[thirdparty/systemd.git] / src / veritysetup / veritysetup.c

/* SPDX-License-Identifier: LGPL-2.1+ */

#include <errno.h>
#include <stdio.h>
#include <sys/stat.h>

#include "alloc-util.h"
#include "crypt-util.h"
#include "hexdecoct.h"
#include "log.h"
#include "string-util.h"

static char *arg_root_hash = NULL;
static char *arg_data_what = NULL;
static char *arg_hash_what = NULL;

static int help(void) {
        printf("%s attach VOLUME DATADEVICE HASHDEVICE ROOTHASH\n"
               "%s detach VOLUME\n\n"
               "Attaches or detaches an integrity protected block device.\n",
               program_invocation_short_name,
               program_invocation_short_name);

        return 0;
}

int main(int argc, char *argv[]) {
        _cleanup_(crypt_freep) struct crypt_device *cd = NULL;
        int r;

        if (argc <= 1) {
                r = help();
                goto finish;
        }

        if (argc < 3) {
                log_error("This program requires at least two arguments.");
                r = -EINVAL;
                goto finish;
        }

        log_set_target(LOG_TARGET_AUTO);
        log_parse_environment();
        log_open();

        umask(0022);

        if (streq(argv[1], "attach")) {
                _cleanup_free_ void *m = NULL;
                crypt_status_info status;
                size_t l;

                if (argc < 6) {
                        log_error("attach requires at least two arguments.");
                        r = -EINVAL;
                        goto finish;
                }

                r = unhexmem(argv[5], strlen(argv[5]), &m, &l);
                if (r < 0) {
                        log_error("Failed to parse root hash.");
                        goto finish;
                }

                r = crypt_init(&cd, argv[4]);
                if (r < 0) {
                        log_error_errno(r, "Failed to open verity device %s: %m", argv[4]);
                        goto finish;
                }

                crypt_set_log_callback(cd, cryptsetup_log_glue, NULL);

                status = crypt_status(cd, argv[2]);
                if (IN_SET(status, CRYPT_ACTIVE, CRYPT_BUSY)) {
                        log_info("Volume %s already active.", argv[2]);
                        r = 0;
                        goto finish;
                }

                r = crypt_load(cd, CRYPT_VERITY, NULL);
                if (r < 0) {
                        log_error_errno(r, "Failed to load verity superblock: %m");
                        goto finish;
                }

                r = crypt_set_data_device(cd, argv[3]);
                if (r < 0) {
                        log_error_errno(r, "Failed to configure data device: %m");
                        goto finish;
                }

                r = crypt_activate_by_volume_key(cd, argv[2], m, l, CRYPT_ACTIVATE_READONLY);
                if (r < 0) {
                        log_error_errno(r, "Failed to set up verity device: %m");
                        goto finish;
                }

        } else if (streq(argv[1], "detach")) {

                r = crypt_init_by_name(&cd, argv[2]);
                if (r == -ENODEV) {
                        log_info("Volume %s already inactive.", argv[2]);
                        goto finish;
                } else if (r < 0) {
                        log_error_errno(r, "crypt_init_by_name() failed: %m");
                        goto finish;
                }

                crypt_set_log_callback(cd, cryptsetup_log_glue, NULL);

                r = crypt_deactivate(cd, argv[2]);
                if (r < 0) {
                        log_error_errno(r, "Failed to deactivate: %m");
                        goto finish;
                }

        } else {
                log_error("Unknown verb %s.", argv[1]);
                r = -EINVAL;
                goto finish;
        }

        r = 0;

finish:
        free(arg_root_hash);
        free(arg_data_what);
        free(arg_hash_what);

        return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
}
Commit	Line	Data
53e1b683	1	/* SPDX-License-Identifier: LGPL-2.1+ */
2f3dfc6f	2
dccca82b	3	#include <errno.h>
2f3dfc6f LP	4	#include <stdio.h>
	5	#include <sys/stat.h>
	6
dccca82b	7	#include "alloc-util.h"
294bd454	8	#include "crypt-util.h"
2f3dfc6f	9	#include "hexdecoct.h"
dccca82b	10	#include "log.h"
2f3dfc6f	11	#include "string-util.h"
2f3dfc6f LP	12
	13	static char *arg_root_hash = NULL;
	14	static char *arg_data_what = NULL;
	15	static char *arg_hash_what = NULL;
	16
	17	static int help(void) {
	18	printf("%s attach VOLUME DATADEVICE HASHDEVICE ROOTHASH\n"
	19	"%s detach VOLUME\n\n"
	20	"Attaches or detaches an integrity protected block device.\n",
	21	program_invocation_short_name,
	22	program_invocation_short_name);
	23
	24	return 0;
	25	}
	26
2f3dfc6f	27	int main(int argc, char *argv[]) {
294bd454	28	_cleanup_(crypt_freep) struct crypt_device *cd = NULL;
2f3dfc6f LP	29	int r;
	30
	31	if (argc <= 1) {
	32	r = help();
	33	goto finish;
	34	}
	35
	36	if (argc < 3) {
	37	log_error("This program requires at least two arguments.");
	38	r = -EINVAL;
	39	goto finish;
	40	}
	41
	42	log_set_target(LOG_TARGET_AUTO);
	43	log_parse_environment();
	44	log_open();
	45
	46	umask(0022);
	47
	48	if (streq(argv[1], "attach")) {
	49	_cleanup_free_ void *m = NULL;
	50	crypt_status_info status;
	51	size_t l;
	52
	53	if (argc < 6) {
	54	log_error("attach requires at least two arguments.");
	55	r = -EINVAL;
	56	goto finish;
	57	}
	58
	59	r = unhexmem(argv[5], strlen(argv[5]), &m, &l);
	60	if (r < 0) {
	61	log_error("Failed to parse root hash.");
	62	goto finish;
	63	}
	64
	65	r = crypt_init(&cd, argv[4]);
	66	if (r < 0) {
	67	log_error_errno(r, "Failed to open verity device %s: %m", argv[4]);
	68	goto finish;
	69	}
	70
691c2e2e	71	crypt_set_log_callback(cd, cryptsetup_log_glue, NULL);
2f3dfc6f LP	72
2f3dfc6f LP	73	status = crypt_status(cd, argv[2]);
3742095b	74	if (IN_SET(status, CRYPT_ACTIVE, CRYPT_BUSY)) {
2f3dfc6f LP	75	log_info("Volume %s already active.", argv[2]);
	76	r = 0;
	77	goto finish;
	78	}
	79
	80	r = crypt_load(cd, CRYPT_VERITY, NULL);
	81	if (r < 0) {
	82	log_error_errno(r, "Failed to load verity superblock: %m");
	83	goto finish;
	84	}
	85
	86	r = crypt_set_data_device(cd, argv[3]);
	87	if (r < 0) {
	88	log_error_errno(r, "Failed to configure data device: %m");
	89	goto finish;
	90	}
	91
	92	r = crypt_activate_by_volume_key(cd, argv[2], m, l, CRYPT_ACTIVATE_READONLY);
	93	if (r < 0) {
	94	log_error_errno(r, "Failed to set up verity device: %m");
	95	goto finish;
	96	}
	97
	98	} else if (streq(argv[1], "detach")) {
	99
	100	r = crypt_init_by_name(&cd, argv[2]);
	101	if (r == -ENODEV) {
	102	log_info("Volume %s already inactive.", argv[2]);
	103	goto finish;
	104	} else if (r < 0) {
	105	log_error_errno(r, "crypt_init_by_name() failed: %m");
	106	goto finish;
	107	}
	108
691c2e2e	109	crypt_set_log_callback(cd, cryptsetup_log_glue, NULL);
2f3dfc6f LP	110
	111	r = crypt_deactivate(cd, argv[2]);
	112	if (r < 0) {
	113	log_error_errno(r, "Failed to deactivate: %m");
	114	goto finish;
	115	}
	116
	117	} else {
	118	log_error("Unknown verb %s.", argv[1]);
	119	r = -EINVAL;
	120	goto finish;
	121	}
	122
	123	r = 0;
	124
	125	finish:
2f3dfc6f LP	126	free(arg_root_hash);
	127	free(arg_data_what);
	128	free(arg_hash_what);
	129
	130	return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
	131	}