eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-14 04:10:06 +01:00
Code Issues Packages Projects Releases Wiki Activity
2,050 Commits 15 Branches 79 Tags
4acac9a294c1cb15d08b061231d95b03927b56b0
Commit Graph

2050 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Milan Broz
71299633d5 Properly handle interrupt in cryptsetup-reencrypt and remove log. 
Fixes #419.
 2018-11-24 20:10:46 +01:00
Milan Broz
dfe61cbe9c Fix sector-size tests for older kernels. 2018-11-24 20:10:03 +01:00
Milan Broz
18c9210342 Check for device size and sector size misalignment. 
Kernel prevents activation of device that is not aligned
to requested sector size.

Add early check to plain and LUKS2 formats to disallow
creation of such a device.
(Activation will fail in kernel later anyway.)

Fixes #390.
 2018-11-24 18:53:46 +01:00
Milan Broz
1167e6b86f Add support for Adiantum cipher mode. 2018-11-23 21:03:02 +01:00
Milan Broz
1684fa8c63 Do not run empty test set in main directory. 2018-11-22 16:30:33 +01:00
Milan Broz
b4dce61918 Try to check if AEAD cipher is available through kernel crypto API. 2018-11-22 16:02:33 +01:00
Milan Broz
d7ddcc0768 Reformat AF implementation, use secure allocation for buffer. 2018-11-22 16:02:00 +01:00
Milan Broz
36c26b6903 Properly propagate error from AF diffuse function. 2018-11-22 15:51:27 +01:00
Milan Broz
2300c692b8 Check hash value in pbkdf setting early. 2018-11-22 15:51:10 +01:00
Milan Broz
da6dbbd433 Fallback to default keyslot algorithm if backend does not know the cipher. 2018-11-22 15:49:56 +01:00
Ondrej Kozina
0a4bd8cb7d Remove unused crypt_dm_active_device member. 2018-11-22 15:49:21 +01:00
Ondrej Kozina
32d357e1a8 Secondary header offset must match header size. 2018-11-22 15:34:28 +01:00
Ondrej Kozina
21e259d1a4 Check json size matches value from binary LUKS2 header. 
We have max json area length parameter stored twice. In
LUKS2 binary header and in json metadata. Those two values
must match.
 2018-11-22 15:34:18 +01:00
Ondrej Kozina
c3a54aa59a Change max json area length type to unsigned. 
We use uint64_t for max json length everywhere else
including config.json_size field in LUKS2 metadata.

Also renames some misleading parameter names.
 2018-11-22 15:34:00 +01:00
Ondrej Kozina
7713df9e41 Enable all supported metadata sizes in LUKS2 validation code. 
LUKS2 specification allows various size of LUKS2 metadata.
The single metadata instance is composed of LUKS2 binary header
(4096 bytes) and immediately following json area. The resulting
assembled metadata size have to be one of following values,
all in KiB:

16, 32, 64, 128, 256, 512, 1024, 2048 or 4096
 2018-11-22 15:32:31 +01:00
Milan Broz
49900b79a9 Add branch v2_0_x to Travis. 2018-11-19 13:25:37 +01:00
Milan Broz
4f075a1aef Remove python dev from Travis script. 2018-11-09 10:28:29 +01:00
Milan Broz
d4cd902e1c Update po file. 2018-11-09 09:59:27 +01:00
Milan Broz
ef4484ab27 Remove python bindings in favour of liblockdev. 2018-11-09 09:18:41 +01:00
Ondrej Kozina
9e7f9f3471 Parse compat values from LUKS2 default segment encryption. 
We used to preset compat cipher and cipher_mode values during
crypt_format() or crypt_load(). Since we can change 'default segment'
dynamically during reencryption (encryption, decryption included) we
need to parse those values from default segment json encryption field
each time crypt_get_cipher() or crypt_get_cipher_mode() is called.
 2018-11-07 10:18:41 +01:00
Milan Broz
493e8580d6 Log all debug messages through log callback. 
This cahnge allow to redirect all output of library
to a log processor.
 2018-11-07 10:17:51 +01:00
Milan Broz
bce567db46 Add workaround for benchmarking Adiantum cipher. 2018-11-07 10:17:33 +01:00
Milan Broz
38e2c8cb8a Set devel version. 2018-11-07 10:16:35 +01:00
Milan Broz
16309544ac Fix ext4 image to work without CONFIG_LBDAF. 2018-11-05 12:00:01 +01:00
Milan Broz
517b5da67a Version 2.0.5. v2.0.5 2018-10-28 15:30:25 +01:00
Milan Broz
98460af44f Update LUKS2 docs. 2018-10-28 15:27:55 +01:00
Milan Broz
7213d5a76b Fix verbose message about key removal in luksKillSlot,luksErase and luksKremoveKey. 
The crypt_keyslot_destroy() does not return keyslot number,
so return value 0 was always used as a keyslot reference.
 2018-10-27 17:44:38 +02:00
Ondrej Kozina
bb29c5b322 Update man section describing convert command. 
Fixes #414.
 2018-10-26 10:07:41 +02:00
Milan Broz
58ad7bae48 Add 2.0.5 release notes. 2018-10-22 12:23:54 +02:00
Milan Broz
82a3480b12 Update po files. 2018-10-21 12:30:34 +02:00
Ondrej Kozina
c00811a846 Run LUKS2 validation code before header areas wiping. 
Also drops redundant checks peformed in general validation code.
 2018-10-18 08:48:48 +02:00
Milan Broz
27eaf46c8a Fix issues found by Coverity scan. 
- possible overflow of data offset calculation in wipe and
- dereferencing of pointer in a keyring error path.
 2018-10-14 21:50:06 +02:00
Milan Broz
202aeece3c Fix test module inclusion in tarball. 2018-10-14 20:54:06 +02:00
Milan Broz
825fc895dc Fix some signed/unsigned comparison warnings. 2018-10-14 20:36:45 +02:00
Milan Broz
a74aecedf1 Set devel version. 2018-10-14 20:24:34 +02:00
Milan Broz
fa1f63bcd0 Update po files. 2018-10-14 20:23:32 +02:00
Milan Broz
c2bce3e93e Wipe full header areas (including unused) during LUKS format. 
All previous version of cryptsetup wiped only first 4k for LUKS1
and both JSON areas for LUKS2 (first 32k) and the allocated
keyslot area (as it contained the generated key).

Remaining areas (unused keyslots, padding, and alignment) were
not wiped and could contain some previous data.

Since this commit, the whole area up to the data offset is zeroed,
and subsequently, all keyslots areas are wiped with random data.

Only exceptions are
 - padding/alignment areas for detached header
   if the data offset is set to 0
 - bogus LUKS1 keyslot areas (upstream code never
   created such keyslots but someone could use that).

This operation could slow down luksFormat on some devices, but
it guarantees that after this operation LUKS header does not
contain any foreign data.
 2018-10-14 13:11:50 +02:00
Milan Broz
a46733e701 Reintroduce error message if LUKS device is not detected. 
Older cryptsetup printed this message through library,
later it disappeared even in cryptsetup binary.
 2018-10-13 10:13:29 +02:00
Milan Broz
8f350f9b9f Print error message if crypt_load() detects unsupported version of LUKS. 2018-10-12 12:34:43 +02:00
Milan Broz
484692aacd Do not ask wiping questions in format if we just created the file. 2018-10-12 12:24:42 +02:00
Milan Broz
7f0df99511 Properly parse errno to error message for devices. 2018-10-12 12:03:56 +02:00
Milan Broz
bebd2fe7e7 Do not print error for used device twice. 2018-10-12 12:03:54 +02:00
Milan Broz
36e8839675 Do not fail if device is smaller than requested wipe size. 2018-10-11 21:20:34 +02:00
Ondrej Kozina
61305a50c1 Add delay=0 parameter to scsi_debug in all tests. 
Speed up tests significantly.
 2018-10-11 16:21:36 +02:00
Milan Broz
1d7749a40f Show better errors if kesylot decryption fails. 
This happens also in cipher check where the old message was
very confusing.
 2018-10-11 15:41:35 +02:00
Milan Broz
f01d044618 Print file name size instead of a loop device in error messages. 2018-10-11 15:40:22 +02:00
Milan Broz
31532adf86 Do not copy buffer if read fails. 2018-10-11 15:39:31 +02:00
Milan Broz
879e06db39 Wiping empty device should not fail. 2018-10-11 15:38:56 +02:00
Milan Broz
4beb0f702a Do not allow device activation if data area overlaps with LUKS header. 2018-10-11 11:55:45 +02:00
Ondrej Kozina
a771460dbd Add validation tests for optional segment flags section. 2018-10-11 11:55:26 +02:00