hello,
attached is a patch by david härdeman, which adds support to read binary
from stdin to cryptsetup.
david: i sent the patch to clemens as he currently prepares cryptsetup
1.0.4-rc1 and you're still on vacation.
i think that this patch should be integrated in 1.0.4.
...
jonas
--- cryptsetup-1.0.3/lib/setup.c
+++ cryptsetup-1.0.3/lib/setup.c
@@ -146,7 +146,9 @@
* from binary file | N | N | N | Inf or options->key_size
*
* Legend: p..prompt, v..can verify, n..newline-stop, h..read horizon
- *
+ *
+ * Note: --key-file=- is interpreted as a read from a binary file (stdin)
+ *
* Returns true when more keys are available (that is when password
* reading can be retried as for interactive terminals).
*/
@@ -160,14 +162,19 @@
int newline_stop;
int read_horizon;
- if(options->key_file) {
+ if(options->key_file && !strcmp(options->key_file, "-")) {
+ /* Allow binary reading from stdin */
+ fd = options->passphrase_fd;
+ newline_stop = 0;
+ read_horizon = 0;
+ } else if (options->key_file) {
fd = open(options->key_file, O_RDONLY);
if (fd < 0) {
char buf[128];
set_error("Error opening key file: %s",
- strerror_r(errno, buf, 128));
+ strerror_r(errno, buf, 128));
goto out_err;
- }
+ }
newline_stop = 0;
/* This can either be 0 (LUKS) or the actually number
@@ -217,7 +224,7 @@
* such as /dev/random, because in this case, the loop
* will read forever.
*/
- if(options->key_file && read_horizon == 0) {
+ if(options->key_file && strcmp(options->key_file, "-") && read_horizon == 0) {
struct stat st;
if(stat(options->key_file, &st) < 0) {
set_error("Can't stat key file");
@@ -271,7 +278,7 @@
char *key = safe_alloc(options->key_size);
/* key is coming from binary file */
- if (options->key_file) {
+ if (options->key_file && strcmp(options->key_file, "-")) {
if(passLen < options->key_size) {
set_error("Could not read %d bytes from key file",
options->key_size);
@@ -281,7 +288,7 @@
return key;
}
- /* key is coming from tty or fd */
+ /* key is coming from tty, fd or binary stdin */
if (options->hash) {
if (hash(NULL, options->hash, key,
options->key_size, pass) < 0)
--- cryptsetup-1.0.3/man/cryptsetup.8
+++ cryptsetup-1.0.3/man/cryptsetup.8
@@ -88,7 +88,7 @@
query for passwords twice. Useful, when creating a (regular) mapping for the first time, or when running \fIluksFormat\fR.
.TP
.B "\-\-key-file, \-d"
-use file as key material. With LUKS, key material supplied in key files via \-d are always used for existing passphrases. If you want to set a new key via a key file, you have to use a positional arg to \fIluksFormat\fR or \fIluksAddKey\fR.
+use file as key material. With LUKS, key material supplied in key files via \-d are always used for existing passphrases. If you want to set a new key via a key file, you have to use a positional arg to \fIluksFormat\fR or \fIluksAddKey\fR. If the key file is "-", stdin will be used.
.TP
.B "\-\-key-size, \-s"
set key size in bits. Usually, this is 128, 192 or 256. Can be used for \fIcreate\fR or \fIluksFormat\fR, all other LUKS actions will ignore this flag, as the key-size is specified by the partition header. Default is 0.
----- End forwarded message -----
---------------------------------------------------------------------
- http://www.saout.de/misc/dm-crypt/
To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx
For additional commands, e-mail: dm-crypt-help@xxxxxxxx
