1. 08 Mar, 2018 1 commit
    • Milan Broz's avatar
      Support detached header for cryptsetup-reencrypt. · a22a24bc
      Milan Broz authored
      This patch allows encryption/decryption of the whole device,
      IOW add encryption later with detached header.
      
      This operation can be dangerous, there is no fixed bindings between
      the specific LUKS header and data device (encrypted data device
      contains no magic signatures).
      a22a24bc
  2. 01 Mar, 2018 2 commits
  3. 28 Feb, 2018 2 commits
  4. 27 Feb, 2018 2 commits
  5. 23 Feb, 2018 1 commit
  6. 22 Feb, 2018 3 commits
  7. 12 Feb, 2018 1 commit
  8. 11 Feb, 2018 1 commit
    • Ondrej Kozina's avatar
      Reencrypt tests improvements. · b426db60
      Ondrej Kozina authored
      - adapt tests to new features (luks2 keyslot change, pbkdf params)
      - add tests for fixes (max keyslot)
      - speed up tests significantly by add minimal forced values everywhere.
      b426db60
  9. 08 Feb, 2018 1 commit
  10. 24 Jan, 2018 1 commit
    • Milan Broz's avatar
      Fix loopaesOpen for keyfile on standard input. · 8728ba08
      Milan Broz authored
      The change in keyfile processing caused that special loopAES
      keyfiles are no longer read from stdin if key-file argument is "-".
      
      Fix it by using /dev/stdin in cryptsetup if "-" is detected.
      (The libcryptsetup API no longer parses spacial meaning of "-" internally).
      
      Fixes #364.
      8728ba08
  11. 20 Jan, 2018 1 commit
  12. 19 Jan, 2018 1 commit
    • Ondrej Kozina's avatar
      Add internal code for LUKS2 keyslot params. · 08e7c143
      Ondrej Kozina authored
      This fixes crypt_keyslot_add_by_key where we were unable to store
      keyslot (unbound to segment) with different key_size.
      The code used (new) volume key size implicitly which could be wrong
      if new size was not compatible with cipher parameter for keyslot area.
      08e7c143
  13. 18 Jan, 2018 5 commits
  14. 17 Jan, 2018 1 commit
    • Milan Broz's avatar
      Introduce new 64bit *keyfile_device_offset functions. · f34ce81f
      Milan Broz authored
      The keyfile interface was designed, well, for keyfiles.
      
      Unfortunately, a keyfile can be placed on a device and the size_t offset
      can overflow.
      
      We have to introduce new set of fucntions that allows 64bit offsets even on 32bit systems:
       - crypt_resume_by_keyfile_device_offset
       - crypt_keyslot_add_by_keyfile_device_offset
       - crypt_activate_by_keyfile_device_offset
       - crypt_keyfile_device_read
      
      The new functions have added _device_ in name.
      
      Old functions are just internall wrappers around these.
      
      Also cryptsetup --keyfile-offset and --new-keyfile-offset must now
      process 64bit offsets.
      
      For more info see issue 359.
      f34ce81f
  15. 10 Jan, 2018 1 commit
  16. 10 Dec, 2017 2 commits
    • Ondrej Kozina's avatar
      Derive VK kernel key description from digest id · c7403246
      Ondrej Kozina authored
      Originally the key description for VK was derived
      from segment id. This could lead to ambiguity when
      keyslot key is verified and loaded in kernel keyring
      using activation functions with CRYPT_ACTIVATE_KEYRING_KEY
      flag raised.
      c7403246
    • Milan Broz's avatar
      Fix a rare fail in key-length regression test with PBKDF2. · f049afcb
      Milan Broz authored
      PBKDF2 has nasty behaviour that it generates the same output
      for passwords that has several trailing zero bytes.
      (IOW null trailing bytes causes collision.)
      
      Unfortunatelly our test plays with password length
      and expect wrong length must always fail.
      Sometimes the randomly generated key key contains
      the null byte in the "wrong" place and PBKDF2 causes test to fail.
      
      For now, fix it by using fixed keyfile without null bytes
      (similar to fixed passphrased we already have).
      f049afcb
  17. 09 Dec, 2017 1 commit
  18. 07 Dec, 2017 2 commits
  19. 05 Dec, 2017 2 commits
  20. 23 Nov, 2017 1 commit
  21. 21 Nov, 2017 1 commit
  22. 14 Nov, 2017 1 commit
  23. 08 Nov, 2017 1 commit
  24. 30 Oct, 2017 1 commit
  25. 29 Oct, 2017 2 commits
  26. 28 Oct, 2017 2 commits