diff --git a/man/common_options.adoc b/man/common_options.adoc index 2afeaa5f..bfd02f6e 100644 --- a/man/common_options.adoc +++ b/man/common_options.adoc @@ -441,7 +441,7 @@ it is requested. Reencrypt only the LUKS1 header and keyslots. Skips data in-place reencryption. endif::[] -ifdef::ACTION_LUKSDUMP,ACTION_TOKEN[] +ifdef::ACTION_LUKSFORMAT,ACTION_LUKSDUMP,ACTION_TOKEN[] *--key-description *:: Set key description in keyring that will be used for passphrase retrieval. endif::[] diff --git a/src/cryptsetup.c b/src/cryptsetup.c index 5ceeee62..97728c6c 100644 --- a/src/cryptsetup.c +++ b/src/cryptsetup.c @@ -1486,6 +1486,7 @@ int luksFormat(struct crypt_device **r_cd, char **r_password, size_t *r_password .user_key_size = DEFAULT_LUKS1_KEYBITS / 8 }; void *params; + struct crypt_keyslot_context *kc = NULL, *new_kc = NULL; type = luksType(device_type); if (!type) @@ -1618,9 +1619,8 @@ int luksFormat(struct crypt_device **r_cd, char **r_password, size_t *r_password else if (ARG_SET(OPT_USE_URANDOM_ID)) crypt_set_rng_type(cd, CRYPT_RNG_URANDOM); - r = tools_get_key(NULL, &password, &passwordLen, - ARG_UINT64(OPT_KEYFILE_OFFSET_ID), ARG_UINT32(OPT_KEYFILE_SIZE_ID), ARG_STR(OPT_KEY_FILE_ID), - ARG_UINT32(OPT_TIMEOUT_ID), verify_passphrase(1), !ARG_SET(OPT_FORCE_PASSWORD_ID), cd); + r = init_keyslot_context(cd, &password, &passwordLen, verify_passphrase(1), + !ARG_SET(OPT_FORCE_PASSWORD_ID), r_password != NULL, &new_kc); if (r < 0) goto out; @@ -1673,9 +1673,12 @@ int luksFormat(struct crypt_device **r_cd, char **r_password, size_t *r_password if (r < 0) goto out; - r = crypt_keyslot_add_by_volume_key(cd, ARG_INT32(OPT_KEY_SLOT_ID), - key, keysize, - password, passwordLen); + r = crypt_keyslot_context_init_by_volume_key(cd, key, keysize, &kc); + if (r < 0) + goto out; + + r = crypt_keyslot_add_by_keyslot_context(cd, CRYPT_ANY_SLOT, kc, + ARG_INT32(OPT_KEY_SLOT_ID), new_kc, 0); if (r < 0) { wipe_signatures = true; goto out; @@ -1691,6 +1694,8 @@ int luksFormat(struct crypt_device **r_cd, char **r_password, size_t *r_password } out: crypt_safe_free(key); + crypt_keyslot_context_free(kc); + crypt_keyslot_context_free(new_kc); if (r < 0) { encrypt_type = crypt_get_hw_encryption_type(cd); diff --git a/src/cryptsetup_args.h b/src/cryptsetup_args.h index 1bdc3ddb..c1c66559 100644 --- a/src/cryptsetup_args.h +++ b/src/cryptsetup_args.h @@ -71,7 +71,7 @@ #define OPT_ITER_TIME_ACTIONS { BENCHMARK_ACTION, FORMAT_ACTION, ADDKEY_ACTION, CHANGEKEY_ACTION, CONVERTKEY_ACTION, REENCRYPT_ACTION } #define OPT_IV_LARGE_SECTORS_ACTIONS { OPEN_ACTION } #define OPT_KEEP_KEY_ACTIONS { REENCRYPT_ACTION } -#define OPT_KEY_DESCRIPTION_ACTIONS { TOKEN_ACTION, LUKSDUMP_ACTION } +#define OPT_KEY_DESCRIPTION_ACTIONS { TOKEN_ACTION, LUKSDUMP_ACTION, FORMAT_ACTION } #define OPT_KEY_SIZE_ACTIONS { OPEN_ACTION, BENCHMARK_ACTION, FORMAT_ACTION, REENCRYPT_ACTION, ADDKEY_ACTION } #define OPT_KEY_SLOT_ACTIONS { OPEN_ACTION, REENCRYPT_ACTION, CONFIG_ACTION, FORMAT_ACTION, ADDKEY_ACTION, CHANGEKEY_ACTION, CONVERTKEY_ACTION, LUKSDUMP_ACTION, TOKEN_ACTION, RESUME_ACTION } #define OPT_KEYSLOT_CIPHER_ACTIONS { FORMAT_ACTION, REENCRYPT_ACTION, ADDKEY_ACTION, CHANGEKEY_ACTION, CONVERTKEY_ACTION }