cryptsetup - Port to DragonFly
authorAlex Hornung <ahornung@gmail.com>
Thu, 8 Jul 2010 08:11:46 +0000 (09:11 +0100)
committerAlex Hornung <ahornung@gmail.com>
Sun, 11 Jul 2010 21:05:52 +0000 (22:05 +0100)
contrib/cryptsetup/config.h [new file with mode: 0644]
contrib/cryptsetup/lib/backends.c
contrib/cryptsetup/lib/libdevmapper.c
contrib/cryptsetup/lib/utils.c
contrib/cryptsetup/luks/af.c
contrib/cryptsetup/luks/keymanage.c
contrib/cryptsetup/luks/pbkdf.c
contrib/cryptsetup/src/cryptsetup.c
gnu/sbin/Makefile
gnu/sbin/cryptsetup/Makefile [new file with mode: 0644]

diff --git a/contrib/cryptsetup/config.h b/contrib/cryptsetup/config.h
new file mode 100644 (file)
index 0000000..a05fd7e
--- /dev/null
@@ -0,0 +1,238 @@
+/* config.h.  Generated from config.h.in by configure.  */
+/* config.h.in.  Generated from configure.in by autoheader.  */
+
+/* Define if building universal (internal helper macro) */
+/* #undef AC_APPLE_UNIVERSAL_BUILD */
+
+/* cipher for LUKS1 */
+#define DEFAULT_LUKS1_CIPHER "aes"
+
+/* hash function for LUKS1 header */
+#define DEFAULT_LUKS1_HASH "sha1"
+
+/* key length in bits for LUKS1 */
+#define DEFAULT_LUKS1_KEYBITS 256
+
+/* cipher mode for LUKS1 */
+#define DEFAULT_LUKS1_MODE "cbc-essiv:sha256"
+
+/* cipher for plain mode */
+#define DEFAULT_PLAIN_CIPHER "aes"
+
+/* password hashing function for plain mode */
+#define DEFAULT_PLAIN_HASH "ripemd160"
+
+/* key length in bits for plain mode */
+#define DEFAULT_PLAIN_KEYBITS 256
+
+/* cipher mode for plain mode */
+#define DEFAULT_PLAIN_MODE "cbc-essiv:sha256"
+
+/* Define to 1 if translation of program messages to the user's native
+   language is requested. */
+//#define ENABLE_NLS 0
+
+/* Define to 1 if you have the MacOS X function CFLocaleCopyCurrent in the
+   CoreFoundation framework. */
+/* #undef HAVE_CFLOCALECOPYCURRENT */
+
+/* Define to 1 if you have the MacOS X function CFPreferencesCopyAppValue in
+   the CoreFoundation framework. */
+/* #undef HAVE_CFPREFERENCESCOPYAPPVALUE */
+
+/* Define to 1 if you have the <ctype.h> header file. */
+#define HAVE_CTYPE_H 1
+
+/* Define if the GNU dcgettext() function is already present or preinstalled.
+   */
+//#define HAVE_DCGETTEXT 0
+
+/* Define to 1 if you have the <dirent.h> header file, and it defines `DIR'.
+   */
+#define HAVE_DIRENT_H 1
+
+/* Define to 1 if you have the <dlfcn.h> header file. */
+#define HAVE_DLFCN_H 1
+
+/* Define to 1 if you have the `dm_task_set_cookie' function. */
+#define HAVE_DM_TASK_SET_COOKIE 1
+
+/* Define to 1 if you have the <fcntl.h> header file. */
+#define HAVE_FCNTL_H 1
+
+/* Define if the GNU gettext() function is already present or preinstalled. */
+//#define HAVE_GETTEXT 0
+
+/* Define if you have the iconv() function. */
+/* #undef HAVE_ICONV */
+
+/* Define to 1 if you have the <inttypes.h> header file. */
+#define HAVE_INTTYPES_H 1
+
+/* Define to 1 if you have the `devmapper' library (-ldevmapper). */
+/* #undef HAVE_LIBDEVMAPPER */
+
+/* Define to 1 if you have the `popt' library (-lpopt). */
+//#define HAVE_LIBPOPT 0
+
+/* Define to 1 if you have the `selinux' library (-lselinux). */
+//#define HAVE_LIBSELINUX 0
+
+/* Define to 1 if you have the `sepol' library (-lsepol). */
+//#define HAVE_LIBSEPOL 0
+
+/* Define to 1 if you have the `uuid' library (-luuid). */
+#define HAVE_LIBUUID 1
+
+/* Define to 1 if you have the <locale.h> header file. */
+#define HAVE_LOCALE_H 1
+
+/* Define to 1 if you have the <malloc.h> header file. */
+#define HAVE_MALLOC_H 1
+
+/* Define to 1 if you have the <memory.h> header file. */
+#define HAVE_MEMORY_H 1
+
+/* Define to 1 if you have the <ndir.h> header file, and it defines `DIR'. */
+/* #undef HAVE_NDIR_H */
+
+/* Define to 1 if you have the `posix_memalign' function. */
+#define HAVE_POSIX_MEMALIGN 1
+
+/* Define to 1 if you have the <stdint.h> header file. */
+#define HAVE_STDINT_H 1
+
+/* Define to 1 if you have the <stdlib.h> header file. */
+#define HAVE_STDLIB_H 1
+
+/* Define to 1 if you have the <strings.h> header file. */
+#define HAVE_STRINGS_H 1
+
+/* Define to 1 if you have the <string.h> header file. */
+#define HAVE_STRING_H 1
+
+/* Define to 1 if `st_rdev' is a member of `struct stat'. */
+#define HAVE_STRUCT_STAT_ST_RDEV 1
+
+/* Define to 1 if your `struct stat' has `st_rdev'. Deprecated, use
+   `HAVE_STRUCT_STAT_ST_RDEV' instead. */
+#define HAVE_ST_RDEV 1
+
+/* Define to 1 if you have the <sys/dir.h> header file, and it defines `DIR'.
+   */
+/* #undef HAVE_SYS_DIR_H */
+
+/* Define to 1 if you have the <sys/ioctl.h> header file. */
+#define HAVE_SYS_IOCTL_H 1
+
+/* Define to 1 if you have the <sys/mman.h> header file. */
+#define HAVE_SYS_MMAN_H 1
+
+/* Define to 1 if you have the <sys/ndir.h> header file, and it defines `DIR'.
+   */
+/* #undef HAVE_SYS_NDIR_H */
+
+/* Define to 1 if you have the <sys/stat.h> header file. */
+#define HAVE_SYS_STAT_H 1
+
+/* Define to 1 if you have the <sys/types.h> header file. */
+#define HAVE_SYS_TYPES_H 1
+
+/* Define to 1 if you have the <unistd.h> header file. */
+#define HAVE_UNISTD_H 1
+
+/* Define to 1 if you have the <uuid/uuid.h> header file. */
+#define HAVE_UUID_UUID_H 1
+
+/* Define to the sub-directory in which libtool stores uninstalled libraries.
+   */
+#define LT_OBJDIR ".libs/"
+
+/* Define to 1 if your C compiler doesn't accept -c and -o together. */
+/* #undef NO_MINUS_C_MINUS_O */
+
+/* Name of package */
+#define PACKAGE "cryptsetup"
+
+/* Define to the address where bug reports for this package should be sent. */
+#define PACKAGE_BUGREPORT ""
+
+/* Define to the full name of this package. */
+#define PACKAGE_NAME "cryptsetup"
+
+/* Define to the full name and version of this package. */
+#define PACKAGE_STRING "cryptsetup 1.1.2"
+
+/* Define to the one symbol short name of this package. */
+#define PACKAGE_TARNAME "cryptsetup"
+
+/* Define to the home page for this package. */
+#define PACKAGE_URL ""
+
+/* Define to the version of this package. */
+#define PACKAGE_VERSION "1.1.2"
+
+/* Define to 1 if you have the ANSI C header files. */
+#define STDC_HEADERS 1
+
+/* Enable extensions on AIX 3, Interix.  */
+#ifndef _ALL_SOURCE
+# define _ALL_SOURCE 1
+#endif
+/* Enable GNU extensions on systems that have them.  */
+#ifndef _GNU_SOURCE
+# define _GNU_SOURCE 1
+#endif
+/* Enable threading extensions on Solaris.  */
+#ifndef _POSIX_PTHREAD_SEMANTICS
+# define _POSIX_PTHREAD_SEMANTICS 1
+#endif
+/* Enable extensions on HP NonStop.  */
+#ifndef _TANDEM_SOURCE
+# define _TANDEM_SOURCE 1
+#endif
+/* Enable general extensions on Solaris.  */
+#ifndef __EXTENSIONS__
+# define __EXTENSIONS__ 1
+#endif
+
+
+/* Try to use udev synchronisation? */
+#define USE_UDEV 1
+
+/* Version number of package */
+#define VERSION "1.1.2"
+
+/* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most
+   significant byte first (like Motorola and SPARC, unlike Intel). */
+#if defined AC_APPLE_UNIVERSAL_BUILD
+# if defined __BIG_ENDIAN__
+#  define WORDS_BIGENDIAN 1
+# endif
+#else
+# ifndef WORDS_BIGENDIAN
+/* #  undef WORDS_BIGENDIAN */
+# endif
+#endif
+
+/* Number of bits in a file offset, on hosts where this is settable. */
+/* #undef _FILE_OFFSET_BITS */
+
+/* Define for large files, on AIX-style hosts. */
+/* #undef _LARGE_FILES */
+
+/* Define to 1 if on MINIX. */
+/* #undef _MINIX */
+
+/* Define to 2 if the system does not provide POSIX.1 features except with
+   this defined. */
+/* #undef _POSIX_1_SOURCE */
+
+/* Define to 1 if you need to in order for `stat' and other things to work. */
+/* #undef _POSIX_SOURCE */
+
+/* Define to empty if `const' does not conform to ANSI C. */
+/* #undef const */
+
+/* Define to `long int' if <sys/types.h> does not define. */
+/* #undef off_t */
index e2c441d..446e812 100644 (file)
@@ -2,95 +2,48 @@
 #include <string.h>
 #include <stdlib.h>
 #include <errno.h>
+#include <openssl/evp.h>
 
 #include "libcryptsetup.h"
 #include "internal.h"
 
-extern struct hash_backend hash_gcrypt_backend;
-
-static struct hash_backend *hash_backends[] = {
-       &hash_gcrypt_backend,
-       NULL
-};
-
-struct hash_backend *get_hash_backend(const char *name)
-{
-       struct hash_backend **backend;
-
-       for(backend = hash_backends; *backend; backend++)
-               if (!name || strcmp(name, (*backend)->name) == 0)
-                       break;
-
-       return *backend;
-}
-
-void put_hash_backend(struct hash_backend *backend)
+int init_crypto(void)
 {
+       return 0;
 }
 
 int hash(const char *backend_name, const char *hash_name,
          char *result, size_t size,
          const char *passphrase, size_t sizep)
 {
-       struct hash_backend *backend;
-       struct hash_type *hashes = NULL, *hash;
-       char hash_name_buf[256], *s;
+       EVP_MD_CTX mdctx;
+       const EVP_MD *md;
        size_t pad = 0;
        int r = -ENOENT;
 
-       if (strlen(hash_name) >= sizeof(hash_name_buf)) {
-               set_error("hash name too long: %s", hash_name);
-               return -ENAMETOOLONG;
-       }
-
-       if ((s = strchr(hash_name, ':'))) {
-               size_t hlen;
-               strcpy(hash_name_buf, hash_name);
-               hash_name_buf[s-hash_name] = '\0';
-               hash_name = hash_name_buf;
-               hlen = atoi(++s);
-               if (hlen > size) {
-                       set_error("requested hash length (%zd) > key length (%zd)", hlen, size);
-                       return -EINVAL;
-               }
-               pad = size-hlen;
-               size = hlen;
-       }
-
-       backend = get_hash_backend(backend_name);
-       if (!backend) {
-               set_error("No hash backend found");
-               return -ENOSYS;
-       }
-
-       hashes = backend->get_hashes();
-       if (!hashes) {
-               set_error("No hash functions available");
-               goto out;
-       }
-
-       for(hash = hashes; hash->name; hash++)
-               if (strcmp(hash->name, hash_name) == 0)
-                       break;
-       if (!hash->name) {
+       OpenSSL_add_all_digests();
+       md = EVP_get_digestbyname(hash_name);
+       if (md == NULL) {
                set_error("Unknown hash type %s", hash_name);
                goto out;
        }
 
-       r = hash->fn(hash->private, size, result, sizep, passphrase);
-       if (r < 0) {
-               set_error("Error hashing passphrase");
-               goto out;
+       if (EVP_MD_size(md) > size) {
+               set_error("requested hash length (%zd) > key length (%zd)", EVP_MD_size(md), size);
+               return -EINVAL;
        }
 
+       pad = size - EVP_MD_size(md);
+
+       EVP_DigestInit(&mdctx, md);
+       EVP_DigestUpdate(&mdctx, passphrase, sizep);
+       EVP_DigestFinal(&mdctx, result, NULL);
+
        if (pad) {
                memset(result+size, 0, pad);
        }
 
 out:
-       if (hashes)
-               backend->free_hashes(hashes);
-       put_hash_backend(backend);
-
        return r;
 }
+
index c37a84e..629ef7b 100644 (file)
@@ -1,12 +1,12 @@
 #include <sys/ioctl.h>
 #include <sys/stat.h>
 #include <stdio.h>
+#include <string.h>
 #include <dirent.h>
 #include <errno.h>
 #include <libdevmapper.h>
 #include <fcntl.h>
-#include <linux/fs.h>
-#include <uuid/uuid.h>
+#include <uuid.h>
 
 #include "internal.h"
 #include "luks.h"
@@ -28,8 +28,6 @@ static struct crypt_device *_context = NULL;
 /* Compatibility for old device-mapper without udev support */
 #ifndef HAVE_DM_TASK_SET_COOKIE
 #define CRYPT_TEMP_UDEV_FLAGS  0
-static int dm_task_set_cookie(struct dm_task *dmt, uint32_t *cookie, uint16_t flags) { return 0; }
-static int dm_udev_wait(uint32_t cookie) { return 0; };
 #else
 #define CRYPT_TEMP_UDEV_FLAGS  DM_UDEV_DISABLE_SUBSYSTEM_RULES_FLAG | \
                                DM_UDEV_DISABLE_DISK_RULES_FLAG | \
@@ -232,7 +230,8 @@ static int _dev_read_ahead(const char *dev, uint32_t *read_ahead)
        if ((fd = open(dev, O_RDONLY)) < 0)
                return 0;
 
-       r = ioctl(fd, BLKRAGET, &read_ahead_long) ? 0 : 1;
+       r = 0;
+       //r = ioctl(fd, BLKRAGET, &read_ahead_long) ? 0 : 1;
        close(fd);
 
        if (r)
@@ -386,14 +385,19 @@ static void dm_prepare_uuid(const char *name, const char *type, const char *uuid
        char *ptr, uuid2[UUID_LEN] = {0};
        uuid_t uu;
        int i = 0;
+       uint32_t ret;
 
        /* Remove '-' chars */
-       if (uuid && !uuid_parse(uuid, uu)) {
+       uuid_from_string(uuid, &uu, ret);
+       if (uuid && ret != uuid_s_ok) {
+               printf("crap happened in uuid_from_string(%s), err = %d\n", uuid, ret); 
                for (ptr = uuid2, i = 0; i < UUID_LEN; i++)
                        if (uuid[i] != '-') {
                                *ptr = uuid[i];
                                ptr++;
                        }
+       } else {
+               printf("went well in uuid_from_string(%s), err = %d\n", uuid, ret);     
        }
 
        i = snprintf(buf, buflen, DM_UUID_PREFIX "%s%s%s%s%s",
index 589402b..5999a06 100644 (file)
@@ -4,7 +4,6 @@
 #include <stddef.h>
 #include <stdarg.h>
 #include <errno.h>
-#include <linux/fs.h>
 #include <sys/types.h>
 #include <unistd.h>
 #include <sys/types.h>
@@ -14,6 +13,8 @@
 #include <termios.h>
 #include <sys/mman.h>
 #include <sys/resource.h>
+#include <cpu/param.h>
+#include <sys/diskslice.h>
 
 #include "libcryptsetup.h"
 #include "internal.h"
@@ -156,10 +157,13 @@ static void *aligned_malloc(void **base, int size, int alignment)
 static int sector_size(int fd) 
 {
        int bsize;
+       return DEV_BSIZE;
+#if 0
        if (ioctl(fd,BLKSSZGET, &bsize) < 0)
                return -EINVAL;
        else
                return bsize;
+#endif
 }
 
 int sector_size_for_device(const char *device)
@@ -548,6 +552,7 @@ int device_ready(struct crypt_device *cd, const char *device, int mode)
 
 int get_device_infos(const char *device, struct device_infos *infos, struct crypt_device *cd)
 {
+       struct partinfo pinfo;
        uint64_t size;
        unsigned long size_small;
        int readonly = 0;
@@ -570,19 +575,6 @@ int get_device_infos(const char *device, struct device_infos *infos, struct cryp
                return -1;
        }
 
-#ifdef BLKROGET
-       /* If the device can be opened read-write, i.e. readonly is still 0, then
-        * check whether BKROGET says that it is read-only. E.g. read-only loop
-        * devices may be openend read-write but are read-only according to BLKROGET
-        */
-       if (readonly == 0 && ioctl(fd, BLKROGET, &readonly) < 0) {
-               log_err(cd, _("BLKROGET failed on device %s.\n"), device);
-               goto out;
-       }
-#else
-#error BLKROGET not available
-#endif
-
 #ifdef BLKGETSIZE64
        if (ioctl(fd, BLKGETSIZE64, &size) >= 0) {
                size >>= SECTOR_SHIFT;
@@ -598,7 +590,11 @@ int get_device_infos(const char *device, struct device_infos *infos, struct cryp
                goto out;
        }
 #else
-#      error Need at least the BLKGETSIZE ioctl!
+       if (ioctl(fd, DIOCGPART, &pinfo) >= 0) {
+               size = pinfo.media_blocks;
+               ret = 0;
+               goto out;       
+       }
 #endif
 
        log_err(cd, _("BLKGETSIZE failed on device %s.\n"), device);
index a11ceac..98f71ac 100644 (file)
@@ -25,7 +25,7 @@
 #include <string.h>
 #include <netinet/in.h>
 #include <errno.h>
-#include <gcrypt.h>
+#include <openssl/evp.h>
 #include "random.h"
 
 static void XORblock(char const *src1, char const *src2, char *dst, size_t n)
@@ -36,19 +36,18 @@ static void XORblock(char const *src1, char const *src2, char *dst, size_t n)
                dst[j] = src1[j] ^ src2[j];
 }
 
-static int hash_buf(char *src, char *dst, uint32_t iv, int len, int hash_id)
+static int hash_buf(char *src, char *dst, uint32_t iv, int len, const EVP_MD *hash_id)
 {
-       gcry_md_hd_t hd;
+       EVP_MD_CTX mdctx;
        unsigned char *digest;
 
        iv = htonl(iv);
-       if (gcry_md_open(&hd, hash_id, 0))
-               return 1;
-       gcry_md_write(hd, (unsigned char *)&iv, sizeof(iv));
-       gcry_md_write(hd, src, len);
-       digest = gcry_md_read(hd, hash_id);
-       memcpy(dst, digest, len);
-       gcry_md_close(hd);
+
+       EVP_DigestInit(&mdctx, hash_id);
+       EVP_DigestUpdate(&mdctx, (unsigned char *)&iv, sizeof(iv));
+       EVP_DigestUpdate(&mdctx, src, len);
+       EVP_DigestFinal(&mdctx, dst, NULL);
+
        return 0;
 }
 
@@ -56,9 +55,9 @@ static int hash_buf(char *src, char *dst, uint32_t iv, int len, int hash_id)
  * the help of hash function.
  */
 
-static int diffuse(char *src, char *dst, size_t size, int hash_id)
+static int diffuse(char *src, char *dst, size_t size, const EVP_MD *hash_id)
 {
-       unsigned int digest_size = gcry_md_get_algo_dlen(hash_id);
+       unsigned int digest_size = EVP_MD_size(hash_id);
        unsigned int i, blocks, padding;
 
        blocks = size / digest_size;
@@ -90,9 +89,10 @@ int AF_split(char *src, char *dst, size_t blocksize, unsigned int blocknumbers,
        unsigned int i;
        char *bufblock;
        int r = -EINVAL;
-       int hash_id;
+       const EVP_MD *hash_id;
 
-       if (!(hash_id = gcry_md_map_name(hash)))
+       OpenSSL_add_all_digests();
+       if (!(hash_id = EVP_get_digestbyname(hash)))
                return -EINVAL;
 
        if((bufblock = calloc(blocksize, 1)) == NULL) return -ENOMEM;
@@ -119,9 +119,10 @@ int AF_merge(char *src, char *dst, size_t blocksize, unsigned int blocknumbers,
        unsigned int i;
        char *bufblock;
        int r = -EINVAL;
-       int hash_id;
+       const EVP_MD *hash_id;
 
-       if (!(hash_id = gcry_md_map_name(hash)))
+       OpenSSL_add_all_digests();
+       if (!(hash_id = EVP_get_digestbyname(hash)))
                return -EINVAL;
 
        if((bufblock = calloc(blocksize, 1)) == NULL) return -ENOMEM;
index 9b8ba0c..5bc8996 100644 (file)
@@ -20,7 +20,6 @@
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <sys/ioctl.h>
-#include <linux/fs.h>
 #include <netinet/in.h>
 #include <fcntl.h>
 #include <errno.h>
@@ -34,7 +33,7 @@
 #include "af.h"
 #include "pbkdf.h"
 #include "random.h"
-#include <uuid/uuid.h>
+#include <uuid.h>
 #include <../lib/internal.h>
 
 #define div_round_up(a,b) ({           \
@@ -432,6 +431,7 @@ int LUKS_generate_phdr(struct luks_phdr *header,
        unsigned int i=0;
        unsigned int blocksPerStripeSet = div_round_up(mk->keyLength*stripes,SECTOR_SIZE);
        int r;
+       uint32_t ret;
        char luksMagic[] = LUKS_MAGIC;
        uuid_t partitionUuid;
        int currentSector;
@@ -492,13 +492,14 @@ int LUKS_generate_phdr(struct luks_phdr *header,
        /* alignOffset - offset from natural device alignment provided by topology info */
        header->payloadOffset = currentSector + alignOffset;
 
-       if (uuid && !uuid_parse(uuid, partitionUuid)) {
+       uuid_from_string(uuid, &partitionUuid, &ret);
+       if (uuid && ret != uuid_s_ok) {
                log_err(ctx, _("Wrong UUID format provided, generating new one.\n"));
                uuid = NULL;
        }
        if (!uuid)
-               uuid_generate(partitionUuid);
-        uuid_unparse(partitionUuid, header->uuid);
+               uuid_create(&partitionUuid, &ret);
+       uuid_to_string(&partitionUuid, &header->uuid, &ret);
 
        log_dbg("Data offset %d, UUID %s, digest iterations %" PRIu32,
                header->payloadOffset, header->uuid, header->mkDigestIterations);
index fa1f720..5e9e010 100644 (file)
 #include <netinet/in.h>
 #include <errno.h>
 #include <signal.h>
-#include <alloca.h>
 #include <sys/time.h>
-#include <gcrypt.h>
+#include <string.h>
+#include <strings.h>
+#include <stdlib.h>
+#include <openssl/evp.h>
+#include <openssl/hmac.h>
 
 static volatile uint64_t __PBKDF2_global_j = 0;
 static volatile uint64_t __PBKDF2_performance = 0;
 
-int init_crypto(void);
-
 /*
  * 5.2 PBKDF2
  *
@@ -68,10 +69,11 @@ static int pkcs5_pbkdf2(const char *hash,
                        unsigned int c, unsigned int dkLen,
                        char *DK, int perfcheck)
 {
-       gcry_md_hd_t prf;
        char U[MAX_PRF_BLOCK_LEN];
        char T[MAX_PRF_BLOCK_LEN];
-       int PRF, i, k, rc = -EINVAL;
+       const EVP_MD *PRF;
+       HMAC_CTX ctx;
+       int i, k, rc = -EINVAL;
        unsigned int u, hLen, l, r;
        unsigned char *p;
        size_t tmplen = Slen + 4;
@@ -81,14 +83,14 @@ static int pkcs5_pbkdf2(const char *hash,
        if (tmp == NULL)
                return -ENOMEM;
 
-       if (init_crypto())
-               return -ENOSYS;
-
-       PRF = gcry_md_map_name(hash);
-       if (PRF == 0)
+       OpenSSL_add_all_digests();
+       PRF = EVP_get_digestbyname(hash);
+       if (PRF == NULL) {
+               printf("pkcs5_pbkdf2: invalid hash %s\n", hash);
                return -EINVAL;
+       }
 
-       hLen = gcry_md_get_algo_dlen(PRF);
+       hLen = EVP_MD_size(PRF);
        if (hLen == 0 || hLen > MAX_PRF_BLOCK_LEN)
                return -EINVAL;
 
@@ -167,37 +169,25 @@ static int pkcs5_pbkdf2(const char *hash,
         *  into a small set of values.
         *
         */
-
-       if(gcry_md_open(&prf, PRF, GCRY_MD_FLAG_HMAC))
-               return -EINVAL;
-
-       if (gcry_md_setkey(prf, P, Plen))
-               goto out;
+       HMAC_CTX_init(&ctx);
 
        for (i = 1; (uint) i <= l; i++) {
                memset(T, 0, hLen);
 
                for (u = 1; u <= c ; u++) {
-                       gcry_md_reset(prf);
-
                        if (u == 1) {
                                memcpy(tmp, S, Slen);
                                tmp[Slen + 0] = (i & 0xff000000) >> 24;
                                tmp[Slen + 1] = (i & 0x00ff0000) >> 16;
                                tmp[Slen + 2] = (i & 0x0000ff00) >> 8;
                                tmp[Slen + 3] = (i & 0x000000ff) >> 0;
-
-                               gcry_md_write(prf, tmp, tmplen);
+                               HMAC_Init_ex(&ctx, P, Plen, PRF, NULL);
+                               HMAC_Update(&ctx, tmp, tmplen);                         
+                               HMAC_Final(&ctx, U, NULL);
                        } else {
-                               gcry_md_write(prf, U, hLen);
+                               HMAC(PRF, P, Plen, U, hLen, U, NULL);
                        }
 
-                       p = gcry_md_read(prf, PRF);
-                       if (p == NULL)
-                               goto out;
-
-                       memcpy(U, p, hLen);
-
                        for (k = 0; (uint) k < hLen; k++)
                                T[k] ^= U[k];
 
@@ -214,7 +204,7 @@ static int pkcs5_pbkdf2(const char *hash,
        }
        rc = 0;
 out:
-       gcry_md_close(prf);
+       HMAC_CTX_cleanup(&ctx);
        return rc;
 }
 
@@ -229,13 +219,15 @@ int PBKDF2_HMAC(const char *hash,
 
 int PBKDF2_HMAC_ready(const char *hash)
 {
-       int hash_id = gcry_md_map_name(hash);
+       const EVP_MD *md;
 
-       if (!hash_id)
+       OpenSSL_add_all_digests();
+       md = EVP_get_digestbyname(hash);
+       if (md == NULL)
                return -EINVAL;
-
+       
        /* Used hash must have at least 160 bits */
-       if (gcry_md_get_algo_dlen(hash_id) < 20)
+       if (EVP_MD_size(md) < 20)
                return -EINVAL;
 
        return 1;
@@ -253,22 +245,28 @@ int PBKDF2_performance_check(const char *hash, uint64_t *iter)
        char buf;
        struct itimerval it;
 
-       if (__PBKDF2_global_j)
+       if (__PBKDF2_global_j) {
+               printf("foo1\n");       
                return -EBUSY;
+       }
 
-       if (!PBKDF2_HMAC_ready(hash))
+       if (!PBKDF2_HMAC_ready(hash)) {
+               printf("foo2\n");
                return -EINVAL;
+       }
 
        signal(SIGVTALRM,sigvtalarm);
        it.it_interval.tv_usec = 0;
        it.it_interval.tv_sec = 0;
        it.it_value.tv_usec = 0;
        it.it_value.tv_sec =  1;
-       if (setitimer (ITIMER_VIRTUAL, &it, NULL) < 0)
+       if (setitimer (ITIMER_VIRTUAL, &it, NULL) < 0) {
+               printf("foo3\n");
                return -EINVAL;
+       }
 
        r = pkcs5_pbkdf2(hash, "foo", 3, "bar", 3, ~(0U), 1, &buf, 1);
-
+       printf("foo4: %d\n", r);
        *iter = __PBKDF2_performance;
        __PBKDF2_global_j = 0;
        __PBKDF2_performance = 0;
index 2b48e41..21af06e 100644 (file)
@@ -8,11 +8,11 @@
 #include <unistd.h>
 #include <fcntl.h>
 #include <assert.h>
+#include <getopt.h>
 
 #include <libcryptsetup.h>
-#include <popt.h>
 
-#include "../config.h"
+#include "config.h"
 
 #include "cryptsetup.h"
 
@@ -175,7 +175,8 @@ static int _yesDialog(const char *msg, void *usrptr)
 
 static void show_status(int errcode)
 {
-       char error[256], *error_;
+       char error[256];
+       int ret;
 
        if(!opt_verbose)
                return;
@@ -188,11 +189,7 @@ static void show_status(int errcode)
        crypt_get_error(error, sizeof(error));
 
        if (!error[0]) {
-               error_ = strerror_r(-errcode, error, sizeof(error));
-               if (error_ != error) {
-                       strncpy(error, error_, sizeof(error));
-                       error[sizeof(error) - 1] = '\0';
-               }
+               ret = strerror_r(-errcode, error, sizeof(error));
        }
 
        log_err(_("Command failed with code %i"), -errcode);
@@ -622,46 +619,76 @@ out:
        return r;
 }
 
-static void usage(poptContext popt_context, int exitcode,
-                  const char *error, const char *more)
+static void usage(const char *msg)
 {
-       poptPrintUsage(popt_context, stderr, 0);
-       if (error)
-               log_err("%s: %s\n", more, error);
-       exit(exitcode);
+       log_err("Usage: cryptsetup [-?vyrq] [-?|--help] [--usage] [-v|--verbose]\n"
+           "        [--debug] [-c|--cipher=STRING] [-h|--hash=STRING]\n"
+           "        [-y|--verify-passphrase] [-d|--key-file=STRING]\n"
+           "        [--master-key-file=STRING] [-s|--key-size=BITS] [-S|--key-slot=INT]\n"
+            "        [-b|--size=SECTORS] [-o|--offset=SECTORS] [-p|--skip=SECTORS]\n"
+            "        [-r|--readonly] [-i|--iter-time=msecs] [-q|--batch-mode] [--version]\n"
+            "        [-t|--timeout=secs] [-T|--tries=INT] [--align-payload=SECTORS]\n"
+            "        [--non-exclusive] [--header-backup-file=STRING] [OPTION...]\n"
+            "        <action> <action-specific>]\n");
+
+       if (msg)
+               log_err("%s\n", msg);
+
+       exit(1);
 }
 
-static void help(poptContext popt_context, enum poptCallbackReason reason,
-                 struct poptOption *key, const char * arg, void *data)
+static void help()
 {
-       if (key->shortName == '?') {
-               struct action_type *action;
+       struct action_type *action;
 
-               log_std("%s\n",PACKAGE_STRING);
+       log_std("%s\n",PACKAGE_STRING);
+       log_std("Usage: cryptsetup [OPTION...] <action> <action-specific>]\n"
+           "  -v, --verbose                       Shows more detailed error messages\n"
+           "      --debug                         Show debug messages\n"
+           "  -c, --cipher=STRING                 The cipher used to encrypt the disk (see /proc/crypto)\n"
+           "  -h, --hash=STRING                   The hash used to create the encryption key from the passphrase\n"
+           "  -y, --verify-passphrase             Verifies the passphrase by asking for it twice\n"
+           "  -d, --key-file=STRING               Read the key from a file (can be /dev/random)\n"
+           "      --master-key-file=STRING        Read the volume (master) key from file.\n"
+           "  -s, --key-size=BITS                 The size of the encryption key\n"
+           "  -S, --key-slot=INT                  Slot number for new key (default is first free)\n"
+           "  -b, --size=SECTORS                  The size of the device\n"
+           "  -o, --offset=SECTORS                The start offset in the backend device\n"
+           "  -p, --skip=SECTORS                  How many sectors of the encrypted data to skip at the beginning\n"
+           "  -r, --readonly                      Create a readonly mapping\n"
+           "  -i, --iter-time=msecs               PBKDF2 iteration time for LUKS (in ms)\n"
+           "  -q, --batch-mode                    Do not ask for confirmation\n"
+           "      --version                       Print package version\n"
+           "  -t, --timeout=secs                  Timeout for interactive passphrase prompt (in seconds)\n"
+           "  -T, --tries=INT                     How often the input of the passphrase can be retried\n"
+           "      --align-payload=SECTORS         Align payload at <n> sector boundaries - for luksFormat\n"
+           "      --non-exclusive                 (Obsoleted, see man page.)\n"
+           "      --header-backup-file=STRING     File with LUKS header and keyslots backup.\n"
+           "\n"
+           "Help options:\n"
+           "  -?, --help                          Show this help message\n"
+           "      --usage                         Display brief usage\n" );
+
+       log_std(_("\n"
+                "<action> is one of:\n"));
 
-               poptPrintHelp(popt_context, stdout, 0);
+       for(action = action_types; action->type; action++)
+               log_std("\t%s %s - %s\n", action->type, _(action->arg_desc), _(action->desc));
+               
+       log_std(_("\n"
+                "<name> is the device to create under %s\n"
+                "<device> is the encrypted device\n"
+                "<key slot> is the LUKS key slot number to modify\n"
+                "<key file> optional key file for the new key for luksAddKey action\n"),
+               crypt_get_dir());
 
-               log_std(_("\n"
-                        "<action> is one of:\n"));
+       log_std(_("\nDefault compiled-in device cipher parameters:\n"
+                "\tplain: %s, Key: %d bits, Password hashing: %s\n"
+                "\tLUKS1: %s, Key: %d bits, LUKS header hashing: %s\n"),
+                DEFAULT_CIPHER(PLAIN), DEFAULT_PLAIN_KEYBITS, DEFAULT_PLAIN_HASH,
+                DEFAULT_CIPHER(LUKS1), DEFAULT_LUKS1_KEYBITS, DEFAULT_LUKS1_HASH);
+       exit(0);
 
-               for(action = action_types; action->type; action++)
-                       log_std("\t%s %s - %s\n", action->type, _(action->arg_desc), _(action->desc));
-               
-               log_std(_("\n"
-                        "<name> is the device to create under %s\n"
-                        "<device> is the encrypted device\n"
-                        "<key slot> is the LUKS key slot number to modify\n"
-                        "<key file> optional key file for the new key for luksAddKey action\n"),
-                       crypt_get_dir());
-
-               log_std(_("\nDefault compiled-in device cipher parameters:\n"
-                        "\tplain: %s, Key: %d bits, Password hashing: %s\n"
-                        "\tLUKS1: %s, Key: %d bits, LUKS header hashing: %s\n"),
-                        DEFAULT_CIPHER(PLAIN), DEFAULT_PLAIN_KEYBITS, DEFAULT_PLAIN_HASH,
-                        DEFAULT_CIPHER(LUKS1), DEFAULT_LUKS1_KEYBITS, DEFAULT_LUKS1_HASH);
-               exit(0);
-       } else
-               usage(popt_context, 0, NULL, NULL);
 }
 
 void set_debug_level(int level);
@@ -698,39 +725,31 @@ static int run_action(struct action_type *action)
 
 int main(int argc, char **argv)
 {
-       static char *popt_tmp;
-       static struct poptOption popt_help_options[] = {
-               { NULL,    '\0', POPT_ARG_CALLBACK, help, 0, NULL,                         NULL },
-               { "help",  '?',  POPT_ARG_NONE,     NULL, 0, N_("Show this help message"), NULL },
-               { "usage", '\0', POPT_ARG_NONE,     NULL, 0, N_("Display brief usage"),    NULL },
-               POPT_TABLEEND
-       };
-       static struct poptOption popt_options[] = {
-               { NULL,                '\0', POPT_ARG_INCLUDE_TABLE, popt_help_options, 0, N_("Help options:"), NULL },
-               { "verbose",           'v',  POPT_ARG_NONE, &opt_verbose,               0, N_("Shows more detailed error messages"), NULL },
-               { "debug",             '\0', POPT_ARG_NONE, &opt_debug,                 0, N_("Show debug messages"), NULL },
-               { "cipher",            'c',  POPT_ARG_STRING, &opt_cipher,              0, N_("The cipher used to encrypt the disk (see /proc/crypto)"), NULL },
-               { "hash",              'h',  POPT_ARG_STRING, &opt_hash,                0, N_("The hash used to create the encryption key from the passphrase"), NULL },
-               { "verify-passphrase", 'y',  POPT_ARG_NONE, &opt_verify_passphrase,     0, N_("Verifies the passphrase by asking for it twice"), NULL },
-               { "key-file",          'd',  POPT_ARG_STRING, &opt_key_file,            0, N_("Read the key from a file (can be /dev/random)"), NULL },
-               { "master-key-file",  '\0',  POPT_ARG_STRING, &opt_master_key_file,     0, N_("Read the volume (master) key from file."), NULL },
-               { "key-size",          's',  POPT_ARG_INT, &opt_key_size,               0, N_("The size of the encryption key"), N_("BITS") },
-               { "key-slot",          'S',  POPT_ARG_INT, &opt_key_slot,               0, N_("Slot number for new key (default is first free)"), NULL },
-               { "size",              'b',  POPT_ARG_STRING, &popt_tmp,                1, N_("The size of the device"), N_("SECTORS") },
-               { "offset",            'o',  POPT_ARG_STRING, &popt_tmp,                2, N_("The start offset in the backend device"), N_("SECTORS") },
-               { "skip",              'p',  POPT_ARG_STRING, &popt_tmp,                3, N_("How many sectors of the encrypted data to skip at the beginning"), N_("SECTORS") },
-               { "readonly",          'r',  POPT_ARG_NONE, &opt_readonly,              0, N_("Create a readonly mapping"), NULL },
-               { "iter-time",         'i',  POPT_ARG_INT, &opt_iteration_time,         0, N_("PBKDF2 iteration time for LUKS (in ms)"), N_("msecs") },
-               { "batch-mode",        'q',  POPT_ARG_NONE, &opt_batch_mode,            0, N_("Do not ask for confirmation"), NULL },
-               { "version",           '\0', POPT_ARG_NONE, &opt_version_mode,          0, N_("Print package version"), NULL },
-               { "timeout",           't',  POPT_ARG_INT, &opt_timeout,                0, N_("Timeout for interactive passphrase prompt (in seconds)"), N_("secs") },
-               { "tries",             'T',  POPT_ARG_INT, &opt_tries,                  0, N_("How often the input of the passphrase can be retried"), NULL },
-               { "align-payload",     '\0', POPT_ARG_INT, &opt_align_payload,          0, N_("Align payload at <n> sector boundaries - for luksFormat"), N_("SECTORS") },
-               { "non-exclusive",     '\0', POPT_ARG_NONE, &opt_non_exclusive,         0, N_("(Obsoleted, see man page.)"), NULL },
-               { "header-backup-file",'\0', POPT_ARG_STRING, &opt_header_backup_file,  0, N_("File with LUKS header and keyslots backup."), NULL },
-               POPT_TABLEEND
+       static struct option options[] = {
+               { "help",              no_argument,             NULL, '?' },
+               { "usage",             no_argument,             NULL, 'u' },
+               { "verbose",           no_argument,             NULL, 'v' },
+               { "debug",             no_argument,             &opt_debug, 1 },
+               { "cipher",            required_argument,       NULL, 'c' },
+               { "hash",              required_argument,       NULL, 'h' },
+               { "verify-passphrase", no_argument,             NULL, 'y' },
+               { "key-file",          required_argument,       NULL, 'd' },
+               { "master-key-file",   required_argument,       NULL, 'm' },
+               { "key-size",          required_argument,       NULL, 's' },
+               { "key-slot",          required_argument,       NULL, 'S' },
+               { "size",              required_argument,       NULL, 'b' },
+               { "offset",            required_argument,       NULL, 'o' },
+               { "skip",              required_argument,       NULL, 'p' },
+               { "readonly",          no_argument,             NULL, 'r' },
+               { "iter-time",         required_argument,       NULL, 'i' },
+               { "batch-mode",        no_argument,             NULL, 'q' },
+               { "version",           no_argument,             &opt_version_mode, 1 },
+               { "timeout",           required_argument,       NULL, 't' },
+               { "tries",             required_argument,       NULL, 'T' },
+               { "align-payload",     required_argument,       NULL, 'a' },
+               { "header-backup-file",required_argument,       NULL, 'x' },
+               { NULL,                 0,                      NULL, 0 }
        };
-       poptContext popt_context;
        struct action_type *action;
        char *aname;
        int r;
@@ -742,73 +761,106 @@ int main(int argc, char **argv)
        bindtextdomain(PACKAGE, LOCALEDIR);
        textdomain(PACKAGE);
 
-       popt_context = poptGetContext(PACKAGE, argc, (const char **)argv,
-                                     popt_options, 0);
-       poptSetOtherOptionHelp(popt_context,
-                              N_("[OPTION...] <action> <action-specific>]"));
-
-       while((r = poptGetNextOpt(popt_context)) > 0) {
-               unsigned long long ull_value;
-               char *endp;
-
-               ull_value = strtoull(popt_tmp, &endp, 0);
-               if (*endp || !*popt_tmp)
-                       r = POPT_ERROR_BADNUMBER;
-
-               switch(r) {
-                       case 1:
-                               opt_size = ull_value;
-                               break;
-                       case 2:
-                               opt_offset = ull_value;
-                               break;
-                       case 3:
-                               opt_skip = ull_value;
-                               break;
-               }
-
-               if (r < 0)
+       while((r = getopt_long(argc, argv, "?vc:h:yd:m:s:S:b:o:p:ri:qt:T:", options, NULL)) != -1)
+       {
+               switch (r) {
+               case 'u':
+                       usage(NULL);
                        break;
-       }
-
-       if (r < -1)
-               usage(popt_context, 1, poptStrerror(r),
-                     poptBadOption(popt_context, POPT_BADOPTION_NOALIAS));
-       if (opt_version_mode) {
-               log_std("%s %s\n", PACKAGE_NAME, PACKAGE_VERSION);
-               exit(0);
+               case 'v':
+                       opt_verbose = 1;
+                       break;
+               case 'c':
+                       opt_cipher = optarg;
+                       break;
+               case 'h':
+                       opt_hash = optarg;
+                       break;
+               case 'y':
+                       opt_verify_passphrase = 1;
+                       break;
+               case 'd':
+                       opt_key_file = optarg;
+                       break;
+               case 'm':
+                       opt_master_key_file = optarg;
+                       break;
+               case 's':
+                       opt_key_size = atoi(optarg);
+                       break;
+               case 'S':
+                       opt_key_slot = atoi(optarg);
+                       break;
+               case 'b':
+                       opt_size = strtoull(optarg, NULL, 0);
+                       break;
+               case 'o':
+                       opt_offset = strtoull(optarg, NULL, 0);
+                       break;
+               case 'p':
+                       opt_skip = strtoull(optarg, NULL, 0);
+                       break;
+               case 'r':
+                       opt_readonly = 1;
+                       break;
+               case 'i':
+                       opt_iteration_time = atoi(optarg);
+                       break;
+               case 'q':
+                       opt_batch_mode = 1;
+                       break;
+               case 't':
+                       opt_timeout = atoi(optarg);
+                       break;
+               case 'T':
+                       opt_tries = atoi(optarg);
+                       break;
+               case 'a':
+                       opt_align_payload = atoi(optarg);
+                       break;
+               case 'x':
+                       opt_header_backup_file = optarg;
+                       break;
+               case '?':
+                       help();
+                       break;
+               case 0:
+                       if (opt_version_mode) {
+                               log_std("%s %s\n", PACKAGE_NAME, PACKAGE_VERSION);
+                               exit(0);
+                       }
+                       break;
+               }
        }
 
        if (opt_key_size % 8)
-               usage(popt_context, 1,
-                     _("Key size must be a multiple of 8 bits"),
-                     poptGetInvocationName(popt_context));
+               usage(_("Key size must be a multiple of 8 bits"));
+
+       argc -= optind;
+       argv += optind;
 
-       if (!(aname = (char *)poptGetArg(popt_context)))
-               usage(popt_context, 1, _("Argument <action> missing."),
-                     poptGetInvocationName(popt_context));
+       if (argc == 0) {
+               usage(_("Argument <action> missing."));
+               /* NOTREACHED */        
+       }
+
+       aname = argv[0];
        for(action = action_types; action->type; action++)
                if (strcmp(action->type, aname) == 0)
                        break;
-       if (!action->type)
-               usage(popt_context, 1, _("Unknown action."),
-                     poptGetInvocationName(popt_context));
-
-       action_argc = 0;
-       action_argv = poptGetArgs(popt_context);
-       /* Make return values of poptGetArgs more consistent in case of remaining argc = 0 */
-       if(!action_argv) 
-               action_argv = null_action_argv;
+       if (!action->type) {
+               usage( _("Unknown action."));
+               /* NOTREACHED */
+       }
 
-       /* Count args, somewhat unnice, change? */
-       while(action_argv[action_argc] != NULL)
-               action_argc++;
+       action_argc = argc-1;
+       action_argv = &argv[1];
 
        if(action_argc < action->required_action_argc) {
                char buf[128];
                snprintf(buf, 128,_("%s: requires %s as arguments"), action->type, action->arg_desc);
-               usage(popt_context, 1, buf,
-                     poptGetInvocationName(popt_context));
+               usage(buf);
+               /* NOTREACHED */
        }
 
        if (opt_debug) {
index e3c89a3..4e24336 100644 (file)
@@ -1,6 +1,6 @@
 # $FreeBSD: src/gnu/usr.bin/Makefile,v 1.51 2000/01/16 00:11:34 obrien Exp $
 # $DragonFly: src/gnu/usr.bin/Makefile,v 1.32 2007/09/05 21:40:10 pavalos Exp $
 
-SUBDIR= dmsetup lvm
+SUBDIR= cryptsetup dmsetup lvm
 
 .include <bsd.subdir.mk>
diff --git a/gnu/sbin/cryptsetup/Makefile b/gnu/sbin/cryptsetup/Makefile
new file mode 100644 (file)
index 0000000..0f56505
--- /dev/null
@@ -0,0 +1,34 @@
+CRYPTSETUP_DIR=        ${.CURDIR}/../../../contrib/cryptsetup
+
+CRYPTSETUP_SRCDIR=     ${CRYPTSETUP_DIR}/src
+CRYPTSETUP_LUKSDIR=    ${CRYPTSETUP_DIR}/luks
+CRYPTSETUP_LIBDIR=     ${CRYPTSETUP_DIR}/lib
+.PATH:  ${CRYPTSETUP_DIR}/man
+
+PROG=          cryptsetup
+
+# Add a backend...
+SRCS+=         backends.c libdevmapper.c setup.c utils.c \
+               utils_debug.c
+
+SRCS+=         af.c hexprint.c  keyencryption.c keymanage.c \
+               pbkdf.c random.c
+
+SRCS+=         cryptsetup.c
+
+MAN=           cryptsetup.8
+
+#CFLAGS+=      -D_XOPEN_SOURCE=600
+CFLAGS+=       -I${CRYPTSETUP_SRCDIR} -I${CRYPTSETUP_LIBDIR} \
+               -I${CRYPTSETUP_LUKSDIR} -I. -I${CRYPTSETUP_DIR}
+
+LDADD+=                -L${.CURDIR}/../../lib/libdevmapper -ldevmapper
+DPADD+=                ${.CURDIR}/../../lib/libdevmapper/libdevmapper.a
+
+LDADD+=                -lprop -lcrypto
+
+.PATH: ${CRYPTSETUP_SRCDIR}
+.PATH: ${CRYPTSETUP_LUKSDIR}
+.PATH: ${CRYPTSETUP_LIBDIR}
+
+.include <bsd.prog.mk>