| John Wedig | b810c92 | 2021-11-17 16:38:03 -0800 | [diff] [blame^] | 1 | #pragma once |
| 2 | |
| 3 | #include <libcryptsetup.h> |
| 4 | |
| 5 | #include <stdplus/handle/managed.hpp> |
| 6 | |
| 7 | namespace estoraged |
| 8 | { |
| 9 | |
| 10 | /** @class CryptsetupInterface |
| 11 | * @brief Interface to the cryptsetup functions used to manage a LUKS device. |
| 12 | * @details This class is used to mock out the cryptsetup functions. |
| 13 | */ |
| 14 | class CryptsetupInterface |
| 15 | { |
| 16 | public: |
| 17 | virtual ~CryptsetupInterface() = default; |
| 18 | |
| 19 | /** @brief Wrapper around crypt_format. |
| 20 | * @details Used for mocking purposes. |
| 21 | * |
| 22 | * @param[in] cd - crypt device handle. |
| 23 | * @param[in] type - type of device (optional params struct must be of |
| 24 | * this type). |
| 25 | * @param[in] cipher - (e.g. "aes"). |
| 26 | * @params[in cipher_mode - including IV specification (e.g. "xts-plain"). |
| 27 | * @params[in] uuid - requested UUID or NULL if it should be generated. |
| 28 | * @params[in] volume_key - pre-generated volume key or NULL if it should |
| 29 | * be generated (only for LUKS). |
| 30 | * @params[in] volume_key_size - size of volume key in bytes. |
| 31 | * @params[in] params - crypt type specific parameters. |
| 32 | * |
| 33 | * @returns 0 on success or negative errno value otherwise. |
| 34 | */ |
| 35 | virtual int cryptFormat(struct crypt_device* cd, const char* type, |
| 36 | const char* cipher, const char* cipherMode, |
| 37 | const char* uuid, const char* volumeKey, |
| 38 | size_t volumeKeySize, void* params) = 0; |
| 39 | |
| 40 | /** @brief Wrapper around crypt_keyslot_add_by_volume_key. |
| 41 | * @details Used for mocking purposes. |
| 42 | * |
| 43 | * @param[in] cd - crypt device handle. |
| 44 | * @param[in] keyslot - requested keyslot or CRYPT_ANY_SLOT. |
| 45 | * @param[in] volume_key - provided volume key or NULL if used after |
| 46 | * crypt_format. |
| 47 | * @param[in] volume_key_size - size of volume_key. |
| 48 | * @param[in] passphrase - passphrase for new keyslot. |
| 49 | * @param[in] passphrase_size - size of passphrase. |
| 50 | * |
| 51 | * @returns allocated key slot number or negative errno otherwise. |
| 52 | */ |
| 53 | virtual int cryptKeyslotAddByVolumeKey(struct crypt_device* cd, int keyslot, |
| 54 | const char* volumeKey, |
| 55 | size_t volumeKeySize, |
| 56 | const char* passphrase, |
| 57 | size_t passphraseSize) = 0; |
| 58 | |
| 59 | /** @brief Wrapper around crypt_load. |
| 60 | * @details Used for mocking purposes. |
| 61 | * |
| 62 | * @param[in] cd - crypt device handle. |
| 63 | * @param[in] requested_type - crypt-type or NULL for all known. |
| 64 | * @param[in] params - crypt type specific parameters (see crypt-type). |
| 65 | * |
| 66 | * @returns 0 on success or negative errno value otherwise. |
| 67 | */ |
| 68 | virtual int cryptLoad(struct crypt_device* cd, const char* requestedType, |
| 69 | void* params) = 0; |
| 70 | |
| 71 | /** @brief Wrapper around crypt_activate_by_passphrase. |
| 72 | * @details Used for mocking purposes. |
| 73 | * |
| 74 | * @param[in] cd - crypt device handle. |
| 75 | * @param[in] name - name of device to create, if NULL only check |
| 76 | * passphrase. |
| 77 | * @param[in] keyslot - requested keyslot to check or CRYPT_ANY_SLOT. |
| 78 | * @param[in] passphrase - passphrase used to unlock volume key. |
| 79 | * @param[in] passphrase_size - size of passphrase. |
| 80 | * @param[in] flags - activation flags. |
| 81 | * |
| 82 | * @returns unlocked key slot number or negative errno otherwise. |
| 83 | */ |
| 84 | virtual int cryptActivateByPassphrase(struct crypt_device* cd, |
| 85 | const char* name, int keyslot, |
| 86 | const char* passphrase, |
| 87 | size_t passphraseSize, |
| 88 | uint32_t flags) = 0; |
| 89 | |
| 90 | /** @brief Wrapper around crypt_deactivate. |
| 91 | * @details Used for mocking purposes. |
| 92 | * |
| 93 | * @param[in] cd - crypt device handle, can be NULL. |
| 94 | * @param[in] name - name of device to deactivate. |
| 95 | * |
| 96 | * @returns 0 on success or negative errno value otherwise. |
| 97 | */ |
| 98 | virtual int cryptDeactivate(struct crypt_device* cd, const char* name) = 0; |
| 99 | }; |
| 100 | |
| 101 | /** @class Cryptsetup |
| 102 | * @brief Implements CryptsetupInterface. |
| 103 | */ |
| 104 | class Cryptsetup : public CryptsetupInterface |
| 105 | { |
| 106 | public: |
| 107 | ~Cryptsetup() = default; |
| 108 | |
| 109 | int cryptFormat(struct crypt_device* cd, const char* type, |
| 110 | const char* cipher, const char* cipherMode, |
| 111 | const char* uuid, const char* volumeKey, |
| 112 | size_t volumeKeySize, void* params) override |
| 113 | { |
| 114 | return crypt_format(cd, type, cipher, cipherMode, uuid, volumeKey, |
| 115 | volumeKeySize, params); |
| 116 | } |
| 117 | |
| 118 | int cryptKeyslotAddByVolumeKey(struct crypt_device* cd, int keyslot, |
| 119 | const char* volumeKey, size_t volumeKeySize, |
| 120 | const char* passphrase, |
| 121 | size_t passphraseSize) override |
| 122 | { |
| 123 | return crypt_keyslot_add_by_volume_key( |
| 124 | cd, keyslot, volumeKey, volumeKeySize, passphrase, passphraseSize); |
| 125 | } |
| 126 | |
| 127 | int cryptLoad(struct crypt_device* cd, const char* requestedType, |
| 128 | void* params) override |
| 129 | { |
| 130 | return crypt_load(cd, requestedType, params); |
| 131 | } |
| 132 | |
| 133 | int cryptActivateByPassphrase(struct crypt_device* cd, const char* name, |
| 134 | int keyslot, const char* passphrase, |
| 135 | size_t passphraseSize, |
| 136 | uint32_t flags) override |
| 137 | { |
| 138 | return crypt_activate_by_passphrase(cd, name, keyslot, passphrase, |
| 139 | passphraseSize, flags); |
| 140 | } |
| 141 | |
| 142 | int cryptDeactivate(struct crypt_device* cd, const char* name) override |
| 143 | { |
| 144 | return crypt_deactivate(cd, name); |
| 145 | } |
| 146 | }; |
| 147 | |
| 148 | /** @class CryptHandle |
| 149 | * @brief This manages a crypt_device struct and automatically frees it when |
| 150 | * this handle exits the current scope. |
| 151 | */ |
| 152 | class CryptHandle |
| 153 | { |
| 154 | public: |
| 155 | /** @brief Constructor for CryptHandle |
| 156 | * |
| 157 | * @param[out] cd - pointer to crypt_device*, to be allocated |
| 158 | * @param[in] device - path to device file |
| 159 | */ |
| 160 | CryptHandle(struct crypt_device** cd, const char* device) : |
| 161 | handle(init(cd, device)) |
| 162 | {} |
| 163 | |
| 164 | /** @brief Allocate and initialize the crypt_device struct |
| 165 | * |
| 166 | * @param[out] cd - pointer to crypt_device*, to be allocated |
| 167 | * @param[in] device - path to device file |
| 168 | */ |
| 169 | struct crypt_device* init(struct crypt_device** cd, const char* device) |
| 170 | { |
| 171 | int retval = crypt_init(cd, device); |
| 172 | if (retval < 0) |
| 173 | { |
| 174 | return nullptr; |
| 175 | } |
| 176 | |
| 177 | return *cd; |
| 178 | } |
| 179 | |
| 180 | /** @brief Free the crypt_device struct |
| 181 | * |
| 182 | * @param[in] cd - pointer to crypt_device*, to be freed |
| 183 | */ |
| 184 | static void cryptFree(struct crypt_device*&& cd) |
| 185 | { |
| 186 | crypt_free(cd); |
| 187 | } |
| 188 | |
| 189 | /** @brief Managed handle to crypt_device struct */ |
| 190 | stdplus::Managed<struct crypt_device*>::Handle<cryptFree> handle; |
| 191 | }; |
| 192 | |
| 193 | } // namespace estoraged |