From: Milan Broz Date: Thu, 30 Aug 2012 13:39:30 +0000 (+0200) Subject: Fix luksHeaderBackup for v1.0 (very old) headers and add some basic test. X-Git-Tag: upstream/1.6~175 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=29e4414c35b50c8f887f0479d1b49851bd23abf5;p=platform%2Fupstream%2Fcryptsetup.git Fix luksHeaderBackup for v1.0 (very old) headers and add some basic test. --- diff --git a/ChangeLog b/ChangeLog index 17b4ceb..8765cdb 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,6 @@ 2012-08-27 Milan Broz * Optimize seek to keyfile-offset (Issue #135, thx to dreisner). + * Fix luksHeaderBackup for very old v1.0 unaligned LUKS headers. 2012-08-12 Milan Broz * Allocate loop device late (only when real block device needed). diff --git a/lib/luks1/keymanage.c b/lib/luks1/keymanage.c index bc346e7..75a4981 100644 --- a/lib/luks1/keymanage.c +++ b/lib/luks1/keymanage.c @@ -176,7 +176,8 @@ int LUKS_hdr_backup( close(devfd); /* Wipe unused area, so backup cannot contain old signatures */ - memset(buffer + sizeof(*hdr), 0, LUKS_ALIGN_KEYSLOTS - sizeof(*hdr)); + if (hdr->keyblock[0].keyMaterialOffset * SECTOR_SIZE == LUKS_ALIGN_KEYSLOTS) + memset(buffer + sizeof(*hdr), 0, LUKS_ALIGN_KEYSLOTS - sizeof(*hdr)); devfd = creat(backup_file, S_IRUSR); if(devfd == -1) { diff --git a/tests/Makefile.am b/tests/Makefile.am index a3479b3..eb4e28a 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -8,7 +8,8 @@ if REENCRYPT TESTS += reencryption-compat-test endif -EXTRA_DIST = compatimage.img.bz2 valid_header_file.bz2 \ +EXTRA_DIST = compatimage.img.bz2 compatv10image.img.bz2 \ + valid_header_file.bz2 \ evil_hdr-payload_overwrite.bz2 \ evil_hdr-stripes_payload_dmg.bz2 \ evil_hdr-luks_hdr_damage.bz2 \ diff --git a/tests/compat-test b/tests/compat-test index 574da02..c1003d6 100755 --- a/tests/compat-test +++ b/tests/compat-test @@ -10,6 +10,7 @@ DEV_NAME2=dummy2 DEV_NAME3=dummy3 ORIG_IMG=luks-test-orig IMG=luks-test +IMG10=luks-test-v10 HEADER_IMG=luks-header KEY1=key1 KEY2=key2 @@ -39,7 +40,7 @@ function remove_mapping() [ -b /dev/mapper/$DEV_NAME2 ] && dmsetup remove $DEV_NAME2 [ -b /dev/mapper/$DEV_NAME ] && dmsetup remove $DEV_NAME losetup -d $LOOPDEV >/dev/null 2>&1 - rm -f $ORIG_IMG $IMG $KEY1 $KEY2 $KEY5 $KEYE $HEADER_IMG >/dev/null 2>&1 + rm -f $ORIG_IMG $IMG $IMG10 $KEY1 $KEY2 $KEY5 $KEYE $HEADER_IMG >/dev/null 2>&1 } function force_uevent() @@ -77,12 +78,14 @@ function prepare() remove_mapping bzip2 -cd compatimage.img.bz2 > $IMG losetup $LOOPDEV $IMG + bzip2 -cd compatv10image.img.bz2 > $IMG10 ;; reuse | *) if [ ! -e $IMG ]; then bzip2 -cd compatimage.img.bz2 > $IMG losetup $LOOPDEV $IMG fi + [ ! -e $IMG10 ] && bzip2 -cd compatv10image.img.bz2 > $IMG10 ;; esac @@ -143,9 +146,30 @@ echo "compatkey" | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME || fail check_exists ORG_SHA1=$(sha1sum -b /dev/mapper/$DEV_NAME | cut -f 1 -d' ') [ "$ORG_SHA1" = 676062b66ebf36669dab705442ea0762dfc091b0 ] || fail +$CRYPTSETUP -q luksClose $DEV_NAME || fail + +# Check it can be opened from header backup as well +$CRYPTSETUP luksHeaderBackup $IMG --header-backup-file $HEADER_IMG +echo "compatkey" | $CRYPTSETUP luksOpen $IMG10 $DEV_NAME --header $HEADER_IMG || fail +check_exists +$CRYPTSETUP -q luksClose $DEV_NAME || fail + +# Repeat for V1.0 header - not aligned first keyslot +echo "compatkey" | $CRYPTSETUP luksOpen $IMG10 $DEV_NAME || fail +check_exists +ORG_SHA1=$(sha1sum -b /dev/mapper/$DEV_NAME | cut -f 1 -d' ') +[ "$ORG_SHA1" = 51b48c2471a7593ceaf14dc5e66bca86ed05f6cc ] || fail +$CRYPTSETUP -q luksClose $DEV_NAME || fail + +rm -f $HEADER_IMG +$CRYPTSETUP luksHeaderBackup $IMG10 --header-backup-file $HEADER_IMG +echo "compatkey" | $CRYPTSETUP luksOpen $IMG10 $DEV_NAME --header $HEADER_IMG || fail +check_exists +$CRYPTSETUP -q luksClose $DEV_NAME || fail prepare "[2] open - compat image - denial check" new echo "wrongkey" | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fail +echo "wrongkey" | $CRYPTSETUP luksOpen $IMG10 $DEV_NAME 2>/dev/null && fail check # All headers items and first key material section must change diff --git a/tests/compatv10image.img.bz2 b/tests/compatv10image.img.bz2 new file mode 100644 index 0000000..be6aeca Binary files /dev/null and b/tests/compatv10image.img.bz2 differ