Commit 2072adf7 authored by Milan Broz's avatar Milan Broz

Also support --skip option for loopaesOpen.

git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@481 36d66b0a-2a48-0410-832c-cd162a569da5
parent 49ea1b69
2011-04-22 Milan Broz <mbroz@redhat.com>
* Also support --skip option for loopaesOpen.
2011-04-18 Milan Broz <mbroz@redhat.com>
* Respect maximum keyfile size paramater.
* Introduce maximum default keyfile size, add configure option.
......
......@@ -171,6 +171,7 @@ struct crypt_params_luks1 {
struct crypt_params_loopaes {
const char *hash; /* key hash function */
uint64_t offset; /* offset in sectors */
uint64_t skip; /* IV initilisation sector */
};
/**
* Create (format) new crypt device (and possible header on-disk) but not activates it.
......
......@@ -178,9 +178,12 @@ int LOOPAES_activate(struct crypt_device *cd,
const char *base_cipher,
unsigned int keys_count,
struct volume_key *vk,
const char *hash,
uint64_t offset,
uint64_t skip,
uint32_t flags)
{
uint64_t size, offset;
uint64_t size;
uint32_t req_flags;
char *cipher;
const char *device;
......@@ -188,7 +191,6 @@ int LOOPAES_activate(struct crypt_device *cd,
size = 0;
/* Initial IV (skip) is always the same as offset */
offset = crypt_get_data_offset(cd);
device = crypt_get_device_name(cd);
read_only = flags & CRYPT_ACTIVATE_READONLY;
......@@ -210,7 +212,7 @@ int LOOPAES_activate(struct crypt_device *cd,
r = dm_create_device(name, device,
cipher, CRYPT_LOOPAES,
crypt_get_uuid(cd),
size, offset, offset, vk->keylength, vk->key,
size, skip, offset, vk->keylength, vk->key,
read_only, 0);
if (!r && !(dm_flags() & req_flags)) {
......
......@@ -17,5 +17,8 @@ int LOOPAES_activate(struct crypt_device *cd,
const char *base_cipher,
unsigned int keys_count,
struct volume_key *vk,
const char *hash,
uint64_t offset,
uint64_t skip,
uint32_t flags);
#endif
......@@ -1309,6 +1309,7 @@ static int _crypt_format_loopaes(struct crypt_device *cd,
cd->loopaes_hdr.hash = strdup(params->hash);
cd->loopaes_hdr.offset = params ? params->offset : 0;
cd->loopaes_hdr.skip = params ? params->skip : 0;
return 0;
}
......@@ -2026,7 +2027,10 @@ int crypt_activate_by_keyfile(struct crypt_device *cd,
goto out;
if (name)
r = LOOPAES_activate(cd, name, cd->loopaes_cipher,
key_count, vk, flags);
key_count, vk, NULL,
cd->loopaes_hdr.offset,
cd->loopaes_hdr.skip,
flags);
} else
r = -EINVAL;
......
......@@ -179,7 +179,11 @@ parameters are visible in \fB\-\-help\fR output.
Use \fB\-\-offset\fR to specify device offset. Note the units need to be
specified in 512 bytes sectors.
\fB<options>\fR can be [\-\-key-file, \-\-key-size, \-\-offset, \-\-readonly].
Use \fB\-\-skip\fR to specify IV offset. If original device used offset
and not used it in IV sector calculations, you have to explicitly use
\fB\-\-skip 0\fR in addition to offset parameter.
\fB<options>\fR can be [\-\-key-file, \-\-key-size, \-\-offset, \-\-skip, \-\-readonly].
.PP
\fIloopaesClose\fR <name>
.IP
......
......@@ -50,6 +50,7 @@ static int opt_key_slot = CRYPT_ANY_SLOT;
static uint64_t opt_size = 0;
static uint64_t opt_offset = 0;
static uint64_t opt_skip = 0;
static int opt_skip_valid = 0;
static int opt_readonly = 0;
static int opt_iteration_time = 1000;
static int opt_batch_mode = 0;
......@@ -290,6 +291,7 @@ static int action_loopaesOpen(int arg)
struct crypt_params_loopaes params = {
.hash = opt_hash ?: NULL, // FIXME
.offset = opt_offset,
.skip = opt_skip_valid ? opt_skip : opt_offset,
};
unsigned int key_size = (opt_key_size ?: DEFAULT_LOOPAES_KEYBITS) / 8;
int r;
......@@ -1157,6 +1159,7 @@ int main(int argc, char **argv)
break;
case 3:
opt_skip = ull_value;
opt_skip_valid = 1;
break;
}
......@@ -1249,9 +1252,9 @@ int main(int argc, char **argv)
usage(popt_context, EXIT_FAILURE, _("Option --uuid is allowed only for luksFormat and luksUUID."),
poptGetInvocationName(popt_context));
if (opt_skip && strcmp(aname, "create"))
if (opt_skip && strcmp(aname, "create") && strcmp(aname, "loopaesOpen"))
usage(popt_context, EXIT_FAILURE,
_("Option --skip is supported only for create command.\n"),
_("Option --skip is supported only for create and loopaesOpen commands.\n"),
poptGetInvocationName(popt_context));
if (opt_offset && strcmp(aname, "create") && strcmp(aname, "loopaesOpen"))
......
......@@ -60,16 +60,26 @@ function check_exists()
[ -b /dev/mapper/$DEV_NAME ] || fail
}
function get_offset_params() # $offset
{
offset=$1
if [ "${offset:0:1}" = "@" ] ; then
echo "-o $((${offset:1} / 512)) -p 0"
else
echo "-o $((offset / 512))"
fi
}
function get_expsum() # $offset
{
case $1 in
0)
echo "31e00e0e4c233c89051cd748122fde2c98db0121ca09ba93a3820817ea037bc5"
;;
8192)
@8192 | 8192)
echo "bfd94392d1dd8f5d477251d21b3c736e177a4945cd4937847fc7bace82996aed"
;;
8388608)
@8388608 | 8388608)
echo "33838fe36928a929bd7971bed7e82bd426c88193fcd692c2e6f1b9c9bfecd4d6"
;;
*) fail
......@@ -84,8 +94,8 @@ function check_sum() # $key $keysize $offset
sync
dmremove $DEV_NAME
EXPSUM=$(get_expsum $offset)
$CRYPTSETUP loopaesOpen $LOOPDEV $DEV_NAME -s $2 --key-file $1 -o $3 >/dev/null 2>&1
EXPSUM=$(get_expsum $3)
$CRYPTSETUP loopaesOpen $LOOPDEV $DEV_NAME -s $2 --key-file $1 $(get_offset_params $offset) >/dev/null 2>&1
ret=$?
VSUM=$(sha256sum /dev/mapper/$DEV_NAME | cut -d' ' -f 1)
if [ $ret -eq 0 -a "$VSUM" = "$EXPSUM" ] ; then
......@@ -136,16 +146,15 @@ check_version || skip "Probably old kernel, test skipped."
# loop-AES tests
KEY_SIZES="128 256"
KEY_FILES="$KEYv1 $KEYv2 $KEYv3"
DEV_OFFSET="0 8192 8388608"
DEV_OFFSET="0 8192 @8192 8388608 @8388608"
for key_size in $KEY_SIZES ; do
for key in $KEY_FILES ; do
for offset in $DEV_OFFSET ; do
offset_sec=$(($offset / 512))
prepare "Open loop-AES $key / AES-$key_size / offset $offset"
$CRYPTSETUP loopaesOpen $LOOPDEV $DEV_NAME -s $key_size --key-file $key -o $offset_sec || fail
$CRYPTSETUP loopaesOpen $LOOPDEV $DEV_NAME -s $key_size --key-file $key $(get_offset_params $offset) || fail
check_exists
check_sum $key $key_size $offset_sec
check_sum $key $key_size $offset
$CRYPTSETUP loopaesClose $DEV_NAME || fail
check_sum_losetup $key AES$key_size $offset
done
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment