From b55ca26f5b5d9b652870be812aa3ed1b20894a97 Mon Sep 17 00:00:00 2001
From: jjimbo137 <115816493+jjimbo137@users.noreply.github.com>
Date: Mon, 6 Nov 2023 11:39:01 -0500
Subject: [PATCH] tcrypt: try all entered passphrases instead of just the first
 one (#29837)

Previously only the first entered passphrase would be used.  Add the ability to check all the passwords entered by the user.  The total number of passwords entered is still limited by passphrase entry limit.
---
 src/cryptsetup/cryptsetup.c | 38 +++++++++++++++++++++----------------
 1 file changed, 22 insertions(+), 16 deletions(-)

diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c
index 6d927ef8dd8..b56b51a134f 100644
--- a/src/cryptsetup/cryptsetup.c
+++ b/src/cryptsetup/cryptsetup.c
@@ -1006,31 +1006,37 @@ static int attach_tcrypt(
         if (key_data) {
                 params.passphrase = key_data;
                 params.passphrase_size = key_data_size;
+                r = crypt_load(cd, CRYPT_TCRYPT, &params);
+        } else if (key_file) {
+                r = read_one_line_file(key_file, &passphrase);
+                if (r < 0) {
+                        log_error_errno(r, "Failed to read password file '%s': %m", key_file);
+                        return -EAGAIN; /* log with the actual error, but return EAGAIN */
+                }
+                params.passphrase = passphrase;
+                params.passphrase_size = strlen(passphrase);
+                r = crypt_load(cd, CRYPT_TCRYPT, &params);
         } else {
-                if (key_file) {
-                        r = read_one_line_file(key_file, &passphrase);
-                        if (r < 0) {
-                                log_error_errno(r, "Failed to read password file '%s': %m", key_file);
-                                return -EAGAIN; /* log with the actual error, but return EAGAIN */
-                        }
-
-                        params.passphrase = passphrase;
-                } else
-                        params.passphrase = passwords[0];
-
-                params.passphrase_size = strlen(params.passphrase);
+                r = -EINVAL;
+                STRV_FOREACH(p, passwords){
+                        params.passphrase = *p;
+                        params.passphrase_size = strlen(*p);
+                        r = crypt_load(cd, CRYPT_TCRYPT, &params);
+                        if (r >= 0)
+                                break;
+                }
         }
 
-        r = crypt_load(cd, CRYPT_TCRYPT, &params);
         if (r < 0) {
                 if (r == -EPERM) {
                         if (key_data)
                                 log_error_errno(r, "Failed to activate using discovered key. (Key not correct?)");
-
-                        if (key_file)
+                        else if (key_file)
                                 log_error_errno(r, "Failed to activate using password file '%s'. (Key data not correct?)", key_file);
+                        else
+                                log_error_errno(r, "Failed to activate using supplied passwords.");
 
-                        return -EAGAIN; /* log the actual error, but return EAGAIN */
+                        return r;
                 }
 
                 return log_error_errno(r, "Failed to load tcrypt superblock on device %s: %m", crypt_get_device_name(cd));
-- 
2.47.3