eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-11 19:00:02 +01:00
Code Issues Packages Projects Releases Wiki Activity
3,706 Commits 15 Branches 78 Tags
e96588b8b54e3fd7ebd0bf1bd2e65207643aaf80
Commit Graph

3706 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Milan Broz
e96588b8b5 Check and allocate header early so wipe fails only for IO errors. 
The device_check is done in header write functions,
but these are not recached in normal format path as wipe call
is called earlier.

Call the device check also from wipe function to get better error
description.

This situation happens for example when a block device is too small
(regular file can be enlarged by falloc(); block device cannot).
 2022-11-18 13:03:52 +00:00
Milan Broz
c31494abc6 Print warning early if LUKS container is too small for activation. 
Activation with header only fails too late (in device-mapper
call) while it is clear from the beginning that it cannot succeed.

Just add an early and better worded error.

Ignore this situation for block device (we have to call ioctl to get size).
The most common case is a file container here anyway.

For block devices it fails during activation later.
 2022-11-18 13:03:52 +00:00
Milan Broz
819902a33a Add a better warning if luksFormat ends with image without any space for data. 
Header write can call falloc() to increase image size, so we should
check data offset after header is written.

Also change wording to be less cryptic and describe what is the real problem.

Note that the code can be used this way to crate detached header (without
space for data), so it is not an error.
 2022-11-18 13:03:52 +00:00
Daniel Zatovic
395beb635c Speed up tests using faster hash and PBKDF options. 
Use faster SHA1 instead of SHA256 in reencryption test and pass fast
PBKDF options in mode-test.
 2022-11-18 11:08:31 +00:00
Ondrej Kozina
81c56a8395 Move assert include in internal header files. 2022-11-16 16:54:33 +01:00
Milan Broz
3333f3e9bb Fix some warning detected by Coverity. 
The FVAULT2 block is always 8192 bytes (for CRC), but used
struct is smaller. Let's not confuse struct size with whole block.
 2022-11-15 10:47:22 +01:00
Milan Broz
b086430877 fvault2: Move messages to debug level and add more debug log. 2022-11-14 21:50:18 +01:00
Milan Broz
01f3f3e66c fvault2: volume size can be unsigned 64bit 2022-11-14 21:50:18 +01:00
Milan Broz
e37d8bdf91 fvault2: harden device offset check 
Check if value overflows and do not allow reading
metadata block exceeding fixed offset.
 2022-11-14 21:50:18 +01:00
Milan Broz
8b4a5e5931 fvault2: some more code cleanup. 2022-11-14 21:50:18 +01:00
Milan Broz
33d8d19408 fvault2: passphr -> passphrase 2022-11-14 21:50:18 +01:00
Milan Broz
9bb98d49c0 fvault2: some minor code reformatting changes. 2022-11-14 21:50:18 +01:00
Pavel Tobias
1c5fd5ae10 Fvault2: add basic error logs 2022-11-14 21:50:18 +01:00
Milan Broz
3d1b965c46 fvault2: fix --test-passphrase option 2022-11-14 21:50:18 +01:00
Milan Broz
2770273582 fvault2: test volume key dump 2022-11-14 21:50:18 +01:00
Milan Broz
f6b6e41951 fvault2: Add a basic man page. 2022-11-14 21:50:18 +01:00
Milan Broz
03059fae75 tests: add valgrind support to fvault2 test. 2022-11-14 21:50:18 +01:00
Pavel Tobias
ba9757b14b Fvault2: add basic test 2022-11-14 21:50:18 +01:00
Pavel Tobias
cd5bd1c773 Fvault2: store UUIDs in text format 2022-11-14 21:50:18 +01:00
Vojtech Trefny
a5c7bba6ee Add missing support for fvault2 commands 2022-11-14 21:50:18 +01:00
Vojtech Trefny
4bce6d5962 Show error when trying to run fvault2Dump on a non-fvault device 2022-11-14 21:50:18 +01:00
Pavel Tobias
cb9deaf354 Fvault2: implement open 2022-11-14 21:50:18 +01:00
Pavel Tobias
0ce5de9c1c Fvault2: implement dump 2022-11-14 21:50:18 +01:00
Pavel Tobias
35071c6d50 Fvault2: derive volume key 2022-11-14 21:50:18 +01:00
Pavel Tobias
af6ea01997 Fvault2: read all relevant metadata from device 2022-11-14 21:50:18 +01:00
Pavel Tobias
1d5d6d73a5 Add support for CRC-32C (Castagnoli polynomial) to lib/crypto_backend 2022-11-14 21:50:18 +01:00
Pavel Tobias
1ffc9d967c Fvault2: prepare module in libcryptsetup 2022-11-14 21:50:18 +01:00
Milan Broz
1f4c7a83f9 Annotate some functions to prevent Coverity tainted input error. 
These errors are really annoying, just silence them.
 2022-11-14 13:05:04 +00:00
Milan Broz
f312ba6256 Fix json_object_copy return value check. 
Reported by Coverity scan.
 2022-11-14 13:05:04 +00:00
Milan Broz
5186f49613 tests: fix compilation warnings with C18 
Fix the function prototype and define GNU source definition to get strdup().
 2022-11-13 19:40:50 +01:00
Milan Broz
616d3cd493 tests: do not require whirlpool hash for LUKS1 test 
Just remove unsupported images before test and continue.
 2022-11-13 19:40:48 +01:00
Milan Broz
cd2e22cb87 tests: rename systemd plugin test 
So the logic works the same as ssh-test-plugin.
 2022-11-13 19:40:45 +01:00
Milan Broz
54073ef65f tests: do not run api tests twice in valgrind run. 
These are run already just few lines above :)
 2022-11-13 19:40:31 +01:00
Milan Broz
3e7c1e46fd tests: add source file dependence for fake tokens 2022-11-08 14:19:19 +01:00
Milan Broz
ea05e4307e tests: check that *.so token helpers are compiled. 2022-11-08 14:19:15 +01:00
Milan Broz
f35b9cc99b tests: do not use global CFLAGS for fake token helper. 
Dynamic librarties cannot be linked with sanitizers this way,
just ignore CFLAGS here.
 2022-11-08 14:19:11 +01:00
Milan Broz
d4888fba86 tests: compile fake_systemd_tpm_path.so through Makefile 
Also fix Makefile to include source in make dist.

Note: we must not use CFLAGS there because possible sanitizers
use will make the loaded library unusable in LD_PRELOAD.
 2022-11-08 14:19:04 +01:00
Milan Broz
f9e778a2cd luks2: fix warning undefined shift 
Explicitly set uint32_t for shift, found by clang undefined
sanitizer.
Undefine shift cannot happen in reality, though.
 2022-11-07 17:30:14 +00:00
Milan Broz
69025faa24 tests: Remove stray \" in grep expression. 2022-11-07 17:30:14 +00:00
Milan Broz
871000fa05 Fix a memory leak in crypt_keyslot_add_by_key. 
Found by clang address sanitizer.

Also rename the variable - i's no longer a bare pointer,
the vk also owns the memory [okozina].
 2022-11-07 17:30:14 +00:00
Milan Broz
cb53c643c2 CI: fix Debian build as pkfconf and pkg-config cannot co-exit. 
Install pkgconf that is more recent and provides pkg-config too.
 2022-11-04 20:28:08 +01:00
daniel.zatovic
f771f9a694 CI: install dependencies when running systemd test 
Also update Debian to version 11.
 2022-11-04 11:00:31 +01:00
daniel.zatovic
9009a2de26 CI: disable systemd tests on unsupported distributions 2022-11-04 11:00:31 +01:00
daniel.zatovic
6a279e21c9 Link compiled systemd to local libcryptsetup. 2022-11-04 11:00:31 +01:00
Christoph Anton Mitterer
124367f365 Add howto for converting printed to raw volume key 
Signed-off-by: Christoph Anton Mitterer <mail@christoph.anton.mitterer.name>
 2022-11-03 18:40:20 +00:00
Ondrej Kozina
55c39d7d16 Port crypt_volume_key_get internals to keyslot context variant. 2022-11-03 15:56:37 +01:00
Ondrej Kozina
f7e2ed956b Add crypt_volume_key_get_by_keyslot_context. 
Extends avaiable methods for retrieving device volume key.
The volume key now may be extracted using passphrase, keyfile
(passphrase in a file) or token (LUKS2 only).

For LUKS devices, it returns generated volume key after
sucessfull crypt_format where new volume key got generated.

Fixes: #777.
 2022-11-03 15:56:37 +01:00
Ondrej Kozina
0e6264c53c Do not cache volume key in keyslot context. 
First, there was a bug where passphrase based
keyslot contextets did not cache volume keys
properly and caused leaks.

Second, it causes problems when keyslot context
is used twice with different keyslot id, e.g.:
CRYPT_ANY_SLOT vs specific id, unbound key vs
volume key, etc.
 2022-11-02 12:22:25 +01:00
Ondrej Kozina
01c16111d7 Fix copy/paste mistakes in API docs. 2022-11-02 09:49:49 +01:00
daniel.zatovic
49ab658c9c CI: build and run fuzzers only conditionally 2022-10-31 20:47:23 +00:00