diff options
Diffstat (limited to 'recipes-support-ivi/ecryptfs-utils')
-rw-r--r-- | recipes-support-ivi/ecryptfs-utils/ecryptfs-utils/ecryptfs-fix-disable-nss.patch | 222 | ||||
-rw-r--r-- | recipes-support-ivi/ecryptfs-utils/ecryptfs-utils_96.bb | 62 |
2 files changed, 253 insertions, 31 deletions
diff --git a/recipes-support-ivi/ecryptfs-utils/ecryptfs-utils/ecryptfs-fix-disable-nss.patch b/recipes-support-ivi/ecryptfs-utils/ecryptfs-utils/ecryptfs-fix-disable-nss.patch new file mode 100644 index 0000000..6105819 --- /dev/null +++ b/recipes-support-ivi/ecryptfs-utils/ecryptfs-utils/ecryptfs-fix-disable-nss.patch @@ -0,0 +1,222 @@ +Index: ecryptfs-utils-93/src/libecryptfs/main.c +=================================================================== +--- ecryptfs-utils-93.orig/src/libecryptfs/main.c 2011-10-27 18:53:07.000000000 +0300 ++++ ecryptfs-utils-93/src/libecryptfs/main.c 2011-12-07 17:23:57.000000000 +0200 +@@ -21,8 +21,12 @@ + + #include "config.h" + #include <errno.h> ++#ifdef ENABLE_NSS + #include <nss.h> + #include <pk11func.h> ++#else ++#include <gcrypt.h> ++#endif /* #ifdef ENABLE_NSS */ + #include <mntent.h> + #ifndef S_SPLINT_S + #include <stdio.h> +@@ -74,7 +78,16 @@ + + int do_hash(char *src, int src_size, char *dst, int algo) + { ++#ifdef ENABLE_NSS + SECStatus err; ++#else ++ gcry_md_hd_t hd; ++ gcry_error_t err = 0; ++ unsigned char * hash; ++ unsigned int mdlen; ++#endif /* #ifdef ENABLE_NSS */ ++ ++#ifdef ENABLE_NSS + + NSS_NoDB_Init(NULL); + err = PK11_HashBuf(algo, (unsigned char *)dst, (unsigned char *)src, +@@ -86,6 +99,19 @@ + err = -EINVAL; + goto out; + } ++#else ++ err = gcry_md_open(&hd, algo, 0); ++ mdlen = gcry_md_get_algo_dlen(algo); ++ if (err) { ++ syslog(LOG_ERR, "Failed to open hash algo [%d]: " ++ "[%d]\n", algo, err); ++ goto out; ++ } ++ gcry_md_write(hd, src, src_size); ++ hash = gcry_md_read(hd, algo); ++ memcpy(dst, hash, mdlen); ++ gcry_md_close(hd); ++#endif /* #ifdef ENABLE_NSS */ + out: + return (int)err; + } +@@ -214,7 +240,11 @@ + char salt_and_passphrase[ECRYPTFS_MAX_PASSPHRASE_BYTES + + ECRYPTFS_SALT_SIZE]; + int passphrase_size; ++#ifdef ENABLE_NSS + int alg = SEC_OID_SHA512; ++#else ++ int alg = GCRY_MD_SHA512; ++#endif /* #ifdef ENABLE_NSS */ + int dig_len = SHA512_DIGEST_LENGTH; + char buf[SHA512_DIGEST_LENGTH]; + int hash_iterations = ECRYPTFS_DEFAULT_NUM_HASH_ITERATIONS; +Index: ecryptfs-utils-93/src/libecryptfs/key_management.c +=================================================================== +--- ecryptfs-utils-93.orig/src/libecryptfs/key_management.c 2011-10-27 18:53:07.000000000 +0300 ++++ ecryptfs-utils-93/src/libecryptfs/key_management.c 2011-12-07 17:38:46.000000000 +0200 +@@ -20,8 +20,12 @@ + + #include "config.h" + #include <errno.h> ++#ifdef ENABLE_NSS + #include <nss.h> + #include <pk11func.h> ++#else ++#include <gcrypt.h> ++#endif /* #ifdef ENABLE_NSS */ + #include <keyutils.h> + #ifndef S_SPLINT_S + #include <stdio.h> +@@ -295,6 +299,7 @@ + ECRYPTFS_AES_BLOCK_SIZE + 1]; + int encrypted_passphrase_pos = 0; + int decrypted_passphrase_pos = 0; ++#ifdef ENABLE_NSS + int tmp1_outlen = 0; + int tmp2_outlen = 0; + SECStatus err; +@@ -303,6 +308,11 @@ + PK11SlotInfo *slot = NULL; + PK11Context *enc_ctx = NULL; + SECItem *sec_param = NULL; ++#else ++#warning Building against gcrypt instead of nss ++ gcry_cipher_hd_t gcry_handle; ++ gcry_error_t gcry_err; ++#endif /* #ifdef ENABLE_NSS */ + int encrypted_passphrase_bytes; + int decrypted_passphrase_bytes; + int fd; +@@ -334,6 +344,7 @@ + - (decrypted_passphrase_bytes + % ECRYPTFS_AES_BLOCK_SIZE)); + encrypted_passphrase_bytes = decrypted_passphrase_bytes; ++#ifdef ENABLE_NSS + NSS_NoDB_Init(NULL); + slot = PK11_GetBestSlot(CKM_AES_ECB, NULL); + key_item.data = (unsigned char *)wrapping_key; +@@ -394,6 +405,41 @@ + rc = - EIO; + goto out; + } ++#else ++ if ((gcry_err = gcry_cipher_open(&gcry_handle, GCRY_CIPHER_AES, ++ GCRY_CIPHER_MODE_ECB, 0))) { ++ syslog(LOG_ERR, "Error attempting to initialize AES cipher; " ++ "gcry_error_t = [%d]\n", gcry_err); ++ rc = -EIO; ++ goto out; ++ } ++ if ((gcry_err = gcry_cipher_setkey(gcry_handle, wrapping_key, ++ ECRYPTFS_AES_KEY_BYTES))) { ++ syslog(LOG_ERR, "Error attempting to set AES key; " ++ "gcry_error_t = [%d]\n", gcry_err); ++ rc = -EIO; ++ gcry_cipher_close(gcry_handle); ++ goto out; ++ } ++ while (decrypted_passphrase_bytes > 0) { ++ if ((gcry_err = gcry_cipher_encrypt( ++ gcry_handle, ++ &encrypted_passphrase[encrypted_passphrase_pos], ++ ECRYPTFS_AES_BLOCK_SIZE, ++ &decrypted_passphrase[decrypted_passphrase_pos], ++ ECRYPTFS_AES_BLOCK_SIZE))) { ++ syslog(LOG_ERR, "Error attempting to encrypt block; " ++ "gcry_error = [%d]\n", gcry_err); ++ rc = -EIO; ++ gcry_cipher_close(gcry_handle); ++ goto out; ++ } ++ encrypted_passphrase_pos += ECRYPTFS_AES_BLOCK_SIZE; ++ decrypted_passphrase_pos += ECRYPTFS_AES_BLOCK_SIZE; ++ decrypted_passphrase_bytes -= ECRYPTFS_AES_BLOCK_SIZE; ++ } ++ gcry_cipher_close(gcry_handle); ++#endif /* #ifdef ENABLE_NSS */ + unlink(filename); + if ((fd = open(filename, (O_WRONLY | O_CREAT | O_EXCL), + (S_IRUSR | S_IWUSR))) == -1) { +@@ -439,6 +485,7 @@ + char encrypted_passphrase[ECRYPTFS_MAX_PASSPHRASE_BYTES + 1]; + int encrypted_passphrase_pos = 0; + int decrypted_passphrase_pos = 0; ++#ifdef ENABLE_NSS + int tmp1_outlen = 0; + int tmp2_outlen = 0; + SECStatus err; +@@ -447,6 +494,10 @@ + PK11SlotInfo *slot = NULL; + PK11Context *enc_ctx = NULL; + SECItem *sec_param = NULL; ++#else ++ gcry_cipher_hd_t gcry_handle; ++ gcry_error_t gcry_err; ++#endif /* #ifdef ENABLE_NSS */ + int encrypted_passphrase_bytes; + int fd; + ssize_t size; +@@ -493,6 +544,7 @@ + goto out; + } + encrypted_passphrase_bytes = size; ++#ifdef ENABLE_NSS + NSS_NoDB_Init(NULL); + slot = PK11_GetBestSlot(CKM_AES_ECB, NULL); + key_item.data = (unsigned char *)wrapping_key; +@@ -552,6 +604,41 @@ + rc = - EIO; + goto out; + } ++#else ++ if ((gcry_err = gcry_cipher_open(&gcry_handle, GCRY_CIPHER_AES, ++ GCRY_CIPHER_MODE_ECB, 0))) { ++ syslog(LOG_ERR, "Error attempting to initialize AES cipher; " ++ "gcry_error_t = [%d]\n", gcry_err); ++ rc = -EIO; ++ goto out; ++ } ++ if ((gcry_err = gcry_cipher_setkey(gcry_handle, wrapping_key, ++ ECRYPTFS_AES_KEY_BYTES))) { ++ syslog(LOG_ERR, "Error attempting to set AES key; " ++ "gcry_error_t = [%d]\n", gcry_err); ++ rc = -EIO; ++ gcry_cipher_close(gcry_handle); ++ goto out; ++ } ++ memset(decrypted_passphrase, 0, ECRYPTFS_MAX_PASSPHRASE_BYTES + 1); ++ while (encrypted_passphrase_bytes > 0) { ++ if ((gcry_err = gcry_cipher_decrypt( ++ gcry_handle, ++ &decrypted_passphrase[encrypted_passphrase_pos], ++ ECRYPTFS_AES_BLOCK_SIZE, ++ &encrypted_passphrase[decrypted_passphrase_pos], ++ ECRYPTFS_AES_BLOCK_SIZE))) { ++ syslog(LOG_ERR, "Error attempting to decrypt block; " ++ "gcry_error = [%d]\n", gcry_err); ++ rc = -EIO; ++ gcry_cipher_close(gcry_handle); ++ goto out; ++ } ++ encrypted_passphrase_pos += ECRYPTFS_AES_BLOCK_SIZE; ++ decrypted_passphrase_pos += ECRYPTFS_AES_BLOCK_SIZE; ++ encrypted_passphrase_bytes -= ECRYPTFS_AES_BLOCK_SIZE; ++ } ++#endif /* #ifdef ENABLE_NSS */ + out: + return rc; + } diff --git a/recipes-support-ivi/ecryptfs-utils/ecryptfs-utils_96.bb b/recipes-support-ivi/ecryptfs-utils/ecryptfs-utils_96.bb index f1e6c07..f08d5cd 100644 --- a/recipes-support-ivi/ecryptfs-utils/ecryptfs-utils_96.bb +++ b/recipes-support-ivi/ecryptfs-utils/ecryptfs-utils_96.bb @@ -1,31 +1,31 @@ -DESCRIPTION = "eCryptfs: A stacked cryptographic filesystem for Linux"
-SECTION = "base"
-LICENSE = "GPLv2"
-DEPENDS = "keyutils libgcrypt libpam"
-
-LICENSE = "GPLv2"
-LIC_FILES_CHKSUM = "file://COPYING;md5=8ca43cbc842c2336e835926c2166c28b"
-
-SRC_URI = "https://launchpad.net/ecryptfs/trunk/96/+download/ecryptfs-utils_96.orig.tar.gz \
- file://ecryptfs-fix-disable-nss.patch \
- "
-SRC_URI[md5sum] = "4f92c9f6e8f62ac00ca7e2c4e480f1d7"
-SRC_URI[sha256sum] = "04c43b6e7a2f6b3644a24bcf718bfde6384e74bb4266c053ac78b9cc852f2c0c"
-
-
-inherit autotools
-
-EXTRA_OECONF += "--disable-nss --disable-pywrap --enable-openssl"
-EXTRA_OEMAKE += "'CFLAGS+= -lgcrypt '"
-
-FILES_${PN} += " \
- ${libdir}/ecryptfs/* \
- ${base_libdir}/security/pam_ecryptfs.so \
- "
-
-FILES_${PN}-dbg += "${libdir}/ecryptfs/.debug \
- ${base_libdir}/security/.debug \
- "
-
-# Skip useless warning as we have /usr and / on the same partition
-WARN_QA = "ldflags useless-rpaths rpaths staticdev"
+DESCRIPTION = "eCryptfs: A stacked cryptographic filesystem for Linux" +SECTION = "base" +LICENSE = "GPLv2" +DEPENDS = "keyutils libgcrypt libpam" + +LICENSE = "GPLv2" +LIC_FILES_CHKSUM = "file://COPYING;md5=8ca43cbc842c2336e835926c2166c28b" + +SRC_URI = "https://launchpad.net/ecryptfs/trunk/96/+download/ecryptfs-utils_96.orig.tar.gz \ + file://ecryptfs-fix-disable-nss.patch \ + " +SRC_URI[md5sum] = "4f92c9f6e8f62ac00ca7e2c4e480f1d7" +SRC_URI[sha256sum] = "04c43b6e7a2f6b3644a24bcf718bfde6384e74bb4266c053ac78b9cc852f2c0c" + + +inherit autotools + +EXTRA_OECONF += "--disable-nss --disable-pywrap --enable-openssl" +EXTRA_OEMAKE += "'CFLAGS+= -lgcrypt '" + +FILES_${PN} += " \ + ${libdir}/ecryptfs/* \ + ${base_libdir}/security/pam_ecryptfs.so \ + " + +FILES_${PN}-dbg += "${libdir}/ecryptfs/.debug \ + ${base_libdir}/security/.debug \ + " + +# Skip useless warning as we have /usr and / on the same partition +WARN_QA = "ldflags useless-rpaths rpaths staticdev" |