#include "cryptsetup-util.h"
#include "dlfcn-util.h"
#include "log.h"
+#include "parse-util.h"
static void *cryptsetup_dl = NULL;
int (*sym_crypt_set_data_device)(struct crypt_device *cd, const char *device);
void (*sym_crypt_set_debug_level)(int level);
void (*sym_crypt_set_log_callback)(struct crypt_device *cd, void (*log)(int level, const char *msg, void *usrptr), void *usrptr);
+int (*sym_crypt_token_json_get)(struct crypt_device *cd, int token, const char **json) = NULL;
+int (*sym_crypt_token_json_set)(struct crypt_device *cd, int token, const char *json) = NULL;
int (*sym_crypt_volume_key_get)(struct crypt_device *cd, int keyslot, char *volume_key, size_t *volume_key_size, const char *passphrase, size_t passphrase_size);
int dlopen_cryptsetup(void) {
DLSYM_ARG(crypt_set_data_device),
DLSYM_ARG(crypt_set_debug_level),
DLSYM_ARG(crypt_set_log_callback),
+ DLSYM_ARG(crypt_token_json_get),
+ DLSYM_ARG(crypt_token_json_set),
DLSYM_ARG(crypt_volume_key_get),
NULL);
if (r < 0)
sym_crypt_set_debug_level(DEBUG_LOGGING ? CRYPT_DEBUG_ALL : CRYPT_DEBUG_NONE);
}
+int cryptsetup_get_token_as_json(
+ struct crypt_device *cd,
+ int idx,
+ const char *verify_type,
+ JsonVariant **ret) {
+
+ _cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
+ const char *text;
+ int r;
+
+ assert(cd);
+
+ /* Extracts and parses the LUKS2 JSON token data from a LUKS2 device. Optionally verifies the type of
+ * the token. Returns:
+ *
+ * -EINVAL → token index out of range or "type" field missing
+ * -ENOENT → token doesn't exist
+ * -EMEDIUMTYPE → "verify_type" specified and doesn't match token's type
+ */
+
+ r = dlopen_cryptsetup();
+ if (r < 0)
+ return r;
+
+ r = sym_crypt_token_json_get(cd, idx, &text);
+ if (r < 0)
+ return r;
+
+ r = json_parse(text, 0, &v, NULL, NULL);
+ if (r < 0)
+ return r;
+
+ if (verify_type) {
+ JsonVariant *w;
+
+ w = json_variant_by_key(v, "type");
+ if (!w)
+ return -EINVAL;
+
+ if (!streq_ptr(json_variant_string(w), verify_type))
+ return -EMEDIUMTYPE;
+ }
+
+ if (ret)
+ *ret = TAKE_PTR(v);
+
+ return 0;
+}
+
+int cryptsetup_get_keyslot_from_token(JsonVariant *v) {
+ int keyslot, r;
+ JsonVariant *w;
+
+ /* Parses the "keyslots" field of a LUKS2 token object. The field can be an array, but here we assume
+ * that it contains a single element only, since that's the only way we ever generate it
+ * ourselves. */
+
+ w = json_variant_by_key(v, "keyslots");
+ if (!w)
+ return -ENOENT;
+ if (!json_variant_is_array(w) || json_variant_elements(w) != 1)
+ return -EMEDIUMTYPE;
+
+ w = json_variant_by_index(w, 0);
+ if (!w)
+ return -ENOENT;
+ if (!json_variant_is_string(w))
+ return -EMEDIUMTYPE;
+
+ r = safe_atoi(json_variant_string(w), &keyslot);
+ if (r < 0)
+ return r;
+ if (keyslot < 0)
+ return -EINVAL;
+
+ return keyslot;
+}
+
+int cryptsetup_add_token_json(struct crypt_device *cd, JsonVariant *v) {
+ _cleanup_free_ char *text = NULL;
+ int r;
+
+ r = dlopen_cryptsetup();
+ if (r < 0)
+ return r;
+
+ r = json_variant_format(v, 0, &text);
+ if (r < 0)
+ return log_debug_errno(r, "Failed to format token data for LUKS: %m");
+
+ log_debug("Adding token text <%s>", text);
+
+ r = sym_crypt_token_json_set(cd, CRYPT_ANY_TOKEN, text);
+ if (r < 0)
+ return log_debug_errno(r, "Failed to write token data to LUKS: %m");
+
+ return 0;
+}
#endif
/* SPDX-License-Identifier: LGPL-2.1-or-later */
#pragma once
+#include "json.h"
#include "macro.h"
#if HAVE_LIBCRYPTSETUP
extern int (*sym_crypt_set_data_device)(struct crypt_device *cd, const char *device);
extern void (*sym_crypt_set_debug_level)(int level);
extern void (*sym_crypt_set_log_callback)(struct crypt_device *cd, void (*log)(int level, const char *msg, void *usrptr), void *usrptr);
+extern int (*sym_crypt_token_json_get)(struct crypt_device *cd, int token, const char **json);
+extern int (*sym_crypt_token_json_set)(struct crypt_device *cd, int token, const char *json);
extern int (*sym_crypt_volume_key_get)(struct crypt_device *cd, int keyslot, char *volume_key, size_t *volume_key_size, const char *passphrase, size_t passphrase_size);
int dlopen_cryptsetup(void);
void cryptsetup_enable_logging(struct crypt_device *cd);
+int cryptsetup_get_token_as_json(struct crypt_device *cd, int idx, const char *verify_type, JsonVariant **ret);
+int cryptsetup_get_keyslot_from_token(JsonVariant *v);
+int cryptsetup_add_token_json(struct crypt_device *cd, JsonVariant *v);
+
#endif
projects / thirdparty / systemd.git / commitdiff
