Commit af0887fb authored by Milan Broz's avatar Milan Broz

Remove no passphrase error message from library.

And move it to tools.

This will unify LUKS1/2 error messages.
parent 610c7858
......@@ -1061,7 +1061,6 @@ int LUKS_open_key_with_hdr(int keyIndex,
return r;
}
/* Warning, early returns above */
log_err(ctx, _("No key available with this passphrase.\n"));
return -EPERM;
}
......
......@@ -518,7 +518,7 @@ static int action_resize(void)
goto out;
r = crypt_activate_by_passphrase(cd, NULL, opt_key_slot, password, passwordLen, CRYPT_ACTIVATE_KEYRING_KEY);
tools_passphrase_msg(r);
crypt_safe_free(password);
}
}
......@@ -1132,8 +1132,8 @@ static int action_open_luks(void)
r = crypt_activate_by_passphrase(cd, activated_name,
opt_key_slot, password, passwordLen, activate_flags);
tools_passphrase_msg(r);
check_signal(&r);
crypt_safe_free(password);
password = NULL;
} while ((r == -EPERM || r == -ERANGE) && (--tries > 0));
......@@ -1197,9 +1197,7 @@ static int verify_keyslot(struct crypt_device *cd, int key_slot,
/* Handle inactive keyslots the same as bad password here */
if (r == -ENOENT)
r = -EPERM;
if (r == -EPERM)
log_err(_("No key available with this passphrase.\n"));
tools_passphrase_msg(r);
out:
crypt_safe_free(password);
return r;
......@@ -1278,6 +1276,7 @@ static int action_luksRemoveKey(void)
r = crypt_activate_by_passphrase(cd, NULL, CRYPT_ANY_SLOT,
password, passwordLen, 0);
tools_passphrase_msg(r);
check_signal(&r);
if (r < 0)
goto out;
......@@ -1353,6 +1352,7 @@ static int action_luksAddKey(void)
r = crypt_keyslot_add_by_keyfile_device_offset(cd, opt_key_slot,
opt_key_file, opt_keyfile_size, opt_keyfile_offset,
opt_new_key_file, opt_new_keyfile_size, opt_new_keyfile_offset);
tools_passphrase_msg(r);
} else {
r = tools_get_key(_("Enter any existing passphrase: "),
&password, &password_size,
......@@ -1366,6 +1366,7 @@ static int action_luksAddKey(void)
r = crypt_activate_by_passphrase(cd, NULL, CRYPT_ANY_SLOT,
password, password_size, 0);
check_signal(&r);
tools_passphrase_msg(r);
if (r < 0)
goto out;
......@@ -1422,6 +1423,7 @@ static int action_luksChangeKey(void)
/* Check password before asking for new one */
r = crypt_activate_by_passphrase(cd, NULL, opt_key_slot,
password, password_size, 0);
tools_passphrase_msg(r);
check_signal(&r);
if (r < 0)
goto out;
......@@ -1471,6 +1473,7 @@ static int action_luksConvertKey(void)
r = crypt_keyslot_change_by_passphrase(cd, opt_key_slot, opt_key_slot,
password, password_size, password, password_size);
tools_passphrase_msg(r);
out:
crypt_safe_free(password);
crypt_free(cd);
......@@ -1553,6 +1556,7 @@ static int luksDump_with_volume_key(struct crypt_device *cd)
r = crypt_volume_key_get(cd, CRYPT_ANY_SLOT, vk, &vk_size,
password, passwordLen);
tools_passphrase_msg(r);
check_signal(&r);
if (r < 0)
goto out;
......@@ -1634,6 +1638,7 @@ static int action_luksResume(void)
r = crypt_resume_by_passphrase(cd, action_argv[0], CRYPT_ANY_SLOT,
password, passwordLen);
tools_passphrase_msg(r);
check_signal(&r);
crypt_safe_free(password);
......
......@@ -87,6 +87,7 @@ int tools_get_key(const char *prompt,
const char *key_file,
int timeout, int verify, int pwquality,
struct crypt_device *cd);
void tools_passphrase_msg(int r);
int tools_is_stdin(const char *key_file);
int tools_string_to_size(struct crypt_device *cd, const char *s, uint64_t *size);
int tools_is_cipher_null(const char *cipher);
......
......@@ -1224,7 +1224,7 @@ static int init_passphrase1(struct reenc_ctx *rc, struct crypt_device *cd,
rc->p[r].passwordLen = passwordLen;
break;
}
log_err(_("No key available with this passphrase.\n"));
tools_passphrase_msg(r);
}
password = NULL;
......@@ -1260,8 +1260,7 @@ static int init_keyfile(struct reenc_ctx *rc, struct crypt_device *cd, int slot_
if (r < 0) {
crypt_safe_free(password);
if (r == -EPERM)
log_err(_("No key available with this passphrase.\n"));
tools_passphrase_msg(r);
} else {
rc->keyslot = r;
rc->p[r].password = password;
......
......@@ -297,3 +297,9 @@ int tools_get_key(const char *prompt,
return r;
}
void tools_passphrase_msg(int r)
{
if (r == -EPERM)
log_err(_("No key available with this passphrase.\n"));
}
......@@ -639,9 +639,9 @@ check_exists
$CRYPTSETUP luksClose $DEV_NAME || fail
echo -e "$PWD3\n$PWD1" | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT -S 0 $LOOPDEV || fail
check $LUKS_HEADER $KEY_SLOT0 $KEY_MATERIAL0
echo $PWD3 | $CRYPTSETUP luksOpen -S 0 $LOOPDEV $DEV_NAME && fail
echo $PWD3 | $CRYPTSETUP luksOpen -S 0 $LOOPDEV $DEV_NAME 2>/dev/null && fail
[ -b /dev/mapper/$DEV_NAME ] && fail
echo $PWD1 | $CRYPTSETUP luksOpen -S 5 $LOOPDEV $DEV_NAME && fail
echo $PWD1 | $CRYPTSETUP luksOpen -S 5 $LOOPDEV $DEV_NAME 2>/dev/null && fail
[ -b /dev/mapper/$DEV_NAME ] && fail
# second, try it with keyfiles
$CRYPTSETUP luksFormat -q -S 5 -d $KEY5 $LOOPDEV || fail
......@@ -651,9 +651,9 @@ check $LUKS_HEADER $KEY_SLOT1 $KEY_MATERIAL1
$CRYPTSETUP luksOpen -S 5 -d $KEY5 $LOOPDEV $DEV_NAME || fail
check_exists
$CRYPTSETUP luksClose $DEV_NAME || fail
$CRYPTSETUP luksOpen -S 1 -d $KEY5 $LOOPDEV $DEV_NAME && fail
$CRYPTSETUP luksOpen -S 1 -d $KEY5 $LOOPDEV $DEV_NAME 2>/dev/null && fail
[ -b /dev/mapper/$DEV_NAME ] && fail
$CRYPTSETUP luksOpen -S 5 -d $KEY1 $LOOPDEV $DEV_NAME && fail
$CRYPTSETUP luksOpen -S 5 -d $KEY1 $LOOPDEV $DEV_NAME 2>/dev/null && fail
[ -b /dev/mapper/$DEV_NAME ] && fail
prepare "[28] Detached LUKS header" wipe
......
......@@ -367,7 +367,7 @@ echo "badpw" | $CRYPTSETUP luksKillSlot $LOOPDEV 2 --key-file=- 2>/dev/null && f
echo "badpw" | $CRYPTSETUP luksKillSlot $LOOPDEV 2 --key-file=- -q 2>/dev/null && fail
$CRYPTSETUP luksDump $LOOPDEV | grep -q "2: luks2" || fail
# kill slot using passphrase from 1
echo $PWD2 | $CRYPTSETUP luksKillSlot $LOOPDEV 2 || fail
echo $PWD2 | $CRYPTSETUP luksKillSlot $LOOPDEV 2 2>/dev/null || fail #XXX
$CRYPTSETUP luksDump $LOOPDEV | grep -q "2: luks2" && fail
# remove key0 / slot 0
echo $PWD1 | $CRYPTSETUP luksRemoveKey $LOOPDEV || fail
......@@ -556,9 +556,9 @@ echo $PWD3 | $CRYPTSETUP luksOpen -S 5 $LOOPDEV $DEV_NAME || fail
check_exists
$CRYPTSETUP luksClose $DEV_NAME || fail
echo -e "$PWD3\n$PWD1" | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT -S 0 $LOOPDEV || fail
echo $PWD3 | $CRYPTSETUP luksOpen -S 0 $LOOPDEV $DEV_NAME && fail
echo $PWD3 | $CRYPTSETUP luksOpen -S 0 $LOOPDEV $DEV_NAME 2>/dev/null && fail
[ -b /dev/mapper/$DEV_NAME ] && fail
echo $PWD1 | $CRYPTSETUP luksOpen -S 5 $LOOPDEV $DEV_NAME && fail
echo $PWD1 | $CRYPTSETUP luksOpen -S 5 $LOOPDEV $DEV_NAME 2>/dev/null && fail
[ -b /dev/mapper/$DEV_NAME ] && fail
# second, try it with keyfiles
$CRYPTSETUP luksFormat -q -S 5 $FAST_PBKDF_OPT -d $KEY5 --type luks2 $LOOPDEV || fail
......@@ -566,9 +566,9 @@ $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT -S 1 -d $KEY5 $LOOPDEV $KEY1 || fail
$CRYPTSETUP luksOpen -S 5 -d $KEY5 $LOOPDEV $DEV_NAME || fail
check_exists
$CRYPTSETUP luksClose $DEV_NAME || fail
$CRYPTSETUP luksOpen -S 1 -d $KEY5 $LOOPDEV $DEV_NAME && fail
$CRYPTSETUP luksOpen -S 1 -d $KEY5 $LOOPDEV $DEV_NAME 2>/dev/null && fail
[ -b /dev/mapper/$DEV_NAME ] && fail
$CRYPTSETUP luksOpen -S 5 -d $KEY1 $LOOPDEV $DEV_NAME && fail
$CRYPTSETUP luksOpen -S 5 -d $KEY1 $LOOPDEV $DEV_NAME 2>/dev/null && fail
[ -b /dev/mapper/$DEV_NAME ] && fail
# test keyslot not assigned to segment is unable to unlock volume
# otoh it should be allowed to test for proper passphrase
......@@ -578,7 +578,7 @@ echo $PWD1 | $CRYPTSETUP open -S1 $HEADER_KEYU $DEV_NAME && fail
[ -b /dev/mapper/$DEV_NAME ] && fail
echo $PWD1 | $CRYPTSETUP open $HEADER_KEYU $DEV_NAME && fail
[ -b /dev/mapper/$DEV_NAME ] && fail
echo $PWD0 | $CRYPTSETUP open -S1 --test-passphrase $HEADER_KEYU $DEV_NAME && fail
echo $PWD0 | $CRYPTSETUP open -S1 --test-passphrase $HEADER_KEYU $DEV_NAME 2>/dev/null && fail
$CRYPTSETUP luksKillSlot -q $HEADER_KEYU 0
$CRYPTSETUP luksDump $HEADER_KEYU | grep -q "0: luks2" && fail
echo $PWD1 | $CRYPTSETUP open -S1 --test-passphrase $HEADER_KEYU || fail
......@@ -689,7 +689,7 @@ if [ $HAVE_KEYRING -gt 0 ]; then
$CRYPTSETUP open --token-only $LOOPDEV --test-passphrase && fail
# wrong passphrase
load_key user $TEST_TOKEN0 "blabla" "$TEST_KEYRING" || fail "Cannot load 32 byte user key type"
$CRYPTSETUP open --token-only $LOOPDEV --test-passphrase && fail
$CRYPTSETUP open --token-only $LOOPDEV --test-passphrase 2>/dev/null && fail
load_key user $TEST_TOKEN0 $PWD1 "$TEST_KEYRING" || fail "Cannot load 32 byte user key type"
$CRYPTSETUP open --token-only $LOOPDEV --test-passphrase || fail
$CRYPTSETUP open --token-only $LOOPDEV $DEV_NAME || fail
......@@ -710,13 +710,13 @@ echo -e "$PWD1\n$PWD2" | $CRYPTSETUP luksAddKey $LOOPDEV $FAST_PBKDF_OPT -S 5 ||
$CRYPTSETUP config $LOOPDEV -S 0 --priority prefer && fail
$CRYPTSETUP config $LOOPDEV -S 1 --priority bla >/dev/null 2>&1 && fail
$CRYPTSETUP config $LOOPDEV -S 1 --priority ignore || fail
echo $PWD1 | $CRYPTSETUP open $LOOPDEV --test-passphrase && fail
echo $PWD1 | $CRYPTSETUP open $LOOPDEV --test-passphrase 2>/dev/null && fail
echo $PWD1 | $CRYPTSETUP open $LOOPDEV --test-passphrase -S 1 || fail
echo $PWD2 | $CRYPTSETUP open $LOOPDEV --test-passphrase || fail
$CRYPTSETUP config $LOOPDEV -S 1 --priority normal || fail
echo $PWD1 | $CRYPTSETUP open $LOOPDEV --test-passphrase || fail
$CRYPTSETUP config $LOOPDEV -S 1 --priority ignore || fail
echo $PWD1 | $CRYPTSETUP open $LOOPDEV --test-passphrase && fail
echo $PWD1 | $CRYPTSETUP open $LOOPDEV --test-passphrase 2>/dev/null && fail
prepare "[35] LUKS label and subsystem" wipe
echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV || fail
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment