cryptsetup: use crypt_token_max if available

bluca · bluca · commit 3c2c8e62c97c · 2021-01-05T12:16:07.000Z
New API added upstream: https://gitlab.com/cryptsetup/cryptsetup/-/commit/8a12f6dc2c75f8fd0c4969fbdc421895eb418072
diff --git a/meson.build b/meson.build
@@ -1056,6 +1056,8 @@ if want_libcryptsetup != 'false' and not skip_deps
                    have and cc.has_function('crypt_set_metadata_size', dependencies : libcryptsetup))
         conf.set10('HAVE_CRYPT_ACTIVATE_BY_SIGNED_KEY',
                    have and cc.has_function('crypt_activate_by_signed_key', dependencies : libcryptsetup))
+        conf.set10('HAVE_CRYPT_TOKEN_MAX',
+                   have and cc.has_function('crypt_token_max', dependencies : libcryptsetup))
 else
         have = false
         libcryptsetup = []
diff --git a/src/cryptenroll/cryptenroll-list.c b/src/cryptenroll/cryptenroll-list.c
@@ -37,7 +37,7 @@ int list_enrolled(struct crypt_device *cd) {
 
         /* Second step, enumerate through all tokens, and update the slot table, indicating what kind of
          * token they are assigned to */
-        for (int token = 0; token < LUKS2_TOKENS_MAX; token++) {
+        for (int token = 0; token < sym_crypt_token_max(CRYPT_LUKS2); token++) {
                 _cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
                 const char *type;
                 JsonVariant *w, *z;
diff --git a/src/cryptenroll/cryptenroll-tpm2.c b/src/cryptenroll/cryptenroll-tpm2.c
@@ -20,7 +20,7 @@ static int search_policy_hash(
         if (hash_size == 0)
                 return 0;
 
-        for (int token = 0; token < LUKS2_TOKENS_MAX; token ++) {
+        for (int token = 0; token < sym_crypt_token_max(CRYPT_LUKS2); token ++) {
                 _cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
                 _cleanup_free_ void *thash = NULL;
                 size_t thash_size = 0;
diff --git a/src/cryptenroll/cryptenroll-wipe.c b/src/cryptenroll/cryptenroll-wipe.c
@@ -99,7 +99,7 @@ static int find_slots_by_mask(
 
         /* Find all slots that are associated with a token of a type in the specified token type mask */
 
-        for (int token = 0; token < LUKS2_TOKENS_MAX; token++) {
+        for (int token = 0; token < sym_crypt_token_max(CRYPT_LUKS2); token++) {
                 _cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
                 JsonVariant *w, *z;
                 EnrollType t;
@@ -199,7 +199,7 @@ static int find_slot_tokens(struct crypt_device *cd, Set *wipe_slots, Set *keep_
         /* Find all tokens matching the slots we want to wipe, so that we can wipe them too. Also, for update
          * the slots sets according to the token data: add any other slots listed in the tokens we act on. */
 
-        for (int token = 0; token < LUKS2_TOKENS_MAX; token++) {
+        for (int token = 0; token < sym_crypt_token_max(CRYPT_LUKS2); token++) {
                 _cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
                 bool shall_wipe = false;
                 JsonVariant *w, *z;
diff --git a/src/cryptsetup/cryptsetup-fido2.c b/src/cryptsetup/cryptsetup-fido2.c
@@ -119,7 +119,7 @@ int find_fido2_auto_data(
 
         /* Loads FIDO2 metadata from LUKS2 JSON token headers. */
 
-        for (int token = 0; token < LUKS2_TOKENS_MAX; token ++) {
+        for (int token = 0; token < sym_crypt_token_max(CRYPT_LUKS2); token ++) {
                 _cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
                 JsonVariant *w;
 
diff --git a/src/cryptsetup/cryptsetup-pkcs11.c b/src/cryptsetup/cryptsetup-pkcs11.c
@@ -180,7 +180,7 @@ int find_pkcs11_auto_data(
 
         /* Loads PKCS#11 metadata from LUKS2 JSON token headers. */
 
-        for (int token = 0; token < LUKS2_TOKENS_MAX; token++) {
+        for (int token = 0; token < sym_crypt_token_max(CRYPT_LUKS2); token++) {
                 _cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
                 JsonVariant *w;
 
diff --git a/src/cryptsetup/cryptsetup-tpm2.c b/src/cryptsetup/cryptsetup-tpm2.c
@@ -84,7 +84,7 @@ int find_tpm2_auto_data(
 
         assert(cd);
 
-        for (token = start_token; token < LUKS2_TOKENS_MAX; token++) {
+        for (token = start_token; token < sym_crypt_token_max(CRYPT_LUKS2); token++) {
                 _cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
                 JsonVariant *w, *e;
 
diff --git a/src/shared/cryptsetup-util.c b/src/shared/cryptsetup-util.c
@@ -31,6 +31,9 @@ int (*sym_crypt_set_pbkdf_type)(struct crypt_device *cd, const struct crypt_pbkd
 int (*sym_crypt_token_json_get)(struct crypt_device *cd, int token, const char **json) = NULL;
 int (*sym_crypt_token_json_set)(struct crypt_device *cd, int token, const char *json) = NULL;
 int (*sym_crypt_volume_key_get)(struct crypt_device *cd, int keyslot, char *volume_key, size_t *volume_key_size, const char *passphrase, size_t passphrase_size);
+#if HAVE_CRYPT_TOKEN_MAX
+int (*sym_crypt_token_max)(const char *type);
+#endif
 
 int dlopen_cryptsetup(void) {
         _cleanup_(dlclosep) void *dl = NULL;
@@ -69,6 +72,9 @@ int dlopen_cryptsetup(void) {
                         DLSYM_ARG(crypt_token_json_get),
                         DLSYM_ARG(crypt_token_json_set),
                         DLSYM_ARG(crypt_volume_key_get),
+#if HAVE_CRYPT_TOKEN_MAX
+                        DLSYM_ARG(crypt_token_max),
+#endif
                         NULL);
         if (r < 0)
                 return r;
diff --git a/src/shared/cryptsetup-util.h b/src/shared/cryptsetup-util.h
@@ -37,6 +37,16 @@ extern int (*sym_crypt_set_pbkdf_type)(struct crypt_device *cd, const struct cry
 extern int (*sym_crypt_token_json_get)(struct crypt_device *cd, int token, const char **json);
 extern int (*sym_crypt_token_json_set)(struct crypt_device *cd, int token, const char *json);
 extern int (*sym_crypt_volume_key_get)(struct crypt_device *cd, int keyslot, char *volume_key, size_t *volume_key_size, const char *passphrase, size_t passphrase_size);
+#if HAVE_CRYPT_TOKEN_MAX
+extern int (*sym_crypt_token_max)(const char *type);
+#else
+/* As a fallback, use the same hard-coded value libcryptsetup uses internally. */
+static inline int sym_crypt_token_max(_unused_ const char *type) {
+    assert(streq(type, CRYPT_LUKS2));
+
+    return 32;
+}
+#endif
 
 int dlopen_cryptsetup(void);
 
@@ -51,8 +61,4 @@ int cryptsetup_get_token_as_json(struct crypt_device *cd, int idx, const char *v
 int cryptsetup_get_keyslot_from_token(JsonVariant *v);
 int cryptsetup_add_token_json(struct crypt_device *cd, JsonVariant *v);
 
-/* Stolen from cryptsetup's sources. We use to iterate through all tokens defined for a volume. Ideally, we'd
- * be able to query this via some API, but there appears to be none currently in libcryptsetup. */
-#define LUKS2_TOKENS_MAX 32
-
 #endif
