X-Git-Url: http://review.tizen.org/git/?a=blobdiff_plain;f=lib%2Floopaes%2Floopaes.c;h=92090aabc649f282f933bb2528b989c5ca92dd04;hb=322b430a2589cdc7985e98a14ec12322b91c9d5e;hp=6ad965c1a1aa4d31c61bacc1fe4805604db9deec;hpb=929dc47be468ee4d2efdbfcb372fcc9201df7497;p=platform%2Fupstream%2Fcryptsetup.git diff --git a/lib/loopaes/loopaes.c b/lib/loopaes/loopaes.c index 6ad965c..92090aa 100644 --- a/lib/loopaes/loopaes.c +++ b/lib/loopaes/loopaes.c @@ -1,8 +1,8 @@ /* * loop-AES compatible volume handling * - * Copyright (C) 2011-2012, Red Hat, Inc. All rights reserved. - * Copyright (C) 2011-2012, Milan Broz + * Copyright (C) 2011-2020 Red Hat, Inc. All rights reserved. + * Copyright (C) 2011-2020 Milan Broz * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -75,24 +75,24 @@ static int hash_keys(struct crypt_device *cd, const char *hash_override, const char **input_keys, unsigned int keys_count, - unsigned int key_len_output) + unsigned int key_len_output, + unsigned int key_len_input) { const char *hash_name; char tweak, *key_ptr; - unsigned i, key_len_input; - int r; + unsigned int i; + int r = 0; hash_name = hash_override ?: get_hash(key_len_output); tweak = get_tweak(keys_count); - key_len_input = strlen(input_keys[0]); if (!keys_count || !key_len_output || !hash_name || !key_len_input) { - log_err(cd, _("Key processing error (using hash %s).\n"), + log_err(cd, _("Key processing error (using hash %s)."), hash_name ?: "[none]"); return -EINVAL; } - *vk = crypt_alloc_volume_key(key_len_output * keys_count, NULL); + *vk = crypt_alloc_volume_key((size_t)key_len_output * keys_count, NULL); if (!*vk) return -ENOMEM; @@ -134,15 +134,16 @@ int LOOPAES_parse_keyfile(struct crypt_device *cd, size_t buffer_len) { const char *keys[LOOPAES_KEYS_MAX]; - unsigned i, key_index, key_len, offset; + unsigned int key_lengths[LOOPAES_KEYS_MAX]; + unsigned int i, key_index, key_len, offset; - log_dbg("Parsing loop-AES keyfile of size %d.", buffer_len); + log_dbg(cd, "Parsing loop-AES keyfile of size %zu.", buffer_len); if (!buffer_len) return -EINVAL; if (keyfile_is_gpg(buffer, buffer_len)) { - log_err(cd, _("Detected not yet supported GPG encrypted keyfile.\n")); + log_err(cd, _("Detected not yet supported GPG encrypted keyfile.")); log_std(cd, _("Please use gpg --decrypt | cryptsetup --keyfile=- ...\n")); return -EINVAL; } @@ -154,33 +155,45 @@ int LOOPAES_parse_keyfile(struct crypt_device *cd, offset = 0; key_index = 0; + key_lengths[0] = 0; while (offset < buffer_len && key_index < LOOPAES_KEYS_MAX) { - keys[key_index++] = &buffer[offset]; - while (offset < buffer_len && buffer[offset]) + keys[key_index] = &buffer[offset]; + key_lengths[key_index] = 0;; + while (offset < buffer_len && buffer[offset]) { offset++; + key_lengths[key_index]++; + } + if (offset == buffer_len) { + log_dbg(cd, "Unterminated key #%d in keyfile.", key_index); + log_err(cd, _("Incompatible loop-AES keyfile detected.")); + return -EINVAL; + } while (offset < buffer_len && !buffer[offset]) offset++; + key_index++; } /* All keys must be the same length */ - key_len = key_index ? strlen(keys[0]) : 0; + key_len = key_lengths[0]; for (i = 0; i < key_index; i++) - if (key_len != strlen(keys[i])) { - log_dbg("Unexpected length %d of key #%d (should be %d).", - strlen(keys[i]), i, key_len); + if (!key_lengths[i] || (key_lengths[i] != key_len)) { + log_dbg(cd, "Unexpected length %d of key #%d (should be %d).", + key_lengths[i], i, key_len); key_len = 0; break; } - log_dbg("Keyfile: %d keys of length %d.", key_index, key_len); if (offset != buffer_len || key_len == 0 || (key_index != 1 && key_index !=64 && key_index != 65)) { - log_err(cd, _("Incompatible loop-AES keyfile detected.\n")); + log_err(cd, _("Incompatible loop-AES keyfile detected.")); return -EINVAL; } + log_dbg(cd, "Keyfile: %d keys of length %d.", key_index, key_len); + *keys_count = key_index; - return hash_keys(cd, vk, hash, keys, key_index, crypt_get_volume_key_size(cd)); + return hash_keys(cd, vk, hash, keys, key_index, + crypt_get_volume_key_size(cd), key_len); } int LOOPAES_activate(struct crypt_device *cd, @@ -190,25 +203,15 @@ int LOOPAES_activate(struct crypt_device *cd, struct volume_key *vk, uint32_t flags) { - char *cipher = NULL; - uint32_t req_flags; int r; + uint32_t req_flags, dmc_flags; + char *cipher = NULL; struct crypt_dm_active_device dmd = { - .target = DM_CRYPT, - .uuid = crypt_get_uuid(cd), - .size = 0, - .flags = flags, - .data_device = crypt_data_device(cd), - .u.crypt = { - .cipher = NULL, - .vk = vk, - .offset = crypt_get_data_offset(cd), - .iv_offset = crypt_get_iv_offset(cd), - } + .flags = flags, }; - r = device_block_adjust(cd, dmd.data_device, DEV_EXCL, - dmd.u.crypt.offset, &dmd.size, &dmd.flags); + r = device_block_adjust(cd, crypt_data_device(cd), DEV_EXCL, + crypt_get_data_offset(cd), &dmd.size, &dmd.flags); if (r) return r; @@ -222,17 +225,29 @@ int LOOPAES_activate(struct crypt_device *cd, if (r < 0) return -ENOMEM; - dmd.u.crypt.cipher = cipher; - log_dbg("Trying to activate loop-AES device %s using cipher %s.", - name, dmd.u.crypt.cipher); + r = dm_crypt_target_set(&dmd.segment, 0, dmd.size, crypt_data_device(cd), + vk, cipher, crypt_get_iv_offset(cd), + crypt_get_data_offset(cd), crypt_get_integrity(cd), + crypt_get_integrity_tag_size(cd), crypt_get_sector_size(cd)); + + if (r) { + free(cipher); + return r; + } + + log_dbg(cd, "Trying to activate loop-AES device %s using cipher %s.", + name, cipher); - r = dm_create_device(cd, name, CRYPT_LOOPAES, &dmd, 0); + r = dm_create_device(cd, name, CRYPT_LOOPAES, &dmd); - if (r < 0 && !(dm_flags() & req_flags)) { - log_err(cd, _("Kernel doesn't support loop-AES compatible mapping.\n")); + if (r < 0 && !dm_flags(cd, DM_CRYPT, &dmc_flags) && + (dmc_flags & req_flags) != req_flags) { + log_err(cd, _("Kernel does not support loop-AES compatible mapping.")); r = -ENOTSUP; } + dm_targets_free(cd, &dmd); free(cipher); + return r; }