Commit f3a9e95d authored by Ondrej Kozina's avatar Ondrej Kozina Committed by Milan Broz

Add simple API for token assignment reporting.

parent 7378e3be
......@@ -1782,6 +1782,21 @@ int crypt_token_unassign_keyslot(struct crypt_device *cd,
int token,
int keyslot);
/**
* Get info about token assignment to particular keyslot.
*
* @param cd crypt device handle
* @param token token id
* @param keyslot keyslot
*
* @return 0 on success (token exists and is assigned to the keyslot),
* -ENOENT if token is not assigned to a keyslot (token, keyslot
* or both may be inactive) or other negative errno otherwise.
*/
int crypt_token_is_assigned(struct crypt_device *cd,
int token,
int keyslot);
/**
* Token handler open function prototype.
* This function retrieves password from a token and return allocated buffer
......
......@@ -43,6 +43,7 @@ CRYPTSETUP_2.0 {
crypt_token_luks2_keyring_set;
crypt_token_assign_keyslot;
crypt_token_unassign_keyslot;
crypt_token_is_assigned;
crypt_token_register;
crypt_activate_by_token;
......
......@@ -206,6 +206,11 @@ int LUKS2_token_assign(struct crypt_device *cd,
int assign,
int commit);
int LUKS2_token_is_assigned(struct crypt_device *cd,
struct luks2_hdr *hdr,
int keyslot,
int token);
int LUKS2_token_create(struct crypt_device *cd,
struct luks2_hdr *hdr,
int token,
......
......@@ -571,3 +571,27 @@ int LUKS2_token_assign(struct crypt_device *cd, struct luks2_hdr *hdr,
return token;
}
int LUKS2_token_is_assigned(struct crypt_device *cd, struct luks2_hdr *hdr,
int keyslot, int token)
{
int i;
json_object *jobj_token, *jobj_token_keyslots, *jobj;
if (keyslot < 0 || keyslot >= LUKS2_KEYSLOTS_MAX || token < 0 || token >= LUKS2_TOKENS_MAX)
return -EINVAL;
jobj_token = LUKS2_get_token_jobj(hdr, token);
if (!jobj_token)
return -ENOENT;
json_object_object_get_ex(jobj_token, "keyslots", &jobj_token_keyslots);
for (i = 0; i < (int) json_object_array_length(jobj_token_keyslots); i++) {
jobj = json_object_array_get_idx(jobj_token_keyslots, i);
if (keyslot == atoi(json_object_get_string(jobj)))
return 0;
}
return -ENOENT;
}
......@@ -4274,6 +4274,16 @@ int crypt_token_unassign_keyslot(struct crypt_device *cd, int token, int keyslot
return LUKS2_token_assign(cd, &cd->u.luks2.hdr, keyslot, token, 0, 1);
}
int crypt_token_is_assigned(struct crypt_device *cd, int token, int keyslot)
{
int r;
if ((r = _onlyLUKS2(cd, CRYPT_CD_QUIET | CRYPT_CD_UNRESTRICTED)))
return r;
return LUKS2_token_is_assigned(cd, &cd->u.luks2.hdr, keyslot, token);
}
/* Internal only */
int crypt_metadata_locking_enabled(void)
{
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment