eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-16 05:10:03 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,167 Commits 13 Branches 79 Tags
4d3a501b83cdf19a41fe8f37ddcf2fb21a54c49a
Commit Graph

56 Commits

Author SHA1 Message Date
Milan Broz
e34938f21d Allow special "-" (standard input) keyfile hangdling even for TCRYPT devices. 
Fail if there are more keyfiles specified for non-TCRYPT device.

Fixes issue#269.
 2016-01-01 19:15:06 +01:00
Milan Broz
34ddae154e Fix luksKillSlot to not suppress provided password in batch mode. 
Batch mode should enable no-query keyslot wipe but only if user
did not provided password or keyfile explicitely.

Fixes issue #265.

Signed-off-by: Milan Broz <gmazyland@gmail.com>
 2015-11-22 12:50:34 +01:00
Milan Broz
4384e50578 Decrease iteration time for compat tests. 2015-10-29 12:44:15 +01:00
Milan Broz
5a8b045bdd Properly support stdin "-" handling for luksAddKey. 2015-08-26 12:41:20 +02:00
Milan Broz
1aba9ab444 Cryptsetup resize will try resize also underlying device. 
If encrypted device is file-backed, resize should try to resize
underlying loop device as well.
 2015-08-19 14:16:42 +02:00
Milan Broz
8157e47ad4 Support keyfile for luksAddKey if the master key is specified. 
If AddKey was called with master key argument, the code always asked
for a passphrase ignoring the keyfile argument.

Now it is properly processed as the same as if no master key is specified.
 2015-01-26 14:42:46 +01:00
Milan Broz
62b0138dad Allow to use --header option in all LUKS commands. 
The --header always takes precedence over positional device argument.

Also allow specify UUID= for luksSuspend and luksResume if used with
detached header.
 2015-01-26 13:31:37 +01:00
Milan Broz
0614ab6b07 Allow simple status of crypt device without providing metadata header. 
If device is activated, we can provide some information from
active kernel parameters instead of header.
 2014-06-14 17:42:57 +02:00
Milan Broz
cf534f3759 Implement erase command. 2014-02-05 17:17:12 +01:00
Ondrej Kozina
a21c0503f8 make FIPS checks compliant with new guidance 
(gmazyland: Simplified this NIST nonsense, should be still exactly
equivalent to former patch)
 2013-11-10 18:10:39 +01:00
Milan Broz
ae9c9cf369 Disallow explicit small payload offset for detached header. 
LUKS detached header has some limitations, one of them
is that you cannot run some explicit check for data offsets
without providing also data device.

Because luksDump and all key handle commands takes only
metadata device (LUKS heaer device), it not easy to properly
support data payload offset validation.

So if detached header is present for luksFormat, code now
allows data payload 0 (IOW whole data device is used)
and explicit offset larger than header+keyslots
(the same as the header is on data device - so some space is wasted).

N.B. with detached header the option --align-payload is used
directly without any round up caculations.

Fixes Issue#155.
 2013-05-11 10:59:02 +02:00
Milan Broz
fdcabdfd28 Support test run in kernel FIPS mode. 2013-01-15 14:53:19 +01:00
Milan Broz
20149281a4 Fix tests to work with pwquality compiled in. 2013-01-10 15:34:11 +01:00
Milan Broz
36eb33bc86 Skip test for kernel wihtout autoclear flag. 2013-01-08 18:44:02 +01:00
Milan Broz
9ae7b7d1be Fix regression in header backup (1.5.1). 
Access to backup file must handle write to regular files too.
 2012-12-19 13:19:05 +01:00
Milan Broz
29e4414c35 Fix luksHeaderBackup for v1.0 (very old) headers and add some basic test. 2012-08-30 15:39:30 +02:00
Milan Broz
527c0fe4f9 Rename without_activation to test_passphrase. 2012-06-19 17:37:31 +02:00
Milan Broz
a38fcafcff Add --without-activation option for luksOpen (check passphrase only). 2012-06-19 15:36:19 +02:00
Milan Broz
f720affe8c Relax --shared test, allow mapping even for overlapping segments. 
Support shared flag for LUKS devices (dangerous).
 2012-05-02 00:58:54 +02:00
Milan Broz
bd047d03ef Add repair command and API for repairing known LUKS header problems. 2012-04-02 21:18:22 +02:00
Milan Broz
9511c91a79 Add --keyfile-offset and --new-keyfile-offset to cryptsetup. 
Add resume_by_keyfile_offset, add_kesylot_by_keyfile_offset and
activate_by_keyfile_offset to API.

Thanks to Matthew Monaco <matthew.monaco@0x01b.net>
 2012-03-29 18:35:07 +02:00
Milan Broz
80290266e6 Simplify valgrind check (let's add more configs later if needed). 2012-03-20 16:25:09 +01:00
Milan Broz
dc7f97ea5e Force uevent for UUID check, not all udev installations do this automatically. 2012-03-20 15:58:59 +01:00
Milan Broz
9341679b31 Support UUID=<LUKS_UUID> format for device specification. 2012-03-20 13:36:36 +01:00
Milan Broz
075fb8d261 Unify password verification option. 
Support password verification with quiet flag if possible. (1.2.0)
 2012-03-16 16:17:03 +01:00
Milan Broz
18c4896310 Also test volume key mismatch for luksOpen. 2012-02-11 11:40:17 +01:00
Milan Broz
d542045645 Add support for --master-key-file to luksOpen. 2012-02-11 11:24:58 +01:00
Milan Broz
a5aa30be33 Fix use of empty keyfile (Issue 120). 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@702 36d66b0a-2a48-0410-832c-cd162a569da5
 2012-01-12 22:13:23 +00:00
Milan Broz
203f2e082d Fix error message for luksClose and detached LUKS header. 
Allow --header for status command to get full info with detached header.

git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@689 36d66b0a-2a48-0410-832c-cd162a569da5
 2011-11-13 22:12:51 +00:00
Milan Broz
cc3b39980b Fix luksKillSLot exit code if slot is inactive or invalid. (Issue 108) 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@624 36d66b0a-2a48-0410-832c-cd162a569da5
 2011-10-09 13:46:03 +00:00
Milan Broz
1a8bae8884 Add keyslot option for luksOpen (thanks to okozina). 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@611 36d66b0a-2a48-0410-832c-cd162a569da5
 2011-09-22 20:26:37 +00:00
Milan Broz
963ee0e6ee Add some valgrind checks (thanks to okozina). 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@609 36d66b0a-2a48-0410-832c-cd162a569da5
 2011-09-21 22:42:03 +00:00
Milan Broz
c30fe505c5 Add check of decrypted image to test. 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@581 36d66b0a-2a48-0410-832c-cd162a569da5
 2011-07-25 21:49:14 +00:00
Milan Broz
e5244bc47c Fix new tests to use sha1 (ripemd160 not supported in some backends). 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@579 36d66b0a-2a48-0410-832c-cd162a569da5
 2011-07-25 15:24:16 +00:00
Milan Broz
1bf26b9a90 * Revert default initialisation of volume key in crypt_init_by_name(). 
* Do not allow key retrieval while suspended (key could be wiped).
* Do not allow suspend for non-LUKS devices.
* Support retries and timeout parameters for luksSuspend.

Add luksSuspend/Resume test.

git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@574 36d66b0a-2a48-0410-832c-cd162a569da5
 2011-07-19 13:55:34 +00:00
Milan Broz
d44d07c9eb * Add --shared option for creating non-overlapping crypt segments. 
* Add shared flag to libcryptsetup api.
* Fix plain crypt format parameters to include size option (API change).

git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@559 36d66b0a-2a48-0410-832c-cd162a569da5
 2011-07-01 16:38:58 +00:00
Milan Broz
a5757c35f0 Fix return code for status command when device doesn't exists. 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@550 36d66b0a-2a48-0410-832c-cd162a569da5
 2011-06-13 16:44:42 +00:00
Milan Broz
afd526a8c4 Fix size argument for create command. (regression in 1.2.0) 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@518 36d66b0a-2a48-0410-832c-cd162a569da5
 2011-05-03 13:13:16 +00:00
Milan Broz
93da52f883 Rewrite key input handling, add limits. 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@474 36d66b0a-2a48-0410-832c-cd162a569da5
 2011-03-19 00:17:10 +00:00
Milan Broz
e1cc40df7e Add luksChangeKey command. 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@450 36d66b0a-2a48-0410-832c-cd162a569da5
 2011-03-13 18:06:15 +00:00
Milan Broz
005855ce90 Allow tests to work with different default cipher/mode. 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@441 36d66b0a-2a48-0410-832c-cd162a569da5
 2011-03-10 22:12:03 +00:00
Milan Broz
6083652089 Avoid using "-" in tests, some old systems has bug in getopt. 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@440 36d66b0a-2a48-0410-832c-cd162a569da5
 2011-03-10 21:16:51 +00:00
Milan Broz
eb29f40384 Allocate free loop devices instead of using hardcoded. 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@438 36d66b0a-2a48-0410-832c-cd162a569da5
 2011-03-10 20:18:40 +00:00
Milan Broz
e0dab9e99f Fix luksAddKey return code if master key is used. 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@421 36d66b0a-2a48-0410-832c-cd162a569da5
 2011-01-31 23:10:32 +00:00
Milan Broz
0a905364fa Fix mapping removal if device disappeared but node still exists. 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@420 36d66b0a-2a48-0410-832c-cd162a569da5
 2011-01-29 15:55:27 +00:00
Milan Broz
e2fbcea56a Fix tests to work with all crypto backends. 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@409 36d66b0a-2a48-0410-832c-cd162a569da5
 2010-12-31 14:33:53 +00:00
Milan Broz
68c2ac1087 Fix create command to properly handle keyfile size. 
- for keyfile reset hash, it make no sense (see man page)
- use activate_by_keyfile to make code more readable
(it still does the stem thing)

- if keyfile specified, read only key and do not do exhausted
read (regression from 1.1.3)

git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@399 36d66b0a-2a48-0410-832c-cd162a569da5
 2010-12-09 17:58:50 +00:00
Milan Broz
b861d1e7f4 Add --dump-master-key option for luksDump to allow volume key dump. 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@364 36d66b0a-2a48-0410-832c-cd162a569da5
 2010-11-14 10:43:28 +00:00
Milan Broz
b7caa72acd * Disallow mapping of device which is already in use (mapped or mounted). 
* Disallow luksFormat on device in use.

git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@361 36d66b0a-2a48-0410-832c-cd162a569da5
 2010-11-05 17:53:33 +00:00
Milan Broz
c9881f8c33 * Add crypt_get_type(), crypt_resize(), crypt_keyslot_max() 
and crypt_get_active_device() to API.
* Rewrite all implementations in cryptsetup to new API.
* Fix luksRemoveKey to behave as documented (do not ask
for remaining keyslot passphrase).
* Add more regression tests for commands.

git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@360 36d66b0a-2a48-0410-832c-cd162a569da5
 2010-11-05 11:27:47 +00:00