Jakub Bogusz
0ae5240f55
po: update pl.po (from translationproject.org)
2021-05-28 11:59:51 +02:00
Hiroshi Takekawa
51f5f71ee0
po: update ja.po (from translationproject.org)
2021-05-28 11:59:51 +02:00
Frédéric Marchal
5784692218
po: update fr.po (from translationproject.org)
2021-05-28 11:59:51 +02:00
Roland Illig
f82d3ee51a
po: update de.po (from translationproject.org)
2021-05-28 11:59:51 +02:00
Petr Pisar
d02c809bc7
po: update cs.po (from translationproject.org)
2021-05-28 11:59:51 +02:00
Klaus Zipfel
b7a07efdcf
Fixing incorrect offsets for data/IV with TCRYPT system-encryption with a detached header
...
Related: #587
2021-05-26 09:41:08 +02:00
Milan Broz
a8bb07ae9f
Fix typo in Makefile.
2021-05-24 14:52:45 +02:00
Milan Broz
897e798fc0
Add day do valglog (valgrind test output files).
2021-05-24 12:12:39 +02:00
Milan Broz
2d0b19b359
Allow tcrypt test to run under valgrind.
2021-05-24 12:09:54 +02:00
Milan Broz
702f9b1cf4
Add note about --header use in TCRYPT format to man page.
...
Related: #587
2021-05-24 10:43:51 +02:00
Milan Broz
1d20a60e4a
Do not use Whirlpool hash in tests (some crypto backends do not implement it).
2021-05-23 11:12:10 +02:00
Milan Broz
71422b411e
Increase interactive expect test timeout if runing under valgrind.
2021-05-22 09:47:14 +02:00
Мирослав Николић
f446dbb896
po: update sr.po (from translationproject.org)
2021-05-21 17:28:30 +02:00
Antonio Ceballos
975425d0eb
po: update es.po (from translationproject.org)
2021-05-21 17:28:30 +02:00
Ondrej Kozina
c020fafd66
Fix LUKS2 detached header reencryption test.
2021-05-21 14:32:40 +02:00
Ondrej Kozina
2954b46d43
Move LUKS2 detached header decryption test.
...
It should not be skipped if dm-delay target is missing
2021-05-21 14:09:55 +02:00
Milan Broz
4cdd826282
Check exit value for snprintf where it makes sense.
2021-05-18 22:07:47 +02:00
Milan Broz
413b484774
Add some fixes and workarounds for gcc-11 static analyzer.
...
Not everything is a real bug (false positive rate is very high here),
but the code is actually more readable.
2021-05-18 17:28:47 +02:00
Milan Broz
351d7fefca
integritysetup: mention maximal allowed key size
...
The error message and man page should contain this information.
2021-05-18 16:35:41 +02:00
Milan Broz
a7872ab856
Fix description of maximum passphrase size.
2021-05-18 16:35:36 +02:00
Milan Broz
c1613285e7
Add test for longer integritysetup keys.
2021-05-18 16:35:31 +02:00
Milan Broz
8805eb2b45
devmapper: avoid truncation of table features
...
This patch fixes several problems:
- some optional features for dm-verity can be larger than pre-allocated buffer
- device paths and other strings can be allocated dynamically
- featured options with keys in dm-integrity are not wiped on stack
- get rid of strncat()
- always check return code of snprintf
Related #648
2021-05-18 16:35:16 +02:00
Andrii Pravorskyi
a3f919bd25
Add a note about CRC32 and other non-cryptographic checksums
2021-05-17 17:54:47 +02:00
Milan Broz
4f6f7404df
Revert "Add a note about CRC32 and other non-cryptographic checksums"
...
This reverts commit 5776c52bcf
2021-05-17 17:43:20 +02:00
Your Name
5776c52bcf
Add a note about CRC32 and other non-cryptographic checksums
2021-05-12 13:43:49 +00:00
Ondrej Kozina
db44e9de22
Add api exposing external token handlers support.
2021-05-12 14:32:54 +02:00
Ondrej Kozina
c40be6cc7a
Replace condition with assert for obvious coding mistake.
2021-04-15 21:43:31 +02:00
Ondrej Kozina
b047b8ae20
Improvements to error code handling during token based activation.
2021-04-15 21:43:31 +02:00
Ondrej Kozina
e9434dc9e3
Check tokens are eligible for unlocking segment keyslots.
...
Defer token handler load and token unlock after check token
is assigned to keyslot containing proper data segment volume key.
2021-04-15 21:43:30 +02:00
Ondrej Kozina
c6149c9cd8
Do not search/load token handler when not needed.
2021-04-15 21:41:09 +02:00
Ondrej Kozina
8f2b23cd94
Refactor LUKS2 token activation.
...
Replace LUKS2_token_open_and_activate and
LUKS2_token_open_and_activavate_any with single function
instead.
2021-04-15 21:41:06 +02:00
Ondrej Kozina
8d449aa9a6
Add failsafe test for eventual broken symbol versioning.
...
Due to nature of recent change in GCC10 that silently
broken symbol versioning, let's be a bit pedantic
and test all symbols are available in all versions that
meant to be exported to users.
2021-04-13 16:42:14 +02:00
Ondrej Kozina
e6089dd9c9
Reflect on some incompatible changes in GCC 10.
...
Starting with GCC10 and LTO enabled, current symbols
versioning hack does not work anymore. This patch
reflects on that and should be compatible with older
compilers that does not support __attribute__((symver))
yet.
Inspired by following code:
https://github.com/linux-rdma/rdma-core/blob/master/util/symver.h
2021-04-12 20:38:19 +02:00
Ondrej Kozina
bc488fd4f1
Stick with general practice in symbol map file.
...
Including old versions section with every new one _should_
have no effect but since it's a convetion let's stick with
this format instead.
2021-04-09 16:56:08 +02:00
Milan Broz
ec3a9746a9
integritysetup: add recalculate-reset flag.
...
The new dm-integrity option in kernel 5.13 can restart
recalculation from the beginning of the device.
It can be used to change the integrity checksum function.
This patch adds support to libcryptsetup for this flag
and adds --integrity-recalculate-rest option to integritysetup.
Fixes : #631 .
2021-03-30 21:40:35 +02:00
Milan Broz
530bcfd4fa
Allow CRYPT_BUSY also a a valid check for active device.
...
In ideal system nothing should touch test devices, but to make tests
more robust, we should expect that something is still scanning devices
after activation. So replace all checks for CRYPT_ACTIVE to allow
also CRYPT_BUSY.
(Fixes some problems seen in #633 )
2021-03-25 11:11:06 +01:00
Ondrej Kozina
bd4f374b47
Fix supposed debug message.
2021-03-25 08:44:42 +01:00
Milan Broz
0a7c13207d
Fix broken loopaes test.
...
We actually try to write file in /dev because the device is deactivated.
Broken since 2018 in 8728ba08e2
2021-03-25 00:07:53 +01:00
Milan Broz
c5fc3fe84a
Fix libintl detection for compiled tests.
...
Commit 99c4e83994#633 .
2021-03-25 00:07:46 +01:00
Ondrej Kozina
8d0e90b90a
Autodetect optimal encryption sector size on LUKS2 format.
2021-03-24 16:14:35 +01:00
Ondrej Kozina
1aeb0a1f6e
Set data device loop block size to encryption sector size.
2021-03-23 16:40:57 +01:00
Ondrej Kozina
ce80f7c5b1
Add support for larger block size in loop.
2021-03-23 16:40:57 +01:00
Milan Broz
25cd2b2fb7
Add Blake2b and Blake2s hash support for crypto backend.
...
We support most recent crypto algorithms, so this
is only addition of the Blake hash family.
Kernel and gcrypt crypto backend supports all variants,
OpenSSL only Blake2b-512 and Blake2s-256.
There is no useable support for NSS and Nettle yet.
Crypto backend supports kernel notation e.g. "blake2b-512"
that is translated to the library backend names.
2021-03-22 11:16:53 +01:00
Ondrej Kozina
78797ae078
Rename PIN enable token activation API function.
2021-03-19 15:26:36 +01:00
Ondrej Kozina
96d83455ca
Add API for activating device by specific token type.
2021-03-19 15:26:35 +01:00
Ondrej Kozina
36805b3cfe
Allow dash and underscore chars in external token names.
...
Current alphabet for external token types is alphanumeric
characters including '-' and '_'. Empty strings are also
forbiden.
2021-03-19 15:26:35 +01:00
Ondrej Kozina
5d0a11a21b
Add pin size parameter in crypt_active_by_pin_token.
...
Well, after all it really should have supported binary data
of arbitrary length.
2021-03-18 18:06:13 +01:00
Milan Broz
d4cd675f33
Remove redundant plain-text README and other unused files.
...
Use README.md everywhere now.
2021-03-17 13:01:13 +01:00
Milan Broz
c3328a123c
Add list of required packages
...
Fixes : #621 .
2021-03-17 12:34:30 +01:00
Milan Broz
2cc320f180
Update Release notes version.
2021-03-11 12:58:05 +01:00
