projects / platform / upstream / cryptsetup.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Add non-exclusive override via --non-exclusive.
[platform/upstream/cryptsetup.git] / lib / setup.c
1 #include <string.h>
2 #include <stdio.h>
3 #include <stdlib.h>
4 #include <inttypes.h>
5 #include <sys/types.h>
6 #include <sys/ioctl.h>
7 #include <sys/mman.h>
8 #include <fcntl.h>
9 #include <unistd.h>
10 #include <errno.h>
11 #include <signal.h>
12 #include <assert.h>
13
14 #include "libcryptsetup.h"
15 #include "internal.h"
16 #include "blockdev.h"
17 #include "luks.h"
18
19 struct device_infos {
20         uint64_t        size;
21         int             readonly;
22 };
23
24 static int memory_unsafe = 0;
25 static char *default_backend = NULL;
26
27 #define at_least_one(a) ({ __typeof__(a) __at_least_one=(a); (__at_least_one)?__at_least_one:1; })
28
29 static void logger(struct crypt_options *options, int class, char *format, ...) {
30         va_list argp;
31         char *target;
32
33         va_start(argp, format);
34         vasprintf(&target, format, argp);
35         options->icb->log(class, target);
36
37         va_end(argp);
38         free(target);
39 }
40
41 static void hexprintICB(struct crypt_options *options, int class, char *d, int n)
42 {
43         int i;
44         for(i = 0; i < n; i++)
45                 logger(options, class, "%02hhx ", (char)d[i]);
46 }
47
48 static int setup_enter(struct setup_backend *backend, void (*log)(int, char *))
49 {
50         int r;
51
52         /*
53          * from here we could have sensible data in memory
54          * so protect it from being swapped out
55          */
56         r = mlockall(MCL_CURRENT | MCL_FUTURE);
57         if (r < 0) {
58                 perror("mlockall failed");
59                 log(CRYPT_LOG_ERROR, "WARNING!!! Possibly insecure memory. Are you root?\n");
60                 memory_unsafe = 1;
61         }
62
63         set_error(NULL);
64
65         if (backend) {
66                 r = backend->init();
67                 if (r < 0)
68                         return r;
69                 if (r > 0)
70                         memory_unsafe = 1;
71         }
72
73         return 0;
74 }
75
76 static int setup_leave(struct setup_backend *backend)
77 {
78         if (backend)
79                 backend->exit();
80
81         /* dangerous, we can't wipe all the memory */
82         if (!memory_unsafe)
83                 munlockall();
84
85         return 0;
86 }
87
88 /*
89  * Password processing behaviour matrix of process_key
90  * 
91  * from binary file: check if there is sufficently large key material
92  * interactive & from fd: hash if requested, otherwise crop or pad with '0'
93  */
94
95 static char *process_key(struct crypt_options *options, char *pass, int passLen) {
96         char *key = safe_alloc(options->key_size);
97         memset(key, 0, options->key_size);
98
99         /* key is coming from binary file */
100         if (options->key_file && strcmp(options->key_file, "-")) {
101                 if(passLen < options->key_size) {
102                         set_error("Could not read %d bytes from key file",
103                                   options->key_size);
104                         safe_free(key);
105                         return NULL;
106                 } 
107                 memcpy(key,pass,options->key_size);
108                 return key;
109         }
110         
111         /* key is coming from tty, fd or binary stdin */
112         if (options->hash) {
113                 if (hash(NULL, options->hash,
114                          key, options->key_size,
115                          pass, passLen) < 0)
116                 {
117                         safe_free(key);
118                         return NULL;
119                 }
120         } else if (passLen > options->key_size) {
121                 memcpy(key, pass, options->key_size);
122         } else {
123                 memcpy(key, pass, passLen);
124         }
125
126         return key;
127 }
128
129 static int get_device_infos(const char *device, struct device_infos *infos)
130 {
131         char buf[128];
132         uint64_t size;
133         unsigned long size_small;
134         int readonly = 0;
135         int ret = -1;
136         int fd;
137
138         /* Try to open read-write to check whether it is a read-only device */
139         fd = open(device, O_RDWR);
140         if (fd < 0) {
141                 if (errno == EROFS) {
142                         readonly = 1;
143                         fd = open(device, O_RDONLY);
144                 }
145         } else {
146                 close(fd);
147                 fd = open(device, O_RDONLY);
148         }
149         if (fd < 0) {
150                 set_error("Error opening device: %s",
151                           strerror_r(errno, buf, 128));
152                 return -1;
153         }
154
155 #ifdef BLKROGET
156         /* If the device can be opened read-write, i.e. readonly is still 0, then
157          * check whether BKROGET says that it is read-only. E.g. read-only loop
158          * devices may be openend read-write but are read-only according to BLKROGET
159          */
160         if (readonly == 0) {
161                 if (ioctl(fd, BLKROGET, &readonly) < 0) {
162                         set_error("BLKROGET failed on device: %s",
163                                   strerror_r(errno, buf, 128));
164                         return -1;
165                 }
166         }
167 #else
168 #error BLKROGET not available
169 #endif
170
171 #ifdef BLKGETSIZE64
172         if (ioctl(fd, BLKGETSIZE64, &size) >= 0) {
173                 size >>= SECTOR_SHIFT;
174                 ret = 0;
175                 goto out;
176         }
177 #endif
178
179 #ifdef BLKGETSIZE
180         if (ioctl(fd, BLKGETSIZE, &size_small) >= 0) {
181                 size = (uint64_t)size_small;
182                 ret = 0;
183                 goto out;
184         }
185 #else
186 #       error Need at least the BLKGETSIZE ioctl!
187 #endif
188
189         set_error("BLKGETSIZE ioctl failed on device: %s",
190                   strerror_r(errno, buf, 128));
191
192 out:
193         if (ret == 0) {
194                 infos->size = size;
195                 infos->readonly = readonly;
196         }
197         close(fd);
198         return ret;
199 }
200
201 static int parse_into_name_and_mode(const char *nameAndMode, char *name,
202                                     char *mode)
203 {
204 /* Token content stringification, see info cpp/stringification */
205 #define str(s) #s
206 #define xstr(s) str(s)
207 #define scanpattern1 "%" xstr(LUKS_CIPHERNAME_L) "[^-]-%" xstr(LUKS_CIPHERMODE_L)  "s"
208 #define scanpattern2 "%" xstr(LUKS_CIPHERNAME_L) "[^-]"
209
210         int r;
211
212         if(sscanf(nameAndMode,scanpattern1, name, mode) != 2) {
213                 if((r = sscanf(nameAndMode,scanpattern2,name)) == 1) {
214                         strncpy(mode,"cbc-plain",10);
215                 } 
216                 else {
217                         set_error("no known cipher-spec pattern detected");
218                         return -EINVAL;
219                 }
220         }
221
222         return 0;
223
224 #undef sp1
225 #undef sp2
226 #undef str
227 #undef xstr
228 }
229
230 /* Select free keyslot or verifies that the one specified is empty */
231 static int keyslot_from_option(int keySlotOption, struct luks_phdr *hdr) {
232         if(keySlotOption != -1) {
233                 if(keySlotOption >= LUKS_NUMKEYS) {
234                         set_error("slot %d too high, please pick between 0 and %d", keySlotOption, LUKS_NUMKEYS);
235                         return -EINVAL;
236                 } else if(hdr->keyblock[keySlotOption].active != LUKS_KEY_DISABLED) {
237                         set_error("slot %d full, please pick another one", keySlotOption);
238                         return -EINVAL;
239                 } else {
240                         return keySlotOption;
241                 }
242         } else {
243                 int i;
244                 /* Find empty key slot */
245                 for(i=0; i<LUKS_NUMKEYS; i++) {
246                         if(hdr->keyblock[i].active == LUKS_KEY_DISABLED) break;
247                 }
248                 if(i==LUKS_NUMKEYS) {
249                         set_error("All slots full");
250                         return -EINVAL;
251                 }
252                 return i;
253         }
254 }
255
256 static int __crypt_create_device(int reload, struct setup_backend *backend,
257                                  struct crypt_options *options)
258 {
259         struct crypt_options tmp = {
260                 .name = options->name,
261         };
262         struct device_infos infos;
263         char *key = NULL;
264         int keyLen;
265         char *processed_key = NULL;
266         int r;
267
268         r = backend->status(0, &tmp, NULL);
269         if (reload) {
270                 if (r < 0)
271                         return r;
272         } else {
273                 if (r >= 0) {
274                         set_error("Device already exists");
275                         return -EEXIST;
276                 }
277                 if (r != -ENODEV)
278                         return r;
279         }
280
281         if (options->key_size < 0 || options->key_size > 1024) {
282                 set_error("Invalid key size");
283                 return -EINVAL;
284         }
285
286         if (get_device_infos(options->device, &infos) < 0)
287                 return -ENOTBLK;
288
289         if (!options->size) {
290                 options->size = infos.size;
291                 if (!options->size) {
292                         set_error("Not a block device");
293                         return -ENOTBLK;
294                 }
295                 if (options->size <= options->offset) {
296                         set_error("Invalid offset");
297                         return -EINVAL;
298                 }
299                 options->size -= options->offset;
300         }
301
302         if (infos.readonly)
303                 options->flags |= CRYPT_FLAG_READONLY;
304
305         get_key("Enter passphrase: ", &key, &keyLen, options->key_size, options->key_file, options->passphrase_fd, options->timeout, options->flags);
306         if (!key) {
307                 set_error("Key reading error");
308                 return -ENOENT;
309         }
310         
311         processed_key = process_key(options,key,keyLen);
312         safe_free(key);
313         
314         if (!processed_key) {
315                 const char *error=get_error();
316                 if(error) {
317                         char *c_error_handling_sucks;
318                         asprintf(&c_error_handling_sucks,"Key processing error: %s",error);
319                         set_error(c_error_handling_sucks);
320                         free(c_error_handling_sucks);
321                 } else
322                         set_error("Key processing error");
323                 return -ENOENT;
324         }
325         
326         r = backend->create(reload, options, processed_key);
327         
328         safe_free(processed_key);
329
330         return r;
331 }
332
333 static int __crypt_query_device(int details, struct setup_backend *backend,
334                                 struct crypt_options *options)
335 {
336         int r = backend->status(details, options, NULL);
337         if (r == -ENODEV)
338                 return 0;
339         else if (r >= 0)
340                 return 1;
341         else
342                 return r;
343 }
344
345 static int __crypt_resize_device(int details, struct setup_backend *backend,
346                                 struct crypt_options *options)
347 {
348         struct crypt_options tmp = {
349                 .name = options->name,
350         };
351         struct device_infos infos;
352         char *key = NULL;
353         int r;
354
355         r = backend->status(1, &tmp, &key);
356         if (r < 0)
357                 return r;
358
359         if (get_device_infos(tmp.device, &infos) < 0)
360                 return -EINVAL;
361
362         if (!options->size) {
363                 options->size = infos.size;
364                 if (!options->size) {
365                         set_error("Not a block device");
366                         return -ENOTBLK;
367                 }
368                 if (options->size <= tmp.offset) {
369                         set_error("Invalid offset");
370                         return -EINVAL;
371                 }
372                 options->size -= tmp.offset;
373         }
374         tmp.size = options->size;
375
376         if (infos.readonly)
377                 options->flags |= CRYPT_FLAG_READONLY;
378
379         r = backend->create(1, &tmp, key);
380
381         safe_free(key);
382
383         return r;
384 }
385
386 static int __crypt_remove_device(int arg, struct setup_backend *backend,
387                                  struct crypt_options *options)
388 {
389         int r;
390
391         r = backend->status(0, options, NULL);
392         if (r < 0)
393                 return r;
394         if (r > 0) {
395                 set_error("Device busy");
396                 return -EBUSY;
397         }
398
399         return backend->remove(options);
400 }
401
402 static int __crypt_luks_format(int arg, struct setup_backend *backend, struct crypt_options *options)
403 {
404         int r;
405         
406         struct luks_phdr header;
407         struct luks_masterkey *mk=NULL;
408         char *password=NULL; 
409         char cipherName[LUKS_CIPHERNAME_L];
410         char cipherMode[LUKS_CIPHERMODE_L];
411         int passwordLen;
412         int PBKDF2perSecond;
413         int keyIndex;
414
415         if (!LUKS_device_ready(options->device, O_RDWR | O_EXCL)) {
416                 set_error("Can not access device");
417                 r = -ENOTBLK; goto out;
418         }
419
420         mk = LUKS_generate_masterkey(options->key_size);
421         if(NULL == mk) return -ENOMEM; 
422
423 #ifdef LUKS_DEBUG
424 #define printoffset(entry) logger(options, CRYPT_LOG_ERROR, ("offset of " #entry " = %d\n", (char *)(&header.entry)-(char *)(&header))
425
426         logger(options, CRYPT_LOG_ERROR, "sizeof phdr %d, key slot %d\n",sizeof(struct luks_phdr),sizeof(header.keyblock[0]));
427
428         printoffset(magic);
429         printoffset(version);
430         printoffset(cipherName);
431         printoffset(cipherMode);
432         printoffset(hashSpec);
433         printoffset(payloadOffset);
434         printoffset(keyBytes);
435         printoffset(mkDigest);
436         printoffset(mkDigestSalt);
437         printoffset(mkDigestIterations);
438         printoffset(uuid);
439 #endif
440
441         r = parse_into_name_and_mode(options->cipher, cipherName, cipherMode);
442         if(r < 0) return r;
443
444         r = LUKS_generate_phdr(&header,mk,cipherName, cipherMode,LUKS_STRIPES, options->align_payload);
445         if(r < 0) {
446                 set_error("Can't generate phdr");
447                 return r; 
448         }
449
450         keyIndex = keyslot_from_option(options->key_slot, &header);
451
452         PBKDF2perSecond = LUKS_benchmarkt_iterations();
453         header.keyblock[keyIndex].passwordIterations = at_least_one(PBKDF2perSecond * ((float)options->iteration_time / 1000.0));
454 #ifdef LUKS_DEBUG
455         logger(options->icb->log,CRYPT_LOG_ERROR, "pitr %d\n", header.keyblock[0].passwordIterations);
456 #endif
457         get_key("Enter LUKS passphrase: ",&password,&passwordLen, 0, options->new_key_file, options->passphrase_fd, options->timeout, options->flags);
458         if(!password) {
459                 r = -EINVAL; goto out;
460         }
461
462         /* Set key, also writes phdr */
463         r = LUKS_set_key(options->device, keyIndex, password, passwordLen, &header, mk, backend);
464         if(r < 0) goto out; 
465
466         r = 0;
467 out:
468         LUKS_dealloc_masterkey(mk);
469         safe_free(password);
470         return r;
471 }
472
473 static int __crypt_luks_open(int arg, struct setup_backend *backend, struct crypt_options *options)
474 {
475         struct luks_masterkey *mk=NULL;
476         struct luks_phdr hdr;
477         char *password; int passwordLen;
478         struct device_infos infos;
479         struct crypt_options tmp = {
480                 .name = options->name,
481         };
482         char *dmCipherSpec;
483         int r, tries = options->tries;
484         int excl = (options->flags & CRYPT_FLAG_NON_EXCLUSIVE_ACCESS) ? 0 : O_EXCL ;
485
486         r = backend->status(0, &tmp, NULL);
487         if (r >= 0) {
488                 set_error("Device already exists");
489                 return -EEXIST;
490         }
491
492         if (!LUKS_device_ready(options->device, O_RDONLY | excl)) {
493                 set_error("Can not access device");
494                 return -ENOTBLK;
495         }
496
497         if (get_device_infos(options->device, &infos) < 0) {
498                 set_error("Can't get device information.\n");
499                 return -ENOTBLK;
500         }
501
502         if (infos.readonly)
503                 options->flags |= CRYPT_FLAG_READONLY;
504
505 start:
506         mk=NULL;
507
508         if(get_key("Enter LUKS passphrase: ",&password,&passwordLen, 0, options->key_file,  options->passphrase_fd, options->timeout, options->flags))
509                 tries--;
510         else
511                 tries = 0;
512
513         if(!password) {
514                 r = -EINVAL; goto out;
515         }
516         
517         r = LUKS_open_any_key(options->device, password, passwordLen, &hdr, &mk, backend);
518         if(r < 0) {
519                 set_error("No key available with this passphrase.\n");
520                 goto out1;
521         } else
522                 logger(options, CRYPT_LOG_NORMAL,"key slot %d unlocked.\n", r);
523
524         
525         options->offset = hdr.payloadOffset;
526         asprintf(&dmCipherSpec, "%s-%s", hdr.cipherName, hdr.cipherMode);
527         if(!dmCipherSpec) {
528                 r = -ENOMEM;
529                 goto out2;
530         }
531         options->cipher = dmCipherSpec;
532         options->key_size = mk->keyLength;
533         options->skip = 0;
534
535         options->size = infos.size;
536         if (!options->size) {
537                 set_error("Not a block device.\n");
538                 r = -ENOTBLK; goto out2;
539         }
540         if (options->size <= options->offset) {
541                 set_error("Invalid offset");
542                 r = -EINVAL; goto out2;
543         }
544         options->size -= options->offset;
545         r = backend->create(0, options, mk->key);
546
547  out2:
548         free(dmCipherSpec);
549  out1:
550         safe_free(password);
551  out:
552         LUKS_dealloc_masterkey(mk);
553         if (r == -EPERM && tries > 0)
554                 goto start;
555
556         return r;
557 }
558
559 static int __crypt_luks_add_key(int arg, struct setup_backend *backend, struct crypt_options *options)
560 {
561         struct luks_masterkey *mk=NULL;
562         struct luks_phdr hdr;
563         char *password=NULL; unsigned int passwordLen;
564         unsigned int i; unsigned int keyIndex;
565         const char *device = options->device;
566         int r;
567         int key_slot = options->key_slot;
568         
569         if (!LUKS_device_ready(options->device, O_RDWR)) {
570                 set_error("Can not access device");
571                 r = -ENOTBLK; goto out;
572         }
573
574         r = LUKS_read_phdr(device, &hdr);
575         if(r < 0) return r;
576
577
578         keyIndex = keyslot_from_option(options->key_slot, &hdr);
579
580         get_key("Enter any LUKS passphrase: ",
581                 &password,
582                 &passwordLen, 
583                 0,
584                 options->key_file, 
585                 options->passphrase_fd, 
586                 options->timeout, 
587                 options->flags & ~(CRYPT_FLAG_VERIFY | CRYPT_FLAG_VERIFY_IF_POSSIBLE));
588
589         if(!password) {
590                 r = -EINVAL; goto out;
591         }
592         r = LUKS_open_any_key(device, password, passwordLen, &hdr, &mk, backend);
593         if(r < 0) {
594                 options->icb->log(CRYPT_LOG_ERROR,"No key available with this passphrase.\n");
595                 r = -EPERM; goto out;
596         } else
597                 logger(options, CRYPT_LOG_NORMAL,"key slot %d unlocked.\n", r);
598
599         safe_free(password);
600         
601         get_key("Enter new passphrase for key slot: ",
602                 &password,
603                 &passwordLen,
604                 0,
605                 options->new_key_file,
606                 options->passphrase_fd,
607                 options->timeout, 
608                 options->flags);
609         if(!password) {
610                 r = -EINVAL; goto out;
611         }
612
613         hdr.keyblock[keyIndex].passwordIterations = at_least_one(LUKS_benchmarkt_iterations() * ((float)options->iteration_time / 1000));
614
615         r = LUKS_set_key(device, keyIndex, password, passwordLen, &hdr, mk, backend);
616         if(r < 0) goto out;
617
618         r = 0;
619 out:
620         safe_free(password);
621         LUKS_dealloc_masterkey(mk);
622         return r;
623 }
624
625 static int luks_remove_helper(int arg, struct setup_backend *backend, struct crypt_options *options, int supply_it)
626 {
627         struct luks_masterkey *mk;
628         struct luks_phdr hdr;
629         char *password=NULL; 
630         unsigned int passwordLen;
631         const char *device = options->device;
632         int keyIndex;
633         int openedIndex;
634         int r;
635         if (!LUKS_device_ready(options->device, O_RDWR)) {
636             set_error("Can not access device");
637             r = -ENOTBLK; goto out;
638         }
639
640         if(supply_it) {
641             get_key("Enter LUKS passphrase to be deleted: ",&password,&passwordLen, 0, options->new_key_file, options->passphrase_fd, options->timeout, options->flags);
642             if(!password) {
643                     r = -EINVAL; goto out;
644             }
645             keyIndex = LUKS_open_any_key(device, password, passwordLen, &hdr, &mk, backend);
646             if(keyIndex < 0) {
647                     options->icb->log(CRYPT_LOG_ERROR,"No remaining key available with this passphrase.\n");
648                     r = -EPERM; goto out;
649             } else
650                 logger(options, CRYPT_LOG_NORMAL,"key slot %d selected for deletion.\n", keyIndex);
651             safe_free(password);
652         } else {
653             keyIndex = options->key_slot;
654         }
655
656         if(LUKS_is_last_keyslot(options->device, keyIndex) && 
657            !(options->icb->yesDialog(_("This is the last keyslot. Device will become unusable after purging this key.")))) {
658                 r = -EINVAL;
659                 goto out;
660         } 
661
662         if(options->flags & CRYPT_FLAG_VERIFY_ON_DELKEY) {
663                 options->flags &= ~CRYPT_FLAG_VERIFY_ON_DELKEY;
664                 get_key("Enter any remaining LUKS passphrase: ",&password,&passwordLen, 0, options->key_file, options->passphrase_fd, options->timeout, options->flags);
665                 if(!password) {
666                         r = -EINVAL; goto out;
667                 }
668                 openedIndex = LUKS_open_any_key(device, password, passwordLen, &hdr, &mk, backend);
669                 /* Clean up */
670                 if (openedIndex >= 0) {
671                         LUKS_dealloc_masterkey(mk);
672                         mk = NULL;
673                 }
674                 if(openedIndex < 0 || keyIndex == openedIndex) {
675                             options->icb->log(CRYPT_LOG_ERROR,"No remaining key available with this passphrase.\n");
676                             r = -EPERM; goto out;
677                 } else
678                         logger(options, CRYPT_LOG_NORMAL,"key slot %d verified.\n", keyIndex);
679         }
680         r = LUKS_del_key(device, keyIndex);
681         if(r < 0) goto out;
682
683         r = 0;
684 out:
685         safe_free(password);
686         return r;
687 }
688
689 static int __crypt_luks_kill_slot(int arg, struct setup_backend *backend, struct crypt_options *options) {
690         return luks_remove_helper(arg, backend, options, 0);
691 }
692
693 static int __crypt_luks_remove_key(int arg, struct setup_backend *backend, struct crypt_options *options) {
694         return luks_remove_helper(arg, backend, options, 1);
695 }
696
697
698 static int crypt_job(int (*job)(int arg, struct setup_backend *backend,
699                                 struct crypt_options *options),
700                      int arg, struct crypt_options *options)
701 {
702         struct setup_backend *backend;
703         int r;
704
705         backend = get_setup_backend(default_backend);
706
707         setup_enter(backend,options->icb->log);
708
709         if (!backend) {
710                 set_error("No setup backend available");
711                 r = -ENOSYS;
712                 goto out;
713         }
714
715         r = job(arg, backend, options);
716 out:
717         setup_leave(backend);
718         if (backend)
719                 put_setup_backend(backend);
720
721         if (r >= 0)
722                 set_error(NULL);
723
724         return r;
725 }
726
727 int crypt_create_device(struct crypt_options *options)
728 {
729         return crypt_job(__crypt_create_device, 0, options);
730 }
731
732 int crypt_update_device(struct crypt_options *options)
733 {
734         return crypt_job(__crypt_create_device, 1, options);
735 }
736
737 int crypt_resize_device(struct crypt_options *options)
738 {
739         return crypt_job(__crypt_resize_device, 0, options);
740 }
741
742 int crypt_query_device(struct crypt_options *options)
743 {
744         return crypt_job(__crypt_query_device, 1, options);
745 }
746
747 int crypt_remove_device(struct crypt_options *options)
748 {
749         return crypt_job(__crypt_remove_device, 0, options);
750
751 }
752
753 int crypt_luksFormat(struct crypt_options *options)
754 {
755         return crypt_job(__crypt_luks_format, 0, options);
756 }
757
758 int crypt_luksOpen(struct crypt_options *options)
759 {
760         return crypt_job(__crypt_luks_open, 0, options);
761 }
762
763 int crypt_luksKillSlot(struct crypt_options *options)
764 {
765         return crypt_job(__crypt_luks_kill_slot, 0, options);
766 }
767
768 int crypt_luksRemoveKey(struct crypt_options *options)
769 {
770         return crypt_job(__crypt_luks_remove_key, 0, options);
771 }
772
773 int crypt_luksAddKey(struct crypt_options *options)
774 {
775         return crypt_job(__crypt_luks_add_key, 0, options);
776 }
777
778 int crypt_luksUUID(struct crypt_options *options)
779 {
780         struct luks_phdr hdr;
781         int r;
782
783         r = LUKS_read_phdr(options->device,&hdr);
784         if(r < 0) return r;
785
786         options->icb->log(CRYPT_LOG_NORMAL,hdr.uuid);
787         options->icb->log(CRYPT_LOG_NORMAL,"\n");
788         return 0;
789 }
790
791 int crypt_isLuks(struct crypt_options *options)
792 {
793         struct luks_phdr hdr;
794         return LUKS_read_phdr(options->device,&hdr);
795 }
796
797 int crypt_luksDump(struct crypt_options *options)
798 {
799         struct luks_phdr hdr;
800         int r,i;
801
802         r = LUKS_read_phdr(options->device,&hdr);
803         if(r < 0) return r;
804
805         logger(options, CRYPT_LOG_NORMAL, "LUKS header information for %s\n\n",options->device);
806         logger(options, CRYPT_LOG_NORMAL, "Version:       \t%d\n",hdr.version);
807         logger(options, CRYPT_LOG_NORMAL, "Cipher name:   \t%s\n",hdr.cipherName);
808         logger(options, CRYPT_LOG_NORMAL, "Cipher mode:   \t%s\n",hdr.cipherMode);
809         logger(options, CRYPT_LOG_NORMAL, "Hash spec:     \t%s\n",hdr.hashSpec);
810         logger(options, CRYPT_LOG_NORMAL, "Payload offset:\t%d\n",hdr.payloadOffset);
811         logger(options, CRYPT_LOG_NORMAL, "MK bits:       \t%d\n",hdr.keyBytes*8);
812         logger(options, CRYPT_LOG_NORMAL, "MK digest:     \t");
813         hexprintICB(options, CRYPT_LOG_NORMAL, hdr.mkDigest,LUKS_DIGESTSIZE);
814         logger(options, CRYPT_LOG_NORMAL, "\n");
815         logger(options, CRYPT_LOG_NORMAL, "MK salt:       \t");
816         hexprintICB(options, CRYPT_LOG_NORMAL, hdr.mkDigestSalt,LUKS_SALTSIZE/2);
817         logger(options, CRYPT_LOG_NORMAL, "\n               \t");
818         hexprintICB(options, CRYPT_LOG_NORMAL, hdr.mkDigestSalt+LUKS_SALTSIZE/2,LUKS_SALTSIZE/2);
819         logger(options, CRYPT_LOG_NORMAL, "\n");
820         logger(options, CRYPT_LOG_NORMAL, "MK iterations: \t%d\n",hdr.mkDigestIterations);
821         logger(options, CRYPT_LOG_NORMAL, "UUID:          \t%s\n\n",hdr.uuid);
822         for(i=0;i<LUKS_NUMKEYS;i++) {
823                 if(hdr.keyblock[i].active == LUKS_KEY_ENABLED) {
824                         logger(options, CRYPT_LOG_NORMAL, "Key Slot %d: ENABLED\n",i);
825                         logger(options, CRYPT_LOG_NORMAL, "\tIterations:         \t%d\n",hdr.keyblock[i].passwordIterations);
826                         logger(options, CRYPT_LOG_NORMAL, "\tSalt:               \t");
827                         hexprintICB(options, CRYPT_LOG_NORMAL, hdr.keyblock[i].passwordSalt,LUKS_SALTSIZE/2);
828                         logger(options, CRYPT_LOG_NORMAL, "\n\t                      \t");
829                         hexprintICB(options, CRYPT_LOG_NORMAL, hdr.keyblock[i].passwordSalt+LUKS_SALTSIZE/2,LUKS_SALTSIZE/2);
830                         logger(options, CRYPT_LOG_NORMAL, "\n");
831
832                         logger(options, CRYPT_LOG_NORMAL, "\tKey material offset:\t%d\n",hdr.keyblock[i].keyMaterialOffset);
833                         logger(options, CRYPT_LOG_NORMAL, "\tAF stripes:            \t%d\n",hdr.keyblock[i].stripes);
834                 }               
835                 else 
836                         logger(options, CRYPT_LOG_NORMAL, "Key Slot %d: DISABLED\n",i);
837         }
838         return 0;
839 }
840
841
842 void crypt_get_error(char *buf, size_t size)
843 {
844         const char *error = get_error();
845
846         if (!buf || size < 1)
847                 set_error(NULL);
848         else if (error) {
849                 strncpy(buf, error, size - 1);
850                 buf[size - 1] = '\0';
851                 set_error(NULL);
852         } else
853                 buf[0] = '\0';
854 }
855
856 void crypt_put_options(struct crypt_options *options)
857 {
858         if (options->flags & CRYPT_FLAG_FREE_DEVICE) {
859                 free((char *)options->device);
860                 options->device = NULL;
861                 options->flags &= ~CRYPT_FLAG_FREE_DEVICE;
862         }
863         if (options->flags & CRYPT_FLAG_FREE_CIPHER) {
864                 free((char *)options->cipher);
865                 options->cipher = NULL;
866                 options->flags &= ~CRYPT_FLAG_FREE_CIPHER;
867         }
868 }
869
870 void crypt_set_default_backend(const char *backend)
871 {
872         if (default_backend)
873                 free(default_backend);
874         if (backend) 
875                 default_backend = strdup(backend);
876         else
877                 default_backend = NULL;
878 }
879
880 const char *crypt_get_dir(void)
881 {
882         struct setup_backend *backend;
883         const char *dir;
884
885         backend = get_setup_backend(default_backend);
886         if (!backend)
887                 return NULL;
888
889         dir = backend->dir();
890
891         put_setup_backend(backend);
892
893         return dir;
894 }
895
896 // Local Variables:
897 // c-basic-offset: 8
898 // indent-tabs-mode: nil
899 // End:
Domain: System / System Framework;