eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-15 04:40:05 +01:00
Code Issues Packages Projects Releases Wiki Activity

cryptsetup: add support for --offset option to luksFormat.

Browse Source 
This option can replace --align-payload with absolute alignment value.
This commit is contained in:
Milan Broz
2018-11-13 14:16:27 +01:00
parent 03edcd2bfd
commit 7d8003da46
5 changed files with 43 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
man/cryptsetup.8
View File

@@ -892,7 +892,11 @@ actions.
.B "\-\-offset, \-o <number of 512 byte sectors>" .B "\-\-offset, \-o <number of 512 byte sectors>"
Start offset in the backend device in 512-byte sectors. Start offset in the backend device in 512-byte sectors.
This option is only relevant for the \fIopen\fR action with plain This option is only relevant for the \fIopen\fR action with plain
or loopaes device types. or loopaes device types or for LUKS devices in \fIluksFormat\fR.
For LUKS, the \-\-offset option sets the data offset (payload) of data
device and must be be aligned to 4096-byte sectors (must be multiple of 8).
This option cannot be combined with \-\-align\-payload option.
.TP .TP
.B "\-\-skip, \-p <number of 512 byte sectors>" .B "\-\-skip, \-p <number of 512 byte sectors>"
Start offset used in IV calculation in 512-byte sectors Start offset used in IV calculation in 512-byte sectors

17
src/cryptsetup.c
View File

@@ -1043,6 +1043,12 @@ static int action_luksFormat(void)
return r; return r;
} }
if (opt_offset) {
r = crypt_set_data_offset(cd, opt_offset);
if (r < 0)
goto out;
}
/* Print all present signatures in read-only mode */ /* Print all present signatures in read-only mode */
r = tools_detect_signatures(header_device, 0, &signatures); r = tools_detect_signatures(header_device, 0, &signatures);
if (r < 0) if (r < 0)
@@ -2638,16 +2644,21 @@ int main(int argc, const char **argv)
usage(popt_context, EXIT_FAILURE, _("Option --align-payload is allowed only for luksFormat."), usage(popt_context, EXIT_FAILURE, _("Option --align-payload is allowed only for luksFormat."),
poptGetInvocationName(popt_context)); poptGetInvocationName(popt_context));
if (opt_align_payload && opt_offset)
usage(popt_context, EXIT_FAILURE, _("Option --align-payload and --offset cannot be combined."),
poptGetInvocationName(popt_context));
if (opt_skip && (strcmp(aname, "open") || if (opt_skip && (strcmp(aname, "open") ||
(strcmp(opt_type, "plain") && strcmp(opt_type, "loopaes")))) (strcmp(opt_type, "plain") && strcmp(opt_type, "loopaes"))))
usage(popt_context, EXIT_FAILURE, usage(popt_context, EXIT_FAILURE,
_("Option --skip is supported only for open of plain and loopaes devices.\n"), _("Option --skip is supported only for open of plain and loopaes devices.\n"),
poptGetInvocationName(popt_context)); poptGetInvocationName(popt_context));
if (opt_offset && (strcmp(aname, "open") || if (opt_offset && ((strcmp(aname, "open") && strcmp(aname, "luksFormat")) ||
(strcmp(opt_type, "plain") && strcmp(opt_type, "loopaes")))) (!strcmp(aname, "open") && strcmp(opt_type, "plain") && strcmp(opt_type, "loopaes")) ||
(!strcmp(aname, "luksFormat") && strncmp(opt_type, "luks", 4))))
usage(popt_context, EXIT_FAILURE, usage(popt_context, EXIT_FAILURE,
_("Option --offset is supported only for open of plain and loopaes devices.\n"), _("Option --offset is supported only for open of plain and loopaes devices and for luksFormat.\n"),
poptGetInvocationName(popt_context)); poptGetInvocationName(popt_context));
if ((opt_tcrypt_hidden || opt_tcrypt_system || opt_tcrypt_backup) && strcmp(aname, "tcryptDump") && if ((opt_tcrypt_hidden || opt_tcrypt_system || opt_tcrypt_backup) && strcmp(aname, "tcryptDump") &&

15
src/cryptsetup_reencrypt.c
View File

@@ -78,6 +78,7 @@ struct reenc_ctx {
uint64_t device_size_org_real; uint64_t device_size_org_real;
uint64_t device_offset; uint64_t device_offset;
uint64_t device_shift; uint64_t device_shift;
uint64_t data_offset;
unsigned int stained:1; unsigned int stained:1;
unsigned int in_progress:1; unsigned int in_progress:1;
@@ -590,6 +591,12 @@ static int create_new_header(struct reenc_ctx *rc, struct crypt_device *cd_old,
goto out; goto out;
} }
r = crypt_set_data_offset(cd_new, rc->data_offset);
if (r) {
log_err(_("Failed to set data offset."));
goto out;
}
r = crypt_format(cd_new, type, cipher, cipher_mode, uuid, key, key_size, params); r = crypt_format(cd_new, type, cipher, cipher_mode, uuid, key, key_size, params);
check_signal(&r); check_signal(&r);
if (r < 0) if (r < 0)
@@ -731,14 +738,12 @@ static int backup_luks_headers(struct reenc_ctx *rc)
if (rc->reencrypt_mode == DECRYPT) if (rc->reencrypt_mode == DECRYPT)
goto out; goto out;
if ((r = create_empty_header(rc->header_file_new, rc->header_file_org, rc->data_offset = crypt_get_data_offset(cd) + ROUND_SECTOR(opt_reduce_size);
crypt_get_data_offset(cd))))
if ((r = create_empty_header(rc->header_file_new, rc->header_file_org, rc->data_offset)))
goto out; goto out;
params.hash = opt_hash ?: DEFAULT_LUKS1_HASH; params.hash = opt_hash ?: DEFAULT_LUKS1_HASH;
params.data_alignment = crypt_get_data_offset(cd);
params.data_alignment += ROUND_SECTOR(opt_reduce_size);
params2.data_alignment = params.data_alignment;
params2.data_device = params.data_device = rc->device; params2.data_device = params.data_device = rc->device;
params2.sector_size = crypt_get_sector_size(cd); params2.sector_size = crypt_get_sector_size(cd);

3
tests/compat-test
View File

@@ -678,6 +678,9 @@ echo $PWD1 | $CRYPTSETUP luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV --head
echo $PWD1 | $CRYPTSETUP luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV --header $HEADER_IMG --align-payload 1 >/dev/null 2>&1 && fail echo $PWD1 | $CRYPTSETUP luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV --header $HEADER_IMG --align-payload 1 >/dev/null 2>&1 && fail
echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV --header $HEADER_IMG --align-payload 8192 || fail echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV --header $HEADER_IMG --align-payload 8192 || fail
echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV --header $HEADER_IMG --align-payload 0 || fail echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV --header $HEADER_IMG --align-payload 0 || fail
echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV --header $HEADER_IMG --align-payload 8192 --offset 8192 >/dev/null 2>&1 && fail
echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV --header $HEADER_IMG --offset 8192 || fail
echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV --header $HEADER_IMG --offset 0 || fail
echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV --header $HEADER_IMG $DEV_NAME || fail echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV --header $HEADER_IMG $DEV_NAME || fail
$CRYPTSETUP -q resize $DEV_NAME --size 100 --header $HEADER_IMG || fail $CRYPTSETUP -q resize $DEV_NAME --size 100 --header $HEADER_IMG || fail
$CRYPTSETUP -q status $DEV_NAME --header $HEADER_IMG | grep "size:" | grep -q "100 sectors" || fail $CRYPTSETUP -q status $DEV_NAME --header $HEADER_IMG | grep "size:" | grep -q "100 sectors" || fail

11
tests/compat-test2
View File

@@ -209,6 +209,17 @@ export LANG=C
[ -z "$LOOPDEV" ] && skip "WARNING: Cannot find free loop device, test skipped." [ -z "$LOOPDEV" ] && skip "WARNING: Cannot find free loop device, test skipped."
[ -d "$LOCK_DIR" ] || skip "WARNING: LUKS2 locking directory ($LOCK_DIR) is missing, test skipped." [ -d "$LOCK_DIR" ] || skip "WARNING: LUKS2 locking directory ($LOCK_DIR) is missing, test skipped."
prepare "[1] Data offset" wipe
echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV -q --offset 1 2>/dev/null && fail
echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV -q --offset 16385 2>/dev/null && fail
echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV -q --offset 32 2>/dev/null && fail
echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV -q --align-payload 16384 --offset 16384 2>/dev/null && fail
echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV -q --offset 16384 || fail
$CRYPTSETUP -q luksDump $LOOPDEV | grep -q "offset: $((512 * 16384)) \[bytes\]" || fail
echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV -q --sector-size 1024 --offset 16384 || fail
$CRYPTSETUP -q luksDump $LOOPDEV | grep -q "offset: $((512 * 16384)) \[bytes\]" || fail
echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV -q --offset 80000 2>/dev/null && fail
prepare "[2] Sector size and old payload alignment" wipe prepare "[2] Sector size and old payload alignment" wipe
echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV -q --sector-size 511 2>/dev/null && fail echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV -q --sector-size 511 2>/dev/null && fail
echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV -q --sector-size 256 2>/dev/null && fail echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV -q --sector-size 256 2>/dev/null && fail