fscrypt: Fetch passphrase when keyFn is invoked not created

Fetch password when keyFn is invoked, not when it is created. This
allows creation of the keyFn before actually creating the passphrase.

Signed-off-by: Marcel Lauhoff <marcel.lauhoff@suse.com>
This commit is contained in:
Marcel Lauhoff 2022-07-19 16:57:26 +02:00 committed by mergify[bot]
parent a6a4282493
commit dd0e1988c0

View File

@ -85,13 +85,13 @@ func createKeyFuncFromVolumeEncryption(
encryption util.VolumeEncryption, encryption util.VolumeEncryption,
volID string, volID string,
) (func(fscryptactions.ProtectorInfo, bool) (*fscryptcrypto.Key, error), error) { ) (func(fscryptactions.ProtectorInfo, bool) (*fscryptcrypto.Key, error), error) {
passphrase, err := getPassphrase(ctx, encryption, volID)
if err != nil {
return nil, err
}
keyFunc := func(info fscryptactions.ProtectorInfo, retry bool) (*fscryptcrypto.Key, error) { keyFunc := func(info fscryptactions.ProtectorInfo, retry bool) (*fscryptcrypto.Key, error) {
key, err := fscryptcrypto.NewBlankKey(32) passphrase, err := getPassphrase(ctx, encryption, volID)
if err != nil {
return nil, err
}
key, err := fscryptcrypto.NewBlankKey(encryptionPassphraseSize / 2)
copy(key.Data(), passphrase) copy(key.Data(), passphrase)
return key, err return key, err