eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-12 11:20:10 +01:00
Code Issues Packages Projects Releases Wiki Activity
2,665 Commits 16 Branches 78 Tags
52f5cb8cedf22fb3e14c744814ec8af7614146c7
Commit Graph

80 Commits

Author SHA1 Message Date
Ingo Franzki
1bce69cfde Support online reencryption for PAES cipher. 
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>

(With few adjustments by Ondrej Kozina)
 2020-08-20 18:16:48 +02:00
Ondrej Kozina
367cb7a761 Fix API mistake in crypt_reencrypt. 
Introducing new version of crypt_reencrypt symbol including
previously missing usrptr parameter. This change should be
backward compatible for existing libcryptsetup users
until next recompilation where it needs to be fixed.
 2020-08-09 13:16:57 +02:00
Milan Broz
1633f030e8 Rename reenc_keyslot_update to reencrypt_keyslot_update. 2020-07-07 14:20:39 +02:00
Milan Broz
4451df15b4 Rename luks2_reenc_context to luks2_reecrypt. 2020-07-07 14:20:39 +02:00
Milan Broz
f50062517e Rename crypt_get/set reenc_context to luks2_reencrypt. 2020-07-07 14:20:39 +02:00
Milan Broz
967e3de552 Rename LUKS2_reenc_status to LUKS2_reencrypt_status. 2020-07-07 14:20:39 +02:00
Milan Broz
d95472e757 Rename LUKS2_reencrypt_status to LUKS2_reencrypt_get_params to avoid confusion. 2020-07-07 14:20:39 +02:00
Milan Broz
3e0e5bac2a Use LUKS2_reencrypt prefix for function defined in luks2.h. 
This should clean up prefixes a little bit.
 2020-07-07 14:20:39 +02:00
Milan Broz
1c7c815108 Move LUKS2 internal functions to internal header. 
This is the first step to remove json_object from internal API.
 2020-07-07 14:20:39 +02:00
Ondrej Kozina
e6a3569743 Avoid name clash with newer json-c library. 
This is partial revert of previous commit and also
fixes wrong decision to name our internal helpers with
json_object prefix.
 2020-04-14 17:24:57 +02:00
Milan Broz
080566a1fd Update copyright year. 2020-01-03 13:04:55 +01:00
Ondrej Kozina
faafe09bd0 Use crypt_volume_key_next where appropriate. 2019-12-31 17:37:33 +01:00
Ondrej Kozina
83934bdcf3 Clarify LUKS2 error message related to reencryption. 
Original messages could evoke reencryption is currently
in progress. That was inaccurate because code only
detected flag marking such device is in transition state
from metadata pov. We should not imply anything about
running processes. That's detected via reencryption locks.
 2019-11-28 16:38:53 +01:00
Ondrej Kozina
7eb47f3db1 Split reencryption locking in two variants. 2019-11-28 16:38:52 +01:00
Milan Broz
b03cb3f3d8 Export memory safe functions. 
Make crypt_safe_alloc/realloc/free and memzero part of API.
 2019-11-16 21:28:54 +01:00
Ondrej Kozina
21edd66892 Allow LUKS2 reencryption to run on systems w/o kernel keyring service. 2019-10-07 14:08:41 +02:00
Ondrej Kozina
c4c4f9d159 Mark active device for deferred remove after decryption gets finished. 2019-10-04 12:20:34 +02:00
Ondrej Kozina
67a5ec1567 Abort reencryption initialization sooner on error. 2019-10-04 12:20:29 +02:00
Ondrej Kozina
c646832bfe Add hard and soft memory limit to reencrypt hotzone size. 
Currently hard memory limit is 1 GiB. Soft limit is
1/4 of system memory.

Note that --hotzone-size cryptsetup parameter can only further
lower hard and soft memory limit on hotzone size and not bypass
it.
 2019-10-04 12:20:22 +02:00
Ondrej Kozina
539d4756f2 Do not flush and freeze fs while swapping in/out overlay device. 2019-10-04 12:20:16 +02:00
Ondrej Kozina
8714e115ad Remove unused parameter from reencrypt_swap_backing_device. 
It always loads dm-linear mapping in original device that maps 1:1
to helper overlay device (holding original table).
 2019-10-04 12:20:12 +02:00
Ondrej Kozina
9c38e09ad3 Retain activation flags during and after online reencryption. 2019-10-04 12:20:06 +02:00
Ondrej Kozina
5628d7d8b5 Drop duplicite flag in LUKS2 device reload after reencryption. 
Reload operation implicictly requires shared flag anyway and it's
added later.
 2019-10-04 12:19:39 +02:00
Yuri Chornoivan
f26a9abddb Fix minor typos 2019-09-02 09:20:47 +00:00
Ondrej Kozina
d13a6f7487 Take optimal io size in account with LUKS2 reencryption. 
If device properly exposes optimal io size, let's align
reencryption hotzone to it. Otherwise device-mapper driver
complaints about misaligned tables and reencryption performance
is not optimal.
 2019-08-30 09:39:35 +02:00
Ondrej Kozina
ea1dbfe961 Fix minimal size check for device in LUKS2 reencryption. 
Commit 4c73da31 exposed another bug in minimal device size check.
During reencryption initialization wrong data offset value was used
and adjusted as if device was already undergoing reencryption. The
bug fixed by commit 4c73da31 hid this bug.

This is hotfix only and following functions needs more review:

- LUKS2_reencrypt_data_offset
- LUKS2_get_data_offset
- luks2_check_device_size
- LUKS2_get_data_size
 2019-08-13 20:34:14 +02:00
Milan Broz
4c73da31ba Fix bugs found by Coverity. 2019-08-13 12:20:18 +02:00
Ondrej Kozina
a23e1cf729 LUKS2 code cleanup. 
- drop unused code
- drop unused function declarations
- remove local routines from internal api
 2019-08-05 18:29:37 +02:00
Ondrej Kozina
91879960e6 Move most of crypt_reencrypt_status to reencryption file. 2019-08-05 18:29:37 +02:00
Ondrej Kozina
cbb3ca01f4 Reencryption code cleanup. 
- Remove all 'LUKS2_' name prefixes from internal routines
- Make all internal routines prefixed with 'reencrypt_' instead
- Drop few static routines by refactoring
- Rename all variables and routines containing 'pre' prefix to
  contain 'hot' prefix instead (when referring to segments
  undergoing reencryption)
- Rename all variables and routines containing 'after' prefix to
  contain 'post' prefix instead
- Rename all routines prefixed with '_' to 'reencrypt_' instead
 2019-08-05 18:29:35 +02:00
Ondrej Kozina
9845d6fd40 Shorten reencryption parameters debug message. 2019-08-05 18:28:15 +02:00
Ondrej Kozina
e5a59d6925 Remove json debug reencryption metadata fragments. 2019-08-05 18:28:15 +02:00
Ondrej Kozina
b3af88708d Change reencryption mode parameter type to enum. 2019-08-01 15:40:53 +02:00
Ondrej Kozina
97ea39404a Allow reencryption to parse names prefixed with /dev. 2019-08-01 10:43:57 +02:00
Ondrej Kozina
3bea349f9e Optionaly check device table before reencryption initialization. 2019-08-01 10:43:57 +02:00
Ondrej Kozina
98e0c8d609 Extend device table check in-before reencryption. 2019-08-01 10:43:57 +02:00
Ondrej Kozina
0886bc7afd Check for error sooner while assigning reencryption segments. 
Also wraps function parameters definition.
 2019-07-31 14:58:55 +02:00
Ondrej Kozina
e16319a290 Fail encryption initialization when data device too small. 2019-07-26 16:09:38 +02:00
Ondrej Kozina
c033643f07 Fix corner case bug in encryption with data shift. 
If we initialized encryption with data shift and only single
segment the resulting metadata were missing
CRYPT_REENCRYPT_MOVE_FIRST_SEGMENT flag and also segments json section was
invalid.
 2019-07-26 16:06:03 +02:00
Ondrej Kozina
607e2248c8 Simplify LUKS2_reencrypt_direction function. 2019-07-26 16:06:03 +02:00
Ondrej Kozina
1b82e70fc1 Fix bug in minimal device size calculation for reencryption. 2019-07-26 16:06:03 +02:00
Ondrej Kozina
35068c2e6e Fix broken segments calculation for backward data shift reencryption. 2019-07-26 16:06:03 +02:00
Ondrej Kozina
7460d1a446 Fix backward reencryption with data shift. 
The device has to be shrunk the data shift size during activation.
Otherwise the online reencryption would fail with incorrect device
size.
 2019-07-26 16:04:27 +02:00
Ondrej Kozina
c851205f83 Fix bug in reencryption digest to segment assignement. 2019-07-23 17:28:26 +02:00
Ondrej Kozina
dd0e073159 Fill direction field in crypt_reencrypt_status. 2019-07-23 17:28:26 +02:00
Ondrej Kozina
3f85da0098 Fix datashift calculation in reencryption initialization. 2019-07-23 17:28:25 +02:00
Ondrej Kozina
dad28f3dfe Move exclusive open for offline reencryption in initialization. 2019-07-23 17:28:25 +02:00
Ondrej Kozina
e8e1da3fb5 Do not callback progress twice in reencryption loop. 2019-07-23 17:28:25 +02:00
Ondrej Kozina
330f9daade Pass max_hotzone_size inside reencryption parameters in sectors. 2019-07-12 15:37:18 +02:00
Ondrej Kozina
4a232bc868 Pass device size inside reencryption parameters in sectors. 
it was mistake in reencryption API. All other device sizes
related to device mapper devices are always in 512b setctors.
 2019-07-12 15:37:18 +02:00