eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-13 20:00:08 +01:00
Code Issues Packages Projects Releases Wiki Activity
2,050 Commits 13 Branches 79 Tags
4acac9a294c1cb15d08b061231d95b03927b56b0
Commit Graph

2050 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ondrej Kozina
f849f83d84 Add validation code for option flags section of segment. 2018-10-11 11:55:22 +02:00
Ondrej Kozina
1d084a41ad Add support for optional flags section in LUKS2 segments dump. 2018-10-11 11:55:18 +02:00
Ondrej Kozina
c4198986f1 Sort LUKS2 segments by keys in crypt_dump output. 2018-10-11 11:55:13 +02:00
Milan Broz
7514786b20 Add an error message if device is unusable. 2018-10-04 20:00:12 +02:00
Milan Broz
9df042c0b8 Use explicit_bzero if available. 2018-10-04 15:21:01 +02:00
Ondrej Kozina
37e0150f70 Do not use fallocate in blockwise tests. 
fs driver may skip some sanity checks if it's aware the content
of file is uninitialized.

Fixes warnings for xfs in kernel 4.19+
 2018-10-04 11:20:03 +02:00
Milan Broz
294e4cbcb7 Fix tcrypt test on very old distros. 2018-10-02 13:56:57 +02:00
Milan Broz
952716afe1 Report versions in test run. 2018-10-02 13:46:03 +02:00
Milan Broz
24aba9a514 tcrypt: Support additional Veracrypt modes. 
Add support for Camellia and Kuznyechik ciphers and Streebog hash functions,
introduced in recent Veracrypt.

Note, that Kuznyechik requires out-of-tree kernel module and Streebog
hash function is available only with gcrypt backend.
 2018-10-02 10:47:38 +02:00
Milan Broz
905993751c Fix integritysetup build. 2018-09-29 18:28:10 +02:00
Milan Broz
0b10d877b0 Some more gcc warnings fixes. 2018-09-29 17:32:33 +02:00
Milan Broz
874fa5810d Do not use local libutils. 2018-09-29 10:42:05 +02:00
Milan Broz
5be31bbce6 More warnings fixes. 2018-09-27 20:54:06 +02:00
Milan Broz
a6e3a31690 Workaround for some gcc8 warnings. 
Some new string length checks are too clever now...
 2018-09-27 13:25:52 +02:00
Milan Broz
506f3f7b57 Decrease memory limit for pbkdf test. 2018-09-26 10:48:31 +02:00
Ondrej Kozina
cd1c36ef94 Allow passphrase change for unbound keyslots. 
Also fixes small typo in API.

Fixes #409.
 2018-09-25 13:13:31 +02:00
Ondrej Kozina
ee689d88b4 Add blkid scan when attemting to open plain device. 
Warn user about existing device signatures on candidate ciphertext
device and prompt for action confirmation.

Fixes #411.
 2018-09-25 13:13:18 +02:00
Ondrej Kozina
b93b676336 Move blkid scan after device context initialization. 
Fixes bug with misleading error message when target device
does not exist.
 2018-09-25 08:55:24 +02:00
Ondrej Kozina
1c6d66fccc Emit error message for converting inactive keyslot. 
Fixes: #416.
 2018-09-25 08:53:48 +02:00
Ondrej Kozina
114356ad2e Properly load new device context after header restore. 2018-09-25 08:53:26 +02:00
Ondrej Kozina
7ab419701c Rename get_key_size_strlen() to int_log10(). 
because that's what the function does
 2018-09-25 08:52:29 +02:00
Ondrej Kozina
d41b1a7560 Unify checks for misaligned values. 2018-09-25 08:51:51 +02:00
Ondrej Kozina
622943529e Wipe LUKS header if luksFormat fails to add first keyslot. 2018-09-25 08:45:03 +02:00
Ondrej Kozina
9d7cc152f9 Do not enforce iv_tweak alignment in LUKS2 validation. 
1) iv_tweak is not in 'bytes'
2) it may be arbitrary number
3) there's no reason to enforce alignment to encryption sector size

Fixes #406.
 2018-09-25 08:44:31 +02:00
Milan Broz
3f73d448f3 Retry temporary device removal in align test. 2018-09-10 15:53:27 +02:00
Milan Broz
a1b606803f Fix HMAC vector test exit value. 2018-09-05 14:38:16 +02:00
Michal Virgovič
b2c7b40568 Add test vectors for HMAC - sha1, sha256, sha512. 2018-09-05 14:17:25 +02:00
Milan Broz
0cbe09d43a Rephrase LUKS info. 2018-09-03 15:16:31 +02:00
Milan Broz
f1d5b94762 Run API tests without verbose flag by default. 
And rename some tests.
 2018-08-10 12:36:15 +02:00
Ondrej Kozina
6fc2e7c774 Skip pbkdf benchmark in align-test (test speedup). 2018-08-10 08:20:00 +02:00
Ondrej Kozina
3b39c1d1ef Fix data alignment test in compat-test2. 
Alignment should not expected failure when --align-payload is not
aligned to encryption sector size.
 2018-08-10 08:19:49 +02:00
Ondrej Kozina
5a3e4abf71 Add basic LUKS2 align test. 2018-08-10 08:19:38 +02:00
Ondrej Kozina
48e9362186 Do not enforce encryption sector size alignment on data offset. 
crypt segment data offset has nothing to do with encryption sector
size. The device may hint alignment offset which is completely
unrelated and LUKS2 validation blocks it.
 2018-08-10 08:19:17 +02:00
Ondrej Kozina
03a74b74e5 Revert "Fix data alignment calculations with custom encryption sector size." 
This reverts commit 71dd149ca2.

Enforcing data alignment to be encryption sector size aligned
is completelly wrong. The underlying data device alignment
has nothing to do with dm-crypt internal encryption sector size.

The restriction is however valid for dm-crypt segment size.
 2018-08-10 08:19:02 +02:00
Ondrej Kozina
248f99cad3 Data alignment is always 512B sectors count. 2018-08-10 08:18:18 +02:00
Ondrej Kozina
d2f0773eb8 Remove useless division followed by multiplication by same base. 2018-08-10 08:16:27 +02:00
Ondrej Kozina
dd36d56d47 Fix miscalculation of device alignment offset. 
device_topology_alignment routine already returns alignment offset
in bytes. There's no need to divide it by sector size, since LUKS2
format have all offsets and sizes stored in bytes.
 2018-08-10 08:15:01 +02:00
Milan Broz
0270fc66a1 Fix align test. 
Seems that the forced alignment value was never properly used...
 2018-08-09 13:53:48 +02:00
Milan Broz
69a844c654 Remove O_SYNC from device open and use fsync(). 
This speed up wipe operation considerably.
 2018-08-09 12:01:20 +02:00
Ondrej Kozina
5b5a64361f Update blockwise-compat test. 
Issue warning in case of failure with file-systems based
tests.

Mute the test so that it prints out messages only for 'warning'
and 'fail' results.
 2018-08-08 21:48:10 +02:00
Milan Broz
26f6d1cb10 Create --master-key-file in luksDump and fail if file already exists. 
For some reason the volume key file have to exists.

Let's change the logic to the same as for luksBackupHeader
(a file is created and operation fails if it already exists).
 2018-08-08 14:32:15 +02:00
Ondrej Kozina
f87eb1668a Allow compat-test2 to run with larger LUKS2 header size. 2018-08-08 12:55:29 +02:00
Milan Broz
3114abfd55 Remove not needed -Z option from diff that is not present on older systems. 2018-08-08 10:43:03 +02:00
Ondrej Kozina
5a94cff91e Do not fail device-test with larger LUKS2 header. 2018-08-08 10:13:40 +02:00
Ondrej Kozina
d704e87ee4 No need to lock data device in crypt_format. 2018-08-08 08:54:42 +02:00
Ondrej Kozina
c8ce996872 Wipe data device in crypt_format with auth. encryption. 
crypt_wipe_device was called incorrectly on metadata device even
though integrity header is always on data device from cryptsetup
pov. During LUKS2 crypt_format with detached header scenario we
would wiped first 8 sectors of metadata device instead of data
device.
 2018-08-08 08:52:44 +02:00
Milan Broz
0e7b068061 Add sector-size & payload align test. 2018-08-08 08:45:26 +02:00
Ondrej Kozina
71dd149ca2 Fix data alignment calculations with custom encryption sector size. 2018-08-08 08:01:45 +02:00
Ondrej Kozina
b30ba41d6a Fix typo in blockwise-compat test. 2018-08-08 07:44:07 +02:00
Ondrej Kozina
a0bf790892 Fix FAST_PBKDF typos in LUKS2 reencrypt tests. 2018-08-08 07:43:56 +02:00