eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-14 04:10:06 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,393 Commits 15 Branches 79 Tags
b4782809d48917ea1a9a48e93c02b2792c43a9b4
Commit Graph

1393 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ondrej Kozina
b4782809d4 luks2: allow masking of requirements internaly 
before this patch any LUKS2 requirement defined in header
would stop a restricted operation from proceeding further.
This patch adds ability to mask requirements (internal only).
 2017-09-27 07:48:53 +02:00
Ondrej Kozina
b3feae5474 luks2: unify naming for requirements flags 2017-09-27 07:47:41 +02:00
Ondrej Kozina
c015aeca4e luks2: move pre-activation requirements check lower 2017-09-27 07:47:13 +02:00
Milan Broz
9bbc13f256 Add LUKS2 examples. 
Signed-off-by: Milan Broz <gmazyland@gmail.com>
 2017-09-27 07:46:41 +02:00
Milan Broz
38d53db6e9 Reformat and fix libcryptsetup.h / Doxygen doc. 
No functional change in this patch.
 2017-09-26 16:35:20 +02:00
Ondrej Kozina
0f4d83960f add remainders to fix some longstanding issues 2017-09-24 19:50:34 +02:00
Milan Broz
19a1852e4b Support sector size option even for plain devices. 2017-09-24 19:50:28 +02:00
Milan Broz
c6d4ebd80c Add libLUKS2 tests. 2017-09-24 19:50:17 +02:00
Milan Broz
9f2727bb77 Add libLUKS2. 2017-09-24 19:50:12 +02:00
Milan Broz
00b103c85c Allow wip-luks2 build in Travis. 2017-09-24 19:50:05 +02:00
Milan Broz
a0d2d4c0b1 Add uint64_to_str helper. 2017-09-24 19:50:01 +02:00
Milan Broz
64e91951b2 Add generic LUKS format define. 
It means "load any LUKS version".
 2017-09-24 19:49:56 +02:00
Milan Broz
e7de19fe1d Split utils from API test. 2017-09-24 19:49:51 +02:00
Milan Broz
5536b3a58d Add implementation of device/file locking for metadata. 
To be used later.
 2017-09-24 19:49:46 +02:00
Milan Broz
a8347d2820 Add integrity intefrace test stub. 2017-09-24 19:49:40 +02:00
Milan Broz
c56bdee177 Add backend support for new device-mapper kernel options. 
This patch adds support for using keyring for volume key
and support for new integrity fields for dm-crypt.

Also helpers for searching disk by id.

To be used later.
 2017-09-24 19:49:35 +02:00
Milan Broz
894e7b9357 Add base64 implementation. 
To be used later. Copy from gnulib.
 2017-09-24 19:49:30 +02:00
Milan Broz
2aee1426de Speed up tests by avoiding PBKDF benchmarks in many cases. 2017-09-24 19:49:25 +02:00
Milan Broz
66db5b39bb Change PBKDF insterface to allow forced iterations (time cost) count. 
Also move functions to separate utils_pbkdf.c file.

PBKDF can be now set for any context.

TODO: new setting is not covered by tests.
 2017-09-24 19:49:21 +02:00
Milan Broz
a73bb733ff Fix list of files for translation. 2017-09-24 10:09:48 +02:00
Michal Virgovic
3d57f5fcbb Add tests for integritysetup error detection. 2017-09-23 23:49:25 +02:00
Ondrej Kozina
c34bee2009 return correct key description format in dm_query_device 
dm_query_device is expected to return kernel key description
string only. By mistake the code returned also type in head
of key description.
 2017-09-23 23:45:32 +02:00
Milan Broz
c3a0cbfc85 Update documentation. 2017-09-23 23:34:18 +02:00
Milan Broz
57825365fe Fix another signed/unsigned compilation warnings. 2017-09-23 23:30:28 +02:00
Milan Broz
b35785bb1b Fix some signed/unsigned and other compiler warnings. 2017-09-23 23:29:11 +02:00
Milan Broz
0d2f888413 Fix some tests to run under make distcheck and separately. 2017-09-23 23:24:24 +02:00
Milan Broz
a85fee7a0d Silence compiler warning (dmt_flags is always initialized). 2017-09-11 12:36:43 +02:00
Milan Broz
f66dedc759 Add plain64be IV to storage backend. 2017-09-11 12:33:10 +02:00
Ondrej Kozina
a62da3d530 extend stackframe in valgrind tests 2017-08-26 11:46:26 +02:00
Ondrej Kozina
1cc972c723 improve kernel keyring usability detection for tests 2017-08-26 11:46:16 +02:00
Milan Broz
6b7a2f6641 Fix memory leaks in dm_query_integrity and dm_query_verity. 2017-08-26 11:44:21 +02:00
Milan Broz
34b79794ea Mark python test as skipped with exit code 77. 2017-08-26 11:44:03 +02:00
Ondrej Kozina
fb114d8d20 fix memleaks in lower level dm_query_device on error path 2017-08-26 11:43:31 +02:00
Ondrej Kozina
a6106117a9 Fail gracefully if name is NULL in crypt_init_by_name() & co 2017-08-25 21:36:50 +02:00
Ondrej Kozina
b27507790f fix memleak in crypt_resize() 2017-08-25 21:32:57 +02:00
Milan Broz
a0880b64f2 Add magic exit code for automake to count skipped tests. 2017-08-23 16:54:04 +02:00
Milan Broz
6e057c010f Revert "Set block size for loop device if supported by kernel (4.13+)." 
This reverts commit 4e2deadba7.

There is too many cases with 4k unaligned images that this optimization
adds more problems than it solves. Revert it for now.
 2017-08-23 08:07:27 +02:00
Milan Broz
540972ff59 Move progress function to utils. 2017-08-22 16:13:40 +02:00
Milan Broz
677adc7adc Add crypt_backend_destroy() function and cll it as library destructor. 2017-08-22 15:48:24 +02:00
Milan Broz
096c50cafc Fix memory leak during repeated password entry. 2017-08-22 15:38:29 +02:00
Ondrej Kozina
8c57e3ffca Hint kernel keyring disabled in debug message 2017-08-22 13:47:20 +02:00
Milan Broz
4e2deadba7 Set block size for loop device if supported by kernel (4.13+). 2017-08-22 13:45:59 +02:00
Milan Broz
497fb0b3c3 Fix Argon2 benchmark. 
1) If the calculated costs were the same, it run forever.

2) If the calculation returned final values in the first step,
out costs were not updated and benchmark returned too low values.
 2017-08-16 15:43:11 +02:00
Milan Broz
8debcf9f92 Do not use too complicated regular expression in test. 2017-08-15 12:01:59 +02:00
Milan Broz
db0a21b93f Fix PBKDF benchmark for old PBKDF2 tests (hash specified only). 2017-08-15 09:20:30 +02:00
angelomariafederichini191269@protonmail.com
e2fee206c2 Allocate suitable sized buffer when reading a keyfile 
If the keyfile size is explicitly given, then allocate a suitable sized
buffer right from the start instead of increasing it in 4k steps. This
speeds up reading larger keyfiles.
 2017-08-15 08:49:44 +02:00
angelomariafederichini191269@protonmail.com
596e374313 Use bulk read when reading keyfile 
If reading a keyfile use bulk read operations instead of reading one
character at the time. This speeds up reading larger keyfiles.

If read should stop at a EOL, then fallback to reading one character at
the time to not read anything beyond the EOL character.
 2017-08-15 08:39:53 +02:00
Milan Broz
503956707c Move crypt_keyfile_read() to libcryptsetup internal file. 
The utils_crypt.c file is directly linked to userpsace tools,
we should use library call and not local implementation.
 2017-08-15 08:35:10 +02:00
Milan Broz
87dd427d79 Make benchmark progress parameter the same as the internal unsigned type. 2017-08-12 17:55:01 +02:00
Milan Broz
5fc79f5627 Move PBKDF internal benchmark to one place. 
Also cache its value in active context, so we run benchmark
only once.

The patch also changes calculated value for LUKS1 key digest
to 125 miliseconds (it means that for full 8 used slots
the additional slow-down is circa 1 second).

Note that there is no need to have too high iteration count
for key digest; if it is too computationally expensive, attacker
will better decrypt of one sector with candidate key anyway.
(Check for a known signature.)

The reason to have some delay for key digest check was
to complicate brute-force search for volume key with LUKS header
only (and if RNG used to generate volumekey was flawed
allowing such a search i reasonable time).
 2017-08-12 17:50:02 +02:00