Commit 991ab5de authored by Milan Broz's avatar Milan Broz

Fixe more context propagation paths.

parent b17e4fa3
......@@ -101,8 +101,8 @@ static int diffuse(char *src, char *dst, size_t size, const char *hash_name)
* blocknumbers. The same blocksize and blocknumbers values
* must be supplied to AF_merge to recover information.
*/
int AF_split(const char *src, char *dst, size_t blocksize,
unsigned int blocknumbers, const char *hash)
int AF_split(struct crypt_device *ctx, const char *src, char *dst,
size_t blocksize, unsigned int blocknumbers, const char *hash)
{
unsigned int i;
char *bufblock;
......@@ -114,7 +114,7 @@ int AF_split(const char *src, char *dst, size_t blocksize,
/* process everything except the last block */
for (i = 0; i < blocknumbers - 1; i++) {
r = crypt_random_get(NULL, dst + blocksize * i, blocksize, CRYPT_RND_NORMAL);
r = crypt_random_get(ctx, dst + blocksize * i, blocksize, CRYPT_RND_NORMAL);
if (r < 0)
goto out;
......@@ -131,8 +131,8 @@ out:
return r;
}
int AF_merge(const char *src, char *dst, size_t blocksize,
unsigned int blocknumbers, const char *hash)
int AF_merge(struct crypt_device *ctx __attribute__((unused)), const char *src, char *dst,
size_t blocksize, unsigned int blocknumbers, const char *hash)
{
unsigned int i;
char *bufblock;
......
......@@ -39,8 +39,10 @@
* On error, both functions return -1, 0 otherwise.
*/
int AF_split(const char *src, char *dst, size_t blocksize, unsigned int blocknumbers, const char *hash);
int AF_merge(const char *src, char *dst, size_t blocksize, unsigned int blocknumbers, const char *hash);
int AF_split(struct crypt_device *ctx, const char *src, char *dst,
size_t blocksize, unsigned int blocknumbers, const char *hash);
int AF_merge(struct crypt_device *ctx, const char *src, char *dst, size_t blocksize,
unsigned int blocknumbers, const char *hash);
size_t AF_split_sectors(size_t blocksize, unsigned int blocknumbers);
int LUKS_encrypt_to_storage(
......
......@@ -919,7 +919,7 @@ int LUKS_set_key(unsigned int keyIndex,
log_dbg(ctx, "Using hash %s for AF in key slot %d, %d stripes",
hdr->hashSpec, keyIndex, hdr->keyblock[keyIndex].stripes);
r = AF_split(vk->key,AfKey,vk->keylength,hdr->keyblock[keyIndex].stripes,hdr->hashSpec);
r = AF_split(ctx, vk->key, AfKey, vk->keylength, hdr->keyblock[keyIndex].stripes, hdr->hashSpec);
if (r < 0)
goto out;
......@@ -1018,7 +1018,7 @@ static int LUKS_open_key(unsigned int keyIndex,
if (r < 0)
goto out;
r = AF_merge(AfKey,vk->key,vk->keylength,hdr->keyblock[keyIndex].stripes,hdr->hashSpec);
r = AF_merge(ctx, AfKey, vk->key, vk->keylength, hdr->keyblock[keyIndex].stripes, hdr->hashSpec);
if (r < 0)
goto out;
......
......@@ -261,9 +261,7 @@ int LUKS2_tokens_count(struct luks2_hdr *hdr);
/*
* Generic LUKS2 digest
*/
int LUKS2_digest_by_segment(struct crypt_device *cd,
struct luks2_hdr *hdr,
int segment);
int LUKS2_digest_by_segment(struct luks2_hdr *hdr, int segment);
int LUKS2_digest_verify_by_segment(struct crypt_device *cd,
struct luks2_hdr *hdr,
......@@ -295,9 +293,7 @@ int LUKS2_digest_segment_assign(struct crypt_device *cd,
int assign,
int commit);
int LUKS2_digest_by_keyslot(struct crypt_device *cd,
struct luks2_hdr *hdr,
int keyslot);
int LUKS2_digest_by_keyslot(struct luks2_hdr *hdr, int keyslot);
int LUKS2_digest_create(struct crypt_device *cd,
const char *type,
......
......@@ -91,9 +91,7 @@ int LUKS2_digest_create(struct crypt_device *cd,
return dh->store(cd, digest, vk->key, vk->keylength) ?: digest;
}
int LUKS2_digest_by_keyslot(struct crypt_device *cd,
struct luks2_hdr *hdr,
int keyslot)
int LUKS2_digest_by_keyslot(struct luks2_hdr *hdr, int keyslot)
{
char keyslot_name[16];
json_object *jobj_digests, *jobj_digest_keyslots;
......@@ -120,7 +118,7 @@ int LUKS2_digest_verify(struct crypt_device *cd,
const digest_handler *h;
int digest, r;
digest = LUKS2_digest_by_keyslot(cd, hdr, keyslot);
digest = LUKS2_digest_by_keyslot(hdr, keyslot);
if (digest < 0)
return digest;
......@@ -156,7 +154,7 @@ int LUKS2_digest_verify_by_segment(struct crypt_device *cd,
const digest_handler *h;
int digest, r;
digest = LUKS2_digest_by_segment(cd, hdr, segment);
digest = LUKS2_digest_by_segment(hdr, segment);
if (digest < 0)
return digest;
......@@ -176,9 +174,7 @@ int LUKS2_digest_verify_by_segment(struct crypt_device *cd,
}
/* FIXME: segment can have more digests */
int LUKS2_digest_by_segment(struct crypt_device *cd,
struct luks2_hdr *hdr,
int segment)
int LUKS2_digest_by_segment(struct luks2_hdr *hdr, int segment)
{
char segment_name[16];
json_object *jobj_digests, *jobj_digest_segments;
......@@ -374,7 +370,7 @@ static char *get_key_description_by_digest(struct crypt_device *cd, int digest)
int LUKS2_key_description_by_segment(struct crypt_device *cd,
struct luks2_hdr *hdr, struct volume_key *vk, int segment)
{
char *desc = get_key_description_by_digest(cd, LUKS2_digest_by_segment(cd, hdr, segment));
char *desc = get_key_description_by_digest(cd, LUKS2_digest_by_segment(hdr, segment));
int r;
r = crypt_volume_key_set_description(vk, desc);
......@@ -385,7 +381,7 @@ int LUKS2_key_description_by_segment(struct crypt_device *cd,
int LUKS2_volume_key_load_in_keyring_by_keyslot(struct crypt_device *cd,
struct luks2_hdr *hdr, struct volume_key *vk, int keyslot)
{
char *desc = get_key_description_by_digest(cd, LUKS2_digest_by_keyslot(cd, hdr, keyslot));
char *desc = get_key_description_by_digest(cd, LUKS2_digest_by_keyslot(hdr, keyslot));
int r;
r = crypt_volume_key_set_description(vk, desc);
......
......@@ -504,7 +504,7 @@ static int validate_luks2_json_object(struct crypt_device *cd, json_object *jobj
if (r) {
log_dbg(cd, "Repairing JSON metadata.");
/* try to correct known glitches */
LUKS2_hdr_repair(jobj_hdr);
LUKS2_hdr_repair(cd, jobj_hdr);
/* run validation again */
r = LUKS2_hdr_validate(cd, jobj_hdr, length);
......@@ -683,7 +683,7 @@ int LUKS2_disk_hdr_read(struct crypt_device *cd, struct luks2_hdr *hdr,
if (do_recovery) {
memcpy(&hdr_disk2, &hdr_disk1, LUKS2_HDR_BIN_LEN);
r = crypt_random_get(NULL, (char*)hdr_disk2.salt, sizeof(hdr_disk2.salt), CRYPT_RND_SALT);
r = crypt_random_get(cd, (char*)hdr_disk2.salt, sizeof(hdr_disk2.salt), CRYPT_RND_SALT);
if (r)
log_dbg(cd, "Cannot generate master salt.");
else {
......@@ -704,7 +704,7 @@ int LUKS2_disk_hdr_read(struct crypt_device *cd, struct luks2_hdr *hdr,
if (do_recovery) {
memcpy(&hdr_disk1, &hdr_disk2, LUKS2_HDR_BIN_LEN);
r = crypt_random_get(NULL, (char*)hdr_disk1.salt, sizeof(hdr_disk1.salt), CRYPT_RND_SALT);
r = crypt_random_get(cd, (char*)hdr_disk1.salt, sizeof(hdr_disk1.salt), CRYPT_RND_SALT);
if (r)
log_dbg(cd, "Cannot generate master salt.");
else {
......
......@@ -85,8 +85,8 @@ void LUKS2_token_dump(struct crypt_device *cd, int token);
/*
* LUKS2 JSON repair for known glitches
*/
void LUKS2_hdr_repair(json_object *jobj_hdr);
void LUKS2_keyslots_repair(json_object *jobj_hdr);
void LUKS2_hdr_repair(struct crypt_device *cd, json_object *jobj_hdr);
void LUKS2_keyslots_repair(struct crypt_device *cd, json_object *jobj_hdr);
/*
* JSON array helpers
......
......@@ -154,8 +154,8 @@ int LUKS2_generate_hdr(
hdr->version = 2;
memset(hdr->label, 0, LUKS2_LABEL_L);
strcpy(hdr->checksum_alg, "sha256");
crypt_random_get(NULL, (char*)hdr->salt1, LUKS2_SALT_L, CRYPT_RND_SALT);
crypt_random_get(NULL, (char*)hdr->salt2, LUKS2_SALT_L, CRYPT_RND_SALT);
crypt_random_get(cd, (char*)hdr->salt1, LUKS2_SALT_L, CRYPT_RND_SALT);
crypt_random_get(cd, (char*)hdr->salt2, LUKS2_SALT_L, CRYPT_RND_SALT);
if (uuid && uuid_parse(uuid, partitionUuid) == -1) {
log_err(cd, _("Wrong LUKS UUID format provided."));
......
......@@ -1998,7 +1998,7 @@ int LUKS2_unmet_requirements(struct crypt_device *cd, struct luks2_hdr *hdr, uin
* could leave previous type parameters behind. Correct this by purging
* all params not needed by current type.
*/
void LUKS2_hdr_repair(json_object *hdr_jobj)
void LUKS2_hdr_repair(struct crypt_device *cd, json_object *hdr_jobj)
{
json_object *jobj_keyslots;
......@@ -2007,5 +2007,5 @@ void LUKS2_hdr_repair(json_object *hdr_jobj)
if (!json_object_is_type(jobj_keyslots, json_type_object))
return;
LUKS2_keyslots_repair(jobj_keyslots);
LUKS2_keyslots_repair(cd, jobj_keyslots);
}
......@@ -83,11 +83,11 @@ int LUKS2_keyslot_for_segment(struct luks2_hdr *hdr, int keyslot, int segment)
if (segment == CRYPT_ANY_SEGMENT)
return 0;
keyslot_digest = LUKS2_digest_by_keyslot(NULL, hdr, keyslot);
keyslot_digest = LUKS2_digest_by_keyslot(hdr, keyslot);
if (keyslot_digest < 0)
return -EINVAL;
segment_digest = LUKS2_digest_by_segment(NULL, hdr, segment);
segment_digest = LUKS2_digest_by_segment(hdr, segment);
if (segment_digest < 0)
return segment_digest;
......@@ -178,7 +178,7 @@ int LUKS2_keyslot_params_default(struct crypt_device *cd, struct luks2_hdr *hdr,
static int LUKS2_keyslot_unbound(struct luks2_hdr *hdr, int keyslot)
{
json_object *jobj_digest, *jobj_segments;
int digest = LUKS2_digest_by_keyslot(NULL, hdr, keyslot);
int digest = LUKS2_digest_by_keyslot(hdr, keyslot);
if (digest < 0)
return 0;
......@@ -597,10 +597,10 @@ int LUKS2_keyslots_validate(struct crypt_device *cd, json_object *hdr_jobj)
json_object_object_foreach(jobj_keyslots, slot, val) {
keyslot = atoi(slot);
json_object_object_get_ex(val, "type", &jobj_type);
h = LUKS2_keyslot_handler_type(NULL, json_object_get_string(jobj_type));
h = LUKS2_keyslot_handler_type(cd, json_object_get_string(jobj_type));
if (!h)
continue;
if (h->validate && h->validate(NULL, val)) {
if (h->validate && h->validate(cd, val)) {
log_dbg(cd, "Keyslot type %s validation failed on keyslot %d.", h->name, keyslot);
return -EINVAL;
}
......@@ -614,7 +614,7 @@ int LUKS2_keyslots_validate(struct crypt_device *cd, json_object *hdr_jobj)
return 0;
}
void LUKS2_keyslots_repair(json_object *jobj_keyslots)
void LUKS2_keyslots_repair(struct crypt_device *cd, json_object *jobj_keyslots)
{
const keyslot_handler *h;
json_object *jobj_type;
......@@ -626,8 +626,8 @@ void LUKS2_keyslots_repair(json_object *jobj_keyslots)
!json_object_is_type(jobj_type, json_type_string))
continue;
h = LUKS2_keyslot_handler_type(NULL, json_object_get_string(jobj_type));
h = LUKS2_keyslot_handler_type(cd, json_object_get_string(jobj_type));
if (h && h->repair)
h->repair(NULL, val);
h->repair(cd, val);
}
}
......@@ -281,7 +281,7 @@ static int luks2_keyslot_set_key(struct crypt_device *cd,
return -ENOMEM;
}
r = AF_split(volume_key, AfKey, volume_key_len, LUKS_STRIPES, af_hash);
r = AF_split(cd, volume_key, AfKey, volume_key_len, LUKS_STRIPES, af_hash);
if (r == 0) {
log_dbg(cd, "Updating keyslot area [0x%04x].", (unsigned)area_offset);
......@@ -369,7 +369,7 @@ static int luks2_keyslot_get_key(struct crypt_device *cd,
}
if (r == 0)
r = AF_merge(AfKey, volume_key, volume_key_len, LUKS_STRIPES, af_hash);
r = AF_merge(cd, AfKey, volume_key, volume_key_len, LUKS_STRIPES, af_hash);
crypt_free_volume_key(derived_key);
crypt_safe_free(AfKey);
......
......@@ -2059,7 +2059,7 @@ int crypt_resize(struct crypt_device *cd, const char *name, uint64_t new_size)
DM_ACTIVE_UUID | DM_ACTIVE_CRYPT_KEYSIZE |
DM_ACTIVE_CRYPT_KEY, &dmd);
if (r < 0) {
log_err(NULL, _("Device %s is not active."), name);
log_err(cd, _("Device %s is not active."), name);
return -EINVAL;
}
......@@ -2091,7 +2091,7 @@ int crypt_resize(struct crypt_device *cd, const char *name, uint64_t new_size)
crypt_get_device_name(cd));
/* Here we always use default size not new_size */
if (crypt_loop_resize(crypt_get_device_name(cd)))
log_err(NULL, _("Cannot resize loop device."));
log_err(cd, _("Cannot resize loop device."));
}
r = device_block_adjust(cd, dmd.data_device, DEV_OK,
......@@ -2282,12 +2282,12 @@ void crypt_free(struct crypt_device *cd)
free(cd);
}
static char *crypt_get_device_key_description(const char *name)
static char *crypt_get_device_key_description(struct crypt_device *cd, const char *name)
{
char *tmp = NULL;
struct crypt_dm_active_device dmd;
if (dm_query_device(NULL, name, DM_ACTIVE_CRYPT_KEY | DM_ACTIVE_CRYPT_KEYSIZE, &dmd) < 0)
if (dm_query_device(cd, name, DM_ACTIVE_CRYPT_KEY | DM_ACTIVE_CRYPT_KEYSIZE, &dmd) < 0)
return NULL;
if (dmd.target == DM_CRYPT) {
......@@ -2346,7 +2346,7 @@ int crypt_suspend(struct crypt_device *cd,
goto out;
}
key_desc = crypt_get_device_key_description(name);
key_desc = crypt_get_device_key_description(cd, name);
/* we can't simply wipe wrapped keys */
if (crypt_cipher_wrapped_key(crypt_get_cipher(cd), crypt_get_cipher_mode(cd)))
......@@ -2635,7 +2635,7 @@ int crypt_keyslot_change_by_passphrase(struct crypt_device *cd,
r = LUKS2_keyslot_open(cd, keyslot_old, CRYPT_ANY_SEGMENT, passphrase, passphrase_size, &vk);
/* will fail for keyslots w/o digest. fix if supported in a future */
if (r >= 0) {
digest = LUKS2_digest_by_keyslot(cd, &cd->u.luks2.hdr, r);
digest = LUKS2_digest_by_keyslot(&cd->u.luks2.hdr, r);
if (digest < 0)
r = -EINVAL;
}
......@@ -3297,7 +3297,7 @@ int crypt_deactivate_by_name(struct crypt_device *cd, const char *name, uint32_t
namei = device_dm_name(dmd.data_device);
}
key_desc = crypt_get_device_key_description(name);
key_desc = crypt_get_device_key_description(cd, name);
if (isTCRYPT(cd->type))
r = TCRYPT_deactivate(cd, name, flags);
......
......@@ -225,7 +225,7 @@ static int _open_locked(struct crypt_device *cd, struct device *device, int flag
if (fd < 0)
return -errno;
if (device_locked_verify(NULL, fd, device->lh)) {
if (device_locked_verify(cd, fd, device->lh)) {
/* fd doesn't correspond to a locked resource */
close(fd);
log_dbg(cd, "Failed to verify lock resource for device %s.", device_path(device));
......
......@@ -52,7 +52,8 @@ static void wipeSpecial(char *buffer, size_t buffer_size, unsigned int turn)
}
}
static int crypt_wipe_special(int fd, size_t bsize, size_t alignment, char *buffer,
static int crypt_wipe_special(struct crypt_device *cd, int fd, size_t bsize,
size_t alignment, char *buffer,
uint64_t offset, size_t size)
{
int r;
......@@ -61,12 +62,12 @@ static int crypt_wipe_special(int fd, size_t bsize, size_t alignment, char *buff
for (i = 0; i < 39; ++i) {
if (i < 5) {
r = crypt_random_get(NULL, buffer, size, CRYPT_RND_NORMAL);
r = crypt_random_get(cd, buffer, size, CRYPT_RND_NORMAL);
} else if (i >= 5 && i < 32) {
wipeSpecial(buffer, size, i - 5);
r = 0;
} else if (i >= 32 && i < 38) {
r = crypt_random_get(NULL, buffer, size, CRYPT_RND_NORMAL);
r = crypt_random_get(cd, buffer, size, CRYPT_RND_NORMAL);
} else if (i >= 38 && i < 39) {
memset(buffer, 0xFF, size);
r = 0;
......@@ -81,7 +82,7 @@ static int crypt_wipe_special(int fd, size_t bsize, size_t alignment, char *buff
}
/* Rewrite it finally with random */
if (crypt_random_get(NULL, buffer, size, CRYPT_RND_NORMAL) < 0)
if (crypt_random_get(cd, buffer, size, CRYPT_RND_NORMAL) < 0)
return -EIO;
written = write_lseek_blockwise(fd, bsize, alignment, buffer, size, offset);
......@@ -91,14 +92,14 @@ static int crypt_wipe_special(int fd, size_t bsize, size_t alignment, char *buff
return 0;
}
static int wipe_block(int devfd, crypt_wipe_pattern pattern, char *sf,
size_t device_block_size, size_t alignment,
static int wipe_block(struct crypt_device *cd, int devfd, crypt_wipe_pattern pattern,
char *sf, size_t device_block_size, size_t alignment,
size_t wipe_block_size, uint64_t offset, bool *need_block_init)
{
int r;
if (pattern == CRYPT_WIPE_SPECIAL)
return crypt_wipe_special(devfd, device_block_size, alignment,
return crypt_wipe_special(cd, devfd, device_block_size, alignment,
sf, offset, wipe_block_size);
if (*need_block_init) {
......@@ -107,12 +108,12 @@ static int wipe_block(int devfd, crypt_wipe_pattern pattern, char *sf,
*need_block_init = false;
r = 0;
} else if (pattern == CRYPT_WIPE_RANDOM) {
r = crypt_random_get(NULL, sf, wipe_block_size,
r = crypt_random_get(cd, sf, wipe_block_size,
CRYPT_RND_NORMAL) ? -EIO : 0;
*need_block_init = true;
} else if (pattern == CRYPT_WIPE_ENCRYPTED_ZERO) {
// FIXME
r = crypt_random_get(NULL, sf, wipe_block_size,
r = crypt_random_get(cd, sf, wipe_block_size,
CRYPT_RND_NORMAL) ? -EIO : 0;
*need_block_init = true;
} else
......@@ -201,7 +202,7 @@ int crypt_wipe_device(struct crypt_device *cd,
//log_dbg("Wipe %012" PRIu64 "-%012" PRIu64 " bytes", offset, offset + wipe_block_size);
r = wipe_block(devfd, pattern, sf, bsize, alignment,
r = wipe_block(cd, devfd, pattern, sf, bsize, alignment,
wipe_block_size, offset, &need_block_init);
if (r) {
log_err(cd, "Device wipe error, offset %" PRIu64 ".", offset);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment