From 64fdd666ffad209bf51b73530b80e6868507e67c Mon Sep 17 00:00:00 2001 From: Timothy Pearson Date: Mon, 14 Sep 2015 20:33:12 -0500 Subject: Add ability to decrypt multiple data objects in the same session using a cryptographic card Add LUKS key verification routine --- tdecore/tdehw/tdestoragedevice.cpp | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) (limited to 'tdecore/tdehw/tdestoragedevice.cpp') diff --git a/tdecore/tdehw/tdestoragedevice.cpp b/tdecore/tdehw/tdestoragedevice.cpp index 1b4be9283..ff309f0f5 100644 --- a/tdecore/tdehw/tdestoragedevice.cpp +++ b/tdecore/tdehw/tdestoragedevice.cpp @@ -179,11 +179,16 @@ void TDEStorageDevice::internalInitializeLUKSIfNeeded() { } void TDEStorageDevice::cryptSetOperationsUnlockPassword(TQByteArray password) { +#if defined(WITH_CRYPTSETUP) + crypt_memory_lock(NULL, 1); m_cryptDevicePassword = password; +#endif } void TDEStorageDevice::cryptClearOperationsUnlockPassword() { + m_cryptDevicePassword.fill(0); m_cryptDevicePassword.resize(0); + crypt_memory_lock(NULL, 0); } bool TDEStorageDevice::cryptOperationsUnlockPasswordSet() { @@ -195,6 +200,32 @@ bool TDEStorageDevice::cryptOperationsUnlockPasswordSet() { } } +TDELUKSResult::TDELUKSResult TDEStorageDevice::cryptCheckKey(unsigned int keyslot) { +#if defined(WITH_CRYPTSETUP) + int ret; + + if (m_cryptDevice) { + if (keyslot < m_cryptKeySlotCount) { + ret = crypt_activate_by_passphrase(m_cryptDevice, NULL, keyslot, m_cryptDevicePassword.data(), m_cryptDevicePassword.size(), 0); + if (ret < 0) { + return TDELUKSResult::KeyslotOpFailed; + } + else { + return TDELUKSResult::Success; + } + } + else { + return TDELUKSResult::InvalidKeyslot; + } + } + else { + return TDELUKSResult::LUKSNotFound; + } +#else + return TDELUKSResult::LUKSNotSupported; +#endif +} + TDELUKSResult::TDELUKSResult TDEStorageDevice::cryptAddKey(unsigned int keyslot, TQByteArray password) { #if defined(WITH_CRYPTSETUP) int ret; -- cgit v1.2.1