Commit 17ba154b authored by Maarten de Waard's avatar Maarten de Waard 🤘🏻
Browse files

Merge branch '5-add-luks-key-endpoint' into 'master'

Add endpoint for adding encryption key

Closes #5

See merge request !14
parents 5e8bac28 10c29be4
/**
* Callback function to change a luks encryption password.
* Combined handler for adding and changing luks encryption passwords.
* @param[in] request incoming HTTP request
* @param[out] response HTTP response to the request
* @param[in] user_data extra data to pass between main thread and callbacks
* @param[in] is_post this is a post request (true) or a put (false)
* @return internal status code
*/
int callback_encryption_keys_put(const struct _u_request * request,
struct _u_response * response, void * user_data)
int encryption_keys_change(const struct _u_request * request,
struct _u_response * response, bool is_post)
{
int r;
......@@ -31,20 +31,29 @@ int callback_encryption_keys_put(const struct _u_request * request,
"missing new password");
}
// Read keyslot from request URI.
const char * keyslot_string = u_map_get(request->map_url, "slot");
if (keyslot_string == NULL)
int keyslot;
// Posting a new password, put it in the first available slot.
if (is_post)
{
return send_simple_response(response, 400, "error",
"missing url parameter `slot`");
keyslot = CRYPT_ANY_SLOT;
}
int keyslot;
r = parse_int(keyslot_string, &keyslot);
if (r != 0)
// Changing an existing password, so read the slot from the url.
else
{
printf("invalid url parameter `slot`: %s\n", keyslot_string);
return send_simple_response(response, 400, "error",
"invalid url parameter `slot`");
// Read keyslot from request URI.
const char * keyslot_string = u_map_get(request->map_url, "slot");
if (keyslot_string == NULL)
{
return send_simple_response(response, 400, "error",
"missing url parameter `slot`");
}
r = parse_int(keyslot_string, &keyslot);
if (r != 0)
{
printf("invalid url parameter `slot`: %s\n", keyslot_string);
return send_simple_response(response, 400, "error",
"invalid url parameter `slot`");
}
}
// Initialise encrypted container.
......@@ -61,9 +70,18 @@ int callback_encryption_keys_put(const struct _u_request * request,
"initialising encrypted container failed");
}
// Add encryption password.
r = crypt_keyslot_change_by_passphrase(cd, keyslot, keyslot,
password, strlen(password), new_password, strlen(new_password));
if (is_post)
{
// Add encryption password.
r = crypt_keyslot_add_by_passphrase(cd, keyslot,
password, strlen(password), new_password, strlen(new_password));
}
else
{
// Change encryption password.
r = crypt_keyslot_change_by_passphrase(cd, keyslot, keyslot,
password, strlen(password), new_password, strlen(new_password));
}
if (r == -1)
{
......@@ -75,7 +93,14 @@ int callback_encryption_keys_put(const struct _u_request * request,
if (r < 0)
{
// Something else went wrong.
printf("crypt_keyslot_add_by_passphrase failed with status %d\n", r);
if (is_post)
{
printf("crypt_keyslot_add_by_passphrase failed with status %d\n", r);
}
else
{
printf("crypt_keyslot_change_by_passphrase failed with status %d\n", r);
}
return send_simple_response(response, 500, "error",
"error changing password");
}
......@@ -83,3 +108,28 @@ int callback_encryption_keys_put(const struct _u_request * request,
// If we reach this point, apparently everything went well.
return send_simple_response(response, 200, "status", "ok");
}
/**
* Callback function to add a luks encryption password.
* @param[in] request incoming HTTP request
* @param[out] response HTTP response to the request
* @param[in] user_data extra data to pass between main thread and callbacks
* @return internal status code
*/
int callback_encryption_keys_post(const struct _u_request * request,
struct _u_response * response, void * user_data)
{
return encryption_keys_change(request, response, true);
}
/**
* Callback function to change a luks encryption password.
* @param[in] request incoming HTTP request
* @param[out] response HTTP response to the request
* @param[in] user_data extra data to pass between main thread and callbacks
* @return internal status code
*/
int callback_encryption_keys_put(const struct _u_request * request,
struct _u_response * response, void * user_data)
{
return encryption_keys_change(request, response, false);
}
......@@ -11,7 +11,7 @@
#include <api/encryption_remove_post.c>
#include <api/encryption_unlock_post.c>
#include <api/encryption_keys_get.c>
#include <api/encryption_keys_put.c>
#include <api/encryption_keys_put_post.c>
#include <api/ssh_keys_get.c>
#include <api/ssh_keys_put.c>
#include <api/ssh_keys_post.c>
......@@ -58,6 +58,9 @@ int main(int argc, char ** argv)
ulfius_add_endpoint_by_val(&instance, "GET" , PREFIX,
"/encryption/keys",
0, &callback_encryption_keys_get, NULL);
ulfius_add_endpoint_by_val(&instance, "POST" , PREFIX,
"/encryption/keys",
0, &callback_encryption_keys_post, NULL);
ulfius_add_endpoint_by_val(&instance, "PUT" , PREFIX,
"/encryption/keys/:slot",
0, &callback_encryption_keys_put, NULL);
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment