import libblockdev-2.24-6.el8
This commit is contained in:
parent
4136df5113
commit
a456071d4d
|
@ -0,0 +1,97 @@
|
|||
From 5d29bc014a33d9bdc1c5fb4b8add2f38850f46a8 Mon Sep 17 00:00:00 2001
|
||||
From: Vojtech Trefny <vtrefny@redhat.com>
|
||||
Date: Wed, 24 Feb 2021 14:44:03 +0100
|
||||
Subject: [PATCH] crypto: Fix default key size for non XTS ciphers
|
||||
|
||||
512 bits should be default only for AES-XTS which needs two keys,
|
||||
default for other modes must be 256 bits.
|
||||
|
||||
resolves: rhbz#1931847
|
||||
---
|
||||
src/plugins/crypto.c | 11 +++++++++--
|
||||
src/plugins/crypto.h | 2 +-
|
||||
tests/crypto_test.py | 36 ++++++++++++++++++++++++++++++++++++
|
||||
3 files changed, 46 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/src/plugins/crypto.c b/src/plugins/crypto.c
|
||||
index f4a2e8f0..1e7043fa 100644
|
||||
--- a/src/plugins/crypto.c
|
||||
+++ b/src/plugins/crypto.c
|
||||
@@ -774,8 +774,15 @@ static gboolean luks_format (const gchar *device, const gchar *cipher, guint64 k
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
- /* resolve requested/default key_size (should be in bytes) */
|
||||
- key_size = (key_size != 0) ? (key_size / 8) : (DEFAULT_LUKS_KEYSIZE_BITS / 8);
|
||||
+ if (key_size == 0) {
|
||||
+ if (g_str_has_prefix (cipher_specs[1], "xts-"))
|
||||
+ key_size = DEFAULT_LUKS_KEYSIZE_BITS * 2;
|
||||
+ else
|
||||
+ key_size = DEFAULT_LUKS_KEYSIZE_BITS;
|
||||
+ }
|
||||
+
|
||||
+ /* key_size should be in bytes */
|
||||
+ key_size = key_size / 8;
|
||||
|
||||
/* wait for enough random data entropy (if requested) */
|
||||
if (min_entropy > 0) {
|
||||
diff --git a/src/plugins/crypto.h b/src/plugins/crypto.h
|
||||
index 71a1438d..a38724d9 100644
|
||||
--- a/src/plugins/crypto.h
|
||||
+++ b/src/plugins/crypto.h
|
||||
@@ -36,7 +36,7 @@ typedef enum {
|
||||
/* 20 chars * 6 bits per char (64-item charset) = 120 "bits of security" */
|
||||
#define BD_CRYPTO_BACKUP_PASSPHRASE_LENGTH 20
|
||||
|
||||
-#define DEFAULT_LUKS_KEYSIZE_BITS 512
|
||||
+#define DEFAULT_LUKS_KEYSIZE_BITS 256
|
||||
#define DEFAULT_LUKS_CIPHER "aes-xts-plain64"
|
||||
#define DEFAULT_LUKS2_SECTOR_SIZE 512
|
||||
|
||||
diff --git a/tests/crypto_test.py b/tests/crypto_test.py
|
||||
index 0609a070..0aecc032 100644
|
||||
--- a/tests/crypto_test.py
|
||||
+++ b/tests/crypto_test.py
|
||||
@@ -236,6 +236,42 @@ def test_luks2_format(self):
|
||||
self.fail("Failed to get pbkdf information from:\n%s %s" % (out, err))
|
||||
self.assertEqual(int(m.group(1)), 5)
|
||||
|
||||
+ def _get_luks1_key_size(self, device):
|
||||
+ _ret, out, err = run_command("cryptsetup luksDump %s" % device)
|
||||
+ m = re.search(r"MK bits:\s*(\S+)\s*", out)
|
||||
+ if not m or len(m.groups()) != 1:
|
||||
+ self.fail("Failed to get key size information from:\n%s %s" % (out, err))
|
||||
+ key_size = m.group(1)
|
||||
+ if not key_size.isnumeric():
|
||||
+ self.fail("Failed to get key size information from: %s" % key_size)
|
||||
+ return int(key_size)
|
||||
+
|
||||
+ @tag_test(TestTags.SLOW, TestTags.CORE)
|
||||
+ def test_luks_format_key_size(self):
|
||||
+ """Verify that formating device as LUKS works"""
|
||||
+
|
||||
+ # aes-xts: key size should default to 512
|
||||
+ succ = BlockDev.crypto_luks_format(self.loop_dev, "aes-xts-plain64", 0, PASSWD, None, 0)
|
||||
+ self.assertTrue(succ)
|
||||
+
|
||||
+ key_size = self._get_luks1_key_size(self.loop_dev)
|
||||
+ self.assertEqual(key_size, 512)
|
||||
+
|
||||
+ # aes-cbc: key size should default to 256
|
||||
+ succ = BlockDev.crypto_luks_format(self.loop_dev, "aes-cbc-essiv:sha256", 0, PASSWD, None, 0)
|
||||
+ self.assertTrue(succ)
|
||||
+
|
||||
+ key_size = self._get_luks1_key_size(self.loop_dev)
|
||||
+ self.assertEqual(key_size, 256)
|
||||
+
|
||||
+ # try specifying key size for aes-xts
|
||||
+ succ = BlockDev.crypto_luks_format(self.loop_dev, "aes-xts-plain64", 256, PASSWD, None, 0)
|
||||
+ self.assertTrue(succ)
|
||||
+
|
||||
+ key_size = self._get_luks1_key_size(self.loop_dev)
|
||||
+ self.assertEqual(key_size, 256)
|
||||
+
|
||||
+
|
||||
class CryptoTestResize(CryptoTestCase):
|
||||
|
||||
def _get_key_location(self, device):
|
|
@ -125,7 +125,7 @@
|
|||
|
||||
Name: libblockdev
|
||||
Version: 2.24
|
||||
Release: 5%{?dist}
|
||||
Release: 6%{?dist}
|
||||
Summary: A library for low-level manipulation with block devices
|
||||
License: LGPLv2+
|
||||
URL: https://github.com/storaged-project/libblockdev
|
||||
|
@ -133,6 +133,7 @@ Source0: https://github.com/storaged-project/libblockdev/releases/download/%
|
|||
Patch0: 0001-exec-Fix-setting-locale-for-util-calls.patch
|
||||
Patch1: 0002-exec-polling-fixes.patch
|
||||
Patch2: 0003-LVM-thin-metadata-calculation-fix.patch
|
||||
Patch3: 0004-Fix-default-key-size-for-non-XTS-ciphers.patch
|
||||
|
||||
BuildRequires: glib2-devel
|
||||
%if %{with_gi}
|
||||
|
@ -691,6 +692,7 @@ A meta-package that pulls all the libblockdev plugins as dependencies.
|
|||
%patch0 -p1
|
||||
%patch1 -p1
|
||||
%patch2 -p1
|
||||
%patch3 -p1
|
||||
|
||||
%build
|
||||
autoreconf -ivf
|
||||
|
@ -994,6 +996,10 @@ find %{buildroot} -type f -name "*.la" | xargs %{__rm}
|
|||
%files plugins-all
|
||||
|
||||
%changelog
|
||||
* Fri May 14 2021 Vojtech Trefny <vtrefny@redhat.com> - 2.24-6
|
||||
- Fix default key size for non XTS ciphers
|
||||
Resolves: rhbz#1931847
|
||||
|
||||
* Mon Jan 11 2021 Vojtech Trefny <vtrefny@redhat.com> - 2.24-5
|
||||
- Fix LVM thin metadata calculation fix
|
||||
Resolves: rhbz#1901714
|
||||
|
|
Loading…
Reference in New Issue