summaryrefslogtreecommitdiffstats
path: root/g13/suspend.c
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--g13/suspend.c145
1 files changed, 145 insertions, 0 deletions
diff --git a/g13/suspend.c b/g13/suspend.c
new file mode 100644
index 0000000..44c52dd
--- /dev/null
+++ b/g13/suspend.c
@@ -0,0 +1,145 @@
+/* suspend.c - Suspend/Resume a crypto container
+ * Copyright (C) 2016 Werner Koch
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <unistd.h>
+#include <sys/stat.h>
+#include <assert.h>
+
+#include "g13.h"
+#include "../common/i18n.h"
+#include "../common/sysutils.h"
+#include "suspend.h"
+
+#include "keyblob.h"
+#include "backend.h"
+#include "g13tuple.h"
+#include "server.h" /*(g13_keyblob_decrypt)*/
+
+
+
+/* Suspend the container with name FILENAME. */
+gpg_error_t
+g13_suspend_container (ctrl_t ctrl, const char *filename)
+{
+ gpg_error_t err;
+ int needs_syshelp;
+
+ /* A quick check to see whether the container exists. */
+ if (gnupg_access (filename, R_OK))
+ return gpg_error_from_syserror ();
+
+ /* Decide whether we need to use the g13-syshelp because we can't
+ use lock files for them. This is most likely the case for device
+ files; thus we test for this. FIXME: The correct solution would
+ be to call g13-syshelp to match the file against the g13tab. */
+ needs_syshelp = !strncmp (filename, "/dev/", 5);
+
+ if (!needs_syshelp)
+ err = gpg_error (GPG_ERR_NOT_SUPPORTED);
+ else
+ err = be_suspend_container (ctrl, CONTTYPE_DM_CRYPT, filename);
+
+ return err;
+}
+
+
+/* Resume the container with name FILENAME. */
+gpg_error_t
+g13_resume_container (ctrl_t ctrl, const char *filename)
+{
+ gpg_error_t err;
+ int needs_syshelp;
+ void *enckeyblob = NULL;
+ size_t enckeybloblen;
+ void *keyblob = NULL;
+ size_t keybloblen;
+ tupledesc_t tuples = NULL;
+ size_t n;
+ const unsigned char *value;
+ int conttype;
+ char *mountpoint_buffer = NULL;
+
+ /* A quick check to see whether the container exists. */
+ if (gnupg_access (filename, R_OK))
+ return gpg_error_from_syserror ();
+
+ /* Decide whether we need to use the g13-syshelp because we can't
+ use lock files for them. This is most likely the case for device
+ files; thus we test for this. FIXME: The correct solution would
+ be to call g13-syshelp to match the file against the g13tab. */
+ needs_syshelp = !strncmp (filename, "/dev/", 5);
+
+ if (!needs_syshelp)
+ {
+ err = gpg_error (GPG_ERR_NOT_SUPPORTED);
+ goto leave;
+ }
+
+ /* Read the encrypted keyblob. */
+ /* Fixme: Should we move this to syshelp for dm-crypt or do we
+ assume that the encrypted device is world readable? */
+ err = g13_keyblob_read (filename, &enckeyblob, &enckeybloblen);
+ if (err)
+ goto leave;
+
+ /* Decrypt that keyblob and store it in a tuple descriptor. */
+ err = g13_keyblob_decrypt (ctrl, enckeyblob, enckeybloblen,
+ &keyblob, &keybloblen);
+ if (err)
+ goto leave;
+ xfree (enckeyblob);
+ enckeyblob = NULL;
+
+ err = create_tupledesc (&tuples, keyblob, keybloblen);
+ if (!err)
+ keyblob = NULL;
+ else
+ {
+ if (gpg_err_code (err) == GPG_ERR_NOT_SUPPORTED)
+ log_error ("unknown keyblob version\n");
+ goto leave;
+ }
+ if (opt.verbose)
+ dump_tupledesc (tuples);
+
+ value = find_tuple (tuples, KEYBLOB_TAG_CONTTYPE, &n);
+ if (!value || n != 2)
+ conttype = 0;
+ else
+ conttype = (value[0] << 8 | value[1]);
+ if (!be_is_supported_conttype (conttype))
+ {
+ log_error ("content type %d is not supported\n", conttype);
+ err = gpg_error (GPG_ERR_NOT_SUPPORTED);
+ goto leave;
+ }
+ err = be_resume_container (ctrl, conttype, filename, tuples);
+
+ leave:
+ destroy_tupledesc (tuples);
+ xfree (keyblob);
+ xfree (enckeyblob);
+ xfree (mountpoint_buffer);
+ return err;
+}