diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-17 08:37:18 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-17 08:37:18 +0000 |
commit | 82adb3ced76821078f4cd08f73fa8271d225a9a5 (patch) | |
tree | a70950ee1ddd4c9623896b14e4e44f61cfec7d3a /src | |
parent | Releasing progress-linux version 2:2.7.0-1~progress7.99u1. (diff) | |
download | cryptsetup-82adb3ced76821078f4cd08f73fa8271d225a9a5.tar.xz cryptsetup-82adb3ced76821078f4cd08f73fa8271d225a9a5.zip |
Merging upstream version 2:2.7.1.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'src')
-rw-r--r-- | src/utils_luks.c | 3 | ||||
-rw-r--r-- | src/utils_reencrypt.c | 32 |
2 files changed, 24 insertions, 11 deletions
diff --git a/src/utils_luks.c b/src/utils_luks.c index 5007b3f..5c51a5a 100644 --- a/src/utils_luks.c +++ b/src/utils_luks.c @@ -104,6 +104,9 @@ void set_activation_flags(uint32_t *flags) (ARG_SET(OPT_KEY_SLOT_ID) || ARG_SET(OPT_UNBOUND_ID))) *flags |= CRYPT_ACTIVATE_ALLOW_UNBOUND_KEY; + if (ARG_SET(OPT_LINK_VK_TO_KEYRING_ID)) + *flags |= CRYPT_ACTIVATE_KEYRING_KEY; + if (ARG_SET(OPT_SERIALIZE_MEMORY_HARD_PBKDF_ID)) *flags |= CRYPT_ACTIVATE_SERIALIZE_MEMORY_HARD_PBKDF; diff --git a/src/utils_reencrypt.c b/src/utils_reencrypt.c index 7546811..0d908bc 100644 --- a/src/utils_reencrypt.c +++ b/src/utils_reencrypt.c @@ -736,50 +736,58 @@ static int reencrypt_restore_header(struct crypt_device **cd, } static int decrypt_luks2_datashift_init(struct crypt_device **cd, - const char *data_device, const char *expheader) { int fd, r; size_t passwordLen; struct stat hdr_st; + char *msg, *data_device, *active_name = NULL, *password = NULL; bool remove_header = false; - char *msg, *active_name = NULL, *password = NULL; struct crypt_params_reencrypt params = { .mode = CRYPT_REENCRYPT_DECRYPT, .direction = CRYPT_REENCRYPT_FORWARD, .resilience = "datashift-checksum", .hash = ARG_STR(OPT_RESILIENCE_HASH_ID) ?: "sha256", - .data_shift = crypt_get_data_offset(*cd), .device_size = ARG_UINT64(OPT_DEVICE_SIZE_ID) / SECTOR_SIZE, .max_hotzone_size = ARG_UINT64(OPT_HOTZONE_SIZE_ID) / SECTOR_SIZE, .flags = CRYPT_REENCRYPT_MOVE_FIRST_SEGMENT }; + assert(expheader); + assert(cd && *cd); + + params.data_shift = crypt_get_data_offset(*cd); + + if (!(data_device = strdup(crypt_get_device_name(*cd)))) + return -ENOMEM; + if (!ARG_SET(OPT_BATCH_MODE_ID)) { r = asprintf(&msg, _("Header file %s does not exist. Do you want to initialize LUKS2 " "decryption of device %s and export LUKS2 header to file %s?"), expheader, data_device, expheader); - if (r < 0) - return -ENOMEM; + if (r < 0) { + r = -ENOMEM; + goto out; + } r = yesDialog(msg, _("Operation aborted.\n")) ? 0 : -EINVAL; free(msg); if (r < 0) - return r; + goto out; } if ((r = decrypt_verify_and_set_params(¶ms))) - return r; + goto out; r = reencrypt_hint_force_offline_reencrypt(data_device); if (r < 0) - return r; + goto out; r = tools_get_key(NULL, &password, &passwordLen, ARG_UINT64(OPT_KEYFILE_OFFSET_ID), ARG_UINT32(OPT_KEYFILE_SIZE_ID), ARG_STR(OPT_KEY_FILE_ID), ARG_UINT32(OPT_TIMEOUT_ID), verify_passphrase(0), 0, *cd); if (r < 0) - return r; + goto out; r = reencrypt_check_passphrase(*cd, ARG_INT32(OPT_KEY_SLOT_ID), password, passwordLen); if (r < 0) @@ -854,6 +862,7 @@ static int decrypt_luks2_datashift_init(struct crypt_device **cd, } out: free(active_name); + free(data_device); crypt_safe_free(password); if (r < 0 && !remove_header && !stat(expheader, &hdr_st) && S_ISREG(hdr_st.st_mode)) @@ -1442,7 +1451,8 @@ static int _decrypt(struct crypt_device **cd, enum device_status_info dev_st, co assert(cd); - if (dev_st == DEVICE_LUKS1 || dev_st == DEVICE_LUKS1_UNUSABLE) + if (dev_st == DEVICE_LUKS1 || dev_st == DEVICE_LUKS1_UNUSABLE || + (dev_st == DEVICE_NOT_LUKS && ARG_SET(OPT_UUID_ID) && !ARG_SET(OPT_HEADER_ID))) return reencrypt_luks1(data_device); /* header file does not exist, try loading device type from data device */ @@ -1478,7 +1488,7 @@ static int _decrypt(struct crypt_device **cd, enum device_status_info dev_st, co } if (export_header) - r = decrypt_luks2_datashift_init(cd, data_device, ARG_STR(OPT_HEADER_ID)); + r = decrypt_luks2_datashift_init(cd, ARG_STR(OPT_HEADER_ID)); else r = decrypt_luks2_init(*cd, data_device); |