mirror of
https://github.com/morgan9e/systemd
synced 2026-04-14 08:25:20 +09:00
d794c10d96
Let's make use of libcryptsetup's new crypt_token_set_external_path() API in place of the interposition stuff we have been doing before. Let's kill it entirely, given that this was a developer feature only anyway (and guarded by an appropriate ifdef). Fixes: #30098
123 lines
4.4 KiB
C
123 lines
4.4 KiB
C
/* SPDX-License-Identifier: LGPL-2.1-or-later */
|
|
#pragma once
|
|
|
|
#include "sd-json.h"
|
|
|
|
#include "alloc-util.h"
|
|
#include "dlfcn-util.h"
|
|
#include "macro.h"
|
|
#include "string-util.h"
|
|
#include "strv.h"
|
|
|
|
#if HAVE_LIBCRYPTSETUP
|
|
#include <libcryptsetup.h>
|
|
|
|
/* These next two are defined in libcryptsetup.h from cryptsetup version 2.3.4 forwards. */
|
|
#ifndef CRYPT_ACTIVATE_NO_READ_WORKQUEUE
|
|
#define CRYPT_ACTIVATE_NO_READ_WORKQUEUE (1 << 24)
|
|
#endif
|
|
#ifndef CRYPT_ACTIVATE_NO_WRITE_WORKQUEUE
|
|
#define CRYPT_ACTIVATE_NO_WRITE_WORKQUEUE (1 << 25)
|
|
#endif
|
|
|
|
extern DLSYM_PROTOTYPE(crypt_activate_by_passphrase);
|
|
#if HAVE_CRYPT_ACTIVATE_BY_SIGNED_KEY
|
|
extern DLSYM_PROTOTYPE(crypt_activate_by_signed_key);
|
|
#endif
|
|
extern DLSYM_PROTOTYPE(crypt_activate_by_volume_key);
|
|
extern DLSYM_PROTOTYPE(crypt_deactivate_by_name);
|
|
extern DLSYM_PROTOTYPE(crypt_format);
|
|
extern DLSYM_PROTOTYPE(crypt_free);
|
|
extern DLSYM_PROTOTYPE(crypt_get_cipher);
|
|
extern DLSYM_PROTOTYPE(crypt_get_cipher_mode);
|
|
extern DLSYM_PROTOTYPE(crypt_get_data_offset);
|
|
extern DLSYM_PROTOTYPE(crypt_get_device_name);
|
|
extern DLSYM_PROTOTYPE(crypt_get_dir);
|
|
extern DLSYM_PROTOTYPE(crypt_get_type);
|
|
extern DLSYM_PROTOTYPE(crypt_get_uuid);
|
|
extern DLSYM_PROTOTYPE(crypt_get_verity_info);
|
|
extern DLSYM_PROTOTYPE(crypt_get_volume_key_size);
|
|
extern DLSYM_PROTOTYPE(crypt_init);
|
|
extern DLSYM_PROTOTYPE(crypt_init_by_name);
|
|
extern DLSYM_PROTOTYPE(crypt_keyslot_add_by_volume_key);
|
|
extern DLSYM_PROTOTYPE(crypt_keyslot_destroy);
|
|
extern DLSYM_PROTOTYPE(crypt_keyslot_max);
|
|
extern DLSYM_PROTOTYPE(crypt_load);
|
|
extern DLSYM_PROTOTYPE(crypt_resize);
|
|
#if HAVE_CRYPT_RESUME_BY_VOLUME_KEY
|
|
extern DLSYM_PROTOTYPE(crypt_resume_by_volume_key);
|
|
#endif
|
|
extern DLSYM_PROTOTYPE(crypt_set_data_device);
|
|
extern DLSYM_PROTOTYPE(crypt_set_debug_level);
|
|
extern DLSYM_PROTOTYPE(crypt_set_log_callback);
|
|
#if HAVE_CRYPT_SET_METADATA_SIZE
|
|
extern DLSYM_PROTOTYPE(crypt_set_metadata_size);
|
|
#endif
|
|
extern DLSYM_PROTOTYPE(crypt_set_pbkdf_type);
|
|
extern DLSYM_PROTOTYPE(crypt_suspend);
|
|
extern DLSYM_PROTOTYPE(crypt_token_json_get);
|
|
extern DLSYM_PROTOTYPE(crypt_token_json_set);
|
|
#if HAVE_CRYPT_TOKEN_MAX
|
|
extern DLSYM_PROTOTYPE(crypt_token_max);
|
|
#else
|
|
/* As a fallback, use the same hard-coded value libcryptsetup uses internally. */
|
|
static inline int crypt_token_max(_unused_ const char *type) {
|
|
assert(streq(type, CRYPT_LUKS2));
|
|
|
|
return 32;
|
|
}
|
|
#define sym_crypt_token_max(type) crypt_token_max(type)
|
|
#endif
|
|
#if HAVE_CRYPT_TOKEN_SET_EXTERNAL_PATH
|
|
extern DLSYM_PROTOTYPE(crypt_token_set_external_path);
|
|
#endif
|
|
extern DLSYM_PROTOTYPE(crypt_token_status);
|
|
extern DLSYM_PROTOTYPE(crypt_volume_key_get);
|
|
#if HAVE_CRYPT_REENCRYPT_INIT_BY_PASSPHRASE
|
|
extern DLSYM_PROTOTYPE(crypt_reencrypt_init_by_passphrase);
|
|
#endif
|
|
#if HAVE_CRYPT_REENCRYPT_RUN
|
|
extern DLSYM_PROTOTYPE(crypt_reencrypt_run);
|
|
#elif HAVE_CRYPT_REENCRYPT
|
|
extern DLSYM_PROTOTYPE(crypt_reencrypt);
|
|
#endif
|
|
extern DLSYM_PROTOTYPE(crypt_metadata_locking);
|
|
#if HAVE_CRYPT_SET_DATA_OFFSET
|
|
extern DLSYM_PROTOTYPE(crypt_set_data_offset);
|
|
#endif
|
|
extern DLSYM_PROTOTYPE(crypt_header_restore);
|
|
extern DLSYM_PROTOTYPE(crypt_volume_key_keyring);
|
|
|
|
DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(struct crypt_device *, crypt_free, NULL);
|
|
DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(struct crypt_device *, sym_crypt_free, NULL);
|
|
|
|
/* Be careful, this works with dlopen_cryptsetup(), that is, it calls sym_crypt_free() instead of crypt_free(). */
|
|
#define crypt_free_and_replace(a, b) \
|
|
free_and_replace_full(a, b, sym_crypt_free)
|
|
|
|
void cryptsetup_enable_logging(struct crypt_device *cd);
|
|
|
|
int cryptsetup_set_minimal_pbkdf(struct crypt_device *cd);
|
|
|
|
int cryptsetup_get_token_as_json(struct crypt_device *cd, int idx, const char *verify_type, sd_json_variant **ret);
|
|
int cryptsetup_add_token_json(struct crypt_device *cd, sd_json_variant *v);
|
|
|
|
#else
|
|
|
|
/* If libcryptsetup is not available, let's at least define the basic type and NOP destructors for it, to
|
|
* make a little bit less #ifdeferry necessary in main programs. */
|
|
struct crypt_device;
|
|
static inline void sym_crypt_free(struct crypt_device* cd) {}
|
|
static inline void sym_crypt_freep(struct crypt_device** cd) {}
|
|
|
|
#endif
|
|
|
|
int dlopen_cryptsetup(void);
|
|
|
|
int cryptsetup_get_keyslot_from_token(sd_json_variant *v);
|
|
|
|
static inline const char* mangle_none(const char *s) {
|
|
/* A helper that turns cryptsetup/integritysetup/veritysetup "options" strings into NULL if they are effectively empty */
|
|
return isempty(s) || STR_IN_SET(s, "-", "none") ? NULL : s;
|
|
}
|