mirror of
https://gitlab.com/cryptsetup/cryptsetup.git
synced 2025-12-16 13:20:11 +01:00
Rename hash-start to hash-offset and switch to use bytes units.
This commit is contained in:
Milan Broz
@@ -18,7 +18,7 @@ Veritysetup supports these operations:
|
|||||||
.IP
|
.IP
|
||||||
Calculates and permanently stores hash verification data for data_device.
|
Calculates and permanently stores hash verification data for data_device.
|
||||||
Hash area can be located on the same device after data if specified
|
Hash area can be located on the same device after data if specified
|
||||||
by \-\-hash\-start option.
|
by \-\-hash\-offset option.
|
||||||
|
|
||||||
Note you need to provide root hash string for device verification
|
Note you need to provide root hash string for device verification
|
||||||
or activation. Root hash must be trusted.
|
or activation. Root hash must be trusted.
|
||||||
@@ -28,7 +28,7 @@ allocates loopback device. In this case, hash file size must be enough
|
|||||||
to store the hash area.
|
to store the hash area.
|
||||||
|
|
||||||
\fB<options>\fR can be [\-\-hash, \-\-no-superblock, \-\-format,
|
\fB<options>\fR can be [\-\-hash, \-\-no-superblock, \-\-format,
|
||||||
\-\-data-block-size, \-\-hash-block-size, \-\-data-blocks, \-\-hash-start,
|
\-\-data-block-size, \-\-hash-block-size, \-\-data-blocks, \-\-hash-offset,
|
||||||
\-\-salt, \-\-uuid]
|
\-\-salt, \-\-uuid]
|
||||||
.PP
|
.PP
|
||||||
\fIcreate\fR <name> <data_device> <hash_device> <root_hash>
|
\fIcreate\fR <name> <data_device> <hash_device> <root_hash>
|
||||||
@@ -38,7 +38,7 @@ Creates a mapping with <name> backed by device <data_device> and using
|
|||||||
|
|
||||||
The <root_hash> is a hexadecimal string.
|
The <root_hash> is a hexadecimal string.
|
||||||
|
|
||||||
\fB<options>\fR can be [\-\-hash-start, \-\-no-superblock]
|
\fB<options>\fR can be [\-\-hash-offset, \-\-no-superblock]
|
||||||
|
|
||||||
If option \-\-no-superblock is used, you have to use as the same options
|
If option \-\-no-superblock is used, you have to use as the same options
|
||||||
as in initial format operation.
|
as in initial format operation.
|
||||||
@@ -84,8 +84,9 @@ Used block size for the hash device.
|
|||||||
Size of data device used in verification.
|
Size of data device used in verification.
|
||||||
If not specified, the whole device is used.
|
If not specified, the whole device is used.
|
||||||
.TP
|
.TP
|
||||||
.B "\-\-hash-start=512-bytes sectors"
|
.B "\-\-hash-offset=bytes"
|
||||||
Offset of hash area/superblock on hash_device.
|
Offset of hash area/superblock on hash_device.
|
||||||
|
Value must be aligned to disk sector offset.
|
||||||
.TP
|
.TP
|
||||||
.B "\-\-salt=hex string"
|
.B "\-\-salt=hex string"
|
||||||
Salt used for format or verification.
|
Salt used for format or verification.
|
||||||
|
|||||||
@@ -40,7 +40,7 @@ static int data_block_size = DEFAULT_VERITY_DATA_BLOCK;
|
|||||||
static int hash_block_size = DEFAULT_VERITY_HASH_BLOCK;
|
static int hash_block_size = DEFAULT_VERITY_HASH_BLOCK;
|
||||||
static uint64_t data_blocks = 0;
|
static uint64_t data_blocks = 0;
|
||||||
static const char *salt_string = NULL;
|
static const char *salt_string = NULL;
|
||||||
static uint64_t hash_start = 0;
|
static uint64_t hash_offset = 0;
|
||||||
static const char *opt_uuid = NULL;
|
static const char *opt_uuid = NULL;
|
||||||
|
|
||||||
static int opt_verbose = 0;
|
static int opt_verbose = 0;
|
||||||
@@ -139,7 +139,7 @@ static int _prepare_format(struct crypt_params_verity *params,
|
|||||||
params->data_block_size = data_block_size;
|
params->data_block_size = data_block_size;
|
||||||
params->hash_block_size = hash_block_size;
|
params->hash_block_size = hash_block_size;
|
||||||
params->data_size = data_blocks;
|
params->data_size = data_blocks;
|
||||||
params->hash_area_offset = hash_start;
|
params->hash_area_offset = hash_offset;
|
||||||
params->hash_type = hash_type;
|
params->hash_type = hash_type;
|
||||||
params->flags = flags;
|
params->flags = flags;
|
||||||
|
|
||||||
@@ -189,7 +189,7 @@ static int _activate(const char *dm_device,
|
|||||||
|
|
||||||
if (use_superblock) {
|
if (use_superblock) {
|
||||||
params.flags = flags;
|
params.flags = flags;
|
||||||
params.hash_area_offset = hash_start;
|
params.hash_area_offset = hash_offset;
|
||||||
r = crypt_load(cd, CRYPT_VERITY, ¶ms);
|
r = crypt_load(cd, CRYPT_VERITY, ¶ms);
|
||||||
} else {
|
} else {
|
||||||
r = _prepare_format(¶ms, data_device, flags | CRYPT_VERITY_NO_HEADER);
|
r = _prepare_format(¶ms, data_device, flags | CRYPT_VERITY_NO_HEADER);
|
||||||
@@ -349,7 +349,7 @@ static int action_dump(int arg)
|
|||||||
if ((r = crypt_init(&cd, action_argv[0])))
|
if ((r = crypt_init(&cd, action_argv[0])))
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
params.hash_area_offset = hash_start;
|
params.hash_area_offset = hash_offset;
|
||||||
r = crypt_load(cd, CRYPT_VERITY, ¶ms);
|
r = crypt_load(cd, CRYPT_VERITY, ¶ms);
|
||||||
if (!r)
|
if (!r)
|
||||||
crypt_dump(cd);
|
crypt_dump(cd);
|
||||||
@@ -506,7 +506,7 @@ int main(int argc, const char **argv)
|
|||||||
{ "data-block-size", 0, POPT_ARG_INT, &data_block_size, 0, N_("Block size on the data device"), N_("bytes") },
|
{ "data-block-size", 0, POPT_ARG_INT, &data_block_size, 0, N_("Block size on the data device"), N_("bytes") },
|
||||||
{ "hash-block-size", 0, POPT_ARG_INT, &hash_block_size, 0, N_("Block size on the hash device"), N_("bytes") },
|
{ "hash-block-size", 0, POPT_ARG_INT, &hash_block_size, 0, N_("Block size on the hash device"), N_("bytes") },
|
||||||
{ "data-blocks", 0, POPT_ARG_STRING, &popt_tmp, 1, N_("The number of blocks in the data file"), N_("blocks") },
|
{ "data-blocks", 0, POPT_ARG_STRING, &popt_tmp, 1, N_("The number of blocks in the data file"), N_("blocks") },
|
||||||
{ "hash-start", 0, POPT_ARG_STRING, &popt_tmp, 2, N_("Starting block on the hash device"), N_("512-byte sectors") },
|
{ "hash-offset", 0, POPT_ARG_STRING, &popt_tmp, 2, N_("Starting offset on the hash device"), N_("bytes") },
|
||||||
{ "hash", 'h', POPT_ARG_STRING, &hash_algorithm, 0, N_("Hash algorithm"), N_("string") },
|
{ "hash", 'h', POPT_ARG_STRING, &hash_algorithm, 0, N_("Hash algorithm"), N_("string") },
|
||||||
{ "salt", 's', POPT_ARG_STRING, &salt_string, 0, N_("Salt"), N_("hex string") },
|
{ "salt", 's', POPT_ARG_STRING, &salt_string, 0, N_("Salt"), N_("hex string") },
|
||||||
{ "uuid", '\0', POPT_ARG_STRING, &opt_uuid, 0, N_("UUID for device to use."), NULL },
|
{ "uuid", '\0', POPT_ARG_STRING, &opt_uuid, 0, N_("UUID for device to use."), NULL },
|
||||||
@@ -544,9 +544,7 @@ int main(int argc, const char **argv)
|
|||||||
data_blocks = ull_value;
|
data_blocks = ull_value;
|
||||||
break;
|
break;
|
||||||
case 2:
|
case 2:
|
||||||
hash_start = ull_value * 512;
|
hash_offset = ull_value;
|
||||||
if (hash_start / 512 != ull_value)
|
|
||||||
r = POPT_ERROR_BADNUMBER;
|
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -70,9 +70,9 @@ function compare_out() # $1 what, $2 expected
|
|||||||
function check_root_hash() # $1 size, $2 hash, $3 salt, $4 version, $5 hash, [$6 offset]
|
function check_root_hash() # $1 size, $2 hash, $3 salt, $4 version, $5 hash, [$6 offset]
|
||||||
{
|
{
|
||||||
if [ -z "$LOOPDEV2" ] ; then
|
if [ -z "$LOOPDEV2" ] ; then
|
||||||
BLOCKS=$(($6 * 512 / $1))
|
BLOCKS=$(($6 / $1))
|
||||||
DEV_PARAMS="$LOOPDEV1 $LOOPDEV1 \
|
DEV_PARAMS="$LOOPDEV1 $LOOPDEV1 \
|
||||||
--hash-start $6 \
|
--hash-offset $6 \
|
||||||
--data-blocks=$BLOCKS --debug"
|
--data-blocks=$BLOCKS --debug"
|
||||||
else
|
else
|
||||||
DEV_PARAMS="$LOOPDEV1 $LOOPDEV2"
|
DEV_PARAMS="$LOOPDEV1 $LOOPDEV2"
|
||||||
@@ -173,16 +173,16 @@ check_root_hash 1024 73509e8e868be6b8ac939817a98a3d35121413b2 dadada 1 sha1
|
|||||||
|
|
||||||
echo "Verity tests [one device offset]"
|
echo "Verity tests [one device offset]"
|
||||||
prepare $((8192 + 1024))
|
prepare $((8192 + 1024))
|
||||||
check_root_hash 512 9de18652fe74edfb9b805aaed72ae2aa48f94333f1ba5c452ac33b1c39325174 $SALT 1 sha256 16384
|
check_root_hash 512 9de18652fe74edfb9b805aaed72ae2aa48f94333f1ba5c452ac33b1c39325174 $SALT 1 sha256 8388608
|
||||||
check_root_hash 1024 54d92778750495d1f80832b486ebd007617d746271511bbf0e295e143da2b3df $SALT 1 sha256 16384
|
check_root_hash 1024 54d92778750495d1f80832b486ebd007617d746271511bbf0e295e143da2b3df $SALT 1 sha256 8388608
|
||||||
check_root_hash 4096 e522df0f97da4febb882ac40f30b37dc0b444bf6df418929463fa25280f09d5c $SALT 1 sha256 16384
|
check_root_hash 4096 e522df0f97da4febb882ac40f30b37dc0b444bf6df418929463fa25280f09d5c $SALT 1 sha256 8388608
|
||||||
# version 0
|
# version 0
|
||||||
check_root_hash 4096 cbbf4ebd004ef65e29b935bb635a39cf754d677f3fa10b0126da725bbdf10f7d $SALT 0 sha256 16384
|
check_root_hash 4096 cbbf4ebd004ef65e29b935bb635a39cf754d677f3fa10b0126da725bbdf10f7d $SALT 0 sha256 8388608
|
||||||
# no salt
|
# no salt
|
||||||
check_root_hash 4096 ef29c902d87350f1da4bfa536e16cebc162a909bf89abe448b81ec500d4fb9bf - 1 sha256 16384
|
check_root_hash 4096 ef29c902d87350f1da4bfa536e16cebc162a909bf89abe448b81ec500d4fb9bf - 1 sha256 8388608
|
||||||
# sha1
|
# sha1
|
||||||
check_root_hash 1024 d0e9163ca8844aaa2e88fe5265a8c5d9ee494a99 $SALT 1 sha1 16384
|
check_root_hash 1024 d0e9163ca8844aaa2e88fe5265a8c5d9ee494a99 $SALT 1 sha1 8388608
|
||||||
check_root_hash 1024 73509e8e868be6b8ac939817a98a3d35121413b2 dadada 1 sha1 16384
|
check_root_hash 1024 73509e8e868be6b8ac939817a98a3d35121413b2 dadada 1 sha1 8388608
|
||||||
|
|
||||||
remove_mapping
|
remove_mapping
|
||||||
exit 0
|
exit 0
|
||||||
|
|||||||
Reference in New Issue
Block a user