eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-13 03:40:05 +01:00
Code Issues Packages Projects Releases Wiki Activity
2,291 Commits 13 Branches 79 Tags
3bea349f9ee6083d48c001c03f4ce8fe44d27ea0
Commit Graph

30 Commits

Author SHA1 Message Date
Yuri Chornoivan
4143d9871e Fix minor typos 2019-06-28 12:02:39 +00:00
Ondrej Kozina
59bed375d0 Add type parameter to INTEGRITY_activate_dmd. 2019-06-27 10:18:54 +02:00
Milan Broz
448fca1fdf Integritysetup: implement new bitmap mode. 2019-05-21 15:54:07 +02:00
Ondrej Kozina
ee57b865b0 Reuse device file desriptors. 2019-05-10 21:05:31 +02:00
Milan Broz
a6f5ce8c7b Update copyright year. 
And unify name copyright format.
 2019-01-25 09:45:57 +01:00
Ondrej Kozina
39a014f601 dm backend with support for multi-segment devices. 
Support for multi-segment devices is requirement for online
reencryption to work. Introducing modififed dm backend that
splits data structures describing active device and individual
dm target (or segment).
 2019-01-07 13:07:45 +01:00
Ondrej Kozina
8b2553b3f4 Split integrity activation between two function. 2019-01-01 21:42:46 +01:00
Ondrej Kozina
120ebea917 Split low level code for creating dm devices. 
The separate code for reloading device tables
will be used in later features.
 2019-01-01 21:42:46 +01:00
Milan Broz
316ec5b398 integrity: support detached data device. 
Since the kernel 4.18 there is a possibility to speficy external
data device for dm-integrity that stores all integrity tags.

The new option --data-device in integritysetup uses this feature.
 2018-12-05 19:42:31 +01:00
Milan Broz
35fa5b7dfc Propagate context in libdevmapper functions. 2018-11-27 14:47:50 +01:00
Milan Broz
7812214db6 Add context to device handling functions. 2018-11-27 14:19:57 +01:00
Milan Broz
a5a8467993 Use context in debug log messages. 
To use per-context logging even for debug messages
we need to use the same macro as for error logging.
 2018-11-27 13:37:20 +01:00
Milan Broz
ac26921569 Add support for dm-integrity superblock V2. 
Only support parsing superblock data,
new functions will be supported in later kernel and releases.
 2018-07-21 15:24:07 +02:00
Milan Broz
e654fabe04 Add some new AEAD modes and allow SHA1 for integrity check. 
NOTE: all this code will be switched to generic checks, this list
is just a temporary hack.
 2018-05-21 15:29:49 +02:00
Milan Broz
b00a87d8fa Remove trailing EOL for verbose and error messages. 2018-04-26 10:38:17 +02:00
Milan Broz
187170ec51 Check cipher before writing metadata (LUKS2). 
Some ciphers and key sizes created on-disk metadata that cannot be used.
Use the same test for length-preserving cipher as LUKS1.

Also check if key for integrity algorithm is not too small.

Fixes #373.
 2018-04-06 12:57:58 +02:00
Milan Broz
92f14d28d1 Fix null dereference in previous commit. 2018-02-14 14:19:48 +01:00
Milan Broz
954214e48c Use integrity key during integritysetup format. 
Kernel could reject HMAC without a key during format, we must set a key here as well.

Because there is no data area (device size is 8 sectors), it is actually never used,
so we can use zeroed key here.

The real HMAC key is used later during device activation with the real size.
 2018-02-13 14:41:36 +01:00
Milan Broz
1fe014dbae Update copyright year. 2018-01-20 17:55:21 +01:00
Milan Broz
3f186c009c Auth tag size and iv size can depend on auth cipher. 
Some experimental ciphers will use different IV sizes,
add parameter to check it in future (unused for now).
 2018-01-05 16:38:58 +01:00
Milan Broz
d77bbe93c1 Use non-recursive automake. 
This change also causes that now binaries and libraries are placed in
build root directory.

Now we can use subdir-objects for automake.
 2017-10-12 11:48:17 +02:00
Milan Broz
9f2727bb77 Add libLUKS2. 2017-09-24 19:50:12 +02:00
Milan Broz
3435f9cb2c Use only crypt_get_integrity_info in API. 
Some other functions remain internal only.

Signed-off-by: Milan Broz <gmazyland@gmail.com>
 2017-08-06 21:34:01 +02:00
Milan Broz
3efa00d59a Revert deferred flag for keyslots and temp devices. 
It could cause races later, replacing with error device is enough.
 2017-06-24 09:57:22 +02:00
Milan Broz
32d5e59ab6 Implement deferred removal of device. 
This can be used in some automated systems and allows device
to be removed after the last user mapping closes it.
 2017-06-23 14:41:54 +02:00
Milan Broz
34bf809e51 Use device alignment wrapper. 
And cache the value to not call ioctl on every block read/write.
 2017-06-08 09:30:53 +02:00
Milan Broz
6fc383ade1 Fix detection of target presence. 2017-06-01 12:25:39 +02:00
Milan Broz
7e06265568 Parse integrity mode directly. 2017-05-29 10:40:06 +02:00
Milan Broz
5a3e3339e0 Make integrity param optional. 2017-05-28 22:47:05 +02:00
Milan Broz
0bb7098fd8 Add integritysetup command line tool for the dm-integrity standalone setting. 
The dm-integrity target is intended to be used for authenticated
encryption through LUKS and dm-crypt.

It can be used in standalone as well; for this use case there
is a simple configuration utility called integritysetup
(similar to veritysetup to dm-verity).
 2017-05-28 09:22:17 +02:00