|
Packit Service |
a9384c |
#!/bin/bash
|
|
Packit Service |
a9384c |
|
|
Packit Service |
a9384c |
. lib.sh
|
|
Packit Service |
a9384c |
|
|
Packit Service |
a9384c |
#
|
|
Packit Service |
a9384c |
# *** Description ***
|
|
Packit Service |
a9384c |
#
|
|
Packit Service |
a9384c |
# generate primary header with luks2 keyslot kdf object
|
|
Packit Service |
a9384c |
# having left over params.
|
|
Packit Service |
a9384c |
#
|
|
Packit Service |
a9384c |
# secondary header is corrupted on purpose as well
|
|
Packit Service |
a9384c |
#
|
|
Packit Service |
a9384c |
|
|
Packit Service |
a9384c |
# $1 full target dir
|
|
Packit Service |
a9384c |
# $2 full source luks2 image
|
|
Packit Service |
a9384c |
|
|
Packit Service |
a9384c |
function prepare()
|
|
Packit Service |
a9384c |
{
|
|
Packit Service |
a9384c |
cp $SRC_IMG $TGT_IMG
|
|
Packit Service |
a9384c |
test -d $TMPDIR || mkdir $TMPDIR
|
|
Packit Service |
a9384c |
read_luks2_json0 $TGT_IMG $TMPDIR/json0
|
|
Packit Service |
a9384c |
read_luks2_bin_hdr0 $TGT_IMG $TMPDIR/hdr0
|
|
Packit Service |
a9384c |
read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr1
|
|
Packit Service |
a9384c |
}
|
|
Packit Service |
a9384c |
|
|
Packit Service |
a9384c |
function generate()
|
|
Packit Service |
a9384c |
{
|
|
Packit Service |
a9384c |
# add keyslot 1 to second digest
|
|
Packit Service |
a9384c |
obj_len=$(jq -c -M '.keyslots."2".kdf | length' $TMPDIR/json0)
|
|
Packit Service |
a9384c |
json_str=$(jq -r -c -M '.keyslots."2".kdf.type = "argon2id" | .keyslots."2".kdf.iterations = 1001 | .keyslots."2".kdf.hash = "sha256"' $TMPDIR/json0)
|
|
Packit Service |
a9384c |
test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2
|
|
Packit Service |
a9384c |
|
|
Packit Service |
a9384c |
write_luks2_json "$json_str" $TMPDIR/json0
|
|
Packit Service |
a9384c |
|
|
Packit Service |
a9384c |
merge_bin_hdr_with_json $TMPDIR/hdr0 $TMPDIR/json0 $TMPDIR/area0
|
|
Packit Service |
a9384c |
erase_checksum $TMPDIR/area0
|
|
Packit Service |
a9384c |
chks0=$(calc_sha256_checksum_file $TMPDIR/area0)
|
|
Packit Service |
a9384c |
write_checksum $chks0 $TMPDIR/area0
|
|
Packit Service |
a9384c |
write_luks2_hdr0 $TMPDIR/area0 $TGT_IMG
|
|
Packit Service |
a9384c |
kill_bin_hdr $TMPDIR/hdr1
|
|
Packit Service |
a9384c |
write_luks2_hdr1 $TMPDIR/hdr1 $TGT_IMG
|
|
Packit Service |
a9384c |
}
|
|
Packit Service |
a9384c |
|
|
Packit Service |
a9384c |
function check()
|
|
Packit Service |
a9384c |
{
|
|
Packit Service |
a9384c |
read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr_res1
|
|
Packit Service |
a9384c |
local str_res1=$(head -c 6 $TMPDIR/hdr_res1)
|
|
Packit Service |
a9384c |
test "$str_res1" = "VACUUM" || exit 2
|
|
Packit Service |
a9384c |
|
|
Packit Service |
a9384c |
read_luks2_json0 $TGT_IMG $TMPDIR/json_res0
|
|
Packit Service |
a9384c |
chks_res0=$(read_sha256_checksum $TGT_IMG)
|
|
Packit Service |
a9384c |
test "$chks0" = "$chks_res0" || exit 2
|
|
Packit Service |
a9384c |
new_obj_len=$(jq -c -M '.keyslots."2".kdf | length' $TMPDIR/json_res0)
|
|
Packit Service |
a9384c |
test $((obj_len+2)) -eq $new_obj_len || exit 2
|
|
Packit Service |
a9384c |
}
|
|
Packit Service |
a9384c |
|
|
Packit Service |
a9384c |
function cleanup()
|
|
Packit Service |
a9384c |
{
|
|
Packit Service |
a9384c |
rm -f $TMPDIR/*
|
|
Packit Service |
a9384c |
rm -fd $TMPDIR
|
|
Packit Service |
a9384c |
}
|
|
Packit Service |
a9384c |
|
|
Packit Service |
a9384c |
test $# -eq 2 || exit 1
|
|
Packit Service |
a9384c |
|
|
Packit Service |
a9384c |
TGT_IMG=$1/$(test_img_name $0)
|
|
Packit Service |
a9384c |
SRC_IMG=$2
|
|
Packit Service |
a9384c |
|
|
Packit Service |
a9384c |
prepare
|
|
Packit Service |
a9384c |
generate
|
|
Packit Service |
a9384c |
check
|
|
Packit Service |
a9384c |
cleanup
|