Skip to content

C
cryptsetup
Commit bce29573 authored by Milan Broz's avatar Milan Broz
Browse files
Options

Fix offset option for loopaesOpen. 

git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@476 36d66b0a-2a48-0410-832c-cd162a569da5
parent 4382e216
Hide whitespace changes
Inline Side-by-side
Showing with 72 additions and 40 deletions
ChangeLog
View file @ bce29573
......@@ -2,6 +2,7 @@
* Respect maximum keyfile size paramater.
* Introduce maximum default keyfile size, add configure option.
* Require the whole key read from keyfile in create command (broken in 1.2.0).
* Fix offset option for loopaesOpen.
2011-04-14 Milan Broz <mbroz@redhat.com>
* Version 1.3.0-rc1.
......
lib/loopaes/loopaes.c
View file @ bce29573
......@@ -186,6 +186,7 @@ int LOOPAES_activate(struct crypt_device *cd,
int read_only, r;
size = 0;
/* Initial IV (skip) is always the same as offset */
offset = crypt_get_data_offset(cd);
device = crypt_get_device_name(cd);
read_only = flags & CRYPT_ACTIVATE_READONLY;
......@@ -205,7 +206,7 @@ int LOOPAES_activate(struct crypt_device *cd,
r = dm_create_device(name, device,
cipher, CRYPT_LOOPAES,
crypt_get_uuid(cd),
size, 0, offset, vk->keylength, vk->key,
size, offset, offset, vk->keylength, vk->key,
read_only, 0);
if (!r && keys_count != 1 && !(dm_flags() & DM_LMK_SUPPORTED)) {
......
man/cryptsetup.8
View file @ bce29573
......@@ -173,8 +173,11 @@ N.B. If key file is in GPG encrypted format, you have to use
\-\-key-file=- and decrypt it before use.
gpg --decrypt <keyfile> | cryptsetup loopaesOpen \-\-key-file=- <device> <name>
Use \-\-key-file to specify proper key length, default compiled-in
parameters are visible in \-\-help output.
Use \fB\-\-key-file\fR to specify proper key length, default compiled-in
parameters are visible in \fB\-\-help\fR output.
Use \fB\-\-offset\fR to specify device offset. Note the units need to be
specified in 512 bytes sectors.
\fB<options>\fR can be [\-\-key-file, \-\-key-size, \-\-offset, \-\-readonly].
.PP
......@@ -295,7 +298,7 @@ This option is only relevant for \fIcreate\fR and \fIresize\fR action.
.TP
.B "\-\-offset, \-o"
start offset in the backend device (in 512-byte sectors).
This option is only relevant for \fIcreate\fR action.
This option is only relevant for \fIcreate\fR and \fIloopaesOpen\fR action.
.TP
.B "\-\-skip, \-p"
how many sectors of the encrypted data to skip at the beginning.
......
src/cryptsetup.c
View file @ bce29573
......@@ -1249,9 +1249,15 @@ int main(int argc, char **argv)
usage(popt_context, EXIT_FAILURE, _("Option --uuid is allowed only for luksFormat and luksUUID."),
poptGetInvocationName(popt_context));
if ((opt_offset || opt_skip) && strcmp(aname, "create"))
usage(popt_context, EXIT_FAILURE, _("Options --offset and --skip are supported only for create command.\n"),
poptGetInvocationName(popt_context));
if (opt_skip && strcmp(aname, "create"))
usage(popt_context, EXIT_FAILURE,
_("Option --skip is supported only for create command.\n"),
poptGetInvocationName(popt_context));
if (opt_offset && strcmp(aname, "create") && strcmp(aname, "loopaesOpen"))
usage(popt_context, EXIT_FAILURE,
_("Option --offset is supported only for create and loopaesOpen commands.\n"),
poptGetInvocationName(popt_context));
if (opt_debug) {
opt_verbose = 1;
......
tests/loopaes-test
View file @ bce29573
......@@ -3,10 +3,9 @@
CRYPTSETUP=../src/cryptsetup
# try to validate using loop-AES losetup/kernel if available
LOSETUP_AES=/losetup-aes
LOSETUP_AES=/losetup-aes.old
LOOP_DD_PARAM="bs=1k count=10000"
EXPSUM="31e00e0e4c233c89051cd748122fde2c98db0121ca09ba93a3820817ea037bc5"
DEV_NAME=dummy
IMG=loopaes.img
KEYv1=key_v1
......@@ -61,23 +60,41 @@ function check_exists()
[ -b /dev/mapper/$DEV_NAME ] || fail
}
function check_sum() # $key $keysize
function get_expsum() # $offset
{
# Fill device with zeroes and reopen it
dd if=/dev/zero of=/dev/mapper/$DEV_NAME bs=1k $LOOP_DD_PARAM >/dev/null 2>&1
sync
dmremove $DEV_NAME
$CRYPTSETUP loopaesOpen $LOOPDEV $DEV_NAME -s $2 --key-file $1 >/dev/null 2>&1
ret=$?
VSUM=$(sha256sum /dev/mapper/$DEV_NAME | cut -d' ' -f 1)
if [ $ret -eq 0 -a "$VSUM" = "$EXPSUM" ] ; then
echo -n "[OK]"
else
echo "[FAIL]"
echo " Expecting $EXPSUM got $VSUM."
fail
fi
case $1 in
0)
echo "31e00e0e4c233c89051cd748122fde2c98db0121ca09ba93a3820817ea037bc5"
;;
8192)
echo "bfd94392d1dd8f5d477251d21b3c736e177a4945cd4937847fc7bace82996aed"
;;
8388608)
echo "33838fe36928a929bd7971bed7e82bd426c88193fcd692c2e6f1b9c9bfecd4d6"
;;
*) fail
;;
esac
}
function check_sum() # $key $keysize $offset
{
# Fill device with zeroes and reopen it
dd if=/dev/zero of=/dev/mapper/$DEV_NAME bs=1k $LOOP_DD_PARAM >/dev/null 2>&1
sync
dmremove $DEV_NAME
EXPSUM=$(get_expsum $offset)
$CRYPTSETUP loopaesOpen $LOOPDEV $DEV_NAME -s $2 --key-file $1 -o $3 >/dev/null 2>&1
ret=$?
VSUM=$(sha256sum /dev/mapper/$DEV_NAME | cut -d' ' -f 1)
if [ $ret -eq 0 -a "$VSUM" = "$EXPSUM" ] ; then
echo -n "[OK]"
else
echo "[FAIL]"
echo " Expecting $EXPSUM got $VSUM."
fail
fi
}
function check_sum_losetup() # $key $alg
......@@ -87,16 +104,16 @@ function check_sum_losetup() # $key $alg
echo -n " Verification using loop-AES: "
losetup -d $LOOPDEV >/dev/null 2>&1
cat $1 | $LOSETUP_AES -p 0 -e $2 $LOOPDEV $IMG
ret=$?
VSUM=$(sha256sum $LOOPDEV | cut -d' ' -f 1)
if [ $ret -eq 0 -a "$VSUM" = "$EXPSUM" ] ; then
echo "[OK]"
else
echo "[FAIL]"
echo " Expecting $EXPSUM got $VSUM (loop-AES)."
fail
fi
cat $1 | $LOSETUP_AES -p 0 -e $2 -o $3 $LOOPDEV $IMG
ret=$?
VSUM=$(sha256sum $LOOPDEV | cut -d' ' -f 1)
if [ $ret -eq 0 -a "$VSUM" = "$EXPSUM" ] ; then
echo "[OK]"
else
echo "[FAIL]"
echo " Expecting $EXPSUM got $VSUM (loop-AES)."
fail
fi
losetup -d $LOOPDEV >/dev/null 2>&1
}
......@@ -119,16 +136,20 @@ check_version || skip "Probably old kernel, test skipped."
# loop-AES tests
KEY_SIZES="128 256"
KEY_FILES="$KEYv1 $KEYv2 $KEYv3"
DEV_OFFSET="0 8192 8388608"
for key_size in $KEY_SIZES ; do
for key in $KEY_FILES ; do
prepare "Open loop-AES $key / AES-$key_size"
$CRYPTSETUP loopaesOpen $LOOPDEV $DEV_NAME -s $key_size --key-file $key || fail
for key in $KEY_FILES ; do
for offset in $DEV_OFFSET ; do
offset_sec=$(($offset / 512))
prepare "Open loop-AES $key / AES-$key_size / offset $offset"
$CRYPTSETUP loopaesOpen $LOOPDEV $DEV_NAME -s $key_size --key-file $key -o $offset_sec || fail
check_exists
check_sum $key $key_size
check_sum $key $key_size $offset_sec
$CRYPTSETUP loopaesClose $DEV_NAME || fail
check_sum_losetup $key AES$key_size
check_sum_losetup $key AES$key_size $offset
done
done
done
remove_mapping
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment