eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-05 16:00:05 +01:00
Code Issues Packages Projects Releases Wiki Activity
2,756 Commits 14 Branches 78 Tags
d1d9dd8e202247f4bd44ebc25be284c612d112c7
Commit Graph

84 Commits

Author SHA1 Message Date
Milan Broz
d1d9dd8e20 Update Copyright year. 2021-01-25 22:00:25 +01:00
Joe Richey
cc2d29dbf4 Include correct type definition in .h files 
Right now, cryptsetup makes an attempt to include the correct
definitions in all of its header files, allowing the headers to
compile regardless of the context in which they are included.

A few files were missed, this change fixes them by adding the minimal
set of #includes needed to get them to compile.

Signed-off-by: Joe Richey <joerichey@google.com>
 2020-09-19 20:35:55 +00:00
Milan Broz
2ce8573f04 Add PIN processing to tokens. 2020-08-15 10:10:40 +02:00
Ondrej Kozina
c9ff83bfa3 Implement external tokens unload. 2020-08-11 17:36:26 +02:00
Milan Broz
7d475266b6 Simplify internal tokens handling. 2020-08-09 13:17:40 +02:00
Milan Broz
4451df15b4 Rename luks2_reenc_context to luks2_reecrypt. 2020-07-07 14:20:39 +02:00
Milan Broz
967e3de552 Rename LUKS2_reenc_status to LUKS2_reencrypt_status. 2020-07-07 14:20:39 +02:00
Milan Broz
d95472e757 Rename LUKS2_reencrypt_status to LUKS2_reencrypt_get_params to avoid confusion. 2020-07-07 14:20:39 +02:00
Milan Broz
3e0e5bac2a Use LUKS2_reencrypt prefix for function defined in luks2.h. 
This should clean up prefixes a little bit.
 2020-07-07 14:20:39 +02:00
Milan Broz
08cb76bbfd Do not expose json_object in luks2.h. 
Later we can use different implementation of JSON parser.
Also define structs in one place.
 2020-07-07 14:20:39 +02:00
Milan Broz
281dd51f5a Remove json_object argument from area size checks. 
These functions are internal to LUKS2 implementation.
 2020-07-07 14:20:39 +02:00
Milan Broz
1c7c815108 Move LUKS2 internal functions to internal header. 
This is the first step to remove json_object from internal API.
 2020-07-07 14:20:39 +02:00
Ondrej Kozina
d177af8842 Do not create excessively large headers. 
When creating LUKS2 header with specified --offset much larger
then LUKS2 header size we needlessly also wipe (allocate up to
--offset) much larger file than needed.
 2020-07-07 14:20:19 +02:00
Milan Broz
080566a1fd Update copyright year. 2020-01-03 13:04:55 +01:00
Ondrej Kozina
7eb47f3db1 Split reencryption locking in two variants. 2019-11-28 16:38:52 +01:00
Ondrej Kozina
c646832bfe Add hard and soft memory limit to reencrypt hotzone size. 
Currently hard memory limit is 1 GiB. Soft limit is
1/4 of system memory.

Note that --hotzone-size cryptsetup parameter can only further
lower hard and soft memory limit on hotzone size and not bypass
it.
 2019-10-04 12:20:22 +02:00
Ondrej Kozina
9c38e09ad3 Retain activation flags during and after online reencryption. 2019-10-04 12:20:06 +02:00
Ondrej Kozina
a23e1cf729 LUKS2 code cleanup. 
- drop unused code
- drop unused function declarations
- remove local routines from internal api
 2019-08-05 18:29:37 +02:00
Ondrej Kozina
91879960e6 Move most of crypt_reencrypt_status to reencryption file. 2019-08-05 18:29:37 +02:00
Ondrej Kozina
cbb3ca01f4 Reencryption code cleanup. 
- Remove all 'LUKS2_' name prefixes from internal routines
- Make all internal routines prefixed with 'reencrypt_' instead
- Drop few static routines by refactoring
- Rename all variables and routines containing 'pre' prefix to
  contain 'hot' prefix instead (when referring to segments
  undergoing reencryption)
- Rename all variables and routines containing 'after' prefix to
  contain 'post' prefix instead
- Rename all routines prefixed with '_' to 'reencrypt_' instead
 2019-08-05 18:29:35 +02:00
Ondrej Kozina
b3af88708d Change reencryption mode parameter type to enum. 2019-08-01 15:40:53 +02:00
Ondrej Kozina
b79086b3e9 Refactor assembly of multi-segment LUKS2 devices. 2019-07-31 14:58:55 +02:00
Ondrej Kozina
b551bdb0ce Make json_segments_count fn return unsigned value. 2019-07-31 14:58:55 +02:00
Ondrej Kozina
607e2248c8 Simplify LUKS2_reencrypt_direction function. 2019-07-26 16:06:03 +02:00
Ondrej Kozina
1b82e70fc1 Fix bug in minimal device size calculation for reencryption. 2019-07-26 16:06:03 +02:00
Ondrej Kozina
7460d1a446 Fix backward reencryption with data shift. 
The device has to be shrunk the data shift size during activation.
Otherwise the online reencryption would fail with incorrect device
size.
 2019-07-26 16:04:27 +02:00
Ondrej Kozina
dd0e073159 Fill direction field in crypt_reencrypt_status. 2019-07-23 17:28:26 +02:00
Ondrej Kozina
292a5f50b2 Allow offline reencryption on files without root privileges. 
If userspace block ciphers are not available try kcapi first.
 2019-06-27 10:19:23 +02:00
Ondrej Kozina
bbdf9b2745 Read and compare metadata sequence id after taking write lock. 2019-06-12 12:36:46 +02:00
Ondrej Kozina
0c725a257d Compare moved segment specific size against real device size only. 2019-05-24 17:29:56 +02:00
Ondrej Kozina
5472fb0c56 Refactor reencryption recovery during activation. 2019-05-24 17:07:36 +02:00
Ondrej Kozina
013d0d3753 Rename internal reencrypt enum to REENC_PROTECTION_NONE. 2019-05-21 18:08:00 +02:00
Ondrej Kozina
31cd41bfe4 Add support for reencryption of initial device part. 
It's useful to reencrypt only initial device part only.
For example with golden image reencryption it may be useful
to reencrypt only first X bytes of device because we know
the rest of device is empty.
 2019-05-21 15:54:07 +02:00
Ondrej Kozina
af6c321395 Set default length for reencryption with resilience 'none' only. 2019-05-21 15:54:07 +02:00
Milan Broz
1f91fe7a2c Use JSON-debug wrappers. 2019-05-03 14:02:43 +02:00
Ondrej Kozina
a7f80a2770 Add resilient LUKS2 reencryption library code. 2019-05-02 16:44:23 +02:00
Ondrej Kozina
86b2736480 Drop unused type parameter from LUKS2_keyslot_find_empty() 2019-04-23 10:41:56 +02:00
Ondrej Kozina
fdcd5806b1 Allow to change requirements flag in-memory only. 2019-03-25 11:37:32 +01:00
Ondrej Kozina
304942302b Introduce CRYPT_DEFAULT_SEGMENT abstraction. 
Default segment is no longer constant segment with id 0.
 2019-03-13 14:56:31 +01:00
Ondrej Kozina
8dc1a74df8 Adapt existing code to future reencryption changes. 2019-03-13 14:56:31 +01:00
Ondrej Kozina
e295d01505 Adding new functions later used in reencryption. 2019-03-13 14:56:31 +01:00
Ondrej Kozina
56b571fcaa Use const before vk in all digest verify functions. 2019-03-08 08:52:47 +01:00
Ondrej Kozina
46bf3c9e9c Add segment create helpers. 2019-03-08 08:44:51 +01:00
Ondrej Kozina
203fe0f4bf Move get_first_data_offset to luks2_segment.c 2019-03-08 08:42:23 +01:00
Ondrej Kozina
7569519530 Allow unbound keyslots to be assigned to existing digest. 
If passed key matches any existing digest we will not create
new digest but assign the keyslot to already existing one.

Because reencryption should be able to create more than one
keyslot assigned to new key digest.

TODO: Tests for the new feature
 2019-03-08 08:37:27 +01:00
Ondrej Kozina
8c168cc337 Introduce file for luks2 segments handling. 2019-03-05 17:08:02 +01:00
Ondrej Kozina
f26ee11913 Assert reasonable LUKS2 default header size. 2019-02-07 18:40:39 +01:00
Milan Broz
2435d76a39 Use 16MB LUKS2 header size by default. 2019-02-07 18:40:14 +01:00
Milan Broz
319fd19b5e Add implementation of crypt_keyslot_pbkdf(). 
This function allows to get PBKDF parameters per-keyslot.
 2019-02-07 12:55:12 +01:00
Milan Broz
4edd796509 Fix typo. 2019-02-06 21:48:29 +01:00