From 12974a1dd3d73c385c25b20246c4b05d82c62ab4 Mon Sep 17 00:00:00 2001 From: Clemens Fruhwirth Date: Fri, 19 Dec 2008 19:39:42 +0000 Subject: [PATCH] * Fix wrong output for remaining key at key deletion. * Allow deletion of key slot while other keys have the same key information (that implied rewritting verification logic). git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@41 36d66b0a-2a48-0410-832c-cd162a569da5 --- lib/setup.c | 19 ++++++++++++++----- luks/keymanage.c | 22 ++++++++++++++++++---- luks/luks.h | 8 ++++++++ 3 files changed, 40 insertions(+), 9 deletions(-) diff --git a/lib/setup.c b/lib/setup.c index 7f3ef657..5b6f1bfb 100644 --- a/lib/setup.c +++ b/lib/setup.c @@ -595,10 +595,9 @@ static int __crypt_luks_add_key(int arg, struct setup_backend *backend, struct c struct luks_masterkey *mk=NULL; struct luks_phdr hdr; char *password=NULL; unsigned int passwordLen; - unsigned int i; unsigned int keyIndex; + unsigned int keyIndex; const char *device = options->device; int r; - int key_slot = options->key_slot; if (!LUKS_device_ready(options->device, O_RDWR)) { set_error("Can not access device"); @@ -694,22 +693,32 @@ static int luks_remove_helper(int arg, struct setup_backend *backend, struct cry } if(options->flags & CRYPT_FLAG_VERIFY_ON_DELKEY) { + int r; + options->flags &= ~CRYPT_FLAG_VERIFY_ON_DELKEY; get_key("Enter any remaining LUKS passphrase: ",&password,&passwordLen, 0, options->key_file, options->passphrase_fd, options->timeout, options->flags); if(!password) { r = -EINVAL; goto out; } - openedIndex = LUKS_open_any_key(device, password, passwordLen, &hdr, &mk, backend); + + r = LUKS_read_phdr(device, &hdr); + if(r < 0) { + options->icb->log(CRYPT_LOG_ERROR,"Failed to access device.\n"); + r = -EIO; goto out; + } + hdr.keyblock[keyIndex].active = LUKS_KEY_DISABLED; + + openedIndex = LUKS_open_any_key_with_hdr(device, password, passwordLen, &hdr, &mk, backend); /* Clean up */ if (openedIndex >= 0) { LUKS_dealloc_masterkey(mk); mk = NULL; } - if(openedIndex < 0 || keyIndex == openedIndex) { + if(openedIndex < 0) { options->icb->log(CRYPT_LOG_ERROR,"No remaining key available with this passphrase.\n"); r = -EPERM; goto out; } else - logger(options, CRYPT_LOG_NORMAL,"key slot %d verified.\n", keyIndex); + logger(options, CRYPT_LOG_NORMAL,"key slot %d verified.\n", openedIndex); } r = LUKS_del_key(device, keyIndex); if(r < 0) goto out; diff --git a/luks/keymanage.c b/luks/keymanage.c index 53147e99..f6f8d1f6 100644 --- a/luks/keymanage.c +++ b/luks/keymanage.c @@ -331,20 +331,34 @@ out: return r; } + +/* Tries to open any key from a given LUKS device reading the header on its own */ int LUKS_open_any_key(const char *device, const char *password, size_t passwordLen, struct luks_phdr *hdr, struct luks_masterkey **mk, struct setup_backend *backend) +{ + int r; + + r = LUKS_read_phdr(device, hdr); + if(r < 0) + return r; + return LUKS_open_any_key_with_hdr(device,password,passwordLen,hdr,mk,backend); +} + + +int LUKS_open_any_key_with_hdr(const char *device, + const char *password, + size_t passwordLen, + struct luks_phdr *hdr, + struct luks_masterkey **mk, + struct setup_backend *backend) { unsigned int i; int r; - r = LUKS_read_phdr(device, hdr); - if(r < 0) - return r; - *mk=LUKS_alloc_masterkey(hdr->keyBytes); for(i=0; i