11__author__ = 'desultory'
2- __version__ = '2.8.1 '
2+ __version__ = '2.9.0 '
33
44from zenlib .util import contains
55
66from pathlib import Path
77
88_module_name = 'ugrd.crypto.cryptsetup'
99
10- CRYPTSETUP_PARAMETERS = ['key_type' , 'partuuid' , 'uuid' , 'path' , 'key_file' , 'header_file' , 'retries' , 'key_command' , 'reset_command' , 'try_nokey' , 'include_key' , 'validate_key' , 'validate' ]
10+ CRYPTSETUP_PARAMETERS = ['key_type' , 'partuuid' , 'uuid' , 'path' ,
11+ 'key_file' , 'header_file' , 'retries' ,
12+ 'key_command' , 'reset_command' , 'try_nokey' ,
13+ 'include_key' , 'validate_key' , 'validate' ]
1114
1215
1316def _merge_cryptsetup (self , mapped_name : str , config : dict ) -> None :
@@ -176,7 +179,7 @@ def _validate_cryptsetup_device(self, mapped_name) -> None:
176179 return self .logger .error ("[%s] Unable to read LUKS header: %s" % (mapped_name , e ))
177180 self .logger .warning ("[%s] Cannot read detached LUKS header for validation: %s" % (mapped_name , e ))
178181
179- if token_type == 'uuid' : # Validate the LUKS UUID
182+ if token_type == 'uuid' : # Validate the LUKS UUID using the header
180183 for line in luks_info :
181184 if 'UUID' in line :
182185 if line .split ()[1 ] != cryptsetup_token :
@@ -189,22 +192,27 @@ def _validate_cryptsetup_device(self, mapped_name) -> None:
189192 if 'Cipher: aes-xts-plain64' in luks_info :
190193 self ['kernel_modules' ] = 'crypto_xts'
191194
192- has_argon = False
195+ if not self ['argon2' ]:
196+ if cryptsetup_info .get ('header_file' ): # A header may be specified but unavailable
197+ self .logger .error ("[%s] Unable to check: libargon2.so" % mapped_name )
198+ if 'PBKDF: argon2id' in luks_info : # If luks info is found, and argon is used, raise an error
199+ raise FileNotFoundError ("[%s] Missing cryptsetup dependency: libargon2.so" % mapped_name )
200+ self .logger .error ("[%s] Unable to validate argon support for LUKS: %s" % (mapped_name , luks_info ))
201+
202+
203+ def detect_argon2 (self ) -> None :
204+ """ Validates that argon2 is available when argon2id is used. """
205+ argon = False
193206 for dep in self ['dependencies' ]: # Ensure argon is installed if argon2id is used
194207 if dep .name .startswith ('libargon2.so' ):
195- has_argon = True
208+ argon = True
196209 elif dep .name .startswith ('libcrypto.so' ):
197210 openssl_kdfs = self ._run (['openssl' , 'list' , '-kdf-algorithms' ]).stdout .decode ().lower ().split ('\n ' )
198211 self .logger .debug ("OpenSSL KDFs: %s" % openssl_kdfs )
199212 for kdf in openssl_kdfs :
200213 if kdf .lstrip ().startswith ('argon2id' ) and 'default' in kdf :
201- has_argon = True
202- if not has_argon :
203- if cryptsetup_info .get ('header_file' ): # A header may be specified but unavailable
204- self .logger .error ("[%s] Unable to check: libargon2.so" % mapped_name )
205- if 'PBKDF: argon2id' in luks_info : # If luks info is found, and argon is used, raise an error
206- raise FileNotFoundError ("[%s] Missing cryptsetup dependency: libargon2.so" % mapped_name )
207- self .logger .error ("[%s] Unable to validate argon support for LUKS: %s" % (mapped_name , luks_info ))
214+ argon = True
215+ self ['argon2' ] = argon
208216
209217
210218@contains ('validate' , "Skipping cryptsetup configuration validation." , log_level = 30 )
0 commit comments