diff --git a/lib/luks1/keymanage.c b/lib/luks1/keymanage.c index 841ccee9..8eb666e8 100644 --- a/lib/luks1/keymanage.c +++ b/lib/luks1/keymanage.c @@ -1061,7 +1061,6 @@ int LUKS_open_key_with_hdr(int keyIndex, return r; } /* Warning, early returns above */ - log_err(ctx, _("No key available with this passphrase.\n")); return -EPERM; } diff --git a/src/cryptsetup.c b/src/cryptsetup.c index aa8a7ae6..20bd0670 100644 --- a/src/cryptsetup.c +++ b/src/cryptsetup.c @@ -518,7 +518,7 @@ static int action_resize(void) goto out; r = crypt_activate_by_passphrase(cd, NULL, opt_key_slot, password, passwordLen, CRYPT_ACTIVATE_KEYRING_KEY); - + tools_passphrase_msg(r); crypt_safe_free(password); } } @@ -1132,8 +1132,8 @@ static int action_open_luks(void) r = crypt_activate_by_passphrase(cd, activated_name, opt_key_slot, password, passwordLen, activate_flags); + tools_passphrase_msg(r); check_signal(&r); - crypt_safe_free(password); password = NULL; } while ((r == -EPERM || r == -ERANGE) && (--tries > 0)); @@ -1197,9 +1197,7 @@ static int verify_keyslot(struct crypt_device *cd, int key_slot, /* Handle inactive keyslots the same as bad password here */ if (r == -ENOENT) r = -EPERM; - - if (r == -EPERM) - log_err(_("No key available with this passphrase.\n")); + tools_passphrase_msg(r); out: crypt_safe_free(password); return r; @@ -1278,6 +1276,7 @@ static int action_luksRemoveKey(void) r = crypt_activate_by_passphrase(cd, NULL, CRYPT_ANY_SLOT, password, passwordLen, 0); + tools_passphrase_msg(r); check_signal(&r); if (r < 0) goto out; @@ -1353,6 +1352,7 @@ static int action_luksAddKey(void) r = crypt_keyslot_add_by_keyfile_device_offset(cd, opt_key_slot, opt_key_file, opt_keyfile_size, opt_keyfile_offset, opt_new_key_file, opt_new_keyfile_size, opt_new_keyfile_offset); + tools_passphrase_msg(r); } else { r = tools_get_key(_("Enter any existing passphrase: "), &password, &password_size, @@ -1366,6 +1366,7 @@ static int action_luksAddKey(void) r = crypt_activate_by_passphrase(cd, NULL, CRYPT_ANY_SLOT, password, password_size, 0); check_signal(&r); + tools_passphrase_msg(r); if (r < 0) goto out; @@ -1422,6 +1423,7 @@ static int action_luksChangeKey(void) /* Check password before asking for new one */ r = crypt_activate_by_passphrase(cd, NULL, opt_key_slot, password, password_size, 0); + tools_passphrase_msg(r); check_signal(&r); if (r < 0) goto out; @@ -1471,6 +1473,7 @@ static int action_luksConvertKey(void) r = crypt_keyslot_change_by_passphrase(cd, opt_key_slot, opt_key_slot, password, password_size, password, password_size); + tools_passphrase_msg(r); out: crypt_safe_free(password); crypt_free(cd); @@ -1553,6 +1556,7 @@ static int luksDump_with_volume_key(struct crypt_device *cd) r = crypt_volume_key_get(cd, CRYPT_ANY_SLOT, vk, &vk_size, password, passwordLen); + tools_passphrase_msg(r); check_signal(&r); if (r < 0) goto out; @@ -1634,6 +1638,7 @@ static int action_luksResume(void) r = crypt_resume_by_passphrase(cd, action_argv[0], CRYPT_ANY_SLOT, password, passwordLen); + tools_passphrase_msg(r); check_signal(&r); crypt_safe_free(password); diff --git a/src/cryptsetup.h b/src/cryptsetup.h index d940b089..718b5083 100644 --- a/src/cryptsetup.h +++ b/src/cryptsetup.h @@ -87,6 +87,7 @@ int tools_get_key(const char *prompt, const char *key_file, int timeout, int verify, int pwquality, struct crypt_device *cd); +void tools_passphrase_msg(int r); int tools_is_stdin(const char *key_file); int tools_string_to_size(struct crypt_device *cd, const char *s, uint64_t *size); int tools_is_cipher_null(const char *cipher); diff --git a/src/cryptsetup_reencrypt.c b/src/cryptsetup_reencrypt.c index 07afbba2..e2f484db 100644 --- a/src/cryptsetup_reencrypt.c +++ b/src/cryptsetup_reencrypt.c @@ -1224,7 +1224,7 @@ static int init_passphrase1(struct reenc_ctx *rc, struct crypt_device *cd, rc->p[r].passwordLen = passwordLen; break; } - log_err(_("No key available with this passphrase.\n")); + tools_passphrase_msg(r); } password = NULL; @@ -1260,8 +1260,7 @@ static int init_keyfile(struct reenc_ctx *rc, struct crypt_device *cd, int slot_ if (r < 0) { crypt_safe_free(password); - if (r == -EPERM) - log_err(_("No key available with this passphrase.\n")); + tools_passphrase_msg(r); } else { rc->keyslot = r; rc->p[r].password = password; diff --git a/src/utils_password.c b/src/utils_password.c index c7a08c3d..09ccc898 100644 --- a/src/utils_password.c +++ b/src/utils_password.c @@ -297,3 +297,9 @@ int tools_get_key(const char *prompt, return r; } + +void tools_passphrase_msg(int r) +{ + if (r == -EPERM) + log_err(_("No key available with this passphrase.\n")); +} diff --git a/tests/compat-test b/tests/compat-test index a0d99a00..67ac6ba9 100755 --- a/tests/compat-test +++ b/tests/compat-test @@ -639,9 +639,9 @@ check_exists $CRYPTSETUP luksClose $DEV_NAME || fail echo -e "$PWD3\n$PWD1" | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT -S 0 $LOOPDEV || fail check $LUKS_HEADER $KEY_SLOT0 $KEY_MATERIAL0 -echo $PWD3 | $CRYPTSETUP luksOpen -S 0 $LOOPDEV $DEV_NAME && fail +echo $PWD3 | $CRYPTSETUP luksOpen -S 0 $LOOPDEV $DEV_NAME 2>/dev/null && fail [ -b /dev/mapper/$DEV_NAME ] && fail -echo $PWD1 | $CRYPTSETUP luksOpen -S 5 $LOOPDEV $DEV_NAME && fail +echo $PWD1 | $CRYPTSETUP luksOpen -S 5 $LOOPDEV $DEV_NAME 2>/dev/null && fail [ -b /dev/mapper/$DEV_NAME ] && fail # second, try it with keyfiles $CRYPTSETUP luksFormat -q -S 5 -d $KEY5 $LOOPDEV || fail @@ -651,9 +651,9 @@ check $LUKS_HEADER $KEY_SLOT1 $KEY_MATERIAL1 $CRYPTSETUP luksOpen -S 5 -d $KEY5 $LOOPDEV $DEV_NAME || fail check_exists $CRYPTSETUP luksClose $DEV_NAME || fail -$CRYPTSETUP luksOpen -S 1 -d $KEY5 $LOOPDEV $DEV_NAME && fail +$CRYPTSETUP luksOpen -S 1 -d $KEY5 $LOOPDEV $DEV_NAME 2>/dev/null && fail [ -b /dev/mapper/$DEV_NAME ] && fail -$CRYPTSETUP luksOpen -S 5 -d $KEY1 $LOOPDEV $DEV_NAME && fail +$CRYPTSETUP luksOpen -S 5 -d $KEY1 $LOOPDEV $DEV_NAME 2>/dev/null && fail [ -b /dev/mapper/$DEV_NAME ] && fail prepare "[28] Detached LUKS header" wipe diff --git a/tests/compat-test2 b/tests/compat-test2 index 55e35425..ba06aa25 100755 --- a/tests/compat-test2 +++ b/tests/compat-test2 @@ -367,7 +367,7 @@ echo "badpw" | $CRYPTSETUP luksKillSlot $LOOPDEV 2 --key-file=- 2>/dev/null && f echo "badpw" | $CRYPTSETUP luksKillSlot $LOOPDEV 2 --key-file=- -q 2>/dev/null && fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "2: luks2" || fail # kill slot using passphrase from 1 -echo $PWD2 | $CRYPTSETUP luksKillSlot $LOOPDEV 2 || fail +echo $PWD2 | $CRYPTSETUP luksKillSlot $LOOPDEV 2 2>/dev/null || fail #XXX $CRYPTSETUP luksDump $LOOPDEV | grep -q "2: luks2" && fail # remove key0 / slot 0 echo $PWD1 | $CRYPTSETUP luksRemoveKey $LOOPDEV || fail @@ -556,9 +556,9 @@ echo $PWD3 | $CRYPTSETUP luksOpen -S 5 $LOOPDEV $DEV_NAME || fail check_exists $CRYPTSETUP luksClose $DEV_NAME || fail echo -e "$PWD3\n$PWD1" | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT -S 0 $LOOPDEV || fail -echo $PWD3 | $CRYPTSETUP luksOpen -S 0 $LOOPDEV $DEV_NAME && fail +echo $PWD3 | $CRYPTSETUP luksOpen -S 0 $LOOPDEV $DEV_NAME 2>/dev/null && fail [ -b /dev/mapper/$DEV_NAME ] && fail -echo $PWD1 | $CRYPTSETUP luksOpen -S 5 $LOOPDEV $DEV_NAME && fail +echo $PWD1 | $CRYPTSETUP luksOpen -S 5 $LOOPDEV $DEV_NAME 2>/dev/null && fail [ -b /dev/mapper/$DEV_NAME ] && fail # second, try it with keyfiles $CRYPTSETUP luksFormat -q -S 5 $FAST_PBKDF_OPT -d $KEY5 --type luks2 $LOOPDEV || fail @@ -566,9 +566,9 @@ $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT -S 1 -d $KEY5 $LOOPDEV $KEY1 || fail $CRYPTSETUP luksOpen -S 5 -d $KEY5 $LOOPDEV $DEV_NAME || fail check_exists $CRYPTSETUP luksClose $DEV_NAME || fail -$CRYPTSETUP luksOpen -S 1 -d $KEY5 $LOOPDEV $DEV_NAME && fail +$CRYPTSETUP luksOpen -S 1 -d $KEY5 $LOOPDEV $DEV_NAME 2>/dev/null && fail [ -b /dev/mapper/$DEV_NAME ] && fail -$CRYPTSETUP luksOpen -S 5 -d $KEY1 $LOOPDEV $DEV_NAME && fail +$CRYPTSETUP luksOpen -S 5 -d $KEY1 $LOOPDEV $DEV_NAME 2>/dev/null && fail [ -b /dev/mapper/$DEV_NAME ] && fail # test keyslot not assigned to segment is unable to unlock volume # otoh it should be allowed to test for proper passphrase @@ -578,7 +578,7 @@ echo $PWD1 | $CRYPTSETUP open -S1 $HEADER_KEYU $DEV_NAME && fail [ -b /dev/mapper/$DEV_NAME ] && fail echo $PWD1 | $CRYPTSETUP open $HEADER_KEYU $DEV_NAME && fail [ -b /dev/mapper/$DEV_NAME ] && fail -echo $PWD0 | $CRYPTSETUP open -S1 --test-passphrase $HEADER_KEYU $DEV_NAME && fail +echo $PWD0 | $CRYPTSETUP open -S1 --test-passphrase $HEADER_KEYU $DEV_NAME 2>/dev/null && fail $CRYPTSETUP luksKillSlot -q $HEADER_KEYU 0 $CRYPTSETUP luksDump $HEADER_KEYU | grep -q "0: luks2" && fail echo $PWD1 | $CRYPTSETUP open -S1 --test-passphrase $HEADER_KEYU || fail @@ -689,7 +689,7 @@ if [ $HAVE_KEYRING -gt 0 ]; then $CRYPTSETUP open --token-only $LOOPDEV --test-passphrase && fail # wrong passphrase load_key user $TEST_TOKEN0 "blabla" "$TEST_KEYRING" || fail "Cannot load 32 byte user key type" - $CRYPTSETUP open --token-only $LOOPDEV --test-passphrase && fail + $CRYPTSETUP open --token-only $LOOPDEV --test-passphrase 2>/dev/null && fail load_key user $TEST_TOKEN0 $PWD1 "$TEST_KEYRING" || fail "Cannot load 32 byte user key type" $CRYPTSETUP open --token-only $LOOPDEV --test-passphrase || fail $CRYPTSETUP open --token-only $LOOPDEV $DEV_NAME || fail @@ -710,13 +710,13 @@ echo -e "$PWD1\n$PWD2" | $CRYPTSETUP luksAddKey $LOOPDEV $FAST_PBKDF_OPT -S 5 || $CRYPTSETUP config $LOOPDEV -S 0 --priority prefer && fail $CRYPTSETUP config $LOOPDEV -S 1 --priority bla >/dev/null 2>&1 && fail $CRYPTSETUP config $LOOPDEV -S 1 --priority ignore || fail -echo $PWD1 | $CRYPTSETUP open $LOOPDEV --test-passphrase && fail +echo $PWD1 | $CRYPTSETUP open $LOOPDEV --test-passphrase 2>/dev/null && fail echo $PWD1 | $CRYPTSETUP open $LOOPDEV --test-passphrase -S 1 || fail echo $PWD2 | $CRYPTSETUP open $LOOPDEV --test-passphrase || fail $CRYPTSETUP config $LOOPDEV -S 1 --priority normal || fail echo $PWD1 | $CRYPTSETUP open $LOOPDEV --test-passphrase || fail $CRYPTSETUP config $LOOPDEV -S 1 --priority ignore || fail -echo $PWD1 | $CRYPTSETUP open $LOOPDEV --test-passphrase && fail +echo $PWD1 | $CRYPTSETUP open $LOOPDEV --test-passphrase 2>/dev/null && fail prepare "[35] LUKS label and subsystem" wipe echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV || fail