cryptsetup: Implement passing of integrity to dm-crypt
I'm running kernel v4.12 (built from the Git tag) and cryptsetup master.
Per the docs here and in the kernel, I did the following:
> truncate -s 1G diskfile
> losetup /dev/loop0 diskfile
> dmsetup create integ0 --table "0 1 integrity /dev/loop0 0 4 J 0"
> sleep 10
> dmsetup remove integ0
> integritysetup dump /dev/loop0
Info for integrity device /dev/loop0.
log2_interleave_sectors 15
integrity_tag_size 4
journal_sections 93
provided_data_sectors 2064392
sector_size 512
# Use provided_data_sectors
> dmsetup create integ0 --table "0 2064392 integrity /dev/loop0 0 4 J 0"
> cryptsetup luksFormat --key-file=/root/key --size=2064392 --batch-mode /dev/mapper/integ0
> cryptsetup luksOpen --key-file=/root/key --size=2064392 /dev/mapper/integ0 crypt0
# Write some random data to check
> dd if=/dev/urandom of=/dev/mapper/crypt1 bs=1M count=10
> dd if=/dev/mapper/crypt0 bs=1M count=10 | md5sum
1dc1efc7d58994ff4bd14e33e03f60ea -
# Corrupt the underlying "disk"
> dd if=/dev/urandom of=diskfile bs=1 seek=4096 count=1
# Check it again
> dd if=/dev/mapper/crypt0 bs=1M count=10 | md5sum
b2c07847975fbf72d548e7075f85a898 -
The checksums did not match and there were no kernel messages in dmesg. As far as I can tell, my kernel contains the needed code. I suspect the integrity argument isn't being set per the dm-crypt docs.