Add --key-description for open command.

man/common_options.adoc

@@ -441,7 +441,7 @@ it is requested.
 Reencrypt only the LUKS1 header and keyslots. Skips data in-place reencryption.
 endif::[]
 
-ifdef::ACTION_LUKSFORMAT,ACTION_LUKSDUMP,ACTION_RESIZE,ACTION_TOKEN[]
+ifdef::ACTION_OPEN,ACTION_LUKSFORMAT,ACTION_LUKSDUMP,ACTION_RESIZE,ACTION_TOKEN[]
 *--key-description <text>*::
 Set key description in keyring that will be used for passphrase retrieval.
 endif::[]

src/cryptsetup.c

@@ -409,7 +409,7 @@ static int tcrypt_load(struct crypt_device *cd, struct crypt_params_tcrypt *para
 {
 	int r, tries, eperm = 0;
 
-	tries = set_tries_tty();
+	tries = set_tries_tty(false);
 	do {
 		/* TCRYPT header is encrypted, get passphrase now */
 		r = tools_get_key(NULL, CONST_CAST(char**)&params->passphrase,
@@ -555,7 +555,7 @@ static int action_open_bitlk(void)
 		r = crypt_activate_by_volume_key(cd, activated_name,
 						 key, keysize, activate_flags);
 	} else {
-		tries = set_tries_tty();
+		tries = set_tries_tty(false);
 		do {
 			r = tools_get_key(NULL, &password, &passwordLen,
 					ARG_UINT64(OPT_KEYFILE_OFFSET_ID), ARG_UINT32(OPT_KEYFILE_SIZE_ID), ARG_STR(OPT_KEY_FILE_ID),
@@ -837,7 +837,7 @@ static int action_open_fvault2(void)
 			goto out;
 		r = crypt_activate_by_volume_key(cd, activated_name, key, keysize, activate_flags);
 	} else {
-		tries = set_tries_tty();
+		tries = set_tries_tty(false);
 		do {
 			r = tools_get_key(NULL, &password, &passwordLen,
 				ARG_UINT64(OPT_KEYFILE_OFFSET_ID), ARG_UINT32(OPT_KEYFILE_SIZE_ID),
@@ -1889,7 +1889,7 @@ static int action_open_luks(void)
 	char *password = NULL;
 	size_t passwordLen;
 	struct stat st;
-	struct crypt_keyslot_context *kc1 = NULL, *kc2 = NULL;
+	struct crypt_keyslot_context *kc = NULL, *kc1 = NULL, *kc2 = NULL;
 
 	if (ARG_SET(OPT_REFRESH_ID)) {
 		activated_name = action_argc > 1 ? action_argv[1] : action_argv[0];
@@ -1987,21 +1987,22 @@ static int action_open_luks(void)
 		r = _try_token_unlock(cd, ARG_INT32(OPT_KEY_SLOT_ID),
 				      ARG_INT32(OPT_TOKEN_ID_ID), activated_name,
 				      ARG_STR(OPT_TOKEN_TYPE_ID), activate_flags,
-				      set_tries_tty(), true, ARG_SET(OPT_TOKEN_ONLY_ID));
+				      set_tries_tty(false), true, ARG_SET(OPT_TOKEN_ONLY_ID));
 
 		if (r >= 0 || r == -EEXIST || quit || ARG_SET(OPT_TOKEN_ONLY_ID))
 			goto out;
 
-		tries = set_tries_tty();
+		tries = set_tries_tty(true);
 		do {
-			r = tools_get_key(NULL, &password, &passwordLen,
-					ARG_UINT64(OPT_KEYFILE_OFFSET_ID), ARG_UINT32(OPT_KEYFILE_SIZE_ID), ARG_STR(OPT_KEY_FILE_ID),
-					ARG_UINT32(OPT_TIMEOUT_ID), verify_passphrase(0), 0, cd);
+			r = init_keyslot_context(cd, &password, &passwordLen, verify_passphrase(0), false, false, &kc);
 			if (r < 0)
 				goto out;
 
-			r = crypt_activate_by_passphrase(cd, activated_name,
-				ARG_INT32(OPT_KEY_SLOT_ID), password, passwordLen, activate_flags);
+			r = crypt_activate_by_keyslot_context(cd, activated_name, ARG_INT32(OPT_KEY_SLOT_ID),
+							      kc, CRYPT_ANY_SLOT, NULL, activate_flags);
+			crypt_keyslot_context_free(kc);
+			kc = NULL;
+
 			tools_keyslot_msg(r, UNLOCKED);
 			tools_passphrase_msg(r);
 			check_signal(&r);
@@ -2896,7 +2897,7 @@ static int action_luksResume(void)
 	/* try to resume LUKS2 device by token first */
 	r = _try_token_unlock(cd, ARG_INT32(OPT_KEY_SLOT_ID), ARG_INT32(OPT_TOKEN_ID_ID),
 			      action_argv[0], ARG_STR(OPT_TOKEN_TYPE_ID), 0,
-			      set_tries_tty(), false, ARG_SET(OPT_TOKEN_ONLY_ID));
+			      set_tries_tty(false), false, ARG_SET(OPT_TOKEN_ONLY_ID));
 
 	if (r >= 0 || quit || ARG_SET(OPT_TOKEN_ONLY_ID))
 		goto out;
@@ -2912,7 +2913,7 @@ static int action_luksResume(void)
 		goto out;
 	}
 
-	tries = set_tries_tty();
+	tries = set_tries_tty(false);
 	do {
 		r = tools_get_key(NULL, &password, &passwordLen,
 			ARG_UINT64(OPT_KEYFILE_OFFSET_ID), ARG_UINT32(OPT_KEYFILE_SIZE_ID), ARG_STR(OPT_KEY_FILE_ID),

src/cryptsetup_args.h

@@ -71,7 +71,7 @@
 #define OPT_ITER_TIME_ACTIONS			{ BENCHMARK_ACTION, FORMAT_ACTION, ADDKEY_ACTION, CHANGEKEY_ACTION, CONVERTKEY_ACTION, REENCRYPT_ACTION }
 #define OPT_IV_LARGE_SECTORS_ACTIONS		{ OPEN_ACTION }
 #define OPT_KEEP_KEY_ACTIONS			{ REENCRYPT_ACTION }
-#define OPT_KEY_DESCRIPTION_ACTIONS		{ TOKEN_ACTION, LUKSDUMP_ACTION, FORMAT_ACTION, RESIZE_ACTION }
+#define OPT_KEY_DESCRIPTION_ACTIONS		{ TOKEN_ACTION, LUKSDUMP_ACTION, FORMAT_ACTION, RESIZE_ACTION, OPEN_ACTION }
 #define OPT_KEY_SIZE_ACTIONS			{ OPEN_ACTION, BENCHMARK_ACTION, FORMAT_ACTION, REENCRYPT_ACTION, ADDKEY_ACTION }
 #define OPT_KEY_SLOT_ACTIONS			{ OPEN_ACTION, REENCRYPT_ACTION, CONFIG_ACTION, FORMAT_ACTION, ADDKEY_ACTION, CHANGEKEY_ACTION, CONVERTKEY_ACTION, LUKSDUMP_ACTION, TOKEN_ACTION, RESUME_ACTION }
 #define OPT_KEYSLOT_CIPHER_ACTIONS		{ FORMAT_ACTION, REENCRYPT_ACTION, ADDKEY_ACTION, CHANGEKEY_ACTION, CONVERTKEY_ACTION }

src/utils_luks.c

@@ -141,8 +141,11 @@ int set_pbkdf_params(struct crypt_device *cd, const char *dev_type)
 	return crypt_set_pbkdf_type(cd, &pbkdf);
 }
 
-int set_tries_tty(void)
+int set_tries_tty(bool keyring)
 {
+	if (keyring && ARG_SET(OPT_KEY_DESCRIPTION_ID))
+		return 1;
+
 	return (tools_is_stdin(ARG_STR(OPT_KEY_FILE_ID)) && isatty(STDIN_FILENO)) ? ARG_UINT32(OPT_TRIES_ID) : 1;
 }
 

src/utils_luks.h

@@ -24,6 +24,7 @@
 #define UTILS_LUKS_H
 
 #include <stdint.h>
+#include <stdbool.h>
 
 const char *luksType(const char *type);
 
@@ -37,7 +38,7 @@ void set_activation_flags(uint32_t *flags);
 
 int set_pbkdf_params(struct crypt_device *cd, const char *dev_type);
 
-int set_tries_tty(void);
+int set_tries_tty(bool keyring);
 
 int get_adjusted_key_size(const char *cipher_mode, uint32_t default_size_bits, int integrity_keysize);
 

src/utils_reencrypt.c

@@ -960,7 +960,7 @@ static int init_passphrase(struct keyslot_passwords *kp, size_t keyslot_password
 			return -ENOENT;
 	}
 
-	retry_count = set_tries_tty();
+	retry_count = set_tries_tty(false);
 
 	while (retry_count--) {
 		r = tools_get_key(msg,  &password, &passwordLen, 0, 0,