rpm/cryptsetup
SHA256
1
0
Fork 0
forked from pool/cryptsetup
Code Pull Requests Activity

OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cryptsetup?expand=0&rev=1

Browse Source
This commit is contained in:
OBS User unknown 2007-06-05 02:29:16 +00:00 committed by Git OBS Bridge
commit 48e40f9652
21 changed files with 2670 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
.gitattributes vendored Normal file
View File

@ -0,0 +1,23 @@
## Default LFS
*.7z filter=lfs diff=lfs merge=lfs -text
*.bsp filter=lfs diff=lfs merge=lfs -text
*.bz2 filter=lfs diff=lfs merge=lfs -text
*.gem filter=lfs diff=lfs merge=lfs -text
*.gz filter=lfs diff=lfs merge=lfs -text
*.jar filter=lfs diff=lfs merge=lfs -text
*.lz filter=lfs diff=lfs merge=lfs -text
*.lzma filter=lfs diff=lfs merge=lfs -text
*.obscpio filter=lfs diff=lfs merge=lfs -text
*.oxt filter=lfs diff=lfs merge=lfs -text
*.pdf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.rpm filter=lfs diff=lfs merge=lfs -text
*.tbz filter=lfs diff=lfs merge=lfs -text
*.tbz2 filter=lfs diff=lfs merge=lfs -text
*.tgz filter=lfs diff=lfs merge=lfs -text
*.ttf filter=lfs diff=lfs merge=lfs -text
*.txz filter=lfs diff=lfs merge=lfs -text
*.whl filter=lfs diff=lfs merge=lfs -text
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
.osc

3
Makefile.doc Normal file
View File

@ -0,0 +1,3 @@
crypttab.5: crypttab.5.txt
a2x -d manpage -f manpage crypttab.5.txt
rm -f crypttab.5.xml

1066
boot.crypto Normal file
View File

File diff suppressed because it is too large Load Diff

3
cryptsetup-1.0.5.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:4bab529afa00cafde3bc5df2769578c88438f80c5152d4257cd0e86986f95bc4
size 322394

117
cryptsetup-luks-implicit-declarations.diff Normal file
View File

@ -0,0 +1,117 @@
fix implicit function declarations
Signed-off-by: Ludwig Nussel <ludwig.nussel@suse.de>
Index: cryptsetup-luks-1.0.4_SVN30/lib/internal.h
===================================================================
--- cryptsetup-luks-1.0.4_SVN30.orig/lib/internal.h
+++ cryptsetup-luks-1.0.4_SVN30/lib/internal.h
@@ -62,6 +62,9 @@ int hash(const char *backend_name, const
struct setup_backend *get_setup_backend(const char *name);
void put_setup_backend(struct setup_backend *backend);
+void hexprint(char *d, int n);
+
+int sector_size_for_device(const char *device);
ssize_t write_blockwise(int fd, const void *buf, size_t count);
ssize_t read_blockwise(int fd, void *_buf, size_t count);
ssize_t write_lseek_blockwise(int fd, const char *buf, size_t count, off_t offset);
Index: cryptsetup-luks-1.0.4_SVN30/lib/libcryptsetup.h
===================================================================
--- cryptsetup-luks-1.0.4_SVN30.orig/lib/libcryptsetup.h
+++ cryptsetup-luks-1.0.4_SVN30/lib/libcryptsetup.h
@@ -45,6 +45,8 @@ int crypt_luksDelKey(struct crypt_option
int crypt_luksAddKey(struct crypt_options *options);
int crypt_luksUUID(struct crypt_options *options);
int crypt_isLuks(struct crypt_options *options);
+int crypt_luksFormat(struct crypt_options *options);
+int crypt_luksDump(struct crypt_options *options);
void crypt_get_error(char *buf, size_t size);
void crypt_put_options(struct crypt_options *options);
Index: cryptsetup-luks-1.0.4_SVN30/lib/setup.c
===================================================================
--- cryptsetup-luks-1.0.4_SVN30.orig/lib/setup.c
+++ cryptsetup-luks-1.0.4_SVN30/lib/setup.c
@@ -107,7 +107,7 @@ static int interactive_pass(const char *
{
struct termios orig, tmp;
int failed = -1;
- int infd, outfd;
+ int infd = STDIN_FILENO, outfd;
if (maxlen < 1)
goto out_err;
Index: cryptsetup-luks-1.0.4_SVN30/lib/utils.c
===================================================================
--- cryptsetup-luks-1.0.4_SVN30.orig/lib/utils.c
+++ cryptsetup-luks-1.0.4_SVN30/lib/utils.c
@@ -9,6 +9,7 @@
#include <unistd.h>
#include <sys/types.h>
#include <sys/stat.h>
+#include <sys/ioctl.h>
#include <fcntl.h>
#include "libcryptsetup.h"
Index: cryptsetup-luks-1.0.4_SVN30/luks/af.c
===================================================================
--- cryptsetup-luks-1.0.4_SVN30.orig/luks/af.c
+++ cryptsetup-luks-1.0.4_SVN30/luks/af.c
@@ -30,6 +30,7 @@
#include <errno.h>
#include "sha1.h"
#include "XORblock.h"
+#include "random.h"
/* diffuse: Information spreading over the whole dataset with
* the help of sha512.
Index: cryptsetup-luks-1.0.4_SVN30/luks/keyencryption.c
===================================================================
--- cryptsetup-luks-1.0.4_SVN30.orig/luks/keyencryption.c
+++ cryptsetup-luks-1.0.4_SVN30/luks/keyencryption.c
@@ -40,6 +40,9 @@
(__a - 1) / __b + 1; \
})
+static inline int round_up_modulo(int x, int m) {
+ return div_round_up(x, m) * m;
+}
static int setup_mapping(const char *cipher, const char *name,
const char *device, unsigned int payloadOffset,
Index: cryptsetup-luks-1.0.4_SVN30/luks/keymanage.c
===================================================================
--- cryptsetup-luks-1.0.4_SVN30.orig/luks/keymanage.c
+++ cryptsetup-luks-1.0.4_SVN30/luks/keymanage.c
@@ -141,7 +141,7 @@ int LUKS_write_phdr(const char *device,
return r;
}
-inline int round_up_modulo(int x, int m) {
+static inline int round_up_modulo(int x, int m) {
return div_round_up(x, m) * m;
}
Index: cryptsetup-luks-1.0.4_SVN30/src/cryptsetup.c
===================================================================
--- cryptsetup-luks-1.0.4_SVN30.orig/src/cryptsetup.c
+++ cryptsetup-luks-1.0.4_SVN30/src/cryptsetup.c
@@ -4,6 +4,7 @@
#include <stdint.h>
#include <inttypes.h>
#include <errno.h>
+#include <unistd.h>
#include <assert.h>
#include <libcryptsetup.h>
@@ -13,6 +14,9 @@
#include "cryptsetup.h"
+// XXX!
+int LUKS_is_last_keyslot(const char *device, unsigned int keyIndex);
+
static int opt_verbose = 1;
static char *opt_cipher = NULL;
static char *opt_hash = DEFAULT_HASH;

189
cryptsetup-luks-libnostderr.diff Normal file
View File

@ -0,0 +1,189 @@
use set_error instead of printf in library to report errors.
Signed-off-by: Ludwig Nussel <ludwig.nussel@suse.de>
Index: cryptsetup-luks-1.0.4_SVN30/lib/setup.c
===================================================================
--- cryptsetup-luks-1.0.4_SVN30.orig/lib/setup.c
+++ cryptsetup-luks-1.0.4_SVN30/lib/setup.c
@@ -96,7 +96,7 @@ static int timed_read(int fd, char *pass
if (select(fd+1, &fds, NULL, NULL, &t) > 0)
failed = untimed_read(fd, pass, maxlen);
else
- fprintf(stderr, "Operation timed out.\n");
+ set_error("Operation timed out");
return failed;
}
@@ -195,14 +195,16 @@ static int get_key(struct crypt_options
pass = safe_alloc(512);
if (!pass || (i = interactive_pass(prompt, pass, 512, options->timeout))) {
- set_error("Error reading passphrase");
+ if(!get_error())
+ set_error("Error reading passphrase");
goto out_err;
}
if (verify || verify_if_possible) {
char pass_verify[512];
i = interactive_pass("Verify passphrase: ", pass_verify, sizeof(pass_verify), options->timeout);
if (i || strcmp(pass, pass_verify) != 0) {
- set_error("Passphrases do not match");
+ if(!get_error())
+ set_error("Passphrases do not match");
goto out_err;
}
memset(pass_verify, 0, sizeof(pass_verify));
@@ -383,7 +385,7 @@ static int parse_into_name_and_mode(cons
strncpy(mode,"cbc-plain",10);
}
else {
- fprintf(stderr, "no known cipher-spec pattern detected\n");
+ set_error("no known cipher-spec pattern detected");
return -EINVAL;
}
}
@@ -642,7 +644,6 @@ start:
r = -EINVAL; goto out;
}
if((r = LUKS_open_any_key(options->device, password, passwordLen, &hdr, &mk, backend)) < 0) {
- set_error("No key available with this passphrase.\n");
goto out1;
}
@@ -716,7 +717,7 @@ static int __crypt_luks_add_key(int arg,
r = -EINVAL; goto out;
}
if(LUKS_open_any_key(device, password, passwordLen, &hdr, &mk, backend) < 0) {
- printf("No key available with this passphrase.\n");
+ set_error("No key available with this passphrase");
r = -EPERM; goto out;
}
safe_free(password);
@@ -759,7 +760,7 @@ static int __crypt_luks_del_key(int arg,
}
openedIndex = LUKS_open_any_key(device, password, passwordLen, &hdr, &mk, backend);
if(openedIndex < 0 || keyIndex == openedIndex) {
- printf("No remaining key available with this passphrase.\n");
+ set_error("No remaining key available with this passphrase");
r = -EPERM; goto out;
}
}
Index: cryptsetup-luks-1.0.4_SVN30/luks/keymanage.c
===================================================================
--- cryptsetup-luks-1.0.4_SVN30.orig/luks/keymanage.c
+++ cryptsetup-luks-1.0.4_SVN30/luks/keymanage.c
@@ -76,20 +76,20 @@ int LUKS_read_phdr(const char *device, s
devfd = open(device,O_RDONLY | O_DIRECT | O_SYNC);
if(-1 == devfd) {
- fprintf(stderr, _("Can't open device: %s\n"), device);
+ set_error(_("Can't open device %s"), device);
return -EINVAL;
}
if(read_blockwise(devfd, hdr, sizeof(struct luks_phdr)) < sizeof(struct luks_phdr)) {
r = -EIO;
} else if(memcmp(hdr->magic, luksMagic, LUKS_MAGIC_L)) { /* Check magic */
- fprintf(stderr, _("%s is not a LUKS partition\n"), device);
+ set_error(_("%s is not a LUKS partition\n"), device);
r = -EINVAL;
} else if(memcmp(hdr->hashSpec, "sha1", 4)) { /* Check for SHA1 - other hashspecs are not implemented ATM */
- fputs(_("unknown hash spec in phdr"), stderr);
+ set_error(_("unknown hash spec in phdr"));
r = -EINVAL;
} else if((hdr->version = ntohs(hdr->version)) != 1) { /* Convert every uint16/32_t item from network byte order */
- fprintf(stderr, _("unknown version %d\n"), hdr->version);
+ set_error( _("unknown LUKS version %d\n"), hdr->version);
r = -EINVAL;
} else {
hdr->payloadOffset = ntohl(hdr->payloadOffset);
@@ -117,7 +117,7 @@ int LUKS_write_phdr(const char *device,
devfd = open(device,O_RDWR | O_DIRECT | O_SYNC);
if(-1 == devfd) {
- fprintf(stderr, _("Can't open device: %s\n"), device);
+ set_error(_("Can't open device %s"), device);
return -EINVAL;
}
@@ -210,12 +210,12 @@ int LUKS_set_key(const char *device, uns
int r;
if(hdr->keyblock[keyIndex].active != LUKS_KEY_DISABLED) {
- fprintf(stderr, _("key %d active, purge first.\n"), keyIndex);
+ set_error( _("key %d active, purge first"), keyIndex);
return -EINVAL;
}
if(hdr->keyblock[keyIndex].stripes < LUKS_STRIPES) {
- fprintf(stderr,_("key material section %d includes too few stripes. Header manipulation?\n"),keyIndex);
+ set_error(_("key material section %d includes too few stripes. Header manipulation?"),keyIndex);
return -EINVAL;
}
r = getRandom(hdr->keyblock[keyIndex].passwordSalt, LUKS_SALTSIZE);
@@ -247,7 +247,8 @@ int LUKS_set_key(const char *device, uns
hdr->keyblock[keyIndex].keyMaterialOffset,
backend);
if(r < 0) {
- fprintf(stderr,"Failed to write to key storage.\n");
+ if(!get_error())
+ set_error("Failed to write to key storage");
goto out;
}
@@ -303,7 +304,8 @@ int LUKS_open_key(const char *device,
hdr->keyblock[keyIndex].keyMaterialOffset,
backend);
if(r < 0) {
- fprintf(stderr,"Failed to read from key storage\n");
+ if(!get_error())
+ set_error("Failed to read from key storage");
goto out;
}
@@ -387,7 +389,7 @@ static int wipe(const char *device, unsi
devfd = open(device, O_RDWR | O_DIRECT);
if(devfd == -1) {
- fprintf(stderr, _("Can't open device: %s\n"), device);
+ set_error(_("Can't open device %s"), device);
return -EINVAL;
}
Index: cryptsetup-luks-1.0.4_SVN30/lib/utils.c
===================================================================
--- cryptsetup-luks-1.0.4_SVN30.orig/lib/utils.c
+++ cryptsetup-luks-1.0.4_SVN30/lib/utils.c
@@ -226,7 +226,7 @@ ssize_t read_blockwise(int fd, void *ori
while(count) {
r = read(fd,padbuf,bsize);
if(r < 0 || r != bsize) {
- fprintf(stderr, "read failed in read_blockwise.\n");
+ set_error("read failed in read_blockwise()");
goto out;
}
step = count<bsize?count:bsize;
Index: cryptsetup-luks-1.0.4_SVN30/luks/keyencryption.c
===================================================================
--- cryptsetup-luks-1.0.4_SVN30.orig/luks/keyencryption.c
+++ cryptsetup-luks-1.0.4_SVN30/luks/keyencryption.c
@@ -61,7 +61,7 @@ static int setup_mapping(const char *cip
* device's sector size, otherwise the mapping will be refused.
*/
if(device_sector_size < 0) {
- fprintf(stderr,_("Unable to obtain sector size for %s"),device);
+ set_error(_("Unable to obtain sector size for %s"),device);
return -EINVAL;
}
options->size = round_up_modulo(srcLength,device_sector_size)/SECTOR_SIZE;
@@ -121,7 +121,8 @@ static int LUKS_endec_template(char *src
r = setup_mapping(dmCipherSpec,name,device,hdr->payloadOffset,key,keyLength,sector,srcLength,backend,mode);
if(r < 0) {
- fprintf(stderr,"Failed to setup dm-crypt key mapping.\nCheck kernel for support for the %s cipher spec and verify that %s contains at least %d sectors.\n",
+ if(!get_error())
+ set_error("Failed to setup dm-crypt key mapping.\nCheck kernel for support for the %s cipher spec and verify that %s contains at least %d sectors",
dmCipherSpec,
device,
sector + div_round_up(srcLength,SECTOR_SIZE));

17
cryptsetup-luks-uninitialized.diff Normal file
View File

@ -0,0 +1,17 @@
fix segfault when trying to open a non existing device
Signed-off-by: Ludwig Nussel <ludwig.nussel@suse.de>
Index: cryptsetup-luks-1.0.4_SVN30/lib/setup.c
===================================================================
--- cryptsetup-luks-1.0.4_SVN30.orig/lib/setup.c
+++ cryptsetup-luks-1.0.4_SVN30/lib/setup.c
@@ -608,7 +608,7 @@ out:
static int __crypt_luks_open(int arg, struct setup_backend *backend, struct crypt_options *options)
{
- struct luks_masterkey *mk;
+ struct luks_masterkey *mk=NULL;
struct luks_phdr hdr;
char *password; int passwordLen;
struct device_infos infos;

92
cryptsetup-luks-warnings.diff Normal file
View File

@ -0,0 +1,92 @@
fix some gcc warnings
Signed-off-by: Ludwig Nussel <ludwig.nussel@suse.de>
Index: cryptsetup-luks-1.0.4_SVN30/lib/libdevmapper.c
===================================================================
--- cryptsetup-luks-1.0.4_SVN30.orig/lib/libdevmapper.c
+++ cryptsetup-luks-1.0.4_SVN30/lib/libdevmapper.c
@@ -258,7 +258,7 @@ static int dm_query_device(int details,
options->skip = 0;
options->size = length;
if (details) {
- char *cipher, *key_, *device, *tmp;
+ char *cipher, *key_, *device;
uint64_t val64;
set_error("Invalid dm table");
Index: cryptsetup-luks-1.0.4_SVN30/lib/setup.c
===================================================================
--- cryptsetup-luks-1.0.4_SVN30.orig/lib/setup.c
+++ cryptsetup-luks-1.0.4_SVN30/lib/setup.c
@@ -57,8 +57,6 @@ static int setup_enter(struct setup_back
static int setup_leave(struct setup_backend *backend)
{
- const char *error;
-
if (backend)
backend->exit();
Index: cryptsetup-luks-1.0.4_SVN30/lib/utils.c
===================================================================
--- cryptsetup-luks-1.0.4_SVN30.orig/lib/utils.c
+++ cryptsetup-luks-1.0.4_SVN30/lib/utils.c
@@ -173,7 +173,7 @@ ssize_t write_blockwise(int fd, const vo
{
char *padbuf; char *padbuf_base;
char *buf = (char *)orig_buf;
- int r;
+ int r = 0;
int hangover; int solid; int bsize;
if ((bsize = sector_size(fd)) < 0)
@@ -213,7 +213,7 @@ ssize_t write_blockwise(int fd, const vo
ssize_t read_blockwise(int fd, void *orig_buf, size_t count) {
char *padbuf; char *padbuf_base;
char *buf = (char *)orig_buf;
- int r;
+ int r = 0;
int step;
int bsize;
Index: cryptsetup-luks-1.0.4_SVN30/luks/keymanage.c
===================================================================
--- cryptsetup-luks-1.0.4_SVN30.orig/luks/keymanage.c
+++ cryptsetup-luks-1.0.4_SVN30/luks/keymanage.c
@@ -417,7 +417,7 @@ static int wipe(const char *device, unsi
int LUKS_del_key(const char *device, unsigned int keyIndex)
{
struct luks_phdr hdr;
- unsigned int i, startOffset, endOffset, stripesLen;
+ unsigned int startOffset, endOffset, stripesLen;
int r;
r = LUKS_read_phdr(device, &hdr);
Index: cryptsetup-luks-1.0.4_SVN30/luks/random.c
===================================================================
--- cryptsetup-luks-1.0.4_SVN30.orig/luks/random.c
+++ cryptsetup-luks-1.0.4_SVN30/luks/random.c
@@ -13,7 +13,7 @@
int getRandom(char *buf, size_t len)
{
- int randomfd, r = 0, index = 0;
+ int randomfd, r = 0;
//FIXME Run a FIPS test for the random device or include
// PRNG if urandom not avail.
Index: cryptsetup-luks-1.0.4_SVN30/src/cryptsetup.c
===================================================================
--- cryptsetup-luks-1.0.4_SVN30.orig/src/cryptsetup.c
+++ cryptsetup-luks-1.0.4_SVN30/src/cryptsetup.c
@@ -203,7 +203,8 @@ static int yesDialog(char *msg)
size_t size=0;
fprintf(stderr,"\nWARNING!\n========\n");
fprintf(stderr,"%s\n\nAre you sure? (Type uppercase yes): ",msg);
- getline(&answer,&size,stdin);
+ if(getline(&answer,&size,stdin) == -1)
+ return 0;
if(strcmp(answer,"YES\n") == 0)
r = 1;
free(answer);

8
cryptsetup-mktar Normal file
View File

@ -0,0 +1,8 @@
#!/bin/sh
# repo is at http://luks.endorphin.org/svn/cryptsetup
set -e
SVN_VERSION="1.0.4_SVN`svnversion .`"
rm -rf cryptsetup-luks-${SVN_VERSION}
svn export . cryptsetup-luks-${SVN_VERSION}
tar --owner=root --group=root --force-local -cjf cryptsetup-luks-${SVN_VERSION}.tar.bz2 cryptsetup-luks-${SVN_VERSION}
rm -rf cryptsetup-luks-${SVN_VERSION}

155
cryptsetup.changes Normal file
View File

@ -0,0 +1,155 @@
-------------------------------------------------------------------
Fri Jun 1 10:07:14 CEST 2007 - lnussel@suse.de
- rename util-linux-crypto to cryptsetup
- remove dmconvert
- replace svn snapshot with official 1.0.5 release
- don't enable boot.crypto by default
-------------------------------------------------------------------
Tue May 29 15:58:44 CEST 2007 - lnussel@suse.de
- fix segfault when trying to open a non existing device
- fix gcc warnings
- add Short-Description to boot.crypto
- use %find_lang
-------------------------------------------------------------------
Wed May 9 14:52:00 CEST 2007 - lnussel@suse.de
- boot.crypto: implement 'status'
- boot.crypto: accept argument to start/stop single devices
-------------------------------------------------------------------
Wed May 9 10:40:28 CEST 2007 - lnussel@suse.de
- hashalot: add timeout option
-------------------------------------------------------------------
Wed May 9 09:40:42 CEST 2007 - lnussel@suse.de
- fix build
-------------------------------------------------------------------
Tue May 8 15:16:41 CEST 2007 - lnussel@suse.de
- boot.crypto: switch off splash screen only when needed
- boot.crypto: report status for individual volumes instead of using one global
exit status
- hashalot: exit unsucessfully on empty passphrase
-------------------------------------------------------------------
Tue May 8 10:43:24 CEST 2007 - lnussel@suse.de
- boot.crypto: sleep a bit longer before overwriting the prompt
- boot.crypto: add support for pseed and itercountk options
- boot.crypto: skip entries with unsupported/unknown options
- hashalot: add support for itercountk
-------------------------------------------------------------------
Fri May 4 16:38:11 CEST 2007 - lnussel@suse.de
- upgrade cryptsetup to current svn revision 30 which includes
previous patches.
- fix background prompt process not getting killed on ctrl-d in
boot.crypto
-------------------------------------------------------------------
Fri Apr 27 15:46:05 CEST 2007 - lnussel@suse.de
- upgrade cryptsetup to current svn revision 26. Does no longer hang
when a file is specified instead of a device.
- remove obsolete cryptsetup.sh script
- boot.crypto:
* drop support for cryptoloop, use cryptsetup also for cryptotab
* refactor code and create reusable components for use in cryptotab
and crypttab code path
* run sulogin only during boot if fsck failed
* support crypttab's 'tries' option
- add crypttab manpage based on Debian one
-------------------------------------------------------------------
Tue Apr 24 17:38:40 CEST 2007 - lnussel@suse.de
- add boot.crypto (#257884)
- add crypttab and cryptotab as %ghost to filelist
-------------------------------------------------------------------
Tue Mar 27 10:22:48 CEST 2007 - mkoenig@suse.de
- move devel .so link to %{libdir}
- run ldconfig, since we have now a shared lib installed
-------------------------------------------------------------------
Fri Mar 23 16:18:12 CET 2007 - dmueller@suse.de
- cryptsetup can now link shared since libpopt is
no longer under /usr
-------------------------------------------------------------------
Fri Mar 9 12:06:53 CET 2007 - lnussel@suse.de
- add patch to support old loop_fish2 key hash method
-------------------------------------------------------------------
Thu Dec 7 18:33:01 CET 2006 - mkoenig@suse.de
- update cryptsetup to version 1.0.4:
* added terminal timeout rewrite
* allow user selection of key slot
* reading binary keys from stdin using the "-" as key file
* fix 64 bit compiler warning issues.
* fix getline problem for 64-bit archs.
-------------------------------------------------------------------
Fri Oct 13 11:30:19 CEST 2006 - mkoenig@suse.de
- fix build failure due to missing pthreads
-------------------------------------------------------------------
Wed Sep 13 12:39:27 CEST 2006 - hvogel@suse.de
- use the LUKS version of cryptsetup
- split -devel subpackage for libcryptsetup
- remove patches because they are in the new cryptsetup
* cryptsetup-0.1-static.patch
* cryptsetup-0.1-retval.patch
* cryptsetup-0.1-dmi.exists.patch
* cryptsetup-0.1-timeout.patch
- use man page from the new cryptsetup
-------------------------------------------------------------------
Tue May 16 11:03:08 CEST 2006 - hvogel@suse.de
- Fix cryptsetup to work when the device does not exist yet
[#175931]
-------------------------------------------------------------------
Wed Jan 25 21:42:28 CET 2006 - mls@suse.de
- converted neededforbuild to BuildRequires
-------------------------------------------------------------------
Mon Dec 19 14:46:30 CET 2005 - mmj@suse.de
- Remove symlinks to hashalot we don't want
-------------------------------------------------------------------
Thu Oct 13 15:04:29 CEST 2005 - hvogel@suse.de
- Fix uninitialized var in dmconvert. Add
* dmconvert-0.2-uninitialized.patch
- Fix return value in cryptsetup. Add
* cryptsetup-0.1-retval.patch
-------------------------------------------------------------------
Wed Jun 29 14:28:32 CEST 2005 - hvogel@suse.de
- Link cryptsetup static so it can be in /sbin and you can get
/usr over nfs or even crypted
-------------------------------------------------------------------
Mon May 9 17:23:39 CEST 2005 - hvogel@suse.de
- New package, Version 2.12q

274
cryptsetup.spec Normal file
View File

@ -0,0 +1,274 @@
#
# spec file for package cryptsetup (Version 1.0.5)
#
# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
# This file and all modifications and additions to the pristine
# package are under the same license as the package itself.
#
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
# norootforbuild
Name: cryptsetup
URL: http://luks.endorphin.org/dm-crypt
BuildRequires: device-mapper-devel e2fsprogs-devel libgcrypt-devel popt-devel
# hashalot version
%define haver 0.3
License: BSD License and BSD-like, GNU General Public License (GPL)
Group: System/Base
Autoreqprov: on
Version: 1.0.5
Release: 1
Summary: Set up dm-crypt based encrypted block devices
Source: cryptsetup-1.0.5.tar.bz2
Source1: hashalot-%haver.tar.bz2
Source50: boot.crypto
Source90: Makefile.doc
Source91: crypttab.5.txt
# make -f Makefile.doc
Source92: crypttab.5
# use this to create the tarball from svn
Source99: cryptsetup-mktar
Patch1: cryptsetup-luks-uninitialized.diff
Patch2: cryptsetup-luks-implicit-declarations.diff
Patch3: cryptsetup-luks-warnings.diff
Patch4: cryptsetup-luks-libnostderr.diff
Patch10: hashalot-fixes.diff
Patch11: hashalot-libgcrypt.diff
Patch12: hashalot-ctrl-d.diff
Patch13: hashalot-timeout.diff
Patch14: hashalot-manpage.diff
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Provides: aaa_base:/etc/init.d/boot.crypto
Obsoletes: util-linux-crypto <= 2.12r
# we need losetup
Requires: util-linux
%description
cryptsetup is used to conveniently setup up dm-crypt based
device-mapper targets. It can set up targets to read cryptoloop
compatible volumes as well as LUKS formatted ones. The package
additionally includes support for automatically setting up encrypted
volumes at boot time via the config file /etc/crypttab
Authors:
--------
Clemens Fruhwirth <clemens@endorphin.org>
Christophe Saout <christophe@saout.de>
Ben Slusky <sluskyb@paranoiacs.org>
%package devel
Summary: Set up dm-crypt based encrypted block devices
Group: System/Base
Requires: %name = %version
Requires: device-mapper-devel libgcrypt-devel libgpg-error-devel e2fsprogs-devel glibc-devel
%description devel
cryptsetup is used to conveniently setup up dm-crypt based
device-mapper targets. It can set up targets to read cryptoloop
compatible volumes as well as LUKS formatted ones. The package
additionally includes support for automatically setting up encrypted
volumes at boot time via the config file /etc/crypttab
Authors:
--------
Clemens Fruhwirth <clemens@endorphin.org>
Christophe Saout <christophe@saout.de>
Ben Slusky <sluskyb@paranoiacs.org>
%prep
%setup -q -b 1
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
pushd ../hashalot-%haver
%patch10 -p1
%patch11 -p1
%patch12 -p1
%patch13 -p1
%patch14 -p1
popd
%build
# cryptsetup build
%{?suse_update_config:%{suse_update_config}}
autoreconf -f -i
CFLAGS="$RPM_OPT_FLAGS" ./configure --prefix=%_prefix --mandir=%_mandir \
--libdir=/%_lib \
--bindir=/sbin --sbindir=/sbin \
--disable-static --enable-shared
make
#
# hashalot build
pushd ../hashalot-%haver
autoreconf -f -i
%{?suse_update_config:%{suse_update_config}}
CFLAGS="$RPM_OPT_FLAGS" ./configure --prefix=%_prefix --sbindir=/sbin --mandir=%_mandir
make
popd
%install
make install DESTDIR=$RPM_BUILD_ROOT
# move devel .so link to %{libdir}
rm -f $RPM_BUILD_ROOT/%{_lib}/libcryptsetup.so
mkdir -p $RPM_BUILD_ROOT%{_libdir}
ln -s /%{_lib}/libcryptsetup.so.0.0.0 $RPM_BUILD_ROOT%{_libdir}/libcryptsetup.so
# don't want this file in /lib (FHS compat check), and can't move it to /usr/lib
rm -f $RPM_BUILD_ROOT/%_lib/*.la
#
# hashalot install
pushd ../hashalot-%haver
make install DESTDIR=$RPM_BUILD_ROOT
popd
# remove unwanted symlinks
rm -f $RPM_BUILD_ROOT/sbin/{rmd160,sha256,sha384,sha512}
#
#
# boot.crypto
install -d -m 755 %{buildroot}/etc/init.d
install -m 755 %{SOURCE50} %{buildroot}/etc/init.d/boot.crypto
# maybe install templates instead?
install -m 644 /dev/null %{buildroot}/etc/cryptotab
install -m 644 /dev/null %{buildroot}/etc/crypttab
# man page
install -d -m755 %{buildroot}%{_mandir}/man5
install -m644 %{SOURCE92} %{buildroot}%{_mandir}/man5
#
%find_lang %name --all-name
%pre
# hack to catch update case from aaa_base/util-linux-crypto
if [ -f /etc/init.d/boot.d/S??boot.crypto ]; then
touch /var/run/cryptsetup.boot.crypto.enabled
fi
%post
/sbin/ldconfig
%{fillup_and_insserv boot.crypto}
if [ -e /var/run/cryptsetup.boot.crypto.enabled ]; then
rm -f /var/run/cryptsetup.boot.crypto.enabled
%{fillup_and_insserv -fY boot.crypto}
fi
%postun
/sbin/ldconfig
%{insserv_cleanup}
%clean
rm -rf $RPM_BUILD_ROOT
%files -f %name.lang
%defattr(-,root,root)
%ghost %verify(not md5 size mtime) %config(noreplace,missingok) /etc/crypttab
%ghost %verify(not md5 size mtime) %config(noreplace,missingok) /etc/cryptotab
/etc/init.d/boot.crypto
/sbin/cryptsetup
/sbin/hashalot
%_datadir/locale/de/LC_MESSAGES/cryptsetup.mo
%_mandir/man1/hashalot.1.gz
%_mandir/man8/cryptsetup.8.gz
%_mandir/man5/crypttab.5.gz
/%_lib/libcryptsetup.so.0
/%_lib/libcryptsetup.so.0.0.0
%files devel
%defattr(-,root,root)
%_includedir/libcryptsetup.h
%{_libdir}/libcryptsetup.so
%changelog
* Fri Jun 01 2007 - lnussel@suse.de
- rename util-linux-crypto to cryptsetup
- remove dmconvert
- replace svn snapshot with official 1.0.5 release
- don't enable boot.crypto by default
* Tue May 29 2007 - lnussel@suse.de
- fix segfault when trying to open a non existing device
- fix gcc warnings
- add Short-Description to boot.crypto
- use %%find_lang
* Wed May 09 2007 - lnussel@suse.de
- boot.crypto: implement 'status'
- boot.crypto: accept argument to start/stop single devices
* Wed May 09 2007 - lnussel@suse.de
- hashalot: add timeout option
* Wed May 09 2007 - lnussel@suse.de
- fix build
* Tue May 08 2007 - lnussel@suse.de
- boot.crypto: switch off splash screen only when needed
- boot.crypto: report status for individual volumes instead of using one global
exit status
- hashalot: exit unsucessfully on empty passphrase
* Tue May 08 2007 - lnussel@suse.de
- boot.crypto: sleep a bit longer before overwriting the prompt
- boot.crypto: add support for pseed and itercountk options
- boot.crypto: skip entries with unsupported/unknown options
- hashalot: add support for itercountk
* Fri May 04 2007 - lnussel@suse.de
- upgrade cryptsetup to current svn revision 30 which includes
previous patches.
- fix background prompt process not getting killed on ctrl-d in
boot.crypto
* Fri Apr 27 2007 - lnussel@suse.de
- upgrade cryptsetup to current svn revision 26. Does no longer hang
when a file is specified instead of a device.
- remove obsolete cryptsetup.sh script
- boot.crypto:
* drop support for cryptoloop, use cryptsetup also for cryptotab
* refactor code and create reusable components for use in cryptotab
and crypttab code path
* run sulogin only during boot if fsck failed
* support crypttab's 'tries' option
- add crypttab manpage based on Debian one
* Tue Apr 24 2007 - lnussel@suse.de
- add boot.crypto (#257884)
- add crypttab and cryptotab as %%ghost to filelist
* Tue Mar 27 2007 - mkoenig@suse.de
- move devel .so link to %%{libdir}
- run ldconfig, since we have now a shared lib installed
* Fri Mar 23 2007 - dmueller@suse.de
- cryptsetup can now link shared since libpopt is
no longer under /usr
* Fri Mar 09 2007 - lnussel@suse.de
- add patch to support old loop_fish2 key hash method
* Thu Dec 07 2006 - mkoenig@suse.de
- update cryptsetup to version 1.0.4:
* added terminal timeout rewrite
* allow user selection of key slot
* reading binary keys from stdin using the "-" as key file
* fix 64 bit compiler warning issues.
* fix getline problem for 64-bit archs.
* Fri Oct 13 2006 - mkoenig@suse.de
- fix build failure due to missing pthreads
* Wed Sep 13 2006 - hvogel@suse.de
- use the LUKS version of cryptsetup
- split -devel subpackage for libcryptsetup
- remove patches because they are in the new cryptsetup
* cryptsetup-0.1-static.patch
* cryptsetup-0.1-retval.patch
* cryptsetup-0.1-dmi.exists.patch
* cryptsetup-0.1-timeout.patch
- use man page from the new cryptsetup
* Tue May 16 2006 - hvogel@suse.de
- Fix cryptsetup to work when the device does not exist yet
[#175931]
* Wed Jan 25 2006 - mls@suse.de
- converted neededforbuild to BuildRequires
* Mon Dec 19 2005 - mmj@suse.de
- Remove symlinks to hashalot we don't want
* Thu Oct 13 2005 - hvogel@suse.de
- Fix uninitialized var in dmconvert. Add
* dmconvert-0.2-uninitialized.patch
- Fix return value in cryptsetup. Add
* cryptsetup-0.1-retval.patch
* Wed Jun 29 2005 - hvogel@suse.de
- Link cryptsetup static so it can be in /sbin and you can get
/usr over nfs or even crypted
* Mon May 09 2005 - hvogel@suse.de
- New package, Version 2.12q

201
crypttab.5 Normal file
View File

@ -0,0 +1,201 @@
.\" Title: crypttab
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
.\" Date: 05/09/2007
.\" Manual:
.\" Source:
.\"
.TH "CRYPTTAB" "5" "05/09/2007" "" ""
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.SH "NAME"
crypttab \- static information about crypted filesystems
.SH "SYNOPSIS"
.PP
\fBcrypttab\fR
.RS 4
\fI<target device>\fR
\fI<source device>\fR
\fI<key file>\fR
\fI<options>\fR
.RE
.SH "DESCRIPTION"
The file \fB/etc/crypttab\fR contains descriptive informations about encrypted volumes. Each volume is described on a separate line; columns on each line are separated by tabs or spaces. Lines starting with "\fI#\fR" are comments, empty lines are ignored. The order of records in \fBcrypttab\fR is important because the \fB/etc/init.d/boot.crypto\fR script sequentially iterates through \fBcrypttab\fR entries. All four columns are mandatory, missing or excessive columns will lead to unspecified behaviour.
.sp
.TP 4
\(bu
The first column,
\fItarget device\fR
specifies the mapped
\fIdevice name\fR. It must be a plain filename without any directories. A mapped device
\fB/dev/mapper/\fR\fIdevice name\fR
will be created by
\fBcryptsetup(8)\fR
crypting data from and onto the
\fIsource device\fR.
To actually mount that device it needs to be listed in \fB/etc/fstab\fR.
.sp
.TP 4
\(bu
The second column
\fIsource device\fR
specifies the block special device that should hold the encrypted data.
.TP 4
\(bu
The third column
\fIkey file\fR
specifies the file to use for decrypting the encrypted data of the
\fIsource device\fR.
It can also be a device name (e.g. \fB/dev/urandom\fR, which is useful for encrypted swap devices). Warning: luks does not support infinite streams (like \fB/dev/urandom\fR), it requires a fixed size key.
.sp
If the \fIkey file\fR is the string \fBnone\fR, the key data (i.e. a password or passphrase) will be read interactively from the console. In this case the options precheck, check, checkargs and tries may be useful.
.sp
.TP 4
\(bu
The fourth field
\fIoptions\fR
specifies the cryptsetup options associated with the encryption process. At minimum, the field should contain the string
\fBluks\fR
or the
\fIcipher\fR,
\fIhash\fR
and
\fIsize\fR
options.
Options have to be specified in the format: \fIkey\fR=\fIvalue\fR[,\fIkey\fR=\fIvalue\fR \&...]
.sp
.SH "OPTIONS"
.PP
\fBcipher\fR=<cipher>
.RS 4
Encryption algorithm. See
\fBcryptsetup \-c\fR.
.RE
.PP
\fBsize\fR=<size>
.RS 4
Encryption key size. See
\fBcryptsetup \-s\fR.
.RE
.PP
\fBhash\fR=<hash>
.RS 4
Hash algorithm. See
\fBcryptsetup \-h\fR.
.RE
.PP
\fBverify\fR
.RS 4
Verify password. See
\fBcryptsetup \-y\fR.
.RE
.PP
\fBreadonly\fR
.RS 4
The backing device is read\-only (eg: a dvd).
.RE
.PP
\fBluks\fR
.RS 4
Use device with luks extensions.
.RE
.PP
\fBswap\fR
.RS 4
Run
\fBmkswap\fR
on the created device.
.RE
.PP
\fBtmp\fR
.RS 4
Run
\fBmkfs\fR
on the created device. The file system to use is specified in
\fB/etc/fstab\fR. If
\fB/etc/fstab\fR
does not list the mapped device, ext2 is used as fallback.
.RE
.PP
\fBprecheck\fR=<precheck>
.RS 4
Check the source device by suitable program; if the check fails the device is not created; <precheck> is a script to check the source device. The source device is given as argument to the script.
.RE
.PP
\fBcheck\fR[=<program>]
.RS 4
Check the content of the mapped device by a suitable program; if the check fails the device is removed. The specified program is run giving the decrypted volume (target device) as first and the value of the checkargs option as second argument. Cryptdisks searches for the given program in /lib/cryptsetup/checks/. If no program is specified, vol_id is used.
.RE
.PP
\fBcheckargs\fR=<argument>
.RS 4
Pass <argument> as second argument to the check script
.RE
.PP
\fBtries\fR=<num>
.RS 4
Prompt for the passphrase at most <num> times if the entered passphrase was wrong. Defaults is 3. Only works for LUKS volumes.
.RE
.PP
\fBtimeout\fR=<sec>
.RS 4
Time out interactive password prompts after <sec> seconds.
.RE
.PP
\fBloop\fR
.RS 4
Always attach a loop device before mapping the device. Normally a loop device is used automatically only for image files. Useful if the block size of the physical device does not match the block size of the contained file system. E.g. ext2 on a CD.
.RE
.PP
\fBnoauto\fR
.RS 4
Causes boot.crypto to skip this record during boot
.RE
.PP
\fBpseed=<string>\fR
.RS 4
Set a string that is appended to the passphrase after hashing. Using different seeds for volumes with the same passphrase makes dictionary attacks harder. Use for compatability with loop\-AES.
.RE
.PP
\fBitercountk=<num>\fR
.RS 4
Encrypts the hashed password <num> thousand times using AES\-256. Use for compatability with loop\-AES.
.RE
.PP
\fBloud\fR, \fBssl\fR, \fBgpg\fR, \fBkeyscript\fR
.RS 4
not supported. Listed here as they are supported by Debian.
.RE
.SH "CHECKSCRIPTS"
TODO
.sp
.SH "EXAMPLES"
.PP
\fBEncrypted swap device\fR
.RS 4
cswap /dev/sda6 /dev/random swap
.RE
.PP
\fBEncrypted luks volume with interactive password\fR
.RS 4
cdisk0 /dev/hda1 none luks
.RE
.PP
\fBEncrypted luks volume with interactive password, use a custom check script, no retries\fR
.RS 4
cdisk2 /dev/hdc1 none luks,check=customscript,checkargs=foo,tries=1
.RE
.PP
\fBEncrypted volume with interactive password and a cryptoloop compatible twofish256 cipher\fR
.RS 4
cdisk3 /dev/sda3 none cipher=twofish\-cbc\-plain,size=256,hash=sha512
.RE
.SH "SEE ALSO"
cryptsetup(8), /etc/crypttab, fstab(8)
.sp
.SH "AUTHOR"
Manual page converted to asciidoc by Michael Gebetsroither <michael.geb@gmx.at>. Originally written by Bastian Kleineidam <calvin@debian.org> for the Debian distribution of cryptsetup. Improved by Jonas Meurer <jonas@freesources.org>. Modified for SUSE Linux by Ludwig Nussel <ludwig.nussel@suse.de>. Parts of this manual were taken and adapted from the fstab(5) manual page.
.sp

178
crypttab.5.txt Normal file
View File

@ -0,0 +1,178 @@
CRYPTTAB(5)
===========
NAME
----
crypttab - static information about crypted filesystems
SYNOPSIS
--------
*crypttab*::
'<target device>' '<source device>' '<key file>' '<options>'
DESCRIPTION
-----------
The file */etc/crypttab* contains descriptive informations about
encrypted volumes. Each volume is described on a separate line;
columns on each line are separated by tabs or spaces. Lines starting
with "'#'" are comments, empty lines are ignored. The order of
records in *crypttab* is important because the
*/etc/init.d/boot.crypto* script sequentially iterates through
*crypttab* entries. All four columns are mandatory, missing or
excessive columns will lead to unspecified behaviour.
- The first column, 'target device' specifies the mapped 'device
name'. It must be a plain filename without any directories. A mapped
device */dev/mapper/*'device name' will be created by
*cryptsetup(8)* crypting data from and onto the 'source device'.
To actually mount that device it needs to be listed in */etc/fstab*.
- The second column 'source device' specifies the block special
device that should hold the encrypted data.
- The third column 'key file' specifies the file to use for
decrypting the encrypted data of the 'source device'.
It can also be a device name (e.g. */dev/urandom*, which is useful
for encrypted swap devices). Warning: luks does not support infinite
streams (like */dev/urandom*), it requires a fixed size key.
If the 'key file' is the string *none*, the key data (i.e. a
password or passphrase) will be read interactively from the console.
In this case the options precheck, check, checkargs and tries may be
useful.
- The fourth field 'options' specifies the cryptsetup options
associated with the encryption process. At minimum, the field should
contain the string *luks* or the 'cipher', 'hash' and 'size'
options.
Options have to be specified in the format: 'key'='value'[,'key'='value' ...]
OPTIONS
-------
*cipher*=<cipher>::
Encryption algorithm. See *cryptsetup -c*.
*size*=<size>::
Encryption key size. See *cryptsetup -s*.
*hash*=<hash>::
Hash algorithm. See *cryptsetup -h*.
*verify*::
Verify password. See *cryptsetup -y*.
*readonly*::
The backing device is read-only (eg: a dvd).
*luks*::
Use device with luks extensions.
*swap*::
Run *mkswap* on the created device.
*tmp*::
Run *mkfs* on the created device. The file system to use is
specified in */etc/fstab*. If */etc/fstab* does not list the mapped
device, ext2 is used as fallback.
*precheck*=<precheck>::
Check the source device by suitable program; if the check fails the device is
not created; <precheck> is a script to check the source device. The source
device is given as argument to the script.
*check*[=<program>]::
Check the content of the mapped device by a suitable program; if the
check fails the device is removed. The specified program is
run giving the decrypted volume (target device) as first and the
value of the checkargs option as second argument. Cryptdisks
searches for the given program in /lib/cryptsetup/checks/. If no
program is specified, vol_id is used.
*checkargs*=<argument>::
Pass <argument> as second argument to the check script
*tries*=<num>::
Prompt for the passphrase at most <num> times if the entered
passphrase was wrong. Defaults is 3. Only works for LUKS volumes.
*timeout*=<sec>::
Time out interactive password prompts after <sec> seconds.
*loop*::
Always attach a loop device before mapping the device. Normally a
loop device is used automatically only for image files. Useful if
the block size of the physical device does not match the block size
of the contained file system. E.g. ext2 on a CD.
*noauto*::
Causes boot.crypto to skip this record during boot
*pseed=<string>*::
Set a string that is appended to the passphrase after hashing.
Using different seeds for volumes with the same passphrase makes
dictionary attacks harder. Use for compatability with loop-AES.
*itercountk=<num>*::
Encrypts the hashed password <num> thousand times using AES-256. Use
for compatability with loop-AES.
*loud*, *ssl*, *gpg*, *keyscript*::
not supported. Listed here as they are supported by Debian.
CHECKSCRIPTS
------------
TODO
/////
*vol_id*::
Checks for any known filesystem. Supports a filesystem type as argument via
<checkargs>:
no checkargs - succeeds if any valid filesystem is found on the device.
"none" - succeeds if no valid filesystem is found on the device.
"ext3" [or any other filesystem type like xfs, swap, crypto_LUKS, whatever] - succeeds
if an ext3 [or another given] filesystem type is found on the device.
*ext3*::
Checks for a valid ext2/ext3 filesystem.
*xfs*::
Checks for a valid xfs filesystem.
*swap*::
Checks for partition type 'swap'. Only useful as <precheck>.
////
EXAMPLES
--------
*Encrypted swap device*::
cswap /dev/sda6 /dev/random swap
*Encrypted luks volume with interactive password*::
cdisk0 /dev/hda1 none luks
*Encrypted luks volume with interactive password, use a custom check script, no retries*::
cdisk2 /dev/hdc1 none luks,check=customscript,checkargs=foo,tries=1
*Encrypted volume with interactive password and a cryptoloop compatible twofish256 cipher*::
cdisk3 /dev/sda3 none cipher=twofish-cbc-plain,size=256,hash=sha512
SEE ALSO
--------
cryptsetup(8), /etc/crypttab, fstab(8)
AUTHOR
------
Manual page converted to asciidoc by Michael Gebetsroither
<michael.geb@gmx.at>. Originally written by
Bastian Kleineidam <calvin@debian.org> for the Debian distribution
of cryptsetup. Improved by Jonas Meurer <jonas@freesources.org>.
Modified for SUSE Linux by Ludwig Nussel <ludwig.nussel@suse.de>.
Parts of this manual were taken and adapted from the fstab(5) manual
page.

3
hashalot-0.3.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:5958c371ba2469150b19f4c3a66bb374a7b1e287df4d0bfeb5e7c480da15424d
size 68508

19
hashalot-ctrl-d.diff Normal file
View File

@ -0,0 +1,19 @@
exit unsucessfully on empty passphrase
Signed-off-by: Ludwig Nussel <ludwig.nussel@suse.de>
Index: hashalot-0.3/hashalot.c
===================================================================
--- hashalot-0.3/hashalot.c.orig
+++ hashalot-0.3/hashalot.c
@@ -275,6 +275,10 @@ main(int argc, char *argv[])
/* here we acquire the precious passphrase... */
pass = xgetpass("Enter passphrase: ");
+ if(!*pass) {
+ exit(EXIT_FAILURE);
+ }
+
if (salt)
pass = salt_passphrase(pass, salt);
hashlen = func(passhash, hashlen, pass, strlen(pass));

37
hashalot-fixes.diff Normal file
View File

@ -0,0 +1,37 @@
- print help text to stdout so it can be read via pager
- use proper length in phash_rmd160()
Signed-off-by: Ludwig Nussel <ludwig.nussel@suse.de>
Index: hashalot-0.3/hashalot.c
===================================================================
--- hashalot-0.3/hashalot.c.orig
+++ hashalot-0.3/hashalot.c
@@ -42,7 +42,7 @@ phash_rmd160(char dest[], size_t dest_le
tmp[PASSWDBUFFLEN - 1] = '\0';
rmd160_hash_buffer(key, src, src_len);
- rmd160_hash_buffer(key + RMD160_HASH_SIZE, tmp, src_len + 1 /* dangerous! */);
+ rmd160_hash_buffer(key + RMD160_HASH_SIZE, tmp, strlen(tmp));
memcpy(dest, key, dest_len);
@@ -95,7 +95,7 @@ show_usage(const char argv0[])
{
struct func_table_t *p = func_table;
- fprintf (stderr,
+ fprintf (stdout,
"usage:\n"
" hashalot [ -x ] [ -s SALT ] [ -n _#bytes_ ] HASHTYPE\n"
" or\n"
@@ -106,7 +106,8 @@ show_usage(const char argv0[])
for (; p->name; ++p)
fprintf (stderr, "%s ", p->name);
- fprintf (stderr, "\n");
+
+ fprintf (stdout, "\n");
return 1;
}

156
hashalot-libgcrypt.diff Normal file
View File

@ -0,0 +1,156 @@
add support for -C (itercountk) option of loop-AES if libgcrypt is available
Signed-off-by: Ludwig Nussel <ludwig.nussel@suse.de>
Index: hashalot-0.3/Makefile.am
===================================================================
--- hashalot-0.3/Makefile.am.orig
+++ hashalot-0.3/Makefile.am
@@ -3,6 +3,9 @@ sbin_PROGRAMS = hashalot
man_MANS = hashalot.1
+hashalot_CFLAGS = $(LIBGCRYPT_CFLAGS)
+hashalot_LDFLAGS = $(LIBGCRYPT_LIBS)
+
hashalot_SOURCES = hashalot.c rmd160.c rmd160.h sha512.c sha512.h
install-exec-hook:
Index: hashalot-0.3/configure.ac
===================================================================
--- hashalot-0.3/configure.ac.orig
+++ hashalot-0.3/configure.ac
@@ -8,5 +8,6 @@ AC_PROG_LN_S
AC_HEADER_STDC
AC_CHECK_HEADERS(libgen.h stdio.h stdlib.h string.h unistd.h assert.h sys/types.h sys/mman.h endian.h , , [ AC_MSG_ERROR(required header not found)])
AC_CHECK_FUNCS(getopt snprintf , , [ AC_MSG_ERROR(required function not found)])
+AM_PATH_LIBGCRYPT(,[AC_DEFINE([HAVE_LIBGCRYPT], 1)])
AC_OUTPUT(Makefile)
Index: hashalot-0.3/hashalot.c
===================================================================
--- hashalot-0.3/hashalot.c.orig
+++ hashalot-0.3/hashalot.c
@@ -25,6 +25,10 @@
#include <sys/types.h>
#include <sys/mman.h>
+#if HAVE_LIBGCRYPT
+#include <gcrypt.h>
+#endif
+
#include "rmd160.h"
#include "sha512.h"
@@ -97,9 +101,9 @@ show_usage(const char argv0[])
fprintf (stdout,
"usage:\n"
- " hashalot [ -x ] [ -s SALT ] [ -n _#bytes_ ] HASHTYPE\n"
+ " hashalot [ -x ] [ -s SALT ] [ -n _#bytes_ ] [ -C itercountk ] HASHTYPE\n"
" or\n"
- " HASHTYPE [ -x ] [ -s SALT ] [ -n _#bytes_ ]\n"
+ " HASHTYPE [ -x ] [ -s SALT ] [ -n _#bytes_ ] [ -C itercountk ]\n"
"\n"
"supported values for HASHTYPE: ");
@@ -214,8 +218,9 @@ main(int argc, char *argv[])
size_t hashlen = 0;
phash_func_t func;
int hex_output = 0, c;
+ unsigned long itercountk = 0;
- while ((c = getopt(argc, argv, "n:s:x")) != -1) {
+ while ((c = getopt(argc, argv, "n:s:xC:")) != -1) {
switch (c) {
case 'n':
hashlen = strtoul(optarg, &p, 0);
@@ -233,6 +238,9 @@ main(int argc, char *argv[])
case 'x':
hex_output++;
break;
+ case 'C':
+ itercountk = atoi(optarg);
+ break;
default:
show_usage(argv[0]);
exit(EXIT_FAILURE);
@@ -257,6 +265,8 @@ main(int argc, char *argv[])
* plus a newline, plus a null */
passhash = xmalloc(2*hashlen + 2);
+ memset(passhash, 0, 2*hashlen+2);
+
/* try to lock memory so it doesn't get swapped out for sure */
if (mlockall(MCL_CURRENT | MCL_FUTURE) == -1) {
perror("mlockall");
@@ -268,6 +278,69 @@ main(int argc, char *argv[])
if (salt)
pass = salt_passphrase(pass, salt);
hashlen = func(passhash, hashlen, pass, strlen(pass));
+
+ if(itercountk) /* from loop-AES */
+ {
+#if HAVE_LIBGCRYPT
+ gcry_cipher_hd_t ctx;
+ gcry_error_t err;
+ char tmp[32];
+ char out[32];
+
+ if(hashlen > 32) {
+ fprintf(stderr, "WARNING: hashlen truncated to 32\n");
+ hashlen = 32;
+ }
+
+ if(!gcry_check_version("1.1.0")) {
+ fprintf(stderr, "libgcrypt initialization failed\n");
+ exit(EXIT_FAILURE);
+ }
+
+ memset(out, 0, sizeof(out));
+ memcpy(out, passhash, hashlen);
+
+ err = gcry_cipher_open(&ctx, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_CBC, 0);
+ if(err)
+ {
+ fprintf(stderr, "can't initialize AES: %s\n", gcry_strerror (err));
+ exit(EXIT_FAILURE);
+ }
+
+ /*
+ * Set up AES-256 encryption key using same password and hash function
+ * as before but with password bit 0 flipped before hashing. That key
+ * is then used to encrypt actual loop key 'itercountk' thousand times.
+ */
+ pass[0] ^= 1;
+ func(&tmp[0], 32, pass, strlen(pass));
+ gcry_cipher_setkey(ctx, &tmp[0], 32);
+ itercountk *= 1000;
+ while(itercountk > 0) {
+ gcry_cipher_reset(ctx);
+ gcry_cipher_setiv(ctx, NULL, 0);
+ /* encrypt both 128bit blocks with AES-256 */
+ gcry_cipher_encrypt(ctx, &out[ 0], 16, &out[ 0], 16);
+ gcry_cipher_reset(ctx);
+ gcry_cipher_setiv(ctx, NULL, 0);
+ gcry_cipher_encrypt(ctx, &out[16], 16, &out[16], 16);
+ /* exchange upper half of first block with lower half of second block */
+ memcpy(&tmp[0], &out[8], 8);
+ memcpy(&out[8], &out[16], 8);
+ memcpy(&out[16], &tmp[0], 8);
+ itercountk--;
+ }
+ memset(&tmp[0], 0, sizeof(tmp));
+
+ memcpy(passhash, out, hashlen);
+
+ gcry_cipher_close(ctx);
+#else
+ fprintf(stderr, "libgcrypt support is required for option -C\n");
+ exit(EXIT_FAILURE);
+#endif
+
+ }
memset (pass, 0, strlen (pass)); /* paranoia */
free(pass);

39
hashalot-manpage.diff Normal file
View File

@ -0,0 +1,39 @@
document -C and -t options in manpage
Signed-off-by: Ludwig Nussel <ludwig.nussel@suse.de>
Index: hashalot-0.3/hashalot.1
===================================================================
--- hashalot-0.3/hashalot.1.orig
+++ hashalot-0.3/hashalot.1
@@ -2,9 +2,9 @@
.SH NAME
hashalot \- read a passphrase and print a hash
.SH SYNOPSIS
-.B hashalot [ \-s SALT ] [ \-x ] [ \-n #BYTES ] HASHTYPE
+.B hashalot [ \-t secs ] [ \-s SALT ] [ \-x ] [ \-n #BYTES ] [ \-C itercountk ] HASHTYPE
.br
-.B HASHTYPE [ \-s SALT ] [ \-x ] [ \-n #BYTES ]
+.B HASHTYPE [ \-t secs ] [ \-s SALT ] [ \-x ] [ \-n #BYTES ] [ \-C itercountk ]
.SH DESCRIPTION
.PP
\fIhashalot\fP is a small tool that reads a passphrase from standard
@@ -36,6 +36,18 @@ option can be used to limit (or increase
default is as appropriate for the specified hash algorithm: 20 bytes for
RIPEMD160, 32 bytes for SHA256, etc. The default for the "rmd160compat"
hash is 16 bytes, for compatibility with the old kerneli.org utilities.
+.PP
+The
+.B \-t
+option specifies a timeout for reading the passphrase from the terminal.
+.PP
+The
+.B \-C
+option specifies that the hashed password has to be encrypted
+itercountk thousand times using AES-256. Use for compatability with
+loop-AES.
+.PP
+The options \-t and \-C are currently SUSE specific
.SH AUTHOR
Ben Slusky <sluskyb@paranoiacs.org>
.PP

89
hashalot-timeout.diff Normal file
View File

@ -0,0 +1,89 @@
add timeout option -t
Signed-off-by: Ludwig Nussel <ludwig.nussel@suse.de>
Index: hashalot-0.3/hashalot.c
===================================================================
--- hashalot-0.3/hashalot.c.orig
+++ hashalot-0.3/hashalot.c
@@ -21,6 +21,7 @@
#include <string.h>
#include <unistd.h>
#include <assert.h>
+#include <signal.h>
#include <sys/types.h>
#include <sys/mman.h>
@@ -36,6 +37,12 @@
typedef int (*phash_func_t)(char dest[], size_t dest_len, const char src[], size_t src_len);
+static int got_timeout;
+void alrm_handler(int num)
+{
+ got_timeout = 1;
+}
+
static int
phash_rmd160(char dest[], size_t dest_len, const char src[], size_t src_len)
{
@@ -101,9 +108,9 @@ show_usage(const char argv0[])
fprintf (stdout,
"usage:\n"
- " hashalot [ -x ] [ -s SALT ] [ -n _#bytes_ ] [ -C itercountk ] HASHTYPE\n"
+ " hashalot [ -t secs ] [ -x ] [ -s SALT ] [ -n _#bytes_ ] [ -C itercountk ] HASHTYPE\n"
" or\n"
- " HASHTYPE [ -x ] [ -s SALT ] [ -n _#bytes_ ] [ -C itercountk ]\n"
+ " HASHTYPE [ -t secs ] [ -x ] [ -s SALT ] [ -n _#bytes_ ] [ -C itercountk ]\n"
"\n"
"supported values for HASHTYPE: ");
@@ -219,8 +226,9 @@ main(int argc, char *argv[])
phash_func_t func;
int hex_output = 0, c;
unsigned long itercountk = 0;
+ unsigned timeout = 0;
- while ((c = getopt(argc, argv, "n:s:xC:")) != -1) {
+ while ((c = getopt(argc, argv, "n:s:xC:t:")) != -1) {
switch (c) {
case 'n':
hashlen = strtoul(optarg, &p, 0);
@@ -235,6 +243,9 @@ main(int argc, char *argv[])
case 's':
salt = optarg;
break;
+ case 't':
+ timeout = atoi(optarg);
+ break;
case 'x':
hex_output++;
break;
@@ -273,12 +284,25 @@ main(int argc, char *argv[])
fputs("Warning: couldn't lock memory, are you root?\n", stderr);
}
+ if(timeout) {
+ struct sigaction sa;
+ sa.sa_handler = alrm_handler;
+ sigemptyset (&sa.sa_mask);
+ sa.sa_flags = 0;
+ sigaction(SIGALRM, &sa, NULL);
+ alarm(timeout);
+ }
+
/* here we acquire the precious passphrase... */
pass = xgetpass("Enter passphrase: ");
- if(!*pass) {
+ if(got_timeout || !*pass) {
exit(EXIT_FAILURE);
}
+ if(timeout) {
+ alarm(0);
+ }
+
if (salt)
pass = salt_passphrase(pass, salt);
hashlen = func(passhash, hashlen, pass, strlen(pass));

0
ready Normal file
View File