From b308c97a92ce9e59bc9ae49acd4f9706c83d9454 Mon Sep 17 00:00:00 2001
From: Christian Limpach <chris@rogan.ad.xensource.com>
Date: Thu, 17 Dec 2009 23:04:37 +0000
Subject: [PATCH] Add luksCheckKey command to verify a passphrase.

---
 package/cryptsetup/cryptsetup.mk       |   1 +
 package/cryptsetup/luks-check-key.diff | 129 +++++++++++++++++++++++++
 2 files changed, 130 insertions(+)
 create mode 100644 package/cryptsetup/luks-check-key.diff

diff --git a/package/cryptsetup/cryptsetup.mk b/package/cryptsetup/cryptsetup.mk
index cd4206a..419c64d 100644
--- a/package/cryptsetup/cryptsetup.mk
+++ b/package/cryptsetup/cryptsetup.mk
@@ -15,6 +15,7 @@ $(DL_DIR)/$(CRYPTSETUP_SOURCE):
 
 $(CRYPTSETUP_DIR)/.source: $(DL_DIR)/$(CRYPTSETUP_SOURCE)
 	$(BZCAT) $(DL_DIR)/$(CRYPTSETUP_SOURCE) | tar -C $(BUILD_DIR) $(TAR_OPTIONS) -
+	toolchain/patch-kernel.sh $(CRYPTSETUP_DIR) package/cryptsetup/ \*.diff
 	touch $@
 
 $(CRYPTSETUP_DIR)/.configured: $(CRYPTSETUP_DIR)/.source
diff --git a/package/cryptsetup/luks-check-key.diff b/package/cryptsetup/luks-check-key.diff
new file mode 100644
index 0000000..29c91a2
--- /dev/null
+++ b/package/cryptsetup/luks-check-key.diff
@@ -0,0 +1,129 @@
+diff -ru cryptsetup-1.0.7.orig/lib/libcryptsetup.h cryptsetup-1.0.7/lib/libcryptsetup.h
+--- cryptsetup-1.0.7.orig/lib/libcryptsetup.h	2009-07-22 11:12:44.000000000 +0000
++++ cryptsetup-1.0.7/lib/libcryptsetup.h	2009-12-17 22:00:00.000000000 +0000
+@@ -64,6 +64,7 @@
+ int crypt_isLuks(struct crypt_options *options);
+ int crypt_luksFormat(struct crypt_options *options);
+ int crypt_luksDump(struct crypt_options *options);
++int crypt_luksCheckKey(struct crypt_options *options);
+ 
+ void crypt_get_error(char *buf, size_t size);
+ void crypt_put_options(struct crypt_options *options);
+diff -ru cryptsetup-1.0.7.orig/lib/setup.c cryptsetup-1.0.7/lib/setup.c
+--- cryptsetup-1.0.7.orig/lib/setup.c	2009-07-22 11:12:44.000000000 +0000
++++ cryptsetup-1.0.7/lib/setup.c	2009-12-17 22:27:20.000000000 +0000
+@@ -744,6 +744,57 @@
+ 	return luks_remove_helper(arg, backend, options, 1);
+ }
+ 
++static int __crypt_luks_check_key(int arg, struct setup_backend *backend, struct crypt_options *options)
++{
++	struct luks_masterkey *mk=NULL;
++	struct luks_phdr hdr;
++	char *prompt = NULL;
++	char *password=NULL; unsigned int passwordLen;
++        unsigned int keyIndex;
++	const char *device = options->device;
++	int r;
++
++	if (!LUKS_device_ready(options->device, O_RDWR))
++		return -ENOTBLK;
++
++	r = LUKS_read_phdr(device, &hdr);
++	if(r < 0) return r;
++
++	if(asprintf(&prompt, "Enter LUKS passphrase for %s: ", device) < 0)
++		return -ENOMEM;
++	get_key(prompt,
++                &password,
++                &passwordLen, 
++                0,
++                options->key_file, 
++                options->passphrase_fd, 
++                options->timeout, 
++                options->flags & ~(CRYPT_FLAG_VERIFY | CRYPT_FLAG_VERIFY_IF_POSSIBLE));
++
++	if(!password) {
++		r = -EINVAL; goto out;
++	}
++        if (options->key_slot != -1) {
++                mk=LUKS_alloc_masterkey(hdr.keyBytes);
++                r = LUKS_open_key(device, options->key_slot, password, passwordLen, &hdr, mk, backend);
++        } else
++                r = LUKS_open_any_key_with_hdr(device, password, passwordLen, &hdr, &mk, backend);
++	if(r < 0) {
++	        options->icb->log(CRYPT_LOG_ERROR,"No key available with this passphrase.\n");
++		r = -EPERM; goto out;
++	} else
++	        logger(options, CRYPT_LOG_NORMAL,"key slot %d unlocked.\n", r);
++
++	r = 0;
++out:
++	safe_free(password);
++	LUKS_dealloc_masterkey(mk);
++
++	free(prompt);
++
++	return r;
++}
++
+ 
+ static int crypt_job(int (*job)(int arg, struct setup_backend *backend,
+                                 struct crypt_options *options),
+@@ -891,6 +942,11 @@
+ 	return 0;
+ }
+ 
++int crypt_luksCheckKey(struct crypt_options *options)
++{
++	return crypt_job(__crypt_luks_check_key, 0, options);
++}
++
+ 
+ void crypt_get_error(char *buf, size_t size)
+ {
+diff -ru cryptsetup-1.0.7.orig/src/cryptsetup.c cryptsetup-1.0.7/src/cryptsetup.c
+--- cryptsetup-1.0.7.orig/src/cryptsetup.c	2009-07-22 11:12:44.000000000 +0000
++++ cryptsetup-1.0.7/src/cryptsetup.c	2009-12-17 22:11:15.000000000 +0000
+@@ -49,6 +49,7 @@
+ static int action_isLuks(int arg);
+ static int action_luksUUID(int arg);
+ static int action_luksDump(int arg);
++static int action_luksCheckKey(int arg);
+ 
+ static struct action_type {
+ 	const char *type;
+@@ -72,6 +73,7 @@
+ 	{ "luksClose",	action_remove, 0, 1, N_("<name>"), N_("remove LUKS mapping") },
+ 	{ "luksDump",	action_luksDump, 0, 1, N_("<device>"), N_("dump LUKS partition information") },
+ 	{ "luksDelKey",  action_luksDelKey, 0, 2, N_("<device> <key slot>"), N_("identical to luksKillSlot - DEPRECATED - see man page") },
++	{ "luksCheckKey",	action_luksCheckKey, 0, 1, N_("<device>"), N_("check key can open LUKS device") },
+ 	{ "reload",	action_create, 1, 2, N_("<name> <device>"), N_("modify active device - DEPRECATED - see man page") },
+ 	{ NULL, NULL, 0, 0, NULL }
+ };
+@@ -402,6 +404,25 @@
+ 	return r;
+ }
+ 
++static int action_luksCheckKey(int arg)
++{
++	struct crypt_options options = {
++		.device = action_argv[0],
++		.key_file = opt_key_file,
++		.key_slot = opt_key_slot,
++		.timeout = opt_timeout,
++		.tries = opt_tries,
++		.icb = &cmd_icb,
++	};
++	int r; 
++
++	opt_verbose = 1;
++        options.flags = CRYPT_FLAG_NON_EXCLUSIVE_ACCESS;
++	r = crypt_luksCheckKey(&options);
++	show_status(-r);
++	return r;
++}
++
+ static void usage(poptContext popt_context, int exitcode,
+                   const char *error, const char *more)
+ {
-- 
2.39.5