diff --git a/src/utils_reencrypt.c b/src/utils_reencrypt.c index b27e14c4..e3190054 100644 --- a/src/utils_reencrypt.c +++ b/src/utils_reencrypt.c @@ -134,6 +134,49 @@ static int reencrypt_get_active_name(struct crypt_device *cd, const char *data_d return get_active_device_name(cd, data_device, r_active_name); } +static int reencrypt_verify_and_update_params(struct crypt_params_reencrypt *params) +{ + assert(params); + + if (ARG_SET(OPT_ENCRYPT_ID) && params->mode != CRYPT_REENCRYPT_ENCRYPT) { + log_err(_("Device is not in LUKS2 encryption. Conflicting option --encrypt.")); + return -EINVAL; + } + + if (ARG_SET(OPT_DECRYPT_ID) && params->mode != CRYPT_REENCRYPT_DECRYPT) { + log_err(_("Device is not in LUKS2 decryption. Conflicting option --decrypt.")); + return -EINVAL; + } + + if (ARG_SET(OPT_RESILIENCE_ID) && + !strcmp(params->resilience, "datashift") && strcmp(ARG_STR(OPT_RESILIENCE_ID), "datashift")) { + log_err(_("Device is in reencryption using datashift resilience. Requested --resilience option cannot be applied.")); + return -EINVAL; + } + + if (ARG_SET(OPT_RESILIENCE_ID) && + strcmp(params->resilience, "datashift") && !strcmp(ARG_STR(OPT_RESILIENCE_ID), "datashift")) { + log_err(_("Requested --resilience option cannot be applied to current reencryption operation.")); + return -EINVAL; + } + + params->resilience = NULL; + if (ARG_SET(OPT_RESILIENCE_ID)) { + params->resilience = ARG_STR(OPT_RESILIENCE_ID); + if (!strcmp(ARG_STR(OPT_RESILIENCE_ID), "checksum")) + params->hash = "sha256"; + + if (ARG_SET(OPT_RESILIENCE_HASH_ID)) + params->hash = ARG_STR(OPT_RESILIENCE_HASH_ID); + } + + params->max_hotzone_size = ARG_UINT64(OPT_HOTZONE_SIZE_ID) / SECTOR_SIZE; + params->device_size = ARG_UINT64(OPT_DEVICE_SIZE_ID) / SECTOR_SIZE; + params->flags = CRYPT_REENCRYPT_RESUME_ONLY; + + return 0; +} + static int reencrypt_luks2_load(struct crypt_device *cd, const char *data_device) { char *msg; @@ -141,7 +184,7 @@ static int reencrypt_luks2_load(struct crypt_device *cd, const char *data_device int r; size_t passwordLen; char *active_name = NULL, *password = NULL; - struct crypt_params_reencrypt params; + struct crypt_params_reencrypt params = {}; ri = crypt_reencrypt_status(cd, ¶ms); if (ri == CRYPT_REENCRYPT_CRASH) @@ -150,40 +193,9 @@ static int reencrypt_luks2_load(struct crypt_device *cd, const char *data_device if (ri != CRYPT_REENCRYPT_CLEAN) return -EINVAL; - if (ARG_SET(OPT_ENCRYPT_ID) && params.mode != CRYPT_REENCRYPT_ENCRYPT) { - log_err(_("Device is not in LUKS2 encryption. Conflicting option --encrypt.")); - return -EINVAL; - } - - if (ARG_SET(OPT_DECRYPT_ID) && params.mode != CRYPT_REENCRYPT_DECRYPT) { - log_err(_("Device is not in LUKS2 decryption. Conflicting option --decrypt.")); - return -EINVAL; - } - - if (ARG_SET(OPT_RESILIENCE_ID) && - !strcmp(params.resilience, "datashift") && strcmp(ARG_STR(OPT_RESILIENCE_ID), "datashift")) { - log_err(_("Device is in reencryption using datashift resilience. Requested --resilience option cannot be applied.")); - return -EINVAL; - } - - if (ARG_SET(OPT_RESILIENCE_ID) && - strcmp(params.resilience, "datashift") && !strcmp(ARG_STR(OPT_RESILIENCE_ID), "datashift")) { - log_err(_("Requested --resilience option cannot be applied to current reencryption operation.")); - return -EINVAL; - } - - params.resilience = NULL; - if (ARG_SET(OPT_RESILIENCE_ID)) { - params.resilience = ARG_STR(OPT_RESILIENCE_ID); - if (!strcmp(ARG_STR(OPT_RESILIENCE_ID), "checksum")) - params.hash = "sha256"; - if (ARG_SET(OPT_RESILIENCE_HASH_ID)) - params.hash = ARG_STR(OPT_RESILIENCE_HASH_ID); - } - - params.max_hotzone_size = ARG_UINT64(OPT_HOTZONE_SIZE_ID) / SECTOR_SIZE; - params.device_size = ARG_UINT64(OPT_DEVICE_SIZE_ID) / SECTOR_SIZE; - params.flags = CRYPT_REENCRYPT_RESUME_ONLY; + r = reencrypt_verify_and_update_params(¶ms); + if (r < 0) + return r; if (!ARG_SET(OPT_BATCH_MODE_ID) && !ARG_SET(OPT_RESUME_ONLY_ID)) { r = asprintf(&msg, _("Device %s is already in LUKS2 reencryption. "