rpms / cryptsetup

Clone
Source Code
GIT

Blame SOURCES/cryptsetup-2.6.0-Move-cipher_dm2c-to-crypto-utilities.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   c31bd25768cbfce242053a769cb1367c40c06d76
  2.   SOURCES
  3.   cryptsetup-2.6.0-Move-cipher_dm2c-to-crypto-utilities.patch
Blob History Raw
c31bd2 
From 9a9ddc7d22e14e14c9a6e97860cffada406adac3 Mon Sep 17 00:00:00 2001
c31bd2 
From: Ondrej Kozina <okozina@redhat.com>
c31bd2 
Date: Tue, 11 Oct 2022 10:50:17 +0200
c31bd2 
Subject: [PATCH 2/5] Move cipher_dm2c to crypto utilities.
c31bd2
c31bd2 
(Gets renamed to crypt_capi_to_cipher)
c31bd2 
---
c31bd2 
 lib/libdevmapper.c | 84 +++-------------------------------------------
c31bd2 
 lib/utils_crypt.c  | 72 +++++++++++++++++++++++++++++++++++++++
c31bd2 
 lib/utils_crypt.h  | 11 ++++--
c31bd2 
 3 files changed, 85 insertions(+), 82 deletions(-)
c31bd2
c31bd2 
diff --git a/lib/libdevmapper.c b/lib/libdevmapper.c
c31bd2 
index 0e45a789..7fcf843f 100644
c31bd2 
--- a/lib/libdevmapper.c
c31bd2 
+++ b/lib/libdevmapper.c
c31bd2 
@@ -476,27 +476,22 @@ static size_t int_log10(uint64_t x)
c31bd2 
 	return r;
c31bd2 
 }
c31bd2
c31bd2 
-#define CLEN    64   /* 2*MAX_CIPHER_LEN */
c31bd2 
-#define CLENS  "63"  /* for sscanf length + '\0' */
c31bd2 
-#define CAPIL  144   /* should be enough to fit whole capi string */
c31bd2 
-#define CAPIS "143"  /* for sscanf of crypto API string + 16  + \0 */
c31bd2 
-
c31bd2 
 static int cipher_dm2c(const char *org_c, const char *org_i, unsigned tag_size,
c31bd2 
 		       char *c_dm, int c_dm_size,
c31bd2 
 		       char *i_dm, int i_dm_size)
c31bd2 
 {
c31bd2 
 	int c_size = 0, i_size = 0, i;
c31bd2 
-	char cipher[CLEN], mode[CLEN], iv[CLEN+1], tmp[CLEN];
c31bd2 
-	char capi[CAPIL];
c31bd2 
+	char cipher[MAX_CAPI_ONE_LEN], mode[MAX_CAPI_ONE_LEN], iv[MAX_CAPI_ONE_LEN+1],
c31bd2 
+	     tmp[MAX_CAPI_ONE_LEN], capi[MAX_CAPI_LEN];
c31bd2
c31bd2 
 	if (!c_dm || !c_dm_size || !i_dm || !i_dm_size)
c31bd2 
 		return -EINVAL;
c31bd2
c31bd2 
-	i = sscanf(org_c, "%" CLENS "[^-]-%" CLENS "s", cipher, tmp);
c31bd2 
+	i = sscanf(org_c, "%" MAX_CAPI_ONE_LEN_STR "[^-]-%" MAX_CAPI_ONE_LEN_STR "s", cipher, tmp);
c31bd2 
 	if (i != 2)
c31bd2 
 		return -EINVAL;
c31bd2
c31bd2 
-	i = sscanf(tmp, "%" CLENS "[^-]-%" CLENS "s", mode, iv);
c31bd2 
+	i = sscanf(tmp, "%" MAX_CAPI_ONE_LEN_STR "[^-]-%" MAX_CAPI_ONE_LEN_STR "s", mode, iv);
c31bd2 
 	if (i == 1) {
c31bd2 
 		memset(iv, 0, sizeof(iv));
c31bd2 
 		strncpy(iv, mode, sizeof(iv)-1);
c31bd2 
@@ -543,75 +538,6 @@ static int cipher_dm2c(const char *org_c, const char *org_i, unsigned tag_size,
c31bd2 
 	return 0;
c31bd2 
 }
c31bd2
c31bd2 
-static int cipher_c2dm(char **org_c, char **org_i, const char *c_dm, const char *i_dm)
c31bd2 
-{
c31bd2 
-	char cipher[CLEN], mode[CLEN], iv[CLEN], auth[CLEN];
c31bd2 
-	char tmp[CAPIL], dmcrypt_tmp[CAPIL*2], capi[CAPIL+1];
c31bd2 
-	size_t len;
c31bd2 
-	int i;
c31bd2 
-
c31bd2 
-	if (!c_dm)
c31bd2 
-		return -EINVAL;
c31bd2 
-
c31bd2 
-	/* legacy mode */
c31bd2 
-	if (strncmp(c_dm, "capi:", 4)) {
c31bd2 
-		if (!(*org_c = strdup(c_dm)))
c31bd2 
-			return -ENOMEM;
c31bd2 
-		*org_i = NULL;
c31bd2 
-		return 0;
c31bd2 
-	}
c31bd2 
-
c31bd2 
-	/* modes with capi: prefix */
c31bd2 
-	i = sscanf(c_dm, "capi:%" CAPIS "[^-]-%" CLENS "s", tmp, iv);
c31bd2 
-	if (i != 2)
c31bd2 
-		return -EINVAL;
c31bd2 
-
c31bd2 
-	len = strlen(tmp);
c31bd2 
-	if (len < 2)
c31bd2 
-		return -EINVAL;
c31bd2 
-
c31bd2 
-	if (tmp[len-1] == ')')
c31bd2 
-		tmp[len-1] = '\0';
c31bd2 
-
c31bd2 
-	if (sscanf(tmp, "rfc4309(%" CAPIS "s", capi) == 1) {
c31bd2 
-		if (!(*org_i = strdup("aead")))
c31bd2 
-			return -ENOMEM;
c31bd2 
-	} else if (sscanf(tmp, "rfc7539(%" CAPIS "[^,],%" CLENS "s", capi, auth) == 2) {
c31bd2 
-		if (!(*org_i = strdup(auth)))
c31bd2 
-			return -ENOMEM;
c31bd2 
-	} else if (sscanf(tmp, "authenc(%" CLENS "[^,],%" CAPIS "s", auth, capi) == 2) {
c31bd2 
-		if (!(*org_i = strdup(auth)))
c31bd2 
-			return -ENOMEM;
c31bd2 
-	} else {
c31bd2 
-		if (i_dm) {
c31bd2 
-			if (!(*org_i = strdup(i_dm)))
c31bd2 
-				return -ENOMEM;
c31bd2 
-		} else
c31bd2 
-			*org_i = NULL;
c31bd2 
-		memset(capi, 0, sizeof(capi));
c31bd2 
-		strncpy(capi, tmp, sizeof(capi)-1);
c31bd2 
-	}
c31bd2 
-
c31bd2 
-	i = sscanf(capi, "%" CLENS "[^(](%" CLENS "[^)])", mode, cipher);
c31bd2 
-	if (i == 2)
c31bd2 
-		i = snprintf(dmcrypt_tmp, sizeof(dmcrypt_tmp), "%s-%s-%s", cipher, mode, iv);
c31bd2 
-	else
c31bd2 
-		i = snprintf(dmcrypt_tmp, sizeof(dmcrypt_tmp), "%s-%s", capi, iv);
c31bd2 
-	if (i < 0 || (size_t)i >= sizeof(dmcrypt_tmp)) {
c31bd2 
-		free(*org_i);
c31bd2 
-		*org_i = NULL;
c31bd2 
-		return -EINVAL;
c31bd2 
-	}
c31bd2 
-
c31bd2 
-	if (!(*org_c = strdup(dmcrypt_tmp))) {
c31bd2 
-		free(*org_i);
c31bd2 
-		*org_i = NULL;
c31bd2 
-		return -ENOMEM;
c31bd2 
-	}
c31bd2 
-
c31bd2 
-	return 0;
c31bd2 
-}
c31bd2 
-
c31bd2 
 static char *_uf(char *buf, size_t buf_size, const char *s, unsigned u)
c31bd2 
 {
c31bd2 
 	size_t r = snprintf(buf, buf_size, " %s:%u", s, u);
c31bd2 
@@ -2066,7 +1992,7 @@ static int _dm_target_query_crypt(struct crypt_device *cd, uint32_t get_flags,
c31bd2
c31bd2 
 	/* cipher */
c31bd2 
 	if (get_flags & DM_ACTIVE_CRYPT_CIPHER) {
c31bd2 
-		r = cipher_c2dm(CONST_CAST(char**)&cipher,
c31bd2 
+		r = crypt_capi_to_cipher(CONST_CAST(char**)&cipher,
c31bd2 
 				CONST_CAST(char**)&integrity,
c31bd2 
 				rcipher, rintegrity);
c31bd2 
 		if (r < 0)
c31bd2 
diff --git a/lib/utils_crypt.c b/lib/utils_crypt.c
c31bd2 
index 83d0a2c5..4f4dbba8 100644
c31bd2 
--- a/lib/utils_crypt.c
c31bd2 
+++ b/lib/utils_crypt.c
c31bd2 
@@ -31,6 +31,8 @@
c31bd2 
 #include "libcryptsetup.h"
c31bd2 
 #include "utils_crypt.h"
c31bd2
c31bd2 
+#define MAX_CAPI_LEN_STR "143" /* for sscanf of crypto API string + 16  + \0 */
c31bd2 
+
c31bd2 
 int crypt_parse_name_and_mode(const char *s, char *cipher, int *key_nums,
c31bd2 
 			      char *cipher_mode)
c31bd2 
 {
c31bd2 
@@ -266,3 +268,73 @@ bool crypt_is_cipher_null(const char *cipher_spec)
c31bd2 
 		return false;
c31bd2 
 	return (strstr(cipher_spec, "cipher_null") || !strcmp(cipher_spec, "null"));
c31bd2 
 }
c31bd2 
+
c31bd2 
+int crypt_capi_to_cipher(char **org_c, char **org_i, const char *c_dm, const char *i_dm)
c31bd2 
+{
c31bd2 
+	char cipher[MAX_CAPI_ONE_LEN], mode[MAX_CAPI_ONE_LEN], iv[MAX_CAPI_ONE_LEN],
c31bd2 
+	     auth[MAX_CAPI_ONE_LEN], tmp[MAX_CAPI_LEN], dmcrypt_tmp[MAX_CAPI_LEN*2],
c31bd2 
+	     capi[MAX_CAPI_LEN+1];
c31bd2 
+	size_t len;
c31bd2 
+	int i;
c31bd2 
+
c31bd2 
+	if (!c_dm)
c31bd2 
+		return -EINVAL;
c31bd2 
+
c31bd2 
+	/* legacy mode */
c31bd2 
+	if (strncmp(c_dm, "capi:", 4)) {
c31bd2 
+		if (!(*org_c = strdup(c_dm)))
c31bd2 
+			return -ENOMEM;
c31bd2 
+		*org_i = NULL;
c31bd2 
+		return 0;
c31bd2 
+	}
c31bd2 
+
c31bd2 
+	/* modes with capi: prefix */
c31bd2 
+	i = sscanf(c_dm, "capi:%" MAX_CAPI_LEN_STR "[^-]-%" MAX_CAPI_ONE_LEN_STR "s", tmp, iv);
c31bd2 
+	if (i != 2)
c31bd2 
+		return -EINVAL;
c31bd2 
+
c31bd2 
+	len = strlen(tmp);
c31bd2 
+	if (len < 2)
c31bd2 
+		return -EINVAL;
c31bd2 
+
c31bd2 
+	if (tmp[len-1] == ')')
c31bd2 
+		tmp[len-1] = '\0';
c31bd2 
+
c31bd2 
+	if (sscanf(tmp, "rfc4309(%" MAX_CAPI_LEN_STR "s", capi) == 1) {
c31bd2 
+		if (!(*org_i = strdup("aead")))
c31bd2 
+			return -ENOMEM;
c31bd2 
+	} else if (sscanf(tmp, "rfc7539(%" MAX_CAPI_LEN_STR "[^,],%" MAX_CAPI_ONE_LEN_STR "s", capi, auth) == 2) {
c31bd2 
+		if (!(*org_i = strdup(auth)))
c31bd2 
+			return -ENOMEM;
c31bd2 
+	} else if (sscanf(tmp, "authenc(%" MAX_CAPI_ONE_LEN_STR "[^,],%" MAX_CAPI_LEN_STR "s", auth, capi) == 2) {
c31bd2 
+		if (!(*org_i = strdup(auth)))
c31bd2 
+			return -ENOMEM;
c31bd2 
+	} else {
c31bd2 
+		if (i_dm) {
c31bd2 
+			if (!(*org_i = strdup(i_dm)))
c31bd2 
+				return -ENOMEM;
c31bd2 
+		} else
c31bd2 
+			*org_i = NULL;
c31bd2 
+		memset(capi, 0, sizeof(capi));
c31bd2 
+		strncpy(capi, tmp, sizeof(capi)-1);
c31bd2 
+	}
c31bd2 
+
c31bd2 
+	i = sscanf(capi, "%" MAX_CAPI_ONE_LEN_STR "[^(](%" MAX_CAPI_ONE_LEN_STR "[^)])", mode, cipher);
c31bd2 
+	if (i == 2)
c31bd2 
+		i = snprintf(dmcrypt_tmp, sizeof(dmcrypt_tmp), "%s-%s-%s", cipher, mode, iv);
c31bd2 
+	else
c31bd2 
+		i = snprintf(dmcrypt_tmp, sizeof(dmcrypt_tmp), "%s-%s", capi, iv);
c31bd2 
+	if (i < 0 || (size_t)i >= sizeof(dmcrypt_tmp)) {
c31bd2 
+		free(*org_i);
c31bd2 
+		*org_i = NULL;
c31bd2 
+		return -EINVAL;
c31bd2 
+	}
c31bd2 
+
c31bd2 
+	if (!(*org_c = strdup(dmcrypt_tmp))) {
c31bd2 
+		free(*org_i);
c31bd2 
+		*org_i = NULL;
c31bd2 
+		return -ENOMEM;
c31bd2 
+	}
c31bd2 
+
c31bd2 
+	return 0;
c31bd2 
+}
c31bd2 
diff --git a/lib/utils_crypt.h b/lib/utils_crypt.h
c31bd2 
index 5922350a..a4a9b6ca 100644
c31bd2 
--- a/lib/utils_crypt.h
c31bd2 
+++ b/lib/utils_crypt.h
c31bd2 
@@ -27,9 +27,12 @@
c31bd2 
 #include <stdbool.h>
c31bd2 
 #include <unistd.h>
c31bd2
c31bd2 
-#define MAX_CIPHER_LEN		32
c31bd2 
-#define MAX_CIPHER_LEN_STR	"31"
c31bd2 
-#define MAX_KEYFILES		32
c31bd2 
+#define MAX_CIPHER_LEN       32
c31bd2 
+#define MAX_CIPHER_LEN_STR   "31"
c31bd2 
+#define MAX_KEYFILES         32
c31bd2 
+#define MAX_CAPI_ONE_LEN     2 * MAX_CIPHER_LEN
c31bd2 
+#define MAX_CAPI_ONE_LEN_STR "63"  /* for sscanf length + '\0' */
c31bd2 
+#define MAX_CAPI_LEN         144   /* should be enough to fit whole capi string */
c31bd2
c31bd2 
 int crypt_parse_name_and_mode(const char *s, char *cipher,
c31bd2 
 			      int *key_nums, char *cipher_mode);
c31bd2 
@@ -46,4 +49,6 @@ void crypt_log_hex(struct crypt_device *cd,
c31bd2
c31bd2 
 bool crypt_is_cipher_null(const char *cipher_spec);
c31bd2
c31bd2 
+int crypt_capi_to_cipher(char **org_c, char **org_i, const char *c_dm, const char *i_dm);
c31bd2 
+
c31bd2 
 #endif /* _UTILS_CRYPT_H */
c31bd2 
--
c31bd2 
2.38.1
c31bd2

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation