1. 05 Mar, 2019 1 commit
    • Ondrej Kozina's avatar
      alter crypt_storage interface · a0540caf
      Ondrej Kozina authored
      rename sector_start -> iv_start (it's now a iv shift for subsequent
      en/decrypt operations)
      rename count -> length. We accept length in bytes now and perform sanity
      checks at the crypt_storage_init and crypt_storage_decrypt (or encrypt)
      rename sector -> offset. It's in bytes as well. Sanity checks inside
      crypt_storage functions.
  2. 01 Mar, 2019 1 commit
  3. 13 Feb, 2019 1 commit
    • Milan Broz's avatar
      Report error if no LUKS keyslots are available. · 787066c2
      Milan Broz authored
      Also fix LUKS1 keyslot function to proper return -ENOENT errno in this case.
      This change means, that user can distinguish between bad passphrase and
      no keyslot available. (But this information was avalilable with luksDump
      even before the change.)
  4. 07 Feb, 2019 1 commit
  5. 25 Jan, 2019 1 commit
  6. 07 Jan, 2019 1 commit
    • Ondrej Kozina's avatar
      dm backend with support for multi-segment devices. · 39a014f6
      Ondrej Kozina authored
      Support for multi-segment devices is requirement for online
      reencryption to work. Introducing modififed dm backend that
      splits data structures describing active device and individual
      dm target (or segment).
  7. 01 Jan, 2019 4 commits
  8. 11 Dec, 2018 1 commit
  9. 06 Dec, 2018 1 commit
    • Milan Broz's avatar
      Add crypt_set_data_offset API function. · 03edcd2b
      Milan Broz authored
      The crypt_set_data_offset sets the data offset for LUKS and LUKS2 devices
      to specified value in 512-byte sectors.
      This value should replace alignment calculation in LUKS param structures.
  10. 27 Nov, 2018 3 commits
  11. 25 Nov, 2018 1 commit
  12. 22 Nov, 2018 2 commits
  13. 18 Oct, 2018 1 commit
  14. 14 Oct, 2018 3 commits
    • Milan Broz's avatar
      Fix issues found by Coverity scan. · 27eaf46c
      Milan Broz authored
      - possible overflow of data offset calculation in wipe and
      - dereferencing of pointer in a keyring error path.
    • Milan Broz's avatar
      Fix some signed/unsigned comparison warnings. · 825fc895
      Milan Broz authored
    • Milan Broz's avatar
      Wipe full header areas (including unused) during LUKS format. · c2bce3e9
      Milan Broz authored
      All previous version of cryptsetup wiped only first 4k for LUKS1
      and both JSON areas for LUKS2 (first 32k) and the allocated
      keyslot area (as it contained the generated key).
      Remaining areas (unused keyslots, padding, and alignment) were
      not wiped and could contain some previous data.
      Since this commit, the whole area up to the data offset is zeroed,
      and subsequently, all keyslots areas are wiped with random data.
      Only exceptions are
       - padding/alignment areas for detached header
         if the data offset is set to 0
       - bogus LUKS1 keyslot areas (upstream code never
         created such keyslots but someone could use that).
      This operation could slow down luksFormat on some devices, but
      it guarantees that after this operation LUKS header does not
      contain any foreign data.
  15. 11 Oct, 2018 1 commit
  16. 25 Sep, 2018 1 commit
  17. 09 Aug, 2018 1 commit
  18. 21 Jul, 2018 1 commit
    • Rafael Fontenelle's avatar
      Fix typos · f35ec977
      Rafael Fontenelle authored
      A bunch of typos reported by codespell, most of them comments in the code
  19. 19 Jul, 2018 1 commit
    • Milan Broz's avatar
      Print verbose message about keyslot and token numbers. · eabd23f3
      Milan Broz authored
      Move all messages to cryptsetup tools and print these
      verbose messages:
        - Key slot X unlocked.
        - Key slot X created.
        - Key slot X removed.
        - Token X created.
        - Token X removed.
      Also print error, if unknown token is tried to be removed.
  20. 07 Jul, 2018 1 commit
    • joerichey@google.com's avatar
      Make all header files self-suffienct · 59b5f360
      joerichey@google.com authored
      Almost all the headers in cryptsetup are self-suffienct (in that they
      compile on their own). By including <stddef.h>, <stdint.h>, or
      <sys/types.h>, all headers will now compile on their own.
      This is useful for importing cryptsetup into Bazel/Blaze.
  21. 26 Apr, 2018 1 commit
  22. 06 Apr, 2018 1 commit
    • Milan Broz's avatar
      Check cipher before writing metadata (LUKS2). · 187170ec
      Milan Broz authored
      Some ciphers and key sizes created on-disk metadata that cannot be used.
      Use the same test for length-preserving cipher as LUKS1.
      Also check if key for integrity algorithm is not too small.
      Fixes #373.
  23. 25 Mar, 2018 1 commit
  24. 20 Jan, 2018 1 commit
  25. 19 Jan, 2018 1 commit
  26. 07 Dec, 2017 2 commits
  27. 06 Dec, 2017 1 commit
  28. 08 Nov, 2017 1 commit
  29. 12 Oct, 2017 1 commit
    • Milan Broz's avatar
      Use non-recursive automake. · d77bbe93
      Milan Broz authored
      This change also causes that now binaries and libraries are placed in
      build root directory.
      Now we can use subdir-objects for automake.
  30. 10 Oct, 2017 1 commit
  31. 24 Sep, 2017 1 commit