cryptsetup: add keyfile-size= support
This is useful e.g. if the keyfile is a raw device, where only parts of it should be read. It is typically used whenever the keyfile-offset= option is specified. Tested-by: Erik Westrup <erik.westrup@gmail.com>
This commit is contained in:
Tom Gundersen
Lennart Poettering
parent
f9a3b83bf4
commit
4271d8235f
|
|
@ -130,6 +130,18 @@
|
|||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>keyfile-size=</varname></term>
|
||||
|
||||
<listitem><para>Specifies the maximum number
|
||||
of bytes to read from the keyfile; see
|
||||
<citerefentry><refentrytitle>cryptsetup</refentrytitle><manvolnum>8</manvolnum></citerefentry>
|
||||
for possible values and the default
|
||||
value of this option. This option is ignored
|
||||
in plain encryption mode, as the keyfile-size is then given by the key size.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>keyfile-offset=</varname></term>
|
||||
|
||||
|
|
|
|||
|
|
@ -37,6 +37,7 @@
|
|||
static const char *opt_type = NULL; /* LUKS1 or PLAIN */
|
||||
static char *opt_cipher = NULL;
|
||||
static unsigned opt_key_size = 0;
|
||||
static unsigned opt_keyfile_size = 0;
|
||||
static unsigned opt_keyfile_offset = 0;
|
||||
static char *opt_hash = NULL;
|
||||
static unsigned opt_tries = 0;
|
||||
|
|
@ -80,6 +81,13 @@ static int parse_one_option(const char *option) {
|
|||
return 0;
|
||||
}
|
||||
|
||||
} else if (startswith(option, "keyfile-size=")) {
|
||||
|
||||
if (safe_atou(option+13, &opt_keyfile_size) < 0) {
|
||||
log_error("keyfile-size= parse failure, ignoring.");
|
||||
return 0;
|
||||
}
|
||||
|
||||
} else if (startswith(option, "keyfile-offset=")) {
|
||||
|
||||
if (safe_atou(option+15, &opt_keyfile_offset) < 0) {
|
||||
|
|
@ -238,7 +246,6 @@ int main(int argc, char *argv[]) {
|
|||
char **passwords = NULL, *truncated_cipher = NULL;
|
||||
const char *cipher = NULL, *cipher_mode = NULL, *hash = NULL, *name = NULL;
|
||||
char *description = NULL, *name_buffer = NULL, *mount_point = NULL;
|
||||
unsigned keyfile_size = 0;
|
||||
|
||||
if (argc <= 1) {
|
||||
help();
|
||||
|
|
@ -437,6 +444,11 @@ int main(int argc, char *argv[]) {
|
|||
zero(params);
|
||||
params.hash = hash;
|
||||
|
||||
/* for CRYPT_PLAIN limit reads
|
||||
* from keyfile to key length, and
|
||||
* ignore keyfile-size */
|
||||
opt_keyfile_size = opt_key_size / 8;
|
||||
|
||||
/* In contrast to what the name
|
||||
* crypt_setup() might suggest this
|
||||
* doesn't actually format anything,
|
||||
|
|
@ -448,14 +460,10 @@ int main(int argc, char *argv[]) {
|
|||
cipher_mode,
|
||||
NULL,
|
||||
NULL,
|
||||
opt_key_size / 8,
|
||||
opt_keyfile_size,
|
||||
¶ms);
|
||||
|
||||
pass_volume_key = streq(hash, "plain");
|
||||
|
||||
/* for CRYPT_PLAIN limit reads
|
||||
* from keyfile to key length */
|
||||
keyfile_size = opt_key_size / 8;
|
||||
}
|
||||
|
||||
if (k < 0) {
|
||||
|
|
@ -470,7 +478,7 @@ int main(int argc, char *argv[]) {
|
|||
argv[3]);
|
||||
|
||||
if (key_file)
|
||||
k = crypt_activate_by_keyfile_offset(cd, argv[2], CRYPT_ANY_SLOT, key_file, keyfile_size,
|
||||
k = crypt_activate_by_keyfile_offset(cd, argv[2], CRYPT_ANY_SLOT, key_file, opt_keyfile_size,
|
||||
opt_keyfile_offset, flags);
|
||||
else {
|
||||
char **p;
|
||||
|
|
|
|||
Loading…
Reference in New Issue