Milan Broz
2062ece2ab
Some new items for TODO list.
2014-02-16 10:15:13 +01:00
Milan Broz
a5fa6f1015
Remove trailing spaces from man pages.
2014-02-16 10:05:39 +01:00
wagner
9bdd5bf4fe
clarified hash use for -h and -c in the man-page.
2014-02-13 06:54:58 +01:00
Milan Broz
110ce5607e
Update fi.po.
2014-02-08 19:08:26 +01:00
Milan Broz
78f938b0e9
Add old cryptsetup udev rules (for archive reasons).
...
Do not install these until you know what are you doing.
2014-02-05 17:22:07 +01:00
Milan Broz
ad2f50316f
Fix memory leak in Nettle crypto backend.
2014-02-05 17:17:55 +01:00
Milan Broz
cf534f3759
Implement erase command.
2014-02-05 17:17:12 +01:00
Milan Broz
75c105f853
Do not retry to test gcrypt whirlpool bug.
2014-01-21 20:55:21 +01:00
Milan Broz
680eb76e45
Add internal shortcut for flawed whirlpool hash in gcrypt.
2014-01-19 20:31:48 +01:00
Milan Broz
e364041b40
Add --keep-key to cryptsetup-reencrypt.
...
This allows change of LUKS header hash (and iteration count) without
the need to reencrypt the whole data area.
2014-01-19 15:29:12 +01:00
wagner
de37457a75
sync with Wiki-Version
2014-01-18 20:39:09 +01:00
Milan Broz
057db3b3b3
Do not use gcrypt KDF in 1.6.0, it is slow.
...
I hope 1.6.1 will have patch included (already in devel).
2014-01-18 13:09:51 +01:00
Milan Broz
461011ad2a
Add test for flawed Whirlpool hash to gcrypt backend.
...
Will be used later, for now add info to debug.
Ref: http://lists.gnupg.org/pipermail/gcrypt-devel/2014-January/002889.html
2014-01-18 13:05:56 +01:00
Milan Broz
aa7346bb36
Allow to use --disable-gcrypt-pbkdf2.
...
Unfortunately gcrypt PBKDF2 in libgcrypt 1.6.0 is very slow.
Until patch is accepted, let's allow switch back to internal kdf
implementation.
Fixes Issue#199, also see
https://bugzilla.redhat.com/show_bug.cgi?id=1051733
2014-01-15 20:06:12 +01:00
Milan Broz
5206543902
Fix api test keyfile write.
2014-01-12 13:39:15 +01:00
Milan Broz
7f93a49cc3
Support --tries option even for TCRYPT devices in cryptsetup.
2014-01-12 11:37:21 +01:00
Milan Broz
bec86e3d5a
Support discard option even for TCRYPT devices.
2014-01-11 22:13:37 +01:00
Axel Lin
3ba95a822f
Link against -lrt for clock_gettime
...
Fix undefined reference to `clock_gettime' error.
This is required since commit f3e398afc5http://autobuild.buildroot.net/results/9ca/9cad1cf49ee6b5c58d8260ee33beef2e6c1ada4d/build-end.log
Signed-off-by: Axel Lin <axel.lin@ingics.com >
2014-01-01 21:13:09 +01:00
Milan Broz
486ec44c3e
Fix previous commit (do not print warning even for wrong passphrase).
2014-01-01 21:11:12 +01:00
Milan Broz
8dc4877697
Fix error message when some algoritmhs are not available.
...
Fixes http://www.saout.de/pipermail/dm-crypt/2013-December/003721.html
2013-12-29 09:56:23 +01:00
Milan Broz
7415c5858d
Count system time in PBKDF2 benchmark if kernel return no self usage info.
...
This is kind of workaround for Issue#192...
2013-12-22 10:12:36 +01:00
Milan Broz
8e5411f468
Set devel version.
2013-12-14 11:23:10 +01:00
Milan Broz
3bf40bb8dd
Add 1.6.3 ChangeLog.
2013-12-13 21:33:53 +01:00
Milan Broz
79956a4d47
Fix skip/offset option description in man page.
2013-12-11 23:22:03 +01:00
Milan Broz
2d755335de
Fix previous commit.
2013-12-08 18:15:00 +01:00
Milan Broz
d7762c09dd
Add new test images to automake file list.
2013-12-08 18:02:58 +01:00
Milan Broz
957201e758
Fix reencryption tool to work with 4k devices.
...
See https://bugzilla.redhat.com/show_bug.cgi?id=1029032#c7
Thanks to Ondra Kozina to figure this out.
2013-12-08 17:50:25 +01:00
Milan Broz
004dc271a4
Fix wrong block size if used on 4k block fs through loop device.
...
Always use page size if running through loop device.
2013-12-08 16:09:25 +01:00
Milan Broz
a9b24ccc82
Remove obsoleted warning.
2013-12-08 00:04:32 +01:00
Milan Broz
c57071a43a
Fix TCRYPT system encryption mapping for multiple partitions.
...
Since this commit, one can use partition directly as device parameter.
Should fix Issue#183 and Issue#188.
2013-12-07 23:58:56 +01:00
Milan Broz
df27f04f61
Update po files.
2013-12-01 10:58:05 +01:00
Milan Broz
f3e398afc5
Rewrite cipher benchmark loop.
...
Using getrusage seems toi give not adequate precision,
so use clock_gettime and try to scale buffer size a bit
on high performance systems.
If it still fail, return ERANGE error instead calculating
completely unreliable numbers.
Should fix Issue#186.
2013-12-01 10:55:35 +01:00
Milan Broz
65877efe8b
Update po files.
2013-11-25 21:26:33 +01:00
Milan Broz
96acd87f0b
Update po files.
2013-11-24 17:47:14 +01:00
Milan Broz
fcb35d4e73
Prepare version 1.6.3.
...
For updating po files (translators).
2013-11-24 12:47:24 +01:00
Ondrej Kozina
0d47e5eb76
Enable reencryption tests using last keyslot
2013-11-21 19:48:17 +01:00
Ondrej Kozina
f30bbbffe7
Fix minimal size expectations failure for backup header file
...
- backup header file must be page size aligned
- fix for https://bugzilla.redhat.com/show_bug.cgi?id=1030288
- add regression test to api-tests
2013-11-21 19:48:12 +01:00
Ondrej Kozina
6b88461553
modify fips detection also in api-test
2013-11-21 19:48:03 +01:00
Milan Broz
700b558fb6
Fix api test to use proper key size.
...
LUKS format now reuires correct kernel parameters always,
so validation test must use different but still correct key size.
2013-11-20 22:20:15 +01:00
Milan Broz
58b5be440f
Fix initialization of unknown used device.
...
dm_query can return open count, this should be processed
as success (and properly fail later ;-)
2013-11-19 20:57:23 +01:00
Milan Broz
626801f7df
Unify LUKS type check.
...
Warn if device type is not set (incompatible activation
either by manual dmsetup or other tools).
2013-11-19 20:50:36 +01:00
Ondrej Kozina
77a345d4cb
Add tests to reencryption-compat-test
...
- test --keyslot modification (commit: 5736b0a114https://bugzilla.redhat.com/show_bug.cgi?id=1030288 )
[gmayland: removed some tests & added -i 1 to save test time]
2013-11-17 21:01:19 +01:00
Dave Reisner
18901fd501
libdevmapper: correctly compare major and minor versions
...
Previously, this code could incorrectly identify a version of crypt or
dm due to the way it compared versions. For example, if a feature was
gated on crypt version 1.5, it would disable the feature for crypt
version 2.2.
2013-11-14 08:32:02 +01:00
Milan Broz
5b86cb5cc2
Enable TCW dmcrypt version check (patch should be in kernel 3.13).
2013-11-10 22:20:30 +01:00
Milan Broz
ce23225e46
Check if provided cipher and mode is usable before writing LUKS header to disk.
...
If user provided unusable cipher-mode string, LUKS header was written and
keyslot creation failed later.
Better check early (by creating fake dmcrypt device) if cipher is usable
and fail early (without writing LUKS header to device).
Fixes Issue#176
2013-11-10 22:11:00 +01:00
Milan Broz
09c229fe6c
Support limitation for "plain" hash (no hash).
...
This can be used for mapping problematic cryptosystems which
wipes some key (losetup sometimes set last byte to zero).
2013-11-10 19:31:02 +01:00
Milan Broz
db56125708
Fix hash limiting if parameter is not a number.
...
If hash lenght specification was not a number, the whole key was set
to zero instead of command failure.
Resolves
https://bugzilla.redhat.com/show_bug.cgi?id=1028362
2013-11-10 19:08:01 +01:00
Ondrej Kozina
5736b0a114
unify --key-slot behavior in cryptsetup_reencrypt
...
- cryptsetup-reencrypt: unify --key-slot behavior
across the utility and enable the option even
without --key-file.
[FIXME: add tests and man page revision]
2013-11-10 18:29:11 +01:00
Ondrej Kozina
a21c0503f8
make FIPS checks compliant with new guidance
...
(gmazyland: Simplified this NIST nonsense, should be still exactly
equivalent to former patch)
2013-11-10 18:10:39 +01:00
Ondrej Kozina
e52d5f3d98
90reencrypt fixes:
...
- add loop module to initramfs image
- modprobe loop before reencrypt start
- add rd.luks.reencrypt_keyslot=
- add conflict with dracut crypt module
- drop to emergency_shell after reencryption
2013-11-10 17:38:11 +01:00
