25834419893

Committed 13 May 2026 10:51PM UTC coverage: 72.584% (+0.07%) from 72.513%

Build # 25834419893

Build Type

push

github

Committed by

bluca

Commit Message

nsresourced: re-link GID delegation file after atomic UID file write

userns_registry_remove() restores a sub-delegated UID range by writing
the previous owner's data to u<UID>.delegate with WRITE_STRING_FILE_ATOMIC.
Atomic writes go via a temp file and rename, which replaces the directory
entry with a fresh inode and severs the hardlink to g<GID>.delegate. The
stale GID side then keeps pointing at the prior inode with outdated owner
and ancestor data, so subsequent lookups via GID return wrong results.

Re-create the hardlink after the atomic write so the two views stay in
sync, matching what userns_registry_store() already does after writing
a new delegation.

Coverage Stats

5 of 8 new or added lines in 1 file covered. (62.5%)

4652 existing lines in 93 files now uncovered.

328958 of 453210 relevant lines covered (72.58%)

1305869.89 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

80.51

/src/shared/cryptsetup-util.c

/* SPDX-License-Identifier: LGPL-2.1-or-later */

#include <stdlib.h>

#include "sd-dlopen.h"
#include "sd-json.h"

#include "alloc-util.h"
#include "cryptsetup-util.h"
#include "dlfcn-util.h"
#include "escape.h"
#include "hexdecoct.h"
#include "hmac.h"
#include "log.h"
#include "parse-util.h"
#include "string-util.h"
#include "strv.h"

#if HAVE_LIBCRYPTSETUP
static void *cryptsetup_dl = NULL;

DLSYM_PROTOTYPE(crypt_activate_by_passphrase) = NULL;
DLSYM_PROTOTYPE(crypt_activate_by_signed_key) = NULL;
DLSYM_PROTOTYPE(crypt_activate_by_token_pin) = NULL;
DLSYM_PROTOTYPE(crypt_activate_by_volume_key) = NULL;
DLSYM_PROTOTYPE(crypt_deactivate) = NULL;
DLSYM_PROTOTYPE(crypt_deactivate_by_name) = NULL;
DLSYM_PROTOTYPE(crypt_format) = NULL;
DLSYM_PROTOTYPE(crypt_free) = NULL;
DLSYM_PROTOTYPE(crypt_get_cipher) = NULL;
DLSYM_PROTOTYPE(crypt_get_cipher_mode) = NULL;
DLSYM_PROTOTYPE(crypt_get_data_offset) = NULL;
DLSYM_PROTOTYPE(crypt_get_device_name) = NULL;
DLSYM_PROTOTYPE(crypt_get_dir) = NULL;
DLSYM_PROTOTYPE(crypt_get_type) = NULL;
DLSYM_PROTOTYPE(crypt_get_uuid) = NULL;
DLSYM_PROTOTYPE(crypt_get_verity_info) = NULL;
DLSYM_PROTOTYPE(crypt_get_volume_key_size) = NULL;
DLSYM_PROTOTYPE(crypt_header_restore) = NULL;
DLSYM_PROTOTYPE(crypt_init) = NULL;
DLSYM_PROTOTYPE(crypt_init_by_name) = NULL;
DLSYM_PROTOTYPE(crypt_init_data_device) = NULL;
DLSYM_PROTOTYPE(crypt_keyslot_add_by_volume_key) = NULL;
DLSYM_PROTOTYPE(crypt_keyslot_destroy) = NULL;
DLSYM_PROTOTYPE(crypt_keyslot_max) = NULL;
DLSYM_PROTOTYPE(crypt_keyslot_status) = NULL;
DLSYM_PROTOTYPE(crypt_load) = NULL;
DLSYM_PROTOTYPE(crypt_metadata_locking) = NULL;
DLSYM_PROTOTYPE(crypt_persistent_flags_get) = NULL;
DLSYM_PROTOTYPE(crypt_persistent_flags_set) = NULL;
DLSYM_PROTOTYPE(crypt_reencrypt_init_by_passphrase) = NULL;
DLSYM_PROTOTYPE(crypt_reencrypt_run);
DLSYM_PROTOTYPE(crypt_resize) = NULL;
DLSYM_PROTOTYPE(crypt_resume_by_volume_key) = NULL;
DLSYM_PROTOTYPE(crypt_set_data_device) = NULL;
DLSYM_PROTOTYPE(crypt_set_data_offset) = NULL;
DLSYM_PROTOTYPE(crypt_set_debug_level) = NULL;
static int missing_crypt_set_keyring_to_link(
                struct crypt_device *cd,
                const char *key_description,
                const char *old_key_description,
                const char *key_type_desc,
                const char *keyring_to_link_vk) {
        return -ENOSYS;
}
DLSYM_PROTOTYPE(crypt_set_keyring_to_link) = missing_crypt_set_keyring_to_link;
DLSYM_PROTOTYPE(crypt_set_log_callback) = NULL;
DLSYM_PROTOTYPE(crypt_set_metadata_size) = NULL;
DLSYM_PROTOTYPE(crypt_set_pbkdf_type) = NULL;
DLSYM_PROTOTYPE(crypt_status) = NULL;
DLSYM_PROTOTYPE(crypt_suspend) = NULL;
DLSYM_PROTOTYPE(crypt_token_external_path) = NULL;
DLSYM_PROTOTYPE(crypt_token_json_get) = NULL;
DLSYM_PROTOTYPE(crypt_token_json_set) = NULL;
DLSYM_PROTOTYPE(crypt_token_max) = NULL;
static int missing_crypt_token_set_external_path(const char *path) {
        return -ENOSYS;
}
DLSYM_PROTOTYPE(crypt_token_set_external_path) = missing_crypt_token_set_external_path;
DLSYM_PROTOTYPE(crypt_token_status) = NULL;
DLSYM_PROTOTYPE(crypt_volume_key_get) = NULL;
DLSYM_PROTOTYPE(crypt_volume_key_keyring) = NULL;
DLSYM_PROTOTYPE(crypt_wipe) = NULL;
DLSYM_PROTOTYPE(crypt_get_integrity_info) = NULL;

static void cryptsetup_log_glue(int level, const char *msg, void *usrptr) {

        switch (level) {
        case CRYPT_LOG_NORMAL:
                level = LOG_NOTICE;
                break;
        case CRYPT_LOG_ERROR:
                level = LOG_ERR;
                break;
        case CRYPT_LOG_VERBOSE:
                level = LOG_INFO;
                break;
        case CRYPT_LOG_DEBUG:
                level = LOG_DEBUG;
                break;
        default:
                log_error("Unknown libcryptsetup log level: %d", level);
                level = LOG_ERR;
        }

        log_full(level, "%s", msg);
}

void cryptsetup_enable_logging(struct crypt_device *cd) {
        /* It's OK to call this with a NULL parameter, in which case libcryptsetup will set the default log
         * function.
         *
         * Note that this is also called from dlopen_cryptsetup(), which we call here too. Sounds like an
         * endless loop, but isn't because we break it via the check for 'cryptsetup_dl' early in
         * dlopen_cryptsetup(). */

        if (dlopen_cryptsetup(LOG_DEBUG) < 0)
                return; /* If this fails, let's gracefully ignore the issue, this is just debug logging after
                         * all, and if this failed we already generated a debug log message that should help
                         * to track things down. */

        sym_crypt_set_log_callback(cd, cryptsetup_log_glue, NULL);
        sym_crypt_set_debug_level(DEBUG_LOGGING ? CRYPT_DEBUG_ALL : CRYPT_DEBUG_NONE);
}

int cryptsetup_set_minimal_pbkdf(struct crypt_device *cd) {

        /* With CRYPT_PBKDF_NO_BENCHMARK flag set .time_ms member is ignored
         * while .iterations must be set at least to recommended minimum value. */

        static const struct crypt_pbkdf_type minimal_pbkdf = {
                .hash = "sha512",
                .type = CRYPT_KDF_PBKDF2,
                .iterations = 1000, /* recommended minimum count for pbkdf2
                                     * according to NIST SP 800-132, ch. 5.2 */
                .flags = CRYPT_PBKDF_NO_BENCHMARK
        };

        int r;

        /* Sets a minimal PKBDF in case we already have a high entropy key. */

        r = sym_crypt_set_pbkdf_type(cd, &minimal_pbkdf);
        if (r < 0)
                return r;

        return 0;
}

int cryptsetup_get_token_as_json(
                struct crypt_device *cd,
                int idx,
                const char *verify_type,
                sd_json_variant **ret) {

        _cleanup_(sd_json_variant_unrefp) sd_json_variant *v = NULL;
        const char *text;
        int r;

        assert(cd);

        /* Extracts and parses the LUKS2 JSON token data from a LUKS2 device. Optionally verifies the type of
         * the token. Returns:
         *
         *      -EINVAL → token index out of range or "type" field missing
         *      -ENOENT → token doesn't exist
         * -EMEDIUMTYPE → "verify_type" specified and doesn't match token's type
         */

        r = sym_crypt_token_json_get(cd, idx, &text);
        if (r < 0)
                return r;

        r = sd_json_parse(text, 0, &v, NULL, NULL);
        if (r < 0)
                return r;

        if (verify_type) {
                sd_json_variant *w;

                w = sd_json_variant_by_key(v, "type");
                if (!w)
                        return -EINVAL;

                if (!streq_ptr(sd_json_variant_string(w), verify_type))
                        return -EMEDIUMTYPE;
        }

        if (ret)
                *ret = TAKE_PTR(v);

        return 0;
}

int cryptsetup_add_token_json(struct crypt_device *cd, sd_json_variant *v) {
        _cleanup_free_ char *text = NULL;
        int r;

        r = sd_json_variant_format(v, 0, &text);
        if (r < 0)
                return log_debug_errno(r, "Failed to format token data for LUKS: %m");

        log_debug("Adding token text <%s>", text);

        r = sym_crypt_token_json_set(cd, CRYPT_ANY_TOKEN, text);
        if (r < 0)
                return log_debug_errno(r, "Failed to write token data to LUKS: %m");

        return 0;
}

int cryptsetup_get_volume_key_prefix(
                struct crypt_device *cd,
                const char *volume_name,
                char **ret) {

        _cleanup_free_ char *volume = NULL;
        const char *uuid;
        char *s;

        assert(ret);

        uuid = sym_crypt_get_uuid(cd);
        if (!uuid)
                return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to get LUKS UUID.");

        if (volume_name)
                /* avoid ambiguity around ":" once we join things below */
                volume = xescape(volume_name, ":");
        else
                volume = strjoin("luks-", uuid);
        if (!volume)
                return log_oom_debug();

        s = strjoin("cryptsetup:", volume, ":", uuid);
        if (!s)
                return log_oom_debug();

        *ret = s;

        return 0;
}

/* The hash must match what measure_volume_key() extends to the SHA256 bank of the TPM2. */
int cryptsetup_get_volume_key_id(
                struct crypt_device *cd,
                const char *volume_name,
                const void *volume_key,
                size_t volume_key_size,
                char **ret) {

        _cleanup_free_ char *prefix = NULL;
        uint8_t digest[SHA256_DIGEST_SIZE];
        char *hex;
        int r;

        assert(ret);

        r = cryptsetup_get_volume_key_prefix(cd, volume_name, &prefix);
        if (r < 0)
                return log_debug_errno(r, "Failed to get LUKS volume key prefix.");

        hmac_sha256(volume_key, volume_key_size, prefix, strlen(prefix), digest);

        hex = hexmem(digest, sizeof(digest));
        if (!hex)
                return log_oom_debug();

        *ret = hex;

        return 0;
}
#endif

int dlopen_cryptsetup(int log_level) {
#if HAVE_LIBCRYPTSETUP
        int r;

        /* libcryptsetup added crypt_reencrypt() in 2.2.0, and marked it obsolete in 2.4.0, replacing it with
         * crypt_reencrypt_run(), which takes one extra argument but is otherwise identical. The old call is
         * still available though, and given we want to support 2.2.0 for a while longer, we'll use the old
         * symbol if the new one is not available. */

        SD_ELF_NOTE_DLOPEN(
                        "cryptsetup",
                        "Support for disk encryption, integrity, and authentication",
                        SD_ELF_NOTE_DLOPEN_PRIORITY_SUGGESTED,
                        "libcryptsetup.so.12");

        r = dlopen_many_sym_or_warn(
                        &cryptsetup_dl, "libcryptsetup.so.12", log_level,
                        DLSYM_ARG(crypt_activate_by_passphrase),
                        DLSYM_ARG(crypt_activate_by_signed_key),
                        DLSYM_ARG(crypt_activate_by_token_pin),
                        DLSYM_ARG(crypt_activate_by_volume_key),
                        DLSYM_ARG(crypt_deactivate),
                        DLSYM_ARG(crypt_deactivate_by_name),
                        DLSYM_ARG(crypt_format),
                        DLSYM_ARG(crypt_free),
                        DLSYM_ARG(crypt_get_cipher),
                        DLSYM_ARG(crypt_get_cipher_mode),
                        DLSYM_ARG(crypt_get_data_offset),
                        DLSYM_ARG(crypt_get_device_name),
                        DLSYM_ARG(crypt_get_dir),
                        DLSYM_ARG(crypt_get_type),
                        DLSYM_ARG(crypt_get_uuid),
                        DLSYM_ARG(crypt_get_verity_info),
                        DLSYM_ARG(crypt_get_volume_key_size),
                        DLSYM_ARG(crypt_header_restore),
                        DLSYM_ARG(crypt_init),
                        DLSYM_ARG(crypt_init_by_name),
                        DLSYM_ARG(crypt_init_data_device),
                        DLSYM_ARG(crypt_keyslot_add_by_volume_key),
                        DLSYM_ARG(crypt_keyslot_destroy),
                        DLSYM_ARG(crypt_keyslot_max),
                        DLSYM_ARG(crypt_keyslot_status),
                        DLSYM_ARG(crypt_load),
                        DLSYM_ARG(crypt_metadata_locking),
                        DLSYM_ARG(crypt_persistent_flags_get),
                        DLSYM_ARG(crypt_persistent_flags_set),
                        DLSYM_ARG(crypt_reencrypt_init_by_passphrase),
                        DLSYM_ARG(crypt_reencrypt_run),
                        DLSYM_ARG(crypt_resize),
                        DLSYM_ARG(crypt_resume_by_volume_key),
                        DLSYM_ARG(crypt_set_data_device),
                        DLSYM_ARG(crypt_set_data_offset),
                        DLSYM_ARG(crypt_set_debug_level),
                        DLSYM_ARG(crypt_set_log_callback),
                        DLSYM_ARG(crypt_set_metadata_size),
                        DLSYM_ARG(crypt_set_pbkdf_type),
                        DLSYM_ARG(crypt_status),
                        DLSYM_ARG(crypt_suspend),
                        DLSYM_ARG(crypt_token_external_path),
                        DLSYM_ARG(crypt_token_json_get),
                        DLSYM_ARG(crypt_token_json_set),
                        DLSYM_ARG(crypt_token_max),
                        DLSYM_ARG(crypt_token_status),
                        DLSYM_ARG(crypt_volume_key_get),
                        DLSYM_ARG(crypt_volume_key_keyring),
                        DLSYM_ARG(crypt_wipe),
                        DLSYM_ARG(crypt_get_integrity_info));
        if (r <= 0)
                return r;

        /* Optional symbols: present in libcryptsetup 2.7+ only. If unresolved, the prototype keeps its
         * static initializer pointing at a fallback that returns -ENOSYS, so call sites can invoke the
         * symbol unconditionally. */
        DLSYM_OPTIONAL(cryptsetup_dl, crypt_set_keyring_to_link);
        DLSYM_OPTIONAL(cryptsetup_dl, crypt_token_set_external_path);

        /* Redirect the default logging calls of libcryptsetup to our own logging infra. (Note that
         * libcryptsetup also maintains per-"struct crypt_device" log functions, which we'll also set
         * whenever allocating a "struct crypt_device" context. Why set both? To be defensive: maybe some
         * other code loaded into this process also changes the global log functions of libcryptsetup, who
         * knows? And if so, we still want our own objects to log via our own infra, at the very least.) */
        cryptsetup_enable_logging(NULL);

        const char *e = secure_getenv("SYSTEMD_CRYPTSETUP_TOKEN_PATH");
        if (e) {
                r = sym_crypt_token_set_external_path(e);
                if (r == -ENOSYS)
                        log_debug("Loaded libcryptsetup does not support setting the external token path, not setting it to '%s'.", e);
                else if (r < 0)
                        log_debug_errno(r, "Failed to set the libcryptsetup external token path to '%s', ignoring: %m", e);
        }

        return 1;
#else
        return log_full_errno(log_level, SYNTHETIC_ERRNO(EOPNOTSUPP),
                              "libcryptsetup support is not compiled in.");
#endif
}

int cryptsetup_get_keyslot_from_token(sd_json_variant *v) {
        int keyslot, r;
        sd_json_variant *w;

        /* Parses the "keyslots" field of a LUKS2 token object. The field can be an array, but here we assume
         * that it contains a single element only, since that's the only way we ever generate it
         * ourselves. */

        w = sd_json_variant_by_key(v, "keyslots");
        if (!w)
                return -ENOENT;
        if (!sd_json_variant_is_array(w) || sd_json_variant_elements(w) != 1)
                return -EMEDIUMTYPE;

        w = sd_json_variant_by_index(w, 0);
        if (!w)
                return -ENOENT;
        if (!sd_json_variant_is_string(w))
                return -EMEDIUMTYPE;

        r = safe_atoi(sd_json_variant_string(w), &keyslot);
        if (r < 0)
                return r;
        if (keyslot < 0)
                return -EINVAL;

        return keyslot;
}

const char* mangle_none(const char *s) {
        /* A helper that turns cryptsetup/integritysetup/veritysetup "options" strings into NULL if they are effectively empty */
        return isempty(s) || STR_IN_SET(s, "-", "none") ? NULL : s;
}

1	/* SPDX-License-Identifier: LGPL-2.1-or-later */
2
3	#include <stdlib.h>
4
5	#include "sd-dlopen.h"
6	#include "sd-json.h"
7
8	#include "alloc-util.h"
9	#include "cryptsetup-util.h"
10	#include "dlfcn-util.h"
11	#include "escape.h"
12	#include "hexdecoct.h"
13	#include "hmac.h"
14	#include "log.h"
15	#include "parse-util.h"
16	#include "string-util.h"
17	#include "strv.h"
18
19	#if HAVE_LIBCRYPTSETUP
20	static void *cryptsetup_dl = NULL;
21
22	DLSYM_PROTOTYPE(crypt_activate_by_passphrase) = NULL;
23	DLSYM_PROTOTYPE(crypt_activate_by_signed_key) = NULL;
24	DLSYM_PROTOTYPE(crypt_activate_by_token_pin) = NULL;
25	DLSYM_PROTOTYPE(crypt_activate_by_volume_key) = NULL;
26	DLSYM_PROTOTYPE(crypt_deactivate) = NULL;
27	DLSYM_PROTOTYPE(crypt_deactivate_by_name) = NULL;
28	DLSYM_PROTOTYPE(crypt_format) = NULL;
29	DLSYM_PROTOTYPE(crypt_free) = NULL;
30	DLSYM_PROTOTYPE(crypt_get_cipher) = NULL;
31	DLSYM_PROTOTYPE(crypt_get_cipher_mode) = NULL;
32	DLSYM_PROTOTYPE(crypt_get_data_offset) = NULL;
33	DLSYM_PROTOTYPE(crypt_get_device_name) = NULL;
34	DLSYM_PROTOTYPE(crypt_get_dir) = NULL;
35	DLSYM_PROTOTYPE(crypt_get_type) = NULL;
36	DLSYM_PROTOTYPE(crypt_get_uuid) = NULL;
37	DLSYM_PROTOTYPE(crypt_get_verity_info) = NULL;
38	DLSYM_PROTOTYPE(crypt_get_volume_key_size) = NULL;
39	DLSYM_PROTOTYPE(crypt_header_restore) = NULL;
40	DLSYM_PROTOTYPE(crypt_init) = NULL;
41	DLSYM_PROTOTYPE(crypt_init_by_name) = NULL;
42	DLSYM_PROTOTYPE(crypt_init_data_device) = NULL;
43	DLSYM_PROTOTYPE(crypt_keyslot_add_by_volume_key) = NULL;
44	DLSYM_PROTOTYPE(crypt_keyslot_destroy) = NULL;
45	DLSYM_PROTOTYPE(crypt_keyslot_max) = NULL;
46	DLSYM_PROTOTYPE(crypt_keyslot_status) = NULL;
47	DLSYM_PROTOTYPE(crypt_load) = NULL;
48	DLSYM_PROTOTYPE(crypt_metadata_locking) = NULL;
49	DLSYM_PROTOTYPE(crypt_persistent_flags_get) = NULL;
50	DLSYM_PROTOTYPE(crypt_persistent_flags_set) = NULL;
51	DLSYM_PROTOTYPE(crypt_reencrypt_init_by_passphrase) = NULL;
52	DLSYM_PROTOTYPE(crypt_reencrypt_run);
53	DLSYM_PROTOTYPE(crypt_resize) = NULL;
54	DLSYM_PROTOTYPE(crypt_resume_by_volume_key) = NULL;
55	DLSYM_PROTOTYPE(crypt_set_data_device) = NULL;
56	DLSYM_PROTOTYPE(crypt_set_data_offset) = NULL;
57	DLSYM_PROTOTYPE(crypt_set_debug_level) = NULL;
UNCOV 58	static int missing_crypt_set_keyring_to_link(	×
59	struct crypt_device *cd,
60	const char *key_description,
61	const char *old_key_description,
62	const char *key_type_desc,
63	const char *keyring_to_link_vk) {
UNCOV 64	return -ENOSYS;	×
65	}
66	DLSYM_PROTOTYPE(crypt_set_keyring_to_link) = missing_crypt_set_keyring_to_link;
67	DLSYM_PROTOTYPE(crypt_set_log_callback) = NULL;
68	DLSYM_PROTOTYPE(crypt_set_metadata_size) = NULL;
69	DLSYM_PROTOTYPE(crypt_set_pbkdf_type) = NULL;
70	DLSYM_PROTOTYPE(crypt_status) = NULL;
71	DLSYM_PROTOTYPE(crypt_suspend) = NULL;
72	DLSYM_PROTOTYPE(crypt_token_external_path) = NULL;
73	DLSYM_PROTOTYPE(crypt_token_json_get) = NULL;
74	DLSYM_PROTOTYPE(crypt_token_json_set) = NULL;
75	DLSYM_PROTOTYPE(crypt_token_max) = NULL;
UNCOV 76	static int missing_crypt_token_set_external_path(const char *path) {	×
UNCOV 77	return -ENOSYS;	×
78	}
79	DLSYM_PROTOTYPE(crypt_token_set_external_path) = missing_crypt_token_set_external_path;
80	DLSYM_PROTOTYPE(crypt_token_status) = NULL;
81	DLSYM_PROTOTYPE(crypt_volume_key_get) = NULL;
82	DLSYM_PROTOTYPE(crypt_volume_key_keyring) = NULL;
83	DLSYM_PROTOTYPE(crypt_wipe) = NULL;
84	DLSYM_PROTOTYPE(crypt_get_integrity_info) = NULL;
85
86	static void cryptsetup_log_glue(int level, const char msg, void usrptr) {	35,857✔
87
88	switch (level) {	35,857✔
89	case CRYPT_LOG_NORMAL:
90	level = LOG_NOTICE;
91	break;
92	case CRYPT_LOG_ERROR:	44✔
93	level = LOG_ERR;	44✔
94	break;	44✔
95	case CRYPT_LOG_VERBOSE:	×
UNCOV 96	level = LOG_INFO;	×
UNCOV 97	break;	×
98	case CRYPT_LOG_DEBUG:	35,813✔
99	level = LOG_DEBUG;	35,813✔
100	break;	35,813✔
101	default:
UNCOV 102	log_error("Unknown libcryptsetup log level: %d", level);	×
103	level = LOG_ERR;
104	}
105
106	log_full(level, "%s", msg);	35,857✔
107	}	35,857✔
108
109	void cryptsetup_enable_logging(struct crypt_device *cd) {	12,987✔
110	/* It's OK to call this with a NULL parameter, in which case libcryptsetup will set the default log
111	* function.
112	*
113	* Note that this is also called from dlopen_cryptsetup(), which we call here too. Sounds like an
114	* endless loop, but isn't because we break it via the check for 'cryptsetup_dl' early in
115	* dlopen_cryptsetup(). */
116
117	if (dlopen_cryptsetup(LOG_DEBUG) < 0)	12,987✔
118	return; /* If this fails, let's gracefully ignore the issue, this is just debug logging after
119	* all, and if this failed we already generated a debug log message that should help
120	* to track things down. */
121
122	sym_crypt_set_log_callback(cd, cryptsetup_log_glue, NULL);	12,987✔
123	sym_crypt_set_debug_level(DEBUG_LOGGING ? CRYPT_DEBUG_ALL : CRYPT_DEBUG_NONE);	13,050✔
124	}
125
126	int cryptsetup_set_minimal_pbkdf(struct crypt_device *cd) {	45✔
127
128	/* With CRYPT_PBKDF_NO_BENCHMARK flag set .time_ms member is ignored
129	* while .iterations must be set at least to recommended minimum value. */
130
131	static const struct crypt_pbkdf_type minimal_pbkdf = {	45✔
132	.hash = "sha512",
133	.type = CRYPT_KDF_PBKDF2,
134	.iterations = 1000, /* recommended minimum count for pbkdf2
135	* according to NIST SP 800-132, ch. 5.2 */
136	.flags = CRYPT_PBKDF_NO_BENCHMARK
137	};
138
139	int r;	45✔
140
141	/* Sets a minimal PKBDF in case we already have a high entropy key. */
142
143	r = sym_crypt_set_pbkdf_type(cd, &minimal_pbkdf);	45✔
144	if (r < 0)	45✔
UNCOV 145	return r;	×
146
147	return 0;
148	}
149
150	int cryptsetup_get_token_as_json(	5,653✔
151	struct crypt_device *cd,
152	int idx,
153	const char *verify_type,
154	sd_json_variant **ret) {
155
156	_cleanup_(sd_json_variant_unrefp) sd_json_variant *v = NULL;	5,653✔
157	const char *text;	5,653✔
158	int r;	5,653✔
159
160	assert(cd);	5,653✔
161
162	/* Extracts and parses the LUKS2 JSON token data from a LUKS2 device. Optionally verifies the type of
163	* the token. Returns:
164	*
165	* -EINVAL → token index out of range or "type" field missing
166	* -ENOENT → token doesn't exist
167	* -EMEDIUMTYPE → "verify_type" specified and doesn't match token's type
168	*/
169
170	r = sym_crypt_token_json_get(cd, idx, &text);	5,653✔
171	if (r < 0)	5,653✔
172	return r;
173
174	r = sd_json_parse(text, 0, &v, NULL, NULL);	404✔
175	if (r < 0)	404✔
176	return r;
177
178	if (verify_type) {	404✔
179	sd_json_variant *w;	240✔
180
181	w = sd_json_variant_by_key(v, "type");	240✔
182	if (!w)	240✔
183	return -EINVAL;
184
185	if (!streq_ptr(sd_json_variant_string(w), verify_type))	240✔
186	return -EMEDIUMTYPE;
187	}
188
189	if (ret)	180✔
190	*ret = TAKE_PTR(v);	180✔
191
192	return 0;
193	}
194
195	int cryptsetup_add_token_json(struct crypt_device cd, sd_json_variant v) {	45✔
196	_cleanup_free_ char *text = NULL;	45✔
197	int r;	45✔
198
199	r = sd_json_variant_format(v, 0, &text);	45✔
200	if (r < 0)	45✔
UNCOV 201	return log_debug_errno(r, "Failed to format token data for LUKS: %m");	×
202
203	log_debug("Adding token text <%s>", text);	45✔
204
205	r = sym_crypt_token_json_set(cd, CRYPT_ANY_TOKEN, text);	45✔
206	if (r < 0)	45✔
UNCOV 207	return log_debug_errno(r, "Failed to write token data to LUKS: %m");	×
208
209	return 0;
210	}
211
212	int cryptsetup_get_volume_key_prefix(	7✔
213	struct crypt_device *cd,
214	const char *volume_name,
215	char **ret) {
216
217	_cleanup_free_ char *volume = NULL;	7✔
218	const char *uuid;	7✔
219	char *s;	7✔
220
221	assert(ret);	7✔
222
223	uuid = sym_crypt_get_uuid(cd);	7✔
224	if (!uuid)	7✔
UNCOV 225	return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to get LUKS UUID.");	×
226
227	if (volume_name)	7✔
228	/* avoid ambiguity around ":" once we join things below */
229	volume = xescape(volume_name, ":");	7✔
230	else
UNCOV 231	volume = strjoin("luks-", uuid);	×
232	if (!volume)	7✔
UNCOV 233	return log_oom_debug();	×
234
235	s = strjoin("cryptsetup:", volume, ":", uuid);	7✔
236	if (!s)	7✔
UNCOV 237	return log_oom_debug();	×
238
239	*ret = s;	7✔
240
241	return 0;	7✔
242	}
243
244	/* The hash must match what measure_volume_key() extends to the SHA256 bank of the TPM2. */
245	int cryptsetup_get_volume_key_id(	7✔
246	struct crypt_device *cd,
247	const char *volume_name,
248	const void *volume_key,
249	size_t volume_key_size,
250	char **ret) {
251
252	_cleanup_free_ char *prefix = NULL;	7✔
253	uint8_t digest[SHA256_DIGEST_SIZE];	7✔
254	char *hex;	7✔
255	int r;	7✔
256
257	assert(ret);	7✔
258
259	r = cryptsetup_get_volume_key_prefix(cd, volume_name, &prefix);	7✔
260	if (r < 0)	7✔
UNCOV 261	return log_debug_errno(r, "Failed to get LUKS volume key prefix.");	×
262
263	hmac_sha256(volume_key, volume_key_size, prefix, strlen(prefix), digest);	7✔
264
265	hex = hexmem(digest, sizeof(digest));	7✔
266	if (!hex)	7✔
UNCOV 267	return log_oom_debug();	×
268
269	*ret = hex;	7✔
270
271	return 0;	7✔
272	}
273	#endif
274
275	int dlopen_cryptsetup(int log_level) {	27,818✔
276	#if HAVE_LIBCRYPTSETUP
277	int r;	27,818✔
278
279	/* libcryptsetup added crypt_reencrypt() in 2.2.0, and marked it obsolete in 2.4.0, replacing it with
280	* crypt_reencrypt_run(), which takes one extra argument but is otherwise identical. The old call is
281	* still available though, and given we want to support 2.2.0 for a while longer, we'll use the old
282	* symbol if the new one is not available. */
283
284	SD_ELF_NOTE_DLOPEN(	27,818✔
285	"cryptsetup",
286	"Support for disk encryption, integrity, and authentication",
287	SD_ELF_NOTE_DLOPEN_PRIORITY_SUGGESTED,
288	"libcryptsetup.so.12");
289
290	r = dlopen_many_sym_or_warn(	27,818✔
291	&cryptsetup_dl, "libcryptsetup.so.12", log_level,
292	DLSYM_ARG(crypt_activate_by_passphrase),
293	DLSYM_ARG(crypt_activate_by_signed_key),
294	DLSYM_ARG(crypt_activate_by_token_pin),
295	DLSYM_ARG(crypt_activate_by_volume_key),
296	DLSYM_ARG(crypt_deactivate),
297	DLSYM_ARG(crypt_deactivate_by_name),
298	DLSYM_ARG(crypt_format),
299	DLSYM_ARG(crypt_free),
300	DLSYM_ARG(crypt_get_cipher),
301	DLSYM_ARG(crypt_get_cipher_mode),
302	DLSYM_ARG(crypt_get_data_offset),
303	DLSYM_ARG(crypt_get_device_name),
304	DLSYM_ARG(crypt_get_dir),
305	DLSYM_ARG(crypt_get_type),
306	DLSYM_ARG(crypt_get_uuid),
307	DLSYM_ARG(crypt_get_verity_info),
308	DLSYM_ARG(crypt_get_volume_key_size),
309	DLSYM_ARG(crypt_header_restore),
310	DLSYM_ARG(crypt_init),
311	DLSYM_ARG(crypt_init_by_name),
312	DLSYM_ARG(crypt_init_data_device),
313	DLSYM_ARG(crypt_keyslot_add_by_volume_key),
314	DLSYM_ARG(crypt_keyslot_destroy),
315	DLSYM_ARG(crypt_keyslot_max),
316	DLSYM_ARG(crypt_keyslot_status),
317	DLSYM_ARG(crypt_load),
318	DLSYM_ARG(crypt_metadata_locking),
319	DLSYM_ARG(crypt_persistent_flags_get),
320	DLSYM_ARG(crypt_persistent_flags_set),
321	DLSYM_ARG(crypt_reencrypt_init_by_passphrase),
322	DLSYM_ARG(crypt_reencrypt_run),
323	DLSYM_ARG(crypt_resize),
324	DLSYM_ARG(crypt_resume_by_volume_key),
325	DLSYM_ARG(crypt_set_data_device),
326	DLSYM_ARG(crypt_set_data_offset),
327	DLSYM_ARG(crypt_set_debug_level),
328	DLSYM_ARG(crypt_set_log_callback),
329	DLSYM_ARG(crypt_set_metadata_size),
330	DLSYM_ARG(crypt_set_pbkdf_type),
331	DLSYM_ARG(crypt_status),
332	DLSYM_ARG(crypt_suspend),
333	DLSYM_ARG(crypt_token_external_path),
334	DLSYM_ARG(crypt_token_json_get),
335	DLSYM_ARG(crypt_token_json_set),
336	DLSYM_ARG(crypt_token_max),
337	DLSYM_ARG(crypt_token_status),
338	DLSYM_ARG(crypt_volume_key_get),
339	DLSYM_ARG(crypt_volume_key_keyring),
340	DLSYM_ARG(crypt_wipe),
341	DLSYM_ARG(crypt_get_integrity_info));
342	if (r <= 0)	27,818✔
343	return r;
344
345	/* Optional symbols: present in libcryptsetup 2.7+ only. If unresolved, the prototype keeps its
346	* static initializer pointing at a fallback that returns -ENOSYS, so call sites can invoke the
347	* symbol unconditionally. */
348	DLSYM_OPTIONAL(cryptsetup_dl, crypt_set_keyring_to_link);	12,601✔
349	DLSYM_OPTIONAL(cryptsetup_dl, crypt_token_set_external_path);	12,601✔
350
351	/* Redirect the default logging calls of libcryptsetup to our own logging infra. (Note that
352	* libcryptsetup also maintains per-"struct crypt_device" log functions, which we'll also set
353	* whenever allocating a "struct crypt_device" context. Why set both? To be defensive: maybe some
354	* other code loaded into this process also changes the global log functions of libcryptsetup, who
355	* knows? And if so, we still want our own objects to log via our own infra, at the very least.) */
356	cryptsetup_enable_logging(NULL);	12,601✔
357
358	const char *e = secure_getenv("SYSTEMD_CRYPTSETUP_TOKEN_PATH");	12,601✔
359	if (e) {	12,601✔
UNCOV 360	r = sym_crypt_token_set_external_path(e);	×
UNCOV 361	if (r == -ENOSYS)	×
UNCOV 362	log_debug("Loaded libcryptsetup does not support setting the external token path, not setting it to '%s'.", e);	×
UNCOV 363	else if (r < 0)	×
UNCOV 364	log_debug_errno(r, "Failed to set the libcryptsetup external token path to '%s', ignoring: %m", e);	×
365	}
366
367	return 1;
368	#else
369	return log_full_errno(log_level, SYNTHETIC_ERRNO(EOPNOTSUPP),
370	"libcryptsetup support is not compiled in.");
371	#endif
372	}
373
374	int cryptsetup_get_keyslot_from_token(sd_json_variant *v) {	16✔
375	int keyslot, r;	16✔
376	sd_json_variant *w;	16✔
377
378	/* Parses the "keyslots" field of a LUKS2 token object. The field can be an array, but here we assume
379	* that it contains a single element only, since that's the only way we ever generate it
380	* ourselves. */
381
382	w = sd_json_variant_by_key(v, "keyslots");	16✔
383	if (!w)	16✔
384	return -ENOENT;	16✔
385	if (!sd_json_variant_is_array(w) \|\| sd_json_variant_elements(w) != 1)	16✔
386	return -EMEDIUMTYPE;
387
388	w = sd_json_variant_by_index(w, 0);	16✔
389	if (!w)	16✔
390	return -ENOENT;
391	if (!sd_json_variant_is_string(w))	16✔
392	return -EMEDIUMTYPE;
393
394	r = safe_atoi(sd_json_variant_string(w), &keyslot);	16✔
395	if (r < 0)	16✔
396	return r;
397	if (keyslot < 0)	16✔
UNCOV 398	return -EINVAL;	×
399
400	return keyslot;
401	}
402
403	const char* mangle_none(const char *s) {	204✔
404	/* A helper that turns cryptsetup/integritysetup/veritysetup "options" strings into NULL if they are effectively empty */
405	return isempty(s) \|\| STR_IN_SET(s, "-", "none") ? NULL : s;	408✔
406	}

systemd / systemd / 25834419893

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous