eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-22 00:00:07 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,522 Commits 13 Branches 81 Tags
f6e613a76f4528227d4765cddcfe80a8ed3dbe0f
Commit Graph

57 Commits

Author SHA1 Message Date
Milan Broz
f6e613a76f Revert cipher requirement in parse cipher. 
There is several specification that violate this (chacha20 etc).
Just use the old way...
 2018-01-18 22:42:34 +01:00
Milan Broz
aeea93fa95 Properly fail in luksFormat if cipher format is missing required IV. 
For now, crypto API quietly used cipher witout IV if a cipher
algorithm wihtou IV specificaton was used (e.g. aes-xts).

This caused fail later during activation.

This patch allows only two specific backed use without specified IV
(ECB mode and NULL cipher).

Also check cipher string early during parsing of CLI options.
 2018-01-18 21:20:25 +01:00
Andrea Gelmini
a97de38b6b Fix typos. 2017-11-08 10:22:49 +01:00
Ondrej Kozina
13b1720899 reencrypt: add message about using default parameters with LUKS2 2017-10-30 16:09:36 +01:00
Ondrej Kozina
35512f4ee9 cryptsetup-reencrypt: internal safeguard against mistakes 2017-10-30 16:09:33 +01:00
Ondrej Kozina
356402942f luks2: adapt reencrypt to luks2 version 
TODO: currently there's no way to change pbkdf to non-default for LUKS2
 2017-10-28 22:35:21 +02:00
Milan Broz
7e53c87f5c Add parameter for progress update without in separate lines. 
Useful for reencryption or integrity format.
 2017-10-04 15:22:32 +02:00
Milan Broz
fd6fc16001 Use tools progress print function for cryptsetup-reencrypt. 2017-06-07 21:58:19 +02:00
Milan Broz
98368c4770 Update copyright years. 2017-03-12 13:17:15 +01:00
Milan Broz
a3ee8f9cb8 Rephrase UUID error message forc cryptsetup-reencrypt. 2016-10-20 14:10:29 +02:00
Milan Broz
4083bb2c0f Verify passphrase in cryptsetup-reencrypt when encrypting new drive. 2016-09-05 14:42:39 +02:00
Milan Broz
060a4fbef0 Fix possible leak if reencryption is interrupted. 2016-06-04 12:36:51 +02:00
Milan Broz
2852a48e6a Fix error message. 2016-05-25 14:56:13 +02:00
Ondrej Kozina
b5365ba13d cryptsetup-reencrypt: enable resume of decryption 
to enable resume of interrupted decryption user has
to pass uuid of the former luks device. That uuid is used
to resume the operation if temporary files LUKS-* still
exist.
 2016-04-13 15:01:37 +02:00
Ondrej Kozina
3e742452cd cryptsetup-reencrypt: harden checks for hdr backups removal 
There're various situations where hdr backups together with log file
may get removed even when the hdr was already marked unusable. This
patch fixes the most sever case already reported and generaly tries
harder protecting the log file and both hdr backups.
 2016-02-28 09:44:22 +01:00
Ondrej Kozina
d7b127549c cryptsetup-reencrypt: drop unreachable code path 
MAKE_USABLE flag is never used in device_check()
 2016-02-28 09:44:07 +01:00
Milan Broz
4aea3b81ee Remove password callback interface. 
This was a design mistake and should not be handled inside libcryptsetup code.
 2015-11-20 09:18:31 +01:00
Milan Broz
5293f5aae1 Move terminal handling to tools wrapper. 2015-11-20 09:18:31 +01:00
Milan Broz
1623ee71ab Remove experimental warning for reencrypt tool. 2015-10-29 12:16:37 +01:00
Milan Broz
7d9a14fd24 Fix some signed/unsigned compiler warnings. 2015-09-08 08:12:07 +02:00
Milan Broz
2f964d95d8 Fix benign warning in clang analysis output. 2015-09-08 07:54:03 +02:00
Milan Broz
57d16a7a55 Fix misleading error messages in reencrypt. 2015-08-26 16:15:11 +02:00
Milan Broz
7843415243 Move string_to_size to userspace tools. 2015-08-26 12:42:25 +02:00
Milan Broz
6e82bdd9a5 Do not use real password when unlocking "fake" header on reecryption. 
If reencrypt removes encryption (or adds encryption to not yet encrypted system)
there is a temporary header using null (none) cipher.
We do not need to pass through password when unlocking these devices.
 2015-07-02 08:18:44 +02:00
Milan Broz
6d51e8ab69 Support permanent device decryption using cryptsetup-reencrypt --decrypt. 2015-01-27 14:20:34 +01:00
Milan Broz
b789b011a2 Fix some compiler warnings introduced recently. 2015-01-15 12:27:34 +01:00
Milan Broz
f16f37233f Fix partial reads and handle EINTR in reencryption code. 
The partial read usually happens only on IO error,
so reencrypt at least part what is read properly.

For EINTR code must restart read completely.

Fixes issue#226.
 2014-10-04 15:39:38 +02:00
Ondrej Kozina
3d6bcae84c reencrypt: use fsync instead of O_DIRECT flag 
O_DIRECT operations directed towards filesystem are problematic:
There's no sane way how to detect specific filesystem requirements
for such operations.

This patch is replacing O_DIRECT flag with O_SYNC flag for all
open() calls related to reencrypt log. The O_SYNC flag is used
when --use-fsync option is detected.

Man page is modified accordingly.
 2014-09-23 18:47:02 +02:00
Milan Broz
3350ff017f Do not allocate big context on stack for cryptsetup-reencrypt. 2014-08-10 16:09:01 +02:00
Milan Broz
54c7a2b0aa Fix signed/unsigned compiler warnings. 2014-06-29 11:55:11 +02:00
Milan Broz
779c80c581 Fix some spelling error found by lintian. 
Thanks to Jonas Meurer.
 2014-03-04 20:27:15 +01:00
Milan Broz
2e97d8f8e8 Prepare version 1.6.4. 2014-02-27 14:36:13 +01:00
Milan Broz
e364041b40 Add --keep-key to cryptsetup-reencrypt. 
This allows change of LUKS header hash (and iteration count) without
the need to reencrypt the whole data area.
 2014-01-19 15:29:12 +01:00
Milan Broz
957201e758 Fix reencryption tool to work with 4k devices. 
See https://bugzilla.redhat.com/show_bug.cgi?id=1029032#c7

Thanks to Ondra Kozina to figure this out.
 2013-12-08 17:50:25 +01:00
Ondrej Kozina
5736b0a114 unify --key-slot behavior in cryptsetup_reencrypt 
- cryptsetup-reencrypt: unify --key-slot behavior
  across the utility and enable the option even
  without --key-file.

[FIXME: add tests and man page revision]
 2013-11-10 18:29:11 +01:00
Milan Broz
6127b6959f Update copyright year on changed files. 2013-03-24 09:05:33 +01:00
Milan Broz
fd5b88449a Make passphrase prompts more consistent. 
Also see http://code.google.com/p/cryptsetup/issues/detail?id=145
 2013-02-11 14:53:49 +01:00
Milan Broz
29f21208a0 Change License from GPLv2 only to GPLv2+ ("or any later"). 
Agreed by all copyright authors.
 2012-12-29 11:33:54 +01:00
Milan Broz
0bd8b9823a Fix time of check/use Coverity report in cryptsetup-reencrypt. 2012-12-17 16:10:39 +01:00
Milan Broz
50be50c521 Add fixme for ETA calculation. 2012-12-17 09:54:10 +01:00
Milan Broz
b16feb6853 Add verbose messages during reencryption to avoid confusion. 2012-12-14 14:48:36 +01:00
Milan Broz
32c578729c Handle signals in tool context. 2012-12-11 19:01:46 +01:00
Milan Broz
710aad20d3 Move signal handling into common utils code. 2012-12-11 15:40:42 +01:00
Milan Broz
89e09afdf6 Fix some problems found by Coverity static analysis. 2012-09-19 13:58:00 +02:00
Milan Broz
ff9db165eb Use common utils_tools.c for all tools. 
Unify tool environment and deduplicate code.
 2012-08-13 18:31:26 +02:00
Milan Broz
b99b4825a2 Use resume instead of restart. 2012-06-27 21:28:11 +02:00
Petr Písař
9b455125e9 Pass help text to popt already translated 
popt does not process the text registered by poptSetOtherOptionHelp()
through gettext on its own. Application must do it.
 2012-06-26 21:26:04 +02:00
Milan Broz
b684fffdaf Switch to use unit suffix for --reduce-device-size option. 2012-06-25 16:06:43 +02:00
Milan Broz
fb3b62ca02 Add --device-size option for reencryption tool. 2012-06-25 15:34:11 +02:00
Milan Broz
0ec4d4c9cf Add directio to reenc test. 2012-06-19 16:04:20 +02:00