mirror of
https://gitlab.com/cryptsetup/cryptsetup.git
synced 2025-12-17 05:40:13 +01:00
Properly support stdin "-" handling for luksAddKey.
This commit is contained in:
Milan Broz
@@ -991,13 +991,15 @@ static int action_luksAddKey(void)
|
|||||||
|
|
||||||
r = crypt_keyslot_add_by_volume_key(cd, opt_key_slot, key, keysize,
|
r = crypt_keyslot_add_by_volume_key(cd, opt_key_slot, key, keysize,
|
||||||
password_new, password_new_size);
|
password_new, password_new_size);
|
||||||
} else if (opt_key_file || opt_new_key_file) {
|
} else if (opt_key_file && !tools_is_stdin(opt_key_file) &&
|
||||||
|
opt_new_key_file && !tools_is_stdin(opt_new_key_file)) {
|
||||||
r = crypt_keyslot_add_by_keyfile_offset(cd, opt_key_slot,
|
r = crypt_keyslot_add_by_keyfile_offset(cd, opt_key_slot,
|
||||||
opt_key_file, opt_keyfile_size, opt_keyfile_offset,
|
opt_key_file, opt_keyfile_size, opt_keyfile_offset,
|
||||||
opt_new_key_file, opt_new_keyfile_size, opt_new_keyfile_offset);
|
opt_new_key_file, opt_new_keyfile_size, opt_new_keyfile_offset);
|
||||||
} else {
|
} else {
|
||||||
r = tools_get_key(_("Enter any existing passphrase: "),
|
r = tools_get_key(_("Enter any existing passphrase: "),
|
||||||
&password, &password_size, 0, 0, NULL,
|
&password, &password_size,
|
||||||
|
opt_keyfile_offset, opt_keyfile_size, opt_key_file,
|
||||||
opt_timeout, _verify_passphrase(0), 0, cd);
|
opt_timeout, _verify_passphrase(0), 0, cd);
|
||||||
|
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
@@ -1011,8 +1013,9 @@ static int action_luksAddKey(void)
|
|||||||
goto out;
|
goto out;
|
||||||
|
|
||||||
r = tools_get_key(_("Enter new passphrase for key slot: "),
|
r = tools_get_key(_("Enter new passphrase for key slot: "),
|
||||||
&password_new, &password_new_size, 0, 0, NULL,
|
&password_new, &password_new_size,
|
||||||
opt_timeout, _verify_passphrase(1), 1, cd);
|
opt_new_keyfile_offset, opt_new_keyfile_size, opt_new_key_file,
|
||||||
|
opt_timeout, _verify_passphrase(1), opt_new_key_file ? 0 : 1, cd);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
goto out;
|
goto out;
|
||||||
|
|
||||||
|
|||||||
@@ -309,29 +309,43 @@ $CRYPTSETUP -q luksClose $DEV_NAME || fail
|
|||||||
|
|
||||||
prepare "[17] AddKey volume key, passphrase and keyfile" wipe
|
prepare "[17] AddKey volume key, passphrase and keyfile" wipe
|
||||||
# masterkey
|
# masterkey
|
||||||
echo $PWD1 | $CRYPTSETUP -q luksFormat $LOOPDEV --master-key-file /dev/zero --key-slot 3 || fail
|
echo $PWD1 | $CRYPTSETUP -q luksFormat -i1 $LOOPDEV --master-key-file /dev/zero --key-slot 3 || fail
|
||||||
|
echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV --test-passphrase || fail
|
||||||
$CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 3: ENABLED" || fail
|
$CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 3: ENABLED" || fail
|
||||||
echo $PWD2 | $CRYPTSETUP luksAddKey $LOOPDEV --master-key-file /dev/zero --key-slot 4 || fail
|
echo $PWD2 | $CRYPTSETUP luksAddKey -i1 $LOOPDEV --master-key-file /dev/zero --key-slot 4 || fail
|
||||||
|
echo $PWD2 | $CRYPTSETUP luksOpen $LOOPDEV --test-passphrase --key-slot 4 || fail
|
||||||
$CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 4: ENABLED" || fail
|
$CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 4: ENABLED" || fail
|
||||||
echo $PWD3 | $CRYPTSETUP luksAddKey $LOOPDEV --master-key-file /dev/null --key-slot 5 2>/dev/null && fail
|
echo $PWD3 | $CRYPTSETUP luksAddKey -i1 $LOOPDEV --master-key-file /dev/null --key-slot 5 2>/dev/null && fail
|
||||||
$CRYPTSETUP luksAddKey $LOOPDEV --master-key-file /dev/zero --key-slot 5 $KEY1 || fail
|
$CRYPTSETUP luksAddKey -i1 $LOOPDEV --master-key-file /dev/zero --key-slot 5 $KEY1 || fail
|
||||||
|
$CRYPTSETUP luksOpen $LOOPDEV --test-passphrase --key-slot 5 -d $KEY1 || fail
|
||||||
$CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 5: ENABLED" || fail
|
$CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 5: ENABLED" || fail
|
||||||
|
|
||||||
|
# special "-" handling
|
||||||
|
$CRYPTSETUP -q luksFormat -i1 $LOOPDEV $KEY1 --key-slot 3 || fail
|
||||||
|
echo $PWD1 | $CRYPTSETUP luksAddKey -i1 $LOOPDEV -d $KEY1 - || fail
|
||||||
|
echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV --test-passphrase 2>/dev/null && fail
|
||||||
|
echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV -d - --test-passphrase || fail
|
||||||
|
echo $PWD1 | $CRYPTSETUP luksAddKey -i1 $LOOPDEV -d - $KEY2 || fail
|
||||||
|
$CRYPTSETUP luksOpen $LOOPDEV -d $KEY2 --test-passphrase || fail
|
||||||
|
|
||||||
# [0]PWD1 [1]PWD2 [2]$KEY1/1 [3]$KEY1 [4]$KEY2
|
# [0]PWD1 [1]PWD2 [2]$KEY1/1 [3]$KEY1 [4]$KEY2
|
||||||
$CRYPTSETUP -q luksFormat $LOOPDEV $KEY1 --key-slot 3 || fail
|
$CRYPTSETUP -q luksFormat -i1 $LOOPDEV $KEY1 --key-slot 3 || fail
|
||||||
$CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 3: ENABLED" || fail
|
$CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 3: ENABLED" || fail
|
||||||
$CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 --key-slot 3 2>/dev/null && fail
|
$CRYPTSETUP luksAddKey $LOOPDEV -i1 -d $KEY1 $KEY2 --key-slot 3 2>/dev/null && fail
|
||||||
# keyfile/keyfile
|
# keyfile/keyfile
|
||||||
$CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 --key-slot 4 || fail
|
$CRYPTSETUP luksAddKey $LOOPDEV -i1 -d $KEY1 $KEY2 --key-slot 4 || fail
|
||||||
|
$CRYPTSETUP luksOpen $LOOPDEV -d $KEY2 --test-passphrase --key-slot 4 || fail
|
||||||
$CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 4: ENABLED" || fail
|
$CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 4: ENABLED" || fail
|
||||||
# passphrase/keyfile
|
# passphrase/keyfile
|
||||||
echo $PWD1 | $CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 --key-slot 0 || fail
|
echo $PWD1 | $CRYPTSETUP luksAddKey -i1 $LOOPDEV -d $KEY1 --key-slot 0 || fail
|
||||||
$CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 0: ENABLED" || fail
|
$CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 0: ENABLED" || fail
|
||||||
|
echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV --test-passphrase --key-slot 0 || fail
|
||||||
# passphrase/passphrase
|
# passphrase/passphrase
|
||||||
echo -e "$PWD1\n$PWD2\n" | $CRYPTSETUP luksAddKey $LOOPDEV --key-slot 1 || fail
|
echo -e "$PWD1\n$PWD2\n" | $CRYPTSETUP luksAddKey -i1 $LOOPDEV --key-slot 1 || fail
|
||||||
|
echo $PWD2 | $CRYPTSETUP luksOpen $LOOPDEV --test-passphrase --key-slot 1 || fail
|
||||||
$CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 1: ENABLED" || fail
|
$CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 1: ENABLED" || fail
|
||||||
# keyfile/passphrase
|
# keyfile/passphrase
|
||||||
echo -e "$PWD2\n" | $CRYPTSETUP luksAddKey $LOOPDEV $KEY1 --key-slot 2 --new-keyfile-size 1 || fail
|
echo -e "$PWD2\n" | $CRYPTSETUP luksAddKey -i1 $LOOPDEV $KEY1 --key-slot 2 --new-keyfile-size 1 || fail
|
||||||
$CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 2: ENABLED" || fail
|
$CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 2: ENABLED" || fail
|
||||||
|
|
||||||
prepare "[18] RemoveKey passphrase and keyfile" reuse
|
prepare "[18] RemoveKey passphrase and keyfile" reuse
|
||||||
|
|||||||
Reference in New Issue
Block a user