teknoraver / rpms / systemd

Forked from rpms/systemd 3 months ago
Clone

Blame SOURCES/0623-cryptsetup-support-LUKS2-on-disk-format.patch

923a60
From be973ab9f6585be762ea0888c81b011222eabb13 Mon Sep 17 00:00:00 2001
923a60
From: Jan Synacek <jsynacek@redhat.com>
923a60
Date: Thu, 3 May 2018 11:21:27 +0200
923a60
Subject: [PATCH] cryptsetup: support LUKS2 on-disk format
923a60
923a60
Allow cryptsetup utility to activate LUKS2 devices (with appropriate
923a60
libcryptsetup)
923a60
923a60
The change itself doesn't enforce new libcryptsetup 2.x and is backward
923a60
compatible with versions 1.x
923a60
923a60
(cherry-picked from commit b3b4ebab02395933cde554b5a5d5c363dae3920d)
923a60
923a60
Resolves: #1573838
923a60
---
923a60
 src/cryptsetup/cryptsetup.c | 20 ++++++++++++++------
923a60
 1 file changed, 14 insertions(+), 6 deletions(-)
923a60
923a60
diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c
923a60
index 69a0156144..528c36c48b 100644
923a60
--- a/src/cryptsetup/cryptsetup.c
923a60
+++ b/src/cryptsetup/cryptsetup.c
923a60
@@ -36,7 +36,15 @@
923a60
 #include "libudev.h"
923a60
 #include "udev-util.h"
923a60
 
923a60
-static const char *arg_type = NULL; /* CRYPT_LUKS1, CRYPT_TCRYPT or CRYPT_PLAIN */
923a60
+/* libcryptsetup define for any LUKS version, compatible with libcryptsetup 1.x */
923a60
+#ifndef CRYPT_LUKS
923a60
+#define CRYPT_LUKS NULL
923a60
+#endif
923a60
+
923a60
+/* internal helper */
923a60
+#define ANY_LUKS "LUKS"
923a60
+
923a60
+static const char *arg_type = NULL; /* ANY_LUKS, CRYPT_LUKS1, CRYPT_LUKS2, CRYPT_TCRYPT or CRYPT_PLAIN */
923a60
 static char *arg_cipher = NULL;
923a60
 static unsigned arg_key_size = 0;
923a60
 static int arg_key_slot = CRYPT_ANY_SLOT;
923a60
@@ -98,7 +106,7 @@ static int parse_one_option(const char *option) {
923a60
 
923a60
         } else if (startswith(option, "key-slot=")) {
923a60
 
923a60
-                arg_type = CRYPT_LUKS1;
923a60
+                arg_type = ANY_LUKS;
923a60
                 if (safe_atoi(option+9, &arg_key_slot) < 0) {
923a60
                         log_error("key-slot= parse failure, ignoring.");
923a60
                         return 0;
923a60
@@ -138,7 +146,7 @@ static int parse_one_option(const char *option) {
923a60
                 arg_hash = t;
923a60
 
923a60
         } else if (startswith(option, "header=")) {
923a60
-                arg_type = CRYPT_LUKS1;
923a60
+                arg_type = ANY_LUKS;
923a60
 
923a60
                 if (!path_is_absolute(option+7)) {
923a60
                         log_error("Header path '%s' is not absolute, refusing.", option+7);
923a60
@@ -168,7 +176,7 @@ static int parse_one_option(const char *option) {
923a60
         else if (STR_IN_SET(option, "allow-discards", "discard"))
923a60
                 arg_discards = true;
923a60
         else if (streq(option, "luks"))
923a60
-                arg_type = CRYPT_LUKS1;
923a60
+                arg_type = ANY_LUKS;
923a60
         else if (streq(option, "tcrypt"))
923a60
                 arg_type = CRYPT_TCRYPT;
923a60
         else if (streq(option, "tcrypt-hidden")) {
923a60
@@ -430,8 +438,8 @@ static int attach_luks_or_plain(struct crypt_device *cd,
923a60
         assert(name);
923a60
         assert(key_file || passwords);
923a60
 
923a60
-        if (!arg_type || streq(arg_type, CRYPT_LUKS1)) {
923a60
-                r = crypt_load(cd, CRYPT_LUKS1, NULL);
923a60
+        if (!arg_type || STR_IN_SET(arg_type, ANY_LUKS, CRYPT_LUKS1)) {
923a60
+                r = crypt_load(cd, CRYPT_LUKS, NULL);
923a60
                 if (r < 0) {
923a60
                         log_error("crypt_load() failed on device %s.\n", crypt_get_device_name(cd));
923a60
                         return r;