1 diff -urN util-linux-2.12q.org/mount/cryptsetup.c util-linux-2.12q/mount/cryptsetup.c
2 --- util-linux-2.12q.org/mount/cryptsetup.c 1970-01-01 01:00:00.000000000 +0100
3 +++ util-linux-2.12q/mount/cryptsetup.c 2005-02-27 19:26:34.000000000 +0100
6 + * cryptsetup.c - setup and control encrypted devices
13 +#include <libcryptsetup.h>
15 +#include "cryptsetup.h"
19 +extern char *xstrdup (const char *s); /* not: #include "sundries.h" */
20 +extern void *xmalloc (size_t size); /* idem */
21 +extern void error (const char *fmt, ...); /* idem */
23 +#ifdef CRYPT_FLAG_READONLY
25 +#define BUFFER_SIZE 128
26 +#define DEFAULT_HASH "ripemd160"
27 +#define DEFAULT_KEYSIZE 256
30 +xstrtok(char *s, char delim) {
36 + p = strchr(s, delim);
44 +set_crypt(char **cryptdev, const char *realdev, int offset,
45 + char **encryption, int pfd, int *cryptro) {
46 + struct crypt_options options;
47 + char buffer[BUFFER_SIZE];
48 + const char *dir = crypt_get_dir();
49 + const char *name = NULL;
54 + error(_("mount: crypt engine not ready"));
58 + if (**encryption == '@') {
59 + int len = strlen(dir);
60 + p = *encryption + 1;
61 + if (strncmp(dir, p, len) == 0 && p[len] == '/')
74 + p = (char *)realdev;
77 + if (strncmp(p, "dev/", 4) == 0)
79 + for(q = buffer; *p && q < &buffer[BUFFER_SIZE - 2]; p++)
92 + strncpy(q, "-crypt", BUFFER_SIZE - (q - buffer));
93 + buffer[BUFFER_SIZE - 1] = '\0';
97 + p = xstrdup(*encryption);
99 + memset(&options, 0, sizeof options);
100 + options.name = name;
101 + options.device = realdev;
102 + options.cipher = xstrtok(p, ':');
103 + q = xstrtok(NULL, ':');
104 + options.key_size = q ? strtoul(q, NULL, 0) : 0;
105 + if (!options.key_size)
106 + options.key_size = DEFAULT_KEYSIZE;
107 + options.hash = xstrtok(NULL, ':');
108 + if (!(options.hash && *options.hash))
109 + options.hash = DEFAULT_HASH;
110 + options.key_file = xstrtok(NULL, ':');
111 + if (!(options.key_file && *options.key_file))
112 + options.key_file = NULL;
113 + options.passphrase_fd = (pfd >= 0) ? pfd : 0;
116 + options.flags |= CRYPT_FLAG_READONLY;
117 + options.offset = offset;
119 + if (options.offset % 512) {
120 + error(_("mount: offset must be a multiple of 512 bytes"));
123 + options.offset >>= 9;
125 + if (options.key_size % 8) {
126 + error(_("mount: key size must be a multiple of 8 bits"));
129 + options.key_size /= 8;
131 + ret = crypt_create_device(&options);
136 + /* use dev as buffer */
137 + char *errorstr = buffer;
138 + crypt_get_error(errorstr, BUFFER_SIZE);
140 + errorstr = strerror(-ret);
142 + error(_("mount: cryptsetup failed with: %s"), errorstr);
146 + *cryptdev = (char *)xmalloc(strlen(dir) + strlen(name) + 2);
147 + sprintf(*cryptdev, "%s/%s", dir, name);
149 + if (options.flags & CRYPT_FLAG_READONLY)
156 +del_crypt (const char *device) {
157 + struct crypt_options options;
158 + const char *dir = crypt_get_dir();
159 + int len = strlen(dir);
163 + error(_("mount: crypt engine not ready"));
167 + if (*device == '@') {
170 + p = strchr(device, ':');
175 + if (strncmp(dir, device, len) == 0 && device[len] == '/')
178 + memset(&options, 0, sizeof options);
179 + options.name = device;
181 + ret = crypt_remove_device(&options);
183 + char buffer[BUFFER_SIZE];
184 + char *errorstr = buffer;
185 + crypt_get_error(errorstr, BUFFER_SIZE);
187 + errorstr = strerror(-ret);
189 + error(_("mount: cryptsetup failed with: %s"), errorstr);
196 +#else /* without CRYPT_FLAG_READONLY */
201 + _("This mount was compiled without cryptsetup support. "
202 + "Please recompile.\n"));
206 +set_crypt(char **cryptdev, const char *realdev, int offset,
207 + char **encryption, int pfd, int *cryptro) {
213 +del_crypt (const char *device) {
219 diff -urN util-linux-2.12q.org/mount/cryptsetup.h util-linux-2.12q/mount/cryptsetup.h
220 --- util-linux-2.12q.org/mount/cryptsetup.h 1970-01-01 01:00:00.000000000 +0100
221 +++ util-linux-2.12q/mount/cryptsetup.h 2005-02-27 19:26:34.000000000 +0100
224 +extern int set_crypt(char **, const char *, int, char **,
226 +extern int del_crypt(const char *);
227 diff -urN util-linux-2.12q.org/mount/Makefile.am util-linux-2.12q/mount/Makefile.am
228 --- util-linux-2.12q.org/mount/Makefile.am 2005-02-27 19:25:37.000000000 +0100
229 +++ util-linux-2.12q/mount/Makefile.am 2005-02-27 19:27:21.000000000 +0100
232 mount_SOURCES = mount.c fstab.c sundries.c xmalloc.c realpath.c mntent.c \
233 get_label_uuid.c mount_by_label.c mount_blkid.c mount_guess_fstype.c \
235 + getusername.c cryptsetup.c \
236 nfsmount.c nfsmount_xdr.c nfsmount_clnt.c \
239 -mount_LDADD = $(top_srcdir)/lib/libenv.a $(top_srcdir)/lib/libsetproctitle.a
240 +mount_LDADD = $(top_srcdir)/lib/libenv.a $(top_srcdir)/lib/libsetproctitle.a -lcryptsetup
242 umount_SOURCES = umount.c fstab.c sundries.c xmalloc.c realpath.c mntent.c \
243 getusername.c get_label_uuid.c mount_by_label.c mount_blkid.c \
245 + lomount.c cryptsetup.c
247 -umount_LDADD = $(top_srcdir)/lib/libenv.a
248 +umount_LDADD = $(top_srcdir)/lib/libenv.a -lcryptsetup
250 swapon_SOURCES = swapon.c xmalloc.c \
251 get_label_uuid.c mount_by_label.c mount_blkid.c
252 diff -urN util-linux-2.12q.org/mount/mount.c util-linux-2.12q/mount/mount.c
253 --- util-linux-2.12q.org/mount/mount.c 2004-12-21 23:00:36.000000000 +0100
254 +++ util-linux-2.12q/mount/mount.c 2005-02-27 19:29:40.000000000 +0100
259 +#include "cryptsetup.h"
261 #include "linux_fs.h" /* for BLKGETSIZE */
262 #include "mount_guess_rootdev.h"
264 #define MS_USER 0x20000000
265 #define MS_OWNER 0x10000000
266 #define MS_GROUP 0x08000000
267 +#define MS_CRYPT 0x00040000
268 #define MS_COMMENT 0x00020000
269 #define MS_LOOP 0x00010000
275 - *loop = ((*flags & MS_LOOP) || *loopdev || opt_offset || opt_encryption);
276 + *loop = ((*flags & MS_LOOP) || *loopdev || (opt_offset && !opt_encryption));
281 printf(_("mount: going to use the loop device %s\n"), *loopdev);
282 offset = opt_offset ? strtoull(opt_offset, NULL, 0) : 0;
283 if (set_loop(*loopdev, *loopfile, offset,
284 - opt_encryption, pfd, &loopro)) {
285 + NULL /* opt_encryption */, pfd, &loopro)) {
287 printf(_("mount: failed setting up loop device\n"));
293 + /* set offset to 0 so that crypto setup doesn't add an offset too */
302 +crypt_check(char **spec, char **type, int *flags,
303 + int *crypt, char **cryptdev, char **realdev) {
306 + *crypt = ((*flags & MS_CRYPT) || opt_encryption);
310 + *flags |= MS_CRYPT;
313 + printf(_("mount: skipping the setup of an encrypted device\n"));
315 + int cryptro = (*flags & MS_RDONLY);
317 + offset = opt_offset ? strtoul(opt_offset, NULL, 0) : 0;
318 + if (set_crypt(cryptdev, *realdev, offset,
319 + &opt_encryption, pfd, &cryptro)) {
321 + printf(_("mount: failed setting up encrypted device\n"));
325 + printf(_("mount: setup crypt device successfully\n"));
328 + *flags |= MS_RDONLY;
333 const char *opts, *spec, *node, *types;
337 const char *loopdev = 0, *loopfile = 0;
338 + char *cryptdev = 0, *realdev = 0;
340 int nfs_mount_version = 0; /* any version */
343 res = loop_check(&spec, &types, &flags, &loop, &loopdev, &loopfile);
347 + res = crypt_check(&spec, &types, &flags, &crypt, &cryptdev, &realdev);
354 /* Mount succeeded, report this (if verbose) and write mtab entry. */
356 opt_loopdev = loopdev;
358 + char *tmp = xmalloc(strlen(cryptdev) + strlen(opt_encryption) + 3);
359 + sprintf(tmp, "@%s:%s", cryptdev, opt_encryption);
360 + opt_encryption = tmp;
363 - update_mtab_entry(loop ? loopfile : spec,
364 + update_mtab_entry(loop ? loopfile : crypt ? realdev : spec,
366 types ? types : "unknown",
367 fix_opts_string (flags & ~MS_NOMTAB, extra_opts, user),
377 diff -urN util-linux-2.12q.org/mount/umount.c util-linux-2.12q/mount/umount.c
378 --- util-linux-2.12q.org/mount/umount.c 2004-12-20 23:03:45.000000000 +0100
379 +++ util-linux-2.12q/mount/umount.c 2005-02-27 19:26:34.000000000 +0100
381 #include "sundries.h"
382 #include "getusername.h"
384 +#include "cryptsetup.h"
392 + const char *cryptdev;
394 /* Special case for root. As of 0.99pl10 we can (almost) unmount root;
395 the kernel will remount it readonly so that we can carry on running
396 @@ -365,12 +367,33 @@
402 /* Umount succeeded */
404 printf (_("%s umounted\n"), spec);
409 + /* Free any encrypted devices that we allocated ourselves */
413 + optl = mc->m.mnt_opts ? xstrdup(mc->m.mnt_opts) : "";
414 + for (optl = strtok (optl, ","); optl;
415 + optl = strtok (NULL, ",")) {
416 + if (!strncmp(optl, "encryption=", 11)) {
417 + cryptdev = optl+11;
424 + del_crypt(cryptdev);
428 /* Free any loop devices that we allocated ourselves */