podman
51 строка · 1.3 Кб
1package mkcw2import (4"crypto/rand"5"encoding/hex"6"fmt"7"os"8"github.com/containers/luksy"10)11// CheckLUKSPassphrase checks that the specified LUKS-encrypted file can be13// decrypted using the specified passphrase.14func CheckLUKSPassphrase(path, decryptionPassphrase string) error {15f, err := os.Open(path)16if err != nil {17return err18}19defer f.Close()20v1header, v2headerA, v2headerB, v2json, err := luksy.ReadHeaders(f, luksy.ReadHeaderOptions{})21if err != nil {22return err23}24if v1header != nil {25_, _, _, _, err = v1header.Decrypt(decryptionPassphrase, f)26return err27}28if v2headerA == nil && v2headerB == nil {29return fmt.Errorf("no LUKS headers read from %q", path)30}31if v2headerA != nil {32if _, _, _, _, err = v2headerA.Decrypt(decryptionPassphrase, f, *v2json); err != nil {33return err34}35}36if v2headerB != nil {37if _, _, _, _, err = v2headerB.Decrypt(decryptionPassphrase, f, *v2json); err != nil {38return err39}40}41return nil42}43// GenerateDiskEncryptionPassphrase generates a random disk encryption password45func GenerateDiskEncryptionPassphrase() (string, error) {46randomizedBytes := make([]byte, 32)47if _, err := rand.Read(randomizedBytes); err != nil {48return "", err49}50return hex.EncodeToString(randomizedBytes), nil51}52