cryptsetup-tokens: fix pin asserts

If a user only presses ENTER when the PIN is requested (without actually typing
the PIN), an assertion is reached and no other unlock method is requested.

```
sh-5.2# systemctl status systemd-cryptsetup@cr_root
× systemd-cryptsetup@cr_root.service - Cryptography Setup for cr_root
     Loaded: loaded (/etc/crypttab; generated)
    Drop-In: /etc/systemd/system/systemd-cryptsetup@.service.d
             └─pcr-signature.conf
     Active: failed (Result: core-dump) since Thu 2024-04-25 08:44:30 UTC; 10min ago
       Docs: man:crypttab(5)
             man:systemd-cryptsetup-generator(8)
             man:systemd-cryptsetup@.service(8)
    Process: 559 ExecStartPre=/usr/bin/pcr-signature.sh (code=exited, status=0/SUCCESS)
    Process: 604 ExecStart=/usr/bin/systemd-cryptsetup attach cr_root /dev/disk/by-uuid/a8cbd937-6975-4e61-9120-ce5c03138700 none x-initrd.attach,tpm2-device=auto (code=dumped, signal=ABRT)
   Main PID: 604 (code=dumped, signal=ABRT)
        CPU: 19ms

Apr 25 08:44:29 localhost systemd[1]: Starting Cryptography Setup for cr_root...
Apr 25 08:44:30 localhost systemd-cryptsetup[604]: Assertion '!pin || pin_size > 0' failed at src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-tpm2.c:60, function cryptsetup_token_open_pin(). Aborting.
Apr 25 08:44:30 localhost systemd[1]: systemd-cryptsetup@cr_root.service: Main process exited, code=dumped, status=6/ABRT
Apr 25 08:44:30 localhost systemd[1]: systemd-cryptsetup@cr_root.service: Failed with result 'core-dump'.
Apr 25 08:44:30 localhost systemd[1]: Failed to start Cryptography Setup for cr_root.
```

In this case, `cryptsetup_token_open_pin()` receives an empty (non-NULL) `pin`
with `pin_size` equals to 0.

```
🔐 Please enter LUKS2 token PIN:

Breakpoint 3, cryptsetup_token_open_pin (cd=0x5555555744c0, token=0, pin=0x5555555b3cc0 "", pin_size=0, ret_password=0x7fffffffd380,
    ret_password_len=0x7fffffffd378, usrptr=0x0) at ../src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-tpm2.c:42
42	                void *usrptr /* plugin defined parameter passed to crypt_activate_by_token*() API */) {
(gdb) continue
Assertion '!pin || pin_size > 0' failed at src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-tpm2.c:60, function cryptsetup_token_open_pin(). Aborting.
```

diff --git a/src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-fido2.c b/src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-fido2.c
index b96b02742858e2ebd4c6ff952520d1f6057cab47..1efb7c501d2fb1d7214d67127c524ca8b96672f1 100644 (file)
--- a/src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-fido2.c
+++ b/src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-fido2.c
@@ -34,7 +34,7 @@ _public_ int cryptsetup_token_open_pin(
         const char *json;
         _cleanup_(erase_and_freep) char *pin_string = NULL;
 
-        assert(!pin || pin_size);
+        assert(pin || pin_size == 0);
         assert(token >= 0);
 
         /* This must not fail at this moment (internal error) */

diff --git a/src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-pkcs11.c b/src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-pkcs11.c
index 5a7cbe01b1697e056cff428fc9c7ec85bdbed45e..a9898bad9abe1af34ae73c3a805c755088dd261f 100644 (file)
--- a/src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-pkcs11.c
+++ b/src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-pkcs11.c
@@ -33,7 +33,7 @@ _public_ int cryptsetup_token_open_pin(
         const char *json;
         int r;
 
-        assert(!pin || pin_size);
+        assert(pin || pin_size == 0);
         assert(token >= 0);
 
         /* This must not fail at this moment (internal error) */

diff --git a/src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-tpm2.c b/src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-tpm2.c
index 3c36f9a93f5a0e0cd5f8b0fc276589a716e19a2f..8b4754ad77970fc00268bd7d6790f50bfff882d3 100644 (file)
--- a/src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-tpm2.c
+++ b/src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-tpm2.c
@@ -56,7 +56,7 @@ _public_ int cryptsetup_token_open_pin(
         int r;
 
         assert(token >= 0);
-        assert(!pin || pin_size > 0);
+        assert(pin || pin_size == 0);
         assert(ret_password);
         assert(ret_password_len);