eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-14 12:20:00 +01:00
Code Issues Packages Projects Releases Wiki Activity

Change reencryption mode parameter type to enum.

Browse Source
This commit is contained in:
Ondrej Kozina
2019-08-01 14:06:09 +02:00
committed by Milan Broz
parent b96ce0b764
commit b3af88708d
7 changed files with 99 additions and 75 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
lib/libcryptsetup.h
View File

@@ -2135,11 +2135,20 @@ typedef enum {
CRYPT_REENCRYPT_BACKWARD /**< backward direction */
} crypt_reencrypt_direction_info;
/**
* Reencryption mode
*/
typedef enum {
CRYPT_REENCRYPT_REENCRYPT = 0, /**< Reencryption mode */
CRYPT_REENCRYPT_ENCRYPT, /**< Encryption mode */
CRYPT_REENCRYPT_DECRYPT, /**< Decryption mode */
} crypt_reencrypt_mode_info;
/**
* LUKS2 reencryption options.
*/
struct crypt_params_reencrypt {
const char *mode; /**< Mode as "encrypt" / "reencrypt" / "decrypt", immutable after first init. */
crypt_reencrypt_mode_info mode; /**< Reencryption mode, immutable after first init. */
crypt_reencrypt_direction_info direction; /**< Reencryption direction, immutable after first init. */
const char *resilience; /**< Resilience mode: "none", "checksum", "journal" or "shift" (only "shift" is immutable after init) */
const char *hash; /**< Used hash for "checksum" resilience type, ignored otherwise. */

5
lib/luks2/luks2.h
View File

@@ -157,8 +157,7 @@ struct luks2_reenc_context {
bool online;
bool fixed_length;
crypt_reencrypt_direction_info direction;
enum { REENCRYPT = 0, ENCRYPT, DECRYPT } type;
crypt_reencrypt_mode_info mode;
char *device_name;
char *hotzone_name;
@@ -429,7 +428,7 @@ int LUKS2_reencrypt_digest_old(struct luks2_hdr *hdr);
const char *LUKS2_reencrypt_protection_type(struct luks2_hdr *hdr);
const char *LUKS2_reencrypt_protection_hash(struct luks2_hdr *hdr);
uint64_t LUKS2_reencrypt_data_shift(struct luks2_hdr *hdr);
const char *LUKS2_reencrypt_mode(struct luks2_hdr *hdr);
crypt_reencrypt_mode_info LUKS2_reencrypt_mode(struct luks2_hdr *hdr);
crypt_reencrypt_direction_info LUKS2_reencrypt_direction(struct luks2_hdr *hdr);
int LUKS2_reencrypt_data_offset(struct luks2_hdr *hdr, bool blockwise);

12
lib/luks2/luks2_internal.h
View File

@@ -195,4 +195,16 @@ int LUKS2_check_cipher(struct crypt_device *cd,
size_t keylength,
const char *cipher,
const char *cipher_mode);
static inline const char *crypt_reencrypt_mode_to_str(crypt_reencrypt_mode_info mi)
{
if (mi == CRYPT_REENCRYPT_REENCRYPT)
return "reencrypt";
if (mi == CRYPT_REENCRYPT_ENCRYPT)
return "encrypt";
if (mi == CRYPT_REENCRYPT_DECRYPT)
return "decrypt";
return "<unknown>";
}
#endif

2
lib/luks2/luks2_keyslot_reenc.c
View File

@@ -77,7 +77,7 @@ int reenc_keyslot_alloc(struct crypt_device *cd,
json_object_object_add(jobj_keyslot, "type", json_object_new_string("reencrypt"));
json_object_object_add(jobj_keyslot, "key_size", json_object_new_int(1)); /* useless but mandatory */
json_object_object_add(jobj_keyslot, "mode", json_object_new_string(params->mode));
json_object_object_add(jobj_keyslot, "mode", json_object_new_string(crypt_reencrypt_mode_to_str(params->mode)));
if (params->direction == CRYPT_REENCRYPT_FORWARD)
json_object_object_add(jobj_keyslot, "direction", json_object_new_string("forward"));
else if (params->direction == CRYPT_REENCRYPT_BACKWARD)

123
lib/luks2/luks2_reencrypt.c
View File

@@ -291,15 +291,15 @@ static json_object *LUKS2_create_segment_new(struct crypt_device *cd,
uint64_t iv_offset,
const uint64_t *segment_length)
{
switch (rh->type) {
case REENCRYPT:
case ENCRYPT:
switch (rh->mode) {
case CRYPT_REENCRYPT_REENCRYPT:
case CRYPT_REENCRYPT_ENCRYPT:
return json_segment_create_crypt(data_offset + segment_offset,
crypt_get_iv_offset(cd) + (iv_offset >> SECTOR_SHIFT),
segment_length,
LUKS2_reencrypt_segment_cipher_new(hdr),
LUKS2_reencrypt_get_sector_size_new(hdr), 0);
case DECRYPT:
case CRYPT_REENCRYPT_DECRYPT:
return json_segment_create_linear(data_offset + segment_offset, segment_length, 0);
}
@@ -399,15 +399,15 @@ static json_object *LUKS2_create_segment_reenc(struct crypt_device *cd,
uint64_t iv_offset,
const uint64_t *segment_length)
{
switch (rh->type) {
case REENCRYPT:
case ENCRYPT:
switch (rh->mode) {
case CRYPT_REENCRYPT_REENCRYPT:
case CRYPT_REENCRYPT_ENCRYPT:
return json_segment_create_crypt(data_offset + segment_offset,
crypt_get_iv_offset(cd) + (iv_offset >> SECTOR_SHIFT),
segment_length,
LUKS2_reencrypt_segment_cipher_new(hdr),
LUKS2_reencrypt_get_sector_size_new(hdr), 1);
case DECRYPT:
case CRYPT_REENCRYPT_DECRYPT:
return json_segment_create_linear(data_offset + segment_offset, segment_length, 1);
}
@@ -423,9 +423,9 @@ static json_object *LUKS2_create_segment_old(struct crypt_device *cd,
{
json_object *jobj_old_seg = NULL;
switch (rh->type) {
case REENCRYPT:
case DECRYPT:
switch (rh->mode) {
case CRYPT_REENCRYPT_REENCRYPT:
case CRYPT_REENCRYPT_DECRYPT:
jobj_old_seg = json_segment_create_crypt(data_offset + segment_offset,
crypt_get_iv_offset(cd) + (segment_offset >> SECTOR_SHIFT),
segment_length,
@@ -433,7 +433,7 @@ static json_object *LUKS2_create_segment_old(struct crypt_device *cd,
LUKS2_reencrypt_get_sector_size_old(hdr),
0);
break;
case ENCRYPT:
case CRYPT_REENCRYPT_ENCRYPT:
jobj_old_seg = json_segment_create_linear(data_offset + segment_offset, segment_length, 0);
}
@@ -539,7 +539,8 @@ static int LUKS2_reenc_create_segments_pre(struct crypt_device *cd,
{
rh->jobj_segs_pre = NULL;
if (rh->type == ENCRYPT && rh->direction == CRYPT_REENCRYPT_BACKWARD && rh->data_shift && rh->jobj_segment_moved) {
if (rh->mode == CRYPT_REENCRYPT_ENCRYPT && rh->direction == CRYPT_REENCRYPT_BACKWARD &&
rh->data_shift && rh->jobj_segment_moved) {
log_dbg(cd, "Calculating hot segments for encryption with data move.");
rh->jobj_segs_pre = _enc_create_segments_shift_pre(cd, hdr, rh, data_offset);
} else if (rh->direction == CRYPT_REENCRYPT_FORWARD) {
@@ -560,7 +561,8 @@ static int LUKS2_reenc_create_segments_after(struct crypt_device *cd,
{
rh->jobj_segs_after = NULL;
if (rh->type == ENCRYPT && rh->direction == CRYPT_REENCRYPT_BACKWARD && rh->data_shift && rh->jobj_segment_moved) {
if (rh->mode == CRYPT_REENCRYPT_ENCRYPT && rh->direction == CRYPT_REENCRYPT_BACKWARD &&
rh->data_shift && rh->jobj_segment_moved) {
log_dbg(cd, "Calculating 'after' segments for encryption with data move.");
rh->jobj_segs_after = _enc_create_segments_shift_after(cd, hdr, rh, data_offset);
} else if (rh->direction == CRYPT_REENCRYPT_FORWARD) {
@@ -609,18 +611,26 @@ uint64_t LUKS2_reencrypt_data_shift(struct luks2_hdr *hdr)
return json_object_get_uint64(jobj_data_shift);
}
const char *LUKS2_reencrypt_mode(struct luks2_hdr *hdr)
crypt_reencrypt_mode_info LUKS2_reencrypt_mode(struct luks2_hdr *hdr)
{
const char *mode;
crypt_reencrypt_mode_info mi = CRYPT_REENCRYPT_REENCRYPT;
json_object *jobj_keyslot, *jobj_mode;
int ks = LUKS2_find_keyslot(hdr, "reencrypt");
if (ks < 0)
return NULL;
jobj_keyslot = LUKS2_get_keyslot_jobj(hdr, LUKS2_find_keyslot(hdr, "reencrypt"));
if (!jobj_keyslot)
return mi;
jobj_keyslot = LUKS2_get_keyslot_jobj(hdr, ks);
json_object_object_get_ex(jobj_keyslot, "mode", &jobj_mode);
mode = json_object_get_string(jobj_mode);
return json_object_get_string(jobj_mode);
/* validation enforces allowed values */
if (!strcmp(mode, "encrypt"))
mi = CRYPT_REENCRYPT_ENCRYPT;
else if (!strcmp(mode, "decrypt"))
mi = CRYPT_REENCRYPT_DECRYPT;
return mi;
}
crypt_reencrypt_direction_info LUKS2_reencrypt_direction(struct luks2_hdr *hdr)
@@ -807,7 +817,11 @@ static int _offset_backward(struct luks2_hdr *hdr, json_object *jobj_segments, u
/* must be always relative to data offset */
/* the LUKS2 header MUST be valid */
static int LUKS2_get_reencrypt_offset(struct luks2_hdr *hdr, crypt_reencrypt_direction_info di, uint64_t device_size, uint64_t *reencrypt_length, uint64_t *offset)
static int LUKS2_get_reencrypt_offset(struct luks2_hdr *hdr,
crypt_reencrypt_direction_info di,
uint64_t device_size,
uint64_t *reencrypt_length,
uint64_t *offset)
{
int sg;
json_object *jobj_segments;
@@ -827,7 +841,8 @@ static int LUKS2_get_reencrypt_offset(struct luks2_hdr *hdr, crypt_reencrypt_dir
if (di == CRYPT_REENCRYPT_FORWARD)
return _offset_forward(hdr, jobj_segments, offset);
else if (di == CRYPT_REENCRYPT_BACKWARD) {
if (!strcmp(LUKS2_reencrypt_mode(hdr), "encrypt") && LUKS2_get_segment_id_by_flag(hdr, "backup-moved-segment") >= 0)
if (LUKS2_reencrypt_mode(hdr) == CRYPT_REENCRYPT_ENCRYPT &&
LUKS2_get_segment_id_by_flag(hdr, "backup-moved-segment") >= 0)
return _offset_backward_moved(hdr, jobj_segments, reencrypt_length, data_shift, offset);
return _offset_backward(hdr, jobj_segments, device_size, reencrypt_length, offset);
}
@@ -867,14 +882,7 @@ static int _reenc_load(struct crypt_device *cd, struct luks2_hdr *hdr, struct lu
if (LUKS2_keyslot_area(hdr, rh->reenc_keyslot, &dummy, &area_length) < 0)
return -EINVAL;
if (!strcmp(LUKS2_reencrypt_mode(hdr), "reencrypt"))
rh->type = REENCRYPT;
else if (!strcmp(LUKS2_reencrypt_mode(hdr), "encrypt"))
rh->type = ENCRYPT;
else if (!strcmp(LUKS2_reencrypt_mode(hdr), "decrypt")) {
rh->type = DECRYPT;
} else
return -ENOTSUP;
rh->mode = LUKS2_reencrypt_mode(hdr);
rh->alignment = _reenc_alignment(cd, hdr);
if (!rh->alignment)
@@ -1262,14 +1270,14 @@ static int _reenc_recover(struct crypt_device *cd,
return -EINVAL;
vk_new = crypt_volume_key_by_id(vks, rh->digest_new);
if (!vk_new && rh->type != DECRYPT)
if (!vk_new && rh->mode != CRYPT_REENCRYPT_DECRYPT)
return -EINVAL;
vk_old = crypt_volume_key_by_id(vks, rh->digest_old);
if (!vk_old && rh->type != ENCRYPT)
if (!vk_old && rh->mode != CRYPT_REENCRYPT_ENCRYPT)
return -EINVAL;
old_sector_size = json_segment_get_sector_size(LUKS2_reencrypt_segment_old(hdr));
new_sector_size = json_segment_get_sector_size(LUKS2_reencrypt_segment_new(hdr));
if (rh->type == DECRYPT)
if (rh->mode == CRYPT_REENCRYPT_DECRYPT)
crash_iv_offset = rh->offset >> SECTOR_SHIFT; /* TODO: + old iv_tweak */
else
crash_iv_offset = json_segment_get_iv_offset(json_segments_get_segment(rh->jobj_segs_pre, rseg));
@@ -1551,7 +1559,7 @@ static int _assign_segments_simple(struct crypt_device *cd,
for (sg = 0; sg < LUKS2_segments_count(hdr); sg++) {
if (LUKS2_segment_is_type(hdr, sg, "crypt") &&
LUKS2_digest_segment_assign(cd, hdr, sg, rh->type == ENCRYPT ? rh->digest_new : rh->digest_old, 1, 0)) {
LUKS2_digest_segment_assign(cd, hdr, sg, rh->mode == CRYPT_REENCRYPT_ENCRYPT ? rh->digest_new : rh->digest_old, 1, 0)) {
log_dbg(cd, "Failed to assign digest %u to segment %u.", rh->digest_new, sg);
return -EINVAL;
}
@@ -1570,13 +1578,13 @@ static int reenc_assign_segments(struct crypt_device *cd,
int rseg, scount, r = -EINVAL;
/* FIXME: validate in reencrypt context load */
if (rh->digest_new < 0 && rh->type != DECRYPT)
if (rh->digest_new < 0 && rh->mode != CRYPT_REENCRYPT_DECRYPT)
return -EINVAL;
if (LUKS2_digest_segment_assign(cd, hdr, CRYPT_ANY_SEGMENT, CRYPT_ANY_DIGEST, 0, 0))
return -EINVAL;
if (rh->type == ENCRYPT || rh->type == DECRYPT)
if (rh->mode == CRYPT_REENCRYPT_ENCRYPT || rh->mode == CRYPT_REENCRYPT_DECRYPT)
return _assign_segments_simple(cd, hdr, rh, pre, commit);
if (pre && rh->jobj_segs_pre) {
@@ -2125,13 +2133,13 @@ static int _create_backup_segments(struct crypt_device *cd,
uint32_t sector_size = params->luks2 ? params->luks2->sector_size : SECTOR_SIZE;
uint64_t segment_offset, tmp, data_shift = params->data_shift << SECTOR_SHIFT;
if (strcmp(params->mode, "decrypt")) {
if (params->mode != CRYPT_REENCRYPT_DECRYPT) {
digest_new = LUKS2_digest_by_keyslot(hdr, keyslot_new);
if (digest_new < 0)
return -EINVAL;
}
if (strcmp(params->mode, "encrypt")) {
if (params->mode != CRYPT_REENCRYPT_ENCRYPT) {
digest_old = LUKS2_digest_by_segment(hdr, CRYPT_DEFAULT_SEGMENT);
if (digest_old < 0)
return -EINVAL;
@@ -2141,7 +2149,8 @@ static int _create_backup_segments(struct crypt_device *cd,
if (segment < 0)
return -EINVAL;
if (!strcmp(params->mode, "encrypt") && (params->flags & CRYPT_REENCRYPT_MOVE_FIRST_SEGMENT)) {
if (params->mode == CRYPT_REENCRYPT_ENCRYPT &&
(params->flags & CRYPT_REENCRYPT_MOVE_FIRST_SEGMENT)) {
json_object_copy(LUKS2_get_segment_jobj(hdr, 0), &jobj_segment_bcp);
r = LUKS2_segment_set_flag(jobj_segment_bcp, "backup-moved-segment");
if (r)
@@ -2153,7 +2162,7 @@ static int _create_backup_segments(struct crypt_device *cd,
/* FIXME: Add detection for case (digest old == digest new && old segment == new segment) */
if (digest_old >= 0)
json_object_copy(LUKS2_get_segment_jobj(hdr, CRYPT_DEFAULT_SEGMENT), &jobj_segment_old);
else if (!strcmp(params->mode, "encrypt")) {
else if (params->mode == CRYPT_REENCRYPT_ENCRYPT) {
r = LUKS2_get_data_size(hdr, &tmp, NULL);
if (r)
goto err;
@@ -2176,14 +2185,15 @@ static int _create_backup_segments(struct crypt_device *cd,
if (digest_new >= 0) {
segment_offset = data_offset;
if (strcmp(params->mode, "encrypt") && modify_offset(&segment_offset, data_shift, params->direction)) {
if (params->mode != CRYPT_REENCRYPT_ENCRYPT &&
modify_offset(&segment_offset, data_shift, params->direction)) {
r = -EINVAL;
goto err;
}
jobj_segment_new = json_segment_create_crypt(segment_offset,
crypt_get_iv_offset(cd),
NULL, cipher, sector_size, 0);
} else if (!strcmp(params->mode, "decrypt")) {
} else if (params->mode == CRYPT_REENCRYPT_DECRYPT) {
segment_offset = data_offset;
if (modify_offset(&segment_offset, data_shift, params->direction)) {
r = -EINVAL;
@@ -2206,8 +2216,9 @@ static int _create_backup_segments(struct crypt_device *cd,
LUKS2_digest_segment_assign(cd, hdr, segment, digest_new, 1, 0);
/* FIXME: also check occupied space by keyslot in shrunk area */
if (params->direction == CRYPT_REENCRYPT_FORWARD && data_shift && (crypt_metadata_device(cd) == crypt_data_device(cd))
&& LUKS2_set_keyslots_size(cd, hdr, json_segment_get_offset(LUKS2_reencrypt_segment_new(hdr), 0))) {
if (params->direction == CRYPT_REENCRYPT_FORWARD && data_shift &&
crypt_metadata_device(cd) == crypt_data_device(cd) &&
LUKS2_set_keyslots_size(cd, hdr, json_segment_get_offset(LUKS2_reencrypt_segment_new(hdr), 0))) {
log_err(cd, _("Failed to set new keyslots area size."));
r = -EINVAL;
goto err;
@@ -2220,12 +2231,6 @@ err:
return r;
}
static int parse_reencryption_mode(const char *mode)
{
return (!mode ||
(strcmp(mode, "reencrypt") && strcmp(mode, "encrypt") && strcmp(mode, "decrypt")));
}
/* This function must be called with metadata lock held */
static int _reencrypt_init(struct crypt_device *cd,
const char *name,
@@ -2249,13 +2254,15 @@ static int _reencrypt_init(struct crypt_device *cd,
.flags = CRYPT_ACTIVATE_SHARED /* turn off exclusive open checks */
};
if (!params || parse_reencryption_mode(params->mode))
if (!params || params->mode > CRYPT_REENCRYPT_DECRYPT)
return -EINVAL;
if (strcmp(params->mode, "decrypt") && (!params->luks2 || !(cipher && cipher_mode) || keyslot_new < 0))
if (params->mode != CRYPT_REENCRYPT_DECRYPT &&
(!params->luks2 || !(cipher && cipher_mode) || keyslot_new < 0))
return -EINVAL;
log_dbg(cd, "Initializing reencryption (mode: %s) in LUKS2 metadata.", params->mode);
log_dbg(cd, "Initializing reencryption (mode: %s) in LUKS2 metadata.",
crypt_reencrypt_mode_to_str(params->mode));
move_first_segment = (params->flags & CRYPT_REENCRYPT_MOVE_FIRST_SEGMENT);
@@ -2326,7 +2333,7 @@ static int _reencrypt_init(struct crypt_device *cd,
}
}
if (!strcmp(params->mode, "encrypt")) {
if (params->mode == CRYPT_REENCRYPT_ENCRYPT) {
/* in-memory only */
r = _encrypt_set_segments(cd, hdr, dev_size, params->data_shift << SECTOR_SHIFT, move_first_segment, params->direction);
if (r)
@@ -2348,7 +2355,7 @@ static int _reencrypt_init(struct crypt_device *cd,
if (r < 0)
goto err;
if (name && strcmp(params->mode, "encrypt")) {
if (name && params->mode != CRYPT_REENCRYPT_ENCRYPT) {
r = LUKS2_verify_and_upload_keys(cd, hdr, LUKS2_reencrypt_digest_old(hdr), LUKS2_reencrypt_digest_new(hdr), *vks);
if (r)
goto err;
@@ -2449,7 +2456,7 @@ static int _update_reencrypt_context(struct crypt_device *cd,
return -EINVAL;
if (rh->direction == CRYPT_REENCRYPT_BACKWARD) {
if (rh->data_shift && rh->type == ENCRYPT /* && moved segment */) {
if (rh->data_shift && rh->mode == CRYPT_REENCRYPT_ENCRYPT) {
if (rh->offset)
rh->offset -= rh->data_shift;
if (rh->offset && (rh->offset < rh->data_shift)) {
@@ -2999,8 +3006,8 @@ static reenc_status_t _reencrypt_step(struct crypt_device *cd,
log_dbg(cd, "Reencrypting chunk starting at offset: %" PRIu64 ", size :%" PRIu64 ".", rh->offset, rh->length);
log_dbg(cd, "data_offset: %" PRIu64, crypt_get_data_offset(cd) << SECTOR_SHIFT);
/* FIXME: moved segment only case */
if (!rh->offset && rh->type == ENCRYPT && rh->data_shift && rh->jobj_segment_moved) {
if (!rh->offset && rh->mode == CRYPT_REENCRYPT_ENCRYPT && rh->data_shift &&
rh->jobj_segment_moved) {
crypt_storage_wrapper_destroy(rh->cw1);
log_dbg(cd, "Reinitializing old segment storage wrapper for moved segment.");
r = crypt_storage_wrapper_init(cd, &rh->cw1, crypt_data_device(cd),

6
src/cryptsetup.c
View File

@@ -2586,7 +2586,7 @@ static int action_encrypt_luks2(struct crypt_device **cd)
.sector_size = opt_sector_size ?: SECTOR_SIZE
};
struct crypt_params_reencrypt params = {
.mode = "encrypt",
.mode = CRYPT_REENCRYPT_ENCRYPT,
.direction = opt_data_shift < 0 ? CRYPT_REENCRYPT_BACKWARD : CRYPT_REENCRYPT_FORWARD,
.resilience = opt_resilience_mode,
.hash = opt_resilience_hash,
@@ -2748,7 +2748,7 @@ static int action_decrypt_luks2(struct crypt_device *cd)
char dm_name[PATH_MAX], *password = NULL;
const char *active_name = NULL;
struct crypt_params_reencrypt params = {
.mode = "decrypt",
.mode = CRYPT_REENCRYPT_DECRYPT,
.direction = opt_data_shift > 0 ? CRYPT_REENCRYPT_FORWARD : CRYPT_REENCRYPT_BACKWARD,
.resilience = opt_data_shift ? "datashift" : opt_resilience_mode,
.hash = opt_resilience_hash,
@@ -2961,7 +2961,7 @@ static int action_reencrypt_luks2(struct crypt_device *cd)
struct keyslot_passwords *kp;
struct crypt_params_luks2 luks2_params = {};
struct crypt_params_reencrypt params = {
.mode = "reencrypt",
.mode = CRYPT_REENCRYPT_REENCRYPT,
.direction = opt_data_shift < 0 ? CRYPT_REENCRYPT_BACKWARD : CRYPT_REENCRYPT_FORWARD,
.resilience = opt_data_shift ? "datashift" : opt_resilience_mode,
.hash = opt_resilience_hash,

15
tests/api-test-2.c
View File

@@ -3617,7 +3617,6 @@ static void Luks2Reencryption(void)
.sector_size = 4096
};
struct crypt_params_reencrypt retparams = {}, rparams = {
.mode = "reencrypt",
.direction = CRYPT_REENCRYPT_FORWARD,
.resilience = "checksum",
.hash = "sha1",
@@ -3666,7 +3665,7 @@ static void Luks2Reencryption(void)
/* check reencrypt status is correct */
EQ_(crypt_reencrypt_status(cd, &retparams), CRYPT_REENCRYPT_CLEAN);
OK_(strcmp(retparams.mode, "reencrypt"));
EQ_(retparams.mode, CRYPT_REENCRYPT_REENCRYPT);
EQ_(retparams.direction, CRYPT_REENCRYPT_FORWARD);
EQ_(retparams.data_shift, 0);
EQ_(retparams.device_size, 0);
@@ -3885,7 +3884,6 @@ static void Luks2Reencryption(void)
EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 0);
EQ_(crypt_keyslot_add_by_key(cd, 1, NULL, 64, PASSPHRASE, strlen(PASSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 1);
memset(&rparams, 0, sizeof(rparams));
rparams.mode = "reencrypt";
rparams.direction = CRYPT_REENCRYPT_BACKWARD;
rparams.resilience = "datashift";
rparams.data_shift = 8;
@@ -3894,7 +3892,7 @@ static void Luks2Reencryption(void)
EQ_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 0, 1, "aes", "xts-plain64", &rparams), 2);
EQ_(crypt_reencrypt_status(cd, &retparams), CRYPT_REENCRYPT_CLEAN);
EQ_(retparams.data_shift, 8);
OK_(strcmp(retparams.mode, "reencrypt"));
EQ_(retparams.mode, CRYPT_REENCRYPT_REENCRYPT);
OK_(strcmp(retparams.resilience, "datashift"));
EQ_(crypt_get_data_offset(cd), 32776);
rparams.flags = CRYPT_REENCRYPT_RESUME_ONLY;
@@ -3927,7 +3925,7 @@ static void Luks2Reencryption(void)
EQ_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 1, 0, "aes", "xts-plain64", &rparams), 2);
EQ_(crypt_reencrypt_status(cd, &retparams), CRYPT_REENCRYPT_CLEAN);
EQ_(retparams.data_shift, 8);
OK_(strcmp(retparams.mode, "reencrypt"));
EQ_(retparams.mode, CRYPT_REENCRYPT_REENCRYPT);
OK_(strcmp(retparams.resilience, "datashift"));
EQ_(crypt_get_data_offset(cd), 32760);
rparams.flags = CRYPT_REENCRYPT_RESUME_ONLY;
@@ -3949,7 +3947,6 @@ static void Luks2Reencryption(void)
OK_(crypt_set_pbkdf_type(cd, &pbkdf));
EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 0);
EQ_(crypt_keyslot_add_by_key(cd, 1, NULL, 64, PASSPHRASE, strlen(PASSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 1);
rparams.mode = "reencrypt";
rparams.direction = CRYPT_REENCRYPT_BACKWARD;
rparams.resilience = "datashift";
rparams.data_shift = 8;
@@ -3977,7 +3974,7 @@ static void Luks2Reencryption(void)
memset(&rparams, 0, sizeof(rparams));
params2.sector_size = 512;
params2.data_device = DMDIR L_DEVICE_OK;
rparams.mode = "encrypt";
rparams.mode = CRYPT_REENCRYPT_ENCRYPT;
rparams.direction = CRYPT_REENCRYPT_BACKWARD;
rparams.resilience = "datashift";
rparams.data_shift = 8192;
@@ -3994,7 +3991,7 @@ static void Luks2Reencryption(void)
OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
EQ_(crypt_reencrypt_status(cd, &retparams), CRYPT_REENCRYPT_CLEAN);
OK_(strcmp(retparams.mode, "encrypt"));
EQ_(retparams.mode, CRYPT_REENCRYPT_ENCRYPT);
OK_(strcmp(retparams.resilience, "datashift"));
EQ_(retparams.data_shift, 8192);
EQ_(retparams.flags & CRYPT_REENCRYPT_MOVE_FIRST_SEGMENT, CRYPT_REENCRYPT_MOVE_FIRST_SEGMENT);
@@ -4034,7 +4031,7 @@ static void Luks2Reencryption(void)
memset(&rparams, 0, sizeof(rparams));
params2.sector_size = 512;
params2.data_device = DMDIR L_DEVICE_OK;
rparams.mode = "encrypt";
rparams.mode = CRYPT_REENCRYPT_ENCRYPT;
rparams.direction = CRYPT_REENCRYPT_BACKWARD;
rparams.resilience = "datashift";
rparams.data_shift = 8200;