eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-06 00:10:04 +01:00
Code Issues Packages Projects Releases Wiki Activity
2,995 Commits 14 Branches 78 Tags
c6ff9f8bd7b316d44c5f45238f0d3efc01e54767
Commit Graph

62 Commits

Author SHA1 Message Date
Ondrej Kozina
c6ff9f8bd7 Respect keyslot priority with token based activation. 
crypt_activate_by_token functions did not respect LUKS2 keyslot
priorities. These calls were able to activate device via keyslot with
CRYPT_SLOT_PRIORITY_IGNORE even when token was set to
CRYPT_ANY_TOKEN. This commit changes the token based activation
so that keyslot with priority ignore is eligible for unlock only
when specific token is selected. Also when activating with token
set to CRYPT_ANY_TOKEN keyslots with higher priority take precedence
over keyslots with normal priority. Keyslot with priority ignore are
correctly ignored when token is CRYPT_ANY_TOKEN.
 2021-07-22 13:55:22 +02:00
Ondrej Kozina
4654e6f578 Add best effort try-loop for token based activation. 
The loop is run only when token id in any of crypt_activate_by_token*
calls is set to CRYPT_ANY_TOKEN.
 2021-07-22 13:55:19 +02:00
Ondrej Kozina
2cf38465c4 Change default error returned by token open. 
It has to be -ENOENT since -EPERM would wrongly
implied the token provided wrong keyslot passphrase.
 2021-07-22 13:47:40 +02:00
Ondrej Kozina
3428296186 Improve debug logs for external token handling. 2021-07-22 13:47:40 +02:00
Ondrej Kozina
6633fa626a Remove unused crypt_token_external_support. 
API can expose same information with crypt_token_external_path.

Also add print out of external token in cryptsetup --help action
(if enabled)
 2021-06-29 14:13:37 +00:00
Ondrej Kozina
aea841eeb0 Add crypt_token_external_path. 2021-06-26 22:08:45 +02:00
Ondrej Kozina
5b9e98f941 Change external token handlers (plugins) default location. 
Search for token handlers in %{libdir}/cryptsetup directory
by default. Distros may change default location via
--with-luks2-external-tokens-path parameter during configuration.
 2021-06-24 12:54:13 +02:00
Milan Broz
df5e54545e Add API and CLI option to disable token plugins. 
This could be useful for debugging external plugins
or ot intentionally disable loading of a token library.
 2021-06-13 23:22:44 +02:00
Milan Broz
4cdd826282 Check exit value for snprintf where it makes sense. 2021-05-18 22:07:47 +02:00
Ondrej Kozina
db44e9de22 Add api exposing external token handlers support. 2021-05-12 14:32:54 +02:00
Ondrej Kozina
c40be6cc7a Replace condition with assert for obvious coding mistake. 2021-04-15 21:43:31 +02:00
Ondrej Kozina
b047b8ae20 Improvements to error code handling during token based activation. 2021-04-15 21:43:31 +02:00
Ondrej Kozina
e9434dc9e3 Check tokens are eligible for unlocking segment keyslots. 
Defer token handler load and token unlock after check token
is assigned to keyslot containing proper data segment volume key.
 2021-04-15 21:43:30 +02:00
Ondrej Kozina
c6149c9cd8 Do not search/load token handler when not needed. 2021-04-15 21:41:09 +02:00
Ondrej Kozina
8f2b23cd94 Refactor LUKS2 token activation. 
Replace LUKS2_token_open_and_activate and
LUKS2_token_open_and_activavate_any with single function
instead.
 2021-04-15 21:41:06 +02:00
Ondrej Kozina
96d83455ca Add API for activating device by specific token type. 2021-03-19 15:26:35 +01:00
Ondrej Kozina
36805b3cfe Allow dash and underscore chars in external token names. 
Current alphabet for external token types is alphanumeric
characters including '-' and '_'. Empty strings are also
forbiden.
 2021-03-19 15:26:35 +01:00
Ondrej Kozina
5d0a11a21b Add pin size parameter in crypt_active_by_pin_token. 
Well, after all it really should have supported binary data
of arbitrary length.
 2021-03-18 18:06:13 +01:00
Milan Broz
2e4a3a9888 Remove unnecessary goto from token load. 2021-02-17 10:03:18 +01:00
Ondrej Kozina
bc7511762f Do not upload vk in keyring for cipher_null segment. 
It does not make sense to upload volume keys in
kernel keyring if segment cipher is cipher_null.
The real volume_key is thrown away and replaced
with empty key anyway.
 2021-02-16 18:08:35 +01:00
Milan Broz
4471452105 Remove some stale FIXME markings. 2021-02-11 11:12:11 +00:00
Milan Broz
d703301fe8 Mark or remove unused parameters. 
Mark unused parameters with proper attribute where it is a part
of API or some internal logic.

And remove other unused parameters completely.
 2021-02-11 11:12:11 +00:00
Ondrej Kozina
fa84d60586 Fix crypt_keyslot_change_by_passphrase tokens bug. 
crypt_keyslot_change_by_passphrase broke token references
to keyslots while existing keyslot id was different from
new keyslot id.
 2021-01-29 18:17:53 +01:00
Ondrej Kozina
6df3488654 Add token handler version function prototype. 
Dynamicaly loaded token handlers should provide
version string for debug purposes.
 2021-01-26 12:41:37 +01:00
Ondrej Kozina
10e4d8fbac Make crypt_activate_by_pin_token addition backward compatible. 
The crypt_activate_by_pin_token may be used only from new
dynamicly loadable token plugins.

Also refactors code for dynamically loadable plugins so
that it does not use crypt_token_handler structure anymore.

Old structure remains used only in crypt_token_register call.
 2021-01-26 12:41:37 +01:00
Ondrej Kozina
81c44b5eee Remove crypt_token_load from API. 2021-01-26 12:41:37 +01:00
Milan Broz
d1d9dd8e20 Update Copyright year. 2021-01-25 22:00:25 +01:00
lixiaokeng
ad7d16a1b4 lib: fix potential segfault in LUKS2_token_buffer_free 
The value of h may be NULL. Check it vefore visiting its
memeber to avoid segfault.

Signed-off-by: Lixiaokeng <lixiaokeng@huawei.com>
Signed-off-by: Linfeilong <linfeilong@huawei.com>
 2020-11-09 09:57:21 +08:00
Ondrej Kozina
c4b7bf8635 Add optional context parameter in crypt_token_load. 2020-08-15 10:15:17 +02:00
Milan Broz
2ce8573f04 Add PIN processing to tokens. 2020-08-15 10:10:40 +02:00
Milan Broz
cb183de1da Add configure option for LUKS2 external tokens lib. 
This is an experimental extension that is disabled for now.
 2020-08-11 17:59:51 +02:00
Ondrej Kozina
c9ff83bfa3 Implement external tokens unload. 2020-08-11 17:36:26 +02:00
Ondrej Kozina
05c997da1f Store dynamic plugin handle. 
For use later when unloading cryptsetup library.
 2020-08-11 17:36:22 +02:00
Ondrej Kozina
f677bdc12f Fix few bugs in previous commit. 
- crypt_token_register must not be called from withing crypt_token_load
(see later commits)

- minor bug in dlvsym/dlerror handling

- check for overflow in LUKS2_token_handler_type
 2020-08-11 17:36:15 +02:00
Milan Broz
2178461c89 Add external token load. 
(just very minor fixes by okozina to compile w/ previous commit)
 2020-08-11 17:36:11 +02:00
Ondrej Kozina
d438151f25 Partially revert few changes. 2020-08-09 13:17:54 +02:00
Milan Broz
7d475266b6 Simplify internal tokens handling. 2020-08-09 13:17:40 +02:00
Milan Broz
080566a1fd Update copyright year. 2020-01-03 13:04:55 +01:00
Milan Broz
b03cb3f3d8 Export memory safe functions. 
Make crypt_safe_alloc/realloc/free and memzero part of API.
 2019-11-16 21:28:54 +01:00
Ondrej Kozina
60d26be325 Load volume key in keyring when activated by token. 
LUKS2 should use keyring for dm-crypt volume keys by default
when possible. crypt_activate_by_token didn't load keys in
keyring by default. It was a bug.
 2019-05-21 18:08:00 +02:00
Milan Broz
237021ec15 Fix some warnings in static analysis. 2019-05-07 13:44:43 +02:00
Ondrej Kozina
03e810ec72 Split crypt_drop_keyring_key in two different routines. 
crypt_drop_keyring_key function allow to drop all keys in keyring
assocatiated with passed volume key list.

crypt_drop_keyring_key_by_description is used to drop independent key.
 2019-03-13 14:56:31 +01:00
Milan Broz
a6f5ce8c7b Update copyright year. 
And unify name copyright format.
 2019-01-25 09:45:57 +01:00
Ondrej Kozina
de0b69691d Add json_object_object_del_by_uint helper routine. 2019-01-01 21:42:46 +01:00
Milan Broz
7812214db6 Add context to device handling functions. 2018-11-27 14:19:57 +01:00
Milan Broz
a5a8467993 Use context in debug log messages. 
To use per-context logging even for debug messages
we need to use the same macro as for error logging.
 2018-11-27 13:37:20 +01:00
Milan Broz
b00a87d8fa Remove trailing EOL for verbose and error messages. 2018-04-26 10:38:17 +02:00
Milan Broz
6997506bb9 Fix error messages and include benchmark string for translators. 2018-04-25 09:35:11 +02:00
Ondrej Kozina
a054206d25 Suppress useless slash escaping in json lib 2018-04-21 20:14:28 +02:00
Milan Broz
aa1551c6e8 Introduce CRYPT_SLOT_UNBOUND keyslot status for LUKS2. 
A keyslot not bound to any segment can store any key for any purpose.

To easily check slot status, new enum value is introduced.
This status is valid only for LUKS2, so the functions are backward compatible
with LUKS1.
 2018-04-19 22:28:13 +02:00