Lines Matching +full:- +full:- +full:disable +full:- +full:uuid
4 * Copyright (c) 2015-2016 Red Hat, Inc.
25 #include "block-luks.h"
26 #include "block-luks-priv.h"
33 #include "qemu/uuid.h"
41 * docs/on-disk-format.pdf
209 int ret = qapi_enum_parse(map, name, -1, NULL); in qcrypto_block_luks_name_lookup()
244 memcmp(luks_header->magic, qcrypto_block_luks_magic, in qcrypto_block_luks_has_format()
246 be16_to_cpu(luks_header->version) == QCRYPTO_BLOCK_LUKS_VERSION) { in qcrypto_block_luks_has_format()
255 * Deal with a quirk of dm-crypt usage of ESSIV.
259 * encryption, because dm-crypt uses the hash digest length
352 size_t splitkeylen = luks->header.master_key_len * stripes; in qcrypto_block_luks_splitkeylen_sectors()
372 cpu_to_be16s(&hdr->version); in qcrypto_block_luks_to_disk_endian()
373 cpu_to_be32s(&hdr->payload_offset_sector); in qcrypto_block_luks_to_disk_endian()
374 cpu_to_be32s(&hdr->master_key_len); in qcrypto_block_luks_to_disk_endian()
375 cpu_to_be32s(&hdr->master_key_iterations); in qcrypto_block_luks_to_disk_endian()
378 cpu_to_be32s(&hdr->key_slots[i].active); in qcrypto_block_luks_to_disk_endian()
379 cpu_to_be32s(&hdr->key_slots[i].iterations); in qcrypto_block_luks_to_disk_endian()
380 cpu_to_be32s(&hdr->key_slots[i].key_offset_sector); in qcrypto_block_luks_to_disk_endian()
381 cpu_to_be32s(&hdr->key_slots[i].stripes); in qcrypto_block_luks_to_disk_endian()
391 * The header is always stored in big-endian format, so in qcrypto_block_luks_from_disk_endian()
394 be16_to_cpus(&hdr->version); in qcrypto_block_luks_from_disk_endian()
395 be32_to_cpus(&hdr->payload_offset_sector); in qcrypto_block_luks_from_disk_endian()
396 be32_to_cpus(&hdr->master_key_len); in qcrypto_block_luks_from_disk_endian()
397 be32_to_cpus(&hdr->master_key_iterations); in qcrypto_block_luks_from_disk_endian()
400 be32_to_cpus(&hdr->key_slots[i].active); in qcrypto_block_luks_from_disk_endian()
401 be32_to_cpus(&hdr->key_slots[i].iterations); in qcrypto_block_luks_from_disk_endian()
402 be32_to_cpus(&hdr->key_slots[i].key_offset_sector); in qcrypto_block_luks_from_disk_endian()
403 be32_to_cpus(&hdr->key_slots[i].stripes); in qcrypto_block_luks_from_disk_endian()
416 const QCryptoBlockLUKS *luks = block->opaque; in qcrypto_block_luks_store_header()
422 memcpy(hdr_copy, &luks->header, sizeof(QCryptoBlockLUKSHeader)); in qcrypto_block_luks_store_header()
432 return -1; in qcrypto_block_luks_store_header()
448 QCryptoBlockLUKS *luks = block->opaque; in qcrypto_block_luks_load_header()
455 (uint8_t *)&luks->header, in qcrypto_block_luks_load_header()
456 sizeof(luks->header), in qcrypto_block_luks_load_header()
463 qcrypto_block_luks_from_disk_endian(&luks->header); in qcrypto_block_luks_load_header()
482 if (memcmp(luks->header.magic, qcrypto_block_luks_magic, in qcrypto_block_luks_check_header()
485 return -1; in qcrypto_block_luks_check_header()
488 if (luks->header.version != QCRYPTO_BLOCK_LUKS_VERSION) { in qcrypto_block_luks_check_header()
490 luks->header.version); in qcrypto_block_luks_check_header()
491 return -1; in qcrypto_block_luks_check_header()
494 if (!memchr(luks->header.cipher_name, '\0', in qcrypto_block_luks_check_header()
495 sizeof(luks->header.cipher_name))) { in qcrypto_block_luks_check_header()
497 return -1; in qcrypto_block_luks_check_header()
500 if (!memchr(luks->header.cipher_mode, '\0', in qcrypto_block_luks_check_header()
501 sizeof(luks->header.cipher_mode))) { in qcrypto_block_luks_check_header()
503 return -1; in qcrypto_block_luks_check_header()
506 if (!memchr(luks->header.hash_spec, '\0', in qcrypto_block_luks_check_header()
507 sizeof(luks->header.hash_spec))) { in qcrypto_block_luks_check_header()
509 return -1; in qcrypto_block_luks_check_header()
512 if (!detached && luks->header.payload_offset_sector < in qcrypto_block_luks_check_header()
516 return -1; in qcrypto_block_luks_check_header()
519 if (luks->header.master_key_iterations == 0) { in qcrypto_block_luks_check_header()
521 return -1; in qcrypto_block_luks_check_header()
527 const QCryptoBlockLUKSKeySlot *slot1 = &luks->header.key_slots[i]; in qcrypto_block_luks_check_header()
528 unsigned int start1 = slot1->key_offset_sector; in qcrypto_block_luks_check_header()
532 slot1->stripes); in qcrypto_block_luks_check_header()
534 if (slot1->stripes != QCRYPTO_BLOCK_LUKS_STRIPES) { in qcrypto_block_luks_check_header()
536 i, slot1->stripes, QCRYPTO_BLOCK_LUKS_STRIPES); in qcrypto_block_luks_check_header()
537 return -1; in qcrypto_block_luks_check_header()
540 if (slot1->active != QCRYPTO_BLOCK_LUKS_KEY_SLOT_DISABLED && in qcrypto_block_luks_check_header()
541 slot1->active != QCRYPTO_BLOCK_LUKS_KEY_SLOT_ENABLED) { in qcrypto_block_luks_check_header()
543 "Keyslot %zu state (active/disable) is corrupted", i); in qcrypto_block_luks_check_header()
544 return -1; in qcrypto_block_luks_check_header()
547 if (slot1->active == QCRYPTO_BLOCK_LUKS_KEY_SLOT_ENABLED && in qcrypto_block_luks_check_header()
548 slot1->iterations == 0) { in qcrypto_block_luks_check_header()
550 return -1; in qcrypto_block_luks_check_header()
558 return -1; in qcrypto_block_luks_check_header()
561 if (!detached && start1 + len1 > luks->header.payload_offset_sector) { in qcrypto_block_luks_check_header()
565 return -1; in qcrypto_block_luks_check_header()
569 const QCryptoBlockLUKSKeySlot *slot2 = &luks->header.key_slots[j]; in qcrypto_block_luks_check_header()
570 unsigned int start2 = slot2->key_offset_sector; in qcrypto_block_luks_check_header()
574 slot2->stripes); in qcrypto_block_luks_check_header()
580 return -1; in qcrypto_block_luks_check_header()
595 g_autofree char *cipher_mode = g_strdup(luks->header.cipher_mode); in qcrypto_block_luks_parse_header()
603 * <cipher-mode>-<iv-generator>[:<iv-hash>] in qcrypto_block_luks_parse_header()
605 * eg cbc-essiv:sha256, cbc-plain64 in qcrypto_block_luks_parse_header()
607 ivgen_name = strchr(cipher_mode, '-'); in qcrypto_block_luks_parse_header()
610 luks->header.cipher_mode); in qcrypto_block_luks_parse_header()
611 return -1; in qcrypto_block_luks_parse_header()
618 luks->ivgen_hash_alg = 0; in qcrypto_block_luks_parse_header()
623 luks->ivgen_hash_alg = qcrypto_block_luks_hash_name_lookup(ivhash_name, in qcrypto_block_luks_parse_header()
627 return -1; in qcrypto_block_luks_parse_header()
631 luks->cipher_mode = qcrypto_block_luks_cipher_mode_lookup(cipher_mode, in qcrypto_block_luks_parse_header()
635 return -1; in qcrypto_block_luks_parse_header()
638 luks->cipher_alg = in qcrypto_block_luks_parse_header()
639 qcrypto_block_luks_cipher_name_lookup(luks->header.cipher_name, in qcrypto_block_luks_parse_header()
640 luks->cipher_mode, in qcrypto_block_luks_parse_header()
641 luks->header.master_key_len, in qcrypto_block_luks_parse_header()
645 return -1; in qcrypto_block_luks_parse_header()
648 luks->hash_alg = in qcrypto_block_luks_parse_header()
649 qcrypto_block_luks_hash_name_lookup(luks->header.hash_spec, in qcrypto_block_luks_parse_header()
653 return -1; in qcrypto_block_luks_parse_header()
656 luks->ivgen_alg = qcrypto_block_luks_ivgen_name_lookup(ivgen_name, in qcrypto_block_luks_parse_header()
660 return -1; in qcrypto_block_luks_parse_header()
663 if (luks->ivgen_alg == QCRYPTO_IV_GEN_ALGO_ESSIV) { in qcrypto_block_luks_parse_header()
666 return -1; in qcrypto_block_luks_parse_header()
668 luks->ivgen_cipher_alg = in qcrypto_block_luks_parse_header()
669 qcrypto_block_luks_essiv_cipher(luks->cipher_alg, in qcrypto_block_luks_parse_header()
670 luks->ivgen_hash_alg, in qcrypto_block_luks_parse_header()
674 return -1; in qcrypto_block_luks_parse_header()
682 * This is for compat with dm-crypt which will silently in qcrypto_block_luks_parse_header()
686 luks->ivgen_cipher_alg = luks->cipher_alg; in qcrypto_block_luks_parse_header()
694 * in-memory header. User must then write the in-memory header
699 * -1 if a fatal error occurred while storing the key
711 QCryptoBlockLUKS *luks = block->opaque; in qcrypto_block_luks_store_key()
720 int ret = -1; in qcrypto_block_luks_store_key()
723 slot = &luks->header.key_slots[slot_idx]; in qcrypto_block_luks_store_key()
724 splitkeylen = luks->header.master_key_len * slot->stripes; in qcrypto_block_luks_store_key()
726 if (qcrypto_random_bytes(slot->salt, in qcrypto_block_luks_store_key()
737 iters = qcrypto_pbkdf2_count_iters(luks->hash_alg, in qcrypto_block_luks_store_key()
739 slot->salt, in qcrypto_block_luks_store_key()
741 luks->header.master_key_len, in qcrypto_block_luks_store_key()
765 slot->iterations = in qcrypto_block_luks_store_key()
773 slotkey = g_new0(uint8_t, luks->header.master_key_len); in qcrypto_block_luks_store_key()
774 if (qcrypto_pbkdf2(luks->hash_alg, in qcrypto_block_luks_store_key()
776 slot->salt, in qcrypto_block_luks_store_key()
778 slot->iterations, in qcrypto_block_luks_store_key()
779 slotkey, luks->header.master_key_len, in qcrypto_block_luks_store_key()
789 cipher = qcrypto_cipher_new(luks->cipher_alg, in qcrypto_block_luks_store_key()
790 luks->cipher_mode, in qcrypto_block_luks_store_key()
791 slotkey, luks->header.master_key_len, in qcrypto_block_luks_store_key()
797 ivgen = qcrypto_ivgen_new(luks->ivgen_alg, in qcrypto_block_luks_store_key()
798 luks->ivgen_cipher_alg, in qcrypto_block_luks_store_key()
799 luks->ivgen_hash_alg, in qcrypto_block_luks_store_key()
800 slotkey, luks->header.master_key_len, in qcrypto_block_luks_store_key()
813 if (qcrypto_afsplit_encode(luks->hash_alg, in qcrypto_block_luks_store_key()
814 luks->header.master_key_len, in qcrypto_block_luks_store_key()
815 slot->stripes, in qcrypto_block_luks_store_key()
826 if (qcrypto_block_cipher_encrypt_helper(cipher, block->niv, ivgen, in qcrypto_block_luks_store_key()
837 slot->key_offset_sector * in qcrypto_block_luks_store_key()
845 slot->active = QCRYPTO_BLOCK_LUKS_KEY_SLOT_ENABLED; in qcrypto_block_luks_store_key()
855 memset(slotkey, 0, luks->header.master_key_len); in qcrypto_block_luks_store_key()
872 * -1 if a fatal error occurred loading the key
883 QCryptoBlockLUKS *luks = block->opaque; in qcrypto_block_luks_load_key()
895 slot = &luks->header.key_slots[slot_idx]; in qcrypto_block_luks_load_key()
896 if (slot->active != QCRYPTO_BLOCK_LUKS_KEY_SLOT_ENABLED) { in qcrypto_block_luks_load_key()
900 splitkeylen = luks->header.master_key_len * slot->stripes; in qcrypto_block_luks_load_key()
902 possiblekey = g_new0(uint8_t, luks->header.master_key_len); in qcrypto_block_luks_load_key()
907 * decrypt the master key - we just blindly assume in qcrypto_block_luks_load_key()
911 if (qcrypto_pbkdf2(luks->hash_alg, in qcrypto_block_luks_load_key()
913 slot->salt, QCRYPTO_BLOCK_LUKS_SALT_LEN, in qcrypto_block_luks_load_key()
914 slot->iterations, in qcrypto_block_luks_load_key()
915 possiblekey, luks->header.master_key_len, in qcrypto_block_luks_load_key()
917 return -1; in qcrypto_block_luks_load_key()
928 slot->key_offset_sector * QCRYPTO_BLOCK_LUKS_SECTOR_SIZE, in qcrypto_block_luks_load_key()
933 return -1; in qcrypto_block_luks_load_key()
939 cipher = qcrypto_cipher_new(luks->cipher_alg, in qcrypto_block_luks_load_key()
940 luks->cipher_mode, in qcrypto_block_luks_load_key()
942 luks->header.master_key_len, in qcrypto_block_luks_load_key()
945 return -1; in qcrypto_block_luks_load_key()
948 niv = qcrypto_cipher_get_iv_len(luks->cipher_alg, in qcrypto_block_luks_load_key()
949 luks->cipher_mode); in qcrypto_block_luks_load_key()
951 ivgen = qcrypto_ivgen_new(luks->ivgen_alg, in qcrypto_block_luks_load_key()
952 luks->ivgen_cipher_alg, in qcrypto_block_luks_load_key()
953 luks->ivgen_hash_alg, in qcrypto_block_luks_load_key()
955 luks->header.master_key_len, in qcrypto_block_luks_load_key()
958 return -1; in qcrypto_block_luks_load_key()
977 return -1; in qcrypto_block_luks_load_key()
984 if (qcrypto_afsplit_decode(luks->hash_alg, in qcrypto_block_luks_load_key()
985 luks->header.master_key_len, in qcrypto_block_luks_load_key()
986 slot->stripes, in qcrypto_block_luks_load_key()
990 return -1; in qcrypto_block_luks_load_key()
1002 if (qcrypto_pbkdf2(luks->hash_alg, in qcrypto_block_luks_load_key()
1004 luks->header.master_key_len, in qcrypto_block_luks_load_key()
1005 luks->header.master_key_salt, in qcrypto_block_luks_load_key()
1007 luks->header.master_key_iterations, in qcrypto_block_luks_load_key()
1011 return -1; in qcrypto_block_luks_load_key()
1014 if (memcmp(keydigest, luks->header.master_key_digest, in qcrypto_block_luks_load_key()
1031 * Returns 0 if a key was loaded, -1 if no keys could be loaded
1062 return -1; in qcrypto_block_luks_find_key()
1076 val = luks->header.key_slots[slot_idx].active; in qcrypto_block_luks_slot_active()
1100 * Returns the key slot index, or -1 if it doesn't exist
1112 return -1; in qcrypto_block_luks_find_free_keyslot()
1119 * -1 if a error occurred while erasing the keyslot
1129 QCryptoBlockLUKS *luks = block->opaque; in qcrypto_block_luks_erase_key()
1138 slot = &luks->header.key_slots[slot_idx]; in qcrypto_block_luks_erase_key()
1140 splitkeylen = luks->header.master_key_len * slot->stripes; in qcrypto_block_luks_erase_key()
1146 memset(slot->salt, 0, QCRYPTO_BLOCK_LUKS_SALT_LEN); in qcrypto_block_luks_erase_key()
1147 slot->iterations = 0; in qcrypto_block_luks_erase_key()
1148 slot->active = QCRYPTO_BLOCK_LUKS_KEY_SLOT_DISABLED; in qcrypto_block_luks_erase_key()
1170 return -1; in qcrypto_block_luks_erase_key()
1174 slot->key_offset_sector * QCRYPTO_BLOCK_LUKS_SECTOR_SIZE, in qcrypto_block_luks_erase_key()
1180 return -1; in qcrypto_block_luks_erase_key()
1200 if (!options->u.luks.key_secret) { in qcrypto_block_luks_open()
1201 error_setg(errp, "Parameter '%skey-secret' is required for cipher", in qcrypto_block_luks_open()
1203 return -1; in qcrypto_block_luks_open()
1206 options->u.luks.key_secret, errp); in qcrypto_block_luks_open()
1208 return -1; in qcrypto_block_luks_open()
1213 block->opaque = luks; in qcrypto_block_luks_open()
1214 luks->secret = g_strdup(options->u.luks.key_secret); in qcrypto_block_luks_open()
1233 masterkey = g_new0(uint8_t, luks->header.master_key_len); in qcrypto_block_luks_open()
1246 block->kdfhash = luks->hash_alg; in qcrypto_block_luks_open()
1247 block->niv = qcrypto_cipher_get_iv_len(luks->cipher_alg, in qcrypto_block_luks_open()
1248 luks->cipher_mode); in qcrypto_block_luks_open()
1250 block->ivgen = qcrypto_ivgen_new(luks->ivgen_alg, in qcrypto_block_luks_open()
1251 luks->ivgen_cipher_alg, in qcrypto_block_luks_open()
1252 luks->ivgen_hash_alg, in qcrypto_block_luks_open()
1254 luks->header.master_key_len, in qcrypto_block_luks_open()
1256 if (!block->ivgen) { in qcrypto_block_luks_open()
1261 luks->cipher_alg, in qcrypto_block_luks_open()
1262 luks->cipher_mode, in qcrypto_block_luks_open()
1264 luks->header.master_key_len, in qcrypto_block_luks_open()
1270 block->sector_size = QCRYPTO_BLOCK_LUKS_SECTOR_SIZE; in qcrypto_block_luks_open()
1271 block->payload_offset = luks->header.payload_offset_sector * in qcrypto_block_luks_open()
1272 block->sector_size; in qcrypto_block_luks_open()
1273 block->detached_header = (block->payload_offset == 0) ? true : false; in qcrypto_block_luks_open()
1279 qcrypto_ivgen_free(block->ivgen); in qcrypto_block_luks_open()
1280 g_free(luks->secret); in qcrypto_block_luks_open()
1282 return -1; in qcrypto_block_luks_open()
1289 QemuUUID uuid; in qcrypto_block_luks_uuid_gen() local
1290 qemu_uuid_generate(&uuid); in qcrypto_block_luks_uuid_gen()
1291 qemu_uuid_unparse(&uuid, (char *)uuidstr); in qcrypto_block_luks_uuid_gen()
1320 memcpy(&luks_opts, &options->u.luks, sizeof(luks_opts)); in qcrypto_block_luks_create()
1344 block->opaque = luks; in qcrypto_block_luks_create()
1346 luks->cipher_alg = luks_opts.cipher_alg; in qcrypto_block_luks_create()
1347 luks->cipher_mode = luks_opts.cipher_mode; in qcrypto_block_luks_create()
1348 luks->ivgen_alg = luks_opts.ivgen_alg; in qcrypto_block_luks_create()
1349 luks->ivgen_hash_alg = luks_opts.ivgen_hash_alg; in qcrypto_block_luks_create()
1350 luks->hash_alg = luks_opts.hash_alg; in qcrypto_block_luks_create()
1354 * non-essiv iv generators that don't need a hash. It will in qcrypto_block_luks_create()
1355 * be silently ignored, for compatibility with dm-crypt */ in qcrypto_block_luks_create()
1357 if (!options->u.luks.key_secret) { in qcrypto_block_luks_create()
1358 error_setg(errp, "Parameter '%skey-secret' is required for cipher", in qcrypto_block_luks_create()
1362 luks->secret = g_strdup(options->u.luks.key_secret); in qcrypto_block_luks_create()
1370 memcpy(luks->header.magic, qcrypto_block_luks_magic, in qcrypto_block_luks_create()
1377 luks->header.version = QCRYPTO_BLOCK_LUKS_VERSION; in qcrypto_block_luks_create()
1378 qcrypto_block_luks_uuid_gen(luks->header.uuid); in qcrypto_block_luks_create()
1390 cipher_mode_spec = g_strdup_printf("%s-%s:%s", cipher_mode, ivgen_alg, in qcrypto_block_luks_create()
1393 cipher_mode_spec = g_strdup_printf("%s-%s", cipher_mode, ivgen_alg); in qcrypto_block_luks_create()
1415 luks->ivgen_cipher_alg = in qcrypto_block_luks_create()
1424 luks->ivgen_cipher_alg = luks_opts.cipher_alg; in qcrypto_block_luks_create()
1427 strcpy(luks->header.cipher_name, cipher_alg); in qcrypto_block_luks_create()
1428 strcpy(luks->header.cipher_mode, cipher_mode_spec); in qcrypto_block_luks_create()
1429 strcpy(luks->header.hash_spec, hash_alg); in qcrypto_block_luks_create()
1431 luks->header.master_key_len = in qcrypto_block_luks_create()
1435 luks->header.master_key_len *= 2; in qcrypto_block_luks_create()
1441 if (qcrypto_random_bytes(luks->header.master_key_salt, in qcrypto_block_luks_create()
1448 masterkey = g_new0(uint8_t, luks->header.master_key_len); in qcrypto_block_luks_create()
1450 luks->header.master_key_len, errp) < 0) { in qcrypto_block_luks_create()
1458 luks->header.master_key_len, errp) < 0) { in qcrypto_block_luks_create()
1462 block->kdfhash = luks_opts.hash_alg; in qcrypto_block_luks_create()
1463 block->niv = qcrypto_cipher_get_iv_len(luks_opts.cipher_alg, in qcrypto_block_luks_create()
1465 block->ivgen = qcrypto_ivgen_new(luks_opts.ivgen_alg, in qcrypto_block_luks_create()
1466 luks->ivgen_cipher_alg, in qcrypto_block_luks_create()
1468 masterkey, luks->header.master_key_len, in qcrypto_block_luks_create()
1471 if (!block->ivgen) { in qcrypto_block_luks_create()
1480 masterkey, luks->header.master_key_len, in qcrypto_block_luks_create()
1481 luks->header.master_key_salt, in qcrypto_block_luks_create()
1512 luks->header.master_key_iterations = iters; in qcrypto_block_luks_create()
1520 masterkey, luks->header.master_key_len, in qcrypto_block_luks_create()
1521 luks->header.master_key_salt, in qcrypto_block_luks_create()
1523 luks->header.master_key_iterations, in qcrypto_block_luks_create()
1524 luks->header.master_key_digest, in qcrypto_block_luks_create()
1540 QCryptoBlockLUKSKeySlot *slot = &luks->header.key_slots[i]; in qcrypto_block_luks_create()
1541 slot->active = QCRYPTO_BLOCK_LUKS_KEY_SLOT_DISABLED; in qcrypto_block_luks_create()
1543 slot->key_offset_sector = header_sectors + i * split_key_sectors; in qcrypto_block_luks_create()
1544 slot->stripes = QCRYPTO_BLOCK_LUKS_STRIPES; in qcrypto_block_luks_create()
1547 if (block->detached_header) { in qcrypto_block_luks_create()
1552 luks->header.payload_offset_sector = 0; in qcrypto_block_luks_create()
1560 luks->header.payload_offset_sector = header_sectors + in qcrypto_block_luks_create()
1564 block->sector_size = QCRYPTO_BLOCK_LUKS_SECTOR_SIZE; in qcrypto_block_luks_create()
1565 block->payload_offset = luks->header.payload_offset_sector * in qcrypto_block_luks_create()
1566 block->sector_size; in qcrypto_block_luks_create()
1569 split_key_sectors) * block->sector_size; in qcrypto_block_luks_create()
1592 memset(masterkey, 0, luks->header.master_key_len); in qcrypto_block_luks_create()
1598 memset(masterkey, 0, luks->header.master_key_len); in qcrypto_block_luks_create()
1602 qcrypto_ivgen_free(block->ivgen); in qcrypto_block_luks_create()
1604 g_free(luks->secret); in qcrypto_block_luks_create()
1606 return -1; in qcrypto_block_luks_create()
1618 QCryptoBlockLUKS *luks = block->opaque; in qcrypto_block_luks_amend_add_keyslot()
1619 uint64_t iter_time = opts_luks->has_iter_time ? in qcrypto_block_luks_amend_add_keyslot()
1620 opts_luks->iter_time : in qcrypto_block_luks_amend_add_keyslot()
1627 char *secret = opts_luks->secret ?: luks->secret; in qcrypto_block_luks_amend_add_keyslot()
1629 if (!opts_luks->new_secret) { in qcrypto_block_luks_amend_add_keyslot()
1630 error_setg(errp, "'new-secret' is required to activate a keyslot"); in qcrypto_block_luks_amend_add_keyslot()
1631 return -1; in qcrypto_block_luks_amend_add_keyslot()
1633 if (opts_luks->old_secret) { in qcrypto_block_luks_amend_add_keyslot()
1635 "'old-secret' must not be given when activating keyslots"); in qcrypto_block_luks_amend_add_keyslot()
1636 return -1; in qcrypto_block_luks_amend_add_keyslot()
1639 if (opts_luks->has_keyslot) { in qcrypto_block_luks_amend_add_keyslot()
1640 keyslot = opts_luks->keyslot; in qcrypto_block_luks_amend_add_keyslot()
1644 keyslot, QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS - 1); in qcrypto_block_luks_amend_add_keyslot()
1645 return -1; in qcrypto_block_luks_amend_add_keyslot()
1649 if (keyslot == -1) { in qcrypto_block_luks_amend_add_keyslot()
1651 "Can't add a keyslot - all keyslots are in use"); in qcrypto_block_luks_amend_add_keyslot()
1652 return -1; in qcrypto_block_luks_amend_add_keyslot()
1658 "Refusing to overwrite active keyslot %i - " in qcrypto_block_luks_amend_add_keyslot()
1661 return -1; in qcrypto_block_luks_amend_add_keyslot()
1667 return -1; in qcrypto_block_luks_amend_add_keyslot()
1671 master_key = g_new0(uint8_t, luks->header.master_key_len); in qcrypto_block_luks_amend_add_keyslot()
1676 return -1; in qcrypto_block_luks_amend_add_keyslot()
1680 new_password = qcrypto_secret_lookup_as_utf8(opts_luks->new_secret, errp); in qcrypto_block_luks_amend_add_keyslot()
1682 return -1; in qcrypto_block_luks_amend_add_keyslot()
1689 return -1; in qcrypto_block_luks_amend_add_keyslot()
1703 QCryptoBlockLUKS *luks = block->opaque; in qcrypto_block_luks_amend_erase_keyslots()
1707 if (opts_luks->new_secret) { in qcrypto_block_luks_amend_erase_keyslots()
1709 "'new-secret' must not be given when erasing keyslots"); in qcrypto_block_luks_amend_erase_keyslots()
1710 return -1; in qcrypto_block_luks_amend_erase_keyslots()
1712 if (opts_luks->has_iter_time) { in qcrypto_block_luks_amend_erase_keyslots()
1714 "'iter-time' must not be given when erasing keyslots"); in qcrypto_block_luks_amend_erase_keyslots()
1715 return -1; in qcrypto_block_luks_amend_erase_keyslots()
1717 if (opts_luks->secret) { in qcrypto_block_luks_amend_erase_keyslots()
1720 return -1; in qcrypto_block_luks_amend_erase_keyslots()
1724 if (opts_luks->old_secret) { in qcrypto_block_luks_amend_erase_keyslots()
1725 old_password = qcrypto_secret_lookup_as_utf8(opts_luks->old_secret, in qcrypto_block_luks_amend_erase_keyslots()
1728 return -1; in qcrypto_block_luks_amend_erase_keyslots()
1735 tmpkey = g_new0(uint8_t, luks->header.master_key_len); in qcrypto_block_luks_amend_erase_keyslots()
1739 if (opts_luks->has_keyslot) { in qcrypto_block_luks_amend_erase_keyslots()
1740 int keyslot = opts_luks->keyslot; in qcrypto_block_luks_amend_erase_keyslots()
1745 keyslot, QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS - 1); in qcrypto_block_luks_amend_erase_keyslots()
1746 return -1; in qcrypto_block_luks_amend_erase_keyslots()
1749 if (opts_luks->old_secret) { in qcrypto_block_luks_amend_erase_keyslots()
1757 if (rv == -1) { in qcrypto_block_luks_amend_erase_keyslots()
1758 return -1; in qcrypto_block_luks_amend_erase_keyslots()
1764 return -1; in qcrypto_block_luks_amend_erase_keyslots()
1772 return -1; in qcrypto_block_luks_amend_erase_keyslots()
1779 "irreversibly - refusing operation", in qcrypto_block_luks_amend_erase_keyslots()
1781 return -1; in qcrypto_block_luks_amend_erase_keyslots()
1787 return -1; in qcrypto_block_luks_amend_erase_keyslots()
1791 } else if (opts_luks->old_secret) { in qcrypto_block_luks_amend_erase_keyslots()
1808 if (rv == -1) { in qcrypto_block_luks_amend_erase_keyslots()
1809 return -1; in qcrypto_block_luks_amend_erase_keyslots()
1820 return -1; in qcrypto_block_luks_amend_erase_keyslots()
1828 "the image irreversibly - refusing operation"); in qcrypto_block_luks_amend_erase_keyslots()
1829 return -1; in qcrypto_block_luks_amend_erase_keyslots()
1840 return -1; in qcrypto_block_luks_amend_erase_keyslots()
1847 return -1; in qcrypto_block_luks_amend_erase_keyslots()
1861 QCryptoBlockAmendOptionsLUKS *opts_luks = &options->u.luks; in qcrypto_block_luks_amend_options()
1863 switch (opts_luks->state) { in qcrypto_block_luks_amend_options()
1881 QCryptoBlockLUKS *luks = block->opaque; in qcrypto_block_luks_get_info()
1883 QCryptoBlockInfoLUKSSlotList **tail = &info->u.luks.slots; in qcrypto_block_luks_get_info()
1886 info->u.luks.cipher_alg = luks->cipher_alg; in qcrypto_block_luks_get_info()
1887 info->u.luks.cipher_mode = luks->cipher_mode; in qcrypto_block_luks_get_info()
1888 info->u.luks.ivgen_alg = luks->ivgen_alg; in qcrypto_block_luks_get_info()
1889 if (info->u.luks.ivgen_alg == QCRYPTO_IV_GEN_ALGO_ESSIV) { in qcrypto_block_luks_get_info()
1890 info->u.luks.has_ivgen_hash_alg = true; in qcrypto_block_luks_get_info()
1891 info->u.luks.ivgen_hash_alg = luks->ivgen_hash_alg; in qcrypto_block_luks_get_info()
1893 info->u.luks.hash_alg = luks->hash_alg; in qcrypto_block_luks_get_info()
1894 info->u.luks.payload_offset = block->payload_offset; in qcrypto_block_luks_get_info()
1895 info->u.luks.master_key_iters = luks->header.master_key_iterations; in qcrypto_block_luks_get_info()
1896 info->u.luks.uuid = g_strndup((const char *)luks->header.uuid, in qcrypto_block_luks_get_info()
1897 sizeof(luks->header.uuid)); in qcrypto_block_luks_get_info()
1898 info->u.luks.detached_header = block->detached_header; in qcrypto_block_luks_get_info()
1902 slot->active = luks->header.key_slots[i].active == in qcrypto_block_luks_get_info()
1904 slot->key_offset = luks->header.key_slots[i].key_offset_sector in qcrypto_block_luks_get_info()
1906 if (slot->active) { in qcrypto_block_luks_get_info()
1907 slot->has_iters = true; in qcrypto_block_luks_get_info()
1908 slot->iters = luks->header.key_slots[i].iterations; in qcrypto_block_luks_get_info()
1909 slot->has_stripes = true; in qcrypto_block_luks_get_info()
1910 slot->stripes = luks->header.key_slots[i].stripes; in qcrypto_block_luks_get_info()
1922 QCryptoBlockLUKS *luks = block->opaque; in qcrypto_block_luks_cleanup()
1924 g_free(luks->secret); in qcrypto_block_luks_cleanup()