eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-11 19:00:02 +01:00
Code Issues Packages Projects Releases Wiki Activity

Optionaly check device table before reencryption initialization.

Browse Source
This commit is contained in:
Ondrej Kozina
2019-07-30 17:59:25 +02:00
parent 98e0c8d609
commit 3bea349f9e
1 changed files with 32 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
lib/luks2/luks2_reencrypt.c
View File

@@ -2224,6 +2224,7 @@ static int parse_reencryption_mode(const char *mode)
/* This function must be called with metadata lock held */ /* This function must be called with metadata lock held */
static int _reencrypt_init(struct crypt_device *cd, static int _reencrypt_init(struct crypt_device *cd,
const char *name,
struct luks2_hdr *hdr, struct luks2_hdr *hdr,
const char *passphrase, const char *passphrase,
size_t passphrase_size, size_t passphrase_size,
@@ -2239,6 +2240,10 @@ static int _reencrypt_init(struct crypt_device *cd,
uint32_t sector_size; uint32_t sector_size;
int r, reencrypt_keyslot, devfd = -1; int r, reencrypt_keyslot, devfd = -1;
uint64_t data_offset, dev_size = 0; uint64_t data_offset, dev_size = 0;
struct crypt_dm_active_device dmd_target, dmd_source = {
.uuid = crypt_get_uuid(cd),
.flags = CRYPT_ACTIVATE_SHARED /* turn off exclusive open checks */
};
if (!params || parse_reencryption_mode(params->mode)) if (!params || parse_reencryption_mode(params->mode))
return -EINVAL; return -EINVAL;
@@ -2339,6 +2344,32 @@ static int _reencrypt_init(struct crypt_device *cd,
if (r < 0) if (r < 0)
goto err; goto err;
if (name && strcmp(params->mode, "encrypt")) {
r = LUKS2_verify_and_upload_keys(cd, hdr, LUKS2_reencrypt_digest_old(hdr), LUKS2_reencrypt_digest_new(hdr), *vks);
if (r)
goto err;
r = dm_query_device(cd, name, DM_ACTIVE_UUID | DM_ACTIVE_DEVICE |
DM_ACTIVE_CRYPT_KEYSIZE | DM_ACTIVE_CRYPT_KEY |
DM_ACTIVE_CRYPT_CIPHER, &dmd_target);
if (r < 0)
goto err;
r = LUKS2_assembly_multisegment_dmd(cd, hdr, *vks, LUKS2_get_segments_jobj(hdr), &dmd_source);
if (!r) {
r = crypt_compare_dm_devices(cd, &dmd_source, &dmd_target);
if (r)
log_err(cd, _("Mismatching parameters on device %s."), name);
}
dm_targets_free(cd, &dmd_source);
dm_targets_free(cd, &dmd_target);
free(CONST_CAST(void*)dmd_target.uuid);
if (r)
goto err;
}
if (move_first_segment && move_data(cd, devfd, params->data_shift << SECTOR_SHIFT)) { if (move_first_segment && move_data(cd, devfd, params->data_shift << SECTOR_SHIFT)) {
r = -EIO; r = -EIO;
goto err; goto err;
@@ -2853,7 +2884,7 @@ static int _reencrypt_init_by_passphrase(struct crypt_device *cd,
} }
if (ri == CRYPT_REENCRYPT_NONE && !(flags & CRYPT_REENCRYPT_RESUME_ONLY)) { if (ri == CRYPT_REENCRYPT_NONE && !(flags & CRYPT_REENCRYPT_RESUME_ONLY)) {
r = _reencrypt_init(cd, hdr, passphrase, passphrase_size, keyslot_old, keyslot_new, cipher, cipher_mode, params, &vks); r = _reencrypt_init(cd, name, hdr, passphrase, passphrase_size, keyslot_old, keyslot_new, cipher, cipher_mode, params, &vks);
if (r < 0) if (r < 0)
log_err(cd, _("Failed to initialize LUKS2 reencryption in metadata.")); log_err(cd, _("Failed to initialize LUKS2 reencryption in metadata."));
} else if (ri > CRYPT_REENCRYPT_NONE) { } else if (ri > CRYPT_REENCRYPT_NONE) {