Migrate to the new unsealing luks.go API

In the future we will run Unseal() concurrently for multiple slots
anatol · Nov 13, 2021 · 19ffb03 · 19ffb03
1 parent 1891e1f
commit 19ffb03
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 19 deletions.
diff --git a/init/go.mod b/init/go.mod
@@ -5,7 +5,7 @@ go 1.17
 require (
 	github.com/anatol/clevis.go v0.0.0-20210819160903-117fd670c26a
 	github.com/anatol/devmapper.go v0.0.0-20210818022933-f8f04407d1ed
-	github.com/anatol/luks.go v0.0.0-20210908180322-d9003e7f7df8
+	github.com/anatol/luks.go v0.0.0-20211023171624-c2828c9403e2
 	github.com/anatol/uevent.go v1.0.1-0.20210811163347-3e166d38c549
 	github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.0 // indirect
 	github.com/goccy/go-json v0.7.10 // indirect
@@ -18,7 +18,7 @@ require (
 	github.com/vishvananda/netns v0.0.0-20210104183010-2eb08e3e575f // indirect
 	github.com/yookoala/realpath v1.0.0
 	golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f // indirect
-	golang.org/x/sys v0.0.0-20211015200801-69063c4bb744
+	golang.org/x/sys v0.0.0-20211022215931-8e5104632af7
 	gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b
 )
 

diff --git a/init/go.sum b/init/go.sum
@@ -5,16 +5,15 @@ github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuy
 github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
 github.com/anatol/clevis.go v0.0.0-20210819160903-117fd670c26a h1:gARsDnE2h6Ody0dXqPVTNSOIFEX33YL7SpXMfhb6xmE=
 github.com/anatol/clevis.go v0.0.0-20210819160903-117fd670c26a/go.mod h1:nkR4z11P1zZIfoV2zjmV6kym2+cf+lPQsBsHgKd1IU4=
-github.com/anatol/devmapper.go v0.0.0-20210415184739-2afcc0316ff9/go.mod h1:HH26Zgz5+9A59tfHtCxq8LlnqV90Z8YsWciQXb5hqL8=
 github.com/anatol/devmapper.go v0.0.0-20210818022933-f8f04407d1ed h1:EeTzx74x8jeqCeHiQKwFQAgydBwCARHznam1WKs6DAA=
 github.com/anatol/devmapper.go v0.0.0-20210818022933-f8f04407d1ed/go.mod h1:ssHSrmx1jWcQiOnwK4ulAfFe+eFEE5LkvPU7W4fLRpU=
-github.com/anatol/luks.go v0.0.0-20210908180322-d9003e7f7df8 h1:AK3t5RGfp05mci9UrnIpK4me1PdjfNReeY69uP8+fTg=
-github.com/anatol/luks.go v0.0.0-20210908180322-d9003e7f7df8/go.mod h1:UzCyoTh2f0wRm7f0ugjSLxiH9ZzkkIP6eaA+w/BTAr8=
+github.com/anatol/luks.go v0.0.0-20211023171624-c2828c9403e2 h1:D0oaF1pK72Y92hiERdp8MUCua1ncjNnvfcJZ8/FqAxs=
+github.com/anatol/luks.go v0.0.0-20211023171624-c2828c9403e2/go.mod h1:o8XNR05uu7toS6DvYSD+f6yH5TYDf1oBWJt4dI32w4c=
 github.com/anatol/uevent.go v1.0.1-0.20210811163347-3e166d38c549 h1:CPuCjtWK5UI9KQPDhylGHfZe7Pp8j58WK7i3wpLemA0=
 github.com/anatol/uevent.go v1.0.1-0.20210811163347-3e166d38c549/go.mod h1:yO7hm0VhhOujsh+j0nn8ExPhAqIJh50MZOcKetKhAPA=
-github.com/anatol/vmtest v0.0.0-20210225191124-26540db15d49/go.mod h1:EWbYrKMDMxiKbQjI7z6GO7yABGxqRkU3+slxy/avES8=
-github.com/anatol/vmtest v0.0.0-20210818021435-9894c562b88f h1:EfRi5PBB+KTa07Qm1+Cd+fzfX9BMxmrU0cbEOvV1gf4=
 github.com/anatol/vmtest v0.0.0-20210818021435-9894c562b88f/go.mod h1:4UXI5w1wKewv694cqKcW57RylNiNm/uCbJhMeXyqoSo=
+github.com/anatol/vmtest v0.0.0-20211004221854-3a36b6b86cc0 h1:1my48uvB1J9Gpe9Jl03rdyHY2U4j0uRGQ6zmeGAMFao=
+github.com/anatol/vmtest v0.0.0-20211004221854-3a36b6b86cc0/go.mod h1:JiDFhD1zjgMx9ONsHhhucGwMvCLrJMl/yu/l5qP4XFw=
 github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
@@ -211,7 +210,6 @@ golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACk
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20201217014255-9d1352758620/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
-golang.org/x/crypto v0.0.0-20210415154028-4f45737414dc/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
 golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519 h1:7I4JAnoQBe7ZtJcBaYHi5UtiO8tQHbUSXxL+pnGRANg=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
@@ -270,17 +268,16 @@ golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201009025420-dfb3f7c4e634/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201101102859-da207088b7d1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20201109165425-215b40eba54c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201207223542-d4d67f95c62d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210415045647-66c3f260301c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210525143221-35b2ab0089ea/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210817190340-bfb29a6856f2/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210819135213-f52c844e1c1c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20211015200801-69063c4bb744 h1:KzbpndAYEM+4oHRp9JmB2ewj0NHHxO3Z0g7Gus2O1kk=
-golang.org/x/sys v0.0.0-20211015200801-69063c4bb744/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20211004093028-2c5d950f24ef/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20211022215931-8e5104632af7 h1:e2q1CMOFXDvurT2sa2yhJAkuA2n8Rd9tMDd7Tcfvs6M=
+golang.org/x/sys v0.0.0-20211022215931-8e5104632af7/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=

diff --git a/init/luks.go b/init/luks.go
@@ -305,15 +305,13 @@ func luksOpen(dev string, mapping *luksMapping) error {
 		info("recovered password from %s token #%d", t.Type, t.ID)
 
 		for _, s := range t.Slots {
-			err = d.Unlock(s, password, mapping.name)
+			v, err := d.UnsealVolume(s, password)
 			if err == luks.ErrPassphraseDoesNotMatch {
 				continue
 			}
 			memZeroBytes(password)
-			if err == nil {
-				info("password from %s token #%d matches", t.Type, tokenNum)
-			}
-			return err
+			info("password from %s token #%d matches", t.Type, tokenNum)
+			return v.SetupMapper(mapping.name)
 		}
 		memZeroBytes(password)
 		info("password from %s token #%d does not match", t.Type, tokenNum)
@@ -333,12 +331,12 @@ func luksOpen(dev string, mapping *luksMapping) error {
 
 		console("   Unlocking...")
 		for _, s := range d.Slots() {
-			err = d.Unlock(s, password, mapping.name)
+			v, err := d.UnsealVolume(s, password)
 			if err == luks.ErrPassphraseDoesNotMatch {
 				continue
 			}
 			memZeroBytes(password)
-			return err
+			return v.SetupMapper(mapping.name)
 		}
 
 		// zeroify the password so we do not keep the sensitive data in the memory