sprintf(&hexkey[i * 2], "%02x", (unsigned char)key[i]);
}
-static size_t hex_to_bytes(const char *hex, char *result)
-{
- char buf[3] = "xx\0", *endp;
- size_t i, len;
-
- len = strlen(hex) / 2;
- for (i = 0; i < len; i++) {
- memcpy(buf, &hex[i * 2], 2);
- result[i] = strtoul(buf, &endp, 16);
- if (endp != &buf[2])
- return -EINVAL;
- }
- return i;
-}
-
/* http://code.google.com/p/cryptsetup/wiki/DMCrypt */
static char *get_dm_crypt_params(struct crypt_dm_active_device *dmd)
{
struct crypt_params_verity *vp = NULL;
uint32_t val32;
uint64_t val64;
- size_t len;
+ ssize_t len;
char *str, *str2;
if (get_flags & DM_ACTIVE_VERITY_PARAMS)
str = strsep(¶ms, " ");
if (!params)
return -EINVAL;
- len = strlen(str) / 2;
+ len = crypt_hex_to_bytes(str, &str2, 0);
+ if (len < 0)
+ return len;
dmd->u.verity.root_hash_size = len;
- if (get_flags & DM_ACTIVE_VERITY_ROOT_HASH) {
- if (!(str2 = malloc(len)))
- return -ENOMEM;
- if (hex_to_bytes(str, str2) != len)
- return -EINVAL;
+ if (get_flags & DM_ACTIVE_VERITY_ROOT_HASH)
dmd->u.verity.root_hash = str2;
- }
+ else
+ free(str2);
/* salt */
str = strsep(¶ms, " ");
if (params)
return -EINVAL;
if (vp) {
- len = strlen(str) / 2;
- vp->salt_size = len;
- if (!(str2 = malloc(len)))
- return -ENOMEM;
- if (hex_to_bytes(str, str2) != len)
- return -EINVAL;
- vp->salt = str2;
+ if (!strcmp(str, "-")) {
+ vp->salt_size = 0;
+ vp->salt = NULL;
+ } else {
+ len = crypt_hex_to_bytes(str, &str2, 0);
+ if (len < 0)
+ return len;
+ vp->salt_size = len;
+ vp->salt = str2;
+ }
}
return 0;
crypt_safe_free(pass);
return r;
}
+
+ssize_t crypt_hex_to_bytes(const char *hex, char **result, int safe_alloc)
+{
+ char buf[3] = "xx\0", *endp, *bytes;
+ size_t i, len;
+
+ len = strlen(hex);
+ if (len % 2)
+ return -EINVAL;
+ len /= 2;
+
+ bytes = safe_alloc ? crypt_safe_alloc(len) : malloc(len);
+ if (!bytes)
+ return -ENOMEM;
+
+ for (i = 0; i < len; i++) {
+ memcpy(buf, &hex[i * 2], 2);
+ bytes[i] = strtoul(buf, &endp, 16);
+ if (endp != &buf[2]) {
+ safe_alloc ? crypt_safe_free(bytes) : free(bytes);
+ return -EINVAL;
+ }
+ }
+ *result = bytes;
+ return i;
+}
void crypt_safe_free(void *data);
void *crypt_safe_realloc(void *data, size_t size);
+ssize_t crypt_hex_to_bytes(const char *hex, char **result, int safe_alloc);
+
#endif /* _UTILS_CRYPT_H */
lib/verity/verity_hash.c
src/cryptsetup.c
src/veritysetup.c
+src/cryptsetup_reencrypt.c
if VERITYSETUP
veritysetup_SOURCES = \
+ $(top_builddir)/lib/utils_crypt.c \
$(top_builddir)/lib/utils_loop.c \
veritysetup.c \
cryptsetup.h
#include "libcryptsetup.h"
+#define CONST_CAST(x) (x)(uintptr_t)
+
#define DEFAULT_CIPHER(type) (DEFAULT_##type##_CIPHER "-" DEFAULT_##type##_MODE)
#define log_dbg(x...) clogger(NULL, CRYPT_LOG_DEBUG, __FILE__, __LINE__, x)
static const char **action_argv;
static int action_argc;
-static size_t hex_to_bytes(const char *hex, char **result)
-{
- char buf[3] = "xx\0", *endp, *bytes;
- size_t i, len;
-
- len = strlen(hex);
- if (len % 2)
- return -EINVAL;
- len /= 2;
-
- if (!(bytes = malloc(len)))
- return -ENOMEM;
-
- for (i = 0; i < len; i++) {
- memcpy(buf, &hex[i * 2], 2);
- bytes[i] = strtoul(buf, &endp, 16);
- if (endp != &buf[2]) {
- free(bytes);
- return -EINVAL;
- }
- }
- *result = bytes;
- return i;
-}
-
__attribute__((format(printf, 5, 6)))
static void clogger(struct crypt_device *cd, int level, const char *file,
int line, const char *format, ...)
params->salt_size = 0;
params->salt = NULL;
} else if (salt_string) {
- len = hex_to_bytes(salt_string, &salt);
+ len = crypt_hex_to_bytes(salt_string, &salt, 0);
if (len < 0) {
log_err(_("Invalid salt string specified.\n"));
return -EINVAL;
crypt_dump(cd);
out:
crypt_free(cd);
- free((char*)params.salt);
+ free(CONST_CAST(char*)params.salt);
return r;
}
struct crypt_params_verity params = {};
uint32_t activate_flags = CRYPT_ACTIVATE_READONLY;
char *root_hash_bytes = NULL;
- size_t hash_size;
+ ssize_t hash_size;
int r;
if ((r = crypt_init(&cd, hash_device)))
goto out;
hash_size = crypt_get_volume_key_size(cd);
- if (hex_to_bytes(root_hash, &root_hash_bytes) != hash_size) {
+ if (crypt_hex_to_bytes(root_hash, &root_hash_bytes, 0) != hash_size) {
log_err(_("Invalid root hash string specified.\n"));
r = -EINVAL;
goto out;
out:
crypt_free(cd);
free(root_hash_bytes);
- free((char*)params.salt);
+ free(CONST_CAST(char*)params.salt);
return r;
}
-TESTS = api-test compat-test loopaes-test align-test discards-test mode-test password-hash-test \
- verity-compat-test
+TESTS = api-test compat-test loopaes-test align-test discards-test mode-test password-hash-test
+
+if VERITYSETUP
+TESTS += verity-compat-test
+endif
if REENCRYPT
TESTS += reencryption-compat-test