eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-15 12:50:06 +01:00
Code Issues Packages Projects Releases Wiki Activity
2,537 Commits 15 Branches 79 Tags
e6a356974330e3ae21579a5737976e9a2aad1b51
Commit Graph

556 Commits

Author SHA1 Message Date
Milan Broz
316ec5b398 integrity: support detached data device. 
Since the kernel 4.18 there is a possibility to speficy external
data device for dm-integrity that stores all integrity tags.

The new option --data-device in integritysetup uses this feature.
 2018-12-05 19:42:31 +01:00
Milan Broz
d06defd885 Add automatic recalculation to dm-integrity. 
Linux kernel since version 4.18 supports automatic background
recalculation of integrity tags for dm-integrity.

This patch adds new integritysetup --integrity-recalculate options
that uses this option.
 2018-12-05 14:53:17 +01:00
Milan Broz
0fed68dd16 Introduce crypt_init_data_device and crypt_get_metadata_device_name. 
For some formats we need to separate metadata and data device before
format is called.
 2018-12-05 12:33:16 +01:00
Milan Broz
9cbd36163c Fix various gcc compiler warnings in tests. 2018-12-03 13:47:43 +01:00
Ondrej Kozina
3ed404e5bb Add validation tests for non-default metadata. 2018-12-02 18:56:59 +01:00
Ondrej Kozina
4b64ffc365 Update LUKS2 test images. 
- update test images for validation fixes
  from previous commits

- erase leftover json data in between secondary
  header and keyslot areas.
 2018-11-29 13:32:02 +01:00
Ondrej Kozina
3136226134 Test cryptsetup can handle all LUKS2 metadata variants. 
following tests:

add keyslot
test passphrase
unlock device
store token in metadata
read token from metadata
 2018-11-27 16:56:57 +01:00
Ondrej Kozina
5a7535c513 Add LUKS2 metadata test images. 
Test archive contains images with all supported
LUKS2 metadata size configurations. There's
one active keyslot 0 in every image that can be
unlocked with following passphrase (ignore
quotation marks): "Qx3qn46vq0v"
 2018-11-27 16:54:51 +01:00
Ondrej Kozina
024b5310fa Add validation tests for non-default json area size. 
Test both primary and secondary header validation tests
with non-default LUKS2 json area size.

Check validation rejects config.keyslots_size with zero value.

Check validation rejects mismatching values for metadata size
set in binary header and in config json section.
 2018-11-26 16:28:07 +01:00
Ondrej Kozina
177cb8bbe1 Extend baseline LUKS2 validation image to 16 MiBs. 2018-11-26 16:28:01 +01:00
Ondrej Kozina
35f137df35 Move some validation tests in new section. 2018-11-26 16:27:52 +01:00
Milan Broz
dfe61cbe9c Fix sector-size tests for older kernels. 2018-11-24 20:10:03 +01:00
Milan Broz
18c9210342 Check for device size and sector size misalignment. 
Kernel prevents activation of device that is not aligned
to requested sector size.

Add early check to plain and LUKS2 formats to disallow
creation of such a device.
(Activation will fail in kernel later anyway.)

Fixes #390.
 2018-11-24 18:53:46 +01:00
Milan Broz
1167e6b86f Add support for Adiantum cipher mode. 2018-11-23 21:03:02 +01:00
Milan Broz
2300c692b8 Check hash value in pbkdf setting early. 2018-11-22 15:51:10 +01:00
Milan Broz
493e8580d6 Log all debug messages through log callback. 
This cahnge allow to redirect all output of library
to a log processor.
 2018-11-07 10:17:51 +01:00
Milan Broz
16309544ac Fix ext4 image to work without CONFIG_LBDAF. 2018-11-05 12:00:01 +01:00
Milan Broz
7213d5a76b Fix verbose message about key removal in luksKillSlot,luksErase and luksKremoveKey. 
The crypt_keyslot_destroy() does not return keyslot number,
so return value 0 was always used as a keyslot reference.
 2018-10-27 17:44:38 +02:00
Milan Broz
202aeece3c Fix test module inclusion in tarball. 2018-10-14 20:54:06 +02:00
Milan Broz
a46733e701 Reintroduce error message if LUKS device is not detected. 
Older cryptsetup printed this message through library,
later it disappeared even in cryptsetup binary.
 2018-10-13 10:13:29 +02:00
Ondrej Kozina
61305a50c1 Add delay=0 parameter to scsi_debug in all tests. 
Speed up tests significantly.
 2018-10-11 16:21:36 +02:00
Ondrej Kozina
a771460dbd Add validation tests for optional segment flags section. 2018-10-11 11:55:26 +02:00
Ondrej Kozina
37e0150f70 Do not use fallocate in blockwise tests. 
fs driver may skip some sanity checks if it's aware the content
of file is uninitialized.

Fixes warnings for xfs in kernel 4.19+
 2018-10-04 11:20:03 +02:00
Milan Broz
294e4cbcb7 Fix tcrypt test on very old distros. 2018-10-02 13:56:57 +02:00
Milan Broz
952716afe1 Report versions in test run. 2018-10-02 13:46:03 +02:00
Milan Broz
24aba9a514 tcrypt: Support additional Veracrypt modes. 
Add support for Camellia and Kuznyechik ciphers and Streebog hash functions,
introduced in recent Veracrypt.

Note, that Kuznyechik requires out-of-tree kernel module and Streebog
hash function is available only with gcrypt backend.
 2018-10-02 10:47:38 +02:00
Milan Broz
0b10d877b0 Some more gcc warnings fixes. 2018-09-29 17:32:33 +02:00
Milan Broz
506f3f7b57 Decrease memory limit for pbkdf test. 2018-09-26 10:48:31 +02:00
Ondrej Kozina
cd1c36ef94 Allow passphrase change for unbound keyslots. 
Also fixes small typo in API.

Fixes #409.
 2018-09-25 13:13:31 +02:00
Ondrej Kozina
ee689d88b4 Add blkid scan when attemting to open plain device. 
Warn user about existing device signatures on candidate ciphertext
device and prompt for action confirmation.

Fixes #411.
 2018-09-25 13:13:18 +02:00
Ondrej Kozina
114356ad2e Properly load new device context after header restore. 2018-09-25 08:53:26 +02:00
Milan Broz
3f73d448f3 Retry temporary device removal in align test. 2018-09-10 15:53:27 +02:00
Milan Broz
a1b606803f Fix HMAC vector test exit value. 2018-09-05 14:38:16 +02:00
Michal Virgovič
b2c7b40568 Add test vectors for HMAC - sha1, sha256, sha512. 2018-09-05 14:17:25 +02:00
Milan Broz
f1d5b94762 Run API tests without verbose flag by default. 
And rename some tests.
 2018-08-10 12:36:15 +02:00
Ondrej Kozina
6fc2e7c774 Skip pbkdf benchmark in align-test (test speedup). 2018-08-10 08:20:00 +02:00
Ondrej Kozina
3b39c1d1ef Fix data alignment test in compat-test2. 
Alignment should not expected failure when --align-payload is not
aligned to encryption sector size.
 2018-08-10 08:19:49 +02:00
Ondrej Kozina
5a3e4abf71 Add basic LUKS2 align test. 2018-08-10 08:19:38 +02:00
Milan Broz
0270fc66a1 Fix align test. 
Seems that the forced alignment value was never properly used...
 2018-08-09 13:53:48 +02:00
Ondrej Kozina
5b5a64361f Update blockwise-compat test. 
Issue warning in case of failure with file-systems based
tests.

Mute the test so that it prints out messages only for 'warning'
and 'fail' results.
 2018-08-08 21:48:10 +02:00
Milan Broz
26f6d1cb10 Create --master-key-file in luksDump and fail if file already exists. 
For some reason the volume key file have to exists.

Let's change the logic to the same as for luksBackupHeader
(a file is created and operation fails if it already exists).
 2018-08-08 14:32:15 +02:00
Ondrej Kozina
f87eb1668a Allow compat-test2 to run with larger LUKS2 header size. 2018-08-08 12:55:29 +02:00
Milan Broz
3114abfd55 Remove not needed -Z option from diff that is not present on older systems. 2018-08-08 10:43:03 +02:00
Ondrej Kozina
5a94cff91e Do not fail device-test with larger LUKS2 header. 2018-08-08 10:13:40 +02:00
Milan Broz
0e7b068061 Add sector-size & payload align test. 2018-08-08 08:45:26 +02:00
Ondrej Kozina
b30ba41d6a Fix typo in blockwise-compat test. 2018-08-08 07:44:07 +02:00
Ondrej Kozina
a0bf790892 Fix FAST_PBKDF typos in LUKS2 reencrypt tests. 2018-08-08 07:43:56 +02:00
Ondrej Kozina
caefc4eb8e Add basic test for token import and export. 2018-08-08 07:42:58 +02:00
Milan Broz
7aaf1eeb1b Fix bz2->xz untar api-test option. 2018-08-06 15:16:39 +02:00
Milan Broz
e53fe70668 Use only xz archives in tests. 
Bzip2 is sometimesmissing and we use xz already.

Seems xz produces slightly larger archives (despite the best mode)
but it is not worth to keep bz2 here.
 2018-08-06 13:48:54 +02:00