* Add shared flag to libcryptsetup api.
* Fix plain crypt format parameters to include size option (API change).
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@559 36d66b0a-2a48-0410-832c-cd162a569da5
* Fix key slot iteration count calculation (small -i value was the same as default).
* The slot and key digest iteration minimun is now 1000.
* The key digest iteration # is calculated from iteration time (approx 1/8 of that).
If something very strange happens, and the generated key is not completely random
(wrong RNG), attacker can skip the whole kesylot area processing and try to
brute force key according to limited set of keys.
The iteration time (default, inherited from slot iteration time, is cca 120ms)
can make this attack slower, if not impossible.
Note, that this is just theorethic problem, anyway it is better to be prepared
if possible:-)
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@159 36d66b0a-2a48-0410-832c-cd162a569da5
with various udev-event tools which wrongly scan and open
internal temporary cryptsetup devices.
If cryptsetup run in debug mode (--debug) and remove of device
fails, code scan /proc directory and tries to find process name
which locked that device.
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@141 36d66b0a-2a48-0410-832c-cd162a569da5
DM_UUID now contains prefix (CRYPT-), device type (LUKS1, PLAIN, TEMP),
UUID (if provided - LUKS) and device name.
Because e.g. snapshot of full LUKS device during activation must have different
name, DM-UUID is different too and we do not need --disable-uuid option.
DM-UUID is persistent during activation time.
* Revert (and solve different way): Replace not safe option --non-exclusive with --disable-uuid.
Signed-off-by: Milan Broz <mbroz@redhat.com>
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@105 36d66b0a-2a48-0410-832c-cd162a569da5
* Keyfile now must be provided by path, only stdin file descriptor is used (api only).
* Do not call isatty() on closed keyfile descriptor.
Signed-off-by: Milan Broz <mbroz@redhat.com>
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@93 36d66b0a-2a48-0410-832c-cd162a569da5
* Pad luks header to 512 sector size. We need read/write in whole
sector anyway and space is unused (wiped in luksFormat) so there is
no need for read/seek/write exercise.
* Rework read/write blockwise to not split operation to many pieces.
thanks to Sebastian Andrzej Siewior:
The buffer has to be aligned due to the O_DIRECT in open(). Currently a small
blocksize buffer is allocated and everything is read in multiple reads and
copied back to the original buffer. In my case AFEKSize gets computed to 64000
which results in 125 reads with 512 bytes each.
This patch changes this behavior to a single operation where the majority is
read()/write() plus an optional fixup in case the request is not modulo block
size.
* Use posix_memalign and check for alignment if available.
Othewise use old align functions. Add autoconf to detect posix_memalign.
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@74 36d66b0a-2a48-0410-832c-cd162a569da5
Device mapper device should use UUID string if possible.
UDEV can then easily distinguish the device type etc.
cryptsetup now uses CRYPT prefix for uuid.
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@55 36d66b0a-2a48-0410-832c-cd162a569da5
* write_lseek_blockwise: declare innerCount outside the if block
* add -Wall to the default CFLAGS
* fix some signedness issues
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@29 36d66b0a-2a48-0410-832c-cd162a569da5
