eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-11 19:00:02 +01:00
Code Issues Packages Projects Releases Wiki Activity
203 Commits 15 Branches 78 Tags
b117dcc209aca92bbbb5adbe6c4a113c53829838
Commit Graph

67 Commits

Author SHA1 Message Date
Milan Broz
b117dcc209 Do not query non-existent device twice: 
# cryptsetup status /dev/nonexistent
  Device /dev/nonexistent not found
  Device /dev/nonexistent not found

git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@330 36d66b0a-2a48-0410-832c-cd162a569da5
 2010-08-13 14:05:34 +00:00
Milan Broz
ef44e6e3d3 Use default data alignment to 1MiB. 
If there is topology info, use default if topology is multiple of default,
otherwise use topology values.

See https://bugzilla.redhat.com/show_bug.cgi?id=621684 and issue 55.

git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@325 36d66b0a-2a48-0410-832c-cd162a569da5
 2010-08-09 16:34:42 +00:00
Milan Broz
1e03a34ccb Fix activate_by_* API calls to handle NULL device name as documented. 
And add some tests for this.

git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@262 36d66b0a-2a48-0410-832c-cd162a569da5
 2010-06-03 15:18:14 +00:00
Milan Broz
6ec29d935f Fix (deprecated) reload device command to accept new device argument. 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@241 36d66b0a-2a48-0410-832c-cd162a569da5
 2010-05-30 12:23:38 +00:00
Milan Broz
49463051bc Remove device even if underlying device disappeared. 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@240 36d66b0a-2a48-0410-832c-cd162a569da5
 2010-05-30 12:20:56 +00:00
Milan Broz
b4ebe0be18 Add verbose log level and move unlocking keyslot messages there. 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@238 36d66b0a-2a48-0410-832c-cd162a569da5
 2010-05-27 18:44:14 +00:00
Milan Broz
231ab0167b Fix luksFormat/luksOpen reading passphrase from stdin and "-" keyfile. 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@237 36d66b0a-2a48-0410-832c-cd162a569da5
 2010-05-27 18:44:00 +00:00
Milan Broz
e38a19f5e9 Fix isLuks to initialise crypto backend (blkid instead is suggested anyway). 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@213 36d66b0a-2a48-0410-832c-cd162a569da5
 2010-05-01 14:01:43 +00:00
Milan Broz
c10aff8a9d Fix luksOpen reading of passphrase on stdin (if "-" keyfile specified) (Issue 52) 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@208 36d66b0a-2a48-0410-832c-cd162a569da5
 2010-04-30 16:21:24 +00:00
Milan Broz
611278ca39 Allow no hash specification in plain device constructor (issue 63). 
Fix some warnings in apitest.

git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@207 36d66b0a-2a48-0410-832c-cd162a569da5
 2010-04-30 14:05:25 +00:00
Milan Broz
1dcd5a3de5 Detect old dm-crypt module and disable LUKS suspend/resume. 
Fix apitest to work on older systems.

git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@205 36d66b0a-2a48-0410-832c-cd162a569da5
 2010-04-30 12:03:41 +00:00
Milan Broz
d39b33a371 Avoid class C++ keyword in library header. 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@197 36d66b0a-2a48-0410-832c-cd162a569da5
 2010-04-12 11:53:47 +00:00
Milan Broz
743fbbc451 Support topology information for data alignment (LUKS). 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@195 36d66b0a-2a48-0410-832c-cd162a569da5
 2010-04-09 15:35:19 +00:00
Milan Broz
37708b7cad Properly initialise crypto backend in header backup/restore commands. (fixes issue #49) 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@190 36d66b0a-2a48-0410-832c-cd162a569da5
 2010-02-25 16:00:12 +00:00
Milan Broz
ba7e7f94bf Do not verify unlocking passphrase in luksAddKey command. (fixes issue #50) 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@189 36d66b0a-2a48-0410-832c-cd162a569da5
 2010-02-25 15:41:22 +00:00
Milan Broz
a97b56cc32 Properly initialise gcrypt in format call. 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@171 36d66b0a-2a48-0410-832c-cd162a569da5
 2010-01-10 20:40:41 +00:00
Milan Broz
ad224b479a Change in iterations counts: 
* Fix key slot iteration count calculation (small -i value was the same as default).
  * The slot and key digest iteration minimun is now 1000.
  * The key digest iteration # is calculated from iteration time (approx 1/8 of that).

If something very strange happens, and the generated key is not completely random
(wrong RNG), attacker can skip the whole kesylot area processing and try to
brute force key according to limited set of keys.

The iteration time (default, inherited from slot iteration time, is cca 120ms)
can make this attack slower, if not impossible.

Note, that this is just theorethic problem, anyway it is better to be prepared
if possible:-)

git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@159 36d66b0a-2a48-0410-832c-cd162a569da5
 2009-12-30 19:02:44 +00:00
Milan Broz
1c58538b6d Fix typos (Thanks to Solveig). 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@148 36d66b0a-2a48-0410-832c-cd162a569da5
 2009-11-28 14:43:07 +00:00
Milan Broz
c3064c9442 Add temporary debug code to allow better debugging of races 
with various udev-event tools which wrongly scan and open
internal temporary cryptsetup devices.

If cryptsetup run in debug mode (--debug) and remove of device
fails, code scan /proc directory and tries to find process name
which locked that device.

git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@141 36d66b0a-2a48-0410-832c-cd162a569da5
 2009-11-15 19:26:36 +00:00
Milan Broz
4a5bfd7509 Always print warning when device is not LUKS in crypt_load(). 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@137 36d66b0a-2a48-0410-832c-cd162a569da5
 2009-11-14 21:33:30 +00:00
Milan Broz
e698843420 Add CRYPT_ prefix to enum defined in libcryptsetup.h. 
(Avoid collision with other defines.)

git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@136 36d66b0a-2a48-0410-832c-cd162a569da5
 2009-11-14 21:33:16 +00:00
Milan Broz
70606301ef Fix uninteded change in keysize. 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@135 36d66b0a-2a48-0410-832c-cd162a569da5
 2009-10-23 16:24:50 +00:00
Milan Broz
873017d0fa Allow initialisation without specifying device. 
This is used e.g. when caller need only generate volume key in plain mode.

git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@134 36d66b0a-2a48-0410-832c-cd162a569da5
 2009-10-23 10:43:11 +00:00
Milan Broz
6a14ba8eb5 Allow manipulate with device with only header on it (no data). 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@133 36d66b0a-2a48-0410-832c-cd162a569da5
 2009-10-23 10:43:03 +00:00
Milan Broz
2bda053677 Rename internal locking helpers (avoids conflict when statically linking.) 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@132 36d66b0a-2a48-0410-832c-cd162a569da5
 2009-10-23 10:42:56 +00:00
Milan Broz
3e037b7422 Move duplicated failed message to verbose level, add some debug messages, fix resize call. 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@126 36d66b0a-2a48-0410-832c-cd162a569da5
 2009-10-01 14:11:55 +00:00
Milan Broz
de95a38381 Move dm backend initialisation to library calls. 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@125 36d66b0a-2a48-0410-832c-cd162a569da5
 2009-10-01 10:14:32 +00:00
Milan Broz
8bec41ab34 Properly apply versioned symbols in library and fix problems uncovered 
by doing that:-)

git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@124 36d66b0a-2a48-0410-832c-cd162a569da5
 2009-09-30 15:07:41 +00:00
Milan Broz
e026f089be Add luksHeaderBackup and luksHeaderRestore commands and API cals. 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@114 36d66b0a-2a48-0410-832c-cd162a569da5
 2009-09-28 17:45:38 +00:00
Milan Broz
935e83ebfa Initialize crypto library before LUKS header load. 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@111 36d66b0a-2a48-0410-832c-cd162a569da5
 2009-09-15 15:10:23 +00:00
Milan Broz
1cc33f943e patch 1.patch 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@109 36d66b0a-2a48-0410-832c-cd162a569da5
 2009-09-10 12:41:18 +00:00
Milan Broz
dfadce6d80 Try to read first sector from device to properly check that device is ready. 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@106 36d66b0a-2a48-0410-832c-cd162a569da5
 2009-09-08 10:29:50 +00:00
Milan Broz
a47856ac49 Use dm-uuid for all crypt devices, contains device type and name now. 
DM_UUID now contains prefix (CRYPT-), device type (LUKS1, PLAIN, TEMP),
UUID (if provided - LUKS) and device name.

Because e.g. snapshot of full LUKS device during activation must have different
name, DM-UUID is different too and we do not need --disable-uuid option.

DM-UUID is persistent during activation time.

* Revert (and solve different way): Replace not safe option --non-exclusive with --disable-uuid.

Signed-off-by: Milan Broz <mbroz@redhat.com>

git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@105 36d66b0a-2a48-0410-832c-cd162a569da5
 2009-09-08 06:41:44 +00:00
Milan Broz
3cea5dcc7b * Add luksSuspend (freeze device and wipe key) and luksResume (with provided passphrase). 
Signed-off-by: Milan Broz <mbroz@redhat.com>

git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@104 36d66b0a-2a48-0410-832c-cd162a569da5
 2009-09-02 12:47:21 +00:00
Milan Broz
bcd94f6ad4 Add LUKS open and format test using new api. 
Fix some error messages.

git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@102 36d66b0a-2a48-0410-832c-cd162a569da5
 2009-08-31 17:03:22 +00:00
Milan Broz
3deabc8e56 * Remove old API code helper functions. 
Signed-off-by: Milan Broz <mbroz@redhat.com>

git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@98 36d66b0a-2a48-0410-832c-cd162a569da5
 2009-08-30 18:10:11 +00:00
Milan Broz
7bc5829c43 * Implement old API calls using new functions. 
Signed-off-by: Milan Broz <mbroz@redhat.com>

git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@97 36d66b0a-2a48-0410-832c-cd162a569da5
 2009-08-30 18:10:02 +00:00
Milan Broz
d70782478e * Add new libcryptsetup API (documented in libcryptsetup.h). 
Signed-off-by: Milan Broz <mbroz@redhat.com>

git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@96 36d66b0a-2a48-0410-832c-cd162a569da5
 2009-08-30 18:09:53 +00:00
Milan Broz
344a162a29 * Replace global options struct with separate parameters in helper functions. 
Signed-off-by: Milan Broz <mbroz@redhat.com>

git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@95 36d66b0a-2a48-0410-832c-cd162a569da5
 2009-08-30 18:09:43 +00:00
Milan Broz
74b26c7b8a * Run performance check for PBKDF2 from LUKS code, do not mix hash algoritms results. 
* Add ability to provide pre-generated master key and UUID in LUKS header format.
* Add LUKS function to verify master key digest.
* Move key slot manuipulation function into LUKS specific code.

Signed-off-by: Milan Broz <mbroz@redhat.com>

git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@94 36d66b0a-2a48-0410-832c-cd162a569da5
 2009-08-30 18:09:34 +00:00
Milan Broz
cee0f0b49f * Move device utils code and provide context parameter (for log). 
* Keyfile now must be provided by path, only stdin file descriptor is used (api only).
* Do not call isatty() on closed keyfile descriptor.

Signed-off-by: Milan Broz <mbroz@redhat.com>

git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@93 36d66b0a-2a48-0410-832c-cd162a569da5
 2009-08-30 18:09:21 +00:00
Milan Broz
bf7819ccef * Add log macros and make logging modre consitent. 
* Move command successful messages to verbose level.
* Introduce --debug parameter.

Signed-off-by: Milan Broz <mbroz@redhat.com>

git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@92 36d66b0a-2a48-0410-832c-cd162a569da5
 2009-08-30 18:07:17 +00:00
Milan Broz
4e471a9b03 * Move memory locking and dm initialization to command layer. 
* Increase priority of process if memory is locked.

Signed-off-by: Milan Broz <mbroz@redhat.com>

git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@91 36d66b0a-2a48-0410-832c-cd162a569da5
 2009-08-30 18:07:00 +00:00
Milan Broz
ab953b3ff6 Require device device-mapper to build and do not use backend wrapper for dm calls. 
Signed-off-by: Milan Broz <mbroz@redhat.com>

git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@90 36d66b0a-2a48-0410-832c-cd162a569da5
 2009-08-30 17:56:33 +00:00
Milan Broz
d980dbb300 Allow restrict keys size in LuksOpen (thanks to Stefan Assmann) 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@86 36d66b0a-2a48-0410-832c-cd162a569da5
 2009-08-17 11:04:36 +00:00
Milan Broz
02707608db Allow using passphrase provided in options struct for LuksOpen (thanks to Waldemar Brodkorb). 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@85 36d66b0a-2a48-0410-832c-cd162a569da5
 2009-08-17 11:03:29 +00:00
Milan Broz
ed9e146cb6 Add required parameters for changing hash used in LUKS key setup scheme. 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@80 36d66b0a-2a48-0410-832c-cd162a569da5
 2009-07-30 14:57:52 +00:00
Milan Broz
f60475e293 Fix DEBUG output (thanks to Ivan Stankovic) 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@75 36d66b0a-2a48-0410-832c-cd162a569da5
 2009-07-30 14:46:20 +00:00
Milan Broz
a3c8571df0 Fix segfault if provided slot in luksKillslot is invalid. 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@73 36d66b0a-2a48-0410-832c-cd162a569da5
 2009-07-23 11:04:46 +00:00
Milan Broz
fc2cfe7a32 Allow removal of last slot in luksRemoveKey and luksKillSlot. 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@65 36d66b0a-2a48-0410-832c-cd162a569da5
 2009-07-16 12:59:00 +00:00