eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-16 21:29:59 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add --key-description for luksFormat command.

Browse Source
This commit is contained in:
Milan Broz
2024-02-14 10:53:01 +01:00
parent e085ae461f
commit 3e01e151f8
3 changed files with 13 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
man/common_options.adoc
View File

@@ -441,7 +441,7 @@ it is requested.
Reencrypt only the LUKS1 header and keyslots. Skips data in-place reencryption.
endif::[]
ifdef::ACTION_LUKSDUMP,ACTION_TOKEN[]
ifdef::ACTION_LUKSFORMAT,ACTION_LUKSDUMP,ACTION_TOKEN[]
*--key-description <text>*::
Set key description in keyring that will be used for passphrase retrieval.
endif::[]

17
src/cryptsetup.c
View File

@@ -1486,6 +1486,7 @@ int luksFormat(struct crypt_device **r_cd, char **r_password, size_t *r_password
.user_key_size = DEFAULT_LUKS1_KEYBITS / 8
};
void *params;
struct crypt_keyslot_context *kc = NULL, *new_kc = NULL;
type = luksType(device_type);
if (!type)
@@ -1618,9 +1619,8 @@ int luksFormat(struct crypt_device **r_cd, char **r_password, size_t *r_password
else if (ARG_SET(OPT_USE_URANDOM_ID))
crypt_set_rng_type(cd, CRYPT_RNG_URANDOM);
r = tools_get_key(NULL, &password, &passwordLen,
ARG_UINT64(OPT_KEYFILE_OFFSET_ID), ARG_UINT32(OPT_KEYFILE_SIZE_ID), ARG_STR(OPT_KEY_FILE_ID),
ARG_UINT32(OPT_TIMEOUT_ID), verify_passphrase(1), !ARG_SET(OPT_FORCE_PASSWORD_ID), cd);
r = init_keyslot_context(cd, &password, &passwordLen, verify_passphrase(1),
!ARG_SET(OPT_FORCE_PASSWORD_ID), r_password != NULL, &new_kc);
if (r < 0)
goto out;
@@ -1673,9 +1673,12 @@ int luksFormat(struct crypt_device **r_cd, char **r_password, size_t *r_password
if (r < 0)
goto out;
r = crypt_keyslot_add_by_volume_key(cd, ARG_INT32(OPT_KEY_SLOT_ID),
key, keysize,
password, passwordLen);
r = crypt_keyslot_context_init_by_volume_key(cd, key, keysize, &kc);
if (r < 0)
goto out;
r = crypt_keyslot_add_by_keyslot_context(cd, CRYPT_ANY_SLOT, kc,
ARG_INT32(OPT_KEY_SLOT_ID), new_kc, 0);
if (r < 0) {
wipe_signatures = true;
goto out;
@@ -1691,6 +1694,8 @@ int luksFormat(struct crypt_device **r_cd, char **r_password, size_t *r_password
}
out:
crypt_safe_free(key);
crypt_keyslot_context_free(kc);
crypt_keyslot_context_free(new_kc);
if (r < 0) {
encrypt_type = crypt_get_hw_encryption_type(cd);

2
src/cryptsetup_args.h
View File

@@ -71,7 +71,7 @@
#define OPT_ITER_TIME_ACTIONS { BENCHMARK_ACTION, FORMAT_ACTION, ADDKEY_ACTION, CHANGEKEY_ACTION, CONVERTKEY_ACTION, REENCRYPT_ACTION }
#define OPT_IV_LARGE_SECTORS_ACTIONS { OPEN_ACTION }
#define OPT_KEEP_KEY_ACTIONS { REENCRYPT_ACTION }
#define OPT_KEY_DESCRIPTION_ACTIONS { TOKEN_ACTION, LUKSDUMP_ACTION }
#define OPT_KEY_DESCRIPTION_ACTIONS { TOKEN_ACTION, LUKSDUMP_ACTION, FORMAT_ACTION }
#define OPT_KEY_SIZE_ACTIONS { OPEN_ACTION, BENCHMARK_ACTION, FORMAT_ACTION, REENCRYPT_ACTION, ADDKEY_ACTION }
#define OPT_KEY_SLOT_ACTIONS { OPEN_ACTION, REENCRYPT_ACTION, CONFIG_ACTION, FORMAT_ACTION, ADDKEY_ACTION, CHANGEKEY_ACTION, CONVERTKEY_ACTION, LUKSDUMP_ACTION, TOKEN_ACTION, RESUME_ACTION }
#define OPT_KEYSLOT_CIPHER_ACTIONS { FORMAT_ACTION, REENCRYPT_ACTION, ADDKEY_ACTION, CHANGEKEY_ACTION, CONVERTKEY_ACTION }