eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2026-01-07 16:05:28 +01:00
Code Issues Packages Projects Releases Wiki Activity
2,280 Commits 13 Branches 81 Tags
5b5f76002e2a96bbd22d67fc55d96bc2ce3d888d
Commit Graph

1120 Commits

Author SHA1 Message Date
Milan Broz
fc03f1a1e6 Fix TCRYPT KDF failyure in FIPS mode. 
SOme crypto backends now supports plain hash, but not PBKDF2 with
the same hash in FIPS mode.

Let's continue scanning other KDF if this error happens.
 2019-07-31 10:25:54 +02:00
Milan Broz
1d59ae9aa9 Remove FIPS mode restriction for crypt_volume_key_get. 
It is an application responsibility to use this API in the proper
context.
 2019-07-30 14:12:50 +02:00
Milan Broz
fe4e1de566 Mention limitiation of crypt_get_volume_key_size(). 2019-07-29 14:32:13 +02:00
Ondrej Kozina
17c9d35449 Update reencryption flags description. 2019-07-26 16:09:38 +02:00
Ondrej Kozina
0e994265c6 Report data segment is moved in crypt_reencrypt_status. 2019-07-26 16:09:38 +02:00
Ondrej Kozina
e16319a290 Fail encryption initialization when data device too small. 2019-07-26 16:09:38 +02:00
Ondrej Kozina
c033643f07 Fix corner case bug in encryption with data shift. 
If we initialized encryption with data shift and only single
segment the resulting metadata were missing
CRYPT_REENCRYPT_MOVE_FIRST_SEGMENT flag and also segments json section was
invalid.
 2019-07-26 16:06:03 +02:00
Ondrej Kozina
607e2248c8 Simplify LUKS2_reencrypt_direction function. 2019-07-26 16:06:03 +02:00
Ondrej Kozina
a1111c7aa0 Tighten reencryption direction field validation. 2019-07-26 16:06:03 +02:00
Ondrej Kozina
1b82e70fc1 Fix bug in minimal device size calculation for reencryption. 2019-07-26 16:06:03 +02:00
Ondrej Kozina
35068c2e6e Fix broken segments calculation for backward data shift reencryption. 2019-07-26 16:06:03 +02:00
Ondrej Kozina
212703edf8 crypt_get_data_offset() must always return new offset value. 2019-07-26 16:06:03 +02:00
Ondrej Kozina
7460d1a446 Fix backward reencryption with data shift. 
The device has to be shrunk the data shift size during activation.
Otherwise the online reencryption would fail with incorrect device
size.
 2019-07-26 16:04:27 +02:00
Ondrej Kozina
c851205f83 Fix bug in reencryption digest to segment assignement. 2019-07-23 17:28:26 +02:00
Ondrej Kozina
dd0e073159 Fill direction field in crypt_reencrypt_status. 2019-07-23 17:28:26 +02:00
Ondrej Kozina
193b477086 Report reencryption data shift value in sectors. 2019-07-23 17:28:26 +02:00
Ondrej Kozina
3f85da0098 Fix datashift calculation in reencryption initialization. 2019-07-23 17:28:25 +02:00
Ondrej Kozina
dad28f3dfe Move exclusive open for offline reencryption in initialization. 2019-07-23 17:28:25 +02:00
Ondrej Kozina
e8e1da3fb5 Do not callback progress twice in reencryption loop. 2019-07-23 17:28:25 +02:00
Ondrej Kozina
330f9daade Pass max_hotzone_size inside reencryption parameters in sectors. 2019-07-12 15:37:18 +02:00
Ondrej Kozina
4a232bc868 Pass device size inside reencryption parameters in sectors. 
it was mistake in reencryption API. All other device sizes
related to device mapper devices are always in 512b setctors.
 2019-07-12 15:37:18 +02:00
Ondrej Kozina
61dff96474 Reencryption keyslot must report as unbound. 2019-07-12 15:37:18 +02:00
Ondrej Kozina
bda28bbf38 Fix bug in crypt_keyslot_add_by_key. 2019-07-12 15:37:18 +02:00
Ondrej Kozina
f4da3c7f1b Add warning when changing explicitly requested LUKS2 metadata size. 2019-07-12 15:37:18 +02:00
Ondrej Kozina
81dbc9c070 Reduce implicit keyslots size when header device is too small. 
Unless user explicitly asks for keyslots areas size
(either via --luks2-keyslots-size or --offset) reduce keyslots
size so that it fits in metadata device.
 2019-07-12 15:37:08 +02:00
Ondrej Kozina
431bc87f85 Add LUKS2 error message hint when device too small. 
If we format LUKS2 device with parameters unsuitable
for current metadata device size we usually fail during header areas
wipe. It was not clear what the reason actually was.
 2019-07-12 15:12:46 +02:00
Ondrej Kozina
e3e6e75d40 Improvements to LUKS2 reencryption error messages. 
- make error messages propagated to users more comprehensible
- drop some error messages completely
- replace many error messages with debug logs only

Fixes #458.
 2019-07-01 10:18:55 +02:00
Ondrej Kozina
6425e1c52f Fix data device lookup among dm dependecies in crypt_init_by_name. 
Also remove overlooked temporary debug message.
 2019-07-01 10:18:49 +02:00
Yuri Chornoivan
4143d9871e Fix minor typos 2019-06-28 12:02:39 +00:00
Ondrej Kozina
d4682b3b38 Cleanup translated messages id. 
- minimize count of almost identical message ids
- unify style for some messages
- remove some useless messages
 2019-06-27 10:23:42 +02:00
Ondrej Kozina
2f4a50064f Add direction hint in reencryption hotzone device name. 2019-06-27 10:23:36 +02:00
Ondrej Kozina
292a5f50b2 Allow offline reencryption on files without root privileges. 
If userspace block ciphers are not available try kcapi first.
 2019-06-27 10:19:23 +02:00
Ondrej Kozina
c25ce7c585 Allow disabling of reencryption locks via crypt_metadata_locking() 2019-06-27 10:19:18 +02:00
Ondrej Kozina
b22c9a86a9 Add internal crypt_zalloc routine (calloc wrapper). 2019-06-27 10:19:14 +02:00
Ondrej Kozina
767bb952a5 Enable crypt_init_by_name() for LUKS2 device on top of reencryption stack. 2019-06-27 10:19:12 +02:00
Ondrej Kozina
32e7178bbb Allow crypt_get_active_device for multi-segment devices. 2019-06-27 10:19:05 +02:00
Ondrej Kozina
614f671b92 Introduce SUBDEV internal device type. 
LUKS2 and other device types allow stacking of dm devices
underneath public top level device.

The new type identifies clearly those private devices in respective
device stack so that they can be easily removed while removing
top level public device.

Switch LUKS2 reencryption device stack to use SUBDEV type immmediately
for hotzone and overlay devices. Other devices will follow in later
releases.
 2019-06-27 10:19:01 +02:00
Ondrej Kozina
af62dbf3d3 Add internal limit for count of dm dependencies. 
32 should be enough (+1 for terminating NULL byte)
 2019-06-27 10:18:58 +02:00
Ondrej Kozina
249e6af3a6 Add LUKS2 uuid component in underlying dm-integrity device. 2019-06-27 10:18:56 +02:00
Ondrej Kozina
59bed375d0 Add type parameter to INTEGRITY_activate_dmd. 2019-06-27 10:18:54 +02:00
Ondrej Kozina
aba95b00aa Activate underlying dm-integrity privately for LUKS2 w/ auth. encryption. 2019-06-27 10:18:50 +02:00
Ondrej Kozina
011ee5b180 Introduce crypt_string_in internal helper. 
And replace custom name_in_list function with new helper.
 2019-06-27 10:18:47 +02:00
Ondrej Kozina
4e19719bdd Check hotzone size and device size alignment earlier. 
It failed later but it was difficult to understand what went wrong.
 2019-06-27 10:18:44 +02:00
Ondrej Kozina
fa469aaf41 Update struct crypt_params_reencrypt documentation. 2019-06-27 10:18:41 +02:00
Ondrej Kozina
3cabf608ca Unify reencryption context load error messages. 2019-06-27 10:18:37 +02:00
Milan Broz
2e841622f8 Print proper error message if LUKS2 slot encryption fail. 2019-06-26 17:30:30 +02:00
Seong-Joong Kim
07df177332 Fix a typo of comment 2019-06-24 22:31:52 -07:00
Guilhem Moulin
70c4ce199d Fix minor spelling errors in manpage and messages. 
Reported by lintian(1) - Static analysis tool for Debian packages:

accidentaly -> accidentally
trigerring -> triggering
alocate -> allocate
alignemnt -> alignment
initalize -> initialize
 2019-06-18 09:42:28 +02:00
Ondrej Kozina
0106c64369 Fix issues reported by valgrind. 
keyslot_cipher member leaked after existing LUKS2 context reload.

crypt_keyslot_set_encryption may access freed memory if
crypt_keyslot_get_encryption was previously called with
CRYPT_ANY_SLOT parameter.
 2019-06-14 13:50:09 +02:00
Ondrej Kozina
272505b99d If no hash is specified in pbkdf use default value for keyslot AF. 2019-06-13 17:04:21 +02:00