mirror of
https://github.com/systemd/systemd-stable.git
synced 2025-01-18 06:03:42 +03:00
cryptsetup: use crypt_token_max if available
New API added upstream:
8a12f6dc2c
This commit is contained in:
parent
0a9fb9bad8
commit
3c2c8e62c9
@ -1056,6 +1056,8 @@ if want_libcryptsetup != 'false' and not skip_deps
|
||||
have and cc.has_function('crypt_set_metadata_size', dependencies : libcryptsetup))
|
||||
conf.set10('HAVE_CRYPT_ACTIVATE_BY_SIGNED_KEY',
|
||||
have and cc.has_function('crypt_activate_by_signed_key', dependencies : libcryptsetup))
|
||||
conf.set10('HAVE_CRYPT_TOKEN_MAX',
|
||||
have and cc.has_function('crypt_token_max', dependencies : libcryptsetup))
|
||||
else
|
||||
have = false
|
||||
libcryptsetup = []
|
||||
|
@ -37,7 +37,7 @@ int list_enrolled(struct crypt_device *cd) {
|
||||
|
||||
/* Second step, enumerate through all tokens, and update the slot table, indicating what kind of
|
||||
* token they are assigned to */
|
||||
for (int token = 0; token < LUKS2_TOKENS_MAX; token++) {
|
||||
for (int token = 0; token < sym_crypt_token_max(CRYPT_LUKS2); token++) {
|
||||
_cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
|
||||
const char *type;
|
||||
JsonVariant *w, *z;
|
||||
|
@ -20,7 +20,7 @@ static int search_policy_hash(
|
||||
if (hash_size == 0)
|
||||
return 0;
|
||||
|
||||
for (int token = 0; token < LUKS2_TOKENS_MAX; token ++) {
|
||||
for (int token = 0; token < sym_crypt_token_max(CRYPT_LUKS2); token ++) {
|
||||
_cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
|
||||
_cleanup_free_ void *thash = NULL;
|
||||
size_t thash_size = 0;
|
||||
|
@ -99,7 +99,7 @@ static int find_slots_by_mask(
|
||||
|
||||
/* Find all slots that are associated with a token of a type in the specified token type mask */
|
||||
|
||||
for (int token = 0; token < LUKS2_TOKENS_MAX; token++) {
|
||||
for (int token = 0; token < sym_crypt_token_max(CRYPT_LUKS2); token++) {
|
||||
_cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
|
||||
JsonVariant *w, *z;
|
||||
EnrollType t;
|
||||
@ -199,7 +199,7 @@ static int find_slot_tokens(struct crypt_device *cd, Set *wipe_slots, Set *keep_
|
||||
/* Find all tokens matching the slots we want to wipe, so that we can wipe them too. Also, for update
|
||||
* the slots sets according to the token data: add any other slots listed in the tokens we act on. */
|
||||
|
||||
for (int token = 0; token < LUKS2_TOKENS_MAX; token++) {
|
||||
for (int token = 0; token < sym_crypt_token_max(CRYPT_LUKS2); token++) {
|
||||
_cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
|
||||
bool shall_wipe = false;
|
||||
JsonVariant *w, *z;
|
||||
|
@ -119,7 +119,7 @@ int find_fido2_auto_data(
|
||||
|
||||
/* Loads FIDO2 metadata from LUKS2 JSON token headers. */
|
||||
|
||||
for (int token = 0; token < LUKS2_TOKENS_MAX; token ++) {
|
||||
for (int token = 0; token < sym_crypt_token_max(CRYPT_LUKS2); token ++) {
|
||||
_cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
|
||||
JsonVariant *w;
|
||||
|
||||
|
@ -180,7 +180,7 @@ int find_pkcs11_auto_data(
|
||||
|
||||
/* Loads PKCS#11 metadata from LUKS2 JSON token headers. */
|
||||
|
||||
for (int token = 0; token < LUKS2_TOKENS_MAX; token++) {
|
||||
for (int token = 0; token < sym_crypt_token_max(CRYPT_LUKS2); token++) {
|
||||
_cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
|
||||
JsonVariant *w;
|
||||
|
||||
|
@ -84,7 +84,7 @@ int find_tpm2_auto_data(
|
||||
|
||||
assert(cd);
|
||||
|
||||
for (token = start_token; token < LUKS2_TOKENS_MAX; token++) {
|
||||
for (token = start_token; token < sym_crypt_token_max(CRYPT_LUKS2); token++) {
|
||||
_cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
|
||||
JsonVariant *w, *e;
|
||||
|
||||
|
@ -31,6 +31,9 @@ int (*sym_crypt_set_pbkdf_type)(struct crypt_device *cd, const struct crypt_pbkd
|
||||
int (*sym_crypt_token_json_get)(struct crypt_device *cd, int token, const char **json) = NULL;
|
||||
int (*sym_crypt_token_json_set)(struct crypt_device *cd, int token, const char *json) = NULL;
|
||||
int (*sym_crypt_volume_key_get)(struct crypt_device *cd, int keyslot, char *volume_key, size_t *volume_key_size, const char *passphrase, size_t passphrase_size);
|
||||
#if HAVE_CRYPT_TOKEN_MAX
|
||||
int (*sym_crypt_token_max)(const char *type);
|
||||
#endif
|
||||
|
||||
int dlopen_cryptsetup(void) {
|
||||
_cleanup_(dlclosep) void *dl = NULL;
|
||||
@ -69,6 +72,9 @@ int dlopen_cryptsetup(void) {
|
||||
DLSYM_ARG(crypt_token_json_get),
|
||||
DLSYM_ARG(crypt_token_json_set),
|
||||
DLSYM_ARG(crypt_volume_key_get),
|
||||
#if HAVE_CRYPT_TOKEN_MAX
|
||||
DLSYM_ARG(crypt_token_max),
|
||||
#endif
|
||||
NULL);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
@ -37,6 +37,16 @@ extern int (*sym_crypt_set_pbkdf_type)(struct crypt_device *cd, const struct cry
|
||||
extern int (*sym_crypt_token_json_get)(struct crypt_device *cd, int token, const char **json);
|
||||
extern int (*sym_crypt_token_json_set)(struct crypt_device *cd, int token, const char *json);
|
||||
extern int (*sym_crypt_volume_key_get)(struct crypt_device *cd, int keyslot, char *volume_key, size_t *volume_key_size, const char *passphrase, size_t passphrase_size);
|
||||
#if HAVE_CRYPT_TOKEN_MAX
|
||||
extern int (*sym_crypt_token_max)(const char *type);
|
||||
#else
|
||||
/* As a fallback, use the same hard-coded value libcryptsetup uses internally. */
|
||||
static inline int sym_crypt_token_max(_unused_ const char *type) {
|
||||
assert(streq(type, CRYPT_LUKS2));
|
||||
|
||||
return 32;
|
||||
}
|
||||
#endif
|
||||
|
||||
int dlopen_cryptsetup(void);
|
||||
|
||||
@ -51,8 +61,4 @@ int cryptsetup_get_token_as_json(struct crypt_device *cd, int idx, const char *v
|
||||
int cryptsetup_get_keyslot_from_token(JsonVariant *v);
|
||||
int cryptsetup_add_token_json(struct crypt_device *cd, JsonVariant *v);
|
||||
|
||||
/* Stolen from cryptsetup's sources. We use to iterate through all tokens defined for a volume. Ideally, we'd
|
||||
* be able to query this via some API, but there appears to be none currently in libcryptsetup. */
|
||||
#define LUKS2_TOKENS_MAX 32
|
||||
|
||||
#endif
|
||||
|
Loading…
x
Reference in New Issue
Block a user