eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-14 12:20:00 +01:00
Code Issues Packages Projects Releases Wiki Activity

Allow --test-passphrase for detached header alone.

Browse Source 
Before this fix we required data device specified on cmd line
even though it was not necessary for testing passphrase.

Fixes: #487.
This commit is contained in:
Ondrej Kozina
2019-11-18 17:33:20 +01:00
parent 5e4dbf33be
commit de6258d366
3 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/cryptsetup.c
View File

@@ -1374,7 +1374,7 @@ static int action_open_luks(void)
goto out; goto out;
} }
if (!data_device && (crypt_get_data_offset(cd) < 8)) { if (!data_device && (crypt_get_data_offset(cd) < 8) && !opt_test_passphrase) {
log_err(_("Reduced data offset is allowed only for detached LUKS header.")); log_err(_("Reduced data offset is allowed only for detached LUKS header."));
r = -EINVAL; r = -EINVAL;
goto out; goto out;

5
tests/compat-test
View File

@@ -216,6 +216,10 @@ echo "[2] open"
echo $PWD0 | $CRYPTSETUP luksOpen $IMG --test-passphrase 2>/dev/null && fail echo $PWD0 | $CRYPTSETUP luksOpen $IMG --test-passphrase 2>/dev/null && fail
[ $? -ne 2 ] && fail "luksOpen should return EPERM exit code" [ $? -ne 2 ] && fail "luksOpen should return EPERM exit code"
echo $PWD1 | $CRYPTSETUP luksOpen $IMG --test-passphrase || fail echo $PWD1 | $CRYPTSETUP luksOpen $IMG --test-passphrase || fail
# test detached header --test-passphrase
echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT --header $HEADER_IMG $IMG || fail
echo $PWD1 | $CRYPTSETUP open --test-passphrase $HEADER_IMG || fail
rm -f $HEADER_IMG
echo "[3] add key" echo "[3] add key"
echo $PWD1 | $CRYPTSETUP luksAddKey $IMG $FAST_PBKDF_OPT 2>/dev/null && fail echo $PWD1 | $CRYPTSETUP luksAddKey $IMG $FAST_PBKDF_OPT 2>/dev/null && fail
echo -e "$PWD1\n$PWD2" | $CRYPTSETUP luksAddKey $IMG $FAST_PBKDF_OPT || fail echo -e "$PWD1\n$PWD2" | $CRYPTSETUP luksAddKey $IMG $FAST_PBKDF_OPT || fail
@@ -753,6 +757,7 @@ echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT -S 5 _fakedev_ --header $HEA
$CRYPTSETUP luksDump _fakedev_ --header $HEADER_IMG | grep -q "Key Slot 5: ENABLED" || fail $CRYPTSETUP luksDump _fakedev_ --header $HEADER_IMG | grep -q "Key Slot 5: ENABLED" || fail
$CRYPTSETUP luksKillSlot -q _fakedev_ --header $HEADER_IMG 5 || fail $CRYPTSETUP luksKillSlot -q _fakedev_ --header $HEADER_IMG 5 || fail
$CRYPTSETUP luksDump _fakedev_ --header $HEADER_IMG | grep -q "Key Slot 5: DISABLED" || fail $CRYPTSETUP luksDump _fakedev_ --header $HEADER_IMG | grep -q "Key Slot 5: DISABLED" || fail
echo $PWD1 | $CRYPTSETUP open --test-passphrase $HEADER_IMG || fail
prepare "[29] Repair metadata" wipe prepare "[29] Repair metadata" wipe
$CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV $KEY1 --key-slot 0 || fail $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV $KEY1 --key-slot 0 || fail

1
tests/compat-test2
View File

@@ -709,6 +709,7 @@ echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT -S 5 _fakedev_ --header $HEA
$CRYPTSETUP luksDump _fakedev_ --header $HEADER_IMG | grep -q "5: luks2" || fail $CRYPTSETUP luksDump _fakedev_ --header $HEADER_IMG | grep -q "5: luks2" || fail
$CRYPTSETUP luksKillSlot -q _fakedev_ --header $HEADER_IMG 5 || fail $CRYPTSETUP luksKillSlot -q _fakedev_ --header $HEADER_IMG 5 || fail
$CRYPTSETUP luksDump _fakedev_ --header $HEADER_IMG | grep -q "5: luks2" && fail $CRYPTSETUP luksDump _fakedev_ --header $HEADER_IMG | grep -q "5: luks2" && fail
echo $PWD1 | $CRYPTSETUP open --test-passphrase $HEADER_IMG || fail
prepare "[29] Repair metadata" wipe prepare "[29] Repair metadata" wipe
xz -dk $HEADER_LUKS2_PV.xz xz -dk $HEADER_LUKS2_PV.xz