eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2026-01-06 15:35:29 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,888 Commits 15 Branches 81 Tags
efeada291a65ef037e8ac2e2daefb7cbc7888372
Commit Graph

1888 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Milan Broz
efeada291a Fix unsigned return value. 2018-11-25 14:29:09 +01:00
Milan Broz
fb6935385c Properly propagate error from AF diffuse function. 2018-11-25 14:28:31 +01:00
Milan Broz
599748bc9f Check hash value in pbkdf setting early. 2018-11-25 14:27:59 +01:00
Milan Broz
d0d507e325 Fallback to default keyslot algorithm if backend does not know the cipher. 2018-11-25 14:27:37 +01:00
Ondrej Kozina
7d8f64fe21 Remove unused crypt_dm_active_device member. 2018-11-25 14:27:11 +01:00
Ondrej Kozina
a52dbc43d3 Secondary header offset must match header size. 2018-11-25 14:26:53 +01:00
Ondrej Kozina
7df458b74e Check json size matches value from binary LUKS2 header. 
We have max json area length parameter stored twice. In
LUKS2 binary header and in json metadata. Those two values
must match.
 2018-11-25 14:26:38 +01:00
Ondrej Kozina
bcd7527938 Change max json area length type to unsigned. 
We use uint64_t for max json length everywhere else
including config.json_size field in LUKS2 metadata.

Also renames some misleading parameter names.
 2018-11-25 14:26:23 +01:00
Ondrej Kozina
e7141383e3 Enable all supported metadata sizes in LUKS2 validation code. 
LUKS2 specification allows various size of LUKS2 metadata.
The single metadata instance is composed of LUKS2 binary header
(4096 bytes) and immediately following json area. The resulting
assembled metadata size have to be one of following values,
all in KiB:

16, 32, 64, 128, 256, 512, 1024, 2048 or 4096
 2018-11-25 14:25:59 +01:00
Milan Broz
cd968551d6 Add workaround for benchmarking Adiantum cipher. 2018-11-25 14:24:37 +01:00
Milan Broz
6a3e585141 Fix ext4 image to work without CONFIG_LBDAF. 2018-11-25 14:24:02 +01:00
Milan Broz
6f48bdf9e5 Add branch v2_0_x to Travis. 2018-11-19 13:26:41 +01:00
Milan Broz
517b5da67a Version 2.0.5. v2.0.5 2018-10-28 15:30:25 +01:00
Milan Broz
98460af44f Update LUKS2 docs. 2018-10-28 15:27:55 +01:00
Milan Broz
7213d5a76b Fix verbose message about key removal in luksKillSlot,luksErase and luksKremoveKey. 
The crypt_keyslot_destroy() does not return keyslot number,
so return value 0 was always used as a keyslot reference.
 2018-10-27 17:44:38 +02:00
Ondrej Kozina
bb29c5b322 Update man section describing convert command. 
Fixes #414.
 2018-10-26 10:07:41 +02:00
Milan Broz
58ad7bae48 Add 2.0.5 release notes. 2018-10-22 12:23:54 +02:00
Milan Broz
82a3480b12 Update po files. 2018-10-21 12:30:34 +02:00
Ondrej Kozina
c00811a846 Run LUKS2 validation code before header areas wiping. 
Also drops redundant checks peformed in general validation code.
 2018-10-18 08:48:48 +02:00
Milan Broz
27eaf46c8a Fix issues found by Coverity scan. 
- possible overflow of data offset calculation in wipe and
- dereferencing of pointer in a keyring error path.
 2018-10-14 21:50:06 +02:00
Milan Broz
202aeece3c Fix test module inclusion in tarball. 2018-10-14 20:54:06 +02:00
Milan Broz
825fc895dc Fix some signed/unsigned comparison warnings. 2018-10-14 20:36:45 +02:00
Milan Broz
a74aecedf1 Set devel version. 2018-10-14 20:24:34 +02:00
Milan Broz
fa1f63bcd0 Update po files. 2018-10-14 20:23:32 +02:00
Milan Broz
c2bce3e93e Wipe full header areas (including unused) during LUKS format. 
All previous version of cryptsetup wiped only first 4k for LUKS1
and both JSON areas for LUKS2 (first 32k) and the allocated
keyslot area (as it contained the generated key).

Remaining areas (unused keyslots, padding, and alignment) were
not wiped and could contain some previous data.

Since this commit, the whole area up to the data offset is zeroed,
and subsequently, all keyslots areas are wiped with random data.

Only exceptions are
 - padding/alignment areas for detached header
   if the data offset is set to 0
 - bogus LUKS1 keyslot areas (upstream code never
   created such keyslots but someone could use that).

This operation could slow down luksFormat on some devices, but
it guarantees that after this operation LUKS header does not
contain any foreign data.
 2018-10-14 13:11:50 +02:00
Milan Broz
a46733e701 Reintroduce error message if LUKS device is not detected. 
Older cryptsetup printed this message through library,
later it disappeared even in cryptsetup binary.
 2018-10-13 10:13:29 +02:00
Milan Broz
8f350f9b9f Print error message if crypt_load() detects unsupported version of LUKS. 2018-10-12 12:34:43 +02:00
Milan Broz
484692aacd Do not ask wiping questions in format if we just created the file. 2018-10-12 12:24:42 +02:00
Milan Broz
7f0df99511 Properly parse errno to error message for devices. 2018-10-12 12:03:56 +02:00
Milan Broz
bebd2fe7e7 Do not print error for used device twice. 2018-10-12 12:03:54 +02:00
Milan Broz
36e8839675 Do not fail if device is smaller than requested wipe size. 2018-10-11 21:20:34 +02:00
Ondrej Kozina
61305a50c1 Add delay=0 parameter to scsi_debug in all tests. 
Speed up tests significantly.
 2018-10-11 16:21:36 +02:00
Milan Broz
1d7749a40f Show better errors if kesylot decryption fails. 
This happens also in cipher check where the old message was
very confusing.
 2018-10-11 15:41:35 +02:00
Milan Broz
f01d044618 Print file name size instead of a loop device in error messages. 2018-10-11 15:40:22 +02:00
Milan Broz
31532adf86 Do not copy buffer if read fails. 2018-10-11 15:39:31 +02:00
Milan Broz
879e06db39 Wiping empty device should not fail. 2018-10-11 15:38:56 +02:00
Milan Broz
4beb0f702a Do not allow device activation if data area overlaps with LUKS header. 2018-10-11 11:55:45 +02:00
Ondrej Kozina
a771460dbd Add validation tests for optional segment flags section. 2018-10-11 11:55:26 +02:00
Ondrej Kozina
f849f83d84 Add validation code for option flags section of segment. 2018-10-11 11:55:22 +02:00
Ondrej Kozina
1d084a41ad Add support for optional flags section in LUKS2 segments dump. 2018-10-11 11:55:18 +02:00
Ondrej Kozina
c4198986f1 Sort LUKS2 segments by keys in crypt_dump output. 2018-10-11 11:55:13 +02:00
Milan Broz
7514786b20 Add an error message if device is unusable. 2018-10-04 20:00:12 +02:00
Milan Broz
9df042c0b8 Use explicit_bzero if available. 2018-10-04 15:21:01 +02:00
Ondrej Kozina
37e0150f70 Do not use fallocate in blockwise tests. 
fs driver may skip some sanity checks if it's aware the content
of file is uninitialized.

Fixes warnings for xfs in kernel 4.19+
 2018-10-04 11:20:03 +02:00
Milan Broz
294e4cbcb7 Fix tcrypt test on very old distros. 2018-10-02 13:56:57 +02:00
Milan Broz
952716afe1 Report versions in test run. 2018-10-02 13:46:03 +02:00
Milan Broz
24aba9a514 tcrypt: Support additional Veracrypt modes. 
Add support for Camellia and Kuznyechik ciphers and Streebog hash functions,
introduced in recent Veracrypt.

Note, that Kuznyechik requires out-of-tree kernel module and Streebog
hash function is available only with gcrypt backend.
 2018-10-02 10:47:38 +02:00
Milan Broz
905993751c Fix integritysetup build. 2018-09-29 18:28:10 +02:00
Milan Broz
0b10d877b0 Some more gcc warnings fixes. 2018-09-29 17:32:33 +02:00
Milan Broz
874fa5810d Do not use local libutils. 2018-09-29 10:42:05 +02:00