X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=src%2Fcryptsetup%2Fcryptsetup.c;h=21b1260f1bf02d3208f34ac2a43f25eadd229332;hb=0411760af1ecd0bf4af07bb5775d32deda633600;hp=9b9074c52ad0c49af3aa3adfd1cb68caf6c314a7;hpb=ac1a87b9f2d085ef1f976a79042fe8797da9b329;p=elogind.git diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c index 9b9074c52..21b1260f1 100644 --- a/src/cryptsetup/cryptsetup.c +++ b/src/cryptsetup/cryptsetup.c @@ -88,6 +88,13 @@ static int parse_one_option(const char *option) { return 0; } + if (arg_key_size % 8) { + log_error("size= not a multiple of 8, ignoring."); + return 0; + } + + arg_key_size /= 8; + } else if (startswith(option, "key-slot=")) { arg_type = CRYPT_LUKS1; @@ -168,16 +175,16 @@ static int parse_one_option(const char *option) { } static int parse_options(const char *options) { - char *state, *w; + const char *word, *state; size_t l; int r; assert(options); - FOREACH_WORD_SEPARATOR(w, l, options, ",", state) { + FOREACH_WORD_SEPARATOR(word, l, options, ",", state) { _cleanup_free_ char *o; - o = strndup(w, l); + o = strndup(word, l); if (!o) return -ENOMEM; r = parse_one_option(o); @@ -257,6 +264,8 @@ static int get_password(const char *name, usec_t until, bool accept_cached, char int r; char **p; _cleanup_free_ char *text = NULL; + _cleanup_free_ char *escaped_name = NULL; + char *id; assert(name); assert(passwords); @@ -264,11 +273,15 @@ static int get_password(const char *name, usec_t until, bool accept_cached, char if (asprintf(&text, "Please enter passphrase for disk %s!", name) < 0) return log_oom(); - r = ask_password_auto(text, "drive-harddisk", until, accept_cached, passwords); - if (r < 0) { - log_error("Failed to query password: %s", strerror(-r)); - return r; - } + escaped_name = cescape(name); + if (!escaped_name) + return log_oom(); + + id = strappenda("cryptsetup:", escaped_name); + + r = ask_password_auto(text, "drive-harddisk", id, until, accept_cached, passwords); + if (r < 0) + return log_error_errno(r, "Failed to query password: %m"); if (arg_verify) { _cleanup_strv_free_ char **passwords2 = NULL; @@ -278,11 +291,11 @@ static int get_password(const char *name, usec_t until, bool accept_cached, char if (asprintf(&text, "Please enter passphrase for disk %s! (verification)", name) < 0) return log_oom(); - r = ask_password_auto(text, "drive-harddisk", until, false, &passwords2); - if (r < 0) { - log_error("Failed to query verification password: %s", strerror(-r)); - return r; - } + id = strappenda("cryptsetup-verification:", escaped_name); + + r = ask_password_auto(text, "drive-harddisk", id, until, false, &passwords2); + if (r < 0) + return log_error_errno(r, "Failed to query verification password: %m"); assert(strv_length(passwords2) == 1); @@ -327,7 +340,7 @@ static int attach_tcrypt(struct crypt_device *cd, assert(cd); assert(name); - assert(key_file || passwords); + assert(key_file || (passwords && passwords[0])); if (arg_tcrypt_hidden) params.flags |= CRYPT_TCRYPT_HIDDEN_HEADER; @@ -338,7 +351,7 @@ static int attach_tcrypt(struct crypt_device *cd, if (key_file) { r = read_one_line_file(key_file, &passphrase); if (r < 0) { - log_error("Failed to read password file '%s': %s", key_file, strerror(-r)); + log_error_errno(r, "Failed to read password file '%s': %m", key_file); return -EAGAIN; } @@ -383,7 +396,9 @@ static int attach_luks_or_plain(struct crypt_device *cd, /* plain isn't a real hash type. it just means "use no hash" */ if (!streq(arg_hash, "plain")) params.hash = arg_hash; - } else + } else if (!key_file) + /* for CRYPT_PLAIN, the behaviour of cryptsetup + * package is to not hash when a key file is provided */ params.hash = "ripemd160"; if (arg_cipher) { @@ -404,7 +419,7 @@ static int attach_luks_or_plain(struct crypt_device *cd, /* for CRYPT_PLAIN limit reads * from keyfile to key length, and * ignore keyfile-size */ - arg_keyfile_size = arg_key_size / 8; + arg_keyfile_size = arg_key_size; /* In contrast to what the name * crypt_setup() might suggest this @@ -419,10 +434,8 @@ static int attach_luks_or_plain(struct crypt_device *cd, pass_volume_key = (params.hash == NULL); } - if (r < 0) { - log_error("Loading of cryptographic parameters failed: %s", strerror(-r)); - return r; - } + if (r < 0) + return log_error_errno(r, "Loading of cryptographic parameters failed: %m"); log_info("Set cipher %s, mode %s, key size %i bits for device %s.", crypt_get_cipher(cd), @@ -435,7 +448,7 @@ static int attach_luks_or_plain(struct crypt_device *cd, key_file, arg_keyfile_size, arg_keyfile_offset, flags); if (r < 0) { - log_error("Failed to activate with key file '%s': %s", key_file, strerror(-r)); + log_error_errno(r, "Failed to activate with key file '%s': %m", key_file); return -EAGAIN; } } else { @@ -532,18 +545,23 @@ int main(int argc, char *argv[]) { description = NULL; } + k = 0; if (mount_point && description) - asprintf(&name_buffer, "%s (%s) on %s", description, argv[2], mount_point); + k = asprintf(&name_buffer, "%s (%s) on %s", description, argv[2], mount_point); else if (mount_point) - asprintf(&name_buffer, "%s on %s", argv[2], mount_point); + k = asprintf(&name_buffer, "%s on %s", argv[2], mount_point); else if (description) - asprintf(&name_buffer, "%s (%s)", description, argv[2]); + k = asprintf(&name_buffer, "%s (%s)", description, argv[2]); + if (k < 0) { + log_oom(); + goto finish; + } name = name_buffer ? name_buffer : argv[2]; k = crypt_init(&cd, argv[3]); if (k) { - log_error("crypt_init() failed: %s", strerror(-k)); + log_error_errno(k, "crypt_init() failed: %m"); goto finish; } @@ -567,7 +585,7 @@ int main(int argc, char *argv[]) { else until = 0; - arg_key_size = (arg_key_size > 0 ? arg_key_size : 256); + arg_key_size = (arg_key_size > 0 ? arg_key_size : (256 / 8)); if (key_file) { struct stat st; @@ -599,7 +617,7 @@ int main(int argc, char *argv[]) { key_file = NULL; continue; } else if (k != -EPERM) { - log_error("Failed to activate: %s", strerror(-k)); + log_error_errno(k, "Failed to activate: %m"); goto finish; } @@ -617,7 +635,7 @@ int main(int argc, char *argv[]) { k = crypt_init_by_name(&cd, argv[2]); if (k) { - log_error("crypt_init() failed: %s", strerror(-k)); + log_error_errno(k, "crypt_init() failed: %m"); goto finish; } @@ -625,7 +643,7 @@ int main(int argc, char *argv[]) { k = crypt_deactivate(cd, argv[2]); if (k < 0) { - log_error("Failed to deactivate: %s", strerror(-k)); + log_error_errno(k, "Failed to deactivate: %m"); goto finish; }