eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-13 11:50:10 +01:00
Code Issues Packages Projects Releases Wiki Activity
2,214 Commits 13 Branches 79 Tags
2e841622f88311ac0fc4970e17f9e6acd415454c
Commit Graph

2214 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Milan Broz
a68f3939cf Use min memory limit from PBKDF struct in Argon benchmark. 2019-01-31 10:53:51 +01:00
Milan Broz
ae90497762 Switch to default LUKS2 format in configure. 2019-01-31 09:30:04 +01:00
Rafael Fontenelle
2b55f6420a Fix misspellings 2019-01-28 08:40:20 -02:00
Milan Broz
6d3545624d Fix typo in API documentation. 2019-01-26 12:44:31 +01:00
Milan Broz
46dc5beee9 Increase LUKS keysize if XTS mode is used (two internal keys). 2019-01-25 13:56:21 +01:00
Milan Broz
943cc16020 Fix test to print exit line and use explicit key size. 2019-01-25 13:38:24 +01:00
Milan Broz
a6f5ce8c7b Update copyright year. 
And unify name copyright format.
 2019-01-25 09:45:57 +01:00
Milan Broz
bc3d0feb5c Switch default cryptographic backend to OpenSSL. 
Cryptsetup/libcryptsetup currently supports several cryptographic
library backends.

The fully supported are libgcrypt, OpenSSL and kernel crypto API.

FIPS mode extensions are maintained only for libgcrypt and OpenSSL.

(Nettle and NSS are usable only for some subset of algorithms and
cannot provide full backward compatibility.)

For years, OpenSSL provided better performance for PBKDF.

Since this commit, cryptsetup uses OpenSSL as the default backend.

You can always switch to other backend by using a configure switch,
for libgcrypt (compatibility for older distributions) use:
--with-crypto_backend=gcrypt
 2019-01-25 08:24:10 +01:00
Milan Broz
580f0f1a28 Add some FIPS mode workarounds. 
We cannot (yet) use Argon2 in FIPS mode, hack scripts and library
to use PBKDF2 or skip tests and fix tests to run in FIPS mode.
 2019-01-24 17:04:13 +01:00
Milan Broz
715b0c9b6c Switch to fetching default PBKDF values from library. 2019-01-23 14:15:23 +01:00
Milan Broz
388afa07f4 Cleunup devices before running mode-test. 2019-01-23 14:14:45 +01:00
Milan Broz
1def60cd2c Do not allow conversion to LUKS1 if hash algorithms differs (digest,AF). 2019-01-22 14:19:58 +01:00
Milan Broz
cdb4816fbb Allow setting of hash function in LUKS2 PBKDF2 digest. 
For now, the hash was set to sha256 (except for converted LUKS1 header).

This patch adds the same logic as in LUKS1 - hash aglorithms is
loaded from PBKDF setting.

Fixes #396.
 2019-01-22 12:45:01 +01:00
Milan Broz
be46588cf0 Allow LUKS2 keyslots area to increase if data offset allows it. 
ALso deprecate align-plauload option and add more debugging code
to understand internal calculation of metadata and keyslots area sizes.

Fixes #436.
 2019-01-22 09:23:49 +01:00
Milan Broz
6dc2f7231b Fix a possible NULL pointer in opt_type. 2019-01-21 14:07:33 +01:00
Milan Broz
3165b77ec9 Remove undeeded check for DM_SECURE_SUPPORTED. 2019-01-21 13:55:43 +01:00
Ondrej Kozina
ad0e2b86dc Do not issue flush when reading device status. 
Fixes #417.
 2019-01-21 11:20:02 +01:00
Milan Broz
5ee0b01118 Add test for specific legacy plain hash type. 2019-01-20 10:20:44 +01:00
Milan Broz
fbfd0c7353 Update Nettle crypto backend. 
WARNING: this is just experimental backend, use only for testing.
 2019-01-16 21:13:00 +01:00
Milan Broz
ee8970c11e Fix strncpy gcc warning. 2019-01-15 15:34:00 +01:00
Milan Broz
82a1f33260 Silence new warning in tests if run on older kernel. 2019-01-15 15:15:25 +01:00
Milan Broz
9607b322d2 Add missing struct to Nettle backend. 2019-01-15 15:00:36 +01:00
Milan Broz
238c74643b Add some more hash algorithms test. 2019-01-15 14:06:51 +01:00
Milan Broz
712c1783b6 Warn user if sector size is not supported by the loaded dm-crypt module. 
Fixes #423.
 2019-01-15 10:31:06 +01:00
Milan Broz
081fb6ec78 Do not try to read LUKS header if there is a clear version mismatch (detached header). 
Fixes #423.
 2019-01-14 20:14:46 +01:00
Milan Broz
c04d332b7f Do not require gcrypt-devel for authconfig. 
The gcrypt does not use standard pkgconfig detection and requires
specific macro (part of gcrypt development fileS) to be present
during autoconfigure.

With other crypto backend, like OpenSSL, this makes no sense,
so make this part of autoconfigure optional.
 2019-01-14 13:20:02 +01:00
Milan Broz
32786acf19 Add kernel crypt backend option to Travis build. 2019-01-14 09:11:01 +01:00
Milan Broz
51dd2762a9 Add --debug-json switch and log level. 
The JSON structures should not be printed by default to debug log.

This flag introduces new debug level that prints JSON structures
and keeps default debug output separate.
 2019-01-10 14:52:49 +01:00
Milan Broz
cf31bdb65c Workaround for test failure with disabled keyring. 
NOTE: this need proper fix, tests should not expect a device state
from previous test.
 2019-01-08 13:32:34 +01:00
Milan Broz
50cae84100 Print AF hash in luksDump. 2019-01-07 21:25:03 +01:00
Milan Broz
98feca280f Add crypt_get_default_type() API call. 2019-01-07 20:38:17 +01:00
Milan Broz
304c4e3d3b Add more common hash algorithms to kernel crypto backend. 
Fixes #430.
 2019-01-07 20:07:18 +01:00
Milan Broz
c5b55049b9 Fix AEAD modes check with kernel and Nettle backend. 
These do not implement backend RNG yet, so use a fixed key for test.
 2019-01-07 20:05:55 +01:00
Ondrej Kozina
c494eb94f4 Add LUKS2 refresh test. 
Test refresh doesn't affect device vk.
 2019-01-07 15:52:03 +01:00
Milan Broz
5f173e9357 Fix allocating of LUKS header on format. 
Fixes #431.
 2019-01-07 13:07:46 +01:00
Milan Broz
307a7ad077 Add keyslot encryption params. 
This patch makes available LUKS2 per-keyslot encryption settings to user.

In LUKS2, keyslot can use different encryption that data.

We can use new crypt_keyslot_get_encryption and crypt_keyslot_set_encryption
API calls to set/get this encryption.

For cryptsetup new --keyslot-cipher and --keyslot-key-size options are added.

The default keyslot encryption algorithm (if cannot be derived from data encryption)
is now available as configure options (default is aes-xts-plain64 with 512-bits key).
NOTE: default was increased from 256-bits.
 2019-01-07 13:07:46 +01:00
Milan Broz
0039834bb9 Rename function to describe precisely keys size it obtains. 
This should avoid confusion between key size for the stored key and
key size that actually encrypts the keyslot.
 2019-01-07 13:07:45 +01:00
Milan Broz
d064c625f4 Fix reencryption test to use more context lines to parse parameters. 2019-01-07 13:07:45 +01:00
Ondrej Kozina
77a62b8594 Remove trailing newline in loopaes error message. 2019-01-07 13:07:45 +01:00
Ondrej Kozina
d4339661df Fix cipher spec leak in crypt_format on error. 2019-01-07 13:07:45 +01:00
Ondrej Kozina
39a014f601 dm backend with support for multi-segment devices. 
Support for multi-segment devices is requirement for online
reencryption to work. Introducing modififed dm backend that
splits data structures describing active device and individual
dm target (or segment).
 2019-01-07 13:07:45 +01:00
Ondrej Kozina
1e22160e74 Fix dm-integrity auto-recalculation flag handling. 
Fail with proper error message rather than silently
dropping the flag if not supported in kernel.
 2019-01-03 19:57:23 +01:00
Milan Broz
267bf01259 Add crypt_get_pbkdf_type_params() API. 
This function allows get default (compiled-in) PBKDF parameters
per every algorithm.

Fixes #397.
 2019-01-03 14:13:01 +01:00
Milan Broz
e23fa65ef2 Fix leak of json struct on crypt_format() error path. 2019-01-02 14:08:41 +01:00
Milan Broz
ee7ff024c1 Use json_object_object_add_ex if defined. 
The json-c lib changed json_object_object_add() prototype to return int,
this is backward incompatible.
 2019-01-02 13:59:04 +01:00
Milan Broz
e8a92b67c3 Use snprintf. 2019-01-01 21:42:46 +01:00
Milan Broz
3ce7489531 Fix context init/exit pairing in libdevmapper. 
And few small reformats.
 2019-01-01 21:42:46 +01:00
Ondrej Kozina
ffbb35fa01 Update git ignore file. 2019-01-01 21:42:46 +01:00
Ondrej Kozina
de0b69691d Add json_object_object_del_by_uint helper routine. 2019-01-01 21:42:46 +01:00
Ondrej Kozina
82aae20e9c Add json_object_object_add_by_uint helper routine. 2019-01-01 21:42:46 +01:00