eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-11 10:50:01 +01:00
Code Issues Packages Projects Releases Wiki Activity
3,336 Commits 15 Branches 78 Tags
3a56cf05bfa5e39a15dcee7fce1f3b4f69c57ed9
Commit Graph

3336 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Milan Broz
3a56cf05bf Replace mk_ with vk_ name prefix. 2022-03-29 19:06:38 +00:00
Milan Broz
b6c36f50ba Replace name master with volume key. 
And keep two tests for compatibility.
 2022-03-29 19:06:38 +00:00
Milan Broz
b050448db9 Add aliases for --volume-key-file and --dump-volume-key-file. 2022-03-29 19:06:38 +00:00
Milan Broz
68796e12dd Replace OPT_MASTER_KEY_FILE_ID with OPT_VOLUME_KEY_FILE_ID. 2022-03-29 19:06:38 +00:00
Milan Broz
650c7e8b67 Enable csmock for merge requests. 2022-03-29 15:40:48 +00:00
Milan Broz
0dc18fba22 Fix a leak in error path. 
Also fix a warning, all detected by Coverity scan.
 2022-03-29 15:40:48 +00:00
Milan Broz
1116289de4 Try to load dm-integrity in api-test. 2022-03-29 14:17:53 +00:00
Milan Broz
1595fcf479 Do not run keyed integrity resize tests for older kernel. 2022-03-29 14:17:53 +00:00
Milan Broz
c4c1ca2224 Use batch mode for integrity resize test. 2022-03-29 14:17:53 +00:00
Ondrej Kozina
2b42968e92 Port cryptsetup --new option to CRYPT_ARG_ALIAS type. 2022-03-29 12:54:58 +02:00
Ondrej Kozina
e2a5af9e64 Add new argument type CRYPT_ARG_ALIAS. 
It can be used to easily define option
aliases for command line utilities.
 2022-03-29 12:54:15 +02:00
Milan Broz
e4ed545cbf Remove debug line from api-test. 2022-03-28 22:27:54 +02:00
Ondrej Kozina
65be641f20 Refactor LUKS reencryption. 2022-03-24 15:14:32 +00:00
Ondrej Kozina
ce55fa4d1c Refactor LUKS decryption. 2022-03-24 15:14:32 +00:00
Ondrej Kozina
92baacadad Refactor LUKS encryption. 
It also adds hardened checks for accidental
nested device encryption.
 2022-03-24 15:14:32 +00:00
Ondrej Kozina
2e59229e5a Add checks for some conflicting requests. 
It also moves device load for reencryption purposes
further up in code path to better optimize the code
later.
 2022-03-24 15:14:32 +00:00
Ondrej Kozina
3f42b69fc8 Add reencrypt_luks2_resume helper. 
To be used later.
 2022-03-24 15:14:32 +00:00
Ondrej Kozina
b10c0b6a02 Simplify load_luks2_by_name. 
Also adds specific error messsage when device
is not actualy LUKS2.
 2022-03-24 15:14:32 +00:00
Ondrej Kozina
f388662418 Remove 'type' argument from load_luks helper. 
The code removal will help simplify further code
changes.
 2022-03-24 15:14:32 +00:00
Ondrej Kozina
8bc10ee853 Rename luks2 reencryption initialization routines. 2022-03-24 15:14:32 +00:00
Ondrej Kozina
b663b9305c Add helper for checking data device type during encryption. 
In case operation is invoked with --header parameter
check if data device does not already contain LUKS device
 2022-03-24 15:14:32 +00:00
Ondrej Kozina
828555db97 Remove unused code in helper routine. 2022-03-24 15:14:32 +00:00
Ondrej Kozina
ba08f02a40 Move helper for LUKS2 auth. encryption detection. 2022-03-24 15:14:32 +00:00
Ondrej Kozina
a55b0530a4 Restrict --active-name to LUKS2 type only. 2022-03-24 15:14:32 +00:00
daniel.zatovic
a2f30ebd4c Display progress when wiping the end of resized device. 2022-03-24 11:38:16 +01:00
daniel.zatovic
d20d41c7a5 Add log messages, when kernel doesn't support resize. 2022-03-24 11:38:16 +01:00
daniel.zatovic
4eba55c73e Add tests for integritysetup resize action. 2022-03-24 11:38:16 +01:00
daniel.zatovic
29ddd68a0f Add API tests for resize of integrity volume. 2022-03-24 11:38:16 +01:00
daniel.zatovic
9707b71f98 Describe resize action in manual page. 2022-03-24 11:38:16 +01:00
daniel.zatovic
36cdda870b Add resize action to integritysetup. 
Fixes: #594.
 2022-03-24 11:38:16 +01:00
daniel.zatovic
9b8a872006 Add support for resizing raw integrity devices. 2022-03-24 11:38:16 +01:00
daniel.zatovic
45b808c186 Move checking for detached integrity metadata device. 
To allow resizing integrity devices with detached metadata device, the
check has to be moved from _compare_integrity_devices to
_reload_device_with_integrity.
 2022-03-24 11:38:16 +01:00
daniel.zatovic
87afb9d783 Remove size parameter comparison for integrity devices. 
To support device resize, we can not compare the device size (it is
already not compared for crypt devices).
 2022-03-24 11:38:16 +01:00
daniel.zatovic
86402a1102 Add API tests for refreshing integrity devices. 2022-03-24 11:38:16 +01:00
daniel.zatovic
64e7c3d3b1 Add support for refreshing integrity devices. 
If the provided key is NULL, we load it from the active device. This is
always available, since keyring keys are not supported in kernel for
integrity devices.
 2022-03-24 11:38:16 +01:00
daniel.zatovic
f6c1445c6b Add support for querying journal active devices for integrity and encryption keys. 2022-03-18 09:56:59 +00:00
Ondrej Kozina
f5724a30f9 Test nested encryption is not possible. 2022-03-17 19:07:10 +00:00
Ondrej Kozina
47f31205cf Do not allow nested encryption in LUKS reencrypt. 
Try to avoid accidental nested encryption via
cryptsetup reencrypt --new/--encrypt command.

If detached header or data device is already reported
as LUKS1 or LUKS2 device operation gets aborted.

Fixes: #713.
 2022-03-17 19:07:10 +00:00
Ondrej Kozina
5bd5462a9e Improve helpers for reencryption utilities. 
Also clarifies some code path.
 2022-03-17 19:07:10 +00:00
Ondrej Kozina
d1f0376c77 Decouple auth. encryption check from in-reencrypt detection. 2022-03-17 19:07:10 +00:00
Ondrej Kozina
dae91fd9ec Code reshuffle in-before some changes. 2022-03-17 19:07:10 +00:00
daniel.zatovic
df4ed89141 CI: disable updates. 2022-03-17 19:04:41 +00:00
Milan Broz
559012b6a7 Check dm-zero availability for bitlk type. 
Bitlocker compatible mode uses dm-zero to mask metadata area,
device cannot be activated if dm-zero is not available.

Just add zero target check to device-mapper backend and
if activation fails, print a better error message here.

Fixes: #722
 2022-03-16 12:21:30 +01:00
Milan Broz
6534e86c22 Update gitignore. 2022-03-15 13:12:27 +01:00
Milan Broz
70c1eb7352 Support make check-programs target from top level makefile. 
Also fix genereated header dependence.
 2022-03-15 13:07:10 +01:00
Ondrej Kozina
dee2fa7159 Prefer token PIN query before passphrase in some case. 
When user provides --token-type or specific --token-id
prefer token PIN query over passphrase query (if token
handler responds with 'PIN needed').

Fixes: #670.
 2022-03-14 17:34:41 +01:00
Ondrej Kozina
3af754b5eb Use proper function parameter in token pin helper. 2022-03-14 17:33:41 +01:00
Ondrej Kozina
3b85ab2dc1 Do not continue operation when interrupted in PIN prompt. 2022-03-14 14:04:36 +00:00
Ondrej Kozina
2a5483d8c3 Add progress function init before reencryption loop. 
Otherwise elapsed time tracking is off and also breaks
speed estimation.
 2022-03-07 12:35:38 +01:00
Ondrej Kozina
8340d0cb1a Remove useless condition in reencryption loop. 
(always true)
 2022-03-07 12:35:38 +01:00