eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-05 16:00:05 +01:00
Code Issues Packages Projects Releases Wiki Activity
4,440 Commits 14 Branches 78 Tags
548de244c5c9fdb556f68198a58580c085a0b84a
Commit Graph

661 Commits

Author SHA1 Message Date
Ondrej Kozina
96d83455ca Add API for activating device by specific token type. 2021-03-19 15:26:35 +01:00
Ondrej Kozina
5d0a11a21b Add pin size parameter in crypt_active_by_pin_token. 
Well, after all it really should have supported binary data
of arbitrary length.
 2021-03-18 18:06:13 +01:00
Ondrej Kozina
8e8ecd50de Fix luksResume when called on non-LUKS device. 2021-02-24 16:06:19 +01:00
Ondrej Kozina
6a8bade7e6 Allow LUKS resume for device with cipher_null. 2021-02-24 15:57:11 +01:00
Ondrej Kozina
3367b78958 Unify crypt_resume_by internal code. 2021-02-24 15:57:11 +01:00
Ondrej Kozina
28603e4de7 Do not upload VK in keyring when data cipher is null. 2021-02-24 15:57:11 +01:00
Ondrej Kozina
d8cf203d46 Remove redundant check. 
It can't be non-LUKS2 device at this branching.
 2021-02-24 15:57:11 +01:00
Milan Broz
6dd347ddb4 Rewrite reload code to avoid two goto labels. 2021-02-17 10:03:18 +01:00
Milan Broz
639ffa36a5 Rename goto err to out, it is not error path only. 
Also try to use the same "goto out" pattern everywhere.
 2021-02-17 10:03:18 +01:00
Milan Broz
05f9297141 Avoid goto patern in crypt_init. 
Also device_free is not needed, it never allocates anything in error path.
 2021-02-17 10:03:18 +01:00
Ondrej Kozina
ed2117c724 Fix device comparison for dm-crypt with cipher_null. 
Do not compare volume keys if segment uses cipher_null.
The key is ignored by lower layer (internal libdevmapper)
anyway.
 2021-02-16 18:08:35 +01:00
Ondrej Kozina
bc7511762f Do not upload vk in keyring for cipher_null segment. 
It does not make sense to upload volume keys in
kernel keyring if segment cipher is cipher_null.
The real volume_key is thrown away and replaced
with empty key anyway.
 2021-02-16 18:08:35 +01:00
Ondrej Kozina
7d912c7d3e Make crypt_keyslot_set_encryption a bit more robust. 
Nitpicking(tm) but let's not free old cipher spec unless
we have valid new one.
 2021-02-16 18:08:34 +01:00
Milan Broz
12cc7ea745 Simplify include directories. 
To avoid confusion, use just one lib include and specify sub-directories
for format inclusions.
This should also help some analysis tools to find proper includes.
 2021-02-11 13:14:58 +01:00
Milan Broz
4471452105 Remove some stale FIXME markings. 2021-02-11 11:12:11 +00:00
Milan Broz
d703301fe8 Mark or remove unused parameters. 
Mark unused parameters with proper attribute where it is a part
of API or some internal logic.

And remove other unused parameters completely.
 2021-02-11 11:12:11 +00:00
Milan Broz
12ff94c02f Rename verion function to avoid conflict with crypto backend. 2021-02-11 11:12:11 +00:00
Milan Broz
37cc06444d Add crypt_dump_json() API call. 
Add API call that can directly print JSON metadata area from LUKS2 device.

For commandline it also adds --dump-json-metadata option for luksDump action.

Note that the binary metadata (UUID, version etc) is not part of this output.
(We reserve flags parameter to be able to add this later.)

Fixes: #511
 2021-02-01 14:38:29 +01:00
Milan Broz
2d10545e70 Check if there is a free space in keyslot area early (LUKS2). 
The code expects that change key is done in-place if there is not
a free space in keyslot area for safe key swap.

This patch makes the code behaves the same as in LUKS1,
luksChangeKey now works the same.
 2021-02-01 11:57:35 +00:00
Milan Broz
04b781d613 Retain keyslot number in luksChangeKey for LUKS2. 
With JSON, we can actually retain the slot number in all cases
(except user intentionally set new slot #).

This patch changes the crypt_keyslot_change_by_passphrase() API
call to retain keyslot number for LUKS2.

Fixes: #464
 2021-02-01 11:57:35 +00:00
Ondrej Kozina
fa84d60586 Fix crypt_keyslot_change_by_passphrase tokens bug. 
crypt_keyslot_change_by_passphrase broke token references
to keyslots while existing keyslot id was different from
new keyslot id.
 2021-01-29 18:17:53 +01:00
Milan Broz
d1d9dd8e20 Update Copyright year. 2021-01-25 22:00:25 +01:00
Luca Boccassi
24d349f491 verity: improve crypt_activate_by_signed_key debug log 
Check if a signature is actually available before logging that the
volume is being activated with a signed key.
 2021-01-25 14:28:02 +00:00
Milan Broz
0c29321407 Introduce crypt_header_is_detached API call. 
crypt_header_is_detached checks if initialized LUKS context uses detached header
(LUKS header located on a different device than data.)

This is a runtime attribute, it does not say if a LUKS device requires detached header.
 2020-12-29 23:23:32 +01:00
Milan Broz
ba92a5e865 Remove redundant LUKS type condition. 2020-12-28 18:02:10 +01:00
Milan Broz
8a12f6dc2c Add crypt_token_max() API to query max token id for LUKS2. 
Fixes #615.
 2020-12-28 17:57:24 +01:00
Vojtech Trefny
652081426b bitlk: Add support for activating BITLK devices using volume key 
Both with "crypt_activate_by_volume_key" and using cli with
--master-key option.
 2020-11-12 12:16:32 +01:00
Vojtech Trefny
406d2d8b0a bitlk: Allow dumping BitLocker master key (FVEK) using --dump-master-key 2020-11-12 12:16:32 +01:00
Ondrej Kozina
14c7148edd Enable user stored params with default log callback. 2020-10-18 13:06:20 +02:00
Milan Broz
42f4dcef88 Introduce crypt_logf and remove logger wrapper. 
Export (alredy existing) log function with variable parameter count.
 2020-10-18 13:03:44 +02:00
Luca Boccassi
3062a9ba91 libcrypsetup: add CRYPT_DEACTIVATE_DEFERRED_CANCEL for crypt_deactivate_by_name 
Allows to cancel a previously set deferred deactivation flag
for a specific device.

[mbroz: slight changes]
 2020-09-26 13:03:16 +02:00
Milan Broz
6ed739d9ca Print a visible error if requesting resize on unsupported format. 
Fixes: #571.
 2020-09-19 22:05:42 +02:00
Milan Broz
5d07b0730c Allow to use backup header for tcrypt format. 
TrueCrypt/VeraCrypt supports backup header, it seems to have
the same format as normal header.

Let's use --header option here, it can be used to unlock data partition
with header backup (open and dump commands).

Fixes: #587.
 2020-09-19 21:42:08 +02:00
Milan Broz
2ce8573f04 Add PIN processing to tokens. 2020-08-15 10:10:40 +02:00
Milan Broz
31ebf3dc2c libdevmapper: always return EEXIST if a task fails because the device already exists 
Allows concurrent opens to return a usable error instead of EINVAL
 2020-08-12 16:50:57 +01:00
Ondrej Kozina
c867f2e8a0 Unload all external tokens on exit. 2020-08-11 17:36:30 +02:00
Milan Broz
7d475266b6 Simplify internal tokens handling. 2020-08-09 13:17:40 +02:00
Milan Broz
4451df15b4 Rename luks2_reenc_context to luks2_reecrypt. 2020-07-07 14:20:39 +02:00
Milan Broz
f50062517e Rename crypt_get/set reenc_context to luks2_reencrypt. 2020-07-07 14:20:39 +02:00
Milan Broz
967e3de552 Rename LUKS2_reenc_status to LUKS2_reencrypt_status. 2020-07-07 14:20:39 +02:00
Milan Broz
d95472e757 Rename LUKS2_reencrypt_status to LUKS2_reencrypt_get_params to avoid confusion. 2020-07-07 14:20:39 +02:00
Milan Broz
3e0e5bac2a Use LUKS2_reencrypt prefix for function defined in luks2.h. 
This should clean up prefixes a little bit.
 2020-07-07 14:20:39 +02:00
Milan Broz
281dd51f5a Remove json_object argument from area size checks. 
These functions are internal to LUKS2 implementation.
 2020-07-07 14:20:39 +02:00
Ondrej Kozina
d177af8842 Do not create excessively large headers. 
When creating LUKS2 header with specified --offset much larger
then LUKS2 header size we needlessly also wipe (allocate up to
--offset) much larger file than needed.
 2020-07-07 14:20:19 +02:00
Ondrej Kozina
1e94425279 Remove unused parameter from crypto_backend_init. 2020-03-20 11:32:57 +01:00
Milan Broz
0cf5e309a0 Print warning if running without O_CLOEXEC. 2020-02-21 10:23:07 +01:00
Milan Broz
b5fbd682f2 Move fcntl.h to internal defines and check for O_CLOEXEC. 2020-02-21 10:10:11 +01:00
Vojtěch Trefný
61f5dcb11e Return correct data offset for BITLK in crypt_get_data_offset 
First part of the encrypted data will be always directly after
the header.

Fixes: #518
 2020-01-17 14:02:12 +01:00
Milan Broz
165e6c234c Fix some error and debug messages. 
Use BITLK as format name.

Avoid using doesn't -> does not.
 2020-01-11 22:10:59 +01:00
Milan Broz
1be631f43f Add status flag for verity device with signature. 
This patch adds CRYPT_VERITY_ROOT_HASH_SIGNATURE flag to verity info.

Veritysetup status now display "with signature" if an active
device was activated with root hash signature.
 2020-01-11 19:57:39 +01:00