eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2026-01-11 09:55:33 +01:00
Code Issues Packages Projects Releases Wiki Activity
144 Commits 13 Branches 81 Tags
ba7e7f94bf5f0cd5462cb9416ee2fcd9df633713
Commit Graph

77 Commits

Author SHA1 Message Date
Milan Broz
ba7e7f94bf Do not verify unlocking passphrase in luksAddKey command. (fixes issue #50) 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@189 36d66b0a-2a48-0410-832c-cd162a569da5
 2010-02-25 15:41:22 +00:00
Milan Broz
1a947a573b If gcrypt compiled with capabilities, document workaround for cryptsetup (see lib/gcrypt.c). 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@180 36d66b0a-2a48-0410-832c-cd162a569da5
 2010-01-17 10:20:15 +00:00
Milan Broz
37d693cfc2 Fix missing includes on recent systems. 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@178 36d66b0a-2a48-0410-832c-cd162a569da5
 2010-01-15 11:11:37 +00:00
Milan Broz
d93a925b5c Check for required minumum gcrypt version. 
(also ensure that gcrypt global init is called,
see http://lists.gnupg.org/pipermail/gcrypt-devel/2003-August/000458.html)

git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@176 36d66b0a-2a48-0410-832c-cd162a569da5
 2010-01-10 20:54:00 +00:00
Milan Broz
a97b56cc32 Properly initialise gcrypt in format call. 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@171 36d66b0a-2a48-0410-832c-cd162a569da5
 2010-01-10 20:40:41 +00:00
Milan Broz
ad224b479a Change in iterations counts: 
* Fix key slot iteration count calculation (small -i value was the same as default).
  * The slot and key digest iteration minimun is now 1000.
  * The key digest iteration # is calculated from iteration time (approx 1/8 of that).

If something very strange happens, and the generated key is not completely random
(wrong RNG), attacker can skip the whole kesylot area processing and try to
brute force key according to limited set of keys.

The iteration time (default, inherited from slot iteration time, is cca 120ms)
can make this attack slower, if not impossible.

Note, that this is just theorethic problem, anyway it is better to be prepared
if possible:-)

git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@159 36d66b0a-2a48-0410-832c-cd162a569da5
 2009-12-30 19:02:44 +00:00
Milan Broz
163abe3520 Fix build for non-standard gcrypt library location. 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@158 36d66b0a-2a48-0410-832c-cd162a569da5
 2009-12-30 16:39:13 +00:00
Milan Broz
1c91890aac Always close file dscriptor on error. 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@157 36d66b0a-2a48-0410-832c-cd162a569da5
 2009-12-30 16:39:03 +00:00
Milan Broz
42f8e5bdce Fix some strings to use gettext. 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@155 36d66b0a-2a48-0410-832c-cd162a569da5
 2009-12-11 11:56:32 +00:00
Milan Broz
dc4d945e88 Fix error handling during reading passhrase. 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@154 36d66b0a-2a48-0410-832c-cd162a569da5
 2009-12-11 11:56:25 +00:00
Milan Broz
1c58538b6d Fix typos (Thanks to Solveig). 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@148 36d66b0a-2a48-0410-832c-cd162a569da5
 2009-11-28 14:43:07 +00:00
Milan Broz
7dcd983360 Add nls.h to Makefile. 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@146 36d66b0a-2a48-0410-832c-cd162a569da5
 2009-11-16 20:15:44 +00:00
Milan Broz
df389199d0 Use proper NLS macros and detection (so the message translation works again). 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@145 36d66b0a-2a48-0410-832c-cd162a569da5
 2009-11-16 20:10:20 +00:00
Milan Broz
c3064c9442 Add temporary debug code to allow better debugging of races 
with various udev-event tools which wrongly scan and open
internal temporary cryptsetup devices.

If cryptsetup run in debug mode (--debug) and remove of device
fails, code scan /proc directory and tries to find process name
which locked that device.

git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@141 36d66b0a-2a48-0410-832c-cd162a569da5
 2009-11-15 19:26:36 +00:00
Milan Broz
e618f38929 Fix status device call to fail if running as non-root. 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@139 36d66b0a-2a48-0410-832c-cd162a569da5
 2009-11-14 21:33:57 +00:00
Milan Broz
4a5bfd7509 Always print warning when device is not LUKS in crypt_load(). 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@137 36d66b0a-2a48-0410-832c-cd162a569da5
 2009-11-14 21:33:30 +00:00
Milan Broz
e698843420 Add CRYPT_ prefix to enum defined in libcryptsetup.h. 
(Avoid collision with other defines.)

git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@136 36d66b0a-2a48-0410-832c-cd162a569da5
 2009-11-14 21:33:16 +00:00
Milan Broz
70606301ef Fix uninteded change in keysize. 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@135 36d66b0a-2a48-0410-832c-cd162a569da5
 2009-10-23 16:24:50 +00:00
Milan Broz
873017d0fa Allow initialisation without specifying device. 
This is used e.g. when caller need only generate volume key in plain mode.

git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@134 36d66b0a-2a48-0410-832c-cd162a569da5
 2009-10-23 10:43:11 +00:00
Milan Broz
6a14ba8eb5 Allow manipulate with device with only header on it (no data). 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@133 36d66b0a-2a48-0410-832c-cd162a569da5
 2009-10-23 10:43:03 +00:00
Milan Broz
2bda053677 Rename internal locking helpers (avoids conflict when statically linking.) 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@132 36d66b0a-2a48-0410-832c-cd162a569da5
 2009-10-23 10:42:56 +00:00
Milan Broz
047ed83303 Yet another libcryptsetup.sym fix (fix make distcheck). 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@130 36d66b0a-2a48-0410-832c-cd162a569da5
 2009-10-01 15:21:48 +00:00
Milan Broz
3e037b7422 Move duplicated failed message to verbose level, add some debug messages, fix resize call. 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@126 36d66b0a-2a48-0410-832c-cd162a569da5
 2009-10-01 14:11:55 +00:00
Milan Broz
de95a38381 Move dm backend initialisation to library calls. 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@125 36d66b0a-2a48-0410-832c-cd162a569da5
 2009-10-01 10:14:32 +00:00
Milan Broz
8bec41ab34 Properly apply versioned symbols in library and fix problems uncovered 
by doing that:-)

git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@124 36d66b0a-2a48-0410-832c-cd162a569da5
 2009-09-30 15:07:41 +00:00
Milan Broz
5ca9cfde59 Export header backup and restore functions. 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@120 36d66b0a-2a48-0410-832c-cd162a569da5
 2009-09-29 12:31:49 +00:00
Milan Broz
93796f4036 ... and previous reintroduce it as debug message. 
(The problem is when repeated passphrase input is tried on pipe,
it should not show "error reading passphrase", because it fails
for the second reading attepmt anyway but should retain
error message saying "no key with this passpharase...")

git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@117 36d66b0a-2a48-0410-832c-cd162a569da5
 2009-09-28 18:50:05 +00:00
Milan Broz
c096166e48 Remove error message in previous commit. 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@116 36d66b0a-2a48-0410-832c-cd162a569da5
 2009-09-28 18:42:26 +00:00
Milan Broz
fddd7125ca Fail if piped input is broken. 
(Thanks to Ludwig Nussel)

git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@115 36d66b0a-2a48-0410-832c-cd162a569da5
 2009-09-28 18:29:58 +00:00
Milan Broz
e026f089be Add luksHeaderBackup and luksHeaderRestore commands and API cals. 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@114 36d66b0a-2a48-0410-832c-cd162a569da5
 2009-09-28 17:45:38 +00:00
Milan Broz
f51c7b62db Replace locked device with error target after 1 sec of waiting. 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@113 36d66b0a-2a48-0410-832c-cd162a569da5
 2009-09-20 18:02:41 +00:00
Milan Broz
935e83ebfa Initialize crypto library before LUKS header load. 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@111 36d66b0a-2a48-0410-832c-cd162a569da5
 2009-09-15 15:10:23 +00:00
Milan Broz
1cc33f943e patch 1.patch 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@109 36d66b0a-2a48-0410-832c-cd162a569da5
 2009-09-10 12:41:18 +00:00
Milan Broz
dfadce6d80 Try to read first sector from device to properly check that device is ready. 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@106 36d66b0a-2a48-0410-832c-cd162a569da5
 2009-09-08 10:29:50 +00:00
Milan Broz
a47856ac49 Use dm-uuid for all crypt devices, contains device type and name now. 
DM_UUID now contains prefix (CRYPT-), device type (LUKS1, PLAIN, TEMP),
UUID (if provided - LUKS) and device name.

Because e.g. snapshot of full LUKS device during activation must have different
name, DM-UUID is different too and we do not need --disable-uuid option.

DM-UUID is persistent during activation time.

* Revert (and solve different way): Replace not safe option --non-exclusive with --disable-uuid.

Signed-off-by: Milan Broz <mbroz@redhat.com>

git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@105 36d66b0a-2a48-0410-832c-cd162a569da5
 2009-09-08 06:41:44 +00:00
Milan Broz
3cea5dcc7b * Add luksSuspend (freeze device and wipe key) and luksResume (with provided passphrase). 
Signed-off-by: Milan Broz <mbroz@redhat.com>

git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@104 36d66b0a-2a48-0410-832c-cd162a569da5
 2009-09-02 12:47:21 +00:00
Milan Broz
bcd94f6ad4 Add LUKS open and format test using new api. 
Fix some error messages.

git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@102 36d66b0a-2a48-0410-832c-cd162a569da5
 2009-08-31 17:03:22 +00:00
Milan Broz
8a0553d452 Add plain crypt device test using new API. 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@100 36d66b0a-2a48-0410-832c-cd162a569da5
 2009-08-31 10:36:36 +00:00
Milan Broz
3deabc8e56 * Remove old API code helper functions. 
Signed-off-by: Milan Broz <mbroz@redhat.com>

git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@98 36d66b0a-2a48-0410-832c-cd162a569da5
 2009-08-30 18:10:11 +00:00
Milan Broz
7bc5829c43 * Implement old API calls using new functions. 
Signed-off-by: Milan Broz <mbroz@redhat.com>

git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@97 36d66b0a-2a48-0410-832c-cd162a569da5
 2009-08-30 18:10:02 +00:00
Milan Broz
d70782478e * Add new libcryptsetup API (documented in libcryptsetup.h). 
Signed-off-by: Milan Broz <mbroz@redhat.com>

git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@96 36d66b0a-2a48-0410-832c-cd162a569da5
 2009-08-30 18:09:53 +00:00
Milan Broz
344a162a29 * Replace global options struct with separate parameters in helper functions. 
Signed-off-by: Milan Broz <mbroz@redhat.com>

git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@95 36d66b0a-2a48-0410-832c-cd162a569da5
 2009-08-30 18:09:43 +00:00
Milan Broz
74b26c7b8a * Run performance check for PBKDF2 from LUKS code, do not mix hash algoritms results. 
* Add ability to provide pre-generated master key and UUID in LUKS header format.
* Add LUKS function to verify master key digest.
* Move key slot manuipulation function into LUKS specific code.

Signed-off-by: Milan Broz <mbroz@redhat.com>

git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@94 36d66b0a-2a48-0410-832c-cd162a569da5
 2009-08-30 18:09:34 +00:00
Milan Broz
cee0f0b49f * Move device utils code and provide context parameter (for log). 
* Keyfile now must be provided by path, only stdin file descriptor is used (api only).
* Do not call isatty() on closed keyfile descriptor.

Signed-off-by: Milan Broz <mbroz@redhat.com>

git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@93 36d66b0a-2a48-0410-832c-cd162a569da5
 2009-08-30 18:09:21 +00:00
Milan Broz
bf7819ccef * Add log macros and make logging modre consitent. 
* Move command successful messages to verbose level.
* Introduce --debug parameter.

Signed-off-by: Milan Broz <mbroz@redhat.com>

git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@92 36d66b0a-2a48-0410-832c-cd162a569da5
 2009-08-30 18:07:17 +00:00
Milan Broz
4e471a9b03 * Move memory locking and dm initialization to command layer. 
* Increase priority of process if memory is locked.

Signed-off-by: Milan Broz <mbroz@redhat.com>

git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@91 36d66b0a-2a48-0410-832c-cd162a569da5
 2009-08-30 18:07:00 +00:00
Milan Broz
ab953b3ff6 Require device device-mapper to build and do not use backend wrapper for dm calls. 
Signed-off-by: Milan Broz <mbroz@redhat.com>

git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@90 36d66b0a-2a48-0410-832c-cd162a569da5
 2009-08-30 17:56:33 +00:00
Milan Broz
d980dbb300 Allow restrict keys size in LuksOpen (thanks to Stefan Assmann) 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@86 36d66b0a-2a48-0410-832c-cd162a569da5
 2009-08-17 11:04:36 +00:00
Milan Broz
02707608db Allow using passphrase provided in options struct for LuksOpen (thanks to Waldemar Brodkorb). 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@85 36d66b0a-2a48-0410-832c-cd162a569da5
 2009-08-17 11:03:29 +00:00
Milan Broz
ed9e146cb6 Add required parameters for changing hash used in LUKS key setup scheme. 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@80 36d66b0a-2a48-0410-832c-cd162a569da5
 2009-07-30 14:57:52 +00:00