From ab0f7346bca4a654a0dff747b5322db846a0eeb3 Mon Sep 17 00:00:00 2001 From: Milan Broz Date: Thu, 7 Jun 2012 14:51:42 +0200 Subject: [PATCH] Fix some strings, fix sb_offset. --- lib/verity/verity.c | 27 ++++++++++++--------------- lib/verity/verity.h | 4 ++-- lib/verity/verity_hash.c | 36 +++++++++++++++--------------------- src/veritysetup.c | 2 +- 4 files changed, 30 insertions(+), 39 deletions(-) diff --git a/lib/verity/verity.c b/lib/verity/verity.c index 0dd268f..1bbd8d5 100644 --- a/lib/verity/verity.c +++ b/lib/verity/verity.c @@ -33,16 +33,16 @@ /* Read verity superblock from disk */ int VERITY_read_sb(struct crypt_device *cd, const char *device, - size_t sb_offset, + uint64_t sb_offset, struct crypt_params_verity *params) { struct verity_sb sb = {}; ssize_t hdr_size = sizeof(struct verity_sb); int devfd = 0; - long long sb_data_blocks; + uint64_t sb_data_blocks; - log_dbg("Reading VERITY header of size %d on device %s, offset %u.", - sizeof(struct verity_sb), device, (unsigned)sb_offset); + log_dbg("Reading VERITY header of size %u on device %s, offset %" PRIu64 ".", + sizeof(struct verity_sb), device, sb_offset); devfd = open(device ,O_RDONLY | O_DIRECT); if(devfd == -1) { @@ -75,22 +75,19 @@ int VERITY_read_sb(struct crypt_device *cd, return -EINVAL; } - sb_data_blocks = ((unsigned long long)ntohl(sb.data_blocks_hi) << 31 << 1) | + sb_data_blocks = ((uint64_t)ntohl(sb.data_blocks_hi) << 31 << 1) | ntohl(sb.data_blocks_lo); - if (sb_data_blocks < 0 || - (off_t)sb_data_blocks < 0 || - (off_t)sb_data_blocks != sb_data_blocks) { - log_err(cd, _("VERITY header data block size mismatch.\n")); - return -EINVAL; - } - // FIXME alloc error params->hash_name = strdup((const char*)sb.algorithm); + if (!params->hash_name) + return -ENOMEM; params->data_block_size = 1 << sb.data_block_bits; params->hash_block_size = 1 << sb.hash_block_bits; params->data_size = sb_data_blocks; params->salt_size = ntohs(sb.salt_size); params->salt = malloc(params->salt_size); + if (!params->salt) + return -ENOMEM; memcpy(CONST_CAST(char*)params->salt, sb.salt, params->salt_size); params->hash_area_offset = sb_offset; params->version = sb.version; @@ -101,15 +98,15 @@ int VERITY_read_sb(struct crypt_device *cd, /* Write verity superblock to disk */ int VERITY_write_sb(struct crypt_device *cd, const char *device, - size_t sb_offset, + uint64_t sb_offset, struct crypt_params_verity *params) { struct verity_sb sb = {}; ssize_t hdr_size = sizeof(struct verity_sb); int r, devfd = 0; - log_dbg("Updating VERITY header of size %d on device %s, offset %u.", - sizeof(struct verity_sb), device, (unsigned)sb_offset); + log_dbg("Updating VERITY header of size %u on device %s, offset %" PRIu64 ".", + sizeof(struct verity_sb), device, sb_offset); devfd = open(device, O_RDWR | O_DIRECT); if(devfd == -1) { diff --git a/lib/verity/verity.h b/lib/verity/verity.h index 63ecfb9..a223490 100644 --- a/lib/verity/verity.h +++ b/lib/verity/verity.h @@ -48,12 +48,12 @@ struct verity_sb { int VERITY_read_sb(struct crypt_device *cd, const char *device, - size_t sb_offset, + uint64_t sb_offset, struct crypt_params_verity *params); int VERITY_write_sb(struct crypt_device *cd, const char *device, - size_t sb_offset, + uint64_t sb_offset, struct crypt_params_verity *params); int VERITY_activate(struct crypt_device *cd, diff --git a/lib/verity/verity_hash.c b/lib/verity/verity_hash.c index 0b96cff..39086b7 100644 --- a/lib/verity/verity_hash.c +++ b/lib/verity/verity_hash.c @@ -51,7 +51,7 @@ static int verify_zero(struct crypt_device *cd, FILE *wr, size_t bytes) return -EIO; for (i = 0; i < bytes; i++) if (block[i]) { - log_err(cd, "spare area is not zeroed at position %" PRIu64 "\n", + log_err(cd, _("Spare area is not zeroed at position %" PRIu64 ".\n"), ftello(wr) - bytes); return -EPERM; } @@ -129,7 +129,7 @@ static int create_or_verify(struct crypt_device *cd, FILE *rd, FILE *wr, if (fread(read_digest, digest_size, 1, wr) != 1) return -EIO; if (memcmp(read_digest, calculated_digest, digest_size)) { - log_err(cd, "verification failed at position %" PRIu64 "\n", + log_err(cd, _("Verification failed at position %" PRIu64 ".\n"), ftello(rd) - data_block_size); return -EPERM; } @@ -205,10 +205,8 @@ static int VERITY_create_or_verify_hash(struct crypt_device *cd, hash_per_block_bits = get_bits_down(hash_block_size / digest_size); hash_per_block = 1 << hash_per_block_bits; - if (!hash_per_block_bits) { - log_err(cd, "at least two hashes must fit in a hash file block\n"); + if (!hash_per_block_bits) return -EINVAL; - } levels = 0; if (data_file_blocks) { @@ -218,7 +216,7 @@ static int VERITY_create_or_verify_hash(struct crypt_device *cd, } if (levels > VERITY_MAX_LEVELS) { - log_err(cd, "too many tree levels\n"); + log_err(cd, _("Too many tree levels for verity volume.\n")); return -EINVAL; } @@ -231,7 +229,7 @@ static int VERITY_create_or_verify_hash(struct crypt_device *cd, if (hash_position + s < hash_position || (hash_position + s) < 0 || (hash_position + s) != hash_position + s) { - log_err(cd, "hash device offset overflow\n"); + log_dbg("Hash device offset overflow."); return -EINVAL; } hash_position += s; @@ -239,14 +237,14 @@ static int VERITY_create_or_verify_hash(struct crypt_device *cd, data_file = fopen(data_device, "r"); if (!data_file) { - log_err(cd, "Cannot open %s.\n", data_device); + log_err(cd, _("Cannot open device %s.\n"), data_device); r = -EIO; goto out; } hash_file = fopen(hash_device, verify ? "r" : "r+"); if (!hash_file) { - log_err(cd, "Cannot open %s.\n", hash_device); + log_err(cd, _("Cannot open device %s.\n"), hash_device); r = -EIO; goto out; } @@ -292,19 +290,19 @@ static int VERITY_create_or_verify_hash(struct crypt_device *cd, data_file_blocks, version, hash_name, verify, calculated_digest, digest_size, salt, salt_size); - if (r) { - log_err(cd, "Hash of data area verification failed.\n"); + if (r == -EPERM) { + log_err(cd, _("Verification of data area failed.\n")); goto out; - } else - log_dbg("Hash of data area successfully verified."); + } else if (!r) + log_dbg("Verification of data area succeeded."); /* root hash verification */ if (verify) { r = memcmp(root_hash, calculated_digest, digest_size) ? -EPERM : 0; if (r) - log_err(cd, "Root hash verification failed.\n"); + log_err(cd, _("Verification of root hash failed.\n")); else - log_dbg("Root hash successfully verified."); + log_dbg("Verification of root hash succeeded."); } else { fsync(fileno(hash_file)); memcpy(root_hash, calculated_digest, digest_size); @@ -325,7 +323,7 @@ int VERITY_verify(struct crypt_device *cd, const char *root_hash, size_t root_hash_size) { - int r = VERITY_create_or_verify_hash(cd, 1, + return VERITY_create_or_verify_hash(cd, 1, verity_hdr->version, verity_hdr->hash_name, hash_device, @@ -338,13 +336,9 @@ int VERITY_verify(struct crypt_device *cd, root_hash_size, verity_hdr->salt, verity_hdr->salt_size); - - if (r == -EPERM) - log_err(cd, "Userspace hash verification failed.\n"); - - return r; } +/* Create verity hash */ int VERITY_create(struct crypt_device *cd, struct crypt_params_verity *verity_hdr, const char *data_device, diff --git a/src/veritysetup.c b/src/veritysetup.c index 3a0f07a..2ad27c4 100644 --- a/src/veritysetup.c +++ b/src/veritysetup.c @@ -19,12 +19,12 @@ /* TODO: * - init_by_name() - * - check translations * - support device without superblock * - audit alloc errors / error path * - change command names (cryptsetup style) * - extend superblock (UUID) * - warn if block_size > PAGE_SIZE + * - configure.in/config.h defaults */ #include -- 2.7.4