eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-11 19:00:02 +01:00
Code Issues Packages Projects Releases Wiki Activity
2,858 Commits 15 Branches 78 Tags
fea4074e8fc6542f43b2bd5b7507d0c08b2d7b8b
Commit Graph

2858 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Milan Broz
fea4074e8f Check internal device functions for NULL device. 
Most of these functions already works even with device=NULL.

There can be some rare situations when this call could happen,
so be safe always.
(Like initialization for a device that disappears during init.)

Also see
https://bugzilla.redhat.com/show_bug.cgi?id=1932946
 2021-03-01 20:38:52 +01:00
Milan Broz
9209d7e3b5 Use internal bit operations instead of network byte order functions. 2021-03-01 18:26:06 +01:00
Milan Broz
ca2e1fc956 Fix some includes. 2021-02-27 21:14:38 +01:00
Milan Broz
1592f1e274 Fix allocation of volume key in LUKS1 open_key. 
This function should not return allocated key on error path.

Recent patch (suspend/resume) introduced a memory leak because of this.
 2021-02-24 22:54:55 +01:00
Milan Broz
74027ca922 Remove VLAs from API test. 2021-02-24 21:44:36 +01:00
Ondrej Kozina
1910960364 Silent error messages in tests. 2021-02-24 16:06:19 +01:00
Ondrej Kozina
2708021e6f Add error message when suspending wrong device. 
In case user tries to suspend LUKS data device instead
of dm-crypt mapping.

See issue#622.
 2021-02-24 16:06:19 +01:00
Ondrej Kozina
8e8ecd50de Fix luksResume when called on non-LUKS device. 2021-02-24 16:06:19 +01:00
Ondrej Kozina
3ebf7fa3bd Drop duplicate type check in LUKS2 encryption. 2021-02-24 16:06:19 +01:00
Ondrej Kozina
68130ef2f5 Introduce isLUKS helpers in cryptsetup. 2021-02-24 16:06:19 +01:00
Ondrej Kozina
a77acb21c9 Fix reversed condition in LUKS2 api test. 
get_luks2_offsets is based on get_luks_offsets from api-test.c
but for some odd reason 'metadata_device' parameter had reversed
meaning.
 2021-02-24 15:57:12 +01:00
Ondrej Kozina
6e6e9f169e Fix keyslots size overflow when device too small. 
It properly failed but debug message was confusing.
Now it fails later properly with "device too small"
error message.
 2021-02-24 15:57:12 +01:00
Ondrej Kozina
6a8bade7e6 Allow LUKS resume for device with cipher_null. 2021-02-24 15:57:11 +01:00
Ondrej Kozina
3367b78958 Unify crypt_resume_by internal code. 2021-02-24 15:57:11 +01:00
Ondrej Kozina
28603e4de7 Do not upload VK in keyring when data cipher is null. 2021-02-24 15:57:11 +01:00
Ondrej Kozina
d8cf203d46 Remove redundant check. 
It can't be non-LUKS2 device at this branching.
 2021-02-24 15:57:11 +01:00
Ondrej Kozina
9faa602f6c Add tests for cipher_null suspend/resume. 2021-02-24 15:57:11 +01:00
Milan Broz
c9b727e9ea verity: run FEC check even if root hash fails. 
The error correction can fix even problem with root hash.

For now, always return fail if initial check of root hash failed.

FIXME: The FEC verify code need to be rewritten to repair only
blocks where hash is wrong and the re-check hash after recovery,
inclkuding root hash.

Now we do not check hash after FEC recovery. The Reed-Solomon
decoder can then "repair" code wrongly if parity is too damaged.

For now, the information about FEC repaired errors is only
advisory, it does not mean device is fully repaireable.
 2021-02-23 17:36:58 +00:00
Milan Broz
1534dc6c61 verity: do not process hash image if it is empty. 2021-02-23 17:36:58 +00:00
Milan Broz
dd6d6cfa1c verity: do not calculate hash offset if hash area is not used. 
Sometimes device is so small that there is only root hash needed
and the hash area is not used.
 2021-02-23 17:36:58 +00:00
Milan Broz
8e564bbb5c veritysetup: do not increase hash image size if hash area is not used. 
Do not write more than needed header if hash area is not used later.

All space in hash area is then used in FEC calculation, so it makes
no sense to add unused area.
 2021-02-23 17:36:58 +00:00
Ondrej Kozina
284a49443e Extend LUKS2 reencryption tests w/ cipher_null. 2021-02-18 15:01:01 +01:00
Ondrej Kozina
61abbc6e5d Bypass keyring activation flag if cipher is null. 2021-02-18 14:22:51 +01:00
Ondrej Kozina
1fe2d3d92b Use crypt_is_cipher_null check where possible. 2021-02-18 14:19:09 +01:00
Ondrej Kozina
b0da623c8a Fix default xts mode key size in reencryption. 
Reencryption did not take into account adjusted xts
key size configuration option. This patch fix the
issue by using same logic as in luksFormat with xts
mode selected for data encryption.
 2021-02-18 12:14:54 +01:00
Milan Broz
ff1502edd0 Remove VLAs from TCRYPT code. 2021-02-18 11:10:20 +00:00
Milan Broz
2d9c0b507d Remove VLAs from UUID block parsing code. 2021-02-18 11:10:20 +00:00
Milan Broz
20320dfd0e Remove VLAs from blockdev utils code. 2021-02-18 11:10:20 +00:00
Milan Broz
6483fb027a Remove VLAs from FEC verity code. 2021-02-18 11:10:20 +00:00
Ondrej Kozina
030d50f6ba Fix reencryption test on systems w/o keyring. 2021-02-17 16:36:21 +01:00
Milan Broz
dc8bbbf352 Rename label fo consistency. 2021-02-17 10:03:18 +01:00
Milan Broz
c72030d25a Avoid using goto in Nettle crypto wrapper. 2021-02-17 10:03:18 +01:00
Milan Broz
4309294c2a Remove unnecessary goto from cipher kernel wrapper. 2021-02-17 10:03:18 +01:00
Milan Broz
f5dd3c8e32 Rename label in utils for consistency. 2021-02-17 10:03:18 +01:00
Milan Broz
6dd347ddb4 Rewrite reload code to avoid two goto labels. 2021-02-17 10:03:18 +01:00
Milan Broz
e15e09025d Use err label for error consitently for RNG code. 2021-02-17 10:03:18 +01:00
Milan Broz
caf71248df Use dm_task_destroy consistently. 2021-02-17 10:03:18 +01:00
Milan Broz
7b327509b4 Remove unnecessary goto and use out label for non-error path in libdevmapper code. 2021-02-17 10:03:18 +01:00
Milan Broz
83138b7803 Remove confusing goto from TCRYPT code. 2021-02-17 10:03:18 +01:00
Milan Broz
cea7a1489a Remove unnecessary goto and use out label for non-error path in reencrypt code. 2021-02-17 10:03:18 +01:00
Milan Broz
f6e2fbb366 Remove unnecessary goto from LUKS2_hdr_version_unlocked. 2021-02-17 10:03:18 +01:00
Milan Broz
2e4a3a9888 Remove unnecessary goto from token load. 2021-02-17 10:03:18 +01:00
Milan Broz
639ffa36a5 Rename goto err to out, it is not error path only. 
Also try to use the same "goto out" pattern everywhere.
 2021-02-17 10:03:18 +01:00
Milan Broz
05f9297141 Avoid goto patern in crypt_init. 
Also device_free is not needed, it never allocates anything in error path.
 2021-02-17 10:03:18 +01:00
Milan Broz
28baeca882 Clear goto use in tools. 
Allow only one pattern for goto - one place for releasing resources.

Avoid all other use of the goto pattern.
 2021-02-17 10:03:18 +01:00
Milan Broz
b1558ec973 USe ARG_SET macro to check that device size is set for resize. 
And move the check to the beginning of function.
 2021-02-17 10:03:18 +01:00
Ondrej Kozina
4862c38ca9 Prefer default cipher when reencrypting cipher_null device. 
By default when reencrypting LUKS2 device we regenerate only
the volume key. But if the device was 'encrypted' by cipher_null
this change did not make sense. The key was always empty.

Change the behaviour so that unless user specifies --cipher
parameter on command line, we change data encryption cipher
to default when old segment cipher was cipher_null.
 2021-02-16 21:08:54 +01:00
Ondrej Kozina
bec7394722 Improve key handling with cipher_null in reencryption. 2021-02-16 18:08:35 +01:00
Ondrej Kozina
42479bd1df Add debug message for activated cipher_null device. 2021-02-16 18:08:35 +01:00
Ondrej Kozina
01f896711e Replace bogus cipher_null keyslots before reencryption. 
By mistake LUKS2 allowed keyslots 'not-so-encrypted' by
cipher_null (only explicitly requested by --cipher or
--keyslot-cipher parameters). If we encounter
such old key during reencryption let's replace the cipher
for new keyslot with default LUKS2 keyslot cipher.
 2021-02-16 18:08:35 +01:00