struct luks_masterkey *mk=NULL;
struct luks_phdr hdr;
char *password=NULL; unsigned int passwordLen;
- unsigned int i; unsigned int keyIndex;
+ unsigned int keyIndex;
const char *device = options->device;
int r;
- int key_slot = options->key_slot;
if (!LUKS_device_ready(options->device, O_RDWR)) {
set_error("Can not access device");
}
if(options->flags & CRYPT_FLAG_VERIFY_ON_DELKEY) {
+ int r;
+
options->flags &= ~CRYPT_FLAG_VERIFY_ON_DELKEY;
get_key("Enter any remaining LUKS passphrase: ",&password,&passwordLen, 0, options->key_file, options->passphrase_fd, options->timeout, options->flags);
if(!password) {
r = -EINVAL; goto out;
}
- openedIndex = LUKS_open_any_key(device, password, passwordLen, &hdr, &mk, backend);
+
+ r = LUKS_read_phdr(device, &hdr);
+ if(r < 0) {
+ options->icb->log(CRYPT_LOG_ERROR,"Failed to access device.\n");
+ r = -EIO; goto out;
+ }
+ hdr.keyblock[keyIndex].active = LUKS_KEY_DISABLED;
+
+ openedIndex = LUKS_open_any_key_with_hdr(device, password, passwordLen, &hdr, &mk, backend);
/* Clean up */
if (openedIndex >= 0) {
LUKS_dealloc_masterkey(mk);
mk = NULL;
}
- if(openedIndex < 0 || keyIndex == openedIndex) {
+ if(openedIndex < 0) {
options->icb->log(CRYPT_LOG_ERROR,"No remaining key available with this passphrase.\n");
r = -EPERM; goto out;
} else
- logger(options, CRYPT_LOG_NORMAL,"key slot %d verified.\n", keyIndex);
+ logger(options, CRYPT_LOG_NORMAL,"key slot %d verified.\n", openedIndex);
}
r = LUKS_del_key(device, keyIndex);
if(r < 0) goto out;
return r;
}
+
+/* Tries to open any key from a given LUKS device reading the header on its own */
int LUKS_open_any_key(const char *device,
const char *password,
size_t passwordLen,
struct luks_masterkey **mk,
struct setup_backend *backend)
{
- unsigned int i;
int r;
r = LUKS_read_phdr(device, hdr);
if(r < 0)
return r;
+ return LUKS_open_any_key_with_hdr(device,password,passwordLen,hdr,mk,backend);
+}
+
+
+int LUKS_open_any_key_with_hdr(const char *device,
+ const char *password,
+ size_t passwordLen,
+ struct luks_phdr *hdr,
+ struct luks_masterkey **mk,
+ struct setup_backend *backend)
+{
+ unsigned int i;
+ int r;
*mk=LUKS_alloc_masterkey(hdr->keyBytes);
for(i=0; i<LUKS_NUMKEYS; i++) {
struct luks_masterkey **mk,
struct setup_backend *backend);
+int LUKS_open_any_key_with_hdr(const char *device,
+ const char *password,
+ size_t passwordLen,
+ struct luks_phdr *hdr,
+ struct luks_masterkey **mk,
+ struct setup_backend *backend);
+
+
int LUKS_del_key(const char *device, unsigned int keyIndex);
int LUKS_is_last_keyslot(const char *device, unsigned int keyIndex);
int LUKS_benchmarkt_iterations();