alter all checks for devfd value after device_open to
less than zero insted of equals to -1. device_open will
return values different from -1 in case error happens.
In LUKSv1 device_open should always return -1 in case of
error but this check is safer.
The rest is just formating improvement.
fix double close() cases in LUKS_hdr_backup() and LUKS_hdr_restore()
functions. It should be harmless unless libcryptsetup is used
in multi-thread setup which is not supported anyway.
- ensure that strings are \0 terminated (most of this is already
handled on higher level anyway)
- fix resource leak in error path in tcrypt.c
- fix time of check/time of use race in sysfs path processing
- insruct Coverity scanner to ignore constant expression in random.c
(it is intented to stop compile-time misconfiguration of RNG that would be fatal)
The previous PBKDF2 benchmark code did not take into account
output key length.
For SHA1 (with 160-bits output) and 256-bit keys (and longer)
it means that the final value was higher than it should be.
For other hash algorithms (like SHA256 or SHA512) it caused
that iteration count was smaller (in comparison to SHA1) than
expected for the requested time period.
This patch fixes the code to use key size for the formatted device
(or default LUKS key size if running in informational benchmark mode).
Thanks to A.Visconti, S.Bossi, A.Calo and H.Ragab
(http://www.club.di.unimi.it/) for point this out.
(Based on "What users should know about Full Disk Encryption
based on LUKS" paper to be presented on CANS2015).
The cipher_null is no-encryption, it can be used for testing
or temporarily when encrypting device (cryptsetup-reencrypt).
Accepting only empty password prevents situation when you replace
a LUKS header on an unlocking device with the faked header using
null cipher (and the same UUID).
Here a system could think that the device was properly unlocked
(with any entered password) and will try to use this unencrypted
partition instead.
(IOW it prevents situation when attacker intentionaly forces
an user to boot into dirrerent system just by LUKS header manipulation.)
Properly configured systems should have an additional integrity protection
in place here (LUKS here provides only confidentiality) but it is better
to not not allow this situation in the first place.
(Despite the fact that once you allow physical tampering of your system
it cannot be properly secured anymore.)
Apparently there are some people using ECB.
This mode by design do not use any IV, unfortunately
kernel dmcrypt allows to specify them (but userspace crypto api don't).
Let support activation as it was in previous version.
Should fix issue#238.
If user provided unusable cipher-mode string, LUKS header was written and
keyslot creation failed later.
Better check early (by creating fake dmcrypt device) if cipher is usable
and fail early (without writing LUKS header to device).
Fixes Issue#176
LUKS detached header has some limitations, one of them
is that you cannot run some explicit check for data offsets
without providing also data device.
Because luksDump and all key handle commands takes only
metadata device (LUKS heaer device), it not easy to properly
support data payload offset validation.
So if detached header is present for luksFormat, code now
allows data payload 0 (IOW whole data device is used)
and explicit offset larger than header+keyslots
(the same as the header is on data device - so some space is wasted).
N.B. with detached header the option --align-payload is used
directly without any round up caculations.
Fixes Issue#155.
Allocate loop device late (only when real block device needed).
Rework underlying device/file access functions.
Move all device (and ioctl) access to utils_device.c.
Allows using file where appropriate without allocation loop device.
