eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-10 10:20:01 +01:00
Code Issues Packages Projects Releases Wiki Activity
4,092 Commits 14 Branches 78 Tags
f91524dc63d3fc76ee542cf5201b0c22ee6f178f
Commit Graph

4092 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Daniel Zatovic
f91524dc63 CI: add OPAL jobs. 2024-02-22 11:41:37 +00:00
Daniel Zatovic
f8e79cdbe6 CI: update jobs for new CI infrastrucure 2024-02-22 11:41:37 +00:00
Ondrej Kozina
35cd898c63 Fix crypto vectors test in meson. 
Otherwise it gets skipped in meson everytime.
 2024-02-21 15:56:14 +01:00
Tobias Rosenkranz
91c1d2202a Skip test if keyctl is missing 2024-02-18 14:46:37 +01:00
Milan Broz
a6d9dc0a16 Do not require argon2.h if implemented natively in crypto library. 2024-02-13 12:38:00 +01:00
Ondrej Kozina
f681194b57 Fix mistake in crypt_set_keyring_to_link documentation. 
The keyring_to_link_vk parameter must be prefixed by
either "%:" or "%keyring:" substrings provided caller
opted for text description of the target keyring.
 2024-02-13 11:40:13 +01:00
Ondrej Kozina
fdac0d7ee2 cryptsetup.spec: drop libargon2 in favour of openssl implementation. 2024-02-12 10:43:47 +00:00
Milan Broz
b417154e71 Fix configure Argon2 OpenSSL detection to not compile internal Argon2. 
Code is not called anyway, but should be completely disabled.
Note: there is intentionally no way to disable OpenSSL Argon2 if present.
 2024-02-09 12:51:34 +01:00
Milan Broz
4dde8f078f Version 2.7.0. v2.7.0 2024-01-24 10:47:32 +01:00
Milan Broz
f11af15cd0 Fix local variable name that hides global one. 
Found by CodeQL.
 2024-01-23 20:22:11 +01:00
Milan Broz
bd0ef58b3a Update copyright notice to include 2024 year. 2024-01-23 16:10:44 +01:00
Ondrej Kozina
cbc7253400 Unify error code for missing key description. 
Use -ESRCH for similar error code as with
crypt_activate_by_keyslot_context. Here it's not
confliciting with previous use for the very code but
let's make it easier and use same code for similar case.
 2024-01-23 12:08:43 +01:00
Ondrej Kozina
35ec935cc2 Update API documentation for crypt_set_keyring_to_link. 
The section about placeholder API no longer applies.
 2024-01-23 12:03:39 +01:00
Ondrej Kozina
7eca077490 Replace code for missing key error in API. 
While trying to activate device in LUKS2 reencryption
we originally used -ENOKEY error code for case
where one or more volume keys could not be unlocked or
were not provided direclty by (CRYPT_KC_TYPE_KEY or
CRYPT_KC_TYPE_VK_KEYRING) keyslot contexts.

We missed the fact the error code was already previously
used for signaling case when dm subsystem could not load
device table due to key in kernel keyring could not be
read from kernel. It's propagated by libdevmapper.

For it we replace -ENOKEY with -ESRCH for signaling the missing
keyslot context or volume key for devices in LUKS2 reencryption.
 2024-01-23 11:55:12 +01:00
Ondrej Kozina
8dd3266599 tests: use per-test keyring for caching VKs. 2024-01-22 17:28:19 +01:00
Ondrej Kozina
135ed491d1 Do not drop keys from keyring on successfull reencryption recovery. 
The key might be needed in activation of ordinary LUKS2 device
provided the recovery took place in before device activation
and actually finished LUKS2 device reencryption.

Fixes: #863.
 2024-01-22 12:13:40 +01:00
Milan Broz
de1cd97fde Fix typo in verity test. 2024-01-20 19:01:25 +01:00
Milan Broz
f040f74f46 Fix autoconf valgrind test. 
All environment variables are predefined in make run,
use it in $(VAR) from, as shell variables processing does not work here.
 2024-01-20 10:56:22 +01:00
Daniel Zatovic
136ba21c65 Add tests for device activation using multiple VKs. 2024-01-19 16:26:30 +00:00
Daniel Zatovic
7fb98caa79 Allow activating multi key devices using VKs in keyring. 
We already support activation of a device using a volume key in keyring.
However, in case of multi-key devices (i.e. device with reencryption
running) we need to supply two volume keys.
 2024-01-19 16:26:30 +00:00
Daniel Zatovic
4321992561 Add tests for storing VK in keyring during resume. 2024-01-19 16:26:30 +00:00
Daniel Zatovic
f354a0b038 Add tests for storing multiple VKs in a custom keyring. 2024-01-19 16:26:30 +00:00
Daniel Zatovic
5814b39cdd Allow linking multiple VKs (also in reencryption). 
If the device is in reencryption, it has two active volume keys. Linking
the VK to keyring is not supported for such devices, because the API
only counts with one key. This commit modifies the API
crypt_set_keyring_to_link to allow passing multiple keyring key names.
 2024-01-19 16:26:30 +00:00
Milan Broz
e0eb4dad95 Fix tests to support --disable-keyring option. 
Also remove unused function in test.
 2024-01-19 13:40:25 +00:00
Antonio Ceballos
0ba3e3077c po: update es.po (from translationproject.org) 2024-01-19 12:59:50 +01:00
Petr Pisar
dfe241dc24 po: update cs.po (from translationproject.org) 2024-01-19 12:59:50 +01:00
Milan Broz
001f228059 LUKS2: add more sanity assignments to header code. 
Ensure we do not return partial binary header and also
explicitly set header size to zero to silnce stupid
cppcheck warnings.
 2024-01-17 21:25:30 +01:00
Milan Broz
89ee1ed656 LUKS2: add sanity check for hdr_size. 
Simplify code a little bit for static analysis and also
ensure that even second LUKS2 header with wrong hdr_size is
always detected.
 2024-01-17 21:25:27 +01:00
Milan Broz
cac3184da3 Add a few tainted data info for coverity to avoid warnings. 
If sysconf is lying, then anything can happen.
But check for overflow anyway.

Device/partition offset overflow for IV can only cause
bad decryption (expected).
 2024-01-17 21:25:00 +01:00
Milan Broz
b048a417b7 Silence false positive cppcheck warning. 2024-01-17 12:20:00 +01:00
Milan Broz
cfdb1b93af Fix signed (error) return from read in loop utils. 2024-01-17 12:19:55 +01:00
Milan Broz
d15447814a Use gcc 13 for GitHub actions. 2024-01-17 12:19:48 +01:00
Ondrej Kozina
912d410458 Fix some grammar issues suggested by auto-correction tools. 2024-01-16 09:55:06 +00:00
Ondrej Kozina
d730f45201 Update kernel keyring usage documentation. 2024-01-16 09:55:06 +00:00
Ondrej Kozina
605acab31a Fix some grammar issues suggested by auto-correction tools. 2024-01-15 12:30:32 +01:00
Ondrej Kozina
ebca40640d docs: Describe additional LUKS2 locks. 2024-01-15 12:22:43 +01:00
Ondrej Kozina
a50a39a192 tests: add in-place LUKS2 encryption api test. 
Simple test for plaintext data placed at specified offset
(non zero offset relative to head of data device).
 2024-01-05 14:22:07 +01:00
Ondrej Kozina
adc83f6dca tests: add helper for creating arbitrary linear mapping. 2024-01-05 14:22:07 +01:00
Ondrej Kozina
bd0768a42a Respect CRYPT_ACTIVATE_SHARED in reencryption. 2024-01-05 14:22:07 +01:00
Yuri Chornoivan
543d220bd4 po: update uk.po (from translationproject.org) 2024-01-05 09:48:54 +01:00
Remus-Gabriel Chelu
44490e3ee1 po: update ro.po (from translationproject.org) 2024-01-05 09:48:54 +01:00
Jakub Bogusz
4b2015eafd po: update pl.po (from translationproject.org) 2024-01-05 09:48:54 +01:00
Hiroshi Takekawa
65005b4cd3 po: update ja.po (from translationproject.org) 2024-01-05 09:48:54 +01:00
Frédéric Marchal
fae0d2c1f2 po: update fr.po (from translationproject.org) 2024-01-05 09:48:54 +01:00
Roland Illig
2c16a80113 po: update de.po (from translationproject.org) 2024-01-05 09:48:54 +01:00
Milan Broz
44c6a76b09 Add note for luksSuspend to man page. 
It should not be expected that suspend operation wipes
possible plaintext data from memory.

Related: #855
 2023-12-22 12:17:55 +01:00
Milan Broz
37a2750e4f Update cryptsetup.spec. 2023-12-20 18:25:51 +01:00
Krassy Boykinov
b5006a5404 man: Update authenticated encryption trim description and add references 
790666ff (Add support for allow_discrads for dm-integrity., 2020-04-09)
added TRIM support for standalone dm-integrity volumes.
This change is now reflected in the cryptsetup(8) man page.
 2023-12-20 14:56:08 +00:00
Milan Broz
3323690cbc Version 2.7.0-rc1. v2.7.0-rc1 2023-12-20 15:21:01 +01:00
Milan Broz
1a50de508c Fix doxygen tags for API docs. 2023-12-20 15:12:30 +01:00