Merge pull request #1158 from vojtechtrefny/master_change-key-fix

vojtechtrefny · web-flow · commit 625c894bd3e5 · 2026-01-13T08:29:54.000+01:00
crypto: Fix reading keyfile in bd_crypto_luks_change_key
diff --git a/src/plugins/crypto.c b/src/plugins/crypto.c
@@ -1734,7 +1734,7 @@ gboolean bd_crypto_luks_change_key (const gchar *device, BDCryptoKeyslotContext
     }
 
     if (ncontext->type == BD_CRYPTO_KEYSLOT_CONTEXT_TYPE_KEYFILE) {
-        ret = crypt_keyfile_device_read (cd, ncontext->u.keyfile.keyfile, &key_buf, &buf_len,
+        ret = crypt_keyfile_device_read (cd, ncontext->u.keyfile.keyfile, &nkey_buf, &nbuf_len,
                                          ncontext->u.keyfile.keyfile_offset, ncontext->u.keyfile.key_size, 0);
         if (ret != 0) {
             g_set_error (&l_error, BD_CRYPTO_ERROR, BD_CRYPTO_ERROR_KEYFILE_FAILED,
diff --git a/tests/crypto_test.py b/tests/crypto_test.py
@@ -631,6 +631,33 @@ def _change_key(self, create_fn):
         succ = BlockDev.crypto_luks_change_key(self.loop_devs[0], ctx, nctx)
         self.assertTrue(succ)
 
+        # old passphrase should no longer work
+        with self.assertRaises(GLib.GError):
+            BlockDev.crypto_luks_remove_key(self.loop_devs[0], ctx)
+
+        # new passphrase should work
+        succ = BlockDev.crypto_luks_open(self.loop_devs[0], "libblockdevTestLUKS", nctx)
+        self.assertTrue(succ)
+
+        succ = BlockDev.crypto_luks_close("libblockdevTestLUKS")
+        self.assertTrue(succ)
+
+        # try with keyfile as well
+        kctx = BlockDev.CryptoKeyslotContext(keyfile=self.keyfile)
+        succ = BlockDev.crypto_luks_change_key(self.loop_devs[0], nctx, kctx)
+        self.assertTrue(succ)
+
+        # old passphrase should no longer work
+        with self.assertRaises(GLib.GError):
+            BlockDev.crypto_luks_remove_key(self.loop_devs[0], nctx)
+
+        # keyfile should work
+        succ = BlockDev.crypto_luks_open(self.loop_devs[0], "libblockdevTestLUKS", kctx)
+        self.assertTrue(succ)
+
+        succ = BlockDev.crypto_luks_close("libblockdevTestLUKS")
+        self.assertTrue(succ)
+
     @tag_test(TestTags.SLOW)
     def test_luks_change_key(self):
         self._change_key(self._luks_format)

Original file line number	Diff line number	Diff line change
`@@ -1734,7 +1734,7 @@ gboolean bd_crypto_luks_change_key (const gchar *device, BDCryptoKeyslotContext`
`1734`	`1734`	`}`
`1735`	`1735`
`1736`	`1736`	`if (ncontext->type == BD_CRYPTO_KEYSLOT_CONTEXT_TYPE_KEYFILE) {`
`1737`		`- ret = crypt_keyfile_device_read (cd, ncontext->u.keyfile.keyfile, &key_buf, &buf_len,`
	`1737`	`+ ret = crypt_keyfile_device_read (cd, ncontext->u.keyfile.keyfile, &nkey_buf, &nbuf_len,`
`1738`	`1738`	`ncontext->u.keyfile.keyfile_offset, ncontext->u.keyfile.key_size, 0);`
`1739`	`1739`	`if (ret != 0) {`
`1740`	`1740`	`g_set_error (&l_error, BD_CRYPTO_ERROR, BD_CRYPTO_ERROR_KEYFILE_FAILED,`