Commit d980dbb3 authored by Milan Broz's avatar Milan Broz

Allow restrict keys size in LuksOpen (thanks to Stefan Assmann)



git-svn-id: https://cryptsetup.googlecode.com/svn/[email protected] 36d66b0a-2a48-0410-832c-cd162a569da5
parent 02707608
2009-08-17 Milan Broz <[email protected]>
* Fix PBKDF2 speed calculation for large passhrases.
* Allow using passphrase provided in options struct for LuksOpen.
* Allow restrict keys size in LuksOpen.
2009-07-30 Milan Broz <[email protected]>
* Fix errors when compiled with LUKS_DEBUG.
......
......@@ -560,7 +560,7 @@ start:
password = safe_alloc(passwordLen + 1);
strncpy(password, options->passphrase, passwordLen + 1);
tries = 0;
} else if(get_key(prompt, &password, &passwordLen, 0, options->key_file, options->passphrase_fd, options->timeout, options->flags))
} else if(get_key(prompt, &password, &passwordLen, options->key_size, options->key_file, options->passphrase_fd, options->timeout, options->flags))
tries--;
else
tries = 0;
......
......@@ -110,7 +110,9 @@ If the key file is "-", stdin will be used. This is different from how cryptsetu
For LUKS operations that add key material, this options allows to you specify which key slot is selected for the new key. This option can be used for \fIluksFormat\fR and \fIluksAddKey\fR.
.TP
.B "\-\-key-size, \-s"
set key size in bits. Has to be a multiple of 8 bits. The key size is limited by the used cipher. See output of /proc/crypto for more information. Can be used for \fIcreate\fR or \fIluksFormat\fR, all other LUKS actions will ignore this flag, as the key-size is specified by the partition header. Default is 128 for \fIluksFormat\fR and 256 for \fIcreate\fR.
set key size in bits. Has to be a multiple of 8 bits. The key size is limited by the used cipher. See output of /proc/crypto for more information. Can be used for \fIcreate\fR or \fIluksFormat\fR, all other LUKS actions will use key-size specified by the LUKS header. Default is 128 for \fIluksFormat\fR and 256 for \fIcreate\fR.
For \fIluksOpen\fR this option specifies number of bits read from the key-file (default is exhaustive read from key-file).
.TP
.B "\-\-size, \-b"
force the size of the underlying device in sectors.
......
......@@ -291,6 +291,7 @@ static int action_luksOpen(int arg)
.name = action_argv[1],
.device = action_argv[0],
.key_file = opt_key_file,
.key_size = opt_key_file ? (opt_key_size / 8) : 0, /* limit bytes read from keyfile */
.timeout = opt_timeout,
.tries = opt_tries,
.icb = &cmd_icb,
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment