kernel module. These include plain dm-crypt volumes, LUKS volumes, loop-AES and TrueCrypt compatible format.
| api-test-2.c (cryptsetup-2.4.2.tar.xz) | : | api-test-2.c (cryptsetup-2.4.3.tar.xz) |
|---|
| | |
| skipping to change at line 3806 | | skipping to change at line 3806 |
|---|
| | |
| flags = CRYPT_ACTIVATE_ALLOW_DISCARDS | CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_
CPUS; | | flags = CRYPT_ACTIVATE_ALLOW_DISCARDS | CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_
CPUS; |
| OK_(crypt_persistent_flags_set(cd, CRYPT_FLAGS_ACTIVATION, flags)); | | OK_(crypt_persistent_flags_set(cd, CRYPT_FLAGS_ACTIVATION, flags)); |
| flags = (uint32_t)~0; | | flags = (uint32_t)~0; |
| OK_(crypt_persistent_flags_get(cd, CRYPT_FLAGS_ACTIVATION, &flags)); | | OK_(crypt_persistent_flags_get(cd, CRYPT_FLAGS_ACTIVATION, &flags)); |
| EQ_(flags,CRYPT_ACTIVATE_ALLOW_DISCARDS | CRYPT_ACTIVATE_SUBMIT_FROM_CRYP
T_CPUS); | | EQ_(flags,CRYPT_ACTIVATE_ALLOW_DISCARDS | CRYPT_ACTIVATE_SUBMIT_FROM_CRYP
T_CPUS); |
| | |
| CRYPT_FREE(cd); | | CRYPT_FREE(cd); |
| } | | } |
| | |
|
| | #if KERNEL_KEYRING && USE_LUKS2_REENCRYPTION |
| static int test_progress(uint64_t size __attribute__((unused)), | | static int test_progress(uint64_t size __attribute__((unused)), |
| uint64_t offset __attribute__((unused)), | | uint64_t offset __attribute__((unused)), |
| void *usrptr __attribute__((unused))) | | void *usrptr __attribute__((unused))) |
| { | | { |
| while (--test_progress_steps) | | while (--test_progress_steps) |
| return 0; | | return 0; |
| return 1; | | return 1; |
| } | | } |
| | |
| static void Luks2Reencryption(void) | | static void Luks2Reencryption(void) |
| { | | { |
| /* reencryption currently depends on kernel keyring support */ | | /* reencryption currently depends on kernel keyring support */ |
|
| #if KERNEL_KEYRING | | |
| /* NOTES: | | /* NOTES: |
| * - reencryption requires luks2 parameters. can we avoid it? | | * - reencryption requires luks2 parameters. can we avoid it? |
| */ | | */ |
| uint32_t getflags; | | uint32_t getflags; |
| uint64_t r_header_size, r_size_1; | | uint64_t r_header_size, r_size_1; |
| struct crypt_active_device cad; | | struct crypt_active_device cad; |
| struct crypt_pbkdf_type pbkdf = { | | struct crypt_pbkdf_type pbkdf = { |
| .type = CRYPT_KDF_ARGON2I, | | .type = CRYPT_KDF_ARGON2I, |
| .hash = "sha256", | | .hash = "sha256", |
| .parallel_threads = 1, | | .parallel_threads = 1, |
| | |
| skipping to change at line 4239 | | skipping to change at line 4239 |
|---|
| EQ_(retparams.data_shift, 8192); | | EQ_(retparams.data_shift, 8192); |
| EQ_(retparams.flags & CRYPT_REENCRYPT_MOVE_FIRST_SEGMENT, CRYPT_REENCRYPT
_MOVE_FIRST_SEGMENT); | | EQ_(retparams.flags & CRYPT_REENCRYPT_MOVE_FIRST_SEGMENT, CRYPT_REENCRYPT
_MOVE_FIRST_SEGMENT); |
| EQ_(crypt_get_data_offset(cd), 8192); | | EQ_(crypt_get_data_offset(cd), 8192); |
| rparams.flags = CRYPT_REENCRYPT_RESUME_ONLY; | | rparams.flags = CRYPT_REENCRYPT_RESUME_ONLY; |
| EQ_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSP
HRASE), CRYPT_ANY_SLOT, 30, NULL, NULL, &rparams), 0); | | EQ_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSP
HRASE), CRYPT_ANY_SLOT, 30, NULL, NULL, &rparams), 0); |
| OK_(crypt_reencrypt_run(cd, NULL, NULL)); | | OK_(crypt_reencrypt_run(cd, NULL, NULL)); |
| CRYPT_FREE(cd); | | CRYPT_FREE(cd); |
| | |
| _cleanup_dmdevices(); | | _cleanup_dmdevices(); |
| OK_(create_dmdevice_over_loop(H_DEVICE, r_header_size)); | | OK_(create_dmdevice_over_loop(H_DEVICE, r_header_size)); |
|
| OK_(create_dmdevice_over_loop(L_DEVICE_OK, 12*1024*2+1)); | | OK_(create_dmdevice_over_loop(L_DEVICE_OK, 8*1024*2+1)); |
| | |
| /* encryption with datashift and moved segment (data shift + 1 sector) */ | | /* encryption with datashift and moved segment (data shift + 1 sector) */ |
| OK_(crypt_init(&cd, DMDIR H_DEVICE)); | | OK_(crypt_init(&cd, DMDIR H_DEVICE)); |
| rparams.flags = CRYPT_REENCRYPT_INITIALIZE_ONLY | CRYPT_REENCRYPT_MOVE_FI
RST_SEGMENT; | | rparams.flags = CRYPT_REENCRYPT_INITIALIZE_ONLY | CRYPT_REENCRYPT_MOVE_FI
RST_SEGMENT; |
| OK_(crypt_set_data_offset(cd, 8192)); | | OK_(crypt_set_data_offset(cd, 8192)); |
| OK_(crypt_format(cd, CRYPT_LUKS2, "aes", "xts-plain64", NULL, NULL, 64, &
params2)); | | OK_(crypt_format(cd, CRYPT_LUKS2, "aes", "xts-plain64", NULL, NULL, 64, &
params2)); |
| EQ_(crypt_keyslot_add_by_volume_key(cd, 30, NULL, 64, PASSPHRASE, strlen(
PASSPHRASE)), 30); | | EQ_(crypt_keyslot_add_by_volume_key(cd, 30, NULL, 64, PASSPHRASE, strlen(
PASSPHRASE)), 30); |
| EQ_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSP
HRASE), CRYPT_ANY_SLOT, 30, "aes", "xts-plain64", &rparams), 0); | | EQ_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSP
HRASE), CRYPT_ANY_SLOT, 30, "aes", "xts-plain64", &rparams), 0); |
| CRYPT_FREE(cd); | | CRYPT_FREE(cd); |
| OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); | | OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); |
| OK_(crypt_header_restore(cd, CRYPT_LUKS2, DMDIR H_DEVICE)); | | OK_(crypt_header_restore(cd, CRYPT_LUKS2, DMDIR H_DEVICE)); |
| EQ_(crypt_get_data_offset(cd), 8192); | | EQ_(crypt_get_data_offset(cd), 8192); |
| rparams.flags = CRYPT_REENCRYPT_RESUME_ONLY; | | rparams.flags = CRYPT_REENCRYPT_RESUME_ONLY; |
| EQ_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSP
HRASE), CRYPT_ANY_SLOT, 30, NULL, NULL, &rparams), 0); | | EQ_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSP
HRASE), CRYPT_ANY_SLOT, 30, NULL, NULL, &rparams), 0); |
| OK_(crypt_reencrypt_run(cd, NULL, NULL)); | | OK_(crypt_reencrypt_run(cd, NULL, NULL)); |
| CRYPT_FREE(cd); | | CRYPT_FREE(cd); |
| | |
| _cleanup_dmdevices(); | | _cleanup_dmdevices(); |
| OK_(create_dmdevice_over_loop(H_DEVICE, r_header_size)); | | OK_(create_dmdevice_over_loop(H_DEVICE, r_header_size)); |
|
| OK_(create_dmdevice_over_loop(L_DEVICE_OK, 12*1024*2)); | | OK_(create_dmdevice_over_loop(L_DEVICE_OK, 2*8200)); |
| | |
| OK_(crypt_init(&cd, DMDIR H_DEVICE)); | | OK_(crypt_init(&cd, DMDIR H_DEVICE)); |
| | |
|
| /* encryption with datashift and moved segment (data shift + data offset
> device size) */ | | /* encryption with datashift and moved segment (data shift + data offset
<= device size) */ |
| memset(&rparams, 0, sizeof(rparams)); | | memset(&rparams, 0, sizeof(rparams)); |
| params2.sector_size = 512; | | params2.sector_size = 512; |
| params2.data_device = DMDIR L_DEVICE_OK; | | params2.data_device = DMDIR L_DEVICE_OK; |
| rparams.mode = CRYPT_REENCRYPT_ENCRYPT; | | rparams.mode = CRYPT_REENCRYPT_ENCRYPT; |
| rparams.direction = CRYPT_REENCRYPT_BACKWARD; | | rparams.direction = CRYPT_REENCRYPT_BACKWARD; |
| rparams.resilience = "datashift"; | | rparams.resilience = "datashift"; |
| rparams.data_shift = 8200; | | rparams.data_shift = 8200; |
| rparams.luks2 = ¶ms2; | | rparams.luks2 = ¶ms2; |
| rparams.flags = CRYPT_REENCRYPT_INITIALIZE_ONLY | CRYPT_REENCRYPT_MOVE_FI
RST_SEGMENT; | | rparams.flags = CRYPT_REENCRYPT_INITIALIZE_ONLY | CRYPT_REENCRYPT_MOVE_FI
RST_SEGMENT; |
| OK_(crypt_set_data_offset(cd, 8200)); | | OK_(crypt_set_data_offset(cd, 8200)); |
| | |
| skipping to change at line 4539 | | skipping to change at line 4539 |
|---|
| EQ_(crypt_keyslot_add_by_key(cd, 9, key, key_size, PASSPHRASE, strlen(PAS
SPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 9); | | EQ_(crypt_keyslot_add_by_key(cd, 9, key, key_size, PASSPHRASE, strlen(PAS
SPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 9); |
| EQ_(crypt_keyslot_add_by_key(cd, 10, key, key_size, PASSPHRASE, strlen(PA
SSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT | CRYPT_VOLUME_KEY_DIGEST_REUSE ), 10); | | EQ_(crypt_keyslot_add_by_key(cd, 10, key, key_size, PASSPHRASE, strlen(PA
SSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT | CRYPT_VOLUME_KEY_DIGEST_REUSE ), 10); |
| OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSP
HRASE), 3, 9, "aes", "xts-plain64", &rparams)); | | OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSP
HRASE), 3, 9, "aes", "xts-plain64", &rparams)); |
| OK_(crypt_reencrypt_run(cd, NULL, NULL)); | | OK_(crypt_reencrypt_run(cd, NULL, NULL)); |
| OK_(crypt_activate_by_volume_key(cd, NULL, key, key_size, 0)); | | OK_(crypt_activate_by_volume_key(cd, NULL, key, key_size, 0)); |
| OK_(crypt_keyslot_destroy(cd, 9)); | | OK_(crypt_keyslot_destroy(cd, 9)); |
| OK_(crypt_activate_by_volume_key(cd, NULL, key, key_size, 0)); | | OK_(crypt_activate_by_volume_key(cd, NULL, key, key_size, 0)); |
| crypt_free(cd); | | crypt_free(cd); |
| | |
| _cleanup_dmdevices(); | | _cleanup_dmdevices(); |
|
| #endif | | |
| } | | } |
|
| | #endif |
| | |
| static void Luks2Repair(void) | | static void Luks2Repair(void) |
| { | | { |
| char rollback[256]; | | char rollback[256]; |
| | |
| snprintf(rollback, sizeof(rollback), | | snprintf(rollback, sizeof(rollback), |
| "dd if=" IMAGE_PV_LUKS2_SEC ".bcp of=%s bs=1M 2>/dev/null", | | "dd if=" IMAGE_PV_LUKS2_SEC ".bcp of=%s bs=1M 2>/dev/null", |
| DEVICE_6); | | DEVICE_6); |
| | |
| OK_(crypt_init(&cd, DEVICE_6)); | | OK_(crypt_init(&cd, DEVICE_6)); |
| | |
| skipping to change at line 4656 | | skipping to change at line 4656 |
|---|
| RUN_(TokenActivationByKeyring, "Builtin kernel keyring token"); | | RUN_(TokenActivationByKeyring, "Builtin kernel keyring token"); |
| RUN_(LuksConvert, "LUKS1 <-> LUKS2 conversions"); | | RUN_(LuksConvert, "LUKS1 <-> LUKS2 conversions"); |
| RUN_(Pbkdf, "Default PBKDF manipulation routines"); | | RUN_(Pbkdf, "Default PBKDF manipulation routines"); |
| RUN_(Luks2KeyslotParams, "Add a new keyslot with different encryption"); | | RUN_(Luks2KeyslotParams, "Add a new keyslot with different encryption"); |
| RUN_(Luks2KeyslotAdd, "Add a new keyslot by unused key"); | | RUN_(Luks2KeyslotAdd, "Add a new keyslot by unused key"); |
| RUN_(Luks2ActivateByKeyring, "LUKS2 activation by passphrase in keyring")
; | | RUN_(Luks2ActivateByKeyring, "LUKS2 activation by passphrase in keyring")
; |
| RUN_(Luks2Requirements, "LUKS2 requirements flags"); | | RUN_(Luks2Requirements, "LUKS2 requirements flags"); |
| RUN_(Luks2Integrity, "LUKS2 with data integrity"); | | RUN_(Luks2Integrity, "LUKS2 with data integrity"); |
| RUN_(Luks2Refresh, "Active device table refresh"); | | RUN_(Luks2Refresh, "Active device table refresh"); |
| RUN_(Luks2Flags, "LUKS2 persistent flags"); | | RUN_(Luks2Flags, "LUKS2 persistent flags"); |
|
| | #if KERNEL_KEYRING && USE_LUKS2_REENCRYPTION |
| RUN_(Luks2Reencryption, "LUKS2 reencryption"); | | RUN_(Luks2Reencryption, "LUKS2 reencryption"); |
|
| | #endif |
| RUN_(Luks2Repair, "LUKS2 repair"); // test disables metadata locking. Run
always last! | | RUN_(Luks2Repair, "LUKS2 repair"); // test disables metadata locking. Run
always last! |
| | |
| _cleanup(); | | _cleanup(); |
| return 0; | | return 0; |
| } | | } |
| | | |
| End of changes. 9 change blocks. |
|---|
| 5 lines changed or deleted | | 7 lines changed or added |
|---|
"Fossies" - the Fresh Open Source Software Archive 