EINVAL; - break; - } + r = key_from_terminal(cd, NULL, &passphrase_read, + &passphrase_size_read, 0); + if(r < 0) + goto out; r = LUKS_open_key_with_hdr(cd->device, keyslot, passphrase_read, passphrase_size_read, &cd->hdr, vk, cd); crypt_safe_free(passphrase_read); passphrase_read = NULL; } while (r == -EPERM && (--tries > 0)); - - if (r < 0 && *vk) { +out: + if (r < 0) { crypt_free_volume_key(*vk); *vk = NULL; } + crypt_safe_free(passphrase_read); return r; } -static void key_from_file(struct crypt_device *cd, char *msg, +static int key_from_file(struct crypt_device *cd, char *msg, char **key, unsigned int *key_len, const char *key_file, size_t key_size) { - crypt_get_key(msg, key, key_len, key_size, key_file, cd->timeout, 0, cd); + return crypt_get_key(msg, key, key_len, key_size, key_file, + cd->timeout, 0, cd); } static int _crypt_init(struct crypt_device **cd, @@ -601,11 +604,9 @@ static int crypt_create_and_update_device(struct crypt_options *options, int upd if (r) return r; - crypt_get_key(_("Enter passphrase: "), &key, &keyLen, options->key_size, - options->key_file, cd->timeout, cd->password_verify, cd); - if (!key) - r = -ENOENT; - else + r = crypt_get_key(_("Enter passphrase: "), &key, &keyLen, options->key_size, + options->key_file, cd->timeout, cd->password_verify, cd); + if (!r) r = create_device_helper(cd, options->name, options->hash, options->cipher, NULL, options->key_file, key, keyLen, options->key_size, options->size, options->skip, @@ -766,13 +767,11 @@ int crypt_luksFormat(struct crypt_options *options) goto out; } - crypt_get_key(_("Enter LUKS passphrase: "), &password, &passwordLen, 0, - options->new_key_file, cd->timeout, cd->password_verify, cd); + r = crypt_get_key(_("Enter LUKS passphrase: "), &password, &passwordLen, 0, + options->new_key_file, cd->timeout, cd->password_verify, cd); - if(!password) { - r = -EINVAL; + if(r < 0) goto out; - } r = crypt_format(cd, CRYPT_LUKS1, cipherName, cipherMode, NULL, NULL, options->key_size, &cp); @@ -1498,25 +1497,22 @@ int crypt_resume_by_keyfile(struct crypt_device *cd, if (!keyfile) return -EINVAL; - key_from_file(cd, _("Enter passphrase: "), &passphrase_read, - &passphrase_size_read, keyfile, keyfile_size); + r = key_from_file(cd, _("Enter passphrase: "), &passphrase_read, + &passphrase_size_read, keyfile, keyfile_size); + if (r < 0) + goto out; - if(!passphrase_read) - r = -EINVAL; - else { - r = LUKS_open_key_with_hdr(cd->device, keyslot, passphrase_read, - passphrase_size_read, &cd->hdr, &vk, cd); - crypt_safe_free(passphrase_read); - } + r = LUKS_open_key_with_hdr(cd->device, keyslot, passphrase_read, + passphrase_size_read, &cd->hdr, &vk, cd); + if (r < 0) + goto out; - if (r >= 0) { - keyslot = r; - r = dm_resume_and_reinstate_key(name, vk->keylength, vk->key); - if (r) - log_err(cd, "Error during resuming device %s.\n", name); - } else - r = keyslot; + keyslot = r; + r = dm_resume_and_reinstate_key(name, vk->keylength, vk->key); + if (r) + log_err(cd, "Error during resuming device %s.\n", name); out: + crypt_safe_free(passphrase_read); crypt_free_volume_key(vk); return r < 0 ? r : keyslot; } @@ -1562,12 +1558,10 @@ int crypt_keyslot_add_by_passphrase(struct crypt_device *cd, passphrase_size, &cd->hdr, &vk, cd); } else { /* Passphrase not provided, ask first and use it to unlock existing keyslot */ - key_from_terminal(cd, _("Enter any passphrase: "), - &password, &passwordLen, 0); - if (!password) { - r = -EINVAL; + r = key_from_terminal(cd, _("Enter any passphrase: "), + &password, &passwordLen, 0); + if (r < 0) goto out; - } r = LUKS_open_key_with_hdr(cd->device, CRYPT_ANY_SLOT, password, passwordLen, &cd->hdr, &vk, cd); @@ -1581,12 +1575,10 @@ int crypt_keyslot_add_by_passphrase(struct crypt_device *cd, new_password = (char *)new_passphrase; new_passwordLen = new_passphrase_size; } else { - key_from_terminal(cd, _("Enter new passphrase for key slot: "), - &new_password, &new_passwordLen, 1); - if(!new_password) { - r = -EINVAL; + r = key_from_terminal(cd, _("Enter new passphrase for key slot: "), + &new_password, &new_passwordLen, 1); + if(r < 0) goto out; - } } r = LUKS_set_key(cd->device, keyslot, new_password, new_passwordLen, @@ -1608,8 +1600,8 @@ int crypt_keyslot_add_by_keyfile(struct crypt_device *cd, const char *new_keyfile, size_t new_keyfile_size) { - struct volume_key *vk=NULL; - char *password=NULL; unsigned int passwordLen; + struct volume_key *vk = NULL; + char *password = NULL; unsigned int passwordLen; char *new_password = NULL; unsigned int new_passwordLen; int r; @@ -1637,39 +1629,36 @@ int crypt_keyslot_add_by_keyfile(struct crypt_device *cd, } else { /* Read password from file of (if NULL) from terminal */ if (keyfile) - key_from_file(cd, _("Enter any passphrase: "), &password, &passwordLen, - keyfile, keyfile_size); + r = key_from_file(cd, _("Enter any passphrase: "), + &password, &passwordLen, + keyfile, keyfile_size); else - key_from_terminal(cd, _("Enter any passphrase: "), - &password, &passwordLen, 0); - - if (!password) - return -EINVAL; + r = key_from_terminal(cd, _("Enter any passphrase: "), + &password, &passwordLen, 0); + if (r < 0) + goto out; r = LUKS_open_key_with_hdr(cd->device, CRYPT_ANY_SLOT, password, passwordLen, &cd->hdr, &vk, cd); - crypt_safe_free(password); } if(r < 0) goto out; if (new_keyfile) - key_from_file(cd, _("Enter new passphrase for key slot: "), - &new_password, &new_passwordLen, new_keyfile, - new_keyfile_size); + r = key_from_file(cd, _("Enter new passphrase for key slot: "), + &new_password, &new_passwordLen, new_keyfile, + new_keyfile_size); else - key_from_terminal(cd, _("Enter new passphrase for key slot: "), - &new_password, &new_passwordLen, 1); - - if(!new_password) { - r = -EINVAL; + r = key_from_terminal(cd, _("Enter new passphrase for key slot: "), + &new_password, &new_passwordLen, 1); + if (r < 0) goto out; - } r = LUKS_set_key(cd->device, keyslot, new_password, new_passwordLen, &cd->hdr, vk, cd->iteration_time, &cd->PBKDF2_per_sec, cd); out: + crypt_safe_free(password); crypt_safe_free(new_password); crypt_free_volume_key(vk); return r < 0 ? r : keyslot; @@ -1712,8 +1701,10 @@ int crypt_keyslot_add_by_volume_key(struct crypt_device *cd, goto out; if (!passphrase) { - key_from_terminal(cd, _("Enter new passphrase for key slot: "), - &new_password, &new_passwordLen, 1); + r = key_from_terminal(cd, _("Enter new passphrase for key slot: "), + &new_password, &new_passwordLen, 1); + if (r < 0) + goto out; passphrase = new_password; passphrase_size = new_passwordLen; } @@ -1721,10 +1712,9 @@ int crypt_keyslot_add_by_volume_key(struct crypt_device *cd, r = LUKS_set_key(cd->device, keyslot, passphrase, passphrase_size, &cd->hdr, vk, cd->iteration_time, &cd->PBKDF2_per_sec, cd); out: - if (new_password) - crypt_safe_free(new_password); + crypt_safe_free(new_password); crypt_free_volume_key(vk); - return r ?: keyslot; + return (r < 0) ? r : keyslot; } int crypt_keyslot_destroy(struct crypt_device *cd, int keyslot) @@ -1782,12 +1772,10 @@ int crypt_activate_by_passphrase(struct crypt_device *cd, /* plain, use hashed passphrase */ if (isPLAIN(cd->type)) { if (!passphrase) { - key_from_terminal(cd, NULL, &read_passphrase, - &passphrase_size, 0); - if (!read_passphrase) { - r = -EINVAL; + r = key_from_terminal(cd, NULL, &read_passphrase, + &passphrase_size, 0); + if (r < 0) goto out; - } passphrase = read_passphrase; } r = create_device_helper(cd, name, cd->plain_hdr.hash, @@ -1854,22 +1842,21 @@ int crypt_activate_by_keyfile(struct crypt_device *cd, if (!keyfile) return -EINVAL; - key_from_file(cd, _("Enter passphrase: "), &passphrase_read, - &passphrase_size_read, keyfile, keyfile_size); - if(!passphrase_read) - r = -EINVAL; - else { - r = LUKS_open_key_with_hdr(cd->device, keyslot, passphrase_read, - passphrase_size_read, &cd->hdr, &vk, cd); - crypt_safe_free(passphrase_read); - } + r = key_from_file(cd, _("Enter passphrase: "), &passphrase_read, + &passphrase_size_read, keyfile, keyfile_size); + if (r < 0) + goto out; - if (r >= 0) { - keyslot = r; - if (name) - r = open_from_hdr_and_vk(cd, vk, name, flags); - } + r = LUKS_open_key_with_hdr(cd->device, keyslot, passphrase_read, + passphrase_size_read, &cd->hdr, &vk, cd); + if (r < 0) + goto out; + keyslot = r; + if (name) + r = open_from_hdr_and_vk(cd, vk, name, flags); +out: + crypt_safe_free(passphrase_read); crypt_free_volume_key(vk); return r < 0 ? r : keyslot; diff --git a/lib/utils_crypt.c b/lib/utils_crypt.c index f51fbeaa..9547a1ad 100644 --- a/lib/utils_crypt.c +++ b/lib/utils_crypt.c @@ -175,9 +175,9 @@ out_err: * Note: --key-file=- is interpreted as a read from a binary file (stdin) */ -void crypt_get_key(char *prompt, char **key, unsigned int *passLen, int key_size, - const char *key_file, int timeout, int verify, - struct crypt_device *cd) +int crypt_get_key(char *prompt, char **key, unsigned int *passLen, int key_size, + const char *key_file, int timeout, int verify, + struct crypt_device *cd) { int fd = -1; char *pass = NULL; @@ -282,7 +282,7 @@ void crypt_get_key(char *prompt, char **key, unsigned int *passLen, int key_size } if(fd != STDIN_FILENO) close(fd); - return; + return 0; out_err: if(fd >= 0 && fd != STDIN_FILENO) @@ -291,4 +291,5 @@ out_err: crypt_safe_free(pass); *key = NULL; *passLen = 0; + return -EINVAL; } diff --git a/lib/utils_crypt.h b/lib/utils_crypt.h index 7c2bd76d..f7a396a2 100644 --- a/lib/utils_crypt.h +++ b/lib/utils_crypt.h @@ -10,9 +10,9 @@ struct crypt_device; int crypt_parse_name_and_mode(const char *s, char *cipher, char *cipher_mode); -void crypt_get_key(char *prompt, char **key, unsigned int *passLen, int key_size, - const char *key_file, int timeout, int how2verify, - struct crypt_device *cd); +int crypt_get_key(char *prompt, char **key, unsigned int *passLen, int key_size, + const char *key_file, int timeout, int how2verify, + struct crypt_device *cd); void *crypt_safe_alloc(size_t size); void crypt_safe_free(void *data); diff --git a/src/cryptsetup.c b/src/cryptsetup.c index 21b71150..61dbcd15 100644 --- a/src/cryptsetup.c +++ b/src/cryptsetup.c @@ -223,12 +223,11 @@ static int action_create(int arg) if (r < 0) goto out; - crypt_get_key(_("Enter passphrase: "), - &password, &passwordLen, - opt_keyfile_size, opt_key_file, - opt_timeout, - opt_batch_mode ? 0 : opt_verify_passphrase, - cd); + r = crypt_get_key(_("Enter passphrase: "), &password, &passwordLen, + opt_keyfile_size, opt_key_file, opt_timeout, + opt_batch_mode ? 0 : opt_verify_passphrase, cd); + if (r < 0) + goto out; r = crypt_activate_by_passphrase(cd, action_argv[0], CRYPT_ANY_SLOT, password, passwordLen, @@ -380,14 +379,10 @@ static int action_luksFormat(int arg) else if (opt_urandom) crypt_set_rng_type(cd, CRYPT_RNG_URANDOM); - r = -EINVAL; - crypt_get_key(_("Enter LUKS passphrase: "), - &password, &passwordLen, - opt_keyfile_size, opt_key_file, - opt_timeout, - opt_batch_mode ? 0 : 1, /* always verify */ - cd); - if(!password) + r = crypt_get_key(_("Enter LUKS passphrase: "), &password, &passwordLen, + opt_keyfile_size, opt_key_file, opt_timeout, + opt_batch_mode ? 0 : 1 /* always verify */, cd); + if (r < 0) goto out; if (opt_master_key_file) { @@ -452,19 +447,17 @@ static int verify_keyslot(struct crypt_device *cd, int key_slot, crypt_keyslot_info ki; char *password = NULL; unsigned int passwordLen, i; - int r = -EPERM; + int r; ki = crypt_keyslot_status(cd, key_slot); if (ki == CRYPT_SLOT_ACTIVE_LAST && msg_last && !_yesDialog(msg_last, NULL)) return -EPERM; - crypt_get_key(msg_pass, &password, &passwordLen, - keyfile_size, key_file, - opt_timeout, - opt_batch_mode ? 0 : opt_verify_passphrase, - cd); - if(!password) - return -EINVAL; + r = crypt_get_key(msg_pass, &password, &passwordLen, + keyfile_size, key_file, opt_timeout, + opt_batch_mode ? 0 : opt_verify_passphrase, cd); + if(r < 0) + goto out; if (ki == CRYPT_SLOT_ACTIVE_LAST) { /* check the last keyslot */ @@ -486,7 +479,7 @@ static int verify_keyslot(struct crypt_device *cd, int key_slot, if (r < 0) log_err(_("No key available with this passphrase.\n")); - +out: crypt_safe_free(password); return r; } @@ -548,16 +541,14 @@ static int action_luksRemoveKey(int arg) if ((r = crypt_load(cd, CRYPT_LUKS1, NULL))) goto out; - crypt_get_key(_("Enter LUKS passphrase to be deleted: "), + r = crypt_get_key(_("Enter LUKS passphrase to be deleted: "), &password, &passwordLen, opt_keyfile_size, opt_key_file, opt_timeout, opt_batch_mode ? 0 : opt_verify_passphrase, cd); - if(!password) { - r = -EINVAL; + if(r < 0) goto out; - } r = crypt_activate_by_passphrase(cd, NULL, CRYPT_ANY_SLOT, password, passwordLen, 0);