From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 777DBC433F5 for ; Thu, 28 Oct 2021 07:17:05 +0000 (UTC) Received: from mail.server123.net (mail.server123.net [78.46.64.186]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 0194560524 for ; Thu, 28 Oct 2021 07:17:04 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 0194560524 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=saout.de X-Virus-Scanned: amavisd-new at saout.de Authentication-Results: mail.server123.net (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=2a00:1450:4864:20::431; helo=mail-wr1-x431.google.com; envelope-from=gmazyland@gmail.com; receiver= Received: from mail-wr1-x431.google.com (mail-wr1-x431.google.com [IPv6:2a00:1450:4864:20::431]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mail.server123.net (Postfix) with ESMTPS for ; Thu, 28 Oct 2021 09:14:13 +0200 (CEST) Received: by mail-wr1-x431.google.com with SMTP id p14so8328249wrd.10 for ; Thu, 28 Oct 2021 00:14:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=message-id:date:mime-version:user-agent:subject:content-language:to :cc:references:from:in-reply-to:content-transfer-encoding; bh=/5WzTlN5Ri2gqMFZleFNp5gZamGRivOZgm/zKFN3FXk=; b=GBu82y0ErhNSKILL7Lzje821a3t0ibcIN+kWUSd3KKb0r5vqLeAetTSm77PPDQVOVv NPuMAjSE8nknkaPNOtZhBY2wQJ5fHMyV0AcvXkBK7zUYOAOECsFsmtfID3QjD4SH68f0 V7WzYB05Bqm6QVQxN/TOri3OVPTasgbVd+vuIVWlU8s1TNYOiKPmklWs7ipkduDTaGc1 nzjtkhbS9Fa0JLNHHxHjvVJeKpsoXE+fu+kKiDyg+UtupqhO6KaliLtXwc7ULkVFe7mg vUaU1aY0CJoBEojjFFFa9qAaAmzVfJQ2xAYI+kR8YbvrbElKisjLey/Kovh31hSoH0gL KprQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:message-id:date:mime-version:user-agent:subject :content-language:to:cc:references:from:in-reply-to :content-transfer-encoding; bh=/5WzTlN5Ri2gqMFZleFNp5gZamGRivOZgm/zKFN3FXk=; b=3pCVvLeI3VWeCQZguVYo6SSQp9pSb6r3yB6D2ERtGYQUAep/jeAx4iC2Tn9pBVKs6D 5Jau0XMwlfj7565L/aoHALYUFRwGYfWGO/h6XBk7Yhi0GGBGJKKTLllc2iHtbNJlHxbE Cwv0VhotWS8W+iQtVBELb0j2gsZpSmQsXuLrlIYHPgIzyzqXyc9H1GJF3aQkpxe6tykQ MH6BFcxSI/ZGyvJ3AvKHStUHPA+UeotWZWUpar0AqiOOAV+f9ck7sC9qMwnxbtl5U3Pi /lfc+TLE8nIopgjwz4DgUpwfknTwj0qqpOXLKPFsAqrgOan3nnTBb26EcFlkwmx07hzL TdhA== X-Gm-Message-State: AOAM531XOHtFDrcF/7dZP5a49ocrQES9y81V9+kw9QQ3DTmhIgNth+1p 3Im3229MHTm/Pk1UNbRfLD/FPIcmGgg= X-Google-Smtp-Source: ABdhPJy/krI44SAoED4Td24LxKCONdouywd/zTnPgUckFvbwrc3B4Y5dxuc5yBmsi01Pk3mUDv1nwA== X-Received: by 2002:a05:6000:1b09:: with SMTP id f9mr3385060wrz.412.1635405252618; Thu, 28 Oct 2021 00:14:12 -0700 (PDT) Received: from [192.168.2.27] (113.151.broadband3.iol.cz. [85.70.151.113]) by smtp.gmail.com with ESMTPSA id u13sm2216439wri.50.2021.10.28.00.14.11 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 28 Oct 2021 00:14:11 -0700 (PDT) Message-ID: <08f502bf-d41a-6b6a-36f7-60b4bddc1497@gmail.com> Date: Thu, 28 Oct 2021 09:14:10 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.2.1 Content-Language: en-US To: Phil Sutter References: <20211027232933.7445-1-phil@nwl.cc> From: Milan Broz In-Reply-To: <20211027232933.7445-1-phil@nwl.cc> Message-ID-Hash: 44XBUGJTSZVN7DANKKAVLDRY5KBEIN6N X-Message-ID-Hash: 44XBUGJTSZVN7DANKKAVLDRY5KBEIN6N X-MailFrom: gmazyland@gmail.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dm-crypt.saout.de-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header CC: dm-crypt@saout.de X-Mailman-Version: 3.3.2 Precedence: list Subject: [dm-crypt] Re: [cryptsetup PATCH] Make BitLocker support optional List-Id: List-Help: List-Post: List-Subscribe: List-Unsubscribe: Content-Type: text/plain; charset="us-ascii"; format="flowed" Content-Transfer-Encoding: 7bit Hi, Support for all formats is mandatory (the pain to support various kernel configuration is already enough), so sorry, but I will not accept this patch. Also you cannot disable commands on CLI this way, it breaks user interface. (Command can fail, but must not dissappear.) What issues this solves have here? Why you cannot link it? We use only some specific functions so the solution can be just to implement this internally. Milan On 28/10/2021 01:29, Phil Sutter wrote: > The mandatory dependency on libiconv introduced by it makes it feasible > to support optional compilation. > > Signed-off-by: Phil Sutter > --- > configure.ac | 12 ++++++++++++ > lib/Makemodule.am | 6 +++++- > lib/bitlk/bitlk.h | 39 +++++++++++++++++++++++++++++++++++++++ > lib/setup.c | 6 ++++++ > src/cryptsetup.c | 14 ++++++++++++-- > 5 files changed, 74 insertions(+), 3 deletions(-) > > diff --git a/configure.ac b/configure.ac > index 0805bd20d88b8..8e677be810768 100644 > --- a/configure.ac > +++ b/configure.ac > @@ -140,6 +140,18 @@ if test "x$enable_ssh_token" = "xyes" -a "x$enable_external_tokens" = "xno"; the > AC_MSG_ERROR([Requested LUKS2 ssh-token build, but external tokens are disabled.]) > fi > > +dnl ========================================================================== > +dnl BitLocker support > + > +AC_ARG_ENABLE([bitlk], > + AS_HELP_STRING([--disable-bitlk], [disable BitLocker support]), > + [], [enable_bitlk=yes]) > +AM_CONDITIONAL(BITLK, test "x$enable_bitlk" = "xyes") > + > +if test "x$enable_bitlk" = "xyes"; then > + AC_DEFINE(ENABLE_BITLK, 1, [Build BitLocker support]) > +fi > + > dnl ========================================================================== > > AM_GNU_GETTEXT([external],[need-ngettext]) > diff --git a/lib/Makemodule.am b/lib/Makemodule.am > index 5b12eae84b594..ed25cce3fd2fd 100644 > --- a/lib/Makemodule.am > +++ b/lib/Makemodule.am > @@ -107,5 +107,9 @@ libcryptsetup_la_SOURCES = \ > lib/luks2/luks2.h \ > lib/utils_blkid.c \ > lib/utils_blkid.h \ > - lib/bitlk/bitlk.h \ > + lib/bitlk/bitlk.h > + > +if BITLK > +libcryptsetup_la_SOURCES += \ > lib/bitlk/bitlk.c > +endif > diff --git a/lib/bitlk/bitlk.h b/lib/bitlk/bitlk.h > index 57ba92e3833bf..518f97fe1a2b4 100644 > --- a/lib/bitlk/bitlk.h > +++ b/lib/bitlk/bitlk.h > @@ -114,6 +114,8 @@ struct bitlk_metadata { > struct bitlk_fvek *fvek; > }; > > +#ifdef ENABLE_BITLK > + > int BITLK_read_sb(struct crypt_device *cd, struct bitlk_metadata *params); > > int BITLK_dump(struct crypt_device *cd, struct device *device, struct bitlk_metadata *params); > @@ -142,4 +144,41 @@ void BITLK_bitlk_fvek_free(struct bitlk_fvek *fvek); > void BITLK_bitlk_vmk_free(struct bitlk_vmk *vmk); > void BITLK_bitlk_metadata_free(struct bitlk_metadata *params); > > +#else > + > +static inline int > +BITLK_read_sb(struct crypt_device *cd, struct bitlk_metadata *params) { return -ENOTSUP; } > + > +static inline int > +BITLK_dump(struct crypt_device *cd, struct device *device, struct bitlk_metadata *params) { return -ENOTSUP; } > + > +static inline int > +BITLK_get_volume_key(struct crypt_device *cd, > + const char *password, > + size_t passwordLen, > + const struct bitlk_metadata *params, > + struct volume_key **open_fvek_key) { return -ENOTSUP; } > + > +static inline int > +BITLK_activate_by_passphrase(struct crypt_device *cd, > + const char *name, > + const char *password, > + size_t passwordLen, > + const struct bitlk_metadata *params, > + uint32_t flags) { return -ENOTSUP; } > + > +static inline int > +BITLK_activate_by_volume_key(struct crypt_device *cd, > + const char *name, > + const char *volume_key, > + size_t volume_key_size, > + const struct bitlk_metadata *params, > + uint32_t flags) { return -ENOTSUP; } > + > +static inline void BITLK_bitlk_fvek_free(struct bitlk_fvek *fvek) {} > +static inline void BITLK_bitlk_vmk_free(struct bitlk_vmk *vmk) {} > +static inline void BITLK_bitlk_metadata_free(struct bitlk_metadata *params) {} > + > +#endif > + > #endif > diff --git a/lib/setup.c b/lib/setup.c > index a5dfd843743a0..997cecf158026 100644 > --- a/lib/setup.c > +++ b/lib/setup.c > @@ -320,7 +320,11 @@ static int isINTEGRITY(const char *type) > > static int isBITLK(const char *type) > { > +#ifdef ENABLE_BITLK > return (type && !strcmp(CRYPT_BITLK, type)); > +#else > + return 0; > +#endif > } > > static int _onlyLUKS(struct crypt_device *cd, uint32_t cdflags) > @@ -1470,8 +1474,10 @@ int crypt_init_by_name_and_header(struct crypt_device **cd, > (*cd)->type = strdup(CRYPT_TCRYPT); > else if (!strncmp(CRYPT_INTEGRITY, dmd.uuid, sizeof(CRYPT_INTEGRITY)-1)) > (*cd)->type = strdup(CRYPT_INTEGRITY); > +#ifdef ENABLE_BITLK > else if (!strncmp(CRYPT_BITLK, dmd.uuid, sizeof(CRYPT_BITLK)-1)) > (*cd)->type = strdup(CRYPT_BITLK); > +#endif > else > log_dbg(NULL, "Unknown UUID set, some parameters are not set."); > } else > diff --git a/src/cryptsetup.c b/src/cryptsetup.c > index e785dc3be2fd1..d4d2ddaf665ac 100644 > --- a/src/cryptsetup.c > +++ b/src/cryptsetup.c > @@ -517,6 +517,7 @@ out: > return r; > } > > +#ifdef ENABLE_BITLK > static int action_open_bitlk(void) > { > struct crypt_device *cd = NULL; > @@ -576,6 +577,7 @@ out: > crypt_free(cd); > return r; > } > +#endif > > static int tcryptDump_with_volume_key(struct crypt_device *cd) > { > @@ -649,6 +651,7 @@ out: > return r; > } > > +#ifdef ENABLE_BITLK > static int bitlkDump_with_volume_key(struct crypt_device *cd) > { > char *vk = NULL, *password = NULL; > @@ -733,6 +736,7 @@ out: > crypt_free(cd); > return r; > } > +#endif > > static int action_close(void) > { > @@ -2443,10 +2447,12 @@ static int action_open(void) > if (action_argc < 2 && !ARG_SET(OPT_TEST_PASSPHRASE_ID)) > goto out; > return action_open_tcrypt(); > +#ifdef ENABLE_BITLK > } else if (!strcmp(device_type, "bitlk")) { > if (action_argc < 2 && !ARG_SET(OPT_TEST_PASSPHRASE_ID)) > goto out; > return action_open_bitlk(); > +#endif > } else > r = -ENOENT; > out: > @@ -3515,7 +3521,9 @@ static struct action_type { > { ISLUKS_ACTION, action_isLuks, 1, 0, N_(""), N_("tests for LUKS partition header") }, > { LUKSDUMP_ACTION, action_luksDump, 1, 1, N_(""), N_("dump LUKS partition information") }, > { TCRYPTDUMP_ACTION, action_tcryptDump, 1, 1, N_(""), N_("dump TCRYPT device information") }, > +#ifdef ENABLE_BITLK > { BITLKDUMP_ACTION, action_bitlkDump, 1, 1, N_(""), N_("dump BITLK device information") }, > +#endif > { SUSPEND_ACTION, action_luksSuspend, 1, 1, N_(""), N_("Suspend LUKS device and wipe key (all IOs are frozen)") }, > { RESUME_ACTION, action_luksResume, 1, 1, N_(""), N_("Resume suspended LUKS device") }, > { HEADERBACKUP_ACTION, action_luksBackup, 1, 1, N_(""), N_("Backup LUKS device header and keyslots") }, > @@ -3812,13 +3820,15 @@ int main(int argc, const char **argv) > } else if (!strcmp(aname, "tcryptOpen")) { > aname = OPEN_ACTION; > device_type = "tcrypt"; > + } else if (!strcmp(aname, "tcryptDump")) { > + device_type = "tcrypt"; > +#ifdef ENABLE_BITLK > } else if (!strcmp(aname, "bitlkOpen")) { > aname = OPEN_ACTION; > device_type = "bitlk"; > - } else if (!strcmp(aname, "tcryptDump")) { > - device_type = "tcrypt"; > } else if (!strcmp(aname, "bitlkDump")) { > device_type = "bitlk"; > +#endif > } else if (!strcmp(aname, "remove") || > !strcmp(aname, "plainClose") || > !strcmp(aname, "luksClose") || > _______________________________________________ dm-crypt mailing list -- dm-crypt@saout.de To unsubscribe send an email to dm-crypt-leave@saout.de