Allow unbound keyslots to be assigned to existing digest.

If passed key matches any existing digest we will not create new digest but assign the keyslot to already existing one. Because reencryption should be able to create more than one keyslot assigned to new key digest. TODO: Tests for the new feature
2025-12-11 19:00:02 +01:00 · 2018-09-13 13:51:50 +02:00
parent a848179286
commit 7569519530
4 changed files with 50 additions and 23 deletions
--- a/lib/libcryptsetup.h
+++ b/lib/libcryptsetup.h
@@ -957,6 +957,9 @@ int crypt_keyslot_add_by_volume_key(struct crypt_device *cd,
 /** create keyslot with new volume key and assign it to current dm-crypt segment */
 #define CRYPT_VOLUME_KEY_SET (1 << 1)

+/** Assign key to first matching digest before creating new digest */
+#define CRYPT_VOLUME_KEY_DIGEST_REUSE (1 << 2)
+
 /**
 * Add key slot using provided key.
 *