podman
51 строка · 1.3 Кб
1package mkcw
2
3import (
4"crypto/rand"
5"encoding/hex"
6"fmt"
7"os"
8
9"github.com/containers/luksy"
10)
11
12// CheckLUKSPassphrase checks that the specified LUKS-encrypted file can be
13// decrypted using the specified passphrase.
14func CheckLUKSPassphrase(path, decryptionPassphrase string) error {
15f, err := os.Open(path)
16if err != nil {
17return err
18}
19defer f.Close()
20v1header, v2headerA, v2headerB, v2json, err := luksy.ReadHeaders(f, luksy.ReadHeaderOptions{})
21if err != nil {
22return err
23}
24if v1header != nil {
25_, _, _, _, err = v1header.Decrypt(decryptionPassphrase, f)
26return err
27}
28if v2headerA == nil && v2headerB == nil {
29return fmt.Errorf("no LUKS headers read from %q", path)
30}
31if v2headerA != nil {
32if _, _, _, _, err = v2headerA.Decrypt(decryptionPassphrase, f, *v2json); err != nil {
33return err
34}
35}
36if v2headerB != nil {
37if _, _, _, _, err = v2headerB.Decrypt(decryptionPassphrase, f, *v2json); err != nil {
38return err
39}
40}
41return nil
42}
43
44// GenerateDiskEncryptionPassphrase generates a random disk encryption password
45func GenerateDiskEncryptionPassphrase() (string, error) {
46randomizedBytes := make([]byte, 32)
47if _, err := rand.Read(randomizedBytes); err != nil {
48return "", err
49}
50return hex.EncodeToString(randomizedBytes), nil
51}
52