Commit 03edcd2b authored by Milan Broz's avatar Milan Broz

Add crypt_set_data_offset API function.

The crypt_set_data_offset sets the data offset for LUKS and LUKS2 devices
to specified value in 512-byte sectors.

This value should replace alignment calculation in LUKS param structures.
parent a9d3f483
...@@ -148,8 +148,29 @@ void crypt_set_confirm_callback(struct crypt_device *cd, ...@@ -148,8 +148,29 @@ void crypt_set_confirm_callback(struct crypt_device *cd,
* @param cd crypt device handle * @param cd crypt device handle
* @param device path to device * @param device path to device
* *
* @returns 0 on success or negative errno value otherwise.
*/ */
int crypt_set_data_device(struct crypt_device *cd, const char *device); int crypt_set_data_device(struct crypt_device *cd, const char *device);
/**
* Set data device offset in 512-byte sectors.
* Used for LUKS.
* This function is replacement for data alignment fields in LUKS param struct.
* If set to 0 (default), old behaviour is preserved.
* This value is reset on @link crypt_load @endlink.
*
* @param cd crypt device handle
* @param data_offset data offset in bytes
*
* @returns 0 on success or negative errno value otherwise.
*
* @note Data offset must be aligned to multiple of 8 (alignment to 4096-byte sectors)
* and must be big enough to accomodate the whole LUKS header with all keyslots.
* @note Data offset is enforced by this function, device topology
* information is no longer used after calling this function.
*/
int crypt_set_data_offset(struct crypt_device *cd, uint64_t data_offset);
/** @} */ /** @} */
/** /**
......
...@@ -69,6 +69,7 @@ CRYPTSETUP_2.0 { ...@@ -69,6 +69,7 @@ CRYPTSETUP_2.0 {
crypt_get_cipher_mode; crypt_get_cipher_mode;
crypt_get_integrity_info; crypt_get_integrity_info;
crypt_get_uuid; crypt_get_uuid;
crypt_set_data_offset;
crypt_get_data_offset; crypt_get_data_offset;
crypt_get_iv_offset; crypt_get_iv_offset;
crypt_get_volume_key_size; crypt_get_volume_key_size;
......
...@@ -417,8 +417,7 @@ static int _keyslot_repair(struct luks_phdr *phdr, struct crypt_device *ctx) ...@@ -417,8 +417,7 @@ static int _keyslot_repair(struct luks_phdr *phdr, struct crypt_device *ctx)
/* payloadOffset - cannot check */ /* payloadOffset - cannot check */
r = LUKS_generate_phdr(&temp_phdr, vk, phdr->cipherName, phdr->cipherMode, r = LUKS_generate_phdr(&temp_phdr, vk, phdr->cipherName, phdr->cipherMode,
phdr->hashSpec,phdr->uuid, LUKS_STRIPES, phdr->hashSpec,phdr->uuid, LUKS_STRIPES,
phdr->payloadOffset, 0, phdr->payloadOffset * SECTOR_SIZE, 0, true, ctx);
1, ctx);
if (r < 0) if (r < 0)
goto out; goto out;
...@@ -725,12 +724,12 @@ int LUKS_generate_phdr(struct luks_phdr *header, ...@@ -725,12 +724,12 @@ int LUKS_generate_phdr(struct luks_phdr *header,
const struct volume_key *vk, const struct volume_key *vk,
const char *cipherName, const char *cipherMode, const char *hashSpec, const char *cipherName, const char *cipherMode, const char *hashSpec,
const char *uuid, unsigned int stripes, const char *uuid, unsigned int stripes,
unsigned int alignPayload, uint64_t data_offset,
unsigned int alignOffset, uint64_t align_offset,
int detached_metadata_device, bool fixed_data_offset,
struct crypt_device *ctx) struct crypt_device *ctx)
{ {
unsigned int i = 0, hdr_sectors = LUKS_calculate_device_sectors(vk->keylength); unsigned int i = 0, alignPayload, alignOffset, hdr_sectors = LUKS_calculate_device_sectors(vk->keylength);
size_t blocksPerStripeSet, currentSector; size_t blocksPerStripeSet, currentSector;
int r; int r;
uuid_t partitionUuid; uuid_t partitionUuid;
...@@ -738,14 +737,14 @@ int LUKS_generate_phdr(struct luks_phdr *header, ...@@ -738,14 +737,14 @@ int LUKS_generate_phdr(struct luks_phdr *header,
double PBKDF2_temp; double PBKDF2_temp;
char luksMagic[] = LUKS_MAGIC; char luksMagic[] = LUKS_MAGIC;
/* For separate metadata device allow zero alignment */ if (data_offset % SECTOR_SIZE || align_offset % SECTOR_SIZE)
if (alignPayload == 0 && !detached_metadata_device) return -EINVAL;
alignPayload = DEFAULT_DISK_ALIGNMENT / SECTOR_SIZE; alignPayload = data_offset / SECTOR_SIZE;
alignOffset = align_offset / SECTOR_SIZE;
if (alignPayload && detached_metadata_device && alignPayload < hdr_sectors) { if (alignPayload && fixed_data_offset && alignPayload < hdr_sectors) {
log_err(ctx, _("Data offset for detached LUKS header must be " log_err(ctx, _("Data offset for detached LUKS header must be "
"either 0 or higher than header size (%d sectors)."), "either 0 or higher than header size."));
hdr_sectors);
return -EINVAL; return -EINVAL;
} }
...@@ -816,7 +815,7 @@ int LUKS_generate_phdr(struct luks_phdr *header, ...@@ -816,7 +815,7 @@ int LUKS_generate_phdr(struct luks_phdr *header,
LUKS_ALIGN_KEYSLOTS / SECTOR_SIZE); LUKS_ALIGN_KEYSLOTS / SECTOR_SIZE);
} }
if (detached_metadata_device) { if (fixed_data_offset) {
/* for separate metadata device use alignPayload directly */ /* for separate metadata device use alignPayload directly */
header->payloadOffset = alignPayload; header->payloadOffset = alignPayload;
} else { } else {
......
...@@ -26,6 +26,7 @@ ...@@ -26,6 +26,7 @@
* LUKS partition header * LUKS partition header
*/ */
#include <stdbool.h>
#include "libcryptsetup.h" #include "libcryptsetup.h"
#define LUKS_CIPHERNAME_L 32 #define LUKS_CIPHERNAME_L 32
...@@ -115,9 +116,9 @@ int LUKS_generate_phdr( ...@@ -115,9 +116,9 @@ int LUKS_generate_phdr(
const char *hashSpec, const char *hashSpec,
const char *uuid, const char *uuid,
unsigned int stripes, unsigned int stripes,
unsigned int alignPayload, uint64_t data_offset,
unsigned int alignOffset, uint64_t align_offset,
int detached_metadata_device, bool fixed_data_offset,
struct crypt_device *ctx); struct crypt_device *ctx);
int LUKS_read_phdr( int LUKS_read_phdr(
......
...@@ -22,6 +22,7 @@ ...@@ -22,6 +22,7 @@
#ifndef _CRYPTSETUP_LUKS2_ONDISK_H #ifndef _CRYPTSETUP_LUKS2_ONDISK_H
#define _CRYPTSETUP_LUKS2_ONDISK_H #define _CRYPTSETUP_LUKS2_ONDISK_H
#include <stdbool.h>
#include "libcryptsetup.h" #include "libcryptsetup.h"
#define LUKS2_MAGIC_1ST "LUKS\xba\xbe" #define LUKS2_MAGIC_1ST "LUKS\xba\xbe"
...@@ -323,9 +324,9 @@ int LUKS2_generate_hdr( ...@@ -323,9 +324,9 @@ int LUKS2_generate_hdr(
const char *integrity, const char *integrity,
const char *uuid, const char *uuid,
unsigned int sector_size, unsigned int sector_size,
unsigned int alignPayload, uint64_t data_offset,
unsigned int alignOffset, uint64_t align_offset,
int detached_metadata_device); bool fixed_data_offset);
int LUKS2_check_metadata_area_size(uint64_t metadata_size); int LUKS2_check_metadata_area_size(uint64_t metadata_size);
int LUKS2_check_keyslots_area_size(uint64_t keyslots_size); int LUKS2_check_keyslots_area_size(uint64_t keyslots_size);
......
...@@ -139,9 +139,9 @@ int LUKS2_generate_hdr( ...@@ -139,9 +139,9 @@ int LUKS2_generate_hdr(
const char *integrity, const char *integrity,
const char *uuid, const char *uuid,
unsigned int sector_size, /* in bytes */ unsigned int sector_size, /* in bytes */
unsigned int alignPayload, /* in bytes */ uint64_t data_offset, /* in bytes */
unsigned int alignOffset, /* in bytes */ uint64_t align_offset, /* in bytes */
int detached_metadata_device) bool fixed_data_offset)
{ {
struct json_object *jobj_segment, *jobj_integrity, *jobj_keyslots, *jobj_segments, *jobj_config; struct json_object *jobj_segment, *jobj_integrity, *jobj_keyslots, *jobj_segments, *jobj_config;
char num[24], cipher[128]; char num[24], cipher[128];
...@@ -197,13 +197,13 @@ int LUKS2_generate_hdr( ...@@ -197,13 +197,13 @@ int LUKS2_generate_hdr(
jobj_segment = json_object_new_object(); jobj_segment = json_object_new_object();
json_object_object_add(jobj_segment, "type", json_object_new_string("crypt")); json_object_object_add(jobj_segment, "type", json_object_new_string("crypt"));
if (detached_metadata_device) if (fixed_data_offset)
offset = (uint64_t)alignPayload; offset = data_offset;
else { else {
//FIXME //FIXME
//offset = size_round_up(areas[7].offset + areas[7].length, alignPayload * SECTOR_SIZE); //offset = size_round_up(areas[7].offset + areas[7].length, alignPayload * SECTOR_SIZE);
offset = size_round_up(LUKS2_HDR_DEFAULT_LEN, (size_t)alignPayload); offset = size_round_up(LUKS2_HDR_DEFAULT_LEN, (size_t)data_offset);
offset += alignOffset; offset += align_offset;
} }
json_object_object_add(jobj_segment, "offset", json_object_new_uint64(offset)); json_object_object_add(jobj_segment, "offset", json_object_new_uint64(offset));
...@@ -228,7 +228,7 @@ int LUKS2_generate_hdr( ...@@ -228,7 +228,7 @@ int LUKS2_generate_hdr(
/* for detached metadata device compute reasonable keyslot areas size */ /* for detached metadata device compute reasonable keyslot areas size */
// FIXME: this is coupled with FIXME above // FIXME: this is coupled with FIXME above
if (detached_metadata_device && !offset) if (fixed_data_offset && !offset)
keyslots_size = LUKS2_HDR_DEFAULT_LEN - get_min_offset(hdr); keyslots_size = LUKS2_HDR_DEFAULT_LEN - get_min_offset(hdr);
else else
keyslots_size = offset - get_min_offset(hdr); keyslots_size = offset - get_min_offset(hdr);
......
...@@ -54,6 +54,8 @@ struct crypt_device { ...@@ -54,6 +54,8 @@ struct crypt_device {
/* global context scope settings */ /* global context scope settings */
unsigned key_in_keyring:1; unsigned key_in_keyring:1;
uint64_t data_offset;
// FIXME: private binary headers and access it properly // FIXME: private binary headers and access it properly
// through sub-library (LUKS1, TCRYPT) // through sub-library (LUKS1, TCRYPT)
...@@ -359,6 +361,7 @@ static void crypt_set_null_type(struct crypt_device *cd) ...@@ -359,6 +361,7 @@ static void crypt_set_null_type(struct crypt_device *cd)
free(cd->type); free(cd->type);
cd->type = NULL; cd->type = NULL;
cd->u.none.active_name = NULL; cd->u.none.active_name = NULL;
cd->data_offset = 0;
} }
static void crypt_reset_null_type(struct crypt_device *cd) static void crypt_reset_null_type(struct crypt_device *cd)
...@@ -945,6 +948,7 @@ int crypt_load(struct crypt_device *cd, ...@@ -945,6 +948,7 @@ int crypt_load(struct crypt_device *cd,
return -EINVAL; return -EINVAL;
crypt_reset_null_type(cd); crypt_reset_null_type(cd);
cd->data_offset = 0;
if (!requested_type || isLUKS1(requested_type) || isLUKS2(requested_type)) { if (!requested_type || isLUKS1(requested_type) || isLUKS2(requested_type)) {
if (cd->type && !isLUKS1(cd->type) && !isLUKS2(cd->type)) { if (cd->type && !isLUKS1(cd->type) && !isLUKS2(cd->type)) {
...@@ -1439,6 +1443,12 @@ static int _crypt_format_luks1(struct crypt_device *cd, ...@@ -1439,6 +1443,12 @@ static int _crypt_format_luks1(struct crypt_device *cd,
return -EINVAL; return -EINVAL;
} }
if (params && cd->data_offset && params->data_alignment &&
(cd->data_offset % params->data_alignment)) {
log_err(cd, _("Requested data alignment is not compatible with data offset."));
return -EINVAL;
}
if (!(cd->type = strdup(CRYPT_LUKS1))) if (!(cd->type = strdup(CRYPT_LUKS1)))
return -ENOMEM; return -ENOMEM;
...@@ -1474,9 +1484,14 @@ static int _crypt_format_luks1(struct crypt_device *cd, ...@@ -1474,9 +1484,14 @@ static int _crypt_format_luks1(struct crypt_device *cd,
return -ENOMEM; return -ENOMEM;
} }
if (params && (params->data_alignment || cd->metadata_device)) if (params && cd->metadata_device) {
/* For detached header the alignment is used directly as data offset */
if (!cd->data_offset)
cd->data_offset = params->data_alignment;
required_alignment = params->data_alignment * SECTOR_SIZE; required_alignment = params->data_alignment * SECTOR_SIZE;
else } else if (params && params->data_alignment) {
required_alignment = params->data_alignment * SECTOR_SIZE;
} else
device_topology_alignment(cd, cd->device, device_topology_alignment(cd, cd->device,
&required_alignment, &required_alignment,
&alignment_offset, DEFAULT_DISK_ALIGNMENT); &alignment_offset, DEFAULT_DISK_ALIGNMENT);
...@@ -1485,11 +1500,18 @@ static int _crypt_format_luks1(struct crypt_device *cd, ...@@ -1485,11 +1500,18 @@ static int _crypt_format_luks1(struct crypt_device *cd,
if (r < 0) if (r < 0)
return r; return r;
/* New data_offset has priority */
if (cd->data_offset) {
required_alignment = cd->data_offset * SECTOR_SIZE;
/* Check overflow */
if (required_alignment != (cd->data_offset * (uint64_t)SECTOR_SIZE))
return -EINVAL;
}
r = LUKS_generate_phdr(&cd->u.luks1.hdr, cd->volume_key, cipher, cipher_mode, r = LUKS_generate_phdr(&cd->u.luks1.hdr, cd->volume_key, cipher, cipher_mode,
cd->pbkdf.hash, uuid, LUKS_STRIPES, cd->pbkdf.hash, uuid, LUKS_STRIPES,
required_alignment / SECTOR_SIZE, required_alignment, alignment_offset,
alignment_offset / SECTOR_SIZE, (cd->data_offset || cd->metadata_device), cd);
cd->metadata_device ? 1 : 0, cd);
if (r < 0) if (r < 0)
return r; return r;
...@@ -1534,6 +1556,12 @@ static int _crypt_format_luks2(struct crypt_device *cd, ...@@ -1534,6 +1556,12 @@ static int _crypt_format_luks2(struct crypt_device *cd,
return -EINVAL; return -EINVAL;
} }
if (params && cd->data_offset && params->data_alignment &&
(cd->data_offset % params->data_alignment)) {
log_err(cd, _("Requested data alignment is not compatible with data offset."));
return -EINVAL;
}
if (sector_size < SECTOR_SIZE || sector_size > MAX_SECTOR_SIZE || if (sector_size < SECTOR_SIZE || sector_size > MAX_SECTOR_SIZE ||
NOTPOW2(sector_size)) { NOTPOW2(sector_size)) {
log_err(cd, _("Unsupported encryption sector size.")); log_err(cd, _("Unsupported encryption sector size."));
...@@ -1598,9 +1626,14 @@ static int _crypt_format_luks2(struct crypt_device *cd, ...@@ -1598,9 +1626,14 @@ static int _crypt_format_luks2(struct crypt_device *cd,
return -ENOMEM; return -ENOMEM;
} }
if (params && (params->data_alignment || cd->metadata_device)) if (params && cd->metadata_device) {
/* For detached header the alignment is used directly as data offset */
if (!cd->data_offset)
cd->data_offset = params->data_alignment;
required_alignment = params->data_alignment * SECTOR_SIZE; required_alignment = params->data_alignment * SECTOR_SIZE;
else } else if (params && params->data_alignment) {
required_alignment = params->data_alignment * SECTOR_SIZE;
} else
device_topology_alignment(cd, cd->device, device_topology_alignment(cd, cd->device,
&required_alignment, &required_alignment,
&alignment_offset, DEFAULT_DISK_ALIGNMENT); &alignment_offset, DEFAULT_DISK_ALIGNMENT);
...@@ -1623,13 +1656,23 @@ static int _crypt_format_luks2(struct crypt_device *cd, ...@@ -1623,13 +1656,23 @@ static int _crypt_format_luks2(struct crypt_device *cd,
goto out; goto out;
} }
/* New data_offset has priority */
if (cd->data_offset) {
required_alignment = cd->data_offset * SECTOR_SIZE;
/* Check overflow */
if (required_alignment != (cd->data_offset * (uint64_t)SECTOR_SIZE)) {
r = -EINVAL;
goto out;
}
}
r = LUKS2_generate_hdr(cd, &cd->u.luks2.hdr, cd->volume_key, r = LUKS2_generate_hdr(cd, &cd->u.luks2.hdr, cd->volume_key,
cipher, cipher_mode, cipher, cipher_mode,
integrity, uuid, integrity, uuid,
sector_size, sector_size,
required_alignment, required_alignment,
alignment_offset, alignment_offset,
cd->metadata_device ? 1 : 0); (cd->data_offset || cd->metadata_device));
if (r < 0) if (r < 0)
goto out; goto out;
...@@ -3904,6 +3947,21 @@ int crypt_keyslot_get_key_size(struct crypt_device *cd, int keyslot) ...@@ -3904,6 +3947,21 @@ int crypt_keyslot_get_key_size(struct crypt_device *cd, int keyslot)
return -EINVAL; return -EINVAL;
} }
int crypt_set_data_offset(struct crypt_device *cd, uint64_t data_offset)
{
if (!cd)
return -EINVAL;
if (data_offset % (MAX_SECTOR_SIZE >> SECTOR_SHIFT)) {
log_err(cd, "Data offset is not multiple of %u bytes.", MAX_SECTOR_SIZE);
return -EINVAL;
}
cd->data_offset = data_offset;
log_dbg(cd, "Data offset set to %" PRIu64 " (512-byte) sectors.", data_offset);
return 0;
}
uint64_t crypt_get_data_offset(struct crypt_device *cd) uint64_t crypt_get_data_offset(struct crypt_device *cd)
{ {
if (!cd) if (!cd)
...@@ -3924,7 +3982,7 @@ uint64_t crypt_get_data_offset(struct crypt_device *cd) ...@@ -3924,7 +3982,7 @@ uint64_t crypt_get_data_offset(struct crypt_device *cd)
if (isTCRYPT(cd->type)) if (isTCRYPT(cd->type))
return TCRYPT_get_data_offset(cd, &cd->u.tcrypt.hdr, &cd->u.tcrypt.params); return TCRYPT_get_data_offset(cd, &cd->u.tcrypt.hdr, &cd->u.tcrypt.params);
return 0; return cd->data_offset;
} }
uint64_t crypt_get_iv_offset(struct crypt_device *cd) uint64_t crypt_get_iv_offset(struct crypt_device *cd)
......
...@@ -556,6 +556,7 @@ static void SuspendDevice(void) ...@@ -556,6 +556,7 @@ static void SuspendDevice(void)
static void AddDeviceLuks2(void) static void AddDeviceLuks2(void)
{ {
enum { OFFSET_1M = 2048 , OFFSET_2M = 4096, OFFSET_4M = 8192, OFFSET_8M = 16384 };
struct crypt_device *cd; struct crypt_device *cd;
struct crypt_pbkdf_type pbkdf = { struct crypt_pbkdf_type pbkdf = {
.type = CRYPT_KDF_ARGON2I, .type = CRYPT_KDF_ARGON2I,
...@@ -608,10 +609,35 @@ static void AddDeviceLuks2(void) ...@@ -608,10 +609,35 @@ static void AddDeviceLuks2(void)
OK_(!(crypt_get_data_offset(cd) > 0)); OK_(!(crypt_get_data_offset(cd) > 0));
crypt_free(cd); crypt_free(cd);
// set_data_offset has priority, alignment must be 0 or must be compatible
params.data_alignment = 0;
OK_(crypt_init(&cd, DEVICE_2));
OK_(crypt_set_data_offset(cd, OFFSET_8M));
OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, &params));
EQ_(crypt_get_data_offset(cd), OFFSET_8M);
crypt_free(cd);
// Load gets the value from metadata
OK_(crypt_init(&cd, DEVICE_2));
OK_(crypt_set_data_offset(cd, OFFSET_2M));
OK_(crypt_load(cd, CRYPT_LUKS2, DEVICE_2));
EQ_(crypt_get_data_offset(cd), OFFSET_8M);
crypt_free(cd);
params.data_alignment = OFFSET_4M;
OK_(crypt_init(&cd, DEVICE_2));
FAIL_(crypt_set_data_offset(cd, OFFSET_2M + 1), "Not aligned to 4096"); // must be aligned to 4k
OK_(crypt_set_data_offset(cd, OFFSET_2M));
FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, &params), "Alignment not compatible");
OK_(crypt_set_data_offset(cd, OFFSET_4M));
OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, &params));
EQ_(crypt_get_data_offset(cd), OFFSET_4M);
crypt_free(cd);
/* /*
* test limit values for backing device size * test limit values for backing device size
*/ */
params.data_alignment = 8192; params.data_alignment = OFFSET_4M;
OK_(get_luks2_offsets(0, params.data_alignment, 0, 0, NULL, &r_payload_offset)); OK_(get_luks2_offsets(0, params.data_alignment, 0, 0, NULL, &r_payload_offset));
OK_(create_dmdevice_over_loop(L_DEVICE_0S, r_payload_offset)); OK_(create_dmdevice_over_loop(L_DEVICE_0S, r_payload_offset));
OK_(create_dmdevice_over_loop(L_DEVICE_1S, r_payload_offset + 1)); OK_(create_dmdevice_over_loop(L_DEVICE_1S, r_payload_offset + 1));
...@@ -673,7 +699,7 @@ static void AddDeviceLuks2(void) ...@@ -673,7 +699,7 @@ static void AddDeviceLuks2(void)
OK_(crypt_deactivate(cd, CDEVICE_1)); OK_(crypt_deactivate(cd, CDEVICE_1));
crypt_free(cd); crypt_free(cd);
params.data_alignment = 2048; params.data_alignment = OFFSET_1M;
params.data_device = NULL; params.data_device = NULL;
// test uuid mismatch and _init_by_name_and_header // test uuid mismatch and _init_by_name_and_header
......
...@@ -734,10 +734,11 @@ static void SuspendDevice(void) ...@@ -734,10 +734,11 @@ static void SuspendDevice(void)
static void AddDeviceLuks(void) static void AddDeviceLuks(void)
{ {
enum { OFFSET_1M = 2048 , OFFSET_2M = 4096, OFFSET_4M = 8192, OFFSET_8M = 16384 };
struct crypt_device *cd; struct crypt_device *cd;
struct crypt_params_luks1 params = { struct crypt_params_luks1 params = {
.hash = "sha512", .hash = "sha512",
.data_alignment = 2048, // 4M, data offset will be 4096 .data_alignment = OFFSET_1M, // 4M, data offset will be 4096
.data_device = DEVICE_2 .data_device = DEVICE_2
}; };
char key[128], key2[128], key3[128]; char key[128], key2[128], key3[128];
...@@ -779,10 +780,35 @@ static void AddDeviceLuks(void) ...@@ -779,10 +780,35 @@ static void AddDeviceLuks(void)
OK_(!(crypt_get_data_offset(cd) > 0)); OK_(!(crypt_get_data_offset(cd) > 0));
crypt_free(cd); crypt_free(cd);
// set_data_offset has priority, alignment must be 0 or must be compatible
params.data_alignment = 0;
OK_(crypt_init(&cd, DEVICE_2));
OK_(crypt_set_data_offset(cd, OFFSET_8M));
OK_(crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, key, key_size, &params));
EQ_(crypt_get_data_offset(cd), OFFSET_8M);
crypt_free(cd);
// Load gets the value from metadata
OK_(crypt_init(&cd, DEVICE_2));
OK_(crypt_set_data_offset(cd, OFFSET_2M));
OK_(crypt_load(cd, CRYPT_LUKS1, DEVICE_2));
EQ_(crypt_get_data_offset(cd), OFFSET_8M);
crypt_free(cd);
params.data_alignment = OFFSET_4M;
OK_(crypt_init(&cd, DEVICE_2));
FAIL_(crypt_set_data_offset(cd, OFFSET_2M + 1), "Not aligned to 4096"); // must be aligned to 4k
OK_(crypt_set_data_offset(cd, OFFSET_2M));
FAIL_(crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, key, key_size, &params), "Alignment not compatible");
OK_(crypt_set_data_offset(cd, OFFSET_4M));
OK_(crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, key, key_size, &params));
EQ_(crypt_get_data_offset(cd), OFFSET_4M);
crypt_free(cd);
/* /*
* test limit values for backing device size * test limit values for backing device size
*/ */
params.data_alignment = 4096; params.data_alignment = OFFSET_2M;
OK_(get_luks_offsets(0, key_size, params.data_alignment, 0, NULL, &r_payload_offset)); OK_(get_luks_offsets(0, key_size, params.data_alignment, 0, NULL, &r_payload_offset));
OK_(create_dmdevice_over_loop(L_DEVICE_0S, r_payload_offset)); OK_(create_dmdevice_over_loop(L_DEVICE_0S, r_payload_offset));
OK_(create_dmdevice_over_loop(L_DEVICE_1S, r_payload_offset + 1)); OK_(create_dmdevice_over_loop(L_DEVICE_1S, r_payload_offset + 1));
...@@ -844,7 +870,7 @@ static void AddDeviceLuks(void) ...@@ -844,7 +870,7 @@ static void AddDeviceLuks(void)
OK_(crypt_deactivate(cd, CDEVICE_1)); OK_(crypt_deactivate(cd, CDEVICE_1));
crypt_free(cd); crypt_free(cd);
params.data_alignment = 2048; params.data_alignment = OFFSET_1M;
params.data_device = NULL; params.data_device = NULL;
// test uuid mismatch and _init_by_name_and_header // test uuid mismatch and _init_by_name_and_header
...@@ -936,7 +962,7 @@ static void AddDeviceLuks(void) ...@@ -936,7 +962,7 @@ static void AddDeviceLuks(void)
OK_(strcmp(cipher, crypt_get_cipher(cd))); OK_(strcmp(cipher, crypt_get_cipher(cd)));
OK_(strcmp(cipher_mode, crypt_get_cipher_mode(cd))); OK_(strcmp(cipher_mode, crypt_get_cipher_mode(cd)));
EQ_((int)key_size, crypt_get_volume_key_size(cd)); EQ_((int)key_size, crypt_get_volume_key_size(cd));
EQ_(4096, crypt_get_data_offset(cd)); EQ_(OFFSET_2M, crypt_get_data_offset(cd));
OK_(strcmp(DEVICE_2, crypt_get_device_name(cd))); OK_(strcmp(DEVICE_2, crypt_get_device_name(cd)));
reset_log(); reset_log();
......
...@@ -369,7 +369,7 @@ echo "$PWD1" | $CRYPTSETUP -q luksOpen $LOOPDEV $DEV_NAME || fail ...@@ -369,7 +369,7 @@ echo "$PWD1" | $CRYPTSETUP -q luksOpen $LOOPDEV $DEV_NAME || fail
$CRYPTSETUP -q luksClose $DEV_NAME || fail $CRYPTSETUP -q luksClose $DEV_NAME || fail
prepare "[15] UUID - use and report provided UUID" wipe prepare "[15] UUID - use and report provided UUID" wipe
echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --uuid blah $LOOPDEV 2>/dev/null && fail echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT --uuid blah $LOOPDEV 2>/dev/null && fail
echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT --uuid $TEST_UUID $LOOPDEV || fail echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT --uuid $TEST_UUID $LOOPDEV || fail
tst=$($CRYPTSETUP -q luksUUID $LOOPDEV) tst=$($CRYPTSETUP -q luksUUID $LOOPDEV)
[ "$tst"x = "$TEST_UUID"x ] || fail [ "$tst"x = "$TEST_UUID"x ] || fail
...@@ -519,9 +519,9 @@ prepare "[20] Disallow open/create if already mapped." wipe ...@@ -519,9 +519,9 @@ prepare "[20] Disallow open/create if already mapped." wipe
$CRYPTSETUP create $DEV_NAME $LOOPDEV -d $KEY1 || fail $CRYPTSETUP create $DEV_NAME $LOOPDEV -d $KEY1 || fail
$CRYPTSETUP create $DEV_NAME $LOOPDEV -d $KEY1 2>/dev/null && fail $CRYPTSETUP create $DEV_NAME $LOOPDEV -d $KEY1 2>/dev/null && fail
$CRYPTSETUP create $DEV_NAME2 $LOOPDEV -d $KEY1 2>/dev/null && fail $CRYPTSETUP create $DEV_NAME2 $LOOPDEV -d $KEY1 2>/dev/null && fail
echo $PWD1 | $CRYPTSETUP -q luksFormat $LOOPDEV 2>/dev/null && fail echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $LOOPDEV 2>/dev/null && fail
$CRYPTSETUP remove $DEV_NAME || fail $CRYPTSETUP remove $DEV_NAME || fail
echo $PWD1 | $CRYPTSETUP -q luksFormat $LOOPDEV || fail echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $LOOPDEV || fail
echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME || fail echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME || fail
echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME2 2>/dev/null && fail echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME2 2>/dev/null && fail
$CRYPTSETUP luksClose $DEV_NAME || fail $CRYPTSETUP luksClose $DEV_NAME || fail
...@@ -675,7 +675,7 @@ $CRYPTSETUP luksOpen -S 5 -d $KEY1 $LOOPDEV $DEV_NAME 2>/dev/null && fail ...@@ -675,7 +675,7 @@ $CRYPTSETUP luksOpen -S 5 -d $KEY1 $LOOPDEV $DEV_NAME 2>/dev/null && fail
prepare "[28] Detached LUKS header" wipe prepare "[28] Detached LUKS header" wipe
echo $PWD1 | $CRYPTSETUP luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV --header $HEADER_IMG || fail echo $PWD1 | $CRYPTSETUP luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV --header $HEADER_IMG || fail
echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT $LOOPDEV --header $HEADER_IMG --align-payload 1 >/dev/null 2>&1 && fail echo $PWD1 | $CRYPTSETUP luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV --header $HEADER_IMG --align-payload 1 >/dev/null 2>&1 && fail
echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV --header $HEADER_IMG --align-payload 8192 || fail echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV --header $HEADER_IMG --align-payload 8192 || fail
echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV --header $HEADER_IMG --align-payload 0 || fail echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV --header $HEADER_IMG --align-payload 0 || fail
echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV --header $HEADER_IMG $DEV_NAME || fail echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV --header $HEADER_IMG $DEV_NAME || fail
......
...@@ -619,8 +619,7 @@ echo $PWD1 | $CRYPTSETUP open -S1 $HEADER_KEYU $DEV_NAME && fail ...@@ -619,8 +619,7 @@ echo $PWD1 | $CRYPTSETUP open -S1 $HEADER_KEYU $DEV_NAME && fail
prepare "[28] Detached LUKS header" wipe prepare "[28] Detached LUKS header" wipe
echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV --header $HEADER_IMG || fail echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV --header $HEADER_IMG || fail
#FIXME echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV --header $HEADER_IMG --align-payload 1 >/dev/null 2>&1 && fail
#echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT $LOOPDEV --header $HEADER_IMG --align-payload 1 >/dev/null 2>&1 && fail
echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV --header $HEADER_IMG --align-payload 8192 || fail echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV --header $HEADER_IMG --align-payload 8192 || fail
echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV --header $HEADER_IMG --align-payload 4096 || fail echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV --header $HEADER_IMG --align-payload 4096 || fail
$CRYPTSETUP luksDump $HEADER_IMG | grep -e "0: crypt" -A1 | grep -qe $((4096*512)) || fail $CRYPTSETUP luksDump $HEADER_IMG | grep -e "0: crypt" -A1 | grep -qe $((4096*512)) || fail
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment