eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-17 05:40:13 +01:00
Code Issues Packages Projects Releases Wiki Activity
2,050 Commits 13 Branches 79 Tags
4acac9a294c1cb15d08b061231d95b03927b56b0
Commit Graph

2050 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Michal Virgovič
dc58985ac6 Enable userspace FEC decoding in veritysetup. 2018-03-22 12:43:49 +01:00
Michal Virgovič
5e0db46f17 Add Reed-Solomon user-space decoding lib. 2018-03-22 12:41:57 +01:00
Milan Broz
4e19bc01d5 Fix test vectors test link. 2018-03-19 19:21:35 +01:00
Milan Broz
2d2acda404 Add crypto backend vectors test. 
Still need to add
 - hash, HMAC,
 - symmetric ciphers,
 - storage encryption wrapper.
 2018-03-19 13:02:12 +01:00
Milan Broz
fa8d5d1769 Remove losetup handling from reencrypt2 test. 2018-03-13 15:20:07 +01:00
Milan Broz
fe058e2c27 Update reencrypt test to use option --type only when really needed. 2018-03-13 14:14:44 +01:00
Milan Broz
a22a24bc98 Support detached header for cryptsetup-reencrypt. 
This patch allows encryption/decryption of the whole device,
IOW add encryption later with detached header.

This operation can be dangerous, there is no fixed bindings between
the specific LUKS header and data device (encrypted data device
contains no magic signatures).
 2018-03-08 10:15:56 +01:00
Milan Broz
b7c2465887 Add link to ABI tracker. 2018-03-07 13:47:00 +01:00
Milan Broz
f34158250a Update Readme.md. 2018-03-07 13:33:22 +01:00
Milan Broz
87dcc9fe07 Prepare version 2.0.2. v2.0.2 2018-03-07 12:55:54 +01:00
Milan Broz
c56e0eb556 Update po files. 2018-03-06 09:18:08 +01:00
Milan Broz
ba959970c6 Update po files. 2018-03-02 08:58:39 +01:00
Milan Broz
c75e31d3da Set devel version. 2018-03-01 15:04:12 +01:00
Milan Broz
bcc2330a18 Actually fail early Travis test if non-root test fails. 2018-03-01 14:31:04 +01:00
Milan Broz
f0f5913efe Fix device_test to properly fail for non-root user. 2018-03-01 14:05:51 +01:00
Milan Broz
17aefd333a Fix intearctive tests to actually fail if there is a timeout. 2018-03-01 13:48:04 +01:00
Milan Broz
b86a652b90 Return back check for inactive keyslot for luksKillSlot. 2018-03-01 13:46:50 +01:00
Ondrej Kozina
5968323642 Refactor cryptsetup-reencrypt luks2 handling. 
Fold former luks2_transfer_tokens and luks2_transfer_flags into
new luks2_metadata_copy.
 2018-02-28 10:37:14 +01:00
Ondrej Kozina
26727882d0 Refactor update_persistent_flags. 2018-02-28 10:36:43 +01:00
Ondrej Kozina
106e441a61 Add error message explaining locking failure. 2018-02-28 10:36:34 +01:00
Ondrej Kozina
6d22ba9f87 Allow symbolic links in locking path. 
Allow symbolic links in the initial part of locking path.
If /run/x/y/crypsetup is locking path, starting with
'run' anything may be symbolic link up to (including) 'y'.
 2018-02-28 10:36:26 +01:00
Ondrej Kozina
8cd9db272f Adapt device-test to different performance options handling. 
cpu --perf-* options do not trigger error when
not supported by current kernel.

Also be more carefull about --sector-size when not supported by
dm-crypt. Test is made more pedantic now.
 2018-02-28 10:36:06 +01:00
Ondrej Kozina
b8691649c5 Retry dm-crypt load if performance options are not supported. 2018-02-28 10:35:53 +01:00
Ondrej Kozina
e9a2938c6b Test persistent flags after reencryption. 2018-02-28 10:35:41 +01:00
Milan Broz
44fa0bfbc6 Ensure that we do not process null in atoi call. 2018-02-28 08:57:10 +01:00
Ondrej Kozina
36c213ed3a Remove warning from cryptsetup-reencrypt man page. 
Tokens and persistent flags are now transferred during
reencryption.
 2018-02-27 12:09:44 +01:00
Ondrej Kozina
5f26f8a03d Transfer persistent flags to new LUKS2 header. 2018-02-27 12:09:18 +01:00
Ondrej Kozina
471f781022 Enhance persistent flags handling in cryptsetup. 
With --persistent option, write only flags actually
used during activation. In other words we will not
store anymore flags not supported by running kernel.
 2018-02-27 11:58:20 +01:00
Ondrej Kozina
f6cb8e4118 Do not allow --persistent and --test-passphrase. 2018-02-27 11:58:15 +01:00
Ondrej Kozina
515eff269c Add basic tests for persistent flags API. 2018-02-27 11:58:11 +01:00
Ondrej Kozina
bd370ab789 Fix bugs in crypt_persistent_flags_get. 
various bugfixes:
- erase flags variable if no flags are stored
- do not print false debug warning
- during activation do not overwrite activation flags
  with persistent flags
 2018-02-27 11:58:05 +01:00
Ondrej Kozina
3e10116437 Test crypt_activate_by_token() and keyring. 2018-02-27 11:58:01 +01:00
Ondrej Kozina
05f665ecda Return error on conflicting keyring requests. 
Add missing check in crypt_activate_by_token. An oversight
from previous patch.
 2018-02-27 11:57:57 +01:00
Milan Broz
cd65f6a84d Speedup reencryption test. 2018-02-23 13:50:44 +01:00
Milan Broz
6d2979459e Key parameter is always const in cipher and storage backend. 2018-02-23 10:40:17 +01:00
Milan Broz
dee38e9c0b Rename buffer to key in hmac_init in crypto backend. 
It is key and naming was confusing.
 2018-02-23 10:40:14 +01:00
Milan Broz
b4fc36ea62 Make all crypto backend destructors return void. 
Nothing in the code actually checks the return values anyway.
 2018-02-23 10:40:11 +01:00
Milan Broz
fb6b4739e4 Clean up keyring handling. 
Move all keyring functions to one place and separate LUKS2 specific
code to generic handling.

Also fix possible mismatch if volume key is in keyring but it is not native
LUKS2 device (libarary cannot process such a device properly).
 2018-02-22 15:26:07 +01:00
Milan Broz
32700cc51b Fix possible dereference of type string. 2018-02-22 15:26:03 +01:00
Milan Broz
1ac353d24e Allocate key description in volume key. 
The key description is now allocated by volume key wrappers.
 2018-02-22 15:23:11 +01:00
Ondrej Kozina
d7686201dc Grow fs images and alter tests accordingly. 2018-02-22 15:22:39 +01:00
Ondrej Kozina
248733de44 Add reencryption test for LUKS2 tokens. 
Test tokens are transferred properly to new LUKS2 header.
 2018-02-22 15:22:08 +01:00
Ondrej Kozina
e410ba9623 On reencryption transfer tokens to new LUKS2 header. 2018-02-22 15:21:59 +01:00
Ondrej Kozina
8295bde95a Update tests for token enhancements. 
- add crypt_token_is_assigned tests
- test crypt_token_json_set extended to be able
  to create builtin tokens.
 2018-02-22 15:21:52 +01:00
Ondrej Kozina
f3a9e95dd8 Add simple API for token assignment reporting. 2018-02-22 15:21:37 +01:00
Ondrej Kozina
7378e3be01 Allow crypt_token_json_set to create internal types. 2018-02-22 15:21:31 +01:00
Ondrej Kozina
1968efe9f0 Do not allow unexpected fields in keyring token validation. 2018-02-22 15:21:24 +01:00
Milan Broz
2b6808f165 Fix some anoying gcc buffer size warnings. 2018-02-14 18:23:25 +01:00
Milan Broz
92f14d28d1 Fix null dereference in previous commit. 2018-02-14 14:19:48 +01:00
Milan Broz
954214e48c Use integrity key during integritysetup format. 
Kernel could reject HMAC without a key during format, we must set a key here as well.

Because there is no data area (device size is 8 sectors), it is actually never used,
so we can use zeroed key here.

The real HMAC key is used later during device activation with the real size.
 2018-02-13 14:41:36 +01:00