eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-11 02:40:01 +01:00
Code Issues Packages Projects Releases Wiki Activity
2,083 Commits 14 Branches 78 Tags
4bb1fff15d89036a5b2dedb4529fb12da8045cf8
Commit Graph

2083 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ondrej Kozina
4bb1fff15d Add new functions for kernel keyring handling. 2019-03-08 08:54:09 +01:00
Ondrej Kozina
37f5bda227 Add explicit key type name in keyring functions. 2019-03-08 08:53:33 +01:00
Ondrej Kozina
56b571fcaa Use const before vk in all digest verify functions. 2019-03-08 08:52:47 +01:00
Ondrej Kozina
46bf3c9e9c Add segment create helpers. 2019-03-08 08:44:51 +01:00
Ondrej Kozina
361fb22954 Remove helper get_first_data_offset completely. 2019-03-08 08:43:19 +01:00
Ondrej Kozina
203fe0f4bf Move get_first_data_offset to luks2_segment.c 2019-03-08 08:42:23 +01:00
Ondrej Kozina
36ac5fe735 Move LUKS2 segments handling in separate file. 2019-03-08 08:39:32 +01:00
Ondrej Kozina
7569519530 Allow unbound keyslots to be assigned to existing digest. 
If passed key matches any existing digest we will not create
new digest but assign the keyslot to already existing one.

Because reencryption should be able to create more than one
keyslot assigned to new key digest.

TODO: Tests for the new feature
 2019-03-08 08:37:27 +01:00
Ondrej Kozina
a848179286 Add json_object_copy wrapper. 2019-03-08 08:27:18 +01:00
Milan Broz
456ab38caa Allow to set CRYPTSETUP_PATH in tests for system installed cryptsetup tools. 
Run: make check CRYPTSETUP_PATH=/sbin
 2019-03-08 08:16:45 +01:00
Milan Broz
c71b5c0426 Update po files. 2019-03-08 08:15:57 +01:00
Ondrej Kozina
868cc52415 Abort conversion to LUKS1 with incompatible sector size. 2019-03-05 17:08:05 +01:00
Ondrej Kozina
8c168cc337 Introduce file for luks2 segments handling. 2019-03-05 17:08:02 +01:00
Ondrej Kozina
f9fa4cc099 Add kernel only detection in crypt storage API. 2019-03-05 17:07:57 +01:00
Ondrej Kozina
a0540cafb3 alter crypt_storage interface 
rename sector_start -> iv_start (it's now a iv shift for subsequent
en/decrypt operations)

rename count -> length. We accept length in bytes now and perform sanity
checks at the crypt_storage_init and crypt_storage_decrypt (or encrypt)
respectively.

rename sector -> offset. It's in bytes as well. Sanity checks inside
crypt_storage functions.
 2019-03-05 17:07:45 +01:00
Ondrej Kozina
88b3924132 Update LUKS2 locks for atomic operations. 
Atomic operation requires to hold a lock for longer period than
single metadata I/O. Update locks so that we can:

- lock a device more than once (lock ref counting)
- reaquire read lock on already held write lock (write lock
  is stronger than read lock)
 2019-03-05 17:07:31 +01:00
Ondrej Kozina
3023f26911 Always allocate new header file of 4KiB. 
All issues related to header wiping and smaller
files were resolved. It's no longer needed to allocate
files larger than 4KiB.
 2019-03-05 16:55:17 +01:00
Milan Broz
c9347d3d7d Fix a gcc warning when accessing packed struct member. 2019-03-05 16:50:24 +01:00
Ondrej Kozina
d85c7d06af Do not fail tests if benchmarked >= 1000 iterations with -i1. 2019-03-01 21:43:35 +01:00
Ondrej Kozina
e229f79741 Open device in locked mode if needed. 2019-03-01 21:43:31 +01:00
Ondrej Kozina
a4d236eebe Add device_is_locked function. 2019-03-01 21:43:25 +01:00
Milan Broz
1192fd27c6 Add query for cipher implementation is used through kernel API. 2019-03-01 21:43:10 +01:00
Milan Broz
cd1cb40033 Use crypto library for ciphers if algorithms are available. 2019-03-01 21:34:22 +01:00
Milan Broz
14e085f70e Move cipher performance check to crypto backend. 2019-03-01 21:16:05 +01:00
Milan Broz
fc37d81144 Move crypt_cipher to per-lib implementation. 
For now, it calls kernel fallback only.
 2019-03-01 21:14:13 +01:00
Milan Broz
a859455aad Move block ciphers backend wrappers to per-library files. 
For now it always fallbacks to kernel crypto API.
 2019-03-01 21:10:50 +01:00
Milan Broz
93d596ace2 Introduce internal backend header. 
And remove commented-out test vectors (moved to tests).
 2019-03-01 20:39:33 +01:00
Ondrej Kozina
c03e3fe88a Fix getting default LUKS2 keyslot encryption parameters. 
When information about original keyslot size is missing (no active
keyslot assigned to default segment) we have to fallback to
default luks2 encryption parameters even though we know default
segment cipher and mode.

Fixes: #442.
 2019-03-01 20:39:06 +01:00
Ondrej Kozina
a90a5c9244 Avoid double free corruption after failed crypt_init_data_device. 2019-03-01 20:31:00 +01:00
Ondrej Kozina
26772f8184 Return NULL explicitly if keyslot is missing. 
json_object_object_get_ex return parameter is
undefined if function returns false.
 2019-03-01 20:30:21 +01:00
Ondrej Kozina
8f8ad83861 Validate metadata before writting binary keyslot area. 2019-03-01 20:29:49 +01:00
Ondrej Kozina
d111b42cf1 Fix keyslot area gap find algorithm. 
get_max_offset must use value calculated from LUKS2 metadata
boundaries. Data offset didn't have to match end of LUKS2 metadata
area.
 2019-03-01 20:29:40 +01:00
Ondrej Kozina
821c965b45 Drop commented code block. 2019-03-01 20:28:56 +01:00
Ondrej Kozina
4acac9a294 Properly handle DM_LINEAR type while checking version or dmflags. 2019-03-01 20:28:43 +01:00
Ondrej Kozina
4adb06ae91 Add missing direction flag in dm_crypt_target_set. 
This bug may have caused memory corruption in dm_targets_free
later.
 2019-03-01 20:27:53 +01:00
Milan Broz
dce7a1e2aa Fix gcc warning in tests. 2019-02-24 12:35:54 +01:00
Milan Broz
a354b72546 Add some symmetric block ciphers vector tests for crypto backend. 2019-02-24 12:35:50 +01:00
Milan Broz
ac8f41404b Simplify and reformat hash/HMAC test vectors test. 2019-02-24 12:35:45 +01:00
Milan Broz
fc7b257bab Silence dmsetup removal messages. 2019-02-13 13:34:39 +01:00
Milan Broz
787066c292 Report error if no LUKS keyslots are available. 
Also fix LUKS1 keyslot function to proper return -ENOENT errno in this case.

This change means, that user can distinguish between bad passphrase and
no keyslot available. (But this information was avalilable with luksDump
even before the change.)
 2019-02-13 13:19:48 +01:00
Milan Broz
71ab6cb818 Fix other tests to not fail if keyring support is missing in kernel. 2019-02-12 16:16:56 +01:00
Milan Broz
1158ba453e Use better test for a bad loop descriptor. 2019-02-12 14:54:56 +01:00
Milan Broz
2e3f764272 Fix api-test-2 to properly detect missing keyring in kernel. 
Also properly cleanup after some failures.
 2019-02-12 14:49:21 +01:00
Milan Broz
2172f1d2cd Print PBKDF debug log in a better format. 
Fixes #439.
 2019-02-11 12:37:33 +01:00
Milan Broz
6efc1eae9f Update Readme.md. 2019-02-08 15:37:17 +01:00
Milan Broz
6a740033de Add 2.1. release notes. v2.1.0 2019-02-08 15:08:04 +01:00
Ondrej Kozina
d754598143 Preserve LUKS2 mdata & keyslots sizes after reencryption. 2019-02-08 12:00:24 +01:00
Ondrej Kozina
47f632263e Add missing crypt_free() in api test. 2019-02-08 11:56:52 +01:00
Milan Broz
98af0b0c77 Increase API version. 2019-02-07 18:42:17 +01:00
Ondrej Kozina
b9c6a62437 Do not call fallocate on image file that is already large enough. 2019-02-07 18:41:06 +01:00