eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-13 11:50:10 +01:00
Code Issues Packages Projects Releases Wiki Activity

Move LUKS2 legacy reencryption flag check.

Browse Source 
There's already routine meant for verification if LUKS2
can be reencrypted. So move the appropriate code there instead.
This commit is contained in:
Ondrej Kozina
2023-11-01 12:53:16 +01:00
parent 45ddc623bc
commit af8c53a823
1 changed files with 9 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/utils_reencrypt.c
View File

@@ -349,11 +349,6 @@ static int luks2_reencrypt_in_progress(struct crypt_device *cd)
if (crypt_persistent_flags_get(cd, CRYPT_FLAGS_REQUIREMENTS, &flags)) if (crypt_persistent_flags_get(cd, CRYPT_FLAGS_REQUIREMENTS, &flags))
return -EINVAL; return -EINVAL;
if (flags & CRYPT_REQUIREMENT_OFFLINE_REENCRYPT) {
log_err(_("Legacy LUKS2 reencryption is no longer supported."));
return -EINVAL;
}
return flags & CRYPT_REQUIREMENT_ONLINE_REENCRYPT; return flags & CRYPT_REQUIREMENT_ONLINE_REENCRYPT;
} }
@@ -411,8 +406,17 @@ static enum device_status_info load_luks(struct crypt_device **r_cd,
static bool luks2_reencrypt_eligible(struct crypt_device *cd) static bool luks2_reencrypt_eligible(struct crypt_device *cd)
{ {
uint32_t flags;
struct crypt_params_integrity ip = { 0 }; struct crypt_params_integrity ip = { 0 };
if (crypt_persistent_flags_get(cd, CRYPT_FLAGS_REQUIREMENTS, &flags))
return false;
if (flags & CRYPT_REQUIREMENT_OFFLINE_REENCRYPT) {
log_err(_("Legacy LUKS2 reencryption is no longer supported."));
return false;
}
/* raw integrity info is available since 2.0 */ /* raw integrity info is available since 2.0 */
if (crypt_get_integrity_info(cd, &ip) || ip.tag_size) { if (crypt_get_integrity_info(cd, &ip) || ip.tag_size) {
log_err(_("Reencryption of device with integrity profile is not supported.")); log_err(_("Reencryption of device with integrity profile is not supported."));