* Fix wrong output for remaining key at key deletion.

* Allow deletion of key slot while other keys have the same key
  information (that implied rewritting verification logic).



git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@41 36d66b0a-2a48-0410-832c-cd162a569da5

lib/setup.c

@@ -595,10 +595,9 @@ static int __crypt_luks_add_key(int arg, struct setup_backend *backend, struct c
 	struct luks_masterkey *mk=NULL;
 	struct luks_phdr hdr;
 	char *password=NULL; unsigned int passwordLen;
-	unsigned int i; unsigned int keyIndex;
+        unsigned int keyIndex;
 	const char *device = options->device;
 	int r;
-	int key_slot = options->key_slot;
 	
 	if (!LUKS_device_ready(options->device, O_RDWR)) {
 		set_error("Can not access device");
@@ -694,22 +693,32 @@ static int luks_remove_helper(int arg, struct setup_backend *backend, struct cry
 	} 
 
 	if(options->flags & CRYPT_FLAG_VERIFY_ON_DELKEY) {
+                int r;
+
 		options->flags &= ~CRYPT_FLAG_VERIFY_ON_DELKEY;
 		get_key("Enter any remaining LUKS passphrase: ",&password,&passwordLen, 0, options->key_file, options->passphrase_fd, options->timeout, options->flags);
 		if(!password) {
 			r = -EINVAL; goto out;
 		}
-		openedIndex = LUKS_open_any_key(device, password, passwordLen, &hdr, &mk, backend);
+
+                r = LUKS_read_phdr(device, &hdr);
+                if(r < 0) { 
+                        options->icb->log(CRYPT_LOG_ERROR,"Failed to access device.\n");
+                        r = -EIO; goto out;
+                }
+                hdr.keyblock[keyIndex].active = LUKS_KEY_DISABLED;
+
+		openedIndex = LUKS_open_any_key_with_hdr(device, password, passwordLen, &hdr, &mk, backend);
                 /* Clean up */
                 if (openedIndex >= 0) {
                         LUKS_dealloc_masterkey(mk);
                         mk = NULL;
                 }
-		if(openedIndex < 0 || keyIndex == openedIndex) {
+		if(openedIndex < 0) {
                             options->icb->log(CRYPT_LOG_ERROR,"No remaining key available with this passphrase.\n");
 			    r = -EPERM; goto out;
 		} else
-                        logger(options, CRYPT_LOG_NORMAL,"key slot %d verified.\n", keyIndex);
+                        logger(options, CRYPT_LOG_NORMAL,"key slot %d verified.\n", openedIndex);
 	}
 	r = LUKS_del_key(device, keyIndex);
 	if(r < 0) goto out;

luks/keymanage.c

@@ -331,20 +331,34 @@ out:
 	return r;
 }
 
+
+/* Tries to open any key from a given LUKS device reading the header on its own */
 int LUKS_open_any_key(const char *device, 
 		      const char *password, 
 		      size_t passwordLen,
 		      struct luks_phdr *hdr, 
 		      struct luks_masterkey **mk,
 		      struct setup_backend *backend)
+{
+	int r;
+
+	r = LUKS_read_phdr(device, hdr);
+	if(r < 0) 
+      		return r;
+        return LUKS_open_any_key_with_hdr(device,password,passwordLen,hdr,mk,backend);
+}
+
+
+int LUKS_open_any_key_with_hdr(const char *device, 
+		      const char *password, 
+		      size_t passwordLen,
+		      struct luks_phdr *hdr, 
+		      struct luks_masterkey **mk,
+		      struct setup_backend *backend)
 {
 	unsigned int i;
 	int r;
 
-	r = LUKS_read_phdr(device, hdr);
-	if(r < 0) 
-      		return r;
-
 	*mk=LUKS_alloc_masterkey(hdr->keyBytes);
 	for(i=0; i<LUKS_NUMKEYS; i++) {
 	    r = LUKS_open_key(device, i, password, passwordLen, hdr, *mk, backend);

luks/luks.h

@@ -117,6 +117,14 @@ int LUKS_open_any_key(const char *device,
 					struct luks_masterkey **mk,
 					struct setup_backend *backend);
 
+int LUKS_open_any_key_with_hdr(const char *device, 
+					const char *password, 
+					size_t passwordLen, 
+					struct luks_phdr *hdr, 
+					struct luks_masterkey **mk,
+					struct setup_backend *backend);
+
+
 int LUKS_del_key(const char *device, unsigned int keyIndex);
 int LUKS_is_last_keyslot(const char *device, unsigned int keyIndex);
 int LUKS_benchmarkt_iterations();