static bRC do_clear_scsi_encryption_key(void *value)
{
DCR *dcr;
DEVICE *dev;
DEVRES *device;
bool need_to_clear;
/*
* Unpack the arguments passed in.
*/
dcr = (DCR *)value;
if (!dcr) {
return bRC_Error;
}
dev = dcr->dev;
if (!dev) {
return bRC_Error;
}
device = dev->device;
if (!device) {
return bRC_Error;
}
/*
* See if device supports hardware encryption.
*/
if (!device->drive_crypto_enabled) {
return bRC_OK;
}
P(crypto_operation_mutex);
/*
* See if we need to query the drive or use the tracked encryption status of the stored.
*/
if (device->query_crypto_status) {
need_to_clear = is_scsi_encryption_enabled(dev->fd(), dev->dev_name);
} else {
need_to_clear = dev->is_crypto_enabled();
}
if (need_to_clear) {
Dmsg0(dbglvl, "scsicrypto-sd: Clearing crypto key\n");
if (clear_scsi_encryption_key(dev->fd(), dev->dev_name)) {
dev->clear_crypto_enabled();
V(crypto_operation_mutex);
return bRC_OK;
} else {
V(crypto_operation_mutex);
return bRC_Error;
}
} else {
Dmsg0(dbglvl, "scsicrypto-sd: Not clearing crypto key because encryption is currently not enabled on drive\n");
V(crypto_operation_mutex);
return bRC_OK;
}
}
static bRC handle_read_error(void *value)
{
DCR *dcr;
DEVICE *dev;
DEVRES *device;
bool decryption_needed;
/*
* Unpack the arguments passed in.
*/
dcr = (DCR *)value;
if (!dcr) {
return bRC_Error;
}
dev = dcr->dev;
if (!dev) {
return bRC_Error;
}
device = dev->device;
if (!device) {
return bRC_Error;
}
/*
* See if drive crypto is enabled.
*/
if (device->drive_crypto_enabled) {
/*
* See if the read error is an EIO which can be returned when we try to read an
* encrypted block from a volume without decryption enabled or without a proper
* encryption key loaded.
*/
switch (dev->dev_errno) {
case EIO:
/*
* See if we need to query the drive or use the tracked encryption status of the stored.
* When we can query the drive we look at the next block encryption state to see if
* we need decryption of the data on the volume.
*/
if (device->query_crypto_status) {
P(crypto_operation_mutex);
if (need_scsi_crypto_key(dev->fd(), dev->dev_name, false)) {
decryption_needed = true;
} else {
decryption_needed = false;
}
V(crypto_operation_mutex);
} else {
decryption_needed = dev->is_crypto_enabled();
}
/*
* Alter the error message so it known this error is most likely due to a
* failed decryption of the encrypted data on the volume.
*/
if (decryption_needed) {
berrno be;
be.set_errno(dev->dev_errno);
Mmsg5(dev->errmsg, _("Read error on fd=%d at file:blk %u:%u on device %s. ERR=%s.\n"
"Probably due to reading encrypted data from volume\n"),
dev->fd(), dev->file, dev->block_num, dev->print_name(), be.bstrerror());
}
break;
default:
break;
}
}
return bRC_OK;
}