Commit 12974a1d authored by Clemens Fruhwirth's avatar Clemens Fruhwirth

* Fix wrong output for remaining key at key deletion.

* Allow deletion of key slot while other keys have the same key
  information (that implied rewritting verification logic).



git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@41 36d66b0a-2a48-0410-832c-cd162a569da5
parent 3c37d7a1
......@@ -595,10 +595,9 @@ static int __crypt_luks_add_key(int arg, struct setup_backend *backend, struct c
struct luks_masterkey *mk=NULL;
struct luks_phdr hdr;
char *password=NULL; unsigned int passwordLen;
unsigned int i; unsigned int keyIndex;
unsigned int keyIndex;
const char *device = options->device;
int r;
int key_slot = options->key_slot;
if (!LUKS_device_ready(options->device, O_RDWR)) {
set_error("Can not access device");
......@@ -694,22 +693,32 @@ static int luks_remove_helper(int arg, struct setup_backend *backend, struct cry
}
if(options->flags & CRYPT_FLAG_VERIFY_ON_DELKEY) {
int r;
options->flags &= ~CRYPT_FLAG_VERIFY_ON_DELKEY;
get_key("Enter any remaining LUKS passphrase: ",&password,&passwordLen, 0, options->key_file, options->passphrase_fd, options->timeout, options->flags);
if(!password) {
r = -EINVAL; goto out;
}
openedIndex = LUKS_open_any_key(device, password, passwordLen, &hdr, &mk, backend);
r = LUKS_read_phdr(device, &hdr);
if(r < 0) {
options->icb->log(CRYPT_LOG_ERROR,"Failed to access device.\n");
r = -EIO; goto out;
}
hdr.keyblock[keyIndex].active = LUKS_KEY_DISABLED;
openedIndex = LUKS_open_any_key_with_hdr(device, password, passwordLen, &hdr, &mk, backend);
/* Clean up */
if (openedIndex >= 0) {
LUKS_dealloc_masterkey(mk);
mk = NULL;
}
if(openedIndex < 0 || keyIndex == openedIndex) {
if(openedIndex < 0) {
options->icb->log(CRYPT_LOG_ERROR,"No remaining key available with this passphrase.\n");
r = -EPERM; goto out;
} else
logger(options, CRYPT_LOG_NORMAL,"key slot %d verified.\n", keyIndex);
logger(options, CRYPT_LOG_NORMAL,"key slot %d verified.\n", openedIndex);
}
r = LUKS_del_key(device, keyIndex);
if(r < 0) goto out;
......
......@@ -331,6 +331,8 @@ out:
return r;
}
/* Tries to open any key from a given LUKS device reading the header on its own */
int LUKS_open_any_key(const char *device,
const char *password,
size_t passwordLen,
......@@ -338,12 +340,24 @@ int LUKS_open_any_key(const char *device,
struct luks_masterkey **mk,
struct setup_backend *backend)
{
unsigned int i;
int r;
r = LUKS_read_phdr(device, hdr);
if(r < 0)
return r;
return LUKS_open_any_key_with_hdr(device,password,passwordLen,hdr,mk,backend);
}
int LUKS_open_any_key_with_hdr(const char *device,
const char *password,
size_t passwordLen,
struct luks_phdr *hdr,
struct luks_masterkey **mk,
struct setup_backend *backend)
{
unsigned int i;
int r;
*mk=LUKS_alloc_masterkey(hdr->keyBytes);
for(i=0; i<LUKS_NUMKEYS; i++) {
......
......@@ -117,6 +117,14 @@ int LUKS_open_any_key(const char *device,
struct luks_masterkey **mk,
struct setup_backend *backend);
int LUKS_open_any_key_with_hdr(const char *device,
const char *password,
size_t passwordLen,
struct luks_phdr *hdr,
struct luks_masterkey **mk,
struct setup_backend *backend);
int LUKS_del_key(const char *device, unsigned int keyIndex);
int LUKS_is_last_keyslot(const char *device, unsigned int keyIndex);
int LUKS_benchmarkt_iterations();
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment