Georg/luksrku
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Use pkg-config and have git-based version number

Browse Source 
Use pkg-config to find OpenSSL headers and library. Use "git describe"
to determine current version.
This commit is contained in:
Johannes Bauer 2019-10-19 14:47:54 +02:00
parent 52dee3bad0
commit 363fc70f1c
4 changed files with 33 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
Makefile
View File

@ -1,13 +1,15 @@
.PHONY: all clean test testclient derive install .PHONY: all clean test testclient derive install
all: luksrku luksrku-config all: luksrku luksrku-config
BUILD_REVISION := $(shell git describe --abbrev=10 --dirty --always)
INSTALL_PREFIX := /usr/local/ INSTALL_PREFIX := /usr/local/
CFLAGS := -std=c11 -Wall -Wextra -O2 -pthread -D_POSIX_SOURCE -D_XOPEN_SOURCE=500 -Wmissing-prototypes -Wstrict-prototypes -Wno-unused-parameter CFLAGS := -Wall -Wextra -Wshadow -Wswitch -Wpointer-arith -Wcast-qual -Wstrict-prototypes -Wmissing-prototypes -Werror=implicit-function-declaration -Werror=format -Wno-unused-parameter
#CFLAGS := -Wall -Wextra -O2 -Wmissing-prototypes -Wstrict-prototypes
CFLAGS += -std=c11 -pthread -D_POSIX_SOURCE -D_XOPEN_SOURCE=500 -DBUILD_REVISION='"$(BUILD_REVISION)"'
#CFLAGS += -g -DDEBUG #CFLAGS += -g -DDEBUG
LDFLAGS := -lcrypto -lssl CFLAGS += `pkg-config --cflags openssl`
LDFLAGS += -L/usr/local/lib
#LDFLAGS := -static $(LIBDIR)libssl.a $(LIBDIR)libcrypto.a LDFLAGS := `pkg-config --libs openssl`
#LDFLAGS := -static $(LIBDIR)libssl.a $(LIBDIR)libcrypto.a -ldl
OBJS := luksrku.o server.o log.o openssl.o client.o keyfile.o msg.o binkeyfile.o util.o cmdline.o luks.o exec.o blacklist.o OBJS := luksrku.o server.o log.o openssl.o client.o keyfile.o msg.o binkeyfile.o util.o cmdline.o luks.o exec.o blacklist.o
OBJS_CFG := luksrku-config.o keyfile.o binkeyfile.o parse-keyfile.o openssl.o log.o util.o OBJS_CFG := luksrku-config.o keyfile.o binkeyfile.o parse-keyfile.o openssl.o log.o util.o

30
binkeyfile.c
View File

@ -54,8 +54,8 @@ static void dump_key(const struct key_t *key) {
/* Derives a previous key with known salt. Passphrase and salt must be set. */ /* Derives a previous key with known salt. Passphrase and salt must be set. */
static bool derive_previous_key(struct key_t *key) { static bool derive_previous_key(struct key_t *key) {
const unsigned int maxalloc_mib = 8 + ((128 * SCRYPT_N * SCRYPT_r * SCRYPT_p + (1024 * 1024 - 1)) / 1024 / 1024); const unsigned int maxalloc_mib = 8 + ((128 * SCRYPT_N * SCRYPT_r * SCRYPT_p + (1024 * 1024 - 1)) / 1024 / 1024);
log_msg(LLVL_DEBUG, "Deriving scrypt key with N = %u, r = %u, p = %u, i.e., ~%u MiB of memory", SCRYPT_N, SCRYPT_r, SCRYPT_p, maxalloc_mib); log_msg(LLVL_DEBUG, "Deriving scrypt key with N = %u, r = %u, p = %u, i.e., ~%u MiB of memory", SCRYPT_N, SCRYPT_r, SCRYPT_p, maxalloc_mib);
const char *passphrase = (key->passphrase == NULL) ? "" : key->passphrase; const char *passphrase = (key->passphrase == NULL) ? "" : key->passphrase;
int pwlen = strlen(passphrase); int pwlen = strlen(passphrase);
int result = EVP_PBE_scrypt(passphrase, pwlen, (unsigned char*)key->salt, BINKEYFILE_SALT_SIZE, SCRYPT_N, SCRYPT_r, SCRYPT_p, maxalloc_mib * 1024 * 1024, key->key, BINKEYFILE_KEY_SIZE); int result = EVP_PBE_scrypt(passphrase, pwlen, (unsigned char*)key->salt, BINKEYFILE_SALT_SIZE, SCRYPT_N, SCRYPT_r, SCRYPT_p, maxalloc_mib * 1024 * 1024, key->key, BINKEYFILE_KEY_SIZE);
@ -71,7 +71,7 @@ static bool derive_previous_key(struct key_t *key) {
static bool encrypt_aes256_gcm(const void *plaintext, unsigned int plaintext_len, unsigned char *key, unsigned char *iv, unsigned char *ciphertext, unsigned char *tag) { static bool encrypt_aes256_gcm(const void *plaintext, unsigned int plaintext_len, unsigned char *key, unsigned char *iv, unsigned char *ciphertext, unsigned char *tag) {
bool success = true; bool success = true;
log_msg(LLVL_DEBUG, "Encrypting %u bytes of plaintext using AES256-GCM", plaintext_len); log_msg(LLVL_DEBUG, "Encrypting %u bytes of plaintext using AES256-GCM", plaintext_len);
EVP_CIPHER_CTX *ctx = NULL; EVP_CIPHER_CTX *ctx = NULL;
do { do {
@ -82,8 +82,8 @@ static bool encrypt_aes256_gcm(const void *plaintext, unsigned int plaintext_len
success = false; success = false;
break; break;
} }
if (!EVP_EncryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL)) { if (!EVP_EncryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL)) {
log_openssl(LLVL_FATAL, "Error in EVP_EncryptInit_ex"); log_openssl(LLVL_FATAL, "Error in EVP_EncryptInit_ex");
success = false; success = false;
break; break;
} }
@ -147,9 +147,9 @@ static bool encrypt_aes256_gcm(const void *plaintext, unsigned int plaintext_len
static bool decrypt_aes256_gcm(unsigned char *ciphertext, unsigned int ciphertext_len, unsigned char *tag, unsigned char *key, unsigned char *iv, void *plaintext) { static bool decrypt_aes256_gcm(unsigned char *ciphertext, unsigned int ciphertext_len, unsigned char *tag, unsigned char *key, unsigned char *iv, void *plaintext) {
bool success = true; bool success = true;
log_msg(LLVL_DEBUG, "Decrypting %u bytes of ciphertext using AES256-GCM", ciphertext_len); log_msg(LLVL_DEBUG, "Decrypting %u bytes of ciphertext using AES256-GCM", ciphertext_len);
EVP_CIPHER_CTX *ctx = NULL; EVP_CIPHER_CTX *ctx = NULL;
do { do {
/* Create and initialise the context */ /* Create and initialise the context */
ctx = EVP_CIPHER_CTX_new(); ctx = EVP_CIPHER_CTX_new();
if (!ctx) { if (!ctx) {
@ -203,7 +203,7 @@ static bool decrypt_aes256_gcm(unsigned char *ciphertext, unsigned int ciphertex
/* Finalise the decryption. A positive return value indicates success, /* Finalise the decryption. A positive return value indicates success,
* anything else is a failure - the plaintext is not trustworthy. */ * anything else is a failure - the plaintext is not trustworthy. */
int padding_len = 0; int padding_len = 0;
if (EVP_DecryptFinal_ex(ctx, plaintext + plaintext_len, &padding_len) <= 0) { if (EVP_DecryptFinal_ex(ctx, (uint8_t*)plaintext + plaintext_len, &padding_len) <= 0) {
log_openssl(LLVL_FATAL, "Decryption of tail failed."); log_openssl(LLVL_FATAL, "Decryption of tail failed.");
success = false; success = false;
break; break;
@ -240,8 +240,8 @@ bool read_binary_keyfile(const char *filename, struct keydb_t *keydb) {
unsigned int plaintext_size = 0; unsigned int plaintext_size = 0;
do { do {
memset(keydb, 0, sizeof(struct keydb_t)); memset(keydb, 0, sizeof(struct keydb_t));
/* Stat the file first to find out the size */ /* Stat the file first to find out the size */
struct stat statbuf; struct stat statbuf;
if (stat(filename, &statbuf) == -1) { if (stat(filename, &statbuf) == -1) {
log_libc(LLVL_ERROR, "stat of %s failed", filename); log_libc(LLVL_ERROR, "stat of %s failed", filename);
@ -283,7 +283,7 @@ bool read_binary_keyfile(const char *filename, struct keydb_t *keydb) {
break; break;
} }
fclose(f); fclose(f);
/* Copy the file's salt into the key structure so we can derive the /* Copy the file's salt into the key structure so we can derive the
* proper decryption key */ * proper decryption key */
struct key_t key; struct key_t key;
@ -328,7 +328,7 @@ bool read_binary_keyfile(const char *filename, struct keydb_t *keydb) {
/* Finally copy the decrypted linear file over to the keydb_t structure /* Finally copy the decrypted linear file over to the keydb_t structure
**/ **/
for (unsigned int i = 0; i < plaintext_size / sizeof(struct keyentry_t); i++) { for (unsigned int i = 0; i < plaintext_size / sizeof(struct keyentry_t); i++) {
if (!add_keyslot(keydb)) { if (!add_keyslot(keydb)) {
log_msg(LLVL_FATAL, "Failed to add keyslot."); log_msg(LLVL_FATAL, "Failed to add keyslot.");
success = false; success = false;
@ -337,14 +337,14 @@ bool read_binary_keyfile(const char *filename, struct keydb_t *keydb) {
memcpy(last_keyentry(keydb), &plaintext[i], sizeof(struct keyentry_t)); memcpy(last_keyentry(keydb), &plaintext[i], sizeof(struct keyentry_t));
} }
} while (false); } while (false);
if (plaintext) { if (plaintext) {
memset(plaintext, 0, plaintext_size); memset(plaintext, 0, plaintext_size);
free(plaintext); free(plaintext);
} }
if (binkeyfile) { if (binkeyfile) {
memset(binkeyfile, 0, binkeyfile_size); memset(binkeyfile, 0, binkeyfile_size);
free(binkeyfile); free(binkeyfile);
} }
return success; return success;
} }
@ -381,7 +381,7 @@ bool write_binary_keyfile(const char *filename, const struct keydb_t *keydb, con
for (int i = 0; i < keydb->entrycnt; i++) { for (int i = 0; i < keydb->entrycnt; i++) {
memcpy(&plaintext[i], &keydb->entries[i], sizeof(struct keyentry_t)); memcpy(&plaintext[i], &keydb->entries[i], sizeof(struct keyentry_t));
} }
/* Encrypt */ /* Encrypt */
if (!encrypt_aes256_gcm(plaintext, payload_size, key.key, binkeyfile->iv, binkeyfile->ciphertext, binkeyfile->auth_tag)) { if (!encrypt_aes256_gcm(plaintext, payload_size, key.key, binkeyfile->iv, binkeyfile->ciphertext, binkeyfile->auth_tag)) {
log_libc(LLVL_FATAL, "encryption failed"); log_libc(LLVL_FATAL, "encryption failed");

22
cmdline.c
View File

@ -67,13 +67,13 @@ void print_syntax(const char *pgmname) {
fprintf(stderr, " manual key entry. This defaults to 5 tries.\n"); fprintf(stderr, " manual key entry. This defaults to 5 tries.\n");
fprintf(stderr, " -v, --verbose Increase logging verbosity.\n"); fprintf(stderr, " -v, --verbose Increase logging verbosity.\n");
fprintf(stderr, "\n"); fprintf(stderr, "\n");
fprintf(stderr, "luksrku version: " LUKSRKU_VERSION "\n"); fprintf(stderr, "luksrku version: " BUILD_REVISION "\n");
} }
static void set_default_arguments(struct options_t *options) { static void set_default_arguments(struct options_t *options) {
memset(options, 0, sizeof(struct options_t)); memset(options, 0, sizeof(struct options_t));
/* Default port :-) echo -n LUKS | md5sum | cut -c -5 */ /* Default port :-) echo -n LUKS | md5sum | cut -c -5 */
options->port = 23170; options->port = 23170;
/* Default, overwritten later by fill_default_arguments() */ /* Default, overwritten later by fill_default_arguments() */
@ -84,7 +84,7 @@ static void set_default_arguments(struct options_t *options) {
} }
static void fill_default_arguments(struct options_t *options) { static void fill_default_arguments(struct options_t *options) {
/* Set default unlock count */ /* Set default unlock count */
if (options->unlock_cnt == -1) { if (options->unlock_cnt == -1) {
if (options->mode == CLIENT_MODE) { if (options->mode == CLIENT_MODE) {
options->unlock_cnt = 1; options->unlock_cnt = 1;
@ -99,7 +99,7 @@ static bool check_arguments(const struct options_t *options) {
fprintf(stderr, "Must specify client or server mode.\n"); fprintf(stderr, "Must specify client or server mode.\n");
return false; return false;
} }
if (options->keydbfile == NULL) { if (options->keydbfile == NULL) {
fprintf(stderr, "Must specify a key database file.\n"); fprintf(stderr, "Must specify a key database file.\n");
return false; return false;
@ -140,32 +140,32 @@ bool parse_cmdline_arguments(struct options_t *options, int argc, char **argv) {
case 'v': case 'v':
options->verbose = true; options->verbose = true;
break; break;
case LONGOPT_MODE_SERVER: case LONGOPT_MODE_SERVER:
case 's': case 's':
options->mode = SERVER_MODE; options->mode = SERVER_MODE;
break; break;
case LONGOPT_MODE_CLIENT: case LONGOPT_MODE_CLIENT:
case 'c': case 'c':
options->mode = CLIENT_MODE; options->mode = CLIENT_MODE;
break; break;
case LONGOPT_PORT: case LONGOPT_PORT:
case 'p': case 'p':
options->port = atoi(optarg); options->port = atoi(optarg);
break; break;
case LONGOPT_KEYDB: case LONGOPT_KEYDB:
case 'k': case 'k':
options->keydbfile = optarg; options->keydbfile = optarg;
break; break;
case LONGOPT_UNLOCK_CNT: case LONGOPT_UNLOCK_CNT:
case 'u': case 'u':
options->unlock_cnt = atoi(optarg); options->unlock_cnt = atoi(optarg);
break; break;
case LONGOPT_MAX_BCAST_ERRS: case LONGOPT_MAX_BCAST_ERRS:
options->max_broadcast_errs = atoi(optarg); options->max_broadcast_errs = atoi(optarg);
break; break;

2
global.h
View File

@ -30,8 +30,6 @@
#define CLIENT_PSK_IDENTITY "luksrku v1" #define CLIENT_PSK_IDENTITY "luksrku v1"
#define CLIENT_ANNOUNCE_MAGIC { 0x46, 0xf2, 0xf6, 0xc6, 0x63, 0x12, 0x2e, 0x00, 0xa0, 0x8a, 0xae, 0x42, 0x0c, 0x51, 0xf5, 0x65 } #define CLIENT_ANNOUNCE_MAGIC { 0x46, 0xf2, 0xf6, 0xc6, 0x63, 0x12, 0x2e, 0x00, 0xa0, 0x8a, 0xae, 0x42, 0x0c, 0x51, 0xf5, 0x65 }
#define LUKSRKU_VERSION "0.01"
/* Size in bytes of the PSK that is used for TLS */ /* Size in bytes of the PSK that is used for TLS */
#define PSK_SIZE_BYTES 32 #define PSK_SIZE_BYTES 32