From 98e0456ec04c2b210291f41f6d8f8527263e0c67 Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Thu, 13 Oct 2022 14:36:06 +0200
Subject: [PATCH] repart: Let libcryptsetup calculate the volume key

We also bump the volume key size to 512 bits.
---
 src/partition/repart.c | 29 +++++++++++------------------
 1 file changed, 11 insertions(+), 18 deletions(-)

diff --git a/src/partition/repart.c b/src/partition/repart.c
index d042043576..edc085dc15 100644
--- a/src/partition/repart.c
+++ b/src/partition/repart.c
@@ -90,6 +90,9 @@
 /* LUKS2 takes off 16M of the partition size with its metadata by default */
 #define LUKS2_METADATA_SIZE (16ULL*1024ULL*1024ULL)
 
+/* LUKS2 volume key size. */
+#define VOLUME_KEY_SIZE (512ULL/8ULL)
+
 /* Note: When growing and placing new partitions we always align to 4K sector size. It's how newer hard disks
  * are designed, and if everything is aligned to that performance is best. And for older hard disks with 512B
  * sector size devices were generally assumed to have an even number of sectors, hence at the worst we'll
@@ -2991,9 +2994,7 @@ static int partition_encrypt(
                 int *ret_fd) {
 #if HAVE_LIBCRYPTSETUP
         _cleanup_(sym_crypt_freep) struct crypt_device *cd = NULL;
-        _cleanup_(erase_and_freep) void *volume_key = NULL;
         _cleanup_free_ char *dm_name = NULL, *vol = NULL;
-        size_t volume_key_size = 256 / 8;
         sd_id128_t uuid;
         int r;
 
@@ -3022,14 +3023,6 @@ static int partition_encrypt(
 
         log_info("Encrypting future partition %" PRIu64 "...", p->partno);
 
-        volume_key = malloc(volume_key_size);
-        if (!volume_key)
-                return log_oom();
-
-        r = crypto_random_bytes(volume_key, volume_key_size);
-        if (r < 0)
-                return log_error_errno(r, "Failed to generate volume key: %m");
-
         r = sym_crypt_init(&cd, node);
         if (r < 0)
                 return log_error_errno(r, "Failed to allocate libcryptsetup context: %m");
@@ -3041,8 +3034,8 @@ static int partition_encrypt(
                          "aes",
                          "xts-plain64",
                          SD_ID128_TO_UUID_STRING(uuid),
-                         volume_key,
-                         volume_key_size,
+                         NULL,
+                         VOLUME_KEY_SIZE,
                          &(struct crypt_params_luks2) {
                                  .label = strempty(p->new_label),
                                  .sector_size = context->sector_size,
@@ -3054,8 +3047,8 @@ static int partition_encrypt(
                 r = sym_crypt_keyslot_add_by_volume_key(
                                 cd,
                                 CRYPT_ANY_SLOT,
-                                volume_key,
-                                volume_key_size,
+                                NULL,
+                                VOLUME_KEY_SIZE,
                                 strempty(arg_key),
                                 arg_key_size);
                 if (r < 0)
@@ -3108,8 +3101,8 @@ static int partition_encrypt(
                 keyslot = sym_crypt_keyslot_add_by_volume_key(
                                 cd,
                                 CRYPT_ANY_SLOT,
-                                volume_key,
-                                volume_key_size,
+                                NULL,
+                                VOLUME_KEY_SIZE,
                                 base64_encoded,
                                 strlen(base64_encoded));
                 if (keyslot < 0)
@@ -3141,8 +3134,8 @@ static int partition_encrypt(
         r = sym_crypt_activate_by_volume_key(
                         cd,
                         dm_name,
-                        volume_key,
-                        volume_key_size,
+                        NULL,
+                        VOLUME_KEY_SIZE,
                         arg_discard ? CRYPT_ACTIVATE_ALLOW_DISCARDS : 0);
         if (r < 0)
                 return log_error_errno(r, "Failed to activate LUKS superblock: %m");
-- 
2.25.1