The device_check is done in header write functions,
but these are not recached in normal format path as wipe call
is called earlier.
Call the device check also from wipe function to get better error
description.
This situation happens for example when a block device is too small
(regular file can be enlarged by falloc(); block device cannot).
The content of LUKS header is not a key material, no need
to lock memory for possibly big header and big memory area locks.
Just ensure we wipe buffer before release of memory.
Attribute unused is useless and makes code imcomprehensible
when decorates internal functions not exposed via API.
Let's cleanup internal funtion prototypes whenever possible.
This patch removes magic for backup load that quietly
run lowecase conversion and add this possibility to repair command.
Most of crypto backends allow uppercase though.
1) Crypsetup repair should try to call crypt_repair() even
if crypt_load is ok - it has no validate system unlike LUKS2
and some errors cannot be hard load errors.
2) Move ECB fix to repair code, do not try magic on load that
no longer works.
And do not use ECB :)
Fixes: #664
We cannot trust possibly broken keyslots metadata here through LUKS_keyslots_offset().
Expect first keyslot is aligned, if not, then manual repair is neccessary.
(This situation happen if partition table signarture overwrites slot 4 area).
Also, if keyslot order is different, current repair code does not work properly
(this can happen only with downconverting LUKS2 device).
The value of vk may be NULL in _keyslot_repair. It will
be dereferenced in LUKS_generate_phdr. Check it to avoid
segfault.
Signed-off-by: Lixiaokeng <lixiaokeng@huawei.com>
Signed-off-by: Linfeilong <linfeilong@huawei.com>
If crypto backend is missing support for hash algorithms used
in PBKDF2 during slot derivatiom the fail was not visible.
Print at least error message to user in this case.
Fixes: #536
With LUKS1 we returned pbkdf values even for inactive keyslot.
Only iterations count was wrong. Remaining values are not
specific keyslot bound with LUKS1.
Fixes: #528.
Also fix LUKS1 keyslot function to proper return -ENOENT errno in this case.
This change means, that user can distinguish between bad passphrase and
no keyslot available. (But this information was avalilable with luksDump
even before the change.)
Support for multi-segment devices is requirement for online
reencryption to work. Introducing modififed dm backend that
splits data structures describing active device and individual
dm target (or segment).
The new flag is supposed to refresh (reload) active dm-crypt
mapping with new set of activation flags. CRYPT_ACTIVATE_READONLY
can not be switched for already active device.
The flag is silently ignored for tcrypt, verity and integrity
devices. LUKS2 with authenticated encryption support is added in
later commit.
The crypt_set_data_offset sets the data offset for LUKS and LUKS2 devices
to specified value in 512-byte sectors.
This value should replace alignment calculation in LUKS param structures.
All previous version of cryptsetup wiped only first 4k for LUKS1
and both JSON areas for LUKS2 (first 32k) and the allocated
keyslot area (as it contained the generated key).
Remaining areas (unused keyslots, padding, and alignment) were
not wiped and could contain some previous data.
Since this commit, the whole area up to the data offset is zeroed,
and subsequently, all keyslots areas are wiped with random data.
Only exceptions are
- padding/alignment areas for detached header
if the data offset is set to 0
- bogus LUKS1 keyslot areas (upstream code never
created such keyslots but someone could use that).
This operation could slow down luksFormat on some devices, but
it guarantees that after this operation LUKS header does not
contain any foreign data.
Move all messages to cryptsetup tools and print these
verbose messages:
- Key slot X unlocked.
- Key slot X created.
- Key slot X removed.
and
- Token X created.
- Token X removed.
Also print error, if unknown token is tried to be removed.
Some ciphers and key sizes created on-disk metadata that cannot be used.
Use the same test for length-preserving cipher as LUKS1.
Also check if key for integrity algorithm is not too small.
Fixes#373.
