eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-14 12:20:00 +01:00
Code Issues Packages Projects Releases Wiki Activity

Increase LUKS keysize if XTS mode is used (two internal keys).

Browse Source
This commit is contained in:
Milan Broz
2019-01-25 13:39:08 +01:00
parent 943cc16020
commit 46dc5beee9
2 changed files with 19 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
src/cryptsetup.c
View File

@@ -1141,6 +1141,14 @@ static int action_luksFormat(void)
goto out;
}
#ifdef ENABLE_LUKS_ADJUST_XTS_KEYSIZE
if (!opt_key_size && !strncmp(cipher_mode, "xts-", 4)) {
if (DEFAULT_LUKS1_KEYBITS == 128)
opt_key_size = 256;
else if (DEFAULT_LUKS1_KEYBITS == 256)
opt_key_size = 512;
}
#endif
keysize = (opt_key_size ?: DEFAULT_LUKS1_KEYBITS) / 8 + integrity_keysize;
if (opt_random)
@@ -2432,11 +2440,14 @@ static void help(poptContext popt_context,
log_std(_("\nDefault compiled-in device cipher parameters:\n"
"\tloop-AES: %s, Key %d bits\n"
"\tplain: %s, Key: %d bits, Password hashing: %s\n"
"\tLUKS1: %s, Key: %d bits, LUKS header hashing: %s, RNG: %s\n"),
"\tLUKS: %s, Key: %d bits, LUKS header hashing: %s, RNG: %s\n"),
DEFAULT_LOOPAES_CIPHER, DEFAULT_LOOPAES_KEYBITS,
DEFAULT_CIPHER(PLAIN), DEFAULT_PLAIN_KEYBITS, DEFAULT_PLAIN_HASH,
DEFAULT_CIPHER(LUKS1), DEFAULT_LUKS1_KEYBITS, DEFAULT_LUKS1_HASH,
DEFAULT_RNG);
#if defined(ENABLE_LUKS_ADJUST_XTS_KEYSIZE) && DEFAULT_LUKS1_KEYBITS != 512
log_std(_("\tLUKS: Default keysize with XTS mode (two internal keys) will be doubled.\n"));
#endif
exit(EXIT_SUCCESS);
} else
usage(popt_context, EXIT_SUCCESS, NULL, NULL);