teknoraver / rpms / systemd

Forked from rpms/systemd 4 months ago
Clone

Blame SOURCES/0623-cryptsetup-support-LUKS2-on-disk-format.patch

aed857
From be973ab9f6585be762ea0888c81b011222eabb13 Mon Sep 17 00:00:00 2001
aed857
From: Jan Synacek <jsynacek@redhat.com>
aed857
Date: Thu, 3 May 2018 11:21:27 +0200
aed857
Subject: [PATCH] cryptsetup: support LUKS2 on-disk format
aed857
aed857
Allow cryptsetup utility to activate LUKS2 devices (with appropriate
aed857
libcryptsetup)
aed857
aed857
The change itself doesn't enforce new libcryptsetup 2.x and is backward
aed857
compatible with versions 1.x
aed857
aed857
(cherry-picked from commit b3b4ebab02395933cde554b5a5d5c363dae3920d)
aed857
aed857
Resolves: #1573838
aed857
---
aed857
 src/cryptsetup/cryptsetup.c | 20 ++++++++++++++------
aed857
 1 file changed, 14 insertions(+), 6 deletions(-)
aed857
aed857
diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c
aed857
index 69a015614..528c36c48 100644
aed857
--- a/src/cryptsetup/cryptsetup.c
aed857
+++ b/src/cryptsetup/cryptsetup.c
aed857
@@ -36,7 +36,15 @@
aed857
 #include "libudev.h"
aed857
 #include "udev-util.h"
aed857
 
aed857
-static const char *arg_type = NULL; /* CRYPT_LUKS1, CRYPT_TCRYPT or CRYPT_PLAIN */
aed857
+/* libcryptsetup define for any LUKS version, compatible with libcryptsetup 1.x */
aed857
+#ifndef CRYPT_LUKS
aed857
+#define CRYPT_LUKS NULL
aed857
+#endif
aed857
+
aed857
+/* internal helper */
aed857
+#define ANY_LUKS "LUKS"
aed857
+
aed857
+static const char *arg_type = NULL; /* ANY_LUKS, CRYPT_LUKS1, CRYPT_LUKS2, CRYPT_TCRYPT or CRYPT_PLAIN */
aed857
 static char *arg_cipher = NULL;
aed857
 static unsigned arg_key_size = 0;
aed857
 static int arg_key_slot = CRYPT_ANY_SLOT;
aed857
@@ -98,7 +106,7 @@ static int parse_one_option(const char *option) {
aed857
 
aed857
         } else if (startswith(option, "key-slot=")) {
aed857
 
aed857
-                arg_type = CRYPT_LUKS1;
aed857
+                arg_type = ANY_LUKS;
aed857
                 if (safe_atoi(option+9, &arg_key_slot) < 0) {
aed857
                         log_error("key-slot= parse failure, ignoring.");
aed857
                         return 0;
aed857
@@ -138,7 +146,7 @@ static int parse_one_option(const char *option) {
aed857
                 arg_hash = t;
aed857
 
aed857
         } else if (startswith(option, "header=")) {
aed857
-                arg_type = CRYPT_LUKS1;
aed857
+                arg_type = ANY_LUKS;
aed857
 
aed857
                 if (!path_is_absolute(option+7)) {
aed857
                         log_error("Header path '%s' is not absolute, refusing.", option+7);
aed857
@@ -168,7 +176,7 @@ static int parse_one_option(const char *option) {
aed857
         else if (STR_IN_SET(option, "allow-discards", "discard"))
aed857
                 arg_discards = true;
aed857
         else if (streq(option, "luks"))
aed857
-                arg_type = CRYPT_LUKS1;
aed857
+                arg_type = ANY_LUKS;
aed857
         else if (streq(option, "tcrypt"))
aed857
                 arg_type = CRYPT_TCRYPT;
aed857
         else if (streq(option, "tcrypt-hidden")) {
aed857
@@ -430,8 +438,8 @@ static int attach_luks_or_plain(struct crypt_device *cd,
aed857
         assert(name);
aed857
         assert(key_file || passwords);
aed857
 
aed857
-        if (!arg_type || streq(arg_type, CRYPT_LUKS1)) {
aed857
-                r = crypt_load(cd, CRYPT_LUKS1, NULL);
aed857
+        if (!arg_type || STR_IN_SET(arg_type, ANY_LUKS, CRYPT_LUKS1)) {
aed857
+                r = crypt_load(cd, CRYPT_LUKS, NULL);
aed857
                 if (r < 0) {
aed857
                         log_error("crypt_load() failed on device %s.\n", crypt_get_device_name(cd));
aed857
                         return r;