[thirdparty/systemd.git] / src / veritysetup / veritysetup.c

/***
  This file is part of systemd.

  Copyright 2016 Lennart Poettering

  systemd is free software; you can redistribute it and/or modify it
  under the terms of the GNU Lesser General Public License as published by
  the Free Software Foundation; either version 2.1 of the License, or
  (at your option) any later version.

  systemd is distributed in the hope that it will be useful, but
  WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  Lesser General Public License for more details.

  You should have received a copy of the GNU Lesser General Public License
  along with systemd; If not, see <http://www.gnu.org/licenses/>.
***/

#include <libcryptsetup.h>
#include <stdio.h>
#include <sys/stat.h>

#include "log.h"
#include "hexdecoct.h"
#include "string-util.h"
#include "alloc-util.h"

static char *arg_root_hash = NULL;
static char *arg_data_what = NULL;
static char *arg_hash_what = NULL;

static int help(void) {
        printf("%s attach VOLUME DATADEVICE HASHDEVICE ROOTHASH\n"
               "%s detach VOLUME\n\n"
               "Attaches or detaches an integrity protected block device.\n",
               program_invocation_short_name,
               program_invocation_short_name);

        return 0;
}

static void log_glue(int level, const char *msg, void *usrptr) {
        log_debug("%s", msg);
}

int main(int argc, char *argv[]) {
        struct crypt_device *cd = NULL;
        int r;

        if (argc <= 1) {
                r = help();
                goto finish;
        }

        if (argc < 3) {
                log_error("This program requires at least two arguments.");
                r = -EINVAL;
                goto finish;
        }

        log_set_target(LOG_TARGET_AUTO);
        log_parse_environment();
        log_open();

        umask(0022);

        if (streq(argv[1], "attach")) {
                _cleanup_free_ void *m = NULL;
                crypt_status_info status;
                size_t l;

                if (argc < 6) {
                        log_error("attach requires at least two arguments.");
                        r = -EINVAL;
                        goto finish;
                }

                r = unhexmem(argv[5], strlen(argv[5]), &m, &l);
                if (r < 0) {
                        log_error("Failed to parse root hash.");
                        goto finish;
                }

                r = crypt_init(&cd, argv[4]);
                if (r < 0) {
                        log_error_errno(r, "Failed to open verity device %s: %m", argv[4]);
                        goto finish;
                }

                crypt_set_log_callback(cd, log_glue, NULL);

                status = crypt_status(cd, argv[2]);
                if (IN_SET(status, CRYPT_ACTIVE, CRYPT_BUSY)) {
                        log_info("Volume %s already active.", argv[2]);
                        r = 0;
                        goto finish;
                }

                r = crypt_load(cd, CRYPT_VERITY, NULL);
                if (r < 0) {
                        log_error_errno(r, "Failed to load verity superblock: %m");
                        goto finish;
                }

                r = crypt_set_data_device(cd, argv[3]);
                if (r < 0) {
                        log_error_errno(r, "Failed to configure data device: %m");
                        goto finish;
                }

                r = crypt_activate_by_volume_key(cd, argv[2], m, l, CRYPT_ACTIVATE_READONLY);
                if (r < 0) {
                        log_error_errno(r, "Failed to set up verity device: %m");
                        goto finish;
                }

        } else if (streq(argv[1], "detach")) {

                r = crypt_init_by_name(&cd, argv[2]);
                if (r == -ENODEV) {
                        log_info("Volume %s already inactive.", argv[2]);
                        goto finish;
                } else if (r < 0) {
                        log_error_errno(r, "crypt_init_by_name() failed: %m");
                        goto finish;
                }

                crypt_set_log_callback(cd, log_glue, NULL);

                r = crypt_deactivate(cd, argv[2]);
                if (r < 0) {
                        log_error_errno(r, "Failed to deactivate: %m");
                        goto finish;
                }

        } else {
                log_error("Unknown verb %s.", argv[1]);
                r = -EINVAL;
                goto finish;
        }

        r = 0;

finish:
        if (cd)
                crypt_free(cd);

        free(arg_root_hash);
        free(arg_data_what);
        free(arg_hash_what);

        return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
}
Commit	Line	Data
2f3dfc6f LP	1	/***
	2	This file is part of systemd.
	3
	4	Copyright 2016 Lennart Poettering
	5
	6	systemd is free software; you can redistribute it and/or modify it
	7	under the terms of the GNU Lesser General Public License as published by
	8	the Free Software Foundation; either version 2.1 of the License, or
	9	(at your option) any later version.
	10
	11	systemd is distributed in the hope that it will be useful, but
	12	WITHOUT ANY WARRANTY; without even the implied warranty of
	13	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	14	Lesser General Public License for more details.
	15
	16	You should have received a copy of the GNU Lesser General Public License
	17	along with systemd; If not, see <http://www.gnu.org/licenses/>.
	18	***/
	19
	20	#include <libcryptsetup.h>
	21	#include <stdio.h>
	22	#include <sys/stat.h>
	23
	24	#include "log.h"
	25	#include "hexdecoct.h"
	26	#include "string-util.h"
	27	#include "alloc-util.h"
	28
	29	static char *arg_root_hash = NULL;
	30	static char *arg_data_what = NULL;
	31	static char *arg_hash_what = NULL;
	32
	33	static int help(void) {
	34	printf("%s attach VOLUME DATADEVICE HASHDEVICE ROOTHASH\n"
	35	"%s detach VOLUME\n\n"
	36	"Attaches or detaches an integrity protected block device.\n",
	37	program_invocation_short_name,
	38	program_invocation_short_name);
	39
	40	return 0;
	41	}
	42
	43	static void log_glue(int level, const char msg, void usrptr) {
	44	log_debug("%s", msg);
	45	}
	46
	47	int main(int argc, char *argv[]) {
	48	struct crypt_device *cd = NULL;
	49	int r;
	50
	51	if (argc <= 1) {
	52	r = help();
	53	goto finish;
	54	}
	55
	56	if (argc < 3) {
	57	log_error("This program requires at least two arguments.");
	58	r = -EINVAL;
	59	goto finish;
	60	}
	61
	62	log_set_target(LOG_TARGET_AUTO);
	63	log_parse_environment();
	64	log_open();
65
66	umask(0022);
67
68	if (streq(argv[1], "attach")) {
69	_cleanup_free_ void *m = NULL;
70	crypt_status_info status;
71	size_t l;
72
73	if (argc < 6) {
74	log_error("attach requires at least two arguments.");
75	r = -EINVAL;
76	goto finish;
77	}
78
79	r = unhexmem(argv[5], strlen(argv[5]), &m, &l);
80	if (r < 0) {
81	log_error("Failed to parse root hash.");
82	goto finish;
83	}
84
85	r = crypt_init(&cd, argv[4]);
86	if (r < 0) {
87	log_error_errno(r, "Failed to open verity device %s: %m", argv[4]);
88	goto finish;
89	}
90
91	crypt_set_log_callback(cd, log_glue, NULL);
92
93	status = crypt_status(cd, argv[2]);
3742095b	94	if (IN_SET(status, CRYPT_ACTIVE, CRYPT_BUSY)) {
2f3dfc6f LP	95	log_info("Volume %s already active.", argv[2]);
	96	r = 0;
	97	goto finish;
	98	}
	99
	100	r = crypt_load(cd, CRYPT_VERITY, NULL);
	101	if (r < 0) {
	102	log_error_errno(r, "Failed to load verity superblock: %m");
	103	goto finish;
	104	}
	105
	106	r = crypt_set_data_device(cd, argv[3]);
	107	if (r < 0) {
	108	log_error_errno(r, "Failed to configure data device: %m");
	109	goto finish;
	110	}
	111
	112	r = crypt_activate_by_volume_key(cd, argv[2], m, l, CRYPT_ACTIVATE_READONLY);
	113	if (r < 0) {
	114	log_error_errno(r, "Failed to set up verity device: %m");
	115	goto finish;
	116	}
	117
	118	} else if (streq(argv[1], "detach")) {
	119
	120	r = crypt_init_by_name(&cd, argv[2]);
	121	if (r == -ENODEV) {
	122	log_info("Volume %s already inactive.", argv[2]);
	123	goto finish;
	124	} else if (r < 0) {
	125	log_error_errno(r, "crypt_init_by_name() failed: %m");
	126	goto finish;
	127	}
	128
	129	crypt_set_log_callback(cd, log_glue, NULL);
	130
	131	r = crypt_deactivate(cd, argv[2]);
	132	if (r < 0) {
	133	log_error_errno(r, "Failed to deactivate: %m");
	134	goto finish;
	135	}
	136
	137	} else {
	138	log_error("Unknown verb %s.", argv[1]);
	139	r = -EINVAL;
	140	goto finish;
	141	}
	142
	143	r = 0;
	144
	145	finish:
	146	if (cd)
	147	crypt_free(cd);
	148
	149	free(arg_root_hash);
	150	free(arg_data_what);
	151	free(arg_hash_what);
	152
	153	return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
	154	}