eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-19 06:40:08 +01:00
Code Issues Packages Projects Releases Wiki Activity
2,267 Commits 13 Branches 80 Tags
a1111c7aa0ff267427bba440cc38bbf765d4cb1c
Commit Graph

2267 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Milan Broz
825fc895dc Fix some signed/unsigned comparison warnings. 2018-10-14 20:36:45 +02:00
Milan Broz
a74aecedf1 Set devel version. 2018-10-14 20:24:34 +02:00
Milan Broz
fa1f63bcd0 Update po files. 2018-10-14 20:23:32 +02:00
Milan Broz
c2bce3e93e Wipe full header areas (including unused) during LUKS format. 
All previous version of cryptsetup wiped only first 4k for LUKS1
and both JSON areas for LUKS2 (first 32k) and the allocated
keyslot area (as it contained the generated key).

Remaining areas (unused keyslots, padding, and alignment) were
not wiped and could contain some previous data.

Since this commit, the whole area up to the data offset is zeroed,
and subsequently, all keyslots areas are wiped with random data.

Only exceptions are
 - padding/alignment areas for detached header
   if the data offset is set to 0
 - bogus LUKS1 keyslot areas (upstream code never
   created such keyslots but someone could use that).

This operation could slow down luksFormat on some devices, but
it guarantees that after this operation LUKS header does not
contain any foreign data.
 2018-10-14 13:11:50 +02:00
Milan Broz
a46733e701 Reintroduce error message if LUKS device is not detected. 
Older cryptsetup printed this message through library,
later it disappeared even in cryptsetup binary.
 2018-10-13 10:13:29 +02:00
Milan Broz
8f350f9b9f Print error message if crypt_load() detects unsupported version of LUKS. 2018-10-12 12:34:43 +02:00
Milan Broz
484692aacd Do not ask wiping questions in format if we just created the file. 2018-10-12 12:24:42 +02:00
Milan Broz
7f0df99511 Properly parse errno to error message for devices. 2018-10-12 12:03:56 +02:00
Milan Broz
bebd2fe7e7 Do not print error for used device twice. 2018-10-12 12:03:54 +02:00
Milan Broz
36e8839675 Do not fail if device is smaller than requested wipe size. 2018-10-11 21:20:34 +02:00
Ondrej Kozina
61305a50c1 Add delay=0 parameter to scsi_debug in all tests. 
Speed up tests significantly.
 2018-10-11 16:21:36 +02:00
Milan Broz
1d7749a40f Show better errors if kesylot decryption fails. 
This happens also in cipher check where the old message was
very confusing.
 2018-10-11 15:41:35 +02:00
Milan Broz
f01d044618 Print file name size instead of a loop device in error messages. 2018-10-11 15:40:22 +02:00
Milan Broz
31532adf86 Do not copy buffer if read fails. 2018-10-11 15:39:31 +02:00
Milan Broz
879e06db39 Wiping empty device should not fail. 2018-10-11 15:38:56 +02:00
Milan Broz
4beb0f702a Do not allow device activation if data area overlaps with LUKS header. 2018-10-11 11:55:45 +02:00
Ondrej Kozina
a771460dbd Add validation tests for optional segment flags section. 2018-10-11 11:55:26 +02:00
Ondrej Kozina
f849f83d84 Add validation code for option flags section of segment. 2018-10-11 11:55:22 +02:00
Ondrej Kozina
1d084a41ad Add support for optional flags section in LUKS2 segments dump. 2018-10-11 11:55:18 +02:00
Ondrej Kozina
c4198986f1 Sort LUKS2 segments by keys in crypt_dump output. 2018-10-11 11:55:13 +02:00
Milan Broz
7514786b20 Add an error message if device is unusable. 2018-10-04 20:00:12 +02:00
Milan Broz
9df042c0b8 Use explicit_bzero if available. 2018-10-04 15:21:01 +02:00
Ondrej Kozina
37e0150f70 Do not use fallocate in blockwise tests. 
fs driver may skip some sanity checks if it's aware the content
of file is uninitialized.

Fixes warnings for xfs in kernel 4.19+
 2018-10-04 11:20:03 +02:00
Milan Broz
294e4cbcb7 Fix tcrypt test on very old distros. 2018-10-02 13:56:57 +02:00
Milan Broz
952716afe1 Report versions in test run. 2018-10-02 13:46:03 +02:00
Milan Broz
24aba9a514 tcrypt: Support additional Veracrypt modes. 
Add support for Camellia and Kuznyechik ciphers and Streebog hash functions,
introduced in recent Veracrypt.

Note, that Kuznyechik requires out-of-tree kernel module and Streebog
hash function is available only with gcrypt backend.
 2018-10-02 10:47:38 +02:00
Milan Broz
905993751c Fix integritysetup build. 2018-09-29 18:28:10 +02:00
Milan Broz
0b10d877b0 Some more gcc warnings fixes. 2018-09-29 17:32:33 +02:00
Milan Broz
874fa5810d Do not use local libutils. 2018-09-29 10:42:05 +02:00
Milan Broz
5be31bbce6 More warnings fixes. 2018-09-27 20:54:06 +02:00
Milan Broz
a6e3a31690 Workaround for some gcc8 warnings. 
Some new string length checks are too clever now...
 2018-09-27 13:25:52 +02:00
Milan Broz
506f3f7b57 Decrease memory limit for pbkdf test. 2018-09-26 10:48:31 +02:00
Ondrej Kozina
cd1c36ef94 Allow passphrase change for unbound keyslots. 
Also fixes small typo in API.

Fixes #409.
 2018-09-25 13:13:31 +02:00
Ondrej Kozina
ee689d88b4 Add blkid scan when attemting to open plain device. 
Warn user about existing device signatures on candidate ciphertext
device and prompt for action confirmation.

Fixes #411.
 2018-09-25 13:13:18 +02:00
Ondrej Kozina
b93b676336 Move blkid scan after device context initialization. 
Fixes bug with misleading error message when target device
does not exist.
 2018-09-25 08:55:24 +02:00
Ondrej Kozina
1c6d66fccc Emit error message for converting inactive keyslot. 
Fixes: #416.
 2018-09-25 08:53:48 +02:00
Ondrej Kozina
114356ad2e Properly load new device context after header restore. 2018-09-25 08:53:26 +02:00
Ondrej Kozina
7ab419701c Rename get_key_size_strlen() to int_log10(). 
because that's what the function does
 2018-09-25 08:52:29 +02:00
Ondrej Kozina
d41b1a7560 Unify checks for misaligned values. 2018-09-25 08:51:51 +02:00
Ondrej Kozina
622943529e Wipe LUKS header if luksFormat fails to add first keyslot. 2018-09-25 08:45:03 +02:00
Ondrej Kozina
9d7cc152f9 Do not enforce iv_tweak alignment in LUKS2 validation. 
1) iv_tweak is not in 'bytes'
2) it may be arbitrary number
3) there's no reason to enforce alignment to encryption sector size

Fixes #406.
 2018-09-25 08:44:31 +02:00
Milan Broz
3f73d448f3 Retry temporary device removal in align test. 2018-09-10 15:53:27 +02:00
Milan Broz
a1b606803f Fix HMAC vector test exit value. 2018-09-05 14:38:16 +02:00
Michal Virgovič
b2c7b40568 Add test vectors for HMAC - sha1, sha256, sha512. 2018-09-05 14:17:25 +02:00
Milan Broz
0cbe09d43a Rephrase LUKS info. 2018-09-03 15:16:31 +02:00
Milan Broz
f1d5b94762 Run API tests without verbose flag by default. 
And rename some tests.
 2018-08-10 12:36:15 +02:00
Ondrej Kozina
6fc2e7c774 Skip pbkdf benchmark in align-test (test speedup). 2018-08-10 08:20:00 +02:00
Ondrej Kozina
3b39c1d1ef Fix data alignment test in compat-test2. 
Alignment should not expected failure when --align-payload is not
aligned to encryption sector size.
 2018-08-10 08:19:49 +02:00
Ondrej Kozina
5a3e4abf71 Add basic LUKS2 align test. 2018-08-10 08:19:38 +02:00
Ondrej Kozina
48e9362186 Do not enforce encryption sector size alignment on data offset. 
crypt segment data offset has nothing to do with encryption sector
size. The device may hint alignment offset which is completely
unrelated and LUKS2 validation blocks it.
 2018-08-10 08:19:17 +02:00