eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-14 20:30:04 +01:00
Code Issues Packages Projects Releases Wiki Activity

Increase LUKS keysize if XTS mode is used (two internal keys).

Browse Source
This commit is contained in:
Milan Broz
2019-01-25 13:39:08 +01:00
parent 943cc16020
commit 46dc5beee9
2 changed files with 19 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
configure.ac
View File

@@ -564,6 +564,13 @@ CS_STR_WITH([luks1-cipher], [cipher for LUKS1], [aes])
CS_STR_WITH([luks1-mode], [cipher mode for LUKS1], [xts-plain64])
CS_NUM_WITH([luks1-keybits],[key length in bits for LUKS1], [256])
AC_ARG_ENABLE([luks_adjust_xts_keysize], AS_HELP_STRING([--disable-luks-adjust-xts-keysize],
[XTS mode requires two keys, double default LUKS keysize if needed]),
[], [enable_luks_adjust_xts_keysize=yes])
if test "x$enable_luks_adjust_xts_keysize" = "xyes"; then
AC_DEFINE(ENABLE_LUKS_ADJUST_XTS_KEYSIZE, 1, [XTS mode - double default LUKS keysize if needed])
fi
CS_STR_WITH([luks2-pbkdf], [Default PBKDF algorithm (pbkdf2 or argon2i/argon2id) for LUKS2], [argon2i])
CS_NUM_WITH([luks1-iter-time], [PBKDF2 iteration time for LUKS1 (in ms)], [2000])
CS_NUM_WITH([luks2-iter-time], [Argon2 PBKDF iteration time for LUKS2 (in ms)], [2000])

13
src/cryptsetup.c
View File

@@ -1141,6 +1141,14 @@ static int action_luksFormat(void)
goto out;
}
#ifdef ENABLE_LUKS_ADJUST_XTS_KEYSIZE
if (!opt_key_size && !strncmp(cipher_mode, "xts-", 4)) {
if (DEFAULT_LUKS1_KEYBITS == 128)
opt_key_size = 256;
else if (DEFAULT_LUKS1_KEYBITS == 256)
opt_key_size = 512;
}
#endif
keysize = (opt_key_size ?: DEFAULT_LUKS1_KEYBITS) / 8 + integrity_keysize;
if (opt_random)
@@ -2432,11 +2440,14 @@ static void help(poptContext popt_context,
log_std(_("\nDefault compiled-in device cipher parameters:\n"
"\tloop-AES: %s, Key %d bits\n"
"\tplain: %s, Key: %d bits, Password hashing: %s\n"
"\tLUKS1: %s, Key: %d bits, LUKS header hashing: %s, RNG: %s\n"),
"\tLUKS: %s, Key: %d bits, LUKS header hashing: %s, RNG: %s\n"),
DEFAULT_LOOPAES_CIPHER, DEFAULT_LOOPAES_KEYBITS,
DEFAULT_CIPHER(PLAIN), DEFAULT_PLAIN_KEYBITS, DEFAULT_PLAIN_HASH,
DEFAULT_CIPHER(LUKS1), DEFAULT_LUKS1_KEYBITS, DEFAULT_LUKS1_HASH,
DEFAULT_RNG);
#if defined(ENABLE_LUKS_ADJUST_XTS_KEYSIZE) && DEFAULT_LUKS1_KEYBITS != 512
log_std(_("\tLUKS: Default keysize with XTS mode (two internal keys) will be doubled.\n"));
#endif
exit(EXIT_SUCCESS);
} else
usage(popt_context, EXIT_SUCCESS, NULL, NULL);