eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-24 09:10:07 +01:00
Code Issues Packages Projects Releases Wiki Activity
964 Commits 13 Branches 81 Tags
02f860140dd78a55ff3227d82bb4438f8a2362b8
Commit Graph

437 Commits

Author SHA1 Message Date
Milan Broz
02f860140d Fix trailing space. 2014-06-23 23:30:11 +02:00
Milan Broz
bb8dbfdf5b Update author name. 2014-06-23 21:40:12 +02:00
Milan Broz
8e380183f8 Print minimal device size if LUKS header space is too small. 2014-06-22 17:51:31 +02:00
Ondrej Kozina
4f89028c67 modify FIPS checks 
- we need a way to notify an user about running misconfigured system which
will turn to be unusable in real FIPS mode. For more details look at:
http://bugzilla.redhat.com/show_bug.cgi?id=1009707#c25

- also fixes invisble verbose log about running in FIPS mode due to its misplacement
 2014-06-22 17:24:10 +02:00
Milan Broz
1a6e1ae918 Always remove temporary active device name on load and format. 2014-06-17 22:28:51 +02:00
Milan Broz
aedf39a9ca Remove unused static declaration. 2014-06-17 22:01:59 +02:00
Milan Broz
6be21469fb Use internel PBKDF2 in Nettle library for Nettle crypto backend. 
This also requires Nettle >= 2.6.
 2014-06-17 21:54:14 +02:00
Milan Broz
e0d3ff8aeb Fix non-header context init for device in use. 2014-06-14 23:04:43 +02:00
Milan Broz
0614ab6b07 Allow simple status of crypt device without providing metadata header. 
If device is activated, we can provide some information from
active kernel parameters instead of header.
 2014-06-14 17:42:57 +02:00
Milan Broz
4d30237f7a Handle error better in storage wrapper. 2014-06-01 22:02:32 +02:00
Milan Broz
a3c0f6784b Process LUKS keyslots in userspace through kernel crypto wrapper. 
This allow LUKS handling without requiring root privilege.

The dmcrypt device-mapper is used only for device activation now.
 2014-06-01 21:34:21 +02:00
Milan Broz
1436f2a0a0 Add wrapper for cipher block size query. 
There is no better way for now without loading crypto modules.
 2014-06-01 20:56:17 +02:00
Milan Broz
9563aa33c8 Fix PBKDF2 for crypto backens which does not support long HMAC keys. 
(Or it rehases key in every iteration.)

- Kernel backens seems not to support >20480 HMAC key
- NSS is slow (without proper key reset)

Add some test vectors (commented out by default).
 2014-04-13 19:34:50 +02:00
Milan Broz
cad0cbf0c8 Fix integer type warnings in debug log. 2014-04-13 16:41:29 +02:00
Cristian Rodríguez
a809224ec7 Fix all format string issues found by the attribute format patch 2014-04-12 08:52:20 +02:00
Cristian Rodríguez
ae23ecb9b2 annotate two function with __attribute__ ((format (printf... 
Helps to find format strings bugs..
 2014-04-12 08:52:06 +02:00
Milan Broz
2e97d8f8e8 Prepare version 1.6.4. 2014-02-27 14:36:13 +01:00
Milan Broz
7effba0f71 Fix return codes from LUKS_set_key. 2014-02-27 14:19:01 +01:00
Milan Broz
ad2f50316f Fix memory leak in Nettle crypto backend. 2014-02-05 17:17:55 +01:00
Milan Broz
75c105f853 Do not retry to test gcrypt whirlpool bug. 2014-01-21 20:55:21 +01:00
Milan Broz
680eb76e45 Add internal shortcut for flawed whirlpool hash in gcrypt. 2014-01-19 20:31:48 +01:00
Milan Broz
461011ad2a Add test for flawed Whirlpool hash to gcrypt backend. 
Will be used later, for now add info to debug.
Ref: http://lists.gnupg.org/pipermail/gcrypt-devel/2014-January/002889.html
 2014-01-18 13:05:56 +01:00
Milan Broz
486ec44c3e Fix previous commit (do not print warning even for wrong passphrase). 2014-01-01 21:11:12 +01:00
Milan Broz
8dc4877697 Fix error message when some algoritmhs are not available. 
Fixes http://www.saout.de/pipermail/dm-crypt/2013-December/003721.html
 2013-12-29 09:56:23 +01:00
Milan Broz
7415c5858d Count system time in PBKDF2 benchmark if kernel return no self usage info. 
This is kind of workaround for Issue#192...
 2013-12-22 10:12:36 +01:00
Milan Broz
004dc271a4 Fix wrong block size if used on 4k block fs through loop device. 
Always use page size if running through loop device.
 2013-12-08 16:09:25 +01:00
Milan Broz
a9b24ccc82 Remove obsoleted warning. 2013-12-08 00:04:32 +01:00
Milan Broz
c57071a43a Fix TCRYPT system encryption mapping for multiple partitions. 
Since this commit, one can use partition directly as device parameter.

Should fix Issue#183 and Issue#188.
 2013-12-07 23:58:56 +01:00
Milan Broz
f3e398afc5 Rewrite cipher benchmark loop. 
Using getrusage seems toi give not adequate precision,
so use clock_gettime and try to scale buffer size a bit
on high performance systems.

If it still fail, return ERANGE error instead calculating
completely unreliable numbers.

Should fix Issue#186.
 2013-12-01 10:55:35 +01:00
Ondrej Kozina
f30bbbffe7 Fix minimal size expectations failure for backup header file 
- backup header file must be page size aligned
- fix for https://bugzilla.redhat.com/show_bug.cgi?id=1030288
- add regression test to api-tests
 2013-11-21 19:48:12 +01:00
Milan Broz
58b5be440f Fix initialization of unknown used device. 
dm_query can return open count, this should be processed
as success (and properly fail later ;-)
 2013-11-19 20:57:23 +01:00
Milan Broz
626801f7df Unify LUKS type check. 
Warn if device type is not set (incompatible activation
either by manual dmsetup or other tools).
 2013-11-19 20:50:36 +01:00
Dave Reisner
18901fd501 libdevmapper: correctly compare major and minor versions 
Previously, this code could incorrectly identify a version of crypt or
dm due to the way it compared versions. For example, if a feature was
gated on crypt version 1.5, it would disable the feature for crypt
version 2.2.
 2013-11-14 08:32:02 +01:00
Milan Broz
5b86cb5cc2 Enable TCW dmcrypt version check (patch should be in kernel 3.13). 2013-11-10 22:20:30 +01:00
Milan Broz
ce23225e46 Check if provided cipher and mode is usable before writing LUKS header to disk. 
If user provided unusable cipher-mode string, LUKS header was written and
keyslot creation failed later.

Better check early (by creating fake dmcrypt device) if cipher is usable
and fail early (without writing LUKS header to device).

Fixes Issue#176
 2013-11-10 22:11:00 +01:00
Milan Broz
09c229fe6c Support limitation for "plain" hash (no hash). 
This can be used for mapping problematic cryptosystems which
wipes some key (losetup sometimes set last byte to zero).
 2013-11-10 19:31:02 +01:00
Milan Broz
db56125708 Fix hash limiting if parameter is not a number. 
If hash lenght specification was not a number, the whole key was set
to zero instead of command failure.

Resolves
https://bugzilla.redhat.com/show_bug.cgi?id=1028362
 2013-11-10 19:08:01 +01:00
Ondrej Kozina
a21c0503f8 make FIPS checks compliant with new guidance 
(gmazyland: Simplified this NIST nonsense, should be still exactly
equivalent to former patch)
 2013-11-10 18:10:39 +01:00
Milan Broz
54c1f71bd3 Detect presence of TCW mode support in kernel dmcrypt. 2013-10-20 13:20:22 +02:00
Milan Broz
a7e2809466 Properly calculate key sizes (inluding IV seed and whitening) for TCRYPT. 
Also prepare code for possible activation through dmcrypt for some
CBC container variants.
 2013-10-20 13:07:24 +02:00
Milan Broz
3f66e9fe4b Fix error path for DM UUID wrong format. 2013-10-20 13:06:16 +02:00
Milan Broz
b2283f045a Version 1.6.2. 2013-08-04 19:01:55 +02:00
Milan Broz
cfeaaa02fc Fix sscanf cipher string and avoid warning wih -fsanitize=address. 
Code need to count terminating zero.
 2013-07-23 22:07:13 +02:00
Milan Broz
3be96efe0b Map TCRYPT system encryption through partition. 
Kernel doesn't allow mapping through whle device if some
other partition an the device is used.

So first try to find partition device which match
system encryption (== TCRYPT partition system encryption)
and use that.
 2013-06-30 10:46:21 +02:00
Milan Broz
99a2486b09 Simplify sysfs helpers. 2013-06-30 09:05:43 +02:00
Milan Broz
c3c65ee864 Use internally common uint64 parsing for sysfs values. 2013-06-29 13:06:04 +02:00
Milan Broz
db0f5f8d22 Add kernel version to DM debug output. 2013-06-29 11:28:33 +02:00
Mikulas Patocka
4f990d5a74 dm-verity: Fix a boundary condition that caused failure for certain device sizes 
On Fri, 28 Jun 2013, Mikulas Patocka wrote:

Fix a boundary condition that caused failure for certain device sizes

The problem is reported at
http://code.google.com/p/cryptsetup/issues/detail?id=160

This is the userspace fix.

Signed-off-by: Mikulas Patocka <mpatocka@redhat.com
 2013-06-28 17:05:45 +02:00
Cristian Rodríguez
1349efa34d Fix buildsytem to always include config.h. 
- config.h must always be the first file to be included
- Use AM_CFLAGS and AM_LDFLAGS consistently and properly.

(Modified to disable build without largefile support etc
by Milan Broz <gmazyland@gmail.com>)
 2013-06-23 17:14:33 +02:00
Milan Broz
42b0ab437a Print a warning if system encryption is used and device is a partition. 
System encryption hav metadata in space located ouside of
partition itself.

Ideally the check should be automatic but for virtualized systems
(where a partition could be "whole device" for another sustem this
can be dangerous.
 2013-06-23 15:26:45 +02:00