eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-11 19:00:02 +01:00
Code Issues Packages Projects Releases Wiki Activity

Wipe data device in crypt_format with auth. encryption.

Browse Source 
crypt_wipe_device was called incorrectly on metadata device even
though integrity header is always on data device from cryptsetup
pov. During LUKS2 crypt_format with detached header scenario we
would wiped first 8 sectors of metadata device instead of data
device.
This commit is contained in:
Ondrej Kozina
2018-08-07 14:58:38 +02:00
committed by Milan Broz
parent 0e7b068061
commit c8ce996872
1 changed files with 13 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
lib/setup.c
View File

@@ -182,6 +182,11 @@ static const char *mdata_device_path(struct crypt_device *cd)
return device_path(cd->metadata_device ?: cd->device);
}
static const char *data_device_path(struct crypt_device *cd)
{
return device_path(cd->device);
}
/* internal only */
struct device *crypt_metadata_device(struct crypt_device *cd)
{
@@ -1612,28 +1617,28 @@ static int _crypt_format_luks2(struct crypt_device *cd,
/* Wipe integrity superblock and create integrity superblock */
if (crypt_get_integrity_tag_size(cd)) {
/* FIXME: this should be locked. */
r = crypt_wipe_device(cd, crypt_metadata_device(cd), CRYPT_WIPE_ZERO,
r = crypt_wipe_device(cd, crypt_data_device(cd), CRYPT_WIPE_ZERO,
crypt_get_data_offset(cd) * SECTOR_SIZE,
8 * SECTOR_SIZE, 8 * SECTOR_SIZE, NULL, NULL);
if (r < 0) {
if (r == -EBUSY)
log_err(cd, _("Cannot format device %s which is still in use."),
mdata_device_path(cd));
data_device_path(cd));
else if (r == -EACCES) {
log_err(cd, _("Cannot format device %s, permission denied."),
mdata_device_path(cd));
data_device_path(cd));
r = -EINVAL;
} else
log_err(cd, _("Cannot wipe header on device %s."),
mdata_device_path(cd));
data_device_path(cd));
goto out;
}
r = device_write_lock(cd, crypt_metadata_device(cd));
r = device_write_lock(cd, crypt_data_device(cd));
if (r) {
log_err(cd, _("Failed to acquire write lock on device %s."),
mdata_device_path(cd));
data_device_path(cd));
r = -EINVAL;
goto out;
}
@@ -1641,9 +1646,9 @@ static int _crypt_format_luks2(struct crypt_device *cd,
r = INTEGRITY_format(cd, params ? params->integrity_params : NULL, NULL, NULL);
if (r)
log_err(cd, _("Cannot format integrity for device %s."),
mdata_device_path(cd));
data_device_path(cd));
device_write_unlock(crypt_metadata_device(cd));
device_write_unlock(crypt_data_device(cd));
}
if (r < 0)