Use pkg-config and have git-based version number
Use pkg-config to find OpenSSL headers and library. Use "git describe" to determine current version.
This commit is contained in:
Johannes Bauer
parent
52dee3bad0
commit
363fc70f1c
12
Makefile
12
Makefile
@ -1,13 +1,15 @@
|
||||
.PHONY: all clean test testclient derive install
|
||||
all: luksrku luksrku-config
|
||||
|
||||
BUILD_REVISION := $(shell git describe --abbrev=10 --dirty --always)
|
||||
INSTALL_PREFIX := /usr/local/
|
||||
CFLAGS := -std=c11 -Wall -Wextra -O2 -pthread -D_POSIX_SOURCE -D_XOPEN_SOURCE=500 -Wmissing-prototypes -Wstrict-prototypes -Wno-unused-parameter
|
||||
CFLAGS := -Wall -Wextra -Wshadow -Wswitch -Wpointer-arith -Wcast-qual -Wstrict-prototypes -Wmissing-prototypes -Werror=implicit-function-declaration -Werror=format -Wno-unused-parameter
|
||||
#CFLAGS := -Wall -Wextra -O2 -Wmissing-prototypes -Wstrict-prototypes
|
||||
CFLAGS += -std=c11 -pthread -D_POSIX_SOURCE -D_XOPEN_SOURCE=500 -DBUILD_REVISION='"$(BUILD_REVISION)"'
|
||||
#CFLAGS += -g -DDEBUG
|
||||
LDFLAGS := -lcrypto -lssl
|
||||
LDFLAGS += -L/usr/local/lib
|
||||
#LDFLAGS := -static $(LIBDIR)libssl.a $(LIBDIR)libcrypto.a
|
||||
#LDFLAGS := -static $(LIBDIR)libssl.a $(LIBDIR)libcrypto.a -ldl
|
||||
CFLAGS += `pkg-config --cflags openssl`
|
||||
|
||||
LDFLAGS := `pkg-config --libs openssl`
|
||||
|
||||
OBJS := luksrku.o server.o log.o openssl.o client.o keyfile.o msg.o binkeyfile.o util.o cmdline.o luks.o exec.o blacklist.o
|
||||
OBJS_CFG := luksrku-config.o keyfile.o binkeyfile.o parse-keyfile.o openssl.o log.o util.o
|
||||
|
||||
30
binkeyfile.c
30
binkeyfile.c
@ -54,8 +54,8 @@ static void dump_key(const struct key_t *key) {
|
||||
/* Derives a previous key with known salt. Passphrase and salt must be set. */
|
||||
static bool derive_previous_key(struct key_t *key) {
|
||||
const unsigned int maxalloc_mib = 8 + ((128 * SCRYPT_N * SCRYPT_r * SCRYPT_p + (1024 * 1024 - 1)) / 1024 / 1024);
|
||||
log_msg(LLVL_DEBUG, "Deriving scrypt key with N = %u, r = %u, p = %u, i.e., ~%u MiB of memory", SCRYPT_N, SCRYPT_r, SCRYPT_p, maxalloc_mib);
|
||||
|
||||
log_msg(LLVL_DEBUG, "Deriving scrypt key with N = %u, r = %u, p = %u, i.e., ~%u MiB of memory", SCRYPT_N, SCRYPT_r, SCRYPT_p, maxalloc_mib);
|
||||
|
||||
const char *passphrase = (key->passphrase == NULL) ? "" : key->passphrase;
|
||||
int pwlen = strlen(passphrase);
|
||||
int result = EVP_PBE_scrypt(passphrase, pwlen, (unsigned char*)key->salt, BINKEYFILE_SALT_SIZE, SCRYPT_N, SCRYPT_r, SCRYPT_p, maxalloc_mib * 1024 * 1024, key->key, BINKEYFILE_KEY_SIZE);
|
||||
@ -71,7 +71,7 @@ static bool derive_previous_key(struct key_t *key) {
|
||||
|
||||
static bool encrypt_aes256_gcm(const void *plaintext, unsigned int plaintext_len, unsigned char *key, unsigned char *iv, unsigned char *ciphertext, unsigned char *tag) {
|
||||
bool success = true;
|
||||
log_msg(LLVL_DEBUG, "Encrypting %u bytes of plaintext using AES256-GCM", plaintext_len);
|
||||
log_msg(LLVL_DEBUG, "Encrypting %u bytes of plaintext using AES256-GCM", plaintext_len);
|
||||
|
||||
EVP_CIPHER_CTX *ctx = NULL;
|
||||
do {
|
||||
@ -82,8 +82,8 @@ static bool encrypt_aes256_gcm(const void *plaintext, unsigned int plaintext_len
|
||||
success = false;
|
||||
break;
|
||||
}
|
||||
if (!EVP_EncryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL)) {
|
||||
log_openssl(LLVL_FATAL, "Error in EVP_EncryptInit_ex");
|
||||
if (!EVP_EncryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL)) {
|
||||
log_openssl(LLVL_FATAL, "Error in EVP_EncryptInit_ex");
|
||||
success = false;
|
||||
break;
|
||||
}
|
||||
@ -147,9 +147,9 @@ static bool encrypt_aes256_gcm(const void *plaintext, unsigned int plaintext_len
|
||||
static bool decrypt_aes256_gcm(unsigned char *ciphertext, unsigned int ciphertext_len, unsigned char *tag, unsigned char *key, unsigned char *iv, void *plaintext) {
|
||||
bool success = true;
|
||||
log_msg(LLVL_DEBUG, "Decrypting %u bytes of ciphertext using AES256-GCM", ciphertext_len);
|
||||
|
||||
|
||||
EVP_CIPHER_CTX *ctx = NULL;
|
||||
do {
|
||||
do {
|
||||
/* Create and initialise the context */
|
||||
ctx = EVP_CIPHER_CTX_new();
|
||||
if (!ctx) {
|
||||
@ -203,7 +203,7 @@ static bool decrypt_aes256_gcm(unsigned char *ciphertext, unsigned int ciphertex
|
||||
/* Finalise the decryption. A positive return value indicates success,
|
||||
* anything else is a failure - the plaintext is not trustworthy. */
|
||||
int padding_len = 0;
|
||||
if (EVP_DecryptFinal_ex(ctx, plaintext + plaintext_len, &padding_len) <= 0) {
|
||||
if (EVP_DecryptFinal_ex(ctx, (uint8_t*)plaintext + plaintext_len, &padding_len) <= 0) {
|
||||
log_openssl(LLVL_FATAL, "Decryption of tail failed.");
|
||||
success = false;
|
||||
break;
|
||||
@ -240,8 +240,8 @@ bool read_binary_keyfile(const char *filename, struct keydb_t *keydb) {
|
||||
unsigned int plaintext_size = 0;
|
||||
do {
|
||||
memset(keydb, 0, sizeof(struct keydb_t));
|
||||
|
||||
/* Stat the file first to find out the size */
|
||||
|
||||
/* Stat the file first to find out the size */
|
||||
struct stat statbuf;
|
||||
if (stat(filename, &statbuf) == -1) {
|
||||
log_libc(LLVL_ERROR, "stat of %s failed", filename);
|
||||
@ -283,7 +283,7 @@ bool read_binary_keyfile(const char *filename, struct keydb_t *keydb) {
|
||||
break;
|
||||
}
|
||||
fclose(f);
|
||||
|
||||
|
||||
/* Copy the file's salt into the key structure so we can derive the
|
||||
* proper decryption key */
|
||||
struct key_t key;
|
||||
@ -328,7 +328,7 @@ bool read_binary_keyfile(const char *filename, struct keydb_t *keydb) {
|
||||
|
||||
/* Finally copy the decrypted linear file over to the keydb_t structure
|
||||
**/
|
||||
for (unsigned int i = 0; i < plaintext_size / sizeof(struct keyentry_t); i++) {
|
||||
for (unsigned int i = 0; i < plaintext_size / sizeof(struct keyentry_t); i++) {
|
||||
if (!add_keyslot(keydb)) {
|
||||
log_msg(LLVL_FATAL, "Failed to add keyslot.");
|
||||
success = false;
|
||||
@ -337,14 +337,14 @@ bool read_binary_keyfile(const char *filename, struct keydb_t *keydb) {
|
||||
memcpy(last_keyentry(keydb), &plaintext[i], sizeof(struct keyentry_t));
|
||||
}
|
||||
} while (false);
|
||||
|
||||
|
||||
if (plaintext) {
|
||||
memset(plaintext, 0, plaintext_size);
|
||||
free(plaintext);
|
||||
}
|
||||
if (binkeyfile) {
|
||||
memset(binkeyfile, 0, binkeyfile_size);
|
||||
free(binkeyfile);
|
||||
free(binkeyfile);
|
||||
}
|
||||
return success;
|
||||
}
|
||||
@ -381,7 +381,7 @@ bool write_binary_keyfile(const char *filename, const struct keydb_t *keydb, con
|
||||
for (int i = 0; i < keydb->entrycnt; i++) {
|
||||
memcpy(&plaintext[i], &keydb->entries[i], sizeof(struct keyentry_t));
|
||||
}
|
||||
|
||||
|
||||
/* Encrypt */
|
||||
if (!encrypt_aes256_gcm(plaintext, payload_size, key.key, binkeyfile->iv, binkeyfile->ciphertext, binkeyfile->auth_tag)) {
|
||||
log_libc(LLVL_FATAL, "encryption failed");
|
||||
|
||||
22
cmdline.c
22
cmdline.c
@ -67,13 +67,13 @@ void print_syntax(const char *pgmname) {
|
||||
fprintf(stderr, " manual key entry. This defaults to 5 tries.\n");
|
||||
fprintf(stderr, " -v, --verbose Increase logging verbosity.\n");
|
||||
fprintf(stderr, "\n");
|
||||
fprintf(stderr, "luksrku version: " LUKSRKU_VERSION "\n");
|
||||
fprintf(stderr, "luksrku version: " BUILD_REVISION "\n");
|
||||
}
|
||||
|
||||
static void set_default_arguments(struct options_t *options) {
|
||||
memset(options, 0, sizeof(struct options_t));
|
||||
|
||||
/* Default port :-) echo -n LUKS | md5sum | cut -c -5 */
|
||||
|
||||
/* Default port :-) echo -n LUKS | md5sum | cut -c -5 */
|
||||
options->port = 23170;
|
||||
|
||||
/* Default, overwritten later by fill_default_arguments() */
|
||||
@ -84,7 +84,7 @@ static void set_default_arguments(struct options_t *options) {
|
||||
}
|
||||
|
||||
static void fill_default_arguments(struct options_t *options) {
|
||||
/* Set default unlock count */
|
||||
/* Set default unlock count */
|
||||
if (options->unlock_cnt == -1) {
|
||||
if (options->mode == CLIENT_MODE) {
|
||||
options->unlock_cnt = 1;
|
||||
@ -99,7 +99,7 @@ static bool check_arguments(const struct options_t *options) {
|
||||
fprintf(stderr, "Must specify client or server mode.\n");
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
if (options->keydbfile == NULL) {
|
||||
fprintf(stderr, "Must specify a key database file.\n");
|
||||
return false;
|
||||
@ -140,32 +140,32 @@ bool parse_cmdline_arguments(struct options_t *options, int argc, char **argv) {
|
||||
case 'v':
|
||||
options->verbose = true;
|
||||
break;
|
||||
|
||||
|
||||
case LONGOPT_MODE_SERVER:
|
||||
case 's':
|
||||
options->mode = SERVER_MODE;
|
||||
break;
|
||||
|
||||
|
||||
case LONGOPT_MODE_CLIENT:
|
||||
case 'c':
|
||||
options->mode = CLIENT_MODE;
|
||||
break;
|
||||
|
||||
|
||||
case LONGOPT_PORT:
|
||||
case 'p':
|
||||
options->port = atoi(optarg);
|
||||
break;
|
||||
|
||||
|
||||
case LONGOPT_KEYDB:
|
||||
case 'k':
|
||||
options->keydbfile = optarg;
|
||||
break;
|
||||
|
||||
|
||||
case LONGOPT_UNLOCK_CNT:
|
||||
case 'u':
|
||||
options->unlock_cnt = atoi(optarg);
|
||||
break;
|
||||
|
||||
|
||||
case LONGOPT_MAX_BCAST_ERRS:
|
||||
options->max_broadcast_errs = atoi(optarg);
|
||||
break;
|
||||
|
||||
2
global.h
2
global.h
@ -30,8 +30,6 @@
|
||||
#define CLIENT_PSK_IDENTITY "luksrku v1"
|
||||
#define CLIENT_ANNOUNCE_MAGIC { 0x46, 0xf2, 0xf6, 0xc6, 0x63, 0x12, 0x2e, 0x00, 0xa0, 0x8a, 0xae, 0x42, 0x0c, 0x51, 0xf5, 0x65 }
|
||||
|
||||
#define LUKSRKU_VERSION "0.01"
|
||||
|
||||
/* Size in bytes of the PSK that is used for TLS */
|
||||
#define PSK_SIZE_BYTES 32
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user