https://bugs.debian.org/751707
https://launchpad.net/bugs/953875
---
- src/cryptsetup/cryptsetup.c | 21 +++++++++++++++++++--
- 1 file changed, 19 insertions(+), 2 deletions(-)
+ man/crypttab.xml | 24 ++++++++++++++++++++++++
+ src/cryptsetup/cryptsetup.c | 31 ++++++++++++++++++++++++++++---
+ 2 files changed, 52 insertions(+), 3 deletions(-)
+diff --git a/man/crypttab.xml b/man/crypttab.xml
+index 3e249ad..d4ff760 100644
+--- a/man/crypttab.xml
++++ b/man/crypttab.xml
+@@ -146,6 +146,30 @@
+ </varlistentry>
+
+ <varlistentry>
++ <term><option>offset=</option></term>
++
++ <listitem><para>Start offset in the backend device, in 512-byte sectors.
++ This option is only relevant for plain devices.
++ </para></listitem>
++ </varlistentry>
++
++ <varlistentry>
++ <term><option>skip=</option></term>
++
++ <listitem><para>How many 512-byte sectors of the encrypted data to skip
++ at the beginning. This is different from the <option>--offset</option>
++ option with respect to the sector numbers used in initialization vector
++ (IV) calculation. Using <option>--offset</option> will shift the IV
++ calculation by the same negative amount. Hence, if <option>--offset n</option>,
++ sector n will get a sector number of 0 for the IV calculation.
++ Using <option>--skip</option> causes sector n to also be the first
++ sector of the mapped device, but with its number for IV generation is n.</para>
++
++ <para>This option is only relevant for plain devices.</para>
++ </listitem>
++ </varlistentry>
++
++ <varlistentry>
+ <term><option>keyfile-offset=</option></term>
+
+ <listitem><para>Specifies the number of bytes to skip at the
diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c
-index 3f613d9..8b56a10 100644
+index 3f613d9..ab67674 100644
--- a/src/cryptsetup/cryptsetup.c
+++ b/src/cryptsetup/cryptsetup.c
@@ -51,12 +51,12 @@ static bool arg_discards = false;
} else if (!streq(option, "none"))
log_error("Encountered unknown /etc/crypttab option '%s', ignoring.", option);
-@@ -428,6 +442,9 @@ static int attach_luks_or_plain(struct crypt_device *cd,
- * package is to not hash when a key file is provided */
- params.hash = "ripemd160";
+@@ -210,6 +224,14 @@ static int parse_options(const char *options) {
+ return r;
+ }
-+ params.offset = arg_offset;
-+ params.skip = arg_skip;
++ /* sanity-check options */
++ if (arg_type != NULL && !streq(arg_type, CRYPT_PLAIN)) {
++ if (arg_offset)
++ log_warning("offset= ignored with type %s", arg_type);
++ if (arg_skip)
++ log_warning("skip= ignored with type %s", arg_type);
++ }
+
- if (arg_cipher) {
- size_t l;
+ return 0;
+ }
+
+@@ -415,7 +437,10 @@ static int attach_luks_or_plain(struct crypt_device *cd,
+ }
+
+ if ((!arg_type && r < 0) || streq_ptr(arg_type, CRYPT_PLAIN)) {
+- struct crypt_params_plain params = {};
++ struct crypt_params_plain params = {
++ .offset = arg_offset,
++ .skip = arg_skip,
++ };
+ const char *cipher, *cipher_mode;
+ _cleanup_free_ char *truncated_cipher = NULL;
projects / systemd.git / commitdiff