[Pkg-loop-aes-commits] r1373 - /upstream/loop-aes/current/
xam at users.alioth.debian.org
xam at users.alioth.debian.org
Sun Feb 25 12:28:05 CET 2007
Author: xam
Date: Sun Feb 25 12:28:04 2007
New Revision: 1373
URL: http://svn.debian.org/wsvn/pkg-loop-aes/?sc=1&rev=1373
Log:
Import loop-AES v3.1f
Added:
upstream/loop-aes/current/gnupg-1.4.6.diff
- copied, changed from r1372, upstream/loop-aes/current/gnupg-1.4.5.diff
upstream/loop-aes/current/kernel-2.4.34.diff
- copied, changed from r1372, upstream/loop-aes/current/kernel-2.4.33.diff
upstream/loop-aes/current/kernel-2.6.20.diff
- copied, changed from r1372, upstream/loop-aes/current/kernel-2.6.18.diff
upstream/loop-aes/current/loop-aes-keygen
upstream/loop-aes/current/loop-aes-keygen.1
Removed:
upstream/loop-aes/current/gnupg-1.4.5.diff
upstream/loop-aes/current/kernel-2.4.33.diff
upstream/loop-aes/current/kernel-2.6.18.diff
Modified:
upstream/loop-aes/current/ChangeLog
upstream/loop-aes/current/Makefile
upstream/loop-aes/current/README
upstream/loop-aes/current/build-initrd.sh
upstream/loop-aes/current/dkms.conf
upstream/loop-aes/current/glue.c
upstream/loop-aes/current/loop.c-2.6.patched
upstream/loop-aes/current/util-linux-2.12r.diff
Modified: upstream/loop-aes/current/ChangeLog
URL: http://svn.debian.org/wsvn/pkg-loop-aes/upstream/loop-aes/current/ChangeLog?rev=1373&op=diff
==============================================================================
--- upstream/loop-aes/current/ChangeLog (original)
+++ upstream/loop-aes/current/ChangeLog Sun Feb 25 12:28:04 2007
@@ -492,3 +492,10 @@
on 2.6.19-rc and newer kernels.
- Changed losetup and mount programs to output error message if gpg
program does not exist when gpg encrypted key file is used.
+
+loop-AES-v3.1f February 23 2007
+ - Work around dash /bin/sh shell and make-3.81 incompatibilities.
+ - Work around block layer breakage in 2.6.20-rcX-mmX kernels.
+ - Added "cleartextkey=file" mount option to mount, and "-P file" command
+ line option to losetup. These options help automounters.
+ - Added loop-aes-keygen script from Max Vozeler.
Modified: upstream/loop-aes/current/Makefile
URL: http://svn.debian.org/wsvn/pkg-loop-aes/upstream/loop-aes/current/Makefile?rev=1373&op=diff
==============================================================================
--- upstream/loop-aes/current/Makefile (original)
+++ upstream/loop-aes/current/Makefile Sun Feb 25 12:28:04 2007
@@ -1,7 +1,7 @@
#
# Makefile
#
-# Written by Jari Ruusu, January 27 2006
+# Written by Jari Ruusu, December 14 2006
#
# Copyright 2001-2006 by Jari Ruusu.
# Redistribution of this file is permitted under the GNU Public License.
@@ -103,7 +103,7 @@
CP1:=cd $(OD1) &&
PP1:=$(TD)/
MP1:=$(shell if test -e $(OD1)/scripts/mod/modpost; then echo "./scripts/mod/modpost"; else echo "./scripts/modpost"; fi)
- MP1 += $(shell if grep -q -s "define CONFIG_MODVERSIONS 1" $(OD1)/include/linux/autoconf.h; then if grep -q -s "if .*CONFIG_MODVERSIONS.*-m" $(LS)/scripts/Makefile.modpost; then echo -e "\055m"; fi; fi)
+ MP1 += $(shell if grep -q -s "define CONFIG_MODVERSIONS 1" $(OD1)/include/linux/autoconf.h; then if grep -q -s "if .*CONFIG_MODVERSIONS.*-m" $(LS)/scripts/Makefile.modpost; then echo " -m"; fi; fi)
VM1:=k
endif
# Use optimized assembler implementation if target is x86 processor
@@ -116,6 +116,8 @@
EF += $(shell if test -r $(LS)/include/linux/sched.h; then if sed -e '1,/^struct task_struct {$$/ d' $(LS)/include/linux/sched.h | sed -e '/^};$$/,$$ d' | grep -q -s 'struct rlimit rlim.RLIM_NLIMITS.;'; then echo "-DOLD_PER_THREAD_RLIMITS"; fi; fi)
# some 2.6 kernels need # character in KBUILD_BASENAME and KBUILD_MODNAME
SR1:=$(shell if grep -q -s "^basename_flags.*KBUILD_BASENAME.*KBUILD_STR" $(LS)/scripts/Makefile.lib; then echo y; fi)
+ # some 2.6 kernels may have void* timer callback parameter
+ EF += $(shell if test -r $(LS)/include/linux/timer.h; then if ! sed -e '1,/^struct timer_list {$$/ d' $(LS)/include/linux/timer.h | sed -e '/^};$$/,$$ d' | grep -q -s 'unsigned long data;'; then echo "-DNEW_TIMER_VOID_PTR_PARAM"; fi; fi)
endif
ifneq ($(USE_KBUILD),y)
@@ -214,7 +216,7 @@
cd $(LS) && make M=$(TD)/tmp-d-kbuild modules_install $(OD2)
endif
else
- cd $(LS) && make SUBDIRS=$(TD) modules Q='@cd $(TD) && if [ "$$@" = "modules" ]; then make modules; fi; # ' $(OD2)
+ cd $(LS) && make SUBDIRS=$(TD) modules Q='@cd $(TD) && if [ "$$@" = "modules" ]; then make modules; fi; exit; # ' $(OD2)
endif
modules: clean loop.$(VM1)o
Modified: upstream/loop-aes/current/README
URL: http://svn.debian.org/wsvn/pkg-loop-aes/upstream/loop-aes/current/README?rev=1373&op=diff
==============================================================================
--- upstream/loop-aes/current/README (original)
+++ upstream/loop-aes/current/README Sun Feb 25 12:28:04 2007
@@ -1,6 +1,6 @@
-Written by Jari Ruusu <jariruusu at users.sourceforge.net>, October 28 2006
-
-Copyright 2001-2006 by Jari Ruusu.
+Written by Jari Ruusu <jariruusu at users.sourceforge.net>, February 23 2007
+
+Copyright 2001-2007 by Jari Ruusu.
Redistribution of this file is permitted under the GNU Public License.
@@ -77,7 +77,7 @@
Latest version of this package can be found at:
http://loop-aes.sourceforge.net/
- http://members.surfeu.fi/ce6c8edf/ (limited downloads)
+ http://koti.tnnet.fi/jari.ruusu/linux/
New versions are announced to linux-crypto mailing list:
@@ -291,7 +291,7 @@
kernel RAM so that the thin oxide which forms the storage capacitor
dielectric of DRAM cells is not permitted to develop detectable property.
For more info, see Peter Gutmann's paper:
-http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html
+http://www.cypherpunks.to/~peter/usenix01.pdf
If you want enable VIA padlock hardware AES xcrypt instructions, specify
PADLOCK=y on make command line. If enabled, presence of VIA padlock
@@ -350,10 +350,20 @@
attacks. Larger key iteration makes key setup much slower, but also makes
dictionary attacks much slower too.
-Included optional gpg patch makes gpg password iteration 128 times slower.
-gpg stores new iteration value along with seed bytes into symmetric cipher
-encrypted output file or secret keyring, so unpatched gpg versions will read
-and decrypt the data just fine.
+Included optional gpg patch makes default gpg password iteration 128 times
+slower. gpg stores new iteration value along with seed bytes into symmetric
+cipher encrypted output file or secret keyring, so unpatched gpg versions
+will read and decrypt the data just fine.
+
+If you are using gpg version 1.4.6 or later you achieve same increased
+password iteration effect without recompiling new gpg binary by setting this
+option in your options file ~/.gnupg/gpg.conf
+
+ s2k-count 8388608
+
+Or alternatively... You can use this gpg command line parameter:
+
+ --s2k-count 8388608
gpg sources are available from:
@@ -362,9 +372,9 @@
These commands, as root user, will recompile and install gpg and gpgv and
their man pages:
- bzip2 -d -c gnupg-1.4.5.tar.bz2 | tar xvf -
- cd gnupg-1.4.5
- patch -p1 </PATH/TO/LOOP-AES/gnupg-1.4.5.diff
+ bzip2 -d -c gnupg-1.4.6.tar.bz2 | tar xvf -
+ cd gnupg-1.4.6
+ patch -p1 </PATH/TO/LOOP-AES/gnupg-1.4.6.diff
CFLAGS="-O2" LDFLAGS="-static -s" ./configure --prefix=/usr --enable-static-rnd=linux
make
rm -f /usr/share/man/man1/{gpg,gpgv}.1.gz
@@ -811,6 +821,12 @@
dumpkeys >/boot/default.kmap
+ If your distro has set your keyboard to UTF-8 mode, then you may want to
+ set UTF8KEYBMODE=1 in build-initrd.sh configuration. Running 'kbd_mode'
+ command in text console shows current keyboard mode: default (ASCII), or
+ unicode (UTF-8). If it says raw (scancode), then you are running
+ kbd_mode command in X windows, not text console.
+
devfs enabled kernel users (CONFIG_DEVFS_FS=y and CONFIG_DEVFS_MOUNT=y
in kernel configuration) need to pay special attention to comments above
these build-initrd.sh options: USEDEVFS, BOOTDEV, CRYPTROOT and
@@ -1267,10 +1283,61 @@
If lo_nice is not set, default nice value for kernels with old scheduler is
-20. For kernels with O(1) scheduler, default nice value is -1.
-2.6 kernels include anticipatory (the default) and deadline I/O schedulers.
-Deadline I/O scheduler may improve performance of device backed loop
-devices. Please read kernel's Documentation/block/as-iosched.txt file for
-more information.
+2.6 kernels include anticipatory, CFQ and deadline I/O schedulers. Deadline
+I/O scheduler may improve performance of device backed loop devices. Please
+read kernel's Documentation/block/as-iosched.txt file for more information.
+
+Soft block size of loop device has negative effect on efficiency and
+performance if that soft block size is too small. On recent kernels, default
+soft block size is set to such value that full device can be accessed using
+X amount of such soft block size chunks. If device size is integer multiple
+of processor page size, then default soft block size will also be processor
+page size. Some older kernels inherit default soft block size from backing
+device.
+
+Mounting a file system on top of loop device sets loop device's soft block
+size to same as block size of that mounted file system, so none of this soft
+block size optimization affects mounted file system performance. But too
+small soft block size may affect unmounted loop device performance.
+Unmounting a file system may set loop device's soft block size back to
+default value (this depends on kernel version).
+
+Since unmounted loop device is not usually used for anything other than
+occasional fsck, this reduced efficiency and performance is not necessarily
+a problem. However, if you insist on getting maximum performance from fsck
+and other direct to loop device usage, then (1) you can use backing disk
+partition whose size is integer multiple of 4096 bytes, or (2) you can limit
+size of loop device to integer multiple of 4096 bytes, or (3) you can set
+loop device's soft block size manually to 4096 bytes. Option (3) doesn't
+work on all kernels because many kernels seem to revert to default soft
+block size when device is not mounted and no process is holding open file
+descriptor on it.
+
+This command shows size of device in 512 byte units:
+
+ blockdev --getsize /dev/loop0
+
+This command shows soft block size of device in byte units:
+
+ blockdev --getbsz /dev/loop0
+
+This command sets soft block size of device:
+
+ blockdev --setbsz 4096 /dev/loop0
+
+In this example, backing device size is 20012106240 bytes (39086145 * 512).
+Loop device size is rounded down to integer multiple of 4096 bytes,
+20012105728 bytes:
+
+ blockdev --getsize /dev/hda666
+ 39086145
+ losetup -e AES128 -K foo.gpg -s 20012105728 /dev/loop0 /dev/hda666
+ ^^^^^^^^^^^^^^
+You can also add sizelimit=20012105728 mount option /etc/fstab file. Mount
+won't benefit much from it because file system mount sets soft block size to
+desired value anyway, but "losetup -F /dev/loop0" reads and uses that option
+from /etc/fstab file. losetup -s and sizelimit mount option do not work with
+2.2 and older kernels.
10. Files
@@ -1336,6 +1403,11 @@
want to know about it. Note: you only need to
build loop.o module or apply this patch but not
both.
+
+loop-aes-keygen A script that can be used to create gpg
+ encrypted key files.
+
+loop-aes-keygen.1 Man page for loop-aes-keygen script.
loop.c-2.[02].diff Kernel version specific patches that fix bugs
and preregisters AES cipher transfer to latest
Modified: upstream/loop-aes/current/build-initrd.sh
URL: http://svn.debian.org/wsvn/pkg-loop-aes/upstream/loop-aes/current/build-initrd.sh?rev=1373&op=diff
==============================================================================
--- upstream/loop-aes/current/build-initrd.sh (original)
+++ upstream/loop-aes/current/build-initrd.sh Sun Feb 25 12:28:04 2007
@@ -2,9 +2,9 @@
#
# build-initrd.sh
#
-# Written by Jari Ruusu, September 23 2006
-#
-# Copyright 2001-2006 by Jari Ruusu.
+# Written by Jari Ruusu, January 31 2007
+#
+# Copyright 2001-2007 by Jari Ruusu.
# Redistribution of this file is permitted under the GNU Public License.
#
# Changes by Hauke Johannknecht <ash at ash.de> 11/2001
@@ -155,6 +155,9 @@
# Additional loop module parameters.
# Example: LOOPMODPARAMS="max_loop=8 lo_prealloc=125,5,200"
LOOPMODPARAMS=""
+
+# 1 = set keyboard to UTF-8 mode, 0 = don't set
+UTF8KEYBMODE=0
# 1 = load national keyboard layout, 0 = don't load
# You _must_ manually copy correct keyboard layout to /boot/default.kmap
@@ -427,9 +430,18 @@
goto fail4;
}
+#if ${UTF8KEYBMODE}
+ buf[0] = 0;
+ strCat(buf, "/lib/kbd_mode -u");
+ exeWait(buf);
+#endif
#if ${LOADNATIONALKEYB}
buf[0] = 0;
- strCat(buf, "/lib/loadkeys /lib/default.kmap");
+ strCat(buf, "/lib/loadkeys");
+#if ${UTF8KEYBMODE}
+ strCat(buf, " -u");
+#endif
+ strCat(buf, " /lib/default.kmap");
exeWait(buf);
#endif
@@ -750,6 +762,9 @@
z="${z} /sbin/insmod.old"
fi
fi
+if [ ${UTF8KEYBMODE} == 1 ] ; then
+ z="${z} "`which kbd_mode`
+fi
if [ ${LOADNATIONALKEYB} == 1 ] ; then
z="${z} "`which loadkeys`
fi
Modified: upstream/loop-aes/current/dkms.conf
URL: http://svn.debian.org/wsvn/pkg-loop-aes/upstream/loop-aes/current/dkms.conf?rev=1373&op=diff
==============================================================================
--- upstream/loop-aes/current/dkms.conf (original)
+++ upstream/loop-aes/current/dkms.conf Sun Feb 25 12:28:04 2007
@@ -1,7 +1,7 @@
# dkms.conf for Dynamic Kernel Module Support
# http://linux.dell.com/dkms/dkms.html for more info
-PACKAGE_VERSION=v3.1e
+PACKAGE_VERSION=v3.1f
# Items below here should not have to change with each driver version
PACKAGE_NAME="loop-AES"
Modified: upstream/loop-aes/current/glue.c
URL: http://svn.debian.org/wsvn/pkg-loop-aes/upstream/loop-aes/current/glue.c?rev=1373&op=diff
==============================================================================
--- upstream/loop-aes/current/glue.c (original)
+++ upstream/loop-aes/current/glue.c Sun Feb 25 12:28:04 2007
@@ -1,9 +1,9 @@
/*
* glue.c
*
- * Written by Jari Ruusu, October 20 2005
+ * Written by Jari Ruusu, December 14 2006
*
- * Copyright 2001-2005 by Jari Ruusu.
+ * Copyright 2001-2006 by Jari Ruusu.
* Redistribution of this file is permitted under the GNU Public License.
*/
@@ -162,7 +162,13 @@
write_unlock(&m->rwlock);
}
-static void keyScrubTimerFn(unsigned long);
+#if defined(NEW_TIMER_VOID_PTR_PARAM)
+# define KeyScrubTimerFnParamType void *
+#else
+# define KeyScrubTimerFnParamType unsigned long
+#endif
+
+static void keyScrubTimerFn(KeyScrubTimerFnParamType);
static void keyScrubTimerInit(struct loop_device *lo)
{
@@ -173,13 +179,13 @@
expire = jiffies + HZ;
init_timer(&m->timer);
m->timer.expires = expire;
- m->timer.data = (unsigned long)lo;
+ m->timer.data = (KeyScrubTimerFnParamType)lo;
m->timer.function = keyScrubTimerFn;
add_timer(&m->timer);
}
/* called only from timer handler context */
-static void keyScrubTimerFn(unsigned long d)
+static void keyScrubTimerFn(KeyScrubTimerFnParamType d)
{
struct loop_device *lo = (struct loop_device *)d;
extern void loop_add_keyscrub_fn(struct loop_device *, void (*)(void *), void *);
Copied: upstream/loop-aes/current/gnupg-1.4.6.diff (from r1372, upstream/loop-aes/current/gnupg-1.4.5.diff)
URL: http://svn.debian.org/wsvn/pkg-loop-aes/upstream/loop-aes/current/gnupg-1.4.6.diff?rev=1373&op=diff
==============================================================================
--- upstream/loop-aes/current/gnupg-1.4.5.diff (original)
+++ upstream/loop-aes/current/gnupg-1.4.6.diff Sun Feb 25 12:28:04 2007
@@ -1,11 +1,11 @@
---- gnupg-1.4.5/g10/passphrase.c.old 2006-07-31 13:57:07.000000000 +0300
-+++ gnupg-1.4.5/g10/passphrase.c 2006-08-04 20:43:44.000000000 +0300
-@@ -1036,7 +1036,7 @@
- if( create && !pass ) {
- randomize_buffer(s2k->salt, 8, 1);
- if( s2k->mode == 3 )
-- s2k->count = 96; /* 65536 iterations */
-+ s2k->count = 208; /* 8388608 byte count */
- }
-
- if( s2k->mode == 3 ) {
+--- gnupg-1.4.6/g10/gpg.c.old 2006-12-03 17:37:45.000000000 +0200
++++ gnupg-1.4.6/g10/gpg.c 2006-12-06 21:58:07.000000000 +0200
+@@ -1792,7 +1792,7 @@
+ opt.cert_digest_algo = 0;
+ opt.compress_algo = -1; /* defaults to DEFAULT_COMPRESS_ALGO */
+ opt.s2k_mode = 3; /* iterated+salted */
+- opt.s2k_count = 96; /* 65536 iterations */
++ opt.s2k_count = 208; /* 8388608 byte count */
+ #ifdef USE_CAST5
+ opt.s2k_cipher_algo = CIPHER_ALGO_CAST5;
+ #else
Copied: upstream/loop-aes/current/kernel-2.4.34.diff (from r1372, upstream/loop-aes/current/kernel-2.4.33.diff)
URL: http://svn.debian.org/wsvn/pkg-loop-aes/upstream/loop-aes/current/kernel-2.4.34.diff?rev=1373&op=diff
==============================================================================
--- upstream/loop-aes/current/kernel-2.4.33.diff (original)
+++ upstream/loop-aes/current/kernel-2.4.34.diff Sun Feb 25 12:28:04 2007
@@ -3,9 +3,9 @@
rm -f drivers/block/loop.c include/linux/loop.h
-diff -urN linux-2.4.33-noloop/Documentation/Configure.help linux-2.4.33-AES/Documentation/Configure.help
---- linux-2.4.33-noloop/Documentation/Configure.help 2006-08-12 19:04:12.000000000 +0300
-+++ linux-2.4.33-AES/Documentation/Configure.help 2006-08-12 19:21:58.000000000 +0300
+diff -urN linux-2.4.34-noloop/Documentation/Configure.help linux-2.4.34-AES/Documentation/Configure.help
+--- linux-2.4.34-noloop/Documentation/Configure.help 2006-12-26 18:08:54.000000000 +0200
++++ linux-2.4.34-AES/Documentation/Configure.help 2007-01-09 22:25:43.000000000 +0200
@@ -622,6 +622,27 @@
If unsure, say N.
@@ -21,7 +21,7 @@
+ kernel RAM so that the thin oxide which forms the storage
+ capacitor dielectric of DRAM cells is not permitted to develop
+ detectable property. For more info, see Peter Gutmann's paper:
-+ http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html
++ http://www.cypherpunks.to/~peter/usenix01.pdf
+
+ Paranoid tinfoil hat crowd say Y here, everyone else say N.
+
@@ -34,9 +34,9 @@
ATA/IDE/MFM/RLL support
CONFIG_IDE
If you say Y here, your kernel will be able to manage low cost mass
-diff -urN linux-2.4.33-noloop/drivers/block/Config.in linux-2.4.33-AES/drivers/block/Config.in
---- linux-2.4.33-noloop/drivers/block/Config.in 2004-08-08 14:15:13.000000000 +0300
-+++ linux-2.4.33-AES/drivers/block/Config.in 2006-08-12 19:21:58.000000000 +0300
+diff -urN linux-2.4.34-noloop/drivers/block/Config.in linux-2.4.34-AES/drivers/block/Config.in
+--- linux-2.4.34-noloop/drivers/block/Config.in 2004-08-08 14:15:13.000000000 +0300
++++ linux-2.4.34-AES/drivers/block/Config.in 2006-12-26 18:14:07.000000000 +0200
@@ -42,6 +42,15 @@
dep_tristate 'Promise SATA SX8 support' CONFIG_BLK_DEV_SX8 $CONFIG_PCI
@@ -53,9 +53,9 @@
dep_tristate 'Network block device support' CONFIG_BLK_DEV_NBD $CONFIG_NET
tristate 'RAM disk support' CONFIG_BLK_DEV_RAM
-diff -urN linux-2.4.33-noloop/drivers/block/loop.c linux-2.4.33-AES/drivers/block/loop.c
---- linux-2.4.33-noloop/drivers/block/loop.c 1970-01-01 02:00:00.000000000 +0200
-+++ linux-2.4.33-AES/drivers/block/loop.c 2006-08-12 19:21:58.000000000 +0300
+diff -urN linux-2.4.34-noloop/drivers/block/loop.c linux-2.4.34-AES/drivers/block/loop.c
+--- linux-2.4.34-noloop/drivers/block/loop.c 1970-01-01 02:00:00.000000000 +0200
++++ linux-2.4.34-AES/drivers/block/loop.c 2006-12-26 18:14:07.000000000 +0200
@@ -0,0 +1,2271 @@
+/*
+ * linux/drivers/block/loop.c
@@ -2328,9 +2328,9 @@
+}
+EXPORT_SYMBOL(loop_add_keyscrub_fn);
+#endif
-diff -urN linux-2.4.33-noloop/drivers/misc/Makefile linux-2.4.33-AES/drivers/misc/Makefile
---- linux-2.4.33-noloop/drivers/misc/Makefile 2000-12-30 00:07:22.000000000 +0200
-+++ linux-2.4.33-AES/drivers/misc/Makefile 2006-08-12 19:21:58.000000000 +0300
+diff -urN linux-2.4.34-noloop/drivers/misc/Makefile linux-2.4.34-AES/drivers/misc/Makefile
+--- linux-2.4.34-noloop/drivers/misc/Makefile 2000-12-30 00:07:22.000000000 +0200
++++ linux-2.4.34-AES/drivers/misc/Makefile 2006-12-26 18:14:07.000000000 +0200
@@ -9,8 +9,35 @@
# parent makes..
#
@@ -2367,9 +2367,9 @@
include $(TOPDIR)/Rules.make
fastdep:
-diff -urN linux-2.4.33-noloop/drivers/misc/aes-amd64.S linux-2.4.33-AES/drivers/misc/aes-amd64.S
---- linux-2.4.33-noloop/drivers/misc/aes-amd64.S 1970-01-01 02:00:00.000000000 +0200
-+++ linux-2.4.33-AES/drivers/misc/aes-amd64.S 2006-08-12 19:21:58.000000000 +0300
+diff -urN linux-2.4.34-noloop/drivers/misc/aes-amd64.S linux-2.4.34-AES/drivers/misc/aes-amd64.S
+--- linux-2.4.34-noloop/drivers/misc/aes-amd64.S 1970-01-01 02:00:00.000000000 +0200
++++ linux-2.4.34-AES/drivers/misc/aes-amd64.S 2006-12-26 18:14:07.000000000 +0200
@@ -0,0 +1,893 @@
+//
+// Copyright (c) 2001, Dr Brian Gladman <brg at gladman.uk.net>, Worcester, UK.
@@ -3264,9 +3264,9 @@
+ im_data5(v3)
+ im_data6(v3)
+ im_data7(v3)
-diff -urN linux-2.4.33-noloop/drivers/misc/aes-x86.S linux-2.4.33-AES/drivers/misc/aes-x86.S
---- linux-2.4.33-noloop/drivers/misc/aes-x86.S 1970-01-01 02:00:00.000000000 +0200
-+++ linux-2.4.33-AES/drivers/misc/aes-x86.S 2006-08-12 19:21:58.000000000 +0300
+diff -urN linux-2.4.34-noloop/drivers/misc/aes-x86.S linux-2.4.34-AES/drivers/misc/aes-x86.S
+--- linux-2.4.34-noloop/drivers/misc/aes-x86.S 1970-01-01 02:00:00.000000000 +0200
++++ linux-2.4.34-AES/drivers/misc/aes-x86.S 2006-12-26 18:14:07.000000000 +0200
@@ -0,0 +1,923 @@
+//
+// Copyright (c) 2001, Dr Brian Gladman <brg at gladman.uk.net>, Worcester, UK.
@@ -4191,9 +4191,9 @@
+ im_data5(v3)
+ im_data6(v3)
+ im_data7(v3)
-diff -urN linux-2.4.33-noloop/drivers/misc/aes.c linux-2.4.33-AES/drivers/misc/aes.c
---- linux-2.4.33-noloop/drivers/misc/aes.c 1970-01-01 02:00:00.000000000 +0200
-+++ linux-2.4.33-AES/drivers/misc/aes.c 2006-08-12 19:21:58.000000000 +0300
+diff -urN linux-2.4.34-noloop/drivers/misc/aes.c linux-2.4.34-AES/drivers/misc/aes.c
+--- linux-2.4.34-noloop/drivers/misc/aes.c 1970-01-01 02:00:00.000000000 +0200
++++ linux-2.4.34-AES/drivers/misc/aes.c 2006-12-26 18:14:07.000000000 +0200
@@ -0,0 +1,1479 @@
+// I retain copyright in this code but I encourage its free use provided
+// that I don't carry any responsibility for the results. I am especially
@@ -5674,9 +5674,9 @@
+
+ state_out(out_blk, b0);
+}
-diff -urN linux-2.4.33-noloop/drivers/misc/aes.h linux-2.4.33-AES/drivers/misc/aes.h
---- linux-2.4.33-noloop/drivers/misc/aes.h 1970-01-01 02:00:00.000000000 +0200
-+++ linux-2.4.33-AES/drivers/misc/aes.h 2006-08-12 19:21:58.000000000 +0300
+diff -urN linux-2.4.34-noloop/drivers/misc/aes.h linux-2.4.34-AES/drivers/misc/aes.h
+--- linux-2.4.34-noloop/drivers/misc/aes.h 1970-01-01 02:00:00.000000000 +0200
++++ linux-2.4.34-AES/drivers/misc/aes.h 2006-12-26 18:14:07.000000000 +0200
@@ -0,0 +1,113 @@
+// I retain copyright in this code but I encourage its free use provided
+// that I don't carry any responsibility for the results. I am especially
@@ -5791,9 +5791,9 @@
+// if their parameters have not changed.
+
+#endif // _AES_H
-diff -urN linux-2.4.33-noloop/drivers/misc/crypto-ksym.c linux-2.4.33-AES/drivers/misc/crypto-ksym.c
---- linux-2.4.33-noloop/drivers/misc/crypto-ksym.c 1970-01-01 02:00:00.000000000 +0200
-+++ linux-2.4.33-AES/drivers/misc/crypto-ksym.c 2006-08-12 19:21:58.000000000 +0300
+diff -urN linux-2.4.34-noloop/drivers/misc/crypto-ksym.c linux-2.4.34-AES/drivers/misc/crypto-ksym.c
+--- linux-2.4.34-noloop/drivers/misc/crypto-ksym.c 1970-01-01 02:00:00.000000000 +0200
++++ linux-2.4.34-AES/drivers/misc/crypto-ksym.c 2006-12-26 18:14:07.000000000 +0200
@@ -0,0 +1,7 @@
+#include <linux/module.h>
+#include "aes.h"
@@ -5802,9 +5802,9 @@
+EXPORT_SYMBOL_NOVERS(aes_encrypt);
+EXPORT_SYMBOL_NOVERS(aes_decrypt);
+EXPORT_SYMBOL_NOVERS(md5_transform_CPUbyteorder);
-diff -urN linux-2.4.33-noloop/drivers/misc/md5-amd64.S linux-2.4.33-AES/drivers/misc/md5-amd64.S
---- linux-2.4.33-noloop/drivers/misc/md5-amd64.S 1970-01-01 02:00:00.000000000 +0200
-+++ linux-2.4.33-AES/drivers/misc/md5-amd64.S 2006-08-12 19:21:58.000000000 +0300
+diff -urN linux-2.4.34-noloop/drivers/misc/md5-amd64.S linux-2.4.34-AES/drivers/misc/md5-amd64.S
+--- linux-2.4.34-noloop/drivers/misc/md5-amd64.S 1970-01-01 02:00:00.000000000 +0200
++++ linux-2.4.34-AES/drivers/misc/md5-amd64.S 2006-12-26 18:14:07.000000000 +0200
@@ -0,0 +1,200 @@
+//
+// md5-amd64.S
@@ -6006,9 +6006,9 @@
+ addl %ecx,8(%rdi)
+ addl %edx,12(%rdi)
+ ret
-diff -urN linux-2.4.33-noloop/drivers/misc/md5-x86.S linux-2.4.33-AES/drivers/misc/md5-x86.S
---- linux-2.4.33-noloop/drivers/misc/md5-x86.S 1970-01-01 02:00:00.000000000 +0200
-+++ linux-2.4.33-AES/drivers/misc/md5-x86.S 2006-08-12 19:21:58.000000000 +0300
+diff -urN linux-2.4.34-noloop/drivers/misc/md5-x86.S linux-2.4.34-AES/drivers/misc/md5-x86.S
+--- linux-2.4.34-noloop/drivers/misc/md5-x86.S 1970-01-01 02:00:00.000000000 +0200
++++ linux-2.4.34-AES/drivers/misc/md5-x86.S 2006-12-26 18:14:07.000000000 +0200
@@ -0,0 +1,207 @@
+//
+// md5-x86.S
@@ -6217,9 +6217,9 @@
+ pop %ebx
+ pop %ebp
+ ret
-diff -urN linux-2.4.33-noloop/drivers/misc/md5.c linux-2.4.33-AES/drivers/misc/md5.c
---- linux-2.4.33-noloop/drivers/misc/md5.c 1970-01-01 02:00:00.000000000 +0200
-+++ linux-2.4.33-AES/drivers/misc/md5.c 2006-08-12 19:21:58.000000000 +0300
+diff -urN linux-2.4.34-noloop/drivers/misc/md5.c linux-2.4.34-AES/drivers/misc/md5.c
+--- linux-2.4.34-noloop/drivers/misc/md5.c 1970-01-01 02:00:00.000000000 +0200
++++ linux-2.4.34-AES/drivers/misc/md5.c 2006-12-26 18:14:07.000000000 +0200
@@ -0,0 +1,106 @@
+/*
+ * MD5 Message Digest Algorithm (RFC1321).
@@ -6327,9 +6327,9 @@
+ hash[2] += c;
+ hash[3] += d;
+}
-diff -urN linux-2.4.33-noloop/drivers/misc/md5.h linux-2.4.33-AES/drivers/misc/md5.h
---- linux-2.4.33-noloop/drivers/misc/md5.h 1970-01-01 02:00:00.000000000 +0200
-+++ linux-2.4.33-AES/drivers/misc/md5.h 2006-08-12 19:21:58.000000000 +0300
+diff -urN linux-2.4.34-noloop/drivers/misc/md5.h linux-2.4.34-AES/drivers/misc/md5.h
+--- linux-2.4.34-noloop/drivers/misc/md5.h 1970-01-01 02:00:00.000000000 +0200
++++ linux-2.4.34-AES/drivers/misc/md5.h 2006-12-26 18:14:07.000000000 +0200
@@ -0,0 +1,11 @@
+/* md5.h */
+
@@ -6342,9 +6342,9 @@
+ asmlinkage
+#endif
+extern void md5_transform_CPUbyteorder(u_int32_t *, u_int32_t const *);
-diff -urN linux-2.4.33-noloop/include/linux/loop.h linux-2.4.33-AES/include/linux/loop.h
---- linux-2.4.33-noloop/include/linux/loop.h 1970-01-01 02:00:00.000000000 +0200
-+++ linux-2.4.33-AES/include/linux/loop.h 2006-08-12 19:21:58.000000000 +0300
+diff -urN linux-2.4.34-noloop/include/linux/loop.h linux-2.4.34-AES/include/linux/loop.h
+--- linux-2.4.34-noloop/include/linux/loop.h 1970-01-01 02:00:00.000000000 +0200
++++ linux-2.4.34-AES/include/linux/loop.h 2006-12-26 18:14:07.000000000 +0200
@@ -0,0 +1,195 @@
+#ifndef _LINUX_LOOP_H
+#define _LINUX_LOOP_H
Copied: upstream/loop-aes/current/kernel-2.6.20.diff (from r1372, upstream/loop-aes/current/kernel-2.6.18.diff)
URL: http://svn.debian.org/wsvn/pkg-loop-aes/upstream/loop-aes/current/kernel-2.6.20.diff?rev=1373&op=diff
==============================================================================
--- upstream/loop-aes/current/kernel-2.6.18.diff (original)
+++ upstream/loop-aes/current/kernel-2.6.20.diff Sun Feb 25 12:28:04 2007
@@ -3,10 +3,10 @@
rm -f drivers/block/loop.c include/linux/loop.h
-diff -urN linux-2.6.18-noloop/drivers/block/Kconfig linux-2.6.18-AES/drivers/block/Kconfig
---- linux-2.6.18-noloop/drivers/block/Kconfig 2006-09-23 15:32:40.000000000 +0300
-+++ linux-2.6.18-AES/drivers/block/Kconfig 2006-09-23 16:12:57.000000000 +0300
-@@ -285,14 +285,6 @@
+diff -urN linux-2.6.20-noloop/drivers/block/Kconfig linux-2.6.20-AES/drivers/block/Kconfig
+--- linux-2.6.20-noloop/drivers/block/Kconfig 2007-02-06 22:32:11.000000000 +0200
++++ linux-2.6.20-AES/drivers/block/Kconfig 2007-02-06 22:43:20.000000000 +0200
+@@ -280,14 +280,6 @@
bits of, say, a sound file). This is also safe if the file resides
on a remote file server.
@@ -21,13 +21,14 @@
Note that this loop device has nothing to do with the loopback
device used for network connections from the machine to itself.
-@@ -301,19 +293,32 @@
+@@ -296,20 +288,32 @@
Most users will answer N here.
-config BLK_DEV_CRYPTOLOOP
- tristate "Cryptoloop Support"
- select CRYPTO
+- select CRYPTO_CBC
+config BLK_DEV_LOOP_AES
+ bool "AES encrypted loop device support"
depends on BLK_DEV_LOOP
@@ -51,7 +52,7 @@
+ kernel RAM so that the thin oxide which forms the storage
+ capacitor dielectric of DRAM cells is not permitted to develop
+ detectable property. For more info, see Peter Gutmann's paper:
-+ http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html
++ http://www.cypherpunks.to/~peter/usenix01.pdf
+
+ Paranoid tinfoil hat crowd say Y here, everyone else say N.
+
@@ -65,23 +66,24 @@
config BLK_DEV_NBD
tristate "Network block device support"
-diff -urN linux-2.6.18-noloop/drivers/block/Makefile linux-2.6.18-AES/drivers/block/Makefile
---- linux-2.6.18-noloop/drivers/block/Makefile 2006-06-18 11:15:40.000000000 +0300
-+++ linux-2.6.18-AES/drivers/block/Makefile 2006-09-23 16:12:57.000000000 +0300
-@@ -1,6 +1,9 @@
+diff -urN linux-2.6.20-noloop/drivers/block/Makefile linux-2.6.20-AES/drivers/block/Makefile
+--- linux-2.6.20-noloop/drivers/block/Makefile 2007-02-06 22:32:11.000000000 +0200
++++ linux-2.6.20-AES/drivers/block/Makefile 2007-02-06 22:43:20.000000000 +0200
+@@ -1,6 +1,10 @@
#
# Makefile for the kernel block device drivers.
#
+
-+CFLAGS_loop.o:=$(shell if grep -q -s "current->rlim" kernel/sys.c; then echo "-DOLD_PER_THREAD_RLIMITS"; fi)
++CFLAGS_loop.o := $(shell if test -r include/linux/sched.h; then if sed -e '1,/^struct task_struct {$$/ d' include/linux/sched.h | sed -e '/^};$$/,$$ d' | grep -q -s 'struct rlimit rlim.RLIM_NLIMITS.;'; then echo "-DOLD_PER_THREAD_RLIMITS"; fi; fi)
++CFLAGS_loop.o += $(shell if test -r include/linux/timer.h; then if ! sed -e '1,/^struct timer_list {$$/ d' include/linux/timer.h | sed -e '/^};$$/,$$ d' | grep -q -s 'unsigned long data;'; then echo "-DNEW_TIMER_VOID_PTR_PARAM"; fi; fi)
+
# 12 June 2000, Christoph Hellwig <hch at infradead.org>
# Rewritten to use lists instead of if-statements.
#
-diff -urN linux-2.6.18-noloop/drivers/block/loop.c linux-2.6.18-AES/drivers/block/loop.c
---- linux-2.6.18-noloop/drivers/block/loop.c 1970-01-01 02:00:00.000000000 +0200
-+++ linux-2.6.18-AES/drivers/block/loop.c 2006-10-15 19:44:33.000000000 +0300
-@@ -0,0 +1,2816 @@
+diff -urN linux-2.6.20-noloop/drivers/block/loop.c linux-2.6.20-AES/drivers/block/loop.c
+--- linux-2.6.20-noloop/drivers/block/loop.c 1970-01-01 02:00:00.000000000 +0200
++++ linux-2.6.20-AES/drivers/block/loop.c 2007-02-06 22:43:20.000000000 +0200
+@@ -0,0 +1,2831 @@
+/*
+ * linux/drivers/block/loop.c
+ *
@@ -205,6 +207,12 @@
+# define IOCTL32_COMPATIBLE_PTR ((void*)0)
+#endif
+
++#if LINUX_VERSION_CODE >= 0x20614
++# define LOOP_COMPAT_F_DENTRY f_path.dentry
++#else
++# define LOOP_COMPAT_F_DENTRY f_dentry
++#endif
++
+#if (LINUX_VERSION_CODE < 0x20609) || defined(QUEUE_FLAG_ORDERED)
+# define QUEUE_ORDERED_NONE 0
+#endif
@@ -381,7 +389,13 @@
+ write_unlock(&m->rwlock);
+}
+
-+static void keyScrubTimerFn(unsigned long);
++#if defined(NEW_TIMER_VOID_PTR_PARAM)
++# define KeyScrubTimerFnParamType void *
++#else
++# define KeyScrubTimerFnParamType unsigned long
++#endif
++
++static void keyScrubTimerFn(KeyScrubTimerFnParamType);
+
+static void keyScrubTimerInit(struct loop_device *lo)
+{
@@ -392,13 +406,13 @@
+ expire = jiffies + HZ;
+ init_timer(&m->timer);
+ m->timer.expires = expire;
-+ m->timer.data = (unsigned long)lo;
++ m->timer.data = (KeyScrubTimerFnParamType)lo;
+ m->timer.function = keyScrubTimerFn;
+ add_timer(&m->timer);
+}
+
+/* called only from timer handler context */
-+static void keyScrubTimerFn(unsigned long d)
++static void keyScrubTimerFn(KeyScrubTimerFnParamType d)
+{
+ struct loop_device *lo = (struct loop_device *)d;
+ extern void loop_add_keyscrub_fn(struct loop_device *, void (*)(void *), void *);
@@ -1404,7 +1418,7 @@
+ sector_t x;
+ int err = 0;
+
-+ size = i_size_read(lo->lo_backing_file->f_dentry->d_inode->i_mapping->host);
++ size = i_size_read(lo->lo_backing_file->LOOP_COMPAT_F_DENTRY->d_inode->i_mapping->host);
+ offs = lo->lo_offset;
+ if (!(lo->lo_flags & LO_FLAGS_DO_BMAP))
+ offs &= ~((loff_t)511);
@@ -1684,7 +1698,10 @@
+
+static void loop_unplug_backingdev(request_queue_t *bq)
+{
-+#if defined(QUEUE_FLAG_PLUGGED)
++#if (LINUX_VERSION_CODE >= 0x20610) && !defined(QUEUE_FLAG_PLUGGED)
++ if(bq && bq->request_fn)
++ blk_run_queue(bq);
++#elif defined(QUEUE_FLAG_PLUGGED)
+ if(bq && bq->unplug_fn)
+ bq->unplug_fn(bq);
+#else
@@ -1718,11 +1735,11 @@
+{
+ struct file *file = p->file;
+ struct file *old_file=lo->lo_backing_file;
-+ struct address_space *mapping = file->f_dentry->d_inode->i_mapping;
++ struct address_space *mapping = file->LOOP_COMPAT_F_DENTRY->d_inode->i_mapping;
+
+ /* This code runs on file backed loop only */
+ /* no need to worry about -1 old_gfp_mask */
-+ mapping_set_gfp_mask(old_file->f_dentry->d_inode->i_mapping, lo->old_gfp_mask);
++ mapping_set_gfp_mask(old_file->LOOP_COMPAT_F_DENTRY->d_inode->i_mapping, lo->old_gfp_mask);
+ lo->lo_backing_file = file;
+ memset(lo->lo_file_name, 0, LO_NAME_SIZE);
+ lo->old_gfp_mask = mapping_gfp_mask(mapping);
@@ -2005,7 +2022,7 @@
+ if (!file)
+ goto out;
+
-+ inode = file->f_dentry->d_inode;
++ inode = file->LOOP_COMPAT_F_DENTRY->d_inode;
+ old_file = lo->lo_backing_file;
+
+ error = -EINVAL;
@@ -2018,7 +2035,7 @@
+ goto out_putf;
+
+ /* new backing store must be same size as the old one */
-+ if(i_size_read(inode) != i_size_read(old_file->f_dentry->d_inode))
++ if(i_size_read(inode) != i_size_read(old_file->LOOP_COMPAT_F_DENTRY->d_inode))
+ goto out_putf;
+
+ /* loop must be in properly initialized state */
@@ -2069,7 +2086,7 @@
+ goto out;
+
+ error = -EINVAL;
-+ inode = file->f_dentry->d_inode;
++ inode = file->LOOP_COMPAT_F_DENTRY->d_inode;
+
+ if (!(file->f_mode & FMODE_WRITE))
+ lo_flags |= LO_FLAGS_READ_ONLY;
@@ -2320,7 +2337,7 @@
+ invalidate_bdev(bdev, 0);
+ set_capacity(disks[lo->lo_number], 0);
+ if (gfp != -1)
-+ mapping_set_gfp_mask(filp->f_dentry->d_inode->i_mapping, gfp);
++ mapping_set_gfp_mask(filp->LOOP_COMPAT_F_DENTRY->d_inode->i_mapping, gfp);
+ fput(filp);
+ module_put(THIS_MODULE);
+ return 0;
@@ -2398,7 +2415,7 @@
+ struct kstat stat;
+ int error;
+
-+ error = vfs_getattr(file->f_vfsmnt, file->f_dentry, &stat);
++ error = vfs_getattr(file->f_vfsmnt, file->LOOP_COMPAT_F_DENTRY, &stat);
+ if (error)
+ return error;
+ memset(info, 0, sizeof(*info));
@@ -2628,7 +2645,7 @@
+
+static long lo_compat_ioctl(struct file * file, unsigned int cmd, unsigned long arg)
+{
-+ struct inode *inode = file->f_dentry->d_inode;
++ struct inode *inode = file->LOOP_COMPAT_F_DENTRY->d_inode;
+ mm_segment_t old_fs = get_fs();
+ struct loop_info l;
+ struct loop_info32 *ul = (struct loop_info32 *)arg;
@@ -2898,9 +2915,9 @@
+}
+EXPORT_SYMBOL(loop_add_keyscrub_fn);
+#endif
-diff -urN linux-2.6.18-noloop/drivers/misc/Makefile linux-2.6.18-AES/drivers/misc/Makefile
---- linux-2.6.18-noloop/drivers/misc/Makefile 2005-06-18 11:22:48.000000000 +0300
-+++ linux-2.6.18-AES/drivers/misc/Makefile 2006-09-23 16:12:57.000000000 +0300
+diff -urN linux-2.6.20-noloop/drivers/misc/Makefile linux-2.6.20-AES/drivers/misc/Makefile
+--- linux-2.6.20-noloop/drivers/misc/Makefile 2006-11-30 11:02:39.000000000 +0200
++++ linux-2.6.20-AES/drivers/misc/Makefile 2007-02-06 22:43:20.000000000 +0200
@@ -1,6 +1,28 @@
#
# Makefile for misc devices that really don't fit anywhere else.
@@ -2929,10 +2946,10 @@
+
obj- := misc.o # Dummy rule to force built-in.o to be made
- obj-$(CONFIG_IBM_ASM) += ibmasm/
-diff -urN linux-2.6.18-noloop/drivers/misc/aes-amd64.S linux-2.6.18-AES/drivers/misc/aes-amd64.S
---- linux-2.6.18-noloop/drivers/misc/aes-amd64.S 1970-01-01 02:00:00.000000000 +0200
-+++ linux-2.6.18-AES/drivers/misc/aes-amd64.S 2006-09-23 16:12:57.000000000 +0300
+ obj-$(CONFIG_IBM_ASM) += ibmasm/
+diff -urN linux-2.6.20-noloop/drivers/misc/aes-amd64.S linux-2.6.20-AES/drivers/misc/aes-amd64.S
+--- linux-2.6.20-noloop/drivers/misc/aes-amd64.S 1970-01-01 02:00:00.000000000 +0200
++++ linux-2.6.20-AES/drivers/misc/aes-amd64.S 2007-02-06 22:43:20.000000000 +0200
@@ -0,0 +1,893 @@
+//
+// Copyright (c) 2001, Dr Brian Gladman <brg at gladman.uk.net>, Worcester, UK.
@@ -3827,9 +3844,9 @@
+ im_data5(v3)
+ im_data6(v3)
+ im_data7(v3)
-diff -urN linux-2.6.18-noloop/drivers/misc/aes-x86.S linux-2.6.18-AES/drivers/misc/aes-x86.S
---- linux-2.6.18-noloop/drivers/misc/aes-x86.S 1970-01-01 02:00:00.000000000 +0200
-+++ linux-2.6.18-AES/drivers/misc/aes-x86.S 2006-09-23 16:12:57.000000000 +0300
+diff -urN linux-2.6.20-noloop/drivers/misc/aes-x86.S linux-2.6.20-AES/drivers/misc/aes-x86.S
+--- linux-2.6.20-noloop/drivers/misc/aes-x86.S 1970-01-01 02:00:00.000000000 +0200
++++ linux-2.6.20-AES/drivers/misc/aes-x86.S 2007-02-06 22:43:20.000000000 +0200
@@ -0,0 +1,923 @@
+//
+// Copyright (c) 2001, Dr Brian Gladman <brg at gladman.uk.net>, Worcester, UK.
@@ -4754,9 +4771,9 @@
+ im_data5(v3)
+ im_data6(v3)
+ im_data7(v3)
-diff -urN linux-2.6.18-noloop/drivers/misc/aes.c linux-2.6.18-AES/drivers/misc/aes.c
---- linux-2.6.18-noloop/drivers/misc/aes.c 1970-01-01 02:00:00.000000000 +0200
-+++ linux-2.6.18-AES/drivers/misc/aes.c 2006-09-23 16:12:57.000000000 +0300
+diff -urN linux-2.6.20-noloop/drivers/misc/aes.c linux-2.6.20-AES/drivers/misc/aes.c
+--- linux-2.6.20-noloop/drivers/misc/aes.c 1970-01-01 02:00:00.000000000 +0200
++++ linux-2.6.20-AES/drivers/misc/aes.c 2007-02-06 22:43:20.000000000 +0200
@@ -0,0 +1,1479 @@
+// I retain copyright in this code but I encourage its free use provided
+// that I don't carry any responsibility for the results. I am especially
@@ -6237,9 +6254,9 @@
+
+ state_out(out_blk, b0);
+}
-diff -urN linux-2.6.18-noloop/drivers/misc/aes.h linux-2.6.18-AES/drivers/misc/aes.h
---- linux-2.6.18-noloop/drivers/misc/aes.h 1970-01-01 02:00:00.000000000 +0200
-+++ linux-2.6.18-AES/drivers/misc/aes.h 2006-10-08 18:00:21.000000000 +0300
+diff -urN linux-2.6.20-noloop/drivers/misc/aes.h linux-2.6.20-AES/drivers/misc/aes.h
+--- linux-2.6.20-noloop/drivers/misc/aes.h 1970-01-01 02:00:00.000000000 +0200
++++ linux-2.6.20-AES/drivers/misc/aes.h 2007-02-06 22:43:20.000000000 +0200
@@ -0,0 +1,112 @@
+// I retain copyright in this code but I encourage its free use provided
+// that I don't carry any responsibility for the results. I am especially
@@ -6353,9 +6370,9 @@
+// if their parameters have not changed.
+
+#endif // _AES_H
-diff -urN linux-2.6.18-noloop/drivers/misc/crypto-ksym.c linux-2.6.18-AES/drivers/misc/crypto-ksym.c
---- linux-2.6.18-noloop/drivers/misc/crypto-ksym.c 1970-01-01 02:00:00.000000000 +0200
-+++ linux-2.6.18-AES/drivers/misc/crypto-ksym.c 2006-09-23 16:12:57.000000000 +0300
+diff -urN linux-2.6.20-noloop/drivers/misc/crypto-ksym.c linux-2.6.20-AES/drivers/misc/crypto-ksym.c
+--- linux-2.6.20-noloop/drivers/misc/crypto-ksym.c 1970-01-01 02:00:00.000000000 +0200
++++ linux-2.6.20-AES/drivers/misc/crypto-ksym.c 2007-02-06 22:43:20.000000000 +0200
@@ -0,0 +1,7 @@
+#include <linux/module.h>
+#include "aes.h"
@@ -6364,9 +6381,9 @@
+EXPORT_SYMBOL(aes_encrypt);
+EXPORT_SYMBOL(aes_decrypt);
+EXPORT_SYMBOL(md5_transform_CPUbyteorder);
-diff -urN linux-2.6.18-noloop/drivers/misc/md5-amd64.S linux-2.6.18-AES/drivers/misc/md5-amd64.S
---- linux-2.6.18-noloop/drivers/misc/md5-amd64.S 1970-01-01 02:00:00.000000000 +0200
-+++ linux-2.6.18-AES/drivers/misc/md5-amd64.S 2006-09-23 16:12:57.000000000 +0300
+diff -urN linux-2.6.20-noloop/drivers/misc/md5-amd64.S linux-2.6.20-AES/drivers/misc/md5-amd64.S
+--- linux-2.6.20-noloop/drivers/misc/md5-amd64.S 1970-01-01 02:00:00.000000000 +0200
++++ linux-2.6.20-AES/drivers/misc/md5-amd64.S 2007-02-06 22:43:20.000000000 +0200
@@ -0,0 +1,200 @@
+//
+// md5-amd64.S
@@ -6568,9 +6585,9 @@
+ addl %ecx,8(%rdi)
+ addl %edx,12(%rdi)
+ ret
-diff -urN linux-2.6.18-noloop/drivers/misc/md5-x86.S linux-2.6.18-AES/drivers/misc/md5-x86.S
---- linux-2.6.18-noloop/drivers/misc/md5-x86.S 1970-01-01 02:00:00.000000000 +0200
-+++ linux-2.6.18-AES/drivers/misc/md5-x86.S 2006-09-23 16:12:57.000000000 +0300
+diff -urN linux-2.6.20-noloop/drivers/misc/md5-x86.S linux-2.6.20-AES/drivers/misc/md5-x86.S
+--- linux-2.6.20-noloop/drivers/misc/md5-x86.S 1970-01-01 02:00:00.000000000 +0200
++++ linux-2.6.20-AES/drivers/misc/md5-x86.S 2007-02-06 22:43:20.000000000 +0200
@@ -0,0 +1,207 @@
+//
+// md5-x86.S
@@ -6779,9 +6796,9 @@
+ pop %ebx
+ pop %ebp
+ ret
-diff -urN linux-2.6.18-noloop/drivers/misc/md5.c linux-2.6.18-AES/drivers/misc/md5.c
---- linux-2.6.18-noloop/drivers/misc/md5.c 1970-01-01 02:00:00.000000000 +0200
-+++ linux-2.6.18-AES/drivers/misc/md5.c 2006-09-23 16:12:57.000000000 +0300
+diff -urN linux-2.6.20-noloop/drivers/misc/md5.c linux-2.6.20-AES/drivers/misc/md5.c
+--- linux-2.6.20-noloop/drivers/misc/md5.c 1970-01-01 02:00:00.000000000 +0200
++++ linux-2.6.20-AES/drivers/misc/md5.c 2007-02-06 22:43:20.000000000 +0200
@@ -0,0 +1,106 @@
+/*
+ * MD5 Message Digest Algorithm (RFC1321).
@@ -6889,9 +6906,9 @@
+ hash[2] += c;
+ hash[3] += d;
+}
-diff -urN linux-2.6.18-noloop/drivers/misc/md5.h linux-2.6.18-AES/drivers/misc/md5.h
---- linux-2.6.18-noloop/drivers/misc/md5.h 1970-01-01 02:00:00.000000000 +0200
-+++ linux-2.6.18-AES/drivers/misc/md5.h 2006-10-08 18:00:21.000000000 +0300
+diff -urN linux-2.6.20-noloop/drivers/misc/md5.h linux-2.6.20-AES/drivers/misc/md5.h
+--- linux-2.6.20-noloop/drivers/misc/md5.h 1970-01-01 02:00:00.000000000 +0200
++++ linux-2.6.20-AES/drivers/misc/md5.h 2007-02-06 22:43:20.000000000 +0200
@@ -0,0 +1,10 @@
+/* md5.h */
+
@@ -6903,9 +6920,9 @@
+ asmlinkage
+#endif
+extern void md5_transform_CPUbyteorder(u_int32_t *, u_int32_t const *);
-diff -urN linux-2.6.18-noloop/include/linux/loop.h linux-2.6.18-AES/include/linux/loop.h
---- linux-2.6.18-noloop/include/linux/loop.h 1970-01-01 02:00:00.000000000 +0200
-+++ linux-2.6.18-AES/include/linux/loop.h 2006-09-23 16:12:57.000000000 +0300
+diff -urN linux-2.6.20-noloop/include/linux/loop.h linux-2.6.20-AES/include/linux/loop.h
+--- linux-2.6.20-noloop/include/linux/loop.h 1970-01-01 02:00:00.000000000 +0200
++++ linux-2.6.20-AES/include/linux/loop.h 2007-02-06 22:43:20.000000000 +0200
@@ -0,0 +1,167 @@
+#ifndef _LINUX_LOOP_H
+#define _LINUX_LOOP_H
Added: upstream/loop-aes/current/loop-aes-keygen
URL: http://svn.debian.org/wsvn/pkg-loop-aes/upstream/loop-aes/current/loop-aes-keygen?rev=1373&op=file
==============================================================================
--- upstream/loop-aes/current/loop-aes-keygen (added)
+++ upstream/loop-aes/current/loop-aes-keygen Sun Feb 25 12:28:04 2007
@@ -1,0 +1,226 @@
+#!/bin/sh
+#
+# loop-aes-keygen - Create loop-AES encryption keys
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 dated June, 1991.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111, USA.
+#
+# Copyright 2005-2006, Max Vozeler <xam at debian.org>
+#
+# $Id: loop-aes-keygen 1333 2006-12-02 15:07:20Z xam $
+#
+
+set -e
+
+umask 077
+
+cipher=
+userids=
+rnd=/dev/random
+version=3
+
+usage()
+{
+ cat << USAGE
+usage: loop-aes-keygen [opts] <keyfile>
+
+ -v <1|2|3> Key format (Default: $version)
+ -u userid Encrypt for GnuPG pubkey <userid>
+ -c cipher Use GnuPG cipher <cipher>
+
+USAGE
+}
+
+get_options()
+{
+ while getopts 'v:s:c:u:h' f
+ do
+ case $f in
+ v)
+ version=$OPTARG
+ ;;
+
+ c)
+ cipher=$OPTARG
+ ;;
+
+ s)
+ rnd=$OPTARG
+ ;;
+
+ u)
+ userids="$userids $OPTARG"
+ ;;
+
+ h)
+ usage
+ exit 0
+ ;;
+ esac
+ done
+ shift `expr $OPTIND - 1`
+
+ keyfile=$1
+
+ if [ -z $keyfile ]; then
+ echo No output file. Aborting
+ usage
+ exit 1
+ fi
+
+ if [ $version -lt 1 ] || [ $version -gt 3 ]; then
+ echo Unsupported key format: $version
+ exit 1
+ fi
+}
+
+check_safe_loop()
+{
+ loopdev=$1
+
+ opts=$(/sbin/losetup $loopdev 2>&1)
+ if [ $? -ne 0 ]; then
+ echo "Error: Check for $loopdev failed ($opts)"
+ exit 1
+ fi
+
+ # If loop entry has an encryption= option assume it's safe
+ if echo "$opts" | grep -q encryption=; then
+ return 0
+ fi
+
+ return 1
+}
+
+check_safe_swap()
+{
+ if [ ! -r /proc/swaps ]; then
+ echo Error: Cannot read /proc/swaps
+ exit 1
+ fi
+
+ unsafe=
+ while read line
+ do
+ set -- $line
+ case $1 in
+ /dev/loop*)
+ if ! check_safe_loop $1; then
+ unsafe=$1
+ break
+ fi
+ ;;
+ Filename*)
+ ;;
+ *)
+ unsafe=$1
+ break
+ ;;
+ esac
+ done < /proc/swaps
+
+ if [ $unsafe ]; then
+ echo Fatal: Unsafe swap detected: $unsafe
+ exit 1
+ fi
+
+ return 0
+}
+
+check_multikey_support ()
+{
+ match=
+ case $1 in
+ 1)
+ return 0;;
+ 2)
+ match="multi-key";;
+ 3)
+ match="multi-key-v3";;
+ *)
+ return 1;;
+ esac
+ grep -q "$match" /sbin/losetup
+}
+
+keygen()
+{
+ version=$1
+ keyfile=$2
+ gpgargs=$3
+
+ # These are the known loop-AES key formats:
+ # v1.x 1 45 bytes AES key
+ # v2.x 64 2880 bytes(45 * 64) AES keys
+ # v3.x 65 2925 bytes(45 * 65) #65 is md5 seed
+ case $version in
+ 1)
+ nkeys=1;;
+ 2)
+ nkeys=64;;
+ 3)
+ nkeys=65;;
+ *)
+ return 1;;
+ esac
+
+ bytes=$((45*$nkeys))
+ head -c $bytes $rnd | uuencode -m - | head -n $(($nkeys+1)) | tail -n $nkeys | gpg $gpgargs > $keyfile
+}
+
+get_options $*
+
+if ! check_safe_swap; then
+ exit 1
+fi
+
+if ! [ -x /usr/bin/gpg ]; then
+ echo "Error: gpg not found"
+ exit 1
+fi
+
+if ! [ -x /usr/bin/uuencode ]; then
+ echo "Error: uuencode not found - see package sharutils"
+ exit 1
+fi
+
+if ! check_multikey_support $version; then
+ echo "Warning: /sbin/losetup too old for v$version keys."
+fi
+
+if [ -e $keyfile ]; then
+ echo "Keyfile $keyfile exists. Aborting."
+ exit 1
+fi
+
+gpgargs="--armor"
+
+if [ "$userids" ]; then
+ gpgargs="$gpgargs --encrypt"
+ for id in $userids; do
+ gpgargs="$gpgargs --recipient $id"
+ done
+else
+ gpgargs="$gpgargs --symmetric"
+fi
+
+if [ $cipher ]; then
+ gpgargs="$gpgargs --cipher-algo=$cipher"
+fi
+
+if ! keygen $version $keyfile "$gpgargs"; then
+ echo An error occured while creating the key file.
+ exit 1
+fi
+
+exit 0
Added: upstream/loop-aes/current/loop-aes-keygen.1
URL: http://svn.debian.org/wsvn/pkg-loop-aes/upstream/loop-aes/current/loop-aes-keygen.1?rev=1373&op=file
==============================================================================
--- upstream/loop-aes/current/loop-aes-keygen.1 (added)
+++ upstream/loop-aes/current/loop-aes-keygen.1 Sun Feb 25 12:28:04 2007
@@ -1,0 +1,63 @@
+\" $Id: loop-aes-keygen.1 1104 2006-03-17 15:43:11Z max $
+.TH loop-aes-keygen 1 2006-01-19
+.SH NAME
+loop-aes-keygen
+.
+.SH SYNOPSIS
+.B loop-aes-keygen
+[
+.I options
+]
+.I keyfile
+.
+.SH DESCRIPTION
+Creates keys for loop-AES loopback encryption.
+.
+.SH OPTIONS
+.
+.TP
+.B \-v <1|2|3>
+Key format (Default: 3).
+.
+.TP
+.B \-c cipher
+Encrypt using GnuPG cipher
+.I cipher
+.
+.TP
+.B \-u id
+Encrypt using GnuPG pubkey
+.I id
+\&. Can be given more than once
+(Default: Encrypt symmetrically with passphrase)
+.
+.TP
+.B \-s device
+Override random source (Default: /dev/random).
+.B Don't use this option unless you know what you are doing.
+A bad source can silently create useless and trivially crackable keys.
+On the other hand, a known good source faster than /dev/random (eg. good
+hardware RNG) can significantly speed up the key creation.
+.
+.SH EXAMPLES
+.TP
+Create key
+$
+.B loop-aes-keygen key.gpg
+.TP
+Create key for multiple users
+$
+.B loop-aes-keygen -u user1@$HOSTNAME -u \(dqUser 2\(dq key.gpg
+.TP
+Create blowfish encrypted key in loop-AES v2.x format
+$
+.B loop-aes-keygen -c BLOWFISH -v2 key.gpg
+.
+.SH AUTHOR
+.TP
+Max Vozeler <xam at debian.org>
+.
+.SH SEE ALSO
+.BR losetup (8),
+.BR /usr/share/doc/loop-aes-utils/README,
+.BR /usr/share/doc/loop-aes-source/README*
Modified: upstream/loop-aes/current/loop.c-2.6.patched
URL: http://svn.debian.org/wsvn/pkg-loop-aes/upstream/loop-aes/current/loop.c-2.6.patched?rev=1373&op=diff
==============================================================================
--- upstream/loop-aes/current/loop.c-2.6.patched (original)
+++ upstream/loop-aes/current/loop.c-2.6.patched Sun Feb 25 12:28:04 2007
@@ -130,6 +130,12 @@
# define IOCTL32_COMPATIBLE_PTR ((void*)0)
#endif
+#if LINUX_VERSION_CODE >= 0x20614
+# define LOOP_COMPAT_F_DENTRY f_path.dentry
+#else
+# define LOOP_COMPAT_F_DENTRY f_dentry
+#endif
+
#if (LINUX_VERSION_CODE < 0x20609) || defined(QUEUE_FLAG_ORDERED)
# define QUEUE_ORDERED_NONE 0
#endif
@@ -615,7 +621,7 @@
sector_t x;
int err = 0;
- size = i_size_read(lo->lo_backing_file->f_dentry->d_inode->i_mapping->host);
+ size = i_size_read(lo->lo_backing_file->LOOP_COMPAT_F_DENTRY->d_inode->i_mapping->host);
offs = lo->lo_offset;
if (!(lo->lo_flags & LO_FLAGS_DO_BMAP))
offs &= ~((loff_t)511);
@@ -897,7 +903,10 @@
static void loop_unplug_backingdev(request_queue_t *bq)
{
-#if defined(QUEUE_FLAG_PLUGGED)
+#if (LINUX_VERSION_CODE >= 0x20610) && !defined(QUEUE_FLAG_PLUGGED)
+ if(bq && bq->request_fn)
+ blk_run_queue(bq);
+#elif defined(QUEUE_FLAG_PLUGGED)
if(bq && bq->unplug_fn)
bq->unplug_fn(bq);
#else
@@ -931,11 +940,11 @@
{
struct file *file = p->file;
struct file *old_file=lo->lo_backing_file;
- struct address_space *mapping = file->f_dentry->d_inode->i_mapping;
+ struct address_space *mapping = file->LOOP_COMPAT_F_DENTRY->d_inode->i_mapping;
/* This code runs on file backed loop only */
/* no need to worry about -1 old_gfp_mask */
- mapping_set_gfp_mask(old_file->f_dentry->d_inode->i_mapping, lo->old_gfp_mask);
+ mapping_set_gfp_mask(old_file->LOOP_COMPAT_F_DENTRY->d_inode->i_mapping, lo->old_gfp_mask);
lo->lo_backing_file = file;
memset(lo->lo_file_name, 0, LO_NAME_SIZE);
lo->old_gfp_mask = mapping_gfp_mask(mapping);
@@ -1218,7 +1227,7 @@
if (!file)
goto out;
- inode = file->f_dentry->d_inode;
+ inode = file->LOOP_COMPAT_F_DENTRY->d_inode;
old_file = lo->lo_backing_file;
error = -EINVAL;
@@ -1231,7 +1240,7 @@
goto out_putf;
/* new backing store must be same size as the old one */
- if(i_size_read(inode) != i_size_read(old_file->f_dentry->d_inode))
+ if(i_size_read(inode) != i_size_read(old_file->LOOP_COMPAT_F_DENTRY->d_inode))
goto out_putf;
/* loop must be in properly initialized state */
@@ -1282,7 +1291,7 @@
goto out;
error = -EINVAL;
- inode = file->f_dentry->d_inode;
+ inode = file->LOOP_COMPAT_F_DENTRY->d_inode;
if (!(file->f_mode & FMODE_WRITE))
lo_flags |= LO_FLAGS_READ_ONLY;
@@ -1536,7 +1545,7 @@
invalidate_bdev(bdev, 0);
set_capacity(disks[lo->lo_number], 0);
if (gfp != -1)
- mapping_set_gfp_mask(filp->f_dentry->d_inode->i_mapping, gfp);
+ mapping_set_gfp_mask(filp->LOOP_COMPAT_F_DENTRY->d_inode->i_mapping, gfp);
fput(filp);
module_put(THIS_MODULE);
return 0;
@@ -1614,7 +1623,7 @@
struct kstat stat;
int error;
- error = vfs_getattr(file->f_vfsmnt, file->f_dentry, &stat);
+ error = vfs_getattr(file->f_vfsmnt, file->LOOP_COMPAT_F_DENTRY, &stat);
if (error)
return error;
memset(info, 0, sizeof(*info));
@@ -1844,7 +1853,7 @@
static long lo_compat_ioctl(struct file * file, unsigned int cmd, unsigned long arg)
{
- struct inode *inode = file->f_dentry->d_inode;
+ struct inode *inode = file->LOOP_COMPAT_F_DENTRY->d_inode;
mm_segment_t old_fs = get_fs();
struct loop_info l;
struct loop_info32 *ul = (struct loop_info32 *)arg;
Modified: upstream/loop-aes/current/util-linux-2.12r.diff
URL: http://svn.debian.org/wsvn/pkg-loop-aes/upstream/loop-aes/current/util-linux-2.12r.diff?rev=1373&op=diff
==============================================================================
--- upstream/loop-aes/current/util-linux-2.12r.diff (original)
+++ upstream/loop-aes/current/util-linux-2.12r.diff Sun Feb 25 12:28:04 2007
@@ -470,7 +470,7 @@
+#endif // _AES_H
diff -urN util-linux-2.12r/mount/lomount.c util-linux-2.12r-AES/mount/lomount.c
--- util-linux-2.12r/mount/lomount.c 2004-12-21 00:11:04.000000000 +0200
-+++ util-linux-2.12r-AES/mount/lomount.c 2006-10-15 20:14:07.000000000 +0300
++++ util-linux-2.12r-AES/mount/lomount.c 2007-02-17 09:58:11.000000000 +0200
@@ -1,4 +1,15 @@
-/* Originally from Ted's losetup.c */
+/* Taken from Ted's losetup.c - Mitch <m.dsouza at mrc-apu.cam.ac.uk> */
@@ -488,7 +488,7 @@
#define LOOPMAJOR 7
-@@ -13,60 +24,80 @@
+@@ -13,60 +24,81 @@
#include <errno.h>
#include <stdlib.h>
#include <unistd.h>
@@ -569,6 +569,7 @@
+char *loInitValue = (char *)0;
+char *gpgKeyFile = (char *)0;
+char *gpgHomeDir = (char *)0;
++char *clearTextKeyFile = (char *)0;
+char *loopOffsetBytes = (char *)0;
+char *loopSizeBytes = (char *)0;
+char *loopEncryptionType = (char *)0;
@@ -603,7 +604,7 @@
if ((fd = open(device, O_RDONLY)) < 0) {
int errsv = errno;
-@@ -74,73 +105,64 @@
+@@ -74,73 +106,64 @@
device, strerror (errsv));
return 2;
}
@@ -726,7 +727,7 @@
char *
find_unused_loop_device (void) {
/* Just creating a device, say in /tmp, is probably a bad idea -
-@@ -148,9 +170,8 @@
+@@ -148,9 +171,8 @@
So, we just try /dev/loop[0-7]. */
char dev[20];
char *loop_formats[] = { "/dev/loop%d", "/dev/loop/%d" };
@@ -737,7 +738,7 @@
for (j = 0; j < SIZE(loop_formats); j++) {
for(i = 0; i < 256; i++) {
-@@ -159,16 +180,14 @@
+@@ -159,16 +181,14 @@
somedev++;
fd = open (dev, O_RDONLY);
if (fd >= 0) {
@@ -756,7 +757,7 @@
continue;/* continue trying as long as devices exist */
}
break;
-@@ -176,75 +195,615 @@
+@@ -176,75 +196,626 @@
}
if (!somedev)
@@ -1088,7 +1089,7 @@
+ }
+ if(strlen(multiKeyPass[x]) < LOOP_PASSWORD_MIN_LENGTH) break;
+ x++;
- }
++ }
+ warnAboutBadKeyData(x);
+ if(x >= 65)
+ multiKeyMode = 65;
@@ -1099,23 +1100,29 @@
+ if(!multiKeyPass[0]) goto nomem1;
+ return multiKeyPass[0];
+}
-
-- if (pass == NULL)
-- return "";
++
+static char *sGetPass(int minLen, int warnLen)
+{
+ char *p, *s, *seed;
-+ int i, ask2;
-
-- pass[i] = 0;
-- return pass;
++ int i, ask2, close_i_fd = 0;
++
+ if(!passFDnumber) {
++ if(clearTextKeyFile) {
++ if((i = open(clearTextKeyFile, O_RDONLY)) == -1) {
++ fprintf(stderr, _("Error: unable to open %s for reading\n"), clearTextKeyFile);
++ return NULL;
++ }
++ close_i_fd = 1;
++ goto contReadFrom_i;
++ }
+ p = getpass(_("Password: "));
+ ask2 = passAskTwice ? 1 : 0;
+ } else {
+ i = atoi(passFDnumber);
++ contReadFrom_i:
+ if(gpgKeyFile && gpgKeyFile[0]) {
+ p = get_FD_pass(i);
++ if(close_i_fd) close(i);
+ } else {
+ int x = 0;
+ while(x < 66) {
@@ -1124,6 +1131,7 @@
+ if(strlen(multiKeyPass[x]) < LOOP_PASSWORD_MIN_LENGTH) break;
+ x++;
+ }
++ if(close_i_fd) close(i);
+ warnAboutBadKeyData(x);
+ if(x >= 65) {
+ multiKeyMode = 65;
@@ -1171,7 +1179,7 @@
+ nomem:
+ fprintf(stderr, _("Error: Unable to allocate memory\n"));
+ return(NULL);
-+ }
+ }
+ strcpy(s, p);
+ memset(p, 0, i);
+ if(ask2) {
@@ -1189,20 +1197,18 @@
+ }
+ strcat(s, seed);
+ return(s);
- }
-
--static int
--digits_only(const char *s) {
-- while (*s)
-- if (!isdigit(*s++))
-- return 0;
-- return 1;
++}
+
+- if (pass == NULL)
+- return "";
+/* this is for compatibility with historic loop-AES version */
+static void unhashed1_key_setup(unsigned char *keyStr, int ile, unsigned char *keyBuf, int bufSize)
+{
+ register int x, y, z, cnt = ile;
+ unsigned char *kp;
-+
+
+- pass[i] = 0;
+- return pass;
+ memset(keyBuf, 0, bufSize);
+ kp = keyStr;
+ for(x = 0; x < (bufSize * 8); x += 6) {
@@ -1225,8 +1231,14 @@
+ keyBuf[z] |= y >> (8 - (x & 7));
+ }
+ }
-+}
-+
+ }
+
+-static int
+-digits_only(const char *s) {
+- while (*s)
+- if (!isdigit(*s++))
+- return 0;
+- return 1;
+/* this is for compatibility with mainline mount */
+static void unhashed2_key_setup(unsigned char *keyStr, int ile, unsigned char *keyBuf, int bufSize)
+{
@@ -1262,8 +1274,8 @@
+ } else {
+ return llseek(fd, offset, whence);
+ }
-+}
-+
+ }
+
+static int loop_create_random_keys(char *partition, long long offset, long long sizelimit, int loopro, unsigned char *k)
+{
+ int x, y, fd;
@@ -1357,8 +1369,8 @@
+ close(fd);
+ memset(&b[0], 0, sizeof(b));
+ return 0;
- }
-
++}
++
+#if !defined(MAIN)
+static int loop_fork_mkfs_command(char *device, char *fstype)
+{
@@ -1425,7 +1437,7 @@
mode = (*loopro ? O_RDONLY : O_RDWR);
if ((ffd = open(file, mode)) < 0) {
if (!*loopro && errno == EROFS)
-@@ -256,32 +815,25 @@
+@@ -256,32 +827,25 @@
}
if ((fd = open(device, mode)) < 0) {
perror (device);
@@ -1469,7 +1481,7 @@
if(mlockall(MCL_CURRENT | MCL_FUTURE)) {
perror("memlock");
fprintf(stderr, _("Couldn't lock into memory, exiting.\n"));
-@@ -289,126 +841,223 @@
+@@ -289,126 +853,224 @@
}
#endif
@@ -1673,7 +1685,7 @@
+ }
}
- close (fd);
--
+
- if (verbose > 1)
- printf(_("set_loop(%s,%s,%llu): success\n"),
- device, file, offset);
@@ -1683,7 +1695,7 @@
-int
-del_loop (const char *device) {
- int fd;
-
+-
- if ((fd = open (device, O_RDONLY)) < 0) {
- int errsv = errno;
- fprintf(stderr, _("loop: can't delete device %s: %s\n"),
@@ -1777,12 +1789,13 @@
+ %s -d loop_device # delete\n\
+ %s -R loop_device # resize\n\
+options: -e encryption -o offset -s sizelimit -p passwdfd -T -S pseed\n\
-+ -H phash -I loinit -K gpgkey -G gpghome -C itercountk -v -r\n"),
++ -H phash -I loinit -K gpgkey -G gpghome -C itercountk -v -r\n\
++ -P cleartextkey\n"),
+ progname, progname, progname, progname, progname, progname);
exit(1);
}
-@@ -439,107 +1088,247 @@
+@@ -439,107 +1101,252 @@
fprintf (stderr, "\n");
}
@@ -1835,6 +1848,7 @@
+ { "loinit=", &loInitValue },
+ { "gpgkey=", &gpgKeyFile },
+ { "gpghome=", &gpgHomeDir },
++ { "cleartextkey=", &clearTextKeyFile },
+ { "itercountk=", &passIterThousands },
+ };
+ struct options *p;
@@ -1963,13 +1977,13 @@
+ case 'F': /* read loop related options from /etc/fstab */
+ option_F = 1;
+ setup_o = 1;
++ break;
++ case 'G': /* GnuPG home dir */
++ gpgHomeDir = optarg;
++ setup_o = 1;
break;
- case 'f':
- find = 1;
-+ case 'G': /* GnuPG home dir */
-+ gpgHomeDir = optarg;
-+ setup_o = 1;
-+ break;
+ case 'H': /* passphrase hash function name */
+ passHashFuncName = optarg;
+ setup_o = 1;
@@ -1989,6 +2003,10 @@
+ break;
+ case 'p': /* read passphrase from given fd */
+ passFDnumber = optarg;
++ setup_o = 1;
++ break;
++ case 'P': /* read passphrase from given file */
++ clearTextKeyFile = optarg;
+ setup_o = 1;
+ break;
+ case 'r': /* read-only */
@@ -2103,8 +2121,8 @@
#endif
diff -urN util-linux-2.12r/mount/lomount.h util-linux-2.12r-AES/mount/lomount.h
--- util-linux-2.12r/mount/lomount.h 2004-07-11 20:23:46.000000000 +0300
-+++ util-linux-2.12r-AES/mount/lomount.h 2006-04-09 09:45:15.000000000 +0300
-@@ -1,6 +1,18 @@
++++ util-linux-2.12r-AES/mount/lomount.h 2007-02-17 09:58:11.000000000 +0200
+@@ -1,6 +1,19 @@
extern int verbose;
-extern int set_loop(const char *, const char *, unsigned long long,
- const char *, int, int *);
@@ -2122,6 +2140,7 @@
+extern char *loInitValue;
+extern char *gpgKeyFile;
+extern char *gpgHomeDir;
++extern char *clearTextKeyFile;
+extern char *loopOffsetBytes;
+extern char *loopSizeBytes;
+extern char *loopEncryptionType;
@@ -2465,10 +2484,10 @@
+#endif
diff -urN util-linux-2.12r/mount/losetup.8 util-linux-2.12r-AES/mount/losetup.8
--- util-linux-2.12r/mount/losetup.8 2004-12-05 03:35:54.000000000 +0200
-+++ util-linux-2.12r-AES/mount/losetup.8 2005-09-24 14:48:53.000000000 +0300
++++ util-linux-2.12r-AES/mount/losetup.8 2007-02-17 09:58:11.000000000 +0200
@@ -1,42 +1,29 @@
-.TH LOSETUP 8 "2003-07-01" "Linux" "MAINTENANCE COMMANDS"
-+.TH LOSETUP 8 "2005-09-17" "Linux" "MAINTENANCE COMMANDS"
++.TH LOSETUP 8 "2007-02-17" "Linux" "MAINTENANCE COMMANDS"
.SH NAME
losetup \- set up and control loop devices
.SH SYNOPSIS
@@ -2528,7 +2547,7 @@
.ad b
.SH DESCRIPTION
.B losetup
-@@ -44,45 +31,113 @@
+@@ -44,45 +31,135 @@
to detach loop devices and to query the status of a loop device. If only the
\fIloop_device\fP argument is given, the status of the corresponding loop
device is shown.
@@ -2558,9 +2577,9 @@
+.IP \fB\-a\fP
+Show status of all loop devices.
+.IP "\fB\-C \fIitercountk\fP"
-+Runs hashed password through \fIitercountk\fP thousand iterations of AES-256
++Runs hashed passphrase through \fIitercountk\fP thousand iterations of AES-256
+before using it for loop encryption. This consumes lots of CPU cycles at
-+loop setup/mount time but not thereafter. In combination with password seed
++loop setup/mount time but not thereafter. In combination with passphrase seed
+this slows down dictionary attacks. Iteration is not done in multi-key mode.
+.IP "\fB\-d\fP"
Detach the file or device associated with the specified loop device.
@@ -2581,11 +2600,11 @@
+.IP \fBXOR\fP
+Use a simple XOR encryption.
+.IP "\fBAES128 AES\fP"
-+Use 128 bit AES encryption. Password is hashed with SHA-256 by default.
++Use 128 bit AES encryption. Passphrase is hashed with SHA-256 by default.
+.IP \fBAES192\fP
-+Use 192 bit AES encryption. Password is hashed with SHA-384 by default.
++Use 192 bit AES encryption. Passphrase is hashed with SHA-384 by default.
+.IP \fBAES256\fP
-+Use 256 bit AES encryption. Password is hashed with SHA-512 by default.
++Use 256 bit AES encryption. Passphrase is hashed with SHA-512 by default.
+
+.IP "\fBtwofish128 twofish160 twofish192 twofish256\fP"
+.IP "\fBblowfish128 blowfish160 blowfish192 blowfish256\fP"
@@ -2598,9 +2617,9 @@
+.IP "\fB\-F\fP"
+Reads and uses mount options from /etc/fstab that match specified loop
+device, including offset= sizelimit= encryption= pseed= phash= loinit=
-+gpgkey= gpghome= itercountk= and looped to device/file name. loop= option in
-+/etc/fstab must match specified loop device name. Command line options take
-+precedence in case of conflict.
++gpgkey= gpghome= cleartextkey= itercountk= and looped to device/file name.
++loop= option in /etc/fstab must match specified loop device name. Command
++line options take precedence in case of conflict.
+.IP "\fB\-G \fIgpghome\fP"
+Set gpg home directory to \fIgpghome\fP, so that gpg uses public/private
+keys on \fIgpghome\fP directory. This is only used when gpgkey file needs to
@@ -2608,11 +2627,11 @@
+symmetric cipher only, public/private keys are not required and this option
+has no effect.
+.IP "\fB\-H \fIphash\fP"
-+Uses \fIphash\fP function to hash password. Available hash functions are
++Uses \fIphash\fP function to hash passphrase. Available hash functions are
+sha256, sha384, sha512 and rmd160. unhashed1, unhashed2 and unhashed3
+functions also exist for compatibility with some obsolete implementations.
+
-+Hash function random does not ask for password but sets up random keys and
++Hash function random does not ask for passphrase but sets up random keys and
+attempts to put loop to multi-key mode. When random/1777 hash type is used
+as mount option for mount program, mount program will create new file system
+on the loop device and construct initial permissions of file system root
@@ -2625,7 +2644,7 @@
+function. Cipher transfer functions are free to interpret value as they
+want.
+.IP "\fB\-K \fIgpgkey\fP"
-+Password is piped to gpg so that gpg can decrypt file \fIgpgkey\fP which
++Passphrase is piped to gpg so that gpg can decrypt file \fIgpgkey\fP which
+contains the real keys that are used to encrypt loop device. If decryption
+requires public/private keys and gpghome is not specified, all users use
+their own gpg public/private keys to decrypt \fIgpgkey\fP. Decrypted
@@ -2653,6 +2672,28 @@
+keys, then loop device is put to multi-key mode. If losetup encounters
+end-of-file before 64 keys are read, then only first key is used in
+single-key mode.
++
++echo SecretPassphraseHere | losetup -p0 -K foo.gpg -e AES128 ...
++
++In above example, losetup reads passphrase from file descriptor 0 (stdin).
++.IP "\fB\-P \fIcleartextkey\fP"
++Read the passphrase from file \fIcleartextkey\fP instead of the
++terminal. If -K option is not being used (no gpg key file), then losetup
++attempts to read 65 keys from \fIcleartextkey\fP, each key at least 20
++characters and separated by newline. If losetup successfully reads 64 or 65
++keys, then loop device is put to multi-key mode. If losetup encounters
++end-of-file before 64 keys are read, then only first key is used in
++single-key mode. If both -p and -P options are used, then -p option takes
++precedence. These are equivalent:
++
++losetup -p3 -K foo.gpg -e AES128 ... 3<someFileName
++
++losetup -P someFileName -K foo.gpg -e AES128 ...
++
++In first line of above example, in addition to normal open file descriptors
++(0==stdin 1==stdout 2==stderr), shell opens the file and passes open file
++descriptor to started losetup program. In second line of above example,
++losetup opens the file itself.
+.IP "\fB\-r\fP"
+Read-only mode.
+.IP "\fB\-R\fP"
@@ -2666,18 +2707,18 @@
+offset). This option may not be supported on some older kernels and/or loop
+drivers.
+.IP "\fB\-S \fIpseed\fP"
-+Sets encryption password seed \fIpseed\fP which is appended to user supplied
-+password before hashing. Using different seeds for different partitions
++Sets encryption passphrase seed \fIpseed\fP which is appended to user supplied
++passphrase before hashing. Using different seeds for different partitions
+makes dictionary attacks slower but does not prevent them if user supplied
-+password is guessable. Seed is not used in multi-key mode.
++passphrase is guessable. Seed is not used in multi-key mode.
+.IP "\fB\-T\fP"
-+Asks password twice.
++Asks passphrase twice.
+.IP "\fB\-v\fP"
+Verbose mode.
.SH RETURN VALUE
.B losetup
returns 0 on success, nonzero on failure. When
-@@ -94,43 +149,26 @@
+@@ -94,43 +171,26 @@
.SH FILES
.nf
@@ -2803,7 +2844,7 @@
+}
diff -urN util-linux-2.12r/mount/mount.8 util-linux-2.12r-AES/mount/mount.8
--- util-linux-2.12r/mount/mount.8 2004-12-20 00:30:14.000000000 +0200
-+++ util-linux-2.12r-AES/mount/mount.8 2005-09-24 14:48:53.000000000 +0300
++++ util-linux-2.12r-AES/mount/mount.8 2007-02-17 09:58:11.000000000 +0200
@@ -281,6 +281,16 @@
.B \-v
Verbose mode.
@@ -2834,14 +2875,14 @@
.B \-s
Tolerate sloppy mount options rather than failing. This will ignore
mount options not supported by a filesystem type. Not all filesystems
-@@ -1841,13 +1845,17 @@
+@@ -1841,13 +1845,19 @@
and then mount this device on
.IR /mnt .
-This type of mount knows about three options, namely
-.BR loop ", " offset " and " encryption ,
-+This type of mount knows about 10 options, namely
-+.BR loop ", " offset ", " sizelimit ", " encryption ", " pseed ", " phash ", " loinit ", " gpgkey ", " gpghome " and " itercountk
++This type of mount knows about 11 options, namely
++.BR loop ", " offset ", " sizelimit ", " encryption ", " pseed ", " phash ", " loinit ", " gpgkey ", " gpghome ", " cleartextkey " and " itercountk
that are really options to
.BR \%losetup (8).
(These options can be used in addition to those specific
@@ -2850,13 +2891,15 @@
+If the mount requires a passphrase, you will be prompted for one unless you
+specify a file descriptor to read from instead with the
+.BR \-p
-+option.
++command line option, or specify a file name with
++.BR cleartextkey
++mount option.
If no explicit loop device is mentioned
(but just an option `\fB\-o loop\fP' is given), then
.B mount
diff -urN util-linux-2.12r/mount/mount.c util-linux-2.12r-AES/mount/mount.c
--- util-linux-2.12r/mount/mount.c 2004-12-22 00:00:36.000000000 +0200
-+++ util-linux-2.12r-AES/mount/mount.c 2006-04-09 09:45:15.000000000 +0300
++++ util-linux-2.12r-AES/mount/mount.c 2007-02-17 09:58:11.000000000 +0200
@@ -11,6 +11,7 @@
#include <string.h>
#include <getopt.h>
@@ -2884,7 +2927,7 @@
*opt_speed, *opt_comment;
static struct string_opt_map {
-@@ -177,8 +175,15 @@
+@@ -177,8 +175,16 @@
} string_opt_map[] = {
{ "loop=", 0, &opt_loopdev },
{ "vfs=", 1, &opt_vfstype },
@@ -2895,6 +2938,7 @@
+ { "loinit=", 0, (const char **)&loInitValue },
+ { "gpgkey=", 0, (const char **)&gpgKeyFile },
+ { "gpghome=", 0, (const char **)&gpgHomeDir },
++ { "cleartextkey=", 0, (const char **)&clearTextKeyFile },
+ { "itercountk=", 1, (const char **)&passIterThousands },
+ { "offset=", 0, (const char **)&loopOffsetBytes },
+ { "sizelimit=", 0, (const char **)&loopSizeBytes },
@@ -2902,7 +2946,7 @@
{ "speed=", 0, &opt_speed },
{ "comment=", 1, &opt_comment },
{ NULL, 0, NULL }
-@@ -580,9 +585,8 @@
+@@ -580,9 +586,8 @@
static int
loop_check(const char **spec, const char **type, int *flags,
@@ -2913,7 +2957,7 @@
/*
* In the case of a loop mount, either type is of the form lo@/dev/loop5
-@@ -607,7 +611,7 @@
+@@ -607,7 +612,7 @@
*type = opt_vfstype;
}
@@ -2922,7 +2966,7 @@
*loopfile = *spec;
if (*loop) {
-@@ -615,6 +619,10 @@
+@@ -615,6 +620,10 @@
if (fake) {
if (verbose)
printf(_("mount: skipping the setup of a loop device\n"));
@@ -2933,7 +2977,7 @@
} else {
int loopro = (*flags & MS_RDONLY);
-@@ -624,9 +632,7 @@
+@@ -624,9 +633,7 @@
return EX_SYSERR; /* no more loop devices */
if (verbose)
printf(_("mount: going to use the loop device %s\n"), *loopdev);
@@ -2944,7 +2988,7 @@
if (verbose)
printf(_("mount: failed setting up loop device\n"));
return EX_FAIL;
-@@ -687,14 +693,6 @@
+@@ -687,14 +694,6 @@
}
static void
@@ -2959,7 +3003,7 @@
cdrom_setspeed(const char *spec) {
#define CDROM_SELECT_SPEED 0x5322 /* Set the CD-ROM speed */
if (opt_speed) {
-@@ -788,6 +786,7 @@
+@@ -788,6 +787,7 @@
const char *opts, *spec, *node, *types;
char *user = 0;
int loop = 0;
@@ -2967,7 +3011,7 @@
const char *loopdev = 0, *loopfile = 0;
struct stat statbuf;
int nfs_mount_version = 0; /* any version */
-@@ -820,7 +819,7 @@
+@@ -820,7 +820,7 @@
* stale assignments of files to loop devices. Nasty when used for
* encryption.
*/
@@ -2976,7 +3020,7 @@
if (res)
goto out;
}
-@@ -855,9 +854,20 @@
+@@ -855,9 +855,20 @@
block_signals (SIG_BLOCK);
@@ -2998,7 +3042,7 @@
if (fake || mnt5_res == 0) {
/* Mount succeeded, report this (if verbose) and write mtab entry. */
-@@ -1530,8 +1540,8 @@
+@@ -1530,8 +1541,8 @@
else
test_opts = xstrdup(optarg);
break;
More information about the Pkg-loop-aes-commits
mailing list