diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/cryptsetup/cryptsetup-pkcs11.c | 12 | ||||
| -rw-r--r-- | src/cryptsetup/cryptsetup-pkcs11.h | 6 | ||||
| -rw-r--r-- | src/cryptsetup/cryptsetup.c | 23 | ||||
| -rw-r--r-- | src/shared/cryptsetup-fido2.c | 11 | ||||
| -rw-r--r-- | src/shared/cryptsetup-fido2.h | 6 |
5 files changed, 26 insertions, 32 deletions
diff --git a/src/cryptsetup/cryptsetup-pkcs11.c b/src/cryptsetup/cryptsetup-pkcs11.c index 3443b8f585..c7ecca865e 100644 --- a/src/cryptsetup/cryptsetup-pkcs11.c +++ b/src/cryptsetup/cryptsetup-pkcs11.c @@ -16,6 +16,7 @@ #include "fileio.h" #include "format-util.h" #include "hexdecoct.h" +#include "iovec-util.h" #include "macro.h" #include "memory-util.h" #include "parse-util.h" @@ -31,8 +32,7 @@ int decrypt_pkcs11_key( const char *key_file, /* We either expect key_file and associated parameters to be set (for file keys) … */ size_t key_file_size, uint64_t key_file_offset, - const void *key_data, /* … or key_data and key_data_size (for literal keys) */ - size_t key_data_size, + const struct iovec *key_data, /* … or literal keys via key_data */ usec_t until, AskPasswordFlags askpw_flags, void **ret_decrypted_key, @@ -47,15 +47,15 @@ int decrypt_pkcs11_key( assert(friendly_name); assert(pkcs11_uri); - assert(key_file || key_data); + assert(key_file || iovec_is_set(key_data)); assert(ret_decrypted_key); assert(ret_decrypted_key_size); /* The functions called here log about all errors, except for EAGAIN which means "token not found right now" */ - if (key_data) { - data.encrypted_key = (void*) key_data; - data.encrypted_key_size = key_data_size; + if (iovec_is_set(key_data)) { + data.encrypted_key = (void*) key_data->iov_base; + data.encrypted_key_size = key_data->iov_len; data.free_encrypted_key = false; } else { diff --git a/src/cryptsetup/cryptsetup-pkcs11.h b/src/cryptsetup/cryptsetup-pkcs11.h index 22e6992582..83a2b54be3 100644 --- a/src/cryptsetup/cryptsetup-pkcs11.h +++ b/src/cryptsetup/cryptsetup-pkcs11.h @@ -16,8 +16,7 @@ int decrypt_pkcs11_key( const char *key_file, size_t key_file_size, uint64_t key_file_offset, - const void *key_data, - size_t key_data_size, + const struct iovec *key_data, usec_t until, AskPasswordFlags askpw_flags, void **ret_decrypted_key, @@ -39,8 +38,7 @@ static inline int decrypt_pkcs11_key( const char *key_file, size_t key_file_size, uint64_t key_file_offset, - const void *key_data, - size_t key_data_size, + const struct iovec *key_data, usec_t until, AskPasswordFlags askpw_flags, void **ret_decrypted_key, diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c index a415c3e6d7..ee93fd3dca 100644 --- a/src/cryptsetup/cryptsetup.c +++ b/src/cryptsetup/cryptsetup.c @@ -1471,8 +1471,7 @@ static int attach_luks_or_plain_or_bitlk_by_fido2( struct crypt_device *cd, const char *name, const char *key_file, - const void *key_data, - size_t key_data_size, + const struct iovec *key_data, usec_t until, uint32_t flags, bool pass_volume_key) { @@ -1489,7 +1488,7 @@ static int attach_luks_or_plain_or_bitlk_by_fido2( assert(name); assert(arg_fido2_device || arg_fido2_device_auto); - if (arg_fido2_cid && !key_file && !key_data) + if (arg_fido2_cid && !key_file && !iovec_is_set(key_data)) return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "FIDO2 mode with manual parameters selected, but no keyfile specified, refusing."); @@ -1513,7 +1512,7 @@ static int attach_luks_or_plain_or_bitlk_by_fido2( arg_fido2_rp_id, arg_fido2_cid, arg_fido2_cid_size, key_file, arg_keyfile_size, arg_keyfile_offset, - key_data, key_data_size, + key_data, until, arg_fido2_manual_flags, "cryptsetup.fido2-pin", @@ -1623,8 +1622,7 @@ static int attach_luks_or_plain_or_bitlk_by_pkcs11( struct crypt_device *cd, const char *name, const char *key_file, - const void *key_data, - size_t key_data_size, + const struct iovec *key_data, usec_t until, uint32_t flags, bool pass_volume_key) { @@ -1635,6 +1633,7 @@ static int attach_luks_or_plain_or_bitlk_by_pkcs11( _cleanup_(erase_and_freep) void *decrypted_key = NULL; _cleanup_(sd_event_unrefp) sd_event *event = NULL; _cleanup_free_ void *discovered_key = NULL; + struct iovec discovered_key_data = {}; int keyslot = arg_key_slot, r; const char *uri = NULL; bool use_libcryptsetup_plugin = use_token_plugins(); @@ -1653,13 +1652,13 @@ static int attach_luks_or_plain_or_bitlk_by_pkcs11( return r; uri = discovered_uri; - key_data = discovered_key; - key_data_size = discovered_key_size; + discovered_key_data = IOVEC_MAKE(discovered_key, discovered_key_size); + key_data = &discovered_key_data; } } else { uri = arg_pkcs11_uri; - if (!key_file && !key_data) + if (!key_file && !iovec_is_set(key_data)) return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "PKCS#11 mode selected but no key file specified, refusing."); } @@ -1682,7 +1681,7 @@ static int attach_luks_or_plain_or_bitlk_by_pkcs11( friendly, uri, key_file, arg_keyfile_size, arg_keyfile_offset, - key_data, key_data_size, + key_data, until, arg_ask_password_flags, &decrypted_key, &decrypted_key_size); @@ -2231,9 +2230,9 @@ static int attach_luks_or_plain_or_bitlk( if (token_type == TOKEN_TPM2) return attach_luks_or_plain_or_bitlk_by_tpm2(cd, name, key_file, key_data, until, flags, pass_volume_key); if (token_type == TOKEN_FIDO2) - return attach_luks_or_plain_or_bitlk_by_fido2(cd, name, key_file, key_data->iov_base, key_data->iov_len, until, flags, pass_volume_key); + return attach_luks_or_plain_or_bitlk_by_fido2(cd, name, key_file, key_data, until, flags, pass_volume_key); if (token_type == TOKEN_PKCS11) - return attach_luks_or_plain_or_bitlk_by_pkcs11(cd, name, key_file, key_data->iov_base, key_data->iov_len, until, flags, pass_volume_key); + return attach_luks_or_plain_or_bitlk_by_pkcs11(cd, name, key_file, key_data, until, flags, pass_volume_key); if (key_data) return attach_luks_or_plain_or_bitlk_by_key_data(cd, name, key_data, flags, pass_volume_key); if (key_file) diff --git a/src/shared/cryptsetup-fido2.c b/src/shared/cryptsetup-fido2.c index 9ac728594a..1e1ef6dec0 100644 --- a/src/shared/cryptsetup-fido2.c +++ b/src/shared/cryptsetup-fido2.c @@ -24,8 +24,7 @@ int acquire_fido2_key( const char *key_file, size_t key_file_size, uint64_t key_file_offset, - const void *key_data, - size_t key_data_size, + const struct iovec *key_data, usec_t until, Fido2EnrollFlags required, const char *askpw_credential, @@ -45,10 +44,10 @@ int acquire_fido2_key( "Local verification is required to unlock this volume, but the 'headless' parameter was set."); assert(cid); - assert(key_file || key_data); + assert(key_file || iovec_is_set(key_data)); - if (key_data) - salt = IOVEC_MAKE(key_data, key_data_size); + if (iovec_is_set(key_data)) + salt = *key_data; else { if (key_file_size > 0) log_debug("Ignoring 'keyfile-size=' option for a FIDO2 salt file."); @@ -252,7 +251,7 @@ int acquire_fido2_key_auto( /* key_file= */ NULL, /* salt is read from LUKS header instead of key_file */ /* key_file_size= */ 0, /* key_file_offset= */ 0, - salt, salt_size, + &IOVEC_MAKE(salt, salt_size), until, required, "cryptsetup.fido2-pin", diff --git a/src/shared/cryptsetup-fido2.h b/src/shared/cryptsetup-fido2.h index bd25566806..86ac30c766 100644 --- a/src/shared/cryptsetup-fido2.h +++ b/src/shared/cryptsetup-fido2.h @@ -20,8 +20,7 @@ int acquire_fido2_key( const char *key_file, size_t key_file_size, uint64_t key_file_offset, - const void *key_data, - size_t key_data_size, + const struct iovec *key_data, usec_t until, Fido2EnrollFlags required, const char *askpw_credential, @@ -52,8 +51,7 @@ static inline int acquire_fido2_key( const char *key_file, size_t key_file_size, uint64_t key_file_offset, - const void *key_data, - size_t key_data_size, + const struct iovec *key_data, usec_t until, Fido2EnrollFlags required, const char *askpw_credential, |