Add --key-description for luksFormat command.

2025-12-16 13:20:11 +01:00 · 2024-02-14 10:53:01 +01:00
parent e085ae461f
commit 3e01e151f8
3 changed files with 13 additions and 8 deletions
--- a/man/common_options.adoc
+++ b/man/common_options.adoc
@@ -441,7 +441,7 @@ it is requested.
 Reencrypt only the LUKS1 header and keyslots. Skips data in-place reencryption.
 endif::[]
-ifdef::ACTION_LUKSDUMP,ACTION_TOKEN[]
+ifdef::ACTION_LUKSFORMAT,ACTION_LUKSDUMP,ACTION_TOKEN[]
 *--key-description <text>*::
 Set key description in keyring that will be used for passphrase retrieval.
 endif::[]
--- a/src/cryptsetup.c
+++ b/src/cryptsetup.c
@@ -1486,6 +1486,7 @@ int luksFormat(struct crypt_device **r_cd, char **r_password, size_t *r_password
 		.user_key_size = DEFAULT_LUKS1_KEYBITS / 8
 	};
 	void *params;
 	struct crypt_keyslot_context *kc = NULL, *new_kc = NULL;
 	type = luksType(device_type);
 	if (!type)
@@ -1618,9 +1619,8 @@ int luksFormat(struct crypt_device **r_cd, char **r_password, size_t *r_password
 	else if (ARG_SET(OPT_USE_URANDOM_ID))
 		crypt_set_rng_type(cd, CRYPT_RNG_URANDOM);
-	r = tools_get_key(NULL, &password, &passwordLen,
+	r = init_keyslot_context(cd, &password, &passwordLen, verify_passphrase(1),
-			  ARG_UINT64(OPT_KEYFILE_OFFSET_ID), ARG_UINT32(OPT_KEYFILE_SIZE_ID), ARG_STR(OPT_KEY_FILE_ID),
+				 !ARG_SET(OPT_FORCE_PASSWORD_ID), r_password != NULL, &new_kc);
 			  ARG_UINT32(OPT_TIMEOUT_ID), verify_passphrase(1), !ARG_SET(OPT_FORCE_PASSWORD_ID), cd);
 	if (r < 0)
 		goto out;
@@ -1673,9 +1673,12 @@ int luksFormat(struct crypt_device **r_cd, char **r_password, size_t *r_password
 	if (r < 0)
 		goto out;
-	r = crypt_keyslot_add_by_volume_key(cd, ARG_INT32(OPT_KEY_SLOT_ID),
+	r = crypt_keyslot_context_init_by_volume_key(cd, key, keysize, &kc);
-					    key, keysize,
+	if (r < 0)
-					    password, passwordLen);
+		goto out;
 	r = crypt_keyslot_add_by_keyslot_context(cd, CRYPT_ANY_SLOT, kc,
 						 ARG_INT32(OPT_KEY_SLOT_ID), new_kc, 0);
 	if (r < 0) {
 		wipe_signatures = true;
 		goto out;
@@ -1691,6 +1694,8 @@ int luksFormat(struct crypt_device **r_cd, char **r_password, size_t *r_password
 	}
 out:
 	crypt_safe_free(key);
 	crypt_keyslot_context_free(kc);
 	crypt_keyslot_context_free(new_kc);
 	if (r < 0) {
 		encrypt_type = crypt_get_hw_encryption_type(cd);
--- a/src/cryptsetup_args.h
+++ b/src/cryptsetup_args.h
@@ -71,7 +71,7 @@
 #define OPT_ITER_TIME_ACTIONS			{ BENCHMARK_ACTION, FORMAT_ACTION, ADDKEY_ACTION, CHANGEKEY_ACTION, CONVERTKEY_ACTION, REENCRYPT_ACTION }
 #define OPT_IV_LARGE_SECTORS_ACTIONS		{ OPEN_ACTION }
 #define OPT_KEEP_KEY_ACTIONS			{ REENCRYPT_ACTION }
-#define OPT_KEY_DESCRIPTION_ACTIONS		{ TOKEN_ACTION, LUKSDUMP_ACTION }
+#define OPT_KEY_DESCRIPTION_ACTIONS		{ TOKEN_ACTION, LUKSDUMP_ACTION, FORMAT_ACTION }
 #define OPT_KEY_SIZE_ACTIONS			{ OPEN_ACTION, BENCHMARK_ACTION, FORMAT_ACTION, REENCRYPT_ACTION, ADDKEY_ACTION }
 #define OPT_KEY_SLOT_ACTIONS			{ OPEN_ACTION, REENCRYPT_ACTION, CONFIG_ACTION, FORMAT_ACTION, ADDKEY_ACTION, CHANGEKEY_ACTION, CONVERTKEY_ACTION, LUKSDUMP_ACTION, TOKEN_ACTION, RESUME_ACTION }
 #define OPT_KEYSLOT_CIPHER_ACTIONS		{ FORMAT_ACTION, REENCRYPT_ACTION, ADDKEY_ACTION, CHANGEKEY_ACTION, CONVERTKEY_ACTION }