fvault2: fix --test-passphrase option

lib/fvault2/fvault2.c

@@ -289,7 +289,7 @@ static int _unwrap_key(
 
 	/* check whether MSB_{64}(S) (= A) matches ICV1 (see step 3) */
 	if (a != 0xA6A6A6A6A6A6A6A6) {
-		r = -EINVAL;
+		r = -EPERM;
 		goto out;
 	}
 

src/cryptsetup.c

@@ -3021,8 +3021,9 @@ static const char * verify_open(void)
 		return _("Large IV sectors option is supported only for opening plain type device with sector size larger than 512 bytes.");
 
 	if (ARG_SET(OPT_TEST_PASSPHRASE_ID) && (!device_type ||
-	    (strncmp(device_type, "luks", 4) && strcmp(device_type, "tcrypt") && strcmp(device_type, "bitlk"))))
-		return _("Option --test-passphrase is allowed only for open of LUKS, TCRYPT and BITLK devices.");
+	    (strncmp(device_type, "luks", 4) && strcmp(device_type, "tcrypt") &&
+	     strcmp(device_type, "bitlk") && strcmp(device_type, "fvault2"))))
+		return _("Option --test-passphrase is allowed only for open of LUKS, TCRYPT, BITLK and FVAULT2 devices.");
 
 	if (ARG_SET(OPT_DEVICE_SIZE_ID) && ARG_SET(OPT_SIZE_ID))
 		return _("Options --device-size and --size cannot be combined.");

tests/fvault2-compat-test

@@ -114,6 +114,7 @@ check_dump "$dump" 'PBKDF2 iterations' 204222
 check_dump "$dump" 'PBKDF2 salt' '2c 24 9e db 66 63 d6 fb cc 79 05 b7 a4 d7 27 52'
 dump=$(produce_dump_key $IMG heslo123)
 check_dump "$dump" 'Volume key' '20 73 4d 33 89 21 27 74 d7 61 0c 29 d7 32 88 09 16 f3 be 14 c4 b1 2a c7 aa f0 7e 5c cc 77 b3 19'
+echo $PWD | $CRYPTSETUP open --type fvault2 --test-passphrase $IMG || fail
 echo " [OK]"
 
 if [ $(id -u) != 0 ]; then