eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-11 10:50:01 +01:00
Code Issues Packages Projects Releases Wiki Activity

Also support --skip option for loopaesOpen.

Browse Source 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@481 36d66b0a-2a48-0410-832c-cd162a569da5
This commit is contained in:
Milan Broz
2011-03-22 20:51:50 +00:00
parent 49ea1b69fe
commit 2072adf705
8 changed files with 44 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
ChangeLog
View File

@@ -1,3 +1,6 @@
2011-04-22 Milan Broz <mbroz@redhat.com>
* Also support --skip option for loopaesOpen.
2011-04-18 Milan Broz <mbroz@redhat.com> 2011-04-18 Milan Broz <mbroz@redhat.com>
* Respect maximum keyfile size paramater. * Respect maximum keyfile size paramater.
* Introduce maximum default keyfile size, add configure option. * Introduce maximum default keyfile size, add configure option.

1
lib/libcryptsetup.h
View File

@@ -171,6 +171,7 @@ struct crypt_params_luks1 {
struct crypt_params_loopaes { struct crypt_params_loopaes {
const char *hash; /* key hash function */ const char *hash; /* key hash function */
uint64_t offset; /* offset in sectors */ uint64_t offset; /* offset in sectors */
uint64_t skip; /* IV initilisation sector */
}; };
/** /**
* Create (format) new crypt device (and possible header on-disk) but not activates it. * Create (format) new crypt device (and possible header on-disk) but not activates it.

8
lib/loopaes/loopaes.c
View File

@@ -178,9 +178,12 @@ int LOOPAES_activate(struct crypt_device *cd,
const char *base_cipher, const char *base_cipher,
unsigned int keys_count, unsigned int keys_count,
struct volume_key *vk, struct volume_key *vk,
const char *hash,
uint64_t offset,
uint64_t skip,
uint32_t flags) uint32_t flags)
{ {
uint64_t size, offset; uint64_t size;
uint32_t req_flags; uint32_t req_flags;
char *cipher; char *cipher;
const char *device; const char *device;
@@ -188,7 +191,6 @@ int LOOPAES_activate(struct crypt_device *cd,
size = 0; size = 0;
/* Initial IV (skip) is always the same as offset */ /* Initial IV (skip) is always the same as offset */
offset = crypt_get_data_offset(cd);
device = crypt_get_device_name(cd); device = crypt_get_device_name(cd);
read_only = flags & CRYPT_ACTIVATE_READONLY; read_only = flags & CRYPT_ACTIVATE_READONLY;
@@ -210,7 +212,7 @@ int LOOPAES_activate(struct crypt_device *cd,
r = dm_create_device(name, device, r = dm_create_device(name, device,
cipher, CRYPT_LOOPAES, cipher, CRYPT_LOOPAES,
crypt_get_uuid(cd), crypt_get_uuid(cd),
size, offset, offset, vk->keylength, vk->key, size, skip, offset, vk->keylength, vk->key,
read_only, 0); read_only, 0);
if (!r && !(dm_flags() & req_flags)) { if (!r && !(dm_flags() & req_flags)) {

3
lib/loopaes/loopaes.h
View File

@@ -17,5 +17,8 @@ int LOOPAES_activate(struct crypt_device *cd,
const char *base_cipher, const char *base_cipher,
unsigned int keys_count, unsigned int keys_count,
struct volume_key *vk, struct volume_key *vk,
const char *hash,
uint64_t offset,
uint64_t skip,
uint32_t flags); uint32_t flags);
#endif #endif

6
lib/setup.c
View File

@@ -1309,6 +1309,7 @@ static int _crypt_format_loopaes(struct crypt_device *cd,
cd->loopaes_hdr.hash = strdup(params->hash); cd->loopaes_hdr.hash = strdup(params->hash);
cd->loopaes_hdr.offset = params ? params->offset : 0; cd->loopaes_hdr.offset = params ? params->offset : 0;
cd->loopaes_hdr.skip = params ? params->skip : 0;
return 0; return 0;
} }
@@ -2026,7 +2027,10 @@ int crypt_activate_by_keyfile(struct crypt_device *cd,
goto out; goto out;
if (name) if (name)
r = LOOPAES_activate(cd, name, cd->loopaes_cipher, r = LOOPAES_activate(cd, name, cd->loopaes_cipher,
key_count, vk, flags); key_count, vk, NULL,
cd->loopaes_hdr.offset,
cd->loopaes_hdr.skip,
flags);
} else } else
r = -EINVAL; r = -EINVAL;

6
man/cryptsetup.8
View File

@@ -179,7 +179,11 @@ parameters are visible in \fB\-\-help\fR output.
Use \fB\-\-offset\fR to specify device offset. Note the units need to be Use \fB\-\-offset\fR to specify device offset. Note the units need to be
specified in 512 bytes sectors. specified in 512 bytes sectors.
\fB<options>\fR can be [\-\-key-file, \-\-key-size, \-\-offset, \-\-readonly]. Use \fB\-\-skip\fR to specify IV offset. If original device used offset
and not used it in IV sector calculations, you have to explicitly use
\fB\-\-skip 0\fR in addition to offset parameter.
\fB<options>\fR can be [\-\-key-file, \-\-key-size, \-\-offset, \-\-skip, \-\-readonly].
.PP .PP
\fIloopaesClose\fR <name> \fIloopaesClose\fR <name>
.IP .IP

7
src/cryptsetup.c
View File

@@ -50,6 +50,7 @@ static int opt_key_slot = CRYPT_ANY_SLOT;
static uint64_t opt_size = 0; static uint64_t opt_size = 0;
static uint64_t opt_offset = 0; static uint64_t opt_offset = 0;
static uint64_t opt_skip = 0; static uint64_t opt_skip = 0;
static int opt_skip_valid = 0;
static int opt_readonly = 0; static int opt_readonly = 0;
static int opt_iteration_time = 1000; static int opt_iteration_time = 1000;
static int opt_batch_mode = 0; static int opt_batch_mode = 0;
@@ -290,6 +291,7 @@ static int action_loopaesOpen(int arg)
struct crypt_params_loopaes params = { struct crypt_params_loopaes params = {
.hash = opt_hash ?: NULL, // FIXME .hash = opt_hash ?: NULL, // FIXME
.offset = opt_offset, .offset = opt_offset,
.skip = opt_skip_valid ? opt_skip : opt_offset,
}; };
unsigned int key_size = (opt_key_size ?: DEFAULT_LOOPAES_KEYBITS) / 8; unsigned int key_size = (opt_key_size ?: DEFAULT_LOOPAES_KEYBITS) / 8;
int r; int r;
@@ -1157,6 +1159,7 @@ int main(int argc, char **argv)
break; break;
case 3: case 3:
opt_skip = ull_value; opt_skip = ull_value;
opt_skip_valid = 1;
break; break;
} }
@@ -1249,9 +1252,9 @@ int main(int argc, char **argv)
usage(popt_context, EXIT_FAILURE, _("Option --uuid is allowed only for luksFormat and luksUUID."), usage(popt_context, EXIT_FAILURE, _("Option --uuid is allowed only for luksFormat and luksUUID."),
poptGetInvocationName(popt_context)); poptGetInvocationName(popt_context));
if (opt_skip && strcmp(aname, "create")) if (opt_skip && strcmp(aname, "create") && strcmp(aname, "loopaesOpen"))
usage(popt_context, EXIT_FAILURE, usage(popt_context, EXIT_FAILURE,
_("Option --skip is supported only for create command.\n"), _("Option --skip is supported only for create and loopaesOpen commands.\n"),
poptGetInvocationName(popt_context)); poptGetInvocationName(popt_context));
if (opt_offset && strcmp(aname, "create") && strcmp(aname, "loopaesOpen")) if (opt_offset && strcmp(aname, "create") && strcmp(aname, "loopaesOpen"))

25
tests/loopaes-test
View File

@@ -60,16 +60,26 @@ function check_exists()
[ -b /dev/mapper/$DEV_NAME ] || fail [ -b /dev/mapper/$DEV_NAME ] || fail
} }
function get_offset_params() # $offset
{
offset=$1
if [ "${offset:0:1}" = "@" ] ; then
echo "-o $((${offset:1} / 512)) -p 0"
else
echo "-o $((offset / 512))"
fi
}
function get_expsum() # $offset function get_expsum() # $offset
{ {
case $1 in case $1 in
0) 0)
echo "31e00e0e4c233c89051cd748122fde2c98db0121ca09ba93a3820817ea037bc5" echo "31e00e0e4c233c89051cd748122fde2c98db0121ca09ba93a3820817ea037bc5"
;; ;;
8192) @8192 | 8192)
echo "bfd94392d1dd8f5d477251d21b3c736e177a4945cd4937847fc7bace82996aed" echo "bfd94392d1dd8f5d477251d21b3c736e177a4945cd4937847fc7bace82996aed"
;; ;;
8388608) @8388608 | 8388608)
echo "33838fe36928a929bd7971bed7e82bd426c88193fcd692c2e6f1b9c9bfecd4d6" echo "33838fe36928a929bd7971bed7e82bd426c88193fcd692c2e6f1b9c9bfecd4d6"
;; ;;
*) fail *) fail
@@ -84,8 +94,8 @@ function check_sum() # $key $keysize $offset
sync sync
dmremove $DEV_NAME dmremove $DEV_NAME
EXPSUM=$(get_expsum $offset) EXPSUM=$(get_expsum $3)
$CRYPTSETUP loopaesOpen $LOOPDEV $DEV_NAME -s $2 --key-file $1 -o $3 >/dev/null 2>&1 $CRYPTSETUP loopaesOpen $LOOPDEV $DEV_NAME -s $2 --key-file $1 $(get_offset_params $offset) >/dev/null 2>&1
ret=$? ret=$?
VSUM=$(sha256sum /dev/mapper/$DEV_NAME | cut -d' ' -f 1) VSUM=$(sha256sum /dev/mapper/$DEV_NAME | cut -d' ' -f 1)
if [ $ret -eq 0 -a "$VSUM" = "$EXPSUM" ] ; then if [ $ret -eq 0 -a "$VSUM" = "$EXPSUM" ] ; then
@@ -136,16 +146,15 @@ check_version || skip "Probably old kernel, test skipped."
# loop-AES tests # loop-AES tests
KEY_SIZES="128 256" KEY_SIZES="128 256"
KEY_FILES="$KEYv1 $KEYv2 $KEYv3" KEY_FILES="$KEYv1 $KEYv2 $KEYv3"
DEV_OFFSET="0 8192 8388608" DEV_OFFSET="0 8192 @8192 8388608 @8388608"
for key_size in $KEY_SIZES ; do for key_size in $KEY_SIZES ; do
for key in $KEY_FILES ; do for key in $KEY_FILES ; do
for offset in $DEV_OFFSET ; do for offset in $DEV_OFFSET ; do
offset_sec=$(($offset / 512))
prepare "Open loop-AES $key / AES-$key_size / offset $offset" prepare "Open loop-AES $key / AES-$key_size / offset $offset"
$CRYPTSETUP loopaesOpen $LOOPDEV $DEV_NAME -s $key_size --key-file $key -o $offset_sec || fail $CRYPTSETUP loopaesOpen $LOOPDEV $DEV_NAME -s $key_size --key-file $key $(get_offset_params $offset) || fail
check_exists check_exists
check_sum $key $key_size $offset_sec check_sum $key $key_size $offset
$CRYPTSETUP loopaesClose $DEV_NAME || fail $CRYPTSETUP loopaesClose $DEV_NAME || fail
check_sum_losetup $key AES$key_size $offset check_sum_losetup $key AES$key_size $offset
done done