X-Git-Url: http://review.tizen.org/git/?a=blobdiff_plain;f=src%2Fcryptsetup.c;h=252f03100ceebd3d947a51f2e9205b15bf8f81f3;hb=209f1db98499127f083e8c8628627e039ca0ffbc;hp=4592897a40ef8ace07232718e4743af3b8f30f21;hpb=80d21c039e784e6b693a5e78069816ca6f9b7939;p=platform%2Fupstream%2Fcryptsetup.git diff --git a/src/cryptsetup.c b/src/cryptsetup.c index 4592897..252f031 100644 --- a/src/cryptsetup.c +++ b/src/cryptsetup.c @@ -8,7 +8,8 @@ * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License - * version 2 as published by the Free Software Foundation. + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of @@ -57,7 +58,8 @@ static int opt_dump_master_key = 0; static int opt_shared = 0; static int opt_allow_discards = 0; static int opt_test_passphrase = 0; -static int opt_hidden = 0; +static int opt_tcrypt_hidden = 0; +static int opt_tcrypt_system = 0; static const char **action_argv; static int action_argc; @@ -105,13 +107,13 @@ static int action_open_plain(void) params.hash = NULL; if ((opt_keyfile_offset || opt_keyfile_size) && opt_key_file) - log_std(("Ignoring keyfile offset and size options, keyfile read " + log_std(_("Ignoring keyfile offset and size options, keyfile read " "size is always the same as encryption key size.\n")); r = crypt_parse_name_and_mode(opt_cipher ?: DEFAULT_CIPHER(PLAIN), cipher, NULL, cipher_mode); if (r < 0) { - log_err("No known cipher specification pattern detected.\n"); + log_err(_("No known cipher specification pattern detected.\n")); goto out; } @@ -126,6 +128,7 @@ static int action_open_plain(void) NULL, NULL, key_size, ¶ms); + check_signal(&r); if (r < 0) goto out; @@ -145,11 +148,11 @@ static int action_open_plain(void) params.hash ? 0 : key_size, 0, activate_flags); else { - r = crypt_get_key(_("Enter passphrase: "), + r = tools_get_key(_("Enter passphrase: "), &password, &passwordLen, opt_keyfile_offset, opt_keyfile_size, NULL, opt_timeout, - _verify_passphrase(0), + _verify_passphrase(0), 0, cd); if (r < 0) goto out; @@ -192,6 +195,7 @@ static int action_open_loopaes(void) r = crypt_format(cd, CRYPT_LOOPAES, opt_cipher ?: DEFAULT_LOOPAES_CIPHER, NULL, NULL, NULL, key_size, ¶ms); + check_signal(&r); if (r < 0) goto out; @@ -222,17 +226,21 @@ static int action_open_tcrypt(void) goto out; /* TCRYPT header is encrypted, get passphrase now */ - r = crypt_get_key(_("Enter passphrase: "), + r = tools_get_key(_("Enter passphrase: "), CONST_CAST(char**)¶ms.passphrase, ¶ms.passphrase_size, 0, 0, NULL, opt_timeout, - _verify_passphrase(0), cd); + _verify_passphrase(0), 0, cd); if (r < 0) goto out; - if (opt_hidden) + if (opt_tcrypt_hidden) params.flags |= CRYPT_TCRYPT_HIDDEN_HEADER; + if (opt_tcrypt_system) + params.flags |= CRYPT_TCRYPT_SYSTEM_HEADER; + r = crypt_load(cd, CRYPT_TCRYPT, ¶ms); + check_signal(&r); if (r < 0) goto out; @@ -242,6 +250,8 @@ static int action_open_tcrypt(void) if (activated_name) r = crypt_activate_by_volume_key(cd, activated_name, NULL, 0, flags); out: + if (r == -EPERM) + log_err(_("No device header detected with this passphrase.\n")); crypt_free(cd); crypt_safe_free(CONST_CAST(char*)params.passphrase); return r; @@ -303,17 +313,21 @@ static int action_tcryptDump(void) goto out; /* TCRYPT header is encrypted, get passphrase now */ - r = crypt_get_key(_("Enter passphrase: "), + r = tools_get_key(_("Enter passphrase: "), CONST_CAST(char**)¶ms.passphrase, ¶ms.passphrase_size, 0, 0, NULL, opt_timeout, - _verify_passphrase(0), cd); + _verify_passphrase(0), 0, cd); if (r < 0) goto out; - if (opt_hidden) + if (opt_tcrypt_hidden) params.flags |= CRYPT_TCRYPT_HIDDEN_HEADER; + if (opt_tcrypt_system) + params.flags |= CRYPT_TCRYPT_SYSTEM_HEADER; + r = crypt_load(cd, CRYPT_TCRYPT, ¶ms); + check_signal(&r); if (r < 0) goto out; @@ -322,6 +336,8 @@ static int action_tcryptDump(void) else r = crypt_dump(cd); out: + if (r == -EPERM) + log_err(_("No device header detected with this passphrase.\n")); crypt_free(cd); crypt_safe_free(CONST_CAST(char*)params.passphrase); return r; @@ -358,13 +374,12 @@ static int action_status(void) crypt_status_info ci; struct crypt_active_device cad; struct crypt_device *cd = NULL; - struct stat st; char *backing_file; const char *device; int path = 0, r = 0; /* perhaps a path, not a dm device name */ - if (strchr(action_argv[0], '/') && !stat(action_argv[0], &st)) + if (strchr(action_argv[0], '/')) path = 1; ci = crypt_status(NULL, action_argv[0]); @@ -460,6 +475,9 @@ static int action_benchmark(void) { "twofish", "xts", 64, 16 }, { NULL, NULL, 0, 0 } }; + static char *bkdfs[] = { + "sha1", "sha256", "sha512", "ripemd160", "whirlpool", NULL + }; char cipher[MAX_CIPHER_LEN], cipher_mode[MAX_CIPHER_LEN]; double enc_mbr = 0, dec_mbr = 0; int key_size = (opt_key_size ?: DEFAULT_PLAIN_KEYBITS); @@ -468,7 +486,7 @@ static int action_benchmark(void) char *c; int i, r; - log_std("# Tests are approximate using memory only (no storage IO).\n"); + log_std(_("# Tests are approximate using memory only (no storage IO).\n")); if (opt_hash) { r = action_benchmark_kdf(opt_hash); } else if (opt_cipher) { @@ -490,27 +508,29 @@ static int action_benchmark(void) key_size / 8, iv_size, buffer_size, &enc_mbr, &dec_mbr); if (!r) { - log_std("# Algorithm | Key | Encryption | Decryption\n"); + log_std(N_("# Algorithm | Key | Encryption | Decryption\n")); log_std("%8s-%s %4db %5.1f MiB/s %5.1f MiB/s\n", cipher, cipher_mode, key_size, enc_mbr, dec_mbr); } else if (r == -ENOENT) log_err(_("Cipher %s is not available.\n"), opt_cipher); } else { - action_benchmark_kdf("sha1"); - action_benchmark_kdf("sha256"); - action_benchmark_kdf("sha512"); - action_benchmark_kdf("ripemd160"); - action_benchmark_kdf("whirlpool"); + for (i = 0; bkdfs[i]; i++) { + r = action_benchmark_kdf(bkdfs[i]); + check_signal(&r); + if (r == -EINTR) + break; + } for (i = 0; bciphers[i].cipher; i++) { r = crypt_benchmark(NULL, bciphers[i].cipher, bciphers[i].mode, bciphers[i].key_size, bciphers[i].iv_size, buffer_size, &enc_mbr, &dec_mbr); - if (r == -ENOTSUP) + check_signal(&r); + if (r == -ENOTSUP || r == -EINTR) break; if (r == -ENOENT) skipped++; if (i == 0) - log_std("# Algorithm | Key | Encryption | Decryption\n"); + log_std(N_("# Algorithm | Key | Encryption | Decryption\n")); snprintf(cipher, MAX_CIPHER_LEN, "%s-%s", bciphers[i].cipher, bciphers[i].mode); @@ -525,9 +545,12 @@ static int action_benchmark(void) r = -ENOTSUP; } - if (r == -ENOTSUP) - log_err( _("Required kernel crypto interface not available.\n" - "Ensure you have algif_skcipher kernel module loaded.\n")); + if (r == -ENOTSUP) { + log_err(_("Required kernel crypto interface not available.\n")); +#ifdef ENABLE_AF_ALG + log_err( _("Ensure you have algif_skcipher kernel module loaded.\n")); +#endif + } return r; } @@ -541,11 +564,11 @@ static int _read_mk(const char *file, char **key, int keysize) fd = open(file, O_RDONLY); if (fd == -1) { - log_err("Cannot read keyfile %s.\n", file); + log_err(_("Cannot read keyfile %s.\n"), file); goto fail; } if ((read(fd, *key, keysize) != keysize)) { - log_err("Cannot read %d bytes from keyfile %s.\n", keysize, file); + log_err(_("Cannot read %d bytes from keyfile %s.\n"), keysize, file); close(fd); goto fail; } @@ -570,7 +593,7 @@ static int action_luksRepair(void) r = crypt_load(cd, CRYPT_LUKS1, NULL); crypt_set_log_callback(cd, tool_log, NULL); if (r == 0) { - log_verbose( _("No known problems detected for LUKS header.\n")); + log_verbose(_("No known problems detected for LUKS header.\n")); goto out; } @@ -634,9 +657,9 @@ static int action_luksFormat(void) else if (opt_urandom) crypt_set_rng_type(cd, CRYPT_RNG_URANDOM); - r = crypt_get_key(_("Enter LUKS passphrase: "), &password, &passwordLen, + r = tools_get_key(_("Enter LUKS passphrase: "), &password, &passwordLen, opt_keyfile_offset, opt_keyfile_size, opt_key_file, - opt_timeout, _verify_passphrase(1), cd); + opt_timeout, _verify_passphrase(1), 1, cd); if (r < 0) goto out; @@ -648,6 +671,7 @@ static int action_luksFormat(void) r = crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, opt_uuid, key, keysize, ¶ms); + check_signal(&r); if (r < 0) goto out; @@ -744,9 +768,9 @@ static int verify_keyslot(struct crypt_device *cd, int key_slot, if (ki == CRYPT_SLOT_ACTIVE_LAST && msg_last && !yesDialog(msg_last, NULL)) return -EPERM; - r = crypt_get_key(msg_pass, &password, &passwordLen, + r = tools_get_key(msg_pass, &password, &passwordLen, keyfile_offset, keyfile_size, key_file, opt_timeout, - _verify_passphrase(0), cd); + _verify_passphrase(0), 0, cd); if(r < 0) goto out; @@ -832,17 +856,18 @@ static int action_luksRemoveKey(void) if ((r = crypt_load(cd, CRYPT_LUKS1, NULL))) goto out; - r = crypt_get_key(_("Enter LUKS passphrase to be deleted: "), + r = tools_get_key(_("Enter LUKS passphrase to be deleted: "), &password, &passwordLen, opt_keyfile_offset, opt_keyfile_size, opt_key_file, opt_timeout, - _verify_passphrase(0), + _verify_passphrase(0), 0, cd); if(r < 0) goto out; r = crypt_activate_by_passphrase(cd, NULL, CRYPT_ANY_SLOT, password, passwordLen, 0); + check_signal(&r); if (r < 0) goto out; @@ -869,6 +894,8 @@ static int action_luksAddKey(void) int r = -EINVAL, keysize = 0; char *key = NULL; const char *opt_new_key_file = (action_argc > 1 ? action_argv[1] : NULL); + char *password = NULL, *password_new = NULL; + size_t password_size = 0, password_new_size = 0; struct crypt_device *cd = NULL; if ((r = crypt_init(&cd, uuid_or_device(action_argv[0])))) @@ -898,12 +925,35 @@ static int action_luksAddKey(void) opt_key_file, opt_keyfile_size, opt_keyfile_offset, opt_new_key_file, opt_new_keyfile_size, opt_new_keyfile_offset); } else { + r = tools_get_key(_("Enter any passphrase: "), + &password, &password_size, 0, 0, NULL, + opt_timeout, _verify_passphrase(0), 0, cd); + + if (r < 0) + goto out; + + /* Check password before asking for new one */ + r = crypt_activate_by_passphrase(cd, NULL, CRYPT_ANY_SLOT, + password, password_size, 0); + check_signal(&r); + if (r < 0) + goto out; + + r = tools_get_key(_("Enter new passphrase for key slot: "), + &password_new, &password_new_size, 0, 0, NULL, + opt_timeout, _verify_passphrase(0), 1, cd); + if (r < 0) + goto out; + r = crypt_keyslot_add_by_passphrase(cd, opt_key_slot, - NULL, 0, NULL, 0); + password, password_size, + password_new, password_new_size); } out: - crypt_free(cd); + crypt_safe_free(password); + crypt_safe_free(password_new); crypt_safe_free(key); + crypt_free(cd); return r; } @@ -924,24 +974,25 @@ static int action_luksChangeKey(void) if (opt_iteration_time) crypt_set_iteration_time(cd, opt_iteration_time); - r = crypt_get_key(_("Enter LUKS passphrase to be changed: "), + r = tools_get_key(_("Enter LUKS passphrase to be changed: "), &password, &password_size, opt_keyfile_offset, opt_keyfile_size, opt_key_file, - opt_timeout, _verify_passphrase(0), cd); + opt_timeout, _verify_passphrase(0), 0, cd); if (r < 0) goto out; /* Check password before asking for new one */ r = crypt_activate_by_passphrase(cd, NULL, opt_key_slot, password, password_size, 0); + check_signal(&r); if (r < 0) goto out; - r = crypt_get_key(_("Enter new LUKS passphrase: "), + r = tools_get_key(_("Enter new LUKS passphrase: "), &password_new, &password_new_size, opt_new_keyfile_offset, opt_new_keyfile_size, opt_new_key_file, - opt_timeout, _verify_passphrase(0), cd); + opt_timeout, _verify_passphrase(0), 1, cd); if (r < 0) goto out; @@ -1016,14 +1067,15 @@ static int luksDump_with_volume_key(struct crypt_device *cd) if (!vk) return -ENOMEM; - r = crypt_get_key(_("Enter LUKS passphrase: "), &password, &passwordLen, + r = tools_get_key(_("Enter LUKS passphrase: "), &password, &passwordLen, opt_keyfile_offset, opt_keyfile_size, opt_key_file, - opt_timeout, 0, cd); + opt_timeout, 0, 0, cd); if (r < 0) goto out; r = crypt_volume_key_get(cd, CRYPT_ANY_SLOT, vk, &vk_size, password, passwordLen); + check_signal(&r); if (r < 0) goto out; @@ -1272,6 +1324,7 @@ static int run_action(struct action_type *action) if (action->required_memlock) crypt_memory_lock(NULL, 1); + set_int_handler(0); r = action->handler(); if (action->required_memlock) @@ -1280,6 +1333,7 @@ static int run_action(struct action_type *action) /* Some functions returns keyslot # */ if (r > 0) r = 0; + check_signal(&r); show_status(r); return translate_errno(r); @@ -1328,8 +1382,10 @@ int main(int argc, const char **argv) { "allow-discards", '\0', POPT_ARG_NONE, &opt_allow_discards, 0, N_("Allow discards (aka TRIM) requests for device."), NULL }, { "header", '\0', POPT_ARG_STRING, &opt_header_device, 0, N_("Device or file with separated LUKS header."), NULL }, { "test-passphrase", '\0', POPT_ARG_NONE, &opt_test_passphrase, 0, N_("Do not activate device, just check passphrase."), NULL }, - { "hidden", '\0', POPT_ARG_NONE, &opt_hidden, 0, N_("Use hidden header (hidden TCRYPT device) ."), NULL }, - { "type", 'M', POPT_ARG_STRING, &opt_type, 0, N_("Type of device metadata: luks, plain, loopaes, tcrypt."), NULL }, + { "tcrypt-hidden", '\0', POPT_ARG_NONE, &opt_tcrypt_hidden, 0, N_("Use hidden header (hidden TCRYPT device)."), NULL }, + { "tcrypt-system", '\0', POPT_ARG_NONE, &opt_tcrypt_system, 0, N_("Device is system TCRYPT drive (with bootloader)."), NULL }, + { "type", 'M', POPT_ARG_STRING, &opt_type, 0, N_("Type of device metadata: luks, plain, loopaes, tcrypt."), NULL }, + { "force-password", '\0', POPT_ARG_NONE, &opt_force_password, 0, N_("Disable password quality check (if enabled)."), NULL }, POPT_TABLEEND }; poptContext popt_context; @@ -1529,10 +1585,10 @@ int main(int argc, const char **argv) _("Option --offset is supported only for open of plain and loopaes devices.\n"), poptGetInvocationName(popt_context)); - if (opt_hidden && strcmp(aname, "tcryptDump") && + if ((opt_tcrypt_hidden || opt_tcrypt_system) && strcmp(aname, "tcryptDump") && (strcmp(aname, "open") || strcmp(opt_type, "tcrypt"))) usage(popt_context, EXIT_FAILURE, - _("Option --hidden is supported only for TCRYPT device.\n"), + _("Option --tcrypt-hidden or --tcrypt-system is supported only for TCRYPT device.\n"), poptGetInvocationName(popt_context)); if (opt_debug) {