eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-06 00:10:04 +01:00
Code Issues Packages Projects Releases Wiki Activity
3,230 Commits 14 Branches 78 Tags
ab975bc1c4082c4592a075fba26cce0b3f22ad62
Commit Graph

47 Commits

Author SHA1 Message Date
Milan Broz
ab975bc1c4 Update copyright year. 
And unify format in several places.
 2022-01-29 10:43:02 +01:00
Milan Broz
f8eb7b225a Do not load own OpenSSL backend context in FIPS mode. 
In the FIPS mode keep configuration up to the system wide config.
 2021-09-13 21:56:59 +02:00
Milan Broz
4cdd826282 Check exit value for snprintf where it makes sense. 2021-05-18 22:07:47 +02:00
Milan Broz
25cd2b2fb7 Add Blake2b and Blake2s hash support for crypto backend. 
We support most recent crypto algorithms, so this
is only addition of the Blake hash family.

Kernel and gcrypt crypto backend supports all variants,
OpenSSL only Blake2b-512 and Blake2s-256.

There is no useable support for NSS and Nettle yet.

Crypto backend supports kernel notation e.g. "blake2b-512"
that is translated to the library backend names.
 2021-03-22 11:16:53 +01:00
Milan Broz
4471452105 Remove some stale FIXME markings. 2021-02-11 11:12:11 +00:00
Milan Broz
d703301fe8 Mark or remove unused parameters. 
Mark unused parameters with proper attribute where it is a part
of API or some internal logic.

And remove other unused parameters completely.
 2021-02-11 11:12:11 +00:00
Milan Broz
d1d9dd8e20 Update Copyright year. 2021-01-25 22:00:25 +01:00
Francesco Turco
a491b938ba use HTTPS for URLs 2020-07-04 16:43:23 +02:00
Ondrej Kozina
1e94425279 Remove unused parameter from crypto_backend_init. 2020-03-20 11:32:57 +01:00
Milan Broz
080566a1fd Update copyright year. 2020-01-03 13:04:55 +01:00
Milan Broz
51edfb4ec9 Bitlk: add gcrypt key backend. 2019-12-30 21:53:06 +01:00
Milan Broz
79019b1ced Bitlk: Move crypt key handling to crypto backend. 2019-12-30 21:53:06 +01:00
Milan Broz
1192fd27c6 Add query for cipher implementation is used through kernel API. 2019-03-01 21:43:10 +01:00
Milan Broz
cd1cb40033 Use crypto library for ciphers if algorithms are available. 2019-03-01 21:34:22 +01:00
Milan Broz
fc37d81144 Move crypt_cipher to per-lib implementation. 
For now, it calls kernel fallback only.
 2019-03-01 21:14:13 +01:00
Milan Broz
a859455aad Move block ciphers backend wrappers to per-library files. 
For now it always fallbacks to kernel crypto API.
 2019-03-01 21:10:50 +01:00
Milan Broz
93d596ace2 Introduce internal backend header. 
And remove commented-out test vectors (moved to tests).
 2019-03-01 20:39:33 +01:00
Milan Broz
a6f5ce8c7b Update copyright year. 
And unify name copyright format.
 2019-01-25 09:45:57 +01:00
Milan Broz
dee38e9c0b Rename buffer to key in hmac_init in crypto backend. 
It is key and naming was confusing.
 2018-02-23 10:40:14 +01:00
Milan Broz
b4fc36ea62 Make all crypto backend destructors return void. 
Nothing in the code actually checks the return values anyway.
 2018-02-23 10:40:11 +01:00
Milan Broz
1fe014dbae Update copyright year. 2018-01-20 17:55:21 +01:00
Milan Broz
8dc35a7906 Enable to use system libargon2. 
Rename --disable-argon2 to --disable-internal-argon2 option
and add --enable-libargon2 flag to allow system libarhgon2.
 2017-10-04 15:24:26 +02:00
Milan Broz
677adc7adc Add crypt_backend_destroy() function and cll it as library destructor. 2017-08-22 15:48:24 +02:00
Milan Broz
09d14a0b6c Add Argon2 bundled library to crypto backend. 
The Argon2i/id is a password hashing function that
won Password Hashing Competiton.

It will be (optionally) used in LUKS2 for passworrd-based
key derivation.

We have to bundle code for now (similar PBKDF2 years ago)
because there is yet no usable implementation in common
crypto libraries.
(Once there is native implementation, cryptsetup
will switch to the crypto library version.)

For now, we use reference (not optimized but portable) implementation.

This patch contains bundled Argon2 algorithm library copied from
  https://github.com/P-H-C/phc-winner-argon2

For more info see Password Hashing Competition site:
  https://password-hashing.net/
and draft of RFC document
  https://datatracker.ietf.org/doc/draft-irtf-cfrg-argon2/

Signed-off-by: Milan Broz <gmazyland@gmail.com>
 2017-08-06 21:13:12 +02:00
Milan Broz
98368c4770 Update copyright years. 2017-03-12 13:17:15 +01:00
Milan Broz
9563aa33c8 Fix PBKDF2 for crypto backens which does not support long HMAC keys. 
(Or it rehases key in every iteration.)

- Kernel backens seems not to support >20480 HMAC key
- NSS is slow (without proper key reset)

Add some test vectors (commented out by default).
 2014-04-13 19:34:50 +02:00
Milan Broz
75c105f853 Do not retry to test gcrypt whirlpool bug. 2014-01-21 20:55:21 +01:00
Milan Broz
680eb76e45 Add internal shortcut for flawed whirlpool hash in gcrypt. 2014-01-19 20:31:48 +01:00
Milan Broz
461011ad2a Add test for flawed Whirlpool hash to gcrypt backend. 
Will be used later, for now add info to debug.
Ref: http://lists.gnupg.org/pipermail/gcrypt-devel/2014-January/002889.html
 2014-01-18 13:05:56 +01:00
Milan Broz
ca75cd940f Prepare supported PBKDF2 implementation autodetection for gcrypt. 2013-01-03 14:11:52 +01:00
Milan Broz
7eccb7ff50 Change License for sub-libraries from GPLv2 only to LGPLv2.1+ ("or any later") 
This includes crypto, loopaes, tcrypt handling code I have written myself
and verity code written originally by Mikulas Patocka and modified by me,
copyright by Red Hat.

Other part of library have to stay GPLv2+ only for now
(no agreement from all authors).
 2012-12-29 11:47:28 +01:00
Milan Broz
83f02e6682 Add copyright line for files I have written or modified. 2012-12-21 16:40:33 +01:00
Milan Broz
16ac703008 Move PBKDF2 into crypto backend wrapper. 
Implement new KDF bechmark check.
Use internal openssl kdf (and prepare gcrypt one).
 2012-11-19 21:17:55 +01:00
Milan Broz
11ee2876a6 Implement more RNG backend wrappers. 2012-05-27 01:09:40 +02:00
Milan Broz
20eea64334 Add version string to crypto backend. 
Move fips check to libcryptsetup.
Clean up internal.h use.
 2012-05-27 00:48:10 +02:00
Milan Broz
cf1e6fb847 Implement crypt RNG wrapper (for FIPS mode), use it for SALT and KEY RNG levels. 2012-05-21 14:32:39 +02:00
Milan Broz
45e0942755 Add --enable-fips for linking with fipscheck library. 
Initialize binary and library selfcheck if running in FIPS mode.

(Actually available only on Fedora/Red Hat distros.)
 2012-05-21 14:09:57 +02:00
Milan Broz
54b21c6e46 Add --enable-fips option. Request new gcrypt if set. 2012-05-20 22:24:24 +02:00
Milan Broz
ee8425b836 Version 1.4.2. 
Add header and copyright for header files.
 2012-04-02 22:03:05 +02:00
Milan Broz
7835b365a7 Fix FSF address in license text according to 
http://www.gnu.org/licenses/old-licenses/gpl-2.0.html

git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@671 36d66b0a-2a48-0410-832c-cd162a569da5
 2011-11-02 22:35:21 +00:00
Milan Broz
a9ce2210bc Fix gcrypt final() function backend call. 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@580 36d66b0a-2a48-0410-832c-cd162a569da5
 2011-07-25 21:15:41 +00:00
Milan Broz
23e144daf4 * Remove hash/hmac restart from crypto backend and make it part of hash/hmac final. 
Some backend implementation did reset context by default, so this
should create backend api consistent.

git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@578 36d66b0a-2a48-0410-832c-cd162a569da5
 2011-07-25 15:24:04 +00:00
Milan Broz
5d2205a2f8 Fix verbose mode compiler warnings. 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@510 36d66b0a-2a48-0410-832c-cd162a569da5
 2011-04-18 10:52:02 +00:00
Milan Broz
ddcdd76cc2 Specify copyright holders in source files. 
Add README notes.

git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@461 36d66b0a-2a48-0410-832c-cd162a569da5
 2011-03-14 14:17:38 +00:00
Milan Broz
af87ffbd37 Add context to crypto backend init (so it can print errors to callback). 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@415 36d66b0a-2a48-0410-832c-cd162a569da5
 2011-01-16 10:40:57 +00:00
Milan Broz
f48c312fc7 Prevent to initialise backends twice. 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@414 36d66b0a-2a48-0410-832c-cd162a569da5
 2011-01-16 10:38:55 +00:00
Milan Broz
7b6eda0d27 Add skeleton and implementation of various crypto backends 
(gcrypt, OpenSSL, NSS and kernel crypto API supported for now).

There backends will be used for LUKS and plain passphrase hashing.

(Not yet used without following patches).

git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@407 36d66b0a-2a48-0410-832c-cd162a569da5
 2010-12-31 14:33:33 +00:00