Add keyslot option for luksOpen (thanks to okozina).

git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@611 36d66b0a-2a48-0410-832c-cd162a569da5
2025-12-15 12:50:06 +01:00 · 2011-09-22 20:26:37 +00:00
parent 538169fb5b
commit 1a8bae8884
4 changed files with 46 additions and 5 deletions
--- a/3
+++ b/3
@@ -1,3 +1,6 @@
+2011-09-22  Milan Broz  <mbroz@redhat.com>
+	* Support key-slot option for luksOpen (use only explicit keyslot).
+
 2011-08-22  Milan Broz  <mbroz@redhat.com>
 	* Add more paranoid checks for LUKS header and keyslot attributes.
 	* Fix crypt_load to properly check device size.
--- a/man/cryptsetup.8
+++ b/man/cryptsetup.8
@@ -53,7 +53,7 @@ successful verification of the supplied key material
 (either via key file by \-\-key-file, or via prompting).

 \fB<options>\fR can be [\-\-key-file, \-\-keyfile-size, \-\-readonly, \-\-allow-discards,
-\-\-header].
+\-\-header, \-\-key-slot].
 .PP
 \fIluksClose\fR <name>
 .IP
@@ -288,7 +288,7 @@ to show default RNG.
 .B "\-\-key-slot, \-S"
 For LUKS operations that add key material, this options allows you
 to specify which key slot is selected for the new key.
-This option can be used for \fIluksFormat\fR and \fIluksAddKey\fR.
+This option can be used for \fIluksFormat\fR, \fIluksOpen\fR and \fIluksAddKey\fR.
 .TP
 .B "\-\-key-size, \-s"
 set key size in bits.
--- a/src/cryptsetup.c
+++ b/src/cryptsetup.c
@@ -570,11 +570,11 @@ static int action_luksOpen(int arg __attribute__((unused)))
 	if (opt_key_file) {
 		crypt_set_password_retry(cd, 1);
 		r = crypt_activate_by_keyfile(cd, action_argv[1],
-			CRYPT_ANY_SLOT, opt_key_file, opt_keyfile_size,
+			opt_key_slot, opt_key_file, opt_keyfile_size,
 			flags);
 	} else
 		r = crypt_activate_by_passphrase(cd, action_argv[1],
-			CRYPT_ANY_SLOT, NULL, 0, flags);
+			opt_key_slot, NULL, 0, flags);
 out:
 	crypt_free(cd);
 	return r;
--- a/tests/compat-test
+++ b/tests/compat-test
@@ -9,6 +9,7 @@ ORIG_IMG=luks-test-orig
 IMG=luks-test
 KEY1=key1
 KEY2=key2
+KEY5=key5

 LUKS_HEADER="S0-5 S6-7 S8-39 S40-71 S72-103 S104-107 S108-111 R112-131 R132-163 S164-167 S168-207 A0-591"
 KEY_SLOT0="S208-211 S212-215 R216-247 A248-251 A251-255"
@@ -19,6 +20,10 @@ KEY_SLOT1="S256-259 S260-263 R264-295 A296-299 A300-303"
 KEY_MATERIAL1="R69632-133632"
 KEY_MATERIAL1_EXT="S69632-133632"

+KEY_SLOT5="S448-451 S452-455 R456-487 A488-491 A492-495"
+KEY_MATERIAL5="R331776-395264"
+KEY_MATERIAL5_EXT="S331776-395264"
+
 TEST_UUID="12345678-1234-1234-1234-123456789abc"

 LOOPDEV=$(losetup -f 2>/dev/null)
@@ -29,7 +34,7 @@ function remove_mapping()
 	[ -b /dev/mapper/$DEV_NAME2 ] && dmsetup remove $DEV_NAME2
 	[ -b /dev/mapper/$DEV_NAME ] && dmsetup remove $DEV_NAME
 	losetup -d $LOOPDEV >/dev/null 2>&1
-	rm -f $ORIG_IMG $IMG $KEY1 $KEY2 >/dev/null 2>&1
+	rm -f $ORIG_IMG $IMG $KEY1 $KEY2 $KEY5 >/dev/null 2>&1
 }

 function fail()
@@ -78,6 +83,10 @@ function prepare()
 		dd if=/dev/urandom of=$KEY2 count=1 bs=16 >/dev/null 2>&1
 	fi

+	if [ ! -e $KEY5 ]; then
+		dd if=/dev/urandom of=$KEY5 count=1 bs=16 >/dev/null 2>&1
+	fi
+
 	cp $IMG $ORIG_IMG
 	[ -n "$1" ] && echo "CASE: $1"
 }
@@ -118,6 +127,7 @@ function valgrind_run()

 # LUKS tests

+
 prepare	"[1] open - compat image - acceptance check" new
 echo "compatkey" | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME || fail
 check_exists
@@ -406,5 +416,33 @@ echo "xxx" | $CRYPTSETUP luksResume $DEV_NAME -T 1 2>/dev/null && fail
 echo "key0" | $CRYPTSETUP luksResume $DEV_NAME  || fail
 $CRYPTSETUP -q luksClose $DEV_NAME || fail

+prepare "[27] luksOpen with specified key slot number" wipe
+# first, let's try passphrase option
+echo "key5" | $CRYPTSETUP luksFormat -S 5 $LOOPDEV || fail
+check $LUKS_HEADER $KEY_SLOT5 $KEY_MATERIAL5
+echo "key5" | $CRYPTSETUP luksOpen -S 4 $LOOPDEV $DEV_NAME && fail
+[ -b /dev/mapper/$DEV_NAME ] && fail
+echo "key5" | $CRYPTSETUP luksOpen -S 5 $LOOPDEV $DEV_NAME || fail
+check_exists
+$CRYPTSETUP luksClose $DEV_NAME || fail
+echo -e "key5\nkey0" | $CRYPTSETUP luksAddKey -S 0 $LOOPDEV || fail
+check $LUKS_HEADER $KEY_SLOT0 $KEY_MATERIAL0
+echo "key5" | $CRYPTSETUP luksOpen -S 0 $LOOPDEV $DEV_NAME && fail
+[ -b /dev/mapper/$DEV_NAME ] && fail
+echo "key0" | $CRYPTSETUP luksOpen -S 5 $LOOPDEV $DEV_NAME && fail
+[ -b /dev/mapper/$DEV_NAME ] && fail
+# second, try it with keyfiles
+$CRYPTSETUP luksFormat -q -S 5 -d $KEY5 $LOOPDEV || fail
+check $LUKS_HEADER $KEY_SLOT5 $KEY_MATERIAL5
+$CRYPTSETUP luksAddKey -S 1 -d $KEY5 $LOOPDEV $KEY1 || fail
+check $LUKS_HEADER $KEY_SLOT1 $KEY_MATERIAL1
+$CRYPTSETUP luksOpen -S 5 -d $KEY5 $LOOPDEV $DEV_NAME || fail
+check_exists
+$CRYPTSETUP luksClose $DEV_NAME || fail
+$CRYPTSETUP luksOpen -S 1 -d $KEY5 $LOOPDEV $DEV_NAME && fail
+[ -b /dev/mapper/$DEV_NAME ] && fail
+$CRYPTSETUP luksOpen -S 5 -d $KEY1 $LOOPDEV $DEV_NAME && fail
+[ -b /dev/mapper/$DEV_NAME ] && fail
+
 remove_mapping
 exit 0