Due to previous fix it's no longer needed to add
all keyslot area lengths and check if result sum
is lower than keyslots_size.
(We already check lower limit, upper limit and
overlapping areas)
This commit fixes two problems:
a) Replace hardcoded 16KiB metadata variant as lower limit
for keyslot area offset with current value set in config
section (already validated).
b) Replace segment offset (if not zero) as upper limit for
keyslot area offset + size with value calculated as
2 * metadata size + keyslots_size as acquired from
config section (also already validated)
Swap config and keyslot areas validation code order.
Also split original keyslots_size validation code in
between config and keyslot areas routines for furhter
changes in the code later. This commit has no funtional
impact.
Keyslot areas were validated from each keyslot
validation routine and later one more time
in general header validation routine. The call
from header validation routine is good enough.
LUKS2 specification allows various size of LUKS2 metadata.
The single metadata instance is composed of LUKS2 binary header
(4096 bytes) and immediately following json area. The resulting
assembled metadata size have to be one of following values,
all in KiB:
16, 32, 64, 128, 256, 512, 1024, 2048 or 4096
crypt segment data offset has nothing to do with encryption sector
size. The device may hint alignment offset which is completely
unrelated and LUKS2 validation blocks it.
Also rename all 'length' variable to 'size' since json
field is named size.
Make segment validation two step process. First
validate general segment object is valid and later
validate specific segment type has all necessary fields.
Without this patch older libraries won't be able to print out
(luksDump) basic information about devices created with newer
libraries.
If any segment has missing 'offset' field keyslots validation
routine could trigger segfault due to misuse of function that
expects valid 'segments' object.
Fix it by reordering validation routines.
auto-recovery triggers any time when only single correct LUKS2
header instance was found. That may be dangerous.
We should suppress auto-recovery in case blkid decided the
device is no longer LUKS device. For example if secondary (intact)
LUKS2 header was left behind and blkid declares the device is LVM2
member.
Moreover if at least one header instance is corrupted and blkid
declares device non-empty and non-LUKS in the same time, header load
operation will be aborted with error.
A keyslot not bound to any segment can store any key for any purpose.
To easily check slot status, new enum value is introduced.
This status is valid only for LUKS2, so the functions are backward compatible
with LUKS1.
various bugfixes:
- erase flags variable if no flags are stored
- do not print false debug warning
- during activation do not overwrite activation flags
with persistent flags
This fixes crypt_keyslot_add_by_key where we were unable to store
keyslot (unbound to segment) with different key_size.
The code used (new) volume key size implicitly which could be wrong
if new size was not compatible with cipher parameter for keyslot area.
with json-c until 0.12.x json_object_array_length returned signed
integer. json-c 0.13.x and later changed return type to unsigned
size_t.
Consider return values less or equal to zero as empty array, otherwise
array is non-empty.
