cryptsetup

mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-11 19:00:02 +01:00

Author	SHA1	Message	Date
Ondrej Kozina	b047b8ae20	Improvements to error code handling during token based activation.	2021-04-15 21:43:31 +02:00
Ondrej Kozina	e9434dc9e3	Check tokens are eligible for unlocking segment keyslots. Defer token handler load and token unlock after check token is assigned to keyslot containing proper data segment volume key.	2021-04-15 21:43:30 +02:00
Ondrej Kozina	c6149c9cd8	Do not search/load token handler when not needed.	2021-04-15 21:41:09 +02:00
Ondrej Kozina	8f2b23cd94	Refactor LUKS2 token activation. Replace LUKS2_token_open_and_activate and LUKS2_token_open_and_activavate_any with single function instead.	2021-04-15 21:41:06 +02:00
Ondrej Kozina	96d83455ca	Add API for activating device by specific token type.	2021-03-19 15:26:35 +01:00
Ondrej Kozina	36805b3cfe	Allow dash and underscore chars in external token names. Current alphabet for external token types is alphanumeric characters including '-' and '_'. Empty strings are also forbiden.	2021-03-19 15:26:35 +01:00
Ondrej Kozina	5d0a11a21b	Add pin size parameter in crypt_active_by_pin_token. Well, after all it really should have supported binary data of arbitrary length.	2021-03-18 18:06:13 +01:00
Milan Broz	2e4a3a9888	Remove unnecessary goto from token load.	2021-02-17 10:03:18 +01:00
Ondrej Kozina	bc7511762f	Do not upload vk in keyring for cipher_null segment. It does not make sense to upload volume keys in kernel keyring if segment cipher is cipher_null. The real volume_key is thrown away and replaced with empty key anyway.	2021-02-16 18:08:35 +01:00
Milan Broz	4471452105	Remove some stale FIXME markings.	2021-02-11 11:12:11 +00:00
Milan Broz	d703301fe8	Mark or remove unused parameters. Mark unused parameters with proper attribute where it is a part of API or some internal logic. And remove other unused parameters completely.	2021-02-11 11:12:11 +00:00
Ondrej Kozina	fa84d60586	Fix crypt_keyslot_change_by_passphrase tokens bug. crypt_keyslot_change_by_passphrase broke token references to keyslots while existing keyslot id was different from new keyslot id.	2021-01-29 18:17:53 +01:00
Ondrej Kozina	6df3488654	Add token handler version function prototype. Dynamicaly loaded token handlers should provide version string for debug purposes.	2021-01-26 12:41:37 +01:00
Ondrej Kozina	10e4d8fbac	Make crypt_activate_by_pin_token addition backward compatible. The crypt_activate_by_pin_token may be used only from new dynamicly loadable token plugins. Also refactors code for dynamically loadable plugins so that it does not use crypt_token_handler structure anymore. Old structure remains used only in crypt_token_register call.	2021-01-26 12:41:37 +01:00
Ondrej Kozina	81c44b5eee	Remove crypt_token_load from API.	2021-01-26 12:41:37 +01:00
Milan Broz	d1d9dd8e20	Update Copyright year.	2021-01-25 22:00:25 +01:00
lixiaokeng	ad7d16a1b4	lib: fix potential segfault in LUKS2_token_buffer_free The value of h may be NULL. Check it vefore visiting its memeber to avoid segfault. Signed-off-by: Lixiaokeng <lixiaokeng@huawei.com> Signed-off-by: Linfeilong <linfeilong@huawei.com>	2020-11-09 09:57:21 +08:00
Ondrej Kozina	c4b7bf8635	Add optional context parameter in crypt_token_load.	2020-08-15 10:15:17 +02:00
Milan Broz	2ce8573f04	Add PIN processing to tokens.	2020-08-15 10:10:40 +02:00
Milan Broz	cb183de1da	Add configure option for LUKS2 external tokens lib. This is an experimental extension that is disabled for now.	2020-08-11 17:59:51 +02:00
Ondrej Kozina	c9ff83bfa3	Implement external tokens unload.	2020-08-11 17:36:26 +02:00
Ondrej Kozina	05c997da1f	Store dynamic plugin handle. For use later when unloading cryptsetup library.	2020-08-11 17:36:22 +02:00
Ondrej Kozina	f677bdc12f	Fix few bugs in previous commit. - crypt_token_register must not be called from withing crypt_token_load (see later commits) - minor bug in dlvsym/dlerror handling - check for overflow in LUKS2_token_handler_type	2020-08-11 17:36:15 +02:00
Milan Broz	2178461c89	Add external token load. (just very minor fixes by okozina to compile w/ previous commit)	2020-08-11 17:36:11 +02:00
Ondrej Kozina	d438151f25	Partially revert few changes.	2020-08-09 13:17:54 +02:00
Milan Broz	7d475266b6	Simplify internal tokens handling.	2020-08-09 13:17:40 +02:00
Milan Broz	080566a1fd	Update copyright year.	2020-01-03 13:04:55 +01:00
Milan Broz	b03cb3f3d8	Export memory safe functions. Make crypt_safe_alloc/realloc/free and memzero part of API.	2019-11-16 21:28:54 +01:00
Ondrej Kozina	60d26be325	Load volume key in keyring when activated by token. LUKS2 should use keyring for dm-crypt volume keys by default when possible. crypt_activate_by_token didn't load keys in keyring by default. It was a bug.	2019-05-21 18:08:00 +02:00
Milan Broz	237021ec15	Fix some warnings in static analysis.	2019-05-07 13:44:43 +02:00
Ondrej Kozina	03e810ec72	Split crypt_drop_keyring_key in two different routines. crypt_drop_keyring_key function allow to drop all keys in keyring assocatiated with passed volume key list. crypt_drop_keyring_key_by_description is used to drop independent key.	2019-03-13 14:56:31 +01:00
Milan Broz	a6f5ce8c7b	Update copyright year. And unify name copyright format.	2019-01-25 09:45:57 +01:00
Ondrej Kozina	de0b69691d	Add json_object_object_del_by_uint helper routine.	2019-01-01 21:42:46 +01:00
Milan Broz	7812214db6	Add context to device handling functions.	2018-11-27 14:19:57 +01:00
Milan Broz	a5a8467993	Use context in debug log messages. To use per-context logging even for debug messages we need to use the same macro as for error logging.	2018-11-27 13:37:20 +01:00
Milan Broz	b00a87d8fa	Remove trailing EOL for verbose and error messages.	2018-04-26 10:38:17 +02:00
Milan Broz	6997506bb9	Fix error messages and include benchmark string for translators.	2018-04-25 09:35:11 +02:00
Ondrej Kozina	a054206d25	Suppress useless slash escaping in json lib	2018-04-21 20:14:28 +02:00
Milan Broz	aa1551c6e8	Introduce CRYPT_SLOT_UNBOUND keyslot status for LUKS2. A keyslot not bound to any segment can store any key for any purpose. To easily check slot status, new enum value is introduced. This status is valid only for LUKS2, so the functions are backward compatible with LUKS1.	2018-04-19 22:28:13 +02:00
Ondrej Kozina	4eb75f3c80	Add debug message for failed external token validation.	2018-04-15 13:10:32 +02:00
Ondrej Kozina	70077db07d	Abort conversion when LUKS2 header contains tokens. Tokens may contain import 3rd party data. Prompt users to remove such tokens explicitly.	2018-04-15 13:08:44 +02:00
Milan Broz	44fa0bfbc6	Ensure that we do not process null in atoi call.	2018-02-28 08:57:10 +01:00
Milan Broz	fb6b4739e4	Clean up keyring handling. Move all keyring functions to one place and separate LUKS2 specific code to generic handling. Also fix possible mismatch if volume key is in keyring but it is not native LUKS2 device (libarary cannot process such a device properly).	2018-02-22 15:26:07 +01:00
Milan Broz	1ac353d24e	Allocate key description in volume key. The key description is now allocated by volume key wrappers.	2018-02-22 15:23:11 +01:00
Ondrej Kozina	f3a9e95dd8	Add simple API for token assignment reporting.	2018-02-22 15:21:37 +01:00
Ondrej Kozina	7378e3be01	Allow crypt_token_json_set to create internal types.	2018-02-22 15:21:31 +01:00
Milan Broz	1fe014dbae	Update copyright year.	2018-01-20 17:55:21 +01:00
Ondrej Kozina	286c2960c8	silence signed/unsigned compiler warnings any array with item count close to INT32_MAX would not fit LUKS2 header json area anyway	2017-12-13 12:06:58 +01:00
Ondrej Kozina	c740324636	Derive VK kernel key description from digest id Originally the key description for VK was derived from segment id. This could lead to ambiguity when keyslot key is verified and loaded in kernel keyring using activation functions with CRYPT_ACTIVATE_KEYRING_KEY flag raised.	2017-12-10 19:56:14 +01:00
Ondrej Kozina	c188654ebd	simplify kernel keyring key removal path simplify crypt_drop_keyring_key also do not search for keyring keys when we know we haven't loaded any	2017-12-09 14:55:23 +01:00

1 2

51 Commits