diff options
author | Lennart Poettering <lennart@poettering.net> | 2003-12-04 21:09:48 +0000 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2003-12-04 21:09:48 +0000 |
commit | b3023ac69b16bc682bbfb4a38ce63667f6b2cabe (patch) | |
tree | ed7d6896aea2fa807f28ca503b3e0b44fb88ee77 | |
parent | 636960fbb999b4b47ee0cb536bba8c17e8dd7d0d (diff) |
may fixes from dbindner
git-svn-id: file:///home/lennart/svn/public/seppl/trunk@16 91a2fd9b-5dcb-0310-a70a-d71e310228e6
-rw-r--r-- | Makefile.am | 2 | ||||
-rw-r--r-- | configure.ac | 42 | ||||
-rw-r--r-- | kernel/ipt_CRYPT.c | 5 | ||||
-rw-r--r-- | kernel/seppl.c | 30 | ||||
-rw-r--r-- | kernel/seppl.h | 3 | ||||
-rw-r--r-- | utils-python/Makefile.am (renamed from utils/Makefile.am) | 2 | ||||
-rwxr-xr-x | utils-python/seppl-gen-key (renamed from utils/seppl-gen-key) | 2 | ||||
-rwxr-xr-x | utils-python/seppl-ls (renamed from utils/seppl-ls) | 2 | ||||
-rw-r--r-- | utils-python/seppl_common.py (renamed from utils/seppl_common.py) | 2 |
9 files changed, 81 insertions, 9 deletions
diff --git a/Makefile.am b/Makefile.am index 4cfa711..61456ee 100644 --- a/Makefile.am +++ b/Makefile.am @@ -19,7 +19,7 @@ # This Makefile is NOT created by automake! EXTRA_DIST = bootstrap.sh README LICENSE -SUBDIRS=kernel libs utils conf doc +SUBDIRS=kernel libs utils-python conf doc MAINTAINERCLEANFILES = README noinst_DATA = README diff --git a/configure.ac b/configure.ac index 090cf67..aeceb3e 100644 --- a/configure.ac +++ b/configure.ac @@ -20,7 +20,7 @@ # Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. AC_PREREQ(2.57) -AC_INIT([seppl], [0.2], [mzfrccy (at) 0pointer (dot) de]) +AC_INIT([seppl], [0.3], [mzfrccy (at) 0pointer (dot) de]) AC_CONFIG_SRCDIR([kernel/seppl.c]) AC_CONFIG_HEADERS([config.h]) AM_INIT_AUTOMAKE([foreign -Wall]) @@ -39,8 +39,10 @@ if test "x$GCC" = "xyes" ; then fi if type -p stow > /dev/null && test -d /usr/local/stow ; then - AC_MSG_NOTICE([*** Found /usr/local/stow: installing to /usr/local/stow/${PACKAGE_NAME}-${PACKAGE_VERSION} ***]) - AC_PREFIX_DEFAULT([/usr/local/stow/${PACKAGE_NAME}-${PACKAGE_VERSION}]) + AC_MSG_NOTICE([*** Found /usr/local/stow: default install prefix set to /usr/local/stow/${PACKAGE_NAME}-${PACKAGE_VERSION} ***]) + ac_default_prefix="/usr/local/stow/${PACKAGE_NAME}-${PACKAGE_VERSION}" +else + ac_default_prefix="/usr/local" fi AC_PROG_INSTALL @@ -49,6 +51,38 @@ AC_PROG_MAKE_SET AC_CHECK_FUNCS([memset]) AC_C_CONST +# iptables version +AC_PATH_PROG([IPTABLES], [iptables], [iptables], [$PATH:/usr/local/sbin:/usr/sbin:/sbin]) +AC_MSG_CHECKING([iptables release]) +if test "x$IPTABLES" = x ; then + AC_MSG_ERROR([*** Please install iptables ***]) +fi +IPTABLES_VERSION=$("$IPTABLES" -V | cut -d' ' -f2 | sed 's/^v//') +AC_DEFINE(IPTABLES_VERSION, [$IPTABLES_VERSION], "iptables release number") +AC_MSG_RESULT([$IPTABLES_VERSION]) + +# Init script location +AC_ARG_WITH(initdir, AC_HELP_STRING([--with-initdir=DIR], [Install init script in DIR (system dependent default)])) + +test "x$with_initdir" = xyes -o "x$with_initdir" = xno && with_initdir= + +if test "x$with_initdir" = x ; then + if test -d /etc/init.d ; then + SYSINITDIR=/etc/init.d + else + if test -d /etc/rc.d/init.d ; then + SYSINITDIR=/etc/rc.d/init.d + else + AC_MSG_ERROR([missing --with-initdir=DIR]) + fi + fi +else + SYSINITDIR="$with_initdir" +fi + +AC_MSG_NOTICE([Init sript will be installed in $SYSINITDIR]) +AC_SUBST(SYSINITDIR) + # Check for directory with kernel source... AC_MSG_CHECKING(for directory with kernel source) AC_ARG_WITH(kernel, @@ -144,5 +178,5 @@ fi AM_CONDITIONAL([USE_XMLTOMAN], [test "x$xmltoman" = xyes]) -AC_CONFIG_FILES([kernel/Makefile libs/Makefile Makefile utils/Makefile conf/Makefile doc/Makefile doc/README.html]) +AC_CONFIG_FILES([kernel/Makefile libs/Makefile Makefile utils-python/Makefile conf/Makefile doc/Makefile doc/README.html]) AC_OUTPUT diff --git a/kernel/ipt_CRYPT.c b/kernel/ipt_CRYPT.c index c4a2daf..68b5784 100644 --- a/kernel/ipt_CRYPT.c +++ b/kernel/ipt_CRYPT.c @@ -98,6 +98,11 @@ static unsigned int ipt_CRYPT_target(struct sk_buff **pskb, unsigned int hooknum // Copy the IV seppl_copy_iv(ti->key, iv); + // Encrypt to make it randomish + sg[0].page = virt_to_page((void*) iv); + sg[0].offset = (((long) (void *) iv) & ~PAGE_MASK); + sg[0].length = ivs; + crypto_cipher_encrypt(ti->key->tfm_ecb, sg, sg, sg[0].length ); // Fill the crypted header ch->ident = 0x00; diff --git a/kernel/seppl.c b/kernel/seppl.c index ddb6bba..b15afbe 100644 --- a/kernel/seppl.c +++ b/kernel/seppl.c @@ -168,6 +168,8 @@ int seppl_add_key(u8 algorithm, const char *name, const u8 *key_data) { key->key = key->iv = NULL; key->tfm = NULL; + key->key_ecb = NULL; + key->tfm_ecb = NULL; atomic_set(&key->usage, 0); spin_lock_init(&key->iv_spinlock); @@ -201,6 +203,26 @@ int seppl_add_key(u8 algorithm, const char *name, const u8 *key_data) { key->blocksize = crypto_tfm_alg_blocksize(key->tfm); proc_file->size += 8 + key->keysize; + + /* Set up a random ecb key for making good IVs */ + if (!(key->tfm_ecb = crypto_alloc_tfm("aes", CRYPTO_TFM_MODE_ECB))) { + printk(KERN_ERR "SEPPL: Failed to load ecb cipher.\n"); + goto cleanup; + } + + if ( !(key->key_ecb = kmalloc( 128/8, GFP_KERNEL ))) { + r = -ENOMEM; + printk( KERN_ERR "SEPPL: kmalloc() failed #2a\n" ); + goto cleanup; + } + + get_random_bytes(key->key_ecb, 128/8); + + if (crypto_cipher_setkey(key->tfm_ecb, key->key_ecb, 128/8)) { + printk(KERN_ERR "SEPPL: Failed to set ecb cipher key.\n"); + goto cleanup; + } + atomic_set(&key->ready, 1); printk(KERN_INFO "SEPPL: Added key sucessfully.\n"); @@ -229,6 +251,7 @@ cleanup: spin_unlock(&keyring_lock); + /* Free the data transform */ if (key->tfm) crypto_free_tfm(key->tfm); @@ -238,6 +261,13 @@ cleanup: if (key->iv) kfree(key->iv); + /* Free the IV transform */ + if (key->tfm_ecb) + crypto_free_tfm(key->tfm_ecb); + + if (key->key_ecb) + kfree(key->key_ecb); + kfree(key); } diff --git a/kernel/seppl.h b/kernel/seppl.h index 273d865..282ba26 100644 --- a/kernel/seppl.h +++ b/kernel/seppl.h @@ -44,6 +44,9 @@ struct seppl_key { u8 *iv; u8 *key; + struct crypto_tfm *tfm_ecb; /* for encrypting iv */ + u8 *key_ecb; + unsigned int ivsize; unsigned int keysize; unsigned int blocksize; diff --git a/utils/Makefile.am b/utils-python/Makefile.am index 49726f1..a16367f 100644 --- a/utils/Makefile.am +++ b/utils-python/Makefile.am @@ -1,4 +1,4 @@ -# $Id: Makefile.am 40 2003-10-27 18:32:45Z lennart $ +# $Id$ # # This file is part of seppl. # diff --git a/utils/seppl-gen-key b/utils-python/seppl-gen-key index cc5817e..1690bb1 100755 --- a/utils/seppl-gen-key +++ b/utils-python/seppl-gen-key @@ -1,6 +1,6 @@ #!/usr/bin/python -# $Id: Makefile.am 40 2003-10-27 18:32:45Z lennart $ +# $Id$ # # This file is part of seppl. # diff --git a/utils/seppl-ls b/utils-python/seppl-ls index b05b949..0b0decb 100755 --- a/utils/seppl-ls +++ b/utils-python/seppl-ls @@ -1,6 +1,6 @@ #!/usr/bin/python -# $Id: Makefile.am 40 2003-10-27 18:32:45Z lennart $ +# $Id$ # # This file is part of seppl. # diff --git a/utils/seppl_common.py b/utils-python/seppl_common.py index c8fe5ca..59e7f96 100644 --- a/utils/seppl_common.py +++ b/utils-python/seppl_common.py @@ -1,6 +1,6 @@ #!/usr/bin/perl -# $Id: Makefile.am 40 2003-10-27 18:32:45Z lennart $ +# $Id$ # # This file is part of seppl. # |