From c867c64aa9297e935d4c4a1d7c45430d01306e58 Mon Sep 17 00:00:00 2001 From: Timothy Pearson Date: Sun, 6 Sep 2015 19:14:40 -0500 Subject: Add initial LUKS key management support --- CMakeLists.txt | 58 ++++-- tdecore/tdehw/CMakeLists.txt | 6 + tdecore/tdehw/tdestoragedevice.cpp | 186 ++++++++++++++++++- tdecore/tdehw/tdestoragedevice.h | 370 +++++++++++++++++++++++++------------ 4 files changed, 485 insertions(+), 135 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 0560e7b44..96b72e0b6 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -60,9 +60,9 @@ add_custom_target(install-apidox WORKING_DIRECTORY "${CMAKE_SOURCE_DIR}/cmake/") -##### user requested options #################### +##### user requested OPTIONs #################### -OPTION( WITH_ALL_OPTIONS "Enable all optional support" OFF ) +OPTION( WITH_ALL_OPTIONS "Enable all OPTIONal support" OFF ) OPTION( TDE_MALLOC "Use own malloc implementation" OFF ) OPTION( TDE_MALLOC_DEBUG "Enable debugging in fast malloc" OFF ) @@ -85,19 +85,21 @@ OPTION( WITH_PCRE "Enable pcre regex support for kjs" ON ) OPTION( WITH_GCC_VISIBILITY "Enable fvisibility and fvisibility-inlines-hidden" ${WITH_ALL_OPTIONS} ) OPTION( WITH_INOTIFY "Enable inotify support for tdeio" ON ) OPTION( WITH_GAMIN "Enable FAM/GAMIN support" ${WITH_ALL_OPTIONS} ) -option( WITH_TDEHWLIB "Enable TDE hwlib globally" ON ) -option( WITH_TDEHWLIB_DAEMONS "Enable daemons for TDE hwlib" ${WITH_TDEHWLIB} ) -option( WITH_HAL "Enable HAL support" OFF ) -option( WITH_DEVKITPOWER "Enable DeviceKit Power support" OFF ) -option( WITH_LOGINDPOWER "Enable Logind/Systemd Power support" OFF ) -option( WITH_UPOWER "Enable uPower support" ${WITH_ALL_OPTIONS} ) -option( WITH_UDISKS "Enable uDisks support" ${WITH_ALL_OPTIONS} ) -option( WITH_UDISKS2 "Enable uDisks2 support" ${WITH_ALL_OPTIONS} ) -option( WITH_CONSOLEKIT "Enable ConsoleKit support" ${WITH_ALL_OPTIONS} ) +OPTION( WITH_TDEHWLIB "Enable TDE hwlib globally" ON ) +OPTION( WITH_TDEHWLIB_DAEMONS "Enable daemons for TDE hwlib" ${WITH_TDEHWLIB} ) +OPTION( WITH_HAL "Enable HAL support" OFF ) +OPTION( WITH_DEVKITPOWER "Enable DeviceKit Power support" OFF ) +OPTION( WITH_LOGINDPOWER "Enable Logind/Systemd Power support" OFF ) +OPTION( WITH_UPOWER "Enable uPower support" ${WITH_ALL_OPTIONS} ) +OPTION( WITH_UDISKS "Enable uDisks support" ${WITH_ALL_OPTIONS} ) +OPTION( WITH_UDISKS2 "Enable uDisks2 support" ${WITH_ALL_OPTIONS} ) +OPTION( WITH_CONSOLEKIT "Enable ConsoleKit support" ${WITH_ALL_OPTIONS} ) OPTION( WITH_NETWORK_MANAGER_BACKEND "Enable network-manager support" OFF ) OPTION( WITH_SUDO_TDESU_BACKEND "Use sudo as backend for tdesu (default is su)" OFF ) OPTION( WITH_OLD_XDG_STD "Use the pre R14.0.0 XDG standard where both TDE and KDE are recognized in desktop files" OFF ) -option( WITH_PCSC "Enable PC/SC SmartCard support" ${WITH_ALL_OPTIONS} ) +OPTION( WITH_PCSC "Enable PC/SC SmartCard support" ${WITH_ALL_OPTIONS} ) +OPTION( WITH_PKCS "Enable PKCS support" ${WITH_ALL_OPTIONS} ) +OPTION( WITH_CRYPTSETUP "Enable cryptsetup support" ${WITH_ALL_OPTIONS} ) OPTION( WITH_LZMA "Enable support for LZMA/XZ" ${WITH_ALL_OPTIONS} ) OPTION( WITH_LIBBFD "Enable pretty backtraces with libbfd from GNU binutils" OFF ) OPTION( WITH_XRANDR "Build the tderandr library" ON ) @@ -615,7 +617,7 @@ set( HAVE_LIBZ 1 ) find_package( BZip2 ) if( NOT BZIP2_FOUND ) - # FIXME I'm not sure if bzip2 are required; maybe is optional? + # FIXME I'm not sure if bzip2 are required; maybe is OPTIONal? message(FATAL_ERROR "\nbzip2 are required, but not found on your system" ) endif( NOT BZIP2_FOUND ) @@ -667,6 +669,36 @@ if( WITH_PCSC ) endif( WITH_PCSC ) +##### check for pkcs ############################ + +if( WITH_PKCS ) + pkg_search_module( LIBPKCS11-HELPER libpkcs11-helper-1 ) + if( NOT LIBPKCS11-HELPER_FOUND ) + message(FATAL_ERROR "\nPKCS support was requested, but libpkcs11-helper-1 was not found on your system" ) + endif( NOT LIBPKCS11-HELPER_FOUND ) + find_library( OPENSC_PKCS11_PROVIDER_LIBRARY NAMES opensc-pkcs11.so ) + if( OPENSC_PKCS11_PROVIDER_LIBRARY ) + set( OPENSC_PKCS11_PROVIDER_FOUND 1 ) + message( STATUS "Found OpenSC PKCS11 provider: ${OPENSC_PKCS11_PROVIDER_LIBRARY}" ) + endif( OPENSC_PKCS11_PROVIDER_LIBRARY ) + if( NOT OPENSC_PKCS11_PROVIDER_FOUND ) + tde_message_fatal( "PKCS is requested, but not OpenSC PKCS11 provider was not found on your system" ) + endif( NOT OPENSC_PKCS11_PROVIDER_FOUND ) + set( HAVE_PKCS 1 ) +endif( ) + + +##### check for pkcs ############################ + +if( WITH_CRYPTSETUP ) + pkg_search_module( LIBCRYPTSETUP libcryptsetup ) + if( NOT LIBCRYPTSETUP_FOUND ) + message(FATAL_ERROR "\ncryptsetup support was requested, but libcryptsetup was not found on your system" ) + endif( NOT LIBCRYPTSETUP_FOUND ) + set( HAVE_CRYPTSETUP 1 ) +endif( ) + + ##### check for jpeg ############################ find_package( JPEG ) diff --git a/tdecore/tdehw/CMakeLists.txt b/tdecore/tdehw/CMakeLists.txt index 42e79ec25..f1ef68682 100644 --- a/tdecore/tdehw/CMakeLists.txt +++ b/tdecore/tdehw/CMakeLists.txt @@ -68,6 +68,12 @@ if( WITH_PKCS ) list( APPEND TDEHW_CUSTOM_LIBRARIES ${LIBPKCS11-HELPER_LIBRARIES} ) endif( ) +if( WITH_CRYPTSETUP ) + add_definitions( -DWITH_CRYPTSETUP ) + list( APPEND TDEHW_CUSTOM_INCLUDE_DIRS ${LIBCRYPTSETUP_INCLUDE_DIRS} ) + list( APPEND TDEHW_CUSTOM_LIBRARIES ${LIBCRYPTSETUP_LIBRARIES} ) +endif( ) + if( WITH_NETWORK_MANAGER_BACKEND ) list( APPEND TDEHW_CUSTOM_INCLUDE_DIRS ${CMAKE_CURRENT_SOURCE_DIR}/networkbackends/network-manager ) list( APPEND TDEHW_CUSTOM_LIBRARIES network_manager_backend-static ) diff --git a/tdecore/tdehw/tdestoragedevice.cpp b/tdecore/tdehw/tdestoragedevice.cpp index 6bde78faf..cdf004fb4 100644 --- a/tdecore/tdehw/tdestoragedevice.cpp +++ b/tdecore/tdehw/tdestoragedevice.cpp @@ -39,6 +39,10 @@ #include "config.h" +#if defined(WITH_CRYPTSETUP) + #include +#endif + // uDisks2 integration #if defined(WITH_UDISKS) || defined(WITH_UDISKS2) #include @@ -59,20 +63,200 @@ TQT_DBusData convertDBUSDataToVariantData(TQT_DBusData); #endif // defined(WITH_UDISKS) || defined(WITH_UDISKS2) -TDEStorageDevice::TDEStorageDevice(TDEGenericDeviceType::TDEGenericDeviceType dt, TQString dn) : TDEGenericDevice(dt, dn), m_mediaInserted(true) { +#if defined(WITH_CRYPTSETUP) +int TDEStorageDevice::cryptsetup_password_entry_callback(const char *msg, char *buf, size_t length, void *usrptr) { + TDEStorageDevice* sdevice = (TDEStorageDevice*)usrptr; + + unsigned int passwd_len = sdevice->m_cryptDevicePassword.size(); + if (passwd_len < length) { + memcpy(buf, sdevice->m_cryptDevicePassword.data(), length); + return passwd_len; + } + else { + return -1; + } +} +#endif + +TDEStorageDevice::TDEStorageDevice(TDEGenericDeviceType::TDEGenericDeviceType dt, TQString dn) : TDEGenericDevice(dt, dn), m_mediaInserted(true), m_cryptDevice(NULL) { m_diskType = TDEDiskDeviceType::Null; m_diskStatus = TDEDiskDeviceStatus::Null; } TDEStorageDevice::~TDEStorageDevice() { +#if defined(WITH_CRYPTSETUP) + if (m_cryptDevice) { + crypt_free(m_cryptDevice); + m_cryptDevice = NULL; + } +#endif } TDEDiskDeviceType::TDEDiskDeviceType TDEStorageDevice::diskType() { return m_diskType; } +void TDEStorageDevice::internalGetLUKSKeySlotStatus() { + unsigned int i; + crypt_keyslot_info keyslot_status; + TDELUKSKeySlotStatus::TDELUKSKeySlotStatus tde_keyslot_status; + + m_cryptKeyslotStatus.clear(); + for (i = 0; i < m_cryptKeySlotCount; i++) { + keyslot_status = crypt_keyslot_status(m_cryptDevice, i); + tde_keyslot_status = TDELUKSKeySlotStatus::Invalid; + if (keyslot_status == CRYPT_SLOT_INACTIVE) { + tde_keyslot_status = TDELUKSKeySlotStatus::Inactive; + } + else if (keyslot_status == CRYPT_SLOT_ACTIVE) { + tde_keyslot_status = TDELUKSKeySlotStatus::Active; + } + else if (keyslot_status == CRYPT_SLOT_ACTIVE_LAST) { + tde_keyslot_status = TDELUKSKeySlotStatus::Active | TDELUKSKeySlotStatus::Last; + } + m_cryptKeyslotStatus.append(tde_keyslot_status); + } +} + +void TDEStorageDevice::internalInitializeLUKSIfNeeded() { +#if defined(WITH_CRYPTSETUP) + int ret; + + if (m_diskType & TDEDiskDeviceType::LUKS) { + if (!m_cryptDevice) { + TQString node = deviceNode(); + if (node != "") { + ret = crypt_init(&m_cryptDevice, node.ascii()); + if (ret == 0) { + crypt_set_password_callback(m_cryptDevice, TDEStorageDevice::cryptsetup_password_entry_callback, this); + ret = crypt_load(m_cryptDevice, NULL, NULL); + if (ret == 0) { + int keyslot_count; + m_cryptDeviceType = crypt_get_type(m_cryptDevice); + keyslot_count = crypt_keyslot_max(m_cryptDeviceType.ascii()); + if (keyslot_count < 0) { + m_cryptKeySlotCount = 0; + } + else { + m_cryptKeySlotCount = keyslot_count; + } + internalGetLUKSKeySlotStatus(); + } + } + else { + m_cryptDevice = NULL; + } + } + } + } + else { + if (m_cryptDevice) { + crypt_free(m_cryptDevice); + m_cryptDevice = NULL; + } + } +#endif +} + +void TDEStorageDevice::cryptSetOperationsUnlockPassword(TQByteArray password) { + m_cryptDevicePassword = password; +} + +void TDEStorageDevice::cryptClearOperationsUnlockPassword() { + m_cryptDevicePassword.resize(0); +} + +bool TDEStorageDevice::cryptOperationsUnlockPasswordSet() { + if (m_cryptDevicePassword.size() > 0) { + return true; + } + else { + return false; + } +} + +TDELUKSResult::TDELUKSResult TDEStorageDevice::cryptAddKey(unsigned int keyslot, TQByteArray password) { +#if defined(WITH_CRYPTSETUP) + int ret; + + if (m_cryptDevice) { + if (keyslot < m_cryptKeySlotCount) { + ret = crypt_keyslot_add_by_passphrase(m_cryptDevice, keyslot, m_cryptDevicePassword.data(), m_cryptDevicePassword.size(), password.data(), password.size()); + if (ret < 0) { + return TDELUKSResult::KeyslotOpFailed; + } + else { + internalGetLUKSKeySlotStatus(); + return TDELUKSResult::Success; + } + } + else { + return TDELUKSResult::InvalidKeyslot; + } + } + else { + return TDELUKSResult::LUKSNotFound; + } +#else + return TDELUKSResult::LUKSNotSupported; +#endif +} + +TDELUKSResult::TDELUKSResult TDEStorageDevice::cryptDelKey(unsigned int keyslot) { +#if defined(WITH_CRYPTSETUP) + int ret; + + if (m_cryptDevice) { + if (keyslot < m_cryptKeySlotCount) { + ret = crypt_keyslot_destroy(m_cryptDevice, keyslot); + if (ret < 0) { + return TDELUKSResult::KeyslotOpFailed; + } + else { + internalGetLUKSKeySlotStatus(); + return TDELUKSResult::Success; + } + } + else { + return TDELUKSResult::InvalidKeyslot; + } + } + else { + return TDELUKSResult::LUKSNotFound; + } +#else + return TDELUKSResult::LUKSNotSupported; +#endif +} + +unsigned int TDEStorageDevice::cryptKeySlotCount() { + return m_cryptKeySlotCount; +} + +TDELUKSKeySlotStatusList TDEStorageDevice::cryptKeySlotStatus() { + return m_cryptKeyslotStatus; +} + +TQString TDEStorageDevice::cryptKeySlotFriendlyName(TDELUKSKeySlotStatus::TDELUKSKeySlotStatus status) { + if (status & TDELUKSKeySlotStatus::Inactive) { + return i18n("Inactive"); + } + else if (status & TDELUKSKeySlotStatus::Active) { + return i18n("Active"); + } + else { + return i18n("Unknown"); + } +} + +void TDEStorageDevice::internalSetDeviceNode(TQString sn) { + TDEGenericDevice::internalSetDeviceNode(sn); + internalInitializeLUKSIfNeeded(); +} + void TDEStorageDevice::internalSetDiskType(TDEDiskDeviceType::TDEDiskDeviceType dt) { m_diskType = dt; + internalInitializeLUKSIfNeeded(); } bool TDEStorageDevice::isDiskOfType(TDEDiskDeviceType::TDEDiskDeviceType tf) { diff --git a/tdecore/tdehw/tdestoragedevice.h b/tdecore/tdehw/tdestoragedevice.h index 4616138b5..24804e8c2 100644 --- a/tdecore/tdehw/tdestoragedevice.h +++ b/tdecore/tdehw/tdestoragedevice.h @@ -22,6 +22,8 @@ #include "tdegenericdevice.h" +struct crypt_device; + // Keep readDiskDeviceSubtypeFromString() in tdehardwaredevices.cpp in sync with this enum namespace TDEDiskDeviceType { #if __cplusplus >= 201103L @@ -125,241 +127,362 @@ inline TDEDiskDeviceStatus operator~(TDEDiskDeviceStatus a) } }; +namespace TDELUKSKeySlotStatus { +enum TDELUKSKeySlotStatus { + Invalid = 0x00000000, + Inactive = 0x00000001, + Active = 0x00000002, + Last = 0x00000004, + Other = 0x80000000 +}; + +inline TDELUKSKeySlotStatus operator|(TDELUKSKeySlotStatus a, TDELUKSKeySlotStatus b) +{ + return static_cast(static_cast(a) | static_cast(b)); +} + +inline TDELUKSKeySlotStatus operator&(TDELUKSKeySlotStatus a, TDELUKSKeySlotStatus b) +{ + return static_cast(static_cast(a) & static_cast(b)); +} + +inline TDELUKSKeySlotStatus operator~(TDELUKSKeySlotStatus a) +{ + return static_cast(~static_cast(a)); +} +}; + +typedef TQValueList TDELUKSKeySlotStatusList; + +namespace TDELUKSResult { +enum TDELUKSResult { + Invalid = 0x00000000, + Success = 0x00000001, + LUKSNotSupported = 0x00000002, + LUKSNotFound = 0x00000003, + InvalidKeyslot = 0x00000004, + KeyslotOpFailed = 0x00000005, + Other = 0x80000000 +}; +}; + typedef TQMap TDEStorageMountOptions; class TDECORE_EXPORT TDEStorageDevice : public TDEGenericDevice { public: /** - * Constructor. - * @param Device type - */ + * Constructor. + * @param Device type + */ TDEStorageDevice(TDEGenericDeviceType::TDEGenericDeviceType dt, TQString dn=TQString::null); /** - * Destructor. - */ + * Destructor. + */ ~TDEStorageDevice(); /** - * @return a TQString with the disk or partition label, if any - */ + * @return a TQString with the disk or partition label, if any + */ TQString diskLabel(); /** - * @return a TQString with the disk UUID, if any - */ + * @return a TQString with the disk UUID, if any + */ TQString diskUUID(); /** - * @return an OR-ed combination of TDEDiskDeviceType::TDEDiskDeviceType type flags - */ + * @return an OR-ed combination of TDEDiskDeviceType::TDEDiskDeviceType type flags + */ TDEDiskDeviceType::TDEDiskDeviceType diskType(); /** - * @return an OR-ed combination of TDEDiskDeviceStatus::TDEDiskDeviceStatus type flags - */ + * @return an OR-ed combination of TDEDiskDeviceStatus::TDEDiskDeviceStatus type flags + */ TDEDiskDeviceStatus::TDEDiskDeviceStatus diskStatus(); /** - * @return true if media inserted, false if no media available - */ + * @return true if media inserted, false if no media available + */ bool mediaInserted(); /** - * @return a TQString with the filesystem name, if any - */ + * @return a TQString with the filesystem name, if any + */ TQString fileSystemName(); /** - * @return a TQString with the filesystem usage string, if any - */ + * @return a TQString with the filesystem usage string, if any + */ TQString fileSystemUsage(); /** - * @return a TQStringList containing system paths to all devices with a lock on this device, if any - */ + * @return a TQStringList containing system paths to all devices with a lock on this device, if any + */ TQStringList holdingDevices(); /** - * @return a TQStringList containing system paths to all devices locked by this device, if any - */ + * @return a TQStringList containing system paths to all devices locked by this device, if any + */ TQStringList slaveDevices(); /** - * Mounts the device if not encrypted - * - * @param a TQString containing a requested mount name under /media, if desired - * @param a TQString containing any mount options for pmount, if desired - * @param a pointer to a TQString which will be populated with any error messages from pmount, if desired - * @param a pointer to an integer which will be populated with the return code from pmount, if desired - * - * @return a TQString with the mount path, if successful - */ + * Mounts the device if not encrypted + * + * @param a TQString containing a requested mount name under /media, if desired + * @param a TQString containing any mount options for pmount, if desired + * @param a pointer to a TQString which will be populated with any error messages from pmount, if desired + * @param a pointer to an integer which will be populated with the return code from pmount, if desired + * + * @return a TQString with the mount path, if successful + */ TQString mountDevice(TQString mediaName=TQString::null, TDEStorageMountOptions mountOptions=TDEStorageMountOptions(), TQString* errRet=0, int* retcode=0); /** - * Mounts the encrypted device if the correct passphrase is given - * - * @param a TQString containing the passphrase - * @param a TQString containing a requested mount name under /media, if desired - * @param a TQString containing any mount options for pmount, if desired - * @param a pointer to a TQString which will be populated with any error messages from pmount, if desired - * @param a pointer to an integer which will be populated with the return code from pmount, if desired - * - * @return a TQString with the mount path, if successful - */ + * Mounts the encrypted device if the correct passphrase is given + * + * @param a TQString containing the passphrase + * @param a TQString containing a requested mount name under /media, if desired + * @param a TQString containing any mount options for pmount, if desired + * @param a pointer to a TQString which will be populated with any error messages from pmount, if desired + * @param a pointer to an integer which will be populated with the return code from pmount, if desired + * + * @return a TQString with the mount path, if successful + */ TQString mountEncryptedDevice(TQString passphrase, TQString mediaName=TQString::null, TDEStorageMountOptions mountOptions=TDEStorageMountOptions(), TQString* errRet=0, int* retcode=0); /** - * Unmounts the device - * - * @param a pointer to a TQString which will be populated with any error messages from pmount, if desired - * @param a pointer to an integer which will be populated with the return code from pmount, if desired - * - * @return TRUE if unmount was successful - */ + * Unmounts the device + * + * @param a pointer to a TQString which will be populated with any error messages from pmount, if desired + * @param a pointer to an integer which will be populated with the return code from pmount, if desired + * + * @return TRUE if unmount was successful + */ bool unmountDevice(TQString* errRet, int* retcode=0); /** - * @return a TQString with the mount path, if mounted - */ + * @return a TQString with the mount path, if mounted + */ TQString mountPath(); /** - * @return an unsigned long with the device size in bytes - */ + * @return an unsigned long with the device size in bytes + */ unsigned long long deviceSize(); /** - * @return a TQString with the device size in human readable form - */ + * @return a TQString with the device size in human readable form + */ TQString deviceFriendlySize(); /** - * Get an icon for this device - * @param size a TDEIcon::StdSizes structure specifying the desired icon size - * @return a TQPixmap containing the icon for the specified type - * - * This method overrides TDEGenericDevice::icon(TDEIcon::StdSizes size) - */ + * Get an icon for this device + * @param size a TDEIcon::StdSizes structure specifying the desired icon size + * @return a TQPixmap containing the icon for the specified type + * + * This method overrides TDEGenericDevice::icon(TDEIcon::StdSizes size) + */ TQPixmap icon(TDEIcon::StdSizes size); /** - * @return a TQString with a friendly name - * - * This method overrides TDEGenericDevice::friendlyName() - */ + * @return a TQString with a friendly name + * + * This method overrides TDEGenericDevice::friendlyName() + */ TQString friendlyName(); /** - * @return a TQString with a detailed friendly name - * - * This method overrides TDEGenericDevice::detailedFriendlyName() - */ + * @return a TQString with a detailed friendly name + * + * This method overrides TDEGenericDevice::detailedFriendlyName() + */ TQString detailedFriendlyName(); /** - * @return a TQString containing the friendly type name - * - * This method overrides TDEGenericDevice::friendlyDeviceType() - */ + * @return a TQString containing the friendly type name + * + * This method overrides TDEGenericDevice::friendlyDeviceType() + */ TQString friendlyDeviceType(); /** - * @param an OR-ed combination of TDEDiskDeviceType::TDEDiskDeviceType type flags - */ + * @param an OR-ed combination of TDEDiskDeviceType::TDEDiskDeviceType type flags + */ bool isDiskOfType(TDEDiskDeviceType::TDEDiskDeviceType tf); /** - * @param an OR-ed combination of TDEDiskDeviceStatus::TDEDiskDeviceStatus type flags - */ + * @param an OR-ed combination of TDEDiskDeviceStatus::TDEDiskDeviceStatus type flags + */ bool checkDiskStatus(TDEDiskDeviceStatus::TDEDiskDeviceStatus sf); /** - * @param TRUE to engage media lock, FALSE to disable it - * @return TRUE on success, FALSE on failure - * - * This method currently works on CD-ROM drives and similar devices - */ + * @param TRUE to engage media lock, FALSE to disable it + * @return TRUE on success, FALSE on failure + * + * This method currently works on CD-ROM drives and similar devices + */ bool lockDriveMedia(bool lock); /** - * @return TRUE on success, FALSE on failure - * - * This method currently works on CD-ROM drives and similar devices - */ + * @return TRUE on success, FALSE on failure + * + * This method currently works on CD-ROM drives and similar devices + */ bool ejectDriveMedia(); /** - * @return TRUE on success, FALSE on failure - * - * This method currently works on all removable storage devices - */ + * @return TRUE on success, FALSE on failure + * + * This method currently works on all removable storage devices + */ bool ejectDrive(); /** - * @param path Full path to arbitrary file or directory - * @return TQString with type of file system containing the given file, - * or TQString::null if file system type unknown - */ + * @param path Full path to arbitrary file or directory + * @return TQString with type of file system containing the given file, + * or TQString::null if file system type unknown + */ static TQString determineFileSystemType(TQString path); + /** + * Set the unlock password to use in subsequent LUKS operations + * @see cryptClearOperationsUnlockPassword + * + * @param password LUKS unlock password for any keyslot + */ + void cryptSetOperationsUnlockPassword(TQByteArray password); + + /** + * Erases the unlock password from application memory cache + * @see cryptSetOperationsUnlockPassword + */ + void cryptClearOperationsUnlockPassword(); + + /** + * @return true if unlock password is in the application memory cache + * @see cryptSetOperationsUnlockPassword + * @see cryptClearOperationsUnlockPassword + */ + bool cryptOperationsUnlockPasswordSet(); + + /** + * Adds a new key to the specific keyslot, overwriting the existing key if present + * + * @param keyslot New keyslot number + * @param password New keyslot password + * @return TDELUKSResult::TDELUKSResult containing the status code returned + * from the operation, or TDELUKSResult::LUKSNotSupported if LUKS support unavailable + * @return TDELUKSResult::Success on success + */ + TDELUKSResult::TDELUKSResult cryptAddKey(unsigned int keyslot, TQByteArray password); + + /** + * Permanently deletes the associated key from a specific keyslot + * + * @param keyslot Keyslot number + * @return TDELUKSResult::TDELUKSResult containing the status code returned + * from the operation, or TDELUKSResult::LUKSNotSupported if LUKS support unavailable + * @return TDELUKSResult::Success on success + */ + TDELUKSResult::TDELUKSResult cryptDelKey(unsigned int keyslot); + + /** + * @return the maximum number of key slots available + */ + unsigned int cryptKeySlotCount(); + + /** + * @return TDELUKSKeySlotStatusList with the status of all keyslots + */ + TDELUKSKeySlotStatusList cryptKeySlotStatus(); + + /** + * @param status Keyslot status + * @return a TQString with the friendly name of the given slot status + */ + TQString cryptKeySlotFriendlyName(TDELUKSKeySlotStatus::TDELUKSKeySlotStatus status); + protected: /** - * @param a TQString with the disk or partition label, if any - * @internal - */ + * @param a TQString with the system device node, if any + * @internal + * + * This method is non-portable, so be careful! + */ + void internalSetDeviceNode(TQString sn); + + /** + * @param a TQString with the disk or partition label, if any + * @internal + */ void internalSetDiskLabel(TQString dn); /** - * @param a TQString with the disk UUID, if any - * @internal - */ + * @param a TQString with the disk UUID, if any + * @internal + */ void internalSetDiskUUID(TQString id); /** - * @param an OR-ed combination of TDEDiskDeviceType::TDEDiskDeviceType type flags - * @internal - */ + * @param an OR-ed combination of TDEDiskDeviceType::TDEDiskDeviceType type flags + * @internal + */ void internalSetDiskType(TDEDiskDeviceType::TDEDiskDeviceType tf); /** - * @param an OR-ed combination of TDEDiskDeviceStatus::TDEDiskDeviceStatus type flags - * @internal - */ + * @param an OR-ed combination of TDEDiskDeviceStatus::TDEDiskDeviceStatus type flags + * @internal + */ void internalSetDiskStatus(TDEDiskDeviceStatus::TDEDiskDeviceStatus st); /** - * @param a bool with the media status - * @internal - */ + * @param a bool with the media status + * @internal + */ void internalSetMediaInserted(bool inserted); /** - * @param a TQString with the filesystem name, if any - * @internal - */ + * @param a TQString with the filesystem name, if any + * @internal + */ void internalSetFileSystemName(TQString fn); /** - * @param a TQString with the filesystem usage string, if any - * @internal - */ + * @param a TQString with the filesystem usage string, if any + * @internal + */ void internalSetFileSystemUsage(TQString fu); /** - * @param a TQStringList containing system paths to all devices with a lock on this device, if any - * @internal - */ + * @param a TQStringList containing system paths to all devices with a lock on this device, if any + * @internal + */ void internalSetHoldingDevices(TQStringList hd); /** - * @param a TQStringList containing system paths to all devices locked by this device, if any - * @internal - */ + * @param a TQStringList containing system paths to all devices locked by this device, if any + * @internal + */ void internalSetSlaveDevices(TQStringList sd); + /** + * @internal + */ + void internalInitializeLUKSIfNeeded(); + + /** + * @internal + */ + void internalGetLUKSKeySlotStatus(); + + private: + /** + * @internal + */ + static int cryptsetup_password_entry_callback(const char*, char *, size_t, void *); + private: TDEDiskDeviceType::TDEDiskDeviceType m_diskType; TDEDiskDeviceStatus::TDEDiskDeviceStatus m_diskStatus; @@ -371,6 +494,11 @@ class TDECORE_EXPORT TDEStorageDevice : public TDEGenericDevice TQString m_mountPath; TQStringList m_holdingDevices; TQStringList m_slaveDevices; + struct crypt_device* m_cryptDevice; + TQByteArray m_cryptDevicePassword; + TQString m_cryptDeviceType; + unsigned int m_cryptKeySlotCount; + TDELUKSKeySlotStatusList m_cryptKeyslotStatus; friend class TDEHardwareDevices; }; -- cgit v1.2.1