summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2024-02-19 18:16:47 +0100
committerLennart Poettering <lennart@poettering.net>2024-02-20 16:50:00 +0100
commit1c12daa46f90a8b74b83a14c0b657d71a535ac6f (patch)
tree8a3e98e9ee73ed624526c9b2dacf81e5ab8f26c7
parentcryptenroll,cryptsetup: clean up unlock credential for TPM2 + FIDO2 (diff)
downloadsystemd-1c12daa46f90a8b74b83a14c0b657d71a535ac6f.tar.xz
systemd-1c12daa46f90a8b74b83a14c0b657d71a535ac6f.zip
cryptsetup-pkcs11: also plug credential name to use to credential plugin
-rw-r--r--src/cryptsetup/cryptsetup-tokens/luks2-pkcs11.c1
-rw-r--r--src/cryptsetup/cryptsetup.c11
-rw-r--r--src/shared/pkcs11-util.h1
3 files changed, 12 insertions, 1 deletions
diff --git a/src/cryptsetup/cryptsetup-tokens/luks2-pkcs11.c b/src/cryptsetup/cryptsetup-tokens/luks2-pkcs11.c
index 512a4cf18a..0203e72645 100644
--- a/src/cryptsetup/cryptsetup-tokens/luks2-pkcs11.c
+++ b/src/cryptsetup/cryptsetup-tokens/luks2-pkcs11.c
@@ -158,6 +158,7 @@ static int acquire_luks2_key_systemd(
data.friendly_name = params->friendly_name;
data.headless = params->headless;
+ data.askpw_credential = params->askpw_credential;
data.askpw_flags = params->askpw_flags;
data.until = params->until;
diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c
index e96686cff3..63f8cdb81f 100644
--- a/src/cryptsetup/cryptsetup.c
+++ b/src/cryptsetup/cryptsetup.c
@@ -1492,6 +1492,7 @@ static int attach_luks2_by_pkcs11_via_plugin(
const char *friendly_name,
usec_t until,
bool headless,
+ const char *askpw_credential,
uint32_t flags) {
#if HAVE_LIBCRYPTSETUP_PLUGINS
@@ -1504,6 +1505,7 @@ static int attach_luks2_by_pkcs11_via_plugin(
.friendly_name = friendly_name,
.until = until,
.headless = headless,
+ .askpw_credential = askpw_credential,
.askpw_flags = arg_ask_password_flags,
};
@@ -1567,7 +1569,14 @@ static int attach_luks_or_plain_or_bitlk_by_pkcs11(
for (;;) {
if (use_libcryptsetup_plugin && arg_pkcs11_uri_auto)
- r = attach_luks2_by_pkcs11_via_plugin(cd, name, friendly, until, arg_headless, flags);
+ r = attach_luks2_by_pkcs11_via_plugin(
+ cd,
+ name,
+ friendly,
+ until,
+ arg_headless,
+ "cryptsetup.pkcs11-pin",
+ flags);
else {
r = decrypt_pkcs11_key(
name,
diff --git a/src/shared/pkcs11-util.h b/src/shared/pkcs11-util.h
index 9b4336dc05..dbd88ede67 100644
--- a/src/shared/pkcs11-util.h
+++ b/src/shared/pkcs11-util.h
@@ -112,6 +112,7 @@ typedef struct {
const char *friendly_name;
usec_t until;
bool headless;
+ const char *askpw_credential;
AskPasswordFlags askpw_flags;
} systemd_pkcs11_plugin_params;