eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-05 16:00:05 +01:00
Code Issues Packages Projects Releases Wiki Activity

bitlk: Try all keyslots even if some checks fails for passphrase

Browse Source 
We can't easily distinguish between a passphrase and other
protectors like recovery passphrase or startup key during
activation so we can't stop when attempted passphrase activation
fails because a binary startup key can't be conveted to UTF-16
during KDF.
This commit is contained in:
Vojtech Trefny
2020-09-17 15:56:52 +02:00
committed by Milan Broz
parent c65cd4eb74
commit 7d5025a865
1 changed files with 10 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
lib/bitlk/bitlk.c
View File

@@ -1000,12 +1000,18 @@ int BITLK_activate(struct crypt_device *cd,
while (next_vmk) {
if (next_vmk->protection == BITLK_PROTECTION_PASSPHRASE) {
r = bitlk_kdf(cd, password, passwordLen, false, next_vmk->salt, &vmk_dec_key);
if (r)
return r;
if (r) {
/* something wrong happend, but we still want to check other key slots */
next_vmk = next_vmk->next;
continue;
}
} else if (next_vmk->protection == BITLK_PROTECTION_RECOVERY_PASSPHRASE) {
r = get_recovery_key(cd, password, passwordLen, &recovery_key);
if (r)
return r;
if (r) {
/* something wrong happend, but we still want to check other key slots */
next_vmk = next_vmk->next;
continue;
}
if (recovery_key == NULL) {
/* r = 0 but no key -> given passphrase is not a recovery passphrase */
r = -EPERM;