eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-14 20:30:04 +01:00
Code Issues Packages Projects Releases Wiki Activity

Do not create excessively large headers.

Browse Source 
When creating LUKS2 header with specified --offset much larger
then LUKS2 header size we needlessly also wipe (allocate up to
--offset) much larger file than needed.
This commit is contained in:
Ondrej Kozina
2020-06-16 12:21:29 +02:00
committed by Milan Broz
parent ac535923e0
commit a15008d876
4 changed files with 10 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/luks2/luks2.h
View File

@@ -523,7 +523,7 @@ int LUKS2_check_metadata_area_size(uint64_t metadata_size);
int LUKS2_check_keyslots_area_size(uint64_t keyslots_size); int LUKS2_check_keyslots_area_size(uint64_t keyslots_size);
int LUKS2_wipe_header_areas(struct crypt_device *cd, int LUKS2_wipe_header_areas(struct crypt_device *cd,
struct luks2_hdr *hdr); struct luks2_hdr *hdr, bool detached_header);
uint64_t LUKS2_get_data_offset(struct luks2_hdr *hdr); uint64_t LUKS2_get_data_offset(struct luks2_hdr *hdr);
int LUKS2_get_data_size(struct luks2_hdr *hdr, uint64_t *size, bool *dynamic); int LUKS2_get_data_size(struct luks2_hdr *hdr, uint64_t *size, bool *dynamic);

4
lib/luks2/luks2_json_format.c
View File

@@ -337,7 +337,7 @@ err:
} }
int LUKS2_wipe_header_areas(struct crypt_device *cd, int LUKS2_wipe_header_areas(struct crypt_device *cd,
struct luks2_hdr *hdr) struct luks2_hdr *hdr, bool detached_header)
{ {
int r; int r;
uint64_t offset, length; uint64_t offset, length;
@@ -352,7 +352,7 @@ int LUKS2_wipe_header_areas(struct crypt_device *cd,
return -EINVAL; return -EINVAL;
/* On detached header wipe at least the first 4k */ /* On detached header wipe at least the first 4k */
if (length == 0) { if (detached_header) {
length = 4096; length = 4096;
wipe_block = 4096; wipe_block = 4096;
} }

2
lib/setup.c
View File

@@ -1874,7 +1874,7 @@ static int _crypt_format_luks2(struct crypt_device *cd,
goto out; goto out;
} }
r = LUKS2_wipe_header_areas(cd, &cd->u.luks2.hdr); r = LUKS2_wipe_header_areas(cd, &cd->u.luks2.hdr, cd->metadata_device != NULL);
if (r < 0) { if (r < 0) {
log_err(cd, _("Cannot wipe header on device %s."), log_err(cd, _("Cannot wipe header on device %s."),
mdata_device_path(cd)); mdata_device_path(cd));

6
tests/compat-test2
View File

@@ -713,6 +713,12 @@ $CRYPTSETUP luksDump _fakedev_ --header $HEADER_IMG | grep -q "5: luks2" || fail
$CRYPTSETUP luksKillSlot -q _fakedev_ --header $HEADER_IMG 5 || fail $CRYPTSETUP luksKillSlot -q _fakedev_ --header $HEADER_IMG 5 || fail
$CRYPTSETUP luksDump _fakedev_ --header $HEADER_IMG | grep -q "5: luks2" && fail $CRYPTSETUP luksDump _fakedev_ --header $HEADER_IMG | grep -q "5: luks2" && fail
echo $PWD1 | $CRYPTSETUP open --test-passphrase $HEADER_IMG || fail echo $PWD1 | $CRYPTSETUP open --test-passphrase $HEADER_IMG || fail
rm $HEADER_IMG || fail
# create exactly 16 MiBs LUKS2 header
echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV --header $HEADER_IMG --luks2-keyslots-size 16352k --luks2-metadata-size 16k --offset 131072 >/dev/null || fail
SIZE=$(stat --printf=%s $HEADER_IMG)
test $SIZE -eq 16777216 || fail
$CRYPTSETUP -q luksDump $HEADER_IMG | grep -q "offset: $((512 * 131072)) \[bytes\]" || fail
prepare "[29] Repair metadata" wipe prepare "[29] Repair metadata" wipe
xz -dk $HEADER_LUKS2_PV.xz xz -dk $HEADER_LUKS2_PV.xz