From fcf5b414d656aab2f803fb2e7f100edd57ac0698 Mon Sep 17 00:00:00 2001 From: Milan Broz Date: Sat, 9 Jun 2012 11:54:10 +0200 Subject: [PATCH] Remove redundant flags. --- lib/setup.c | 18 +++++++++--------- lib/verity/verity.c | 16 +++++++++++++--- lib/verity/verity.h | 2 +- src/veritysetup.c | 1 + 4 files changed, 24 insertions(+), 13 deletions(-) diff --git a/lib/setup.c b/lib/setup.c index 21053fd..32b39e0 100644 --- a/lib/setup.c +++ b/lib/setup.c @@ -67,7 +67,6 @@ struct crypt_device { /* used in CRYPT_VERITY */ struct crypt_params_verity verity_hdr; - uint32_t verity_flags; char *verity_root_hash; uint64_t verity_root_hash_size; @@ -663,7 +662,7 @@ static int _crypt_load_verity(struct crypt_device *cd, struct crypt_params_verit return r; if (params) - cd->verity_flags = params->flags; + cd->verity_hdr.flags = params->flags; if (params && params->data_device && (r = crypt_set_data_device(cd, params->data_device)) < 0) @@ -763,7 +762,7 @@ static int _init_by_name_verity(struct crypt_device *cd, const char *name) goto out; if (isVERITY(cd->type)) { - cd->verity_flags = CRYPT_VERITY_NO_HEADER; //FIXME + cd->verity_hdr.flags = CRYPT_VERITY_NO_HEADER; //FIXME //cd->verity_uuid = dmd.uuid ? strdup(dmd.uuid) : NULL; cd->verity_hdr.data_size = params.data_size; cd->verity_root_hash_size = dmd.u.verity.root_hash_size; @@ -1034,7 +1033,7 @@ static int _crypt_format_verity(struct crypt_device *cd, if (params->version > 1) return -EINVAL; - /* set dat device */ + /* set data device */ cd->type = CRYPT_VERITY; r = crypt_set_data_device(cd, params->data_device); cd->type = NULL; @@ -1054,11 +1053,11 @@ static int _crypt_format_verity(struct crypt_device *cd, if (!cd->verity_root_hash_size) return -EINVAL; - cd->verity_flags = params->flags; cd->verity_root_hash = malloc(cd->verity_root_hash_size); if (!cd->verity_root_hash) return -ENOMEM; + cd->verity_hdr.flags = params->flags; cd->verity_hdr.hash_name = strdup(params->hash_name); cd->verity_hdr.data_device = NULL; cd->verity_hdr.data_block_size = params->data_block_size; @@ -1083,9 +1082,10 @@ static int _crypt_format_verity(struct crypt_device *cd, if (r) goto out; - r = VERITY_write_sb(cd, mdata_device(cd), - cd->verity_hdr.hash_area_offset, - &cd->verity_hdr); + if (!(params->flags & CRYPT_VERITY_NO_HEADER)) + r = VERITY_write_sb(cd, mdata_device(cd), + cd->verity_hdr.hash_area_offset, + &cd->verity_hdr); out: if (r) { free(cd->verity_root_hash); @@ -1996,7 +1996,7 @@ int crypt_activate_by_volume_key(struct crypt_device *cd, r = VERITY_activate(cd, name, mdata_device(cd), volume_key, volume_key_size, - &cd->verity_hdr, cd->verity_flags); + &cd->verity_hdr, CRYPT_ACTIVATE_READONLY); if (r == -EPERM) { free(cd->verity_root_hash); diff --git a/lib/verity/verity.c b/lib/verity/verity.c index b53edba..afe261e 100644 --- a/lib/verity/verity.c +++ b/lib/verity/verity.c @@ -60,6 +60,11 @@ int VERITY_read_sb(struct crypt_device *cd, log_dbg("Reading VERITY header of size %u on device %s, offset %" PRIu64 ".", sizeof(struct verity_sb), device, sb_offset); + if (params->flags & CRYPT_VERITY_NO_HEADER) { + log_err(cd, _("Verity don't use on-disk header.\n"), device); + return -EINVAL; + } + devfd = open(device ,O_RDONLY | O_DIRECT); if(devfd == -1) { log_err(cd, _("Cannot open device %s.\n"), device); @@ -124,6 +129,11 @@ int VERITY_write_sb(struct crypt_device *cd, log_dbg("Updating VERITY header of size %u on device %s, offset %" PRIu64 ".", sizeof(struct verity_sb), device, sb_offset); + if (params->flags & CRYPT_VERITY_NO_HEADER) { + log_err(cd, _("Verity don't use on-disk header.\n"), device); + return -EINVAL; + } + devfd = open(device, O_RDWR | O_DIRECT); if(devfd == -1) { log_err(cd, _("Cannot open device %s.\n"), device); @@ -169,7 +179,7 @@ int VERITY_activate(struct crypt_device *cd, const char *root_hash, size_t root_hash_size, struct crypt_params_verity *verity_hdr, - uint32_t flags) + uint32_t activation_flags) { struct crypt_dm_active_device dmd; uint64_t offset = 0; @@ -178,7 +188,7 @@ int VERITY_activate(struct crypt_device *cd, log_dbg("Trying to activate VERITY device %s using hash %s.", name ?: "[none]", verity_hdr->hash_name); - if (flags & CRYPT_VERITY_CHECK_HASH) { + if (verity_hdr->flags & CRYPT_VERITY_CHECK_HASH) { r = VERITY_verify(cd, verity_hdr, crypt_get_device_name(cd), hash_device, root_hash, root_hash_size); @@ -195,7 +205,7 @@ int VERITY_activate(struct crypt_device *cd, dmd.u.verity.root_hash = root_hash; dmd.u.verity.root_hash_size = root_hash_size; dmd.u.verity.hash_offset = VERITY_hash_offset_block(verity_hdr), - dmd.flags = CRYPT_ACTIVATE_READONLY; + dmd.flags = activation_flags; dmd.size = verity_hdr->data_size * verity_hdr->data_block_size / 512; dmd.uuid = NULL; dmd.u.verity.vp = verity_hdr; diff --git a/lib/verity/verity.h b/lib/verity/verity.h index 51b0141..aef3887 100644 --- a/lib/verity/verity.h +++ b/lib/verity/verity.h @@ -46,7 +46,7 @@ int VERITY_activate(struct crypt_device *cd, const char *root_hash, size_t root_hash_size, struct crypt_params_verity *verity_hdr, - uint32_t flags); + uint32_t activation_flags); int VERITY_verify(struct crypt_device *cd, struct crypt_params_verity *verity_hdr, diff --git a/src/veritysetup.c b/src/veritysetup.c index c9d16c9..bf0bbc1 100644 --- a/src/veritysetup.c +++ b/src/veritysetup.c @@ -22,6 +22,7 @@ * - extend superblock (UUID) * - add api tests * - salt string "-" + * - report in-kernel status outside libcryptsetup (extend api) */ #include -- 2.7.4