Merge branch '5-add-luks-key-endpoint' into 'master'

Add endpoint for adding encryption key Closes #5 See merge request !14

Merge branch '5-add-luks-key-endpoint' into 'master'
Add endpoint for adding encryption key Closes #5 See merge request !14
17ba154b · Maarten de Waard · 5e8bac28 · 10c29be4 · 17ba154b · 17ba154b
Commit 17ba154b authored 7 years ago by Maarten de Waard
--- a/src/api/encryption_keys_put.c
+++ b/src/api/encryption_keys_put.c
 /**
- * Callback function to change a luks encryption password.
+ * Combined handler for adding and changing luks encryption passwords.
 * @param[in]   request   incoming HTTP request
 * @param[out]  response  HTTP response to the request
- * @param[in]   user_data extra data to pass between main thread and callbacks
+ * @param[in]   is_post   this is a post request (true) or a put (false)
 * @return                internal status code
 */
-int callback_encryption_keys_put(const struct _u_request * request,
-    struct _u_response * response, void * user_data)
+int encryption_keys_change(const struct _u_request * request,
+    struct _u_response * response, bool is_post)
 {
    int r;

@@ -31,20 +31,29 @@ int callback_encryption_keys_put(const struct _u_request * request,
            "missing new password");
    }

-    // Read keyslot from request URI.
-    const char * keyslot_string = u_map_get(request->map_url, "slot");
-    if (keyslot_string == NULL)
+    int keyslot;
+    // Posting a new password, put it in the first available slot.
+    if (is_post)
    {
-        return send_simple_response(response, 400, "error",
-            "missing url parameter `slot`");
+        keyslot = CRYPT_ANY_SLOT;
    }
-    int keyslot;
-    r = parse_int(keyslot_string, &keyslot);
-    if (r != 0)
+    // Changing an existing password, so read the slot from the url.
+    else
    {
-        printf("invalid url parameter `slot`: %s\n", keyslot_string);
-        return send_simple_response(response, 400, "error",
-            "invalid url parameter `slot`");
+        // Read keyslot from request URI.
+        const char * keyslot_string = u_map_get(request->map_url, "slot");
+        if (keyslot_string == NULL)
+        {
+            return send_simple_response(response, 400, "error",
+                "missing url parameter `slot`");
+        }
+        r = parse_int(keyslot_string, &keyslot);
+        if (r != 0)
+        {
+            printf("invalid url parameter `slot`: %s\n", keyslot_string);
+            return send_simple_response(response, 400, "error",
+                "invalid url parameter `slot`");
+        }
    }

    // Initialise encrypted container.
@@ -61,9 +70,18 @@ int callback_encryption_keys_put(const struct _u_request * request,
            "initialising encrypted container failed");
    }

-    // Add encryption password.
-    r = crypt_keyslot_change_by_passphrase(cd, keyslot, keyslot,
-        password, strlen(password), new_password, strlen(new_password));
+    if (is_post)
+    {
+        // Add encryption password.
+        r = crypt_keyslot_add_by_passphrase(cd, keyslot,
+            password, strlen(password), new_password, strlen(new_password));
+    }
+    else
+    {
+        // Change encryption password.
+        r = crypt_keyslot_change_by_passphrase(cd, keyslot, keyslot,
+            password, strlen(password), new_password, strlen(new_password));
+    }
  
    if (r == -1)
    {
@@ -75,7 +93,14 @@ int callback_encryption_keys_put(const struct _u_request * request,
    if (r < 0)
    {
        // Something else went wrong.
-        printf("crypt_keyslot_add_by_passphrase failed with status %d\n", r);
+        if (is_post)
+        {
+            printf("crypt_keyslot_add_by_passphrase failed with status %d\n", r);
+        }
+        else
+        {
+            printf("crypt_keyslot_change_by_passphrase failed with status %d\n", r);
+        }
        return send_simple_response(response, 500, "error",
            "error changing password");
    }
@@ -83,3 +108,28 @@ int callback_encryption_keys_put(const struct _u_request * request,
    // If we reach this point, apparently everything went well.
    return send_simple_response(response, 200, "status", "ok");
 }
+
+/**
+ * Callback function to add a luks encryption password.
+ * @param[in]   request   incoming HTTP request
+ * @param[out]  response  HTTP response to the request
+ * @param[in]   user_data extra data to pass between main thread and callbacks
+ * @return                internal status code
+ */
+int callback_encryption_keys_post(const struct _u_request * request,
+    struct _u_response * response, void * user_data)
+{
+    return encryption_keys_change(request, response, true);
+}
+/**
+ * Callback function to change a luks encryption password.
+ * @param[in]   request   incoming HTTP request
+ * @param[out]  response  HTTP response to the request
+ * @param[in]   user_data extra data to pass between main thread and callbacks
+ * @return                internal status code
+ */
+int callback_encryption_keys_put(const struct _u_request * request,
+    struct _u_response * response, void * user_data)
+{
+    return encryption_keys_change(request, response, false);
+}
--- a/src/cryptops-api.c
+++ b/src/cryptops-api.c
@@ -11,7 +11,7 @@
 #include <api/encryption_remove_post.c>
 #include <api/encryption_unlock_post.c>
 #include <api/encryption_keys_get.c>
-#include <api/encryption_keys_put.c>
+#include <api/encryption_keys_put_post.c>
 #include <api/ssh_keys_get.c>
 #include <api/ssh_keys_put.c>
 #include <api/ssh_keys_post.c>
@@ -58,6 +58,9 @@ int main(int argc, char ** argv)
    ulfius_add_endpoint_by_val(&instance, "GET" , PREFIX,
        "/encryption/keys",
        0, &callback_encryption_keys_get, NULL);
+    ulfius_add_endpoint_by_val(&instance, "POST" , PREFIX,
+        "/encryption/keys",
+        0, &callback_encryption_keys_post, NULL);
    ulfius_add_endpoint_by_val(&instance, "PUT" , PREFIX,
        "/encryption/keys/:slot",
        0, &callback_encryption_keys_put, NULL);