eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-15 12:50:06 +01:00
Code Issues Packages Projects Releases Wiki Activity
2,310 Commits 15 Branches 79 Tags
7aa197be7d15e205d108b833a823428f6bd7af8c
Commit Graph

276 Commits

Author SHA1 Message Date
Milan Broz
7aa197be7d Print better warning if online reencrypt is called over LUKS1. 2019-08-14 08:14:02 +02:00
Ondrej Kozina
b3af88708d Change reencryption mode parameter type to enum. 2019-08-01 15:40:53 +02:00
Ondrej Kozina
7380731bf7 Do not fail reencryption silently when --active-name is not LUKS2. 2019-08-01 10:43:57 +02:00
Ondrej Kozina
330f9daade Pass max_hotzone_size inside reencryption parameters in sectors. 2019-07-12 15:37:18 +02:00
Ondrej Kozina
4a232bc868 Pass device size inside reencryption parameters in sectors. 
it was mistake in reencryption API. All other device sizes
related to device mapper devices are always in 512b setctors.
 2019-07-12 15:37:18 +02:00
Ondrej Kozina
8b959158e3 Make resize action accept --device-size parameter (supports units). 
Fixes #368.
 2019-06-27 14:40:01 +02:00
Ondrej Kozina
ecb898c7ff Device size parameter must be always aligned to 512. 2019-06-27 14:39:59 +02:00
Ondrej Kozina
d4682b3b38 Cleanup translated messages id. 
- minimize count of almost identical message ids
- unify style for some messages
- remove some useless messages
 2019-06-27 10:23:42 +02:00
Ondrej Kozina
6851535fe7 Add info about reencrytpion in LUKS2 status. 2019-06-27 10:23:08 +02:00
Milan Broz
9b5e3797b1 Fis status command to display only specific device types. 
Cryptsetup, veritysetup and integrity setup should ignore other
device mappings in status command (it should display only
basic type information).
 2019-06-25 15:03:04 +02:00
Alexander Neumann
ed0f8ccbaf Document all options for the --type parameter 2019-06-14 21:28:05 +02:00
Ondrej Kozina
550b3ee1d3 Fix off-by-one error in reencryption keyslots count check. 2019-06-14 09:10:28 +02:00
Ondrej Kozina
05091ab656 Improve reencryption when dealing with multiple keyslots. 
It's possible to retain all keyslots (passphrases) when
performing LUKS2 reencryption provided there's enough
space in LUKS2 json metadata.

When specific keyslot is selected all other keyslots
bound to old volume key get deleted after reencryption
is finished.

Existing tokens are assigned to new keyslots.
 2019-06-13 17:04:34 +02:00
Ondrej Kozina
281323db42 Fix condition for printing debug message. 2019-06-12 11:51:08 +02:00
Ondrej Kozina
0e4757e0fb Add LUKS2 reencryption recovery in repair command. 2019-05-24 17:29:56 +02:00
Ondrej Kozina
cfbef51d3d Add interactive dialog in case active device auto-detection fails. 2019-05-22 12:50:18 +02:00
Ondrej Kozina
f74072ba28 Silence active device detection message in batch mode. 2019-05-21 16:05:23 +02:00
Ondrej Kozina
19eac239b7 Add --device-size parameter for use in LUKS2 reencryption. 
Currently it's used only in LUKS2 reencryption code
for reencrypting initial part of data device only.

It may be used to encrypt/reencrypt only initial part
of data device if user is aware that rest of the device
is empty.
 2019-05-21 15:54:43 +02:00
Ondrej Kozina
bee5574656 Add --resume-only parameter to reencrypt command. 2019-05-21 15:54:07 +02:00
Milan Broz
dc53261c3b Fix data leak in format and reencrypt command. 2019-05-03 13:06:58 +02:00
Ondrej Kozina
a36245cef6 Add new reencrypt cryptsetup action. 
The new reencryption code is enabled via cryptsetup cli
and works with LUKS2 devices only.
 2019-05-02 16:45:43 +02:00
Milan Broz
1b49ea4061 Add global serialization lock for memory hard PBKDF. 
This is very ugly workaround for situation when multiple
devices are being activated in parallel (systemd crypttab)
and system  instead of returning ENOMEM use OOM killer
to randomly kill processes.

This flag is intended to be used only in very specific situations.
 2019-03-29 11:58:12 +01:00
Milan Broz
91b74b6896 Fix some compiler warnings. 2019-02-07 17:14:47 +01:00
Rafael Fontenelle
2b55f6420a Fix misspellings 2019-01-28 08:40:20 -02:00
Milan Broz
46dc5beee9 Increase LUKS keysize if XTS mode is used (two internal keys). 2019-01-25 13:56:21 +01:00
Milan Broz
a6f5ce8c7b Update copyright year. 
And unify name copyright format.
 2019-01-25 09:45:57 +01:00
Milan Broz
715b0c9b6c Switch to fetching default PBKDF values from library. 2019-01-23 14:15:23 +01:00
Milan Broz
6dc2f7231b Fix a possible NULL pointer in opt_type. 2019-01-21 14:07:33 +01:00
Milan Broz
51dd2762a9 Add --debug-json switch and log level. 
The JSON structures should not be printed by default to debug log.

This flag introduces new debug level that prints JSON structures
and keeps default debug output separate.
 2019-01-10 14:52:49 +01:00
Milan Broz
98feca280f Add crypt_get_default_type() API call. 2019-01-07 20:38:17 +01:00
Milan Broz
307a7ad077 Add keyslot encryption params. 
This patch makes available LUKS2 per-keyslot encryption settings to user.

In LUKS2, keyslot can use different encryption that data.

We can use new crypt_keyslot_get_encryption and crypt_keyslot_set_encryption
API calls to set/get this encryption.

For cryptsetup new --keyslot-cipher and --keyslot-key-size options are added.

The default keyslot encryption algorithm (if cannot be derived from data encryption)
is now available as configure options (default is aes-xts-plain64 with 512-bits key).
NOTE: default was increased from 256-bits.
 2019-01-07 13:07:46 +01:00
Ondrej Kozina
2dd4609699 Implement cryptsetup refresh action (open --refresh alias). 
It allows active device refresh with new activation
parameters. It's supported for LUKS1, LUKS2, crypt plain
and loop-AES devices.
 2019-01-01 21:42:46 +01:00
Milan Broz
ec07927b55 Add cryptsetup options for LUKS2 header size settings. 
Also print these area sizes in dump command.

NOTE: since now, the metadata area size in dump command contains
mandatory 4k binary section (to be aligned with API definition).
 2018-12-12 14:51:40 +01:00
Milan Broz
7d8003da46 cryptsetup: add support for --offset option to luksFormat. 
This option can replace --align-payload with absolute alignment value.
 2018-12-06 14:22:18 +01:00
Milan Broz
0fed68dd16 Introduce crypt_init_data_device and crypt_get_metadata_device_name. 
For some formats we need to separate metadata and data device before
format is called.
 2018-12-05 12:33:16 +01:00
Milan Broz
493e8580d6 Log all debug messages through log callback. 
This cahnge allow to redirect all output of library
to a log processor.
 2018-11-07 10:17:51 +01:00
Milan Broz
bce567db46 Add workaround for benchmarking Adiantum cipher. 2018-11-07 10:17:33 +01:00
Milan Broz
7213d5a76b Fix verbose message about key removal in luksKillSlot,luksErase and luksKremoveKey. 
The crypt_keyslot_destroy() does not return keyslot number,
so return value 0 was always used as a keyslot reference.
 2018-10-27 17:44:38 +02:00
Milan Broz
a46733e701 Reintroduce error message if LUKS device is not detected. 
Older cryptsetup printed this message through library,
later it disappeared even in cryptsetup binary.
 2018-10-13 10:13:29 +02:00
Milan Broz
484692aacd Do not ask wiping questions in format if we just created the file. 2018-10-12 12:24:42 +02:00
Milan Broz
5be31bbce6 More warnings fixes. 2018-09-27 20:54:06 +02:00
Ondrej Kozina
cd1c36ef94 Allow passphrase change for unbound keyslots. 
Also fixes small typo in API.

Fixes #409.
 2018-09-25 13:13:31 +02:00
Ondrej Kozina
ee689d88b4 Add blkid scan when attemting to open plain device. 
Warn user about existing device signatures on candidate ciphertext
device and prompt for action confirmation.

Fixes #411.
 2018-09-25 13:13:18 +02:00
Ondrej Kozina
b93b676336 Move blkid scan after device context initialization. 
Fixes bug with misleading error message when target device
does not exist.
 2018-09-25 08:55:24 +02:00
Ondrej Kozina
1c6d66fccc Emit error message for converting inactive keyslot. 
Fixes: #416.
 2018-09-25 08:53:48 +02:00
Ondrej Kozina
622943529e Wipe LUKS header if luksFormat fails to add first keyslot. 2018-09-25 08:45:03 +02:00
Ondrej Kozina
03a74b74e5 Revert "Fix data alignment calculations with custom encryption sector size." 
This reverts commit 71dd149ca2.

Enforcing data alignment to be encryption sector size aligned
is completelly wrong. The underlying data device alignment
has nothing to do with dm-crypt internal encryption sector size.

The restriction is however valid for dm-crypt segment size.
 2018-08-10 08:19:02 +02:00
Ondrej Kozina
71dd149ca2 Fix data alignment calculations with custom encryption sector size. 2018-08-08 08:01:45 +02:00
Rafael Fontenelle
a60543728b Remove unmatched parethensis 
This string had parentheses around part of the text, but it was restyled.
 2018-07-21 07:25:52 -03:00
Milan Broz
561d9ac2bc Fix problems found by Coverity scan. 2018-07-19 14:45:46 +02:00