|
 |
17b0f1 |
From be973ab9f6585be762ea0888c81b011222eabb13 Mon Sep 17 00:00:00 2001
|
|
|
17b0f1 |
From: Jan Synacek <jsynacek@redhat.com>
|
|
|
17b0f1 |
Date: Thu, 3 May 2018 11:21:27 +0200
|
|
|
17b0f1 |
Subject: [PATCH] cryptsetup: support LUKS2 on-disk format
|
|
|
17b0f1 |
|
|
|
17b0f1 |
Allow cryptsetup utility to activate LUKS2 devices (with appropriate
|
|
|
17b0f1 |
libcryptsetup)
|
|
|
17b0f1 |
|
|
|
17b0f1 |
The change itself doesn't enforce new libcryptsetup 2.x and is backward
|
|
|
17b0f1 |
compatible with versions 1.x
|
|
|
17b0f1 |
|
|
|
17b0f1 |
(cherry-picked from commit b3b4ebab02395933cde554b5a5d5c363dae3920d)
|
|
|
17b0f1 |
|
|
|
17b0f1 |
Resolves: #1573838
|
|
|
17b0f1 |
---
|
|
|
17b0f1 |
src/cryptsetup/cryptsetup.c | 20 ++++++++++++++------
|
|
|
17b0f1 |
1 file changed, 14 insertions(+), 6 deletions(-)
|
|
|
17b0f1 |
|
|
|
17b0f1 |
diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c
|
|
|
17b0f1 |
index 69a0156144..528c36c48b 100644
|
|
|
17b0f1 |
--- a/src/cryptsetup/cryptsetup.c
|
|
|
17b0f1 |
+++ b/src/cryptsetup/cryptsetup.c
|
|
|
17b0f1 |
@@ -36,7 +36,15 @@
|
|
|
17b0f1 |
#include "libudev.h"
|
|
|
17b0f1 |
#include "udev-util.h"
|
|
|
17b0f1 |
|
|
|
17b0f1 |
-static const char *arg_type = NULL; /* CRYPT_LUKS1, CRYPT_TCRYPT or CRYPT_PLAIN */
|
|
|
17b0f1 |
+/* libcryptsetup define for any LUKS version, compatible with libcryptsetup 1.x */
|
|
|
17b0f1 |
+#ifndef CRYPT_LUKS
|
|
|
17b0f1 |
+#define CRYPT_LUKS NULL
|
|
|
17b0f1 |
+#endif
|
|
|
17b0f1 |
+
|
|
|
17b0f1 |
+/* internal helper */
|
|
|
17b0f1 |
+#define ANY_LUKS "LUKS"
|
|
|
17b0f1 |
+
|
|
|
17b0f1 |
+static const char *arg_type = NULL; /* ANY_LUKS, CRYPT_LUKS1, CRYPT_LUKS2, CRYPT_TCRYPT or CRYPT_PLAIN */
|
|
|
17b0f1 |
static char *arg_cipher = NULL;
|
|
|
17b0f1 |
static unsigned arg_key_size = 0;
|
|
|
17b0f1 |
static int arg_key_slot = CRYPT_ANY_SLOT;
|
|
|
17b0f1 |
@@ -98,7 +106,7 @@ static int parse_one_option(const char *option) {
|
|
|
17b0f1 |
|
|
|
17b0f1 |
} else if (startswith(option, "key-slot=")) {
|
|
|
17b0f1 |
|
|
|
17b0f1 |
- arg_type = CRYPT_LUKS1;
|
|
|
17b0f1 |
+ arg_type = ANY_LUKS;
|
|
|
17b0f1 |
if (safe_atoi(option+9, &arg_key_slot) < 0) {
|
|
|
17b0f1 |
log_error("key-slot= parse failure, ignoring.");
|
|
|
17b0f1 |
return 0;
|
|
|
17b0f1 |
@@ -138,7 +146,7 @@ static int parse_one_option(const char *option) {
|
|
|
17b0f1 |
arg_hash = t;
|
|
|
17b0f1 |
|
|
|
17b0f1 |
} else if (startswith(option, "header=")) {
|
|
|
17b0f1 |
- arg_type = CRYPT_LUKS1;
|
|
|
17b0f1 |
+ arg_type = ANY_LUKS;
|
|
|
17b0f1 |
|
|
|
17b0f1 |
if (!path_is_absolute(option+7)) {
|
|
|
17b0f1 |
log_error("Header path '%s' is not absolute, refusing.", option+7);
|
|
|
17b0f1 |
@@ -168,7 +176,7 @@ static int parse_one_option(const char *option) {
|
|
|
17b0f1 |
else if (STR_IN_SET(option, "allow-discards", "discard"))
|
|
|
17b0f1 |
arg_discards = true;
|
|
|
17b0f1 |
else if (streq(option, "luks"))
|
|
|
17b0f1 |
- arg_type = CRYPT_LUKS1;
|
|
|
17b0f1 |
+ arg_type = ANY_LUKS;
|
|
|
17b0f1 |
else if (streq(option, "tcrypt"))
|
|
|
17b0f1 |
arg_type = CRYPT_TCRYPT;
|
|
|
17b0f1 |
else if (streq(option, "tcrypt-hidden")) {
|
|
|
17b0f1 |
@@ -430,8 +438,8 @@ static int attach_luks_or_plain(struct crypt_device *cd,
|
|
|
17b0f1 |
assert(name);
|
|
|
17b0f1 |
assert(key_file || passwords);
|
|
|
17b0f1 |
|
|
|
17b0f1 |
- if (!arg_type || streq(arg_type, CRYPT_LUKS1)) {
|
|
|
17b0f1 |
- r = crypt_load(cd, CRYPT_LUKS1, NULL);
|
|
|
17b0f1 |
+ if (!arg_type || STR_IN_SET(arg_type, ANY_LUKS, CRYPT_LUKS1)) {
|
|
|
17b0f1 |
+ r = crypt_load(cd, CRYPT_LUKS, NULL);
|
|
|
17b0f1 |
if (r < 0) {
|
|
|
17b0f1 |
log_error("crypt_load() failed on device %s.\n", crypt_get_device_name(cd));
|
|
|
17b0f1 |
return r;
|