eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-20 15:20:07 +01:00
Code Issues Packages Projects Releases Wiki Activity

Allow linking VK to a user-specified keyring.

Browse Source 
Add a new API crypt_set_keyring_to_link nad CLI option
--link-vk-to-keyring. This allows the user to specify ID of the keyring
where the VK should be linked.
This commit is contained in:
Daniel Zatovic
2023-03-10 11:19:33 +01:00
parent 1b25cc5ed7
commit 138da3e73a
9 changed files with 83 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/cryptsetup.c
View File

@@ -1654,6 +1654,9 @@ static int action_open_luks(void)
set_activation_flags(&activate_flags);
if (ARG_SET(OPT_LINK_VK_TO_KEYRING_ID))
crypt_set_keyring_to_link(cd, ARG_INT32(OPT_LINK_VK_TO_KEYRING_ID));
if (ARG_SET(OPT_VOLUME_KEY_FILE_ID)) {
keysize = crypt_get_volume_key_size(cd);
if (!keysize && !ARG_SET(OPT_KEY_SIZE_ID)) {
@@ -2509,6 +2512,9 @@ static int action_luksResume(void)
return r;
r = -EINVAL;
if (ARG_SET(OPT_LINK_VK_TO_KEYRING_ID))
crypt_set_keyring_to_link(cd, ARG_INT32(OPT_LINK_VK_TO_KEYRING_ID));
if (!isLUKS(crypt_get_type(cd))) {
log_err(_("%s is not active LUKS device name or header is missing."), action_argv[0]);
goto out;
@@ -3655,6 +3661,11 @@ int main(int argc, const char **argv)
_("PBKDF forced iterations cannot be combined with iteration time option."),
poptGetInvocationName(popt_context));
if (ARG_SET(OPT_DISABLE_KEYRING_ID) && ARG_SET(OPT_LINK_VK_TO_KEYRING_ID))
usage(popt_context, EXIT_FAILURE,
_("Cannot link volume key to a keyring when keyring is disabled."),
poptGetInvocationName(popt_context));
if (ARG_SET(OPT_DEBUG_ID) || ARG_SET(OPT_DEBUG_JSON_ID)) {
crypt_set_debug_level(ARG_SET(OPT_DEBUG_JSON_ID)? CRYPT_DEBUG_JSON : CRYPT_DEBUG_ALL);
dbg_version_and_cmd(argc, argv);