From aad48e5b35f9feb25bbd52506923ea2a424f0f01 Mon Sep 17 00:00:00 2001 From: "Christoph M. Wintersteiger" Date: Mon, 17 Aug 2020 16:14:01 +0000 Subject: [PATCH 1/3] Formatting Signed-off-by: Christoph M. Wintersteiger --- src/enclave/enclave_init.c | 5 +++-- src/enclave/enclave_mem.c | 2 +- src/enclave/enclave_oe.c | 23 +++++++++-------------- src/enclave/enclave_signal.c | 2 +- src/enclave/mpmc_queue.c | 7 ++++--- src/shared/env.c | 4 ++-- src/shared/sgxlkl_enclave_config.c | 2 +- 7 files changed, 21 insertions(+), 24 deletions(-) diff --git a/src/enclave/enclave_init.c b/src/enclave/enclave_init.c index 6ef0d69e8..4f966cbd1 100644 --- a/src/enclave/enclave_init.c +++ b/src/enclave/enclave_init.c @@ -91,7 +91,8 @@ static void init_wireguard() static int startmain(void* args) { - __init_libc(sgxlkl_enclave_state.elf64_stack.envp, + __init_libc( + sgxlkl_enclave_state.elf64_stack.envp, sgxlkl_enclave_state.elf64_stack.argv[0]); __libc_start_init(); a_barrier(); @@ -156,7 +157,7 @@ int __libc_init_enclave(int argc, char** argv) max_lthreads = next_power_of_2(max_lthreads); newmpmcq(&__scheduler_queue, max_lthreads, 0); - + init_ethread_tp(); size_t espins = cfg->espins; diff --git a/src/enclave/enclave_mem.c b/src/enclave/enclave_mem.c index 49cd5faf0..890d13986 100644 --- a/src/enclave/enclave_mem.c +++ b/src/enclave/enclave_mem.c @@ -139,7 +139,7 @@ void enclave_mman_init(const void* base, size_t num_pages, int _mmap_files) // Base address for range of pages available to mmap calls mmap_base = (char*)mmap_bitmap + (2 * bitmap_req_pages * PAGE_SIZE); - // Set mmap_end to one less page than we normally would to address + // Set mmap_end to one less page than we normally would to address // https://github.com/lsds/sgx-lkl/issues/742 mmap_end = (char*)mmap_base + (mmap_num_pages - 2) * PAGE_SIZE; diff --git a/src/enclave/enclave_oe.c b/src/enclave/enclave_oe.c index 90f7fdc01..779b63094 100644 --- a/src/enclave/enclave_oe.c +++ b/src/enclave/enclave_oe.c @@ -1,7 +1,6 @@ #include #include - #include #include #include @@ -18,7 +17,7 @@ #define AUXV_ENTRIES 13 -char *at_platform = "x86_64"; +char* at_platform = "x86_64"; sgxlkl_enclave_state_t sgxlkl_enclave_state = {0}; bool sgxlkl_in_sw_debug_mode() @@ -55,28 +54,25 @@ static int _strncmp(const char* x, const char* y, size_t n) return *px == *py ? 0 : *px < *py ? -1 : +1; } -static void -init_auxv(size_t *auxv, char* buf_ptr, char *pn) +static void init_auxv(size_t* auxv, char* buf_ptr, char* pn) { // By default auxv[AT_RANDOM] points to a buffer with 16 random bytes. - uint64_t *rbuf = (uint64_t*)buf_ptr; + uint64_t* rbuf = (uint64_t*)buf_ptr; buf_ptr += 16; // TODO Use intrinsics // if (!_rdrand64_step(&rbuf[0])) // goto err; register uint64_t rd; - __asm__ volatile("rdrand %0;" - : "=r"(rd)); + __asm__ volatile("rdrand %0;" : "=r"(rd)); rbuf[0] = rd; - __asm__ volatile("rdrand %0;" - : "=r"(rd)); + __asm__ volatile("rdrand %0;" : "=r"(rd)); rbuf[1] = rd; memset(auxv, 0, 2 * sizeof(size_t) * AUXV_ENTRIES); auxv[0] = AT_CLKTCK; auxv[1] = 100; auxv[2] = AT_EXECFN; - auxv[3] = (size_t) pn; + auxv[3] = (size_t)pn; auxv[4] = AT_HWCAP; auxv[5] = 0; auxv[6] = AT_EGID; @@ -89,7 +85,7 @@ init_auxv(size_t *auxv, char* buf_ptr, char *pn) auxv[13] = 0; auxv[14] = AT_PLATFORM; memcpy(buf_ptr, at_platform, oe_strlen(at_platform) + 1); - auxv[15] = (size_t) buf_ptr; + auxv[15] = (size_t)buf_ptr; buf_ptr += oe_strlen(at_platform) + 1; auxv[16] = AT_SECURE; auxv[17] = 0; @@ -146,9 +142,9 @@ static void _prepare_elf_stack() for (size_t i = 0; i < num_imported_env; i++) num_bytes += oe_strlen(imported_env[i]) + 1; num_ptrs += num_imported_env + 1; - num_ptrs += 2 * AUXV_ENTRIES; // auxv vector entries + num_ptrs += 2 * AUXV_ENTRIES; // auxv vector entries num_bytes += oe_strlen(at_platform) + 1; // AT_PLATFORM - num_bytes += 16; // AT_RANDOM + num_bytes += 16; // AT_RANDOM elf64_stack_t* stack = &sgxlkl_enclave_state.elf64_stack; stack->data = oe_calloc_or_die( @@ -462,4 +458,3 @@ void sgxlkl_debug_dump_stack_traces(void) lthread_dump_all_threads(false); #endif } - diff --git a/src/enclave/enclave_signal.c b/src/enclave/enclave_signal.c index a571b56e9..ed64477d9 100644 --- a/src/enclave/enclave_signal.c +++ b/src/enclave/enclave_signal.c @@ -5,8 +5,8 @@ #include -#include #include +#include #include #include diff --git a/src/enclave/mpmc_queue.c b/src/enclave/mpmc_queue.c index 32649d19d..6563344d8 100644 --- a/src/enclave/mpmc_queue.c +++ b/src/enclave/mpmc_queue.c @@ -34,9 +34,9 @@ * POSSIBILITY OF SUCH DAMAGE. */ -#include "openenclave/corelibc/oemalloc.h" -#include "enclave/enclave_util.h" #include "enclave/mpmc_queue.h" +#include "enclave/enclave_util.h" +#include "openenclave/corelibc/oemalloc.h" static void pause(void); static void pause() @@ -53,7 +53,8 @@ int newmpmcq(struct mpmcq* q, size_t buffer_size, void* buffer) q->buffer = buffer != 0 ? buffer : oe_calloc(sizeof(struct cell_t), buffer_size); q->buffer_mask = (buffer_size - 1); - SGXLKL_ASSERT((buffer_size >= 2) && ((buffer_size & (buffer_size - 1)) == 0)); + SGXLKL_ASSERT( + (buffer_size >= 2) && ((buffer_size & (buffer_size - 1)) == 0)); for (i = 0; i != buffer_size; i += 1) { __atomic_store_n(&q->buffer[i].seq, i, __ATOMIC_RELAXED); diff --git a/src/shared/env.c b/src/shared/env.c index 75203309e..4f1d5bdaa 100644 --- a/src/shared/env.c +++ b/src/shared/env.c @@ -1,10 +1,10 @@ +#include "shared/env.h" #include #include #include #include #include #include -#include "shared/env.h" uint64_t hex_to_int(const char* digits, size_t num_digits) { @@ -122,7 +122,7 @@ ssize_t hex_to_bytes(const char* hex, uint8_t** result) } len /= 2; - bytes = malloc(2*len); + bytes = malloc(2 * len); if (!bytes) { errno = ENOMEM; diff --git a/src/shared/sgxlkl_enclave_config.c b/src/shared/sgxlkl_enclave_config.c index df49bfea4..33e01091f 100644 --- a/src/shared/sgxlkl_enclave_config.c +++ b/src/shared/sgxlkl_enclave_config.c @@ -9,8 +9,8 @@ #endif #include -#include #include +#include #include #include From 7e8b2dcbf2e8805a27982d3f5187ccaa5d4abe77 Mon Sep 17 00:00:00 2001 From: "Christoph M. Wintersteiger" Date: Tue, 18 Aug 2020 09:15:29 +0000 Subject: [PATCH 2/3] Enable formatting commit hook Signed-off-by: Christoph M. Wintersteiger --- scripts/pre-commit | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/scripts/pre-commit b/scripts/pre-commit index d32997673..e719e4771 100755 --- a/scripts/pre-commit +++ b/scripts/pre-commit @@ -21,10 +21,9 @@ if [[ $(git config --get user.name | wc -w) -lt 2 ]]; then exit_ "Commit failed: please fix your Git user name (see docs/Contributing.md)" fi -# TODO enable after formatting is enabled -#if ! git diff-index --check --cached HEAD --; then -# exit_ "Commit failed: please fix the conflict markers or whitespace errors" -#fi +if ! git diff-index --check --cached HEAD --; then + exit_ "Commit failed: please fix the conflict markers or whitespace errors" +fi mapfile -t files < <(git diff --cached --name-only --diff-filter=ACMR) @@ -38,11 +37,10 @@ fi scripts=$(git rev-parse --show-toplevel)/scripts -# TODO enable after files have been formatted -# shellcheck disable=SC2154 -#if ! "$scripts/format-c-code" --quiet --whatif --files="${files[*]}"; then -# exit_ "Commit failed: please run './scripts/format-c-code --staged' to fix the formatting" -#fi +#shellcheck disable=SC2154 +if ! "$scripts/format-c-code" --quiet --whatif --files="${files[*]}"; then + exit_ "Commit failed: please run './scripts/format-c-code --staged' to fix the formatting" +fi if ! "$scripts/format-py-code" --quiet --whatif; then exit_ "Commit failed: please run './scripts/format-py-code' to fix the formatting" From ad64619d18328a111478bb28425590d7f086625f Mon Sep 17 00:00:00 2001 From: "Christoph M. Wintersteiger" Date: Tue, 18 Aug 2020 09:23:05 +0000 Subject: [PATCH 3/3] Format src/* Signed-off-by: Christoph M. Wintersteiger --- src/host_interface/virtio_netdev.c | 12 +- src/include/enclave/enclave_mem.h | 8 +- src/include/enclave/enclave_util.h | 5 +- src/include/enclave/lthread.h | 52 +- src/include/enclave/lthread_int.h | 14 +- src/include/lkl/syscall-overrides-fstat.h | 3 +- src/include/openenclave/corelibc/oemalloc.h | 8 +- src/include/shared/base64.h | 2 +- src/include/shared/oe_compat.h | 4 +- src/include/shared/timer_dev.h | 2 +- src/libjson/common/load_file.c | 2 +- src/libjson/jsonprint/main.c | 9 +- src/libjson/sample1/main.c | 51 +- src/libjson/sample1/structs.h | 27 +- src/libjson/sample2/main.c | 30 +- src/sched/futex.c | 18 +- src/sched/lthread.c | 73 +- src/vicsetup/libvicsetup/blockdev.c | 41 +- src/vicsetup/libvicsetup/byteorder.h | 36 +- src/vicsetup/libvicsetup/crypto.c | 40 +- src/vicsetup/libvicsetup/crypto.h | 2 +- src/vicsetup/libvicsetup/defs.h | 8 +- src/vicsetup/libvicsetup/dm.c | 66 +- src/vicsetup/libvicsetup/dm.h | 24 +- src/vicsetup/libvicsetup/eraise.h | 8 +- src/vicsetup/libvicsetup/goto.h | 12 +- src/vicsetup/libvicsetup/hash.c | 4 +- src/vicsetup/libvicsetup/hash.h | 23 +- src/vicsetup/libvicsetup/hexdump.c | 7 +- src/vicsetup/libvicsetup/hexdump.h | 4 +- .../libvicsetup/include/libcryptsetup.h | 1 - src/vicsetup/libvicsetup/include/vic.h | 90 +-- src/vicsetup/libvicsetup/integrity.c | 27 +- src/vicsetup/libvicsetup/integrity.h | 45 +- src/vicsetup/libvicsetup/libcryptsetup.c | 116 ++- src/vicsetup/libvicsetup/loop.c | 16 +- src/vicsetup/libvicsetup/loop.h | 2 +- src/vicsetup/libvicsetup/luks.c | 52 +- src/vicsetup/libvicsetup/luks1.c | 228 +++--- src/vicsetup/libvicsetup/luks1.h | 12 +- src/vicsetup/libvicsetup/luks2.c | 688 ++++++++---------- src/vicsetup/libvicsetup/luks2.h | 62 +- src/vicsetup/libvicsetup/lukscommon.h | 15 +- src/vicsetup/libvicsetup/raise.h | 10 +- src/vicsetup/libvicsetup/strings.h | 6 +- src/vicsetup/libvicsetup/trace.c | 2 +- src/vicsetup/libvicsetup/trace.h | 14 +- src/vicsetup/libvicsetup/uuid.c | 8 +- src/vicsetup/libvicsetup/vec.h | 3 +- src/vicsetup/libvicsetup/verity.c | 32 +- src/vicsetup/libvicsetup/verity.h | 11 +- src/vicsetup/tests/blockdev/main.c | 6 +- src/vicsetup/vicsetup/main.c | 324 ++++----- src/wireguard/wireguard_util.c | 7 +- 54 files changed, 1109 insertions(+), 1263 deletions(-) diff --git a/src/host_interface/virtio_netdev.c b/src/host_interface/virtio_netdev.c index 467d7b766..7a13f7f18 100644 --- a/src/host_interface/virtio_netdev.c +++ b/src/host_interface/virtio_netdev.c @@ -156,7 +156,6 @@ static int virtio_net_fd_net_poll(uint8_t netdev_id) }, }; - do { ret = poll(pfds, 2, -1); @@ -536,10 +535,15 @@ int netdev_init(sgxlkl_host_state_t* host_state) char mac[6]; // Generate a completely random MAC address size_t b = 0; - while (b < sizeof(mac)) { + while (b < sizeof(mac)) + { ssize_t ret = getrandom(&mac[b], sizeof(mac) - b, GRND_RANDOM); - if (ret < 0) { - sgxlkl_host_fail("%s: get random MAC address failed: %s\n", __func__, strerror(errno)); + if (ret < 0) + { + sgxlkl_host_fail( + "%s: get random MAC address failed: %s\n", + __func__, + strerror(errno)); return -1; } b += ret; diff --git a/src/include/enclave/enclave_mem.h b/src/include/enclave/enclave_mem.h index cc0ea9a94..77392213b 100644 --- a/src/include/enclave/enclave_mem.h +++ b/src/include/enclave/enclave_mem.h @@ -10,16 +10,16 @@ #include "enclave/sgxlkl_t.h" #ifndef PROT_NONE -# define PROT_NONE 0x0 +#define PROT_NONE 0x0 #endif #ifndef PROT_READ -# define PROT_READ 0x1 +#define PROT_READ 0x1 #endif #ifndef PROT_WRITE -# define PROT_WRITE 0x2 +#define PROT_WRITE 0x2 #endif #ifndef PROT_EXEC -# define PROT_EXEC 0x4 +#define PROT_EXEC 0x4 #endif void enclave_mman_init(const void* base, size_t num_pages, int _mmap_files); diff --git a/src/include/enclave/enclave_util.h b/src/include/enclave/enclave_util.h index 05746d386..073559db9 100644 --- a/src/include/enclave/enclave_util.h +++ b/src/include/enclave/enclave_util.h @@ -93,8 +93,9 @@ void* oe_calloc_or_die(size_t nmemb, size_t size, const char* fail_msg, ...); /** * - * Note that generating a stack trace by unwinding stack frames could be exploited - * by an attacker and therefore should only be possible in a DEBUG build. + * Note that generating a stack trace by unwinding stack frames could be + * exploited by an attacker and therefore should only be possible in a DEBUG + * build. */ #ifdef DEBUG /** diff --git a/src/include/enclave/lthread.h b/src/include/enclave/lthread.h index 79bbb576b..6412898e8 100644 --- a/src/include/enclave/lthread.h +++ b/src/include/enclave/lthread.h @@ -134,21 +134,21 @@ struct futex_q struct lthread { - struct cpu_ctx ctx; /* cpu ctx info */ - lthread_func fun; /* func lthread is running */ - void* arg; /* func args passed to func */ - struct lthread_attr attr; /* various attributes */ - int tid; /* lthread id */ - char funcname[64]; /* optional func name */ - struct lthread* lt_join; /* lthread we want to join on */ - void** lt_exit_ptr; /* exit ptr for lthread_join */ - uint32_t ops; /* num of ops since yield */ - uint64_t sleep_usecs; /* how long lthread is sleeping */ - struct lthread_tls_l tls; /* pointer to TLS */ - uint8_t* itls; /* image TLS */ - size_t itlssz; /* size of TLS image */ - uintptr_t* tp; /* thread pointer */ - int err; /* errno value */ + struct cpu_ctx ctx; /* cpu ctx info */ + lthread_func fun; /* func lthread is running */ + void* arg; /* func args passed to func */ + struct lthread_attr attr; /* various attributes */ + int tid; /* lthread id */ + char funcname[64]; /* optional func name */ + struct lthread* lt_join; /* lthread we want to join on */ + void** lt_exit_ptr; /* exit ptr for lthread_join */ + uint32_t ops; /* num of ops since yield */ + uint64_t sleep_usecs; /* how long lthread is sleeping */ + struct lthread_tls_l tls; /* pointer to TLS */ + uint8_t* itls; /* image TLS */ + size_t itlssz; /* size of TLS image */ + uintptr_t* tp; /* thread pointer */ + int err; /* errno value */ /* yield_cb_* are a callback to call after yield finished and it's arg */ /* they are required to release futex lock on FUTEX_WAIT operation */ /* and in sched_yield (see comment there) to avoid race among schedulers */ @@ -177,18 +177,20 @@ struct lthread_sched }; /** * lthread scheduler context. Pointer to this structure can be fetched by - * calling __scheduler_self(). + * calling __scheduler_self(). * The structure is located towards the end of the page pointed by %gs. */ -struct schedctx { - struct schedctx *self; - int tid; - struct lthread_sched sched; +struct schedctx +{ + struct schedctx* self; + int tid; + struct lthread_sched sched; }; /* Thread Control Block (TCB) for lthreads and lthread scheduler */ -struct lthread_tcb_base { - void *self; +struct lthread_tcb_base +{ + void* self; char _pad_0[32]; // SGX-LKL does not have full stack smashing protection (SSP) support right // now. In particular, we do not generate a random stack guard for every @@ -198,7 +200,7 @@ struct lthread_tcb_base { // guard/canary value at an offset 0x28 (40 bytes) from the FS segment // base/start of the TCB (see schedctx struct above). uint64_t stack_guard_dummy; - struct schedctx *schedctx; + struct schedctx* schedctx; }; typedef struct lthread* lthread_t; @@ -211,9 +213,7 @@ extern "C" */ void init_ethread_tp(); - void lthread_sched_global_init( - size_t sleepspins, - size_t sleeptime_ns); + void lthread_sched_global_init(size_t sleepspins, size_t sleeptime_ns); /** * Create a new thread where the caller manages the initial thread state. diff --git a/src/include/enclave/lthread_int.h b/src/include/enclave/lthread_int.h index f505c4986..6bbf452d3 100644 --- a/src/include/enclave/lthread_int.h +++ b/src/include/enclave/lthread_int.h @@ -75,18 +75,16 @@ static inline uint64_t _lthread_timespec_to_usec(const struct timespec* ts) Gets a pointer to the schedctx struct. The pointer is maintained at offset 48 from gsbase of the ethread. */ -static inline struct schedctx *__scheduler_self() +static inline struct schedctx* __scheduler_self() { - struct schedctx *self; - __asm__ __volatile__ ("mov %%gs:48,%0" : "=r" (self) ); - return self; + struct schedctx* self; + __asm__ __volatile__("mov %%gs:48,%0" : "=r"(self)); + return self; } - -static inline struct lthread_sched* -lthread_get_sched() +static inline struct lthread_sched* lthread_get_sched() { - struct schedctx *c = __scheduler_self(); + struct schedctx* c = __scheduler_self(); return &c->sched; } diff --git a/src/include/lkl/syscall-overrides-fstat.h b/src/include/lkl/syscall-overrides-fstat.h index 8569a3343..7652d0607 100644 --- a/src/include/lkl/syscall-overrides-fstat.h +++ b/src/include/lkl/syscall-overrides-fstat.h @@ -2,8 +2,7 @@ #define _LKL_SYSCALL_OVERRIDES_FSTAT_H typedef long (*syscall_fstat_handler)(int, void*); -typedef long (*syscall_newfstatat_handler)( - int, const char*, void*, int); +typedef long (*syscall_newfstatat_handler)(int, const char*, void*, int); /** * Register override functions that maintain compatibility diff --git a/src/include/openenclave/corelibc/oemalloc.h b/src/include/openenclave/corelibc/oemalloc.h index 3a63bf719..41a8aa57e 100644 --- a/src/include/openenclave/corelibc/oemalloc.h +++ b/src/include/openenclave/corelibc/oemalloc.h @@ -3,9 +3,9 @@ #include "openenclave/corelibc/bits/types.h" -void *oe_malloc(size_t size); -void oe_free(void *ptr); -void *oe_calloc(size_t nmemb, size_t size); -void *oe_realloc(void *ptr, size_t size); +void* oe_malloc(size_t size); +void oe_free(void* ptr); +void* oe_calloc(size_t nmemb, size_t size); +void* oe_realloc(void* ptr, size_t size); #endif diff --git a/src/include/shared/base64.h b/src/include/shared/base64.h index ef62344bc..fe072f605 100644 --- a/src/include/shared/base64.h +++ b/src/include/shared/base64.h @@ -8,7 +8,7 @@ unsigned char* sgxlkl_base64_encode( size_t len, unsigned char* out, size_t* out_len); - + unsigned char* sgxlkl_base64_decode( const unsigned char* src, size_t len, diff --git a/src/include/shared/oe_compat.h b/src/include/shared/oe_compat.h index fc6163ea1..3225e7737 100644 --- a/src/include/shared/oe_compat.h +++ b/src/include/shared/oe_compat.h @@ -3,8 +3,8 @@ #ifdef SGXLKL_ENCLAVE -/* Rewire some libc functions to oecorelibc equivalents, to avoid dependencies on - * sgx-lkl-musl in SGX-LKL kernel space. */ +/* Rewire some libc functions to oecorelibc equivalents, to avoid dependencies + * on sgx-lkl-musl in SGX-LKL kernel space. */ #include #include diff --git a/src/include/shared/timer_dev.h b/src/include/shared/timer_dev.h index 442486faf..79f0f9d66 100644 --- a/src/include/shared/timer_dev.h +++ b/src/include/shared/timer_dev.h @@ -15,7 +15,7 @@ struct timer_dev uint64_t version; /* - * The number of monotonic nanos that have passed outside of the + * The number of monotonic nanos that have passed outside of the * enclave since it was started up. nanos is used in enclave_timer.c to * update the internal clock for the passage of time. */ diff --git a/src/libjson/common/load_file.c b/src/libjson/common/load_file.c index 17cc9603f..31090b01b 100644 --- a/src/libjson/common/load_file.c +++ b/src/libjson/common/load_file.c @@ -1,8 +1,8 @@ #include "load_file.h" #include -#include #include +#include #include int json_load_file( diff --git a/src/libjson/jsonprint/main.c b/src/libjson/jsonprint/main.c index 9d30d4702..6be1e1b2c 100644 --- a/src/libjson/jsonprint/main.c +++ b/src/libjson/jsonprint/main.c @@ -27,12 +27,12 @@ **============================================================================== */ -#include -#include #include #include -#include +#include +#include #include +#include #include "../common/load_file.h" static void _write(void* stream, const void* buf, size_t count) @@ -42,8 +42,7 @@ static void _write(void* stream, const void* buf, size_t count) int main(int argc, char** argv) { - static json_allocator_t allocator = - { + static json_allocator_t allocator = { malloc, free, }; diff --git a/src/libjson/sample1/main.c b/src/libjson/sample1/main.c index d9a46ac48..ccfba81d5 100644 --- a/src/libjson/sample1/main.c +++ b/src/libjson/sample1/main.c @@ -29,18 +29,18 @@ #include "structs.h" -#include -#include +#include #include #include -#include -#include -#include -#include #include +#include +#include +#include +#include +#include -#include "strings.h" #include "../common/load_file.h" +#include "strings.h" const char* arg0; @@ -49,8 +49,7 @@ const char* arg0; typedef struct json_callback_data { header_t* hdr; -} -json_callback_data_t; +} json_callback_data_t; static int _strtou64(uint64_t* x, const char* str) { @@ -328,7 +327,8 @@ static json_result_t _json_read_callback( goto done; } } - else if (json_match(parser, "keyslots.#.area.encryption") == JSON_OK) + else if ( + json_match(parser, "keyslots.#.area.encryption") == JSON_OK) { uint64_t i = parser->path[1].number; @@ -463,7 +463,7 @@ static json_result_t _json_read_callback( luks2_segment_t* seg = &data->hdr->segments[i]; - if (strcmp(un->string , "dynamic") == 0) + if (strcmp(un->string, "dynamic") == 0) seg->size = (uint64_t)-1; else if (_strtou64(&seg->size, un->string) != 0) { @@ -522,7 +522,9 @@ static json_result_t _json_read_callback( goto done; } } - else if (json_match(parser, "segments.#.integrity.journal_encryption") == JSON_OK) + else if ( + json_match(parser, "segments.#.integrity.journal_encryption") == + JSON_OK) { uint64_t i = parser->path[1].number; @@ -548,7 +550,9 @@ static json_result_t _json_read_callback( goto done; } } - else if (json_match(parser, "segments.#.integrity.journal_integrity") == JSON_OK) + else if ( + json_match(parser, "segments.#.integrity.journal_integrity") == + JSON_OK) { uint64_t i = parser->path[1].number; @@ -767,9 +771,8 @@ static void _parse(const char* path) size_t size; json_result_t r; header_t header; - json_callback_data_t callback_data = { &header }; - static json_allocator_t allocator = - { + json_callback_data_t callback_data = {&header}; + static json_allocator_t allocator = { malloc, free, }; @@ -782,16 +785,16 @@ static void _parse(const char* path) exit(1); } - const json_parser_options_t options = { 1 }; + const json_parser_options_t options = {1}; if ((r = json_parser_init( - &parser, - data, - size, - _json_read_callback, - &callback_data, - &allocator, - &options)) != JSON_OK) + &parser, + data, + size, + _json_read_callback, + &callback_data, + &allocator, + &options)) != JSON_OK) { fprintf(stderr, "%s: json_parser_init() failed: %d\n", arg0, r); exit(1); diff --git a/src/libjson/sample1/structs.h b/src/libjson/sample1/structs.h index 92503348b..033bb9dbb 100644 --- a/src/libjson/sample1/structs.h +++ b/src/libjson/sample1/structs.h @@ -60,15 +60,13 @@ typedef struct luks2_keyslot uint64_t time; uint64_t memory; uint64_t cpus; - } - kdf; + } kdf; struct { char type[TYPE_SIZE]; char hash[HASH_SIZE]; uint64_t stripes; - } - af; + } af; struct { char type[TYPE_SIZE]; @@ -76,10 +74,8 @@ typedef struct luks2_keyslot uint64_t key_size; uint64_t offset; uint64_t size; - } - area; -} -luks2_keyslot_t; + } area; +} luks2_keyslot_t; typedef struct luks2_segment { @@ -107,10 +103,8 @@ typedef struct luks2_segment char type[TYPE_SIZE]; char journal_encryption[ENCRYPTION_SIZE]; char journal_integrity[TYPE_SIZE]; - } - integrity; -} -luks2_segment_t; + } integrity; +} luks2_segment_t; typedef struct luks2_digest { @@ -131,15 +125,13 @@ typedef struct luks2_digest char salt[SALT_SIZE]; uint8_t digest[DIGEST_SIZE]; -} -luks2_digest_t; +} luks2_digest_t; typedef struct luks2_config { uint64_t json_size; uint64_t keyslots_size; -} -luks2_config_t; +} luks2_config_t; typedef struct _header { @@ -147,7 +139,6 @@ typedef struct _header luks2_segment_t segments[NUM_SEGMENTS]; luks2_digest_t digests[NUM_DIGESTS]; luks2_config_t config; -} -header_t; +} header_t; #endif /* _JSONSAMPLE_STRUCTS_H */ diff --git a/src/libjson/sample2/main.c b/src/libjson/sample2/main.c index dbb2cab79..9a5ec385c 100644 --- a/src/libjson/sample2/main.c +++ b/src/libjson/sample2/main.c @@ -27,12 +27,12 @@ **============================================================================== */ -#include -#include #include #include -#include +#include +#include #include +#include #include "../common/load_file.h" const char* arg0; @@ -45,8 +45,7 @@ typedef struct _callback_data char* ptr; size_t size; FILE* stream; -} -callback_data_t; +} callback_data_t; static void _print_string(const char* str, callback_data_t* cd) { @@ -134,11 +133,10 @@ static json_result_t _callback( const json_union_t* un, void* cd_) { - callback_data_t* cd= (callback_data_t*)cd_; + callback_data_t* cd = (callback_data_t*)cd_; /* Print commas */ - if (reason != JSON_REASON_END_ARRAY && - reason != JSON_REASON_END_OBJECT && + if (reason != JSON_REASON_END_ARRAY && reason != JSON_REASON_END_OBJECT && cd->comma) { cd->comma = 0; @@ -146,8 +144,7 @@ static json_result_t _callback( } /* Decrease depth */ - if (reason == JSON_REASON_END_OBJECT || - reason == JSON_REASON_END_ARRAY) + if (reason == JSON_REASON_END_OBJECT || reason == JSON_REASON_END_ARRAY) { cd->depth--; } @@ -217,8 +214,7 @@ static json_result_t _callback( } /* Final newline */ - if (reason == JSON_REASON_END_OBJECT || - reason == JSON_REASON_END_ARRAY) + if (reason == JSON_REASON_END_OBJECT || reason == JSON_REASON_END_ARRAY) { if (cd->depth == 0) fprintf(cd->stream, "\n"); @@ -245,8 +241,7 @@ static void _parse(const char* path) size_t size; json_result_t r; callback_data_t cd; - static json_allocator_t allocator = - { + static json_allocator_t allocator = { malloc, free, }; @@ -267,10 +262,11 @@ static void _parse(const char* path) exit(1); } - const json_parser_options_t options = { 1 }; + const json_parser_options_t options = {1}; - if ((r = json_parser_init(&parser, data, size, _callback, - &cd, &allocator, &options)) != JSON_OK) + if ((r = json_parser_init( + &parser, data, size, _callback, &cd, &allocator, &options)) != + JSON_OK) { fprintf(stderr, "%s: json_parser_init() failed: %d\n", arg0, r); exit(1); diff --git a/src/sched/futex.c b/src/sched/futex.c index 460f6fdf0..88d9b3655 100644 --- a/src/sched/futex.c +++ b/src/sched/futex.c @@ -8,9 +8,9 @@ #include #include #include +#include "enclave/enclave_timer.h" #include "enclave/enclave_util.h" #include "enclave/sgxlkl_t.h" -#include "enclave/enclave_timer.h" /* stores all the futex_q's */ SLIST_HEAD(__futex_q_head, futex_q) @@ -48,7 +48,7 @@ static uint32_t to_futex_key(int* uaddr) /** * If a thread is being exited while blocked, remove it from the futex list. */ -void futex_dequeue(struct lthread *lt) +void futex_dequeue(struct lthread* lt) { struct futex_q *fq, *tmp; @@ -148,9 +148,7 @@ static void __do_futex_unlock(void* lock) ticket_unlock((struct ticketlock*)lock); } -static int __do_futex_sleep( - struct futex_q* fq, - const struct timespec* ts) +static int __do_futex_sleep(struct futex_q* fq, const struct timespec* ts) { FUTEX_SGXLKL_VERBOSE( "about to sleep in tid %d on key 0x%x\n", @@ -176,10 +174,7 @@ static int __do_futex_sleep( } /* a FUTEX_WAIT operation */ -static int futex_wait( - int* uaddr, - int val, - const struct timespec* ts) +static int futex_wait(int* uaddr, int val, const struct timespec* ts) { /* XXX (lkurusa): this should be an atomic read */ int r, rc; @@ -259,10 +254,7 @@ static int futex_wake(int* uaddr, unsigned int num) return w; } -int enclave_futex_timedwait( - int* uaddr, - int val, - const struct timespec* timeout) +int enclave_futex_timedwait(int* uaddr, int val, const struct timespec* timeout) { ticket_lock(&futex_q_lock); diff --git a/src/sched/lthread.c b/src/sched/lthread.c index 700f05151..840bef1d9 100644 --- a/src/sched/lthread.c +++ b/src/sched/lthread.c @@ -64,11 +64,11 @@ static int spawned_ethreads = 1; void init_ethread_tp() { - struct schedctx *td = __scheduler_self(); - td->self = td; - // Prevent collisions with lthread TIDs which are assigned to newly spawned - // lthreads incrementally, starting from one. - td->tid = INT_MAX - a_fetch_add(&spawned_ethreads, 1); + struct schedctx* td = __scheduler_self(); + td->self = td; + // Prevent collisions with lthread TIDs which are assigned to newly spawned + // lthreads incrementally, starting from one. + td->tid = INT_MAX - a_fetch_add(&spawned_ethreads, 1); } static inline int _lthread_sleep_cmp(struct lthread* l1, struct lthread* l2); @@ -350,7 +350,7 @@ void _lthread_free(struct lthread* lt) { if (lthread_self() != NULL) lthread_rundestructors(lt); - + // lthread only manages tls region for lkl kernel threads if (lt->attr.thread_type == LKL_KERNEL_THREAD && lt->itls != 0) { @@ -399,17 +399,17 @@ void _lthread_free(struct lthread* lt) lthread_dealloc(lt); } -static void init_tp(struct lthread *lt, unsigned char *mem, size_t sz) +static void init_tp(struct lthread* lt, unsigned char* mem, size_t sz) { - mem += sz - sizeof(struct lthread_tcb_base); - mem -= (uintptr_t)mem & (TLS_ALIGN - 1); - lt->tp = mem; - struct lthread_tcb_base *tcb = (struct lthread_tcb_base *)mem; - tcb->self = mem; + mem += sz - sizeof(struct lthread_tcb_base); + mem -= (uintptr_t)mem & (TLS_ALIGN - 1); + lt->tp = mem; + struct lthread_tcb_base* tcb = (struct lthread_tcb_base*)mem; + tcb->self = mem; } -static void set_fsbase(void* tp){ - +static void set_fsbase(void* tp) +{ if (!sgxlkl_in_sw_debug_mode()) { __asm__ volatile("wrfsbase %0" ::"r"(tp)); @@ -417,17 +417,15 @@ static void set_fsbase(void* tp){ else { int res; - __asm__ volatile( - "mov %1, %%rsi\n\t" - "movl $0x1002, %%edi\n\t" /* SET_FS register */ - "movl $158, %%eax\n\t" /* set fs segment to */ - "syscall" /* arch_prctl(SET_FS, arg)*/ - : "=a" (res) - : "r" (tp) - ); + __asm__ volatile("mov %1, %%rsi\n\t" + "movl $0x1002, %%edi\n\t" /* SET_FS register */ + "movl $158, %%eax\n\t" /* set fs segment to */ + "syscall" /* arch_prctl(SET_FS, arg)*/ + : "=a"(res) + : "r"(tp)); if (res < 0) { - sgxlkl_fail( "Could not set thread area %p\n", tp); + sgxlkl_fail("Could not set thread area %p\n", tp); } } } @@ -485,10 +483,12 @@ int _lthread_resume(struct lthread* lt) // tls region on context switches, check if the fs has changed and // update the lthread's thread pointer field accordingly. if (sched->current_lthread->tid == 1 && - (sched->current_lthread)->attr.thread_type == LKL_KERNEL_THREAD){ + (sched->current_lthread)->attr.thread_type == LKL_KERNEL_THREAD) + { void* fs_ptr; __asm__ __volatile__("mov %%fs:0,%0" : "=r"(fs_ptr)); - if (fs_ptr != sched->current_lthread->tp){ + if (fs_ptr != sched->current_lthread->tp) + { sched->current_lthread->tp = fs_ptr; } } @@ -562,8 +562,7 @@ int _lthread_sched_init(size_t stack_size) sched->default_timeout = 3000000u; - oe_memset_s( - &sched->ctx, sizeof(struct cpu_ctx), 0, sizeof(struct cpu_ctx)); + oe_memset_s(&sched->ctx, sizeof(struct cpu_ctx), 0, sizeof(struct cpu_ctx)); return (0); } @@ -582,11 +581,11 @@ int lthread_create_primitive( } // For USERSPACE_THREADS created via clone(), lthread doesn't manage the - // tls region(stored in lt->itls, not be confused by lt->tls, which is similar - // to key based tsd in pthreads) - // Also for these threads, the tls pointer passed to this function is the - // pointer to the thread's control block. So we save it here in lt->tp for - // setting up fsbase on a context switch. + // tls region(stored in lt->itls, not be confused by lt->tls, which is + // similar to key based tsd in pthreads) Also for these threads, the tls + // pointer passed to this function is the pointer to the thread's control + // block. So we save it here in lt->tp for setting up fsbase on a context + // switch. size_t* tp = tls; SGXLKL_ASSERT(tp[0] == (size_t)tls); // check if tls self pointer is set lt->tp = tls; @@ -672,11 +671,11 @@ int lthread_create( // closest multiple of TLS_ALIGN > sizeof(struct lthread_tcb_base) lt->itlssz = (sizeof(struct lthread_tcb_base) + TLS_ALIGN - 1) & -TLS_ALIGN; if ((lt->itls = (uint8_t*)enclave_mmap( - 0, - lt->itlssz, - 0, /* map_fixed */ - PROT_READ | PROT_WRITE, - 1 /* zero_pages */)) == MAP_FAILED) + 0, + lt->itlssz, + 0, /* map_fixed */ + PROT_READ | PROT_WRITE, + 1 /* zero_pages */)) == MAP_FAILED) { oe_free(lt); return -1; diff --git a/src/vicsetup/libvicsetup/blockdev.c b/src/vicsetup/libvicsetup/blockdev.c index a360fb9fc..e4a778fe6 100644 --- a/src/vicsetup/libvicsetup/blockdev.c +++ b/src/vicsetup/libvicsetup/blockdev.c @@ -1,14 +1,14 @@ -#include -#include #include -#include +#include +#include #include -#include #include -#include +#include +#include +#include -#include "strings.h" #include "raise.h" +#include "strings.h" /* A magic number for blockdev_t.magic used to verify valid blockdev structs */ #define MAGIC 0xf3fcef718ce744bd @@ -28,8 +28,7 @@ typedef struct _blockdev uint32_t flags; int open_flags; /* flags passed to open() */ int fd; -} -blockdev_t; +} blockdev_t; static bool _is_power_of_two(size_t x) { @@ -168,9 +167,7 @@ static vic_result_t _bd_set_size(vic_blockdev_t* bd_, size_t size) return result; } -static vic_result_t _bd_get_path( - const vic_blockdev_t* bd_, - char path[PATH_MAX]) +static vic_result_t _bd_get_path(const vic_blockdev_t* bd_, char path[PATH_MAX]) { vic_result_t result = VIC_OK; const blockdev_t* bd = (const blockdev_t*)bd_; @@ -217,9 +214,7 @@ static vic_result_t _bd_get_size(const vic_blockdev_t* bd_, size_t* size) return result; } -static vic_result_t _bd_set_block_size( - vic_blockdev_t* bd_, - size_t block_size) +static vic_result_t _bd_set_block_size(vic_blockdev_t* bd_, size_t block_size) { vic_result_t result = VIC_OK; blockdev_t* bd = (blockdev_t*)bd_; @@ -275,7 +270,8 @@ static vic_result_t _bd_get( if (!blocks) RAISE(VIC_BAD_PARAMETER); - off = (blkno * bd->block_size) + bd->offset;; + off = (blkno * bd->block_size) + bd->offset; + ; size = nblocks * bd->block_size; if (off + size > bd->size) @@ -308,7 +304,8 @@ static vic_result_t _bd_put( if (!blocks) RAISE(VIC_BAD_PARAMETER); - off = (blkno * bd->block_size) + bd->offset;; + off = (blkno * bd->block_size) + bd->offset; + ; size = nblocks * bd->block_size; if (!(bd->flags & VIC_CREATE) && (off + size) > bd->size) @@ -501,9 +498,7 @@ vic_result_t vic_blockdev_get_block_size( return result; } -vic_result_t vic_blockdev_set_block_size( - vic_blockdev_t* bd, - size_t block_size) +vic_result_t vic_blockdev_set_block_size(vic_blockdev_t* bd, size_t block_size) { vic_result_t result = VIC_OK; @@ -516,9 +511,7 @@ vic_result_t vic_blockdev_set_block_size( return result; } -vic_result_t vic_blockdev_get_size( - const vic_blockdev_t* bd, - size_t* size) +vic_result_t vic_blockdev_get_size(const vic_blockdev_t* bd, size_t* size) { vic_result_t result = VIC_OK; @@ -531,9 +524,7 @@ vic_result_t vic_blockdev_get_size( return result; } -vic_result_t vic_blockdev_get_num_blocks( - vic_blockdev_t* bd, - size_t* num_blocks) +vic_result_t vic_blockdev_get_num_blocks(vic_blockdev_t* bd, size_t* num_blocks) { vic_result_t result = VIC_OK; diff --git a/src/vicsetup/libvicsetup/byteorder.h b/src/vicsetup/libvicsetup/byteorder.h index 0a2e7b7ce..5cf88fadc 100644 --- a/src/vicsetup/libvicsetup/byteorder.h +++ b/src/vicsetup/libvicsetup/byteorder.h @@ -1,13 +1,13 @@ #ifndef _VIC_BYTEORDER_H #define _VIC_BYTEORDER_H -#include #include +#include #if defined(__i386) || defined(__x86_64) -# define vic_is_big_endian() false +#define vic_is_big_endian() false #else -# error "unsupported" +#error "unsupported" #endif static __inline__ uint64_t vic_swap_u64(uint64_t x) @@ -18,15 +18,14 @@ static __inline__ uint64_t vic_swap_u64(uint64_t x) } else { - return - ((uint64_t)((x & 0xFF) << 56)) | - ((uint64_t)((x & 0xFF00) << 40)) | - ((uint64_t)((x & 0xFF0000) << 24)) | - ((uint64_t)((x & 0xFF000000) << 8)) | - ((uint64_t)((x & 0xFF00000000) >> 8)) | - ((uint64_t)((x & 0xFF0000000000) >> 24)) | - ((uint64_t)((x & 0xFF000000000000) >> 40)) | - ((uint64_t)((x & 0xFF00000000000000) >> 56)); + return ((uint64_t)((x & 0xFF) << 56)) | + ((uint64_t)((x & 0xFF00) << 40)) | + ((uint64_t)((x & 0xFF0000) << 24)) | + ((uint64_t)((x & 0xFF000000) << 8)) | + ((uint64_t)((x & 0xFF00000000) >> 8)) | + ((uint64_t)((x & 0xFF0000000000) >> 24)) | + ((uint64_t)((x & 0xFF000000000000) >> 40)) | + ((uint64_t)((x & 0xFF00000000000000) >> 56)); } } @@ -38,11 +37,10 @@ static __inline__ uint32_t vic_swap_u32(uint32_t x) } else { - return - ((uint32_t)((x & 0x000000FF) << 24)) | - ((uint32_t)((x & 0x0000FF00) << 8)) | - ((uint32_t)((x & 0x00FF0000) >> 8)) | - ((uint32_t)((x & 0xFF000000) >> 24)); + return ((uint32_t)((x & 0x000000FF) << 24)) | + ((uint32_t)((x & 0x0000FF00) << 8)) | + ((uint32_t)((x & 0x00FF0000) >> 8)) | + ((uint32_t)((x & 0xFF000000) >> 24)); } } @@ -54,9 +52,7 @@ static __inline__ int16_t vic_swap_u16(int16_t x) } else { - return - ((int16_t)((x & 0x00FF) << 8)) | - ((int16_t)((x & 0xFF00) >> 8)); + return ((int16_t)((x & 0x00FF) << 8)) | ((int16_t)((x & 0xFF00) >> 8)); } } diff --git a/src/vicsetup/libvicsetup/crypto.c b/src/vicsetup/libvicsetup/crypto.c index de52202ca..ea830ca9c 100644 --- a/src/vicsetup/libvicsetup/crypto.c +++ b/src/vicsetup/libvicsetup/crypto.c @@ -1,24 +1,24 @@ -#include -#include #include #include +#include +#include -#include #include +#include #include +#include +#include +#include #include #include #include -#include -#include -#include #include #include -#include "crypto.h" -#include "hash.h" #include "byteorder.h" +#include "crypto.h" #include "goto.h" +#include "hash.h" #include "hexdump.h" static mbedtls_ctr_drbg_context _drbg; @@ -108,14 +108,14 @@ int vic_pbkdf2( GOTO(done); if (mbedtls_pkcs5_pbkdf2_hmac( - &ctx, - password, - password_size, - salt, - salt_size, - iterations, - key_size, - key) != 0) + &ctx, + password, + password_size, + salt, + salt_size, + iterations, + key_size, + key) != 0) { GOTO(done); } @@ -249,8 +249,7 @@ int vic_argon2i( { int ret = -1; int r; - argon2_context context = - { + argon2_context context = { .flags = ARGON2_DEFAULT_FLAGS, .version = ARGON2_VERSION_NUMBER, .t_cost = (uint32_t)time, @@ -295,8 +294,7 @@ int vic_argon2id( { int ret = -1; int r; - argon2_context context = - { + argon2_context context = { .flags = ARGON2_DEFAULT_FLAGS, .version = ARGON2_VERSION_NUMBER, .t_cost = (uint32_t)time, @@ -372,7 +370,7 @@ int vic_afsplit( vic_random(split_key, key_size * stripes); if (_gen_split_material( - hash_spec, split_key, prev.buf, key_size, stripes) != 0) + hash_spec, split_key, prev.buf, key_size, stripes) != 0) { GOTO(done); } diff --git a/src/vicsetup/libvicsetup/crypto.h b/src/vicsetup/libvicsetup/crypto.h index 6170ab41c..2b8470de8 100644 --- a/src/vicsetup/libvicsetup/crypto.h +++ b/src/vicsetup/libvicsetup/crypto.h @@ -1,8 +1,8 @@ #ifndef _VIC_CRYPTO_H #define _VIC_CRYPTO_H -#include #include +#include #include "vic.h" diff --git a/src/vicsetup/libvicsetup/defs.h b/src/vicsetup/libvicsetup/defs.h index 3e9af154e..544252744 100644 --- a/src/vicsetup/libvicsetup/defs.h +++ b/src/vicsetup/libvicsetup/defs.h @@ -16,16 +16,16 @@ #define VIC_CONCAT(X, Y) __LUKS_CONCAT(X, Y) #define VIC_STATIC_ASSERT(COND) \ - typedef char VIC_CONCAT(__vic_static_assert, __LINE__)[(COND) ? 1 : -1] \ - VIC_UNUSED + typedef char VIC_CONCAT( \ + __vic_static_assert, __LINE__)[(COND) ? 1 : -1] VIC_UNUSED -#define VIC_CHECK_FIELD(T1, T2, F) \ +#define VIC_CHECK_FIELD(T1, T2, F) \ VIC_STATIC_ASSERT(VIC_OFFSETOF(T1, F) == VIC_OFFSETOF(T2, F)); \ VIC_STATIC_ASSERT(sizeof(((T1*)0)->F) == sizeof(((T2*)0)->F)); #define VIC_PRINTF_FORMAT(N, M) __attribute__((format(printf, N, M))) -#define VIC_STRLIT(STR) STR, sizeof(STR)-1 +#define VIC_STRLIT(STR) STR, sizeof(STR) - 1 #define VIC_PACK_BEGIN _Pragma("pack(push, 1)") #define VIC_PACK_END _Pragma("pack(pop)") diff --git a/src/vicsetup/libvicsetup/dm.c b/src/vicsetup/libvicsetup/dm.c index 8da22b5a8..81aa07cb1 100644 --- a/src/vicsetup/libvicsetup/dm.c +++ b/src/vicsetup/libvicsetup/dm.c @@ -1,20 +1,20 @@ +#include #include #include -#include -#include -#include #include #include +#include +#include #include "dm.h" -#include "vic.h" +#include "hexdump.h" +#include "integrity.h" +#include "loop.h" #include "raise.h" #include "strings.h" -#include "loop.h" -#include "integrity.h" -#include "hexdump.h" #include "trace.h" #include "uuid.h" +#include "vic.h" #define DM_UUID_LEN 129 @@ -46,8 +46,17 @@ static vic_result_t _format_dev_uuid( if (n != 5) RAISE(VIC_BAD_UUID); - n = snprintf(dev_uuid, DM_UUID_LEN, "%s-%08x%04x%04x%04x%012lx-%s", - prefix, x1, x2, x3, x4, x5, dm_name); + n = snprintf( + dev_uuid, + DM_UUID_LEN, + "%s-%08x%04x%04x%04x%012lx-%s", + prefix, + x1, + x2, + x3, + x4, + x5, + dm_name); if (n >= DM_UUID_LEN) RAISE(VIC_BUFFER_TOO_SMALL); @@ -127,10 +136,15 @@ vic_result_t vic_dm_create_crypt( if (strcmp(cipher, "aes-xts-plain64") != 0) RAISE(VIC_UNSUPPORTED_CIPHER); - snprintf(capi, sizeof(capi), - "capi:authenc(%s,xts(aes))-plain64", integrity); + snprintf( + capi, + sizeof(capi), + "capi:authenc(%s,xts(aes))-plain64", + integrity); - n = snprintf(params, sizeof(params), + n = snprintf( + params, + sizeof(params), "%s %s %lu %s %lu 1 integrity:%lu:aead", capi, hexkey, @@ -141,7 +155,9 @@ vic_result_t vic_dm_create_crypt( } else { - n = snprintf(params, sizeof(params), + n = snprintf( + params, + sizeof(params), "%s %s %lu %s %lu", cipher, hexkey, @@ -174,8 +190,12 @@ vic_result_t vic_dm_create_crypt( #ifdef TRACE_TARGET printf("DM-NAME: %s\n", name); - printf("TARGET: start{%lu} size{%lu} target{%s} params{%s}\n", - start, size, "crypt", params); + printf( + "TARGET: start{%lu} size{%lu} target{%s} params{%s}\n", + start, + size, + "crypt", + params); #endif /* Set the target */ @@ -300,8 +320,12 @@ vic_result_t vic_dm_create_integrity( #ifdef TRACE_TARGET printf("DM-NAME: %s\n", name); - printf("TARGET: start{%lu} size{%lu} target{%s} params{%s}\n", - start, size, "integrity", params); + printf( + "TARGET: start{%lu} size{%lu} target{%s} params{%s}\n", + start, + size, + "integrity", + params); #endif /* Set the target */ @@ -448,8 +472,12 @@ vic_result_t vic_dm_create_verity( #ifdef TRACE_TARGET printf("DM-NAME: %s\n", dm_name); - printf("TARGET: start{%lu} size{%lu} target{%s} params{%s}\n", - start, size, target, params); + printf( + "TARGET: start{%lu} size{%lu} target{%s} params{%s}\n", + start, + size, + target, + params); #endif /* Set the target */ diff --git a/src/vicsetup/libvicsetup/dm.h b/src/vicsetup/libvicsetup/dm.h index 18eb4cd71..0b80cc19d 100644 --- a/src/vicsetup/libvicsetup/dm.h +++ b/src/vicsetup/libvicsetup/dm.h @@ -5,18 +5,18 @@ #include "vic.h" vic_result_t vic_dm_create_crypt( - const char* prefix, /* prefix for the uuid (e.g., "CRYPT-LUKS2") */ - const char* name, /* /dev/mapper name */ - const char* device, /* device name: example: /dev/loop0 */ - const char* uuid, /* LUKS UUID */ - uint64_t start, /* the starting sector number */ - uint64_t size, /* the number of payload sectors */ - const char* integrity, /* integrity type (or empty) */ - const char* cipher, /* cipher name */ - const uint8_t* key, /* the LUKS master key */ - uint64_t key_bytes, /* length of the LUKS master key */ - uint64_t iv_offset, /* offset to initialization vector */ - uint64_t offset); /* offset to encrypted data (payload) */ + const char* prefix, /* prefix for the uuid (e.g., "CRYPT-LUKS2") */ + const char* name, /* /dev/mapper name */ + const char* device, /* device name: example: /dev/loop0 */ + const char* uuid, /* LUKS UUID */ + uint64_t start, /* the starting sector number */ + uint64_t size, /* the number of payload sectors */ + const char* integrity, /* integrity type (or empty) */ + const char* cipher, /* cipher name */ + const uint8_t* key, /* the LUKS master key */ + uint64_t key_bytes, /* length of the LUKS master key */ + uint64_t iv_offset, /* offset to initialization vector */ + uint64_t offset); /* offset to encrypted data (payload) */ vic_result_t vic_dm_create_integrity( const char* name, diff --git a/src/vicsetup/libvicsetup/eraise.h b/src/vicsetup/libvicsetup/eraise.h index 8f588aed3..e1e8eb2b5 100644 --- a/src/vicsetup/libvicsetup/eraise.h +++ b/src/vicsetup/libvicsetup/eraise.h @@ -1,8 +1,8 @@ #ifndef _VIC_ERAISE_H #define _VIC_ERAISE_H -#include #include +#include #include #include #include "trace.h" @@ -14,8 +14,7 @@ __eraise(__FILE__, __LINE__, __FUNCTION__, ret); \ fflush(stdout); \ goto done; \ - } \ - while (0) + } while (0) #define ECHECK(ERRNUM) \ do \ @@ -27,8 +26,7 @@ __eraise(__FILE__, __LINE__, __FUNCTION__, ret); \ goto done; \ } \ - } \ - while (0) + } while (0) static __inline__ void __eraise( const char* file, diff --git a/src/vicsetup/libvicsetup/goto.h b/src/vicsetup/libvicsetup/goto.h index be66597fd..55d63a826 100644 --- a/src/vicsetup/libvicsetup/goto.h +++ b/src/vicsetup/libvicsetup/goto.h @@ -1,11 +1,11 @@ #ifndef _VIC_GOTO_H #define _VIC_GOTO_H -#include #include +#include -#include "vic.h" #include "trace.h" +#include "vic.h" #define GOTO(LABEL) \ do \ @@ -13,13 +13,9 @@ __goto(__FILE__, __LINE__, __FUNCTION__); \ fflush(stdout); \ goto LABEL; \ - } \ - while (0) + } while (0) -static __inline__ void __goto( - const char* file, - uint32_t line, - const char* func) +static __inline__ void __goto(const char* file, uint32_t line, const char* func) { __vic_trace(VIC_TRACE_ERROR, file, line, func, "GOTO"); } diff --git a/src/vicsetup/libvicsetup/hash.c b/src/vicsetup/libvicsetup/hash.c index cbe6f3a56..c0ce507b7 100644 --- a/src/vicsetup/libvicsetup/hash.c +++ b/src/vicsetup/libvicsetup/hash.c @@ -1,12 +1,12 @@ +#include #include #include #include -#include #include #include -#include "hash.h" #include "defs.h" +#include "hash.h" /* The OE version of mbedtls does not include ripemd160 */ // #define HAVE_RIPEMD160 diff --git a/src/vicsetup/libvicsetup/hash.h b/src/vicsetup/libvicsetup/hash.h index 5c2577419..04be9fecb 100644 --- a/src/vicsetup/libvicsetup/hash.h +++ b/src/vicsetup/libvicsetup/hash.h @@ -1,11 +1,11 @@ #ifndef _VIC_HASH_H #define _VIC_HASH_H -#include #include +#include #include -#include "vec.h" #include "defs.h" +#include "vec.h" #define VIC_HASH_SPEC_SHA1 "sha1" #define VIC_HASH_SPEC_SHA256 "sha256" @@ -25,29 +25,24 @@ typedef enum vic_hash_type VIC_HASH_SHA256, VIC_HASH_SHA512, VIC_HASH_RIPEMD160, -} -vic_hash_type_t; +} vic_hash_type_t; typedef struct vic_hash_ctx { vic_hash_type_t type; uint64_t impl[32]; -} -vic_hash_ctx_t; +} vic_hash_ctx_t; typedef struct _vic_hash { - union - { + union { uint8_t sha1[VIC_SHA1_SIZE]; uint8_t sha256[VIC_SHA256_SIZE]; uint8_t sha512[VIC_SHA512_SIZE]; uint8_t ripemd160[VIC_RIPE160_SIZE]; uint8_t buf[VIC_MAX_HASH_SIZE]; - } - u; -} -vic_hash_t; + } u; +} vic_hash_t; int vic_hash_init(vic_hash_ctx_t* ctx, vic_hash_type_t type); @@ -71,7 +66,7 @@ VIC_INLINE int vic_hash1( size_t n, vic_hash_t* hash) { - vic_vec_t vec[] = { { (void*)s, n } }; + vic_vec_t vec[] = {{(void*)s, n}}; return vic_hashv(type, vec, VIC_COUNTOF(vec), hash); } @@ -83,7 +78,7 @@ VIC_INLINE int vic_hash2( size_t n2, vic_hash_t* hash) { - vic_vec_t vec[] = { { (void*)s1, n1 }, { (void*)s2, n2} }; + vic_vec_t vec[] = {{(void*)s1, n1}, {(void*)s2, n2}}; return vic_hashv(type, vec, VIC_COUNTOF(vec), hash); } diff --git a/src/vicsetup/libvicsetup/hexdump.c b/src/vicsetup/libvicsetup/hexdump.c index e419c0e46..51e28d17d 100644 --- a/src/vicsetup/libvicsetup/hexdump.c +++ b/src/vicsetup/libvicsetup/hexdump.c @@ -1,6 +1,6 @@ #include -#include #include +#include #include "hexdump.h" #include "raise.h" @@ -21,7 +21,7 @@ void vic_hexdump( const uint8_t* p = (const uint8_t*)data; static const uint8_t _zeros[16]; - for (size_t i = 0; i < size; ) + for (size_t i = 0; i < size;) { /* If starting a new row */ if ((i % 16) == 0) @@ -40,8 +40,7 @@ void vic_hexdump( { i += 16; r = size - i; - } - while (r >= 16 && memcmp(&p[i], _zeros, sizeof(_zeros)) == 0); + } while (r >= 16 && memcmp(&p[i], _zeros, sizeof(_zeros)) == 0); if (r != 0) { diff --git a/src/vicsetup/libvicsetup/hexdump.h b/src/vicsetup/libvicsetup/hexdump.h index 2e82d84e2..9d64ca648 100644 --- a/src/vicsetup/libvicsetup/hexdump.h +++ b/src/vicsetup/libvicsetup/hexdump.h @@ -1,9 +1,9 @@ #ifndef _VIC_HEXDUMP_H #define _VIC_HEXDUMP_H -#include -#include #include +#include +#include #include "vic.h" diff --git a/src/vicsetup/libvicsetup/include/libcryptsetup.h b/src/vicsetup/libvicsetup/include/libcryptsetup.h index b5b137b83..65f9d2025 100644 --- a/src/vicsetup/libvicsetup/include/libcryptsetup.h +++ b/src/vicsetup/libvicsetup/include/libcryptsetup.h @@ -54,7 +54,6 @@ struct crypt_device; - struct crypt_params_luks1 { const char* hash; diff --git a/src/vicsetup/libvicsetup/include/vic.h b/src/vicsetup/libvicsetup/include/vic.h index e206e104c..6f62e2a0a 100644 --- a/src/vicsetup/libvicsetup/include/vic.h +++ b/src/vicsetup/libvicsetup/include/vic.h @@ -1,10 +1,10 @@ #ifndef _VIC_H #define _VIC_H -#include -#include -#include #include +#include +#include +#include /* **============================================================================== @@ -74,8 +74,7 @@ typedef enum _vic_result VIC_BAD_FLAGS, VIC_BAD_PBKDF_TYPE, VIC_BAD_INTEGRITY_TYPE, -} -vic_result_t; +} vic_result_t; /* **============================================================================== @@ -89,43 +88,27 @@ typedef struct _vic_blockdev vic_blockdev_t; typedef struct _vic_blockdev { - vic_result_t (*bd_partial_close)( - vic_blockdev_t* dev); + vic_result_t (*bd_partial_close)(vic_blockdev_t* dev); - vic_result_t (*bd_reopen)( - vic_blockdev_t* dev); + vic_result_t (*bd_reopen)(vic_blockdev_t* dev); - vic_result_t (*bd_set_size)( - vic_blockdev_t* dev, - size_t size); + vic_result_t (*bd_set_size)(vic_blockdev_t* dev, size_t size); - vic_result_t (*bd_set_offset)( - vic_blockdev_t* dev, - size_t offset); + vic_result_t (*bd_set_offset)(vic_blockdev_t* dev, size_t offset); - vic_result_t (*bd_get_offset)( - vic_blockdev_t* dev, - size_t* offset); + vic_result_t (*bd_get_offset)(vic_blockdev_t* dev, size_t* offset); - vic_result_t (*bd_get_path)( - const vic_blockdev_t* dev, - char path[PATH_MAX]); + vic_result_t (*bd_get_path)(const vic_blockdev_t* dev, char path[PATH_MAX]); - vic_result_t (*bd_get_block_size)( - const vic_blockdev_t* dev, - size_t* block_size); + vic_result_t ( + *bd_get_block_size)(const vic_blockdev_t* dev, size_t* block_size); - vic_result_t (*bd_set_block_size)( - vic_blockdev_t* dev, - size_t block_size); + vic_result_t (*bd_set_block_size)(vic_blockdev_t* dev, size_t block_size); - vic_result_t (*bd_get_size)( - const vic_blockdev_t* dev, - size_t* size); + vic_result_t (*bd_get_size)(const vic_blockdev_t* dev, size_t* size); - vic_result_t (*bd_get_num_blocks)( - const vic_blockdev_t* dev, - size_t* num_blocks); + vic_result_t ( + *bd_get_num_blocks)(const vic_blockdev_t* dev, size_t* num_blocks); vic_result_t (*bd_get)( vic_blockdev_t* dev, @@ -139,20 +122,17 @@ typedef struct _vic_blockdev const void* blocks, size_t nblocks); - vic_result_t (*bd_same)( - vic_blockdev_t* bd1, - vic_blockdev_t* bd2, - bool* same); + vic_result_t ( + *bd_same)(vic_blockdev_t* bd1, vic_blockdev_t* bd2, bool* same); vic_result_t (*bd_close)(vic_blockdev_t* dev); -} -vic_blockdev_t; +} vic_blockdev_t; #define VIC_RDONLY 1 #define VIC_WRONLY 2 -#define VIC_RDWR 4 +#define VIC_RDWR 4 #define VIC_CREATE 8 -#define VIC_TRUNC 16 +#define VIC_TRUNC 16 vic_result_t vic_blockdev_open( const char* path, @@ -160,17 +140,11 @@ vic_result_t vic_blockdev_open( size_t block_size, /* defaults to 512 if zero */ vic_blockdev_t** dev); -vic_result_t vic_blockdev_set_size( - vic_blockdev_t* dev, - size_t size); +vic_result_t vic_blockdev_set_size(vic_blockdev_t* dev, size_t size); -vic_result_t vic_blockdev_set_offset( - vic_blockdev_t* dev, - size_t offset); +vic_result_t vic_blockdev_set_offset(vic_blockdev_t* dev, size_t offset); -vic_result_t vic_blockdev_get_offset( - vic_blockdev_t* dev, - size_t* offset); +vic_result_t vic_blockdev_get_offset(vic_blockdev_t* dev, size_t* offset); vic_result_t vic_blockdev_get_path( const vic_blockdev_t* dev, @@ -184,9 +158,7 @@ vic_result_t vic_blockdev_set_block_size( vic_blockdev_t* dev, size_t block_size); -vic_result_t vic_blockdev_get_size( - const vic_blockdev_t* dev, - size_t* size); +vic_result_t vic_blockdev_get_size(const vic_blockdev_t* dev, size_t* size); vic_result_t vic_blockdev_get_num_blocks( vic_blockdev_t* dev, @@ -229,8 +201,7 @@ typedef struct vic_key { /* 1024 bits */ uint8_t buf[128]; -} -vic_key_t; +} vic_key_t; /* **============================================================================== @@ -244,16 +215,14 @@ typedef enum vic_luks_version { LUKS_VERSION_1 = 1, LUKS_VERSION_2 = 2, -} -vic_luks_version_t; +} vic_luks_version_t; typedef struct _vic_luks_stat { vic_luks_version_t version; size_t payload_offset; size_t payload_size; -} -vic_luks_stat_t; +} vic_luks_stat_t; const char* vic_result_string(vic_result_t result); @@ -292,8 +261,7 @@ typedef struct vic_kdf uint64_t time; uint64_t memory; uint64_t cpus; -} -vic_kdf_t; +} vic_kdf_t; vic_result_t vic_luks_add_key( vic_blockdev_t* device, diff --git a/src/vicsetup/libvicsetup/integrity.c b/src/vicsetup/libvicsetup/integrity.c index 21d766255..48c166770 100644 --- a/src/vicsetup/libvicsetup/integrity.c +++ b/src/vicsetup/libvicsetup/integrity.c @@ -1,15 +1,15 @@ #include #include +#include "hexdump.h" #include "integrity.h" #include "raise.h" -#include "hexdump.h" // Layout: SB | JOURNAL | [ DATA | TAGS ]* // // SB is padded out to 4096 -static uint8_t _magic[8] = { 'i', 'n', 't', 'e', 'g', 'r', 't', '\0' }; +static uint8_t _magic[8] = {'i', 'n', 't', 'e', 'g', 'r', 't', '\0'}; static uint64_t _inverse_log2(uint8_t log) { @@ -52,21 +52,32 @@ vic_result_t vic_integrity_dump_sb(const vic_integrity_sb_t* sb) printf("vic_luks_integrity_sb\n"); printf("{\n"); - printf(" magic=%s (%02x %02x %02x %02x %02x %02x %02x %02x)\n", sb->magic, - sb->magic[0], sb->magic[1], sb->magic[2], sb->magic[3], - sb->magic[4], sb->magic[5], sb->magic[6], sb->magic[7]); + printf( + " magic=%s (%02x %02x %02x %02x %02x %02x %02x %02x)\n", + sb->magic, + sb->magic[0], + sb->magic[1], + sb->magic[2], + sb->magic[3], + sb->magic[4], + sb->magic[5], + sb->magic[6], + sb->magic[7]); printf(" version=%u\n", sb->version); - printf(" log2_interleave_sectors=%u (%lu)\n", + printf( + " log2_interleave_sectors=%u (%lu)\n", sb->log2_interleave_sectors, _inverse_log2(sb->log2_interleave_sectors)); printf(" integrity_tag_size=%u\n", sb->integrity_tag_size); printf(" journal_sections=%u\n", sb->journal_sections); printf(" provided_data_sectors=%lu\n", sb->provided_data_sectors); printf(" flags=%u\n", sb->flags); - printf(" log2_sectors_per_block=%u (%lu)\n", + printf( + " log2_sectors_per_block=%u (%lu)\n", sb->log2_sectors_per_block, _inverse_log2(sb->log2_sectors_per_block)); - printf(" log2_blocks_per_bitmap_bit=%u (%lu)\n", + printf( + " log2_blocks_per_bitmap_bit=%u (%lu)\n", sb->log2_blocks_per_bitmap_bit, _inverse_log2(sb->log2_blocks_per_bitmap_bit)); printf(" recalc_sector=%lu\n", sb->recalc_sector); diff --git a/src/vicsetup/libvicsetup/integrity.h b/src/vicsetup/libvicsetup/integrity.h index 98a0278d4..e17d261e6 100644 --- a/src/vicsetup/libvicsetup/integrity.h +++ b/src/vicsetup/libvicsetup/integrity.h @@ -8,39 +8,38 @@ VIC_PACK_BEGIN typedef struct _vic_integrity_sb { - /* "integrt" */ - uint8_t magic[8]; + /* "integrt" */ + uint8_t magic[8]; - /* superblock version, 1,2 or 3 */ - uint8_t version; + /* superblock version, 1,2 or 3 */ + uint8_t version; - /* interleave sectors */ - int8_t log2_interleave_sectors; + /* interleave sectors */ + int8_t log2_interleave_sectors; - /* tag size per-sector */ - uint16_t integrity_tag_size; + /* tag size per-sector */ + uint16_t integrity_tag_size; - /* size of journal */ - uint32_t journal_sections; + /* size of journal */ + uint32_t journal_sections; - /* available size for data */ - uint64_t provided_data_sectors; + /* available size for data */ + uint64_t provided_data_sectors; - /* flags */ - uint32_t flags; + /* flags */ + uint32_t flags; - /* presented block (sector) size */ - uint8_t log2_sectors_per_block; + /* presented block (sector) size */ + uint8_t log2_sectors_per_block; - /* blocks per bitmap, V3 superblock only */ - uint8_t log2_blocks_per_bitmap_bit; + /* blocks per bitmap, V3 superblock only */ + uint8_t log2_blocks_per_bitmap_bit; - uint8_t pad[2]; + uint8_t pad[2]; - /* current recalculate sector, V2 superblock only */ - uint64_t recalc_sector; -} -vic_integrity_sb_t; + /* current recalculate sector, V2 superblock only */ + uint64_t recalc_sector; +} vic_integrity_sb_t; VIC_PACK_END vic_result_t vic_integrity_read_sb( diff --git a/src/vicsetup/libvicsetup/libcryptsetup.c b/src/vicsetup/libvicsetup/libcryptsetup.c index c2651dd05..b56b35119 100644 --- a/src/vicsetup/libvicsetup/libcryptsetup.c +++ b/src/vicsetup/libvicsetup/libcryptsetup.c @@ -1,20 +1,20 @@ +#include #include -#include #include -#include +#include #include #include -#include #include +#include +#include "crypto.h" #include "eraise.h" +#include "integrity.h" #include "luks1.h" #include "luks2.h" -#include "integrity.h" #include "strings.h" -#include "crypto.h" -#include "verity.h" #include "trace.h" +#include "verity.h" #define MAGIC 0xa8ea23c6 @@ -45,8 +45,7 @@ struct crypt_device struct { luks1_hdr_t* hdr; - } - luks1; + } luks1; struct { char cipher[LUKS2_ENCRYPTION_SIZE]; @@ -54,13 +53,11 @@ struct crypt_device char pbkdf_type_buf[32]; char pbkdf_hash_buf[VIC_MAX_HASH_SIZE]; luks2_hdr_t* hdr; - } - luks2; + } luks2; struct { vic_verity_sb_t sb; - } - verity; + } verity; }; static int _set_pbkdf_type( @@ -332,14 +329,14 @@ int crypt_format( } if ((r = luks1_format( - cd->bd, - cipher_name, - cipher_mode, - uuid, - hash, - 0, /* mk_iterations */ - (const vic_key_t*)volume_key, - volume_key_size)) != VIC_OK) + cd->bd, + cipher_name, + cipher_mode, + uuid, + hash, + 0, /* mk_iterations */ + (const vic_key_t*)volume_key, + volume_key_size)) != VIC_OK) { ERAISE(EINVAL); } @@ -393,16 +390,16 @@ int crypt_format( ECHECK(STRLCPY(cd->luks2.cipher, cipher)); if ((r = luks2_format( - cd->bd, - label, - subsystem, - cipher, - uuid, - hash, - iterations, - (const vic_key_t*)volume_key, - volume_key_size, - p->integrity)) != VIC_OK) + cd->bd, + label, + subsystem, + cipher, + uuid, + hash, + iterations, + (const vic_key_t*)volume_key, + volume_key_size, + p->integrity)) != VIC_OK) { ERAISE(EINVAL); } @@ -469,12 +466,12 @@ int crypt_keyslot_add_by_key( vic_result_t r; if ((r = luks1_add_key_by_master_key( - cd->bd, - 0, - (const vic_key_t*)volume_key, - volume_key_size, - passphrase, - passphrase_size)) != VIC_OK) + cd->bd, + 0, + (const vic_key_t*)volume_key, + volume_key_size, + passphrase, + passphrase_size)) != VIC_OK) { ERAISE(EINVAL); } @@ -482,8 +479,7 @@ int crypt_keyslot_add_by_key( else if (_is_luks2(cd->type)) { vic_result_t r; - vic_kdf_t kdf = - { + vic_kdf_t kdf = { .hash = cd->luks2.pbkdf.hash, .iterations = cd->luks2.pbkdf.iterations, .time = cd->luks2.pbkdf.time_ms, @@ -492,14 +488,14 @@ int crypt_keyslot_add_by_key( }; if ((r = luks2_add_key_by_master_key( - cd->bd, - cd->luks2.cipher, - cd->luks2.pbkdf.type, - &kdf, - (const vic_key_t*)volume_key, - volume_key_size, - passphrase, - passphrase_size)) != VIC_OK) + cd->bd, + cd->luks2.cipher, + cd->luks2.pbkdf.type, + &kdf, + (const vic_key_t*)volume_key, + volume_key_size, + passphrase, + passphrase_size)) != VIC_OK) { ERAISE(EINVAL); } @@ -677,8 +673,8 @@ int crypt_activate_by_passphrase( ECHECK(_force_open_for_write(cd)); /* Use the passphrase to recover the master key */ - if (luks1_recover_master_key(cd->bd, passphrase, passphrase_size, - &key, &key_size) != VIC_OK) + if (luks1_recover_master_key( + cd->bd, passphrase, passphrase_size, &key, &key_size) != VIC_OK) { ERAISE(EIO); } @@ -700,12 +696,12 @@ int crypt_activate_by_passphrase( ECHECK(_force_open_for_write(cd)); if (luks2_open_by_passphrase( - cd->bd, - cd->luks2.hdr, - cd->path, - name, - passphrase, - passphrase_size) != VIC_OK) + cd->bd, + cd->luks2.hdr, + cd->path, + name, + passphrase, + passphrase_size) != VIC_OK) { ERAISE(EIO); } @@ -802,11 +798,11 @@ int crypt_activate_by_volume_key( ERAISE(EINVAL); if (vic_verity_open( - name, - cd->bd, - cd->hbd, - volume_key, /* root hash */ - volume_key_size) != VIC_OK) + name, + cd->bd, + cd->hbd, + volume_key, /* root hash */ + volume_key_size) != VIC_OK) { ERAISE(EIO); } @@ -821,7 +817,7 @@ int crypt_activate_by_volume_key( return ret; } -int crypt_get_volume_key_size(struct crypt_device *cd) +int crypt_get_volume_key_size(struct crypt_device* cd) { int ret = 0; diff --git a/src/vicsetup/libvicsetup/loop.c b/src/vicsetup/libvicsetup/loop.c index 2b15eca52..93b556134 100644 --- a/src/vicsetup/libvicsetup/loop.c +++ b/src/vicsetup/libvicsetup/loop.c @@ -1,14 +1,14 @@ -#include -#include -#include -#include #include -#include -#include -#include +#include +#include #include +#include +#include +#include #include -#include +#include +#include +#include #include "loop.h" #include "raise.h" diff --git a/src/vicsetup/libvicsetup/loop.h b/src/vicsetup/libvicsetup/loop.h index 241d6db4e..f03fef1fa 100644 --- a/src/vicsetup/libvicsetup/loop.h +++ b/src/vicsetup/libvicsetup/loop.h @@ -1,8 +1,8 @@ #ifndef _VIC_LOOP_H #define _VIC_LOOP_H -#include #include +#include #include "vic.h" diff --git a/src/vicsetup/libvicsetup/luks.c b/src/vicsetup/libvicsetup/luks.c index a1c5940bf..9e2d03bf2 100644 --- a/src/vicsetup/libvicsetup/luks.c +++ b/src/vicsetup/libvicsetup/luks.c @@ -1,21 +1,21 @@ -#include -#include #include -#include +#include #include +#include +#include +#include #include -#include -#include "vic.h" -#include "lukscommon.h" #include "byteorder.h" -#include "luks2.h" -#include "luks1.h" -#include "raise.h" +#include "dm.h" #include "hexdump.h" #include "integrity.h" -#include "dm.h" +#include "luks1.h" +#include "luks2.h" +#include "lukscommon.h" +#include "raise.h" #include "strings.h" +#include "vic.h" VIC_STATIC_ASSERT(VIC_OFFSETOF(vic_luks_hdr_t, magic) == 0); VIC_STATIC_ASSERT(VIC_OFFSETOF(vic_luks_hdr_t, version) == 6); @@ -63,11 +63,13 @@ int vic_luks_read_hdr(vic_blockdev_t* device, vic_luks_hdr_t* hdr) /* Reject null parameters */ if (!_is_valid_device(device) || !hdr) - goto done;; + goto done; + ; /* Read one blocks to obtain enough bytes for the header */ if (vic_blockdev_get(device, 0, block, 1) != VIC_OK) - goto done;; + goto done; + ; VIC_STATIC_ASSERT(sizeof(vic_luks_hdr_t) <= sizeof(block)); memcpy(hdr, &block, sizeof(vic_luks_hdr_t)); @@ -75,7 +77,8 @@ int vic_luks_read_hdr(vic_blockdev_t* device, vic_luks_hdr_t* hdr) if (memcmp(hdr->magic, _magic_1st, sizeof(_magic_1st)) != 0 && memcmp(hdr->magic, _magic_2nd, sizeof(_magic_2nd)) != 0) { - goto done;; + goto done; + ; } /* Adjust byte order from big-endian to native */ @@ -166,20 +169,12 @@ vic_result_t vic_luks_recover_master_key( if (hdr.version == LUKS_VERSION_1) { CHECK(luks1_recover_master_key( - device, - pwd, - pwd_size, - master_key, - master_key_bytes)); + device, pwd, pwd_size, master_key, master_key_bytes)); } else if (hdr.version == LUKS_VERSION_2) { CHECK(luks2_recover_master_key( - device, - pwd, - pwd_size, - master_key, - master_key_bytes)); + device, pwd, pwd_size, master_key, master_key_bytes)); } else { @@ -218,7 +213,7 @@ static vic_result_t _split_cipher( vic_strlcpy(cipher_name, cipher, LUKS_CIPHER_NAME_SIZE); cipher_name[offset] = '\0'; - vic_strlcpy(cipher_mode, &cipher[offset+1], LUKS_CIPHER_MODE_SIZE); + vic_strlcpy(cipher_mode, &cipher[offset + 1], LUKS_CIPHER_MODE_SIZE); done: return result; @@ -382,13 +377,13 @@ vic_result_t vic_luks_change_key( if (hdr.version == LUKS_VERSION_1) { - CHECK(luks1_change_key(device, old_pwd, old_pwd_size, new_pwd, - new_pwd_size)); + CHECK(luks1_change_key( + device, old_pwd, old_pwd_size, new_pwd, new_pwd_size)); } else if (hdr.version == LUKS_VERSION_2) { - CHECK(luks2_change_key(device, old_pwd, old_pwd_size, new_pwd, - new_pwd_size)); + CHECK(luks2_change_key( + device, old_pwd, old_pwd_size, new_pwd, new_pwd_size)); } else { @@ -530,7 +525,6 @@ vic_result_t vic_luks_close(const char* name) return result; } - vic_result_t vic_luks_add_key_by_master_key( vic_blockdev_t* device, const char* keyslot_cipher, diff --git a/src/vicsetup/libvicsetup/luks1.c b/src/vicsetup/libvicsetup/luks1.c index 0d6aca554..2f3dc7322 100644 --- a/src/vicsetup/libvicsetup/luks1.c +++ b/src/vicsetup/libvicsetup/luks1.c @@ -1,33 +1,32 @@ -#include +#include +#include +#include #include +#include #include +#include #include #include #include -#include -#include -#include #include -#include #include -#include -#include #include -#include +#include +#include -#include "luks1.h" -#include "vic.h" #include "byteorder.h" -#include "strings.h" +#include "crypto.h" +#include "dm.h" +#include "goto.h" #include "hash.h" -#include "lukscommon.h" #include "hexdump.h" +#include "luks1.h" +#include "lukscommon.h" #include "raise.h" -#include "crypto.h" -#include "uuid.h" -#include "dm.h" #include "round.h" -#include "goto.h" +#include "strings.h" +#include "uuid.h" +#include "vic.h" /* **============================================================================== @@ -116,8 +115,7 @@ static void _fix_luks1_hdr_byte_order(luks1_hdr_t* hdr) static bool _valid_cipher_name(const char* cipher_name) { - static const char* _cipher_names[] = - { + static const char* _cipher_names[] = { LUKS_CIPHER_NAME_AES, LUKS_CIPHER_NAME_TWOFISH, LUKS_CIPHER_NAME_SERPENT, @@ -139,8 +137,7 @@ static bool _valid_cipher_name(const char* cipher_name) static bool _valid_cipher_mode(const char* cipher_mode) { - static const char* _cipher_modes[] = - { + static const char* _cipher_modes[] = { LUKS_CIPHER_MODE_ECB, LUKS_CIPHER_MODE_CBC_PLAIN, LUKS_CIPHER_MODE_CBC_ESSIV, @@ -164,8 +161,7 @@ static bool _valid_cipher_mode(const char* cipher_mode) static bool _valid_hash_spec(const char* hash_spec) { - static const char* _hash_specs[] = - { + static const char* _hash_specs[] = { VIC_HASH_SPEC_SHA1, VIC_HASH_SPEC_SHA256, VIC_HASH_SPEC_SHA512, @@ -352,7 +348,7 @@ static int _gen_iv( if (!hdr || !iv || !key) GOTO(done); - if (strcmp(LUKS_CIPHER_MODE_ECB, hdr->cipher_mode) == 0) + if (strcmp(LUKS_CIPHER_MODE_ECB, hdr->cipher_mode) == 0) { memset(iv, 0, LUKS_IV_SIZE); ret = 0; @@ -380,7 +376,7 @@ static int _gen_iv( /* Use the SHA256-generated hash as the key */ if (mbedtls_aes_setkey_enc( - &aes_ctx, hash.u.sha256, sizeof(hash.u.sha256) * 8) != 0) + &aes_ctx, hash.u.sha256, sizeof(hash.u.sha256) * 8) != 0) { GOTO(done); } @@ -470,13 +466,13 @@ static int _crypt( pos = i * block_size; if ((r = mbedtls_cipher_crypt( - &ctx, - iv, /* iv */ - LUKS_IV_SIZE, /* iv_size */ - data_in + pos, /* input */ - block_size, /* ilen */ - data_out + pos, /* output */ - &olen)) != 0) /* olen */ + &ctx, + iv, /* iv */ + LUKS_IV_SIZE, /* iv_size */ + data_in + pos, /* input */ + block_size, /* ilen */ + data_out + pos, /* output */ + &olen)) != 0) /* olen */ { printf("r=%d\n", r); printf("%d\n", MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED); @@ -499,7 +495,7 @@ static int _encrypt( const luks1_hdr_t* hdr, const vic_key_t* key, const uint8_t* data_in, - uint8_t *data_out, + uint8_t* data_out, size_t data_size, uint64_t sector) { @@ -511,7 +507,7 @@ static int _decrypt( const luks1_hdr_t* hdr, const vic_key_t* key, const uint8_t* data_in, - uint8_t *data_out, + uint8_t* data_out, size_t data_size, uint64_t sector) { @@ -701,14 +697,14 @@ static int _initialize_hdr( /* Derive the digest from the master key and the salt */ if (vic_pbkdf2( - master_key->buf, - master_key_bytes, - hdr->mk_digest_salt, - sizeof(hdr->mk_digest_salt), - hdr->mk_digest_iter, - hdr->hash_spec, - hdr->mk_digest, - sizeof(hdr->mk_digest)) != 0) + master_key->buf, + master_key_bytes, + hdr->mk_digest_salt, + sizeof(hdr->mk_digest_salt), + hdr->mk_digest_iter, + hdr->hash_spec, + hdr->mk_digest, + sizeof(hdr->mk_digest)) != 0) { GOTO(done); } @@ -728,7 +724,7 @@ static int _initialize_hdr( /* Initialize the key slots */ for (size_t i = 0; i < LUKS_NUM_KEYS; i++) { - vic_luks_keyslot_t* ks = &hdr->keyslots[i]; + vic_luks_keyslot_t* ks = &hdr->keyslots[i]; ks->active = LUKS_KEY_DISABLED; ks->stripes = stripes; @@ -770,7 +766,7 @@ static int _add_key( size_t* index_out) { int ret = -1; - vic_luks_keyslot_t* ks = NULL; + vic_luks_keyslot_t* ks = NULL; uint8_t* plain = NULL; uint8_t* cipher = NULL; vic_key_t pbkdf2_key; @@ -821,24 +817,21 @@ static int _add_key( GOTO(done); if (vic_pbkdf2( - (const uint8_t*)pwd, - pwd_size, - ks->salt, - sizeof(ks->salt), - ks->iterations, - hdr->hash_spec, - &pbkdf2_key, - hdr->key_bytes) != 0) + (const uint8_t*)pwd, + pwd_size, + ks->salt, + sizeof(ks->salt), + ks->iterations, + hdr->hash_spec, + &pbkdf2_key, + hdr->key_bytes) != 0) { GOTO(done); } if (vic_afsplit( - hdr->hash_spec, - master_key, - hdr->key_bytes, - ks->stripes, - plain) != 0) + hdr->hash_spec, master_key, hdr->key_bytes, ks->stripes, plain) != + 0) { GOTO(done); } @@ -903,14 +896,14 @@ static vic_result_t _find_key_by_pwd( vic_luks_keyslot_t* ks = &hdr->keyslots[i]; if (vic_pbkdf2( - (const uint8_t*)pwd, - pwd_size, - ks->salt, - sizeof(ks->salt), - ks->iterations, - hdr->hash_spec, - &pbkdf2_key, - hdr->key_bytes) != 0) + (const uint8_t*)pwd, + pwd_size, + ks->salt, + sizeof(ks->salt), + ks->iterations, + hdr->hash_spec, + &pbkdf2_key, + hdr->key_bytes) != 0) { RAISE(VIC_PBKDF2_FAILED); } @@ -930,24 +923,21 @@ static vic_result_t _find_key_by_pwd( RAISE(VIC_DECRYPT_FAILED); if (vic_afmerge( - hdr->key_bytes, - ks->stripes, - hdr->hash_spec, - plain, - &mk) != 0) + hdr->key_bytes, ks->stripes, hdr->hash_spec, plain, &mk) != + 0) { RAISE(VIC_AFMERGE_FAILED); } if (vic_pbkdf2( - &mk, - hdr->key_bytes, - hdr->mk_digest_salt, - sizeof(hdr->mk_digest_salt), - hdr->mk_digest_iter, - hdr->hash_spec, - mk_digest, - sizeof(mk_digest)) != 0) + &mk, + hdr->key_bytes, + hdr->mk_digest_salt, + sizeof(hdr->mk_digest_salt), + hdr->mk_digest_iter, + hdr->hash_spec, + mk_digest, + sizeof(mk_digest)) != 0) { RAISE(VIC_PBKDF2_FAILED); } @@ -1038,15 +1028,15 @@ vic_result_t luks1_format( /* Initialize the hdr struct */ if (_initialize_hdr( - &hdr, - LUKS_VERSION_1, - cipher_name, - cipher_mode, - master_key, - master_key_bytes, - hash, - uuid, - mk_iterations) != 0) + &hdr, + LUKS_VERSION_1, + cipher_name, + cipher_mode, + master_key, + master_key_bytes, + hash, + uuid, + mk_iterations) != 0) { RAISE(VIC_FAILED); } @@ -1140,8 +1130,15 @@ vic_result_t luks1_add_key( RAISE(VIC_FAILED); } - if (_add_key(hdr, &mk, new_pwd, new_pwd_size, slot_iterations, &data, - &size, &index) != 0) + if (_add_key( + hdr, + &mk, + new_pwd, + new_pwd_size, + slot_iterations, + &data, + &size, + &index) != 0) { RAISE(VIC_FAILED); } @@ -1198,14 +1195,14 @@ vic_result_t luks1_add_key_by_master_key( slot_iterations = LUKS_MIN_SLOT_ITERATIONS; if (_add_key( - hdr, - master_key, - pwd, - pwd_size, - slot_iterations, - &data, - &size, - &index) != 0) + hdr, + master_key, + pwd, + pwd_size, + slot_iterations, + &data, + &size, + &index) != 0) { RAISE(VIC_FAILED); } @@ -1354,24 +1351,20 @@ vic_result_t luks1_change_key( GOTO(done); if (vic_pbkdf2( - (const uint8_t*)new_pwd, - new_pwd_size, - ks->salt, - sizeof(ks->salt), - ks->iterations, - hdr->hash_spec, - &pbkdf2_key, - hdr->key_bytes) != 0) + (const uint8_t*)new_pwd, + new_pwd_size, + ks->salt, + sizeof(ks->salt), + ks->iterations, + hdr->hash_spec, + &pbkdf2_key, + hdr->key_bytes) != 0) { GOTO(done); } - if (vic_afsplit( - hdr->hash_spec, - &mk, - hdr->key_bytes, - ks->stripes, - plain) != 0) + if (vic_afsplit(hdr->hash_spec, &mk, hdr->key_bytes, ks->stripes, plain) != + 0) { GOTO(done); } @@ -1475,27 +1468,32 @@ vic_result_t luks1_open( { vic_strlcpy(cipher, "aes-cbc-essiv:sha256", sizeof(cipher)); } - else if (strcmp(hdr->cipher_name, LUKS_CIPHER_NAME_AES) == 0 && + else if ( + strcmp(hdr->cipher_name, LUKS_CIPHER_NAME_AES) == 0 && strcmp(hdr->cipher_mode, LUKS_CIPHER_MODE_XTS_PLAIN64) == 0) { vic_strlcpy(cipher, "aes-xts-plain64", sizeof(cipher)); } - else if (strcmp(hdr->cipher_name, LUKS_CIPHER_NAME_TWOFISH) == 0 && + else if ( + strcmp(hdr->cipher_name, LUKS_CIPHER_NAME_TWOFISH) == 0 && strcmp(hdr->cipher_mode, LUKS_CIPHER_MODE_ECB) == 0) { vic_strlcpy(cipher, "twofish-ecb", sizeof(cipher)); } - else if (strcmp(hdr->cipher_name, LUKS_CIPHER_NAME_SERPENT) == 0 && + else if ( + strcmp(hdr->cipher_name, LUKS_CIPHER_NAME_SERPENT) == 0 && strcmp(hdr->cipher_mode, LUKS_CIPHER_MODE_CBC_PLAIN) == 0) { vic_strlcpy(cipher, "serpent-cbc-plain", sizeof(cipher)); } - else if (strcmp(hdr->cipher_name, LUKS_CIPHER_NAME_AES) == 0 && + else if ( + strcmp(hdr->cipher_name, LUKS_CIPHER_NAME_AES) == 0 && strcmp(hdr->cipher_mode, LUKS_CIPHER_MODE_CBC_PLAIN) == 0) { vic_strlcpy(cipher, "aes-cbc-plain", sizeof(cipher)); } - else if (strcmp(hdr->cipher_name, LUKS_CIPHER_NAME_AES) == 0 && + else if ( + strcmp(hdr->cipher_name, LUKS_CIPHER_NAME_AES) == 0 && strcmp(hdr->cipher_mode, LUKS_CIPHER_MODE_ECB) == 0) { vic_strlcpy(cipher, "aes-ecb", sizeof(cipher)); diff --git a/src/vicsetup/libvicsetup/luks1.h b/src/vicsetup/libvicsetup/luks1.h index 0998c39e6..40173023d 100644 --- a/src/vicsetup/libvicsetup/luks1.h +++ b/src/vicsetup/libvicsetup/luks1.h @@ -1,13 +1,13 @@ #ifndef _VIC_LUKS1_H #define _VIC_LUKS1_H -#include -#include #include +#include +#include #include "defs.h" -#include "vic.h" #include "lukscommon.h" +#include "vic.h" #define LUKS_CIPHER_NAME_AES "aes" #define LUKS_CIPHER_NAME_TWOFISH "twofish" @@ -36,8 +36,7 @@ typedef struct vic_luks_keyslot uint8_t salt[LUKS_SALT_SIZE]; uint32_t key_material_offset; uint32_t stripes; -} -vic_luks_keyslot_t; +} vic_luks_keyslot_t; VIC_STATIC_ASSERT(VIC_OFFSETOF(vic_luks_keyslot_t, active) == 0); VIC_STATIC_ASSERT(VIC_OFFSETOF(vic_luks_keyslot_t, iterations) == 4); @@ -60,8 +59,7 @@ typedef struct luks1_hdr uint32_t mk_digest_iter; char uuid[VIC_UUID_STRING_SIZE]; vic_luks_keyslot_t keyslots[LUKS_NUM_KEYS]; -} -luks1_hdr_t; +} luks1_hdr_t; VIC_STATIC_ASSERT(VIC_OFFSETOF(luks1_hdr_t, magic) == 0); VIC_STATIC_ASSERT(VIC_OFFSETOF(luks1_hdr_t, version) == 6); diff --git a/src/vicsetup/libvicsetup/luks2.c b/src/vicsetup/libvicsetup/luks2.c index 1e90afba5..231dbbe6e 100644 --- a/src/vicsetup/libvicsetup/luks2.c +++ b/src/vicsetup/libvicsetup/luks2.c @@ -1,40 +1,39 @@ -#include +#include +#include +#include +#include +#include +#include #include +#include #include +#include #include #include #include -#include -#include -#include #include -#include #include -#include -#include #include -#include +#include +#include #include -#include +#include #include -#include -#include -#include -#include "luks2.h" -#include "vic.h" #include "byteorder.h" -#include "strings.h" -#include "lukscommon.h" -#include "hexdump.h" -#include "raise.h" -#include "hash.h" #include "crypto.h" -#include "trace.h" #include "dm.h" +#include "goto.h" +#include "hash.h" +#include "hexdump.h" #include "integrity.h" +#include "luks2.h" +#include "lukscommon.h" +#include "raise.h" #include "round.h" -#include "goto.h" +#include "strings.h" +#include "trace.h" +#include "vic.h" /* **============================================================================== @@ -145,8 +144,7 @@ typedef struct json_callback_data luks2_ext_hdr_t* hdr; size_t depth; const char* path[MAX_JSON_PATH]; -} -json_callback_data_t; +} json_callback_data_t; static int _strtou64(uint64_t* x, const char* str) { @@ -174,8 +172,7 @@ static vic_kdf_t* _get_default_kdf(const char* kdf_type) { if (strcmp(kdf_type, "pbkdf2") == 0) { - static vic_kdf_t _pbkdf2 = - { + static vic_kdf_t _pbkdf2 = { .hash = "sha256", .iterations = DEFAULT_KDF_ITERATIONS, }; @@ -184,8 +181,7 @@ static vic_kdf_t* _get_default_kdf(const char* kdf_type) } else if (strncmp(kdf_type, "argon2i", 7) == 0) { - static vic_kdf_t _argon2i = - { + static vic_kdf_t _argon2i = { .time = DEFAULT_KDF_TIME, .memory = DEFAULT_KDF_MEMORY, .cpus = DEFAULT_KDF_CPUS, @@ -199,8 +195,7 @@ static vic_kdf_t* _get_default_kdf(const char* kdf_type) static bool _valid_pbkdf_type(const char* type) { - if (strcmp(type, "pbkdf2") == 0 || - strcmp(type, "argon2i") == 0 || + if (strcmp(type, "pbkdf2") == 0 || strcmp(type, "argon2i") == 0 || strcmp(type, "argon2id") == 0) { return true; @@ -376,8 +371,7 @@ static json_result_t _json_read_callback( GOTO(done); } } - else if (json_match( - parser, "keyslots.#.kdf.iterations") == JSON_OK) + else if (json_match(parser, "keyslots.#.kdf.iterations") == JSON_OK) { uint64_t i = parser->path[1].number; @@ -417,16 +411,16 @@ static json_result_t _json_read_callback( size_t olen; if (mbedtls_base64_decode( - ks->kdf.salt, - sizeof(ks->kdf.salt), - &olen, - (const unsigned char*)un->string, - strlen(un->string)) != 0) - { + ks->kdf.salt, + sizeof(ks->kdf.salt), + &olen, + (const unsigned char*)un->string, + strlen(un->string)) != 0) { - result = JSON_TYPE_MISMATCH; - GOTO(done); - } + { + result = JSON_TYPE_MISMATCH; + GOTO(done); + } } if (olen != LUKS_SALT_SIZE) @@ -505,8 +499,8 @@ static json_result_t _json_read_callback( GOTO(done); } } - else if (json_match( - parser, "keyslots.#.area.encryption") == JSON_OK) + else if ( + json_match(parser, "keyslots.#.area.encryption") == JSON_OK) { uint64_t i = parser->path[1].number; @@ -525,8 +519,7 @@ static json_result_t _json_read_callback( GOTO(done); } } - else if (json_match( - parser, "keyslots.#.area.key_size") == JSON_OK) + else if (json_match(parser, "keyslots.#.area.key_size") == JSON_OK) { uint64_t i = parser->path[1].number; @@ -539,8 +532,7 @@ static json_result_t _json_read_callback( luks2_keyslot_t* ks = &data->hdr->keyslots[i]; ks->area.key_size = un->integer; } - else if (json_match( - parser, "keyslots.#.area.offset") == JSON_OK) + else if (json_match(parser, "keyslots.#.area.offset") == JSON_OK) { uint64_t i = parser->path[1].number; @@ -643,7 +635,7 @@ static json_result_t _json_read_callback( luks2_segment_t* seg = &data->hdr->segments[i]; - if (strcmp(un->string , "dynamic") == 0) + if (strcmp(un->string, "dynamic") == 0) seg->size = (uint64_t)-1; else if (_strtou64(&seg->size, un->string) != 0) { @@ -670,8 +662,7 @@ static json_result_t _json_read_callback( GOTO(done); } } - else if (json_match( - parser, "segments.#.sector_size") == JSON_OK) + else if (json_match(parser, "segments.#.sector_size") == JSON_OK) { uint64_t i = parser->path[1].number; @@ -684,8 +675,7 @@ static json_result_t _json_read_callback( luks2_segment_t* seg = &data->hdr->segments[i]; seg->sector_size = un->integer; } - else if (json_match( - parser, "segments.#.integrity.type") == JSON_OK) + else if (json_match(parser, "segments.#.integrity.type") == JSON_OK) { uint64_t i = parser->path[1].number; @@ -704,8 +694,9 @@ static json_result_t _json_read_callback( GOTO(done); } } - else if (json_match(parser, - "segments.#.integrity.journal_encryption") == JSON_OK) + else if ( + json_match(parser, "segments.#.integrity.journal_encryption") == + JSON_OK) { uint64_t i = parser->path[1].number; @@ -731,8 +722,9 @@ static json_result_t _json_read_callback( GOTO(done); } } - else if (json_match(parser, - "segments.#.integrity.journal_integrity") == JSON_OK) + else if ( + json_match(parser, "segments.#.integrity.journal_integrity") == + JSON_OK) { uint64_t i = parser->path[1].number; @@ -884,16 +876,16 @@ static json_result_t _json_read_callback( size_t olen; if (mbedtls_base64_decode( - digest->salt, - sizeof(digest->salt), - &olen, - (const unsigned char*)un->string, - strlen(un->string)) != 0) + digest->salt, + sizeof(digest->salt), + &olen, + (const unsigned char*)un->string, + strlen(un->string)) != 0) { - { - result = JSON_TYPE_MISMATCH; - GOTO(done); - } + { + result = JSON_TYPE_MISMATCH; + GOTO(done); + } } if (olen != LUKS_SALT_SIZE) @@ -916,11 +908,11 @@ static json_result_t _json_read_callback( size_t olen; if (mbedtls_base64_decode( - digest->digest, - sizeof(digest->digest), - &olen, - (const unsigned char*)un->string, - strlen(un->string)) != 0) + digest->digest, + sizeof(digest->digest), + &olen, + (const unsigned char*)un->string, + strlen(un->string)) != 0) { result = JSON_TYPE_MISMATCH; GOTO(done); @@ -973,8 +965,7 @@ typedef struct _traits { const char* sp; const char* nl; -} -traits_t; +} traits_t; static void _indent(FILE* os, size_t indent, traits_t t) { @@ -1015,12 +1006,7 @@ static void _put_base64_field( memset(buf, 0, sizeof(buf)); - if (mbedtls_base64_encode( - buf, - sizeof(buf), - &olen, - data, - size) != 0) + if (mbedtls_base64_encode(buf, sizeof(buf), &olen, data, size) != 0) { assert(false); } @@ -1059,8 +1045,8 @@ static void _dump_keyslot( if (strcmp(p->kdf.type, "pbkdf2") == 0) { _indent(os, indent, t); - fprintf(os, "\"iterations\":%s%lu,%s", - t.sp, p->kdf.iterations, t.nl); + fprintf( + os, "\"iterations\":%s%lu,%s", t.sp, p->kdf.iterations, t.nl); _indent(os, indent, t); _put_str_field(os, "hash", p->kdf.hash, ",", t); @@ -1172,8 +1158,8 @@ static void _dump_segment( { const char* comma = p->integrity.type[0] ? "," : ""; _indent(os, indent, t); - fprintf(os, "\"sector_size\":%s%lu%s%s", - t.sp, p->sector_size, comma, t.nl); + fprintf( + os, "\"sector_size\":%s%lu%s%s", t.sp, p->sector_size, comma, t.nl); } /* dump integrity object if any */ @@ -1420,12 +1406,20 @@ static int _dump_json_objects( fprintf(os, "\"config\":%s{%s", t.sp, t.nl); _indent(os, indent, t); - fprintf(os, "\"json_size\":%s\"%lu\",%s", - t.sp, ext->config.json_size, t.nl); + fprintf( + os, + "\"json_size\":%s\"%lu\",%s", + t.sp, + ext->config.json_size, + t.nl); _indent(os, indent, t); - fprintf(os, "\"keyslots_size\":%s\"%lu\"%s", - t.sp, ext->config.keyslots_size, t.nl); + fprintf( + os, + "\"keyslots_size\":%s\"%lu\"%s", + t.sp, + ext->config.keyslots_size, + t.nl); _indent(os, --indent, t); fprintf(os, "}%s", t.nl); @@ -1443,7 +1437,7 @@ static int _dump_json_objects( static char* _to_json(luks2_ext_hdr_t* hdr) { char* ret = NULL; - traits_t t = { "", "" }; + traits_t t = {"", ""}; FILE* os; char* data = NULL; size_t size; @@ -1471,10 +1465,7 @@ static char* _to_json(luks2_ext_hdr_t* hdr) return ret; } -static void _dump_binary_hdr( - FILE* os, - const luks2_hdr_t* hdr, - size_t indent); +static void _dump_binary_hdr(FILE* os, const luks2_hdr_t* hdr, size_t indent); static int _calculate_csum( const luks2_hdr_t* hdr, @@ -1539,12 +1530,9 @@ static int _calculate_csum( return ret; } -static void _dump_binary_hdr( - FILE* os, - const luks2_hdr_t* hdr, - size_t indent) +static void _dump_binary_hdr(FILE* os, const luks2_hdr_t* hdr, size_t indent) { - traits_t t = { " ", "\n" }; + traits_t t = {" ", "\n"}; _indent(os, indent++, t); printf("{\n"); @@ -1590,8 +1578,8 @@ static void _dump_binary_hdr( _indent(os, indent, t); printf("csum:\n"); - vic_hexdump(hdr->csum, vic_hash_size(hdr->csum_alg), - true, true, indent + 1); + vic_hexdump( + hdr->csum, vic_hash_size(hdr->csum_alg), true, true, indent + 1); _indent(os, --indent, t); printf("}\n"); @@ -1618,11 +1606,11 @@ int luks2_dump_hdr(const luks2_hdr_t* hdr) size_t hash_size; if (_calculate_csum( - &ext->phdr, - ext->json_data, - ext->json_size, - &hash, - &hash_size) != 0) + &ext->phdr, + ext->json_data, + ext->json_size, + &hash, + &hash_size) != 0) { GOTO(done); } @@ -1638,12 +1626,11 @@ int luks2_dump_hdr(const luks2_hdr_t* hdr) /* Dump the JSON objects */ { - traits_t t = { " ", "\n" }; + traits_t t = {" ", "\n"}; if (_dump_json_objects(stdout, ext, 1, t) != 0) GOTO(done); } - } printf("}\n"); @@ -1660,29 +1647,24 @@ typedef struct /* The size of the JSON area in kilobytes */ uint64_t json_kbytes; -} -sec_hdr_offset_t; - -static sec_hdr_offset_t _sec_hdr_offsets[] = -{ - { 16384, 12 }, /* default header size */ - { 32768, 28 }, - { 65536, 60 }, - { 131072, 124 }, - { 262144, 252 }, - { 524288, 508 }, - { 1048576, 1020 }, - { 2097152, 2044 }, - { 4194304, 4092 }, +} sec_hdr_offset_t; + +static sec_hdr_offset_t _sec_hdr_offsets[] = { + {16384, 12}, /* default header size */ + {32768, 28}, + {65536, 60}, + {131072, 124}, + {262144, 252}, + {524288, 508}, + {1048576, 1020}, + {2097152, 2044}, + {4194304, 4092}, }; -static int _read_binary_hdr( - vic_blockdev_t* dev, - luks2_hdr_t* hdr, - bool primary) +static int _read_binary_hdr(vic_blockdev_t* dev, luks2_hdr_t* hdr, bool primary) { int ret = -1; - size_t blkno = primary ? 0 : (DEFAULT_HDR_SIZE / VIC_SECTOR_SIZE); + size_t blkno = primary ? 0 : (DEFAULT_HDR_SIZE / VIC_SECTOR_SIZE); uint8_t blocks[sizeof(luks2_hdr_t)]; const size_t nblocks = sizeof(blocks) / VIC_SECTOR_SIZE; @@ -1936,11 +1918,11 @@ int luks2_read_hdr(vic_blockdev_t* dev, luks2_hdr_t** hdr_out) size_t hash_size; if (_calculate_csum( - &ext->phdr, - ext->json_data, - ext->json_size, - &hash, - &hash_size) != 0) + &ext->phdr, + ext->json_data, + ext->json_size, + &hash, + &hash_size) != 0) { GOTO(done); } @@ -1952,13 +1934,12 @@ int luks2_read_hdr(vic_blockdev_t* dev, luks2_hdr_t** hdr_out) /* Parse and read the JSON elements */ { json_parser_t parser; - static json_allocator_t allocator = - { + static json_allocator_t allocator = { malloc, free, }; - json_callback_data_t callback_data = { ext, 0, { 0 } }; + json_callback_data_t callback_data = {ext, 0, {0}}; /* Copy the JSON data since the parser destroys its input */ { @@ -1968,17 +1949,17 @@ int luks2_read_hdr(vic_blockdev_t* dev, luks2_hdr_t** hdr_out) memcpy(data, ext->json_data, ext->json_size); } - const json_parser_options_t options = { 1 }; + const json_parser_options_t options = {1}; /* Initialize the JSON parser */ if (json_parser_init( - &parser, - data, - ext->json_size, - _json_read_callback, - &callback_data, - &allocator, - &options) != JSON_OK) + &parser, + data, + ext->json_size, + _json_read_callback, + &callback_data, + &allocator, + &options) != JSON_OK) { GOTO(done); } @@ -2006,11 +1987,8 @@ int luks2_read_hdr(vic_blockdev_t* dev, luks2_hdr_t** hdr_out) size_t hash_size; if (_calculate_csum( - shdr, - ext->json_data, - ext->json_size, - &hash, - &hash_size) != 0) + shdr, ext->json_data, ext->json_size, &hash, &hash_size) != + 0) { GOTO(done); } @@ -2159,7 +2137,7 @@ static int _gen_iv( /* Use the SHA256-generated hash as the key */ if (mbedtls_aes_setkey_enc( - &aes_ctx, hash.u.sha256, sizeof(hash.u.sha256) * 8) != 0) + &aes_ctx, hash.u.sha256, sizeof(hash.u.sha256) * 8) != 0) { GOTO(done); } @@ -2191,7 +2169,7 @@ static int _crypt( size_t key_bytes, const vic_key_t* key, const uint8_t* data_in, - uint8_t *data_out, + uint8_t* data_out, size_t data_size, uint64_t sector) { @@ -2229,13 +2207,13 @@ static int _crypt( pos = i * block_len; if (mbedtls_cipher_crypt( - &cipher_ctx, - iv, /* iv */ - LUKS_IV_SIZE, /* iv_size */ - data_in + pos, /* input */ - block_len, /* ilen */ - data_out + pos, /* output */ - &olen) != 0) /* olen */ + &cipher_ctx, + iv, /* iv */ + LUKS_IV_SIZE, /* iv_size */ + data_in + pos, /* input */ + block_len, /* ilen */ + data_out + pos, /* output */ + &olen) != 0) /* olen */ { GOTO(done); } @@ -2254,20 +2232,13 @@ static int _encrypt( uint64_t key_bytes, const vic_key_t* key, const uint8_t* data_in, - uint8_t *data_out, + uint8_t* data_out, size_t data_size, uint64_t sector) { const mbedtls_operation_t op = MBEDTLS_ENCRYPT; return _crypt( - op, - encryption, - key_bytes, - key, - data_in, - data_out, - data_size, - sector); + op, encryption, key_bytes, key, data_in, data_out, data_size, sector); } static int _decrypt( @@ -2275,20 +2246,13 @@ static int _decrypt( uint64_t key_bytes, const vic_key_t* key, const uint8_t* data_in, - uint8_t *data_out, + uint8_t* data_out, size_t data_size, uint64_t sector) { const mbedtls_operation_t op = MBEDTLS_DECRYPT; return _crypt( - op, - encryption, - key_bytes, - key, - data_in, - data_out, - data_size, - sector); + op, encryption, key_bytes, key, data_in, data_out, data_size, sector); } static const luks2_digest_t* _find_digest( @@ -2348,14 +2312,14 @@ static vic_result_t _find_key_by_pwd( if (strcmp(ks->kdf.type, "pbkdf2") == 0) { if (vic_pbkdf2( - pwd, - pwd_size, - ks->kdf.salt, - sizeof(ks->kdf.salt), - ks->kdf.iterations, - ks->kdf.hash, - &pbkdf2_key, - ks->area.key_size) != 0) + pwd, + pwd_size, + ks->kdf.salt, + sizeof(ks->kdf.salt), + ks->kdf.iterations, + ks->kdf.hash, + &pbkdf2_key, + ks->area.key_size) != 0) { RAISE(VIC_PBKDF2_FAILED); } @@ -2363,15 +2327,15 @@ static vic_result_t _find_key_by_pwd( else if (strcmp(ks->kdf.type, "argon2i") == 0) { if (vic_argon2i( - pwd, - pwd_size, - ks->kdf.salt, - sizeof(ks->kdf.salt), - ks->kdf.time, - ks->kdf.memory, - ks->kdf.cpus, - &pbkdf2_key, - ks->area.key_size) != 0) + pwd, + pwd_size, + ks->kdf.salt, + sizeof(ks->kdf.salt), + ks->kdf.time, + ks->kdf.memory, + ks->kdf.cpus, + &pbkdf2_key, + ks->area.key_size) != 0) { RAISE(VIC_ARGON2I_FAILED); } @@ -2379,15 +2343,15 @@ static vic_result_t _find_key_by_pwd( else if (strcmp(ks->kdf.type, "argon2id") == 0) { if (vic_argon2id( - pwd, - pwd_size, - ks->kdf.salt, - sizeof(ks->kdf.salt), - ks->kdf.time, - ks->kdf.memory, - ks->kdf.cpus, - &pbkdf2_key, - ks->area.key_size) != 0) + pwd, + pwd_size, + ks->kdf.salt, + sizeof(ks->kdf.salt), + ks->kdf.time, + ks->kdf.memory, + ks->kdf.cpus, + &pbkdf2_key, + ks->area.key_size) != 0) { RAISE(VIC_ARGON2I_FAILED); } @@ -2398,11 +2362,8 @@ static vic_result_t _find_key_by_pwd( if (!(cipher = calloc(size, 1))) RAISE(VIC_OUT_OF_MEMORY); - if (_read_key_material( - dev, - ks->area.offset, - ks->area.size, - cipher) != 0) + if (_read_key_material(dev, ks->area.offset, ks->area.size, cipher) != + 0) { RAISE(VIC_KEY_MATERIAL_READ_FAILED); } @@ -2411,23 +2372,19 @@ static vic_result_t _find_key_by_pwd( RAISE(VIC_OUT_OF_MEMORY); if (_decrypt( - ks->area.encryption, - ks->area.key_size, - &pbkdf2_key, - cipher, - plain, - size, - 0) != 0) + ks->area.encryption, + ks->area.key_size, + &pbkdf2_key, + cipher, + plain, + size, + 0) != 0) { RAISE(VIC_DECRYPT_FAILED); } if (vic_afmerge( - ks->key_size, - ks->af.stripes, - ks->af.hash, - plain, - &mk) != 0) + ks->key_size, ks->af.stripes, ks->af.hash, plain, &mk) != 0) { RAISE(VIC_AFMERGE_FAILED); } @@ -2441,14 +2398,14 @@ static vic_result_t _find_key_by_pwd( if (strcmp(digest->type, "pbkdf2") == 0) { if (vic_pbkdf2( - &mk, - ks->key_size, - digest->salt, - sizeof(digest->salt), - digest->iterations, - digest->hash, - mk_digest, - digest_size) != 0) + &mk, + ks->key_size, + digest->salt, + sizeof(digest->salt), + digest->iterations, + digest->hash, + mk_digest, + digest_size) != 0) { RAISE(VIC_PBKDF2_FAILED); } @@ -2561,35 +2518,34 @@ static int _init_keyslot( if ((hash_size = vic_hash_size(pbkdf2_hash)) == (size_t)-1) goto done; - luks2_keyslot_t ks = - { + luks2_keyslot_t ks = { .type = "luks2", .key_size = key_size, .kdf = - { - .type = "", - .salt = { 0 }, - /* pbkdf2 */ - .hash = "", - .iterations = 0, - /* argon2 */ - .time = 0, - .memory = 0, - .cpus = 0, - }, + { + .type = "", + .salt = {0}, + /* pbkdf2 */ + .hash = "", + .iterations = 0, + /* argon2 */ + .time = 0, + .memory = 0, + .cpus = 0, + }, .af = - { - .type = "luks1", - .hash = DEFAULT_HASH, - .stripes = DEFAULT_AF_STRIPES, - }, + { + .type = "luks1", + .hash = DEFAULT_HASH, + .stripes = DEFAULT_AF_STRIPES, + }, .area = - { - .type = "raw", - .key_size = area_key_size, - .offset = area_offset, - .size = area_size, - }, + { + .type = "raw", + .key_size = area_key_size, + .offset = area_offset, + .size = area_size, + }, }; if (STRLCPY(ks.kdf.type, pbkdf_type) != 0) @@ -2646,21 +2602,20 @@ static vic_result_t _initialize_hdr( /* hdr */ { - luks2_hdr_t hdr = - { + luks2_hdr_t hdr = { .magic = LUKS_MAGIC_1ST, .version = LUKS_VERSION_2, .hdr_size = hdr_size, .seqid = 1, .label = "", .csum_alg = DEFAULT_HASH, - .salt = { 0 }, + .salt = {0}, .uuid = "", .subsystem = "", .hdr_offset = 0, - ._padding = { 0 }, - .csum = { 0 }, - ._padding4096 = { 0 }, + ._padding = {0}, + .csum = {0}, + ._padding4096 = {0}, }; /* hdr.label */ @@ -2696,8 +2651,7 @@ static vic_result_t _initialize_hdr( /* hdr.segments[] */ { - luks2_segment_t s = - { + luks2_segment_t s = { .type = "crypt", .iv_tweak = 0, .size = (uint64_t)-1, /* dynamic */ @@ -2728,10 +2682,9 @@ static vic_result_t _initialize_hdr( { size_t digest_size; - luks2_digest_t d = - { + luks2_digest_t d = { .type = "pbkdf2", - .segments = { 1 }, + .segments = {1}, .iterations = iterations, }; @@ -2743,14 +2696,14 @@ static vic_result_t _initialize_hdr( vic_random(d.salt, sizeof(d.salt)); if (vic_pbkdf2( - key->buf, - key_size, - d.salt, - sizeof(d.salt), - d.iterations, - d.hash, - d.digest, - digest_size) != 0) + key->buf, + key_size, + d.salt, + sizeof(d.salt), + d.iterations, + d.hash, + d.digest, + digest_size) != 0) { RAISE(VIC_PBKDF2_FAILED); } @@ -2795,11 +2748,7 @@ static vic_result_t _initialize_hdr( size_t hash_size; if (_calculate_csum( - &p->phdr, - p->json_data, - p->json_size, - &hash, - &hash_size) != 0) + &p->phdr, p->json_data, p->json_size, &hash, &hash_size) != 0) { GOTO(done); } @@ -2835,7 +2784,7 @@ static vic_result_t _generate_key_material( if (data_out) *data_out = NULL; - if (!ext || !ks || !key|| !pwd) + if (!ext || !ks || !key || !pwd) RAISE(VIC_BAD_PARAMETER); if (!(plain = calloc(1, ks->area.size))) @@ -2847,14 +2796,14 @@ static vic_result_t _generate_key_material( if (strcmp(ks->kdf.type, "pbkdf2") == 0) { if (vic_pbkdf2( - pwd, - pwd_size, - ks->kdf.salt, - sizeof(ks->kdf.salt), - ks->kdf.iterations, - ks->kdf.hash, - &pbkdf2_key, - ks->area.key_size) != 0) + pwd, + pwd_size, + ks->kdf.salt, + sizeof(ks->kdf.salt), + ks->kdf.iterations, + ks->kdf.hash, + &pbkdf2_key, + ks->area.key_size) != 0) { RAISE(VIC_PBKDF2_FAILED); } @@ -2862,15 +2811,15 @@ static vic_result_t _generate_key_material( else if (strcmp(ks->kdf.type, "argon2i") == 0) { if (vic_argon2i( - pwd, - pwd_size, - ks->kdf.salt, - sizeof(ks->kdf.salt), - ks->kdf.time, - ks->kdf.memory, - ks->kdf.cpus, - &pbkdf2_key, - ks->area.key_size) != 0) + pwd, + pwd_size, + ks->kdf.salt, + sizeof(ks->kdf.salt), + ks->kdf.time, + ks->kdf.memory, + ks->kdf.cpus, + &pbkdf2_key, + ks->area.key_size) != 0) { RAISE(VIC_ARGON2I_FAILED); } @@ -2878,39 +2827,34 @@ static vic_result_t _generate_key_material( else if (strcmp(ks->kdf.type, "argon2id") == 0) { if (vic_argon2id( - pwd, - pwd_size, - ks->kdf.salt, - sizeof(ks->kdf.salt), - ks->kdf.time, - ks->kdf.memory, - ks->kdf.cpus, - &pbkdf2_key, - ks->area.key_size) != 0) + pwd, + pwd_size, + ks->kdf.salt, + sizeof(ks->kdf.salt), + ks->kdf.time, + ks->kdf.memory, + ks->kdf.cpus, + &pbkdf2_key, + ks->area.key_size) != 0) { RAISE(VIC_ARGON2I_FAILED); } } - if (vic_afsplit( - ks->af.hash, - key, - ks->key_size, - ks->af.stripes, - plain) != 0) + if (vic_afsplit(ks->af.hash, key, ks->key_size, ks->af.stripes, plain) != 0) { RAISE(VIC_AFSPLIT_FAILED); } /* Encrypt the stripes */ if (_encrypt( - ks->area.encryption, - ks->area.key_size, - &pbkdf2_key, - plain, - cipher, - ks->area.size, - 0) != 0) + ks->area.encryption, + ks->area.key_size, + &pbkdf2_key, + plain, + cipher, + ks->area.size, + 0) != 0) { RAISE(VIC_ENCRYPT_FAILED); } @@ -3267,11 +3211,7 @@ vic_result_t luks2_format( RAISE(VIC_FAILED); /* Write the primary JSON area */ - if (_write_json_area( - dev, - &ext->phdr, - ext->json_data, - ext->json_size) != 0) + if (_write_json_area(dev, &ext->phdr, ext->json_data, ext->json_size) != 0) { RAISE(VIC_FAILED); } @@ -3293,11 +3233,11 @@ vic_result_t luks2_format( size_t hash_size; if (_calculate_csum( - &ext->shdr, - ext->json_data, - ext->json_size, - &hash, - &hash_size) != 0) + &ext->shdr, + ext->json_data, + ext->json_size, + &hash, + &hash_size) != 0) { GOTO(done); } @@ -3312,11 +3252,7 @@ vic_result_t luks2_format( } /* Write the secondary JSON area (identical to the first) */ - if (_write_json_area( - dev, - &ext->shdr, - ext->json_data, - ext->json_size) != 0) + if (_write_json_area(dev, &ext->shdr, ext->json_data, ext->json_size) != 0) { RAISE(VIC_FAILED); } @@ -3346,12 +3282,7 @@ vic_result_t luks2_format( snprintf(dmpath, sizeof(dmpath), "/dev/mapper/%s", name_dif); CHECK(_open_integrity_luks2_device( - dev, - ext, - name, - dmpath, - master_key, - master_key_bytes)); + dev, ext, name, dmpath, master_key, master_key_bytes)); snprintf(dmpath, sizeof(dmpath), "/dev/mapper/%s", name); @@ -3414,11 +3345,11 @@ static vic_result_t _write_hdr(vic_blockdev_t* dev, luks2_ext_hdr_t* ext) size_t hash_size; if (_calculate_csum( - &ext->phdr, - ext->json_data, - ext->json_size, - &hash, - &hash_size) != 0) + &ext->phdr, + ext->json_data, + ext->json_size, + &hash, + &hash_size) != 0) { GOTO(done); } @@ -3433,11 +3364,7 @@ static vic_result_t _write_hdr(vic_blockdev_t* dev, luks2_ext_hdr_t* ext) } /* Write the primary JSON area */ - if (_write_json_area( - dev, - &ext->phdr, - ext->json_data, - ext->json_size) != 0) + if (_write_json_area(dev, &ext->phdr, ext->json_data, ext->json_size) != 0) { RAISE(VIC_FAILED); } @@ -3453,11 +3380,11 @@ static vic_result_t _write_hdr(vic_blockdev_t* dev, luks2_ext_hdr_t* ext) size_t hash_size; if (_calculate_csum( - &ext->shdr, - ext->json_data, - ext->json_size, - &hash, - &hash_size) != 0) + &ext->shdr, + ext->json_data, + ext->json_size, + &hash, + &hash_size) != 0) { GOTO(done); } @@ -3472,11 +3399,7 @@ static vic_result_t _write_hdr(vic_blockdev_t* dev, luks2_ext_hdr_t* ext) } /* Write the secondary JSON area (identical to the first) */ - if (_write_json_area( - dev, - &ext->shdr, - ext->json_data, - ext->json_size) != 0) + if (_write_json_area(dev, &ext->shdr, ext->json_data, ext->json_size) != 0) { RAISE(VIC_FAILED); } @@ -3528,12 +3451,11 @@ vic_result_t luks2_add_key( RAISE(VIC_HEADER_READ_FAILED); /* Use password to find the master key */ - CHECK(_find_key_by_pwd(dev, ext, pwd, pwd_size, &key, &key_size, - &index)); + CHECK(_find_key_by_pwd(dev, ext, pwd, pwd_size, &key, &key_size, &index)); /* The area key excludes the integrity key suffix (if any) */ - area_key_size = key_size - vic_integrity_key_size( - ext->segments[0].integrity.type); + area_key_size = + key_size - vic_integrity_key_size(ext->segments[0].integrity.type); if (!keyslot_cipher) keyslot_cipher = ext->keyslots[index].area.encryption; @@ -3544,17 +3466,17 @@ vic_result_t luks2_add_key( RAISE(VIC_OUT_OF_KEYSLOTS); if (_init_keyslot( - &ext->keyslots[index], - keyslot_cipher, - key_size, - area_key_size, - kdf_type, - kdf->hash, - kdf->iterations, - kdf->time, - kdf->memory, - kdf->cpus, - index) != 0) + &ext->keyslots[index], + keyslot_cipher, + key_size, + area_key_size, + kdf_type, + kdf->hash, + kdf->iterations, + kdf->time, + kdf->memory, + kdf->cpus, + index) != 0) { RAISE(VIC_FAILED); } @@ -3570,8 +3492,8 @@ vic_result_t luks2_add_key( { const luks2_keyslot_t* ks = &ext->keyslots[index]; - CHECK(_generate_key_material(ext, ks, &key, new_pwd, new_pwd_size, - &data)); + CHECK(_generate_key_material( + ext, ks, &key, new_pwd, new_pwd_size, &data)); if (_write_key_material(dev, ks, data) != 0) RAISE(VIC_KEY_MATERIAL_WRITE_FAILED); @@ -3625,8 +3547,8 @@ vic_result_t luks2_add_key_by_master_key( RAISE(VIC_HEADER_READ_FAILED); /* The area key excludes the integrity key suffix (if any) */ - area_key_size = master_key_bytes - vic_integrity_key_size( - ext->segments[0].integrity.type); + area_key_size = master_key_bytes - + vic_integrity_key_size(ext->segments[0].integrity.type); /* Add a new key slot */ { @@ -3634,17 +3556,17 @@ vic_result_t luks2_add_key_by_master_key( RAISE(VIC_OUT_OF_KEYSLOTS); if (_init_keyslot( - &ext->keyslots[index], - keyslot_cipher, - master_key_bytes, - area_key_size, - kdf_type, - kdf->hash, - kdf->iterations, - kdf->time, - kdf->memory, - kdf->cpus, - index) != 0) + &ext->keyslots[index], + keyslot_cipher, + master_key_bytes, + area_key_size, + kdf_type, + kdf->hash, + kdf->iterations, + kdf->time, + kdf->memory, + kdf->cpus, + index) != 0) { RAISE(VIC_FAILED); } @@ -3660,8 +3582,8 @@ vic_result_t luks2_add_key_by_master_key( { const luks2_keyslot_t* ks = &ext->keyslots[index]; - CHECK(_generate_key_material( - ext, ks, master_key, pwd, pwd_size, &data)); + CHECK( + _generate_key_material(ext, ks, master_key, pwd, pwd_size, &data)); if (_write_key_material(dev, ks, data) != 0) RAISE(VIC_KEY_MATERIAL_WRITE_FAILED); diff --git a/src/vicsetup/libvicsetup/luks2.h b/src/vicsetup/libvicsetup/luks2.h index eeeea4a3e..0f559894a 100644 --- a/src/vicsetup/libvicsetup/luks2.h +++ b/src/vicsetup/libvicsetup/luks2.h @@ -1,14 +1,14 @@ #ifndef _VIC_LUKS2_H #define _VIC_LUKS2_H -#include -#include #include +#include +#include -#include "vic.h" -#include "lukscommon.h" #include "defs.h" #include "hash.h" +#include "lukscommon.h" +#include "vic.h" #define LUKS2_LABEL_SIZE 48 #define LUKS2_SALT_SIZE 64 @@ -18,22 +18,21 @@ VIC_PACK_BEGIN typedef struct luks2_hdr { - char magic[LUKS_MAGIC_SIZE]; /* LUKS2_MAGIC_1ST or LUKS2_MAGIC_2ND */ - uint16_t version; /* Version 2 */ - uint64_t hdr_size; /* size including JSON area [ bytes ] */ - uint64_t seqid; /* sequence ID , increased on update */ - char label[LUKS2_LABEL_SIZE]; /* ASCII label or empty */ + char magic[LUKS_MAGIC_SIZE]; /* LUKS2_MAGIC_1ST or LUKS2_MAGIC_2ND */ + uint16_t version; /* Version 2 */ + uint64_t hdr_size; /* size including JSON area [ bytes ] */ + uint64_t seqid; /* sequence ID , increased on update */ + char label[LUKS2_LABEL_SIZE]; /* ASCII label or empty */ char csum_alg[LUKS2_CSUM_ALG_SIZE]; /* checksum algorithm , "sha256" */ - uint8_t salt[LUKS2_SALT_SIZE]; /* salt , unique for every header */ - char uuid[VIC_UUID_STRING_SIZE]; /* UUID of device */ - char subsystem[LUKS2_LABEL_SIZE]; /* owner subsystem label or empty */ - uint64_t hdr_offset; /* offset from device start [bytes] */ - char _padding[184]; /* must be zeroed */ - uint8_t csum[LUKS2_CSUM_SIZE]; /* header checksum */ - char _padding4096[7*512]; /* Padding , must be zeroed */ + uint8_t salt[LUKS2_SALT_SIZE]; /* salt , unique for every header */ + char uuid[VIC_UUID_STRING_SIZE]; /* UUID of device */ + char subsystem[LUKS2_LABEL_SIZE]; /* owner subsystem label or empty */ + uint64_t hdr_offset; /* offset from device start [bytes] */ + char _padding[184]; /* must be zeroed */ + uint8_t csum[LUKS2_CSUM_SIZE]; /* header checksum */ + char _padding4096[7 * 512]; /* Padding , must be zeroed */ /* luks2_ext_hdr follows */ -} -luks2_hdr_t; +} luks2_hdr_t; VIC_PACK_END VIC_STATIC_ASSERT(sizeof(luks2_hdr_t) == 4096); @@ -64,15 +63,13 @@ typedef struct luks2_keyslot uint64_t time; uint64_t memory; uint64_t cpus; - } - kdf; + } kdf; struct { char type[LUKS2_TYPE_SIZE]; char hash[VIC_HASH_SPEC_SIZE]; uint64_t stripes; - } - af; + } af; struct { char type[LUKS2_TYPE_SIZE]; @@ -80,10 +77,8 @@ typedef struct luks2_keyslot uint64_t key_size; uint64_t offset; uint64_t size; - } - area; -} -luks2_keyslot_t; + } area; +} luks2_keyslot_t; typedef struct luks2_segment { @@ -111,10 +106,8 @@ typedef struct luks2_segment char type[LUKS2_INTEGRITY_SIZE]; char journal_encryption[LUKS2_ENCRYPTION_SIZE]; char journal_integrity[LUKS2_INTEGRITY_SIZE]; - } - integrity; -} -luks2_segment_t; + } integrity; +} luks2_segment_t; typedef struct luks2_digest { @@ -135,15 +128,13 @@ typedef struct luks2_digest uint8_t salt[LUKS_SALT_SIZE]; uint8_t digest[LUKS2_DIGEST_SIZE]; -} -luks2_digest_t; +} luks2_digest_t; typedef struct luks2_config { uint64_t json_size; uint64_t keyslots_size; -} -luks2_config_t; +} luks2_config_t; typedef struct _luks2_ext_hdr { @@ -162,8 +153,7 @@ typedef struct _luks2_ext_hdr /* JSON script (associated with primary header) */ size_t json_size; char json_data[]; -} -luks2_ext_hdr_t; +} luks2_ext_hdr_t; VIC_STATIC_ASSERT(sizeof(luks2_hdr_t) == 4096); diff --git a/src/vicsetup/libvicsetup/lukscommon.h b/src/vicsetup/libvicsetup/lukscommon.h index 93b5a3928..b200ff5e5 100644 --- a/src/vicsetup/libvicsetup/lukscommon.h +++ b/src/vicsetup/libvicsetup/lukscommon.h @@ -1,14 +1,20 @@ #ifndef _VIC_LUKSCOMMON_H #define _VIC_LUKSCOMMON_H -#include #include +#include #include "uuid.h" #define LUKS_VERSION_1 1 #define LUKS_VERSION_2 2 -#define LUKS_MAGIC_1ST { 'L', 'U', 'K', 'S', 0xba, 0xbe } -#define LUKS_MAGIC_2ND { 'S', 'K', 'U', 'L', 0xba, 0xbe } +#define LUKS_MAGIC_1ST \ + { \ + 'L', 'U', 'K', 'S', 0xba, 0xbe \ + } +#define LUKS_MAGIC_2ND \ + { \ + 'S', 'K', 'U', 'L', 0xba, 0xbe \ + } #define LUKS_MAGIC_SIZE 6 #define VIC_HASH_SPEC_SIZE 32 #define LUKS_SALT_SIZE 32 @@ -26,8 +32,7 @@ typedef struct vic_luks_hdr uint8_t padding1[160]; char uuid[VIC_UUID_STRING_SIZE]; uint8_t padding2[304]; -} -vic_luks_hdr_t; +} vic_luks_hdr_t; int vic_luks_read_hdr(vic_blockdev_t* device, vic_luks_hdr_t* hdr); diff --git a/src/vicsetup/libvicsetup/raise.h b/src/vicsetup/libvicsetup/raise.h index 9d1d4598d..6bd1735aa 100644 --- a/src/vicsetup/libvicsetup/raise.h +++ b/src/vicsetup/libvicsetup/raise.h @@ -1,11 +1,11 @@ #ifndef _VIC_RAISE_H #define _VIC_RAISE_H -#include #include +#include -#include "vic.h" #include "trace.h" +#include "vic.h" #define RAISE(RAISE) \ do \ @@ -14,8 +14,7 @@ __raise(__FILE__, __LINE__, __FUNCTION__, result); \ fflush(stdout); \ goto done; \ - } \ - while (0) + } while (0) #define CHECK(RAISE) \ do \ @@ -27,8 +26,7 @@ __raise(__FILE__, __LINE__, __FUNCTION__, result); \ goto done; \ } \ - } \ - while (0) + } while (0) static __inline__ void __raise( const char* file, diff --git a/src/vicsetup/libvicsetup/strings.h b/src/vicsetup/libvicsetup/strings.h index 0bab4b971..b04c62cbb 100644 --- a/src/vicsetup/libvicsetup/strings.h +++ b/src/vicsetup/libvicsetup/strings.h @@ -1,10 +1,10 @@ #ifndef _VIC_STRINGS_H #define _VIC_STRINGS_H -#include "vic.h" -#include "defs.h" -#include #include +#include +#include "defs.h" +#include "vic.h" size_t vic_strlcpy(char* dest, const char* src, size_t size); diff --git a/src/vicsetup/libvicsetup/trace.c b/src/vicsetup/libvicsetup/trace.c index aa39a60f4..f024c036d 100644 --- a/src/vicsetup/libvicsetup/trace.c +++ b/src/vicsetup/libvicsetup/trace.c @@ -1,5 +1,5 @@ -#include #include "trace.h" +#include static uint32_t _level; diff --git a/src/vicsetup/libvicsetup/trace.h b/src/vicsetup/libvicsetup/trace.h index ce71a9611..901a16546 100644 --- a/src/vicsetup/libvicsetup/trace.h +++ b/src/vicsetup/libvicsetup/trace.h @@ -14,8 +14,7 @@ typedef enum vic_trace_level VIC_TRACE_ERROR = 2, VIC_TRACE_WARNING = 3, VIC_TRACE_DEBUG = 4, -} -vic_trace_level_t; +} vic_trace_level_t; void vic_trace_set_level(uint32_t level); @@ -43,12 +42,11 @@ VIC_INLINE void __vic_trace( va_end(ap); } -#define TRACE \ - do \ - { \ +#define TRACE \ + do \ + { \ printf("TRACE: %s(%u): %s()\n", __FILE__, __LINE__, __FUNCTION__); \ - fflush(stdout); \ - } \ - while (0) + fflush(stdout); \ + } while (0) #endif /* _VIC_TRACE_H */ diff --git a/src/vicsetup/libvicsetup/uuid.c b/src/vicsetup/libvicsetup/uuid.c index 53bcfa0d5..1dbb6b714 100644 --- a/src/vicsetup/libvicsetup/uuid.c +++ b/src/vicsetup/libvicsetup/uuid.c @@ -1,11 +1,11 @@ #include "uuid.h" #include -#include #include +#include -#include "defs.h" #include "crypto.h" +#include "defs.h" void vic_uuid_generate(char uuid[VIC_UUID_STRING_SIZE]) { @@ -96,7 +96,9 @@ void vic_uuid_bin2str( if (binary && str) { /* example: 6ef272c7-663b-4655-b80b-8dd369021a3a */ - snprintf(str, VIC_UUID_STRING_SIZE, + snprintf( + str, + VIC_UUID_STRING_SIZE, "%02x%02x%02x%02x-" "%02x%02x-" "%02x%02x-" diff --git a/src/vicsetup/libvicsetup/vec.h b/src/vicsetup/libvicsetup/vec.h index 541ec1d12..6df9e1317 100644 --- a/src/vicsetup/libvicsetup/vec.h +++ b/src/vicsetup/libvicsetup/vec.h @@ -7,7 +7,6 @@ typedef struct _vic_vec { void* data; size_t size; -} -vic_vec_t; +} vic_vec_t; #endif /* _VIC_VEC_H */ diff --git a/src/vicsetup/libvicsetup/verity.c b/src/vicsetup/libvicsetup/verity.c index 995970a23..43dcbff9b 100644 --- a/src/vicsetup/libvicsetup/verity.c +++ b/src/vicsetup/libvicsetup/verity.c @@ -1,22 +1,22 @@ #include "verity.h" +#include +#include #include +#include #include -#include #include -#include +#include #include -#include -#include -#include "vic.h" -#include "uuid.h" -#include "hexdump.h" +#include "crypto.h" +#include "dm.h" #include "hash.h" +#include "hexdump.h" #include "raise.h" -#include "crypto.h" #include "round.h" -#include "dm.h" +#include "uuid.h" +#include "vic.h" #define MIN_HASH_FILE_SIZE 4096 #define MIN_BLKSZ 512 @@ -277,7 +277,7 @@ vic_result_t vic_verity_format( if (need_superblock) write_offset += blksz; - num_to_read = nnodes[i-1]; + num_to_read = nnodes[i - 1]; num_to_write = nnodes[i]; /* For each interior node at this level */ @@ -495,12 +495,12 @@ vic_result_t vic_verity_dump(vic_blockdev_t* hash_dev) RAISE(VIC_UNEXPECTED); if (vic_hash2( - htype, - sb.salt, - sb.salt_size, - hash_block, - sb.hash_block_size, - &h) != 0) + htype, + sb.salt, + sb.salt_size, + hash_block, + sb.hash_block_size, + &h) != 0) { RAISE(VIC_UNEXPECTED); } diff --git a/src/vicsetup/libvicsetup/verity.h b/src/vicsetup/libvicsetup/verity.h index bea65af70..9b5ed2a48 100644 --- a/src/vicsetup/libvicsetup/verity.h +++ b/src/vicsetup/libvicsetup/verity.h @@ -11,7 +11,7 @@ VIC_PACK_BEGIN typedef struct _vic_verity_sb { /* (0) "verity\0\0" */ - uint8_t signature[8]; + uint8_t signature[8]; /* (8) superblock version, 1 */ uint32_t version; @@ -38,15 +38,14 @@ typedef struct _vic_verity_sb uint16_t salt_size; /* (82) Padding */ - uint8_t _pad1[6]; + uint8_t _pad1[6]; /* (88) The salt */ - uint8_t salt[VIC_VERITY_MAX_SALT_SIZE]; + uint8_t salt[VIC_VERITY_MAX_SALT_SIZE]; /* Padding */ - uint8_t _pad2[168]; -} -vic_verity_sb_t; + uint8_t _pad2[168]; +} vic_verity_sb_t; VIC_PACK_END VIC_STATIC_ASSERT(sizeof(vic_verity_sb_t) == 512); diff --git a/src/vicsetup/tests/blockdev/main.c b/src/vicsetup/tests/blockdev/main.c index f4ab9f4da..ecce025c9 100644 --- a/src/vicsetup/tests/blockdev/main.c +++ b/src/vicsetup/tests/blockdev/main.c @@ -1,10 +1,10 @@ +#include +#include #include #include +#include #include #include -#include -#include -#include #include "../../libvicsetup/hexdump.h" static bool _check_block_size(vic_blockdev_t* bd, size_t n) diff --git a/src/vicsetup/vicsetup/main.c b/src/vicsetup/vicsetup/main.c index cc43a0307..3110dd212 100644 --- a/src/vicsetup/vicsetup/main.c +++ b/src/vicsetup/vicsetup/main.c @@ -1,36 +1,35 @@ -#include #include #include #include #include #include -#include "../libvicsetup/hexdump.h" -#include "../libvicsetup/verity.h" +#include #include "../libvicsetup/crypto.h" -#include "../libvicsetup/lukscommon.h" +#include "../libvicsetup/hexdump.h" #include "../libvicsetup/include/libcryptsetup.h" +#include "../libvicsetup/lukscommon.h" #include "../libvicsetup/trace.h" -#include "../libvicsetup/crypto.h" +#include "../libvicsetup/verity.h" -#define USAGE \ - "\n" \ - "Usage: %s ...\n" \ - "\n" \ - "actions:\n" \ - " luksDump\n" \ - " luksFormat\n" \ - " luksGetMasterKey\n" \ - " luksAddKey\n" \ - " luksChangeKey\n" \ - " luksRemoveKey\n" \ - " luksOpen\n" \ - " luksOpenByKey\n" \ - " luksClose\n" \ - " verityDump\n" \ - " verityFormat\n" \ - " verityOpen\n" \ +#define USAGE \ + "\n" \ + "Usage: %s ...\n" \ + "\n" \ + "actions:\n" \ + " luksDump\n" \ + " luksFormat\n" \ + " luksGetMasterKey\n" \ + " luksAddKey\n" \ + " luksChangeKey\n" \ + " luksRemoveKey\n" \ + " luksOpen\n" \ + " luksOpenByKey\n" \ + " luksClose\n" \ + " verityDump\n" \ + " verityFormat\n" \ + " verityOpen\n" \ " cryptsetupLuksFormat\n" \ - " veritysetupOpen\n" \ + " veritysetupOpen\n" \ "\n" static const char* arg0; @@ -39,8 +38,7 @@ void vic_hexdump_formatted(const void* data, size_t size); void vic_hexdump_indent(const void* data, size_t size, size_t indent); -__attribute__((format(printf, 1, 2))) -static void err(const char* fmt, ...) +__attribute__((format(printf, 1, 2))) static void err(const char* fmt, ...) { va_list ap; @@ -53,11 +51,7 @@ static void err(const char* fmt, ...) exit(1); } -int get_opt( - int* argc, - const char* argv[], - const char* opt, - const char** optarg) +int get_opt(int* argc, const char* argv[], const char* opt, const char** optarg) { size_t olen = strlen(opt); @@ -67,8 +61,7 @@ int get_opt( if (!opt) err("unexpected"); - - for (int i = 0; i < *argc; ) + for (int i = 0; i < *argc;) { if (strcmp(argv[i], opt) == 0) { @@ -77,14 +70,15 @@ int get_opt( if (i + 1 == *argc) err("%s: missing option argument", opt); - *optarg = argv[i+1]; - memmove(&argv[i], &argv[i+2], (*argc - i - 1) * sizeof(char*)); + *optarg = argv[i + 1]; + memmove( + &argv[i], &argv[i + 2], (*argc - i - 1) * sizeof(char*)); (*argc) -= 2; return 0; } else { - memmove(&argv[i], &argv[i+1], (*argc - i) * sizeof(char*)); + memmove(&argv[i], &argv[i + 1], (*argc - i) * sizeof(char*)); (*argc)--; return 0; } @@ -95,7 +89,7 @@ int get_opt( err("%s: extraneous '='", opt); *optarg = &argv[i][olen + 1]; - memmove(&argv[i], &argv[i+1], (*argc - i) * sizeof(char*)); + memmove(&argv[i], &argv[i + 1], (*argc - i) * sizeof(char*)); (*argc)--; return 0; } @@ -150,12 +144,14 @@ static int luksDump(int argc, const char* argv[]) if (argc != 3) { - fprintf(stderr, + fprintf( + stderr, "Usage: %s %s \n" "OPTIONS:\n" " --dump-payload\n" "\n", - argv[0], argv[1]); + argv[0], + argv[1]); exit(1); } @@ -282,7 +278,8 @@ static int luksFormat(int argc, const char* argv[]) /* Check usage */ if (argc != 4) { - fprintf(stderr, + fprintf( + stderr, "Usage: %s %s [OPTIONS] \n" "OPTIONS:\n" " --luks1\n" @@ -320,34 +317,33 @@ static int luksFormat(int argc, const char* argv[]) } if ((r = vic_luks_format( - dev, - version, - cipher, - uuid, - hash, - mk_iterations, - key, - key_size, - integrity)) != VIC_OK) + dev, + version, + cipher, + uuid, + hash, + mk_iterations, + key, + key_size, + integrity)) != VIC_OK) { err("%s() failed: %s\n", argv[1], vic_result_string(r)); } - vic_kdf_t kdf = - { + vic_kdf_t kdf = { .iterations = slot_iterations, .memory = pbkdf_memory, }; if ((r = vic_luks_add_key_by_master_key( - dev, - keyslot_cipher, - "pbkdf2", - &kdf, - key, - key_size, - pwd, - strlen(pwd))) != VIC_OK) + dev, + keyslot_cipher, + "pbkdf2", + &kdf, + key, + key_size, + pwd, + strlen(pwd))) != VIC_OK) { err("%s() failed: %s\n", argv[1], vic_result_string(r)); } @@ -439,7 +435,8 @@ static int cryptsetupLuksFormat(int argc, const char* argv[]) /* Check usage */ if (argc != 4) { - fprintf(stderr, + fprintf( + stderr, "Usage: %s %s [OPTIONS] \n" "OPTIONS:\n" " --luks1\n" @@ -482,8 +479,7 @@ static int cryptsetupLuksFormat(int argc, const char* argv[]) if (!type || strcmp(type, CRYPT_LUKS1) == 0) { - struct crypt_params_luks1 params = - { + struct crypt_params_luks1 params = { .hash = "sha256", }; @@ -491,70 +487,64 @@ static int cryptsetupLuksFormat(int argc, const char* argv[]) params.hash = hash; if ((r = crypt_format( - cd, - CRYPT_LUKS1, - cipher, - cipher_mode, - NULL, - (const char*)key, - key_size, - ¶ms)) != 0) + cd, + CRYPT_LUKS1, + cipher, + cipher_mode, + NULL, + (const char*)key, + key_size, + ¶ms)) != 0) { err("crypt_format() failed: %d %s\n", r, strerror(r)); } if ((r = crypt_keyslot_add_by_key( - cd, - CRYPT_ANY_SLOT, - NULL, /* volume_key */ - 0, /* volume_key_size */ - pwd, - strlen(pwd), - 0)) != 0) /* flags */ + cd, + CRYPT_ANY_SLOT, + NULL, /* volume_key */ + 0, /* volume_key_size */ + pwd, + strlen(pwd), + 0)) != 0) /* flags */ { err("crypt_keyslot_add_by_key() failed: %d %s\n", r, strerror(r)); } } else if (strcmp(type, CRYPT_LUKS2) == 0) { - struct crypt_pbkdf_type pbkdf = - { - .type = pbkdf_type, - .hash = hash, - .iterations = slot_iterations, - .time_ms = iter_time, - .max_memory_kb = pbkdf_memory, - .parallel_threads = pbkdf_parallel, - .flags = CRYPT_PBKDF_NO_BENCHMARK - }; - struct crypt_params_luks2 params = - { - .sector_size = VIC_SECTOR_SIZE, - .pbkdf = &pbkdf, - .integrity = integrity - }; + struct crypt_pbkdf_type pbkdf = {.type = pbkdf_type, + .hash = hash, + .iterations = slot_iterations, + .time_ms = iter_time, + .max_memory_kb = pbkdf_memory, + .parallel_threads = pbkdf_parallel, + .flags = CRYPT_PBKDF_NO_BENCHMARK}; + struct crypt_params_luks2 params = {.sector_size = VIC_SECTOR_SIZE, + .pbkdf = &pbkdf, + .integrity = integrity}; if ((r = crypt_format( - cd, - CRYPT_LUKS2, - cipher, - cipher_mode, - NULL, /* uuid */ - (const char*)key, /* volume_key */ - key_size, /* volume_key_size */ - ¶ms)) != 0) + cd, + CRYPT_LUKS2, + cipher, + cipher_mode, + NULL, /* uuid */ + (const char*)key, /* volume_key */ + key_size, /* volume_key_size */ + ¶ms)) != 0) { err("crypt_format() failed: %d %s\n", r, strerror(r)); } if ((r = crypt_keyslot_add_by_key( - cd, - CRYPT_ANY_SLOT, - NULL, /* volume_key */ - 0, /* volume_key_size */ - pwd, - strlen(pwd), - 0)) != 0) /* flags */ + cd, + CRYPT_ANY_SLOT, + NULL, /* volume_key */ + 0, /* volume_key_size */ + pwd, + strlen(pwd), + 0)) != 0) /* flags */ { err("crypt_keyslot_add_by_key() failed: %d %s\n", r, strerror(r)); } @@ -590,7 +580,8 @@ static int veritysetupOpen(int argc, const char* argv[]) /* Check usage */ if (argc != 6) { - fprintf(stderr, + fprintf( + stderr, "Usage: %s %s \n" "\n", argv[0], @@ -606,8 +597,7 @@ static int veritysetupOpen(int argc, const char* argv[]) if (crypt_init(&cd, datafile_opt) != 0) err("crypt_init() failed: %s", datafile_opt); - struct crypt_params_verity params = - { + struct crypt_params_verity params = { .data_device = datafile_opt, .hash_device = hashfile_opt, .data_size = data_size / data_block_size, @@ -631,11 +621,11 @@ static int veritysetupOpen(int argc, const char* argv[]) } if (crypt_activate_by_volume_key( - cd, - name_opt, - (const char*)root_hash, - root_hash_size, - CRYPT_ACTIVATE_READONLY) != 0) + cd, + name_opt, + (const char*)root_hash, + root_hash_size, + CRYPT_ACTIVATE_READONLY) != 0) { err("crypt_activate_by_volume_key() failed"); } @@ -657,7 +647,8 @@ static int luksGetMasterKey(int argc, const char* argv[]) /* Check usage */ if (argc != 4) { - fprintf(stderr, + fprintf( + stderr, "Usage: %s %s \n" "\n", argv[0], @@ -672,11 +663,7 @@ static int luksGetMasterKey(int argc, const char* argv[]) err("cannot open %s\n", luksfile); if ((r = vic_luks_recover_master_key( - dev, - pwd, - strlen(pwd), - &key, - &key_size)) != VIC_OK) + dev, pwd, strlen(pwd), &key, &key_size)) != VIC_OK) { err("%s() failed: %s\n", argv[1], vic_result_string(r)); } @@ -712,7 +699,8 @@ static int luksAddKey(int argc, const char* argv[]) /* Check usage */ if (argc != 5) { - fprintf(stderr, + fprintf( + stderr, "Usage: %s %s \n" "OPTIONS:\n" " --keyslot-cipher \n" @@ -732,21 +720,20 @@ static int luksAddKey(int argc, const char* argv[]) if (vic_blockdev_open(luksfile, VIC_RDWR, 0, &dev) != VIC_OK) err("cannot open %s\n", luksfile); - vic_kdf_t kdf = - { + vic_kdf_t kdf = { .iterations = slot_iterations, .memory = pbkdf_memory, }; if ((r = vic_luks_add_key( - dev, - keyslot_cipher, - pbkdf, - &kdf, - pwd, - strlen(pwd), - new_pwd, - strlen(new_pwd))) != VIC_OK) + dev, + keyslot_cipher, + pbkdf, + &kdf, + pwd, + strlen(pwd), + new_pwd, + strlen(new_pwd))) != VIC_OK) { err("%s() failed: %s\n", argv[1], vic_result_string(r)); } @@ -764,7 +751,8 @@ static int luksChangeKey(int argc, const char* argv[]) /* Check usage */ if (argc != 5) { - fprintf(stderr, + fprintf( + stderr, "Usage: %s %s \n" "\n", argv[0], @@ -780,11 +768,8 @@ static int luksChangeKey(int argc, const char* argv[]) err("cannot open %s\n", luksfile); if ((r = vic_luks_change_key( - dev, - old_pwd, - strlen(old_pwd), - new_pwd, - strlen(new_pwd))) != VIC_OK) + dev, old_pwd, strlen(old_pwd), new_pwd, strlen(new_pwd))) != + VIC_OK) { err("%s() failed: %s\n", argv[1], vic_result_string(r)); } @@ -802,7 +787,8 @@ static int luksRemoveKey(int argc, const char* argv[]) /* Check usage */ if (argc != 4) { - fprintf(stderr, + fprintf( + stderr, "Usage: %s %s \n" "\n", argv[0], @@ -836,7 +822,8 @@ static int luksOpen(int argc, const char* argv[]) /* Check usage */ if (argc != 5) { - fprintf(stderr, + fprintf( + stderr, "Usage: %s %s \n" "\n", argv[0], @@ -852,11 +839,7 @@ static int luksOpen(int argc, const char* argv[]) err("cannot open %s\n", luksfile); if ((r = vic_luks_recover_master_key( - dev, - pwd, - strlen(pwd), - &key, - &key_size)) != VIC_OK) + dev, pwd, strlen(pwd), &key, &key_size)) != VIC_OK) { err("%s() failed: %s\n", argv[1], vic_result_string(r)); } @@ -878,7 +861,8 @@ static int luksOpenByKey(int argc, const char* argv[]) /* Check usage */ if (argc != 5) { - fprintf(stderr, + fprintf( + stderr, "Usage: %s %s \n" "\n", argv[0], @@ -906,7 +890,8 @@ static int luksClose(int argc, const char* argv[]) /* Check usage */ if (argc != 3) { - fprintf(stderr, + fprintf( + stderr, "Usage: %s %s \n" "\n", argv[0], @@ -929,7 +914,8 @@ static int verityClose(int argc, const char* argv[]) /* Check usage */ if (argc != 3) { - fprintf(stderr, + fprintf( + stderr, "Usage: %s %s \n" "\n", argv[0], @@ -973,7 +959,8 @@ static int verityDump(int argc, const char* argv[]) /* Check usage */ if (argc != 3) { - fprintf(stderr, + fprintf( + stderr, "Usage: %s %s \n" "\n", argv[0], @@ -1034,7 +1021,8 @@ static int verityFormat(int argc, const char* argv[]) /* Check usage */ if (argc != 4) { - fprintf(stderr, + fprintf( + stderr, "Usage: %s %s \n" "OPTIONS:\n" " --salt \n" @@ -1075,17 +1063,17 @@ static int verityFormat(int argc, const char* argv[]) err("cannot open hash file: %s\n", hashfile); if ((r = vic_verity_format( - data_dev, - hash_dev, - hash_opt, - uuid_opt, - salt, - salt_size, - need_superblock, - data_block_size, - hash_block_size, - root_hash, - &root_hash_size)) != 0) + data_dev, + hash_dev, + hash_opt, + uuid_opt, + salt, + salt_size, + need_superblock, + data_block_size, + hash_block_size, + root_hash, + &root_hash_size)) != 0) { err("verityFormat: failed: r=%u: %s\n", r, vic_result_string(r)); } @@ -1107,7 +1095,8 @@ static int verityOpen(int argc, const char* argv[]) /* Check usage */ if (argc != 6) { - fprintf(stderr, + fprintf( + stderr, "Usage: %s %s \n" "\n", argv[0], @@ -1136,11 +1125,8 @@ static int verityOpen(int argc, const char* argv[]) err("cannot open hash file: %s\n", hashfile); if ((r = vic_verity_open( - name_opt, - data_dev, - hash_dev, - root_hash, - root_hash_size)) != VIC_OK) + name_opt, data_dev, hash_dev, root_hash, root_hash_size)) != + VIC_OK) { err("vic_verity_open() failed: %u: %s\n", r, vic_result_string(r)); } @@ -1160,7 +1146,8 @@ static int randomAction(int argc, const char* argv[]) /* Check usage */ if (argc != 3) { - fprintf(stderr, + fprintf( + stderr, "Usage: %s %s count\n" "\n", argv[0], @@ -1213,7 +1200,6 @@ int main(int argc, const char* argv[]) } } - if (argc < 2) { fprintf(stderr, USAGE, arg0); diff --git a/src/wireguard/wireguard_util.c b/src/wireguard/wireguard_util.c index 7351cf249..efa57bc6f 100644 --- a/src/wireguard/wireguard_util.c +++ b/src/wireguard/wireguard_util.c @@ -275,7 +275,7 @@ int wgu_add_peers( memset(&new_peers[i], 0, sizeof(new_peers[i])); new_peers[i].flags = WGPEER_HAS_PUBLIC_KEY | WGPEER_REPLACE_ALLOWEDIPS; - if ( (ret = wg_key_from_base64(new_peers[i].public_key, peer_cfg.key)) ) + if ((ret = wg_key_from_base64(new_peers[i].public_key, peer_cfg.key))) { goto err; } @@ -288,7 +288,8 @@ int wgu_add_peers( goto err; } - if (peers[i].endpoint && strlen(peers[i].endpoint) && !wgu_parse_endpoint(&new_peers[i].endpoint.addr, peer_cfg.endpoint)) + if (peers[i].endpoint && strlen(peers[i].endpoint) && + !wgu_parse_endpoint(&new_peers[i].endpoint.addr, peer_cfg.endpoint)) { ret = -EINVAL; goto err; @@ -297,7 +298,7 @@ int wgu_add_peers( for (int i = 0; i < num_peers; i++) { - if ( (ret = wgu_add_peer(dev, &new_peers[i], set_device)) ) + if ((ret = wgu_add_peer(dev, &new_peers[i], set_device))) return ret; }