wagner [Thu, 6 Dec 2012 15:24:16 +0000 (16:24 +0100)]
synced with web-version
Milan Broz [Wed, 5 Dec 2012 19:43:06 +0000 (20:43 +0100)]
Add man page description for KDF benchmark.
Milan Broz [Wed, 5 Dec 2012 19:35:42 +0000 (20:35 +0100)]
Add PBKDF2 benchmark.
Milan Broz [Mon, 3 Dec 2012 15:14:56 +0000 (16:14 +0100)]
Use union instead of replicated attributes.
Milan Broz [Mon, 3 Dec 2012 12:23:14 +0000 (13:23 +0100)]
Document new basic commands open/close (and old syntax aliases).
Milan Broz [Sun, 2 Dec 2012 21:27:19 +0000 (22:27 +0100)]
Remove some gcc extra warnings (signed/unsigned problems etc).
Milan Broz [Sun, 2 Dec 2012 20:21:14 +0000 (21:21 +0100)]
Add TCRYPT documentation,
Milan Broz [Sun, 2 Dec 2012 19:27:45 +0000 (20:27 +0100)]
Add master key dump option for tcryptDump.
Milan Broz [Sun, 2 Dec 2012 19:11:10 +0000 (20:11 +0100)]
cryptsetup: remove useless arg for action functions.
Milan Broz [Sun, 2 Dec 2012 18:58:52 +0000 (19:58 +0100)]
Add new commands open/close and make aliases.
open aliases : create, plainOpen, luksOpen, loopaesOpen, tcryptOpen
close aliases: remove, plainClose, luksClose, loopaesClose, tcryptClose
Milan Broz [Sat, 1 Dec 2012 13:32:01 +0000 (14:32 +0100)]
Fix (stupid) crc32 keyfile endianess bug.
Milan Broz [Sat, 1 Dec 2012 12:43:59 +0000 (13:43 +0100)]
Add keyfiles tcrypt test.
Milan Broz [Fri, 30 Nov 2012 17:53:32 +0000 (18:53 +0100)]
And skip tcrypt api test if there is no af_alf kernel interface.
Milan Broz [Fri, 30 Nov 2012 17:41:10 +0000 (18:41 +0100)]
Add TCRYPT api test, fix some minor problems found.
Milan Broz [Fri, 30 Nov 2012 16:05:03 +0000 (17:05 +0100)]
Add missing pbkdf check file.
Milan Broz [Fri, 30 Nov 2012 14:08:39 +0000 (15:08 +0100)]
Add sys/types.h for loop wrapper (required on new systems).
Milan Broz [Fri, 30 Nov 2012 14:03:01 +0000 (15:03 +0100)]
Better tcrypt test options.
Milan Broz [Fri, 30 Nov 2012 12:52:03 +0000 (13:52 +0100)]
And fix previous comment once more... :)
Milan Broz [Fri, 30 Nov 2012 12:37:14 +0000 (13:37 +0100)]
Fix skcipher failure handling.
Milan Broz [Thu, 29 Nov 2012 17:01:02 +0000 (18:01 +0100)]
Handle kernel crypto api init failure better.
Milan Broz [Tue, 27 Nov 2012 18:13:56 +0000 (19:13 +0100)]
Fix po files.
Milan Broz [Tue, 27 Nov 2012 18:08:10 +0000 (19:08 +0100)]
TCRYPT: add simple test and image archive.
Milan Broz [Tue, 27 Nov 2012 16:13:53 +0000 (17:13 +0100)]
TCRYPT: fix activation and hidden device offsets.
Milan Broz [Mon, 26 Nov 2012 12:15:08 +0000 (13:15 +0100)]
TCRYPT: add backup header option.
Milan Broz [Sun, 25 Nov 2012 22:43:14 +0000 (23:43 +0100)]
Remove test dir during cleanup.
Milan Broz [Sun, 25 Nov 2012 21:53:11 +0000 (22:53 +0100)]
Fix blockwise read/write for end writes near end of device.
Ignore setpriority failure (will be remoced later anyway).
Milan Broz [Sun, 25 Nov 2012 01:23:46 +0000 (02:23 +0100)]
TCRYPT: simplify code, support blowfish chains for header
Milan Broz [Fri, 23 Nov 2012 16:31:41 +0000 (17:31 +0100)]
Remove trailing spaces from manpage, add usage and help option.
Milan Broz [Fri, 23 Nov 2012 16:10:57 +0000 (17:10 +0100)]
TCRYPT: add dump command
Milan Broz [Fri, 23 Nov 2012 14:20:46 +0000 (15:20 +0100)]
TCRYPT: support crypt_volume_key_get
Milan Broz [Fri, 23 Nov 2012 12:46:23 +0000 (13:46 +0100)]
TCRYPT: show proper device in status for chained mode
Milan Broz [Fri, 23 Nov 2012 12:01:43 +0000 (13:01 +0100)]
TCRYPT: move all header handling into library.
Add warning about unsupported modes.
Milan Broz [Thu, 22 Nov 2012 16:28:03 +0000 (17:28 +0100)]
TCRYPT: parse cipher chain on init.
Milan Broz [Thu, 22 Nov 2012 13:19:43 +0000 (14:19 +0100)]
TCRYPT: support proper device removal
Daniel Kahn Gillmor [Tue, 20 Nov 2012 18:43:28 +0000 (13:43 -0500)]
make default LUKS PBKDF2 iteration time configurable
Milan Broz [Sun, 18 Nov 2012 17:31:17 +0000 (18:31 +0100)]
TCRYPT: implement (most of) legacy modes support.
Milan Broz [Fri, 16 Nov 2012 13:57:05 +0000 (14:57 +0100)]
TCRYPT: support keyfiles
Milan Broz [Mon, 12 Nov 2012 22:31:32 +0000 (23:31 +0100)]
Add basic TCRYPT library.
Milan Broz [Thu, 8 Nov 2012 15:36:00 +0000 (16:36 +0100)]
Add simple cipher benchmarking.
Milan Broz [Wed, 7 Nov 2012 15:22:23 +0000 (16:22 +0100)]
Add kernel skcipher backend.
Milan Broz [Fri, 26 Oct 2012 16:29:40 +0000 (18:29 +0200)]
Add CRC32 implementation.
Milan Broz [Fri, 26 Oct 2012 16:17:06 +0000 (18:17 +0200)]
Move PBKDF2 into crypto backend wrapper.
Implement new KDF bechmark check.
Use internal openssl kdf (and prepare gcrypt one).
Milan Broz [Tue, 16 Oct 2012 20:35:14 +0000 (22:35 +0200)]
Add devel version.
Milan Broz [Tue, 16 Oct 2012 20:00:19 +0000 (22:00 +0200)]
Relnote addition.
Milan Broz [Sun, 14 Oct 2012 09:25:25 +0000 (11:25 +0200)]
Update some po files.
Milan Broz [Fri, 12 Oct 2012 12:18:56 +0000 (14:18 +0200)]
Version 1.5.1.
Milan Broz [Fri, 12 Oct 2012 11:18:22 +0000 (13:18 +0200)]
Check read & seek return codes, use uint64 offset.
Signed-off-by: Arno Wagner <wagner.arno@gmail.com>
Signed-off-by: Milan Broz <gmazyland@gmail.com>
Arno Wagner [Mon, 8 Oct 2012 02:08:18 +0000 (04:08 +0200)]
added keyslot checker Redesigned to only use public definitions
Signed-off-by: Arno Wagner <wagner.arno@gmail.com>
Milan Broz [Wed, 19 Sep 2012 13:57:56 +0000 (15:57 +0200)]
Increase library and package version.
Milan Broz [Wed, 19 Sep 2012 11:58:00 +0000 (13:58 +0200)]
Fix some problems found by Coverity static analysis.
Arno Wagner [Tue, 18 Sep 2012 21:30:38 +0000 (23:30 +0200)]
synced with wiki
Milan Broz [Tue, 11 Sep 2012 09:59:06 +0000 (11:59 +0200)]
Add crypt_keyslot_area() API call.
Useful if you want to analyze/wipe area of disk used for keyslot
from external tool.
Arno Wagner [Sun, 9 Sep 2012 00:51:58 +0000 (02:51 +0200)]
fixed typeo 94 -> 95 printable ASCII chars
Milan Broz [Thu, 30 Aug 2012 13:39:30 +0000 (15:39 +0200)]
Fix luksHeaderBackup for v1.0 (very old) headers and add some basic test.
Milan Broz [Thu, 30 Aug 2012 12:08:34 +0000 (14:08 +0200)]
Add some offset/keyslot offset checks.
Milan Broz [Tue, 28 Aug 2012 11:30:17 +0000 (13:30 +0200)]
Proper handle error in device block get.
Milan Broz [Tue, 28 Aug 2012 11:16:03 +0000 (13:16 +0200)]
Remove unused includes.
Milan Broz [Tue, 28 Aug 2012 11:11:02 +0000 (13:11 +0200)]
Replace round_up macro with function.
Milan Broz [Mon, 27 Aug 2012 14:52:19 +0000 (16:52 +0200)]
Move LUKS AF data sector alignment to AF helper function.
Milan Broz [Mon, 27 Aug 2012 13:47:40 +0000 (15:47 +0200)]
Always zero memory in crypt_safe_alloc.
Milan Broz [Mon, 27 Aug 2012 13:26:22 +0000 (15:26 +0200)]
Use AF_split_size() to calculate split data size.
Milan Broz [Mon, 27 Aug 2012 12:45:21 +0000 (14:45 +0200)]
Get rid of confusing LUKS_PHDR_SIZE macro.
Dave Reisner [Fri, 24 Aug 2012 21:45:25 +0000 (17:45 -0400)]
lib/utils_crypt: optimize seek to keyfile-offset
Avoid using unbuffered reads when "seeking" to a keyfile offset. This is
abysmally slow when the key is hidden at the end of a large device.
Instead, try to actually call lseek, falling back on reading in chunks
of BUFSIZ bytes until the desired offset is reached.
Command line:
cryptsetup luksOpen /dev/vdc1 home \
--keyfile /dev/vdd --keyfile-size 4096 --keyfile-offset
123456789
Before:
real 0m25.589s
user 0m7.030s
sys 0m18.479s
After:
real 0m4.464s
user 0m4.253s
sys 0m0.157s
Milan Broz [Mon, 27 Aug 2012 10:42:15 +0000 (12:42 +0200)]
Do not scan rotational flag for non-block devices / file images.
Arno Wagner [Fri, 24 Aug 2012 17:00:47 +0000 (19:00 +0200)]
added prominent note to use LUKS (not plain dm-crypt) unless
understanding the crypto well.
Arno Wagner [Fri, 24 Aug 2012 15:02:59 +0000 (17:02 +0200)]
synced with wiki
Milan Broz [Tue, 14 Aug 2012 14:53:02 +0000 (16:53 +0200)]
Set context for DM log for all DM backend entries.
Try to handle error if run as non-root user better.
Milan Broz [Tue, 14 Aug 2012 14:25:21 +0000 (16:25 +0200)]
Add context to DM helpers.
(To be used later.)
Milan Broz [Tue, 14 Aug 2012 13:54:31 +0000 (15:54 +0200)]
Modprobe kernel modules early in api-test.
Milan Broz [Mon, 13 Aug 2012 16:31:26 +0000 (18:31 +0200)]
Use common utils_tools.c for all tools.
Unify tool environment and deduplicate code.
Milan Broz [Mon, 13 Aug 2012 15:16:37 +0000 (17:16 +0200)]
Remove debug line.
Milan Broz [Mon, 13 Aug 2012 14:54:41 +0000 (16:54 +0200)]
Print better error message if device is read-only etc.
Milan Broz [Sun, 12 Aug 2012 20:49:42 +0000 (22:49 +0200)]
Create hash image if doesn't exist in veritysetup format.
Milan Broz [Sun, 12 Aug 2012 19:56:09 +0000 (21:56 +0200)]
New device access backend.
Allocate loop device late (only when real block device needed).
Rework underlying device/file access functions.
Move all device (and ioctl) access to utils_device.c.
Allows using file where appropriate without allocation loop device.
Milan Broz [Fri, 3 Aug 2012 13:27:59 +0000 (15:27 +0200)]
Fix dracut example.
Arno Wagner [Thu, 2 Aug 2012 13:58:36 +0000 (15:58 +0200)]
update to current WIKI version
Milan Broz [Thu, 2 Aug 2012 10:51:28 +0000 (12:51 +0200)]
Fix some issues in dict example.
Milan Broz [Mon, 23 Jul 2012 13:00:28 +0000 (15:00 +0200)]
Be sure verity module is loaded in test.
Milan Broz [Fri, 20 Jul 2012 13:36:16 +0000 (15:36 +0200)]
Better define comment lines for for dict example.
Milan Broz [Fri, 20 Jul 2012 12:51:51 +0000 (14:51 +0200)]
Clear dict example a little bit.
Milan Broz [Thu, 19 Jul 2012 22:15:20 +0000 (00:15 +0200)]
Add example of dictionary search.
Milan Broz [Thu, 12 Jul 2012 19:11:33 +0000 (21:11 +0200)]
Use fixed dir (old dracut lib...)
Milan Broz [Thu, 12 Jul 2012 17:21:22 +0000 (19:21 +0200)]
Add key option to dracut example.
Milan Broz [Thu, 12 Jul 2012 10:53:26 +0000 (12:53 +0200)]
Skip multikey if not supported (e.g. FIPS mode - md5 for IV not available).
Milan Broz [Tue, 10 Jul 2012 18:20:27 +0000 (20:20 +0200)]
Version 1.5.0.
Milan Broz [Tue, 10 Jul 2012 17:59:44 +0000 (19:59 +0200)]
Update example files for new dracut.
Milan Broz [Tue, 10 Jul 2012 11:09:35 +0000 (13:09 +0200)]
Update release notes.
Milan Broz [Tue, 10 Jul 2012 10:54:22 +0000 (12:54 +0200)]
Version 1.5.0.
Milan Broz [Tue, 10 Jul 2012 10:53:32 +0000 (12:53 +0200)]
Add example of dracut module for reencryption.
Milan Broz [Tue, 10 Jul 2012 08:15:40 +0000 (10:15 +0200)]
Add module load to test.
Milan Broz [Mon, 9 Jul 2012 17:30:25 +0000 (19:30 +0200)]
Fix library name for FIPS check.
Milan Broz [Mon, 9 Jul 2012 17:04:39 +0000 (19:04 +0200)]
Add link to upstream tracker.
Milan Broz [Mon, 9 Jul 2012 16:47:05 +0000 (18:47 +0200)]
Fix libcryptsetup.h docs for verity type.
Milan Broz [Mon, 9 Jul 2012 16:09:51 +0000 (18:09 +0200)]
Add some verity api test.
Fix set_data_device bug it uncovered.
Fix api-test for nonFIPS hash.
Milan Broz [Sun, 8 Jul 2012 18:29:30 +0000 (20:29 +0200)]
Remove utils_debug from pot.
Milan Broz [Thu, 28 Jun 2012 08:16:49 +0000 (10:16 +0200)]
Fix password length unit in configure.
Milan Broz [Wed, 27 Jun 2012 19:28:11 +0000 (21:28 +0200)]
Use resume instead of restart.
Petr Písař [Tue, 26 Jun 2012 18:41:16 +0000 (20:41 +0200)]
Pass help text to popt already translated
popt does not process the text registered by poptSetOtherOptionHelp()
through gettext on its own. Application must do it.
Milan Broz [Tue, 26 Jun 2012 12:33:08 +0000 (14:33 +0200)]
Update po files.
Milan Broz [Tue, 26 Jun 2012 10:55:14 +0000 (12:55 +0200)]
Remove open device debugging feature (no longer needed).