Add luksCheckKey command to verify a passphrase.

diff --git a/package/cryptsetup/cryptsetup.mk b/package/cryptsetup/cryptsetup.mk
index cd4206a4a6296263861467ae3e00fc465d72e7af..419c64d506d6d40da9c166572e0cf4fd36613452 100644 (file)
--- a/package/cryptsetup/cryptsetup.mk
+++ b/package/cryptsetup/cryptsetup.mk
@@ -15,6 +15,7 @@ $(DL_DIR)/$(CRYPTSETUP_SOURCE):
 
 $(CRYPTSETUP_DIR)/.source: $(DL_DIR)/$(CRYPTSETUP_SOURCE)
        $(BZCAT) $(DL_DIR)/$(CRYPTSETUP_SOURCE) | tar -C $(BUILD_DIR) $(TAR_OPTIONS) -
+       toolchain/patch-kernel.sh $(CRYPTSETUP_DIR) package/cryptsetup/ \*.diff
        touch $@
 
 $(CRYPTSETUP_DIR)/.configured: $(CRYPTSETUP_DIR)/.source

diff --git a/package/cryptsetup/luks-check-key.diff b/package/cryptsetup/luks-check-key.diff
new file mode 100644 (file)
index 0000000..29c91a2
--- /dev/null
+++ b/package/cryptsetup/luks-check-key.diff
@@ -0,0 +1,129 @@
+diff -ru cryptsetup-1.0.7.orig/lib/libcryptsetup.h cryptsetup-1.0.7/lib/libcryptsetup.h
+--- cryptsetup-1.0.7.orig/lib/libcryptsetup.h  2009-07-22 11:12:44.000000000 +0000
++++ cryptsetup-1.0.7/lib/libcryptsetup.h       2009-12-17 22:00:00.000000000 +0000
+@@ -64,6 +64,7 @@
+ int crypt_isLuks(struct crypt_options *options);
+ int crypt_luksFormat(struct crypt_options *options);
+ int crypt_luksDump(struct crypt_options *options);
++int crypt_luksCheckKey(struct crypt_options *options);
+ 
+ void crypt_get_error(char *buf, size_t size);
+ void crypt_put_options(struct crypt_options *options);
+diff -ru cryptsetup-1.0.7.orig/lib/setup.c cryptsetup-1.0.7/lib/setup.c
+--- cryptsetup-1.0.7.orig/lib/setup.c  2009-07-22 11:12:44.000000000 +0000
++++ cryptsetup-1.0.7/lib/setup.c       2009-12-17 22:27:20.000000000 +0000
+@@ -744,6 +744,57 @@
+       return luks_remove_helper(arg, backend, options, 1);
+ }
+ 
++static int __crypt_luks_check_key(int arg, struct setup_backend *backend, struct crypt_options *options)
++{
++      struct luks_masterkey *mk=NULL;
++      struct luks_phdr hdr;
++      char *prompt = NULL;
++      char *password=NULL; unsigned int passwordLen;
++        unsigned int keyIndex;
++      const char *device = options->device;
++      int r;
++
++      if (!LUKS_device_ready(options->device, O_RDWR))
++              return -ENOTBLK;
++
++      r = LUKS_read_phdr(device, &hdr);
++      if(r < 0) return r;
++
++      if(asprintf(&prompt, "Enter LUKS passphrase for %s: ", device) < 0)
++              return -ENOMEM;
++      get_key(prompt,
++                &password,
++                &passwordLen, 
++                0,
++                options->key_file, 
++                options->passphrase_fd, 
++                options->timeout, 
++                options->flags & ~(CRYPT_FLAG_VERIFY | CRYPT_FLAG_VERIFY_IF_POSSIBLE));
++
++      if(!password) {
++              r = -EINVAL; goto out;
++      }
++        if (options->key_slot != -1) {
++                mk=LUKS_alloc_masterkey(hdr.keyBytes);
++                r = LUKS_open_key(device, options->key_slot, password, passwordLen, &hdr, mk, backend);
++        } else
++                r = LUKS_open_any_key_with_hdr(device, password, passwordLen, &hdr, &mk, backend);
++      if(r < 0) {
++              options->icb->log(CRYPT_LOG_ERROR,"No key available with this passphrase.\n");
++              r = -EPERM; goto out;
++      } else
++              logger(options, CRYPT_LOG_NORMAL,"key slot %d unlocked.\n", r);
++
++      r = 0;
++out:
++      safe_free(password);
++      LUKS_dealloc_masterkey(mk);
++
++      free(prompt);
++
++      return r;
++}
++
+ 
+ static int crypt_job(int (*job)(int arg, struct setup_backend *backend,
+                                 struct crypt_options *options),
+@@ -891,6 +942,11 @@
+       return 0;
+ }
+ 
++int crypt_luksCheckKey(struct crypt_options *options)
++{
++      return crypt_job(__crypt_luks_check_key, 0, options);
++}
++
+ 
+ void crypt_get_error(char *buf, size_t size)
+ {
+diff -ru cryptsetup-1.0.7.orig/src/cryptsetup.c cryptsetup-1.0.7/src/cryptsetup.c
+--- cryptsetup-1.0.7.orig/src/cryptsetup.c     2009-07-22 11:12:44.000000000 +0000
++++ cryptsetup-1.0.7/src/cryptsetup.c  2009-12-17 22:11:15.000000000 +0000
+@@ -49,6 +49,7 @@
+ static int action_isLuks(int arg);
+ static int action_luksUUID(int arg);
+ static int action_luksDump(int arg);
++static int action_luksCheckKey(int arg);
+ 
+ static struct action_type {
+       const char *type;
+@@ -72,6 +73,7 @@
+       { "luksClose",  action_remove, 0, 1, N_("<name>"), N_("remove LUKS mapping") },
+       { "luksDump",   action_luksDump, 0, 1, N_("<device>"), N_("dump LUKS partition information") },
+       { "luksDelKey",  action_luksDelKey, 0, 2, N_("<device> <key slot>"), N_("identical to luksKillSlot - DEPRECATED - see man page") },
++      { "luksCheckKey",       action_luksCheckKey, 0, 1, N_("<device>"), N_("check key can open LUKS device") },
+       { "reload",     action_create, 1, 2, N_("<name> <device>"), N_("modify active device - DEPRECATED - see man page") },
+       { NULL, NULL, 0, 0, NULL }
+ };
+@@ -402,6 +404,25 @@
+       return r;
+ }
+ 
++static int action_luksCheckKey(int arg)
++{
++      struct crypt_options options = {
++              .device = action_argv[0],
++              .key_file = opt_key_file,
++              .key_slot = opt_key_slot,
++              .timeout = opt_timeout,
++              .tries = opt_tries,
++              .icb = &cmd_icb,
++      };
++      int r; 
++
++      opt_verbose = 1;
++        options.flags = CRYPT_FLAG_NON_EXCLUSIVE_ACCESS;
++      r = crypt_luksCheckKey(&options);
++      show_status(-r);
++      return r;
++}
++
+ static void usage(poptContext popt_context, int exitcode,
+                   const char *error, const char *more)
+ {