diff options
| author | Narrat | 2020-06-12 17:47:21 +0200 |
|---|---|---|
| committer | Narrat | 2020-06-12 17:48:07 +0200 |
| commit | b2b1b30ee15f0d9e17a64eeb5d631eb02cb41842 (patch) | |
| tree | 744a42afbac980979877b678dcf103a259ec3e98 /util-linux-2.34.diff | |
| parent | 733b8a0b2bfbecc8a0a4997d4e5d5d45d75c074b (diff) | |
| download | aur-b2b1b30ee15f0d9e17a64eeb5d631eb02cb41842.tar.gz | |
util-linux-aes: update to 2.35.2 to follow 3.7q release
Diffstat (limited to 'util-linux-2.34.diff')
| -rw-r--r-- | util-linux-2.34.diff | 5787 |
1 files changed, 0 insertions, 5787 deletions
diff --git a/util-linux-2.34.diff b/util-linux-2.34.diff deleted file mode 100644 index cd12beca6bb6..000000000000 --- a/util-linux-2.34.diff +++ /dev/null @@ -1,5787 +0,0 @@ -If this patch does not apply cleanly to newer version of util-linux, try -replacing original sys-utils/losetup.8 with version from util-linux that the -patch is for. And then apply this patch. - -To compile this software, you need recent versions of autohell tools -(autopoint aclocal autoconf autoheader automake libtoolize). - -Loop device setup and tear down bits are in included libmount library. This -patch does not break libmount ABI or version numbering. This version of -libmount library can be installed as system library. mount, umount, swapon, -and swapoff programs require libmount library. losetup does not require -libmount library. If you are uncomfortable replacing system libraries (due -to library version dependency problems that it may cause), you can compile -and link supplied programs so that included libraries are statically linked -to programs, like this: - - ./autogen.sh - CFLAGS="-O2 -Wall" ./configure --disable-shared --enable-static --disable-pylibmount --enable-libmount-support-mtab - make - - -diff -urN util-linux-2.34/include/Makemodule.am util-linux-2.34-AES/include/Makemodule.am ---- util-linux-2.34/include/Makemodule.am 2018-06-04 10:57:02.790445905 +0300 -+++ util-linux-2.34-AES/include/Makemodule.am 2019-07-11 09:31:03.205081083 +0300 -@@ -43,6 +43,7 @@ - include/procutils.h \ - include/pt-bsd.h \ - include/pt-mbr.h \ -+ include/xgetpass.h \ - include/pt-mbr-partnames.h \ - include/pt-sgi.h \ - include/pt-sun.h \ -diff -urN util-linux-2.34/include/xgetpass.h util-linux-2.34-AES/include/xgetpass.h ---- util-linux-2.34/include/xgetpass.h 1970-01-01 02:00:00.000000000 +0200 -+++ util-linux-2.34-AES/include/xgetpass.h 2019-07-11 09:31:03.205081083 +0300 -@@ -0,0 +1,6 @@ -+#ifndef UTIL_LINUX_XGETPASS_H -+#define UTIL_LINUX_XGETPASS_H -+ -+extern char *xgetpass(int pfd, const char *prompt); -+ -+#endif /* UTIL_LINUX_XGETPASS_H */ -diff -urN util-linux-2.34/lib/Makemodule.am util-linux-2.34-AES/lib/Makemodule.am ---- util-linux-2.34/lib/Makemodule.am 2019-02-22 12:17:43.704854212 +0200 -+++ util-linux-2.34-AES/lib/Makemodule.am 2019-07-11 09:31:03.206081088 +0300 -@@ -24,6 +24,7 @@ - lib/strutils.c \ - lib/timeutils.c \ - lib/ttyutils.c \ -+ lib/xgetpass.c \ - lib/exec_shell.c \ - lib/strv.c \ - lib/sha1.c \ -diff -urN util-linux-2.34/lib/xgetpass.c util-linux-2.34-AES/lib/xgetpass.c ---- util-linux-2.34/lib/xgetpass.c 1970-01-01 02:00:00.000000000 +0200 -+++ util-linux-2.34-AES/lib/xgetpass.c 2019-07-11 09:31:03.206081088 +0300 -@@ -0,0 +1,64 @@ -+/* -+ * A function to read the passphrase either from the terminal or from -+ * an open file descriptor. -+ * -+ * Public domain. -+ */ -+ -+#include <stdio.h> -+#include <string.h> -+#include <stdlib.h> -+#include <unistd.h> -+#include <sys/ioctl.h> -+#include <sys/stat.h> -+ -+#include "c.h" -+#include "xgetpass.h" -+ -+char *xgetpass(int pfd, const char *prompt) -+{ -+ char *p = NULL, *n; -+ int x = 0, y = 0; -+ -+ if (pfd < 0) { -+ /* read from terminal */ -+ p = getpass(prompt); -+ if(!p) return NULL; -+ /* caller insists on free()ing this pointer, so make sure it is such */ -+ n = strdup(p); -+ y = strlen(p); -+ if(y) memset(p, 0, y); /* erase original */ -+ /* return a free()able copy, or 0 if strdup() failed */ -+ return n; -+ } -+ -+ do { -+ if(y >= (x - 1)) { -+ x += 128; -+ /* Must enforce some max limit here -- this code */ -+ /* runs as part of mount, and mount is setuid root */ -+ /* and has used mlockall(MCL_CURRENT | MCL_FUTURE) */ -+ if(x > (4*1024)) { -+ error_out: -+ if(p) { -+ memset(p, 0, y); -+ free(p); -+ } -+ return NULL; -+ } -+ n = malloc(x); -+ if(!n) goto error_out; -+ if(p) { -+ memcpy(n, p, y); -+ memset(p, 0, y); -+ free(p); -+ } -+ p = n; -+ } -+ if(read(pfd, p + y, 1) != 1) break; -+ if((p[y] == '\n') || !p[y]) break; -+ y++; -+ } while(1); -+ if(p) p[y] = 0; -+ return p; -+} -diff -urN util-linux-2.34/libmount/src/Makemodule.am util-linux-2.34-AES/libmount/src/Makemodule.am ---- util-linux-2.34/libmount/src/Makemodule.am 2018-06-04 10:57:02.802445812 +0300 -+++ util-linux-2.34-AES/libmount/src/Makemodule.am 2019-07-11 09:31:03.206081088 +0300 -@@ -27,7 +27,10 @@ - if LINUX - libmount_la_SOURCES += \ - libmount/src/context.c \ -- libmount/src/context_loopdev.c \ -+ libmount/src/context_loopdev1.c \ -+ libmount/src/sha512.c \ -+ libmount/src/rmd160.c \ -+ libmount/src/aes.c \ - libmount/src/context_mount.c \ - libmount/src/context_umount.c \ - libmount/src/monitor.c -diff -urN util-linux-2.34/libmount/src/aes.c util-linux-2.34-AES/libmount/src/aes.c ---- util-linux-2.34/libmount/src/aes.c 1970-01-01 02:00:00.000000000 +0200 -+++ util-linux-2.34-AES/libmount/src/aes.c 2019-07-11 09:31:03.207081094 +0300 -@@ -0,0 +1,299 @@ -+// I retain copyright in this code but I encourage its free use provided -+// that I don't carry any responsibility for the results. I am especially -+// happy to see it used in free and open source software. If you do use -+// it I would appreciate an acknowledgement of its origin in the code or -+// the product that results and I would also appreciate knowing a little -+// about the use to which it is being put. I am grateful to Frank Yellin -+// for some ideas that are used in this implementation. -+// -+// Dr B. R. Gladman <brg@gladman.uk.net> 6th April 2001. -+// -+// This is an implementation of the AES encryption algorithm (Rijndael) -+// designed by Joan Daemen and Vincent Rijmen. This version is designed -+// to provide both fixed and dynamic block and key lengths and can also -+// run with either big or little endian internal byte order (see aes.h). -+// It inputs block and key lengths in bytes with the legal values being -+// 16, 24 and 32. -+ -+/* -+ * Modified by Jari Ruusu, May 1 2001 -+ * - Fixed some compile warnings, code was ok but gcc warned anyway. -+ * - Changed basic types: byte -> unsigned char, word -> u_int32_t -+ * - Major name space cleanup: Names visible to outside now begin -+ * with "aes_" or "AES_". A lot of stuff moved from aes.h to aes.c -+ * - Removed C++ and DLL support as part of name space cleanup. -+ * - Eliminated unnecessary recomputation of tables. (actual bug fix) -+ * - Merged precomputed constant tables to aes.c file. -+ * - Removed data alignment restrictions for portability reasons. -+ * - Made block and key lengths accept bit count (128/192/256) -+ * as well byte count (16/24/32). -+ * - Removed all error checks. This change also eliminated the need -+ * to preinitialize the context struct to zero. -+ * - Removed some totally unused constants. -+ */ -+ -+/* -+ * Modified by Jari Ruusu, June 9 2003 -+ * - Removed all code not necessary for small size -+ * optimized encryption using 256 bit keys. -+ */ -+ -+#include "aes.h" -+ -+#if AES_BLOCK_SIZE != 16 -+#error an illegal block size has been specified -+#endif -+ -+// upr(x,n): rotates bytes within words by n positions, moving bytes -+// to higher index positions with wrap around into low positions -+// bval(x,n): extracts a byte from a word -+ -+#define upr(x,n) (((x) << 8 * (n)) | ((x) >> (32 - 8 * (n)))) -+#define bval(x,n) ((unsigned char)((x) >> 8 * (n))) -+#define bytes2word(b0, b1, b2, b3) \ -+ ((u_int32_t)(b3) << 24 | (u_int32_t)(b2) << 16 | (u_int32_t)(b1) << 8 | (b0)) -+ -+#if defined(i386) || defined(_I386) || defined(__i386__) || defined(__i386) -+/* little endian processor without data alignment restrictions */ -+#define word_in(x) *(u_int32_t*)(x) -+#define word_out(x,v) *(u_int32_t*)(x) = (v) -+#else -+/* slower but generic big endian or with data alignment restrictions */ -+#define word_in(x) ((u_int32_t)(((unsigned char *)(x))[0])|((u_int32_t)(((unsigned char *)(x))[1])<<8)|((u_int32_t)(((unsigned char *)(x))[2])<<16)|((u_int32_t)(((unsigned char *)(x))[3])<<24)) -+#define word_out(x,v) ((unsigned char *)(x))[0]=(v),((unsigned char *)(x))[1]=((v)>>8),((unsigned char *)(x))[2]=((v)>>16),((unsigned char *)(x))[3]=((v)>>24) -+#endif -+ -+// the finite field modular polynomial and elements -+ -+#define ff_poly 0x011b -+#define ff_hi 0x80 -+ -+static int tab_gen = 0; -+static unsigned char s_box[256]; // the S box -+static u_int32_t rcon_tab[AES_RC_LENGTH]; // table of round constants -+static u_int32_t ft_tab[4][256]; -+static u_int32_t fl_tab[4][256]; -+ -+// Generate the tables for the dynamic table option -+ -+// It will generally be sensible to use tables to compute finite -+// field multiplies and inverses but where memory is scarse this -+// code might sometimes be better. -+ -+// return 2 ^ (n - 1) where n is the bit number of the highest bit -+// set in x with x in the range 1 < x < 0x00000200. This form is -+// used so that locals within FFinv can be bytes rather than words -+ -+static unsigned char hibit(const u_int32_t x) -+{ unsigned char r = (unsigned char)((x >> 1) | (x >> 2)); -+ -+ r |= (r >> 2); -+ r |= (r >> 4); -+ return (r + 1) >> 1; -+} -+ -+// return the inverse of the finite field element x -+ -+static unsigned char FFinv(const unsigned char x) -+{ unsigned char p1 = x, p2 = 0x1b, n1 = hibit(x), n2 = 0x80, v1 = 1, v2 = 0; -+ -+ if(x < 2) return x; -+ -+ for(;;) -+ { -+ if(!n1) return v1; -+ -+ while(n2 >= n1) -+ { -+ n2 /= n1; p2 ^= p1 * n2; v2 ^= v1 * n2; n2 = hibit(p2); -+ } -+ -+ if(!n2) return v2; -+ -+ while(n1 >= n2) -+ { -+ n1 /= n2; p1 ^= p2 * n1; v1 ^= v2 * n1; n1 = hibit(p1); -+ } -+ } -+} -+ -+// define the finite field multiplies required for Rijndael -+ -+#define FFmul02(x) ((((x) & 0x7f) << 1) ^ ((x) & 0x80 ? 0x1b : 0)) -+#define FFmul03(x) ((x) ^ FFmul02(x)) -+ -+// The forward and inverse affine transformations used in the S-box -+ -+#define fwd_affine(x) \ -+ (w = (u_int32_t)x, w ^= (w<<1)^(w<<2)^(w<<3)^(w<<4), 0x63^(unsigned char)(w^(w>>8))) -+ -+static void gen_tabs(void) -+{ u_int32_t i, w; -+ -+ for(i = 0, w = 1; i < AES_RC_LENGTH; ++i) -+ { -+ rcon_tab[i] = bytes2word(w, 0, 0, 0); -+ w = (w << 1) ^ (w & ff_hi ? ff_poly : 0); -+ } -+ -+ for(i = 0; i < 256; ++i) -+ { unsigned char b; -+ -+ s_box[i] = b = fwd_affine(FFinv((unsigned char)i)); -+ -+ w = bytes2word(b, 0, 0, 0); -+ fl_tab[0][i] = w; -+ fl_tab[1][i] = upr(w,1); -+ fl_tab[2][i] = upr(w,2); -+ fl_tab[3][i] = upr(w,3); -+ w = bytes2word(FFmul02(b), b, b, FFmul03(b)); -+ ft_tab[0][i] = w; -+ ft_tab[1][i] = upr(w,1); -+ ft_tab[2][i] = upr(w,2); -+ ft_tab[3][i] = upr(w,3); -+ } -+} -+ -+#define four_tables(x,tab,vf,rf,c) \ -+ ( tab[0][bval(vf(x,0,c),rf(0,c))] \ -+ ^ tab[1][bval(vf(x,1,c),rf(1,c))] \ -+ ^ tab[2][bval(vf(x,2,c),rf(2,c))] \ -+ ^ tab[3][bval(vf(x,3,c),rf(3,c))]) -+ -+#define vf1(x,r,c) (x) -+#define rf1(r,c) (r) -+#define rf2(r,c) ((r-c)&3) -+ -+#define ls_box(x,c) four_tables(x,fl_tab,vf1,rf2,c) -+ -+#define nc (AES_BLOCK_SIZE / 4) -+ -+// Initialise the key schedule from the user supplied key. -+// The key length is now specified in bytes, 32. -+// This corresponds to bit length of 256 bits, and -+// to Nk value of 8 respectively. -+ -+void __loDev_aes_set_key(aes_context *cx, const unsigned char in_key[], int n_bytes, const int f) -+{ u_int32_t *kf, *kt, rci; -+ -+ if(!tab_gen) { gen_tabs(); tab_gen = 1; } -+ -+ cx->aes_Nkey = 8; -+ cx->aes_Nrnd = (cx->aes_Nkey > nc ? cx->aes_Nkey : nc) + 6; -+ -+ cx->aes_e_key[0] = word_in(in_key ); -+ cx->aes_e_key[1] = word_in(in_key + 4); -+ cx->aes_e_key[2] = word_in(in_key + 8); -+ cx->aes_e_key[3] = word_in(in_key + 12); -+ -+ kf = cx->aes_e_key; -+ kt = kf + nc * (cx->aes_Nrnd + 1) - cx->aes_Nkey; -+ rci = 0; -+ -+ switch(cx->aes_Nkey) -+ { -+ case 8: cx->aes_e_key[4] = word_in(in_key + 16); -+ cx->aes_e_key[5] = word_in(in_key + 20); -+ cx->aes_e_key[6] = word_in(in_key + 24); -+ cx->aes_e_key[7] = word_in(in_key + 28); -+ do -+ { kf[ 8] = kf[0] ^ ls_box(kf[7],3) ^ rcon_tab[rci++]; -+ kf[ 9] = kf[1] ^ kf[ 8]; -+ kf[10] = kf[2] ^ kf[ 9]; -+ kf[11] = kf[3] ^ kf[10]; -+ kf[12] = kf[4] ^ ls_box(kf[11],0); -+ kf[13] = kf[5] ^ kf[12]; -+ kf[14] = kf[6] ^ kf[13]; -+ kf[15] = kf[7] ^ kf[14]; -+ kf += 8; -+ } -+ while (kf < kt); -+ break; -+ } -+} -+ -+// y = output word, x = input word, r = row, c = column -+// for r = 0, 1, 2 and 3 = column accessed for row r -+ -+#define s(x,c) x[c] -+ -+// I am grateful to Frank Yellin for the following constructions -+// which, given the column (c) of the output state variable that -+// is being computed, return the input state variables which are -+// needed for each row (r) of the state -+ -+// For the fixed block size options, compilers reduce these two -+// expressions to fixed variable references. For variable block -+// size code conditional clauses will sometimes be returned -+ -+#define fwd_var(x,r,c) \ -+ ( r==0 ? \ -+ ( c==0 ? s(x,0) \ -+ : c==1 ? s(x,1) \ -+ : c==2 ? s(x,2) \ -+ : c==3 ? s(x,3) \ -+ : c==4 ? s(x,4) \ -+ : c==5 ? s(x,5) \ -+ : c==6 ? s(x,6) \ -+ : s(x,7)) \ -+ : r==1 ? \ -+ ( c==0 ? s(x,1) \ -+ : c==1 ? s(x,2) \ -+ : c==2 ? s(x,3) \ -+ : c==3 ? nc==4 ? s(x,0) : s(x,4) \ -+ : c==4 ? s(x,5) \ -+ : c==5 ? nc==8 ? s(x,6) : s(x,0) \ -+ : c==6 ? s(x,7) \ -+ : s(x,0)) \ -+ : r==2 ? \ -+ ( c==0 ? nc==8 ? s(x,3) : s(x,2) \ -+ : c==1 ? nc==8 ? s(x,4) : s(x,3) \ -+ : c==2 ? nc==4 ? s(x,0) : nc==8 ? s(x,5) : s(x,4) \ -+ : c==3 ? nc==4 ? s(x,1) : nc==8 ? s(x,6) : s(x,5) \ -+ : c==4 ? nc==8 ? s(x,7) : s(x,0) \ -+ : c==5 ? nc==8 ? s(x,0) : s(x,1) \ -+ : c==6 ? s(x,1) \ -+ : s(x,2)) \ -+ : \ -+ ( c==0 ? nc==8 ? s(x,4) : s(x,3) \ -+ : c==1 ? nc==4 ? s(x,0) : nc==8 ? s(x,5) : s(x,4) \ -+ : c==2 ? nc==4 ? s(x,1) : nc==8 ? s(x,6) : s(x,5) \ -+ : c==3 ? nc==4 ? s(x,2) : nc==8 ? s(x,7) : s(x,0) \ -+ : c==4 ? nc==8 ? s(x,0) : s(x,1) \ -+ : c==5 ? nc==8 ? s(x,1) : s(x,2) \ -+ : c==6 ? s(x,2) \ -+ : s(x,3))) -+ -+#define si(y,x,k,c) s(y,c) = word_in(x + 4 * c) ^ k[c] -+#define so(y,x,c) word_out(y + 4 * c, s(x,c)) -+ -+#define fwd_rnd(y,x,k,c) s(y,c)= (k)[c] ^ four_tables(x,ft_tab,fwd_var,rf1,c) -+#define fwd_lrnd(y,x,k,c) s(y,c)= (k)[c] ^ four_tables(x,fl_tab,fwd_var,rf1,c) -+ -+#define locals(y,x) x[4],y[4] -+ -+#define l_copy(y, x) s(y,0) = s(x,0); s(y,1) = s(x,1); \ -+ s(y,2) = s(x,2); s(y,3) = s(x,3); -+#define state_in(y,x,k) si(y,x,k,0); si(y,x,k,1); si(y,x,k,2); si(y,x,k,3) -+#define state_out(y,x) so(y,x,0); so(y,x,1); so(y,x,2); so(y,x,3) -+#define round(rm,y,x,k) rm(y,x,k,0); rm(y,x,k,1); rm(y,x,k,2); rm(y,x,k,3) -+ -+void __loDev_aes_encrypt(const aes_context *cx, const unsigned char in_blk[], unsigned char out_blk[]) -+{ u_int32_t locals(b0, b1); -+ const u_int32_t *kp = cx->aes_e_key; -+ -+ state_in(b0, in_blk, kp); kp += nc; -+ -+ { u_int32_t rnd; -+ -+ for(rnd = 0; rnd < cx->aes_Nrnd - 1; ++rnd) -+ { -+ round(fwd_rnd, b1, b0, kp); -+ l_copy(b0, b1); kp += nc; -+ } -+ -+ round(fwd_lrnd, b0, b1, kp); -+ } -+ -+ state_out(out_blk, b0); -+} -diff -urN util-linux-2.34/libmount/src/aes.h util-linux-2.34-AES/libmount/src/aes.h ---- util-linux-2.34/libmount/src/aes.h 1970-01-01 02:00:00.000000000 +0200 -+++ util-linux-2.34-AES/libmount/src/aes.h 2019-07-11 09:31:03.208081100 +0300 -@@ -0,0 +1,97 @@ -+// I retain copyright in this code but I encourage its free use provided -+// that I don't carry any responsibility for the results. I am especially -+// happy to see it used in free and open source software. If you do use -+// it I would appreciate an acknowledgement of its origin in the code or -+// the product that results and I would also appreciate knowing a little -+// about the use to which it is being put. I am grateful to Frank Yellin -+// for some ideas that are used in this implementation. -+// -+// Dr B. R. Gladman <brg@gladman.uk.net> 6th April 2001. -+// -+// This is an implementation of the AES encryption algorithm (Rijndael) -+// designed by Joan Daemen and Vincent Rijmen. This version is designed -+// to provide both fixed and dynamic block and key lengths and can also -+// run with either big or little endian internal byte order (see aes.h). -+// It inputs block and key lengths in bytes with the legal values being -+// 16, 24 and 32. -+ -+/* -+ * Modified by Jari Ruusu, May 1 2001 -+ * - Fixed some compile warnings, code was ok but gcc warned anyway. -+ * - Changed basic types: byte -> unsigned char, word -> u_int32_t -+ * - Major name space cleanup: Names visible to outside now begin -+ * with "aes_" or "AES_". A lot of stuff moved from aes.h to aes.c -+ * - Removed C++ and DLL support as part of name space cleanup. -+ * - Eliminated unnecessary recomputation of tables. (actual bug fix) -+ * - Merged precomputed constant tables to aes.c file. -+ * - Removed data alignment restrictions for portability reasons. -+ * - Made block and key lengths accept bit count (128/192/256) -+ * as well byte count (16/24/32). -+ * - Removed all error checks. This change also eliminated the need -+ * to preinitialize the context struct to zero. -+ * - Removed some totally unused constants. -+ */ -+ -+#ifndef _AES_H -+#define _AES_H -+ -+#if defined(__linux__) && defined(__KERNEL__) -+# include <linux/types.h> -+#else -+# include <sys/types.h> -+#endif -+ -+// CONFIGURATION OPTIONS (see also aes.c) -+// -+// Define AES_BLOCK_SIZE to set the cipher block size (16, 24 or 32) or -+// leave this undefined for dynamically variable block size (this will -+// result in much slower code). -+// IMPORTANT NOTE: AES_BLOCK_SIZE is in BYTES (16, 24, 32 or undefined). If -+// left undefined a slower version providing variable block length is compiled -+ -+#define AES_BLOCK_SIZE 16 -+ -+// The number of key schedule words for different block and key lengths -+// allowing for method of computation which requires the length to be a -+// multiple of the key length -+// -+// Nk = 4 6 8 -+// ------------- -+// Nb = 4 | 60 60 64 -+// 6 | 96 90 96 -+// 8 | 120 120 120 -+ -+#if !defined(AES_BLOCK_SIZE) || (AES_BLOCK_SIZE == 32) -+#define AES_KS_LENGTH 120 -+#define AES_RC_LENGTH 29 -+#else -+#define AES_KS_LENGTH 4 * AES_BLOCK_SIZE -+#define AES_RC_LENGTH (9 * AES_BLOCK_SIZE) / 8 - 8 -+#endif -+ -+typedef struct -+{ -+ u_int32_t aes_Nkey; // the number of words in the key input block -+ u_int32_t aes_Nrnd; // the number of cipher rounds -+ u_int32_t aes_e_key[AES_KS_LENGTH]; // the encryption key schedule -+ u_int32_t aes_d_key[AES_KS_LENGTH]; // the decryption key schedule -+#if !defined(AES_BLOCK_SIZE) -+ u_int32_t aes_Ncol; // the number of columns in the cipher state -+#endif -+} aes_context; -+ -+// THE CIPHER INTERFACE -+ -+#if !defined(AES_BLOCK_SIZE) -+extern void aes_set_blk(aes_context *, const int); -+#endif -+extern void __loDev_aes_set_key(aes_context *, const unsigned char [], const int, const int); -+extern void __loDev_aes_encrypt(const aes_context *, const unsigned char [], unsigned char []); -+extern void __loDev_aes_decrypt(const aes_context *, const unsigned char [], unsigned char []); -+ -+// The block length inputs to aes_set_block and aes_set_key are in numbers -+// of bytes or bits. The calls to subroutines must be made in the above -+// order but multiple calls can be made without repeating earlier calls -+// if their parameters have not changed. -+ -+#endif // _AES_H -diff -urN util-linux-2.34/libmount/src/context.c util-linux-2.34-AES/libmount/src/context.c ---- util-linux-2.34/libmount/src/context.c 2019-04-10 14:28:20.591837314 +0300 -+++ util-linux-2.34-AES/libmount/src/context.c 2019-07-11 09:31:03.209081105 +0300 -@@ -99,7 +99,6 @@ - mnt_unref_table(cxt->fstab); - mnt_unref_cache(cxt->cache); - -- mnt_context_clear_loopdev(cxt); - mnt_free_lock(cxt->lock); - mnt_free_update(cxt->update); - -@@ -142,6 +141,8 @@ - DBG(CXT, ul_debugobj(cxt, "<---- reset [status=%d] ---->", - mnt_context_get_status(cxt))); - -+ mnt_context_clear_loopdev(cxt); /* this _has_ to be called before cxt->fs gets freed */ -+ - fl = cxt->flags; - - mnt_unref_fs(cxt->fs); -diff -urN util-linux-2.34/libmount/src/context_loopdev1.c util-linux-2.34-AES/libmount/src/context_loopdev1.c ---- util-linux-2.34/libmount/src/context_loopdev1.c 1970-01-01 02:00:00.000000000 +0200 -+++ util-linux-2.34-AES/libmount/src/context_loopdev1.c 2019-07-11 09:31:03.211081117 +0300 -@@ -0,0 +1,1525 @@ -+/* -+ * Copyright (C) 2011 Karel Zak <kzak@redhat.com> -+ * -+ * This file may be redistributed under the terms of the -+ * GNU Lesser General Public License. -+ */ -+ -+/* (c) 2001-2012 Jari Ruusu */ -+ -+#include <blkid.h> -+#include <sys/ioctl.h> -+#include <errno.h> -+#include <string.h> -+#include <strings.h> -+#include <stdlib.h> -+#include <stdio.h> -+#include <sys/types.h> -+#include <sys/stat.h> -+#include <unistd.h> -+#include <pwd.h> -+#include <fcntl.h> -+#include <signal.h> -+#include <sys/wait.h> -+#include <sys/time.h> -+#include <ctype.h> -+ -+#include "mountP.h" -+#include "linux_version.h" -+ -+#include <linux/version.h> -+#include <linux/posix_types.h> -+ -+#include "sha512.h" -+#include "rmd160.h" -+#include "aes.h" -+ -+ -+#define LO_CRYPT_NONE 0 -+#define LO_CRYPT_XOR 1 -+#define LO_CRYPT_DES 2 -+#define LO_CRYPT_CRYPTOAPI 18 -+ -+#define LOOP_SET_FD 0x4C00 -+#define LOOP_CLR_FD 0x4C01 -+#define LOOP_SET_STATUS 0x4C02 -+#define LOOP_GET_STATUS 0x4C03 -+#define LOOP_SET_STATUS64 0x4C04 -+#define LOOP_GET_STATUS64 0x4C05 -+#define LOOP_MULTI_KEY_SETUP 0x4C4D -+#define LOOP_MULTI_KEY_SETUP_V3 0x4C4E -+#define LOOP_RECOMPUTE_DEV_SIZE 0x4C52 -+ -+#define LO_NAME_SIZE 64 -+#define LO_KEY_SIZE 32 -+ -+struct loop_info { -+ int lo_number; -+#if LINUX_VERSION_CODE >= 0x20600 -+ __kernel_old_dev_t lo_device; -+#else -+ __kernel_dev_t lo_device; -+#endif -+ unsigned long lo_inode; -+#if LINUX_VERSION_CODE >= 0x20600 -+ __kernel_old_dev_t lo_rdevice; -+#else -+ __kernel_dev_t lo_rdevice; -+#endif -+ int lo_offset; -+ int lo_encrypt_type; -+ int lo_encrypt_key_size; -+ int lo_flags; -+ char lo_name[LO_NAME_SIZE]; -+ unsigned char lo_encrypt_key[LO_KEY_SIZE]; -+ unsigned long lo_init[2]; -+ char reserved[4]; -+}; -+ -+struct loop_info64 { -+ u_int64_t lo_device; /* ioctl r/o */ -+ u_int64_t lo_inode; /* ioctl r/o */ -+ u_int64_t lo_rdevice; /* ioctl r/o */ -+ u_int64_t lo_offset; /* bytes */ -+ u_int64_t lo_sizelimit; /* bytes, 0 == max available */ -+ u_int32_t lo_number; /* ioctl r/o */ -+ u_int32_t lo_encrypt_type; -+ u_int32_t lo_encrypt_key_size; /* ioctl w/o */ -+ u_int32_t lo_flags; /* ioctl r/o */ -+ unsigned char lo_file_name[LO_NAME_SIZE]; -+ unsigned char lo_crypt_name[LO_NAME_SIZE]; -+ unsigned char lo_encrypt_key[LO_KEY_SIZE]; /* ioctl w/o */ -+ u_int64_t lo_init[2]; -+}; -+ -+#if !defined(LOOP_PASSWORD_MIN_LENGTH) -+# define LOOP_PASSWORD_MIN_LENGTH 20 -+#endif -+ -+typedef struct { -+ char *multiKeyPass[66]; -+ int multiKeyMode; -+ char *loopFileName; -+ char *pass_cb_string; -+ char *extraPtrToFree; -+ -+ char *loopDevName; -+ char *loopOffsetBytes; -+ char *loopSizeBytes; -+ char *loopEncryptionType; -+ char *passSeedString; -+ char *passHashFuncName; -+ char *passIterThousands; -+ char *loInitValue; -+ char *gpgKeyFile; -+ char *gpgHomeDir; -+ char *clearTextKeyFile; -+} loDev_passInfo; -+ -+ -+ -+static int loDev_rd_wr_retry(int fd, char *buf, int cnt, int w) -+{ -+ int x, y, z; -+ -+ x = 0; -+ while(x < cnt) { -+ y = cnt - x; -+ if(w) { -+ z = write(fd, buf + x, y); -+ } else { -+ z = read(fd, buf + x, y); -+ if (!z) return x; -+ } -+ if(z < 0) { -+ if ((errno == EAGAIN) || (errno == ENOMEM) || (errno == ERESTART) || (errno == EINTR)) { -+ continue; -+ } -+ return x; -+ } -+ x += z; -+ } -+ return x; -+} -+ -+static char *loDev_get_FD_pass(int fd) -+{ -+ char *p = NULL, *n; -+ int x = 0, y = 0; -+ -+ do { -+ if(y >= (x - 1)) { -+ x += 128; -+ /* Must enforce some max limit here -- this code */ -+ /* runs as part of mount, and mount is setuid root */ -+ /* and has used mlockall(MCL_CURRENT | MCL_FUTURE) */ -+ if(x > (4*1024)) { -+ error_out: -+ if(p) { -+ memset(p, 0, y); -+ free(p); -+ } -+ return NULL; -+ } -+ n = malloc(x); -+ if(!n) goto error_out; -+ if(p) { -+ memcpy(n, p, y); -+ memset(p, 0, y); -+ free(p); -+ } -+ p = n; -+ } -+ if(loDev_rd_wr_retry(fd, p + y, 1, 0) != 1) break; -+ if((p[y] == '\n') || !p[y]) break; -+ y++; -+ } while(1); -+ if(p) p[y] = 0; -+ return p; -+} -+ -+static unsigned long long loDev_mystrtoull(char *s, int acceptAT) -+{ -+ unsigned long long v = 0; -+ int negative = 0; -+ -+ while ((*s == ' ') || (*s == '\t')) -+ s++; -+ if (acceptAT && (*s == '@')) { -+ s++; -+ negative = 1; -+ } -+ if (*s == '0') { -+ s++; -+ if ((*s == 'x') || (*s == 'X')) { -+ s++; -+ sscanf(s, "%llx", &v); -+ } else { -+ sscanf(s, "%llo", &v); -+ } -+ } else { -+ sscanf(s, "%llu", &v); -+ } -+ return negative ? -v : v; -+} -+ -+static void loDev_warnAboutBadKeyData(struct libmnt_context *cxt, int x) -+{ -+ if((x > 1) && (x != 64) && (x != 65)) { -+ DBG(CXT, ul_debugobj(cxt, "Warning: Unknown key data format - using it anyway")); -+ } -+} -+ -+ -+static int loDev_are_these_files_same(const char *name1, const char *name2) -+{ -+ struct stat statbuf1; -+ struct stat statbuf2; -+ -+ if(!name1 || !*name1 || !name2 || !*name2) return 0; -+ if(stat(name1, &statbuf1)) return 0; -+ if(stat(name2, &statbuf2)) return 0; -+ if(statbuf1.st_dev != statbuf2.st_dev) return 0; -+ if(statbuf1.st_ino != statbuf2.st_ino) return 0; -+ return 1; /* are same */ -+} -+ -+static char *loDev_do_GPG_pipe(struct libmnt_context *cxt, loDev_passInfo *pi, char *pass) -+{ -+ int x, pfdi[2], pfdo[2], failed = 0; -+ char str[10], *a[16], *e[2], *h; -+ pid_t gpid; -+ struct passwd *p; -+ void *oldSigPipeHandler; -+ -+ if((getuid() == 0) && pi->gpgHomeDir && pi->gpgHomeDir[0]) { -+ h = pi->gpgHomeDir; -+ } else { -+ if(!(p = getpwuid(getuid()))) { -+ DBG(CXT, ul_debugobj(cxt, "Error: Unable to detect home directory")); -+ return NULL; -+ } -+ h = p->pw_dir; -+ } -+ if(!(e[0] = malloc(strlen(h) + 6))) { -+ nomem1: -+ DBG(CXT, ul_debugobj(cxt, "Error: Unable to allocate memory")); -+ return NULL; -+ } -+ sprintf(e[0], "HOME=%s", h); -+ e[1] = 0; -+ -+ if(pipe(&pfdi[0])) { -+ nomem2: -+ free(e[0]); -+ goto nomem1; -+ } -+ if(pipe(&pfdo[0])) { -+ close(pfdi[0]); -+ close(pfdi[1]); -+ goto nomem2; -+ } -+ -+ /* -+ * When this code is run as part of mount, only root can set -+ * 'gpgKeyFile' and as such, only root can decide what file is opened -+ * below. However, since mount is usually setuid-root all non-root -+ * users can also open() the file too, but that file's contents are -+ * only piped to gpg. This readable-for-all is intended behaviour, -+ * and is very useful in situations where non-root users mount loop -+ * devices with their own gpg private key, and yet don't have access -+ * to the actual key used to encrypt loop device. -+ */ -+ if((x = open(pi->gpgKeyFile, O_RDONLY)) == -1) { -+ DBG(CXT, ul_debugobj(cxt, "Error: unable to open gpg key file for reading")); -+ nomem3: -+ free(e[0]); -+ close(pfdo[0]); -+ close(pfdo[1]); -+ close(pfdi[0]); -+ close(pfdi[1]); -+ return NULL; -+ } -+ -+ /* -+ * If someone puts a gpg key file at beginning of device and -+ * puts the real file system at some offset into the device, -+ * this code extracts that gpg key file into a temp file so gpg -+ * won't end up reading whole device when decrypting the key file. -+ * -+ * Example of encrypted cdrom mount with 8192 bytes reserved for gpg key file: -+ * mount -t iso9660 /dev/cdrom /cdrom -o loop=/dev/loop0,encryption=AES128,gpgkey=/dev/cdrom,offset=8192 -+ * ^^^^^^^^^^ ^^^^^^^^^^ ^^^^ -+ */ -+ if(pi->loopOffsetBytes && loDev_are_these_files_same(pi->loopFileName, pi->gpgKeyFile)) { -+ FILE *f; -+ char b[1024]; -+ long long cnt; -+ int cnt2, cnt3; -+ -+ cnt = loDev_mystrtoull(pi->loopOffsetBytes, 1); -+ if(cnt < 0) cnt = -cnt; -+ if(cnt > (1024 * 1024)) cnt = 1024 * 1024; /* sanity check */ -+ f = tmpfile(); -+ if(!f) { -+ DBG(CXT, ul_debugobj(cxt, "Error: unable to create temp file")); -+ close(x); -+ goto nomem3; -+ } -+ while(cnt > 0) { -+ cnt2 = sizeof(b); -+ if(cnt < cnt2) cnt2 = cnt; -+ cnt3 = loDev_rd_wr_retry(x, b, cnt2, 0); -+ if(cnt3 && (fwrite(b, cnt3, 1, f) != 1)) { -+ tmpWrErr: -+ DBG(CXT, ul_debugobj(cxt, "Error: unable to write to temp file")); -+ fclose(f); -+ close(x); -+ goto nomem3; -+ } -+ if(cnt2 != cnt3) break; -+ cnt -= cnt3; -+ } -+ if(fflush(f)) goto tmpWrErr; -+ close(x); -+ x = dup(fileno(f)); -+ fclose(f); -+ lseek(x, 0L, SEEK_SET); -+ } -+ -+ sprintf(str, "%d", pfdi[0]); -+ if(!(gpid = fork())) { -+ dup2(x, 0); -+ dup2(pfdo[1], 1); -+ close(x); -+ close(pfdi[1]); -+ close(pfdo[0]); -+ close(pfdo[1]); -+ if((x = open("/dev/null", O_WRONLY)) >= 0) { -+ dup2(x, 2); -+ close(x); -+ } -+ x = 0; -+ a[x++] = "gpg"; -+ if(pi->gpgHomeDir && pi->gpgHomeDir[0]) { -+ a[x++] = "--homedir"; -+ a[x++] = pi->gpgHomeDir; -+ } -+ a[x++] = "--no-options"; -+ a[x++] = "--quiet"; -+ a[x++] = "--batch"; -+ a[x++] = "--no-tty"; -+ a[x++] = "--passphrase-fd"; -+ a[x++] = str; -+ a[x++] = "--decrypt"; -+ a[x] = 0; -+ if(setgid(getgid())) exit(1); -+ if(setuid(getuid())) exit(1); -+ for(x = 3; x < 1024; x++) { -+ if(x == pfdi[0]) continue; -+ close(x); -+ } -+ execve("/bin/gpg", &a[0], &e[0]); -+ execve("/usr/bin/gpg", &a[0], &e[0]); -+ execve("/usr/local/bin/gpg", &a[0], &e[0]); -+ exit(1); -+ } -+ free(e[0]); -+ close(x); -+ close(pfdi[0]); -+ close(pfdo[1]); -+ if(gpid == -1) { -+ close(pfdi[1]); -+ close(pfdo[0]); -+ goto nomem1; -+ } -+ -+ x = strlen(pass); -+ -+ /* ignore possible SIGPIPE signal while writing to gpg */ -+ oldSigPipeHandler = signal(SIGPIPE, SIG_IGN); -+ loDev_rd_wr_retry(pfdi[1], pass, x, 1); -+ loDev_rd_wr_retry(pfdi[1], "\n", 1, 1); -+ if(oldSigPipeHandler != SIG_ERR) signal(SIGPIPE, oldSigPipeHandler); -+ -+ close(pfdi[1]); -+ memset(pass, 0, x); -+ x = 0; -+ while(x < 66) { -+ if(pi->multiKeyPass[x]) { -+ free(pi->multiKeyPass[x]); -+ pi->multiKeyPass[x] = NULL; -+ } -+ x++; -+ } -+ x = 0; -+ while(x < 66) { -+ pi->multiKeyPass[x] = loDev_get_FD_pass(pfdo[0]); -+ if(!pi->multiKeyPass[x]) { -+ /* mem alloc failed - abort */ -+ failed = 1; -+ break; -+ } -+ if(strlen(pi->multiKeyPass[x]) < LOOP_PASSWORD_MIN_LENGTH) break; -+ x++; -+ } -+ loDev_warnAboutBadKeyData(cxt, x); -+ if(x >= 65) -+ pi->multiKeyMode = 65; -+ if(x == 64) -+ pi->multiKeyMode = 64; -+ close(pfdo[0]); -+ waitpid(gpid, &x, 0); -+ if(failed || !pi->multiKeyPass[0]) goto nomem1; -+ return pi->multiKeyPass[0]; -+} -+ -+/* password returned by this function must not be free()ed directly, because it -+ came from either cxt->pwd_get_cb() or is a duplicate of pi->multiKeyPass[0]. -+ cxt->pwd_release_cb() free()s the one that came from cxt->pwd_get_cb() and -+ pi->multiKeyPass[0] gets free()d with rest of pi->multiKeyPass[] pointers. -+ If this function actually malloc()s a pointer, a copy is at pi->extraPtrToFree */ -+static char *loDev_sGetPass(struct libmnt_context *cxt, loDev_passInfo *pi, int minLen, int warnLen) -+{ -+ char *p, *s, *seed; -+ int i, x; -+ -+ if(pi->clearTextKeyFile) { -+ if((i = open(pi->clearTextKeyFile, O_RDONLY)) == -1) { -+ DBG(CXT, ul_debugobj(cxt, "Error: unable to open cleartext key file for reading")); -+ return NULL; -+ } -+ x = 0; -+ while(x < 66) { -+ pi->multiKeyPass[x] = loDev_get_FD_pass(i); -+ if(!pi->multiKeyPass[x]) { -+ close(i); -+ goto nomem; -+ } -+ if(strlen(pi->multiKeyPass[x]) < LOOP_PASSWORD_MIN_LENGTH) break; -+ x++; -+ } -+ close(i); -+ loDev_warnAboutBadKeyData(cxt, x); -+ if(x >= 65) { -+ pi->multiKeyMode = 65; -+ return pi->multiKeyPass[0]; -+ } -+ if(x == 64) { -+ pi->multiKeyMode = 64; -+ return pi->multiKeyPass[0]; -+ } -+ p = pi->multiKeyPass[0]; -+ } else { -+ if(!cxt->pwd_get_cb) -+ return NULL; -+ DBG(CXT, ul_debugobj(cxt, "asking for pass")); -+ p = pi->pass_cb_string = cxt->pwd_get_cb(cxt); -+ } -+ -+ if(!p) goto nomem; -+ if(pi->gpgKeyFile && pi->gpgKeyFile[0]) { -+ p = loDev_do_GPG_pipe(cxt, pi, p); -+ if(!p) return NULL; -+ if(!p[0]) { -+ DBG(CXT, ul_debugobj(cxt, "Error: gpg key file decryption failed")); -+ return NULL; -+ } -+ if(pi->multiKeyMode) return p; -+ } -+ i = strlen(p); -+ if(i < minLen) { -+ DBG(CXT, ul_debugobj(cxt, "Error: Password is too short")); -+ return NULL; -+ } -+ seed = pi->passSeedString; -+ if(!seed) seed = ""; -+ s = pi->extraPtrToFree = malloc(i + strlen(seed) + 1); -+ if(!s) { -+ memset(p, 0, i); -+ nomem: -+ DBG(CXT, ul_debugobj(cxt, "Error: Unable to allocate memory")); -+ return NULL; -+ } -+ strcpy(s, p); -+ memset(p, 0, i); -+ if(i < warnLen) { -+ DBG(CXT, ul_debugobj(cxt, "WARNING - Please use longer password")); -+ } -+ strcat(s, seed); -+ return(s); -+} -+ -+/* this is for compatibility with historic loop-AES version */ -+static void loDev_unhashed1_key_setup(unsigned char *keyStr, int ile, unsigned char *keyBuf, int bufSize) -+{ -+ register int x, y, z, cnt = ile; -+ unsigned char *kp; -+ -+ memset(keyBuf, 0, bufSize); -+ kp = keyStr; -+ for(x = 0; x < (bufSize * 8); x += 6) { -+ y = *kp++; -+ if(--cnt <= 0) { -+ kp = keyStr; -+ cnt = ile; -+ } -+ if((y >= '0') && (y <= '9')) y -= '0'; -+ else if((y >= 'A') && (y <= 'Z')) y -= ('A' - 10); -+ else if((y >= 'a') && (y <= 'z')) y -= ('a' - 36); -+ else if((y == '.') || (y == '/')) y += (62 - '.'); -+ else y &= 63; -+ z = x >> 3; -+ if(z < bufSize) { -+ keyBuf[z] |= y << (x & 7); -+ } -+ z++; -+ if(z < bufSize) { -+ keyBuf[z] |= y >> (8 - (x & 7)); -+ } -+ } -+} -+ -+/* this is for compatibility with mainline mount */ -+static void loDev_unhashed2_key_setup(unsigned char *keyStr, int ile, unsigned char *keyBuf, int bufSize) -+{ -+ memset(keyBuf, 0, bufSize); -+ strncpy((char *)keyBuf, (char *)keyStr, bufSize - 1); -+ keyBuf[bufSize - 1] = 0; -+} -+ -+static void loDev_rmd160HashTwiceWithA(unsigned char *ib, int ile, unsigned char *ob, int ole) -+{ -+ char tmpBuf[20 + 20]; -+ char pwdCopy[130]; -+ -+ if(ole < 1) return; -+ memset(ob, 0, ole); -+ if(ole > 40) ole = 40; -+ __loDev_rmd160_hash_buffer(&tmpBuf[0], (char *)ib, ile); -+ pwdCopy[0] = 'A'; -+ if(ile > sizeof(pwdCopy) - 1) ile = sizeof(pwdCopy) - 1; -+ memcpy(pwdCopy + 1, ib, ile); -+ __loDev_rmd160_hash_buffer(&tmpBuf[20], pwdCopy, ile + 1); -+ memcpy(ob, tmpBuf, ole); -+ memset(tmpBuf, 0, sizeof(tmpBuf)); -+ memset(pwdCopy, 0, sizeof(pwdCopy)); -+} -+ -+extern long long llseek(int, long long, int); -+ -+static long long loDev_xx_lseek(int fd, long long offset, int whence) -+{ -+ if(sizeof(off_t) >= 8) { -+ return lseek(fd, offset, whence); -+ } else { -+ return llseek(fd, offset, whence); -+ } -+} -+ -+static int loDev_create_random_keys(struct libmnt_context *cxt, char *partition, long long offset, long long sizelimit, int loopro, unsigned char *k) -+{ -+ int x, y, fd; -+ sha512_context s; -+ unsigned char b[4096]; -+ -+ if(loopro) { -+ DBG(CXT, ul_debugobj(cxt, "Error: read-only device")); -+ return 1; -+ } -+ -+ /* -+ * Compute SHA-512 over first 40 KB of old fs data. SHA-512 hash -+ * output is then used as entropy for new fs encryption key. -+ */ -+ if((fd = open(partition, O_RDWR)) == -1) { -+ seekFailed: -+ DBG(CXT, ul_debugobj(cxt, "Error: unable to open/seek device")); -+ return 1; -+ } -+ if(offset < 0) offset = -offset; -+ if(loDev_xx_lseek(fd, offset, SEEK_SET) == -1) { -+ close(fd); -+ goto seekFailed; -+ } -+ __loDev_sha512_init(&s); -+ for(x = 1; x <= 10; x++) { -+ if((sizelimit > 0) && ((sizeof(b) * x) > sizelimit)) break; -+ if(loDev_rd_wr_retry(fd, (char *) &b[0], sizeof(b), 0) != sizeof(b)) break; -+ __loDev_sha512_write(&s, &b[0], sizeof(b)); -+ } -+ __loDev_sha512_final(&s); -+ -+ /* -+ * Overwrite 40 KB of old fs data 20 times so that recovering -+ * SHA-512 output beyond this point is difficult and expensive. -+ */ -+ for(y = 0; y < 20; y++) { -+ int z; -+ struct { -+ struct timeval tv; -+ unsigned char h[64]; -+ int x,y,z; -+ } j; -+ if(loDev_xx_lseek(fd, offset, SEEK_SET) == -1) break; -+ memcpy(&j.h[0], &s.sha_out[0], 64); -+ gettimeofday(&j.tv, NULL); -+ j.y = y; -+ for(x = 1; x <= 10; x++) { -+ j.x = x; -+ for(z = 0; z < sizeof(b); z += 64) { -+ j.z = z; -+ __loDev_sha512_hash_buffer((unsigned char *)&j, sizeof(j), &b[z], 64); -+ } -+ if((sizelimit > 0) && ((sizeof(b) * x) > sizelimit)) break; -+ if(loDev_rd_wr_retry(fd, (char *) &b[0], sizeof(b), 1) != sizeof(b)) break; -+ } -+ memset(&j, 0, sizeof(j)); -+ if(fsync(fd)) break; -+ } -+ close(fd); -+ -+ /* -+ * Use all 512 bits of hash output -+ */ -+ memcpy(&b[0], &s.sha_out[0], 64); -+ memset(&s, 0, sizeof(s)); -+ -+ /* -+ * Read 32 bytes of random entropy from kernel's random -+ * number generator. This code may be executed early on startup -+ * scripts and amount of random entropy may be non-existent. -+ * SHA-512 of old fs data is used as workaround for missing -+ * entropy in kernel's random number generator. -+ */ -+ if((fd = open("/dev/urandom", O_RDONLY)) == -1) { -+ DBG(CXT, ul_debugobj(cxt, "Error: unable to open /dev/urandom")); -+ return 1; -+ } -+ loDev_rd_wr_retry(fd, (char *) &b[64], 32, 0); -+ -+ /* generate multi-key hashes */ -+ x = 0; -+ while(x < 65) { -+ loDev_rd_wr_retry(fd, (char *) &b[64+32], 16, 0); -+ __loDev_sha512_hash_buffer(&b[0], 64+32+16, k, 32); -+ k += 32; -+ x++; -+ } -+ -+ close(fd); -+ memset(&b[0], 0, sizeof(b)); -+ return 0; -+} -+ -+static int loDev_fork_mkfs_command(struct libmnt_context *cxt, char *device, char *fstype) -+{ -+ int x, y = 0; -+ char *a[10], *e[2]; -+ -+ sync(); -+ if(!(x = fork())) { -+ if((x = open("/dev/null", O_WRONLY)) >= 0) { -+ dup2(x, 0); -+ dup2(x, 1); -+ dup2(x, 2); -+ close(x); -+ } -+ x = 0; -+ a[x++] = "mkfs"; -+ a[x++] = "-t"; -+ a[x++] = fstype; -+ /* mkfs.reiserfs and mkfs.xfs need -f option */ -+ if(!strcmp(fstype, "reiserfs") || !strcmp(fstype, "xfs")) { -+ a[x++] = "-f"; -+ } -+ a[x++] = device; -+ a[x] = 0; -+ e[0] = "PATH=/sbin:/usr/sbin"; -+ e[1] = 0; -+ if(setgid(getgid())) exit(1); -+ if(setuid(getuid())) exit(1); -+ for(x = 3; x < 1024; x++) { -+ close(x); -+ } -+ execve("/sbin/mkfs", &a[0], &e[0]); -+ exit(1); -+ } -+ if(x == -1) { -+ DBG(CXT, ul_debugobj(cxt, "Error: fork failed")); -+ return 1; -+ } -+ waitpid(x, &y, 0); -+ sync(); -+ if(!WIFEXITED(y) || (WEXITSTATUS(y) != 0)) { -+ DBG(CXT, ul_debugobj(cxt, "Error: encrypted file system mkfs failed")); -+ return 1; -+ } -+ return 0; -+} -+ -+static void loDev_convert_info_to_info64(struct loop_info *info, struct loop_info64 *info64) -+{ -+ memset(info64, 0, sizeof(*info64)); -+ info64->lo_number = info->lo_number; -+ info64->lo_device = info->lo_device; -+ info64->lo_inode = info->lo_inode; -+ info64->lo_rdevice = info->lo_rdevice; -+ info64->lo_offset = info->lo_offset; -+ info64->lo_encrypt_type = info->lo_encrypt_type; -+ info64->lo_encrypt_key_size = info->lo_encrypt_key_size; -+ info64->lo_flags = info->lo_flags; -+ info64->lo_init[0] = info->lo_init[0]; -+ info64->lo_init[1] = info->lo_init[1]; -+ info64->lo_sizelimit = 0; -+ if (info->lo_encrypt_type == 18) /* LO_CRYPT_CRYPTOAPI */ -+ memcpy(info64->lo_crypt_name, info->lo_name, sizeof(info64->lo_crypt_name)); -+ else -+ memcpy(info64->lo_file_name, info->lo_name, sizeof(info64->lo_file_name)); -+ memcpy(info64->lo_encrypt_key, info->lo_encrypt_key, sizeof(info64->lo_encrypt_key)); -+} -+ -+static int loDev_convert_info64_to_info(struct loop_info64 *info64, struct loop_info *info) -+{ -+ memset(info, 0, sizeof(*info)); -+ info->lo_number = info64->lo_number; -+ info->lo_device = info64->lo_device; -+ info->lo_inode = info64->lo_inode; -+ info->lo_rdevice = info64->lo_rdevice; -+ info->lo_offset = info64->lo_offset; -+ info->lo_encrypt_type = info64->lo_encrypt_type; -+ info->lo_encrypt_key_size = info64->lo_encrypt_key_size; -+ info->lo_flags = info64->lo_flags; -+ info->lo_init[0] = info64->lo_init[0]; -+ info->lo_init[1] = info64->lo_init[1]; -+ if (info->lo_encrypt_type == 18) /* LO_CRYPT_CRYPTOAPI */ -+ memcpy(info->lo_name, info64->lo_crypt_name, sizeof(info->lo_name)); -+ else -+ memcpy(info->lo_name, info64->lo_file_name, sizeof(info->lo_name)); -+ memcpy(info->lo_encrypt_key, info64->lo_encrypt_key, sizeof(info->lo_encrypt_key)); -+ -+ /* error in case values were truncated */ -+ if (info->lo_device != info64->lo_device || -+ info->lo_rdevice != info64->lo_rdevice || -+ info->lo_inode != info64->lo_inode || -+ info->lo_offset != info64->lo_offset || -+ info64->lo_sizelimit) { -+ return -1; -+ } -+ return 0; -+} -+ -+static int loDev_set_status64_ioctl(int fd, struct loop_info64 *info64) -+{ -+ struct loop_info info; -+ struct loop_info64 tmp; -+ int r; -+ -+ /* -+ * This ugly work around is needed because some -+ * Red Hat kernels are using same ioctl code: -+ * #define LOOP_CHANGE_FD 0x4C04 -+ * vs. -+ * #define LOOP_SET_STATUS64 0x4C04 -+ * that is used by modern loop driver. -+ * -+ * Attempt to detect presense of LOOP_GET_STATUS64 -+ * ioctl before issuing LOOP_SET_STATUS64 ioctl. -+ * Red Hat kernels with above LOOP_CHANGE_FD damage -+ * should return -1 and set errno to EINVAL. -+ */ -+ r = ioctl(fd, LOOP_GET_STATUS64, &tmp); -+ memset(&tmp, 0, sizeof(tmp)); -+ if ((r == 0) || (errno != EINVAL)) { -+ r = ioctl(fd, LOOP_SET_STATUS64, info64); -+ if (!r) -+ return 0; -+ } -+ r = loDev_convert_info64_to_info(info64, &info); -+ if (!r) -+ r = ioctl(fd, LOOP_SET_STATUS, &info); -+ -+ /* don't leave copies of encryption key on stack */ -+ memset(&info, 0, sizeof(info)); -+ return r; -+} -+ -+static int loDev_get_status64_ioctl(int fd, struct loop_info64 *info64) -+{ -+ struct loop_info info; -+ int r; -+ -+ memset(info64, 0, sizeof(*info64)); -+ r = ioctl(fd, LOOP_GET_STATUS64, info64); -+ if (!r) -+ return 0; -+ r = ioctl(fd, LOOP_GET_STATUS, &info); -+ if (!r) -+ loDev_convert_info_to_info64(&info, info64); -+ -+ /* don't leave copies of encryption key on stack */ -+ memset(&info, 0, sizeof(info)); -+ return r; -+} -+ -+/* returns: 1=unused 0=busy */ -+static int loDev_is_unused_loop_device(int fd) -+{ -+ struct loop_info64 info64; -+ struct loop_info info; -+ int r; -+ -+ r = ioctl(fd, LOOP_GET_STATUS64, &info64); -+ memset(&info64, 0, sizeof(info64)); -+ if (!r) -+ return 0; -+ if (errno == ENXIO) -+ return 1; -+ -+ r = ioctl(fd, LOOP_GET_STATUS, &info); -+ memset(&info, 0, sizeof(info)); -+ if (!r) -+ return 0; -+ if (errno == ENXIO) -+ return 1; -+ if (errno == EOVERFLOW) -+ return 0; -+ return 1; -+} -+ -+struct loDev_crypt_type_struct { -+ short int id; -+ unsigned char flags; /* bit0 = show keybits, bit1 = add '-' before keybits */ -+ unsigned char keyBytes; -+ char *name; -+}; -+ -+static struct loDev_crypt_type_struct loDev_crypt_type_tbl[] = { -+ { 0, 0, 0, "no" }, -+ { 0, 0, 0, "none" }, -+ { 1, 0, 0, "xor" }, -+ { 3, 1, 16, "twofish" }, -+ { 4, 1, 16, "blowfish" }, -+ { 7, 1, 16, "serpent" }, -+ { 8, 1, 16, "mars" }, -+ { 11, 3, 16, "rc6" }, -+ { 12, 0, 21, "tripleDES" }, -+ { 12, 0, 24, "3des" }, -+ { 12, 0, 24, "des3_ede" }, -+ { 16, 1, 16, "AES" }, -+ { -1, 0, 0, NULL } -+}; -+ -+static char *loDev_getApiName(char *e, int *len) -+{ -+ int x, y, z = 1, q = -1; -+ unsigned char *s; -+ -+ *len = y = 0; -+ s = (unsigned char *)strdup(e); -+ if(!s) -+ return NULL; -+ x = strlen((char *)s); -+ while(x > 0) { -+ x--; -+ if(!isdigit(s[x])) -+ break; -+ y += (s[x] - '0') * z; -+ z *= 10; -+ q = x; -+ } -+ while(x >= 0) { -+ s[x] = tolower(s[x]); -+ if(s[x] == '-') -+ s[x] = 0; -+ x--; -+ } -+ if(y >= 40) { -+ if(q >= 0) -+ s[q] = 0; -+ *len = y; -+ } -+ return((char *)s); -+} -+ -+static int loDev_crypt_type_fn(const char *name, u_int32_t *kbyp, char **apiName) -+{ -+ int i, k; -+ char *s; -+ -+ *apiName = s = loDev_getApiName((char *)name, &k); -+ if(!s) s = ""; -+ if(k < 0) -+ k = 0; -+ if(k > 256) -+ k = 256; -+ for (i = 0; loDev_crypt_type_tbl[i].id != -1; i++) { -+ if (!strcasecmp (s , loDev_crypt_type_tbl[i].name)) { -+ *kbyp = k ? k >> 3 : loDev_crypt_type_tbl[i].keyBytes; -+ return loDev_crypt_type_tbl[i].id; -+ } -+ } -+ *kbyp = 16; /* 128 bits */ -+ return 18; /* LO_CRYPT_CRYPTOAPI */ -+} -+ -+static int loDev_try_cryptoapi_interface(int fd, struct loop_info64 *loopinfo, char *apiName) -+{ -+ if(!apiName) apiName = ""; -+ snprintf((char *)loopinfo->lo_crypt_name, sizeof(loopinfo->lo_crypt_name), "%s-cbc", apiName); -+ loopinfo->lo_crypt_name[LO_NAME_SIZE - 1] = 0; -+ loopinfo->lo_encrypt_type = 18; /* LO_CRYPT_CRYPTOAPI */ -+ return(loDev_set_status64_ioctl(fd, loopinfo)); -+} -+ -+static int loDev_is_loop_device(const char *device) -+{ -+ struct stat statbuf; -+ -+ return (stat(device, &statbuf) == 0 && -+ S_ISBLK(statbuf.st_mode) && -+ major(statbuf.st_rdev) == 7); -+} -+ -+int __loDev_is_loop_active_same_back(char *dev, char *backdev, char *offsetStr, char *sizelimitStr) -+{ -+ int fd; -+ int ret = 0; -+ struct stat statbuf; -+ struct loop_info64 loopinfo; -+ uint64_t offset = 0, sizelimit = 0; -+ -+ if(offsetStr) -+ offset = loDev_mystrtoull(offsetStr, 1); -+ if(sizelimitStr) -+ sizelimit = loDev_mystrtoull(sizelimitStr, 0); -+ -+ if (stat (dev, &statbuf) == 0 && S_ISBLK(statbuf.st_mode) && major(statbuf.st_rdev) == 7) { -+ if(stat (backdev, &statbuf) != 0) -+ return 0; -+ fd = open (dev, O_RDONLY); -+ if (fd < 0) -+ return 0; -+ if ((loDev_get_status64_ioctl(fd, &loopinfo) == 0) -+ && (loopinfo.lo_offset == offset) -+ && (loopinfo.lo_sizelimit == sizelimit) -+ && (statbuf.st_dev == loopinfo.lo_device) -+ && (statbuf.st_ino == loopinfo.lo_inode)) -+ ret = 1; /* backing device matches */ -+ memset(&loopinfo, 0, sizeof(loopinfo)); -+ close(fd); -+ } -+ return ret; -+} -+ -+#define SIZE(a) (sizeof(a)/sizeof(a[0])) -+ -+static char * loDev_find_unused_loop_device(void) -+{ -+ /* Just creating a device, say in /tmp, is probably a bad idea - -+ people might have problems with backup or so. -+ So, we just try /dev/loop[0-7]. */ -+ char dev[20]; -+ char *loop_formats[] = { "/dev/loop%d", "/dev/loop/%d" }; -+ int i, j, fd, somedev = 0, someloop = 0; -+ struct stat statbuf; -+ -+ for (j = 0; j < SIZE(loop_formats); j++) { -+ for(i = 0; i < 256; i++) { -+ sprintf(dev, loop_formats[j], i); -+ if (stat (dev, &statbuf) == 0 && S_ISBLK(statbuf.st_mode)) { -+ somedev++; -+ fd = open (dev, O_RDONLY); -+ if (fd >= 0) { -+ if (loDev_is_unused_loop_device(fd) == 0) -+ someloop++; /* in use */ -+ else if (errno == ENXIO) { -+ close (fd); -+ return strdup(dev);/* probably free */ -+ } -+ close (fd); -+ } -+ continue;/* continue trying as long as devices exist */ -+ } -+ break; -+ } -+ } -+ return 0; -+} -+ -+int mnt_context_is_loopdev(struct libmnt_context *cxt) -+{ -+ const char *type, *src; -+ -+ assert(cxt); -+ -+ /* The mount flags have to be merged, otherwise we have to use -+ * expensive mnt_context_get_user_mflags() instead of cxt->user_mountflags. */ -+ assert((cxt->flags & MNT_FL_MOUNTFLAGS_MERGED)); -+ -+ if (!cxt->fs) -+ return 0; -+ src = mnt_fs_get_srcpath(cxt->fs); -+ if (!src) -+ return 0; /* backing file not set */ -+ -+ if (cxt->user_mountflags & (MNT_MS_LOOP | -+ MNT_MS_OFFSET | -+ MNT_MS_SIZELIMIT)) { -+ -+ DBG(CXT, ul_debugobj(cxt, "loopdev specific options detected")); -+ return 1; -+ } -+ -+ if (cxt->mountflags & (MS_BIND | MS_MOVE | MS_PROPAGATION)) -+ return 0; -+ -+ /* Automatically create a loop device from a regular file if a -+ * filesystem is not specified or the filesystem is known for libblkid -+ * (these filesystems work with block devices only). The file size -+ * should be at least 1KiB otherwise we will create empty loopdev where -+ * is no mountable filesystem... -+ * -+ * Note that there is not a restriction (on kernel side) that prevents regular -+ * file as a mount(2) source argument. A filesystem that is able to mount -+ * regular files could be implemented. -+ */ -+ type = mnt_fs_get_fstype(cxt->fs); -+ -+ if (mnt_fs_is_regular(cxt->fs) && -+ (!type || strcmp(type, "auto") == 0 || blkid_known_fstype(type))) { -+ struct stat st; -+ -+ if (stat(src, &st) == 0 && S_ISREG(st.st_mode) && -+ st.st_size > 1024) -+ return 1; -+ } -+ -+ return 0; -+} -+ -+ -+/* Check, if there already exists a mounted loop device on the mountpoint node -+ * with the same parameters. -+ */ -+static int is_mounted_same_loopfile(struct libmnt_context *cxt, -+ const char *target, -+ char *backing_file, -+ char *offsetStr, char *sizelimitStr) -+{ -+ struct libmnt_table *tb; -+ struct libmnt_iter itr; -+ struct libmnt_fs *fs; -+ struct libmnt_cache *cache; -+ -+ assert(cxt); -+ assert(cxt->fs); -+ assert((cxt->flags & MNT_FL_MOUNTFLAGS_MERGED)); -+ -+ if (!target || !backing_file || mnt_context_get_mtab(cxt, &tb)) -+ return 0; -+ -+ DBG(CXT, ul_debugobj(cxt, "checking if %s mounted on %s", -+ backing_file, target)); -+ -+ cache = mnt_context_get_cache(cxt); -+ mnt_reset_iter(&itr, MNT_ITER_BACKWARD); -+ -+ /* Search for mountpoint node in mtab, procceed if any of these has the -+ * loop option set or the device is a loop device -+ */ -+ while (mnt_table_next_fs(tb, &itr, &fs) == 0) { -+ const char *src = mnt_fs_get_source(fs); -+ const char *opts = mnt_fs_get_user_options(fs); -+ char *val; -+ size_t len; -+ int res = 0; -+ -+ if (!src || !mnt_fs_match_target(fs, target, cache)) -+ continue; -+ -+ if (strncmp(src, "/dev/loop", 9) == 0) { -+ res = __loDev_is_loop_active_same_back((char *) src, backing_file, offsetStr, sizelimitStr); -+ -+ } else if (opts && (cxt->user_mountflags & MNT_MS_LOOP) && -+ mnt_optstr_get_option(opts, "loop", &val, &len) == 0 && val) { -+ -+ val = strndup(val, len); -+ res = __loDev_is_loop_active_same_back((char *) val, backing_file, offsetStr, sizelimitStr); -+ free(val); -+ } -+ -+ if (res) { -+ DBG(CXT, ul_debugobj(cxt, "%s already mounted", backing_file)); -+ return 1; -+ } -+ } -+ -+ return 0; -+} -+ -+int mnt_context_setup_loopdev(struct libmnt_context *cxt) -+{ -+ int loop_dev_fd = -1, backing_fi_fd = -1; -+ loDev_passInfo pi; -+ struct loop_info64 loopinfo; -+ int i; -+ char *pass = NULL, *apiName = NULL; -+ void (*hashFunc)(unsigned char *, int, unsigned char *, int); -+ unsigned char multiKeyBits[65][32]; -+ int minPassLen = LOOP_PASSWORD_MIN_LENGTH; -+ int run_mkfs_command = 0; -+ int mode = O_RDWR; -+ int fixedLoopName = 0; -+ unsigned int chmodVal = 0; -+ const char *optstr; -+ char *val = NULL; -+ size_t len = 0; -+ int rc = 0, myErrno = 0; -+ uint64_t offset = 0, sizelimit = 0; -+ -+ -+ memset(&pi, 0, sizeof(pi)); -+ assert(cxt); -+ assert(cxt->fs); -+ assert((cxt->flags & MNT_FL_MOUNTFLAGS_MERGED)); -+ cxt->loopdev_fd = -1; -+ -+ pi.loopFileName = (char *) mnt_fs_get_srcpath(cxt->fs); -+ if (!pi.loopFileName) -+ return -EINVAL; -+ -+ DBG(CXT, ul_debugobj(cxt, "trying to setup loopdev for %s", pi.loopFileName)); -+ -+ if (cxt->mountflags & MS_RDONLY) { -+ DBG(CXT, ul_debugobj(cxt, "enabling READ-ONLY flag")); -+ mode = O_RDONLY; -+ } -+ -+ optstr = mnt_fs_get_user_options(cxt->fs); -+ -+#define MM(a,b) if(mnt_optstr_get_option(optstr, a, &val, &len) == 0 && val && len) { \ -+ if(!(b = strndup(val, len))) rc = -ENOMEM; \ -+ } -+ -+ MM("loop", pi.loopDevName); -+ MM("offset", pi.loopOffsetBytes); -+ MM("sizelimit", pi.loopSizeBytes); -+ MM("encryption", pi.loopEncryptionType); -+ MM("pseed", pi.passSeedString); -+ MM("phash", pi.passHashFuncName); -+ MM("itercountk", pi.passIterThousands); -+ MM("loinit", pi.loInitValue); -+ MM("gpgkey", pi.gpgKeyFile); -+ MM("gpghome", pi.gpgHomeDir); -+ MM("cleartextkey", pi.clearTextKeyFile); -+ -+#undef MM -+ -+ if(pi.loopOffsetBytes) -+ offset = loDev_mystrtoull(pi.loopOffsetBytes, 1); -+ if(pi.loopSizeBytes) -+ sizelimit = loDev_mystrtoull(pi.loopSizeBytes, 0); -+ -+ if (rc == 0 && is_mounted_same_loopfile(cxt, mnt_context_get_target(cxt), pi.loopFileName, pi.loopOffsetBytes, pi.loopSizeBytes)) -+ rc = -EBUSY; -+ if (rc) -+ goto clean_up_out; -+ if(pi.loopDevName) { -+ fixedLoopName = 1; -+ if(__loDev_is_loop_active_same_back(pi.loopDevName, pi.loopFileName, pi.loopOffsetBytes, pi.loopSizeBytes)) { -+ /* loop device appears to be already set up to same backing file, so skip most of loop setup */ -+ /* this is useful for encrypted losetup -> fsck -> mount, where passphrase needs to be typed only once */ -+ rc = mnt_fs_set_source(cxt->fs, pi.loopDevName); -+ if(rc) goto clean_up_out; -+ goto skip_setup_ok_out; -+ } -+ } else if(cxt->fs && mnt_optstr_get_option(optstr, "loop", &val, &len) != 0) { -+ /* Looks like no "loop" option at all. Add one so it gets cleaned up by umount */ -+ mnt_optstr_append_option(&cxt->fs->user_optstr, "loop", NULL); -+ } -+ if((backing_fi_fd = open(pi.loopFileName, mode)) < 0) { -+ DBG(CXT, ul_debugobj(cxt, "can't open backing device/file")); -+ myErrno = ENODEV; -+ rc = -MNT_ERR_LOOPDEV; -+ goto clean_up_out; -+ } -+ -+try_again_another_loopdev: -+ sync(); -+ if(!pi.loopDevName) { -+ pi.loopDevName = loDev_find_unused_loop_device(); -+ if(!pi.loopDevName) { -+ DBG(CXT, ul_debugobj(cxt, "can't find free loop device")); -+ myErrno = ENODEV; -+ rc = -MNT_ERR_LOOPDEV; -+ goto clean_up_out; -+ } -+ } -+ if((loop_dev_fd = open(pi.loopDevName, mode)) < 0) { -+ DBG(CXT, ul_debugobj(cxt, "can't open loop device")); -+ myErrno = ENODEV; -+ rc = -MNT_ERR_LOOPDEV; -+ goto clean_up_out; -+ } -+ if(ioctl(loop_dev_fd, LOOP_SET_FD, backing_fi_fd) < 0) { -+ if(errno == EBUSY && !fixedLoopName) { -+ close(loop_dev_fd); -+ loop_dev_fd = -1; -+ free(pi.loopDevName); -+ pi.loopDevName = NULL; -+ DBG(CXT, ul_debugobj(cxt, "loopdev stolen...trying again")); -+ goto try_again_another_loopdev; -+ } -+ close(loop_dev_fd); -+ loop_dev_fd = -1; -+ DBG(CXT, ul_debugobj(cxt, "loop set-fd ioctl failed")); -+ myErrno = EBUSY; -+ rc = -MNT_ERR_LOOPDEV; -+ goto clean_up_out; -+ } -+ -+ memset(&loopinfo, 0, sizeof (loopinfo)); -+ strncpy((char *)loopinfo.lo_file_name, pi.loopFileName, LO_NAME_SIZE - 1); -+ loopinfo.lo_file_name[LO_NAME_SIZE - 1] = 0; -+ if(pi.loopEncryptionType) -+ loopinfo.lo_encrypt_type = loDev_crypt_type_fn(pi.loopEncryptionType, &loopinfo.lo_encrypt_key_size, &apiName); -+ loopinfo.lo_offset = offset; -+ loopinfo.lo_sizelimit = sizelimit; -+ -+ switch(loopinfo.lo_encrypt_type) { -+ case 0: /* LO_CRYPT_NONE */ -+ loopinfo.lo_encrypt_key_size = 0; -+ break; -+ case 1: /* LO_CRYPT_XOR */ -+ pass = loDev_sGetPass(cxt, &pi, 1, 0); -+ if(!pass) { -+ myErrno = ENOKEY; -+ goto loop_clr_fd_out; -+ } -+ strncpy((char *)loopinfo.lo_encrypt_key, pass, LO_KEY_SIZE - 1); -+ loopinfo.lo_encrypt_key[LO_KEY_SIZE - 1] = 0; -+ loopinfo.lo_encrypt_key_size = strlen((char*)loopinfo.lo_encrypt_key); -+ break; -+ case 3: /* LO_CRYPT_FISH2 */ -+ case 4: /* LO_CRYPT_BLOW */ -+ case 7: /* LO_CRYPT_SERPENT */ -+ case 8: /* LO_CRYPT_MARS */ -+ case 11: /* LO_CRYPT_RC6 */ -+ case 12: /* LO_CRYPT_DES_EDE3 */ -+ case 16: /* LO_CRYPT_AES */ -+ case 18: /* LO_CRYPT_CRYPTOAPI */ -+ /* set default hash function */ -+ hashFunc = __loDev_sha256_hash_buffer; -+ if(loopinfo.lo_encrypt_key_size == 24) hashFunc = __loDev_sha384_hash_buffer; -+ if(loopinfo.lo_encrypt_key_size == 32) hashFunc = __loDev_sha512_hash_buffer; -+ /* possibly override default hash function */ -+ if(pi.passHashFuncName) { -+ if(!strcasecmp(pi.passHashFuncName, "sha256")) { -+ hashFunc = __loDev_sha256_hash_buffer; -+ } else if(!strcasecmp(pi.passHashFuncName, "sha384")) { -+ hashFunc = __loDev_sha384_hash_buffer; -+ } else if(!strcasecmp(pi.passHashFuncName, "sha512")) { -+ hashFunc = __loDev_sha512_hash_buffer; -+ } else if(!strcasecmp(pi.passHashFuncName, "rmd160")) { -+ hashFunc = loDev_rmd160HashTwiceWithA; -+ minPassLen = 1; -+ } else if(!strcasecmp(pi.passHashFuncName, "unhashed1")) { -+ hashFunc = loDev_unhashed1_key_setup; -+ } else if(!strcasecmp(pi.passHashFuncName, "unhashed2")) { -+ hashFunc = loDev_unhashed2_key_setup; -+ minPassLen = 1; -+ } else if(!strncasecmp(pi.passHashFuncName, "random", 6) && ((pi.passHashFuncName[6] == 0) || (pi.passHashFuncName[6] == '/'))) { -+ /* random hash type sets up 65 random keys */ -+ /* WARNING! DO NOT USE RANDOM HASH TYPE ON PARTITION WITH EXISTING */ -+ /* IMPORTANT DATA ON IT. RANDOM HASH TYPE WILL DESTROY YOUR DATA. */ -+ if(loDev_create_random_keys(cxt, pi.loopFileName, loopinfo.lo_offset, loopinfo.lo_sizelimit, cxt->mountflags & MS_RDONLY, &multiKeyBits[0][0])) { -+ myErrno = ENOKEY; -+ goto loop_clr_fd_out; -+ } -+ memcpy(&loopinfo.lo_encrypt_key[0], &multiKeyBits[0][0], sizeof(loopinfo.lo_encrypt_key)); -+ run_mkfs_command = pi.multiKeyMode = 1000; -+ break; /* out of switch(loopinfo.lo_encrypt_type) */ -+ } -+ } -+ pass = loDev_sGetPass(cxt, &pi, minPassLen, LOOP_PASSWORD_MIN_LENGTH); -+ if(!pass) { -+ myErrno = ENOKEY; -+ goto loop_clr_fd_out; -+ } -+ i = strlen(pass); -+ if(hashFunc == loDev_unhashed1_key_setup) { -+ /* this is for compatibility with historic loop-AES version */ -+ loopinfo.lo_encrypt_key_size = 16; /* 128 bits */ -+ if(i >= 32) loopinfo.lo_encrypt_key_size = 24; /* 192 bits */ -+ if(i >= 43) loopinfo.lo_encrypt_key_size = 32; /* 256 bits */ -+ } -+ (*hashFunc)((unsigned char *)pass, i, &loopinfo.lo_encrypt_key[0], sizeof(loopinfo.lo_encrypt_key)); -+ if(pi.multiKeyMode) { -+ int r = 0, t; -+ while(r < pi.multiKeyMode) { -+ t = strlen(pi.multiKeyPass[r]); -+ (*hashFunc)((unsigned char *)pi.multiKeyPass[r], t, &multiKeyBits[r][0], 32); -+ memset(pi.multiKeyPass[r], 0, t); -+ /* -+ * MultiKeyMode uses md5 IV. One key mode uses sector IV. Sector IV -+ * and md5 IV v2 and v3 are all computed differently. This first key -+ * byte XOR with 0x55/0xF4 is needed to cause complete decrypt failure -+ * in cases where data is encrypted with one type of IV and decrypted -+ * with another type IV. If identical key was used but only IV was -+ * computed differently, only first plaintext block of 512 byte CBC -+ * chain would decrypt incorrectly and rest would decrypt correctly. -+ * Partially correct decryption is dangerous. Decrypting all blocks -+ * incorrectly is safer because file system mount will simply fail. -+ */ -+ if(pi.multiKeyMode == 65) { -+ multiKeyBits[r][0] ^= 0xF4; /* version 3 */ -+ } else { -+ multiKeyBits[r][0] ^= 0x55; /* version 2 */ -+ } -+ r++; -+ } -+ } else if(pi.passIterThousands) { -+ aes_context ctx; -+ unsigned long iter = 0; -+ unsigned char tempkey[32]; -+ /* -+ * Set up AES-256 encryption key using same password and hash function -+ * as before but with password bit 0 flipped before hashing. That key -+ * is then used to encrypt actual loop key 'itercountk' thousand times. -+ */ -+ pass[0] ^= 1; -+ (*hashFunc)((unsigned char *)pass, i, &tempkey[0], 32); -+ __loDev_aes_set_key(&ctx, &tempkey[0], 32, 0); -+ sscanf(pi.passIterThousands, "%lu", &iter); -+ iter *= 1000; -+ while(iter > 0) { -+ /* encrypt both 128bit blocks with AES-256 */ -+ __loDev_aes_encrypt(&ctx, &loopinfo.lo_encrypt_key[ 0], &loopinfo.lo_encrypt_key[ 0]); -+ __loDev_aes_encrypt(&ctx, &loopinfo.lo_encrypt_key[16], &loopinfo.lo_encrypt_key[16]); -+ /* exchange upper half of first block with lower half of second block */ -+ memcpy(&tempkey[0], &loopinfo.lo_encrypt_key[8], 8); -+ memcpy(&loopinfo.lo_encrypt_key[8], &loopinfo.lo_encrypt_key[16], 8); -+ memcpy(&loopinfo.lo_encrypt_key[16], &tempkey[0], 8); -+ iter--; -+ } -+ memset(&ctx, 0, sizeof(ctx)); -+ memset(&tempkey[0], 0, sizeof(tempkey)); -+ } -+ memset(pass, 0, i); /* erase original password */ -+ break; -+ default: -+ DBG(CXT, ul_debugobj(cxt, "don't know how to set up this type encryption")); -+ myErrno = ENOKEY; -+ goto loop_clr_fd_out; -+ } -+ -+ if(pi.loInitValue) { -+ /* cipher modules are free to do whatever they want with this value */ -+ i = 0; -+ sscanf(pi.loInitValue, "%d", &i); -+ loopinfo.lo_init[0] = i; -+ } -+ -+ /* type 18 == LO_CRYPT_CRYPTOAPI */ -+ if ((loopinfo.lo_encrypt_type == 18) || (loDev_set_status64_ioctl(loop_dev_fd, &loopinfo) < 0)) { -+ /* direct cipher interface failed - try CryptoAPI interface now */ -+ if(!apiName || (loDev_try_cryptoapi_interface(loop_dev_fd, &loopinfo, apiName) < 0)) { -+ DBG(CXT, ul_debugobj(cxt, "loop set-status ioctl failed")); -+ myErrno = ENOTSUP; -+ loop_clr_fd_out: -+ (void) ioctl(loop_dev_fd, LOOP_CLR_FD, 0); -+ rc = -MNT_ERR_LOOPDEV; -+ goto clean_up_out; -+ } -+ } -+ if(pi.multiKeyMode >= 65) { -+ if(ioctl(loop_dev_fd, LOOP_MULTI_KEY_SETUP_V3, &multiKeyBits[0][0]) < 0) { -+ if(pi.multiKeyMode == 1000) goto try_v2_setup; -+ DBG(CXT, ul_debugobj(cxt, "loop multi-key-v3 ioctl failed")); -+ myErrno = ENOTSUP; -+ goto loop_clr_fd_out; -+ } -+ } else if(pi.multiKeyMode == 64) { -+ try_v2_setup: -+ if((ioctl(loop_dev_fd, LOOP_MULTI_KEY_SETUP, &multiKeyBits[0][0]) < 0) && (pi.multiKeyMode != 1000)) { -+ DBG(CXT, ul_debugobj(cxt, "loop multi-key-v2 ioctl failed")); -+ myErrno = ENOTSUP; -+ goto loop_clr_fd_out; -+ } -+ } -+ -+ if(run_mkfs_command && cxt->fs && cxt->fs->fstype && cxt->fs->fstype[0] && (getuid() == 0)) { -+ if(!loDev_fork_mkfs_command(cxt, pi.loopDevName, cxt->fs->fstype)) { -+ /* !strncasecmp(pi.passHashFuncName, "random", 6) test matched */ -+ /* This reads octal mode for newly created file system root */ -+ /* directory node from '-o phash=random/1777' mount option. */ -+ /* octal mode--^^^^ */ -+ if(sscanf(pi.passHashFuncName + 6, "/%o", &chmodVal) == 1) { -+ /* bits 31...24 set to magic value, so that if something */ -+ /* interprets cxt->loopdev_fd as a file descriptor, it will fail */ -+ chmodVal &= 0x00FFFFFF; -+ chmodVal |= 0x77000000; -+ } -+ -+ } else { -+ myErrno = ENOMEM; -+ goto loop_clr_fd_out; -+ } -+ } -+ -+ rc = mnt_fs_set_source(cxt->fs, pi.loopDevName); -+ if(rc) { -+ myErrno = ENOMEM; -+ goto loop_clr_fd_out; -+ } -+ -+skip_setup_ok_out: -+ /* success */ -+ cxt->flags |= MNT_FL_LOOPDEV_READY; -+ if(chmodVal) { -+ cxt->loopdev_fd = (int)chmodVal; -+ } -+ -+clean_up_out: -+ if(loop_dev_fd != -1) close(loop_dev_fd); -+ if(backing_fi_fd != -1) close(backing_fi_fd); -+ -+ memset(loopinfo.lo_encrypt_key, 0, sizeof(loopinfo.lo_encrypt_key)); -+ memset(&multiKeyBits[0][0], 0, sizeof(multiKeyBits)); -+ -+ for(i = 0; i < 66; i++) { -+ if(pi.multiKeyPass[i]) free(pi.multiKeyPass[i]); -+ } -+ if(pi.loopDevName) free(pi.loopDevName); -+ if(pi.loopOffsetBytes) free(pi.loopOffsetBytes); -+ if(pi.loopSizeBytes) free(pi.loopSizeBytes); -+ if(pi.loopEncryptionType) free(pi.loopEncryptionType); -+ if(pi.passSeedString) free(pi.passSeedString); -+ if(pi.passHashFuncName) free(pi.passHashFuncName); -+ if(pi.passIterThousands) free(pi.passIterThousands); -+ if(pi.loInitValue) free(pi.loInitValue); -+ if(pi.gpgKeyFile) free(pi.gpgKeyFile); -+ if(pi.gpgHomeDir) free(pi.gpgHomeDir); -+ if(pi.clearTextKeyFile) free(pi.clearTextKeyFile); -+ -+ if(apiName) free(apiName); -+ if(pi.extraPtrToFree) free(pi.extraPtrToFree); -+ -+ if(pi.pass_cb_string && cxt->pwd_release_cb) { -+ DBG(CXT, ul_debugobj(cxt, "release pass")); -+ cxt->pwd_release_cb(cxt, pi.pass_cb_string); -+ } -+ if(myErrno) errno = myErrno; -+ return rc; -+} -+ -+/* -+ * Deletes loop device -+ */ -+int mnt_context_delete_loopdev(struct libmnt_context *cxt) -+{ -+ const char *src; -+ int rc = 0, fd; -+ -+ assert(cxt); -+ assert(cxt->fs); -+ -+ src = mnt_fs_get_srcpath(cxt->fs); -+ if (!src) -+ return -EINVAL; -+ -+ if(!loDev_is_loop_device(src)) -+ return -EINVAL; -+ -+ sync(); -+ if((fd = open(src, O_RDONLY)) < 0) { -+ DBG(CXT, ul_debugobj(cxt, "can't open loop device")); -+ rc = -ENODEV; -+ } else { -+ if(ioctl(fd, LOOP_CLR_FD, 0) < 0) { -+ DBG(CXT, ul_debugobj(cxt, "loop crl-fd ioctl failed")); -+ rc = -EINVAL; -+ } -+ close(fd); -+ } -+ cxt->flags &= ~MNT_FL_LOOPDEV_READY; -+ cxt->loopdev_fd = -1; -+ -+ DBG(CXT, ul_debugobj(cxt, "loopdev deleted [rc=%d]", rc)); -+ return rc; -+} -+ -+/* -+ * Clears loopdev stuff in context, should be called after -+ * failed or successful mount(2). -+ */ -+int mnt_context_clear_loopdev(struct libmnt_context *cxt) -+{ -+ unsigned int chmodVal; -+ -+ assert(cxt); -+ -+ if(mnt_context_get_status(cxt) == 0 && (cxt->flags & MNT_FL_LOOPDEV_READY)) { -+ /* mount(2) failed, delete loopdev */ -+ mnt_context_delete_loopdev(cxt); -+ } else if(cxt->loopdev_fd != -1) { -+ chmodVal = (unsigned int) cxt->loopdev_fd; -+ if((chmodVal & 0xFF000000) == 0x77000000) { /* check magic value */ -+ chmodVal &= 0x00FFFFFF; -+ if(cxt->fs && cxt->fs->target && cxt->fs->target[0]) { -+ /* -+ * If loop was set up using random keys and new file system -+ * was created on the loop device, initial permissions for -+ * file system root directory need to be set here. -+ */ -+ DBG(CXT, ul_debugobj(cxt, "doing chmod() on mountpoint")); -+ if(chmod(cxt->fs->target, chmodVal)) { -+ DBG(CXT, ul_debugobj(cxt, "chmod() on mountpoint failed")); -+ } -+ } -+ } -+ } -+ cxt->loopdev_fd = -1; -+ return 0; -+} -diff -urN util-linux-2.34/libmount/src/context_umount.c util-linux-2.34-AES/libmount/src/context_umount.c ---- util-linux-2.34/libmount/src/context_umount.c 2019-05-15 18:24:08.255894236 +0300 -+++ util-linux-2.34-AES/libmount/src/context_umount.c 2019-07-11 09:31:03.212081123 +0300 -@@ -330,11 +330,12 @@ - */ - static int is_associated_fs(const char *devname, struct libmnt_fs *fs) - { -- uintmax_t offset = 0; -+ int r; - const char *src, *optstr; - char *val; - size_t valsz; -- int flags = 0; -+ char *offsetStr = NULL, *sizelimitStr = NULL; -+ extern int __loDev_is_loop_active_same_back(char *, char *, char *, char *); - - /* check if it begins with /dev/loop */ - if (strncmp(devname, _PATH_DEV_LOOP, sizeof(_PATH_DEV_LOOP) - 1)) -@@ -346,16 +347,16 @@ - - /* check for the offset option in @fs */ - optstr = mnt_fs_get_user_options(fs); -- -- if (optstr && -- mnt_optstr_get_option(optstr, "offset", &val, &valsz) == 0) { -- flags |= LOOPDEV_FL_OFFSET; -- -- if (mnt_parse_offset(val, valsz, &offset) != 0) -- return 0; -- } -- -- return loopdev_is_used(devname, src, offset, 0, flags); -+ if (optstr) { -+ if(mnt_optstr_get_option(optstr, "offset", &val, &valsz) == 0 && val && valsz) -+ offsetStr = strndup(val, valsz); -+ if(mnt_optstr_get_option(optstr, "sizelimit", &val, &valsz) == 0 && val && valsz) -+ sizelimitStr = strndup(val, valsz); -+ } -+ r = __loDev_is_loop_active_same_back((char *) devname, (char *) src, offsetStr, sizelimitStr); -+ if(offsetStr) free(offsetStr); -+ if(sizelimitStr) free(sizelimitStr); -+ return r; - } - - static int prepare_helper_from_options(struct libmnt_context *cxt, -@@ -920,7 +921,7 @@ - if (!rc && mnt_context_is_loopdel(cxt) && cxt->fs) { - const char *src = mnt_fs_get_srcpath(cxt->fs); - -- if (src && (!is_loopdev(src) || loopdev_is_autoclear(src))) -+ if (src && !is_loopdev(src)) - mnt_context_enable_loopdel(cxt, FALSE); - } - -diff -urN util-linux-2.34/libmount/src/optmap.c util-linux-2.34-AES/libmount/src/optmap.c ---- util-linux-2.34/libmount/src/optmap.c 2019-02-22 12:17:43.717854104 +0200 -+++ util-linux-2.34-AES/libmount/src/optmap.c 2019-07-11 09:31:03.212081123 +0300 -@@ -168,10 +168,19 @@ - { "x-", MNT_MS_XCOMMENT, MNT_NOHLPS | MNT_PREFIX }, /* persistent comments (utab) */ - { "X-", MNT_MS_XFSTABCOMM, MNT_NOHLPS | MNT_NOMTAB | MNT_PREFIX }, /* fstab only comments */ - -- { "loop[=]", MNT_MS_LOOP, MNT_NOHLPS }, /* use the loop device */ -+ { "loop[=]", MNT_MS_LOOP, MNT_NOHLPS }, /* use the loop device (no MNT_NOMTAB flag) */ - { "offset=", MNT_MS_OFFSET, MNT_NOHLPS | MNT_NOMTAB }, /* loop device offset */ - { "sizelimit=", MNT_MS_SIZELIMIT, MNT_NOHLPS | MNT_NOMTAB }, /* loop device size limit */ -- { "encryption=", MNT_MS_ENCRYPTION, MNT_NOHLPS | MNT_NOMTAB }, /* loop device encryption */ -+/* IMPORTANT - make sure that bit numbers below do not conflict with other MNT_MS_* bit numbers in libmount.h.in */ -+ { "encryption=", (1 << 23), MNT_NOHLPS | MNT_NOMTAB }, /* loop device encryption */ -+ { "pseed=", (1 << 24), MNT_NOHLPS | MNT_NOMTAB }, /* loop device passphrase seed */ -+ { "phash=", (1 << 25), MNT_NOHLPS | MNT_NOMTAB }, /* loop device passphrase hash function */ -+ { "itercountk=", (1 << 26), MNT_NOHLPS | MNT_NOMTAB }, /* loop device passphrase iteration count */ -+ { "loinit=", (1 << 27), MNT_NOHLPS | MNT_NOMTAB }, /* loop device initialization code */ -+ { "gpgkey=", (1 << 28), MNT_NOHLPS | MNT_NOMTAB }, /* loop device GnuPG key file */ -+ { "gpghome=", (1 << 29), MNT_NOHLPS | MNT_NOMTAB }, /* loop device GnuPG home directory */ -+ { "cleartextkey=", (1 << 30), MNT_NOHLPS | MNT_NOMTAB }, /* loop device clear text key file */ -+/* end IMPORTANT */ - - { "nofail", MNT_MS_NOFAIL, MNT_NOMTAB }, /* Do not fail if ENOENT on dev */ - -diff -urN util-linux-2.34/libmount/src/rmd160.c util-linux-2.34-AES/libmount/src/rmd160.c ---- util-linux-2.34/libmount/src/rmd160.c 1970-01-01 02:00:00.000000000 +0200 -+++ util-linux-2.34-AES/libmount/src/rmd160.c 2019-07-11 09:31:03.213081128 +0300 -@@ -0,0 +1,532 @@ -+/* rmd160.c - RIPE-MD160 -+ * Copyright (C) 1998 Free Software Foundation, Inc. -+ */ -+ -+/* This file was part of GnuPG. Modified for use within the Linux -+ * mount utility by Marc Mutz <Marc@Mutz.com>. None of this code is -+ * by myself. I just removed everything that you don't need when all -+ * you want to do is to use rmd160_hash_buffer(). -+ * My comments are marked with (mm). */ -+ -+/* GnuPG is free software; you can redistribute it and/or modify -+ * it under the terms of the GNU General Public License as published by -+ * the Free Software Foundation; either version 2 of the License, or -+ * (at your option) any later version. -+ * -+ * GnuPG is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ * GNU General Public License for more details. -+ * -+ * You should have received a copy of the GNU General Public License -+ * along with this program; if not, write to the Free Software -+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ -+ -+#include <string.h> /* (mm) for memcpy */ -+#include <endian.h> /* (mm) for BIG_ENDIAN and BYTE_ORDER */ -+#include "rmd160.h" -+ -+/* (mm) these are used by the original GnuPG file. In order to modify -+ * that file not too much, we keep the notations. maybe it would be -+ * better to include linux/types.h and typedef __u32 to u32 and __u8 -+ * to byte? */ -+typedef unsigned int u32; /* taken from e.g. util-linux's minix.h */ -+typedef unsigned char byte; -+ -+typedef struct { -+ u32 h0,h1,h2,h3,h4; -+ u32 nblocks; -+ byte buf[64]; -+ int count; -+} RMD160_CONTEXT; -+ -+/**************** -+ * Rotate a 32 bit integer by n bytes -+ */ -+#if defined(__GNUC__) && defined(__i386__) -+static inline u32 -+rol( u32 x, int n) -+{ -+ __asm__("roll %%cl,%0" -+ :"=r" (x) -+ :"0" (x),"c" (n)); -+ return x; -+} -+#else -+ #define rol(x,n) ( ((x) << (n)) | ((x) >> (32-(n))) ) -+#endif -+ -+/********************************* -+ * RIPEMD-160 is not patented, see (as of 25.10.97) -+ * http://www.esat.kuleuven.ac.be/~bosselae/ripemd160.html -+ * Note that the code uses Little Endian byteorder, which is good for -+ * 386 etc, but we must add some conversion when used on a big endian box. -+ * -+ * -+ * Pseudo-code for RIPEMD-160 -+ * -+ * RIPEMD-160 is an iterative hash function that operates on 32-bit words. -+ * The round function takes as input a 5-word chaining variable and a 16-word -+ * message block and maps this to a new chaining variable. All operations are -+ * defined on 32-bit words. Padding is identical to that of MD4. -+ * -+ * -+ * RIPEMD-160: definitions -+ * -+ * -+ * nonlinear functions at bit level: exor, mux, -, mux, - -+ * -+ * f(j, x, y, z) = x XOR y XOR z (0 <= j <= 15) -+ * f(j, x, y, z) = (x AND y) OR (NOT(x) AND z) (16 <= j <= 31) -+ * f(j, x, y, z) = (x OR NOT(y)) XOR z (32 <= j <= 47) -+ * f(j, x, y, z) = (x AND z) OR (y AND NOT(z)) (48 <= j <= 63) -+ * f(j, x, y, z) = x XOR (y OR NOT(z)) (64 <= j <= 79) -+ * -+ * -+ * added constants (hexadecimal) -+ * -+ * K(j) = 0x00000000 (0 <= j <= 15) -+ * K(j) = 0x5A827999 (16 <= j <= 31) int(2**30 x sqrt(2)) -+ * K(j) = 0x6ED9EBA1 (32 <= j <= 47) int(2**30 x sqrt(3)) -+ * K(j) = 0x8F1BBCDC (48 <= j <= 63) int(2**30 x sqrt(5)) -+ * K(j) = 0xA953FD4E (64 <= j <= 79) int(2**30 x sqrt(7)) -+ * K'(j) = 0x50A28BE6 (0 <= j <= 15) int(2**30 x cbrt(2)) -+ * K'(j) = 0x5C4DD124 (16 <= j <= 31) int(2**30 x cbrt(3)) -+ * K'(j) = 0x6D703EF3 (32 <= j <= 47) int(2**30 x cbrt(5)) -+ * K'(j) = 0x7A6D76E9 (48 <= j <= 63) int(2**30 x cbrt(7)) -+ * K'(j) = 0x00000000 (64 <= j <= 79) -+ * -+ * -+ * selection of message word -+ * -+ * r(j) = j (0 <= j <= 15) -+ * r(16..31) = 7, 4, 13, 1, 10, 6, 15, 3, 12, 0, 9, 5, 2, 14, 11, 8 -+ * r(32..47) = 3, 10, 14, 4, 9, 15, 8, 1, 2, 7, 0, 6, 13, 11, 5, 12 -+ * r(48..63) = 1, 9, 11, 10, 0, 8, 12, 4, 13, 3, 7, 15, 14, 5, 6, 2 -+ * r(64..79) = 4, 0, 5, 9, 7, 12, 2, 10, 14, 1, 3, 8, 11, 6, 15, 13 -+ * r0(0..15) = 5, 14, 7, 0, 9, 2, 11, 4, 13, 6, 15, 8, 1, 10, 3, 12 -+ * r0(16..31)= 6, 11, 3, 7, 0, 13, 5, 10, 14, 15, 8, 12, 4, 9, 1, 2 -+ * r0(32..47)= 15, 5, 1, 3, 7, 14, 6, 9, 11, 8, 12, 2, 10, 0, 4, 13 -+ * r0(48..63)= 8, 6, 4, 1, 3, 11, 15, 0, 5, 12, 2, 13, 9, 7, 10, 14 -+ * r0(64..79)= 12, 15, 10, 4, 1, 5, 8, 7, 6, 2, 13, 14, 0, 3, 9, 11 -+ * -+ * -+ * amount for rotate left (rol) -+ * -+ * s(0..15) = 11, 14, 15, 12, 5, 8, 7, 9, 11, 13, 14, 15, 6, 7, 9, 8 -+ * s(16..31) = 7, 6, 8, 13, 11, 9, 7, 15, 7, 12, 15, 9, 11, 7, 13, 12 -+ * s(32..47) = 11, 13, 6, 7, 14, 9, 13, 15, 14, 8, 13, 6, 5, 12, 7, 5 -+ * s(48..63) = 11, 12, 14, 15, 14, 15, 9, 8, 9, 14, 5, 6, 8, 6, 5, 12 -+ * s(64..79) = 9, 15, 5, 11, 6, 8, 13, 12, 5, 12, 13, 14, 11, 8, 5, 6 -+ * s'(0..15) = 8, 9, 9, 11, 13, 15, 15, 5, 7, 7, 8, 11, 14, 14, 12, 6 -+ * s'(16..31)= 9, 13, 15, 7, 12, 8, 9, 11, 7, 7, 12, 7, 6, 15, 13, 11 -+ * s'(32..47)= 9, 7, 15, 11, 8, 6, 6, 14, 12, 13, 5, 14, 13, 13, 7, 5 -+ * s'(48..63)= 15, 5, 8, 11, 14, 14, 6, 14, 6, 9, 12, 9, 12, 5, 15, 8 -+ * s'(64..79)= 8, 5, 12, 9, 12, 5, 14, 6, 8, 13, 6, 5, 15, 13, 11, 11 -+ * -+ * -+ * initial value (hexadecimal) -+ * -+ * h0 = 0x67452301; h1 = 0xEFCDAB89; h2 = 0x98BADCFE; h3 = 0x10325476; -+ * h4 = 0xC3D2E1F0; -+ * -+ * -+ * RIPEMD-160: pseudo-code -+ * -+ * It is assumed that the message after padding consists of t 16-word blocks -+ * that will be denoted with X[i][j], with 0 <= i <= t-1 and 0 <= j <= 15. -+ * The symbol [+] denotes addition modulo 2**32 and rol_s denotes cyclic left -+ * shift (rotate) over s positions. -+ * -+ * -+ * for i := 0 to t-1 { -+ * A := h0; B := h1; C := h2; D = h3; E = h4; -+ * A' := h0; B' := h1; C' := h2; D' = h3; E' = h4; -+ * for j := 0 to 79 { -+ * T := rol_s(j)(A [+] f(j, B, C, D) [+] X[i][r(j)] [+] K(j)) [+] E; -+ * A := E; E := D; D := rol_10(C); C := B; B := T; -+ * T := rol_s'(j)(A' [+] f(79-j, B', C', D') [+] X[i][r'(j)] -+ [+] K'(j)) [+] E'; -+ * A' := E'; E' := D'; D' := rol_10(C'); C' := B'; B' := T; -+ * } -+ * T := h1 [+] C [+] D'; h1 := h2 [+] D [+] E'; h2 := h3 [+] E [+] A'; -+ * h3 := h4 [+] A [+] B'; h4 := h0 [+] B [+] C'; h0 := T; -+ * } -+ */ -+ -+/* Some examples: -+ * "" 9c1185a5c5e9fc54612808977ee8f548b2258d31 -+ * "a" 0bdc9d2d256b3ee9daae347be6f4dc835a467ffe -+ * "abc" 8eb208f7e05d987a9b044a8e98c6b087f15a0bfc -+ * "message digest" 5d0689ef49d2fae572b881b123a85ffa21595f36 -+ * "a...z" f71c27109c692c1b56bbdceb5b9d2865b3708dbc -+ * "abcdbcde...nopq" 12a053384a9c0c88e405a06c27dcf49ada62eb2b -+ * "A...Za...z0...9" b0e20b6e3116640286ed3a87a5713079b21f5189 -+ * 8 times "1234567890" 9b752e45573d4b39f4dbd3323cab82bf63326bfb -+ * 1 million times "a" 52783243c1697bdbe16d37f97f68f08325dc1528 -+ */ -+ -+ -+static void -+rmd160_init( RMD160_CONTEXT *hd ) -+{ -+ hd->h0 = 0x67452301; -+ hd->h1 = 0xEFCDAB89; -+ hd->h2 = 0x98BADCFE; -+ hd->h3 = 0x10325476; -+ hd->h4 = 0xC3D2E1F0; -+ hd->nblocks = 0; -+ hd->count = 0; -+} -+ -+ -+ -+/**************** -+ * Transform the message X which consists of 16 32-bit-words -+ */ -+static void -+transform( RMD160_CONTEXT *hd, byte *data ) -+{ -+ u32 a,b,c,d,e,aa,bb,cc,dd,ee,t; -+ #if BYTE_ORDER == BIG_ENDIAN -+ u32 x[16]; -+ { int i; -+ byte *p2, *p1; -+ for(i=0, p1=data, p2=(byte*)x; i < 16; i++, p2 += 4 ) { -+ p2[3] = *p1++; -+ p2[2] = *p1++; -+ p2[1] = *p1++; -+ p2[0] = *p1++; -+ } -+ } -+ #else -+ #if 0 -+ u32 *x =(u32*)data; -+ #else -+ /* this version is better because it is always aligned; -+ * The performance penalty on a 586-100 is about 6% which -+ * is acceptable - because the data is more local it might -+ * also be possible that this is faster on some machines. -+ * This function (when compiled with -02 on gcc 2.7.2) -+ * executes on a 586-100 (39.73 bogomips) at about 1900kb/sec; -+ * [measured with a 4MB data and "gpgm --print-md rmd160"] */ -+ u32 x[16]; -+ memcpy( x, data, 64 ); -+ #endif -+ #endif -+ -+ -+#define K0 0x00000000 -+#define K1 0x5A827999 -+#define K2 0x6ED9EBA1 -+#define K3 0x8F1BBCDC -+#define K4 0xA953FD4E -+#define KK0 0x50A28BE6 -+#define KK1 0x5C4DD124 -+#define KK2 0x6D703EF3 -+#define KK3 0x7A6D76E9 -+#define KK4 0x00000000 -+#define F0(x,y,z) ( (x) ^ (y) ^ (z) ) -+#define F1(x,y,z) ( ((x) & (y)) | (~(x) & (z)) ) -+#define F2(x,y,z) ( ((x) | ~(y)) ^ (z) ) -+#define F3(x,y,z) ( ((x) & (z)) | ((y) & ~(z)) ) -+#define F4(x,y,z) ( (x) ^ ((y) | ~(z)) ) -+#define R(a,b,c,d,e,f,k,r,s) do { t = a + f(b,c,d) + k + x[r]; \ -+ a = rol(t,s) + e; \ -+ c = rol(c,10); \ -+ } while(0) -+ -+ /* left lane */ -+ a = hd->h0; -+ b = hd->h1; -+ c = hd->h2; -+ d = hd->h3; -+ e = hd->h4; -+ R( a, b, c, d, e, F0, K0, 0, 11 ); -+ R( e, a, b, c, d, F0, K0, 1, 14 ); -+ R( d, e, a, b, c, F0, K0, 2, 15 ); -+ R( c, d, e, a, b, F0, K0, 3, 12 ); -+ R( b, c, d, e, a, F0, K0, 4, 5 ); -+ R( a, b, c, d, e, F0, K0, 5, 8 ); -+ R( e, a, b, c, d, F0, K0, 6, 7 ); -+ R( d, e, a, b, c, F0, K0, 7, 9 ); -+ R( c, d, e, a, b, F0, K0, 8, 11 ); -+ R( b, c, d, e, a, F0, K0, 9, 13 ); -+ R( a, b, c, d, e, F0, K0, 10, 14 ); -+ R( e, a, b, c, d, F0, K0, 11, 15 ); -+ R( d, e, a, b, c, F0, K0, 12, 6 ); -+ R( c, d, e, a, b, F0, K0, 13, 7 ); -+ R( b, c, d, e, a, F0, K0, 14, 9 ); -+ R( a, b, c, d, e, F0, K0, 15, 8 ); -+ R( e, a, b, c, d, F1, K1, 7, 7 ); -+ R( d, e, a, b, c, F1, K1, 4, 6 ); -+ R( c, d, e, a, b, F1, K1, 13, 8 ); -+ R( b, c, d, e, a, F1, K1, 1, 13 ); -+ R( a, b, c, d, e, F1, K1, 10, 11 ); -+ R( e, a, b, c, d, F1, K1, 6, 9 ); -+ R( d, e, a, b, c, F1, K1, 15, 7 ); -+ R( c, d, e, a, b, F1, K1, 3, 15 ); -+ R( b, c, d, e, a, F1, K1, 12, 7 ); -+ R( a, b, c, d, e, F1, K1, 0, 12 ); -+ R( e, a, b, c, d, F1, K1, 9, 15 ); -+ R( d, e, a, b, c, F1, K1, 5, 9 ); -+ R( c, d, e, a, b, F1, K1, 2, 11 ); -+ R( b, c, d, e, a, F1, K1, 14, 7 ); -+ R( a, b, c, d, e, F1, K1, 11, 13 ); -+ R( e, a, b, c, d, F1, K1, 8, 12 ); -+ R( d, e, a, b, c, F2, K2, 3, 11 ); -+ R( c, d, e, a, b, F2, K2, 10, 13 ); -+ R( b, c, d, e, a, F2, K2, 14, 6 ); -+ R( a, b, c, d, e, F2, K2, 4, 7 ); -+ R( e, a, b, c, d, F2, K2, 9, 14 ); -+ R( d, e, a, b, c, F2, K2, 15, 9 ); -+ R( c, d, e, a, b, F2, K2, 8, 13 ); -+ R( b, c, d, e, a, F2, K2, 1, 15 ); -+ R( a, b, c, d, e, F2, K2, 2, 14 ); -+ R( e, a, b, c, d, F2, K2, 7, 8 ); -+ R( d, e, a, b, c, F2, K2, 0, 13 ); -+ R( c, d, e, a, b, F2, K2, 6, 6 ); -+ R( b, c, d, e, a, F2, K2, 13, 5 ); -+ R( a, b, c, d, e, F2, K2, 11, 12 ); -+ R( e, a, b, c, d, F2, K2, 5, 7 ); -+ R( d, e, a, b, c, F2, K2, 12, 5 ); -+ R( c, d, e, a, b, F3, K3, 1, 11 ); -+ R( b, c, d, e, a, F3, K3, 9, 12 ); -+ R( a, b, c, d, e, F3, K3, 11, 14 ); -+ R( e, a, b, c, d, F3, K3, 10, 15 ); -+ R( d, e, a, b, c, F3, K3, 0, 14 ); -+ R( c, d, e, a, b, F3, K3, 8, 15 ); -+ R( b, c, d, e, a, F3, K3, 12, 9 ); -+ R( a, b, c, d, e, F3, K3, 4, 8 ); -+ R( e, a, b, c, d, F3, K3, 13, 9 ); -+ R( d, e, a, b, c, F3, K3, 3, 14 ); -+ R( c, d, e, a, b, F3, K3, 7, 5 ); -+ R( b, c, d, e, a, F3, K3, 15, 6 ); -+ R( a, b, c, d, e, F3, K3, 14, 8 ); -+ R( e, a, b, c, d, F3, K3, 5, 6 ); -+ R( d, e, a, b, c, F3, K3, 6, 5 ); -+ R( c, d, e, a, b, F3, K3, 2, 12 ); -+ R( b, c, d, e, a, F4, K4, 4, 9 ); -+ R( a, b, c, d, e, F4, K4, 0, 15 ); -+ R( e, a, b, c, d, F4, K4, 5, 5 ); -+ R( d, e, a, b, c, F4, K4, 9, 11 ); -+ R( c, d, e, a, b, F4, K4, 7, 6 ); -+ R( b, c, d, e, a, F4, K4, 12, 8 ); -+ R( a, b, c, d, e, F4, K4, 2, 13 ); -+ R( e, a, b, c, d, F4, K4, 10, 12 ); -+ R( d, e, a, b, c, F4, K4, 14, 5 ); -+ R( c, d, e, a, b, F4, K4, 1, 12 ); -+ R( b, c, d, e, a, F4, K4, 3, 13 ); -+ R( a, b, c, d, e, F4, K4, 8, 14 ); -+ R( e, a, b, c, d, F4, K4, 11, 11 ); -+ R( d, e, a, b, c, F4, K4, 6, 8 ); -+ R( c, d, e, a, b, F4, K4, 15, 5 ); -+ R( b, c, d, e, a, F4, K4, 13, 6 ); -+ -+ aa = a; bb = b; cc = c; dd = d; ee = e; -+ -+ /* right lane */ -+ a = hd->h0; -+ b = hd->h1; -+ c = hd->h2; -+ d = hd->h3; -+ e = hd->h4; -+ R( a, b, c, d, e, F4, KK0, 5, 8); -+ R( e, a, b, c, d, F4, KK0, 14, 9); -+ R( d, e, a, b, c, F4, KK0, 7, 9); -+ R( c, d, e, a, b, F4, KK0, 0, 11); -+ R( b, c, d, e, a, F4, KK0, 9, 13); -+ R( a, b, c, d, e, F4, KK0, 2, 15); -+ R( e, a, b, c, d, F4, KK0, 11, 15); -+ R( d, e, a, b, c, F4, KK0, 4, 5); -+ R( c, d, e, a, b, F4, KK0, 13, 7); -+ R( b, c, d, e, a, F4, KK0, 6, 7); -+ R( a, b, c, d, e, F4, KK0, 15, 8); -+ R( e, a, b, c, d, F4, KK0, 8, 11); -+ R( d, e, a, b, c, F4, KK0, 1, 14); -+ R( c, d, e, a, b, F4, KK0, 10, 14); -+ R( b, c, d, e, a, F4, KK0, 3, 12); -+ R( a, b, c, d, e, F4, KK0, 12, 6); -+ R( e, a, b, c, d, F3, KK1, 6, 9); -+ R( d, e, a, b, c, F3, KK1, 11, 13); -+ R( c, d, e, a, b, F3, KK1, 3, 15); -+ R( b, c, d, e, a, F3, KK1, 7, 7); -+ R( a, b, c, d, e, F3, KK1, 0, 12); -+ R( e, a, b, c, d, F3, KK1, 13, 8); -+ R( d, e, a, b, c, F3, KK1, 5, 9); -+ R( c, d, e, a, b, F3, KK1, 10, 11); -+ R( b, c, d, e, a, F3, KK1, 14, 7); -+ R( a, b, c, d, e, F3, KK1, 15, 7); -+ R( e, a, b, c, d, F3, KK1, 8, 12); -+ R( d, e, a, b, c, F3, KK1, 12, 7); -+ R( c, d, e, a, b, F3, KK1, 4, 6); -+ R( b, c, d, e, a, F3, KK1, 9, 15); -+ R( a, b, c, d, e, F3, KK1, 1, 13); -+ R( e, a, b, c, d, F3, KK1, 2, 11); -+ R( d, e, a, b, c, F2, KK2, 15, 9); -+ R( c, d, e, a, b, F2, KK2, 5, 7); -+ R( b, c, d, e, a, F2, KK2, 1, 15); -+ R( a, b, c, d, e, F2, KK2, 3, 11); -+ R( e, a, b, c, d, F2, KK2, 7, 8); -+ R( d, e, a, b, c, F2, KK2, 14, 6); -+ R( c, d, e, a, b, F2, KK2, 6, 6); -+ R( b, c, d, e, a, F2, KK2, 9, 14); -+ R( a, b, c, d, e, F2, KK2, 11, 12); -+ R( e, a, b, c, d, F2, KK2, 8, 13); -+ R( d, e, a, b, c, F2, KK2, 12, 5); -+ R( c, d, e, a, b, F2, KK2, 2, 14); -+ R( b, c, d, e, a, F2, KK2, 10, 13); -+ R( a, b, c, d, e, F2, KK2, 0, 13); -+ R( e, a, b, c, d, F2, KK2, 4, 7); -+ R( d, e, a, b, c, F2, KK2, 13, 5); -+ R( c, d, e, a, b, F1, KK3, 8, 15); -+ R( b, c, d, e, a, F1, KK3, 6, 5); -+ R( a, b, c, d, e, F1, KK3, 4, 8); -+ R( e, a, b, c, d, F1, KK3, 1, 11); -+ R( d, e, a, b, c, F1, KK3, 3, 14); -+ R( c, d, e, a, b, F1, KK3, 11, 14); -+ R( b, c, d, e, a, F1, KK3, 15, 6); -+ R( a, b, c, d, e, F1, KK3, 0, 14); -+ R( e, a, b, c, d, F1, KK3, 5, 6); -+ R( d, e, a, b, c, F1, KK3, 12, 9); -+ R( c, d, e, a, b, F1, KK3, 2, 12); -+ R( b, c, d, e, a, F1, KK3, 13, 9); -+ R( a, b, c, d, e, F1, KK3, 9, 12); -+ R( e, a, b, c, d, F1, KK3, 7, 5); -+ R( d, e, a, b, c, F1, KK3, 10, 15); -+ R( c, d, e, a, b, F1, KK3, 14, 8); -+ R( b, c, d, e, a, F0, KK4, 12, 8); -+ R( a, b, c, d, e, F0, KK4, 15, 5); -+ R( e, a, b, c, d, F0, KK4, 10, 12); -+ R( d, e, a, b, c, F0, KK4, 4, 9); -+ R( c, d, e, a, b, F0, KK4, 1, 12); -+ R( b, c, d, e, a, F0, KK4, 5, 5); -+ R( a, b, c, d, e, F0, KK4, 8, 14); -+ R( e, a, b, c, d, F0, KK4, 7, 6); -+ R( d, e, a, b, c, F0, KK4, 6, 8); -+ R( c, d, e, a, b, F0, KK4, 2, 13); -+ R( b, c, d, e, a, F0, KK4, 13, 6); -+ R( a, b, c, d, e, F0, KK4, 14, 5); -+ R( e, a, b, c, d, F0, KK4, 0, 15); -+ R( d, e, a, b, c, F0, KK4, 3, 13); -+ R( c, d, e, a, b, F0, KK4, 9, 11); -+ R( b, c, d, e, a, F0, KK4, 11, 11); -+ -+ -+ t = hd->h1 + d + cc; -+ hd->h1 = hd->h2 + e + dd; -+ hd->h2 = hd->h3 + a + ee; -+ hd->h3 = hd->h4 + b + aa; -+ hd->h4 = hd->h0 + c + bb; -+ hd->h0 = t; -+} -+ -+ -+/* Update the message digest with the contents -+ * of INBUF with length INLEN. -+ */ -+static void -+rmd160_write( RMD160_CONTEXT *hd, byte *inbuf, size_t inlen) -+{ -+ if( hd->count == 64 ) { /* flush the buffer */ -+ transform( hd, hd->buf ); -+ hd->count = 0; -+ hd->nblocks++; -+ } -+ if( !inbuf ) -+ return; -+ if( hd->count ) { -+ for( ; inlen && hd->count < 64; inlen-- ) -+ hd->buf[hd->count++] = *inbuf++; -+ rmd160_write( hd, NULL, 0 ); -+ if( !inlen ) -+ return; -+ } -+ -+ while( inlen >= 64 ) { -+ transform( hd, inbuf ); -+ hd->count = 0; -+ hd->nblocks++; -+ inlen -= 64; -+ inbuf += 64; -+ } -+ for( ; inlen && hd->count < 64; inlen-- ) -+ hd->buf[hd->count++] = *inbuf++; -+} -+ -+/* The routine terminates the computation -+ */ -+ -+static void -+rmd160_final( RMD160_CONTEXT *hd ) -+{ -+ u32 t, msb, lsb; -+ byte *p; -+ -+ rmd160_write(hd, NULL, 0); /* flush */; -+ -+ msb = 0; -+ t = hd->nblocks; -+ if( (lsb = t << 6) < t ) /* multiply by 64 to make a byte count */ -+ msb++; -+ msb += t >> 26; -+ t = lsb; -+ if( (lsb = t + hd->count) < t ) /* add the count */ -+ msb++; -+ t = lsb; -+ if( (lsb = t << 3) < t ) /* multiply by 8 to make a bit count */ -+ msb++; -+ msb += t >> 29; -+ -+ if( hd->count < 56 ) { /* enough room */ -+ hd->buf[hd->count++] = 0x80; /* pad */ -+ while( hd->count < 56 ) -+ hd->buf[hd->count++] = 0; /* pad */ -+ } -+ else { /* need one extra block */ -+ hd->buf[hd->count++] = 0x80; /* pad character */ -+ while( hd->count < 64 ) -+ hd->buf[hd->count++] = 0; -+ rmd160_write(hd, NULL, 0); /* flush */; -+ memset(hd->buf, 0, 56 ); /* fill next block with zeroes */ -+ } -+ /* append the 64 bit count */ -+ hd->buf[56] = lsb ; -+ hd->buf[57] = lsb >> 8; -+ hd->buf[58] = lsb >> 16; -+ hd->buf[59] = lsb >> 24; -+ hd->buf[60] = msb ; -+ hd->buf[61] = msb >> 8; -+ hd->buf[62] = msb >> 16; -+ hd->buf[63] = msb >> 24; -+ transform( hd, hd->buf ); -+ -+ p = hd->buf; -+ #if BYTE_ORDER == BIG_ENDIAN -+ #define X(a) do { *p++ = hd->h##a ; *p++ = hd->h##a >> 8; \ -+ *p++ = hd->h##a >> 16; *p++ = hd->h##a >> 24; } while(0) -+ #else /* little endian */ -+ #define X(a) do { *(u32*)p = hd->h##a ; p += 4; } while(0) -+ #endif -+ X(0); -+ X(1); -+ X(2); -+ X(3); -+ X(4); -+ #undef X -+} -+ -+/**************** -+ * Shortcut functions which puts the hash value of the supplied buffer -+ * into outbuf which must have a size of 20 bytes. -+ */ -+void -+__loDev_rmd160_hash_buffer( char *outbuf, const char *buffer, size_t length ) -+{ -+ RMD160_CONTEXT hd; -+ -+ rmd160_init( &hd ); -+ rmd160_write( &hd, (byte*)buffer, length ); -+ rmd160_final( &hd ); -+ memcpy( outbuf, hd.buf, 20 ); -+} -diff -urN util-linux-2.34/libmount/src/rmd160.h util-linux-2.34-AES/libmount/src/rmd160.h ---- util-linux-2.34/libmount/src/rmd160.h 1970-01-01 02:00:00.000000000 +0200 -+++ util-linux-2.34-AES/libmount/src/rmd160.h 2019-07-11 09:31:03.213081128 +0300 -@@ -0,0 +1,9 @@ -+#ifndef RMD160_H -+#define RMD160_H -+ -+void -+__loDev_rmd160_hash_buffer( char *outbuf, const char *buffer, size_t length ); -+ -+#endif /*RMD160_H*/ -+ -+ -diff -urN util-linux-2.34/libmount/src/sha512.c util-linux-2.34-AES/libmount/src/sha512.c ---- util-linux-2.34/libmount/src/sha512.c 1970-01-01 02:00:00.000000000 +0200 -+++ util-linux-2.34-AES/libmount/src/sha512.c 2019-07-11 09:31:03.213081128 +0300 -@@ -0,0 +1,432 @@ -+/* -+ * sha512.c -+ * -+ * Written by Jari Ruusu, April 16 2001 -+ * -+ * Copyright 2001 by Jari Ruusu. -+ * Redistribution of this file is permitted under the GNU Public License. -+ */ -+ -+#include <string.h> -+#include <sys/types.h> -+#include "sha512.h" -+ -+/* Define one or more of these. If none is defined, you get all of them */ -+#if !defined(SHA256_NEEDED)&&!defined(SHA512_NEEDED)&&!defined(SHA384_NEEDED) -+# define SHA256_NEEDED 1 -+# define SHA512_NEEDED 1 -+# define SHA384_NEEDED 1 -+#endif -+ -+#if defined(SHA256_NEEDED) -+static const u_int32_t sha256_hashInit[8] = { -+ 0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, 0x510e527f, 0x9b05688c, -+ 0x1f83d9ab, 0x5be0cd19 -+}; -+static const u_int32_t sha256_K[64] = { -+ 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, -+ 0x923f82a4, 0xab1c5ed5, 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, -+ 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, 0xe49b69c1, 0xefbe4786, -+ 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, -+ 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, -+ 0x06ca6351, 0x14292967, 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, -+ 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, 0xa2bfe8a1, 0xa81a664b, -+ 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, -+ 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, -+ 0x5b9cca4f, 0x682e6ff3, 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, -+ 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2 -+}; -+#endif -+ -+#if defined(SHA512_NEEDED) -+static const u_int64_t sha512_hashInit[8] = { -+ 0x6a09e667f3bcc908ULL, 0xbb67ae8584caa73bULL, 0x3c6ef372fe94f82bULL, -+ 0xa54ff53a5f1d36f1ULL, 0x510e527fade682d1ULL, 0x9b05688c2b3e6c1fULL, -+ 0x1f83d9abfb41bd6bULL, 0x5be0cd19137e2179ULL -+}; -+#endif -+ -+#if defined(SHA384_NEEDED) -+static const u_int64_t sha384_hashInit[8] = { -+ 0xcbbb9d5dc1059ed8ULL, 0x629a292a367cd507ULL, 0x9159015a3070dd17ULL, -+ 0x152fecd8f70e5939ULL, 0x67332667ffc00b31ULL, 0x8eb44a8768581511ULL, -+ 0xdb0c2e0d64f98fa7ULL, 0x47b5481dbefa4fa4ULL -+}; -+#endif -+ -+#if defined(SHA512_NEEDED) || defined(SHA384_NEEDED) -+static const u_int64_t sha512_K[80] = { -+ 0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL, 0xb5c0fbcfec4d3b2fULL, -+ 0xe9b5dba58189dbbcULL, 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL, -+ 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL, 0xd807aa98a3030242ULL, -+ 0x12835b0145706fbeULL, 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL, -+ 0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL, 0x9bdc06a725c71235ULL, -+ 0xc19bf174cf692694ULL, 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL, -+ 0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL, 0x2de92c6f592b0275ULL, -+ 0x4a7484aa6ea6e483ULL, 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL, -+ 0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL, 0xb00327c898fb213fULL, -+ 0xbf597fc7beef0ee4ULL, 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL, -+ 0x06ca6351e003826fULL, 0x142929670a0e6e70ULL, 0x27b70a8546d22ffcULL, -+ 0x2e1b21385c26c926ULL, 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL, -+ 0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL, 0x81c2c92e47edaee6ULL, -+ 0x92722c851482353bULL, 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL, -+ 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL, 0xd192e819d6ef5218ULL, -+ 0xd69906245565a910ULL, 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL, -+ 0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL, 0x2748774cdf8eeb99ULL, -+ 0x34b0bcb5e19b48a8ULL, 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL, -+ 0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL, 0x748f82ee5defb2fcULL, -+ 0x78a5636f43172f60ULL, 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL, -+ 0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL, 0xbef9a3f7b2c67915ULL, -+ 0xc67178f2e372532bULL, 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL, -+ 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL, 0x06f067aa72176fbaULL, -+ 0x0a637dc5a2c898a6ULL, 0x113f9804bef90daeULL, 0x1b710b35131c471bULL, -+ 0x28db77f523047d84ULL, 0x32caab7b40c72493ULL, 0x3c9ebe0a15c9bebcULL, -+ 0x431d67c49c100d4cULL, 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL, -+ 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL -+}; -+#endif -+ -+#define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) -+#define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) -+#define R(x,y) ((y) >> (x)) -+ -+#if defined(SHA256_NEEDED) -+void __loDev_sha256_init(sha256_context *ctx) -+{ -+ memcpy(&ctx->sha_H[0], &sha256_hashInit[0], sizeof(ctx->sha_H)); -+ ctx->sha_blocks = 0; -+ ctx->sha_bufCnt = 0; -+} -+ -+#define S(x,y) (((y) >> (x)) | ((y) << (32 - (x)))) -+#define uSig0(x) ((S(2,(x))) ^ (S(13,(x))) ^ (S(22,(x)))) -+#define uSig1(x) ((S(6,(x))) ^ (S(11,(x))) ^ (S(25,(x)))) -+#define lSig0(x) ((S(7,(x))) ^ (S(18,(x))) ^ (R(3,(x)))) -+#define lSig1(x) ((S(17,(x))) ^ (S(19,(x))) ^ (R(10,(x)))) -+ -+static void sha256_transform(sha256_context *ctx, unsigned char *datap) -+{ -+ register int j; -+ u_int32_t a, b, c, d, e, f, g, h; -+ u_int32_t T1, T2, W[64], Wm2, Wm15; -+ -+ /* read the data, big endian byte order */ -+ j = 0; -+ do { -+ W[j] = (((u_int32_t)(datap[0]))<<24) | (((u_int32_t)(datap[1]))<<16) | -+ (((u_int32_t)(datap[2]))<<8 ) | ((u_int32_t)(datap[3])); -+ datap += 4; -+ } while(++j < 16); -+ -+ /* initialize variables a...h */ -+ a = ctx->sha_H[0]; -+ b = ctx->sha_H[1]; -+ c = ctx->sha_H[2]; -+ d = ctx->sha_H[3]; -+ e = ctx->sha_H[4]; -+ f = ctx->sha_H[5]; -+ g = ctx->sha_H[6]; -+ h = ctx->sha_H[7]; -+ -+ /* apply compression function */ -+ j = 0; -+ do { -+ if(j >= 16) { -+ Wm2 = W[j - 2]; -+ Wm15 = W[j - 15]; -+ W[j] = lSig1(Wm2) + W[j - 7] + lSig0(Wm15) + W[j - 16]; -+ } -+ T1 = h + uSig1(e) + Ch(e,f,g) + sha256_K[j] + W[j]; -+ T2 = uSig0(a) + Maj(a,b,c); -+ h = g; g = f; f = e; -+ e = d + T1; -+ d = c; c = b; b = a; -+ a = T1 + T2; -+ } while(++j < 64); -+ -+ /* compute intermediate hash value */ -+ ctx->sha_H[0] += a; -+ ctx->sha_H[1] += b; -+ ctx->sha_H[2] += c; -+ ctx->sha_H[3] += d; -+ ctx->sha_H[4] += e; -+ ctx->sha_H[5] += f; -+ ctx->sha_H[6] += g; -+ ctx->sha_H[7] += h; -+ -+ ctx->sha_blocks++; -+} -+ -+void __loDev_sha256_write(sha256_context *ctx, unsigned char *datap, int length) -+{ -+ while(length > 0) { -+ if(!ctx->sha_bufCnt) { -+ while(length >= (int) sizeof(ctx->sha_out)) { -+ sha256_transform(ctx, datap); -+ datap += sizeof(ctx->sha_out); -+ length -= sizeof(ctx->sha_out); -+ } -+ if(!length) return; -+ } -+ ctx->sha_out[ctx->sha_bufCnt] = *datap++; -+ length--; -+ if(++ctx->sha_bufCnt == sizeof(ctx->sha_out)) { -+ sha256_transform(ctx, &ctx->sha_out[0]); -+ ctx->sha_bufCnt = 0; -+ } -+ } -+} -+ -+void __loDev_sha256_final(sha256_context *ctx) -+{ -+ register int j; -+ u_int64_t bitLength; -+ u_int32_t i; -+ unsigned char padByte, *datap; -+ -+ bitLength = (ctx->sha_blocks << 9) | (ctx->sha_bufCnt << 3); -+ padByte = 0x80; -+ __loDev_sha256_write(ctx, &padByte, 1); -+ -+ /* pad extra space with zeroes */ -+ padByte = 0; -+ while(ctx->sha_bufCnt != 56) { -+ __loDev_sha256_write(ctx, &padByte, 1); -+ } -+ -+ /* write bit length, big endian byte order */ -+ ctx->sha_out[56] = bitLength >> 56; -+ ctx->sha_out[57] = bitLength >> 48; -+ ctx->sha_out[58] = bitLength >> 40; -+ ctx->sha_out[59] = bitLength >> 32; -+ ctx->sha_out[60] = bitLength >> 24; -+ ctx->sha_out[61] = bitLength >> 16; -+ ctx->sha_out[62] = bitLength >> 8; -+ ctx->sha_out[63] = bitLength; -+ sha256_transform(ctx, &ctx->sha_out[0]); -+ -+ /* return results in ctx->sha_out[0...31] */ -+ datap = &ctx->sha_out[0]; -+ j = 0; -+ do { -+ i = ctx->sha_H[j]; -+ datap[0] = i >> 24; -+ datap[1] = i >> 16; -+ datap[2] = i >> 8; -+ datap[3] = i; -+ datap += 4; -+ } while(++j < 8); -+ -+ /* clear sensitive information */ -+ memset(&ctx->sha_out[32], 0, sizeof(sha256_context) - 32); -+} -+ -+void __loDev_sha256_hash_buffer(unsigned char *ib, int ile, unsigned char *ob, int ole) -+{ -+ sha256_context ctx; -+ -+ if(ole < 1) return; -+ memset(ob, 0, ole); -+ if(ole > 32) ole = 32; -+ __loDev_sha256_init(&ctx); -+ __loDev_sha256_write(&ctx, ib, ile); -+ __loDev_sha256_final(&ctx); -+ memcpy(ob, &ctx.sha_out[0], ole); -+ memset(&ctx, 0, sizeof(ctx)); -+} -+ -+#endif -+ -+#if defined(SHA512_NEEDED) -+void __loDev_sha512_init(sha512_context *ctx) -+{ -+ memcpy(&ctx->sha_H[0], &sha512_hashInit[0], sizeof(ctx->sha_H)); -+ ctx->sha_blocks = 0; -+ ctx->sha_blocksMSB = 0; -+ ctx->sha_bufCnt = 0; -+} -+#endif -+ -+#if defined(SHA512_NEEDED) || defined(SHA384_NEEDED) -+#undef S -+#undef uSig0 -+#undef uSig1 -+#undef lSig0 -+#undef lSig1 -+#define S(x,y) (((y) >> (x)) | ((y) << (64 - (x)))) -+#define uSig0(x) ((S(28,(x))) ^ (S(34,(x))) ^ (S(39,(x)))) -+#define uSig1(x) ((S(14,(x))) ^ (S(18,(x))) ^ (S(41,(x)))) -+#define lSig0(x) ((S(1,(x))) ^ (S(8,(x))) ^ (R(7,(x)))) -+#define lSig1(x) ((S(19,(x))) ^ (S(61,(x))) ^ (R(6,(x)))) -+ -+static void sha512_transform(sha512_context *ctx, unsigned char *datap) -+{ -+ register int j; -+ u_int64_t a, b, c, d, e, f, g, h; -+ u_int64_t T1, T2, W[80], Wm2, Wm15; -+ -+ /* read the data, big endian byte order */ -+ j = 0; -+ do { -+ W[j] = (((u_int64_t)(datap[0]))<<56) | (((u_int64_t)(datap[1]))<<48) | -+ (((u_int64_t)(datap[2]))<<40) | (((u_int64_t)(datap[3]))<<32) | -+ (((u_int64_t)(datap[4]))<<24) | (((u_int64_t)(datap[5]))<<16) | -+ (((u_int64_t)(datap[6]))<<8 ) | ((u_int64_t)(datap[7])); -+ datap += 8; -+ } while(++j < 16); -+ -+ /* initialize variables a...h */ -+ a = ctx->sha_H[0]; -+ b = ctx->sha_H[1]; -+ c = ctx->sha_H[2]; -+ d = ctx->sha_H[3]; -+ e = ctx->sha_H[4]; -+ f = ctx->sha_H[5]; -+ g = ctx->sha_H[6]; -+ h = ctx->sha_H[7]; -+ -+ /* apply compression function */ -+ j = 0; -+ do { -+ if(j >= 16) { -+ Wm2 = W[j - 2]; -+ Wm15 = W[j - 15]; -+ W[j] = lSig1(Wm2) + W[j - 7] + lSig0(Wm15) + W[j - 16]; -+ } -+ T1 = h + uSig1(e) + Ch(e,f,g) + sha512_K[j] + W[j]; -+ T2 = uSig0(a) + Maj(a,b,c); -+ h = g; g = f; f = e; -+ e = d + T1; -+ d = c; c = b; b = a; -+ a = T1 + T2; -+ } while(++j < 80); -+ -+ /* compute intermediate hash value */ -+ ctx->sha_H[0] += a; -+ ctx->sha_H[1] += b; -+ ctx->sha_H[2] += c; -+ ctx->sha_H[3] += d; -+ ctx->sha_H[4] += e; -+ ctx->sha_H[5] += f; -+ ctx->sha_H[6] += g; -+ ctx->sha_H[7] += h; -+ -+ ctx->sha_blocks++; -+ if(!ctx->sha_blocks) ctx->sha_blocksMSB++; -+} -+ -+void __loDev_sha512_write(sha512_context *ctx, unsigned char *datap, int length) -+{ -+ while(length > 0) { -+ if(!ctx->sha_bufCnt) { -+ while(length >= (int) sizeof(ctx->sha_out)) { -+ sha512_transform(ctx, datap); -+ datap += sizeof(ctx->sha_out); -+ length -= sizeof(ctx->sha_out); -+ } -+ if(!length) return; -+ } -+ ctx->sha_out[ctx->sha_bufCnt] = *datap++; -+ length--; -+ if(++ctx->sha_bufCnt == sizeof(ctx->sha_out)) { -+ sha512_transform(ctx, &ctx->sha_out[0]); -+ ctx->sha_bufCnt = 0; -+ } -+ } -+} -+ -+void __loDev_sha512_final(sha512_context *ctx) -+{ -+ register int j; -+ u_int64_t bitLength, bitLengthMSB; -+ u_int64_t i; -+ unsigned char padByte, *datap; -+ -+ bitLength = (ctx->sha_blocks << 10) | (ctx->sha_bufCnt << 3); -+ bitLengthMSB = (ctx->sha_blocksMSB << 10) | (ctx->sha_blocks >> 54); -+ padByte = 0x80; -+ __loDev_sha512_write(ctx, &padByte, 1); -+ -+ /* pad extra space with zeroes */ -+ padByte = 0; -+ while(ctx->sha_bufCnt != 112) { -+ __loDev_sha512_write(ctx, &padByte, 1); -+ } -+ -+ /* write bit length, big endian byte order */ -+ ctx->sha_out[112] = bitLengthMSB >> 56; -+ ctx->sha_out[113] = bitLengthMSB >> 48; -+ ctx->sha_out[114] = bitLengthMSB >> 40; -+ ctx->sha_out[115] = bitLengthMSB >> 32; -+ ctx->sha_out[116] = bitLengthMSB >> 24; -+ ctx->sha_out[117] = bitLengthMSB >> 16; -+ ctx->sha_out[118] = bitLengthMSB >> 8; -+ ctx->sha_out[119] = bitLengthMSB; -+ ctx->sha_out[120] = bitLength >> 56; -+ ctx->sha_out[121] = bitLength >> 48; -+ ctx->sha_out[122] = bitLength >> 40; -+ ctx->sha_out[123] = bitLength >> 32; -+ ctx->sha_out[124] = bitLength >> 24; -+ ctx->sha_out[125] = bitLength >> 16; -+ ctx->sha_out[126] = bitLength >> 8; -+ ctx->sha_out[127] = bitLength; -+ sha512_transform(ctx, &ctx->sha_out[0]); -+ -+ /* return results in ctx->sha_out[0...63] */ -+ datap = &ctx->sha_out[0]; -+ j = 0; -+ do { -+ i = ctx->sha_H[j]; -+ datap[0] = i >> 56; -+ datap[1] = i >> 48; -+ datap[2] = i >> 40; -+ datap[3] = i >> 32; -+ datap[4] = i >> 24; -+ datap[5] = i >> 16; -+ datap[6] = i >> 8; -+ datap[7] = i; -+ datap += 8; -+ } while(++j < 8); -+ -+ /* clear sensitive information */ -+ memset(&ctx->sha_out[64], 0, sizeof(sha512_context) - 64); -+} -+ -+void __loDev_sha512_hash_buffer(unsigned char *ib, int ile, unsigned char *ob, int ole) -+{ -+ sha512_context ctx; -+ -+ if(ole < 1) return; -+ memset(ob, 0, ole); -+ if(ole > 64) ole = 64; -+ __loDev_sha512_init(&ctx); -+ __loDev_sha512_write(&ctx, ib, ile); -+ __loDev_sha512_final(&ctx); -+ memcpy(ob, &ctx.sha_out[0], ole); -+ memset(&ctx, 0, sizeof(ctx)); -+} -+#endif -+ -+#if defined(SHA384_NEEDED) -+void __loDev_sha384_init(sha512_context *ctx) -+{ -+ memcpy(&ctx->sha_H[0], &sha384_hashInit[0], sizeof(ctx->sha_H)); -+ ctx->sha_blocks = 0; -+ ctx->sha_blocksMSB = 0; -+ ctx->sha_bufCnt = 0; -+} -+ -+void __loDev_sha384_hash_buffer(unsigned char *ib, int ile, unsigned char *ob, int ole) -+{ -+ sha512_context ctx; -+ -+ if(ole < 1) return; -+ memset(ob, 0, ole); -+ if(ole > 48) ole = 48; -+ __loDev_sha384_init(&ctx); -+ __loDev_sha512_write(&ctx, ib, ile); -+ __loDev_sha512_final(&ctx); -+ memcpy(ob, &ctx.sha_out[0], ole); -+ memset(&ctx, 0, sizeof(ctx)); -+} -+#endif -diff -urN util-linux-2.34/libmount/src/sha512.h util-linux-2.34-AES/libmount/src/sha512.h ---- util-linux-2.34/libmount/src/sha512.h 1970-01-01 02:00:00.000000000 +0200 -+++ util-linux-2.34-AES/libmount/src/sha512.h 2019-07-11 09:31:03.213081128 +0300 -@@ -0,0 +1,45 @@ -+/* -+ * sha512.h -+ * -+ * Written by Jari Ruusu, April 16 2001 -+ * -+ * Copyright 2001 by Jari Ruusu. -+ * Redistribution of this file is permitted under the GNU Public License. -+ */ -+ -+#include <sys/types.h> -+ -+typedef struct { -+ unsigned char sha_out[64]; /* results are here, bytes 0...31 */ -+ u_int32_t sha_H[8]; -+ u_int64_t sha_blocks; -+ int sha_bufCnt; -+} sha256_context; -+ -+typedef struct { -+ unsigned char sha_out[128]; /* results are here, bytes 0...63 */ -+ u_int64_t sha_H[8]; -+ u_int64_t sha_blocks; -+ u_int64_t sha_blocksMSB; -+ int sha_bufCnt; -+} sha512_context; -+ -+/* no sha384_context, use sha512_context */ -+ -+/* 256 bit hash, provides 128 bits of security against collision attacks */ -+extern void __loDev_sha256_init(sha256_context *); -+extern void __loDev_sha256_write(sha256_context *, unsigned char *, int); -+extern void __loDev_sha256_final(sha256_context *); -+extern void __loDev_sha256_hash_buffer(unsigned char *, int, unsigned char *, int); -+ -+/* 512 bit hash, provides 256 bits of security against collision attacks */ -+extern void __loDev_sha512_init(sha512_context *); -+extern void __loDev_sha512_write(sha512_context *, unsigned char *, int); -+extern void __loDev_sha512_final(sha512_context *); -+extern void __loDev_sha512_hash_buffer(unsigned char *, int, unsigned char *, int); -+ -+/* 384 bit hash, provides 192 bits of security against collision attacks */ -+extern void __loDev_sha384_init(sha512_context *); -+/* no sha384_write(), use sha512_write() */ -+/* no sha384_final(), use sha512_final(), result in ctx->sha_out[0...47] */ -+extern void __loDev_sha384_hash_buffer(unsigned char *, int, unsigned char *, int); -diff -urN util-linux-2.34/sys-utils/Makemodule.am util-linux-2.34-AES/sys-utils/Makemodule.am ---- util-linux-2.34/sys-utils/Makemodule.am 2019-04-10 14:28:20.658836607 +0300 -+++ util-linux-2.34-AES/sys-utils/Makemodule.am 2019-07-11 09:31:03.214081134 +0300 -@@ -231,7 +231,7 @@ - if BUILD_LOSETUP - sbin_PROGRAMS += losetup - dist_man_MANS += sys-utils/losetup.8 --losetup_SOURCES = sys-utils/losetup.c -+losetup_SOURCES = sys-utils/losetup1.c sys-utils/loop.c libmount/src/sha512.c libmount/src/rmd160.c libmount/src/aes.c - losetup_LDADD = $(LDADD) libcommon.la libsmartcols.la - losetup_CFLAGS = $(AM_CFLAGS) -I$(ul_libsmartcols_incdir) - -@@ -330,6 +330,8 @@ - - swapon_SOURCES = \ - sys-utils/swapon.c \ -+ sys-utils/loop.c \ -+ libmount/src/sha512.c \ - sys-utils/swapon-common.c \ - sys-utils/swapon-common.h \ - lib/swapprober.c \ -@@ -346,6 +348,7 @@ - - swapoff_SOURCES = \ - sys-utils/swapoff.c \ -+ sys-utils/loop.c \ - sys-utils/swapon-common.c \ - sys-utils/swapon-common.h \ - lib/swapprober.c \ -diff -urN util-linux-2.34/sys-utils/loop.c util-linux-2.34-AES/sys-utils/loop.c ---- util-linux-2.34/sys-utils/loop.c 1970-01-01 02:00:00.000000000 +0200 -+++ util-linux-2.34-AES/sys-utils/loop.c 2019-07-11 09:31:03.214081134 +0300 -@@ -0,0 +1,221 @@ -+/* -+ * loop.c -+ * -+ * Copyright 2003 by Jari Ruusu. -+ * Redistribution of this file is permitted under the GNU GPL -+ */ -+ -+/* collection of loop helper functions used by losetup, mount and swapon */ -+ -+#include <stdio.h> -+#include <string.h> -+#include <ctype.h> -+#include <sys/ioctl.h> -+#include <sys/types.h> -+#include <errno.h> -+#include "loop.h" -+ -+static void convert_info_to_info64(struct loop_info *info, struct loop_info64 *info64) -+{ -+ memset(info64, 0, sizeof(*info64)); -+ info64->lo_number = info->lo_number; -+ info64->lo_device = info->lo_device; -+ info64->lo_inode = info->lo_inode; -+ info64->lo_rdevice = info->lo_rdevice; -+ info64->lo_offset = info->lo_offset; -+ info64->lo_encrypt_type = info->lo_encrypt_type; -+ info64->lo_encrypt_key_size = info->lo_encrypt_key_size; -+ info64->lo_flags = info->lo_flags; -+ info64->lo_init[0] = info->lo_init[0]; -+ info64->lo_init[1] = info->lo_init[1]; -+ info64->lo_sizelimit = 0; -+ if (info->lo_encrypt_type == 18) /* LO_CRYPT_CRYPTOAPI */ -+ memcpy(info64->lo_crypt_name, info->lo_name, sizeof(info64->lo_crypt_name)); -+ else -+ memcpy(info64->lo_file_name, info->lo_name, sizeof(info64->lo_file_name)); -+ memcpy(info64->lo_encrypt_key, info->lo_encrypt_key, sizeof(info64->lo_encrypt_key)); -+} -+ -+static int convert_info64_to_info(struct loop_info64 *info64, struct loop_info *info) -+{ -+ memset(info, 0, sizeof(*info)); -+ info->lo_number = info64->lo_number; -+ info->lo_device = info64->lo_device; -+ info->lo_inode = info64->lo_inode; -+ info->lo_rdevice = info64->lo_rdevice; -+ info->lo_offset = info64->lo_offset; -+ info->lo_encrypt_type = info64->lo_encrypt_type; -+ info->lo_encrypt_key_size = info64->lo_encrypt_key_size; -+ info->lo_flags = info64->lo_flags; -+ info->lo_init[0] = info64->lo_init[0]; -+ info->lo_init[1] = info64->lo_init[1]; -+ if (info->lo_encrypt_type == 18) /* LO_CRYPT_CRYPTOAPI */ -+ memcpy(info->lo_name, info64->lo_crypt_name, sizeof(info->lo_name)); -+ else -+ memcpy(info->lo_name, info64->lo_file_name, sizeof(info->lo_name)); -+ memcpy(info->lo_encrypt_key, info64->lo_encrypt_key, sizeof(info->lo_encrypt_key)); -+ -+ /* error in case values were truncated */ -+ if (info->lo_device != info64->lo_device || -+ info->lo_rdevice != info64->lo_rdevice || -+ info->lo_inode != info64->lo_inode || -+ (u_int64_t) info->lo_offset != info64->lo_offset || -+ info64->lo_sizelimit) { -+ errno = EOVERFLOW; -+ return -1; -+ } -+ return 0; -+} -+ -+int loop_set_status64_ioctl(int fd, struct loop_info64 *info64) -+{ -+ struct loop_info info; -+ struct loop_info64 tmp; -+ int r; -+ -+ /* -+ * This ugly work around is needed because some -+ * Red Hat kernels are using same ioctl code: -+ * #define LOOP_CHANGE_FD 0x4C04 -+ * vs. -+ * #define LOOP_SET_STATUS64 0x4C04 -+ * that is used by modern loop driver. -+ * -+ * Attempt to detect presense of LOOP_GET_STATUS64 -+ * ioctl before issuing LOOP_SET_STATUS64 ioctl. -+ * Red Hat kernels with above LOOP_CHANGE_FD damage -+ * should return -1 and set errno to EINVAL. -+ */ -+ r = ioctl(fd, LOOP_GET_STATUS64, &tmp); -+ memset(&tmp, 0, sizeof(tmp)); -+ if ((r == 0) || (errno != EINVAL)) { -+ r = ioctl(fd, LOOP_SET_STATUS64, info64); -+ if (!r) -+ return 0; -+ } -+ r = convert_info64_to_info(info64, &info); -+ if (!r) -+ r = ioctl(fd, LOOP_SET_STATUS, &info); -+ -+ /* don't leave copies of encryption key on stack */ -+ memset(&info, 0, sizeof(info)); -+ return r; -+} -+ -+int loop_get_status64_ioctl(int fd, struct loop_info64 *info64) -+{ -+ struct loop_info info; -+ int r; -+ -+ memset(info64, 0, sizeof(*info64)); -+ r = ioctl(fd, LOOP_GET_STATUS64, info64); -+ if (!r) -+ return 0; -+ r = ioctl(fd, LOOP_GET_STATUS, &info); -+ if (!r) -+ convert_info_to_info64(&info, info64); -+ -+ /* don't leave copies of encryption key on stack */ -+ memset(&info, 0, sizeof(info)); -+ return r; -+} -+ -+/* returns: 1=unused 0=busy */ -+int is_unused_loop_device(int fd) -+{ -+ struct loop_info64 info64; -+ struct loop_info info; -+ int r; -+ -+ r = ioctl(fd, LOOP_GET_STATUS64, &info64); -+ memset(&info64, 0, sizeof(info64)); -+ if (!r) -+ return 0; -+ if (errno == ENXIO) -+ return 1; -+ -+ r = ioctl(fd, LOOP_GET_STATUS, &info); -+ memset(&info, 0, sizeof(info)); -+ if (!r) -+ return 0; -+ if (errno == ENXIO) -+ return 1; -+ if (errno == EOVERFLOW) -+ return 0; -+ return 1; -+} -+ -+struct loop_crypt_type_struct loop_crypt_type_tbl[] = { -+ { 0, 0, 0, "no" }, -+ { 0, 0, 0, "none" }, -+ { 1, 0, 0, "xor" }, -+ { 3, 1, 16, "twofish" }, -+ { 4, 1, 16, "blowfish" }, -+ { 7, 1, 16, "serpent" }, -+ { 8, 1, 16, "mars" }, -+ { 11, 3, 16, "rc6" }, -+ { 12, 0, 21, "tripleDES" }, -+ { 12, 0, 24, "3des" }, -+ { 12, 0, 24, "des3_ede" }, -+ { 16, 1, 16, "AES" }, -+ { -1, 0, 0, NULL } -+}; -+ -+static char *getApiName(char *e, int *len) -+{ -+ int x, y, z = 1, q = -1; -+ unsigned char *s; -+ -+ *len = y = 0; -+ s = (unsigned char *)strdup(e); -+ if(!s) -+ return ""; -+ x = strlen((char *)s); -+ while(x > 0) { -+ x--; -+ if(!isdigit(s[x])) -+ break; -+ y += (s[x] - '0') * z; -+ z *= 10; -+ q = x; -+ } -+ while(x >= 0) { -+ s[x] = tolower(s[x]); -+ if(s[x] == '-') -+ s[x] = 0; -+ x--; -+ } -+ if(y >= 40) { -+ if(q >= 0) -+ s[q] = 0; -+ *len = y; -+ } -+ return((char *)s); -+} -+ -+int loop_crypt_type(const char *name, u_int32_t *kbyp, char **apiName) -+{ -+ int i, k; -+ -+ *apiName = getApiName((char *)name, &k); -+ if(k < 0) -+ k = 0; -+ if(k > 256) -+ k = 256; -+ for (i = 0; loop_crypt_type_tbl[i].id != -1; i++) { -+ if (!strcasecmp (*apiName , loop_crypt_type_tbl[i].name)) { -+ *kbyp = k ? k >> 3 : loop_crypt_type_tbl[i].keyBytes; -+ return loop_crypt_type_tbl[i].id; -+ } -+ } -+ *kbyp = 16; /* 128 bits */ -+ return 18; /* LO_CRYPT_CRYPTOAPI */ -+} -+ -+int try_cryptoapi_loop_interface(int fd, struct loop_info64 *loopinfo, char *apiName) -+{ -+ snprintf((char *)loopinfo->lo_crypt_name, sizeof(loopinfo->lo_crypt_name), "%s-cbc", apiName); -+ loopinfo->lo_crypt_name[LO_NAME_SIZE - 1] = 0; -+ loopinfo->lo_encrypt_type = 18; /* LO_CRYPT_CRYPTOAPI */ -+ return(loop_set_status64_ioctl(fd, loopinfo)); -+} -diff -urN util-linux-2.34/sys-utils/loop.h util-linux-2.34-AES/sys-utils/loop.h ---- util-linux-2.34/sys-utils/loop.h 1970-01-01 02:00:00.000000000 +0200 -+++ util-linux-2.34-AES/sys-utils/loop.h 2019-07-11 09:31:03.214081134 +0300 -@@ -0,0 +1,87 @@ -+/* -+ * loop.h -+ * -+ * Copyright 2003 by Jari Ruusu. -+ * Redistribution of this file is permitted under the GNU GPL -+ */ -+ -+#ifndef _LOOP_H -+#define _LOOP_H 1 -+ -+#include <sys/types.h> -+#include <linux/version.h> -+#include <linux/posix_types.h> -+ -+#define LO_CRYPT_NONE 0 -+#define LO_CRYPT_XOR 1 -+#define LO_CRYPT_DES 2 -+#define LO_CRYPT_CRYPTOAPI 18 -+ -+#define LOOP_SET_FD 0x4C00 -+#define LOOP_CLR_FD 0x4C01 -+#define LOOP_SET_STATUS 0x4C02 -+#define LOOP_GET_STATUS 0x4C03 -+#define LOOP_SET_STATUS64 0x4C04 -+#define LOOP_GET_STATUS64 0x4C05 -+#define LOOP_MULTI_KEY_SETUP 0x4C4D -+#define LOOP_MULTI_KEY_SETUP_V3 0x4C4E -+#define LOOP_RECOMPUTE_DEV_SIZE 0x4C52 -+ -+#define LO_NAME_SIZE 64 -+#define LO_KEY_SIZE 32 -+ -+struct loop_info { -+ int lo_number; -+#if LINUX_VERSION_CODE >= 0x20600 -+ __kernel_old_dev_t lo_device; -+#else -+ __kernel_dev_t lo_device; -+#endif -+ unsigned long lo_inode; -+#if LINUX_VERSION_CODE >= 0x20600 -+ __kernel_old_dev_t lo_rdevice; -+#else -+ __kernel_dev_t lo_rdevice; -+#endif -+ int lo_offset; -+ int lo_encrypt_type; -+ int lo_encrypt_key_size; -+ int lo_flags; -+ char lo_name[LO_NAME_SIZE]; -+ unsigned char lo_encrypt_key[LO_KEY_SIZE]; -+ unsigned long lo_init[2]; -+ char reserved[4]; -+}; -+ -+struct loop_info64 { -+ u_int64_t lo_device; /* ioctl r/o */ -+ u_int64_t lo_inode; /* ioctl r/o */ -+ u_int64_t lo_rdevice; /* ioctl r/o */ -+ u_int64_t lo_offset; /* bytes */ -+ u_int64_t lo_sizelimit; /* bytes, 0 == max available */ -+ u_int32_t lo_number; /* ioctl r/o */ -+ u_int32_t lo_encrypt_type; -+ u_int32_t lo_encrypt_key_size; /* ioctl w/o */ -+ u_int32_t lo_flags; /* ioctl r/o */ -+ unsigned char lo_file_name[LO_NAME_SIZE]; -+ unsigned char lo_crypt_name[LO_NAME_SIZE]; -+ unsigned char lo_encrypt_key[LO_KEY_SIZE]; /* ioctl w/o */ -+ u_int64_t lo_init[2]; -+}; -+ -+extern int loop_set_status64_ioctl(int, struct loop_info64 *); -+extern int loop_get_status64_ioctl(int, struct loop_info64 *); -+extern int is_unused_loop_device(int); -+ -+struct loop_crypt_type_struct { -+ short int id; -+ unsigned char flags; /* bit0 = show keybits, bit1 = add '-' before keybits */ -+ unsigned char keyBytes; -+ char *name; -+}; -+ -+extern struct loop_crypt_type_struct loop_crypt_type_tbl[]; -+extern int loop_crypt_type(const char *, u_int32_t *, char **); -+extern int try_cryptoapi_loop_interface(int, struct loop_info64 *, char *); -+ -+#endif -diff -urN util-linux-2.34/sys-utils/losetup.8 util-linux-2.34-AES/sys-utils/losetup.8 ---- util-linux-2.34/sys-utils/losetup.8 2019-04-24 13:42:25.234752668 +0300 -+++ util-linux-2.34-AES/sys-utils/losetup.8 2019-07-11 09:31:03.214081134 +0300 -@@ -1,210 +1,200 @@ --.TH LOSETUP 8 "November 2015" "util-linux" "System Administration" -+.TH LOSETUP 8 "2012-09-24" "Linux" "MAINTENANCE COMMANDS" - .SH NAME - losetup \- set up and control loop devices - .SH SYNOPSIS - .ad l --Get info: --.sp --.in +5 --.B losetup --[\fIloopdev\fP] --.sp --.B losetup -l --.RB [ \-a ] --.sp --.B losetup -j --.I file --.RB [ \-o --.IR offset ] --.sp --.in -5 --Detach a loop device: --.sp --.in +5 --.B "losetup \-d" --.IR loopdev ... --.sp --.in -5 --Detach all associated loop devices: --.sp --.in +5 --.B "losetup \-D" --.sp --.in -5 --Set up a loop device: --.sp --.in +5 --.B losetup --.RB [ \-o --.IR offset ] --.RB [ \-\-sizelimit --.IR size ] --.RB [ \-\-sector\-size --.IR size ] --.in +8 --.RB [ \-Pr ] --.RB [ \-\-show ] " \-f" | \fIloopdev\fP --.I file --.sp --.in -13 --Resize a loop device: --.sp --.in +5 --.B "losetup \-c" --.I loopdev --.in -5 -+.B losetup -+[options] -+.I loop_device -+file -+.br -+.B losetup -F -+[options] -+.I loop_device -+[file] -+.br -+.B losetup -+[ -+.B \-d -+] -+.I loop_device -+.br -+.B losetup -a -+.br -+.B losetup -f -+.br -+.B losetup -+.B \-R -+.I loop_device - .ad b - .SH DESCRIPTION - .B losetup - is used to associate loop devices with regular files or block devices, --to detach loop devices, and to query the status of a loop device. If only the --\fIloopdev\fP argument is given, the status of the corresponding loop --device is shown. If no option is given, all loop devices are shown. --.sp --Note that the old output format (i.e., \fBlosetup -a\fR) with comma-delimited --strings is deprecated in favour of the \fB--list\fR output format. --.sp --It's possible to create more independent loop devices for the same backing --file. --.B This setup may be dangerous, can cause data loss, corruption and overwrites. --Use \fB\-\-nooverlap\fR with \fB\-\-find\fR during setup to avoid this problem. -- -+to detach loop devices and to query the status of a loop device. If only the -+\fIloop_device\fP argument is given, the status of the corresponding loop -+device is shown. - .SH OPTIONS --The \fIsize\fR and \fIoffset\fR --arguments may be followed by the multiplicative suffixes KiB (=1024), --MiB (=1024*1024), and so on for GiB, TiB, PiB, EiB, ZiB and YiB (the "iB" is --optional, e.g., "K" has the same meaning as "KiB") or the suffixes --KB (=1000), MB (=1000*1000), and so on for GB, TB, PB, EB, ZB and YB. -- --.TP --.BR \-a , " \-\-all" --Show the status of all loop devices. Note that not all information is accessible --for non-root users. See also \fB\-\-list\fR. The old output format (as printed --without \fB--list)\fR is deprecated. --.TP --.BR \-d , " \-\-detach " \fIloopdev\fR... --Detach the file or device associated with the specified loop device(s). Note --that since Linux v3.7 kernel uses "lazy device destruction". The detach --operation does not return EBUSY error anymore if device is actively used by --system, but it is marked by autoclear flag and destroyed later. --.TP --.BR \-D , " \-\-detach\-all" --Detach all associated loop devices. --.TP --.BR \-f , " \-\-find " "\fR[\fIfile\fR]" --Find the first unused loop device. If a \fIfile\fR argument is present, use --the found device as loop device. Otherwise, just print its name. --.IP "\fB\-\-show\fP" --Display the name of the assigned loop device if the \fB\-f\fP option and a --\fIfile\fP argument are present. --.TP --.BR \-L , " \-\-nooverlap" --Check for conflicts between loop devices to avoid situation when the same --backing file is shared between more loop devices. If the file is already used --by another device then re-use the device rather than a new one. The option --makes sense only with \fB\-\-find\fP. --.TP --.BR \-j , " \-\-associated " \fIfile\fR " \fR[\fB\-o \fIoffset\fR]" --Show the status of all loop devices associated with the given \fIfile\fR. --.TP --.BR \-o , " \-\-offset " \fIoffset --The data start is moved \fIoffset\fP bytes into the specified file or device. The \fIoffset\fP --may be followed by the multiplicative suffixes; see above. --.IP "\fB\-\-sizelimit \fIsize\fP" --The data end is set to no more than \fIsize\fP bytes after the data start. The \fIsize\fP --may be followed by the multiplicative suffixes; see above. --.TP --.BR \-b , " \-\-sector-size " \fIsize --Set the logical sector size of the loop device in bytes (since Linux 4.14). The --option may be used when create a new loop device as well as stand-alone command --to modify sector size of the already existing loop device. --.TP --.BR \-c , " \-\-set\-capacity " \fIloopdev --Force the loop driver to reread the size of the file associated with the --specified loop device. --.TP --.BR \-P , " \-\-partscan" --Force the kernel to scan the partition table on a newly created loop device. Note that the --partition table parsing depends on sector sizes. The default is sector size is 512 bytes, --otherwise you need to use the option \fB\-\-sector\-size\fR together with \fB\-\-partscan\fR. --.TP --.BR \-r , " \-\-read\-only" --Set up a read-only loop device. --.TP --.BR \-\-direct\-io [ =on | off ] --Enable or disable direct I/O for the backing file. The optional argument --can be either \fBon\fR or \fBoff\fR. If the argument is omitted, it defaults --to \fBon\fR. --.TP --.BR \-v , " \-\-verbose" -+.IP \fB\-a\fP -+Show status of all loop devices. -+.IP "\fB\-C \fIitercountk\fP" -+Runs hashed passphrase through \fIitercountk\fP thousand iterations of AES-256 -+before using it for loop encryption. This consumes lots of CPU cycles at -+loop setup/mount time but not thereafter. In combination with passphrase seed -+this slows down dictionary attacks. Iteration is not done in multi-key mode. -+.IP "\fB\-d\fP" -+Detach the file or device associated with the specified loop device. -+.IP "\fB\-e \fIencryption\fP" -+.RS -+Enable data encryption. Following encryption types are recognized: -+.IP \fBNONE\fP -+Use no encryption (default). -+.PD 0 -+.IP \fBXOR\fP -+Use a simple XOR encryption. -+.IP "\fBAES128 AES\fP" -+Use 128 bit AES encryption. Passphrase is hashed with SHA-256 by default. -+.IP \fBAES192\fP -+Use 192 bit AES encryption. Passphrase is hashed with SHA-384 by default. -+.IP \fBAES256\fP -+Use 256 bit AES encryption. Passphrase is hashed with SHA-512 by default. -+ -+.IP "\fBtwofish128 twofish160 twofish192 twofish256\fP" -+.IP "\fBblowfish128 blowfish160 blowfish192 blowfish256\fP" -+.IP "\fBserpent128 serpent192 serpent256 mars128 mars192\fP" -+.IP "\fBmars256 rc6-128 rc6-192 rc6-256 tripleDES\fP" -+These encryption types are available if they are enabled in kernel -+configuration or corresponding modules have been loaded to kernel. -+.PD -+.RE -+.IP "\fB\-f\fP" -+Find and show next unused loop device. -+.IP "\fB\-F\fP" -+Reads and uses mount options from /etc/fstab that match specified loop -+device, including offset= sizelimit= encryption= pseed= phash= loinit= -+gpgkey= gpghome= cleartextkey= itercountk= and looped to device/file name. -+loop= option in /etc/fstab must match specified loop device name. Command -+line options take precedence in case of conflict. -+.IP "\fB\-G \fIgpghome\fP" -+Set gpg home directory to \fIgpghome\fP, so that gpg uses public/private -+keys on \fIgpghome\fP directory. This is only used when gpgkey file needs to -+be decrypted using public/private keys. If gpgkey file is encrypted with -+symmetric cipher only, public/private keys are not required and this option -+has no effect. -+.IP "\fB\-H \fIphash\fP" -+Uses \fIphash\fP function to hash passphrase. Available hash functions are -+sha256, sha384, sha512 and rmd160. unhashed1 and unhashed2 -+functions also exist for compatibility with some obsolete implementations. -+ -+Hash function random does not ask for passphrase but sets up random keys and -+attempts to put loop to multi-key mode. When random/1777 hash type is used -+as mount option for mount program, mount program will create new file system -+on the loop device and construct initial permissions of file system root -+directory from octal digits that follow the slash character. -+ -+WARNING! DO NOT USE RANDOM HASH TYPE ON PARTITION WITH EXISTING IMPORTANT -+DATA ON IT. RANDOM HASH TYPE WILL DESTROY YOUR DATA. -+.IP "\fB\-I \fIloinit\fP" -+Passes a numeric value of \fIloinit\fP as a parameter to cipher transfer -+function. Cipher transfer functions are free to interpret value as they -+want. -+.IP "\fB\-K \fIgpgkey\fP" -+Passphrase is piped to gpg so that gpg can decrypt file \fIgpgkey\fP which -+contains the real keys that are used to encrypt loop device. If decryption -+requires public/private keys and gpghome is not specified, all users use -+their own gpg public/private keys to decrypt \fIgpgkey\fP. Decrypted -+\fIgpgkey\fP should contain 1 or 64 or 65 keys, each key at least 20 -+characters and separated by newline. If decrypted \fIgpgkey\fP contains 64 -+or 65 keys, then loop device is put to multi-key mode. In multi-key mode -+first key is used for first sector, second key for second sector, and so on. -+65th key, if present, is used as additional input to MD5 IV computation. -+.IP "\fB\-o \fIoffset\fP" -+The data start is moved \fIoffset\fP bytes into the specified file or -+device. Normally offset is included in IV (initialization vector) -+computations. If offset is prefixed with @ character, then offset is not -+included in IV computations. @ prefix functionality may not be supported on -+some older kernels and/or loop drivers. -+.IP "\fB\-p \fIpasswdfd\fP" -+Read the passphrase from file descriptor \fIpasswdfd\fP instead of the -+terminal. If -K option is not being used (no gpg key file), then losetup -+attempts to read 65 keys from \fIpasswdfd\fP, each key at least 20 -+characters and separated by newline. If losetup successfully reads 64 or 65 -+keys, then loop device is put to multi-key mode. If losetup encounters -+end-of-file before 64 keys are read, then only first key is used in -+single-key mode. -+ -+echo SecretPassphraseHere | losetup -p0 -K foo.gpg -e AES128 ... -+ -+In above example, losetup reads passphrase from file descriptor 0 (stdin). -+.IP "\fB\-P \fIcleartextkey\fP" -+Read the passphrase from file \fIcleartextkey\fP instead of the -+terminal. If -K option is not being used (no gpg key file), then losetup -+attempts to read 65 keys from \fIcleartextkey\fP, each key at least 20 -+characters and separated by newline. If losetup successfully reads 64 or 65 -+keys, then loop device is put to multi-key mode. If losetup encounters -+end-of-file before 64 keys are read, then only first key is used in -+single-key mode. If both -p and -P options are used, then -p option takes -+precedence. These are equivalent: -+ -+losetup -p3 -K foo.gpg -e AES128 ... 3<someFileName -+ -+losetup -P someFileName -K foo.gpg -e AES128 ... -+ -+In first line of above example, in addition to normal open file descriptors -+(0==stdin 1==stdout 2==stderr), shell opens the file and passes open file -+descriptor to started losetup program. In second line of above example, -+losetup opens the file itself. -+.IP "\fB\-r\fP" -+Read-only mode. -+.IP "\fB\-R\fP" -+Resize existing, already set up loop device, to new changed underlying -+device size. This option is for changing mounted live file system size on -+LVM volume. This functionality may not be supported on some older kernels -+and/or loop drivers. -+.IP "\fB\-s \fIsizelimit\fP" -+Size of loop device is limited to \fIsizelimit\fP bytes. If unspecified or -+set to zero, loop device size is set to maximum available (file size minus -+offset). This option may not be supported on some older kernels and/or loop -+drivers. -+.IP "\fB\-S \fIpseed\fP" -+Sets encryption passphrase seed \fIpseed\fP which is appended to user supplied -+passphrase before hashing. Using different seeds for different partitions -+makes dictionary attacks slower but does not prevent them if user supplied -+passphrase is guessable. Seed is not used in multi-key mode. -+.IP "\fB\-T\fP" -+Asks passphrase twice. -+.IP "\fB\-v\fP" - Verbose mode. --.TP --.BR \-l , " \-\-list" --If a loop device or the \fB-a\fR option is specified, print the default columns --for either the specified loop device or all loop devices; the default is to --print info about all devices. See also \fB\-\-output\fP, \fB\-\-noheadings\fP, --\fB\-\-raw\fP, and \fB\-\-json\fP. --.TP --.BR \-O , " \-\-output " \fIcolumn\fR[,\fIcolumn\fR]... --Specify the columns that are to be printed for the \fB\-\-list\fP output. --Use \fB\-\-help\fR to get a list of all supported columns. --.TP --.B \-\-output\-all --Output all available columns. --.TP --.BR \-n , " \-\-noheadings" --Don't print headings for \fB\-\-list\fP output format. --.IP "\fB\-\-raw\fP" --Use the raw \fB\-\-list\fP output format. --.TP --.BR \-J , " \-\-json" --Use JSON format for \fB\-\-list\fP output. --.TP --.BR \-V , " \-\-version" --Display version information and exit. --.TP --.BR \-h , " \-\-help" --Display help text and exit. -- --.SH ENCRYPTION --.B Cryptoloop is no longer supported in favor of dm-crypt. --.B For more details see cryptsetup(8). -- - .SH RETURN VALUE - .B losetup --returns 0 on success, nonzero on failure. When -+returns 0 on success, nonzero on failure. When - .B losetup - displays the status of a loop device, it returns 1 if the device - is not configured and 2 if an error occurred which prevented --determining the status of the device. -+.B losetup -+from determining the status of the device. - - .SH FILES --.TP --.I /dev/loop[0..N] --loop block devices --.TP --.I /dev/loop-control --loop control device -- -+.nf -+/dev/loop0,/dev/loop1,... loop devices (major=7) -+.fi - .SH EXAMPLE - The following commands can be used as an example of using the loop device. - .nf --.IP --# dd if=/dev/zero of=~/file.img bs=1024k count=10 --# losetup --find --show ~/file.img --/dev/loop0 --# mkfs -t ext2 /dev/loop0 --# mount /dev/loop0 /mnt -+ -+dd if=/dev/zero of=/file bs=1k count=500 -+head -c 3705 /dev/random | uuencode -m - | head -n 66 \\ -+ | tail -n 65 | gpg --symmetric -a >/etc/fskey9.gpg -+losetup -e AES128 -K /etc/fskey9.gpg /dev/loop0 /file -+mkfs -t ext2 /dev/loop0 -+mount -t ext2 /dev/loop0 /mnt - ... --# umount /dev/loop0 --# losetup --detach /dev/loop0 -+umount /dev/loop0 -+losetup -d /dev/loop0 - .fi --.SH ENVIRONMENT --.IP LOOPDEV_DEBUG=all --enables debug output. -+.SH RESTRICTION -+XOR encryption is terribly weak. - .SH AUTHORS --Karel Zak <kzak@redhat.com>, based on the original version from --Theodore Ts'o <tytso@athena.mit.edu> --.SH AVAILABILITY --The losetup command is part of the util-linux package and is available from --https://www.kernel.org/pub/linux/utils/util-linux/. -+.nf -+Original version: Theodore Ts'o <tytso@athena.mit.edu> -+AES support: Jari Ruusu -+.fi -diff -urN util-linux-2.34/sys-utils/losetup1.c util-linux-2.34-AES/sys-utils/losetup1.c ---- util-linux-2.34/sys-utils/losetup1.c 1970-01-01 02:00:00.000000000 +0200 -+++ util-linux-2.34-AES/sys-utils/losetup1.c 2019-07-11 09:31:03.214081134 +0300 -@@ -0,0 +1,1281 @@ -+/* Taken from Ted's losetup.c - Mitch <m.dsouza@mrc-apu.cam.ac.uk> */ -+/* Added vfs mount options - aeb - 960223 */ -+/* Removed lomount - aeb - 960224 */ -+ -+/* -+ * 1999-02-22 Arkadiusz Mi¶kiewicz <misiek@pld.ORG.PL> -+ * - added Native Language Support -+ * 1999-03-21 Arnaldo Carvalho de Melo <acme@conectiva.com.br> -+ * - fixed strerr(errno) in gettext calls -+ * 2001-04-11 Jari Ruusu -+ * - added AES support -+ */ -+ -+#define LOOPMAJOR 7 -+ -+/* -+ * losetup.c - setup and control loop devices -+ */ -+ -+#include <stdio.h> -+#include <string.h> -+#include <ctype.h> -+#include <fcntl.h> -+#include <errno.h> -+#include <stdlib.h> -+#include <unistd.h> -+#include <pwd.h> -+#include <sys/types.h> -+#include <sys/ioctl.h> -+#include <sys/stat.h> -+#include <sys/mman.h> -+#include <sys/sysmacros.h> -+#include <sys/wait.h> -+#include <limits.h> -+#include <fcntl.h> -+#include <mntent.h> -+#include <locale.h> -+#include <sys/time.h> -+#include <sys/utsname.h> -+#include <signal.h> -+ -+#include "loop.h" -+#include "nls.h" -+#include "../libmount/src/sha512.h" -+#include "../libmount/src/rmd160.h" -+#include "../libmount/src/aes.h" -+ -+#if !defined(BLKGETSIZE64) -+# define BLKGETSIZE64 _IOR(0x12,114,size_t) -+#endif -+ -+int verbose = 0; -+ -+#if !defined(LOOP_PASSWORD_MIN_LENGTH) -+# define LOOP_PASSWORD_MIN_LENGTH 20 -+#endif -+ -+char *passFDnumber = (char *)0; -+char *passAskTwice = (char *)0; -+char *passSeedString = (char *)0; -+char *passHashFuncName = (char *)0; -+char *passIterThousands = (char *)0; -+char *loInitValue = (char *)0; -+char *gpgKeyFile = (char *)0; -+char *gpgHomeDir = (char *)0; -+char *clearTextKeyFile = (char *)0; -+char *loopOffsetBytes = (char *)0; -+char *loopSizeBytes = (char *)0; -+char *loopEncryptionType = (char *)0; -+ -+static int multiKeyMode = 0; /* 0=single-key 64=multi-key-v2 65=multi-key-v3 1000=any */ -+static char *multiKeyPass[66]; -+static char *loopFileName; -+ -+static char *xstrdup(const char *s) -+{ -+ char *t; -+ if(!s) return NULL; -+ t = strdup(s); -+ if(!t) { -+ fprintf(stderr, "not enough memory\n"); -+ exit(2); /* EX_SYSERR */ -+ } -+ return t; -+} -+ -+static char * -+crypt_name (int id, int *flags) { -+ int i; -+ -+ for (i = 0; loop_crypt_type_tbl[i].id != -1; i++) -+ if(id == loop_crypt_type_tbl[i].id) { -+ *flags = loop_crypt_type_tbl[i].flags; -+ return loop_crypt_type_tbl[i].name; -+ } -+ *flags = 0; -+ if(id == 18) -+ return "CryptoAPI"; -+ return "undefined"; -+} -+ -+static int -+show_loop(char *device) { -+ struct loop_info64 loopinfo; -+ int fd; -+ -+ if ((fd = open(device, O_RDONLY)) < 0) { -+ int errsv = errno; -+ fprintf(stderr, _("loop: can't open device %s: %s\n"), -+ device, strerror (errsv)); -+ return 2; -+ } -+ if (loop_get_status64_ioctl(fd, &loopinfo) < 0) { -+ int errsv = errno; -+ close (fd); -+ fprintf(stderr, _("loop: can't get info on device %s: %s\n"), -+ device, strerror (errsv)); -+ return 1; -+ } -+ close (fd); -+ loopinfo.lo_file_name[LO_NAME_SIZE-1] = 0; -+ loopinfo.lo_crypt_name[LO_NAME_SIZE-1] = 0; -+ printf("%s: [%04llx]:%llu (%s)", device, (unsigned long long)loopinfo.lo_device, -+ (unsigned long long)loopinfo.lo_inode, loopinfo.lo_file_name); -+ if (loopinfo.lo_offset) { -+ if ((long long)loopinfo.lo_offset < 0) { -+ printf(_(" offset=@%llu"), -((unsigned long long)loopinfo.lo_offset)); -+ } else { -+ printf(_(" offset=%llu"), (unsigned long long)loopinfo.lo_offset); -+ } -+ } -+ if (loopinfo.lo_sizelimit) -+ printf(_(" sizelimit=%llu"), (unsigned long long)loopinfo.lo_sizelimit); -+ if (loopinfo.lo_encrypt_type) { -+ int flags; -+ char *s = crypt_name (loopinfo.lo_encrypt_type, &flags); -+ -+ printf(_(" encryption=%s"), s); -+ /* type 18 == LO_CRYPT_CRYPTOAPI */ -+ if (loopinfo.lo_encrypt_type == 18) { -+ printf("/%s", loopinfo.lo_crypt_name); -+ } else { -+ if(flags & 2) -+ printf("-"); -+ if(flags & 1) -+ printf("%u", (unsigned int)loopinfo.lo_encrypt_key_size << 3); -+ } -+ } -+ switch(loopinfo.lo_flags & 0x180000) { -+ case 0x180000: -+ printf(_(" multi-key-v3")); -+ break; -+ case 0x100000: -+ printf(_(" multi-key-v2")); -+ break; -+ } -+ /* type 2 == LO_CRYPT_DES */ -+ if (loopinfo.lo_init[0] && (loopinfo.lo_encrypt_type != 2)) -+ printf(_(" loinit=%llu"), (unsigned long long)loopinfo.lo_init[0]); -+ if (loopinfo.lo_flags & 0x200000) -+ printf(_(" read-only")); -+ printf("\n"); -+ -+ return 0; -+} -+ -+#define SIZE(a) (sizeof(a)/sizeof(a[0])) -+ -+static char * -+find_unused_loop_device (void) { -+ /* Just creating a device, say in /tmp, is probably a bad idea - -+ people might have problems with backup or so. -+ So, we just try /dev/loop[0-7]. */ -+ char dev[20]; -+ char *loop_formats[] = { "/dev/loop%d", "/dev/loop/%d" }; -+ int i, j, fd, somedev = 0, someloop = 0; -+ struct stat statbuf; -+ -+ for (j = 0; j < (int)SIZE(loop_formats); j++) { -+ for(i = 0; i < 256; i++) { -+ sprintf(dev, loop_formats[j], i); -+ if (stat (dev, &statbuf) == 0 && S_ISBLK(statbuf.st_mode)) { -+ somedev++; -+ fd = open (dev, O_RDONLY); -+ if (fd >= 0) { -+ if (is_unused_loop_device(fd) == 0) -+ someloop++; /* in use */ -+ else if (errno == ENXIO) { -+ close (fd); -+ return xstrdup(dev);/* probably free */ -+ } -+ close (fd); -+ } -+ continue;/* continue trying as long as devices exist */ -+ } -+ break; -+ } -+ } -+ -+ if (!somedev) -+ fprintf(stderr, _("Error: could not find any loop device\n")); -+ else if (!someloop) -+ fprintf(stderr, _("Error: could not open any loop device\n")); -+ else -+ fprintf(stderr, _("Error: could not find any free loop device\n")); -+ return 0; -+} -+ -+static int rd_wr_retry(int fd, char *buf, int cnt, int w) -+{ -+ int x, y, z; -+ -+ x = 0; -+ while(x < cnt) { -+ y = cnt - x; -+ if(w) { -+ z = write(fd, buf + x, y); -+ } else { -+ z = read(fd, buf + x, y); -+ if (!z) return x; -+ } -+ if(z < 0) { -+ if ((errno == EAGAIN) || (errno == ENOMEM) || (errno == ERESTART) || (errno == EINTR)) { -+ continue; -+ } -+ return x; -+ } -+ x += z; -+ } -+ return x; -+} -+ -+static char *get_FD_pass(int fd) -+{ -+ char *p = NULL, *n; -+ int x = 0, y = 0; -+ -+ do { -+ if(y >= (x - 1)) { -+ x += 128; -+ /* Must enforce some max limit here -- this code */ -+ /* runs as part of mount, and mount is setuid root */ -+ /* and has used mlockall(MCL_CURRENT | MCL_FUTURE) */ -+ if(x > (4*1024)) return(NULL); -+ n = malloc(x); -+ if(!n) return(NULL); -+ if(p) { -+ memcpy(n, p, y); -+ memset(p, 0, y); -+ free(p); -+ } -+ p = n; -+ } -+ if(rd_wr_retry(fd, p + y, 1, 0) != 1) break; -+ if((p[y] == '\n') || !p[y]) break; -+ y++; -+ } while(1); -+ if(p) p[y] = 0; -+ return p; -+} -+ -+static unsigned long long mystrtoull(char *s, int acceptAT) -+{ -+ unsigned long long v = 0; -+ int negative = 0; -+ -+ while ((*s == ' ') || (*s == '\t')) -+ s++; -+ if (acceptAT && (*s == '@')) { -+ s++; -+ negative = 1; -+ } -+ if (*s == '0') { -+ s++; -+ if ((*s == 'x') || (*s == 'X')) { -+ s++; -+ sscanf(s, "%llx", &v); -+ } else { -+ sscanf(s, "%llo", &v); -+ } -+ } else { -+ sscanf(s, "%llu", &v); -+ } -+ return negative ? -v : v; -+} -+ -+static void warnAboutBadKeyData(int x) -+{ -+ if((x > 1) && (x != 64) && (x != 65)) { -+ fprintf(stderr, _("Warning: Unknown key data format - using it anyway\n")); -+ } -+} -+ -+static int are_these_files_same(const char *name1, const char *name2) -+{ -+ struct stat statbuf1; -+ struct stat statbuf2; -+ -+ if(!name1 || !*name1 || !name2 || !*name2) return 0; -+ if(stat(name1, &statbuf1)) return 0; -+ if(stat(name2, &statbuf2)) return 0; -+ if(statbuf1.st_dev != statbuf2.st_dev) return 0; -+ if(statbuf1.st_ino != statbuf2.st_ino) return 0; -+ return 1; /* are same */ -+} -+ -+static char *do_GPG_pipe(char *pass) -+{ -+ int x, pfdi[2], pfdo[2]; -+ char str[10], *a[16], *e[2], *h; -+ pid_t gpid; -+ struct passwd *p; -+ void *oldSigPipeHandler; -+ -+ if((getuid() == 0) && gpgHomeDir && gpgHomeDir[0]) { -+ h = gpgHomeDir; -+ } else { -+ if(!(p = getpwuid(getuid()))) { -+ fprintf(stderr, _("Error: Unable to detect home directory for uid %d\n"), (int)getuid()); -+ return NULL; -+ } -+ h = p->pw_dir; -+ } -+ if(!(e[0] = malloc(strlen(h) + 6))) { -+ nomem1: -+ fprintf(stderr, _("Error: Unable to allocate memory\n")); -+ return NULL; -+ } -+ sprintf(e[0], "HOME=%s", h); -+ e[1] = 0; -+ -+ if(pipe(&pfdi[0])) { -+ nomem2: -+ free(e[0]); -+ goto nomem1; -+ } -+ if(pipe(&pfdo[0])) { -+ close(pfdi[0]); -+ close(pfdi[1]); -+ goto nomem2; -+ } -+ -+ /* -+ * When this code is run as part of losetup, normal read permissions -+ * affect the open() below because losetup is not setuid-root. -+ * -+ * When this code is run as part of mount, only root can set -+ * 'gpgKeyFile' and as such, only root can decide what file is opened -+ * below. However, since mount is usually setuid-root all non-root -+ * users can also open() the file too, but that file's contents are -+ * only piped to gpg. This readable-for-all is intended behaviour, -+ * and is very useful in situations where non-root users mount loop -+ * devices with their own gpg private key, and yet don't have access -+ * to the actual key used to encrypt loop device. -+ */ -+ if((x = open(gpgKeyFile, O_RDONLY)) == -1) { -+ fprintf(stderr, _("Error: unable to open %s for reading\n"), gpgKeyFile); -+ nomem3: -+ free(e[0]); -+ close(pfdo[0]); -+ close(pfdo[1]); -+ close(pfdi[0]); -+ close(pfdi[1]); -+ return NULL; -+ } -+ -+ /* -+ * If someone puts a gpg key file at beginning of device and -+ * puts the real file system at some offset into the device, -+ * this code extracts that gpg key file into a temp file so gpg -+ * won't end up reading whole device when decrypting the key file. -+ * -+ * Example of encrypted cdrom mount with 8192 bytes reserved for gpg key file: -+ * mount -t iso9660 /dev/cdrom /cdrom -o loop=/dev/loop0,encryption=AES128,gpgkey=/dev/cdrom,offset=8192 -+ * ^^^^^^^^^^ ^^^^^^^^^^ ^^^^ -+ */ -+ if(loopOffsetBytes && are_these_files_same(loopFileName, gpgKeyFile)) { -+ FILE *f; -+ char b[1024]; -+ long long cnt; -+ int cnt2, cnt3; -+ -+ cnt = mystrtoull(loopOffsetBytes, 1); -+ if(cnt < 0) cnt = -cnt; -+ if(cnt > (1024 * 1024)) cnt = 1024 * 1024; /* sanity check */ -+ f = tmpfile(); -+ if(!f) { -+ fprintf(stderr, _("Error: unable to create temp file\n")); -+ close(x); -+ goto nomem3; -+ } -+ while(cnt > 0) { -+ cnt2 = sizeof(b); -+ if(cnt < cnt2) cnt2 = cnt; -+ cnt3 = rd_wr_retry(x, b, cnt2, 0); -+ if(cnt3 && (fwrite(b, cnt3, 1, f) != 1)) { -+ tmpWrErr: -+ fprintf(stderr, _("Error: unable to write to temp file\n")); -+ fclose(f); -+ close(x); -+ goto nomem3; -+ } -+ if(cnt2 != cnt3) break; -+ cnt -= cnt3; -+ } -+ if(fflush(f)) goto tmpWrErr; -+ close(x); -+ x = dup(fileno(f)); -+ fclose(f); -+ lseek(x, 0L, SEEK_SET); -+ } -+ -+ sprintf(str, "%d", pfdi[0]); -+ if(!(gpid = fork())) { -+ dup2(x, 0); -+ dup2(pfdo[1], 1); -+ close(x); -+ close(pfdi[1]); -+ close(pfdo[0]); -+ close(pfdo[1]); -+ if((x = open("/dev/null", O_WRONLY)) >= 0) { -+ dup2(x, 2); -+ close(x); -+ } -+ x = 0; -+ a[x++] = "gpg"; -+ if(gpgHomeDir && gpgHomeDir[0]) { -+ a[x++] = "--homedir"; -+ a[x++] = gpgHomeDir; -+ } -+ a[x++] = "--no-options"; -+ a[x++] = "--quiet"; -+ a[x++] = "--batch"; -+ a[x++] = "--no-tty"; -+ a[x++] = "--passphrase-fd"; -+ a[x++] = str; -+ a[x++] = "--decrypt"; -+ a[x] = 0; -+ if(setgid(getgid())) exit(1); -+ if(setuid(getuid())) exit(1); -+ for(x = 3; x < 1024; x++) { -+ if(x == pfdi[0]) continue; -+ close(x); -+ } -+ execve("/bin/gpg", &a[0], &e[0]); -+ execve("/usr/bin/gpg", &a[0], &e[0]); -+ execve("/usr/local/bin/gpg", &a[0], &e[0]); -+ exit(1); -+ } -+ free(e[0]); -+ close(x); -+ close(pfdi[0]); -+ close(pfdo[1]); -+ if(gpid == -1) { -+ close(pfdi[1]); -+ close(pfdo[0]); -+ goto nomem1; -+ } -+ -+ x = strlen(pass); -+ -+ /* ignore possible SIGPIPE signal while writing to gpg */ -+ oldSigPipeHandler = signal(SIGPIPE, SIG_IGN); -+ rd_wr_retry(pfdi[1], pass, x, 1); -+ rd_wr_retry(pfdi[1], "\n", 1, 1); -+ if(oldSigPipeHandler != SIG_ERR) signal(SIGPIPE, oldSigPipeHandler); -+ -+ close(pfdi[1]); -+ memset(pass, 0, x); -+ x = 0; -+ while(x < 66) { -+ multiKeyPass[x] = get_FD_pass(pfdo[0]); -+ if(!multiKeyPass[x]) { -+ /* mem alloc failed - abort */ -+ multiKeyPass[0] = 0; -+ break; -+ } -+ if(strlen(multiKeyPass[x]) < LOOP_PASSWORD_MIN_LENGTH) break; -+ x++; -+ } -+ warnAboutBadKeyData(x); -+ if(x >= 65) -+ multiKeyMode = 65; -+ if(x == 64) -+ multiKeyMode = 64; -+ close(pfdo[0]); -+ waitpid(gpid, &x, 0); -+ if(!multiKeyPass[0]) goto nomem1; -+ return multiKeyPass[0]; -+} -+ -+static char *sGetPass(int minLen, int warnLen) -+{ -+ char *p, *s, *seed; -+ int i, ask2, close_i_fd = 0; -+ -+ if(!passFDnumber) { -+ if(clearTextKeyFile) { -+ if((i = open(clearTextKeyFile, O_RDONLY)) == -1) { -+ fprintf(stderr, _("Error: unable to open %s for reading\n"), clearTextKeyFile); -+ return NULL; -+ } -+ close_i_fd = 1; -+ goto contReadFrom_i; -+ } -+ p = getpass(_("Password: ")); -+ ask2 = passAskTwice ? 1 : 0; -+ } else { -+ i = atoi(passFDnumber); -+ contReadFrom_i: -+ if(gpgKeyFile && gpgKeyFile[0]) { -+ p = get_FD_pass(i); -+ if(close_i_fd) close(i); -+ } else { -+ int x = 0; -+ while(x < 66) { -+ multiKeyPass[x] = get_FD_pass(i); -+ if(!multiKeyPass[x]) goto nomem; -+ if(strlen(multiKeyPass[x]) < LOOP_PASSWORD_MIN_LENGTH) break; -+ x++; -+ } -+ if(close_i_fd) close(i); -+ warnAboutBadKeyData(x); -+ if(x >= 65) { -+ multiKeyMode = 65; -+ return multiKeyPass[0]; -+ } -+ if(x == 64) { -+ multiKeyMode = 64; -+ return multiKeyPass[0]; -+ } -+ p = multiKeyPass[0]; -+ } -+ ask2 = 0; -+ } -+ if(!p) goto nomem; -+ if(gpgKeyFile && gpgKeyFile[0]) { -+ if(ask2) { -+ i = strlen(p); -+ s = malloc(i + 1); -+ if(!s) goto nomem; -+ strcpy(s, p); -+ p = getpass(_("Retype password: ")); -+ if(!p) goto nomem; -+ if(strcmp(s, p)) goto compareErr; -+ memset(s, 0, i); -+ free(s); -+ ask2 = 0; -+ } -+ p = do_GPG_pipe(p); -+ if(!p) return(NULL); -+ if(!p[0]) { -+ fprintf(stderr, _("Error: gpg key file decryption failed\n")); -+ return(NULL); -+ } -+ if(multiKeyMode) return(p); -+ } -+ i = strlen(p); -+ if(i < minLen) { -+ fprintf(stderr, _("Error: Password must be at least %d characters.\n"), minLen); -+ return(NULL); -+ } -+ seed = passSeedString; -+ if(!seed) seed = ""; -+ s = malloc(i + strlen(seed) + 1); -+ if(!s) { -+ nomem: -+ fprintf(stderr, _("Error: Unable to allocate memory\n")); -+ return(NULL); -+ } -+ strcpy(s, p); -+ memset(p, 0, i); -+ if(ask2) { -+ p = getpass(_("Retype password: ")); -+ if(!p) goto nomem; -+ if(strcmp(s, p)) { -+ compareErr: -+ fprintf(stderr, _("Error: Passwords are not identical\n")); -+ return(NULL); -+ } -+ memset(p, 0, i); -+ } -+ if(i < warnLen) { -+ fprintf(stderr, _("WARNING - Please use longer password (%d or more characters)\n"), LOOP_PASSWORD_MIN_LENGTH); -+ } -+ strcat(s, seed); -+ return(s); -+} -+ -+/* this is for compatibility with historic loop-AES version */ -+static void unhashed1_key_setup(unsigned char *keyStr, int ile, unsigned char *keyBuf, int bufSize) -+{ -+ register int x, y, z, cnt = ile; -+ unsigned char *kp; -+ -+ memset(keyBuf, 0, bufSize); -+ kp = keyStr; -+ for(x = 0; x < (bufSize * 8); x += 6) { -+ y = *kp++; -+ if(--cnt <= 0) { -+ kp = keyStr; -+ cnt = ile; -+ } -+ if((y >= '0') && (y <= '9')) y -= '0'; -+ else if((y >= 'A') && (y <= 'Z')) y -= ('A' - 10); -+ else if((y >= 'a') && (y <= 'z')) y -= ('a' - 36); -+ else if((y == '.') || (y == '/')) y += (62 - '.'); -+ else y &= 63; -+ z = x >> 3; -+ if(z < bufSize) { -+ keyBuf[z] |= y << (x & 7); -+ } -+ z++; -+ if(z < bufSize) { -+ keyBuf[z] |= y >> (8 - (x & 7)); -+ } -+ } -+} -+ -+/* this is for compatibility with mainline mount */ -+static void unhashed2_key_setup(unsigned char *keyStr, int ile, unsigned char *keyBuf, int bufSize) -+{ -+ memset(keyBuf, 0, bufSize); -+ strncpy((char *)keyBuf, (char *)keyStr, bufSize - 1); -+ keyBuf[bufSize - 1] = 0; -+} -+ -+static void rmd160HashTwiceWithA(unsigned char *ib, int ile, unsigned char *ob, int ole) -+{ -+ char tmpBuf[20 + 20]; -+ char pwdCopy[130]; -+ -+ if(ole < 1) return; -+ memset(ob, 0, ole); -+ if(ole > 40) ole = 40; -+ __loDev_rmd160_hash_buffer(&tmpBuf[0], (char *)ib, ile); -+ pwdCopy[0] = 'A'; -+ if(ile > (int)sizeof(pwdCopy) - 1) ile = sizeof(pwdCopy) - 1; -+ memcpy(pwdCopy + 1, ib, ile); -+ __loDev_rmd160_hash_buffer(&tmpBuf[20], pwdCopy, ile + 1); -+ memcpy(ob, tmpBuf, ole); -+ memset(tmpBuf, 0, sizeof(tmpBuf)); -+ memset(pwdCopy, 0, sizeof(pwdCopy)); -+} -+ -+extern long long llseek(int, long long, int); -+ -+static long long xx_lseek(int fd, long long offset, int whence) -+{ -+ if(sizeof(off_t) >= 8) { -+ return lseek(fd, offset, whence); -+ } else { -+ return llseek(fd, offset, whence); -+ } -+} -+ -+static int loop_create_random_keys(char *partition, long long offset, long long sizelimit, int loopro, unsigned char *k) -+{ -+ int x, y, fd; -+ sha512_context s; -+ unsigned char b[4096]; -+ -+ if(loopro) { -+ fprintf(stderr, _("Error: read-only device %s\n"), partition); -+ return 1; -+ } -+ -+ /* -+ * Compute SHA-512 over first 40 KB of old fs data. SHA-512 hash -+ * output is then used as entropy for new fs encryption key. -+ */ -+ if((fd = open(partition, O_RDWR)) == -1) { -+ seekFailed: -+ fprintf(stderr, _("Error: unable to open/seek device %s\n"), partition); -+ return 1; -+ } -+ if(offset < 0) offset = -offset; -+ if(xx_lseek(fd, offset, SEEK_SET) == -1) { -+ close(fd); -+ goto seekFailed; -+ } -+ __loDev_sha512_init(&s); -+ for(x = 1; x <= 10; x++) { -+ if((sizelimit > 0) && ((long long)(sizeof(b) * x) > sizelimit)) break; -+ if(rd_wr_retry(fd, (char *) &b[0], sizeof(b), 0) != sizeof(b)) break; -+ __loDev_sha512_write(&s, &b[0], sizeof(b)); -+ } -+ __loDev_sha512_final(&s); -+ -+ /* -+ * Overwrite 40 KB of old fs data 20 times so that recovering -+ * SHA-512 output beyond this point is difficult and expensive. -+ */ -+ for(y = 0; y < 20; y++) { -+ int z; -+ struct { -+ struct timeval tv; -+ unsigned char h[64]; -+ int x,y,z; -+ } j; -+ if(xx_lseek(fd, offset, SEEK_SET) == -1) break; -+ memcpy(&j.h[0], &s.sha_out[0], 64); -+ gettimeofday(&j.tv, NULL); -+ j.y = y; -+ for(x = 1; x <= 10; x++) { -+ j.x = x; -+ for(z = 0; z < (int)sizeof(b); z += 64) { -+ j.z = z; -+ __loDev_sha512_hash_buffer((unsigned char *)&j, sizeof(j), &b[z], 64); -+ } -+ if((sizelimit > 0) && ((long long)(sizeof(b) * x) > sizelimit)) break; -+ if(rd_wr_retry(fd, (char *) &b[0], sizeof(b), 1) != sizeof(b)) break; -+ } -+ memset(&j, 0, sizeof(j)); -+ if(fsync(fd)) break; -+ } -+ close(fd); -+ -+ /* -+ * Use all 512 bits of hash output -+ */ -+ memcpy(&b[0], &s.sha_out[0], 64); -+ memset(&s, 0, sizeof(s)); -+ -+ /* -+ * Read 32 bytes of random entropy from kernel's random -+ * number generator. This code may be executed early on startup -+ * scripts and amount of random entropy may be non-existent. -+ * SHA-512 of old fs data is used as workaround for missing -+ * entropy in kernel's random number generator. -+ */ -+ if((fd = open("/dev/urandom", O_RDONLY)) == -1) { -+ fprintf(stderr, _("Error: unable to open /dev/urandom\n")); -+ return 1; -+ } -+ rd_wr_retry(fd, (char *) &b[64], 32, 0); -+ -+ /* generate multi-key hashes */ -+ x = 0; -+ while(x < 65) { -+ rd_wr_retry(fd, (char *) &b[64+32], 16, 0); -+ __loDev_sha512_hash_buffer(&b[0], 64+32+16, k, 32); -+ k += 32; -+ x++; -+ } -+ -+ close(fd); -+ memset(&b[0], 0, sizeof(b)); -+ return 0; -+} -+ -+static int -+set_loop(const char *device, const char *file, int *loopro, int busyRetVal) { -+ struct loop_info64 loopinfo; -+ int fd, ffd, mode, i, errRetVal = 1; -+ char *pass, *apiName = NULL; -+ void (*hashFunc)(unsigned char *, int, unsigned char *, int); -+ unsigned char multiKeyBits[65][32]; -+ int minPassLen = LOOP_PASSWORD_MIN_LENGTH; -+ -+ sync(); -+ loopFileName = (char *)file; -+ multiKeyMode = 0; -+ mode = (*loopro ? O_RDONLY : O_RDWR); -+ if ((ffd = open(file, mode)) < 0) { -+ if (!*loopro && errno == EROFS) -+ ffd = open(file, mode = O_RDONLY); -+ if (ffd < 0) { -+ perror(file); -+ return 1; -+ } -+ } -+ if ((fd = open(device, mode)) < 0) { -+ perror (device); -+ goto close_ffd_return1; -+ } -+ *loopro = (mode == O_RDONLY); -+ -+ if (ioctl(fd, LOOP_SET_FD, ffd) < 0) { -+ if(errno == EBUSY) -+ errRetVal = busyRetVal; -+ if((errRetVal != 2) || verbose) -+ perror("ioctl: LOOP_SET_FD"); -+keyclean_close_fd_ffd_return1: -+ memset(loopinfo.lo_encrypt_key, 0, sizeof(loopinfo.lo_encrypt_key)); -+ memset(&multiKeyBits[0][0], 0, sizeof(multiKeyBits)); -+ close (fd); -+close_ffd_return1: -+ close (ffd); -+ return errRetVal; -+ } -+ -+ memset (&loopinfo, 0, sizeof (loopinfo)); -+ strncpy ((char *)loopinfo.lo_file_name, file, LO_NAME_SIZE - 1); -+ loopinfo.lo_file_name[LO_NAME_SIZE - 1] = 0; -+ if (loopEncryptionType) -+ loopinfo.lo_encrypt_type = loop_crypt_type (loopEncryptionType, &loopinfo.lo_encrypt_key_size, &apiName); -+ if (loopOffsetBytes) -+ loopinfo.lo_offset = mystrtoull(loopOffsetBytes, 1); -+ if (loopSizeBytes) -+ loopinfo.lo_sizelimit = mystrtoull(loopSizeBytes, 0); -+ -+#ifdef MCL_FUTURE -+ /* -+ * Oh-oh, sensitive data coming up. Better lock into memory to prevent -+ * passwd etc being swapped out and left somewhere on disk. -+ */ -+ -+ if(loopinfo.lo_encrypt_type && mlockall(MCL_CURRENT | MCL_FUTURE)) { -+ perror("memlock"); -+ ioctl (fd, LOOP_CLR_FD, 0); -+ fprintf(stderr, _("Couldn't lock into memory, exiting.\n")); -+ exit(1); -+ } -+#endif -+ -+ switch (loopinfo.lo_encrypt_type) { -+ case LO_CRYPT_NONE: -+ loopinfo.lo_encrypt_key_size = 0; -+ break; -+ case LO_CRYPT_XOR: -+ pass = sGetPass (1, 0); -+ if(!pass) goto loop_clr_fd_out; -+ strncpy ((char *)loopinfo.lo_encrypt_key, pass, LO_KEY_SIZE - 1); -+ loopinfo.lo_encrypt_key[LO_KEY_SIZE - 1] = 0; -+ loopinfo.lo_encrypt_key_size = strlen((char*)loopinfo.lo_encrypt_key); -+ break; -+ case 3: /* LO_CRYPT_FISH2 */ -+ case 4: /* LO_CRYPT_BLOW */ -+ case 7: /* LO_CRYPT_SERPENT */ -+ case 8: /* LO_CRYPT_MARS */ -+ case 11: /* LO_CRYPT_RC6 */ -+ case 12: /* LO_CRYPT_DES_EDE3 */ -+ case 16: /* LO_CRYPT_AES */ -+ case 18: /* LO_CRYPT_CRYPTOAPI */ -+ /* set default hash function */ -+ hashFunc = __loDev_sha256_hash_buffer; -+ if(loopinfo.lo_encrypt_key_size == 24) hashFunc = __loDev_sha384_hash_buffer; -+ if(loopinfo.lo_encrypt_key_size == 32) hashFunc = __loDev_sha512_hash_buffer; -+ /* possibly override default hash function */ -+ if(passHashFuncName) { -+ if(!strcasecmp(passHashFuncName, "sha256")) { -+ hashFunc = __loDev_sha256_hash_buffer; -+ } else if(!strcasecmp(passHashFuncName, "sha384")) { -+ hashFunc = __loDev_sha384_hash_buffer; -+ } else if(!strcasecmp(passHashFuncName, "sha512")) { -+ hashFunc = __loDev_sha512_hash_buffer; -+ } else if(!strcasecmp(passHashFuncName, "rmd160")) { -+ hashFunc = rmd160HashTwiceWithA; -+ minPassLen = 1; -+ } else if(!strcasecmp(passHashFuncName, "unhashed1")) { -+ hashFunc = unhashed1_key_setup; -+ } else if(!strcasecmp(passHashFuncName, "unhashed2")) { -+ hashFunc = unhashed2_key_setup; -+ minPassLen = 1; -+ } else if(!strncasecmp(passHashFuncName, "random", 6) && ((passHashFuncName[6] == 0) || (passHashFuncName[6] == '/'))) { -+ /* random hash type sets up 65 random keys */ -+ /* WARNING! DO NOT USE RANDOM HASH TYPE ON PARTITION WITH EXISTING */ -+ /* IMPORTANT DATA ON IT. RANDOM HASH TYPE WILL DESTROY YOUR DATA. */ -+ if(loop_create_random_keys((char*)file, loopinfo.lo_offset, loopinfo.lo_sizelimit, *loopro, &multiKeyBits[0][0])) { -+ goto loop_clr_fd_out; -+ } -+ memcpy(&loopinfo.lo_encrypt_key[0], &multiKeyBits[0][0], sizeof(loopinfo.lo_encrypt_key)); -+ multiKeyMode = 1000; -+ break; /* out of switch(loopinfo.lo_encrypt_type) */ -+ } -+ } -+ pass = sGetPass (minPassLen, LOOP_PASSWORD_MIN_LENGTH); -+ if(!pass) goto loop_clr_fd_out; -+ i = strlen(pass); -+ if(hashFunc == unhashed1_key_setup) { -+ /* this is for compatibility with historic loop-AES version */ -+ loopinfo.lo_encrypt_key_size = 16; /* 128 bits */ -+ if(i >= 32) loopinfo.lo_encrypt_key_size = 24; /* 192 bits */ -+ if(i >= 43) loopinfo.lo_encrypt_key_size = 32; /* 256 bits */ -+ } -+ (*hashFunc)((unsigned char *)pass, i, &loopinfo.lo_encrypt_key[0], sizeof(loopinfo.lo_encrypt_key)); -+ if(multiKeyMode) { -+ int r = 0, t; -+ while(r < multiKeyMode) { -+ t = strlen(multiKeyPass[r]); -+ (*hashFunc)((unsigned char *)multiKeyPass[r], t, &multiKeyBits[r][0], 32); -+ memset(multiKeyPass[r], 0, t); -+ /* -+ * MultiKeyMode uses md5 IV. One key mode uses sector IV. Sector IV -+ * and md5 IV v2 and v3 are all computed differently. This first key -+ * byte XOR with 0x55/0xF4 is needed to cause complete decrypt failure -+ * in cases where data is encrypted with one type of IV and decrypted -+ * with another type IV. If identical key was used but only IV was -+ * computed differently, only first plaintext block of 512 byte CBC -+ * chain would decrypt incorrectly and rest would decrypt correctly. -+ * Partially correct decryption is dangerous. Decrypting all blocks -+ * incorrectly is safer because file system mount will simply fail. -+ */ -+ if(multiKeyMode == 65) { -+ multiKeyBits[r][0] ^= 0xF4; /* version 3 */ -+ } else { -+ multiKeyBits[r][0] ^= 0x55; /* version 2 */ -+ } -+ r++; -+ } -+ } else if(passIterThousands) { -+ aes_context ctx; -+ unsigned long iter = 0; -+ unsigned char tempkey[32]; -+ /* -+ * Set up AES-256 encryption key using same password and hash function -+ * as before but with password bit 0 flipped before hashing. That key -+ * is then used to encrypt actual loop key 'itercountk' thousand times. -+ */ -+ pass[0] ^= 1; -+ (*hashFunc)((unsigned char *)pass, i, &tempkey[0], 32); -+ __loDev_aes_set_key(&ctx, &tempkey[0], 32, 0); -+ sscanf(passIterThousands, "%lu", &iter); -+ iter *= 1000; -+ while(iter > 0) { -+ /* encrypt both 128bit blocks with AES-256 */ -+ __loDev_aes_encrypt(&ctx, &loopinfo.lo_encrypt_key[ 0], &loopinfo.lo_encrypt_key[ 0]); -+ __loDev_aes_encrypt(&ctx, &loopinfo.lo_encrypt_key[16], &loopinfo.lo_encrypt_key[16]); -+ /* exchange upper half of first block with lower half of second block */ -+ memcpy(&tempkey[0], &loopinfo.lo_encrypt_key[8], 8); -+ memcpy(&loopinfo.lo_encrypt_key[8], &loopinfo.lo_encrypt_key[16], 8); -+ memcpy(&loopinfo.lo_encrypt_key[16], &tempkey[0], 8); -+ iter--; -+ } -+ memset(&ctx, 0, sizeof(ctx)); -+ memset(&tempkey[0], 0, sizeof(tempkey)); -+ } -+ memset(pass, 0, i); /* erase original password */ -+ break; -+ default: -+ fprintf (stderr, _("Error: don't know how to get key for encryption system %d\n"), loopinfo.lo_encrypt_type); -+ goto loop_clr_fd_out; -+ } -+ -+ if(loInitValue) { -+ /* cipher modules are free to do whatever they want with this value */ -+ i = 0; -+ sscanf(loInitValue, "%d", &i); -+ loopinfo.lo_init[0] = i; -+ } -+ -+ /* type 18 == LO_CRYPT_CRYPTOAPI */ -+ if ((loopinfo.lo_encrypt_type == 18) || (loop_set_status64_ioctl(fd, &loopinfo) < 0)) { -+ /* direct cipher interface failed - try CryptoAPI interface now */ -+ if(!apiName || (try_cryptoapi_loop_interface(fd, &loopinfo, apiName) < 0)) { -+ fprintf(stderr, _("ioctl: LOOP_SET_STATUS: %s, requested cipher or key length (%d bits) not supported by kernel\n"), strerror(errno), loopinfo.lo_encrypt_key_size << 3); -+ loop_clr_fd_out: -+ (void) ioctl (fd, LOOP_CLR_FD, 0); -+ goto keyclean_close_fd_ffd_return1; -+ } -+ } -+ if(multiKeyMode >= 65) { -+ if(ioctl(fd, LOOP_MULTI_KEY_SETUP_V3, &multiKeyBits[0][0]) < 0) { -+ if(multiKeyMode == 1000) goto try_v2_setup; -+ perror("ioctl: LOOP_MULTI_KEY_SETUP_V3"); -+ goto loop_clr_fd_out; -+ } -+ } else if(multiKeyMode == 64) { -+ try_v2_setup: -+ if((ioctl(fd, LOOP_MULTI_KEY_SETUP, &multiKeyBits[0][0]) < 0) && (multiKeyMode != 1000)) { -+ perror("ioctl: LOOP_MULTI_KEY_SETUP"); -+ goto loop_clr_fd_out; -+ } -+ } -+ -+ memset(loopinfo.lo_encrypt_key, 0, sizeof(loopinfo.lo_encrypt_key)); -+ memset(&multiKeyBits[0][0], 0, sizeof(multiKeyBits)); -+ close (fd); -+ close (ffd); -+ -+ if (verbose > 1) -+ printf(_("set_loop(%s,%s): success\n"), device, file); -+ return 0; -+} -+ -+#include <getopt.h> -+#include <stdarg.h> -+ -+static char *progname; -+ -+static void -+usage(void) { -+ fprintf(stderr, _("usage:\n\ -+ %s [options] loop_device file # setup\n\ -+ %s -F [options] loop_device [file] # setup, read /etc/fstab\n\ -+ %s loop_device # give info\n\ -+ %s -a # give info of all loops\n\ -+ %s -f # show next free loop device\n\ -+ %s -d loop_device # delete\n\ -+ %s -R loop_device # resize\n\ -+options: -e encryption -o offset -s sizelimit -p passwdfd -T -S pseed\n\ -+ -H phash -I loinit -K gpgkey -G gpghome -C itercountk -v -r\n\ -+ -P cleartextkey\n"), -+ progname, progname, progname, progname, progname, progname, progname); -+ exit(1); -+} -+ -+static void -+show_all_loops(void) -+{ -+ char dev[20]; -+ char *lfmt[] = { "/dev/loop%d", "/dev/loop/%d" }; -+ int i, j, fd, x; -+ struct stat statbuf; -+ -+ for(i = 0; i < 256; i++) { -+ for(j = (sizeof(lfmt) / sizeof(lfmt[0])) - 1; j >= 0; j--) { -+ sprintf(dev, lfmt[j], i); -+ if(stat(dev, &statbuf) == 0 && S_ISBLK(statbuf.st_mode)) { -+ fd = open(dev, O_RDONLY); -+ if(fd >= 0) { -+ x = is_unused_loop_device(fd); -+ close(fd); -+ if(x == 0) { -+ show_loop(dev); -+ j = 0; -+ } -+ } -+ } -+ } -+ } -+} -+ -+static int -+read_options_from_fstab(char *loopToFind, char **partitionPtr) -+{ -+ FILE *f; -+ struct mntent *m; -+ int y, foundMatch = 0; -+ char *opt, *fr1, *fr2; -+ struct options { -+ char *name; /* name of /etc/fstab option */ -+ char **dest; /* destination where it is written to */ -+ char *line; /* temp */ -+ }; -+ struct options tbl[] = { -+ { "device/file name ", partitionPtr }, /* must be index 0 */ -+ { "loop=", &loopToFind }, /* must be index 1 */ -+ { "offset=", &loopOffsetBytes }, -+ { "sizelimit=", &loopSizeBytes }, -+ { "encryption=", &loopEncryptionType }, -+ { "pseed=", &passSeedString }, -+ { "phash=", &passHashFuncName }, -+ { "loinit=", &loInitValue }, -+ { "gpgkey=", &gpgKeyFile }, -+ { "gpghome=", &gpgHomeDir }, -+ { "cleartextkey=", &clearTextKeyFile }, -+ { "itercountk=", &passIterThousands }, -+ }; -+ struct options *p; -+ -+ if (!(f = setmntent("/etc/fstab", "r"))) { -+ fprintf(stderr, _("Error: unable to open /etc/fstab for reading\n")); -+ return 0; -+ } -+ while ((m = getmntent(f)) != NULL) { -+ tbl[0].line = fr1 = xstrdup(m->mnt_fsname); -+ p = &tbl[1]; -+ do { -+ p->line = NULL; -+ } while (++p < &tbl[sizeof(tbl) / sizeof(struct options)]); -+ opt = fr2 = xstrdup(m->mnt_opts); -+ for (opt = strtok(opt, ","); opt != NULL; opt = strtok(NULL, ",")) { -+ p = &tbl[1]; -+ do { -+ y = strlen(p->name); -+ if (!strncmp(opt, p->name, y)) -+ p->line = opt + y; -+ } while (++p < &tbl[sizeof(tbl) / sizeof(struct options)]); -+ } -+ if (tbl[1].line && !strcmp(loopToFind, tbl[1].line)) { -+ if (++foundMatch > 1) { -+ fprintf(stderr, _("Error: multiple loop=%s options found in /etc/fstab\n"), loopToFind); -+ endmntent(f); -+ return 0; -+ } -+ p = &tbl[0]; -+ do { -+ if (!*p->dest && p->line) { -+ *p->dest = p->line; -+ if (verbose) -+ printf(_("using %s%s from /etc/fstab\n"), p->name, p->line); -+ } -+ } while (++p < &tbl[sizeof(tbl) / sizeof(struct options)]); -+ fr1 = fr2 = NULL; -+ } -+ if(fr1) free(fr1); -+ if(fr2) free(fr2); -+ } -+ endmntent(f); -+ if (foundMatch == 0) { -+ fprintf(stderr, _("Error: loop=%s option not found in /etc/fstab\n"), loopToFind); -+ } -+ return foundMatch; -+} -+ -+static int -+recompute_loop_dev_size(char *device) -+{ -+ int fd, err1 = 0, err2, err3; -+ long long oldBytes = -1, newBytes = -1; -+ -+ fd = open(device, O_RDONLY); -+ if(fd < 0) { -+ perror(device); -+ return 1; -+ } -+ if(verbose) { -+ err1 = ioctl(fd, BLKGETSIZE64, &oldBytes); -+ } -+ err2 = ioctl(fd, LOOP_RECOMPUTE_DEV_SIZE, 0); -+ if(err2) { -+ perror(device); -+ goto done1; -+ } -+ if(verbose) { -+ err3 = ioctl(fd, BLKGETSIZE64, &newBytes); -+ if(!err1 && (oldBytes >= 0)) { -+ printf("%s: old size %lld bytes\n", device, oldBytes); -+ } -+ if(!err3 && (newBytes >= 0)) { -+ printf("%s: new size %lld bytes\n", device, newBytes); -+ } -+ } -+done1: -+ close(fd); -+ return err2; -+} -+ -+static int -+del_loop (const char *device) { -+ int fd; -+ -+ sync(); -+ if ((fd = open (device, O_RDONLY)) < 0) { -+ int errsv = errno; -+ fprintf(stderr, _("loop: can't delete device %s: %s\n"), -+ device, strerror (errsv)); -+ return 1; -+ } -+ if (ioctl (fd, LOOP_CLR_FD, 0) < 0) { -+ perror ("ioctl: LOOP_CLR_FD"); -+ return 1; -+ } -+ close (fd); -+ if (verbose > 1) -+ printf(_("del_loop(%s): success\n"), device); -+ return 0; -+} -+ -+int -+main(int argc, char **argv) { -+ char *partitionName = NULL; -+ char *device = NULL; -+ int delete,find,c,option_a=0,option_F=0,option_R=0,setup_o=0; -+ int res = 0; -+ int ro = 0; -+ -+ setlocale(LC_ALL, ""); -+ bindtextdomain(PACKAGE, LOCALEDIR); -+ textdomain(PACKAGE); -+ -+ delete = find = 0; -+ progname = argv[0]; -+ while ((c = getopt(argc,argv,"aC:de:fFG:H:I:K:o:p:P:rRs:S:Tv")) != -1) { -+ switch (c) { -+ case 'a': /* show status of all loops */ -+ option_a = 1; -+ break; -+ case 'C': -+ passIterThousands = optarg; -+ setup_o = 1; -+ break; -+ case 'd': -+ delete = 1; -+ break; -+ case 'e': -+ loopEncryptionType = optarg; -+ setup_o = 1; -+ break; -+ case 'f': /* find free loop */ -+ find = 1; -+ break; -+ case 'F': /* read loop related options from /etc/fstab */ -+ option_F = 1; -+ setup_o = 1; -+ break; -+ case 'G': /* GnuPG home dir */ -+ gpgHomeDir = optarg; -+ setup_o = 1; -+ break; -+ case 'H': /* passphrase hash function name */ -+ passHashFuncName = optarg; -+ setup_o = 1; -+ break; -+ case 'I': /* lo_init[0] value (in string form) */ -+ loInitValue = optarg; -+ setup_o = 1; -+ break; -+ case 'K': /* GnuPG key file name */ -+ gpgKeyFile = optarg; -+ setup_o = 1; -+ break; -+ case 'o': -+ loopOffsetBytes = optarg; -+ setup_o = 1; -+ break; -+ case 'p': /* read passphrase from given fd */ -+ passFDnumber = optarg; -+ setup_o = 1; -+ break; -+ case 'P': /* read passphrase from given file */ -+ clearTextKeyFile = optarg; -+ setup_o = 1; -+ break; -+ case 'r': /* read-only */ -+ ro = 1; -+ setup_o = 1; -+ break; -+ case 'R': /* recompute loop dev size */ -+ option_R = 1; -+ break; -+ case 's': -+ loopSizeBytes = optarg; -+ setup_o = 1; -+ break; -+ case 'S': /* optional seed for passphrase */ -+ passSeedString = optarg; -+ setup_o = 1; -+ break; -+ case 'T': /* ask passphrase _twice_ */ -+ passAskTwice = "T"; -+ setup_o = 1; -+ break; -+ case 'v': -+ verbose++; -+ break; -+ default: -+ usage(); -+ } -+ } -+ if (option_a + delete + option_R + setup_o + find > 1) usage(); -+ if (option_a) { -+ /* show all loops */ -+ if (argc != optind) usage(); -+ show_all_loops(); -+ res = 0; -+ } else if (find) { -+ if (argc != optind) -+ usage(); -+ device = find_unused_loop_device(); -+ if (device == NULL) -+ return -1; -+ if (verbose) -+ printf("Loop device is %s\n", device); -+ printf("%s\n", device); -+ res = 0; -+ } else if (delete) { -+ /* delete loop */ -+ if (argc != optind+1) usage(); -+ res = del_loop(argv[optind]); -+ } else if (option_R) { -+ /* resize existing loop */ -+ if (argc != optind+1) usage(); -+ res = recompute_loop_dev_size(argv[optind]); -+ } else if ((argc == optind+1) && !setup_o) { -+ /* show one loop */ -+ res = show_loop(argv[optind]); -+ } else { -+ /* set up new loop */ -+ if ((argc < optind+1) || ((argc == optind+1) && !option_F) || (argc > optind+2)) -+ usage(); -+ if (argc > optind+1) -+ partitionName = argv[optind+1]; -+ if (option_F && (read_options_from_fstab(argv[optind], &partitionName) != 1)) -+ exit(1); -+ res = set_loop(argv[optind],partitionName,&ro, 1); -+ } -+ return res; -+} -diff -urN util-linux-2.34/sys-utils/mount.8 util-linux-2.34-AES/sys-utils/mount.8 ---- util-linux-2.34/sys-utils/mount.8 2019-05-15 14:49:04.536813022 +0300 -+++ util-linux-2.34-AES/sys-utils/mount.8 2019-07-11 09:31:03.215081140 +0300 -@@ -729,6 +729,11 @@ - sections. - .RE - -+.IP "\fB\-p, \-\-pass\-fd \fInum\fP" -+In case of a loop mount with encryption, read the passphrase from -+file descriptor -+.I num -+instead of from the terminal. - .TP - .BR "\-\-options\-mode " \fImode - Controls how to combine options from fstab/mtab with options from command line. -@@ -2387,13 +2392,19 @@ - .B "mount \-t ext4 /tmp/disk.img /mnt" - .sp - .RE --This type of mount knows about three options, namely --.BR loop ", " offset " and " sizelimit , -+This type of mount knows about 11 options, namely -+.BR loop ", " offset ", " sizelimit ", " encryption ", " pseed ", " phash ", " loinit ", " gpgkey ", " gpghome ", " cleartextkey " and " itercountk - that are really options to - .BR \%losetup (8). - (These options can be used in addition to those specific - to the filesystem type.) - -+If the mount requires a passphrase, you will be prompted for one unless you -+specify a file descriptor to read from instead with the -+.BR \-p -+command line option, or specify a file name with -+.BR cleartextkey -+mount option. - Since Linux 2.6.25 auto-destruction of loop devices is supported, - meaning that any loop device allocated by - .B mount -diff -urN util-linux-2.34/sys-utils/mount.c util-linux-2.34-AES/sys-utils/mount.c ---- util-linux-2.34/sys-utils/mount.c 2019-04-24 12:02:03.124448789 +0300 -+++ util-linux-2.34-AES/sys-utils/mount.c 2019-07-11 09:31:03.215081140 +0300 -@@ -36,6 +36,7 @@ - #include "c.h" - #include "env.h" - #include "strutils.h" -+#include "xgetpass.h" - #include "closestream.h" - #include "canonicalize.h" - -@@ -52,6 +53,7 @@ - * --options-source-force MNT_OMODE_FORCE - */ - -+static int passfd = -1; - static int mk_exit_code(struct libmnt_context *cxt, int rc); - - static void __attribute__((__noreturn__)) exit_non_root(const char *option) -@@ -102,6 +104,32 @@ - return 1; - } - -+static char *encrypt_pass_get(struct libmnt_context *cxt) -+{ -+ if (!cxt) -+ return 0; -+ -+#ifdef MCL_FUTURE -+ if (mlockall(MCL_CURRENT | MCL_FUTURE)) { -+ warn(_("couldn't lock into memory")); -+ return NULL; -+ } -+#endif -+ return xgetpass(passfd, _("Password: ")); -+} -+ -+static void encrypt_pass_release(struct libmnt_context *cxt -+ __attribute__((__unused__)), char *pwd) -+{ -+ char *p = pwd; -+ -+ while (p && *p) -+ *p++ = '\0'; -+ -+ free(pwd); -+ munlockall(); -+} -+ - /* - * Replace control chars with '?' to be compatible with coreutils. For more - * robust solution use findmnt(1) where we use \x?? hex encoding. -@@ -473,6 +501,7 @@ - fprintf(out, _( - " -o, --options <list> comma-separated list of mount options\n" - " -O, --test-opts <list> limit the set of filesystems (use with -a)\n" -+ " -p, --pass-fd <num> read the passphrase from file descriptor\n" - " -r, --read-only mount the filesystem read-only (same as -o ro)\n" - " -t, --types <list> limit the set of filesystem types\n")); - fprintf(out, _( -@@ -666,7 +695,7 @@ - - mnt_context_set_tables_errcb(cxt, table_parser_errcb); - -- while ((c = getopt_long(argc, argv, "aBcfFhilL:Mno:O:rRsU:vVwt:T:N:", -+ while ((c = getopt_long(argc, argv, "aBcfFhilL:Mno:O:p:rRsU:vVwt:T:N:", - longopts, NULL)) != -1) { - - /* only few options are allowed for non-root users */ -@@ -715,6 +744,10 @@ - if (mnt_context_set_options_pattern(cxt, optarg)) - err(MNT_EX_SYSERR, _("failed to set options pattern")); - break; -+ case 'p': -+ passfd = strtou32_or_err(optarg, -+ _("invalid passphrase file descriptor")); -+ break; - case 'L': - xasprintf(&srcbuf, "LABEL=\"%s\"", optarg); - mnt_context_disable_swapmatch(cxt, 1); -@@ -884,6 +917,8 @@ - else if (types) - mnt_context_set_fstype(cxt, types); - -+ mnt_context_set_passwd_cb(cxt, encrypt_pass_get, encrypt_pass_release); -+ - if (all) { - /* - * A) Mount all -diff -urN util-linux-2.34/sys-utils/swapoff.c util-linux-2.34-AES/sys-utils/swapoff.c ---- util-linux-2.34/sys-utils/swapoff.c 2019-04-24 12:02:03.126448778 +0300 -+++ util-linux-2.34-AES/sys-utils/swapoff.c 2019-07-11 09:31:03.215081140 +0300 -@@ -1,4 +1,9 @@ - #include <stdio.h> -+#include <sys/types.h> -+#include <sys/stat.h> -+#include <unistd.h> -+#include <fcntl.h> -+#include <sys/ioctl.h> - #include <errno.h> - #include <getopt.h> - -@@ -7,6 +12,7 @@ - #endif - - #include "nls.h" -+#include "loop.h" - #include "c.h" - #include "xalloc.h" - #include "closestream.h" -@@ -143,6 +149,45 @@ - exit(EXIT_SUCCESS); - } - -+static void -+shutdown_encrypted_swap(char *loop) -+{ -+ int fd; -+ struct stat statbuf; -+ struct loop_info64 loopinfo; -+ unsigned char b[32]; -+ FILE *f; -+ size_t ignoreThis = 0; -+ -+ if(stat(loop, &statbuf) == 0 && S_ISBLK(statbuf.st_mode)) { -+ if((fd = open(loop, O_RDWR)) >= 0) { -+ if(!loop_get_status64_ioctl(fd, &loopinfo)) { -+ /* -+ * Read 32 bytes of random data from kernel's random -+ * number generator and write that to loop device. -+ * This preserves some of kernel's random entropy -+ * to next activation of encrypted swap on this -+ * partition. -+ */ -+ if((f = fopen("/dev/urandom", "r")) != NULL) { -+ ignoreThis += fread(&b[0], 32, 1, f); -+ fclose(f); -+ ignoreThis += write(fd, &b[0], 32); -+ fsync(fd); -+ } -+ } -+ close(fd); -+ } -+ sync(); -+ if((fd = open(loop, O_RDONLY)) >= 0) { -+ if(!loop_get_status64_ioctl(fd, &loopinfo)) { -+ ioctl(fd, LOOP_CLR_FD, 0); -+ } -+ close(fd); -+ } -+ } -+} -+ - static int swapoff_all(void) - { - int status = 0; -@@ -173,8 +218,30 @@ - mnt_reset_iter(itr, MNT_ITER_FORWARD); - - while (tb && mnt_table_find_next_fs(tb, itr, match_swap, NULL, &fs) == 0) { -- if (!is_active_swap(mnt_fs_get_source(fs))) -- do_swapoff(mnt_fs_get_source(fs), QUIET, !CANONIC); -+ char *special; -+ char *loop = NULL, *encryption = NULL; -+ char *val = NULL; -+ size_t len = 0; -+ -+ special = (char *) mnt_fs_get_source(fs); -+ if(!special) continue; -+ if(mnt_fs_get_option(fs, "loop", &val, &len) == 0 && val && len) -+ loop = strndup(val, len); -+ if(mnt_fs_get_option(fs, "encryption", &val, &len) == 0 && val && len) -+ encryption = strndup(val, len); -+ if (loop && encryption) { -+ if (!is_active_swap(loop)) { /* do this only if it was not in /proc/swaps */ -+ do_swapoff(loop, QUIET, !CANONIC); -+ } -+ shutdown_encrypted_swap(loop); -+ goto do_free; -+ } -+ if (!is_active_swap(special)) { /* do this only if it was not in /proc/swaps */ -+ do_swapoff(special, QUIET, !CANONIC); -+ } -+ do_free: -+ if(loop) free(loop); -+ if(encryption) free(encryption); - } - - mnt_free_iter(itr); -diff -urN util-linux-2.34/sys-utils/swapon.8 util-linux-2.34-AES/sys-utils/swapon.8 ---- util-linux-2.34/sys-utils/swapon.8 2019-04-10 14:28:20.660836586 +0300 -+++ util-linux-2.34-AES/sys-utils/swapon.8 2019-07-11 09:31:03.215081140 +0300 -@@ -69,6 +69,22 @@ - .I /proc/swaps - or - .IR /etc/fstab ). -+.PP -+If -+.I loop=/dev/loop? -+and -+.I encryption=AES128 -+options are present in -+.I /etc/fstab -+then -+.BR "swapon -a" -+will set up loop devices using random keys, run -+.BR "mkswap" -+on them, and enable encrypted swap on specified loop devices. Encrypted loop -+devices are set up with page size offset so that unencrypted swap signatures -+on first page of swap devices are not touched. -+.BR "swapoff -a" -+will tear down such loop devices. - - .SH OPTIONS - .TP -diff -urN util-linux-2.34/sys-utils/swapon.c util-linux-2.34-AES/sys-utils/swapon.c ---- util-linux-2.34/sys-utils/swapon.c 2019-04-24 12:02:03.127448771 +0300 -+++ util-linux-2.34-AES/sys-utils/swapon.c 2019-07-11 09:31:03.215081140 +0300 -@@ -8,6 +8,8 @@ - #include <unistd.h> - #include <sys/types.h> - #include <sys/wait.h> -+#include <sys/time.h> -+#include <sys/ioctl.h> - #include <fcntl.h> - #include <stdint.h> - #include <ctype.h> -@@ -16,6 +18,8 @@ - - #include "c.h" - #include "nls.h" -+#include "loop.h" -+#include "../libmount/src/sha512.h" - #include "bitops.h" - #include "blkdev.h" - #include "pathnames.h" -@@ -722,6 +726,227 @@ - } - - -+static int -+prepare_encrypted_swap(char *partition, char *loop, char *encryption) -+{ -+ int x, y, fd, ffd; -+ int page_size; -+ sha512_context s; -+ unsigned char b[4096], multiKeyBits[65][32]; -+ char *a[10], *apiName; -+ struct loop_info64 loopinfo; -+ FILE *f; -+ size_t ignoreThis = 0; -+ -+ /* -+ * Some sanity checks -+ */ -+ if(strlen(partition) < 1) { -+ fprintf(stderr, _("swapon: invalid swap device name\n")); -+ return 0; -+ } -+ if(strlen(loop) < 1) { -+ fprintf(stderr, _("swapon: invalid loop device name\n")); -+ return 0; -+ } -+ if(strlen(encryption) < 1) { -+ fprintf(stderr, _("swapon: invalid encryption type\n")); -+ return 0; -+ } -+ -+ /* -+ * Abort if loop device does not exist or is already in use -+ */ -+ sync(); -+ if((fd = open(loop, O_RDWR)) == -1) { -+ fprintf(stderr, _("swapon: unable to open loop device %s\n"), loop); -+ return 0; -+ } -+ if(is_unused_loop_device(fd) == 0) { -+ fprintf(stderr, _("swapon: loop device %s already in use\n"), loop); -+ goto errout0; -+ } -+ -+ /* -+ * Compute SHA-512 over first 40 KB of old swap data. This data -+ * is mostly unknown data encrypted using unknown key. SHA-512 hash -+ * output is then used as entropy for new swap encryption key. -+ */ -+ if(!(f = fopen(partition, "r+"))) { -+ fprintf(stderr, _("swapon: unable to open swap device %s\n"), partition); -+ goto errout0; -+ } -+ page_size = getpagesize(); -+ fseek(f, (long)page_size, SEEK_SET); -+ __loDev_sha512_init(&s); -+ for(x = 0; x < 10; x++) { -+ if(fread(&b[0], sizeof(b), 1, f) != 1) break; -+ __loDev_sha512_write(&s, &b[0], sizeof(b)); -+ } -+ __loDev_sha512_final(&s); -+ -+ /* -+ * Overwrite 40 KB of old swap data 20 times so that recovering -+ * SHA-512 output beyond this point is difficult and expensive. -+ */ -+ for(y = 0; y < 20; y++) { -+ int z; -+ struct { -+ struct timeval tv; -+ unsigned char h[64]; -+ int x,y,z; -+ } j; -+ if(fseek(f, (long)page_size, SEEK_SET)) break; -+ memcpy(&j.h[0], &s.sha_out[0], 64); -+ gettimeofday(&j.tv, NULL); -+ j.y = y; -+ for(x = 0; x < 10; x++) { -+ j.x = x; -+ for(z = 0; z < (int) sizeof(b); z += 64) { -+ j.z = z; -+ __loDev_sha512_hash_buffer((unsigned char *)&j, sizeof(j), &b[z], 64); -+ } -+ if(fwrite(&b[0], sizeof(b), 1, f) != 1) break; -+ } -+ memset(&j, 0, sizeof(j)); -+ if(fflush(f)) break; -+ if(fsync(fileno(f))) break; -+ } -+ fclose(f); -+ -+ /* -+ * Use all 512 bits of hash output -+ */ -+ memcpy(&b[0], &s.sha_out[0], 64); -+ memset(&s, 0, sizeof(s)); -+ -+ /* -+ * Read 32 bytes of random entropy from kernel's random -+ * number generator. This code may be executed early on startup -+ * scripts and amount of random entropy may be non-existent. -+ * SHA-512 of old swap data is used as workaround for missing -+ * entropy in kernel's random number generator. -+ */ -+ if(!(f = fopen("/dev/urandom", "r"))) { -+ fprintf(stderr, _("swapon: unable to open /dev/urandom\n")); -+ goto errout0; -+ } -+ ignoreThis += fread(&b[64], 32, 1, f); -+ -+ /* -+ * Set up struct loop_info64 -+ */ -+ if((ffd = open(partition, O_RDWR)) < 0) { -+ fprintf(stderr, _("swapon: unable to open swap device %s\n"), partition); -+ goto errout1; -+ } -+ memset(&loopinfo, 0, sizeof(loopinfo)); -+ strncpy((char *)loopinfo.lo_file_name, partition, LO_NAME_SIZE - 1); -+ loopinfo.lo_file_name[LO_NAME_SIZE - 1] = 0; -+ loopinfo.lo_encrypt_type = loop_crypt_type(encryption, &loopinfo.lo_encrypt_key_size, &apiName); -+ if(loopinfo.lo_encrypt_type <= 1) { -+ fprintf(stderr, _("swapon: unsupported swap encryption type %s\n"), encryption); -+errout2: -+ close(ffd); -+errout1: -+ fclose(f); -+errout0: -+ close(fd); -+ memset(&loopinfo.lo_encrypt_key[0], 0, sizeof(loopinfo.lo_encrypt_key)); -+ memset(&multiKeyBits[0][0], 0, sizeof(multiKeyBits)); -+ return 0; -+ } -+ loopinfo.lo_offset = page_size; -+ /* single-key hash */ -+ __loDev_sha512_hash_buffer(&b[0], 64+32, &loopinfo.lo_encrypt_key[0], sizeof(loopinfo.lo_encrypt_key)); -+ /* multi-key hash */ -+ x = 0; -+ while(x < 65) { -+ ignoreThis += fread(&b[64+32], 16, 1, f); -+ __loDev_sha512_hash_buffer(&b[0], 64+32+16, &multiKeyBits[x][0], 32); -+ x++; -+ } -+ -+ /* -+ * Try to set up single-key loop -+ */ -+ if(ioctl(fd, LOOP_SET_FD, ffd) < 0) { -+ fprintf(stderr, _("swapon: LOOP_SET_FD failed\n")); -+ goto errout2; -+ } -+ if ((loopinfo.lo_encrypt_type == 18) || (loop_set_status64_ioctl(fd, &loopinfo) < 0)) { -+ if(try_cryptoapi_loop_interface(fd, &loopinfo, apiName) < 0) { -+ fprintf(stderr, _("swapon: LOOP_SET_STATUS failed\n")); -+ ioctl(fd, LOOP_CLR_FD, 0); -+ goto errout2; -+ } -+ } -+ -+ /* -+ * Try to put loop to multi-key v3 or v2 mode. -+ * If this fails, then let it operate in single-key mode. -+ */ -+ if(ioctl(fd, LOOP_MULTI_KEY_SETUP_V3, &multiKeyBits[0][0]) < 0) { -+ ioctl(fd, LOOP_MULTI_KEY_SETUP, &multiKeyBits[0][0]); -+ } -+ -+ /* -+ * Loop is now set up. Clean up the keys. -+ */ -+ memset(&loopinfo.lo_encrypt_key[0], 0, sizeof(loopinfo.lo_encrypt_key)); -+ memset(&multiKeyBits[0][0], 0, sizeof(multiKeyBits)); -+ close(ffd); -+ fclose(f); -+ close(fd); -+ -+ /* -+ * Write 40 KB of zeroes to loop device. That same data is written -+ * to underlying partition in encrypted form. This is done to guarantee -+ * that next time encrypted swap is initialized, the SHA-512 hash will -+ * be different. And, if encrypted swap data writes over this data, that's -+ * even better. -+ */ -+ if(!(f = fopen(loop, "r+"))) { -+ fprintf(stderr, _("swapon: unable to open loop device %s\n"), loop); -+ return 0; -+ } -+ memset(&b[0], 0, sizeof(b)); -+ for(x = 0; x < 10; x++) { -+ if(fwrite(&b[0], sizeof(b), 1, f) != 1) break; -+ } -+ fflush(f); -+ fsync(fileno(f)); -+ fclose(f); -+ sync(); -+ -+ /* -+ * Run mkswap on loop device so that kernel understands it as swap. -+ * Redirect stderr to /dev/null and ignore exit value. -+ */ -+ if(!(x = fork())) { -+ if((x = open("/dev/null", O_WRONLY)) >= 0) { -+ dup2(x, 2); -+ close(x); -+ } -+ a[0] = "mkswap"; -+ a[1] = loop; -+ a[2] = 0; -+ execvp(a[0], &a[0]); -+ execv("/sbin/mkswap", &a[0]); -+ /* error to stdout, stderr is directed to /dev/null */ -+ printf(_("swapon: unable to execute mkswap\n")); -+ exit(1); -+ } -+ if(x == -1) { -+ fprintf(stderr, _("swapon: fork failed\n")); -+ return 0; -+ } -+ waitpid(x, &y, 0); -+ sync(); -+ -+ return 1; -+} -+ - static int swapon_all(struct swapon_ctl *ctl) - { - struct libmnt_table *tb = get_fstab(); -@@ -739,6 +964,9 @@ - while (mnt_table_find_next_fs(tb, itr, match_swap, NULL, &fs) == 0) { - /* defaults */ - const char *opts; -+ char *loop = NULL, *encryption = NULL; -+ char *val = NULL; -+ size_t len = 0; - const char *device; - struct swap_prop prop; /* per device setting */ - -@@ -747,6 +975,10 @@ - warnx(_("%s: noauto option -- ignored"), mnt_fs_get_source(fs)); - continue; - } -+ if(mnt_fs_get_option(fs, "loop", &val, &len) == 0 && val && len) -+ loop = strndup(val, len); -+ if(mnt_fs_get_option(fs, "encryption", &val, &len) == 0 && val && len) -+ encryption = strndup(val, len); - - /* default setting */ - prop = ctl->props; -@@ -761,23 +993,38 @@ - if (!device) { - if (!prop.no_fail) - status |= cannot_find(mnt_fs_get_source(fs)); -- continue; -+ goto do_free; -+ } -+ -+ if (loop && encryption) { -+ if (!is_active_swap(loop) && (!prop.no_fail || !access(device, R_OK))) { -+ if(!prepare_encrypted_swap((char*)device, loop, encryption)) { -+ status |= -1; -+ goto do_free; -+ } -+ status |= do_swapon(ctl, &prop, loop, TRUE); -+ } -+ goto do_free; - } - - if (is_active_swap(device)) { - if (ctl->verbose) - warnx(_("%s: already active -- ignored"), device); -- continue; -+ goto do_free; - } - - if (prop.no_fail && access(device, R_OK) != 0) { - if (ctl->verbose) - warnx(_("%s: inaccessible -- ignored"), device); -- continue; -+ goto do_free; - } - - /* swapon */ - status |= do_swapon(ctl, &prop, device, TRUE); -+ -+ do_free: -+ if(loop) free(loop); -+ if(encryption) free(encryption); - } - - mnt_free_iter(itr); |