eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-15 04:40:05 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,608 Commits 15 Branches 79 Tags
610c7858d6bd3d1837f93a5d3b86ecb0756e4160
Commit Graph

202 Commits

Author SHA1 Message Date
Milan Broz
ab62f45d57 Use stdin and "-" file check wrapper. 2015-08-26 10:54:33 +02:00
Milan Broz
3a0293a299 Do not link FIPS helper to cryptsetup anymore. 
Just print info about FIPS mode in RNG init.
 2015-08-26 10:36:49 +02:00
Milan Broz
1f2d8de95f Support VeraCrypt devices (TrueCrypt extension). 
Add CRYPT_TCRYPT_VERA_MODES libcryptswtup flag and
--veracrypt option.

Fixes issue#245.
 2015-02-24 22:04:15 +01:00
Milan Broz
4f7b413638 Add low-level performance options for dmcrypt tuning. 
The patch adds the two options
  --perf-same_cpu_crypt
  --perf-submit_from_crypt_cpus
that set the same named options inside dmcrypt
(available in Linux kernel 3.20 and later).
 2015-02-20 16:46:34 +01:00
Milan Broz
31a4d552a2 Support keyfile offset and keyfile size option even for plain volumes. 
For historic reasons, in the plain mode the hashing is not used
if keyfile is used (with exception of --key-file=-).

Print warning if the parameters are ignored.

For other cases, uses keyfile offset, keyfile size and hash
as psecified on commandline.

Partially fixes issue#243
 2015-02-20 12:55:21 +01:00
Milan Broz
8157e47ad4 Support keyfile for luksAddKey if the master key is specified. 
If AddKey was called with master key argument, the code always asked
for a passphrase ignoring the keyfile argument.

Now it is properly processed as the same as if no master key is specified.
 2015-01-26 14:42:46 +01:00
Milan Broz
62b0138dad Allow to use --header option in all LUKS commands. 
The --header always takes precedence over positional device argument.

Also allow specify UUID= for luksSuspend and luksResume if used with
detached header.
 2015-01-26 13:31:37 +01:00
Milan Broz
bb8dbfdf5b Update author name. 2014-06-23 21:40:12 +02:00
Ondrej Kozina
4f89028c67 modify FIPS checks 
- we need a way to notify an user about running misconfigured system which
will turn to be unusable in real FIPS mode. For more details look at:
http://bugzilla.redhat.com/show_bug.cgi?id=1009707#c25

- also fixes invisble verbose log about running in FIPS mode due to its misplacement
 2014-06-22 17:24:10 +02:00
Milan Broz
91c739958c Allow ECB mode in cryptsetup benchmark. 2014-06-17 23:09:13 +02:00
Milan Broz
0614ab6b07 Allow simple status of crypt device without providing metadata header. 
If device is activated, we can provide some information from
active kernel parameters instead of header.
 2014-06-14 17:42:57 +02:00
Milan Broz
49e55c0f42 Fix keyfile offset parameter for loopaes. 
Fixes Issue#216.
 2014-06-14 14:35:27 +02:00
Cristian Rodríguez
a809224ec7 Fix all format string issues found by the attribute format patch 2014-04-12 08:52:20 +02:00
Milan Broz
2e97d8f8e8 Prepare version 1.6.4. 2014-02-27 14:36:13 +01:00
Milan Broz
2ad69eba90 Verify new passphrase by default in luksChangeKey and luksAddKey. 2014-02-27 13:26:05 +01:00
Milan Broz
cf534f3759 Implement erase command. 2014-02-05 17:17:12 +01:00
Milan Broz
7f93a49cc3 Support --tries option even for TCRYPT devices in cryptsetup. 2014-01-12 11:37:21 +01:00
Milan Broz
bec86e3d5a Support discard option even for TCRYPT devices. 2014-01-11 22:13:37 +01:00
Milan Broz
f3e398afc5 Rewrite cipher benchmark loop. 
Using getrusage seems toi give not adequate precision,
so use clock_gettime and try to scale buffer size a bit
on high performance systems.

If it still fail, return ERANGE error instead calculating
completely unreliable numbers.

Should fix Issue#186.
 2013-12-01 10:55:35 +01:00
Ondrej Kozina
a21c0503f8 make FIPS checks compliant with new guidance 
(gmazyland: Simplified this NIST nonsense, should be still exactly
equivalent to former patch)
 2013-11-10 18:10:39 +01:00
Milan Broz
da93a3320b Add commandline option --tcrypt-backup to access TCRYPT backup header. 2013-10-29 20:35:07 +01:00
Milan Broz
d67548adfe Fails if more device arguments are present for isLuks. 
Fixes
http://code.google.com/p/cryptsetup/issues/detail?id=165
 2013-07-27 12:43:48 +02:00
Milan Broz
6127b6959f Update copyright year on changed files. 2013-03-24 09:05:33 +01:00
Milan Broz
fd5b88449a Make passphrase prompts more consistent. 
Also see http://code.google.com/p/cryptsetup/issues/detail?id=145
 2013-02-11 14:53:49 +01:00
Milan Broz
fe4175b551 Fix some extended compile warning. 2013-01-10 17:26:19 +01:00
Milan Broz
e689eb4a0a Fix benchmark alignment (wider columns). 2013-01-02 21:53:49 +01:00
Milan Broz
46de69d0e6 Add kernel userspace header detection. 
Add --disable-kernel_crypto to allow compilation with old kernel.
 2012-12-30 12:28:30 +01:00
Milan Broz
0946c704bf Fix status of device if path argument is used. Fix double path prefix for non-existent device path. 2012-12-30 11:48:30 +01:00
Milan Broz
29f21208a0 Change License from GPLv2 only to GPLv2+ ("or any later"). 
Agreed by all copyright authors.
 2012-12-29 11:33:54 +01:00
Milan Broz
3b4424226f Fix non-translated messages. 2012-12-29 11:11:23 +01:00
Milan Broz
e4c4049741 Add basic support for system TCRYPT device. 
Rename option hidden to tcrypt-hidden.
 2012-12-22 22:34:09 +01:00
Milan Broz
e030e3bd15 Add optional libpwquality support for new LUKS passwords. 
If password is entered through terminal (no keyfile specified)
and cryptsetup is compiled with --enable-pwquality, default
system pwquality settings are used to check password quality.
 2012-12-19 17:25:11 +01:00
Milan Broz
c950cf265f Prepare cryptsetup functions for pwquality check. 2012-12-19 15:27:29 +01:00
Milan Broz
32c578729c Handle signals in tool context. 2012-12-11 19:01:46 +01:00
Milan Broz
80d21c039e Fix some problems found by Coverity scan. 2012-12-10 17:28:52 +01:00
Milan Broz
05af3a3383 Move change key into library (add crypt_keyslot_change_by_passphrase). 
This change is useful mainly in FIPS mode, where we cannot
extract volume key directly from libcryptsetup.
 2012-12-07 15:33:47 +01:00
Milan Broz
bd494d23c5 Add PBKDF2 benchmark. 2012-12-05 20:35:42 +01:00
Milan Broz
ef21960600 Document new basic commands open/close (and old syntax aliases). 2012-12-03 13:23:14 +01:00
Milan Broz
a4585423fd Remove some gcc extra warnings (signed/unsigned problems etc). 2012-12-02 23:13:59 +01:00
Milan Broz
4d9c7d39f4 Add master key dump option for tcryptDump. 2012-12-02 20:27:45 +01:00
Milan Broz
6a532cb1b5 cryptsetup: remove useless arg for action functions. 2012-12-02 20:11:10 +01:00
Milan Broz
d93e4212cd Add new commands open/close and make aliases. 
open aliases : create, plainOpen,  luksOpen,  loopaesOpen,  tcryptOpen
close aliases: remove, plainClose, luksClose, loopaesClose, tcryptClose
 2012-12-02 20:03:05 +01:00
Milan Broz
0461d9e822 Better tcrypt test options. 2012-11-30 15:03:01 +01:00
Milan Broz
4f7262aa96 And fix previous comment once more... :) 2012-11-30 13:52:03 +01:00
Milan Broz
eac953c6e4 Fix skcipher failure handling. 2012-11-30 13:37:14 +01:00
Milan Broz
d7fc953fa2 Handle kernel crypto api init failure better. 2012-11-29 18:01:02 +01:00
Milan Broz
c81260b3c3 TCRYPT: add dump command 2012-11-23 17:10:57 +01:00
Daniel Kahn Gillmor
c26bb0f38a make default LUKS PBKDF2 iteration time configurable 2012-11-20 21:23:05 +01:00
Milan Broz
911ffe81f0 TCRYPT: implement (most of) legacy modes support. 2012-11-19 21:25:57 +01:00
Milan Broz
ecf993834c TCRYPT: support keyfiles 2012-11-19 21:25:26 +01:00