Re: [dm-crypt] Building error

[Milan Broz <mbroz@redhat.com>]

[-- Attachment #1: Type: text/plain, Size: 1663 bytes --]

On 08/16/2012 08:43 AM, demo demo wrote:

> At the end, the production box has CentOS 5.7 and all disk already
> encrypted with cryptsetup-luks-1.0.3 !
> 
> I thought to upgrade it to one of more recent version but it's really
> complex due to dependencies incompatibility.
> 
> I also found that libcryptsetup.h v 1.0.3 has more differences
> compared to libcryptsetup.h used by API example file. So this suggest
> me that there is no way to use the example with very old library!

I responded to mail where you mentioned CentOS 6.

For RHEL5 no way, it has just old API. We backported many extension to RHEL5.8,
so cryptsetup+kernel dmcrypt should be able to open all LUKS device
formatted in recent versions but API library is obsolete anyway.

> Also I tryied to figure out how to extract and use the old
> crypt_luksOpen() function but it's hard form me to follow all the
> #define present in the whole cryptsetup package.
> 
> So can you provide me an example code that use the ancient
> crypt_luksOpen() function and its relates gcc args used to compile
> it?

Isn't better to just use binary then? Your code will not work on recent
distros (in RHEL6 there is still compatible library but not upstream anymore).

Whatever, see file in attachment, it can be compiled both on RHEL5
and RHEL6 (but not upstream anymore), just with
cc -o luks_test luks_test.c -g -O0 -lcryptsetup -lgcrypt -ldevmapper -luuid

The #ifdef is the because of incompatible changes in header (and API/ABI), one
of the reasons the old API was obsoleted.

If you need anything else... read the source please (test/api-test.c
in RHEL6 version source should give you more hints).

Milan

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: luks_test.c --]
[-- Type: text/x-csrc; name="luks_test.c", Size: 1480 bytes --]

/*
 * OLD OBSOLETE libcryptsetup API example
 * DO NOT USE FOR NEW PROJECTS.
 */

#include <stdio.h>
#include <stdlib.h>
#include "libcryptsetup.h"

/* definition was introduced together with log */
#ifdef CRYPT_LOG_NORMAL
#define HAVE_ICB
#endif

#ifdef HAVE_ICB
static int yesDialog(char *msg)
{
	printf("You are sure, I know.\n");
	return 1;
}

static void cmdLineLog(int class, char *msg)
{
	fputs(msg, stdout);
}

static struct interface_callbacks cmd_icb = {
	.yesDialog = yesDialog,
	.log = cmdLineLog,
};
#endif

int LuksOpen(const char *device, const char *name)
{
	struct crypt_options co = {
		.device = device,
		.name = name,
		// .key_file = "-", // standard input, you can echo -n"xxx"|prg
		// or use key file. API cannot give password directly
		.tries = 1,
#ifdef HAVE_ICB
		.icb = &cmd_icb,
#endif
	};

	return crypt_luksOpen(&co);
}

// r == 0 inactive, r > 0 active (r== opencount), othewise error (-EINVAL, -ENODEV, -EBUSY)
int LuksClose(const char *name)
{
	struct crypt_options co = {
		.name = name,
#ifdef HAVE_ICB
		.icb = &cmd_icb,
#endif
	};

	return crypt_remove_device(&co);
}

void print_error()
{
	char buf[256];

	crypt_get_error(buf, sizeof(buf));
	printf("%s\n", buf);
}

int main (int argc, char *argv[])
{
	const char *device = "/dev/loop0";
	const char *name = "xxx"; // let's call me /dev/mapper/xxx
	int r;

	r = LuksOpen(device, name);
	if (r)
		print_error();

        r = LuksClose(name);
	if (r)
		print_error();

	return r ? 0 : 1;
}