eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-11 19:00:02 +01:00
Code Issues Packages Projects Releases Wiki Activity
3,706 Commits 15 Branches 78 Tags
e96588b8b54e3fd7ebd0bf1bd2e65207643aaf80
Commit Graph

75 Commits

Author SHA1 Message Date
Ondrej Kozina
81c56a8395 Move assert include in internal header files. 2022-11-16 16:54:33 +01:00
Milan Broz
f9e778a2cd luks2: fix warning undefined shift 
Explicitly set uint32_t for shift, found by clang undefined
sanitizer.
Undefine shift cannot happen in reality, though.
 2022-11-07 17:30:14 +00:00
Milan Broz
82b56300cd Wrap some very long lines. 2022-10-01 22:35:57 +02:00
Ondrej Kozina
b867f0b578 Add new API for adding new LUKS keyslots. 
The crypt_keyslot_add_by_keyslot_context & associated
helper functions allow more options when adding new
keyslot. For example there was no simple way of
adding new LUKS2 keyslot when the only active keyslot
could be unlocked by passphrase (KEK) provided by LUKS2 token
(plugin). Now all available options for unlocking keyslots
may also be used when creating new keyslot and it combine
as called needs.

The available methods (keyslot contexts) are:
passphrase, keyfile, key (binary representation) and LUSK2 token.
 2022-09-21 17:36:28 +02:00
Ondrej Kozina
0397cac878 Abort assigning tokens with invalid parameters earlier. 2022-09-16 13:30:39 +02:00
Guilhem Moulin
3106b4e2c1 More typo and spelling fixes. 
Reported by `git ls-tree -rz --name-only | grep -Evz -e '\.(pdf|xz)$' -e
^po/ | xargs -r0 spellintian --`.  All changes are
documentation-related (comments, manuals, etc.) except for s/fial/fail/
in tests/unit-wipe-test.

The remaining entry are AFAICT all false positives, mostly annotations
such as `@param name name of xyz` or `struct foo foo`:

	$ git ls-tree -rz HEAD --name-only | grep -Evz -e '\.(pdf|xz)$' -e ^po/ | xargs -r0 spellintian --
	COPYING.LGPL: "GNU Library Public License" -> "GNU Library General Public License"
	autogen.sh: echo echo (duplicate word) -> echo
	configure.ac: fi fi (duplicate word) -> fi
	docs/v1.7.2-ReleaseNotes: option option (duplicate word) -> option
	lib/crypto_backend/cipher_check.c: block block (duplicate word) -> block
	lib/libcryptsetup.h: name name (duplicate word) -> name
	lib/libcryptsetup.h: type type (duplicate word) -> type
	lib/libcryptsetup.h: passphrase passphrase (duplicate word) -> passphrase
	lib/libcryptsetup.h: flags flags (duplicate word) -> flags
	lib/libcryptsetup.h: password password (duplicate word) -> password
	lib/libcryptsetup.h: salt salt (duplicate word) -> salt
	lib/libcryptsetup.h: keyslot keyslot (duplicate word) -> keyslot
	lib/libcryptsetup.h: priority priority (duplicate word) -> priority
	lib/libcryptsetup.h: offset offset (duplicate word) -> offset
	lib/libcryptsetup.h: length length (duplicate word) -> length
	lib/libcryptsetup.h: keyfile keyfile (duplicate word) -> keyfile
	lib/libcryptsetup.h: token token (duplicate word) -> token
	lib/libcryptsetup.h: cipher cipher (duplicate word) -> cipher
	lib/libcryptsetup.h: size size (duplicate word) -> size
	lib/luks2/luks2_json_metadata.c: long long (duplicate word) -> long
	lib/luks2/luks2_keyslot_luks2.c: AFEKSize AFEKSize (duplicate word) -> AFEKSize
	lib/luks2/luks2_reencrypt.c: alignment alignment (duplicate word) -> alignment
	lib/luks2/luks2_reencrypt_digest.c: ptr ptr (duplicate word) -> ptr
	lib/luks2/luks2_reencrypt_digest.c: buffer buffer (duplicate word) -> buffer
	lib/luks2/luks2_segment.c: min min (duplicate word) -> min
	lib/verity/verity_fec.c: blocks blocks (duplicate word) -> blocks
	man/cryptsetup.8.adoc: LUKS LUKS (duplicate word) -> LUKS
	scripts/cryptsetup.conf.in: root root (duplicate word) -> root
	src/Makemodule.am: endif endif (duplicate word) -> endif
	src/cryptsetup.c: long long (duplicate word) -> long
	src/utils_args.c: long long (duplicate word) -> long
	tests/compat-test2: fi fi (duplicate word) -> fi
	tests/device-test: echo echo (duplicate word) -> echo
	tests/differ.c: long long (duplicate word) -> long
	tests/loopaes-test: done done (duplicate word) -> done
	tests/luks2-integrity-test: aead aead (duplicate word) -> aead
	tests/luks2-reencryption-test: fi fi (duplicate word) -> fi
	tests/mode-test: done done (duplicate word) -> done
	tests/password-hash-test: cat cat (duplicate word) -> cat
	tests/password-hash-test: fi fi (duplicate word) -> fi
	tests/unit-wipe.c: long long (duplicate word) -> long
	tests/verity-compat-test: done done (duplicate word) -> done
	tests/verity-compat-test: fi fi (duplicate word) -> fi
	tokens/ssh/cryptsetup-ssh.c: argp argp (duplicate word) -> argp
	tokens/ssh/cryptsetup-ssh.c: arguments arguments (duplicate word) -> arguments

(Treated COPYING.LGPL as a false positive too since it's the exact text
from https://www.gnu.org/licenses/old-licenses/lgpl-2.1.html .)
 2022-07-15 16:35:02 +02:00
Ondrej Kozina
416f1343fe Split LUKS2_activate_by_token. 2022-02-04 13:32:45 +01:00
Milan Broz
ab975bc1c4 Update copyright year. 
And unify format in several places.
 2022-01-29 10:43:02 +01:00
Ondrej Kozina
230b80404d Remove parameters annotated by __attribute__((unused)). 
Attribute unused is useless and makes code imcomprehensible
when decorates internal functions not exposed via API.

Let's cleanup internal funtion prototypes whenever possible.
 2022-01-28 17:27:00 +00:00
Hector Martin
a1b577c085 Do not attempt to unload external tokens if USE_EXTERNAL_TOKENS is disabled. 
This allows building a static binary as long as --disable-external-tokens is used
 2021-09-17 05:44:18 +00:00
Milan Broz
5f2c751dd8 Use dlsym() for token load if dlvsym() is not available. 
To be discussed. Anyway, we need to support distros with musl...
 2021-08-25 13:39:07 +02:00
Guilhem Moulin
6a14f52e5d Fix minor spelling errors. 
(Found by Lintian.)
 2021-07-30 02:56:38 +02:00
Ondrej Kozina
796b901912 Do not retry tokens that already returned -ENOANO. 
In token based activation loop (token_id == CRYPT_ANY_TOKEN)
we do not want retry tokens that already returned -ENOANO (wrong pin)
once.
 2021-07-26 14:10:08 +02:00
Ondrej Kozina
c6ff9f8bd7 Respect keyslot priority with token based activation. 
crypt_activate_by_token functions did not respect LUKS2 keyslot
priorities. These calls were able to activate device via keyslot with
CRYPT_SLOT_PRIORITY_IGNORE even when token was set to
CRYPT_ANY_TOKEN. This commit changes the token based activation
so that keyslot with priority ignore is eligible for unlock only
when specific token is selected. Also when activating with token
set to CRYPT_ANY_TOKEN keyslots with higher priority take precedence
over keyslots with normal priority. Keyslot with priority ignore are
correctly ignored when token is CRYPT_ANY_TOKEN.
 2021-07-22 13:55:22 +02:00
Ondrej Kozina
4654e6f578 Add best effort try-loop for token based activation. 
The loop is run only when token id in any of crypt_activate_by_token*
calls is set to CRYPT_ANY_TOKEN.
 2021-07-22 13:55:19 +02:00
Ondrej Kozina
2cf38465c4 Change default error returned by token open. 
It has to be -ENOENT since -EPERM would wrongly
implied the token provided wrong keyslot passphrase.
 2021-07-22 13:47:40 +02:00
Ondrej Kozina
3428296186 Improve debug logs for external token handling. 2021-07-22 13:47:40 +02:00
Ondrej Kozina
6633fa626a Remove unused crypt_token_external_support. 
API can expose same information with crypt_token_external_path.

Also add print out of external token in cryptsetup --help action
(if enabled)
 2021-06-29 14:13:37 +00:00
Ondrej Kozina
aea841eeb0 Add crypt_token_external_path. 2021-06-26 22:08:45 +02:00
Ondrej Kozina
5b9e98f941 Change external token handlers (plugins) default location. 
Search for token handlers in %{libdir}/cryptsetup directory
by default. Distros may change default location via
--with-luks2-external-tokens-path parameter during configuration.
 2021-06-24 12:54:13 +02:00
Milan Broz
df5e54545e Add API and CLI option to disable token plugins. 
This could be useful for debugging external plugins
or ot intentionally disable loading of a token library.
 2021-06-13 23:22:44 +02:00
Milan Broz
4cdd826282 Check exit value for snprintf where it makes sense. 2021-05-18 22:07:47 +02:00
Ondrej Kozina
db44e9de22 Add api exposing external token handlers support. 2021-05-12 14:32:54 +02:00
Ondrej Kozina
c40be6cc7a Replace condition with assert for obvious coding mistake. 2021-04-15 21:43:31 +02:00
Ondrej Kozina
b047b8ae20 Improvements to error code handling during token based activation. 2021-04-15 21:43:31 +02:00
Ondrej Kozina
e9434dc9e3 Check tokens are eligible for unlocking segment keyslots. 
Defer token handler load and token unlock after check token
is assigned to keyslot containing proper data segment volume key.
 2021-04-15 21:43:30 +02:00
Ondrej Kozina
c6149c9cd8 Do not search/load token handler when not needed. 2021-04-15 21:41:09 +02:00
Ondrej Kozina
8f2b23cd94 Refactor LUKS2 token activation. 
Replace LUKS2_token_open_and_activate and
LUKS2_token_open_and_activavate_any with single function
instead.
 2021-04-15 21:41:06 +02:00
Ondrej Kozina
96d83455ca Add API for activating device by specific token type. 2021-03-19 15:26:35 +01:00
Ondrej Kozina
36805b3cfe Allow dash and underscore chars in external token names. 
Current alphabet for external token types is alphanumeric
characters including '-' and '_'. Empty strings are also
forbiden.
 2021-03-19 15:26:35 +01:00
Ondrej Kozina
5d0a11a21b Add pin size parameter in crypt_active_by_pin_token. 
Well, after all it really should have supported binary data
of arbitrary length.
 2021-03-18 18:06:13 +01:00
Milan Broz
2e4a3a9888 Remove unnecessary goto from token load. 2021-02-17 10:03:18 +01:00
Ondrej Kozina
bc7511762f Do not upload vk in keyring for cipher_null segment. 
It does not make sense to upload volume keys in
kernel keyring if segment cipher is cipher_null.
The real volume_key is thrown away and replaced
with empty key anyway.
 2021-02-16 18:08:35 +01:00
Milan Broz
4471452105 Remove some stale FIXME markings. 2021-02-11 11:12:11 +00:00
Milan Broz
d703301fe8 Mark or remove unused parameters. 
Mark unused parameters with proper attribute where it is a part
of API or some internal logic.

And remove other unused parameters completely.
 2021-02-11 11:12:11 +00:00
Ondrej Kozina
fa84d60586 Fix crypt_keyslot_change_by_passphrase tokens bug. 
crypt_keyslot_change_by_passphrase broke token references
to keyslots while existing keyslot id was different from
new keyslot id.
 2021-01-29 18:17:53 +01:00
Ondrej Kozina
6df3488654 Add token handler version function prototype. 
Dynamicaly loaded token handlers should provide
version string for debug purposes.
 2021-01-26 12:41:37 +01:00
Ondrej Kozina
10e4d8fbac Make crypt_activate_by_pin_token addition backward compatible. 
The crypt_activate_by_pin_token may be used only from new
dynamicly loadable token plugins.

Also refactors code for dynamically loadable plugins so
that it does not use crypt_token_handler structure anymore.

Old structure remains used only in crypt_token_register call.
 2021-01-26 12:41:37 +01:00
Ondrej Kozina
81c44b5eee Remove crypt_token_load from API. 2021-01-26 12:41:37 +01:00
Milan Broz
d1d9dd8e20 Update Copyright year. 2021-01-25 22:00:25 +01:00
lixiaokeng
ad7d16a1b4 lib: fix potential segfault in LUKS2_token_buffer_free 
The value of h may be NULL. Check it vefore visiting its
memeber to avoid segfault.

Signed-off-by: Lixiaokeng <lixiaokeng@huawei.com>
Signed-off-by: Linfeilong <linfeilong@huawei.com>
 2020-11-09 09:57:21 +08:00
Ondrej Kozina
c4b7bf8635 Add optional context parameter in crypt_token_load. 2020-08-15 10:15:17 +02:00
Milan Broz
2ce8573f04 Add PIN processing to tokens. 2020-08-15 10:10:40 +02:00
Milan Broz
cb183de1da Add configure option for LUKS2 external tokens lib. 
This is an experimental extension that is disabled for now.
 2020-08-11 17:59:51 +02:00
Ondrej Kozina
c9ff83bfa3 Implement external tokens unload. 2020-08-11 17:36:26 +02:00
Ondrej Kozina
05c997da1f Store dynamic plugin handle. 
For use later when unloading cryptsetup library.
 2020-08-11 17:36:22 +02:00
Ondrej Kozina
f677bdc12f Fix few bugs in previous commit. 
- crypt_token_register must not be called from withing crypt_token_load
(see later commits)

- minor bug in dlvsym/dlerror handling

- check for overflow in LUKS2_token_handler_type
 2020-08-11 17:36:15 +02:00
Milan Broz
2178461c89 Add external token load. 
(just very minor fixes by okozina to compile w/ previous commit)
 2020-08-11 17:36:11 +02:00
Ondrej Kozina
d438151f25 Partially revert few changes. 2020-08-09 13:17:54 +02:00
Milan Broz
7d475266b6 Simplify internal tokens handling. 2020-08-09 13:17:40 +02:00