eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-05 16:00:05 +01:00
Code Issues Packages Projects Releases Wiki Activity

Allow activating multi key devices using VKs in keyring.

Browse Source 
We already support activation of a device using a volume key in keyring.
However, in case of multi-key devices (i.e. device with reencryption
running) we need to supply two volume keys.
This commit is contained in:
Daniel Zatovic
2024-01-09 16:23:05 +01:00
committed by Daniel Zaťovič
parent 4321992561
commit 7fb98caa79
7 changed files with 301 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
lib/luks2/luks2_reencrypt_digest.c
View File

@@ -375,6 +375,22 @@ int LUKS2_keyslot_reencrypt_digest_create(struct crypt_device *cd,
return LUKS2_digest_assign(cd, hdr, keyslot_reencrypt, digest_reencrypt, 1, 0);
}
void LUKS2_reencrypt_lookup_key_ids(struct crypt_device *cd, struct luks2_hdr *hdr, struct volume_key *vk)
{
int digest_old, digest_new;
digest_old = LUKS2_reencrypt_digest_old(hdr);
digest_new = LUKS2_reencrypt_digest_new(hdr);
while (vk) {
if (digest_old >= 0 && LUKS2_digest_verify_by_digest(cd, digest_old, vk) == digest_old)
crypt_volume_key_set_id(vk, digest_old);
if (digest_new >= 0 && LUKS2_digest_verify_by_digest(cd, digest_new, vk) == digest_new)
crypt_volume_key_set_id(vk, digest_new);
vk = vk->next;
}
}
int LUKS2_reencrypt_digest_verify(struct crypt_device *cd,
struct luks2_hdr *hdr,
struct volume_key *vks)