forked from pool/util-linux
This commit is contained in:
parent
3a2c622d7c
commit
c7ba3a10bb
@ -1,51 +1,69 @@
|
|||||||
* password hashing based on debian patch (rmd160, sha*) adds losetup options -k
|
From a062df268df66641ed94d5c0e968e92c67b585e4 Mon Sep 17 00:00:00 2001
|
||||||
and -H
|
From: Ludwig Nussel <ludwig.nussel@suse.de>
|
||||||
* add support for loop-AES compatible strings like "twofish256"
|
Date: Thu, 29 Nov 2007 17:46:36 +0100
|
||||||
|
Subject: [PATCH] losetup: support password hashing and specifying the key length
|
||||||
|
|
||||||
|
* add support for password hashing (sha512, sha384, sha256, rmd160).
|
||||||
|
* add support for loop-AES style strings like "twofish256" for
|
||||||
|
specifying the encryption algorithm and key length.
|
||||||
|
|
||||||
|
Based on the SUSE patch from Ludwig Nussel <ludwig.nussel@suse.de>,
|
||||||
|
this patch adds password hashing for cryptoloop devices. While
|
||||||
|
cryptoloop is deprecated, users may still wish to access existing
|
||||||
|
volumes.
|
||||||
|
|
||||||
|
Incompatible change:
|
||||||
|
Default is now to hash using sha256, sha384 or sha512 depending
|
||||||
|
on key length (16, 24, or 32 bytes). Debian users will need to
|
||||||
|
specify "--phash rmd160" to access existing Debian devices.
|
||||||
|
Others will need to specify '--phash none'.
|
||||||
|
|
||||||
|
sha512.c is from loop-AES.
|
||||||
|
|
||||||
Signed-off-by: Ludwig Nussel <ludwig.nussel@suse.de>
|
Signed-off-by: Ludwig Nussel <ludwig.nussel@suse.de>
|
||||||
|
---
|
||||||
|
mount/Makefile.am | 2 +
|
||||||
|
mount/lomount.c | 178 +++++++++++++++---
|
||||||
|
mount/lomount.h | 4 +-
|
||||||
|
mount/losetup.8 | 11 +
|
||||||
|
mount/mount.8 | 13 ++
|
||||||
|
mount/mount.c | 23 ++-
|
||||||
|
mount/my_dev_t.h | 5 +
|
||||||
|
mount/rmd160.c | 532 +++++++++++++++++++++++++++++++++++++++++++++++++++++
|
||||||
|
mount/rmd160.h | 11 +
|
||||||
|
mount/sha512.c | 432 +++++++++++++++++++++++++++++++++++++++++++
|
||||||
|
mount/sha512.h | 45 +++++
|
||||||
|
11 files changed, 1225 insertions(+), 31 deletions(-)
|
||||||
|
create mode 100644 mount/my_dev_t.h
|
||||||
|
create mode 100644 mount/rmd160.c
|
||||||
|
create mode 100644 mount/rmd160.h
|
||||||
|
create mode 100644 mount/sha512.c
|
||||||
|
create mode 100644 mount/sha512.h
|
||||||
|
|
||||||
Index: util-linux-ng-2.13.0.1+git20071121/mount/Makefile.am
|
diff --git a/mount/Makefile.am b/mount/Makefile.am
|
||||||
===================================================================
|
index 01643b2..cb7af0a 100644
|
||||||
--- util-linux-ng-2.13.0.1+git20071121.orig/mount/Makefile.am
|
--- a/mount/Makefile.am
|
||||||
+++ util-linux-ng-2.13.0.1+git20071121/mount/Makefile.am
|
+++ b/mount/Makefile.am
|
||||||
@@ -12,7 +12,7 @@ headers_common = fstab.h mount_mntent.h
|
@@ -13,6 +13,7 @@ headers_common = fstab.h mount_mntent.h mount_constants.h \
|
||||||
mount_paths.h lomount.h fsprobe.h realpath.h xmalloc.h \
|
|
||||||
getusername.h loop.h sundries.h
|
getusername.h loop.h sundries.h
|
||||||
|
|
||||||
-mount_common = fstab.c mount_mntent.c getusername.c lomount.c \
|
mount_common = fstab.c mount_mntent.c getusername.c lomount.c \
|
||||||
+mount_common = fstab.c mount_mntent.c getusername.c lomount.c rmd160.c sha512.c \
|
+ rmd160.c sha512.c \
|
||||||
$(utils_common) $(headers_common) ../lib/env.c ../lib/linux_version.c \
|
$(utils_common) $(headers_common) ../lib/env.c ../lib/linux_version.c \
|
||||||
../lib/blkdev.c
|
../lib/blkdev.c
|
||||||
|
|
||||||
@@ -26,7 +26,7 @@ umount_LDFLAGS = $(SUID_LDFLAGS) $(AM_LD
|
@@ -27,6 +28,7 @@ umount_LDFLAGS = $(SUID_LDFLAGS) $(AM_LDFLAGS)
|
||||||
|
|
||||||
swapon_SOURCES = swapon.c swap_constants.h $(utils_common)
|
swapon_SOURCES = swapon.c swap_constants.h $(utils_common)
|
||||||
|
|
||||||
-losetup_SOURCES = lomount.c sundries.c xmalloc.c realpath.c \
|
losetup_SOURCES = lomount.c sundries.c xmalloc.c realpath.c \
|
||||||
+losetup_SOURCES = lomount.c sundries.c xmalloc.c realpath.c rmd160.c sha512.c \
|
+ rmd160.c sha512.c \
|
||||||
loop.h lomount.h xmalloc.h sundries.h realpath.h
|
loop.h lomount.h xmalloc.h sundries.h realpath.h
|
||||||
losetup_CPPFLAGS = -DMAIN $(AM_CPPFLAGS)
|
losetup_CPPFLAGS = -DMAIN $(AM_CPPFLAGS)
|
||||||
|
|
||||||
Index: util-linux-ng-2.13.0.1+git20071121/mount/rmd160.h
|
diff --git a/mount/lomount.c b/mount/lomount.c
|
||||||
===================================================================
|
index 5bd8954..98f144f 100644
|
||||||
--- /dev/null
|
--- a/mount/lomount.c
|
||||||
+++ util-linux-ng-2.13.0.1+git20071121/mount/rmd160.h
|
+++ b/mount/lomount.c
|
||||||
@@ -0,0 +1,11 @@
|
|
||||||
+#ifndef RMD160_H
|
|
||||||
+#define RMD160_H
|
|
||||||
+
|
|
||||||
+#define RMD160_HASH_SIZE 20
|
|
||||||
+
|
|
||||||
+void
|
|
||||||
+rmd160_hash_buffer( unsigned char *outbuf, const unsigned char *buffer, size_t length );
|
|
||||||
+
|
|
||||||
+#endif /*RMD160_H*/
|
|
||||||
+
|
|
||||||
+
|
|
||||||
Index: util-linux-ng-2.13.0.1+git20071121/mount/lomount.c
|
|
||||||
===================================================================
|
|
||||||
--- util-linux-ng-2.13.0.1+git20071121.orig/mount/lomount.c
|
|
||||||
+++ util-linux-ng-2.13.0.1+git20071121/mount/lomount.c
|
|
||||||
@@ -20,12 +20,18 @@
|
@@ -20,12 +20,18 @@
|
||||||
|
|
||||||
#include "loop.h"
|
#include "loop.h"
|
||||||
@ -58,8 +76,8 @@ Index: util-linux-ng-2.13.0.1+git20071121/mount/lomount.c
|
|||||||
#include "xmalloc.h"
|
#include "xmalloc.h"
|
||||||
#include "realpath.h"
|
#include "realpath.h"
|
||||||
|
|
||||||
+#ifndef MAX
|
+#ifndef MIN
|
||||||
+#define MAX(a,b) ((a>b)?(a):(b))
|
+#define MIN(a,b) ((a<b)?(a):(b))
|
||||||
+#endif
|
+#endif
|
||||||
+
|
+
|
||||||
#define SIZE(a) (sizeof(a)/sizeof(a[0]))
|
#define SIZE(a) (sizeof(a)/sizeof(a[0]))
|
||||||
@ -106,7 +124,7 @@ Index: util-linux-ng-2.13.0.1+git20071121/mount/lomount.c
|
|||||||
|
|
||||||
+static void phash_none(const unsigned char *key, size_t keylen, unsigned char* buf, size_t buflen)
|
+static void phash_none(const unsigned char *key, size_t keylen, unsigned char* buf, size_t buflen)
|
||||||
+{
|
+{
|
||||||
+ memcpy(buf, key, MAX(buflen, keylen));
|
+ memcpy(buf, key, MIN(buflen, keylen));
|
||||||
+}
|
+}
|
||||||
+
|
+
|
||||||
+static void phash_rmd160(const unsigned char *key, size_t keylen, unsigned char* buf, size_t buflen)
|
+static void phash_rmd160(const unsigned char *key, size_t keylen, unsigned char* buf, size_t buflen)
|
||||||
@ -119,7 +137,7 @@ Index: util-linux-ng-2.13.0.1+git20071121/mount/lomount.c
|
|||||||
+ rmd160_hash_buffer(tmpbuf + RMD160_HASH_SIZE, tmp, keylen+1);
|
+ rmd160_hash_buffer(tmpbuf + RMD160_HASH_SIZE, tmp, keylen+1);
|
||||||
+ memset(tmp, 0, keylen+1);
|
+ memset(tmp, 0, keylen+1);
|
||||||
+ free(tmp);
|
+ free(tmp);
|
||||||
+ memcpy(buf, tmpbuf, MAX(buflen, sizeof(tmpbuf)));
|
+ memcpy(buf, tmpbuf, MIN(buflen, sizeof(tmpbuf)));
|
||||||
+}
|
+}
|
||||||
+
|
+
|
||||||
int
|
int
|
||||||
@ -133,21 +151,20 @@ Index: util-linux-ng-2.13.0.1+git20071121/mount/lomount.c
|
|||||||
char *filename;
|
char *filename;
|
||||||
|
|
||||||
if (verbose) {
|
if (verbose) {
|
||||||
@@ -406,13 +440,41 @@ set_loop(const char *device, const char
|
@@ -406,13 +440,37 @@ set_loop(const char *device, const char *file, unsigned long long offset,
|
||||||
filename = (char *) file;
|
filename = (char *) file;
|
||||||
xstrncpy((char *)loopinfo64.lo_file_name, filename, LO_NAME_SIZE);
|
xstrncpy((char *)loopinfo64.lo_file_name, filename, LO_NAME_SIZE);
|
||||||
|
|
||||||
+ loopinfo64.lo_encrypt_key_size = 0;
|
+ loopinfo64.lo_encrypt_key_size = 0;
|
||||||
+
|
+
|
||||||
if (encryption && *encryption) {
|
if (encryption && *encryption) {
|
||||||
|
- if (digits_only(encryption)) {
|
||||||
+ // a hint for suse users
|
+ // a hint for suse users
|
||||||
+ if(!strcmp(encryption, "twofishSL92")) {
|
+ if(!phash && (!strcmp(encryption, "twofishSL92") || (!strcmp(encryption, "twofish") && !keysz))) {
|
||||||
+ fprintf(stderr, _("twofishSL92 is not supported via cryptoloop, please use dm-crypt to access the volume\n"));
|
+ fprintf(stderr,"Switching to old S.u.S.E. loop_fish2 compatibility mode.\n");
|
||||||
+ close(fd);
|
+ fprintf(stderr, _("Warning: This mode is deprecated, support for it will be removed in the future.\n"));
|
||||||
+ close(ffd);
|
+ loopinfo64.lo_encrypt_type = 3; // LO_CRYPT_FISH
|
||||||
+ return 1;
|
+ } else if (digits_only(encryption)) {
|
||||||
+ }
|
|
||||||
if (digits_only(encryption)) {
|
|
||||||
loopinfo64.lo_encrypt_type = atoi(encryption);
|
loopinfo64.lo_encrypt_type = atoi(encryption);
|
||||||
} else {
|
} else {
|
||||||
- loopinfo64.lo_encrypt_type = LO_CRYPT_CRYPTOAPI;
|
- loopinfo64.lo_encrypt_type = LO_CRYPT_CRYPTOAPI;
|
||||||
@ -169,15 +186,13 @@ Index: util-linux-ng-2.13.0.1+git20071121/mount/lomount.c
|
|||||||
+ fprintf(stderr, _("please either specify '%s%d' or -e '%s' -k '%d'\n"),
|
+ fprintf(stderr, _("please either specify '%s%d' or -e '%s' -k '%d'\n"),
|
||||||
+ loopinfo64.lo_crypt_name, loopinfo64.lo_encrypt_key_size<<3,
|
+ loopinfo64.lo_crypt_name, loopinfo64.lo_encrypt_key_size<<3,
|
||||||
+ loopinfo64.lo_crypt_name, keysz);
|
+ loopinfo64.lo_crypt_name, keysz);
|
||||||
+ close(fd);
|
|
||||||
+ close(ffd);
|
|
||||||
+ return 1;
|
+ return 1;
|
||||||
+ }
|
+ }
|
||||||
+ loopinfo64.lo_encrypt_type = LO_CRYPT_CRYPTOAPI;
|
+ loopinfo64.lo_encrypt_type = LO_CRYPT_CRYPTOAPI;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -432,20 +494,64 @@ set_loop(const char *device, const char
|
@@ -432,20 +490,70 @@ set_loop(const char *device, const char *file, unsigned long long offset,
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@ -198,17 +213,22 @@ Index: util-linux-ng-2.13.0.1+git20071121/mount/lomount.c
|
|||||||
- xstrncpy((char *)loopinfo64.lo_encrypt_key, pass, LO_KEY_SIZE);
|
- xstrncpy((char *)loopinfo64.lo_encrypt_key, pass, LO_KEY_SIZE);
|
||||||
+
|
+
|
||||||
+ pass = xgetpass(pfd, _("Password: "));
|
+ pass = xgetpass(pfd, _("Password: "));
|
||||||
+ if(!pass) {
|
+ if(!pass)
|
||||||
+ close(fd);
|
|
||||||
+ close(ffd);
|
|
||||||
+ return 1;
|
+ return 1;
|
||||||
+ }
|
|
||||||
+
|
+
|
||||||
+ // set default hash functions, loop-AES compatible
|
+ // set default hash functions, loop-AES compatible
|
||||||
+ if(loopinfo64.lo_encrypt_type == LO_CRYPT_CRYPTOAPI) {
|
+ if(loopinfo64.lo_encrypt_type == LO_CRYPT_CRYPTOAPI) {
|
||||||
+ hfunc = sha512_hash_buffer;
|
+ hfunc = sha256_hash_buffer;
|
||||||
+ if(loopinfo64.lo_encrypt_key_size == 24) hfunc = sha384_hash_buffer;
|
+ if(loopinfo64.lo_encrypt_key_size == 24) hfunc = sha384_hash_buffer;
|
||||||
+ if(loopinfo64.lo_encrypt_key_size == 32) hfunc = sha512_hash_buffer;
|
+ if(loopinfo64.lo_encrypt_key_size == 32) hfunc = sha512_hash_buffer;
|
||||||
|
+ } else if(loopinfo64.lo_encrypt_type == 3 ) { // LO_CRYPT_FISH
|
||||||
|
+ if(!strcmp(encryption, "twofishSL92")) {
|
||||||
|
+ hfunc = sha512_hash_buffer;
|
||||||
|
+ loopinfo64.lo_encrypt_key_size = 32;
|
||||||
|
+ } else {
|
||||||
|
+ hfunc = phash_rmd160;
|
||||||
|
+ loopinfo64.lo_encrypt_key_size = 20;
|
||||||
|
+ }
|
||||||
+ } else {
|
+ } else {
|
||||||
+ hfunc = phash_none;
|
+ hfunc = phash_none;
|
||||||
+ loopinfo64.lo_encrypt_key_size = keysz?keysz>>3:LO_KEY_SIZE;
|
+ loopinfo64.lo_encrypt_key_size = keysz?keysz>>3:LO_KEY_SIZE;
|
||||||
@ -218,13 +238,16 @@ Index: util-linux-ng-2.13.0.1+git20071121/mount/lomount.c
|
|||||||
+ if(!keysz) {
|
+ if(!keysz) {
|
||||||
+ if(verbose)
|
+ if(verbose)
|
||||||
+ fprintf(stderr, _("please specify a key length\n"));
|
+ fprintf(stderr, _("please specify a key length\n"));
|
||||||
+ close(fd);
|
|
||||||
+ close(ffd);
|
|
||||||
+ return 1;
|
+ return 1;
|
||||||
+ }
|
+ }
|
||||||
+ loopinfo64.lo_encrypt_key_size = keysz>>3;
|
+ loopinfo64.lo_encrypt_key_size = keysz>>3;
|
||||||
+ }
|
+ }
|
||||||
+
|
+
|
||||||
|
+ if((unsigned)loopinfo64.lo_encrypt_key_size > sizeof(loopinfo64.lo_encrypt_key)) {
|
||||||
|
+ fprintf(stderr, _("invalid key length\n"));
|
||||||
|
+ return 1;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
+ if (phash) {
|
+ if (phash) {
|
||||||
+ if(!strcasecmp(phash, "sha512")) {
|
+ if(!strcasecmp(phash, "sha512")) {
|
||||||
+ hfunc = sha512_hash_buffer;
|
+ hfunc = sha512_hash_buffer;
|
||||||
@ -238,8 +261,6 @@ Index: util-linux-ng-2.13.0.1+git20071121/mount/lomount.c
|
|||||||
+ hfunc = phash_none;
|
+ hfunc = phash_none;
|
||||||
+ } else {
|
+ } else {
|
||||||
+ fprintf(stderr, _("unsupported hash method '%s'\n"), phash);
|
+ fprintf(stderr, _("unsupported hash method '%s'\n"), phash);
|
||||||
+ close(fd);
|
|
||||||
+ close(ffd);
|
|
||||||
+ return 1;
|
+ return 1;
|
||||||
+ }
|
+ }
|
||||||
+ }
|
+ }
|
||||||
@ -254,7 +275,7 @@ Index: util-linux-ng-2.13.0.1+git20071121/mount/lomount.c
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (ioctl(fd, LOOP_SET_FD, ffd) < 0) {
|
if (ioctl(fd, LOOP_SET_FD, ffd) < 0) {
|
||||||
@@ -532,8 +638,8 @@ mutter(void) {
|
@@ -532,8 +640,8 @@ mutter(void) {
|
||||||
}
|
}
|
||||||
|
|
||||||
int
|
int
|
||||||
@ -265,11 +286,11 @@ Index: util-linux-ng-2.13.0.1+git20071121/mount/lomount.c
|
|||||||
mutter();
|
mutter();
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
@@ -569,7 +675,13 @@ usage(void) {
|
@@ -569,7 +677,13 @@ usage(void) {
|
||||||
" %1$s [ options ] {-f|--find|loop_device} file # setup\n"
|
" %1$s [ options ] {-f|--find|loop_device} file # setup\n"
|
||||||
"\nOptions:\n"
|
"\nOptions:\n"
|
||||||
" -e | --encryption <type> enable data encryption with specified <name/num>\n"
|
" -e | --encryption <type> enable data encryption with specified <name/num>\n"
|
||||||
+ " -H | --phash <type> hash password using specified algorithm (rmd160/sha512/sha256/sha384/none)\n"
|
+ " -H | --phash <type> hash password using specified algorithm (sha512/sha256/sha384/rmd160/none)\n"
|
||||||
" -h | --help this help\n"
|
" -h | --help this help\n"
|
||||||
+ " -k | --keybits <num> specify number of bits in the hashed key given\n"
|
+ " -k | --keybits <num> specify number of bits in the hashed key given\n"
|
||||||
+ " to the cipher. Some ciphers support several key\n"
|
+ " to the cipher. Some ciphers support several key\n"
|
||||||
@ -279,7 +300,7 @@ Index: util-linux-ng-2.13.0.1+git20071121/mount/lomount.c
|
|||||||
" -o | --offset <num> start at offset <num> into file\n"
|
" -o | --offset <num> start at offset <num> into file\n"
|
||||||
" -p | --pass-fd <num> read passphrase from file descriptor <num>\n"
|
" -p | --pass-fd <num> read passphrase from file descriptor <num>\n"
|
||||||
" -r | --read-only setup read-only loop device\n"
|
" -r | --read-only setup read-only loop device\n"
|
||||||
@@ -582,11 +694,14 @@ usage(void) {
|
@@ -582,11 +696,14 @@ usage(void) {
|
||||||
int
|
int
|
||||||
main(int argc, char **argv) {
|
main(int argc, char **argv) {
|
||||||
char *p, *offset, *encryption, *passfd, *device, *file;
|
char *p, *offset, *encryption, *passfd, *device, *file;
|
||||||
@ -294,7 +315,7 @@ Index: util-linux-ng-2.13.0.1+git20071121/mount/lomount.c
|
|||||||
unsigned long long off;
|
unsigned long long off;
|
||||||
struct option longopts[] = {
|
struct option longopts[] = {
|
||||||
{ "all", 0, 0, 'a' },
|
{ "all", 0, 0, 'a' },
|
||||||
@@ -594,6 +709,8 @@ main(int argc, char **argv) {
|
@@ -594,6 +711,8 @@ main(int argc, char **argv) {
|
||||||
{ "encryption", 1, 0, 'e' },
|
{ "encryption", 1, 0, 'e' },
|
||||||
{ "find", 0, 0, 'f' },
|
{ "find", 0, 0, 'f' },
|
||||||
{ "help", 0, 0, 'h' },
|
{ "help", 0, 0, 'h' },
|
||||||
@ -303,7 +324,7 @@ Index: util-linux-ng-2.13.0.1+git20071121/mount/lomount.c
|
|||||||
{ "offset", 1, 0, 'o' },
|
{ "offset", 1, 0, 'o' },
|
||||||
{ "pass-fd", 1, 0, 'p' },
|
{ "pass-fd", 1, 0, 'p' },
|
||||||
{ "read-only", 0, 0, 'r' },
|
{ "read-only", 0, 0, 'r' },
|
||||||
@@ -609,12 +726,13 @@ main(int argc, char **argv) {
|
@@ -609,12 +728,13 @@ main(int argc, char **argv) {
|
||||||
delete = find = all = 0;
|
delete = find = all = 0;
|
||||||
off = 0;
|
off = 0;
|
||||||
offset = encryption = passfd = NULL;
|
offset = encryption = passfd = NULL;
|
||||||
@ -314,11 +335,11 @@ Index: util-linux-ng-2.13.0.1+git20071121/mount/lomount.c
|
|||||||
progname = p+1;
|
progname = p+1;
|
||||||
|
|
||||||
- while ((c = getopt_long(argc, argv, "ade:E:fho:p:rsv",
|
- while ((c = getopt_long(argc, argv, "ade:E:fho:p:rsv",
|
||||||
+ while ((c = getopt_long(argc, argv, "ade:E:fhk:No:p:rsvH:",
|
+ while ((c = getopt_long(argc, argv, "ade:E:fhk:o:p:rsvH:",
|
||||||
longopts, NULL)) != -1) {
|
longopts, NULL)) != -1) {
|
||||||
switch (c) {
|
switch (c) {
|
||||||
case 'a':
|
case 'a':
|
||||||
@@ -633,6 +751,12 @@ main(int argc, char **argv) {
|
@@ -633,6 +753,12 @@ main(int argc, char **argv) {
|
||||||
case 'f':
|
case 'f':
|
||||||
find = 1;
|
find = 1;
|
||||||
break;
|
break;
|
||||||
@ -331,7 +352,7 @@ Index: util-linux-ng-2.13.0.1+git20071121/mount/lomount.c
|
|||||||
case 'o':
|
case 'o':
|
||||||
offset = optarg;
|
offset = optarg;
|
||||||
break;
|
break;
|
||||||
@@ -696,8 +820,10 @@ main(int argc, char **argv) {
|
@@ -696,8 +822,10 @@ main(int argc, char **argv) {
|
||||||
usage();
|
usage();
|
||||||
if (passfd && sscanf(passfd, "%d", &pfd) != 1)
|
if (passfd && sscanf(passfd, "%d", &pfd) != 1)
|
||||||
usage();
|
usage();
|
||||||
@ -343,10 +364,82 @@ Index: util-linux-ng-2.13.0.1+git20071121/mount/lomount.c
|
|||||||
if (res == 2 && find) {
|
if (res == 2 && find) {
|
||||||
if (verbose)
|
if (verbose)
|
||||||
printf("stolen loop=%s...trying again\n",
|
printf("stolen loop=%s...trying again\n",
|
||||||
Index: util-linux-ng-2.13.0.1+git20071121/mount/mount.c
|
diff --git a/mount/lomount.h b/mount/lomount.h
|
||||||
===================================================================
|
index 38b3a48..3a6210f 100644
|
||||||
--- util-linux-ng-2.13.0.1+git20071121.orig/mount/mount.c
|
--- a/mount/lomount.h
|
||||||
+++ util-linux-ng-2.13.0.1+git20071121/mount/mount.c
|
+++ b/mount/lomount.h
|
||||||
|
@@ -1,5 +1,5 @@
|
||||||
|
-extern int set_loop(const char *, const char *, unsigned long long,
|
||||||
|
- const char *, int, int *);
|
||||||
|
+extern int set_loop(const char *device, const char *file, unsigned long long offset,
|
||||||
|
+ const char *encryption, const char* phash, int pfd, int *loopro, int keysz);
|
||||||
|
extern int del_loop(const char *);
|
||||||
|
extern int is_loop_device(const char *);
|
||||||
|
extern char * find_unused_loop_device(void);
|
||||||
|
diff --git a/mount/losetup.8 b/mount/losetup.8
|
||||||
|
index db2929f..54bbc94 100644
|
||||||
|
--- a/mount/losetup.8
|
||||||
|
+++ b/mount/losetup.8
|
||||||
|
@@ -76,6 +76,15 @@ find the first unused loop device. If a
|
||||||
|
argument is present, use this device. Otherwise, print its name.
|
||||||
|
.IP "\fB\-h, \-\-help\fP"
|
||||||
|
print help
|
||||||
|
+.IP "\fB\-H, \-\-phash \fIhash_type\fP"
|
||||||
|
+Specify the password hash function. Valid values are:
|
||||||
|
+.BR sha512 (default),
|
||||||
|
+.BR sha256 ,
|
||||||
|
+.BR sha384 ,
|
||||||
|
+.BR rmd160 ,
|
||||||
|
+.BR none .
|
||||||
|
+.IP "\fB\-k, \-\-keybits \fInum\fP"
|
||||||
|
+set the number of bits to use in key to \fInum\fP.
|
||||||
|
.IP "\fB\-o, \-\-offset \fIoffset\fP"
|
||||||
|
The data start is moved \fIoffset\fP bytes into the specified file or
|
||||||
|
device.
|
||||||
|
@@ -140,6 +149,8 @@ the command
|
||||||
|
.fi
|
||||||
|
.SH RESTRICTION
|
||||||
|
DES encryption is painfully slow. On the other hand, XOR is terribly weak.
|
||||||
|
+Both are insecure nowadays. Some ciphers may require a licence for you to be
|
||||||
|
+allowed to use them.
|
||||||
|
|
||||||
|
Cryptoloop is deprecated in favor of dm-crypt. For more details see
|
||||||
|
.B cryptsetup(8).
|
||||||
|
diff --git a/mount/mount.8 b/mount/mount.8
|
||||||
|
index 54b11d4..e79ea04 100644
|
||||||
|
--- a/mount/mount.8
|
||||||
|
+++ b/mount/mount.8
|
||||||
|
@@ -615,6 +615,15 @@ This option implies the options
|
||||||
|
(unless overridden by subsequent options, as in the option line
|
||||||
|
.BR group,dev,suid ).
|
||||||
|
.TP
|
||||||
|
+.B encryption
|
||||||
|
+Specifies an encryption algorithm to use. Used in conjunction with the
|
||||||
|
+.BR loop " option."
|
||||||
|
+.TP
|
||||||
|
+.B keybits
|
||||||
|
+Specifies the key size to use for an encryption algorithm. Used in conjunction
|
||||||
|
+with the
|
||||||
|
+.BR loop " and " encryption " options."
|
||||||
|
+.TP
|
||||||
|
.B mand
|
||||||
|
Allow mandatory locks on this filesystem. See
|
||||||
|
.BR fcntl (2).
|
||||||
|
@@ -2010,6 +2019,10 @@ that are really options to
|
||||||
|
.BR \%losetup (8).
|
||||||
|
(These options can be used in addition to those specific
|
||||||
|
to the filesystem type.)
|
||||||
|
+If the mount requires a passphrase, you will be prompted for one unless
|
||||||
|
+you specify a file descriptor to read from instead with the
|
||||||
|
+.BR \-\-pass-fd
|
||||||
|
+option.
|
||||||
|
|
||||||
|
If no explicit loop device is mentioned
|
||||||
|
(but just an option `\fB\-o loop\fP' is given), then
|
||||||
|
diff --git a/mount/mount.c b/mount/mount.c
|
||||||
|
index 60fe4fe..164ae3c 100644
|
||||||
|
--- a/mount/mount.c
|
||||||
|
+++ b/mount/mount.c
|
||||||
@@ -88,6 +88,9 @@ static int suid = 0;
|
@@ -88,6 +88,9 @@ static int suid = 0;
|
||||||
/* Contains the fd to read the passphrase from, if any. */
|
/* Contains the fd to read the passphrase from, if any. */
|
||||||
static int pfd = -1;
|
static int pfd = -1;
|
||||||
@ -357,25 +450,24 @@ Index: util-linux-ng-2.13.0.1+git20071121/mount/mount.c
|
|||||||
/* Map from -o and fstab option strings to the flag argument to mount(2). */
|
/* Map from -o and fstab option strings to the flag argument to mount(2). */
|
||||||
struct opt_map {
|
struct opt_map {
|
||||||
const char *opt; /* option name */
|
const char *opt; /* option name */
|
||||||
@@ -185,6 +188,7 @@ static int opt_nofail = 0;
|
@@ -182,6 +185,7 @@ static const struct opt_map opt_map[] = {
|
||||||
|
|
||||||
static const char *opt_loopdev, *opt_vfstype, *opt_offset, *opt_encryption,
|
static const char *opt_loopdev, *opt_vfstype, *opt_offset, *opt_encryption,
|
||||||
*opt_speed, *opt_comment, *opt_uhelper;
|
*opt_speed, *opt_comment, *opt_uhelper;
|
||||||
+static const char *opt_keybits, *opt_phash, *opt_nohashpass;
|
+static const char *opt_keybits, *opt_phash;
|
||||||
|
|
||||||
static int mounted (const char *spec0, const char *node0);
|
static int mounted (const char *spec0, const char *node0);
|
||||||
static int check_special_mountprog(const char *spec, const char *node,
|
static int check_special_mountprog(const char *spec, const char *node,
|
||||||
@@ -199,6 +203,9 @@ static struct string_opt_map {
|
@@ -196,6 +200,8 @@ static struct string_opt_map {
|
||||||
{ "vfs=", 1, &opt_vfstype },
|
{ "vfs=", 1, &opt_vfstype },
|
||||||
{ "offset=", 0, &opt_offset },
|
{ "offset=", 0, &opt_offset },
|
||||||
{ "encryption=", 0, &opt_encryption },
|
{ "encryption=", 0, &opt_encryption },
|
||||||
+ { "phash=", 0, &opt_phash },
|
+ { "phash=", 0, &opt_phash },
|
||||||
+ { "keybits=", 0, &opt_keybits },
|
+ { "keybits=", 0, &opt_keybits },
|
||||||
+ { "nohashpass", 0, &opt_nohashpass },
|
|
||||||
{ "speed=", 0, &opt_speed },
|
{ "speed=", 0, &opt_speed },
|
||||||
{ "comment=", 1, &opt_comment },
|
{ "comment=", 1, &opt_comment },
|
||||||
{ "uhelper=", 0, &opt_uhelper },
|
{ "uhelper=", 0, &opt_uhelper },
|
||||||
@@ -902,7 +909,7 @@ loop_check(const char **spec, const char
|
@@ -897,7 +903,7 @@ loop_check(const char **spec, const char **type, int *flags,
|
||||||
*type = opt_vfstype;
|
*type = opt_vfstype;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -384,27 +476,20 @@ Index: util-linux-ng-2.13.0.1+git20071121/mount/mount.c
|
|||||||
*loopfile = *spec;
|
*loopfile = *spec;
|
||||||
|
|
||||||
if (*loop) {
|
if (*loop) {
|
||||||
@@ -928,9 +935,17 @@ loop_check(const char **spec, const char
|
@@ -923,9 +929,10 @@ loop_check(const char **spec, const char **type, int *flags,
|
||||||
return EX_SYSERR; /* no more loop devices */
|
return EX_SYSERR; /* no more loop devices */
|
||||||
if (verbose)
|
if (verbose)
|
||||||
printf(_("mount: going to use the loop device %s\n"), *loopdev);
|
printf(_("mount: going to use the loop device %s\n"), *loopdev);
|
||||||
-
|
-
|
||||||
+ if (!keysz && opt_keybits)
|
+ if (!keysz && opt_keybits)
|
||||||
+ keysz = strtoul(opt_keybits, NULL, 0);
|
+ keysz = strtoul(opt_keybits, NULL, 0);
|
||||||
+ if (opt_nohashpass) {
|
|
||||||
+ if(opt_phash && strcmp(opt_phash, "none")) {
|
|
||||||
+ error(_("mount: please specify either phash=%s or nohashpass\n"), opt_phash);
|
|
||||||
+ return EX_FAIL;
|
|
||||||
+ }
|
|
||||||
+ opt_phash = "none";
|
|
||||||
+ }
|
|
||||||
if ((res = set_loop(*loopdev, *loopfile, offset,
|
if ((res = set_loop(*loopdev, *loopfile, offset,
|
||||||
- opt_encryption, pfd, &loopro))) {
|
- opt_encryption, pfd, &loopro))) {
|
||||||
+ opt_encryption, opt_phash, pfd, &loopro, keysz))) {
|
+ opt_encryption, opt_phash, pfd, &loopro, keysz))) {
|
||||||
if (res == 2) {
|
if (res == 2) {
|
||||||
/* loop dev has been grabbed by some other process,
|
/* loop dev has been grabbed by some other process,
|
||||||
try again, if not given explicitly */
|
try again, if not given explicitly */
|
||||||
@@ -1668,6 +1683,7 @@ static struct option longopts[] = {
|
@@ -1661,6 +1668,7 @@ static struct option longopts[] = {
|
||||||
{ "options", 1, 0, 'o' },
|
{ "options", 1, 0, 'o' },
|
||||||
{ "test-opts", 1, 0, 'O' },
|
{ "test-opts", 1, 0, 'O' },
|
||||||
{ "pass-fd", 1, 0, 'p' },
|
{ "pass-fd", 1, 0, 'p' },
|
||||||
@ -412,7 +497,7 @@ Index: util-linux-ng-2.13.0.1+git20071121/mount/mount.c
|
|||||||
{ "types", 1, 0, 't' },
|
{ "types", 1, 0, 't' },
|
||||||
{ "bind", 0, 0, 128 },
|
{ "bind", 0, 0, 128 },
|
||||||
{ "move", 0, 0, 133 },
|
{ "move", 0, 0, 133 },
|
||||||
@@ -1814,6 +1830,7 @@ main(int argc, char *argv[]) {
|
@@ -1807,6 +1815,7 @@ main(int argc, char *argv[]) {
|
||||||
char *options = NULL, *test_opts = NULL, *node;
|
char *options = NULL, *test_opts = NULL, *node;
|
||||||
const char *spec = NULL;
|
const char *spec = NULL;
|
||||||
char *label = NULL;
|
char *label = NULL;
|
||||||
@ -420,7 +505,7 @@ Index: util-linux-ng-2.13.0.1+git20071121/mount/mount.c
|
|||||||
char *uuid = NULL;
|
char *uuid = NULL;
|
||||||
char *types = NULL;
|
char *types = NULL;
|
||||||
char *p;
|
char *p;
|
||||||
@@ -1844,7 +1861,7 @@ main(int argc, char *argv[]) {
|
@@ -1837,7 +1846,7 @@ main(int argc, char *argv[]) {
|
||||||
initproctitle(argc, argv);
|
initproctitle(argc, argv);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@ -429,7 +514,7 @@ Index: util-linux-ng-2.13.0.1+git20071121/mount/mount.c
|
|||||||
longopts, NULL)) != -1) {
|
longopts, NULL)) != -1) {
|
||||||
switch (c) {
|
switch (c) {
|
||||||
case 'a': /* mount everything in fstab */
|
case 'a': /* mount everything in fstab */
|
||||||
@@ -1862,6 +1879,9 @@ main(int argc, char *argv[]) {
|
@@ -1855,6 +1864,9 @@ main(int argc, char *argv[]) {
|
||||||
case 'i':
|
case 'i':
|
||||||
external_allowed = 0;
|
external_allowed = 0;
|
||||||
break;
|
break;
|
||||||
@ -439,7 +524,7 @@ Index: util-linux-ng-2.13.0.1+git20071121/mount/mount.c
|
|||||||
case 'l':
|
case 'l':
|
||||||
list_with_volumelabel = 1;
|
list_with_volumelabel = 1;
|
||||||
break;
|
break;
|
||||||
@@ -1998,6 +2018,9 @@ main(int argc, char *argv[]) {
|
@@ -1991,6 +2003,9 @@ main(int argc, char *argv[]) {
|
||||||
|
|
||||||
atexit(unlock_mtab);
|
atexit(unlock_mtab);
|
||||||
|
|
||||||
@ -449,10 +534,22 @@ Index: util-linux-ng-2.13.0.1+git20071121/mount/mount.c
|
|||||||
switch (argc+specseen) {
|
switch (argc+specseen) {
|
||||||
case 0:
|
case 0:
|
||||||
/* mount -a */
|
/* mount -a */
|
||||||
Index: util-linux-ng-2.13.0.1+git20071121/mount/rmd160.c
|
diff --git a/mount/my_dev_t.h b/mount/my_dev_t.h
|
||||||
===================================================================
|
new file mode 100644
|
||||||
|
index 0000000..5c4c0a1
|
||||||
--- /dev/null
|
--- /dev/null
|
||||||
+++ util-linux-ng-2.13.0.1+git20071121/mount/rmd160.c
|
+++ b/mount/my_dev_t.h
|
||||||
|
@@ -0,0 +1,5 @@
|
||||||
|
+/* silliness to get dev_t defined as the kernel defines it */
|
||||||
|
+/* glibc uses a different dev_t */
|
||||||
|
+
|
||||||
|
+#include <linux/posix_types.h>
|
||||||
|
+#define my_dev_t __kernel_old_dev_t
|
||||||
|
diff --git a/mount/rmd160.c b/mount/rmd160.c
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000..3430954
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/mount/rmd160.c
|
||||||
@@ -0,0 +1,532 @@
|
@@ -0,0 +1,532 @@
|
||||||
+/* rmd160.c - RIPE-MD160
|
+/* rmd160.c - RIPE-MD160
|
||||||
+ * Copyright (C) 1998 Free Software Foundation, Inc.
|
+ * Copyright (C) 1998 Free Software Foundation, Inc.
|
||||||
@ -986,10 +1083,28 @@ Index: util-linux-ng-2.13.0.1+git20071121/mount/rmd160.c
|
|||||||
+ rmd160_final( &hd );
|
+ rmd160_final( &hd );
|
||||||
+ memcpy( outbuf, hd.buf, 20 );
|
+ memcpy( outbuf, hd.buf, 20 );
|
||||||
+}
|
+}
|
||||||
Index: util-linux-ng-2.13.0.1+git20071121/mount/sha512.c
|
diff --git a/mount/rmd160.h b/mount/rmd160.h
|
||||||
===================================================================
|
new file mode 100644
|
||||||
|
index 0000000..4b2c61d
|
||||||
--- /dev/null
|
--- /dev/null
|
||||||
+++ util-linux-ng-2.13.0.1+git20071121/mount/sha512.c
|
+++ b/mount/rmd160.h
|
||||||
|
@@ -0,0 +1,11 @@
|
||||||
|
+#ifndef RMD160_H
|
||||||
|
+#define RMD160_H
|
||||||
|
+
|
||||||
|
+#define RMD160_HASH_SIZE 20
|
||||||
|
+
|
||||||
|
+void
|
||||||
|
+rmd160_hash_buffer( unsigned char *outbuf, const unsigned char *buffer, size_t length );
|
||||||
|
+
|
||||||
|
+#endif /*RMD160_H*/
|
||||||
|
+
|
||||||
|
+
|
||||||
|
diff --git a/mount/sha512.c b/mount/sha512.c
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000..e4c9c13
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/mount/sha512.c
|
||||||
@@ -0,0 +1,432 @@
|
@@ -0,0 +1,432 @@
|
||||||
+/*
|
+/*
|
||||||
+ * sha512.c
|
+ * sha512.c
|
||||||
@ -1423,10 +1538,11 @@ Index: util-linux-ng-2.13.0.1+git20071121/mount/sha512.c
|
|||||||
+ memset(&ctx, 0, sizeof(ctx));
|
+ memset(&ctx, 0, sizeof(ctx));
|
||||||
+}
|
+}
|
||||||
+#endif
|
+#endif
|
||||||
Index: util-linux-ng-2.13.0.1+git20071121/mount/sha512.h
|
diff --git a/mount/sha512.h b/mount/sha512.h
|
||||||
===================================================================
|
new file mode 100644
|
||||||
|
index 0000000..4b57c01
|
||||||
--- /dev/null
|
--- /dev/null
|
||||||
+++ util-linux-ng-2.13.0.1+git20071121/mount/sha512.h
|
+++ b/mount/sha512.h
|
||||||
@@ -0,0 +1,45 @@
|
@@ -0,0 +1,45 @@
|
||||||
+/*
|
+/*
|
||||||
+ * sha512.h
|
+ * sha512.h
|
||||||
@ -1473,15 +1589,6 @@ Index: util-linux-ng-2.13.0.1+git20071121/mount/sha512.h
|
|||||||
+/* no sha384_write(), use sha512_write() */
|
+/* no sha384_write(), use sha512_write() */
|
||||||
+/* no sha384_final(), use sha512_final(), result in ctx->sha_out[0...47] */
|
+/* no sha384_final(), use sha512_final(), result in ctx->sha_out[0...47] */
|
||||||
+extern void sha384_hash_buffer(const unsigned char *, size_t, unsigned char *, size_t);
|
+extern void sha384_hash_buffer(const unsigned char *, size_t, unsigned char *, size_t);
|
||||||
Index: util-linux-ng-2.13.0.1+git20071121/mount/lomount.h
|
--
|
||||||
===================================================================
|
1.5.3.4
|
||||||
--- util-linux-ng-2.13.0.1+git20071121.orig/mount/lomount.h
|
|
||||||
+++ util-linux-ng-2.13.0.1+git20071121/mount/lomount.h
|
|
||||||
@@ -1,5 +1,5 @@
|
|
||||||
-extern int set_loop(const char *, const char *, unsigned long long,
|
|
||||||
- const char *, int, int *);
|
|
||||||
+extern int set_loop(const char *device, const char *file, unsigned long long offset,
|
|
||||||
+ const char *encryption, const char* phash, int pfd, int *loopro, int keysz);
|
|
||||||
extern int del_loop(const char *);
|
|
||||||
extern int is_loop_device(const char *);
|
|
||||||
extern char * find_unused_loop_device(void);
|
|
@ -1,3 +1,12 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Nov 29 17:51:17 CET 2007 - lnussel@suse.de
|
||||||
|
|
||||||
|
- update crypto patch
|
||||||
|
* fix mount buffer overflow when reading the passphrase (#332148)
|
||||||
|
* add loop_fish2 compatability code to losetup/mount again (#332095)
|
||||||
|
* change default hash size for 128bit keys to sha256 again
|
||||||
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed Nov 21 13:43:31 CET 2007 - mkoenig@suse.de
|
Wed Nov 21 13:43:31 CET 2007 - mkoenig@suse.de
|
||||||
|
|
||||||
|
@ -21,7 +21,7 @@ License: BSD 3-Clause; GPL v2 or later
|
|||||||
Group: System/Base
|
Group: System/Base
|
||||||
AutoReqProv: on
|
AutoReqProv: on
|
||||||
Version: 2.13.0.1+git20071121
|
Version: 2.13.0.1+git20071121
|
||||||
Release: 1
|
Release: 5
|
||||||
Summary: A collection of basic system utilities
|
Summary: A collection of basic system utilities
|
||||||
Source: ftp://ftp.kernel.org/pub/linux/utils/util-linux/%name-ng-%version.tar.bz2
|
Source: ftp://ftp.kernel.org/pub/linux/utils/util-linux/%name-ng-%version.tar.bz2
|
||||||
Source1: util-linux-2.13-rpmlintrc
|
Source1: util-linux-2.13-rpmlintrc
|
||||||
@ -64,7 +64,7 @@ Patch5: util-linux-2.12r-fdisk_remove_bogus_warnings.patch
|
|||||||
# TODO: Needs to be ported to new version
|
# TODO: Needs to be ported to new version
|
||||||
Patch38: util-linux-2.12r-mount_swapon_swsuspend_resume.patch
|
Patch38: util-linux-2.12r-mount_swapon_swsuspend_resume.patch
|
||||||
# 304861 - support password hashing and key length
|
# 304861 - support password hashing and key length
|
||||||
Patch10: util-linux-2.13-mount_losetup_crypto.patch
|
Patch10: util-linux-mount_losetup_crypto.patch
|
||||||
Patch11: util-linux-2.13-mount_fd_leak.patch
|
Patch11: util-linux-2.13-mount_fd_leak.patch
|
||||||
Patch12: util-linux-2.13-fdisk_cfdisk_ncursesw.patch
|
Patch12: util-linux-2.13-fdisk_cfdisk_ncursesw.patch
|
||||||
##
|
##
|
||||||
@ -557,7 +557,13 @@ fi
|
|||||||
#/usr/bin/i386
|
#/usr/bin/i386
|
||||||
#/usr/bin/ia64
|
#/usr/bin/ia64
|
||||||
#%endif
|
#%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Nov 29 2007 - lnussel@suse.de
|
||||||
|
- update crypto patch
|
||||||
|
* fix mount buffer overflow when reading the passphrase (#332148)
|
||||||
|
* add loop_fish2 compatability code to losetup/mount again (#332095)
|
||||||
|
* change default hash size for 128bit keys to sha256 again
|
||||||
* Wed Nov 21 2007 - mkoenig@suse.de
|
* Wed Nov 21 2007 - mkoenig@suse.de
|
||||||
- update to git20071121:
|
- update to git20071121:
|
||||||
add sector size check for mkfs.minix [#308256]
|
add sector size check for mkfs.minix [#308256]
|
||||||
|
Loading…
Reference in New Issue
Block a user