forked from pool/cryptsetup
This commit is contained in:
commit
48e40f9652
23
.gitattributes
vendored
Normal file
23
.gitattributes
vendored
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
## Default LFS
|
||||||
|
*.7z filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.bsp filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.bz2 filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.gem filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.gz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.jar filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.lz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.lzma filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.obscpio filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.oxt filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.pdf filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.png filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.rpm filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.tbz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.tbz2 filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.tgz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.ttf filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.txz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.whl filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.xz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.zip filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.zst filter=lfs diff=lfs merge=lfs -text
|
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
@ -0,0 +1 @@
|
|||||||
|
.osc
|
3
Makefile.doc
Normal file
3
Makefile.doc
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
crypttab.5: crypttab.5.txt
|
||||||
|
a2x -d manpage -f manpage crypttab.5.txt
|
||||||
|
rm -f crypttab.5.xml
|
1066
boot.crypto
Normal file
1066
boot.crypto
Normal file
File diff suppressed because it is too large
Load Diff
3
cryptsetup-1.0.5.tar.bz2
Normal file
3
cryptsetup-1.0.5.tar.bz2
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:4bab529afa00cafde3bc5df2769578c88438f80c5152d4257cd0e86986f95bc4
|
||||||
|
size 322394
|
117
cryptsetup-luks-implicit-declarations.diff
Normal file
117
cryptsetup-luks-implicit-declarations.diff
Normal file
@ -0,0 +1,117 @@
|
|||||||
|
fix implicit function declarations
|
||||||
|
|
||||||
|
Signed-off-by: Ludwig Nussel <ludwig.nussel@suse.de>
|
||||||
|
|
||||||
|
Index: cryptsetup-luks-1.0.4_SVN30/lib/internal.h
|
||||||
|
===================================================================
|
||||||
|
--- cryptsetup-luks-1.0.4_SVN30.orig/lib/internal.h
|
||||||
|
+++ cryptsetup-luks-1.0.4_SVN30/lib/internal.h
|
||||||
|
@@ -62,6 +62,9 @@ int hash(const char *backend_name, const
|
||||||
|
struct setup_backend *get_setup_backend(const char *name);
|
||||||
|
void put_setup_backend(struct setup_backend *backend);
|
||||||
|
|
||||||
|
+void hexprint(char *d, int n);
|
||||||
|
+
|
||||||
|
+int sector_size_for_device(const char *device);
|
||||||
|
ssize_t write_blockwise(int fd, const void *buf, size_t count);
|
||||||
|
ssize_t read_blockwise(int fd, void *_buf, size_t count);
|
||||||
|
ssize_t write_lseek_blockwise(int fd, const char *buf, size_t count, off_t offset);
|
||||||
|
Index: cryptsetup-luks-1.0.4_SVN30/lib/libcryptsetup.h
|
||||||
|
===================================================================
|
||||||
|
--- cryptsetup-luks-1.0.4_SVN30.orig/lib/libcryptsetup.h
|
||||||
|
+++ cryptsetup-luks-1.0.4_SVN30/lib/libcryptsetup.h
|
||||||
|
@@ -45,6 +45,8 @@ int crypt_luksDelKey(struct crypt_option
|
||||||
|
int crypt_luksAddKey(struct crypt_options *options);
|
||||||
|
int crypt_luksUUID(struct crypt_options *options);
|
||||||
|
int crypt_isLuks(struct crypt_options *options);
|
||||||
|
+int crypt_luksFormat(struct crypt_options *options);
|
||||||
|
+int crypt_luksDump(struct crypt_options *options);
|
||||||
|
|
||||||
|
void crypt_get_error(char *buf, size_t size);
|
||||||
|
void crypt_put_options(struct crypt_options *options);
|
||||||
|
Index: cryptsetup-luks-1.0.4_SVN30/lib/setup.c
|
||||||
|
===================================================================
|
||||||
|
--- cryptsetup-luks-1.0.4_SVN30.orig/lib/setup.c
|
||||||
|
+++ cryptsetup-luks-1.0.4_SVN30/lib/setup.c
|
||||||
|
@@ -107,7 +107,7 @@ static int interactive_pass(const char *
|
||||||
|
{
|
||||||
|
struct termios orig, tmp;
|
||||||
|
int failed = -1;
|
||||||
|
- int infd, outfd;
|
||||||
|
+ int infd = STDIN_FILENO, outfd;
|
||||||
|
|
||||||
|
if (maxlen < 1)
|
||||||
|
goto out_err;
|
||||||
|
Index: cryptsetup-luks-1.0.4_SVN30/lib/utils.c
|
||||||
|
===================================================================
|
||||||
|
--- cryptsetup-luks-1.0.4_SVN30.orig/lib/utils.c
|
||||||
|
+++ cryptsetup-luks-1.0.4_SVN30/lib/utils.c
|
||||||
|
@@ -9,6 +9,7 @@
|
||||||
|
#include <unistd.h>
|
||||||
|
#include <sys/types.h>
|
||||||
|
#include <sys/stat.h>
|
||||||
|
+#include <sys/ioctl.h>
|
||||||
|
#include <fcntl.h>
|
||||||
|
|
||||||
|
#include "libcryptsetup.h"
|
||||||
|
Index: cryptsetup-luks-1.0.4_SVN30/luks/af.c
|
||||||
|
===================================================================
|
||||||
|
--- cryptsetup-luks-1.0.4_SVN30.orig/luks/af.c
|
||||||
|
+++ cryptsetup-luks-1.0.4_SVN30/luks/af.c
|
||||||
|
@@ -30,6 +30,7 @@
|
||||||
|
#include <errno.h>
|
||||||
|
#include "sha1.h"
|
||||||
|
#include "XORblock.h"
|
||||||
|
+#include "random.h"
|
||||||
|
|
||||||
|
/* diffuse: Information spreading over the whole dataset with
|
||||||
|
* the help of sha512.
|
||||||
|
Index: cryptsetup-luks-1.0.4_SVN30/luks/keyencryption.c
|
||||||
|
===================================================================
|
||||||
|
--- cryptsetup-luks-1.0.4_SVN30.orig/luks/keyencryption.c
|
||||||
|
+++ cryptsetup-luks-1.0.4_SVN30/luks/keyencryption.c
|
||||||
|
@@ -40,6 +40,9 @@
|
||||||
|
(__a - 1) / __b + 1; \
|
||||||
|
})
|
||||||
|
|
||||||
|
+static inline int round_up_modulo(int x, int m) {
|
||||||
|
+ return div_round_up(x, m) * m;
|
||||||
|
+}
|
||||||
|
|
||||||
|
static int setup_mapping(const char *cipher, const char *name,
|
||||||
|
const char *device, unsigned int payloadOffset,
|
||||||
|
Index: cryptsetup-luks-1.0.4_SVN30/luks/keymanage.c
|
||||||
|
===================================================================
|
||||||
|
--- cryptsetup-luks-1.0.4_SVN30.orig/luks/keymanage.c
|
||||||
|
+++ cryptsetup-luks-1.0.4_SVN30/luks/keymanage.c
|
||||||
|
@@ -141,7 +141,7 @@ int LUKS_write_phdr(const char *device,
|
||||||
|
return r;
|
||||||
|
}
|
||||||
|
|
||||||
|
-inline int round_up_modulo(int x, int m) {
|
||||||
|
+static inline int round_up_modulo(int x, int m) {
|
||||||
|
return div_round_up(x, m) * m;
|
||||||
|
}
|
||||||
|
|
||||||
|
Index: cryptsetup-luks-1.0.4_SVN30/src/cryptsetup.c
|
||||||
|
===================================================================
|
||||||
|
--- cryptsetup-luks-1.0.4_SVN30.orig/src/cryptsetup.c
|
||||||
|
+++ cryptsetup-luks-1.0.4_SVN30/src/cryptsetup.c
|
||||||
|
@@ -4,6 +4,7 @@
|
||||||
|
#include <stdint.h>
|
||||||
|
#include <inttypes.h>
|
||||||
|
#include <errno.h>
|
||||||
|
+#include <unistd.h>
|
||||||
|
#include <assert.h>
|
||||||
|
|
||||||
|
#include <libcryptsetup.h>
|
||||||
|
@@ -13,6 +14,9 @@
|
||||||
|
|
||||||
|
#include "cryptsetup.h"
|
||||||
|
|
||||||
|
+// XXX!
|
||||||
|
+int LUKS_is_last_keyslot(const char *device, unsigned int keyIndex);
|
||||||
|
+
|
||||||
|
static int opt_verbose = 1;
|
||||||
|
static char *opt_cipher = NULL;
|
||||||
|
static char *opt_hash = DEFAULT_HASH;
|
189
cryptsetup-luks-libnostderr.diff
Normal file
189
cryptsetup-luks-libnostderr.diff
Normal file
@ -0,0 +1,189 @@
|
|||||||
|
use set_error instead of printf in library to report errors.
|
||||||
|
|
||||||
|
Signed-off-by: Ludwig Nussel <ludwig.nussel@suse.de>
|
||||||
|
|
||||||
|
Index: cryptsetup-luks-1.0.4_SVN30/lib/setup.c
|
||||||
|
===================================================================
|
||||||
|
--- cryptsetup-luks-1.0.4_SVN30.orig/lib/setup.c
|
||||||
|
+++ cryptsetup-luks-1.0.4_SVN30/lib/setup.c
|
||||||
|
@@ -96,7 +96,7 @@ static int timed_read(int fd, char *pass
|
||||||
|
if (select(fd+1, &fds, NULL, NULL, &t) > 0)
|
||||||
|
failed = untimed_read(fd, pass, maxlen);
|
||||||
|
else
|
||||||
|
- fprintf(stderr, "Operation timed out.\n");
|
||||||
|
+ set_error("Operation timed out");
|
||||||
|
return failed;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -195,14 +195,16 @@ static int get_key(struct crypt_options
|
||||||
|
|
||||||
|
pass = safe_alloc(512);
|
||||||
|
if (!pass || (i = interactive_pass(prompt, pass, 512, options->timeout))) {
|
||||||
|
- set_error("Error reading passphrase");
|
||||||
|
+ if(!get_error())
|
||||||
|
+ set_error("Error reading passphrase");
|
||||||
|
goto out_err;
|
||||||
|
}
|
||||||
|
if (verify || verify_if_possible) {
|
||||||
|
char pass_verify[512];
|
||||||
|
i = interactive_pass("Verify passphrase: ", pass_verify, sizeof(pass_verify), options->timeout);
|
||||||
|
if (i || strcmp(pass, pass_verify) != 0) {
|
||||||
|
- set_error("Passphrases do not match");
|
||||||
|
+ if(!get_error())
|
||||||
|
+ set_error("Passphrases do not match");
|
||||||
|
goto out_err;
|
||||||
|
}
|
||||||
|
memset(pass_verify, 0, sizeof(pass_verify));
|
||||||
|
@@ -383,7 +385,7 @@ static int parse_into_name_and_mode(cons
|
||||||
|
strncpy(mode,"cbc-plain",10);
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
- fprintf(stderr, "no known cipher-spec pattern detected\n");
|
||||||
|
+ set_error("no known cipher-spec pattern detected");
|
||||||
|
return -EINVAL;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
@@ -642,7 +644,6 @@ start:
|
||||||
|
r = -EINVAL; goto out;
|
||||||
|
}
|
||||||
|
if((r = LUKS_open_any_key(options->device, password, passwordLen, &hdr, &mk, backend)) < 0) {
|
||||||
|
- set_error("No key available with this passphrase.\n");
|
||||||
|
goto out1;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -716,7 +717,7 @@ static int __crypt_luks_add_key(int arg,
|
||||||
|
r = -EINVAL; goto out;
|
||||||
|
}
|
||||||
|
if(LUKS_open_any_key(device, password, passwordLen, &hdr, &mk, backend) < 0) {
|
||||||
|
- printf("No key available with this passphrase.\n");
|
||||||
|
+ set_error("No key available with this passphrase");
|
||||||
|
r = -EPERM; goto out;
|
||||||
|
}
|
||||||
|
safe_free(password);
|
||||||
|
@@ -759,7 +760,7 @@ static int __crypt_luks_del_key(int arg,
|
||||||
|
}
|
||||||
|
openedIndex = LUKS_open_any_key(device, password, passwordLen, &hdr, &mk, backend);
|
||||||
|
if(openedIndex < 0 || keyIndex == openedIndex) {
|
||||||
|
- printf("No remaining key available with this passphrase.\n");
|
||||||
|
+ set_error("No remaining key available with this passphrase");
|
||||||
|
r = -EPERM; goto out;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
Index: cryptsetup-luks-1.0.4_SVN30/luks/keymanage.c
|
||||||
|
===================================================================
|
||||||
|
--- cryptsetup-luks-1.0.4_SVN30.orig/luks/keymanage.c
|
||||||
|
+++ cryptsetup-luks-1.0.4_SVN30/luks/keymanage.c
|
||||||
|
@@ -76,20 +76,20 @@ int LUKS_read_phdr(const char *device, s
|
||||||
|
|
||||||
|
devfd = open(device,O_RDONLY | O_DIRECT | O_SYNC);
|
||||||
|
if(-1 == devfd) {
|
||||||
|
- fprintf(stderr, _("Can't open device: %s\n"), device);
|
||||||
|
+ set_error(_("Can't open device %s"), device);
|
||||||
|
return -EINVAL;
|
||||||
|
}
|
||||||
|
|
||||||
|
if(read_blockwise(devfd, hdr, sizeof(struct luks_phdr)) < sizeof(struct luks_phdr)) {
|
||||||
|
r = -EIO;
|
||||||
|
} else if(memcmp(hdr->magic, luksMagic, LUKS_MAGIC_L)) { /* Check magic */
|
||||||
|
- fprintf(stderr, _("%s is not a LUKS partition\n"), device);
|
||||||
|
+ set_error(_("%s is not a LUKS partition\n"), device);
|
||||||
|
r = -EINVAL;
|
||||||
|
} else if(memcmp(hdr->hashSpec, "sha1", 4)) { /* Check for SHA1 - other hashspecs are not implemented ATM */
|
||||||
|
- fputs(_("unknown hash spec in phdr"), stderr);
|
||||||
|
+ set_error(_("unknown hash spec in phdr"));
|
||||||
|
r = -EINVAL;
|
||||||
|
} else if((hdr->version = ntohs(hdr->version)) != 1) { /* Convert every uint16/32_t item from network byte order */
|
||||||
|
- fprintf(stderr, _("unknown version %d\n"), hdr->version);
|
||||||
|
+ set_error( _("unknown LUKS version %d\n"), hdr->version);
|
||||||
|
r = -EINVAL;
|
||||||
|
} else {
|
||||||
|
hdr->payloadOffset = ntohl(hdr->payloadOffset);
|
||||||
|
@@ -117,7 +117,7 @@ int LUKS_write_phdr(const char *device,
|
||||||
|
|
||||||
|
devfd = open(device,O_RDWR | O_DIRECT | O_SYNC);
|
||||||
|
if(-1 == devfd) {
|
||||||
|
- fprintf(stderr, _("Can't open device: %s\n"), device);
|
||||||
|
+ set_error(_("Can't open device %s"), device);
|
||||||
|
return -EINVAL;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -210,12 +210,12 @@ int LUKS_set_key(const char *device, uns
|
||||||
|
int r;
|
||||||
|
|
||||||
|
if(hdr->keyblock[keyIndex].active != LUKS_KEY_DISABLED) {
|
||||||
|
- fprintf(stderr, _("key %d active, purge first.\n"), keyIndex);
|
||||||
|
+ set_error( _("key %d active, purge first"), keyIndex);
|
||||||
|
return -EINVAL;
|
||||||
|
}
|
||||||
|
|
||||||
|
if(hdr->keyblock[keyIndex].stripes < LUKS_STRIPES) {
|
||||||
|
- fprintf(stderr,_("key material section %d includes too few stripes. Header manipulation?\n"),keyIndex);
|
||||||
|
+ set_error(_("key material section %d includes too few stripes. Header manipulation?"),keyIndex);
|
||||||
|
return -EINVAL;
|
||||||
|
}
|
||||||
|
r = getRandom(hdr->keyblock[keyIndex].passwordSalt, LUKS_SALTSIZE);
|
||||||
|
@@ -247,7 +247,8 @@ int LUKS_set_key(const char *device, uns
|
||||||
|
hdr->keyblock[keyIndex].keyMaterialOffset,
|
||||||
|
backend);
|
||||||
|
if(r < 0) {
|
||||||
|
- fprintf(stderr,"Failed to write to key storage.\n");
|
||||||
|
+ if(!get_error())
|
||||||
|
+ set_error("Failed to write to key storage");
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -303,7 +304,8 @@ int LUKS_open_key(const char *device,
|
||||||
|
hdr->keyblock[keyIndex].keyMaterialOffset,
|
||||||
|
backend);
|
||||||
|
if(r < 0) {
|
||||||
|
- fprintf(stderr,"Failed to read from key storage\n");
|
||||||
|
+ if(!get_error())
|
||||||
|
+ set_error("Failed to read from key storage");
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -387,7 +389,7 @@ static int wipe(const char *device, unsi
|
||||||
|
|
||||||
|
devfd = open(device, O_RDWR | O_DIRECT);
|
||||||
|
if(devfd == -1) {
|
||||||
|
- fprintf(stderr, _("Can't open device: %s\n"), device);
|
||||||
|
+ set_error(_("Can't open device %s"), device);
|
||||||
|
return -EINVAL;
|
||||||
|
}
|
||||||
|
|
||||||
|
Index: cryptsetup-luks-1.0.4_SVN30/lib/utils.c
|
||||||
|
===================================================================
|
||||||
|
--- cryptsetup-luks-1.0.4_SVN30.orig/lib/utils.c
|
||||||
|
+++ cryptsetup-luks-1.0.4_SVN30/lib/utils.c
|
||||||
|
@@ -226,7 +226,7 @@ ssize_t read_blockwise(int fd, void *ori
|
||||||
|
while(count) {
|
||||||
|
r = read(fd,padbuf,bsize);
|
||||||
|
if(r < 0 || r != bsize) {
|
||||||
|
- fprintf(stderr, "read failed in read_blockwise.\n");
|
||||||
|
+ set_error("read failed in read_blockwise()");
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
step = count<bsize?count:bsize;
|
||||||
|
Index: cryptsetup-luks-1.0.4_SVN30/luks/keyencryption.c
|
||||||
|
===================================================================
|
||||||
|
--- cryptsetup-luks-1.0.4_SVN30.orig/luks/keyencryption.c
|
||||||
|
+++ cryptsetup-luks-1.0.4_SVN30/luks/keyencryption.c
|
||||||
|
@@ -61,7 +61,7 @@ static int setup_mapping(const char *cip
|
||||||
|
* device's sector size, otherwise the mapping will be refused.
|
||||||
|
*/
|
||||||
|
if(device_sector_size < 0) {
|
||||||
|
- fprintf(stderr,_("Unable to obtain sector size for %s"),device);
|
||||||
|
+ set_error(_("Unable to obtain sector size for %s"),device);
|
||||||
|
return -EINVAL;
|
||||||
|
}
|
||||||
|
options->size = round_up_modulo(srcLength,device_sector_size)/SECTOR_SIZE;
|
||||||
|
@@ -121,7 +121,8 @@ static int LUKS_endec_template(char *src
|
||||||
|
|
||||||
|
r = setup_mapping(dmCipherSpec,name,device,hdr->payloadOffset,key,keyLength,sector,srcLength,backend,mode);
|
||||||
|
if(r < 0) {
|
||||||
|
- fprintf(stderr,"Failed to setup dm-crypt key mapping.\nCheck kernel for support for the %s cipher spec and verify that %s contains at least %d sectors.\n",
|
||||||
|
+ if(!get_error())
|
||||||
|
+ set_error("Failed to setup dm-crypt key mapping.\nCheck kernel for support for the %s cipher spec and verify that %s contains at least %d sectors",
|
||||||
|
dmCipherSpec,
|
||||||
|
device,
|
||||||
|
sector + div_round_up(srcLength,SECTOR_SIZE));
|
17
cryptsetup-luks-uninitialized.diff
Normal file
17
cryptsetup-luks-uninitialized.diff
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
fix segfault when trying to open a non existing device
|
||||||
|
|
||||||
|
Signed-off-by: Ludwig Nussel <ludwig.nussel@suse.de>
|
||||||
|
|
||||||
|
Index: cryptsetup-luks-1.0.4_SVN30/lib/setup.c
|
||||||
|
===================================================================
|
||||||
|
--- cryptsetup-luks-1.0.4_SVN30.orig/lib/setup.c
|
||||||
|
+++ cryptsetup-luks-1.0.4_SVN30/lib/setup.c
|
||||||
|
@@ -608,7 +608,7 @@ out:
|
||||||
|
|
||||||
|
static int __crypt_luks_open(int arg, struct setup_backend *backend, struct crypt_options *options)
|
||||||
|
{
|
||||||
|
- struct luks_masterkey *mk;
|
||||||
|
+ struct luks_masterkey *mk=NULL;
|
||||||
|
struct luks_phdr hdr;
|
||||||
|
char *password; int passwordLen;
|
||||||
|
struct device_infos infos;
|
92
cryptsetup-luks-warnings.diff
Normal file
92
cryptsetup-luks-warnings.diff
Normal file
@ -0,0 +1,92 @@
|
|||||||
|
fix some gcc warnings
|
||||||
|
|
||||||
|
Signed-off-by: Ludwig Nussel <ludwig.nussel@suse.de>
|
||||||
|
|
||||||
|
Index: cryptsetup-luks-1.0.4_SVN30/lib/libdevmapper.c
|
||||||
|
===================================================================
|
||||||
|
--- cryptsetup-luks-1.0.4_SVN30.orig/lib/libdevmapper.c
|
||||||
|
+++ cryptsetup-luks-1.0.4_SVN30/lib/libdevmapper.c
|
||||||
|
@@ -258,7 +258,7 @@ static int dm_query_device(int details,
|
||||||
|
options->skip = 0;
|
||||||
|
options->size = length;
|
||||||
|
if (details) {
|
||||||
|
- char *cipher, *key_, *device, *tmp;
|
||||||
|
+ char *cipher, *key_, *device;
|
||||||
|
uint64_t val64;
|
||||||
|
|
||||||
|
set_error("Invalid dm table");
|
||||||
|
Index: cryptsetup-luks-1.0.4_SVN30/lib/setup.c
|
||||||
|
===================================================================
|
||||||
|
--- cryptsetup-luks-1.0.4_SVN30.orig/lib/setup.c
|
||||||
|
+++ cryptsetup-luks-1.0.4_SVN30/lib/setup.c
|
||||||
|
@@ -57,8 +57,6 @@ static int setup_enter(struct setup_back
|
||||||
|
|
||||||
|
static int setup_leave(struct setup_backend *backend)
|
||||||
|
{
|
||||||
|
- const char *error;
|
||||||
|
-
|
||||||
|
if (backend)
|
||||||
|
backend->exit();
|
||||||
|
|
||||||
|
Index: cryptsetup-luks-1.0.4_SVN30/lib/utils.c
|
||||||
|
===================================================================
|
||||||
|
--- cryptsetup-luks-1.0.4_SVN30.orig/lib/utils.c
|
||||||
|
+++ cryptsetup-luks-1.0.4_SVN30/lib/utils.c
|
||||||
|
@@ -173,7 +173,7 @@ ssize_t write_blockwise(int fd, const vo
|
||||||
|
{
|
||||||
|
char *padbuf; char *padbuf_base;
|
||||||
|
char *buf = (char *)orig_buf;
|
||||||
|
- int r;
|
||||||
|
+ int r = 0;
|
||||||
|
int hangover; int solid; int bsize;
|
||||||
|
|
||||||
|
if ((bsize = sector_size(fd)) < 0)
|
||||||
|
@@ -213,7 +213,7 @@ ssize_t write_blockwise(int fd, const vo
|
||||||
|
ssize_t read_blockwise(int fd, void *orig_buf, size_t count) {
|
||||||
|
char *padbuf; char *padbuf_base;
|
||||||
|
char *buf = (char *)orig_buf;
|
||||||
|
- int r;
|
||||||
|
+ int r = 0;
|
||||||
|
int step;
|
||||||
|
int bsize;
|
||||||
|
|
||||||
|
Index: cryptsetup-luks-1.0.4_SVN30/luks/keymanage.c
|
||||||
|
===================================================================
|
||||||
|
--- cryptsetup-luks-1.0.4_SVN30.orig/luks/keymanage.c
|
||||||
|
+++ cryptsetup-luks-1.0.4_SVN30/luks/keymanage.c
|
||||||
|
@@ -417,7 +417,7 @@ static int wipe(const char *device, unsi
|
||||||
|
int LUKS_del_key(const char *device, unsigned int keyIndex)
|
||||||
|
{
|
||||||
|
struct luks_phdr hdr;
|
||||||
|
- unsigned int i, startOffset, endOffset, stripesLen;
|
||||||
|
+ unsigned int startOffset, endOffset, stripesLen;
|
||||||
|
int r;
|
||||||
|
|
||||||
|
r = LUKS_read_phdr(device, &hdr);
|
||||||
|
Index: cryptsetup-luks-1.0.4_SVN30/luks/random.c
|
||||||
|
===================================================================
|
||||||
|
--- cryptsetup-luks-1.0.4_SVN30.orig/luks/random.c
|
||||||
|
+++ cryptsetup-luks-1.0.4_SVN30/luks/random.c
|
||||||
|
@@ -13,7 +13,7 @@
|
||||||
|
|
||||||
|
int getRandom(char *buf, size_t len)
|
||||||
|
{
|
||||||
|
- int randomfd, r = 0, index = 0;
|
||||||
|
+ int randomfd, r = 0;
|
||||||
|
|
||||||
|
//FIXME Run a FIPS test for the random device or include
|
||||||
|
// PRNG if urandom not avail.
|
||||||
|
Index: cryptsetup-luks-1.0.4_SVN30/src/cryptsetup.c
|
||||||
|
===================================================================
|
||||||
|
--- cryptsetup-luks-1.0.4_SVN30.orig/src/cryptsetup.c
|
||||||
|
+++ cryptsetup-luks-1.0.4_SVN30/src/cryptsetup.c
|
||||||
|
@@ -203,7 +203,8 @@ static int yesDialog(char *msg)
|
||||||
|
size_t size=0;
|
||||||
|
fprintf(stderr,"\nWARNING!\n========\n");
|
||||||
|
fprintf(stderr,"%s\n\nAre you sure? (Type uppercase yes): ",msg);
|
||||||
|
- getline(&answer,&size,stdin);
|
||||||
|
+ if(getline(&answer,&size,stdin) == -1)
|
||||||
|
+ return 0;
|
||||||
|
if(strcmp(answer,"YES\n") == 0)
|
||||||
|
r = 1;
|
||||||
|
free(answer);
|
8
cryptsetup-mktar
Normal file
8
cryptsetup-mktar
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
# repo is at http://luks.endorphin.org/svn/cryptsetup
|
||||||
|
set -e
|
||||||
|
SVN_VERSION="1.0.4_SVN`svnversion .`"
|
||||||
|
rm -rf cryptsetup-luks-${SVN_VERSION}
|
||||||
|
svn export . cryptsetup-luks-${SVN_VERSION}
|
||||||
|
tar --owner=root --group=root --force-local -cjf cryptsetup-luks-${SVN_VERSION}.tar.bz2 cryptsetup-luks-${SVN_VERSION}
|
||||||
|
rm -rf cryptsetup-luks-${SVN_VERSION}
|
155
cryptsetup.changes
Normal file
155
cryptsetup.changes
Normal file
@ -0,0 +1,155 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Jun 1 10:07:14 CEST 2007 - lnussel@suse.de
|
||||||
|
|
||||||
|
- rename util-linux-crypto to cryptsetup
|
||||||
|
- remove dmconvert
|
||||||
|
- replace svn snapshot with official 1.0.5 release
|
||||||
|
- don't enable boot.crypto by default
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue May 29 15:58:44 CEST 2007 - lnussel@suse.de
|
||||||
|
|
||||||
|
- fix segfault when trying to open a non existing device
|
||||||
|
- fix gcc warnings
|
||||||
|
- add Short-Description to boot.crypto
|
||||||
|
- use %find_lang
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed May 9 14:52:00 CEST 2007 - lnussel@suse.de
|
||||||
|
|
||||||
|
- boot.crypto: implement 'status'
|
||||||
|
- boot.crypto: accept argument to start/stop single devices
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed May 9 10:40:28 CEST 2007 - lnussel@suse.de
|
||||||
|
|
||||||
|
- hashalot: add timeout option
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed May 9 09:40:42 CEST 2007 - lnussel@suse.de
|
||||||
|
|
||||||
|
- fix build
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue May 8 15:16:41 CEST 2007 - lnussel@suse.de
|
||||||
|
|
||||||
|
- boot.crypto: switch off splash screen only when needed
|
||||||
|
- boot.crypto: report status for individual volumes instead of using one global
|
||||||
|
exit status
|
||||||
|
- hashalot: exit unsucessfully on empty passphrase
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue May 8 10:43:24 CEST 2007 - lnussel@suse.de
|
||||||
|
|
||||||
|
- boot.crypto: sleep a bit longer before overwriting the prompt
|
||||||
|
- boot.crypto: add support for pseed and itercountk options
|
||||||
|
- boot.crypto: skip entries with unsupported/unknown options
|
||||||
|
- hashalot: add support for itercountk
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri May 4 16:38:11 CEST 2007 - lnussel@suse.de
|
||||||
|
|
||||||
|
- upgrade cryptsetup to current svn revision 30 which includes
|
||||||
|
previous patches.
|
||||||
|
- fix background prompt process not getting killed on ctrl-d in
|
||||||
|
boot.crypto
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Apr 27 15:46:05 CEST 2007 - lnussel@suse.de
|
||||||
|
|
||||||
|
- upgrade cryptsetup to current svn revision 26. Does no longer hang
|
||||||
|
when a file is specified instead of a device.
|
||||||
|
- remove obsolete cryptsetup.sh script
|
||||||
|
- boot.crypto:
|
||||||
|
* drop support for cryptoloop, use cryptsetup also for cryptotab
|
||||||
|
* refactor code and create reusable components for use in cryptotab
|
||||||
|
and crypttab code path
|
||||||
|
* run sulogin only during boot if fsck failed
|
||||||
|
* support crypttab's 'tries' option
|
||||||
|
- add crypttab manpage based on Debian one
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Apr 24 17:38:40 CEST 2007 - lnussel@suse.de
|
||||||
|
|
||||||
|
- add boot.crypto (#257884)
|
||||||
|
- add crypttab and cryptotab as %ghost to filelist
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Mar 27 10:22:48 CEST 2007 - mkoenig@suse.de
|
||||||
|
|
||||||
|
- move devel .so link to %{libdir}
|
||||||
|
- run ldconfig, since we have now a shared lib installed
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Mar 23 16:18:12 CET 2007 - dmueller@suse.de
|
||||||
|
|
||||||
|
- cryptsetup can now link shared since libpopt is
|
||||||
|
no longer under /usr
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Mar 9 12:06:53 CET 2007 - lnussel@suse.de
|
||||||
|
|
||||||
|
- add patch to support old loop_fish2 key hash method
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Dec 7 18:33:01 CET 2006 - mkoenig@suse.de
|
||||||
|
|
||||||
|
- update cryptsetup to version 1.0.4:
|
||||||
|
* added terminal timeout rewrite
|
||||||
|
* allow user selection of key slot
|
||||||
|
* reading binary keys from stdin using the "-" as key file
|
||||||
|
* fix 64 bit compiler warning issues.
|
||||||
|
* fix getline problem for 64-bit archs.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Oct 13 11:30:19 CEST 2006 - mkoenig@suse.de
|
||||||
|
|
||||||
|
- fix build failure due to missing pthreads
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Sep 13 12:39:27 CEST 2006 - hvogel@suse.de
|
||||||
|
|
||||||
|
- use the LUKS version of cryptsetup
|
||||||
|
- split -devel subpackage for libcryptsetup
|
||||||
|
- remove patches because they are in the new cryptsetup
|
||||||
|
* cryptsetup-0.1-static.patch
|
||||||
|
* cryptsetup-0.1-retval.patch
|
||||||
|
* cryptsetup-0.1-dmi.exists.patch
|
||||||
|
* cryptsetup-0.1-timeout.patch
|
||||||
|
- use man page from the new cryptsetup
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue May 16 11:03:08 CEST 2006 - hvogel@suse.de
|
||||||
|
|
||||||
|
- Fix cryptsetup to work when the device does not exist yet
|
||||||
|
[#175931]
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Jan 25 21:42:28 CET 2006 - mls@suse.de
|
||||||
|
|
||||||
|
- converted neededforbuild to BuildRequires
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Dec 19 14:46:30 CET 2005 - mmj@suse.de
|
||||||
|
|
||||||
|
- Remove symlinks to hashalot we don't want
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Oct 13 15:04:29 CEST 2005 - hvogel@suse.de
|
||||||
|
|
||||||
|
- Fix uninitialized var in dmconvert. Add
|
||||||
|
* dmconvert-0.2-uninitialized.patch
|
||||||
|
- Fix return value in cryptsetup. Add
|
||||||
|
* cryptsetup-0.1-retval.patch
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Jun 29 14:28:32 CEST 2005 - hvogel@suse.de
|
||||||
|
|
||||||
|
- Link cryptsetup static so it can be in /sbin and you can get
|
||||||
|
/usr over nfs or even crypted
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon May 9 17:23:39 CEST 2005 - hvogel@suse.de
|
||||||
|
|
||||||
|
- New package, Version 2.12q
|
||||||
|
|
274
cryptsetup.spec
Normal file
274
cryptsetup.spec
Normal file
@ -0,0 +1,274 @@
|
|||||||
|
#
|
||||||
|
# spec file for package cryptsetup (Version 1.0.5)
|
||||||
|
#
|
||||||
|
# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
||||||
|
# This file and all modifications and additions to the pristine
|
||||||
|
# package are under the same license as the package itself.
|
||||||
|
#
|
||||||
|
# Please submit bugfixes or comments via http://bugs.opensuse.org/
|
||||||
|
#
|
||||||
|
|
||||||
|
# norootforbuild
|
||||||
|
|
||||||
|
Name: cryptsetup
|
||||||
|
URL: http://luks.endorphin.org/dm-crypt
|
||||||
|
BuildRequires: device-mapper-devel e2fsprogs-devel libgcrypt-devel popt-devel
|
||||||
|
# hashalot version
|
||||||
|
%define haver 0.3
|
||||||
|
License: BSD License and BSD-like, GNU General Public License (GPL)
|
||||||
|
Group: System/Base
|
||||||
|
Autoreqprov: on
|
||||||
|
Version: 1.0.5
|
||||||
|
Release: 1
|
||||||
|
Summary: Set up dm-crypt based encrypted block devices
|
||||||
|
Source: cryptsetup-1.0.5.tar.bz2
|
||||||
|
Source1: hashalot-%haver.tar.bz2
|
||||||
|
Source50: boot.crypto
|
||||||
|
Source90: Makefile.doc
|
||||||
|
Source91: crypttab.5.txt
|
||||||
|
# make -f Makefile.doc
|
||||||
|
Source92: crypttab.5
|
||||||
|
# use this to create the tarball from svn
|
||||||
|
Source99: cryptsetup-mktar
|
||||||
|
Patch1: cryptsetup-luks-uninitialized.diff
|
||||||
|
Patch2: cryptsetup-luks-implicit-declarations.diff
|
||||||
|
Patch3: cryptsetup-luks-warnings.diff
|
||||||
|
Patch4: cryptsetup-luks-libnostderr.diff
|
||||||
|
Patch10: hashalot-fixes.diff
|
||||||
|
Patch11: hashalot-libgcrypt.diff
|
||||||
|
Patch12: hashalot-ctrl-d.diff
|
||||||
|
Patch13: hashalot-timeout.diff
|
||||||
|
Patch14: hashalot-manpage.diff
|
||||||
|
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||||
|
Provides: aaa_base:/etc/init.d/boot.crypto
|
||||||
|
Obsoletes: util-linux-crypto <= 2.12r
|
||||||
|
# we need losetup
|
||||||
|
Requires: util-linux
|
||||||
|
|
||||||
|
%description
|
||||||
|
cryptsetup is used to conveniently setup up dm-crypt based
|
||||||
|
device-mapper targets. It can set up targets to read cryptoloop
|
||||||
|
compatible volumes as well as LUKS formatted ones. The package
|
||||||
|
additionally includes support for automatically setting up encrypted
|
||||||
|
volumes at boot time via the config file /etc/crypttab
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
Authors:
|
||||||
|
--------
|
||||||
|
Clemens Fruhwirth <clemens@endorphin.org>
|
||||||
|
Christophe Saout <christophe@saout.de>
|
||||||
|
Ben Slusky <sluskyb@paranoiacs.org>
|
||||||
|
|
||||||
|
%package devel
|
||||||
|
Summary: Set up dm-crypt based encrypted block devices
|
||||||
|
Group: System/Base
|
||||||
|
Requires: %name = %version
|
||||||
|
Requires: device-mapper-devel libgcrypt-devel libgpg-error-devel e2fsprogs-devel glibc-devel
|
||||||
|
|
||||||
|
%description devel
|
||||||
|
cryptsetup is used to conveniently setup up dm-crypt based
|
||||||
|
device-mapper targets. It can set up targets to read cryptoloop
|
||||||
|
compatible volumes as well as LUKS formatted ones. The package
|
||||||
|
additionally includes support for automatically setting up encrypted
|
||||||
|
volumes at boot time via the config file /etc/crypttab
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
Authors:
|
||||||
|
--------
|
||||||
|
Clemens Fruhwirth <clemens@endorphin.org>
|
||||||
|
Christophe Saout <christophe@saout.de>
|
||||||
|
Ben Slusky <sluskyb@paranoiacs.org>
|
||||||
|
|
||||||
|
%prep
|
||||||
|
%setup -q -b 1
|
||||||
|
%patch1 -p1
|
||||||
|
%patch2 -p1
|
||||||
|
%patch3 -p1
|
||||||
|
%patch4 -p1
|
||||||
|
pushd ../hashalot-%haver
|
||||||
|
%patch10 -p1
|
||||||
|
%patch11 -p1
|
||||||
|
%patch12 -p1
|
||||||
|
%patch13 -p1
|
||||||
|
%patch14 -p1
|
||||||
|
popd
|
||||||
|
|
||||||
|
%build
|
||||||
|
# cryptsetup build
|
||||||
|
%{?suse_update_config:%{suse_update_config}}
|
||||||
|
autoreconf -f -i
|
||||||
|
CFLAGS="$RPM_OPT_FLAGS" ./configure --prefix=%_prefix --mandir=%_mandir \
|
||||||
|
--libdir=/%_lib \
|
||||||
|
--bindir=/sbin --sbindir=/sbin \
|
||||||
|
--disable-static --enable-shared
|
||||||
|
make
|
||||||
|
#
|
||||||
|
# hashalot build
|
||||||
|
pushd ../hashalot-%haver
|
||||||
|
autoreconf -f -i
|
||||||
|
%{?suse_update_config:%{suse_update_config}}
|
||||||
|
CFLAGS="$RPM_OPT_FLAGS" ./configure --prefix=%_prefix --sbindir=/sbin --mandir=%_mandir
|
||||||
|
make
|
||||||
|
popd
|
||||||
|
|
||||||
|
%install
|
||||||
|
make install DESTDIR=$RPM_BUILD_ROOT
|
||||||
|
# move devel .so link to %{libdir}
|
||||||
|
rm -f $RPM_BUILD_ROOT/%{_lib}/libcryptsetup.so
|
||||||
|
mkdir -p $RPM_BUILD_ROOT%{_libdir}
|
||||||
|
ln -s /%{_lib}/libcryptsetup.so.0.0.0 $RPM_BUILD_ROOT%{_libdir}/libcryptsetup.so
|
||||||
|
# don't want this file in /lib (FHS compat check), and can't move it to /usr/lib
|
||||||
|
rm -f $RPM_BUILD_ROOT/%_lib/*.la
|
||||||
|
#
|
||||||
|
# hashalot install
|
||||||
|
pushd ../hashalot-%haver
|
||||||
|
make install DESTDIR=$RPM_BUILD_ROOT
|
||||||
|
popd
|
||||||
|
# remove unwanted symlinks
|
||||||
|
rm -f $RPM_BUILD_ROOT/sbin/{rmd160,sha256,sha384,sha512}
|
||||||
|
#
|
||||||
|
#
|
||||||
|
# boot.crypto
|
||||||
|
install -d -m 755 %{buildroot}/etc/init.d
|
||||||
|
install -m 755 %{SOURCE50} %{buildroot}/etc/init.d/boot.crypto
|
||||||
|
# maybe install templates instead?
|
||||||
|
install -m 644 /dev/null %{buildroot}/etc/cryptotab
|
||||||
|
install -m 644 /dev/null %{buildroot}/etc/crypttab
|
||||||
|
# man page
|
||||||
|
install -d -m755 %{buildroot}%{_mandir}/man5
|
||||||
|
install -m644 %{SOURCE92} %{buildroot}%{_mandir}/man5
|
||||||
|
#
|
||||||
|
%find_lang %name --all-name
|
||||||
|
|
||||||
|
%pre
|
||||||
|
# hack to catch update case from aaa_base/util-linux-crypto
|
||||||
|
if [ -f /etc/init.d/boot.d/S??boot.crypto ]; then
|
||||||
|
touch /var/run/cryptsetup.boot.crypto.enabled
|
||||||
|
fi
|
||||||
|
|
||||||
|
%post
|
||||||
|
/sbin/ldconfig
|
||||||
|
%{fillup_and_insserv boot.crypto}
|
||||||
|
if [ -e /var/run/cryptsetup.boot.crypto.enabled ]; then
|
||||||
|
rm -f /var/run/cryptsetup.boot.crypto.enabled
|
||||||
|
%{fillup_and_insserv -fY boot.crypto}
|
||||||
|
fi
|
||||||
|
|
||||||
|
%postun
|
||||||
|
/sbin/ldconfig
|
||||||
|
%{insserv_cleanup}
|
||||||
|
|
||||||
|
%clean
|
||||||
|
rm -rf $RPM_BUILD_ROOT
|
||||||
|
|
||||||
|
%files -f %name.lang
|
||||||
|
%defattr(-,root,root)
|
||||||
|
%ghost %verify(not md5 size mtime) %config(noreplace,missingok) /etc/crypttab
|
||||||
|
%ghost %verify(not md5 size mtime) %config(noreplace,missingok) /etc/cryptotab
|
||||||
|
/etc/init.d/boot.crypto
|
||||||
|
/sbin/cryptsetup
|
||||||
|
/sbin/hashalot
|
||||||
|
%_datadir/locale/de/LC_MESSAGES/cryptsetup.mo
|
||||||
|
%_mandir/man1/hashalot.1.gz
|
||||||
|
%_mandir/man8/cryptsetup.8.gz
|
||||||
|
%_mandir/man5/crypttab.5.gz
|
||||||
|
/%_lib/libcryptsetup.so.0
|
||||||
|
/%_lib/libcryptsetup.so.0.0.0
|
||||||
|
|
||||||
|
%files devel
|
||||||
|
%defattr(-,root,root)
|
||||||
|
%_includedir/libcryptsetup.h
|
||||||
|
%{_libdir}/libcryptsetup.so
|
||||||
|
|
||||||
|
%changelog
|
||||||
|
* Fri Jun 01 2007 - lnussel@suse.de
|
||||||
|
- rename util-linux-crypto to cryptsetup
|
||||||
|
- remove dmconvert
|
||||||
|
- replace svn snapshot with official 1.0.5 release
|
||||||
|
- don't enable boot.crypto by default
|
||||||
|
* Tue May 29 2007 - lnussel@suse.de
|
||||||
|
- fix segfault when trying to open a non existing device
|
||||||
|
- fix gcc warnings
|
||||||
|
- add Short-Description to boot.crypto
|
||||||
|
- use %%find_lang
|
||||||
|
* Wed May 09 2007 - lnussel@suse.de
|
||||||
|
- boot.crypto: implement 'status'
|
||||||
|
- boot.crypto: accept argument to start/stop single devices
|
||||||
|
* Wed May 09 2007 - lnussel@suse.de
|
||||||
|
- hashalot: add timeout option
|
||||||
|
* Wed May 09 2007 - lnussel@suse.de
|
||||||
|
- fix build
|
||||||
|
* Tue May 08 2007 - lnussel@suse.de
|
||||||
|
- boot.crypto: switch off splash screen only when needed
|
||||||
|
- boot.crypto: report status for individual volumes instead of using one global
|
||||||
|
exit status
|
||||||
|
- hashalot: exit unsucessfully on empty passphrase
|
||||||
|
* Tue May 08 2007 - lnussel@suse.de
|
||||||
|
- boot.crypto: sleep a bit longer before overwriting the prompt
|
||||||
|
- boot.crypto: add support for pseed and itercountk options
|
||||||
|
- boot.crypto: skip entries with unsupported/unknown options
|
||||||
|
- hashalot: add support for itercountk
|
||||||
|
* Fri May 04 2007 - lnussel@suse.de
|
||||||
|
- upgrade cryptsetup to current svn revision 30 which includes
|
||||||
|
previous patches.
|
||||||
|
- fix background prompt process not getting killed on ctrl-d in
|
||||||
|
boot.crypto
|
||||||
|
* Fri Apr 27 2007 - lnussel@suse.de
|
||||||
|
- upgrade cryptsetup to current svn revision 26. Does no longer hang
|
||||||
|
when a file is specified instead of a device.
|
||||||
|
- remove obsolete cryptsetup.sh script
|
||||||
|
- boot.crypto:
|
||||||
|
* drop support for cryptoloop, use cryptsetup also for cryptotab
|
||||||
|
* refactor code and create reusable components for use in cryptotab
|
||||||
|
and crypttab code path
|
||||||
|
* run sulogin only during boot if fsck failed
|
||||||
|
* support crypttab's 'tries' option
|
||||||
|
- add crypttab manpage based on Debian one
|
||||||
|
* Tue Apr 24 2007 - lnussel@suse.de
|
||||||
|
- add boot.crypto (#257884)
|
||||||
|
- add crypttab and cryptotab as %%ghost to filelist
|
||||||
|
* Tue Mar 27 2007 - mkoenig@suse.de
|
||||||
|
- move devel .so link to %%{libdir}
|
||||||
|
- run ldconfig, since we have now a shared lib installed
|
||||||
|
* Fri Mar 23 2007 - dmueller@suse.de
|
||||||
|
- cryptsetup can now link shared since libpopt is
|
||||||
|
no longer under /usr
|
||||||
|
* Fri Mar 09 2007 - lnussel@suse.de
|
||||||
|
- add patch to support old loop_fish2 key hash method
|
||||||
|
* Thu Dec 07 2006 - mkoenig@suse.de
|
||||||
|
- update cryptsetup to version 1.0.4:
|
||||||
|
* added terminal timeout rewrite
|
||||||
|
* allow user selection of key slot
|
||||||
|
* reading binary keys from stdin using the "-" as key file
|
||||||
|
* fix 64 bit compiler warning issues.
|
||||||
|
* fix getline problem for 64-bit archs.
|
||||||
|
* Fri Oct 13 2006 - mkoenig@suse.de
|
||||||
|
- fix build failure due to missing pthreads
|
||||||
|
* Wed Sep 13 2006 - hvogel@suse.de
|
||||||
|
- use the LUKS version of cryptsetup
|
||||||
|
- split -devel subpackage for libcryptsetup
|
||||||
|
- remove patches because they are in the new cryptsetup
|
||||||
|
* cryptsetup-0.1-static.patch
|
||||||
|
* cryptsetup-0.1-retval.patch
|
||||||
|
* cryptsetup-0.1-dmi.exists.patch
|
||||||
|
* cryptsetup-0.1-timeout.patch
|
||||||
|
- use man page from the new cryptsetup
|
||||||
|
* Tue May 16 2006 - hvogel@suse.de
|
||||||
|
- Fix cryptsetup to work when the device does not exist yet
|
||||||
|
[#175931]
|
||||||
|
* Wed Jan 25 2006 - mls@suse.de
|
||||||
|
- converted neededforbuild to BuildRequires
|
||||||
|
* Mon Dec 19 2005 - mmj@suse.de
|
||||||
|
- Remove symlinks to hashalot we don't want
|
||||||
|
* Thu Oct 13 2005 - hvogel@suse.de
|
||||||
|
- Fix uninitialized var in dmconvert. Add
|
||||||
|
* dmconvert-0.2-uninitialized.patch
|
||||||
|
- Fix return value in cryptsetup. Add
|
||||||
|
* cryptsetup-0.1-retval.patch
|
||||||
|
* Wed Jun 29 2005 - hvogel@suse.de
|
||||||
|
- Link cryptsetup static so it can be in /sbin and you can get
|
||||||
|
/usr over nfs or even crypted
|
||||||
|
* Mon May 09 2005 - hvogel@suse.de
|
||||||
|
- New package, Version 2.12q
|
201
crypttab.5
Normal file
201
crypttab.5
Normal file
@ -0,0 +1,201 @@
|
|||||||
|
.\" Title: crypttab
|
||||||
|
.\" Author:
|
||||||
|
.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
|
||||||
|
.\" Date: 05/09/2007
|
||||||
|
.\" Manual:
|
||||||
|
.\" Source:
|
||||||
|
.\"
|
||||||
|
.TH "CRYPTTAB" "5" "05/09/2007" "" ""
|
||||||
|
.\" disable hyphenation
|
||||||
|
.nh
|
||||||
|
.\" disable justification (adjust text to left margin only)
|
||||||
|
.ad l
|
||||||
|
.SH "NAME"
|
||||||
|
crypttab \- static information about crypted filesystems
|
||||||
|
.SH "SYNOPSIS"
|
||||||
|
.PP
|
||||||
|
\fBcrypttab\fR
|
||||||
|
.RS 4
|
||||||
|
|
||||||
|
\fI<target device>\fR
|
||||||
|
\fI<source device>\fR
|
||||||
|
\fI<key file>\fR
|
||||||
|
\fI<options>\fR
|
||||||
|
.RE
|
||||||
|
.SH "DESCRIPTION"
|
||||||
|
The file \fB/etc/crypttab\fR contains descriptive informations about encrypted volumes. Each volume is described on a separate line; columns on each line are separated by tabs or spaces. Lines starting with "\fI#\fR" are comments, empty lines are ignored. The order of records in \fBcrypttab\fR is important because the \fB/etc/init.d/boot.crypto\fR script sequentially iterates through \fBcrypttab\fR entries. All four columns are mandatory, missing or excessive columns will lead to unspecified behaviour.
|
||||||
|
.sp
|
||||||
|
.TP 4
|
||||||
|
\(bu
|
||||||
|
The first column,
|
||||||
|
\fItarget device\fR
|
||||||
|
specifies the mapped
|
||||||
|
\fIdevice name\fR. It must be a plain filename without any directories. A mapped device
|
||||||
|
\fB/dev/mapper/\fR\fIdevice name\fR
|
||||||
|
will be created by
|
||||||
|
\fBcryptsetup(8)\fR
|
||||||
|
crypting data from and onto the
|
||||||
|
\fIsource device\fR.
|
||||||
|
To actually mount that device it needs to be listed in \fB/etc/fstab\fR.
|
||||||
|
.sp
|
||||||
|
.TP 4
|
||||||
|
\(bu
|
||||||
|
The second column
|
||||||
|
\fIsource device\fR
|
||||||
|
specifies the block special device that should hold the encrypted data.
|
||||||
|
.TP 4
|
||||||
|
\(bu
|
||||||
|
The third column
|
||||||
|
\fIkey file\fR
|
||||||
|
specifies the file to use for decrypting the encrypted data of the
|
||||||
|
\fIsource device\fR.
|
||||||
|
It can also be a device name (e.g. \fB/dev/urandom\fR, which is useful for encrypted swap devices). Warning: luks does not support infinite streams (like \fB/dev/urandom\fR), it requires a fixed size key.
|
||||||
|
.sp
|
||||||
|
If the \fIkey file\fR is the string \fBnone\fR, the key data (i.e. a password or passphrase) will be read interactively from the console. In this case the options precheck, check, checkargs and tries may be useful.
|
||||||
|
.sp
|
||||||
|
.TP 4
|
||||||
|
\(bu
|
||||||
|
The fourth field
|
||||||
|
\fIoptions\fR
|
||||||
|
specifies the cryptsetup options associated with the encryption process. At minimum, the field should contain the string
|
||||||
|
\fBluks\fR
|
||||||
|
or the
|
||||||
|
\fIcipher\fR,
|
||||||
|
\fIhash\fR
|
||||||
|
and
|
||||||
|
\fIsize\fR
|
||||||
|
options.
|
||||||
|
Options have to be specified in the format: \fIkey\fR=\fIvalue\fR[,\fIkey\fR=\fIvalue\fR \&...]
|
||||||
|
.sp
|
||||||
|
.SH "OPTIONS"
|
||||||
|
.PP
|
||||||
|
\fBcipher\fR=<cipher>
|
||||||
|
.RS 4
|
||||||
|
Encryption algorithm. See
|
||||||
|
\fBcryptsetup \-c\fR.
|
||||||
|
.RE
|
||||||
|
.PP
|
||||||
|
\fBsize\fR=<size>
|
||||||
|
.RS 4
|
||||||
|
Encryption key size. See
|
||||||
|
\fBcryptsetup \-s\fR.
|
||||||
|
.RE
|
||||||
|
.PP
|
||||||
|
\fBhash\fR=<hash>
|
||||||
|
.RS 4
|
||||||
|
Hash algorithm. See
|
||||||
|
\fBcryptsetup \-h\fR.
|
||||||
|
.RE
|
||||||
|
.PP
|
||||||
|
\fBverify\fR
|
||||||
|
.RS 4
|
||||||
|
Verify password. See
|
||||||
|
\fBcryptsetup \-y\fR.
|
||||||
|
.RE
|
||||||
|
.PP
|
||||||
|
\fBreadonly\fR
|
||||||
|
.RS 4
|
||||||
|
The backing device is read\-only (eg: a dvd).
|
||||||
|
.RE
|
||||||
|
.PP
|
||||||
|
\fBluks\fR
|
||||||
|
.RS 4
|
||||||
|
Use device with luks extensions.
|
||||||
|
.RE
|
||||||
|
.PP
|
||||||
|
\fBswap\fR
|
||||||
|
.RS 4
|
||||||
|
Run
|
||||||
|
\fBmkswap\fR
|
||||||
|
on the created device.
|
||||||
|
.RE
|
||||||
|
.PP
|
||||||
|
\fBtmp\fR
|
||||||
|
.RS 4
|
||||||
|
Run
|
||||||
|
\fBmkfs\fR
|
||||||
|
on the created device. The file system to use is specified in
|
||||||
|
\fB/etc/fstab\fR. If
|
||||||
|
\fB/etc/fstab\fR
|
||||||
|
does not list the mapped device, ext2 is used as fallback.
|
||||||
|
.RE
|
||||||
|
.PP
|
||||||
|
\fBprecheck\fR=<precheck>
|
||||||
|
.RS 4
|
||||||
|
Check the source device by suitable program; if the check fails the device is not created; <precheck> is a script to check the source device. The source device is given as argument to the script.
|
||||||
|
.RE
|
||||||
|
.PP
|
||||||
|
\fBcheck\fR[=<program>]
|
||||||
|
.RS 4
|
||||||
|
Check the content of the mapped device by a suitable program; if the check fails the device is removed. The specified program is run giving the decrypted volume (target device) as first and the value of the checkargs option as second argument. Cryptdisks searches for the given program in /lib/cryptsetup/checks/. If no program is specified, vol_id is used.
|
||||||
|
.RE
|
||||||
|
.PP
|
||||||
|
\fBcheckargs\fR=<argument>
|
||||||
|
.RS 4
|
||||||
|
Pass <argument> as second argument to the check script
|
||||||
|
.RE
|
||||||
|
.PP
|
||||||
|
\fBtries\fR=<num>
|
||||||
|
.RS 4
|
||||||
|
Prompt for the passphrase at most <num> times if the entered passphrase was wrong. Defaults is 3. Only works for LUKS volumes.
|
||||||
|
.RE
|
||||||
|
.PP
|
||||||
|
\fBtimeout\fR=<sec>
|
||||||
|
.RS 4
|
||||||
|
Time out interactive password prompts after <sec> seconds.
|
||||||
|
.RE
|
||||||
|
.PP
|
||||||
|
\fBloop\fR
|
||||||
|
.RS 4
|
||||||
|
Always attach a loop device before mapping the device. Normally a loop device is used automatically only for image files. Useful if the block size of the physical device does not match the block size of the contained file system. E.g. ext2 on a CD.
|
||||||
|
.RE
|
||||||
|
.PP
|
||||||
|
\fBnoauto\fR
|
||||||
|
.RS 4
|
||||||
|
Causes boot.crypto to skip this record during boot
|
||||||
|
.RE
|
||||||
|
.PP
|
||||||
|
\fBpseed=<string>\fR
|
||||||
|
.RS 4
|
||||||
|
Set a string that is appended to the passphrase after hashing. Using different seeds for volumes with the same passphrase makes dictionary attacks harder. Use for compatability with loop\-AES.
|
||||||
|
.RE
|
||||||
|
.PP
|
||||||
|
\fBitercountk=<num>\fR
|
||||||
|
.RS 4
|
||||||
|
Encrypts the hashed password <num> thousand times using AES\-256. Use for compatability with loop\-AES.
|
||||||
|
.RE
|
||||||
|
.PP
|
||||||
|
\fBloud\fR, \fBssl\fR, \fBgpg\fR, \fBkeyscript\fR
|
||||||
|
.RS 4
|
||||||
|
not supported. Listed here as they are supported by Debian.
|
||||||
|
.RE
|
||||||
|
.SH "CHECKSCRIPTS"
|
||||||
|
TODO
|
||||||
|
.sp
|
||||||
|
.SH "EXAMPLES"
|
||||||
|
.PP
|
||||||
|
\fBEncrypted swap device\fR
|
||||||
|
.RS 4
|
||||||
|
cswap /dev/sda6 /dev/random swap
|
||||||
|
.RE
|
||||||
|
.PP
|
||||||
|
\fBEncrypted luks volume with interactive password\fR
|
||||||
|
.RS 4
|
||||||
|
cdisk0 /dev/hda1 none luks
|
||||||
|
.RE
|
||||||
|
.PP
|
||||||
|
\fBEncrypted luks volume with interactive password, use a custom check script, no retries\fR
|
||||||
|
.RS 4
|
||||||
|
cdisk2 /dev/hdc1 none luks,check=customscript,checkargs=foo,tries=1
|
||||||
|
.RE
|
||||||
|
.PP
|
||||||
|
\fBEncrypted volume with interactive password and a cryptoloop compatible twofish256 cipher\fR
|
||||||
|
.RS 4
|
||||||
|
cdisk3 /dev/sda3 none cipher=twofish\-cbc\-plain,size=256,hash=sha512
|
||||||
|
.RE
|
||||||
|
.SH "SEE ALSO"
|
||||||
|
cryptsetup(8), /etc/crypttab, fstab(8)
|
||||||
|
.sp
|
||||||
|
.SH "AUTHOR"
|
||||||
|
Manual page converted to asciidoc by Michael Gebetsroither <michael.geb@gmx.at>. Originally written by Bastian Kleineidam <calvin@debian.org> for the Debian distribution of cryptsetup. Improved by Jonas Meurer <jonas@freesources.org>. Modified for SUSE Linux by Ludwig Nussel <ludwig.nussel@suse.de>. Parts of this manual were taken and adapted from the fstab(5) manual page.
|
||||||
|
.sp
|
178
crypttab.5.txt
Normal file
178
crypttab.5.txt
Normal file
@ -0,0 +1,178 @@
|
|||||||
|
CRYPTTAB(5)
|
||||||
|
===========
|
||||||
|
|
||||||
|
NAME
|
||||||
|
----
|
||||||
|
crypttab - static information about crypted filesystems
|
||||||
|
|
||||||
|
|
||||||
|
SYNOPSIS
|
||||||
|
--------
|
||||||
|
*crypttab*::
|
||||||
|
'<target device>' '<source device>' '<key file>' '<options>'
|
||||||
|
|
||||||
|
|
||||||
|
DESCRIPTION
|
||||||
|
-----------
|
||||||
|
The file */etc/crypttab* contains descriptive informations about
|
||||||
|
encrypted volumes. Each volume is described on a separate line;
|
||||||
|
columns on each line are separated by tabs or spaces. Lines starting
|
||||||
|
with "'#'" are comments, empty lines are ignored. The order of
|
||||||
|
records in *crypttab* is important because the
|
||||||
|
*/etc/init.d/boot.crypto* script sequentially iterates through
|
||||||
|
*crypttab* entries. All four columns are mandatory, missing or
|
||||||
|
excessive columns will lead to unspecified behaviour.
|
||||||
|
|
||||||
|
- The first column, 'target device' specifies the mapped 'device
|
||||||
|
name'. It must be a plain filename without any directories. A mapped
|
||||||
|
device */dev/mapper/*'device name' will be created by
|
||||||
|
*cryptsetup(8)* crypting data from and onto the 'source device'.
|
||||||
|
|
||||||
|
To actually mount that device it needs to be listed in */etc/fstab*.
|
||||||
|
|
||||||
|
- The second column 'source device' specifies the block special
|
||||||
|
device that should hold the encrypted data.
|
||||||
|
|
||||||
|
- The third column 'key file' specifies the file to use for
|
||||||
|
decrypting the encrypted data of the 'source device'.
|
||||||
|
|
||||||
|
It can also be a device name (e.g. */dev/urandom*, which is useful
|
||||||
|
for encrypted swap devices). Warning: luks does not support infinite
|
||||||
|
streams (like */dev/urandom*), it requires a fixed size key.
|
||||||
|
|
||||||
|
If the 'key file' is the string *none*, the key data (i.e. a
|
||||||
|
password or passphrase) will be read interactively from the console.
|
||||||
|
In this case the options precheck, check, checkargs and tries may be
|
||||||
|
useful.
|
||||||
|
|
||||||
|
- The fourth field 'options' specifies the cryptsetup options
|
||||||
|
associated with the encryption process. At minimum, the field should
|
||||||
|
contain the string *luks* or the 'cipher', 'hash' and 'size'
|
||||||
|
options.
|
||||||
|
|
||||||
|
Options have to be specified in the format: 'key'='value'[,'key'='value' ...]
|
||||||
|
|
||||||
|
|
||||||
|
OPTIONS
|
||||||
|
-------
|
||||||
|
|
||||||
|
*cipher*=<cipher>::
|
||||||
|
Encryption algorithm. See *cryptsetup -c*.
|
||||||
|
|
||||||
|
*size*=<size>::
|
||||||
|
Encryption key size. See *cryptsetup -s*.
|
||||||
|
|
||||||
|
*hash*=<hash>::
|
||||||
|
Hash algorithm. See *cryptsetup -h*.
|
||||||
|
|
||||||
|
*verify*::
|
||||||
|
Verify password. See *cryptsetup -y*.
|
||||||
|
|
||||||
|
*readonly*::
|
||||||
|
The backing device is read-only (eg: a dvd).
|
||||||
|
|
||||||
|
*luks*::
|
||||||
|
Use device with luks extensions.
|
||||||
|
|
||||||
|
*swap*::
|
||||||
|
Run *mkswap* on the created device.
|
||||||
|
|
||||||
|
*tmp*::
|
||||||
|
Run *mkfs* on the created device. The file system to use is
|
||||||
|
specified in */etc/fstab*. If */etc/fstab* does not list the mapped
|
||||||
|
device, ext2 is used as fallback.
|
||||||
|
|
||||||
|
*precheck*=<precheck>::
|
||||||
|
Check the source device by suitable program; if the check fails the device is
|
||||||
|
not created; <precheck> is a script to check the source device. The source
|
||||||
|
device is given as argument to the script.
|
||||||
|
|
||||||
|
*check*[=<program>]::
|
||||||
|
Check the content of the mapped device by a suitable program; if the
|
||||||
|
check fails the device is removed. The specified program is
|
||||||
|
run giving the decrypted volume (target device) as first and the
|
||||||
|
value of the checkargs option as second argument. Cryptdisks
|
||||||
|
searches for the given program in /lib/cryptsetup/checks/. If no
|
||||||
|
program is specified, vol_id is used.
|
||||||
|
|
||||||
|
*checkargs*=<argument>::
|
||||||
|
Pass <argument> as second argument to the check script
|
||||||
|
|
||||||
|
*tries*=<num>::
|
||||||
|
Prompt for the passphrase at most <num> times if the entered
|
||||||
|
passphrase was wrong. Defaults is 3. Only works for LUKS volumes.
|
||||||
|
|
||||||
|
*timeout*=<sec>::
|
||||||
|
Time out interactive password prompts after <sec> seconds.
|
||||||
|
|
||||||
|
*loop*::
|
||||||
|
Always attach a loop device before mapping the device. Normally a
|
||||||
|
loop device is used automatically only for image files. Useful if
|
||||||
|
the block size of the physical device does not match the block size
|
||||||
|
of the contained file system. E.g. ext2 on a CD.
|
||||||
|
|
||||||
|
*noauto*::
|
||||||
|
Causes boot.crypto to skip this record during boot
|
||||||
|
|
||||||
|
*pseed=<string>*::
|
||||||
|
Set a string that is appended to the passphrase after hashing.
|
||||||
|
Using different seeds for volumes with the same passphrase makes
|
||||||
|
dictionary attacks harder. Use for compatability with loop-AES.
|
||||||
|
|
||||||
|
*itercountk=<num>*::
|
||||||
|
Encrypts the hashed password <num> thousand times using AES-256. Use
|
||||||
|
for compatability with loop-AES.
|
||||||
|
|
||||||
|
*loud*, *ssl*, *gpg*, *keyscript*::
|
||||||
|
not supported. Listed here as they are supported by Debian.
|
||||||
|
|
||||||
|
CHECKSCRIPTS
|
||||||
|
------------
|
||||||
|
TODO
|
||||||
|
/////
|
||||||
|
*vol_id*::
|
||||||
|
Checks for any known filesystem. Supports a filesystem type as argument via
|
||||||
|
<checkargs>:
|
||||||
|
no checkargs - succeeds if any valid filesystem is found on the device.
|
||||||
|
"none" - succeeds if no valid filesystem is found on the device.
|
||||||
|
"ext3" [or any other filesystem type like xfs, swap, crypto_LUKS, whatever] - succeeds
|
||||||
|
if an ext3 [or another given] filesystem type is found on the device.
|
||||||
|
|
||||||
|
*ext3*::
|
||||||
|
Checks for a valid ext2/ext3 filesystem.
|
||||||
|
|
||||||
|
*xfs*::
|
||||||
|
Checks for a valid xfs filesystem.
|
||||||
|
|
||||||
|
*swap*::
|
||||||
|
Checks for partition type 'swap'. Only useful as <precheck>.
|
||||||
|
////
|
||||||
|
|
||||||
|
EXAMPLES
|
||||||
|
--------
|
||||||
|
*Encrypted swap device*::
|
||||||
|
cswap /dev/sda6 /dev/random swap
|
||||||
|
|
||||||
|
*Encrypted luks volume with interactive password*::
|
||||||
|
cdisk0 /dev/hda1 none luks
|
||||||
|
|
||||||
|
*Encrypted luks volume with interactive password, use a custom check script, no retries*::
|
||||||
|
cdisk2 /dev/hdc1 none luks,check=customscript,checkargs=foo,tries=1
|
||||||
|
|
||||||
|
*Encrypted volume with interactive password and a cryptoloop compatible twofish256 cipher*::
|
||||||
|
cdisk3 /dev/sda3 none cipher=twofish-cbc-plain,size=256,hash=sha512
|
||||||
|
|
||||||
|
SEE ALSO
|
||||||
|
--------
|
||||||
|
cryptsetup(8), /etc/crypttab, fstab(8)
|
||||||
|
|
||||||
|
|
||||||
|
AUTHOR
|
||||||
|
------
|
||||||
|
Manual page converted to asciidoc by Michael Gebetsroither
|
||||||
|
<michael.geb@gmx.at>. Originally written by
|
||||||
|
Bastian Kleineidam <calvin@debian.org> for the Debian distribution
|
||||||
|
of cryptsetup. Improved by Jonas Meurer <jonas@freesources.org>.
|
||||||
|
Modified for SUSE Linux by Ludwig Nussel <ludwig.nussel@suse.de>.
|
||||||
|
Parts of this manual were taken and adapted from the fstab(5) manual
|
||||||
|
page.
|
3
hashalot-0.3.tar.bz2
Normal file
3
hashalot-0.3.tar.bz2
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:5958c371ba2469150b19f4c3a66bb374a7b1e287df4d0bfeb5e7c480da15424d
|
||||||
|
size 68508
|
19
hashalot-ctrl-d.diff
Normal file
19
hashalot-ctrl-d.diff
Normal file
@ -0,0 +1,19 @@
|
|||||||
|
exit unsucessfully on empty passphrase
|
||||||
|
|
||||||
|
Signed-off-by: Ludwig Nussel <ludwig.nussel@suse.de>
|
||||||
|
|
||||||
|
Index: hashalot-0.3/hashalot.c
|
||||||
|
===================================================================
|
||||||
|
--- hashalot-0.3/hashalot.c.orig
|
||||||
|
+++ hashalot-0.3/hashalot.c
|
||||||
|
@@ -275,6 +275,10 @@ main(int argc, char *argv[])
|
||||||
|
|
||||||
|
/* here we acquire the precious passphrase... */
|
||||||
|
pass = xgetpass("Enter passphrase: ");
|
||||||
|
+ if(!*pass) {
|
||||||
|
+ exit(EXIT_FAILURE);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
if (salt)
|
||||||
|
pass = salt_passphrase(pass, salt);
|
||||||
|
hashlen = func(passhash, hashlen, pass, strlen(pass));
|
37
hashalot-fixes.diff
Normal file
37
hashalot-fixes.diff
Normal file
@ -0,0 +1,37 @@
|
|||||||
|
- print help text to stdout so it can be read via pager
|
||||||
|
- use proper length in phash_rmd160()
|
||||||
|
|
||||||
|
Signed-off-by: Ludwig Nussel <ludwig.nussel@suse.de>
|
||||||
|
|
||||||
|
Index: hashalot-0.3/hashalot.c
|
||||||
|
===================================================================
|
||||||
|
--- hashalot-0.3/hashalot.c.orig
|
||||||
|
+++ hashalot-0.3/hashalot.c
|
||||||
|
@@ -42,7 +42,7 @@ phash_rmd160(char dest[], size_t dest_le
|
||||||
|
tmp[PASSWDBUFFLEN - 1] = '\0';
|
||||||
|
|
||||||
|
rmd160_hash_buffer(key, src, src_len);
|
||||||
|
- rmd160_hash_buffer(key + RMD160_HASH_SIZE, tmp, src_len + 1 /* dangerous! */);
|
||||||
|
+ rmd160_hash_buffer(key + RMD160_HASH_SIZE, tmp, strlen(tmp));
|
||||||
|
|
||||||
|
memcpy(dest, key, dest_len);
|
||||||
|
|
||||||
|
@@ -95,7 +95,7 @@ show_usage(const char argv0[])
|
||||||
|
{
|
||||||
|
struct func_table_t *p = func_table;
|
||||||
|
|
||||||
|
- fprintf (stderr,
|
||||||
|
+ fprintf (stdout,
|
||||||
|
"usage:\n"
|
||||||
|
" hashalot [ -x ] [ -s SALT ] [ -n _#bytes_ ] HASHTYPE\n"
|
||||||
|
" or\n"
|
||||||
|
@@ -106,7 +106,8 @@ show_usage(const char argv0[])
|
||||||
|
for (; p->name; ++p)
|
||||||
|
fprintf (stderr, "%s ", p->name);
|
||||||
|
|
||||||
|
- fprintf (stderr, "\n");
|
||||||
|
+
|
||||||
|
+ fprintf (stdout, "\n");
|
||||||
|
|
||||||
|
return 1;
|
||||||
|
}
|
156
hashalot-libgcrypt.diff
Normal file
156
hashalot-libgcrypt.diff
Normal file
@ -0,0 +1,156 @@
|
|||||||
|
add support for -C (itercountk) option of loop-AES if libgcrypt is available
|
||||||
|
|
||||||
|
Signed-off-by: Ludwig Nussel <ludwig.nussel@suse.de>
|
||||||
|
|
||||||
|
Index: hashalot-0.3/Makefile.am
|
||||||
|
===================================================================
|
||||||
|
--- hashalot-0.3/Makefile.am.orig
|
||||||
|
+++ hashalot-0.3/Makefile.am
|
||||||
|
@@ -3,6 +3,9 @@ sbin_PROGRAMS = hashalot
|
||||||
|
|
||||||
|
man_MANS = hashalot.1
|
||||||
|
|
||||||
|
+hashalot_CFLAGS = $(LIBGCRYPT_CFLAGS)
|
||||||
|
+hashalot_LDFLAGS = $(LIBGCRYPT_LIBS)
|
||||||
|
+
|
||||||
|
hashalot_SOURCES = hashalot.c rmd160.c rmd160.h sha512.c sha512.h
|
||||||
|
|
||||||
|
install-exec-hook:
|
||||||
|
Index: hashalot-0.3/configure.ac
|
||||||
|
===================================================================
|
||||||
|
--- hashalot-0.3/configure.ac.orig
|
||||||
|
+++ hashalot-0.3/configure.ac
|
||||||
|
@@ -8,5 +8,6 @@ AC_PROG_LN_S
|
||||||
|
AC_HEADER_STDC
|
||||||
|
AC_CHECK_HEADERS(libgen.h stdio.h stdlib.h string.h unistd.h assert.h sys/types.h sys/mman.h endian.h , , [ AC_MSG_ERROR(required header not found)])
|
||||||
|
AC_CHECK_FUNCS(getopt snprintf , , [ AC_MSG_ERROR(required function not found)])
|
||||||
|
+AM_PATH_LIBGCRYPT(,[AC_DEFINE([HAVE_LIBGCRYPT], 1)])
|
||||||
|
|
||||||
|
AC_OUTPUT(Makefile)
|
||||||
|
Index: hashalot-0.3/hashalot.c
|
||||||
|
===================================================================
|
||||||
|
--- hashalot-0.3/hashalot.c.orig
|
||||||
|
+++ hashalot-0.3/hashalot.c
|
||||||
|
@@ -25,6 +25,10 @@
|
||||||
|
#include <sys/types.h>
|
||||||
|
#include <sys/mman.h>
|
||||||
|
|
||||||
|
+#if HAVE_LIBGCRYPT
|
||||||
|
+#include <gcrypt.h>
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
#include "rmd160.h"
|
||||||
|
#include "sha512.h"
|
||||||
|
|
||||||
|
@@ -97,9 +101,9 @@ show_usage(const char argv0[])
|
||||||
|
|
||||||
|
fprintf (stdout,
|
||||||
|
"usage:\n"
|
||||||
|
- " hashalot [ -x ] [ -s SALT ] [ -n _#bytes_ ] HASHTYPE\n"
|
||||||
|
+ " hashalot [ -x ] [ -s SALT ] [ -n _#bytes_ ] [ -C itercountk ] HASHTYPE\n"
|
||||||
|
" or\n"
|
||||||
|
- " HASHTYPE [ -x ] [ -s SALT ] [ -n _#bytes_ ]\n"
|
||||||
|
+ " HASHTYPE [ -x ] [ -s SALT ] [ -n _#bytes_ ] [ -C itercountk ]\n"
|
||||||
|
"\n"
|
||||||
|
"supported values for HASHTYPE: ");
|
||||||
|
|
||||||
|
@@ -214,8 +218,9 @@ main(int argc, char *argv[])
|
||||||
|
size_t hashlen = 0;
|
||||||
|
phash_func_t func;
|
||||||
|
int hex_output = 0, c;
|
||||||
|
+ unsigned long itercountk = 0;
|
||||||
|
|
||||||
|
- while ((c = getopt(argc, argv, "n:s:x")) != -1) {
|
||||||
|
+ while ((c = getopt(argc, argv, "n:s:xC:")) != -1) {
|
||||||
|
switch (c) {
|
||||||
|
case 'n':
|
||||||
|
hashlen = strtoul(optarg, &p, 0);
|
||||||
|
@@ -233,6 +238,9 @@ main(int argc, char *argv[])
|
||||||
|
case 'x':
|
||||||
|
hex_output++;
|
||||||
|
break;
|
||||||
|
+ case 'C':
|
||||||
|
+ itercountk = atoi(optarg);
|
||||||
|
+ break;
|
||||||
|
default:
|
||||||
|
show_usage(argv[0]);
|
||||||
|
exit(EXIT_FAILURE);
|
||||||
|
@@ -257,6 +265,8 @@ main(int argc, char *argv[])
|
||||||
|
* plus a newline, plus a null */
|
||||||
|
passhash = xmalloc(2*hashlen + 2);
|
||||||
|
|
||||||
|
+ memset(passhash, 0, 2*hashlen+2);
|
||||||
|
+
|
||||||
|
/* try to lock memory so it doesn't get swapped out for sure */
|
||||||
|
if (mlockall(MCL_CURRENT | MCL_FUTURE) == -1) {
|
||||||
|
perror("mlockall");
|
||||||
|
@@ -268,6 +278,69 @@ main(int argc, char *argv[])
|
||||||
|
if (salt)
|
||||||
|
pass = salt_passphrase(pass, salt);
|
||||||
|
hashlen = func(passhash, hashlen, pass, strlen(pass));
|
||||||
|
+
|
||||||
|
+ if(itercountk) /* from loop-AES */
|
||||||
|
+ {
|
||||||
|
+#if HAVE_LIBGCRYPT
|
||||||
|
+ gcry_cipher_hd_t ctx;
|
||||||
|
+ gcry_error_t err;
|
||||||
|
+ char tmp[32];
|
||||||
|
+ char out[32];
|
||||||
|
+
|
||||||
|
+ if(hashlen > 32) {
|
||||||
|
+ fprintf(stderr, "WARNING: hashlen truncated to 32\n");
|
||||||
|
+ hashlen = 32;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if(!gcry_check_version("1.1.0")) {
|
||||||
|
+ fprintf(stderr, "libgcrypt initialization failed\n");
|
||||||
|
+ exit(EXIT_FAILURE);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ memset(out, 0, sizeof(out));
|
||||||
|
+ memcpy(out, passhash, hashlen);
|
||||||
|
+
|
||||||
|
+ err = gcry_cipher_open(&ctx, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_CBC, 0);
|
||||||
|
+ if(err)
|
||||||
|
+ {
|
||||||
|
+ fprintf(stderr, "can't initialize AES: %s\n", gcry_strerror (err));
|
||||||
|
+ exit(EXIT_FAILURE);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ /*
|
||||||
|
+ * Set up AES-256 encryption key using same password and hash function
|
||||||
|
+ * as before but with password bit 0 flipped before hashing. That key
|
||||||
|
+ * is then used to encrypt actual loop key 'itercountk' thousand times.
|
||||||
|
+ */
|
||||||
|
+ pass[0] ^= 1;
|
||||||
|
+ func(&tmp[0], 32, pass, strlen(pass));
|
||||||
|
+ gcry_cipher_setkey(ctx, &tmp[0], 32);
|
||||||
|
+ itercountk *= 1000;
|
||||||
|
+ while(itercountk > 0) {
|
||||||
|
+ gcry_cipher_reset(ctx);
|
||||||
|
+ gcry_cipher_setiv(ctx, NULL, 0);
|
||||||
|
+ /* encrypt both 128bit blocks with AES-256 */
|
||||||
|
+ gcry_cipher_encrypt(ctx, &out[ 0], 16, &out[ 0], 16);
|
||||||
|
+ gcry_cipher_reset(ctx);
|
||||||
|
+ gcry_cipher_setiv(ctx, NULL, 0);
|
||||||
|
+ gcry_cipher_encrypt(ctx, &out[16], 16, &out[16], 16);
|
||||||
|
+ /* exchange upper half of first block with lower half of second block */
|
||||||
|
+ memcpy(&tmp[0], &out[8], 8);
|
||||||
|
+ memcpy(&out[8], &out[16], 8);
|
||||||
|
+ memcpy(&out[16], &tmp[0], 8);
|
||||||
|
+ itercountk--;
|
||||||
|
+ }
|
||||||
|
+ memset(&tmp[0], 0, sizeof(tmp));
|
||||||
|
+
|
||||||
|
+ memcpy(passhash, out, hashlen);
|
||||||
|
+
|
||||||
|
+ gcry_cipher_close(ctx);
|
||||||
|
+#else
|
||||||
|
+ fprintf(stderr, "libgcrypt support is required for option -C\n");
|
||||||
|
+ exit(EXIT_FAILURE);
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
+ }
|
||||||
|
memset (pass, 0, strlen (pass)); /* paranoia */
|
||||||
|
free(pass);
|
||||||
|
|
39
hashalot-manpage.diff
Normal file
39
hashalot-manpage.diff
Normal file
@ -0,0 +1,39 @@
|
|||||||
|
document -C and -t options in manpage
|
||||||
|
|
||||||
|
Signed-off-by: Ludwig Nussel <ludwig.nussel@suse.de>
|
||||||
|
|
||||||
|
Index: hashalot-0.3/hashalot.1
|
||||||
|
===================================================================
|
||||||
|
--- hashalot-0.3/hashalot.1.orig
|
||||||
|
+++ hashalot-0.3/hashalot.1
|
||||||
|
@@ -2,9 +2,9 @@
|
||||||
|
.SH NAME
|
||||||
|
hashalot \- read a passphrase and print a hash
|
||||||
|
.SH SYNOPSIS
|
||||||
|
-.B hashalot [ \-s SALT ] [ \-x ] [ \-n #BYTES ] HASHTYPE
|
||||||
|
+.B hashalot [ \-t secs ] [ \-s SALT ] [ \-x ] [ \-n #BYTES ] [ \-C itercountk ] HASHTYPE
|
||||||
|
.br
|
||||||
|
-.B HASHTYPE [ \-s SALT ] [ \-x ] [ \-n #BYTES ]
|
||||||
|
+.B HASHTYPE [ \-t secs ] [ \-s SALT ] [ \-x ] [ \-n #BYTES ] [ \-C itercountk ]
|
||||||
|
.SH DESCRIPTION
|
||||||
|
.PP
|
||||||
|
\fIhashalot\fP is a small tool that reads a passphrase from standard
|
||||||
|
@@ -36,6 +36,18 @@ option can be used to limit (or increase
|
||||||
|
default is as appropriate for the specified hash algorithm: 20 bytes for
|
||||||
|
RIPEMD160, 32 bytes for SHA256, etc. The default for the "rmd160compat"
|
||||||
|
hash is 16 bytes, for compatibility with the old kerneli.org utilities.
|
||||||
|
+.PP
|
||||||
|
+The
|
||||||
|
+.B \-t
|
||||||
|
+option specifies a timeout for reading the passphrase from the terminal.
|
||||||
|
+.PP
|
||||||
|
+The
|
||||||
|
+.B \-C
|
||||||
|
+option specifies that the hashed password has to be encrypted
|
||||||
|
+itercountk thousand times using AES-256. Use for compatability with
|
||||||
|
+loop-AES.
|
||||||
|
+.PP
|
||||||
|
+The options \-t and \-C are currently SUSE specific
|
||||||
|
.SH AUTHOR
|
||||||
|
Ben Slusky <sluskyb@paranoiacs.org>
|
||||||
|
.PP
|
89
hashalot-timeout.diff
Normal file
89
hashalot-timeout.diff
Normal file
@ -0,0 +1,89 @@
|
|||||||
|
add timeout option -t
|
||||||
|
|
||||||
|
Signed-off-by: Ludwig Nussel <ludwig.nussel@suse.de>
|
||||||
|
|
||||||
|
Index: hashalot-0.3/hashalot.c
|
||||||
|
===================================================================
|
||||||
|
--- hashalot-0.3/hashalot.c.orig
|
||||||
|
+++ hashalot-0.3/hashalot.c
|
||||||
|
@@ -21,6 +21,7 @@
|
||||||
|
#include <string.h>
|
||||||
|
#include <unistd.h>
|
||||||
|
#include <assert.h>
|
||||||
|
+#include <signal.h>
|
||||||
|
|
||||||
|
#include <sys/types.h>
|
||||||
|
#include <sys/mman.h>
|
||||||
|
@@ -36,6 +37,12 @@
|
||||||
|
|
||||||
|
typedef int (*phash_func_t)(char dest[], size_t dest_len, const char src[], size_t src_len);
|
||||||
|
|
||||||
|
+static int got_timeout;
|
||||||
|
+void alrm_handler(int num)
|
||||||
|
+{
|
||||||
|
+ got_timeout = 1;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
static int
|
||||||
|
phash_rmd160(char dest[], size_t dest_len, const char src[], size_t src_len)
|
||||||
|
{
|
||||||
|
@@ -101,9 +108,9 @@ show_usage(const char argv0[])
|
||||||
|
|
||||||
|
fprintf (stdout,
|
||||||
|
"usage:\n"
|
||||||
|
- " hashalot [ -x ] [ -s SALT ] [ -n _#bytes_ ] [ -C itercountk ] HASHTYPE\n"
|
||||||
|
+ " hashalot [ -t secs ] [ -x ] [ -s SALT ] [ -n _#bytes_ ] [ -C itercountk ] HASHTYPE\n"
|
||||||
|
" or\n"
|
||||||
|
- " HASHTYPE [ -x ] [ -s SALT ] [ -n _#bytes_ ] [ -C itercountk ]\n"
|
||||||
|
+ " HASHTYPE [ -t secs ] [ -x ] [ -s SALT ] [ -n _#bytes_ ] [ -C itercountk ]\n"
|
||||||
|
"\n"
|
||||||
|
"supported values for HASHTYPE: ");
|
||||||
|
|
||||||
|
@@ -219,8 +226,9 @@ main(int argc, char *argv[])
|
||||||
|
phash_func_t func;
|
||||||
|
int hex_output = 0, c;
|
||||||
|
unsigned long itercountk = 0;
|
||||||
|
+ unsigned timeout = 0;
|
||||||
|
|
||||||
|
- while ((c = getopt(argc, argv, "n:s:xC:")) != -1) {
|
||||||
|
+ while ((c = getopt(argc, argv, "n:s:xC:t:")) != -1) {
|
||||||
|
switch (c) {
|
||||||
|
case 'n':
|
||||||
|
hashlen = strtoul(optarg, &p, 0);
|
||||||
|
@@ -235,6 +243,9 @@ main(int argc, char *argv[])
|
||||||
|
case 's':
|
||||||
|
salt = optarg;
|
||||||
|
break;
|
||||||
|
+ case 't':
|
||||||
|
+ timeout = atoi(optarg);
|
||||||
|
+ break;
|
||||||
|
case 'x':
|
||||||
|
hex_output++;
|
||||||
|
break;
|
||||||
|
@@ -273,12 +284,25 @@ main(int argc, char *argv[])
|
||||||
|
fputs("Warning: couldn't lock memory, are you root?\n", stderr);
|
||||||
|
}
|
||||||
|
|
||||||
|
+ if(timeout) {
|
||||||
|
+ struct sigaction sa;
|
||||||
|
+ sa.sa_handler = alrm_handler;
|
||||||
|
+ sigemptyset (&sa.sa_mask);
|
||||||
|
+ sa.sa_flags = 0;
|
||||||
|
+ sigaction(SIGALRM, &sa, NULL);
|
||||||
|
+ alarm(timeout);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
/* here we acquire the precious passphrase... */
|
||||||
|
pass = xgetpass("Enter passphrase: ");
|
||||||
|
- if(!*pass) {
|
||||||
|
+ if(got_timeout || !*pass) {
|
||||||
|
exit(EXIT_FAILURE);
|
||||||
|
}
|
||||||
|
|
||||||
|
+ if(timeout) {
|
||||||
|
+ alarm(0);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
if (salt)
|
||||||
|
pass = salt_passphrase(pass, salt);
|
||||||
|
hashlen = func(passhash, hashlen, pass, strlen(pass));
|
Loading…
Reference in New Issue
Block a user