static int _remove_key( const char * device,const resolve_path_t * opts ) { int slot ; struct crypt_device * cd ; const arguments * args = opts->args ; if( zuluCryptVolumeIsNotLuks( device ) ){ return 1 ; } if( crypt_init( &cd,device ) != 0 ){ return 3 ; } if( crypt_load( cd,NULL,NULL ) != 0 ){ return zuluExit( 3,cd ) ; } slot = crypt_activate_by_passphrase( cd,NULL,CRYPT_ANY_SLOT,args->key,args->key_len,0 ) ; if( slot < 0 ){ return zuluExit( 2,cd ) ; } if( crypt_keyslot_destroy( cd,slot ) < 0 ){ return zuluExit( 2,cd ) ; }else{ return zuluExit( 0,cd ) ; } }
static int _remove_key( const char * device ,const char * pass,size_t pass_size ) { int slot ; struct crypt_device * cd ; if( zuluCryptVolumeIsNotLuks( device ) ){ return 1 ; } if( crypt_init( &cd,device ) != 0 ){ return 3 ; } if( crypt_load( cd,NULL,NULL ) != 0 ){ return zuluExit( 3,cd ) ; } slot = crypt_activate_by_passphrase( cd,NULL,CRYPT_ANY_SLOT,pass,pass_size,0 ); if ( slot < 0 ){ return zuluExit( 2,cd ) ; } if( crypt_keyslot_destroy( cd,slot ) < 0 ){ return zuluExit( 2,cd ) ; }else{ return zuluExit( 0,cd ) ; } }
static int _add_key( const char * device,const char * existingkey,size_t existingkey_size,const char * newkey,size_t newkey_size ) { struct crypt_device * cd ; if( zuluCryptVolumeIsNotLuks( device ) ){ return 3 ; } if( crypt_init( &cd,device ) != 0 ){ return 2 ; } if( crypt_load( cd,NULL,NULL ) != 0 ){ return zuluExit( 2,cd ) ; } if( crypt_keyslot_add_by_passphrase( cd,CRYPT_ANY_SLOT,existingkey,existingkey_size,newkey,newkey_size ) < 0 ){ return zuluExit( 1,cd ) ; }else{ return zuluExit( 0,cd ) ; } }
/* * get_pass_from_file function is defined at get_pass_from_file.c * */ int zuluCryptEXEAddKey( const struct_opts * opts,uid_t uid ) { const char * device = opts->device ; const char * keyType1 = opts->existing_key_source ; const char * existingKey = opts->existing_key ; const char * keyType2 = opts->new_key_source ; const char * newKey = opts->new_key ; /* * Below is a form of memory management.All strings are collected in a stringlist object to easily delete them * when the function returns.This allows for the function to have multiple exit points without risks of leaking * memory from manually examining each exit point to make sure all strings are deleted or go with multiple goto * code deleting blocks to take into account different exit points. */ stringList_t stl ; string_t * stringArray = StringListArray( &stl,5 ) ; string_t * presentKey = &stringArray[ 0 ] ; string_t * newKey_1 = &stringArray[ 1 ] ; string_t * newKey_2 = &stringArray[ 2 ] ; string_t * ek = &stringArray[ 3 ] ; string_t * nk = &stringArray[ 4 ] ; const char * key1 = NULL ; const char * key2 = NULL ; size_t len1 = 0 ; size_t len2 = 0 ; int status = 0 ; /* * zuluCryptPartitionIsSystemPartition() is defined in ./partitions.c */ if( zuluCryptPartitionIsSystemPartition( device,uid ) ){ if( !zuluCryptUserIsAMemberOfAGroup( uid,"zulucrypt" ) ){ return zuluExit( 4,stl ) ; } } /* * zuluCryptSecurityDeviceIsWritable() is defined in security.c */ status = zuluCryptSecurityDeviceIsWritable( device,uid ) ; /* * 1-permissions denied * 2-invalid path * 3-shenanigans * 4-common error */ switch( status ){ case 0 : break ; case 1 : return zuluExit( 5,stl ) ; case 2 : return zuluExit( 5,stl ) ; case 3 : return zuluExit( 5,stl ) ; case 4 : return zuluExit( 5,stl ) ; default: return zuluExit( 5,stl ) ; } zuluCryptSecurityGainElevatedPrivileges() ; /* * zuluCryptVolumeIsNotLuks() is defined in ../lib/is_luks.c */ status = zuluCryptVolumeIsNotLuks( device ) ; zuluCryptSecurityDropElevatedPrivileges() ; if( status ){ return zuluExit_1( 3,device,stl ) ; } switch( _zuluCryptCheckEmptySlots( device ) ){ case 0 : return zuluExit( 6,stl ) ; case 1 : return zuluExit( 2,stl ) ; } if( keyType1 == NULL && keyType2 == NULL ){ switch( zuluGetKeys( presentKey,newKey_1,newKey_2 ) ){ case 1 : return zuluExit( 7,stl ) ; case 2 : return zuluExit( 8,stl ) ; } if( !StringEqualString( *newKey_1,*newKey_2 ) ){ status = 9 ; }else{ key1 = StringContent( *presentKey ) ; len1 = StringLength ( *presentKey ) ; key2 = StringContent( *newKey_1 ) ; len2 = StringLength ( *newKey_1 ) ; } }else{ if( newKey == NULL || existingKey == NULL ){ return zuluExit( 10,stl ) ; } if( StringsAreEqual( keyType1,"-f" ) ){ /* * this function is defined at "security.c" */ switch( zuluCryptSecurityGetPassFromFile( existingKey,uid,ek ) ){ case 1 : return zuluExit( 11,stl ) ; case 4 : return zuluExit( 12,stl ) ; case 2 : return zuluExit( 13,stl ) ; case 5 : return zuluExit( 14,stl ) ; } key1 = StringContent( *ek ) ; len1 = StringLength( *ek ) ; } if( StringsAreEqual( keyType2,"-f" ) ){ /* * this function is defined at "security.c.c" */ switch( zuluCryptSecurityGetPassFromFile( newKey,uid,nk ) ){ case 1 : return zuluExit( 11,stl ) ; case 4 : return zuluExit( 12,stl ) ; case 2 : return zuluExit( 13,stl ) ; case 5 : return zuluExit( 14,stl ) ; } key2 = StringContent( *nk ) ; len2 = StringLength( *nk ) ; } if( StringsAreEqual( keyType1,"-f" ) && StringsAreEqual( keyType2,"-f" ) ){ ; }else if( StringsAreEqual( keyType1,"-p" ) && StringsAreEqual( keyType2,"-p" ) ){ key1 = existingKey ; len1 = StringSize( existingKey ) ; key2 = newKey ; len2 = StringSize( newKey ) ; }else if( StringsAreEqual( keyType1,"-p" ) && StringsAreEqual( keyType2,"-f" ) ){ key1 = existingKey ; len1 = StringSize( existingKey ) ; }else if( StringsAreEqual( keyType1,"-f" ) && StringsAreEqual( keyType2,"-p" ) ){ key2 = newKey ; len2 = strlen( newKey ) ; }else{ return zuluExit( 10,stl ) ; } } zuluCryptSecurityLockMemory( stl ) ; zuluCryptSecurityGainElevatedPrivileges() ; /* * zuluCryptAddKey() is defined in ../lib/add_key.c */ status = zuluCryptAddKey( device,key1,len1,key2,len2 ); zuluCryptSecurityDropElevatedPrivileges(); /* * this function is defined in check_invalid_key.c */ zuluCryptCheckInvalidKey( device ) ; return zuluExit( status,stl ) ; }