1. 06 Dec, 2018 1 commit
    • Milan Broz's avatar
      Add crypt_set_data_offset API function. · 03edcd2b
      Milan Broz authored
      The crypt_set_data_offset sets the data offset for LUKS and LUKS2 devices
      to specified value in 512-byte sectors.
      
      This value should replace alignment calculation in LUKS param structures.
      03edcd2b
  2. 05 Dec, 2018 2 commits
  3. 27 Nov, 2018 4 commits
  4. 25 Nov, 2018 1 commit
  5. 24 Nov, 2018 1 commit
    • Milan Broz's avatar
      Check for device size and sector size misalignment. · 18c92103
      Milan Broz authored
      Kernel prevents activation of device that is not aligned
      to requested sector size.
      
      Add early check to plain and LUKS2 formats to disallow
      creation of such a device.
      (Activation will fail in kernel later anyway.)
      
      Fixes #390.
      18c92103
  6. 23 Nov, 2018 1 commit
  7. 22 Nov, 2018 1 commit
  8. 07 Nov, 2018 2 commits
    • Ondrej Kozina's avatar
      Parse compat values from LUKS2 default segment encryption. · 9e7f9f34
      Ondrej Kozina authored
      We used to preset compat cipher and cipher_mode values during
      crypt_format() or crypt_load(). Since we can change 'default segment'
      dynamically during reencryption (encryption, decryption included) we
      need to parse those values from default segment json encryption field
      each time crypt_get_cipher() or crypt_get_cipher_mode() is called.
      9e7f9f34
    • Milan Broz's avatar
      Log all debug messages through log callback. · 493e8580
      Milan Broz authored
      This cahnge allow to redirect all output of library
      to a log processor.
      493e8580
  9. 14 Oct, 2018 1 commit
    • Milan Broz's avatar
      Wipe full header areas (including unused) during LUKS format. · c2bce3e9
      Milan Broz authored
      All previous version of cryptsetup wiped only first 4k for LUKS1
      and both JSON areas for LUKS2 (first 32k) and the allocated
      keyslot area (as it contained the generated key).
      
      Remaining areas (unused keyslots, padding, and alignment) were
      not wiped and could contain some previous data.
      
      Since this commit, the whole area up to the data offset is zeroed,
      and subsequently, all keyslots areas are wiped with random data.
      
      Only exceptions are
       - padding/alignment areas for detached header
         if the data offset is set to 0
       - bogus LUKS1 keyslot areas (upstream code never
         created such keyslots but someone could use that).
      
      This operation could slow down luksFormat on some devices, but
      it guarantees that after this operation LUKS header does not
      contain any foreign data.
      c2bce3e9
  10. 12 Oct, 2018 2 commits
  11. 11 Oct, 2018 1 commit
  12. 25 Sep, 2018 2 commits
  13. 10 Aug, 2018 3 commits
  14. 08 Aug, 2018 2 commits
  15. 19 Jul, 2018 2 commits
  16. 11 Jul, 2018 3 commits
    • Ondrej Kozina's avatar
      Allow explicit LUKS2 repair. · 9de5dc93
      Ondrej Kozina authored
      Also moves FIXME comment lower to LUKS2 code with note that currently it's
      safe to do crypt_repair on LUKS2 format without paying attention to LUKS2
      requirements.
      9de5dc93
    • Ondrej Kozina's avatar
      Allow LUKS2 repair to override blkid checks. · 289c9ecf
      Ondrej Kozina authored
      Allow user to run cryptsetup repair command and explicitly do
      repair on corrupted LUKS2 headers where blkid decides it's no longer
      a LUKS2 device.
      289c9ecf
    • joerichey@google.com's avatar
      Add missing call to crypt_random_exit · 25467243
      joerichey@google.com authored
      We call crypt_random_init in init_crypto, but never call
      crypt_random_exit. This change just copies what the crypt_backend
      functions do, and calls crypt_random_exit in the descructor.
      25467243
  17. 03 May, 2018 1 commit
    • Milan Broz's avatar
      Fix check for AEAD cipher. · f87ee511
      Milan Broz authored
      The crypt_get_integrity() can be not yet set, check for key size
      explicitly (otherwise we reject composed ciphers in keyslot check too early.)
      f87ee511
  18. 26 Apr, 2018 3 commits
  19. 25 Apr, 2018 1 commit
  20. 24 Apr, 2018 2 commits
  21. 19 Apr, 2018 2 commits
  22. 15 Apr, 2018 2 commits