libcryptsetup-rs patch
This commit is contained in:
31
src/luks.rs
31
src/luks.rs
@@ -1,21 +1,11 @@
|
||||
use crate::error::*;
|
||||
|
||||
use libcryptsetup_rs::{CryptActivateFlags, CryptDevice, CryptInit, EncryptionFormat, KeyslotInfo};
|
||||
use libcryptsetup_rs::{CryptActivateFlags, CryptDevice, CryptInit, KeyslotInfo};
|
||||
use std::path::Path;
|
||||
|
||||
fn load_device_handle<P: AsRef<Path>>(path: P) -> Fido2LuksResult<CryptDevice> {
|
||||
let mut device = CryptInit::init(path.as_ref())?;
|
||||
//TODO: determine luks version some way other way than just trying
|
||||
let mut load = |format| device.context_handle().load::<()>(format, None).map(|_| ());
|
||||
vec![EncryptionFormat::Luks2, EncryptionFormat::Luks1]
|
||||
.into_iter()
|
||||
.fold(None, |res, format| match res {
|
||||
Some(Ok(())) => res,
|
||||
Some(e) => Some(e.or(load(format))),
|
||||
None => Some(load(format)),
|
||||
})
|
||||
.unwrap()?;
|
||||
Ok(device)
|
||||
Ok(device.context_handle().load::<()>(None, None).map(|_| device)?)
|
||||
}
|
||||
|
||||
pub fn open_container<P: AsRef<Path>>(path: P, name: &str, secret: &[u8]) -> Fido2LuksResult<()> {
|
||||
@@ -34,32 +24,31 @@ pub fn add_key<P: AsRef<Path>>(
|
||||
iteration_time: Option<u64>,
|
||||
) -> Fido2LuksResult<u32> {
|
||||
let mut device = load_device_handle(path)?;
|
||||
// Set iteration time not sure wether this applies to luks2 as well
|
||||
if let Some(millis) = iteration_time {
|
||||
device.settings_handle().set_iteration_time(millis)
|
||||
}
|
||||
let slot = device
|
||||
.keyslot_handle(None)
|
||||
.add_by_passphrase(old_secret, secret)?;
|
||||
.keyslot_handle()
|
||||
.add_by_passphrase(None,old_secret, secret)?;
|
||||
Ok(slot)
|
||||
}
|
||||
|
||||
pub fn remove_keyslots<P: AsRef<Path>>(path: P, exclude: &[u32]) -> Fido2LuksResult<u32> {
|
||||
let mut device = load_device_handle(path)?;
|
||||
let mut handle;
|
||||
let mut handle = device.keyslot_handle();
|
||||
let mut destroyed = 0;
|
||||
//TODO: detect how many keyslots there are instead of trying within a given range
|
||||
for slot in 0..1024 {
|
||||
handle = device.keyslot_handle(Some(slot));
|
||||
match handle.status()? {
|
||||
|
||||
match handle.status(slot)? {
|
||||
KeyslotInfo::Inactive => continue,
|
||||
KeyslotInfo::Active if !exclude.contains(&slot) => {
|
||||
handle.destroy()?;
|
||||
handle.destroy(slot)?;
|
||||
destroyed += 1;
|
||||
}
|
||||
_ => (),
|
||||
}
|
||||
match handle.status()? {
|
||||
match handle.status(slot)? {
|
||||
KeyslotInfo::ActiveLast => break,
|
||||
_ => (),
|
||||
}
|
||||
@@ -79,6 +68,6 @@ pub fn replace_key<P: AsRef<Path>>(
|
||||
device.settings_handle().set_iteration_time(millis)
|
||||
}
|
||||
Ok(device
|
||||
.keyslot_handle(None)
|
||||
.keyslot_handle()
|
||||
.change_by_passphrase(None, None, old_secret, secret)? as u32)
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user