From: Tom Gundersen <teg@jklm.no>
Date: Fri, 29 Jun 2012 12:36:37 +0000 (+0200)
Subject: cryptsetup: add keyfile-offset= support
X-Git-Tag: v187~152
X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=commitdiff_plain;h=880a599e262b9193219e612d827b35bb0c292dae;ds=inline

cryptsetup: add keyfile-offset= support

This is useful if your keyfile is a block device, and you want to
use a specific part of it, such as an area between the MBR and the
first partition.

This feature is documented in the Arch wiki[0], and has been supported
by the Arch initscripts, so would be nice to get this into systemd.

This requires libcryptsetup >= 1.4.2 (released 12.4.2012).

Acked-by: Paul Menzel <paulepanter@users.sourceforge.net>

[0]:
<https://wiki.archlinux.org/index.php/System_Encryption_with_LUKS#
Storing_the_key_between_MBR_and_1st_partition>
---

diff --git a/configure.ac b/configure.ac
index bb60ecc16..c5fbec573 100644
--- a/configure.ac
+++ b/configure.ac
@@ -333,7 +333,7 @@ AC_SUBST(AUDIT_LIBS)
 have_libcryptsetup=no
 AC_ARG_ENABLE(libcryptsetup, AS_HELP_STRING([--disable-libcryptsetup], [disable libcryptsetup tools]))
 if test "x$enable_libcryptsetup" != "xno"; then
-        PKG_CHECK_MODULES(LIBCRYPTSETUP, [ libcryptsetup ],
+        PKG_CHECK_MODULES(LIBCRYPTSETUP, [ libcryptsetup >= 1.4.2 ],
                 [AC_DEFINE(HAVE_LIBCRYPTSETUP, 1, [Define if libcryptsetup is available]) have_libcryptsetup=yes], have_libcryptsetup=no)
         if test "x$have_libcryptsetup" = xno -a "x$enable_libcryptsetup" = xyes; then
                 AC_MSG_ERROR([*** libcryptsetup support requested but libraries not found])
diff --git a/man/crypttab.xml b/man/crypttab.xml
index f3bde71b4..2fa8e8940 100644
--- a/man/crypttab.xml
+++ b/man/crypttab.xml
@@ -130,6 +130,18 @@
                         </varlistentry>
 
 
+                        <varlistentry>
+                                <term><varname>keyfile-offset=</varname></term>
+
+                                <listitem><para>Specifies the number
+                                of bytes to skip at the start of
+                                the keyfile; see
+                                <citerefentry><refentrytitle>cryptsetup</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+                                for possible values and the default
+                                value of this option.</para></listitem>
+                        </varlistentry>
+
+
                         <varlistentry>
                                 <term><varname>hash=</varname></term>
 
diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c
index b26fcca83..f570724b9 100644
--- a/src/cryptsetup/cryptsetup.c
+++ b/src/cryptsetup/cryptsetup.c
@@ -37,6 +37,7 @@
 static const char *opt_type = NULL; /* LUKS1 or PLAIN */
 static char *opt_cipher = NULL;
 static unsigned opt_key_size = 0;
+static unsigned opt_keyfile_offset = 0;
 static char *opt_hash = NULL;
 static unsigned opt_tries = 0;
 static bool opt_readonly = false;
@@ -79,6 +80,13 @@ static int parse_one_option(const char *option) {
                         return 0;
                 }
 
+        } else if (startswith(option, "keyfile-offset=")) {
+
+                if (safe_atou(option+15, &opt_keyfile_offset) < 0) {
+                        log_error("keyfile-offset= parse failure, ignoring.");
+                        return 0;
+                }
+
         } else if (startswith(option, "hash=")) {
                 char *t;
 
@@ -462,7 +470,8 @@ int main(int argc, char *argv[]) {
                                  argv[3]);
 
                         if (key_file)
-                                k = crypt_activate_by_keyfile(cd, argv[2], CRYPT_ANY_SLOT, key_file, keyfile_size, flags);
+                                k = crypt_activate_by_keyfile_offset(cd, argv[2], CRYPT_ANY_SLOT, key_file, keyfile_size,
+                                            opt_keyfile_offset, flags);
                         else {
                                 char **p;