eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-11 19:00:02 +01:00
Code Issues Packages Projects Releases Wiki Activity
3,396 Commits 15 Branches 78 Tags
e161cd185927709c21bfde7bce8e1a8b6abfaffc
Commit Graph

3396 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Milan Broz
e161cd1859 Add constant time crypt_bytes_to_hex helper and use it in libdevmapper. 
Fixes: #736
 2022-04-28 08:11:58 +00:00
Milan Broz
ff14c17de7 Use constant time conversion for crypt_hex_to_bytes. 
We use hexa conversions for keys, avoid possible
leaks with cover channels by making these functions
constant time.
 2022-04-28 08:11:58 +00:00
Ondrej Kozina
1ac6a58475 Simplify LUKS2_segment_first_unused_id(). 2022-04-27 11:50:48 +02:00
Ondrej Kozina
2dbd96ebbf Fix LUKS2_get_data_size function. 
The function wrongly expected segment objects being
ordered (ascending order) in segments container.

The LUKS2 format never guaranteed that and it could
lead to wrong LUKS2 device size calculation in case
last segment (by key) was stored before any other segment
with fixed size.
 2022-04-27 11:44:51 +02:00
Ondrej Kozina
a29f74b5ad Silent reencryption by volume key passed in file. 
It emitted confusing error message. It's expected
new volume key would not match the existing one.
 2022-04-26 05:46:01 +00:00
Ondrej Kozina
cc107ee20e Silent crypt_volume_key_verify call. 
And moves the error message in tools instead.
 2022-04-25 19:47:09 +00:00
Ondrej Kozina
c67db10c22 Do not allow sector size increase reencryption in offline mode. 
The eventual logical block size increase on dm-crypt device above
filesystem block size may lead making fs unusable. Do not allow
offline reencryption when sector size increase is requested.

If users really want to perform it make them use existing
--force-offline-reencrypt option.
 2022-04-25 12:18:33 +02:00
Ondrej Kozina
65a5943ee5 Check sb block size only if actual sector size gets increased. 2022-04-25 09:55:55 +02:00
Ondrej Kozina
5a8b95aa45 Clarify clean up path of empty dm_target structure. 2022-04-22 15:02:41 +00:00
Milan Broz
f391f4baf1 Fix memory leaks in integrity resize with keyed parameters. 
The whole game with reallocating keys is not needed.

(Perhaps not even for crypt type, but that is not part of this patch).
 2022-04-22 11:34:13 +02:00
Milan Broz
4cdcd908f4 Fix memory leak in integrity resize api-test. 2022-04-21 08:21:01 +00:00
Milan Broz
1d6a445e43 Fix integrity api-test. 
The journal crypt is in wrong format (this never worked! :),
here it takes kernel syntax.
Also use CBC a CTR mode could be missing here.

Fox typo in key length caclulation.

Clear temporary dm devices after test, loop devices are reused.

If the first device format is ok, all subsequent cals should
be treated as an error.
 2022-04-21 08:21:01 +00:00
Milan Broz
ed13852899 Fix reload integrity device. 
The offset cannot be referenced from the crypt union for integrity type.

Keyring setting key works only for crypt devices.

Also reformat long lines.
 2022-04-21 08:21:01 +00:00
Milan Broz
efc1590405 Fix formatting warning for a 32bit arch. 2022-04-21 08:21:01 +00:00
Milan Broz
4b1ba47ca1 Avoid compilation warning if configured with --disable-blkid. 2022-04-20 16:08:58 +00:00
Milan Broz
e4a0d25315 Fix missing batch option in test. 2022-04-20 16:08:58 +00:00
Milan Broz
81a63aca22 Fix tests if compiled with --disable-blkid. 
Note that htere are some systems with blkid but without
blkid support for secondary LUKS2 header (CentOS6 for example).
 2022-04-20 16:08:58 +00:00
Milan Broz
ebabf3ffee Add compile-in flag to program version output. 
Then we can check if tools are compiled with a support for specific
extension/library.
 2022-04-20 16:08:58 +00:00
Milan Broz
3363bad8c2 Speed-up tcrypt test. 
We can limit hash and cipher to not scan all variants here.
 2022-04-20 14:37:13 +00:00
Milan Broz
773fc0195f Fix typos found by codespell. 
Thanks Dimitri Papadopoulos Orfanos for the patch.

Fixes: #734.
 2022-04-20 14:37:13 +00:00
Milan Broz
d3ad18ad81 Add compile info to README. 
This information was lost when we removed default automake INSTALL file.
 2022-04-20 14:37:13 +00:00
Milan Broz
5c7858883c Remove cryptsetup-reencrypt version dump from tests. 2022-04-20 14:37:13 +00:00
Ondrej Kozina
c9da460b6c Do not allow dangerous sector size change during reencryption. 
By changing encryption sector size during reencryption we may
increase effective logical block size for dm-crypt active device.

For example if hosted filesystem on encrypted data device
has block size set to 512 bytes and we increase dm-crypt logical
size durign reencryption to 4096 bytes it breaks the filesystem.

Do not allow encryption sector size to be increased over value
provided by fs superblock in BLOCK_SIZE property.

The check is applied while initialising LUKS2 device encryption
(reencrypt --encrypt/--new) or when initialising LUKS2 reencryption
on active dm-crypt device.

Note that this check cannot be applied on offline device (data device
is encrypted).
 2022-04-19 13:27:37 +00:00
Ondrej Kozina
38d1f01b12 Add tools helper reporting blkid support. 2022-04-19 13:27:37 +00:00
Ondrej Kozina
624026a98f Refactor reencrypt_get_active_name helper. 2022-04-19 13:27:37 +00:00
Ondrej Kozina
f6452e1656 Add superblock BLOCK_SIZE detection in tools. 2022-04-19 13:27:37 +00:00
Ondrej Kozina
2388777763 Add option to probe only superblocks in blkid. 2022-04-19 13:27:37 +00:00
Ondrej Kozina
be5c5788d4 Add support for superblock BLOCK_SIZE property. 2022-04-19 13:27:37 +00:00
Milan Broz
f1eea3a4b3 Clean reencrypt status struct for API call. 
This function should not return unitialized struct as there
is no indication that it failed and caller can access it.

Also fixes a Coverity warning.
 2022-04-19 08:53:44 +00:00
Milan Broz
2857e10083 Fix UTF16 buffer overflow in bitlk volume key dump. 
It is UTF16, so even the terminating character is char16_t.

(Found by gcc sanitizer.)
 2022-04-17 13:59:03 +02:00
Milan Broz
99c4c3adbf Skip question if batch mode is set for volume key bitlk dump. 
Other formats use the same logic.
 2022-04-17 13:58:08 +02:00
Milan Broz
f34b3b27ec Do not use definitions in for cycle. 2022-04-15 21:44:52 +02:00
Milan Broz
ab6762b849 Fix possible missing uchar.h. 2022-04-15 21:43:45 +02:00
Milan Broz
3fbc480e32 Clean headers for utf8 wrapper. 2022-04-15 21:22:07 +02:00
Milan Broz
ce1c39dc54 Properly report if sectior size cannot be used for bitlk activation. 2022-04-15 21:02:52 +02:00
Milan Broz
9b60e2d959 Add some tests for invalid keyslot JSON objects. 2022-04-14 10:28:20 +00:00
Milan Broz
e89071e73f Fix keyslot JSON validation. 
If keyslot JSON is corrupted (kdf,af,area objects),
validate function can crash.

Fix it by always using JSON type check.

Fixes: #731
 2022-04-14 10:28:20 +00:00
Ondrej Kozina
dbd4dc1dc0 Speedup reencryption tests. 2022-04-13 16:23:01 +02:00
Ondrej Kozina
acd2601bd7 Drop unused code in lib/utils_blkid.c 2022-04-13 16:16:57 +02:00
Ondrej Kozina
d56ccc97b8 Detect broken LUKS metadata in-before encryption. 
We should abort LUKS device in-place encryption
when target data device or metadata device
contain broken LUKS metadata (any version).
Filed crypt_load() call was not good enough check
because the call fails also when a device contains
LUKS metadata overlapping with other superblock
(e.g. LVM2 PV signature).

Let blkid decide if device contains broken LUKS
metadata or not.

Fixes: #723.
 2022-04-11 11:38:56 +00:00
Ondrej Kozina
412de7dc25 Add suport for filtering only LUKS signatures. 2022-04-11 11:38:56 +00:00
Ondrej Kozina
8c350b65a3 Prepare tools_detect_signatures for new filter type. 2022-04-11 11:38:56 +00:00
Milan Broz
83ef36bd59 Add tests for LUKS2 JSON mangled top-level objects. 2022-04-09 21:27:09 +02:00
Milan Broz
c07cfa20de test generators: unify checksum check functions 2022-04-09 21:25:55 +02:00
Milan Broz
6d8587c137 test generators: unify kill header check functions 2022-04-09 21:25:55 +02:00
Milan Broz
d43b495f21 test generators: unify mangle & kill header functions 2022-04-09 21:25:55 +02:00
Milan Broz
e97238fb6d test generators: use one common cleanup function 2022-04-09 21:25:55 +02:00
Milan Broz
c9ead0482d test generators: use one common prepare function 2022-04-09 21:25:55 +02:00
daniel.zatovic
9c26a73d96 Validate JSON area root objects' types. 2022-04-07 15:29:05 +00:00
Ondrej Kozina
ea35573c82 Ask user for confirmation before resuming reencryption. 
The prompt is not showed in batch mode or when user
explicitly asks for reencryption resume via --resume-only.
 2022-04-07 13:50:09 +02:00