eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-13 11:50:10 +01:00
Code Issues Packages Projects Releases Wiki Activity
989 Commits 13 Branches 79 Tags
872becdbbd95544dc31c575ef09c79e29bafa3d1
Commit Graph

189 Commits

Author SHA1 Message Date
Milan Broz
872becdbbd Handle also missing support for tcrypt test in kernel properly. 2014-07-27 19:39:53 +02:00
Milan Broz
c9694437d2 Fix tcrypt test for unsupported combinations. 2014-07-27 18:40:21 +02:00
Milan Broz
64ad90f73c Ignore wrong parameters fail in LUKS images tests if whirlpool hash is used. 2014-07-27 17:02:51 +02:00
Milan Broz
166d23a813 Fix tests for GNU grep syntax. 2014-07-27 16:31:46 +02:00
Milan Broz
d9678325a2 Update LUKS1 test images. 2014-07-12 21:16:19 +02:00
Milan Broz
d63163e46c Add notes about Whirlpool hash fail to tests. 2014-06-26 14:47:02 +02:00
Ondrej Kozina
4e4d933d7b fix reencryption tests failure with older grep 2014-06-18 08:56:23 +02:00
Milan Broz
0614ab6b07 Allow simple status of crypt device without providing metadata header. 
If device is activated, we can provide some information from
active kernel parameters instead of header.
 2014-06-14 17:42:57 +02:00
Milan Broz
6d4c2db3b1 Fix mode test for nonexisting table. 2014-06-01 20:57:45 +02:00
Milan Broz
6225c901fe Use proper images with mentioned hashes in luks test. 2014-04-13 19:34:06 +02:00
Milan Broz
1fc441f091 Include images in tarball ans use xz format. 2014-04-13 16:29:21 +02:00
Milan Broz
22849ccd11 Add luks1 compat image testing. 
This test use long keyfile to test proper KDF functionality.
 2014-04-13 16:21:11 +02:00
Milan Broz
cf534f3759 Implement erase command. 2014-02-05 17:17:12 +01:00
Milan Broz
e364041b40 Add --keep-key to cryptsetup-reencrypt. 
This allows change of LUKS header hash (and iteration count) without
the need to reencrypt the whole data area.
 2014-01-19 15:29:12 +01:00
Milan Broz
5206543902 Fix api test keyfile write. 2014-01-12 13:39:15 +01:00
Milan Broz
2d755335de Fix previous commit. 2013-12-08 18:15:00 +01:00
Milan Broz
d7762c09dd Add new test images to automake file list. 2013-12-08 18:02:58 +01:00
Milan Broz
957201e758 Fix reencryption tool to work with 4k devices. 
See https://bugzilla.redhat.com/show_bug.cgi?id=1029032#c7

Thanks to Ondra Kozina to figure this out.
 2013-12-08 17:50:25 +01:00
Milan Broz
004dc271a4 Fix wrong block size if used on 4k block fs through loop device. 
Always use page size if running through loop device.
 2013-12-08 16:09:25 +01:00
Ondrej Kozina
0d47e5eb76 Enable reencryption tests using last keyslot 2013-11-21 19:48:17 +01:00
Ondrej Kozina
f30bbbffe7 Fix minimal size expectations failure for backup header file 
- backup header file must be page size aligned
- fix for https://bugzilla.redhat.com/show_bug.cgi?id=1030288
- add regression test to api-tests
 2013-11-21 19:48:12 +01:00
Ondrej Kozina
6b88461553 modify fips detection also in api-test 2013-11-21 19:48:03 +01:00
Milan Broz
700b558fb6 Fix api test to use proper key size. 
LUKS format now reuires correct kernel parameters always,
so validation test must use different but still correct key size.
 2013-11-20 22:20:15 +01:00
Ondrej Kozina
77a345d4cb Add tests to reencryption-compat-test 
- test --keyslot modification (commit: 5736b0a114)
- test reecryption w/o adding --keyslot option
- use variable instead of static string ("key1" -> KEY1)
- comment one failing test (https://bugzilla.redhat.com/show_bug.cgi?id=1030288)

[gmayland: removed some tests & added -i 1 to save test time]
 2013-11-17 21:01:19 +01:00
Milan Broz
ce23225e46 Check if provided cipher and mode is usable before writing LUKS header to disk. 
If user provided unusable cipher-mode string, LUKS header was written and
keyslot creation failed later.

Better check early (by creating fake dmcrypt device) if cipher is usable
and fail early (without writing LUKS header to device).

Fixes Issue#176
 2013-11-10 22:11:00 +01:00
Milan Broz
09c229fe6c Support limitation for "plain" hash (no hash). 
This can be used for mapping problematic cryptosystems which
wipes some key (losetup sometimes set last byte to zero).
 2013-11-10 19:31:02 +01:00
Milan Broz
db56125708 Fix hash limiting if parameter is not a number. 
If hash lenght specification was not a number, the whole key was set
to zero instead of command failure.

Resolves
https://bugzilla.redhat.com/show_bug.cgi?id=1028362
 2013-11-10 19:08:01 +01:00
Ondrej Kozina
a21c0503f8 make FIPS checks compliant with new guidance 
(gmazyland: Simplified this NIST nonsense, should be still exactly
equivalent to former patch)
 2013-11-10 18:10:39 +01:00
Milan Broz
53607a0274 Add CBC TCRYPT VFAT id test images and run it by default. 2013-10-26 22:48:05 +02:00
Milan Broz
b2283f045a Version 1.6.2. 2013-08-04 19:01:55 +02:00
Cristian Rodríguez
1349efa34d Fix buildsytem to always include config.h. 
- config.h must always be the first file to be included
- Use AM_CFLAGS and AM_LDFLAGS consistently and properly.

(Modified to disable build without largefile support etc
by Milan Broz <gmazyland@gmail.com>)
 2013-06-23 17:14:33 +02:00
Milan Broz
ae9c9cf369 Disallow explicit small payload offset for detached header. 
LUKS detached header has some limitations, one of them
is that you cannot run some explicit check for data offsets
without providing also data device.

Because luksDump and all key handle commands takes only
metadata device (LUKS heaer device), it not easy to properly
support data payload offset validation.

So if detached header is present for luksFormat, code now
allows data payload 0 (IOW whole data device is used)
and explicit offset larger than header+keyslots
(the same as the header is on data device - so some space is wasted).

N.B. with detached header the option --align-payload is used
directly without any round up caculations.

Fixes Issue#155.
 2013-05-11 10:59:02 +02:00
Milan Broz
6127b6959f Update copyright year on changed files. 2013-03-24 09:05:33 +01:00
Milan Broz
f2521889c2 Deactivate whole device TCRYPT tree if context is NULL 
API (unfortunately) supports NULL argument for crypt_deactivate,
with new chained TCRYPT devices it must deactivate all
chained devices as well.

Fixes issue#147.
 2013-03-17 19:20:42 +01:00
Milan Broz
2780ccdd62 Properly cleanup on interrupt in api-test. 2013-01-16 15:28:12 +01:00
Milan Broz
fdcabdfd28 Support test run in kernel FIPS mode. 2013-01-15 14:53:19 +01:00
Milan Broz
6a1f49c244 Fix tcrypt test header. 2013-01-13 23:53:35 +01:00
Milan Broz
8613651f18 Use tabs in script. 2013-01-13 20:45:55 +01:00
Milan Broz
20149281a4 Fix tests to work with pwquality compiled in. 2013-01-10 15:34:11 +01:00
Milan Broz
36eb33bc86 Skip test for kernel wihtout autoclear flag. 2013-01-08 18:44:02 +01:00
Milan Broz
df8fb84723 Workaround api-test compilation on some very old systems. 2013-01-08 17:41:06 +01:00
Milan Broz
4de648a77a Properly specify cipher in tests. 2013-01-08 14:45:39 +01:00
Milan Broz
929dc47be4 Fix displaying of error messages for mising kernel features. 2013-01-08 14:19:31 +01:00
Milan Broz
37d52bf01b Require lsblk for tcrypt test. 2012-12-30 12:35:35 +01:00
Milan Broz
0946c704bf Fix status of device if path argument is used. Fix double path prefix for non-existent device path. 2012-12-30 11:48:30 +01:00
Milan Broz
05da2ed2c2 Skip TCRYPT KDF if hash is not available. 2012-12-29 20:23:52 +01:00
Milan Broz
29f21208a0 Change License from GPLv2 only to GPLv2+ ("or any later"). 
Agreed by all copyright authors.
 2012-12-29 11:33:54 +01:00
Milan Broz
e4c4049741 Add basic support for system TCRYPT device. 
Rename option hidden to tcrypt-hidden.
 2012-12-22 22:34:09 +01:00
Milan Broz
83f02e6682 Add copyright line for files I have written or modified. 2012-12-21 16:40:33 +01:00
Milan Broz
069ba220d2 Add crypt_keyslot_change_by_passphrase() api test. 2012-12-21 16:27:55 +01:00