Commit eabd23f3 authored by Milan Broz's avatar Milan Broz

Print verbose message about keyslot and token numbers.

Move all messages to cryptsetup tools and print these
verbose messages:

  - Key slot X unlocked.
  - Key slot X created.
  - Key slot X removed.
and
  - Token X created.
  - Token X removed.

Also print error, if unknown token is tried to be removed.
parent cc27088d
...@@ -1023,9 +1023,6 @@ static int LUKS_open_key(unsigned int keyIndex, ...@@ -1023,9 +1023,6 @@ static int LUKS_open_key(unsigned int keyIndex,
/* Allow only empty passphrase with null cipher */ /* Allow only empty passphrase with null cipher */
if (!r && !strcmp(hdr->cipherName, "cipher_null") && passwordLen) if (!r && !strcmp(hdr->cipherName, "cipher_null") && passwordLen)
r = -EPERM; r = -EPERM;
if (!r)
log_verbose(ctx, _("Key slot %d unlocked."), keyIndex);
out: out:
crypt_safe_free(AfKey); crypt_safe_free(AfKey);
crypt_free_volume_key(derived_key); crypt_free_volume_key(derived_key);
......
...@@ -2701,15 +2701,9 @@ int crypt_keyslot_change_by_passphrase(struct crypt_device *cd, ...@@ -2701,15 +2701,9 @@ int crypt_keyslot_change_by_passphrase(struct crypt_device *cd,
} else } else
r = -EINVAL; r = -EINVAL;
if (keyslot_old == keyslot_new) { if (r >= 0 && keyslot_old != keyslot_new)
if (r >= 0) r = crypt_keyslot_destroy(cd, keyslot_old);
log_verbose(cd, _("Key slot %d changed."), keyslot_new);
} else {
if (r >= 0) {
log_verbose(cd, _("Replaced with key slot %d."), keyslot_new);
r = crypt_keyslot_destroy(cd, keyslot_old);
}
}
if (r < 0) if (r < 0)
log_err(cd, _("Failed to swap new key slot.")); log_err(cd, _("Failed to swap new key slot."));
out: out:
......
...@@ -521,6 +521,7 @@ static int action_resize(void) ...@@ -521,6 +521,7 @@ static int action_resize(void)
/* try load VK in kernel keyring using token */ /* try load VK in kernel keyring using token */
r = crypt_activate_by_token(cd, NULL, opt_token, NULL, r = crypt_activate_by_token(cd, NULL, opt_token, NULL,
CRYPT_ACTIVATE_KEYRING_KEY); CRYPT_ACTIVATE_KEYRING_KEY);
tools_keyslot_msg(r, UNLOCKED);
if (r < 0 && opt_token_only) if (r < 0 && opt_token_only)
goto out; goto out;
...@@ -534,6 +535,7 @@ static int action_resize(void) ...@@ -534,6 +535,7 @@ static int action_resize(void)
password, passwordLen, password, passwordLen,
CRYPT_ACTIVATE_KEYRING_KEY); CRYPT_ACTIVATE_KEYRING_KEY);
tools_passphrase_msg(r); tools_passphrase_msg(r);
tools_keyslot_msg(r, UNLOCKED);
crypt_safe_free(password); crypt_safe_free(password);
} }
...@@ -1066,6 +1068,7 @@ static int action_luksFormat(void) ...@@ -1066,6 +1068,7 @@ static int action_luksFormat(void)
password, passwordLen); password, passwordLen);
if (r < 0) /* FIXME: call wipe signatures again */ if (r < 0) /* FIXME: call wipe signatures again */
goto out; goto out;
tools_keyslot_msg(r, CREATED);
if (opt_integrity && !opt_integrity_no_wipe) if (opt_integrity && !opt_integrity_no_wipe)
r = _wipe_data_device(cd); r = _wipe_data_device(cd);
...@@ -1119,6 +1122,7 @@ static int action_open_luks(void) ...@@ -1119,6 +1122,7 @@ static int action_open_luks(void)
key, keysize, activate_flags); key, keysize, activate_flags);
} else { } else {
r = crypt_activate_by_token(cd, activated_name, opt_token, NULL, activate_flags); r = crypt_activate_by_token(cd, activated_name, opt_token, NULL, activate_flags);
tools_keyslot_msg(r, UNLOCKED);
if (r >= 0 || opt_token_only) if (r >= 0 || opt_token_only)
goto out; goto out;
...@@ -1132,6 +1136,7 @@ static int action_open_luks(void) ...@@ -1132,6 +1136,7 @@ static int action_open_luks(void)
r = crypt_activate_by_passphrase(cd, activated_name, r = crypt_activate_by_passphrase(cd, activated_name,
opt_key_slot, password, passwordLen, activate_flags); opt_key_slot, password, passwordLen, activate_flags);
tools_keyslot_msg(r, UNLOCKED);
tools_passphrase_msg(r); tools_passphrase_msg(r);
check_signal(&r); check_signal(&r);
crypt_safe_free(password); crypt_safe_free(password);
...@@ -1236,6 +1241,7 @@ static int action_luksKillSlot(void) ...@@ -1236,6 +1241,7 @@ static int action_luksKillSlot(void)
_("Enter any remaining passphrase: "), _("Enter any remaining passphrase: "),
_("Operation aborted, the keyslot was NOT wiped.\n"), _("Operation aborted, the keyslot was NOT wiped.\n"),
opt_key_file, opt_keyfile_offset, opt_keyfile_size); opt_key_file, opt_keyfile_offset, opt_keyfile_size);
tools_keyslot_msg(r, UNLOCKED);
if (r == -EPIPE && (!opt_key_file || tools_is_stdin(opt_key_file))) { if (r == -EPIPE && (!opt_key_file || tools_is_stdin(opt_key_file))) {
log_dbg("Failed read from input, ignoring passphrase."); log_dbg("Failed read from input, ignoring passphrase.");
...@@ -1247,6 +1253,7 @@ static int action_luksKillSlot(void) ...@@ -1247,6 +1253,7 @@ static int action_luksKillSlot(void)
} }
r = crypt_keyslot_destroy(cd, opt_key_slot); r = crypt_keyslot_destroy(cd, opt_key_slot);
tools_keyslot_msg(r, REMOVED);
out: out:
crypt_free(cd); crypt_free(cd);
return r; return r;
...@@ -1282,6 +1289,7 @@ static int action_luksRemoveKey(void) ...@@ -1282,6 +1289,7 @@ static int action_luksRemoveKey(void)
check_signal(&r); check_signal(&r);
if (r < 0) if (r < 0)
goto out; goto out;
tools_keyslot_msg(r, UNLOCKED);
opt_key_slot = r; opt_key_slot = r;
log_verbose(_("Key slot %d selected for deletion."), opt_key_slot); log_verbose(_("Key slot %d selected for deletion."), opt_key_slot);
...@@ -1295,6 +1303,7 @@ static int action_luksRemoveKey(void) ...@@ -1295,6 +1303,7 @@ static int action_luksRemoveKey(void)
} }
r = crypt_keyslot_destroy(cd, opt_key_slot); r = crypt_keyslot_destroy(cd, opt_key_slot);
tools_keyslot_msg(r, REMOVED);
out: out:
crypt_safe_free(password); crypt_safe_free(password);
crypt_free(cd); crypt_free(cd);
...@@ -1349,6 +1358,7 @@ static int luksAddUnboundKey(void) ...@@ -1349,6 +1358,7 @@ static int luksAddUnboundKey(void)
r = crypt_keyslot_add_by_key(cd, opt_key_slot, key, keysize, r = crypt_keyslot_add_by_key(cd, opt_key_slot, key, keysize,
password_new, password_new_size, CRYPT_VOLUME_KEY_NO_SEGMENT); password_new, password_new_size, CRYPT_VOLUME_KEY_NO_SEGMENT);
tools_keyslot_msg(r, CREATED);
out: out:
crypt_safe_free(password_new); crypt_safe_free(password_new);
crypt_safe_free(key); crypt_safe_free(key);
...@@ -1430,6 +1440,7 @@ static int action_luksAddKey(void) ...@@ -1430,6 +1440,7 @@ static int action_luksAddKey(void)
tools_passphrase_msg(r); tools_passphrase_msg(r);
if (r < 0) if (r < 0)
goto out; goto out;
tools_keyslot_msg(r, UNLOCKED);
r = tools_get_key(_("Enter new passphrase for key slot: "), r = tools_get_key(_("Enter new passphrase for key slot: "),
&password_new, &password_new_size, &password_new, &password_new_size,
...@@ -1443,6 +1454,7 @@ static int action_luksAddKey(void) ...@@ -1443,6 +1454,7 @@ static int action_luksAddKey(void)
password_new, password_new_size); password_new, password_new_size);
} }
out: out:
tools_keyslot_msg(r, CREATED);
crypt_safe_free(password); crypt_safe_free(password);
crypt_safe_free(password_new); crypt_safe_free(password_new);
crypt_safe_free(key); crypt_safe_free(key);
...@@ -1488,6 +1500,7 @@ static int action_luksChangeKey(void) ...@@ -1488,6 +1500,7 @@ static int action_luksChangeKey(void)
check_signal(&r); check_signal(&r);
if (r < 0) if (r < 0)
goto out; goto out;
tools_keyslot_msg(r, UNLOCKED);
r = tools_get_key(_("Enter new passphrase: "), r = tools_get_key(_("Enter new passphrase: "),
&password_new, &password_new_size, &password_new, &password_new_size,
...@@ -1499,6 +1512,7 @@ static int action_luksChangeKey(void) ...@@ -1499,6 +1512,7 @@ static int action_luksChangeKey(void)
r = crypt_keyslot_change_by_passphrase(cd, opt_key_slot, opt_key_slot, r = crypt_keyslot_change_by_passphrase(cd, opt_key_slot, opt_key_slot,
password, password_size, password_new, password_new_size); password, password_size, password_new, password_new_size);
tools_keyslot_msg(r, CREATED);
out: out:
crypt_safe_free(password); crypt_safe_free(password);
crypt_safe_free(password_new); crypt_safe_free(password_new);
...@@ -1535,6 +1549,7 @@ static int action_luksConvertKey(void) ...@@ -1535,6 +1549,7 @@ static int action_luksConvertKey(void)
r = crypt_keyslot_change_by_passphrase(cd, opt_key_slot, opt_key_slot, r = crypt_keyslot_change_by_passphrase(cd, opt_key_slot, opt_key_slot,
password, password_size, password, password_size); password, password_size, password, password_size);
tools_passphrase_msg(r); tools_passphrase_msg(r);
tools_keyslot_msg(r, CREATED);
out: out:
crypt_safe_free(password); crypt_safe_free(password);
crypt_free(cd); crypt_free(cd);
...@@ -1621,6 +1636,7 @@ static int luksDump_with_volume_key(struct crypt_device *cd) ...@@ -1621,6 +1636,7 @@ static int luksDump_with_volume_key(struct crypt_device *cd)
check_signal(&r); check_signal(&r);
if (r < 0) if (r < 0)
goto out; goto out;
tools_keyslot_msg(r, UNLOCKED);
if (opt_master_key_file) { if (opt_master_key_file) {
r = tools_write_mk(opt_master_key_file, vk, vk_size); r = tools_write_mk(opt_master_key_file, vk, vk_size);
...@@ -1711,6 +1727,7 @@ static int action_luksResume(void) ...@@ -1711,6 +1727,7 @@ static int action_luksResume(void)
password, passwordLen); password, passwordLen);
tools_passphrase_msg(r); tools_passphrase_msg(r);
check_signal(&r); check_signal(&r);
tools_keyslot_msg(r, UNLOCKED);
crypt_safe_free(password); crypt_safe_free(password);
password = NULL; password = NULL;
...@@ -1832,6 +1849,7 @@ static int action_luksErase(void) ...@@ -1832,6 +1849,7 @@ static int action_luksErase(void)
r = crypt_keyslot_destroy(cd, i); r = crypt_keyslot_destroy(cd, i);
if (r < 0) if (r < 0)
goto out; goto out;
tools_keyslot_msg(r, REMOVED);
} }
} }
out: out:
...@@ -1965,6 +1983,7 @@ static int _token_add(struct crypt_device *cd) ...@@ -1965,6 +1983,7 @@ static int _token_add(struct crypt_device *cd)
} }
token = r; token = r;
tools_token_msg(token, CREATED);
r = crypt_token_assign_keyslot(cd, token, opt_key_slot); r = crypt_token_assign_keyslot(cd, token, opt_key_slot);
if (r < 0) { if (r < 0) {
...@@ -1975,6 +1994,26 @@ static int _token_add(struct crypt_device *cd) ...@@ -1975,6 +1994,26 @@ static int _token_add(struct crypt_device *cd)
return r; return r;
} }
static int _token_remove(struct crypt_device *cd)
{
crypt_token_info token_info;
int r;
token_info = crypt_token_status(cd, opt_token, NULL);
if (token_info < CRYPT_TOKEN_INACTIVE) {
log_err(_("Token %d is invalid."), opt_token);
return -EINVAL;
} else if (token_info == CRYPT_TOKEN_INACTIVE) {
log_err(_("Token %d is not in use."), opt_token);
return -EINVAL;
}
r = crypt_token_json_set(cd, opt_token, NULL);
tools_token_msg(r, REMOVED);
return r;
}
static int _token_import(struct crypt_device *cd) static int _token_import(struct crypt_device *cd)
{ {
char *json; char *json;
...@@ -2005,6 +2044,7 @@ static int _token_import(struct crypt_device *cd) ...@@ -2005,6 +2044,7 @@ static int _token_import(struct crypt_device *cd)
} }
token = r; token = r;
tools_token_msg(token, CREATED);
if (opt_key_slot != CRYPT_ANY_SLOT) { if (opt_key_slot != CRYPT_ANY_SLOT) {
r = crypt_token_assign_keyslot(cd, token, opt_key_slot); r = crypt_token_assign_keyslot(cd, token, opt_key_slot);
...@@ -2075,8 +2115,7 @@ static int action_token(void) ...@@ -2075,8 +2115,7 @@ static int action_token(void)
r = _token_add(cd); r = _token_add(cd);
break; break;
case REMOVE: case REMOVE:
/* FIXME: add prompt here? a) for all types, b) external only? */ r = _token_remove(cd);
r = crypt_token_json_set(cd, opt_token, NULL);
break; break;
case IMPORT: case IMPORT:
r = _token_import(cd); r = _token_import(cd);
......
...@@ -62,7 +62,6 @@ extern int opt_batch_mode; ...@@ -62,7 +62,6 @@ extern int opt_batch_mode;
extern int opt_force_password; extern int opt_force_password;
extern int opt_progress_frequency; extern int opt_progress_frequency;
/* Common tools */ /* Common tools */
void clogger(struct crypt_device *cd, int level, const char *file, int line, void clogger(struct crypt_device *cd, int level, const char *file, int line,
const char *format, ...) __attribute__ ((format (printf, 5, 6))); const char *format, ...) __attribute__ ((format (printf, 5, 6)));
...@@ -77,6 +76,10 @@ void usage(poptContext popt_context, int exitcode, const char *error, const char ...@@ -77,6 +76,10 @@ void usage(poptContext popt_context, int exitcode, const char *error, const char
void dbg_version_and_cmd(int argc, const char **argv); void dbg_version_and_cmd(int argc, const char **argv);
int translate_errno(int r); int translate_errno(int r);
typedef enum { CREATED, UNLOCKED, REMOVED } crypt_object_op;
void tools_keyslot_msg(int keyslot, crypt_object_op op);
void tools_token_msg(int token, crypt_object_op op);
extern volatile int quit; extern volatile int quit;
void set_int_block(int block); void set_int_block(int block);
void set_int_handler(int block); void set_int_handler(int block);
......
...@@ -600,7 +600,7 @@ static int create_new_header(struct reenc_ctx *rc, struct crypt_device *cd_old, ...@@ -600,7 +600,7 @@ static int create_new_header(struct reenc_ctx *rc, struct crypt_device *cd_old,
r = create_new_keyslot(rc, i, cd_old, cd_new); r = create_new_keyslot(rc, i, cd_old, cd_new);
if (r < 0) if (r < 0)
goto out; goto out;
log_verbose(_("Activated keyslot %i."), r); tools_keyslot_msg(r, CREATED);
r = 0; r = 0;
} }
out: out:
...@@ -1271,6 +1271,7 @@ static int init_passphrase1(struct reenc_ctx *rc, struct crypt_device *cd, ...@@ -1271,6 +1271,7 @@ static int init_passphrase1(struct reenc_ctx *rc, struct crypt_device *cd,
return r; return r;
if (r >= 0) { if (r >= 0) {
tools_keyslot_msg(r, UNLOCKED);
rc->p[r].password = password; rc->p[r].password = password;
rc->p[r].passwordLen = passwordLen; rc->p[r].passwordLen = passwordLen;
if (ki != CRYPT_SLOT_UNBOUND) if (ki != CRYPT_SLOT_UNBOUND)
......
...@@ -272,6 +272,30 @@ int translate_errno(int r) ...@@ -272,6 +272,30 @@ int translate_errno(int r)
return r; return r;
} }
void tools_keyslot_msg(int keyslot, crypt_object_op op)
{
if (keyslot < 0)
return;
if (op == CREATED)
log_verbose(_("Key slot %i created."), keyslot);
else if (op == UNLOCKED)
log_verbose(_("Key slot %i unlocked."), keyslot);
else if (op == REMOVED)
log_verbose(_("Key slot %i removed."), keyslot);
}
void tools_token_msg(int token, crypt_object_op op)
{
if (token < 0)
return;
if (op == CREATED)
log_verbose(_("Token %i created."), token);
else if (op == REMOVED)
log_verbose(_("Token %i removed."), token);
}
/* /*
* Device size string parsing, suffixes: * Device size string parsing, suffixes:
* s|S - 512 bytes sectors * s|S - 512 bytes sectors
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment