Skip to content

Commit

Permalink
added --allow-discards flag
Browse files Browse the repository at this point in the history
  • Loading branch information
shimunn committed Dec 28, 2021
1 parent 4e7ef4b commit f6c2bc4
Show file tree
Hide file tree
Showing 4 changed files with 20 additions and 11 deletions.
4 changes: 3 additions & 1 deletion Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

5 changes: 4 additions & 1 deletion src/cli.rs
Original file line number Diff line number Diff line change
Expand Up @@ -433,6 +433,8 @@ pub fn run_cli() -> Fido2LuksResult<()> {
credentials,
retries,
dry_run,
allow_discards,
..
} => {
let inputs = |q: &str, verify: bool| -> Fido2LuksResult<(Option<String>, [u8; 32])> {
get_input(&secret, &authenticator, args.interactive, q, verify)
Expand Down Expand Up @@ -469,7 +471,7 @@ pub fn run_cli() -> Fido2LuksResult<()> {
});
secret(Cow::Borrowed(&credentials.0)).and_then(|(secret, cred)| {
log(&|| format!("credential used: {}", hex::encode(&cred.id)));
luks_dev.activate(&name, &secret, luks.slot, *dry_run)
luks_dev.activate(&name, &secret, luks.slot, *dry_run, *allow_discards)
})
} else if luks2 && !luks.disable_token {
luks_dev.activate_token(
Expand All @@ -487,6 +489,7 @@ pub fn run_cli() -> Fido2LuksResult<()> {
}),
luks.slot,
*dry_run,
*allow_discards,
)
} else if luks_dev.is_luks2()? && luks.disable_token {
// disable-token is mostly cosmetic in this instance
Expand Down
3 changes: 3 additions & 0 deletions src/cli_args/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -244,6 +244,9 @@ pub enum Command {
/// Perform the whole procedure without mounting the LUKS volume on success
#[structopt(long = "dry-run")]
dry_run: bool,
/// Pass SSD trim instructions to the underlying block device
#[structopt(long = "allow-discards")]
allow_discards: bool,
},
/// Generate a new FIDO credential
#[structopt(name = "credential")]
Expand Down
19 changes: 10 additions & 9 deletions src/luks.rs
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
use crate::error::*;

use libcryptsetup_rs::{
CryptActivateFlags, CryptDevice, CryptInit, CryptTokenInfo, EncryptionFormat, KeyslotInfo,
TokenInput,
CryptActivateFlag, CryptActivateFlags, CryptDevice, CryptInit, CryptTokenInfo,
EncryptionFormat, KeyslotInfo, TokenInput,
};
use std::collections::{HashMap, HashSet};
use std::path::Path;
Expand Down Expand Up @@ -238,15 +238,15 @@ impl LuksDevice {
secret: &[u8],
slot_hint: Option<u32>,
dry_run: bool,
allow_discard: bool,
) -> Fido2LuksResult<u32> {
let mut flags = CryptActivateFlags::empty();
if allow_discard {
flags = CryptActivateFlags::new(vec![CryptActivateFlag::AllowDiscards]);
}
self.device
.activate_handle()
.activate_by_passphrase(
Some(name).filter(|_| !dry_run),
slot_hint,
secret,
CryptActivateFlags::empty(),
)
.activate_by_passphrase(Some(name).filter(|_| !dry_run), slot_hint, secret, flags)
.map_err(LuksError::activate)
}

Expand All @@ -256,6 +256,7 @@ impl LuksDevice {
secret: impl Fn(Vec<String>) -> Fido2LuksResult<([u8; 32], String)>,
slot_hint: Option<u32>,
dry_run: bool,
allow_discard: bool,
) -> Fido2LuksResult<u32> {
if !self.is_luks2()? {
return Err(LuksError::Luks2Required.into());
Expand Down Expand Up @@ -299,7 +300,7 @@ impl LuksDevice {
.chain(std::iter::once(None).take(slots.is_empty() as usize)), // Try all slots as last resort
);
for slot in slots {
match self.activate(name, &secret, slot, dry_run) {
match self.activate(name, &secret, slot, dry_run, allow_discard) {
Err(Fido2LuksError::WrongSecret) => (),
res => return res,
}
Expand Down

0 comments on commit f6c2bc4

Please sign in to comment.