rpms / systemd

Clone
Source Code
GIT

Blame SOURCES/0206-cryptsetup-Add-LUKS2-token-support.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-atomic c7-atomic-beta c7-beta c7-sig-altarch-fasttrack c8 c8-beta c8s c8s-sig-hyperscale c8s-sig-hyperscale-hotfix-252 c9 c9-beta c9s-sig-hyperscale c9s-sig-hyperscale-hotfix-252
  1.   c8-beta
  2.   SOURCES
  3.   0206-cryptsetup-Add-LUKS2-token-support.patch
Blob History Raw
4fbe94 
From 7a597a091de83a861d81166b0e863bf2977c829c Mon Sep 17 00:00:00 2001
4fbe94 
From: Milan Broz <gmazyland@gmail.com>
4fbe94 
Date: Mon, 27 May 2019 09:44:14 +0200
4fbe94 
Subject: [PATCH] cryptsetup: Add LUKS2 token support.
4fbe94
4fbe94 
LUKS2 supports so-called tokens. The libcryptsetup internally
4fbe94 
support keyring token (it tries to open device using specified
4fbe94 
keyring entry).
4fbe94 
Only if all token fails (or are not available), it uses a passphrase.
4fbe94
4fbe94 
This patch aligns the functionality with the cryptsetup utility
4fbe94 
(cryptsetup luksOpen tries tokens first) but does not replace
4fbe94 
the systemd native ask-password function (can be used the same in
4fbe94 
combination with this patch).
4fbe94
4fbe94 
(cherry picked from commit 894bb3ca4c730cc9e9d46ef5004ba4ca5e201d8d)
4fbe94
4fbe94 
Resolves: #1719153
4fbe94 
---
4fbe94 
 src/cryptsetup/cryptsetup.c | 12 ++++++++++++
4fbe94 
 1 file changed, 12 insertions(+)
4fbe94
4fbe94 
diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c
4fbe94 
index a0bd80ea65..4e1b3eff19 100644
4fbe94 
--- a/src/cryptsetup/cryptsetup.c
4fbe94 
+++ b/src/cryptsetup/cryptsetup.c
4fbe94 
@@ -682,6 +682,18 @@ int main(int argc, char *argv[]) {
4fbe94 
                                 if (r < 0)
4fbe94 
                                         return log_error_errno(r, "Failed to set LUKS data device %s: %m", argv[3]);
4fbe94 
                         }
4fbe94 
+#ifdef CRYPT_ANY_TOKEN
4fbe94 
+                        /* Tokens are available in LUKS2 only, but it is ok to call (and fail) with LUKS1. */
4fbe94 
+                        if (!key_file) {
4fbe94 
+                                r = crypt_activate_by_token(cd, argv[2], CRYPT_ANY_TOKEN, NULL, flags);
4fbe94 
+                                if (r >= 0) {
4fbe94 
+                                        log_debug("Volume %s activated with LUKS token id %i.", argv[2], r);
4fbe94 
+                                        return 0;
4fbe94 
+                                }
4fbe94 
+
4fbe94 
+                                log_debug_errno(r, "Token activation unsuccessful for device %s: %m", crypt_get_device_name(cd));
4fbe94 
+                        }
4fbe94 
+#endif
4fbe94 
                 }
4fbe94
4fbe94 
                 for (tries = 0; arg_tries == 0 || tries < arg_tries; tries++) {

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation