eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-12 19:30:04 +01:00
Code Issues Packages Projects Releases Wiki Activity
2,659 Commits 13 Branches 79 Tags
1bce69cfde76e3aaadf8ac00141477a81cf930a0
Commit Graph

44 Commits

Author SHA1 Message Date
Ondrej Kozina
05c997da1f Store dynamic plugin handle. 
For use later when unloading cryptsetup library.
 2020-08-11 17:36:22 +02:00
Ondrej Kozina
d438151f25 Partially revert few changes. 2020-08-09 13:17:54 +02:00
Milan Broz
7d475266b6 Simplify internal tokens handling. 2020-08-09 13:17:40 +02:00
Milan Broz
281dd51f5a Remove json_object argument from area size checks. 
These functions are internal to LUKS2 implementation.
 2020-07-07 14:20:39 +02:00
Milan Broz
1c7c815108 Move LUKS2 internal functions to internal header. 
This is the first step to remove json_object from internal API.
 2020-07-07 14:20:39 +02:00
Ondrej Kozina
e6a3569743 Avoid name clash with newer json-c library. 
This is partial revert of previous commit and also
fixes wrong decision to name our internal helpers with
json_object prefix.
 2020-04-14 17:24:57 +02:00
Björn Esser
604abec333 Add support for upcoming json-c 0.14.0. 
* TRUE/FALSE are not defined anymore.  1 and 0 are used instead.
  * json_object_get_uint64() and json_object_new_uint64() are part
    of the upstream API now.
 2020-04-13 14:25:18 +02:00
Milan Broz
b5fbd682f2 Move fcntl.h to internal defines and check for O_CLOEXEC. 2020-02-21 10:10:11 +01:00
Milan Broz
080566a1fd Update copyright year. 2020-01-03 13:04:55 +01:00
Ondrej Kozina
a23e1cf729 LUKS2 code cleanup. 
- drop unused code
- drop unused function declarations
- remove local routines from internal api
 2019-08-05 18:29:37 +02:00
Ondrej Kozina
b3af88708d Change reencryption mode parameter type to enum. 2019-08-01 15:40:53 +02:00
Ondrej Kozina
bbdf9b2745 Read and compare metadata sequence id after taking write lock. 2019-06-12 12:36:46 +02:00
Ondrej Kozina
a7f80a2770 Add resilient LUKS2 reencryption library code. 2019-05-02 16:44:23 +02:00
Ondrej Kozina
fea2e0be4f Add algorithm for searching largest gap in keyslots area. 2019-03-13 14:56:31 +01:00
Ondrej Kozina
6c6f4bcd45 Add signed int64 json helpers. 2019-03-13 14:56:31 +01:00
Ondrej Kozina
203fe0f4bf Move get_first_data_offset to luks2_segment.c 2019-03-08 08:42:23 +01:00
Ondrej Kozina
a848179286 Add json_object_copy wrapper. 2019-03-08 08:27:18 +01:00
Milan Broz
a6f5ce8c7b Update copyright year. 
And unify name copyright format.
 2019-01-25 09:45:57 +01:00
Ondrej Kozina
de0b69691d Add json_object_object_del_by_uint helper routine. 2019-01-01 21:42:46 +01:00
Ondrej Kozina
82aae20e9c Add json_object_object_add_by_uint helper routine. 2019-01-01 21:42:46 +01:00
Milan Broz
991ab5de64 Fixe more context propagation paths. 2018-11-27 16:09:45 +01:00
Milan Broz
a5a8467993 Use context in debug log messages. 
To use per-context logging even for debug messages
we need to use the same macro as for error logging.
 2018-11-27 13:37:20 +01:00
Milan Broz
c17b6e7be3 Fix LUKS2_hdr_validate funtion definition. 2018-11-25 10:28:34 +01:00
Ondrej Kozina
21e259d1a4 Check json size matches value from binary LUKS2 header. 
We have max json area length parameter stored twice. In
LUKS2 binary header and in json metadata. Those two values
must match.
 2018-11-22 15:34:18 +01:00
Ondrej Kozina
c3a54aa59a Change max json area length type to unsigned. 
We use uint64_t for max json length everywhere else
including config.json_size field in LUKS2 metadata.

Also renames some misleading parameter names.
 2018-11-22 15:34:00 +01:00
Ondrej Kozina
2c1a6e3f94 Make LUKS2 auto-recovery aware of device signatures. 
auto-recovery triggers any time when only single correct LUKS2
header instance was found. That may be dangerous.

We should suppress auto-recovery in case blkid decided the
device is no longer LUKS device. For example if secondary (intact)
LUKS2 header was left behind and blkid declares the device is LVM2
member.

Moreover if at least one header instance is corrupted and blkid
declares device non-empty and non-LUKS in the same time, header load
operation will be aborted with error.
 2018-07-11 22:19:35 +02:00
Milan Broz
f63e1cfbfc Rename contains() to json_contains(). 2018-04-24 11:04:53 +02:00
Ondrej Kozina
f6be62ac5f Add repair for known glitches in LUKS2 json. 2018-04-21 20:27:05 +02:00
Ondrej Kozina
a054206d25 Suppress useless slash escaping in json lib 2018-04-21 20:14:28 +02:00
Ondrej Kozina
5b6f06b2ac Hide luks2 specific keyslot allocation from internal api. 2018-04-21 19:43:11 +02:00
Ondrej Kozina
6f83822b6e Validate all keyslot implementations after load and before write. 2018-04-21 19:42:55 +02:00
Ondrej Kozina
9b635a3e90 Cleanup LUKS2 keyslot specific validation. 
- do not run general LUKS2 format validation from inside the specific one
- validate luks2 json object only
- temporary move digests count restrictions, going to be fixed in next
  commit
 2018-04-21 19:37:05 +02:00
Ondrej Kozina
22f10dd8d2 Remove custom made 'contains' helper from keyslot validation. 2018-04-21 10:57:24 +02:00
Ondrej Kozina
45356f5e12 Split keyslot update in separate functions. 
This patch fixes several problems:

- pbkdf benchmark should be run with keyslot encryption key length
  instead volume key length
- run LUKS2 keyslot validation on final keyslot json object instead
  temporary stub created in keyslot_alloc
- replace whole json kdf object during keyslot update. We left behind
  old parameters from old pbkdf during transition to differnt type
 2018-04-21 10:53:54 +02:00
Ondrej Kozina
e5f72a0d4f Remove duplicate CRYPT_ANY_TOKEN define. 2018-04-15 13:10:01 +02:00
Ondrej Kozina
70077db07d Abort conversion when LUKS2 header contains tokens. 
Tokens may contain import 3rd party data. Prompt users
to remove such tokens explicitly.
 2018-04-15 13:08:44 +02:00
Ondrej Kozina
255c8e8ff4 Avoid pbkdf benchmark on LUKS2 header down conversion. 
Also clarify use of placeholder keyslots in down conversion.
 2018-04-12 15:49:35 +02:00
Ondrej Kozina
35d29b22c0 Move CRYPT_ANY_DIGEST definition. 2018-04-11 15:49:29 +02:00
Ondrej Kozina
303fe886b7 Fix misleading param name in prototype. 2018-03-22 14:05:08 +01:00
Milan Broz
1fe014dbae Update copyright year. 2018-01-20 17:55:21 +01:00
Ondrej Kozina
08e7c143b3 Add internal code for LUKS2 keyslot params. 
This fixes crypt_keyslot_add_by_key where we were unable to store
keyslot (unbound to segment) with different key_size.
The code used (new) volume key size implicitly which could be wrong
if new size was not compatible with cipher parameter for keyslot area.
 2018-01-19 13:48:09 +01:00
Ondrej Kozina
cc76f3746f Remove unused digests handling code. 
Remove code for handling multiple digests per single keyslot.
Same would apply to segments with the only exception of segment
in-reencryption. We need that exception so that we will not lose
old key digests too early.
 2018-01-04 09:17:34 +01:00
Ondrej Kozina
304bdd7d0d luks2: add json_object_new_uint64 wrapper 
json doesn't support 64 bits integers. We workaround it by storing
large numbers as string and validate the value internally.
 2017-11-23 16:18:14 +01:00
Milan Broz
9f2727bb77 Add libLUKS2. 2017-09-24 19:50:12 +02:00