-
Notifications
You must be signed in to change notification settings - Fork 54
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for VeraCrypt volumes and extend support for TCRYPT volumes #320
Changes from all commits
9a7f054
1d2b82c
b1782c3
50ef01f
74f4227
eb54aeb
69a3223
42dfbfe
08a09b7
2d15e2d
b8d8bd7
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -6,6 +6,10 @@ | |
|
||
#define BD_CRYPTO_LUKS_METADATA_SIZE (2 MiB) | ||
|
||
#define BD_CRYPTO_CHI_SQUARE_LOWER_LIMIT 136 | ||
#define BD_CRYPTO_CHI_SQUARE_UPPER_LIMIT 426 | ||
#define BD_CRYPTO_CHI_SQUARE_BYTES_TO_CHECK 512 | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This looks like something that might be better as parameters for There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Mmh, I don't really see the use case for changing these values - especially not in the higher level applications which will use this function. Why do you think they should be changeable without recompiling? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I don't know, but the limits just look like something that users of libblockdev might want to change eventually. But if you think this isn't something that makes sense to change from e.g. udisks, we can keep it this way. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I don't see why these values should be changed from udisks. We explained at https://tails.boum.org/blueprint/veracrypt/#detection why, with these values, the chi-squared test should only produce false negatives with negligible probability (1 in 10 billion). And devices with (non-encrypted) filesystem headers will never pass the test. The only reason I can think of to change these values is to handle strange filesystems, which don't have their header at least partly in the first 512 Bytes (I don't know of any such filesystem), but then I think we should handle this in libblockdev and not udisks or similar. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Ok, you convinced me, we can keep it this way. |
||
|
||
GQuark bd_crypto_error_quark (void); | ||
#define BD_CRYPTO_ERROR bd_crypto_error_quark () | ||
typedef enum { | ||
|
@@ -80,7 +84,9 @@ gboolean bd_crypto_luks_change_key (const gchar *device, const gchar *pass, cons | |
gboolean bd_crypto_luks_change_key_blob (const gchar *device, const guint8 *pass_data, gsize data_len, const guint8 *npass_data, gsize ndata_len, GError **error); | ||
gboolean bd_crypto_luks_resize (const gchar *device, guint64 size, GError **error); | ||
|
||
gboolean bd_crypto_device_seems_encrypted (const gchar *device, GError **error); | ||
gboolean bd_crypto_tc_open (const gchar *device, const gchar *name, const guint8* pass_data, gsize data_len, gboolean read_only, GError **error); | ||
gboolean bd_crypto_tc_open_full (const gchar *device, const gchar *name, const guint8* pass_data, gsize data_len, const gchar **keyfiles, gboolean hidden, gboolean system, gboolean veracrypt, guint32 veracrypt_pim, gboolean read_only, GError **error); | ||
gboolean bd_crypto_tc_close (const gchar *tc_device, GError **error); | ||
|
||
gboolean bd_crypto_escrow_device (const gchar *device, const gchar *passphrase, const gchar *cert_data, const gchar *directory, const gchar *backup_passphrase, GError **error); | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please add the new functions to
docs/libblockdev-sections.txt
too.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done in b8d8bd7.