diff options
| author | Milan Broz <gmazyland@gmail.com> | 2013-05-11 10:59:02 +0200 |
|---|---|---|
| committer | Milan Broz <gmazyland@gmail.com> | 2013-05-11 10:59:02 +0200 |
| commit | ae9c9cf369cb24ac5267376401c80c2c40ada6a2 (patch) | |
| tree | 9dd5d5f927a99f8dc23552d436ae7e70279f24f5 | |
| parent | db44c276747f903ce3e16840dea624a35d62b181 (diff) | |
| download | cryptsetup-ae9c9cf369cb24ac5267376401c80c2c40ada6a2.tar.gz cryptsetup-ae9c9cf369cb24ac5267376401c80c2c40ada6a2.tar.bz2 cryptsetup-ae9c9cf369cb24ac5267376401c80c2c40ada6a2.zip | |
Disallow explicit small payload offset for detached header.
LUKS detached header has some limitations, one of them
is that you cannot run some explicit check for data offsets
without providing also data device.
Because luksDump and all key handle commands takes only
metadata device (LUKS heaer device), it not easy to properly
support data payload offset validation.
So if detached header is present for luksFormat, code now
allows data payload 0 (IOW whole data device is used)
and explicit offset larger than header+keyslots
(the same as the header is on data device - so some space is wasted).
N.B. with detached header the option --align-payload is used
directly without any round up caculations.
Fixes Issue#155.
| -rw-r--r-- | lib/luks1/keymanage.c | 9 | ||||
| -rwxr-xr-x | tests/compat-test | 2 |
2 files changed, 10 insertions, 1 deletions
diff --git a/lib/luks1/keymanage.c b/lib/luks1/keymanage.c index d51b3a5..c1e24bd 100644 --- a/lib/luks1/keymanage.c +++ b/lib/luks1/keymanage.c @@ -605,7 +605,7 @@ int LUKS_generate_phdr(struct luks_phdr *header, int detached_metadata_device, struct crypt_device *ctx) { - unsigned int i=0; + unsigned int i = 0, hdr_sectors = LUKS_device_sectors(vk->keylength); size_t blocksPerStripeSet, currentSector; int r; uuid_t partitionUuid; @@ -615,6 +615,13 @@ int LUKS_generate_phdr(struct luks_phdr *header, if (alignPayload == 0 && !detached_metadata_device) alignPayload = DEFAULT_DISK_ALIGNMENT / SECTOR_SIZE; + if (alignPayload && detached_metadata_device && alignPayload < hdr_sectors) { + log_err(ctx, _("Data offset for detached LUKS header must be " + "either 0 or higher than header size (%d sectors).\n"), + hdr_sectors); + return -EINVAL; + } + if (crypt_hmac_size(hashSpec) < LUKS_DIGESTSIZE) { log_err(ctx, _("Requested LUKS hash %s is not supported.\n"), hashSpec); return -EINVAL; diff --git a/tests/compat-test b/tests/compat-test index 36e186c..ab3ade5 100755 --- a/tests/compat-test +++ b/tests/compat-test @@ -527,6 +527,8 @@ $CRYPTSETUP luksOpen -S 5 -d $KEY1 $LOOPDEV $DEV_NAME && fail prepare "[28] Detached LUKS header" wipe dd if=/dev/zero of=$HEADER_IMG bs=1M count=4 >/dev/null 2>&1 echo $PWD1 | $CRYPTSETUP luksFormat -i1 $LOOPDEV --header $HEADER_IMG || fail +echo $PWD1 | $CRYPTSETUP luksFormat -i1 $LOOPDEV --header $HEADER_IMG --align-payload 1 >/dev/null 2>&1 && fail +echo $PWD1 | $CRYPTSETUP luksFormat -i1 $LOOPDEV --header $HEADER_IMG --align-payload 8192 || fail echo $PWD1 | $CRYPTSETUP luksFormat -i1 $LOOPDEV --header $HEADER_IMG --align-payload 0 || fail echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV --header $HEADER_IMG $DEV_NAME || fail $CRYPTSETUP -q resize $DEV_NAME --size 100 --header $HEADER_IMG || fail |