From 418d0684706beed56cf06affff57c9950290fc37 Mon Sep 17 00:00:00 2001 From: Milan Broz Date: Sat, 19 Sep 2020 21:23:33 +0200 Subject: [PATCH] Allow to use backup header for tcrypt format. TrueCrypt/VeraCrypt supports backup header, it seems to have the same format as normal header. Let's use --header option here, it can be used to unlock data partition with header backup (open and dump commands). Fixes: #587. --- lib/setup.c | 7 +------ man/cryptsetup.8 | 3 ++- src/cryptsetup.c | 7 ++++--- 3 files changed, 7 insertions(+), 10 deletions(-) diff --git a/lib/setup.c b/lib/setup.c index f68bdb39..c7013aae 100644 --- a/lib/setup.c +++ b/lib/setup.c @@ -657,7 +657,7 @@ int crypt_set_data_device(struct crypt_device *cd, const char *device) log_dbg(cd, "Setting ciphertext data device to %s.", device ?: "(none)"); if (!isLUKS1(cd->type) && !isLUKS2(cd->type) && !isVERITY(cd->type) && - !isINTEGRITY(cd->type)) { + !isINTEGRITY(cd->type) && !isTCRYPT(cd->type)) { log_err(cd, _("This operation is not supported for this device type.")); return -EINVAL; } @@ -845,11 +845,6 @@ static int _crypt_load_tcrypt(struct crypt_device *cd, struct crypt_params_tcryp if (!params) return -EINVAL; - if (cd->metadata_device) { - log_err(cd, _("Detached metadata device is not supported for this crypt type.")); - return -EINVAL; - } - r = init_crypto(cd); if (r < 0) return r; diff --git a/man/cryptsetup.8 b/man/cryptsetup.8 index 1107e284..5c9ca5c4 100644 --- a/man/cryptsetup.8 +++ b/man/cryptsetup.8 @@ -717,7 +717,8 @@ a mapping . \fB\fR can be [\-\-key\-file, \-\-tcrypt\-hidden, \-\-tcrypt\-system, \-\-tcrypt\-backup, \-\-readonly, \-\-test\-passphrase, -\-\-allow-discards, \-\-veracrypt, \-\-veracrypt\-pim, \-\-veracrypt\-query\-pim]. +\-\-allow-discards, \-\-veracrypt, \-\-veracrypt\-pim, \-\-veracrypt\-query\-pim, +\-\-header]. The keyfile parameter allows a combination of file content with the passphrase and can be repeated. Note that using keyfiles is compatible diff --git a/src/cryptsetup.c b/src/cryptsetup.c index 8d439096..655c15da 100644 --- a/src/cryptsetup.c +++ b/src/cryptsetup.c @@ -544,7 +544,8 @@ static int action_open_tcrypt(void) activated_name = opt_test_passphrase ? NULL : action_argv[1]; - if ((r = crypt_init(&cd, action_argv[0]))) + r = crypt_init_data_device(&cd, opt_header_device ?: action_argv[0], action_argv[0]); + if (r < 0) goto out; r = tcrypt_load(cd, ¶ms); @@ -657,8 +658,8 @@ static int action_tcryptDump(void) .veracrypt_pim = (opt_veracrypt_pim > 0) ? opt_veracrypt_pim : 0, }; int r; - - if ((r = crypt_init(&cd, action_argv[0]))) + r = crypt_init_data_device(&cd, opt_header_device ?: action_argv[0], action_argv[0]); + if (r < 0) goto out; r = tcrypt_load(cd, ¶ms);