Example #1
0
static bRC do_clear_scsi_encryption_key(void *value)
{
   DCR *dcr;
   DEVICE *dev;
   DEVRES *device;
   bool need_to_clear;

   /*
    * Unpack the arguments passed in.
    */
   dcr = (DCR *)value;
   if (!dcr) {
      return bRC_Error;
   }
   dev = dcr->dev;
   if (!dev) {
      return bRC_Error;
   }
   device = dev->device;
   if (!device) {
      return bRC_Error;
   }

   /*
    * See if device supports hardware encryption.
    */
   if (!device->drive_crypto_enabled) {
      return bRC_OK;
   }

   P(crypto_operation_mutex);
   /*
    * See if we need to query the drive or use the tracked encryption status of the stored.
    */
   if (device->query_crypto_status) {
      need_to_clear = is_scsi_encryption_enabled(dev->fd(), dev->dev_name);
   } else {
      need_to_clear = dev->is_crypto_enabled();
   }
   if (need_to_clear) {
      Dmsg0(dbglvl, "scsicrypto-sd: Clearing crypto key\n");
      if (clear_scsi_encryption_key(dev->fd(), dev->dev_name)) {
         dev->clear_crypto_enabled();
         V(crypto_operation_mutex);
         return bRC_OK;
      } else {
         V(crypto_operation_mutex);
         return bRC_Error;
      }
   } else {
      Dmsg0(dbglvl, "scsicrypto-sd: Not clearing crypto key because encryption is currently not enabled on drive\n");
      V(crypto_operation_mutex);
      return bRC_OK;
   }
}
Example #2
0
static bRC handle_read_error(void *value)
{
   DCR *dcr;
   DEVICE *dev;
   DEVRES *device;
   bool decryption_needed;

   /*
    * Unpack the arguments passed in.
    */
   dcr = (DCR *)value;
   if (!dcr) {
      return bRC_Error;
   }
   dev = dcr->dev;
   if (!dev) {
      return bRC_Error;
   }
   device = dev->device;
   if (!device) {
      return bRC_Error;
   }

   /*
    * See if drive crypto is enabled.
    */
   if (device->drive_crypto_enabled) {
      /*
       * See if the read error is an EIO which can be returned when we try to read an
       * encrypted block from a volume without decryption enabled or without a proper
       * encryption key loaded.
       */
      switch (dev->dev_errno) {
      case EIO:
         /*
          * See if we need to query the drive or use the tracked encryption status of the stored.
          * When we can query the drive we look at the next block encryption state to see if
          * we need decryption of the data on the volume.
          */
         if (device->query_crypto_status) {
            P(crypto_operation_mutex);
            if (need_scsi_crypto_key(dev->fd(), dev->dev_name, false)) {
               decryption_needed = true;
            } else {
               decryption_needed = false;
            }
            V(crypto_operation_mutex);
         } else {
            decryption_needed = dev->is_crypto_enabled();
         }

         /*
          * Alter the error message so it known this error is most likely due to a
          * failed decryption of the encrypted data on the volume.
          */
         if (decryption_needed) {
            berrno be;

            be.set_errno(dev->dev_errno);
            Mmsg5(dev->errmsg, _("Read error on fd=%d at file:blk %u:%u on device %s. ERR=%s.\n"
                                 "Probably due to reading encrypted data from volume\n"),
                  dev->fd(), dev->file, dev->block_num, dev->print_name(), be.bstrerror());
         }
         break;
      default:
         break;
      }
   }
   return bRC_OK;
}