1
1
mirror of https://github.com/systemd/systemd-stable.git synced 2025-01-18 06:03:42 +03:00

cryptsetup: use crypt_token_max if available

New API added upstream:

8a12f6dc2c
This commit is contained in:
Luca Boccassi 2020-12-28 23:50:16 +00:00 committed by Luca Boccassi
parent 0a9fb9bad8
commit 3c2c8e62c9
9 changed files with 25 additions and 11 deletions

View File

@ -1056,6 +1056,8 @@ if want_libcryptsetup != 'false' and not skip_deps
have and cc.has_function('crypt_set_metadata_size', dependencies : libcryptsetup)) have and cc.has_function('crypt_set_metadata_size', dependencies : libcryptsetup))
conf.set10('HAVE_CRYPT_ACTIVATE_BY_SIGNED_KEY', conf.set10('HAVE_CRYPT_ACTIVATE_BY_SIGNED_KEY',
have and cc.has_function('crypt_activate_by_signed_key', dependencies : libcryptsetup)) have and cc.has_function('crypt_activate_by_signed_key', dependencies : libcryptsetup))
conf.set10('HAVE_CRYPT_TOKEN_MAX',
have and cc.has_function('crypt_token_max', dependencies : libcryptsetup))
else else
have = false have = false
libcryptsetup = [] libcryptsetup = []

View File

@ -37,7 +37,7 @@ int list_enrolled(struct crypt_device *cd) {
/* Second step, enumerate through all tokens, and update the slot table, indicating what kind of /* Second step, enumerate through all tokens, and update the slot table, indicating what kind of
* token they are assigned to */ * token they are assigned to */
for (int token = 0; token < LUKS2_TOKENS_MAX; token++) { for (int token = 0; token < sym_crypt_token_max(CRYPT_LUKS2); token++) {
_cleanup_(json_variant_unrefp) JsonVariant *v = NULL; _cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
const char *type; const char *type;
JsonVariant *w, *z; JsonVariant *w, *z;

View File

@ -20,7 +20,7 @@ static int search_policy_hash(
if (hash_size == 0) if (hash_size == 0)
return 0; return 0;
for (int token = 0; token < LUKS2_TOKENS_MAX; token ++) { for (int token = 0; token < sym_crypt_token_max(CRYPT_LUKS2); token ++) {
_cleanup_(json_variant_unrefp) JsonVariant *v = NULL; _cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
_cleanup_free_ void *thash = NULL; _cleanup_free_ void *thash = NULL;
size_t thash_size = 0; size_t thash_size = 0;

View File

@ -99,7 +99,7 @@ static int find_slots_by_mask(
/* Find all slots that are associated with a token of a type in the specified token type mask */ /* Find all slots that are associated with a token of a type in the specified token type mask */
for (int token = 0; token < LUKS2_TOKENS_MAX; token++) { for (int token = 0; token < sym_crypt_token_max(CRYPT_LUKS2); token++) {
_cleanup_(json_variant_unrefp) JsonVariant *v = NULL; _cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
JsonVariant *w, *z; JsonVariant *w, *z;
EnrollType t; EnrollType t;
@ -199,7 +199,7 @@ static int find_slot_tokens(struct crypt_device *cd, Set *wipe_slots, Set *keep_
/* Find all tokens matching the slots we want to wipe, so that we can wipe them too. Also, for update /* Find all tokens matching the slots we want to wipe, so that we can wipe them too. Also, for update
* the slots sets according to the token data: add any other slots listed in the tokens we act on. */ * the slots sets according to the token data: add any other slots listed in the tokens we act on. */
for (int token = 0; token < LUKS2_TOKENS_MAX; token++) { for (int token = 0; token < sym_crypt_token_max(CRYPT_LUKS2); token++) {
_cleanup_(json_variant_unrefp) JsonVariant *v = NULL; _cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
bool shall_wipe = false; bool shall_wipe = false;
JsonVariant *w, *z; JsonVariant *w, *z;

View File

@ -119,7 +119,7 @@ int find_fido2_auto_data(
/* Loads FIDO2 metadata from LUKS2 JSON token headers. */ /* Loads FIDO2 metadata from LUKS2 JSON token headers. */
for (int token = 0; token < LUKS2_TOKENS_MAX; token ++) { for (int token = 0; token < sym_crypt_token_max(CRYPT_LUKS2); token ++) {
_cleanup_(json_variant_unrefp) JsonVariant *v = NULL; _cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
JsonVariant *w; JsonVariant *w;

View File

@ -180,7 +180,7 @@ int find_pkcs11_auto_data(
/* Loads PKCS#11 metadata from LUKS2 JSON token headers. */ /* Loads PKCS#11 metadata from LUKS2 JSON token headers. */
for (int token = 0; token < LUKS2_TOKENS_MAX; token++) { for (int token = 0; token < sym_crypt_token_max(CRYPT_LUKS2); token++) {
_cleanup_(json_variant_unrefp) JsonVariant *v = NULL; _cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
JsonVariant *w; JsonVariant *w;

View File

@ -84,7 +84,7 @@ int find_tpm2_auto_data(
assert(cd); assert(cd);
for (token = start_token; token < LUKS2_TOKENS_MAX; token++) { for (token = start_token; token < sym_crypt_token_max(CRYPT_LUKS2); token++) {
_cleanup_(json_variant_unrefp) JsonVariant *v = NULL; _cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
JsonVariant *w, *e; JsonVariant *w, *e;

View File

@ -31,6 +31,9 @@ int (*sym_crypt_set_pbkdf_type)(struct crypt_device *cd, const struct crypt_pbkd
int (*sym_crypt_token_json_get)(struct crypt_device *cd, int token, const char **json) = NULL; int (*sym_crypt_token_json_get)(struct crypt_device *cd, int token, const char **json) = NULL;
int (*sym_crypt_token_json_set)(struct crypt_device *cd, int token, const char *json) = NULL; int (*sym_crypt_token_json_set)(struct crypt_device *cd, int token, const char *json) = NULL;
int (*sym_crypt_volume_key_get)(struct crypt_device *cd, int keyslot, char *volume_key, size_t *volume_key_size, const char *passphrase, size_t passphrase_size); int (*sym_crypt_volume_key_get)(struct crypt_device *cd, int keyslot, char *volume_key, size_t *volume_key_size, const char *passphrase, size_t passphrase_size);
#if HAVE_CRYPT_TOKEN_MAX
int (*sym_crypt_token_max)(const char *type);
#endif
int dlopen_cryptsetup(void) { int dlopen_cryptsetup(void) {
_cleanup_(dlclosep) void *dl = NULL; _cleanup_(dlclosep) void *dl = NULL;
@ -69,6 +72,9 @@ int dlopen_cryptsetup(void) {
DLSYM_ARG(crypt_token_json_get), DLSYM_ARG(crypt_token_json_get),
DLSYM_ARG(crypt_token_json_set), DLSYM_ARG(crypt_token_json_set),
DLSYM_ARG(crypt_volume_key_get), DLSYM_ARG(crypt_volume_key_get),
#if HAVE_CRYPT_TOKEN_MAX
DLSYM_ARG(crypt_token_max),
#endif
NULL); NULL);
if (r < 0) if (r < 0)
return r; return r;

View File

@ -37,6 +37,16 @@ extern int (*sym_crypt_set_pbkdf_type)(struct crypt_device *cd, const struct cry
extern int (*sym_crypt_token_json_get)(struct crypt_device *cd, int token, const char **json); extern int (*sym_crypt_token_json_get)(struct crypt_device *cd, int token, const char **json);
extern int (*sym_crypt_token_json_set)(struct crypt_device *cd, int token, const char *json); extern int (*sym_crypt_token_json_set)(struct crypt_device *cd, int token, const char *json);
extern int (*sym_crypt_volume_key_get)(struct crypt_device *cd, int keyslot, char *volume_key, size_t *volume_key_size, const char *passphrase, size_t passphrase_size); extern int (*sym_crypt_volume_key_get)(struct crypt_device *cd, int keyslot, char *volume_key, size_t *volume_key_size, const char *passphrase, size_t passphrase_size);
#if HAVE_CRYPT_TOKEN_MAX
extern int (*sym_crypt_token_max)(const char *type);
#else
/* As a fallback, use the same hard-coded value libcryptsetup uses internally. */
static inline int sym_crypt_token_max(_unused_ const char *type) {
assert(streq(type, CRYPT_LUKS2));
return 32;
}
#endif
int dlopen_cryptsetup(void); int dlopen_cryptsetup(void);
@ -51,8 +61,4 @@ int cryptsetup_get_token_as_json(struct crypt_device *cd, int idx, const char *v
int cryptsetup_get_keyslot_from_token(JsonVariant *v); int cryptsetup_get_keyslot_from_token(JsonVariant *v);
int cryptsetup_add_token_json(struct crypt_device *cd, JsonVariant *v); int cryptsetup_add_token_json(struct crypt_device *cd, JsonVariant *v);
/* Stolen from cryptsetup's sources. We use to iterate through all tokens defined for a volume. Ideally, we'd
* be able to query this via some API, but there appears to be none currently in libcryptsetup. */
#define LUKS2_TOKENS_MAX 32
#endif #endif