"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "src/cryptsetup.c" between
cryptsetup-2.4.2.tar.xz and cryptsetup-2.4.3.tar.xz

About: cryptsetup is a utility used to conveniently setup disk encryption based on the dm-crypt kernel module. These include plain dm-crypt volumes, LUKS volumes, loop-AES and TrueCrypt compatible format.

cryptsetup.c  (cryptsetup-2.4.2.tar.xz):cryptsetup.c  (cryptsetup-2.4.3.tar.xz)
skipping to change at line 1175 skipping to change at line 1175
return set_pbkdf_params(cd, CRYPT_LUKS2); return set_pbkdf_params(cd, CRYPT_LUKS2);
if (crypt_keyslot_get_pbkdf(cd, keyslot, &pbkdf)) if (crypt_keyslot_get_pbkdf(cd, keyslot, &pbkdf))
return -EINVAL; return -EINVAL;
pbkdf.flags |= CRYPT_PBKDF_NO_BENCHMARK; pbkdf.flags |= CRYPT_PBKDF_NO_BENCHMARK;
return crypt_set_pbkdf_type(cd, &pbkdf); return crypt_set_pbkdf_type(cd, &pbkdf);
} }
static int _do_luks2_reencrypt_recovery(struct crypt_device *cd) static int reencrypt_metadata_repair(struct crypt_device *cd)
{
char *password;
size_t passwordLen;
int r;
struct crypt_params_reencrypt params = {
.flags = CRYPT_REENCRYPT_REPAIR_NEEDED
};
if (!ARG_SET(OPT_BATCH_MODE_ID) &&
!yesDialog(_("Unprotected LUKS2 reencryption metadata detected. "
"Please verify the reencryption operation is desirable (
see luksDump output)\n"
"and continue (upgrade metadata) only if you acknowledge
the operation as genuine."),
_("Operation aborted.\n")))
return -EINVAL;
r = tools_get_key(_("Enter passphrase to protect and uppgrade reencryptio
n metadata: "),
&password, &passwordLen, ARG_UINT64(OPT_KEYFILE_OFFSET_
ID),
ARG_UINT32(OPT_KEYFILE_SIZE_ID), ARG_STR(OPT_KEY_FILE_I
D), ARG_UINT32(OPT_TIMEOUT_ID),
_verify_passphrase(0), 0, cd);
if (r < 0)
return r;
r = crypt_reencrypt_init_by_passphrase(cd, NULL, password, passwordLen,
ARG_INT32(OPT_KEY_SLOT_ID), ARG_INT32(OPT_KEY_SLOT_ID), N
ULL, NULL, &params);
tools_passphrase_msg(r);
if (r < 0)
goto out;
r = crypt_activate_by_passphrase(cd, NULL, ARG_INT32(OPT_KEY_SLOT_ID),
password, passwordLen, 0);
tools_passphrase_msg(r);
if (r >= 0)
r = 0;
out:
crypt_safe_free(password);
return r;
}
static int luks2_reencrypt_repair(struct crypt_device *cd)
{ {
int r; int r;
size_t passwordLen; size_t passwordLen;
const char *msg;
char *password = NULL; char *password = NULL;
struct crypt_params_reencrypt recovery_params = { struct crypt_params_reencrypt params = {};
.flags = CRYPT_REENCRYPT_RECOVERY
}; crypt_reencrypt_info ri = crypt_reencrypt_status(cd, &params);
if (params.flags & CRYPT_REENCRYPT_REPAIR_NEEDED)
return reencrypt_metadata_repair(cd);
crypt_reencrypt_info ri = crypt_reencrypt_status(cd, NULL);
switch (ri) { switch (ri) {
case CRYPT_REENCRYPT_NONE: case CRYPT_REENCRYPT_NONE:
/* fall through */ return 0;
case CRYPT_REENCRYPT_CLEAN: case CRYPT_REENCRYPT_CLEAN:
if (ARG_SET(OPT_BATCH_MODE_ID) ||
!noDialog(_("Seems device does not require reencryption recov
ery.\n"
"Do you want to proceed anyway?"), NULL))
return 0;
break; break;
case CRYPT_REENCRYPT_CRASH: case CRYPT_REENCRYPT_CRASH:
if (!ARG_SET(OPT_BATCH_MODE_ID) && if (!ARG_SET(OPT_BATCH_MODE_ID) &&
!yesDialog(_("Really proceed with LUKS2 reencryption recovery ?"), !yesDialog(_("Really proceed with LUKS2 reencryption recovery ?"),
_("Operation aborted.\n"))) _("Operation aborted.\n")))
return -EINVAL; return -EINVAL;
break; break;
default: default:
return -EINVAL; return -EINVAL;
} }
r = tools_get_key(_("Enter passphrase for reencryption recovery: "), if (ri == CRYPT_REENCRYPT_CLEAN)
&password, &passwordLen, ARG_UINT64(OPT_KEYFILE_OFFSET_ msg = _("Enter passphrase to verify reencryption metadata digest:
ID), ");
else
msg = _("Enter passphrase for reencryption recovery: ");
r = tools_get_key(msg, &password, &passwordLen, ARG_UINT64(OPT_KEYFILE_OF
FSET_ID),
ARG_UINT32(OPT_KEYFILE_SIZE_ID), ARG_STR(OPT_KEY_FILE_I D), ARG_UINT32(OPT_TIMEOUT_ID), ARG_UINT32(OPT_KEYFILE_SIZE_ID), ARG_STR(OPT_KEY_FILE_I D), ARG_UINT32(OPT_TIMEOUT_ID),
_verify_passphrase(0), 0, cd); _verify_passphrase(0), 0, cd);
if (r < 0) if (r < 0)
return r; return r;
r = crypt_activate_by_passphrase(cd, NULL, ARG_INT32(OPT_KEY_SLOT_ID), r = crypt_activate_by_passphrase(cd, NULL, ARG_INT32(OPT_KEY_SLOT_ID),
password, passwordLen, 0); password, passwordLen, 0);
if (r < 0) if (r < 0)
goto out; goto out;
if (ri == CRYPT_REENCRYPT_CLEAN) {
r = 0;
goto out;
}
r = crypt_reencrypt_init_by_passphrase(cd, NULL, password, passwordLen, r = crypt_reencrypt_init_by_passphrase(cd, NULL, password, passwordLen,
ARG_INT32(OPT_KEY_SLOT_ID), ARG_INT32(OPT_KEY_SLOT_ID), N ARG_INT32(OPT_KEY_SLOT_ID), ARG_INT32(OPT_KEY_SLOT_ID), N
ULL, NULL, &recovery_params); ULL, NULL,
&(struct crypt_params_reencrypt){ .flags = CRYPT_REENCRYP
T_RECOVERY });
if (r > 0) if (r > 0)
r = 0; r = 0;
out: out:
crypt_safe_free(password); crypt_safe_free(password);
return r; return r;
} }
static int action_luksRepair(void) static int action_luksRepair(void)
{ {
skipping to change at line 1258 skipping to change at line 1307
if (r < 0) if (r < 0)
goto out; goto out;
if (!ARG_SET(OPT_BATCH_MODE_ID) && if (!ARG_SET(OPT_BATCH_MODE_ID) &&
!yesDialog(_("Really try to repair LUKS device header?"), !yesDialog(_("Really try to repair LUKS device header?"),
_("Operation aborted.\n"))) _("Operation aborted.\n")))
r = -EINVAL; r = -EINVAL;
else else
r = crypt_repair(cd, luksType(device_type), NULL); r = crypt_repair(cd, luksType(device_type), NULL);
out: out:
/* Header is ok, check if possible interrupted reencryption need repairs. */ /* Header is ok, check if reencryption metadata needs repair/recovery. */
if (!r && isLUKS2(crypt_get_type(cd))) if (!r && isLUKS2(crypt_get_type(cd)))
r = _do_luks2_reencrypt_recovery(cd); r = luks2_reencrypt_repair(cd);
crypt_free(cd); crypt_free(cd);
return r; return r;
} }
static int _wipe_data_device(struct crypt_device *cd) static int _wipe_data_device(struct crypt_device *cd)
{ {
char tmp_name[64], tmp_path[128], tmp_uuid[40]; char tmp_name[64], tmp_path[128], tmp_uuid[40];
uuid_t tmp_uuid_bin; uuid_t tmp_uuid_bin;
int r; int r;
 End of changes. 11 change blocks. 
18 lines changed or deleted 74 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)