Commit b684fffd authored by Milan Broz's avatar Milan Broz

Switch to use unit suffix for --reduce-device-size option.

parent fb3b62ca
2012-06-25 Milan Broz <gmazyland@gmail.com>
* Add --device-size option for reencryption tool.
* Switch to use unit suffix for --reduce-device-size option.
2012-06-20 Milan Broz <gmazyland@gmail.com>
* Version 1.5.0-rc2.
......
......@@ -445,7 +445,7 @@ int crypt_string_to_size(struct crypt_device *cd, const char *s, uint64_t *size)
(errno != 0 && *size == 0))
return -EINVAL;
if (!endp)
if (!endp || !*endp)
return 0;
len = strlen(endp);
......
......@@ -108,22 +108,6 @@ Use re-encryption block size of <value> in MiB.
Values can be between 1 and 64 MiB.
.TP
.B "\-\-reduce-device-size \fInumber of 512 bytes sectors\fR"
Enlarge data offset for specified value of sectors by shrinking
device size.
This means that last sectors on the original device will be lost,
ciphertext data will be effectively shifted by specified
number of sectors.
It can be usefull if you e.g. added some space to underlying
partition (so last sectors contains no data).
WARNING: This is destructive operation and cannot be reverted.
Use with extreme care - shrinked filesystems are usually unrecoverable.
You cannot shrink device more than by 64 MiB (131072 sectors).
.TP
.B "\-\-device-size \fIsize[units]\fR"
Instead of real device size, use specified value.
......@@ -138,6 +122,21 @@ Unit suffix can be S for 512 byte sectors, K/M/G/T (or KiB,MiB,GiB,TiB)
for units with 1024 base or KB/MB/GB/TB for 1000 base (SI scale).
WARNING: This is destructive operation.
.TP
.B "\-\-reduce-device-size \fIsize[units]\fR"
Enlarge data offset to specified value by shrinking device size.
This means that last sectors on the original device will be lost,
ciphertext data will be effectively shifted by specified
number of sectors.
It can be usefull if you e.g. added some space to underlying
partition (so last sectors contains no data).
For units suffix see \-\-device-size parameter description.
WARNING: This is destructive operation and cannot be reverted.
Use with extreme care - shrinked filesystems are usually unrecoverable.
You cannot shrink device more than by 64 MiB (131072 sectors).
.TP
......
......@@ -23,6 +23,7 @@
#define _LARGEFILE64_SOURCE
#define _FILE_OFFSET_BITS 64
#define SECTOR_SIZE 512
#define ROUND_SECTOR(x) (((x) + SECTOR_SIZE - 1) / SECTOR_SIZE)
#define NO_UUID "cafecafe-cafe-cafe-cafe-cafecafeeeee"
#define MAX_BCK_SECTORS 8192
......@@ -58,7 +59,6 @@ static int opt_version_mode = 0;
static int opt_random = 0;
static int opt_urandom = 0;
static int opt_bsize = 4;
static int opt_reduce_device_size = 0;
static int opt_directio = 0;
static int opt_fsync = 0;
static int opt_write_log = 0;
......@@ -67,6 +67,9 @@ static int opt_key_slot = CRYPT_ANY_SLOT;
static int opt_key_size = 0;
static int opt_new = 0;
static const char *opt_reduce_size_str = NULL;
static uint64_t opt_reduce_size = 0;
static const char *opt_device_size_str = NULL;
static uint64_t opt_device_size = 0;
......@@ -316,8 +319,8 @@ static int create_empty_header(const char *new_file, const char *old_file,
size = data_sector * SECTOR_SIZE;
/* if reducing size, be sure we have enough space */
if (opt_reduce_device_size)
size += (opt_reduce_device_size * SECTOR_SIZE);
if (opt_reduce_size)
size += opt_reduce_size;
log_dbg("Creating empty file %s of size %lu.", new_file, (unsigned long)size);
......@@ -571,7 +574,7 @@ static int backup_luks_headers(struct reenc_ctx *rc)
params.hash = opt_hash ?: DEFAULT_LUKS1_HASH;
params.data_alignment = crypt_get_data_offset(cd);
params.data_alignment += opt_reduce_device_size;
params.data_alignment += ROUND_SECTOR(opt_reduce_size);
params.data_device = rc->device;
if (opt_cipher) {
......@@ -643,7 +646,7 @@ static int backup_fake_header(struct reenc_ctx *rc)
if (r < 0)
goto out;
params.data_alignment = opt_reduce_device_size;
params.data_alignment = ROUND_SECTOR(opt_reduce_size);
r = create_new_header(rc,
opt_cipher ? cipher : DEFAULT_LUKS1_CIPHER,
opt_cipher ? cipher_mode : DEFAULT_LUKS1_MODE,
......@@ -1100,7 +1103,7 @@ static int initialize_context(struct reenc_ctx *rc, const char *device)
}
if (!rc->in_progress) {
if (!opt_reduce_device_size)
if (!opt_reduce_size)
rc->reencrypt_direction = FORWARD;
else {
rc->reencrypt_direction = BACKWARD;
......@@ -1239,7 +1242,7 @@ int main(int argc, const char **argv)
{ "key-slot", 'S', POPT_ARG_INT, &opt_key_slot, 0, N_("Use only this slot (others will be disabled)."), NULL },
{ "keyfile-offset", '\0', POPT_ARG_LONG, &opt_keyfile_offset, 0, N_("Number of bytes to skip in keyfile"), N_("bytes") },
{ "keyfile-size", 'l', POPT_ARG_LONG, &opt_keyfile_size, 0, N_("Limits the read from keyfile"), N_("bytes") },
{ "reduce-device-size",'\0', POPT_ARG_INT, &opt_reduce_device_size, 0, N_("Reduce data device size (move data offset). DANGEROUS!"), N_("SECTORS") },
{ "reduce-device-size",'\0', POPT_ARG_STRING, &opt_reduce_size_str, 0, N_("Reduce data device size (move data offset). DANGEROUS!"), N_("bytes") },
{ "device-size", '\0', POPT_ARG_STRING, &opt_device_size_str, 0, N_("Use only specified device size (ignore rest of device). DANGEROUS!"), N_("bytes") },
{ "new", 'N', POPT_ARG_NONE,&opt_new, 0, N_("Create new header on not encrypted device."), NULL },
POPT_TABLEEND
......@@ -1287,8 +1290,7 @@ int main(int argc, const char **argv)
poptGetInvocationName(popt_context));
if (opt_bsize < 0 || opt_key_size < 0 || opt_iteration_time < 0 ||
opt_tries < 0 || opt_keyfile_offset < 0 || opt_key_size < 0 ||
opt_reduce_device_size < 0) {
opt_tries < 0 || opt_keyfile_offset < 0 || opt_key_size < 0) {
usage(popt_context, EXIT_FAILURE,
_("Negative number for option not permitted."),
poptGetInvocationName(popt_context));
......@@ -1299,11 +1301,6 @@ int main(int argc, const char **argv)
_("Only values between 1MiB and 64 MiB allowed for reencryption block size."),
poptGetInvocationName(popt_context));
if (opt_reduce_device_size > (64 * 1024 * 1024 / SECTOR_SIZE))
usage(popt_context, EXIT_FAILURE,
_("Maximum device reduce size is 64 MiB."),
poptGetInvocationName(popt_context));
if (opt_key_size % 8)
usage(popt_context, EXIT_FAILURE,
_("Key size must be a multiple of 8 bits"),
......@@ -1318,15 +1315,26 @@ int main(int argc, const char **argv)
usage(popt_context, EXIT_FAILURE, _("Only one of --use-[u]random options is allowed."),
poptGetInvocationName(popt_context));
if (opt_new && !opt_reduce_device_size)
usage(popt_context, EXIT_FAILURE, _("Option --new must be used together with --reduce_device_size."),
poptGetInvocationName(popt_context));
if (opt_device_size_str &&
crypt_string_to_size(NULL, opt_device_size_str, &opt_device_size))
usage(popt_context, EXIT_FAILURE, _("Invalid device size specification."),
poptGetInvocationName(popt_context));
if (opt_reduce_size_str &&
crypt_string_to_size(NULL, opt_reduce_size_str, &opt_reduce_size))
usage(popt_context, EXIT_FAILURE, _("Invalid device size specification."),
poptGetInvocationName(popt_context));
if (opt_reduce_size > 64 * 1024 * 1024)
usage(popt_context, EXIT_FAILURE, _("Maximum device reduce size is 64 MiB."),
poptGetInvocationName(popt_context));
if (opt_reduce_size % SECTOR_SIZE)
usage(popt_context, EXIT_FAILURE, _("Reduce size must be multiple of 512 bytes sector."),
poptGetInvocationName(popt_context));
if (opt_new && !opt_reduce_size)
usage(popt_context, EXIT_FAILURE, _("Option --new must be used together with --reduce-device-size."),
poptGetInvocationName(popt_context));
if (opt_debug) {
opt_verbose = 1;
crypt_set_debug_level(-1);
......
......@@ -105,7 +105,7 @@ check_hash "key0" $HASH1
echo "[2] Reencryption with data shift"
echo "key0" | $CRYPTSETUP -q luksFormat -s 128 -i 1 --align-payload 2048 $LOOPDEV1 || fail
wipe "key0"
echo "key0" | $REENC $LOOPDEV1 -q -s 256 --reduce-device-size 1024 || fail
echo "key0" | $REENC $LOOPDEV1 -q -s 256 --reduce-device-size 1024S || fail
check_hash "key0" $HASH2
echo "key0" | $REENC $LOOPDEV1 -q -i 1 || fail
check_hash "key0" $HASH2
......@@ -127,7 +127,7 @@ wipe_dev $LOOPDEV1
dmsetup create $DEV_NAME2 --table "0 $(($SIZE - $OFFSET)) linear $LOOPDEV1 0" || fail
check_hash_dev /dev/mapper/$DEV_NAME2 $HASH3
dmsetup remove $DEV_NAME2 || fail
echo "key0" | $REENC $LOOPDEV1 -s 128 --new --reduce-device-size $OFFSET -q
echo "key0" | $REENC $LOOPDEV1 -s 128 --new --reduce-device-size "$OFFSET"S -q
check_hash "key0" $HASH3
remove_mapping
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment