Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
/**
* Use cryptsetup to initialise the luks container.
* It will not be opened (decrypted) yet, but it does check if the container
* seems usable.
*/
static int container_initialise
(
struct crypt_device **cd, /* struct to store crypt device context */
const char *path /* path to the encrypted container */
)
{
// Let LUKS initialise the encrypted device.
int r = crypt_init(cd, path);
if (r < 0)
{
printf("crypt_init() failed for %s.\n", path);
printf("status: %d.\n", r);
return r;
}
// Load the LUKS header from the block device into the crypt device context.
r = crypt_load
(
*cd, /* crypt device context */
CRYPT_LUKS1, /* requested encryption type */
NULL /* additional parameters (not used) */
);
if (r < 0)
{
printf("crypt_load() failed on device %s.\n",
crypt_get_device_name(*cd));
}
return r;
}
/**
* Use cryptsetup to unlock the luks container.
* This will create `/dev/mapper/$device_name`.
*/
static int encryption_unlock
(
const char *path, /* path to the encrypted container */
const char *device_name, /* name of the mapping */
const char *password /* encryption password of the container */
)
{
// Let LUKS initialise the encrypted device.
struct crypt_device *cd;
int r = container_initialise(&cd, path);
if (r < 0)
{
printf("crypt_load() failed on device %s.\n",
crypt_get_device_name(cd));
crypt_free(cd);
return r;
}
// Device activation creates device-mapper devie mapping with namei
// device_name.
r = crypt_activate_by_passphrase
(
cd, /* crypt context */
device_name, /* device name to activate */
CRYPT_ANY_SLOT, /* which slot use (ANY - try all) */
password, strlen(password), /* passphrase */
CRYPT_ACTIVATE_READONLY /* flags */
);
if (r < 0)
{
printf("Device %s activation failed.\n", device_name);
crypt_free(cd);
return r;
}
printf("LUKS device %s/%s is active.\n", crypt_get_dir(), device_name);
printf("\tcipher used: %s\n", crypt_get_cipher(cd));
printf("\tcipher mode: %s\n", crypt_get_cipher_mode(cd));
printf("\tdevice UUID: %s\n", crypt_get_uuid(cd));
crypt_free(cd);
return 0;
}