guix-patches
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug#38920] [PATCH] file-systems: Handle v2 LUKS header

From: David Trudgian
Subject: [bug#38920] [PATCH] file-systems: Handle v2 LUKS header
Date: Sat, 4 Jan 2020 09:19:17 -0600 
Let luks-superblock? read a LUKS2 header. The binary header prior to
the JSON LUKS2 data is backward compatible with LUKS1, so the UUID
can be read from the same location, and we just need to accept
version=2.
---
 gnu/build/file-systems.scm | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/gnu/build/file-systems.scm b/gnu/build/file-systems.scm
index 9299cc2e4c..df06905c4e 100644
--- a/gnu/build/file-systems.scm
+++ b/gnu/build/file-systems.scm
@@ -4,6 +4,7 @@
 ;;; Copyright © 2017 Mathieu Othacehe <address@hidden>
 ;;; Copyright © 2019 Guillaume Le Vaillant <address@hidden>
 ;;; Copyright © 2019 Tobias Geerinckx-Rice <address@hidden>
+;;; Copyright © 2019 David C. Trudgian <address@hidden>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -343,6 +344,10 @@ if DEVICE does not contain a JFS file system."
 ;; <https://gitlab.com/cryptsetup/cryptsetup/wikis/Specification>.  We follow
 ;; version 1.2.1 of this document.
 
+;; The LUKS2 header format is described in "LUKS2 On-Disk Format 
Specification":
+;; <https://gitlab.com/cryptsetup/LUKS2-docs/blob/master/luks2_doc_wip.pdf>.
+;; This is a WIP document.
+
 (define-syntax %luks-endianness
   ;; Endianness of LUKS headers.
   (identifier-syntax (endianness big)))
@@ -356,12 +361,16 @@ if DEVICE does not contain a JFS file system."
   (let ((magic   (sub-bytevector sblock 0 6))
         (version (bytevector-u16-ref sblock 6 %luks-endianness)))
     (and (bytevector=? magic %luks-magic)
-         (= version 1))))
+         (or (= version 1) (= version 2)))))
 
 (define (read-luks-header file)
   "Read a LUKS header from FILE.  Return the raw header on success, and #f if
 not valid header was found."
-  ;; Size in bytes of the LUKS header, including key slots.
+  ;; Size in bytes of the LUKS binary header, which includes key slots in
+  ;; LUKS1.  In LUKS2 the binary header is partially backward compatible, so
+  ;; that UUID can be extracted as for LUKS1. Keyslots and other metadata are
+  ;; not part of this header in LUKS2, but are included in the JSON metadata
+  ;; area that follows.
   (read-superblock file 0 592 luks-superblock?))
 
 (define (luks-header-uuid header)
-- 
2.24.1
reply via email to
[Prev in Thread] Current Thread [Next in Thread]