[dm-crypt] Building error

[dm-crypt] Building error

[demo demo]

[-- Attachment #1: Type: text/plain, Size: 778 bytes --]

Hi,

My goal is to manage crypted devices using own C program which should
include and use Cryptsetup API.

In order to start I'm first trying to build the example files but I got the
following error:

# make
gcc -O0 -g -Wall -D_GNU_SOURCE   -c -o crypt_luks_usage.o crypt_luks_usage.c
crypt_luks_usage.c: In function ‘format_and_add_keyslots’:
crypt_luks_usage.c:85: error: ‘struct crypt_params_luks1’ has no member
named ‘data_device’
make: *** [crypt_luks_usage.o] Error 1


It's on CentOS 6.2, cryptsetup 1.2.0

# rpm -qa | grep crypt
libgcrypt-1.4.5-9.el6_2.2.i686
cryptsetup-luks-libs-1.2.0-7.el6.i686
cryptsetup-luks-1.2.0-7.el6.i686
cryptsetup-luks-devel-1.2.0-7.el6.i686
libgcrypt-devel-1.4.5-9.el6_2.2.i686

Is something missing?

---
max

[-- Attachment #2: Type: text/html, Size: 3835 bytes --]

Re: [dm-crypt] Building error

[demo demo]

[-- Attachment #1: Type: text/plain, Size: 186 bytes --]

ok, I have commented line 85:

params.data_device = NULL;

to

//params.data_device = NULL;

now if I run make it get compiled without errors.

But, is it right or something get broken?

[-- Attachment #2: Type: text/html, Size: 310 bytes --]

Re: [dm-crypt] Building error

[Milan Broz]

On 08/08/2012 11:10 AM, demo demo wrote:
> Hi,
> 
> My goal is to manage crypted devices using own C program which should include and use Cryptsetup API.
> 
> In order to start I'm first trying to build the example files but I got the following error:
> 
> # make
> gcc -O0 -g -Wall -D_GNU_SOURCE   -c -o crypt_luks_usage.o crypt_luks_usage.c
> crypt_luks_usage.c: In function ‘format_and_add_keyslots’:
> crypt_luks_usage.c:85: error: ‘struct crypt_params_luks1’ has no member named ‘data_device’
> make: *** [crypt_luks_usage.o] Error 1
> 
> 
> It's on CentOS 6.2, cryptsetup 1.2.0

The example is taken from more recent version of cryptsetup source (data_device was introduced later).

Whatever, in this example just comment out this line setting data_device to NULL
and it will work even int RHEL6.

(I will perhaps remove it upstream as well so the basic example compiles even on older versions of library.)

Milan

[dm-crypt] Building error

[demo demo]

[-- Attachment #1: Type: text/plain, Size: 878 bytes --]

> (I will perhaps remove it upstream as well so the basic example compiles
> even on older versions of library.)



Hi, Milan.

At the end, the production box has CentOS 5.7 and all
disk already encrypted with cryptsetup-luks-1.0.3 !

I thought to upgrade it to one of more recent version but it's really
complex due to dependencies incompatibility.

I also found that libcryptsetup.h v 1.0.3 has more differences compared to
libcryptsetup.h used by API example file. So this suggest me that there is
no way to use the example with very old library!

Also I tryied to figure out how to extract and use the old crypt_luksOpen()
function but it's hard form me to follow all the #define present in the
whole cryptsetup package.

So can you provide me an example code that use the ancient crypt_luksOpen()
function and its relates gcc args used to compile it?

ps. sorry for pm msg

[-- Attachment #2: Type: text/html, Size: 1441 bytes --]

Re: [dm-crypt] Building error

[demo demo]

[-- Attachment #1: Type: text/plain, Size: 523 bytes --]

ok. I was able to extract/compile and use the action_luksOpen() function
found in the cryptsetup.c (v1.0.3) source code.

Now I would include/use the passphrase directly in the code like as you do
in the new API example file.
The problem here is that the passphrase is not defined as part of options
that I can use with the function (I looked at the defined function in
lib/setup.c -> __crypt_luks_open() ).

So there is a way to use the passphrase directly within the code without
recompile the entire cryptsetup package?

[-- Attachment #2: Type: text/html, Size: 602 bytes --]

Re: [dm-crypt] Building error

[Milan Broz]

[-- Attachment #1: Type: text/plain, Size: 1663 bytes --]

On 08/16/2012 08:43 AM, demo demo wrote:

> At the end, the production box has CentOS 5.7 and all disk already
> encrypted with cryptsetup-luks-1.0.3 !
> 
> I thought to upgrade it to one of more recent version but it's really
> complex due to dependencies incompatibility.
> 
> I also found that libcryptsetup.h v 1.0.3 has more differences
> compared to libcryptsetup.h used by API example file. So this suggest
> me that there is no way to use the example with very old library!

I responded to mail where you mentioned CentOS 6.

For RHEL5 no way, it has just old API. We backported many extension to RHEL5.8,
so cryptsetup+kernel dmcrypt should be able to open all LUKS device
formatted in recent versions but API library is obsolete anyway.

> Also I tryied to figure out how to extract and use the old
> crypt_luksOpen() function but it's hard form me to follow all the
> #define present in the whole cryptsetup package.
> 
> So can you provide me an example code that use the ancient
> crypt_luksOpen() function and its relates gcc args used to compile
> it?

Isn't better to just use binary then? Your code will not work on recent
distros (in RHEL6 there is still compatible library but not upstream anymore).

Whatever, see file in attachment, it can be compiled both on RHEL5
and RHEL6 (but not upstream anymore), just with
cc -o luks_test luks_test.c -g -O0 -lcryptsetup -lgcrypt -ldevmapper -luuid

The #ifdef is the because of incompatible changes in header (and API/ABI), one
of the reasons the old API was obsoleted.

If you need anything else... read the source please (test/api-test.c
in RHEL6 version source should give you more hints).

Milan

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: luks_test.c --]
[-- Type: text/x-csrc; name="luks_test.c", Size: 1480 bytes --]

/*
 * OLD OBSOLETE libcryptsetup API example
 * DO NOT USE FOR NEW PROJECTS.
 */

#include <stdio.h>
#include <stdlib.h>
#include "libcryptsetup.h"

/* definition was introduced together with log */
#ifdef CRYPT_LOG_NORMAL
#define HAVE_ICB
#endif

#ifdef HAVE_ICB
static int yesDialog(char *msg)
{
	printf("You are sure, I know.\n");
	return 1;
}

static void cmdLineLog(int class, char *msg)
{
	fputs(msg, stdout);
}

static struct interface_callbacks cmd_icb = {
	.yesDialog = yesDialog,
	.log = cmdLineLog,
};
#endif

int LuksOpen(const char *device, const char *name)
{
	struct crypt_options co = {
		.device = device,
		.name = name,
		// .key_file = "-", // standard input, you can echo -n"xxx"|prg
		// or use key file. API cannot give password directly
		.tries = 1,
#ifdef HAVE_ICB
		.icb = &cmd_icb,
#endif
	};

	return crypt_luksOpen(&co);
}

// r == 0 inactive, r > 0 active (r== opencount), othewise error (-EINVAL, -ENODEV, -EBUSY)
int LuksClose(const char *name)
{
	struct crypt_options co = {
		.name = name,
#ifdef HAVE_ICB
		.icb = &cmd_icb,
#endif
	};

	return crypt_remove_device(&co);
}

void print_error()
{
	char buf[256];

	crypt_get_error(buf, sizeof(buf));
	printf("%s\n", buf);
}

int main (int argc, char *argv[])
{
	const char *device = "/dev/loop0";
	const char *name = "xxx"; // let's call me /dev/mapper/xxx
	int r;

	r = LuksOpen(device, name);
	if (r)
		print_error();

        r = LuksClose(name);
	if (r)
		print_error();

	return r ? 0 : 1;
}

Re: [dm-crypt] Building error

[demo demo]

[-- Attachment #1: Type: text/plain, Size: 1804 bytes --]

2012/8/16 Milan Broz <mbroz@redhat.com>

> On 08/16/2012 08:43 AM, demo demo wrote:
>
> > At the end, the production box has CentOS 5.7 and all disk already
> > encrypted with cryptsetup-luks-1.0.3 !
> >
> > I thought to upgrade it to one of more recent version but it's really
> > complex due to dependencies incompatibility.
> >
> > I also found that libcryptsetup.h v 1.0.3 has more differences
> > compared to libcryptsetup.h used by API example file. So this suggest
> > me that there is no way to use the example with very old library!
>
> I responded to mail where you mentioned CentOS 6.
>
> For RHEL5 no way, it has just old API. We backported many extension to
> RHEL5.8,
> so cryptsetup+kernel dmcrypt should be able to open all LUKS device
> formatted in recent versions but API library is obsolete anyway.
>
> > Also I tryied to figure out how to extract and use the old
> > crypt_luksOpen() function but it's hard form me to follow all the
> > #define present in the whole cryptsetup package.
> >
> > So can you provide me an example code that use the ancient
> > crypt_luksOpen() function and its relates gcc args used to compile
> > it?
>
> Isn't better to just use binary then? Your code will not work on recent
> distros (in RHEL6 there is still compatible library but not upstream
> anymore).
>
> Whatever, see file in attachment, it can be compiled both on RHEL5
> and RHEL6 (but not upstream anymore), just with
> cc -o luks_test luks_test.c -g -O0 -lcryptsetup -lgcrypt -ldevmapper -luuid
>
> The #ifdef is the because of incompatible changes in header (and API/ABI),
> one
> of the reasons the old API was obsoleted.
>
> If you need anything else... read the source please (test/api-test.c
> in RHEL6 version source should give you more hints).
>
> Milan
>

ok. thank you so much.

[-- Attachment #2: Type: text/html, Size: 2342 bytes --]