dcavalca / rpms / util-linux

Forked from rpms/util-linux 2 years ago
Clone

Blame SOURCES/0001-libblkid-Check-for-a-secondary-LUKS2-header.patch

fe1ca8
From 768b91ef6f68661462494bed800505064eb97bc8 Mon Sep 17 00:00:00 2001
fe1ca8
From: Milan Broz <gmazyland@gmail.com>
fe1ca8
Date: Wed, 11 Jul 2018 12:34:39 +0200
fe1ca8
Subject: [PATCH 1/6] libblkid: Check for a secondary LUKS2 header.
fe1ca8
fe1ca8
This patch adds search for a secondary LUKS2 header,
fe1ca8
if the primary one is corrupted.
fe1ca8
fe1ca8
This patch is primarily needed for wipefs that should wipe
fe1ca8
both signatures (otherwise LUKS2 header recovery can use
fe1ca8
secondary header and revert wipefs action).
fe1ca8
fe1ca8
Signed-off-by: Milan Broz <gmazyland@gmail.com>
fe1ca8
Upstream: http://github.com/karelzak/util-linux/commit/8bee1a220db8effbe5a75ba9bc68840e019ea89a
fe1ca8
Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=1595882
fe1ca8
---
fe1ca8
 libblkid/src/superblocks/luks.c | 60 ++++++++++++++++++++++++++++++++---------
fe1ca8
 1 file changed, 47 insertions(+), 13 deletions(-)
fe1ca8
fe1ca8
diff --git a/libblkid/src/superblocks/luks.c b/libblkid/src/superblocks/luks.c
fe1ca8
index bc3d7f558..67d7cfcc5 100644
fe1ca8
--- a/libblkid/src/superblocks/luks.c
fe1ca8
+++ b/libblkid/src/superblocks/luks.c
fe1ca8
@@ -1,5 +1,6 @@
fe1ca8
 /*
fe1ca8
  * Copyright (C) 2008 Karel Zak <kzak@redhat.com>
fe1ca8
+ * Copyright (C) 2018 Milan Broz <gmazyland@gmail.com>
fe1ca8
  *
fe1ca8
  * Inspired by libvolume_id by
fe1ca8
  *     Kay Sievers <kay.sievers@vrfy.org>
fe1ca8
@@ -29,6 +30,15 @@
fe1ca8
 #define LUKS2_CHECKSUM_ALG_L		32
fe1ca8
 #define LUKS2_CHECKSUM_L		64
fe1ca8
 
fe1ca8
+#define LUKS_MAGIC	"LUKS\xba\xbe"
fe1ca8
+#define LUKS_MAGIC_2	"SKUL\xba\xbe"
fe1ca8
+
fe1ca8
+/* Offsets for secondary header (for scan if primary header is corrupted). */
fe1ca8
+#define LUKS2_HDR2_OFFSETS { 0x04000, 0x008000, 0x010000, 0x020000, \
fe1ca8
+                             0x40000, 0x080000, 0x100000, 0x200000, 0x400000 }
fe1ca8
+
fe1ca8
+static const uint64_t secondary_offsets[] = LUKS2_HDR2_OFFSETS;
fe1ca8
+
fe1ca8
 struct luks_phdr {
fe1ca8
 	uint8_t		magic[LUKS_MAGIC_L];
fe1ca8
 	uint16_t	version;
fe1ca8
@@ -59,18 +69,16 @@ struct luks2_phdr {
fe1ca8
 	/* Padding to 4k, then JSON area */
fe1ca8
 } __attribute__ ((packed));
fe1ca8
 
fe1ca8
-static int probe_luks(blkid_probe pr, const struct blkid_idmag *mag)
fe1ca8
+static int luks_attributes(blkid_probe pr, struct luks2_phdr *header, uint64_t offset)
fe1ca8
 {
fe1ca8
-	struct luks_phdr *header_v1;
fe1ca8
-	struct luks2_phdr *header;
fe1ca8
 	int version;
fe1ca8
+	struct luks_phdr *header_v1;
fe1ca8
 
fe1ca8
-	header = blkid_probe_get_sb(pr, mag, struct luks2_phdr);
fe1ca8
-	if (header == NULL)
fe1ca8
-		return errno ? -errno : 1;
fe1ca8
+	if (blkid_probe_set_magic(pr, offset, LUKS_MAGIC_L, (unsigned char *) &header->magic))
fe1ca8
+		return BLKID_PROBE_NONE;
fe1ca8
 
fe1ca8
 	version = be16_to_cpu(header->version);
fe1ca8
-	blkid_probe_sprintf_version(pr, "%u", be16_to_cpu(header->version));
fe1ca8
+	blkid_probe_sprintf_version(pr, "%u", version);
fe1ca8
 
fe1ca8
 	if (version == 1) {
fe1ca8
 		header_v1 = (struct luks_phdr *)header;
fe1ca8
@@ -84,7 +92,37 @@ static int probe_luks(blkid_probe pr, const struct blkid_idmag *mag)
fe1ca8
 		blkid_probe_set_id_label(pr, "SUBSYSTEM",
fe1ca8
 			(unsigned char *) header->subsystem, LUKS2_LABEL_L);
fe1ca8
 	}
fe1ca8
-	return 0;
fe1ca8
+
fe1ca8
+	return BLKID_PROBE_OK;
fe1ca8
+}
fe1ca8
+
fe1ca8
+static int probe_luks(blkid_probe pr, const struct blkid_idmag *mag __attribute__((__unused__)))
fe1ca8
+{
fe1ca8
+	struct luks2_phdr *header;
fe1ca8
+	size_t i;
fe1ca8
+
fe1ca8
+	header = (struct luks2_phdr *) blkid_probe_get_buffer(pr, 0, sizeof(struct luks2_phdr));
fe1ca8
+	if (!header)
fe1ca8
+		return errno ? -errno : BLKID_PROBE_NONE;
fe1ca8
+
fe1ca8
+	if (!memcmp(header->magic, LUKS_MAGIC, LUKS_MAGIC_L)) {
fe1ca8
+		/* LUKS primary header was found. */
fe1ca8
+		return luks_attributes(pr, header, 0);
fe1ca8
+	} else {
fe1ca8
+		/* No primary header, scan for known offsets of LUKS2 secondary header. */
fe1ca8
+		for (i = 0; i < ARRAY_SIZE(secondary_offsets); i++) {
fe1ca8
+			header = (struct luks2_phdr *) blkid_probe_get_buffer(pr,
fe1ca8
+				  secondary_offsets[i], sizeof(struct luks2_phdr));
fe1ca8
+
fe1ca8
+			if (!header)
fe1ca8
+				return errno ? -errno : BLKID_PROBE_NONE;
fe1ca8
+
fe1ca8
+			if (!memcmp(header->magic, LUKS_MAGIC_2, LUKS_MAGIC_L))
fe1ca8
+				return luks_attributes(pr, header, secondary_offsets[i]);
fe1ca8
+		}
fe1ca8
+	}
fe1ca8
+
fe1ca8
+	return BLKID_PROBE_NONE;
fe1ca8
 }
fe1ca8
 
fe1ca8
 const struct blkid_idinfo luks_idinfo =
fe1ca8
@@ -92,9 +130,5 @@ const struct blkid_idinfo luks_idinfo =
fe1ca8
 	.name		= "crypto_LUKS",
fe1ca8
 	.usage		= BLKID_USAGE_CRYPTO,
fe1ca8
 	.probefunc	= probe_luks,
fe1ca8
-	.magics		=
fe1ca8
-	{
fe1ca8
-		{ .magic = "LUKS\xba\xbe", .len = 6 },
fe1ca8
-		{ NULL }
fe1ca8
-	}
fe1ca8
+	.magics		= BLKID_NONE_MAGIC
fe1ca8
 };
fe1ca8
-- 
fe1ca8
2.14.4
fe1ca8