2 * LUKS - Linux Unified Key Setup v2, internal segment handling
4 * Copyright (C) 2018-2023 Red Hat, Inc. All rights reserved.
5 * Copyright (C) 2018-2023 Ondrej Kozina
7 * This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License
9 * as published by the Free Software Foundation; either version 2
10 * of the License, or (at your option) any later version.
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
22 #include "luks2_internal.h"
24 /* use only on already validated 'segments' object */
25 uint64_t json_segments_get_minimal_offset(json_object *jobj_segments, unsigned blockwise)
27 uint64_t tmp, min = blockwise ? UINT64_MAX >> SECTOR_SHIFT : UINT64_MAX;
32 json_object_object_foreach(jobj_segments, key, val) {
35 if (json_segment_is_backup(val))
38 tmp = json_segment_get_offset(val, blockwise);
50 uint64_t json_segment_get_offset(json_object *jobj_segment, unsigned blockwise)
55 !json_object_object_get_ex(jobj_segment, "offset", &jobj))
58 return blockwise ? crypt_jobj_get_uint64(jobj) >> SECTOR_SHIFT : crypt_jobj_get_uint64(jobj);
61 const char *json_segment_type(json_object *jobj_segment)
66 !json_object_object_get_ex(jobj_segment, "type", &jobj))
69 return json_object_get_string(jobj);
72 uint64_t json_segment_get_iv_offset(json_object *jobj_segment)
77 !json_object_object_get_ex(jobj_segment, "iv_tweak", &jobj))
80 return crypt_jobj_get_uint64(jobj);
83 uint64_t json_segment_get_size(json_object *jobj_segment, unsigned blockwise)
88 !json_object_object_get_ex(jobj_segment, "size", &jobj))
91 return blockwise ? crypt_jobj_get_uint64(jobj) >> SECTOR_SHIFT : crypt_jobj_get_uint64(jobj);
94 const char *json_segment_get_cipher(json_object *jobj_segment)
98 /* FIXME: Pseudo "null" cipher should be handled elsewhere */
100 !json_object_object_get_ex(jobj_segment, "encryption", &jobj))
103 return json_object_get_string(jobj);
106 uint32_t json_segment_get_sector_size(json_object *jobj_segment)
112 !json_object_object_get_ex(jobj_segment, "sector_size", &jobj))
115 i = json_object_get_int(jobj);
116 return i < 0 ? SECTOR_SIZE : i;
119 static json_object *json_segment_get_flags(json_object *jobj_segment)
123 if (!jobj_segment || !(json_object_object_get_ex(jobj_segment, "flags", &jobj)))
128 bool json_segment_contains_flag(json_object *jobj_segment, const char *flag_str, size_t len)
131 json_object *jobj, *jobj_flags = json_segment_get_flags(jobj_segment);
136 for (i = 0; i < (int)json_object_array_length(jobj_flags); i++) {
137 jobj = json_object_array_get_idx(jobj_flags, i);
139 r = strncmp(json_object_get_string(jobj), flag_str, len);
141 r = strcmp(json_object_get_string(jobj), flag_str);
149 bool json_segment_is_backup(json_object *jobj_segment)
151 return json_segment_contains_flag(jobj_segment, "backup-", 7);
154 json_object *json_segments_get_segment(json_object *jobj_segments, int segment)
157 char segment_name[16];
159 if (snprintf(segment_name, sizeof(segment_name), "%u", segment) < 1)
162 if (!json_object_object_get_ex(jobj_segments, segment_name, &jobj))
168 unsigned json_segments_count(json_object *jobj_segments)
175 json_object_object_foreach(jobj_segments, slot, val) {
177 if (!json_segment_is_backup(val))
184 static void _get_segment_or_id_by_flag(json_object *jobj_segments, const char *flag, unsigned id, void *retval)
186 json_object *jobj_flags, **jobj_ret = (json_object **)retval;
187 int *ret = (int *)retval;
192 json_object_object_foreach(jobj_segments, key, value) {
193 if (!json_object_object_get_ex(value, "flags", &jobj_flags))
195 if (LUKS2_array_jobj(jobj_flags, flag)) {
205 void json_segment_remove_flag(json_object *jobj_segment, const char *flag)
207 json_object *jobj_flags, *jobj_flags_new;
212 jobj_flags = json_segment_get_flags(jobj_segment);
216 jobj_flags_new = LUKS2_array_remove(jobj_flags, flag);
220 if (json_object_array_length(jobj_flags_new) <= 0) {
221 json_object_put(jobj_flags_new);
222 json_object_object_del(jobj_segment, "flags");
224 json_object_object_add(jobj_segment, "flags", jobj_flags_new);
227 static json_object *_segment_create_generic(const char *type, uint64_t offset, const uint64_t *length)
229 json_object *jobj = json_object_new_object();
233 json_object_object_add(jobj, "type", json_object_new_string(type));
234 json_object_object_add(jobj, "offset", crypt_jobj_new_uint64(offset));
235 json_object_object_add(jobj, "size", length ? crypt_jobj_new_uint64(*length) : json_object_new_string("dynamic"));
240 json_object *json_segment_create_linear(uint64_t offset, const uint64_t *length, unsigned reencryption)
242 json_object *jobj = _segment_create_generic("linear", offset, length);
244 LUKS2_segment_set_flag(jobj, "in-reencryption");
248 json_object *json_segment_create_crypt(uint64_t offset,
249 uint64_t iv_offset, const uint64_t *length,
250 const char *cipher, uint32_t sector_size,
251 unsigned reencryption)
253 json_object *jobj = _segment_create_generic("crypt", offset, length);
257 json_object_object_add(jobj, "iv_tweak", crypt_jobj_new_uint64(iv_offset));
258 json_object_object_add(jobj, "encryption", json_object_new_string(cipher));
259 json_object_object_add(jobj, "sector_size", json_object_new_int(sector_size));
261 LUKS2_segment_set_flag(jobj, "in-reencryption");
266 uint64_t LUKS2_segment_offset(struct luks2_hdr *hdr, int segment, unsigned blockwise)
268 return json_segment_get_offset(LUKS2_get_segment_jobj(hdr, segment), blockwise);
271 int json_segments_segment_in_reencrypt(json_object *jobj_segments)
273 json_object *jobj_flags;
275 json_object_object_foreach(jobj_segments, slot, val) {
276 if (!json_object_object_get_ex(val, "flags", &jobj_flags) ||
277 !LUKS2_array_jobj(jobj_flags, "in-reencryption"))
286 uint64_t LUKS2_segment_size(struct luks2_hdr *hdr, int segment, unsigned blockwise)
288 return json_segment_get_size(LUKS2_get_segment_jobj(hdr, segment), blockwise);
291 int LUKS2_segment_is_type(struct luks2_hdr *hdr, int segment, const char *type)
293 return !strcmp(json_segment_type(LUKS2_get_segment_jobj(hdr, segment)) ?: "", type);
296 int LUKS2_last_segment_by_type(struct luks2_hdr *hdr, const char *type)
298 json_object *jobj_segments;
304 if (!json_object_object_get_ex(hdr->jobj, "segments", &jobj_segments))
307 json_object_object_foreach(jobj_segments, slot, val) {
308 if (json_segment_is_backup(val))
310 if (strcmp(type, json_segment_type(val) ?: ""))
313 if (atoi(slot) > last_found)
314 last_found = atoi(slot);
320 int LUKS2_segment_by_type(struct luks2_hdr *hdr, const char *type)
322 json_object *jobj_segments;
323 int first_found = -1;
328 if (!json_object_object_get_ex(hdr->jobj, "segments", &jobj_segments))
331 json_object_object_foreach(jobj_segments, slot, val) {
332 if (json_segment_is_backup(val))
334 if (strcmp(type, json_segment_type(val) ?: ""))
338 first_found = atoi(slot);
339 else if (atoi(slot) < first_found)
340 first_found = atoi(slot);
346 int LUKS2_segment_first_unused_id(struct luks2_hdr *hdr)
348 json_object *jobj_segments;
350 if (!json_object_object_get_ex(hdr->jobj, "segments", &jobj_segments))
353 return json_object_object_length(jobj_segments);
356 int LUKS2_segment_set_flag(json_object *jobj_segment, const char *flag)
358 json_object *jobj_flags;
360 if (!jobj_segment || !flag)
363 if (!json_object_object_get_ex(jobj_segment, "flags", &jobj_flags)) {
364 jobj_flags = json_object_new_array();
367 json_object_object_add(jobj_segment, "flags", jobj_flags);
370 if (LUKS2_array_jobj(jobj_flags, flag))
373 json_object_array_add(jobj_flags, json_object_new_string(flag));
378 int LUKS2_segments_set(struct crypt_device *cd, struct luks2_hdr *hdr,
379 json_object *jobj_segments, int commit)
381 json_object_object_add(hdr->jobj, "segments", jobj_segments);
383 return commit ? LUKS2_hdr_write(cd, hdr) : 0;
386 int LUKS2_get_segment_id_by_flag(struct luks2_hdr *hdr, const char *flag)
389 json_object *jobj_segments = LUKS2_get_segments_jobj(hdr);
392 _get_segment_or_id_by_flag(jobj_segments, flag, 1, &ret);
397 json_object *LUKS2_get_segment_by_flag(struct luks2_hdr *hdr, const char *flag)
399 json_object *jobj_segment = NULL,
400 *jobj_segments = LUKS2_get_segments_jobj(hdr);
403 _get_segment_or_id_by_flag(jobj_segments, flag, 0, &jobj_segment);
408 /* compares key characteristics of both segments */
409 bool json_segment_cmp(json_object *jobj_segment_1, json_object *jobj_segment_2)
411 const char *type = json_segment_type(jobj_segment_1);
412 const char *type2 = json_segment_type(jobj_segment_2);
417 if (strcmp(type, type2))
420 if (!strcmp(type, "crypt"))
421 return (json_segment_get_sector_size(jobj_segment_1) == json_segment_get_sector_size(jobj_segment_2) &&
422 !strcmp(json_segment_get_cipher(jobj_segment_1),
423 json_segment_get_cipher(jobj_segment_2)));