summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2003-12-04 21:09:48 +0000
committerLennart Poettering <lennart@poettering.net>2003-12-04 21:09:48 +0000
commitb3023ac69b16bc682bbfb4a38ce63667f6b2cabe (patch)
treeed7d6896aea2fa807f28ca503b3e0b44fb88ee77
parent636960fbb999b4b47ee0cb536bba8c17e8dd7d0d (diff)
may fixes from dbindner
git-svn-id: file:///home/lennart/svn/public/seppl/trunk@16 91a2fd9b-5dcb-0310-a70a-d71e310228e6
-rw-r--r--Makefile.am2
-rw-r--r--configure.ac42
-rw-r--r--kernel/ipt_CRYPT.c5
-rw-r--r--kernel/seppl.c30
-rw-r--r--kernel/seppl.h3
-rw-r--r--utils-python/Makefile.am (renamed from utils/Makefile.am)2
-rwxr-xr-xutils-python/seppl-gen-key (renamed from utils/seppl-gen-key)2
-rwxr-xr-xutils-python/seppl-ls (renamed from utils/seppl-ls)2
-rw-r--r--utils-python/seppl_common.py (renamed from utils/seppl_common.py)2
9 files changed, 81 insertions, 9 deletions
diff --git a/Makefile.am b/Makefile.am
index 4cfa711..61456ee 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -19,7 +19,7 @@
# This Makefile is NOT created by automake!
EXTRA_DIST = bootstrap.sh README LICENSE
-SUBDIRS=kernel libs utils conf doc
+SUBDIRS=kernel libs utils-python conf doc
MAINTAINERCLEANFILES = README
noinst_DATA = README
diff --git a/configure.ac b/configure.ac
index 090cf67..aeceb3e 100644
--- a/configure.ac
+++ b/configure.ac
@@ -20,7 +20,7 @@
# Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.
AC_PREREQ(2.57)
-AC_INIT([seppl], [0.2], [mzfrccy (at) 0pointer (dot) de])
+AC_INIT([seppl], [0.3], [mzfrccy (at) 0pointer (dot) de])
AC_CONFIG_SRCDIR([kernel/seppl.c])
AC_CONFIG_HEADERS([config.h])
AM_INIT_AUTOMAKE([foreign -Wall])
@@ -39,8 +39,10 @@ if test "x$GCC" = "xyes" ; then
fi
if type -p stow > /dev/null && test -d /usr/local/stow ; then
- AC_MSG_NOTICE([*** Found /usr/local/stow: installing to /usr/local/stow/${PACKAGE_NAME}-${PACKAGE_VERSION} ***])
- AC_PREFIX_DEFAULT([/usr/local/stow/${PACKAGE_NAME}-${PACKAGE_VERSION}])
+ AC_MSG_NOTICE([*** Found /usr/local/stow: default install prefix set to /usr/local/stow/${PACKAGE_NAME}-${PACKAGE_VERSION} ***])
+ ac_default_prefix="/usr/local/stow/${PACKAGE_NAME}-${PACKAGE_VERSION}"
+else
+ ac_default_prefix="/usr/local"
fi
AC_PROG_INSTALL
@@ -49,6 +51,38 @@ AC_PROG_MAKE_SET
AC_CHECK_FUNCS([memset])
AC_C_CONST
+# iptables version
+AC_PATH_PROG([IPTABLES], [iptables], [iptables], [$PATH:/usr/local/sbin:/usr/sbin:/sbin])
+AC_MSG_CHECKING([iptables release])
+if test "x$IPTABLES" = x ; then
+ AC_MSG_ERROR([*** Please install iptables ***])
+fi
+IPTABLES_VERSION=$("$IPTABLES" -V | cut -d' ' -f2 | sed 's/^v//')
+AC_DEFINE(IPTABLES_VERSION, [$IPTABLES_VERSION], "iptables release number")
+AC_MSG_RESULT([$IPTABLES_VERSION])
+
+# Init script location
+AC_ARG_WITH(initdir, AC_HELP_STRING([--with-initdir=DIR], [Install init script in DIR (system dependent default)]))
+
+test "x$with_initdir" = xyes -o "x$with_initdir" = xno && with_initdir=
+
+if test "x$with_initdir" = x ; then
+ if test -d /etc/init.d ; then
+ SYSINITDIR=/etc/init.d
+ else
+ if test -d /etc/rc.d/init.d ; then
+ SYSINITDIR=/etc/rc.d/init.d
+ else
+ AC_MSG_ERROR([missing --with-initdir=DIR])
+ fi
+ fi
+else
+ SYSINITDIR="$with_initdir"
+fi
+
+AC_MSG_NOTICE([Init sript will be installed in $SYSINITDIR])
+AC_SUBST(SYSINITDIR)
+
# Check for directory with kernel source...
AC_MSG_CHECKING(for directory with kernel source)
AC_ARG_WITH(kernel,
@@ -144,5 +178,5 @@ fi
AM_CONDITIONAL([USE_XMLTOMAN], [test "x$xmltoman" = xyes])
-AC_CONFIG_FILES([kernel/Makefile libs/Makefile Makefile utils/Makefile conf/Makefile doc/Makefile doc/README.html])
+AC_CONFIG_FILES([kernel/Makefile libs/Makefile Makefile utils-python/Makefile conf/Makefile doc/Makefile doc/README.html])
AC_OUTPUT
diff --git a/kernel/ipt_CRYPT.c b/kernel/ipt_CRYPT.c
index c4a2daf..68b5784 100644
--- a/kernel/ipt_CRYPT.c
+++ b/kernel/ipt_CRYPT.c
@@ -98,6 +98,11 @@ static unsigned int ipt_CRYPT_target(struct sk_buff **pskb, unsigned int hooknum
// Copy the IV
seppl_copy_iv(ti->key, iv);
+ // Encrypt to make it randomish
+ sg[0].page = virt_to_page((void*) iv);
+ sg[0].offset = (((long) (void *) iv) & ~PAGE_MASK);
+ sg[0].length = ivs;
+ crypto_cipher_encrypt(ti->key->tfm_ecb, sg, sg, sg[0].length );
// Fill the crypted header
ch->ident = 0x00;
diff --git a/kernel/seppl.c b/kernel/seppl.c
index ddb6bba..b15afbe 100644
--- a/kernel/seppl.c
+++ b/kernel/seppl.c
@@ -168,6 +168,8 @@ int seppl_add_key(u8 algorithm, const char *name, const u8 *key_data) {
key->key = key->iv = NULL;
key->tfm = NULL;
+ key->key_ecb = NULL;
+ key->tfm_ecb = NULL;
atomic_set(&key->usage, 0);
spin_lock_init(&key->iv_spinlock);
@@ -201,6 +203,26 @@ int seppl_add_key(u8 algorithm, const char *name, const u8 *key_data) {
key->blocksize = crypto_tfm_alg_blocksize(key->tfm);
proc_file->size += 8 + key->keysize;
+
+ /* Set up a random ecb key for making good IVs */
+ if (!(key->tfm_ecb = crypto_alloc_tfm("aes", CRYPTO_TFM_MODE_ECB))) {
+ printk(KERN_ERR "SEPPL: Failed to load ecb cipher.\n");
+ goto cleanup;
+ }
+
+ if ( !(key->key_ecb = kmalloc( 128/8, GFP_KERNEL ))) {
+ r = -ENOMEM;
+ printk( KERN_ERR "SEPPL: kmalloc() failed #2a\n" );
+ goto cleanup;
+ }
+
+ get_random_bytes(key->key_ecb, 128/8);
+
+ if (crypto_cipher_setkey(key->tfm_ecb, key->key_ecb, 128/8)) {
+ printk(KERN_ERR "SEPPL: Failed to set ecb cipher key.\n");
+ goto cleanup;
+ }
+
atomic_set(&key->ready, 1);
printk(KERN_INFO "SEPPL: Added key sucessfully.\n");
@@ -229,6 +251,7 @@ cleanup:
spin_unlock(&keyring_lock);
+ /* Free the data transform */
if (key->tfm)
crypto_free_tfm(key->tfm);
@@ -238,6 +261,13 @@ cleanup:
if (key->iv)
kfree(key->iv);
+ /* Free the IV transform */
+ if (key->tfm_ecb)
+ crypto_free_tfm(key->tfm_ecb);
+
+ if (key->key_ecb)
+ kfree(key->key_ecb);
+
kfree(key);
}
diff --git a/kernel/seppl.h b/kernel/seppl.h
index 273d865..282ba26 100644
--- a/kernel/seppl.h
+++ b/kernel/seppl.h
@@ -44,6 +44,9 @@ struct seppl_key {
u8 *iv;
u8 *key;
+ struct crypto_tfm *tfm_ecb; /* for encrypting iv */
+ u8 *key_ecb;
+
unsigned int ivsize;
unsigned int keysize;
unsigned int blocksize;
diff --git a/utils/Makefile.am b/utils-python/Makefile.am
index 49726f1..a16367f 100644
--- a/utils/Makefile.am
+++ b/utils-python/Makefile.am
@@ -1,4 +1,4 @@
-# $Id: Makefile.am 40 2003-10-27 18:32:45Z lennart $
+# $Id$
#
# This file is part of seppl.
#
diff --git a/utils/seppl-gen-key b/utils-python/seppl-gen-key
index cc5817e..1690bb1 100755
--- a/utils/seppl-gen-key
+++ b/utils-python/seppl-gen-key
@@ -1,6 +1,6 @@
#!/usr/bin/python
-# $Id: Makefile.am 40 2003-10-27 18:32:45Z lennart $
+# $Id$
#
# This file is part of seppl.
#
diff --git a/utils/seppl-ls b/utils-python/seppl-ls
index b05b949..0b0decb 100755
--- a/utils/seppl-ls
+++ b/utils-python/seppl-ls
@@ -1,6 +1,6 @@
#!/usr/bin/python
-# $Id: Makefile.am 40 2003-10-27 18:32:45Z lennart $
+# $Id$
#
# This file is part of seppl.
#
diff --git a/utils/seppl_common.py b/utils-python/seppl_common.py
index c8fe5ca..59e7f96 100644
--- a/utils/seppl_common.py
+++ b/utils-python/seppl_common.py
@@ -1,6 +1,6 @@
#!/usr/bin/perl
-# $Id: Makefile.am 40 2003-10-27 18:32:45Z lennart $
+# $Id$
#
# This file is part of seppl.
#