Skip to content
Snippets Groups Projects
Normal view History Permalink
encryption_keys_put.c 2.72 KiB
Newer Older
Arie Peterson's avatar
Add endpoint for changing encryption passwords
Arie Peterson committed
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 
/**
 * Callback function to change a luks encryption password.
 * @param[in]   request   incoming HTTP request
 * @param[out]  response  HTTP response to the request
 * @param[in]   user_data extra data to pass between main thread and callbacks
 * @return                internal status code
 */
int callback_encryption_keys_put(const struct _u_request * request,
    struct _u_response * response, void * user_data)
{
    int r;

    // Read in json request body.
    json_t * json_input = ulfius_get_json_body_request(request, NULL);

    // Read (current) password from request.
    const char * password;
    password = json_string_value(json_object_get(json_input, "password"));
    if (password == NULL)
    {
        return send_simple_response(response, 400, "error", "missing password");
    }

    // Read new password from request.
    const char * new_password;
    new_password = json_string_value(json_object_get(json_input,
        "new-password"));
    if (new_password == NULL)
    {
        return send_simple_response(response, 400, "error",
            "missing new password");
    }

    // Read keyslot from request URI.
    const char * keyslot_string = u_map_get(request->map_url, "slot");
    if (keyslot_string == NULL)
    {
Arie Peterson's avatar
Resolving discussions  
Arie Peterson committed
38 
        return send_simple_response(response, 400, "error",
Arie Peterson's avatar
Add endpoint for changing encryption passwords
Arie Peterson committed
39 40 41 42 43 44 45 
            "missing url parameter `slot`");
    }
    int keyslot;
    r = parse_int(keyslot_string, &keyslot);
    if (r != 0)
    {
        printf("invalid url parameter `slot`: %s\n", keyslot_string);
Arie Peterson's avatar
Resolving discussions  
Arie Peterson committed
46 
        return send_simple_response(response, 400, "error",
Arie Peterson's avatar
Add endpoint for changing encryption passwords
Arie Peterson committed
47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 
            "invalid url parameter `slot`");
    }

    // Initialise encrypted container.
    struct crypt_device * cd = NULL;
    r = container_initialise(&cd, DATA_PARTITION_DEVICE, true);
    if (r < 0)
    {
        crypt_free(cd);
    }
    if (r != 0)
    {
        printf("container_initialise failed with status %d\n", r);
        return send_simple_response(response, 500, "error",
            "initialising encrypted container failed");
    }

    // Add encryption password.
    r = crypt_keyslot_change_by_passphrase(cd, keyslot, keyslot,
        password, strlen(password), new_password, strlen(new_password));
  
    if (r == -1)
    {
        // Experience learns that -1 is returned when the password is wrong.
        return send_simple_response(response, 403, "error",
           "incorrect password");
    }
  
    if (r < 0)
    {
        // Something else went wrong.
Arie Peterson's avatar
Add endpoint for adding encryption password  
Arie Peterson committed
78 
        printf("crypt_keyslot_change_by_passphrase failed with status %d\n", r);
Arie Peterson's avatar
Add endpoint for changing encryption passwords
Arie Peterson committed
79 80 81 82 83 84 85 
        return send_simple_response(response, 500, "error",
            "error changing password");
    }
  
    // If we reach this point, apparently everything went well.
    return send_simple_response(response, 200, "status", "ok");
}