eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-05 16:00:05 +01:00
Code Issues Packages Projects Releases Wiki Activity
4,477 Commits 14 Branches 78 Tags
12eb04094304467232348e99df0fbf95074d35b3
Commit Graph

669 Commits

Author SHA1 Message Date
Milan Broz
4cdd826282 Check exit value for snprintf where it makes sense. 2021-05-18 22:07:47 +02:00
Milan Broz
413b484774 Add some fixes and workarounds for gcc-11 static analyzer. 
Not everything is a real bug (false positive rate is very high here),
but the code is actually more readable.
 2021-05-18 17:28:47 +02:00
Ondrej Kozina
8f2b23cd94 Refactor LUKS2 token activation. 
Replace LUKS2_token_open_and_activate and
LUKS2_token_open_and_activavate_any with single function
instead.
 2021-04-15 21:41:06 +02:00
Ondrej Kozina
e6089dd9c9 Reflect on some incompatible changes in GCC 10. 
Starting with GCC10 and LTO enabled, current symbols
versioning hack does not work anymore. This patch
reflects on that and should be compatible with older
compilers that does not support __attribute__((symver))
yet.

Inspired by following code:
https://github.com/linux-rdma/rdma-core/blob/master/util/symver.h
 2021-04-12 20:38:19 +02:00
Ondrej Kozina
bd4f374b47 Fix supposed debug message. 2021-03-25 08:44:42 +01:00
Ondrej Kozina
8d0e90b90a Autodetect optimal encryption sector size on LUKS2 format. 2021-03-24 16:14:35 +01:00
Ondrej Kozina
1aeb0a1f6e Set data device loop block size to encryption sector size. 2021-03-23 16:40:57 +01:00
Ondrej Kozina
78797ae078 Rename PIN enable token activation API function. 2021-03-19 15:26:36 +01:00
Ondrej Kozina
96d83455ca Add API for activating device by specific token type. 2021-03-19 15:26:35 +01:00
Ondrej Kozina
5d0a11a21b Add pin size parameter in crypt_active_by_pin_token. 
Well, after all it really should have supported binary data
of arbitrary length.
 2021-03-18 18:06:13 +01:00
Ondrej Kozina
8e8ecd50de Fix luksResume when called on non-LUKS device. 2021-02-24 16:06:19 +01:00
Ondrej Kozina
6a8bade7e6 Allow LUKS resume for device with cipher_null. 2021-02-24 15:57:11 +01:00
Ondrej Kozina
3367b78958 Unify crypt_resume_by internal code. 2021-02-24 15:57:11 +01:00
Ondrej Kozina
28603e4de7 Do not upload VK in keyring when data cipher is null. 2021-02-24 15:57:11 +01:00
Ondrej Kozina
d8cf203d46 Remove redundant check. 
It can't be non-LUKS2 device at this branching.
 2021-02-24 15:57:11 +01:00
Milan Broz
6dd347ddb4 Rewrite reload code to avoid two goto labels. 2021-02-17 10:03:18 +01:00
Milan Broz
639ffa36a5 Rename goto err to out, it is not error path only. 
Also try to use the same "goto out" pattern everywhere.
 2021-02-17 10:03:18 +01:00
Milan Broz
05f9297141 Avoid goto patern in crypt_init. 
Also device_free is not needed, it never allocates anything in error path.
 2021-02-17 10:03:18 +01:00
Ondrej Kozina
ed2117c724 Fix device comparison for dm-crypt with cipher_null. 
Do not compare volume keys if segment uses cipher_null.
The key is ignored by lower layer (internal libdevmapper)
anyway.
 2021-02-16 18:08:35 +01:00
Ondrej Kozina
bc7511762f Do not upload vk in keyring for cipher_null segment. 
It does not make sense to upload volume keys in
kernel keyring if segment cipher is cipher_null.
The real volume_key is thrown away and replaced
with empty key anyway.
 2021-02-16 18:08:35 +01:00
Ondrej Kozina
7d912c7d3e Make crypt_keyslot_set_encryption a bit more robust. 
Nitpicking(tm) but let's not free old cipher spec unless
we have valid new one.
 2021-02-16 18:08:34 +01:00
Milan Broz
12cc7ea745 Simplify include directories. 
To avoid confusion, use just one lib include and specify sub-directories
for format inclusions.
This should also help some analysis tools to find proper includes.
 2021-02-11 13:14:58 +01:00
Milan Broz
4471452105 Remove some stale FIXME markings. 2021-02-11 11:12:11 +00:00
Milan Broz
d703301fe8 Mark or remove unused parameters. 
Mark unused parameters with proper attribute where it is a part
of API or some internal logic.

And remove other unused parameters completely.
 2021-02-11 11:12:11 +00:00
Milan Broz
12ff94c02f Rename verion function to avoid conflict with crypto backend. 2021-02-11 11:12:11 +00:00
Milan Broz
37cc06444d Add crypt_dump_json() API call. 
Add API call that can directly print JSON metadata area from LUKS2 device.

For commandline it also adds --dump-json-metadata option for luksDump action.

Note that the binary metadata (UUID, version etc) is not part of this output.
(We reserve flags parameter to be able to add this later.)

Fixes: #511
 2021-02-01 14:38:29 +01:00
Milan Broz
2d10545e70 Check if there is a free space in keyslot area early (LUKS2). 
The code expects that change key is done in-place if there is not
a free space in keyslot area for safe key swap.

This patch makes the code behaves the same as in LUKS1,
luksChangeKey now works the same.
 2021-02-01 11:57:35 +00:00
Milan Broz
04b781d613 Retain keyslot number in luksChangeKey for LUKS2. 
With JSON, we can actually retain the slot number in all cases
(except user intentionally set new slot #).

This patch changes the crypt_keyslot_change_by_passphrase() API
call to retain keyslot number for LUKS2.

Fixes: #464
 2021-02-01 11:57:35 +00:00
Ondrej Kozina
fa84d60586 Fix crypt_keyslot_change_by_passphrase tokens bug. 
crypt_keyslot_change_by_passphrase broke token references
to keyslots while existing keyslot id was different from
new keyslot id.
 2021-01-29 18:17:53 +01:00
Milan Broz
d1d9dd8e20 Update Copyright year. 2021-01-25 22:00:25 +01:00
Luca Boccassi
24d349f491 verity: improve crypt_activate_by_signed_key debug log 
Check if a signature is actually available before logging that the
volume is being activated with a signed key.
 2021-01-25 14:28:02 +00:00
Milan Broz
0c29321407 Introduce crypt_header_is_detached API call. 
crypt_header_is_detached checks if initialized LUKS context uses detached header
(LUKS header located on a different device than data.)

This is a runtime attribute, it does not say if a LUKS device requires detached header.
 2020-12-29 23:23:32 +01:00
Milan Broz
ba92a5e865 Remove redundant LUKS type condition. 2020-12-28 18:02:10 +01:00
Milan Broz
8a12f6dc2c Add crypt_token_max() API to query max token id for LUKS2. 
Fixes #615.
 2020-12-28 17:57:24 +01:00
Vojtech Trefny
652081426b bitlk: Add support for activating BITLK devices using volume key 
Both with "crypt_activate_by_volume_key" and using cli with
--master-key option.
 2020-11-12 12:16:32 +01:00
Vojtech Trefny
406d2d8b0a bitlk: Allow dumping BitLocker master key (FVEK) using --dump-master-key 2020-11-12 12:16:32 +01:00
Ondrej Kozina
14c7148edd Enable user stored params with default log callback. 2020-10-18 13:06:20 +02:00
Milan Broz
42f4dcef88 Introduce crypt_logf and remove logger wrapper. 
Export (alredy existing) log function with variable parameter count.
 2020-10-18 13:03:44 +02:00
Luca Boccassi
3062a9ba91 libcrypsetup: add CRYPT_DEACTIVATE_DEFERRED_CANCEL for crypt_deactivate_by_name 
Allows to cancel a previously set deferred deactivation flag
for a specific device.

[mbroz: slight changes]
 2020-09-26 13:03:16 +02:00
Milan Broz
6ed739d9ca Print a visible error if requesting resize on unsupported format. 
Fixes: #571.
 2020-09-19 22:05:42 +02:00
Milan Broz
5d07b0730c Allow to use backup header for tcrypt format. 
TrueCrypt/VeraCrypt supports backup header, it seems to have
the same format as normal header.

Let's use --header option here, it can be used to unlock data partition
with header backup (open and dump commands).

Fixes: #587.
 2020-09-19 21:42:08 +02:00
Milan Broz
2ce8573f04 Add PIN processing to tokens. 2020-08-15 10:10:40 +02:00
Milan Broz
31ebf3dc2c libdevmapper: always return EEXIST if a task fails because the device already exists 
Allows concurrent opens to return a usable error instead of EINVAL
 2020-08-12 16:50:57 +01:00
Ondrej Kozina
c867f2e8a0 Unload all external tokens on exit. 2020-08-11 17:36:30 +02:00
Milan Broz
7d475266b6 Simplify internal tokens handling. 2020-08-09 13:17:40 +02:00
Milan Broz
4451df15b4 Rename luks2_reenc_context to luks2_reecrypt. 2020-07-07 14:20:39 +02:00
Milan Broz
f50062517e Rename crypt_get/set reenc_context to luks2_reencrypt. 2020-07-07 14:20:39 +02:00
Milan Broz
967e3de552 Rename LUKS2_reenc_status to LUKS2_reencrypt_status. 2020-07-07 14:20:39 +02:00
Milan Broz
d95472e757 Rename LUKS2_reencrypt_status to LUKS2_reencrypt_get_params to avoid confusion. 2020-07-07 14:20:39 +02:00
Milan Broz
3e0e5bac2a Use LUKS2_reencrypt prefix for function defined in luks2.h. 
This should clean up prefixes a little bit.
 2020-07-07 14:20:39 +02:00