X-Git-Url: http://review.tizen.org/git/?a=blobdiff_plain;f=src%2Fcryptsetup.c;h=3e66975e84f25df0412d6340bccbde173fadfdb3;hb=c950cf265fbc57b103f6c4c51dc29044ecbee91e;hp=6fb3f8ef427341b4d0fb41a9c81a27f35564d1a1;hpb=bd494d23c5516f5b60ca031862373634d0aba64e;p=platform%2Fupstream%2Fcryptsetup.git diff --git a/src/cryptsetup.c b/src/cryptsetup.c index 6fb3f8e..3e66975 100644 --- a/src/cryptsetup.c +++ b/src/cryptsetup.c @@ -126,6 +126,7 @@ static int action_open_plain(void) NULL, NULL, key_size, ¶ms); + check_signal(&r); if (r < 0) goto out; @@ -145,11 +146,11 @@ static int action_open_plain(void) params.hash ? 0 : key_size, 0, activate_flags); else { - r = crypt_get_key(_("Enter passphrase: "), + r = tools_get_key(_("Enter passphrase: "), &password, &passwordLen, opt_keyfile_offset, opt_keyfile_size, NULL, opt_timeout, - _verify_passphrase(0), + _verify_passphrase(0), 0, cd); if (r < 0) goto out; @@ -192,6 +193,7 @@ static int action_open_loopaes(void) r = crypt_format(cd, CRYPT_LOOPAES, opt_cipher ?: DEFAULT_LOOPAES_CIPHER, NULL, NULL, NULL, key_size, ¶ms); + check_signal(&r); if (r < 0) goto out; @@ -222,10 +224,10 @@ static int action_open_tcrypt(void) goto out; /* TCRYPT header is encrypted, get passphrase now */ - r = crypt_get_key(_("Enter passphrase: "), + r = tools_get_key(_("Enter passphrase: "), CONST_CAST(char**)¶ms.passphrase, ¶ms.passphrase_size, 0, 0, NULL, opt_timeout, - _verify_passphrase(0), cd); + _verify_passphrase(0), 0, cd); if (r < 0) goto out; @@ -233,6 +235,7 @@ static int action_open_tcrypt(void) params.flags |= CRYPT_TCRYPT_HIDDEN_HEADER; r = crypt_load(cd, CRYPT_TCRYPT, ¶ms); + check_signal(&r); if (r < 0) goto out; @@ -303,10 +306,10 @@ static int action_tcryptDump(void) goto out; /* TCRYPT header is encrypted, get passphrase now */ - r = crypt_get_key(_("Enter passphrase: "), + r = tools_get_key(_("Enter passphrase: "), CONST_CAST(char**)¶ms.passphrase, ¶ms.passphrase_size, 0, 0, NULL, opt_timeout, - _verify_passphrase(0), cd); + _verify_passphrase(0), 0, cd); if (r < 0) goto out; @@ -314,6 +317,7 @@ static int action_tcryptDump(void) params.flags |= CRYPT_TCRYPT_HIDDEN_HEADER; r = crypt_load(cd, CRYPT_TCRYPT, ¶ms); + check_signal(&r); if (r < 0) goto out; @@ -460,6 +464,9 @@ static int action_benchmark(void) { "twofish", "xts", 64, 16 }, { NULL, NULL, 0, 0 } }; + static char *bkdfs[] = { + "sha1", "sha256", "sha512", "ripemd160", "whirlpool", NULL + }; char cipher[MAX_CIPHER_LEN], cipher_mode[MAX_CIPHER_LEN]; double enc_mbr = 0, dec_mbr = 0; int key_size = (opt_key_size ?: DEFAULT_PLAIN_KEYBITS); @@ -491,23 +498,23 @@ static int action_benchmark(void) &enc_mbr, &dec_mbr); if (!r) { log_std("# Algorithm | Key | Encryption | Decryption\n"); - strncat(cipher, "-", MAX_CIPHER_LEN); - strncat(cipher, cipher_mode, MAX_CIPHER_LEN); - log_std("%12s %4db %5.1f MiB/s %5.1f MiB/s\n", - cipher, key_size, enc_mbr, dec_mbr); + log_std("%8s-%s %4db %5.1f MiB/s %5.1f MiB/s\n", + cipher, cipher_mode, key_size, enc_mbr, dec_mbr); } else if (r == -ENOENT) log_err(_("Cipher %s is not available.\n"), opt_cipher); } else { - action_benchmark_kdf("sha1"); - action_benchmark_kdf("sha256"); - action_benchmark_kdf("sha512"); - action_benchmark_kdf("ripemd160"); - action_benchmark_kdf("whirlpool"); + for (i = 0; bkdfs[i]; i++) { + r = action_benchmark_kdf(bkdfs[i]); + check_signal(&r); + if (r == -EINTR) + break; + } for (i = 0; bciphers[i].cipher; i++) { r = crypt_benchmark(NULL, bciphers[i].cipher, bciphers[i].mode, bciphers[i].key_size, bciphers[i].iv_size, buffer_size, &enc_mbr, &dec_mbr); - if (r == -ENOTSUP) + check_signal(&r); + if (r == -ENOTSUP || r == -EINTR) break; if (r == -ENOENT) skipped++; @@ -636,9 +643,9 @@ static int action_luksFormat(void) else if (opt_urandom) crypt_set_rng_type(cd, CRYPT_RNG_URANDOM); - r = crypt_get_key(_("Enter LUKS passphrase: "), &password, &passwordLen, + r = tools_get_key(_("Enter LUKS passphrase: "), &password, &passwordLen, opt_keyfile_offset, opt_keyfile_size, opt_key_file, - opt_timeout, _verify_passphrase(1), cd); + opt_timeout, _verify_passphrase(1), 1, cd); if (r < 0) goto out; @@ -650,6 +657,7 @@ static int action_luksFormat(void) r = crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, opt_uuid, key, keysize, ¶ms); + check_signal(&r); if (r < 0) goto out; @@ -746,9 +754,9 @@ static int verify_keyslot(struct crypt_device *cd, int key_slot, if (ki == CRYPT_SLOT_ACTIVE_LAST && msg_last && !yesDialog(msg_last, NULL)) return -EPERM; - r = crypt_get_key(msg_pass, &password, &passwordLen, + r = tools_get_key(msg_pass, &password, &passwordLen, keyfile_offset, keyfile_size, key_file, opt_timeout, - _verify_passphrase(0), cd); + _verify_passphrase(0), 0, cd); if(r < 0) goto out; @@ -834,17 +842,18 @@ static int action_luksRemoveKey(void) if ((r = crypt_load(cd, CRYPT_LUKS1, NULL))) goto out; - r = crypt_get_key(_("Enter LUKS passphrase to be deleted: "), + r = tools_get_key(_("Enter LUKS passphrase to be deleted: "), &password, &passwordLen, opt_keyfile_offset, opt_keyfile_size, opt_key_file, opt_timeout, - _verify_passphrase(0), + _verify_passphrase(0), 0, cd); if(r < 0) goto out; r = crypt_activate_by_passphrase(cd, NULL, CRYPT_ANY_SLOT, password, passwordLen, 0); + check_signal(&r); if (r < 0) goto out; @@ -871,6 +880,8 @@ static int action_luksAddKey(void) int r = -EINVAL, keysize = 0; char *key = NULL; const char *opt_new_key_file = (action_argc > 1 ? action_argv[1] : NULL); + char *password = NULL, *password_new = NULL; + size_t password_size = 0, password_new_size = 0; struct crypt_device *cd = NULL; if ((r = crypt_init(&cd, uuid_or_device(action_argv[0])))) @@ -900,33 +911,45 @@ static int action_luksAddKey(void) opt_key_file, opt_keyfile_size, opt_keyfile_offset, opt_new_key_file, opt_new_keyfile_size, opt_new_keyfile_offset); } else { + r = tools_get_key(_("Enter any passphrase: "), + &password, &password_size, 0, 0, NULL, + opt_timeout, _verify_passphrase(0), 0, cd); + + if (r < 0) + goto out; + + /* Check password before asking for new one */ + r = crypt_activate_by_passphrase(cd, NULL, CRYPT_ANY_SLOT, + password, password_size, 0); + check_signal(&r); + if (r < 0) + goto out; + + r = tools_get_key(_("Enter new passphrase for key slot: "), + &password_new, &password_new_size, 0, 0, NULL, + opt_timeout, _verify_passphrase(0), 1, cd); + if (r < 0) + goto out; + r = crypt_keyslot_add_by_passphrase(cd, opt_key_slot, - NULL, 0, NULL, 0); + password, password_size, + password_new, password_new_size); } out: - crypt_free(cd); + crypt_safe_free(password); + crypt_safe_free(password_new); crypt_safe_free(key); + crypt_free(cd); return r; } -static int _slots_full(struct crypt_device *cd) -{ - int i; - - for (i = 0; i < crypt_keyslot_max(crypt_get_type(cd)); i++) - if (crypt_keyslot_status(cd, i) == CRYPT_SLOT_INACTIVE) - return 0; - return 1; -} - static int action_luksChangeKey(void) { const char *opt_new_key_file = (action_argc > 1 ? action_argv[1] : NULL); struct crypt_device *cd = NULL; - char *vk = NULL, *password = NULL; - size_t passwordLen = 0; - size_t vk_size; - int new_key_slot, old_key_slot, r; + char *password = NULL, *password_new = NULL; + size_t password_size = 0, password_new_size = 0; + int r; if ((r = crypt_init(&cd, uuid_or_device(action_argv[0])))) goto out; @@ -937,72 +960,33 @@ static int action_luksChangeKey(void) if (opt_iteration_time) crypt_set_iteration_time(cd, opt_iteration_time); - r = crypt_get_key(_("Enter LUKS passphrase to be changed: "), - &password, &passwordLen, + r = tools_get_key(_("Enter LUKS passphrase to be changed: "), + &password, &password_size, opt_keyfile_offset, opt_keyfile_size, opt_key_file, - opt_timeout, _verify_passphrase(0), cd); + opt_timeout, _verify_passphrase(0), 0, cd); if (r < 0) goto out; - vk_size = crypt_get_volume_key_size(cd); - vk = crypt_safe_alloc(vk_size); - if (!vk) { - r = -ENOMEM; - goto out; - } - - r = crypt_volume_key_get(cd, opt_key_slot, vk, &vk_size, - password, passwordLen); - if (r < 0) { - if (opt_key_slot != CRYPT_ANY_SLOT) - log_err(_("No key available with this passphrase.\n")); + /* Check password before asking for new one */ + r = crypt_activate_by_passphrase(cd, NULL, opt_key_slot, + password, password_size, 0); + check_signal(&r); + if (r < 0) goto out; - } - - if (opt_key_slot != CRYPT_ANY_SLOT || _slots_full(cd)) { - log_dbg("Key slot %d is going to be overwritten (%s).", - r, opt_key_slot != CRYPT_ANY_SLOT ? - "explicit key slot specified" : "no free key slot"); - old_key_slot = r; - new_key_slot = r; - } else { - log_dbg("Allocating new key slot."); - old_key_slot = r; - new_key_slot = CRYPT_ANY_SLOT; - } - crypt_safe_free(password); - password = NULL; - passwordLen = 0; - r = crypt_get_key(_("Enter new LUKS passphrase: "), - &password, &passwordLen, + r = tools_get_key(_("Enter new LUKS passphrase: "), + &password_new, &password_new_size, opt_new_keyfile_offset, opt_new_keyfile_size, opt_new_key_file, - opt_timeout, _verify_passphrase(0), cd); + opt_timeout, _verify_passphrase(0), 1, cd); if (r < 0) goto out; - if (new_key_slot == old_key_slot) { - (void)crypt_keyslot_destroy(cd, old_key_slot); - r = crypt_keyslot_add_by_volume_key(cd, new_key_slot, - vk, vk_size, - password, passwordLen); - if (r >= 0) - log_verbose(_("Key slot %d changed.\n"), r); - } else { - r = crypt_keyslot_add_by_volume_key(cd, CRYPT_ANY_SLOT, - vk, vk_size, - password, passwordLen); - if (r >= 0) { - log_verbose(_("Replaced with key slot %d.\n"), r); - r = crypt_keyslot_destroy(cd, old_key_slot); - } - } - if (r < 0) - log_err(_("Failed to swap new key slot.\n")); + r = crypt_keyslot_change_by_passphrase(cd, opt_key_slot, opt_key_slot, + password, password_size, password_new, password_new_size); out: - crypt_safe_free(vk); crypt_safe_free(password); + crypt_safe_free(password_new); crypt_free(cd); return r; } @@ -1069,14 +1053,15 @@ static int luksDump_with_volume_key(struct crypt_device *cd) if (!vk) return -ENOMEM; - r = crypt_get_key(_("Enter LUKS passphrase: "), &password, &passwordLen, + r = tools_get_key(_("Enter LUKS passphrase: "), &password, &passwordLen, opt_keyfile_offset, opt_keyfile_size, opt_key_file, - opt_timeout, 0, cd); + opt_timeout, 0, 0, cd); if (r < 0) goto out; r = crypt_volume_key_get(cd, CRYPT_ANY_SLOT, vk, &vk_size, password, passwordLen); + check_signal(&r); if (r < 0) goto out; @@ -1325,6 +1310,7 @@ static int run_action(struct action_type *action) if (action->required_memlock) crypt_memory_lock(NULL, 1); + set_int_handler(0); r = action->handler(); if (action->required_memlock) @@ -1333,6 +1319,7 @@ static int run_action(struct action_type *action) /* Some functions returns keyslot # */ if (r > 0) r = 0; + check_signal(&r); show_status(r); return translate_errno(r);