eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-19 06:40:08 +01:00
Code Issues Packages Projects Releases Wiki Activity

Switch to use unit suffix for --reduce-device-size option.

Browse Source
This commit is contained in:
Milan Broz
2012-06-25 16:06:43 +02:00
parent fb3b62ca02
commit b684fffdaf
5 changed files with 45 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
ChangeLog
View File

@@ -1,5 +1,6 @@
2012-06-25 Milan Broz <gmazyland@gmail.com> 2012-06-25 Milan Broz <gmazyland@gmail.com>
* Add --device-size option for reencryption tool. * Add --device-size option for reencryption tool.
* Switch to use unit suffix for --reduce-device-size option.
2012-06-20 Milan Broz <gmazyland@gmail.com> 2012-06-20 Milan Broz <gmazyland@gmail.com>
* Version 1.5.0-rc2. * Version 1.5.0-rc2.

2
lib/utils_crypt.c
View File

@@ -445,7 +445,7 @@ int crypt_string_to_size(struct crypt_device *cd, const char *s, uint64_t *size)
(errno != 0 && *size == 0)) (errno != 0 && *size == 0))
return -EINVAL; return -EINVAL;
if (!endp) if (!endp || !*endp)
return 0; return 0;
len = strlen(endp); len = strlen(endp);

31
man/cryptsetup-reencrypt.8
View File

@@ -108,22 +108,6 @@ Use re-encryption block size of <value> in MiB.
Values can be between 1 and 64 MiB. Values can be between 1 and 64 MiB.
.TP .TP
.B "\-\-reduce-device-size \fInumber of 512 bytes sectors\fR"
Enlarge data offset for specified value of sectors by shrinking
device size.
This means that last sectors on the original device will be lost,
ciphertext data will be effectively shifted by specified
number of sectors.
It can be usefull if you e.g. added some space to underlying
partition (so last sectors contains no data).
WARNING: This is destructive operation and cannot be reverted.
Use with extreme care - shrinked filesystems are usually unrecoverable.
You cannot shrink device more than by 64 MiB (131072 sectors).
.TP
.B "\-\-device-size \fIsize[units]\fR" .B "\-\-device-size \fIsize[units]\fR"
Instead of real device size, use specified value. Instead of real device size, use specified value.
@@ -138,6 +122,21 @@ Unit suffix can be S for 512 byte sectors, K/M/G/T (or KiB,MiB,GiB,TiB)
for units with 1024 base or KB/MB/GB/TB for 1000 base (SI scale). for units with 1024 base or KB/MB/GB/TB for 1000 base (SI scale).
WARNING: This is destructive operation. WARNING: This is destructive operation.
.TP
.B "\-\-reduce-device-size \fIsize[units]\fR"
Enlarge data offset to specified value by shrinking device size.
This means that last sectors on the original device will be lost,
ciphertext data will be effectively shifted by specified
number of sectors.
It can be usefull if you e.g. added some space to underlying
partition (so last sectors contains no data).
For units suffix see \-\-device-size parameter description.
WARNING: This is destructive operation and cannot be reverted.
Use with extreme care - shrinked filesystems are usually unrecoverable.
You cannot shrink device more than by 64 MiB (131072 sectors). You cannot shrink device more than by 64 MiB (131072 sectors).
.TP .TP

44
src/cryptsetup_reencrypt.c
View File

@@ -23,6 +23,7 @@
#define _LARGEFILE64_SOURCE #define _LARGEFILE64_SOURCE
#define _FILE_OFFSET_BITS 64 #define _FILE_OFFSET_BITS 64
#define SECTOR_SIZE 512 #define SECTOR_SIZE 512
#define ROUND_SECTOR(x) (((x) + SECTOR_SIZE - 1) / SECTOR_SIZE)
#define NO_UUID "cafecafe-cafe-cafe-cafe-cafecafeeeee" #define NO_UUID "cafecafe-cafe-cafe-cafe-cafecafeeeee"
#define MAX_BCK_SECTORS 8192 #define MAX_BCK_SECTORS 8192
@@ -58,7 +59,6 @@ static int opt_version_mode = 0;
static int opt_random = 0; static int opt_random = 0;
static int opt_urandom = 0; static int opt_urandom = 0;
static int opt_bsize = 4; static int opt_bsize = 4;
static int opt_reduce_device_size = 0;
static int opt_directio = 0; static int opt_directio = 0;
static int opt_fsync = 0; static int opt_fsync = 0;
static int opt_write_log = 0; static int opt_write_log = 0;
@@ -67,6 +67,9 @@ static int opt_key_slot = CRYPT_ANY_SLOT;
static int opt_key_size = 0; static int opt_key_size = 0;
static int opt_new = 0; static int opt_new = 0;
static const char *opt_reduce_size_str = NULL;
static uint64_t opt_reduce_size = 0;
static const char *opt_device_size_str = NULL; static const char *opt_device_size_str = NULL;
static uint64_t opt_device_size = 0; static uint64_t opt_device_size = 0;
@@ -316,8 +319,8 @@ static int create_empty_header(const char *new_file, const char *old_file,
size = data_sector * SECTOR_SIZE; size = data_sector * SECTOR_SIZE;
/* if reducing size, be sure we have enough space */ /* if reducing size, be sure we have enough space */
if (opt_reduce_device_size) if (opt_reduce_size)
size += (opt_reduce_device_size * SECTOR_SIZE); size += opt_reduce_size;
log_dbg("Creating empty file %s of size %lu.", new_file, (unsigned long)size); log_dbg("Creating empty file %s of size %lu.", new_file, (unsigned long)size);
@@ -571,7 +574,7 @@ static int backup_luks_headers(struct reenc_ctx *rc)
params.hash = opt_hash ?: DEFAULT_LUKS1_HASH; params.hash = opt_hash ?: DEFAULT_LUKS1_HASH;
params.data_alignment = crypt_get_data_offset(cd); params.data_alignment = crypt_get_data_offset(cd);
params.data_alignment += opt_reduce_device_size; params.data_alignment += ROUND_SECTOR(opt_reduce_size);
params.data_device = rc->device; params.data_device = rc->device;
if (opt_cipher) { if (opt_cipher) {
@@ -643,7 +646,7 @@ static int backup_fake_header(struct reenc_ctx *rc)
if (r < 0) if (r < 0)
goto out; goto out;
params.data_alignment = opt_reduce_device_size; params.data_alignment = ROUND_SECTOR(opt_reduce_size);
r = create_new_header(rc, r = create_new_header(rc,
opt_cipher ? cipher : DEFAULT_LUKS1_CIPHER, opt_cipher ? cipher : DEFAULT_LUKS1_CIPHER,
opt_cipher ? cipher_mode : DEFAULT_LUKS1_MODE, opt_cipher ? cipher_mode : DEFAULT_LUKS1_MODE,
@@ -1100,7 +1103,7 @@ static int initialize_context(struct reenc_ctx *rc, const char *device)
} }
if (!rc->in_progress) { if (!rc->in_progress) {
if (!opt_reduce_device_size) if (!opt_reduce_size)
rc->reencrypt_direction = FORWARD; rc->reencrypt_direction = FORWARD;
else { else {
rc->reencrypt_direction = BACKWARD; rc->reencrypt_direction = BACKWARD;
@@ -1239,7 +1242,7 @@ int main(int argc, const char **argv)
{ "key-slot", 'S', POPT_ARG_INT, &opt_key_slot, 0, N_("Use only this slot (others will be disabled)."), NULL }, { "key-slot", 'S', POPT_ARG_INT, &opt_key_slot, 0, N_("Use only this slot (others will be disabled)."), NULL },
{ "keyfile-offset", '\0', POPT_ARG_LONG, &opt_keyfile_offset, 0, N_("Number of bytes to skip in keyfile"), N_("bytes") }, { "keyfile-offset", '\0', POPT_ARG_LONG, &opt_keyfile_offset, 0, N_("Number of bytes to skip in keyfile"), N_("bytes") },
{ "keyfile-size", 'l', POPT_ARG_LONG, &opt_keyfile_size, 0, N_("Limits the read from keyfile"), N_("bytes") }, { "keyfile-size", 'l', POPT_ARG_LONG, &opt_keyfile_size, 0, N_("Limits the read from keyfile"), N_("bytes") },
{ "reduce-device-size",'\0', POPT_ARG_INT, &opt_reduce_device_size, 0, N_("Reduce data device size (move data offset). DANGEROUS!"), N_("SECTORS") }, { "reduce-device-size",'\0', POPT_ARG_STRING, &opt_reduce_size_str, 0, N_("Reduce data device size (move data offset). DANGEROUS!"), N_("bytes") },
{ "device-size", '\0', POPT_ARG_STRING, &opt_device_size_str, 0, N_("Use only specified device size (ignore rest of device). DANGEROUS!"), N_("bytes") }, { "device-size", '\0', POPT_ARG_STRING, &opt_device_size_str, 0, N_("Use only specified device size (ignore rest of device). DANGEROUS!"), N_("bytes") },
{ "new", 'N', POPT_ARG_NONE,&opt_new, 0, N_("Create new header on not encrypted device."), NULL }, { "new", 'N', POPT_ARG_NONE,&opt_new, 0, N_("Create new header on not encrypted device."), NULL },
POPT_TABLEEND POPT_TABLEEND
@@ -1287,8 +1290,7 @@ int main(int argc, const char **argv)
poptGetInvocationName(popt_context)); poptGetInvocationName(popt_context));
if (opt_bsize < 0 || opt_key_size < 0 || opt_iteration_time < 0 || if (opt_bsize < 0 || opt_key_size < 0 || opt_iteration_time < 0 ||
opt_tries < 0 || opt_keyfile_offset < 0 || opt_key_size < 0 || opt_tries < 0 || opt_keyfile_offset < 0 || opt_key_size < 0) {
opt_reduce_device_size < 0) {
usage(popt_context, EXIT_FAILURE, usage(popt_context, EXIT_FAILURE,
_("Negative number for option not permitted."), _("Negative number for option not permitted."),
poptGetInvocationName(popt_context)); poptGetInvocationName(popt_context));
@@ -1299,11 +1301,6 @@ int main(int argc, const char **argv)
_("Only values between 1MiB and 64 MiB allowed for reencryption block size."), _("Only values between 1MiB and 64 MiB allowed for reencryption block size."),
poptGetInvocationName(popt_context)); poptGetInvocationName(popt_context));
if (opt_reduce_device_size > (64 * 1024 * 1024 / SECTOR_SIZE))
usage(popt_context, EXIT_FAILURE,
_("Maximum device reduce size is 64 MiB."),
poptGetInvocationName(popt_context));
if (opt_key_size % 8) if (opt_key_size % 8)
usage(popt_context, EXIT_FAILURE, usage(popt_context, EXIT_FAILURE,
_("Key size must be a multiple of 8 bits"), _("Key size must be a multiple of 8 bits"),
@@ -1318,15 +1315,26 @@ int main(int argc, const char **argv)
usage(popt_context, EXIT_FAILURE, _("Only one of --use-[u]random options is allowed."), usage(popt_context, EXIT_FAILURE, _("Only one of --use-[u]random options is allowed."),
poptGetInvocationName(popt_context)); poptGetInvocationName(popt_context));
if (opt_new && !opt_reduce_device_size)
usage(popt_context, EXIT_FAILURE, _("Option --new must be used together with --reduce_device_size."),
poptGetInvocationName(popt_context));
if (opt_device_size_str && if (opt_device_size_str &&
crypt_string_to_size(NULL, opt_device_size_str, &opt_device_size)) crypt_string_to_size(NULL, opt_device_size_str, &opt_device_size))
usage(popt_context, EXIT_FAILURE, _("Invalid device size specification."), usage(popt_context, EXIT_FAILURE, _("Invalid device size specification."),
poptGetInvocationName(popt_context)); poptGetInvocationName(popt_context));
if (opt_reduce_size_str &&
crypt_string_to_size(NULL, opt_reduce_size_str, &opt_reduce_size))
usage(popt_context, EXIT_FAILURE, _("Invalid device size specification."),
poptGetInvocationName(popt_context));
if (opt_reduce_size > 64 * 1024 * 1024)
usage(popt_context, EXIT_FAILURE, _("Maximum device reduce size is 64 MiB."),
poptGetInvocationName(popt_context));
if (opt_reduce_size % SECTOR_SIZE)
usage(popt_context, EXIT_FAILURE, _("Reduce size must be multiple of 512 bytes sector."),
poptGetInvocationName(popt_context));
if (opt_new && !opt_reduce_size)
usage(popt_context, EXIT_FAILURE, _("Option --new must be used together with --reduce-device-size."),
poptGetInvocationName(popt_context));
if (opt_debug) { if (opt_debug) {
opt_verbose = 1; opt_verbose = 1;
crypt_set_debug_level(-1); crypt_set_debug_level(-1);

4
tests/reencryption-compat-test
View File

@@ -105,7 +105,7 @@ check_hash "key0" $HASH1
echo "[2] Reencryption with data shift" echo "[2] Reencryption with data shift"
echo "key0" | $CRYPTSETUP -q luksFormat -s 128 -i 1 --align-payload 2048 $LOOPDEV1 || fail echo "key0" | $CRYPTSETUP -q luksFormat -s 128 -i 1 --align-payload 2048 $LOOPDEV1 || fail
wipe "key0" wipe "key0"
echo "key0" | $REENC $LOOPDEV1 -q -s 256 --reduce-device-size 1024 || fail echo "key0" | $REENC $LOOPDEV1 -q -s 256 --reduce-device-size 1024S || fail
check_hash "key0" $HASH2 check_hash "key0" $HASH2
echo "key0" | $REENC $LOOPDEV1 -q -i 1 || fail echo "key0" | $REENC $LOOPDEV1 -q -i 1 || fail
check_hash "key0" $HASH2 check_hash "key0" $HASH2
@@ -127,7 +127,7 @@ wipe_dev $LOOPDEV1
dmsetup create $DEV_NAME2 --table "0 $(($SIZE - $OFFSET)) linear $LOOPDEV1 0" || fail dmsetup create $DEV_NAME2 --table "0 $(($SIZE - $OFFSET)) linear $LOOPDEV1 0" || fail
check_hash_dev /dev/mapper/$DEV_NAME2 $HASH3 check_hash_dev /dev/mapper/$DEV_NAME2 $HASH3
dmsetup remove $DEV_NAME2 || fail dmsetup remove $DEV_NAME2 || fail
echo "key0" | $REENC $LOOPDEV1 -s 128 --new --reduce-device-size $OFFSET -q echo "key0" | $REENC $LOOPDEV1 -s 128 --new --reduce-device-size "$OFFSET"S -q
check_hash "key0" $HASH3 check_hash "key0" $HASH3
remove_mapping remove_mapping