eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-16 13:20:11 +01:00
Code Issues Packages Projects Releases Wiki Activity

Enable legacy LUKS1 reencryption in cryptsetup utility.

Browse Source
This commit is contained in:
Ondrej Kozina
2021-10-07 15:51:58 +02:00
parent 390f3f5b73
commit cade8201d2
3 changed files with 56 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/utils_luks.h
View File

@@ -45,4 +45,8 @@ int luksFormat(struct crypt_device **r_cd, char **r_password, size_t *r_password
int reencrypt(int action_argc, const char **action_argv); int reencrypt(int action_argc, const char **action_argv);
int reencrypt_luks1(const char *device);
int reencrypt_luks1_in_progress(const char *device);
#endif /* UTILS_LUKS_H */ #endif /* UTILS_LUKS_H */

39
src/utils_reencrypt.c
View File

@@ -777,6 +777,12 @@ static enum device_status_info load_luks(struct crypt_device **r_cd, const char
if (r == -EBUSY) /* luks2 locking error (message printed by libcryptsetup) */ if (r == -EBUSY) /* luks2 locking error (message printed by libcryptsetup) */
return DEVICE_INVALID; return DEVICE_INVALID;
if (!type || isLUKS1(type))
r = reencrypt_luks1_in_progress(uuid_or_device(header_device ?: data_device));
if (!r)
return DEVICE_LUKS1_UNUSABLE;
log_err(_("Device %s is not a valid %s device."), log_err(_("Device %s is not a valid %s device."),
uuid_or_device(header_device ?: data_device), type ?: "LUKS"); uuid_or_device(header_device ?: data_device), type ?: "LUKS");
@@ -955,11 +961,32 @@ static int reencrypt_luks2(struct crypt_device *cd, int action_argc, const char
static int encrypt(int action_argc, const char **action_argv) static int encrypt(int action_argc, const char **action_argv)
{ {
const char *type = luksType(device_type); const char *type = luksType(device_type);
bool luks1_in_reencrypt = false;
/* explicit request for LUKS2 encryption */
if (ARG_SET(OPT_HEADER_ID)) {
luks1_in_reencrypt = reencrypt_luks1_in_progress(ARG_STR(OPT_HEADER_ID)) == 0;
if (luks1_in_reencrypt && isLUKS2(type)) {
log_err(_("Device %s already in LUKS1 reencryption."), ARG_STR(OPT_HEADER_ID));
return -EINVAL;
}
}
if (!luks1_in_reencrypt)
luks1_in_reencrypt = reencrypt_luks1_in_progress(uuid_or_device(action_argv[0])) == 0;
/* explicit request for LUKS2 encryption */
if (luks1_in_reencrypt && isLUKS2(type)) {
log_err(_("Device %s already in LUKS1 reencryption."), action_argv[0]);
return -EINVAL;
}
if (!type) if (!type)
type = crypt_get_default_type(); type = crypt_get_default_type();
if (isLUKS2(type)) if (isLUKS1(type) || luks1_in_reencrypt)
return reencrypt_luks1(action_argv[0]);
else if (isLUKS2(type))
return encrypt_luks2(action_argc, action_argv); return encrypt_luks2(action_argc, action_argv);
return -EINVAL; return -EINVAL;
@@ -979,7 +1006,10 @@ static int decrypt(int action_argc, const char **action_argv)
if (dev_st == DEVICE_LUKS2) if (dev_st == DEVICE_LUKS2)
r = decrypt_luks2(cd, action_argc, action_argv); r = decrypt_luks2(cd, action_argc, action_argv);
else else if (dev_st == DEVICE_LUKS1 || dev_st == DEVICE_LUKS1_UNUSABLE) {
crypt_free(cd);
return reencrypt_luks1(action_argv[0]);
} else
r = -EINVAL; r = -EINVAL;
crypt_free(cd); crypt_free(cd);
@@ -1000,7 +1030,10 @@ static int _reencrypt(int action_argc, const char **action_argv)
if (dev_st == DEVICE_LUKS2) if (dev_st == DEVICE_LUKS2)
r = reencrypt_luks2(cd, action_argc, action_argv); r = reencrypt_luks2(cd, action_argc, action_argv);
else else if (dev_st == DEVICE_LUKS1 || dev_st == DEVICE_LUKS1_UNUSABLE) {
crypt_free(cd);
return reencrypt_luks1(action_argv[0]);
} else
r = -EINVAL; r = -EINVAL;
crypt_free(cd); crypt_free(cd);

16
src/utils_reencrypt_luks1.c
View File

@@ -1315,3 +1315,19 @@ out:
destroy_context(&rc); destroy_context(&rc);
return r; return r;
} }
int reencrypt_luks1_in_progress(const char *device)
{
int r;
struct stat st;
struct reenc_ctx dummy = {};
if (stat(device, &st) || (size_t)st.st_size < pagesize())
return -EINVAL;
r = device_check(&dummy, device, CHECK_UNUSABLE);
free(dummy.device_uuid);
return r;
}