eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-14 04:10:06 +01:00
Code Issues Packages Projects Releases Wiki Activity

Support online reencryption for PAES cipher.

Browse Source 
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>

(With few adjustments by Ondrej Kozina)
This commit is contained in:
Ingo Franzki
2020-08-17 17:15:05 +02:00
committed by Milan Broz
parent d1c3ad2703
commit a4f78e1c98
3 changed files with 22 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
src/cryptsetup.c
View File

@@ -3119,7 +3119,7 @@ static int action_reencrypt_luks2(struct crypt_device *cd)
{
size_t i, vk_size, kp_size;
int r, keyslot_old = CRYPT_ANY_SLOT, keyslot_new = CRYPT_ANY_SLOT, key_size;
char dm_name[PATH_MAX], cipher [MAX_CIPHER_LEN], mode[MAX_CIPHER_LEN], *vk;
char dm_name[PATH_MAX], cipher [MAX_CIPHER_LEN], mode[MAX_CIPHER_LEN], *vk = NULL;
const char *active_name = NULL;
struct keyslot_passwords *kp;
struct crypt_params_luks2 luks2_params = {};
@@ -3161,6 +3161,7 @@ static int action_reencrypt_luks2(struct crypt_device *cd)
if (!key_size)
return -EINVAL;
vk_size = key_size;
r = crypt_keyslot_max(CRYPT_LUKS2);
if (r < 0)
@@ -3175,11 +3176,11 @@ static int action_reencrypt_luks2(struct crypt_device *cd)
if (r)
goto err;
vk_size = key_size;
vk = crypt_safe_alloc(vk_size);
if (!vk) {
r = -ENOMEM;
goto err;
if (opt_master_key_file) {
r = tools_read_mk(opt_master_key_file, &vk, key_size);
if (r < 0)
goto err;
}
r = -ENOENT;
@@ -3189,7 +3190,7 @@ static int action_reencrypt_luks2(struct crypt_device *cd)
r = set_keyslot_params(cd, i);
if (r < 0)
break;
r = crypt_keyslot_add_by_key(cd, CRYPT_ANY_SLOT, NULL, key_size,
r = crypt_keyslot_add_by_key(cd, CRYPT_ANY_SLOT, vk, key_size,
kp[i].password, kp[i].passwordLen, CRYPT_VOLUME_KEY_NO_SEGMENT);
tools_keyslot_msg(r, CREATED);
if (r < 0)
@@ -3198,9 +3199,17 @@ static int action_reencrypt_luks2(struct crypt_device *cd)
kp[i].new = r;
keyslot_new = r;
keyslot_old = i;
r = crypt_volume_key_get(cd, keyslot_new, vk, &vk_size, kp[i].password, kp[i].passwordLen);
if (r < 0)
break;
if (!vk) {
/* key generated in crypt_keyslot_add_by_key() call above */
vk = crypt_safe_alloc(key_size);
if (!vk) {
r = -ENOMEM;
break;
}
r = crypt_volume_key_get(cd, keyslot_new, vk, &vk_size, kp[i].password, kp[i].passwordLen);
if (r < 0)
break;
}
r = assign_tokens(cd, i, r);
if (r < 0)
break;
@@ -3220,8 +3229,6 @@ static int action_reencrypt_luks2(struct crypt_device *cd)
}
}
crypt_safe_free(vk);
if (r < 0)
goto err;
@@ -3241,6 +3248,7 @@ static int action_reencrypt_luks2(struct crypt_device *cd)
kp[keyslot_old].passwordLen, keyslot_old, kp[keyslot_old].new,
cipher, mode, &params);
err:
crypt_safe_free(vk);
for (i = 0; i < kp_size; i++) {
crypt_safe_free(kp[i].password);
if (r < 0 && kp[i].new >= 0 &&