From de6258d3665c974eadbd88dcb181520f7b26d10f Mon Sep 17 00:00:00 2001 From: Ondrej Kozina Date: Mon, 18 Nov 2019 17:33:20 +0100 Subject: [PATCH] Allow --test-passphrase for detached header alone. Before this fix we required data device specified on cmd line even though it was not necessary for testing passphrase. Fixes: #487. --- src/cryptsetup.c | 2 +- tests/compat-test | 5 +++++ tests/compat-test2 | 1 + 3 files changed, 7 insertions(+), 1 deletion(-) diff --git a/src/cryptsetup.c b/src/cryptsetup.c index 92a0a200..d92e6e8d 100644 --- a/src/cryptsetup.c +++ b/src/cryptsetup.c @@ -1374,7 +1374,7 @@ static int action_open_luks(void) goto out; } - if (!data_device && (crypt_get_data_offset(cd) < 8)) { + if (!data_device && (crypt_get_data_offset(cd) < 8) && !opt_test_passphrase) { log_err(_("Reduced data offset is allowed only for detached LUKS header.")); r = -EINVAL; goto out; diff --git a/tests/compat-test b/tests/compat-test index 64818757..1d993101 100755 --- a/tests/compat-test +++ b/tests/compat-test @@ -216,6 +216,10 @@ echo "[2] open" echo $PWD0 | $CRYPTSETUP luksOpen $IMG --test-passphrase 2>/dev/null && fail [ $? -ne 2 ] && fail "luksOpen should return EPERM exit code" echo $PWD1 | $CRYPTSETUP luksOpen $IMG --test-passphrase || fail +# test detached header --test-passphrase +echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT --header $HEADER_IMG $IMG || fail +echo $PWD1 | $CRYPTSETUP open --test-passphrase $HEADER_IMG || fail +rm -f $HEADER_IMG echo "[3] add key" echo $PWD1 | $CRYPTSETUP luksAddKey $IMG $FAST_PBKDF_OPT 2>/dev/null && fail echo -e "$PWD1\n$PWD2" | $CRYPTSETUP luksAddKey $IMG $FAST_PBKDF_OPT || fail @@ -753,6 +757,7 @@ echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT -S 5 _fakedev_ --header $HEA $CRYPTSETUP luksDump _fakedev_ --header $HEADER_IMG | grep -q "Key Slot 5: ENABLED" || fail $CRYPTSETUP luksKillSlot -q _fakedev_ --header $HEADER_IMG 5 || fail $CRYPTSETUP luksDump _fakedev_ --header $HEADER_IMG | grep -q "Key Slot 5: DISABLED" || fail +echo $PWD1 | $CRYPTSETUP open --test-passphrase $HEADER_IMG || fail prepare "[29] Repair metadata" wipe $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV $KEY1 --key-slot 0 || fail diff --git a/tests/compat-test2 b/tests/compat-test2 index 6817b077..63ee271f 100755 --- a/tests/compat-test2 +++ b/tests/compat-test2 @@ -709,6 +709,7 @@ echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT -S 5 _fakedev_ --header $HEA $CRYPTSETUP luksDump _fakedev_ --header $HEADER_IMG | grep -q "5: luks2" || fail $CRYPTSETUP luksKillSlot -q _fakedev_ --header $HEADER_IMG 5 || fail $CRYPTSETUP luksDump _fakedev_ --header $HEADER_IMG | grep -q "5: luks2" && fail +echo $PWD1 | $CRYPTSETUP open --test-passphrase $HEADER_IMG || fail prepare "[29] Repair metadata" wipe xz -dk $HEADER_LUKS2_PV.xz