File: luks.go

package info (click to toggle)
golang-github-containers-buildah 1.39.3%2Bds1-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 7,724 kB
  • sloc: sh: 2,398; makefile: 236; perl: 187; asm: 16; awk: 12; ansic: 1
file content (51 lines) | stat: -rw-r--r-- 1,281 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
 
package mkcw

import (
	"crypto/rand"
	"encoding/hex"
	"fmt"
	"os"

	"github.com/containers/luksy"
)

// CheckLUKSPassphrase checks that the specified LUKS-encrypted file can be
// decrypted using the specified passphrase.
func CheckLUKSPassphrase(path, decryptionPassphrase string) error {
	f, err := os.Open(path)
	if err != nil {
		return err
	}
	defer f.Close()
	v1header, v2headerA, v2headerB, v2json, err := luksy.ReadHeaders(f, luksy.ReadHeaderOptions{})
	if err != nil {
		return err
	}
	if v1header != nil {
		_, _, _, _, err = v1header.Decrypt(decryptionPassphrase, f)
		return err
	}
	if v2headerA == nil && v2headerB == nil {
		return fmt.Errorf("no LUKS headers read from %q", path)
	}
	if v2headerA != nil {
		if _, _, _, _, err = v2headerA.Decrypt(decryptionPassphrase, f, *v2json); err != nil {
			return err
		}
	}
	if v2headerB != nil {
		if _, _, _, _, err = v2headerB.Decrypt(decryptionPassphrase, f, *v2json); err != nil {
			return err
		}
	}
	return nil
}

// GenerateDiskEncryptionPassphrase generates a random disk encryption password
func GenerateDiskEncryptionPassphrase() (string, error) {
	randomizedBytes := make([]byte, 32)
	if _, err := rand.Read(randomizedBytes); err != nil {
		return "", err
	}
	return hex.EncodeToString(randomizedBytes), nil
}