eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-15 12:50:06 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,759 Commits 15 Branches 79 Tags
97ab7e9c651612f4776fa8da306fbc6722335f7c
Commit Graph

1759 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Milan Broz
af0887fb48 Remove no passphrase error message from library. 
And move it to tools.

This will unify LUKS1/2 error messages.
 2018-03-25 14:14:37 +02:00
Matthew Garrett
610c7858d6 Add explicit key conversion command 
Add support for converting a keyslot from one pbkdf to another without
opening the device.
 2018-03-23 09:53:06 +01:00
Milan Broz
8d1fb88a20 Fix return code and retry count for bad passphrase and non-tty input. 
It there is an input on stdin (pipe), we cannot retry for password,
a retry applies only for the real terminal.

Also the retry lost EPERM (wrong passphrase) return code in this case,
replacing it with tty read error.

Fixes #321.
 2018-03-23 08:13:43 +01:00
Ondrej Kozina
1e2ad19d68 Validate LUKS2 keyslot json before opening it. 2018-03-22 14:06:31 +01:00
Ondrej Kozina
7bee66fe36 Add new luks2 keyslot validation condition. 2018-03-22 14:05:19 +01:00
Ondrej Kozina
303fe886b7 Fix misleading param name in prototype. 2018-03-22 14:05:08 +01:00
Ondrej Kozina
761a472b45 Remove missing digest condition from LUKS2 digest verification. 2018-03-22 14:04:56 +01:00
Ondrej Kozina
3cf2da877f Refactor crypt_activate_by_keyfile_device_offset. 
It's activation by passphrase after all.
 2018-03-22 14:03:48 +01:00
Michal Virgovič
5b7b1596a2 Add tests for veritysetup FEC userspace decoding. 2018-03-22 12:44:14 +01:00
Michal Virgovič
dc58985ac6 Enable userspace FEC decoding in veritysetup. 2018-03-22 12:43:49 +01:00
Michal Virgovič
5e0db46f17 Add Reed-Solomon user-space decoding lib. 2018-03-22 12:41:57 +01:00
Milan Broz
4e19bc01d5 Fix test vectors test link. 2018-03-19 19:21:35 +01:00
Milan Broz
2d2acda404 Add crypto backend vectors test. 
Still need to add
 - hash, HMAC,
 - symmetric ciphers,
 - storage encryption wrapper.
 2018-03-19 13:02:12 +01:00
Milan Broz
fa8d5d1769 Remove losetup handling from reencrypt2 test. 2018-03-13 15:20:07 +01:00
Milan Broz
fe058e2c27 Update reencrypt test to use option --type only when really needed. 2018-03-13 14:14:44 +01:00
Milan Broz
a22a24bc98 Support detached header for cryptsetup-reencrypt. 
This patch allows encryption/decryption of the whole device,
IOW add encryption later with detached header.

This operation can be dangerous, there is no fixed bindings between
the specific LUKS header and data device (encrypted data device
contains no magic signatures).
 2018-03-08 10:15:56 +01:00
Milan Broz
b7c2465887 Add link to ABI tracker. 2018-03-07 13:47:00 +01:00
Milan Broz
f34158250a Update Readme.md. 2018-03-07 13:33:22 +01:00
Milan Broz
87dcc9fe07 Prepare version 2.0.2. v2.0.2 2018-03-07 12:55:54 +01:00
Milan Broz
c56e0eb556 Update po files. 2018-03-06 09:18:08 +01:00
Milan Broz
ba959970c6 Update po files. 2018-03-02 08:58:39 +01:00
Milan Broz
c75e31d3da Set devel version. 2018-03-01 15:04:12 +01:00
Milan Broz
bcc2330a18 Actually fail early Travis test if non-root test fails. 2018-03-01 14:31:04 +01:00
Milan Broz
f0f5913efe Fix device_test to properly fail for non-root user. 2018-03-01 14:05:51 +01:00
Milan Broz
17aefd333a Fix intearctive tests to actually fail if there is a timeout. 2018-03-01 13:48:04 +01:00
Milan Broz
b86a652b90 Return back check for inactive keyslot for luksKillSlot. 2018-03-01 13:46:50 +01:00
Ondrej Kozina
5968323642 Refactor cryptsetup-reencrypt luks2 handling. 
Fold former luks2_transfer_tokens and luks2_transfer_flags into
new luks2_metadata_copy.
 2018-02-28 10:37:14 +01:00
Ondrej Kozina
26727882d0 Refactor update_persistent_flags. 2018-02-28 10:36:43 +01:00
Ondrej Kozina
106e441a61 Add error message explaining locking failure. 2018-02-28 10:36:34 +01:00
Ondrej Kozina
6d22ba9f87 Allow symbolic links in locking path. 
Allow symbolic links in the initial part of locking path.
If /run/x/y/crypsetup is locking path, starting with
'run' anything may be symbolic link up to (including) 'y'.
 2018-02-28 10:36:26 +01:00
Ondrej Kozina
8cd9db272f Adapt device-test to different performance options handling. 
cpu --perf-* options do not trigger error when
not supported by current kernel.

Also be more carefull about --sector-size when not supported by
dm-crypt. Test is made more pedantic now.
 2018-02-28 10:36:06 +01:00
Ondrej Kozina
b8691649c5 Retry dm-crypt load if performance options are not supported. 2018-02-28 10:35:53 +01:00
Ondrej Kozina
e9a2938c6b Test persistent flags after reencryption. 2018-02-28 10:35:41 +01:00
Milan Broz
44fa0bfbc6 Ensure that we do not process null in atoi call. 2018-02-28 08:57:10 +01:00
Ondrej Kozina
36c213ed3a Remove warning from cryptsetup-reencrypt man page. 
Tokens and persistent flags are now transferred during
reencryption.
 2018-02-27 12:09:44 +01:00
Ondrej Kozina
5f26f8a03d Transfer persistent flags to new LUKS2 header. 2018-02-27 12:09:18 +01:00
Ondrej Kozina
471f781022 Enhance persistent flags handling in cryptsetup. 
With --persistent option, write only flags actually
used during activation. In other words we will not
store anymore flags not supported by running kernel.
 2018-02-27 11:58:20 +01:00
Ondrej Kozina
f6cb8e4118 Do not allow --persistent and --test-passphrase. 2018-02-27 11:58:15 +01:00
Ondrej Kozina
515eff269c Add basic tests for persistent flags API. 2018-02-27 11:58:11 +01:00
Ondrej Kozina
bd370ab789 Fix bugs in crypt_persistent_flags_get. 
various bugfixes:
- erase flags variable if no flags are stored
- do not print false debug warning
- during activation do not overwrite activation flags
  with persistent flags
 2018-02-27 11:58:05 +01:00
Ondrej Kozina
3e10116437 Test crypt_activate_by_token() and keyring. 2018-02-27 11:58:01 +01:00
Ondrej Kozina
05f665ecda Return error on conflicting keyring requests. 
Add missing check in crypt_activate_by_token. An oversight
from previous patch.
 2018-02-27 11:57:57 +01:00
Milan Broz
cd65f6a84d Speedup reencryption test. 2018-02-23 13:50:44 +01:00
Milan Broz
6d2979459e Key parameter is always const in cipher and storage backend. 2018-02-23 10:40:17 +01:00
Milan Broz
dee38e9c0b Rename buffer to key in hmac_init in crypto backend. 
It is key and naming was confusing.
 2018-02-23 10:40:14 +01:00
Milan Broz
b4fc36ea62 Make all crypto backend destructors return void. 
Nothing in the code actually checks the return values anyway.
 2018-02-23 10:40:11 +01:00
Milan Broz
fb6b4739e4 Clean up keyring handling. 
Move all keyring functions to one place and separate LUKS2 specific
code to generic handling.

Also fix possible mismatch if volume key is in keyring but it is not native
LUKS2 device (libarary cannot process such a device properly).
 2018-02-22 15:26:07 +01:00
Milan Broz
32700cc51b Fix possible dereference of type string. 2018-02-22 15:26:03 +01:00
Milan Broz
1ac353d24e Allocate key description in volume key. 
The key description is now allocated by volume key wrappers.
 2018-02-22 15:23:11 +01:00
Ondrej Kozina
d7686201dc Grow fs images and alter tests accordingly. 2018-02-22 15:22:39 +01:00