Hello community, here is the log from the commit of package hashalot for openSUSE:Factory checked in at 2012-12-28 15:00:49 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/hashalot (Old) and /work/SRC/openSUSE:Factory/.hashalot.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "hashalot", Maintainer is "" Changes: -------- New Changes file: --- /dev/null 2012-12-21 01:49:00.356010756 +0100 +++ /work/SRC/openSUSE:Factory/.hashalot.new/hashalot.changes 2012-12-28 15:00:51.000000000 +0100 @@ -0,0 +1,6 @@ +------------------------------------------------------------------- +Wed Dec 12 16:26:48 UTC 2012 - [email protected] + +- new package split off from cryptsetup + * moved to /usr + New: ---- bug-476290_hashalot-hashlen.diff hashalot-0.3.tar.gz hashalot-ctrl-d.diff hashalot-fixes.diff hashalot-glibc210.diff hashalot-libgcrypt.diff hashalot-manpage.diff hashalot-timeout.diff hashalot.changes hashalot.spec ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ hashalot.spec ++++++ # # spec file for package hashalot # # Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # Name: hashalot Url: http://www.paranoiacs.org/~sluskyb/hacks/hashalot/ Version: 0.3 Release: 0 Summary: Read a passphrase and print a hash License: GPL-2.0+ Group: System/Base Source: http://www.paranoiacs.org/~sluskyb/hacks/hashalot/hashalot-%{version}.tar.gz Patch10: hashalot-fixes.diff Patch11: hashalot-libgcrypt.diff Patch12: hashalot-ctrl-d.diff Patch13: hashalot-timeout.diff Patch14: hashalot-manpage.diff Patch15: bug-476290_hashalot-hashlen.diff Patch16: hashalot-glibc210.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build Provides: cryptsetup:/sbin/hashalot BuildRequires: autoconf automake BuildRequires: libgcrypt-devel %description hashalot is a small tool that reads a passphrase from standard input, hashes it using the given hash type, and prints the result to standard output. Used by legacy encrypted volumes. Supported hashes: * rmd160 * sha256 * sha384 * sha512 %prep %setup -q %patch10 -p1 %patch11 -p1 %patch12 -p1 %patch13 -p1 %patch14 -p1 %patch15 -p1 %patch16 -p1 %build autoreconf -f -i %{?suse_update_config:%{suse_update_config}} %configure make %{?_smp_mflags} %install make install DESTDIR=$RPM_BUILD_ROOT # remove unwanted symlinks rm -f $RPM_BUILD_ROOT%{_sbindir}/{rmd160,sha256,sha384,sha512} %files %defattr(-,root,root) %{_sbindir}/hashalot %{_mandir}/man1/hashalot.1* %changelog ++++++ bug-476290_hashalot-hashlen.diff ++++++ Index: hashalot-0.3/hashalot.c =================================================================== --- hashalot-0.3.orig/hashalot.c +++ hashalot-0.3/hashalot.c @@ -34,6 +34,7 @@ #include "sha512.h" #define PASSWDBUFFLEN 130 +#define MAXHASHLEN (ULONG_MAX/2 - 2) typedef int (*phash_func_t)(char dest[], size_t dest_len, const char src[], size_t src_len); @@ -182,8 +183,7 @@ static void * xmalloc (size_t size) { void *p; - if (size == 0) - return NULL; + assert(size != 0); p = malloc(size); if (p == NULL) { @@ -242,6 +242,12 @@ main(int argc, char *argv[]) show_usage(argv[0]); exit(EXIT_FAILURE); } + if (hashlen >= MAXHASHLEN) { + fprintf(stderr, + "please supply a value smaller than %lu for the -n option\n", + MAXHASHLEN); + exit(EXIT_FAILURE); + } break; case 's': salt = optarg; ++++++ hashalot-ctrl-d.diff ++++++ exit unsuccessfully on empty passphrase if input is a tty allows user to press ctrl-d to abort Signed-off-by: Ludwig Nussel <[email protected]> Index: hashalot-0.3/hashalot.c =================================================================== --- hashalot-0.3.orig/hashalot.c +++ hashalot-0.3/hashalot.c @@ -135,10 +135,14 @@ phash_lookup(const char phash_name[], si static char * xgetpass(const char *prompt) { - if (isatty(STDIN_FILENO)) /* terminal */ - return getpass(prompt); /* FIXME getpass(3) obsolete */ - else { /* file descriptor */ - char *pass = NULL; + char *pass = NULL; + if (isatty(STDIN_FILENO)) { /* terminal */ + pass = getpass(prompt); /* FIXME getpass(3) obsolete */ + if(!pass || !*pass) { + exit(EXIT_FAILURE); + } + return pass; + } else { /* file descriptor */ int buflen, i; buflen=0; ++++++ hashalot-fixes.diff ++++++ - print help text to stdout so it can be read via pager - use proper length in phash_rmd160() Signed-off-by: Ludwig Nussel <[email protected]> Index: hashalot-0.3/hashalot.c =================================================================== --- hashalot-0.3/hashalot.c.orig +++ hashalot-0.3/hashalot.c @@ -42,7 +42,7 @@ phash_rmd160(char dest[], size_t dest_le tmp[PASSWDBUFFLEN - 1] = '\0'; rmd160_hash_buffer(key, src, src_len); - rmd160_hash_buffer(key + RMD160_HASH_SIZE, tmp, src_len + 1 /* dangerous! */); + rmd160_hash_buffer(key + RMD160_HASH_SIZE, tmp, strlen(tmp)); memcpy(dest, key, dest_len); @@ -95,7 +95,7 @@ show_usage(const char argv0[]) { struct func_table_t *p = func_table; - fprintf (stderr, + fprintf (stdout, "usage:\n" " hashalot [ -x ] [ -s SALT ] [ -n _#bytes_ ] HASHTYPE\n" " or\n" @@ -106,7 +106,8 @@ show_usage(const char argv0[]) for (; p->name; ++p) fprintf (stderr, "%s ", p->name); - fprintf (stderr, "\n"); + + fprintf (stdout, "\n"); return 1; } ++++++ hashalot-glibc210.diff ++++++ Index: hashalot-0.3/hashalot.c =================================================================== --- hashalot-0.3.orig/hashalot.c +++ hashalot-0.3/hashalot.c @@ -22,6 +22,7 @@ #include <unistd.h> #include <assert.h> #include <signal.h> +#include <limits.h> #include <sys/types.h> #include <sys/mman.h> Index: hashalot-0.3/Makefile.am =================================================================== --- hashalot-0.3.orig/Makefile.am +++ hashalot-0.3/Makefile.am @@ -4,7 +4,7 @@ sbin_PROGRAMS = hashalot man_MANS = hashalot.1 hashalot_CFLAGS = $(LIBGCRYPT_CFLAGS) -hashalot_LDFLAGS = $(LIBGCRYPT_LIBS) +hashalot_LDADD = $(LIBGCRYPT_LIBS) hashalot_SOURCES = hashalot.c rmd160.c rmd160.h sha512.c sha512.h ++++++ hashalot-libgcrypt.diff ++++++ add support for -C (itercountk) option of loop-AES if libgcrypt is available Signed-off-by: Ludwig Nussel <[email protected]> Index: hashalot-0.3/Makefile.am =================================================================== --- hashalot-0.3/Makefile.am.orig +++ hashalot-0.3/Makefile.am @@ -3,6 +3,9 @@ sbin_PROGRAMS = hashalot man_MANS = hashalot.1 +hashalot_CFLAGS = $(LIBGCRYPT_CFLAGS) +hashalot_LDFLAGS = $(LIBGCRYPT_LIBS) + hashalot_SOURCES = hashalot.c rmd160.c rmd160.h sha512.c sha512.h install-exec-hook: Index: hashalot-0.3/configure.ac =================================================================== --- hashalot-0.3/configure.ac.orig +++ hashalot-0.3/configure.ac @@ -8,5 +8,6 @@ AC_PROG_LN_S AC_HEADER_STDC AC_CHECK_HEADERS(libgen.h stdio.h stdlib.h string.h unistd.h assert.h sys/types.h sys/mman.h endian.h , , [ AC_MSG_ERROR(required header not found)]) AC_CHECK_FUNCS(getopt snprintf , , [ AC_MSG_ERROR(required function not found)]) +AM_PATH_LIBGCRYPT(,[AC_DEFINE([HAVE_LIBGCRYPT], 1)]) AC_OUTPUT(Makefile) Index: hashalot-0.3/hashalot.c =================================================================== --- hashalot-0.3/hashalot.c.orig +++ hashalot-0.3/hashalot.c @@ -25,6 +25,10 @@ #include <sys/types.h> #include <sys/mman.h> +#if HAVE_LIBGCRYPT +#include <gcrypt.h> +#endif + #include "rmd160.h" #include "sha512.h" @@ -97,9 +101,9 @@ show_usage(const char argv0[]) fprintf (stdout, "usage:\n" - " hashalot [ -x ] [ -s SALT ] [ -n _#bytes_ ] HASHTYPE\n" + " hashalot [ -x ] [ -s SALT ] [ -n _#bytes_ ] [ -C itercountk ] HASHTYPE\n" " or\n" - " HASHTYPE [ -x ] [ -s SALT ] [ -n _#bytes_ ]\n" + " HASHTYPE [ -x ] [ -s SALT ] [ -n _#bytes_ ] [ -C itercountk ]\n" "\n" "supported values for HASHTYPE: "); @@ -214,8 +218,9 @@ main(int argc, char *argv[]) size_t hashlen = 0; phash_func_t func; int hex_output = 0, c; + unsigned long itercountk = 0; - while ((c = getopt(argc, argv, "n:s:x")) != -1) { + while ((c = getopt(argc, argv, "n:s:xC:")) != -1) { switch (c) { case 'n': hashlen = strtoul(optarg, &p, 0); @@ -233,6 +238,9 @@ main(int argc, char *argv[]) case 'x': hex_output++; break; + case 'C': + itercountk = atoi(optarg); + break; default: show_usage(argv[0]); exit(EXIT_FAILURE); @@ -257,6 +265,8 @@ main(int argc, char *argv[]) * plus a newline, plus a null */ passhash = xmalloc(2*hashlen + 2); + memset(passhash, 0, 2*hashlen+2); + /* try to lock memory so it doesn't get swapped out for sure */ if (mlockall(MCL_CURRENT | MCL_FUTURE) == -1) { perror("mlockall"); @@ -268,6 +278,69 @@ main(int argc, char *argv[]) if (salt) pass = salt_passphrase(pass, salt); hashlen = func(passhash, hashlen, pass, strlen(pass)); + + if(itercountk) /* from loop-AES */ + { +#if HAVE_LIBGCRYPT + gcry_cipher_hd_t ctx; + gcry_error_t err; + char tmp[32]; + char out[32]; + + if(hashlen > 32) { + fprintf(stderr, "WARNING: hashlen truncated to 32\n"); + hashlen = 32; + } + + if(!gcry_check_version("1.1.0")) { + fprintf(stderr, "libgcrypt initialization failed\n"); + exit(EXIT_FAILURE); + } + + memset(out, 0, sizeof(out)); + memcpy(out, passhash, hashlen); + + err = gcry_cipher_open(&ctx, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_CBC, 0); + if(err) + { + fprintf(stderr, "can't initialize AES: %s\n", gcry_strerror (err)); + exit(EXIT_FAILURE); + } + + /* + * Set up AES-256 encryption key using same password and hash function + * as before but with password bit 0 flipped before hashing. That key + * is then used to encrypt actual loop key 'itercountk' thousand times. + */ + pass[0] ^= 1; + func(&tmp[0], 32, pass, strlen(pass)); + gcry_cipher_setkey(ctx, &tmp[0], 32); + itercountk *= 1000; + while(itercountk > 0) { + gcry_cipher_reset(ctx); + gcry_cipher_setiv(ctx, NULL, 0); + /* encrypt both 128bit blocks with AES-256 */ + gcry_cipher_encrypt(ctx, &out[ 0], 16, &out[ 0], 16); + gcry_cipher_reset(ctx); + gcry_cipher_setiv(ctx, NULL, 0); + gcry_cipher_encrypt(ctx, &out[16], 16, &out[16], 16); + /* exchange upper half of first block with lower half of second block */ + memcpy(&tmp[0], &out[8], 8); + memcpy(&out[8], &out[16], 8); + memcpy(&out[16], &tmp[0], 8); + itercountk--; + } + memset(&tmp[0], 0, sizeof(tmp)); + + memcpy(passhash, out, hashlen); + + gcry_cipher_close(ctx); +#else + fprintf(stderr, "libgcrypt support is required for option -C\n"); + exit(EXIT_FAILURE); +#endif + + } memset (pass, 0, strlen (pass)); /* paranoia */ free(pass); ++++++ hashalot-manpage.diff ++++++ document -C and -t options in manpage Signed-off-by: Ludwig Nussel <[email protected]> Index: hashalot-0.3/hashalot.1 =================================================================== --- hashalot-0.3/hashalot.1.orig +++ hashalot-0.3/hashalot.1 @@ -2,9 +2,9 @@ .SH NAME hashalot \- read a passphrase and print a hash .SH SYNOPSIS -.B hashalot [ \-s SALT ] [ \-x ] [ \-n #BYTES ] HASHTYPE +.B hashalot [ \-t secs ] [ \-s SALT ] [ \-x ] [ \-n #BYTES ] [ \-C itercountk ] HASHTYPE .br -.B HASHTYPE [ \-s SALT ] [ \-x ] [ \-n #BYTES ] +.B HASHTYPE [ \-t secs ] [ \-s SALT ] [ \-x ] [ \-n #BYTES ] [ \-C itercountk ] .SH DESCRIPTION .PP \fIhashalot\fP is a small tool that reads a passphrase from standard @@ -36,6 +36,18 @@ option can be used to limit (or increase default is as appropriate for the specified hash algorithm: 20 bytes for RIPEMD160, 32 bytes for SHA256, etc. The default for the "rmd160compat" hash is 16 bytes, for compatibility with the old kerneli.org utilities. +.PP +The +.B \-t +option specifies a timeout for reading the passphrase from the terminal. +.PP +The +.B \-C +option specifies that the hashed password has to be encrypted +itercountk thousand times using AES-256. Use for compatability with +loop-AES. +.PP +The options \-t and \-C are currently SUSE specific .SH AUTHOR Ben Slusky <[email protected]> .PP ++++++ hashalot-timeout.diff ++++++ add timeout option -t Signed-off-by: Ludwig Nussel <[email protected]> Index: hashalot-0.3/hashalot.c =================================================================== --- hashalot-0.3.orig/hashalot.c +++ hashalot-0.3/hashalot.c @@ -21,6 +21,7 @@ #include <string.h> #include <unistd.h> #include <assert.h> +#include <signal.h> #include <sys/types.h> #include <sys/mman.h> @@ -36,6 +37,12 @@ typedef int (*phash_func_t)(char dest[], size_t dest_len, const char src[], size_t src_len); +static int got_timeout; +void alrm_handler(int num) +{ + got_timeout = 1; +} + static int phash_rmd160(char dest[], size_t dest_len, const char src[], size_t src_len) { @@ -101,9 +108,9 @@ show_usage(const char argv0[]) fprintf (stdout, "usage:\n" - " hashalot [ -x ] [ -s SALT ] [ -n _#bytes_ ] [ -C itercountk ] HASHTYPE\n" + " hashalot [ -t secs ] [ -x ] [ -s SALT ] [ -n _#bytes_ ] [ -C itercountk ] HASHTYPE\n" " or\n" - " HASHTYPE [ -x ] [ -s SALT ] [ -n _#bytes_ ] [ -C itercountk ]\n" + " HASHTYPE [ -t secs ] [ -x ] [ -s SALT ] [ -n _#bytes_ ] [ -C itercountk ]\n" "\n" "supported values for HASHTYPE: "); @@ -222,8 +229,9 @@ main(int argc, char *argv[]) phash_func_t func; int hex_output = 0, c; unsigned long itercountk = 0; + unsigned timeout = 0; - while ((c = getopt(argc, argv, "n:s:xC:")) != -1) { + while ((c = getopt(argc, argv, "n:s:xC:t:")) != -1) { switch (c) { case 'n': hashlen = strtoul(optarg, &p, 0); @@ -238,6 +246,9 @@ main(int argc, char *argv[]) case 's': salt = optarg; break; + case 't': + timeout = atoi(optarg); + break; case 'x': hex_output++; break; @@ -276,8 +287,24 @@ main(int argc, char *argv[]) fputs("Warning: couldn't lock memory, are you root?\n", stderr); } + if(timeout) { + struct sigaction sa; + sa.sa_handler = alrm_handler; + sigemptyset (&sa.sa_mask); + sa.sa_flags = 0; + sigaction(SIGALRM, &sa, NULL); + alarm(timeout); + } + /* here we acquire the precious passphrase... */ pass = xgetpass("Enter passphrase: "); + if(got_timeout) { + exit(EXIT_FAILURE); + } + if(timeout) { + alarm(0); + } + if (salt) pass = salt_passphrase(pass, salt); hashlen = func(passhash, hashlen, pass, strlen(pass)); -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
