Support keyfile offset and keyfile size option even for plain volumes.

For historic reasons, in the plain mode the hashing is not used if keyfile is used (with exception of --key-file=-). Print warning if the parameters are ignored. For other cases, uses keyfile offset, keyfile size and hash as psecified on commandline. Partially fixes issue#243
2025-12-13 03:40:05 +01:00 · 2015-02-04 15:37:41 +01:00
parent 6d51e8ab69
commit 31a4d552a2
4 changed files with 62 additions and 19 deletions
--- a/lib/utils_device.c
+++ b/lib/utils_device.c
@@ -46,6 +46,9 @@ static int device_ready(const char *device)
 	int devfd, r = 0;
 	struct stat st;

+	//FIXME: check if device allows to use O_DIRECT
+	// not only on open but also on read (with offset 0)
+
 	log_dbg("Trying to open and read device %s.", device);
 	devfd = open(device, O_RDONLY);
 	if (devfd < 0) {
--- a/man/cryptsetup.8
+++ b/man/cryptsetup.8
@@ -882,7 +882,7 @@ of the used cipher, or the size specified with \-s.
 \fBFrom stdin\fR: Reading will continue until a newline (or until
 the maximum input size is reached), with the trailing newline
 stripped. The maximum input size is defined by the same
-compiled-in default as for the maximum key file size and  can
+compiled-in default as for the maximum key file size and can
 be overwritten using \-\-keyfile-size option.

 The data read will be hashed with the default hash
@@ -904,8 +904,16 @@ less than the key size.
 \fBFrom a key file\fR: It will be truncated to the
 key size of the used cipher or the size given by \-s
 and directly used as binary key.
-if the key file is shorter than the key, cryptsetup
+
+\fBWARNING\fR: The \-\-hash argument is being ignored.
+The \-\-hash option is usable only for stdin input in plain mode.
+
+If the key file is shorter than the key, cryptsetup
 will quit with an error.
+The maximum input size is defined by the same
+compiled-in default as for the maximum key file size and can
+be overwritten using \-\-keyfile-size option.
+

 .SH NOTES ON PASSPHRASE PROCESSING FOR LUKS
 LUKS uses PBKDF2 to protect against dictionary attacks
--- a/src/cryptsetup.c
+++ b/src/cryptsetup.c
@@ -106,19 +106,9 @@ static int action_open_plain(void)
 	size_t passwordLen;
 	size_t key_size = (opt_key_size ?: DEFAULT_PLAIN_KEYBITS) / 8;
 	uint32_t activate_flags = 0;
+	int keyfile_limited = 0;
 	int r;

-	if (params.hash && !strcmp(params.hash, "plain"))
-		params.hash = NULL;
-
-	/* FIXME: temporary hack */
-	if (opt_key_file && strcmp(opt_key_file, "-"))
-		params.hash = NULL;
-
-	if ((opt_keyfile_offset || opt_keyfile_size) && opt_key_file)
-		log_std(_("Ignoring keyfile offset and size options, keyfile read "
-			 "size is always the same as encryption key size.\n"));
-
 	r = crypt_parse_name_and_mode(opt_cipher ?: DEFAULT_CIPHER(PLAIN),
 				      cipher, NULL, cipher_mode);
 	if (r < 0) {
@@ -126,6 +116,24 @@ static int action_open_plain(void)
 		goto out;
 	}

+	if (opt_key_file && strcmp(opt_key_file, "-") != 0)
+		keyfile_limited = 1;
+
+	/* FIXME: temporary hack, no hashing for keyfiles in plain mode */
+	if (opt_key_file && keyfile_limited) {
+		params.hash = NULL;
+		if (!opt_batch_mode && opt_hash)
+			log_std(_("WARNING: The --hash parameter is being ignored "
+				 "in plain mode with keyfile specified.\n"));
+	}
+
+	if (params.hash && !strcmp(params.hash, "plain"))
+		params.hash = NULL;
+
+	if (!opt_batch_mode && !params.hash && opt_key_file && keyfile_limited && opt_keyfile_size)
+		log_std(_("WARNING: The --keyfile-size option is being ignored, "
+			 "the read size is the same as the encryption key size.\n"));
+
 	if ((r = crypt_init(&cd, action_argv[0])))
 		goto out;

@@ -150,13 +158,17 @@ static int action_open_plain(void)
 	if (opt_allow_discards)
 		activate_flags |= CRYPT_ACTIVATE_ALLOW_DISCARDS;

-	if (opt_key_file)
-		/* With hashing, read the whole keyfile */
+	if (opt_key_file) {
+		/* If no hash, key is read directly, read size is always key_size
+		 * (possible opt_keyfile_size is ignored.
+		 * If hash is specified, opt_keyfile_size is applied.
+		 * The opt_keyfile_offset is applied always.
+		 */
 		r = crypt_activate_by_keyfile_offset(cd, action_argv[1],
 			CRYPT_ANY_SLOT, opt_key_file,
-			params.hash ? 0 : key_size, 0,
+			params.hash ? opt_keyfile_size : key_size, opt_keyfile_offset,
 			activate_flags);
-	else {
+	} else {
 		r = tools_get_key(_("Enter passphrase: "),
 				  &password, &passwordLen,
 				  opt_keyfile_offset, opt_keyfile_size,
--- a/tests/password-hash-test
+++ b/tests/password-hash-test
@@ -26,13 +26,14 @@ function fail()
        cleanup 2
 }

-crypt_key() # hash keysize pwd/file name outkey [limit]
+crypt_key() # hash keysize pwd/file name outkey [limit] [offset]
 {
 	DEV2=$DEV_NAME"_x"
 	LIMIT=""
 	MODE=aes-cbc-essiv:sha256
 	[ $2 -gt 256 ] && MODE=aes-xts-plain
 	[ -n "$6" ] && LIMIT="-l $6"
+	[ -n "$7" ] && LIMIT="$LIMIT --keyfile-offset $7"

 	echo -n "HASH: $1 KSIZE: $2 / $3"
 	case "$3" in
@@ -52,8 +53,12 @@ crypt_key() # hash keysize pwd/file name outkey [limit]
 		cat $4 | $CRYPTSETUP create -c $MODE -h $1 -s $2 $LIMIT $DEV2 /dev/mapper/$DEV_NAME 2>/dev/null
 		ret=$?
 		;;
+	cat-)
+		cat $4 | $CRYPTSETUP create -c $MODE -h $1 -s $2 $LIMIT $DEV2 -d - /dev/mapper/$DEV_NAME 2>/dev/null
+		ret=$?
+		;;
 	file)
-		$CRYPTSETUP create -c $MODE -d $4 -h $1 -s $2 $DEV2 /dev/mapper/$DEV_NAME 2>/dev/null
+		$CRYPTSETUP create -q -c $MODE -d $4 -h $1 -s $2 $DEV2 /dev/mapper/$DEV_NAME 2>/dev/null
 		ret=$?
 		;;
 	failpwd)
@@ -126,6 +131,7 @@ echo -n -e "0123456789abcdef\n\x01\x00\x03\xff\xff\r\xff\xff\n\r" \
 	   "2352j3rkjhadcfasc823rqaw7e1 3dq sdq3d 2dkjqw3h2=====" >$KEY_FILE
 KEY_FILE_HEX="303132333435363738396162636465660a010003ffff0dffff0a0d20323335326a33726b6a686164636661736338323372716177376531203364712073647133"

+# ignore hash if keyfile is specified
 crypt_key ripemd160 256 file $KEY_FILE ${KEY_FILE_HEX:0:64}
 crypt_key sha256    256 file $KEY_FILE ${KEY_FILE_HEX:0:64}
 crypt_key sha256    128 file $KEY_FILE ${KEY_FILE_HEX:0:32}
@@ -134,8 +140,22 @@ crypt_key sha256    512 file $KEY_FILE $KEY_FILE_HEX
 # stdin can be limited
 crypt_key plain     128 cat /dev/zero 00000000000000000000000000000000 16
 crypt_key plain     128 cat /dev/zero 00000000000000000000000000000000 17
+
+# read key only up to \n
 crypt_key plain     128 cat $KEY_FILE ${KEY_FILE_HEX:0:28}0000 14

+# read full key, ignore keyfile length
+crypt_key plain     128 cat- $KEY_FILE ${KEY_FILE_HEX:0:32}
+crypt_key plain     128 cat- $KEY_FILE ${KEY_FILE_HEX:0:32} 14
+
+# but do not ignore hash if keysgfile is "-"
+crypt_key sha256    128 cat- $KEY_FILE f3b827c8a6f159ad8c8ed5bd5ab3f8c5
+crypt_key sha256    128 cat- $KEY_FILE f3b827c8a6f159ad8c8ed5bd5ab3f8c5 0
+crypt_key sha256    128 cat- $KEY_FILE f3b827c8a6f159ad8c8ed5bd5ab3f8c5 80
+crypt_key sha256    128 cat- $KEY_FILE a82c9227cc54c7475620ce85ba1fca1e 14
+crypt_key sha256    128 cat- $KEY_FILE 7df3f4a41a33805596be85c781cac3b4 14 2
+crypt_key sha256    128 cat- $KEY_FILE ebbe65a178e886ddbb778e0a5538db72 40 40
+
 # limiting plain (no hash)
 crypt_key plain   256     pwd "xxxxxxxx" 7878787878787878000000000000000000000000000000000000000000000000
 crypt_key plain:2 256     pwd "xxxxxxxx" 7878000000000000000000000000000000000000000000000000000000000000