Milan Broz
23bada3c5a
Fix several issues found by Coverity scan.
2019-04-10 12:30:09 +02:00
Stig Otnes Kolstad
de0cf8433b
Add pbkdf options to all key operations in manpage
2019-04-09 17:19:41 +02:00
Milan Broz
1b49ea4061
Add global serialization lock for memory hard PBKDF.
...
This is very ugly workaround for situation when multiple
devices are being activated in parallel (systemd crypttab)
and system instead of returning ENOMEM use OOM killer
to randomly kill processes.
This flag is intended to be used only in very specific situations.
2019-03-29 11:58:12 +01:00
Ondrej Kozina
29b94d6ba3
Add arbitrary resource locking (named locks).
...
It's complementary to current device locking. It'll be used
for mutual exclusion of two or more reencryption resume processes
2019-03-26 14:48:27 +01:00
Ondrej Kozina
80a435f00b
Write keyslot binary data and metadata holding single lock.
2019-03-25 11:37:32 +01:00
Ondrej Kozina
fdcd5806b1
Allow to change requirements flag in-memory only.
2019-03-25 11:37:32 +01:00
Ondrej Kozina
9ddcfce915
Refactor locking code.
2019-03-25 11:37:32 +01:00
Ondrej Kozina
6ba358533b
Modify crypt lock handle internal structure.
...
makes it ready for future lock handle type
2019-03-25 11:37:32 +01:00
TrueDoctor
73aa329d57
fixed Grammar in manpage cryptsetup-reencrypt(8)
2019-03-22 23:20:13 +00:00
Ondrej Kozina
379016fd78
Add no flush internal suspend/resume flag.
2019-03-22 08:01:21 +01:00
Ondrej Kozina
ea4b586c77
Add tests for CRYPT_VOLUME_KEY_DIGEST_REUSE flag.
...
Tests commit 7569519530
2019-03-22 08:01:21 +01:00
Ondrej Kozina
6961f2caae
Switch crypt_suspend() to DM_SUSPEND_WIPE_KEY flag.
2019-03-22 08:01:21 +01:00
Ondrej Kozina
4df2ce4409
Add wipe key flag for internal device suspend.
2019-03-22 08:01:21 +01:00
Ondrej Kozina
052a4f432c
Add internal option to skip fs freeze in device suspend.
2019-03-22 08:01:21 +01:00
Ondrej Kozina
de86ff051e
Introduce support for internal dm suspend/resume flags.
2019-03-22 08:01:21 +01:00
Ondrej Kozina
f5feeab48d
Add experimental storage wrappers.
2019-03-22 08:01:21 +01:00
Milan Broz
1317af028e
Use compatible switch for free command.
2019-03-21 15:32:22 +01:00
Milan Broz
cdcd4ddd35
Print free memory in tests.
2019-03-21 15:16:33 +01:00
Milan Broz
2960164cf8
Fix localtest if the last test is skipped.
2019-03-21 15:12:39 +01:00
Milan Broz
a98ef9787c
Set devel version.
2019-03-20 21:58:27 +01:00
Milan Broz
b6d406fbc8
Add fixed Makefile that can run tests outside of compiled tree.
2019-03-20 21:58:07 +01:00
Ondrej Kozina
e3488292ba
Fix typo in --disable-keyring description.
2019-03-13 15:24:45 +01:00
Ondrej Kozina
fea2e0be4f
Add algorithm for searching largest gap in keyslots area.
2019-03-13 14:56:31 +01:00
Milan Broz
751f5dfda3
Move error message for a keyslot area search.
2019-03-13 14:56:31 +01:00
Ondrej Kozina
d5f71e66f9
Allow digest segment (un)binding for all segments at once.
2019-03-13 14:56:31 +01:00
Ondrej Kozina
03e810ec72
Split crypt_drop_keyring_key in two different routines.
...
crypt_drop_keyring_key function allow to drop all keys in keyring
assocatiated with passed volume key list.
crypt_drop_keyring_key_by_description is used to drop independent key.
2019-03-13 14:56:31 +01:00
Ondrej Kozina
6c6f4bcd45
Add signed int64 json helpers.
2019-03-13 14:56:31 +01:00
Ondrej Kozina
304942302b
Introduce CRYPT_DEFAULT_SEGMENT abstraction.
...
Default segment is no longer constant segment with id 0.
2019-03-13 14:56:31 +01:00
Ondrej Kozina
8dc1a74df8
Adapt existing code to future reencryption changes.
2019-03-13 14:56:31 +01:00
Ondrej Kozina
e295d01505
Adding new functions later used in reencryption.
2019-03-13 14:56:31 +01:00
Ondrej Kozina
aa1b29ea0e
Add volume key next helper.
2019-03-13 14:56:31 +01:00
Ondrej Kozina
cef857fbbd
Add routine for adding volume key in a list.
2019-03-13 14:56:31 +01:00
Ondrej Kozina
6bba8ce0dc
Allow vk insert in linked list.
...
Also adds search function crypt_volume_key_by_id.
2019-03-13 14:56:31 +01:00
Ondrej Kozina
b0330d62e5
Add id member in volume_key structure.
...
Also adds set/get helper routines.
2019-03-13 14:56:31 +01:00
Frederik Nnaji
fc0c857cfe
Update README.md
2019-03-13 13:52:40 +00:00
Milan Broz
238b18b8ac
Upstream fixes to bundled Argon2 code.
...
Wait for already running threads if a thread creation failed.
Use explicit_bzero() on recent glibc versions.
(Without fixed logic, we have already macro definition through automake.)
Fixes #444 .
2019-03-13 08:26:40 +01:00
Ondrej Kozina
6a2d023b7b
Make keyring utilities ready for additional kernel key types.
2019-03-08 09:03:35 +01:00
Ondrej Kozina
4bb1fff15d
Add new functions for kernel keyring handling.
2019-03-08 08:54:09 +01:00
Ondrej Kozina
37f5bda227
Add explicit key type name in keyring functions.
2019-03-08 08:53:33 +01:00
Ondrej Kozina
56b571fcaa
Use const before vk in all digest verify functions.
2019-03-08 08:52:47 +01:00
Ondrej Kozina
46bf3c9e9c
Add segment create helpers.
2019-03-08 08:44:51 +01:00
Ondrej Kozina
361fb22954
Remove helper get_first_data_offset completely.
2019-03-08 08:43:19 +01:00
Ondrej Kozina
203fe0f4bf
Move get_first_data_offset to luks2_segment.c
2019-03-08 08:42:23 +01:00
Ondrej Kozina
36ac5fe735
Move LUKS2 segments handling in separate file.
2019-03-08 08:39:32 +01:00
Ondrej Kozina
7569519530
Allow unbound keyslots to be assigned to existing digest.
...
If passed key matches any existing digest we will not create
new digest but assign the keyslot to already existing one.
Because reencryption should be able to create more than one
keyslot assigned to new key digest.
TODO: Tests for the new feature
2019-03-08 08:37:27 +01:00
Ondrej Kozina
a848179286
Add json_object_copy wrapper.
2019-03-08 08:27:18 +01:00
Milan Broz
456ab38caa
Allow to set CRYPTSETUP_PATH in tests for system installed cryptsetup tools.
...
Run: make check CRYPTSETUP_PATH=/sbin
2019-03-08 08:16:45 +01:00
Milan Broz
c71b5c0426
Update po files.
2019-03-08 08:15:57 +01:00
Ondrej Kozina
868cc52415
Abort conversion to LUKS1 with incompatible sector size.
2019-03-05 17:08:05 +01:00
Ondrej Kozina
8c168cc337
Introduce file for luks2 segments handling.
2019-03-05 17:08:02 +01:00
