eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-13 20:00:08 +01:00
Code Issues Packages Projects Releases Wiki Activity

Simplify return codes from get key functions.

Browse Source 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@363 36d66b0a-2a48-0410-832c-cd162a569da5
This commit is contained in:
Milan Broz
2010-11-13 16:41:29 +00:00
parent 6258753b1a
commit f90edb6133
4 changed files with 131 additions and 152 deletions
Download Patch File Download Diff File Expand all files Collapse all files

161
lib/setup.c
View File

@@ -173,16 +173,17 @@ static int verify_other_keyslot(struct crypt_device *cd,
const char *key_file, const char *key_file,
int keyIndex) int keyIndex)
{ {
struct volume_key *vk; struct volume_key *vk = NULL;
crypt_keyslot_info ki; crypt_keyslot_info ki;
int openedIndex; int openedIndex, r;
char *password = NULL; char *password = NULL;
unsigned int passwordLen; unsigned int passwordLen;
crypt_get_key(_("Enter any remaining LUKS passphrase: "), &password, r = crypt_get_key(_("Enter any remaining LUKS passphrase: "),
&passwordLen, 0, key_file, cd->timeout, cd->password_verify, cd); &password, &passwordLen, 0, key_file, cd->timeout,
if(!password) cd->password_verify, cd);
return -EINVAL; if(r < 0)
goto out;
ki = crypt_keyslot_status(cd, keyIndex); ki = crypt_keyslot_status(cd, keyIndex);
if (ki == CRYPT_SLOT_ACTIVE) /* Not last slot */ if (ki == CRYPT_SLOT_ACTIVE) /* Not last slot */
@@ -194,36 +195,37 @@ static int verify_other_keyslot(struct crypt_device *cd,
if (ki == CRYPT_SLOT_ACTIVE) if (ki == CRYPT_SLOT_ACTIVE)
LUKS_keyslot_set(&cd->hdr, keyIndex, 1); LUKS_keyslot_set(&cd->hdr, keyIndex, 1);
crypt_free_volume_key(vk);
crypt_safe_free(password);
if (openedIndex < 0) if (openedIndex < 0)
return -EPERM; r = -EPERM;
else
log_verbose(cd, _("Key slot %d verified.\n"), openedIndex); log_verbose(cd, _("Key slot %d verified.\n"), openedIndex);
return 0; out:
crypt_free_volume_key(vk);
crypt_safe_free(password);
return r;
} }
static int find_keyslot_by_passphrase(struct crypt_device *cd, static int find_keyslot_by_passphrase(struct crypt_device *cd,
const char *key_file, const char *key_file,
char *message) char *message)
{ {
struct volume_key *vk; struct volume_key *vk = NULL;
char *password = NULL; char *password = NULL;
unsigned int passwordLen; unsigned int passwordLen;
int keyIndex; int r;
crypt_get_key(message,&password,&passwordLen, 0, key_file, r = crypt_get_key(message,&password,&passwordLen, 0, key_file,
cd->timeout, cd->password_verify, cd); cd->timeout, cd->password_verify, cd);
if(!password) if (r < 0)
return -EINVAL; goto out;
keyIndex = LUKS_open_key_with_hdr(cd->device, CRYPT_ANY_SLOT, password, r = LUKS_open_key_with_hdr(cd->device, CRYPT_ANY_SLOT, password,
passwordLen, &cd->hdr, &vk, cd); passwordLen, &cd->hdr, &vk, cd);
out:
crypt_free_volume_key(vk); crypt_free_volume_key(vk);
crypt_safe_free(password); crypt_safe_free(password);
return r;
return keyIndex;
} }
static int device_check_and_adjust(struct crypt_device *cd, static int device_check_and_adjust(struct crypt_device *cd,
@@ -437,7 +439,7 @@ int crypt_confirm(struct crypt_device *cd, const char *msg)
return cd->confirm(msg, cd->confirm_usrptr); return cd->confirm(msg, cd->confirm_usrptr);
} }
static void key_from_terminal(struct crypt_device *cd, char *msg, char **key, static int key_from_terminal(struct crypt_device *cd, char *msg, char **key,
unsigned int *key_len, int force_verify) unsigned int *key_len, int force_verify)
{ {
char *prompt = NULL; char *prompt = NULL;
@@ -446,7 +448,7 @@ static void key_from_terminal(struct crypt_device *cd, char *msg, char **key,
*key = NULL; *key = NULL;
if(!msg && asprintf(&prompt, _("Enter passphrase for %s: "), if(!msg && asprintf(&prompt, _("Enter passphrase for %s: "),
cd->device) < 0) cd->device) < 0)
return; return -ENOMEM;
if (!msg) if (!msg)
msg = prompt; msg = prompt;
@@ -454,8 +456,8 @@ static void key_from_terminal(struct crypt_device *cd, char *msg, char **key,
if (cd->password) { if (cd->password) {
*key = crypt_safe_alloc(MAX_TTY_PASSWORD_LEN); *key = crypt_safe_alloc(MAX_TTY_PASSWORD_LEN);
if (!*key) { if (!*key) {
free(prompt); r = -ENOMEM;
return; goto out;
} }
r = cd->password(msg, *key, MAX_TTY_PASSWORD_LEN, cd->password_usrptr); r = cd->password(msg, *key, MAX_TTY_PASSWORD_LEN, cd->password_usrptr);
if (r < 0) { if (r < 0) {
@@ -464,10 +466,11 @@ static void key_from_terminal(struct crypt_device *cd, char *msg, char **key,
} else } else
*key_len = r; *key_len = r;
} else } else
crypt_get_key(msg, key, key_len, 0, NULL, cd->timeout, r = crypt_get_key(msg, key, key_len, 0, NULL, cd->timeout,
(force_verify || cd->password_verify), cd); (force_verify || cd->password_verify), cd);
out:
free(prompt); free(prompt);
return (r < 0) ? r: 0;
} }
static int volume_key_by_terminal_passphrase(struct crypt_device *cd, int keyslot, static int volume_key_by_terminal_passphrase(struct crypt_device *cd, int keyslot,
@@ -483,32 +486,32 @@ static int volume_key_by_terminal_passphrase(struct crypt_device *cd, int keyslo
crypt_free_volume_key(*vk); crypt_free_volume_key(*vk);
*vk = NULL; *vk = NULL;
key_from_terminal(cd, NULL, &passphrase_read, r = key_from_terminal(cd, NULL, &passphrase_read,
&passphrase_size_read, 0); &passphrase_size_read, 0);
if(!passphrase_read) { if(r < 0)
r = -EINVAL; goto out;
break;
}
r = LUKS_open_key_with_hdr(cd->device, keyslot, passphrase_read, r = LUKS_open_key_with_hdr(cd->device, keyslot, passphrase_read,
passphrase_size_read, &cd->hdr, vk, cd); passphrase_size_read, &cd->hdr, vk, cd);
crypt_safe_free(passphrase_read); crypt_safe_free(passphrase_read);
passphrase_read = NULL; passphrase_read = NULL;
} while (r == -EPERM && (--tries > 0)); } while (r == -EPERM && (--tries > 0));
out:
if (r < 0 && *vk) { if (r < 0) {
crypt_free_volume_key(*vk); crypt_free_volume_key(*vk);
*vk = NULL; *vk = NULL;
} }
crypt_safe_free(passphrase_read);
return r; return r;
} }
static void key_from_file(struct crypt_device *cd, char *msg, static int key_from_file(struct crypt_device *cd, char *msg,
char **key, unsigned int *key_len, char **key, unsigned int *key_len,
const char *key_file, size_t key_size) const char *key_file, size_t key_size)
{ {
crypt_get_key(msg, key, key_len, key_size, key_file, cd->timeout, 0, cd); return crypt_get_key(msg, key, key_len, key_size, key_file,
cd->timeout, 0, cd);
} }
static int _crypt_init(struct crypt_device **cd, static int _crypt_init(struct crypt_device **cd,
@@ -601,11 +604,9 @@ static int crypt_create_and_update_device(struct crypt_options *options, int upd
if (r) if (r)
return r; return r;
crypt_get_key(_("Enter passphrase: "), &key, &keyLen, options->key_size, r = crypt_get_key(_("Enter passphrase: "), &key, &keyLen, options->key_size,
options->key_file, cd->timeout, cd->password_verify, cd); options->key_file, cd->timeout, cd->password_verify, cd);
if (!key) if (!r)
r = -ENOENT;
else
r = create_device_helper(cd, options->name, options->hash, r = create_device_helper(cd, options->name, options->hash,
options->cipher, NULL, options->key_file, key, keyLen, options->cipher, NULL, options->key_file, key, keyLen,
options->key_size, options->size, options->skip, options->key_size, options->size, options->skip,
@@ -766,13 +767,11 @@ int crypt_luksFormat(struct crypt_options *options)
goto out; goto out;
} }
crypt_get_key(_("Enter LUKS passphrase: "), &password, &passwordLen, 0, r = crypt_get_key(_("Enter LUKS passphrase: "), &password, &passwordLen, 0,
options->new_key_file, cd->timeout, cd->password_verify, cd); options->new_key_file, cd->timeout, cd->password_verify, cd);
if(!password) { if(r < 0)
r = -EINVAL;
goto out; goto out;
}
r = crypt_format(cd, CRYPT_LUKS1, cipherName, cipherMode, r = crypt_format(cd, CRYPT_LUKS1, cipherName, cipherMode,
NULL, NULL, options->key_size, &cp); NULL, NULL, options->key_size, &cp);
@@ -1498,25 +1497,22 @@ int crypt_resume_by_keyfile(struct crypt_device *cd,
if (!keyfile) if (!keyfile)
return -EINVAL; return -EINVAL;
key_from_file(cd, _("Enter passphrase: "), &passphrase_read, r = key_from_file(cd, _("Enter passphrase: "), &passphrase_read,
&passphrase_size_read, keyfile, keyfile_size); &passphrase_size_read, keyfile, keyfile_size);
if (r < 0)
goto out;
if(!passphrase_read)
r = -EINVAL;
else {
r = LUKS_open_key_with_hdr(cd->device, keyslot, passphrase_read, r = LUKS_open_key_with_hdr(cd->device, keyslot, passphrase_read,
passphrase_size_read, &cd->hdr, &vk, cd); passphrase_size_read, &cd->hdr, &vk, cd);
crypt_safe_free(passphrase_read); if (r < 0)
} goto out;
if (r >= 0) {
keyslot = r; keyslot = r;
r = dm_resume_and_reinstate_key(name, vk->keylength, vk->key); r = dm_resume_and_reinstate_key(name, vk->keylength, vk->key);
if (r) if (r)
log_err(cd, "Error during resuming device %s.\n", name); log_err(cd, "Error during resuming device %s.\n", name);
} else
r = keyslot;
out: out:
crypt_safe_free(passphrase_read);
crypt_free_volume_key(vk); crypt_free_volume_key(vk);
return r < 0 ? r : keyslot; return r < 0 ? r : keyslot;
} }
@@ -1562,12 +1558,10 @@ int crypt_keyslot_add_by_passphrase(struct crypt_device *cd,
passphrase_size, &cd->hdr, &vk, cd); passphrase_size, &cd->hdr, &vk, cd);
} else { } else {
/* Passphrase not provided, ask first and use it to unlock existing keyslot */ /* Passphrase not provided, ask first and use it to unlock existing keyslot */
key_from_terminal(cd, _("Enter any passphrase: "), r = key_from_terminal(cd, _("Enter any passphrase: "),
&password, &passwordLen, 0); &password, &passwordLen, 0);
if (!password) { if (r < 0)
r = -EINVAL;
goto out; goto out;
}
r = LUKS_open_key_with_hdr(cd->device, CRYPT_ANY_SLOT, password, r = LUKS_open_key_with_hdr(cd->device, CRYPT_ANY_SLOT, password,
passwordLen, &cd->hdr, &vk, cd); passwordLen, &cd->hdr, &vk, cd);
@@ -1581,13 +1575,11 @@ int crypt_keyslot_add_by_passphrase(struct crypt_device *cd,
new_password = (char *)new_passphrase; new_password = (char *)new_passphrase;
new_passwordLen = new_passphrase_size; new_passwordLen = new_passphrase_size;
} else { } else {
key_from_terminal(cd, _("Enter new passphrase for key slot: "), r = key_from_terminal(cd, _("Enter new passphrase for key slot: "),
&new_password, &new_passwordLen, 1); &new_password, &new_passwordLen, 1);
if(!new_password) { if(r < 0)
r = -EINVAL;
goto out; goto out;
} }
}
r = LUKS_set_key(cd->device, keyslot, new_password, new_passwordLen, r = LUKS_set_key(cd->device, keyslot, new_password, new_passwordLen,
&cd->hdr, vk, cd->iteration_time, &cd->PBKDF2_per_sec, cd); &cd->hdr, vk, cd->iteration_time, &cd->PBKDF2_per_sec, cd);
@@ -1637,39 +1629,36 @@ int crypt_keyslot_add_by_keyfile(struct crypt_device *cd,
} else { } else {
/* Read password from file of (if NULL) from terminal */ /* Read password from file of (if NULL) from terminal */
if (keyfile) if (keyfile)
key_from_file(cd, _("Enter any passphrase: "), &password, &passwordLen, r = key_from_file(cd, _("Enter any passphrase: "),
&password, &passwordLen,
keyfile, keyfile_size); keyfile, keyfile_size);
else else
key_from_terminal(cd, _("Enter any passphrase: "), r = key_from_terminal(cd, _("Enter any passphrase: "),
&password, &passwordLen, 0); &password, &passwordLen, 0);
if (r < 0)
if (!password) goto out;
return -EINVAL;
r = LUKS_open_key_with_hdr(cd->device, CRYPT_ANY_SLOT, password, passwordLen, r = LUKS_open_key_with_hdr(cd->device, CRYPT_ANY_SLOT, password, passwordLen,
&cd->hdr, &vk, cd); &cd->hdr, &vk, cd);
crypt_safe_free(password);
} }
if(r < 0) if(r < 0)
goto out; goto out;
if (new_keyfile) if (new_keyfile)
key_from_file(cd, _("Enter new passphrase for key slot: "), r = key_from_file(cd, _("Enter new passphrase for key slot: "),
&new_password, &new_passwordLen, new_keyfile, &new_password, &new_passwordLen, new_keyfile,
new_keyfile_size); new_keyfile_size);
else else
key_from_terminal(cd, _("Enter new passphrase for key slot: "), r = key_from_terminal(cd, _("Enter new passphrase for key slot: "),
&new_password, &new_passwordLen, 1); &new_password, &new_passwordLen, 1);
if (r < 0)
if(!new_password) {
r = -EINVAL;
goto out; goto out;
}
r = LUKS_set_key(cd->device, keyslot, new_password, new_passwordLen, r = LUKS_set_key(cd->device, keyslot, new_password, new_passwordLen,
&cd->hdr, vk, cd->iteration_time, &cd->PBKDF2_per_sec, cd); &cd->hdr, vk, cd->iteration_time, &cd->PBKDF2_per_sec, cd);
out: out:
crypt_safe_free(password);
crypt_safe_free(new_password); crypt_safe_free(new_password);
crypt_free_volume_key(vk); crypt_free_volume_key(vk);
return r < 0 ? r : keyslot; return r < 0 ? r : keyslot;
@@ -1712,8 +1701,10 @@ int crypt_keyslot_add_by_volume_key(struct crypt_device *cd,
goto out; goto out;
if (!passphrase) { if (!passphrase) {
key_from_terminal(cd, _("Enter new passphrase for key slot: "), r = key_from_terminal(cd, _("Enter new passphrase for key slot: "),
&new_password, &new_passwordLen, 1); &new_password, &new_passwordLen, 1);
if (r < 0)
goto out;
passphrase = new_password; passphrase = new_password;
passphrase_size = new_passwordLen; passphrase_size = new_passwordLen;
} }
@@ -1721,10 +1712,9 @@ int crypt_keyslot_add_by_volume_key(struct crypt_device *cd,
r = LUKS_set_key(cd->device, keyslot, passphrase, passphrase_size, r = LUKS_set_key(cd->device, keyslot, passphrase, passphrase_size,
&cd->hdr, vk, cd->iteration_time, &cd->PBKDF2_per_sec, cd); &cd->hdr, vk, cd->iteration_time, &cd->PBKDF2_per_sec, cd);
out: out:
if (new_password)
crypt_safe_free(new_password); crypt_safe_free(new_password);
crypt_free_volume_key(vk); crypt_free_volume_key(vk);
return r ?: keyslot; return (r < 0) ? r : keyslot;
} }
int crypt_keyslot_destroy(struct crypt_device *cd, int keyslot) int crypt_keyslot_destroy(struct crypt_device *cd, int keyslot)
@@ -1782,12 +1772,10 @@ int crypt_activate_by_passphrase(struct crypt_device *cd,
/* plain, use hashed passphrase */ /* plain, use hashed passphrase */
if (isPLAIN(cd->type)) { if (isPLAIN(cd->type)) {
if (!passphrase) { if (!passphrase) {
key_from_terminal(cd, NULL, &read_passphrase, r = key_from_terminal(cd, NULL, &read_passphrase,
&passphrase_size, 0); &passphrase_size, 0);
if (!read_passphrase) { if (r < 0)
r = -EINVAL;
goto out; goto out;
}
passphrase = read_passphrase; passphrase = read_passphrase;
} }
r = create_device_helper(cd, name, cd->plain_hdr.hash, r = create_device_helper(cd, name, cd->plain_hdr.hash,
@@ -1854,22 +1842,21 @@ int crypt_activate_by_keyfile(struct crypt_device *cd,
if (!keyfile) if (!keyfile)
return -EINVAL; return -EINVAL;
key_from_file(cd, _("Enter passphrase: "), &passphrase_read, r = key_from_file(cd, _("Enter passphrase: "), &passphrase_read,
&passphrase_size_read, keyfile, keyfile_size); &passphrase_size_read, keyfile, keyfile_size);
if(!passphrase_read) if (r < 0)
r = -EINVAL; goto out;
else {
r = LUKS_open_key_with_hdr(cd->device, keyslot, passphrase_read, r = LUKS_open_key_with_hdr(cd->device, keyslot, passphrase_read,
passphrase_size_read, &cd->hdr, &vk, cd); passphrase_size_read, &cd->hdr, &vk, cd);
crypt_safe_free(passphrase_read); if (r < 0)
} goto out;
if (r >= 0) {
keyslot = r; keyslot = r;
if (name) if (name)
r = open_from_hdr_and_vk(cd, vk, name, flags); r = open_from_hdr_and_vk(cd, vk, name, flags);
} out:
crypt_safe_free(passphrase_read);
crypt_free_volume_key(vk); crypt_free_volume_key(vk);
return r < 0 ? r : keyslot; return r < 0 ? r : keyslot;

5
lib/utils_crypt.c
View File

@@ -175,7 +175,7 @@ out_err:
* Note: --key-file=- is interpreted as a read from a binary file (stdin) * Note: --key-file=- is interpreted as a read from a binary file (stdin)
*/ */
void crypt_get_key(char *prompt, char **key, unsigned int *passLen, int key_size, int crypt_get_key(char *prompt, char **key, unsigned int *passLen, int key_size,
const char *key_file, int timeout, int verify, const char *key_file, int timeout, int verify,
struct crypt_device *cd) struct crypt_device *cd)
{ {
@@ -282,7 +282,7 @@ void crypt_get_key(char *prompt, char **key, unsigned int *passLen, int key_size
} }
if(fd != STDIN_FILENO) if(fd != STDIN_FILENO)
close(fd); close(fd);
return; return 0;
out_err: out_err:
if(fd >= 0 && fd != STDIN_FILENO) if(fd >= 0 && fd != STDIN_FILENO)
@@ -291,4 +291,5 @@ out_err:
crypt_safe_free(pass); crypt_safe_free(pass);
*key = NULL; *key = NULL;
*passLen = 0; *passLen = 0;
return -EINVAL;
} }

2
lib/utils_crypt.h
View File

@@ -10,7 +10,7 @@ struct crypt_device;
int crypt_parse_name_and_mode(const char *s, char *cipher, char *cipher_mode); int crypt_parse_name_and_mode(const char *s, char *cipher, char *cipher_mode);
void crypt_get_key(char *prompt, char **key, unsigned int *passLen, int key_size, int crypt_get_key(char *prompt, char **key, unsigned int *passLen, int key_size,
const char *key_file, int timeout, int how2verify, const char *key_file, int timeout, int how2verify,
struct crypt_device *cd); struct crypt_device *cd);

45
src/cryptsetup.c
View File

@@ -223,12 +223,11 @@ static int action_create(int arg)
if (r < 0) if (r < 0)
goto out; goto out;
crypt_get_key(_("Enter passphrase: "), r = crypt_get_key(_("Enter passphrase: "), &password, &passwordLen,
&password, &passwordLen, opt_keyfile_size, opt_key_file, opt_timeout,
opt_keyfile_size, opt_key_file, opt_batch_mode ? 0 : opt_verify_passphrase, cd);
opt_timeout, if (r < 0)
opt_batch_mode ? 0 : opt_verify_passphrase, goto out;
cd);
r = crypt_activate_by_passphrase(cd, action_argv[0], CRYPT_ANY_SLOT, r = crypt_activate_by_passphrase(cd, action_argv[0], CRYPT_ANY_SLOT,
password, passwordLen, password, passwordLen,
@@ -380,14 +379,10 @@ static int action_luksFormat(int arg)
else if (opt_urandom) else if (opt_urandom)
crypt_set_rng_type(cd, CRYPT_RNG_URANDOM); crypt_set_rng_type(cd, CRYPT_RNG_URANDOM);
r = -EINVAL; r = crypt_get_key(_("Enter LUKS passphrase: "), &password, &passwordLen,
crypt_get_key(_("Enter LUKS passphrase: "), opt_keyfile_size, opt_key_file, opt_timeout,
&password, &passwordLen, opt_batch_mode ? 0 : 1 /* always verify */, cd);
opt_keyfile_size, opt_key_file, if (r < 0)
opt_timeout,
opt_batch_mode ? 0 : 1, /* always verify */
cd);
if(!password)
goto out; goto out;
if (opt_master_key_file) { if (opt_master_key_file) {
@@ -452,19 +447,17 @@ static int verify_keyslot(struct crypt_device *cd, int key_slot,
crypt_keyslot_info ki; crypt_keyslot_info ki;
char *password = NULL; char *password = NULL;
unsigned int passwordLen, i; unsigned int passwordLen, i;
int r = -EPERM; int r;
ki = crypt_keyslot_status(cd, key_slot); ki = crypt_keyslot_status(cd, key_slot);
if (ki == CRYPT_SLOT_ACTIVE_LAST && msg_last && !_yesDialog(msg_last, NULL)) if (ki == CRYPT_SLOT_ACTIVE_LAST && msg_last && !_yesDialog(msg_last, NULL))
return -EPERM; return -EPERM;
crypt_get_key(msg_pass, &password, &passwordLen, r = crypt_get_key(msg_pass, &password, &passwordLen,
keyfile_size, key_file, keyfile_size, key_file, opt_timeout,
opt_timeout, opt_batch_mode ? 0 : opt_verify_passphrase, cd);
opt_batch_mode ? 0 : opt_verify_passphrase, if(r < 0)
cd); goto out;
if(!password)
return -EINVAL;
if (ki == CRYPT_SLOT_ACTIVE_LAST) { if (ki == CRYPT_SLOT_ACTIVE_LAST) {
/* check the last keyslot */ /* check the last keyslot */
@@ -486,7 +479,7 @@ static int verify_keyslot(struct crypt_device *cd, int key_slot,
if (r < 0) if (r < 0)
log_err(_("No key available with this passphrase.\n")); log_err(_("No key available with this passphrase.\n"));
out:
crypt_safe_free(password); crypt_safe_free(password);
return r; return r;
} }
@@ -548,16 +541,14 @@ static int action_luksRemoveKey(int arg)
if ((r = crypt_load(cd, CRYPT_LUKS1, NULL))) if ((r = crypt_load(cd, CRYPT_LUKS1, NULL)))
goto out; goto out;
crypt_get_key(_("Enter LUKS passphrase to be deleted: "), r = crypt_get_key(_("Enter LUKS passphrase to be deleted: "),
&password, &passwordLen, &password, &passwordLen,
opt_keyfile_size, opt_key_file, opt_keyfile_size, opt_key_file,
opt_timeout, opt_timeout,
opt_batch_mode ? 0 : opt_verify_passphrase, opt_batch_mode ? 0 : opt_verify_passphrase,
cd); cd);
if(!password) { if(r < 0)
r = -EINVAL;
goto out; goto out;
}
r = crypt_activate_by_passphrase(cd, NULL, CRYPT_ANY_SLOT, r = crypt_activate_by_passphrase(cd, NULL, CRYPT_ANY_SLOT,
password, passwordLen, 0); password, passwordLen, 0);