/*
- * TCRYPT (TrueCrypt-compatible) and VeraCrypt volume handling
+ * TCRYPT (TrueCrypt-compatible) volume handling
*
* Copyright (C) 2012, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2012-2015, Milan Broz
+ * Copyright (C) 2012-2013, Milan Broz
*
* This file is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
/* TCRYPT PBKDF variants */
static struct {
unsigned int legacy:1;
- unsigned int veracrypt:1;
const char *name;
const char *hash;
unsigned int iterations;
} tcrypt_kdf[] = {
- { 0, 0, "pbkdf2", "ripemd160", 2000 },
- { 0, 0, "pbkdf2", "ripemd160", 1000 },
- { 0, 0, "pbkdf2", "sha512", 1000 },
- { 0, 0, "pbkdf2", "whirlpool", 1000 },
- { 1, 0, "pbkdf2", "sha1", 2000 },
- { 0, 1, "pbkdf2", "sha512", 500000 },
- { 0, 1, "pbkdf2", "ripemd160", 655331 },
- { 0, 1, "pbkdf2", "ripemd160", 327661 }, // boot only
- { 0, 1, "pbkdf2", "whirlpool", 500000 },
- { 0, 1, "pbkdf2", "sha256", 500000 }, // VeraCrypt 1.0f
- { 0, 1, "pbkdf2", "sha256", 200000 }, // boot only
- { 0, 0, NULL, NULL, 0 }
+ { 0, "pbkdf2", "ripemd160", 2000 },
+ { 0, "pbkdf2", "ripemd160", 1000 },
+ { 0, "pbkdf2", "sha512", 1000 },
+ { 0, "pbkdf2", "whirlpool", 1000 },
+ { 1, "pbkdf2", "sha1", 2000 },
+ { 0, NULL, NULL, 0 }
};
struct tcrypt_alg {
unsigned int iv_size;
unsigned int key_offset;
unsigned int iv_offset; /* or tweak key offset */
- unsigned int key_extra_size;
};
struct tcrypt_algs {
static struct tcrypt_algs tcrypt_cipher[] = {
/* XTS mode */
{0,1,64,"aes","xts-plain64",
- {{"aes", 64,16,0,32,0}}},
+ {{"aes", 64,16,0,32}}},
{0,1,64,"serpent","xts-plain64",
- {{"serpent",64,16,0,32,0}}},
+ {{"serpent",64,16,0,32}}},
{0,1,64,"twofish","xts-plain64",
- {{"twofish",64,16,0,32,0}}},
+ {{"twofish",64,16,0,32}}},
{0,2,128,"twofish-aes","xts-plain64",
- {{"twofish",64,16, 0,64,0},
- {"aes", 64,16,32,96,0}}},
+ {{"twofish",64,16, 0,64},
+ {"aes", 64,16,32,96}}},
{0,3,192,"serpent-twofish-aes","xts-plain64",
- {{"serpent",64,16, 0, 96,0},
- {"twofish",64,16,32,128,0},
- {"aes", 64,16,64,160,0}}},
+ {{"serpent",64,16, 0, 96},
+ {"twofish",64,16,32,128},
+ {"aes", 64,16,64,160}}},
{0,2,128,"aes-serpent","xts-plain64",
- {{"aes", 64,16, 0,64,0},
- {"serpent",64,16,32,96,0}}},
+ {{"aes", 64,16, 0,64},
+ {"serpent",64,16,32,96}}},
{0,3,192,"aes-twofish-serpent","xts-plain64",
- {{"aes", 64,16, 0, 96,0},
- {"twofish",64,16,32,128,0},
- {"serpent",64,16,64,160,0}}},
+ {{"aes", 64,16, 0, 96},
+ {"twofish",64,16,32,128},
+ {"serpent",64,16,64,160}}},
{0,2,128,"serpent-twofish","xts-plain64",
- {{"serpent",64,16, 0,64,0},
- {"twofish",64,16,32,96,0}}},
-
+ {{"serpent",64,16, 0,64},
+ {"twofish",64,16,32,96}}},
/* LRW mode */
{0,1,48,"aes","lrw-benbi",
- {{"aes", 48,16,32,0,0}}},
+ {{"aes", 48,16,32,0}}},
{0,1,48,"serpent","lrw-benbi",
- {{"serpent",48,16,32,0,0}}},
+ {{"serpent",48,16,32,0}}},
{0,1,48,"twofish","lrw-benbi",
- {{"twofish",48,16,32,0,0}}},
+ {{"twofish",48,16,32,0}}},
{0,2,96,"twofish-aes","lrw-benbi",
- {{"twofish",48,16,32,0,0},
- {"aes", 48,16,64,0,0}}},
+ {{"twofish",48,16,32,0},
+ {"aes", 48,16,64,0}}},
{0,3,144,"serpent-twofish-aes","lrw-benbi",
- {{"serpent",48,16,32,0,0},
- {"twofish",48,16,64,0,0},
- {"aes", 48,16,96,0,0}}},
+ {{"serpent",48,16,32,0},
+ {"twofish",48,16,64,0},
+ {"aes", 48,16,96,0}}},
{0,2,96,"aes-serpent","lrw-benbi",
- {{"aes", 48,16,32,0,0},
- {"serpent",48,16,64,0,0}}},
+ {{"aes", 48,16,32,0},
+ {"serpent",48,16,64,0}}},
{0,3,144,"aes-twofish-serpent","lrw-benbi",
- {{"aes", 48,16,32,0,0},
- {"twofish",48,16,64,0,0},
- {"serpent",48,16,96,0,0}}},
+ {{"aes", 48,16,32,0},
+ {"twofish",48,16,64,0},
+ {"serpent",48,16,96,0}}},
{0,2,96,"serpent-twofish", "lrw-benbi",
- {{"serpent",48,16,32,0,0},
- {"twofish",48,16,64,0,0}}},
-
+ {{"serpent",48,16,32,0},
+ {"twofish",48,16,64,0}}},
/* Kernel LRW block size is fixed to 16 bytes for GF(2^128)
* thus cannot be used with blowfish where block is 8 bytes.
* There also no GF(2^64) support.
{1,1,64,"blowfish_le","lrw-benbi",
- {{"blowfish_le",64,8,32,0,0}}},
+ {{"blowfish_le",64,8,32,0}}},
{1,2,112,"blowfish_le-aes","lrw-benbi",
- {{"blowfish_le",64, 8,32,0,0},
- {"aes", 48,16,88,0,0}}},
+ {{"blowfish_le",64, 8,32,0},
+ {"aes", 48,16,88,0}}},
{1,3,160,"serpent-blowfish_le-aes","lrw-benbi",
- {{"serpent", 48,16, 32,0,0},
- {"blowfish_le",64, 8, 64,0,0},
- {"aes", 48,16,120,0,0}}},*/
-
-/*
- * CBC + "outer" CBC (both with whitening)
- * chain_key_size: alg_keys_bytes + IV_seed_bytes + whitening_bytes
- */
-{1,1,32+16+16,"aes","cbc-tcw",
- {{"aes", 32,16,32,0,32}}},
-{1,1,32+16+16,"serpent","cbc-tcw",
- {{"serpent",32,16,32,0,32}}},
-{1,1,32+16+16,"twofish","cbc-tcw",
- {{"twofish",32,16,32,0,32}}},
-{1,2,64+16+16,"twofish-aes","cbci-tcrypt",
- {{"twofish",32,16,32,0,0},
- {"aes", 32,16,64,0,32}}},
-{1,3,96+16+16,"serpent-twofish-aes","cbci-tcrypt",
- {{"serpent",32,16,32,0,0},
- {"twofish",32,16,64,0,0},
- {"aes", 32,16,96,0,32}}},
-{1,2,64+16+16,"aes-serpent","cbci-tcrypt",
- {{"aes", 32,16,32,0,0},
- {"serpent",32,16,64,0,32}}},
-{1,3,96+16+16,"aes-twofish-serpent", "cbci-tcrypt",
- {{"aes", 32,16,32,0,0},
- {"twofish",32,16,64,0,0},
- {"serpent",32,16,96,0,32}}},
-{1,2,64+16+16,"serpent-twofish", "cbci-tcrypt",
- {{"serpent",32,16,32,0,0},
- {"twofish",32,16,64,0,32}}},
-{1,1,16+8+16,"cast5","cbc-tcw",
- {{"cast5", 16,8,32,0,24}}},
-{1,1,24+8+16,"des3_ede","cbc-tcw",
- {{"des3_ede",24,8,32,0,24}}},
-{1,1,56+8+16,"blowfish_le","cbc-tcrypt",
- {{"blowfish_le",56,8,32,0,24}}},
-{1,2,88+16+16,"blowfish_le-aes","cbc-tcrypt",
- {{"blowfish_le",56, 8,32,0,0},
- {"aes", 32,16,88,0,32}}},
-{1,3,120+16+16,"serpent-blowfish_le-aes","cbc-tcrypt",
- {{"serpent", 32,16, 32,0,0},
- {"blowfish_le",56, 8, 64,0,0},
- {"aes", 32,16,120,0,32}}},
+ {{"serpent", 48,16, 32,0},
+ {"blowfish_le",64, 8, 64,0},
+ {"aes", 48,16,120,0}}},*/
+/* CBC + "outer" CBC (both with whitening) */
+{1,1,32,"aes","cbc-tcrypt",
+ {{"aes", 32,16,32,0}}},
+{1,1,32,"serpent","cbc-tcrypt",
+ {{"serpent",32,16,32,0}}},
+{1,1,32,"twofish","cbc-tcrypt",
+ {{"twofish",32,16,32,0}}},
+{1,2,64,"twofish-aes","cbci-tcrypt",
+ {{"twofish",32,16,32,0},
+ {"aes", 32,16,64,0}}},
+{1,3,96,"serpent-twofish-aes","cbci-tcrypt",
+ {{"serpent",32,16,32,0},
+ {"twofish",32,16,64,0},
+ {"aes", 32,16,96,0}}},
+{1,2,64,"aes-serpent","cbci-tcrypt",
+ {{"aes", 32,16,32,0},
+ {"serpent",32,16,64,0}}},
+{1,3,96,"aes-twofish-serpent", "cbci-tcrypt",
+ {{"aes", 32,16,32,0},
+ {"twofish",32,16,64,0},
+ {"serpent",32,16,96,0}}},
+{1,2,64,"serpent-twofish", "cbci-tcrypt",
+ {{"serpent",32,16,32,0},
+ {"twofish",32,16,64,0}}},
+{1,1,16,"cast5","cbc-tcrypt",
+ {{"cast5", 16,8,32,0}}},
+{1,1,24,"des3_ede","cbc-tcrypt",
+ {{"des3_ede",24,8,32,0}}},
+{1,1,56,"blowfish_le","cbc-tcrypt",
+ {{"blowfish_le",56,8,32,0}}},
+{1,2,88,"blowfish_le-aes","cbc-tcrypt",
+ {{"blowfish_le",56, 8,32,0},
+ {"aes", 32,16,88,0}}},
+{1,3,120,"serpent-blowfish_le-aes","cbc-tcrypt",
+ {{"serpent", 32,16, 32,0},
+ {"blowfish_le",56, 8, 64,0},
+ {"aes", 32,16,120,0}}},
{}
};
/* Convert header to cpu format */
hdr->d.version = be16_to_cpu(hdr->d.version);
- hdr->d.version_tc = be16_to_cpu(hdr->d.version_tc);
+ hdr->d.version_tc = le16_to_cpu(hdr->d.version_tc);
hdr->d.keys_crc32 = be32_to_cpu(hdr->d.keys_crc32);
}
crypt_cipher_destroy(cipher);
- crypt_memzero(iv, bs);
- crypt_memzero(iv_old, bs);
+ memset(iv, 0, bs);
+ memset(iv_old, 0, bs);
return r;
}
memcpy(&out_key[ks2], key, TCRYPT_LRW_IKEY_LEN);
} else if (!strncmp(mode, "cbc", 3)) {
memcpy(out_key, &key[alg->key_offset], alg->key_size);
- /* IV + whitening */
- memcpy(&out_key[alg->key_size], &key[alg->iv_offset],
- alg->key_extra_size);
}
}
crypt_cipher_destroy(cipher);
}
- crypt_memzero(backend_key, sizeof(backend_key));
- crypt_memzero(iv, TCRYPT_HDR_IV_LEN);
+ memset(backend_key, 0, sizeof(backend_key));
+ memset(iv, 0, TCRYPT_HDR_IV_LEN);
return r;
}
if (cipher[j])
crypt_cipher_destroy(cipher[j]);
- crypt_memzero(iv, bs);
- crypt_memzero(iv_old, bs);
+ memset(iv, 0, bs);
+ memset(iv_old, 0, bs);
return r;
}
static int TCRYPT_decrypt_hdr(struct crypt_device *cd, struct tcrypt_phdr *hdr,
- const char *key, uint32_t flags)
+ const char *key, int legacy_modes)
{
struct tcrypt_phdr hdr2;
int i, j, r = -EINVAL;
for (i = 0; tcrypt_cipher[i].chain_count; i++) {
- if (!(flags & CRYPT_TCRYPT_LEGACY_MODES) && tcrypt_cipher[i].legacy)
+ if (!legacy_modes && tcrypt_cipher[i].legacy)
continue;
log_dbg("TCRYPT: trying cipher %s-%s",
tcrypt_cipher[i].long_name, tcrypt_cipher[i].mode);
r = i;
break;
}
- if ((flags & CRYPT_TCRYPT_VERA_MODES) &&
- !strncmp(hdr2.d.magic, VCRYPT_HDR_MAGIC, TCRYPT_HDR_MAGIC_LEN)) {
- log_dbg("TCRYPT: Signature magic detected (Veracrypt).");
- memcpy(&hdr->e, &hdr2.e, TCRYPT_HDR_LEN);
- r = i;
- break;
- }
r = -EPERM;
}
- crypt_memzero(&hdr2, sizeof(hdr2));
+ memset(&hdr2, 0, sizeof(hdr2));
return r;
}
j %= TCRYPT_KEY_POOL_LEN;
}
- crypt_memzero(&crc, sizeof(crc));
- crypt_memzero(data, TCRYPT_KEYFILE_LEN);
+ memset(&crc, 0, sizeof(crc));
+ memset(data, 0, TCRYPT_KEYFILE_LEN);
return 0;
}
size_t passphrase_size;
char *key;
unsigned int i, skipped = 0;
- int r = -EPERM;
+ int r = -EINVAL, legacy_modes;
if (posix_memalign((void*)&key, crypt_getpagesize(), TCRYPT_HDR_KEY_LEN))
return -ENOMEM;
if (params->passphrase_size > TCRYPT_KEY_POOL_LEN) {
log_err(cd, _("Maximum TCRYPT passphrase length (%d) exceeded.\n"),
TCRYPT_KEY_POOL_LEN);
- goto out;
+ return -EPERM;
}
/* Calculate pool content from keyfiles */
for (i = 0; i < params->passphrase_size; i++)
pwd[i] += params->passphrase[i];
+ legacy_modes = params->flags & CRYPT_TCRYPT_LEGACY_MODES ? 1 : 0;
for (i = 0; tcrypt_kdf[i].name; i++) {
- if (!(params->flags & CRYPT_TCRYPT_LEGACY_MODES) && tcrypt_kdf[i].legacy)
- continue;
- if (!(params->flags & CRYPT_TCRYPT_VERA_MODES) && tcrypt_kdf[i].veracrypt)
+ if (!legacy_modes && tcrypt_kdf[i].legacy)
continue;
/* Derive header key */
log_dbg("TCRYPT: trying KDF: %s-%s-%d.",
break;
/* Decrypt header */
- r = TCRYPT_decrypt_hdr(cd, hdr, key, params->flags);
+ r = TCRYPT_decrypt_hdr(cd, hdr, key, legacy_modes);
if (r == -ENOENT) {
skipped++;
- r = -EPERM;
+ continue;
}
if (r != -EPERM)
break;
}
- if ((r < 0 && r != -EPERM && skipped && skipped == i) || r == -ENOTSUP) {
+ if ((skipped && skipped == i) || r == -ENOTSUP) {
log_err(cd, _("Required kernel crypto interface not available.\n"));
#ifdef ENABLE_AF_ALG
log_err(cd, _("Ensure you have algif_skcipher kernel module loaded.\n"));
r = TCRYPT_hdr_from_disk(hdr, params, i, r);
if (!r) {
- log_dbg("TCRYPT: Magic: %s, Header version: %d, req. %d, sector %d"
+ log_dbg("TCRYPT: Header version: %d, req. %d, sector %d"
", mk_offset %" PRIu64 ", hidden_size %" PRIu64
- ", volume size %" PRIu64, tcrypt_kdf[i].veracrypt ?
- VCRYPT_HDR_MAGIC : TCRYPT_HDR_MAGIC,
- (int)hdr->d.version, (int)hdr->d.version_tc, (int)hdr->d.sector_size,
+ ", volume size %" PRIu64, (int)hdr->d.version,
+ (int)hdr->d.version_tc, (int)hdr->d.sector_size,
hdr->d.mk_offset, hdr->d.hidden_volume_size, hdr->d.volume_size);
- log_dbg("TCRYPT: Header cipher %s-%s, key size %zu",
+ log_dbg("TCRYPT: Header cipher %s-%s, key size %d",
params->cipher, params->mode, params->key_size);
}
out:
- crypt_memzero(pwd, TCRYPT_KEY_POOL_LEN);
+ memset(pwd, 0, TCRYPT_KEY_POOL_LEN);
if (key)
- crypt_memzero(key, TCRYPT_HDR_KEY_LEN);
+ memset(key, 0, TCRYPT_HDR_KEY_LEN);
free(key);
return r;
}
struct tcrypt_phdr *hdr,
struct crypt_params_tcrypt *params)
{
- struct device *base_device, *device = crypt_metadata_device(cd);
+ struct device *device = crypt_metadata_device(cd);
ssize_t hdr_size = sizeof(struct tcrypt_phdr);
- char *base_device_path;
int devfd = 0, r, bs;
assert(sizeof(struct tcrypt_phdr) == 512);
- log_dbg("Reading TCRYPT header of size %zu bytes from device %s.",
+ log_dbg("Reading TCRYPT header of size %d bytes from device %s.",
hdr_size, device_path(device));
bs = device_block_size(device);
if (bs < 0)
return bs;
- if (params->flags & CRYPT_TCRYPT_SYSTEM_HEADER &&
- crypt_dev_is_partition(device_path(device))) {
- base_device_path = crypt_get_base_device(device_path(device));
-
- log_dbg("Reading TCRYPT system header from device %s.", base_device_path ?: "?");
- if (!base_device_path)
- return -EINVAL;
-
- r = device_alloc(&base_device, base_device_path);
- if (r < 0)
- return r;
- devfd = device_open(base_device, O_RDONLY);
- free(base_device_path);
- device_free(base_device);
- } else
- devfd = device_open(device, O_RDONLY);
-
+ devfd = device_open(device, O_RDONLY);
if (devfd == -1) {
log_err(cd, _("Cannot open device %s.\n"), device_path(device));
return -EINVAL;
if (lseek(devfd, TCRYPT_HDR_SYSTEM_OFFSET, SEEK_SET) >= 0 &&
read_blockwise(devfd, bs, hdr, hdr_size) == hdr_size) {
r = TCRYPT_init_hdr(cd, hdr, params);
+ if (r == -EPERM && crypt_dev_is_partition(device_path(device)))
+ log_std(cd, _("WARNING: device %s is a partition, for TCRYPT "
+ "system encryption you usually need to use "
+ "whole block device path.\n"), device_path(device));
}
} else if (params->flags & CRYPT_TCRYPT_HIDDEN_HEADER) {
if (params->flags & CRYPT_TCRYPT_BACKUP_HEADER) {
struct device *device = NULL, *part_device = NULL;
unsigned int i;
int r;
- uint32_t req_flags;
struct tcrypt_algs *algs;
enum devcheck device_check;
struct crypt_dm_active_device dmd = {
return -ENOTSUP;
}
- if (strstr(params->mode, "-tcw"))
- req_flags = DM_TCW_SUPPORTED;
- else
- req_flags = DM_PLAIN64_SUPPORTED;
-
algs = TCRYPT_get_algs(params->cipher, params->mode);
if (!algs)
return -EINVAL;
- if (params->flags & CRYPT_TCRYPT_SYSTEM_HEADER)
- dmd.size = 0;
- else if (params->flags & CRYPT_TCRYPT_HIDDEN_HEADER)
+ if (params->flags & CRYPT_TCRYPT_HIDDEN_HEADER)
dmd.size = hdr->d.hidden_volume_size / hdr->d.sector_size;
else
dmd.size = hdr->d.volume_size / hdr->d.sector_size;
- if (dmd.flags & CRYPT_ACTIVATE_SHARED)
+ /*
+ * System encryption use the whole device mapping, there can
+ * be active partitions.
+ * FIXME: This will allow multiple mappings unexpectedly.
+ */
+ if ((dmd.flags & CRYPT_ACTIVATE_SHARED) ||
+ (params->flags & CRYPT_TCRYPT_SYSTEM_HEADER))
device_check = DEV_SHARED;
else
device_check = DEV_EXCL;
if ((params->flags & CRYPT_TCRYPT_SYSTEM_HEADER) &&
- !crypt_dev_is_partition(device_path(dmd.data_device))) {
- part_path = crypt_get_partition_device(device_path(dmd.data_device),
- dmd.u.crypt.offset, dmd.size);
- if (part_path) {
- if (!device_alloc(&part_device, part_path)) {
- log_verbose(cd, _("Activating TCRYPT system encryption for partition %s.\n"),
- part_path);
- dmd.data_device = part_device;
- dmd.u.crypt.offset = 0;
- }
- free(part_path);
- } else
- /*
- * System encryption use the whole device mapping, there can
- * be active partitions.
- */
- device_check = DEV_SHARED;
+ (part_path = crypt_get_partition_device(device_path(dmd.data_device),
+ dmd.u.crypt.offset, dmd.size))) {
+ if (!device_alloc(&part_device, part_path)) {
+ log_verbose(cd, _("Activating TCRYPT system encryption for partition %s.\n"),
+ part_path);
+ dmd.data_device = part_device;
+ dmd.u.crypt.offset = 0;
+ }
+ free(part_path);
}
r = device_block_adjust(cd, dmd.data_device, device_check,
return r;
/* Frome here, key size for every cipher must be the same */
- dmd.u.crypt.vk = crypt_alloc_volume_key(algs->cipher[0].key_size +
- algs->cipher[0].key_extra_size, NULL);
+ dmd.u.crypt.vk = crypt_alloc_volume_key(algs->cipher[0].key_size, NULL);
if (!dmd.u.crypt.vk)
return -ENOMEM;
break;
}
- if (r < 0 && !(dm_flags() & req_flags)) {
- log_err(cd, _("Kernel doesn't support TCRYPT compatible mapping.\n"));
+ if (r < 0 && !(dm_flags() & DM_PLAIN64_SUPPORTED)) {
+ log_err(cd, _("Kernel doesn't support plain64 IV.\n"));
r = -ENOTSUP;
}
goto hdr_offset;
/* Mapping through whole device, not partition! */
- if (params->flags & CRYPT_TCRYPT_SYSTEM_HEADER) {
- if (crypt_dev_is_partition(device_path(crypt_metadata_device(cd))))
- return 0;
+ if (params->flags & CRYPT_TCRYPT_SYSTEM_HEADER)
goto hdr_offset;
- }
if (params->mode && !strncmp(params->mode, "xts", 3)) {
if (hdr->d.version < 3)
uint64_t TCRYPT_get_iv_offset(struct crypt_device *cd,
struct tcrypt_phdr *hdr,
- struct crypt_params_tcrypt *params)
+ struct crypt_params_tcrypt *params
+)
{
- uint64_t iv_offset;
-
if (params->mode && !strncmp(params->mode, "xts", 3))
- iv_offset = TCRYPT_get_data_offset(cd, hdr, params);
+ return TCRYPT_get_data_offset(cd, hdr, params);
else if (params->mode && !strncmp(params->mode, "lrw", 3))
- iv_offset = 0;
- else
- iv_offset = hdr->d.mk_offset / hdr->d.sector_size;
+ return 0;
- if (params->flags & CRYPT_TCRYPT_SYSTEM_HEADER)
- iv_offset += crypt_dev_partition_offset(device_path(crypt_metadata_device(cd)));
-
- return iv_offset;
+ return hdr->d.mk_offset / hdr->d.sector_size;
}
int TCRYPT_get_volume_key(struct crypt_device *cd,
struct tcrypt_phdr *hdr,
struct crypt_params_tcrypt *params)
{
- log_std(cd, "%s header information for %s\n",
- hdr->d.magic[0] == 'T' ? "TCRYPT" : "VERACRYPT",
+ log_std(cd, "TCRYPT header information for %s\n",
device_path(crypt_metadata_device(cd)));
if (hdr->d.version) {
log_std(cd, "Version: \t%d\n", hdr->d.version);
- log_std(cd, "Driver req.:\t%x.%x\n", hdr->d.version_tc >> 8,
- hdr->d.version_tc & 0xFF);
+ log_std(cd, "Driver req.:\t%d\n", hdr->d.version_tc);
log_std(cd, "Sector size:\t%" PRIu32 "\n", hdr->d.sector_size);
log_std(cd, "MK offset:\t%" PRIu64 "\n", hdr->d.mk_offset);
}
log_std(cd, "Cipher chain:\t%s\n", params->cipher);
log_std(cd, "Cipher mode:\t%s\n", params->mode);
- log_std(cd, "MK bits: \t%zu\n", params->key_size * 8);
+ log_std(cd, "MK bits: \t%d\n", params->key_size * 8);
return 0;
}