eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-12 03:10:08 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,100 Commits 16 Branches 78 Tags
10a6318b1fdbf2b1910f68d0433a04470a1cffd7
Commit Graph

63 Commits

Author SHA1 Message Date
Milan Broz
10a6318b1f Fix cipher_null key setting in kernel crypto backend. 2016-02-21 18:57:15 +01:00
Milan Broz
2b91d7c385 Set skcipher key before accept() call in kernel crypto backend. 
Also relax input errno checking to catch all errors.
 2016-02-21 18:56:50 +01:00
Milan Broz
2aa0bb7eac Update LUKS default hash and kernel crypto api hash check. 2015-11-02 21:07:49 +01:00
Milan Broz
4609fd87d7 Fix PBKDF2 iteration benchmark for longer key sizes. 
The previous PBKDF2 benchmark code did not take into account
output key length.
For SHA1 (with 160-bits output) and 256-bit keys (and longer)
it means that the final value was higher than it should be.

For other hash algorithms (like SHA256 or SHA512) it caused
that iteration count was smaller (in comparison to SHA1) than
expected for the requested time period.

This patch fixes the code to use key size for the formatted device
(or default LUKS key size if running in informational benchmark mode).

Thanks to A.Visconti, S.Bossi, A.Calo and H.Ragab
(http://www.club.di.unimi.it/) for point this out.
(Based on "What users should know about Full Disk Encryption
based on LUKS" paper to be presented on CANS2015).
 2015-10-29 11:52:18 +01:00
Milan Broz
d7d76e72f7 Update URLs (->gitlab.com). 
The code.google is going to be abandoned.
Thank you you for all the fish.
 2015-03-19 11:23:16 +01:00
Milan Broz
979aec773e Fix activation using (UNSECURE) ECB mode. 
Apparently there are some people using ECB.

This mode by design do not use any IV, unfortunately
kernel dmcrypt allows to specify them (but userspace crypto api don't).

Let support activation as it was in previous version.

Should fix issue#238.
 2015-01-15 13:21:42 +01:00
Milan Broz
f7b61b2617 Prevent compiler to optiize-out memset for on-stack variables. 
Also see
https://cryptocoding.net/index.php/Coding_rules#Prevent_compiler_interference_with_security-critical_operations

The used code is inspired by the code in Blake2 implementation.
 2015-01-11 20:26:45 +01:00
Milan Broz
e84b1ed7c0 Fix scan-build warning (null use). 
Probably false positive but defensive approach is better here.
 2014-08-10 16:06:21 +02:00
Milan Broz
dc8c47d936 Fallback to old temporary device mapping method if hash is not supported. 2014-07-12 20:30:24 +02:00
Milan Broz
54c7a2b0aa Fix signed/unsigned compiler warnings. 2014-06-29 11:55:11 +02:00
Milan Broz
dfd46df8a5 Properly fail for unsupported IVs. 2014-06-29 10:38:50 +02:00
Milan Broz
d5a72cd65a Fix typo in kernel backend. 2014-06-26 15:38:51 +02:00
Milan Broz
aedf39a9ca Remove unused static declaration. 2014-06-17 22:01:59 +02:00
Milan Broz
6be21469fb Use internel PBKDF2 in Nettle library for Nettle crypto backend. 
This also requires Nettle >= 2.6.
 2014-06-17 21:54:14 +02:00
Milan Broz
4d30237f7a Handle error better in storage wrapper. 2014-06-01 22:02:32 +02:00
Milan Broz
a3c0f6784b Process LUKS keyslots in userspace through kernel crypto wrapper. 
This allow LUKS handling without requiring root privilege.

The dmcrypt device-mapper is used only for device activation now.
 2014-06-01 21:34:21 +02:00
Milan Broz
1436f2a0a0 Add wrapper for cipher block size query. 
There is no better way for now without loading crypto modules.
 2014-06-01 20:56:17 +02:00
Milan Broz
9563aa33c8 Fix PBKDF2 for crypto backens which does not support long HMAC keys. 
(Or it rehases key in every iteration.)

- Kernel backens seems not to support >20480 HMAC key
- NSS is slow (without proper key reset)

Add some test vectors (commented out by default).
 2014-04-13 19:34:50 +02:00
Milan Broz
ad2f50316f Fix memory leak in Nettle crypto backend. 2014-02-05 17:17:55 +01:00
Milan Broz
75c105f853 Do not retry to test gcrypt whirlpool bug. 2014-01-21 20:55:21 +01:00
Milan Broz
680eb76e45 Add internal shortcut for flawed whirlpool hash in gcrypt. 2014-01-19 20:31:48 +01:00
Milan Broz
461011ad2a Add test for flawed Whirlpool hash to gcrypt backend. 
Will be used later, for now add info to debug.
Ref: http://lists.gnupg.org/pipermail/gcrypt-devel/2014-January/002889.html
 2014-01-18 13:05:56 +01:00
Milan Broz
7415c5858d Count system time in PBKDF2 benchmark if kernel return no self usage info. 
This is kind of workaround for Issue#192...
 2013-12-22 10:12:36 +01:00
Cristian Rodríguez
1349efa34d Fix buildsytem to always include config.h. 
- config.h must always be the first file to be included
- Use AM_CFLAGS and AM_LDFLAGS consistently and properly.

(Modified to disable build without largefile support etc
by Milan Broz <gmazyland@gmail.com>)
 2013-06-23 17:14:33 +02:00
Milan Broz
fe4175b551 Fix some extended compile warning. 2013-01-10 17:26:19 +01:00
Milan Broz
310bf08568 Do not include pbkdf2 prototype in header if code is not compiled in. 2013-01-10 16:48:47 +01:00
Milan Broz
c040b4821d Fix null blocks in kernel backend. 2013-01-10 15:37:26 +01:00
Milan Broz
ca75cd940f Prepare supported PBKDF2 implementation autodetection for gcrypt. 2013-01-03 14:11:52 +01:00
Dave Reisner
ab080ab544 build: use AM_CPPFLAGS instead of INCLUDES 
The latter is marked as deprecated as of automake 1.12.4:

warning: 'INCLUDES' is the old name for 'AM_CPPFLAGS' (or '*_CPPFLAGS')
 2012-12-30 18:36:46 +01:00
Milan Broz
46de69d0e6 Add kernel userspace header detection. 
Add --disable-kernel_crypto to allow compilation with old kernel.
 2012-12-30 12:28:30 +01:00
Milan Broz
7eccb7ff50 Change License for sub-libraries from GPLv2 only to LGPLv2.1+ ("or any later") 
This includes crypto, loopaes, tcrypt handling code I have written myself
and verity code written originally by Mikulas Patocka and modified by me,
copyright by Red Hat.

Other part of library have to stay GPLv2+ only for now
(no agreement from all authors).
 2012-12-29 11:47:28 +01:00
Milan Broz
29f21208a0 Change License from GPLv2 only to GPLv2+ ("or any later"). 
Agreed by all copyright authors.
 2012-12-29 11:33:54 +01:00
Milan Broz
83f02e6682 Add copyright line for files I have written or modified. 2012-12-21 16:40:33 +01:00
Milan Broz
80d21c039e Fix some problems found by Coverity scan. 2012-12-10 17:28:52 +01:00
Milan Broz
bd494d23c5 Add PBKDF2 benchmark. 2012-12-05 20:35:42 +01:00
Milan Broz
a4585423fd Remove some gcc extra warnings (signed/unsigned problems etc). 2012-12-02 23:13:59 +01:00
Milan Broz
6123541d80 Add missing pbkdf check file. 2012-11-30 17:05:03 +01:00
Milan Broz
eac953c6e4 Fix skcipher failure handling. 2012-11-30 13:37:14 +01:00
Milan Broz
d7fc953fa2 Handle kernel crypto api init failure better. 2012-11-29 18:01:02 +01:00
Milan Broz
7199662fbb Add kernel skcipher backend. 2012-11-19 21:21:40 +01:00
Milan Broz
a14a2137e7 Add CRC32 implementation. 2012-11-19 21:18:18 +01:00
Milan Broz
16ac703008 Move PBKDF2 into crypto backend wrapper. 
Implement new KDF bechmark check.
Use internal openssl kdf (and prepare gcrypt one).
 2012-11-19 21:17:55 +01:00
Milan Broz
aba52fa878 Fix compilation with old NSS (no GetVersion). 2012-05-27 22:35:14 +02:00
Milan Broz
11ee2876a6 Implement more RNG backend wrappers. 2012-05-27 01:09:40 +02:00
Milan Broz
20eea64334 Add version string to crypto backend. 
Move fips check to libcryptsetup.
Clean up internal.h use.
 2012-05-27 00:48:10 +02:00
Milan Broz
cf1e6fb847 Implement crypt RNG wrapper (for FIPS mode), use it for SALT and KEY RNG levels. 2012-05-21 14:32:39 +02:00
Milan Broz
45e0942755 Add --enable-fips for linking with fipscheck library. 
Initialize binary and library selfcheck if running in FIPS mode.

(Actually available only on Fedora/Red Hat distros.)
 2012-05-21 14:09:57 +02:00
Milan Broz
54b21c6e46 Add --enable-fips option. Request new gcrypt if set. 2012-05-20 22:24:24 +02:00
Milan Broz
ee8425b836 Version 1.4.2. 
Add header and copyright for header files.
 2012-04-02 22:03:05 +02:00
Milan Broz
7835b365a7 Fix FSF address in license text according to 
http://www.gnu.org/licenses/old-licenses/gpl-2.0.html

git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@671 36d66b0a-2a48-0410-832c-cd162a569da5
 2011-11-02 22:35:21 +00:00