Add ability to decrypt multiple data objects in the same session using a cryptographic card

Add LUKS key verification routine

1 files changed, 31 insertions, 0 deletions

diff --git a/tdecore/tdehw/tdestoragedevice.cpp b/tdecore/tdehw/tdestoragedevice.cpp
index 1b4be9283..ff309f0f5 100644
--- a/tdecore/tdehw/tdestoragedevice.cpp
+++ b/tdecore/tdehw/tdestoragedevice.cpp
@@ -179,11 +179,16 @@ void TDEStorageDevice::internalInitializeLUKSIfNeeded() {
 }
 
 void TDEStorageDevice::cryptSetOperationsUnlockPassword(TQByteArray password) {
+#if defined(WITH_CRYPTSETUP)
+	crypt_memory_lock(NULL, 1);
 	m_cryptDevicePassword = password;
+#endif
 }
 
 void TDEStorageDevice::cryptClearOperationsUnlockPassword() {
+	m_cryptDevicePassword.fill(0);
 	m_cryptDevicePassword.resize(0);
+	crypt_memory_lock(NULL, 0);
 }
 
 bool TDEStorageDevice::cryptOperationsUnlockPasswordSet() {
@@ -195,6 +200,32 @@ bool TDEStorageDevice::cryptOperationsUnlockPasswordSet() {
 	}
 }
 
+TDELUKSResult::TDELUKSResult TDEStorageDevice::cryptCheckKey(unsigned int keyslot) {
+#if defined(WITH_CRYPTSETUP)
+	int ret;
+
+	if (m_cryptDevice) {
+		if (keyslot < m_cryptKeySlotCount) {
+			ret = crypt_activate_by_passphrase(m_cryptDevice, NULL, keyslot, m_cryptDevicePassword.data(), m_cryptDevicePassword.size(), 0);
+			if (ret < 0) {
+				return TDELUKSResult::KeyslotOpFailed;
+			}
+			else {
+				return TDELUKSResult::Success;
+			}
+		}
+		else {
+			return TDELUKSResult::InvalidKeyslot;
+		}
+	}
+	else {
+		return TDELUKSResult::LUKSNotFound;
+	}
+#else
+	return TDELUKSResult::LUKSNotSupported;
+#endif
+}
+
 TDELUKSResult::TDELUKSResult TDEStorageDevice::cryptAddKey(unsigned int keyslot, TQByteArray password) {
 #if defined(WITH_CRYPTSETUP)
 	int ret;