eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-13 03:40:05 +01:00
Code Issues Packages Projects Releases Wiki Activity
2,214 Commits 13 Branches 79 Tags
2e841622f88311ac0fc4970e17f9e6acd415454c
Commit Graph

2214 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ondrej Kozina
e229f79741 Open device in locked mode if needed. 2019-03-01 21:43:31 +01:00
Ondrej Kozina
a4d236eebe Add device_is_locked function. 2019-03-01 21:43:25 +01:00
Milan Broz
1192fd27c6 Add query for cipher implementation is used through kernel API. 2019-03-01 21:43:10 +01:00
Milan Broz
cd1cb40033 Use crypto library for ciphers if algorithms are available. 2019-03-01 21:34:22 +01:00
Milan Broz
14e085f70e Move cipher performance check to crypto backend. 2019-03-01 21:16:05 +01:00
Milan Broz
fc37d81144 Move crypt_cipher to per-lib implementation. 
For now, it calls kernel fallback only.
 2019-03-01 21:14:13 +01:00
Milan Broz
a859455aad Move block ciphers backend wrappers to per-library files. 
For now it always fallbacks to kernel crypto API.
 2019-03-01 21:10:50 +01:00
Milan Broz
93d596ace2 Introduce internal backend header. 
And remove commented-out test vectors (moved to tests).
 2019-03-01 20:39:33 +01:00
Ondrej Kozina
c03e3fe88a Fix getting default LUKS2 keyslot encryption parameters. 
When information about original keyslot size is missing (no active
keyslot assigned to default segment) we have to fallback to
default luks2 encryption parameters even though we know default
segment cipher and mode.

Fixes: #442.
 2019-03-01 20:39:06 +01:00
Ondrej Kozina
a90a5c9244 Avoid double free corruption after failed crypt_init_data_device. 2019-03-01 20:31:00 +01:00
Ondrej Kozina
26772f8184 Return NULL explicitly if keyslot is missing. 
json_object_object_get_ex return parameter is
undefined if function returns false.
 2019-03-01 20:30:21 +01:00
Ondrej Kozina
8f8ad83861 Validate metadata before writting binary keyslot area. 2019-03-01 20:29:49 +01:00
Ondrej Kozina
d111b42cf1 Fix keyslot area gap find algorithm. 
get_max_offset must use value calculated from LUKS2 metadata
boundaries. Data offset didn't have to match end of LUKS2 metadata
area.
 2019-03-01 20:29:40 +01:00
Ondrej Kozina
821c965b45 Drop commented code block. 2019-03-01 20:28:56 +01:00
Ondrej Kozina
4acac9a294 Properly handle DM_LINEAR type while checking version or dmflags. 2019-03-01 20:28:43 +01:00
Ondrej Kozina
4adb06ae91 Add missing direction flag in dm_crypt_target_set. 
This bug may have caused memory corruption in dm_targets_free
later.
 2019-03-01 20:27:53 +01:00
Milan Broz
dce7a1e2aa Fix gcc warning in tests. 2019-02-24 12:35:54 +01:00
Milan Broz
a354b72546 Add some symmetric block ciphers vector tests for crypto backend. 2019-02-24 12:35:50 +01:00
Milan Broz
ac8f41404b Simplify and reformat hash/HMAC test vectors test. 2019-02-24 12:35:45 +01:00
Milan Broz
fc7b257bab Silence dmsetup removal messages. 2019-02-13 13:34:39 +01:00
Milan Broz
787066c292 Report error if no LUKS keyslots are available. 
Also fix LUKS1 keyslot function to proper return -ENOENT errno in this case.

This change means, that user can distinguish between bad passphrase and
no keyslot available. (But this information was avalilable with luksDump
even before the change.)
 2019-02-13 13:19:48 +01:00
Milan Broz
71ab6cb818 Fix other tests to not fail if keyring support is missing in kernel. 2019-02-12 16:16:56 +01:00
Milan Broz
1158ba453e Use better test for a bad loop descriptor. 2019-02-12 14:54:56 +01:00
Milan Broz
2e3f764272 Fix api-test-2 to properly detect missing keyring in kernel. 
Also properly cleanup after some failures.
 2019-02-12 14:49:21 +01:00
Milan Broz
2172f1d2cd Print PBKDF debug log in a better format. 
Fixes #439.
 2019-02-11 12:37:33 +01:00
Milan Broz
6efc1eae9f Update Readme.md. 2019-02-08 15:37:17 +01:00
Milan Broz
6a740033de Add 2.1. release notes. v2.1.0 2019-02-08 15:08:04 +01:00
Ondrej Kozina
d754598143 Preserve LUKS2 mdata & keyslots sizes after reencryption. 2019-02-08 12:00:24 +01:00
Ondrej Kozina
47f632263e Add missing crypt_free() in api test. 2019-02-08 11:56:52 +01:00
Milan Broz
98af0b0c77 Increase API version. 2019-02-07 18:42:17 +01:00
Ondrej Kozina
b9c6a62437 Do not call fallocate on image file that is already large enough. 2019-02-07 18:41:06 +01:00
Ondrej Kozina
57670eeeb7 Detect LUKS2 default alignmnet in align tests. 2019-02-07 18:40:48 +01:00
Ondrej Kozina
f26ee11913 Assert reasonable LUKS2 default header size. 2019-02-07 18:40:39 +01:00
Milan Broz
2435d76a39 Use 16MB LUKS2 header size by default. 2019-02-07 18:40:14 +01:00
Milan Broz
348d460ab7 Workarounds for larger LUKS2 header for tests. 2019-02-07 18:39:50 +01:00
Milan Broz
2b8b43b3db Fix file descriptor leak in error path. 2019-02-07 17:37:16 +01:00
Milan Broz
91b74b6896 Fix some compiler warnings. 2019-02-07 17:14:47 +01:00
Milan Broz
319fd19b5e Add implementation of crypt_keyslot_pbkdf(). 
This function allows to get PBKDF parameters per-keyslot.
 2019-02-07 12:55:12 +01:00
Milan Broz
4edd796509 Fix typo. 2019-02-06 21:48:29 +01:00
Ondrej Kozina
b0ced1bd2c Make compat-test2 work with 16M data offset. 2019-02-06 21:43:36 +01:00
Ondrej Kozina
6ed3a7774f Calculate keyslots size based on requested metadata size. 2019-02-06 21:42:51 +01:00
Ondrej Kozina
1ce3feb893 Add format test for detached header using last keyslot. 2019-02-06 21:41:43 +01:00
Milan Broz
ebbc5eceb8 Fix crypt_wipe to allocate space and not silently fail. 
This change will allocate space if underlying device is smaller file
and fail if it is block device.

Previously smaller device was quietly ignored, leading to keyslot
access failure with older dm-crypt mapped keyslot encryption
(disabled kernel user crypto API).
 2019-02-06 21:39:26 +01:00
Ondrej Kozina
0cac4a4e0c Make api test run with any defalt LUKS2 header size. 2019-02-06 11:48:47 +01:00
Milan Broz
1908403324 Prepare change for default LUKS2 keyslot area size. 2019-02-06 11:48:34 +01:00
Ondrej Kozina
faa07b71f9 Fix debug message when zeroing rest of data device. 
The debug message printed wrong expected value and
also remained silent if expected value differed from
real bytes written to the data device.
 2019-02-06 11:48:24 +01:00
Ondrej Kozina
e9dcf6b8dd Simplify create_empty_header in cryptsetup-reencrypt. 
In most cases we do not need to create large files for new headers.
crypt_format already allocates enough space for all keyslots in files
during internal header wipe.

Fixes #410.
 2019-02-06 11:48:07 +01:00
Milan Broz
3ea60ea0ae Update po files. 2019-02-06 11:46:37 +01:00
Milan Broz
54171dfdd3 Fix api-test to detect kernel without needed crypto module for tcrypt test. 2019-01-31 16:32:11 +01:00
Milan Broz
dc8db34155 Run keyring test only for recent kernels. 2019-01-31 16:31:09 +01:00