eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-20 15:20:07 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix offset option for loopaesOpen.

Browse Source 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@476 36d66b0a-2a48-0410-832c-cd162a569da5
This commit is contained in:
Milan Broz
2011-03-21 17:48:30 +00:00
parent 4382e21610
commit bce295738b
5 changed files with 71 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
ChangeLog
View File

@@ -2,6 +2,7 @@
* Respect maximum keyfile size paramater. * Respect maximum keyfile size paramater.
* Introduce maximum default keyfile size, add configure option. * Introduce maximum default keyfile size, add configure option.
* Require the whole key read from keyfile in create command (broken in 1.2.0). * Require the whole key read from keyfile in create command (broken in 1.2.0).
* Fix offset option for loopaesOpen.
2011-04-14 Milan Broz <mbroz@redhat.com> 2011-04-14 Milan Broz <mbroz@redhat.com>
* Version 1.3.0-rc1. * Version 1.3.0-rc1.

3
lib/loopaes/loopaes.c
View File

@@ -186,6 +186,7 @@ int LOOPAES_activate(struct crypt_device *cd,
int read_only, r; int read_only, r;
size = 0; size = 0;
/* Initial IV (skip) is always the same as offset */
offset = crypt_get_data_offset(cd); offset = crypt_get_data_offset(cd);
device = crypt_get_device_name(cd); device = crypt_get_device_name(cd);
read_only = flags & CRYPT_ACTIVATE_READONLY; read_only = flags & CRYPT_ACTIVATE_READONLY;
@@ -205,7 +206,7 @@ int LOOPAES_activate(struct crypt_device *cd,
r = dm_create_device(name, device, r = dm_create_device(name, device,
cipher, CRYPT_LOOPAES, cipher, CRYPT_LOOPAES,
crypt_get_uuid(cd), crypt_get_uuid(cd),
size, 0, offset, vk->keylength, vk->key, size, offset, offset, vk->keylength, vk->key,
read_only, 0); read_only, 0);
if (!r && keys_count != 1 && !(dm_flags() & DM_LMK_SUPPORTED)) { if (!r && keys_count != 1 && !(dm_flags() & DM_LMK_SUPPORTED)) {

9
man/cryptsetup.8
View File

@@ -173,8 +173,11 @@ N.B. If key file is in GPG encrypted format, you have to use
\-\-key-file=- and decrypt it before use. \-\-key-file=- and decrypt it before use.
gpg --decrypt <keyfile> | cryptsetup loopaesOpen \-\-key-file=- <device> <name> gpg --decrypt <keyfile> | cryptsetup loopaesOpen \-\-key-file=- <device> <name>
Use \-\-key-file to specify proper key length, default compiled-in Use \fB\-\-key-file\fR to specify proper key length, default compiled-in
parameters are visible in \-\-help output. parameters are visible in \fB\-\-help\fR output.
Use \fB\-\-offset\fR to specify device offset. Note the units need to be
specified in 512 bytes sectors.
\fB<options>\fR can be [\-\-key-file, \-\-key-size, \-\-offset, \-\-readonly]. \fB<options>\fR can be [\-\-key-file, \-\-key-size, \-\-offset, \-\-readonly].
.PP .PP
@@ -295,7 +298,7 @@ This option is only relevant for \fIcreate\fR and \fIresize\fR action.
.TP .TP
.B "\-\-offset, \-o" .B "\-\-offset, \-o"
start offset in the backend device (in 512-byte sectors). start offset in the backend device (in 512-byte sectors).
This option is only relevant for \fIcreate\fR action. This option is only relevant for \fIcreate\fR and \fIloopaesOpen\fR action.
.TP .TP
.B "\-\-skip, \-p" .B "\-\-skip, \-p"
how many sectors of the encrypted data to skip at the beginning. how many sectors of the encrypted data to skip at the beginning.

12
src/cryptsetup.c
View File

@@ -1249,9 +1249,15 @@ int main(int argc, char **argv)
usage(popt_context, EXIT_FAILURE, _("Option --uuid is allowed only for luksFormat and luksUUID."), usage(popt_context, EXIT_FAILURE, _("Option --uuid is allowed only for luksFormat and luksUUID."),
poptGetInvocationName(popt_context)); poptGetInvocationName(popt_context));
if ((opt_offset || opt_skip) && strcmp(aname, "create")) if (opt_skip && strcmp(aname, "create"))
usage(popt_context, EXIT_FAILURE, _("Options --offset and --skip are supported only for create command.\n"), usage(popt_context, EXIT_FAILURE,
poptGetInvocationName(popt_context)); _("Option --skip is supported only for create command.\n"),
poptGetInvocationName(popt_context));
if (opt_offset && strcmp(aname, "create") && strcmp(aname, "loopaesOpen"))
usage(popt_context, EXIT_FAILURE,
_("Option --offset is supported only for create and loopaesOpen commands.\n"),
poptGetInvocationName(popt_context));
if (opt_debug) { if (opt_debug) {
opt_verbose = 1; opt_verbose = 1;

85
tests/loopaes-test
View File

@@ -3,10 +3,9 @@
CRYPTSETUP=../src/cryptsetup CRYPTSETUP=../src/cryptsetup
# try to validate using loop-AES losetup/kernel if available # try to validate using loop-AES losetup/kernel if available
LOSETUP_AES=/losetup-aes LOSETUP_AES=/losetup-aes.old
LOOP_DD_PARAM="bs=1k count=10000" LOOP_DD_PARAM="bs=1k count=10000"
EXPSUM="31e00e0e4c233c89051cd748122fde2c98db0121ca09ba93a3820817ea037bc5"
DEV_NAME=dummy DEV_NAME=dummy
IMG=loopaes.img IMG=loopaes.img
KEYv1=key_v1 KEYv1=key_v1
@@ -61,23 +60,41 @@ function check_exists()
[ -b /dev/mapper/$DEV_NAME ] || fail [ -b /dev/mapper/$DEV_NAME ] || fail
} }
function check_sum() # $key $keysize function get_expsum() # $offset
{ {
# Fill device with zeroes and reopen it case $1 in
dd if=/dev/zero of=/dev/mapper/$DEV_NAME bs=1k $LOOP_DD_PARAM >/dev/null 2>&1 0)
sync echo "31e00e0e4c233c89051cd748122fde2c98db0121ca09ba93a3820817ea037bc5"
dmremove $DEV_NAME ;;
8192)
echo "bfd94392d1dd8f5d477251d21b3c736e177a4945cd4937847fc7bace82996aed"
;;
8388608)
echo "33838fe36928a929bd7971bed7e82bd426c88193fcd692c2e6f1b9c9bfecd4d6"
;;
*) fail
;;
esac
}
$CRYPTSETUP loopaesOpen $LOOPDEV $DEV_NAME -s $2 --key-file $1 >/dev/null 2>&1 function check_sum() # $key $keysize $offset
ret=$? {
VSUM=$(sha256sum /dev/mapper/$DEV_NAME | cut -d' ' -f 1) # Fill device with zeroes and reopen it
if [ $ret -eq 0 -a "$VSUM" = "$EXPSUM" ] ; then dd if=/dev/zero of=/dev/mapper/$DEV_NAME bs=1k $LOOP_DD_PARAM >/dev/null 2>&1
echo -n "[OK]" sync
else dmremove $DEV_NAME
echo "[FAIL]"
echo " Expecting $EXPSUM got $VSUM." EXPSUM=$(get_expsum $offset)
fail $CRYPTSETUP loopaesOpen $LOOPDEV $DEV_NAME -s $2 --key-file $1 -o $3 >/dev/null 2>&1
fi ret=$?
VSUM=$(sha256sum /dev/mapper/$DEV_NAME | cut -d' ' -f 1)
if [ $ret -eq 0 -a "$VSUM" = "$EXPSUM" ] ; then
echo -n "[OK]"
else
echo "[FAIL]"
echo " Expecting $EXPSUM got $VSUM."
fail
fi
} }
function check_sum_losetup() # $key $alg function check_sum_losetup() # $key $alg
@@ -87,16 +104,16 @@ function check_sum_losetup() # $key $alg
echo -n " Verification using loop-AES: " echo -n " Verification using loop-AES: "
losetup -d $LOOPDEV >/dev/null 2>&1 losetup -d $LOOPDEV >/dev/null 2>&1
cat $1 | $LOSETUP_AES -p 0 -e $2 $LOOPDEV $IMG cat $1 | $LOSETUP_AES -p 0 -e $2 -o $3 $LOOPDEV $IMG
ret=$? ret=$?
VSUM=$(sha256sum $LOOPDEV | cut -d' ' -f 1) VSUM=$(sha256sum $LOOPDEV | cut -d' ' -f 1)
if [ $ret -eq 0 -a "$VSUM" = "$EXPSUM" ] ; then if [ $ret -eq 0 -a "$VSUM" = "$EXPSUM" ] ; then
echo "[OK]" echo "[OK]"
else else
echo "[FAIL]" echo "[FAIL]"
echo " Expecting $EXPSUM got $VSUM (loop-AES)." echo " Expecting $EXPSUM got $VSUM (loop-AES)."
fail fail
fi fi
losetup -d $LOOPDEV >/dev/null 2>&1 losetup -d $LOOPDEV >/dev/null 2>&1
} }
@@ -119,16 +136,20 @@ check_version || skip "Probably old kernel, test skipped."
# loop-AES tests # loop-AES tests
KEY_SIZES="128 256" KEY_SIZES="128 256"
KEY_FILES="$KEYv1 $KEYv2 $KEYv3" KEY_FILES="$KEYv1 $KEYv2 $KEYv3"
DEV_OFFSET="0 8192 8388608"
for key_size in $KEY_SIZES ; do for key_size in $KEY_SIZES ; do
for key in $KEY_FILES ; do for key in $KEY_FILES ; do
prepare "Open loop-AES $key / AES-$key_size" for offset in $DEV_OFFSET ; do
$CRYPTSETUP loopaesOpen $LOOPDEV $DEV_NAME -s $key_size --key-file $key || fail offset_sec=$(($offset / 512))
prepare "Open loop-AES $key / AES-$key_size / offset $offset"
$CRYPTSETUP loopaesOpen $LOOPDEV $DEV_NAME -s $key_size --key-file $key -o $offset_sec || fail
check_exists check_exists
check_sum $key $key_size check_sum $key $key_size $offset_sec
$CRYPTSETUP loopaesClose $DEV_NAME || fail $CRYPTSETUP loopaesClose $DEV_NAME || fail
check_sum_losetup $key AES$key_size check_sum_losetup $key AES$key_size $offset
done done
done
done done
remove_mapping remove_mapping