Hello community,
here is the log from the commit of package hashalot for openSUSE:Factory checked in at 2012-12-28 15:00:49
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/hashalot (Old)
and /work/SRC/openSUSE:Factory/.hashalot.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "hashalot", Maintainer is ""
Changes:
--------
New Changes file:
--- /dev/null 2012-12-21 01:49:00.356010756 +0100
+++ /work/SRC/openSUSE:Factory/.hashalot.new/hashalot.changes 2012-12-28 15:00:51.000000000 +0100
@@ -0,0 +1,6 @@
+-------------------------------------------------------------------
+Wed Dec 12 16:26:48 UTC 2012 - lnussel@suse.de
+
+- new package split off from cryptsetup
+ * moved to /usr
+
New:
----
bug-476290_hashalot-hashlen.diff
hashalot-0.3.tar.gz
hashalot-ctrl-d.diff
hashalot-fixes.diff
hashalot-glibc210.diff
hashalot-libgcrypt.diff
hashalot-manpage.diff
hashalot-timeout.diff
hashalot.changes
hashalot.spec
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ hashalot.spec ++++++
#
# spec file for package hashalot
#
# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
Name: hashalot
Url: http://www.paranoiacs.org/~sluskyb/hacks/hashalot/
Version: 0.3
Release: 0
Summary: Read a passphrase and print a hash
License: GPL-2.0+
Group: System/Base
Source: http://www.paranoiacs.org/~sluskyb/hacks/hashalot/hashalot-%{version}.tar.gz
Patch10: hashalot-fixes.diff
Patch11: hashalot-libgcrypt.diff
Patch12: hashalot-ctrl-d.diff
Patch13: hashalot-timeout.diff
Patch14: hashalot-manpage.diff
Patch15: bug-476290_hashalot-hashlen.diff
Patch16: hashalot-glibc210.diff
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Provides: cryptsetup:/sbin/hashalot
BuildRequires: autoconf automake
BuildRequires: libgcrypt-devel
%description
hashalot is a small tool that reads a passphrase from standard
input, hashes it using the given hash type, and prints the result
to standard output. Used by legacy encrypted volumes.
Supported hashes:
* rmd160
* sha256
* sha384
* sha512
%prep
%setup -q
%patch10 -p1
%patch11 -p1
%patch12 -p1
%patch13 -p1
%patch14 -p1
%patch15 -p1
%patch16 -p1
%build
autoreconf -f -i
%{?suse_update_config:%{suse_update_config}}
%configure
make %{?_smp_mflags}
%install
make install DESTDIR=$RPM_BUILD_ROOT
# remove unwanted symlinks
rm -f $RPM_BUILD_ROOT%{_sbindir}/{rmd160,sha256,sha384,sha512}
%files
%defattr(-,root,root)
%{_sbindir}/hashalot
%{_mandir}/man1/hashalot.1*
%changelog
++++++ bug-476290_hashalot-hashlen.diff ++++++
Index: hashalot-0.3/hashalot.c
===================================================================
--- hashalot-0.3.orig/hashalot.c
+++ hashalot-0.3/hashalot.c
@@ -34,6 +34,7 @@
#include "sha512.h"
#define PASSWDBUFFLEN 130
+#define MAXHASHLEN (ULONG_MAX/2 - 2)
typedef int (*phash_func_t)(char dest[], size_t dest_len, const char src[], size_t src_len);
@@ -182,8 +183,7 @@ static void *
xmalloc (size_t size) {
void *p;
- if (size == 0)
- return NULL;
+ assert(size != 0);
p = malloc(size);
if (p == NULL) {
@@ -242,6 +242,12 @@ main(int argc, char *argv[])
show_usage(argv[0]);
exit(EXIT_FAILURE);
}
+ if (hashlen >= MAXHASHLEN) {
+ fprintf(stderr,
+ "please supply a value smaller than %lu for the -n option\n",
+ MAXHASHLEN);
+ exit(EXIT_FAILURE);
+ }
break;
case 's':
salt = optarg;
++++++ hashalot-ctrl-d.diff ++++++
exit unsuccessfully on empty passphrase if input is a tty
allows user to press ctrl-d to abort
Signed-off-by: Ludwig Nussel
Index: hashalot-0.3/hashalot.c
===================================================================
--- hashalot-0.3.orig/hashalot.c
+++ hashalot-0.3/hashalot.c
@@ -135,10 +135,14 @@ phash_lookup(const char phash_name[], si
static char *
xgetpass(const char *prompt)
{
- if (isatty(STDIN_FILENO)) /* terminal */
- return getpass(prompt); /* FIXME getpass(3) obsolete */
- else { /* file descriptor */
- char *pass = NULL;
+ char *pass = NULL;
+ if (isatty(STDIN_FILENO)) { /* terminal */
+ pass = getpass(prompt); /* FIXME getpass(3) obsolete */
+ if(!pass || !*pass) {
+ exit(EXIT_FAILURE);
+ }
+ return pass;
+ } else { /* file descriptor */
int buflen, i;
buflen=0;
++++++ hashalot-fixes.diff ++++++
- print help text to stdout so it can be read via pager
- use proper length in phash_rmd160()
Signed-off-by: Ludwig Nussel
Index: hashalot-0.3/hashalot.c
===================================================================
--- hashalot-0.3/hashalot.c.orig
+++ hashalot-0.3/hashalot.c
@@ -42,7 +42,7 @@ phash_rmd160(char dest[], size_t dest_le
tmp[PASSWDBUFFLEN - 1] = '\0';
rmd160_hash_buffer(key, src, src_len);
- rmd160_hash_buffer(key + RMD160_HASH_SIZE, tmp, src_len + 1 /* dangerous! */);
+ rmd160_hash_buffer(key + RMD160_HASH_SIZE, tmp, strlen(tmp));
memcpy(dest, key, dest_len);
@@ -95,7 +95,7 @@ show_usage(const char argv0[])
{
struct func_table_t *p = func_table;
- fprintf (stderr,
+ fprintf (stdout,
"usage:\n"
" hashalot [ -x ] [ -s SALT ] [ -n _#bytes_ ] HASHTYPE\n"
" or\n"
@@ -106,7 +106,8 @@ show_usage(const char argv0[])
for (; p->name; ++p)
fprintf (stderr, "%s ", p->name);
- fprintf (stderr, "\n");
+
+ fprintf (stdout, "\n");
return 1;
}
++++++ hashalot-glibc210.diff ++++++
Index: hashalot-0.3/hashalot.c
===================================================================
--- hashalot-0.3.orig/hashalot.c
+++ hashalot-0.3/hashalot.c
@@ -22,6 +22,7 @@
#include
#include
#include
+#include
#include
#include
Index: hashalot-0.3/Makefile.am
===================================================================
--- hashalot-0.3.orig/Makefile.am
+++ hashalot-0.3/Makefile.am
@@ -4,7 +4,7 @@ sbin_PROGRAMS = hashalot
man_MANS = hashalot.1
hashalot_CFLAGS = $(LIBGCRYPT_CFLAGS)
-hashalot_LDFLAGS = $(LIBGCRYPT_LIBS)
+hashalot_LDADD = $(LIBGCRYPT_LIBS)
hashalot_SOURCES = hashalot.c rmd160.c rmd160.h sha512.c sha512.h
++++++ hashalot-libgcrypt.diff ++++++
add support for -C (itercountk) option of loop-AES if libgcrypt is available
Signed-off-by: Ludwig Nussel
Index: hashalot-0.3/Makefile.am
===================================================================
--- hashalot-0.3/Makefile.am.orig
+++ hashalot-0.3/Makefile.am
@@ -3,6 +3,9 @@ sbin_PROGRAMS = hashalot
man_MANS = hashalot.1
+hashalot_CFLAGS = $(LIBGCRYPT_CFLAGS)
+hashalot_LDFLAGS = $(LIBGCRYPT_LIBS)
+
hashalot_SOURCES = hashalot.c rmd160.c rmd160.h sha512.c sha512.h
install-exec-hook:
Index: hashalot-0.3/configure.ac
===================================================================
--- hashalot-0.3/configure.ac.orig
+++ hashalot-0.3/configure.ac
@@ -8,5 +8,6 @@ AC_PROG_LN_S
AC_HEADER_STDC
AC_CHECK_HEADERS(libgen.h stdio.h stdlib.h string.h unistd.h assert.h sys/types.h sys/mman.h endian.h , , [ AC_MSG_ERROR(required header not found)])
AC_CHECK_FUNCS(getopt snprintf , , [ AC_MSG_ERROR(required function not found)])
+AM_PATH_LIBGCRYPT(,[AC_DEFINE([HAVE_LIBGCRYPT], 1)])
AC_OUTPUT(Makefile)
Index: hashalot-0.3/hashalot.c
===================================================================
--- hashalot-0.3/hashalot.c.orig
+++ hashalot-0.3/hashalot.c
@@ -25,6 +25,10 @@
#include
#include
+#if HAVE_LIBGCRYPT
+#include
+#endif
+
#include "rmd160.h"
#include "sha512.h"
@@ -97,9 +101,9 @@ show_usage(const char argv0[])
fprintf (stdout,
"usage:\n"
- " hashalot [ -x ] [ -s SALT ] [ -n _#bytes_ ] HASHTYPE\n"
+ " hashalot [ -x ] [ -s SALT ] [ -n _#bytes_ ] [ -C itercountk ] HASHTYPE\n"
" or\n"
- " HASHTYPE [ -x ] [ -s SALT ] [ -n _#bytes_ ]\n"
+ " HASHTYPE [ -x ] [ -s SALT ] [ -n _#bytes_ ] [ -C itercountk ]\n"
"\n"
"supported values for HASHTYPE: ");
@@ -214,8 +218,9 @@ main(int argc, char *argv[])
size_t hashlen = 0;
phash_func_t func;
int hex_output = 0, c;
+ unsigned long itercountk = 0;
- while ((c = getopt(argc, argv, "n:s:x")) != -1) {
+ while ((c = getopt(argc, argv, "n:s:xC:")) != -1) {
switch (c) {
case 'n':
hashlen = strtoul(optarg, &p, 0);
@@ -233,6 +238,9 @@ main(int argc, char *argv[])
case 'x':
hex_output++;
break;
+ case 'C':
+ itercountk = atoi(optarg);
+ break;
default:
show_usage(argv[0]);
exit(EXIT_FAILURE);
@@ -257,6 +265,8 @@ main(int argc, char *argv[])
* plus a newline, plus a null */
passhash = xmalloc(2*hashlen + 2);
+ memset(passhash, 0, 2*hashlen+2);
+
/* try to lock memory so it doesn't get swapped out for sure */
if (mlockall(MCL_CURRENT | MCL_FUTURE) == -1) {
perror("mlockall");
@@ -268,6 +278,69 @@ main(int argc, char *argv[])
if (salt)
pass = salt_passphrase(pass, salt);
hashlen = func(passhash, hashlen, pass, strlen(pass));
+
+ if(itercountk) /* from loop-AES */
+ {
+#if HAVE_LIBGCRYPT
+ gcry_cipher_hd_t ctx;
+ gcry_error_t err;
+ char tmp[32];
+ char out[32];
+
+ if(hashlen > 32) {
+ fprintf(stderr, "WARNING: hashlen truncated to 32\n");
+ hashlen = 32;
+ }
+
+ if(!gcry_check_version("1.1.0")) {
+ fprintf(stderr, "libgcrypt initialization failed\n");
+ exit(EXIT_FAILURE);
+ }
+
+ memset(out, 0, sizeof(out));
+ memcpy(out, passhash, hashlen);
+
+ err = gcry_cipher_open(&ctx, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_CBC, 0);
+ if(err)
+ {
+ fprintf(stderr, "can't initialize AES: %s\n", gcry_strerror (err));
+ exit(EXIT_FAILURE);
+ }
+
+ /*
+ * Set up AES-256 encryption key using same password and hash function
+ * as before but with password bit 0 flipped before hashing. That key
+ * is then used to encrypt actual loop key 'itercountk' thousand times.
+ */
+ pass[0] ^= 1;
+ func(&tmp[0], 32, pass, strlen(pass));
+ gcry_cipher_setkey(ctx, &tmp[0], 32);
+ itercountk *= 1000;
+ while(itercountk > 0) {
+ gcry_cipher_reset(ctx);
+ gcry_cipher_setiv(ctx, NULL, 0);
+ /* encrypt both 128bit blocks with AES-256 */
+ gcry_cipher_encrypt(ctx, &out[ 0], 16, &out[ 0], 16);
+ gcry_cipher_reset(ctx);
+ gcry_cipher_setiv(ctx, NULL, 0);
+ gcry_cipher_encrypt(ctx, &out[16], 16, &out[16], 16);
+ /* exchange upper half of first block with lower half of second block */
+ memcpy(&tmp[0], &out[8], 8);
+ memcpy(&out[8], &out[16], 8);
+ memcpy(&out[16], &tmp[0], 8);
+ itercountk--;
+ }
+ memset(&tmp[0], 0, sizeof(tmp));
+
+ memcpy(passhash, out, hashlen);
+
+ gcry_cipher_close(ctx);
+#else
+ fprintf(stderr, "libgcrypt support is required for option -C\n");
+ exit(EXIT_FAILURE);
+#endif
+
+ }
memset (pass, 0, strlen (pass)); /* paranoia */
free(pass);
++++++ hashalot-manpage.diff ++++++
document -C and -t options in manpage
Signed-off-by: Ludwig Nussel
Index: hashalot-0.3/hashalot.1
===================================================================
--- hashalot-0.3/hashalot.1.orig
+++ hashalot-0.3/hashalot.1
@@ -2,9 +2,9 @@
.SH NAME
hashalot \- read a passphrase and print a hash
.SH SYNOPSIS
-.B hashalot [ \-s SALT ] [ \-x ] [ \-n #BYTES ] HASHTYPE
+.B hashalot [ \-t secs ] [ \-s SALT ] [ \-x ] [ \-n #BYTES ] [ \-C itercountk ] HASHTYPE
.br
-.B HASHTYPE [ \-s SALT ] [ \-x ] [ \-n #BYTES ]
+.B HASHTYPE [ \-t secs ] [ \-s SALT ] [ \-x ] [ \-n #BYTES ] [ \-C itercountk ]
.SH DESCRIPTION
.PP
\fIhashalot\fP is a small tool that reads a passphrase from standard
@@ -36,6 +36,18 @@ option can be used to limit (or increase
default is as appropriate for the specified hash algorithm: 20 bytes for
RIPEMD160, 32 bytes for SHA256, etc. The default for the "rmd160compat"
hash is 16 bytes, for compatibility with the old kerneli.org utilities.
+.PP
+The
+.B \-t
+option specifies a timeout for reading the passphrase from the terminal.
+.PP
+The
+.B \-C
+option specifies that the hashed password has to be encrypted
+itercountk thousand times using AES-256. Use for compatability with
+loop-AES.
+.PP
+The options \-t and \-C are currently SUSE specific
.SH AUTHOR
Ben Slusky
.PP
++++++ hashalot-timeout.diff ++++++
add timeout option -t
Signed-off-by: Ludwig Nussel
Index: hashalot-0.3/hashalot.c
===================================================================
--- hashalot-0.3.orig/hashalot.c
+++ hashalot-0.3/hashalot.c
@@ -21,6 +21,7 @@
#include
#include
#include
+#include
#include
#include
@@ -36,6 +37,12 @@
typedef int (*phash_func_t)(char dest[], size_t dest_len, const char src[], size_t src_len);
+static int got_timeout;
+void alrm_handler(int num)
+{
+ got_timeout = 1;
+}
+
static int
phash_rmd160(char dest[], size_t dest_len, const char src[], size_t src_len)
{
@@ -101,9 +108,9 @@ show_usage(const char argv0[])
fprintf (stdout,
"usage:\n"
- " hashalot [ -x ] [ -s SALT ] [ -n _#bytes_ ] [ -C itercountk ] HASHTYPE\n"
+ " hashalot [ -t secs ] [ -x ] [ -s SALT ] [ -n _#bytes_ ] [ -C itercountk ] HASHTYPE\n"
" or\n"
- " HASHTYPE [ -x ] [ -s SALT ] [ -n _#bytes_ ] [ -C itercountk ]\n"
+ " HASHTYPE [ -t secs ] [ -x ] [ -s SALT ] [ -n _#bytes_ ] [ -C itercountk ]\n"
"\n"
"supported values for HASHTYPE: ");
@@ -222,8 +229,9 @@ main(int argc, char *argv[])
phash_func_t func;
int hex_output = 0, c;
unsigned long itercountk = 0;
+ unsigned timeout = 0;
- while ((c = getopt(argc, argv, "n:s:xC:")) != -1) {
+ while ((c = getopt(argc, argv, "n:s:xC:t:")) != -1) {
switch (c) {
case 'n':
hashlen = strtoul(optarg, &p, 0);
@@ -238,6 +246,9 @@ main(int argc, char *argv[])
case 's':
salt = optarg;
break;
+ case 't':
+ timeout = atoi(optarg);
+ break;
case 'x':
hex_output++;
break;
@@ -276,8 +287,24 @@ main(int argc, char *argv[])
fputs("Warning: couldn't lock memory, are you root?\n", stderr);
}
+ if(timeout) {
+ struct sigaction sa;
+ sa.sa_handler = alrm_handler;
+ sigemptyset (&sa.sa_mask);
+ sa.sa_flags = 0;
+ sigaction(SIGALRM, &sa, NULL);
+ alarm(timeout);
+ }
+
/* here we acquire the precious passphrase... */
pass = xgetpass("Enter passphrase: ");
+ if(got_timeout) {
+ exit(EXIT_FAILURE);
+ }
+ if(timeout) {
+ alarm(0);
+ }
+
if (salt)
pass = salt_passphrase(pass, salt);
hashlen = func(passhash, hashlen, pass, strlen(pass));
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org