mirror of
https://gitlab.com/cryptsetup/cryptsetup.git
synced 2025-12-11 19:00:02 +01:00
Also support --skip option for loopaesOpen.
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@481 36d66b0a-2a48-0410-832c-cd162a569da5
This commit is contained in:
Milan Broz
@@ -1,3 +1,6 @@
|
||||
2011-04-22 Milan Broz <mbroz@redhat.com>
|
||||
* Also support --skip option for loopaesOpen.
|
||||
|
||||
2011-04-18 Milan Broz <mbroz@redhat.com>
|
||||
* Respect maximum keyfile size paramater.
|
||||
* Introduce maximum default keyfile size, add configure option.
|
||||
|
||||
@@ -171,6 +171,7 @@ struct crypt_params_luks1 {
|
||||
struct crypt_params_loopaes {
|
||||
const char *hash; /* key hash function */
|
||||
uint64_t offset; /* offset in sectors */
|
||||
uint64_t skip; /* IV initilisation sector */
|
||||
};
|
||||
/**
|
||||
* Create (format) new crypt device (and possible header on-disk) but not activates it.
|
||||
|
||||
@@ -178,9 +178,12 @@ int LOOPAES_activate(struct crypt_device *cd,
|
||||
const char *base_cipher,
|
||||
unsigned int keys_count,
|
||||
struct volume_key *vk,
|
||||
const char *hash,
|
||||
uint64_t offset,
|
||||
uint64_t skip,
|
||||
uint32_t flags)
|
||||
{
|
||||
uint64_t size, offset;
|
||||
uint64_t size;
|
||||
uint32_t req_flags;
|
||||
char *cipher;
|
||||
const char *device;
|
||||
@@ -188,7 +191,6 @@ int LOOPAES_activate(struct crypt_device *cd,
|
||||
|
||||
size = 0;
|
||||
/* Initial IV (skip) is always the same as offset */
|
||||
offset = crypt_get_data_offset(cd);
|
||||
device = crypt_get_device_name(cd);
|
||||
read_only = flags & CRYPT_ACTIVATE_READONLY;
|
||||
|
||||
@@ -210,7 +212,7 @@ int LOOPAES_activate(struct crypt_device *cd,
|
||||
r = dm_create_device(name, device,
|
||||
cipher, CRYPT_LOOPAES,
|
||||
crypt_get_uuid(cd),
|
||||
size, offset, offset, vk->keylength, vk->key,
|
||||
size, skip, offset, vk->keylength, vk->key,
|
||||
read_only, 0);
|
||||
|
||||
if (!r && !(dm_flags() & req_flags)) {
|
||||
|
||||
@@ -17,5 +17,8 @@ int LOOPAES_activate(struct crypt_device *cd,
|
||||
const char *base_cipher,
|
||||
unsigned int keys_count,
|
||||
struct volume_key *vk,
|
||||
const char *hash,
|
||||
uint64_t offset,
|
||||
uint64_t skip,
|
||||
uint32_t flags);
|
||||
#endif
|
||||
|
||||
@@ -1309,6 +1309,7 @@ static int _crypt_format_loopaes(struct crypt_device *cd,
|
||||
cd->loopaes_hdr.hash = strdup(params->hash);
|
||||
|
||||
cd->loopaes_hdr.offset = params ? params->offset : 0;
|
||||
cd->loopaes_hdr.skip = params ? params->skip : 0;
|
||||
|
||||
return 0;
|
||||
}
|
||||
@@ -2026,7 +2027,10 @@ int crypt_activate_by_keyfile(struct crypt_device *cd,
|
||||
goto out;
|
||||
if (name)
|
||||
r = LOOPAES_activate(cd, name, cd->loopaes_cipher,
|
||||
key_count, vk, flags);
|
||||
key_count, vk, NULL,
|
||||
cd->loopaes_hdr.offset,
|
||||
cd->loopaes_hdr.skip,
|
||||
flags);
|
||||
} else
|
||||
r = -EINVAL;
|
||||
|
||||
|
||||
@@ -179,7 +179,11 @@ parameters are visible in \fB\-\-help\fR output.
|
||||
Use \fB\-\-offset\fR to specify device offset. Note the units need to be
|
||||
specified in 512 bytes sectors.
|
||||
|
||||
\fB<options>\fR can be [\-\-key-file, \-\-key-size, \-\-offset, \-\-readonly].
|
||||
Use \fB\-\-skip\fR to specify IV offset. If original device used offset
|
||||
and not used it in IV sector calculations, you have to explicitly use
|
||||
\fB\-\-skip 0\fR in addition to offset parameter.
|
||||
|
||||
\fB<options>\fR can be [\-\-key-file, \-\-key-size, \-\-offset, \-\-skip, \-\-readonly].
|
||||
.PP
|
||||
\fIloopaesClose\fR <name>
|
||||
.IP
|
||||
|
||||
@@ -50,6 +50,7 @@ static int opt_key_slot = CRYPT_ANY_SLOT;
|
||||
static uint64_t opt_size = 0;
|
||||
static uint64_t opt_offset = 0;
|
||||
static uint64_t opt_skip = 0;
|
||||
static int opt_skip_valid = 0;
|
||||
static int opt_readonly = 0;
|
||||
static int opt_iteration_time = 1000;
|
||||
static int opt_batch_mode = 0;
|
||||
@@ -290,6 +291,7 @@ static int action_loopaesOpen(int arg)
|
||||
struct crypt_params_loopaes params = {
|
||||
.hash = opt_hash ?: NULL, // FIXME
|
||||
.offset = opt_offset,
|
||||
.skip = opt_skip_valid ? opt_skip : opt_offset,
|
||||
};
|
||||
unsigned int key_size = (opt_key_size ?: DEFAULT_LOOPAES_KEYBITS) / 8;
|
||||
int r;
|
||||
@@ -1157,6 +1159,7 @@ int main(int argc, char **argv)
|
||||
break;
|
||||
case 3:
|
||||
opt_skip = ull_value;
|
||||
opt_skip_valid = 1;
|
||||
break;
|
||||
}
|
||||
|
||||
@@ -1249,9 +1252,9 @@ int main(int argc, char **argv)
|
||||
usage(popt_context, EXIT_FAILURE, _("Option --uuid is allowed only for luksFormat and luksUUID."),
|
||||
poptGetInvocationName(popt_context));
|
||||
|
||||
if (opt_skip && strcmp(aname, "create"))
|
||||
if (opt_skip && strcmp(aname, "create") && strcmp(aname, "loopaesOpen"))
|
||||
usage(popt_context, EXIT_FAILURE,
|
||||
_("Option --skip is supported only for create command.\n"),
|
||||
_("Option --skip is supported only for create and loopaesOpen commands.\n"),
|
||||
poptGetInvocationName(popt_context));
|
||||
|
||||
if (opt_offset && strcmp(aname, "create") && strcmp(aname, "loopaesOpen"))
|
||||
|
||||
@@ -60,16 +60,26 @@ function check_exists()
|
||||
[ -b /dev/mapper/$DEV_NAME ] || fail
|
||||
}
|
||||
|
||||
function get_offset_params() # $offset
|
||||
{
|
||||
offset=$1
|
||||
if [ "${offset:0:1}" = "@" ] ; then
|
||||
echo "-o $((${offset:1} / 512)) -p 0"
|
||||
else
|
||||
echo "-o $((offset / 512))"
|
||||
fi
|
||||
}
|
||||
|
||||
function get_expsum() # $offset
|
||||
{
|
||||
case $1 in
|
||||
0)
|
||||
echo "31e00e0e4c233c89051cd748122fde2c98db0121ca09ba93a3820817ea037bc5"
|
||||
;;
|
||||
8192)
|
||||
@8192 | 8192)
|
||||
echo "bfd94392d1dd8f5d477251d21b3c736e177a4945cd4937847fc7bace82996aed"
|
||||
;;
|
||||
8388608)
|
||||
@8388608 | 8388608)
|
||||
echo "33838fe36928a929bd7971bed7e82bd426c88193fcd692c2e6f1b9c9bfecd4d6"
|
||||
;;
|
||||
*) fail
|
||||
@@ -84,8 +94,8 @@ function check_sum() # $key $keysize $offset
|
||||
sync
|
||||
dmremove $DEV_NAME
|
||||
|
||||
EXPSUM=$(get_expsum $offset)
|
||||
$CRYPTSETUP loopaesOpen $LOOPDEV $DEV_NAME -s $2 --key-file $1 -o $3 >/dev/null 2>&1
|
||||
EXPSUM=$(get_expsum $3)
|
||||
$CRYPTSETUP loopaesOpen $LOOPDEV $DEV_NAME -s $2 --key-file $1 $(get_offset_params $offset) >/dev/null 2>&1
|
||||
ret=$?
|
||||
VSUM=$(sha256sum /dev/mapper/$DEV_NAME | cut -d' ' -f 1)
|
||||
if [ $ret -eq 0 -a "$VSUM" = "$EXPSUM" ] ; then
|
||||
@@ -136,16 +146,15 @@ check_version || skip "Probably old kernel, test skipped."
|
||||
# loop-AES tests
|
||||
KEY_SIZES="128 256"
|
||||
KEY_FILES="$KEYv1 $KEYv2 $KEYv3"
|
||||
DEV_OFFSET="0 8192 8388608"
|
||||
DEV_OFFSET="0 8192 @8192 8388608 @8388608"
|
||||
|
||||
for key_size in $KEY_SIZES ; do
|
||||
for key in $KEY_FILES ; do
|
||||
for offset in $DEV_OFFSET ; do
|
||||
offset_sec=$(($offset / 512))
|
||||
prepare "Open loop-AES $key / AES-$key_size / offset $offset"
|
||||
$CRYPTSETUP loopaesOpen $LOOPDEV $DEV_NAME -s $key_size --key-file $key -o $offset_sec || fail
|
||||
$CRYPTSETUP loopaesOpen $LOOPDEV $DEV_NAME -s $key_size --key-file $key $(get_offset_params $offset) || fail
|
||||
check_exists
|
||||
check_sum $key $key_size $offset_sec
|
||||
check_sum $key $key_size $offset
|
||||
$CRYPTSETUP loopaesClose $DEV_NAME || fail
|
||||
check_sum_losetup $key AES$key_size $offset
|
||||
done
|
||||
|
||||
Reference in New Issue
Block a user