Commit e9302b61 authored by Stefano Babic's avatar Stefano Babic
Browse files

Patch for cryptsetup to pass key descriptor


Signed-off-by: Stefano Babic's avatarStefano Babic <sbabic@denx.de>
parent ec63debc
FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
SRC_URI += " \
file://0001-Allow-passing-a-Kernel-keyring-key-descriptor-in-PLA.patch \
"
From 1423387f44d5a38514e23c06a60ecac9fdf74d44 Mon Sep 17 00:00:00 2001
From: Heiko Schocher <hs@denx.de>
Date: Tue, 23 Jun 2020 09:36:41 +0200
Subject: [PATCH] Allow passing a Kernel keyring key descriptor in PLAIN mode.
Signed-off-by: Richard Weinberger <richard@nod.at>
ported to 2.3.2 from
Signed-off-by: Heiko Schocher <hs@denx.de>
---
lib/setup.c | 15 +++++++++++----
src/cryptsetup.c | 18 ++++++++++++++++++
2 files changed, 29 insertions(+), 4 deletions(-)
diff --git a/lib/setup.c b/lib/setup.c
index 567f262..0a09101 100644
--- a/lib/setup.c
+++ b/lib/setup.c
@@ -248,7 +248,7 @@ int init_crypto(struct crypt_device *ctx)
static int process_key(struct crypt_device *cd, const char *hash_name,
size_t key_size, const char *pass, size_t passLen,
- struct volume_key **vk)
+ struct volume_key **vk, uint32_t flags)
{
int r;
@@ -259,6 +259,13 @@ static int process_key(struct crypt_device *cd, const char *hash_name,
if (!*vk)
return -ENOMEM;
+ if (flags & CRYPT_ACTIVATE_KEYRING_KEY) {
+ (*vk)->key_description = strdup(pass);
+ (*vk)->keylength = key_size;
+
+ return 0;
+ }
+
if (hash_name) {
r = crypt_plain_hash(cd, hash_name, (*vk)->key, key_size, pass, passLen);
if (r < 0) {
@@ -4102,7 +4109,7 @@ static int _activate_by_passphrase(struct crypt_device *cd,
r = process_key(cd, cd->u.plain.hdr.hash,
cd->u.plain.key_size,
- passphrase, passphrase_size, &vk);
+ passphrase, passphrase_size, &vk, flags);
if (r < 0)
goto out;
@@ -4635,7 +4642,7 @@ int crypt_volume_key_get(struct crypt_device *cd,
if (isPLAIN(cd->type) && cd->u.plain.hdr.hash) {
r = process_key(cd, cd->u.plain.hdr.hash, key_len,
- passphrase, passphrase_size, &vk);
+ passphrase, passphrase_size, &vk, 0);
if (r < 0)
log_err(cd, _("Cannot retrieve volume key for plain device."));
} else if (isLUKS1(cd->type)) {
@@ -5875,7 +5882,7 @@ int crypt_use_keyring_for_vk(struct crypt_device *cd)
uint32_t dmc_flags;
/* dm backend must be initialized */
- if (!cd || !isLUKS2(cd->type))
+ if (!cd)
return 0;
if (!_vk_via_keyring || !kernel_keyring_support())
diff --git a/src/cryptsetup.c b/src/cryptsetup.c
index 129d64a..9cc7ccb 100644
--- a/src/cryptsetup.c
+++ b/src/cryptsetup.c
@@ -32,6 +32,7 @@ static int opt_verify_passphrase = 0;
static const char *opt_json_file = NULL;
static const char *opt_key_file = NULL;
static const char *opt_keyfile_stdin = NULL;
+static const char *opt_key_desc = NULL;
static int opt_keyfiles_count = 0;
static const char *opt_keyfiles[MAX_KEYFILES];
@@ -327,6 +328,9 @@ static int action_open_plain(void)
if (opt_shared)
activate_flags |= CRYPT_ACTIVATE_SHARED;
+ if (opt_key_desc)
+ activate_flags |= CRYPT_ACTIVATE_KEYRING_KEY;
+
_set_activation_flags(&activate_flags);
if (!tools_is_stdin(opt_key_file)) {
@@ -339,6 +343,19 @@ static int action_open_plain(void)
r = crypt_activate_by_keyfile_device_offset(cd, action_argv[1],
CRYPT_ANY_SLOT, opt_key_file, key_size_max,
opt_keyfile_offset, activate_flags);
+
+ } else if (opt_key_desc) {
+ password = (char *)opt_key_desc;
+ passwordLen = strlen(opt_key_desc);
+
+ r = crypt_activate_by_passphrase(cd, action_argv[1],
+ CRYPT_ANY_SLOT, password, passwordLen, activate_flags);
+
+ //free(password);
+ password = NULL;
+
+ if (r < 0)
+ goto out;
} else {
key_size_max = (opt_key_file && !params.hash) ? key_size : (size_t)opt_keyfile_size;
r = tools_get_key(NULL, &password, &passwordLen,
@@ -3486,6 +3503,7 @@ int main(int argc, const char **argv)
{ "hash", 'h', POPT_ARG_STRING, &opt_hash, 0, N_("The hash used to create the encryption key from the passphrase"), NULL },
{ "verify-passphrase", 'y', POPT_ARG_NONE, &opt_verify_passphrase, 0, N_("Verifies the passphrase by asking for it twice"), NULL },
{ "key-file", 'd', POPT_ARG_STRING, &opt_key_file, 6, N_("Read the key from a file"), NULL },
+ { "key-desc", '\0', POPT_ARG_STRING, &opt_key_desc, 0, N_("Keyring descriptor to use"), NULL },
{ "master-key-file", '\0', POPT_ARG_STRING, &opt_master_key_file, 0, N_("Read the volume (master) key from file."), NULL },
{ "dump-master-key", '\0', POPT_ARG_NONE, &opt_dump_master_key, 0, N_("Dump volume (master) key instead of keyslots info"), NULL },
{ "key-size", 's', POPT_ARG_INT, &opt_key_size, 0, N_("The size of the encryption key"), N_("BITS") },
--
2.20.1
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment