From 652835a1f820e12c4723026330b0ebab0e285086 Mon Sep 17 00:00:00 2001
From: Ondrej Kozina <okozina@redhat.com>
Date: Tue, 29 Oct 2024 14:41:59 +0100
Subject: [PATCH] Verify fvault2 key size in before activation by volume key.

---
 lib/setup.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/lib/setup.c b/lib/setup.c
index a4d79143..00a18d06 100644
--- a/lib/setup.c
+++ b/lib/setup.c
@@ -5565,7 +5565,10 @@ static int _verify_key(struct crypt_device *cd,
 		r = KEY_VERIFIED;
 	else if (isBITLK(cd->type))
 		r = KEY_VERIFIED;
-	else
+	else if (isFVAULT2(cd->type)) {
+		if (vk && vk->keylength == FVAULT2_volume_key_size())
+			r = KEY_VERIFIED;
+	} else
 		log_err(cd, _("Device type is not properly initialized."));
 
 	if (r >= KEY_VERIFIED)