Introduce dry run option for attaching the device.

This will allow us to verify if passphrase and key is valid without decrypting whole device. Reviewed by: cem@, allanjude@ Differential Revision: https://reviews.freebsd.org/D15000
svn path=/head/; revision=332361
2018-04-10 13:22:48 +00:00 · 2018-04-10 13:22:48 +00:00 · 8f1c45c20a · 2020-12-20 02:59:44 +00:00
commit 8f1c45c20a
parent 5819c3eb8a
3 changed files with 16 additions and 5 deletions
--- a/sbin/geom/class/eli/geli.8
+++ b/sbin/geom/class/eli/geli.8
@ -24,7 +24,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd September 17, 2017
+.Dd April 10, 2018
 .Dt GELI 8
 .Os
 .Sh NAME
@ -67,7 +67,7 @@ utility:
 .Cm init
 .Nm
 .Cm attach
-.Op Fl dprv
+.Op Fl dnprv
 .Op Fl j Ar passfile
 .Op Fl k Ar keyfile
 .Ar prov
@ -420,6 +420,9 @@ For more information see the description of the
 option for the
 .Cm init
 subcommand.
+.It Fl n
+Do a dry-run decryption.
+This is useful to verify passphrase and keyfile without decrypting the device.
 .It Fl p
 Do not use a passphrase as a component of the User Key.
 Cannot be combined with the
--- a/sbin/geom/class/eli/geom_eli.c
+++ b/sbin/geom/class/eli/geom_eli.c
@ -148,11 +148,12 @@ struct g_command class_commands[] = {
 		{ 'd', "detach", NULL, G_TYPE_BOOL },
 		{ 'j', "passfile", G_VAL_OPTIONAL, G_TYPE_STRING | G_TYPE_MULTI },
 		{ 'k', "keyfile", G_VAL_OPTIONAL, G_TYPE_STRING | G_TYPE_MULTI },
+		{ 'n', "dryrun", NULL, G_TYPE_BOOL },
 		{ 'p', "nopassphrase", NULL, G_TYPE_BOOL },
 		{ 'r', "readonly", NULL, G_TYPE_BOOL },
 		G_OPT_SENTINEL
 	    },
-	    "[-dprv] [-j passfile] [-k keyfile] prov"
+	    "[-dnprv] [-j passfile] [-k keyfile] prov"
 	},
 	{ "detach", 0, NULL,
 	    {
--- a/sys/geom/eli/g_eli_ctl.c
+++ b/sys/geom/eli/g_eli_ctl.c
@ -59,7 +59,7 @@ g_eli_ctl_attach(struct gctl_req *req, struct g_class *mp)
 	struct g_provider *pp;
 	const char *name;
 	u_char *key, mkey[G_ELI_DATAIVKEYLEN];
-	int *nargs, *detach, *readonly;
+	int *nargs, *detach, *readonly, *dryrun;
 	int keysize, error;
 	u_int nkey;

@ -87,6 +87,12 @@ g_eli_ctl_attach(struct gctl_req *req, struct g_class *mp)
 		return;
 	}

+	dryrun = gctl_get_paraml(req, "dryrun", sizeof(*dryrun));
+	if (dryrun == NULL) {
+		gctl_error(req, "No '%s' argument.", "dryrun");
+		return;
+	}
+
 	if (*detach && *readonly) {
 		gctl_error(req, "Options -d and -r are mutually exclusive.");
 		return;
@ -141,7 +147,8 @@ g_eli_ctl_attach(struct gctl_req *req, struct g_class *mp)
 		md.md_flags |= G_ELI_FLAG_WO_DETACH;
 	if (*readonly)
 		md.md_flags |= G_ELI_FLAG_RO;
-	g_eli_create(req, mp, pp, &md, mkey, nkey);
+	if (!*dryrun)
+		g_eli_create(req, mp, pp, &md, mkey, nkey);
 	explicit_bzero(mkey, sizeof(mkey));
 	explicit_bzero(&md, sizeof(md));
 }