eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-20 07:10:08 +01:00
Code Issues Packages Projects Releases Wiki Activity
3,546 Commits 13 Branches 81 Tags
a76c96d3610a78b99e74e467acbbbc51a2b13634
Commit Graph

3546 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ondrej Kozina
d3079c2fb3 Do not resume reencryption with conflicting parameters. 
Do not resume reencryption operation with conflicting parameters.
For example if operation was initialized as --encrypt do not
allow resume with oposing parameter --decrypt and vice versa.

Also checks for conflicting --resilience parameters (datashift cannot
be changed after initialization).

Previously, conflicting reencryption parameters were silently ignored.
So, for example operation initialized with mode --encrypt and resumed
with mode --decrypt simply finished --encrypt operation and did not
report any error. This could lead to impresion different type of
operation was perfomed instead.

Fixes: #570.
 2022-04-07 13:49:40 +02:00
Ondrej Kozina
b661452e3a Asks offline reencryption confirmation only with image files. 
If auto-detection fails for other reason just return the
error. Users may now bypass active device auto-detection
with --force-offline-reencrypt option.
 2022-04-07 11:51:41 +02:00
Ondrej Kozina
31c4afbc17 Add --force-offline-reencrypt option. 
It can be used to enforce offline reencryption
in batch mode when data_device is regular file
and therefore cryptsetup cannot detect properly
active device dm name.

Also it may be useful when active device
auto-detection fails for some reason and user
has no other choice but inspect device holders
manually.
 2022-04-06 22:59:37 +02:00
Ondrej Kozina
496a0e37c4 Active device auto-detection code cleanup. 2022-04-06 22:59:35 +02:00
Ondrej Kozina
8c04264fb3 Reduce code duplication in active device auto-detection. 2022-04-06 22:57:13 +02:00
Milan Broz
db1ff4cf88 Silence false positive Coverity warning. 
The init_keyslot_passwords() allocates properly sized arrray here.
 2022-03-30 17:53:14 +02:00
Milan Broz
3e4368feeb Use link to main branch. 2022-03-30 13:08:57 +02:00
Milan Broz
faee0e694f Use main branch in GitHub CI. 2022-03-30 13:07:55 +02:00
Milan Broz
7a38f16cef Use volume key in FAQ. 2022-03-29 19:06:38 +00:00
Milan Broz
08aa2ca242 Replace master on a few more places. 2022-03-29 19:06:38 +00:00
Milan Broz
3a56cf05bf Replace mk_ with vk_ name prefix. 2022-03-29 19:06:38 +00:00
Milan Broz
b6c36f50ba Replace name master with volume key. 
And keep two tests for compatibility.
 2022-03-29 19:06:38 +00:00
Milan Broz
b050448db9 Add aliases for --volume-key-file and --dump-volume-key-file. 2022-03-29 19:06:38 +00:00
Milan Broz
68796e12dd Replace OPT_MASTER_KEY_FILE_ID with OPT_VOLUME_KEY_FILE_ID. 2022-03-29 19:06:38 +00:00
Milan Broz
650c7e8b67 Enable csmock for merge requests. 2022-03-29 15:40:48 +00:00
Milan Broz
0dc18fba22 Fix a leak in error path. 
Also fix a warning, all detected by Coverity scan.
 2022-03-29 15:40:48 +00:00
Milan Broz
1116289de4 Try to load dm-integrity in api-test. 2022-03-29 14:17:53 +00:00
Milan Broz
1595fcf479 Do not run keyed integrity resize tests for older kernel. 2022-03-29 14:17:53 +00:00
Milan Broz
c4c1ca2224 Use batch mode for integrity resize test. 2022-03-29 14:17:53 +00:00
Ondrej Kozina
2b42968e92 Port cryptsetup --new option to CRYPT_ARG_ALIAS type. 2022-03-29 12:54:58 +02:00
Ondrej Kozina
e2a5af9e64 Add new argument type CRYPT_ARG_ALIAS. 
It can be used to easily define option
aliases for command line utilities.
 2022-03-29 12:54:15 +02:00
Milan Broz
e4ed545cbf Remove debug line from api-test. 2022-03-28 22:27:54 +02:00
Ondrej Kozina
65be641f20 Refactor LUKS reencryption. 2022-03-24 15:14:32 +00:00
Ondrej Kozina
ce55fa4d1c Refactor LUKS decryption. 2022-03-24 15:14:32 +00:00
Ondrej Kozina
92baacadad Refactor LUKS encryption. 
It also adds hardened checks for accidental
nested device encryption.
 2022-03-24 15:14:32 +00:00
Ondrej Kozina
2e59229e5a Add checks for some conflicting requests. 
It also moves device load for reencryption purposes
further up in code path to better optimize the code
later.
 2022-03-24 15:14:32 +00:00
Ondrej Kozina
3f42b69fc8 Add reencrypt_luks2_resume helper. 
To be used later.
 2022-03-24 15:14:32 +00:00
Ondrej Kozina
b10c0b6a02 Simplify load_luks2_by_name. 
Also adds specific error messsage when device
is not actualy LUKS2.
 2022-03-24 15:14:32 +00:00
Ondrej Kozina
f388662418 Remove 'type' argument from load_luks helper. 
The code removal will help simplify further code
changes.
 2022-03-24 15:14:32 +00:00
Ondrej Kozina
8bc10ee853 Rename luks2 reencryption initialization routines. 2022-03-24 15:14:32 +00:00
Ondrej Kozina
b663b9305c Add helper for checking data device type during encryption. 
In case operation is invoked with --header parameter
check if data device does not already contain LUKS device
 2022-03-24 15:14:32 +00:00
Ondrej Kozina
828555db97 Remove unused code in helper routine. 2022-03-24 15:14:32 +00:00
Ondrej Kozina
ba08f02a40 Move helper for LUKS2 auth. encryption detection. 2022-03-24 15:14:32 +00:00
Ondrej Kozina
a55b0530a4 Restrict --active-name to LUKS2 type only. 2022-03-24 15:14:32 +00:00
daniel.zatovic
a2f30ebd4c Display progress when wiping the end of resized device. 2022-03-24 11:38:16 +01:00
daniel.zatovic
d20d41c7a5 Add log messages, when kernel doesn't support resize. 2022-03-24 11:38:16 +01:00
daniel.zatovic
4eba55c73e Add tests for integritysetup resize action. 2022-03-24 11:38:16 +01:00
daniel.zatovic
29ddd68a0f Add API tests for resize of integrity volume. 2022-03-24 11:38:16 +01:00
daniel.zatovic
9707b71f98 Describe resize action in manual page. 2022-03-24 11:38:16 +01:00
daniel.zatovic
36cdda870b Add resize action to integritysetup. 
Fixes: #594.
 2022-03-24 11:38:16 +01:00
daniel.zatovic
9b8a872006 Add support for resizing raw integrity devices. 2022-03-24 11:38:16 +01:00
daniel.zatovic
45b808c186 Move checking for detached integrity metadata device. 
To allow resizing integrity devices with detached metadata device, the
check has to be moved from _compare_integrity_devices to
_reload_device_with_integrity.
 2022-03-24 11:38:16 +01:00
daniel.zatovic
87afb9d783 Remove size parameter comparison for integrity devices. 
To support device resize, we can not compare the device size (it is
already not compared for crypt devices).
 2022-03-24 11:38:16 +01:00
daniel.zatovic
86402a1102 Add API tests for refreshing integrity devices. 2022-03-24 11:38:16 +01:00
daniel.zatovic
64e7c3d3b1 Add support for refreshing integrity devices. 
If the provided key is NULL, we load it from the active device. This is
always available, since keyring keys are not supported in kernel for
integrity devices.
 2022-03-24 11:38:16 +01:00
daniel.zatovic
f6c1445c6b Add support for querying journal active devices for integrity and encryption keys. 2022-03-18 09:56:59 +00:00
Ondrej Kozina
f5724a30f9 Test nested encryption is not possible. 2022-03-17 19:07:10 +00:00
Ondrej Kozina
47f31205cf Do not allow nested encryption in LUKS reencrypt. 
Try to avoid accidental nested encryption via
cryptsetup reencrypt --new/--encrypt command.

If detached header or data device is already reported
as LUKS1 or LUKS2 device operation gets aborted.

Fixes: #713.
 2022-03-17 19:07:10 +00:00
Ondrej Kozina
5bd5462a9e Improve helpers for reencryption utilities. 
Also clarifies some code path.
 2022-03-17 19:07:10 +00:00
Ondrej Kozina
d1f0376c77 Decouple auth. encryption check from in-reencrypt detection. 2022-03-17 19:07:10 +00:00