X-Git-Url: http://review.tizen.org/git/?a=blobdiff_plain;f=lib%2Floopaes%2Floopaes.c;h=92090aabc649f282f933bb2528b989c5ca92dd04;hb=d87cc55290ee7fbfb979d944a07dbe4c751d2b16;hp=e6fe82748c81009dbb31b1bdaf120337ca274c48;hpb=d44d07c9eb88aa93e77f9cc69a83bad32a946f76;p=platform%2Fupstream%2Fcryptsetup.git

diff --git a/lib/loopaes/loopaes.c b/lib/loopaes/loopaes.c
index e6fe827..92090aa 100644
--- a/lib/loopaes/loopaes.c
+++ b/lib/loopaes/loopaes.c
@@ -1,20 +1,22 @@
 /*
  * loop-AES compatible volume handling
  *
- * Copyright (C) 2011, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2011-2020 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2011-2020 Milan Broz
  *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * version 2 as published by the Free Software Foundation.
+ * This file is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
  *
- * This program is distributed in the hope that it will be useful,
+ * This file is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
  *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this file; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
 #include <errno.h>
@@ -22,8 +24,9 @@
 #include <stdlib.h>
 #include <string.h>
 
-#include "crypto_backend.h"
+#include "libcryptsetup.h"
 #include "loopaes.h"
+#include "internal.h"
 
 static const char *get_hash(unsigned int key_size)
 {
@@ -72,24 +75,24 @@ static int hash_keys(struct crypt_device *cd,
 		     const char *hash_override,
 		     const char **input_keys,
 		     unsigned int keys_count,
-		     unsigned int key_len_output)
+		     unsigned int key_len_output,
+		     unsigned int key_len_input)
 {
 	const char *hash_name;
 	char tweak, *key_ptr;
-	unsigned i, key_len_input;
-	int r;
+	unsigned int i;
+	int r = 0;
 
 	hash_name = hash_override ?: get_hash(key_len_output);
 	tweak = get_tweak(keys_count);
-	key_len_input = strlen(input_keys[0]);
 
 	if (!keys_count || !key_len_output || !hash_name || !key_len_input) {
-		log_err(cd, _("Key processing error (using hash %s).\n"),
+		log_err(cd, _("Key processing error (using hash %s)."),
 			hash_name ?: "[none]");
 		return -EINVAL;
 	}
 
-	*vk = crypt_alloc_volume_key(key_len_output * keys_count, NULL);
+	*vk = crypt_alloc_volume_key((size_t)key_len_output * keys_count, NULL);
 	if (!*vk)
 		return -ENOMEM;
 
@@ -131,15 +134,16 @@ int LOOPAES_parse_keyfile(struct crypt_device *cd,
 			  size_t buffer_len)
 {
 	const char *keys[LOOPAES_KEYS_MAX];
-	unsigned i, key_index, key_len, offset;
+	unsigned int key_lengths[LOOPAES_KEYS_MAX];
+	unsigned int i, key_index, key_len, offset;
 
-	log_dbg("Parsing loop-AES keyfile of size %d.", buffer_len);
+	log_dbg(cd, "Parsing loop-AES keyfile of size %zu.", buffer_len);
 
 	if (!buffer_len)
 		return -EINVAL;
 
 	if (keyfile_is_gpg(buffer, buffer_len)) {
-		log_err(cd, _("Detected not yet supported GPG encrypted keyfile.\n"));
+		log_err(cd, _("Detected not yet supported GPG encrypted keyfile."));
 		log_std(cd, _("Please use gpg --decrypt <KEYFILE> | cryptsetup --keyfile=- ...\n"));
 		return -EINVAL;
 	}
@@ -151,33 +155,45 @@ int LOOPAES_parse_keyfile(struct crypt_device *cd,
 
 	offset = 0;
 	key_index = 0;
+	key_lengths[0] = 0;
 	while (offset < buffer_len && key_index < LOOPAES_KEYS_MAX) {
-		keys[key_index++] = &buffer[offset];
-		while (offset < buffer_len && buffer[offset])
+		keys[key_index] = &buffer[offset];
+		key_lengths[key_index] = 0;;
+		while (offset < buffer_len && buffer[offset]) {
 			offset++;
+			key_lengths[key_index]++;
+		}
+		if (offset == buffer_len) {
+			log_dbg(cd, "Unterminated key #%d in keyfile.", key_index);
+			log_err(cd, _("Incompatible loop-AES keyfile detected."));
+			return -EINVAL;
+		}
 		while (offset < buffer_len && !buffer[offset])
 			offset++;
+		key_index++;
 	}
 
 	/* All keys must be the same length */
-	key_len = key_index ? strlen(keys[0]) : 0;
+	key_len = key_lengths[0];
 	for (i = 0; i < key_index; i++)
-		if (key_len != strlen(keys[i])) {
-			log_dbg("Unexpected length %d of key #%d (should be %d).",
-				strlen(keys[i]), i, key_len);
+		if (!key_lengths[i] || (key_lengths[i] != key_len)) {
+			log_dbg(cd, "Unexpected length %d of key #%d (should be %d).",
+				key_lengths[i], i, key_len);
 			key_len = 0;
 			break;
 		}
 
-	log_dbg("Keyfile: %d keys of length %d.", key_index, key_len);
 	if (offset != buffer_len || key_len == 0 ||
 	   (key_index != 1 && key_index !=64 && key_index != 65)) {
-		log_err(cd, _("Incompatible loop-AES keyfile detected.\n"));
+		log_err(cd, _("Incompatible loop-AES keyfile detected."));
 		return -EINVAL;
 	}
 
+	log_dbg(cd, "Keyfile: %d keys of length %d.", key_index, key_len);
+
 	*keys_count = key_index;
-	return hash_keys(cd, vk, hash, keys, key_index, crypt_get_volume_key_size(cd));
+	return hash_keys(cd, vk, hash, keys, key_index,
+			 crypt_get_volume_key_size(cd), key_len);
 }
 
 int LOOPAES_activate(struct crypt_device *cd,
@@ -185,22 +201,17 @@ int LOOPAES_activate(struct crypt_device *cd,
 		     const char *base_cipher,
 		     unsigned int keys_count,
 		     struct volume_key *vk,
-		     uint64_t offset,
-		     uint64_t skip,
 		     uint32_t flags)
 {
-	uint64_t size;
-	uint32_t req_flags;
-	char *cipher;
-	const char *device;
-	int read_only, r;
-
-	size = 0;
-	/* Initial IV (skip) is always the same as offset */
-	device = crypt_get_device_name(cd);
-	read_only = flags & CRYPT_ACTIVATE_READONLY;
-
-	r = device_check_and_adjust(cd, device, DEV_EXCL, &size, &offset, &read_only);
+	int r;
+	uint32_t req_flags, dmc_flags;
+	char *cipher = NULL;
+	struct crypt_dm_active_device dmd = {
+		.flags = flags,
+	};
+
+	r = device_block_adjust(cd, crypt_data_device(cd), DEV_EXCL,
+				crypt_get_data_offset(cd), &dmd.size, &dmd.flags);
 	if (r)
 		return r;
 
@@ -214,18 +225,29 @@ int LOOPAES_activate(struct crypt_device *cd,
 	if (r < 0)
 		return -ENOMEM;
 
-	log_dbg("Trying to activate loop-AES device %s using cipher %s.", name, cipher);
-	r = dm_create_device(name, device,
-			     cipher, CRYPT_LOOPAES,
-			     crypt_get_uuid(cd),
-			     size, skip, offset, vk->keylength, vk->key,
-			     read_only, 0);
+	r = dm_crypt_target_set(&dmd.segment, 0, dmd.size, crypt_data_device(cd),
+			vk, cipher, crypt_get_iv_offset(cd),
+			crypt_get_data_offset(cd), crypt_get_integrity(cd),
+			crypt_get_integrity_tag_size(cd), crypt_get_sector_size(cd));
 
-	if (!r && !(dm_flags() & req_flags)) {
-		log_err(cd, _("Kernel doesn't support loop-AES compatible mapping.\n"));
+	if (r) {
+		free(cipher);
+		return r;
+	}
+
+	log_dbg(cd, "Trying to activate loop-AES device %s using cipher %s.",
+		name, cipher);
+
+	r = dm_create_device(cd, name, CRYPT_LOOPAES, &dmd);
+
+	if (r < 0 && !dm_flags(cd, DM_CRYPT, &dmc_flags) &&
+	    (dmc_flags & req_flags) != req_flags) {
+		log_err(cd, _("Kernel does not support loop-AES compatible mapping."));
 		r = -ENOTSUP;
 	}
 
+	dm_targets_free(cd, &dmd);
 	free(cipher);
+
 	return r;
 }