eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-16 21:29:59 +01:00
Code Issues Packages Projects Releases Wiki Activity

Return back password retry support for luksOpen.

Browse Source 
Also add interactive test using expect utility.
This commit is contained in:
Milan Broz
2017-06-27 15:49:04 +02:00
parent 86f327d0f5
commit 5171f65c05
3 changed files with 44 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.travis-functions.sh
View File

@@ -75,6 +75,7 @@ function travis_install_script
pkg-config \ pkg-config \
autopoint \ autopoint \
gettext \ gettext \
expect
|| return || return
} }

37
src/cryptsetup.c
View File

@@ -813,7 +813,7 @@ static int action_open_luks(void)
const char *data_device, *header_device, *activated_name; const char *data_device, *header_device, *activated_name;
char *key = NULL; char *key = NULL;
uint32_t activate_flags = 0; uint32_t activate_flags = 0;
int r, keysize; int r, keysize, tries;
char *password = NULL; char *password = NULL;
size_t passwordLen; size_t passwordLen;
@@ -850,14 +850,17 @@ static int action_open_luks(void)
r = crypt_activate_by_volume_key(cd, activated_name, r = crypt_activate_by_volume_key(cd, activated_name,
key, keysize, activate_flags); key, keysize, activate_flags);
} else { } else {
r = tools_get_key(NULL, &password, &passwordLen, tries = (opt_key_file && !tools_is_stdin(opt_key_file)) ? 1 : opt_tries;
opt_keyfile_offset, opt_keyfile_size, opt_key_file, do {
opt_timeout, _verify_passphrase(0), 0, cd); r = tools_get_key(NULL, &password, &passwordLen,
if (r < 0) opt_keyfile_offset, opt_keyfile_size, opt_key_file,
goto out; opt_timeout, _verify_passphrase(0), 0, cd);
if (r < 0)
goto out;
r = crypt_activate_by_passphrase(cd, activated_name, r = crypt_activate_by_passphrase(cd, activated_name,
opt_key_slot, password, passwordLen, activate_flags); opt_key_slot, password, passwordLen, activate_flags);
} while ((r == -EPERM || r == -EINVAL || r == -ERANGE) && (--tries > 0));
} }
out: out:
crypt_safe_free(key); crypt_safe_free(key);
@@ -1286,7 +1289,7 @@ static int action_luksResume(void)
struct crypt_device *cd = NULL; struct crypt_device *cd = NULL;
char *password = NULL; char *password = NULL;
size_t passwordLen; size_t passwordLen;
int r; int r, tries;
if ((r = crypt_init_by_name_and_header(&cd, action_argv[0], uuid_or_device(opt_header_device)))) if ((r = crypt_init_by_name_and_header(&cd, action_argv[0], uuid_or_device(opt_header_device))))
goto out; goto out;
@@ -1294,13 +1297,17 @@ static int action_luksResume(void)
if ((r = crypt_load(cd, CRYPT_LUKS1, NULL))) if ((r = crypt_load(cd, CRYPT_LUKS1, NULL)))
goto out; goto out;
r = tools_get_key(NULL, &password, &passwordLen, tries = (opt_key_file && !tools_is_stdin(opt_key_file)) ? 1 : opt_tries;
opt_keyfile_offset, opt_keyfile_size, opt_key_file, do {
opt_timeout, _verify_passphrase(0), 0, cd); r = tools_get_key(NULL, &password, &passwordLen,
if (r) opt_keyfile_offset, opt_keyfile_size, opt_key_file,
goto out; opt_timeout, _verify_passphrase(0), 0, cd);
if (r)
goto out;
r = crypt_resume_by_passphrase(cd, action_argv[0], CRYPT_ANY_SLOT, password, passwordLen); r = crypt_resume_by_passphrase(cd, action_argv[0], CRYPT_ANY_SLOT,
password, passwordLen);
} while ((r == -EPERM || r == -EINVAL || r == -ERANGE) && (--tries > 0));
out: out:
crypt_safe_free(password); crypt_safe_free(password);
crypt_free(cd); crypt_free(cd);

25
tests/compat-test
View File

@@ -43,9 +43,9 @@ LOOPDEV=$(losetup -f 2>/dev/null)
function remove_mapping() function remove_mapping()
{ {
[ -b /dev/mapper/$DEV_NAME3 ] && dmsetup remove $DEV_NAME3 [ -b /dev/mapper/$DEV_NAME3 ] && dmsetup remove $DEV_NAME3 >/dev/null 2>&1
[ -b /dev/mapper/$DEV_NAME2 ] && dmsetup remove $DEV_NAME2 [ -b /dev/mapper/$DEV_NAME2 ] && dmsetup remove $DEV_NAME2 >/dev/null 2>&1
[ -b /dev/mapper/$DEV_NAME ] && dmsetup remove $DEV_NAME [ -b /dev/mapper/$DEV_NAME ] && dmsetup remove $DEV_NAME >/dev/null 2>&1
losetup -d $LOOPDEV >/dev/null 2>&1 losetup -d $LOOPDEV >/dev/null 2>&1
rm -f $ORIG_IMG $IMG $IMG10 $KEY1 $KEY2 $KEY5 $KEYE $HEADER_IMG >/dev/null 2>&1 rm -f $ORIG_IMG $IMG $IMG10 $KEY1 $KEY2 $KEY5 $KEYE $HEADER_IMG >/dev/null 2>&1
} }
@@ -79,7 +79,7 @@ function skip()
function prepare() function prepare()
{ {
[ -b /dev/mapper/$DEV_NAME ] && dmsetup remove $DEV_NAME [ -b /dev/mapper/$DEV_NAME ] && dmsetup remove $DEV_NAME >/dev/null 2>&1
case "$2" in case "$2" in
wipe) wipe)
@@ -611,5 +611,22 @@ else
$CRYPTSETUP close $DEV_NAME >/dev/null 2>&1 $CRYPTSETUP close $DEV_NAME >/dev/null 2>&1
fi fi
prepare "[32] Interactive password retry from terminal." new
which expect >/dev/null 2>&1 || skip "WARNING: expect tool missing, interactive test will be skipped."
expect - >/dev/null 2>&1 <<EOF
set timeout 30
eval spawn $CRYPTSETUP luksOpen -v -T 2 $LOOPDEV $DEV_NAME
expect "Enter passphrase"
send "$PWD0x\n"
expect "No key available with this passphrase."
expect "Enter passphrase"
send "$PWD0\n"
expect "Key slot 0 unlocked."
expect eof
exit
EOF
check_exists
$CRYPTSETUP -q luksClose $DEV_NAME || fail
remove_mapping remove_mapping
exit 0 exit 0