summaryrefslogtreecommitdiff
path: root/src/cryptsetup/cryptsetup.c
diff options
context:
space:
mode:
authorChristian Seiler <christian@iwakd.de>2014-01-26 12:02:49 +0100
committerTom Gundersen <teg@jklm.no>2014-01-26 13:24:01 +0100
commitb4a11878f2fdf5b07f895863747153de632ff4e6 (patch)
treefdf2de6965cc0e56a60777f7cba98a545a158316 /src/cryptsetup/cryptsetup.c
parent0a75bc612dc8b220fc86479a89e0fe35dfcc48bc (diff)
cryptsetup: Support key-slot option
Debian recently introduced the option key-slot to /etc/crypttab to specify the LUKS key slot to be used for decrypting the device. On systems where a keyfile is used and the key is not in the first slot, this can speed up the boot process quite a bit, since cryptsetup does not need to try all of the slots sequentially. (Unsuccessfully testing a key slot typically takes up to about 1 second.) This patch makes systemd aware of this option. Debian bug that introduced the feature: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704470
Diffstat (limited to 'src/cryptsetup/cryptsetup.c')
-rw-r--r--src/cryptsetup/cryptsetup.c13
1 files changed, 11 insertions, 2 deletions
diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c
index 0a15b503b0..033c0cdb77 100644
--- a/src/cryptsetup/cryptsetup.c
+++ b/src/cryptsetup/cryptsetup.c
@@ -39,6 +39,7 @@
static const char *opt_type = NULL; /* CRYPT_LUKS1, CRYPT_TCRYPT or CRYPT_PLAIN */
static char *opt_cipher = NULL;
static unsigned opt_key_size = 0;
+static int opt_key_slot = CRYPT_ANY_SLOT;
static unsigned opt_keyfile_size = 0;
static unsigned opt_keyfile_offset = 0;
static char *opt_hash = NULL;
@@ -87,6 +88,14 @@ static int parse_one_option(const char *option) {
return 0;
}
+ } else if (startswith(option, "key-slot=")) {
+
+ opt_type = CRYPT_LUKS1;
+ if (safe_atoi(option+9, &opt_key_slot) < 0) {
+ log_error("key-slot= parse failure, ignoring.");
+ return 0;
+ }
+
} else if (startswith(option, "tcrypt-keyfile=")) {
opt_type = CRYPT_TCRYPT;
@@ -425,7 +434,7 @@ static int attach_luks_or_plain(struct crypt_device *cd,
crypt_get_device_name(cd));
if (key_file) {
- r = crypt_activate_by_keyfile_offset(cd, name, CRYPT_ANY_SLOT,
+ r = crypt_activate_by_keyfile_offset(cd, name, opt_key_slot,
key_file, opt_keyfile_size,
opt_keyfile_offset, flags);
if (r < 0) {
@@ -439,7 +448,7 @@ static int attach_luks_or_plain(struct crypt_device *cd,
if (pass_volume_key)
r = crypt_activate_by_volume_key(cd, name, *p, opt_key_size, flags);
else
- r = crypt_activate_by_passphrase(cd, name, CRYPT_ANY_SLOT, *p, strlen(*p), flags);
+ r = crypt_activate_by_passphrase(cd, name, opt_key_slot, *p, strlen(*p), flags);
if (r >= 0)
break;