diff options
Diffstat (limited to 'meta-ivi/recipes-support-ivi/ecryptfs-utils/ecryptfs-utils/ecryptfs-fix-disable-nss.patch')
-rw-r--r-- | meta-ivi/recipes-support-ivi/ecryptfs-utils/ecryptfs-utils/ecryptfs-fix-disable-nss.patch | 324 |
1 files changed, 169 insertions, 155 deletions
diff --git a/meta-ivi/recipes-support-ivi/ecryptfs-utils/ecryptfs-utils/ecryptfs-fix-disable-nss.patch b/meta-ivi/recipes-support-ivi/ecryptfs-utils/ecryptfs-utils/ecryptfs-fix-disable-nss.patch index 6105819..76d502d 100644 --- a/meta-ivi/recipes-support-ivi/ecryptfs-utils/ecryptfs-utils/ecryptfs-fix-disable-nss.patch +++ b/meta-ivi/recipes-support-ivi/ecryptfs-utils/ecryptfs-utils/ecryptfs-fix-disable-nss.patch @@ -1,76 +1,20 @@ -Index: ecryptfs-utils-93/src/libecryptfs/main.c -=================================================================== ---- ecryptfs-utils-93.orig/src/libecryptfs/main.c 2011-10-27 18:53:07.000000000 +0300 -+++ ecryptfs-utils-93/src/libecryptfs/main.c 2011-12-07 17:23:57.000000000 +0200 +From 278418aa56573c368abd6dc9b7742df270574842 Mon Sep 17 00:00:00 2001 +From: Li xin <lixin.fnst at cn.fujitsu.com> +Date: Tue, 28 Jul 2015 03:06:10 +0900 +Subject: [PATCH] ecryptfs fix disable nss + +--- + src/libecryptfs/key_management.c | 87 ++++++++++++++++++++++++++++++++++++++++ + src/libecryptfs/main.c | 31 ++++++++++++++ + 2 files changed, 118 insertions(+) + +diff --git a/src/libecryptfs/key_management.c b/src/libecryptfs/key_management.c +index 81a9c08..c051a50 100644 +--- a/src/libecryptfs/key_management.c ++++ b/src/libecryptfs/key_management.c @@ -21,8 +21,12 @@ + */ - #include "config.h" - #include <errno.h> -+#ifdef ENABLE_NSS - #include <nss.h> - #include <pk11func.h> -+#else -+#include <gcrypt.h> -+#endif /* #ifdef ENABLE_NSS */ - #include <mntent.h> - #ifndef S_SPLINT_S - #include <stdio.h> -@@ -74,7 +78,16 @@ - - int do_hash(char *src, int src_size, char *dst, int algo) - { -+#ifdef ENABLE_NSS - SECStatus err; -+#else -+ gcry_md_hd_t hd; -+ gcry_error_t err = 0; -+ unsigned char * hash; -+ unsigned int mdlen; -+#endif /* #ifdef ENABLE_NSS */ -+ -+#ifdef ENABLE_NSS - - NSS_NoDB_Init(NULL); - err = PK11_HashBuf(algo, (unsigned char *)dst, (unsigned char *)src, -@@ -86,6 +99,19 @@ - err = -EINVAL; - goto out; - } -+#else -+ err = gcry_md_open(&hd, algo, 0); -+ mdlen = gcry_md_get_algo_dlen(algo); -+ if (err) { -+ syslog(LOG_ERR, "Failed to open hash algo [%d]: " -+ "[%d]\n", algo, err); -+ goto out; -+ } -+ gcry_md_write(hd, src, src_size); -+ hash = gcry_md_read(hd, algo); -+ memcpy(dst, hash, mdlen); -+ gcry_md_close(hd); -+#endif /* #ifdef ENABLE_NSS */ - out: - return (int)err; - } -@@ -214,7 +240,11 @@ - char salt_and_passphrase[ECRYPTFS_MAX_PASSPHRASE_BYTES - + ECRYPTFS_SALT_SIZE]; - int passphrase_size; -+#ifdef ENABLE_NSS - int alg = SEC_OID_SHA512; -+#else -+ int alg = GCRY_MD_SHA512; -+#endif /* #ifdef ENABLE_NSS */ - int dig_len = SHA512_DIGEST_LENGTH; - char buf[SHA512_DIGEST_LENGTH]; - int hash_iterations = ECRYPTFS_DEFAULT_NUM_HASH_ITERATIONS; -Index: ecryptfs-utils-93/src/libecryptfs/key_management.c -=================================================================== ---- ecryptfs-utils-93.orig/src/libecryptfs/key_management.c 2011-10-27 18:53:07.000000000 +0300 -+++ ecryptfs-utils-93/src/libecryptfs/key_management.c 2011-12-07 17:38:46.000000000 +0200 -@@ -20,8 +20,12 @@ - - #include "config.h" #include <errno.h> +#ifdef ENABLE_NSS #include <nss.h> @@ -81,7 +25,7 @@ Index: ecryptfs-utils-93/src/libecryptfs/key_management.c #include <keyutils.h> #ifndef S_SPLINT_S #include <stdio.h> -@@ -295,6 +299,7 @@ +@@ -572,6 +576,7 @@ int ecryptfs_wrap_passphrase(char *filename, char *wrapping_passphrase, ECRYPTFS_AES_BLOCK_SIZE + 1]; int encrypted_passphrase_pos = 0; int decrypted_passphrase_pos = 0; @@ -89,19 +33,19 @@ Index: ecryptfs-utils-93/src/libecryptfs/key_management.c int tmp1_outlen = 0; int tmp2_outlen = 0; SECStatus err; -@@ -303,6 +308,11 @@ +@@ -580,6 +585,11 @@ int ecryptfs_wrap_passphrase(char *filename, char *wrapping_passphrase, PK11SlotInfo *slot = NULL; PK11Context *enc_ctx = NULL; SECItem *sec_param = NULL; +#else +#warning Building against gcrypt instead of nss -+ gcry_cipher_hd_t gcry_handle; -+ gcry_error_t gcry_err; ++ gcry_cipher_hd_t gcry_handle; ++ gcry_error_t gcry_err; +#endif /* #ifdef ENABLE_NSS */ int encrypted_passphrase_bytes; int decrypted_passphrase_bytes; int fd; -@@ -334,6 +344,7 @@ +@@ -618,6 +628,7 @@ int ecryptfs_wrap_passphrase(char *filename, char *wrapping_passphrase, - (decrypted_passphrase_bytes % ECRYPTFS_AES_BLOCK_SIZE)); encrypted_passphrase_bytes = decrypted_passphrase_bytes; @@ -109,49 +53,49 @@ Index: ecryptfs-utils-93/src/libecryptfs/key_management.c NSS_NoDB_Init(NULL); slot = PK11_GetBestSlot(CKM_AES_ECB, NULL); key_item.data = (unsigned char *)wrapping_key; -@@ -394,6 +405,41 @@ +@@ -678,6 +689,41 @@ nss_finish: rc = - EIO; goto out; } +#else -+ if ((gcry_err = gcry_cipher_open(&gcry_handle, GCRY_CIPHER_AES, -+ GCRY_CIPHER_MODE_ECB, 0))) { -+ syslog(LOG_ERR, "Error attempting to initialize AES cipher; " -+ "gcry_error_t = [%d]\n", gcry_err); -+ rc = -EIO; -+ goto out; -+ } -+ if ((gcry_err = gcry_cipher_setkey(gcry_handle, wrapping_key, -+ ECRYPTFS_AES_KEY_BYTES))) { -+ syslog(LOG_ERR, "Error attempting to set AES key; " -+ "gcry_error_t = [%d]\n", gcry_err); -+ rc = -EIO; -+ gcry_cipher_close(gcry_handle); -+ goto out; -+ } -+ while (decrypted_passphrase_bytes > 0) { -+ if ((gcry_err = gcry_cipher_encrypt( -+ gcry_handle, -+ &encrypted_passphrase[encrypted_passphrase_pos], -+ ECRYPTFS_AES_BLOCK_SIZE, -+ &decrypted_passphrase[decrypted_passphrase_pos], -+ ECRYPTFS_AES_BLOCK_SIZE))) { -+ syslog(LOG_ERR, "Error attempting to encrypt block; " -+ "gcry_error = [%d]\n", gcry_err); -+ rc = -EIO; -+ gcry_cipher_close(gcry_handle); -+ goto out; -+ } -+ encrypted_passphrase_pos += ECRYPTFS_AES_BLOCK_SIZE; -+ decrypted_passphrase_pos += ECRYPTFS_AES_BLOCK_SIZE; -+ decrypted_passphrase_bytes -= ECRYPTFS_AES_BLOCK_SIZE; -+ } -+ gcry_cipher_close(gcry_handle); ++ if ((gcry_err = gcry_cipher_open(&gcry_handle, GCRY_CIPHER_AES, ++ GCRY_CIPHER_MODE_ECB, 0))) { ++ syslog(LOG_ERR, "Error attempting to initialize AES cipher; " ++ "gcry_error_t = [%d]\n", gcry_err); ++ rc = -EIO; ++ goto out; ++ } ++ if ((gcry_err = gcry_cipher_setkey(gcry_handle, wrapping_key, ++ ECRYPTFS_AES_KEY_BYTES))) { ++ syslog(LOG_ERR, "Error attempting to set AES key; " ++ "gcry_error_t = [%d]\n", gcry_err); ++ rc = -EIO; ++ gcry_cipher_close(gcry_handle); ++ goto out; ++ } ++ while (decrypted_passphrase_bytes > 0) { ++ if ((gcry_err = gcry_cipher_encrypt( ++ gcry_handle, ++ &encrypted_passphrase[encrypted_passphrase_pos], ++ ECRYPTFS_AES_BLOCK_SIZE, ++ &decrypted_passphrase[decrypted_passphrase_pos], ++ ECRYPTFS_AES_BLOCK_SIZE))) { ++ syslog(LOG_ERR, "Error attempting to encrypt block; " ++ "gcry_error = [%d]\n", gcry_err); ++ rc = -EIO; ++ gcry_cipher_close(gcry_handle); ++ goto out; ++ } ++ encrypted_passphrase_pos += ECRYPTFS_AES_BLOCK_SIZE; ++ decrypted_passphrase_pos += ECRYPTFS_AES_BLOCK_SIZE; ++ decrypted_passphrase_bytes -= ECRYPTFS_AES_BLOCK_SIZE; ++ } ++ gcry_cipher_close(gcry_handle); +#endif /* #ifdef ENABLE_NSS */ - unlink(filename); - if ((fd = open(filename, (O_WRONLY | O_CREAT | O_EXCL), - (S_IRUSR | S_IWUSR))) == -1) { -@@ -439,6 +485,7 @@ + rc = write_v2_wrapped_passphrase_file(filename, wrapping_salt, + wrapping_auth_tok_sig, + encrypted_passphrase, +@@ -852,6 +898,7 @@ int ecryptfs_unwrap_passphrase(char *decrypted_passphrase, char *filename, char encrypted_passphrase[ECRYPTFS_MAX_PASSPHRASE_BYTES + 1]; int encrypted_passphrase_pos = 0; int decrypted_passphrase_pos = 0; @@ -159,64 +103,134 @@ Index: ecryptfs-utils-93/src/libecryptfs/key_management.c int tmp1_outlen = 0; int tmp2_outlen = 0; SECStatus err; -@@ -447,6 +494,10 @@ +@@ -860,6 +907,10 @@ int ecryptfs_unwrap_passphrase(char *decrypted_passphrase, char *filename, PK11SlotInfo *slot = NULL; PK11Context *enc_ctx = NULL; SECItem *sec_param = NULL; +#else -+ gcry_cipher_hd_t gcry_handle; -+ gcry_error_t gcry_err; ++ gcry_cipher_hd_t gcry_handle; ++ gcry_error_t gcry_err; +#endif /* #ifdef ENABLE_NSS */ + uint8_t version = 0; int encrypted_passphrase_bytes; - int fd; - ssize_t size; -@@ -493,6 +544,7 @@ + int rc; +@@ -923,6 +974,7 @@ int ecryptfs_unwrap_passphrase(char *decrypted_passphrase, char *filename, + rc = -EIO; goto out; } - encrypted_passphrase_bytes = size; +#ifdef ENABLE_NSS NSS_NoDB_Init(NULL); slot = PK11_GetBestSlot(CKM_AES_ECB, NULL); key_item.data = (unsigned char *)wrapping_key; -@@ -552,6 +604,41 @@ +@@ -982,6 +1034,41 @@ nss_finish: rc = - EIO; goto out; } +#else -+ if ((gcry_err = gcry_cipher_open(&gcry_handle, GCRY_CIPHER_AES, -+ GCRY_CIPHER_MODE_ECB, 0))) { -+ syslog(LOG_ERR, "Error attempting to initialize AES cipher; " -+ "gcry_error_t = [%d]\n", gcry_err); -+ rc = -EIO; -+ goto out; -+ } -+ if ((gcry_err = gcry_cipher_setkey(gcry_handle, wrapping_key, -+ ECRYPTFS_AES_KEY_BYTES))) { -+ syslog(LOG_ERR, "Error attempting to set AES key; " -+ "gcry_error_t = [%d]\n", gcry_err); -+ rc = -EIO; -+ gcry_cipher_close(gcry_handle); -+ goto out; -+ } -+ memset(decrypted_passphrase, 0, ECRYPTFS_MAX_PASSPHRASE_BYTES + 1); -+ while (encrypted_passphrase_bytes > 0) { -+ if ((gcry_err = gcry_cipher_decrypt( -+ gcry_handle, -+ &decrypted_passphrase[encrypted_passphrase_pos], -+ ECRYPTFS_AES_BLOCK_SIZE, -+ &encrypted_passphrase[decrypted_passphrase_pos], -+ ECRYPTFS_AES_BLOCK_SIZE))) { -+ syslog(LOG_ERR, "Error attempting to decrypt block; " -+ "gcry_error = [%d]\n", gcry_err); -+ rc = -EIO; -+ gcry_cipher_close(gcry_handle); -+ goto out; -+ } -+ encrypted_passphrase_pos += ECRYPTFS_AES_BLOCK_SIZE; -+ decrypted_passphrase_pos += ECRYPTFS_AES_BLOCK_SIZE; -+ encrypted_passphrase_bytes -= ECRYPTFS_AES_BLOCK_SIZE; -+ } ++ if ((gcry_err = gcry_cipher_open(&gcry_handle, GCRY_CIPHER_AES, ++ GCRY_CIPHER_MODE_ECB, 0))) { ++ syslog(LOG_ERR, "Error attempting to initialize AES cipher; " ++ "gcry_error_t = [%d]\n", gcry_err); ++ rc = -EIO; ++ goto out; ++ } ++ if ((gcry_err = gcry_cipher_setkey(gcry_handle, wrapping_key, ++ ECRYPTFS_AES_KEY_BYTES))) { ++ syslog(LOG_ERR, "Error attempting to set AES key; " ++ "gcry_error_t = [%d]\n", gcry_err); ++ rc = -EIO; ++ gcry_cipher_close(gcry_handle); ++ goto out; ++ } ++ memset(decrypted_passphrase, 0, ECRYPTFS_MAX_PASSPHRASE_BYTES + 1); ++ while (encrypted_passphrase_bytes > 0) { ++ if ((gcry_err = gcry_cipher_decrypt( ++ gcry_handle, ++ &decrypted_passphrase[encrypted_passphrase_pos], ++ ECRYPTFS_AES_BLOCK_SIZE, ++ &encrypted_passphrase[decrypted_passphrase_pos], ++ ECRYPTFS_AES_BLOCK_SIZE))) { ++ syslog(LOG_ERR, "Error attempting to decrypt block; " ++ "gcry_error = [%d]\n", gcry_err); ++ rc = -EIO; ++ gcry_cipher_close(gcry_handle); ++ goto out; ++ } ++ encrypted_passphrase_pos += ECRYPTFS_AES_BLOCK_SIZE; ++ decrypted_passphrase_pos += ECRYPTFS_AES_BLOCK_SIZE; ++ encrypted_passphrase_bytes -= ECRYPTFS_AES_BLOCK_SIZE; ++ } +#endif /* #ifdef ENABLE_NSS */ out: return rc; } +diff --git a/src/libecryptfs/main.c b/src/libecryptfs/main.c +index 98bdc54..800c851 100644 +--- a/src/libecryptfs/main.c ++++ b/src/libecryptfs/main.c +@@ -20,8 +20,12 @@ + */ + + #include <errno.h> ++#ifdef ENABLE_NSS + #include <nss.h> + #include <pk11func.h> ++#else ++#include <gcrypt.h> ++#endif /* #ifdef ENABLE_NSS */ + #include <mntent.h> + #ifndef S_SPLINT_S + #include <stdio.h> +@@ -73,7 +77,16 @@ void from_hex(char *dst, char *src, int dst_size) + + int do_hash(char *src, int src_size, char *dst, int algo) + { ++#ifdef ENABLE_NSS + SECStatus err; ++#else ++ gcry_md_hd_t hd; ++ gcry_error_t err = 0; ++ unsigned char * hash; ++ unsigned int mdlen; ++#endif /* #ifdef ENABLE_NSS */ ++ ++#ifdef ENABLE_NSS + + NSS_NoDB_Init(NULL); + err = PK11_HashBuf(algo, (unsigned char *)dst, (unsigned char *)src, +@@ -85,6 +98,19 @@ int do_hash(char *src, int src_size, char *dst, int algo) + err = -EINVAL; + goto out; + } ++#else ++ err = gcry_md_open(&hd, algo, 0); ++ mdlen = gcry_md_get_algo_dlen(algo); ++ if (err) { ++ syslog(LOG_ERR, "Failed to open hash algo [%d]: " ++ "[%d]\n", algo, err); ++ goto out; ++ } ++ gcry_md_write(hd, src, src_size); ++ hash = gcry_md_read(hd, algo); ++ memcpy(dst, hash, mdlen); ++ gcry_md_close(hd); ++#endif /* #ifdef ENABLE_NSS */ + out: + return (int)err; + } +@@ -217,7 +243,12 @@ generate_passphrase_sig(char *passphrase_sig, char *fekek, + char salt_and_passphrase[ECRYPTFS_MAX_PASSPHRASE_BYTES + + ECRYPTFS_SALT_SIZE]; + int passphrase_size; ++#ifdef ENABLE_NSS + int alg = SEC_OID_SHA512; ++#else ++ int alg = GCRY_MD_SHA512; ++#endif /* #ifdef ENABLE_NSS */ ++ + int dig_len = SHA512_DIGEST_LENGTH; + char buf[SHA512_DIGEST_LENGTH]; + int hash_iterations = ECRYPTFS_DEFAULT_NUM_HASH_ITERATIONS; +-- +1.8.4.2 + |