eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-16 05:10:03 +01:00
Code Issues Packages Projects Releases Wiki Activity
2,120 Commits 13 Branches 79 Tags
23bada3c5ae36e159b00456a2537170f6ad3a57d
Commit Graph

465 Commits

Author SHA1 Message Date
Ondrej Kozina
ea4b586c77 Add tests for CRYPT_VOLUME_KEY_DIGEST_REUSE flag. 
Tests commit 7569519530
 2019-03-22 08:01:21 +01:00
Milan Broz
1317af028e Use compatible switch for free command. 2019-03-21 15:32:22 +01:00
Milan Broz
cdcd4ddd35 Print free memory in tests. 2019-03-21 15:16:33 +01:00
Milan Broz
2960164cf8 Fix localtest if the last test is skipped. 2019-03-21 15:12:39 +01:00
Milan Broz
b6d406fbc8 Add fixed Makefile that can run tests outside of compiled tree. 2019-03-20 21:58:07 +01:00
Milan Broz
456ab38caa Allow to set CRYPTSETUP_PATH in tests for system installed cryptsetup tools. 
Run: make check CRYPTSETUP_PATH=/sbin
 2019-03-08 08:16:45 +01:00
Ondrej Kozina
868cc52415 Abort conversion to LUKS1 with incompatible sector size. 2019-03-05 17:08:05 +01:00
Ondrej Kozina
d85c7d06af Do not fail tests if benchmarked >= 1000 iterations with -i1. 2019-03-01 21:43:35 +01:00
Ondrej Kozina
c03e3fe88a Fix getting default LUKS2 keyslot encryption parameters. 
When information about original keyslot size is missing (no active
keyslot assigned to default segment) we have to fallback to
default luks2 encryption parameters even though we know default
segment cipher and mode.

Fixes: #442.
 2019-03-01 20:39:06 +01:00
Ondrej Kozina
a90a5c9244 Avoid double free corruption after failed crypt_init_data_device. 2019-03-01 20:31:00 +01:00
Milan Broz
dce7a1e2aa Fix gcc warning in tests. 2019-02-24 12:35:54 +01:00
Milan Broz
a354b72546 Add some symmetric block ciphers vector tests for crypto backend. 2019-02-24 12:35:50 +01:00
Milan Broz
ac8f41404b Simplify and reformat hash/HMAC test vectors test. 2019-02-24 12:35:45 +01:00
Milan Broz
fc7b257bab Silence dmsetup removal messages. 2019-02-13 13:34:39 +01:00
Milan Broz
787066c292 Report error if no LUKS keyslots are available. 
Also fix LUKS1 keyslot function to proper return -ENOENT errno in this case.

This change means, that user can distinguish between bad passphrase and
no keyslot available. (But this information was avalilable with luksDump
even before the change.)
 2019-02-13 13:19:48 +01:00
Milan Broz
71ab6cb818 Fix other tests to not fail if keyring support is missing in kernel. 2019-02-12 16:16:56 +01:00
Milan Broz
1158ba453e Use better test for a bad loop descriptor. 2019-02-12 14:54:56 +01:00
Milan Broz
2e3f764272 Fix api-test-2 to properly detect missing keyring in kernel. 
Also properly cleanup after some failures.
 2019-02-12 14:49:21 +01:00
Ondrej Kozina
d754598143 Preserve LUKS2 mdata & keyslots sizes after reencryption. 2019-02-08 12:00:24 +01:00
Ondrej Kozina
47f632263e Add missing crypt_free() in api test. 2019-02-08 11:56:52 +01:00
Ondrej Kozina
57670eeeb7 Detect LUKS2 default alignmnet in align tests. 2019-02-07 18:40:48 +01:00
Milan Broz
348d460ab7 Workarounds for larger LUKS2 header for tests. 2019-02-07 18:39:50 +01:00
Milan Broz
319fd19b5e Add implementation of crypt_keyslot_pbkdf(). 
This function allows to get PBKDF parameters per-keyslot.
 2019-02-07 12:55:12 +01:00
Ondrej Kozina
b0ced1bd2c Make compat-test2 work with 16M data offset. 2019-02-06 21:43:36 +01:00
Ondrej Kozina
1ce3feb893 Add format test for detached header using last keyslot. 2019-02-06 21:41:43 +01:00
Ondrej Kozina
0cac4a4e0c Make api test run with any defalt LUKS2 header size. 2019-02-06 11:48:47 +01:00
Ondrej Kozina
e9dcf6b8dd Simplify create_empty_header in cryptsetup-reencrypt. 
In most cases we do not need to create large files for new headers.
crypt_format already allocates enough space for all keyslots in files
during internal header wipe.

Fixes #410.
 2019-02-06 11:48:07 +01:00
Milan Broz
54171dfdd3 Fix api-test to detect kernel without needed crypto module for tcrypt test. 2019-01-31 16:32:11 +01:00
Milan Broz
dc8db34155 Run keyring test only for recent kernels. 2019-01-31 16:31:09 +01:00
Rafael Fontenelle
2b55f6420a Fix misspellings 2019-01-28 08:40:20 -02:00
Milan Broz
943cc16020 Fix test to print exit line and use explicit key size. 2019-01-25 13:38:24 +01:00
Milan Broz
a6f5ce8c7b Update copyright year. 
And unify name copyright format.
 2019-01-25 09:45:57 +01:00
Milan Broz
580f0f1a28 Add some FIPS mode workarounds. 
We cannot (yet) use Argon2 in FIPS mode, hack scripts and library
to use PBKDF2 or skip tests and fix tests to run in FIPS mode.
 2019-01-24 17:04:13 +01:00
Milan Broz
388afa07f4 Cleunup devices before running mode-test. 2019-01-23 14:14:45 +01:00
Milan Broz
1def60cd2c Do not allow conversion to LUKS1 if hash algorithms differs (digest,AF). 2019-01-22 14:19:58 +01:00
Milan Broz
cdb4816fbb Allow setting of hash function in LUKS2 PBKDF2 digest. 
For now, the hash was set to sha256 (except for converted LUKS1 header).

This patch adds the same logic as in LUKS1 - hash aglorithms is
loaded from PBKDF setting.

Fixes #396.
 2019-01-22 12:45:01 +01:00
Milan Broz
be46588cf0 Allow LUKS2 keyslots area to increase if data offset allows it. 
ALso deprecate align-plauload option and add more debugging code
to understand internal calculation of metadata and keyslots area sizes.

Fixes #436.
 2019-01-22 09:23:49 +01:00
Milan Broz
5ee0b01118 Add test for specific legacy plain hash type. 2019-01-20 10:20:44 +01:00
Milan Broz
fbfd0c7353 Update Nettle crypto backend. 
WARNING: this is just experimental backend, use only for testing.
 2019-01-16 21:13:00 +01:00
Milan Broz
82a1f33260 Silence new warning in tests if run on older kernel. 2019-01-15 15:15:25 +01:00
Milan Broz
238c74643b Add some more hash algorithms test. 2019-01-15 14:06:51 +01:00
Milan Broz
51dd2762a9 Add --debug-json switch and log level. 
The JSON structures should not be printed by default to debug log.

This flag introduces new debug level that prints JSON structures
and keeps default debug output separate.
 2019-01-10 14:52:49 +01:00
Milan Broz
cf31bdb65c Workaround for test failure with disabled keyring. 
NOTE: this need proper fix, tests should not expect a device state
from previous test.
 2019-01-08 13:32:34 +01:00
Ondrej Kozina
c494eb94f4 Add LUKS2 refresh test. 
Test refresh doesn't affect device vk.
 2019-01-07 15:52:03 +01:00
Milan Broz
5f173e9357 Fix allocating of LUKS header on format. 
Fixes #431.
 2019-01-07 13:07:46 +01:00
Milan Broz
307a7ad077 Add keyslot encryption params. 
This patch makes available LUKS2 per-keyslot encryption settings to user.

In LUKS2, keyslot can use different encryption that data.

We can use new crypt_keyslot_get_encryption and crypt_keyslot_set_encryption
API calls to set/get this encryption.

For cryptsetup new --keyslot-cipher and --keyslot-key-size options are added.

The default keyslot encryption algorithm (if cannot be derived from data encryption)
is now available as configure options (default is aes-xts-plain64 with 512-bits key).
NOTE: default was increased from 256-bits.
 2019-01-07 13:07:46 +01:00
Milan Broz
d064c625f4 Fix reencryption test to use more context lines to parse parameters. 2019-01-07 13:07:45 +01:00
Milan Broz
267bf01259 Add crypt_get_pbkdf_type_params() API. 
This function allows get default (compiled-in) PBKDF parameters
per every algorithm.

Fixes #397.
 2019-01-03 14:13:01 +01:00
Ondrej Kozina
7362b14d41 Extend device-test with refresh actions. 2019-01-01 21:42:46 +01:00
Ondrej Kozina
77d7babf92 Add new crypt_resize tests. 2019-01-01 21:42:46 +01:00