eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-13 11:50:10 +01:00
Code Issues Packages Projects Releases Wiki Activity
2,771 Commits 13 Branches 79 Tags
df8135dfdf5e3c6355f6bdba5ec852fb1861baf6
Commit Graph

434 Commits

Author SHA1 Message Date
Milan Broz
df8135dfdf Check exit value for snprintf where it makes sense. 2021-05-21 14:54:00 +02:00
Milan Broz
280c821b9b Add some fixes and workarounds for gcc-11 static analyzer. 
Not everything is a real bug (false positive rate is very high here),
but the code is actually more readable.
 2021-05-21 14:44:15 +02:00
Milan Broz
418d068470 Allow to use backup header for tcrypt format. 
TrueCrypt/VeraCrypt supports backup header, it seems to have
the same format as normal header.

Let's use --header option here, it can be used to unlock data partition
with header backup (open and dump commands).

Fixes: #587.
 2021-05-19 13:43:37 +02:00
Ondrej Kozina
93382071a5 Fix luksResume when called on non-LUKS device. 2021-02-26 00:16:06 +01:00
Ondrej Kozina
56a01574ff Allow LUKS resume for device with cipher_null. 2021-02-26 00:16:06 +01:00
Ondrej Kozina
c68cd0a483 Unify crypt_resume_by internal code. 2021-02-26 00:16:06 +01:00
Ondrej Kozina
b2135a75e2 Do not upload VK in keyring when data cipher is null. 2021-02-26 00:16:06 +01:00
Ondrej Kozina
91e8f5ffd9 Remove redundant check. 
It can't be non-LUKS2 device at this branching.
 2021-02-26 00:16:06 +01:00
Ondrej Kozina
1e68d73bc3 Fix device comparison for dm-crypt with cipher_null. 
Do not compare volume keys if segment uses cipher_null.
The key is ignored by lower layer (internal libdevmapper)
anyway.
 2021-02-26 00:16:05 +01:00
Ondrej Kozina
17bb1e2fdd Do not upload vk in keyring for cipher_null segment. 
It does not make sense to upload volume keys in
kernel keyring if segment cipher is cipher_null.
The real volume_key is thrown away and replaced
with empty key anyway.
 2021-02-26 00:16:05 +01:00
Milan Broz
4d6d6edcff Backport device_is_identical() changes needed for following patch. 2021-02-26 00:13:48 +01:00
Ondrej Kozina
6e71e2d6ed Fix crypt_keyslot_change_by_passphrase tokens bug. 
crypt_keyslot_change_by_passphrase broke token references
to keyslots while existing keyslot id was different from
new keyslot id.
 2021-02-07 20:02:20 +01:00
Milan Broz
a757d84b91 Update Copyright year. 2021-02-07 16:09:13 +01:00
Luca Boccassi
4c350f4d72 verity: improve crypt_activate_by_signed_key debug log 
Check if a signature is actually available before logging that the
volume is being activated with a signed key.
 2021-02-07 16:09:13 +01:00
Milan Broz
7dbd007ac1 Print a visible error if requesting resize on unsupported format. 
Fixes: #571.
 2021-02-07 16:09:12 +01:00
Milan Broz
9c2d918474 libdevmapper: always return EEXIST if a task fails because the device already exists 
Allows concurrent opens to return a usable error instead of EINVAL
 2020-08-26 13:55:59 +02:00
Ondrej Kozina
a15008d876 Do not create excessively large headers. 
When creating LUKS2 header with specified --offset much larger
then LUKS2 header size we needlessly also wipe (allocate up to
--offset) much larger file than needed.
 2020-08-26 13:52:57 +02:00
Ondrej Kozina
1e94425279 Remove unused parameter from crypto_backend_init. 2020-03-20 11:32:57 +01:00
Milan Broz
0cf5e309a0 Print warning if running without O_CLOEXEC. 2020-02-21 10:23:07 +01:00
Milan Broz
b5fbd682f2 Move fcntl.h to internal defines and check for O_CLOEXEC. 2020-02-21 10:10:11 +01:00
Vojtěch Trefný
61f5dcb11e Return correct data offset for BITLK in crypt_get_data_offset 
First part of the encrypted data will be always directly after
the header.

Fixes: #518
 2020-01-17 14:02:12 +01:00
Milan Broz
165e6c234c Fix some error and debug messages. 
Use BITLK as format name.

Avoid using doesn't -> does not.
 2020-01-11 22:10:59 +01:00
Milan Broz
1be631f43f Add status flag for verity device with signature. 
This patch adds CRYPT_VERITY_ROOT_HASH_SIGNATURE flag to verity info.

Veritysetup status now display "with signature" if an active
device was activated with root hash signature.
 2020-01-11 19:57:39 +01:00
Milan Broz
080566a1fd Update copyright year. 2020-01-03 13:04:55 +01:00
Milan Broz
02821adc47 Fix a signed/unsigned comparison compiler warning. 2020-01-03 11:26:44 +01:00
Milan Broz
0505c70be2 Implement BITLK status info. 
Cryptsetup status <device> should print info about active device.

Also fix mistake in BITLK volume key size (should return bytes, not bits).
 2020-01-03 10:14:47 +01:00
Jaskaran Khurana
f247038e65 Add --root-hash-signature parameter to veritysetup 
Optional parameter root hash signature is added that can be added to
veritysetup.

The signature file is opened and the signature is added to the keyring.

The kernel will use the signature to validate the roothash.

Usage: veritysetup open <data_device> name <hash_device> <root_hash> --root-hash-signature=<roothash_p7_sig_file>

Signed-off-by: Jaskaran Khurana <jaskarankhurana@linux.microsoft.com>
Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>

[Original patch rewritten by Milan Broz]
 2020-01-02 13:08:21 +01:00
Luca Boccassi
188cb114af Add support for verity in crypt_volume_key_get and use it in status 
Other APIs use the root hash in place of keys when using verity
devices, so do the same for crypt_volume_key_get to allow users
to retrieve the root hash of an active verity device.
Use it in veritysetup status to print the root hash.

[Patch slightly modified by Milan Broz]
 2019-12-31 21:44:50 +01:00
Ondrej Kozina
faafe09bd0 Use crypt_volume_key_next where appropriate. 2019-12-31 17:37:33 +01:00
Milan Broz
a0e87c9420 Calculate hash integrity size instead of requiring an explicit tag size. 
When integritysetup formats a device with hash or HMAC integrity checksums,
it requires explicitly tag size entry from a user (or default value).

This leads to confusion and shortened tags.

This patch calculates tag size according to real hash output, and
if tag size is specified, it warns if these values differ.

Fixes: #492.
 2019-12-31 17:37:33 +01:00
Vojtěch Trefný
62c872eb49 Add support for parsing BitLocker metadata 
Currently only support for metadata version 2 is implemented.
 2019-12-30 21:53:06 +01:00
Milan Broz
434fee2e13 Add empty template for BITLK device type. 
Also add DM_ZERO type for multi-segment mapping.
 2019-12-30 21:53:06 +01:00
Ondrej Kozina
7eb47f3db1 Split reencryption locking in two variants. 2019-11-28 16:38:52 +01:00
Milan Broz
ddd15b63b2 Add backward compatibility flags API. 
We need to have some way hot to configure old integrity devices
with legacy padding.

For now, also use in tests to not fail checksum with new kernel.
 2019-11-25 23:14:58 +01:00
Milan Broz
e91b35a53d Print info and warning if dm-integrity fix_padding is set. 
The dump operation prints the fix_padding flag if set.

Also try to print warning if an old kernel is used and th edevice
cannot be activated because of missing fix padding support.
 2019-11-25 19:48:54 +01:00
Milan Broz
48b203a134 Add crypt_resume_by_volume_key() function. 
If user has volume key available, LUKS device can be resumed
directly using provided volume key.
No keyslot derivation is needed, only key digest is checked.

Fixes: #502.
 2019-11-24 18:04:41 +01:00
Milan Broz
b03cb3f3d8 Export memory safe functions. 
Make crypt_safe_alloc/realloc/free and memzero part of API.
 2019-11-16 21:28:54 +01:00
Ondrej Kozina
630e336ea0 Do not allocate data device when identical with metadata device. 
we do not need to allocate separate data device if it's equal
to metadata device during initialization.
 2019-10-04 12:19:14 +02:00
Ondrej Kozina
430852736d Cleanup crypt_init_data_device. 
data_device can not be NULL
 2019-10-04 12:19:09 +02:00
Ondrej Kozina
bb1ce4a069 Check plain crypt device is properly aligned on activation. 2019-10-02 13:40:10 +02:00
Ondrej Kozina
5e3e4a225e Check resize operation is aligned to device logical size. 
Fixes #486.
 2019-10-01 12:41:43 +02:00
Ondrej Kozina
54d757a4c7 Fix illegal access to deallocated memory. 
When deallocating context with LUKS2 reencryption handle
we access data device structure after being free'd.
 2019-08-09 12:43:23 +02:00
Ondrej Kozina
91879960e6 Move most of crypt_reencrypt_status to reencryption file. 2019-08-05 18:29:37 +02:00
Ondrej Kozina
270e6959b8 Make crypt_reencrypt_status return 'none' value for non-LUKS2 devices. 2019-08-05 18:29:37 +02:00
Ondrej Kozina
71f7385fcb Add support for linear segment in device comparison. 2019-08-01 10:43:57 +02:00
Ondrej Kozina
fbedf0ba6b Improve dm-crypt segments comparison function. 
Check key descriptions are identical if both targets
were constructed using keys in kernel keyring service.
 2019-08-01 10:40:37 +02:00
Ondrej Kozina
cf710eab13 Add internal crypt_compare_dm_devices. 2019-08-01 10:40:37 +02:00
Ondrej Kozina
b216a6a30e Introduce crypt_strcmp function (allows NULL). 2019-07-31 14:58:55 +02:00
Milan Broz
1d59ae9aa9 Remove FIPS mode restriction for crypt_volume_key_get. 
It is an application responsibility to use this API in the proper
context.
 2019-07-30 14:12:50 +02:00
Ondrej Kozina
0e994265c6 Report data segment is moved in crypt_reencrypt_status. 2019-07-26 16:09:38 +02:00