Hi,
The oldest SuSE loop_fish2 format used rmd160 as key hash algorithm
with a key length of 24 bytes. Since rmd160 produces a 20 byte hash,
the remaining 4 bytes were padded with zeros. In oder to support
that method this patch allows to specify the number of bytes to use
from the hash function. The difference between that number and the
key size gets zero filled.
With this patch and the kernel patch I sent to the dm-devel list
it's possible to access old images created with loop_fish2 via
device mapper so loop_fish2 can finally be dropped forever :-) It's
not intended to encourage use of that format for creating new images
of course.
Signed-off-by: Ludwig Nussel <ludwig.nussel@xxxxxxx>
Index: cryptsetup-luks-1.0.4/lib/backends.c
===================================================================
--- cryptsetup-luks-1.0.4/lib/backends.c.orig
+++ cryptsetup-luks-1.0.4/lib/backends.c
@@ -1,5 +1,6 @@
#include <stdio.h>
#include <string.h>
+#include <stdlib.h>
#include <errno.h>
#include "libcryptsetup.h"
@@ -52,8 +53,29 @@ int hash(const char *backend_name, const
{
struct hash_backend *backend;
struct hash_type *hashes = NULL, *hash;
+ char hash_name_buf[256], *s;
+ size_t pad = 0;
int r = -ENOENT;
+ if (strlen(hash_name) >= sizeof(hash_name_buf)) {
+ set_error("hash name too long: %s", hash_name);
+ return -ENAMETOOLONG;
+ }
+
+ if ((s = strchr(hash_name, ':'))) {
+ size_t hlen;
+ strcpy(hash_name_buf, hash_name);
+ hash_name_buf[s-hash_name] = '\0';
+ hash_name = hash_name_buf;
+ hlen = atoi(++s);
+ if (hlen > size) {
+ set_error("requested hash length (%zd) > key length (%zd)", hlen, size);
+ return -EINVAL;
+ }
+ pad = size-hlen;
+ size = hlen;
+ }
+
backend = get_hash_backend(backend_name);
if (!backend) {
set_error("No hash backend found");
@@ -80,6 +102,10 @@ int hash(const char *backend_name, const
goto out;
}
+ if (pad) {
+ memset(result+size, 0, pad);
+ }
+
out:
if (hashes)
backend->free_hashes(hashes);
Index: cryptsetup-luks-1.0.4/man/cryptsetup.8
===================================================================
--- cryptsetup-luks-1.0.4/man/cryptsetup.8.orig
+++ cryptsetup-luks-1.0.4/man/cryptsetup.8
@@ -146,6 +146,11 @@ Mathematic can't be bribed. Make sure yo
cryptsetup is written by Christophe Saout <christophe@xxxxxxxx>
.br
LUKS extensions, and man page by Clemens Fruhwirth <clemens@xxxxxxxxxxxxx>
+.SH "COMPATABILITY WITH OLD SUSE TWOFISH PARTITIONS"
+To read images created with SuSE Linux 9.2's loop_fish2 use --cipher
+twofish-cbc-null -s 256 -h sha512, for images created with even
+older SuSE Linux use --cipher twofish-cbc-null -s 192 -h
+ripemd160:20
.SH "REPORTING BUGS"
Report bugs to <dm-crypt@xxxxxxxx>.
.SH COPYRIGHT
cu
Ludwig
--
(o_ Ludwig Nussel
//\ SUSE Labs
V_/_ http://www.suse.de/
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
---------------------------------------------------------------------
dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/
To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx
For additional commands, e-mail: dm-crypt-help@xxxxxxxx
