eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-05 16:00:05 +01:00
Code Issues Packages Projects Releases Wiki Activity

Reinstate pbkdf serialization flag in device activation.

Browse Source 
crypt_activate_by_keyslot_context never respected pbkdf serialation
flag (CRYPT_ACTIVATE_SERIALIZE_MEMORY_HARD_PBKDF).

In fact it worked only when device was activated via passphrase or via
passphrase file. It was never respected when device was activated
by a token for example.

When the internal code was fully switched to activation via keyslot
context the legacy code for passphrase based activation was dropped
and we lost track of serialization flag completely.

This fixes all of the issues so now the serialization flag will be
respected also with tokens (and all other activation methods unlocking
LUKS2 keyslot with memory hard pbkdf).

Fixes: 58385d68d8 (Allow activation via keyslot context)
Fixes: #968.
This commit is contained in:
Ondrej Kozina
2025-11-27 10:49:24 +01:00
parent e1cbd4ecba
commit 5d69c34f59
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
lib/setup.c
View File

@@ -5450,6 +5450,9 @@ int crypt_activate_by_keyslot_context(struct crypt_device *cd,
return _activate_loopaes(cd, name, passphrase, passphrase_size, flags);
}
if (flags & CRYPT_ACTIVATE_SERIALIZE_MEMORY_HARD_PBKDF)
cd->memory_hard_pbkdf_lock_enabled = true;
/* acquire the volume key(s) */
r = -EINVAL;
if (isLUKS1(cd->type)) {