Add --key-description for luksDump command.

2025-12-16 13:20:11 +01:00 · 2024-02-14 09:49:06 +01:00
parent 4a40d79322
commit e085ae461f
3 changed files with 31 additions and 7 deletions
--- a/man/common_options.adoc
+++ b/man/common_options.adoc
@@ -441,7 +441,7 @@ it is requested.
 Reencrypt only the LUKS1 header and keyslots. Skips data in-place reencryption.
 endif::[]
-ifdef::ACTION_TOKEN[]
+ifdef::ACTION_LUKSDUMP,ACTION_TOKEN[]
 *--key-description <text>*::
 Set key description in keyring that will be used for passphrase retrieval.
 endif::[]
--- a/src/cryptsetup.c
+++ b/src/cryptsetup.c
@@ -97,6 +97,31 @@ static int _set_keyslot_encryption_params(struct crypt_device *cd)
 	return crypt_keyslot_set_encryption(cd, ARG_STR(OPT_KEYSLOT_CIPHER_ID), ARG_UINT32(OPT_KEYSLOT_KEY_SIZE_ID) / 8);
 }
 static int init_keyslot_context(struct crypt_device *cd,
 				char **password, size_t *passwordLen, bool verify, bool pwquality,
 				bool reencrypt, /* tmp hack to use old get_key */
 				struct crypt_keyslot_context **kc)
 {
 	int r = -EINVAL;
 	if (ARG_SET(OPT_KEY_DESCRIPTION_ID))
 		r = crypt_keyslot_context_init_by_keyring(cd, ARG_STR(OPT_KEY_DESCRIPTION_ID), kc);
 	else if (ARG_SET(OPT_KEY_FILE_ID) && !tools_is_stdin(ARG_STR(OPT_KEY_FILE_ID)) && !reencrypt)
 		r = crypt_keyslot_context_init_by_keyfile(cd, ARG_STR(OPT_KEY_FILE_ID),
 							  ARG_UINT32(OPT_KEYFILE_SIZE_ID),
 							  ARG_UINT64(OPT_KEYFILE_OFFSET_ID), kc);
 	else if (password) {
 		r = tools_get_key(NULL, password, passwordLen, ARG_UINT64(OPT_KEYFILE_OFFSET_ID),
 				  ARG_UINT32(OPT_KEYFILE_SIZE_ID), ARG_STR(OPT_KEY_FILE_ID),
 				  ARG_UINT32(OPT_TIMEOUT_ID), verify, pwquality, cd);
 		if (r < 0)
 			return r;
 		r = crypt_keyslot_context_init_by_passphrase(cd, *password, *passwordLen, kc);
 	}
 	return r;
 }
 static int _try_token_unlock(struct crypt_device *cd,
 			     int keyslot,
 			     int token_id,
@@ -2640,6 +2665,7 @@ static int luksDump_with_volume_key(struct crypt_device *cd)
 {
 	char *vk = NULL, *password = NULL;
 	size_t passwordLen = 0;
 	struct crypt_keyslot_context *kc = NULL;
 	size_t vk_size;
 	int r;
@@ -2655,14 +2681,11 @@ static int luksDump_with_volume_key(struct crypt_device *cd)
 	if (!vk)
 		return -ENOMEM;
-	r = tools_get_key(NULL, &password, &passwordLen,
+	r = init_keyslot_context(cd, &password, &passwordLen, false, false, false, &kc);
 			  ARG_UINT64(OPT_KEYFILE_OFFSET_ID), ARG_UINT32(OPT_KEYFILE_SIZE_ID), ARG_STR(OPT_KEY_FILE_ID),
 			  ARG_UINT32(OPT_TIMEOUT_ID), 0, 0, cd);
 	if (r < 0)
 		goto out;
-	r = crypt_volume_key_get(cd, CRYPT_ANY_SLOT, vk, &vk_size,
+	r = crypt_volume_key_get_by_keyslot_context(cd, CRYPT_ANY_SLOT, vk, &vk_size, kc);
 				 password, passwordLen);
 	tools_passphrase_msg(r);
 	check_signal(&r);
 	if (r < 0)
@@ -2690,6 +2713,7 @@ static int luksDump_with_volume_key(struct crypt_device *cd)
 	log_std("\n");
 out:
 	crypt_safe_free(password);
 	crypt_keyslot_context_free(kc);
 	crypt_safe_free(vk);
 	return r;
 }
--- a/src/cryptsetup_args.h
+++ b/src/cryptsetup_args.h
@@ -71,7 +71,7 @@
 #define OPT_ITER_TIME_ACTIONS			{ BENCHMARK_ACTION, FORMAT_ACTION, ADDKEY_ACTION, CHANGEKEY_ACTION, CONVERTKEY_ACTION, REENCRYPT_ACTION }
 #define OPT_IV_LARGE_SECTORS_ACTIONS		{ OPEN_ACTION }
 #define OPT_KEEP_KEY_ACTIONS			{ REENCRYPT_ACTION }
-#define OPT_KEY_DESCRIPTION_ACTIONS		{ TOKEN_ACTION }
+#define OPT_KEY_DESCRIPTION_ACTIONS		{ TOKEN_ACTION, LUKSDUMP_ACTION }
 #define OPT_KEY_SIZE_ACTIONS			{ OPEN_ACTION, BENCHMARK_ACTION, FORMAT_ACTION, REENCRYPT_ACTION, ADDKEY_ACTION }
 #define OPT_KEY_SLOT_ACTIONS			{ OPEN_ACTION, REENCRYPT_ACTION, CONFIG_ACTION, FORMAT_ACTION, ADDKEY_ACTION, CHANGEKEY_ACTION, CONVERTKEY_ACTION, LUKSDUMP_ACTION, TOKEN_ACTION, RESUME_ACTION }
 #define OPT_KEYSLOT_CIPHER_ACTIONS		{ FORMAT_ACTION, REENCRYPT_ACTION, ADDKEY_ACTION, CHANGEKEY_ACTION, CONVERTKEY_ACTION }