eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-13 11:50:10 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add LUKS2 reencryption recovery in repair command.

Browse Source
This commit is contained in:
Ondrej Kozina
2019-05-23 18:05:24 +02:00
parent bd6af68bc5
commit 0e4757e0fb
1 changed files with 57 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

59
src/cryptsetup.c
View File

@@ -980,12 +980,64 @@ static int set_pbkdf_params(struct crypt_device *cd, const char *dev_type)
return crypt_set_pbkdf_type(cd, &pbkdf); return crypt_set_pbkdf_type(cd, &pbkdf);
} }
static int _do_luks2_reencrypt_recovery(struct crypt_device *cd)
{
int r;
size_t passwordLen;
char *password = NULL;
struct crypt_params_reencrypt recovery_params = {
.flags = CRYPT_REENCRYPT_RECOVERY
};
crypt_reencrypt_info ri = crypt_reencrypt_status(cd, NULL);
switch (ri) {
case CRYPT_REENCRYPT_NONE:
/* fall through */
case CRYPT_REENCRYPT_CLEAN:
r = noDialog(_("Seems device does not require reencryption recovery.\n"
"Do you want to proceed anyway?"), NULL);
if (!r)
return 0;
break;
case CRYPT_REENCRYPT_CRASH:
r = yesDialog(_("Really proceed with LUKS2 reencryption recovery?"),
_("Operation aborted.\n"));
if (!r)
return -EINVAL;
break;
default:
return -EINVAL;
}
r = tools_get_key(_("Enter passphrase for reencryption recovery: "),
&password, &passwordLen, opt_keyfile_offset,
opt_keyfile_size, opt_key_file, opt_timeout,
_verify_passphrase(0), 0, cd);
if (r < 0)
return r;
r = crypt_activate_by_passphrase(cd, NULL, opt_key_slot,
password, passwordLen, 0);
if (r < 0)
goto out;
r = crypt_reencrypt_init_by_passphrase(cd, NULL, password, passwordLen,
opt_key_slot, opt_key_slot, NULL, NULL, &recovery_params);
if (r > 0)
r = 0;
out:
crypt_safe_free(password);
return r;
}
static int action_luksRepair(void) static int action_luksRepair(void)
{ {
struct crypt_device *cd = NULL; struct crypt_device *cd = NULL;
int r; int r;
if ((r = crypt_init(&cd, action_argv[0]))) if ((r = crypt_init_data_device(&cd, opt_header_device ?: action_argv[0],
action_argv[0])))
goto out; goto out;
crypt_set_log_callback(cd, quiet_log, NULL); crypt_set_log_callback(cd, quiet_log, NULL);
@@ -993,7 +1045,7 @@ static int action_luksRepair(void)
crypt_set_log_callback(cd, tool_log, NULL); crypt_set_log_callback(cd, tool_log, NULL);
if (r == 0) { if (r == 0) {
log_verbose(_("No known problems detected for LUKS header.")); log_verbose(_("No known problems detected for LUKS header."));
goto out; goto skip_repair;
} }
r = tools_detect_signatures(action_argv[0], 1, NULL); r = tools_detect_signatures(action_argv[0], 1, NULL);
@@ -1004,6 +1056,9 @@ static int action_luksRepair(void)
_("Operation aborted.\n")) ? 0 : -EINVAL; _("Operation aborted.\n")) ? 0 : -EINVAL;
if (r == 0) if (r == 0)
r = crypt_repair(cd, luksType(opt_type), NULL); r = crypt_repair(cd, luksType(opt_type), NULL);
skip_repair:
if (!r && crypt_get_type(cd) && !strcmp(crypt_get_type(cd), CRYPT_LUKS2))
r = _do_luks2_reencrypt_recovery(cd);
out: out:
crypt_free(cd); crypt_free(cd);
return r; return r;