Merge pull request #7089 from oniko/luks2-support

LUKS2 support for systemd-cryptsetup and dissect-image
2025-01-11 05:17:44 +03:00 · 2017-11-10 16:16:36 +01:00 · 2017-11-10 16:16:36 +01:00 · 8d644046d9
commit 8d644046d9
parent 28522b0d8c dd59868b67
2 changed files with 18 additions and 7 deletions
--- a/src/cryptsetup/cryptsetup.c
+++ b/src/cryptsetup/cryptsetup.c
@ -38,7 +38,15 @@
 #include "strv.h"
 #include "util.h"

-static const char *arg_type = NULL; /* CRYPT_LUKS1, CRYPT_TCRYPT or CRYPT_PLAIN */
+/* libcryptsetup define for any LUKS version, compatible with libcryptsetup 1.x */
+#ifndef CRYPT_LUKS
+#define CRYPT_LUKS NULL
+#endif
+
+/* internal helper */
+#define ANY_LUKS "LUKS"
+
+static const char *arg_type = NULL; /* ANY_LUKS, CRYPT_LUKS1, CRYPT_LUKS2, CRYPT_TCRYPT or CRYPT_PLAIN */
 static char *arg_cipher = NULL;
 static unsigned arg_key_size = 0;
 static int arg_key_slot = CRYPT_ANY_SLOT;
@ -102,7 +110,7 @@ static int parse_one_option(const char *option) {

        } else if ((val = startswith(option, "key-slot="))) {

-                arg_type = CRYPT_LUKS1;
+                arg_type = ANY_LUKS;
                r = safe_atoi(val, &arg_key_slot);
                if (r < 0) {
                        log_error_errno(r, "Failed to parse %s, ignoring: %m", option);
@ -140,7 +148,7 @@ static int parse_one_option(const char *option) {
                        return log_oom();

        } else if ((val = startswith(option, "header="))) {
-                arg_type = CRYPT_LUKS1;
+                arg_type = ANY_LUKS;

                if (!path_is_absolute(val)) {
                        log_error("Header path \"%s\" is not absolute, refusing.", val);
@ -171,7 +179,7 @@ static int parse_one_option(const char *option) {
        else if (STR_IN_SET(option, "allow-discards", "discard"))
                arg_discards = true;
        else if (streq(option, "luks"))
-                arg_type = CRYPT_LUKS1;
+                arg_type = ANY_LUKS;
        else if (streq(option, "tcrypt"))
                arg_type = CRYPT_TCRYPT;
        else if (streq(option, "tcrypt-hidden")) {
@ -491,8 +499,8 @@ static int attach_luks_or_plain(struct crypt_device *cd,
        assert(name);
        assert(key_file || passwords);

-        if (!arg_type || streq(arg_type, CRYPT_LUKS1)) {
-                r = crypt_load(cd, CRYPT_LUKS1, NULL);
+        if (!arg_type || STR_IN_SET(arg_type, ANY_LUKS, CRYPT_LUKS1)) {
+                r = crypt_load(cd, CRYPT_LUKS, NULL);
                if (r < 0) {
                        log_error("crypt_load() failed on device %s.\n", crypt_get_device_name(cd));
                        return r;
--- a/src/shared/dissect-image.c
+++ b/src/shared/dissect-image.c
@ -19,6 +19,9 @@

 #if HAVE_LIBCRYPTSETUP
 #include <libcryptsetup.h>
+#ifndef CRYPT_LUKS
+#define CRYPT_LUKS NULL
+#endif
 #endif
 #include <sys/mount.h>

@ -856,7 +859,7 @@ static int decrypt_partition(
        if (r < 0)
                return log_debug_errno(r, "Failed to initialize dm-crypt: %m");

-        r = crypt_load(cd, CRYPT_LUKS1, NULL);
+        r = crypt_load(cd, CRYPT_LUKS, NULL);
        if (r < 0) {
                log_debug_errno(r, "Failed to load LUKS metadata: %m");
                goto fail;