|
|
|
|
From be973ab9f6585be762ea0888c81b011222eabb13 Mon Sep 17 00:00:00 2001
|
|
|
|
|
From: Jan Synacek <jsynacek@redhat.com>
|
|
|
|
|
Date: Thu, 3 May 2018 11:21:27 +0200
|
|
|
|
|
Subject: [PATCH] cryptsetup: support LUKS2 on-disk format
|
|
|
|
|
|
|
|
|
|
Allow cryptsetup utility to activate LUKS2 devices (with appropriate
|
|
|
|
|
libcryptsetup)
|
|
|
|
|
|
|
|
|
|
The change itself doesn't enforce new libcryptsetup 2.x and is backward
|
|
|
|
|
compatible with versions 1.x
|
|
|
|
|
|
|
|
|
|
(cherry-picked from commit b3b4ebab02395933cde554b5a5d5c363dae3920d)
|
|
|
|
|
|
|
|
|
|
Resolves: #1573838
|
|
|
|
|
---
|
|
|
|
|
src/cryptsetup/cryptsetup.c | 20 ++++++++++++++------
|
|
|
|
|
1 file changed, 14 insertions(+), 6 deletions(-)
|
|
|
|
|
|
|
|
|
|
diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c
|
|
|
|
|
index 69a0156144..528c36c48b 100644
|
|
|
|
|
--- a/src/cryptsetup/cryptsetup.c
|
|
|
|
|
+++ b/src/cryptsetup/cryptsetup.c
|
|
|
|
|
@@ -36,7 +36,15 @@
|
|
|
|
|
#include "libudev.h"
|
|
|
|
|
#include "udev-util.h"
|
|
|
|
|
|
|
|
|
|
-static const char *arg_type = NULL; /* CRYPT_LUKS1, CRYPT_TCRYPT or CRYPT_PLAIN */
|
|
|
|
|
+/* libcryptsetup define for any LUKS version, compatible with libcryptsetup 1.x */
|
|
|
|
|
+#ifndef CRYPT_LUKS
|
|
|
|
|
+#define CRYPT_LUKS NULL
|
|
|
|
|
+#endif
|
|
|
|
|
+
|
|
|
|
|
+/* internal helper */
|
|
|
|
|
+#define ANY_LUKS "LUKS"
|
|
|
|
|
+
|
|
|
|
|
+static const char *arg_type = NULL; /* ANY_LUKS, CRYPT_LUKS1, CRYPT_LUKS2, CRYPT_TCRYPT or CRYPT_PLAIN */
|
|
|
|
|
static char *arg_cipher = NULL;
|
|
|
|
|
static unsigned arg_key_size = 0;
|
|
|
|
|
static int arg_key_slot = CRYPT_ANY_SLOT;
|
|
|
|
|
@@ -98,7 +106,7 @@ static int parse_one_option(const char *option) {
|
|
|
|
|
|
|
|
|
|
} else if (startswith(option, "key-slot=")) {
|
|
|
|
|
|
|
|
|
|
- arg_type = CRYPT_LUKS1;
|
|
|
|
|
+ arg_type = ANY_LUKS;
|
|
|
|
|
if (safe_atoi(option+9, &arg_key_slot) < 0) {
|
|
|
|
|
log_error("key-slot= parse failure, ignoring.");
|
|
|
|
|
return 0;
|
|
|
|
|
@@ -138,7 +146,7 @@ static int parse_one_option(const char *option) {
|
|
|
|
|
arg_hash = t;
|
|
|
|
|
|
|
|
|
|
} else if (startswith(option, "header=")) {
|
|
|
|
|
- arg_type = CRYPT_LUKS1;
|
|
|
|
|
+ arg_type = ANY_LUKS;
|
|
|
|
|
|
|
|
|
|
if (!path_is_absolute(option+7)) {
|
|
|
|
|
log_error("Header path '%s' is not absolute, refusing.", option+7);
|
|
|
|
|
@@ -168,7 +176,7 @@ static int parse_one_option(const char *option) {
|
|
|
|
|
else if (STR_IN_SET(option, "allow-discards", "discard"))
|
|
|
|
|
arg_discards = true;
|
|
|
|
|
else if (streq(option, "luks"))
|
|
|
|
|
- arg_type = CRYPT_LUKS1;
|
|
|
|
|
+ arg_type = ANY_LUKS;
|
|
|
|
|
else if (streq(option, "tcrypt"))
|
|
|
|
|
arg_type = CRYPT_TCRYPT;
|
|
|
|
|
else if (streq(option, "tcrypt-hidden")) {
|
|
|
|
|
@@ -430,8 +438,8 @@ static int attach_luks_or_plain(struct crypt_device *cd,
|
|
|
|
|
assert(name);
|
|
|
|
|
assert(key_file || passwords);
|
|
|
|
|
|
|
|
|
|
- if (!arg_type || streq(arg_type, CRYPT_LUKS1)) {
|
|
|
|
|
- r = crypt_load(cd, CRYPT_LUKS1, NULL);
|
|
|
|
|
+ if (!arg_type || STR_IN_SET(arg_type, ANY_LUKS, CRYPT_LUKS1)) {
|
|
|
|
|
+ r = crypt_load(cd, CRYPT_LUKS, NULL);
|
|
|
|
|
if (r < 0) {
|
|
|
|
|
log_error("crypt_load() failed on device %s.\n", crypt_get_device_name(cd));
|
|
|
|
|
return r;
|
