1. 29 Mar, 2019 1 commit
    • Milan Broz's avatar
      Add global serialization lock for memory hard PBKDF. · 1b49ea40
      Milan Broz authored
      This is very ugly workaround for situation when multiple
      devices are being activated in parallel (systemd crypttab)
      and system  instead of returning ENOMEM use OOM killer
      to randomly kill processes.
      This flag is intended to be used only in very specific situations.
  2. 08 Mar, 2019 1 commit
    • Ondrej Kozina's avatar
      Allow unbound keyslots to be assigned to existing digest. · 75695195
      Ondrej Kozina authored
      If passed key matches any existing digest we will not create
      new digest but assign the keyslot to already existing one.
      Because reencryption should be able to create more than one
      keyslot assigned to new key digest.
      TODO: Tests for the new feature
  3. 07 Feb, 2019 1 commit
  4. 28 Jan, 2019 1 commit
  5. 26 Jan, 2019 1 commit
  6. 25 Jan, 2019 1 commit
  7. 10 Jan, 2019 1 commit
    • Milan Broz's avatar
      Add --debug-json switch and log level. · 51dd2762
      Milan Broz authored
      The JSON structures should not be printed by default to debug log.
      This flag introduces new debug level that prints JSON structures
      and keeps default debug output separate.
  8. 07 Jan, 2019 3 commits
    • Milan Broz's avatar
      Add crypt_get_default_type() API call. · 98feca28
      Milan Broz authored
    • Milan Broz's avatar
      Add keyslot encryption params. · 307a7ad0
      Milan Broz authored
      This patch makes available LUKS2 per-keyslot encryption settings to user.
      In LUKS2, keyslot can use different encryption that data.
      We can use new crypt_keyslot_get_encryption and crypt_keyslot_set_encryption
      API calls to set/get this encryption.
      For cryptsetup new --keyslot-cipher and --keyslot-key-size options are added.
      The default keyslot encryption algorithm (if cannot be derived from data encryption)
      is now available as configure options (default is aes-xts-plain64 with 512-bits key).
      NOTE: default was increased from 256-bits.
    • Milan Broz's avatar
      Rename function to describe precisely keys size it obtains. · 0039834b
      Milan Broz authored
      This should avoid confusion between key size for the stored key and
      key size that actually encrypts the keyslot.
  9. 03 Jan, 2019 1 commit
  10. 01 Jan, 2019 1 commit
    • Ondrej Kozina's avatar
      Add CRYPT_ACTIVATE_REFRESH flag to activation calls. · 5c67ca01
      Ondrej Kozina authored
      The new flag is supposed to refresh (reload) active dm-crypt
      mapping with new set of activation flags. CRYPT_ACTIVATE_READONLY
      can not be switched for already active device.
      The flag is silently ignored for tcrypt, verity and integrity
      devices. LUKS2 with authenticated encryption support is added in
      later commit.
  11. 11 Dec, 2018 1 commit
  12. 06 Dec, 2018 1 commit
    • Milan Broz's avatar
      Add crypt_set_data_offset API function. · 03edcd2b
      Milan Broz authored
      The crypt_set_data_offset sets the data offset for LUKS and LUKS2 devices
      to specified value in 512-byte sectors.
      This value should replace alignment calculation in LUKS param structures.
  13. 05 Dec, 2018 2 commits
  14. 25 Sep, 2018 1 commit
  15. 10 Aug, 2018 1 commit
  16. 27 Jul, 2018 1 commit
  17. 21 Jul, 2018 1 commit
    • Rafael Fontenelle's avatar
      Fix typos · f35ec977
      Rafael Fontenelle authored
      A bunch of typos reported by codespell, most of them comments in the code
  18. 18 Jul, 2018 1 commit
  19. 11 Jul, 2018 1 commit
  20. 26 Apr, 2018 1 commit
  21. 24 Apr, 2018 1 commit
  22. 19 Apr, 2018 1 commit
    • Milan Broz's avatar
      Introduce CRYPT_SLOT_UNBOUND keyslot status for LUKS2. · aa1551c6
      Milan Broz authored
      A keyslot not bound to any segment can store any key for any purpose.
      To easily check slot status, new enum value is introduced.
      This status is valid only for LUKS2, so the functions are backward compatible
      with LUKS1.
  23. 16 Apr, 2018 1 commit
  24. 15 Apr, 2018 1 commit
  25. 12 Apr, 2018 1 commit
  26. 31 Mar, 2018 1 commit
    • Milan Broz's avatar
      veritysetup: add support for --check-at-most-once option. · fef5121c
      Milan Broz authored
      The kernel 4.17 will include a new dm-verity flag that
      instructs kernel to verify data blocks only once.
      This patch adds support for it to libcryptsetup and veritysetup.
      This flag can be dangerous; if you can control underlying device
      (you can change its content after it was verified) it will no longer
      prevent reading tampered data and also it does not prevent to silent
      data corrruptions that appears after the block was once read.
  27. 22 Feb, 2018 1 commit
  28. 20 Jan, 2018 1 commit
  29. 17 Jan, 2018 1 commit
    • Milan Broz's avatar
      Introduce new 64bit *keyfile_device_offset functions. · f34ce81f
      Milan Broz authored
      The keyfile interface was designed, well, for keyfiles.
      Unfortunately, a keyfile can be placed on a device and the size_t offset
      can overflow.
      We have to introduce new set of fucntions that allows 64bit offsets even on 32bit systems:
       - crypt_resume_by_keyfile_device_offset
       - crypt_keyslot_add_by_keyfile_device_offset
       - crypt_activate_by_keyfile_device_offset
       - crypt_keyfile_device_read
      The new functions have added _device_ in name.
      Old functions are just internall wrappers around these.
      Also cryptsetup --keyfile-offset and --new-keyfile-offset must now
      process 64bit offsets.
      For more info see issue 359.
  30. 18 Dec, 2017 1 commit
  31. 12 Dec, 2017 1 commit
  32. 08 Nov, 2017 1 commit
  33. 28 Oct, 2017 1 commit
  34. 14 Oct, 2017 1 commit
  35. 26 Sep, 2017 1 commit
  36. 24 Sep, 2017 2 commits