+2011-11-13 Milan Broz <mbroz@redhat.com>
+ * Fix error message for luksClose and detached LUKS header.
+ * Allow --header for status command to get full info with detached header.
+
2011-11-09 Milan Broz <mbroz@redhat.com>
* Version 1.4.1.
return crypt_check_data_device_size(cd);
}
+static int _crypt_load_luks1(struct crypt_device *cd, int require_header)
+{
+ struct luks_phdr hdr;
+ int r;
+
+ r = init_crypto(cd);
+ if (r < 0)
+ return r;
+
+ r = LUKS_read_phdr(mdata_device(cd), &hdr, require_header, cd);
+ if (r < 0)
+ return r;
+
+ if (!cd->type && !(cd->type = strdup(CRYPT_LUKS1)))
+ return -ENOMEM;
+
+ memcpy(&cd->hdr, &hdr, sizeof(hdr));
+
+ return r;
+}
+
int crypt_init_by_name_and_header(struct crypt_device **cd,
const char *name,
const char *header_device)
}
} else if (isLUKS((*cd)->type)) {
if (mdata_device(*cd)) {
- r = crypt_load(*cd, CRYPT_LUKS1, NULL);
+ r = _crypt_load_luks1(*cd, 0);
if (r < 0) {
log_dbg("LUKS device header does not match active device.");
free((*cd)->type);
const char *requested_type,
void *params __attribute__((unused)))
{
- struct luks_phdr hdr;
int r;
log_dbg("Trying to load %s crypt type from device %s.",
return -EINVAL;
}
- r = init_crypto(cd);
- if (r < 0)
- return r;
-
- r = LUKS_read_phdr(mdata_device(cd), &hdr, 1, cd);
+ r = _crypt_load_luks1(cd, 1);
if (r < 0)
return r;
- if (!cd->type && !(cd->type = strdup(CRYPT_LUKS1)))
- return -ENOMEM;
-
- memcpy(&cd->hdr, &hdr, sizeof(hdr));
-
/* cd->type and header must be set in context */
r = crypt_check_data_device_size(cd);
if (r < 0) {
This options allows separation of ciphertext device and on-disk metadata header.
This option is only relevant for LUKS devices and can be used in \fIluksFormat\fR,
-\fIluksOpen\fR, \fIluksSuspend\fR, \fIluksResume\fR and \fIresize\fR commands.
+\fIluksOpen\fR, \fIluksSuspend\fR, \fIluksResume\fR, \fIstatus\fR and
+\fIresize\fR commands.
If used with \fIluksFormat\fR the \-\-align-payload option is taken
as absolute sector alignment on ciphertext device and can be zero.
else
log_std("%s/%s is active%s.\n", crypt_get_dir(), action_argv[0],
ci == CRYPT_BUSY ? " and is in use" : "");
- r = crypt_init_by_name(&cd, action_argv[0]);
+
+ r = crypt_init_by_name_and_header(&cd, action_argv[0], opt_header_device);
if (r < 0 || !crypt_get_type(cd))
goto out;
DEV_NAME3=dummy3
ORIG_IMG=luks-test-orig
IMG=luks-test
+HEADER_IMG=luks-header
KEY1=key1
KEY2=key2
KEY5=key5
[ -b /dev/mapper/$DEV_NAME2 ] && dmsetup remove $DEV_NAME2
[ -b /dev/mapper/$DEV_NAME ] && dmsetup remove $DEV_NAME
losetup -d $LOOPDEV >/dev/null 2>&1
- rm -f $ORIG_IMG $IMG $KEY1 $KEY2 $KEY5 >/dev/null 2>&1
+ rm -f $ORIG_IMG $IMG $KEY1 $KEY2 $KEY5 $HEADER_IMG >/dev/null 2>&1
}
function fail()
# LUKS tests
-
prepare "[1] open - compat image - acceptance check" new
echo "compatkey" | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME || fail
check_exists
$CRYPTSETUP luksOpen -S 5 -d $KEY1 $LOOPDEV $DEV_NAME && fail
[ -b /dev/mapper/$DEV_NAME ] && fail
+prepare "[28] Detached LUKS header" wipe
+dd if=/dev/zero of=$HEADER_IMG bs=1M count=4 >/dev/null 2>&1
+echo "key0" | $CRYPTSETUP luksFormat -i1 $LOOPDEV --header $HEADER_IMG || fail
+echo "key0" | $CRYPTSETUP luksFormat -i1 $LOOPDEV --header $HEADER_IMG --align-payload 0 || fail
+echo "key0" | $CRYPTSETUP luksOpen $LOOPDEV --header $HEADER_IMG $DEV_NAME || fail
+$CRYPTSETUP -q resize $DEV_NAME --size 100 --header $HEADER_IMG || fail
+$CRYPTSETUP -q status $DEV_NAME --header $HEADER_IMG | grep "size:" | grep -q "100 sectors" || fail
+$CRYPTSETUP luksSuspend $DEV_NAME --header $HEADER_IMG || fail
+echo "key0" | $CRYPTSETUP luksResume $DEV_NAME --header $HEADER_IMG || fail
+$CRYPTSETUP luksClose $DEV_NAME || fail
+
remove_mapping
exit 0
projects / platform / upstream / cryptsetup.git / commitdiff