diff options
| -rw-r--r-- | sbin/geom/class/eli/geli.8 | 7 | ||||
| -rw-r--r-- | sbin/geom/class/eli/geom_eli.c | 3 | ||||
| -rw-r--r-- | sys/geom/eli/g_eli_ctl.c | 11 |
3 files changed, 16 insertions, 5 deletions
diff --git a/sbin/geom/class/eli/geli.8 b/sbin/geom/class/eli/geli.8 index c3e36fd7263eb..e88cf78dd413b 100644 --- a/sbin/geom/class/eli/geli.8 +++ b/sbin/geom/class/eli/geli.8 @@ -24,7 +24,7 @@ .\" .\" $FreeBSD$ .\" -.Dd September 17, 2017 +.Dd April 10, 2018 .Dt GELI 8 .Os .Sh NAME @@ -67,7 +67,7 @@ utility: .Cm init .Nm .Cm attach -.Op Fl dprv +.Op Fl dnprv .Op Fl j Ar passfile .Op Fl k Ar keyfile .Ar prov @@ -420,6 +420,9 @@ For more information see the description of the option for the .Cm init subcommand. +.It Fl n +Do a dry-run decryption. +This is useful to verify passphrase and keyfile without decrypting the device. .It Fl p Do not use a passphrase as a component of the User Key. Cannot be combined with the diff --git a/sbin/geom/class/eli/geom_eli.c b/sbin/geom/class/eli/geom_eli.c index 84e721316eb6c..bb43a4910260e 100644 --- a/sbin/geom/class/eli/geom_eli.c +++ b/sbin/geom/class/eli/geom_eli.c @@ -148,11 +148,12 @@ struct g_command class_commands[] = { { 'd', "detach", NULL, G_TYPE_BOOL }, { 'j', "passfile", G_VAL_OPTIONAL, G_TYPE_STRING | G_TYPE_MULTI }, { 'k', "keyfile", G_VAL_OPTIONAL, G_TYPE_STRING | G_TYPE_MULTI }, + { 'n', "dryrun", NULL, G_TYPE_BOOL }, { 'p', "nopassphrase", NULL, G_TYPE_BOOL }, { 'r', "readonly", NULL, G_TYPE_BOOL }, G_OPT_SENTINEL }, - "[-dprv] [-j passfile] [-k keyfile] prov" + "[-dnprv] [-j passfile] [-k keyfile] prov" }, { "detach", 0, NULL, { diff --git a/sys/geom/eli/g_eli_ctl.c b/sys/geom/eli/g_eli_ctl.c index d2a35a0a10367..e4655a178bea0 100644 --- a/sys/geom/eli/g_eli_ctl.c +++ b/sys/geom/eli/g_eli_ctl.c @@ -59,7 +59,7 @@ g_eli_ctl_attach(struct gctl_req *req, struct g_class *mp) struct g_provider *pp; const char *name; u_char *key, mkey[G_ELI_DATAIVKEYLEN]; - int *nargs, *detach, *readonly; + int *nargs, *detach, *readonly, *dryrun; int keysize, error; u_int nkey; @@ -87,6 +87,12 @@ g_eli_ctl_attach(struct gctl_req *req, struct g_class *mp) return; } + dryrun = gctl_get_paraml(req, "dryrun", sizeof(*dryrun)); + if (dryrun == NULL) { + gctl_error(req, "No '%s' argument.", "dryrun"); + return; + } + if (*detach && *readonly) { gctl_error(req, "Options -d and -r are mutually exclusive."); return; @@ -141,7 +147,8 @@ g_eli_ctl_attach(struct gctl_req *req, struct g_class *mp) md.md_flags |= G_ELI_FLAG_WO_DETACH; if (*readonly) md.md_flags |= G_ELI_FLAG_RO; - g_eli_create(req, mp, pp, &md, mkey, nkey); + if (!*dryrun) + g_eli_create(req, mp, pp, &md, mkey, nkey); explicit_bzero(mkey, sizeof(mkey)); explicit_bzero(&md, sizeof(md)); } |