Add fix for extra argument from clevis v15

Clevis v15 added an additional argument, which is either an empty string or the string "-y". This argument is not used in this PIN, but we checked the exact number of arguments to parse, which got changed. This also accepts more additional arguments, and just ignores them. Signed-off-by: Patrick Uiterwijk <[email protected]>
fedora-iot · Nov 10, 2020 · 06b2cd9 · 06b2cd9
1 parent e2f32d0
commit 06b2cd9
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 3 deletions.
diff --git a/Cargo.toml b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "clevis-pin-tpm2"
-version = "0.1.3"
+version = "0.1.4"
 description = "Clevis TPM2 PIN with policy support"
 authors = ["Patrick Uiterwijk <[email protected]>"]
 edition = "2018"

diff --git a/src/cli.rs b/src/cli.rs
@@ -184,12 +184,12 @@ pub(super) fn get_mode_and_cfg(
     if atty::is(atty::Stream::Stdin) {
         return Ok((ActionMode::Help, None));
     }
-    let (mode, cfgstr) = if args[0].contains("encrypt") && args.len() == 2 {
+    let (mode, cfgstr) = if args[0].contains("encrypt") && args.len() >= 2 {
         (ActionMode::Encrypt, Some(&args[1]))
     } else if args[0].contains("decrypt") {
         (ActionMode::Decrypt, None)
     } else if args.len() > 1 {
-        if args[1] == "encrypt" && args.len() == 3 {
+        if args[1] == "encrypt" && args.len() >= 3 {
             (ActionMode::Encrypt, Some(&args[2]))
         } else if args[1] == "decrypt" {
             (ActionMode::Decrypt, None)

diff --git a/tests/test_pcr b/tests/test_pcr
@@ -5,6 +5,10 @@ ln -s clevis-pin-tpm2 target/debug/clevis-encrypt-tpm2plus
 ln -s clevis-pin-tpm2 target/debug/clevis-decrypt-tpm2plus
 
 echo "Working: no sealing" | ./target/debug/clevis-pin-tpm2 encrypt '{}' | ./target/debug/clevis-pin-tpm2 decrypt || (echo "Failed: no sealing"; exit 1)
+# This tests we can handle the extra argument (either empty string or -y) from Clevis v15
+# https://github.com/latchset/clevis/commit/36fae7c2dbf030d6c74abaed945db7bf3c25d054
+echo "Working: no sealing (clevis v15, empty)" | ./target/debug/clevis-pin-tpm2 encrypt '{}' '' | ./target/debug/clevis-pin-tpm2 decrypt || (echo "Failed: no sealing"; exit 1)
+echo "Working: no sealing (clevis v15, -y)" | ./target/debug/clevis-pin-tpm2 encrypt '{}' '-y' | ./target/debug/clevis-pin-tpm2 decrypt || (echo "Failed: no sealing"; exit 1)
 echo "Working: no sealing (clevis decrypt)" | ./target/debug/clevis-pin-tpm2 encrypt '{}' | clevis decrypt || (echo "Failed: no sealing (clevis decrypt)"; exit 1)
 echo "Working: no sealing (clevis encrypt)" | clevis encrypt tpm2 '{}' | ./target/debug/clevis-pin-tpm2 decrypt || (echo "Failed: no sealing (clevis encrypt)"; exit 1)
 echo "Working: no sealing (renamed encrypt)" | ./target/debug/clevis-encrypt-tpm2plus '{}' | ./target/debug/clevis-pin-tpm2 decrypt || (echo "Failed: no sealing"; exit 1)