teknoraver / rpms / systemd

Forked from rpms/systemd 2 months ago
Clone

Blame SOURCES/0623-cryptsetup-support-LUKS2-on-disk-format.patch

a9339c
From be973ab9f6585be762ea0888c81b011222eabb13 Mon Sep 17 00:00:00 2001
a9339c
From: Jan Synacek <jsynacek@redhat.com>
a9339c
Date: Thu, 3 May 2018 11:21:27 +0200
a9339c
Subject: [PATCH] cryptsetup: support LUKS2 on-disk format
a9339c
a9339c
Allow cryptsetup utility to activate LUKS2 devices (with appropriate
a9339c
libcryptsetup)
a9339c
a9339c
The change itself doesn't enforce new libcryptsetup 2.x and is backward
a9339c
compatible with versions 1.x
a9339c
a9339c
(cherry-picked from commit b3b4ebab02395933cde554b5a5d5c363dae3920d)
a9339c
a9339c
Resolves: #1573838
a9339c
---
a9339c
 src/cryptsetup/cryptsetup.c | 20 ++++++++++++++------
a9339c
 1 file changed, 14 insertions(+), 6 deletions(-)
a9339c
a9339c
diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c
a9339c
index 69a015614..528c36c48 100644
a9339c
--- a/src/cryptsetup/cryptsetup.c
a9339c
+++ b/src/cryptsetup/cryptsetup.c
a9339c
@@ -36,7 +36,15 @@
a9339c
 #include "libudev.h"
a9339c
 #include "udev-util.h"
a9339c
 
a9339c
-static const char *arg_type = NULL; /* CRYPT_LUKS1, CRYPT_TCRYPT or CRYPT_PLAIN */
a9339c
+/* libcryptsetup define for any LUKS version, compatible with libcryptsetup 1.x */
a9339c
+#ifndef CRYPT_LUKS
a9339c
+#define CRYPT_LUKS NULL
a9339c
+#endif
a9339c
+
a9339c
+/* internal helper */
a9339c
+#define ANY_LUKS "LUKS"
a9339c
+
a9339c
+static const char *arg_type = NULL; /* ANY_LUKS, CRYPT_LUKS1, CRYPT_LUKS2, CRYPT_TCRYPT or CRYPT_PLAIN */
a9339c
 static char *arg_cipher = NULL;
a9339c
 static unsigned arg_key_size = 0;
a9339c
 static int arg_key_slot = CRYPT_ANY_SLOT;
a9339c
@@ -98,7 +106,7 @@ static int parse_one_option(const char *option) {
a9339c
 
a9339c
         } else if (startswith(option, "key-slot=")) {
a9339c
 
a9339c
-                arg_type = CRYPT_LUKS1;
a9339c
+                arg_type = ANY_LUKS;
a9339c
                 if (safe_atoi(option+9, &arg_key_slot) < 0) {
a9339c
                         log_error("key-slot= parse failure, ignoring.");
a9339c
                         return 0;
a9339c
@@ -138,7 +146,7 @@ static int parse_one_option(const char *option) {
a9339c
                 arg_hash = t;
a9339c
 
a9339c
         } else if (startswith(option, "header=")) {
a9339c
-                arg_type = CRYPT_LUKS1;
a9339c
+                arg_type = ANY_LUKS;
a9339c
 
a9339c
                 if (!path_is_absolute(option+7)) {
a9339c
                         log_error("Header path '%s' is not absolute, refusing.", option+7);
a9339c
@@ -168,7 +176,7 @@ static int parse_one_option(const char *option) {
a9339c
         else if (STR_IN_SET(option, "allow-discards", "discard"))
a9339c
                 arg_discards = true;
a9339c
         else if (streq(option, "luks"))
a9339c
-                arg_type = CRYPT_LUKS1;
a9339c
+                arg_type = ANY_LUKS;
a9339c
         else if (streq(option, "tcrypt"))
a9339c
                 arg_type = CRYPT_TCRYPT;
a9339c
         else if (streq(option, "tcrypt-hidden")) {
a9339c
@@ -430,8 +438,8 @@ static int attach_luks_or_plain(struct crypt_device *cd,
a9339c
         assert(name);
a9339c
         assert(key_file || passwords);
a9339c
 
a9339c
-        if (!arg_type || streq(arg_type, CRYPT_LUKS1)) {
a9339c
-                r = crypt_load(cd, CRYPT_LUKS1, NULL);
a9339c
+        if (!arg_type || STR_IN_SET(arg_type, ANY_LUKS, CRYPT_LUKS1)) {
a9339c
+                r = crypt_load(cd, CRYPT_LUKS, NULL);
a9339c
                 if (r < 0) {
a9339c
                         log_error("crypt_load() failed on device %s.\n", crypt_get_device_name(cd));
a9339c
                         return r;