Increase metadata read size from 8K to 16K

[marcan]

Some volumes have too much metadata for 8K, which then fail in strange ways (e.g. FVEK not found)

[joachimmetz]

@marcan thx for the proposed changes. Could you also send me a debug output log of one of those volumes so I can have look at potential format changes as well. https://github.com/libyal/libbde/wiki/Troubleshooting#verbose-and-debug-output

[marcan]

Sorry, I can't really share this volume :( I don't think there are any significant format changes, though. There's just a bit Validation section taking up most of the 8K, and the FVEK ends up just over the threshold.

This is a TPM encrypted volume, and I managed to get the key out of the TPM and hack it into libbde; I intend to clean up the code so the key can be specified externally (what comes out of the TPM is just a raw VMK).

[joachimmetz]

I'm not asking for the volume just the format debug output which contains information about the metadata. Please double check the format debug output if you want to sanitize details like volume name and date.

[marcan]

What details are you looking for? I'm not sure about the hex dumps, but if you just want the decoded structure info (with some manual sanitization) I think I can do that.

[joachimmetz]

What I would like to know is if the "FVE metadata header" contains 16k as well.

Also see: https://github.com/libyal/libbde/blob/master/documentation/BitLocker%20Drive%20Encryption%20(BDE)%20format.asciidoc#52-fve-metadata-header-version-1

If you can share that part of the debug output that would be helpful.

[marcan]

Yeah, it says > 8192. I guess the more correct way to handle this would be to read 8K, then read additional blocks if necessary to cover the metadata size in the header.

libbde_metadata_read_header: FVE metadata header:
<snip>

libbde_metadata_read_header: metadata size                              : 8304
libbde_metadata_read_header: version                                    : 1
libbde_metadata_read_header: metadata header size                       : 48
libbde_metadata_read_header: metadata size copy                         : 8304
libbde_metadata_read_header: volume identifier                          : <snip>
libbde_metadata_read_header: next nonce counter                         : 0x0000000a
libbde_metadata_read_header: encryption method                          : 0x00008003 (AES-CBC 256-bit encryption)
libbde_metadata_read_header: encryption method copy                     : 0x00008003 (AES-CBC 256-bit encryption)
libbde_metadata_read_header: creation time                              : <snip>

[joachimmetz]

Thanks for the input, I've created https://github.com/libyal/libbde/issues/34 as a reminder to make the changes.

[codecov[bot]]

Codecov Report

Merging #33 into master will not change coverage. The diff coverage is 0%.

@@           Coverage Diff           @@
##           master      #33   +/-   ##
=======================================
  Coverage   11.34%   11.34%           
=======================================
  Files          19       19           
  Lines        3809     3809           
=======================================
  Hits          432      432           
  Misses       3377     3377

Impacted Files	Coverage Δ
libbde/libbde_metadata.c	10.21% <0%> (ø)	:arrow_up:

---

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update ed6543d...022b67a. Read the comment docs.

[joachimmetz]

Made changes to use metadata size instead https://github.com/libyal/libbde/commit/8476b750b8f16b991958a62cb6b0c2b270453bd2