eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-11 19:00:02 +01:00
Code Issues Packages Projects Releases Wiki Activity
4,035 Commits 15 Branches 78 Tags
0ca1e680db26aedab26b879b81b9dce5cb013570
Commit Graph

233 Commits

Author SHA1 Message Date
Milan Broz
0bb7098fd8 Add integritysetup command line tool for the dm-integrity standalone setting. 
The dm-integrity target is intended to be used for authenticated
encryption through LUKS and dm-crypt.

It can be used in standalone as well; for this use case there
is a simple configuration utility called integritysetup
(similar to veritysetup to dm-verity).
 2017-05-28 09:22:17 +02:00
Milan Broz
fc0bef732b Add FEC offset parameter for verity. 2017-04-03 12:34:50 +02:00
Milan Broz
7307293c87 Use explicit 32bit value in API for FEC roots. 2017-04-03 10:15:44 +02:00
Sami Tolvanen
c2cf33af24 WIP: Add support for verity FEC. 2017-04-01 21:23:10 +02:00
Milan Broz
98368c4770 Update copyright years. 2017-03-12 13:17:15 +01:00
Daniel Reichelt
9a798a766e support PIM parameter for VeraCrypt compatible devices 
This patch adds the --veracrypt-pim=INT and --veracrypt-query-pim command-
line parameters to support specification of or being queried for a custom
Personal Iteration Multiplier respectively. This affects the number of
iterations for key derivation from the entered password. The manpage is
also updated accordingly.

Fixes Issue #307.
 2017-03-02 09:11:23 +01:00
Milan Broz
4dd703ea6c Support activation options for error handling modes in dm-verity. 
This patch adds veritysetup support for these Linux kernel dm-verity options:

  --ignore-corruption - dm-verity just logs detected corruption
  --restart-on-corruption - dm-verity restarts the kernel if corruption is detected

  If the options above are not specified, default behaviour for dm-verity remains.
  Default is that I/O operation fails with I/O error if corrupted block is detected.

  --ignore-zero-blocks - Instructs dm-verity to not verify blocks that are expected
   to contain zeroes and always return zeroes directly instead.

NOTE that these options could have serious security or functional impacts,
do not use them without assessing the risks!
 2016-05-04 10:07:47 +02:00
Milan Broz
9cbe74c2db Remove last error handling (error is logged). 2015-11-20 09:18:58 +01:00
Milan Broz
d293de579a Fix various backward incompatibilities in password processing. 2015-11-20 09:18:31 +01:00
Milan Broz
4aea3b81ee Remove password callback interface. 
This was a design mistake and should not be handled inside libcryptsetup code.
 2015-11-20 09:18:31 +01:00
Milan Broz
f0986be2e3 Export crypt_keyfile_read(). 2015-11-20 09:18:31 +01:00
Milan Broz
f238e8c075 Add 1.6.8 release notes. 2015-09-08 12:26:54 +02:00
Milan Broz
def397d0c8 Update libcryptsetup.h comments. 2015-08-26 16:10:10 +02:00
Milan Broz
8aee4f95fb Clarify using of VeraCrypt modes in libcryptsetup.h. 2015-02-25 10:55:24 +01:00
Milan Broz
1f2d8de95f Support VeraCrypt devices (TrueCrypt extension). 
Add CRYPT_TCRYPT_VERA_MODES libcryptswtup flag and
--veracrypt option.

Fixes issue#245.
 2015-02-24 22:04:15 +01:00
Milan Broz
4f7b413638 Add low-level performance options for dmcrypt tuning. 
The patch adds the two options
  --perf-same_cpu_crypt
  --perf-submit_from_crypt_cpus
that set the same named options inside dmcrypt
(available in Linux kernel 3.20 and later).
 2015-02-20 16:46:34 +01:00
Milan Broz
3add769b51 Add deprecation warning about internal terminal password query. 2014-06-28 13:49:26 +02:00
Milan Broz
bb8dbfdf5b Update author name. 2014-06-23 21:40:12 +02:00
Milan Broz
2e97d8f8e8 Prepare version 1.6.4. 2014-02-27 14:36:13 +01:00
Milan Broz
f3e398afc5 Rewrite cipher benchmark loop. 
Using getrusage seems toi give not adequate precision,
so use clock_gettime and try to scale buffer size a bit
on high performance systems.

If it still fail, return ERANGE error instead calculating
completely unreliable numbers.

Should fix Issue#186.
 2013-12-01 10:55:35 +01:00
Milan Broz
e600024908 Fix passphrase pool overflow for TCRYPT device id passphrase > pool size. 
TCRYPT format limits passphrase length to max. 64 characters so simply error in this case.
 2013-02-14 14:37:50 +01:00
Milan Broz
5cb5aeba36 Fix doxygen doc for libcryptsetup.h. 2013-01-14 00:22:50 +01:00
Milan Broz
29f21208a0 Change License from GPLv2 only to GPLv2+ ("or any later"). 
Agreed by all copyright authors.
 2012-12-29 11:33:54 +01:00
Milan Broz
e4c4049741 Add basic support for system TCRYPT device. 
Rename option hidden to tcrypt-hidden.
 2012-12-22 22:34:09 +01:00
Milan Broz
83f02e6682 Add copyright line for files I have written or modified. 2012-12-21 16:40:33 +01:00
Milan Broz
05af3a3383 Move change key into library (add crypt_keyslot_change_by_passphrase). 
This change is useful mainly in FIPS mode, where we cannot
extract volume key directly from libcryptsetup.
 2012-12-07 15:33:47 +01:00
Milan Broz
bd494d23c5 Add PBKDF2 benchmark. 2012-12-05 20:35:42 +01:00
Milan Broz
5aef0809d4 Add TCRYPT documentation, 2012-12-02 21:32:49 +01:00
Milan Broz
17a8e85cb8 TCRYPT: add backup header option. 2012-11-26 13:15:08 +01:00
Milan Broz
0996a43dbb TCRYPT: parse cipher chain on init. 2012-11-22 17:28:03 +01:00
Milan Broz
911ffe81f0 TCRYPT: implement (most of) legacy modes support. 2012-11-19 21:25:57 +01:00
Milan Broz
ecf993834c TCRYPT: support keyfiles 2012-11-19 21:25:26 +01:00
Milan Broz
3cbb43a73a Add basic TCRYPT library. 2012-11-19 21:24:59 +01:00
Milan Broz
db97d3d8c8 Add simple cipher benchmarking. 2012-11-19 21:22:43 +01:00
Milan Broz
f45d4d0755 Add crypt_keyslot_area() API call. 
Useful if you want to analyze/wipe area of disk used for keyslot
from external tool.
 2012-09-11 11:59:06 +02:00
Milan Broz
3532be48c7 Fix libcryptsetup.h docs for verity type. 2012-07-09 18:47:05 +02:00
Milan Broz
b402f087d7 Verity salt size is really uint16 in sb and uint32 internally. 2012-06-11 13:30:41 +02:00
Milan Broz
697c6c9324 Prepare new superblock format. 2012-06-09 22:02:06 +02:00
Milan Broz
6d07be898d Enhance status of active device. 2012-06-09 18:28:00 +02:00
Milan Broz
4b0b82adc5 Rewrite veritysetup to use libcryptsetup. 2012-06-07 00:18:49 +02:00
Milan Broz
65c4c62f78 Include stddef.h in libcryptsetup.h (size_t definition). 2012-05-28 09:44:35 +02:00
Milan Broz
ba7d9967a8 Allow "private" activation (skip some udev global rules) flag. 2012-05-02 16:51:58 +02:00
Milan Broz
f720affe8c Relax --shared test, allow mapping even for overlapping segments. 
Support shared flag for LUKS devices (dangerous).
 2012-05-02 00:58:54 +02:00
Milan Broz
8818eb2687 Fix requested_type description in header. 2012-04-19 09:47:58 +02:00
Milan Broz
ee8425b836 Version 1.4.2. 
Add header and copyright for header files.
 2012-04-02 22:03:05 +02:00
Milan Broz
bd047d03ef Add repair command and API for repairing known LUKS header problems. 2012-04-02 21:18:22 +02:00
Milan Broz
9511c91a79 Add --keyfile-offset and --new-keyfile-offset to cryptsetup. 
Add resume_by_keyfile_offset, add_kesylot_by_keyfile_offset and
activate_by_keyfile_offset to API.

Thanks to Matthew Monaco <matthew.monaco@0x01b.net>
 2012-03-29 18:35:07 +02:00
Milan Broz
1b982af46f Fix typo in iteration time api call. 
(To not break API keep old set_iterarion_time alias...)

git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@675 36d66b0a-2a48-0410-832c-cd162a569da5
 2011-11-06 22:44:52 +00:00
Milan Broz
94fb0b7781 Fix flag description comment. 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@638 36d66b0a-2a48-0410-832c-cd162a569da5
 2011-10-10 18:09:26 +00:00
Milan Broz
8c54d938ac Add crypt_last_error() API call (using crypt context). 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@623 36d66b0a-2a48-0410-832c-cd162a569da5
 2011-10-09 13:45:53 +00:00