eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-05 16:00:05 +01:00
Code Issues Packages Projects Releases Wiki Activity

Switch crypt_suspend() to DM_SUSPEND_WIPE_KEY flag.

Browse Source
This commit is contained in:
Ondrej Kozina
2019-03-13 17:42:59 +01:00
committed by Milan Broz
parent 4df2ce4409
commit 6961f2caae
3 changed files with 3 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
lib/libdevmapper.c
View File

@@ -2516,36 +2516,6 @@ out:
return r;
}
int dm_suspend_and_wipe_key(struct crypt_device *cd, const char *name)
{
uint32_t dmt_flags;
int r = -ENOTSUP;
if (dm_init_context(cd, DM_CRYPT))
return -ENOTSUP;
if (dm_flags(cd, DM_CRYPT, &dmt_flags))
goto out;
if (!(dmt_flags & DM_KEY_WIPE_SUPPORTED))
goto out;
if (!_dm_simple(DM_DEVICE_SUSPEND, name, 0)) {
r = -EINVAL;
goto out;
}
if (!_dm_message(name, "key wipe")) {
_dm_resume_device(name, 0);
r = -EINVAL;
goto out;
}
r = 0;
out:
dm_exit_context();
return r;
}
int dm_resume_device(struct crypt_device *cd, const char *name, uint32_t dmflags)
{
int r;

6
lib/setup.c
View File

@@ -2876,6 +2876,7 @@ int crypt_suspend(struct crypt_device *cd,
char *key_desc;
crypt_status_info ci;
int r;
uint32_t dmflags = DM_SUSPEND_WIPE_KEY;
/* FIXME: check context uuid matches the dm-crypt device uuid (onlyLUKS branching) */
@@ -2919,10 +2920,9 @@ int crypt_suspend(struct crypt_device *cd,
/* we can't simply wipe wrapped keys */
if (crypt_cipher_wrapped_key(crypt_get_cipher(cd), crypt_get_cipher_mode(cd)))
r = dm_suspend_device(cd, name, 0);
else
r = dm_suspend_and_wipe_key(cd, name);
dmflags &= ~DM_SUSPEND_WIPE_KEY;
r = dm_suspend_device(cd, name, dmflags);
if (r == -ENOTSUP)
log_err(cd, _("Suspend is not supported for device %s."), name);
else if (r)

1
lib/utils_dm.h
View File

@@ -195,7 +195,6 @@ int dm_create_device(struct crypt_device *cd, const char *name,
int dm_reload_device(struct crypt_device *cd, const char *name,
struct crypt_dm_active_device *dmd, uint32_t dmflags, unsigned resume);
int dm_suspend_device(struct crypt_device *cd, const char *name, uint32_t dmflags);
int dm_suspend_and_wipe_key(struct crypt_device *cd, const char *name);
int dm_resume_device(struct crypt_device *cd, const char *name, uint32_t dmflags);
int dm_resume_and_reinstate_key(struct crypt_device *cd, const char *name,
const struct volume_key *vk);