eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-15 12:50:06 +01:00
Code Issues Packages Projects Releases Wiki Activity
2,537 Commits 15 Branches 79 Tags
e6a356974330e3ae21579a5737976e9a2aad1b51
Commit Graph

556 Commits

Author SHA1 Message Date
Ondrej Kozina
a90a5c9244 Avoid double free corruption after failed crypt_init_data_device. 2019-03-01 20:31:00 +01:00
Milan Broz
dce7a1e2aa Fix gcc warning in tests. 2019-02-24 12:35:54 +01:00
Milan Broz
a354b72546 Add some symmetric block ciphers vector tests for crypto backend. 2019-02-24 12:35:50 +01:00
Milan Broz
ac8f41404b Simplify and reformat hash/HMAC test vectors test. 2019-02-24 12:35:45 +01:00
Milan Broz
fc7b257bab Silence dmsetup removal messages. 2019-02-13 13:34:39 +01:00
Milan Broz
787066c292 Report error if no LUKS keyslots are available. 
Also fix LUKS1 keyslot function to proper return -ENOENT errno in this case.

This change means, that user can distinguish between bad passphrase and
no keyslot available. (But this information was avalilable with luksDump
even before the change.)
 2019-02-13 13:19:48 +01:00
Milan Broz
71ab6cb818 Fix other tests to not fail if keyring support is missing in kernel. 2019-02-12 16:16:56 +01:00
Milan Broz
1158ba453e Use better test for a bad loop descriptor. 2019-02-12 14:54:56 +01:00
Milan Broz
2e3f764272 Fix api-test-2 to properly detect missing keyring in kernel. 
Also properly cleanup after some failures.
 2019-02-12 14:49:21 +01:00
Ondrej Kozina
d754598143 Preserve LUKS2 mdata & keyslots sizes after reencryption. 2019-02-08 12:00:24 +01:00
Ondrej Kozina
47f632263e Add missing crypt_free() in api test. 2019-02-08 11:56:52 +01:00
Ondrej Kozina
57670eeeb7 Detect LUKS2 default alignmnet in align tests. 2019-02-07 18:40:48 +01:00
Milan Broz
348d460ab7 Workarounds for larger LUKS2 header for tests. 2019-02-07 18:39:50 +01:00
Milan Broz
319fd19b5e Add implementation of crypt_keyslot_pbkdf(). 
This function allows to get PBKDF parameters per-keyslot.
 2019-02-07 12:55:12 +01:00
Ondrej Kozina
b0ced1bd2c Make compat-test2 work with 16M data offset. 2019-02-06 21:43:36 +01:00
Ondrej Kozina
1ce3feb893 Add format test for detached header using last keyslot. 2019-02-06 21:41:43 +01:00
Ondrej Kozina
0cac4a4e0c Make api test run with any defalt LUKS2 header size. 2019-02-06 11:48:47 +01:00
Ondrej Kozina
e9dcf6b8dd Simplify create_empty_header in cryptsetup-reencrypt. 
In most cases we do not need to create large files for new headers.
crypt_format already allocates enough space for all keyslots in files
during internal header wipe.

Fixes #410.
 2019-02-06 11:48:07 +01:00
Milan Broz
54171dfdd3 Fix api-test to detect kernel without needed crypto module for tcrypt test. 2019-01-31 16:32:11 +01:00
Milan Broz
dc8db34155 Run keyring test only for recent kernels. 2019-01-31 16:31:09 +01:00
Rafael Fontenelle
2b55f6420a Fix misspellings 2019-01-28 08:40:20 -02:00
Milan Broz
943cc16020 Fix test to print exit line and use explicit key size. 2019-01-25 13:38:24 +01:00
Milan Broz
a6f5ce8c7b Update copyright year. 
And unify name copyright format.
 2019-01-25 09:45:57 +01:00
Milan Broz
580f0f1a28 Add some FIPS mode workarounds. 
We cannot (yet) use Argon2 in FIPS mode, hack scripts and library
to use PBKDF2 or skip tests and fix tests to run in FIPS mode.
 2019-01-24 17:04:13 +01:00
Milan Broz
388afa07f4 Cleunup devices before running mode-test. 2019-01-23 14:14:45 +01:00
Milan Broz
1def60cd2c Do not allow conversion to LUKS1 if hash algorithms differs (digest,AF). 2019-01-22 14:19:58 +01:00
Milan Broz
cdb4816fbb Allow setting of hash function in LUKS2 PBKDF2 digest. 
For now, the hash was set to sha256 (except for converted LUKS1 header).

This patch adds the same logic as in LUKS1 - hash aglorithms is
loaded from PBKDF setting.

Fixes #396.
 2019-01-22 12:45:01 +01:00
Milan Broz
be46588cf0 Allow LUKS2 keyslots area to increase if data offset allows it. 
ALso deprecate align-plauload option and add more debugging code
to understand internal calculation of metadata and keyslots area sizes.

Fixes #436.
 2019-01-22 09:23:49 +01:00
Milan Broz
5ee0b01118 Add test for specific legacy plain hash type. 2019-01-20 10:20:44 +01:00
Milan Broz
fbfd0c7353 Update Nettle crypto backend. 
WARNING: this is just experimental backend, use only for testing.
 2019-01-16 21:13:00 +01:00
Milan Broz
82a1f33260 Silence new warning in tests if run on older kernel. 2019-01-15 15:15:25 +01:00
Milan Broz
238c74643b Add some more hash algorithms test. 2019-01-15 14:06:51 +01:00
Milan Broz
51dd2762a9 Add --debug-json switch and log level. 
The JSON structures should not be printed by default to debug log.

This flag introduces new debug level that prints JSON structures
and keeps default debug output separate.
 2019-01-10 14:52:49 +01:00
Milan Broz
cf31bdb65c Workaround for test failure with disabled keyring. 
NOTE: this need proper fix, tests should not expect a device state
from previous test.
 2019-01-08 13:32:34 +01:00
Ondrej Kozina
c494eb94f4 Add LUKS2 refresh test. 
Test refresh doesn't affect device vk.
 2019-01-07 15:52:03 +01:00
Milan Broz
5f173e9357 Fix allocating of LUKS header on format. 
Fixes #431.
 2019-01-07 13:07:46 +01:00
Milan Broz
307a7ad077 Add keyslot encryption params. 
This patch makes available LUKS2 per-keyslot encryption settings to user.

In LUKS2, keyslot can use different encryption that data.

We can use new crypt_keyslot_get_encryption and crypt_keyslot_set_encryption
API calls to set/get this encryption.

For cryptsetup new --keyslot-cipher and --keyslot-key-size options are added.

The default keyslot encryption algorithm (if cannot be derived from data encryption)
is now available as configure options (default is aes-xts-plain64 with 512-bits key).
NOTE: default was increased from 256-bits.
 2019-01-07 13:07:46 +01:00
Milan Broz
d064c625f4 Fix reencryption test to use more context lines to parse parameters. 2019-01-07 13:07:45 +01:00
Milan Broz
267bf01259 Add crypt_get_pbkdf_type_params() API. 
This function allows get default (compiled-in) PBKDF parameters
per every algorithm.

Fixes #397.
 2019-01-03 14:13:01 +01:00
Ondrej Kozina
7362b14d41 Extend device-test with refresh actions. 2019-01-01 21:42:46 +01:00
Ondrej Kozina
77d7babf92 Add new crypt_resize tests. 2019-01-01 21:42:46 +01:00
Ondrej Kozina
545b347ca5 Add api test for CRYPT_ACTIVATE_REFRESH flag. 2019-01-01 21:42:46 +01:00
Milan Broz
ec07927b55 Add cryptsetup options for LUKS2 header size settings. 
Also print these area sizes in dump command.

NOTE: since now, the metadata area size in dump command contains
mandatory 4k binary section (to be aligned with API definition).
 2018-12-12 14:51:40 +01:00
Milan Broz
41c7e4fe87 Remove incorrect parameter in crypt_reload test. 2018-12-12 12:28:42 +01:00
Milan Broz
217cd0f5e9 Do not use dd for JSON metadata tests. 
This should fix random testsuite failures.
 2018-12-12 11:51:44 +01:00
Milan Broz
fd02dca60e Add crypt_set_metadata_size / crypt_get_metadata_size API. 2018-12-11 21:59:59 +01:00
Milan Broz
2a1d58ed22 Check data device offset if it fits data device size in luksFormat. 2018-12-11 21:59:49 +01:00
Milan Broz
7d8003da46 cryptsetup: add support for --offset option to luksFormat. 
This option can replace --align-payload with absolute alignment value.
 2018-12-06 14:22:18 +01:00
Milan Broz
03edcd2bfd Add crypt_set_data_offset API function. 
The crypt_set_data_offset sets the data offset for LUKS and LUKS2 devices
to specified value in 512-byte sectors.

This value should replace alignment calculation in LUKS param structures.
 2018-12-06 11:10:21 +01:00
Milan Broz
a9d3f48372 Fix metadata test log message. 2018-12-05 19:46:28 +01:00