eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-14 20:30:04 +01:00
Code Issues Packages Projects Releases Wiki Activity

Remove no passphrase error message from library.

Browse Source 
And move it to tools.

This will unify LUKS1/2 error messages.
This commit is contained in:
Milan Broz
2018-03-25 14:14:37 +02:00
parent 610c7858d6
commit af0887fb48
7 changed files with 32 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
lib/luks1/keymanage.c
View File

@@ -1061,7 +1061,6 @@ int LUKS_open_key_with_hdr(int keyIndex,
return r; return r;
} }
/* Warning, early returns above */ /* Warning, early returns above */
log_err(ctx, _("No key available with this passphrase.\n"));
return -EPERM; return -EPERM;
} }

15
src/cryptsetup.c
View File

@@ -518,7 +518,7 @@ static int action_resize(void)
goto out; goto out;
r = crypt_activate_by_passphrase(cd, NULL, opt_key_slot, password, passwordLen, CRYPT_ACTIVATE_KEYRING_KEY); r = crypt_activate_by_passphrase(cd, NULL, opt_key_slot, password, passwordLen, CRYPT_ACTIVATE_KEYRING_KEY);
tools_passphrase_msg(r);
crypt_safe_free(password); crypt_safe_free(password);
} }
} }
@@ -1132,8 +1132,8 @@ static int action_open_luks(void)
r = crypt_activate_by_passphrase(cd, activated_name, r = crypt_activate_by_passphrase(cd, activated_name,
opt_key_slot, password, passwordLen, activate_flags); opt_key_slot, password, passwordLen, activate_flags);
tools_passphrase_msg(r);
check_signal(&r); check_signal(&r);
crypt_safe_free(password); crypt_safe_free(password);
password = NULL; password = NULL;
} while ((r == -EPERM || r == -ERANGE) && (--tries > 0)); } while ((r == -EPERM || r == -ERANGE) && (--tries > 0));
@@ -1197,9 +1197,7 @@ static int verify_keyslot(struct crypt_device *cd, int key_slot,
/* Handle inactive keyslots the same as bad password here */ /* Handle inactive keyslots the same as bad password here */
if (r == -ENOENT) if (r == -ENOENT)
r = -EPERM; r = -EPERM;
tools_passphrase_msg(r);
if (r == -EPERM)
log_err(_("No key available with this passphrase.\n"));
out: out:
crypt_safe_free(password); crypt_safe_free(password);
return r; return r;
@@ -1278,6 +1276,7 @@ static int action_luksRemoveKey(void)
r = crypt_activate_by_passphrase(cd, NULL, CRYPT_ANY_SLOT, r = crypt_activate_by_passphrase(cd, NULL, CRYPT_ANY_SLOT,
password, passwordLen, 0); password, passwordLen, 0);
tools_passphrase_msg(r);
check_signal(&r); check_signal(&r);
if (r < 0) if (r < 0)
goto out; goto out;
@@ -1353,6 +1352,7 @@ static int action_luksAddKey(void)
r = crypt_keyslot_add_by_keyfile_device_offset(cd, opt_key_slot, r = crypt_keyslot_add_by_keyfile_device_offset(cd, opt_key_slot,
opt_key_file, opt_keyfile_size, opt_keyfile_offset, opt_key_file, opt_keyfile_size, opt_keyfile_offset,
opt_new_key_file, opt_new_keyfile_size, opt_new_keyfile_offset); opt_new_key_file, opt_new_keyfile_size, opt_new_keyfile_offset);
tools_passphrase_msg(r);
} else { } else {
r = tools_get_key(_("Enter any existing passphrase: "), r = tools_get_key(_("Enter any existing passphrase: "),
&password, &password_size, &password, &password_size,
@@ -1366,6 +1366,7 @@ static int action_luksAddKey(void)
r = crypt_activate_by_passphrase(cd, NULL, CRYPT_ANY_SLOT, r = crypt_activate_by_passphrase(cd, NULL, CRYPT_ANY_SLOT,
password, password_size, 0); password, password_size, 0);
check_signal(&r); check_signal(&r);
tools_passphrase_msg(r);
if (r < 0) if (r < 0)
goto out; goto out;
@@ -1422,6 +1423,7 @@ static int action_luksChangeKey(void)
/* Check password before asking for new one */ /* Check password before asking for new one */
r = crypt_activate_by_passphrase(cd, NULL, opt_key_slot, r = crypt_activate_by_passphrase(cd, NULL, opt_key_slot,
password, password_size, 0); password, password_size, 0);
tools_passphrase_msg(r);
check_signal(&r); check_signal(&r);
if (r < 0) if (r < 0)
goto out; goto out;
@@ -1471,6 +1473,7 @@ static int action_luksConvertKey(void)
r = crypt_keyslot_change_by_passphrase(cd, opt_key_slot, opt_key_slot, r = crypt_keyslot_change_by_passphrase(cd, opt_key_slot, opt_key_slot,
password, password_size, password, password_size); password, password_size, password, password_size);
tools_passphrase_msg(r);
out: out:
crypt_safe_free(password); crypt_safe_free(password);
crypt_free(cd); crypt_free(cd);
@@ -1553,6 +1556,7 @@ static int luksDump_with_volume_key(struct crypt_device *cd)
r = crypt_volume_key_get(cd, CRYPT_ANY_SLOT, vk, &vk_size, r = crypt_volume_key_get(cd, CRYPT_ANY_SLOT, vk, &vk_size,
password, passwordLen); password, passwordLen);
tools_passphrase_msg(r);
check_signal(&r); check_signal(&r);
if (r < 0) if (r < 0)
goto out; goto out;
@@ -1634,6 +1638,7 @@ static int action_luksResume(void)
r = crypt_resume_by_passphrase(cd, action_argv[0], CRYPT_ANY_SLOT, r = crypt_resume_by_passphrase(cd, action_argv[0], CRYPT_ANY_SLOT,
password, passwordLen); password, passwordLen);
tools_passphrase_msg(r);
check_signal(&r); check_signal(&r);
crypt_safe_free(password); crypt_safe_free(password);

1
src/cryptsetup.h
View File

@@ -87,6 +87,7 @@ int tools_get_key(const char *prompt,
const char *key_file, const char *key_file,
int timeout, int verify, int pwquality, int timeout, int verify, int pwquality,
struct crypt_device *cd); struct crypt_device *cd);
void tools_passphrase_msg(int r);
int tools_is_stdin(const char *key_file); int tools_is_stdin(const char *key_file);
int tools_string_to_size(struct crypt_device *cd, const char *s, uint64_t *size); int tools_string_to_size(struct crypt_device *cd, const char *s, uint64_t *size);
int tools_is_cipher_null(const char *cipher); int tools_is_cipher_null(const char *cipher);

5
src/cryptsetup_reencrypt.c
View File

@@ -1224,7 +1224,7 @@ static int init_passphrase1(struct reenc_ctx *rc, struct crypt_device *cd,
rc->p[r].passwordLen = passwordLen; rc->p[r].passwordLen = passwordLen;
break; break;
} }
log_err(_("No key available with this passphrase.\n")); tools_passphrase_msg(r);
} }
password = NULL; password = NULL;
@@ -1260,8 +1260,7 @@ static int init_keyfile(struct reenc_ctx *rc, struct crypt_device *cd, int slot_
if (r < 0) { if (r < 0) {
crypt_safe_free(password); crypt_safe_free(password);
if (r == -EPERM) tools_passphrase_msg(r);
log_err(_("No key available with this passphrase.\n"));
} else { } else {
rc->keyslot = r; rc->keyslot = r;
rc->p[r].password = password; rc->p[r].password = password;

6
src/utils_password.c
View File

@@ -297,3 +297,9 @@ int tools_get_key(const char *prompt,
return r; return r;
} }
void tools_passphrase_msg(int r)
{
if (r == -EPERM)
log_err(_("No key available with this passphrase.\n"));
}

8
tests/compat-test
View File

@@ -639,9 +639,9 @@ check_exists
$CRYPTSETUP luksClose $DEV_NAME || fail $CRYPTSETUP luksClose $DEV_NAME || fail
echo -e "$PWD3\n$PWD1" | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT -S 0 $LOOPDEV || fail echo -e "$PWD3\n$PWD1" | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT -S 0 $LOOPDEV || fail
check $LUKS_HEADER $KEY_SLOT0 $KEY_MATERIAL0 check $LUKS_HEADER $KEY_SLOT0 $KEY_MATERIAL0
echo $PWD3 | $CRYPTSETUP luksOpen -S 0 $LOOPDEV $DEV_NAME && fail echo $PWD3 | $CRYPTSETUP luksOpen -S 0 $LOOPDEV $DEV_NAME 2>/dev/null && fail
[ -b /dev/mapper/$DEV_NAME ] && fail [ -b /dev/mapper/$DEV_NAME ] && fail
echo $PWD1 | $CRYPTSETUP luksOpen -S 5 $LOOPDEV $DEV_NAME && fail echo $PWD1 | $CRYPTSETUP luksOpen -S 5 $LOOPDEV $DEV_NAME 2>/dev/null && fail
[ -b /dev/mapper/$DEV_NAME ] && fail [ -b /dev/mapper/$DEV_NAME ] && fail
# second, try it with keyfiles # second, try it with keyfiles
$CRYPTSETUP luksFormat -q -S 5 -d $KEY5 $LOOPDEV || fail $CRYPTSETUP luksFormat -q -S 5 -d $KEY5 $LOOPDEV || fail
@@ -651,9 +651,9 @@ check $LUKS_HEADER $KEY_SLOT1 $KEY_MATERIAL1
$CRYPTSETUP luksOpen -S 5 -d $KEY5 $LOOPDEV $DEV_NAME || fail $CRYPTSETUP luksOpen -S 5 -d $KEY5 $LOOPDEV $DEV_NAME || fail
check_exists check_exists
$CRYPTSETUP luksClose $DEV_NAME || fail $CRYPTSETUP luksClose $DEV_NAME || fail
$CRYPTSETUP luksOpen -S 1 -d $KEY5 $LOOPDEV $DEV_NAME && fail $CRYPTSETUP luksOpen -S 1 -d $KEY5 $LOOPDEV $DEV_NAME 2>/dev/null && fail
[ -b /dev/mapper/$DEV_NAME ] && fail [ -b /dev/mapper/$DEV_NAME ] && fail
$CRYPTSETUP luksOpen -S 5 -d $KEY1 $LOOPDEV $DEV_NAME && fail $CRYPTSETUP luksOpen -S 5 -d $KEY1 $LOOPDEV $DEV_NAME 2>/dev/null && fail
[ -b /dev/mapper/$DEV_NAME ] && fail [ -b /dev/mapper/$DEV_NAME ] && fail
prepare "[28] Detached LUKS header" wipe prepare "[28] Detached LUKS header" wipe

18
tests/compat-test2
View File

@@ -367,7 +367,7 @@ echo "badpw" | $CRYPTSETUP luksKillSlot $LOOPDEV 2 --key-file=- 2>/dev/null && f
echo "badpw" | $CRYPTSETUP luksKillSlot $LOOPDEV 2 --key-file=- -q 2>/dev/null && fail echo "badpw" | $CRYPTSETUP luksKillSlot $LOOPDEV 2 --key-file=- -q 2>/dev/null && fail
$CRYPTSETUP luksDump $LOOPDEV | grep -q "2: luks2" || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "2: luks2" || fail
# kill slot using passphrase from 1 # kill slot using passphrase from 1
echo $PWD2 | $CRYPTSETUP luksKillSlot $LOOPDEV 2 || fail echo $PWD2 | $CRYPTSETUP luksKillSlot $LOOPDEV 2 2>/dev/null || fail #XXX
$CRYPTSETUP luksDump $LOOPDEV | grep -q "2: luks2" && fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "2: luks2" && fail
# remove key0 / slot 0 # remove key0 / slot 0
echo $PWD1 | $CRYPTSETUP luksRemoveKey $LOOPDEV || fail echo $PWD1 | $CRYPTSETUP luksRemoveKey $LOOPDEV || fail
@@ -556,9 +556,9 @@ echo $PWD3 | $CRYPTSETUP luksOpen -S 5 $LOOPDEV $DEV_NAME || fail
check_exists check_exists
$CRYPTSETUP luksClose $DEV_NAME || fail $CRYPTSETUP luksClose $DEV_NAME || fail
echo -e "$PWD3\n$PWD1" | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT -S 0 $LOOPDEV || fail echo -e "$PWD3\n$PWD1" | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT -S 0 $LOOPDEV || fail
echo $PWD3 | $CRYPTSETUP luksOpen -S 0 $LOOPDEV $DEV_NAME && fail echo $PWD3 | $CRYPTSETUP luksOpen -S 0 $LOOPDEV $DEV_NAME 2>/dev/null && fail
[ -b /dev/mapper/$DEV_NAME ] && fail [ -b /dev/mapper/$DEV_NAME ] && fail
echo $PWD1 | $CRYPTSETUP luksOpen -S 5 $LOOPDEV $DEV_NAME && fail echo $PWD1 | $CRYPTSETUP luksOpen -S 5 $LOOPDEV $DEV_NAME 2>/dev/null && fail
[ -b /dev/mapper/$DEV_NAME ] && fail [ -b /dev/mapper/$DEV_NAME ] && fail
# second, try it with keyfiles # second, try it with keyfiles
$CRYPTSETUP luksFormat -q -S 5 $FAST_PBKDF_OPT -d $KEY5 --type luks2 $LOOPDEV || fail $CRYPTSETUP luksFormat -q -S 5 $FAST_PBKDF_OPT -d $KEY5 --type luks2 $LOOPDEV || fail
@@ -566,9 +566,9 @@ $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT -S 1 -d $KEY5 $LOOPDEV $KEY1 || fail
$CRYPTSETUP luksOpen -S 5 -d $KEY5 $LOOPDEV $DEV_NAME || fail $CRYPTSETUP luksOpen -S 5 -d $KEY5 $LOOPDEV $DEV_NAME || fail
check_exists check_exists
$CRYPTSETUP luksClose $DEV_NAME || fail $CRYPTSETUP luksClose $DEV_NAME || fail
$CRYPTSETUP luksOpen -S 1 -d $KEY5 $LOOPDEV $DEV_NAME && fail $CRYPTSETUP luksOpen -S 1 -d $KEY5 $LOOPDEV $DEV_NAME 2>/dev/null && fail
[ -b /dev/mapper/$DEV_NAME ] && fail [ -b /dev/mapper/$DEV_NAME ] && fail
$CRYPTSETUP luksOpen -S 5 -d $KEY1 $LOOPDEV $DEV_NAME && fail $CRYPTSETUP luksOpen -S 5 -d $KEY1 $LOOPDEV $DEV_NAME 2>/dev/null && fail
[ -b /dev/mapper/$DEV_NAME ] && fail [ -b /dev/mapper/$DEV_NAME ] && fail
# test keyslot not assigned to segment is unable to unlock volume # test keyslot not assigned to segment is unable to unlock volume
# otoh it should be allowed to test for proper passphrase # otoh it should be allowed to test for proper passphrase
@@ -578,7 +578,7 @@ echo $PWD1 | $CRYPTSETUP open -S1 $HEADER_KEYU $DEV_NAME && fail
[ -b /dev/mapper/$DEV_NAME ] && fail [ -b /dev/mapper/$DEV_NAME ] && fail
echo $PWD1 | $CRYPTSETUP open $HEADER_KEYU $DEV_NAME && fail echo $PWD1 | $CRYPTSETUP open $HEADER_KEYU $DEV_NAME && fail
[ -b /dev/mapper/$DEV_NAME ] && fail [ -b /dev/mapper/$DEV_NAME ] && fail
echo $PWD0 | $CRYPTSETUP open -S1 --test-passphrase $HEADER_KEYU $DEV_NAME && fail echo $PWD0 | $CRYPTSETUP open -S1 --test-passphrase $HEADER_KEYU $DEV_NAME 2>/dev/null && fail
$CRYPTSETUP luksKillSlot -q $HEADER_KEYU 0 $CRYPTSETUP luksKillSlot -q $HEADER_KEYU 0
$CRYPTSETUP luksDump $HEADER_KEYU | grep -q "0: luks2" && fail $CRYPTSETUP luksDump $HEADER_KEYU | grep -q "0: luks2" && fail
echo $PWD1 | $CRYPTSETUP open -S1 --test-passphrase $HEADER_KEYU || fail echo $PWD1 | $CRYPTSETUP open -S1 --test-passphrase $HEADER_KEYU || fail
@@ -689,7 +689,7 @@ if [ $HAVE_KEYRING -gt 0 ]; then
$CRYPTSETUP open --token-only $LOOPDEV --test-passphrase && fail $CRYPTSETUP open --token-only $LOOPDEV --test-passphrase && fail
# wrong passphrase # wrong passphrase
load_key user $TEST_TOKEN0 "blabla" "$TEST_KEYRING" || fail "Cannot load 32 byte user key type" load_key user $TEST_TOKEN0 "blabla" "$TEST_KEYRING" || fail "Cannot load 32 byte user key type"
$CRYPTSETUP open --token-only $LOOPDEV --test-passphrase && fail $CRYPTSETUP open --token-only $LOOPDEV --test-passphrase 2>/dev/null && fail
load_key user $TEST_TOKEN0 $PWD1 "$TEST_KEYRING" || fail "Cannot load 32 byte user key type" load_key user $TEST_TOKEN0 $PWD1 "$TEST_KEYRING" || fail "Cannot load 32 byte user key type"
$CRYPTSETUP open --token-only $LOOPDEV --test-passphrase || fail $CRYPTSETUP open --token-only $LOOPDEV --test-passphrase || fail
$CRYPTSETUP open --token-only $LOOPDEV $DEV_NAME || fail $CRYPTSETUP open --token-only $LOOPDEV $DEV_NAME || fail
@@ -710,13 +710,13 @@ echo -e "$PWD1\n$PWD2" | $CRYPTSETUP luksAddKey $LOOPDEV $FAST_PBKDF_OPT -S 5 ||
$CRYPTSETUP config $LOOPDEV -S 0 --priority prefer && fail $CRYPTSETUP config $LOOPDEV -S 0 --priority prefer && fail
$CRYPTSETUP config $LOOPDEV -S 1 --priority bla >/dev/null 2>&1 && fail $CRYPTSETUP config $LOOPDEV -S 1 --priority bla >/dev/null 2>&1 && fail
$CRYPTSETUP config $LOOPDEV -S 1 --priority ignore || fail $CRYPTSETUP config $LOOPDEV -S 1 --priority ignore || fail
echo $PWD1 | $CRYPTSETUP open $LOOPDEV --test-passphrase && fail echo $PWD1 | $CRYPTSETUP open $LOOPDEV --test-passphrase 2>/dev/null && fail
echo $PWD1 | $CRYPTSETUP open $LOOPDEV --test-passphrase -S 1 || fail echo $PWD1 | $CRYPTSETUP open $LOOPDEV --test-passphrase -S 1 || fail
echo $PWD2 | $CRYPTSETUP open $LOOPDEV --test-passphrase || fail echo $PWD2 | $CRYPTSETUP open $LOOPDEV --test-passphrase || fail
$CRYPTSETUP config $LOOPDEV -S 1 --priority normal || fail $CRYPTSETUP config $LOOPDEV -S 1 --priority normal || fail
echo $PWD1 | $CRYPTSETUP open $LOOPDEV --test-passphrase || fail echo $PWD1 | $CRYPTSETUP open $LOOPDEV --test-passphrase || fail
$CRYPTSETUP config $LOOPDEV -S 1 --priority ignore || fail $CRYPTSETUP config $LOOPDEV -S 1 --priority ignore || fail
echo $PWD1 | $CRYPTSETUP open $LOOPDEV --test-passphrase && fail echo $PWD1 | $CRYPTSETUP open $LOOPDEV --test-passphrase 2>/dev/null && fail
prepare "[35] LUKS label and subsystem" wipe prepare "[35] LUKS label and subsystem" wipe
echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV || fail echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV || fail