* Switch to 1MiB default alignment of data.
For more info see https://bugzilla.redhat.com/show_bug.cgi?id=621684
* Do not query non-existent device twice (cryptsetup status /dev/nonexistent).
* Switch to 1MiB default alignment of data.
For more info see https://bugzilla.redhat.com/show_bug.cgi?id=621684
* Do not query non-existent device twice (cryptsetup status /dev/nonexistent).
+ * Check if requested hash is supported before writing LUKS header.
2010-07-28 Arno Wagner <arno@wagner.name>
* Add FAQ (Frequently Asked Questions) file to distribution.
2010-07-28 Arno Wagner <arno@wagner.name>
* Add FAQ (Frequently Asked Questions) file to distribution.
if (alignPayload == 0)
alignPayload = DEFAULT_DISK_ALIGNMENT / SECTOR_SIZE;
if (alignPayload == 0)
alignPayload = DEFAULT_DISK_ALIGNMENT / SECTOR_SIZE;
+ if (PBKDF2_HMAC_ready(hashSpec) < 0) {
+ log_err(ctx, _("Requested LUKS hash %s is not supported.\n"), hashSpec);
+ return -EINVAL;
+ }
+
memset(header,0,sizeof(struct luks_phdr));
/* Set Magic */
memset(header,0,sizeof(struct luks_phdr));
/* Set Magic */
\fBWARNING:\fR setting hash other than \fBsha1\fR causes LUKS device incompatible with older version of cryptsetup.
\fBWARNING:\fR setting hash other than \fBsha1\fR causes LUKS device incompatible with older version of cryptsetup.
-The hash string is passed to libgcrypt, so all hashes accepted by gcrypt are supported.
+The hash string is passed to libgcrypt, so all hash algorithms are supported
+(for \fIluksFormat\fR algorithm must provide at least 20 byte long hash).
Default is set during compilation, compatible values with old version of cryptsetup are
\fB"ripemd160"\fR for \fIcreate\fR action and \fB"sha1"\fR for \fIluksFormat\fR.
Default is set during compilation, compatible values with old version of cryptsetup are
\fB"ripemd160"\fR for \fIcreate\fR action and \fB"sha1"\fR for \fIluksFormat\fR.
}
OK_(crypt_init(&cd, DEVICE_2));
OK_(crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, key, key_size, ¶ms));
}
OK_(crypt_init(&cd, DEVICE_2));
OK_(crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, key, key_size, ¶ms));
+
+ params.hash = "md5";
+ FAIL_(crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, key, key_size, ¶ms),
+ "MD5 unsupported, too short");