eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-12 03:10:08 +01:00
Code Issues Packages Projects Releases Wiki Activity
3,380 Commits 16 Branches 78 Tags
81a63aca2245f1e0816d73c8bcd0ec92eeb4aa83
Commit Graph

112 Commits

Author SHA1 Message Date
Milan Broz
1d59ae9aa9 Remove FIPS mode restriction for crypt_volume_key_get. 
It is an application responsibility to use this API in the proper
context.
 2019-07-30 14:12:50 +02:00
Milan Broz
8fde1b9f2c Mark API tests as skipped if setup phase fails. 2019-07-30 13:18:34 +02:00
Milan Broz
5e03f8c725 Always close context before failing API test. 
Some devices could be still open delaying removal in cleanup.
 2019-07-30 13:14:12 +02:00
Milan Broz
d6d4a50f7c Rename cd1-> cd in api test2. 2019-07-30 10:48:08 +02:00
Ondrej Kozina
e0d34b8f47 Add basic LUKS2 reencryption api test. 2019-07-26 16:20:36 +02:00
Ondrej Kozina
c18f968d84 Extend LUKS2 metadata size api tests. 2019-07-12 15:37:18 +02:00
Ondrej Kozina
5dfbc57117 Move LUKS2 metadata size api tests in separate routine. 2019-07-12 15:37:18 +02:00
Yuri Chornoivan
4143d9871e Fix minor typos 2019-06-28 12:02:39 +00:00
Ondrej Kozina
60d26be325 Load volume key in keyring when activated by token. 
LUKS2 should use keyring for dm-crypt volume keys by default
when possible. crypt_activate_by_token didn't load keys in
keyring by default. It was a bug.
 2019-05-21 18:08:00 +02:00
Ondrej Kozina
5bb65aca8f Remove all test dm devices with retry option if available. 2019-05-06 15:37:35 +02:00
Ondrej Kozina
ea4b586c77 Add tests for CRYPT_VOLUME_KEY_DIGEST_REUSE flag. 
Tests commit 7569519530
 2019-03-22 08:01:21 +01:00
Milan Broz
b6d406fbc8 Add fixed Makefile that can run tests outside of compiled tree. 2019-03-20 21:58:07 +01:00
Milan Broz
456ab38caa Allow to set CRYPTSETUP_PATH in tests for system installed cryptsetup tools. 
Run: make check CRYPTSETUP_PATH=/sbin
 2019-03-08 08:16:45 +01:00
Ondrej Kozina
c03e3fe88a Fix getting default LUKS2 keyslot encryption parameters. 
When information about original keyslot size is missing (no active
keyslot assigned to default segment) we have to fallback to
default luks2 encryption parameters even though we know default
segment cipher and mode.

Fixes: #442.
 2019-03-01 20:39:06 +01:00
Milan Broz
fc7b257bab Silence dmsetup removal messages. 2019-02-13 13:34:39 +01:00
Milan Broz
1158ba453e Use better test for a bad loop descriptor. 2019-02-12 14:54:56 +01:00
Milan Broz
2e3f764272 Fix api-test-2 to properly detect missing keyring in kernel. 
Also properly cleanup after some failures.
 2019-02-12 14:49:21 +01:00
Milan Broz
319fd19b5e Add implementation of crypt_keyslot_pbkdf(). 
This function allows to get PBKDF parameters per-keyslot.
 2019-02-07 12:55:12 +01:00
Ondrej Kozina
0cac4a4e0c Make api test run with any defalt LUKS2 header size. 2019-02-06 11:48:47 +01:00
Milan Broz
a6f5ce8c7b Update copyright year. 
And unify name copyright format.
 2019-01-25 09:45:57 +01:00
Milan Broz
580f0f1a28 Add some FIPS mode workarounds. 
We cannot (yet) use Argon2 in FIPS mode, hack scripts and library
to use PBKDF2 or skip tests and fix tests to run in FIPS mode.
 2019-01-24 17:04:13 +01:00
Milan Broz
1def60cd2c Do not allow conversion to LUKS1 if hash algorithms differs (digest,AF). 2019-01-22 14:19:58 +01:00
Milan Broz
cf31bdb65c Workaround for test failure with disabled keyring. 
NOTE: this need proper fix, tests should not expect a device state
from previous test.
 2019-01-08 13:32:34 +01:00
Milan Broz
307a7ad077 Add keyslot encryption params. 
This patch makes available LUKS2 per-keyslot encryption settings to user.

In LUKS2, keyslot can use different encryption that data.

We can use new crypt_keyslot_get_encryption and crypt_keyslot_set_encryption
API calls to set/get this encryption.

For cryptsetup new --keyslot-cipher and --keyslot-key-size options are added.

The default keyslot encryption algorithm (if cannot be derived from data encryption)
is now available as configure options (default is aes-xts-plain64 with 512-bits key).
NOTE: default was increased from 256-bits.
 2019-01-07 13:07:46 +01:00
Milan Broz
267bf01259 Add crypt_get_pbkdf_type_params() API. 
This function allows get default (compiled-in) PBKDF parameters
per every algorithm.

Fixes #397.
 2019-01-03 14:13:01 +01:00
Ondrej Kozina
77d7babf92 Add new crypt_resize tests. 2019-01-01 21:42:46 +01:00
Ondrej Kozina
545b347ca5 Add api test for CRYPT_ACTIVATE_REFRESH flag. 2019-01-01 21:42:46 +01:00
Milan Broz
41c7e4fe87 Remove incorrect parameter in crypt_reload test. 2018-12-12 12:28:42 +01:00
Milan Broz
fd02dca60e Add crypt_set_metadata_size / crypt_get_metadata_size API. 2018-12-11 21:59:59 +01:00
Milan Broz
03edcd2bfd Add crypt_set_data_offset API function. 
The crypt_set_data_offset sets the data offset for LUKS and LUKS2 devices
to specified value in 512-byte sectors.

This value should replace alignment calculation in LUKS param structures.
 2018-12-06 11:10:21 +01:00
Milan Broz
0fed68dd16 Introduce crypt_init_data_device and crypt_get_metadata_device_name. 
For some formats we need to separate metadata and data device before
format is called.
 2018-12-05 12:33:16 +01:00
Milan Broz
9cbd36163c Fix various gcc compiler warnings in tests. 2018-12-03 13:47:43 +01:00
Milan Broz
2300c692b8 Check hash value in pbkdf setting early. 2018-11-22 15:51:10 +01:00
Milan Broz
0b10d877b0 Some more gcc warnings fixes. 2018-09-29 17:32:33 +02:00
Ondrej Kozina
114356ad2e Properly load new device context after header restore. 2018-09-25 08:53:26 +02:00
Milan Broz
f1d5b94762 Run API tests without verbose flag by default. 
And rename some tests.
 2018-08-10 12:36:15 +02:00
Rafael Fontenelle
f35ec9771e Fix typos 
A bunch of typos reported by codespell, most of them comments in the code
 2018-07-21 07:24:25 -03:00
Ondrej Kozina
7f6f8ec386 Test fixes for pbkdf verifications. 2018-07-11 22:23:53 +02:00
Ondrej Kozina
71a8fd3106 Test basic LUKS2 repair capabilities. 
a) checks crypt_load() fails when single LUKS2 header is corrupted and
   blkid detect other device signature from LUKS or none.
b) check explicit crypt_repair is able to override blkid restriction
   and fix corrupted primary header
c) check a) and b) with disabled locks
 2018-07-11 22:23:10 +02:00
Milan Broz
a387557970 Introduce crypt_keyslot_get_key_size() 
This function allows to get key size even for unboud keyslots.
 2018-04-26 14:24:10 +02:00
Ondrej Kozina
790fdc0aa6 Add crypt_volume_key_get tests for unbound key. 2018-04-21 10:54:12 +02:00
Milan Broz
aa1551c6e8 Introduce CRYPT_SLOT_UNBOUND keyslot status for LUKS2. 
A keyslot not bound to any segment can store any key for any purpose.

To easily check slot status, new enum value is introduced.
This status is valid only for LUKS2, so the functions are backward compatible
with LUKS1.
 2018-04-19 22:28:13 +02:00
Milan Broz
f8a7ab1752 Add crypt_get_pbkdf_default() function to get per-type PBKDF default. 2018-04-16 15:26:43 +02:00
Ondrej Kozina
b11b11f9b0 Add test for LUKS2 conversion with tokens. 2018-04-15 13:08:57 +02:00
Ondrej Kozina
965e0237a3 Add basic test for CRYPT_VOLUME_KEY_SET flag. 
Also test for bug in keyslot to digest assignment if target
digest id is not 0.
 2018-04-12 15:42:32 +02:00
Milan Broz
187170ec51 Check cipher before writing metadata (LUKS2). 
Some ciphers and key sizes created on-disk metadata that cannot be used.
Use the same test for length-preserving cipher as LUKS1.

Also check if key for integrity algorithm is not too small.

Fixes #373.
 2018-04-06 12:57:58 +02:00
Ondrej Kozina
515eff269c Add basic tests for persistent flags API. 2018-02-27 11:58:11 +01:00
Ondrej Kozina
3e10116437 Test crypt_activate_by_token() and keyring. 2018-02-27 11:58:01 +01:00
Ondrej Kozina
8295bde95a Update tests for token enhancements. 
- add crypt_token_is_assigned tests
- test crypt_token_json_set extended to be able
  to create builtin tokens.
 2018-02-22 15:21:52 +01:00
Milan Broz
1fe014dbae Update copyright year. 2018-01-20 17:55:21 +01:00