- support more options for encryption

barrel/Utils/Table.h

@@ -44,7 +44,7 @@ namespace barrel
     enum class Id
     {
 	NONE, NAME, SIZE, USAGE, POOL, USED, NUMBER, STRIPES, LABEL, MOUNT_POINT, PROFILES,
-	DESCRIPTION, TRANSPORT
+	DESCRIPTION, TRANSPORT, KEY_FILE, KEY_SIZE
     };
 
 

barrel/create-encryption.cc

@@ -52,6 +52,9 @@ namespace barrel
 	    { "pool-name", required_argument, 0, _("pool name"), "name" },
 	    { "size", required_argument, 's', _("set size"), "size" },
 	    { "key-file", required_argument, 0, _("set a key file"), "key-file" },
+	    { "key-size", required_argument, 0, _("set key size"), "key-size" },
+	    { "cipher", required_argument, 0, _("set cipher"), "cipher" },
+	    { "pbkdf", required_argument, 0, _("set PBKDF"), "pbkdf" },
 	    { "no-crypttab", no_argument, 0, _("do not add in /etc/crypttab") },
 	    { "force", no_argument, 0, _("force if block devices are in use") }
 	}, TakeBlkDevices::MAYBE);
@@ -88,6 +91,9 @@ namespace barrel
 	    optional<string> pool_name;
 	    optional<SmartSize> size;
 	    optional<string> key_file;
+	    optional<size_t> key_size;
+	    optional<string> cipher;
+	    optional<string> pbkdf;
 	    bool crypttab = true;
 	    bool force = false;
 
@@ -157,6 +163,18 @@ namespace barrel
 	    if (parsed_opts.has_option("key-file"))
 		key_file = parsed_opts.get("key-file");
 
+	    if (parsed_opts.has_option("key-size"))
+	    {
+		string str = parsed_opts.get("key-size");
+		key_size = std::stol(str.c_str()) / 8;
+	    }
+
+	    if (parsed_opts.has_option("cipher"))
+		cipher = parsed_opts.get("cipher");
+
+	    if (parsed_opts.has_option("pbkdf"))
+		pbkdf = parsed_opts.get("pbkdf");
+
 	    crypttab = !parsed_opts.has_option("no-crypttab");
 
 	    force = parsed_opts.has_option("force");
@@ -337,6 +355,9 @@ namespace barrel
 	else
 	    encryption->set_key_file(options.key_file.value());
 
+	if (options.key_size)
+	    encryption->set_key_size(options.key_size.value());
+
 	encryption->set_in_etc_crypttab(options.crypttab);
 
 	if (is_luks(encryption))
@@ -353,6 +374,12 @@ namespace barrel
 		luks->set_crypt_options(options.activate_options.value());
 	}
 
+	if (options.cipher)
+	    encryption->set_cipher(options.cipher.value());
+
+	if (options.pbkdf)
+	    encryption->set_pbkdf(options.pbkdf.value());
+
 	state.stack.push(encryption);
 	state.modified = true;
     }

barrel/show-encryptions.cc

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2021 SUSE LLC
+ * Copyright (c) [2021-2024] SUSE LLC
  *
  * All Rights Reserved.
  *
@@ -98,16 +98,23 @@ namespace barrel
 	sort(encryptions.begin(), encryptions.end(), Encryption::compare_by_dm_table_name);
 
 	Table table({ Cell(_("Name"), Id::NAME), Cell(_("Size"), Id::SIZE, Align::RIGHT), _("Type"),
+		Cell(_("Key File"), Id::KEY_FILE), _("Cipher"),
+		Cell(_("Key Size"), Id::KEY_SIZE, Align::RIGHT), _("PBKDF"),
 		_("Label"), Cell(_("Usage"), Id::USAGE) });
 	table.set_style(global_options.table_style);
+	table.set_visibility(Id::KEY_FILE, Visibility::AUTO);
 
 	for (const Encryption* encryption : encryptions)
 	{
 	    Table::Row row(table, { encryption->get_dm_table_name(), format_size(encryption->get_size()),
 		    get_encryption_type_name(encryption->get_type()),
+		    encryption->get_key_file(), encryption->get_cipher(), "", encryption->get_pbkdf(),
 		    is_luks(encryption) ? to_luks(encryption)->get_label() : "",
 		    device_usage(encryption) });
 
+	    if (encryption->get_key_size() > 0)
+		row[Id::KEY_SIZE] = sformat(_("%d bits"), encryption->get_key_size() * 8);
+
 	    table.add(row);
 	}
 

doc/barrel.xml.in

@@ -2,13 +2,13 @@
 <refentry id='barrel8' xmlns:xlink="http://www.w3.org/1999/xlink">
 
   <refentryinfo>
-    <date>2024-07-11</date>
+    <date>2024-07-16</date>
   </refentryinfo>
 
   <refmeta>
     <refentrytitle>barrel</refentrytitle>
     <manvolnum>8</manvolnum>
-    <refmiscinfo class='date'>2024-07-11</refmiscinfo>
+    <refmiscinfo class='date'>2024-07-16</refmiscinfo>
     <refmiscinfo class='version'>@VERSION@</refmiscinfo>
     <refmiscinfo class='manual'>Storage Management</refmiscinfo>
   </refmeta>
@@ -292,6 +292,26 @@
 		in /etc/crypttab. Also the key file must already exist.</para>
 	      </listitem>
 	    </varlistentry>
+	    <varlistentry>
+	      <term><option>--key-size</option></term>
+	      <listitem>
+		<para>Set the key size in in bits. Must be at least a multiple
+		of 8. See cryptsetup for more details.</para>
+	      </listitem>
+	    </varlistentry>
+	    <varlistentry>
+	      <term><option>--cipher</option></term>
+	      <listitem>
+		<para>Set the cipher.  See cryptsetup for more details.</para>
+	      </listitem>
+	    </varlistentry>
+	    <varlistentry>
+	      <term><option>--pbkdf</option></term>
+	      <listitem>
+		<para>Set the PBKDF (Password-Based Key Derivation
+		Function). See cryptsetup for more details.</para>
+	      </listitem>
+	    </varlistentry>
 	    <varlistentry>
 	      <term><option>--no-crypttab</option></term>
 	      <listitem>

package/barrel.changes

@@ -1,7 +1,7 @@
 -------------------------------------------------------------------
-Thu Jul 11 15:40:12 CEST 2024 - [email protected]
+Tue Jul 16 13:07:26 CEST 2024 - [email protected]
 
-- allow to set more options for encryptions
+- support more options for encryption
 
 -------------------------------------------------------------------
 Thu May 02 07:31:27 CEST 2024 - [email protected]

testsuite/Makefile.am

@@ -15,7 +15,7 @@ check_PROGRAMS =						\
 	getopts.test table.test raid1.test xfs1.test 		\
 	complex1.test parse-line.test lvm1.test load1.test	\
 	pools1.test pools2.test show1.test show2.test		\
-	show3.test remove1.test remove2.test			\
+	show3.test show4.test remove1.test remove2.test		\
 	luks1.test gpt1.test misuse1.test misuse2.test		\
 	misuse3.test ext1.test btrfs1.test stack1.test		\
 	help1.test
@@ -27,5 +27,6 @@ TESTS = $(check_PROGRAMS)
 EXTRA_DIST = empty1.xml empty2.xml empty3.xml 			\
 	mapping1.json msdos1.xml load1.xml			\
 	real1.xml real2.xml real3.xml real4.xml real5.xml 	\
-	real6.xml dmraid1.xml dmraid2.xml mapping2.json
+	real6.xml real7.xml dmraid1.xml dmraid2.xml 		\
+	mapping2.json