eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-05 16:00:05 +01:00
Code Issues Packages Projects Releases Wiki Activity
2,464 Commits 14 Branches 78 Tags
080566a1fda76b87c8eabc813fc089144ac70d4d
Commit Graph

55 Commits

Author SHA1 Message Date
Milan Broz
080566a1fd Update copyright year. 2020-01-03 13:04:55 +01:00
Milan Broz
b03cb3f3d8 Export memory safe functions. 
Make crypt_safe_alloc/realloc/free and memzero part of API.
 2019-11-16 21:28:54 +01:00
Milan Broz
a6f5ce8c7b Update copyright year. 
And unify name copyright format.
 2019-01-25 09:45:57 +01:00
Milan Broz
9df042c0b8 Use explicit_bzero if available. 2018-10-04 15:21:01 +02:00
Milan Broz
e654fabe04 Add some new AEAD modes and allow SHA1 for integrity check. 
NOTE: all this code will be switched to generic checks, this list
is just a temporary hack.
 2018-05-21 15:29:49 +02:00
Milan Broz
1fe014dbae Update copyright year. 2018-01-20 17:55:21 +01:00
Milan Broz
f6e613a76f Revert cipher requirement in parse cipher. 
There is several specification that violate this (chacha20 etc).
Just use the old way...
 2018-01-18 22:42:34 +01:00
Milan Broz
c6a8b6471a Allow ECB in cipher spec (fixes previous patch). 2018-01-18 21:55:52 +01:00
Milan Broz
aeea93fa95 Properly fail in luksFormat if cipher format is missing required IV. 
For now, crypto API quietly used cipher witout IV if a cipher
algorithm wihtou IV specificaton was used (e.g. aes-xts).

This caused fail later during activation.

This patch allows only two specific backed use without specified IV
(ECB mode and NULL cipher).

Also check cipher string early during parsing of CLI options.
 2018-01-18 21:20:25 +01:00
Milan Broz
c56bdee177 Add backend support for new device-mapper kernel options. 
This patch adds support for using keyring for volume key
and support for new integrity fields for dm-crypt.

Also helpers for searching disk by id.

To be used later.
 2017-09-24 19:49:35 +02:00
Milan Broz
503956707c Move crypt_keyfile_read() to libcryptsetup internal file. 
The utils_crypt.c file is directly linked to userpsace tools,
we should use library call and not local implementation.
 2017-08-15 08:35:10 +02:00
Milan Broz
0abf57be5d Change PBKDF interface API. 
Prepare API for PBKDF that can set three costs
  - time (similar to iterations in PBKDF2)
  - memory (required memory for memory-hard function)
  - threads (required number of threads/CPUs).

This patch also removes wrongly designed API call
crypt_benchmark_kdf and replaces it with the new call
crypt_benchmark_pbkdf.

Two functions for PBKDF per context setting
are introduced: crypt_set_pbkdf_type and crypt_get_pbkdf_type.

The patch should be backward compatible when using
crypt_set_iteration_time function (works only for PBKDF2).

Signed-off-by: Milan Broz <gmazyland@gmail.com>
 2017-08-06 21:24:05 +02:00
Milan Broz
c80dbb2210 Fxi luksKill slot to work in batch mode in non-tty environment. 
If there is no TTY on stdin (like nohup or service) then
batch mode should not fail to kill slot.

For more info see Issue#329.
 2017-06-21 13:31:08 +02:00
Milan Broz
0bb7098fd8 Add integritysetup command line tool for the dm-integrity standalone setting. 
The dm-integrity target is intended to be used for authenticated
encryption through LUKS and dm-crypt.

It can be used in standalone as well; for this use case there
is a simple configuration utility called integritysetup
(similar to veritysetup to dm-verity).
 2017-05-28 09:22:17 +02:00
Milan Broz
5fdfc0b54a Fix AF prototypes and move then to af.h. 2017-04-14 13:25:21 +02:00
Milan Broz
98368c4770 Update copyright years. 2017-03-12 13:17:15 +01:00
Tobias Stoeckmann
a0587d4307 Avoid integer overflows during memory allocation. 
It is possible to overflow integers during memory allocation with
insanely large "key bytes" specified in a LUKS header.

Although it could be argued to properly validate LUKS headers while
parsing them, it's still a good idea to fix any form of possible
overflow attacks against cryptsetup in these allocation functions.
 2016-07-02 20:57:10 +02:00
VittGam
e7e5354332 Fix off-by-one error in maximum keyfile size. 
Allow keyfiles up to DEFAULT_KEYFILE_SIZE_MAXKB * 1024 bytes in size, and not that value minus one.

Signed-off-by: Vittorio Gambaletta <git-cryptsetup@vittgam.net>
 2016-04-19 03:58:10 +00:00
Milan Broz
d293de579a Fix various backward incompatibilities in password processing. 2015-11-20 09:18:31 +01:00
Milan Broz
5293f5aae1 Move terminal handling to tools wrapper. 2015-11-20 09:18:31 +01:00
Milan Broz
252cdef110 Extract keyfile read from get_key wrapper. 2015-11-20 09:18:31 +01:00
Milan Broz
7843415243 Move string_to_size to userspace tools. 2015-08-26 12:42:25 +02:00
Milan Broz
0dc245401f Allow to enter empty password through stdin pipe. 
Also always use empty passsword when using null cipher in tests.
 2015-07-02 08:18:12 +02:00
Milan Broz
f7b61b2617 Prevent compiler to optiize-out memset for on-stack variables. 
Also see
https://cryptocoding.net/index.php/Coding_rules#Prevent_compiler_interference_with_security-critical_operations

The used code is inspired by the code in Blake2 implementation.
 2015-01-11 20:26:45 +01:00
Ondrej Kozina
3cffadb508 fix possible close of unrelated fd on error path 
- infd var is uninitialised on error path in case where
  maxlen is less than 1
 2014-10-01 20:10:23 +02:00
Milan Broz
7b42254975 Workaround for scan-build false positive. 
Also tidy code to be more readable.
 2014-08-10 16:07:47 +02:00
Milan Broz
29f21208a0 Change License from GPLv2 only to GPLv2+ ("or any later"). 
Agreed by all copyright authors.
 2012-12-29 11:33:54 +01:00
Milan Broz
83f02e6682 Add copyright line for files I have written or modified. 2012-12-21 16:40:33 +01:00
Milan Broz
89e09afdf6 Fix some problems found by Coverity static analysis. 2012-09-19 13:58:00 +02:00
Milan Broz
af2730fe2a Always zero memory in crypt_safe_alloc. 2012-08-27 16:28:00 +02:00
Dave Reisner
961682aa6b lib/utils_crypt: optimize seek to keyfile-offset 
Avoid using unbuffered reads when "seeking" to a keyfile offset. This is
abysmally slow when the key is hidden at the end of a large device.
Instead, try to actually call lseek, falling back on reading in chunks
of BUFSIZ bytes until the desired offset is reached.

Command line:

  cryptsetup luksOpen /dev/vdc1 home \
      --keyfile /dev/vdd --keyfile-size 4096 --keyfile-offset 123456789

Before:

  real   0m25.589s
  user   0m7.030s
  sys    0m18.479s

After:

  real   0m4.464s
  user   0m4.253s
  sys    0m0.157s
 2012-08-27 13:10:00 +02:00
Milan Broz
b684fffdaf Switch to use unit suffix for --reduce-device-size option. 2012-06-25 16:06:43 +02:00
Milan Broz
fb3b62ca02 Add --device-size option for reencryption tool. 2012-06-25 15:34:11 +02:00
Milan Broz
a9d9a2ad44 Fix hex_to_bytes and add it to common utils. 2012-06-18 17:09:48 +02:00
Milan Broz
5e52599326 Do not use IV for null cipher. 2012-05-26 20:44:14 +02:00
Milan Broz
c2a33b480f Allow empty cipher (cipher_null). 2012-05-20 21:38:23 +02:00
Yuri Chornoivan
1562879369 Fix typo 2012-04-22 22:04:42 +02:00
Milan Broz
ee8425b836 Version 1.4.2. 
Add header and copyright for header files.
 2012-04-02 22:03:05 +02:00
Milan Broz
9511c91a79 Add --keyfile-offset and --new-keyfile-offset to cryptsetup. 
Add resume_by_keyfile_offset, add_kesylot_by_keyfile_offset and
activate_by_keyfile_offset to API.

Thanks to Matthew Monaco <matthew.monaco@0x01b.net>
 2012-03-29 18:35:07 +02:00
Milan Broz
075fb8d261 Unify password verification option. 
Support password verification with quiet flag if possible. (1.2.0)
 2012-03-16 16:17:03 +01:00
Milan Broz
a5aa30be33 Fix use of empty keyfile (Issue 120). 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@702 36d66b0a-2a48-0410-832c-cd162a569da5
 2012-01-12 22:13:23 +00:00
Milan Broz
7835b365a7 Fix FSF address in license text according to 
http://www.gnu.org/licenses/old-licenses/gpl-2.0.html

git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@671 36d66b0a-2a48-0410-832c-cd162a569da5
 2011-11-02 22:35:21 +00:00
Milan Broz
be246c16ab Fix exit code if passphrases do not match in luksAddKey. (Issue 109) 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@625 36d66b0a-2a48-0410-832c-cd162a569da5
 2011-10-09 13:46:14 +00:00
Milan Broz
9ca1ac5a39 Remove another compile warnings. 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@515 36d66b0a-2a48-0410-832c-cd162a569da5
 2011-04-18 14:03:59 +00:00
Milan Broz
38590eaef2 Fix return code when passphrase is read from pipe. 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@486 36d66b0a-2a48-0410-832c-cd162a569da5
 2011-03-25 16:11:03 +00:00
Milan Broz
93da52f883 Rewrite key input handling, add limits. 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@474 36d66b0a-2a48-0410-832c-cd162a569da5
 2011-03-19 00:17:10 +00:00
Milan Broz
ddcdd76cc2 Specify copyright holders in source files. 
Add README notes.

git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@461 36d66b0a-2a48-0410-832c-cd162a569da5
 2011-03-14 14:17:38 +00:00
Milan Broz
49937ac591 Detect # of keys from cipher string. 
Fix status output string.

git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@417 36d66b0a-2a48-0410-832c-cd162a569da5
 2011-01-25 18:48:48 +00:00
Milan Broz
a70b27762d Fix some warnings if compiled with clang. 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@371 36d66b0a-2a48-0410-832c-cd162a569da5
 2010-11-15 16:19:19 +00:00
Milan Broz
f90edb6133 Simplify return codes from get key functions. 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@363 36d66b0a-2a48-0410-832c-cd162a569da5
 2010-11-13 16:41:29 +00:00