From: Lennart Poettering Date: Fri, 29 May 2026 10:19:34 +0000 (+0200) Subject: cryptenroll: move load_volume_key_keyfile() to cryptenroll-password.c X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2bbcf6c66fb7c618890970f7fe2513f7372ad7a6;p=thirdparty%2Fsystemd.git cryptenroll: move load_volume_key_keyfile() to cryptenroll-password.c Conceptually a keyfile and a password are pretty much the same thing, hence put them in the same file. --- diff --git a/src/cryptenroll/cryptenroll-password.c b/src/cryptenroll/cryptenroll-password.c index 0d3da9f2e74..f58321063a6 100644 --- a/src/cryptenroll/cryptenroll-password.c +++ b/src/cryptenroll/cryptenroll-password.c @@ -7,12 +7,51 @@ #include "env-util.h" #include "errno-util.h" #include "escape.h" +#include "fileio.h" #include "iovec-util.h" #include "log.h" #include "password-quality-util.h" #include "string-util.h" #include "strv.h" +int load_volume_key_keyfile( + const EnrollContext *c, + struct crypt_device *cd, + struct iovec *ret_vk) { + + _cleanup_(erase_and_freep) char *password = NULL; + size_t password_len; + int r; + + assert_se(c); + assert_se(cd); + assert_se(ret_vk); + + r = read_full_file_full( + AT_FDCWD, + c->unlock_keyfile, + UINT64_MAX, + SIZE_MAX, + READ_FULL_FILE_SECURE|READ_FULL_FILE_WARN_WORLD_READABLE|READ_FULL_FILE_CONNECT_SOCKET, + NULL, + &password, + &password_len); + if (r < 0) + return log_error_errno(r, "Reading keyfile %s failed: %m", c->unlock_keyfile); + + r = sym_crypt_volume_key_get( + cd, + CRYPT_ANY_SLOT, + ret_vk->iov_base, + &ret_vk->iov_len, + password, + password_len); + if (r < 0) + return log_error_errno(r, "Unlocking via keyfile failed: %m"); + + return r; +} + int load_volume_key_password( const EnrollContext *c, struct crypt_device *cd, diff --git a/src/cryptenroll/cryptenroll-password.h b/src/cryptenroll/cryptenroll-password.h index 897a8a27910..35ae1760a8e 100644 --- a/src/cryptenroll/cryptenroll-password.h +++ b/src/cryptenroll/cryptenroll-password.h @@ -4,5 +4,7 @@ #include "cryptenroll.h" #include "shared-forward.h" +int load_volume_key_keyfile(const EnrollContext *c, struct crypt_device *cd, struct iovec *ret_vk); + int load_volume_key_password(const EnrollContext *c, struct crypt_device *cd, struct iovec *ret_vk); int enroll_password(const EnrollContext *c, struct crypt_device *cd, const struct iovec *volume_key); diff --git a/src/cryptenroll/cryptenroll.c b/src/cryptenroll/cryptenroll.c index cf67973fbf4..ce21f450ba9 100644 --- a/src/cryptenroll/cryptenroll.c +++ b/src/cryptenroll/cryptenroll.c @@ -20,7 +20,6 @@ #include "cryptenroll-wipe.h" #include "cryptsetup-util.h" #include "extract-word.h" -#include "fileio.h" #include "format-table.h" #include "libfido2-util.h" #include "log.h" @@ -688,44 +687,6 @@ static int check_for_homed(struct crypt_device *cd) { return 0; } -static int load_volume_key_keyfile( - const EnrollContext *c, - struct crypt_device *cd, - struct iovec *ret_vk) { - - _cleanup_(erase_and_freep) char *password = NULL; - size_t password_len; - int r; - - assert_se(c); - assert_se(cd); - assert_se(ret_vk); - - r = read_full_file_full( - AT_FDCWD, - c->unlock_keyfile, - UINT64_MAX, - SIZE_MAX, - READ_FULL_FILE_SECURE|READ_FULL_FILE_WARN_WORLD_READABLE|READ_FULL_FILE_CONNECT_SOCKET, - NULL, - &password, - &password_len); - if (r < 0) - return log_error_errno(r, "Reading keyfile %s failed: %m", c->unlock_keyfile); - - r = sym_crypt_volume_key_get( - cd, - CRYPT_ANY_SLOT, - ret_vk->iov_base, - &ret_vk->iov_len, - password, - password_len); - if (r < 0) - return log_error_errno(r, "Unlocking via keyfile failed: %m"); - - return r; -} - int prepare_luks( const EnrollContext *c, struct crypt_device **ret_cd,