eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2026-01-06 15:35:29 +01:00
Code Issues Packages Projects Releases Wiki Activity
2,417 Commits 15 Branches 81 Tags
a9e32c55c05aac24166f84f60bcc27100f16f20f
Commit Graph

2417 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ondrej Kozina
b72ea28540 Fix regression in veracrypt system partition unlock. 
Do not close base device file descriptor before reading from it.

Fixes #472.
 2019-08-22 13:57:16 +02:00
Ondrej Kozina
fc69c6fac4 Add hint for online reencryption in cryptsetup-reencrypt man page. 
command "man cryptsetup reencrypt" gets redirected to
cryptsetup-reencrypt man page. This may confuse users that LUKS2 online
reencryption is managed by offline utility.
 2019-08-20 13:14:01 +02:00
Milan Broz
4100fd2817 Update Readme.md for 2.2.0. 2019-08-15 08:48:25 +02:00
Milan Broz
686744e48e Prepare version 2.2.0. v2.2.0 2019-08-14 20:38:23 +02:00
Milan Broz
0f49221f57 Add ja.po translation. 2019-08-14 20:37:40 +02:00
Milan Broz
725720dfc3 Fix volume key file if no LUKS2 keyslots are present. 
If all keyslots are removed, LUKS2 has no longer information about
the volume key size (there is only key digest present).

If user wants to open or add new keyslot, it must get information
about key size externally.

We do not want to guess key size from the file size (it does not
work for block devices for example), so require explicit --keyfil
option in these cases.

Fixes #470.
 2019-08-14 12:31:40 +02:00
Milan Broz
96cdb8edb7 Return error if keysize is 0. 
Also use read_buffer to support partial read.
 2019-08-14 12:18:04 +02:00
Milan Broz
7aa197be7d Print better warning if online reencrypt is called over LUKS1. 2019-08-14 08:14:02 +02:00
Ondrej Kozina
ea1dbfe961 Fix minimal size check for device in LUKS2 reencryption. 
Commit 4c73da31 exposed another bug in minimal device size check.
During reencryption initialization wrong data offset value was used
and adjusted as if device was already undergoing reencryption. The
bug fixed by commit 4c73da31 hid this bug.

This is hotfix only and following functions needs more review:

- LUKS2_reencrypt_data_offset
- LUKS2_get_data_offset
- luks2_check_device_size
- LUKS2_get_data_size
 2019-08-13 20:34:14 +02:00
Milan Broz
4c73da31ba Fix bugs found by Coverity. 2019-08-13 12:20:18 +02:00
Milan Broz
5febae8ad0 Fix warnings and flock access to test file in tests. 2019-08-13 10:36:41 +02:00
Milan Broz
d06f01a7d7 Update po files. 2019-08-13 09:26:04 +02:00
Ondrej Kozina
54d757a4c7 Fix illegal access to deallocated memory. 
When deallocating context with LUKS2 reencryption handle
we access data device structure after being free'd.
 2019-08-09 12:43:23 +02:00
Ondrej Kozina
a23e1cf729 LUKS2 code cleanup. 
- drop unused code
- drop unused function declarations
- remove local routines from internal api
 2019-08-05 18:29:37 +02:00
Ondrej Kozina
91879960e6 Move most of crypt_reencrypt_status to reencryption file. 2019-08-05 18:29:37 +02:00
Ondrej Kozina
270e6959b8 Make crypt_reencrypt_status return 'none' value for non-LUKS2 devices. 2019-08-05 18:29:37 +02:00
Ondrej Kozina
cbb3ca01f4 Reencryption code cleanup. 
- Remove all 'LUKS2_' name prefixes from internal routines
- Make all internal routines prefixed with 'reencrypt_' instead
- Drop few static routines by refactoring
- Rename all variables and routines containing 'pre' prefix to
  contain 'hot' prefix instead (when referring to segments
  undergoing reencryption)
- Rename all variables and routines containing 'after' prefix to
  contain 'post' prefix instead
- Rename all routines prefixed with '_' to 'reencrypt_' instead
 2019-08-05 18:29:35 +02:00
Ondrej Kozina
9845d6fd40 Shorten reencryption parameters debug message. 2019-08-05 18:28:15 +02:00
Ondrej Kozina
e5a59d6925 Remove json debug reencryption metadata fragments. 2019-08-05 18:28:15 +02:00
Ondrej Kozina
574170488c Update LUKS2 reencryption api tests. 2019-08-02 16:57:03 +02:00
Ondrej Kozina
9ea99efe13 Add test for absolute path passed to --active-name parameter. 2019-08-02 16:57:03 +02:00
Ondrej Kozina
b3af88708d Change reencryption mode parameter type to enum. 2019-08-01 15:40:53 +02:00
Ondrej Kozina
b96ce0b764 Add LUKS2 reencryption test for detached header misuse. 2019-08-01 10:43:57 +02:00
Ondrej Kozina
97ea39404a Allow reencryption to parse names prefixed with /dev. 2019-08-01 10:43:57 +02:00
Ondrej Kozina
4054f26c4d Add dm_device_name helper. 
Gets dm name from absolute device path.
 2019-08-01 10:43:57 +02:00
Ondrej Kozina
7380731bf7 Do not fail reencryption silently when --active-name is not LUKS2. 2019-08-01 10:43:57 +02:00
Ondrej Kozina
3bea349f9e Optionaly check device table before reencryption initialization. 2019-08-01 10:43:57 +02:00
Ondrej Kozina
98e0c8d609 Extend device table check in-before reencryption. 2019-08-01 10:43:57 +02:00
Ondrej Kozina
71f7385fcb Add support for linear segment in device comparison. 2019-08-01 10:43:57 +02:00
Ondrej Kozina
fbedf0ba6b Improve dm-crypt segments comparison function. 
Check key descriptions are identical if both targets
were constructed using keys in kernel keyring service.
 2019-08-01 10:40:37 +02:00
Ondrej Kozina
cf710eab13 Add internal crypt_compare_dm_devices. 2019-08-01 10:40:37 +02:00
Ondrej Kozina
b216a6a30e Introduce crypt_strcmp function (allows NULL). 2019-07-31 14:58:55 +02:00
Ondrej Kozina
b79086b3e9 Refactor assembly of multi-segment LUKS2 devices. 2019-07-31 14:58:55 +02:00
Ondrej Kozina
b551bdb0ce Make json_segments_count fn return unsigned value. 2019-07-31 14:58:55 +02:00
Ondrej Kozina
0886bc7afd Check for error sooner while assigning reencryption segments. 
Also wraps function parameters definition.
 2019-07-31 14:58:55 +02:00
Milan Broz
e7027e3d40 Revert back last cleanup call in api-test. 
Removed by a mistake.
 2019-07-31 12:15:49 +02:00
Milan Broz
243690b5ab Disalble luks2-reencryption-test in FIPE mode for now. 2019-07-31 12:03:44 +02:00
Milan Broz
5b5f76002e Fix various tests to run again in FIPS OpenSSL mode. 2019-07-31 10:27:58 +02:00
Milan Broz
fc03f1a1e6 Fix TCRYPT KDF failyure in FIPS mode. 
SOme crypto backends now supports plain hash, but not PBKDF2 with
the same hash in FIPS mode.

Let's continue scanning other KDF if this error happens.
 2019-07-31 10:25:54 +02:00
Milan Broz
1d59ae9aa9 Remove FIPS mode restriction for crypt_volume_key_get. 
It is an application responsibility to use this API in the proper
context.
 2019-07-30 14:12:50 +02:00
Milan Broz
8fde1b9f2c Mark API tests as skipped if setup phase fails. 2019-07-30 13:18:34 +02:00
Milan Broz
5e03f8c725 Always close context before failing API test. 
Some devices could be still open delaying removal in cleanup.
 2019-07-30 13:14:12 +02:00
Milan Broz
d6d4a50f7c Rename cd1-> cd in api test2. 2019-07-30 10:48:08 +02:00
Milan Broz
fe4e1de566 Mention limitiation of crypt_get_volume_key_size(). 2019-07-29 14:32:13 +02:00
Ondrej Kozina
e0d34b8f47 Add basic LUKS2 reencryption api test. 2019-07-26 16:20:36 +02:00
Ondrej Kozina
17c9d35449 Update reencryption flags description. 2019-07-26 16:09:38 +02:00
Ondrej Kozina
0e994265c6 Report data segment is moved in crypt_reencrypt_status. 2019-07-26 16:09:38 +02:00
Ondrej Kozina
e16319a290 Fail encryption initialization when data device too small. 2019-07-26 16:09:38 +02:00
Ondrej Kozina
c033643f07 Fix corner case bug in encryption with data shift. 
If we initialized encryption with data shift and only single
segment the resulting metadata were missing
CRYPT_REENCRYPT_MOVE_FIRST_SEGMENT flag and also segments json section was
invalid.
 2019-07-26 16:06:03 +02:00
Ondrej Kozina
607e2248c8 Simplify LUKS2_reencrypt_direction function. 2019-07-26 16:06:03 +02:00