CS_STR_WITH([luks1-mode], [cipher mode for LUKS1], [cbc-essiv:sha256])
CS_NUM_WITH([luks1-keybits],[key length in bits for LUKS1], [256])
+CS_STR_WITH([loopaes-cipher], [cipher for loop-AES mode], [aes])
+CS_NUM_WITH([loopaes-keybits],[key length in bits for loop-AES mode], [256])
dnl ==========================================================================
#define LOOPAES_KEYFILE_MINSIZE 60
#define LOOPAES_KEYFILE_MAXSIZE 8000
-#define DEFAULT_LOOPAES_CIPHER "aes"
-
int LOOPAES_parse_keyfile(struct crypt_device *cd,
struct volume_key **vk,
unsigned int *keys_count,
For more information about LUKS, see \fBhttp://code.google.com/p/cryptsetup/wiki/Specification\fR
-.SH Loop-AES EXTENSION
+.SH loop-AES EXTENSION
cryptsetup allows to map loop-AES encrypted partition using compatible dm-crypt mode.
N.B. If keyfile is in GPG encrypted format, you have to use \-\-key-file=- and decrypt it before use.
gpg --decrypt <keyfile> | cryptsetup loopaesOpen \-\-key-file=- <device> <name>
+Use \-\-key-file to specify proper key length, default compiled-in parameters are visible in \-\-help output.
+
\fB<options>\fR can be [\-\-key-file, \-\-key-size, \-\-offset, \-\-readonly].
.PP
\fIloopaesClose\fR <name>
.hash = opt_hash ?: NULL, // FIXME
.offset = opt_offset,
};
- unsigned int key_size = (opt_key_size ?: 128) / 8;
+ unsigned int key_size = (opt_key_size ?: DEFAULT_LOOPAES_KEYBITS) / 8;
int r;
if (!opt_key_file) {
if ((r = crypt_init(&cd, action_argv[0])))
goto out;
- r = crypt_format(cd, CRYPT_LOOPAES, NULL, NULL, NULL, NULL,
- key_size, ¶ms);
+ r = crypt_format(cd, CRYPT_LOOPAES, opt_cipher ?: DEFAULT_LOOPAES_CIPHER,
+ NULL, NULL, NULL, key_size, ¶ms);
if (r < 0)
goto out;
crypt_get_dir());
log_std(_("\nDefault compiled-in device cipher parameters:\n"
+ "\tloop-AES: %s, Key %d bits\n"
"\tplain: %s, Key: %d bits, Password hashing: %s\n"
"\tLUKS1: %s, Key: %d bits, LUKS header hashing: %s, RNG: %s\n"),
+ DEFAULT_LOOPAES_CIPHER, DEFAULT_LOOPAES_KEYBITS,
DEFAULT_CIPHER(PLAIN), DEFAULT_PLAIN_KEYBITS, DEFAULT_PLAIN_HASH,
DEFAULT_CIPHER(LUKS1), DEFAULT_LUKS1_KEYBITS, DEFAULT_LUKS1_HASH,
DEFAULT_RNG);
CRYPTSETUP=../src/cryptsetup
-# try to validate using loop-aes losetup/kernel if available
+# try to validate using loop-AES losetup/kernel if available
LOSETUP_AES=/losetup-aes
LOOP_DD_PARAM="bs=1k count=10000"
{
[ ! -x $LOSETUP_AES ] && echo && return
- echo -n " Verification using Loop-AES: "
+ echo -n " Verification using loop-AES: "
losetup -d $LOOPDEV >/dev/null 2>&1
cat $1 | $LOSETUP_AES -p 0 -e $2 $LOOPDEV $IMG
echo "[OK]"
else
echo "[FAIL]"
- echo " Expecting $EXPSUM got $VSUM (loop-aes)."
+ echo " Expecting $EXPSUM got $VSUM (loop-AES)."
fail
fi
losetup -d $LOOPDEV >/dev/null 2>&1
which uuencode >/dev/null || skip "WARNING: test require uuencode binary, test skipped."
check_version || skip "Probably old kernel, test skipped."
-# Loop-AES tests
+# loop-AES tests
KEY_SIZES="128 256"
KEY_FILES="$KEYv1 $KEYv2 $KEYv3"
for key_size in $KEY_SIZES ; do
for key in $KEY_FILES ; do
- prepare "Open Loop-AES $key / AES-$key_size"
+ prepare "Open loop-AES $key / AES-$key_size"
$CRYPTSETUP loopaesOpen $LOOPDEV $DEV_NAME -s $key_size --key-file $key || fail
check_exists
check_sum $key $key_size