Milan Broz [Wed, 19 Dec 2012 16:25:11 +0000 (17:25 +0100)]
Add optional libpwquality support for new LUKS passwords.
If password is entered through terminal (no keyfile specified)
and cryptsetup is compiled with --enable-pwquality, default
system pwquality settings are used to check password quality.
Milan Broz [Wed, 19 Dec 2012 14:27:29 +0000 (15:27 +0100)]
Prepare cryptsetup functions for pwquality check.
Milan Broz [Wed, 19 Dec 2012 12:19:05 +0000 (13:19 +0100)]
Fix regression in header backup (1.5.1).
Access to backup file must handle write to regular files too.
Milan Broz [Mon, 17 Dec 2012 15:10:39 +0000 (16:10 +0100)]
Fix time of check/use Coverity report in cryptsetup-reencrypt.
Milan Broz [Mon, 17 Dec 2012 14:50:42 +0000 (15:50 +0100)]
Fix time of check/use Coverity report in veritysetup.
Milan Broz [Mon, 17 Dec 2012 14:35:33 +0000 (15:35 +0100)]
Fix time of check/use Coverity report (and ignore another) in loop/wipe utils.
Milan Broz [Mon, 17 Dec 2012 14:19:57 +0000 (15:19 +0100)]
Fix time of check/use Coverity report (and ignore another) in device utils.
Milan Broz [Mon, 17 Dec 2012 13:05:45 +0000 (14:05 +0100)]
Do not use stat for backup commands.
Milan Broz [Mon, 17 Dec 2012 08:54:10 +0000 (09:54 +0100)]
Add fixme for ETA calculation.
Milan Broz [Fri, 14 Dec 2012 13:48:36 +0000 (14:48 +0100)]
Add verbose messages during reencryption to avoid confusion.
Milan Broz [Tue, 11 Dec 2012 18:01:46 +0000 (19:01 +0100)]
Handle signals in tool context.
Milan Broz [Tue, 11 Dec 2012 14:40:42 +0000 (15:40 +0100)]
Move signal handling into common utils code.
Milan Broz [Tue, 11 Dec 2012 14:39:47 +0000 (15:39 +0100)]
Remove signal handling from LUKS keyencryption and simplify code.
Milan Broz [Mon, 10 Dec 2012 16:47:06 +0000 (17:47 +0100)]
Get page size should never fail (in the works case it fails later with wrong alignment).
Milan Broz [Mon, 10 Dec 2012 16:28:52 +0000 (17:28 +0100)]
Fix some problems found by Coverity scan.
Milan Broz [Mon, 10 Dec 2012 15:36:22 +0000 (16:36 +0100)]
TCRYPT: properly wipe all buffers; use prefix for all functions.
Milan Broz [Sat, 8 Dec 2012 00:31:38 +0000 (01:31 +0100)]
Require params for crypt_load & TCRYPT type.
Milan Broz [Fri, 7 Dec 2012 14:57:00 +0000 (15:57 +0100)]
Merge branch 'master' of https://code.google.com/p/cryptsetup
Milan Broz [Fri, 7 Dec 2012 14:55:56 +0000 (15:55 +0100)]
Disallow header restore if context is nonLUKS device.
Milan Broz [Fri, 7 Dec 2012 14:29:44 +0000 (15:29 +0100)]
Move change key into library (add crypt_keyslot_change_by_passphrase).
This change is useful mainly in FIPS mode, where we cannot
extract volume key directly from libcryptsetup.
wagner [Thu, 6 Dec 2012 15:24:16 +0000 (16:24 +0100)]
synced with web-version
Milan Broz [Wed, 5 Dec 2012 19:43:06 +0000 (20:43 +0100)]
Add man page description for KDF benchmark.
Milan Broz [Wed, 5 Dec 2012 19:35:42 +0000 (20:35 +0100)]
Add PBKDF2 benchmark.
Milan Broz [Mon, 3 Dec 2012 15:14:56 +0000 (16:14 +0100)]
Use union instead of replicated attributes.
Milan Broz [Mon, 3 Dec 2012 12:23:14 +0000 (13:23 +0100)]
Document new basic commands open/close (and old syntax aliases).
Milan Broz [Sun, 2 Dec 2012 21:27:19 +0000 (22:27 +0100)]
Remove some gcc extra warnings (signed/unsigned problems etc).
Milan Broz [Sun, 2 Dec 2012 20:21:14 +0000 (21:21 +0100)]
Add TCRYPT documentation,
Milan Broz [Sun, 2 Dec 2012 19:27:45 +0000 (20:27 +0100)]
Add master key dump option for tcryptDump.
Milan Broz [Sun, 2 Dec 2012 19:11:10 +0000 (20:11 +0100)]
cryptsetup: remove useless arg for action functions.
Milan Broz [Sun, 2 Dec 2012 18:58:52 +0000 (19:58 +0100)]
Add new commands open/close and make aliases.
open aliases : create, plainOpen, luksOpen, loopaesOpen, tcryptOpen
close aliases: remove, plainClose, luksClose, loopaesClose, tcryptClose
Milan Broz [Sat, 1 Dec 2012 13:32:01 +0000 (14:32 +0100)]
Fix (stupid) crc32 keyfile endianess bug.
Milan Broz [Sat, 1 Dec 2012 12:43:59 +0000 (13:43 +0100)]
Add keyfiles tcrypt test.
Milan Broz [Fri, 30 Nov 2012 17:53:32 +0000 (18:53 +0100)]
And skip tcrypt api test if there is no af_alf kernel interface.
Milan Broz [Fri, 30 Nov 2012 17:41:10 +0000 (18:41 +0100)]
Add TCRYPT api test, fix some minor problems found.
Milan Broz [Fri, 30 Nov 2012 16:05:03 +0000 (17:05 +0100)]
Add missing pbkdf check file.
Milan Broz [Fri, 30 Nov 2012 14:08:39 +0000 (15:08 +0100)]
Add sys/types.h for loop wrapper (required on new systems).
Milan Broz [Fri, 30 Nov 2012 14:03:01 +0000 (15:03 +0100)]
Better tcrypt test options.
Milan Broz [Fri, 30 Nov 2012 12:52:03 +0000 (13:52 +0100)]
And fix previous comment once more... :)
Milan Broz [Fri, 30 Nov 2012 12:37:14 +0000 (13:37 +0100)]
Fix skcipher failure handling.
Milan Broz [Thu, 29 Nov 2012 17:01:02 +0000 (18:01 +0100)]
Handle kernel crypto api init failure better.
Milan Broz [Tue, 27 Nov 2012 18:13:56 +0000 (19:13 +0100)]
Fix po files.
Milan Broz [Tue, 27 Nov 2012 18:08:10 +0000 (19:08 +0100)]
TCRYPT: add simple test and image archive.
Milan Broz [Tue, 27 Nov 2012 16:13:53 +0000 (17:13 +0100)]
TCRYPT: fix activation and hidden device offsets.
Milan Broz [Mon, 26 Nov 2012 12:15:08 +0000 (13:15 +0100)]
TCRYPT: add backup header option.
Milan Broz [Sun, 25 Nov 2012 22:43:14 +0000 (23:43 +0100)]
Remove test dir during cleanup.
Milan Broz [Sun, 25 Nov 2012 21:53:11 +0000 (22:53 +0100)]
Fix blockwise read/write for end writes near end of device.
Ignore setpriority failure (will be remoced later anyway).
Milan Broz [Sun, 25 Nov 2012 01:23:46 +0000 (02:23 +0100)]
TCRYPT: simplify code, support blowfish chains for header
Milan Broz [Fri, 23 Nov 2012 16:31:41 +0000 (17:31 +0100)]
Remove trailing spaces from manpage, add usage and help option.
Milan Broz [Fri, 23 Nov 2012 16:10:57 +0000 (17:10 +0100)]
TCRYPT: add dump command
Milan Broz [Fri, 23 Nov 2012 14:20:46 +0000 (15:20 +0100)]
TCRYPT: support crypt_volume_key_get
Milan Broz [Fri, 23 Nov 2012 12:46:23 +0000 (13:46 +0100)]
TCRYPT: show proper device in status for chained mode
Milan Broz [Fri, 23 Nov 2012 12:01:43 +0000 (13:01 +0100)]
TCRYPT: move all header handling into library.
Add warning about unsupported modes.
Milan Broz [Thu, 22 Nov 2012 16:28:03 +0000 (17:28 +0100)]
TCRYPT: parse cipher chain on init.
Milan Broz [Thu, 22 Nov 2012 13:19:43 +0000 (14:19 +0100)]
TCRYPT: support proper device removal
Daniel Kahn Gillmor [Tue, 20 Nov 2012 18:43:28 +0000 (13:43 -0500)]
make default LUKS PBKDF2 iteration time configurable
Milan Broz [Sun, 18 Nov 2012 17:31:17 +0000 (18:31 +0100)]
TCRYPT: implement (most of) legacy modes support.
Milan Broz [Fri, 16 Nov 2012 13:57:05 +0000 (14:57 +0100)]
TCRYPT: support keyfiles
Milan Broz [Mon, 12 Nov 2012 22:31:32 +0000 (23:31 +0100)]
Add basic TCRYPT library.
Milan Broz [Thu, 8 Nov 2012 15:36:00 +0000 (16:36 +0100)]
Add simple cipher benchmarking.
Milan Broz [Wed, 7 Nov 2012 15:22:23 +0000 (16:22 +0100)]
Add kernel skcipher backend.
Milan Broz [Fri, 26 Oct 2012 16:29:40 +0000 (18:29 +0200)]
Add CRC32 implementation.
Milan Broz [Fri, 26 Oct 2012 16:17:06 +0000 (18:17 +0200)]
Move PBKDF2 into crypto backend wrapper.
Implement new KDF bechmark check.
Use internal openssl kdf (and prepare gcrypt one).
Milan Broz [Tue, 16 Oct 2012 20:35:14 +0000 (22:35 +0200)]
Add devel version.
Milan Broz [Tue, 16 Oct 2012 20:00:19 +0000 (22:00 +0200)]
Relnote addition.
Milan Broz [Sun, 14 Oct 2012 09:25:25 +0000 (11:25 +0200)]
Update some po files.
Milan Broz [Fri, 12 Oct 2012 12:18:56 +0000 (14:18 +0200)]
Version 1.5.1.
Milan Broz [Fri, 12 Oct 2012 11:18:22 +0000 (13:18 +0200)]
Check read & seek return codes, use uint64 offset.
Signed-off-by: Arno Wagner <wagner.arno@gmail.com>
Signed-off-by: Milan Broz <gmazyland@gmail.com>
Arno Wagner [Mon, 8 Oct 2012 02:08:18 +0000 (04:08 +0200)]
added keyslot checker Redesigned to only use public definitions
Signed-off-by: Arno Wagner <wagner.arno@gmail.com>
Milan Broz [Wed, 19 Sep 2012 13:57:56 +0000 (15:57 +0200)]
Increase library and package version.
Milan Broz [Wed, 19 Sep 2012 11:58:00 +0000 (13:58 +0200)]
Fix some problems found by Coverity static analysis.
Arno Wagner [Tue, 18 Sep 2012 21:30:38 +0000 (23:30 +0200)]
synced with wiki
Milan Broz [Tue, 11 Sep 2012 09:59:06 +0000 (11:59 +0200)]
Add crypt_keyslot_area() API call.
Useful if you want to analyze/wipe area of disk used for keyslot
from external tool.
Arno Wagner [Sun, 9 Sep 2012 00:51:58 +0000 (02:51 +0200)]
fixed typeo 94 -> 95 printable ASCII chars
Milan Broz [Thu, 30 Aug 2012 13:39:30 +0000 (15:39 +0200)]
Fix luksHeaderBackup for v1.0 (very old) headers and add some basic test.
Milan Broz [Thu, 30 Aug 2012 12:08:34 +0000 (14:08 +0200)]
Add some offset/keyslot offset checks.
Milan Broz [Tue, 28 Aug 2012 11:30:17 +0000 (13:30 +0200)]
Proper handle error in device block get.
Milan Broz [Tue, 28 Aug 2012 11:16:03 +0000 (13:16 +0200)]
Remove unused includes.
Milan Broz [Tue, 28 Aug 2012 11:11:02 +0000 (13:11 +0200)]
Replace round_up macro with function.
Milan Broz [Mon, 27 Aug 2012 14:52:19 +0000 (16:52 +0200)]
Move LUKS AF data sector alignment to AF helper function.
Milan Broz [Mon, 27 Aug 2012 13:47:40 +0000 (15:47 +0200)]
Always zero memory in crypt_safe_alloc.
Milan Broz [Mon, 27 Aug 2012 13:26:22 +0000 (15:26 +0200)]
Use AF_split_size() to calculate split data size.
Milan Broz [Mon, 27 Aug 2012 12:45:21 +0000 (14:45 +0200)]
Get rid of confusing LUKS_PHDR_SIZE macro.
Dave Reisner [Fri, 24 Aug 2012 21:45:25 +0000 (17:45 -0400)]
lib/utils_crypt: optimize seek to keyfile-offset
Avoid using unbuffered reads when "seeking" to a keyfile offset. This is
abysmally slow when the key is hidden at the end of a large device.
Instead, try to actually call lseek, falling back on reading in chunks
of BUFSIZ bytes until the desired offset is reached.
Command line:
cryptsetup luksOpen /dev/vdc1 home \
--keyfile /dev/vdd --keyfile-size 4096 --keyfile-offset
123456789
Before:
real 0m25.589s
user 0m7.030s
sys 0m18.479s
After:
real 0m4.464s
user 0m4.253s
sys 0m0.157s
Milan Broz [Mon, 27 Aug 2012 10:42:15 +0000 (12:42 +0200)]
Do not scan rotational flag for non-block devices / file images.
Arno Wagner [Fri, 24 Aug 2012 17:00:47 +0000 (19:00 +0200)]
added prominent note to use LUKS (not plain dm-crypt) unless
understanding the crypto well.
Arno Wagner [Fri, 24 Aug 2012 15:02:59 +0000 (17:02 +0200)]
synced with wiki
Milan Broz [Tue, 14 Aug 2012 14:53:02 +0000 (16:53 +0200)]
Set context for DM log for all DM backend entries.
Try to handle error if run as non-root user better.
Milan Broz [Tue, 14 Aug 2012 14:25:21 +0000 (16:25 +0200)]
Add context to DM helpers.
(To be used later.)
Milan Broz [Tue, 14 Aug 2012 13:54:31 +0000 (15:54 +0200)]
Modprobe kernel modules early in api-test.
Milan Broz [Mon, 13 Aug 2012 16:31:26 +0000 (18:31 +0200)]
Use common utils_tools.c for all tools.
Unify tool environment and deduplicate code.
Milan Broz [Mon, 13 Aug 2012 15:16:37 +0000 (17:16 +0200)]
Remove debug line.
Milan Broz [Mon, 13 Aug 2012 14:54:41 +0000 (16:54 +0200)]
Print better error message if device is read-only etc.
Milan Broz [Sun, 12 Aug 2012 20:49:42 +0000 (22:49 +0200)]
Create hash image if doesn't exist in veritysetup format.
Milan Broz [Sun, 12 Aug 2012 19:56:09 +0000 (21:56 +0200)]
New device access backend.
Allocate loop device late (only when real block device needed).
Rework underlying device/file access functions.
Move all device (and ioctl) access to utils_device.c.
Allows using file where appropriate without allocation loop device.
Milan Broz [Fri, 3 Aug 2012 13:27:59 +0000 (15:27 +0200)]
Fix dracut example.
Arno Wagner [Thu, 2 Aug 2012 13:58:36 +0000 (15:58 +0200)]
update to current WIKI version
Milan Broz [Thu, 2 Aug 2012 10:51:28 +0000 (12:51 +0200)]
Fix some issues in dict example.
Milan Broz [Mon, 23 Jul 2012 13:00:28 +0000 (15:00 +0200)]
Be sure verity module is loaded in test.
Milan Broz [Fri, 20 Jul 2012 13:36:16 +0000 (15:36 +0200)]
Better define comment lines for for dict example.
Milan Broz [Fri, 20 Jul 2012 12:51:51 +0000 (14:51 +0200)]
Clear dict example a little bit.