Fix integrity info display for non-LUKS2 crypt devices.

2025-12-23 16:50:01 +01:00 · 2023-02-16 14:53:23 +01:00
parent e455110c8e
commit 1d109a114c
4 changed files with 29 additions and 5 deletions
--- a/lib/setup.c
+++ b/lib/setup.c
@@ -122,6 +122,7 @@ struct crypt_device {
 		/* buffers, must refresh from kernel on every query */
 		char cipher_spec[MAX_CIPHER_LEN*2+1];
 		char cipher[MAX_CIPHER_LEN];
 		char integrity_spec[MAX_INTEGRITY_LEN];
 		const char *cipher_mode;
 		unsigned int key_size;
 	} none;
@@ -1188,6 +1189,15 @@ static int _init_by_name_crypt_none(struct crypt_device *cd)
 		}
 	}
 	if (!r && tgt->u.crypt.integrity) {
 		r = snprintf(cd->u.none.integrity_spec, sizeof(cd->u.none.integrity_spec),
 			 "%s", tgt->u.crypt.integrity);
 		if (r < 0 || (size_t)r >= sizeof(cd->u.none.integrity_spec))
 			r = -EINVAL;
 		else
 			r = 0;
 	}
 	dm_targets_free(cd, &dmd);
 	return r;
 }
@@ -5267,6 +5277,9 @@ const char *crypt_get_integrity(struct crypt_device *cd)
 	if (isLUKS2(cd->type))
 		return LUKS2_get_integrity(&cd->u.luks2.hdr, CRYPT_DEFAULT_SEGMENT);
 	if (!cd->type && *cd->u.none.integrity_spec)
 		return cd->u.none.integrity_spec;
 	return NULL;
 }
@@ -5275,10 +5288,7 @@ int crypt_get_integrity_key_size(struct crypt_device *cd)
 {
 	int key_size = 0;
-	if (isINTEGRITY(cd->type))
+	if (isINTEGRITY(cd->type) || isLUKS2(cd->type) || !cd->type)
 		key_size = INTEGRITY_key_size(crypt_get_integrity(cd));
 	if (isLUKS2(cd->type))
 		key_size = INTEGRITY_key_size(crypt_get_integrity(cd));
 	return key_size > 0 ? key_size : 0;
@@ -5290,7 +5300,7 @@ int crypt_get_integrity_tag_size(struct crypt_device *cd)
 	if (isINTEGRITY(cd->type))
 		return cd->u.integrity.params.tag_size;
-	if (isLUKS2(cd->type))
+	if (isLUKS2(cd->type) || !cd->type)
 		return INTEGRITY_tag_size(crypt_get_integrity(cd),
 					  crypt_get_cipher(cd),
 					  crypt_get_cipher_mode(cd));
@@ -5756,6 +5766,11 @@ int crypt_get_integrity_info(struct crypt_device *cd,
 		ip->journal_crypt_key_size = 0;
 		ip->journal_crypt_key = NULL;
 		return 0;
 	} else if (!cd->type) {
 		memset(ip, 0, sizeof(*ip));
 		ip->integrity = crypt_get_integrity(cd);
 		ip->integrity_key_size = crypt_get_integrity_key_size(cd);
 		ip->tag_size = crypt_get_integrity_tag_size(cd);
 	}
 	return -ENOTSUP;
--- a/lib/utils_crypt.h
+++ b/lib/utils_crypt.h
@@ -33,6 +33,7 @@ struct crypt_device;
 #define MAX_CAPI_ONE_LEN     2 * MAX_CIPHER_LEN
 #define MAX_CAPI_ONE_LEN_STR "63"  /* for sscanf length + '\0' */
 #define MAX_CAPI_LEN         144   /* should be enough to fit whole capi string */
 #define MAX_INTEGRITY_LEN    64
 int crypt_parse_name_and_mode(const char *s, char *cipher,
 			      int *key_nums, char *cipher_mode);
--- a/src/cryptsetup.c
+++ b/src/cryptsetup.c
@@ -939,6 +939,8 @@ static int action_status(void)
 			log_std("  integrity: %s\n", ip.integrity);
 		if (ip.integrity_key_size)
 			log_std("  integrity keysize: %d bits\n", ip.integrity_key_size * 8);
 		if (ip.tag_size)
 			log_std("  integrity tag size: %u bytes\n", ip.tag_size);
 		device = crypt_get_device_name(cd);
 		log_std("  device:  %s\n", device);
 		if ((backing_file = crypt_loop_backing_file(device))) {
--- a/tests/luks2-integrity-test
+++ b/tests/luks2-integrity-test
@@ -152,6 +152,12 @@ intformat() # alg integrity integrity_out key_size int_key_size sector_size csum
 		[ -n "$LO_DEV" ] && status_check "device:" $LO_DEV 1
 		[ $5 -gt 0 ] && status_check "integrity keysize:" $5 1
 		int_check_sum $1 $7
 		# check status returns values even if no --header is set
 		status_check "cipher" $1
 		status_check "integrity:" $3
 		status_check "keysize:" $(($4 + $5))
 		[ -n "$LO_DEV" ] && status_check "device:" $LO_DEV
 		[ $5 -gt 0 ] && status_check "integrity keysize:" $5
 		$CRYPTSETUP close $DEV_NAME || fail "Cannot deactivate device."
 		$CRYPTSETUP luksHeaderRestore -q --header-backup-file $HEADER_IMG $DEV || fail
 		rm -f $HEADER_IMG