eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-24 01:00:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
4,555 Commits 13 Branches 81 Tags
bc1b149ee4083e6736be8c8ed9fd4dd13ea3513c
Commit Graph

4555 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Yuri Chornoivan
05fc7b172d po: update uk.po (from translationproject.org) 2022-06-20 17:30:20 +02:00
Hiroshi Takekawa
66c5b52b42 po: update ja.po (from translationproject.org) 2022-06-20 17:30:20 +02:00
Frédéric Marchal
af3559a0f6 po: update fr.po (from translationproject.org) 2022-06-20 17:30:20 +02:00
Roland Illig
bcde337a42 po: update de.po (from translationproject.org) 2022-06-20 17:30:20 +02:00
Yuri Chornoivan
83103627b2 Fix minor typo. 
Fixes: #752
 2022-06-20 11:37:44 +00:00
Milan Broz
8f8703f1c3 Update cryptsetup.pot. 2022-06-17 19:58:31 +02:00
Milan Broz
857d17d210 Fix makefile to include wipe-test in dist tarball. 2022-06-17 19:57:31 +02:00
Milan Broz
62a3954c9d Add a debug message after crypt_load in error path. 2022-06-17 19:30:35 +02:00
Milan Broz
c72aecf86d Add comment to validation code. 2022-06-17 16:08:52 +02:00
Milan Broz
d9b66afe5e Replace json_bool with stdbool. 
This is some relict from old code, just use bool, we already
require it elsewhere.
 2022-06-17 16:04:31 +02:00
Milan Broz
18ada2b7de Check for interval overflow in LUKS2 validation code. 
Invalid values that overflows in interval check were silently ignored.

Fix this by explictily adding check for interval overflow in keyslots
and segment validation.

Fixes: #748
 2022-06-17 16:03:32 +02:00
Milan Broz
279490b622 Add test for keyslot area overflow during validation. 2022-06-17 16:03:32 +02:00
Milan Broz
dfd96d8a39 Report uint64 overflows and conversion errors in log debug during LUKS2 validate. 2022-06-17 16:03:30 +02:00
Milan Broz
ba9e36ceae Add empty string check to LUKS2 JSON validation. 
Most of the LUKS2 fields cannot be empty,
add check for JSON validation for it to fail early.

Fixes: #746
 2022-06-17 14:46:50 +02:00
Ondrej Kozina
f97af5dcfe Add LUKS2 decryption with datashift tests. 2022-06-17 13:48:15 +02:00
Ondrej Kozina
b4e9bca354 Enable LUKS2 decryption datashift support in cli. 
Fixes: #669.
 2022-06-17 13:48:12 +02:00
Ondrej Kozina
c36f9899cf Add support for LUKS2 decryption with datashift. 
Adds support for LUKS2 decryption of devices with a
header put in the head of data device. During the initialization
header is exported to a file and first data segment
is moved to head of data device in place of original header.

The feature introduces several new resilience modes (combination
of existing modes datashift and "checksum" or "journal").
Where datashift resilience mode is applied for data moved towards
the first segment and first segment is decrypted in-place.

The mode is not backward compatible with prior LUKS2 reencryption
and therefor interrupted operation in progress can not be resumed
using older cryptsetup releases.

Fixes: #669.
 2022-06-17 13:48:12 +02:00
Ondrej Kozina
f3a46b8e93 Check user provided correct passphrase before initializing decryption. 
It would fail later anyway (due to wrong passphrase provided) but
it's better to stop sooner.
 2022-06-17 13:48:12 +02:00
Ondrej Kozina
b84132c140 Wrap some long lines. 2022-06-17 13:48:12 +02:00
Ondrej Kozina
90ff707bff Move load_luks2_by_name helper. 2022-06-17 13:48:12 +02:00
Ondrej Kozina
f00d897240 Wipe unused area after reencryption with datashift in forward direction. 2022-06-17 13:48:12 +02:00
Ondrej Kozina
daa2b60d62 Sync signature wipes in tools_wipe_all_signutares. 2022-06-17 13:48:12 +02:00
Ondrej Kozina
4892b24d6a Add options parameters to tools_wipe_all_signatures routine. 2022-06-17 13:47:48 +02:00
Ondrej Kozina
369a18cd3b Rename sector size related variables. 2022-06-14 17:11:25 +02:00
Ondrej Kozina
2240e75bb9 Add proper error message for invalid device_size reencryption argument. 2022-06-14 15:31:52 +02:00
Ondrej Kozina
3a4e38736c Rename variable used to store total reencryption data size. 2022-06-14 15:31:52 +02:00
Ondrej Kozina
dff34a1251 Check datashift value against larger sector size. 
For example it could cause an issue if misaligned to 4K sector
size during decryption.
 2022-06-14 15:31:52 +02:00
Ondrej Kozina
c08aa21a93 Move datashift alignment verification to reencrypt_verify_resilience_params. 2022-06-14 15:31:52 +02:00
Ondrej Kozina
cbf82733ae Clarify error message about invalid datashift value. 2022-06-14 15:31:52 +02:00
Ondrej Kozina
75e429b8d1 Simplify LUKS2 sector_size helpers. 2022-06-14 15:31:52 +02:00
Ondrej Kozina
e23992d531 Fix bug in json_segment_get_sector_size. 
Upper layers always expected 0 on error.
Due to this bug this function could cause
sector_size overflow when segment definition
did not contain 'sector_size' field ('linear').
 2022-06-14 15:31:52 +02:00
Milan Broz
f881092bbc tcrypt: fix EPERM return code 
If some kdf are not available, we incuidentally returned EINVAL
error code instead od EPERM.

This caused that error message is not correctly printed and also
retry count is not applied.

Fixes: #745.
 2022-06-13 12:45:22 +02:00
Ondrej Kozina
ba37298e4f Add debug message in validation code for missing key digest. 2022-06-09 12:03:14 +02:00
Ondrej Kozina
98ca9c61d6 Add new internal state marking resilience type as not set. 2022-06-09 12:03:14 +02:00
Ondrej Kozina
ee5a7d19c9 Simplify reencrypt_update_flag usage due to version support. 2022-06-09 12:03:14 +02:00
Ondrej Kozina
7b4d5fe067 Provide routine for setting LUKS2 requirement with version. 2022-06-09 12:03:14 +02:00
Ondrej Kozina
07f8dfc46d Write updated LUKS2 reencrypt keyslot immediately. 2022-06-09 12:03:14 +02:00
Ondrej Kozina
99a3d328f0 Harden checksum resilience parameters verification. 2022-06-09 12:03:14 +02:00
Ondrej Kozina
e8ec3e1005 Allocate buffer for checksum resilience on-demand. 2022-06-09 12:03:14 +02:00
Ondrej Kozina
007e56727c Refactor reencrypt_recover_segment. 2022-06-09 12:03:14 +02:00
Ondrej Kozina
4de09ace8f Minor code refactoring in reencryption loop. 2022-06-09 12:03:14 +02:00
Ondrej Kozina
97b88d878e Refactor internal reencrypt_hotzone_protect_final. 
Avoid passing whole reencryption context when not
needed.
 2022-06-09 12:03:14 +02:00
Ondrej Kozina
b43ca18c64 Postpone reencryption dm segments refresh. 
Refresh (and therefore suspend hotzone) reencryption dm
segments in-before actual hotzone reencryption takes place.

This commit shortens time window during which hotzone is
suspended. Also it avoids eventual deadlock if reencryption process
triggers page miss during storage wrapper reinitialization and required
data is stored in (previously) suspended hotzone (corner case).
 2022-06-09 12:03:14 +02:00
Ondrej Kozina
0768d3be84 Cleanup existing assert usage in LUKS2 json code. 2022-06-09 12:03:14 +02:00
Ondrej Kozina
828cfdb6a2 Reduce code duplication in LUKS2 requirements handling. 2022-06-09 12:03:14 +02:00
Ondrej Kozina
582f2c3449 Replace memset with crypt_safe_memzero where reasonable. 
Better safe than sorry.
 2022-06-09 12:03:14 +02:00
Ondrej Kozina
bf0d0203e8 Add routine for erasing resilience structure. 2022-06-09 12:03:14 +02:00
Ondrej Kozina
b75a6d2b64 Properly update hash parameter for checksum resilience. 
Checksum hash parameter obtained via API call can not be used directly.
It gets lost during subsequent call to crypt_reencrypt_init_by_* API
when library reloads crypt context.
 2022-06-09 12:03:14 +02:00
Ondrej Kozina
450265c153 Separate reencryption params verification for update. 2022-06-09 12:03:14 +02:00
Ondrej Kozina
cfb54be9a3 Refactor reencrypt_length() function. 2022-06-09 12:03:14 +02:00