eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-19 14:50:09 +01:00
Code Issues Packages Projects Releases Wiki Activity
3,329 Commits 13 Branches 81 Tags
1595fcf4793c4e9300b20087afe94d2ee4b541a5
Commit Graph

3329 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Milan Broz
1595fcf479 Do not run keyed integrity resize tests for older kernel. 2022-03-29 14:17:53 +00:00
Milan Broz
c4c1ca2224 Use batch mode for integrity resize test. 2022-03-29 14:17:53 +00:00
Ondrej Kozina
2b42968e92 Port cryptsetup --new option to CRYPT_ARG_ALIAS type. 2022-03-29 12:54:58 +02:00
Ondrej Kozina
e2a5af9e64 Add new argument type CRYPT_ARG_ALIAS. 
It can be used to easily define option
aliases for command line utilities.
 2022-03-29 12:54:15 +02:00
Milan Broz
e4ed545cbf Remove debug line from api-test. 2022-03-28 22:27:54 +02:00
Ondrej Kozina
65be641f20 Refactor LUKS reencryption. 2022-03-24 15:14:32 +00:00
Ondrej Kozina
ce55fa4d1c Refactor LUKS decryption. 2022-03-24 15:14:32 +00:00
Ondrej Kozina
92baacadad Refactor LUKS encryption. 
It also adds hardened checks for accidental
nested device encryption.
 2022-03-24 15:14:32 +00:00
Ondrej Kozina
2e59229e5a Add checks for some conflicting requests. 
It also moves device load for reencryption purposes
further up in code path to better optimize the code
later.
 2022-03-24 15:14:32 +00:00
Ondrej Kozina
3f42b69fc8 Add reencrypt_luks2_resume helper. 
To be used later.
 2022-03-24 15:14:32 +00:00
Ondrej Kozina
b10c0b6a02 Simplify load_luks2_by_name. 
Also adds specific error messsage when device
is not actualy LUKS2.
 2022-03-24 15:14:32 +00:00
Ondrej Kozina
f388662418 Remove 'type' argument from load_luks helper. 
The code removal will help simplify further code
changes.
 2022-03-24 15:14:32 +00:00
Ondrej Kozina
8bc10ee853 Rename luks2 reencryption initialization routines. 2022-03-24 15:14:32 +00:00
Ondrej Kozina
b663b9305c Add helper for checking data device type during encryption. 
In case operation is invoked with --header parameter
check if data device does not already contain LUKS device
 2022-03-24 15:14:32 +00:00
Ondrej Kozina
828555db97 Remove unused code in helper routine. 2022-03-24 15:14:32 +00:00
Ondrej Kozina
ba08f02a40 Move helper for LUKS2 auth. encryption detection. 2022-03-24 15:14:32 +00:00
Ondrej Kozina
a55b0530a4 Restrict --active-name to LUKS2 type only. 2022-03-24 15:14:32 +00:00
daniel.zatovic
a2f30ebd4c Display progress when wiping the end of resized device. 2022-03-24 11:38:16 +01:00
daniel.zatovic
d20d41c7a5 Add log messages, when kernel doesn't support resize. 2022-03-24 11:38:16 +01:00
daniel.zatovic
4eba55c73e Add tests for integritysetup resize action. 2022-03-24 11:38:16 +01:00
daniel.zatovic
29ddd68a0f Add API tests for resize of integrity volume. 2022-03-24 11:38:16 +01:00
daniel.zatovic
9707b71f98 Describe resize action in manual page. 2022-03-24 11:38:16 +01:00
daniel.zatovic
36cdda870b Add resize action to integritysetup. 
Fixes: #594.
 2022-03-24 11:38:16 +01:00
daniel.zatovic
9b8a872006 Add support for resizing raw integrity devices. 2022-03-24 11:38:16 +01:00
daniel.zatovic
45b808c186 Move checking for detached integrity metadata device. 
To allow resizing integrity devices with detached metadata device, the
check has to be moved from _compare_integrity_devices to
_reload_device_with_integrity.
 2022-03-24 11:38:16 +01:00
daniel.zatovic
87afb9d783 Remove size parameter comparison for integrity devices. 
To support device resize, we can not compare the device size (it is
already not compared for crypt devices).
 2022-03-24 11:38:16 +01:00
daniel.zatovic
86402a1102 Add API tests for refreshing integrity devices. 2022-03-24 11:38:16 +01:00
daniel.zatovic
64e7c3d3b1 Add support for refreshing integrity devices. 
If the provided key is NULL, we load it from the active device. This is
always available, since keyring keys are not supported in kernel for
integrity devices.
 2022-03-24 11:38:16 +01:00
daniel.zatovic
f6c1445c6b Add support for querying journal active devices for integrity and encryption keys. 2022-03-18 09:56:59 +00:00
Ondrej Kozina
f5724a30f9 Test nested encryption is not possible. 2022-03-17 19:07:10 +00:00
Ondrej Kozina
47f31205cf Do not allow nested encryption in LUKS reencrypt. 
Try to avoid accidental nested encryption via
cryptsetup reencrypt --new/--encrypt command.

If detached header or data device is already reported
as LUKS1 or LUKS2 device operation gets aborted.

Fixes: #713.
 2022-03-17 19:07:10 +00:00
Ondrej Kozina
5bd5462a9e Improve helpers for reencryption utilities. 
Also clarifies some code path.
 2022-03-17 19:07:10 +00:00
Ondrej Kozina
d1f0376c77 Decouple auth. encryption check from in-reencrypt detection. 2022-03-17 19:07:10 +00:00
Ondrej Kozina
dae91fd9ec Code reshuffle in-before some changes. 2022-03-17 19:07:10 +00:00
daniel.zatovic
df4ed89141 CI: disable updates. 2022-03-17 19:04:41 +00:00
Milan Broz
559012b6a7 Check dm-zero availability for bitlk type. 
Bitlocker compatible mode uses dm-zero to mask metadata area,
device cannot be activated if dm-zero is not available.

Just add zero target check to device-mapper backend and
if activation fails, print a better error message here.

Fixes: #722
 2022-03-16 12:21:30 +01:00
Milan Broz
6534e86c22 Update gitignore. 2022-03-15 13:12:27 +01:00
Milan Broz
70c1eb7352 Support make check-programs target from top level makefile. 
Also fix genereated header dependence.
 2022-03-15 13:07:10 +01:00
Ondrej Kozina
dee2fa7159 Prefer token PIN query before passphrase in some case. 
When user provides --token-type or specific --token-id
prefer token PIN query over passphrase query (if token
handler responds with 'PIN needed').

Fixes: #670.
 2022-03-14 17:34:41 +01:00
Ondrej Kozina
3af754b5eb Use proper function parameter in token pin helper. 2022-03-14 17:33:41 +01:00
Ondrej Kozina
3b85ab2dc1 Do not continue operation when interrupted in PIN prompt. 2022-03-14 14:04:36 +00:00
Ondrej Kozina
2a5483d8c3 Add progress function init before reencryption loop. 
Otherwise elapsed time tracking is off and also breaks
speed estimation.
 2022-03-07 12:35:38 +01:00
Ondrej Kozina
8340d0cb1a Remove useless condition in reencryption loop. 
(always true)
 2022-03-07 12:35:38 +01:00
Ondrej Kozina
3cd5d83ee9 Add --progress-json parameter to utilities. 
Progress data can now be printed out in json format
suitable for machine processing.
 2022-03-07 12:35:38 +01:00
Ondrej Kozina
6852c49d0c Merge progress functions into single routine. 2022-03-07 12:35:38 +01:00
Ondrej Kozina
63c79256e4 Refactor time diff calculation helper. 2022-03-07 12:35:38 +01:00
Ondrej Kozina
75622b332b Improve progress routine for cryptsetup utilities. 
The progress routine is now fully translated and
prints out progress in following manner (examples):

Progress: 25,5%, ETA 00m31s, 7 GiB written, speed 838,6 MiB/s
Progress: 25,5%, ETA 20h11m31s, 7 GiB written, speed 24 KiB/s
Progress: 25,5%, ETA 06 days, 12 MiB written, speed 4 KiB/s

Also got rid of -lm dependency due to floor().

Fixes: #671.
 2022-03-07 12:35:38 +01:00
Ondrej Kozina
c1e94abbab Move progress utilities in separate file. 2022-03-07 12:35:38 +01:00
Ondrej Kozina
1af7eefbc0 Minor time progress print out improvements. 
Mostly moves float arithmetics in slow path and
also cleans up code a bit.
 2022-03-07 12:35:37 +01:00
Milan Broz
bf4a039d50 Add a debug info if maximum interactive passphrase was read (possible trimmed). 
If passphrase is read from a real terminal, there is maximum
interactive input length applied. This means that passphrase
can be trimmed in this case.

This patch adds debug log warning, if read does not detect
end of input (EOL or EOF) and the maximal input read is achieved.

We cannot say for sure if the next character is EOL without
actually reading it, debug warning should be enough in this case.

Fixes: #699
 2022-02-25 14:14:03 +01:00