eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-18 22:30:07 +01:00
Code Issues Packages Projects Releases Wiki Activity
3,546 Commits 13 Branches 80 Tags
a76c96d3610a78b99e74e467acbbbc51a2b13634
Commit Graph

789 Commits

Author SHA1 Message Date
Vojtěch Trefný
64ebe95751 Check sha256 sums of the bitlk images in tests 2019-12-30 21:53:06 +01:00
Vojtěch Trefný
77109b3a33 Edit BitLocker test images to be compatible with older blkid 
We need to keep the mirror NTFS MFT too because older versions of
blkid check it too.
 2019-12-30 21:53:06 +01:00
Milan Broz
2227797691 Bitlk: move test for older blkid. 2019-12-30 21:53:06 +01:00
Milan Broz
bb8088ca0f Another fix for ancient systems. 2019-12-30 21:53:06 +01:00
Milan Broz
26f4bc39fc Fix tes for very old bash. 2019-12-30 21:53:06 +01:00
Milan Broz
025e4d9fc6 Fix bitlk test on older systems. 2019-12-30 21:53:06 +01:00
Vojtěch Trefný
0b6dfefcec Add tests and test images for BitLocker 2019-12-30 21:53:06 +01:00
Milan Broz
ec59d31d04 Remove AEAD tests dor MORUS and AEGIS ciphers. 
These variants were removed from mainline kernel.
 2019-11-25 23:16:53 +01:00
Milan Broz
ddd15b63b2 Add backward compatibility flags API. 
We need to have some way hot to configure old integrity devices
with legacy padding.

For now, also use in tests to not fail checksum with new kernel.
 2019-11-25 23:14:58 +01:00
Milan Broz
48b203a134 Add crypt_resume_by_volume_key() function. 
If user has volume key available, LUKS device can be resumed
directly using provided volume key.
No keyslot derivation is needed, only key digest is checked.

Fixes: #502.
 2019-11-24 18:04:41 +01:00
Milan Broz
2746fd708f Implement active device suspend info. 
Add CRYPT_ACTIVATE_SUSPENDED bit to crypt_get_active_device() flags
that informs the caller that device is suspended (luksSuspend).

Fixes: #501.
 2019-11-24 16:56:26 +01:00
Ondrej Kozina
684f43d84d Clarify confirmation prompt text. 
Fixes: #473
 2019-11-22 15:34:16 +01:00
Milan Broz
6b1be52e6b Fix LUKS1 format if pkbdf benchamr is disabled. 
We use minimum iteration for key digest in this case
(the same already used in LUKS2).

Fixes: #478.
 2019-11-22 13:02:41 +01:00
Ondrej Kozina
de6258d366 Allow --test-passphrase for detached header alone. 
Before this fix we required data device specified on cmd line
even though it was not necessary for testing passphrase.

Fixes: #487.
 2019-11-19 14:36:06 +01:00
Ondrej Kozina
5e4dbf33be Allow --key-file option in legacy offline encryption. 
The option was ignored for LUKS1 encryption initialization.

Fixes: #491.
 2019-11-19 12:41:14 +01:00
Ondrej Kozina
0a9e7028ae Fix LUKS2 encryption initialization with non-zero keyslot. 
Positive keyslot number was interpreted as a failure.
 2019-11-08 13:15:37 +01:00
Ondrej Kozina
dd6abe9375 Add luks2-reencryption-test to valgrind checks. 2019-10-22 15:07:57 +02:00
Ondrej Kozina
bb857dcef2 Silence reencryption compat test. 2019-10-11 12:40:14 +02:00
Milan Broz
99c4e83994 Properly support LTLIBINTL setting in Makefiles. 
Fixes #479.
 2019-10-08 15:26:13 +02:00
Milan Broz
ca2f5a8160 Fix tests in previous commits. 2019-10-08 14:58:07 +02:00
Ondrej Kozina
21edd66892 Allow LUKS2 reencryption to run on systems w/o kernel keyring service. 2019-10-07 14:08:41 +02:00
Ondrej Kozina
3e9d6b6960 Temporarily disable test failing due to deferred remove after decryption. 2019-10-04 13:46:13 +02:00
Ondrej Kozina
c4c4f9d159 Mark active device for deferred remove after decryption gets finished. 2019-10-04 12:20:34 +02:00
Ondrej Kozina
9c38e09ad3 Retain activation flags during and after online reencryption. 2019-10-04 12:20:06 +02:00
Ondrej Kozina
5f2e8d6062 Allow LUKS2 device activation after encryption initialization. 
It may be useful to activate device right after LUKS2 encryption
is initialized:

device is ready to use immediately even if data encryption runs in
the background for a long time

It simplifies encryption initialization during reboot.
 2019-10-04 12:19:34 +02:00
Milan Broz
4eeb741358 Report kernel FIPS mode in module version test. 2019-10-03 14:01:27 +02:00
Ondrej Kozina
bb1ce4a069 Check plain crypt device is properly aligned on activation. 2019-10-02 13:40:10 +02:00
Ondrej Kozina
5e3e4a225e Check resize operation is aligned to device logical size. 
Fixes #486.
 2019-10-01 12:41:43 +02:00
Ondrej Kozina
583d05e32a Fix upconversion to LUKS2 with detached header. 
The check for enough space before moving keyslots data did not expect real
detached header size to be less than aligned LUKS1 header size.

Also if detached header is placed in regular file we can grow so that
moved keyslots area fit the file.

Fixes #445.
 2019-09-09 19:01:01 +02:00
Ondrej Kozina
2c0914b2ba Fix LUKS2 reencryption recovery test. 
Fix corner case when head or tail of test device is remapped
to error target for writes.
 2019-09-09 14:07:30 +02:00
Yuri Chornoivan
f26a9abddb Fix minor typos 2019-09-02 09:20:47 +00:00
Milan Broz
a6e8db99b3 Fix test for very old kernels that truncate loop backing file info. 2019-08-30 10:41:04 +02:00
Ondrej Kozina
593f5ee569 Reinstate missing backing file hint for loop device. 
This regression was introduced in cryptsetup 2.0.0 release
with refactoring "Enter passphrase for (dev)" prompt.

With cryptsetup 1.7.5, "cryptsetup open /dev/loop0" printed
following prompt:

"Enter passphrase for /path/to/loop/backing_file:"

Whereas cryptsetup 2.0.0 and on printed following one:

"Enter passphrase for /dev/loop:"

Reported in https://bugzilla.redhat.com/show_bug.cgi?id=1726287

Fixes: 39698fa6b7 ("Remove terminal input from libcryptsetup API calls.")
Fixes: c80acbe4c8 ("Add back "Passphrase for (dev):" prompt.")
Fixes: 5171f65c05 ("tests only: Return back password retry support for luksOpen.")
 2019-08-30 09:39:41 +02:00
Ondrej Kozina
4862e22cd0 Add opt-io size parameter to LUKS2 reencrypt test device. 
So that we can test recovery is not broken for optimal io size
optimization added to reencryption code.
 2019-08-30 09:39:38 +02:00
Milan Broz
8f8f0b3258 Fix mapped segments overflow on 32bit architectures. 
All set_segment funcions must use uin64_t everywhere,
not size_t that is platform dependent.

The code later uses it correctly, it is just wrong function
prototype definitions.

Reported in
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935702

(TODO: add a test for other segment types.)
 2019-08-26 10:04:07 +02:00
Milan Broz
d9283970a5 Fix API test in FIPS mode. 2019-08-22 23:35:28 +02:00
Milan Broz
994afad279 Add veracrypt system encryption image. 2019-08-22 15:38:35 +02:00
Milan Broz
725720dfc3 Fix volume key file if no LUKS2 keyslots are present. 
If all keyslots are removed, LUKS2 has no longer information about
the volume key size (there is only key digest present).

If user wants to open or add new keyslot, it must get information
about key size externally.

We do not want to guess key size from the file size (it does not
work for block devices for example), so require explicit --keyfil
option in these cases.

Fixes #470.
 2019-08-14 12:31:40 +02:00
Milan Broz
5febae8ad0 Fix warnings and flock access to test file in tests. 2019-08-13 10:36:41 +02:00
Ondrej Kozina
574170488c Update LUKS2 reencryption api tests. 2019-08-02 16:57:03 +02:00
Ondrej Kozina
9ea99efe13 Add test for absolute path passed to --active-name parameter. 2019-08-02 16:57:03 +02:00
Ondrej Kozina
b3af88708d Change reencryption mode parameter type to enum. 2019-08-01 15:40:53 +02:00
Ondrej Kozina
b96ce0b764 Add LUKS2 reencryption test for detached header misuse. 2019-08-01 10:43:57 +02:00
Milan Broz
e7027e3d40 Revert back last cleanup call in api-test. 
Removed by a mistake.
 2019-07-31 12:15:49 +02:00
Milan Broz
243690b5ab Disalble luks2-reencryption-test in FIPE mode for now. 2019-07-31 12:03:44 +02:00
Milan Broz
5b5f76002e Fix various tests to run again in FIPS OpenSSL mode. 2019-07-31 10:27:58 +02:00
Milan Broz
1d59ae9aa9 Remove FIPS mode restriction for crypt_volume_key_get. 
It is an application responsibility to use this API in the proper
context.
 2019-07-30 14:12:50 +02:00
Milan Broz
8fde1b9f2c Mark API tests as skipped if setup phase fails. 2019-07-30 13:18:34 +02:00
Milan Broz
5e03f8c725 Always close context before failing API test. 
Some devices could be still open delaying removal in cleanup.
 2019-07-30 13:14:12 +02:00
Milan Broz
d6d4a50f7c Rename cd1-> cd in api test2. 2019-07-30 10:48:08 +02:00