"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "lib/luks2/luks2_luks1_convert.c" between
cryptsetup-2.0.6.tar.xz and cryptsetup-2.1.0.tar.xz

About: cryptsetup is a utility used to conveniently setup disk encryption based on the dm-crypt kernel module. These include plain dm-crypt volumes, LUKS volumes, loop-AES and TrueCrypt compatible format.

luks2_luks1_convert.c  (cryptsetup-2.0.6.tar.xz):luks2_luks1_convert.c  (cryptsetup-2.1.0.tar.xz)
/* /*
* LUKS - Linux Unified Key Setup v2, LUKS1 conversion code * LUKS - Linux Unified Key Setup v2, LUKS1 conversion code
* *
* Copyright (C) 2015-2018, Red Hat, Inc. All rights reserved. * Copyright (C) 2015-2019 Red Hat, Inc. All rights reserved.
* Copyright (C) 2015-2018, Ondrej Kozina. All rights reserved. * Copyright (C) 2015-2019 Ondrej Kozina
* Copyright (C) 2015-2018, Milan Broz. All rights reserved. * Copyright (C) 2015-2019 Milan Broz
* *
* This program is free software; you can redistribute it and/or * This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License * modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2 * as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version. * of the License, or (at your option) any later version.
* *
* This program is distributed in the hope that it will be useful, * This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of * but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details. * GNU General Public License for more details.
skipping to change at line 96 skipping to change at line 96
json_object_object_add(jobj_area, "offset", json_object_new_uint64(offset )); json_object_object_add(jobj_area, "offset", json_object_new_uint64(offset ));
json_object_object_add(jobj_area, "size", json_object_new_uint64(area_siz e)); json_object_object_add(jobj_area, "size", json_object_new_uint64(area_siz e));
json_object_object_add(keyslot_obj, "area", jobj_area); json_object_object_add(keyslot_obj, "area", jobj_area);
*keyslot_object = keyslot_obj; *keyslot_object = keyslot_obj;
return 0; return 0;
} }
static int json_luks1_keyslots(const struct luks_phdr *hdr_v1, struct json_objec t **keyslots_object) static int json_luks1_keyslots(const struct luks_phdr *hdr_v1, struct json_objec t **keyslots_object)
{ {
char keyslot_str[2]; int keyslot, r;
int key_slot, r;
struct json_object *keyslot_obj, *field; struct json_object *keyslot_obj, *field;
keyslot_obj = json_object_new_object(); keyslot_obj = json_object_new_object();
if (!keyslot_obj) if (!keyslot_obj)
return -ENOMEM; return -ENOMEM;
for (key_slot = 0; key_slot < LUKS_NUMKEYS; key_slot++) { for (keyslot = 0; keyslot < LUKS_NUMKEYS; keyslot++) {
if (hdr_v1->keyblock[key_slot].active != LUKS_KEY_ENABLED) if (hdr_v1->keyblock[keyslot].active != LUKS_KEY_ENABLED)
continue; continue;
r = json_luks1_keyslot(hdr_v1, key_slot, &field); r = json_luks1_keyslot(hdr_v1, keyslot, &field);
if (r) { if (r) {
json_object_put(keyslot_obj); json_object_put(keyslot_obj);
return r; return r;
} }
(void) snprintf(keyslot_str, sizeof(keyslot_str), "%d", key_slot) json_object_object_add_by_uint(keyslot_obj, keyslot, field);
;
json_object_object_add(keyslot_obj, keyslot_str, field);
} }
*keyslots_object = keyslot_obj; *keyslots_object = keyslot_obj;
return 0; return 0;
} }
static int json_luks1_segment(const struct luks_phdr *hdr_v1, struct json_object **segment_object) static int json_luks1_segment(const struct luks_phdr *hdr_v1, struct json_object **segment_object)
{ {
const char *c; const char *c;
char cipher[LUKS_CIPHERNAME_L+LUKS_CIPHERMODE_L]; char cipher[LUKS_CIPHERNAME_L+LUKS_CIPHERMODE_L];
skipping to change at line 193 skipping to change at line 191
return -ENOMEM; return -ENOMEM;
} }
json_object_object_add(segment_obj, "sector_size", field); json_object_object_add(segment_obj, "sector_size", field);
*segment_object = segment_obj; *segment_object = segment_obj;
return 0; return 0;
} }
static int json_luks1_segments(const struct luks_phdr *hdr_v1, struct json_objec t **segments_object) static int json_luks1_segments(const struct luks_phdr *hdr_v1, struct json_objec t **segments_object)
{ {
char num[16];
int r; int r;
struct json_object *segments_obj, *field; struct json_object *segments_obj, *field;
segments_obj = json_object_new_object(); segments_obj = json_object_new_object();
if (!segments_obj) if (!segments_obj)
return -ENOMEM; return -ENOMEM;
r = json_luks1_segment(hdr_v1, &field); r = json_luks1_segment(hdr_v1, &field);
if (r) { if (r) {
json_object_put(segments_obj); json_object_put(segments_obj);
return r; return r;
} }
snprintf(num, sizeof(num), "%u", CRYPT_DEFAULT_SEGMENT); json_object_object_add_by_uint(segments_obj, CRYPT_DEFAULT_SEGMENT, field
json_object_object_add(segments_obj, num, field); );
*segments_object = segments_obj; *segments_object = segments_obj;
return 0; return 0;
} }
static int json_luks1_digest(const struct luks_phdr *hdr_v1, struct json_object **digest_object) static int json_luks1_digest(const struct luks_phdr *hdr_v1, struct json_object **digest_object)
{ {
char keyslot_str[2], *base64_str; char keyslot_str[2], *base64_str;
int ks; int ks;
size_t base64_len; size_t base64_len;
skipping to change at line 430 skipping to change at line 426
} }
/* FIXME: return specific error code for partial write error (aka keyslots are g one) */ /* FIXME: return specific error code for partial write error (aka keyslots are g one) */
static int move_keyslot_areas(struct crypt_device *cd, off_t offset_from, static int move_keyslot_areas(struct crypt_device *cd, off_t offset_from,
off_t offset_to, size_t buf_size) off_t offset_to, size_t buf_size)
{ {
struct device *device = crypt_metadata_device(cd); struct device *device = crypt_metadata_device(cd);
void *buf = NULL; void *buf = NULL;
int r = -EIO, devfd = -1; int r = -EIO, devfd = -1;
log_dbg("Moving keyslot areas of size %zu from %jd to %jd.", log_dbg(cd, "Moving keyslot areas of size %zu from %jd to %jd.",
buf_size, (intmax_t)offset_from, (intmax_t)offset_to); buf_size, (intmax_t)offset_from, (intmax_t)offset_to);
if (posix_memalign(&buf, crypt_getpagesize(), buf_size)) if (posix_memalign(&buf, crypt_getpagesize(), buf_size))
return -ENOMEM; return -ENOMEM;
devfd = device_open(device, O_RDWR); devfd = device_open(cd, device, O_RDWR);
if (devfd == -1) { if (devfd == -1) {
free(buf); free(buf);
return -EIO; return -EIO;
} }
/* This can safely fail (for block devices). It only allocates space if i t is possible. */ /* This can safely fail (for block devices). It only allocates space if i t is possible. */
if (posix_fallocate(devfd, offset_to, buf_size)) if (posix_fallocate(devfd, offset_to, buf_size))
log_dbg("Preallocation (fallocate) of new keyslot area not availa ble."); log_dbg(cd, "Preallocation (fallocate) of new keyslot area not av ailable.");
/* Try to read *new* area to check that area is there (trimmed backup). * / /* Try to read *new* area to check that area is there (trimmed backup). * /
if (read_lseek_blockwise(devfd, device_block_size(device), if (read_lseek_blockwise(devfd, device_block_size(cd, device),
device_alignment(device), buf, buf_size, device_alignment(device), buf, buf_size,
offset_to)!= (ssize_t)buf_size) offset_to)!= (ssize_t)buf_size)
goto out; goto out;
if (read_lseek_blockwise(devfd, device_block_size(device), if (read_lseek_blockwise(devfd, device_block_size(cd, device),
device_alignment(device), buf, buf_size, device_alignment(device), buf, buf_size,
offset_from)!= (ssize_t)buf_size) offset_from)!= (ssize_t)buf_size)
goto out; goto out;
if (write_lseek_blockwise(devfd, device_block_size(device), if (write_lseek_blockwise(devfd, device_block_size(cd, device),
device_alignment(device), buf, buf_size, device_alignment(device), buf, buf_size,
offset_to) != (ssize_t)buf_size) offset_to) != (ssize_t)buf_size)
goto out; goto out;
r = 0; r = 0;
out: out:
device_sync(device, devfd); device_sync(cd, device, devfd);
close(devfd); close(devfd);
crypt_memzero(buf, buf_size); crypt_memzero(buf, buf_size);
free(buf); free(buf);
return r; return r;
} }
static int luks_header_in_use(struct crypt_device *cd) static int luks_header_in_use(struct crypt_device *cd)
{ {
int r; int r;
r = lookup_dm_dev_by_uuid(crypt_get_uuid(cd), crypt_get_type(cd)); r = lookup_dm_dev_by_uuid(cd, crypt_get_uuid(cd), crypt_get_type(cd));
if (r < 0) if (r < 0)
log_err(cd, _("Can not check status of device with uuid: %s."), c rypt_get_uuid(cd)); log_err(cd, _("Can not check status of device with uuid: %s."), c rypt_get_uuid(cd));
return r; return r;
} }
/* Check if there is a luksmeta area (foreign metadata created by the luksmeta p ackage) */ /* Check if there is a luksmeta area (foreign metadata created by the luksmeta p ackage) */
static int luksmeta_header_present(struct crypt_device *cd, off_t luks1_size) static int luksmeta_header_present(struct crypt_device *cd, off_t luks1_size)
{ {
static const uint8_t LM_MAGIC[] = { 'L', 'U', 'K', 'S', 'M', 'E', 'T', 'A ' }; static const uint8_t LM_MAGIC[] = { 'L', 'U', 'K', 'S', 'M', 'E', 'T', 'A ' };
struct device *device = crypt_metadata_device(cd); struct device *device = crypt_metadata_device(cd);
void *buf = NULL; void *buf = NULL;
int devfd, r = 0; int devfd, r = 0;
if (posix_memalign(&buf, crypt_getpagesize(), sizeof(LM_MAGIC))) if (posix_memalign(&buf, crypt_getpagesize(), sizeof(LM_MAGIC)))
return -ENOMEM; return -ENOMEM;
devfd = device_open(device, O_RDONLY); devfd = device_open(cd, device, O_RDONLY);
if (devfd == -1) { if (devfd == -1) {
free(buf); free(buf);
return -EIO; return -EIO;
} }
/* Note: we must not detect failure as problem here, header can be trimme d. */ /* Note: we must not detect failure as problem here, header can be trimme d. */
if (read_lseek_blockwise(devfd, device_block_size(device), device_alignme nt(device), if (read_lseek_blockwise(devfd, device_block_size(cd, device), device_ali gnment(device),
buf, sizeof(LM_MAGIC), luks1_size) == (ssize_t)sizeof(LM_MAGIC) & & buf, sizeof(LM_MAGIC), luks1_size) == (ssize_t)sizeof(LM_MAGIC) & &
!memcmp(LM_MAGIC, buf, sizeof(LM_MAGIC))) { !memcmp(LM_MAGIC, buf, sizeof(LM_MAGIC))) {
log_err(cd, _("Unable to convert header with LUKSMETA add itional metadata.")); log_err(cd, _("Unable to convert header with LUKSMETA add itional metadata."));
r = -EBUSY; r = -EBUSY;
} }
close(devfd); close(devfd);
free(buf); free(buf);
return r; return r;
} }
skipping to change at line 531 skipping to change at line 527
/* for detached headers max size == device size */ /* for detached headers max size == device size */
if (!max_size && (r = device_size(crypt_metadata_device(cd), &max_size))) if (!max_size && (r = device_size(crypt_metadata_device(cd), &max_size)))
return r; return r;
luks1_size = LUKS_device_sectors(hdr1) << SECTOR_SHIFT; luks1_size = LUKS_device_sectors(hdr1) << SECTOR_SHIFT;
luks1_size = size_round_up(luks1_size, LUKS_ALIGN_KEYSLOTS); luks1_size = size_round_up(luks1_size, LUKS_ALIGN_KEYSLOTS);
if (!luks1_size) if (!luks1_size)
return -EINVAL; return -EINVAL;
if (LUKS_keyslots_offset(hdr1) != (LUKS_ALIGN_KEYSLOTS / SECTOR_SIZE)) { if (LUKS_keyslots_offset(hdr1) != (LUKS_ALIGN_KEYSLOTS / SECTOR_SIZE)) {
log_dbg("Unsupported keyslots material offset: %zu.", LUKS_keyslo ts_offset(hdr1)); log_dbg(cd, "Unsupported keyslots material offset: %zu.", LUKS_ke yslots_offset(hdr1));
return -EINVAL; return -EINVAL;
} }
if (luksmeta_header_present(cd, luks1_size)) if (luksmeta_header_present(cd, luks1_size))
return -EINVAL; return -EINVAL;
log_dbg("Max size: %" PRIu64 ", LUKS1 (full) header size %zu , required s hift: %zu", log_dbg(cd, "Max size: %" PRIu64 ", LUKS1 (full) header size %zu , requir ed shift: %zu",
max_size, luks1_size, luks1_shift); max_size, luks1_size, luks1_shift);
if ((max_size - luks1_size) < luks1_shift) { if ((max_size - luks1_size) < luks1_shift) {
log_err(cd, _("Unable to move keyslot area. Not enough space.")); log_err(cd, _("Unable to move keyslot area. Not enough space."));
return -EINVAL; return -EINVAL;
} }
r = json_luks1_object(hdr1, &jobj, max_size - 2 * LUKS2_HDR_16K_LEN); r = json_luks1_object(hdr1, &jobj, max_size - 2 * LUKS2_HDR_16K_LEN);
if (r < 0) if (r < 0)
return r; return r;
skipping to change at line 588 skipping to change at line 584
buf_offset = 2 * LUKS2_HDR_16K_LEN; buf_offset = 2 * LUKS2_HDR_16K_LEN;
buf_size = luks1_size - LUKS_ALIGN_KEYSLOTS; buf_size = luks1_size - LUKS_ALIGN_KEYSLOTS;
if ((r = move_keyslot_areas(cd, 8 * SECTOR_SIZE, buf_offset, buf_size)) < 0) { if ((r = move_keyslot_areas(cd, 8 * SECTOR_SIZE, buf_offset, buf_size)) < 0) {
log_err(cd, _("Unable to move keyslot area.")); log_err(cd, _("Unable to move keyslot area."));
goto out; goto out;
} }
// Write JSON hdr2 // Write JSON hdr2
r = LUKS2_hdr_write(cd, hdr2); r = LUKS2_hdr_write(cd, hdr2);
out: out:
LUKS2_hdr_free(hdr2); LUKS2_hdr_free(cd, hdr2);
return r; return r;
} }
static int keyslot_LUKS1_compatible(struct luks2_hdr *hdr, int keyslot, uint32_t static int keyslot_LUKS1_compatible(struct crypt_device *cd, struct luks2_hdr *h
key_size) dr,
int keyslot, uint32_t key_size, const char *h
ash)
{ {
json_object *jobj_keyslot, *jobj, *jobj_kdf, *jobj_af; json_object *jobj_keyslot, *jobj, *jobj_kdf, *jobj_af;
uint64_t l2_offset, l2_length; uint64_t l2_offset, l2_length;
int ks_key_size; size_t ks_key_size;
const char *ks_cipher, *data_cipher;
jobj_keyslot = LUKS2_get_keyslot_jobj(hdr, keyslot); jobj_keyslot = LUKS2_get_keyslot_jobj(hdr, keyslot);
if (!jobj_keyslot) if (!jobj_keyslot)
return 1; return 1;
if (!json_object_object_get_ex(jobj_keyslot, "type", &jobj) || if (!json_object_object_get_ex(jobj_keyslot, "type", &jobj) ||
strcmp(json_object_get_string(jobj), "luks2")) strcmp(json_object_get_string(jobj), "luks2"))
return 0; return 0;
/* Using PBKDF2, this implies memory and parallel is not used. */ /* Using PBKDF2, this implies memory and parallel is not used. */
jobj = NULL; jobj = NULL;
if (!json_object_object_get_ex(jobj_keyslot, "kdf", &jobj_kdf) || if (!json_object_object_get_ex(jobj_keyslot, "kdf", &jobj_kdf) ||
!json_object_object_get_ex(jobj_kdf, "type", &jobj) || !json_object_object_get_ex(jobj_kdf, "type", &jobj) ||
strcmp(json_object_get_string(jobj), CRYPT_KDF_PBKDF2)) strcmp(json_object_get_string(jobj), CRYPT_KDF_PBKDF2) ||
!json_object_object_get_ex(jobj_kdf, "hash", &jobj) ||
strcmp(json_object_get_string(jobj), hash))
return 0; return 0;
jobj = NULL; jobj = NULL;
if (!json_object_object_get_ex(jobj_keyslot, "af", &jobj_af) || if (!json_object_object_get_ex(jobj_keyslot, "af", &jobj_af) ||
!json_object_object_get_ex(jobj_af, "stripes", &jobj) || !json_object_object_get_ex(jobj_af, "stripes", &jobj) ||
json_object_get_int(jobj) != LUKS_STRIPES) json_object_get_int(jobj) != LUKS_STRIPES)
return 0; return 0;
jobj = NULL; jobj = NULL;
if (!json_object_object_get_ex(jobj_af, "hash", &jobj) || if (!json_object_object_get_ex(jobj_af, "hash", &jobj) ||
crypt_hash_size(json_object_get_string(jobj)) < 0) (crypt_hash_size(json_object_get_string(jobj)) < 0) ||
strcmp(json_object_get_string(jobj), hash))
return 0; return 0;
/* FIXME: should this go to validation code instead (aka invalid luks2 he ader if assigned to segment 0)? */ /* FIXME: should this go to validation code instead (aka invalid luks2 he ader if assigned to segment 0)? */
/* FIXME: check all keyslots are assigned to segment id 0, and segments c ount == 1 */ /* FIXME: check all keyslots are assigned to segment id 0, and segments c ount == 1 */
ks_key_size = LUKS2_get_keyslot_key_size(hdr, keyslot); ks_cipher = LUKS2_get_keyslot_cipher(hdr, keyslot, &ks_key_size);
if (ks_key_size < 0 || (int)key_size != LUKS2_get_keyslot_key_size(hdr, k data_cipher = LUKS2_get_cipher(hdr, CRYPT_DEFAULT_SEGMENT);
eyslot)) { if (!ks_cipher || !data_cipher || key_size != ks_key_size || strcmp(ks_ci
log_dbg("Key length in keyslot %d is different from volume key le pher, data_cipher)) {
ngth", keyslot); log_dbg(cd, "Cipher in keyslot %d is different from volume key en
cryption.", keyslot);
return 0; return 0;
} }
if (LUKS2_keyslot_area(hdr, keyslot, &l2_offset, &l2_length)) if (LUKS2_keyslot_area(hdr, keyslot, &l2_offset, &l2_length))
return 0; return 0;
if (l2_length != (size_round_up(AF_split_sectors(key_size, LUKS_STRIPES) * SECTOR_SIZE, 4096))) { if (l2_length != (size_round_up(AF_split_sectors(key_size, LUKS_STRIPES) * SECTOR_SIZE, 4096))) {
log_dbg("Area length in LUKS2 keyslot (%d) is not compatible with LUKS1", keyslot); log_dbg(cd, "Area length in LUKS2 keyslot (%d) is not compatible with LUKS1", keyslot);
return 0; return 0;
} }
return 1; return 1;
} }
/* Convert LUKS2 -> LUKS1 */ /* Convert LUKS2 -> LUKS1 */
int LUKS2_luks2_to_luks1(struct crypt_device *cd, struct luks2_hdr *hdr2, struct luks_phdr *hdr1) int LUKS2_luks2_to_luks1(struct crypt_device *cd, struct luks2_hdr *hdr2, struct luks_phdr *hdr1)
{ {
size_t buf_size, buf_offset; size_t buf_size, buf_offset;
char cipher[LUKS_CIPHERNAME_L-1], cipher_mode[LUKS_CIPHERMODE_L-1]; char cipher[LUKS_CIPHERNAME_L-1], cipher_mode[LUKS_CIPHERMODE_L-1];
char digest[LUKS_DIGESTSIZE], digest_salt[LUKS_SALTSIZE]; char digest[LUKS_DIGESTSIZE], digest_salt[LUKS_SALTSIZE];
const char *hash;
size_t len; size_t len;
json_object *jobj_keyslot, *jobj_digest, *jobj_segment, *jobj_kdf, *jobj_ area, *jobj1, *jobj2; json_object *jobj_keyslot, *jobj_digest, *jobj_segment, *jobj_kdf, *jobj_ area, *jobj1, *jobj2;
uint32_t key_size; uint32_t key_size;
int i, r, last_active = 0; int i, r, last_active = 0;
uint64_t offset, area_length; uint64_t offset, area_length;
char buf[256], luksMagic[] = LUKS_MAGIC; char buf[256], luksMagic[] = LUKS_MAGIC;
jobj_digest = LUKS2_get_digest_jobj(hdr2, 0); jobj_digest = LUKS2_get_digest_jobj(hdr2, 0);
if (!jobj_digest) if (!jobj_digest)
return -EINVAL; return -EINVAL;
skipping to change at line 672 skipping to change at line 675
if (!jobj_segment) if (!jobj_segment)
return -EINVAL; return -EINVAL;
json_object_object_get_ex(hdr2->jobj, "digests", &jobj1); json_object_object_get_ex(hdr2->jobj, "digests", &jobj1);
if (!json_object_object_get_ex(jobj_digest, "type", &jobj2) || if (!json_object_object_get_ex(jobj_digest, "type", &jobj2) ||
strcmp(json_object_get_string(jobj2), "pbkdf2") || strcmp(json_object_get_string(jobj2), "pbkdf2") ||
json_object_object_length(jobj1) != 1) { json_object_object_length(jobj1) != 1) {
log_err(cd, _("Cannot convert to LUKS1 format - key slot digests are not LUKS1 compatible.")); log_err(cd, _("Cannot convert to LUKS1 format - key slot digests are not LUKS1 compatible."));
return -EINVAL; return -EINVAL;
} }
if (!json_object_object_get_ex(jobj_digest, "hash", &jobj2))
return -EINVAL;
hash = json_object_get_string(jobj2);
r = crypt_parse_name_and_mode(LUKS2_get_cipher(hdr2, CRYPT_DEFAULT_SEGMEN T), cipher, NULL, cipher_mode); r = crypt_parse_name_and_mode(LUKS2_get_cipher(hdr2, CRYPT_DEFAULT_SEGMEN T), cipher, NULL, cipher_mode);
if (r < 0) if (r < 0)
return r; return r;
if (crypt_cipher_wrapped_key(cipher, cipher_mode)) { if (crypt_cipher_wrapped_key(cipher, cipher_mode)) {
log_err(cd, _("Cannot convert to LUKS1 format - device uses wrapp ed key cipher %s."), cipher); log_err(cd, _("Cannot convert to LUKS1 format - device uses wrapp ed key cipher %s."), cipher);
return -EINVAL; return -EINVAL;
} }
skipping to change at line 709 skipping to change at line 715
if (LUKS2_keyslot_info(hdr2, i) == CRYPT_SLOT_INVALID) { if (LUKS2_keyslot_info(hdr2, i) == CRYPT_SLOT_INVALID) {
log_err(cd, _("Cannot convert to LUKS1 format - keyslot % u is in invalid state."), i); log_err(cd, _("Cannot convert to LUKS1 format - keyslot % u is in invalid state."), i);
return -EINVAL; return -EINVAL;
} }
if (i >= LUKS_NUMKEYS) { if (i >= LUKS_NUMKEYS) {
log_err(cd, _("Cannot convert to LUKS1 format - slot %u ( over maximum slots) is still active."), i); log_err(cd, _("Cannot convert to LUKS1 format - slot %u ( over maximum slots) is still active."), i);
return -EINVAL; return -EINVAL;
} }
if (!keyslot_LUKS1_compatible(hdr2, i, key_size)) { if (!keyslot_LUKS1_compatible(cd, hdr2, i, key_size, hash)) {
log_err(cd, _("Cannot convert to LUKS1 format - keyslot % u is not LUKS1 compatible."), i); log_err(cd, _("Cannot convert to LUKS1 format - keyslot % u is not LUKS1 compatible."), i);
return -EINVAL; return -EINVAL;
} }
} }
memset(hdr1, 0, sizeof(*hdr1)); memset(hdr1, 0, sizeof(*hdr1));
for (i = 0; i < LUKS_NUMKEYS; i++) { for (i = 0; i < LUKS_NUMKEYS; i++) {
hdr1->keyblock[i].active = LUKS_KEY_DISABLED; hdr1->keyblock[i].active = LUKS_KEY_DISABLED;
hdr1->keyblock[i].stripes = LUKS_STRIPES; hdr1->keyblock[i].stripes = LUKS_STRIPES;
 End of changes. 29 change blocks. 
39 lines changed or deleted 46 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)