search

eternaltyro / cryptsetup

Since Google code is shuttering...
http://code.google.com/p/cryptsetup
GNU General Public License v2.0
0 stars 0 forks source link

Missing data and hash device overlap detection in veritysetup #182

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1.make a dev of 1GB u-disk Partition
2.root@wuj:/home/wuj/share/cryptsetup-1.6.2/src# ./veritysetup 
--hash-offset=2097152 format /dev/sdb2 /dev/sdb2 
VERITY header information for /dev/sdb2
UUID:               712f1b83-73da-4bcb-8f25-098412ef7d79
Hash type:          1
Data blocks:        262144
Data block size:    4096
Hash block size:    4096
Hash algorithm:     sha256
Salt:            
    b04d34e1f038b83b284013e1adbd4573113b145005031a9a1a5bd92cfd910986
Root hash:      
    8ddcb0cdc3f995c254d48f2060d242b6e6d0521bf1c6c43d19370be59b8e15e3
3.root@wuj:/home/wuj/share/cryptsetup-1.6.2/src# ./veritysetup 
--hash-offset=2097152 create usb_2 /dev/sdb2 /dev/sdb2 
8ddcb0cdc3f995c254d48f2060d242b6e6d0521bf1c6c43d19370be59b8e15e3
Verity device detected corruption after activation.

What is the expected output? What do you see instead?
Verity device detected corruption after activation.

What version of the product are you using? On what operating system?
1.6.2 ubuntu12.04

Please provide any additional information below.
When --hash-offset=10485760,the operations can be succeed,why? The 
"--hash-offset" must be large enough?

Original issue reported on code.google.com by askxia...@gmail.com on 26 Nov 2013 at 7:49

GoogleCodeExporter commented 9 years ago 
Append:
If hash-offset=2*1024*1024+4096, the operations can be succeed.
But hash-offset=2*1024*1024, it is failed.
Why?

Original comment by askxia...@gmail.com on 26 Nov 2013 at 8:38

GoogleCodeExporter commented 9 years ago 
I think data areas overlap with hash area (you forgot to use --data-blocks if 
you are using the same block device for data and hash?).

The second command will corrupt data as well, just try verify command (it will 
fail, just later).

Anyway, code should be more clever and detect this conflict, will try to add 
some warnings.

Original comment by gmazyl...@gmail.com on 26 Nov 2013 at 12:23

GoogleCodeExporter commented 9 years ago

Original comment by gmazyl...@gmail.com on 26 Nov 2013 at 12:24