eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-11 10:50:01 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix offset error in decryption hotzone.

Browse Source 
The hotzone segment offset has to be altered
accordingly no matter the segment type.

Note for testing: This feature is currently
blocked in cli but it should be tested via
API tests anyway.
This commit is contained in:
Ondrej Kozina
2021-08-30 16:25:25 +02:00
parent fd18e0b1c9
commit ce704859b8
2 changed files with 19 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
lib/luks2/luks2_reencrypt.c
View File

@@ -1834,6 +1834,9 @@ static int reencrypt_make_targets(struct crypt_device *cd,
return -EINVAL;
}
if (reenc_seg)
segment_offset -= crypt_get_data_offset(cd);
if (!strcmp(json_segment_type(jobj), "crypt")) {
vk = crypt_volume_key_by_id(vks, reenc_seg ? LUKS2_reencrypt_digest_new(hdr) : LUKS2_digest_by_segment(hdr, s));
if (!vk) {
@@ -1841,9 +1844,6 @@ static int reencrypt_make_targets(struct crypt_device *cd,
return -EINVAL;
}
if (reenc_seg)
segment_offset -= crypt_get_data_offset(cd);
r = dm_crypt_target_set(result, segment_start, segment_size,
reenc_seg ? hz_device : crypt_data_device(cd),
vk,

16
tests/api-test-2.c
View File

@@ -4319,6 +4319,22 @@ static void Luks2Reencryption(void)
OK_(crypt_reencrypt_run(cd, NULL, NULL));
CRYPT_FREE(cd);
/* decryption forward (online) */
OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
params2.data_device = NULL;
OK_(crypt_format(cd, CRYPT_LUKS2, "aes", "cbc-essiv:sha256", NULL, NULL, 32, &params2));
OK_(crypt_set_pbkdf_type(cd, &pbkdf));
EQ_(crypt_keyslot_add_by_volume_key(cd, 6, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 6);
EQ_(crypt_activate_by_passphrase(cd, CDEVICE_2, 6, PASSPHRASE, strlen(PASSPHRASE), 0), 6);
memset(&rparams, 0, sizeof(rparams));
rparams.mode = CRYPT_REENCRYPT_DECRYPT;
rparams.direction = CRYPT_REENCRYPT_FORWARD;
rparams.resilience = "none";
rparams.max_hotzone_size = 2048;
OK_(crypt_reencrypt_init_by_passphrase(cd, CDEVICE_2, PASSPHRASE, strlen(PASSPHRASE), 6, CRYPT_ANY_SLOT, NULL, NULL, &rparams));
OK_(crypt_reencrypt_run(cd, NULL, NULL));
CRYPT_FREE(cd);
/* decryption with data shift */
OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
params2.data_device = NULL;