1. 27 Nov, 2018 2 commits
  2. 25 Nov, 2018 1 commit
  3. 22 Nov, 2018 2 commits
  4. 18 Oct, 2018 1 commit
  5. 14 Oct, 2018 3 commits
    • Milan Broz's avatar
      Fix issues found by Coverity scan. · 27eaf46c
      Milan Broz authored
      - possible overflow of data offset calculation in wipe and
      - dereferencing of pointer in a keyring error path.
      27eaf46c
    • Milan Broz's avatar
      Fix some signed/unsigned comparison warnings. · 825fc895
      Milan Broz authored
      825fc895
    • Milan Broz's avatar
      Wipe full header areas (including unused) during LUKS format. · c2bce3e9
      Milan Broz authored
      All previous version of cryptsetup wiped only first 4k for LUKS1
      and both JSON areas for LUKS2 (first 32k) and the allocated
      keyslot area (as it contained the generated key).
      
      Remaining areas (unused keyslots, padding, and alignment) were
      not wiped and could contain some previous data.
      
      Since this commit, the whole area up to the data offset is zeroed,
      and subsequently, all keyslots areas are wiped with random data.
      
      Only exceptions are
       - padding/alignment areas for detached header
         if the data offset is set to 0
       - bogus LUKS1 keyslot areas (upstream code never
         created such keyslots but someone could use that).
      
      This operation could slow down luksFormat on some devices, but
      it guarantees that after this operation LUKS header does not
      contain any foreign data.
      c2bce3e9
  6. 11 Oct, 2018 1 commit
  7. 25 Sep, 2018 1 commit
  8. 09 Aug, 2018 1 commit
  9. 21 Jul, 2018 1 commit
    • Rafael Fontenelle's avatar
      Fix typos · f35ec977
      Rafael Fontenelle authored
      A bunch of typos reported by codespell, most of them comments in the code
      f35ec977
  10. 19 Jul, 2018 1 commit
    • Milan Broz's avatar
      Print verbose message about keyslot and token numbers. · eabd23f3
      Milan Broz authored
      Move all messages to cryptsetup tools and print these
      verbose messages:
      
        - Key slot X unlocked.
        - Key slot X created.
        - Key slot X removed.
      and
        - Token X created.
        - Token X removed.
      
      Also print error, if unknown token is tried to be removed.
      eabd23f3
  11. 07 Jul, 2018 1 commit
    • joerichey@google.com's avatar
      Make all header files self-suffienct · 59b5f360
      joerichey@google.com authored
      Almost all the headers in cryptsetup are self-suffienct (in that they
      compile on their own). By including <stddef.h>, <stdint.h>, or
      <sys/types.h>, all headers will now compile on their own.
      
      This is useful for importing cryptsetup into Bazel/Blaze.
      59b5f360
  12. 26 Apr, 2018 1 commit
  13. 06 Apr, 2018 1 commit
    • Milan Broz's avatar
      Check cipher before writing metadata (LUKS2). · 187170ec
      Milan Broz authored
      Some ciphers and key sizes created on-disk metadata that cannot be used.
      Use the same test for length-preserving cipher as LUKS1.
      
      Also check if key for integrity algorithm is not too small.
      
      Fixes #373.
      187170ec
  14. 25 Mar, 2018 1 commit
  15. 20 Jan, 2018 1 commit
  16. 19 Jan, 2018 1 commit
  17. 07 Dec, 2017 2 commits
  18. 06 Dec, 2017 1 commit
  19. 08 Nov, 2017 1 commit
  20. 12 Oct, 2017 1 commit
    • Milan Broz's avatar
      Use non-recursive automake. · d77bbe93
      Milan Broz authored
      This change also causes that now binaries and libraries are placed in
      build root directory.
      
      Now we can use subdir-objects for automake.
      d77bbe93
  21. 10 Oct, 2017 1 commit
  22. 24 Sep, 2017 2 commits
  23. 12 Aug, 2017 1 commit
    • Milan Broz's avatar
      Move PBKDF internal benchmark to one place. · 5fc79f56
      Milan Broz authored
      Also cache its value in active context, so we run benchmark
      only once.
      
      The patch also changes calculated value for LUKS1 key digest
      to 125 miliseconds (it means that for full 8 used slots
      the additional slow-down is circa 1 second).
      
      Note that there is no need to have too high iteration count
      for key digest; if it is too computationally expensive, attacker
      will better decrypt of one sector with candidate key anyway.
      (Check for a known signature.)
      
      The reason to have some delay for key digest check was
      to complicate brute-force search for volume key with LUKS header
      only (and if RNG used to generate volumekey was flawed
      allowing such a search i reasonable time).
      5fc79f56
  24. 10 Aug, 2017 1 commit
  25. 06 Aug, 2017 2 commits
    • Milan Broz's avatar
      Change PBKDF interface API. · 0abf57be
      Milan Broz authored
      Prepare API for PBKDF that can set three costs
        - time (similar to iterations in PBKDF2)
        - memory (required memory for memory-hard function)
        - threads (required number of threads/CPUs).
      
      This patch also removes wrongly designed API call
      crypt_benchmark_kdf and replaces it with the new call
      crypt_benchmark_pbkdf.
      
      Two functions for PBKDF per context setting
      are introduced: crypt_set_pbkdf_type and crypt_get_pbkdf_type.
      
      The patch should be backward compatible when using
      crypt_set_iteration_time function (works only for PBKDF2).
      Signed-off-by: Milan Broz's avatarMilan Broz <gmazyland@gmail.com>
      0abf57be
    • Milan Broz's avatar
      Add Argon2 bundled library to crypto backend. · 09d14a0b
      Milan Broz authored
      The Argon2i/id is a password hashing function that
      won Password Hashing Competiton.
      
      It will be (optionally) used in LUKS2 for passworrd-based
      key derivation.
      
      We have to bundle code for now (similar PBKDF2 years ago)
      because there is yet no usable implementation in common
      crypto libraries.
      (Once there is native implementation, cryptsetup
      will switch to the crypto library version.)
      
      For now, we use reference (not optimized but portable) implementation.
      
      This patch contains bundled Argon2 algorithm library copied from
        https://github.com/P-H-C/phc-winner-argon2
      
      For more info see Password Hashing Competition site:
        https://password-hashing.net/
      and draft of RFC document
        https://datatracker.ietf.org/doc/draft-irtf-cfrg-argon2/Signed-off-by: Milan Broz's avatarMilan Broz <gmazyland@gmail.com>
      09d14a0b
  26. 29 Jun, 2017 1 commit
  27. 24 Jun, 2017 1 commit
  28. 23 Jun, 2017 1 commit
  29. 16 Jun, 2017 1 commit
  30. 15 Jun, 2017 1 commit
    • Ondrej Kozina's avatar
      luks1: harden checks for possibly corrupted headers · bef56af7
      Ondrej Kozina authored
      this patches improves two areas:
      
      1) it checks for keyslot areas overlaping each other
      2) it checks if all keyslot areas fit in header area of device
         (pre-data-offset area) or if it can fit file (detached header)
         it's being loaded from. Those new checks are based on real data
         found in header (offsets) rather than based on assumption calculated
         from key length
      bef56af7
  31. 08 Jun, 2017 2 commits
  32. 07 Jun, 2017 1 commit