- 30 Jun, 2022 1 commit
-
-
Ondrej Kozina authored
-
- 27 Jun, 2022 5 commits
-
-
Ondrej Kozina authored
-
Ondrej Kozina authored
Abort early if detached header is passed in API by any chance.
-
Ondrej Kozina authored
-
Ondrej Kozina authored
Empty context or any non-LUKS types now returns CRYPT_REENCRYPT_INVALID value. For LUKS1 devices return CRYPT_REENCRYPT_NONE (since any LUKS1 device in legacy reencryption does not have valid LUKS1 header/metadata).
-
Ondrej Kozina authored
Test cli behaves properly when there's not enough space in keyslots area for new unbound keyslot or reencryption keyslot. Fixes: #688.
-
- 24 Jun, 2022 1 commit
-
-
- 23 Jun, 2022 4 commits
-
-
Milan Broz authored
-
Milan Broz authored
Remove FIXMEs and comment style.
-
Milan Broz authored
-
Milan Broz authored
If keyslots are not sorted according to binary area offset, the calculation of area size is wrong and can overflow (LUKS1 does not store area size, only offset). Let's just use function that calculates size from volume key size. Images where keyslot areas are not aligned to 4k offset are not supported anyway. Fixes: #753
-
- 21 Jun, 2022 2 commits
-
-
Ondrej Kozina authored
It did not work with --active-name option for active LUKS2 devices.
-
Ondrej Kozina authored
By not testing repeatedly that 'wipe' test utility actually wipes the device. This test is supposed to test reencryption code. I have left untouched already existing first time checks for each data digest.
-
- 20 Jun, 2022 5 commits
-
-
-
-
-
-
Fixes: #752
-
- 17 Jun, 2022 18 commits
-
-
Milan Broz authored
-
Milan Broz authored
-
Milan Broz authored
-
Milan Broz authored
-
Milan Broz authored
This is some relict from old code, just use bool, we already require it elsewhere.
-
Milan Broz authored
Invalid values that overflows in interval check were silently ignored. Fix this by explictily adding check for interval overflow in keyslots and segment validation. Fixes: #748
-
Milan Broz authored
-
Milan Broz authored
-
Milan Broz authored
Most of the LUKS2 fields cannot be empty, add check for JSON validation for it to fail early. Fixes: #746
-
Ondrej Kozina authored
-
Ondrej Kozina authored
Fixes: #669.
-
Ondrej Kozina authored
Adds support for LUKS2 decryption of devices with a header put in the head of data device. During the initialization header is exported to a file and first data segment is moved to head of data device in place of original header. The feature introduces several new resilience modes (combination of existing modes datashift and "checksum" or "journal"). Where datashift resilience mode is applied for data moved towards the first segment and first segment is decrypted in-place. The mode is not backward compatible with prior LUKS2 reencryption and therefor interrupted operation in progress can not be resumed using older cryptsetup releases. Fixes: #669.
-
Ondrej Kozina authored
It would fail later anyway (due to wrong passphrase provided) but it's better to stop sooner.
-
Ondrej Kozina authored
-
Ondrej Kozina authored
-
Ondrej Kozina authored
-
Ondrej Kozina authored
-
Ondrej Kozina authored
-
- 14 Jun, 2022 4 commits
-
-
Ondrej Kozina authored
-
Ondrej Kozina authored
-
Ondrej Kozina authored
-
Ondrej Kozina authored
For example it could cause an issue if misaligned to 4K sector size during decryption.
-