From 9575dadc8b810113dcae8271dd741eaf362acf38 Mon Sep 17 00:00:00 2001
From: Milan Broz <gmazyland@gmail.com>
Date: Fri, 22 Nov 2024 10:25:05 +0100
Subject: [PATCH] Store keyring type in volume key.

The key_decripion always contains only a key name,
keyring then contains type of keyring as defned un keyring utils.

For now, only LOGON type is used in commands, it will be extended later.
---
 lib/internal.h           |  4 +++-
 lib/libdevmapper.c       | 28 ++++++++++++++++++----------
 lib/luks2/luks2_digest.c |  4 ++--
 lib/setup.c              |  8 ++++++--
 lib/utils_keyring.c      | 10 +++++-----
 lib/volumekey.c          |  5 ++++-
 6 files changed, 38 insertions(+), 21 deletions(-)

diff --git a/lib/internal.h b/lib/internal.h
index 765bf151c..5b2247b14 100644
--- a/lib/internal.h
+++ b/lib/internal.h
@@ -53,6 +53,7 @@ struct volume_key {
 	int id;
 	size_t keylength;
 	const char *key_description;
+	key_type_t keyring;
 	struct volume_key *next;
 	char key[];
 };
@@ -60,7 +61,8 @@ struct volume_key {
 struct volume_key *crypt_alloc_volume_key(size_t keylength, const char *key);
 struct volume_key *crypt_generate_volume_key(struct crypt_device *cd, size_t keylength);
 void crypt_free_volume_key(struct volume_key *vk);
-int crypt_volume_key_set_description(struct volume_key *key, const char *key_description);
+int crypt_volume_key_set_description(struct volume_key *key,
+				     const char *key_description, key_type_t keyring);
 void crypt_volume_key_set_id(struct volume_key *vk, int id);
 int crypt_volume_key_get_id(const struct volume_key *vk);
 void crypt_volume_key_add_next(struct volume_key **vks, struct volume_key *vk);
diff --git a/lib/libdevmapper.c b/lib/libdevmapper.c
index a562a2d7a..f4a4091f1 100644
--- a/lib/libdevmapper.c
+++ b/lib/libdevmapper.c
@@ -591,12 +591,16 @@ static char *get_dm_crypt_params(const struct dm_target *tgt, uint32_t flags)
 	if (null_cipher)
 		hexkey = crypt_bytes_to_hex(0, NULL);
 	else if (flags & CRYPT_ACTIVATE_KEYRING_KEY) {
-		keystr_len = strlen(tgt->u.crypt.vk->key_description) + int_log10(tgt->u.crypt.vk->keylength) + 10;
+		if (!tgt->u.crypt.vk->key_description || tgt->u.crypt.vk->keyring == INVALID_KEY)
+			goto out;
+		keystr_len = strlen(tgt->u.crypt.vk->key_description) +
+			int_log10(tgt->u.crypt.vk->keylength) +
+			24 /* type and separators */;
 		hexkey = crypt_safe_alloc(keystr_len);
 		if (!hexkey)
 			goto out;
-		r = snprintf(hexkey, keystr_len, ":%zu:logon:%s", tgt->u.crypt.vk->keylength,
-			     tgt->u.crypt.vk->key_description);
+		r = snprintf(hexkey, keystr_len, ":%zu:%s:%s", tgt->u.crypt.vk->keylength,
+			     key_type_name(tgt->u.crypt.vk->keyring), tgt->u.crypt.vk->key_description);
 		if (r < 0 || r >= keystr_len)
 			goto out;
 	} else
@@ -1977,7 +1981,7 @@ static int _dm_target_query_crypt(struct crypt_device *cd, uint32_t get_flags,
 				  uint32_t *act_flags)
 {
 	uint64_t val64;
-	char *rcipher, *rintegrity, *key_, *rdevice, *endp, buffer[3], *arg, *key_desc;
+	char *rcipher, *rintegrity, *key_, *rdevice, *endp, buffer[3], *arg, *key_desc, keyring[16];
 	unsigned int i, val;
 	int r;
 	size_t key_size;
@@ -2102,15 +2106,19 @@ static int _dm_target_query_crypt(struct crypt_device *cd, uint32_t get_flags,
 			if (key_[0] == ':') {
 				/* :<key_size>:<key_type>:<key_description> */
 				key_desc = NULL;
+				r = -ENOMEM;
 				endp = strpbrk(key_ + 1, ":");
-				if (endp)
-					key_desc = strpbrk(endp + 1, ":");
-				if (!key_desc) {
-					r = -ENOMEM;
+				if (!endp)
 					goto err;
-				}
+				key_desc = strpbrk(endp + 1, ":");
+				if (!key_desc)
+					goto err;
+				memcpy(keyring, endp + 1, key_desc - endp - 1);
+				keyring[key_desc - endp - 1] = '\0';
 				key_desc++;
-				crypt_volume_key_set_description(vk, key_desc);
+				r = crypt_volume_key_set_description(vk, key_desc, key_type_by_name(keyring));
+				if (r < 0)
+					goto err;
 			} else {
 				buffer[2] = '\0';
 				for(i = 0; i < vk->keylength; i++) {
diff --git a/lib/luks2/luks2_digest.c b/lib/luks2/luks2_digest.c
index fac4cc3f4..b8a28a17a 100644
--- a/lib/luks2/luks2_digest.c
+++ b/lib/luks2/luks2_digest.c
@@ -419,7 +419,7 @@ int LUKS2_key_description_by_segment(struct crypt_device *cd,
 	char *desc = get_key_description_by_digest(cd, LUKS2_digest_by_segment(hdr, segment));
 	int r;
 
-	r = crypt_volume_key_set_description(vk, desc);
+	r = crypt_volume_key_set_description(vk, desc, LOGON_KEY);
 	free(desc);
 	return r;
 }
@@ -430,7 +430,7 @@ int LUKS2_volume_key_load_in_keyring_by_digest(struct crypt_device *cd,
 	char *desc = get_key_description_by_digest(cd, digest);
 	int r;
 
-	r = crypt_volume_key_set_description(vk, desc);
+	r = crypt_volume_key_set_description(vk, desc, LOGON_KEY);
 	if (!r)
 		r = crypt_volume_key_load_in_keyring(cd, vk);
 
diff --git a/lib/setup.c b/lib/setup.c
index ac6765b2a..65480c5e0 100644
--- a/lib/setup.c
+++ b/lib/setup.c
@@ -3353,7 +3353,9 @@ static int _reload_device(struct crypt_device *cd, const char *name,
 		sdmd->flags &= ~CRYPT_ACTIVATE_READONLY;
 
 	if (tgt->type == DM_CRYPT && sdmd->flags & CRYPT_ACTIVATE_KEYRING_KEY) {
-		r = crypt_volume_key_set_description(tgt->u.crypt.vk, src->u.crypt.vk->key_description);
+		r = crypt_volume_key_set_description(tgt->u.crypt.vk,
+						     src->u.crypt.vk->key_description,
+						     src->u.crypt.vk->keyring);
 		if (r)
 			goto out;
 	} else if (tgt->type == DM_CRYPT) {
@@ -3473,7 +3475,9 @@ static int _reload_device_with_integrity(struct crypt_device *cd,
 		sdmdi->flags &= ~CRYPT_ACTIVATE_READONLY;
 
 	if (sdmd->flags & CRYPT_ACTIVATE_KEYRING_KEY) {
-		r = crypt_volume_key_set_description(tgt->u.crypt.vk, src->u.crypt.vk->key_description);
+		r = crypt_volume_key_set_description(tgt->u.crypt.vk,
+						     src->u.crypt.vk->key_description,
+						     src->u.crypt.vk->keyring);
 		if (r)
 			goto out;
 	} else {
diff --git a/lib/utils_keyring.c b/lib/utils_keyring.c
index 4a0cc53f8..363fdf505 100644
--- a/lib/utils_keyring.c
+++ b/lib/utils_keyring.c
@@ -27,11 +27,11 @@ static const struct {
 	key_type_t type;
 	const char *type_name;
 } key_types[] = {
-	{ LOGON_KEY,	"logon" },
-	{ USER_KEY,	"user"	},
-	{ BIG_KEY,	"big_key"	},
-	{ TRUSTED_KEY,	"trusted"	},
-	{ ENCRYPTED_KEY,	"encrypted"	},
+	{ LOGON_KEY,     "logon" },
+	{ USER_KEY,      "user" },
+	{ BIG_KEY,       "big_key" },
+	{ TRUSTED_KEY,   "trusted" },
+	{ ENCRYPTED_KEY, "encrypted" },
 };
 
 #include <linux/keyctl.h>
diff --git a/lib/volumekey.c b/lib/volumekey.c
index 94ce26861..505faf9af 100644
--- a/lib/volumekey.c
+++ b/lib/volumekey.c
@@ -25,6 +25,7 @@ struct volume_key *crypt_alloc_volume_key(size_t keylength, const char *key)
 		return NULL;
 
 	vk->key_description = NULL;
+	vk->keyring = INVALID_KEY;
 	vk->keylength = keylength;
 	vk->id = KEY_NOT_VERIFIED;
 	vk->next = NULL;
@@ -40,13 +41,15 @@ struct volume_key *crypt_alloc_volume_key(size_t keylength, const char *key)
 	return vk;
 }
 
-int crypt_volume_key_set_description(struct volume_key *vk, const char *key_description)
+int crypt_volume_key_set_description(struct volume_key *vk,
+				     const char *key_description, key_type_t keyring)
 {
 	if (!vk)
 		return -EINVAL;
 
 	free(CONST_CAST(void*)vk->key_description);
 	vk->key_description = NULL;
+	vk->keyring = keyring;
 	if (key_description && !(vk->key_description = strdup(key_description)))
 		return -ENOMEM;