return 0;
}
-static int keyslot_is_valid(struct crypt_device *cd, int keySlotIndex)
-{
- if(keySlotIndex >= LUKS_NUMKEYS || keySlotIndex < 0) {
- log_err(cd, _("Key slot %d is invalid, please select between 0 and %d.\n"),
- keySlotIndex, LUKS_NUMKEYS - 1);
- return 0;
- }
-
- return 1;
-}
-
-/* Select free keyslot or verifies that the one specified is empty */
-static int keyslot_from_option(struct crypt_device *cd, int keySlotOption, struct luks_phdr *hdr) {
- if(keySlotOption >= 0) {
- if(!keyslot_is_valid(cd, keySlotOption))
- return -EINVAL;
- else if(hdr->keyblock[keySlotOption].active != LUKS_KEY_DISABLED) {
- log_err(cd, _("Key slot %d is full, please select another one.\n"),
- keySlotOption);
- return -EINVAL;
- } else {
- return keySlotOption;
- }
- } else {
- int i;
- /* Find empty key slot */
- for(i=0; i<LUKS_NUMKEYS; i++) {
- if(hdr->keyblock[i].active == LUKS_KEY_DISABLED) break;
- }
- if(i==LUKS_NUMKEYS) {
- log_err(cd, _("All key slots full.\n"));
- return -EINVAL;
- }
- return i;
- }
-}
-
static int verify_other_keyslot(struct crypt_device *cd,
const char *key_file,
unsigned int flags,
return 0;
}
-static int create_device_helper_old(int reload, struct crypt_options *options)
-{
- struct crypt_device *cd = NULL;
- char *key = NULL;
- unsigned int keyLen;
- char *processed_key = NULL;
- int read_only;
- int r;
-
- r = dm_status_device(options->name);
- if (reload) {
- if (r < 0)
- return r;
- } else {
- if (r >= 0) {
- log_err(cd, _("Device %s already exists.\n"), options->name);
- return -EEXIST;
- }
- if (r != -ENODEV)
- return r;
- }
-
- if (options->key_size < 0 || options->key_size > 1024) {
- log_err(cd, _("Invalid key size %d.\n"), options->key_size);
- return -EINVAL;
- }
-
- read_only = (options->flags & CRYPT_FLAG_READONLY);
- r = device_check_and_adjust(cd, options->device, &options->size, &options->offset, &read_only);
- if (r)
- return r;
-
- get_key("Enter passphrase: ", &key, &keyLen, options->key_size,
- options->key_file, options->timeout, options->flags, NULL);
- if (!key) {
- log_err(cd, "Key reading error");
- return -ENOENT;
- }
-
- processed_key = process_key(cd, options->hash, options->key_file, options->key_size, key, keyLen);
- safe_free(key);
-
- if (!processed_key)
- return -ENOENT;
-
- r = dm_create_device(options->name, options->device, options->cipher,
- NULL, options->size, options->skip, options->offset,
- options->key_size, processed_key,
- read_only, reload);
-
- safe_free(processed_key);
-
- return r;
-}
-
-static int luks_remove_helper_old(struct crypt_device *cd,
- struct crypt_options *options, int supply_it)
-{
- struct luks_masterkey *mk;
- struct luks_phdr hdr;
- char *password=NULL;
- unsigned int passwordLen;
- const char *device = options->device;
- int keyIndex;
- int openedIndex;
- int r, last_slot;
-
- r = LUKS_read_phdr(options->device, &hdr, 1, cd);
- if(r < 0)
- return r;
-
- if(supply_it) {
- get_key("Enter LUKS passphrase to be deleted: ",&password,&passwordLen, 0, options->new_key_file,
- options->timeout, options->flags, cd);
- if(!password) {
- r = -EINVAL; goto out;
- }
-
- keyIndex = LUKS_open_key_with_hdr(device, CRYPT_ANY_SLOT, password, passwordLen, &hdr, &mk, cd);
- if(keyIndex < 0) {
- log_err(cd, "No remaining key available with this passphrase.\n");
- r = -EPERM; goto out;
- } else
- log_std(cd ,"key slot %d selected for deletion.\n", keyIndex);
-
- safe_free(password);
- password = NULL;
- } else {
- keyIndex = options->key_slot;
- if (!keyslot_is_valid(cd, keyIndex)) {
- r = -EINVAL; goto out;
- }
- }
-
- if (LUKS_keyslot_info(&hdr, keyIndex) == SLOT_INACTIVE) {
- log_err(cd, _("Key %d not active. Can't wipe.\n"), keyIndex);
- r = -EINVAL;
- goto out;
- }
-
- last_slot = (LUKS_keyslot_info(&hdr, keyIndex) == SLOT_ACTIVE_LAST);
- if(last_slot && !(options->icb->yesDialog(_("This is the last keyslot. Device will become unusable after purging this key.")))) {
- r = -EINVAL; goto out;
- }
-
- if(options->flags & CRYPT_FLAG_VERIFY_ON_DELKEY) {
- options->flags &= ~CRYPT_FLAG_VERIFY_ON_DELKEY;
- get_key("Enter any remaining LUKS passphrase: ",&password,&passwordLen, 0, options->key_file,
- options->timeout, options->flags, cd);
- if(!password) {
- r = -EINVAL; goto out;
- }
-
- r = LUKS_read_phdr(device, &hdr, 1, cd);
- if(r < 0) {
- options->icb->log(CRYPT_LOG_ERROR,"Failed to access device.\n");
- r = -EIO; goto out;
- }
-
- if(!last_slot)
- hdr.keyblock[keyIndex].active = LUKS_KEY_DISABLED;
-
- openedIndex = LUKS_open_key_with_hdr(device, CRYPT_ANY_SLOT, password, passwordLen, &hdr, &mk, cd);
- /* Clean up */
- if (openedIndex >= 0) {
- LUKS_dealloc_masterkey(mk);
- mk = NULL;
- }
- if(openedIndex < 0) {
- log_err(cd, "No remaining key available with this passphrase.\n");
- r = -EPERM; goto out;
- } else
- log_std(cd, "key slot %d verified.\n", openedIndex);
- }
- r = LUKS_del_key(device, keyIndex, cd);
- if(r < 0) goto out;
-
- r = 0;
-out:
- safe_free(password);
- return r;
-}
-
static int luks_remove_helper(struct crypt_device *cd,
int key_slot,
const char *other_key_file,
projects / platform / upstream / cryptsetup.git / commitdiff